Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client: Patches for SID performance, libtirpc wrappers, tests, docs+misc, 2024-02-26
Posted by Anonymous on Mon 26th Feb 2024 18:07
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
From ea570996cf91e0fa18fa8182cf58fb5d354434c8 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 13:11:07 +0100 Subject: [PATCH 1/8] libtirpc: Add more wintirpc wrappers+|wintirpc_ssize_t| Add more wintirpc wrappers, e.g. |recv()|, |recvfrom()|, |getsockname()|, add our own version of |ssize_t| for portabilty, use them in function prototypes and add asserts in case of type overflows. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- libtirpc/src/auth_time.c | 4 ++-- libtirpc/src/bindresvport.c | 6 +++--- libtirpc/src/clnt_dg.c | 2 +- libtirpc/src/clnt_vc.c | 4 ++-- libtirpc/src/rpc_generic.c | 4 ++-- libtirpc/src/rtime.c | 6 +++--- libtirpc/src/svc_dg.c | 4 ++-- libtirpc/src/svc_vc.c | 14 +++++++++----- libtirpc/src/wintirpc.c | 36 +++++++++++++++++++++++++++++++----- libtirpc/tirpc/wintirpc.h | 18 ++++++++++++++++-- 10 files changed, 71 insertions(+), 27 deletions(-) diff --git a/libtirpc/src/auth_time.c b/libtirpc/src/auth_time.c index 0079f12..2794534 100644 --- a/libtirpc/src/auth_time.c +++ b/libtirpc/src/auth_time.c @@ -408,7 +408,7 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid) if (res == SOCKET_ERROR) goto error; len = sizeof(from); - res = recvfrom(_get_osfhandle(s), (char *)&thetime, sizeof(thetime), 0, + res = (int)wintirpc_recvfrom(s, (char *)&thetime, sizeof(thetime), 0, (struct sockaddr *)&from, &len); if (res == SOCKET_ERROR) { msg("recvfrom failed on udp transport."); @@ -435,7 +435,7 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid) goto error; } // res = read(_get_osfhandle(s), (char *)&thetime, sizeof(thetime)); - res = recv(_get_osfhandle(s), (char *)&thetime, sizeof(thetime), 0); + res = (int)wintirpc_recv(s, (char *)&thetime, sizeof(thetime), 0); if (res != sizeof(thetime)) { if (saw_alarm) msg("timed out TCP call."); diff --git a/libtirpc/src/bindresvport.c b/libtirpc/src/bindresvport.c index fc325fc..874a589 100644 --- a/libtirpc/src/bindresvport.c +++ b/libtirpc/src/bindresvport.c @@ -87,7 +87,7 @@ bindresvport_sa(sd, sa) salen = sizeof(myaddr); sa = (struct sockaddr *)&myaddr; - if (getsockname(_get_osfhandle(sd), (struct sockaddr *)&myaddr, &salen) == -1) + if (wintirpc_getsockname(sd, (struct sockaddr *)&myaddr, &salen) == -1) return -1; /* errno is correctly set */ af = myaddr.ss_family; @@ -191,7 +191,7 @@ bindresvport_sa(sd, sa) } af = proto_info.iAddressFamily; #else - if (getsockname(_get_osfhandle(sd), sa, &salen) == -1) + if (wintirpc_getsockname(sd, sa, &salen) == -1) return -1; /* errno is correctly set */ af = sa->sa_family; @@ -260,7 +260,7 @@ bindresvport_sa(sd, sa) if (sa != (struct sockaddr *)&myaddr) { /* Hmm, what did the kernel assign? */ - if (getsockname(_get_osfhandle(sd), sa, &salen) < 0) + if (wintirpc_getsockname(sd, sa, &salen) < 0) errno = saved_errno; return (error); } diff --git a/libtirpc/src/clnt_dg.c b/libtirpc/src/clnt_dg.c index 56492ee..9798a8c 100644 --- a/libtirpc/src/clnt_dg.c +++ b/libtirpc/src/clnt_dg.c @@ -502,7 +502,7 @@ get_reply: /* We have some data now */ do { - recvlen = recvfrom(_get_osfhandle(cu->cu_fd), cu->cu_inbuf, + recvlen = wintirpc_recvfrom(cu->cu_fd, cu->cu_inbuf, cu->cu_recvsz, 0, NULL, NULL); errno = WSAGetLastError(); } while (recvlen == SOCKET_ERROR && errno == WSAEINTR); diff --git a/libtirpc/src/clnt_vc.c b/libtirpc/src/clnt_vc.c index ed488ab..45d82a6 100644 --- a/libtirpc/src/clnt_vc.c +++ b/libtirpc/src/clnt_vc.c @@ -993,7 +993,7 @@ read_vc(ctp, buf, len) break; } - len = recv(_get_osfhandle(ct->ct_fd), buf, (size_t)len, 0); + len = (int)wintirpc_recv(ct->ct_fd, buf, (size_t)len, 0); errno = WSAGetLastError(); switch (len) { @@ -1022,7 +1022,7 @@ write_vc(ctp, buf, len) int i = 0, cnt; for (cnt = len; cnt > 0; cnt -= i, buf += i) { - if ((i = wintirpc_send(ct->ct_fd, buf, (size_t)cnt, 0)) == SOCKET_ERROR) { + if ((i = (int)wintirpc_send(ct->ct_fd, buf, (size_t)cnt, 0)) == SOCKET_ERROR) { ct->ct_error.re_errno = WSAGetLastError(); ct->ct_error.re_status = RPC_CANTSEND; return (-1); diff --git a/libtirpc/src/rpc_generic.c b/libtirpc/src/rpc_generic.c index 5837020..9491761 100644 --- a/libtirpc/src/rpc_generic.c +++ b/libtirpc/src/rpc_generic.c @@ -498,7 +498,7 @@ __rpc_fd2sockinfo(int fd, struct __rpc_sockinfo *sip) ss.ss_family = (ADDRESS_FAMILY)proto_info.iAddressFamily; #else len = sizeof ss; - if (getsockname(_get_osfhandle(fd), (struct sockaddr *)&ss, &len) == SOCKET_ERROR) { + if (wintirpc_getsockname(fd, (struct sockaddr *)&ss, &len) == SOCKET_ERROR) { return 0; } #endif @@ -892,7 +892,7 @@ __rpc_sockisbound(int fd) socklen_t slen; slen = sizeof (struct sockaddr_storage); - if (getsockname(_get_osfhandle(fd), (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) + if (wintirpc_getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) return 0; switch (ss.ss_family) { diff --git a/libtirpc/src/rtime.c b/libtirpc/src/rtime.c index 2203b30..d6856b6 100644 --- a/libtirpc/src/rtime.c +++ b/libtirpc/src/rtime.c @@ -96,7 +96,7 @@ rtime(addrp, timep, timeout) addrp->sin_port = serv->s_port; if (type == SOCK_DGRAM) { - res = wintirpc_sendto(s, (char *)&thetime, sizeof(thetime), 0, + res = (int)wintirpc_sendto(s, (char *)&thetime, sizeof(thetime), 0, (struct sockaddr *)addrp, sizeof(*addrp)); if (res == SOCKET_ERROR) { do_close(s); @@ -116,7 +116,7 @@ rtime(addrp, timep, timeout) return(-1); } fromlen = sizeof(from); - res = recvfrom(_get_osfhandle(s), (char *)&thetime, sizeof(thetime), 0, + res = (int)wintirpc_recvfrom(s, (char *)&thetime, sizeof(thetime), 0, (struct sockaddr *)&from, &fromlen); do_close(s); if (res == SOCKET_ERROR) { @@ -127,7 +127,7 @@ rtime(addrp, timep, timeout) do_close(s); return(-1); } - res = recv(_get_osfhandle(s), (char *)&thetime, sizeof(thetime), 0); + res = (int)wintirpc_recv(s, (char *)&thetime, sizeof(thetime), 0); do_close(s); if (res == SOCKET_ERROR) { return(-1); diff --git a/libtirpc/src/svc_dg.c b/libtirpc/src/svc_dg.c index 3369394..b02eb26 100644 --- a/libtirpc/src/svc_dg.c +++ b/libtirpc/src/svc_dg.c @@ -139,7 +139,7 @@ svc_dg_create(fd, sendsize, recvsize) xprt->xp_rtaddr.maxlen = sizeof (struct sockaddr_storage); slen = sizeof ss; - if (getsockname(_get_osfhandle(fd), (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) + if (wintirpc_getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) goto freedata; __rpc_set_netbuf(&xprt->xp_ltaddr, &ss, slen); @@ -179,7 +179,7 @@ svc_dg_recv(xprt, msg) again: alen = sizeof (struct sockaddr_storage); assert(su->su_iosz < UINT_MAX); - rlen = recvfrom(_get_osfhandle(xprt->xp_fd), rpc_buffer(xprt), (u_int)su->su_iosz, 0, + rlen = wintirpc_recvfrom(xprt->xp_fd, rpc_buffer(xprt), (u_int)su->su_iosz, 0, (struct sockaddr *)(void *)&ss, &alen); if (rlen == -1 && errno == EINTR) goto again; diff --git a/libtirpc/src/svc_vc.c b/libtirpc/src/svc_vc.c index 5fa8ee4..5345d4a 100644 --- a/libtirpc/src/svc_vc.c +++ b/libtirpc/src/svc_vc.c @@ -181,7 +181,7 @@ svc_vc_create(fd, sendsize, recvsize) xprt->xp_fd = fd; slen = sizeof (struct sockaddr_storage); - if (getsockname(_get_osfhandle(fd), (struct sockaddr *)(void *)&sslocal, &slen) == SOCKET_ERROR) { + if (wintirpc_getsockname(fd, (struct