Bug 14592 - Hitting ENOPSC when setting NT ACL in vfs_acl_xattr wipes the NT ACL
Summary: Hitting ENOPSC when setting NT ACL in vfs_acl_xattr wipes the NT ACL
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-09 10:42 UTC by Ralph Böhme
Modified: 2020-12-18 15:12 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2020-12-09 10:42:39 UTC
When setting the NT ACL vfs_acl_xattr will wipe an existing NT ACL xattr in the sys_acl_set_file_xattr().

We do three things in the code that handles setting the ACL:

- first we set the POSIX ACL

- as part of that, we remove the NT ACL xattr

- then we set the new NT ACL xattr via

The problem is, if we hit ENOSPC in the last step, we have deleted the NT ACL xattr in the step before.

The code that deletes the NT ACL xattr is from 2008 and predates the new version 4 from 2012 of the ACL xattr that stores the hash of the filesystem POSIX ACL.

If all ACL xattr blob on a system contain the that hash, it's safe to skip deleting the ACL xattr when setting the POSIX ACL. But as systems may contain data with older versions, we cannot unconditionally remove that code.

The correct fix for this is to use a fsp extension in the module to transfer the knowledge across the codepath, that it's safe to skip the removal. That however requires an fsp and so doesn't work in the path based SMB_VFS_SYS_ACL_SET_FILE().

With the upcoming O_PATH changes it will be possible to change all callers of SMB_VFS_SYS_ACL_SET_FILE() to use the handle based SMB_VFS_SYS_ACL_SET_FD() instead. So once the O_PATH code hits master, I can do this change and then add the fsp extension logic.
Comment 1 Samba QA Contact 2020-12-17 20:05:04 UTC
This bug was referenced in samba master:

e6b0797caff1e292cec3bee245ee63e58702efb8
25ec288172738f78a7f97e241de2684fd97ad51e
a77de71ced013604382e5c62a904db0fbf1cdd81
Comment 2 Ralph Böhme 2020-12-18 15:12:44 UTC
Fixed in master for 4.14.