Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-22 08:23:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: posix: trustPosixOffset

Browse Source
This commit is contained in:
Bill Zissimopoulos 2020-11-03 12:31:13 -08:00
parent 912703cd77
commit bd0d6638b0
No known key found for this signature in database
GPG Key ID: 3D4F95D52C7B3EA3
6 changed files with 387 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
build/VStudio/winfsp_dll.vcxproj
View File

@ -52,6 +52,7 @@
<ClCompile Include="..\..\src\dll\fuse\fuse_main.c" />
<ClCompile Include="..\..\src\dll\fuse\fuse_opt.c" />
<ClCompile Include="..\..\src\dll\launch.c" />
<ClCompile Include="..\..\src\dll\ldap.c" />
<ClCompile Include="..\..\src\dll\mount.c" />
<ClCompile Include="..\..\src\dll\np.c" />
<ClCompile Include="..\..\src\dll\security.c" />
@ -224,7 +225,7 @@ copy /b $(OutDir)fuse3-$(PlatformTarget).pc + %(FullPath) $(OutDir)fuse3-$(Platf
<MapFileName>$(OutDir)$(TargetFileName).map</MapFileName>
<IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
<ModuleDefinitionFile>..\..\src\dll\library.def</ModuleDefinitionFile>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib</AdditionalDependencies>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib;netapi32.lib;wldap32.lib</AdditionalDependencies>
<StripPrivateSymbols>$(OutDir)$(TargetFileName).public.pdb</StripPrivateSymbols>
</Link>
</ItemDefinitionGroup>
@ -251,7 +252,7 @@ copy /b $(OutDir)fuse3-$(PlatformTarget).pc + %(FullPath) $(OutDir)fuse3-$(Platf
<MapFileName>$(OutDir)$(TargetFileName).map</MapFileName>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
<ModuleDefinitionFile>..\..\src\dll\library.def</ModuleDefinitionFile>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib</AdditionalDependencies>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib;netapi32.lib;wldap32.lib</AdditionalDependencies>
<StripPrivateSymbols>$(OutDir)$(TargetFileName).public.pdb</StripPrivateSymbols>
</Link>
</ItemDefinitionGroup>
@ -281,7 +282,7 @@ copy /b $(OutDir)fuse3-$(PlatformTarget).pc + %(FullPath) $(OutDir)fuse3-$(Platf
<MapFileName>$(OutDir)$(TargetFileName).map</MapFileName>
<IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
<ModuleDefinitionFile>..\..\src\dll\library.def</ModuleDefinitionFile>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib</AdditionalDependencies>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib;netapi32.lib;wldap32.lib</AdditionalDependencies>
<StripPrivateSymbols>$(OutDir)$(TargetFileName).public.pdb</StripPrivateSymbols>
<AdditionalOptions>/PDBALTPATH:$(TargetFileName).pdb %(AdditionalOptions)</AdditionalOptions>
</Link>
@ -312,7 +313,7 @@ copy /b $(OutDir)fuse3-$(PlatformTarget).pc + %(FullPath) $(OutDir)fuse3-$(Platf
<MapFileName>$(OutDir)$(TargetFileName).map</MapFileName>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
<ModuleDefinitionFile>..\..\src\dll\library.def</ModuleDefinitionFile>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib</AdditionalDependencies>
<AdditionalDependencies>%(AdditionalDependencies);rpcrt4.lib;credui.lib;secur32.lib;version.lib;netapi32.lib;wldap32.lib</AdditionalDependencies>
<StripPrivateSymbols>$(OutDir)$(TargetFileName).public.pdb</StripPrivateSymbols>
<AdditionalOptions>/PDBALTPATH:$(TargetFileName).pdb %(AdditionalOptions)</AdditionalOptions>
</Link>

3
build/VStudio/winfsp_dll.vcxproj.filters
View File

@ -169,6 +169,9 @@
<ClCompile Include="..\..\src\shared\ku\posix.c">
<Filter>Source\shared\ku</Filter>
</ClCompile>
<ClCompile Include="..\..\src\dll\ldap.c">
<Filter>Source</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="..\..\src\dll\library.def">

