The branch, master has been updated
via cfc1c0afcc8 vfs_fake_acls: Call fake_acls_fstatat() from
fake_acls_[l]stat()
via 7c2d3c9c335 vfs_fake_acls: Implement fake_acls_fstatat()
via e3fede963c6 vfs_fake_acls: Reduce indentation in fake_acls_stat()
via cd383584957 vfs_fake_acls: Reduce indentation in fake_acls_lstat()
via 7669b85f91e vfs_fake_acls: Reduce indentation in fake_acls_stat()
via 2f5580aa012 vfs_fake_acls: Introduce fake_acls_fuidgid()
via 6a02d7d151d vfs_streams_depot: Use NEXT_UNLINKAT when deleting a
stream
from 9ffcd38c16c s4:kdc:sdb_to_hdb strong/flexible certificate mappings
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cfc1c0afcc820e6171cf0b206743cd7613d71327
Author: Volker Lendecke <[email protected]>
Date: Sat Oct 4 18:55:42 2025 +0200
vfs_fake_acls: Call fake_acls_fstatat() from fake_acls_[l]stat()
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Ralph Böhme <[email protected]>
Autobuild-Date(master): Fri Oct 10 09:26:47 UTC 2025 on atb-devel-224
commit 7c2d3c9c335ccc32315dd4b73e6288c795db1616
Author: Volker Lendecke <[email protected]>
Date: Sat Oct 4 18:51:20 2025 +0200
vfs_fake_acls: Implement fake_acls_fstatat()
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit e3fede963c647c2ee719f11a222e0c146d061feb
Author: Volker Lendecke <[email protected]>
Date: Sat Oct 4 18:36:47 2025 +0200
vfs_fake_acls: Reduce indentation in fake_acls_stat()
Use an early error return
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit cd3835849575098e81102efa9e91d21ef86ec7f5
Author: Volker Lendecke <[email protected]>
Date: Sat Oct 4 18:32:55 2025 +0200
vfs_fake_acls: Reduce indentation in fake_acls_lstat()
Use an early return
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 7669b85f91ee96290241c7c9102492f4f0dfd230
Author: Volker Lendecke <[email protected]>
Date: Sat Oct 4 18:31:36 2025 +0200
vfs_fake_acls: Reduce indentation in fake_acls_stat()
Use an early return
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 2f5580aa012a740a1c52646b2072d31b770d9d50
Author: Volker Lendecke <[email protected]>
Date: Sat Oct 4 18:28:46 2025 +0200
vfs_fake_acls: Introduce fake_acls_fuidgid()
The callers want both
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 6a02d7d151d9386f5b8df6c15acf6474b7ed8078
Author: Volker Lendecke <[email protected]>
Date: Thu Oct 2 14:09:50 2025 +0200
vfs_streams_depot: Use NEXT_UNLINKAT when deleting a stream
With other modules in the chain funny things can happen
I don't have a concrete bug that I could write a test for, but with
the upcoming patches this becomes necessary.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_fake_acls.c | 299 +++++++++++++++++++-----------------
source3/modules/vfs_streams_depot.c | 3 +-
2 files changed, 155 insertions(+), 147 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index 35aa0f40125..dd4bd19bd59 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -75,179 +75,190 @@ static int fake_acls_fgid(vfs_handle_struct *handle,
return 0;
}
-static int fake_acls_stat(vfs_handle_struct *handle,
- struct smb_filename *smb_fname)
+static int fake_acls_fuidgid(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uid_t *uid,
+ gid_t *gid)
{
+ int ret;
+
+ ret = fake_acls_fuid(handle, fsp, uid);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = fake_acls_fgid(handle, fsp, gid);
+ return ret;
+}
+
+static int fake_acls_fstatat(struct vfs_handle_struct *handle,
+ const struct files_struct *dirfsp,
