Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client: Patch for sec=none support, better debug/error messages, docs+misc, 2025-05-05
Posted by Anonymous on Mon 5th May 2025 18:31
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
From 0673e13270dd980faf8983cc798c14802404c78f Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 5 May 2025 12:51:17 +0200 Subject: [PATCH 1/6] daemon: Make sure |FSCTL_DUPLICATE_EXTENTS_TO_FILE| src and dst are on the same filesystem Make sure that |FSCTL_DUPLICATE_EXTENTS_TO_FILE| source and dest are on the same filesystem (by comparing the values of |FATTR4_WORD0_FSID|). Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/fsctl.c | 69 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 59 insertions(+), 10 deletions(-) diff --git a/daemon/fsctl.c b/daemon/fsctl.c index 80a4e02..200ae9d 100644 --- a/daemon/fsctl.c +++ b/daemon/fsctl.c @@ -646,15 +646,15 @@ int handle_duplicatedata(void *daemon_context, duplicatedata_upcall_args *args = &upcall->args.duplicatedata; nfs41_open_state *src_state = args->src_state; nfs41_open_state *dst_state = upcall->state_ref; - nfs41_session *session = dst_state->session; + nfs41_session *src_session = src_state->session; + nfs41_session *dst_session = dst_state->session; + nfs41_path_fh *src_file = &src_state->file; nfs41_path_fh *dst_file = &dst_state->file; nfs41_file_info info; stateid_arg src_stateid; stateid_arg dst_stateid; int64_t bytecount; - (void)memset(&info, 0, sizeof(info)); - DPRINTF(DDLVL, ("--> handle_duplicatedata(" "dst_state->path.path='%s', " @@ -663,17 +663,17 @@ int handle_duplicatedata(void *daemon_context, src_state->path.path)); /* NFS SEEK supported ? */ - if (session->client->root->supports_nfs42_seek == false) { + if (src_session->client->root->supports_nfs42_seek == false) { status = ERROR_NOT_SUPPORTED; goto out; } /* NFS CLONE supported ? */ - if (session->client->root->supports_nfs42_clone == false) { + if (src_session->client->root->supports_nfs42_clone == false) { status = ERROR_NOT_SUPPORTED; goto out; } /* NFS DEALLOCATE supported ? */ - if (session->client->root->supports_nfs42_deallocate == false) { + if (src_session->client->root->supports_nfs42_deallocate == false) { status = ERROR_NOT_SUPPORTED; goto out; } @@ -681,6 +681,31 @@ int handle_duplicatedata(void *daemon_context, nfs41_open_stateid_arg(src_state, &src_stateid); nfs41_open_stateid_arg(dst_state, &dst_stateid); + /* + * Get src file fsid + */ + bitmap4 src_attr_request = { + .count = 1, + .arr[0] = FATTR4_WORD0_FSID, + }; + (void)memset(&info, 0, sizeof(info)); + status = nfs41_getattr(src_session, src_file, &src_attr_request, + &info); + if (status) { + eprintf("handle_duplicatedata: " + "nfs41_getattr(src_state->path.path='%s') " + "failed with '%s'\n", + src_state->path.path, + nfs_error_string(status)); + status = nfs_to_windows_error(status, ERROR_BAD_NET_RESP); + goto out; + } + + EASSERT(bitmap_isset(&info.attrmask, 0, FATTR4_WORD0_FSID)); + + nfs41_fsid src_file_fsid; + (void)memcpy(&src_file_fsid, &info.fsid, sizeof(src_file_fsid)); + /* * Get destination file size * Callers will set the file size before calling @@ -693,21 +718,45 @@ int handle_duplicatedata(void *daemon_context, * size to clamp |args->bytecount|. */ int64_t dst_file_size; - bitmap4 attr_request = { + bitmap4 dst_attr_request = { .count = 3, - .arr[0] = FATTR4_WORD0_SIZE, + .arr[0] = FATTR4_WORD0_SIZE|FATTR4_WORD0_FSID, .arr[1] = 0UL, .arr[2] = FATTR4_WORD2_CLONE_BLKSIZE }; - status = nfs41_getattr(session, dst_file, &attr_request, &info); + (void)memset(&info, 0, sizeof(info)); + status = nfs41_getattr(dst_session, dst_file, &dst_attr_request, + &info); if (status) { eprintf("handle_duplicatedata: " - "nfs41_getattr() failed with '%s'\n", + "nfs41_getattr(dst_state->path.path='%s') " + "failed with '%s'\n", + dst_state->path.path, nfs_error_string(status)); status = nfs_to_windows_error(status, ERROR_BAD_NET_RESP); goto out; } + EASSERT(bitmap_isset(&info.attrmask, 0, FATTR4_WORD0_FSID)); + + /* + * Check whether