The branch, v4-5-stable has been updated
via 3da28b8 VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release.
via 818dd9e WHATSNEW: Add release notes for Samba 4.5.7.
via 3bae150 CVE-2017-2619: s3: smbd: Use the new non_widelink_open()
function.
via 444d49b CVE-2017-2619: s3: smbd: Add the core functions to prevent
symlink open races.
via 7942f9d CVE-2017-2619: s3: smbd: Move special handling of symlink
errno's into a utility function.
via 52a1765 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We
insist on O_NOFOLLOW existing.
via e413f14 CVE-2017-2619: s3: smbd: Correctly fallback to
open_dir_safely if FDOPENDIR not supported on system.
via 2594b8b CVE-2017-2619: s3: smbd: Move the reference counting and
destructor setup to just before retuning success.
via 7e915c8 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on
error.
via 5e75a52 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
via 3e2bb3f CVE-2017-2619: s3: smbd: Create and use open_dir_safely().
Use from OpenDir().
via 039eb4a CVE-2017-2619: s3: smbd: Opendir_internal() early return if
SMB_VFS_OPENDIR failed.
via 92f17bb CVE-2017-2619: s3: smbd: Create wrapper function for
OpenDir in preparation for making robust.
via 0d6b518 CVE-2017-2619: s4/torture: add SMB2_FIND tests with
SMB2_CONTINUE_FLAG_REOPEN flag
via 5ef7df6 CVE-2017-2619: s3/smbd: re-open directory after
dptr_CloseDir()
via cac3807 VERSION: Bump version up to 4.5.7...
from 4a7d548 VERSION: Disable GIT_SNAPSHOTS for the 4.5.6 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable
- Log -----------------------------------------------------------------
commit 3da28b834460e8ac8a24853a03bc2317a7d16e53
Author: Karolin Seeger <ksee...@samba.org>
Date: Fri Mar 17 11:45:00 2017 +0100
VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release.
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <ksee...@samba.org>
commit 818dd9eeb5ad7bea631be0b083ae7f77c2146491
Author: Karolin Seeger <ksee...@samba.org>
Date: Fri Mar 17 11:42:44 2017 +0100
WHATSNEW: Add release notes for Samba 4.5.7.
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <ksee...@samba.org>
commit 3bae1508a10689a688b30676bc108f449bc68ddc
Author: Jeremy Allison <j...@samba.org>
Date: Thu Dec 15 13:06:31 2016 -0800
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 444d49b6b6d3112c482952dd27d65b39128351ad
Author: Jeremy Allison <j...@samba.org>
Date: Thu Dec 15 13:04:46 2016 -0800
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open
races.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 7942f9d0fe0a19ade1deb345d060197107835ebe
Author: Jeremy Allison <j...@samba.org>
Date: Thu Dec 15 12:56:08 2016 -0800
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a
utility function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 52a1765f9c2cac77c8d94ddb0e42dd66cba53678
Author: Jeremy Allison <j...@samba.org>
Date: Thu Dec 15 12:52:13 2016 -0800
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW
existing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit e413f14abdc26d2d214e06b5b4407b126a74ec4c
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 12:35:32 2016 -0800
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR
not supported on system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 2594b8bdccb4aecc69c1e01399b006c1abc6d7ad
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 12:32:07 2016 -0800
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup
to just before retuning success.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 7e915c87a76e4eedcd2abcf84bbdb806e3232976
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 12:15:59 2016 -0800
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 5e75a5289c1a6bbb72ce6d82a6cf12e8ad2b5b24
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 12:13:20 2016 -0800
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 3e2bb3fcacf7e1eea9edb26f8eb38dc447cb5f6b
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 16:35:00 2016 -0800
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from
OpenDir().
