From cb03592c067a8e475a5f96f72aa0e84ba176a747 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 28 May 2004 01:54:01 +0000 Subject: r933: When using widelinks = no, use realpath to canonicalize the connection path on connection create for the user. We'll be checking all symlinked paths are below this directory. Jeremy. (This used to be commit b562fe9fbca4971059b913959bbaca02af42c1a4) --- source3/smbd/filename.c | 2 +- source3/smbd/service.c | 14 ++++++++++++++ source3/smbd/vfs.c | 27 ++++++++++++++++++++++++++- 3 files changed, 41 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 5e5f572691..67329b51e6 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -135,7 +135,7 @@ BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_componen if (SMB_VFS_STAT(conn,name,&st) == 0) { *pst = st; } - DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); + DEBUG(5,("conversion finished \"\" -> %s\n",name)); return(True); } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c74537c299..192a043bf5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -499,6 +499,20 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } + /* + * If widelinks are disallowed we need to canonicalise the + * connect path here to ensure we don't have any symlinks in + * the connectpath. We will be checking all paths on this + * connection are below this directory. We must do this after + * the VFS init as we depend on the realpath() pointer in the vfs table. JRA. + */ + if (!lp_widelinks(snum)) { + pstring s; + pstrcpy(s,conn->connectpath); + canonicalize_path(conn, s); + string_set(&conn->connectpath,s); + } + /* ROOT Activities: */ /* check number of connections */ if (!claim_connection(conn, diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index a415e0470e..86f180e543 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -784,6 +784,31 @@ char *vfs_GetWd(connection_struct *conn, char *path) return (path); } +BOOL canonicalize_path(connection_struct *conn, pstring path) +{ +#ifdef REALPATH_TAKES_NULL + char *resolved_name = SMB_VFS_REALPATH(conn,path,NULL); + if (!resolved_name) { + return False; + } + pstrcpy(path, resolved_name); + SAFE_FREE(resolved_name); + return True; +#else +#ifdef PATH_MAX + char resolved_name_buf[PATH_MAX+1]; +#else + pstring resolved_name_buf; +#endif + char *resolved_name = SMB_VFS_REALPATH(conn,path,resolved_name_buf); + if (!resolved_name) { + return False; + } + pstrcpy(path, resolved_name); + return True; +#endif /* REALPATH_TAKES_NULL */ +} + /******************************************************************* Reduce a file name, removing .. elements and checking that it is below dir in the heirachy. This uses realpath. @@ -879,7 +904,7 @@ BOOL reduce_name(connection_struct *conn, pstring fname) } if (strncmp(conn->connectpath, resolved_name, con_path_len) != 0) { - DEBUG(2, ("reduce_name: Bad access attemt: %s is a symlink outside the share path", fname)); + DEBUG(2, ("reduce_name: Bad access attempt: %s is a symlink outside the share path", fname)); if (free_resolved_name) SAFE_FREE(resolved_name); return False; -- cgit