[SCM] Samba Shared Repository - branch master updated
Christof Schmitt
cs at samba.org
Mon Jul 25 08:31:03 UTC 2016
The branch, master has been updated
via 3a683b1 vfs_gpfs: Retry getacl with DAC capability if necessary
from 4c5367d s3: vfs: ceph: Add posix acl support
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3a683b10951e7a003ff27d4ceba381bfd5e686d5
Author: Christof Schmitt <cs at samba.org>
Date: Wed May 25 22:56:49 2016 -0700
vfs_gpfs: Retry getacl with DAC capability if necessary
Samba always tries to read the ACL of a file and checks it internally.
If the READ_ACL permission is missing in GPFS, then then reading the ACL
for Samba internal evaluation will be denied and opening the file or
directory fails. Change this by retrying reading the ACL with the DAC
capability if access was denied.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Mon Jul 25 10:30:02 CEST 2016 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_gpfs.c | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 42a3c72..f096dd5 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -358,6 +358,21 @@ static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
}
}
+static int gpfs_getacl_with_capability(const char *fname, int flags, void *buf)
+{
+ int ret, saved_errno;
+
+ set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+
+ ret = gpfswrap_getacl(discard_const_p(char, fname), flags, buf);
+ saved_errno = errno;
+
+ drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+
+ errno = saved_errno;
+ return ret;
+}
+
/*
* get the ACL from GPFS, allocated on the specified mem_ctx
* internally retries when initial buffer was too small
@@ -378,6 +393,7 @@ static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
int ret, flags;
unsigned int *len;
size_t struct_size;
+ bool use_capability = false;
again:
@@ -406,8 +422,18 @@ again:
/* set the length of the buffer as input value */
*len = size;
- errno = 0;
- ret = gpfswrap_getacl(discard_const_p(char, fname), flags, aclbuf);
+ if (use_capability) {
+ ret = gpfs_getacl_with_capability(fname, flags, aclbuf);
+ } else {
+ ret = gpfswrap_getacl(discard_const_p(char, fname),
+ flags, aclbuf);
+ if ((ret != 0) && (errno == EACCES)) {
+ DBG_DEBUG("Retry with DAC capability for %s\n", fname);
+ use_capability = true;
+ ret = gpfs_getacl_with_capability(fname, flags, aclbuf);
+ }
+ }
+
if ((ret != 0) && (errno == ENOSPC)) {
/*
* get the size needed to accommodate the complete buffer
--
Samba Shared Repository
More information about the samba-cvs
mailing list