* autoload.cc (ldap_abandon): Import.

(ldap_result): Import. (ldap_searchW): Import. (NetGroupEnum): Import. (NetLocalGroupEnum): Import. (NetUserEnum): Import. * cygheap.h (class cygheap_pwdgrp): Add members enums and enum_tdoms. (cygheap_pwdgrp::nss_db_enums): New inline method. (cygheap_pwdgrp::nss_db_enum_tdoms): Ditto. * cygtls.h (struct _local_storage): Drop unused members pw_pos and grp_pos. * grp.cc (grent): New static variable of class gr_ent. (gr_ent::enumerate_caches): New method. (gr_ent::enumerate_local): New method. (gr_ent::getgrent): New method. (setgrent): Call gr_ent method. (getgrent32): Ditto. (endgrent): Ditto. * ldap.cc (sid_attr): Rename from nfs_attr. (cyg_ldap::close): Abandon still running asynchronous search. (cyg_ldap::fetch_ad_account): Reduce filter buffer size. (cyg_ldap::enumerate_ad_accounts): New method. (cyg_ldap::next_account): New method. (cyg_ldap::fetch_posix_offset_for_domain): Reduce filter buffer size. (cyg_ldap::fetch_unix_sid_from_ad): Ditto. Fix return value in case no value has been read. (cyg_ldap::fetch_unix_name_from_rfc2307): Reduce filter buffer size. * ldap.h (class cyg_ldap): Add msg_id member. (cyg_ldap::enumerate_ad_accounts): Declare. (cyg_ldap::next_account): Declare: * passwd.cc (pwent): New static variable of class pw_ent. (pg_ent::clear_cache): New method. (pg_ent::setent): New method. (pg_ent::getent): New method. (pg_ent::endent): New method. (pg_ent::enumerate_file): New method. (pg_ent::enumerate_builtin): New method. (pg_ent::enumerate_sam): New method. (pg_ent::enumerate_ad): New method. (pw_ent::enumerate_caches): New method. (pw_ent::enumerate_local): New method. (pw_ent::getpwent): New method. (setpwent): Call pw_ent method. (getpwent): Ditto. (endpwent): Ditto. * pwdgrp.h (class pwdgrp): Define pg_ent, pw_ent and gr_ent as friend classes. (pwdgrp::add_account_post_fetch): Declare with extra bool parameter. (pwdgrp::file_attr): New inline method. (enum nss_enum_t): Define. (class pg_ent): Define. (class pw_ent): Define. (class gr_ent): Define. * tlsoffsets.h: Regenerate. * tlsoffsets64.h: Ditto. * uinfo.cc (cygheap_pwdgrp::init): Initialize enums and enum_tdoms. (cygheap_pwdgrp::nss_init_line): Fix typo in preceeding comment. Handle new "db_enum" keyword. (pwdgrp::add_account_post_fetch): Take additional `bool lock' parameter and acquire pglock before adding element to array if lock is true. (pwdgrp::add_account_from_file): Call add_account_post_fetch with lock set to true. (pwdgrp::add_account_from_windows): Ditto in case of caching. (pwdgrp::fetch_account_from_windows): Handle builtin aliases only known to the domain controller. Only call NetLocalGroupGetInfo for aliases.
2014-02-17 15:36:33 +00:00
parent 1e705e2932
commit a8cf6887a2
12 changed files with 1072 additions and 294 deletions
--- a/winsup/cygwin/ldap.cc
+++ b/winsup/cygwin/ldap.cc
@ -20,6 +20,7 @@ details. */
 #include "pinfo.h"
 #include "lm.h"
 #include "dsgetdc.h"
+#include "tls_pbuf.h"

 static LDAP_TIMEVAL tv = { 3, 0 };

@ -54,7 +55,7 @@ PWCHAR tdom_attr[] =
  NULL
 };

-PWCHAR nfs_attr[] =
+PWCHAR sid_attr[] =
 {
  (PWCHAR) L"objectSid",
  NULL
@ -216,6 +217,8 @@ err:
 void
 cyg_ldap::close ()
 {
+  if (msg_id != (ULONG) -1)
+    ldap_abandon (lh, msg_id);
  if (lh)
    ldap_unbind (lh);
  if (msg)
@ -228,12 +231,13 @@ cyg_ldap::close ()
  msg = entry = NULL;
  val = NULL;
  rootdse = NULL;
+  msg_id = (ULONG) -1;
 }

 bool
 cyg_ldap::fetch_ad_account (PSID sid, bool group)
 {
-  WCHAR filter[512], *f;
+  WCHAR filter[140], *f;
  LONG len = (LONG) RtlLengthSid (sid);
  PBYTE s = (PBYTE) sid;
  static WCHAR hex_wchars[] = L"0123456789abcdef";
@ -273,10 +277,109 @@ cyg_ldap::fetch_ad_account (PSID sid, bool group)
  return true;
 }

