Commit Graph

28 Commits

Author SHA1 Message Date
Corinna Vinschen 6c86b85f4e Cygwin: ldap: Fix overwriting domain when creating naming context
cyg_ldap::fetch_ad_account creates a naming context from the
incoming domain, if it's not NULL.  The algorithm overwrites
dots with \0 in domain while creating the naming context, but
neglects to restore the dots.

Fix that by never overwriting the incoming domain name.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-02 12:43:34 +01:00
Corinna Vinschen 322ab51659 Cygwin: user profile: fetch roaming profile path via LDAP
Commit 649911fb40 avoids the
calls to NetUserGetGroups and NetUserGetLocalGroups since
these can take a lot of time.  The same problem potentially
occurs when loading the user profile.  The code fetches
the roaming profile path calling NetUserGetInfo, which also
can be rather slow.

To avoid this problem, fetch the profile patch using LDAP.
Also, don't bail out early if the user's registry hive already
exists.  This may result in outdated information.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:22:44 +01:00
Corinna Vinschen 79c4e95fad Cygwin: ldap.cc: fix formatting
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 12:43:25 +01:00
Corinna Vinschen 6e623e9320 Switching the Cygwin DLL to LGPLv3+, dropping commercial buyout option
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.

Everything else stays under GPLv3+.

New Linking Exception exempts resulting executables from LGPLv3 section 4.

Add CONTRIBUTORS file to keep track of licensing.

