vfs: Fix "wide links = yes"

vfs_wide_links hides symlinks from the rest of smbd, and it implicitly
follows symlinks. Also, O_PATH will expose symlinks to the rest of
smbd, remove that.

We also need to do this for posix paths, as deep inside
rename_internals we want to avoid case-insensitive lookups by setting
SMB_FILENAME_POSIX_PATH.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15841

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 16 20:56:33 UTC 2025 on atb-devel-224

(cherry picked from commit 9e637a28bd0b5adc2d90df9ca4a1c864a648b0f4)

Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Thu Apr 17 15:00:12 UTC 2025 on atb-devel-224

diff --git a/source3/modules/vfs_widelinks.c b/source3/modules/vfs_widelinks.c
index 4339f6de9e00a55502bad1b8d90f408aa991e0a8..df00d72707da999984fbc474866e88dda7993c46 100644 (file)
--- a/source3/modules/vfs_widelinks.c
+++ b/source3/modules/vfs_widelinks.c
@@ -354,15 +354,17 @@ static int widelinks_openat(vfs_handle_struct *handle,
                                struct widelinks_config,
                                return -1);
 
-       if (config->active &&
-           (config->cwd != NULL) &&
-           !(smb_fname->flags & SMB_FILENAME_POSIX_PATH))
-       {
+       if (config->active && (config->cwd != NULL)) {
                /*
                 * Module active, openat after chdir (see note 1b above) and not
                 * a POSIX open (POSIX sees symlinks), so remove O_NOFOLLOW.
                 */
                how.flags = (how.flags & ~O_NOFOLLOW);
+#ifdef O_PATH
+               how.flags = (how.flags & ~O_PATH);
+#endif
+               how.resolve = (how.resolve &
+                              ~(VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS));
        }
 
        ret = SMB_VFS_NEXT_OPENAT(handle,