rovema.kpaste.net RSS- diff --git a/daemon/acl.c b/daemon/acl.c
- index 3a86735..1145011 100644
- --- a/daemon/acl.c
- +++ b/daemon/acl.c
- @@ -60,11 +60,16 @@ static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid,
- dprintf(ACLLVL, "create_unknownsid: CreateWellKnownSid type %d returned %d "
- "GetLastError %d sid len %d needed\n", type, status,
- GetLastError(), *sid_len);
- - if (status)
- - return ERROR_INTERNAL_ERROR;
- + if (status) {
- + status = ERROR_INTERNAL_ERROR;
- + goto err;
- + }
- status = GetLastError();
- if (status != ERROR_INSUFFICIENT_BUFFER)
- - return status;
- + goto err;
- +#if 1
- +(*sid_len) += 128;
- +#endif
- *sid = malloc(*sid_len);
- if (*sid == NULL)
- return ERROR_INSUFFICIENT_BUFFER;
- @@ -73,6 +78,7 @@ static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid,
- return ERROR_SUCCESS;
- free(*sid);
- status = GetLastError();
- +err:
- eprintf("create_unknownsid: CreateWellKnownSid failed with %d\n", status);
- return status;
- }
- @@ -90,20 +96,131 @@ static void convert_nfs4name_2_user_domain(LPSTR nfs4name,
- }
- }
- +/*
- + * Allocate a SID from SECURITY_SAMBA_UNIX_AUTHORITY, which encodes an
- + * UNIX/POSIX uid directly into a SID.
- + *
- + * Example:
- + * UID 1616 gets mapped to "Unix_User+1616", encoding the UID into the
- + * SID as "S-1-22-1-1616"
- + * $ getent passwd Unix_User+1616
- + * Unix_User+1616:*:4278191696:4278191696:U-Unix_User616,S-1-22-1-1616:/:/sbin/nologin
- + *
- + */
- +
- +/* S-1-22-1-0 for uid 0 */
- +#define SECURITY_SAMBA_UNIX_AUTHORITY { { 0,0,0,0,0,22 } }
- +SID_IDENTIFIER_AUTHORITY sid_id_auth = SECURITY_SAMBA_UNIX_AUTHORITY;
- +
- +BOOL AllocateUnixUserSID(unsigned long uid, PSID *pSid)
- +{
- + PSID sid = NULL;
- + PSID malloced_sid = NULL;
- + DWORD sid_len;
- +
- + if (AllocateAndInitializeSid(&sid_id_auth, 2, 1, (DWORD)uid,
- + 0, 0, 0, 0, 0, 0, &sid)) {
- + sid_len = GetLengthSid(sid);
- +#if 1
- +sid_len += 128;
- +#endif
- + malloced_sid = malloc(sid_len);
- +
- + if (malloced_sid) {
- + /*
- + * |AllocateAndInitializeSid()| has an own memory
- + * allocator, but we need the sid in memory from
- + * |malloc()|
- + */
- + if (CopySid(sid_len, malloced_sid, sid)) {
- + FreeSid(sid);
- + *pSid = malloced_sid;
- + dprintf(ACLLVL, "AllocateUnixUserSID(): Allocated "
- + "Unix_User+%lu: success, len=%ld\n",
- + uid, (long)sid_len);
- + return TRUE;
- + }
- + }
- + }
- +
- + FreeSid(sid);
- + free(malloced_sid);
- + dprintf(ACLLVL, "AllocateUnixUserSID(): Failed to allocate "
- + "Unix_User+%lu: error code %d\n",
- + uid, GetLastError());
- + return FALSE;
- +}
- +
- static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
- {
- int status = ERROR_INTERNAL_ERROR;
- SID_NAME_USE sid_type;
- LPSTR tmp_buf = NULL;
- DWORD tmp = 0;
- + signed long name_uid = -1;
- +
- + if (isdigit(name[0])) {
- + /* fixme: |name| can be a group name, too */
- + name_uid = atol(name);
- + }
- + else if(!strcmp(name, "nobody")) {
- + name_uid = 65534;
- + }
- + else if(!strcmp(name, "nogroup")) {
- + name_uid = 65534;
- + }
- + else if(!strcmp(name, "root")) {
- + name_uid = 0;
- + }
- + else if(!strcmp(name, "rmainz")) {
- + name_uid = 1616;
- + }
- + else if(!strcmp(name, "swulsch")) {
- + name_uid = 1818;
- + }
- + else if(!strcmp(name, "mwenzel")) {
- + name_uid = 8239;
- + }
- + else if(!strcmp(name, "test001")) {
- + name_uid = 1000;
- + }
- +
- + if (name_uid != -1) {
- + switch (name_uid) {
- + case 1000:
- + case 197608:
- + dprintf(ACLLVL, "map_name_2_sid(name='%s'): "
- + "remap %ld to 'roland_mainz'\n", name, name_uid);
- + name = "roland_mainz";
- + break;
- + default:
- + if (AllocateUnixUserSID(name_uid, sid)) {
- + dprintf(ACLLVL, "map_name_2_sid(name='%s'): "
- + "AllocateUnixUserSID(uid=%ld) success\n",
- + name, name_uid);
- + return ERROR_SUCCESS;
- + }
- +
- + status = GetLastError();
- + dprintf(ACLLVL, "map_name_2_sid(name='%s'): "
- + "AllocateUnixUserSID(uid=%ld) failed, error=%d\n",
- + name, name_uid, status);
- + return status;
- + }
- + }
- status = LookupAccountName(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type);
- - dprintf(ACLLVL, "map_name_2_sid: LookupAccountName for %s returned %d "
- + dprintf(ACLLVL, "map_name_2_sid(name='%s'): LookupAccountName returned %d "
- "GetLastError %d name len %d domain len %d\n", name, status,
- GetLastError(), *sid_len, tmp);
- if (status)
- return ERROR_INTERNAL_ERROR;
- +#if 1
- + (*sid_len)+=128;
- + tmp += 128;
- +#endif
- +
- status = GetLastError();
- switch(status) {
- case ERROR_INSUFFICIENT_BUFFER:
- @@ -119,7 +236,7 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
- &tmp, &sid_type);
- free(tmp_buf);
- if (!status) {
- - eprintf("map_name_2_sid: LookupAccountName for %s failed "
- + eprintf("map_name_2_sid(name='%s'): LookupAccountName failed "
- "with %d\n", name, GetLastError());
- goto out_free_sid;
- } else {
- @@ -140,15 +257,23 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
- status = ERROR_SUCCESS;
- break;
- case ERROR_NONE_MAPPED:
- + dprintf(1, "map_name_2_sid(name='%s'): none mapped, using WinNullSid mapping\n",
- + name);
- status = create_unknownsid(WinNullSid, sid, sid_len);
- if (status)
- goto out_free_sid;
- + break;
- + default:
- + dprintf(1, "map_name_2_sid(name='%s'): error %d not handled\n",
- + name, GetLastError());
- + break;
- }
- out:
- return status;
- out_free_sid:
- status = GetLastError();
- free(*sid);
- + *sid = NULL;
- goto out;
- }
- @@ -798,4 +923,4 @@ const nfs41_upcall_op nfs41_op_setacl = {
- parse_setacl,
- handle_setacl,
- marshall_setacl
- -};
- \ No newline at end of file
- +};
msnfs41client: Prototype uid2sid mapping, try #001
Posted by Anonymous on Thu 5th Oct 2023 13:32
raw | new post
view followups (newest first): msnfs41client: Prototype uid2sid mapping, try #001 by Anonymous
modification of post by Anonymous (view diff)
Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.