sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

r933: When using widelinks = no, use realpath to canonicalize the

Browse Source 
connection path on connection create for the user. We'll be
checking all symlinked paths are below this directory.
Jeremy.
This commit is contained in:
Jeremy Allison
2004-05-28 01:54:01 +00:00
committed by Gerald (Jerry) Carter
parent 1d3fd1a58e
commit b562fe9fbc
3 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/smbd/filename.c
View File

@ -135,7 +135,7 @@ BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_componen
if (SMB_VFS_STAT(conn,name,&st) == 0) {
*pst = st;
}
DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
DEBUG(5,("conversion finished \"\" -> %s\n",name));
return(True);
}

14
source/smbd/service.c
View File

@ -499,6 +499,20 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
return NULL;
}
/*
* If widelinks are disallowed we need to canonicalise the
* connect path here to ensure we don't have any symlinks in
* the connectpath. We will be checking all paths on this
* connection are below this directory. We must do this after
* the VFS init as we depend on the realpath() pointer in the vfs table. JRA.
*/
if (!lp_widelinks(snum)) {
pstring s;
pstrcpy(s,conn->connectpath);
canonicalize_path(conn, s);
string_set(&conn->connectpath,s);
}
/* ROOT Activities: */
/* check number of connections */
if (!claim_connection(conn,

27
source/smbd/vfs.c
View File

@ -784,6 +784,31 @@ char *vfs_GetWd(connection_struct *conn, char *path)
return (path);
}
BOOL canonicalize_path(connection_struct *conn, pstring path)
{
#ifdef REALPATH_TAKES_NULL
char *resolved_name = SMB_VFS_REALPATH(conn,path,NULL);
if (!resolved_name) {
return False;
}
pstrcpy(path, resolved_name);
SAFE_FREE(resolved_name);
return True;
#else
#ifdef PATH_MAX
char resolved_name_buf[PATH_MAX+1];
#else
pstring resolved_name_buf;
#endif
char *resolved_name = SMB_VFS_REALPATH(conn,path,resolved_name_buf);
if (!resolved_name) {
return False;
}
pstrcpy(path, resolved_name);
return True;
#endif /* REALPATH_TAKES_NULL */
}
/*******************************************************************
Reduce a file name, removing .. elements and checking that
it is below dir in the heirachy. This uses realpath.
@ -879,7 +904,7 @@ BOOL reduce_name(connection_struct *conn, pstring fname)
}
if (strncmp(conn->connectpath, resolved_name, con_path_len) != 0) {
DEBUG(2, ("reduce_name: Bad access attemt: %s is a symlink outside the share path", fname));
DEBUG(2, ("reduce_name: Bad access attempt: %s is a symlink outside the share path", fname));
if (free_resolved_name)
SAFE_FREE(resolved_name);
return False;