157
src/dll/ldap.c Normal file
View File

@ -0,0 +1,157 @@
/**
* @file dll/ldap.c
*
* @copyright 2015-2020 Bill Zissimopoulos
*/
/*
* This file is part of WinFsp.
*
* You can redistribute it and/or modify it under the terms of the GNU
* General Public License version 3 as published by the Free Software
* Foundation.
*
* Licensees holding a valid commercial license may use this software
* in accordance with the commercial license agreement provided in
* conjunction with the software. The terms and conditions of any such
* commercial license agreement shall govern, supersede, and render
* ineffective any application of the GPLv3 license to this software,
* notwithstanding of any reference thereto in the software or
* associated repository.
*/
#include <dll/library.h>
#include <winldap.h>
ULONG FspLdapConnect(PWSTR HostName, PVOID *PLdap)
{
LDAP *Ldap = 0;
ULONG LdapResult;
*PLdap = 0;
Ldap = ldap_initW(HostName, LDAP_PORT);
if (0 == Ldap)
{
LdapResult = LdapGetLastError();
goto exit;
}
/* enable signing and encryption */
ldap_set_optionW(Ldap, LDAP_OPT_SIGN, LDAP_OPT_ON);
ldap_set_optionW(Ldap, LDAP_OPT_ENCRYPT, LDAP_OPT_ON);
LdapResult = ldap_bind_sW(Ldap, 0, 0, LDAP_AUTH_NEGOTIATE);
if (LDAP_SUCCESS != LdapResult)
goto exit;
*PLdap = Ldap;
LdapResult = LDAP_SUCCESS;
exit:
if (LDAP_SUCCESS != LdapResult)
{
if (0 != Ldap)
ldap_unbind(Ldap);
}
return LdapResult;
}
VOID FspLdapClose(PVOID Ldap0)
{
LDAP *Ldap = Ldap0;
ldap_unbind(Ldap);
}
ULONG FspLdapGetValue(PVOID Ldap0, PWSTR Base, ULONG Scope, PWSTR Filter, PWSTR Attribute,
PWSTR *PValue)
{
LDAP *Ldap = Ldap0;
PWSTR Attributes[2];
LDAPMessage *Message = 0, *Entry;
PWSTR *Values = 0;
int Size;
PWSTR Value;
ULONG LdapResult;
*PValue = 0;
Attributes[0] = Attribute;
Attributes[1] = 0;
LdapResult = ldap_search_sW(Ldap, Base, Scope, Filter, Attributes, 0, &Message);
if (LDAP_SUCCESS != LdapResult)
goto exit;
Entry = ldap_first_entry(Ldap, Message);
if (0 == Entry)
{
LdapResult = LDAP_OTHER;
goto exit;
}
Values = ldap_get_valuesW(Ldap, Entry, Attributes[0]);
if (0 == Values || 0 == ldap_count_valuesW(Values))
{
LdapResult = LDAP_OTHER;
goto exit;
}
Size = (lstrlenW(Values[0]) + 1) * sizeof(WCHAR);
Value = MemAlloc(Size);
if (0 == Value)
{
LdapResult = LDAP_NO_MEMORY;
goto exit;
}
memcpy(Value, Values[0], Size);
*PValue = Value;
LdapResult = LDAP_SUCCESS;
exit:
if (0 != Values)
ldap_value_freeW(Values);
if (0 != Message)
ldap_msgfree(Message);
return LdapResult;
}
ULONG FspLdapGetDefaultNamingContext(PVOID Ldap, PWSTR *PValue)
{
return FspLdapGetValue(Ldap, 0, LDAP_SCOPE_BASE, L"(objectClass=*)", L"defaultNamingContext",
PValue);
}
ULONG FspLdapGetTrustPosixOffset(PVOID Ldap, PWSTR Context, PWSTR Domain, PWSTR *PValue)
{
WCHAR Base[1024];
WCHAR Filter[512];
BOOLEAN IsFlatName;
*PValue = 0;
if (sizeof Base / sizeof Base[0] - 64 < lstrlenW(Context) ||
sizeof Filter / sizeof Filter[0] - 64 < lstrlenW(Domain))
return LDAP_OTHER;
IsFlatName = TRUE;
for (PWSTR P = Domain; *P; P++)
if (L'.' == *P)
{
IsFlatName = FALSE;
break;
}
wsprintfW(Base,
L"CN=System,%s",
Context);
wsprintfW(Filter,
IsFlatName ?
L"(&(objectClass=trustedDomain)(flatName=%s))" :
L"(&(objectClass=trustedDomain)(name=%s))",
Domain);
return FspLdapGetValue(Ldap, Base, LDAP_SCOPE_ONELEVEL, Filter, L"trustPosixOffset", PValue);
}

7
src/dll/library.h
View File

@ -64,6 +64,13 @@ NTSTATUS FspEventLogUnregister(VOID);
PSID FspWksidNew(WELL_KNOWN_SID_TYPE WellKnownSidType, PNTSTATUS PResult);
PSID FspWksidGet(WELL_KNOWN_SID_TYPE WellKnownSidType);
ULONG FspLdapConnect(PWSTR HostName, PVOID *PLdap);
VOID FspLdapClose(PVOID Ldap);
ULONG FspLdapGetValue(PVOID Ldap, PWSTR Base, ULONG Scope, PWSTR Filter, PWSTR Attribute,
PWSTR *PValue);
ULONG FspLdapGetDefaultNamingContext(PVOID Ldap, PWSTR *PValue);
ULONG FspLdapGetTrustPosixOffset(PVOID Ldap, PWSTR Context, PWSTR Domain, PWSTR *PValue);
PWSTR FspDiagIdent(VOID);
#define FspFileSystemDirectoryBufferEntryInvalid ((ULONG)-1)

2
src/shared/ku/library.h
View File

@ -26,6 +26,8 @@
#include <dll/library.h>
#include <aclapi.h>
#include <dsgetdc.h>
#include <lm.h>
#define _NTDEF_
#include <ntsecapi.h>

