From 662e9c04fbdf8e01036ab98783693051b0eb9c7e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 21 Oct 2011 14:12:41 -0700
Subject: Fix bug #8541 - readlink() on Linux clients fails if the symlink
 target is outside of the share.

The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink,
but disallow all other operations.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 01:37:41 CEST 2011 on sn-devel-104
---
 source3/smbd/filename.c | 34 +++++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 7 deletions(-)

(limited to 'source3/smbd/filename.c')

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index b7c7831008..722da31659 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -977,25 +977,39 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 }
 
 /****************************************************************************
- Check a filename - possibly calling check_reduced_name.
- This is called by every routine before it allows an operation on a filename.
- It does any final confirmation necessary to ensure that the filename is
- a valid one for the user to access.
+ Ensure a path is not vetod.
 ****************************************************************************/
 
-NTSTATUS check_name(connection_struct *conn, const char *name)
+NTSTATUS check_veto_path(connection_struct *conn, const char *name)
 {
 	if (IS_VETO_PATH(conn, name))  {
 		/* Is it not dot or dot dot. */
 		if (!(ISDOT(name) || ISDOTDOT(name))) {
-			DEBUG(5,("check_name: file path name %s vetoed\n",
+			DEBUG(5,("check_veto_path: file path name %s vetoed\n",
 						name));
 			return map_nt_error_from_unix(ENOENT);
 		}
 	}
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Check a filename - possibly calling check_reduced_name.
+ This is called by every routine before it allows an operation on a filename.
+ It does any final confirmation necessary to ensure that the filename is
+ a valid one for the user to access.
+****************************************************************************/
+
+NTSTATUS check_name(connection_struct *conn, const char *name)
+{
+	NTSTATUS status = check_veto_path(conn, name);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
 	if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) {
-		NTSTATUS status = check_reduced_name(conn,name);
+		status = check_reduced_name(conn,name);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(5,("check_name: name %s failed with %s\n",name,
 						nt_errstr(status)));
@@ -1313,6 +1327,12 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
 		return status;
 	}
 
+	if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) &&
+			VALID_STAT((*pp_smb_fname)->st) &&
+			S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) {
+		return check_veto_path(conn, (*pp_smb_fname)->base_name);
+	}
+
 	status = check_name(conn, (*pp_smb_fname)->base_name);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(3,("filename_convert: check_name failed "
-- 
cgit