summaryrefslogtreecommitdiffstats
path: root/source3/modules/The_New_VFS.org
blob: 2f6a84c4868bbb4044c4aaafd701a35f01b2a0bf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
#+TITLE: The New Samba VFS
#+AUTHOR: Ralph Böhme, SerNet, Samba Team
#+DATE: {{{modification-time(%Y-%m-%d)}}}
* The new VFS
** Summary
The effort to modernize Samba's VFS interface has reached a major milestone with
the next release Samba 4.14.

Starting with version 4.14 Samba provides core infrastructure code that allows
basing all access to the server's filesystem on file handles and not on
paths. An example of this is using =fstat()= instead of =stat()=, or
=SMB_VFS_FSTAT()= instead of =SMB_VFS_STAT()= in Samba parlance.

Historically Samba's fileserver code had to deal a lot with processing path
based SMB requests. While the SMB protocol itself has been streamlined to be
purely handle based starting with SMB2, large parts of infrastructure code
remains in place that will "degrade" handle based SMB2 requests to path based
filesystem access.

In order to fully leverage the handle based nature of the SMB2 protocol we came
up with a straight forward way to convert this infrastructure code.

At the core, we introduced a helper function that opens a file handle that only
serves as a path reference and hence can not be used for any sort of access to
file data.

Samba's internal file handle structure is of type =struct files_struct= and all
variable pointing to objects of such type are typically called =fsp=. Until very
recently the only function that would open such a file handle and return an fsp
was =SMB_VFS_CREATE_FILE()=.

Internally =SMB_VFS_CREATE_FILE()= consisted of processing through Samba's VFS
open function to open the low level file and then going through Samba's Windows
NTFS emulation code.

The key point of the new helper function which is called =openat_pathref_fsp()=
is that it skips the NTFS emulation logic. Additionally, the handle is
restricted internally to be only usable as a path reference but not for any sort
of IO. On Linux this is achieved by using the =O_PATH= =open()= flag, on systems
without =O_PATH= support other mechanisms are used described in more detail
below.

Path processing in Samba typically means processing client supplied paths by
Samba's core path processing function =filename_convert()= which returns a
pointer to an object of type =struct smb_filename=. Pointers to such objects are
then passed around, often passing many layers of code.

By attaching an =fsp= file handle returned from =openat_pathref_fsp()= to all
=struct smb_filename= objects returned from =filename_convert()=, the whole
infrastructure code has immediate access to a file handle and so the large
infrastructure codebase can be converted to use handle based VFS functions
whenever VFS access is done in a piecemeal fashion.
** Samba and O_PATH
*** Background
 On Linux the =O_PATH= flag to =open()= can be used to open a filehandle on a
 file or directory with interesting properties: [fn:manpage]

 - the file-handle indicates a location in the filesystem tree,

 - no permission checks are done by the kernel on the filesystem object and

 - only operations that act purely at the file descriptor level are allowed.

 The file itself is not opened, and other file operations (e.g., ~read(2)~,
 ~write(2)~, ~fchmod(2)~, ~fchown(2)~, ~fgetxattr(2)~, ~ioctl(2)~, ~mmap(2)~) fail
 with the error ~EBADF~.

 The following subset of operations that is relevant to Samba is allowed:

 - ~close(2)~,

 - ~fchdir(2)~, if the file descriptor refers to a directory,

 - ~fstat(2)~,

 - ~fstatfs(2)~ and

 - passing the file descriptor as the dirfd argument of ~openat()~ and the other
   "*at()" system calls. This includes ~linkat(2)~ with AT_EMPTY_PATH (or via
   procfs using AT_SYMLINK_FOLLOW) even if the file is not a directory.

 Opening a file or directory with the ~O_PATH~ flag requires no permissions
 on the object itself (but does require execute permission on the
 directories in the path prefix). By contrast, obtaining a reference to a
 filesystem object by opening it with the ~O_RDONLY~ flag requires that the
 caller have read permission on the object, even when the subsequent
 operation (e.g., ~fchdir(2)~, ~fstat(2)~) does not require read permis‐
 sion on the object.

 If for example Samba receives an SMB request to open a file requesting
 ~SEC_FILE_READ_ATTRIBUTE~ access rights because the client wants to read the
 file's metadata from the handle, Samba will have to call ~open()~ with at least
 ~O_RDONLY~ access rights.
*** Usecases for O_PATH in Samba
 The ~O_PATH~ flag is currently not used in Samba. By leveraging this Linux
 specific flags we can avoid permission mismatches as described above.

