Commit Graph

146 Commits

Author SHA1 Message Date
Corinna Vinschen 83b3f891c4 Fix broken PSID problem on cygheap in account handling
* pwdgrp.h: Add comment to explain below change.
        (struct pg_pwd): Convert sid member to BYTE array.
        (struct pg_grp): Ditto.
        * grp.cc (pwdgrp::parse_group): Accommodate above change.
        * passwd.cc (pwdgrp::parse_passwd): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 22:01:53 +02:00
Corinna Vinschen 71a897e40d Avoid potential crash at startup or in getgroups(2).
* grp.cc (internal_getgroups): Handle negative domain index to avoid
	crashes.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 21:57:09 +02:00
Corinna Vinschen 4a9636b1d6
Implmenet faster getfrompw/getfromgr
* grp.cc (pwdgrp::parse_group): Call cygsid::getfromgr_passwd.
	* passwd.cc (pwdgrp::parse_passwd): Call cygsid::getfrompw_gecos.
	* pwdgrp.h (cygsid::getfrompw): Implement as inline method here,
	accessing pg_pwd's sid member directly.
	(cygsid::getfromgr): Implement as inline method here, accessing
	pg_grp's sid member directly.
	* sec_auth.cc (extract_nt_dom_user): Call cygsid::getfrompw_gecos.
	Explain why.
	* sec_helper.cc (cygsid::getfrompw): Drop implementation.
	(cygsid::getfromgr): Ditto.
	* security.h (cygsid::getfrompw_gecos): Implement former getfrompw
	inline here.
	(cygsid::getfromgr_passwd): Implement former getfromgr inline here.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-18 17:15:27 +01:00
Corinna Vinschen 1d91d469ee
Drop unneeded passwd argument from security functions
* sec_auth.cc (get_server_groups): Drop unused passwd argument.  Adjust
	calls throughout.
	(get_initgroups_sidlist): Ditto.
	(get_setgroups_sidlist): Ditto.
	(create_token): Ditto.
	(lsaauth): Ditto.
	* security.h (create_token): Adjust prototype to above change.
	(lsaauth): Ditto.
	(get_server_groups): Ditto.
	* grp.cc (get_groups): Adjust call to get_server_groups.
	* syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-18 16:54:19 +01:00
Corinna Vinschen 6f93f1d6a5
Drop unused timeoput paramter to internal_getlogin
* grp.cc (internal_getgroups): Drop unused timeout parameter.
	* pwdgrp.h (internal_getgroups): Ditto in prototype.
	* uinfo.cc (internal_getlogin): Ditto in usage.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-17 15:42:59 +01:00
Corinna Vinschen ad8d295e7c * ldap.h: Remove index macros.
(class cyg_ldap): Remove members srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Remove private method taking index
	argument.
	(cyg_ldap::get_num_attribute): Ditto.  Add method taking attribute name.
	(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
	(cyg_ldap::get_unix_uid): Ditto.
	(cyg_ldap::get_unix_gid): Ditto.
	* ldap.cc: Throughout, use msg and entry in place of srch_msg and
	srch_entry.
	(std_user_attr): Add sAMAccountName and objectSid.
	(group_attr): Ditto.
	(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Move earlier in file.
	(cyg_ldap::get_num_attribute): Ditto.
	(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
	Use group_attr or user_attr rather than sid_attr to fetch all desired
	attributes for an account right away.
	(cyg_ldap::next_account): Store found SID in last_fetched_sid to
	skip calls to fetch_ad_account from fetch_account_from_windows.
	(cyg_ldap::get_string_attribute): Remove method taking index argument.
	(cyg_ldap::get_num_attribute): Ditto.
	* pwdgrp.h (class pg_ent): Fix formatting.  Add member dom.
	* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
	in dom.  Construct fetch_acc_t argument from LDAP attributes and
	call fetch_account_from_windows with that.
	* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
	FULL_acc_arg.  Change throughout.
	(struct fetch_acc_t): Rename from fetch_full_grp_t.  Change throughout.
	(struct fetch_user_arg_t): Rename full_grp to full_acc.  Change
	throughout.
2015-02-24 20:52:57 +00:00
Corinna Vinschen bef55bb5c3 * autoload.cc (LsaLookupSids): Import.
* cygserver_pwdgrp.h: Include userinfo.h.  Drop workaround defining
	fetch_user_arg_type_t locally.
	* grp.cc (internal_getgrsid_cachedonly): New function.
	(internal_getgrfull): Ditto.
	(internal_getgroups): Rearrange function.  Center around fetching all
	cached group info first, calling LsaLookupSids on all so far non-cached
	groups second.  Pass all available info to new internal_getgrfull call.
	* pwdgrp.h: Include userinfo.h.  Move definitions of
	fetch_user_arg_type_t and fetch_user_arg_t there.
	(pwdgrp::add_group_from_windows): Declare with getting full group info.
	Called from internal_getgrfull.
	* uinfo.cc (pwdgrp::add_group_from_windows): Define.
	(pwdgrp::fetch_account_from_line): Add default case.
