Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41_client: idmap support with Cygwin getent passwd/group prototype
Posted by Anonymous on Fri 13th Oct 2023 16:15
raw | new post
modification of post by Anonymous (view diff)

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
diff --git a/daemon/acl.c b/daemon/acl.c index e65548e..a0c01c5 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -20,16 +20,18 @@ */ #include <Windows.h> +#include <stdio.h> #include <strsafe.h> -#include <sddl.h> - -#include "nfs41_ops.h" -#include "nfs41_build_features.h" -#include "delegation.h" -#include "daemon_debug.h" -#include "util.h" +#include <sddl.h> + +#include "nfs41_ops.h" +#include "nfs41_build_features.h" +#include "delegation.h" +#include "daemon_debug.h" +#include "util.h" #include "upcall.h" #include "nfs41_xdr.h" +#include "idmap.h" //#define DEBUG_ACLS #define ACLLVL 2 /* dprintf level for acl logging */ @@ -58,32 +60,32 @@ static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid, *sid = NULL; status = CreateWellKnownSid(type, NULL, *sid, sid_len); - dprintf(ACLLVL, "create_unknownsid: CreateWellKnownSid type %d returned %d " - "GetLastError %d sid len %d needed\n", type, status, - GetLastError(), *sid_len); - if (status) { - status = ERROR_INTERNAL_ERROR; - goto err; - } - status = GetLastError(); - if (status != ERROR_INSUFFICIENT_BUFFER) - goto err; - - *sid = malloc(*sid_len); - if (*sid == NULL) { - status = ERROR_INSUFFICIENT_BUFFER; - goto err; - } - status = CreateWellKnownSid(type, NULL, *sid, sid_len); - if (status) - return ERROR_SUCCESS; - free(*sid); - *sid = NULL; - status = GetLastError(); -err: - eprintf("create_unknownsid: CreateWellKnownSid failed with %d\n", status); - return status; -} + dprintf(ACLLVL, "create_unknownsid: CreateWellKnownSid type %d returned %d " + "GetLastError %d sid len %d needed\n", type, status, + GetLastError(), *sid_len); + if (status) { + status = ERROR_INTERNAL_ERROR; + goto err; + } + status = GetLastError(); + if (status != ERROR_INSUFFICIENT_BUFFER) + goto err; + + *sid = malloc(*sid_len); + if (*sid == NULL) { + status = ERROR_INSUFFICIENT_BUFFER; + goto err; + } + status = CreateWellKnownSid(type, NULL, *sid, sid_len); + if (status) + return ERROR_SUCCESS; + free(*sid); + *sid = NULL; + status = GetLastError(); +err: + eprintf("create_unknownsid: CreateWellKnownSid failed with %d\n", status); + return status; +} static void convert_nfs4name_2_user_domain(LPSTR nfs4name, LPSTR *domain) @@ -95,142 +97,142 @@ static void convert_nfs4name_2_user_domain(LPSTR nfs4name, *domain = &p[1]; break; } - } -} - -#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID -/* - * Allocate a SID from SECURITY_SAMBA_UNIX_AUTHORITY, which encodes an - * UNIX/POSIX uid directly into a SID. - * - * Examples: - * UID 1616 gets mapped to "Unix_User+1616", encoding the UID into the - * SID as "S-1-22-1-1616": - * $ getent passwd Unix_User+1616 - * Unix_User+1616:*:4278191696:4278191696:U-Unix_User\1616,S-1-22-1-1616:/:/sbin/nologin - * - * GID 1984 gets mapped to "Unix_Group+1984", encoding the GID into the - * SID as "S-1-22-2-1984": - * $ getent group Unix_Group+1984 - * Unix_Group+1984:S-1-22-2-1984:4278192064: - * - */ - -#define SECURITY_SAMBA_UNIX_AUTHORITY { { 0,0,0,0,0,22 } } -SID_IDENTIFIER_AUTHORITY sid_id_auth = SECURITY_SAMBA_UNIX_AUTHORITY; - -static -BOOL allocate_unixuser_sid(unsigned long uid, PSID *pSid) -{ - PSID sid = NULL; - PSID malloced_sid = NULL; - DWORD sid_len; - - if (AllocateAndInitializeSid(&sid_id_auth, 2, 1, (DWORD)uid, - 0, 0, 0, 0, 0, 0, &sid)) { - sid_len = GetLengthSid(sid); - - malloced_sid = malloc(sid_len); - - if (malloced_sid) { - /* - * |AllocateAndInitializeSid()| has an own memory - * allocator, but we need the sid in memory from - * |malloc()| - */ - if (CopySid(sid_len, malloced_sid, sid)) { - FreeSid(sid); - *pSid = malloced_sid; - dprintf(ACLLVL, "allocate_unixuser_sid(): Allocated " - "Unix_User+%lu: success, len=%ld\n", - uid, (long)sid_len); - return TRUE; - } - } - } - - FreeSid(sid); - free(malloced_sid); - dprintf(ACLLVL, "allocate_unixuser_sid(): Failed to allocate " - "SID for Unix_User+%lu: error code %d\n", - uid, GetLastError()); - return FALSE; -} - -static -BOOL allocate_unixgroup_sid(unsigned long gid, PSID *pSid) -{ - PSID sid = NULL; - PSID malloced_sid = NULL; - DWORD sid_len; - - if (AllocateAndInitializeSid(&sid_id_auth, 2, 2, (DWORD)gid, - 0, 0, 0, 0, 0, 0, &sid)) { - sid_len = GetLengthSid(sid); - - malloced_sid = malloc(sid_len); - - if (malloced_sid) { - /* - * |AllocateAndInitializeSid()| has an own memory - * allocator, but we need the sid in memory from - * |malloc()| - */ - if (CopySid(sid_len, malloced_sid, sid)) { - FreeSid(sid); - *pSid = malloced_sid; - dprintf(ACLLVL, "allocate_unixgroup_sid(): Allocated " - "Unix_Group+%lu: success, len=%ld\n", - gid, (long)sid_len); - return TRUE; - } - } - } - - FreeSid(sid); - free(malloced_sid); - dprintf(ACLLVL, "allocate_unixgroup_sid(): Failed to allocate " - "SID for Unix_Group+%lu: error code %d\n", - gid, GetLastError()); - return FALSE; -} -#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ - -static int map_name_2_sid(int query, DWORD *sid_len, PSID *sid, LPCSTR name) -{ - int status = ERROR_INTERNAL_ERROR; - SID_NAME_USE sid_type; - LPSTR tmp_buf = NULL; - DWORD tmp = 0; -#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - signed long user_uid = -1; - signed long group_gid = -1; -#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ - -#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - if (query & OWNER_SECURITY_INFORMATION) { - if (!strcmp(name, "rmainz")) { - name = "roland_mainz"; - dprintf(ACLLVL, "map_name_2_sid: remap rmainz --> roland_mainz\n"); - } - else if (!strcmp(name, "197608")) { - name = "roland_mainz"; - dprintf(ACLLVL, "map_name_2_sid: remap 197608 --> roland_mainz\n"); - } - else if (!strcmp(name, "1616")) { - name = "roland_mainz"; - dprintf(ACLLVL, "map_name_2_sid: remap 1616 --> roland_mainz\n"); - } - } -#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ - - status = LookupAccountName(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type); - dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): LookupAccountName returned %d " - "GetLastError %d name len %d domain len %d\n", - query, name, status, GetLastError(), *sid_len, tmp); - if (status) - return ERROR_INTERNAL_ERROR; - + } +} + +#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID +/* + * Allocate a SID from SECURITY_SAMBA_UNIX_AUTHORITY, which encodes an + * UNIX/POSIX uid directly into a SID. + * + * Examples: + * UID 1616 gets mapped to "Unix_User+1616", encoding the UID into the + * SID as "S-1-22-1-1616": + * $ getent passwd Unix_User+1616 + * Unix_User+1616:*:4278191696:4278191696:U-Unix_User\1616,S-1-22-1-1616:/:/sbin/nologin + * + * GID 1984 gets mapped to "Unix_Group+1984", encoding the GID into the + * SID as "S-1-22-2-1984": + * $ getent group Unix_Group+1984 + * Unix_Group+1984:S-1-22-2-1984:4278192064: + * + */ + +#define SECURITY_SAMBA_UNIX_AUTHORITY { { 0,0,0,0,0,22 } } +SID_IDENTIFIER_AUTHORITY sid_id_auth = SECURITY_SAMBA_UNIX_AUTHORITY; + +static +BOOL allocate_unixuser_sid(unsigned long uid, PSID *pSid) +{ + PSID sid = NULL; + PSID malloced_sid = NULL; + DWORD sid_len; + + if (AllocateAndInitializeSid(&sid_id_auth, 2, 1, (DWORD)uid, + 0, 0, 0, 0, 0, 0, &sid)) { + sid_len = GetLengthSid(sid); + + malloced_sid = malloc(sid_len); + + if (malloced_sid) { + /* + * |AllocateAndInitializeSid()| has an own memory + * allocator, but we need the sid in memory from + * |malloc()| + */ + if (CopySid(sid_len, malloced_sid, sid)) { + FreeSid(sid); + *pSid = malloced_sid; + dprintf(ACLLVL, "allocate_unixuser_sid(): Allocated " + "Unix_User+%lu: success, len=%ld\n", + uid, (long)sid_len); + return TRUE; + } + } + } + + FreeSid(sid); + free(malloced_sid); + dprintf(ACLLVL, "allocate_unixuser_sid(): Failed to allocate " + "SID for Unix_User+%lu: error code %d\n", + uid, GetLastError()); + return FALSE; +} + +static +BOOL allocate_unixgroup_sid(unsigned long gid, PSID *pSid) +{ + PSID sid = NULL; + PSID malloced_sid = NULL; + DWORD sid_len; + + if (AllocateAndInitializeSid(&sid_id_auth, 2, 2, (DWORD)gid, + 0, 0, 0, 0, 0, 0, &sid)) { + sid_len = GetLengthSid(sid); + + malloced_sid = malloc(sid_len); + + if (malloced_sid) { + /* + * |AllocateAndInitializeSid()| has an own memory + * allocator, but we need the sid in memory from + * |malloc()| + */ + if (CopySid(sid_len, malloced_sid, sid)) { + FreeSid(sid); + *pSid = malloced_sid; + dprintf(ACLLVL, "allocate_unixgroup_sid(): Allocated " + "Unix_Group+%lu: success, len=%ld\n", + gid, (long)sid_len); + return TRUE; + } + } + } + + FreeSid(sid); + free(malloced_sid); + dprintf(ACLLVL, "allocate_unixgroup_sid(): Failed to allocate " + "SID for Unix_Group+%lu: error code %d\n", + gid, GetLastError()); + return FALSE; +} +#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ + +static int map_name_2_sid(int query, DWORD *sid_len, PSID *sid, LPCSTR name) +{ + int status = ERROR_INTERNAL_ERROR; + SID_NAME_USE sid_type; + LPSTR tmp_buf = NULL; + DWORD tmp = 0; +#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID + signed long user_uid = -1; + signed long group_gid = -1; +#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ + +#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID + if (query & OWNER_SECURITY_INFORMATION) { + if (!strcmp(name, "rmainz")) { + name = "roland_mainz"; + dprintf(ACLLVL, "map_name_2_sid: remap rmainz --> roland_mainz\n"); + } + else if (!strcmp(name, "197608")) { + name = "roland_mainz"; + dprintf(ACLLVL, "map_name_2_sid: remap 197608 --> roland_mainz\n"); + } + else if (!strcmp(name, "1616")) { + name = "roland_mainz"; + dprintf(ACLLVL, "map_name_2_sid: remap 1616 --> roland_mainz\n"); + } + } +#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ + + status = LookupAccountName(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type); + dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): LookupAccountName returned %d " + "GetLastError %d name len %d domain len %d\n", + query, name, status, GetLastError(), *sid_len, tmp); + if (status) + return ERROR_INTERNAL_ERROR; + status = GetLastError(); switch(status) { case ERROR_INSUFFICIENT_BUFFER: @@ -243,14 +245,14 @@ static int map_name_2_sid(int query, DWORD *sid_len, PSID *sid, LPCSTR name) if (tmp_buf == NULL) goto out_free_sid; status = LookupAccountName(NULL, name, *sid, sid_len, tmp_buf, - &tmp, &sid_type); - free(tmp_buf); - if (!status) { - eprintf("map_name_2_sid(query=%x,name='%s'): LookupAccountName failed " - "with %d\n", query, name, GetLastError()); - goto out_free_sid; - } else { -#ifdef DEBUG_ACLS + &tmp, &sid_type); + free(tmp_buf); + if (!status) { + eprintf("map_name_2_sid(query=%x,name='%s'): LookupAccountName failed " + "with %d\n", query, name, GetLastError()); + goto out_free_sid; + } else { +#ifdef DEBUG_ACLS LPSTR ssid = NULL; if (IsValidSid(*sid)) if (ConvertSidToStringSidA(*sid, &ssid)) @@ -264,115 +266,101 @@ static int map_name_2_sid(int query, DWORD *sid_len, PSID *sid, LPCSTR name) if (ssid) LocalFree(ssid); #endif } - status = ERROR_SUCCESS; - break; - case ERROR_NONE_MAPPED: -#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - dprintf(1, "map_name_2_sid(query=%x,name='%s'): none mapped, " - "trying Unix_User+/Unix_Group+ mapping\n", - query, name); - - if ((user_uid == -1) && (query & OWNER_SECURITY_INFORMATION)) { - if (isdigit(name[0])) { - user_uid = atol(name); - } - else if(!strcmp(name, "nobody")) { - user_uid = 65534; - } - else if(!strcmp(name, "root")) { - user_uid = 0; - } - else if(!strcmp(name, "rmainz")) { - user_uid = 1616; - } - else if(!strcmp(name, "swulsch")) { - user_uid = 1818; - } - else if(!strcmp(name, "mwenzel")) { - user_uid = 8239; - } - else if(!strcmp(name, "test001")) { - user_uid = 1000; - } - } - - if ((group_gid == -1) && (query & GROUP_SECURITY_INFORMATION)) { - if (isdigit(name[0])) { - group_gid = atol(name); - } - else if(!strcmp(name, "nobody")) { - group_gid = 65534; - } - else if(!strcmp(name, "root")) { - group_gid = 0; - } - else if(!strcmp(name, "rmainz")) { - group_gid = 1616; - } - else if(!strcmp(name, "swulsch")) { - group_gid = 1818; - } - else if(!strcmp(name, "mwenzel")) { - group_gid = 8239; - } - else if(!strcmp(name, "test001")) { - group_gid = 1000; - } - } - - if (user_uid != -1) { - if (allocate_unixuser_sid(user_uid, sid)) { - dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " - "allocate_unixuser_sid(uid=%ld) success\n", - query, name, user_uid); - return ERROR_SUCCESS; - } - - status = GetLastError(); - dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " - "allocate_unixuser_sid(uid=%ld) failed, error=%d\n", - query, name, user_uid, status); - return status; - } - - if (group_gid != -1) { - if (allocate_unixgroup_sid(group_gid, sid)) { - dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " - "allocate_unixgroup_sid(gid=%ld) success\n", - query, name, group_gid); - return ERROR_SUCCESS; - } - - status = GetLastError(); - dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " - "allocate_unixgroup_sid(gid=%ld) failed, error=%d\n", - query, name, group_gid, status); - return status; - } -#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ - - dprintf(1, "map_name_2_sid(query=%x,name='%s'): none mapped, " - "using WinNullSid mapping\n", - query, name); - - status = create_unknownsid(WinNullSid, sid, sid_len); - if (status) - goto out_free_sid; - break; - default: - dprintf(1, "map_name_2_sid(query=%x,name='%s'): error %d not handled\n", - query, name, GetLastError()); - break; - } -out: - return status; -out_free_sid: - status = GetLastError(); - free(*sid); - *sid = NULL; - goto out; -} - + status = ERROR_SUCCESS; + break; + case ERROR_NONE_MAPPED: +#ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID + dprintf(1, "map_name_2_sid(query=%x,name='%s'): none mapped, " + "trying Unix_User+/Unix_Group+ mapping\n", + query, name); + + if ((user_uid == -1) && (query & OWNER_SECURITY_INFORMATION)) { + uid_t map_uid = -1; + gid_t gid_dummy = -1; + + if (nfs41_idmap_name_to_ids( + global_idmap_context, + name, + &map_uid, + &gid_dummy) == 0) { + user_uid = map_uid; + } + else { + dprintf(1, "map_name_2_sid(query=%x,name='%s'): nfs41_idmap_name_to_ids() failed\n", + query, name); + /* fixme: try harder here, "1234" should to to |atol()| */ + } + } + + if ((group_gid == -1) && (query & GROUP_SECURITY_INFORMATION)) { + gid_t map_gid = -1; + + if (nfs41_idmap_group_to_gid( + global_idmap_context, + name, + &map_gid) == 0) { + group_gid = map_gid; + } + else { + dprintf(1, "map_name_2_sid(query=%x,name='%s'): nfs41_idmap_group_to_gid() failed\n", + query, name); + /* fixme: try harder here, "1234" should to to |atol()| */ + } + } + + if (user_uid != -1) { + if (allocate_unixuser_sid(user_uid, sid)) { + dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " + "allocate_unixuser_sid(uid=%ld) success\n", + query, name, user_uid); + return ERROR_SUCCESS; + } + + status = GetLastError(); + dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " + "allocate_unixuser_sid(uid=%ld) failed, error=%d\n", + query, name, user_uid, status); + return status; + } + + if (group_gid != -1) { + if (allocate_unixgroup_sid(group_gid, sid)) { + dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " + "allocate_unixgroup_sid(gid=%ld) success\n", + query, name, group_gid); + return ERROR_SUCCESS; + } + + status = GetLastError(); + dprintf(ACLLVL, "map_name_2_sid(query=%x,name='%s'): " + "allocate_unixgroup_sid(gid=%ld) failed, error=%d\n", + query, name, group_gid, status); + return status; + } +#endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ + + dprintf(1, "map_name_2_sid(query=%x,name='%s'): none mapped, " + "using WinNullSid mapping\n", + query, name); + + status = create_unknownsid(WinNullSid, sid, sid_len); + if (status) + goto out_free_sid; + break; + default: + dprintf(1, "map_name_2_sid(query=%x,name='%s'): error %d not handled\n", + query, name, GetLastError()); + break; + } +out: + return status; +out_free_sid: + status = GetLastError(); + free(*sid); + *sid = NULL; + goto out; +} + static void free_sids(PSID *sids, int count) { int i; @@ -426,14 +414,14 @@ static int convert_nfs4acl_2_dacl(nfsacl41 *acl, int file_type, &sid_len, &flag); if (status) { free_sids(sids, i); - goto out; - } - if (!flag) { - status = map_name_2_sid(0xFFFF /* fixme: Unknown whether user or group */, - &sid_len, &sids[i], acl->aces[i].who); - if (status) { - free_sids(sids, i); - goto out; + goto out; + } + if (!flag) { + status = map_name_2_sid(0xFFFF /* fixme: Unknown whether user or group */, + &sid_len, &sids[i], acl->aces[i].who); + if (status) { + free_sids(sids, i); + goto out; } } size += sid_len - sizeof(DWORD); @@ -541,30 +529,30 @@ static int handle_getacl(nfs41_upcall *upcall) if (args->query & OWNER_SECURITY_INFORMATION) { // parse user@domain. currently ignoring domain part XX convert_nfs4name_2_user_domain(info.owner, &domain); - dprintf(ACLLVL, "handle_getacl: OWNER_SECURITY_INFORMATION: for user=%s " - "domain=%s\n", info.owner, domain?domain:"<null>"); - sid_len = 0; - status = map_name_2_sid(OWNER_SECURITY_INFORMATION, &sid_len, &osid, info.owner); - if (status) - goto out; - status = SetSecurityDescriptorOwner(&sec_desc, osid, TRUE); + dprintf(ACLLVL, "handle_getacl: OWNER_SECURITY_INFORMATION: for user=%s " + "domain=%s\n", info.owner, domain?domain:"<null>"); + sid_len = 0; + status = map_name_2_sid(OWNER_SECURITY_INFORMATION, &sid_len, &osid, info.owner); + if (status) + goto out; + status = SetSecurityDescriptorOwner(&sec_desc, osid, TRUE); if (!status) { status = GetLastError(); eprintf("handle_getacl: SetSecurityDescriptorOwner failed with " "%d\n", status); - goto out; - } - } - - if (args->query & GROUP_SECURITY_INFORMATION) { - convert_nfs4name_2_user_domain(info.owner_group, &domain); - dprintf(ACLLVL, "handle_getacl: GROUP_SECURITY_INFORMATION: for %s " - "domain=%s\n", info.owner_group, domain?domain:"<null>"); - sid_len = 0; - status = map_name_2_sid(GROUP_SECURITY_INFORMATION, &sid_len, &gsid, info.owner_group); - if (status) - goto out; - status = SetSecurityDescriptorGroup(&sec_desc, gsid, TRUE); + goto out; + } + } + + if (args->query & GROUP_SECURITY_INFORMATION) { + convert_nfs4name_2_user_domain(info.owner_group, &domain); + dprintf(ACLLVL, "handle_getacl: GROUP_SECURITY_INFORMATION: for %s " + "domain=%s\n", info.owner_group, domain?domain:"<null>"); + sid_len = 0; + status = map_name_2_sid(GROUP_SECURITY_INFORMATION, &sid_len, &gsid, info.owner_group); + if (status) + goto out; + status = SetSecurityDescriptorGroup(&sec_desc, gsid, TRUE); if (!status) { status = GetLastError(); eprintf("handle_getacl: SetSecurityDescriptorGroup failed with " @@ -1018,7 +1006,7 @@ static int marshall_setacl(unsigned char *buffer, uint32_t *length, nfs41_upcall } const nfs41_upcall_op nfs41_op_setacl = { - parse_setacl, - handle_setacl, - marshall_setacl -}; + parse_setacl, + handle_setacl, + marshall_setacl +}; diff --git a/daemon/idmap.c b/daemon/idmap.c index 0dfa8ef..8df1271 100644 --- a/daemon/idmap.c +++ b/daemon/idmap.c @@ -31,6 +31,7 @@ #include "list.h" #include "daemon_debug.h" +#define CYGWIN_GETENT_USERDATA 1 #define IDLVL 2 /* dprintf level for idmap logging */ @@ -375,6 +376,221 @@ out: return status; } +#ifdef CYGWIN_GETENT_USERDATA +int cygwin_getent_passwd(const char *name, char *res_loginname, uid_t *res_uid, gid_t *res_gid) +{ + char cmdbuff[1024]; + char passwd_line[1024]; + FILE* getent_pipe = NULL; + int res = 1; + unsigned long uid = -1; + unsigned long gid = -1; + struct _cypwent { + char* loginname; + char* passwd; + char* uidstr; + char* gidstr; + char* comment; + char* homedir; + char* shell; + } pwent = { 0 }; +#define PWENT_ENTRY(var, prevvar) \ + (((var) = strchr((prevvar), ':'))?(*(var)++ = '\0',(var)):(NULL)) + +#if 1 + /* hack for testing, map "roland_mainz" to rmainz account */ + if ((!_stricmp(name, "rmainz")) || (!stricmp(name, "1616"))) { + uid = 1616; + gid = 1616; + pwent.loginname = "rmainz"; + goto found; + } + if ((!_stricmp(name, "nobody")) || (!stricmp(name, "65534"))) { + uid = 65534; + gid = 65534; + pwent.loginname = "nobody"; + goto found; + } + if ((!_stricmp(name, "root")) || (!stricmp(name, "0"))) { + uid = 0; + gid = 0; + pwent.loginname = "root"; + goto found; + } + if ((!_stricmp(name, "iam")) || (!stricmp(name, "2010"))) { + uid = 2010; + gid = 2010; + pwent.loginname = "iam"; + goto found; + } + if ((!_stricmp(name, "swulsch")) || (!stricmp(name, "1818"))) { + uid = 1818; + gid = 1818; + pwent.loginname = "swulsch"; + goto found; + } + if ((!_stricmp(name, "mwenzel")) || (!stricmp(name, "8239"))) { + uid = 8239; + gid = 8239; + pwent.loginname = "mwenzel"; + goto found; + } +#endif + + /* fixme: better quoting for |name| needed */ + (void)snprintf(cmdbuff, sizeof(cmdbuff), "%s passwd \"%s\"", + "C:\\cygwin64\\bin\\getent.exe", + name); + if ((getent_pipe = _popen(cmdbuff, "rt")) == NULL) { + (void)perror("cygwin_getent_passwd: getent failed"); + return 1; + } + + if (fgets(passwd_line, sizeof(passwd_line), getent_pipe)) { + pwent.loginname = passwd_line; + if (!PWENT_ENTRY(pwent.passwd, pwent.loginname)) goto fail; + if (!PWENT_ENTRY(pwent.uidstr, pwent.passwd)) goto fail; + if (!PWENT_ENTRY(pwent.gidstr, pwent.uidstr)) goto fail; + if (!PWENT_ENTRY(pwent.comment, pwent.gidstr)) goto fail; + if (!PWENT_ENTRY(pwent.homedir, pwent.comment)) goto fail; + PWENT_ENTRY(pwent.shell, pwent.homedir); + + errno = 0; + uid = strtol(pwent.uidstr, NULL, 10); + if (errno != 0) + goto fail; + + errno = 0; + gid = strtol(pwent.gidstr, NULL, 10); + if (errno != 0) + goto fail; + + +#if 1 + (void)printf("cygwin_getent_passwd(): name='%s'\n", name); + (void)printf("loginname\t='%s'\n", pwent.loginname); + (void)printf("passwd\t='%s'\n", pwent.passwd); + (void)printf("uidstr\t='%s' (%lu)\n", pwent.uidstr, (unsigned long)uid); + (void)printf("gidstr\t='%s' (%lu)\n", pwent.gidstr, (unsigned long)gid); + (void)printf("comment\t='%s'\n", pwent.comment); + (void)printf("homedir\t='%s'\n", pwent.homedir); + (void)printf("shell\t='%s'\n", pwent.shell); +#endif + +found: + if (res_loginname) + (void)strcpy_s(res_loginname, VAL_LEN, pwent.loginname); + *res_uid = uid; + *res_gid = gid; + res = 0; + } + + +fail: + if (getent_pipe) + (void)_pclose(getent_pipe); + + if (res != 0) { + (void)printf("cygwin_getent_passwd(): NO MATCH FOR name='%s'\n", name); + } + + return res; +} + +int cygwin_getent_group(const char* name, char* res_group_name, gid_t* res_gid) +{ + char cmdbuff[1024]; + char group_line[1024]; + FILE* getent_pipe = NULL; + int res = 1; + unsigned long gid = -1; + struct _cygrent + { + char* group_name; + char* passwd; + char* gidstr; + char* userlist; + } grent = { 0 }; + +#if 1 + if ((!_stricmp(name, "rmainz")) || (!stricmp(name, "1616"))) { + gid = 1616; + grent.group_name = "rmainz"; + goto found; + } + if ((!