search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_fileid: fix a use after free
[Samba.git] / source3 / modules / vfs_fileid.c
blobc890876c998e4c7b17a1efc51d09b72a3fbdcaa7
1 /*
2 * VFS module to alter the algorithm to calculate
3 * the struct file_id used as key for the share mode
4 * and byte range locking db's.
5 *
6 * Copyright (C) 2007, Stefan Metzmacher
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "system/filesys.h"
25
26 static int vfs_fileid_debug_level = DBGC_VFS;
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS vfs_fileid_debug_level
30
31 struct fileid_mount_entry {
32 SMB_DEV_T device;
33 const char *mnt_fsname;
34 fsid_t fsid;
35 uint64_t devid;
36 };
37
38 struct fileid_handle_data {
39 uint64_t (*device_mapping_fn)(struct fileid_handle_data *data,
40 const SMB_STRUCT_STAT *sbuf);
41 char **fstype_deny_list;
42 char **fstype_allow_list;
43 char **mntdir_deny_list;
44 char **mntdir_allow_list;
45 unsigned num_mount_entries;
46 struct fileid_mount_entry *mount_entries;
47 ino_t nolockinode;
48 };
49
50 /* check if a mount entry is allowed based on fstype and mount directory */
51 static bool fileid_mount_entry_allowed(struct fileid_handle_data *data,
52 struct mntent *m)
53 {
54 int i;
55 char **fstype_deny = data->fstype_deny_list;
56 char **fstype_allow = data->fstype_allow_list;
57 char **mntdir_deny = data->mntdir_deny_list;
58 char **mntdir_allow = data->mntdir_allow_list;
59
60 if (fstype_deny != NULL) {
61 for (i = 0; fstype_deny[i] != NULL; i++) {
62 if (strcmp(m->mnt_type, fstype_deny[i]) == 0) {
63 return false;
64 }
65 }
66 }
67 if (fstype_allow != NULL) {
68 for (i = 0; fstype_allow[i] != NULL; i++) {
69 if (strcmp(m->mnt_type, fstype_allow[i]) == 0) {
70 break;
71 }
72 }
73 if (fstype_allow[i] == NULL) {
74 return false;
75 }
76 }
77 if (mntdir_deny != NULL) {
78 for (i=0; mntdir_deny[i] != NULL; i++) {
79 if (strcmp(m->mnt_dir, mntdir_deny[i]) == 0) {
80 return false;
81 }
82 }
83 }
84 if (mntdir_allow != NULL) {
85 for (i=0; mntdir_allow[i] != NULL; i++) {
86 if (strcmp(m->mnt_dir, mntdir_allow[i]) == 0) {
87 break;
88 }
89 }
90 if (mntdir_allow[i] == NULL) {
91 return false;
92 }
93 }
94 return true;
95 }
96
97
98 /* load all the mount entries from the mtab */
99 static void fileid_load_mount_entries(struct fileid_handle_data *data)
100 {
101 FILE *f;
102 struct mntent *m;
103
104 data->num_mount_entries = 0;
105 TALLOC_FREE(data->mount_entries);
106
107 f = setmntent("/etc/mtab", "r");
108 if (!f) return;
109
110 while ((m = getmntent(f))) {
111 struct stat st;
112 struct statfs sfs;
113 struct fileid_mount_entry *cur;
114 bool allowed;
115
116 allowed = fileid_mount_entry_allowed(data, m);
117 if (!allowed) {
118 DBG_DEBUG("skipping mount entry %s\n", m->mnt_dir);
119 continue;
120 }
121 if (stat(m->mnt_dir, &st) != 0) continue;
122 if (statfs(m->mnt_dir, &sfs) != 0) continue;
123
124 if (strncmp(m->mnt_fsname, "/dev/", 5) == 0) {
125 m->mnt_fsname += 5;
126 }
127
128 data->mount_entries = talloc_realloc(data,
129 data->mount_entries,
130 struct fileid_mount_entry,
131 data->num_mount_entries+1);
132 if (data->mount_entries == NULL) {
133 goto nomem;
134 }
135
136 cur = &data->mount_entries[data->num_mount_entries];
137 cur->device = st.st_dev;
138 cur->mnt_fsname = talloc_strdup(data->mount_entries,
139 m->mnt_fsname);
