669 lines
20 KiB
Diff
669 lines
20 KiB
Diff
From 05cbf6e66f6989e383904ac582dae9515ac3a838 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Thu, 21 Oct 2021 16:37:27 -0700
|
|
Subject: [PATCH 1/7] s3: smbd: Add two tests showing the ability to delete a
|
|
directory containing a dangling symlink over SMB2 depends on "delete veto
|
|
files" setting.
|
|
|
|
Add knownfail.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit 942123b95923f35a32df4196a072a3ed3468396a)
|
|
---
|
|
selftest/knownfail.d/rmdir_dangle_symlink | 1 +
|
|
selftest/target/Samba3.pm | 4 +
|
|
.../test_delete_veto_files_only_rmdir.sh | 183 ++++++++++++++++++
|
|
source3/selftest/tests.py | 3 +
|
|
4 files changed, 191 insertions(+)
|
|
create mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
|
|
create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh
|
|
|
|
diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
|
|
new file mode 100644
|
|
index 00000000000..c775dc5fe15
|
|
--- /dev/null
|
|
+++ b/selftest/knownfail.d/rmdir_dangle_symlink
|
|
@@ -0,0 +1 @@
|
|
+^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
|
|
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
|
index 2fdab781fda..8ecfc1aaf82 100755
|
|
--- a/selftest/target/Samba3.pm
|
|
+++ b/selftest/target/Samba3.pm
|
|
@@ -1738,6 +1738,10 @@ sub setup_fileserver
|
|
veto files = /veto_name*/
|
|
delete veto files = yes
|
|
|
|
+[delete_veto_files_only]
|
|
+ path = $veto_sharedir
|
|
+ delete veto files = yes
|
|
+
|
|
[homes]
|
|
comment = Home directories
|
|
browseable = No
|
|
diff --git a/source3/script/tests/test_delete_veto_files_only_rmdir.sh b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
|
|
new file mode 100755
|
|
index 00000000000..d2c3b2198f7
|
|
--- /dev/null
|
|
+++ b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
|
|
@@ -0,0 +1,183 @@
|
|
+#!/bin/sh
|
|
+#
|
|
+# Check smbclient can (or cannot) delete a directory containing dangling symlinks.
|
|
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
+#
|
|
+
|
|
+if [ $# -lt 6 ]; then
|
|
+cat <<EOF
|
|
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
|
|
+EOF
|
|
+exit 1;
|
|
+fi
|
|
+
|
|
+SERVER=${1}
|
|
+SERVER_IP=${2}
|
|
+USERNAME=${3}
|
|
+PASSWORD=${4}
|
|
+SHAREPATH=${5}
|
|
+SMBCLIENT=${6}
|
|
+shift 6
|
|
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
|
|
+ADDARGS="$@"
|
|
+
|
|
+incdir=$(dirname "$0")/../../../testprogs/blackbox
|
|
+. $incdir/subunit.sh
|
|
+
|
|
+failed=0
|
|
+
|
|
+rmdir_path="$SHAREPATH/dir"
|
|
+
|
|
+#
|
|
+# Using the share "[delete_veto_files_only]" we CAN delete
|
|
+# a directory containing only a dangling symlink.
|
|
+#
|
|
+test_dangle_symlink_delete_veto_rmdir()
|
|
+{
|
|
+ local dangle_symlink_path="$rmdir_path/bad_link"
|
|
+ local tmpfile=$PREFIX/smbclient.in.$$
|
|
+
|
|
+ # Create rmdir directory.
|
|
+ mkdir -p "$rmdir_path"
|
|
+ # Create dangling symlink underneath.
|
|
+ ln -s "nowhere-foo" "$dangle_symlink_path"
|
|
+
|
|
+ cat > "$tmpfile" <<EOF
|
|
+cd dir
|
|
+ls
|
|
+quit
|
|
+EOF
|
|
+
|
|
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
|
|
+ eval echo "$cmd"
|
|
+ out=$(eval "$cmd")
|
|
+ ret=$?
|
|
+
|
|
+ # Check for smbclient error.
|
|
+ if [ $ret != 0 ] ; then
|
|
+ echo "Failed accessing share delete_veto_files_only - $ret"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # We should NOT see the dangling symlink file.
|
|
+ echo "$out" | grep bad_link
|
|
+ ret=$?
|
|
+ if [ $ret -eq 0 ] ; then
|
|
+ echo "Saw dangling symlink bad_link in share delete_veto_files_only"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # Try and remove the directory, should succeed.
|
|
+ cat > "$tmpfile" <<EOF
|
|
+rd dir
|
|
+quit
|
|
+EOF
|
|
+
|
|
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
|
|
+ eval echo "$cmd"
|
|
+ out=$(eval "$cmd")
|
|
+ ret=$?
|
|
+
|
|
+ # Check for smbclient error.
|
|
+ if [ $ret != 0 ] ; then
|
|
+ echo "Failed accessing share delete_veto_files_only - $ret"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # We should get no NT_STATUS_ errors.
|
|
+ echo "$out" | grep NT_STATUS_
|
|
+ ret=$?
|
|
+ if [ $ret -eq 0 ] ; then
|
|
+ echo "Got error NT_STATUS_ in share delete_veto_files_only"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ return 0
|
|
+}
|
|
+
|
|
+#
|
|
+# Using the share "[veto_files_nodelete]" we CANNOT delete
|
|
+# a directory containing only a dangling symlink.
|
|
+#
|
|
+test_dangle_symlink_veto_files_nodelete()
|
|
+{
|
|
+ local dangle_symlink_path="$rmdir_path/bad_link"
|
|
+ local tmpfile=$PREFIX/smbclient.in.$$
|
|
+
|
|
+ # Create rmdir directory.
|
|
+ mkdir -p "$rmdir_path"
|
|
+ # Create dangling symlink underneath.
|
|
+ ln -s "nowhere-foo" "$dangle_symlink_path"
|
|
+
|
|
+ cat > "$tmpfile" <<EOF
|
|
+cd dir
|
|
+ls
|
|
+quit
|
|
+EOF
|
|
+
|
|
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
|
|
+ eval echo "$cmd"
|
|
+ out=$(eval "$cmd")
|
|
+ ret=$?
|
|
+
|
|
+ # Check for smbclient error.
|
|
+ if [ $ret != 0 ] ; then
|
|
+ echo "Failed accessing share veto_files_nodelete - $ret"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # We should NOT see the dangling symlink file.
|
|
+ echo "$out" | grep bad_link
|
|
+ ret=$?
|
|
+ if [ $ret -eq 0 ] ; then
|
|
+ echo "Saw dangling symlink bad_link in share veto_files_nodelete"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # Try and remove the directory, should fail with DIRECTORY_NOT_EMPTY.
|
|
+ cat > "$tmpfile" <<EOF
|
|
+rd dir
|
|
+quit
|
|
+EOF
|
|
+
|
|
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
|
|
+ eval echo "$cmd"
|
|
+ out=$(eval "$cmd")
|
|
+ ret=$?
|
|
+
|
|
+ # Check for smbclient error.
|
|
+ if [ $ret != 0 ] ; then
|
|
+ echo "Failed accessing share veto_files_nodelete - $ret"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # We should get NT_STATUS_DIRECTORY_NOT_EMPTY errors.
|
|
+ echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
|
|
+ ret=$?