_stricmp(name, "nogroup")) || (!stricmp(name, "65534"))) { + gid = 65534; + grent.group_name = "nogroup"; + goto found; + } + if ((!_stricmp(name, "root")) || (!stricmp(name, "0"))) { + gid = 0; + grent.group_name = "root"; + goto found; + } + if ((!_stricmp(name, "iam")) || (!stricmp(name, "2010"))) { + gid = 2010; + grent.group_name = "iam"; + goto found; + } + if ((!_stricmp(name, "swulsch")) || (!stricmp(name, "1818"))) { + gid = 1818; + grent.group_name = "swulsch"; + goto found; + } + if ((!_stricmp(name, "mwenzel")) || (!stricmp(name, "8239"))) { + gid = 8239; + grent.group_name = "mwenzel"; + goto found; + } +#endif + + /* fixme: better quoting for |name| needed */ + (void)snprintf(cmdbuff, sizeof(cmdbuff), "%s group \"%s\"", + "C:\\cygwin64\\bin\\getent.exe", + name); + if ((getent_pipe = _popen(cmdbuff, "rt")) == NULL) + { + (void)perror("getent failed"); + return 1; + } + + if (fgets(group_line, sizeof(group_line), getent_pipe)) + { + grent.group_name = group_line; + if (!PWENT_ENTRY(grent.passwd, grent.group_name)) goto fail; + if (!PWENT_ENTRY(grent.gidstr, grent.passwd)) goto fail; + PWENT_ENTRY(grent.userlist, grent.gidstr); + + errno = 0; + gid = strtol(grent.gidstr, NULL, 10); + if (errno != 0) + goto fail; + + (void)printf("cygwin_getent_group(): name='%s'\n", name); + (void)printf("group_name\t='%s'\n", grent.group_name); + (void)printf("passwd\t='%s'\n", grent.passwd); + (void)printf("gidstr\t='%s' (%lu)\n", grent.gidstr, (unsigned long)gid); + (void)printf("userlist\t='%s'\n", grent.userlist); + +found: + if (res_group_name) + (void)strcpy_s(res_group_name, VAL_LEN, grent.group_name); + *res_gid = gid; + res = 0; + } + +fail: + if (getent_pipe) + (void)_pclose(getent_pipe); + + if (res != 0) { + (void)printf("cygwin_getent_group(): NO MATCH FOR name='%s'\n", name); + } + + return res; +} +#endif /* CYGWIN_GETENT_USERDATA */ /* generic cache */ typedef struct list_entry* (*entry_alloc_fn)(); @@ -665,10 +881,10 @@ static int idmap_lookup_user( if (status == NO_ERROR) { /* don't return expired entries; query new attributes * and overwrite the entry with cache_insert() */ - if (time(NULL) - user->last_updated < context->config.cache_ttl) + if ((time(NULL) - user->last_updated) < context->config.cache_ttl) goto out; } - +#if 0 /* send the query to the ldap server */ status = idmap_query_attrs(context, lookup, attributes, optional, values, NUM_ATTRIBUTES); @@ -705,7 +921,91 @@ static int idmap_lookup_user( goto out_free_values; } user->last_updated = time(NULL); - +#else + if (lookup->attr == ATTR_USER_NAME) { + char principal_name[VAL_LEN]; + uid_t cy_uid = 0; + gid_t cy_gid = 0; + + status = ERROR_NOT_FOUND; + + if (!cygwin_getent_passwd(lookup->value, NULL, &cy_uid, &cy_gid)) { + eprintf("# ATTR_USER_NAME: cygwin_getent_passwd: returned '%s', uid=%d, gid=%d\n", lookup->value, (int)cy_uid, (int)cy_gid); + (void)snprintf(principal_name, sizeof(principal_name), "%s@%s", lookup->value, "GLOBAL.LOC"); + StringCchCopyA(user->username, VAL_LEN, lookup->value); + StringCchCopyA(user->principal, VAL_LEN, principal_name); + user->uid = cy_uid; + user->gid = cy_gid; + status = 0; + } + } + else if (lookup->attr == ATTR_PRINCIPAL) { + char search_name[VAL_LEN]; + char principal_name[VAL_LEN]; + char *s; + uid_t cy_uid = 0; + gid_t cy_gid = 0; + + status = ERROR_NOT_FOUND; + + /* + * strip '@' from principal name and use that for getent + * fixme: This does not work with multiple domains + */ + (void)strcpy_s(search_name, sizeof(search_name), lookup->value); + if (s = strchr(search_name, '@')) + *s = '\0'; + + if (!cygwin_getent_passwd(search_name, NULL, &cy_uid, &cy_gid)) { + eprintf("# ATTR_PRINCIPAL: cygwin_getent_passwd: returned '%s', uid=%d, gid=%d\n", lookup->value, (int)cy_uid, (int)cy_gid); + (void)snprintf(principal_name, sizeof(principal_name), "%s@%s", lookup->value, "GLOBAL.LOC"); + + if (!_stricmp(principal_name, lookup->value)) { + StringCchCopyA(user->username, VAL_LEN, search_name); + StringCchCopyA(user->principal, VAL_LEN, principal_name); + user->uid = cy_uid; + user->gid = cy_gid; + status = 0; + } + } + } + else if (lookup->attr == ATTR_UID) { + uid_t search_uid = (uid_t)(lookup->value); + char search_name[VAL_LEN]; + char res_username[VAL_LEN]; + char principal_name[VAL_LEN]; + uid_t cy_uid = 0; + gid_t cy_gid = 0; + + status = ERROR_NOT_FOUND; + + (void)snprintf(search_name, sizeof(search_name), "%lu", (unsigned long)search_uid); + + if (!cygwin_getent_passwd(search_name, res_username, &cy_uid, &cy_gid)) { + eprintf("# ATTR_UID: cygwin_getent_passwd: returned '%s', uid=%d, gid=%d\n", res_username, (int)cy_uid, (int)cy_gid); + (void)snprintf(principal_name, sizeof(principal_name), "%s@%s", res_username, "GLOBAL.LOC"); + + StringCchCopyA(user->username, VAL_LEN, res_username); + StringCchCopyA(user->principal, VAL_LEN, principal_name); + user->uid = cy_uid; + user->gid = cy_gid; + status = 0; + } + } + else + { + status = ERROR_NOT_FOUND; + } + + if (status == 0) { + user->last_updated = time(NULL); + eprintf("## idmap_lookup_user: found username='%s', principal='%s', uid=%lu, gid=%lu\n", + user->username, + user->principal, + (unsigned long)user->uid, + (unsigned long)user->gid); + } +#endif if (context->config.cache_ttl) { /* insert the entry into the cache */ cache_insert(&context->users, lookup, &user->entry); @@ -732,10 +1032,10 @@ static int idmap_lookup_group( if (status == NO_ERROR) { /* don't return expired entries; query new attributes * and overwrite the entry with cache_insert() */ - if (time(NULL) - group->last_updated < context->config.cache_ttl) + if ((time(NULL) - group->last_updated) < context->config.cache_ttl) goto out; } - +#if 0 /* send the query to the ldap