* autoload.cc (CheckTokenMembership): Import.
* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id. * grp.cc (internal_getgrsid): Take additional cyg_ldap pointer. Forward to pwdgrp::add_group_from_windows. (internal_getgrnam): Ditto. (internal_getgrgid): Ditto. (gr_ent::enumerate_local): Drop ugid_caching bool from call to pwdgrp::fetch_account_from_windows. (getgroups32): Rename from internal_getgroups and drop getgroups32 stub. Drop srchsid parameter and code handling it. Add local cyg_ldap instance and forward to internal_getgrXXX. (getgroups): Call getgroups32. (get_groups): Add local cyg_ldap instance and forward to internal_getgrXXX. (getgrouplist): Ditto. (setgroups32): Ditto. * ldap.cc (cyg_ldap::open): Don't call close. Return true if connection is already open. (cyg_ldap::remap_uid): Forward this to internal_getpwsid. (cyg_ldap::remap_gid): Forward this to internal_getgrsid. * passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer. Forward to pwdgrp::add_user_from_windows. (internal_getpwnam): Ditto. (internal_getpwuid): Ditto. (pg_ent::enumerate_builtin): Drop ugid_caching bool from call to pwdgrp::fetch_account_from_windows. (pg_ent::enumerate_sam): Ditto. (pg_ent::enumerate_ad): Ditto. Forward local cldap instead. * pwdgrp.h (internal_getpwsid): Align declaration to above change. (internal_getpwnam): Ditto. (internal_getpwuid): Ditto. (internal_getgrsid): Ditto. (internal_getgrgid): Ditto. (internal_getgrnam): Ditto. (internal_getgroups): Drop declaration. (pwdgrp::add_account_from_windows): Align declaration to below change. (pwdgrp::add_user_from_windows): Ditto. (pwdgrp::add_group_from_windows): Ditto. * sec_acl.cc (setacl): Add local cyg_ldap instance and forward to internal_getpwuid and internal_getgrgid. (getacl): Add local cyg_ldap instance and forward to cygpsid::get_id. (aclfromtext32): Add local cyg_ldap instance and forward to internal_getpwnam and internal_getgrnam. * sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer. Forward to internal_getgrsid and internal_getpwsid. (get_sids_info): Drop ldap_open. Forward local cldap to internal_getpwsid and internal_getgrXXX. Call CheckTokenMembership rather than internal_getgroups. * security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default parameter. (cygpsid::get_uid): Add cyg_ldap pointer. Call get_id accordingly. (cygpsid::get_gid): Ditto. * uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward to internal_getpwXXX and internal_getgrXXX calls. (pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer. Forward to pwdgrp::fetch_account_from_windows. (fetch_posix_offset): Drop ldap_open argument and handling. Get cyg_ldap instance as pointer. (pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer. Use it if it's not NULL, local instance otherwise. Drop ldap_open. Drop fetching extended group arguments from AD for speed.