	(pwdgrp::fetch_account_from_file): Ditto.
	(pwdgrp::fetch_account_from_windows): Handle FULL_grp_arg.
	(client_request_pwdgrp::client_request_pwdgrp): Add default case.
	* userinfo.h: New header.
	(enum fetch_user_arg_type_t): Add FULL_grp_arg.
	(struct fetch_full_grp_t): New datatype.
2015-02-23 20:51:12 +00:00
Corinna Vinschen 9b54770bd7 * grp.cc (internal_getgroups): Check for group attributes and
Everyone sid before calling internal_getgrsid.
2015-02-23 15:46:10 +00:00
Corinna Vinschen d6f62a1178 * grp.cc (internal_getgroups): Take additional timeout_ns parameter.
Restrict fetching group account entries from user token groups by
	timeout_ns 100ns-intervals.  Add preceding comment to explain why.
	* pwdgrp.h (internal_getgroups): Align prototype.
	* times.cc (GetTickCount_ns): New function.
	* uinfo.cc (internal_getlogin): Call internal_getgroups wih 300ms
	timeout.
	* winsup.h (GetTickCount_ns): Declare.
2015-02-20 15:13:46 +00:00
Corinna Vinschen 6681d11fd3 * grp.cc (getgrouplist): Fix setting ngroups to make sure to return
the right value.
2014-06-16 09:12:29 +00:00
Corinna Vinschen a5a75a5a98 * grp.cc (gr_ent::enumerate_caches): Fix copy/paste bug introducing
an endless loop.
2014-05-08 08:44:07 +00:00
Corinna Vinschen 20de26ebf9 * grp.cc (pwdgrp::parse_group): Set grp.len. Drop generating any
gr_mem entries.
	(getgrgid_r): Don't try to copy gr_mem entries.  Always set gr_mem
	to an empty list.
	(getgrnam_r): Ditto.
	(app_gr): New static struct to store group data propagated to the
	calling application via getgrgid/getgrnam.
	(getgr_cp): Fill app_gr and return pointer to app_gr.g.
	(getgrgid32): Call getgr_cp.
	(getgrnam32): Ditto.
	* passwd.cc (pwdgrp::parse_passwd): Set res.len.
	(app_pw): New static struct to store passwd data propagated to the
	calling application via getpwuid/getpwnam.
	(getpw_cp): Fill app_pw and return pointer to app_pw.p.
	(getpwuid32): Cal getpw_cp.
	(getpwnam): Ditto.
	* pwdgrp.h (struct pg_pwd): Add len member.
	(struct pg_grp): Ditto.
2014-05-07 11:00:00 +00:00
Corinna Vinschen fc3a3524b2 * security.h (MAX_SUBAUTH_CNT): Drop. Use SID_MAX_SUB_AUTHORITIES
instead throughout.
	(MAX_SID_LEN): Drop.  Use SECURITY_MAX_SID_SIZE instead throughout.
2014-05-06 12:28:33 +00:00
Corinna Vinschen 439b7db785 * grp.cc (internal_getgroups): Drop unused cygsid variable.
* sec_helper.cc (cygpsid::pstring): Use sid_sub_auth_count macro.
	(cygsid::get_sid): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
	Don't call memcpy to copy subauthorities into SID, use assignment.
	(cygsid::getfromstr): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
	* security.h (MAX_SUBAUTH_CNT): New definition.  Set to 11 to cover
	Microsoft Accounts.
	(MAX_SID_LEN): Define in terms of SID member sizes and MAX_SUBAUTH_CNT.
	(DBGSID): Use MAX_SUBAUTH_CNT to define size of SubAuthority array.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle Micosoft
	Accounts.  Handle them as well known group.  Compare domain names
	case-insensitive.
	* winlean.h (PIPE_REJECT_REMOTE_CLIENTS): Drop temporary definition
	since Mingw64 catched up.
	(DNLEN): Redefine as 16.  Explain why.
2014-05-06 12:02:48 +00:00
Corinna Vinschen 29b7313d22 * cygheap.h (enum cygheap_pwdgrp::cache_t): Remove.
(cygheap_pwdgrp::caching): Convert to bool.
	(cygheap_pwdgrp::pwd_cache): Add cygserver member.
	(cygheap_pwdgrp::grp_cache): Ditto.
	(cygheap_pwdgrp::nss_db_caching): Drop.
	(cygheap_pwdgrp::nss_db_full_caching): Drop.
	(cygheap_pwdgrp::nss_cygserver_caching): New method.
	(cygheap_pwdgrp::nss_disable_cygserver_caching): New method.
	* cygserver.h (client_request::request_code_t): Add
	CYGSERVER_REQUEST_PWDGRP.
	* cygserver_pwdgrp.h: New file.
	* cygtls.h (struct _local_storage): Remove pwbuf and grbuf members.
	* grp.cc (pwdgrp::prep_tls_grbuf): Drop.
	(internal_getgrsid): Handle cygserver caching and rearrange to check
	the caches first.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(gr_ent::enumerate_caches): Handle cygserver cache.