Hardens OpenDir against TOC/TOU races.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 039eb4a36aca5ead9ccb8a0a6199c2c21ab062df
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 16:25:26 2016 -0800
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR
failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 92f17bb087fb3a25cc1f4de821051f93a3a66481
Author: Jeremy Allison <j...@samba.org>
Date: Mon Dec 19 11:55:56 2016 -0800
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation
for making robust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 0d6b51869a4dcf372aa67eecbde2c1f99e45f0d4
Author: Ralph Boehme <s...@samba.org>
Date: Sun Mar 19 18:52:10 2017 +0100
CVE-2017-2619: s4/torture: add SMB2_FIND tests with
SMB2_CONTINUE_FLAG_REOPEN flag
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit 5ef7df63534c188164dbaff4f8f2c9b884e13dfe
Author: Ralph Boehme <s...@samba.org>
Date: Sun Mar 19 15:58:17 2017 +0100
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
commit cac3807d1ee75c9b579b4528714188e2e4e481f6
Author: Karolin Seeger <ksee...@samba.org>
Date: Thu Mar 9 10:19:50 2017 +0100
VERSION: Bump version up to 4.5.7...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <ksee...@samba.org>
(cherry picked from commit 520e1a58e1598f412698a38b7af2d6c2015ba056)
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 75 ++++++++-
source3/smbd/dir.c | 161 ++++++++++++++-----
source3/smbd/open.c | 310 +++++++++++++++++++++++++++++++++---
source3/smbd/smb2_query_directory.c | 17 ++
source4/torture/smb2/dir.c | 12 +-
6 files changed, 508 insertions(+), 69 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 21b22e9..25685f5 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cc26d56..591fbc6 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,75 @@
=============================
+ Release Notes for Samba 4.5.7
+ March 23, 2017
+ =============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-2619 (Symlink race allows access outside share definition)
+
+=======
+Details
+=======
+
+o CVE-2017-2619:
+ All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
+ a malicious client using a symlink race to allow access to areas of
+ the server file system not exported under the share definition.
+
+ Samba uses the realpath() system call to ensure when a client requests
+ access to a pathname that it is under the exported share path on the
+ server file system.
+
+ Clients that have write access to the exported part of the file system
+ via SMB1 unix extensions or NFS to create symlinks can race the server
+ by renaming a realpath() checked path and then creating a symlink. If
+ the client wins the race it can cause the server to access the new
+ symlink target after the exported share path check has been done. This
+ new symlink target can point to anywhere on the server file system.
+
+ This is a difficult race to win, but theoretically possible. Note that
+ the proof of concept code supplied wins the race reliably only when
+ the server is slowed down using the strace utility running on the
+ server. Exploitation of this bug has not been seen in the wild.
+
+
+Changes since 4.5.6:
+--------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
+ directory.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
+ directory.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.5.6
March 9, 2017
=============================
@@ -102,8 +173,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.5.5
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 3c6f000..1348d12 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1630,7 +1630,8 @@ static int smb_Dir_destructor(struct smb_Dir *dirp)
Open a directory.
********************************************************************/
-struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
+static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
+ connection_struct *conn,
const struct smb_filename *smb_dname,
const char *mask,
uint32_t attr)
@@ -1642,29 +1643,23 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx,
connection_struct *conn,
return NULL;
}
- dirp->conn = conn;
- dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+ dirp->dir = SMB_VFS_OPENDIR(conn, smb_dname, mask, attr);
- dirp->dir_smb_fname = cp_smb_filename(dirp, smb_dname);
- if (!dirp->dir_smb_fname) {
- errno = ENOMEM;
+ if (!dirp->dir) {
+ DEBUG(5,("OpenDir: Can't open %s. %s\n",
+ smb_dname->base_name,
+ strerror(errno) ));
goto fail;
}
+ dirp->conn = conn;
+ dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+
if (sconn && !sconn->using_smb2) {
sconn->searches.dirhandles_open++;
}
talloc_set_destructor(dirp, smb_Dir_destructor);
- dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_smb_fname, mask, attr);
-
- if (!dirp->dir) {
- DEBUG(5,("OpenDir: Can't open %s. %s\n",
- dirp->dir_smb_fname->base_name,
- strerror(errno) ));
- goto fail;
- }
-
return dirp;
fail:
@@ -1672,6 +1667,87 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx,
connection_struct *conn,
return NULL;
}
+/****************************************************************************
+ Open a directory handle by pathname, ensuring it's under the share path.
+****************************************************************************/
+
+static struct smb_Dir *open_dir_safely(TALLOC_CTX *ctx,
+ connection_struct *conn,
+ const struct smb_filename *smb_dname,
+ const char *wcard,
+ uint32_t attr)
+{
+ struct smb_Dir *dir_hnd = NULL;
+ struct smb_filename *smb_fname_cwd = NULL;
+ char *saved_dir = vfs_GetWd(ctx, conn);
+ NTSTATUS status;
+
+ if (saved_dir == NULL) {
+ return NULL;
+ }
+
+ if (vfs_ChDir(conn, smb_dname->base_name) == -1) {
+ goto out;
+ }
+
+ smb_fname_cwd = synthetic_smb_fname(talloc_tos(),
+ ".",
+ NULL,
+ NULL,
+ smb_dname->flags);
+ if (smb_fname_cwd == NULL) {
+ goto out;
+ }
+
+ /*
+ * Now the directory is pinned, use
+ * REALPATH to ensure we can access it.
+ */
+ status = check_name(conn, ".");
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ dir_hnd = OpenDir_internal(ctx,
+ conn,
+ smb_fname_cwd,
+ wcard,
+ attr);
+
+ if (dir_hnd == NULL) {
+ goto out;
+ }
+
+ /*
+ * OpenDir_internal only gets "." as the dir name.
+ * Store the real dir name here.
+ */
+
+ dir_hnd->dir_smb_fname = cp_smb_filename(dir_hnd, smb_dname);
+ if (!dir_hnd->dir_smb_fname) {
+ TALLOC_FREE(dir_hnd);
+ errno = ENOMEM;
+ }
+
+ out:
+
+ vfs_ChDir(conn, saved_dir);
+ TALLOC_FREE(saved_dir);
+ return dir_hnd;
+}
+
+struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
+ const struct smb_filename *smb_dname,
+ const char *mask,
+ uint32_t attr)
+{
+ return open_dir_safely(mem_ctx,
+ conn,
+ smb_dname,
+ mask,
+ attr);
+}
+
/*******************************************************************
Open a directory from an fsp.
********************************************************************/
@@ -1685,7 +1761,17 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx,
connection_struct *conn,
struct smbd_server_connection *sconn = conn->sconn;
if (!dirp) {
- return NULL;
+ goto fail;
+ }
+
+ if (!fsp->is_directory) {
+ errno = EBADF;
+ goto fail;
+ }
+
+ if (fsp->fh->fd == -1) {
+ errno = EBADF;
+ goto fail;
}
dirp->conn = conn;
@@ -1697,40 +1783,33 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx,
connection_struct *conn,
goto fail;
}
- if (sconn && !sconn->using_smb2) {
- sconn->searches.dirhandles_open++;
- }
- talloc_set_destructor(dirp, smb_Dir_destructor);
-
- if (fsp->is_directory && fsp->fh->fd != -1) {
- dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
- if (dirp->dir != NULL) {
- dirp->fsp = fsp;
- } else {
- DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s
returned "
- "NULL (%s)\n",
- dirp->dir_smb_fname->base_name,
- strerror(errno)));
- if (errno != ENOSYS) {
- return NULL;
- }
+ dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
+ if (dirp->dir != NULL) {
+ dirp->fsp = fsp;
+ } else {
+ DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned "
+ "NULL (%s)\n",
+ dirp->dir_smb_fname->base_name,
+ strerror(errno)));
+ if (errno != ENOSYS) {
+ goto fail;
}
}
if (dirp->dir == NULL) {
- /* FDOPENDIR didn't work. Use OPENDIR instead. */
- dirp->dir = SMB_VFS_OPENDIR(conn,
- dirp->dir_smb_fname,
+ /* FDOPENDIR is not supported. Use OPENDIR instead. */
+ TALLOC_FREE(dirp);
+ return open_dir_safely(mem_ctx,
+ conn,
+ fsp->fsp_name,
mask,
attr);
}
- if (!dirp->dir) {
- DEBUG(5,("OpenDir_fsp: Can't open %s. %s\n",
- dirp->dir_smb_fname->base_name,
- strerror(errno) ));
- goto fail;
+ if (sconn && !sconn->using_smb2) {
+ sconn->searches.dirhandles_open++;
}
+ talloc_set_destructor(dirp, smb_Dir_destructor);
return dirp;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index f0a68c9..006be91 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -355,6 +355,269 @@ static NTSTATUS check_base_file_access(struct
connection_struct *conn,
}
/****************************************************************************
+ Handle differing symlink errno's
+****************************************************************************/
+
+static int link_errno_convert(int err)
+{
+#if defined(ENOTSUP) && defined(OSF1)
+ /* handle special Tru64 errno */
+ if (err == ENOTSUP) {
+ err = ELOOP;
+ }
+#endif /* ENOTSUP */
+#ifdef EFTYPE
+ /* fix broken NetBSD errno */
+ if (err == EFTYPE) {
+ err = ELOOP;
+ }
+#endif /* EFTYPE */
+ /* fix broken FreeBSD errno */
+ if (err == EMLINK) {
+ err = ELOOP;
+ }
+ return err;
+}
+
+static int non_widelink_open(struct connection_struct *conn,
+ const char *conn_rootdir,
+ files_struct *fsp,
+ struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode,
+ unsigned int link_depth);
+
+/****************************************************************************
+ Follow a symlink in userspace.