sockaddr *)(void *)&sslocal, &slen) == SOCKET_ERROR) { warnx("svc_vc_create: could not retrieve local addr"); goto cleanup_svc_vc_create; } @@ -219,7 +219,7 @@ svc_fd_create(fd, sendsize, recvsize) return NULL; slen = sizeof (struct sockaddr_storage); - if (getsockname(_get_osfhandle(fd), (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) { + if (wintirpc_getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) == SOCKET_ERROR) { warnx("svc_fd_create: could not retrieve local addr"); goto freedata; } @@ -501,7 +501,7 @@ read_vc(xprtp, buf, len) if (cfp->nonblock) { #ifdef _WIN32 - len = recv(_get_osfhandle(sock), buf, (size_t)len, 0); + len = (int)wintirpc_recv(sock, buf, (size_t)len, 0); #else len = read(sock, buf, (size_t)len); #endif @@ -517,7 +517,11 @@ read_vc(xprtp, buf, len) } do { +#ifdef _WIN32 pollfd.fd = _get_osfhandle(sock); +#else + pollfd.fd = sock; +#endif pollfd.events = POLLIN; pollfd.revents = 0; switch (poll(&pollfd, 1, milliseconds)) { @@ -534,7 +538,7 @@ read_vc(xprtp, buf, len) } while ((pollfd.revents & POLLIN) == 0); #ifdef _WIN32 - if ((len = recv(_get_osfhandle(sock), buf, (size_t)len, 0)) > 0) { + if ((len = (int)wintirpc_recv(sock, buf, (size_t)len, 0)) > 0) { #else if ((len = read(sock, buf, (size_t)len)) > 0) { #endif @@ -572,7 +576,7 @@ write_vc(xprtp, buf, len) for (cnt = len; cnt > 0; cnt -= i, buf += i) { #ifdef _WIN32 - i = wintirpc_send(xprt->xp_fd, buf, (size_t)cnt, 0); + i = (int)wintirpc_send(xprt->xp_fd, buf, (size_t)cnt, 0); #else i = write(xprt->xp_fd, buf, (size_t)cnt); #endif diff --git a/libtirpc/src/wintirpc.c b/libtirpc/src/wintirpc.c index dba1873..53f6eab 100644 --- a/libtirpc/src/wintirpc.c +++ b/libtirpc/src/wintirpc.c @@ -335,15 +335,41 @@ int wintirpc_accept(int in_s_fd, struct sockaddr *addr, int *addrlen) return out_s_fd; } -int wintirpc_send(int s, const char *buf, int len, int flags) +wintirpc_ssize_t wintirpc_send(int s, const char *buf, size_t len, int flags) { - return send(_get_osfhandle(s), buf, len, flags); + /* handle type overflow |size_t| ---> |int| */ + assert(len < INT_MAX); + return send(_get_osfhandle(s), buf, (int)len, flags); } -int wintirpc_sendto(int s, const char *buf, int len, int flags, - const struct sockaddr *to, int tolen) +wintirpc_ssize_t wintirpc_sendto(int s, const char *buf, size_t len, int flags, + const struct sockaddr *to, socklen_t tolen) { - return(sendto(_get_osfhandle(s), buf, len, flags, to, tolen)); + /* handle type overflow |size_t| ---> |int| */ + assert(len < INT_MAX); + return(sendto(_get_osfhandle(s), buf, (int)len, flags, to, tolen)); +} + +wintirpc_ssize_t wintirpc_recv(int socket, void *buffer, size_t length, int flags) +{ + /* handle type overflow |size_t| ---> |int| */ + assert(length < INT_MAX); + return recv(_get_osfhandle(socket), buffer, (int)length, flags); +} + +wintirpc_ssize_t wintirpc_recvfrom(int socket, void *restrict buffer, size_t length, + int flags, struct sockaddr *restrict address, + socklen_t *restrict address_len) +{ + /* handle type overflow |size_t| ---> |int| */ + assert(length < INT_MAX); + return recvfrom(_get_osfhandle(socket), buffer, (int)length, + flags, address, address_len); +} + +int wintirpc_getsockname(int s, struct sockaddr *name, int *namelen) +{ + return getsockname(_get_osfhandle(s), name, namelen); } void wintirpc_syslog(int prio, const char *format, ...) diff --git a/libtirpc/tirpc/wintirpc.h b/libtirpc/tirpc/wintirpc.h index ab23923..4cb145f 100644 --- a/libtirpc/tirpc/wintirpc.h +++ b/libtirpc/tirpc/wintirpc.h @@ -129,14 +129,28 @@ struct sockaddr_un { /* XXX Should this return size_t or unsigned int ?? */ #define SUN_LEN(ptr) ((unsigned