[PATCH] Allow stat call with capability in vfs_gpfs
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Oct 9 08:46:53 MDT 2013
On Wed, Oct 09, 2013 at 07:31:49AM -0700, Christof Schmitt wrote:
> Hi Abhidnya,
>
> On Wed, Oct 09, 2013 at 10:14:36AM +0530, Abhidnya S Joshi wrote:
> > Please find attached patch to handle stat call in vfs_gpfs using
> > capability. stat call will not succeed if READ_ATTR (nfsv4 perm) is not
> > allowed in GPFS but will succeed in NTFS.
>
> [...]
> --- a/source3/modules/vfs_gpfs.c
> +++ b/source3/modules/vfs_gpfs.c
> @@ -1238,9 +1238,13 @@ static int vfs_gpfs_stat(struct vfs_handle_struct *handle,
> return -1);
>
> ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
> - if (ret == -1) {
> - return -1;
> + if (ret == -1 && errno == EACCES) {
> + set_effective_capability(DAC_READ_CAPABILITY);
> + ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
> + drop_effective_capability(DAC_READ_CAPABILITY);
> }
> + if (ret == -1)
> + return -1;
>
> if (!config->winattr) {
> return 0;
> @@ -1274,6 +1278,11 @@ static int vfs_gpfs_fstat(struct vfs_handle_struct *handle,
> return -1);
>
> ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
> + if (ret == -1 && errno == EACCES) {
> + set_effective_capability(DAC_READ_CAPABILITY);
> + ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
> + drop_effective_capability(DAC_READ_CAPABILITY);
> + }
> if (ret == -1) {
> return -1;
> }
> @@ -1307,6 +1316,11 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
> return -1);
>
> ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
> + if (ret == -1 && errno == EACCES) {
> + set_effective_capability(DAC_READ_CAPABILITY);
> + ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
> + drop_effective_capability(DAC_READ_CAPABILITY);
> + }
> if (ret == -1) {
> return -1;
> }
>
> Overall this looks good. Is there a reason for trying the stat calls
> twice, first without setting the capability and if that fails again
> while setting the capability? Always setting the capability for a stat
> call would save some lines of code.
... at a performance penalty for the normal case. We're
already doing a lot of syscalls :-)
One question I have: Is the fstat flavor required? Can you
open a file that you don't have READ_ATTR privileges for?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
*****************************************************************
visit us on it-sa:IT security exhibitions in Nürnberg, Germany
October 8th - 10th 2013, hall 12, booth 333
free tickets available via code 270691 on: www.it-sa.de/gutschein
******************************************************************
More information about the samba-technical
mailing list