Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client: Fix for secctx leak, 32bit build+misc, 2024-05-11
Posted by Anonymous on Sat 11th May 2024 14:25
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
From 381122b4802589e8878be80126ee6257c6fd7ff7 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Sat, 11 May 2024 13:33:54 +0200 Subject: [PATCH 1/4] tests: Add support for |FileNormalizedNameInfo| to tests/winfsinfo1 Add support for |FileNormalizedNameInfo| to tests/winfsinfo1 Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- tests/winfsinfo1/winfsinfo.c | 74 +++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/tests/winfsinfo1/winfsinfo.c b/tests/winfsinfo1/winfsinfo.c index 3c5a2bb..d0cf0c9 100644 --- a/tests/winfsinfo1/winfsinfo.c +++ b/tests/winfsinfo1/winfsinfo.c @@ -267,10 +267,79 @@ done: return res; } +/* + * |FILE_NAME_INFORMATION| variation with 4096 bytes, matching + * Linux |PATH_MAX| value of 4096 + */ +typedef struct _FILE_NAME_INFORMATION4096 { + ULONG FileNameLength; + WCHAR FileName[4096]; +} FILE_NAME_INFORMATION4096, *PFILE_NAME_INFORMATION4096; + + +static +bool get_filenormalizednameinfo(const char *progname, const char *filename) +{ + int res = EXIT_FAILURE; + bool ok; + FILE_NAME_INFORMATION4096 finfo = { 0 }; + + HANDLE fileHandle = CreateFileA(filename, + GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, + FILE_FLAG_BACKUP_SEMANTICS, NULL); + if (fileHandle == INVALID_HANDLE_VALUE) { + (void)fprintf(stderr, + "%s: Error opening file '%s'. Last error was %d.\n", + progname, + filename, + GetLastError()); + return EXIT_FAILURE; + } + + /* + * |FileNormalizedNameInfo| value: + * Per + * https://learn.microsoft.com/en-us/windows/win32/api/minwinbase/ne-minwinbase-file_info_by_handle_class + * |FileNormalizedNameInfo| should be |24|, but on Cygwin 3.6 we + * get the value |48|. Since |24| works and |48| returns an + * "Invalid Parameter" error we assume this is a Cygwin bug. + */ + ok = GetFileInformationByHandleEx(fileHandle, + 24/*FileNormalizedNameInfo*/, + &finfo, sizeof(finfo)); + + if (!ok) { + (void)fprintf(stderr, "%s: GetFileInformationByHandleEx() " + "error. GetLastError()==%d.\n", + progname, + GetLastError()); + res = EXIT_FAILURE; + goto done; + } + + (void)printf("(\n"); + (void)printf("\tfilename='%s'\n", filename); + + (void)printf("\tFileNameLength=%ld\n", + (long)finfo.FileNameLength); + (void)printf("\tFileName='%S'\n", finfo.FileName); + (void)printf(")\n"); + res = EXIT_SUCCESS; + +done: + CloseHandle(fileHandle); + return res; +} + static void usage(void) { - (void)fprintf(stderr, "winfsinfo <getvolumeinfo|filebasicinfo|filestandardinfo> path\n"); + (void)fprintf(stderr, "winfsinfo <" + "getvolumeinfo|" + "filebasicinfo|" + "filestandardinfo|" + "filenormalizednameinfo" + "> path\n"); } int main(int ac, char *av[]) @@ -293,6 +362,9 @@ int main(int ac, char *av[]) else if (!strcmp(subcmd, "filestandardinfo")) { return get_file_standard_info(av[0], av[2]); } + else if (!strcmp(subcmd, "filenormalizednameinfo")) { + return get_filenormalizednameinfo(av[0], av[2]); + } else { (void)fprintf(stderr, "%s: Unknown subcmd '%s'\n", av[0], subcmd); return EXIT_FAILURE; -- 2.43.0 From 7a52aa24d3cb5f0b91b8879d452c3d4145c0e9c1 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Sat, 11 May 2024 14:25:27 +0200 Subject: [PATCH 2/4] sys: Fix |nfs41_fobx->sec_ctx| leak Fix leaking |nfs41_fobx->sec_ctx|, caused by |nfs41_get_sec_ctx()| overwriting an existing |nfs41_fobx->sec_ctx|. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- sys/nfs41_driver.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index 60f65ca..7d4f37e 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -4078,9 +4078,11 @@ retry_on_link: nfs41_fobx = (PNFS41_FOBX)(RxContext->pFobx)->Context; nfs41_fobx->nfs41_open_state = entry->open_state; #ifndef USE_MOUNT_SEC_CONTEXT - status = nfs41_get_sec_ctx(SecurityImpersonation, &nfs41_fobx->sec_ctx); - if (status) - goto out_free; + if (nfs41_fobx->sec_ctx.ClientToken == NULL) { + status = nfs41_get_sec_ctx(SecurityImpersonation, &nfs41_fobx->sec_ctx); + if (status) + goto out_free; + } #else RtlCopyMemory(&nfs41_fobx->sec_ctx, &pVNetRootContext->mount_sec_ctx, sizeof(nfs41_fobx->sec_ctx)); @@ -4384,9 +4386,6 @@ NTSTATUS nfs41_CloseSrvOpen( entry->u.Close.renamed = nfs41_fcb->Renamed; status = nfs41_UpcallWaitForReply(entry, pVNetRootContext->timeout); -#ifndef USE_MOUNT_SEC_CONTEXT - SeDeleteClientSecurity(&nfs41_fobx->sec_ctx); -#endif if (status) goto out; /* map windows ERRORs to NTSTATUS */ @@ -4428,6 +4427,12 @@ NTSTATUS nfs41_DeallocateForFobx( RxFreePool(nfs41_fobx->acl); nfs41_fobx->acl = NULL; } + + if (nfs41_fobx->sec_ctx.ClientToken) { + SeDeleteClientSecurity(&nfs41_fobx->sec_ctx); + nfs41_fobx->sec_ctx.ClientToken = NULL; + } + return STATUS_SUCCESS; } @@ -7167,7 +7172,7 @@ VOID fcbopen_main(PVOID ctx) pEntry = openlist.head.Flink; while (!IsListEmpty(&openlist.head)) { PNFS41_NETROOT_EXTENSION pNetRootContext; - nfs41_updowncall_entry *entry; + nfs41_updowncall_entry *entry = NULL; FILE_BASIC_INFORMATION binfo; PNFS41_FCB nfs41_fcb; cur = (nfs41_fcb_list_entry *)CONTAINING_RECORD(pEntry, @@ -7179,6 +7184,12 @@ VOID fcbopen_main(PVOID ctx) cur->ChangeTime, cur->skip); #endif if (cur->skip) goto out; + +#ifdef NFS41_DRIVER_STABILITY_HACKS + /* FIXME: Why ? */ + if (!cur->nfs41_fobx->sec_ctx.ClientToken) + goto out; +#endif /* NFS41_DRIVER_STABILITY_HACKS */ pNetRootContext = NFS41GetNetRootExtension(cur->fcb->pNetRoot); /* place an upcall for this srv_open */ @@ -7232,8 +7243,9 @@ VOID fcbopen_main(PVOID ctx) } nfs41_fcb = (PNFS41_FCB)cur->fcb->Context; nfs41_fcb->changeattr = entry->ChangeTime; - nfs41_UpcallDestroy(entry); out: + nfs41_UpcallDestroy(entry); + entry = NULL; if (pEntry->Flink == &openlist.head) { #ifdef DEBUG_TIME_BASED_COHERENCY DbgP("fcbopen_main: reached end of the fcb list\n"); -- 2.43.0 From 14d7fabc1721ca2e2606b806a92c722f4d912d1c Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Sat, 11 May 2024 14:39:35 +0200 Subject: [PATCH 3/4] sys: Remove |USE_MOUNT_SEC_CONTEXT|+|STORE_MOUNT_SEC_CONTEXT| Remove |USE_MOUNT_SEC_CONTEXT| and |STORE_MOUNT_SEC_CONTEXT| codepaths, as they are not working with newgrp(1)/|setgid()| support. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- sys/nfs41_driver.c | 39 --------------------------------------- 1 file changed, 39 deletions(-) diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c index 7d4f37e..1950917 100644 --- a/sys/nfs41_driver.c +++ b/sys/nfs41_driver.c @@ -41,17 +41,6 @@ #include "nfs41_build_features.h" -/* - * FIXME: NFS41_DRIVER_SETGID_NEWGRP_SUPPORT - we need the correct - * |TOKEN_PRIMARY_GROUP| for |setgid()|/newgrp(1) - * support, and |#define USE_MOUNT_SEC_CONTEXT| currently breaks - * that - */ -#ifndef NFS41_DRIVER_SETGID_NEWGRP_SUPPORT -#define USE_MOUNT_SEC_CONTEXT 1 -#define STORE_MOUNT_SEC_CONTEXT 1 -#endif - /* debugging printout defines */ #define DEBUG_MARSHAL_HEADER #define DEBUG_MARSHAL_DETAIL @@ -402,10 +391,6 @@ typedef