[PATCH] Allow stat call with capability in vfs_gpfs

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Oct 9 08:46:53 MDT 2013 

On Wed, Oct 09, 2013 at 07:31:49AM -0700, Christof Schmitt wrote:
> Hi Abhidnya,
> 
> On Wed, Oct 09, 2013 at 10:14:36AM +0530, Abhidnya S Joshi wrote:
> > Please find attached patch to handle stat call in vfs_gpfs using 
> > capability. stat call will not succeed if READ_ATTR (nfsv4 perm) is not 
> > allowed in GPFS but will succeed in NTFS. 
> 
> [...]
> --- a/source3/modules/vfs_gpfs.c
> +++ b/source3/modules/vfs_gpfs.c
> @@ -1238,9 +1238,13 @@ static int vfs_gpfs_stat(struct vfs_handle_struct *handle,
>  				return -1);
>  
>  	ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
> -	if (ret == -1) {
> -		return -1;
> +	if (ret == -1 && errno == EACCES) {
> +		set_effective_capability(DAC_READ_CAPABILITY);
> +		ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
> +		drop_effective_capability(DAC_READ_CAPABILITY);
>  	}
> +	if (ret == -1)
> +		return -1;
>  
>  	if (!config->winattr) {
>  		return 0;
> @@ -1274,6 +1278,11 @@ static int vfs_gpfs_fstat(struct vfs_handle_struct *handle,
>  				return -1);
>  
>  	ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
> +	if (ret == -1 && errno == EACCES) {
> +		set_effective_capability(DAC_READ_CAPABILITY);
> +		ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
> +		drop_effective_capability(DAC_READ_CAPABILITY);
> +	}
>  	if (ret == -1) {
>  		return -1;
>  	}
> @@ -1307,6 +1316,11 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
>  				return -1);
>  
>  	ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
> +	if (ret == -1 && errno == EACCES) {
> +		set_effective_capability(DAC_READ_CAPABILITY);
> +		ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
> +		drop_effective_capability(DAC_READ_CAPABILITY);
> +	}
>  	if (ret == -1) {
>  		return -1;
>  	}
> 
> Overall this looks good. Is there a reason for trying the stat calls
> twice, first without setting the capability and if that fails again
> while setting the capability? Always setting the capability for a stat
> call would save some lines of code.

... at a performance penalty for the normal case. We're
already doing a lot of syscalls :-)

One question I have: Is the fstat flavor required? Can you
open a file that you don't have READ_ATTR privileges for?

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

*****************************************************************
visit us on it-sa:IT security exhibitions in Nürnberg, Germany
October 8th - 10th 2013, hall 12, booth 333
free tickets available via code 270691 on: www.it-sa.de/gutschein
******************************************************************

More information about the samba-technical mailing list