diff options
author | Jeremy Allison <jra@samba.org> | 2017-03-27 17:09:38 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-03-31 08:18:30 +0200 |
commit | 80b8fa02208427f41a6315d331cd0aba01d8647e (patch) | |
tree | be5558ccee2734e7442df386e992bfb53d266524 | |
parent | de57712c46c43cb2940e3ead2a01dcc26c314132 (diff) | |
download | samba-80b8fa02208427f41a6315d331cd0aba01d8647e.tar.gz |
s3: smbd: Fix "follow symlink = no" regression part 2.
Use the cwd_name parameter to reconstruct the original
client name for symlink testing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
-rw-r--r-- | source3/smbd/vfs.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 22054674435..254337f05b8 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -1162,6 +1162,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) { char *resolved_name = NULL; + char *new_fname = NULL; bool allow_symlinks = true; bool allow_widelinks = false; @@ -1303,11 +1304,32 @@ NTSTATUS check_reduced_name(connection_struct *conn, } p++; + + /* + * If cwd_name is present and not ".", + * then fname is relative to that, not + * the root of the share. Make sure the + * path we check is the one the client + * sent (cwd_name+fname). + */ + if (cwd_name != NULL && !ISDOT(cwd_name)) { + new_fname = talloc_asprintf(talloc_tos(), + "%s/%s", + cwd_name, + fname); + if (new_fname == NULL) { + SAFE_FREE(resolved_name); + return NT_STATUS_NO_MEMORY; + } + fname = new_fname; + } + if (strcmp(fname, p)!=0) { DEBUG(2, ("check_reduced_name: Bad access " "attempt: %s is a symlink to %s\n", fname, p)); SAFE_FREE(resolved_name); + TALLOC_FREE(new_fname); return NT_STATUS_ACCESS_DENIED; } } @@ -1317,6 +1339,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, DBG_INFO("%s reduced to %s\n", fname, resolved_name); SAFE_FREE(resolved_name); + TALLOC_FREE(new_fname); return NT_STATUS_OK; } |