*/
#include "includes.h"
+#include "smbd/smbd.h"
#include "system/filesys.h"
#include "include/ntioctl.h"
-#include <ccan/hash/hash.h>
#include "util_tdb.h"
struct shadow_copy2_config {
char *stripped;
size_t rest_len, dst_len;
struct shadow_copy2_config *config;
+ const char *snapdir;
+ ssize_t snapdirlen;
+ ptrdiff_t len_before_gmt;
SMB_VFS_HANDLE_GET_DATA(handle, config, struct shadow_copy2_config,
return false);
p, name, (int)p[-1]));
goto no_snapshot;
}
+
+ /*
+ * Figure out whether we got an already converted string. One
+ * case where this happens is in a smb2 create call with the
+ * mxac create blob set. We do the get_acl call on
+ * fsp->fsp_name, which is already converted. We are converted
+ * if we got a file name of the form ".snapshots/@GMT-",
+ * i.e. ".snapshots/" precedes "p".
+ */
+
+ snapdir = lp_parm_const_string(SNUM(handle->conn), "shadow", "snapdir",
+ ".snapshots");
+ snapdirlen = strlen(snapdir);
+ len_before_gmt = p - name;
+
+ if ((len_before_gmt >= (snapdirlen + 1)) && (p[-1] == '/')) {
+ const char *parent_snapdir = p - (snapdirlen+1);
+
+ DEBUG(10, ("parent_snapdir = %s\n", parent_snapdir));
+
+ if (strncmp(parent_snapdir, snapdir, snapdirlen) == 0) {
+ DEBUG(10, ("name=%s is already converted\n", name));
+ goto no_snapshot;
+ }
+ }
q = strptime(p, GMT_FORMAT, &tm);
if (q == NULL) {
DEBUG(10, ("strptime failed\n"));
/* never reached ... */
}
- path = talloc_asprintf(mem_ctx, "%s/%s", handle->conn->connectpath,
- name);
+ if (name[0] == 0) {
+ path = talloc_strdup(mem_ctx, handle->conn->connectpath);
+ } else {
+ path = talloc_asprintf(
+ mem_ctx, "%s/%s", handle->conn->connectpath, name);
+ }
if (path == NULL) {
errno = ENOMEM;
goto fail;
number collision, but I can't see a better approach
without significant VFS changes
*/
+ TDB_DATA key = { .dptr = discard_const_p(uint8_t, fname),
+ .dsize = strlen(fname) };
uint32_t shash;
- shash = hash(fname, strlen(fname), 0) & 0xFF000000;
+ shash = tdb_jenkins_hash(&key) & 0xFF000000;
if (shash == 0) {
shash = 1;
}
static DIR *shadow_copy2_opendir(vfs_handle_struct *handle,
const char *fname,
const char *mask,
- uint32 attr)
+ uint32_t attr)
{
time_t timestamp;
char *stripped;
return NULL;
}
+static bool check_access_snapdir(struct vfs_handle_struct *handle,
+ const char *path)
+{
+ struct smb_filename smb_fname;
+ int ret;
+ NTSTATUS status;
+
+ ZERO_STRUCT(smb_fname);
+ smb_fname.base_name = talloc_asprintf(talloc_tos(),
+ "%s",
+ path);
+ if (smb_fname.base_name == NULL) {
+ return false;
+ }
+
+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
+ TALLOC_FREE(smb_fname.base_name);
+ return false;
+ }
+
+ status = smbd_check_access_rights(handle->conn,
+ &smb_fname,
+ false,
+ SEC_DIR_LIST);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("user does not have list permission "
+ "on snapdir %s\n",
+ smb_fname.base_name));
+ TALLOC_FREE(smb_fname.base_name);
+ return false;
+ }
+ TALLOC_FREE(smb_fname.base_name);
+ return true;
+}
+
/**
* Find the snapshot directory (if any) for the given
* filename (which is relative to the share).
const char *snapdir;
struct dirent *d;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ bool ret;
snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle, fsp->fsp_name);
if (snapdir == NULL) {
talloc_free(tmp_ctx);
return -1;
}
+ ret = check_access_snapdir(handle, snapdir);
+ if (!ret) {
+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
+ errno = EACCES;
+ talloc_free(tmp_ctx);
+ return -1;
+ }
p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
static NTSTATUS shadow_copy2_fget_nt_acl(vfs_handle_struct *handle,
struct files_struct *fsp,
- uint32 security_info,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle,
const char *fname,
- uint32 security_info,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
int saved_errno;
char *conv;
+ DEBUG(10, ("shadow_copy2_get_real_filename called for path=[%s], "
+ "name=[%s]\n", path, name));
+
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, path,
×tamp, &stripped)) {
+ DEBUG(10, ("shadow_copy2_strip_snapshot failed\n"));
return -1;
}
if (timestamp == 0) {
+ DEBUG(10, ("timestamp == 0\n"));
return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
mem_ctx, found_name);
}
- if (stripped[0] == '\0') {
- *found_name = talloc_strdup(mem_ctx, name);
- if (*found_name == NULL) {
- errno = ENOMEM;
- return -1;
- }
- return 0;
- }
conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
TALLOC_FREE(stripped);
if (conv == NULL) {
+ DEBUG(10, ("shadow_copy2_convert failed\n"));
return -1;
}
+ DEBUG(10, ("Calling NEXT_GET_REAL_FILE_NAME for conv=[%s], "
+ "name=[%s]\n", conv, name));
ret = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, conv, name,
mem_ctx, found_name);
+ DEBUG(10, ("NEXT_REAL_FILE_NAME returned %d\n", (int)ret));
saved_errno = errno;
TALLOC_FREE(conv);
errno = saved_errno;
}
static uint64_t shadow_copy2_disk_free(vfs_handle_struct *handle,
- const char *path, bool small_query,
- uint64_t *bsize, uint64_t *dfree,
- uint64_t *dsize)
+ const char *path, uint64_t *bsize,
+ uint64_t *dfree, uint64_t *dsize)
{
time_t timestamp;
char *stripped;
return -1;
}
if (timestamp == 0) {
- return SMB_VFS_NEXT_DISK_FREE(handle, path, small_query,
+ return SMB_VFS_NEXT_DISK_FREE(handle, path,
bsize, dfree, dsize);
}
return -1;
}
- ret = SMB_VFS_NEXT_DISK_FREE(handle, conv, small_query, bsize, dfree,
- dsize);
+ ret = SMB_VFS_NEXT_DISK_FREE(handle, conv, bsize, dfree, dsize);
saved_errno = errno;
TALLOC_FREE(conv);
char *p;
p = strstr(handle->conn->connectpath, mount_point);
if (p != handle->conn->connectpath) {
- DEBUG(1, ("Warning: mount_point (%s) is not a "
- "subdirectory of the share root "
- "(%s). Ignoring provided value.\n",
- mount_point,
- handle->conn->connectpath));
+ DBG_WARNING("Warning: the share root (%s) is "
+ "not a subdirectory of the "
+ "specified mountpoint (%s). "
+ "Ignoring provided value.\n",
+ handle->conn->connectpath,
+ mount_point);
mount_point = NULL;
}
}
config->mount_point = shadow_copy2_find_mount_point(config,
handle);
if (config->mount_point == NULL) {
- DEBUG(0, (__location__ ": shadow_copy2_find_mount_point"
- " failed: %s\n", strerror(errno)));
+ DBG_WARNING("shadow_copy2_find_mount_point "
+ "of the share root '%s' failed: %s\n",
+ handle->conn->connectpath, strerror(errno));
return -1;
}
}