	* passwd.cc (pwdgrp::prep_tls_pwbuf): Drop.
	(internal_getpwsid): Handle cygserver caching and rearrange to check
	the caches first.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(pw_ent::enumerate_caches): Handle cygserver cache.
	* pwdgrp.h (pwdgrp::add_account_from_cygserver): New method declaration.
	(pwdgrp::fetch_account_from_cygserver): New method declaration.
	(pwdgrp::prep_tls_pwbuf): Drop declaration.
	(pwdgrp::prep_tls_grbuf): Drop declaration.
	(pwdgrp::add_user_from_cygserver): New inline methods.
	(pwdgrp::add_group_from_cygserver): New inline methods.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Regenerate.
	* uinfo.cc (internal_getlogin): Call internal_getgroups if cygserver
	caching is not available.
	(cygheap_pwdgrp::init): Initialize pwd_cache.cygserver and
	grp_cache.cygserver.  Set caching to true.
	(cygheap_pwdgrp::nss_init_line): Drop db_cache handling entirely.
	(pwdgrp::add_account_from_windows): Drop no caching handling.
	(client_request_pwdgrp::client_request_pwdgrp): New method.
	(pwdgrp::fetch_account_from_cygserver): New method.
	(pwdgrp::add_account_from_cygserver): New method.

	* fhandler_disk_file.cc (fhandler_base::fstat_helper): Fix formatting.
	* include/sys/cygwin.h: Ditto.
2014-03-12 17:36:56 +00:00
Corinna Vinschen 0e8dd88459 * pwdgrp.h (pwdgrp::is_passwd): New inline method.
(pwdgrp::is_group): New inline method.
	(add_account_from_windows): Drop group argument from declaration.
	(fetch_account_from_windows): Ditto.
	(check_file): Ditto.
	(add_user_from_windows): Call add_account_from_windows accordingly.
	(add_group_from_windows): Ditto.
	* uinfo.cc (pwdgrp::add_account_from_windows): Drop group argument.
	Use is_group method instead.
	(pwdgrp::check_file): Ditto.
	(pwdgrp::fetch_account_from_windows): Ditto.
	* grp.cc: Accommodate aforementioned changes.
	* passwd.cc: Ditto.
2014-03-07 20:38:48 +00:00
Corinna Vinschen 6cc7c925ce * cygheap.h (cygheap_user::sid): Return reference to cygpsid rather
than PSID.
	(cygheap_user::saved_sid): Ditto.
	(cygheap_pwdgrp::cache_t): New type.
	(cygheap_pwdgrp::caching): Convert to cache_t.
	(cygheap_pwdgrp::nss_db_caching): Change accordingly.
	(cygheap_pwdgrp::nss_db_full_caching): New inline method.
	* grp.cc (internal_getgroups): Reinvent.  Take cyg_ldap pointer as
	third parameter and use throughout.
	(getgroups32): Call internal_getgroups.
	* pwdgrp.h (internal_getgroups): Declare.
	* uinfo.cc (internal_getlogin): Partial rewrite to accommodate having
	no connection to the DC.  Give primary group from user token more
	weight.  Generate group entries for all groups in the user token if
	caching is set to NSS_FULL_CACHING.
	(cygheap_pwdgrp::init): Initialize caching to NSS_FULL_CACHING.
	(cygheap_pwdgrp::nss_init_line): Handle "db_cache: full".
	(pwdgrp::add_account_from_windows): Fix group handling in non-caching
	mode.
	(pwdgrp::fetch_account_from_windows): Default primary group for the
	current user to primary group from user token.  Check for primary
	domain first after LookupAccountSid failed.
2014-02-28 11:37:02 +00:00
Corinna Vinschen b39fa2c88d * autoload.cc (CheckTokenMembership): Import.
* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id.
	* grp.cc (internal_getgrsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_group_from_windows.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(gr_ent::enumerate_local): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(getgroups32): Rename from internal_getgroups and drop getgroups32 stub.
	Drop srchsid parameter and code handling it.  Add local cyg_ldap
	instance and forward to internal_getgrXXX.
	(getgroups): Call getgroups32.
	(get_groups): Add local cyg_ldap instance and forward to
	internal_getgrXXX.
	(getgrouplist): Ditto.
	(setgroups32): Ditto.
	* ldap.cc (cyg_ldap::open): Don't call close.  Return true if connection
	is already open.
	(cyg_ldap::remap_uid): Forward this to internal_getpwsid.
	(cyg_ldap::remap_gid): Forward this to internal_getgrsid.
	* passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_user_from_windows.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(pg_ent::enumerate_builtin): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(pg_ent::enumerate_sam): Ditto.
	(pg_ent::enumerate_ad): Ditto.  Forward local cldap instead.
	* pwdgrp.h (internal_getpwsid): Align declaration to above change.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(internal_getgrsid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgroups): Drop declaration.
	(pwdgrp::add_account_from_windows): Align declaration to below change.
	(pwdgrp::add_user_from_windows): Ditto.
	(pwdgrp::add_group_from_windows): Ditto.
