[Samba] O_PATH, FreeBSD & acl_xx_fd

Peter Eriksson pen at lysator.liu.se
Tue May 30 17:40:41 UTC 2023 

Urgh…

I modified the FreeBSD kernel to allow all_xx_fd() calls on O_PATH descriptors and that seems make vfs_zfsacl to work fine. Not 100% tested but I could atleast view and modify the ACL on some stuff from a Windows client via Samba that way. 

I’m not sure I’ll be able to get them to implement this “officially” though. Reading ACLs via an O_PATH-opened descriptor seems to be on the way of being added though. I can always use my custom kernel but… :-)

Regarding that Linux hack - I wonder if on FreeBSD one might use this to do something similar:

>   A file descriptor created with the O_PATH flag can be opened into normal
>     (operable) file descriptor by specifying it as the fd argument to
>     openat() with empty path and flag O_EMPTY_PATH.  Such an open behaves as
>     if the current path of the file referenced by fd is passed, except that
>     the path walk permissions are not checked.  See also the description of
>     AT_EMPTY_PATH flag for fstatat(2) and related syscalls.

Hmm… I’ll have to test it. Yes, this seems to work - after this I can read & write ACLs and stuff:

   fd = openat(fd, “”, O_EMPTY_PATH);

- Peter


> On 30 May 2023, at 19:20, Jeremy Allison <jra at samba.org> wrote:
> 
> On Tue, May 30, 2023 at 09:57:37AM +0200, Peter Eriksson via samba wrote:
>> I’ve been looking at an issue when compiling Samba on FreeBSD 13 with the vfs_zfsacl module.
>> 
>> It seems the logic that detect O_PATH support in Samba doesn’t work right with FreeBSD 13 (since it has implemented O_PATH support) and especially with the acl_get_fd() function. This is a bug (or rather a missing feature) in FreeBSD that there is a patch for now (dunno when it’ll appear in a release version).
>> 
>> However, one question that has surfaced is if Samba also requires support to change/set ACLs via O_PATH-opened file descriptors? I’m trying to test things but figured I’d put this here too if someone with more internal knowledge of the Samba VFS O_PATH-related stuff knows :-)
>> 
>> 
>> https://bugzilla.samba.org/show_bug.cgi?id=15376
>> 
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271704
> 
> Samba uses a horrible hack, as far as I know Linux
> specific, to do this.
> 
> Once it has a O_PATH fd, it then uses the path
> based xattr call on the string /proc/<pid>/fd/<fdnum>
> where fdnum is the O_PATH fd we already opened.
> This is proven safe.

More information about the samba mailing list