140 if (!cur->mnt_fsname) goto nomem;
141 cur->fsid = sfs.f_fsid;
142 cur->devid = (uint64_t)-1;
143
144 data->num_mount_entries++;
145 }
146 endmntent(f);
147 return;
148
149 nomem:
150 if (f) endmntent(f);
151
152 data->num_mount_entries = 0;
153 TALLOC_FREE(data->mount_entries);
154
155 return;
156 }
157
158 /* find a mount entry given a dev_t */
159 static struct fileid_mount_entry *fileid_find_mount_entry(struct fileid_handle_data *data,
160 SMB_DEV_T dev)
161 {
162 unsigned i;
163
164 if (data->num_mount_entries == 0) {
165 fileid_load_mount_entries(data);
166 }
167 for (i=0;i<data->num_mount_entries;i++) {
168 if (data->mount_entries[i].device == dev) {
169 return &data->mount_entries[i];
170 }
171 }
172 /* 2nd pass after reloading */
173 fileid_load_mount_entries(data);
174 for (i=0;i<data->num_mount_entries;i++) {
175 if (data->mount_entries[i].device == dev) {
176 return &data->mount_entries[i];
177 }
178 }
179 return NULL;
180 }
181
182
183 /* a 64 bit hash, based on the one in tdb */
184 static uint64_t fileid_uint64_hash(const uint8_t *s, size_t len)
185 {
186 uint64_t value; /* Used to compute the hash value. */
187 uint32_t i; /* Used to cycle through random values. */
188
189 /* Set the initial value from the key size. */
190 for (value = 0x238F13AFLL * len, i=0; i < len; i++)
191 value = (value + (((uint64_t)s[i]) << (i*5 % 24)));
192
193 return (1103515243LL * value + 12345LL);
194 }
195
196 /* a device mapping using a fsname */
197 static uint64_t fileid_device_mapping_fsname(struct fileid_handle_data *data,
198 const SMB_STRUCT_STAT *sbuf)
199 {
200 struct fileid_mount_entry *m;
201
202 m = fileid_find_mount_entry(data, sbuf->st_ex_dev);
203 if (!m) return sbuf->st_ex_dev;
204
205 if (m->devid == (uint64_t)-1) {
206 m->devid = fileid_uint64_hash((const uint8_t *)m->mnt_fsname,
207 strlen(m->mnt_fsname));
208 }
209
210 return m->devid;
211 }
212
213 /* a device mapping using a hostname */
214 static uint64_t fileid_device_mapping_hostname(struct fileid_handle_data *data,
215 const SMB_STRUCT_STAT *sbuf)
216 {
217 char hostname[HOST_NAME_MAX+1];
218 char *devname = NULL;
219 uint64_t id;
220 size_t devname_len;
221 int rc;
222
223 rc = gethostname(hostname, HOST_NAME_MAX+1);
224 if (rc != 0) {
225 DBG_ERR("gethostname failed\n");
226 return UINT64_MAX;
227 }
228
229 devname = talloc_asprintf(talloc_tos(), "%s%lu",
230 hostname, sbuf->st_ex_dev);
231 if (devname == NULL) {
232 DBG_ERR("talloc_asprintf failed\n");
233 return UINT64_MAX;
234 }
235 devname_len = talloc_array_length(devname) - 1;
236
237 id = fileid_uint64_hash((uint8_t *)devname, devname_len);
238
239 TALLOC_FREE(devname);
240
241 return id;
242 }
243
244 /* a device mapping using a fsname for files and hostname for dirs */
245 static uint64_t fileid_device_mapping_fsname_nodirs(
246 struct fileid_handle_data *data,
247 const SMB_STRUCT_STAT *sbuf)
248 {
249 if (S_ISDIR(sbuf->st_ex_mode)) {
250 return fileid_device_mapping_hostname(data, sbuf);
251 }
252
253 return fileid_device_mapping_fsname(data, sbuf);
254 }
255
256 /* device mapping functions using a fsid */
257 static uint64_t fileid_device_mapping_fsid(struct fileid_handle_data *data,
258 const SMB_STRUCT_STAT *sbuf)
259 {
260 struct fileid_mount_entry *m;
261
262 m = fileid_find_mount_entry(data, sbuf->st_ex_dev);
