Suplementary patch for bug #7104 - "wide links" and "unix extensions" are incompatible.

Bug reported by Ralf Zimmermann <r.zimmermann@siegnetz.de>. Reproduced by jra.

If the target directory of a share doesn't exist, but is designed to
be created by a "root preexec" script call, then the widelinks check
is done too early - thus preventing the user from connecting to the
share.

Fix is to re-arrange the order of checks in make_connection_snum()
to always do the following order of operations:

(1). Turn off wide links if unix extensions = yes.
(2). Call any root preexec scripts.
(3). Canonicalize the share path to remove any symlinks (ie. end
up with the realpath in the connection_struct).

Jeremy.

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 8039d16586eb164f576f4c4def3a919aac6feff1..9d3da8352ace1a1201e59742988e8f5c8301b67e 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -850,25 +850,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
                return NULL;
        }
 
-       /*
-        * If widelinks are disallowed we need to canonicalise the connect
-        * path here to ensure we don't have any symlinks in the
-        * connectpath. We will be checking all paths on this connection are
-        * below this directory. We must do this after the VFS init as we
-        * depend on the realpath() pointer in the vfs table. JRA.
-        */
-       if (!lp_widelinks(snum)) {
-               if (!canonicalize_connect_path(conn)) {
-                       DEBUG(0, ("canonicalize_connect_path failed "
-                       "for service %s, path %s\n",
-                               lp_servicename(snum),
-                               conn->connectpath));
-                       conn_free(conn);
-                       *pstatus = NT_STATUS_BAD_NETWORK_NAME;
-                       return NULL;
-               }
-       }
-
        if ((!conn->printer) && (!conn->ipc)) {
                conn->notify_ctx = notify_init(conn, server_id_self(),
                                               smbd_messaging_context(),
@@ -877,6 +858,14 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
        }
 
 /* ROOT Activities: */ 
+       if (lp_unix_extensions() && lp_widelinks(snum)) {
+               DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
+                       "These parameters are incompatible. "
+                       "Disabling wide links for this share.\n",
+                       lp_servicename(snum) ));
+               lp_do_parameter(snum, "wide links", "False");
+       }
+
        /*
         * Enforce the max connections parameter.
         */
@@ -927,6 +916,26 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
                }
        }
 
+       /*
+        * If widelinks are disallowed we need to canonicalise the connect
+        * path here to ensure we don't have any symlinks in the
+        * connectpath. We will be checking all paths on this connection are
+        * below this directory. We must do this after the VFS init as we
+        * depend on the realpath() pointer in the vfs table. JRA.
+        */
+       if (!lp_widelinks(snum)) {
+               if (!canonicalize_connect_path(conn)) {
+                       DEBUG(0, ("canonicalize_connect_path failed "
+                       "for service %s, path %s\n",
+                               lp_servicename(snum),
+                               conn->connectpath));
+                       yield_connection(conn, lp_servicename(snum));
+                       conn_free(conn);
+                       *pstatus = NT_STATUS_BAD_NETWORK_NAME;
+                       return NULL;
+               }
+       }
+
 /* USER Activites: */
        if (!change_to_user(conn, conn->vuid)) {
                /* No point continuing if they fail the basic checks */
@@ -1039,14 +1048,6 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
        }
 #endif
 
-       if (lp_unix_extensions() && lp_widelinks(snum)) {
-               DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
-                       "These parameters are incompatible. "
-                       "Disabling wide links for this share.\n",
-                       lp_servicename(snum) ));
-               lp_do_parameter(snum, "wide links", "False");
-       }
-
        /* Figure out the characteristics of the underlying filesystem. This
         * assumes that all the filesystem mounted withing a share path have
         * the same characteristics, which is likely but not guaranteed.