Ralph Boehme [Sun, 22 Nov 2020 12:57:27 +0000 (13:57 +0100)]
vfs: Add dirfsp arg to SMB_VFS_READDIR()
This allows for optimisations in VFS module: by passing the dirfsp as an
additional arg, the function can check fsp->fsp_name->flags which may include eg
SMB_FILENAME_POSIX_PATH to trigger POSIX pathname processing.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 25 Nov 2020 11:29:40 +0000 (12:29 +0100)]
smbd: use vfs_stat() in more places
This replaces the code in a bunch of places where we choose between stat() and
lstat() based on req->posix_pathname. The new code inside vfs_stat() is based on
checking the smb_fname flag SMB_FILENAME_POSIX_PATH.
req->posix_pathname is inherited from the global POSIX pathnames state and the
smb_fname flags is also inherited from that indirectly via the UCF flags.
Tl;dr: no change in behaviour. :)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 14 Oct 2020 13:48:07 +0000 (15:48 +0200)]
smbd: use vfs_stat() in dptr_ReadDirName()
This is subtle: we inherit the smb_fname flags from the directory to its
directory entries while listing a directory. This means if were listing a
directory in POSIX context, we now treat all entries as POSIX paths and
correctly call lstat() on the entries instead of stat().
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 15 Oct 2020 13:24:11 +0000 (15:24 +0200)]
s3/torture: add POSIX-LS-SINGLE test
Note that uses SMB2 for the "Windows client" (aka non-POSIX) connection as SMB1
directory listing code translates a directory listing with a search mask that
matches an existing file to a CREATE which won't cut it for our test as we're
targetting the directory listing code.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 12 Oct 2020 13:28:08 +0000 (15:28 +0200)]
smbd: optimisation using pathref fd to open real fd if possible
This is an optimisation that avoids going through the expensive
non_widelink_open() logic a second time. It depends on a usable /proc/%d/fd/%d
filesystem and this is checked and set as "can_reopen" flag by the VFS in the
openat() function in the fsp.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 24 Nov 2020 17:02:26 +0000 (18:02 +0100)]
vfs_fruit: disable fd reopening optimisations for the two special macOS streams
I couldn't figure out why the reopen fails a few vfs.fruit tests, so for now
disable the optimisations. It only affects the two special Mac streams, so it's
not *that* bad, but definitely something we would want to improve on in the near
future.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 2 Oct 2020 15:40:41 +0000 (17:40 +0200)]
smbd: reuse smb_fname->fsp in create_file_default()
This is the big bang for the internal pathref fsps: up to this point the pathref
fsps were lingering around unused inside smb_fname->fsp.
With this change, the internal fsp will be the one that is going to be returned
from SMB_VFS_CREATE_FILE() if the client requested access mask matches the
criteria in open_file():
As long as the client doesn't request any of the access rights listed above, we
reuse the smb_fname->fsp, otherwise we close the smb_fname->fsp and call
fd_open() to open a new fsp.
In the future we can remove the four non-IO related access rights from the list:
Ralph Boehme [Tue, 27 Oct 2020 18:21:48 +0000 (19:21 +0100)]
smbd: we DO NEED the low level fd
In order to make everything handle based, we will need the basefile handle when
eg the client requests setting any of the filemetadata that is common across all
streams, eg the file's timestamps.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 12 Nov 2020 14:51:59 +0000 (15:51 +0100)]
smbd: use openat_pathref_fsp() in call_trans2findfirst()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Also drop pathref fsp from filename_convert() in call_trans2findfirst(), because
the call to filename_convert() is on the path from the client including the
search mask.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 29 Sep 2020 08:14:47 +0000 (10:14 +0200)]
smbd: add openat_pathref_fsp()
open_pathref_fsp() opens an "embedded" fsp inside smb_fname as
smb_fname->fsp. We call such an fsp a "pathref" fsp.
