[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Wed Jun 16 06:00:01 UTC 2021
The branch, master has been updated
via 620b9914435 mdssvc: avoid direct filesystem access, use the VFS
via 6de3a88494b mdssvc: chdir() to the conn of the RPC request
via 8b681cfb5d9 mdssvc: maintain a connection struct in the mds_ctx
via 9a2d6bcfd57 smbd: add create_conn_struct_cwd()
via 16c39b81d6f smbd: pass tevent context to create_conn_struct_as_root()
via 1ef2828e102 mdssvc: pass messaging context to mds_init_ctx()
via 8847f46f75a mdssvc: don't fail mds_add_result() if result is not found in CNID set
via e2486d76b61 mdssvc: use a helper variable in mds_add_result()
from d37462d79a4 lib:ldb-samba: Migrate samba extensions to new cmdline option parser
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 620b99144359f45aa69c13731db8d793cfbba197
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 12:34:32 2021 +0200
mdssvc: avoid direct filesystem access, use the VFS
This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184
commit 6de3a88494b5932d0fd10f5c8c8ec57916aeefc5
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jun 15 14:14:52 2021 +0200
mdssvc: chdir() to the conn of the RPC request
In preperation of calling VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8b681cfb5d9b1ece03f7e7b9d3a08ae6c461d679
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 12:10:08 2021 +0200
mdssvc: maintain a connection struct in the mds_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9a2d6bcfd5797dd4db764921548c8dca6dd0eb21
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 28 09:25:22 2021 +0200
smbd: add create_conn_struct_cwd()
Compared to create_conn_struct_tos_cwd() this takes a TALLOC_CTX and
tevent_context as additional arguments and the resulting connection_struct is
stable across the lifetime of mem_ctx and ev.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 16c39b81d6f2c7d75cfe72bbbe2f6a5bde42c7b0
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jun 15 11:17:57 2021 +0200
smbd: pass tevent context to create_conn_struct_as_root()
The next commit will add another caller of create_conn_struct_as_root() that is
going to pass a long-lived tevent context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1ef2828e1025e4c89292df1dfa6161c4453b3afe
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 12:08:17 2021 +0200
mdssvc: pass messaging context to mds_init_ctx()
This is needed in a subsequent commit. Note that I prefer to do the event
context unwrapping in the caller and pass both the event and messaging context
explicitly to mds_init_ctx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8847f46f75ac5c1a753a0e7da88c522be25ef681
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 11:07:27 2021 +0200
mdssvc: don't fail mds_add_result() if result is not found in CNID set
Just skip adding the result to the pending results set, don't return an
error. Returning an error triggers an error at the MDSSVC RPC error which is NOT
what we want here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e2486d76b611f07b85b26c54fe14da7b76bd01c2
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 10 11:04:38 2021 +0200
mdssvc: use a helper variable in mds_add_result()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/mdssvc/mdssvc.c | 133 ++++++++++++++++++++++++++----
source3/rpc_server/mdssvc/mdssvc.h | 2 +
source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 1 +
source3/smbd/msdfs.c | 54 ++++++++++--
source3/smbd/proto.h | 8 ++
5 files changed, 176 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 0df29dc9b1e..d0e87dcf646 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "smbd/proto.h"
#include "librpc/gen_ndr/auth.h"
#include "dbwrap/dbwrap.h"
#include "lib/util/dlinklist.h"
@@ -26,6 +27,7 @@
#include "lib/util/time_basic.h"
#include "lib/dbwrap/dbwrap_rbt.h"
#include "libcli/security/dom_sid.h"
+#include "libcli/security/security.h"
#include "mdssvc.h"
#include "mdssvc_noindex.h"
#ifdef HAVE_SPOTLIGHT_BACKEND_TRACKER
@@ -513,9 +515,12 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
bool mds_add_result(struct sl_query *slq, const char *path)
{
+ struct smb_filename *smb_fname = NULL;
struct stat_ex sb;
+ uint32_t attr;
uint64_t ino64;
int result;
+ NTSTATUS status;
bool ok;
/*
@@ -539,33 +544,66 @@ bool mds_add_result(struct sl_query *slq, const char *path)
* any function exit below must ensure we switch back
*/
- result = sys_stat(path, &sb, false);