224
src/shared/ku/posix.c
View File

@ -111,8 +111,89 @@ static union
#define FspUnmappedUid (65534)
static PISID FspAccountDomainSid, FspPrimaryDomainSid;
static struct
{
PSID DomainSid;
PWSTR NetbiosDomainName;
PWSTR DnsDomainName;
ULONG TrustPosixOffset;
} *FspTrustedDomains;
ULONG FspTrustedDomainCount;
static INIT_ONCE FspPosixInitOnce = INIT_ONCE_STATIC_INIT;
#if !defined(_KERNEL_MODE)
static unsigned wcstoint(const wchar_t *p, const wchar_t **endp, int base)
{
unsigned v;
int maxdig, maxalp;
maxdig = 10 < base ? '9' : (base - 1) + '0';
maxalp = 10 < base ? (base - 1 - 10) + 'a' : 0;
for (v = 0; *p; p++)
{
int c = *p;
if ('0' <= c && c <= maxdig)
v = base * v + (c - '0');
else
{
c |= 0x20;
if ('a' <= c && c <= maxalp)
v = base * v + (c - 'a') + 10;
else
break;
}
}
if (0 != endp)
*endp = (wchar_t *)p;
return v;
}
static ULONG FspPosixInitializeTrustPosixOffsets(VOID)
{
PVOID Ldap = 0;
PWSTR DefaultNamingContext = 0;
PWSTR TrustPosixOffsetString = 0;
ULONG LdapResult;
LdapResult = FspLdapConnect(0/* default LDAP server */, &Ldap);
if (0 != LdapResult)
goto exit;
LdapResult = FspLdapGetDefaultNamingContext(Ldap, &DefaultNamingContext);
if (0 != LdapResult)
goto exit;
/* get the "trustPosixOffset" for each trusted domain */
for (ULONG I = 0; FspTrustedDomainCount > I; I++)
{
MemFree(TrustPosixOffsetString);
LdapResult = FspLdapGetTrustPosixOffset(Ldap,
DefaultNamingContext, FspTrustedDomains[I].DnsDomainName, &TrustPosixOffsetString);
if (0 == LdapResult)
FspTrustedDomains[I].TrustPosixOffset = wcstoint(TrustPosixOffsetString, 0, 10);
}
LdapResult = 0;
exit:
MemFree(TrustPosixOffsetString);
MemFree(DefaultNamingContext);
if (0 != Ldap)
FspLdapClose(Ldap);
/* if the "trustPosixOffset" looks wrong, fix it up using Cygwin magic value 0xfe500000 */
for (ULONG I = 0; FspTrustedDomainCount > I; I++)
{
if (0x100000 > FspTrustedDomains[I].TrustPosixOffset)
FspTrustedDomains[I].TrustPosixOffset = 0xfe500000;
}
return LdapResult;
}
static BOOL WINAPI FspPosixInitialize(
PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context)
{
@ -120,8 +201,10 @@ static BOOL WINAPI FspPosixInitialize(
LSA_HANDLE PolicyHandle = 0;
PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = 0;
PPOLICY_DNS_DOMAIN_INFO PrimaryDomainInfo = 0;
PDS_DOMAIN_TRUSTSW TrustedDomains = 0;
ULONG TrustedDomainCount, RealTrustedDomainCount;
BYTE Count;
ULONG Size;
ULONG Size, Temp;
NTSTATUS Result;
Result = LsaOpenPolicy(0, &Obja, POLICY_VIEW_LOCAL_INFORMATION, &PolicyHandle);
@ -148,9 +231,103 @@ static BOOL WINAPI FspPosixInitialize(
FspPrimaryDomainSid = MemAlloc(Size);
if (0 != FspPrimaryDomainSid)
memcpy(FspPrimaryDomainSid, PrimaryDomainInfo->Sid, Size);
if (ERROR_SUCCESS == DsEnumerateDomainTrustsW(
0, DS_DOMAIN_DIRECT_INBOUND | DS_DOMAIN_DIRECT_OUTBOUND | DS_DOMAIN_IN_FOREST,
&TrustedDomains, &TrustedDomainCount))
{
RealTrustedDomainCount = 0;
for (ULONG I = 0; TrustedDomainCount > I; I++)
{
if (0 == TrustedDomains[I].DomainSid ||
(0 == TrustedDomains[I].NetbiosDomainName &&
0 == TrustedDomains[I].DnsDomainName) ||
EqualSid(TrustedDomains[I].DomainSid, FspPrimaryDomainSid))
continue;
if (0 != TrustedDomains[I].DomainSid)
{
Size = FSP_FSCTL_DEFAULT_ALIGN_UP(Size);
Size += GetLengthSid(TrustedDomains[I].DomainSid);
}
if (0 != TrustedDomains[I].NetbiosDomainName)
{
Size = FSP_FSCTL_ALIGN_UP(Size, sizeof(WCHAR));
Size += (lstrlenW(TrustedDomains[I].NetbiosDomainName) + 1) * sizeof(WCHAR);
}
if (0 != TrustedDomains[I].DnsDomainName)
{
Size = FSP_FSCTL_ALIGN_UP(Size, sizeof(WCHAR));
Size += (lstrlenW(TrustedDomains[I].DnsDomainName) + 1) * sizeof(WCHAR);
}
RealTrustedDomainCount++;
}
Size = FSP_FSCTL_DEFAULT_ALIGN_UP(sizeof FspTrustedDomains[0] * RealTrustedDomainCount) + Size;
if (0 < Size)
{
FspTrustedDomains = MemAlloc(Size);
if (0 != FspTrustedDomains)
{