	* sec_acl.cc (setacl): Add local cyg_ldap instance and forward to
	internal_getpwuid and internal_getgrgid.
	(getacl): Add local cyg_ldap instance and forward to cygpsid::get_id.
	(aclfromtext32): Add local cyg_ldap instance and forward to
	internal_getpwnam and internal_getgrnam.
	* sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer.
	Forward to internal_getgrsid and internal_getpwsid.
	(get_sids_info): Drop ldap_open.  Forward local cldap to
	internal_getpwsid and internal_getgrXXX.  Call CheckTokenMembership
	rather than internal_getgroups.
	* security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default
	parameter.
	(cygpsid::get_uid): Add cyg_ldap pointer.  Call get_id accordingly.
	(cygpsid::get_gid): Ditto.
	* uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward
	to internal_getpwXXX and internal_getgrXXX calls.
	(pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer.
	Forward to pwdgrp::fetch_account_from_windows.
	(fetch_posix_offset): Drop ldap_open argument and handling.  Get
	cyg_ldap instance as pointer.
	(pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer.
	Use it if it's not NULL, local instance otherwise.  Drop ldap_open.
	Drop fetching extended group arguments from AD for speed.
2014-02-27 12:57:27 +00:00
Corinna Vinschen b211f4c17e * external.cc (cygwin_internal): Add cases for CW_GETNSSSEP,
CW_GETPWSID and CW_GETGRSID.
	* grp.cc (internal_getgrsid_from_db): New function.
	* passwd.cc (internal_getpwsid_from_db): New function.
	(pg_ent::setent): Add special case for call from mkpasswd/mkgroup.
	* pwdgrp.h (internal_getpwsid_from_db): Declare.
	(internal_getgrsid_from_db): Declare.
	(enum nss_enum_t): Move to include/sys/cygwin.h.
	(class pg_ent): Add comment.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Fix typo in comment.
	Change "UNIX" to "Unix" in domain name.
	* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_GETNSSSEP,
	CW_GETPWSID and CW_GETGRSID.
	(enum nss_enum_t): Define here.
2014-02-22 19:38:12 +00:00
Corinna Vinschen 98cc373860 * pwdgrp.h (pwdgrp::fetch_account_from_windows): Add bool parameter
to declaration, set to true by default.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Add bool parameter
	"ugid_caching".  Only add account to ugid_cache if set to true.
	* grp.cc (gr_ent::enumerate_local): Call fetch_account_from_windows
	with ugid_caching parameter set to false.
	* passwd.cc (pg_ent::enumerate_builtin): Ditto.
	(pg_ent::enumerate_sam): Ditto.
	(pg_ent::enumerate_ad): Ditto.
2014-02-21 10:01:00 +00:00
Corinna Vinschen 1e3a150969 * grp.cc (getgrouplist): Fix previous fix so ret is only set to ngroups
if ngroups isn't too small.
2014-02-20 15:46:48 +00:00
Corinna Vinschen 7f57a4ea14 * grp.cc (get_groups): Don't add gid to list if it's ILLEGAL_GID.
(getgrouplist): Return number of groups, just like glibc.
2014-02-20 13:55:57 +00:00
Corinna Vinschen 036f56cf32 * external.cc (cygwin_internal): Handle new CW_SETENT, CW_GETENT and
CW_ENDENT info types.
	* grp.cc (setgrent_filtered): New function, called from cygwin_internal.
	(getgrent_filtered): Ditto.
	(endgrent_filtered): Ditto.
	* passwd.cc (pg_ent::setent): Set state explicitely to from_cache.
	(pg_ent::getent): Handle the fact that a DC has no SAM and enumerating
	local accounts is equivalent to enumerating domain accounts.
	(setpwent_filtered): New function, called from cygwin_internal.
	(getpwent_filtered): Ditto.
	(endpwent_filtered): Ditto.
	* pwdgrp.h (setpwent_filtered): Declare.
	(getgrent_filtered): Ditto.
	(endgrent_filtered): Ditto.
	(setpwent_filtered): Ditto.
	(getpwent_filtered): Ditto.
	(endpwent_filtered): Ditto.
	* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_SETENT, CW_GETENT,
	and CW_ENDENT.
2014-02-18 19:39:48 +00:00
Corinna Vinschen a8cf6887a2 * autoload.cc (ldap_abandon): Import.
(ldap_result): Import.
	(ldap_searchW): Import.
	(NetGroupEnum): Import.
	(NetLocalGroupEnum): Import.
	(NetUserEnum): Import.
	* cygheap.h (class cygheap_pwdgrp): Add members enums and enum_tdoms.
	(cygheap_pwdgrp::nss_db_enums): New inline method.
	(cygheap_pwdgrp::nss_db_enum_tdoms): Ditto.
	* cygtls.h (struct _local_storage): Drop unused members pw_pos and
	grp_pos.
	* grp.cc (grent): New static variable of class gr_ent.
	(gr_ent::enumerate_caches): New method.
	(gr_ent::enumerate_local): New method.
	(gr_ent::getgrent): New method.
	(setgrent): Call gr_ent method.
	(getgrent32): Ditto.
