The branch, master has been updated via 12e5c15a97b vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions via 9cac9154212 vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions via bffd8bd8c32 nfs4_acls: Make fstat_with_cap_dac_override static via 0f664f01620 nfs4_acls: Make stat_with_cap_dac_override static via 8831eeca1d7 nfs4_acls: Make fstatat_with_cap_dac_override static via 5fd73e93af9 vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function via 2c1195678d3 vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function via f9301871c61 vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function via f8a23d960e0 vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function via 6b1e066c4f3 vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function via 316c96ea83a vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c via 05f1ee1ae2d nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE from 9898ca65e93 docs-xml: Fix a usage for case sensitive parameter
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 12e5c15a97b45aa01fc3f4274f8ba9cf7d1ddbe9 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:44:02 2023 -0700 vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> Autobuild-User(master): Björn Jacke <bja...@samba.org> Autobuild-Date(master): Wed Nov 15 19:55:07 UTC 2023 on atb-devel-224 commit 9cac91542128888bde79391ca99291a76752f334 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:42:13 2023 -0700 vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit bffd8bd8c32fea738824b807eb9e5f97a609493e Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:39:57 2023 -0700 nfs4_acls: Make fstat_with_cap_dac_override static No other module is calling this function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 0f664f016207894e0a156b9e1f4db7677c264205 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:38:46 2023 -0700 nfs4_acls: Make stat_with_cap_dac_override static No other module is calling this function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 8831eeca1d70c909e15c86c8af6a7b1d7b0d3b5b Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:37:25 2023 -0700 nfs4_acls: Make fstatat_with_cap_dac_override static No other module is calling this function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 5fd73e93af9d015c9e65a6d4d16229476a541cfc Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:35:21 2023 -0700 vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow reuse. Move the vfs_gpfs_fstatat function and rename it to the more generic name nfs4_acl_fstat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 2c1195678d34516744ba4f8b1c5582f4046cba35 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:30:27 2023 -0700 vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function All stat CAP_DAC_OVERRIDE code is being moved to nf4_acls.c to allow reuse. Move the vfs_gpfs_lstat function and rename to the more generic name nfs4_acl_lstat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit f9301871c61b066c1ea464e6e9109bb2cde71598 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:27:58 2023 -0700 vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse. Move the vfs_gpfs_fstat function and rename to the more generic name nfs4_acl_fstat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit f8a23d960e02f783119c2aef38a6e293ee548df3 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:23:49 2023 -0700 vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse by other file system modules. Also rename the function to the more generic name nfs4_acl_stat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 6b1e066c4f354f297fbf99ad93acfaf44e3b89cb Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:20:38 2023 -0700 vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function All stat CAP_DAC_OVERRIDE code is moving to nfs4_acls.c to allow reuse by other filesystem modules. Also rename the function to the slightly more precise name stat_with_cap_dac_overide. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 316c96ea83a7b70d35879e4743193bb1e9cb566c Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:17:21 2023 -0700 vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow reuse by other filesystem modules. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> commit 05f1ee1ae2d8439af0ac9baf64ebba1a3374ea83 Author: Christof Schmitt <c...