[SCM] Samba Shared Repository - branch v4-17-test updated
Jule Anger
janger at samba.org
Mon Oct 31 22:04:01 UTC 2022
The branch, v4-17-test has been updated
via 5c32c822edd docs-xml: ea support option restricted to user ns
via f4507b399cf s3: smbd: Consistently map EAs to user namespace
from 057f60cc715 python/samba/tests: fix samba.tests.auth_log_pass_change for later gnutls
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -----------------------------------------------------------------
commit 5c32c822edd622d608b20a6c813a19c5d8bdced4
Author: Daniel Kobras <kobras at puzzle-itc.de>
Date: Fri Oct 21 16:40:14 2022 +0200
docs-xml: ea support option restricted to user ns
Update documentation to match current behavior.
Signed-off-by: Daniel Kobras <kobras at puzzle-itc.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15186
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Oct 28 07:24:18 UTC 2022 on sn-devel-184
(cherry picked from commit 69273c3a836ede97c7fde74e2f1fdc84e92ec86f)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Oct 31 22:03:46 UTC 2022 on sn-devel-184
commit f4507b399cfd19ab37e6eada57ee15504ad9979a
Author: Daniel Kobras <kobras at puzzle-itc.de>
Date: Mon Sep 26 10:27:19 2022 +0200
s3: smbd: Consistently map EAs to user namespace
Samba has always been mapping Windows EAs to the 'user' namespace on the
POSIX side. However, in the opposite direction, the mapping would also map
other user-readable POSIX EA namespaces to Windows EAs, only stripping the
'user' namespace prefix, and passing all other EA names verbatim.
This means any POSIX EA 'other.foo' collides with 'user.other.foo' on the
Windows side, hence the mapping of non-user namespaces is unreliable.
Also, copy operations via Windows would rename an existing POSIX EA
'other.foo' in the source file to 'user.other.foo' in the destination. The
'user' namespace, however, may not be enabled on the underlying filesystem,
leading to subtle failure modes like the ones reported in eg.
<https://bugzilla.samba.org/show_bug.cgi?id=15186>
Fix the issues by restricting the mapping to the 'user' POSIX EA namespace
consistently for either direction.
Link: https://lists.samba.org/archive/samba-technical/2022-September/137634.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15186
Signed-off-by: Daniel Kobras <kobras at puzzle-itc.de>
Reviewed-by: Michael Weiser <michael.weiser at atos.net>
Tested-by: Michael Weiser <michael.weiser at atos.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 34c6db64c2ff62673f8df218487cda4139c10843)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/protocol/easupport.xml | 9 +++++++++
source3/smbd/smb2_trans2.c | 23 +++++++++++++++++++++--
2 files changed, 30 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/protocol/easupport.xml b/docs-xml/smbdotconf/protocol/easupport.xml
index 403e48f5a89..0ff9d32f964 100644
--- a/docs-xml/smbdotconf/protocol/easupport.xml
+++ b/docs-xml/smbdotconf/protocol/easupport.xml
@@ -14,8 +14,17 @@
attributes (e.g. the getfattr<manvolnum>1</manvolnum> / setfattr<manvolnum>1</manvolnum>
utilities must work).
</para></listitem>
+ <listitem><para>Access to extended user attributes must be allowed by the underlying
+ filesystem (e.g. when mounted with a system-dependent option like user_xattr on Linux).
+ </para></listitem>
</itemizedlist>
<para>
+ This option exposes the "user" attribute namespace from the underlying filesystem to
+ clients. In order to match Windows conventions, the namespace prefix ("user.") is
+ stripped from the attribute name on the client side. The handling of further attribute
+ namespaces (like "security", "system", or "trusted") is not affected by this option.
+ </para>
+ <para>
Note that the SMB protocol allows setting attributes whose value is 64K bytes long,
and that on NTFS, the maximum storage space for extended attributes per file is 64K.
On most UNIX systems (Solaris and ZFS file system being the exception), the limits
diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c
index b2a0cc4140a..8d1e31df1f3 100644
--- a/source3/smbd/smb2_trans2.c
+++ b/source3/smbd/smb2_trans2.c
@@ -454,7 +454,19 @@ static NTSTATUS get_ea_list_from_fsp(TALLOC_CTX *mem_ctx,
struct ea_list *listp;
fstring dos_ea_name;
- if (strnequal(names[i], "system.", 7)
+ /*
+ * POSIX EA names are divided into several namespaces by
+ * means of string prefixes. Usually, the system controls
+ * semantics for each namespace, but the 'user' namespace is
+ * available for arbitrary use, which comes closest to
+ * Windows EA semantics. Hence, we map POSIX EAs from the
+ * 'user' namespace to Windows EAs, and just ignore all the
+ * other namespaces. Also, a few specific names in the 'user'
+ * namespace are used by Samba internally. Filter them out as
+ * well, and only present the EAs that are available for
+ * arbitrary use.
+ */
+ if (!strnequal(names[i], "user.", 5)
|| samba_private_attr_name(names[i]))
continue;
@@ -780,7 +792,14 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
int ret;
fstring unix_ea_name;
- fstrcpy(unix_ea_name, "user."); /* All EA's must start with user. */
+ /*
+ * Complementing the forward mapping from POSIX EAs to
+ * Windows EAs in get_ea_list_from_fsp(), here we map in the
+ * opposite direction from Windows EAs to the 'user' namespace
+ * of POSIX EAs. Hence, all POSIX EA names the we set here must
+ * start with a 'user.' prefix.
+ */
+ fstrcpy(unix_ea_name, "user.");
fstrcat(unix_ea_name, ea_list->ea.name);
canonicalize_ea_name(fsp, unix_ea_name);
--
Samba Shared Repository
More information about the samba-cvs
mailing list