 Additionally ~O_PATH~ allows basing all filesystem accesses done by the
 fileserver on handle based syscalls by opening all client pathnames with
 ~O_PATH~ and consistently using for example ~fstat()~ instead of ~stat()~
 throughout the codebase.

 Subsequent parts of this document will call such file-handles opened with O_PATH
 *path referencing file-handles* or *pathref*s for short.

*** When to open with O_PATH
 In Samba the decision whether to call POSIX ~open()~ on a client pathname or
 whether to leave the low-level handle at -1 (what we call a stat-open) is based
 on the client requested SMB access mask.

 The set of access rights that trigger an ~open()~ includes
 ~READ_CONTROL_ACCESS~. As a result, the open() will be done with at least
 ~O_RDONLY~. If the filesystem supports NT style ACLs natively (like GPFS or ZFS),
 the filesystem may grant the user requested right ~READ_CONTROL_ACCESS~, but it
 may not grant ~READ_DATA~ (~O_RDONLY~).

 Currently the full set of access rights that trigger opening a file is:

 - FILE_READ_DATA
 - FILE_WRITE_DATA
 - FILE_APPEND_DATA
 - FILE_EXECUTE
 - WRITE_DAC_ACCESS
 - WRITE_OWNER_ACCESS
 - SEC_FLAG_SYSTEM_SECURITY
 - READ_CONTROL_ACCESS

 In the future we can remove the following rights from the list on systems that
 support O_PATH:

 - WRITE_DAC_ACCESS
 - WRITE_OWNER_ACCESS
 - SEC_FLAG_SYSTEM_SECURITY
 - READ_CONTROL_ACCESS
*** Fallback on systems without O_PATH support
 The code of higher level file-handle consumers must be kept simple and
 streamlined, avoiding special casing the handling of the file-handles opened
 with or without ~O_PATH~. To achieve this, a fallback that allows opening a
 file-handle with the same higher level semantics even if the system doesn't
 support ~O_PATH~ is needed.

 The way this is implemented on such systems is impersonating the root user for
 the ~open()~ syscall. In order to avoid privilege escalations security issues,
 we must carefully control the use these file-handles.

 The low level filehandle is stored in a public struct ~struct file_handle~ that
 is part of the widely used ~struct files_struct~. Consumers used to simply
 access the fd directly by dereferencing pointers to ~struct files_struct~.

 In order to guard access to such file-handles we do two things:

 - tag the pathref file-handles and

 - control access to the file-handle by making the structure ~struct
   file_handle~ private, only allowing access with accessor functions that
   implement a security boundary.

 In order to avoid bypassing restrictive permissions on intermediate directories
 of a client path, the root user is only impersonated after changing directory
 to the parent directory of the client requested pathname.

 Two functions can then be used to fetch the low-level system file-handle from a
 ~struct files_struct~:

 - ~fsp_get_io_fd(fsp)~: enforces fsp is NOT a pathref file-handle and

 - ~fsp_get_pathref_fd(fsp)~: allows fsp to be either a pathref file-handle or a
   traditional POSIX file-handle opened with O_RDONLY or any other POSIX open
   flag.

 Note that the name ~fsp_get_pathref_fd()~ may sound confusing at first given
 that the fsp can be either a pathref fsp or a "normal/full" fsp, but as any
 full file-handle can be used for IO and as path reference, the name
 correctly reflects the intended usage of the caller.
*** When to use fsp_get_io_fd() or fsp_get_pathref_fd()

 The general guideline is:

 - if you do something like ~fstat(fd)~, use ~fsp_get_pathref_fd()~,

 - if you do something like ~*at(dirfd, ...)~, use ~fsp_get_pathref_fd()~,

 - if you want to print the fd for example in =DEBUG= messages, use ~fsp_get_pathref_fd()~,

 - if you want to call ~close(fd)~, use ~fsp_get_pathref_fd()~,

 - if you're doing a logical comparison of fd values, use ~fsp_get_pathref_fd()~.

 In any other case use ~fsp_get_io_fd()~.