	(endgrent): Ditto.
	* ldap.cc (sid_attr): Rename from nfs_attr.
	(cyg_ldap::close): Abandon still running asynchronous search.
	(cyg_ldap::fetch_ad_account): Reduce filter buffer size.
	(cyg_ldap::enumerate_ad_accounts): New method.
	(cyg_ldap::next_account): New method.
	(cyg_ldap::fetch_posix_offset_for_domain): Reduce filter buffer size.
	(cyg_ldap::fetch_unix_sid_from_ad): Ditto.  Fix return value in case
	no value has been read.
	(cyg_ldap::fetch_unix_name_from_rfc2307): Reduce filter buffer size.
	* ldap.h (class cyg_ldap): Add msg_id member.
	(cyg_ldap::enumerate_ad_accounts): Declare.
	(cyg_ldap::next_account): Declare:
	* passwd.cc (pwent): New static variable of class pw_ent.
	(pg_ent::clear_cache): New method.
	(pg_ent::setent): New method.
	(pg_ent::getent): New method.
	(pg_ent::endent): New method.
	(pg_ent::enumerate_file): New method.
	(pg_ent::enumerate_builtin): New method.
	(pg_ent::enumerate_sam): New method.
	(pg_ent::enumerate_ad): New method.
	(pw_ent::enumerate_caches): New method.
	(pw_ent::enumerate_local): New method.
	(pw_ent::getpwent): New method.
	(setpwent): Call pw_ent method.
	(getpwent): Ditto.
	(endpwent): Ditto.
	* pwdgrp.h (class pwdgrp): Define pg_ent, pw_ent and gr_ent as friend
	classes.
	(pwdgrp::add_account_post_fetch): Declare with extra bool parameter.
	(pwdgrp::file_attr): New inline method.
	(enum nss_enum_t): Define.
	(class pg_ent): Define.
	(class pw_ent): Define.
	(class gr_ent): Define.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (cygheap_pwdgrp::init): Initialize enums and enum_tdoms.
	(cygheap_pwdgrp::nss_init_line): Fix typo in preceeding comment.
	Handle new "db_enum" keyword.
	(pwdgrp::add_account_post_fetch): Take additional `bool lock' parameter
	and acquire pglock before adding element to array if lock is true.
	(pwdgrp::add_account_from_file): Call add_account_post_fetch with lock
	set to true.
	(pwdgrp::add_account_from_windows): Ditto in case of caching.
	(pwdgrp::fetch_account_from_windows): Handle builtin aliases only
	known to the domain controller.  Only call NetLocalGroupGetInfo for
	aliases.
2014-02-17 15:36:33 +00:00
Corinna Vinschen 1ca20a1cd2 Introduce reading passwd/group entries from SAM/AD. Introduce
/etc/nsswitch.conf file to configure it.
	* Makefile.in (DLL_OFILES): Add ldap.o.
	* autoload.cc: Import ldap functions from wldap32.dll.
	(DsEnumerateDomainTrustsW): Import.
	(NetGroupGetInfo): Import.
	* cygheap.h (class cygheap_domain_info): New class to keep global
	domain info.
	(class cygheap_pwdgrp): New class to keep passwd/group caches and
	configuration info from /etc/nssswitch.conf.
	(struct init_cygheap): Add cygheap_domain_info member "dom" and
	cygheap_pwdgrp member "pg".
	* cygtls.h (struct _local_storage): Remove unused member "res".
	Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
	passwd/group fetching from SAM/AD.  Make pw_pos and pw_pos unsigned.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
	uid/gid mapping.
	* fhandler_process.cc: Drop including pwdgrp.h.
	* fhandler_procsysvipc.cc: Ditto.
	* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
	to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
	* grp.cc (group_buf): Drop.
	(gr): Drop.
	(pwdgrp::parse_group): Fill pg_grp.
	(pwdgrp::read_group): Remove.
	(pwdgrp::init_grp): New method.
	(pwdgrp::prep_tls_grbuf): New method.
	(pwdgrp::find_group): New methods.
	(internal_getgrsid): Convert to call new pwdgrp methods.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
	(getgrgid32): Ditto.
	(getgrnam_r): Ditto for internal_getgrnam.
	(getgrnam32): Ditto.
	(getgrent32): Convert to call new pwdgrp methods.
	(internal_getgrent): Remove.
	(internal_getgroups): Simplify, especially drop calls to
	internal_getgrent.
	* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
	and RFC 2307 server.
	* ldap.h: New header, declaring cyg_ldap class.
	* passwd.cc (passwd_buf): Drop.
	(pr): Drop.
	(pwdgrp::parse_passwd): Fill pg_pwd.
	(pwdgrp::read_passwd): Remove.
	(pwdgrp::init_pwd): New method.
	(pwdgrp::prep_tls_pwbuf): New method.
	(find_user): New methods.
	(internal_getpwsid): Convert to call new pwdgrp methods.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
	(getpwuid_r): Ditto.
	(getpwnam): Ditto for internal_getpwnam.
	(getpwnam_r): Ditto.
	(getpwent): Convert to call new pwdgrp methods.