+****************************************************************************/
+
+static int process_symlink_open(struct connection_struct *conn,
+ const char *conn_rootdir,
+ files_struct *fsp,
+ struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode,
+ unsigned int link_depth)
+{
+ int fd = -1;
+ char *link_target = NULL;
+ int link_len = -1;
+ char *oldwd = NULL;
+ size_t rootdir_len = 0;
+ char *resolved_name = NULL;
+ bool matched = false;
+ int saved_errno = 0;
+
+ /*
+ * Ensure we don't get stuck in a symlink loop.
+ */
+ link_depth++;
+ if (link_depth >= 20) {
+ errno = ELOOP;
+ goto out;
+ }
+
+ /* Allocate space for the link target. */
+ link_target = talloc_array(talloc_tos(), char, PATH_MAX);
+ if (link_target == NULL) {
+ errno = ENOMEM;
+ goto out;
+ }
+
+ /* Read the link target. */
+ link_len = SMB_VFS_READLINK(conn,
+ smb_fname->base_name,
+ link_target,
+ PATH_MAX - 1);
+ if (link_len == -1) {
+ goto out;
+ }
+
+ /* Ensure it's at least null terminated. */
+ link_target[link_len] = '\0';
+
+ /* Convert to an absolute path. */
+ resolved_name = SMB_VFS_REALPATH(conn, link_target);
+ if (resolved_name == NULL) {
+ goto out;
+ }
+
+ /*
+ * We know conn_rootdir starts with '/' and
+ * does not end in '/'. FIXME ! Should we
+ * smb_assert this ?
+ */
+ rootdir_len = strlen(conn_rootdir);
+
+ matched = (strncmp(conn_rootdir, resolved_name, rootdir_len) == 0);
+ if (!matched) {
+ errno = EACCES;
+ goto out;
+ }
+
+ /*
+ * Turn into a path relative to the share root.
+ */
+ if (resolved_name[rootdir_len] == '\0') {
+ /* Link to the root of the share. */
+ smb_fname->base_name = talloc_strdup(talloc_tos(), ".");
+ if (smb_fname->base_name == NULL) {
+ errno = ENOMEM;
+ goto out;
+ }
+ } else if (resolved_name[rootdir_len] == '/') {
+ smb_fname->base_name = &resolved_name[rootdir_len+1];
+ } else {
+ errno = EACCES;
+ goto out;
+ }
+
+ oldwd = vfs_GetWd(talloc_tos(), conn);
+ if (oldwd == NULL) {
+ goto out;
+ }
+
+ /* Ensure we operate from the root of the share. */
+ if (vfs_ChDir(conn, conn_rootdir) == -1) {
+ goto out;
+ }
+
+ /* And do it all again.. */
+ fd = non_widelink_open(conn,
+ conn_rootdir,
+ fsp,
+ smb_fname,
+ flags,
+ mode,
+ link_depth);
+ if (fd == -1) {
+ saved_errno = errno;
+ }
+
+ out:
+
+ SAFE_FREE(resolved_name);
+ TALLOC_FREE(link_target);
+ if (oldwd != NULL) {
+ int ret = vfs_ChDir(conn, oldwd);
+ if (ret == -1) {
+ smb_panic("unable to get back to old directory\n");
+ }
+ TALLOC_FREE(oldwd);
+ }
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
+ return fd;
+}
+
+/****************************************************************************
+ Non-widelink open.
+****************************************************************************/
+
+static int non_widelink_open(struct connection_struct *conn,
+ const char *conn_rootdir,
+ files_struct *fsp,
+ struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode,
+ unsigned int link_depth)
+{
+ NTSTATUS status;
+ int fd = -1;
--
Samba Shared Repository