263 if (!m) return sbuf->st_ex_dev;
264
265 if (m->devid == (uint64_t)-1) {
266 if (sizeof(fsid_t) > sizeof(uint64_t)) {
267 m->devid = fileid_uint64_hash((uint8_t *)&m->fsid,
268 sizeof(m->fsid));
269 } else {
270 union {
271 uint64_t ret;
272 fsid_t fsid;
273 } u;
274 ZERO_STRUCT(u);
275 u.fsid = m->fsid;
276 m->devid = u.ret;
277 }
278 }
279
280 return m->devid;
281 }
282
283 static int get_connectpath_ino(struct vfs_handle_struct *handle,
284 ino_t *ino)
285 {
286 struct smb_filename *fname = NULL;
287 int ret;
288
289 fname = synthetic_smb_fname(talloc_tos(),
290 handle->conn->connectpath,
291 NULL,
292 NULL,
293 0);
294 if (fname == NULL) {
295 DBG_ERR("synthetic_smb_fname failed\n");
296 return -1;
297 }
298
299 ret = SMB_VFS_NEXT_STAT(handle, fname);
300 TALLOC_FREE(fname);
301 if (ret != 0) {
302 DBG_ERR("stat failed for %s with %s\n",
303 handle->conn->connectpath, strerror(errno));
304 return -1;
305 }
306
307 return 0;
308 }
309
310 static int fileid_connect(struct vfs_handle_struct *handle,
311 const char *service, const char *user)
312 {
313 struct fileid_handle_data *data;
314 const char *algorithm;
315 const char **fstype_deny_list = NULL;
316 const char **fstype_allow_list = NULL;
317 const char **mntdir_deny_list = NULL;
318 const char **mntdir_allow_list = NULL;
319 int saved_errno;
320 int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
321
322 if (ret < 0) {
323 return ret;
324 }
325
326 data = talloc_zero(handle->conn, struct fileid_handle_data);
327 if (!data) {
328 saved_errno = errno;
329 SMB_VFS_NEXT_DISCONNECT(handle);
330 DEBUG(0, ("talloc_zero() failed\n"));
331 errno = saved_errno;
332 return -1;
333 }
334
335 data->nolockinode = 0;
336
337 /*
338 * "fileid:mapping" is only here as fallback for old setups
339 * "fileid:algorithm" is the option new setups should use
340 */
341 algorithm = lp_parm_const_string(SNUM(handle->conn),
342 "fileid", "mapping",
343 "fsname");
344 algorithm = lp_parm_const_string(SNUM(handle->conn),
345 "fileid", "algorithm",
346 algorithm);
347 if (strcmp("fsname", algorithm) == 0) {
348 data->device_mapping_fn = fileid_device_mapping_fsname;
349 } else if (strcmp("fsname_nodirs", algorithm) == 0) {
350 data->device_mapping_fn = fileid_device_mapping_fsname_nodirs;
351 } else if (strcmp("fsid", algorithm) == 0) {
352 data->device_mapping_fn = fileid_device_mapping_fsid;
353 } else if (strcmp("hostname", algorithm) == 0) {
354 data->device_mapping_fn = fileid_device_mapping_hostname;
355 } else if (strcmp("fsname_norootdir", algorithm) == 0) {
356 data->device_mapping_fn = fileid_device_mapping_fsname;
357
358 ret = get_connectpath_ino(handle, &data->nolockinode);
359 if (ret != 0) {
360 saved_errno = errno;
361 SMB_VFS_NEXT_DISCONNECT(handle);
362 errno = saved_errno;
363 return -1;
364 }
365 } else {
366 SMB_VFS_NEXT_DISCONNECT(handle);
367 DEBUG(0,("fileid_connect(): unknown algorithm[%s]\n", algorithm));
368 return -1;
369 }
370
371 fstype_deny_list = lp_parm_string_list(SNUM(handle->conn), "fileid",
372 "fstype deny", NULL);
373 if (fstype_deny_list != NULL) {
374 data->fstype_deny_list = str_list_copy(data, fstype_deny_list);
375 if (data->fstype_deny_list == NULL) {
376 saved_errno = errno;
377 DBG_ERR("str_list_copy failed\n");
378 SMB_VFS_NEXT_DISCONNECT(handle);
379 errno = saved_errno;
380 return -1;
381 }
382 }
383
