[Samba] wide links and privileges
Rowland penny
rpenny at samba.org
Wed Jan 6 10:57:04 UTC 2016
On 06/01/16 10:09, Emmanuel Garette wrote:
> Le 04/01/2016 09:11, L.P.H. van Belle a écrit :
>> From : man smb.conf
>>
>> Which explains it self.
>>
>> enable privileges (G)
>> [..]
> Hi,
>
> Thank you for your answer, would you mind if I ask for some more help ?
> I'm sorry I don't understand exactly why you told me to look at the
> `enable privileges` parameter in the man pages as an answer.
> I have already closely read the documentation and even had a glance at
> the samba's source code, and there is absolutely no mention of a
> possible conflict between the `enable privileges` parameter and the
> `wide links` parameter. Let me show you something in the samba's source
> code:
>
> The function which interests us here deals with the file names, there is
> an `if` statement:
>
> source3/smbd/filename.c:
> ```
> * @param smbreq SMB request if we're using privileges.
> [...]
> if (!smbreq) {
> status = check_name(conn, (*pp_smb_fname)->base_name);
> } else {
> status = check_name_with_privilege(conn, smbreq,
> (*pp_smb_fname)->base_name);
> }
> ```
>
> which redirects us to the `check_name` or the
> `check_name_with_privilege` function.
> which themselves respectively redirects to the `check_reduced_name` and
> `check_reduced_name_with_privilege` functions:
>
> source3/smbd/vfs.c:
> ```
> NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
> [...]
> /* Common widelinks and symlinks checks. */
> if (!allow_widelinks || !allow_symlinks) {
> [...]
> if (strncmp(conn_rootdir, resolved_name,
> rootdir_len) != 0) {
> DEBUG(2, ("check_reduced_name: Bad access "
> "attempt: %s is a symlink outside the "
> "share path\n", fname));
>
> ```
> and
>
> ```
> NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
> const char *fname,
> struct smb_request *smbreq)
> [...]
> if (strncmp(conn_rootdir, resolved_name, rootdir_len) != 0) {
> DEBUG(2, ("check_reduced_name_with_privilege: Bad access "
> "attempt: %s is a symlink outside the "
> "share path\n",
> dir_name));
> ```
>
> We can see that in the first function there is a test on the
> `allow_widelinks` local variable, whereas this test doesn't exist in the
> second function.
> Which seems to mean that in the first case it works, whereas in the
> second case **it doesn't work**...
>
> Anyway, my question is: are you guys really positive on the fact that it
> is supposed to work fine if the `enable privileges` parameter is set to
> `yes`?
> Thank you in advance.
> Cheers,
>
Go with what Louis suggested and also remove the 'unix extensions' line,
this will then make samba use the default 'unix extensions = yes' and I
am fairly sure your problem will go away, but you are opening a security
hole.
Rowland
More information about the samba
mailing list