Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client: Patch for skipping WinNULL/nobody ACEs in ACLs, debug improvements, cleanup+misc, 2024-07-02
Posted by Anonymous on Tue 2nd Jul 2024 16:05
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
From 51ed2e7c47b6fd658a5f6368b9648ddd471f2749 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 1 Jul 2024 17:01:38 +0200 Subject: [PATCH 1/5] daemon,nfs41_build_features.h: Skip ACEs with SID==|WinNullSid|/user "nobody" Cygwin generates artificial ACEs with SID user |WinNullSid| to encode permission information (follow |CYG_ACE_ISBITS_TO_POSIX()| in Cygwin newlib-cygwin/winsup/cygwin/sec/acl.cc This assumes that the filesystem which stores the ACL data leaves them 1:1 intact - which is not the case for the Linux NFSv4.1 server (tested with Linux 6.6.32), which transforms the NFSv4.1 ACLs into POSIX ACLs at setacl time, and the POSIX ACLs back to NFSv4 ACLs at getacl time. And this lossy transformation screws-up Cygwin completly. The best we can do for now is to skip such ACEs, as we have no way to detect whether the NFS server supports full NFSv4 ACLs, or only POSIX ACLs disguised as NFSv4 ACLs. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/acl.c | 187 +++++++++++++++++++++++++++++------------ nfs41_build_features.h | 20 +++++ 2 files changed, 153 insertions(+), 54 deletions(-) diff --git a/daemon/acl.c b/daemon/acl.c index 331fc8e..937cb36 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -117,7 +117,7 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, bool named_attr_support) { int status = ERROR_NOT_SUPPORTED, size = 0; - uint32_t i; + uint32_t nfs_i = 0, win_i = 0; DWORD sid_len; PSID *sids; PACL dacl; @@ -129,42 +129,71 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, acl, map_nfs_ftype2str(file_type), file_type, (int)named_attr_support)); - sids = malloc(acl->count * sizeof(PSID)); + bool *skip_aces = _alloca(acl->count * sizeof(bool)); + + /* + * We use |calloc()| here to get |NULL| pointer for unallocated + * slots in case of error codepaths below... + */ + sids = calloc(acl->count, sizeof(PSID)); if (sids == NULL) { status = GetLastError(); goto out; } - for (i = 0; i < acl->count; i++) { - convert_nfs4name_2_user_domain(acl->aces[i].who, &domain); + for (nfs_i = win_i = 0; nfs_i < acl->count; nfs_i++) { + nfsace4 *curr_nfsace = &acl->aces[nfs_i]; + + skip_aces[nfs_i] = false; + + convert_nfs4name_2_user_domain(curr_nfsace->who, &domain); DPRINTF(ACLLVL2, ("convert_nfs4acl_2_dacl: for user='%s' domain='%s'\n", - acl->aces[i].who, domain?domain:"<null>")); - status = check_4_special_identifiers(acl->aces[i].who, &sids[i], + curr_nfsace->who, domain?domain:"<null>")); + +#ifdef NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES + /* + * Skip "nobody" ACEs - Cygwin uses |WinNullSid| ACEs (mapped + * to NFS user "nobody") to store special data. + * We skip these here, because we cannot use them, as Linux nfsd + * only supports POSIX ACLs translated to NFSv4 ACLs, which + * corrupts the Cygwin data. + */ + if (!strcmp(curr_nfsace->who, ACE4_NOBODY)) { + DPRINTF(ACLLVL3, ("Skipping 'nobody' ACE, " + "win_i=%d nfs_i=%d\n", (int)win_i, (int)nfs_i)); + skip_aces[nfs_i] = true; + continue; + } +#endif /* NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES */ + + status = check_4_special_identifiers(curr_nfsace->who, &sids[win_i], &sid_len, &flag); if (status) { - free_sids(sids, i); + free_sids(sids, win_i); goto out; } if (!flag) { - bool isgroupacl = (acl->aces[i].aceflag & ACE4_IDENTIFIER_GROUP)?true:false; + bool isgroupacl = (curr_nfsace->aceflag & ACE4_IDENTIFIER_GROUP)?true:false; if (isgroupacl) { DPRINTF(ACLLVL2, ("convert_nfs4acl_2_dacl: aces[%d].who='%s': " "Setting group flag\n", - i, acl->aces[i].who)); + nfs_i, curr_nfsace->who)); } status = map_nfs4servername_2_sid(nfs41dg, (isgroupacl?GROUP_SECURITY_INFORMATION:OWNER_SECURITY_INFORMATION), - &sid_len, &sids[i], acl->aces[i].who); + &sid_len, &sids[win_i], curr_nfsace->who); if (status) { - free_sids(sids, i); + free_sids(sids, win_i); goto out; } } size += sid_len - sizeof(DWORD); + + win_i++; } - size += sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)*acl->count); + size += sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)*win_i); size = align8(size); // align size on |DWORD| boundry dacl = malloc(size); if (dacl == NULL) @@ -174,10 +203,15 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, ACCESS_MASK mask; DWORD win_aceflags; - for (i = 0; i < acl->count; i++) { - map_nfs4aceflags2winaceflags(acl->aces[i].aceflag, + for (nfs_i = win_i = 0; nfs_i < acl->count; nfs_i++) { + nfsace4 *curr_nfsace = &acl->aces[nfs_i]; + + if (skip_aces[nfs_i]) + continue; + + map_nfs4aceflags2winaceflags(curr_nfsace->aceflag, &win_aceflags); - map_nfs4acemask2winaccessmask(acl->aces[i].acemask, + map_nfs4acemask2winaccessmask(curr_nfsace->acemask, file_type, named_attr_support, &mask); if (DPRINTF_LEVEL_ENABLED(ACLLVL1)) { @@ -185,19 +219,20 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, "acetype='%s', " "nfs_acemask=0x%lx, win_mask=0x%lx, " "win_aceflags=0x%lx\n", - i, acl->aces[i].who, - map_nfs_acetype2str(acl->aces[i].acetype), - (long)acl->aces[i].acemask, + nfs_i, curr_nfsace->who, + map_nfs_acetype2str(curr_nfsace->acetype), + (long)curr_nfsace->acemask, (long)mask, (long)win_aceflags); - print_nfs_access_mask(acl->aces[i].who, - acl->aces[i].acemask); - print_windows_access_mask(acl->aces[i].who, mask); + print_nfs_access_mask(curr_nfsace->who, + curr_nfsace->acemask); + print_windows_access_mask(curr_nfsace->who, mask); } - if (acl->aces[i].acetype == ACE4_ACCESS_ALLOWED_ACE_TYPE) { - status = AddAccessAllowedAceEx(dacl, ACL_REVISION, win_aceflags, mask, sids[i]); + if (curr_nfsace->acetype == ACE4_ACCESS_ALLOWED_ACE_TYPE) { + status = AddAccessAllowedAceEx(dacl, ACL_REVISION, + win_aceflags, mask, sids[win_i]); if (!status) { eprintf("convert_nfs4acl_2_dacl: " "AddAccessAllowedAceEx(dacl=0x%p,win_aceflags=0x%x,mask=0x%x) failed " @@ -206,8 +241,9 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, goto out_free_dacl; } else status = ERROR_SUCCESS; - } else if (acl->aces[i].acetype == ACE4_ACCESS_DENIED_ACE_TYPE) { - status = AddAccessDeniedAceEx(dacl, ACL_REVISION, win_aceflags, mask, sids[i]); + } else if (curr_nfsace->acetype == ACE4_ACCESS_DENIED_ACE_TYPE) { + status = AddAccessDeniedAceEx(dacl, ACL_REVISION, + win_aceflags, mask, sids[win_i]); if (!status) { eprintf("convert_nfs4acl_2_dacl: " "AddAccessDeniedAceEx(dacl=0x%p,win_aceflags=0x%x,mask=0x%x) failed " @@ -218,12 +254,14 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, else status = ERROR_SUCCESS; } else { eprintf("convert_nfs4acl_2_dacl: unknown acetype %d\n", - acl->aces[i].acetype); + curr_nfsace->acetype); status = ERROR_INTERNAL_ERROR; free(dacl); - free_sids(sids, acl->count); + free_sids(sids, win_i); goto out; } + + win_i++; } } else { eprintf("convert_nfs4acl_2_dacl: InitializeAcl failed with %d\n", status); @@ -240,7 +278,7 @@ out: out_free_dacl: free(dacl); out_free_sids: - free_sids(sids, acl->count); + free_sids(sids, win_i); status = GetLastError(); goto out; } @@ -1026,7 +1064,7 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, } nfs4_acl->aces->aceflag = 0; } else { - int i; + int win_i, nfs_i; PACE_HEADER ace; PBYTE tmp_pointer; SID_NAME_USE who_sid_type = 0; @@ -1037,15 +1075,18 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, print_hexbuf_no_asci("ACL\n", (const unsigned char *)acl, acl->AclSize); } - nfs4_acl->count = acl->AceCount; - nfs4_acl->aces = calloc(nfs4_acl->count, sizeof(nfsace4)); + + nfs4_acl->aces = calloc(acl->AceCount, sizeof(nfsace4)); if (nfs4_acl->aces == NULL) { status = GetLastError(); goto out; } nfs4_acl->flag = 0; - for (i = 0; i < acl->AceCount; i++) { - status = GetAce(acl, i, &ace); + for (win_i = nfs_i = 0; win_i < acl->AceCount; win_i++) { + nfsace4 *curr_nfsace = &nfs4_acl->aces[nfs_i]; + PSID ace_sid; + + status = GetAce(acl, win_i, &ace); if (!status) { status = GetLastError(); eprintf("map_dacl_2_nfs4acl: GetAce failed with %d\n", status); @@ -1058,9 +1099,9 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, } DPRINTF(ACLLVL3, ("ACE TYPE: %x\n", ace->AceType)); if (ace->AceType == ACCESS_ALLOWED_ACE_TYPE) - nfs4_acl->aces[i].acetype = ACE4_ACCESS_ALLOWED_ACE_TYPE; + curr_nfsace->acetype = ACE4_ACCESS_ALLOWED_ACE_TYPE; else if (ace->AceType == ACCESS_DENIED_ACE_TYPE) - nfs4_acl->aces[i].acetype = ACE4_ACCESS_DENIED_ACE_TYPE; + curr_nfsace->acetype = ACE4_ACCESS_DENIED_ACE_TYPE; else { eprintf("map_dacl_2_nfs4acl: unsupported ACE type %d\n", ace->AceType); @@ -1069,8 +1110,40 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, } tmp_pointer += sizeof(ACCESS_MASK) + sizeof(ACE_HEADER); + ace_sid = tmp_pointer; + +#ifdef NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES + if (IsWellKnownSid(ace_sid, WinNullSid)) { + /* + * Skip ACEs with SID==|WinNullSid| + * + * Cygwin generates artificial ACEs with SID user + * |WinNullSid| to encode permission information + * (see |CYG_ACE_ISBITS_TO_POSIX()| in + * Cygwin newlib-cygwin/winsup/cygwin/sec/acl.cc + * + * This assumes that the filesystem which stores + * the ACL data leaves them 1:1 intact - which is + * not the case for the Linux NFSv4.1 server + * (tested with Linux 6.6.32), which transforms the + * NFSv4.1 ACLs into POSIX ACLs at setacl time, + * and the POSIX ACLs back to NFSv4 ACLs at getacl + * time. + * And this lossy transformation screws-up Cygwin + * completly. + * The best we can do for now is to skip such + * ACEs, as we have no way to detect whether + * the NFS server supports full NFSv4 ACLs, or + * only POSIX ACLs disguised as NFSv4 ACLs. + */ + DPRINTF(ACLLVL3, ("Skipping WinNullSid ACE, " + "win_i=%d nfs_i=%d\n", (int)win_i, (int)nfs_i)); + continue; + } +#endif /* NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES */ - status = map_nfs4ace_who(tmp_pointer, sid, gsid, nfs4_acl->aces[i].who, + status = map_nfs4ace_who(ace_sid, sid, gsid, + curr_nfsace->who, domain, &who_sid_type); if (status) goto out_free; @@ -1078,10 +1151,10 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, win_mask = *(PACCESS_MASK)(ace + 