- diff --git a/daemon/acl.c b/daemon/acl.c
- index ffb8d6c..1a5cde3 100644
- --- a/daemon/acl.c
- +++ b/daemon/acl.c
- @@ -37,6 +37,7 @@
- #include "sid.h"
- #define ACLLVL 2 /* dprintf level for acl logging */
- +#define ACLLVL2 3 /* dprintf level for acl logging */
- /* Local prototypes */
- static void map_winace2nfs4aceflags(BYTE win_aceflags, uint32_t *nfs4_aceflags);
- @@ -453,7 +454,7 @@ out:
- return status;
- }
- -static int is_well_known_sid(PSID sid, char *who)
- +static int is_well_known_sid(PSID sid, char *who, SID_NAME_USE *snu_out)
- {
- int status, i;
- for (i = 0; i < 78; i++) {
- @@ -464,19 +465,23 @@ static int is_well_known_sid(PSID sid, char *who)
- switch((WELL_KNOWN_SID_TYPE)i) {
- case WinCreatorOwnerSid:
- memcpy(who, ACE4_OWNER, strlen(ACE4_OWNER)+1);
- + *snu_out = SidTypeUser;
- + return TRUE;
- + case WinCreatorGroupSid:
- + case WinBuiltinUsersSid:
- + memcpy(who, ACE4_GROUP, strlen(ACE4_GROUP)+1);
- + *snu_out = SidTypeGroup;
- return TRUE;
- case WinNullSid:
- memcpy(who, ACE4_NOBODY, strlen(ACE4_NOBODY)+1);
- + *snu_out = SidTypeUser;
- return TRUE;
- case WinAnonymousSid:
- memcpy(who, ACE4_ANONYMOUS, strlen(ACE4_ANONYMOUS)+1);
- return TRUE;
- case WinWorldSid:
- memcpy(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)+1);
- - return TRUE;
- - case WinCreatorGroupSid:
- - case WinBuiltinUsersSid:
- - memcpy(who, ACE4_GROUP, strlen(ACE4_GROUP)+1);
- + *snu_out = SidTypeGroup;
- return TRUE;
- case WinAuthenticatedUserSid:
- memcpy(who, ACE4_AUTHENTICATED, strlen(ACE4_AUTHENTICATED)+1);
- @@ -797,11 +802,10 @@ static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_o
- goto out;
- }
- }
- - status = is_well_known_sid(sid, who_out);
- + status = is_well_known_sid(sid, who_out, &sid_type);
- if (status) {
- if (!strncmp(who_out, ACE4_NOBODY, strlen(ACE4_NOBODY))) {
- who_size = (DWORD)strlen(ACE4_NOBODY);
- - sid_type = SidTypeUser;
- goto add_domain;
- }
- @@ -959,8 +963,27 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
- tmp_pointer += sizeof(ACCESS_MASK) + sizeof(ACE_HEADER);
- - status = map_nfs4ace_who(tmp_pointer, sid, gsid, nfs4_acl->aces[i].who,
- - domain, &who_sid_type);
- + PSID acl_sid = tmp_pointer;
- +
- +#if 1
- + status = map_nfs4ace_who(acl_sid, sid, gsid,
- + nfs4_acl->aces[i].who, domain, &who_sid_type);
- +#else
- + /*
- + * Only use NFSv4 special ACE names (e.g. "OWNER@",
- + * "GROUP@") if |ace->AceFlags| does not use any
- + * inheritance flags
- + */
- + if (ace->AceFlags) {
- + status = map_nfs4ace_who(acl_sid, NULL, NULL,
- + nfs4_acl->aces[i].who, domain, &who_sid_type);
- + }
- + else {
- + status = map_nfs4ace_who(acl_sid, sid, gsid,
- + nfs4_acl->aces[i].who, domain, &who_sid_type);
- + }
- +#endif
- +
- if (status)
- goto out_free;
- @@ -971,20 +994,6 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
- map_winaccessmask2nfs4acemask(win_mask,
- file_type, &nfs4_acl->aces[i].acemask);
- - if (DPRINTF_LEVEL_ENABLED(ACLLVL)) {
- - dprintf_out("win2nfs: nfs4_acl->aces[%d].who='%s', "
- - "acetype='%s', "
- - "win_mask=0x%lx, nfs_acemask=0x%lx\n",
- - i, nfs4_acl->aces[i].who,
- - (nfs4_acl->aces[i].acetype?
- - "DENIED ACE":"ALLOWED ACE"),
- - (long)win_mask, (long)nfs4_acl->aces[i].acemask);
- - print_windows_access_mask(nfs4_acl->aces[i].who,
- - win_mask);
- - print_nfs_access_mask(nfs4_acl->aces[i].who,
- - nfs4_acl->aces[i].acemask);
- - }
- -
- /*
- * Treat |SidTypeAlias| as (local) group
- *
- @@ -997,13 +1006,36 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
- */
- if ((who_sid_type == SidTypeGroup) ||
- (who_sid_type == SidTypeAlias)) {
- - DPRINTF(ACLLVL, ("map_dacl_2_nfs4acl: who_sid_type=%d: "
- + DPRINTF(ACLLVL, ("map_dacl_2_nfs4acl: who_sid_type='%s': "
- "aces[%d].who='%s': "
- "setting group flag\n",
- - (int)who_sid_type,
- + map_SID_NAME_USE2str(who_sid_type),
- i, nfs4_acl->aces[i].who));
- nfs4_acl->aces[i].aceflag |= ACE4_IDENTIFIER_GROUP;
- }
- +
- + if (DPRINTF_LEVEL_ENABLED(0)) {
- + dprintf_out("win2nfs: nfs4_acl->aces[%d]=(who='%s', "
- + "acetype='%s', "
- + "aceflag='%s'/0x%lx, "
- + "acemask='%s'/0x%lx(=win_mask=0x%lx)), "
- + "who_sid_type='%s'\n",
- + i,
- + nfs4_acl->aces[i].who,
- + map_nfs_acetype2str(nfs4_acl->aces[i].acetype),
- + nfs_aceflag2shortname(nfs4_acl->aces[i].aceflag),
- + nfs4_acl->aces[i].aceflag,
- + nfs_mask2shortname(nfs4_acl->aces[i].acemask),
- + (long)nfs4_acl->aces[i].acemask,
- + (long)win_mask,
- + map_SID_NAME_USE2str(who_sid_type));
- + if (DPRINTF_LEVEL_ENABLED(ACLLVL2)) {
- + print_windows_access_mask(nfs4_acl->aces[i].who,
- + win_mask);
- + print_nfs_access_mask(nfs4_acl->aces[i].who,
- + nfs4_acl->aces[i].acemask);
- + }
- + }
- }
- }
- status = ERROR_SUCCESS;
- diff --git a/daemon/daemon_debug.c b/daemon/daemon_debug.c
- index 9d555e1..ad685ce 100644
- --- a/daemon/daemon_debug.c
- +++ b/daemon/daemon_debug.c
- @@ -660,6 +660,25 @@ const char* gssauth_string(int type) {
- return "<invalid RPCSEC_SSPI_* gss auth type>";
- }
- +const char* map_SID_NAME_USE2str(SID_NAME_USE snu)
- +{
- + switch(snu) {
- +#define SID_NAME_USE_TO_STRLITERAL(e) case e: return #e;
- + SID_NAME_USE_TO_STRLITERAL(SidTypeUser)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeGroup)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeDomain)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeAlias)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeWellKnownGroup)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeDeletedAccount)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeInvalid)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeUnknown)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeComputer)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeLabel)
- + SID_NAME_USE_TO_STRLITERAL(SidTypeLogonSession)
- + }
- + return "<unknown SID_NAME_USE type>";
- +}
- +
- const char *FILE_INFORMATION_CLASS2string(int fic)
- {
- switch(fic) {
- @@ -911,6 +930,69 @@ void print_nfs_access_mask(const char *label, uint32_t nfs_mask)
- dprintf_out("<-- print_nfs_access_mask\n");
- }
- +const char *nfs_mask2shortname(uint32_t nfs_mask)
- +{
- + /*
- + * |snam_buffer| - per thread buffer, we assume that
- + * the caller will not use the function multiple times
- + * in one |dprintf_out()|
- + */
- + __declspec(thread) static char snam_buffer[128];
- + char *sb = snam_buffer;
- + sb[0] = '\0';
- +#define WRITENFSMASKBITS(mflag, shortname) \
- + if (nfs_mask & (mflag)) { \
- + if (sb != snam_buffer) { \
- + *sb++ = ','; \
- + } \
- + sb = stpcpy(sb, (shortname)); \
- + }
- + WRITENFSMASKBITS(ACE4_READ_DATA, "RD");
- + WRITENFSMASKBITS(ACE4_WRITE_DATA, "WD");
- + WRITENFSMASKBITS(ACE4_APPEND_DATA, "AD");
- + WRITENFSMASKBITS(ACE4_READ_NAMED_ATTRS, "REA");
- + WRITENFSMASKBITS(ACE4_WRITE_NAMED_ATTRS, "WEA");
- + WRITENFSMASKBITS(ACE4_EXECUTE, "X");
- + WRITENFSMASKBITS(ACE4_DELETE_CHILD, "DC");
- + WRITENFSMASKBITS(ACE4_READ_ATTRIBUTES, "RA");
- + WRITENFSMASKBITS(ACE4_WRITE_ATTRIBUTES, "RA");
- + WRITENFSMASKBITS(ACE4_DELETE, "DE");
- + WRITENFSMASKBITS(ACE4_READ_ACL, "RACL");
- + WRITENFSMASKBITS(ACE4_WRITE_ACL, "WACL");
- + WRITENFSMASKBITS(ACE4_WRITE_OWNER, "WO");
- + WRITENFSMASKBITS(ACE4_SYNCHRONIZE, "S");
- +
- + return snam_buffer;
- +}
- +
- +const char *nfs_aceflag2shortname(uint32_t aceflag)
- +{
- + /*
- + * |sacf_buffer| - per thread buffer, we assume that
- + * the caller will not use the function multiple times
- + * in one |dprintf_out()|
- + */
- + __declspec(thread) static char sacf_buffer[128];
- + char *sb = sacf_buffer;
- + sb[0] = '\0';
- +#define WRITENFSACEFLAGBITS(mflag, shortname) \
- + if (aceflag & (mflag)) { \
- + if (sb != sacf_buffer) { \
- + *sb++ = ','; \
- + } \
- + sb = stpcpy(sb, (shortname)); \
- + }
- + WRITENFSACEFLAGBITS(ACE4_FILE_INHERIT_ACE, "(FI)");
- + WRITENFSACEFLAGBITS(ACE4_DIRECTORY_INHERIT_ACE, "(DI)");
- + WRITENFSACEFLAGBITS(ACE4_NO_PROPAGATE_INHERIT_ACE, "(NPI)");
- + WRITENFSACEFLAGBITS(ACE4_INHERIT_ONLY_ACE, "(IO)");
- + WRITENFSACEFLAGBITS(ACE4_SUCCESSFUL_ACCESS_ACE_FLAG, "(SA)");
- + WRITENFSACEFLAGBITS(ACE4_FAILED_ACCESS_ACE_FLAG, "(FA)");
- + WRITENFSACEFLAGBITS(ACE4_IDENTIFIER_GROUP, "(G)");
- + WRITENFSACEFLAGBITS(ACE4_INHERITED_ACE, "(I)");
- +
- + return sacf_buffer;
- +}
- void print_nfs41_file_info(
- const char *label,
- diff --git a/daemon/daemon_debug.h b/daemon/daemon_debug.h
- index e283296..3b376f0 100644
- --- a/daemon/daemon_debug.h
- +++ b/daemon/daemon_debug.h
- @@ -108,6 +108,8 @@ const char *map_nfs_ftype2str(int ftype);
- const char *map_nfs_acetype2str(uint32_t ace_type);
- void print_windows_access_mask(const char *label, ACCESS_MASK win_mask);
- void print_nfs_access_mask(const char *label, uint32_t nfs_mask);
- +const char *nfs_mask2shortname(uint32_t nfs_mask);
- +const char *nfs_aceflag2shortname(uint32_t aceflag);
- void print_hexbuf_no_asci(const char *title, const unsigned char *buf, int len);
- void print_hexbuf(const char *title, const unsigned char *buf, int len);
- void print_create_attributes(int level, DWORD create_opts);
- @@ -122,6 +124,7 @@ const char* nfs_opnum_to_string(int opnum);
- const char* nfs_error_string(int status);
- const char* rpc_error_string(int status);
- const char* gssauth_string(int type);
- +const char* map_SID_NAME_USE2str(SID_NAME_USE snu);
- const char *FILE_INFORMATION_CLASS2string(int fic);
- void print_condwait_status(int level, int status);
- void print_sr_status_flags(int level, int flags);
ACL work backup, 2024-06-21
Posted by Anonymous on Fri 21st Jun 2024 16:38
raw | new post
Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.