[fn:manpage] parts of the following sections copied from man open(2)
[fn:gitlab] https://gitlab.com/samba-team/devel/samba/-/commits/slow-pathref-wip

* VFS status quo and remaining work
** VFS Functions Tables [fn:VFS_API]
*** Existing VFS Functions
#+ATTR_HTML: :border 1 :rules all :frame border
| VFS Function                      | Group    | Status |
|-----------------------------------+----------+--------|
| SMB_VFS_AIO_FORCE()               | [[fsp][fsp]]      | -      |
| SMB_VFS_AUDIT_FILE()              | [[Special][Special]]  | -      |
| SMB_VFS_BRL_LOCK_WINDOWS()        | [[fsp][fsp]]      | -      |
| SMB_VFS_BRL_UNLOCK_WINDOWS()      | [[fsp][fsp]]      | -      |
| SMB_VFS_CHDIR()                   | [[Path][Path]]     | Todo   |
| SMB_VFS_CHFLAGS()                 | [[Path][Path]]     | -      |
| SMB_VFS_CHMOD()                   | [[Path][Path]]     | -      |
| SMB_VFS_CLOSE()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_CLOSEDIR()                | [[fsp][fsp]]      | -      |
| SMB_VFS_CONNECT()                 | [[Disk][Disk]]     | -      |
| SMB_VFS_CONNECTPATH()             | [[P2px][P2px]]     | -      |
| SMB_VFS_CREATE_DFS_PATHAT()       | [[NsC][NsC]]      | -      |
| SMB_VFS_CREATE_FILE()             | [[NsC][NsC]]      | -      |
| SMB_VFS_DISCONNECT()              | [[Disk][Disk]]     | -      |
| SMB_VFS_DISK_FREE()               | [[Disk][Disk]]     | -      |
| SMB_VFS_DURABLE_COOKIE()          | [[fsp][fsp]]      | -      |
| SMB_VFS_DURABLE_DISCONNECT()      | [[fsp][fsp]]      | -      |
| SMB_VFS_DURABLE_RECONNECT()       | [[fsp][fsp]]      | -      |
| SMB_VFS_FALLOCATE()               | [[fsp][fsp]]      | -      |
| SMB_VFS_FCHMOD()                  | [[fsp][fsp]]      | -      |
| SMB_VFS_FCHOWN()                  | [[fsp][fsp]]      | -      |
| SMB_VFS_FCNTL()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_FDOPENDIR()               | [[fsp][fsp]]      | -      |
| SMB_VFS_FGET_COMPRESSION()        | [[fsp][fsp]]      | -      |
| SMB_VFS_FGET_DOS_ATTRIBUTES()     | [[fsp][fsp]]      | -      |
| SMB_VFS_FGET_NT_ACL()             | [[fsp][fsp]]      | -      |
| SMB_VFS_FGETXATTR()               | [[xpathref][xpathref]] | -      |
| SMB_VFS_FILE_ID_CREATE()          | [[Special][Special]]  | -      |
| SMB_VFS_FLISTXATTR()              | [[xpathref][xpathref]] | -      |
| SMB_VFS_FREMOVEXATTR()            | [[xpathref][xpathref]] | -      |
| SMB_VFS_FS_CAPABILITIES()         | [[Disk][Disk]]     | -      |
| SMB_VFS_FSCTL()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_FSET_DOS_ATTRIBUTES()     | [[fsp][fsp]]      | -      |
| SMB_VFS_FSET_NT_ACL()             | [[fsp][fsp]]      | -      |
| SMB_VFS_FSETXATTR()               | [[xpathref][xpathref]] | -      |
| SMB_VFS_FS_FILE_ID()              | [[Special][Special]]  | -      |
| SMB_VFS_FSTAT()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_FSYNC()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_FSYNC_SEND()              | [[fsp][fsp]]      | -      |
| SMB_VFS_FTRUNCATE()               | [[fsp][fsp]]      | -      |
| SMB_VFS_GET_ALLOC_SIZE()          | [[fsp][fsp]]      | -      |
| SMB_VFS_GET_DFS_REFERRALS()       | [[Disk][Disk]]     | -      |
| SMB_VFS_GET_DOS_ATTRIBUTES_RECV() | [[Enum][Enum]]     | -      |
| SMB_VFS_GET_DOS_ATTRIBUTES_SEND() | [[Enum][Enum]]     | -      |
| SMB_VFS_GETLOCK()                 | [[fsp][fsp]]      | -      |
| SMB_VFS_GET_NT_ACL_AT()           | [[Path][Path]]     | -      |
| SMB_VFS_GET_QUOTA()               | [[Special][Special]]  | -      |
| SMB_VFS_GET_REAL_FILENAME()       | [[P2px][P2px]]     | -      |
| SMB_VFS_GET_SHADOW_COPY_DATA()    | [[fsp][fsp]]      | -      |