- if (result != 0) {
+ status = synthetic_pathref(talloc_tos(),
+ slq->mds_ctx->conn->cwd_fsp,
+ path,
+ NULL,
+ NULL,
+ 0,
+ 0,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("synthetic_pathref [%s]: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
unbecome_authenticated_pipe_user();
return true;
}
- result = access(path, R_OK);
- if (result != 0) {
+
+ status = smbd_check_access_rights_fsp(slq->mds_ctx->conn->cwd_fsp,
+ smb_fname->fsp,
+ false,
+ FILE_READ_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
unbecome_authenticated_pipe_user();
+ TALLOC_FREE(smb_fname);
return true;
}
+ /* This is needed to fetch the itime from the DOS attribute blob */
+ status = SMB_VFS_FGET_DOS_ATTRIBUTES(slq->mds_ctx->conn,
+ smb_fname->fsp,
+ &attr);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Ignore the error, likely no DOS attr xattr */
+ DBG_DEBUG("SMB_VFS_FGET_DOS_ATTRIBUTES [%s]: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ }
+
unbecome_authenticated_pipe_user();
- ino64 = sb.st_ex_ino;
+ smb_fname->st = smb_fname->fsp->fsp_name->st;
+ sb = smb_fname->st;
+ /* Done with smb_fname now. */
+ TALLOC_FREE(smb_fname);
+ ino64 = SMB_VFS_FS_FILE_ID(slq->mds_ctx->conn, &sb);
+
if (slq->cnids) {
+ bool found;
+
/*
* Check whether the found element is in the requested
* set of IDs. Note that we're faking CNIDs by using
* filesystem inode numbers here
*/
- ok = bsearch(&ino64,
- slq->cnids,
- slq->cnids_num,
- sizeof(uint64_t),
- cnid_comp_fn);
- if (!ok) {
- return false;
+ found = bsearch(&ino64,
+ slq->cnids,
+ slq->cnids_num,
+ sizeof(uint64_t),
+ cnid_comp_fn);
+ if (!found) {
+ return true;
}
}
@@ -1231,7 +1269,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
sl_array_t *fm_array;
sl_nil_t nil;
char *path = NULL;
- struct stat_ex sb = {0};
+ struct smb_filename *smb_fname = NULL;
struct stat_ex *sp = NULL;
struct sl_inode_path_map *elem = NULL;
void *p;
@@ -1300,11 +1338,29 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
elem = talloc_get_type_abort(p, struct sl_inode_path_map);
path = elem->path;
- result = sys_stat(path, &sb, false);
+ status = synthetic_pathref(talloc_tos(),
+ mds_ctx->conn->cwd_fsp,
+ path,
+ NULL,
+ NULL,
+ 0,
+ 0,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* This is not an error, the user may lack permissions */
+ DBG_DEBUG("synthetic_pathref [%s]: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ return true;
+ }
+
+ result = SMB_VFS_FSTAT(smb_fname->fsp, &smb_fname->st);
if (result != 0) {
- goto error;
+ TALLOC_FREE(smb_fname);
+ return true;
}
- sp = &sb;
+
+ sp = &smb_fname->st;
}
ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp);
@@ -1334,9 +1390,12 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
goto error;
}
+ TALLOC_FREE(smb_fname);
return true;
error:
+
+ TALLOC_FREE(smb_fname);
sl_result = UINT64_MAX;
result = dalloc_add_copy(array, &sl_result, uint64_t);
if (result != 0) {
@@ -1523,15 +1582,21 @@ static int mds_ctx_destructor_cb(struct mds_ctx *mds_ctx)
**/
struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
struct auth_session_info *session_info,
int snum,
const char *sharename,
const char *path)
{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ struct smb_filename conn_basedir;
struct mds_ctx *mds_ctx;
int backend;
+ int ret;
bool ok;
smb_iconv_t iconv_hnd = (smb_iconv_t)-1;
+ NTSTATUS status;
mds_ctx = talloc_zero(mem_ctx, struct mds_ctx);
if (mds_ctx == NULL) {
@@ -1613,6 +1678,30 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
goto error;
}
+ status = create_conn_struct_cwd(mds_ctx,
+ ev,
+ msg_ctx,
+ session_info,
+ snum,
+ lp_path(talloc_tos(), lp_sub, snum),
+ &mds_ctx->conn);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("failed to create conn for vfs: %s\n",
+ nt_errstr(status));
+ goto error;
+ }
+
+ conn_basedir = (struct smb_filename) {
+ .base_name = mds_ctx->conn->connectpath,
+ };
+
+ ret = vfs_ChDir(mds_ctx->conn, &conn_basedir);
+ if (ret != 0) {
+ DBG_ERR("vfs_ChDir [%s] failed: %s\n",
+ conn_basedir.base_name, strerror(errno));
+ goto error;
+ }
+
ok = mds_ctx->backend->connect(mds_ctx);
if (!ok) {
DBG_ERR("backend connect failed\n");
@@ -1641,11 +1730,15 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
struct mdssvc_blob *response_blob)
{
bool ok;
+ int ret;
ssize_t len;
DALLOC_CTX *query = NULL;
DALLOC_CTX *reply = NULL;
char *rpccmd;
const struct slrpc_cmd *slcmd;
+ const struct smb_filename conn_basedir = {