@samba.org> Date: Thu Nov 9 12:01:56 2023 -0700 nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE AT_EMTPY_PATH does not exist on AIX. Address this by implementing an override for fstat. Implement the new override function in nfs4_acls.c since all stat functions with DAC_CAP_OVERRIDE will be moved there to allow reuse by other filesystems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/modules/nfs4_acls.c | 149 ++++++++++++++++++++++++++++++++++++++++++ source3/modules/nfs4_acls.h | 16 +++++ source3/modules/vfs_aixacl2.c | 4 ++ source3/modules/vfs_gpfs.c | 147 ++--------------------------------------- source3/modules/vfs_zfsacl.c | 4 ++ 5 files changed, 177 insertions(+), 143 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 1e18ae3b1cf..44c4718d3e4 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -116,6 +116,155 @@ int smbacl4_get_vfs_params(struct connection_struct *conn, return 0; } +static int fstatat_with_cap_dac_override(int fd, + const char *pathname, + SMB_STRUCT_STAT *sbuf, + int flags, + bool fake_dir_create_times) +{ + int ret; + + set_effective_capability(DAC_OVERRIDE_CAPABILITY); + ret = sys_fstatat(fd, + pathname, + sbuf, + flags, + fake_dir_create_times); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + + return ret; +} + +static int stat_with_cap_dac_override(struct vfs_handle_struct *handle, + struct smb_filename *smb_fname, int flag) +{ + bool fake_dctime = lp_fake_directory_create_times(SNUM(handle->conn)); + int fd = -1; + NTSTATUS status; + struct smb_filename *dir_name = NULL; + struct smb_filename *rel_name = NULL; + int ret = -1; +#ifdef O_PATH + int open_flags = O_PATH; +#else + int open_flags = O_RDONLY; +#endif + + status = SMB_VFS_PARENT_PATHNAME(handle->conn, + talloc_tos(), + smb_fname, + &dir_name, + &rel_name); + if (!NT_STATUS_IS_OK(status)) { + errno = map_errno_from_nt_status(status); + return -1; + } + + fd = open(dir_name->base_name, open_flags, 0); + if (fd == -1) { + TALLOC_FREE(dir_name); + return -1; + } + + ret = fstatat_with_cap_dac_override(fd, + rel_name->base_name, + &smb_fname->st, + flag, + fake_dctime); + + TALLOC_FREE(dir_name); + close(fd); + + return ret; +} + +int nfs4_acl_stat(struct vfs_handle_struct *handle, + struct smb_filename *smb_fname) +{ + int ret; + + ret = SMB_VFS_NEXT_STAT(handle, smb_fname); + if (ret == -1 && errno == EACCES) { + DEBUG(10, ("Trying stat with capability for %s\n", + smb_fname->base_name)); + ret = stat_with_cap_dac_override(handle, smb_fname, 0); + } + return ret; +} + +static int fstat_with_cap_dac_override(int fd, SMB_STRUCT_STAT *sbuf, + bool fake_dir_create_times) +{ + int ret; + + set_effective_capability(DAC_OVERRIDE_CAPABILITY); + ret = sys_fstat(fd, sbuf, fake_dir_create_times); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + + return ret; +} + +int nfs4_acl_fstat(struct vfs_handle_struct *handle, + struct files_struct *fsp, + SMB_STRUCT_STAT *sbuf) +{ + int ret; + + ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); + if (ret == -1 && errno == EACCES) { + bool fake_dctime = + lp_fake_directory_create_times(SNUM(handle->conn)); + + DBG_DEBUG("fstat for %s failed with EACCES. Trying with " + "CAP_DAC_OVERRIDE.\n", fsp->fsp_name->base_name); + ret = fstat_with_cap_dac_override(fsp_get_pathref_fd(fsp), + sbuf, + fake_dctime); + } + + return ret; +} + +int nfs4_acl_lstat(struct vfs_handle_struct *handle, + struct smb_filename *smb_fname) +{ + int ret; + + ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname); + if (ret == -1 && errno == EACCES) { + DEBUG(10, ("Trying lstat with capability for %s\n", + smb_fname->base_name)); + ret = stat_with_cap_dac_override(handle, smb_fname, + AT_SYMLINK_NOFOLLOW); + } + return ret; +} + +int nfs4_acl_fstatat(struct vfs_handle_struct *handle, + const struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + SMB_STRUCT_STAT *sbuf, + int flags) +{ + int ret; + + ret = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_fname, sbuf, flags); + if (ret == -1 && errno == EACCES) { + bool fake_dctime = + lp_fake_directory_create_times(SNUM(handle->conn)); + + DBG_DEBUG("fstatat for %s failed with EACCES. Trying with " + "CAP_DAC_OVERRIDE.\n", dirfsp->fsp_name->base_name); + ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(dirfsp), + smb_fname->base_name, + sbuf, + flags, + fake_dctime); + } + + return ret; +} + /************************************************ Split the ACE flag mapping between nfs4 and Windows into two separate functions rather than trying to do diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h index c9fcf6d250b..011b9da5554 100644 --- a/source3/modules/nfs4_acls.h +++ b/source3/modules/nfs4_acls.h @@ -118,6 +118,22 @@ struct smbacl4_vfs_params { int smbacl4_get_vfs_params(struct connection_struct *conn, struct smbacl4_vfs_params *params); +int nfs4_acl_stat(struct vfs_handle_struct *handle, + struct smb_filename *smb_fname); + +int nfs4_acl_fstat(struct vfs_handle_struct *handle, + struct files_struct *fsp, + SMB_STRUCT_STAT *sbuf); + +int nfs4_acl_lstat(struct vfs_handle_struct *handle, + struct smb_filename *smb_fname); + +int nfs4_acl_fstatat(struct vfs_handle_struct *handle, + const struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + SMB_STRUCT_STAT *sbuf, + int flags); + struct SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx); /* prop's contents are copied */ diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 4a4759fcfdd..923b54fc9c2 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -460,6 +460,10 @@ int aixjfs2_sys_acl_delete_def_fd(vfs_handle_struct *handle, } static