This commit is contained in:
Corinna Vinschen
@@ -93,7 +93,7 @@ cygpsid::operator== (const char *nsidstr) const
|
||||
}
|
||||
|
||||
uid_t
|
||||
cygpsid::get_id (BOOL search_grp, int *type)
|
||||
cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
|
||||
{
|
||||
/* First try to get SID from group, then passwd */
|
||||
uid_t id = ILLEGAL_UID;
|
||||
@@ -103,7 +103,7 @@ cygpsid::get_id (BOOL search_grp, int *type)
|
||||
struct group *gr;
|
||||
if (cygheap->user.groups.pgsid == psid)
|
||||
id = myself->gid;
|
||||
else if ((gr = internal_getgrsid (*this)))
|
||||
else if ((gr = internal_getgrsid (*this, pldap)))
|
||||
id = gr->gr_gid;
|
||||
if (id != ILLEGAL_UID)
|
||||
{
|
||||
@@ -117,7 +117,7 @@ cygpsid::get_id (BOOL search_grp, int *type)
|
||||
struct passwd *pw;
|
||||
if (*this == cygheap->user.sid ())
|
||||
id = myself->uid;
|
||||
else if ((pw = internal_getpwsid (*this)))
|
||||
else if ((pw = internal_getpwsid (*this, pldap)))
|
||||
id = pw->pw_uid;
|
||||
if (id != ILLEGAL_UID && type)
|
||||
*type = USER;
|
||||
@@ -297,10 +297,9 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
{
|
||||
struct passwd *pw;
|
||||
struct group *gr = NULL;
|
||||
bool ret = false;
|
||||
BOOL ret = false;
|
||||
PWCHAR domain;
|
||||
cyg_ldap cldap;
|
||||
bool ldap_open = false;
|
||||
|
||||
owner_sid.debug_print ("get_sids_info: owner SID =");
|
||||
group_sid.debug_print ("get_sids_info: group SID =");
|
||||
@@ -318,7 +317,7 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
if (map_gid == ILLEGAL_GID)
|
||||
{
|
||||
domain = cygheap->dom.get_rfc2307_domain ();
|
||||
if ((ldap_open = cldap.open (domain)))
|
||||
if (cldap.open (domain))
|
||||
map_gid = cldap.remap_gid (gid);
|
||||
if (map_gid == ILLEGAL_GID)
|
||||
map_gid = MAP_UNIX_TO_CYGWIN_ID (gid);
|
||||
@@ -326,7 +325,7 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
}
|
||||
*gidret = map_gid;
|
||||
}
|
||||
else if ((gr = internal_getgrsid (group_sid)))
|
||||
else if ((gr = internal_getgrsid (group_sid, &cldap)))
|
||||
*gidret = gr->gr_gid;
|
||||
else
|
||||
*gidret = ILLEGAL_GID;
|
||||
@@ -335,9 +334,11 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
{
|
||||
*uidret = myself->uid;
|
||||
if (*gidret == myself->gid)
|
||||
ret = true;
|
||||
ret = TRUE;
|
||||
else
|
||||
ret = (internal_getgroups (0, NULL, &group_sid) > 0);
|
||||
CheckTokenMembership (cygheap->user.issetuid ()
|
||||
? cygheap->user.imp_token () : NULL,
|
||||
group_sid, &ret);
|
||||
}
|
||||
else if (sid_id_auth (owner_sid) == 22)
|
||||
{
|
||||
@@ -347,7 +348,7 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
if (map_uid == ILLEGAL_UID)
|
||||
{
|
||||
domain = cygheap->dom.get_rfc2307_domain ();
|
||||
if ((ldap_open || cldap.open (domain)))
|
||||
if (cldap.open (domain))
|
||||
map_uid = cldap.remap_uid (uid);
|
||||
if (map_uid == ILLEGAL_UID)
|
||||
map_uid = MAP_UNIX_TO_CYGWIN_ID (uid);
|
||||
@@ -355,11 +356,11 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
}
|
||||
*uidret = map_uid;
|
||||
}
|
||||
else if ((pw = internal_getpwsid (owner_sid)))
|
||||
else if ((pw = internal_getpwsid (owner_sid, &cldap)))
|
||||
{
|
||||
*uidret = pw->pw_uid;
|
||||
if (gr || (*gidret != ILLEGAL_GID
|
||||
&& (gr = internal_getgrgid (*gidret))))
|
||||
&& (gr = internal_getgrgid (*gidret, &cldap))))
|
||||
for (int idx = 0; gr->gr_mem[idx]; ++idx)
|
||||
if ((ret = strcasematch (pw->pw_name, gr->gr_mem[idx])))
|
||||
break;
|
||||
@@ -367,7 +368,7 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
|
||||
else
|
||||
*uidret = ILLEGAL_UID;
|
||||
|
||||
return ret;
|
||||
return (bool) ret;
|
||||
}
|
||||
|
||||
PSECURITY_DESCRIPTOR
|
||||
|
||||
Reference in New Issue
Block a user