source and destination files are on the same + * filesystem + */ + if (memcmp(&src_file_fsid, &info.fsid, + sizeof(src_file_fsid)) != 0) { + DPRINTF(DDLVL, + ("handle_duplicatedata: " + "src_file_fsid(major=%llu,minor=%llu) != " + "dst_file_fsid(major=%llu,minor=%llu)\n", + (unsigned long long)src_file_fsid.major, + (unsigned long long)src_file_fsid.minor, + (unsigned long long)info.fsid.major, + (unsigned long long)info.fsid.minor)); + status = ERROR_NOT_SAME_DEVICE; + goto out; + } + EASSERT(bitmap_isset(&info.attrmask, 0, FATTR4_WORD0_SIZE)); if (bitmap_isset(&info.attrmask, 2, FATTR4_WORD2_CLONE_BLKSIZE)) { -- 2.45.1 From 8966bc708f28074856107d0e92cba65a3f374ef5 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 5 May 2025 12:56:07 +0200 Subject: [PATCH 2/6] cygwin: Document block cloning support in README.bintarball.txt Document block cloning support (via |FSCTL_DUPLICATE_EXTENTS_TO_FILE|) in README.bintarball.txt. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin/README.bintarball.txt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cygwin/README.bintarball.txt b/cygwin/README.bintarball.txt index 21b6e38..e7b9d79 100644 --- a/cygwin/README.bintarball.txt +++ b/cygwin/README.bintarball.txt @@ -90,6 +90,22 @@ NFSv4.2/NFSv4.1 filesystem driver for Windows 10/11&Windows Server 2019+2022 Requires on Win11 >= 22H2 because it relies on |CopyFile2()| flag |COPY_FILE_ENABLE_SPARSE_COPY|. +- Block cloning support + - Implmenented via Win32 |FSCTL_DUPLICATE_EXTENTS_TO_FILE| to + clone file blocks from src to dst within the same + filesystem. + - Requires NFSv4.2 server which supports the NFSv4.2 + operations "CLONE", "DEALLOCATE", "SEEK", and exports + a filesystem which supports block cloning (e.g. Linux BTRFS+XFS, + but NOT Linux tmpfs) + - Sparse files are correctly cloned, including all hole and data + ranges + - /usr/bin/winclonefile.exe can be used to clone a file + - Windows 11 |CopyFile2()| API uses + |FSCTL_DUPLICATE_EXTENTS_TO_FILE| by default + - Windows 11 tools like xcopy.exe, robocopy etc. all use + |CopyFile2()|, and therefore file cloning by default + - Symlink reparse and translation support - Translates Win32/NT symlink syntax (e.g. $ mklink /D ... Y:\tmp\ #) to NFS/POSIX syntax (e.g. -- 2.45.1 From aad8ce4814e469694c38796e721e7df811fedcc9 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 5 May 2025 18:08:46 +0200 Subject: [PATCH 3/6] cygwin,daemon,include,mount,sys: Implement nfs_mount -o sec=none (AUTH_NONE) Implement nfs_mount -o sec=none (AUTH_NONE). Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin/README.bintarball.txt | 6 ++++++ daemon/daemon_debug.c | 2 ++ daemon/nfs41_compound.c | 19 ++++++++++++++++++- daemon/nfs41_ops.h | 2 +- daemon/nfs41_rpc.c | 28 +++++++++++++++++++++++----- include/nfs41_driver.h | 2 ++ mount/mount.c | 6 ++++-- sys/nfs41sys_driver.c | 3 ++- sys/nfs41sys_driver.h | 2 ++ sys/nfs41sys_mount.c | 34 +++++++++++++++++++++++++++------- 10 files changed, 87 insertions(+), 17 deletions(-) diff --git a/cygwin/README.bintarball.txt b/cygwin/README.bintarball.txt index e7b9d79..7b5fb9b 100644 --- a/cygwin/README.bintarball.txt +++ b/cygwin/README.bintarball.txt @@ -563,6 +563,12 @@ $ mount -t drvfs '\\10.49.202.230@2049\nfs4\bigdisk' /mnt/bigdisk user+groups to a small script for the NFSv4 server to set-up these accounts on the server side. +- nfs_mount -o sec=none ... # works with Solaris 11.4 nfsd, but + might require Linux kernel commit + https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git/patch/?id=bb4f07f2409c26c01e97e6f9b432545f353e3b66 + ("nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT") to + work. + # # 11. Known issues: diff --git a/daemon/daemon_debug.c b/daemon/daemon_debug.c index 7d81b9c..674bec5 100644 --- a/daemon/daemon_debug.c +++ b/daemon/daemon_debug.c @@ -867,6 +867,8 @@ const char* secflavorop2name(DWORD sec_flavor) { switch(sec_flavor) { #define RPCSEC_AUTH_TO_STRLITERAL(e) case e: return #e; + RPCSEC_AUTH_TO_STRLITERAL(RPCSEC_AUTH_UNDEFINED) + RPCSEC_AUTH_TO_STRLITERAL(RPCSEC_AUTH_NONE) RPCSEC_AUTH_TO_STRLITERAL(RPCSEC_AUTH_SYS) RPCSEC_AUTH_TO_STRLITERAL(RPCSEC_AUTHGSS_KRB5) RPCSEC_AUTH_TO_STRLITERAL(RPCSEC_AUTHGSS_KRB5I) diff --git a/daemon/nfs41_compound.c b/daemon/nfs41_compound.c index 908f170..497dd87 100644 --- a/daemon/nfs41_compound.c +++ b/daemon/nfs41_compound.c @@ -111,7 +111,16 @@ static int create_new_rpc_auth(nfs41_session *session, uint32_t op, continue; } sec_flavor = secinfo[i].type; - } else { + } + else if (secinfo[i].sec_flavor == AUTH_NONE) { + auth = authnone_create(); + if (auth == NULL) { + eprintf("create_new_rpc_auth: authnone_create failed\n"); + continue; + } + sec_flavor = AUTH_NONE; + } + else if (secinfo[i].sec_flavor == AUTH_SYS) { char machname[MAXHOSTNAMELEN + 1]; gid_t aup_gids[RPC_AUTHUNIX_AUP_MAX_NUM_GIDS]; int num_aup_gids = 0; @@ -138,6 +147,14 @@ static int create_new_rpc_auth(nfs41_session *session, uint32_t op, } sec_flavor = AUTH_SYS; } + else { + eprintf("create_new_rpc_auth: " + "Unknown secinfo[i(=%d)].sec_flavor=%ld", + i, + (long)secinfo[i].sec_flavor); + continue; + } + AcquireSRWLockExclusive(&session->client->rpc->lock); session->client->rpc->sec_flavor = sec_flavor; session->client->rpc->rpc->cl_auth = auth; diff --git a/daemon/nfs41_ops.h b/daemon/nfs41_ops.h index d49346b..26b3afe 100644 --- a/daemon/nfs41_ops.h +++ b/daemon/nfs41_ops.h @@ -1022,7 +1022,7 @@ typedef struct __nfs41_secinfo_args { const nfs41_component *name; } nfs41_secinfo_args; -#define MAX_SECINFOS 6 +#define MAX_SECINFOS 7 /* OP_SECINFO_NO_NAME */ enum secinfo_no_name_type { diff --git a/daemon/nfs41_rpc.c b/daemon/nfs41_rpc.c index 6bf9d3a..17e37de 100644 --- a/daemon/nfs41_rpc.c +++ b/daemon/nfs41_rpc.c @@ -1,5 +1,6 @@ /* NFSv4.1 client for Windows - * Copyright (C) 2012 The Regents of the University of Michigan + * Copyright (C) 2012 The Regents of the University of Michigan + * Copyright (C) 2023-2025 Roland Mainz <roland.mainz@nrubsig.org> * * Olga Kornievskaia <aglo@umich.edu> * Casey Bodley <cbodley@umich.edu> @@ -25,7 +26,8 @@ #include "daemon_debug.h" #include "nfs41_xdr.h" #include "nfs41_callback.h" -#include "nfs41_driver.h" /* for AUTH_SYS, AUTHGSS_KRB5s defines */ +/* for AUTH_NONE, AUTH_SYS, AUTHGSS_KRB5s defines */ +#include "nfs41_driver.h" #include "rpc/rpc.h" #define SECURITY_WIN32 @@ -191,7 +193,15 @@ int nfs41_rpc_clnt_create( } rpc->sec_flavor = sec_flavor; - if (sec_flavor == RPCSEC_AUTH_SYS) { + if (sec_flavor == RPCSEC_AUTH_NONE) { + client->cl_auth = authnone_create(); + if (client->cl_auth == NULL) { + eprintf("nfs41_rpc_clnt_create: failed to create rpc authnone\n"); + status = ERROR_NETWORK_UNREACHABLE; + goto out_err_client; + } + } + else if (sec_flavor == RPCSEC_AUTH_SYS) { gid_t aup_gids[RPC_AUTHUNIX_AUP_MAX_NUM_GIDS]; int num_aup_gids = 0; @@ -218,6 +228,10 @@ int nfs41_rpc_clnt_create( goto out_err_client; } } else { + /* + * FIXME: We should test for |RPCSEC_GSS|, and the |else| + * branch should return an error + */ status = create_rpcsec_auth_client(sec_flavor, rpc->server_name, client); if (status) { eprintf("nfs41_rpc_clnt_create: failed to establish security " @@ -306,8 +320,10 @@ static int rpc_reconnect( if (status) goto out_unlock; - if(rpc->sec_flavor == RPCSEC_AUTH_SYS) + if((rpc->sec_flavor == RPCSEC_AUTH_NONE) || + (rpc->sec_flavor == RPCSEC_AUTH_SYS)) { client->cl_auth = rpc->rpc->cl_auth; + } else { auth_destroy(rpc->rpc->cl_auth); status = create_rpcsec_auth_client(rpc->sec_flavor, rpc->server_name, client); @@ -395,7 +411,9 @@ int nfs41_send_compound( goto try_again; } rpc_renew_in_progress(rpc, &one); - if (rpc_status == RPC_AUTHERROR && rpc->sec_flavor != RPCSEC_AUTH_SYS) { + if ((rpc_status == RPC_AUTHERROR) && + (rpc->sec_flavor != RPCSEC_AUTH_NONE) && + (rpc->sec_flavor != RPCSEC_AUTH_SYS)) { AcquireSRWLockExclusive(&rpc->lock); auth_destroy(rpc->rpc->cl_auth); status = create_rpcsec_auth_client(rpc->sec_flavor, diff --git a/include/nfs41_driver.h b/include/nfs41_driver.h index 3837793..3257937 100644 --- a/include/nfs41_driver.h +++ b/include/nfs41_driver.h @@ -104,6 +104,8 @@ typedef enum _nfs41_sysop_open_symlinktarget_type { } nfs41_sysop_open_symlinktarget_type; enum rpcsec_flavors { + RPCSEC_AUTH_UNDEFINED = 0, + RPCSEC_AUTH_NONE, RPCSEC_AUTH_SYS, RPCSEC_AUTHGSS_KRB5, RPCSEC_AUTHGSS_KRB5I, diff --git a/mount/mount.c b/mount/mount.c index c3d0487..99a43ff 100644 --- a/mount/mount.c +++ b/mount/mount.c @@ -1,5 +1,6 @@ /* NFSv4.1 client for Windows - * Copyright (C) 2012 The Regents of the University of Michigan + * Copyright (C) 2012 The Regents of the University of Michigan + * Copyright (C) 2023-2025 Roland Mainz <roland.mainz@nrubsig.org> * * Olga Kornievskaia <aglo@umich.edu> * Casey Bodley <cbodley@umich.edu> @@ -134,7 +135,8 @@ void PrintMountUsage(LPWSTR pProcess) "\t\tsuitable version with the server, trying version 4.2 and then 4.1\n" "\trsize=#\tread buffer size in bytes\n" "\twsize=#\twrite buffer size in bytes\n" - "\tsec=sys:krb5:krb5i:krb5p\tspecify (gss) security flavor\n" + "\tsec=none:sys:krb5:krb5i:krb5p\tspecify (gss) security flavor " + "(defaults to 'sys')\n" "\twritethru\tturns off rdbss caching for writes\n" "\tnowritethru\tturns on rdbss caching for writes (default)\n" "\tcache\tturns on rdbss caching (default)\n" diff --git a/sys/nfs41sys_driver.c b/sys/nfs41sys_driver.c index 687ca93..43f0706 100644 --- a/sys/nfs41sys_driver.c +++ b/sys/nfs41sys_driver.c @@ -1,6 +1,6 @@ /* NFSv4.1 client for Windows * Copyright (C) 2012 The Regents of the University of Michigan - * Copyright (C) 2023-2024 Roland Mainz <roland.mainz@nrubsig.org> + * Copyright (C) 2023-2025 Roland Mainz <roland.mainz@nrubsig.org> * * Olga Kornievskaia <aglo@umich.edu> * Casey Bodley <cbodley@umich.edu> @@ -77,6 +77,7 @@ */ DECLARE_CONST_UNICODE_STRING(NfsPrefix, L"\\nfs4"); DECLARE_CONST_UNICODE_STRING(PubNfsPrefix, L"\\pubnfs4"); +DECLARE_CONST_UNICODE_STRING(AUTH_NONE_NAME, L"none"); DECLARE_CONST_UNICODE_STRING(AUTH_SYS_NAME, L"sys"); DECLARE_CONST_UNICODE_STRING(AUTHGSS_KRB5_NAME, L"krb5"); DECLARE_CONST_UNICODE_STRING(AUTHGSS_KRB5I_NAME, L"krb5i"); diff --git a/sys/nfs41sys_driver.h b/sys/nfs41sys_driver.h index a237071..d6aef7c 100644 --- a/sys/nfs41sys_driver.h +++ b/sys/nfs41sys_driver.h @@ -107,6 +107,7 @@ typedef struct __nfs41_timings { DECLARE_EXTERN_DECLARE_CONST_UNICODE_STRING(NfsPrefix); DECLARE_EXTERN_DECLARE_CONST_UNICODE_STRING(PubNfsPrefix); +DECLARE_EXTERN_DECLARE_CONST_UNICODE_STRING(AUTH_NONE_NAME); DECLARE_EXTERN_DECLARE_CONST_UNICODE_STRING(AUTH_SYS_NAME); DECLARE_EXTERN_DECLARE_CONST_UNICODE_STRING(AUTHGSS_KRB5_NAME); DECLARE_EXTERN_DECLARE_CONST_UNICODE_STRING(AUTHGSS_KRB5I_NAME); @@ -334,6 +335,7 @@ typedef struct _NFS41_MOUNT_CONFIG { typedef struct _nfs41_mount_entry { LIST_ENTRY next; LUID login_id; + HANDLE authnone_session; HANDLE authsys_session; HANDLE gss_session; HANDLE gssi_session; diff --git a/sys/nfs41sys_mount.c b/sys/nfs41sys_mount.c index e672c0a..5a78eb8 100644 --- a/sys/nfs41sys_mount.c +++ b/sys/nfs41sys_mount.c @@ -82,10 +82,12 @@ static const char *secflavorop2name( DWORD sec_flavor) { switch(sec_flavor) { - case RPCSEC_AUTH_SYS: return "AUTH_SYS"; - case RPCSEC_AUTHGSS_KRB5: return "AUTHGSS_KRB5"; - case RPCSEC_AUTHGSS_KRB5I: return "AUTHGSS_KRB5I"; - case RPCSEC_AUTHGSS_KRB5P: return "AUTHGSS_KRB5P"; + case RPCSEC_AUTH_UNDEFINED: return "Undefined AUTH_*"; + case RPCSEC_AUTH_NONE: return "AUTH_NONE"; + case RPCSEC_AUTH_SYS: return "AUTH_SYS"; + case RPCSEC_AUTHGSS_KRB5: return "AUTHGSS_KRB5"; + case RPCSEC_AUTHGSS_KRB5I: return "AUTHGSS_KRB5I"; + case RPCSEC_AUTHGSS_KRB5P: return "AUTHGSS_KRB5P"; } return "UNKNOWN FLAVOR"; @@ -673,7 +675,9 @@ NTSTATUS map_sec_flavor( IN PUNICODE_STRING sec_flavor_name, OUT PDWORD sec_flavor) { - if (RtlCompareUnicodeString(sec_flavor_name, &AUTH_SYS_NAME, FALSE) == 0) + if (RtlCompareUnicodeString(sec_flavor_name, &AUTH_NONE_NAME, FALSE) == 0) + *sec_flavor = RPCSEC_AUTH_NONE; + else if (RtlCompareUnicodeString(sec_flavor_name, &AUTH_SYS_NAME, FALSE) == 0) *sec_flavor = RPCSEC_AUTH_SYS; else if (RtlCompareUnicodeString(sec_flavor_name, &AUTHGSS_KRB5_NAME, FALSE) == 0) *sec_flavor = RPCSEC_AUTHGSS_KRB5; @@ -1100,6 +1104,11 @@ NTSTATUS nfs41_CreateVNetRoot( #endif found_existing_mount = TRUE; switch(pVNetRootContext->sec_flavor) { + case RPCSEC_AUTH_NONE: + if (existing_mount->authnone_session != INVALID_HANDLE_VALUE) + pVNetRootContext->session = + existing_mount->authnone_session; + break; case RPCSEC_AUTH_SYS: if (existing_mount->authsys_session != INVALID_HANDLE_VALUE) pVNetRootContext->session = @@ -1158,9 +1167,12 @@ NTSTATUS nfs41_CreateVNetRoot( status = STATUS_INSUFFICIENT_RESOURCES; goto out_free; } - entry->authsys_session = entry->gss_session = - entry->gssi_session = entry->gssp_session = INVALID_HANDLE_VALUE; + entry->authnone_session = entry->authsys_session = + entry->gss_session = entry->gssi_session = + entry->gssp_session = INVALID_HANDLE_VALUE; switch (pVNetRootContext->sec_flavor) { + case RPCSEC_AUTH_NONE: + entry->authnone_session = pVNetRootContext->session; break; case RPCSEC_AUTH_SYS: entry->authsys_session = pVNetRootContext->session; break; case RPCSEC_AUTHGSS_KRB5: @@ -1186,6 +1198,8 @@ NTSTATUS nfs41_CreateVNetRoot( (int)pVNetRootContext->sec_flavor); #endif switch (pVNetRootContext->sec_flavor) { + case RPCSEC_AUTH_NONE: + existing_mount->authnone_session = pVNetRootContext->session; break; case RPCSEC_AUTH_SYS: existing_mount->authsys_session = pVNetRootContext->session; break; case RPCSEC_AUTHGSS_KRB5: @@ -1348,6 +1362,12 @@ NTSTATUS nfs41_FinalizeNetRoot( (long)mount_tmp->login_id.HighPart, (long)mount_tmp->login_id.LowPart); #endif + if (mount_tmp->authnone_session != INVALID_HANDLE_VALUE) { + status = nfs41_unmount(mount_tmp->authnone_session, + pNetRootContext->nfs41d_version, UPCALL_TIMEOUT_DEFAULT); + if (status) + print_error("nfs41_unmount AUTH_NONE failed with %d\n", status); + } if (mount_tmp->authsys_session != INVALID_HANDLE_VALUE) { status = nfs41_unmount(mount_tmp->authsys_session, pNetRootContext->nfs41d_version, UPCALL_TIMEOUT_DEFAULT); -- 2.45.1 From 12505745a9a2cd20f839897cc787f6b22c566e1d Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 5 May 2025 18:11:58 +0200 Subject: [PATCH 4/6] daemon: |create_rpcsec_auth_client() should be |static| |create_rpcsec_auth_client() should be |static| Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/nfs41_rpc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/daemon/nfs41_rpc.c b/daemon/nfs41_rpc.c index 17e37de..ce47125 100644 --- a/daemon/nfs41_rpc.c +++ b/daemon/nfs41_rpc.c @@ -106,6 +106,7 @@ static int get_client_for_multi_addr( return status; } +static int create_rpcsec_auth_client( IN uint32_t sec_flavor, IN char *server_name, -- 2.45.1 From bda556fba2f401ef986a251fdb0147b5542cff2b Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 5 May 2025 18:25:20 +0200 Subject: [PATCH 5/6] daemon: |eprintf()| in auth/rpc codepaths should always use the function name as prefix |eprintf()| in auth/rpc codepaths should always use the (correct) function name as prefix Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/nfs41_compound.c | 48 +++++++++++++++++++++++++------------ daemon/nfs41_rpc.c | 53 ++++++++++++++++++++++++++--------------- 2 files changed, 67 insertions(+), 34 deletions(-) diff --git a/daemon/nfs41_compound.c b/daemon/nfs41_compound.c index 497dd87..b9ed5df 100644 --- a/daemon/nfs41_compound.c +++ b/daemon/nfs41_compound.c @@ -106,8 +106,10 @@ static int create_new_rpc_auth(nfs41_session *session, uint32_t op, auth = authsspi_create_default(session->client->rpc->rpc, session->client->rpc->server_name, secinfo[i].type); if (auth == NULL) { - eprintf("handle_wrongsecinfo_noname: authsspi_create_default for " - "gsstype %s failed\n", gssauth_string(secinfo[i].type)); + eprintf("create_new_rpc_auth: " + "authsspi_create_default for " + "gsstype %s failed\n", + gssauth_string(secinfo[i].type)); continue; } sec_flavor = secinfo[i].type; @@ -115,7 +117,8 @@ static int create_new_rpc_auth(nfs41_session *session, uint32_t op, else if (secinfo[i].sec_flavor == AUTH_NONE) { auth = authnone_create(); if (auth == NULL) { - eprintf("create_new_rpc_auth: authnone_create failed\n"); + eprintf("create_new_rpc_auth: " + "authnone_create failed\n"); continue; } sec_flavor = AUTH_NONE; @@ -133,7 +136,7 @@ static int create_new_rpc_auth(nfs41_session *session, uint32_t op, } if (gethostname(machname, sizeof(machname)) == -1) { - eprintf("nfs41_rpc_clnt_create: gethostname failed\n"); + eprintf("create_new_rpc_auth: gethostname failed\n"); continue; } machname[sizeof(machname) - 1] = '\0'; @@ -142,7 +145,8 @@ static int create_new_rpc_auth(nfs41_session *session, uint32_t op, session->client->rpc->gid, num_aup_gids, aup_gids); if (auth == NULL) { - eprintf("handle_wrongsecinfo_noname: authsys_create failed\n"); + eprintf("create_new_rpc_auth: " + "authsys_create failed\n"); continue; } sec_flavor = AUTH_SYS; @@ -197,15 +201,18 @@ retry: if (seq->sr_status == NFS4_OK) { // returned slotid must be the same we sent if (seq->sr_resok4.sr_slotid != args->sa_slotid) { - eprintf("[session] sr_slotid=%d != sa_slotid=%d\n", - seq->sr_resok4.sr_slotid, args->sa_slotid); + eprintf("compound_encode_send_decode: " + "[session] sr_slotid=%d != sa_slotid=%d\n", + seq->sr_resok4.sr_slotid, + args->sa_slotid); status = NFS4ERR_IO; goto out_free_slot; } // returned sessionid must be the same we sent if (memcmp(seq->sr_resok4.sr_sessionid, args->sa_sessionid, NFS4_SESSIONID_SIZE)) { - eprintf("[session] sr_sessionid != sa_sessionid\n"); + eprintf("compound_encode_send_decode: " + "[session] sr_sessionid != sa_sessionid\n"); if (DPRINTF_LEVEL_ENABLED(1)) { print_hexbuf("sr_sessionid", seq->sr_resok4.sr_sessionid, NFS4_SESSIONID_SIZE); @@ -229,8 +236,11 @@ retry: } if (status) { - eprintf("nfs41_send_compound failed %d for seqid=%d, slotid=%d\n", - status, args->sa_sequenceid, args->sa_slotid); + eprintf("compound_encode_send_decode: " + "nfs41_send_compound failed %d for seqid=%d, slotid=%d\n", + status, + args->sa_sequenceid, + args->sa_slotid); status = NFS4ERR_IO; goto out_free_slot; } @@ -253,7 +263,9 @@ retry: nfs41_recovery_finish(session->client); if (status) { - eprintf("nfs41_client_renew() failed with %d\n", status); + eprintf("compound_encode_send_decode: " + "nfs41_client_renew() failed with %d\n", + status); status = ERROR_BAD_NET_RESP; goto out; } @@ -277,7 +289,9 @@ retry: nfs41_recovery_finish(session->client); if (status) { - eprintf("nfs41_recover_session() failed with %d\n", status); + eprintf("compound_encode_send_decode: " + "nfs41_recover_session() failed with %d\n", + status); status = ERROR_BAD_NET_RESP; goto out; } @@ -397,7 +411,8 @@ retry: (argarray[1].op == OP_PUTROOTFH)) && ((argarray[2].op == OP_SECINFO_NO_NAME) || (argarray[2].op == OP_SECINFO))) { - eprintf("SECINFO: BROKEN SERVER\n"); + eprintf("compound_encode_send_decode: " + "SECINFO: BROKEN SERVER\n"); goto out; } if (!try_recovery) @@ -436,7 +451,9 @@ retry: } secinfo_status = nfs41_secinfo(session, file, name, secinfo); if (secinfo_status) { - eprintf("nfs41_secinfo failed with %d\n", secinfo_status); + eprintf("compound_encode_send_decode: " + "nfs41_secinfo failed with %d\n", + secinfo_status); nfs41_recovery_finish(session->client); if (secinfo_status == NFS4ERR_BADSESSION) { if (op1 == OP_SEQUENCE) @@ -453,7 +470,8 @@ retry: } secinfo_status = nfs41_secinfo_noname(session, file, secinfo); if (secinfo_status) { - eprintf("nfs41_secinfo_noname failed with %d\n", + eprintf("compound_encode_send_decode: " + "nfs41_secinfo_noname failed with %d\n", secinfo_status); nfs41_recovery_finish(session->client); if (op1 == OP_SEQUENCE) diff --git a/daemon/nfs41_rpc.c b/daemon/nfs41_rpc.c index ce47125..8efaf67 100644 --- a/daemon/nfs41_rpc.c +++ b/daemon/nfs41_rpc.c @@ -129,17 +129,18 @@ int create_rpcsec_auth_client( RPCSEC_SSPI_SVC_PRIVACY); break; default: - eprintf("create_rpc_auth_client: unknown rpcsec flavor %d\n", - sec_flavor); + eprintf("create_rpcsec_auth_client: unknown rpcsec flavor %d\n", + sec_flavor); client->cl_auth = NULL; } if (client->cl_auth == NULL) { - eprintf("nfs41_rpc_clnt_create: failed to create '%s'\n", - secflavorop2name(sec_flavor)); + eprintf("create_rpcsec_auth_client: failed to create '%s'\n", + secflavorop2name(sec_flavor)); goto out; } else { - DPRINTF(1, ("nfs41_rpc_clnt_create: successfully created '%s'\n", + DPRINTF(1, + ("create_rpcsec_auth_client: successfully created '%s'\n", secflavorop2name(sec_flavor))); } status = 0; @@ -177,7 +178,8 @@ int nfs41_rpc_clnt_create( rpc->cond = CreateEvent(NULL, TRUE, FALSE, NULL); if (rpc->cond == NULL) { status = GetLastError(); - eprintf("CreateEvent failed %d\n", status); + eprintf("nfs41_rpc_clnt_create: CreateEvent failed %d\n", + status); goto out_free_rpc_clnt; } status = get_client_for_multi_addr(addrs, wsize, rsize, needcb?rpc:NULL, @@ -197,7 +199,8 @@ int nfs41_rpc_clnt_create( if (sec_flavor == RPCSEC_AUTH_NONE) { client->cl_auth = authnone_create(); if (client->cl_auth == NULL) { - eprintf("nfs41_rpc_clnt_create: failed to create rpc authnone\n"); + eprintf("nfs41_rpc_clnt_create: " + "failed to create rpc authnone\n"); status = ERROR_NETWORK_UNREACHABLE; goto out_err_client; } @@ -224,7 +227,8 @@ int nfs41_rpc_clnt_create( uid, gid, num_aup_gids, aup_gids); if (client->cl_auth == NULL) { - eprintf("nfs41_rpc_clnt_create: failed to create rpc authsys\n"); + eprintf("nfs41_rpc_clnt_create: " + "failed to create rpc authsys\n"); status = ERROR_NETWORK_UNREACHABLE; goto out_err_client; } @@ -235,8 +239,10 @@ int nfs41_rpc_clnt_create( */ status = create_rpcsec_auth_client(sec_flavor, rpc->server_name, client); if (status) { - eprintf("nfs41_rpc_clnt_create: failed to establish security " - "context with %s\n", rpc->server_name); + eprintf("nfs41_rpc_clnt_create: " + "failed to establish security " + "context with %s\n", + rpc->server_name); status = ERROR_NETWORK_UNREACHABLE; goto out_err_client; } else @@ -329,7 +335,8 @@ static int rpc_reconnect( auth_destroy(rpc->rpc->cl_auth); status = create_rpcsec_auth_client(rpc->sec_flavor, rpc->server_name, client); if (status) { - eprintf("Failed to reestablish security context\n"); + eprintf("rpc_reconnect: " + "Failed to reestablish security context\n"); status = ERROR_NETWORK_UNREACHABLE; goto out_err_client; } @@ -344,7 +351,7 @@ static int rpc_reconnect( rpc->rpc = client; rpc->addr_index = addr_index; rpc->version++; - DPRINTF(1, ("nfs41_send_compound: reestablished RPC connection\n")); + DPRINTF(1, ("rpc_reconnect: reestablished RPC connection\n")); out_unlock: ReleaseSRWLockExclusive(&rpc->lock); @@ -356,7 +363,8 @@ out_unlock: status = nfs41_bind_conn_to_session(rpc, rpc->client->session->session_id, CDFC4_BACK_OR_BOTH); if (status) - eprintf("nfs41_bind_conn_to_session() failed with '%s'\n", + eprintf("rpc_reconnect: " + "nfs41_bind_conn_to_session() failed with '%s'\n", nfs_error_string(status)); status = NFS4_OK; } @@ -387,7 +395,8 @@ int nfs41_send_compound( ReleaseSRWLockShared(&rpc->lock); if (rpc_status != RPC_SUCCESS) { - eprintf("clnt_call returned rpc_status = '%s'\n", + eprintf("nfs41_send_compound: " + "clnt_call returned rpc_status = '%s'\n", rpc_error_string(rpc_status)); switch(rpc_status) { case RPC_CANTRECV: @@ -403,7 +412,9 @@ int nfs41_send_compound( while (rpc_renew_in_progress(rpc, NULL)) { status = WaitForSingleObjectEx(rpc->cond, INFINITE, FALSE); if (status != WAIT_OBJECT_0) { - eprintf("rpc_renew_in_progress: WaitForSingleObjectEx() failed\n"); + eprintf("nfs41_send_compound: " + "rpc_renew_in_progress: " + "WaitForSingleObjectEx() failed\n"); print_condwait_status(0, status); status = ERROR_LOCK_VIOLATION; goto out; @@ -421,18 +432,22 @@ int nfs41_send_compound( rpc->server_name, rpc->rpc); ReleaseSRWLockExclusive(&rpc->lock); if (status) { - eprintf("Failed to reestablish security context\n"); + eprintf("nfs41_send_compound: " + "Failed to reestablish security context\n"); status = ERROR_NETWORK_UNREACHABLE; goto out; } } else if (rpc_reconnect(rpc)) - eprintf("rpc_reconnect: Failed to reconnect!\n"); + eprintf("nfs41_send_compound: rpc_reconnect: " + "Failed to reconnect!