	* path.cc (class etc): Remove all methods.
	* path.h (class etc): Drop.
	* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
	than UNKNOWN_GID.
	(pinfo_init): Ditto.
	* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
	(internal_getpwuid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgrent): Drop declaration.
	(enum fetch_user_arg_type_t): New type.
	(struct fetch_user_arg_t): New type.
	(struct pg_pwd): New type.
	(struct pg_grp): New type.
	(class pwdgrp): Rework to provide functions for file and db requests
	and caching.
	(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
	(ugid_cache): Declare.
	* sec_acl.cc: Drop including pwdgrp.h.
	* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
	(get_logon_server): Convert third parameter to ULONG flags argument
	to allow arbitrary flags values in DsGetDcNameW call and change calls
	to this function throughout.  Use cached account domain name rather
	than calling GetComputerNameW.
	(get_unix_group_sidlist): Remove.
	(get_server_groups): Drop call to get_unix_group_sidlist.
	(verify_token): Rework token group check without calling
	internal_getgrent.
	* sec_helper.cc (cygpsid::pstring): New methods, like string() but
	return pointer to end of string.
	(cygsid::getfromstr): Add wide character implementation.
	(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
	* security.cc: Drop including pwdgrp.h.
	* security.h (DEFAULT_UID): Remove.
	(UNKNOWN_UID): Remove.
	(UNKNOWN_GID): Remove.
	(uinfo_init): Move here from winsup.h.
	(ILLEGAL_UID): Ditto.
	(ILLEGAL_GID): Ditto.
	(UNIX_POSIX_OFFSET): Define.  Add lengthy comment.
	(UNIX_POSIX_MASK): Ditto.
	(MAP_UNIX_TO_CYGWIN_ID): Ditto.
	(ILLEGAL_UID16): Move here from winsup.h.
	(ILLEGAL_GID16): Ditto.
	(uid16touid32): Ditto.
	(gid16togid32): Ditto.
	(sid_id_auth): New convenience macro for SID component access.
	(sid_sub_auth_count): Ditto.
	(sid_sub_auth): Ditto.
	(sid_sub_auth_rid): Ditto.
	(cygpsid::pstring): Declare.
	(cygsid::getfromstr): Declare wide character variant.
	(cygsid::operator=): Ditto.
	(cygsid::operator*=): Ditto.
	(get_logon_server): Change declaration according to source code.
	* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
	call.
	* shared.cc (memory_init): Call cygheap->pg.init in first process.
	* syscalls.cc: Drop including pwdgrp.h.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
	call.  Fix debug output.  Overwrite user gid in border case of a
	missing passwd file while a group file exists.
	(pwdgrp::add_line): Allocate memory on cygheap.
	(pwdgrp::load): Remove.
	(ugid_cache): Define.
	(cygheap_pwdgrp::init): New method.
	(cygheap_pwdgrp::nss_init_line): New method.
	(cygheap_pwdgrp::_nss_init): New method.
	(cygheap_domain_info::init): New method.
	(logon_sid): Define.
	(get_logon_sid): New function.
	(pwdgrp::add_account_post_fetch): New method.
	(pwdgrp::add_account_from_file): New methods.
	(pwdgrp::add_account_from_windows): New methods.
	(pwdgrp::check_file): New method.
	(pwdgrp::fetch_account_from_line): New method.
	(pwdgrp::fetch_account_from_file): New method.
	(pwdgrp::fetch_account_from_windows): New method.
	* winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-09 19:44:56 +00:00
Corinna Vinschen ccd40e46d7 * grp.cc (get_groups): Convert to void function.
(initgroups32): Accommodate the aforementioned change.
	(getgrouplist): Ditto.
2013-05-14 09:07:30 +00:00
Corinna Vinschen ee6ed1db45 * grp.cc (get_groups): Never return error. Always create a group list,
even if it's empty.
2013-05-14 08:50:37 +00:00
Corinna Vinschen 61522196c7 * Merge in cygwin-64bit-branch. 2013-04-23 09:44:36 +00:00
Christopher Faylor bc837d22f3 Throughout, update copyrights to reflect dates which correspond to main-branch
checkins.  Regularize copyright format.
2013-01-21 04:38:31 +00:00
Corinna Vinschen 02f63d4720 * grp.cc (pwdgrp::parse_group): Convert grp from macro to reference.
* passwd.cc (pwdgrp::parse_passwd): Ditto for res.
2012-02-03 12:26:08 +00:00
Christopher Faylor b9aa81491f Throughout, remove extra space after function name from debugging output.
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
2011-12-03 21:43:27 +00:00
Corinna Vinschen 0c1d8aaaf1 * cygwin.din (getgrouplist): Export.
* grp.cc (get_groups): New static function to run the core functionality
	of initgroups and getgrouplist.
	(initgroups32): Call get_groups and just create supplementary group
	list in cygheap.  Rename name of first argument to "user".  Add an
	assertion to test for a NULL user name.
	(initgroups): Rename name of first argument to "user".
	(getgrouplist): New function.