1); map_winace2nfs4aceflags(ace->AceFlags, - &nfs4_acl->aces[i].aceflag); + &curr_nfsace->aceflag); map_winaccessmask2nfs4acemask(win_mask, file_type, named_attr_support, - &nfs4_acl->aces[i].acemask); + &curr_nfsace->acemask); /* * Clear |ACE4_INHERITED_ACE| @@ -1104,8 +1177,8 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, * icacls(1win) if the parent directory has inheritance * ACLs. */ - if (nfs4_acl->aces[i].aceflag & ACE4_INHERITED_ACE) { - nfs4_acl->aces[i].aceflag &= ~ACE4_INHERITED_ACE; + if (curr_nfsace->aceflag & ACE4_INHERITED_ACE) { + curr_nfsace->aceflag &= ~ACE4_INHERITED_ACE; DPRINTF(ACLLVL3, ("clearning ACE4_INHERITED_ACE\n")); } @@ -1125,8 +1198,8 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, "aces[%d].who='%s': " "setting group flag\n", map_SID_NAME_USE2str(who_sid_type), - i, nfs4_acl->aces[i].who)); - nfs4_acl->aces[i].aceflag |= ACE4_IDENTIFIER_GROUP; + nfs_i, curr_nfsace->who)); + curr_nfsace->aceflag |= ACE4_IDENTIFIER_GROUP; } if (DPRINTF_LEVEL_ENABLED(ACLLVL1)) { @@ -1134,24 +1207,30 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, "acetype='%s', " "aceflag='%s'/0x%lx, " "acemask='%s'/0x%lx(=win_mask=0x%lx)), " - "who_sid_type='%s'\n", - i, - nfs4_acl->aces[i].who, - map_nfs_acetype2str(nfs4_acl->aces[i].acetype), - nfs_aceflag2shortname(nfs4_acl->aces[i].aceflag), - nfs4_acl->aces[i].aceflag, - nfs_mask2shortname(nfs4_acl->aces[i].acemask), - (long)nfs4_acl->aces[i].acemask, + "who_sid_type='%s', " + "win_i=%d\n", + nfs_i, + curr_nfsace->who, + map_nfs_acetype2str(curr_nfsace->acetype), + nfs_aceflag2shortname(curr_nfsace->aceflag), + curr_nfsace->aceflag, + nfs_mask2shortname(curr_nfsace->acemask), + (long)curr_nfsace->acemask, (long)win_mask, - map_SID_NAME_USE2str(who_sid_type)); + map_SID_NAME_USE2str(who_sid_type), + (int)win_i); if (DPRINTF_LEVEL_ENABLED(ACLLVL2)) { - print_windows_access_mask(nfs4_acl->aces[i].who, + print_windows_access_mask(curr_nfsace->who, win_mask); - print_nfs_access_mask(nfs4_acl->aces[i].who, - nfs4_acl->aces[i].acemask); + print_nfs_access_mask(curr_nfsace->who, + curr_nfsace->acemask); } } + + nfs_i++; } + + nfs4_acl->count = nfs_i; } status = ERROR_SUCCESS; out: diff --git a/nfs41_build_features.h b/nfs41_build_features.h index 0fb2882..37c5995 100644 --- a/nfs41_build_features.h +++ b/nfs41_build_features.h @@ -133,4 +133,24 @@ */ #define NFS41_DRIVER_DEBUG_FS_NAME 1 +/* + * NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES - Skip ACEs + * with SID==|WinNullSid| + * + * Cygwin generates artificial ACEs with SID user |WinNullSid| to + * encode permission information (follow |CYG_ACE_ISBITS_TO_POSIX()| + * in Cygwin newlib-cygwin/winsup/cygwin/sec/acl.cc + * + * This assumes that the filesystem which storesthe ACL data leaves + * them 1:1 intact - which is not the case for the Linux NFSv4.1 + * server (tested with Linux 6.6.32), which transforms the NFSv4.1 + * ACLs into POSIX ACLs at setacl time, and the POSIX ACLs back to + * NFSv4 ACLs at getacl time. + * And this lossy transformation screws-up Cygwin completly. + * The best we can do for now is to skip such ACEs, as we have no + * way to detect whether the NFS server supports full NFSv4 ACLs, + * or only POSIX ACLs disguised as NFSv4 ACLs. + */ +#define NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES 1 + #endif /* !