384 fstype_allow_list = lp_parm_string_list(SNUM(handle->conn), "fileid",
385 "fstype allow", NULL);
386 if (fstype_allow_list != NULL) {
387 data->fstype_allow_list = str_list_copy(data, fstype_allow_list);
388 if (data->fstype_allow_list == NULL) {
389 saved_errno = errno;
390 DBG_ERR("str_list_copy failed\n");
391 SMB_VFS_NEXT_DISCONNECT(handle);
392 errno = saved_errno;
393 return -1;
394 }
395 }
396
397 mntdir_deny_list = lp_parm_string_list(SNUM(handle->conn), "fileid",
398 "mntdir deny", NULL);
399 if (mntdir_deny_list != NULL) {
400 data->mntdir_deny_list = str_list_copy(data, mntdir_deny_list);
401 if (data->mntdir_deny_list == NULL) {
402 saved_errno = errno;
403 DBG_ERR("str_list_copy failed\n");
404 SMB_VFS_NEXT_DISCONNECT(handle);
405 errno = saved_errno;
406 return -1;
407 }
408 }
409
410 mntdir_allow_list = lp_parm_string_list(SNUM(handle->conn), "fileid",
411 "mntdir allow", NULL);
412 if (mntdir_allow_list != NULL) {
413 data->mntdir_allow_list = str_list_copy(data, mntdir_allow_list);
414 if (data->mntdir_allow_list == NULL) {
415 saved_errno = errno;
416 DBG_ERR("str_list_copy failed\n");
417 SMB_VFS_NEXT_DISCONNECT(handle);
418 errno = saved_errno;
419 return -1;
420 }
421 }
422
423 data->nolockinode = lp_parm_ulong(SNUM(handle->conn), "fileid",
424 "nolockinode", data->nolockinode);
425
426 SMB_VFS_HANDLE_SET_DATA(handle, data, NULL,
427 struct fileid_handle_data,
428 return -1);
429
430 DBG_DEBUG("connect to service[%s] with algorithm[%s] nolockinode %lli\n",
431 service, algorithm, (long long) data->nolockinode);
432
433 return 0;
434 }
435
436 static void fileid_disconnect(struct vfs_handle_struct *handle)
437 {
438 DEBUG(10,("fileid_disconnect() connect to service[%s].\n",
439 lp_servicename(talloc_tos(), SNUM(handle->conn))));
440
441 SMB_VFS_NEXT_DISCONNECT(handle);
442 }
443
444 static struct file_id fileid_file_id_create(struct vfs_handle_struct *handle,
445 const SMB_STRUCT_STAT *sbuf)
446 {
447 struct fileid_handle_data *data;
448 struct file_id id;
449 uint64_t devid;
450
451 ZERO_STRUCT(id);
452
453 SMB_VFS_HANDLE_GET_DATA(handle, data,
454 struct fileid_handle_data,
455 return id);
456
457 if ((data->nolockinode != 0) && (id.inode == data->nolockinode)) {
458 devid = fileid_device_mapping_hostname(data, sbuf);
459 } else {
460 devid = data->device_mapping_fn(data, sbuf);
461 }
462
463 id.inode = sbuf->st_ex_ino;
464 id.devid = devid;
465
466 DBG_DEBUG("Returning dev [%jx] inode [%jx]\n",
467 (uintmax_t)id.devid, (uintmax_t)id.inode);
468
469 return id;
470 }
471
472 static struct vfs_fn_pointers vfs_fileid_fns = {
473 .connect_fn = fileid_connect,
474 .disconnect_fn = fileid_disconnect,
475 .file_id_create_fn = fileid_file_id_create
476 };
477
478 static_decl_vfs;
479 NTSTATUS vfs_fileid_init(TALLOC_CTX *ctx)
480 {
481 NTSTATUS ret;
482
483 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "fileid",
484 &vfs_fileid_fns);
485 if (!NT_STATUS_IS_OK(ret)) {
486 return ret;
487 }
488
489 vfs_fileid_debug_level = debug_add_class("fileid");
490 if (vfs_fileid_debug_level == -1) {
491 vfs_fileid_debug_level = DBGC_VFS;
492 DEBUG(0, ("vfs_fileid: Couldn't register custom debugging class!\n"));
493 } else {
494 DEBUG(10, ("vfs_fileid: Debug class number of 'fileid': %d\n", vfs_fileid_debug_level));
495 }
496
497 return ret;
498 }
Samba GIT mirror