The branch, master has been updated
via 963fc353e70 vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
via cbdc16a7cfa vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
via 95319351e37 vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper
function
via b317622a8fe vfs_gpfs: Use O_PATH for opening dirfd for stat with
CAP_DAC_OVERRIDE
from 091af82f759 s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 963fc353e70b940f4009ca2764e966682400e2dc
Author: Christof Schmitt <c...@samba.org>
Date: Thu Oct 26 15:51:02 2023 -0700
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <c...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224
commit cbdc16a7cfa225d1cf9109fafe85e9d14729700e
Author: Christof Schmitt <c...@samba.org>
Date: Thu Oct 26 14:45:34 2023 -0700
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <c...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 95319351e37b8b968b798eee66c93852d9ad2d81
Author: Christof Schmitt <c...@samba.org>
Date: Thu Oct 26 14:39:46 2023 -0700
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
Allow reuse of this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <c...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit b317622a8fed0ee195ffe40129eb5bcad28dd985
Author: Christof Schmitt <c...@samba.org>
Date: Thu Oct 26 14:37:15 2023 -0700
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <c...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_gpfs.c | 89 +++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 80 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 1c11809fb1b..2f505a103b0 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1588,6 +1588,25 @@ static NTSTATUS vfs_gpfs_fset_dos_attributes(struct
vfs_handle_struct *handle,
return NT_STATUS_OK;
}
+static int fstatat_with_cap_dac_override(int fd,
+ const char *pathname,
+ SMB_STRUCT_STAT *sbuf,
+ int flags,
+ bool fake_dir_create_times)
+{
+ int ret;
+
+ set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ ret = sys_fstatat(fd,
+ pathname,
+ sbuf,
+ flags,
+ fake_dir_create_times);
+ drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+
+ return ret;
+}
+
static int stat_with_capability(struct vfs_handle_struct *handle,
struct smb_filename *smb_fname, int flag)
{
@@ -1597,6 +1616,11 @@ static int stat_with_capability(struct vfs_handle_struct
*handle,
struct smb_filename *dir_name = NULL;
struct smb_filename *rel_name = NULL;
int ret = -1;
+#ifdef O_PATH
+ int open_flags = O_PATH;
+#else
+ int open_flags = O_RDONLY;
+#endif
status = SMB_VFS_PARENT_PATHNAME(handle->conn,
talloc_tos(),
@@ -1608,20 +1632,17 @@ static int stat_with_capability(struct
vfs_handle_struct *handle,
return -1;
}
- fd = open(dir_name->base_name, O_RDONLY, 0);
+ fd = open(dir_name->base_name, open_flags, 0);
if (fd == -1) {
TALLOC_FREE(dir_name);
return -1;
}
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
- ret = sys_fstatat(fd,
- rel_name->base_name,
- &smb_fname->st,
- flag,
- fake_dctime);
-
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ ret = fstatat_with_cap_dac_override(fd,
+ rel_name->base_name,
+ &smb_fname->st,
+ flag,
+ fake_dctime);
TALLOC_FREE(dir_name);
close(fd);
@@ -1643,6 +1664,29 @@ static int vfs_gpfs_stat(struct vfs_handle_struct
*handle,
return ret;
}
+static int vfs_gpfs_fstat(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ SMB_STRUCT_STAT *sbuf)
+{
+ int ret;
+
+ ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
+ if (ret == -1 && errno == EACCES) {
+ bool fake_dctime =
+ lp_fake_directory_create_times(SNUM(handle->conn));
+
+ DBG_DEBUG("fstat for %s failed with EACCES. Trying with "
+ "CAP_DAC_OVERRIDE.\n", fsp->fsp_name->base_name);
+ ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(fsp),
+ "",
+ sbuf,
+ AT_EMPTY_PATH,
+ fake_dctime);
+ }
+
+ return ret;
+}
+
static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
@@ -1658,6 +1702,31 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct
*handle,
return ret;
}
+static int vfs_gpfs_fstatat(struct vfs_handle_struct *handle,
+ const struct files_struct *dirfsp,
+ const struct smb_filename *smb_fname,
+ SMB_STRUCT_STAT *sbuf,
+ int flags)
+{
+ int ret;
+
+ ret = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_fname, sbuf, flags);
+ if (ret == -1 && errno == EACCES) {
+ bool fake_dctime =
+ lp_fake_directory_create_times(SNUM(handle->conn));
+
+ DBG_DEBUG("fstatat for %s failed with EACCES. Trying with "
+ "CAP_DAC_OVERRIDE.\n", dirfsp->fsp_name->base_name);
+ ret = fstatat_with_cap_dac_override(fsp_get_pathref_fd(dirfsp),
+ smb_fname->base_name,
+ sbuf,
+ flags,
+ fake_dctime);
+ }
+
+ return ret;
+}
+
static int timespec_to_gpfs_time(
struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags)
{
@@ -2591,7 +2660,9 @@ static struct vfs_fn_pointers vfs_gpfs_fns = {
.fchmod_fn = vfs_gpfs_fchmod,
.close_fn = vfs_gpfs_close,
.stat_fn = vfs_gpfs_stat,
+ .fstat_fn = vfs_gpfs_fstat,
.lstat_fn = vfs_gpfs_lstat,
+ .fstatat_fn = vfs_gpfs_fstatat,
.fntimes_fn = vfs_gpfs_fntimes,
.aio_force_fn = vfs_gpfs_aio_force,
.sendfile_fn = vfs_gpfs_sendfile,
--
Samba Shared Repository
