Re: cifs unable to access shares with read restricted at root level (bso#8950)

["Aurélien Aptel" <aaptel-IBi9RG/b67k@public.gmane.org>]

[-- Attachment #1: Type: text/plain, Size: 2251 bytes --]

I wanted to add a few things....

On Mon, 26 Oct 2015 13:18:17 +0100 Aurélien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
wrote:
> * How do you allocate a new dentry?  

That's too broad, forget this one. There are many functions to do that
depending on what you want.

> * What do d_obtain_alias() and d_splice_dentry() actually do? I've
> read the doc strings several times but I still have a hard time
> wrapping my head around it.  

To be more specific, where does d_obtain_alias() look for a dentry
associated with the provided inode? I would guess in all the connected
dentries for the inode superblock. If it's not there, what is the path
of the newly allocated dentry?

d_splice_alias() looks for an existing dentry associated with the
provided inode and if it founds one, replaces it with the one provided.
Correct?

Really, I think my biggest misunderstanding is, what does it mean for a
dentry to be disconnected?

> The result I'm getting seems to indicate that when an intermediary
> path element is inaccessible an alternate root dentry directly
> pointing to the requested path is created. The problem is that the
> prefixpath of that is not stored anywhere so when we ask for a
> pattern to list the content of that share, we use the path of the
> dentry from the root (which is, well /) instead of the share
> prefixpath.  

To illustrate this:

* User bill can only access HOST/share/sub/path and none of the
  intermediary path.

* When we mount this path to /mnt we realize we cannot access
  intermediary path.

* We create an alternative root which directly sores
  HOST/share/sub/path as / (but /sub/path/ is not stored anywhere!).

* When we ls /mnt, we use this alternate root path. The function that
  builds the share path from a dentry (build_path_from_dentry) simply
  walk the d_parent dentry until it reach /. In that case it immediatly
  stops because the disconnected root is.. a root. It should
  use /sub/path instead.

-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
Nürnberg)

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]