pastebin - collaborative debugging tool
nrubsig.kpaste.net RSS


ACL work backup, 2024-06-21
Posted by Anonymous on Fri 21st Jun 2024 16:38
raw | new post

  1. diff --git a/daemon/acl.c b/daemon/acl.c
  2. index ffb8d6c..1a5cde3 100644
  3. --- a/daemon/acl.c
  4. +++ b/daemon/acl.c
  5. @@ -37,6 +37,7 @@
  6.  #include "sid.h"
  7.  
  8.  #define ACLLVL 2  /* dprintf level for acl logging */
  9. +#define ACLLVL2 3 /* dprintf level for acl logging */
  10.  
  11.  /* Local prototypes */
  12.  static void map_winace2nfs4aceflags(BYTE win_aceflags, uint32_t *nfs4_aceflags);
  13. @@ -453,7 +454,7 @@ out:
  14.      return status;
  15.  }
  16.  
  17. -static int is_well_known_sid(PSID sid, char *who)
  18. +static int is_well_known_sid(PSID sid, char *who, SID_NAME_USE *snu_out)
  19.  {
  20.      int status, i;
  21.      for (i = 0; i < 78; i++) {
  22. @@ -464,19 +465,23 @@ static int is_well_known_sid(PSID sid, char *who)
  23.              switch((WELL_KNOWN_SID_TYPE)i) {
  24.              case WinCreatorOwnerSid:
  25.                  memcpy(who, ACE4_OWNER, strlen(ACE4_OWNER)+1);
  26. +                *snu_out = SidTypeUser;
  27. +                return TRUE;
  28. +            case WinCreatorGroupSid:
  29. +            case WinBuiltinUsersSid:
  30. +                memcpy(who, ACE4_GROUP, strlen(ACE4_GROUP)+1);
  31. +                *snu_out = SidTypeGroup;
  32.                  return TRUE;
  33.              case WinNullSid:
  34.                  memcpy(who, ACE4_NOBODY, strlen(ACE4_NOBODY)+1);
  35. +                *snu_out = SidTypeUser;
  36.                  return TRUE;
  37.              case WinAnonymousSid:
  38.                  memcpy(who, ACE4_ANONYMOUS, strlen(ACE4_ANONYMOUS)+1);
  39.                  return TRUE;
  40.              case WinWorldSid:
  41.                  memcpy(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)+1);
  42. -                return TRUE;
  43. -            case WinCreatorGroupSid:
  44. -            case WinBuiltinUsersSid:
  45. -                memcpy(who, ACE4_GROUP, strlen(ACE4_GROUP)+1);
  46. +                *snu_out = SidTypeGroup;
  47.                  return TRUE;
  48.              case WinAuthenticatedUserSid:
  49.                  memcpy(who, ACE4_AUTHENTICATED, strlen(ACE4_AUTHENTICATED)+1);
  50. @@ -797,11 +802,10 @@ static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_o
  51.              goto out;
  52.          }
  53.      }
  54. -    status = is_well_known_sid(sid, who_out);
  55. +    status = is_well_known_sid(sid, who_out, &sid_type);
  56.      if (status) {
  57.          if (!strncmp(who_out, ACE4_NOBODY, strlen(ACE4_NOBODY))) {
  58.              who_size = (DWORD)strlen(ACE4_NOBODY);
  59. -            sid_type = SidTypeUser;
  60.              goto add_domain;
  61.          }
  62.  
  63. @@ -959,8 +963,27 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
  64.  
  65.              tmp_pointer += sizeof(ACCESS_MASK) + sizeof(ACE_HEADER);
  66.  
  67. -            status = map_nfs4ace_who(tmp_pointer, sid, gsid, nfs4_acl->aces[i].who,
  68. -                                     domain, &who_sid_type);
  69. +            PSID acl_sid = tmp_pointer;
  70. +
  71. +#if 1
  72. +            status = map_nfs4ace_who(acl_sid, sid, gsid,
  73. +                nfs4_acl->aces[i].who, domain, &who_sid_type);
  74. +#else
  75. +            /*
  76. +             * Only use NFSv4 special ACE names (e.g. "OWNER@",
  77. +             * "GROUP@") if |ace->AceFlags| does not use any
  78. +             * inheritance flags
  79. +             */
  80. +            if (ace->AceFlags) {
  81. +                status = map_nfs4ace_who(acl_sid, NULL, NULL,
  82. +                    nfs4_acl->aces[i].who, domain, &who_sid_type);
  83. +            }
  84. +            else {
  85. +                status = map_nfs4ace_who(acl_sid, sid, gsid,
  86. +                    nfs4_acl->aces[i].who, domain, &who_sid_type);
  87. +            }
  88. +#endif
  89. +
  90.              if (status)
  91.                  goto out_free;
  92.  
  93. @@ -971,20 +994,6 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
  94.              map_winaccessmask2nfs4acemask(win_mask,
  95.                  file_type, &nfs4_acl->aces[i].acemask);
  96.  
  97. -            if (DPRINTF_LEVEL_ENABLED(ACLLVL)) {
  98. -                dprintf_out("win2nfs: nfs4_acl->aces[%d].who='%s', "
  99. -                    "acetype='%s', "
  100. -                    "win_mask=0x%lx, nfs_acemask=0x%lx\n",
  101. -                    i, nfs4_acl->aces[i].who,
  102. -                    (nfs4_acl->aces[i].acetype?
  103. -                        "DENIED ACE":"ALLOWED ACE"),
  104. -                    (long)win_mask, (long)nfs4_acl->aces[i].acemask);
  105. -                print_windows_access_mask(nfs4_acl->aces[i].who,
  106. -                    win_mask);
  107. -                print_nfs_access_mask(nfs4_acl->aces[i].who,
  108. -                    nfs4_acl->aces[i].acemask);
  109. -            }
  110. -
  111.              /*
  112.               * Treat |SidTypeAlias| as (local) group
  113.               *
  114. @@ -997,13 +1006,36 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
  115.               */
  116.              if ((who_sid_type == SidTypeGroup) ||
  117.                  (who_sid_type == SidTypeAlias)) {
  118. -                DPRINTF(ACLLVL, ("map_dacl_2_nfs4acl: who_sid_type=%d: "
  119. +                DPRINTF(ACLLVL, ("map_dacl_2_nfs4acl: who_sid_type='%s': "
  120.                      "aces[%d].who='%s': "
  121.                      "setting group flag\n",
  122. -                    (int)who_sid_type,
  123. +                    map_SID_NAME_USE2str(who_sid_type),
  124.                      i, nfs4_acl->aces[i].who));
  125.                  nfs4_acl->aces[i].aceflag |= ACE4_IDENTIFIER_GROUP;
  126.              }
  127. +
  128. +            if (DPRINTF_LEVEL_ENABLED(0)) {
  129. +                dprintf_out("win2nfs: nfs4_acl->aces[%d]=(who='%s', "
  130. +                    "acetype='%s', "
  131. +                    "aceflag='%s'/0x%lx, "
  132. +                    "acemask='%s'/0x%lx(=win_mask=0x%lx)), "
  133. +                    "who_sid_type='%s'\n",
  134. +                    i,
  135. +                    nfs4_acl->aces[i].who,
  136. +                    map_nfs_acetype2str(nfs4_acl->aces[i].acetype),
  137. +                    nfs_aceflag2shortname(nfs4_acl->aces[i].aceflag),
  138. +                    nfs4_acl->aces[i].aceflag,
  139. +                    nfs_mask2shortname(nfs4_acl->aces[i].acemask),
  140. +                    (long)nfs4_acl->aces[i].acemask,
  141. +                    (long)win_mask,
  142. +                    map_SID_NAME_USE2str(who_sid_type));
  143. +                if (DPRINTF_LEVEL_ENABLED(ACLLVL2)) {
  144. +                    print_windows_access_mask(nfs4_acl->aces[i].who,
  145. +                        win_mask);
  146. +                    print_nfs_access_mask(nfs4_acl->aces[i].who,
  147. +                        nfs4_acl->aces[i].acemask);
  148. +                }
  149. +            }
  150.          }
  151.      }
  152.      status = ERROR_SUCCESS;
  153. diff --git a/daemon/daemon_debug.c b/daemon/daemon_debug.c
  154. index 9d555e1..ad685ce 100644
  155. --- a/daemon/daemon_debug.c
  156. +++ b/daemon/daemon_debug.c
  157. @@ -660,6 +660,25 @@ const char* gssauth_string(int type) {
  158.      return "<invalid RPCSEC_SSPI_* gss auth type>";
  159.  }
  160.  
  161. +const char* map_SID_NAME_USE2str(SID_NAME_USE snu)
  162. +{
  163. +    switch(snu) {
  164. +#define SID_NAME_USE_TO_STRLITERAL(e) case e: return #e;
  165. +        SID_NAME_USE_TO_STRLITERAL(SidTypeUser)
  166. +        SID_NAME_USE_TO_STRLITERAL(SidTypeGroup)
  167. +        SID_NAME_USE_TO_STRLITERAL(SidTypeDomain)
  168. +        SID_NAME_USE_TO_STRLITERAL(SidTypeAlias)
  169. +        SID_NAME_USE_TO_STRLITERAL(SidTypeWellKnownGroup)
  170. +        SID_NAME_USE_TO_STRLITERAL(SidTypeDeletedAccount)
  171. +        SID_NAME_USE_TO_STRLITERAL(SidTypeInvalid)
  172. +        SID_NAME_USE_TO_STRLITERAL(SidTypeUnknown)
  173. +        SID_NAME_USE_TO_STRLITERAL(SidTypeComputer)
  174. +        SID_NAME_USE_TO_STRLITERAL(SidTypeLabel)
  175. +        SID_NAME_USE_TO_STRLITERAL(SidTypeLogonSession)
  176. +    }
  177. +    return "<unknown SID_NAME_USE type>";
  178. +}
  179. +
  180.  const char *FILE_INFORMATION_CLASS2string(int fic)
  181.  {
  182.      switch(fic) {
  183. @@ -911,6 +930,69 @@ void print_nfs_access_mask(const char *label, uint32_t nfs_mask)
  184.      dprintf_out("<-- print_nfs_access_mask\n");
  185.  }
  186.  
  187. +const char *nfs_mask2shortname(uint32_t nfs_mask)
  188. +{
  189. +    /*
  190. +     * |snam_buffer| - per thread buffer, we assume that
  191. +     * the caller will not use the function multiple times
  192. +     * in one |dprintf_out()|
  193. +     */
  194. +    __declspec(thread) static char snam_buffer[128];
  195. +    char *sb = snam_buffer;
  196. +    sb[0] = '\0';
  197. +#define WRITENFSMASKBITS(mflag, shortname) \
  198. +    if (nfs_mask & (mflag)) { \
  199. +        if (sb != snam_buffer) { \
  200. +            *sb++ = ','; \
  201. +        } \
  202. +        sb = stpcpy(sb, (shortname)); \
  203. +    }
  204. +    WRITENFSMASKBITS(ACE4_READ_DATA,            "RD");
  205. +    WRITENFSMASKBITS(ACE4_WRITE_DATA,           "WD");
  206. +    WRITENFSMASKBITS(ACE4_APPEND_DATA,          "AD");
  207. +    WRITENFSMASKBITS(ACE4_READ_NAMED_ATTRS,     "REA");
  208. +    WRITENFSMASKBITS(ACE4_WRITE_NAMED_ATTRS,    "WEA");
  209. +    WRITENFSMASKBITS(ACE4_EXECUTE,              "X");
  210. +    WRITENFSMASKBITS(ACE4_DELETE_CHILD,         "DC");
  211. +    WRITENFSMASKBITS(ACE4_READ_ATTRIBUTES,      "RA");
  212. +    WRITENFSMASKBITS(ACE4_WRITE_ATTRIBUTES,     "RA");
  213. +    WRITENFSMASKBITS(ACE4_DELETE,               "DE");
  214. +    WRITENFSMASKBITS(ACE4_READ_ACL,             "RACL");
  215. +    WRITENFSMASKBITS(ACE4_WRITE_ACL,            "WACL");
  216. +    WRITENFSMASKBITS(ACE4_WRITE_OWNER,          "WO");
  217. +    WRITENFSMASKBITS(ACE4_SYNCHRONIZE,          "S");
  218. +
  219. +    return snam_buffer;
  220. +}
  221. +
  222. +const char *nfs_aceflag2shortname(uint32_t aceflag)
  223. +{
  224. +    /*
  225. +     * |sacf_buffer| - per thread buffer, we assume that
  226. +     * the caller will not use the function multiple times
  227. +     * in one |dprintf_out()|
  228. +     */
  229. +    __declspec(thread) static char sacf_buffer[128];
  230. +    char *sb = sacf_buffer;
  231. +    sb[0] = '\0';
  232. +#define WRITENFSACEFLAGBITS(mflag, shortname) \
  233. +    if (aceflag & (mflag)) { \
  234. +        if (sb != sacf_buffer) { \
  235. +            *sb++ = ','; \
  236. +        } \
  237. +        sb = stpcpy(sb, (shortname)); \
  238. +    }
  239. +    WRITENFSACEFLAGBITS(ACE4_FILE_INHERIT_ACE,              "(FI)");
  240. +    WRITENFSACEFLAGBITS(ACE4_DIRECTORY_INHERIT_ACE,         "(DI)");
  241. +    WRITENFSACEFLAGBITS(ACE4_NO_PROPAGATE_INHERIT_ACE,      "(NPI)");
  242. +    WRITENFSACEFLAGBITS(ACE4_INHERIT_ONLY_ACE,              "(IO)");
  243. +    WRITENFSACEFLAGBITS(ACE4_SUCCESSFUL_ACCESS_ACE_FLAG,    "(SA)");
  244. +    WRITENFSACEFLAGBITS(ACE4_FAILED_ACCESS_ACE_FLAG,        "(FA)");
  245. +    WRITENFSACEFLAGBITS(ACE4_IDENTIFIER_GROUP,              "(G)");
  246. +    WRITENFSACEFLAGBITS(ACE4_INHERITED_ACE,                 "(I)");
  247. +
  248. +    return sacf_buffer;
  249. +}
  250.  
  251.  void print_nfs41_file_info(
  252.      const char *label,
  253. diff --git a/daemon/daemon_debug.h b/daemon/daemon_debug.h
  254. index e283296..3b376f0 100644
  255. --- a/daemon/daemon_debug.h
  256. +++ b/daemon/daemon_debug.h
  257. @@ -108,6 +108,8 @@ const char *map_nfs_ftype2str(int ftype);
  258.  const char *map_nfs_acetype2str(uint32_t ace_type);
  259.  void print_windows_access_mask(const char *label, ACCESS_MASK win_mask);
  260.  void print_nfs_access_mask(const char *label, uint32_t nfs_mask);
  261. +const char *nfs_mask2shortname(uint32_t nfs_mask);
  262. +const char *nfs_aceflag2shortname(uint32_t aceflag);
  263.  void print_hexbuf_no_asci(const char *title, const unsigned char *buf, int len);
  264.  void print_hexbuf(const char *title, const unsigned char *buf, int len);
  265.  void print_create_attributes(int level, DWORD create_opts);
  266. @@ -122,6 +124,7 @@ const char* nfs_opnum_to_string(int opnum);
  267.  const char* nfs_error_string(int status);
  268.  const char* rpc_error_string(int status);
  269.  const char* gssauth_string(int type);
  270. +const char* map_SID_NAME_USE2str(SID_NAME_USE snu);
  271.  const char *FILE_INFORMATION_CLASS2string(int fic);
  272.  void print_condwait_status(int level, int status);
  273.  void print_sr_status_flags(int level, int flags);

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at