msnfs41client: Prototype uid2sid mapping, try #001
Posted by Anonymous on Wed 4th Oct 2023 09:20
raw | new post
view followups (newest first): msnfs41client: Prototype uid2sid mapping, try #001 by Anonymous

diff --git a/daemon/acl.c b/daemon/acl.c
index 3a86735..cb58f70 100644
--- a/daemon/acl.c
+++ b/daemon/acl.c
@@ -22,6 +22,7 @@
 #include <Windows.h>
 #include <strsafe.h>
 #include <sddl.h>
+#include <ctype.h>

 #include "nfs41_ops.h"
 #include "delegation.h"
@@ -77,6 +78,34 @@ static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid,
     return status;
 }

+static
+void allocate_SECURITY_SAMBA_UNIX_AUTHORITY(PSID *p_sid)
+{
+    // S-1-22-1-1
+#define SECURITY_SAMBA_UNIX_AUTHORITY {0,0,0,0,0,22}
+    SID_IDENTIFIER_AUTHORITY sid_id_auth = SECURITY_SAMBA_UNIX_AUTHORITY;
+    PSID psid = 0;
+    /*
+     *
+     * $ getent passwd Unix_User+0
+     * Unix_User+0:*:4278190080:4278190080:U-Unix_User\0,S-1-22-1-0:/:/sbin/nologin
+     *
+     */
+    // Create a new SID with the given ID authority and no sub-authorities
+    if (!AllocateAndInitializeSid(&sid_id_auth, 2, 1, 0, 0, 0, 0, 0, 0, 0, &psid)) {
+        dprintf(ACLLVL, "allocate_SECURITY_SAMBA_UNIX_AUTHORITY failed\n");
+
+       PSID newsid = malloc(128);
+       (void)CopySid(128, newsid, psid);
+       *p_sid = newsid;
+    }
+    else
+    {
+        dprintf(ACLLVL, "allocate_SECURITY_SAMBA_UNIX_AUTHORITY success\n");
+    }
+}
+
+
 static void convert_nfs4name_2_user_domain(LPSTR nfs4name,
                                            LPSTR *domain)
 {
@@ -96,6 +125,34 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
     SID_NAME_USE sid_type;
     LPSTR tmp_buf = NULL;
     DWORD tmp = 0;
+    char modnamebuf[256];
+
+    if (isdigit(name[0])) {
+       unsigned long num = atol(name);
+       switch (num) {
+            case 1000:
+           case 197608:
+                dprintf(ACLLVL, "map_name_2_sid: remap %ld to 'roland_mainz'\n", num);
+               name = "roland_mainz";
+               break;
+           default:
+               allocate_SECURITY_SAMBA_UNIX_AUTHORITY(&(*sid));
+
+               (void)snprintf(modnamebuf, sizeof(modnamebuf), "S-1-22-1-%lu", num);
+               SetLastError(0);
+               if (ConvertStringSidToSidA(modnamebuf, *sid)) {
+                    dprintf(ACLLVL, "map_name_2_sid: lookup Unix_User+%ld for '%s'=='%s' success\n",
+                       num, name, modnamebuf);
+                   return ERROR_SUCCESS;
+               }
+               status = GetLastError();
+                dprintf(ACLLVL, "map_name_2_sid: lookup Unix_User+%ld for '%s'=='%s' returned %d\n",
+                   num, name, modnamebuf, status);
+               if (!status)
+                    return status;
+               name = modnamebuf;
+       }
+    }

     status = LookupAccountName(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type);
     dprintf(ACLLVL, "map_name_2_sid: LookupAccountName for %s returned %d "
@@ -107,6 +164,10 @@ static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
     status = GetLastError();
     switch(status) {
     case ERROR_INSUFFICIENT_BUFFER:
+#if 1
+       (*sid_len)+=128;
+       tmp += 128;
+#endif
         *sid = malloc(*sid_len);
         if (*sid == NULL) {
             status = GetLastError();
@@ -798,4 +859,4 @@ const nfs41_upcall_op nfs41_op_setacl = {
     parse_setacl,
     handle_setacl,
     marshall_setacl
-};
\ No newline at end of file
+};