server */ status = idmap_query_attrs(context, lookup, attributes, 0, values, NUM_ATTRIBUTES); @@ -758,7 +1058,48 @@ static int idmap_lookup_group( goto out_free_values; } group->last_updated = time(NULL); +#else + if (lookup->attr == ATTR_GROUP_NAME) { + gid_t cy_gid = 0; + + status = ERROR_NOT_FOUND; + + if (!cygwin_getent_group(lookup->value, NULL, &cy_gid)) { + eprintf("# ATTR_GROUP_NAME: cygwin_getent_group: returned '%s', gid=%d\n", lookup->value, (int)cy_gid); + StringCchCopyA(group->name, VAL_LEN, lookup->value); + group->gid = cy_gid; + status = 0; + } + } + else if (lookup->attr == ATTR_GID) { + gid_t search_gid = (gid_t)(lookup->value); + char search_name[VAL_LEN]; + char res_groupname[VAL_LEN]; + gid_t cy_gid = 0; + + status = ERROR_NOT_FOUND; + + (void)snprintf(search_name, sizeof(search_name), "%lu", (unsigned long)search_gid); + + if (!cygwin_getent_group(search_name, res_groupname, &cy_gid)) { + eprintf("# ATTR_GID: cygwin_getent_group: returned '%s', gid=%d\n", res_groupname, (int)cy_gid); + StringCchCopyA(group->name, VAL_LEN, res_groupname); + group->gid = cy_gid; + status = 0; + } + } + else + { + status = ERROR_NOT_FOUND; + } + if (status == 0) { + group->last_updated = time(NULL); + eprintf("## idmap_lookup_group: found name='%s', gid=%lu\n", + group->name, + (unsigned long)group->gid); + } +#endif if (context->config.cache_ttl) { /* insert the entry into the cache */ cache_insert(&context->groups, lookup, &group->entry); @@ -770,6 +1111,10 @@ out: return status; } +#if 1 +/* hack!! */ +struct idmap_context *global_idmap_context = NULL; +#endif /* public idmap interface */ int nfs41_idmap_create( @@ -795,6 +1140,7 @@ int nfs41_idmap_create( goto out_err_free; } +#if 0 /* initialize ldap and configure options */ context->ldap = ldap_init(context->config.hostname, context->config.port); if (context->ldap == NULL) { @@ -824,8 +1170,15 @@ int nfs41_idmap_create( goto out_err_free; } } +#else + eprintf("nfs41_idmap_create: Force context->config.timeout = 6000;\n"); + context->config.timeout = 6000; +#endif *context_out = context; +#if 1 +global_idmap_context = context; +#endif out: return status; diff --git a/daemon/idmap.h b/daemon/idmap.h index 6a78476..9016ddb 100644 --- a/daemon/idmap.h +++ b/daemon/idmap.h @@ -64,4 +64,9 @@ int nfs41_idmap_gid_to_group( char *name_out, size_t len); +#if 1 +/* hack!! */ +extern struct idmap_context *global_idmap_context; +#endif + #endif /* !IDMAP_H */ diff --git a/daemon/nfs41_daemon.c b/daemon/nfs41_daemon.c index bb485cb..0d7403e 100644 --- a/daemon/nfs41_daemon.c +++ b/daemon/nfs41_daemon.c @@ -42,8 +42,8 @@ static const char FILE_NETCONFIG[] = "C:\\etc\\netconfig"; /* Globals */ char localdomain_name[NFS41_HOSTNAME_LEN]; -int default_uid = 666; -int default_gid = 777; +int default_uid = 12666; +int default_gid = 12777; #ifndef STANDALONE_NFSD //make sure to define it in "sources" not here #include "service.h" @@ -389,6 +389,11 @@ VOID ServiceStart(DWORD argc, LPTSTR *argv) exit(1); } +#if 1 + /* force enable for cygwin getent passwd/group testing */ + cmd_args.ldap_enable = TRUE; +#endif + nfs41_server_list_init(); if (cmd_args.ldap_enable) { diff --git a/daemon/open.c b/daemon/open.c index e59939b..94a6ba2 100644 --- a/daemon/open.c +++ b/daemon/open.c @@ -18,23 +18,24 @@ * along with this library; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA */ - -#include <Windows.h> -#include <stdio.h> -#include <ctype.h> -#include <strsafe.h> - -#include "nfs41_ops.h" -#include "nfs41_build_features.h" -#include "delegation.h" -#include "from_kernel.h" -#include "daemon_debug.h" -#include "upcall.h" -#include "util.h" - -static int create_open_state( - IN const char *path, - IN uint32_t open_owner_id, + +#include <Windows.h> +#include <stdio.h> +#include <ctype.h> +#include <strsafe.h> + +#include "nfs41_ops.h" +#include "nfs41_build_features.h" +#include "delegation.h" +#include "from_kernel.h" +#include "daemon_debug.h" +#include "upcall.h" +#include "util.h" +#include "idmap.h" + +static int create_open_state( + IN const char *path, + IN uint32_t open_owner_id, OUT nfs41_open_state **state_out) { int status; @@ -293,38 +294,38 @@ static int parse_open(unsigned char *buffer, uint32_t length, nfs41_upcall *upca status = safe_read(&buffer, &length, &args->disposition, sizeof(ULONG)); if (status) goto out; status = safe_read(&buffer, &length, &args->open_owner_id, sizeof(LONG)); - if (status) goto out; - status = safe_read(&buffer, &length, &args->mode, sizeof(DWORD)); - if (status) goto out; -#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES - status = safe_read(&buffer, &length, &args->owner_local_uid, sizeof(DWORD)); - if (status) goto out; - status = safe_read(&buffer, &length, &args->owner_group_local_gid, sizeof(DWORD)); - if (status) goto out; -#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ - status = safe_read(&buffer, &length, &args->srv_open, sizeof(HANDLE)); - if (status) goto out; - status = parse_abs_path(&buffer, &length, &args->symlink); + if (status) goto out; + status = safe_read(&buffer, &length, &args->mode, sizeof(DWORD)); + if (status) goto out; +#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES + status = safe_read(&buffer, &length, &args->owner_local_uid, sizeof(DWORD)); + if (status) goto out; + status = safe_read(&buffer, &length, &args->owner_group_local_gid, sizeof(DWORD)); + if (status) goto out; +#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ + status = safe_read(&buffer, &length, &args->srv_open, sizeof(HANDLE)); + if (status) goto out; + status = parse_abs_path(&buffer, &length, &args->symlink); if (status) goto out; status = safe_read(&buffer, &length, &args->ea, sizeof(HANDLE)); if (status) goto out; - dprintf(1, "parsing