summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml37
-rw-r--r--docs-xml/smbdotconf/misc/widelinks.xml4
-rw-r--r--docs-xml/smbdotconf/protocol/unixextensions.xml4
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/param/loadparm.c22
5 files changed, 67 insertions, 1 deletions
diff --git a/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml
new file mode 100644
index 0000000000..a8a099190b
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml
@@ -0,0 +1,37 @@
+<samba:parameter name="allow insecure wide links"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ In normal operation the option <smbconfoption name="wide links"/>
+ which allows the server to follow symlinks outside of a share path
+ is automatically disabled when <smbconfoption name="unix extensions"/>
+ are enabled on a Samba server. This is done for security purposes
+ to prevent UNIX clients creating symlinks to areas of the server
+ file system that the administrator does not wish to export.
+ </para>
+ <para>
+ Setting <smbconfoption name="allow insecure wide links"/> to
+ true disables the link between these two parameters, removing
+ this protection and allowing a site to configure
+ the server to follow symlinks (by setting <smbconfoption name="wide links"/>
+ to "true") even when <smbconfoption name="unix extensions"/>
+ is turned on.
+ </para>
+ <para>
+ If is not recommended to enable this option unless you
+ fully understand the implications of allowing the server to
+ follow symbolic links created by UNIX clients. For most
+ normal Samba configurations this would be considered a security
+ hole and setting this parameter is not recommended.
+ </para>
+ <para>
+ This option was added at the request of sites who had
+ deliberately set Samba up in this way and needed to continue
+ supporting this functionality without having to patch the
+ Samba code.
+ </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index 1c30bb768a..da1374afab 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -17,6 +17,10 @@
disabled (with a message in the log file) if the
<smbconfoption name="unix extensions"/> option is on.
</para>
+ <para>
+ See the parameter <smbconfoption name="allow insecure wide links"/>
+ if you wish to change this coupling between the two parameters.
+ </para>
</description>
<value type="default">no</value>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index d816648836..61a39cb763 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -14,6 +14,10 @@
Note if this parameter is turned on, the <smbconfoption name="wide links"/>
parameter will automatically be disabled.
</para>
+ <para>
+ See the parameter <smbconfoption name="allow insecure wide links"/>
+ if you wish to change this coupling between the two parameters.
+ </para>
</description>
<value type="default">yes</value>
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 47321f3aa4..d3ea6fc883 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1473,6 +1473,7 @@ bool lp_oplocks(int );
bool lp_level2_oplocks(int );
bool lp_onlyuser(int );
bool lp_manglednames(const struct share_params *p );
+bool lp_allow_insecure_widelinks(void);
bool lp_widelinks(int );
bool lp_symlinks(int );
bool lp_syncalways(int );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3b5c4df35d..01f6fa2942 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3900,6 +3900,15 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED | FLAG_SHARE,
},
{
+ .label = "allow insecure wide links",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(bAllowInsecureWidelinks),
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
.label = "wide links",
.type = P_BOOL,
.p_class = P_LOCAL,
@@ -5390,6 +5399,7 @@ FN_GLOBAL_INTEGER(lp_ctdb_timeout, ctdb_timeout)
FN_GLOBAL_INTEGER(lp_ctdb_locktime_warn_threshold, ctdb_locktime_warn_threshold)
FN_GLOBAL_BOOL(lp_async_smb_echo_handler, bAsyncSMBEchoHandler)
FN_GLOBAL_BOOL(lp_multicast_dns_register, bMulticastDnsRegister)
+FN_GLOBAL_BOOL(lp_allow_insecure_widelinks, bAllowInsecureWidelinks)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, winbind_cache_time)
FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, winbind_reconnect_delay)
FN_GLOBAL_INTEGER(lp_winbind_max_clients, winbind_max_clients)
@@ -9637,6 +9647,10 @@ static bool lp_widelinks_internal(int snum)
void widelinks_warning(int snum)
{
+ if (lp_allow_insecure_widelinks()) {
+ return;
+ }
+
if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
"These parameters are incompatible. "
@@ -9649,7 +9663,13 @@ bool lp_widelinks(int snum)
{
/* wide links is always incompatible with unix extensions */
if (lp_unix_extensions()) {
- return false;
+ /*
+ * Unless we have "allow insecure widelinks"
+ * turned on.
+ */
+ if (!lp_allow_insecure_widelinks()) {
+ return false;
+ }
}
return lp_widelinks_internal(snum);