From: Ralph Boehme Date: Mon, 10 May 2021 10:34:32 +0000 (+0200) Subject: mdssvc: avoid direct filesystem access, use the VFS X-Git-Tag: tevent-0.11.0~340 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=620b99144359f45aa69c13731db8d793cfbba197;p=thirdparty%2Fsamba.git mdssvc: avoid direct filesystem access, use the VFS This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight can be used working on a virtual filesystem like GlusterFS. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184 --- diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c index 84c60c17961..d0e87dcf646 100644 --- a/source3/rpc_server/mdssvc/mdssvc.c +++ b/source3/rpc_server/mdssvc/mdssvc.c @@ -27,6 +27,7 @@ #include "lib/util/time_basic.h" #include "lib/dbwrap/dbwrap_rbt.h" #include "libcli/security/dom_sid.h" +#include "libcli/security/security.h" #include "mdssvc.h" #include "mdssvc_noindex.h" #ifdef HAVE_SPOTLIGHT_BACKEND_TRACKER @@ -514,9 +515,12 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path) bool mds_add_result(struct sl_query *slq, const char *path) { + struct smb_filename *smb_fname = NULL; struct stat_ex sb; + uint32_t attr; uint64_t ino64; int result; + NTSTATUS status; bool ok; /* @@ -540,20 +544,51 @@ bool mds_add_result(struct sl_query *slq, const char *path) * any function exit below must ensure we switch back */ - result = sys_stat(path, &sb, false); - if (result != 0) { + status = synthetic_pathref(talloc_tos(), + slq->mds_ctx->conn->cwd_fsp, + path, + NULL, + NULL, + 0, + 0, + &smb_fname); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("synthetic_pathref [%s]: %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status)); unbecome_authenticated_pipe_user(); return true; } - result = access(path, R_OK); - if (result != 0) { + + status = smbd_check_access_rights_fsp(slq->mds_ctx->conn->cwd_fsp, + smb_fname->fsp, + false, + FILE_READ_DATA); + if (!NT_STATUS_IS_OK(status)) { unbecome_authenticated_pipe_user(); + TALLOC_FREE(smb_fname); return true; } + /* This is needed to fetch the itime from the DOS attribute blob */ + status = SMB_VFS_FGET_DOS_ATTRIBUTES(slq->mds_ctx->conn, + smb_fname->fsp, + &attr); + if (!NT_STATUS_IS_OK(status)) { + /* Ignore the error, likely no DOS attr xattr */ + DBG_DEBUG("SMB_VFS_FGET_DOS_ATTRIBUTES [%s]: %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status)); + } + unbecome_authenticated_pipe_user(); - ino64 = sb.st_ex_ino; + smb_fname->st = smb_fname->fsp->fsp_name->st; + sb = smb_fname->st; + /* Done with smb_fname now. */ + TALLOC_FREE(smb_fname); + ino64 = SMB_VFS_FS_FILE_ID(slq->mds_ctx->conn, &sb); + if (slq->cnids) { bool found; @@ -1234,7 +1269,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx, sl_array_t *fm_array; sl_nil_t nil; char *path = NULL; - struct stat_ex sb = {0}; + struct smb_filename *smb_fname = NULL; struct stat_ex *sp = NULL; struct sl_inode_path_map *elem = NULL; void *p; @@ -1303,11 +1338,29 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx, elem = talloc_get_type_abort(p, struct sl_inode_path_map); path = elem->path; - result = sys_stat(path, &sb, false); + status = synthetic_pathref(talloc_tos(), + mds_ctx->conn->cwd_fsp, + path, + NULL, + NULL, + 0, + 0, + &smb_fname); + if (!NT_STATUS_IS_OK(status)) { + /* This is not an error, the user may lack permissions */ + DBG_DEBUG("synthetic_pathref [%s]: %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status)); + return true; + } + + result = SMB_VFS_FSTAT(smb_fname->fsp, &smb_fname->st); if (result != 0) { - goto error; + TALLOC_FREE(smb_fname); + return true; } - sp = &sb; + + sp = &smb_fname->st; } ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp); @@ -1337,9 +1390,12 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx, goto error; } + TALLOC_FREE(smb_fname); return true; error: + + TALLOC_FREE(smb_fname); sl_result = UINT64_MAX; result = dalloc_add_copy(array, &sl_result, uint64_t); if (result != 0) {