Remove 'Copyright Red Hat Inc' comments.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-23 10:09:17 +02:00
Corinna Vinschen 0fb41ffa65 * ldap.cc (cyg_ldap::wait): Call cygwait with cw_infinite timeout value
and with cw_sig_restart instead of cw_sig_eintr.  Drop useless
	_my_tls.call_signal_handler call.  Return EIO if cygwait failed.
2015-02-26 17:27:59 +00:00
Corinna Vinschen ad8d295e7c * ldap.h: Remove index macros.
(class cyg_ldap): Remove members srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Remove private method taking index
	argument.
	(cyg_ldap::get_num_attribute): Ditto.  Add method taking attribute name.
	(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
	(cyg_ldap::get_unix_uid): Ditto.
	(cyg_ldap::get_unix_gid): Ditto.
	* ldap.cc: Throughout, use msg and entry in place of srch_msg and
	srch_entry.
	(std_user_attr): Add sAMAccountName and objectSid.
	(group_attr): Ditto.
	(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Move earlier in file.
	(cyg_ldap::get_num_attribute): Ditto.
	(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
	Use group_attr or user_attr rather than sid_attr to fetch all desired
	attributes for an account right away.
	(cyg_ldap::next_account): Store found SID in last_fetched_sid to
	skip calls to fetch_ad_account from fetch_account_from_windows.
	(cyg_ldap::get_string_attribute): Remove method taking index argument.
	(cyg_ldap::get_num_attribute): Ditto.
	* pwdgrp.h (class pg_ent): Fix formatting.  Add member dom.
	* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
	in dom.  Construct fetch_acc_t argument from LDAP attributes and
	call fetch_account_from_windows with that.
	* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
	FULL_acc_arg.  Change throughout.
	(struct fetch_acc_t): Rename from fetch_full_grp_t.  Change throughout.
	(struct fetch_user_arg_t): Rename full_grp to full_acc.  Change
	throughout.
2015-02-24 20:52:57 +00:00
Corinna Vinschen c3470988cf * ldap.cc (struct cyg_ldap_search): Add scope member.
(cyg_ldap::search_s): Add parameter scope.  Use as LDAP search scope
	instead of fixed LDAP_SCOPE_SUBTREE scope.
	(ldap_search_thr): Call cyg_ldap::search_s with scope from argument.
	(cyg_ldap::search): Add parameter scope and fill in to cyg_ldap_search.
	(cyg_ldap::fetch_ad_account): Call search with LDAP_SCOPE_SUBTREE scope.
	(cyg_ldap::fetch_posix_offset_for_domain): Call search with
	LDAP_SCOPE_ONELEVEL scope.
	(cyg_ldap::fetch_unix_sid_from_ad): Call search with LDAP_SCOPE_SUBTREE
	scope.
	(cyg_ldap::fetch_unix_name_from_rfc2307): Ditto.
	* ldap.h (cyg_ldap::search): Align prototype to above change.
	(cyg_ldap::search_s): Ditto.
2015-02-18 10:25:14 +00:00
Corinna Vinschen 8e25eb2c85 * ldap.cc: Macro-ize filter expressions. Use throughout to compute
required filter buffer size if filter is a local buffer.
2015-02-18 10:04:14 +00:00
Corinna Vinschen b50e45ff15 * ldap.cc (cyg_ldap::fetch_posix_offset_for_domain): Drop stray
system_printf.
2015-02-17 21:17:49 +00:00
Corinna Vinschen c6d22dd3b0 * ldap.h (class cyg_ldap): Rename rootdse to def_context. Change
throughout.
	* ldap.cc (cyg_ldap::open): Fix debug output.
	(cyg_ldap::fetch_ad_account): Rename rdse to base.  Restrict LDAP
	query to users and groups only.
	(cyg_ldap::enumerate_ad_accounts): Rearrange filter expression for
	user accounts.
	(SYSTEM_CONTAINER): New macro.
	(cyg_ldap::fetch_posix_offset_for_domain): Set base in LDAP search
	to the "System" container in the default naming context to restrict
	the search scope.
	(cyg_ldap::fetch_unix_sid_from_ad): Add objectCategory=Person to
	search filter for users.
2015-02-17 21:08:01 +00:00
Corinna Vinschen b49934db7f * cygheap.h (cygheap_pwdgrp::get_home): Add dnsdomain parameter to
declaration in ldap-related method.
	(cygheap_pwdgrp::get_shell): Ditto.
	(cygheap_pwdgrp::get_gecos): Ditto.
	* ldap.cc (cyg_ldap::open): Use NO_ERROR instead of 0.
	(cyg_ldap::close): Reset last_fetched_sid.
	(cyg_ldap::fetch_ad_account): Return immediately if sid is the same as
	last_fetched_sid.  Open LDAP connection from here.  Move initialization
	of rdse after open call.  Set last_fetched_sid if LDAP call was
	successful.
	* ldap.h (class cyg_ldap): Add member last_fetched_sid.
	(cyg_ldap::cyg_ldap): Initialize last_fetched_sid.
	(cyg_ldap::is_open): New inline method.
	* uinfo.cc (cygheap_pwdgrp::init): Drop initialization of db_home,
	db_shell and db_gecos with "cygwin desc", thus only using the fallback
	by default.
	(fetch_windows_home): Add parameter dnsdomain.  Call
	cyg_ldap::fetch_ad_account if required.
	(fetch_from_path): Add parameter dnsdomain.  Call fetch_windows_home
	accordingly.
	(cygheap_pwdgrp::get_home): Accomodate call to fetch_windows_home.
