JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Try harder to avoid LDAP access for RFC2307 mapping 

* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
        to fall back to myself uid/gid in case we don't utilize Windows
        account DBs, just as prior to 1.7.34.
        * sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
        RFC2307 if we're not utilizing Windows account DBs.
        * security.cc (convert_samba_sd): Revert previous patch.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-08-17 20:24:49 +02:00
parent 37b6936f8b
commit 88dce3abd8
4 changed files with 50 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,12 @@
2015-08-17 Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
to fall back to myself uid/gid in case we don't utilize Windows
account DBs, just as prior to 1.7.34.
* sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
RFC2307 if we're not utilizing Windows account DBs.
* security.cc (convert_samba_sd): Revert previous patch.
2015-08-17 Corinna Vinschen <corinna@vinschen.de>
* fhandler_proc.cc (format_proc_cpuinfo): Handle AMDs providing

59
winsup/cygwin/fhandler_disk_file.cc
View File

@ -343,36 +343,47 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
buf->st_mode = (nfs_attr->mode & 0xfff)
| nfs_type_mapping[nfs_attr->type & 7];
buf->st_nlink = nfs_attr->nlink;
/* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in
the cache, try to fetch it from the configured RFC 2307 domain (see
last comment in cygheap_domain_info::init() for more information) and
add it to the mapping cache. */
buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
if (buf->st_uid == ILLEGAL_UID && cygheap->pg.nss_pwd_db ())
if (cygheap->pg.nss_pwd_db ())
{
uid_t map_uid = ILLEGAL_UID;
/* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in
the cache, try to fetch it from the configured RFC 2307 domain (see
last comment in cygheap_domain_info::init() for more information) and
add it to the mapping cache. */
buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
if (buf->st_uid == ILLEGAL_UID)
{
uid_t map_uid = ILLEGAL_UID;
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open = (cldap.open (domain) == NO_ERROR)))
map_uid = cldap.remap_uid (nfs_attr->uid);
if (map_uid == ILLEGAL_UID)
map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
buf->st_uid = map_uid;
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open = (cldap.open (domain) == NO_ERROR)))
map_uid = cldap.remap_uid (nfs_attr->uid);
if (map_uid == ILLEGAL_UID)
map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
buf->st_uid = map_uid;
}
}
if (buf->st_gid == ILLEGAL_GID && cygheap->pg.nss_grp_db ())
else /* fake files being owned by current user. */
buf->st_uid = myself->uid;
if (cygheap->pg.nss_grp_db ())
{
gid_t map_gid = ILLEGAL_GID;
/* See above */
buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
if (buf->st_gid == ILLEGAL_GID)
{
gid_t map_gid = ILLEGAL_GID;
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open || cldap.open (domain) == NO_ERROR))
map_gid = cldap.remap_gid (nfs_attr->gid);
if (map_gid == ILLEGAL_GID)
map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
buf->st_gid = map_gid;
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open || cldap.open (domain) == NO_ERROR))
map_gid = cldap.remap_gid (nfs_attr->gid);
if (map_gid == ILLEGAL_GID)
map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
buf->st_gid = map_gid;
}
}
else /* fake files being owned by current group. */
buf->st_gid = myself->gid;
buf->st_rdev = makedev (nfs_attr->rdev.specdata1,
nfs_attr->rdev.specdata2);
buf->st_size = nfs_attr->size;

4
winsup/cygwin/sec_helper.cc
View File

@ -112,7 +112,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
struct group *gr;
if (cygheap->user.groups.pgsid == psid)
id = myself->gid;
else if (sid_id_auth (psid) == 22)
else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_grp_db ())
{
/* Samba UNIX group. Try to map to Cygwin gid. If there's no
mapping in the cache, try to fetch it from the configured
@ -144,7 +144,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
struct passwd *pw;
if (*this == cygheap->user.sid ())
id = myself->uid;
else if (sid_id_auth (psid) == 22)
else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_pwd_db ())
{
/* Samba UNIX user. See comment above. */
uid_t uid = sid_sub_auth_rid (psid);

10
winsup/cygwin/security.cc
View File

@ -1122,14 +1122,14 @@ convert_samba_sd (security_descriptor &sd_ret)
return;
group = sid;
if (sid_id_auth (owner) == 22 && cygheap->pg.nss_pwd_db ())
if (sid_id_auth (owner) == 22)
{
struct passwd *pwd;
uid_t uid = owner.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
owner.getfrompw (pwd);
}
if (sid_id_auth (group) == 22 && cygheap->pg.nss_grp_db ())
if (sid_id_auth (group) == 22)
{
struct group *grp;
gid_t gid = group.get_gid (&cldap);
@ -1150,16 +1150,14 @@ convert_samba_sd (security_descriptor &sd_ret)
cygsid ace_sid ((PSID) &ace->SidStart);
if (sid_id_auth (ace_sid) == 22)
{
if (sid_sub_auth (ace_sid, 0) == 1 /* user */
&& cygheap->pg.nss_pwd_db ())
if (sid_sub_auth (ace_sid, 0) == 1) /* user */
{
struct passwd *pwd;
uid_t uid = ace_sid.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
ace_sid.getfrompw (pwd);
}
else if (sid_sub_auth (ace_sid, 0) == 2 /* group */
&& cygheap->pg.nss_grp_db ())
else if (sid_sub_auth (ace_sid, 0) == 2) /* group */
{
struct group *grp;
gid_t gid = ace_sid.get_gid (&cldap);