+ const struct smb_filename *smb_relname,
+ SMB_STRUCT_STAT *sbuf,
+ int flags)
+{
+ connection_struct *conn = handle->conn;
int ret = -1;
struct in_pathref_data *prd = NULL;
- struct smb_filename *smb_fname_cp = NULL;
- struct files_struct *fsp = NULL;
+ struct files_struct *root_fsp = NULL;
+ struct files_struct *new_dirfsp = NULL;
+ struct smb_filename *smb_fname = NULL;
+ struct smb_filename *new_relname = NULL;
+ char *base_name = smb_relname->base_name;
+ uint32_t ucf_flags;
+ NTSTATUS status;
SMB_VFS_HANDLE_GET_DATA(handle,
prd,
struct in_pathref_data,
return -1);
- ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
+ ret = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_relname, sbuf, flags);
if (ret != 0) {
return ret;
}
- if (smb_fname->fsp != NULL) {
- fsp = metadata_fsp(smb_fname->fsp);
- } else {
- NTSTATUS status;
+ if (smb_relname->fsp != NULL) {
+ ret = fake_acls_fuidgid(handle,
+ metadata_fsp(smb_relname->fsp),
+ &sbuf->st_ex_uid,
+ &sbuf->st_ex_gid);
+ return ret;
+ }
+
+ /*
+ * Ensure openat_pathref_fsp() can't recurse into
+ * fake_acls_stat(). openat_pathref_fsp() doesn't care about
+ * the uid/gid values, it only wants a valid/invalid stat
+ * answer and we know smb_fname exists as the
+ * SMB_VFS_NEXT_STAT() returned zero above.
+ */
+ if (prd->calling_pathref_fsp) {
+ return 0;
+ }
+
+ /* Recursion guard. */
+ prd->calling_pathref_fsp = true;
+ /*
+ * Get a pathref fsp on the basename where we have the EAs,
+ * ignore smb_relname->stream_name
+ */
+ if (base_name[0] == '/') {
/*
- * Ensure openat_pathref_fsp()
- * can't recurse into fake_acls_stat().
- * openat_pathref_fsp() doesn't care
- * about the uid/gid values, it only
- * wants a valid/invalid stat answer
- * and we know smb_fname exists as
- * the SMB_VFS_NEXT_STAT() returned
- * zero above.
+ * filename_convert_dirfsp can't deal with absolute
+ * paths, make this relative to "/"
*/
- if (prd->calling_pathref_fsp) {
- return 0;
+ base_name += 1;
+ status = open_rootdir_pathref_fsp(conn, &root_fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = ENOENT;
+ return -1;
}
+ dirfsp = root_fsp;
+ }
+ if (ISDOT(base_name)) {
/*
- * openat_pathref_fsp() expects a talloc'ed
- * smb_filename. stat can be passed a struct
- * from the stack. Make a talloc'ed copy
- * so openat_pathref_fsp() can add its
- * destructor.
+ * filename_convert_dirfsp does not like ".", use ""
*/
- smb_fname_cp = cp_smb_filename(talloc_tos(),
- smb_fname);
- if (smb_fname_cp == NULL) {
- errno = ENOMEM;
- return -1;
- }
+ base_name += 1;
+ }
- if (fsp_get_pathref_fd(handle->conn->cwd_fsp) == -1) {
- /*
- * No tcon around, fail as if we don't have
- * the EAs
- */
- status = NT_STATUS_INVALID_HANDLE;
- } else {
- /* Recursion guard. */
- prd->calling_pathref_fsp = true;
- status = openat_pathref_fsp(handle->conn->cwd_fsp,
- smb_fname_cp);
- /* End recursion guard. */
- prd->calling_pathref_fsp = false;
- }
+ ucf_flags = UCF_POSIX_PATHNAMES;
- if (!NT_STATUS_IS_OK(status)) {
- /*
- * Ignore errors here. We know
- * the path exists (the SMB_VFS_NEXT_STAT()
- * above succeeded. So being unable to
- * open a pathref fsp can be due to a
- * range of errors (startup path beginning
- * with '/' for example, path = ".." when
- * enumerating a directory. Just treat this
- * the same way as the path not having the
- * FAKE_UID or FAKE_GID EA's present. For the
- * test purposes of this module (fake NT ACLs
- * from windows clients) this is close enough.
