Accessing ZFS snapshot directories over SMB
Jeremy Allison
jra at samba.org
Fri May 18 16:54:14 UTC 2018
On Fri, May 18, 2018 at 01:38:37PM +0200, Ralph Böhme wrote:
> On Fri, May 18, 2018 at 09:13:44AM +0200, Ralph Böhme wrote:
> > ok, I'll remove it then. Also, looks like the patch I attached to the bugreport
> > doesn't compile due to missing includes. I accidentally deleted my FreeBSD VM
> > image a few days ago, so I didn't compile the patch. I know, I know, shame on
> > me... Currently reinstalling the VM.
>
> ok, so here it is.
LGTM (I've been tracking this bug). RB+ and pushed to master !
Thanks Ralph,
Jeremy.
> --
> Ralph Boehme, Samba Team https://samba.org/
> Samba Developer, SerNet GmbH https://sernet.de/en/samba/
> GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5
> 59E4 AA1E 9B71 2639 9E46
> From 60bdced298831b2750ce785e01891e4aeb79f0dc Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Fri, 18 May 2018 13:14:57 +0200
> Subject: [PATCH 1/2] s3:smbd: make psbuf arg to make_default_acl_posix() const
>
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
>
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
> source3/smbd/posix_acls.c | 8 ++++----
> source3/smbd/proto.h | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
> index 8d42535d877..6396f818176 100644
> --- a/source3/smbd/posix_acls.c
> +++ b/source3/smbd/posix_acls.c
> @@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle,
>
> static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
> const char *name,
> - SMB_STRUCT_STAT *psbuf,
> + const SMB_STRUCT_STAT *psbuf,
> struct security_descriptor **ppdesc)
> {
> struct dom_sid owner_sid, group_sid;
> @@ -4886,7 +4886,7 @@ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
>
> static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
> const char *name,
> - SMB_STRUCT_STAT *psbuf,
> + const SMB_STRUCT_STAT *psbuf,
> struct security_descriptor **ppdesc)
> {
> struct dom_sid owner_sid, group_sid;
> @@ -4958,7 +4958,7 @@ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
>
> static NTSTATUS make_default_acl_everyone(TALLOC_CTX *ctx,
> const char *name,
> - SMB_STRUCT_STAT *psbuf,
> + const SMB_STRUCT_STAT *psbuf,
> struct security_descriptor **ppdesc)
> {
> struct dom_sid owner_sid, group_sid;
> @@ -5022,7 +5022,7 @@ NTSTATUS make_default_filesystem_acl(
> TALLOC_CTX *ctx,
> enum default_acl_style acl_style,
> const char *name,
> - SMB_STRUCT_STAT *psbuf,
> + const SMB_STRUCT_STAT *psbuf,
> struct security_descriptor **ppdesc)
> {
> NTSTATUS status;
> diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
> index bee7acadeea..262338d81e4 100644
> --- a/source3/smbd/proto.h
> +++ b/source3/smbd/proto.h
> @@ -819,7 +819,7 @@ NTSTATUS make_default_filesystem_acl(
> TALLOC_CTX *ctx,
> enum default_acl_style acl_style,
> const char *name,
> - SMB_STRUCT_STAT *psbuf,
> + const SMB_STRUCT_STAT *psbuf,
> struct security_descriptor **ppdesc);
>
> /* The following definitions come from smbd/process.c */
> --
> 2.13.6
>
>
> From 0918370e20156e4a21a0c244b963b672ed6b46b1 Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Tue, 5 Dec 2017 08:28:28 +0100
> Subject: [PATCH 2/2] vfs_zfsacl: return synthesized ACL when ZFS return
> ENOTSUP
>
> This allows accessing the ZFS .snapshots directory where ZFS returns
> ENOTSUP when calling acl(".snapshots").
>
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
>
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
> source3/modules/vfs_zfsacl.c | 36 ++++++++++++++++++++++++++++++++++--
> 1 file changed, 34 insertions(+), 2 deletions(-)
>
> diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
> index 0bc4ba6604f..43e41f95c1a 100644
> --- a/source3/modules/vfs_zfsacl.c
> +++ b/source3/modules/vfs_zfsacl.c
> @@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
> fsp->fsp_name, &pacl);
> if (!NT_STATUS_IS_OK(status)) {
> TALLOC_FREE(frame);
> - return status;
> + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
> + return status;
> + }
> +
> + status = make_default_filesystem_acl(mem_ctx,
> + DEFAULT_ACL_POSIX,
> + fsp->fsp_name->base_name,
> + &fsp->fsp_name->st,
> + ppdesc);
> + if (!NT_STATUS_IS_OK(status)) {
> + return status;
> + }
> + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED;
> + return NT_STATUS_OK;
> }
>
> status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx,
> @@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
> status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl);
> if (!NT_STATUS_IS_OK(status)) {
> TALLOC_FREE(frame);
> - return status;
> + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
> + return status;
> + }
> +
> + if (!VALID_STAT(smb_fname->st)) {
> + DBG_ERR("No stat info for [%s]\n",
> + smb_fname_str_dbg(smb_fname));
> + return NT_STATUS_INTERNAL_ERROR;
> + }
> +
> + status = make_default_filesystem_acl(mem_ctx,
> + DEFAULT_ACL_POSIX,
> + smb_fname->base_name,
> + &smb_fname->st,
> + ppdesc);
> + if (!NT_STATUS_IS_OK(status)) {
> + return status;
> + }
> + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED;
> + return NT_STATUS_OK;
> }
>
> status = smb_get_nt_acl_nfs4(handle->conn,
> --
> 2.13.6
>
More information about the samba-technical
mailing list