git patch 'client managed wide links (w documentation updated)'....
Linda Walsh
samba at tlinx.org
Sun Jun 12 19:02:52 MDT 2011
Following is git patch, with documentation describing security risks, as
originally discussed, for this feature's inclusion....
Note...I have NOT tested it in the 3.6 branch, as the change doesn't
seem to affect any other code. It was tested in my local 3.5.7 branch.
Without the param, it fails, (as it currently does), to follow the symlink,
with the param, it follows the link...
Note, I clarified the 'widelinks' part of the docs, as it seemed to indicate
that widelinks would be followed if the pointed inside directory that was
in the shared section of the config file. I felt this was unclear -- since
they are only followed within the same share, not across shares.
-------
From f97bacf54db1b8d81e0f8f6372f7c6ee628d60ea Mon Sep 17 00:00:00 2001
From: L.A. Walsh <samba at tlinx.org>
Date: Sun, 12 Jun 2011 17:02:40 -0700
Subject: [PATCH 1/2] client-managed-widelinks patch+doc changes
---
.../smbdotconf/misc/clientmanagedwidelinks.xml | 34
++++++++++++++++++++
1 files changed, 34 insertions(+), 0 deletions(-)
create mode 100644 docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
diff --git a/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
b/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
new file mode 100644
index 0000000..655a1e7
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
@@ -0,0 +1,34 @@
+<samba:parameter name="client managed wide links"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This parameter can allow users on client systems to manage
+ the <smbconfoption name="wide links"/> created on a server. In
+ order to do this, <smbconfoption name="unix extensions"/> must also
+ be "on". Normally, <smbconfoption name="wide links"/> and
+ <smbconfoption name="unix extensions"/> may not be "on" or "true"
+ at the same time, but this parameter specifically allows it.
+
+ This parameter creates similar security issues as allowing
+ the same userid to have a local account on the server, where, they
+ could manage/create symlinks that point to objects (files,
+ directories, sockets, ... any unix file type) on disparate parts of
+ the system, both on shared and unshared parts of the system. Unix
+ users have had this ability 'forever', it's controlled by normal user
+ file permissions. A symlink to /etc/shadow still won't be readable
+ (let alone writable) by 'everyone', but only by 'root' and it's
+ owning group.
+
+ If your users have local accounts on the server, this
+ parameter should provide no decrease in security. Users won't be
+ able to create links in shares that they don't already have access
+ to running as their user. If they have server admin priviledges
+ or 'Domain Admin' priviledges, they they may have write access to
+ any share as permitted by those priviledges.
+ </para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
--
1.7.3.4
From af3cef511d6aaa9dc812ec09ac5b4141ad78fd07 Mon Sep 17 00:00:00 2001
From: L.A. Walsh <samba at tlinx.org>
Date: Sun, 12 Jun 2011 17:11:57 -0700
Subject: [PATCH 2/2] client-managed-widelinks patch+doc changes2
---
docs-xml/smbdotconf/misc/widelinks.xml | 15 ++++++++-------
docs-xml/smbdotconf/protocol/unixextensions.xml | 4 +++-
source3/param/loadparm.c | 22
+++++++++++++++++-----
3 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/docs-xml/smbdotconf/misc/widelinks.xml
b/docs-xml/smbdotconf/misc/widelinks.xml
index 1c30bb7..63a1a60 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -5,17 +5,18 @@
<description>
<para>This parameter controls whether or not links
in the UNIX file system may be followed by the server. Links
- that point to areas within the directory tree exported by the
- server are always allowed; this parameter controls access only
- to areas that are outside the directory tree being exported.</para>
+ that point to areas within the the same share are always allowed;
+ this parameter controls access only
+ to areas that are outside the specific Share.</para>
<para>Note: Turning this parameter on when UNIX extensions are enabled
will allow UNIX clients to create symbolic links on the share that
- can point to files or directories outside restricted path exported
- by the share definition. This can cause access to areas outside of
- the share. Due to this problem, this parameter will be automatically
+ can point to files or directories outside restricted path(s) exported
+ by the share definitions. This can cause access to areas outside of
+ the share. Due to this problem, this parameter is automatically
disabled (with a message in the log file) if the
- <smbconfoption name="unix extensions"/> option is on.
+ <smbconfoption name="unix extensions"/> option is on unless
+ <smbconfoption name="client managed wide links"/> is also on.
</para>
</description>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml
b/docs-xml/smbdotconf/protocol/unixextensions.xml
index d816648..4475c30 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -11,7 +11,9 @@
These extensions require a similarly enabled client, and are of
no current use to Windows clients.</para>
<para>
- Note if this parameter is turned on, the <smbconfoption name="wide
links"/>
+ Note if this parameter is turned on, and the
+ <smbconfoption name="client managed wide links"> is not explicitly
+ turned on, the <smbconfoption name="wide links"/>
parameter will automatically be disabled.
</para>
</description>
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 77b67f1..5dbd3b1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -351,6 +351,7 @@ struct global {
bool bHostMSDfs;
bool bUseMmap;
bool bHostnameLookups;
+ bool bClientManagedWidelinks;
bool bUnixExtensions;
bool bDisableNetbios;
char * szDedicatedKeytabFile;
@@ -961,6 +962,15 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED
},
{
+ .label = "client managed wide links",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.bClientManagedWidelinks,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED
+ },
+ {
.label = "unix charset",
.type = P_STRING,
.p_class = P_GLOBAL,
@@ -5338,6 +5348,7 @@ static void init_globals(bool reinit_globals)
#else
Globals.bUseMmap = True;
#endif
+ Globals.bClientManagedWidelinks = False;
Globals.bUnixExtensions = True;
Globals.bResetOnZeroVC = False;
Globals.bLogWriteableFilesOnExit = False;
@@ -5816,6 +5827,7 @@ FN_GLOBAL_BOOL(lp_kernel_oplocks,
&Globals.bKernelOplocks)
FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap)
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
+FN_GLOBAL_BOOL(lp_client_managed_widelinks,
&Globals.bClientManagedWidelinks)
FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego_principal,
&Globals.client_use_spnego_principal)
@@ -10289,6 +10301,7 @@ static bool lp_widelinks_internal(int snum)
void widelinks_warning(int snum)
{
+ if (lp_client_managed_widelinks()) return;
if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
"These parameters are incompatible. "
@@ -10299,12 +10312,11 @@ void widelinks_warning(int snum)
bool lp_widelinks(int snum)
{
- /* wide links is always incompatible with unix extensions */
- if (lp_unix_extensions()) {
- return false;
- }
- return lp_widelinks_internal(snum);
+ if (lp_client_managed_widelinks()
+ || !lp_unix_extensions()) return lp_widelinks_internal(snum);
+
+ return false;
}
bool lp_writeraw(void)
--
1.7.3.4
More information about the samba-technical
mailing list