JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Try harder to avoid LDAP access for RFC2307 mapping

Browse Source 
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
        to fall back to myself uid/gid in case we don't utilize Windows
        account DBs, just as prior to 1.7.34.
        * sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
        RFC2307 if we're not utilizing Windows account DBs.
        * security.cc (convert_samba_sd): Revert previous patch.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-08-17 20:24:49 +02:00
parent 37b6936f8b
commit 88dce3abd8
4 changed files with 50 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,12 @@
2015-08-17 Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
to fall back to myself uid/gid in case we don't utilize Windows
account DBs, just as prior to 1.7.34.
* sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
RFC2307 if we're not utilizing Windows account DBs.
* security.cc (convert_samba_sd): Revert previous patch.
2015-08-17 Corinna Vinschen <corinna@vinschen.de> 2015-08-17 Corinna Vinschen <corinna@vinschen.de>
* fhandler_proc.cc (format_proc_cpuinfo): Handle AMDs providing * fhandler_proc.cc (format_proc_cpuinfo): Handle AMDs providing

17
winsup/cygwin/fhandler_disk_file.cc
View File

@ -343,13 +343,14 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
buf->st_mode = (nfs_attr->mode & 0xfff) buf->st_mode = (nfs_attr->mode & 0xfff)
| nfs_type_mapping[nfs_attr->type & 7]; | nfs_type_mapping[nfs_attr->type & 7];
buf->st_nlink = nfs_attr->nlink; buf->st_nlink = nfs_attr->nlink;
if (cygheap->pg.nss_pwd_db ())
{
/* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in /* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in
the cache, try to fetch it from the configured RFC 2307 domain (see the cache, try to fetch it from the configured RFC 2307 domain (see
last comment in cygheap_domain_info::init() for more information) and last comment in cygheap_domain_info::init() for more information) and
add it to the mapping cache. */ add it to the mapping cache. */
buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid); buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid); if (buf->st_uid == ILLEGAL_UID)
if (buf->st_uid == ILLEGAL_UID && cygheap->pg.nss_pwd_db ())
{ {
uid_t map_uid = ILLEGAL_UID; uid_t map_uid = ILLEGAL_UID;
@ -361,7 +362,14 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid); cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
buf->st_uid = map_uid; buf->st_uid = map_uid;
} }
if (buf->st_gid == ILLEGAL_GID && cygheap->pg.nss_grp_db ()) }
else /* fake files being owned by current user. */
buf->st_uid = myself->uid;
if (cygheap->pg.nss_grp_db ())
{
/* See above */
buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
if (buf->st_gid == ILLEGAL_GID)
{ {
gid_t map_gid = ILLEGAL_GID; gid_t map_gid = ILLEGAL_GID;
@ -373,6 +381,9 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid); cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
buf->st_gid = map_gid; buf->st_gid = map_gid;
} }
}
else /* fake files being owned by current group. */
buf->st_gid = myself->gid;
buf->st_rdev = makedev (nfs_attr->rdev.specdata1, buf->st_rdev = makedev (nfs_attr->rdev.specdata1,
nfs_attr->rdev.specdata2); nfs_attr->rdev.specdata2);
buf->st_size = nfs_attr->size; buf->st_size = nfs_attr->size;

4
winsup/cygwin/sec_helper.cc
View File

@ -112,7 +112,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
struct group *gr; struct group *gr;
if (cygheap->user.groups.pgsid == psid) if (cygheap->user.groups.pgsid == psid)
id = myself->gid; id = myself->gid;
else if (sid_id_auth (psid) == 22) else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_grp_db ())
{ {
/* Samba UNIX group. Try to map to Cygwin gid. If there's no /* Samba UNIX group. Try to map to Cygwin gid. If there's no
mapping in the cache, try to fetch it from the configured mapping in the cache, try to fetch it from the configured
@ -144,7 +144,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
struct passwd *pw; struct passwd *pw;
if (*this == cygheap->user.sid ()) if (*this == cygheap->user.sid ())
id = myself->uid; id = myself->uid;
else if (sid_id_auth (psid) == 22) else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_pwd_db ())
{ {
/* Samba UNIX user. See comment above. */ /* Samba UNIX user. See comment above. */
uid_t uid = sid_sub_auth_rid (psid); uid_t uid = sid_sub_auth_rid (psid);

10
winsup/cygwin/security.cc
View File

@ -1122,14 +1122,14 @@ convert_samba_sd (security_descriptor &sd_ret)
return; return;
group = sid; group = sid;
if (sid_id_auth (owner) == 22 && cygheap->pg.nss_pwd_db ()) if (sid_id_auth (owner) == 22)
{ {
struct passwd *pwd; struct passwd *pwd;
uid_t uid = owner.get_uid (&cldap); uid_t uid = owner.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid))) if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
owner.getfrompw (pwd); owner.getfrompw (pwd);
} }
if (sid_id_auth (group) == 22 && cygheap->pg.nss_grp_db ()) if (sid_id_auth (group) == 22)
{ {
struct group *grp; struct group *grp;
gid_t gid = group.get_gid (&cldap); gid_t gid = group.get_gid (&cldap);
@ -1150,16 +1150,14 @@ convert_samba_sd (security_descriptor &sd_ret)
cygsid ace_sid ((PSID) &ace->SidStart); cygsid ace_sid ((PSID) &ace->SidStart);
if (sid_id_auth (ace_sid) == 22) if (sid_id_auth (ace_sid) == 22)
{ {
if (sid_sub_auth (ace_sid, 0) == 1 /* user */ if (sid_sub_auth (ace_sid, 0) == 1) /* user */
&& cygheap->pg.nss_pwd_db ())
{ {
struct passwd *pwd; struct passwd *pwd;
uid_t uid = ace_sid.get_uid (&cldap); uid_t uid = ace_sid.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid))) if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
ace_sid.getfrompw (pwd); ace_sid.getfrompw (pwd);
} }
else if (sid_sub_auth (ace_sid, 0) == 2 /* group */ else if (sid_sub_auth (ace_sid, 0) == 2) /* group */
&& cygheap->pg.nss_grp_db ())
{ {
struct group *grp; struct group *grp;
gid_t gid = ace_sid.get_gid (&cldap); gid_t gid = ace_sid.get_gid (&cldap);