nrubsig.kpaste.net RSS- diff --git a/daemon/acl.c b/daemon/acl.c
- index 8622678..07de74e 100644
- --- a/daemon/acl.c
- +++ b/daemon/acl.c
- @@ -99,12 +99,24 @@ static int check_4_special_identifiers(char *who, PSID *sid, DWORD *sid_len,
- *flag = TRUE;
- if (!strncmp(who, ACE4_OWNER, strlen(ACE4_OWNER)-1))
- type = WinCreatorOwnerSid;
- +#if 1
- + else if (!strncmp(who, "CREATOR OWNER@", strlen("CREATOR OWNER@")-1))
- + type = WinCreatorOwnerSid;
- +#endif
- else if (!strncmp(who, ACE4_GROUP, strlen(ACE4_GROUP)-1))
- type = WinCreatorGroupSid;
- else if (!strncmp(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)-1))
- type = WinWorldSid;
- +#if 1
- + else if (!strncmp(who, "Everyone@", strlen("Everyone@")-1))
- + type = WinWorldSid;
- +#endif
- else if (!strncmp(who, ACE4_NOBODY, strlen(ACE4_NOBODY)))
- type = WinNullSid;
- +#if 1
- + else if (!strncmp(who, "NULL SID", strlen("NULL SID")))
- + type = WinNullSid;
- +#endif
- else
- *flag = FALSE;
- if (*flag)
- @@ -149,6 +161,10 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg,
- DPRINTF(ACLLVL2, ("convert_nfs4acl_2_dacl: for user='%s' domain='%s'\n",
- curr_nfsace->who, domain?domain:"<null>"));
- + EASSERT_MSG(!isdigit(curr_nfsace->who[0]),
- + ("convert_nfs4acl_2_dacl: aces[%d]->who='%s' uses numeric id",
- + (int)nfs_i, curr_nfsace->who));
- +
- #ifdef NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES
- /*
- * Skip "nobody" ACEs - Cygwin uses |WinNullSid| ACEs (mapped
- @@ -174,6 +190,19 @@ static int convert_nfs4acl_2_dacl(nfs41_daemon_globals *nfs41dg,
- if (!flag) {
- bool isgroupacl = (curr_nfsace->aceflag & ACE4_IDENTIFIER_GROUP)?true:false;
- +
- +#if 1
- + if ((isgroupacl == false) && domain &&
- + (!strcmp(domain, "BUILTIN"))) {
- + if ((!strcmp(curr_nfsace->who, "Users")) ||
- + (!strcmp(curr_nfsace->who, "Administrators"))) {
- + DPRINTF(0, ("convert_nfs4acl_2_dacl: "
- + "force isgroupacl=true for for user='%s'\n",
- + curr_nfsace->who));
- + isgroupacl = true;
- + }
- + }
- +#endif
- if (isgroupacl) {
- DPRINTF(ACLLVL2,
- ("convert_nfs4acl_2_dacl: aces[%d].who='%s': "
- @@ -1011,7 +1040,7 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid,
- "Unix_User+%d SID "
- "mapped to user '%s'\n",
- unixuser_uid, who_out));
- - goto add_domain;
- + goto no_add_domain;
- }
- eprintf("map_sid2nfs4ace_who: "
- @@ -1032,7 +1061,7 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid,
- "Unix_Group+%d SID "
- "mapped to group '%s'\n",
- unixgroup_gid, who_out));
- - goto add_domain;
- + goto no_add_domain;
- }
- eprintf("map_sid2nfs4ace_who: "
- @@ -1078,7 +1107,26 @@ err_none_mapped:
- (void)memcpy(who_out, who_buf, who_size);
- add_domain:
- (void)memcpy(who_out+who_size, "@", sizeof(char));
- +
- +#if 1
- + /* Fixup |domain| for Windows Sever 2022 NFSv4.1 server */
- + if ((!strncmp(who_out, "Users@", who_size+1)) ||
- + (!strncmp(who_out, "Administrators@", who_size+1))) {
- + domain = "BUILTIN";
- + DPRINTF(0,