On system that support O_PATH the low level openat() is done with O_PATH. On
systems that lack support for O_PATH, we impersonate the root user as a
fallback.
Setting "is_pathref" in the fsp_flags before calling fd_openat() is what
triggers the special low-level behaviour inside the VFS.
The use of pathref fsps allows updating all callers of path based VFS functions
like
Ralph Boehme [Tue, 24 Nov 2020 11:30:58 +0000 (12:30 +0100)]
smbd: convert non_widelink_open() and process_symlink_open() to return NTSTATUS
non_widelink_open() now also returns NT_STATUS_STOPPED_ON_SYMLINK in case an
attempt was made to either
1. open a symlink from a POSIX client, or
2. open a symlink from a Windows client but any of the symlink behaviour
configuring options "follow symlink", "wide links" or "allow insecure wide
links" prevents access to the symlink target
Caller open_file() has already been updated to map NT_STATUS_STOPPED_ON_SYMLINK
to NT_STATUS_NT_STATUS_OBJECT_PATH_NOT_FOUND.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 19 Oct 2020 08:19:28 +0000 (10:19 +0200)]
smbd: simplify setting and resetting fsp->fsp_name in non_widelink_open()
Instead of setting and resetting the name to the relative name every time we
call into the VFS, just set it once and reset it at the end and when recursing
via process_symlink_open().
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 13 Oct 2020 12:38:28 +0000 (14:38 +0200)]
smbd: pass a dirfsp to fd_open() and rename it to fd_openat()
For now no change in behaviour as all callers still pass conn->cwd_fsp. This
just prepared fd_openat() to deal with real dirfsp's pass by callers later on
when adding calls to fd_openat(dirfspm ...) in the directory enumeration loop.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 29 Sep 2020 08:00:21 +0000 (10:00 +0200)]
smbd: catch O_PATH opens of symlinks in in non_widelink_open()
Calling openat() with O_PATH|O_NOFOLLOW will open a handle on the symlink
itself. That would be a nice feature if it would be supported on more platforms,
but being a Linux only thing, we have to preserve the behaviour of failing to
open a handle on symlinks.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 12 Oct 2020 11:21:07 +0000 (13:21 +0200)]
smbd: already set fsp fd in non_widelink_open()
A subsequent commit will add a consumer of the fd to non_widelink_open() (by
calling SMB_VFS_FSTAT()), so we need to set the fd already here. And it makes
more sense anyway. :)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 24 Nov 2020 11:20:23 +0000 (12:20 +0100)]
vfs: add fsp flag "have_proc_fds"
This flag is used by the VFS layer to tell the FSA layer that it is allowed to
reopen an fsp by using an exisiting pathref fd with /proc/PID/fd/FD to open a
full fd.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 25 Nov 2020 04:32:19 +0000 (05:32 +0100)]
vfs: add struct connection_struct flag "have_proc_fds"
Allows the VFS layer to tell the higher layers if fds opened by the openat() VFS
implementation are visible objects inside a /proc/PID/fd/FD filesystem.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 5 Oct 2020 05:50:16 +0000 (07:50 +0200)]
smbd: use fsp_get_pathref_fd() for fstat() calls
If we can access the path to a file, by default we have FILE_READ_ATTRIBUTES
from the containing directory. See the section: "Algorithm to Check Access to an
Existing File" in MS-FSA.pdf.
So it's also safe to use a root opened pathref fd, as the root open is done on
the final component after a chdir() to the parent directory was done while still
impersonating the use. Qed.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 26 Sep 2020 19:52:52 +0000 (21:52 +0200)]
smbd: use fsp_get_io_fd() when accessing a file or it's associated metadata
In all places where we access or modify a file or it's associated metadata, we
use fsp_get_io_fd() to fetch the low-level fd from the fsp. This ensures we
don't accidentally use a pathref fsp where the fd would be opened as root on
systems lacking O_PATH.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
projects / thirdparty / samba.git / log
