mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Fix bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink, but disallow all other operations. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 22 01:37:41 CEST 2011 on sn-devel-104
This commit is contained in:
parent
950f1218b3
commit
662e9c04fb
@ -1603,6 +1603,7 @@ struct smb_file_time {
|
|||||||
#define UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002
|
#define UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002
|
||||||
#define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
|
#define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
|
||||||
#define UCF_POSIX_PATHNAMES 0x00000008
|
#define UCF_POSIX_PATHNAMES 0x00000008
|
||||||
|
#define UCF_UNIX_NAME_LOOKUP 0x00000010
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* smb_filename
|
* smb_filename
|
||||||
|
@ -976,6 +976,23 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
Ensure a path is not vetod.
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
|
NTSTATUS check_veto_path(connection_struct *conn, const char *name)
|
||||||
|
{
|
||||||
|
if (IS_VETO_PATH(conn, name)) {
|
||||||
|
/* Is it not dot or dot dot. */
|
||||||
|
if (!(ISDOT(name) || ISDOTDOT(name))) {
|
||||||
|
DEBUG(5,("check_veto_path: file path name %s vetoed\n",
|
||||||
|
name));
|
||||||
|
return map_nt_error_from_unix(ENOENT);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
Check a filename - possibly calling check_reduced_name.
|
Check a filename - possibly calling check_reduced_name.
|
||||||
This is called by every routine before it allows an operation on a filename.
|
This is called by every routine before it allows an operation on a filename.
|
||||||
@ -985,17 +1002,14 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
|
|||||||
|
|
||||||
NTSTATUS check_name(connection_struct *conn, const char *name)
|
NTSTATUS check_name(connection_struct *conn, const char *name)
|
||||||
{
|
{
|
||||||
if (IS_VETO_PATH(conn, name)) {
|
NTSTATUS status = check_veto_path(conn, name);
|
||||||
/* Is it not dot or dot dot. */
|
|
||||||
if (!(ISDOT(name) || ISDOTDOT(name))) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(5,("check_name: file path name %s vetoed\n",
|
return status;
|
||||||
name));
|
|
||||||
return map_nt_error_from_unix(ENOENT);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) {
|
if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) {
|
||||||
NTSTATUS status = check_reduced_name(conn,name);
|
status = check_reduced_name(conn,name);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(5,("check_name: name %s failed with %s\n",name,
|
DEBUG(5,("check_name: name %s failed with %s\n",name,
|
||||||
nt_errstr(status)));
|
nt_errstr(status)));
|
||||||
@ -1313,6 +1327,12 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) &&
|
||||||
|
VALID_STAT((*pp_smb_fname)->st) &&
|
||||||
|
S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) {
|
||||||
|
return check_veto_path(conn, (*pp_smb_fname)->base_name);
|
||||||
|
}
|
||||||
|
|
||||||
status = check_name(conn, (*pp_smb_fname)->base_name);
|
status = check_name(conn, (*pp_smb_fname)->base_name);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(3,("filename_convert: check_name failed "
|
DEBUG(3,("filename_convert: check_name failed "
|
||||||
|
@ -342,6 +342,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
|
|||||||
const char *orig_path,
|
const char *orig_path,
|
||||||
struct smb_filename **smb_fname,
|
struct smb_filename **smb_fname,
|
||||||
uint32_t ucf_flags);
|
uint32_t ucf_flags);
|
||||||
|
NTSTATUS check_veto_path(connection_struct *conn, const char *name);
|
||||||
NTSTATUS check_name(connection_struct *conn, const char *name);
|
NTSTATUS check_name(connection_struct *conn, const char *name);
|
||||||
int get_real_filename(connection_struct *conn, const char *path,
|
int get_real_filename(connection_struct *conn, const char *path,
|
||||||
const char *name, TALLOC_CTX *mem_ctx,
|
const char *name, TALLOC_CTX *mem_ctx,
|
||||||
|
@ -2270,6 +2270,7 @@ static void call_trans2findfirst(connection_struct *conn,
|
|||||||
TALLOC_CTX *ctx = talloc_tos();
|
TALLOC_CTX *ctx = talloc_tos();
|
||||||
struct dptr_struct *dirptr = NULL;
|
struct dptr_struct *dirptr = NULL;
|
||||||
struct smbd_server_connection *sconn = req->sconn;
|
struct smbd_server_connection *sconn = req->sconn;
|
||||||
|
uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
|
||||||
|
|
||||||
if (total_params < 13) {
|
if (total_params < 13) {
|
||||||
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
||||||
@ -2313,6 +2314,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
|
|||||||
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
|
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
ucf_flags |= UCF_UNIX_NAME_LOOKUP;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
|
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
|
||||||
@ -5103,6 +5105,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
|
|||||||
} else {
|
} else {
|
||||||
uint32_t name_hash;
|
uint32_t name_hash;
|
||||||
char *fname = NULL;
|
char *fname = NULL;
|
||||||
|
uint32_t ucf_flags = 0;
|
||||||
|
|
||||||
/* qpathinfo */
|
/* qpathinfo */
|
||||||
if (total_params < 7) {
|
if (total_params < 7) {
|
||||||
@ -5114,9 +5117,16 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
|
|||||||
|
|
||||||
DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level));
|
DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level));
|
||||||
|
|
||||||
if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
|
if (INFO_LEVEL_IS_UNIX(info_level)) {
|
||||||
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
|
if (!lp_unix_extensions()) {
|
||||||
return;
|
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (info_level == SMB_QUERY_FILE_UNIX_BASIC ||
|
||||||
|
info_level == SMB_QUERY_FILE_UNIX_INFO2 ||
|
||||||
|
info_level == SMB_QUERY_FILE_UNIX_LINK) {
|
||||||
|
ucf_flags |= UCF_UNIX_NAME_LOOKUP;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
srvstr_get_path(req, params, req->flags2, &fname, ¶ms[6],
|
srvstr_get_path(req, params, req->flags2, &fname, ¶ms[6],
|
||||||
@ -5131,7 +5141,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
|
|||||||
conn,
|
conn,
|
||||||
req->flags2 & FLAGS2_DFS_PATHNAMES,
|
req->flags2 & FLAGS2_DFS_PATHNAMES,
|
||||||
fname,
|
fname,
|
||||||
0,
|
ucf_flags,
|
||||||
NULL,
|
NULL,
|
||||||
&smb_fname);
|
&smb_fname);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user