Accessing ZFS snapshot directories over SMB

Jeremy Allison jra at samba.org
Fri May 18 16:54:14 UTC 2018 

On Fri, May 18, 2018 at 01:38:37PM +0200, Ralph Böhme wrote:
> On Fri, May 18, 2018 at 09:13:44AM +0200, Ralph Böhme wrote:
> > ok, I'll remove it then. Also, looks like the patch I attached to the bugreport
> > doesn't compile due to missing includes. I accidentally deleted my FreeBSD VM
> > image a few days ago, so I didn't compile the patch. I know, I know, shame on
> > me... Currently reinstalling the VM.
> 
> ok, so here it is.

LGTM (I've been tracking this bug). RB+ and pushed to master !

Thanks Ralph,

Jeremy.

> -- 
> Ralph Boehme, Samba Team       https://samba.org/
> Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
> GPG Key Fingerprint:           FAE2 C608 8A24 2520 51C5
>                                59E4 AA1E 9B71 2639 9E46

> From 60bdced298831b2750ce785e01891e4aeb79f0dc Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Fri, 18 May 2018 13:14:57 +0200
> Subject: [PATCH 1/2] s3:smbd: make psbuf arg to make_default_acl_posix() const
> 
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
> 
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
>  source3/smbd/posix_acls.c | 8 ++++----
>  source3/smbd/proto.h      | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
> index 8d42535d877..6396f818176 100644
> --- a/source3/smbd/posix_acls.c
> +++ b/source3/smbd/posix_acls.c
> @@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle,
>  
>  static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
>  				       const char *name,
> -				       SMB_STRUCT_STAT *psbuf,
> +				       const SMB_STRUCT_STAT *psbuf,
>  				       struct security_descriptor **ppdesc)
>  {
>  	struct dom_sid owner_sid, group_sid;
> @@ -4886,7 +4886,7 @@ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
>  
>  static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
>  					 const char *name,
> -					 SMB_STRUCT_STAT *psbuf,
> +					 const SMB_STRUCT_STAT *psbuf,
>  					 struct security_descriptor **ppdesc)
>  {
>  	struct dom_sid owner_sid, group_sid;
> @@ -4958,7 +4958,7 @@ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
>  
>  static NTSTATUS make_default_acl_everyone(TALLOC_CTX *ctx,
>  					  const char *name,
> -					  SMB_STRUCT_STAT *psbuf,
> +					  const SMB_STRUCT_STAT *psbuf,
>  					  struct security_descriptor **ppdesc)
>  {
>  	struct dom_sid owner_sid, group_sid;
> @@ -5022,7 +5022,7 @@ NTSTATUS make_default_filesystem_acl(
>  	TALLOC_CTX *ctx,
>  	enum default_acl_style acl_style,
>  	const char *name,
> -	SMB_STRUCT_STAT *psbuf,
> +	const SMB_STRUCT_STAT *psbuf,
>  	struct security_descriptor **ppdesc)
>  {
>  	NTSTATUS status;
> diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
> index bee7acadeea..262338d81e4 100644
> --- a/source3/smbd/proto.h
> +++ b/source3/smbd/proto.h
> @@ -819,7 +819,7 @@ NTSTATUS make_default_filesystem_acl(
>  	TALLOC_CTX *ctx,
>  	enum default_acl_style acl_style,
>  	const char *name,
> -	SMB_STRUCT_STAT *psbuf,
> +	const SMB_STRUCT_STAT *psbuf,
>  	struct security_descriptor **ppdesc);
>  
>  /* The following definitions come from smbd/process.c  */
> -- 
> 2.13.6
> 
> 
> From 0918370e20156e4a21a0c244b963b672ed6b46b1 Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Tue, 5 Dec 2017 08:28:28 +0100
> Subject: [PATCH 2/2] vfs_zfsacl: return synthesized ACL when ZFS return
>  ENOTSUP
> 
> This allows accessing the ZFS .snapshots directory where ZFS returns
> ENOTSUP when calling acl(".snapshots").
> 
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
> 
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
>  source3/modules/vfs_zfsacl.c | 36 ++++++++++++++++++++++++++++++++++--
>  1 file changed, 34 insertions(+), 2 deletions(-)
> 
> diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
> index 0bc4ba6604f..43e41f95c1a 100644
> --- a/source3/modules/vfs_zfsacl.c
> +++ b/source3/modules/vfs_zfsacl.c
> @@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
>  				       fsp->fsp_name, &pacl);
>  	if (!NT_STATUS_IS_OK(status)) {
>  		TALLOC_FREE(frame);
> -		return status;
> +		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
> +			return status;
> +		}
> +
> +		status = make_default_filesystem_acl(mem_ctx,
> +						     DEFAULT_ACL_POSIX,
> +						     fsp->fsp_name->base_name,
> +						     &fsp->fsp_name->st,
> +						     ppdesc);
> +		if (!NT_STATUS_IS_OK(status)) {
> +			return status;
> +		}
> +		(*ppdesc)->type |= SEC_DESC_DACL_PROTECTED;
> +		return NT_STATUS_OK;
>  	}
>  
>  	status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx,
> @@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
>  	status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl);
>  	if (!NT_STATUS_IS_OK(status)) {
>  		TALLOC_FREE(frame);
> -		return status;
> +		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
> +			return status;
> +		}
> +
> +		if (!VALID_STAT(smb_fname->st)) {
> +			DBG_ERR("No stat info for [%s]\n",
> +				smb_fname_str_dbg(smb_fname));
> +			return NT_STATUS_INTERNAL_ERROR;
> +		}
> +
> +		status = make_default_filesystem_acl(mem_ctx,
> +						     DEFAULT_ACL_POSIX,
> +						     smb_fname->base_name,
> +						     &smb_fname->st,
> +						     ppdesc);
> +		if (!NT_STATUS_IS_OK(status)) {
> +			return status;
> +		}
> +		(*ppdesc)->type |= SEC_DESC_DACL_PROTECTED;
> +		return NT_STATUS_OK;
>  	}
>  
>  	status = smb_get_nt_acl_nfs4(handle->conn,
> -- 
> 2.13.6
>

More information about the samba-technical mailing list