Skip to content
Snippets Groups Projects
Commit 0dfbaae2 authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan :coffee:
Browse files

idmap: handle bad principals


Motivation:
Some exotic clients (read OSX) send empty principals, e.g.
zero length. Such principals cant be handled by server and must
be indicated as invalid, as stated by rfc3530.

Modification:
Throw InvalException in case of invalid principals.

Result:
better spec compliance, to exceptions like:

06 Jan 2017 17:44:34 (NFS-dcache) [] Unhandled exception:
java.lang.IllegalArgumentException: Username can't be an empty string
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122) ~[guava-19.0.jar:na]
	at org.dcache.auth.UserNamePrincipal.<init>(UserNamePrincipal.java:21) ~[dcache-common-3.0.3.jar:3.0.3]
	at org.dcache.chimera.nfsv41.door.StrategyIdMapper.principalToUid(StrategyIdMapper.java:114) ~[dcache-nfs-3.0.3.jar:3.0.3]
	at org.dcache.nfs.v4.OperationSETATTR.xdr2fattr(OperationSETATTR.java:165) ~[nfs4j-core-0.13.0.jar:0.13.0]
	at org.dcache.nfs.v4.OperationSETATTR.setAttributes(OperationSETATTR.java:121) ~[nfs4j-core-0.13.0.jar:0.13.0]
	at org.dcache.nfs.v4.OperationSETATTR.process(OperationSETATTR.java:106) ~[nfs4j-core-0.13.0.jar:0.13.0]
	at org.dcache.chimera.nfsv41.door.proxy.ProxyIoMdsOpFactory$1.lambda$process$0(ProxyIoMdsOpFactory.java:53) ~[dcache-nfs-3.0.3.jar:3.0.3]
	at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_111]
	at javax.security.auth.Subject.doAs(Subject.java:360) ~[na:1.8.0_111]
	at org.dcache.chimera.nfsv41.door.proxy.ProxyIoMdsOpFactory$1.process(ProxyIoMdsOpFactory.java:50) ~[dcache-nfs-3.0.3.jar:3.0.3]

Acked-by: Paul Millar
Target: master, 0.13
(cherry picked from commit 893f68cd)
Signed-off-by: default avatarTigran Mkrtchyan <tigran.mkrtchyan@desy.de>
parent b05ccc9f
No related branches found
No related tags found
No related merge requests found
Pipeline #63 canceled
/*
* Copyright (c) 2009 - 2016 Deutsches Elektronen-Synchroton,
* Copyright (c) 2009 - 2017 Deutsches Elektronen-Synchroton,
* Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
*
* This library is free software; you can redistribute it and/or modify
......@@ -158,17 +158,21 @@ public class OperationSETATTR extends AbstractNFSv4Operation {
context.getFs().setAcl(inode, Acls.adjust( context.getFs().getAcl(inode), mode.value));
break;
case nfs4_prot.FATTR4_OWNER :
// TODO: use princilat
utf8str_cs owner = new utf8str_cs ();
owner.xdrDecode(xdr);
String new_owner = owner.toString();
if (new_owner.isEmpty()) {
throw new InvalException("empty principal");
}
stat.setUid(context.getFs().getIdMapper().principalToUid(new_owner));
break;
case nfs4_prot.FATTR4_OWNER_GROUP :
// TODO: use princilat
utf8str_cs owner_group = new utf8str_cs ();
owner_group.xdrDecode(xdr);
String new_group = owner_group.toString();
if (new_group.isEmpty()) {
throw new InvalException("empty principal");
}
stat.setGid(context.getFs().getIdMapper().principalToGid(new_group));
break;
case nfs4_prot.FATTR4_TIME_ACCESS_SET :
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment