namjaejeon / ksmbd-tools

ksmbd kernel server userspace utilities
GNU General Public License v2.0
55 stars 43 forks source link

ksmbd.adduser should check the username already in /etc/passwd #188

Open wangyugui-e16 opened 1 year ago

wangyugui-e16 commented 1 year ago

Hi,

I created a user USER_A with ksmbd.adduser, login through windows 10 client, and then create a file FILE_A on the backend filesystem ext4/btrfs from windows 10 client.

How the the uid/gid of the FILE_A is decided? Can we use the uid/gid of /etc/passwd file?

Best Regards

wangyugui-e16 commented 1 year ago

It seems ksmbd use the uid/gid of /etc/passwd and /etc/groupd

Should we add the check of /etc/passwd and /etc/group in ksmbd.adduser?

wangyugui-e16 commented 1 year ago

a dirty patch

0001-ksmbd.adduser-need-check-by-getpwnam.patch

namjaejeon commented 1 year ago

a dirty patch

Could you please explain more why this patch is needed ?

wangyugui-e16 commented 1 year ago

if we allow userABC to access ksmb and then create a file(fileEFG).

Then what is owner:group of the file (fileEFG)? should we use the uid/gid of userABC defined in /etc/passwd? so we should check /etc/passwd when we do 'ksmbd.adduse'.

namjaejeon commented 1 year ago

Then what is owner:group of the file (fileEFG)? should we use the uid/gid of userABC defined in /etc/passwd?

ksmbd gets the uid/gid corresponding to the username from /etc/passwd.

so we should check /etc/passwd when we do 'ksmbd.adduse'.

Yes. ksmbd.adduser check /etc/passwd for this. If there is no username in /etc/passwd, It will be guest uid/gid.

wangyugui-e16 commented 1 year ago
>  If there is no username in /etc/passwd, It will be guest uid/gid.

If there is no username in /etc/passwd, It should deny the access?

namjaejeon commented 1 year ago

@neheb Rosen, Is it okay to reject login if there is no username in /etc/passwd ? I am wondering how openwrt register user id. N ormally, Embedded target like openwrt use read-only root filesystem, so /etv/passwd file seems to be read-only. My question is that openWRT need add new user ID who is not in /etc/passwd ?

neheb commented 1 year ago

OpenWrt uses squashfs+overlayfs to provide an r/w system. Writing to /etc/passwd is permitted and survives a sysupgrade,

Current init script does not write to /etc/passwd but could be modified to do so: https://github.com/openwrt/packages/blob/master/net/ksmbd-tools/files/ksmbd.init

neheb commented 1 year ago

ping @rmilecki

namjaejeon commented 1 year ago

@neheb @rmilecki Hm.. When I check ksmbd.init of openWRT, It seems not to use ksmbd.adduser(i.e. not register new user ID?). Is it true? How does openWRT add userID ? It will allow guests connections ? But I can not find "map to guest" in ksmbd.init...

neheb commented 1 year ago

it's an old init script. I assume users figure it out...

The original author abandoned OpenWrt and moved to Jellyfin.

@rmilecki wrote https://github.com/openwrt/packages/blob/master/net/ksmbd-tools/files/ksmbd.hotplug which I assume works for basic shares.