| SMB_VFS_GETWD()                   | [[Special][Special]]  | -      |
| SMB_VFS_GETXATTR()                | [[Path][Path]]     | -      |
| SMB_VFS_GETXATTRAT_RECV()         | [[Enum][Enum]]     | -      |
| SMB_VFS_GETXATTRAT_SEND()         | [[Enum][Enum]]     | -      |
| SMB_VFS_FILESYSTEM_SHAREMODE()    | [[fsp][fsp]]      | -      |
| SMB_VFS_LCHOWN()                  | [[Path][Path]]     | Todo   |
| SMB_VFS_LINKAT()                  | [[NsC][NsC]]      | -      |
| SMB_VFS_LINUX_SETLEASE()          | [[fsp][fsp]]      | -      |
| SMB_VFS_LISTXATTR()               | [[Path][Path]]     | -      |
| SMB_VFS_LOCK()                    | [[fsp][fsp]]      | -      |
| SMB_VFS_LSEEK()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_LSTAT()                   | [[Path][Path]]     | Todo   |
| SMB_VFS_MKDIRAT()                 | [[NsC][NsC]]      | -      |
| SMB_VFS_MKNODAT()                 | [[NsC][NsC]]      | -      |
| SMB_VFS_NTIMES()                  | [[Path][Path]]     | -      |
| SMB_VFS_OFFLOAD_READ_RECV()       | [[fsp][fsp]]      | -      |
| SMB_VFS_OFFLOAD_READ_SEND()       | [[fsp][fsp]]      | -      |
| SMB_VFS_OFFLOAD_WRITE_RECV()      | [[fsp][fsp]]      | -      |
| SMB_VFS_OFFLOAD_WRITE_SEND()      | [[fsp][fsp]]      | -      |
| SMB_VFS_OPENAT()                  | [[NsC][NsC]]      | -      |
| SMB_VFS_PREAD()                   | [[fsp][fsp]]      | -      |
| SMB_VFS_PREAD_SEND()              | [[fsp][fsp]]      | -      |
| SMB_VFS_PWRITE()                  | [[fsp][fsp]]      | -      |
| SMB_VFS_PWRITE_SEND()             | [[fsp][fsp]]      | -      |
| SMB_VFS_READ_DFS_PATHAT()         | [[Symlink][Symlink]]  | -      |
| SMB_VFS_READDIR()                 | [[fsp][fsp]]      | -      |
| SMB_VFS_READDIR_ATTR()            | [[Path][Path]]     | -      |
| SMB_VFS_READLINKAT()              | [[Symlink][Symlink]]  | -      |
| SMB_VFS_REALPATH()                | [[P2px][P2px]]     | -      |
| SMB_VFS_RECVFILE()                | [[fsp][fsp]]      | -      |
| SMB_VFS_REMOVEXATTR()             | [[Path][Path]]     | -      |
| SMB_VFS_RENAMEAT()                | [[Path][Path]]     | ----   |
| SMB_VFS_REWINDDIR()               | [[fsp][fsp]]      | -      |
| SMB_VFS_SENDFILE()                | [[fsp][fsp]]      | -      |
| SMB_VFS_SET_COMPRESSION()         | [[fsp][fsp]]      | -      |
| SMB_VFS_SET_DOS_ATTRIBUTES()      | [[Path][Path]]     | -      |
| SMB_VFS_SET_QUOTA()               | [[Special][Special]]  | -      |
| SMB_VFS_SETXATTR()                | [[Path][Path]]     | -      |
| SMB_VFS_SNAP_CHECK_PATH()         | [[Disk][Disk]]     | -      |
| SMB_VFS_SNAP_CREATE()             | [[Disk][Disk]]     | -      |
| SMB_VFS_SNAP_DELETE()             | [[Disk][Disk]]     | -      |
| SMB_VFS_STAT()                    | [[Path][Path]]     | Todo   |
| SMB_VFS_STATVFS()                 | [[Disk][Disk]]     | -      |
| SMB_VFS_STREAMINFO()              | [[Path][Path]]     | -      |
| SMB_VFS_STRICT_LOCK_CHECK()       | [[fsp][fsp]]      | -      |
| SMB_VFS_SYMLINKAT()               | [[NsC][NsC]]      | -      |
| SMB_VFS_SYS_ACL_BLOB_GET_FD()     | [[xpathref][xpathref]] | -      |
| SMB_VFS_SYS_ACL_BLOB_GET_FILE()   | [[Path][Path]]     | -      |
| SMB_VFS_SYS_ACL_DELETE_DEF_FILE() | [[Path][Path]]     | -      |
| SMB_VFS_SYS_ACL_GET_FD()          | [[xpathref][xpathref]] | -      |
| SMB_VFS_SYS_ACL_GET_FILE()        | [[Path][Path]]     | -      |
| SMB_VFS_SYS_ACL_SET_FD()          | [[xpathref][xpathref]] | -      |
| SMB_VFS_TRANSLATE_NAME()          | [[P2px][P2px]]     | -      |
| SMB_VFS_UNLINKAT()                | [[NsC][NsC]]      | -      |
|-----------------------------------+----------+--------|

