The Samba-Bugzilla – Attachment 17507 Details for
Bug 15126
acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.15 backported from master
bug15126-v415.patch (text/plain), 81.40 KB, created by
Ralph Böhme
on 2022-09-04 17:37:57 UTC
(
hide
)
Description:
Patch for 4.15 backported from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2022-09-04 17:37:57 UTC
Size:
81.40 KB
patch
obsolete
>From 4070466a2d904604622370dda1bd2599b1b49e61 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 11 Feb 2022 09:37:35 +0100 >Subject: [PATCH 01/20] smbd: Introduce fsp_is_alternate_stream() > >To me this is more descriptive than "fsp->base_fsp != NULL". If this >turns out to be a performance problem, I would go and make this a >static inline in smbd/proto.h. > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(backported from commit 21b380ca133417df096e2b262a5da41faff186ea) >[slow@samba.org: only backport the function, skip all changed callers] >--- > source3/smbd/files.c | 5 +++++ > source3/smbd/proto.h | 1 + > 2 files changed, 6 insertions(+) > >diff --git a/source3/smbd/files.c b/source3/smbd/files.c >index 3f90c2e247ed..2930ceb18f6e 100644 >--- a/source3/smbd/files.c >+++ b/source3/smbd/files.c >@@ -1487,3 +1487,8 @@ void fsp_set_base_fsp(struct files_struct *fsp, struct files_struct *base_fsp) > fsp->base_fsp->stream_fsp = fsp; > } > } >+ >+bool fsp_is_alternate_stream(const struct files_struct *fsp) >+{ >+ return (fsp->base_fsp != NULL); >+} >diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h >index d937d3d9615a..9539a3c2d4cd 100644 >--- a/source3/smbd/proto.h >+++ b/source3/smbd/proto.h >@@ -438,6 +438,7 @@ NTSTATUS fsp_set_smb_fname(struct files_struct *fsp, > const struct smb_filename *smb_fname_in); > size_t fsp_fullbasepath(struct files_struct *fsp, char *buf, size_t buflen); > void fsp_set_base_fsp(struct files_struct *fsp, struct files_struct *base_fsp); >+bool fsp_is_alternate_stream(const struct files_struct *fsp); > > NTSTATUS create_internal_fsp(connection_struct *conn, > const struct smb_filename *smb_fname, >-- >2.37.2 > > >From 8b831c584be775c779c032fa74b16d773b41f06d Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 11 Feb 2022 09:45:30 +0100 >Subject: [PATCH 02/20] smbd: Introduce metadata_fsp() > >Centralize the pattern > >if (fsp->base_fsp != NULL) { > fsp = fsp->base_fsp; >} > >with a descriptive name. > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(backported from commit ac58b0b942cd73210100ee346816a0cf23900716) >[slow@samba.org: only backport the function, skip all updated callers] >--- > source3/smbd/files.c | 8 ++++++++ > source3/smbd/proto.h | 1 + > 2 files changed, 9 insertions(+) > >diff --git a/source3/smbd/files.c b/source3/smbd/files.c >index 2930ceb18f6e..3b3dfc1b8c85 100644 >--- a/source3/smbd/files.c >+++ b/source3/smbd/files.c >@@ -1492,3 +1492,11 @@ bool fsp_is_alternate_stream(const struct files_struct *fsp) > { > return (fsp->base_fsp != NULL); > } >+ >+struct files_struct *metadata_fsp(struct files_struct *fsp) >+{ >+ if (fsp_is_alternate_stream(fsp)) { >+ return fsp->base_fsp; >+ } >+ return fsp; >+} >diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h >index 9539a3c2d4cd..776ee6b29858 100644 >--- a/source3/smbd/proto.h >+++ b/source3/smbd/proto.h >@@ -439,6 +439,7 @@ NTSTATUS fsp_set_smb_fname(struct files_struct *fsp, > size_t fsp_fullbasepath(struct files_struct *fsp, char *buf, size_t buflen); > void fsp_set_base_fsp(struct files_struct *fsp, struct files_struct *base_fsp); > bool fsp_is_alternate_stream(const struct files_struct *fsp); >+struct files_struct *metadata_fsp(struct files_struct *fsp); > > NTSTATUS create_internal_fsp(connection_struct *conn, > const struct smb_filename *smb_fname, >-- >2.37.2 > > >From a2502d21a26e7703fcdcca99e8bc3c514a557f97 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 16:04:24 +0200 >Subject: [PATCH 03/20] smdb: use fsp_is_alternate_stream() in open_file() > >No change in behaviour. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 0d3995cec10c5fae8c8b6a1df312062e38437e6f) >--- > source3/smbd/open.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 3ab1b92e3fd6..fb333ea73fc7 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -1362,7 +1362,7 @@ static NTSTATUS open_file(files_struct *fsp, > #endif > > /* Don't create files with Microsoft wildcard characters. */ >- if (fsp->base_fsp) { >+ if (fsp_is_alternate_stream(fsp)) { > /* > * wildcard characters are allowed in stream names > * only test the basefilename >@@ -1378,7 +1378,7 @@ static NTSTATUS open_file(files_struct *fsp, > } > > /* Can we access this file ? */ >- if (!fsp->base_fsp) { >+ if (!fsp_is_alternate_stream(fsp)) { > /* Only do this check on non-stream open. */ > if (file_existed) { > status = smbd_check_access_rights_fsp( >-- >2.37.2 > > >From feb6d8f071efdbce607a1583147772e677d18239 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 12:43:01 +0200 >Subject: [PATCH 04/20] vfs_xattr_tdb: move close_xattr_db() > >This just makes the diff of the next commit smaller and easier to digest. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit b26dc252aaf3f4b960bdfdb6a3dfe612b89fcdd5) >--- > source3/modules/vfs_xattr_tdb.c | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > >diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c >index 42c570b54b3e..37d76e22ff63 100644 >--- a/source3/modules/vfs_xattr_tdb.c >+++ b/source3/modules/vfs_xattr_tdb.c >@@ -321,6 +321,16 @@ static int xattr_tdb_fremovexattr(struct vfs_handle_struct *handle, > return ret; > } > >+/* >+ * Destructor for the VFS private data >+ */ >+ >+static void close_xattr_db(void **data) >+{ >+ struct db_context **p_db = (struct db_context **)data; >+ TALLOC_FREE(*p_db); >+} >+ > /* > * Open the tdb file upon VFS_CONNECT > */ >@@ -568,16 +578,6 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle, > return ret; > } > >-/* >- * Destructor for the VFS private data >- */ >- >-static void close_xattr_db(void **data) >-{ >- struct db_context **p_db = (struct db_context **)data; >- TALLOC_FREE(*p_db); >-} >- > static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, > const char *user) > { >-- >2.37.2 > > >From 03a7b7de0de3d6a6d96ee9bdd145b6fa9c93ebee Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 11:59:54 +0200 >Subject: [PATCH 05/20] vfs_xattr_tdb: add a module config > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 451ad315a9bf32c627e1966ec30185542701c87e) >--- > source3/modules/vfs_xattr_tdb.c | 196 ++++++++++++++++---------------- > 1 file changed, 99 insertions(+), 97 deletions(-) > >diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c >index 37d76e22ff63..2492e6e5fdbc 100644 >--- a/source3/modules/vfs_xattr_tdb.c >+++ b/source3/modules/vfs_xattr_tdb.c >@@ -29,7 +29,12 @@ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_VFS > >-static bool xattr_tdb_init(int snum, TALLOC_CTX *mem_ctx, struct db_context **p_db); >+struct xattr_tdb_config { >+ struct db_context *db; >+}; >+ >+static bool xattr_tdb_init(struct vfs_handle_struct *handle, >+ struct xattr_tdb_config **_config); > > static int xattr_tdb_get_file_id(struct vfs_handle_struct *handle, > const char *path, struct file_id *id) >@@ -77,16 +82,20 @@ static struct tevent_req *xattr_tdb_getxattrat_send( > const char *xattr_name, > size_t alloc_hint) > { >+ struct xattr_tdb_config *config = NULL; > struct tevent_req *req = NULL; > struct xattr_tdb_getxattrat_state *state = NULL; > struct smb_filename *cwd = NULL; >- struct db_context *db = NULL; > struct file_id id; > int ret; > int error; > int cwd_ret; > DATA_BLOB xattr_blob; > >+ if (!xattr_tdb_init(handle, &config)) { >+ return NULL; >+ } >+ > req = tevent_req_create(mem_ctx, &state, > struct xattr_tdb_getxattrat_state); > if (req == NULL) { >@@ -94,11 +103,6 @@ static struct tevent_req *xattr_tdb_getxattrat_send( > } > state->xattr_size = -1; > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, state, &db)) { >- tevent_req_error(req, EIO); >- return tevent_req_post(req, ev); >- }); > > cwd = SMB_VFS_GETWD(dir_fsp->conn, state); > if (tevent_req_nomem(cwd, req)) { >@@ -122,7 +126,7 @@ static struct tevent_req *xattr_tdb_getxattrat_send( > return tevent_req_post(req, ev); > } > >- state->xattr_size = xattr_tdb_getattr(db, >+ state->xattr_size = xattr_tdb_getattr(config->db, > state, > &id, > xattr_name, >@@ -194,27 +198,27 @@ static ssize_t xattr_tdb_fgetxattr(struct vfs_handle_struct *handle, > struct files_struct *fsp, > const char *name, void *value, size_t size) > { >+ struct xattr_tdb_config *config = NULL; > SMB_STRUCT_STAT sbuf; > struct file_id id; >- struct db_context *db; > ssize_t xattr_size; > DATA_BLOB blob; >- TALLOC_CTX *frame = talloc_stackframe(); >+ TALLOC_CTX *frame = NULL; >+ >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); > > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { >- TALLOC_FREE(frame); > return -1; > } > >+ frame = talloc_stackframe(); >+ > id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &sbuf); > >- xattr_size = xattr_tdb_getattr(db, frame, &id, name, &blob); >+ xattr_size = xattr_tdb_getattr(config->db, frame, &id, name, &blob); > if (xattr_size < 0) { > errno = ENOATTR; > TALLOC_FREE(frame); >@@ -241,27 +245,22 @@ static int xattr_tdb_fsetxattr(struct vfs_handle_struct *handle, > const char *name, const void *value, > size_t size, int flags) > { >+ struct xattr_tdb_config *config = NULL; > SMB_STRUCT_STAT sbuf; > struct file_id id; >- struct db_context *db; > int ret; >- TALLOC_CTX *frame = talloc_stackframe(); > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } > > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { >- TALLOC_FREE(frame); > return -1; > } > > id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &sbuf); > >- ret = xattr_tdb_setattr(db, &id, name, value, size, flags); >- TALLOC_FREE(frame); >+ ret = xattr_tdb_setattr(config->db, &id, name, value, size, flags); > return ret; > > } >@@ -270,105 +269,120 @@ static ssize_t xattr_tdb_flistxattr(struct vfs_handle_struct *handle, > struct files_struct *fsp, char *list, > size_t size) > { >+ struct xattr_tdb_config *config = NULL; > SMB_STRUCT_STAT sbuf; > struct file_id id; >- struct db_context *db; >- int ret; >- TALLOC_CTX *frame = talloc_stackframe(); > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } > > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { >- TALLOC_FREE(frame); > return -1; > } > > id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &sbuf); > >- ret = xattr_tdb_listattr(db, &id, list, size); >- TALLOC_FREE(frame); >- return ret; >+ return xattr_tdb_listattr(config->db, &id, list, size); > } > > static int xattr_tdb_fremovexattr(struct vfs_handle_struct *handle, > struct files_struct *fsp, const char *name) > { >+ struct xattr_tdb_config *config = NULL; > SMB_STRUCT_STAT sbuf; > struct file_id id; >- struct db_context *db; >- int ret; >- TALLOC_CTX *frame = talloc_stackframe(); > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } > > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { >- TALLOC_FREE(frame); > return -1; > } > > id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &sbuf); > >- ret = xattr_tdb_removeattr(db, &id, name); >- TALLOC_FREE(frame); >- return ret; >+ return xattr_tdb_removeattr(config->db, &id, name); > } > > /* > * Destructor for the VFS private data > */ > >-static void close_xattr_db(void **data) >+static void config_destructor(void **data) > { >- struct db_context **p_db = (struct db_context **)data; >- TALLOC_FREE(*p_db); >+ struct xattr_tdb_config **config = (struct xattr_tdb_config **)data; >+ TALLOC_FREE((*config)->db); > } > > /* > * Open the tdb file upon VFS_CONNECT > */ > >-static bool xattr_tdb_init(int snum, TALLOC_CTX *mem_ctx, struct db_context **p_db) >+static bool xattr_tdb_init(struct vfs_handle_struct *handle, >+ struct xattr_tdb_config **_config) > { >- struct db_context *db; >+ struct xattr_tdb_config *config = NULL; > const char *dbname; > char *def_dbname; > >+ if (SMB_VFS_HANDLE_TEST_DATA(handle)) { >+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct xattr_tdb_config, >+ return false); >+ if (_config != NULL) { >+ *_config = config; >+ } >+ return true; >+ } >+ >+ config = talloc_zero(handle->conn, struct xattr_tdb_config); >+ if (config == NULL) { >+ errno = ENOMEM; >+ goto error; >+ } >+ > def_dbname = state_path(talloc_tos(), "xattr.tdb"); > if (def_dbname == NULL) { > errno = ENOSYS; >- return false; >+ goto error; > } > >- dbname = lp_parm_const_string(snum, "xattr_tdb", "file", def_dbname); >+ dbname = lp_parm_const_string(SNUM(handle->conn), >+ "xattr_tdb", >+ "file", >+ def_dbname); > > /* now we know dbname is not NULL */ > > become_root(); >- db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600, >- DBWRAP_LOCK_ORDER_2, DBWRAP_FLAG_NONE); >+ config->db = db_open(handle, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600, >+ DBWRAP_LOCK_ORDER_2, DBWRAP_FLAG_NONE); > unbecome_root(); > >- if (db == NULL) { >+ if (config->db == NULL) { > #if defined(ENOTSUP) > errno = ENOTSUP; > #else > errno = ENOSYS; > #endif > TALLOC_FREE(def_dbname); >- return false; >+ goto error; > } >- >- *p_db = db; > TALLOC_FREE(def_dbname); >+ >+ SMB_VFS_HANDLE_SET_DATA(handle, config, config_destructor, >+ struct xattr_tdb_config, return false); >+ >+ if (_config != NULL) { >+ *_config = config; >+ } > return true; >+ >+error: >+ DBG_WARNING("Failed to initialize config: %s\n", strerror(errno)); >+ lp_do_parameter(SNUM(handle->conn), "ea support", "False"); >+ return false; > } > > static int xattr_tdb_openat(struct vfs_handle_struct *handle, >@@ -378,12 +392,15 @@ static int xattr_tdb_openat(struct vfs_handle_struct *handle, > int flags, > mode_t mode) > { >- struct db_context *db = NULL; >- TALLOC_CTX *frame = NULL; >+ struct xattr_tdb_config *config = NULL; > SMB_STRUCT_STAT sbuf; > int fd; > int ret; > >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } >+ > fd = SMB_VFS_NEXT_OPENAT(handle, > dirfsp, > smb_fname, >@@ -417,17 +434,8 @@ static int xattr_tdb_openat(struct vfs_handle_struct *handle, > > fsp->file_id = SMB_VFS_FILE_ID_CREATE(fsp->conn, &sbuf); > >- frame = talloc_stackframe(); >- >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); >- >- xattr_tdb_remove_all_attrs(db, &fsp->file_id); >+ xattr_tdb_remove_all_attrs(config->db, &fsp->file_id); > >- TALLOC_FREE(frame); > return fd; > } > >@@ -436,12 +444,16 @@ static int xattr_tdb_mkdirat(vfs_handle_struct *handle, > const struct smb_filename *smb_fname, > mode_t mode) > { >- struct db_context *db = NULL; >+ struct xattr_tdb_config *config = NULL; > TALLOC_CTX *frame = NULL; > struct file_id fileid; > int ret; > struct smb_filename *full_fname = NULL; > >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } >+ > ret = SMB_VFS_NEXT_MKDIRAT(handle, > dirfsp, > smb_fname, >@@ -475,13 +487,7 @@ static int xattr_tdb_mkdirat(vfs_handle_struct *handle, > > fileid = SMB_VFS_FILE_ID_CREATE(handle->conn, &full_fname->st); > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); >- >- xattr_tdb_remove_all_attrs(db, &fileid); >+ xattr_tdb_remove_all_attrs(config->db, &fileid); > TALLOC_FREE(frame); > return 0; > } >@@ -494,19 +500,19 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle, > const struct smb_filename *smb_fname, > int flags) > { >+ struct xattr_tdb_config *config = NULL; > struct smb_filename *smb_fname_tmp = NULL; > struct smb_filename *full_fname = NULL; > struct file_id id; >- struct db_context *db; > int ret = -1; > bool remove_record = false; >- TALLOC_CTX *frame = talloc_stackframe(); >+ TALLOC_CTX *frame = NULL; >+ >+ if (!xattr_tdb_init(handle, &config)) { >+ return -1; >+ } > >- SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, >- if (!xattr_tdb_init(-1, frame, &db)) >- { >- TALLOC_FREE(frame); return -1; >- }); >+ frame = talloc_stackframe(); > > smb_fname_tmp = cp_smb_filename(frame, smb_fname); > if (smb_fname_tmp == NULL) { >@@ -571,7 +577,7 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle, > > id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &smb_fname_tmp->st); > >- xattr_tdb_remove_all_attrs(db, &id); >+ xattr_tdb_remove_all_attrs(config->db, &id); > > out: > TALLOC_FREE(frame); >@@ -583,7 +589,6 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, > { > char *sname = NULL; > int res, snum; >- struct db_context *db; > > res = SMB_VFS_NEXT_CONNECT(handle, service, user); > if (res < 0) { >@@ -598,7 +603,7 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, > return 0; > } > >- if (!xattr_tdb_init(snum, NULL, &db)) { >+ if (!xattr_tdb_init(handle, NULL)) { > DEBUG(5, ("Could not init xattr tdb\n")); > lp_do_parameter(snum, "ea support", "False"); > return 0; >@@ -606,9 +611,6 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service, > > lp_do_parameter(snum, "ea support", "True"); > >- SMB_VFS_HANDLE_SET_DATA(handle, db, close_xattr_db, >- struct db_context, return -1); >- > return 0; > } > >-- >2.37.2 > > >From 0201ce36220621a2fb24d54a9640d704ea581703 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 12:47:21 +0200 >Subject: [PATCH 06/20] vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option > >Allows passing on "user." xattr to the backend. This can be useful for testing >specific aspects of operation on streams when "streams_xattr" is configured as >stream filesystem backend. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 92e0045d7ca7c0b94efd0244ba0e426cad0a05b6) >--- > source3/modules/vfs_xattr_tdb.c | 85 ++++++++++++++++++++++++++++++++- > 1 file changed, 84 insertions(+), 1 deletion(-) > >diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c >index 2492e6e5fdbc..2b698f048e43 100644 >--- a/source3/modules/vfs_xattr_tdb.c >+++ b/source3/modules/vfs_xattr_tdb.c >@@ -31,11 +31,20 @@ > > struct xattr_tdb_config { > struct db_context *db; >+ bool ignore_user_xattr; > }; > > static bool xattr_tdb_init(struct vfs_handle_struct *handle, > struct xattr_tdb_config **_config); > >+static bool is_user_xattr(const char *xattr_name) >+{ >+ int match; >+ >+ match = strncmp(xattr_name, "user.", strlen("user.")); >+ return (match == 0); >+} >+ > static int xattr_tdb_get_file_id(struct vfs_handle_struct *handle, > const char *path, struct file_id *id) > { >@@ -73,6 +82,8 @@ struct xattr_tdb_getxattrat_state { > uint8_t *xattr_value; > }; > >+static void xattr_tdb_getxattrat_done(struct tevent_req *subreq); >+ > static struct tevent_req *xattr_tdb_getxattrat_send( > TALLOC_CTX *mem_ctx, > struct tevent_context *ev, >@@ -84,6 +95,7 @@ static struct tevent_req *xattr_tdb_getxattrat_send( > { > struct xattr_tdb_config *config = NULL; > struct tevent_req *req = NULL; >+ struct tevent_req *subreq = NULL; > struct xattr_tdb_getxattrat_state *state = NULL; > struct smb_filename *cwd = NULL; > struct file_id id; >@@ -103,6 +115,20 @@ static struct tevent_req *xattr_tdb_getxattrat_send( > } > state->xattr_size = -1; > >+ if (config->ignore_user_xattr && is_user_xattr(xattr_name)) { >+ subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state, >+ ev, >+ handle, >+ dir_fsp, >+ smb_fname, >+ xattr_name, >+ alloc_hint); >+ if (tevent_req_nomem(subreq, req)) { >+ return tevent_req_post(req, ev); >+ } >+ tevent_req_set_callback(subreq, xattr_tdb_getxattrat_done, req); >+ return req; >+ } > > cwd = SMB_VFS_GETWD(dir_fsp->conn, state); > if (tevent_req_nomem(cwd, req)) { >@@ -170,6 +196,27 @@ static struct tevent_req *xattr_tdb_getxattrat_send( > return tevent_req_post(req, ev); > } > >+static void xattr_tdb_getxattrat_done(struct tevent_req *subreq) >+{ >+ struct tevent_req *req = tevent_req_callback_data( >+ subreq, struct tevent_req); >+ struct xattr_tdb_getxattrat_state *state = tevent_req_data( >+ req, struct xattr_tdb_getxattrat_state); >+ >+ state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq, >+ &state->vfs_aio_state, >+ state, >+ &state->xattr_value); >+ TALLOC_FREE(subreq); >+ if (state->xattr_size == -1) { >+ tevent_req_error(req, state->vfs_aio_state.error); >+ return; >+ } >+ >+ tevent_req_done(req); >+} >+ >+ > static ssize_t xattr_tdb_getxattrat_recv(struct tevent_req *req, > struct vfs_aio_state *aio_state, > TALLOC_CTX *mem_ctx, >@@ -209,6 +256,10 @@ static ssize_t xattr_tdb_fgetxattr(struct vfs_handle_struct *handle, > return -1; > } > >+ if (config->ignore_user_xattr && is_user_xattr(name)) { >+ return SMB_VFS_NEXT_FGETXATTR( >+ handle, fsp, name, value, size); >+ } > > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { > return -1; >@@ -254,6 +305,11 @@ static int xattr_tdb_fsetxattr(struct vfs_handle_struct *handle, > return -1; > } > >+ if (config->ignore_user_xattr && is_user_xattr(name)) { >+ return SMB_VFS_NEXT_FSETXATTR( >+ handle, fsp, name, value, size, flags); >+ } >+ > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { > return -1; > } >@@ -272,6 +328,8 @@ static ssize_t xattr_tdb_flistxattr(struct vfs_handle_struct *handle, > struct xattr_tdb_config *config = NULL; > SMB_STRUCT_STAT sbuf; > struct file_id id; >+ ssize_t backend_size; >+ ssize_t ret; > > if (!xattr_tdb_init(handle, &config)) { > return -1; >@@ -283,7 +341,25 @@ static ssize_t xattr_tdb_flistxattr(struct vfs_handle_struct *handle, > > id = SMB_VFS_NEXT_FILE_ID_CREATE(handle, &sbuf); > >- return xattr_tdb_listattr(config->db, &id, list, size); >+ ret = xattr_tdb_listattr(config->db, &id, list, size); >+ if (ret == -1) { >+ return -1; >+ } >+ if (ret == size) { >+ return ret; >+ } >+ if (!config->ignore_user_xattr) { >+ return ret; >+ } >+ SMB_ASSERT(ret < size); >+ >+ backend_size = SMB_VFS_NEXT_FLISTXATTR( >+ handle, fsp, list + ret, size - ret); >+ if (backend_size == -1) { >+ return -1; >+ } >+ >+ return ret + backend_size; > } > > static int xattr_tdb_fremovexattr(struct vfs_handle_struct *handle, >@@ -297,6 +373,10 @@ static int xattr_tdb_fremovexattr(struct vfs_handle_struct *handle, > return -1; > } > >+ if (config->ignore_user_xattr && is_user_xattr(name)) { >+ return SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name); >+ } >+ > if (SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf) == -1) { > return -1; > } >@@ -371,6 +451,9 @@ static bool xattr_tdb_init(struct vfs_handle_struct *handle, > } > TALLOC_FREE(def_dbname); > >+ config->ignore_user_xattr = lp_parm_bool( >+ SNUM(handle->conn), "xattr_tdb", "ignore_user_xattr", false); >+ > SMB_VFS_HANDLE_SET_DATA(handle, config, config_destructor, > struct xattr_tdb_config, return false); > >-- >2.37.2 > > >From 2cba3cc600eee6e736ea904f22dda41e89cadda7 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 13:37:32 +0200 >Subject: [PATCH 07/20] CI: add a test trying to delete a stream on a pathref > ("stat open") handle > >When using vfs_streams_xattr, for a pathref handle of a stream the system fd >will be a fake fd created by pipe() in vfs_fake_fd(). > >For the following callchain we wrongly pass a stream fsp to >SMB_VFS_FGET_NT_ACL(): > >SMB_VFS_CREATE_FILE(..., "file:stream", ...) >=> open_file(): > if (open_fd): > -> taking the else branch: > -> smbd_check_access_rights_fsp(stream_fsp) > -> SMB_VFS_FGET_NT_ACL(stream_fsp) > >This is obviously wrong and can lead to strange permission errors when using >vfs_acl_xattr: > >in vfs_acl_xattr we will try to read the stored ACL by calling >fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the >vfs_acl_xattr code ignores the specific error and handles this as if there was >no ACL stored and subsequently runs the code to synthesize a default ACL >according to the setting of "acl:default acl style". > >As the correct access check for streams has already been carried out by calling >check_base_file_access() from create_file_unixpath(), the above problem is not >a security issue: it can only lead to "decreased" permissions resulting in >unexpected ACCESS_DENIED errors. > >The fix is obviously going to be calling >smbd_check_access_rights_fsp(stream_fsp->base_fsp). > >This test verifies that deleting a file works when the stored NT ACL grants >DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback >code) do not. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 23bc760ec5d61208c2d8778991e3d7e202eab352) >--- > .../knownfail.d/samba3.blackbox.delete_stream | 1 + > selftest/target/Samba3.pm | 7 + > source3/script/tests/test_delete_stream.sh | 123 ++++++++++++++++++ > source3/selftest/tests.py | 1 + > 4 files changed, 132 insertions(+) > create mode 100644 selftest/knownfail.d/samba3.blackbox.delete_stream > create mode 100755 source3/script/tests/test_delete_stream.sh > >diff --git a/selftest/knownfail.d/samba3.blackbox.delete_stream b/selftest/knownfail.d/samba3.blackbox.delete_stream >new file mode 100644 >index 000000000000..22c996aa63b4 >--- /dev/null >+++ b/selftest/knownfail.d/samba3.blackbox.delete_stream >@@ -0,0 +1 @@ >+^samba3.blackbox.delete_stream.delete stream\(fileserver\) >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index 43bce06c6d99..fdb550a8f66c 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -3214,6 +3214,13 @@ sub provision($$) > copy = tmp > vfs objects = streams_xattr xattr_tdb > >+[acl_streams_xattr] >+ copy = tmp >+ vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb >+ acl_xattr:ignore system acls = yes >+ acl_xattr:security_acl_name = user.acl >+ xattr_tdb:ignore_user_xattr = yes >+ > [compound_find] > copy = tmp > smbd:find async delay usec = 10000 >diff --git a/source3/script/tests/test_delete_stream.sh b/source3/script/tests/test_delete_stream.sh >new file mode 100755 >index 000000000000..43d591ecfdff >--- /dev/null >+++ b/source3/script/tests/test_delete_stream.sh >@@ -0,0 +1,123 @@ >+#!/bin/sh >+# >+# this verifies that deleting a stream uses the correct ACL >+# when using vfs_acl_xattr. >+# >+ >+if [ $# -lt 9 ]; then >+ echo "Usage: $0 SERVER SERVER_IP USERNAME PASSWORD PREFIX SMBCLIENT SMBCACLS NET SHARE" >+ exit 1 >+fi >+ >+SERVER="$1" >+SERVER_IP="$2" >+USERNAME="$3" >+PASSWORD="$4" >+PREFIX="$5" >+SMBCLIENT="$6" >+SMBCACLS="$7" >+NET="$8" >+SHARE="$9" >+ >+SMBCLIENT="$VALGRIND ${SMBCLIENT}" >+SMBCACLS="$VALGRIND ${SMBCACLS}" >+NET="$VALGRIND ${NET}" >+ >+incdir=$(dirname $0)/../../../testprogs/blackbox >+. $incdir/subunit.sh >+ >+ >+setup_testfile() >+{ >+ touch $PREFIX/file >+ echo stream > $PREFIX/stream >+ >+ $SMBCLIENT //$SERVER/$SHARE -U $USERNAME%$PASSWORD -c "mkdir dir" || return 1 >+ $SMBCLIENT //$SERVER/$SHARE -U $USERNAME%$PASSWORD -c "lcd $PREFIX; put file dir/file" || return 1 >+ $SMBCLIENT //$SERVER/$SHARE -U $USERNAME%$PASSWORD -c "lcd $PREFIX; put stream dir/file:stream" || return 1 >+ >+ rm $PREFIX/file >+ rm $PREFIX/stream >+ >+ # >+ # Add full control ACE to the file and an ACL without "DELETE" on the >+ # parent directory >+ # >+ >+ $SMBCACLS //$SERVER/$SHARE -U $USERNAME%$PASSWORD -S "ACL:Everyone:ALLOWED/0x0/0x1bf" dir || return 1 >+ $SMBCACLS //$SERVER/$SHARE -U $USERNAME%$PASSWORD -a "ACL:Everyone:ALLOWED/0x0/0x101ff" dir/file || return 1 >+} >+ >+remove_testfile() >+{ >+ $SMBCACLS //$SERVER/$SHARE -U $USERNAME%$PASSWORD -S "ACL:Everyone:ALLOWED/0x0/0x101ff" dir/file || return 1 >+ $SMBCACLS //$SERVER/$SHARE -U $USERNAME%$PASSWORD -S "ACL:Everyone:ALLOWED/0x0/0x101ff" dir || return 1 >+ $SMBCLIENT //$SERVER/$SHARE -U $USERNAME%$PASSWORD -c "rm dir/file" || return 1 >+ $SMBCLIENT //$SERVER/$SHARE -U $USERNAME%$PASSWORD -c "rmdir dir" || return 1 >+} >+ >+set_win_owner() >+{ >+ local owner=$1 >+ >+ $SMBCACLS //$SERVER/$SHARE dir/file -U $USERNAME%$PASSWORD -C "$owner" || return 1 >+} >+ >+delete_stream() >+{ >+ # >+ # Setup a file with a stream where we're not the owner and >+ # have delete rights. Bug 15126 would trigger a fallback to >+ # "acl_xattr:default acl style" because fetching the stored >+ # ACL would fail. The stored ACL allows deleting the stream >+ # but the synthesized default ACL does not, so the deletion >+ # of the stream should work, but it fails if we have the bug. >+ # >+ >+ # Now try deleting the stream >+ out=$($SMBCLIENT //$SERVER/$SHARE -U $USERNAME%$PASSWORD -c "wdel 0x20 dir/file:stream") || return 1 >+ >+ # >+ # Bail out in case we get any sort of NT_STATUS_* error, should be >+ # NT_STATUS_ACCESS_DENIED, but let's not slip through any other error. >+ # >+ echo "$out" | grep NT_STATUS_ && return 1 >+ >+ return 0 >+} >+ >+win_owner_is() >+{ >+ local expected_owner=$1 >+ local actual_owner >+ >+ $SMBCACLS //$SERVER/$SHARE dir/file -U $USERNAME%$PASSWORD >+ actual_owner=$($SMBCACLS //$SERVER/$SHARE dir/file -U $USERNAME%$PASSWORD | sed -rn 's/^OWNER:(.*)/\1/p') >+ echo "actual_owner = $actual_owner" >+ if ! test "x$actual_owner" = "x$expected_owner"; then >+ echo "Actual owner of dir/file is $actual_owner', expected $expected_owner" >+ return 1 >+ fi >+ return 0 >+} >+ >+# Create a testfile >+testit "create testfile" setup_testfile $SHARE || exit 1 >+ >+# Grant SeRestorePrivilege to the user so we can change the owner >+testit "grant SeRestorePrivilege" $NET rpc rights grant $USERNAME SeRestorePrivilege -U $USERNAME%$PASSWORD -I $SERVER_IP || exit 1 >+ >+# We have SeRestorePrivilege, so both give and take ownership must succeed >+testit "give owner with SeRestorePrivilege" set_win_owner "$SERVER\user1" || exit 1 >+testit "verify owner" win_owner_is "$SERVER/user1" || exit 1 >+ >+# Now try to remove the stream on the testfile >+testit "delete stream" delete_stream $SHARE afile || exit 1 >+ >+# Remove testfile >+testit "remove testfile" remove_testfile $SHARE || exit 1 >+ >+# Revoke SeRestorePrivilege, give ownership must fail now with NT_STATUS_INVALID_OWNER >+testit "revoke SeRestorePrivilege" $NET rpc rights revoke $USERNAME SeRestorePrivilege -U $USERNAME%$PASSWORD -I $SERVER_IP || exit 1 >+ >+exit 0 >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index c53b2815eba2..05690b75c843 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -554,6 +554,7 @@ plantestsuite("samba3.blackbox.smbclient_s3.SMB3.crypt", env, [os.path.join(samb > plantestsuite("samba3.blackbox.large_acl.NT1", env + "_smb1_done", [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls, '-m', 'NT1']) > plantestsuite("samba3.blackbox.large_acl.SMB3", env, [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls, '-m', 'SMB3']) > plantestsuite("samba3.blackbox.give_owner", env, [os.path.join(samba3srcdir, "script/tests/test_give_owner.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, net, 'tmp']) >+ plantestsuite("samba3.blackbox.delete_stream", env, [os.path.join(samba3srcdir, "script/tests/test_delete_stream.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls, net, 'acl_streams_xattr']) > plantestsuite("samba3.blackbox.homes", env, [os.path.join(samba3srcdir, "script/tests/test_homes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', '$PREFIX', smbclient3, configuration]) > plantestsuite("samba3.blackbox.force_group_change", env, > [os.path.join(samba3srcdir, "script/tests/test_force_group_change.sh"), >-- >2.37.2 > > >From 220311fdf1f2bfa45a6eead89542f90af2233a07 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 29 Jul 2022 14:49:56 +0200 >Subject: [PATCH 08/20] smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(backported from commit c949e4b2a42423ac3851e86e489fd0c5d46d7f1f) >[slow@samba.org: context mismatch due to smbd_check_access_rights_fname() call in master] >--- > selftest/knownfail.d/samba3.blackbox.delete_stream | 1 - > source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 2 +- > source3/smbd/dir.c | 2 +- > source3/smbd/file_access.c | 2 +- > source3/smbd/open.c | 4 ++-- > source3/smbd/pysmbd.c | 2 +- > source3/torture/cmd_vfs.c | 2 +- > 7 files changed, 7 insertions(+), 8 deletions(-) > delete mode 100644 selftest/knownfail.d/samba3.blackbox.delete_stream > >diff --git a/selftest/knownfail.d/samba3.blackbox.delete_stream b/selftest/knownfail.d/samba3.blackbox.delete_stream >deleted file mode 100644 >index 22c996aa63b4..000000000000 >--- a/selftest/knownfail.d/samba3.blackbox.delete_stream >+++ /dev/null >@@ -1 +0,0 @@ >-^samba3.blackbox.delete_stream.delete stream\(fileserver\) >diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c >index fc27a459634b..2608e92db4bc 100644 >--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c >+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c >@@ -2463,7 +2463,7 @@ WERROR _srvsvc_NetGetFileSecurity(struct pipes_struct *p, > goto error_exit; > } > >- nt_status = SMB_VFS_FGET_NT_ACL(fsp, >+ nt_status = SMB_VFS_FGET_NT_ACL(metadata_fsp(fsp), > (SECINFO_OWNER > |SECINFO_GROUP > |SECINFO_DACL), sd_buf, &sd_buf->sd); >diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c >index 77fb3df6a735..298b1e49e863 100644 >--- a/source3/smbd/dir.c >+++ b/source3/smbd/dir.c >@@ -1244,7 +1244,7 @@ static bool user_can_read_fsp(struct files_struct *fsp) > return false; > } > >- status = SMB_VFS_FGET_NT_ACL(fsp, >+ status = SMB_VFS_FGET_NT_ACL(metadata_fsp(fsp), > (SECINFO_OWNER | > SECINFO_GROUP | > SECINFO_DACL), >diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c >index 9193c6503160..598848fb4f74 100644 >--- a/source3/smbd/file_access.c >+++ b/source3/smbd/file_access.c >@@ -158,7 +158,7 @@ bool directory_has_default_acl_fsp(struct files_struct *fsp) > unsigned int i; > NTSTATUS status; > >- status = SMB_VFS_FGET_NT_ACL(fsp, >+ status = SMB_VFS_FGET_NT_ACL(metadata_fsp(fsp), > SECINFO_DACL, > talloc_tos(), > &secdesc); >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index fb333ea73fc7..f9b4a07f5179 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -277,7 +277,7 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp, > return NT_STATUS_OK; > } > >- status = SMB_VFS_FGET_NT_ACL(fsp, >+ status = SMB_VFS_FGET_NT_ACL(metadata_fsp(fsp), > (SECINFO_OWNER | > SECINFO_GROUP | > SECINFO_DACL), >@@ -3207,7 +3207,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access_fsp( > return NT_STATUS_OK; > } > >- status = SMB_VFS_FGET_NT_ACL(fsp, >+ status = SMB_VFS_FGET_NT_ACL(metadata_fsp(fsp), > (SECINFO_OWNER | > SECINFO_GROUP | > SECINFO_DACL), >diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c >index c5ffea4104f8..2cf081bd1f50 100644 >--- a/source3/smbd/pysmbd.c >+++ b/source3/smbd/pysmbd.c >@@ -323,7 +323,7 @@ static NTSTATUS get_nt_acl_conn(TALLOC_CTX *mem_ctx, > return status; > } > >- status = SMB_VFS_FGET_NT_ACL(smb_fname->fsp, >+ status = SMB_VFS_FGET_NT_ACL(metadata_fsp(smb_fname->fsp), > security_info_wanted, > mem_ctx, > sd); >diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c >index 43a34d98c5ec..694564118404 100644 >--- a/source3/torture/cmd_vfs.c >+++ b/source3/torture/cmd_vfs.c >@@ -1596,7 +1596,7 @@ static NTSTATUS cmd_fget_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > } > >- status = SMB_VFS_FGET_NT_ACL(vfs->files[fd], >+ status = SMB_VFS_FGET_NT_ACL(metadata_fsp(vfs->files[fd]), > SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, > talloc_tos(), &sd); > if (!NT_STATUS_IS_OK(status)) { >-- >2.37.2 > > >From cd8cca9f9e073f3c805e7e9cb692eaaa66d501da Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 29 Jul 2022 14:54:07 +0200 >Subject: [PATCH 09/20] smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 4ab29e2a345b48ebba652d5154e96adf954a6757) >--- > source3/smbd/open.c | 2 +- > source3/smbd/pysmbd.c | 2 +- > source3/torture/cmd_vfs.c | 10 ++++++++-- > 3 files changed, 10 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index f9b4a07f5179..90a2427e96fc 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -5228,7 +5228,7 @@ static NTSTATUS inherit_new_acl(struct smb_filename *parent_dir_fname, > /* We need to be root to force this. */ > become_root(); > } >- status = SMB_VFS_FSET_NT_ACL(fsp, >+ status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp), > security_info_sent, > psd); > if (inherit_owner) { >diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c >index 2cf081bd1f50..41135dede812 100644 >--- a/source3/smbd/pysmbd.c >+++ b/source3/smbd/pysmbd.c >@@ -280,7 +280,7 @@ static NTSTATUS set_nt_acl_conn(const char *fname, > return status; > } > >- status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, sd); >+ status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp), security_info_sent, sd); > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status))); > } >diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c >index 694564118404..08fe8e18159c 100644 >--- a/source3/torture/cmd_vfs.c >+++ b/source3/torture/cmd_vfs.c >@@ -1689,7 +1689,10 @@ static NTSTATUS cmd_fset_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, > return NT_STATUS_INVALID_PARAMETER; > } > >- status = SMB_VFS_FSET_NT_ACL(vfs->files[fd], SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, sd); >+ status = SMB_VFS_FSET_NT_ACL( >+ metadata_fsp(vfs->files[fd]), >+ SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, >+ sd); > if (!NT_STATUS_IS_OK(status)) { > printf("fset_nt_acl returned (%s)\n", nt_errstr(status)); > return status; >@@ -1800,7 +1803,10 @@ static NTSTATUS cmd_set_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int a > goto out; > } > >- status = SMB_VFS_FSET_NT_ACL(fsp, SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, sd); >+ status = SMB_VFS_FSET_NT_ACL( >+ metadata_fsp(fsp), >+ SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, >+ sd); > if (!NT_STATUS_IS_OK(status)) { > printf("fset_nt_acl returned (%s)\n", nt_errstr(status)); > goto out; >-- >2.37.2 > > >From 1faa04b506a969bc54f64403b3d6397c6e4f3198 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 29 Jul 2022 14:55:08 +0200 >Subject: [PATCH 10/20] smbd: use metadata_fsp() with > SMB_VFS_FGET_DOS_ATTRIBUTES() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 03b9ce84736d536ab2dd8a5ce1a2656e6a90c8c8) >--- > source3/smbd/dosmode.c | 3 ++- > source3/smbd/open.c | 3 ++- > 2 files changed, 4 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index c62b03687579..d50dfd4989b5 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -754,7 +754,8 @@ uint32_t fdos_mode(struct files_struct *fsp) > } > > /* Get the DOS attributes via the VFS if we can */ >- status = SMB_VFS_FGET_DOS_ATTRIBUTES(fsp->conn, fsp, &result); >+ status = SMB_VFS_FGET_DOS_ATTRIBUTES( >+ fsp->conn, metadata_fsp(fsp), &result); > if (!NT_STATUS_IS_OK(status)) { > /* > * Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 90a2427e96fc..d2a4b521d895 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -3566,7 +3566,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, > */ > uint32_t attr = 0; > >- status = SMB_VFS_FGET_DOS_ATTRIBUTES(conn, smb_fname->fsp, &attr); >+ status = SMB_VFS_FGET_DOS_ATTRIBUTES( >+ conn, metadata_fsp(smb_fname->fsp), &attr); > if (NT_STATUS_IS_OK(status)) { > existing_dos_attributes = attr; > } >-- >2.37.2 > > >From 8470ba283cd799887a6285b49739b77b5f82441d Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 29 Jul 2022 14:56:21 +0200 >Subject: [PATCH 11/20] smbd: use metadata_fsp() with > SMB_VFS_FSET_DOS_ATTRIBUTES() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 55e55804bb2d0f21c1bbe207257bb40555f3b7a2) >--- > source3/smbd/dosmode.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index d50dfd4989b5..cc551a5e26a5 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -960,9 +960,8 @@ int file_set_dosmode(connection_struct *conn, > > if (smb_fname->fsp != NULL) { > /* Store the DOS attributes in an EA by preference. */ >- status = SMB_VFS_FSET_DOS_ATTRIBUTES(conn, >- smb_fname->fsp, >- dosmode); >+ status = SMB_VFS_FSET_DOS_ATTRIBUTES( >+ conn, metadata_fsp(smb_fname->fsp), dosmode); > } else { > status = NT_STATUS_OBJECT_NAME_NOT_FOUND; > } >-- >2.37.2 > > >From b1f70c2b1cb75b953e2b30ffb34c9276693a7021 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 29 Jul 2022 14:56:41 +0200 >Subject: [PATCH 12/20] smbd: ignore request to set the SPARSE attribute on > streams > >As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't >support it in a consistent way, therefor just pretend success and ignore the >request. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 3af8f8e8741cc8c889bbf416ccd38a1b702917ec) >--- > source3/smbd/dosmode.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index cc551a5e26a5..1a38cb3e154a 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -1133,6 +1133,19 @@ NTSTATUS file_set_sparse(connection_struct *conn, > return NT_STATUS_INVALID_PARAMETER; > } > >+ if (fsp_is_alternate_stream(fsp)) { >+ /* >+ * MS-FSA 2.1.1.5 IsSparse >+ * >+ * This is a per stream attribute, but our backends don't >+ * support it a consistent way, therefor just pretend >+ * success and ignore the request. >+ */ >+ DBG_DEBUG("Ignoring request to set FILE_ATTRIBUTE_SPARSE on " >+ "[%s]\n", fsp_str_dbg(fsp)); >+ return NT_STATUS_OK; >+ } >+ > DEBUG(10,("file_set_sparse: setting sparse bit %u on file %s\n", > sparse, smb_fname_str_dbg(fsp->fsp_name))); > >-- >2.37.2 > > >From 30981268f61b969ebecee0c1c57bc7e4cea45128 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 19:05:26 +0200 >Subject: [PATCH 13/20] smbd: use metadata_fsp() in get_acl_group_bits() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(backported from commit 06555c6bcb5644fc9eea35b3cbae8d8801c65ab6) >[slow@samba.org: metadata_fsp(fsp) -> metadata_fsp(smb_fname->fsp)] >--- > source3/smbd/posix_acls.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 899e7dc3c1e2..a3c3408a743a 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -3848,7 +3848,7 @@ int get_acl_group_bits( connection_struct *conn, > SMB_ACL_T posix_acl; > int result = -1; > >- posix_acl = SMB_VFS_SYS_ACL_GET_FD(smb_fname->fsp, >+ posix_acl = SMB_VFS_SYS_ACL_GET_FD(metadata_fsp(smb_fname->fsp), > SMB_ACL_TYPE_ACCESS, > talloc_tos()); > if (posix_acl == (SMB_ACL_T)NULL) >-- >2.37.2 > > >From 6903c6de4c97b10709d310f510d760b25b5a5de3 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 15:58:37 +0200 >Subject: [PATCH 14/20] smbd: skip access checks for stat-opens on streams in > open_file() > >For streams, access is already checked in create_file_unixpath() by >check_base_file_access(). > >We already skip the access check in this function when doing an IO open of a >file, see above in open_file(), also skip it for "stat opens". > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(backported from commit f0299abf1b28a14518328710d9f84bef17fd2ecf) >[slow@samba.org: smbd_check_access_rights_fsp(dirfsp) -> smbd_check_access_rights_fsp(parent_dir->fsp)] >[slow@samba.org: posix_flags -> fsp->posix_flags & FSP_POSIX_FLAGS_OPEN] >--- > source3/smbd/open.c | 51 ++++++++++++++++++++++++++------------------- > 1 file changed, 29 insertions(+), 22 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index d2a4b521d895..3926f376164e 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -1565,29 +1565,36 @@ static NTSTATUS open_file(files_struct *fsp, > } > } > >- status = smbd_check_access_rights_fsp(parent_dir->fsp, >- fsp, >- false, >- access_mask); >- >- if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && >- (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) && >- S_ISLNK(smb_fname->st.st_ex_mode)) { >- /* This is a POSIX stat open for delete >- * or rename on a symlink that points >- * nowhere. Allow. */ >- DEBUG(10,("open_file: allowing POSIX " >- "open on bad symlink %s\n", >- smb_fname_str_dbg(smb_fname))); >- status = NT_STATUS_OK; >- } >+ /* >+ * Access to streams is checked by checking the basefile and >+ * that has alreay been checked by check_base_file_access() >+ * in create_file_unixpath(). >+ */ >+ if (!fsp_is_alternate_stream(fsp)) { >+ status = smbd_check_access_rights_fsp(parent_dir->fsp, >+ fsp, >+ false, >+ access_mask); >+ >+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && >+ (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) && >+ S_ISLNK(smb_fname->st.st_ex_mode)) { >+ /* This is a POSIX stat open for delete >+ * or rename on a symlink that points >+ * nowhere. Allow. */ >+ DEBUG(10,("open_file: allowing POSIX " >+ "open on bad symlink %s\n", >+ smb_fname_str_dbg(smb_fname))); >+ status = NT_STATUS_OK; >+ } > >- if (!NT_STATUS_IS_OK(status)) { >- DBG_DEBUG("smbd_check_access_rights_fsp on file " >- "%s returned %s\n", >- fsp_str_dbg(fsp), >- nt_errstr(status)); >- return status; >+ if (!NT_STATUS_IS_OK(status)) { >+ DBG_DEBUG("smbd_check_access_rights_fsp on file " >+ "%s returned %s\n", >+ fsp_str_dbg(fsp), >+ nt_errstr(status)); >+ return status; >+ } > } > } > >-- >2.37.2 > > >From d27c6f01d21c3727a430e2eef3cc550a1e111fbe Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 29 Jul 2022 07:07:25 +0200 >Subject: [PATCH 15/20] vfs_streams_xattr: restrict which fcntl's are allowed > on streams > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit 51243e3849736acbbf1d8f52cc02cdec5995fde4) >--- > source3/modules/vfs_streams_xattr.c | 33 +++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > >diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c >index aa6ed82e4720..c955f38d5d52 100644 >--- a/source3/modules/vfs_streams_xattr.c >+++ b/source3/modules/vfs_streams_xattr.c >@@ -1551,6 +1551,38 @@ static bool streams_xattr_strict_lock_check(struct vfs_handle_struct *handle, > return true; > } > >+static int streams_xattr_fcntl(vfs_handle_struct *handle, >+ files_struct *fsp, >+ int cmd, >+ va_list cmd_arg) >+{ >+ va_list dup_cmd_arg; >+ void *arg; >+ int ret; >+ >+ if (fsp_is_alternate_stream(fsp)) { >+ switch (cmd) { >+ case F_GETFL: >+ case F_SETFL: >+ break; >+ default: >+ DBG_ERR("Unsupported fcntl() cmd [%d] on [%s]\n", >+ cmd, fsp_str_dbg(fsp)); >+ errno = EINVAL; >+ return -1; >+ } >+ } >+ >+ va_copy(dup_cmd_arg, cmd_arg); >+ arg = va_arg(dup_cmd_arg, void *); >+ >+ ret = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg); >+ >+ va_end(dup_cmd_arg); >+ >+ return ret; >+} >+ > static struct vfs_fn_pointers vfs_streams_xattr_fns = { > .fs_capabilities_fn = streams_xattr_fs_capabilities, > .connect_fn = streams_xattr_connect, >@@ -1579,6 +1611,7 @@ static struct vfs_fn_pointers vfs_streams_xattr_fns = { > .kernel_flock_fn = streams_xattr_kernel_flock, > .linux_setlease_fn = streams_xattr_linux_setlease, > .strict_lock_check_fn = streams_xattr_strict_lock_check, >+ .fcntl_fn = streams_xattr_fcntl, > > .fchown_fn = streams_xattr_fchown, > .fchmod_fn = streams_xattr_fchmod, >-- >2.37.2 > > >From 0490ce36586646ac59fe2a8b088c0426a51875be Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 27 Jul 2022 18:40:21 +0200 >Subject: [PATCH 16/20] vfs_default: assert all passed in fsp's and names are > non-stream type > >Enforce fsp is a non-stream one in as many VFS operations as possible in >vfs_default. We really need an assert here instead of returning an error, as >otherwise he can have very hard to diagnose bugs. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184 > >(backported from commit fc45fcfde51b0b0bdcd524c82a0f9eabf7273045) >[slow@samba.org: skip some hunks that are not applicable] >--- > source3/modules/vfs_default.c | 94 +++++++++++++++++++++-------------- > 1 file changed, 56 insertions(+), 38 deletions(-) > >diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c >index 26595d368483..569d3c1fb507 100644 >--- a/source3/modules/vfs_default.c >+++ b/source3/modules/vfs_default.c >@@ -700,11 +700,7 @@ static int vfswrap_openat(vfs_handle_struct *handle, > > START_PROFILE(syscall_openat); > >- if (is_named_stream(smb_fname)) { >- errno = ENOENT; >- result = -1; >- goto out; >- } >+ SMB_ASSERT(!is_named_stream(smb_fname)); > > #ifdef O_PATH > have_opath = true; >@@ -729,7 +725,6 @@ static int vfswrap_openat(vfs_handle_struct *handle, > > fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds; > >-out: > END_PROFILE(syscall_openat); > return result; > } >@@ -1250,17 +1245,14 @@ static int vfswrap_renameat(vfs_handle_struct *handle, > > START_PROFILE(syscall_renameat); > >- if (is_named_stream(smb_fname_src) || is_named_stream(smb_fname_dst)) { >- errno = ENOENT; >- goto out; >- } >+ SMB_ASSERT(!is_named_stream(smb_fname_src)); >+ SMB_ASSERT(!is_named_stream(smb_fname_dst)); > > result = renameat(fsp_get_pathref_fd(srcfsp), > smb_fname_src->base_name, > fsp_get_pathref_fd(dstfsp), > smb_fname_dst->base_name); > >- out: > END_PROFILE(syscall_renameat); > return result; > } >@@ -1272,14 +1264,11 @@ static int vfswrap_stat(vfs_handle_struct *handle, > > START_PROFILE(syscall_stat); > >- if (is_named_stream(smb_fname)) { >- errno = ENOENT; >- goto out; >- } >+ SMB_ASSERT(!is_named_stream(smb_fname)); > > result = sys_stat(smb_fname->base_name, &smb_fname->st, > lp_fake_directory_create_times(SNUM(handle->conn))); >- out: >+ > END_PROFILE(syscall_stat); > return result; > } >@@ -1302,14 +1291,11 @@ static int vfswrap_lstat(vfs_handle_struct *handle, > > START_PROFILE(syscall_lstat); > >- if (is_named_stream(smb_fname)) { >- errno = ENOENT; >- goto out; >- } >+ SMB_ASSERT(!is_named_stream(smb_fname)); > > result = sys_lstat(smb_fname->base_name, &smb_fname->st, > lp_fake_directory_create_times(SNUM(handle->conn))); >- out: >+ > END_PROFILE(syscall_lstat); > return result; > } >@@ -1407,6 +1393,8 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle, > char **out_data = (char **)_out_data; > NTSTATUS status; > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > switch (function) { > case FSCTL_SET_SPARSE: > { >@@ -1771,6 +1759,8 @@ static struct tevent_req *vfswrap_get_dos_attributes_send( > struct tevent_req *subreq = NULL; > struct vfswrap_get_dos_attributes_state *state = NULL; > >+ SMB_ASSERT(!is_named_stream(smb_fname)); >+ > req = tevent_req_create(mem_ctx, &state, > struct vfswrap_get_dos_attributes_state); > if (req == NULL) { >@@ -1927,6 +1917,8 @@ static NTSTATUS vfswrap_fget_dos_attributes(struct vfs_handle_struct *handle, > { > bool offline; > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > offline = vfswrap_is_offline(handle->conn, fsp->fsp_name); > if (offline) { > *dosmode |= FILE_ATTRIBUTE_OFFLINE; >@@ -1939,6 +1931,8 @@ static NTSTATUS vfswrap_fset_dos_attributes(struct vfs_handle_struct *handle, > struct files_struct *fsp, > uint32_t dosmode) > { >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > return set_ea_dos_attribute(handle->conn, fsp->fsp_name, dosmode); > } > >@@ -2607,15 +2601,12 @@ static int vfswrap_unlinkat(vfs_handle_struct *handle, > > START_PROFILE(syscall_unlinkat); > >- if (is_named_stream(smb_fname)) { >- errno = ENOENT; >- goto out; >- } >+ SMB_ASSERT(!is_named_stream(smb_fname)); >+ > result = unlinkat(fsp_get_pathref_fd(dirfsp), > smb_fname->base_name, > flags); > >- out: > END_PROFILE(syscall_unlinkat); > return result; > } >@@ -3100,6 +3091,8 @@ static int vfswrap_linux_setlease(vfs_handle_struct *handle, files_struct *fsp, > > START_PROFILE(syscall_linux_setlease); > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > #ifdef HAVE_KERNEL_OPLOCKS_LINUX > result = linux_setlease(fsp_get_io_fd(fsp), leasetype); > #else >@@ -3118,6 +3111,8 @@ static int vfswrap_symlinkat(vfs_handle_struct *handle, > > START_PROFILE(syscall_symlinkat); > >+ SMB_ASSERT(!is_named_stream(new_smb_fname)); >+ > result = symlinkat(link_target->base_name, > fsp_get_pathref_fd(dirfsp), > new_smb_fname->base_name); >@@ -3135,6 +3130,8 @@ static int vfswrap_readlinkat(vfs_handle_struct *handle, > > START_PROFILE(syscall_readlinkat); > >+ SMB_ASSERT(!is_named_stream(smb_fname)); >+ > result = readlinkat(fsp_get_pathref_fd(dirfsp), > smb_fname->base_name, > buf, >@@ -3155,6 +3152,9 @@ static int vfswrap_linkat(vfs_handle_struct *handle, > > START_PROFILE(syscall_linkat); > >+ SMB_ASSERT(!is_named_stream(old_smb_fname)); >+ SMB_ASSERT(!is_named_stream(new_smb_fname)); >+ > result = linkat(fsp_get_pathref_fd(srcfsp), > old_smb_fname->base_name, > fsp_get_pathref_fd(dstfsp), >@@ -3175,6 +3175,8 @@ static int vfswrap_mknodat(vfs_handle_struct *handle, > > START_PROFILE(syscall_mknodat); > >+ SMB_ASSERT(!is_named_stream(smb_fname)); >+ > result = sys_mknodat(fsp_get_pathref_fd(dirfsp), > smb_fname->base_name, > mode, >@@ -3213,6 +3215,8 @@ static int vfswrap_fchflags(vfs_handle_struct *handle, > #ifdef HAVE_FCHFLAGS > int fd = fsp_get_pathref_fd(fsp); > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > if (!fsp->fsp_flags.is_pathref) { > return fchflags(fd, flags); > } >@@ -3288,6 +3292,8 @@ static NTSTATUS vfswrap_fstreaminfo(vfs_handle_struct *handle, > struct stream_struct *streams = *pstreams; > NTSTATUS status; > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > if (fsp->fsp_flags.is_directory) { > /* > * No default streams on directories >@@ -3388,6 +3394,9 @@ static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle, > NTSTATUS result; > > START_PROFILE(fget_nt_acl); >+ >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > result = posix_fget_nt_acl(fsp, security_info, > mem_ctx, ppdesc); > END_PROFILE(fget_nt_acl); >@@ -3399,6 +3408,9 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp > NTSTATUS result; > > START_PROFILE(fset_nt_acl); >+ >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > result = set_nt_acl(fsp, security_info_sent, psd); > END_PROFILE(fset_nt_acl); > return result; >@@ -3418,6 +3430,8 @@ static SMB_ACL_T vfswrap_sys_acl_get_fd(vfs_handle_struct *handle, > SMB_ACL_TYPE_T type, > TALLOC_CTX *mem_ctx) > { >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > return sys_acl_get_fd(handle, fsp, type, mem_ctx); > } > >@@ -3426,12 +3440,16 @@ static int vfswrap_sys_acl_set_fd(vfs_handle_struct *handle, > SMB_ACL_TYPE_T type, > SMB_ACL_T theacl) > { >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > return sys_acl_set_fd(handle, fsp, type, theacl); > } > > static int vfswrap_sys_acl_delete_def_fd(vfs_handle_struct *handle, > files_struct *fsp) > { >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > return sys_acl_delete_def_fd(handle, fsp); > } > >@@ -3447,6 +3465,8 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_struct *handle, > { > int fd = fsp_get_pathref_fd(fsp); > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > if (!fsp->fsp_flags.is_pathref) { > return fgetxattr(fd, name, value, size); > } >@@ -3517,6 +3537,8 @@ static struct tevent_req *vfswrap_getxattrat_send( > bool have_per_thread_creds = false; > bool do_async = false; > >+ SMB_ASSERT(!is_named_stream(smb_fname)); >+ > req = tevent_req_create(mem_ctx, &state, > struct vfswrap_getxattrat_state); > if (req == NULL) { >@@ -3623,14 +3645,9 @@ static void vfswrap_getxattrat_do_sync(struct tevent_req *req) > { > struct vfswrap_getxattrat_state *state = tevent_req_data( > req, struct vfswrap_getxattrat_state); >- struct files_struct *fsp = state->smb_fname->fsp; >- >- if (fsp->base_fsp != NULL) { >- fsp = fsp->base_fsp; >- } > > state->xattr_size = vfswrap_fgetxattr(state->handle, >- fsp, >+ state->smb_fname->fsp, > state->xattr_name, > state->xattr_value, > talloc_array_length(state->xattr_value)); >@@ -3650,11 +3667,6 @@ static void vfswrap_getxattrat_do_async(void *private_data) > struct timespec start_time; > struct timespec end_time; > int ret; >- struct files_struct *fsp = state->smb_fname->fsp; >- >- if (fsp->base_fsp != NULL) { >- fsp = fsp->base_fsp; >- } > > PROFILE_TIMESTAMP(&start_time); > SMBPROFILE_BYTES_ASYNC_SET_BUSY(state->profile_bytes); >@@ -3678,7 +3690,7 @@ static void vfswrap_getxattrat_do_async(void *private_data) > } > > state->xattr_size = vfswrap_fgetxattr(state->handle, >- fsp, >+ state->smb_fname->fsp, > state->xattr_name, > state->xattr_value, > talloc_array_length(state->xattr_value)); >@@ -3779,6 +3791,8 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files > { > int fd = fsp_get_pathref_fd(fsp); > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > if (!fsp->fsp_flags.is_pathref) { > return flistxattr(fd, list, size); > } >@@ -3805,6 +3819,8 @@ static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_s > { > int fd = fsp_get_pathref_fd(fsp); > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > if (!fsp->fsp_flags.is_pathref) { > return fremovexattr(fd, name); > } >@@ -3831,6 +3847,8 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_stru > { > int fd = fsp_get_pathref_fd(fsp); > >+ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); >+ > if (!fsp->fsp_flags.is_pathref) { > return fsetxattr(fd, name, value, size, flags); > } >-- >2.37.2 > > >From 605b8d3ef648047549ca430c9428216fc1792a6f Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Sat, 13 Aug 2022 17:04:50 +0200 >Subject: [PATCH 17/20] smbtorture: rename smb2.streams.attributes to > smb2.streams.attributes1 > >A subsequent commit adds another streams test named "attributes2", this change >avoids matching the new testname with the existing knownfail entries. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit b5848d391be4f7633745d9c36e432ac8b1c9dba2) >--- > selftest/knownfail | 4 ++-- > source4/torture/smb2/streams.c | 6 +++--- > 2 files changed, 5 insertions(+), 5 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index cab556be4772..92f98ba5dc94 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -206,10 +206,10 @@ > ^samba3.smb2.oplock.stream1 > ^samba3.smb2.streams.rename > ^samba3.smb2.streams.rename2 >-^samba3.smb2.streams.attributes >+^samba3.smb2.streams.attributes1\(.*\) > ^samba3.smb2.streams streams_xattr.rename\(nt4_dc\) > ^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\) >-^samba3.smb2.streams streams_xattr.attributes\(nt4_dc\) >+^samba3.smb2.streams streams_xattr.attributes1\(nt4_dc\) > ^samba3.smb2.getinfo.complex > ^samba3.smb2.getinfo.fsinfo # quotas don't work yet > ^samba3.smb2.setinfo.setinfo >diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c >index c5ece0d9bcbc..889fa84ad539 100644 >--- a/source4/torture/smb2/streams.c >+++ b/source4/torture/smb2/streams.c >@@ -1804,8 +1804,8 @@ static bool open_stream(struct smb2_tree *tree, > > > /* Test the effect of setting attributes on a stream. */ >-static bool test_stream_attributes(struct torture_context *tctx, >- struct smb2_tree *tree) >+static bool test_stream_attributes1(struct torture_context *tctx, >+ struct smb2_tree *tree) > { > TALLOC_CTX *mem_ctx = talloc_new(tctx); > bool ret = true; >@@ -2058,7 +2058,7 @@ struct torture_suite *torture_smb2_streams_init(TALLOC_CTX *ctx) > torture_suite_add_1smb2_test(suite, "rename", test_stream_rename); > torture_suite_add_1smb2_test(suite, "rename2", test_stream_rename2); > torture_suite_add_1smb2_test(suite, "create-disposition", test_stream_create_disposition); >- torture_suite_add_1smb2_test(suite, "attributes", test_stream_attributes); >+ torture_suite_add_1smb2_test(suite, "attributes1", test_stream_attributes1); > torture_suite_add_1smb2_test(suite, "delete", test_stream_delete); > torture_suite_add_1smb2_test(suite, "zero-byte", test_zero_byte_stream); > torture_suite_add_1smb2_test(suite, "basefile-rename-with-open-stream", >-- >2.37.2 > > >From 08220d311f0bc7d70960ad49122a232e658ac032 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Sat, 13 Aug 2022 16:13:07 +0200 >Subject: [PATCH 18/20] smbtorture: add test smb2.stream.attributes2 > >Specifically torture the creation date is the same for the file and its streams. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit e74b10e17ee5df0f77ac5349242841be8d71c4e8) >--- > selftest/knownfail.d/smb2.streams | 1 + > source4/torture/smb2/streams.c | 355 ++++++++++++++++++++++++++++++ > 2 files changed, 356 insertions(+) > create mode 100644 selftest/knownfail.d/smb2.streams > >diff --git a/selftest/knownfail.d/smb2.streams b/selftest/knownfail.d/smb2.streams >new file mode 100644 >index 000000000000..9dcebb0ef804 >--- /dev/null >+++ b/selftest/knownfail.d/smb2.streams >@@ -0,0 +1 @@ >+^samba3.smb2.streams streams_xattr.attributes2 >diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c >index 889fa84ad539..c2f1ebdecb48 100644 >--- a/source4/torture/smb2/streams.c >+++ b/source4/torture/smb2/streams.c >@@ -23,6 +23,7 @@ > #include "libcli/smb2/smb2.h" > #include "libcli/smb2/smb2_calls.h" > >+#include "smb_constants.h" > #include "torture/torture.h" > #include "torture/smb2/proto.h" > >@@ -1960,6 +1961,359 @@ static bool test_stream_attributes1(struct torture_context *tctx, > return ret; > } > >+static bool check_metadata(struct torture_context *tctx, >+ struct smb2_tree *tree, >+ const char *path, >+ struct smb2_handle _h, >+ NTTIME expected_btime, >+ uint32_t expected_attribs) >+{ >+ struct smb2_handle h = _h; >+ union smb_fileinfo getinfo; >+ NTSTATUS status; >+ bool ret = true; >+ >+ if (smb2_util_handle_empty(h)) { >+ struct smb2_create c; >+ >+ c = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = FILE_ATTRIBUTE_HIDDEN, >+ .in.create_disposition = NTCREATEX_DISP_OPEN, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = path, >+ }; >+ status = smb2_create(tree, tctx, &c); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ >+ h = c.out.file.handle; >+ } >+ >+ getinfo = (union smb_fileinfo) { >+ .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, >+ .generic.in.file.handle = h, >+ }; >+ >+ status = smb2_getinfo_file(tree, tctx, &getinfo); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_getinfo_file failed\n"); >+ >+ torture_assert_u64_equal_goto(tctx, >+ expected_btime, >+ getinfo.basic_info.out.create_time, >+ ret, done, >+ "btime was updated\n"); >+ >+ torture_assert_u32_equal_goto(tctx, >+ expected_attribs, >+ getinfo.basic_info.out.attrib, >+ ret, done, >+ "btime was updated\n"); >+ >+done: >+ if (smb2_util_handle_empty(_h)) { >+ smb2_util_close(tree, h); >+ } >+ >+ return ret; >+} >+ >+static bool test_stream_attributes2(struct torture_context *tctx, >+ struct smb2_tree *tree) >+{ >+ NTSTATUS status; >+ struct smb2_create c1; >+ struct smb2_handle h1 = {{0}}; >+ const char *fname = DNAME "\\test_stream_btime"; >+ const char *sname = DNAME "\\test_stream_btime:stream"; >+ union smb_fileinfo getinfo; >+ union smb_setfileinfo setinfo; >+ const char *data = "test data"; >+ struct timespec ts; >+ NTTIME btime; >+ uint32_t attrib = FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_ARCHIVE; >+ bool ret; >+ >+ smb2_deltree(tree, DNAME); >+ >+ status = torture_smb2_testdir(tree, DNAME, &h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "torture_smb2_testdir failed\n"); >+ smb2_util_close(tree, h1); >+ >+ torture_comment(tctx, "Let's dance!\n"); >+ >+ /* >+ * Step 1: create file and get creation date >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = FILE_ATTRIBUTE_HIDDEN, >+ .in.create_disposition = NTCREATEX_DISP_CREATE, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = fname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ getinfo = (union smb_fileinfo) { >+ .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, >+ .generic.in.file.handle = h1, >+ }; >+ status = smb2_getinfo_file(tree, tctx, &getinfo); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_getinfo_file failed\n"); >+ >+ btime = getinfo.basic_info.out.create_time; >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ /* >+ * Step X: write to file, assert btime was not updated >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = attrib, >+ .in.create_disposition = NTCREATEX_DISP_OPEN, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = fname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ status = smb2_util_write(tree, h1, data, 0, strlen(data)); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_write failed\n"); >+ >+ ret = check_metadata(tctx, tree, NULL, h1, btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ /* >+ * Step X: create stream, assert creation date is the same >+ * as the one on the basefile >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = attrib, >+ .in.create_disposition = NTCREATEX_DISP_CREATE, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = sname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ /* >+ * Step X: set btime on stream, verify basefile has the same btime. >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = attrib, >+ .in.create_disposition = NTCREATEX_DISP_OPEN, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = sname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ setinfo = (union smb_setfileinfo) { >+ .basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION, >+ .basic_info.in.file.handle = h1, >+ }; >+ clock_gettime_mono(&ts); >+ btime = setinfo.basic_info.in.create_time = full_timespec_to_nt_time(&ts); >+ >+ status = smb2_setinfo_file(tree, &setinfo); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_setinfo_file failed\n"); >+ >+ ret = check_metadata(tctx, tree, NULL, h1, btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad time on stream\n"); >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad time on basefile\n"); >+ >+ ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad time on stream\n"); >+ >+ /* >+ * Step X: write to stream, assert btime was not updated >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = attrib, >+ .in.create_disposition = NTCREATEX_DISP_OPEN, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = sname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ status = smb2_util_write(tree, h1, data, 0, strlen(data)); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_write failed\n"); >+ >+ ret = check_metadata(tctx, tree, NULL, h1, btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ /* >+ * Step X: modify attributes via stream, verify it's "also" set on the >+ * basefile. >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = attrib, >+ .in.create_disposition = NTCREATEX_DISP_OPEN, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = sname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ attrib = FILE_ATTRIBUTE_NORMAL; >+ >+ setinfo = (union smb_setfileinfo) { >+ .basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION, >+ .basic_info.in.file.handle = h1, >+ .basic_info.in.attrib = attrib, >+ }; >+ >+ status = smb2_setinfo_file(tree, &setinfo); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_setinfo_file failed\n"); >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ /* >+ * Step X: modify attributes via basefile, verify it's "also" set on the >+ * stream. >+ */ >+ >+ c1 = (struct smb2_create) { >+ .in.desired_access = SEC_FILE_ALL, >+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, >+ .in.file_attributes = attrib, >+ .in.create_disposition = NTCREATEX_DISP_OPEN, >+ .in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION, >+ .in.fname = fname, >+ }; >+ status = smb2_create(tree, tctx, &c1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed\n"); >+ h1 = c1.out.file.handle; >+ >+ attrib = FILE_ATTRIBUTE_HIDDEN; >+ >+ setinfo = (union smb_setfileinfo) { >+ .basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION, >+ .basic_info.in.file.handle = h1, >+ .basic_info.in.attrib = attrib, >+ }; >+ >+ status = smb2_setinfo_file(tree, &setinfo); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_setinfo_file failed\n"); >+ >+ status = smb2_util_close(tree, h1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_util_close failed\n"); >+ ZERO_STRUCT(h1); >+ >+ ret = check_metadata(tctx, tree, fname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+ ret = check_metadata(tctx, tree, sname, (struct smb2_handle){{0}}, >+ btime, attrib); >+ torture_assert_goto(tctx, ret, ret, done, "Bad metadata\n"); >+ >+done: >+ if (!smb2_util_handle_empty(h1)) { >+ smb2_util_close(tree, h1); >+ } >+ >+ smb2_deltree(tree, DNAME); >+ >+ return ret; >+} >+ > static bool test_basefile_rename_with_open_stream(struct torture_context *tctx, > struct smb2_tree *tree) > { >@@ -2059,6 +2413,7 @@ struct torture_suite *torture_smb2_streams_init(TALLOC_CTX *ctx) > torture_suite_add_1smb2_test(suite, "rename2", test_stream_rename2); > torture_suite_add_1smb2_test(suite, "create-disposition", test_stream_create_disposition); > torture_suite_add_1smb2_test(suite, "attributes1", test_stream_attributes1); >+ torture_suite_add_1smb2_test(suite, "attributes2", test_stream_attributes2); > torture_suite_add_1smb2_test(suite, "delete", test_stream_delete); > torture_suite_add_1smb2_test(suite, "zero-byte", test_zero_byte_stream); > torture_suite_add_1smb2_test(suite, "basefile-rename-with-open-stream", >-- >2.37.2 > > >From 7b4a8dea57df5435e25767de0be4a39c85e5929d Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Thu, 11 Aug 2022 17:18:13 +0200 >Subject: [PATCH 19/20] smbd: add and use vfs_fget_dos_attributes() > >Commit d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the >creation date on streams wasn't updated anymore on the stream fsp. > >By adding a simple wrapper vfs_fget_dos_attributes() that takes care of > >- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of > all the streams related complexity like fake fds, > >- propagating any updated btime from the base_fsp->fsp_name to the > stream_fsp->fsp_name > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(backported from commit 3f7d8db9945a325020e4d1574289dea9e8331c29) >[slow@samba.org: also update itime and file_id] >--- > selftest/knownfail.d/smb2.streams | 1 - > source3/include/proto.h | 3 ++ > source3/smbd/dosmode.c | 3 +- > source3/smbd/open.c | 3 +- > source3/smbd/vfs.c | 54 +++++++++++++++++++++++++++++++ > 5 files changed, 59 insertions(+), 5 deletions(-) > delete mode 100644 selftest/knownfail.d/smb2.streams > >diff --git a/selftest/knownfail.d/smb2.streams b/selftest/knownfail.d/smb2.streams >deleted file mode 100644 >index 9dcebb0ef804..000000000000 >--- a/selftest/knownfail.d/smb2.streams >+++ /dev/null >@@ -1 +0,0 @@ >-^samba3.smb2.streams streams_xattr.attributes2 >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 20d026f83b37..f38b286cab1a 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -82,6 +82,9 @@ NTSTATUS vfs_at_fspcwd(TALLOC_CTX *mem_ctx, > struct connection_struct *conn, > struct files_struct **_fsp); > >+NTSTATUS vfs_fget_dos_attributes(struct files_struct *fsp, >+ uint32_t *dosmode); >+ > #include "source3/lib/interface.h" > > /* The following definitions come from lib/ldap_debug_handler.c */ >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 1a38cb3e154a..f32401e787b1 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -754,8 +754,7 @@ uint32_t fdos_mode(struct files_struct *fsp) > } > > /* Get the DOS attributes via the VFS if we can */ >- status = SMB_VFS_FGET_DOS_ATTRIBUTES( >- fsp->conn, metadata_fsp(fsp), &result); >+ status = vfs_fget_dos_attributes(fsp, &result); > if (!NT_STATUS_IS_OK(status)) { > /* > * Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 3926f376164e..7a91b2a6d590 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -3573,8 +3573,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, > */ > uint32_t attr = 0; > >- status = SMB_VFS_FGET_DOS_ATTRIBUTES( >- conn, metadata_fsp(smb_fname->fsp), &attr); >+ status = vfs_fget_dos_attributes(smb_fname->fsp, &attr); > if (NT_STATUS_IS_OK(status)) { > existing_dos_attributes = attr; > } >diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c >index a6022902c1dd..f0a5cba8416b 100644 >--- a/source3/smbd/vfs.c >+++ b/source3/smbd/vfs.c >@@ -1513,6 +1513,60 @@ NTSTATUS vfs_at_fspcwd(TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > } > >+NTSTATUS vfs_fget_dos_attributes(struct files_struct *fsp, >+ uint32_t *dosmode) >+{ >+ NTSTATUS status; >+ >+ /* >+ * First make sure to pass the base_fsp to the VFS >+ */ >+ status = SMB_VFS_FGET_DOS_ATTRIBUTES( >+ fsp->conn, metadata_fsp(fsp), dosmode); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ /* >+ * If this isn't a stream fsp we're done, ... >+ */ >+ if (!fsp_is_alternate_stream(fsp)) { >+ return NT_STATUS_OK; >+ } >+ >+ /* >+ * ...otherwise the VFS might have updated the btime, propagate the >+ * btime from the base_fsp to the stream fsp. >+ */ >+ >+ if (!(fsp->base_fsp->fsp_name->st.st_ex_iflags & >+ ST_EX_IFLAG_CALCULATED_BTIME)) >+ { >+ update_stat_ex_create_time( >+ &fsp->fsp_name->st, >+ fsp->base_fsp->fsp_name->st.st_ex_btime); >+ } >+ >+ if (!(fsp->base_fsp->fsp_name->st.st_ex_iflags & >+ ST_EX_IFLAG_CALCULATED_ITIME)) >+ { >+ update_stat_ex_itime( >+ &fsp->fsp_name->st, >+ fsp->base_fsp->fsp_name->st.st_ex_itime); >+ } >+ >+ if (!(fsp->base_fsp->fsp_name->st.st_ex_iflags & >+ ST_EX_IFLAG_CALCULATED_FILE_ID)) >+ { >+ update_stat_ex_file_id( >+ &fsp->fsp_name->st, >+ fsp->base_fsp->fsp_name->st.st_ex_file_id); >+ } >+ >+ >+ return NT_STATUS_OK; >+} >+ > int smb_vfs_call_connect(struct vfs_handle_struct *handle, > const char *service, const char *user) > { >-- >2.37.2 > > >From 8c4092d96198090440fe975655fbf0bb4a7b2bf8 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Sun, 14 Aug 2022 16:39:37 +0200 >Subject: [PATCH 20/20] smbd: directly pass fsp to SMB_VFS_FGETXATTR() in > fget_ea_dos_attribute() > >We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so >we don't need to check for a stream_fsp here anymore. > >Additionally vfs_default will assert a non-stream fsp inside >vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is >caught in vfs_default. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126 >MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910) >--- > source3/smbd/dosmode.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index f32401e787b1..37bd3b5f78ed 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -375,7 +375,7 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp, > /* Don't reset pattr to zero as we may already have filename-based attributes we > need to preserve. */ > >- sizeret = SMB_VFS_FGETXATTR(fsp->base_fsp ? fsp->base_fsp : fsp, >+ sizeret = SMB_VFS_FGETXATTR(fsp, > SAMBA_XATTR_DOS_ATTRIB, > attrstr, > sizeof(attrstr)); >@@ -386,7 +386,7 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp, > rights than the real user > */ > become_root(); >- sizeret = SMB_VFS_FGETXATTR(fsp->base_fsp ? fsp->base_fsp : fsp, >+ sizeret = SMB_VFS_FGETXATTR(fsp, > SAMBA_XATTR_DOS_ATTRIB, > attrstr, > sizeof(attrstr)); >-- >2.37.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 15126
:
17466
|
17492
|
17493
|
17494
|
17495
|
17496
|
17497
|
17498
| 17507