|
|
+ if [ $ret -ne 0 ] ; then
|
|
+ echo "Should get NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
|
|
+ echo "$out"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ return 0
|
|
+}
|
|
+
|
|
+
|
|
+testit "rmdir can delete directory containing dangling symlink" \
|
|
+ test_dangle_symlink_delete_veto_rmdir || failed=$(expr "$failed" + 1)
|
|
+
|
|
+rm -rf "$rmdir_path"
|
|
+
|
|
+testit "rmdir cannot delete directory delete_veto_files_no containing dangling symlink" \
|
|
+ test_dangle_symlink_veto_files_nodelete || failed=$(expr "$failed" + 1)
|
|
+
|
|
+rm -rf "$rmdir_path"
|
|
+exit "$failed"
|
|
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
|
index 24c8e0a1960..e39009635a6 100755
|
|
--- a/source3/selftest/tests.py
|
|
+++ b/source3/selftest/tests.py
|
|
@@ -542,6 +542,9 @@ for env in ["fileserver"]:
|
|
plantestsuite("samba3.blackbox.test_veto_rmdir", env,
|
|
[os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
|
|
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
|
|
+ plantestsuite("samba3.blackbox.test_dangle_rmdir", env,
|
|
+ [os.path.join(samba3srcdir, "script/tests/test_delete_veto_files_only_rmdir.sh"),
|
|
+ '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
|
|
|
|
#
|
|
# tar command tests
|
|
--
|
|
2.30.2
|
|
|
|
|
|
From 5530e76aa6255c2b210978c07dd4b859373ded64 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Mon, 25 Oct 2021 12:01:58 -0700
|
|
Subject: [PATCH 2/7] s3: VFS: streams_depot. Allow unlinkat to cope with
|
|
dangling symlinks.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit 295d7d026babe3cd5123d0f53adcb16868907f05)
|
|
---
|
|
source3/modules/vfs_streams_depot.c | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
|
|
index 973edeeda24..ae73ba965a5 100644
|
|
--- a/source3/modules/vfs_streams_depot.c
|
|
+++ b/source3/modules/vfs_streams_depot.c
|
|
@@ -823,6 +823,16 @@ static int streams_depot_unlink_internal(vfs_handle_struct *handle,
|
|
ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
|
|
} else {
|
|
ret = SMB_VFS_NEXT_STAT(handle, full_fname);
|
|
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
|
|
+ if (VALID_STAT(smb_fname->st) &&
|
|
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
|
|
+ /*
|
|
+ * Original name was a link - Could be
|
|
+ * trying to remove a dangling symlink.
|
|
+ */
|
|
+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
|
|
+ }
|
|
+ }
|
|
}
|
|
if (ret == -1) {
|
|
TALLOC_FREE(full_fname);
|
|
--
|
|
2.30.2
|
|
|
|
|
|
From 9938ef02b42f1578e758010b9c4b7a149a9d39c8 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Mon, 25 Oct 2021 12:02:43 -0700
|
|
Subject: [PATCH 3/7] s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling
|
|
symlinks.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit f254be19d6501a4f573843af97963e350a9ee2ed)
|
|
---
|
|
source3/modules/vfs_xattr_tdb.c | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
|
|
index daa99b2cc3e..42c570b54b3 100644
|
|
--- a/source3/modules/vfs_xattr_tdb.c
|
|
+++ b/source3/modules/vfs_xattr_tdb.c
|
|
@@ -520,6 +520,16 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle,
|
|
ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
|
|
} else {
|
|
ret = SMB_VFS_NEXT_STAT(handle, full_fname);
|
|
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
|
|
+ if (VALID_STAT(smb_fname->st) &&
|
|
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
|
|
+ /*
|
|
+ * Original name was a link - Could be
|
|
+ * trying to remove a dangling symlink.
|
|
+ */
|
|
+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
|
|
+ }
|
|
+ }
|
|
}
|
|
if (ret == -1) {
|
|
goto out;
|
|
--
|
|
2.30.2
|
|
|
|
|
|
From 38ca6d51a07b2ff26e6447846d62c72aabee3606 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Mon, 25 Oct 2021 12:21:37 -0700
|
|
Subject: [PATCH 4/7] s3: smbd: Fix rmdir_internals() to do an early return if
|
|
lp_delete_veto_files() is not set.
|
|
|
|
Fix the comments to match what the code actually does. The
|
|
exit at the end of the scan directory loop if we find a client
|
|
visible filename is a change in behavior, but the previous
|
|
behavior (not exist on visible filename, but delete it) was
|
|
a bug and in non-tested code. Now it's testd.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f)
|
|
---
|
|
source3/smbd/close.c | 36 ++++++++++++++++++++++--------------
|
|
1 file changed, 22 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
|
|
index 470ca7f1b6d..484442ddc17 100644
|
|
--- a/source3/smbd/close.c
|
|
+++ b/source3/smbd/close.c
|
|
@@ -965,8 +965,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
|
|
struct smb_filename *smb_dname = fsp->fsp_name;
|
|
struct smb_filename *parent_fname = NULL;
|
|
struct smb_filename *at_fname = NULL;
|
|
- const struct loadparm_substitution *lp_sub =
|
|
- loadparm_s3_global_substitution();
|
|
SMB_STRUCT_STAT st;
|
|
const char *dname = NULL;
|
|
char *talloced = NULL;
|
|
@@ -1026,9 +1024,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
- if (!((errno == ENOTEMPTY) || (errno == EEXIST)) ||
|
|
- !*lp_veto_files(talloc_tos(), lp_sub, SNUM(conn)))
|
|
- {
|
|
+ if (!((errno == ENOTEMPTY) || (errno == EEXIST))) {
|
|
DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
|
|
"%s\n", smb_fname_str_dbg(smb_dname),
|
|
strerror(errno)));
|
|
@@ -1036,11 +1032,21 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
|
|
return map_nt_error_from_unix(errno);
|
|
}
|
|
|
|
+ /*
|
|
+ * Here we know the initial directory unlink failed with
|
|
+ * ENOTEMPTY or EEXIST so we know there are objects within.
|
|
+ * If we don't have permission to delete files non
|
|
+ * visible to the client just fail the directory delete.
|
|
+ */
|
|
+
|
|
+ if (!lp_delete_veto_files(SNUM(conn))) {
|
|
+ errno = ENOTEMPTY;
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
/*
|
|
* Check to see if the only thing in this directory are
|
|
- * vetoed files/directories. If so then delete them and
|
|
- * retry. If we fail to delete any of them (and we *don't*
|
|
- * do a recursive delete) then fail the rmdir.
|
|
+ * files non-visible to the client. If not, fail the delete.
|
|
*/
|
|
|
|
dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
|
|
@@ -1133,16 +1139,18 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
|
|
continue;
|
|
}
|
|
|
|
+ /*
|
|
+ * We found a client visible name.
|
|
+ * We cannot delete this directory.
|
|
+ */
|
|
+ DBG_DEBUG("got name %s - "
|
|
+ "can't delete directory %s\n",
|
|
+ dname,
|
|
+ fsp_str_dbg(fsp));
|
|
TALLOC_FREE(talloced);
|
|
TALLOC_FREE(fullname);
|
|
TALLOC_FREE(smb_dname_full);
|
|
TALLOC_FREE(direntry_fname);
|
|
- }
|
|
-
|
|
- /* We only have veto files/directories.
|
|
- * Are we allowed to delete them ? */
|
|
-
|
|
- if (!lp_delete_veto_files(SNUM(conn))) {
|
|
errno = ENOTEMPTY;
|
|
goto err;
|
|
}
|
|
--
|
|
2.30.2
|
|
|
|
|
|
From a8bc5af4ded62d80dca97622f5c90b0ebab5c130 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Mon, 25 Oct 2021 12:32:29 -0700
|
|
Subject: [PATCH 5/7] s3: smbd: Fix logic in rmdir_internals() to cope with
|
|
dangling symlinks.
|
|
|
|
Still need to add the same logic in can_delete_directory_fsp()
|
|
before we can delete the knownfail.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit 26fecad2e66e91a3913d88ee2e0889f266e91d89)
|
|
---
|
|
source3/smbd/close.c | 56 ++++++++++++++++++++++++++++++++++++++++----
|
|
1 file changed, 51 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
|
|
index 484442ddc17..7178257efcc 100644
|
|
--- a/source3/smbd/close.c
|
|
+++ b/source3/smbd/close.c
|
|
@@ -1103,15 +1103,61 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
|
|
goto err;
|
|
}
|
|
|
|
- /*
|
|
- * is_visible_fsp() always returns true
|
|
- * for the symlink/MSDFS case.
