Code to hide inaccessible files/directories
Simo Sorce
idra at samba.org
Tue Apr 17 08:46:32 GMT 2001
As the option was interesting, I've made the code for HEAD branch,
and Tridge (after a few improvements) has addedd it to CVS.
It is a per share option and is called "hide unreadable".
On Tue, Apr 17, 2001 at 07:34:37AM +0200, Ph. Marek wrote:
> >I asked about this ability a few weeks ago and the reply was basically
> >that folks would be interested in seeing it happen. Well, the client
> >insisted, so I've put together a hack that accomplishes it.
> >The basic design requirement was that users would not see
> >files/directories that they did not have at least read access to. This
> >request came about because we were migrating from a Novell server, and
> >this is apparently the default behaviour for Netware.
> >This hack was implemented on a FreeBSD 4.2-STABLE box using samba 2.0.7,
> >and it has been working predictably for about a week.
> Well done!
>
> >A few coding notes:
> me too :-)
>
> >1. I'm not too sure about the size of fullPath. 2048 seemed a value that
> >wouldn't normally be exceeded, but I don't have any proof that it's a
> >good size. It may be too large or too small (compared to system limits,
> >of course) In the final analysis, it should be the same size as the max
> >path size of the system it's running on.
> How about a getcwd(), chdir() to the directory, loop, and chdir() back?
> Thus one can avoid the pasting of filenames together. And getcwd() at least
> allows to check if a larger buffer is needed. (if the current directory of
> samba is normally /, this can even be avoided - simple do chdir(), loop,
> chdir(/)).
>
> >2. This a pretty much a hack. It should really be implemented as a
> >config option, possibly with per-share capibilities. As it stands,
> >modifying dir.c and recompiling turns this on for everything, period.
>
> >3. The access() command is considered "a security hole that should never
> >be used" by the BSD documentation. However, I can not see how access()
> >is a security concern _in this particular implementation_, and nobody
> >has been able to give me an example of how it could be. If using
> >access() makes you nervious, you could replace it with open()-with a
> >test for success. I didn't want to do this because of the potential
> >performance hit. Also, I don't know whether or not access() is portable
> >to other systems (such as Linux)
> I don't know about this security hole. Do you have some documentation
> about it?
>
> >So, the upshot of the story is to replace the function OpenDir() in
> >dir.c with the one shown below, recompile and you'll find that machines
> >connected via samba will no longer be able to see files/directories
> >listed that they do not have read rights to.
> >(yes, I know I could have sent diffs, but this change was made *after*
> >FreeBSD specific patches were applied to the samba source, and I don't
> >know how that would affect a diff)
> >
> >Hope this is useful to people.
> >-Bill
> Thanks very much, Bill!
>
> I'll try to test that.
>
>
> Regards,
>
> Phil
>
>
>
>
--
Simo Sorce
------------------------------
Unix IS user friendly, it is just selective about who his friends are.
More information about the samba-technical
mailing list