From a000ce99064c0c757c9ea66df516c9f98afaa01f Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 5 Feb 2024 15:03:48 +0100
Subject: [PATCH 1/2] smbd: simplify handling of failing fstat() after
 unlinking file

close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true.

This avoids getting an EACCESS error when doing an fstat() on the removed file
which seems to happen with some FUSE filesystems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6e6324cff29089a636823786183222a73fe7cb28)
---
 source3/smbd/close.c |  1 +
 source3/smbd/open.c  | 15 +--------------
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index b42f4d2db71..04e39774950 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
  	 */
 
 	fsp->fsp_flags.delete_on_close = false;
+	fsp->fsp_flags.fstat_before_close = false;
 	lck_state.reset_delete_on_close = true;
 
  done:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3e7a8f45ebd..0862c956c45 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -952,20 +952,7 @@ NTSTATUS fd_close(files_struct *fsp)
 	if (fsp->fsp_flags.fstat_before_close) {
 		status = vfs_stat_fsp(fsp);
 		if (!NT_STATUS_IS_OK(status)) {
-			/*
-			 * If this is a stream and delete-on-close was set, the
-			 * backing object (an xattr from streams_xattr) might
-			 * already be deleted so fstat() fails with
-			 * NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
-			 * ignore the error and only bail for normal files where
-			 * an fstat() should still work. NB. We cannot use
-			 * fsp_is_alternate_stream(fsp) for this as the base_fsp
-			 * has already been closed at this point and so the value
-			 * fsp_is_alternate_stream() checks for is already NULL.
-			 */
-			if (fsp->fsp_name->stream_name == NULL) {
-				return status;
-			}
+			return status;
 		}
 	}
 
-- 
2.35.3


From 73e08c4fde883014e8a9396c4f8c31600b162316 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Tue, 20 Feb 2024 09:26:29 +0000
Subject: [PATCH 2/2] s3/smbd: If we fail to close file_handle ensure we should
 reset the fd

if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.

[2024/02/20 09:23:48.454671,  0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
  smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757,  0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
  PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781,  0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
  ===============================================================
[2024/02/20 09:23:48.454804,  0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
  INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844,  0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
  If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869,  0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224

(cherry picked from commit 6ee3f809a54d7b833ff798e68a93ada00a215d4d)
---
 source3/smbd/open.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 0862c956c45..e5309a7be98 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -942,7 +942,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp,
 
 NTSTATUS fd_close(files_struct *fsp)
 {
-	NTSTATUS status;
+	NTSTATUS stat_status = NT_STATUS_OK;
 	int ret;
 
 	if (fsp == fsp->conn->cwd_fsp) {
@@ -950,10 +950,12 @@ NTSTATUS fd_close(files_struct *fsp)
 	}
 
 	if (fsp->fsp_flags.fstat_before_close) {
-		status = vfs_stat_fsp(fsp);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
+		/*
+		 * capture status, if failure
+		 * continue close processing
+		 * and return status
+		 */
+		stat_status = vfs_stat_fsp(fsp);
 	}
 
 	if (fsp->dptr) {
@@ -975,7 +977,7 @@ NTSTATUS fd_close(files_struct *fsp)
 	if (ret == -1) {
 		return map_nt_error_from_unix(errno);
 	}
-	return NT_STATUS_OK;
+	return stat_status;
 }
 
 /****************************************************************************
-- 
2.35.3