+bool
+cyg_ldap::enumerate_ad_accounts (PCWSTR domain, bool group)
+{
+  tmp_pathbuf tp;
+  PCWSTR filter;
+  PWCHAR dse;
+
+  if (msg)
+    {
+      ldap_memfreeW ((PWCHAR) msg);
+      msg = entry = NULL;
+    }
+  if (val)
+    {
+      ldap_value_freeW (val);
+      val = NULL;
+    }
+  if (!group)
+    filter = L"(&(objectClass=User)"
+	        "(objectCategory=Person)"
+		/* 512 == ADS_UF_NORMAL_ACCOUNT */
+	        "(userAccountControl:" LDAP_MATCHING_RULE_BIT_AND ":=512)"
+	        "(objectSid=*))";
+  else if (!domain)
+    filter = L"(&(objectClass=Group)"
+		"(objectSid=*))";
+  else
+    filter = L"(&(objectClass=Group)"
+		/* 1 == ACCOUNT_GROUP */
+		"(!(groupType:" LDAP_MATCHING_RULE_BIT_AND ":=1))"
+		"(objectSid=*))";
+  if (!domain)
+    dse = rootdse;
+  else
+    {
+      /* create rootdse from domain name. */
+      dse = tp.w_get ();
+      PCWSTR ps, pe;
+      PWCHAR d;
+
+      d = dse;
+      for (ps = domain; (pe = wcschr (ps, L'.')); ps = pe + 1)
+	{
+	  if (d > dse)
+	    d = wcpcpy (d, L",");
+	  d = wcpncpy (wcpcpy (d, L"DC="), ps, pe - ps);
+	}
+      if (d > dse)
+	d = wcpcpy (d, L",");
+      d = wcpcpy (wcpcpy (d, L"DC="), ps);
+    }
+  msg_id = ldap_searchW (lh, dse, LDAP_SCOPE_SUBTREE, (PWCHAR) filter,
+			 sid_attr, 0);
+  if (msg_id == (ULONG) -1)
+    {
+      debug_printf ("ldap_searchW(%W,%W) error 0x%02x", dse, filter,
+		    LdapGetLastError ());
+      return false;
+    }
+  return true;
+}
+
+bool
+cyg_ldap::next_account (cygsid &sid)
+{
+  ULONG ret;
+  PLDAP_BERVAL *bval;
+
+  if (msg)
+    {
+      ldap_memfreeW ((PWCHAR) msg);
+      msg = entry = NULL;
+    }
+  if (val)
+    {
+      ldap_value_freeW (val);
+      val = NULL;
+    }
+  ret = ldap_result (lh, msg_id, LDAP_MSG_ONE, &tv, &msg);
+  if (ret == 0)
+    {
+      debug_printf ("ldap_result() timeout!");
+      return false;
+    }
+  if (ret == (ULONG) -1)
+    {
+      debug_printf ("ldap_result() error 0x%02x", LdapGetLastError ());
+      return false;
+    }
+  if ((entry = ldap_first_entry (lh, msg))
+      && (bval = ldap_get_values_lenW (lh, entry, sid_attr[0])))
+    {
+      sid = (PSID) bval[0]->bv_val;
+      ldap_value_free_len (bval);
+      return true;
+    }
+  return false;
+}
+
 uint32_t
 cyg_ldap::fetch_posix_offset_for_domain (PCWSTR domain)
 {
-  WCHAR filter[512];
+  WCHAR filter[300];
  ULONG ret;

  if (msg)
@ -331,7 +434,7 @@ cyg_ldap::get_num_attribute (int idx)
 bool
 cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group)
 {
-  WCHAR filter[512];
+  WCHAR filter[48];
  ULONG ret;
  PLDAP_BERVAL *bval;

@ -345,25 +448,26 @@ cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group)
  else
    __small_swprintf (filter, L"(&(objectClass=User)(uidNumber=%u))", id);
  if ((ret = ldap_search_stW (lh, rootdse, LDAP_SCOPE_SUBTREE, filter,
-			      nfs_attr, 0, &tv, &msg)) != LDAP_SUCCESS)
+			      sid_attr, 0, &tv, &msg)) != LDAP_SUCCESS)
    {
      debug_printf ("ldap_search_stW(%W,%W) error 0x%02x",
 		    rootdse, filter, ret);
      return false;
    }
  if ((entry = ldap_first_entry (lh, msg))
-      && (bval = ldap_get_values_lenW (lh, entry, nfs_attr[0])))
+      && (bval = ldap_get_values_lenW (lh, entry, sid_attr[0])))
    {
      sid = (PSID) bval[0]->bv_val;
      ldap_value_free_len (bval);
+      return true;
    }
-  return true;
+  return false;
 }

 PWCHAR
 cyg_ldap::fetch_unix_name_from_rfc2307 (uint32_t id, bool group)
 {
-  WCHAR filter[512];
+  WCHAR filter[52];
  ULONG ret;

  if (msg)