mdssvc: avoid direct filesystem access, use the VFS

This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184

diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 84c60c17961ffbcea1fae7211b544fef14a56aa8..d0e87dcf646d7c841d32dde5e7ab7260deb4c344 100644 (file)
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -27,6 +27,7 @@
 #include "lib/util/time_basic.h"
 #include "lib/dbwrap/dbwrap_rbt.h"
 #include "libcli/security/dom_sid.h"
+#include "libcli/security/security.h"
 #include "mdssvc.h"
 #include "mdssvc_noindex.h"
 #ifdef HAVE_SPOTLIGHT_BACKEND_TRACKER
@@ -514,9 +515,12 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
 
 bool mds_add_result(struct sl_query *slq, const char *path)
 {
+       struct smb_filename *smb_fname = NULL;
        struct stat_ex sb;
+       uint32_t attr;
        uint64_t ino64;
        int result;
+       NTSTATUS status;
        bool ok;
 
        /*
@@ -540,20 +544,51 @@ bool mds_add_result(struct sl_query *slq, const char *path)
         * any function exit below must ensure we switch back
         */
 
-       result = sys_stat(path, &sb, false);
-       if (result != 0) {
+       status = synthetic_pathref(talloc_tos(),
+                                  slq->mds_ctx->conn->cwd_fsp,
+                                  path,
+                                  NULL,
+                                  NULL,
+                                  0,
+                                  0,
+                                  &smb_fname);
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_DEBUG("synthetic_pathref [%s]: %s\n",
+                         smb_fname_str_dbg(smb_fname),
+                         nt_errstr(status));
                unbecome_authenticated_pipe_user();
                return true;
        }
-       result = access(path, R_OK);
-       if (result != 0) {
+
+       status = smbd_check_access_rights_fsp(slq->mds_ctx->conn->cwd_fsp,
+                                             smb_fname->fsp,
+                                             false,
+                                             FILE_READ_DATA);
+       if (!NT_STATUS_IS_OK(status)) {
                unbecome_authenticated_pipe_user();
+               TALLOC_FREE(smb_fname);
                return true;
        }
 
+       /* This is needed to fetch the itime from the DOS attribute blob */
+       status = SMB_VFS_FGET_DOS_ATTRIBUTES(slq->mds_ctx->conn,
+                                            smb_fname->fsp,
+                                            &attr);
+       if (!NT_STATUS_IS_OK(status)) {
+               /* Ignore the error, likely no DOS attr xattr */
+               DBG_DEBUG("SMB_VFS_FGET_DOS_ATTRIBUTES [%s]: %s\n",
+                         smb_fname_str_dbg(smb_fname),
+                         nt_errstr(status));
+       }
+
        unbecome_authenticated_pipe_user();
 
-       ino64 = sb.st_ex_ino;
+       smb_fname->st = smb_fname->fsp->fsp_name->st;
+       sb = smb_fname->st;
+       /* Done with smb_fname now. */
+       TALLOC_FREE(smb_fname);
+       ino64 = SMB_VFS_FS_FILE_ID(slq->mds_ctx->conn, &sb);
+
        if (slq->cnids) {
                bool found;
 
@@ -1234,7 +1269,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
        sl_array_t *fm_array;
        sl_nil_t nil;
        char *path = NULL;
-       struct stat_ex sb = {0};
+       struct smb_filename *smb_fname = NULL;
        struct stat_ex *sp = NULL;
        struct sl_inode_path_map *elem = NULL;
        void *p;
@@ -1303,11 +1338,29 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
                elem = talloc_get_type_abort(p, struct sl_inode_path_map);
                path = elem->path;
 
-               result = sys_stat(path, &sb, false);
+               status = synthetic_pathref(talloc_tos(),
+                                          mds_ctx->conn->cwd_fsp,
+                                          path,
+                                          NULL,
+                                          NULL,
+                                          0,
+                                          0,
+                                          &smb_fname);
+               if (!NT_STATUS_IS_OK(status)) {
+                       /* This is not an error, the user may lack permissions */
+                       DBG_DEBUG("synthetic_pathref [%s]: %s\n",
+                                 smb_fname_str_dbg(smb_fname),
+                                 nt_errstr(status));
+                       return true;
+               }
+
+               result = SMB_VFS_FSTAT(smb_fname->fsp, &smb_fname->st);
                if (result != 0) {
-                       goto error;
+                       TALLOC_FREE(smb_fname);
+                       return true;
                }
-               sp = &sb;
+
+               sp = &smb_fname->st;
        }
 
        ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp);
@@ -1337,9 +1390,12 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
                goto error;
        }
 
+       TALLOC_FREE(smb_fname);
        return true;
 
 error:
+
+       TALLOC_FREE(smb_fname);
        sl_result = UINT64_MAX;
        result = dalloc_add_copy(array, &sl_result, uint64_t);
        if (result != 0) {