nfs41_np.c:
NPAddConnection3() was overwriting status=WN_BAD_NETNAME on any errors from DeviceIoControl()
nfs41_driver.c:
GetConnectionHandle() was only returning the handle, and throwing away the return value from ZwCreateFile()
map_mount_errors() was missing a mapping from ERROR_BAD_NET_NAME to STATUS_BAD_NETWORK_NAME
Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
it complained that mdls had to have a certain (undocumented) flag set.
also, it seemed to imply that in readdir, the locking of pages needed
to be done by the thread creating the mdl. so i moved the locking/unlocking
there.
if the nfs_mount passes us a read-only mount option. then return
access_denied if:
1. requests for open with desired access of write or append,
2. we get a write irp,
3. requests for setattr, setattrex, setacl
4. ignore the delete_on_open flag passed to open
on a mount request, search a list of existing mounts for a given netroot
based on LUID entries (login ids). if an entry is found, then check the
current request rpcsec flavor against existing sessions/mounts. If no
match found, do another upcall for a mount and store a session of this
flavor for this LUID. if no entry found for this LUID, then do a mount
upcall, create a new entry and add it to the list.
windows api frequently sends a query security with a buffer len of 0
to figure out how big of buffer is needed for a security descriptor.
we send a getattr for acl attribute on the 1st irp, then cache the
returned security descriptor in fobx. on the 2nd query, if the buffer
is cached and it's not "stale", we return that buffer.
added 2011 year to the copyright line
added authors info to the license
added UofM license to libtirpc files that we modified
(but i probably missed some)
this function was called before writes and was setting time and size
attributes of the file. we were translating it into a setattr. reads
were also followed by a setattr of timestamp (unnecessarily)
proposes an alternate solution for attempts to set file size without an open sta
teid. instead of acquiring one by sending OPEN, fail the request with ACCESS_DE
NIED
according the MS File System Algorithms documentation for setting FileAllocation
Information and FileEndOfFileInformation [http://msdn.microsoft.com/en-us/librar
y/ff469355%28v=PROT.10%29.aspx]:
"If Open.GrantedAccess does not contain FILE_WRITE_DATA, the operation MUST be f
ailed with STATUS_ACCESS_DENIED"
-removes open_owner_id, access_mask, access_mode from setattr upcall arguments
-moves map_access_2_allowdeny() back to open.c as a static function, since handl
e_setattr() was its only other call site
Deleting client's security context was causing kernel crashes.
During upcall, we remember a pointer to the client's security context,
then on close we delete the security context. Previously we would also
delete the context if the upcall was abandoned.
Apparently, windows will always send a close for the fcb that was used
for the abandoned upcall. Close deletes the context. Then when upcall
was done, it would try to delete the context again (oops).
zero-length ranges: valid on windows, but nfs servers MUST return NFS4ERR_INVAL for LOCK with length=0. use MRxIsLockRealizable() to return STATUS_NOT_SUPPORTED for zero-length ranges (avoiding the lock upcall and rpc)
ranges that extend past UINT64_MAX: not valid on windows. NFS expects length=UINT64_MAX for locking to end-of-file. use length=UINT64_MAX if length >= UINT64_MAX-offset (making lock ranges consistent with linux client)
Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
previously, if the supplied buffer length was smaller than the result
of the volume query we returned SUCCESS and no data (ie. it was needed
because Notepad passes in a buffer too small but doesn't like a
buffer_too_small error.) However, it does work with buffer_overflow
error and then a partial resulted returned.
every upcall (except few) pass session and open_state pointer, so
add that to marshal_nfs41_header() in the driver. remove passing
of session and open_state elsewhere in marshal functions.
in the deamon, upcall.c now reads and stores pointers to session
and open_state in nfs41_upcall datastructure instead of having
each individual upcall store their own pointers. setattrl
and readdir args keeping pointer because the rest of the code
uses them a lot.
in upcall_parse() up refcounts on session and open_state if
valid handles were passed in. down refcounts upcall_cleanup() as
before. but need to be careful with count value for mount and open
upcalls. we need to take an extra ref because upcall_cleanup() now
will always decrement it.
instead of passing sids for the owner and group, create a security
descriptor and pass that back. this way we can add all the security
information that was queried in the daemon and pass a fully formed
security descriptor back to the kernel.
notice: irp_mj_query_security provides a pointer to the buffer that
suppose to hold the security descriptor. that memory is valid only
in the context of the process doing the security irp. we can't use
this pointer in then upcall entry and try to write the security
descriptor directly there as we process the downcall. that leads
to kernel oops.
thus we have to first allocate memory to hold the security descriptor
then copy bytes passed to us from the daemon. then do another copy
with the context of the security irp.
Problem: say nfsd is not running but the redirector is active already
(ie. start deamon, stop deamon). problem doesn't exist if nfsd has never
been started. now a user process executes a mount command, the kernel
ends up creating a system thread to handle creation of the vnetroot.
that thread places a mount upcall and waits for the down call. now
kill the user process. now start the nfsd. it will pick up a queued up
upcall entry. however, in the arguments there are pointers to server name
and mount point values that are stored in the memory of the user process
that started the mount but now ended.
Solution: check that Mount.srv_name and Mount.root are still valid
addresses before dereferencing them.
Basic handling of owner and group security query (no dacl).
Added new upcall for NFS41_ACL_QUERY (driver and daemon code).
Daemon, upon getting NFS41_ACL_QUERY first places a getattr that has
owner, group attribute request. We currently don't cache them!!!
Then, we parse nfs4name format (ie user@domain or group@domain)
into user and domain. We currently ignore domain part!!!
Then, we assume that whatever we are mapping is "known" locally
(ie LookupAccountName() api which retrieves a SID for a given name).
Mapping from name to SID can only be done in the userland. We then
copy the bytes via the upcall pipe to the kernel. If the received
user or group cant be mapped via LookupAccoundName(), we create a
well known null SID as the reply.
Kernel creates a security descriptor in the absolute-format and adds
owner and group sids to it. Important: RtlSetOwner/Group functions only
work with absolute-format security descriptor, however the reply to the
user needs to be in the self-relative format.
The way security query works is that it passes us a buffer to be filled
with the security context. However the user doesn't know how big the
buffer should be so, the user is allowed to pass a null buffer and have
the kernel return how much memory is needed. This leads to 2 security
queries => 2 NFS41_ACL_QUERY upcalls => 2 getattr rpcs... It should be
improved.
TODO:
- need to add caching of owner/group attributes for a file?
- need to add calls to LDAP for more general mapping?
- need to cache reply of the ACL if supplied length is 0?
connectathon locking tests trigger an interrupted UNLOCK upcall, which leads to the bugcheck in CloseSrvOpen() when freeing the security context
Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
leaving CLOSE upcall non-interruptable as it leads to issues with security context.
making all other upcalls interruptable so that when something goes wrong we can ctrl-c out of a user application. otherwise, the machine requires a reboot (ie caz the wait we made the wait non-interrutable so nothing can kill it).
switching user's upcall wait from being UserMode and TRUE (interruptable) to KernelMode and FALSE. msdn doc does recommend for simplicity of the drivers to do that.
it seems to no longer generate interrupts on close irps but we are still able to ctrl-c running tests.
instead of getting security context on every upcall, acquire security context on open and save it in fobx. cache manager does read and write calls in a system csecurity context not in users, thus we need to use the context of the open instead.
