Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

Switch to new idmapper prototype
Posted by Anonymous on Thu 2nd Apr 2026 18:22
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
diff --git a/cygwin_idmapper.ksh b/cygwin_idmapper.ksh index 2f16b55..f98f336 100644 --- a/cygwin_idmapper.ksh +++ b/cygwin_idmapper.ksh @@ -19,9 +19,6 @@ if (( $# > 1 )) ; then # strip '"' characters (for Cygwin 3.3 compatibility) # note that "${2-//..." does NOT work! c.name="${2//\"/}" - - # strip domain part, e.g. "name@domain" --> "name" - c.name="${c.name%@*}" fi # @@ -96,7 +93,10 @@ if [[ ! -v COMPUTERNAME ]] ; then export COMPUTERNAME="$(uname -n | tr '[:lower:]' '[:upper:]')" fi -typeset -r localdomain='global.loc' +compound idmap_config=( + typeset -r localdomain='GLOBAL.LOC' # Default domain for Windows + typeset -r nfsdomain='global.loc' # Default domain for NFS server +) compound -A localusers=( # @@ -109,37 +109,37 @@ compound -A localusers=( ["roland_mainz"]=( localaccountname="roland_mainz@${COMPUTERNAME}" localuid=197608 - nfsowner="roland_mainz@${localdomain}" + nfsowner="roland_mainz@${idmap_config.nfsdomain}" nfsuid=197608 ) ["siegfried_wulsch"]=( localaccountname="siegfried_wulsch@${COMPUTERNAME}" localuid=197609 - nfsowner="siegfried_wulsch@${localdomain}" + nfsowner="siegfried_wulsch@${idmap_config.nfsdomain}" nfsuid=197609 ) ["rmainz"]=( localaccountname="rmainz@${COMPUTERNAME}" localuid=1616 - nfsowner="rmainz@${localdomain}" + nfsowner="rmainz@${idmap_config.nfsdomain}" nfsuid=1616 ) ["swulsch"]=( localaccountname="swulsch@${COMPUTERNAME}" localuid=1818 - nfsowner="swulsch@${localdomain}" + nfsowner="swulsch@${idmap_config.nfsdomain}" nfsuid=1818 ) ["root"]=( localaccountname="root@${COMPUTERNAME}" localuid=0 - nfsowner="root@${localdomain}" + nfsowner="root@${idmap_config.nfsdomain}" nfsuid=0 ) ["nobody"]=( localaccountname="nobody@${COMPUTERNAME}" localuid=65534 - nfsowner="nobody@${localdomain}" + nfsowner="nobody@${idmap_config.nfsdomain}" nfsuid=65534 ) ) @@ -150,19 +150,19 @@ if [[ -v c.localised_usernames['Administrator'] ]] ; then localaccountname="${c.localised_usernames['Administrator']}@${COMPUTERNAME}" localuid=197108 nfsuid=197108 - nfsowner="Administrator@${localdomain}" + nfsowner="Administrator@${idmap_config.nfsdomain}" ) ['Administrator']=( localaccountname="${c.localised_usernames['Administrator']}@${COMPUTERNAME}" localuid=197108 - nfsowner="Administrator@${localdomain}" + nfsowner="Administrator@${idmap_config.nfsdomain}" nfsuid=197108 ) # French user "Administrator" ['Administrateur']=( localaccountname="${c.localised_usernames['Administrator']}@${COMPUTERNAME}" localuid=197108 - nfsowner="Administrator@${localdomain}" + nfsowner="Administrator@${idmap_config.nfsdomain}" nfsuid=197108 ) ) @@ -172,13 +172,13 @@ if [[ -v c.localised_usernames['SYSTEM'] ]] ; then ["${c.localised_usernames['SYSTEM']}"]=( localaccountname="${c.localised_usernames['SYSTEM']}@${COMPUTERNAME}" localuid=18 - nfsowner="SYSTEM@${localdomain}" + nfsowner="SYSTEM@${idmap_config.nfsdomain}" nfsuid=18 ) ["SYSTEM"]=( localaccountname="${c.localised_usernames['SYSTEM']}@${COMPUTERNAME}" localuid=18 - nfsowner="SYSTEM@${localdomain}" + nfsowner="SYSTEM@${idmap_config.nfsdomain}" nfsuid=18 ) # French user "SYSTEM" @@ -187,7 +187,7 @@ if [[ -v c.localised_usernames['SYSTEM'] ]] ; then [$'Syst\xc3\xa8me']=( localaccountname="${c.localised_usernames['SYSTEM']}@${COMPUTERNAME}" localuid=18 - nfsowner="SYSTEM@${localdomain}" + nfsowner="SYSTEM@${idmap_config.nfsdomain}" nfsuid=18 ) ) @@ -205,25 +205,25 @@ compound -A localgroups=( ["rmainz"]=( localgroupname="rmainz@${COMPUTERNAME}" localgid=1616 - nfsownergroup="rmainz@${localdomain}" + nfsownergroup="rmainz@${idmap_config.nfsdomain}" nfsgid=1616 ) ["swulsch"]=( localgroupname="swulsch@${COMPUTERNAME}" localgid=1818 - nfsownergroup="swulsch@${localdomain}" + nfsownergroup="swulsch@${idmap_config.nfsdomain}" nfsgid=1818 ) ["root"]=( localgroupname="root@${COMPUTERNAME}" localgid=0 - nfsownergroup="root@${localdomain}" + nfsownergroup="root@${idmap_config.nfsdomain}" nfsgid=0 ) ["nogroup"]=( localgroupname="nogroup@${COMPUTERNAME}" localgid=65534 - nfsownergroup="nogroup@${localdomain}" + nfsownergroup="nogroup@${idmap_config.nfsdomain}" nfsgid=65534 ) # @@ -232,7 +232,7 @@ compound -A localgroups=( ["sys"]=( localgroupname="sys@${COMPUTERNAME}" localgid=3 - nfsownergroup="sys@${localdomain}" + nfsownergroup="sys@${idmap_config.nfsdomain}" nfsgid=3 ) # @@ -242,7 +242,7 @@ compound -A localgroups=( ["nobody"]=( localgroupname="nobody@${COMPUTERNAME}" localgid=65534 - nfsownergroup="nobody@${localdomain}" + nfsownergroup="nobody@${idmap_config.nfsdomain}" nfsgid=65534 ) ) @@ -250,11 +250,13 @@ compound -A localgroups=( function getent_local_domain_passwd { integer res - typeset passwdname="$1" + typeset arg="$1" + + typeset username="${arg%%@*}" + typeset domainname="${arg#*@}" # - # first try local accounts and if getent does - # not find anything do a (normal) domain lookup + # lookup local accounts # # Notes: # - Cygwin getent uses "+" prefix to search for local @@ -262,25 +264,22 @@ function getent_local_domain_passwd # - Cygwin getent uses "U-" prefix to pass the input string to # |LookupAccountNameA()| directly # - getent passwd "U-${passwdname}" + getent passwd "U-${domainname}\\${username}" (( res=$? )) - if (( res == 2 )) ; then - getent passwd "${passwdname}" - (( res=$? )) - fi - return $res } function getent_local_domain_group { integer res - typeset groupname="$1" + typeset arg="$1" + + typeset groupname="${arg%%@*}" + typeset domainname="${arg#*@}" # - # first try local accounts and if getent does - # not find anything do a (normal) domain lookup + # lookup local accounts # # Notes: # - Cygwin getent uses "+" prefix to search for local @@ -288,12 +287,45 @@ function getent_local_domain_group # - Cygwin getent uses "U-" prefix to pass the input string to # |LookupAccountNameA()| directly # - getent group "U-${groupname}" + getent group "U-${domainname}\\${groupname}" (( res=$? )) - if (( res == 2 )) ; then + return $res +} + +function getent_nfs_domain_passwd +{ + integer res + typeset arg="$1" + + typeset username="${arg%%@*}" + typeset domainname="${arg#*@}" + + if [[ "${domainname}" == "${idmap_config.nfsdomain}" ]] ; then + getent passwd "${username}" + (( res=$? )) + else + getent passwd "${domainname}+${username}" + (( res=$? )) + fi + + return $res +} + +function getent_nfs_domain_group +{ + integer res + typeset arg="$1" + + typeset groupname="${arg%%@*}" + typeset domainname="${arg#*@}" + + if [[ "${domainname}" == "${idmap_config.nfsdomain}" ]] ; then getent group "${groupname}" (( res=$? )) + else + getent group "${domainname}+${groupname}" + (( res=$? )) fi return $res @@ -304,27 +336,27 @@ if [[ -v c.localised_groupnames['None'] ]] ; then ["${c.localised_groupnames['None']}"]=( localgroupname="${c.localised_groupnames['None']}@${COMPUTERNAME}" localgid=197121 - nfsownergroup="None@${localdomain}" + nfsownergroup="None@${idmap_config.nfsdomain}" nfsgid=197121 ) ["None"]=( localgroupname="${c.localised_groupnames['None']}@${COMPUTERNAME}" localgid=197121 - nfsownergroup="None@${localdomain}" + nfsownergroup="None@${idmap_config.nfsdomain}" nfsgid=197121 ) # French Windows localised group name for "None" ['Aucun']=( localgroupname="${c.localised_groupnames['None']}@${COMPUTERNAME}" localgid=197121 - nfsownergroup="None@${localdomain}" + nfsownergroup="None@${idmap_config.nfsdomain}" nfsgid=197121 ) # German Windows localised group name for "None" ["Kein"]=( localgroupname="${c.localised_groupnames['None']}@${COMPUTERNAME}" localgid=197121 - nfsownergroup="None@${localdomain}" + nfsownergroup="None@${idmap_config.nfsdomain}" nfsgid=197121 ) ) @@ -335,13 +367,13 @@ if [[ -v c.localised_groupnames['Administrators'] ]] ; then ["${c.localised_groupnames['Administrators']}"]=( localgroupname="${c.localised_groupnames['Administrators']}@${COMPUTERNAME}" localgid=544 - nfsownergroup="Administrators@${localdomain}" + nfsownergroup="Administrators@${idmap_config.nfsdomain}" nfsgid=544 ) ['Administrators']=( localgroupname="${c.localised_groupnames['Administrators']}@${COMPUTERNAME}" localgid=544 - nfsownergroup="Administrators@${localdomain}" + nfsownergroup="Administrators@${idmap_config.nfsdomain}" nfsgid=544 ) # French Windows localised group name for "Administrators" @@ -349,14 +381,14 @@ if [[ -v c.localised_groupnames['Administrators'] ]] ; then ['Administrateurs']=( localgroupname="${c.localised_groupnames['Administrators']}@${COMPUTERNAME}" localgid=544 - nfsownergroup="Administrators@${localdomain}" + nfsownergroup="Administrators@${idmap_config.nfsdomain}" nfsgid=544 ) # German Windows localised group name for "Administrators" ['Administratoren']=( localgroupname="${c.localised_groupnames['Administrators']}@${COMPUTERNAME}" localgid=544 - nfsownergroup="Administrators@${localdomain}" + nfsownergroup="Administrators@${idmap_config.nfsdomain}" nfsgid=544 ) ) @@ -367,13 +399,13 @@ if [[ -v c.localised_groupnames['Users'] ]] ; then ["${c.localised_groupnames['Users']}"]=( localgroupname="${c.localised_groupnames['Users']}@${COMPUTERNAME}" localgid=545 - nfsownergroup="Users@${localdomain}" + nfsownergroup="Users@${idmap_config.nfsdomain}" nfsgid=545 ) ['Users']=( localgroupname="${c.localised_groupnames['Users']}@${COMPUTERNAME}" localgid=545 - nfsownergroup="Users@${localdomain}" + nfsownergroup="Users@${idmap_config.nfsdomain}" nfsgid=545 ) # French Windows localised group name for "Users" @@ -381,36 +413,36 @@ if [[ -v c.localised_groupnames['Users'] ]] ; then ['Utilisateurs']=( localgroupname="${c.localised_groupnames['Users']}@${COMPUTERNAME}" localgid=545 - nfsownergroup="Users@${localdomain}" + nfsownergroup="Users@${idmap_config.nfsdomain}" nfsgid=545 ) # German Windows localised group name for "Users" ['Benutzer']=( localgroupname="${c.localised_groupnames['Users']}@${COMPUTERNAME}" localgid=545 - nfsownergroup="Users@${localdomain}" + nfsownergroup="Users@${idmap_config.nfsdomain}" nfsgid=545 ) ) fi -function ntaccount2principal +function parse_ntaccount { - typeset raw_string="$1" + nameref c=$1 + typeset raw_string="$2" typeset stripped="${raw_string#*U-}" stripped="${stripped%%,*}" - typeset domain="${stripped%\\*}" - typeset user="${stripped#*\\}" + c.domain="${stripped%\\*}" + c.user="${stripped#*\\}" - printf '%s\n' "${user}@${domain}" return 0 } case "${c.mode}" in - 'nfsserver_owner2localaccount') + 'localname2localaccount') # # Try static info # @@ -422,11 +454,11 @@ case "${c.mode}" in fi done # getent passwd accepts numeric uids too, so continue below - fi - - if [[ -v localusers["${c.name}"] ]] ; then - print -v localusers["${c.name}"] - exit 0 + else + if [[ -v localusers["${c.name}"] ]] ; then + print -v localusers["${c.name}"] + exit 0 + fi fi # @@ -439,8 +471,10 @@ case "${c.mode}" in if [[ "${s-}" != '' ]] ; then if [[ "${gec.localuid-}" == ~(Elr)[[:digit:]]+ && "${gec.localgid-}" == ~(Elr)[[:digit:]]+ ]] ; then - gec.localaccountname="${ ntaccount2principal "$s" ; }" - gec.nfsowner="${ ntaccount2principal "$s" ; }" + compound nt_parsed + parse_ntaccount nt_parsed "$s" + gec.localaccountname="${nt_parsed.user}@${nt_parsed.domain}" + gec.nfsowner="${nt_parsed.user}@${idmap_config.nfsdomain}" (( gec.nfsuid=gec.localuid )) print -v gec exit 0 @@ -452,7 +486,7 @@ case "${c.mode}" in print -u2 -f "cygwin_idmapper.ksh: Account %q not found.\n" "${c.name}" exit 1 ;; - 'nfsserver_owner_group2localgroup') + 'localgroup2localgroup') # # Try static info # @@ -464,11 +498,116 @@ case "${c.mode}" in fi done # getent group accepts numeric gids too, so continue below + else + if [[ -v localgroups["${c.name}"] ]] ; then + print -v localgroups["${c.name}"] + exit 0 + fi + fi + + # + # try getent group + # + compound gec # getent compound var + typeset dummy1 dummy2 s + getent_local_domain_group "${c.name}" | \ + IFS=':' read s dummy1 gec.localgid dummy2 + + if [[ "${s-}" != '' ]] ; then + if [[ "${gec.localgid-}" == ~(Elr)[[:digit:]]+ ]] ; then + if [[ "$s" == *"+"* ]]; then + domain="${s%%+*}" + user="${input#*+}" + else + # No '+' found, fallback to the local machine name + domain="${COMPUTERNAME}" + user="$s" + fi + + gec.localgroupname="${user}@${domain}" + gec.nfsownergroup="${user}@${idmap_config.nfsdomain}" + (( gec.nfsgid=gec.localgid )) + print -v gec + exit 0 + else + print -u2 -f "cygwin_idmapper.ksh: getent group %q returned garbage.\n" "${c.name}" + fi fi - if [[ -v localgroups["${c.name}"] ]] ; then - print -v localgroups["${c.name}"] - exit 0 + print -u2 -f "cygwin_idmapper.ksh: Group %q not found.\n" "${c.name}" + exit 1 + ;; + 'nfsserver_owner2localaccount') + # + # Try static info + # + + # Numeric ? Try looking up static UID + if [[ "${c.name}" == ~(Elr)[[:digit:]]+ ]] ; then + # Numeric ? Try looking up static UID + for s in "${!localusers[@]}" ; do + if (( localusers[$s].nfsuid == c.name )) ; then + print -v localusers[$s] + exit 0 + fi + done + # getent passwd accepts numeric uids too, so continue below + else + # Search for user name + for s in "${!localusers[@]}" ; do + if [[ "${localusers[$s].nfsowner}" == "${c.name}" ]] ; then + print -v localusers[$s] + exit 0 + fi + done + fi + + # + # try getent passwd + # + compound gec # getent compound var + typeset dummy1 dummy2 s + getent_nfs_domain_passwd "${c.name}" | \ + IFS=':' read -r dummy1 dummy2 gec.localuid gec.localgid s dummy3 + + if [[ "${s-}" != '' ]] ; then + if [[ "${gec.localuid-}" == ~(Elr)[[:digit:]]+ && "${gec.localgid-}" == ~(Elr)[[:digit:]]+ ]] ; then + compound nt_parsed + parse_ntaccount nt_parsed "$s" + gec.localaccountname="${nt_parsed.user}@${nt_parsed.domain}" + gec.nfsowner="${nt_parsed.user}@${idmap_config.nfsdomain}" + (( gec.nfsuid=gec.localuid )) + print -v gec + exit 0 + else + print -u2 -f "cygwin_idmapper.ksh: getent passwd %q returned garbage.\n" "${c.name}" + fi + fi + + print -u2 -f "cygwin_idmapper.ksh: Account %q not found.\n" "${c.name}" + exit 1 + ;; + 'nfsserver_owner_group2localgroup') + # + # Try static info + # + if [[ "${c.name}" == ~(Elr)[[:digit:]]+ ]] ; then + # Numeric ? Try looking up static UID + for s in "${!localgroups[@]}" ; do + if (( localgroups[$s].localgid == c.name )) ; then + print -v localgroups[$s] + exit 0 + fi + done + # getent group accepts numeric gids too, so continue below + else + # Search for user name + for s in "${!localgroups[@]}" ; do + if [[ "${localgroups[$s].nfsownergroup}" == "${c.name}" ]] ; then + print -v localgroups[$s] + exit 0 + fi + done fi # @@ -476,7 +615,7 @@ case "${c.mode}" in # compound gec # getent compound var typeset dummy1 dummy2 s - getent_local_domain_group "${c.name}" | \ + getent_nfs_domain_group "${c.name}" | \ IFS=':' read s dummy1 gec.localgid dummy2 if [[ "${s-}" != '' ]] ; then @@ -491,7 +630,7 @@ case "${c.mode}" in fi gec.localgroupname="${user}@${domain}" - gec.nfsownergroup="${user}@${domain}" + gec.nfsownergroup="${user}@${idmap_config.nfsdomain}" (( gec.nfsgid=gec.localgid )) print -v gec exit 0 diff --git a/daemon/accesstoken.c b/daemon/accesstoken.c index 21d2ca4..041a73d 100644 --- a/daemon/accesstoken.c +++ b/daemon/accesstoken.c @@ -157,15 +157,14 @@ bool fill_auth_unix_aup_gids(HANDLE tok, return false; } - gid_t map_gid; + idmapcache_entry *ie; *num_aup_gids = 0; - for (i=0 ; i < num_groups ; i++) { - if (nfs41_idmap_group_to_gid( - nfs41_dg.idmapper, - group_names[i], - &map_gid) == 0) { - aup_gids[(*num_aup_gids)++] = map_gid; + ie = nfs41_idmap_group_lookup_by_win32name(nfs41_dg.idmapper, + group_names[i]); + if (ie != NULL) { + aup_gids[(*num_aup_gids)++] = ie->nfsid; + idmapcache_entry_refcount_dec(ie); } else { eprintf("fill_auth_unix_aup_gids: " diff --git a/daemon/aclutil.c b/daemon/aclutil.c index 98402ea..bb8ce61 100644 --- a/daemon/aclutil.c +++ b/daemon/aclutil.c @@ -727,10 +727,12 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, SID_NAME_USE sid_type = 0; /* |who_buf| needs space for user+domain */ char who_buf[UTF8_PRINCIPALLEN+1]; - char domain_buf[UTF8_UNLEN+1]; - DWORD who_size = sizeof(who_buf), domain_size = sizeof(domain_buf); + DWORD who_size = sizeof(who_buf); LPSTR sidstr = NULL; + /* fixme: This should be a function argument */ + extern nfs41_daemon_globals nfs41_dg; + DPRINTF(ACLLVL2, ("--> map_sid2nfs4ace_who(" "sid=0x%p,owner_sid=0x%p, group_sid=0x%p)\n", sid, owner_sid, group_sid)); @@ -789,17 +791,76 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, if (status) { DPRINTF(ACLLVL2, ("map_sid2nfs4ace_who: " "LookupAccountSid(sidtostr(sid)='%s', who_buf='%s', " - "who_size=%d, domain='%s', domain_size=%d) " + "who_size=%d) " "returned success, status=%d, GetLastError=%d\n", sidstr, who_buf, who_size, - domain_buf, domain_size, status, lasterr)); + status, lasterr)); + idmapcache_entry *ie; + + switch (sid_type) { + case SidTypeUser: + ie = nfs41_idmap_user_lookup_by_win32name(nfs41_dg.idmapper, who_buf); + if (ie != NULL) { + (void)strcpy(who_out, ie->nfsname.buf); + who_size = (DWORD)strlen(who_out); /* FIXME: |ie->nfsname.len| ? */ + status = ERROR_SUCCESS; + + DPRINTF(ACLLVL1, ("map_sid2nfs4ace_who: " + "win32name='%s' mapped to user '%s'\n", + who_buf, who_out)); + idmapcache_entry_refcount_dec(ie); + goto out; + } + else { + DPRINTF(0, + ("map_sid2nfs4ace_who: " + "nfs41_idmap_user_lookup_by_win32name(who_buf='%s') failed\n", + who_buf)); + status = ERROR_NOT_FOUND; /* FIXME: We need a better error code */ + goto out; + } + break; + case SidTypeGroup: + case SidTypeAlias: /* Treat |SidTypeAlias| as (local) group */ + ie = nfs41_idmap_group_lookup_by_win32name(nfs41_dg.idmapper, who_buf); + if (ie != NULL) { + (void)strcpy(who_out, ie->nfsname.buf); + who_size = (DWORD)strlen(who_out); /* FIXME: |ie->nfsname.len| ? */ + status = ERROR_SUCCESS; + + DPRINTF(ACLLVL1, ("map_sid2nfs4ace_who: " + "win32name='%s' mapped to group '%s'\n", + who_buf, who_out)); + idmapcache_entry_refcount_dec(ie); + goto out; + } + else { + DPRINTF(0, + ("map_sid2nfs4ace_who: " + "nfs41_idmap_group_lookup_by_win32name(who_buf='%s') failed\n", + who_buf)); + status = ERROR_NOT_FOUND; /* FIXME: We need a better error code */ + goto out; + } + break; + default: + DPRINTF(0, + ("map_sid2nfs4ace_who: " + "ERROR: Unsupported sid_type=%d for who_buf='%s'\n", + (int)sid_type, who_buf)); + status = ERROR_NOT_FOUND; /* FIXME: We need a better error code */ + goto out; + break; + } + + /* NOTREACHED */ } else { DPRINTF(ACLLVL2, ("map_sid2nfs4ace_who: " - "LookupAccountSid(sidtostr(sid)='%s', who_size=%d, " - "domain_size=%d) returned failure, status=%d, " + "LookupAccountSid(sidtostr(sid)='%s', who_size=%d " + "returned failure, status=%d, " "GetLastError=%d\n", - sidstr, who_size, domain_size, status, lasterr)); + sidstr, who_size, status, lasterr)); /* * No SID to local account mapping. Can happen for some system @@ -821,16 +882,18 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, * a user-/group-name mapped. */ #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - /* fixme: This should be a function argument */ - extern nfs41_daemon_globals nfs41_dg; uid_t unixuser_uid = ~0U; gid_t unixgroup_gid = ~0U; if (unixuser_sid2uid(sid, &unixuser_uid)) { - if (!nfs41_idmap_uid_to_name(nfs41_dg.idmapper, - unixuser_uid, who_out, UTF8_PRINCIPALLEN)) { - who_size = (DWORD)strlen(who_out); + idmapcache_entry *ie; + + ie = nfs41_idmap_user_lookup_by_localid(nfs41_dg.idmapper, + unixuser_uid); + if (ie != NULL) { + (void)strcpy(who_out, ie->nfsname.buf); + who_size = (DWORD)strlen(who_out); /* FIXME: |ie->nfsname.len| ? */ sid_type = SidTypeUser; status = ERROR_SUCCESS; @@ -838,7 +901,8 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, "Unix_User+%d SID " "mapped to user '%s'\n", unixuser_uid, who_out)); - goto add_domain; + idmapcache_entry_refcount_dec(ie); + goto out; } eprintf("map_sid2nfs4ace_who: " @@ -849,9 +913,13 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, } if (unixgroup_sid2gid(sid, &unixgroup_gid)) { - if (!nfs41_idmap_gid_to_group(nfs41_dg.idmapper, - unixgroup_gid, who_out, UTF8_PRINCIPALLEN)) { - who_size = (DWORD)strlen(who_out); + idmapcache_entry *ie; + + ie = nfs41_idmap_group_lookup_by_localid(nfs41_dg.idmapper, + unixgroup_gid); + if (ie != NULL) { + (void)strcpy(who_out, ie->nfsname.buf); + who_size = (DWORD)strlen(who_out); /* FIXME: |ie->nfsname.len| ? */ sid_type = SidTypeGroup; status = ERROR_SUCCESS; @@ -859,7 +927,8 @@ int map_sid2nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, "Unix_Group+%d SID " "mapped to group '%s'\n", unixgroup_gid, who_out)); - goto add_domain; + idmapcache_entry_refcount_dec(ie); + goto out; } eprintf("map_sid2nfs4ace_who: " @@ -903,7 +972,8 @@ err_none_mapped: } } - (void)memcpy(who_out, who_buf, who_size); + /* NOTREACHED */ + add_domain: /* * Complain if we attempt to add a domain suffix to an UID/GID @@ -942,8 +1012,6 @@ add_domain: #endif /* NFS41_DRIVER_WS2022_HACKS */ (void)memcpy(wp, domain, strlen(domain)+1); -/* no_add_domain: */ - status = ERROR_SUCCESS; out: if (status) { DPRINTF(ACLLVL2, @@ -965,6 +1033,7 @@ out: return status; } +/* FIXME: New idmapper API might make the |domain| parameter obsolete */ int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, int file_type, bool nfs_namedattr_support, char *domain) { diff --git a/daemon/fileinfoutil.c b/daemon/fileinfoutil.c index d093a75..20a51ea 100644 --- a/daemon/fileinfoutil.c +++ b/daemon/fileinfoutil.c @@ -439,8 +439,7 @@ void nfs_to_stat_lx_info( char owner[NFS4_FATTR4_OWNER_LIMIT+1]; char owner_group[NFS4_FATTR4_OWNER_LIMIT+1]; - uid_t map_uid = ~0UL; - gid_t map_gid = ~0UL; + idmapcache_entry *ie; EASSERT((info->attrmask.arr[1] & FATTR4_WORD1_OWNER) != 0); EASSERT((info->attrmask.arr[1] & FATTR4_WORD1_OWNER_GROUP) != 0); @@ -459,12 +458,12 @@ void nfs_to_stat_lx_info( EASSERT_MSG(IS_PRINCIPAL_NAME(owner), ("owner='%s' is not a principal\n", owner)); - if (!nfs41_idmap_name_to_uid( - nfs41_dg->idmapper, - owner, - &map_uid)) { + ie = nfs41_idmap_user_lookup_by_nfsname(nfs41_dg->idmapper, + owner); + if (ie != NULL) { stat_lx_out->LxFlags |= LX_FILE_METADATA_HAS_UID; - stat_lx_out->LxUid = map_uid; + stat_lx_out->LxUid = ie->localid; + idmapcache_entry_refcount_dec(ie); } else { /* @@ -486,12 +485,12 @@ void nfs_to_stat_lx_info( EASSERT_MSG(IS_PRINCIPAL_NAME(owner_group), ("owner_group='%s' is not a principal\n", owner_group)); - if (!nfs41_idmap_group_to_gid( - nfs41_dg->idmapper, - owner_group, - &map_gid)) { + ie = nfs41_idmap_group_lookup_by_nfsname(nfs41_dg->idmapper, + owner_group); + if (ie != NULL) { stat_lx_out->LxFlags |= LX_FILE_METADATA_HAS_GID; - stat_lx_out->LxGid = map_gid; + stat_lx_out->LxGid = ie->localid; + idmapcache_entry_refcount_dec(ie); } else { /* diff --git a/daemon/idmap.c b/daemon/idmap.c index 4a4656c..88318bd 100644 --- a/daemon/idmap.c +++ b/daemon/idmap.c @@ -23,7 +23,6 @@ #include <Windows.h> #include <strsafe.h> -#include <Winldap.h> #include <stdlib.h> /* for strtoul() */ #include <errno.h> @@ -34,71 +33,9 @@ #include "daemon_debug.h" #include "util.h" -#define PTR2UID_T(p) ((uid_t)PTR2PTRDIFF_T(p)) -#define PTR2GID_T(p) ((gid_t)PTR2PTRDIFF_T(p)) -#define PTR2UINT(p) ((UINT)PTR2PTRDIFF_T(p)) -#define UID_T2PTR(u) (PTRDIFF_T2PTR((ptrdiff_t)u)) -#define GID_T2PTR(g) (PTRDIFF_T2PTR((ptrdiff_t)g)) - -#define IDLVL 2 /* dprintf level for idmap logging */ -#define CYGWINIDLVL 2 /* dprintf level for idmap logging */ - -#define FILTER_LEN 1024 -#define NAME_LEN 32 -#define VAL_LEN 257 - - -enum ldap_class { - CLASS_USER, - CLASS_GROUP, - - NUM_CLASSES -}; - -enum ldap_attr { - ATTR_USER_NAME, - ATTR_GROUP_NAME, - ATTR_PRINCIPAL, - ATTR_UID, - ATTR_GID, - - NUM_ATTRIBUTES -}; - -#define ATTR_FLAG(attr) (1 << (attr)) -#define ATTR_ISSET(mask, attr) (((mask) & ATTR_FLAG(attr)) != 0) - - -/* ldap/cache lookups */ -struct idmap_lookup { - enum ldap_attr attr; - enum ldap_class klass; - enum config_type type; - list_compare_fn compare; - const void *value; -}; - - /* configuration */ static const char CONFIG_FILENAME[] = "C:\\etc\\ms-nfs41-idmap.conf"; -struct idmap_config { - /* ldap server information */ - char hostname[NFS41_HOSTNAME_LEN+1]; - char localdomain_name[NFS41_HOSTNAME_LEN+1]; - UINT port; - UINT version; - UINT timeout; - - /* ldap schema information */ - char classes[NUM_CLASSES][NAME_LEN]; - char attributes[NUM_ATTRIBUTES][NAME_LEN]; - char base[VAL_LEN]; - - /* caching configuration */ - INT cache_ttl; -}; - enum config_type { TYPE_STR, @@ -125,22 +62,6 @@ struct config_option { /* table of recognized config options, including type and default value */ static const struct config_option g_options[] = { - /* server information */ - OPT_STR("ldap_hostname", "localhost", hostname, NFS41_HOSTNAME_LEN+1), - OPT_INT("ldap_port", "389", port), - OPT_INT("ldap_version", "3", version), - OPT_INT("ldap_timeout", "0", timeout), - - /* schema information */ - OPT_STR("ldap_base", "cn=localhost", base, VAL_LEN), - OPT_CLASS("ldap_class_users", "user", CLASS_USER), - OPT_CLASS("ldap_class_groups", "group", CLASS_GROUP), - OPT_ATTR("ldap_attr_username", "cn", ATTR_USER_NAME), - OPT_ATTR("ldap_attr_groupname", "cn", ATTR_GROUP_NAME), - OPT_ATTR("ldap_attr_gssAuthName", "gssAuthName", ATTR_PRINCIPAL), - OPT_ATTR("ldap_attr_uidNumber", "uidNumber", ATTR_UID), - OPT_ATTR("ldap_attr_gidNumber", "gidNumber", ATTR_GID), - /* caching configuration */ OPT_INT("cache_ttl", "6000", cache_ttl), }; @@ -386,20 +307,6 @@ out: } -/* generic cache */ - - -/* ldap context */ -struct idmap_context { - struct idmap_config config; - - idmapcache_context *usercache; - idmapcache_context *groupcache; - - LDAP *ldap; -}; - - /* public idmap interface */ int nfs41_idmap_create( struct idmap_context **context_out, const char *localdomain_name) @@ -413,24 +320,16 @@ int nfs41_idmap_create( goto out; } - (void)strcpy_s(context->config.localdomain_name, - sizeof(context->config.localdomain_name), - localdomain_name); - if (context == NULL) { - status = GetLastError(); - goto out; - } - /* initialize the caches */ context->usercache = idmapcache_context_create(); context->groupcache = idmapcache_context_create(); if ((context->usercache == NULL) || (context->groupcache == NULL)) { eprintf("nfs41_idmap_create: Cannot create idmapcache\n"); - goto out; + goto out_err_free; } - /* load ldap configuration from file */ + /* load configuration from file */ status = config_init(&context->config); if (status) { eprintf("config_init() failed with %d\n", status); @@ -438,7 +337,8 @@ int nfs41_idmap_create( } #ifdef NFS41_DRIVER_FEATURE_IDMAPPER_CYGWIN - DPRINTF(CYGWINIDLVL, ("nfs41_idmap_create: Force context->config.timeout = 6000;\n")); + DPRINTF(1, + ("nfs41_idmap_create: Force context->config.timeout = 6000;\n")); context->config.timeout = 6000; #endif /* NFS41_DRIVER_FEATURE_IDMAPPER_CYGWIN */ @@ -455,306 +355,10 @@ out_err_free: void nfs41_idmap_free( struct idmap_context *context) { - /* clean up the connection */ - if (context->ldap) - ldap_unbind(context->ldap); - - idmapcache_context_destroy(context->usercache); - idmapcache_context_destroy(context->groupcache); + if (context->usercache != NULL) + idmapcache_context_destroy(context->usercache); + if (context->groupcache != NULL) + idmapcache_context_destroy(context->groupcache); free(context); } - -int nfs41_idmap_name_to_uid( - struct idmap_context *context, - const char *name, - uid_t *uid_out) -{ - int status = ERROR_NOT_FOUND; - - DPRINTF(IDLVL, ("--> nfs41_idmap_name_to_uid(name='%s')\n", name)); - - idmapcache_entry *ie = NULL; - - ie = idmapcache_lookup_by_nfsname(context->usercache, name); - if (ie != NULL) { - *uid_out = ie->nfsid; - status = ERROR_SUCCESS; - goto out; - } - - char localname[256]; - uid_t localuid; - char nfsowner[256]; - uid_t nfsuid; - - if (!cygwin_getent_passwd(name, - localname, - &localuid, - nfsowner, - &nfsuid)) { - DPRINTF(0, ("nfs41_idmap_name_to_uid(name='%s'): " - "Adding new user entry localname='%s', localuid=%ld, nfsowner='%s', nfsuid=%ld\n", - name, - localname, - (long)localuid, - nfsowner, - (long)nfsuid)); - - ie = idmapcache_add(context->usercache, - name/*localname*/, - localuid, - name/*nfsowner*/, - localuid/*nfsuid*/); - if (ie == NULL) { - DPRINTF(0, ("nfs41_idmap_name_to_uid(name='%s'): idmapcache_add() failed\n", name)); - } - else { - *uid_out = ie->nfsid; - status = ERROR_SUCCESS; - } - } - -out: - DPRINTF(IDLVL, ("<-- nfs41_idmap_name_to_uid(name='%s') " - "returning status=%d, uid=%u\n", - name, - status, - (unsigned int)*uid_out)); - - if (ie != NULL) { - DPRINTF(3, ("nfs41_idmap_name_to_uid(name='%s'): " - "returning *uid_out=%u / user ie(=0x%p)={ win32name='%s', localuid=%ld, nfsname='%s', nfsid=%ld\n", - name, - (unsigned int)*uid_out, - (void *)ie, - ie->win32name.buf, - (long)ie->localid, - ie->nfsname.buf, - (long)ie->nfsid)); - idmapcache_entry_refcount_dec(ie); - } - - return status; -} - -int nfs41_idmap_uid_to_name( - struct idmap_context *context, - uid_t uid, - char *name, - size_t len) -{ - int status = ERROR_NOT_FOUND; - - DPRINTF(IDLVL, ("--> nfs41_idmap_uid_to_name(uid=%u)\n", (unsigned int)uid)); - - idmapcache_entry *ie = NULL; - - ie = idmapcache_lookup_by_nfsid(context->usercache, uid); - if (ie != NULL) { - (void)strcpy(name, ie->nfsname.buf); - status = ERROR_SUCCESS; - goto out; - } - - char localname[256]; - uid_t localuid; - char nfsowner[256]; - uid_t nfsuid; - - if (!cygwin_getent_passwd(name, - localname, - &localuid, - nfsowner, - &nfsuid)) { - DPRINTF(0, ("nfs41_idmap_uid_to_name(name='%s'): " - "Adding new user entry localname='%s', localuid=%ld, nfsowner='%s', nfsuid=%ld\n", - name, - localname, - (long)localuid, - nfsowner, - (long)nfsuid)); - - ie = idmapcache_add(context->usercache, - name/*localname*/, - localuid, - name/*nfsowner*/, - localuid/*nfsuid*/); - if (ie == NULL) { - DPRINTF(0, ("nfs41_idmap_uid_to_name(name='%s'): idmapcache_add() failed\n", name)); - } - else { - (void)strcpy(name, ie->nfsname.buf); - status = ERROR_SUCCESS; - } - } - -out: - DPRINTF(IDLVL, ("<-- nfs41_idmap_uid_to_name(uid=%u) " - "returning status=%d, name='%s'\n", - (unsigned int)uid, - status, - ((status == 0)?name:"<nothing>"))); - - if (ie != NULL) { - DPRINTF(0, ("nfs41_idmap_uid_to_name(uid=%u): " - "returning *name='%s' / user ie(=0x%p)={ win32name='%s', localuid=%ld, nfsname='%s', nfsid=%ld\n", - (unsigned int)uid, - ((status == 0)?name:"<nothing>"), - (void *)ie, - ie->win32name.buf, - (long)ie->localid, - ie->nfsname.buf, - (long)ie->nfsid)); - idmapcache_entry_refcount_dec(ie); - } - - return status; -} - -int nfs41_idmap_group_to_gid( - struct idmap_context *context, - const char *name, - gid_t *gid_out) -{ - int status = ERROR_NOT_FOUND; - - DPRINTF(IDLVL, ("--> nfs41_idmap_group_to_gid(name='%s')\n", name)); - - idmapcache_entry *ie = NULL; - - ie = idmapcache_lookup_by_nfsname(context->groupcache, name); - if (ie != NULL) { - *gid_out = ie->nfsid; - status = ERROR_SUCCESS; - goto out; - } - - char localgroupname[256]; - gid_t localgid; - char nfsownergroup[256]; - gid_t nfsgid; - - if (!cygwin_getent_group(name, - localgroupname, - &localgid, - nfsownergroup, - &nfsgid)) { - DPRINTF(0, ("nfs41_idmap_group_to_gid(name='%s'): " - "Adding new group entry localgroupname='%s', localgid=%ld, nfsownergroup='%s', nfsgid=%ld\n", - name, - localgroupname, - (long)localgid, - nfsownergroup, - (long)nfsgid)); - - ie = idmapcache_add(context->groupcache, - name/*localgroupname*/, - localgid, - name/*nfsownergroup*/, - localgid/*nfsgid*/); - if (ie == NULL) { - DPRINTF(0, ("nfs41_idmap_group_to_gid(name='%s'): idmapcache_add() failed\n", name)); - } - else { - *gid_out = ie->nfsid; - status = ERROR_SUCCESS; - } - } - -out: - DPRINTF(IDLVL, ("<-- nfs41_idmap_group_to_gid(name='%s') " - "returning status=%d, gid=%u\n", - name, - status, - (unsigned int)*gid_out)); - - if (ie != NULL) { - DPRINTF(3, ("nfs41_idmap_group_to_gid(name='%s'): " - "returning *gid_out=%u / group ie(=0x%p)={ win32name='%s', localgid=%ld, nfsname='%s', nfsid=%ld\n", - name, - (unsigned int)*gid_out, - (void *)ie, - ie->win32name.buf, - (long)ie->localid, - ie->nfsname.buf, - (long)ie->nfsid)); - idmapcache_entry_refcount_dec(ie); - } - - return status; -} - -int nfs41_idmap_gid_to_group( - struct idmap_context *context, - gid_t gid, - char *name, - size_t len) -{ - int status = ERROR_NOT_FOUND; - - DPRINTF(IDLVL, ("--> nfs41_idmap_gid_to_group(gid=%u)\n", (unsigned int)gid)); - - idmapcache_entry *ie = NULL; - - ie = idmapcache_lookup_by_nfsid(context->groupcache, gid); - if (ie != NULL) { - (void)strcpy(name, ie->nfsname.buf); - status = ERROR_SUCCESS; - goto out; - } - - char localgroupname[256]; - gid_t localgid; - char nfsownergroup[256]; - gid_t nfsgid; - - if (!cygwin_getent_group(name, - localgroupname, - &localgid, - nfsownergroup, - &nfsgid)) { - DPRINTF(0, ("nfs41_idmap_group_to_gid(name='%s'): " - "Adding new group entry localgroupname='%s', localgid=%ld, nfsownergroup='%s', nfsgid=%ld\n", - name, - localgroupname, - (long)localgid, - nfsownergroup, - (long)nfsgid)); - - ie = idmapcache_add(context->groupcache, - name/*localgroupname*/, - localgid, - name/*nfsownergroup*/, - localgid/*nfsgid*/); - if (ie == NULL) { - DPRINTF(0, ("nfs41_idmap_group_to_gid(name='%s'): idmapcache_add() failed\n", name)); - } - else { - (void)strcpy(name, ie->nfsname.buf); - status = ERROR_SUCCESS; - } - } - -out: - DPRINTF(IDLVL, ("<-- nfs41_idmap_gid_to_group(gid=%u) " - "returning status=%d, name='%s'\n", - (unsigned int)gid, - status, - ((status == 0)?name:"<nothing>"))); - - if (ie != NULL) { - DPRINTF(0, ("nfs41_idmap_gid_to_group(gid=%u): " - "returning *name='%s' / group ie(=0x%p)={ win32name='%s', localgid=%ld, nfsname='%s', nfsid=%ld\n", - (unsigned int)gid, - ((status == 0)?name:"<nothing>"), - (void *)ie, - ie->win32name.buf, - (long)ie->localid, - ie->nfsname.buf, - (long)ie->nfsid)); - idmapcache_entry_refcount_dec(ie); - } - - return status; -} diff --git a/daemon/idmap.h b/daemon/idmap.h index 1c277d1..68e6f9e 100644 --- a/daemon/idmap.h +++ b/daemon/idmap.h @@ -32,42 +32,30 @@ typedef struct idmap_context nfs41_idmapper; int nfs41_idmap_create( nfs41_idmapper **context_out, const char *localdomain_name); - void nfs41_idmap_free( nfs41_idmapper *context); - -int nfs41_idmap_name_to_uid( - struct idmap_context *context, - const char *username, - uid_t *uid_out); - -int nfs41_idmap_uid_to_name( - nfs41_idmapper *context, - uid_t uid, - char *name_out, - size_t len); - -int nfs41_idmap_group_to_gid( - nfs41_idmapper *context, - const char *name, - gid_t *gid_out); - -int nfs41_idmap_gid_to_group( - nfs41_idmapper *context, - gid_t gid, - char *name_out, - size_t len); - /* idmap_cygwin.c */ #ifdef NFS41_DRIVER_FEATURE_IDMAPPER_CYGWIN -int cygwin_getent_passwd( +int cygwin_local_getent_passwd( + const char *restrict name, + char *restrict res_localaccountname, + uid_t *restrict res_localuid, + char *restrict res_nfsowner, + uid_t *restrict res_nfsuid); +int cygwin_nfsserver_getent_passwd( const char *restrict name, char *restrict res_localaccountname, uid_t *restrict res_localuid, char *restrict res_nfsowner, uid_t *restrict res_nfsuid); -int cygwin_getent_group( +int cygwin_local_getent_group( + const char *restrict name, + char *restrict res_localgroupname, + gid_t *restrict res_localgid, + char *restrict res_nfsownergroup, + gid_t *restrict res_nfsgid); +int cygwin_nfsserver_getent_group( const char *restrict name, char *restrict res_localgroupname, gid_t *restrict res_localgid, @@ -75,7 +63,7 @@ int cygwin_getent_group( gid_t *restrict res_nfsgid); #endif /* NFS41_DRIVER_FEATURE_IDMAPPER_CYGWIN */ -#define IDMAPCACHE_TTL_SECONDS 60 +#define IDMAPCACHE_TTL_SECONDS (60*5) #define IDMAPCACHE_MAXNAME_LEN 256 /* @@ -107,15 +95,68 @@ idmapcache_entry *idmapcache_add(idmapcache_context *restrict ctx, idmapcache_idnumber localid, const char *restrict nfsname, idmapcache_idnumber nfsid); -idmapcache_entry *idmapcache_lookup_by_win32name(idmapcache_context *restrict ctx, +idmapcache_entry *idmapcache_lookup_by_win32name( + idmapcache_context *restrict ctx, const char *restrict win32name); -idmapcache_entry *idmapcache_lookup_by_localid(idmapcache_context *restrict ctx, +idmapcache_entry *idmapcache_lookup_by_localid( + idmapcache_context *restrict ctx, idmapcache_idnumber search_localid); -idmapcache_entry *idmapcache_lookup_by_nfsname(idmapcache_context *restrict ctx, +idmapcache_entry *idmapcache_lookup_by_nfsname( + idmapcache_context *restrict ctx, const char *restrict nfsname); idmapcache_entry *idmapcache_lookup_by_nfsid(idmapcache_context *restrict ctx, idmapcache_idnumber search_nfslid); void idmapcache_entry_refcount_inc(idmapcache_entry *restrict e); void idmapcache_entry_refcount_dec(idmapcache_entry *restrict e); +struct idmap_config { + UINT timeout; + + /* caching configuration */ + INT cache_ttl; +}; + +struct idmap_context { + struct idmap_config config; + + idmapcache_context *usercache; + idmapcache_context *groupcache; + + void *ldap; +}; + +/* + * User lookup functions + * If an entry does not exists the idmapper script will be called to create it + */ +idmapcache_entry *nfs41_idmap_user_lookup_by_win32name( + struct idmap_context *context, + const char *restrict win32name); +idmapcache_entry *nfs41_idmap_user_lookup_by_localid( + struct idmap_context *context, + idmapcache_idnumber search_localid); +idmapcache_entry *nfs41_idmap_user_lookup_by_nfsname( + struct idmap_context *context, + const char *restrict nfsname); +idmapcache_entry *nfs41_idmap_user_lookup_by_nfsid( + struct idmap_context *context, + idmapcache_idnumber search_nfslid); + +/* + * User lookup functions + * If an entry does not exists the idmapper script will be called to create it + */ +idmapcache_entry *nfs41_idmap_group_lookup_by_win32name( + struct idmap_context *context, + const char *restrict win32name); +idmapcache_entry *nfs41_idmap_group_lookup_by_localid( + struct idmap_context *context, + idmapcache_idnumber search_localid); +idmapcache_entry *nfs41_idmap_group_lookup_by_nfsname( + struct idmap_context *context, + const char *restrict nfsname); +idmapcache_entry *nfs41_idmap_group_lookup_by_nfsid( + struct idmap_context *context, + idmapcache_idnumber search_nfslid); + #endif /* !IDMAP_H */ diff --git a/daemon/idmap_cygwin.c b/daemon/idmap_cygwin.c index a30b7d6..771974f 100644 --- a/daemon/idmap_cygwin.c +++ b/daemon/idmap_cygwin.c @@ -52,7 +52,9 @@ #endif /* _WIN64 */ #ifdef NFS41_DRIVER_FEATURE_IDMAPPER_CYGWIN +static int cygwin_getent_passwd( + const char *restrict mode, const char *restrict name, char *restrict res_localaccountname, uid_t *restrict res_localuid, @@ -75,14 +77,14 @@ int cygwin_getent_passwd( const char *nfsowner = NULL; DPRINTF(CYGWINIDLVL, - ("--> cygwin_getent_passwd(name='%s')\n", - name)); + ("--> cygwin_getent_passwd(mode='%s',name='%s')\n", + mode, name)); if (name[0] == '\0') { DPRINTF(0, - ("cygwin_getent_passwd(name='%s'): " + ("cygwin_getent_passwd(mode='%s',name='%s'): " "ERROR: Empty user name.