samba - Jun 2011 - RFE: Proposed fix for incompat introduced with 'unix extensions' and 'wide links'....in 3.4(?)..

After an upgrade, I got re-bitten by the 'unix-extensions and
wide links' incompat.  (They used to be compat but were made
incompat in the 3.4.x timeframe due to security concerns).

At the time it was suggested I write a patch complete
with documentation to describe the fix.   The below
seems to fit the bill.  I was wondering what people thought
about it's inclusion in future versions...

I'd call this a "proto-patch" since it is against my distro's
(opensuse)
source RPM for 3.5.7...   First the description, and then the patch.

I think it sufficiently describes the security concerns that were
presented at the time, as well. 

Sufficient?
Linda



client managed wide links (G)

          This options can allow clients to  manage the 'wide links'
          created on a server.  It enables this by permitting 'unix
          extensions' and 'wide links' to be true at the same time
in the
          same config.  Management is only enabled if 'unix extensions'
is
          also true, and 'wide links' only function when enabled on a
          per-share basis.

          This creates similar security issues as allowing the same userid
          to have a local account on the server. (where they could then
          create/manage wide links).  As a local user, they can create
          symlinks in any directory they have access to that can point to
          any inode (file, dir, dev, etc...) on the server.

          If your users have local accounts on the server, this option
          should not cause any decrease in security, as links created
          through 'unix extensions' by a client are subject to normal
file
          and share restrictions.  This does mean, though, if a user is in
          the 'Domain Admins' group on the server, they can likely
manage
          links on any writable share.

          Default: client managed wide links = no

---
patch:

--- source3/param/loadparm.c.orig	2011-02-27 09:42:19.000000000 -0800
+++ source3/param/loadparm.c	2011-06-09 16:53:19.192163402 -0700
@@ -334,6 +334,7 @@
	bool bHostMSDfs;
	bool bUseMmap;
	bool bHostnameLookups;
+	bool bClientManagedWidelinks;
	bool bUnixExtensions;
	bool bDisableNetbios;
	char * szDedicatedKeytabFile;
@@ -939,6 +940,15 @@
		.flags		= FLAG_ADVANCED
	},
	{
+		.label		= "client managed wide links",
+		.type		= P_BOOL,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.bClientManagedWidelinks,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED
+	},
+	{
		.label		= "unix charset",
		.type		= P_STRING,
		.p_class	= P_GLOBAL,
@@ -5085,6 +5095,7 @@
#else
	Globals.bUseMmap = True;
#endif
+	Globals.bClientManagedWidelinks = False;
	Globals.bUnixExtensions = True;
	Globals.bResetOnZeroVC = False;
	Globals.bCreateKrb5Conf = true;
@@ -5535,6 +5546,7 @@
FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap)
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
+FN_GLOBAL_BOOL(lp_client_managed_widelinks,
&Globals.bClientManagedWidelinks)
FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
@@ -9905,6 +9917,7 @@

void widelinks_warning(int snum)
{
+	if (lp_client_managed_widelinks()) return;
	if (lp_unix_extensions() && lp_widelinks_internal(snum)) {
		DEBUG(0,("Share '%s' has wide links and unix extensions enabled.
"
			"These parameters are incompatible. "
@@ -9915,10 +9928,9 @@

bool lp_widelinks(int snum)
{
-	/* wide links is always incompatible with unix extensions */
-	if (lp_unix_extensions()) {
-		return false;
-	}

-	return lp_widelinks_internal(snum);
+	if (lp_client_managed_widelinks()
+		|| !lp_unix_extensions()) return lp_widelinks_internal(snum);
+
+	return false;
}