*** New VFS Functions
#+ATTR_HTML: :border 1 :rules all :frame border
| VFS Function                    | Group    | Status |
|---------------------------------+----------+--------|
| SMB_VFS_SYS_ACL_DELETE_DEF_FD() | [[xpathref][xpathref]] | -     |
| SMB_VFS_FNTIMENS()              | [[fsp][fsp]]      | -      |
|---------------------------------+----------+--------|

** VFS functions by category
*** Disk operations <<Disk>>
 - SMB_VFS_CONNECT()
 - SMB_VFS_DISCONNECT()
 - SMB_VFS_DISK_FREE()
 - SMB_VFS_FS_CAPABILITIES()
 - SMB_VFS_GET_DFS_REFERRALS()
 - SMB_VFS_SNAP_CHECK_PATH()
 - SMB_VFS_SNAP_CREATE()
 - SMB_VFS_SNAP_DELETE()
 - SMB_VFS_STATVFS()

 No changes needed.
*** Handle based VFS functions <<fsp>>
 - SMB_VFS_AIO_FORCE()
 - SMB_VFS_BRL_LOCK_WINDOWS()
 - SMB_VFS_BRL_UNLOCK_WINDOWS()
 - SMB_VFS_CLOSE()
 - SMB_VFS_CLOSEDIR()
 - SMB_VFS_DURABLE_COOKIE()
 - SMB_VFS_DURABLE_DISCONNECT()
 - SMB_VFS_FALLOCATE()
 - SMB_VFS_FCHMOD()
 - SMB_VFS_FCHOWN()
 - SMB_VFS_FCNTL()
 - SMB_VFS_FDOPENDIR()
 - SMB_VFS_FGET_DOS_ATTRIBUTES()
 - SMB_VFS_FGET_NT_ACL()
 - SMB_VFS_FSCTL()
 - SMB_VFS_FSET_DOS_ATTRIBUTES()
 - SMB_VFS_FSET_NT_ACL()
 - SMB_VFS_FSTAT()
 - SMB_VFS_FSYNC()
 - SMB_VFS_FSYNC_SEND()
 - SMB_VFS_FTRUNCATE()
 - SMB_VFS_GETLOCK()
 - SMB_VFS_GET_ALLOC_SIZE()
 - SMB_VFS_GET_SHADOW_COPY_DATA()
 - SMB_VFS_FILESYSTEM_SHAREMODE()
 - SMB_VFS_LINUX_SETLEASE()
 - SMB_VFS_LOCK()
 - SMB_VFS_LSEEK()
 - SMB_VFS_OFFLOAD_READ_SEND()
 - SMB_VFS_OFFLOAD_WRITE_SEND()
 - SMB_VFS_PREAD()
 - SMB_VFS_PREAD_SEND()
 - SMB_VFS_PWRITE()
 - SMB_VFS_PWRITE_SEND()
 - SMB_VFS_READDIR()
 - SMB_VFS_RECVFILE()
 - SMB_VFS_REWINDDIR()
 - SMB_VFS_SENDFILE()
 - SMB_VFS_SET_COMPRESSION()
 - SMB_VFS_STRICT_LOCK_CHECK()

 If an fsp is provided by the SMB layer we use that, otherwise we use the
 pathref fsp =smb_fname->fsp= provided by =filename_convert()=.
*** Namespace changing VFS functions <<NsC>>

 - SMB_VFS_CREATE_FILE()

 All intermediate VFS calls within =SMB_VFS_CREATE_FILE()= will be based on
 =smb_fname->fsp= if the requested path exists. When creating a file we rely on
 =non_widelink_open()= which doesn't depend on a dirfsp.