\n", - name)); + mode, name)); goto fail; } @@ -91,14 +93,16 @@ int cygwin_getent_passwd( /* fixme: better quoting for |name| needed */ (void)snprintf(cmdbuff, sizeof(cmdbuff), - "%s nfsserver_owner2localaccount \"%s\"", + "%s %s \"%s\"", CYGWIN_IDMAPPER_SCRIPT, + mode, name); if ((script_pipe = subcmd_popen(cmdbuff)) == NULL) { int last_error = GetLastError(); DPRINTF(0, - ("cygwin_getent_passwd(name='%s'): " + ("cygwin_getent_passwd(mode='%s',name='%s'): " "'%s' failed, GetLastError()='%d'\n", + mode, name, cmdbuff, last_error)); @@ -108,9 +112,9 @@ int cygwin_getent_passwd( if (!subcmd_readcmdoutput(script_pipe, buff, sizeof(buff), &num_buff_read)) { DPRINTF(0, - ("cygwin_getent_passwd(name='%s'): " + ("cygwin_getent_passwd(mode='%s',name='%s'): " "subcmd_readcmdoutput() failed\n", - name)); + mode, name)); goto fail; } @@ -118,26 +122,26 @@ int cygwin_getent_passwd( if (num_buff_read < 10) { DPRINTF(0, - ("cygwin_getent_passwd(name='%s'): " + ("cygwin_getent_passwd(mode='%s',name='%s'): " "Could not read enough data, returned %d\n", - name, (int)num_buff_read)); + mode, name, (int)num_buff_read)); goto fail; } cpvp = cpv_create_parser(buff, 0/*CPVFLAG_DEBUG_OUTPUT*/); if (!cpvp) { DPRINTF(0, - ("cygwin_getent_passwd(name='%s'): " + ("cygwin_getent_passwd(mode='%s',name='%s'): " "Could not create parser\n", - name)); + mode, name)); goto fail; } if (cpv_read_cpv_header(cpvp)) { DPRINTF(0, - ("cygwin_getent_passwd(name='%s'): " + ("cygwin_getent_passwd(mode='%s',name='%s'): " "cpv_read_cpv_header failed\n", - name)); + mode, name)); goto fail; } @@ -186,9 +190,9 @@ int cygwin_getent_passwd( * The idmapper script must never return this! */ if (!strcmp(localaccountname, "Unknown+User")) { - eprintf("cygwin_getent_passwd(name='%s'): " + eprintf("cygwin_getent_passwd(mode='%s',name='%s'): " "idmapper returned illegal value '%s'\n", - name, localaccountname); + mode, name, localaccountname); goto fail; } @@ -214,9 +218,10 @@ fail: if (res == 0) { DPRINTF(CYGWINIDLVL, - ("<-- cygwin_getent_passwd(name='%s'): " + ("<-- cygwin_getent_passwd(mode='%s',name='%s'): " "returning res_localuid=%u, res_localaccountname='%s', " "res_nfsowner='%s' res_nfsuid=%u\n", + mode, name, (unsigned int)(res_localuid?(*res_localuid):~0), res_localaccountname?res_localaccountname:"<NULL>", @@ -225,14 +230,48 @@ fail: } else { DPRINTF(CYGWINIDLVL, - ("<-- cygwin_getent_passwd(name='%s'): no match found\n", - name)); + ("<-- cygwin_getent_passwd(mode='%s',name='%s'): no match found\n", + mode, name)); } return res; } +int cygwin_local_getent_passwd( + const char *restrict name, + char *restrict res_localaccountname, + uid_t *restrict res_localuid, + char *restrict res_nfsowner, + uid_t *restrict res_nfsuid) +{ + return cygwin_getent_passwd( + "localname2localaccount", + name, + res_localaccountname, + res_localuid, + res_nfsowner, + res_nfsuid); +} + +int cygwin_nfsserver_getent_passwd( + const char *restrict name, + char *restrict res_localaccountname, + uid_t *restrict res_localuid, + char *restrict res_nfsowner, + uid_t *restrict res_nfsuid) +{ + return cygwin_getent_passwd( + "nfsserver_owner2localaccount", + name, + res_localaccountname, + res_localuid, + res_nfsowner, + res_nfsuid); +} + +static int cygwin_getent_group( + const char *restrict mode, const char *restrict name, char *restrict res_localgroupname, gid_t *restrict res_localgid, @@ -256,14 +295,14 @@ int cygwin_getent_group( const char *nfsownergroup = NULL; DPRINTF(CYGWINIDLVL, - ("--> cygwin_getent_group(name='%s')\n", - name)); + ("--> cygwin_getent_group(mode='%s',name='%s')\n", + mode, name)); if (name[0] == '\0') { DPRINTF(0, - ("cygwin_getent_group(name='%s'): " + ("cygwin_getent_group(mode='%s',name='%s'): " "ERROR: Empty group name.\n", - name)); + mode, name)); goto fail; } @@ -272,14 +311,16 @@ int cygwin_getent_group( /* fixme: better quoting for |name| needed */ (void)snprintf(cmdbuff, sizeof(cmdbuff), - "%s nfsserver_owner_group2localgroup \"%s\"", + "%s %s \"%s\"", CYGWIN_IDMAPPER_SCRIPT, + mode, name); if ((script_pipe = subcmd_popen(cmdbuff)) == NULL) { int last_error = GetLastError(); DPRINTF(0, - ("cygwin_getent_group(name='%s'): " + ("cygwin_getent_group(mode='%s',name='%s'): " "'%s' failed, GetLastError()='%d'\n", + mode, name, cmdbuff, last_error)); @@ -289,9 +330,9 @@ int cygwin_getent_group( if (!subcmd_readcmdoutput(script_pipe, buff, sizeof(buff), &num_buff_read)) { DPRINTF(0, - ("cygwin_getent_group(name='%s'): " + ("cygwin_getent_group(mode='%s',name='%s'): " "subcmd_readcmdoutput() failed\n", - name)); + mode, name)); goto fail; } @@ -299,26 +340,26 @@ int cygwin_getent_group( if (num_buff_read < 10) { DPRINTF(0, - ("cygwin_getent_group(name='%s'): " + ("cygwin_getent_group(mode='%s',name='%s'): " "Could not read enough data, returned %d\n", - name, (int)num_buff_read)); + mode, name, (int)num_buff_read)); goto fail; } cpvp = cpv_create_parser(buff, 0/*CPVFLAG_DEBUG_OUTPUT*/); if (!cpvp) { DPRINTF(0, - ("cygwin_getent_group(name='%s'): " + ("cygwin_getent_group(mode='%s',name='%s'): " "Could not create parser\n", - name)); + mode, name)); goto fail; } if (cpv_read_cpv_header(cpvp)) { DPRINTF(0, - ("cygwin_getent_group(name='%s'): " + ("cygwin_getent_group(mode='%s',name='%s'): " "cpv_read_cpv_header failed\n", - name)); + mode, name)); goto fail; } @@ -367,9 +408,9 @@ int cygwin_getent_group( * The idmapper script must never return this! */ if (!strcmp(localgroupname, "Unknown+Group")) { - eprintf("cygwin_getent_group(name='%s'): " + eprintf("cygwin_getent_group(mode='%s',name='%s'): " "idmapper returned illegal value '%s'\n", - name, localgroupname); + mode, name, localgroupname); goto fail; } @@ -395,8 +436,9 @@ fail: if (res == 0) { DPRINTF(CYGWINIDLVL, - ("<-- cygwin_getent_group(name='%s'): " + ("<-- cygwin_getent_group(mode='%s',name='%s'): " "returning res_localgid=%u, res_localgroupname='%s', res_nfsownergroup='%s', res_localgid=%u\n", + mode, name, (unsigned int)(res_localgid?*res_localgid:~0), res_localgroupname?res_localgroupname:"<NULL>", @@ -405,12 +447,44 @@ fail: } else { DPRINTF(CYGWINIDLVL, - ("<-- cygwin_getent_group(name='%s'): no match found\n", - name)); + ("<-- cygwin_getent_group(mode='%s',name='%s'): no match found\n", + mode, name)); } return res; } + +int cygwin_local_getent_group( + const char *restrict name, + char *restrict res_localgroupname, + gid_t *restrict res_localgid, + char *restrict res_nfsownergroup, + gid_t *restrict res_nfsgid) +{ + return cygwin_getent_group( + "localgroup2localgroup", + name, + res_localgroupname, + res_localgid, + res_nfsownergroup, + res_nfsgid); +} + +int cygwin_nfsserver_getent_group( + const char *restrict name, + char *restrict res_localgroupname, + gid_t *restrict res_localgid, + char *restrict res_nfsownergroup, + gid_t *restrict res_nfsgid) +{ + return cygwin_getent_group( + "nfsserver_owner_group2localgroup", + name, + res_localgroupname, + res_localgid, + res_nfsownergroup, + res_nfsgid); +} #endif /* NFS41_DRIVER_FEATURE_IDMAPPER_CYGWIN */ @@ -507,7 +581,7 @@ idmapcache_entry *idmapcache_lookup(idmapcache_context *restrict ctx, ReleaseSRWLockShared(&ctx->lock); - return &found_node->entry; + return (found_node != NULL)?(&found_node->entry):(NULL); } static @@ -643,3 +717,608 @@ idmapcache_entry *idmapcache_lookup_by_nfsid(idmapcache_context *restrict ctx, { return idmapcache_lookup(ctx, cmp_by_nfsid, &search_nfsid); } + +/* + * Public idmapper API + */ + +idmapcache_entry *nfs41_idmap_user_lookup_by_win32name(struct idmap_context *context, + const char *restrict name) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_user_lookup_by_win32name(name='%s')\n", + name)); + + ie = idmapcache_lookup_by_win32name(context->usercache, name); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + uid_t localuid; + char nfsowner[256]; + uid_t nfsuid; + + if (!cygwin_local_getent_passwd(name, + localname, + &localuid, + nfsowner, + &nfsuid)) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_win32name(name='%s'): " + "Adding new user entry localname='%s', localuid=%ld, nfsowner='%s', nfsuid=%ld\n", + name, + localname, + (long)localuid, + nfsowner, + (long)nfsuid)); + + ie = idmapcache_add(context->usercache, + localname, + localuid, + nfsowner, + nfsuid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_win32name(name='%s'): idmapcache_add() failed\n", + name)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_win32name(name='%s'): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localuid=%ld, nfsname='%s', nfsid=%ld\n", + name, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_win32name(name='%s'): " + "returning status=%d / ie=NULL\n", + name, + status)); + } + + return ie; +} + +idmapcache_entry *nfs41_idmap_user_lookup_by_localid(struct idmap_context *context, + idmapcache_idnumber search_localid) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_user_lookup_by_localid(search_localid=%ld)\n", + (long)search_localid)); + + ie = idmapcache_lookup_by_localid(context->usercache, search_localid); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + uid_t localuid; + char nfsowner[256]; + uid_t nfsuid; + char name[64]; + (void)sprintf(name, "%ld", (long)search_localid); + + if (!cygwin_local_getent_passwd(name, + localname, + &localuid, + nfsowner, + &nfsuid)) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_localid(search_localid=%ld): " + "Adding new user entry localname='%s', localuid=%ld, nfsowner='%s', nfsuid=%ld\n", + (long)search_localid, + localname, + (long)localuid, + nfsowner, + (long)nfsuid)); + + ie = idmapcache_add(context->usercache, + localname, + localuid, + nfsowner, + nfsuid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_localid(search_localid=%ld): idmapcache_add() failed\n", + (long)search_localid)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_localid(search_localid=%ld): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localuid=%ld, nfsname='%s', nfsid=%ld\n", + (long)search_localid, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_localid(search_localid=%ld): " + "returning status=%d / ie=NULL\n", + (long)search_localid, + status)); + } + + return ie; +} + +idmapcache_entry *nfs41_idmap_user_lookup_by_nfsname(struct idmap_context *context, + const char *restrict name) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_user_lookup_by_nfsname(name='%s')\n", + name)); + + ie = idmapcache_lookup_by_nfsname(context->usercache, name); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + uid_t localuid; + char nfsowner[256]; + uid_t nfsuid; + + if (!cygwin_nfsserver_getent_passwd(name, + localname, + &localuid, + nfsowner, + &nfsuid)) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_nfsname(name='%s'): " + "Adding new user entry localname='%s', localuid=%ld, nfsowner='%s', nfsuid=%ld\n", + name, + localname, + (long)localuid, + nfsowner, + (long)nfsuid)); + + ie = idmapcache_add(context->usercache, + localname, + localuid, + nfsowner, + nfsuid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_nfsname(name='%s'): idmapcache_add() failed\n", + name)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_nfsname(name='%s'): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localuid=%ld, nfsname='%s', nfsid=%ld\n", + name, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_nfsname(name='%s'): " + "returning status=%d / ie=NULL\n", + name, + status)); + } + + return ie; +} + +idmapcache_entry *nfs41_idmap_user_lookup_by_nfsid(struct idmap_context *context, + idmapcache_idnumber search_nfsid) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_user_lookup_by_nfsid(search_nfsid=%ld)\n", + (long)search_nfsid)); + + ie = idmapcache_lookup_by_nfsid(context->usercache, search_nfsid); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + uid_t localuid; + char nfsowner[256]; + uid_t nfsuid; + char name[64]; + (void)sprintf(name, "%ld", (long)search_nfsid); + + if (!cygwin_nfsserver_getent_passwd(name, + localname, + &localuid, + nfsowner, + &nfsuid)) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_nfsid(search_nfsid=%ld): " + "Adding new user entry localname='%s', localuid=%ld, nfsowner='%s', nfsuid=%ld\n", + (long)search_nfsid, + localname, + (long)localuid, + nfsowner, + (long)nfsuid)); + + ie = idmapcache_add(context->usercache, + localname, + localuid, + nfsowner, + nfsuid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_user_lookup_by_nfsid(search_nfsid=%ld): idmapcache_add() failed\n", + (long)search_nfsid)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_nfsid(search_nfsid=%ld): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localuid=%ld, nfsname='%s', nfsid=%ld\n", + (long)search_nfsid, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_user_lookup_by_nfsid(search_nfsid=%ld): " + "returning status=%d / ie=NULL\n", + (long)search_nfsid, + status)); + } + + return ie; +} + + +/* ---- */ + +idmapcache_entry *nfs41_idmap_group_lookup_by_win32name(struct idmap_context *context, + const char *restrict name) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_group_lookup_by_win32name(name='%s')\n", name)); + + ie = idmapcache_lookup_by_win32name(context->groupcache, name); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + gid_t localgid; + char nfsownergroup[256]; + gid_t nfsgid; + + if (!cygwin_local_getent_group(name, + localname, + &localgid, + nfsownergroup, + &nfsgid)) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_win32name(name='%s'): " + "Adding new group entry localname='%s', localgid=%ld, nfsownergroup='%s', nfsgid=%ld\n", + name, + localname, + (long)localgid, + nfsownergroup, + (long)nfsgid)); + + ie = idmapcache_add(context->groupcache, + localname, + localgid, + nfsownergroup, + nfsgid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_win32name(name='%s'): idmapcache_add() failed\n", name)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_win32name(name='%s'): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localgid=%ld, nfsname='%s', nfsid=%ld\n", + name, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_win32name(name='%s'): " + "returning status=%d / ie=NULL\n", + name, + status)); + } + + return ie; +} + +idmapcache_entry *nfs41_idmap_group_lookup_by_localid(struct idmap_context *context, + idmapcache_idnumber search_localid) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_group_lookup_by_localid(search_localid=%ld)\n", + (long)search_localid)); + + ie = idmapcache_lookup_by_localid(context->groupcache, search_localid); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + gid_t localgid; + char nfsownergroup[256]; + gid_t nfsgid; + char name[64]; + (void)sprintf(name, "%ld", (long)search_localid); + + if (!cygwin_local_getent_group(name, + localname, + &localgid, + nfsownergroup, + &nfsgid)) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_localid(search_localid=%ld): " + "Adding new group entry localname='%s', localgid=%ld, nfsownergroup='%s', nfsgid=%ld\n", + (long)search_localid, + localname, + (long)localgid, + nfsownergroup, + (long)nfsgid)); + + ie = idmapcache_add(context->groupcache, + localname, + localgid, + nfsownergroup, + nfsgid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_localid(search_localid=%ld): idmapcache_add() failed\n", + (long)search_localid)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_localid(search_localid=%ld): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localgid=%ld, nfsname='%s', nfsid=%ld\n", + (long)search_localid, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_localid(search_localid=%ld): " + "returning status=%d / ie=NULL\n", + (long)search_localid, + status)); + } + + return ie; +} + +idmapcache_entry *nfs41_idmap_group_lookup_by_nfsname(struct idmap_context *context, + const char *restrict name) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_group_lookup_by_nfsname(name='%s')\n", + name)); + + ie = idmapcache_lookup_by_nfsname(context->groupcache, name); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + gid_t localgid; + char nfsownergroup[256]; + gid_t nfsgid; + + if (!cygwin_nfsserver_getent_group(name, + localname, + &localgid, + nfsownergroup, + &nfsgid)) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_nfsname(name='%s'): " + "Adding new group entry localname='%s', localgid=%ld, nfsownergroup='%s', nfsgid=%ld\n", + name, + localname, + (long)localgid, + nfsownergroup, + (long)nfsgid)); + + ie = idmapcache_add(context->groupcache, + localname, + localgid, + nfsownergroup, + nfsgid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_nfsname(name='%s'): idmapcache_add() failed\n", + name)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_nfsname(name='%s'): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localgid=%ld, nfsname='%s', nfsid=%ld\n", + name, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_nfsname(name='%s'): " + "returning status=%d / ie=NULL\n", + name, + status)); + } + + return ie; +} + +idmapcache_entry *nfs41_idmap_group_lookup_by_nfsid(struct idmap_context *context, + idmapcache_idnumber search_nfsid) +{ + int status = ERROR_NOT_FOUND; + idmapcache_entry *ie; + + DPRINTF(CYGWINIDLVL, + ("--> nfs41_idmap_group_lookup_by_nfsid(search_nfsid=%ld)\n", + (long)search_nfsid)); + + ie = idmapcache_lookup_by_nfsid(context->groupcache, search_nfsid); + if (ie != NULL) { + status = ERROR_SUCCESS; + goto out; + } + + char localname[256]; + gid_t localgid; + char nfsownergroup[256]; + gid_t nfsgid; + char name[64]; + (void)sprintf(name, "%ld", (long)search_nfsid); + + if (!cygwin_nfsserver_getent_group(name, + localname, + &localgid, + nfsownergroup, + &nfsgid)) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_nfsid(search_nfsid=%ld): " + "Adding new group entry localname='%s', localgid=%ld, nfsownergroup='%s', nfsgid=%ld\n", + (long)search_nfsid, + localname, + (long)localgid, + nfsownergroup, + (long)nfsgid)); + + ie = idmapcache_add(context->groupcache, + localname, + localgid, + nfsownergroup, + nfsgid); + if (ie == NULL) { + DPRINTF(0, + ("nfs41_idmap_group_lookup_by_nfsid(search_nfsid=%ld): idmapcache_add() failed\n", + (long)search_nfsid)); + } + else { + status = ERROR_SUCCESS; + } + } + +out: + if (ie != NULL) { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_nfsid(search_nfsid=%ld): " + "returning status=%d / user ie(=0x%p)={ win32name='%s', localgid=%ld, nfsname='%s', nfsid=%ld\n", + (long)search_nfsid, + status, + (void *)ie, + ie->win32name.buf, + (long)ie->localid, + ie->nfsname.buf, + (long)ie->nfsid)); + } + else { + DPRINTF(CYGWINIDLVL, + ("<-- nfs41_idmap_group_lookup_by_nfsid(search_nfsid=%ld): " + "returning status=%d / ie=NULL\n", + (long)search_nfsid, + status)); + } + + return ie; +} diff --git a/daemon/nfs41_daemon.c b/daemon/nfs41_daemon.c index dde0a71..055eb2c 100644 --- a/daemon/nfs41_daemon.c +++ b/daemon/nfs41_daemon.c @@ -82,6 +82,11 @@ static int map_current_user_to_ids(nfs41_idmapper *idmapper, char username[UTF8_PRINCIPALLEN+1]; char pgroupname[UTF8_PRINCIPALLEN+1]; int status = NO_ERROR; + idmapcache_entry *user_ie = NULL; + idmapcache_entry *group_ie = NULL; + + /* fixme: This should be a function argument */ + extern nfs41_daemon_globals nfs41_dg; if (!get_token_user_name(impersonation_tok, username)) { status = GetLastError(); @@ -97,35 +102,45 @@ static int map_current_user_to_ids(nfs41_idmapper *idmapper, goto out_map_default_ids; } - if (nfs41_idmap_name_to_uid(idmapper, username, puid)) { - /* instead of failing for auth_sys, fall back to 'nobody' uid/gid */ + user_ie = nfs41_idmap_user_lookup_by_win32name(nfs41_dg.idmapper, + username); + group_ie = nfs41_idmap_group_lookup_by_win32name(nfs41_dg.idmapper, + pgroupname); + + if (user_ie == NULL) { + /* instead of failing, fall back to 'nobody'/'nogroup' uid/gid */ DPRINTF(1, ("map_current_user_to_ids: " - "nfs41_idmap_name_to_uid(username='%s') failed, " - "returning nobody/nogroup defaults\n", + "nfs41_idmap_user_lookup_by_nfsname(username='%s') failed, " + "returning 'nobody'/'nogroup' defaults\n", username)); status = NO_ERROR; goto out_map_default_ids; } - if (nfs41_idmap_group_to_gid( - idmapper, - pgroupname, - pgid)) { + if (group_ie == NULL) { + /* instead of failing, fall back to 'nobody'/'nogroup' uid/gid */ DPRINTF(1, ("map_current_user_to_ids: " - "nfs41_idmap_group_to_gid(pgroupname='%s') failed, " - "returning nogroup\n", + "nfs41_idmap_group_lookup_by_nfsname(pgroupname='%s') failed, " + "returning 'nobody'/'nogroup' defaults\n", pgroupname)); - *pgid = nfs41_dg.default_gid; + status = NO_ERROR; + goto out_map_default_ids; } + *puid = user_ie->nfsid; + *pgid = group_ie->nfsid; out: DPRINTF(1, ("map_current_user_to_ids: " "mapping user=(name='%s' ==> uid=%d)/pgroup=(name='%s' ==> gid=%d)\n", username, (int)*puid, pgroupname, (int)*pgid)); + if (user_ie != NULL) + idmapcache_entry_refcount_dec(user_ie); + if (group_ie != NULL) + idmapcache_entry_refcount_dec(group_ie); return status; out_map_default_ids: diff --git a/daemon/open.c b/daemon/open.c index a349b25..809ef0f 100644 --- a/daemon/open.c +++ b/daemon/open.c @@ -707,8 +707,7 @@ void open_get_localuidgid(IN nfs41_daemon_globals *restrict nfs41dg, int status = 0; char owner[NFS4_FATTR4_OWNER_LIMIT+1]; char owner_group[NFS4_FATTR4_OWNER_LIMIT+1]; - uid_t map_uid = ~0UL; - gid_t map_gid = ~0UL; + idmapcache_entry *ie; #if 1 EASSERT(info->attrmask.count >= 2); @@ -770,11 +769,11 @@ void open_get_localuidgid(IN nfs41_daemon_globals *restrict nfs41dg, EASSERT_MSG(IS_PRINCIPAL_NAME(owner), ("owner='%s' is not a principal\n", owner)); - if (nfs41_idmap_name_to_uid( - nfs41dg->idmapper, - owner, - &map_uid) == 0) { - *owner_local_uid = map_uid; + ie = nfs41_idmap_user_lookup_by_nfsname(nfs41dg->idmapper, + owner); + if (ie != NULL) { + *owner_local_uid = ie->localid; + idmapcache_entry_refcount_dec(ie); } else { *owner_local_uid = NFS_USER_NOBODY_UID; @@ -795,11 +794,11 @@ void open_get_localuidgid(IN nfs41_daemon_globals *restrict nfs41dg, EASSERT_MSG(IS_PRINCIPAL_NAME(owner_group), ("owner_group='%s' is not a principal\n", owner_group)); - if (nfs41_idmap_group_to_gid( - nfs41dg->idmapper, - owner_group, - &map_gid) == 0) { - *owner_group_local_gid = map_gid; + ie = nfs41_idmap_group_lookup_by_nfsname(nfs41dg->idmapper, + owner_group); + if (ie != NULL) { + *owner_group_local_gid = ie->localid; + idmapcache_entry_refcount_dec(ie); } else { *owner_group_local_gid = NFS_GROUP_NOGROUP_GID; diff --git a/daemon/sid.c b/daemon/sid.c index 6b80cc6..f52bb9a 100644 --- a/daemon/sid.c +++ b/daemon/sid.c @@ -238,7 +238,6 @@ typedef struct _sidcache_entry { #define SIDCACHE_ENTRY_NAME_SIZE (UTF8_PRINCIPALLEN + 1) char win32name[SIDCACHE_ENTRY_NAME_SIZE]; /* must fit something like "user@domain" */ - char aliasname[SIDCACHE_ENTRY_NAME_SIZE]; PSID sid; DWORD sid_len; #pragma warning( push ) @@ -266,13 +265,8 @@ void sidcache_init(void) InitializeCriticalSection(&group_sidcache.lock); } -void sidcache_add(sidcache *cache, const char* win32name, PSID value) -{ - sidcache_addwithalias(cache, win32name, NULL, value); -} - /* copy SID |value| into cache */ -void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *aliasname, PSID value) +void sidcache_add(sidcache *cache, const char *win32name, PSID value) { int i; ssize_t freeEntryIndex; @@ -293,7 +287,6 @@ void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *a ((currentTimestamp - e->timestamp) >= SIDCACHE_TTL)) { e->sid = NULL; e->win32name[0] = '\0'; - e->aliasname[0] = '\0'; e->sid_len = 0; } } @@ -308,22 +301,6 @@ void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *a freeEntryIndex = i; break; } - if (aliasname) { - if (!strcmp(e->win32name, aliasname)) { - freeEntryIndex = i; - break; - } - if ((e->aliasname[0] != '\0') && - (!strcmp(e->aliasname, aliasname))) { - freeEntryIndex = i; - break; - } - } - if ((e->aliasname[0] != '\0') && - (!strcmp(e->aliasname, win32name))) { - freeEntryIndex = i; - break; - } } else { /* (cache->entries[i].sid == NULL) --> empty slot... */ @@ -346,17 +323,12 @@ void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *a if (!CopySid(sid_len, e->sid, value)) { e->sid = NULL; e->win32name[0] = '\0'; - e->aliasname[0] = '\0'; e->sid_len = 0; goto done; } e->sid_len = sid_len; (void)strcpy(e->win32name, win32name); - if (aliasname) - (void)strcpy(e->aliasname, aliasname); - else - e->aliasname[0] = '\0'; e->timestamp = currentTimestamp; cache->cacheIndex = (cache->cacheIndex + 1) % SIDCACHE_SIZE; @@ -380,8 +352,7 @@ PSID *sidcache_getcached_byname(sidcache *cache, const char *win32name) e = &cache->entries[i]; if ((e->sid != NULL) && - ((!strcmp(e->win32name, win32name)) || - ((e->aliasname[0] != '\0') && (!strcmp(e->aliasname, win32name)))) && + (strcmp(e->win32name, win32name) == 0) && ((currentTimestamp - e->timestamp) < SIDCACHE_TTL)) { PSID malloced_sid = malloc(e->sid_len); if (!malloced_sid) @@ -434,15 +405,15 @@ done: int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *sid_len, PSID *sid, LPCSTR nfsname) { - const char *orig_nfsname = nfsname; + const char *win32name = NULL; int status = ERROR_INTERNAL_ERROR; SID_NAME_USE sid_type = 0; - char nfsname_buff[UTF8_PRINCIPALLEN+1]; #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID signed long user_uid = -1; signed long group_gid = -1; #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ + idmapcache_entry *nfs_ie = NULL; DPRINTF(ACLLVL, ("--> map_nfs4servername_2_sid(query=0x%x,nfsname='%s')\n", @@ -451,64 +422,56 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si EASSERT_MSG(IS_PRINCIPAL_NAME(nfsname), ("nfsname='%s' is not a principal\n", nfsname)); + + if ((nfs_ie == NULL) && (query & OWNER_SECURITY_INFORMATION)) { + nfs_ie = nfs41_idmap_user_lookup_by_nfsname(nfs41dg->idmapper, + nfsname); + } + if ((nfs_ie == NULL) && (query & GROUP_SECURITY_INFORMATION)) { + nfs_ie = nfs41_idmap_group_lookup_by_nfsname(nfs41dg->idmapper, + nfsname); + } + + if (nfs_ie == NULL) { + DPRINTF(0, + ("map_nfs4servername_2_sid(nfsname='%s'): " + "nfs41_idmap_group_lookup_by_nfsname() failed\n", + nfsname)); + status = ERROR_NOT_FOUND; + goto out; + } + win32name = nfs_ie->win32name.buf; + #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - /* use our own idmapper script to map nfsv4 owner string to local Windows account */ if (query & OWNER_SECURITY_INFORMATION) { - uid_t udummy = ~0UL; - #ifdef NFS41_DRIVER_SID_CACHE - *sid = sidcache_getcached_byname(&user_sidcache, nfsname); + *sid = sidcache_getcached_byname(&user_sidcache, win32name); if (*sid) { *sid_len = GetLengthSid(*sid); - DPRINTF(1, ("map_nfs4servername_2_sid: returning cached sid for user '%s'\n", nfsname)); + DPRINTF(1, + ("map_nfs4servername_2_sid: returning cached user sid for win32name='%s'\n", + win32name)); status = 0; goto out; } #endif /* NFS41_DRIVER_SID_CACHE */ - -#ifndef NFS41_DRIVER_SID_CACHE - /* gisburn: fixme: We must cache this, or the performance impact will be devastating!! */ -#endif /* !NFS41_DRIVER_SID_CACHE */ - if (!cygwin_getent_passwd(nfsname, nfsname_buff, &udummy, NULL, NULL)) { - if (strcmp(nfsname, nfsname_buff)) { - DPRINTF(1, - ("map_nfs4servername_2_sid: remap user '%s' --> '%s'\n", - nfsname, - nfsname_buff)); - nfsname = nfsname_buff; - } - } } #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID - /* use our own idmapper script to map nfsv4 owner string to local Windows account */ if (query & GROUP_SECURITY_INFORMATION) { - gid_t gdummy = ~0UL; - #ifdef NFS41_DRIVER_SID_CACHE - *sid = sidcache_getcached_byname(&group_sidcache, nfsname); + *sid = sidcache_getcached_byname(&group_sidcache, win32name); if (*sid) { *sid_len = GetLengthSid(*sid); - DPRINTF(1, ("map_nfs4servername_2_sid: returning cached sid for group '%s'\n", nfsname)); + DPRINTF(1, + ("map_nfs4servername_2_sid: returning cached group sid for win32name='%s'\n", + win32name)); status = 0; goto out; } #endif /* NFS41_DRIVER_SID_CACHE */ - -#ifndef NFS41_DRIVER_SID_CACHE - /* gisburn: fixme: We must cache this, or the performance impact will be devastating!! */ -#endif /* !NFS41_DRIVER_SID_CACHE */ - if (!cygwin_getent_group(nfsname, nfsname_buff, &gdummy, NULL, NULL)) { - if (strcmp(nfsname, nfsname_buff)) { - DPRINTF(1, - ("map_nfs4servername_2_sid: remap group '%s' --> '%s'\n", - nfsname, - nfsname_buff)); - nfsname = nfsname_buff; - } - } } #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ @@ -519,17 +482,17 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si } *sid_len = MAX_SID_BUFFER_SIZE; - status = lookupprincipalnameutf8(NULL, nfsname, *sid, sid_len, + status = lookupprincipalnameutf8(NULL, win32name, *sid, sid_len, &sid_type); if (status) { /* |lookupprincipalnameutf8()| success */ DPRINTF(ACLLVL, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "lookupprincipalnameutf8() returned status=%d " "GetLastError=%d *sid_len=%d\n", - query, nfsname, status, GetLastError(), *sid_len)); + query, win32name, status, (int)GetLastError(), *sid_len)); status = 0; *sid_len = GetLengthSid(*sid); @@ -538,10 +501,10 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si /* |lookupprincipalnameutf8()| failed... */ DPRINTF(ACLLVL, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "lookupprincipalnameutf8() returned status=%d " "GetLastError=%d\n", - query, nfsname, status, GetLastError())); + query, win32name, status, (int)GetLastError())); status = GetLastError(); switch(status) { @@ -550,9 +513,9 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si * This should never happen, as |MAX_SID_BUFFER_SIZE| should be * larger than the largest possible SID buffer size for Windows */ - eprintf("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + eprintf("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "lookupprincipalnameutf8() failed with " - "ERROR_INSUFFICIENT_BUFFER\n", query, nfsname); + "ERROR_INSUFFICIENT_BUFFER\n", query, win32name); status = ERROR_INTERNAL_ERROR; goto out; @@ -560,50 +523,25 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si case ERROR_NONE_MAPPED: #ifdef NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "none mapped, " "trying Unix_User+/Unix_Group+ mapping\n", - query, nfsname)); + query, win32name)); if ((user_uid == -1) && (query & OWNER_SECURITY_INFORMATION)) { - uid_t map_uid = ~0UL; - - if (nfs41_idmap_name_to_uid(nfs41dg->idmapper, - nfsname, &map_uid) == 0) { - user_uid = map_uid; - } - else { - DPRINTF(0, - ("map_nfs4servername_2_sid(query=0x%x,name='%s'): " - "nfs41_idmap_name_to_uid() failed\n", - query, nfsname)); - /* fixme: try harder here, "1234" should to to |atol()| */ - } + user_uid = nfs_ie->localid; } if ((group_gid == -1) && (query & GROUP_SECURITY_INFORMATION)) { - gid_t map_gid = ~0UL; - - if (nfs41_idmap_group_to_gid( - nfs41dg->idmapper, - nfsname, - &map_gid) == 0) { - group_gid = map_gid; - } - else { - DPRINTF(0, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): nfs41_idmap_group_to_gid() failed\n", - query, nfsname)); - /* fixme: try harder here, "1234" should to to |atol()| */ - } + user_uid = nfs_ie->localid; } if (user_uid != -1) { if (allocate_unixuser_sid(user_uid, sid)) { DPRINTF(ACLLVL, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "allocate_unixuser_sid(uid=%ld) success\n", - query, nfsname, user_uid)); + query, win32name, user_uid)); status = ERROR_SUCCESS; sid_type = SidTypeUser; goto out_cache; @@ -611,18 +549,18 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si status = GetLastError(); DPRINTF(ACLLVL, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "allocate_unixuser_sid(uid=%ld) failed, error=%d\n", - query, nfsname, user_uid, status)); + query, win32name, user_uid, status)); goto out; } if (group_gid != -1) { if (allocate_unixgroup_sid(group_gid, sid)) { DPRINTF(ACLLVL, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "allocate_unixgroup_sid(gid=%ld) success\n", - query, nfsname, group_gid)); + query, win32name, group_gid)); status = ERROR_SUCCESS; sid_type = SidTypeGroup; goto out_cache; @@ -630,17 +568,17 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si status = GetLastError(); DPRINTF(ACLLVL, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "allocate_unixgroup_sid(gid=%ld) failed, error=%d\n", - query, nfsname, group_gid, status)); + query, win32name, group_gid, status)); goto out; } #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): none mapped, " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): none mapped, " "using WinNullSid mapping\n", - query, nfsname)); + query, win32name)); status = create_unknownsid(WinNullSid, sid, sid_len); if (status) @@ -648,8 +586,8 @@ int map_nfs4servername_2_sid(nfs41_daemon_globals *nfs41dg, int query, DWORD *si break; default: DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): error %d not handled\n", - query, nfsname, GetLastError())); + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): error=%d not handled\n", + query, win32name, (int)GetLastError())); break; } out_cache: @@ -668,54 +606,36 @@ out_cache: * - https://stackoverflow.com/questions/39373188/lookupaccountnamew-returns-sidtypealias-but-expected-sidtypegroup */ DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "SID_TYPE='SidTypeAlias' mapped to 'SidTypeGroup'\n", - query, orig_nfsname)); + query, win32name)); sid_type = SidTypeGroup; } - +#if 0 #ifdef NFS41_DRIVER_WS2022_HACKS if ((query & OWNER_SECURITY_INFORMATION) && (sid_type == SidTypeWellKnownGroup)) { if (!strcmp(orig_nfsname, "SYSTEM")) { DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + ("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "SID_TYPE='SidTypeWellKnownGroup' mapped to 'SidTypeUser' for user\n", query, orig_nfsname)); sid_type = SidTypeUser; } } #endif /* NFS41_DRIVER_WS2022_HACKS */ - +#endif switch (sid_type) { case SidTypeUser: - if (isdigit(orig_nfsname[0])) { - DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " - "adding usercache nfsname='%s' orig_nfsname='%s'\n", - query, orig_nfsname, nfsname, orig_nfsname)); - sidcache_addwithalias(&user_sidcache, nfsname, orig_nfsname, *sid); - } - else { - sidcache_add(&user_sidcache, orig_nfsname, *sid); - } + sidcache_add(&user_sidcache, win32name, *sid); break; case SidTypeGroup: - if (isdigit(orig_nfsname[0])) { - DPRINTF(1, - ("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " - "adding groupcache nfsname='%s' orig_nfsname='%s'\n", - query, orig_nfsname, nfsname, orig_nfsname)); - sidcache_addwithalias(&group_sidcache, nfsname, orig_nfsname, *sid); - } - else { - sidcache_add(&group_sidcache, orig_nfsname, *sid); - } + sidcache_add(&group_sidcache, win32name, *sid); break; default: - eprintf("map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + eprintf("map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "Unknown SID_TYPE=%d\n", - query, orig_nfsname, sid_type); + query, win32name, sid_type); break; } } @@ -724,8 +644,8 @@ out_cache: out: if (DPRINTF_LEVEL_ENABLED(ACLLVL)) { if (status) { - dprintf_out("<-- map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " - "status=%d\n", query, nfsname, status); + dprintf_out("<-- map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " + "status=%d\n", query, win32name, status); } else { PSTR sidstr = NULL; @@ -738,15 +658,18 @@ out: sidstr = errsidstrbuf; } - dprintf_out("<-- map_nfs4servername_2_sid(query=0x%x,nfsname='%s'): " + dprintf_out("<-- map_nfs4servername_2_sid(query=0x%x,win32name='%s'): " "status=%d sidstr='%s' *sid_len=%d\n", - query, nfsname, status, sidstr, *sid_len); + query, win32name, status, sidstr, *sid_len); if (sidstr && (sidstr != errsidstrbuf)) LocalFree(sidstr); } } + if (nfs_ie) + idmapcache_entry_refcount_dec(nfs_ie); + return status; out_free_sid: diff --git a/daemon/sid.h b/daemon/sid.h index 572967b..17d5f33 100644 --- a/daemon/sid.h +++ b/daemon/sid.h @@ -76,7 +76,6 @@ bool unixgroup_sid2gid(PSID psid, gid_t *pgid); #endif /* NFS41_DRIVER_FEATURE_MAP_UNMAPPED_USER_TO_UNIXUSER_SID */ void sidcache_init(void); void sidcache_add(sidcache *cache, const char* win32name, PSID value); -void sidcache_addwithalias(sidcache *cache, const char *win32name, const char *aliasname, PSID value); PSID *sidcache_getcached_byname(sidcache *cache, const char *win32name); bool sidcache_getcached_bysid(sidcache *cache, PSID sid, char *out_win32name); diff --git a/daemon/util.c b/daemon/util.c index 0610651..f54f407 100644 --- a/daemon/util.c +++ b/daemon/util.c @@ -869,6 +869,8 @@ int chgrp_to_primarygroup( IN nfs41_open_state *state) { int chgrp_status = NO_ERROR; + idmapcache_entry *group_ie = NULL; + char win32groupname[256]; /* * |RPCSEC_AUTH_NONE| does not have any @@ -879,42 +881,43 @@ int chgrp_to_primarygroup( return NO_ERROR; } - char *s; - stateid_arg stateid; - nfs41_file_info createchgrpattrs = { - .attrmask.count = 2, - .attrmask.arr[0] = 0, - .attrmask.arr[1] = FATTR4_WORD1_OWNER_GROUP, - .owner_group = createchgrpattrs.owner_group_buf - }; - /* fixme: we should store the |owner_group| name in |upcall| */ if (!get_token_primarygroup_name(currentthread_token, - createchgrpattrs.owner_group)) { + win32groupname)) { eprintf("chgrp_to_primarygroup(state->file.name.name='%s'): " "get_token_primarygroup_name() failed.\n", state->file.name.name); - goto create_symlink_chgrp_out; + goto out; } - /* - * Find '@' so we can overwrite/override the domain name - * FIXME: We need to use a bi-directional idmapper to handle this better - */ - s = strchr(createchgrpattrs.owner_group, '@'); - if (s != NULL) { - s++; /* Skip '@' */ - } - else { - /* If we do not have an '@' yet (no domain name), then add one */ - s = createchgrpattrs.owner_group+strlen(createchgrpattrs.owner_group); - s = stpcpy(s, "@"); + EASSERT_MSG(IS_PRINCIPAL_NAME(win32groupname), + ("chgrp_to_primarygroup: win32groupname='%s' is not a principal\n", + win32groupname)); + + group_ie = nfs41_idmap_group_lookup_by_win32name(nfs41dg->idmapper, + win32groupname); + if (group_ie == NULL) { + eprintf("chgrp_to_primarygroup(state->file.name.name='%s'): " + "nfs41_idmap_group_lookup_by_win32name(name='%s') failed\n", + state->file.name.name, + win32groupname); + goto out; } - (void)stpcpy(s, nfs41dg->localdomain_name); - DPRINTF(1, ("chgrp_to_primarygroup(state->file.name.name='%s'): " + + DPRINTF(1, + ("chgrp_to_primarygroup(state->file.name.name='%s'): " "owner_group='%s'\n", state->file.name.name, - createchgrpattrs.owner_group)); + group_ie->nfsname.buf)); + + stateid_arg stateid; + nfs41_file_info createchgrpattrs = { + .attrmask.count = 2, + .attrmask.arr[0] = 0, + .attrmask.arr[1] = FATTR4_WORD1_OWNER_GROUP, + .owner_group = createchgrpattrs.owner_group_buf + }; + (void)strcpy(createchgrpattrs.owner_group, group_ie->nfsname.buf); nfs41_open_stateid_arg(state, &stateid); chgrp_status = nfs41_setattr(state->session, @@ -924,12 +927,13 @@ int chgrp_to_primarygroup( "nfs41_setattr(owner_group='%s') " "failed with error '%s'.\n", state->file.name.name, - createchgrpattrs.owner_group, + group_ie->nfsname.buf, nfs_error_string(chgrp_status)); } -create_symlink_chgrp_out: - ; +out: + if (group_ie != NULL) + idmapcache_entry_refcount_dec(group_ie); return chgrp_status; }

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever