From 92704d0f80992d8dff096ea9bdddd4283b82f78b Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Thu, 26 Oct 2023 14:37:15 -0700 Subject: [PATCH 1/4] vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE Use O_PATH when available; this avoids the need for READ/LIST access on that directory. Keep using O_RDONLY if the system does not have O_PATH. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme (cherry picked from commit b317622a8fed0ee195ffe40129eb5bcad28dd985) --- source3/modules/vfs_gpfs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 93748eab54c..f8ccbca1038 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1603,6 +1603,11 @@ static int stat_with_capability(struct vfs_handle_struct *handle, struct smb_filename *dir_name = NULL; struct smb_filename *rel_name = NULL; int ret = -1; +#ifdef O_PATH + int open_flags = O_PATH; +#else + int open_flags = O_RDONLY; +#endif status = SMB_VFS_PARENT_PATHNAME(handle->conn, talloc_tos(), @@ -1614,7 +1619,7 @@ static int stat_with_capability(struct vfs_handle_struct *handle, return -1; } - fd = open(dir_name->base_name, O_RDONLY, 0); + fd = open(dir_name->base_name, open_flags, 0); if (fd == -1) { TALLOC_FREE(dir_name); return -1; -- 2.39.3 From a4e731777b9d0af959795401ac76d9f7dbb8b4fe Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Thu, 26 Oct 2023 14:39:46 -0700 Subject: [PATCH 2/4] vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function Allow reuse of this code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme (cherry picked from commit 95319351e37b8b968b798eee66c93852d9ad2d81) --- source3/modules/vfs_gpfs.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index f8ccbca1038..d9361fe906f 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1594,6 +1594,25 @@ static NTSTATUS vfs_gpfs_fset_dos_attributes(struct vfs_handle_struct *handle, return NT_STATUS_OK; } +static int fstatat_with_cap_dac_override(int fd, + const char *pathname, + SMB_STRUCT_STAT *sbuf, + int flags, + bool fake_dir_create_times) +{ + int ret; + + set_effective_capability(DAC_OVERRIDE_CAPABILITY); + ret = sys_fstatat(fd, + pathname, + sbuf, + flags, + fake_dir_create_times); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + + return ret; +} + static int stat_with_capability(struct vfs_handle_struct *handle, struct smb_filename *smb_fname, int flag) { @@ -1625,14 +1644,11 @@ static int stat_with_capability(struct vfs_handle_struct *handle, return -1; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); - ret = sys_fstatat(fd, - rel_name->base_name, - &smb_fname->st, - flag, - fake_dctime); - - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + ret = fstatat_with_cap_dac_override(fd, + rel_name->base_name, + &smb_fname->st, + flag, + fake_dctime); TALLOC_FREE(dir_name); close(fd); -- 2.39.3 From 1bf2a3eca4b875195750e467a28b0644558eeedd Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Thu, 26 Oct 2023 14:45:34 -0700 Subject: [PATCH 3/4] vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme (cherry picked from commit cbdc16a7cfa225d1cf9109fafe85e9d14729700e) --- source3/modules/vfs_gpfs.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index d9361fe906f..568e11f1aac 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1670,6 +1670,29 @@ static int vfs_gpfs_stat(struct vfs_handle_struct *handle, return ret; } +static int vfs_gpfs_fstat(struct vfs_handle_struct *handle, + struct files_struct *fsp, + SMB_STRUCT_STAT *sbuf) +{ + int ret; + + ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); + if (ret == -1 && errno == EACCES) { + bool fake_dctime = + lp_fake_directory_create_times(SNUM(handle->conn)); + + DBG_DEBUG("fstat for %s failed with EACCES. Trying with " + "CAP_DAC_OVERRIDE.\n", fsp->fsp_name->base_name); + ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(fsp), + "", + sbuf, + AT_EMPTY_PATH, + fake_dctime); + } + + return ret; +} + static int vfs_gpfs_lstat(struct vfs_handle_struct *handle, struct smb_filename *smb_fname) { @@ -2614,6 +2637,7 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { .fchmod_fn = vfs_gpfs_fchmod, .close_fn = vfs_gpfs_close, .stat_fn = vfs_gpfs_stat, + .fstat_fn = vfs_gpfs_fstat, .lstat_fn = vfs_gpfs_lstat, .fntimes_fn = vfs_gpfs_fntimes, .aio_force_fn = vfs_gpfs_aio_force, -- 2.39.3 From d66eb0b1c23f1a067a94e27a2a09feca131b185c Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Thu, 26 Oct 2023 15:51:02 -0700 Subject: [PATCH 4/4] vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224 (cherry picked from commit 963fc353e70b940f4009ca2764e966682400e2dc) --- source3/modules/vfs_gpfs.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 568e11f1aac..e88ef817a36 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1708,6 +1708,31 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct *handle, return ret; } +static int vfs_gpfs_fstatat(struct vfs_handle_struct *handle, + const struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + SMB_STRUCT_STAT *sbuf, + int flags) +{ + int ret; + + ret = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_fname, sbuf, flags); + if (ret == -1 && errno == EACCES) { + bool fake_dctime = + lp_fake_directory_create_times(SNUM(handle->conn)); + + DBG_DEBUG("fstatat for %s failed with EACCES. Trying with " + "CAP_DAC_OVERRIDE.\n", dirfsp->fsp_name->base_name); + ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(dirfsp), + smb_fname->base_name, + sbuf, + flags, + fake_dctime); + } + + return ret; +} + static int timespec_to_gpfs_time( struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags) { @@ -2639,6 +2664,7 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { .stat_fn = vfs_gpfs_stat, .fstat_fn = vfs_gpfs_fstat, .lstat_fn = vfs_gpfs_lstat, + .fstatat_fn = vfs_gpfs_fstatat, .fntimes_fn = vfs_gpfs_fntimes, .aio_force_fn = vfs_gpfs_aio_force, .sendfile_fn = vfs_gpfs_sendfile, -- 2.39.3