From e49369fa3b5244e7291649892e4c9a4dbef0c643 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 9 May 2015 08:31:24 +0200 Subject: [PATCH] vfs_fruit: add option veto_appledouble vfs_fruit adds a wildcard path "._*" to the vetolist in order to prevent client access to ._ AppleDouble files created internally by vfs_fruit for storing the Mac resource fork stream. Unfortunately there are legitimite use cases where an OS X client may want to use such filenames, extracting ZIP archives (where the archive contains ._ files) being one of them. A possible simple solution to this problem would be to not veto ._ files in the first place, even though that exposes internally created ._ files which the client shouldn't be able to access. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11305 Signed-off-by: Ralph Boehme --- docs-xml/manpages/vfs_fruit.8.xml | 17 ++++++++++++++ source3/modules/vfs_fruit.c | 47 ++++++++++++++++++++++----------------- 2 files changed, 44 insertions(+), 20 deletions(-) diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index 4e296a4..e407b54 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -197,6 +197,23 @@ + + fruit:veto_appledouble = yes | no + + Whether ._ AppleDouble files are vetoed which + prevents the client from seing and accessing internal + AppleDouble files created by vfs_fruit itself for the + purpose of storing a Mac resource fork. + Vetoing ._ files may break some applications, eg + extracting Mac ZIP archives from Mac clients failes, + because they contain ._ files. Setting this option to + false will fix this, but the abstraction leak of + exposing the internally created ._ files may have other + unknown side effects. + The default is yes. + + + diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 8f582c6..38d2002 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -126,6 +126,7 @@ struct fruit_config_data { bool use_aapl; bool readdir_attr_enabled; bool unix_info_enabled; + bool veto_appledouble; /* * Additional options, all enabled by default, @@ -1342,6 +1343,10 @@ static int init_fruit_config(vfs_handle_struct *handle) config->unix_info_enabled = true; } + if (lp_parm_bool(-1, FRUIT_PARAM_TYPE_NAME, "veto_appledouble", true)) { + config->veto_appledouble = true; + } + if (lp_parm_bool(SNUM(handle->conn), "readdir_attr", "aapl_rsize", true)) { config->readdir_attr_rsize = true; @@ -2014,26 +2019,6 @@ static int fruit_connect(vfs_handle_struct *handle, return rc; } - list = lp_veto_files(talloc_tos(), SNUM(handle->conn)); - - if (list) { - if (strstr(list, "/" ADOUBLE_NAME_PREFIX "*/") == NULL) { - newlist = talloc_asprintf( - list, - "%s/" ADOUBLE_NAME_PREFIX "*/", - list); - lp_do_parameter(SNUM(handle->conn), - "veto files", - newlist); - } - } else { - lp_do_parameter(SNUM(handle->conn), - "veto files", - "/" ADOUBLE_NAME_PREFIX "*/"); - } - - TALLOC_FREE(list); - rc = init_fruit_config(handle); if (rc != 0) { return rc; @@ -2042,6 +2027,28 @@ static int fruit_connect(vfs_handle_struct *handle, SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data, return -1); + if (config->veto_appledouble) { + list = lp_veto_files(talloc_tos(), SNUM(handle->conn)); + + if (list) { + if (strstr(list, "/" ADOUBLE_NAME_PREFIX "*/") == NULL) { + newlist = talloc_asprintf( + list, + "%s/" ADOUBLE_NAME_PREFIX "*/", + list); + lp_do_parameter(SNUM(handle->conn), + "veto files", + newlist); + } + } else { + lp_do_parameter(SNUM(handle->conn), + "veto files", + "/" ADOUBLE_NAME_PREFIX "*/"); + } + + TALLOC_FREE(list); + } + if (config->encoding == FRUIT_ENC_NATIVE) { lp_do_parameter( SNUM(handle->conn), -- 2.1.0