From: Jeremy Allison <jra@samba.org>
Date: Mon, 1 Aug 2022 21:40:54 +0000 (-0700)
Subject: s3: smbd: In filename_convert_dirfsp(), allow SMB1+POSIX to traverse non-terminal... 
X-Git-Tag: samba-4.17.0rc1~152
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6fd8f7fd18f6491c906f9281d316c87aab854f67;p=thirdparty%2Fsamba.git

s3: smbd: In filename_convert_dirfsp(), allow SMB1+POSIX to traverse non-terminal symlinks.

This is the behavior of filename_convert() and
we need to allow it for the legacy SMB1+POSIX libsmbclient
libraries already deployed out there.

When we add SMB2 POSIX we must disallow symlink
traversal over any symlinks, the client must
resolve symlinks locally.

Add a note to show this is where we need to add
an error for SMB2+POSIX names with UCF_POSIX_PATHNAMES
set.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 3f0c395fd8f..27650326ade 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -3081,12 +3081,17 @@ next:
 		return NT_STATUS_OBJECT_PATH_NOT_FOUND;
 	}
 
-	if (ucf_flags & UCF_POSIX_PATHNAMES) {
-		/*
-		 * SMB1 posix never traverses symlinks
-		 */
-		return NT_STATUS_OBJECT_PATH_NOT_FOUND;
-	}
+	/*
+	 * Right now, SMB2 and SMB1 always traverse symlinks
+	 * within the share. SMB1+POSIX traverses non-terminal
+	 * symlinks within the share.
+	 *
+	 * When we add SMB2+POSIX we need to return
+	 * a NT_STATUS_STOPPED_ON_SYMLINK error here, using the
+	 * symlink target data read below if SMB2+POSIX has
+	 * UCF_POSIX_PATHNAMES set to cause the client to
+	 * resolve all symlinks locally.
+	 */
 
 	target = symlink_target_path(mem_ctx, name_in, substitute, unparsed);
 	if (target == NULL) {