From 92ea3ccc76ee7b8b7215b035e404b736a1f3e2cd Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 9 May 2015 08:31:24 +0200 Subject: [PATCH] vfs_fruit: add option veto_appledouble MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit vfs_fruit adds a wildcard path "._*" to the vetolist in order to prevent client access to ._ AppleDouble files created internally by vfs_fruit for storing the Mac resource fork stream. Unfortunately there are legitimite use cases where an OS X client may want to use such filenames, extracting ZIP archives (where the archive contains ._ files) being one of them. A possible simple solution to this problem would be to not veto ._ files in the first place, even though that exposes internally created ._ files which the client shouldn't be able to access. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11305 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Jun 9 14:48:14 CEST 2015 on sn-devel-104 (cherry picked from commit b26a1449a0e6d01d5ddca89547df739732c8a230) --- docs-xml/manpages/vfs_fruit.8.xml | 17 ++++++++++++++ source3/modules/vfs_fruit.c | 48 +++++++++++++++++++++++---------------- 2 files changed, 45 insertions(+), 20 deletions(-) diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index 4e296a4..e407b54 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -197,6 +197,23 @@ + + fruit:veto_appledouble = yes | no + + Whether ._ AppleDouble files are vetoed which + prevents the client from seing and accessing internal + AppleDouble files created by vfs_fruit itself for the + purpose of storing a Mac resource fork. + Vetoing ._ files may break some applications, eg + extracting Mac ZIP archives from Mac clients failes, + because they contain ._ files. Setting this option to + false will fix this, but the abstraction leak of + exposing the internally created ._ files may have other + unknown side effects. + The default is yes. + + + diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index adf283b..8f0c4f8 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -125,6 +125,7 @@ struct fruit_config_data { bool use_aapl; bool readdir_attr_enabled; bool unix_info_enabled; + bool veto_appledouble; /* * Additional options, all enabled by default, @@ -1332,6 +1333,11 @@ static int init_fruit_config(vfs_handle_struct *handle) } config->encoding = (enum fruit_encoding)enumval; + if (lp_parm_bool(SNUM(handle->conn), + FRUIT_PARAM_TYPE_NAME, "veto_appledouble", true)) { + config->veto_appledouble = true; + } + if (lp_parm_bool(-1, FRUIT_PARAM_TYPE_NAME, "aapl", true)) { config->use_aapl = true; } @@ -2012,26 +2018,6 @@ static int fruit_connect(vfs_handle_struct *handle, return rc; } - list = lp_veto_files(talloc_tos(), SNUM(handle->conn)); - - if (list) { - if (strstr(list, "/" ADOUBLE_NAME_PREFIX "*/") == NULL) { - newlist = talloc_asprintf( - list, - "%s/" ADOUBLE_NAME_PREFIX "*/", - list); - lp_do_parameter(SNUM(handle->conn), - "veto files", - newlist); - } - } else { - lp_do_parameter(SNUM(handle->conn), - "veto files", - "/" ADOUBLE_NAME_PREFIX "*/"); - } - - TALLOC_FREE(list); - rc = init_fruit_config(handle); if (rc != 0) { return rc; @@ -2040,6 +2026,28 @@ static int fruit_connect(vfs_handle_struct *handle, SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data, return -1); + if (config->veto_appledouble) { + list = lp_veto_files(talloc_tos(), SNUM(handle->conn)); + + if (list) { + if (strstr(list, "/" ADOUBLE_NAME_PREFIX "*/") == NULL) { + newlist = talloc_asprintf( + list, + "%s/" ADOUBLE_NAME_PREFIX "*/", + list); + lp_do_parameter(SNUM(handle->conn), + "veto files", + newlist); + } + } else { + lp_do_parameter(SNUM(handle->conn), + "veto files", + "/" ADOUBLE_NAME_PREFIX "*/"); + } + + TALLOC_FREE(list); + } + if (config->encoding == FRUIT_ENC_NATIVE) { lp_do_parameter( SNUM(handle->conn), -- 2.1.0