s3: smbd: Fix "follow symlink = no" regression part 2.

Add an extra paramter to cwd_name to check_reduced_name().

If cwd_name == NULL then fname is a client given path relative
to the root path of the share.

If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.

Not yet used, logic added in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 046ce9c8391ce4347cc387a5ee1493f52e6c673c..9f72f99896abfee712f3907ed72fb9c6f7b2915c 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1240,7 +1240,7 @@ NTSTATUS check_name(connection_struct *conn, const char *name)
        }
 
        if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
-               status = check_reduced_name(conn,name);
+               status = check_reduced_name(conn, NULL, name);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(5,("check_name: name %s failed with %s\n",name,
                                                nt_errstr(status)));

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 0b6648739fb18e26fd2e315752feb90b7b05d85b..f19af87103b738fa14575f78db22a5ac578dc0da 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -546,7 +546,7 @@ static int non_widelink_open(struct connection_struct *conn,
        }
 
        /* Ensure the relative path is below the share. */
-       status = check_reduced_name(conn, final_component);
+       status = check_reduced_name(conn, parent_dir, final_component);
        if (!NT_STATUS_IS_OK(status)) {
                saved_errno = map_errno_from_nt_status(status);
                goto out;

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 77a3b21d02dd05ba4a03678b14c52e5818e5ca75..44a2daaf52328f744302b5ef7dc7b09e74662741 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1199,7 +1199,9 @@ const char *vfs_readdirname(connection_struct *conn, void *p,
                            SMB_STRUCT_STAT *sbuf, char **talloced);
 int vfs_ChDir(connection_struct *conn, const char *path);
 char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn);
-NTSTATUS check_reduced_name(connection_struct *conn, const char *fname);
+NTSTATUS check_reduced_name(connection_struct *conn,
+                       const char *cwd_name,
+                       const char *fname);
 NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
                        const char *fname,
                        struct smb_request *smbreq);

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index c358f78408f61741c756d5bb86de826fdff2354e..22054674435a222f769985d538e0cdd8566e108a 100644 (file)
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1149,9 +1149,17 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
 /*******************************************************************
  Reduce a file name, removing .. elements and checking that
  it is below dir in the heirachy. This uses realpath.
+
+ If cwd_name == NULL then fname is a client given path relative
+ to the root path of the share.
+
+ If cwd_name != NULL then fname is a client given path relative
+ to cwd_name. cwd_name is relative to the root path of the share.
 ********************************************************************/
 
-NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
+NTSTATUS check_reduced_name(connection_struct *conn,
+                               const char *cwd_name,
+                               const char *fname)
 {
        char *resolved_name = NULL;
        bool allow_symlinks = true;