Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client: Patches for SID cache, idmapper, Windows Server 2022 compatibility hacks+tests+misc, 2024-11-11
Posted by Anonymous on Mon 11th Nov 2024 17:38
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
From 50dc084ae2d9933578644519a0a19dbb6d66f654 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 14:09:00 +0100 Subject: [PATCH 1/9] cygwin_idmapper.ksh,daemon: Wrong machine SID used by cygwin_idmapper.ksh cygwin_idmapper.ksh uses a hardcoded (and in the case of Windows Server 2022) wrong machine SID, which caused a failure in the machinery for l10n account+group names. As result the idmapper was returning "Unknown+User" and "Unknown+Group" names as valid user/group names, which caused further breakdowns. Fix is to use the correct machine SID, disable the l10n account+group names if we cannot find l10n names, and add error messages in |cygwin_getent_passwd()|+|cygwin_getent_group()| if the idmapper script returns "Unknown+User"/"Unknown+Group". Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin_idmapper.ksh | 150 ++++++++++++++++++++++++++---------------- daemon/idmap_cygwin.c | 24 +++++++ 2 files changed, 117 insertions(+), 57 deletions(-) diff --git a/cygwin_idmapper.ksh b/cygwin_idmapper.ksh index ab38245..0a41b1f 100644 --- a/cygwin_idmapper.ksh +++ b/cygwin_idmapper.ksh @@ -40,56 +40,41 @@ typeset stdout typeset -A c.localised_usernames typeset -A c.localised_groupnames +# fixme: Different Windows versions use different machine SIDs +# Windows 10+Windows Server 2019 use +# "S-1-5-21-3286904461-661230000-4220857270", but other Windows +# versions use different values +typeset machine_sid="$(mkgroup -l | sed -n 's/[^:]*:\(S-[-0-9]*\)-513:.*$/\1/p')" +if [[ "$machine_sid" != ~(El)S-1-5-21- ]] ; then + print -u2 -f "%s: Unexpected machine SID '%q'\n" \ + "$0" "$machine_sid" + exit 1 +fi + # User "SYSTEM": de_DE: "SYSTEM" ... stdout="$(getent passwd 'S-1-5-18')" -c.localised_usernames['SYSTEM']="${stdout%%:*}" +if (( $? == 0 )) && [[ "$stdout" != ~(El)Unknown\+User: ]] ; then + c.localised_usernames['SYSTEM']="${stdout%%:*}" +fi # User "Adminstrator": fr_FR: "Administrateur" ... -stdout="$(getent passwd 'S-1-5-21-3286904461-661230000-4220857270-500')" -c.localised_usernames['Administrator']="${stdout%%:*}" +stdout="$(getent passwd "${machine_sid}-500")" +if (( $? == 0 )) && [[ "$stdout" != ~(El)Unknown\+User: ]] ; then + c.localised_usernames['Administrator']="${stdout%%:*}" + +fi # Group "None": de_DE: "Kein", fr_FR: "Aucun" ... -stdout="$(getent group 'S-1-5-21-3286904461-661230000-4220857270-513')" -c.localised_groupnames['None']="${stdout%%:*}" +stdout="$(getent group "${machine_sid}-513")" +if (( $? == 0 )) && [[ "$stdout" != ~(El)Unknown\+Group: ]] ; then + c.localised_groupnames['None']="${stdout%%:*}" +fi compound -A localusers=( # # System accounts # - ["${c.localised_usernames['Administrator']}"]=( - localaccountname="${c.localised_usernames['Administrator']}" - localuid=197108 - localgid=197121 - ) - ['Administrator']=( - localaccountname="${c.localised_usernames['Administrator']}" - localuid=197108 - localgid=197121 - ) - # French user "Administrator" - ['Administrateur']=( - localaccountname="${c.localised_usernames['Administrator']}" - localuid=197108 - localgid=197121 - ) - ["${c.localised_usernames['SYSTEM']}"]=( - localaccountname="${c.localised_usernames['SYSTEM']}" - localuid=18 - localgid=18 - ) - ["SYSTEM"]=( - localaccountname="${c.localised_usernames['SYSTEM']}" - localuid=18 - localgid=18 - ) - # French user "SYSTEM" - # FIXME: This should be $'Syst\u[e8]me', but ksh93 1.0.10 - # doesn't work - [$'Syst\xc3\xa8me']=( - localaccountname="${c.localised_usernames['SYSTEM']}" - localuid=18 - localgid=18 - ) + # # Site-specific users # @@ -125,28 +110,55 @@ compound -A localusers=( ) ) +if [[ -v c.localised_usernames['Administrator'] ]] ; then + localusers+=( + ["${c.localised_usernames['Administrator']}"]=( + localaccountname="${c.localised_usernames['Administrator']}" + localuid=197108 + localgid=197121 + ) + ['Administrator']=( + localaccountname="${c.localised_usernames['Administrator']}" + localuid=197108 + localgid=197121 + ) + # French user "Administrator" + ['Administrateur']=( + localaccountname="${c.localised_usernames['Administrator']}" + localuid=197108 + localgid=197121 + ) + ) +fi +if [[ -v c.localised_usernames['SYSTEM'] ]] ; then + localusers+=( + ["${c.localised_usernames['SYSTEM']}"]=( + localaccountname="${c.localised_usernames['SYSTEM']}" + localuid=18 + localgid=18 + ) + ["SYSTEM"]=( + localaccountname="${c.localised_usernames['SYSTEM']}" + localuid=18 + localgid=18 + ) + # French user "SYSTEM" + # FIXME: This should be $'Syst\u[e8]me', but ksh93 1.0.10 + # doesn't work + [$'Syst\xc3\xa8me']=( + localaccountname="${c.localised_usernames['SYSTEM']}" + localuid=18 + localgid=18 + ) + ) +fi + compound -A localgroups=( # # System accounts # - ["${c.localised_groupnames['None']}"]=( - localgroupname="${c.localised_groupnames['None']}" - localgid=197121 - ) - ["None"]=( - localgroupname="${c.localised_groupnames['None']}" - localgid=197121 - ) - # French Windows localised group name for "None" - ['Aucun']=( - localgroupname="${c.localised_groupnames['None']}" - localgid=197121 - ) - # German Windows localised group name for "None" - ["Kein"]=( - localgroupname="${c.localised_groupnames['None']}" - localgid=197121 - ) + + # # Site-specific users # @@ -168,6 +180,30 @@ compound -A localgroups=( ) ) +if [[ -v c.localised_groupnames['None'] ]] ; then + localgroups+=( + ["${c.localised_groupnames['None']}"]=( + localgroupname="${c.localised_groupnames['None']}" + localgid=197121 + ) + ["None"]=( + localgroupname="${c.localised_groupnames['None']}" + localgid=197121 + ) + # French Windows localised group name for "None" + ['Aucun']=( + localgroupname="${c.localised_groupnames['None']}" + localgid=197121 + ) + # German Windows localised group name for "None" + ["Kein"]=( + localgroupname="${c.localised_groupnames['None']}" + localgid=197121 + ) + ) +fi + + case "${c.mode}" in 'nfsserver_owner2localaccount') # diff --git a/daemon/idmap_cygwin.c b/daemon/idmap_cygwin.c index 9f7af99..868bdee 100644 --- a/daemon/idmap_cygwin.c +++ b/daemon/idmap_cygwin.c @@ -146,6 +146,18 @@ int cygwin_getent_passwd(const char *name, char *res_loginname, uid_t *res_uid, } } + /* + * Cygwin /usr/bin/getent passwd can return "Unknown+User" + * in cases when an SID is valid but does not match an account. + * The idmapper script must never return this! + */ + if (!strcmp(localaccountname, "Unknown+User")) { + eprintf("cygwin_getent_passwd(name='%s'): " + "idmapper returned illegal value '%s'\n", + name, localaccountname); + goto fail; + } + if (!localaccountname) goto fail; @@ -274,6 +286,18 @@ int cygwin_getent_group(const char* name, char* res_group_name, gid_t* res_gid) } } + /* + * Cygwin /usr/bin/getent group can return "Unknown+Group" + * in cases when an SID is valid but does not match an account. + * The idmapper script must never return this! + */ + if (!strcmp(localgroupname, "Unknown+Group")) { + eprintf("cygwin_getent_group(name='%s'): " + "idmapper returned illegal value '%s'\n", + name, localgroupname); + goto fail; + } + if (!localgroupname) goto fail; -- 2.45.1 From 9c73bab9e0eb86455a0358000048a66162f55d97 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 14:15:03 +0100 Subject: [PATCH 2/9] tests: nfsbuildtest: Create missing /usr/local install dir for "gcc build" nfsbuildtest: Create missing /usr/local install dir for "gcc build" Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- tests/nfsbuildtest/nfsbuildtest.ksh93 | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/nfsbuildtest/nfsbuildtest.ksh93 b/tests/nfsbuildtest/nfsbuildtest.ksh93 index eb8bc02..4823005 100644 --- a/tests/nfsbuildtest/nfsbuildtest.ksh93 +++ b/tests/nfsbuildtest/nfsbuildtest.ksh93 @@ -158,10 +158,25 @@ function gcc_build fi # - # build gcc + # Create /usr/local/ dir in "$PWD/install_root/" because gcc's + # make install will fail if the dir is missing # - time ksh93 -c 'export SHELL=/bin/ksh93 ; (yes | make --load-average 32 -j12 install)' - echo $? + mkdir -p -- "$PWD/install_root/usr/local" + + # + # build gcc + # Notes: + # - targets "all" and "install" must be called in sequence, as + # a plain $ make -j32 install # can fail when tools build + # during $ make -j32 all # missing + # + ( + set -o xtrace + time ksh93 -c 'export SHELL=/bin/ksh93 ; (yes | make --load-average 32 -j12 all)' + printf "######## gcc build make all returned %d\n" $? + time ksh93 -c 'export SHELL=/bin/ksh93 ; (yes | make --load-average 32 -j12 install)' + printf "######## gcc build make install returned %d\n" $? + ) echo "#Done." return 0 -- 2.45.1 From ecfd0d4bc1e3d43246333150491d1e48ba24b1b8 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 14:21:29 +0100 Subject: [PATCH 3/9] daemon: ACE for Unix_User+/Unix_Group+ should use uid/gid, not uid@domain/gid@domain ACE for Unix_User+/Unix_Group+ should use uid/gid, not uid@domain/gid@domain Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/acl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/daemon/acl.c b/daemon/acl.c index 8622678..b122910 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -1011,7 +1011,7 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, "Unix_User+%d SID " "mapped to user '%s'\n", unixuser_uid, who_out)); - goto add_domain; + goto no_add_domain; } eprintf("map_sid2nfs4ace_who: " @@ -1032,7 +1032,7 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, "Unix_Group+%d SID " "mapped to group '%s'\n", unixgroup_gid, who_out)); - goto add_domain; + goto no_add_domain; } eprintf("map_sid2nfs4ace_who: " @@ -1079,6 +1079,8 @@ err_none_mapped: add_domain: (void)memcpy(who_out+who_size, "@", sizeof(char)); (void)memcpy(who_out+who_size+1, domain, strlen(domain)+1); + +no_add_domain: status = ERROR_SUCCESS; out: if (status) { -- 2.45.1 From c6db0fd00c96b46fac48d214868b68577a8e7018 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 14:49:51 +0100 Subject: [PATCH 4/9] daemon,nfs41_build_features.h: Add experimental hacks for WS2022 compatibility Add experimental hacks for Windows Server NFSv4.1 server compatibility. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/acl.c | 42 ++++++++++++++++++++++++++++++++++++++++++ daemon/sid.c | 12 ++++++++++++ nfs41_build_features.h | 6 ++++++ 3 files changed, 60 insertions(+) diff --git a/daemon/acl.c b/daemon/acl.c index b122910..ffdba35 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -99,12 +99,24 @@ static int check_4_special_identifiers(char *who, PSID *sid, DWORD *sid_len, *flag = TRUE; if (!strncmp(who, ACE4_OWNER, strlen(ACE4_OWNER)-1)) type = WinCreatorOwnerSid; +#ifdef NFS41_DRIVER_WS2022_HACKS + else if (!strncmp(who, "CREATOR OWNER@", strlen("CREATOR OWNER@")-1)) + type = WinCreatorOwnerSid; +#endif /* NFS41_DRIVER_WS2022_HACKS */ else if (!strncmp(who, ACE4_GROUP, strlen(ACE4_GROUP)-1)) type = WinCreatorGroupSid; else if (!strncmp(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)-1)) type = WinWorldSid; +#ifdef NFS41_DRIVER_WS2022_HACKS + else if (!strncmp(who, "Everyone@", strlen("Everyone@")-1)) + type = WinWorldSid; +#endif /* NFS41_DRIVER_WS2022_HACKS */ else if (!strncmp(who, ACE4_NOBODY, strlen(ACE4_NOBODY))) type = WinNullSid; +#ifdef NFS41_DRIVER_WS2022_HACKS + else if (!strncmp(who, "NULL SID", strlen("NULL SID"))) + type = WinNullSid; +#endif /* NFS41_DRIVER_WS2022_HACKS */ else *flag = FALSE; if (*flag) @@ -174,6 +186,19 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, if (!flag) { bool isgroupacl = (curr_nfsace->aceflag & ACE4_IDENTIFIER_GROUP)?true:false; + +#ifdef NFS41_DRIVER_WS2022_HACKS + if ((isgroupacl == false) && domain && + (!strcmp(domain, "BUILTIN"))) { + if ((!strcmp(curr_nfsace->who, "Users")) || + (!strcmp(curr_nfsace->who, "Administrators"))) { + DPRINTF(1, ("convert_nfs4acl_2_dacl: " + "force isgroupacl=true for for user='%s'\n", + curr_nfsace->who)); + isgroupacl = true; + } + } +#endif /* NFS41_DRIVER_WS2022_HACKS */ if (isgroupacl) { DPRINTF(ACLLVL2, ("convert_nfs4acl_2_dacl: aces[%d].who='%s': " @@ -1078,6 +1103,23 @@ err_none_mapped: (void)memcpy(who_out, who_buf, who_size); add_domain: (void)memcpy(who_out+who_size, "@", sizeof(char)); + +#ifdef NFS41_DRIVER_WS2022_HACKS + /* Fixup |domain| for Windows Sever 2022 NFSv4.1 server */ + if ((!strncmp(who_out, "Users@", who_size+1)) || + (!strncmp(who_out, "Administrators@", who_size+1))) { + domain = "BUILTIN"; + DPRINTF(1, + ("map_sid2nfs4ace_who: Fixup '%*s' domain='%s'\n", + (int)who_size+1, who_out, domain)); + } + else if (!strncmp(who_out, "SYSTEM@", who_size+1)) { + domain = "NT AUTHORITY"; + DPRINTF(1, + ("map_sid2nfs4ace_who: Fixup '%*s' domain='%s'\n", + (int)who_size+1, who_out, domain)); + } +#endif /* NFS41_DRIVER_WS2022_HACKS */ (void)memcpy(who_out+who_size+1, domain, strlen(domain)+1); no_add_domain: diff --git a/daemon/sid.c b/daemon/sid.c index 2a63763..0c8af81 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -621,6 +621,18 @@ out_cache: sid_type = SidTypeGroup; } +#ifdef NFS41_DRIVER_WS2022_HACKS + if ((query & OWNER_SECURITY_INFORMATION) && + (sid_type == SidTypeWellKnownGroup)) { + if (!strcmp(orig_nfsname, "SYSTEM")) { + DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): " + "SID_TYPE='SidTypeWellKnownGroup' mapped to 'SidTypeUser' for user\n", + query, orig_nfsname)); + sid_type = SidTypeUser; + } + } +#endif /* NFS41_DRIVER_WS2022_HACKS */ + switch (sid_type) { case SidTypeUser: sidcache_add(&user_sidcache, orig_nfsname, *sid); diff --git a/nfs41_build_features.h b/nfs41_build_features.h index 34843e1..bcc765c 100644 --- a/nfs41_build_features.h +++ b/nfs41_build_features.h @@ -167,4 +167,10 @@ */ #define NFS41_DRIVER_WSL_SUPPORT 1 +/* + * NFS41_DRIVER_WS2022_HACKS - Enable hacks for Windows Server 2022 + * compatibility + */ +#define NFS41_DRIVER_WS2022_HACKS 1 + #endif /* !_NFS41_DRIVER_BUILDFEATURES_ */ -- 2.45.1 From 252540c08ededdd50e9c6ffb68cf66263b6651fc Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 15:01:13 +0100 Subject: [PATCH 5/9] daemon: Fix number of |DPRINTF()| args in |map_nfs4servername_2_sid()| Fix number of |DPRINTF()| args in |map_nfs4servername_2_sid()| Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/sid.c b/daemon/sid.c index 0c8af81..baaf95a 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -617,7 +617,7 @@ out_cache: */ DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): " "SID_TYPE='SidTypeAlias' mapped to 'SidTypeGroup'\n", - query, orig_nfsname, sid_type)); + query, orig_nfsname)); sid_type = SidTypeGroup; } -- 2.45.1 From 1169b9cd513d1617910ccdc16f870d193ed6f165 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 15:03:20 +0100 Subject: [PATCH 6/9] daemon: Add assert to |convert_nfs4acl_2_dacl()| if an NFSv4 ACE who name contains numeric uid/gid Add assert to |convert_nfs4acl_2_dacl()| if an NFSv4 ACE who name contains numeric uid/gid Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/acl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/daemon/acl.c b/daemon/acl.c index ffdba35..715a573 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -161,6 +161,10 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg, DPRINTF(ACLLVL2, ("convert_nfs4acl_2_dacl: for