_NFS41_DRIVER_BUILDFEATURES_ */ -- 2.45.1 From 4bba02ccd7b34d8ea12cb6874072de91470e6154 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 1 Jul 2024 17:05:55 +0200 Subject: [PATCH 2/5] daemon: Add assert |(table->highest_used < NFS41_MAX_NUM_SLOTS)| Add assert |(table->highest_used < NFS41_MAX_NUM_SLOTS)| to monitor this code. It looks OK, but static code analysis tools keep complaining. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/nfs41_session.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/daemon/nfs41_session.c b/daemon/nfs41_session.c index 98a2ccb..92741e7 100644 --- a/daemon/nfs41_session.c +++ b/daemon/nfs41_session.c @@ -117,6 +117,9 @@ void nfs41_session_free_slot( } /* update highest_used if necessary */ if (slotid == table->highest_used) { + EASSERT_MSG((table->highest_used < NFS41_MAX_NUM_SLOTS), + ("table->highest_used=%lu\n", + (unsigned long)table->highest_used)); while (table->highest_used && !table->used_slots[table->highest_used]) table->highest_used--; } -- 2.45.1 From d2560f91f59c4d4b7ad8e66487e8da4ec98f4f28 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 1 Jul 2024 17:23:27 +0200 Subject: [PATCH 3/5] daemon,sys: Debug: Always print login_id |LUID| as HighPart.LowPart Debug: Always print login_id |LUID| as HighPart.LowPart Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/mount.c | 14 +++++++------- daemon/nfs41_client.c | 10 +++++----- sys/nfs41_driver.c | 33 +++++++++++++++++++++++++-------- 3 files changed, 37 insertions(+), 20 deletions(-) diff --git a/daemon/mount.c b/daemon/mount.c index 10f0791..cc9053b 100644 --- a/daemon/mount.c +++ b/daemon/mount.c @@ -84,11 +84,11 @@ static int handle_mount(void *daemon_context, nfs41_upcall *upcall) &authenticationid); logprintf("mount(hostport='%s', path='%s', " - "authid=(0x%x.0x%lx)) request\n", + "authid=(0x%lx.0x%lx)) request\n", args->hostport?args->hostport:"<NULL>", args->path?args->path:"<NULL>", - (int)authenticationid.LowPart, - (long)authenticationid.HighPart); + (long)authenticationid.HighPart, + (long)authenticationid.LowPart); #else logprintf("mount(hostport='%s', path='%s') request\n", args->hostport?args->hostport:"<NULL>", @@ -188,11 +188,11 @@ out: if (status == 0) { #ifdef NFS41_DRIVER_USE_AUTHENTICATIONID_FOR_MOUNT_NAMESPACE logprintf("mount(hostport='%s', path='%s', " - "authid=(0x%x.0x%lx)) success, root=0x%p\n", + "authid=(0x%lx.0x%lx)) success, root=0x%p\n", args->hostport?args->hostport:"<NULL>", args->path?args->path:"<NULL>", - (int)authenticationid.LowPart, (long)authenticationid.HighPart, + (long)authenticationid.LowPart, root); #else logprintf("mount(hostport='%s', path='%s') success, root=0x%p\n", @@ -204,11 +204,11 @@ out: else { #ifdef NFS41_DRIVER_USE_AUTHENTICATIONID_FOR_MOUNT_NAMESPACE logprintf("mount(hostport='%s', path='%s', " - "authid=(0x%x.0x%lx))) failed, status=%d\n", + "authid=(0x%lx.0x%lx))) failed, status=%d\n", args->hostport?args->hostport:"<NULL>", args->path?args->path:"<NULL>", - (int)authenticationid.LowPart, (long)authenticationid.HighPart, + (long)authenticationid.LowPart, (int)status); #else logprintf("mount(hostport='%s', path='%s') failed, status=%d\n", diff --git a/daemon/nfs41_client.c b/daemon/nfs41_client.c index b265c71..847aa0c 100644 --- a/daemon/nfs41_client.c +++ b/daemon/nfs41_client.c @@ -398,10 +398,10 @@ int nfs41_client_owner( } DPRINTF(1, ("nfs41_client_owner: " - "username='%s' authid=(0x%x.0x%lx)\n", + "username='%s' authid=(0x%lx.0x%lx)\n", username, - (int)authenticationid.LowPart, - (long)authenticationid.HighPart)); + (long)authenticationid.HighPart, + (long)authenticationid.LowPart)); #endif /* NFS41_DRIVER_USE_AUTHENTICATIONID_FOR_MOUNT_NAMESPACE */ /* owner.verifier = "time created" */ @@ -443,13 +443,13 @@ int nfs41_client_owner( * |LUID| may have (hidden) padding fields, so we hash each * member seperately */ - if (!CryptHashData(hash, (const BYTE*)&authenticationid.LowPart, (DWORD)sizeof(DWORD), 0)) { + if (!CryptHashData(hash, (const BYTE*)&authenticationid.HighPart, (DWORD)sizeof(LONG), 0)) { status = GetLastError(); eprintf("CryptHashData() failed with %d\n", status); goto out_hash; } - if (!CryptHashData(hash, (const BYTE*)&authenticationid.HighPart, (DWORD)sizeof(LONG), 0)) { + if (!CryptHashData(hash, (const BYTE*)&authenticationid.LowPart, (DWORD)sizeof(DWORD), 0)) { status = GetLastError(); eprintf("CryptHashData() failed with %d\n", status); goto out_hash; diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index 327f2ac..bddbe30 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -61,7 +61,7 @@ //#define DEBUG_LOCK #define DEBUG_FSCTL #define DEBUG_TIME_BASED_COHERENCY -//#define DEBUG_MOUNT +#define DEBUG_MOUNT //#define DEBUG_VOLUME_QUERY //#define ENABLE_TIMINGS @@ -3337,6 +3337,11 @@ NTSTATUS nfs41_CreateVNetRoot( if (status) goto out_free; +#ifdef DEBUG_MOUNT + DbgP("UNC path LUID 0x%lx.0x%lx\n", + (long)luid.HighPart, (long)luid.LowPart); +#endif + PLIST_ENTRY pEntry; status = STATUS_NFS_SHARE_NOT_MOUNTED; @@ -3348,10 +3353,21 @@ NTSTATUS nfs41_CreateVNetRoot( existing_mount = (nfs41_mount_entry *)CONTAINING_RECORD(pEntry, nfs41_mount_entry, next); +#ifdef DEBUG_MOUNT + DbgP("finding mount config: " + "comparing luid=(0x%lx.0x%lx) with " + "existing_mount->login_id=(0x%lx.0x%lx)\n", + (long)luid.HighPart, (long)luid.LowPart, + (long)existing_mount->login_id.HighPart, + (long)existing_mount->login_id.LowPart); +#endif + if (RtlEqualLuid(&luid, &existing_mount->login_id)) { /* found existing mount */ copy_nfs41_mount_config(Config, &existing_mount->Config); - DbgP("Found existing mount: Entry Config->MntPt='%wZ'\n", + DbgP("Found existing mount: LUID=(0x%lx.0x%lx) Entry Config->MntPt='%wZ'\n", + (long)existing_mount->login_id.HighPart, + (long)existing_mount->login_id.LowPart, &Config->MntPt); status = STATUS_SUCCESS; break; @@ -3426,10 +3442,10 @@ NTSTATUS nfs41_CreateVNetRoot( existing_mount = (nfs41_mount_entry *)CONTAINING_RECORD(pEntry, nfs41_mount_entry, next); #ifdef DEBUG_MOUNT - DbgP("comparing 0x%x.0x%x with 0x%x.0x%x\n", - luid.HighPart, luid.LowPart, - existing_mount->login_id.HighPart, - existing_mount->login_id.LowPart); + DbgP("comparing 0x%lx.0x%lx with 0x%lx.0x%lx\n", + (long)luid.HighPart, (long)luid.LowPart, + (long)existing_mount->login_id.HighPart, + (long)existing_mount->login_id.LowPart); #endif if (RtlEqualLuid(&luid, &existing_mount->login_id)) { #ifdef DEBUG_MOUNT @@ -3654,8 +3670,9 @@ NTSTATUS nfs41_FinalizeNetRoot( if (mount_tmp == NULL) break; #ifdef DEBUG_MOUNT - DbgP("Removing entry luid 0x%x.0x%x from mount list\n", - mount_tmp->login_id.HighPart, mount_tmp->login_id.LowPart); + DbgP("Removing entry luid 0x%lx.0x%lx from mount list\n", + (long)mount_tmp->login_id.HighPart, + (long)mount_tmp->login_id.LowPart); #endif if (mount_tmp->authsys_session != INVALID_HANDLE_VALUE) { status = nfs41_unmount(mount_tmp->authsys_session, -- 2.45.1 From ce8ae3b576c126c6d8f21e8c7169cd0cc66d6cae Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Tue, 2 Jul 2024 11:25:06 +0200 Subject: [PATCH 4/5] sys: Fix experimental |USE_ENTIRE_PATH| codepath+rename to |USE_ENTIRE_PATH_FOR_NETROOT| Fix experimental |USE_ENTIRE_PATH| codepath+rename it to |USE_ENTIRE_PATH_FOR_NETROOT|. Off by default, as it does not work properly yet, any mount ends-up in the NFS root dir, and the path to the mount target is ignored. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- sys/nfs41_driver.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index bddbe30..cf6207f 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -40,6 +40,7 @@ #include "nfs41_debug.h" #include "nfs41_build_features.h" +// #define USE_ENTIRE_PATH_FOR_NETROOT 1 /* debugging printout defines */ #define DEBUG_MARSHAL_HEADER @@ -3110,6 +3111,42 @@ NTSTATUS has_nfs_prefix( { NTSTATUS status = STATUS_BAD_NETWORK_NAME; +#ifdef USE_ENTIRE_PATH_FOR_NETROOT + if (NetRootName->Length >= + (SrvCallName->Length + NfsPrefix.Length)) { + size_t len = NetRootName->Length / 2; + size_t i; + int state = 0; + + /* Scan \hostname@port\nfs4 */ + for (i = 0 ; i < len ; i++) { + wchar_t ch = NetRootName->Buffer[i]; + + if ((ch == L'\\') && (state == 0)) { + state = 1; + continue; + } + else if ((ch == L'@') && (state == 1)) { + state = 2; + continue; + } + else if ((ch == L'\\') && (state == 2)) { + state = 3; + break; + } + else if (ch == L'\\') { + /* Abort, '\\' with wrong state */ + break; + } + } + + if ((state == 3) && + (!memcmp(&NetRootName->Buffer[i], L"\\nfs4", + (4*sizeof(wchar_t))))) { + status = STATUS_SUCCESS; + } + } +#else if (NetRootName->Length == SrvCallName->Length + NfsPrefix.Length) { const UNICODE_STRING NetRootPrefix = { NfsPrefix.Length, @@ -3119,6 +3156,7 @@ NTSTATUS has_nfs_prefix( if (RtlCompareUnicodeString(&NetRootPrefix, &NfsPrefix, FALSE) == 0) status = STATUS_SUCCESS; } +#endif return status; } @@ -3585,7 +3623,7 @@ VOID nfs41_ExtractNetRootName( w += (SrvCall->pSrvCallName->Length/sizeof(WCHAR)); NetRootName->Buffer = wlow = w; /* parse the entire path into NetRootName */ -#if USE_ENTIRE_PATH +#if USE_ENTIRE_PATH_FOR_NETROOT w = wlimit; #else for (;;) { @@ -3599,7 +3637,9 @@ VOID nfs41_ExtractNetRootName( NetRootName->Length = NetRootName->MaximumLength = (USHORT)((PCHAR)w - (PCHAR)wlow); #ifdef DEBUG_MOUNT - DbgP("In: pSrvCall 0x%p PathName='%wZ' SrvCallName='%wZ' Out: NetRootName='%wZ'\n", + DbgP("nfs41_ExtractNetRootName: " + "In: pSrvCall 0x%p PathName='%wZ' SrvCallName='%wZ' " + "Out: NetRootName='%wZ'\n", SrvCall, FilePathName, SrvCall->pSrvCallName, NetRootName); #endif return; -- 2.45.1 From 6f4b62c83705a63b06079365bddd214829be40e8 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Tue, 2 Jul 2024 11:50:01 +0200 Subject: [PATCH 5/5] cygwin: make clean does not clean nfs_ea.exe make clean should execute the "clean" target in the tests/ea/ subdir too. Reported-by: Martin Wege <martin.l.wege@gmail.com> Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/cygwin/Makefile b/cygwin/Makefile index a814d3f..15d5336 100644 --- a/cygwin/Makefile +++ b/cygwin/Makefile @@ -66,6 +66,7 @@ build: build_32bit_release build_32bit_debug build_64bit_release build_64bit_deb # clean: rm -vRf $$(find "$(PROJECT_BASEDIR_DIR)/build.vc19" -name Debug -o -name Release) + (cd "$(PROJECT_BASEDIR_DIR)/tests/ea" && make clean) (cd "$(PROJECT_BASEDIR_DIR)/tests/winfsinfo1" && make clean) (cd "$(PROJECT_BASEDIR_DIR)/tests/winsg" && make clean) -- 2.45.1

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at