\n"); rpc_renew_in_progress(rpc, &zero); goto try_again; default: - eprintf("UNHANDLED RPC_ERROR: %d\n", rpc_status); - status = ERROR_NETWORK_UNREACHABLE; + eprintf("nfs41_send_compound: " + "UNHANDLED RPC_ERROR: %d\n", + rpc_status); + status = ERROR_NETWORK_UNREACHABLE; goto out; } goto out; -- 2.45.1 From ba151ec7ff884b23a9f3501382749f85a99cb5d1 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 5 May 2025 19:00:02 +0200 Subject: [PATCH 6/6] daemon: |eprintf()| in |handle_open()| should print the file name |eprintf()| in |handle_open()| should print the file name which the caller tries to open(). Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/open.c | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/daemon/open.c b/daemon/open.c index 905ed5d..56343cf 100644 --- a/daemon/open.c +++ b/daemon/open.c @@ -846,7 +846,9 @@ static int handle_open(void *daemon_context, nfs41_upcall *upcall) status = create_open_state(args->path, args->open_owner_id, &state); if (status) { - eprintf("create_open_state(%d) failed with %d\n", + eprintf("handle_open(args->path='%s'): " + "create_open_state(%d) failed with %d\n", + args->path, args->open_owner_id, status); goto out; } @@ -876,7 +878,11 @@ static int handle_open(void *daemon_context, nfs41_upcall *upcall) &state->parent, &state->path); if (status) { /* can't do the reparse if we can't get the target */ - eprintf("nfs41_symlink_target() failed with %d\n", status); + eprintf("handle_open(args->path='%s'): " + "nfs41_symlink_target() " + "failed with %d\n", + args->path, + status); goto out_free_state; } @@ -950,8 +956,10 @@ static int handle_open(void *daemon_context, nfs41_upcall *upcall) status = nfs41_symlink_target(state->session, &state->file, &args->symlink); if (status) { - eprintf("nfs41_symlink_target() for '%s' failed with %d\n", - args->path, status); + eprintf("handle_open(args->path='%s'): " + "nfs41_symlink_target() failed with %d\n", + args->path, + status); } else { symlink2ntpath(&args->symlink, &args->symlinktarget_type); /* tell the driver to call RxPrepareToReparseSymbolicLink() */ @@ -1008,8 +1016,11 @@ static int handle_open(void *daemon_context, nfs41_upcall *upcall) status = nfs41_create(state->session, NF4LNK, &createattrs, args->symlink.path, &state->parent, &state->file, &info); if (status) { - eprintf("nfs41_create() for symlink='%s' failed with '%s'\n", - args->symlink.path, nfs_error_string(status)); + eprintf("handle_open(args->path='%s'): " + "nfs41_create() for symlink='%s' failed with '%s'\n", + args->path, + args->symlink.path, + nfs_error_string(status)); status = map_symlink_errors(status); goto out_free_state; } @@ -1149,23 +1160,31 @@ supersede_retry: /* fixme: we should store the |owner_group| name in |upcall| */ if (!get_token_primarygroup_name(upcall->currentthread_token, createchgrpattrs.owner_group)) { - eprintf("handle_open(): OPEN4_CREATE: " - "get_token_primarygroup_name() failed.\n"); + eprintf("handle_open(args->path='%s'): " + "OPEN4_CREATE: " + "get_token_primarygroup_name() failed.\n", + args->path); goto create_chgrp_out; } s = createchgrpattrs.owner_group+strlen(createchgrpattrs.owner_group); s = stpcpy(s, "@"); (void)stpcpy(s, nfs41dg->localdomain_name); - DPRINTF(1, ("handle_open(): OPEN4_CREATE: owner_group='%s'\n", + DPRINTF(1, ("handle_open(state->file.name.name='%s'): " + "OPEN4_CREATE: owner_group='%s'\n", + state->file.name.name, createchgrpattrs.owner_group)); nfs41_open_stateid_arg(state, &stateid); chgrp_status = nfs41_setattr(state->session, &state->file, &stateid, &createchgrpattrs); if (chgrp_status) { - eprintf("handle_open(): OPEN4_CREATE: " - "nfs41_setattr(owner_group='%s') failed with error '%s'.\n", - createchgrpattrs.owner_group, nfs_error_string(chgrp_status)); + eprintf("handle_open(args->path='%s'): " + "OPEN4_CREATE: " + "nfs41_setattr(owner_group='%s') " + "failed with error '%s'.\n", + args->path, + createchgrpattrs.owner_group, + nfs_error_string(chgrp_status)); } create_chgrp_out: ; -- 2.45.1

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at