user='%s' domain='%s'\n", curr_nfsace->who, domain?domain:"<null>")); + EASSERT_MSG(!isdigit(curr_nfsace->who[0]), + ("convert_nfs4acl_2_dacl: aces[%d]->who='%s' uses numeric id", + (int)nfs_i, curr_nfsace->who)); + #ifdef NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES /* * Skip "nobody" ACEs - Cygwin uses |WinNullSid| ACEs (mapped -- 2.45.1 From ec9b10b7fb3b74bf5951722aedd86b9d4c3276ac Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 18:03:54 +0100 Subject: [PATCH 7/9] daemon: |sidcache_add()|: Fix timestamp calculation used for entry invalidation Fix timestamp calculation in |sidcache_add()| used for entry invalidation Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/sid.c b/daemon/sid.c index baaf95a..8be1cae 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -271,7 +271,7 @@ void sidcache_add(sidcache *cache, const char* win32name, PSID value) sidcache_entry *e = &cache->entries[i]; if ((e->sid != NULL) && - (e->timestamp < (currentTimestamp - SIDCACHE_TTL))) { + ((currentTimestamp - e->timestamp) >= SIDCACHE_TTL)) { e->sid = NULL; e->win32name[0] = '\0'; e->sid_len = 0; -- 2.45.1 From c81fe9407d20da67eb3f5aca2f386e79b1d10419 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 18:23:31 +0100 Subject: [PATCH 8/9] daemon: Add |sidcache_addwithalias()| to store a numeric uid/gid alongside Win32 owner/group name Add |sidcache_addwithalias()| to store a numeric uid/gid alongside Win32 owner/group name. We use this as sort-of hack for NFSv4.1 servers which send numeric uid/gid values for owner/owner_group, so we can use the cache in such cases too. FIXME: This mixes NFSv4.1 owner/owner_group namespace with Win32 account names namespace, and should be reworked once we have a bidirectional idmapper which cleanly seperates NFSv4.1 server account namespace+server uid/gid from NFSv4.1 Win32 account namespace+client uid/gid. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 59 +++++++++++++++++++++++++++++++++++++++++++++------- daemon/sid.h | 1 + 2 files changed, 53 insertions(+), 7 deletions(-) diff --git a/daemon/sid.c b/daemon/sid.c index 8be1cae..dcf4680 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -227,6 +227,7 @@ typedef struct _sidcache_entry { #define SIDCACHE_ENTRY_NAME_SIZE (UNLEN + 1) char win32name[SIDCACHE_ENTRY_NAME_SIZE]; /* must fit something like "user@domain" */ + char aliasname[SIDCACHE_ENTRY_NAME_SIZE]; PSID sid; DWORD sid_len; #pragma warning( push ) @@ -254,8 +255,13 @@ void sidcache_init(void) InitializeCriticalSection(&group_sidcache.lock); } -/* copy SID |value| into cache */ void sidcache_add(sidcache *cache, const char* win32name, PSID value) +{ + sidcache_addwithalias(cache, win32name, NULL, value); +} + +/* copy SID |value| into cache */ +void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *aliasname, PSID value) { int i; ssize_t freeEntryIndex; @@ -274,6 +280,7 @@ void sidcache_add(sidcache *cache, const char* win32name, PSID value) ((currentTimestamp - e->timestamp) >= SIDCACHE_TTL)) { e->sid = NULL; e->win32name[0] = '\0'; + e->aliasname[0] = '\0'; e->sid_len = 0; } } @@ -281,9 +288,26 @@ void sidcache_add(sidcache *cache, const char* win32name, PSID value) /* Find the oldest valid cache entry */ freeEntryIndex = -1; for (i = 0; i < SIDCACHE_SIZE; i++) { - if (cache->entries[i].sid) { + sidcache_entry *e = &cache->entries[i]; + if (e->sid) { /* Same name ? Then reuse this slot... */ - if (!strcmp(cache->entries[i].win32name, win32name)) { + if (!strcmp(e->win32name, win32name)) { + freeEntryIndex = i; + break; + } + if (aliasname) { + if (!strcmp(e->win32name, aliasname)) { + freeEntryIndex = i; + break; + } + if ((e->aliasname[0] != '\0') && + (!strcmp(e->aliasname, aliasname))) { + freeEntryIndex = i; + break; + } + } + if ((e->aliasname[0] != '\0') && + (!strcmp(e->aliasname, win32name))) { freeEntryIndex = i; break; } @@ -308,12 +332,17 @@ void sidcache_add(sidcache *cache, const char* win32name, PSID value) if (!CopySid(sid_len, e->sid, value)) { e->sid = NULL; e->win32name[0] = '\0'; + e->aliasname[0] = '\0'; e->sid_len = 0; goto done; } e->sid_len = sid_len; (void)strcpy(e->win32name, win32name); + if (aliasname) + (void)strcpy(e->aliasname, aliasname); + else + e->aliasname[0] = '\0'; e->timestamp = currentTimestamp; cache->cacheIndex = (cache->cacheIndex + 1) % SIDCACHE_SIZE; @@ -337,7 +366,8 @@ PSID *sidcache_getcached_byname(sidcache *cache, const char *win32name) e = &cache->entries[i]; if ((e->sid != NULL) && - (!strcmp(e->win32name, win32name)) && + ((!strcmp(e->win32name, win32name)) || + ((e->aliasname[0] != '\0') && (!strcmp(e->aliasname, win32name)))) && ((currentTimestamp - e->timestamp) < SIDCACHE_TTL)) { PSID malloced_sid = malloc(e->sid_len); if (!malloced_sid) @@ -374,7 +404,6 @@ bool sidcache_getcached_bysid(sidcache *cache, PSID sid, char *out_win32name) if ((e->sid != NULL) && (EqualSid(sid, e->sid) && ((currentTimestamp - e->timestamp) < SIDCACHE_TTL))) { - (void)strcpy(out_win32name, e->win32name); ret = true; @@ -635,10 +664,26 @@ out_cache: switch (sid_type) { case SidTypeUser: - sidcache_add(&user_sidcache, orig_nfsname, *sid); + if (isdigit(orig_nfsname[0])) { + DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): " + "adding usercache nfsname='%s' orig_nfsname='%s'\n", + query, orig_nfsname, nfsname, orig_nfsname)); + sidcache_addwithalias(&user_sidcache, nfsname, orig_nfsname, *sid); + } + else { + sidcache_add(&user_sidcache, orig_nfsname, *sid); + } break; case SidTypeGroup: - sidcache_add(&group_sidcache, orig_nfsname, *sid); + if (isdigit(orig_nfsname[0])) { + DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): " + "adding groupcache nfsname='%s' orig_nfsname='%s'\n", + query, orig_nfsname, nfsname, orig_nfsname)); + sidcache_addwithalias(&group_sidcache, nfsname, orig_nfsname, *sid); + } + else { + sidcache_add(&group_sidcache, orig_nfsname, *sid); + } break; default: eprintf("map_nfs4servername_2_sid(query=%x,nfsname='%s'): " diff --git a/daemon/sid.h b/daemon/sid.h index 57edfc7..70fc910 100644 --- a/daemon/sid.h +++ b/daemon/sid.h @@ -58,6 +58,7 @@ bool unixgroup_sid2gid(PSID psid, gid_t *pgid); #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ void sidcache_init(void); void sidcache_add(sidcache *cache, const char* win32name, PSID value); +void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *aliasname, PSID value); PSID *sidcache_getcached_byname(sidcache *cache, const char *win32name); bool sidcache_getcached_bysid(sidcache *cache, PSID sid, char *out_win32name); -- 2.45.1 From f510500c3f08b05a72609e41c815d2a3c7339b59 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Mon, 11 Nov 2024 18:28:24 +0100 Subject: [PATCH 9/9] daemon: Enable uid/gid fallback debug output in |map_nfs4servername_2_sid()| Enable uid/gid fallback debug output in |map_nfs4servername_2_sid()| by default. Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/sid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon/sid.c b/daemon/sid.c index dcf4680..b7d0736 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -557,7 +557,7 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si user_uid = map_uid; } else { - DPRINTF(1, + DPRINTF(0, ("map_nfs4servername_2_sid(query=%x,name='%s'): " "nfs41_idmap_name_to_uid() failed\n", query, nfsname)); @@ -575,7 +575,7 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si group_gid = map_gid; } else { - DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): nfs41_idmap_group_to_gid() failed\n", + DPRINTF(0, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): nfs41_idmap_group_to_gid() failed\n", query, nfsname)); /* fixme: try harder here, "1234" should to to |atol()| */ } -- 2.45.1

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at