From: Volker Lendecke <vl@samba.org>
Date: Fri, 1 Sep 2023 12:51:47 +0000 (+0200)
Subject: vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT
X-Git-Tag: tevent-0.16.0~220
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d1846452e96;p=thirdparty%2Fsamba.git

vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT

Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request
who wants to add O_NOATIME in this case to avoid metadata updates when
a backup or virus-checking application comes along.

This does not fully handle BACKUP_INTENT correctly, this would require
become_root() appropriately. We might want to do that later after a
lot of careful security audit, but this patch independently might
already provide some infrastructure for it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct  5 14:00:33 UTC 2023 on atb-devel-224
---

diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 8ada8d8aadf..1e2e88d65ce 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -908,6 +908,7 @@ struct vfs_aio_state {
 };
 
 #define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS 1
+#define VFS_OPEN_HOW_WITH_BACKUP_INTENT 2
 
 struct vfs_open_how {
 	int flags;
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 1d4b9b1a840..7fa6872d171 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -664,7 +664,8 @@ static int vfswrap_openat(vfs_handle_struct *handle,
 
 	START_PROFILE(syscall_openat);
 
-	if (how->resolve & ~VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS) {
+	if (how->resolve & ~(VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS |
+			     VFS_OPEN_HOW_WITH_BACKUP_INTENT)) {
 		errno = ENOSYS;
 		result = -1;
 		goto out;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ac3e677d6f5..d912acbb409 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -4133,6 +4133,11 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 			.flags = flags,
 			.mode = unx_mode,
 		};
+
+		if (create_options & FILE_OPEN_FOR_BACKUP_INTENT) {
+			how.resolve |= VFS_OPEN_HOW_WITH_BACKUP_INTENT;
+		}
+
 		fsp_open = open_file(req,
 				     parent_dir_fname->fsp,
 				     smb_fname_atname,