int)(sizeof(int) + strlen ((ptr)->sun_path))) +/* + * Define our own version of signed |size_t| because Win32 does not + * have |ssize_t| + */ +typedef SSIZE_T wintirpc_ssize_t; + /* Prototypes */ int wintirpc_socket(int af,int type, int protocol); int wintirpc_closesocket(int in_fd); int wintirpc_close(int in_fd); int wintirpc_listen(int in_s, int backlog); int wintirpc_accept(int s_fd, struct sockaddr *addr, int *addrlen); -int wintirpc_send(int s, const char *buf, int len, int flags); -int wintirpc_sendto(int s, const char *buf, int len, int flags, const struct sockaddr *to, int tolen); +wintirpc_ssize_t wintirpc_send(int s, const char *buf, size_t len, + int flags); +wintirpc_ssize_t wintirpc_sendto(int s, const char *buf, size_t len, + int flags, const struct sockaddr *to, socklen_t tolen); +wintirpc_ssize_t wintirpc_recv(int socket, void *buffer, size_t length, + int flags); +wintirpc_ssize_t wintirpc_recvfrom(int socket, void *restrict buffer, + size_t length, int flags, struct sockaddr *restrict address, + socklen_t *restrict address_len); +int wintirpc_getsockname(int s, struct sockaddr *name, int *namelen); void wintirpc_syslog(int prio, const char *format, ...); void wintirpc_warnx(const char *format, ...); void wintirpc_register_osfhandle_fd(SOCKET handle, int fd); -- 2.43.0 From 7eed173da18ec9d56a52c3cff8682f5b5a98daa9 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 13:55:33 +0100 Subject: [PATCH 2/8] daemon: Avoid |malloc()| in sidcache by using |SECURITY_MAX_SID_SIZE| Avoid memory allocations in sidcache by using per-entry buffer and rely on |SECURITY_MAX_SID_SIZE|. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/daemon/sid.c b/daemon/sid.c index 881b638..8ca42b4 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -182,9 +182,11 @@ BOOL allocate_unixgroup_sid(unsigned long gid, PSID *pSid) typedef struct _sidcache_entry { - char name[128]; /* must fit something like "user@domain" */ +#define SIDCACHE_ENTRY_NAME_SIZE (128) + char name[SIDCACHE_ENTRY_NAME_SIZE]; /* must fit something like "user@domain" */ PSID sid; DWORD sid_len; + char sid_buffer[SECURITY_MAX_SID_SIZE+1]; time_t timestamp; } sidcache_entry; @@ -223,9 +225,9 @@ void sidcache_add(sidcache *cache, const char* name, PSID value) if ((e->sid != NULL) && (e->timestamp < (currentTimestamp - SIDCACHE_TTL))) { - free(e->sid); e->sid = NULL; e->name[0] = '\0'; + e->sid_len = 0; } } @@ -244,22 +246,19 @@ void sidcache_add(sidcache *cache, const char* name, PSID value) } /* Replace the cache entry */ + sidcache_entry *e = &cache->entries[freeEntryIndex]; DWORD sid_len = GetLengthSid(value); - PSID malloced_sid = malloc(sid_len); - if (!malloced_sid) - goto done; - if (!CopySid(sid_len, malloced_sid, value)) { - free(malloced_sid); + EASSERT(sid_len <= SECURITY_MAX_SID_SIZE); + e->sid = (PSID)e->sid_buffer; + if (!CopySid(sid_len, e->sid, value)) { + e->sid = NULL; + e->name[0] = '\0'; + e->sid_len = 0; goto done; } - sidcache_entry *e = &cache->entries[freeEntryIndex]; - e->sid_len = sid_len; - if (e->sid) - free(e->sid); - e->sid = malloced_sid; - (void)strcpy_s(e->name, sizeof(e->name), name); + (void)strcpy_s(e->name, SIDCACHE_ENTRY_NAME_SIZE, name); e->timestamp = currentTimestamp; cache->cacheIndex = (cache->cacheIndex + 1) % SIDCACHE_SIZE; -- 2.43.0 From e10c731089bc22b5fcc219618e3fdf5ff03eeb48 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 15:30:58 +0100 Subject: [PATCH 3/8] daemon: |map_nfs4servername_2_sid()| should use |SECURITY_MAX_SID_SIZE| |map_nfs4servername_2_sid()| should use |SECURITY_MAX_SID_SIZE| to improve performance. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 83 +++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 43 deletions(-) diff --git a/daemon/sid.c b/daemon/sid.c index 8ca42b4..7d64639 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -312,8 +312,8 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si int status = ERROR_INTERNAL_ERROR; SID_NAME_USE sid_type = 0; char name_buff[256+2]; - LPSTR tmp_buf = NULL; - DWORD tmp = 0; + char domain_buff[256+2]; + DWORD domain_len = 0; #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID signed long user_uid = -1; signed long group_gid = -1; @@ -377,52 +377,49 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si } #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ - status = LookupAccountNameA(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type); + *sid = malloc(SECURITY_MAX_SID_SIZE+1); + if (*sid == NULL) { + status = GetLastError(); + goto out; + } + *sid_len = SECURITY_MAX_SID_SIZE; + domain_len = sizeof(domain_buff); + + status = LookupAccountNameA(NULL, name, *sid, sid_len, + domain_buff, &domain_len, &sid_type); + + if (status) { + /* |LookupAccountNameA()| success */ + + DPRINTF(ACLLVL, ("map_nfs4servername_2_sid(query=%x,name='%s'): " + "LookupAccountNameA() returned status=%d " + "GetLastError=%d *sid_len=%d domain_buff='%s' domain_len=%d\n", + query, name, status, GetLastError(), *sid_len, domain_buff, + domain_len)); + + status = 0; + *sid_len = GetLengthSid(*sid); + goto out; + } + + /* |LookupAccountNameA()| failed... */ DPRINTF(ACLLVL, ("map_nfs4servername_2_sid(query=%x,name='%s'): " - "LookupAccountName returned %d " - "GetLastError %d name len %d domain len %d\n", - query, name, status, GetLastError(), *sid_len, tmp)); - if (status) - return ERROR_INTERNAL_ERROR; + "LookupAccountNameA() returned status=%d " + "GetLastError=%d\n", + query, name, status, GetLastError())); status = GetLastError(); switch(status) { case ERROR_INSUFFICIENT_BUFFER: - *sid = malloc(*sid_len); - if (*sid == NULL) { - status = GetLastError(); - goto out; - } - tmp_buf = (LPSTR) malloc(tmp); - if (tmp_buf == NULL) - goto out_free_sid; - status = LookupAccountNameA(NULL, name, *sid, sid_len, tmp_buf, - &tmp, &sid_type); - free(tmp_buf); - if (!status) { - eprintf("map_nfs4servername_2_sid(query=%x,name='%s'): LookupAccountName failed " - "with %d\n", query, name, GetLastError()); - goto out_free_sid; - } else { -#ifdef DEBUG_ACLS - LPSTR ssid = NULL; - if (IsValidSid(*sid)) - if (ConvertSidToStringSidA(*sid, &ssid)) { - DPRINTF(1, ("map_nfs4servername_2_sid: sid_type = %d SID '%s'\n", - sid_type, ssid)); - } - else { - DPRINTF(1, ("map_nfs4servername_2_sid: ConvertSidToStringSidA failed " - "with %d\n", GetLastError())); - } - else { - DPRINTF(1, ("map_nfs4servername_2_sid: Invalid Sid ?\n")); - } - if (ssid) - LocalFree(ssid); -#endif - } - status = ERROR_SUCCESS; + /* + * This should never happen, as |SECURITY_MAX_SID_SIZE| is + * the largest possible SID buffer size for Windows + */ + eprintf("map_nfs4servername_2_sid(query=%x,name='%s'): " + "LookupAccountName failed with " + "ERROR_INSUFFICIENT_BUFFER\n", query, name); + + return ERROR_INTERNAL_ERROR; break; case ERROR_NONE_MAPPED: #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID -- 2.43.0 From 0bdf31b60d5d583bc80c648ed773f1c23816dd68 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 16:30:33 +0100 Subject: [PATCH 4/8] daemon: Improve debug output of |map_nfs4servername_2_sid()| Improve debug output of |map_nfs4servername_2_sid()|, add start/end tags ("-->", "<--"), print more info, print SID string on success. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/daemon/sid.c b/daemon/sid.c index 7d64639..c12f54f 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -37,7 +37,6 @@ #include "idmap.h" #include "sid.h" -//#define DEBUG_ACLS #define ACLLVL 2 /* dprintf level for acl logging */ @@ -319,6 +318,9 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si signed long group_gid = -1; #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ + DPRINTF(ACLLVL, ("--> map_nfs4servername_2_sid(query=%x,name='%s')\n", + query, name)); + #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID /* use our own idmapper script to map nfsv4 owner string to local Windows account */ if (query & OWNER_SECURITY_INFORMATION) { @@ -329,7 +331,8 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si if (*sid = sidcache_getcached(&user_sidcache, name)) { *sid_len = GetLengthSid(*sid); DPRINTF(1, ("map_nfs4servername_2_sid: returning cached sid for user '%s'\n", name)); - return 0; + status = 0; + goto out; } #endif /* NFS41_DRIVER_SID_CACHE */ @@ -358,7 +361,8 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si if (*sid = sidcache_getcached(&group_sidcache, name)) { *sid_len = GetLengthSid(*sid); DPRINTF(1, ("map_nfs4servername_2_sid: returning cached sid for group '%s'\n", name)); - return 0; + status = 0; + goto out; } #endif /* NFS41_DRIVER_SID_CACHE */ @@ -399,7 +403,7 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si status = 0; *sid_len = GetLengthSid(*sid); - goto out; + goto out_cache; } /* |LookupAccountNameA()| failed... */ @@ -419,7 +423,8 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si "LookupAccountName failed with " "ERROR_INSUFFICIENT_BUFFER\n", query, name); - return ERROR_INTERNAL_ERROR; + status = ERROR_INTERNAL_ERROR; + goto out; break; case ERROR_NONE_MAPPED: #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID @@ -469,14 +474,14 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si query, name, user_uid)); status = ERROR_SUCCESS; sid_type = SidTypeUser; - goto out; + goto out_cache; } status = GetLastError(); DPRINTF(ACLLVL, ("map_nfs4servername_2_sid(query=%x,name='%s'): " "allocate_unixuser_sid(uid=%ld) failed, error=%d\n", query, name, user_uid, status)); - return status; + goto out; } if (group_gid != -1) { @@ -486,14 +491,14 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si query, name, group_gid)); status = ERROR_SUCCESS; sid_type = SidTypeGroup; - goto out; + goto out_cache; } status = GetLastError(); DPRINTF(ACLLVL, ("map_nfs4servername_2_sid(query=%x,name='%s'): " "allocate_unixgroup_sid(gid=%ld) failed, error=%d\n", query, name, group_gid, status)); - return status; + goto out; } #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ @@ -510,7 +515,7 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si query, name, GetLastError())); break; } -out: +out_cache: #ifdef NFS41_DRIVER_SID_CACHE if ((status == 0) && *sid) { if ((query & GROUP_SECURITY_INFORMATION) && @@ -547,7 +552,34 @@ out: } #endif /* NFS41_DRIVER_SID_CACHE */ +out: + if (DPRINTF_LEVEL_ENABLED(ACLLVL)) { + if (status) { + dprintf_out("<-- map_nfs4servername_2_sid(query=%x,name='%s'): " + "status=%d\n", query, name, status); + } + else { + PSTR sidstr = NULL; + char errsidstrbuf[128]; + + if (!ConvertSidToStringSidA(*sid, &sidstr)) { + (void)snprintf(errsidstrbuf, sizeof(errsidstrbuf), + "<ConvertSidToStringSidA() failed, " + "GetLastError()=%d>", (int)GetLastError()); + sidstr = errsidstrbuf; + } + + dprintf_out("<-- map_nfs4servername_2_sid(query=%x,name='%s'): " + "status=%d sidstr='%s' *sid_len=%d\n", + query, name, status, sidstr, *sid_len); + + if (sidstr && (sidstr != errsidstrbuf)) + LocalFree(sidstr); + } + } + return status; + out_free_sid: status = GetLastError(); free(*sid); -- 2.43.0 From 1e4baf4ce15cbdbfa38234e43c8b56ae061cc8e1 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 16:32:58 +0100 Subject: [PATCH 5/8] cygwin: README.bintarball.txt: Update package list Update package list for README.bintarball.txt and add "recommended" packages. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin/README.bintarball.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cygwin/README.bintarball.txt b/cygwin/README.bintarball.txt index 54808d3..4c52ec8 100644 --- a/cygwin/README.bintarball.txt +++ b/cygwin/README.bintarball.txt @@ -63,7 +63,7 @@ NFSv4.1 client and filesystem driver for Windows 10/11 # - Windows 10 or Windows 11 - Cygwin 3.5.0 - - Packages: + - Packages (required): cygwin cygwin-devel cygrunsrv @@ -87,7 +87,12 @@ NFSv4.1 client and filesystem driver for Windows 10/11 time util-linux wget + - Packages (recommended): + make + git + dos2unix +# # # 4. Download: # -- 2.43.0 From 01a25d296f6f9ba214de23f6dfea4ae5e16ad16c Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 16:34:17 +0100 Subject: [PATCH 6/8] tests: Update manual_testing.txt Update "manual_testing.txt": - add required packages - add info about timeserver - add instructions how to add groups to Windows client+Linux server - add info benchmarking vs. Windows virus scanner Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- tests/manual_testing.txt | 79 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 73 insertions(+), 6 deletions(-) diff --git a/tests/manual_testing.txt b/tests/manual_testing.txt index 3bdb59c..a0c9408 100644 --- a/tests/manual_testing.txt +++ b/tests/manual_testing.txt @@ -1,15 +1,50 @@ # -# ms-nfs41-client manual testing sequence, 2024-02-12 +# ms-nfs41-client manual testing sequence, 2024-02-26 # # Draft version, needs to be turned into automated tests # if possible # -# start cygserver as admin before running tests -# so SysV shared memory works: -# cygserver-config -# net start cygserver -# sc query cygserver +# +# Notes: +# - The following Cygwin packages must be installed for running the tests: +# ---- snip ---- +# make +# git +# netpbm +# subversion +# dos2unix +# ncurses-devel +# libgmp-devel +# libmpfr-devel +# libmpc-devel +# libintl-devel +# flex +# bison +# ---- snip ---- +# +# - Benchmarking/profiling should be done with the realtime virus checker +# disabled, e.g. disable it like this from an "Adminstrator" terminal: +# $ powershell -Command 'Set-MpPreference -DisableRealtimeMonitoring 1' # +# +# - A timeserver shoud be running on both Windows (NFSv4.1 client and +# NFSv4.1 server). +# For example on Windows add timeserver 10.49.0.6 like this: +# ---- snip ---- +# net start w32time +# w32tm /config /update /manualpeerlist:10.49.0.6 +# ---- snip ---- +# (see https://stackoverflow.com/questions/22862236/how-to-sync-windows-time-from-a-ntp-time-server-in-command) +# On Linux use xntpd or timesyncd (/etc/systemd/timesyncd.conf) +# +# - Start cygserver as admin before running tests +# so SysV shared memory works: +# ---- snip ---- +# cygserver-config +# net start cygserver +# sc query cygserver +# ---- snip ---- +# # # Tests for cp -p/mv/chmod/chgrp @@ -26,6 +61,38 @@ ksh93 -c 'builtin id ; rm -f x ; touch x ; chgrp "$(id -g -n)" x && print OK' ---- snip ---- +# +# Tests for groups +# (Add groups "cygwingrp1" and "cygwingrp2" to both Linux NFSv4 server +# and Windows machine, after that $ chgrp cygwingrp2 # should work) +# +---- snip ---- +# "WINHOST1" is the Windows machine, +# "DERFWNB4966" is the Linux NFSv4 server: + +# create two groups on the Windows machine +WINHOST1:~$ net localgroup cygwingrp1 /add +WINHOST1:~$ net localgroup cygwingrp2 /add + +# add user "roland_mainz" to both new groups +WINHOST1:~$ net