NFS41_OPEN: filename='%s' access mask=%d " - "access mode=%d\n\tfile attrs=0x%x create attrs=0x%x " - "(kernel) disposition=%d\n\topen_owner_id=%d mode=%o " -#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES - "owner_local_uid=%u owner_group_local_gid=%u " -#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ - "srv_open=%p symlink=%s ea=%p\n", args->path, args->access_mask, - args->access_mode, args->file_attrs, args->create_opts, - args->disposition, args->open_owner_id, args->mode, -#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES - (unsigned int)args->owner_local_uid, (unsigned int)args->owner_group_local_gid, -#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ - args->srv_open, - args->symlink.path, args->ea); - print_disposition(2, args->disposition); - print_access_mask(2, args->access_mask); + dprintf(1, "parsing NFS41_OPEN: filename='%s' access mask=%d " + "access mode=%d\n\tfile attrs=0x%x create attrs=0x%x " + "(kernel) disposition=%d\n\topen_owner_id=%d mode=%o " +#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES + "owner_local_uid=%u owner_group_local_gid=%u " +#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ + "srv_open=%p symlink=%s ea=%p\n", args->path, args->access_mask, + args->access_mode, args->file_attrs, args->create_opts, + args->disposition, args->open_owner_id, args->mode, +#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES + (unsigned int)args->owner_local_uid, (unsigned int)args->owner_group_local_gid, +#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ + args->srv_open, + args->symlink.path, args->ea); + print_disposition(2, args->disposition); + print_access_mask(2, args->access_mask); print_share_mode(2, args->access_mode); print_create_attributes(2, args->create_opts); out: @@ -655,123 +656,90 @@ static int handle_open(nfs41_upcall *upcall) } nfs_to_basic_info(&info, &args->basic_info); - nfs_to_standard_info(&info, &args->std_info); - args->mode = info.mode; - args->changeattr = info.change; - -#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES - bitmap4 og_attr_request = { 0 }; - nfs41_file_info og_info = { 0 }; - char owner[NFS4_OPAQUE_LIMIT], group[NFS4_OPAQUE_LIMIT]; - nfsacl41 acl = { 0 }; - - /* - * gisburn: - * 1. We should cache owner/group information - * 2. We should always ask for - * FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP with the other - * attributes - */ - og_attr_request.count = 2; - og_attr_request.arr[1] = FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP; - og_info.owner = owner; - og_info.owner_group = group; - status = nfs41_getattr(state->session, &state->file, &og_attr_request, &og_info); - if (status) { - eprintf("get_stat_data: nfs41_cached_getattr() failed with %d\n", - status); - } - -#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_TESTMAPPING - /* - * Map owner to local uid - * - * |owner| can be numeric string ("1616"), plain username - * ("gisburn") or username@domain ("gisburn@sun.com") - */ - /* stomp over '@' */ - char *at_ch; /* pointer to '@' */ - if (at_ch = strchr(og_info.owner, '@')) - *at_ch = '\0'; - - if (isdigit(og_info.owner[0])) { - args->owner_local_uid = atol(og_info.owner); - } - else if(!strcmp(og_info.owner, "nobody")) { - args->owner_local_uid = 65534; - } - else if(!strcmp(og_info.owner, "root")) { - args->owner_local_uid = 0; - } - else if(!strcmp(og_info.owner, "rmainz")) { - args->owner_local_uid = 1616; - } - else if(!strcmp(og_info.owner, "roland_mainz")) { - args->owner_local_uid = 197608; - } - else if(!strcmp(og_info.owner, "swulsch")) { - args->owner_local_uid = 1818; - } - else if(!strcmp(og_info.owner, "iam")) { - args->owner_local_uid = 2010; - } - else if(!strcmp(og_info.owner, "mwenzel")) { - args->owner_local_uid = 8239; - } - else if(!strcmp(og_info.owner, "test001")) { - args->owner_local_uid = 1000; - } - else { - args->owner_local_uid = 666; /* debug: number of the beast */ - } - - /* - * Map owner_group to local gid - * - * |owner_group| can be numeric string ("1616"), plain username - * ("gisgrp") or username@domain ("gisgrp@sun.com") - */ - if (at_ch = strchr(og_info.owner_group, '@')) - *at_ch = '\0'; - if (isdigit(og_info.owner_group[0])) { - args->owner_group_local_gid = atol(og_info.owner_group); - } - else if(!strcmp(og_info.owner_group, "nogroup")) { - args->owner_group_local_gid = 65534; - } - else if(!strcmp(og_info.owner_group, "root")) { - args->owner_group_local_gid = 0; - } - else if(!strcmp(og_info.owner_group, "Kein")) { - args->owner_group_local_gid = 197121; - } - else if(!strcmp(og_info.owner_group, "rmainz")) { - args->owner_group_local_gid = 1616; - } - else if(!strcmp(og_info.owner, "iam")) { - args->owner_group_local_gid = 2010; - } - else if(!strcmp(og_info.owner_group, "swulsch")) { - args->owner_group_local_gid = 1818; - } - else if(!strcmp(og_info.owner_group, "mwenzel")) { - args->owner_group_local_gid = 8239; - } - else if(!strcmp(og_info.owner_group, "test001")) { - args->owner_group_local_gid = 1000; - } - else { - args->owner_group_local_gid = 666; /* debug: number of the beast */ - } -#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_TESTMAPPING */ - - dprintf(1, "handle_open: stat: owner=%u/'%s', owner_group=%u/'%s'\n", - (unsigned int)args->owner_local_uid, og_info.owner, - (unsigned int)args->owner_group_local_gid, og_info.owner_group); -#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ - } else { - nfs41_file_info createattrs = { 0 }; - uint32_t create = 0, createhowmode = 0, lookup_status = status; + nfs_to_standard_info(&info, &args->std_info); + args->mode = info.mode; + args->changeattr = info.change; + +#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES + bitmap4 og_attr_request = { 0 }; + nfs41_file_info og_info = { 0 }; + char owner[NFS4_OPAQUE_LIMIT], group[NFS4_OPAQUE_LIMIT]; + nfsacl41 acl = { 0 }; + + /* + * gisburn: + * 1. We should cache owner/group information + * 2. We should always ask for + * FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP with the other + * attributes + */ + og_attr_request.count = 2; + og_attr_request.arr[1] = FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP; + og_info.owner = owner; + og_info.owner_group = group; + status = nfs41_getattr(state->session, &state->file, &og_attr_request, &og_info); + if (status) { + eprintf("get_stat_data: nfs41_cached_getattr() failed with %d\n", + status); + } + + uid_t map_uid = -1; + gid_t gid_dummy = -1; + gid_t map_gid = -1; + char *at_ch; /* pointer to '@' */ + + /* + * Map owner to local uid + * + * |owner| can be numeric string ("1616"), plain username + * ("gisburn") or username@domain ("gisburn@sun.com") + */ + /* stomp over '@' */ + if (at_ch = strchr(og_info.owner, '@')) + *at_ch = '\0'; + + if (nfs41_idmap_name_to_ids( + global_idmap_context, + og_info.owner, + &map_uid, + &gid_dummy) == 0) { + args->owner_local_uid = map_uid; + } + else { + args->owner_local_uid = 30666; /* debug: number of the beast */ + eprintf("get_stat_data: no mapping for '%s', fake uid=%d\n", + og_info.owner, args->owner_local_uid); + } + + /* + * Map owner_group to local gid + * + * |owner_group| can be numeric string ("1616"), plain username + * ("gisgrp") or username@domain ("gisgrp@sun.com") + */ + /* stomp over '@' */ + if (at_ch = strchr(og_info.owner_group, '@')) + *at_ch = '\0'; + + if (nfs41_idmap_group_to_gid( + global_idmap_context, + og_info.owner_group, + &map_gid) == 0) { + args->owner_group_local_gid = map_gid; + } + else { + args->owner_group_local_gid = 30777; /* debug: number of the beast */ + eprintf("get_stat_data: no mapping for '%s', fake gid=%d\n", + og_info.owner_group, args->owner_group_local_gid); + } + + dprintf(1, "handle_open: stat: owner=%u/'%s', owner_group=%u/'%s'\n", + (unsigned int)args->owner_local_uid, og_info.owner, + (unsigned int)args->owner_group_local_gid, og_info.owner_group); +#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ + } else { + nfs41_file_info createattrs = { 0 }; + uint32_t create = 0, createhowmode = 0, lookup_status = status; if (!lookup_status && (args->disposition == FILE_OVERWRITE || args->disposition == FILE_OVERWRITE_IF || @@ -875,18 +843,18 @@ static int marshall_open(unsigned char *buffer, uint32_t *length, nfs41_upcall * status = safe_write(&buffer, length, &args->std_info, sizeof(args->std_info)); if (status) goto out; status = safe_write(&buffer, length, &upcall->state_ref, sizeof(HANDLE)); - if (status) goto out; - status = safe_write(&buffer, length, &args->mode, sizeof(args->mode)); - if (status) goto out; -#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES - status = safe_write(&buffer, length, &args->owner_local_uid, sizeof(args->owner_local_uid)); - if (status) goto out; - status = safe_write(&buffer, length, &args->owner_group_local_gid, sizeof(args->owner_group_local_gid)); - if (status) goto out; -#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ - status = safe_write(&buffer, length, &args->changeattr, sizeof(args->changeattr)); - if (status) goto out; - status = safe_write(&buffer, length, &args->deleg_type, sizeof(args->deleg_type)); + if (status) goto out; + status = safe_write(&buffer, length, &args->mode, sizeof(args->mode)); + if (status) goto out; +#ifdef NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES + status = safe_write(&buffer, length, &args->owner_local_uid, sizeof(args->owner_local_uid)); + if (status) goto out; + status = safe_write(&buffer, length, &args->owner_group_local_gid, sizeof(args->owner_group_local_gid)); + if (status) goto out; +#endif /* NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES */ + status = safe_write(&buffer, length, &args->changeattr, sizeof(args->changeattr)); + if (status) goto out; + status = safe_write(&buffer, length, &args->deleg_type, sizeof(args->deleg_type)); if (status) goto out; if (upcall->last_error == ERROR_REPARSE) { unsigned short len = (args->symlink.len + 1) * sizeof(WCHAR); diff --git a/libtirpc/src/auth_unix.c b/libtirpc/src/auth_unix.c index ca8c908..8261b9e 100644 --- a/libtirpc/src/auth_unix.c +++ b/libtirpc/src/auth_unix.c @@ -213,10 +213,13 @@ authunix_create_default() abort(); #else // XXX Need to figure out what to do here! - uid = 666; - gid = 777; + uid = 10666; + gid = 10777; gids[0] = 0; len = 0; + (void)fprintf(stderr, "authunix_create_default(): fixme, " + "do not know what do to, returning fake uid=%d/gid=%d", + (int)uid, (int)gid); #endif /* XXX: interface problem; those should all have been unsigned */ return (authunix_create(machname, uid, gid, len, gids)); diff --git a/sys/nfs41_build_features.h b/sys/nfs41_build_features.h index f8ea548..44e1961 100644 --- a/sys/nfs41_build_features.h +++ b/sys/nfs41_build_features.h @@ -32,14 +32,14 @@ /* * NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES - return local uid/gid values */ -// #define NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES 1 -// #define NFS41_DRIVER_FEATURE_LOCAL_UIDGID_TESTMAPPING 1 +#define NFS41_DRIVER_FEATURE_LOCAL_UIDGID_IN_NFSV3ATTRIBUTES 1 +#define NFS41_DRIVER_FEATURE_LOCAL_UIDGID_TESTMAPPING 1 /* * NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - give NFS * files which do not map to a local account a SID in the * Unix_User+x/Unix_Group+x range */ -// #define NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID 1 +#define NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID 1 #endif /* !_NFS41_DRIVER_BUILDFEATURES_ */

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at