Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client backup 2024-04-25/001
Posted by Anonymous on Thu 25th Apr 2024 14:30
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
diff --git a/cygwin/devel/msnfs41client.bash b/cygwin/devel/msnfs41client.bash index 1325d6f..7359f9d 100644 --- a/cygwin/devel/msnfs41client.bash +++ b/cygwin/devel/msnfs41client.bash @@ -168,6 +168,10 @@ function nfsclient_rundeamon "$(uname -a)" \ "$(is_windows_admin_account ; printf "%d\n" $((${?}?0:1)))" + # sync before starting nfs41 client daemon, to limit the damage + # if the kernel module generates a crash on startup + sync + set -o xtrace typeset -a nfsd_args=( @@ -261,6 +265,10 @@ function nfsclient_system_rundeamon "$(uname -a)" \ "$(is_windows_admin_account ; printf "%d\n" $((${?}?0:1)))" + # sync before starting nfs41 client daemon, to limit the damage + # if the kernel module generates a crash on startup + sync + set -o xtrace typeset -a nfsd_args=( diff --git a/daemon/daemon_debug.c b/daemon/daemon_debug.c index 54fb411..8fb5150 100644 --- a/daemon/daemon_debug.c +++ b/daemon/daemon_debug.c @@ -78,7 +78,46 @@ void dprintf_out(LPCSTR format, ...) { va_list args; va_start(args, format); +#if 1 + char username[UNLEN+1]; + char groupname[GNLEN+1]; + HANDLE tok; + const char *tok_src; + bool free_tok = false; + + if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tok)) { + tok_src = "impersonated_user"; + free_tok = true; + } + else { + int lasterr = GetLastError(); + if (lasterr == ERROR_CANT_OPEN_ANONYMOUS) { + tok_src = "anon_user"; + } + else { + tok_src = "proc_user"; + } + + tok = GetCurrentProcessToken(); + } + + if (!get_token_user_name(tok, username)) { + (void)strcpy(username, "<unknown>"); + } + if (!get_token_primarygroup_name(tok, groupname)) { + (void)strcpy(groupname, "<unknown>"); + } + + (void)fprintf(dlog_file, "%04x/%s['%s'/%s']: ", + (int)GetCurrentThreadId(), + tok_src, username, groupname); + + if (free_tok) { + (void)CloseHandle(tok); + } +#else (void)fprintf(dlog_file, "%04x: ", (int)GetCurrentThreadId()); +#endif (void)vfprintf(dlog_file, format, args); (void)fflush(dlog_file); va_end(args); diff --git a/daemon/mount.c b/daemon/mount.c index 7ab88be..560f7fa 100644 --- a/daemon/mount.c +++ b/daemon/mount.c @@ -3,6 +3,7 @@ * * Olga Kornievskaia <aglo@umich.edu> * Casey Bodley <cbodley@umich.edu> + * Roland Mainz <roland.mainz@nrubsig.org> * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -71,6 +72,24 @@ static int handle_mount(void *daemon_context, nfs41_upcall *upcall) EASSERT(args->hostport != NULL); +#define MOUNT_REJECT_REQUESTS_WITHOUT_IMPERSONATION_TOKEN 1 + +#ifdef MOUNT_REJECT_REQUESTS_WITHOUT_IMPERSONATION_TOKEN + logprintf("mount(hostport='%s', path='%s') request\n", + args->hostport?args->hostport:"<NULL>", + args->path?args->path:"<NULL>"); + + HANDLE tok; + if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tok)) { + (void)CloseHandle(tok); + } + else { + eprintf("handle_mount: Thread has no impersonation token\n"); + status = ERROR_NO_IMPERSONATION_TOKEN; + goto out; + } +#endif /* MOUNT_REJECT_REQUESTS_WITHOUT_IMPERSONATION_TOKEN */ + if ((args->path == NULL) || (strlen(args->path) == 0)) { DPRINTF(1, ("handle_mount: empty mount root\n")); status = ERROR_BAD_NETPATH; diff --git a/daemon/nfs41_daemon.c b/daemon/nfs41_daemon.c index 78393be..b4f59e3 100644 --- a/daemon/nfs41_daemon.c +++ b/daemon/nfs41_daemon.c @@ -183,6 +183,10 @@ write_downcall: upcall_marshall(&upcall, inbuf, (uint32_t)inbuf_len, (uint32_t*)&outbuf_len); DPRINTF(2, ("making a downcall: outbuf_len %ld\n\n", outbuf_len)); + /* + * Note: Caller impersonation ends here - nfs41_driver.sys + * |IOCTL_NFS41_WRITE| calls |SeStopImpersonatingClient()| + */ status = DeviceIoControl(pipe, IOCTL_NFS41_WRITE, inbuf, inbuf_len, NULL, 0, (LPDWORD)&outbuf_len, NULL); if (!status) { diff --git a/daemon/nfs41_server.c b/daemon/nfs41_server.c index 23660dc..891869a 100644 --- a/daemon/nfs41_server.c +++ b/daemon/nfs41_server.c @@ -3,6 +3,7 @@ * * Olga Kornievskaia <aglo@umich.edu> * Casey Bodley <cbodley@umich.edu> + * Roland Mainz <roland.mainz@nrubsig.org> * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -311,7 +312,36 @@ int nfs41_server_resolve( hints.ai_flags |= AI_FILESERVER; #endif +/* + * Windows bug: |GetAddrInfoExA()| ends impersonation + * Tested on CYGWIN_NT-10.0-19045 3.6.0-0.115.g579064bf4d40.x86 + */ +#define WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG 1 + +#ifdef WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG + HANDLE tok; + + /* + * Windows bug: |GetAddrInfoExA()| ends impersonation, so we copy + * the current (impersonation) thread token, and later + * set it after we are done with |GetAddrInfoExA()| + */ + if (!OpenThreadToken(GetCurrentThread(), + TOKEN_QUERY|TOKEN_IMPERSONATE, FALSE, &tok)) { + tok = INVALID_HANDLE_VALUE; + DPRINTF(0, ("nfs41_server_resolve: OpenThreadToken() failed, " + "lasterr=%d.\n", (int)GetLastError())); + } +#endif /* WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG */ + retry_getaddrinfoex: +#ifdef WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG + if (!SetThreadToken(NULL, tok)) { + DPRINTF(0, ("nfs41_server_resolve: SetThreadToken() failed, " + "lasterr=%d\n", (int)GetLastError())); + } +#endif /* WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG */ + wse = GetAddrInfoExA(hostname, service, 0, NULL, &hints, &res, NULL, NULL, NULL, NULL); if (wse != 0) { @@ -330,6 +360,13 @@ retry_getaddrinfoex: goto out; } +#ifdef WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG + if (!SetThreadToken(NULL, tok)) { + DPRINTF(0, ("nfs41_server_resolve: SetThreadToken() failed, " + "lasterr=%d\n", (int)GetLastError())); + } +#endif /* WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG */ + for (info = res; info != NULL; info = info->ai_next) { DPRINTF(SRVLVL, ("GetAddrInfoExA() returned: info.{ai_family=%d}\n", info->ai_family)); @@ -398,5 +435,10 @@ out: DPRINTF(SRVLVL, ("<-- nfs41_server_resolve('%s':%u) returning " "OK { %s }\n", hostname, port, buff)); } + +#ifdef WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG + /* FIXME: We leak the token here */ +#endif /* WINDOWS_GETADDRINFOEXA_STOPS_IMPERSONATION_BUG */ + return status; }

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at