Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

ACL work backup 2024-06-27
Posted by Anonymous on Thu 27th Jun 2024 15:48
raw | new post
view followups (newest first): ACL work backup 2024-06-27 by Anonymous

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
diff --git a/daemon/acl.c b/daemon/acl.c index 331fc8e..474a170 100644 --- a/daemon/acl.c +++ b/daemon/acl.c @@ -1026,7 +1026,7 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, } nfs4_acl->aces->aceflag = 0; } else { - int i; + int win_i, nfs_i; PACE_HEADER ace; PBYTE tmp_pointer; SID_NAME_USE who_sid_type = 0; @@ -1037,15 +1037,18 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, print_hexbuf_no_asci("ACL\n", (const unsigned char *)acl, acl->AclSize); } - nfs4_acl->count = acl->AceCount; - nfs4_acl->aces = calloc(nfs4_acl->count, sizeof(nfsace4)); + + nfs4_acl->aces = calloc(acl->AceCount, sizeof(nfsace4)); if (nfs4_acl->aces == NULL) { status = GetLastError(); goto out; } nfs4_acl->flag = 0; - for (i = 0; i < acl->AceCount; i++) { - status = GetAce(acl, i, &ace); + for (win_i = nfs_i = 0; win_i < acl->AceCount; win_i++) { + nfsace4 *curr_nfsace = &nfs4_acl->aces[nfs_i]; + PSID ace_sid; + + status = GetAce(acl, win_i, &ace); if (!status) { status = GetLastError(); eprintf("map_dacl_2_nfs4acl: GetAce failed with %d\n", status); @@ -1058,9 +1061,9 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, } DPRINTF(ACLLVL3, ("ACE TYPE: %x\n", ace->AceType)); if (ace->AceType == ACCESS_ALLOWED_ACE_TYPE) - nfs4_acl->aces[i].acetype = ACE4_ACCESS_ALLOWED_ACE_TYPE; + curr_nfsace->acetype = ACE4_ACCESS_ALLOWED_ACE_TYPE; else if (ace->AceType == ACCESS_DENIED_ACE_TYPE) - nfs4_acl->aces[i].acetype = ACE4_ACCESS_DENIED_ACE_TYPE; + curr_nfsace->acetype = ACE4_ACCESS_DENIED_ACE_TYPE; else { eprintf("map_dacl_2_nfs4acl: unsupported ACE type %d\n", ace->AceType); @@ -1069,8 +1072,40 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, } tmp_pointer += sizeof(ACCESS_MASK) + sizeof(ACE_HEADER); + ace_sid = tmp_pointer; + +#ifdef NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES + if (IsWellKnownSid(ace_sid, WinNullSid)) { + /* + * Skip ACEs with SID==|WinNullSid| + * + * Cygwin generates artificial ACEs with SID user + * |WinNullSid| to encode permission information + * (see |CYG_ACE_ISBITS_TO_POSIX()| in + * Cygwin newlib-cygwin/winsup/cygwin/sec/acl.cc + * + * This assumes that the filesystem which stores + * the ACL data leaves them 1:1 intact - which is + * not the case for the Linux NFSv4.1 server + * (tested with Linux 6.6.32), which transforms the + * NFSv4.1 ACLs into POSIX ACLs at setacl time, + * and the POSIX ACLs back to NFSv4 ACLs at getacl + * time. + * And this lossy transformation screws-up Cygwin + * completly. + * The best we can do for now is to skip such + * ACEs, as we have no way to detect whether + * the NFS server supports full NFSv4 ACLs, or + * only POSIX ACLs disguised as NFSv4 ACLs. + */ + DPRINTF(ACLLVL3, ("Skipping WinNullSid ACE, " + "win_i=%d nfs_i=%d\n", (int)win_i, (int)nfs_i)); + continue; + } +#endif /* NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES */ - status = map_nfs4ace_who(tmp_pointer, sid, gsid, nfs4_acl->aces[i].who, + status = map_nfs4ace_who(ace_sid, sid, gsid, + curr_nfsace->who, domain, &who_sid_type); if (status) goto out_free; @@ -1078,10 +1113,10 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, win_mask = *(PACCESS_MASK)(ace + 1); map_winace2nfs4aceflags(ace->AceFlags, - &nfs4_acl->aces[i].aceflag); + &curr_nfsace->aceflag); map_winaccessmask2nfs4acemask(win_mask, file_type, named_attr_support, - &nfs4_acl->aces[i].acemask); + &curr_nfsace->acemask); /* * Clear |ACE4_INHERITED_ACE| @@ -1104,8 +1139,8 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, * icacls(1win) if the parent directory has inheritance * ACLs. */ - if (nfs4_acl->aces[i].aceflag & ACE4_INHERITED_ACE) { - nfs4_acl->aces[i].aceflag &= ~ACE4_INHERITED_ACE; + if (curr_nfsace->aceflag & ACE4_INHERITED_ACE) { + curr_nfsace->aceflag &= ~ACE4_INHERITED_ACE; DPRINTF(ACLLVL3, ("clearning ACE4_INHERITED_ACE\n")); } @@ -1125,8 +1160,8 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, "aces[%d].who='%s': " "setting group flag\n", map_SID_NAME_USE2str(who_sid_type), - i, nfs4_acl->aces[i].who)); - nfs4_acl->aces[i].aceflag |= ACE4_IDENTIFIER_GROUP; + nfs_i, curr_nfsace->who)); + curr_nfsace->aceflag |= ACE4_IDENTIFIER_GROUP; } if (DPRINTF_LEVEL_ENABLED(ACLLVL1)) { @@ -1134,24 +1169,30 @@ static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, "acetype='%s', " "aceflag='%s'/0x%lx, " "acemask='%s'/0x%lx(=win_mask=0x%lx)), " - "who_sid_type='%s'\n", - i, - nfs4_acl->aces[i].who, - map_nfs_acetype2str(nfs4_acl->aces[i].acetype), - nfs_aceflag2shortname(nfs4_acl->aces[i].aceflag), - nfs4_acl->aces[i].aceflag, - nfs_mask2shortname(nfs4_acl->aces[i].acemask), - (long)nfs4_acl->aces[i].acemask, + "who_sid_type='%s', " + "win_i=%d\n", + nfs_i, + curr_nfsace->who, + map_nfs_acetype2str(curr_nfsace->acetype), + nfs_aceflag2shortname(curr_nfsace->aceflag), + curr_nfsace->aceflag, + nfs_mask2shortname(curr_nfsace->acemask), + (long)curr_nfsace->acemask, (long)win_mask, - map_SID_NAME_USE2str(who_sid_type)); + map_SID_NAME_USE2str(who_sid_type), + (int)win_i); if (DPRINTF_LEVEL_ENABLED(ACLLVL2)) { - print_windows_access_mask(nfs4_acl->aces[i].who, + print_windows_access_mask(curr_nfsace->who, win_mask); - print_nfs_access_mask(nfs4_acl->aces[i].who, - nfs4_acl->aces[i].acemask); + print_nfs_access_mask(curr_nfsace->who, + curr_nfsace->acemask); } } + + nfs_i++; } + + nfs4_acl->count = nfs_i; } status = ERROR_SUCCESS; out: diff --git a/daemon/nfs41_session.c b/daemon/nfs41_session.c index 98a2ccb..92741e7 100644 --- a/daemon/nfs41_session.c +++ b/daemon/nfs41_session.c @@ -117,6 +117,9 @@ void nfs41_session_free_slot( } /* update highest_used if necessary */ if (slotid == table->highest_used) { + EASSERT_MSG((table->highest_used < NFS41_MAX_NUM_SLOTS), + ("table->highest_used=%lu\n", + (unsigned long)table->highest_used)); while (table->highest_used && !table->used_slots[table->highest_used]) table->highest_used--; } diff --git a/nfs41_build_features.h b/nfs41_build_features.h index 0fb2882..37c5995 100644 --- a/nfs41_build_features.h +++ b/nfs41_build_features.h @@ -133,4 +133,24 @@ */ #define NFS41_DRIVER_DEBUG_FS_NAME 1 +/* + * NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES - Skip ACEs + * with SID==|WinNullSid| + * + * Cygwin generates artificial ACEs with SID user |WinNullSid| to + * encode permission information (follow |CYG_ACE_ISBITS_TO_POSIX()| + * in Cygwin newlib-cygwin/winsup/cygwin/sec/acl.cc + * + * This assumes that the filesystem which storesthe ACL data leaves + * them 1:1 intact - which is not the case for the Linux NFSv4.1 + * server (tested with Linux 6.6.32), which transforms the NFSv4.1 + * ACLs into POSIX ACLs at setacl time, and the POSIX ACLs back to + * NFSv4 ACLs at getacl time. + * And this lossy transformation screws-up Cygwin completly. + * The best we can do for now is to skip such ACEs, as we have no + * way to detect whether the NFS server supports full NFSv4 ACLs, + * or only POSIX ACLs disguised as NFSv4 ACLs. + */ +#define NFS41_DRIVER_ACLS_SETACL_SKIP_WINNULLSID_ACES 1 + #endif /* !_NFS41_DRIVER_BUILDFEATURES_ */

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at