- * Just report for debugging purposes.
- */
- DBG_DEBUG("Unable to get pathref fsp on %s. "
- "Error %s\n",
- smb_fname_str_dbg(smb_fname_cp),
- nt_errstr(status));
- TALLOC_FREE(smb_fname_cp);
- return 0;
- }
- fsp = smb_fname_cp->fsp;
+ if (flags & AT_SYMLINK_NOFOLLOW) {
+ ucf_flags |= UCF_LCOMP_LNK_OK;
}
- ret = fake_acls_fuid(handle,
- fsp,
- &smb_fname->st.st_ex_uid);
- if (ret != 0) {
- TALLOC_FREE(smb_fname_cp);
- return ret;
+ status = filename_convert_dirfsp_rel(
+ talloc_tos(),
+ conn,
+ discard_const_p(struct files_struct, dirfsp),
+ base_name,
+ ucf_flags,
+ smb_relname->twrp,
+ &new_dirfsp,
+ &smb_fname,
+ &new_relname);
+
+ /* End recursion guard. */
+ prd->calling_pathref_fsp = false;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Ignore errors here. We know the path exists (the
+ * SMB_VFS_NEXT_STAT() above succeeded. So being
+ * unable to open a pathref fsp can be due to a range
+ * of errors (startup path beginning with '/' for
+ * example, path = ".." when enumerating a
+ * directory. Just treat this the same way as the path
+ * not having the FAKE_UID or FAKE_GID EA's
+ * present. For the test purposes of this module (fake
+ * NT ACLs from windows clients) this is close enough.
+ * Just report for debugging purposes.
+ */
+ DBG_DEBUG("Unable to get pathref fsp on %s/%s. "
+ "Error %s\n",
+ fsp_str_dbg(dirfsp),
+ smb_fname_str_dbg(smb_relname),
+ nt_errstr(status));
+ return 0;
}
- ret = fake_acls_fgid(handle,
- fsp,
- &smb_fname->st.st_ex_gid);
- if (ret != 0) {
- TALLOC_FREE(smb_fname_cp);
- return ret;
+
+ ret = fake_acls_fuidgid(handle,
+ smb_fname->fsp,
+ &sbuf->st_ex_uid,
+ &sbuf->st_ex_gid);
+
+ if (root_fsp != NULL) {
+ fd_close(root_fsp);
+ file_free(NULL, root_fsp);
+ root_fsp = NULL;
}
- TALLOC_FREE(smb_fname_cp);
+ fd_close(new_dirfsp);
+ file_free(NULL, new_dirfsp);
+ new_dirfsp = NULL;
+
+ TALLOC_FREE(smb_fname);
+ TALLOC_FREE(new_relname);
+
return ret;
}
-static int fake_acls_lstat(vfs_handle_struct *handle,
+static int fake_acls_stat(vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
- int ret = -1;
- struct in_pathref_data *prd = NULL;
+ struct stat_ex st = {};
+ int ret;
- SMB_VFS_HANDLE_GET_DATA(handle,
- prd,
- struct in_pathref_data,
- return -1);
+ ret = fake_acls_fstatat(
+ handle, handle->conn->cwd_fsp, smb_fname, &st, 0);
+ if (ret == -1) {
+ return -1;
+ }
- ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
- if (ret == 0) {
- struct smb_filename *smb_fname_base = NULL;
- SMB_STRUCT_STAT sbuf = { 0 };
- NTSTATUS status;
+ smb_fname->st = st;
+ return 0;
+}
- /*
- * Ensure synthetic_pathref()
- * can't recurse into fake_acls_lstat().
- * synthetic_pathref() doesn't care
- * about the uid/gid values, it only
- * wants a valid/invalid stat answer
- * and we know smb_fname exists as
- * the SMB_VFS_NEXT_LSTAT() returned
- * zero above.
