From 5d92d969dda450cc3564dd2265d2b042d832c542 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Feb 2010 16:12:29 -0500 Subject: Introduce lp_safe_widelinks() This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled. --- source3/include/proto.h | 1 + source3/param/loadparm.c | 16 ++++++++++++++++ source3/smbd/filename.c | 2 +- source3/smbd/service.c | 8 +++++--- source3/smbd/vfs.c | 2 +- 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 95519e318f..3549ea6c62 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4393,6 +4393,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val); int lp_min_receive_file_size(void); char* lp_perfcount_module(void); void lp_set_passdb_backend(const char *backend); +bool lp_safe_widelinks(int snum); /* The following definitions come from param/util.c */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8308e99566..4b6fa83b04 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -9891,3 +9891,19 @@ void lp_set_passdb_backend(const char *backend) { string_set(&Globals.szPassdbBackend, backend); } + +/******************************************************************* + Safe wide links checks. + This helper function always verify the validity of wide links, + even after a configuration file reload. +********************************************************************/ + +bool lp_safe_widelinks(int snum) +{ + /* wide links is always incompatible with unix extensions */ + if (lp_unix_extensions()) { + return false; + } + + return lp_widelinks(snum); +} diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index ab79dfd926..73a3c36062 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -854,7 +854,7 @@ NTSTATUS check_name(connection_struct *conn, const char *name) } } - if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) { + if (!lp_safe_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) { NTSTATUS status = check_reduced_name(conn,name); if (!NT_STATUS_IS_OK(status)) { DEBUG(5,("check_name: name %s failed with %s\n",name, diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 1e8c15bfde..4efa63e1dc 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -858,12 +858,14 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, } /* ROOT Activities: */ + /* explicitly check with lp_widelinks() instead of using + * lp_safe_widelinks() here so that we can correctly warn + * in the logs. */ if (lp_unix_extensions() && lp_widelinks(snum)) { DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " "These parameters are incompatible. " - "Disabling wide links for this share.\n", + "Wide links will be disabled for this share.\n", lp_servicename(snum) )); - lp_do_parameter(snum, "wide links", "False"); } /* @@ -959,7 +961,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, * below this directory. We must do this after the VFS init as we * depend on the realpath() pointer in the vfs table. JRA. */ - if (!lp_widelinks(snum)) { + if (!lp_safe_widelinks(snum)) { if (!canonicalize_connect_path(conn)) { DEBUG(0, ("canonicalize_connect_path failed " "for service %s, path %s\n", diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 94bdb1f495..b575800335 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -928,7 +928,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) } /* Check for widelinks allowed. */ - if (!lp_widelinks(SNUM(conn))) { + if (!lp_safe_widelinks(SNUM(conn))) { const char *conn_rootdir; conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); -- cgit