smbd: prevent non-POSIX stat-opens of symlinks in open_file()

Also adjust the test that checks for this.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 361c35303f639e4d9b288eb722c12952436b2524..68621a892d9dc1eb6bdf53fb22efa9a84332b5a8 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1458,6 +1458,16 @@ static NTSTATUS open_file(files_struct *fsp,
                        return NT_STATUS_OBJECT_NAME_NOT_FOUND;
                }
 
+               if (S_ISLNK(smb_fname->st.st_ex_mode) &&
+                   !(fsp->posix_flags & FSP_POSIX_FLAGS_OPEN))
+               {
+                       /*
+                        * Don't allow stat opens on symlinks directly unless
+                        * it's a POSIX open.
+                        */
+                       return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+               }
+
                status = smbd_check_access_rights(conn,
                                conn->cwd_fsp,
                                smb_fname,

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 5440b7288eac90989b1866e039c0b3157618a098..8ceaf831240292815579f67832198a0aeaf49f80 100644 (file)
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -8041,7 +8041,6 @@ static bool run_acl_symlink_test(int dummy)
        char *posix_acl_sym = NULL;
        size_t posix_acl_len_sym = 0;
        struct security_descriptor *sd = NULL;
-       struct security_descriptor *sd_sym = NULL;
        TALLOC_CTX *frame = NULL;
 
        frame = talloc_stackframe();
@@ -8146,7 +8145,7 @@ static bool run_acl_symlink_test(int dummy)
                goto out;
        }
 
-       /* Open a handle on the symlink. */
+       /* Try a stat-open on the symlink, should also fail. */
        status = cli_ntcreate(cli,
                        sname,
                        0,
@@ -8159,23 +8158,8 @@ static bool run_acl_symlink_test(int dummy)
                        &fnum,
                        NULL);
 
-       if (!NT_STATUS_IS_OK(status)) {
-               printf("cli_posix_open of %s failed (%s)\n",
-                       sname,
-                       nt_errstr(status));
-               goto out;
-       }
-
-       /* Get the Windows ACL on the symlink handle. Should fail */
-       status = cli_query_secdesc(cli,
-                               fnum,
-                               frame,
-                               &sd_sym);
-
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-               printf("cli_query_secdesc on a symlink gave %s. "
-                       "Should be NT_STATUS_ACCESS_DENIED.\n",
-                       nt_errstr(status));
+       if (NT_STATUS_IS_OK(status)) {
+               printf("Stat-open of symlink succeeded (should fail)\n");
                goto out;
        }
 
@@ -8193,19 +8177,6 @@ static bool run_acl_symlink_test(int dummy)
                goto out;
        }
 
-       /* Set the Windows ACL on the symlink handle. Should fail */
-       status = cli_set_security_descriptor(cli,
-                               fnum,
-                               SECINFO_DACL,
-                               sd);
-
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-               printf("cli_query_secdesc on a symlink gave %s. "
-                       "Should be NT_STATUS_ACCESS_DENIED.\n",
-                       nt_errstr(status));
-               goto out;
-       }
-
        /* Set the POSIX ACL on the symlink pathname. Should fail. */
        status = cli_posix_setacl(cli,
                                sname,