ms-nfs41 mount: Where does Unix_User+0 and Unix_Group+0 come from?

Brian Inglis Brian.Inglis@Shaw.ca
Fri Aug 4 15:52:57 GMT 2023 

On 2023-08-03 17:38, Martin Wege via Cygwin wrote:
> On Fri, Aug 4, 2023 at 1:07 AM Martin Wege wrote:
>> On Thu, Aug 3, 2023 at 8:46 PM Martin Wege wrote:
>>> We are working to deploy the ms-nfs41-nfs-filesystem on our Windows
>>> machines, and encounter some issues with Cygwin (latest stable).
>>>
>>> For example, if we go to the ms-nfs41-nfs-filesystem (not the NFS
>>> version 3 client from Windows!!!) with cd X: ; cd tmp/data9/, and do a
>>> ls -l we get 'Unix_User+0' and 'Unix_Group+0' for user and group
>>> names.
>>> The question is: Where do these names come from - Windows,
>>> ms-nfs41-nfs-filesystem or Cygwin?
>>> getent passwd and getent group do not list this on Cygwin.
>>> NFS version 4 server "lordbatman" has user mlw=uid(3620) and group mlw=gid(3620)
>>>
>>> Steps to reproduce:
>>> 1. Download and install cygwin.
>>> 2. Download http://www.citi.umich.edu/projects/nfsv4/windows/120612/
>>> and install it.
>>> 3. Start NFS version 4 client daemon:
>>> ms-nfs41-client-x64/nfsd_debug.exe -d 3 --noldap --gid 3620 --uid 3620
>>> 4. Mount NFS version 4 directory:
>>> ms-nfs41-client-x64/ms-nfs41-client-x64/nfs_mount.exe -p -o sec=sys X
>>> 'lordbatman.bias.dfn.de:/export/home/mlw'
>>>
>>> Expectation:
>>> Cygwin ls -l should list file user/group as mlw/mlw
>>>
>>> Actual results:
>>> Cygwin ls -l lists file user/group as Unix_User+0/Unix_Group+0
>>
>> Did a cygwin source clone, and found this:
>> cygwin$ grep -r -E  'Unix_(User|Group)' .
>> ./newlib-cygwin/winsup/utils/mkgroup.c:             "Unix_Group",
>> ./newlib-cygwin/winsup/utils/mkgroup.c:                 "Unix_Group",
>> ./newlib-cygwin/winsup/utils/mkpasswd.c:                    "Unix_User",
>> ./newlib-cygwin/winsup/utils/mkpasswd.c:
>>
>> But I do not understand this code. In which cases are Unix_User+0 and
>> Unix_Group+0 used?
> 
> It just got more mysterious. I tried a ls -nl (uid, gid as numbers,
> not names from /etc/passwd and /etc/group), and got this:
> ls -nl
> total 78474
> -rwxr-xr-x 1 4278190080 4278190080    33063 Aug  3 12:02 CMakeCache.txt
> drwxr-xr-x 1 4278190080 4278190080      374 Aug  3 12:51 CMakeFiles
> -rwxr-xr-x 1 4278190080 4278190080     4790 Aug  3 12:02 CPackConfig.cmake
> -rwxr-xr-x 1 4278190080 4278190080     5276 Aug  3 12:02 CPackSourceConfig.cmake
> -rwxr-xr-x 1 4278190080 4278190080      440 Aug  3 12:03 CTestTestfile.cmake
> -rwxr-xr-x 1 4278190080 4278190080    77004 Aug  3 12:03 Makefile
> 
> So where does the "4278190080" come from, for uid and gid? Hexadecimal
> its 0xff000000, which might be related to this:
> ./newlib-cygwin/winsup/cygwin/local_includes/security.h
> /* For UNIX accounts not mapped to Windows accounts via winbind, Samba returns
>    SIDs of the form S-1-22-x-y, with x == 1 for users and x == 2 for groups,
>    and y == UNIX uid/gid.  NFS returns no SIDs at all, but the plain UNIX
>    uid/gid values.
> 
>    UNIX uid/gid values are mapped to Cygwin uid/gid values 0xff000000 +
>    unix uid/gid.  This *might* collide with a posix_offset of some trusted
>    domain, but it's *very* unlikely.  Define the mapping as macro. */
> #define UNIX_POSIX_OFFSET               (0xff000000)
> #define UNIX_POSIX_MASK                 (0x00ffffff)
> #define MAP_UNIX_TO_CYGWIN_ID(id)       (UNIX_POSIX_OFFSET \
>                                          | ((id) & UNIX_POSIX_MASK))
> 
> But why is it then Unix_User+0 and not Unix_User+3620 on Windows NFS?
> Same for Unix_Group+0 vs Unix_Group+3620?

So you want help relating to an unmaintained 15 year old student project, with 
no responses on their SF mailing list in the last few years (dropped from CC)?

Have you tried rebuilding the project with current tools on current Windows to 
identify potential problems?

Have you read the project (then) known issues i.e. limitations and failures?

Have you enabled test-signed drivers, installed the driver test cert, disabled 
DFS, and configured your driver to map that server's ids and permissions to 
Windows, and have these been implemented successfully i.e. can you test they 
work under Windows?

Sounds like your driver may be returning uid and gid 0 or nothing at all?

How does the driver filesystem appear on Windows?
What does icacls show for the file and directory permissions?

Can you or how are you mounting the driver filesystem on Cygwin?

Have you read the Cygwin background:

	https://cygwin.com/cygwin-ug-net/ntsec.html

Please attach as text the output from running cygcheck -hrsv on your test system 
as requested in the Cygwin ML sig!

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

More information about the Cygwin mailing list