- + ("map_sid2nfs4ace_who: Fixup '%*s' domain='%s'\n",
- + (int)who_size+1, who_out, domain));
- + }
- + else if (!strncmp(who_out, "SYSTEM@", who_size+1)) {
- + domain = "NT AUTHORITY";
- + DPRINTF(0,
- + ("map_sid2nfs4ace_who: Fixup '%*s' domain='%s'\n",
- + (int)who_size+1, who_out, domain));
- + }
- +#endif
- (void)memcpy(who_out+who_size+1, domain, strlen(domain)+1);
- +
- +no_add_domain:
- status = ERROR_SUCCESS;
- out:
- if (status) {
- @@ -1326,8 +1374,8 @@ static int handle_setacl(void *daemon_context, nfs41_upcall *upcall)
- char ownerbuf[NFS4_FATTR4_OWNER_LIMIT+1];
- char groupbuf[NFS4_FATTR4_OWNER_LIMIT+1];
- - DPRINTF(ACLLVL1, ("--> handle_setacl(state->path.path='%s')\n",
- - state->path.path));
- + DPRINTF(ACLLVL1, ("--> handle_setacl(state->path.path='%s',args->query=0x%x)\n",
- + state->path.path, (int)args->query));
- if (args->query & OWNER_SECURITY_INFORMATION) {
- DPRINTF(ACLLVL2, ("handle_setacl: OWNER_SECURITY_INFORMATION\n"));
- @@ -1343,6 +1391,10 @@ static int handle_setacl(void *daemon_context, nfs41_upcall *upcall)
- if (status)
- goto out;
- + DPRINTF(0,
- + ("handle_setacl: OWNER_SECURITY_INFORMATION, info.owner='%s'\n",
- + ownerbuf));
- +
- info.owner = ownerbuf;
- info.attrmask.arr[1] |= FATTR4_WORD1_OWNER;
- info.attrmask.count = 2;
- @@ -1365,6 +1417,10 @@ static int handle_setacl(void *daemon_context, nfs41_upcall *upcall)
- if (status)
- goto out;
- + DPRINTF(0,
- + ("handle_setacl: GROUP_SECURITY_INFORMATION, info.owner_group='%s'\n",
- + groupbuf));
- +
- info.owner_group = groupbuf;
- info.attrmask.arr[1] |= FATTR4_WORD1_OWNER_GROUP;
- info.attrmask.count = 2;
- diff --git a/daemon/sid.c b/daemon/sid.c
- index 2a63763..46eb8b0 100644
- --- a/daemon/sid.c
- +++ b/daemon/sid.c
- @@ -617,16 +617,30 @@ out_cache:
- */
- DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): "
- "SID_TYPE='SidTypeAlias' mapped to 'SidTypeGroup'\n",
- - query, orig_nfsname, sid_type));
- + query, orig_nfsname));
- sid_type = SidTypeGroup;
- }
- +#if 1
- + if ((query & OWNER_SECURITY_INFORMATION) &&
- + (sid_type == SidTypeWellKnownGroup)) {
- + if (!strcmp(orig_nfsname, "SYSTEM")) {
- + DPRINTF(1, ("map_nfs4servername_2_sid(query=%x,nfsname='%s'): "
- + "SID_TYPE='SidTypeWellKnownGroup' mapped to 'SidTypeUser' for user\n",
- + query, orig_nfsname));
- + sid_type = SidTypeUser;
- + }
- + }
- +#endif
- +
- switch (sid_type) {
- case SidTypeUser:
- - sidcache_add(&user_sidcache, orig_nfsname, *sid);
- + if (!isdigit(orig_nfsname[0]))
- + sidcache_add(&user_sidcache, orig_nfsname, *sid);
- break;
- case SidTypeGroup:
- - sidcache_add(&group_sidcache, orig_nfsname, *sid);
- + if (!isdigit(orig_nfsname[0]))
- + sidcache_add(&group_sidcache, orig_nfsname, *sid);
- break;
- default:
- eprintf("map_nfs4servername_2_sid(query=%x,nfsname='%s'): "
WS2022 compatility hacks
Posted by Anonymous on Mon 11th Nov 2024 13:17
raw | new post
Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.