idmapd for NFSv4 doesn’t do what you think it does

Posted by on

After wasting a lot of time trying to remap UIDs for an NFS mount using idmapd, I came across this article.

In summary:

“The problems start when we want to access the file contents or modify a file/directory and suddenly we get ‘permission denied’ type messages. Now NFS itself doesn’t do the security authentication but delegates it down to the underlying RPC mechanism.

Ok so we move down a level and look at RPC’s security. Well AUTH_SYS on RPC is just as it has been for the last umpteen years – based on uid/gid. The problem is these uids/gids are sent over the wire (just as they always have been).
“But”, says you, “Isn’t this what the whole NFSv4 id mapping feature was meant to fix!”
Ahh – there’s the rub.
RPC hasn’t been augmented to support such mapping.
Since RPC still send’s uid/gid over the wire the whole uid<->username mapping seems pretty useless in practice for the above common scenario (if you control the entire network then uids and gids are typically the same and there is no matching problem in the first place).”

You can’t modify files if you’re using AUTH_SYS (check this with an exportfs -v, if you see sec=sys in the export options, you are) with idmapd unless you make them world writeable. You can’t enter directories unless they’re world-executable.

Fix D-link webcam interface for Apache reverse proxy

Posted by on

This is for the DCS-932LB1 but should work on others. Add the below to your reverse proxy configuration:

ProxyPreserveHost On # fixes digest authentication
RequestHeader set User-Agent "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)" # Interface requires IE

By doing this you can allow different browsers (Chrome, Firefox, etc) to access the web GUI as it fakes the User-Agent.

TXR: data extraction language

Posted by on

TXR is a pragmatic, convenient tool ready to take on your daily hacking challenges with its dual personality: its whole-document pattern matching and extraction language for scraping information from arbitrary text sources, and its powerful data-processing language to slice through problems like a hot knife through butter. Many tasks can be accomplished with TXR “one liners” directly from your system prompt. TXR is relatively new: the project started in 2009.

It is difficult to give a small introduction to TXR because it is no longer a small language. The PDF rendition of the reference manual, which takes the form of a large Unix man page, is over 600 pages long, with no index or table of contents. There are many ways to solve a given data processing problem with TXR.

TXR is a fusion of many different ideas, a few of which are original, and it is influenced by many languages, such as Common Lisp, Scheme, Awk, M4, POSIX Shell, Prolog, Ruby, Python, Arc, Clojure, S-Lang and others.