From 5c2f96442a25a1725809a28b3719afbc0bd01830 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Tue, 19 Dec 2023 11:11:55 +0100
Subject: [PATCH] vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK
 at compile time

This will be used in CI to have a gitlab runner without all modern Linux
features we make use of as part of path processing:

- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle

That gives what a classix UNIX like AIX or Solaris offers feature wise.

Other OSes support other combinations of those features, but we leave the
exersize of possibly adding more runners supporting those combinations to the
reader.

The following list shows which features are available and used by Samba on a few
OSes:

        | O_PATH         | RESOLVE_NO_SYMLINKS | Safe reopen    | CI covered
--------|----------------|---------------------|----------------------------
        | Supported Used | Supported Used      | Supported Used |
============================================================================
Linux   | +         +    | +         +         | +         +    | +
FreeBSD | +         +    | + [1]     -         | + [2]     -    | -
AIX     | -         -    | -         -         | -         -    | +

[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---
 source3/modules/vfs_default.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 3c412f346e1..98188a50c34 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -52,6 +52,9 @@ static int vfswrap_connect(vfs_handle_struct *handle, const char *service, const
 	bool bval;
 
 	handle->conn->have_proc_fds = sys_have_proc_fds();
+#ifdef DISABLE_PROC_FDS
+	handle->conn->have_proc_fds = false;
+#endif
 
 	/*
 	 * assume the kernel will support openat2(),
@@ -70,6 +73,9 @@ static int vfswrap_connect(vfs_handle_struct *handle, const char *service, const
 		handle->conn->open_how_resolve |=
 			VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS;
 	}
+#ifdef DISABLE_VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
+	handle->conn->open_how_resolve &= ~VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS;
+#endif
 
 	return 0;    /* Return >= 0 for success */
 }
-- 
2.34.1