	* posix.sgml (std-bsd): Add getgrouplist.
	* include/cygwin/grp.h (getgrouplist): Declare.
	* include/cygwin/version.h: Bump API minor number.
2011-10-28 09:26:42 +00:00
Christopher Faylor b86f999af1 whitespace elimination 2011-06-06 05:02:13 +00:00
Corinna Vinschen 12eac211c9 * advapi32.cc (GetTokenInformation): Remove.
(SetTokenInformation): Remove.
	* grp.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_auth.cc: Ditto.
	* syscalls.cc: Ditto.
	* uinfo.cc: Ditto.
2011-04-29 07:34:05 +00:00
Corinna Vinschen b89fb103f2 * grp.cc (getgrgid_r): Simplify code by using stpcpy.
(getgrnam_r): Ditto.
	* passwd.cc (getpwuid_r32): Simplify code by using stpcpy.
	(getpwnam_r): Ditto.
2009-01-26 13:20:46 +00:00
Corinna Vinschen 2768ae50dd * grp.cc (pwdgrp::read_group): Generate more speaking group name
if passwd gid exists under different gid in /etc/group.
2008-10-09 11:52:54 +00:00
Corinna Vinschen 520fcc9747 * shared.cc (user_shared_initialize): Fetch potentially changed Cygwin
username from /etc/passwd before loading mount table.
	(shared_info::init_installation_root): New function fetching Cygwin's
	installation root dir and storing as native NT path in global shared
	memory.
	(shared_info::initialize): Call init_installation_root exactly once at
	first startup.
	* shared_info.h (SHARED_INFO_CB): Accommodate change to shared_info.
	(CURR_SHARED_MAGIC): Ditto.
	(class shared_info): Add installation_root member.
	(shared_info::init_installation_root): Declare.

	* grp.cc (pwdgrp::read_group): Call pwdgrp::load with native WCHAR path.
	* passwd.cc (pwdgrp::read_passwd): Ditto.  Avoid recursion.
	(etc::init): Take POBJECT_ATTRIBUTES instead of path_conv.
	* path.h (etc::init): Change prototype accordingly.
	* pwdgrp.h (class pwdgrp): Store path as UNICODE_STRING/PWCHAR instead
	of as path_conv.
	(pwdgrp::load): Accommodate prototype.
	* uinfo.cc (pwdgrp::load): Change argument type from char to wchar_t.
	Create native NT path here instead of calling path_conv.

	* mount.cc (find_root_from_cygwin_dll): Drop in favor of global
	initializaion in shared_info.
	(mount_info::init): Fetch native NT root dir from cygwin_shared.
	(mount_info::from_fstab): Expect native NT path and use native NT
	functions to access file.  Convert username part in user fstab path
	according to special char transformation rules.
	* path.cc (tfx_chars): Convert slash to backslash.
	(transform_chars): Implement for path given as PWCHAR.
	(transform_chars): PUNICODE_STRING version calls PWCHAR version.
	Remove useless commented code.
2008-07-24 18:25:52 +00:00
Corinna Vinschen 5558de95e5 * autoload.cc (DsGetDcNameW): Replace DsGetDcNameA.
* dcrt0.cc (child_info_spawn::handle_spawn): Drop artificial
	supplementary group list from calling setgroups in parent.
	* grp.cc (internal_getgroups): Drop 9x-only code.  Reformat.
	* sec_auth.cc (get_logon_server): Do everything in WCHAR only.
	(get_user_groups): Ditto.  Use wlogonserver in LookupAccountNameW
	calls, too.
	(is_group_member): Get logon server as first argument and use in call
	to NetLocalGroupGetMembers.
	(get_user_local_groups): Get logon server as first argument and use in
	calls to NetLocalGroupEnum and LookupAccountNameW.  Revamp to work
	more correctly in domain environments.
	(get_server_groups): Accommodate aforementioned changed function calls.
	* security.h (get_logon_server): Change prototype accordingly.
	* uinfo.cc (cygheap_user::env_logsrv): Accommodate changed
	get_logon_server call.
2008-07-09 11:58:38 +00:00
Corinna Vinschen 8f7208243e * grp.cc (internal_getgroups): Also add integrity-enabled groups. 2008-07-09 09:14:12 +00:00
Corinna Vinschen 8a179967e6 * grp.cc (internal_getgroups): Fix thinko. Only add enabled groups to
the group list.
2008-05-22 21:14:30 +00:00
Corinna Vinschen 2122048bd6 * grp.cc (internal_getgroups): Don't add deny-only groups to the group
list.
2008-05-22 21:03:54 +00:00
Corinna Vinschen ab6cadb0c3 * grp.cc (internal_getgroups): Drop local buf. Allocate groups
directly using alloca.
2008-04-16 10:02:05 +00:00
Christopher Faylor b13e6864f5 Remove unneeded header files from source files throughout. 2008-04-07 18:45:59 +00:00
Corinna Vinschen 77ee880504 * cygheap.h (cygheap_user::curr_imp_token): Rename from current_token.
Accommodate changge throughout Cygwin.
