mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3: smbd: Fix "follow symlink = no" regression part 2.
Add an extra paramter to cwd_name to check_reduced_name(). If cwd_name == NULL then fname is a client given path relative to the root path of the share. If cwd_name != NULL then fname is a client given path relative to cwd_name. cwd_name is relative to the root path of the share. Not yet used, logic added in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
037297a1c5
commit
83e30cb488
@ -1242,7 +1242,7 @@ NTSTATUS check_name(connection_struct *conn, const char *name)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
|
if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
|
||||||
status = check_reduced_name(conn,name);
|
status = check_reduced_name(conn, NULL, name);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(5,("check_name: name %s failed with %s\n",name,
|
DEBUG(5,("check_name: name %s failed with %s\n",name,
|
||||||
nt_errstr(status)));
|
nt_errstr(status)));
|
||||||
|
@ -558,7 +558,7 @@ static int non_widelink_open(struct connection_struct *conn,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Ensure the relative path is below the share. */
|
/* Ensure the relative path is below the share. */
|
||||||
status = check_reduced_name(conn, final_component);
|
status = check_reduced_name(conn, parent_dir, final_component);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
saved_errno = map_errno_from_nt_status(status);
|
saved_errno = map_errno_from_nt_status(status);
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -1226,7 +1226,9 @@ const char *vfs_readdirname(connection_struct *conn, void *p,
|
|||||||
SMB_STRUCT_STAT *sbuf, char **talloced);
|
SMB_STRUCT_STAT *sbuf, char **talloced);
|
||||||
int vfs_ChDir(connection_struct *conn, const char *path);
|
int vfs_ChDir(connection_struct *conn, const char *path);
|
||||||
char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn);
|
char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn);
|
||||||
NTSTATUS check_reduced_name(connection_struct *conn, const char *fname);
|
NTSTATUS check_reduced_name(connection_struct *conn,
|
||||||
|
const char *cwd_name,
|
||||||
|
const char *fname);
|
||||||
NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
||||||
const char *fname,
|
const char *fname,
|
||||||
struct smb_request *smbreq);
|
struct smb_request *smbreq);
|
||||||
|
@ -1179,9 +1179,17 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
|
|||||||
/*******************************************************************
|
/*******************************************************************
|
||||||
Reduce a file name, removing .. elements and checking that
|
Reduce a file name, removing .. elements and checking that
|
||||||
it is below dir in the heirachy. This uses realpath.
|
it is below dir in the heirachy. This uses realpath.
|
||||||
|
|
||||||
|
If cwd_name == NULL then fname is a client given path relative
|
||||||
|
to the root path of the share.
|
||||||
|
|
||||||
|
If cwd_name != NULL then fname is a client given path relative
|
||||||
|
to cwd_name. cwd_name is relative to the root path of the share.
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
|
NTSTATUS check_reduced_name(connection_struct *conn,
|
||||||
|
const char *cwd_name,
|
||||||
|
const char *fname)
|
||||||
{
|
{
|
||||||
char *resolved_name = NULL;
|
char *resolved_name = NULL;
|
||||||
bool allow_symlinks = true;
|
bool allow_symlinks = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user