 - SMB_VFS_MKDIRAT()

 Needs a real dirfsp (done).

 - SMB_VFS_OPENAT()

 Is only called from within =non_widelink_open()= with a dirfsp equivalent of
 =AT_FDCWD= and so doesn't need a real dirfsp.

 The following operations need a real dirfsp:

 - SMB_VFS_LINKAT()
 - SMB_VFS_MKNODAT()
 - SMB_VFS_RENAMEAT()
 - SMB_VFS_SYMLINKAT()
 - SMB_VFS_UNLINKAT()

 Callers use =openat_pathref_fsp()= to open a fsp on the parent directory.

*** Path based VFS functions <<Path>>
 All path based VFS functions  will be replaced by handle based variants using the
 =smb_fname->fsp= provided by =filename_convert()=.

 - SMB_VFS_CHDIR()
 - SMB_VFS_CHFLAGS()
 - SMB_VFS_CHMOD()
 - SMB_VFS_DURABLE_RECONNECT()
 - SMB_VFS_GETXATTR()
 - SMB_VFS_GET_COMPRESSION()
 - SMB_VFS_GET_DOS_ATTRIBUTES()
 - SMB_VFS_GET_NT_ACL_AT()
 - SMB_VFS_LCHOWN()
 - SMB_VFS_LISTXATTR()
 - SMB_VFS_LSTAT()
 - SMB_VFS_NTIMES()
 - SMB_VFS_REMOVEXATTR()
 - SMB_VFS_SETXATTR()
 - SMB_VFS_SET_DOS_ATTRIBUTES()
 - SMB_VFS_STAT()
 - SMB_VFS_STREAMINFO()
 - SMB_VFS_SYS_ACL_BLOB_GET_FILE()
 - SMB_VFS_SYS_ACL_DELETE_DEF_FILE()
 - SMB_VFS_SYS_ACL_GET_FILE()
 - SMB_VFS_SYS_ACL_SET_FILE()

 Replace with corresponding handle based VFS calls.
*** AT VFS functions that can't be based on handles <<Symlink>>

 - SMB_VFS_CREATE_DFS_PATHAT()
 - SMB_VFS_READ_DFS_PATHAT()
 - SMB_VFS_READLINKAT()

 As the DFS link implementation is based on symlinks, we have to use *AT based
 functions with real dirfsps.

*** AT VFS functions needed for directory enumeration <<Enum>>
 - SMB_VFS_GET_DOS_ATTRIBUTES_SEND()
 - SMB_VFS_GETXATTRAT_SEND()
*** Handle based VFS functions not allowed on O_PATH opened handles <<xpathref>>
 - SMB_VFS_FGETXATTR()
 - SMB_VFS_FLISTXATTR()
 - SMB_VFS_FREMOVEXATTR()
 - SMB_VFS_FSETXATTR()
 - SMB_VFS_SYS_ACL_BLOB_GET_FD()
 - SMB_VFS_SYS_ACL_GET_FD()
 - SMB_VFS_SYS_ACL_DELETE_DEF_FD() (NEW)
 - SMB_VFS_SYS_ACL_SET_FD()

 Based upon securely opening a full fd based on =/proc/self/fd/%d= as in the case
 of xattrs, pathref handles can't be used for xattr IO, and in the case of ACLs
 pathref handles can't be used to access default ACEs.
*** Pure path to path translation <<P2px>>
 - SMB_VFS_CONNECTPATH()
 - SMB_VFS_GET_REAL_FILENAME()
 - SMB_VFS_REALPATH()
 - SMB_VFS_TRANSLATE_NAME()

 No changes needed.
*** Special cases <<Special>>
 - SMB_VFS_FILE_ID_CREATE()
 - SMB_VFS_FS_FILE_ID()
 - SMB_VFS_GET_QUOTA()
 - SMB_VFS_GETWD()
 - SMB_VFS_SET_QUOTA()

 No changes needed.

 - SMB_VFS_AUDIT_FILE()

 This is currently unused.

[fn:VFS_API] ~grep 'SMB_VFS_*' source3/include/vfs_macros.h | grep -v NEXT_ | sed 's|.*\(SMB_VFS_.*\)(.*|\1()|' | sort~