/*
- * Third attempt at a shadow copy module
+ * shadow_copy2: a shadow copy module (second implementation)
*
* Copyright (C) Andrew Tridgell 2007 (portions taken from shadow_copy2)
* Copyright (C) Ed Plese 2009
*/
/*
-
- This is a 3rd implemetation of a shadow copy module for exposing
- snapshots to windows clients as shadow copies. This version has the
- following features:
-
- 1) you don't need to populate your shares with symlinks to the
- snapshots. This can be very important when you have thousands of
- shares, or use [homes]
-
- 2) the inode number of the files is altered so it is different
- from the original. This allows the 'restore' button to work
- without a sharing violation
-
- 3) shadow copy results can be sorted before being sent to the
- client. This is beneficial for filesystems that don't read
- directories alphabetically (the default unix).
-
- 4) vanity naming for snapshots. Snapshots can be named in any
- format compatible with str[fp]time conversions.
-
- 5) time stamps in snapshot names can be represented in localtime
- rather than UTC.
-
- Module options:
-
- shadow:snapdir = <directory where snapshots are kept>
-
- This is the directory containing the @GMT-* snapshot directories. If it is an absolute
- path it is used as-is. If it is a relative path, then it is taken relative to the mount
- point of the filesystem that the root of this share is on
-
- shadow:basedir = <base directory that snapshots are from>
-
- This is an optional parameter that specifies the directory that
- the snapshots are relative to. It defaults to the filesystem
- mount point
-
- shadow:fixinodes = yes/no
-
- If you enable shadow:fixinodes then this module will modify the
- apparent inode number of files in the snapshot directories using
- a hash of the files path. This is needed for snapshot systems
- where the snapshots have the same device:inode number as the
- original files (such as happens with GPFS snapshots). If you
- don't set this option then the 'restore' button in the shadow
- copy UI will fail with a sharing violation.
-
- shadow:sort = asc/desc, or not specified for unsorted (default)
-
- This is an optional parameter that specifies that the shadow
- copy directories should be sorted before sending them to the
- client. This can be beneficial as unix filesystems are usually
- not listed alphabetically sorted. If enabled, you typically
- want to specify descending order.
-
- shadow:format = <format specification for snapshot names>
-
- This is an optional parameter that specifies the format
- specification for the naming of snapshots. The format must
- be compatible with the conversion specifications recognized
- by str[fp]time. The default value is "@GMT-%Y.%m.%d-%H.%M.%S".
-
- shadow:sscanf = yes/no (default is no)
-
- The time is the unsigned long integer (%lu) in the format string
- rather than a time strptime() can parse. The result must be a unix time_t
- time.
-
- shadow:localtime = yes/no (default is no)
-
- This is an optional parameter that indicates whether the
- snapshot names are in UTC/GMT or the local time.
-
-
- The following command would generate a correctly formatted directory name
- for use with the default parameters:
- date -u +@GMT-%Y.%m.%d-%H.%M.%S
+ * This is a second implemetation of a shadow copy module for exposing
+ * file system snapshots to windows clients as shadow copies.
+ *
+ * See the manual page for documentation.
*/
#include "includes.h"
+#include "smbd/smbd.h"
#include "system/filesys.h"
#include "include/ntioctl.h"
-#include <ccan/hash/hash.h>
#include "util_tdb.h"
struct shadow_copy2_config {
}
/**
- * Given a timstamp, build the posix level GTM-tag string
+ * Given a timestamp, build the posix level GMT-tag string
* based on the configurable format.
*/
static size_t shadow_copy2_posix_gmt_string(struct vfs_handle_struct *handle,
}
/**
- * Given a timstamp, build the string to insert into a path
+ * Given a timestamp, build the string to insert into a path
* as a path component for creating the local path to the
* snapshot at the given timestamp of the input path.
*
}
/**
- * Strip a snapshot component from an filename as
+ * Strip a snapshot component from a filename as
* handed in via the smb layer.
* Returns the parsed timestamp and the stripped filename.