	(cygheap_user::imp_token): Rename from token.  Accommodate changge
	throughout Cygwin.
	(rcygheap_user::eimpersonate): Use primary token for impersonation.
	* grp.cc (internal_getgroups): Use primary impersonation token when
	impersonated.
	* security.h (_push_thread_privilege): Use primary impersonation token
	when impersonated.
2007-07-16 20:01:15 +00:00
Corinna Vinschen a76877e977 Throughout remove all usage of wincap.has_security.
* environ.cc (environ_init): Drop setting allow_ntsec here.
	* grp.cc (initgroups32): Drop usage of label "out".
	* security.cc (allow_ntsec): Set to true by default.
	* syscalls.cc (seteuid32): Remove label success_9x.
	* wincap.cc: Remove has_security throughout.
	* wincap.h: Ditto.
2007-02-23 15:15:50 +00:00
Corinna Vinschen 5684cfebba Partially revert change from 2005-04-03, always running under an
impersonation token, which collides with Vista UAC.
	* cygheap.h (deimpersonate): revert to self instead of impersonating
	hProcImpToken.
	(reimpersonate): Only impersonate if setuid.
	* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
	(dll_crt0_1): Set privileges on hProcToken.
	* fork.cc (frok::child): Set privileges on hProcToken.  Close handle to
	hProcImpToken.
	* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
	* security.cc (check_access): Create hProcImpToken on demand here.
	* security.h (set_process_privilege): Set privileges on hProcToken.
	(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
	(pop_thread_privilege): If not setuid'ed, revert to self.
	* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
	Close handle to hProcImpToken.
	* uinfo.cc (internal_getlogin): Ditto.
	* winsup.h (clear_procimptoken): New inline function.
2006-12-12 16:27:32 +00:00
Corinna Vinschen b825c587ba * cyglsa.h: New header file.
* environ.cc: Disable subauth settings.
	* grp.cc: Accomodate cygsidlist's count now being a method.
	* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
	(mandatory_medium_integrity_sid): Remove.
	(mandatory_high_integrity_sid): Remove.
	(mandatory_system_integrity_sid): Remove.
	(fake_logon_sid): Add.
	(cygsid::get_sid): Add well_known parameter.  Set well_known_sid
	accordingly.
	(cygsid::getfromstr): Ditto.
	(cygsidlist::alloc_sids): Move here from security.cc.
	(cygsidlist::free_sids): Ditto.
	(cygsidlist::add): Move here from security.h.  Add well_known parameter.
	Set well_known_sid accordingly.  Don't allow duplicate SIDs.
	* security.cc: Include cyglsa.h and cygwin/version.h.  Throughout
	accomodate cygsidlist's count now being a method.  Throughout drop
	redundant "contains" tests.
	(get_user_local_groups): Add local groups as well known SIDs.
	(get_token_group_sidlist): Add well known groups as well known SIDs.
	(get_server_groups): Ditto.  Only call get_unix_group_sidlist after
	get_user_local_groups to maintain "well_known_sid" attribute.
	(get_initgroups_sidlist): Add well known groups as well known SIDs.
	(get_setgroups_sidlist): Add usersid and struct passwd parameter to
	allow calling get_server_groups from here.
	(get_system_priv_list): Make static.  Return size of TOKEN_PRIVILEGES
	structure.
	(get_priv_list): Ditto.
	(create_token): Accomodate above changes.  Drop misguided attempt to
	add MIC SIDs to created user token.  Print returned token as hex value.
	(subauth): Disable.
	(lsaauth): New function implementing client side of LSA authentication.
	* security.h (class cygsid): Add well_known_sid attribute.  Accomodate
	throughout.  Add *= operator to create a well known SID.
	(class cygsidlist): Rename count to cnt.  Make count a method.
	(cygsidlist::add): Move to sec_helper.cc.
	(cygsidlist::operator *=): New method to add well known SID.
	(cygsidlist::non_well_known_count): New method returning number of
	non well known SIDs in list.
	(cygsidlist::next_non_well_known_sid): New method returning next non
	well known SID by index.
	(mandatory_medium_integrity_sid): Drop declaration.
	(mandatory_high_integrity_sid): Drop declaration.
	(mandatory_system_integrity_sid): Drop declaration.
	(fake_logon_sid): Add declaration.
	(subauth): Disable declaration.
	(lsaauth): Add declaration.
	* syscalls.cc (seteuid32): Disable subauthentication.  Add LSA
	authentication.
	* wincap.h: Define needs_logon_sid_in_sid_list throughout.
	* wincap.cc: Ditto.
2006-11-27 12:59:59 +00:00
Corinna Vinschen 55283468e6 * grp.cc (initgroups32): Run get_server_groups under original token.
* syscalls.cc (seteuid32): Slightly reorganize code creating a token.
2006-08-31 15:57:56 +00:00
Christopher Faylor 3aca3cb636 Remove some more unneeded 'return;'s throughout. 2005-09-14 14:27:56 +00:00
Corinna Vinschen 96ab3848d6 * grp.cc (initgroups32): Return the correct value. 2005-04-18 16:03:08 +00:00