mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
vfs_gpfs: Retry getacl with DAC capability if necessary
Samba always tries to read the ACL of a file and checks it internally. If the READ_ACL permission is missing in GPFS, then then reading the ACL for Samba internal evaluation will be denied and opening the file or directory fails. Change this by retrying reading the ACL with the DAC capability if access was denied. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Mon Jul 25 10:30:02 CEST 2016 on sn-devel-144
This commit is contained in:
parent
4c5367d84b
commit
3a683b1095
@ -358,6 +358,21 @@ static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
|
||||
}
|
||||
}
|
||||
|
||||
static int gpfs_getacl_with_capability(const char *fname, int flags, void *buf)
|
||||
{
|
||||
int ret, saved_errno;
|
||||
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
|
||||
ret = gpfswrap_getacl(discard_const_p(char, fname), flags, buf);
|
||||
saved_errno = errno;
|
||||
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
|
||||
errno = saved_errno;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* get the ACL from GPFS, allocated on the specified mem_ctx
|
||||
* internally retries when initial buffer was too small
|
||||
@ -378,6 +393,7 @@ static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
|
||||
int ret, flags;
|
||||
unsigned int *len;
|
||||
size_t struct_size;
|
||||
bool use_capability = false;
|
||||
|
||||
again:
|
||||
|
||||
@ -406,8 +422,18 @@ again:
|
||||
/* set the length of the buffer as input value */
|
||||
*len = size;
|
||||
|
||||
errno = 0;
|
||||
ret = gpfswrap_getacl(discard_const_p(char, fname), flags, aclbuf);
|
||||
if (use_capability) {
|
||||
ret = gpfs_getacl_with_capability(fname, flags, aclbuf);
|
||||
} else {
|
||||
ret = gpfswrap_getacl(discard_const_p(char, fname),
|
||||
flags, aclbuf);
|
||||
if ((ret != 0) && (errno == EACCES)) {
|
||||
DBG_DEBUG("Retry with DAC capability for %s\n", fname);
|
||||
use_capability = true;
|
||||
ret = gpfs_getacl_with_capability(fname, flags, aclbuf);
|
||||
}
|
||||
}
|
||||
|
||||
if ((ret != 0) && (errno == ENOSPC)) {
|
||||
/*
|
||||
* get the size needed to accommodate the complete buffer
|
||||
|
Loading…
Reference in New Issue
Block a user