localgroup cygwingrp1 roland_mainz /add +WINHOST1:~$ net localgroup cygwingrp2 roland_mainz /add + +# get gid from both groups +WINHOST1:~$ getent group cygwingrp1 +cygwingrp1:S-1-5-21-3286904461-661230000-4220857270-1003:197611: +WINHOST1:~$ getent group cygwingrp2 +cygwingrp2:S-1-5-21-3286904461-661230000-4220857270-1004:197612: + +# add the two groups to the Linux NFSv4 server, including the gids +("197611" and "197612"): +root@DERFWNB4966:~# groupadd -g 197611 cygwingrp1 +root@DERFWNB4966:~# groupadd -g 197612 cygwingrp2 +root@DERFWNB4966:~# usermod -a -G cygwingrp1 roland_mainz +root@DERFWNB4966:~# usermod -a -G cygwingrp2 roland_mainz +---- snip --- + + # # Compile each of the following package # on a NFSv4.1 share, and run each build in parallel/sequence -- 2.43.0 From e61da3e9371e673c15c0e3cc4e7b37e6ff367be0 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 17:32:56 +0100 Subject: [PATCH 7/8] daemon: Add another stabilty hack to |parse_getattr()| Add another stabilty hack to |parse_getattr()| to weed out invalid |state_ref| pointers Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/getattr.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/daemon/getattr.c b/daemon/getattr.c index 2f0f758..3690c33 100644 --- a/daemon/getattr.c +++ b/daemon/getattr.c @@ -60,18 +60,39 @@ int nfs41_cached_getattr( static int parse_getattr(unsigned char *buffer, uint32_t length, nfs41_upcall *upcall) { int status; + #ifdef NFS41_DRIVER_STABILITY_HACKS EASSERT(length > 4); if (length <= 4) { status = ERROR_INVALID_PARAMETER; goto out; } + EASSERT_IS_VALID_NON_NULL_PTR(upcall->state_ref); if (!DEBUG_IS_VALID_NON_NULL_PTR(upcall->state_ref)) { status = ERROR_INVALID_PARAMETER; goto out; } + + /* + * If |upcall->state_ref| is garbage, then this should trigger + * an exception + */ + volatile int ok = 0; + __try { + if (upcall->state_ref->session->client->server != NULL) + ok++; + } + __except(EXCEPTION_EXECUTE_HANDLER) { + eprintf("parse_getattr: Exception accessing upcall->state_ref->session->client->server\n"); + } + if (ok != 1) { + status = ERROR_INVALID_PARAMETER; + goto out; + } + EASSERT(upcall->state_ref->ref_count > 0); #endif /* NFS41_DRIVER_STABILITY_HACKS */ + getattr_upcall_args *args = &upcall->args.getattr; status = safe_read(&buffer, &length, &args->query_class, sizeof(args->query_class)); if (status) goto out; -- 2.43.0 From a22613dd8d3405c90ea107b0773542bbe0b95ab4 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 26 Feb 2024 18:57:03 +0100 Subject: [PATCH 8/8] cygwin: msnfs41client.bash run_daemon subcmd should print uname -a+admin status msnfs41client.bash run_daemon sub-command should print $ uname -a # and info whether the current account is an admin account, so users can see in the logs which machine was generating the logs. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin/devel/msnfs41client.bash | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cygwin/devel/msnfs41client.bash b/cygwin/devel/msnfs41client.bash index 8474264..066a4fa 100644 --- a/cygwin/devel/msnfs41client.bash +++ b/cygwin/devel/msnfs41client.bash @@ -138,6 +138,10 @@ function nfsclient_rundeamon set -o xtrace set -o nounset + printf '# uname='%s' isadmin=%d\n' \ + "$(uname -a)" \ + "$(is_windows_admin_account ; printf "%d\n" $((${?}?0:1)))" + typeset -a nfsd_args=( 'nfsd_debug.exe' '-d' '0' @@ -225,6 +229,10 @@ function nfsclient_system_rundeamon set -o xtrace set -o nounset + printf '# uname='%s' isadmin=%d\n' \ + "$(uname -a)" \ + "$(is_windows_admin_account ; printf "%d\n" $((${?}?0:1)))" + typeset -a nfsd_args=( 'nfsd_debug.exe' '-d' '0' -- 2.43.0

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at