|
|
- */
|
|
if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
|
|
+ /* Could it be an msdfs link ? */
|
|
+ if (lp_host_msdfs() &&
|
|
+ lp_msdfs_root(SNUM(conn))) {
|
|
+ struct smb_filename *smb_atname;
|
|
+ smb_atname = synthetic_smb_fname(talloc_tos(),
|
|
+ dname,
|
|
+ NULL,
|
|
+ &smb_dname_full->st,
|
|
+ fsp->fsp_name->twrp,
|
|
+ fsp->fsp_name->flags);
|
|
+ if (smb_atname == NULL) {
|
|
+ TALLOC_FREE(talloced);
|
|
+ TALLOC_FREE(fullname);
|
|
+ TALLOC_FREE(smb_dname_full);
|
|
+ errno = ENOMEM;
|
|
+ goto err;
|
|
+ }
|
|
+ if (is_msdfs_link(fsp, smb_atname)) {
|
|
+ TALLOC_FREE(talloced);
|
|
+ TALLOC_FREE(fullname);
|
|
+ TALLOC_FREE(smb_dname_full);
|
|
+ TALLOC_FREE(smb_atname);
|
|
+ DBG_DEBUG("got msdfs link name %s "
|
|
+ "- can't delete directory %s\n",
|
|
+ dname,
|
|
+ fsp_str_dbg(fsp));
|
|
+ errno = ENOTEMPTY;
|
|
+ goto err;
|
|
+ }
|
|
+ TALLOC_FREE(smb_atname);
|
|
+ }
|
|
+
|
|
+ /* Not a DFS link - could it be a dangling symlink ? */
|
|
+ ret = SMB_VFS_STAT(conn, smb_dname_full);
|
|
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
|
|
+ /*
|
|
+ * Dangling symlink.
|
|
+ * Allow delete as "delete veto files = yes"
|
|
+ */
|
|
+ TALLOC_FREE(talloced);
|
|
+ TALLOC_FREE(fullname);
|
|
+ TALLOC_FREE(smb_dname_full);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ DBG_DEBUG("got symlink name %s - "
|
|
+ "can't delete directory %s\n",
|
|
+ dname,
|
|
+ fsp_str_dbg(fsp));
|
|
TALLOC_FREE(talloced);
|
|
TALLOC_FREE(fullname);
|
|
TALLOC_FREE(smb_dname_full);
|
|
- continue;
|
|
+ errno = ENOTEMPTY;
|
|
+ goto err;
|
|
}
|
|
|
|
/* Not a symlink, get a pathref. */
|
|
--
|
|
2.30.2
|
|
|
|
|
|
From a1fb0d7bcf0791066b23e909c4f3a7a89bab6034 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Mon, 25 Oct 2021 12:36:57 -0700
|
|
Subject: [PATCH 6/7] s3: smbd: Fix logic in can_delete_directory_fsp() to cope
|
|
with dangling symlinks.
|
|
|
|
Remove knownfail.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
(cherry picked from commit e9ef970eee5eca8ab3720279c54098e91d2dfda9)
|
|
---
|
|
selftest/knownfail.d/rmdir_dangle_symlink | 1 -
|
|
source3/smbd/dir.c | 55 ++++++++++++++++++++---
|
|
2 files changed, 49 insertions(+), 7 deletions(-)
|
|
delete mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
|
|
|
|
diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
|
|
deleted file mode 100644
|
|
index c775dc5fe15..00000000000
|
|
--- a/selftest/knownfail.d/rmdir_dangle_symlink
|
|
+++ /dev/null
|
|
@@ -1 +0,0 @@
|
|
-^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
|
|
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
|
|
index 174f07b1159..4d61bb0d56d 100644
|
|
--- a/source3/smbd/dir.c
|
|
+++ b/source3/smbd/dir.c
|
|
@@ -1922,16 +1922,59 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
|
|
break;
|
|
}
|
|
|
|
- /*
|
|
- * is_visible_fsp() always returns true
|
|
- * for the symlink/MSDFS case.