*/
char *stripped;
size_t rest_len, dst_len;
struct shadow_copy2_config *config;
+ const char *snapdir;
+ ssize_t snapdirlen;
+ ptrdiff_t len_before_gmt;
SMB_VFS_HANDLE_GET_DATA(handle, config, struct shadow_copy2_config,
return false);
p = strstr_m(name, "@GMT-");
if (p == NULL) {
+ DEBUG(11, ("@GMT not found\n"));
goto no_snapshot;
}
if ((p > name) && (p[-1] != '/')) {
/* the GMT-token does not start a path-component */
+ DEBUG(10, ("not at start, p=%p, name=%p, p[-1]=%d\n",
+ p, name, (int)p[-1]));
goto no_snapshot;
}
+
+ /*
+ * Figure out whether we got an already converted string. One
+ * case where this happens is in a smb2 create call with the
+ * mxac create blob set. We do the get_acl call on
+ * fsp->fsp_name, which is already converted. We are converted
+ * if we got a file name of the form ".snapshots/@GMT-",
+ * i.e. ".snapshots/" precedes "p".
+ */
+
+ snapdir = lp_parm_const_string(SNUM(handle->conn), "shadow", "snapdir",
+ ".snapshots");
+ snapdirlen = strlen(snapdir);
+ len_before_gmt = p - name;
+
+ if ((len_before_gmt >= (snapdirlen + 1)) && (p[-1] == '/')) {
+ const char *parent_snapdir = p - (snapdirlen+1);
+
+ DEBUG(10, ("parent_snapdir = %s\n", parent_snapdir));
+
+ if (strncmp(parent_snapdir, snapdir, snapdirlen) == 0) {
+ DEBUG(10, ("name=%s is already converted\n", name));
+ goto no_snapshot;
+ }
+ }
q = strptime(p, GMT_FORMAT, &tm);
if (q == NULL) {
+ DEBUG(10, ("strptime failed\n"));
goto no_snapshot;
}
tm.tm_isdst = -1;
timestamp = timegm(&tm);
if (timestamp == (time_t)-1) {
+ DEBUG(10, ("timestamp==-1\n"));
goto no_snapshot;
}
- if ((p == name) && (q[0] == '\0')) {
- /* the name consists of only the GMT token */
+ if (q[0] == '\0') {
+ /*
+ * The name consists of only the GMT token or the GMT
+ * token is at the end of the path. XP seems to send
+ * @GMT- at the end under certain circumstances even
+ * with a path prefix.
+ */
if (pstripped != NULL) {
- stripped = talloc_strdup(mem_ctx, "");
+ stripped = talloc_strndup(mem_ctx, name, p - name);
if (stripped == NULL) {
return false;
}
}
if (q[0] != '/') {
/*
- * The GMT token is either at the end of the path
- * or it is not a complete path component, i.e. the
- * path component continues after the gmt-token.
- *
- * TODO: Is this correct? Or would the GMT tag as the
- * last component be a valid input?
+ * It is not a complete path component, i.e. the path
+ * component continues after the gmt-token.
*/
+ DEBUG(10, ("q[0] = %d\n", (int)q[0]));
goto no_snapshot;
}
q += 1;
"insert string '%s'\n", name, insert));
have_insert = (strstr(name, insert+1) != NULL);
+ DEBUG(10, ("have_insert=%d, name=%s, insert+1=%s\n",
+ (int)have_insert, name, insert+1));
if (have_insert) {
DEBUG(10, (__location__ ": insert string '%s' found in "
"path '%s' found in snapdirseverywhere mode "
/* never reached ... */
}
- path = talloc_asprintf(mem_ctx, "%s/%s", handle->conn->connectpath,
- name);
+ if (name[0] == 0) {
+ path = talloc_strdup(mem_ctx, handle->conn->connectpath);
+ } else {
+ path = talloc_asprintf(
+ mem_ctx, "%s/%s", handle->conn->connectpath, name);
+ }
if (path == NULL) {
errno = ENOMEM;
goto fail;
}
insertlen = talloc_get_size(insert)-1;
- converted = talloc_zero_array(mem_ctx, char, pathlen + insertlen + 1);
+ /*
+ * Note: We deliberatly don't expensively initialize the
+ * array with talloc_zero here: Putting zero into
+ * converted[pathlen+insertlen] below is sufficient, because
+ * in the following for loop, the insert string is inserted
+ * at various slash places. So the memory up to position
+ * pathlen+insertlen will always be initialized when the
+ * converted string is used.
+ */
+ converted = talloc_array(mem_ctx, char, pathlen + insertlen + 1);
if (converted == NULL) {
goto fail;
}
number collision, but I can't see a better approach
without significant VFS changes
*/
+ TDB_DATA key = { .dptr = discard_const_p(uint8_t, fname),
+ .dsize = strlen(fname) };
uint32_t shash;
- shash = hash(fname, strlen(fname), 0) & 0xFF000000;
+ shash = tdb_jenkins_hash(&key) & 0xFF000000;
if (shash == 0) {
shash = 1;
}
static DIR *shadow_copy2_opendir(vfs_handle_struct *handle,
const char *fname,
const char *mask,
- uint32 attr)
+ uint32_t attr)
{
time_t timestamp;
char *stripped;
return NULL;
}
+static bool check_access_snapdir(struct vfs_handle_struct *handle,
+ const char *path)
+{
+ struct smb_filename smb_fname;
+ int ret;
+ NTSTATUS status;
+
+ ZERO_STRUCT(smb_fname);
+ smb_fname.base_name = talloc_asprintf(talloc_tos(),
+ "%s",
+ path);
+ if (smb_fname.base_name == NULL) {
+ return false;
+ }
+
+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
+ TALLOC_FREE(smb_fname.base_name);
+ return false;
+ }
+
+ status = smbd_check_access_rights(handle->conn,
+ &smb_fname,
+ false,
+ SEC_DIR_LIST);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("user does not have list permission "
+ "on snapdir %s\n",
+ smb_fname.base_name));
+ TALLOC_FREE(smb_fname.base_name);
+ return false;
+ }
+ TALLOC_FREE(smb_fname.base_name);
+ return true;
+}
+
/**
* Find the snapshot directory (if any) for the given
* filename (which is relative to the share).
const char *snapdir;
struct dirent *d;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ bool ret;
snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle, fsp->fsp_name);
if (snapdir == NULL) {
talloc_free(tmp_ctx);
return -1;
}
+ ret = check_access_snapdir(handle, snapdir);
+ if (!ret) {
+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
+ errno = EACCES;
+ talloc_free(tmp_ctx);
+ return -1;
+ }
p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
static NTSTATUS shadow_copy2_fget_nt_acl(vfs_handle_struct *handle,
struct files_struct *fsp,
- uint32 security_info,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle,
const char *fname,
- uint32 security_info,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
int saved_errno;
char *conv;
+ DEBUG(10, ("shadow_copy2_get_real_filename called for path=[%s], "
+ "name=[%s]\n", path, name));
+
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, path,
×tamp, &stripped)) {
+ DEBUG(10, ("shadow_copy2_strip_snapshot failed\n"));
return -1;
}
if (timestamp == 0) {
+ DEBUG(10, ("timestamp == 0\n"));
return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
mem_ctx, found_name);
}
- if (stripped[0] == '\0') {
- *found_name = talloc_strdup(mem_ctx, name);
- if (*found_name == NULL) {
- errno = ENOMEM;
- return -1;
- }
- return 0;
- }
conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
TALLOC_FREE(stripped);
if (conv == NULL) {
+ DEBUG(10, ("shadow_copy2_convert failed\n"));
return -1;
}
+ DEBUG(10, ("Calling NEXT_GET_REAL_FILE_NAME for conv=[%s], "
+ "name=[%s]\n", conv, name));
ret = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, conv, name,
mem_ctx, found_name);
+ DEBUG(10, ("NEXT_REAL_FILE_NAME returned %d\n", (int)ret));
saved_errno = errno;
TALLOC_FREE(conv);
errno = saved_errno;
}
static uint64_t shadow_copy2_disk_free(vfs_handle_struct *handle,
- const char *path, bool small_query,
- uint64_t *bsize, uint64_t *dfree,
- uint64_t *dsize)
+ const char *path, uint64_t *bsize,
+ uint64_t *dfree, uint64_t *dsize)
{
time_t timestamp;
char *stripped;
return -1;
}
if (timestamp == 0) {
- return SMB_VFS_NEXT_DISK_FREE(handle, path, small_query,
+ return SMB_VFS_NEXT_DISK_FREE(handle, path,
bsize, dfree, dsize);
}
return -1;
}
- ret = SMB_VFS_NEXT_DISK_FREE(handle, conv, small_query, bsize, dfree,
- dsize);
+ ret = SMB_VFS_NEXT_DISK_FREE(handle, conv, bsize, dfree, dsize);
saved_errno = errno;
TALLOC_FREE(conv);
config->mount_point = shadow_copy2_find_mount_point(config,
handle);
if (config->mount_point == NULL) {
- DEBUG(0, (__location__ ": shadow_copy2_find_mount_point"
- " failed: %s\n", strerror(errno)));
+ DBG_WARNING("shadow_copy2_find_mount_point "
+ "of the share root '%s' failed: %s\n",
+ handle->conn->connectpath, strerror(errno));
return -1;
}
}