Size = FSP_FSCTL_DEFAULT_ALIGN_UP(sizeof FspTrustedDomains[0] * RealTrustedDomainCount);
for (ULONG I = 0, J = 0; TrustedDomainCount > I; I++)
{
if (0 == TrustedDomains[I].DomainSid ||
(0 == TrustedDomains[I].NetbiosDomainName &&
0 == TrustedDomains[I].DnsDomainName) ||
EqualSid(TrustedDomains[I].DomainSid, FspPrimaryDomainSid))
continue;
FspTrustedDomains[J].DomainSid = 0;
FspTrustedDomains[J].NetbiosDomainName = 0;
FspTrustedDomains[J].DnsDomainName = 0;
FspTrustedDomains[J].TrustPosixOffset = 0;
if (0 != TrustedDomains[I].DomainSid)
{
Size = FSP_FSCTL_DEFAULT_ALIGN_UP(Size);
Size += (Temp = GetLengthSid(TrustedDomains[I].DomainSid));
FspTrustedDomains[J].DomainSid =
(PVOID)((PUINT8)FspTrustedDomains + Size);
memcpy(FspTrustedDomains[J].DomainSid,
TrustedDomains[I].DomainSid, Temp);
}
if (0 != TrustedDomains[I].NetbiosDomainName)
{
Size = FSP_FSCTL_ALIGN_UP(Size, sizeof(WCHAR));
Size += (Temp = (lstrlenW(TrustedDomains[I].NetbiosDomainName) + 1) * sizeof(WCHAR));
FspTrustedDomains[J].NetbiosDomainName =
(PVOID)((PUINT8)FspTrustedDomains + Size);
memcpy(FspTrustedDomains[J].NetbiosDomainName,
TrustedDomains[I].NetbiosDomainName, Temp);
}
if (0 != TrustedDomains[I].DnsDomainName)
{
Size = FSP_FSCTL_ALIGN_UP(Size, sizeof(WCHAR));
Size += (Temp = (lstrlenW(TrustedDomains[I].DnsDomainName) + 1) * sizeof(WCHAR));
FspTrustedDomains[J].DnsDomainName =
(PVOID)((PUINT8)FspTrustedDomains + Size);
memcpy(FspTrustedDomains[J].DnsDomainName,
TrustedDomains[I].DnsDomainName, Temp);
}
if (0 == FspTrustedDomains[J].NetbiosDomainName)
FspTrustedDomains[J].NetbiosDomainName =
FspTrustedDomains[J].DnsDomainName;
else
if (0 == FspTrustedDomains[J].DnsDomainName)
FspTrustedDomains[J].DnsDomainName =
FspTrustedDomains[J].NetbiosDomainName;
J++;
}
FspTrustedDomainCount = RealTrustedDomainCount;
}
}
}
}
if (0 < FspTrustedDomainCount)
FspPosixInitializeTrustPosixOffsets();
exit:
if (0 != TrustedDomains)
NetApiBufferFree(TrustedDomains);
if (0 != PrimaryDomainInfo)
LsaFreeMemory(PrimaryDomainInfo);
@ -172,6 +349,7 @@ VOID FspPosixFinalize(BOOLEAN Dynamic)
if (Dynamic)
{
MemFree(FspTrustedDomains);
MemFree(FspAccountDomainSid);
MemFree(FspPrimaryDomainSid);
}
@ -318,7 +496,8 @@ FSP_API NTSTATUS FspPosixMapUidToSid(UINT32 Uid, PSID *PSid)
}
else if (0x100000 <= Uid && Uid < 0xff000000)
{
if (0 != FspPrimaryDomainSid &&
if ((Uid < 0x300000 || 0 == FspTrustedDomainCount) &&
0 != FspPrimaryDomainSid &&
5 == FspPrimaryDomainSid->IdentifierAuthority.Value[5] &&
4 == FspPrimaryDomainSid->SubAuthorityCount)
{
@ -329,11 +508,30 @@ FSP_API NTSTATUS FspPosixMapUidToSid(UINT32 Uid, PSID *PSid)
FspPrimaryDomainSid->SubAuthority[3],
Uid - 0x100000);
}
else
{
PISID DomainSid = 0;
ULONG TrustPosixOffset = 0;
for (ULONG I = 0; FspTrustedDomainCount > I; I++)
{
if (FspTrustedDomains[I].TrustPosixOffset <= Uid &&
FspTrustedDomains[I].TrustPosixOffset > TrustPosixOffset)
{
DomainSid = FspTrustedDomains[I].DomainSid;
TrustPosixOffset = FspTrustedDomains[I].TrustPosixOffset;
}
}
if (0 != DomainSid)
{
*PSid = FspPosixCreateSid(5, 5,
21,
DomainSid->SubAuthority[1],
DomainSid->SubAuthority[2],
DomainSid->SubAuthority[3],
Uid - TrustPosixOffset);
}
}
}
/*
* I am sorry, I am not going to bother with all that trustPosixOffset stuff.
* But if you need it, I accept patches :)
*/
/* [IDMAP]
* Mandatory Labels:
@ -432,11 +630,15 @@ FSP_API NTSTATUS FspPosixMapSidToUid(PSID Sid, PUINT32 PUid)
else if (0 != FspAccountDomainSid &&
FspPosixIsRelativeSid(FspAccountDomainSid, Sid))
*PUid = 0x30000 + Rid;
/*
* I am sorry, I am not going to bother with all that trustPosixOffset stuff.
* But if you need it, I accept patches :)
*/
else
for (ULONG I = 0; FspTrustedDomainCount > I; I++)
{
if (FspPosixIsRelativeSid(FspTrustedDomains[I].DomainSid, Sid))
{
*PUid = FspTrustedDomains[I].TrustPosixOffset + Rid;
break;
}
}
}
/* [IDMAP]