+ .base_name = mds_ctx->conn->connectpath,
+ };
if (CHECK_DEBUGLVL(10)) {
const struct sl_query *slq;
@@ -1697,6 +1790,14 @@ bool mds_dispatch(struct mds_ctx *mds_ctx,
goto cleanup;
}
+ ret = vfs_ChDir(mds_ctx->conn, &conn_basedir);
+ if (ret != 0) {
+ DBG_ERR("vfs_ChDir [%s] failed: %s\n",
+ conn_basedir.base_name, strerror(errno));
+ ok = false;
+ goto cleanup;
+ }
+
ok = slcmd->function(mds_ctx, query, reply);
if (ok) {
DBG_DEBUG("%s", dalloc_dump(reply, 0));
diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h
index 7d9a902a80b..392482767dd 100644
--- a/source3/rpc_server/mdssvc/mdssvc.h
+++ b/source3/rpc_server/mdssvc/mdssvc.h
@@ -126,6 +126,7 @@ struct mds_ctx {
int snum;
const char *sharename;
const char *spath;
+ struct connection_struct *conn;
struct sl_query *query_list; /* list of active queries */
struct db_context *ino_path_map; /* dbwrap rbt for storing inode->path mappings */
};
@@ -150,6 +151,7 @@ extern bool mds_init(struct messaging_context *msg_ctx);
extern bool mds_shutdown(void);
struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
struct auth_session_info *session_info,
int snum,
const char *sharename,
diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
index 56ebe68c7e9..b8eed8b6ff9 100644
--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
@@ -96,6 +96,7 @@ static NTSTATUS create_mdssvc_policy_handle(TALLOC_CTX *mem_ctx,
mds_ctx = mds_init_ctx(mem_ctx,
messaging_tevent_context(p->msg_ctx),
+ p->msg_ctx,
p->session_info,
snum,
sharename,
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 6f7707dbc9b..4c7aa89e859 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -242,6 +242,7 @@ static NTSTATUS parse_dfs_path(connection_struct *conn,
*********************************************************/
static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
+ struct tevent_context *ev,
struct messaging_context *msg,
connection_struct **pconn,
int snum,
@@ -260,12 +261,7 @@ static NTSTATUS create_conn_struct_as_root(TALLOC_CTX *ctx,
return NT_STATUS_NO_MEMORY;
}
- sconn->ev_ctx = samba_tevent_context_init(sconn);
- if (sconn->ev_ctx == NULL) {
- TALLOC_FREE(sconn);
- return NT_STATUS_NO_MEMORY;
- }
-
+ sconn->ev_ctx = ev;
sconn->msg_ctx = msg;
conn = conn_new(sconn);
@@ -401,6 +397,7 @@ NTSTATUS create_conn_struct_tos(struct messaging_context *msg,
struct conn_struct_tos **_c)
{
struct conn_struct_tos *c = NULL;
+ struct tevent_context *ev = NULL;
NTSTATUS status;
*_c = NULL;
@@ -410,8 +407,15 @@ NTSTATUS create_conn_struct_tos(struct messaging_context *msg,
return NT_STATUS_NO_MEMORY;
}
+ ev = samba_tevent_context_init(c);
+ if (ev == NULL) {
+ TALLOC_FREE(c);
+ return NT_STATUS_NO_MEMORY;
+ }
+
become_root();
status = create_conn_struct_as_root(c,
+ ev,
msg,
&c->conn,
snum,
@@ -491,6 +495,44 @@ NTSTATUS create_conn_struct_tos_cwd(struct messaging_context *msg,
return NT_STATUS_OK;
}
+/********************************************************
+ Fake up a connection struct for the VFS layer.
+ This takes an TALLOC_CTX and tevent_context from the
+ caller and the resulting connection_struct is stable
+ across the lifetime of mem_ctx and ev.
+
+ Note: this performs a vfs connect and changes cwd.
+
+ See also the comment for create_conn_struct_tos() above!
+*********************************************************/
+
+NTSTATUS create_conn_struct_cwd(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ const struct auth_session_info *session_info,
+ int snum,
+ const char *path,
+ struct connection_struct **c)
+{
+ NTSTATUS status;
+
+ become_root();
+ status = create_conn_struct_as_root(mem_ctx,
+ ev,
+ msg,
+ c,
+ snum,
+ path,
+ session_info);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(c);
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
static void shuffle_strlist(char **list, int count)
{
int i;
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index c0df35bcc48..e10ffa5110e 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -578,6 +578,14 @@ NTSTATUS dfs_redirect(TALLOC_CTX *ctx,
char **pp_name_out);
struct connection_struct;
struct smb_filename;
+
+NTSTATUS create_conn_struct_cwd(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ const struct auth_session_info *session_info,
+ int snum,
+ const char *path,
+ struct connection_struct **c);
struct conn_struct_tos {
struct connection_struct *conn;
struct smb_filename *oldcwd_fname;
--
Samba Shared Repository
More information about the samba-cvs
mailing list