From nobody Tue May 30 21:06:08 2023
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QW4gj38KSz4Y9SG
	for <bugs@mlmmj.nyi.freebsd.org>; Tue, 30 May 2023 21:06:09 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QW4gj270Wz3Bpl
	for <bugs@FreeBSD.org>; Tue, 30 May 2023 21:06:09 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1685480769;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=+upHo/ouCJ/azNLhipWslXe7VZQKQCYiZYvnk6FyKcM=;
	b=HjmlK7Z8+o//d+lPTFiD75HXEnuvWGzcF5b6VM16T3xnf37ZwZBefizWMtEHn5SSiFMnFl
	7v+Y1TErIoylbqPOdzWHcYxMKKZkeiXANJXDLGIDIFxKwuTJaI9vWjk3XDJX0Q/broyfv+
	ch8dV0YYn8qHJqLEC1ZIKGGpprl84416/rES8fvCIsU7OPKHDiinM6A7FJOqoUKCql7PN4
	mDKbf1pxDL5t+qSvzQVZ8FI70e79oE0eU0A8X4qz115lTuBL20zZVocSIOclk2Bh7YEV4v
	NhPsEwGkHs+b6m6LnJ/dWooPc3j3bzgDnwvqxpxrT5eHwMugONj3r0MYrz7jrw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685480769; a=rsa-sha256; cv=none;
	b=kDYj1avYfpBO6SEIuBsEonF//5c5pesdYU2xSTCfmgVPVOaXZFno4ACvuJO1la5YK1vAhV
	d0ImNH814M7WJNVezlfq/ApqoqR16tC/fApBNf8WSoXx/EOug/aNxELj3IOvJu6I1Frsbf
	AEev5wU6PlSPFkZeIXvbQDpH5G0Z1/oJfCTe3yb0mwK5/hCANdaO0JCpJm3AZBq/OAE0HD
	B5lA8fiZonJ81qa82zmG1U/tZk0FFhTDIu2rvuwLVgF6Bh//r9FsJt/aY+K71x3JfhkBb8
	GlZ33w7r2Sjzjifk25mVVuUhJDpvPk1ej6ELELmYFMa4SJcgGeloNfqLKCpbsw==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QW4gj129pz17Zg
	for <bugs@FreeBSD.org>; Tue, 30 May 2023 21:06:09 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 34UL69ST086814
	for <bugs@FreeBSD.org>; Tue, 30 May 2023 21:06:09 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 34UL69br086813
	for bugs@FreeBSD.org; Tue, 30 May 2023 21:06:09 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 271704] O_PATH and acl_get_fd_np doesn't work on FreeBSD 13(.2)
 and causes vfs_zfsacl in Samba to fail
Date: Tue, 30 May 2023 21:06:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.2-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: pen@lysator.liu.se
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-271704-227-P1jQshIEBA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-271704-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-271704-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271704

--- Comment #9 from Peter Eriksson <pen@lysator.liu.se> ---
Linux uses the getxattr/setxattr calls for NFS stuff.

Well, the generic way Samba handles O_PATH stuff on Linux for syscalls that
fails is apparently to use /proc/self/fd/%d (where %d is the fd for the O_P=
ATH
descriptor) and then call the path-based variants of the syscall using that
path instead of using the fd

       if (!fsp->fsp_flags.is_pathref) {
                result =3D fchmod(fsp_get_io_fd(fsp), mode);
                END_PROFILE(syscall_fchmod);
                return result;
        }

        if (fsp->fsp_flags.have_proc_fds) {
                int fd =3D fsp_get_pathref_fd(fsp);
                const char *p =3D NULL;
                char buf[PATH_MAX];

                p =3D sys_proc_fd_path(fd, buf, sizeof(buf));
                if (p !=3D NULL) {
                        result =3D chmod(p, mode);
                } else {
                        result =3D -1;
                }
                END_PROFILE(syscall_fchmod);
                return result;
        }

        /*=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
         * This is no longer a handle based call.=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
         */
        result =3D chmod(fsp->fsp_name->base_name, mode);

(The last line of code is the reason most calls still work for a
default-compiled Samba on FreeBSD 13 - it falls back to using the (insecure)
full path based functionality... But that code was missing in the vfs_zfsacl
module).

For FreeBSD I think using openat(fd, "", O_EMPTY_PATH) is a cleaner way to =
get
an fd that you can use... Something like this:

        if (!fsp->fsp_flags.is_pathref) {
                rv =3D facl(fsp_get_io_fd(fsp), ACE_SETACL, naces, acebuf);
        } else {
#if defined(HAVE_OPENAT) && defined(O_EMPTY_PATH)
                fd =3D fsp_get_pathref_fd(fsp);

                /* First try this for versions of FreeBSD that allows facl(=
) on
O_PATH fd's */
                rv =3D facl(fd, ACE_SETACL, naces, acebuf);
                if (rv < 0 && errno =3D=3D EBADF) {
                        /* Fall back to getting a real fd via openat() */
                        int saved_errno, real_fd;

                        real_fd =3D openat(fd, "", O_EMPTY_PATH);
                        if (real_fd < 0) {
                                errno =3D EBADF;
                                return false;
                        }

                        rv =3D facl(real_fd, ACE_SETACL, naces, acebuf);
                        saved_errno =3D errno;
                        close(real_fd);
                        errno =3D saved_errno;
                }
#else
                /* Last ditch fallback */
                rv =3D acl(fsp->fsp_name->base_name, ACE_SETACL, naces, ace=
buf);
#endif
        }


(facl is a helper function in libsunacl that calls the right
acl_get_fd_np/acl_get_file functions that Samba uses for compatibility with
Solaris).

--=20
You are receiving this mail because:
You are the assignee for the bug.=