Try best to handle user from domain not in trusted domain list.
* cygheap.h (cygheap_domain_info::add_domain): Add prototype. * uinfo.cc (cygheap_domain_info::add_domain): New method. (pwdgrp::fetch_account_from_windows): Try to add domain explicitely if it was not in the original list of trusted domains and go ahead rather than bailing out. Add comment to explain why. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
3fb21f9143
commit
d4f8c94a9b
|
@ -1,3 +1,11 @@
|
|||
2015-03-30 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
|
||||
* uinfo.cc (cygheap_domain_info::add_domain): New method.
|
||||
(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
|
||||
if it was not in the original list of trusted domains and go ahead
|
||||
rather than bailing out. Add comment to explain why.
|
||||
|
||||
2015-03-30 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT.
|
||||
|
|
|
@ -393,6 +393,7 @@ public:
|
|||
|
||||
inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
|
||||
{ return (idx < tdom_count) ? tdom + idx : NULL; }
|
||||
PDS_DOMAIN_TRUSTSW add_domain (PCWSTR, PSID);
|
||||
|
||||
inline PWCHAR get_rfc2307_domain () const
|
||||
{ return rfc2307_domain_buf ?: NULL; }
|
||||
|
|
|
@ -1428,6 +1428,29 @@ cygheap_domain_info::init ()
|
|||
return true;
|
||||
}
|
||||
|
||||
PDS_DOMAIN_TRUSTSW
|
||||
cygheap_domain_info::add_domain (PCWSTR domain, PSID sid)
|
||||
{
|
||||
PDS_DOMAIN_TRUSTSW new_tdom;
|
||||
cygsid tsid (sid);
|
||||
|
||||
new_tdom = (PDS_DOMAIN_TRUSTSW) crealloc (tdom, (tdom_count + 1)
|
||||
* sizeof (DS_DOMAIN_TRUSTSW));
|
||||
if (!new_tdom)
|
||||
return NULL;
|
||||
|
||||
tdom = new_tdom;
|
||||
new_tdom = &tdom[tdom_count];
|
||||
new_tdom->DnsDomainName = new_tdom->NetbiosDomainName = cwcsdup (domain);
|
||||
--*RtlSubAuthorityCountSid (tsid);
|
||||
ULONG len = RtlLengthSid (tsid);
|
||||
new_tdom->DomainSid = cmalloc_abort(HEAP_BUF, len);
|
||||
RtlCopySid (len, new_tdom->DomainSid, tsid);
|
||||
new_tdom->PosixOffset = 0;
|
||||
++tdom_count;
|
||||
return new_tdom;
|
||||
}
|
||||
|
||||
/* Per session, so it changes potentially when switching the user context. */
|
||||
static cygsid logon_sid ("");
|
||||
|
||||
|
@ -2135,16 +2158,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
|||
if (!wcscasecmp (dom, td->NetbiosDomainName))
|
||||
{
|
||||
domain = td->DnsDomainName;
|
||||
posix_offset =
|
||||
fetch_posix_offset (td, &loc_ldap);
|
||||
break;
|
||||
}
|
||||
|
||||
if (!domain)
|
||||
{
|
||||
/* This shouldn't happen, in theory, but it does. There
|
||||
are cases where the user's logon domain does not show
|
||||
up in the list of trusted domains. We're desperately
|
||||
trying to workaround that here bu adding an entry for
|
||||
this domain to the trusted domains and ask the DC for
|
||||
a posix_offset. There's a good chance this doesn't
|
||||
work either, but at least we tried, and the user can
|
||||
work. */
|
||||
debug_printf ("Unknown domain %W", dom);
|
||||
return NULL;
|
||||
td = cygheap->dom.add_domain (dom, sid);
|
||||
if (td)
|
||||
domain = td->DnsDomainName;
|
||||
}
|
||||
if (domain)
|
||||
posix_offset = fetch_posix_offset (td, &loc_ldap);
|
||||
}
|
||||
}
|
||||
/* If the domain returned by LookupAccountSid is not our machine
|
||||
|
|
Loading…
Reference in New Issue