|
|
- */
|
|
-
|
|
if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
|
|
+ /* Could it be an msdfs link ? */
|
|
+ if (lp_host_msdfs() &&
|
|
+ lp_msdfs_root(SNUM(conn))) {
|
|
+ struct smb_filename *smb_dname;
|
|
+ smb_dname = synthetic_smb_fname(talloc_tos(),
|
|
+ dname,
|
|
+ NULL,
|
|
+ &smb_dname_full->st,
|
|
+ fsp->fsp_name->twrp,
|
|
+ fsp->fsp_name->flags);
|
|
+ if (smb_dname == NULL) {
|
|
+ TALLOC_FREE(talloced);
|
|
+ TALLOC_FREE(fullname);
|
|
+ TALLOC_FREE(smb_dname_full);
|
|
+ status = NT_STATUS_NO_MEMORY;
|
|
+ break;
|
|
+ }
|
|
+ if (is_msdfs_link(fsp, smb_dname)) {
|
|
+ TALLOC_FREE(talloced);
|
|
+ TALLOC_FREE(fullname);
|
|
+ TALLOC_FREE(smb_dname_full);
|
|
+ TALLOC_FREE(smb_dname);
|
|
+ DBG_DEBUG("got msdfs link name %s "
|
|
+ "- can't delete directory %s\n",
|
|
+ dname,
|
|
+ fsp_str_dbg(fsp));
|
|
+ status = NT_STATUS_DIRECTORY_NOT_EMPTY;
|
|
+ break;
|
|
+ }
|
|
+ TALLOC_FREE(smb_dname);
|
|
+ }
|
|
+ /* Not a DFS link - could it be a dangling symlink ? */
|
|
+ ret = SMB_VFS_STAT(conn, smb_dname_full);
|
|
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
|
|
+ /*
|
|
+ * Dangling symlink.
|
|
+ * Allow if "delete veto files = yes"
|
|
+ */
|
|
+ if (lp_delete_veto_files(SNUM(conn))) {
|
|
+ TALLOC_FREE(talloced);
|
|
+ TALLOC_FREE(fullname);
|
|
+ TALLOC_FREE(smb_dname_full);
|
|
+ continue;
|
|
+ }
|
|
+ }
|
|
+ DBG_DEBUG("got symlink name %s - "
|
|
+ "can't delete directory %s\n",
|
|
+ dname,
|
|
+ fsp_str_dbg(fsp));
|
|
TALLOC_FREE(talloced);
|
|
TALLOC_FREE(fullname);
|
|
TALLOC_FREE(smb_dname_full);
|
|
- DBG_DEBUG("got name %s - can't delete\n", dname);
|
|
status = NT_STATUS_DIRECTORY_NOT_EMPTY;
|
|
break;
|
|
}
|
|
--
|
|
2.30.2
|
|
|
|
|
|
From 2a6f19df3f1588dbf60b86b520798b88861d2179 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Allison <jra@samba.org>
|
|
Date: Mon, 25 Oct 2021 12:42:02 -0700
|
|
Subject: [PATCH 7/7] s3: docs-xml: Clarify the "delete veto files" paramter.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
|
|
Autobuild-User(master): Ralph Böhme <slow@samba.org>
|
|
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184
|
|
|
|
(cherry picked from commit 0b818c6b77e972626d0b071bebcf4ce55619fb84)
|
|
---
|
|
docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml
|
|
index 581dc05396d..570d4ac60a0 100644
|
|
--- a/docs-xml/smbdotconf/filename/deletevetofiles.xml
|
|
+++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml
|
|
@@ -4,9 +4,12 @@
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This option is used when Samba is attempting to
|
|
- delete a directory that contains one or more vetoed directories
|
|
- (see the <smbconfoption name="veto files"/>
|
|
- option). If this option is set to <constant>no</constant> (the default) then if a vetoed
|
|
+ delete a directory that contains one or more vetoed files
|
|
+ or directories or non-visible files or directories (such
|
|
+ as dangling symlinks that point nowhere).
|
|
+ (see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>,
|
|
+ <smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/>
|
|
+ options). If this option is set to <constant>no</constant> (the default) then if a vetoed
|
|
directory contains any non-vetoed files or directories then the
|
|
directory delete will fail. This is usually what you want.</para>
|
|
|
|
--
|
|
2.30.2
|
|
|