From bd269443e311d96ef495a9db47d1b95eb83bb8f4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 5 Feb 2010 15:20:18 -0800
Subject: Fix bug 7104 - "wide links" and "unix extensions" are incompatible.

Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.

Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.

Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.

Jeremy.
---
 docs-xml/smbdotconf/misc/widelinks.xml          | 13 +++++++++----
 docs-xml/smbdotconf/protocol/unixextensions.xml |  3 +++
 2 files changed, 12 insertions(+), 4 deletions(-)

(limited to 'docs-xml')

diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index fb707c1950..1c30bb768a 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -9,10 +9,15 @@
 	server are always allowed; this parameter controls access only 
 	to areas that are outside the directory tree being exported.</para>
 
-	<para>Note that setting this parameter can have a negative 
-	effect on your server performance due to the extra system calls 
-	that Samba has to  do in order to perform the link checks.</para>
+	<para>Note: Turning this parameter on when UNIX extensions are enabled
+	will allow UNIX clients to create symbolic links on the share that
+	can point to files or directories outside restricted path exported
+	by the share definition. This can cause access to areas outside of
+	the share. Due to this problem, this parameter will be automatically
+	disabled (with a message in the log file) if the
+	<smbconfoption name="unix extensions"/> option is on.
+	</para>
 </description>
 
-<value type="default">yes</value>
+<value type="default">no</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml
index da9ad10a29..36e72d2a9f 100644
--- a/docs-xml/smbdotconf/protocol/unixextensions.xml
+++ b/docs-xml/smbdotconf/protocol/unixextensions.xml
@@ -10,6 +10,9 @@
     by supporting features such as symbolic links, hard links, etc...
     These extensions require a similarly enabled client, and are of
     no current use to Windows clients.</para>
+    <para>
+    Note if this parameter is turned on, the <smbconfoption name="wide links"/>
+    parameter will automatically be disabled.
 </description>
 
 <value type="default">yes</value>
-- 
cgit