- */
- if (prd->calling_pathref_fsp) {
- return 0;
- }
+static int fake_acls_lstat(vfs_handle_struct *handle,
+ struct smb_filename *smb_fname)
+{
+ struct stat_ex st = {};
+ int ret;
- /* Recursion guard. */
- prd->calling_pathref_fsp = true;
- status = synthetic_pathref(talloc_tos(),
- handle->conn->cwd_fsp,
- smb_fname->base_name,
- NULL,
- &sbuf,
- smb_fname->twrp,
- 0, /* we want stat, not lstat. */
- &smb_fname_base);
- /* End recursion guard. */
- prd->calling_pathref_fsp = false;
- if (NT_STATUS_IS_OK(status)) {
- /*
- * This isn't quite right (calling fgetxattr not
- * lgetxattr), but for the test purposes of this
- * module (fake NT ACLs from windows clients), it is
- * close enough. We removed the l*xattr functions
- * because linux doesn't support using them, but we
- * could fake them in xattr_tdb if we really wanted
- * to. We ignore errors because the link might not
- * point anywhere */
- fake_acls_fuid(handle,
- smb_fname_base->fsp,
- &smb_fname->st.st_ex_uid);
- fake_acls_fgid(handle,
- smb_fname_base->fsp,
- &smb_fname->st.st_ex_gid);
- }
- TALLOC_FREE(smb_fname_base);
+ ret = fake_acls_fstatat(handle,
+ handle->conn->cwd_fsp,
+ smb_fname,
+ &st,
+ AT_SYMLINK_NOFOLLOW);
+ if (ret == -1) {
+ return -1;
}
- return ret;
+ smb_fname->st = st;
+ return 0;
}
static int fake_acls_fstat(vfs_handle_struct *handle, files_struct *fsp,
SMB_STRUCT_STAT *sbuf)
@@ -255,16 +266,13 @@ static int fake_acls_fstat(vfs_handle_struct *handle,
files_struct *fsp, SMB_STR
int ret = -1;
ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
- if (ret == 0) {
- ret = fake_acls_fuid(handle, fsp, &sbuf->st_ex_uid);
- if (ret != 0) {
- return ret;
- }
- ret = fake_acls_fgid(handle, fsp, &sbuf->st_ex_gid);
- if (ret != 0) {
- return ret;
- }
+ if (ret != 0) {
+ return ret;
}
+ ret = fake_acls_fuidgid(handle,
+ fsp,
+ &sbuf->st_ex_uid,
+ &sbuf->st_ex_gid);
return ret;
}
@@ -691,6 +699,7 @@ static int fake_acls_connect(struct vfs_handle_struct
*handle,
static struct vfs_fn_pointers vfs_fake_acls_fns = {
.connect_fn = fake_acls_connect,
+ .fstatat_fn = fake_acls_fstatat,
.stat_fn = fake_acls_stat,
.lstat_fn = fake_acls_lstat,
.fstat_fn = fake_acls_fstat,
diff --git a/source3/modules/vfs_streams_depot.c
b/source3/modules/vfs_streams_depot.c
index 19b9356fd57..81a11668864 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -809,7 +809,6 @@ static int streams_depot_unlinkat_stream(vfs_handle_struct
*handle,
struct files_struct *dirfsp,
const struct smb_filename *smb_fname)
{
- struct connection_struct *conn = handle->conn;
struct smb_filename sname = {};
struct smb_filename *base_name = NULL;
struct smb_filename *stream_dir = NULL;
@@ -858,7 +857,7 @@ static int streams_depot_unlinkat_stream(vfs_handle_struct
*handle,
goto done;
}
- ret = SMB_VFS_UNLINKAT(conn, stream_dir->fsp, &sname, 0);
+ ret = SMB_VFS_NEXT_UNLINKAT(handle, stream_dir->fsp, &sname, 0);
done:
{
int err = errno;
--
Samba Shared Repository