struct _NFS41_V_NET_ROOT_EXTENSION { BOOLEAN read_only; BOOLEAN write_thru; BOOLEAN nocache; - -#ifdef STORE_MOUNT_SEC_CONTEXT - SECURITY_CLIENT_CONTEXT mount_sec_ctx; -#endif } NFS41_V_NET_ROOT_EXTENSION, *PNFS41_V_NET_ROOT_EXTENSION; #define NFS41GetVNetRootExtension(pVNetRoot) \ (((pVNetRoot) == NULL) ? NULL : \ @@ -3407,10 +3392,6 @@ NTSTATUS nfs41_CreateVNetRoot( #ifdef DEBUG_MOUNT DbgP("Saving new session 0x%x\n", pVNetRootContext->session); #endif -#ifdef STORE_MOUNT_SEC_CONTEXT - status = nfs41_get_sec_ctx(SecurityImpersonation, - &pVNetRootContext->mount_sec_ctx); -#endif out_free: RxFreePool(Config); @@ -3609,15 +3590,6 @@ NTSTATUS nfs41_FinalizeVNetRoot( if (pVNetRoot->pNetRoot->Type != NET_ROOT_DISK && pVNetRoot->pNetRoot->Type != NET_ROOT_WILD) status = STATUS_NOT_SUPPORTED; -#ifdef STORE_MOUNT_SEC_CONTEXT - else if (pVNetRootContext->session != INVALID_HANDLE_VALUE) { -#ifdef DEBUG_MOUNT - DbgP("nfs41_FinalizeVNetRoot: deleting security context: %p\n", - pVNetRootContext->mount_sec_ctx.ClientToken); -#endif - SeDeleteClientSecurity(&pVNetRootContext->mount_sec_ctx); - } -#endif #ifdef DEBUG_MOUNT DbgEx(); #endif @@ -3913,11 +3885,7 @@ NTSTATUS nfs41_Create( status = check_nfs41_create_args(RxContext); if (status) goto out; -#if defined(STORE_MOUNT_SEC_CONTEXT) && defined (USE_MOUNT_SEC_CONTEXT) - status = nfs41_UpcallCreate(NFS41_OPEN, &pVNetRootContext->mount_sec_ctx, -#else status = nfs41_UpcallCreate(NFS41_OPEN, NULL, -#endif pVNetRootContext->session, INVALID_HANDLE_VALUE, pNetRootContext->nfs41d_version, SrvOpen->pAlreadyPrefixedName, &entry); @@ -3980,12 +3948,10 @@ retry_on_link: } status = nfs41_UpcallWaitForReply(entry, pVNetRootContext->timeout); -#ifndef USE_MOUNT_SEC_CONTEXT if (entry->psec_ctx == &entry->sec_ctx) { SeDeleteClientSecurity(entry->psec_ctx); } entry->psec_ctx = NULL; -#endif if (status) goto out; if (entry->u.Open.EaMdl) { @@ -4077,16 +4043,11 @@ retry_on_link: #endif nfs41_fobx = (PNFS41_FOBX)(RxContext->pFobx)->Context; nfs41_fobx->nfs41_open_state = entry->open_state; -#ifndef USE_MOUNT_SEC_CONTEXT if (nfs41_fobx->sec_ctx.ClientToken == NULL) { status = nfs41_get_sec_ctx(SecurityImpersonation, &nfs41_fobx->sec_ctx); if (status) goto out_free; } -#else - RtlCopyMemory(&nfs41_fobx->sec_ctx, &pVNetRootContext->mount_sec_ctx, - sizeof(nfs41_fobx->sec_ctx)); -#endif // we get attributes only for data access and file (not directories) if (Fcb->OpenCount == 0 || -- 2.43.0 From 2c69570c0731b9ee6d6d45a2ac63236d68d6f748 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Sat, 11 May 2024 15:17:29 +0200 Subject: [PATCH 4/4] sys: 32bit build failure due to missing |FSCTL_ENABLE_PER_IO_FLAGS| Fix 32bit build, |FSCTL_ENABLE_PER_IO_FLAGS| is not available on 32bit platforms. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- sys/nfs41_debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/nfs41_debug.c b/sys/nfs41_debug.c index 80da014..3c3accb 100644 --- a/sys/nfs41_debug.c +++ b/sys/nfs41_debug.c @@ -771,7 +771,9 @@ const char *fsctl2string(ULONG fscontrolcode) CASE_SYM2STR_RET(FSCTL_DISMOUNT_VOLUME) CASE_SYM2STR_RET(FSCTL_DUPLICATE_EXTENTS_TO_FILE) CASE_SYM2STR_RET(FSCTL_DUPLICATE_EXTENTS_TO_FILE_EX) +#ifdef FSCTL_ENABLE_PER_IO_FLAGS CASE_SYM2STR_RET(FSCTL_ENABLE_PER_IO_FLAGS) +#endif /* FSCTL_ENABLE_PER_IO_FLAGS */ CASE_SYM2STR_RET(FSCTL_ENABLE_UPGRADE) CASE_SYM2STR_RET(FSCTL_ENCRYPTION_FSCTL_IO) CASE_SYM2STR_RET(FSCTL_ENCRYPTION_KEY_CONTROL) -- 2.43.0

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at