struct vfs_fn_pointers vfs_aixacl2_fns = { + .stat_fn = nfs4_acl_stat, + .fstat_fn = nfs4_acl_fstat, + .lstat_fn = nfs4_acl_lstat, + .fstatat_fn = nfs4_acl_fstatat, .fget_nt_acl_fn = aixjfs2_fget_nt_acl, .fset_nt_acl_fn = aixjfs2_fset_nt_acl, .sys_acl_get_fd_fn = aixjfs2_sys_acl_get_fd, diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 2f505a103b0..a8b4e38ff88 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1588,145 +1588,6 @@ static NTSTATUS vfs_gpfs_fset_dos_attributes(struct vfs_handle_struct *handle, return NT_STATUS_OK; } -static int fstatat_with_cap_dac_override(int fd, - const char *pathname, - SMB_STRUCT_STAT *sbuf, - int flags, - bool fake_dir_create_times) -{ - int ret; - - set_effective_capability(DAC_OVERRIDE_CAPABILITY); - ret = sys_fstatat(fd, - pathname, - sbuf, - flags, - fake_dir_create_times); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); - - return ret; -} - -static int stat_with_capability(struct vfs_handle_struct *handle, - struct smb_filename *smb_fname, int flag) -{ - bool fake_dctime = lp_fake_directory_create_times(SNUM(handle->conn)); - int fd = -1; - NTSTATUS status; - struct smb_filename *dir_name = NULL; - struct smb_filename *rel_name = NULL; - int ret = -1; -#ifdef O_PATH - int open_flags = O_PATH; -#else - int open_flags = O_RDONLY; -#endif - - status = SMB_VFS_PARENT_PATHNAME(handle->conn, - talloc_tos(), - smb_fname, - &dir_name, - &rel_name); - if (!NT_STATUS_IS_OK(status)) { - errno = map_errno_from_nt_status(status); - return -1; - } - - fd = open(dir_name->base_name, open_flags, 0); - if (fd == -1) { - TALLOC_FREE(dir_name); - return -1; - } - - ret = fstatat_with_cap_dac_override(fd, - rel_name->base_name, - &smb_fname->st, - flag, - fake_dctime); - - TALLOC_FREE(dir_name); - close(fd); - - return ret; -} - -static int vfs_gpfs_stat(struct vfs_handle_struct *handle, - struct smb_filename *smb_fname) -{ - int ret; - - ret = SMB_VFS_NEXT_STAT(handle, smb_fname); - if (ret == -1 && errno == EACCES) { - DEBUG(10, ("Trying stat with capability for %s\n", - smb_fname->base_name)); - ret = stat_with_capability(handle, smb_fname, 0); - } - return ret; -} - -static int vfs_gpfs_fstat(struct vfs_handle_struct *handle, - struct files_struct *fsp, - SMB_STRUCT_STAT *sbuf) -{ - int ret; - - ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); - if (ret == -1 && errno == EACCES) { - bool fake_dctime = - lp_fake_directory_create_times(SNUM(handle->conn)); - - DBG_DEBUG("fstat for %s failed with EACCES. Trying with " - "CAP_DAC_OVERRIDE.\n", fsp->fsp_name->base_name); - ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(fsp), - "", - sbuf, - AT_EMPTY_PATH, - fake_dctime); - } - - return ret; -} - -static int vfs_gpfs_lstat(struct vfs_handle_struct *handle, - struct smb_filename *smb_fname) -{ - int ret; - - ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname); - if (ret == -1 && errno == EACCES) { - DEBUG(10, ("Trying lstat with capability for %s\n", - smb_fname->base_name)); - ret = stat_with_capability(handle, smb_fname, - AT_SYMLINK_NOFOLLOW); - } - return ret; -} - -static int vfs_gpfs_fstatat(struct vfs_handle_struct *handle, - const struct files_struct *dirfsp, - const struct smb_filename *smb_fname, - SMB_STRUCT_STAT *sbuf, - int flags) -{ - int ret; - - ret = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_fname, sbuf, flags); - if (ret == -1 && errno == EACCES) { - bool fake_dctime = - lp_fake_directory_create_times(SNUM(handle->conn)); - - DBG_DEBUG("fstatat for %s failed with EACCES. Trying with " - "CAP_DAC_OVERRIDE.\n", dirfsp->fsp_name->base_name); - ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(dirfsp), - smb_fname->base_name, - sbuf, - flags, - fake_dctime); - } - - return ret; -} - static int timespec_to_gpfs_time( struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags) { @@ -2659,10 +2520,10 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { .sys_acl_delete_def_fd_fn = gpfsacl_sys_acl_delete_def_fd, .fchmod_fn = vfs_gpfs_fchmod, .close_fn = vfs_gpfs_close, - .stat_fn = vfs_gpfs_stat, - .fstat_fn = vfs_gpfs_fstat, - .lstat_fn = vfs_gpfs_lstat, - .fstatat_fn = vfs_gpfs_fstatat, + .stat_fn = nfs4_acl_stat, + .fstat_fn = nfs4_acl_fstat, + .lstat_fn = nfs4_acl_lstat, + .fstatat_fn = nfs4_acl_fstatat, .fntimes_fn = vfs_gpfs_fntimes, .aio_force_fn = vfs_gpfs_aio_force, .sendfile_fn = vfs_gpfs_sendfile, diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 61b9191700f..695abf1e0df 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -487,6 +487,10 @@ static int zfsacl_connect(struct vfs_handle_struct *handle, static struct vfs_fn_pointers zfsacl_fns = { .connect_fn = zfsacl_connect, + .stat_fn = nfs4_acl_stat, + .fstat_fn = nfs4_acl_fstat, + .lstat_fn = nfs4_acl_lstat, + .fstatat_fn = nfs4_acl_fstatat, .sys_acl_get_fd_fn = zfsacl_fail__sys_acl_get_fd, .sys_acl_blob_get_fd_fn = zfsacl_fail__sys_acl_blob_get_fd, .sys_acl_set_fd_fn = zfsacl_fail__sys_acl_set_fd, -- Samba Shared Repository