Questions about smbd option "strict rename"

Stefan Metzmacher metze at samba.org
Mon Nov 30 08:43:20 UTC 2015


Hi Ralph,

> On Sun, Nov 29, 2015 at 10:59:16AM +0100, Stefan Metzmacher wrote:
>> Hi Ralph,
>>
>>>> Yeah, that looks much closer !
>>>>
>>>>> I'm not fully happy with the flag names yet, I think we should prefix
>>>>> them with VFS_ so they won't collide with flags we may add later on
>>>>> for SMB2/3 UNIX extensions.
>>>>
>>>> Hmmm. Don't like VFS_ as they're not really VFS. How about
>>>> FSP_ prefix as they're more to do with fsp open handles ?
>>>
>>> perfect, thanks!
>>>
>>> Updated patchset attached. I've added a test that verifies both
>>> possibilities: deny rename if POSIX rename cap is not enabled, permit
>>> rename if POSIX rename cap is enabled via AAPL/vfs_fruit.
>>
>> Can we make change from bool posix_open to uint8_t posix_flags first?
>> Maybe with a #define posix_open posix_flags.
> 
> excellent idea! Something like the attached patch?

Except that we need to allow renames with just the _OPEN flags
specified (for the backports).

A VFS module can do fsp->posix_open = true; and expect renames
to work.

>> Can we also have a test with 2 connections, one with aapl and one
>> without and test the interaction between both against an apple
>> server.
> 
> Apple's server doesn't care and allows this even without AAPL. I had
> verified this previously with smbclient.
> 
> Only allowing this for AAPL (or UNIX) clients would be our way of
> preserving protocol conformance.

That's sad, but true, while I wouldn't call it protocol conformance.
It's bad design to let a client give itself the privilege to
overwrite protection of other clients.

I wouldn't wonder if some Windows applications get really unhappy,
when another client to renames the parent directory of an open file handle.

A better design would have been only allowing it if all conflicting opens
allow posix renames too. I that case it would also make sense to a
allow a Windows client to rename.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151130/1d465556/signature.sig>


More information about the samba-technical mailing list