Web lists-archives.com

Re: [Samba] FreeBSD samba server returns nt_status_acces_denied when DosStream xattr larger than 64KB




On Wed, Aug 02, 2017 at 11:21:56AM -0500, Andrew Walker via samba wrote:
> I wrote a powershell script on a windows computer to write an ADS on a file
> on a FreeBSD server with streams_xattr enabled. If it's smaller than 64KB,
> it succeeds. If it's larger than 64KB, I get an "access denied message" and
> powershell crashes. FreeBSD actually allows creation of large extended
> attributes (at least on ZFS volumes). I've personally added ones of up to
> 3MB in size, but have never actually tested the limits.

oh, really? Does it these day support the POSIX file IO API on xattrs like
Solaris does? It didn't the last time I checked.

> For the fun of it I decided to run the following command from the CLI in
> FreeBSD "cat <large file> | setextattr -i user
> 'DosStream.User.SecretStream:$DATA' test.txt" This had the effect of
> creating something that samba should recognize as an ADS that is
> arbitrarily large.
> 
> If I run the following powershell command from a Windows client "Get-Item
> -Path .\test.txt -stream *", I do not see the ADS listed unless it is
> smaller than 64KB. When it is larger than it, and I have logging ratcheted
> up I get logs like below. Out of curiousity, does Samba not support large
> ADS? Do you have any pointers on how to maybe coax Samba into letting me
> abuse xattrs better?

Yeah, iirc a built in buffer-size limit. We don't expect xattrs to be much
larger, as no fs on Linux supports xattrs larger then iirc 64 KB.

If you feel like it, you could write a VFS module that adds better support for
this on FreeBSD, but what is the use case?

-slow

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba