From patchwork Wed Jul 26 21:03:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 7028
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RB5x55WZwz3wfV
	for <patchwork@web04.haj.ipfire.org>; Wed, 26 Jul 2023 21:04:09 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4RB5x24Cx1zdw;
	Wed, 26 Jul 2023 21:04:06 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RB5x23Dfhz2yRT;
	Wed, 26 Jul 2023 21:04:06 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RB5x05g3Vz2xBD
 for <development@lists.ipfire.org>; Wed, 26 Jul 2023 21:04:04 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4RB5x00mNtzGB;
 Wed, 26 Jul 2023 21:04:04 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1690405444;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=K1Zv2HO1c361ZqkIDZyP0/As6DcCjRAEvRZNHFeUVTQ=;
 b=K5NmBL96mh3fP198kw/e0TxEp4drCjTwJcUj0YvhlKXqE3ByImO6DhxP1geQCt7sJWNIFF
 B/H/tEI5BWWMV9Cw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1690405444;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=K1Zv2HO1c361ZqkIDZyP0/As6DcCjRAEvRZNHFeUVTQ=;
 b=hFfo198NJv7MG+OG35cpiQmWsuTvt++gV439ZXlQnDwJSMxr6/mrllB8a05KOx7MVaTUwe
 uu2GETvDeRvMnrKROyZ7QXqh3ub8vvwQNX3chp8kbDN2eDrt9mc8vt5uz60AWr5btnsy41
 +mTsdSsan1IKtyfs0o2gofROiPVla3MJE82gDtxCgdkFq1OPhB1NGXEsCPIpKAGUa45siK
 MaCXdODbu8oMlrxBxf8y3UiaZln6ViFi4kezsg+f5wo///nJhqwWKsE+54RH3h8nz1g+9Z
 AmcYmsb+h0KYmQvE2dl9TeSoB6QwtuxPEiQZJxrMdnNvBI71ktTAUko1weIRzg==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] samba.cgi: Fixes bug#13193 - disables smb1 unix extensions in
 smb.conf
Date: Wed, 26 Jul 2023 23:03:59 +0200
Message-ID: <20230726210359.24473-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Around three years ago the samba wui page was simplified and several parts were removed
   including the ability to set either wide links or unix extensions to be enabled
- When the above was done wide links = yes was defined in the samba.cgi code
- unix extenstions was not defined and therefore took the default value which was/is yes
- unix extensions is now called smb1 unix extensions and has the same default value of yes
- With both wide links = yes and smb1 unix extensions = yes means that when there is a
  wide symlink (one that goes outside the share directory tree) then wide links is disabled
  because smb1 unix extensions is enabled. This is even though the smb1 protocol is disabled
  by default.
- This patch sets smb1 unix extensions = no in the configuration.
- This has been tested in my vm testbed and confirmed that the error message is no longer
   shown and that any wide links are able to be accessed from the share mounted on a client

Fixes: Bug#13193
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 html/cgi-bin/samba.cgi | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index 0a3cd8c04..c60dca1d4 100644
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -810,6 +810,9 @@ vfs objects = catia fruit streams_xattr recycle
 # Enable following symlinks
 wide links = yes
 
+# Disable smb1 unix extensions
+smb1 unix extensions = no
+
 END
 
 # Server Role