	Add dnsdomain parameter in ldap-related method.  Call
	cyg_ldap::fetch_ad_account if required.
	(cygheap_pwdgrp::get_shell): Ditto.
	(cygheap_pwdgrp::get_gecos): Ditto.
	(pwdgrp::fetch_account_from_windows): Drop cyg_ldap::open call prior to
	cyg_ldap::fetch_ad_account call.  Set is_current_user to true if we're
	handling the current user account.  Make sure to perform the LDAP calls
	only for users, and only if required.
2015-02-12 16:55:38 +00:00
Corinna Vinschen 93d15b36ef * Makefile.in (install): Add install-ldif target.
(install-ldif): New target to install cygwin.ldif.
	* cygheap.h (class cygheap_pwdgrp): Rename pfx_t to nss_pfx_t.  Add
	PFX to enum value.  Add nss_scheme_method enum and nss_scheme_t
	structure.  Add home_scheme, shell_scheme and gecos_scheme members.
	(NSS_SCHEME_MAX): Define.
	(cygheap_pwdgrp::get_home): Declare.
	(cygheap_pwdgrp::get_shell): Declare.
	(cygheap_pwdgrp::get_gecos): Declare.
	* cygwin.ldif: New file.
	* ldap.cc (std_user_attr): New array, just defining the standard
	attributes.
	(group_attr): Add cygwinUnixGid.
	(user_attr): Convert to macro pointing to cygheap->pg.ldap_user_attr.
	(cygheap_pwdgrp::init_ldap_user_attr): New method.
	(cyg_ldap::fetch_ad_account): Call cygheap_pwdgrp::init_ldap_user_attr
	if user_attr initialization is required.  Fix comment.
	(cyg_ldap::get_string_attribute): Implement taking attribute name
	as argument.
	* ldap.h: Drop unused macros.
	(cyg_ldap::get_gecos): Remove.
	(cyg_ldap::get_home): Remove.
	(cyg_ldap::get_shell): Remove.
	(cyg_ldap::get_string_attribute): Declare name argument variant public.
	* uinfo.cc (cygheap_user::ontherange): Fix indentation.
	(cygheap_pwdgrp::init): Initialize new home_scheme, shell_scheme and
	gecos_scheme members.  Align comment.
	(NSS_NCMP): Define comparison macro.
	(NSS_CMP): Ditto.
	(cygheap_pwdgrp::nss_init_line): Use aforementioned macros throughout.
	Fix comment handling.  Add db_home, db_shell and db_gecos handling.
	(fetch_from_description): New function to fetch XML-style attributes
	from (description) string.
	(fetch_from_path): New function to evaluate path string with wildcards.
	(cygheap_pwdgrp::get_home): New methods to fetch pw_dir value.
	(cygheap_pwdgrp::get_shell): Ditto for pw_shell.
	(cygheap_pwdgrp::get_gecos): Ditto for pw_gecos.
	(colon_to_semicolon): Move up.
	(pwdgrp::fetch_account_from_windows): Convert home, shell, gecos
	variables to char*.  Drop statement breaking extended group info.
	Fetch home, shell and gecos values using new methods.  Use
	fetch_from_description calls to fetch UNIX id and primary groups from
	SAM comment field.  Accommodate uxid being a char* now.  Accommodate
	the fact that extended info is malloc'ed, rather then alloca'ed.
	Create linebuf content as multibyte string.  Create line buffer by
	just calling cstrdup.
2014-11-26 19:46:59 +00:00
Corinna Vinschen 898e26c82f * cygheap.h (class cygheap_domain_info): Remove lowest_tdo_posix_offset.
* ldap.cc (cyg_ldap::fetch_posix_offset_for_domain): Return UINT32_MAX
	in case of error.
	* security.h (PRIMARY_POSIX_OFFSET): Define.
	(NOACCESS_POSIX_OFFSET): Define.
	(UNUSABLE_POSIX_OFFSET): Define.
	* uinfo.cc (cygheap_domain_info::init): Drop initializing
	lowest_tdo_posix_offset.
	(pwdgrp::fetch_account_from_file): Set PosixOffset to either
	UNUSABLE_POSIX_OFFSET or NOACCESS_POSIX_OFFSET in case we don't get a
	sensible offset from AD.  Explain why.  Drop setting ch
	lowest_tdo_posix_offset.
	(pwdgrp::fetch_account_from_windows): Replace constant 0x100000 with
	PRIMARY_POSIX_OFFSET throughout.
2014-07-29 08:53:13 +00:00
Corinna Vinschen 9b9fb0042f * errno.cc (errmap): Handle Windows error codes ERROR_CANCELLED,
ERROR_CONNECTION_REFUSED, ERROR_DEV_NOT_EXIST, ERROR_DS_GENERIC_ERROR,
	ERROR_NOT_ENOUGH_QUOTA, ERROR_SERVICE_REQUEST_TIMEOUT, ERROR_TIMEOUT,
	ERROR_UNEXP_NET_ERR.
	* ldap.cc (cyg_ldap::map_ldaperr_to_errno): Drop explicit LDAP_TIMEOUT
	handling.
2014-06-25 09:59:38 +00:00
Corinna Vinschen 37b1464588 * ldap.cc (cyg_ldap::map_ldaperr_to_errno): Explicitely map LDAP_TIMEOUT
to EIO.
2014-06-25 09:28:12 +00:00
Corinna Vinschen e35b92c202 * autoload.cc (ldap_search_sW): Replace ldap_search_stW.
(LdapMapErrorToWin32): Import.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Accommodate
	change to cyg_ldap::open.
	* ldap.cc (CYG_LDAP_TIMEOUT): Remove.
	(CYG_LDAP_ENUM_TIMEOUT): Remove.
	(def_tv): Remove.
	(enum_tv): Remove.
	(cyg_ldap::map_ldaperr_to_errno): New method to map LDAP error codes to
	POSIX errno codes.  Explicitly map LDAP_NO_RESULTS_RETURNED to ENMFILE.
	(cyg_ldap::wait): Ditto.
	(struct cyg_ldap_init): New struct.
	(cyg_ldap::connect_ssl): Return ULONG.  Drop setting LDAP_OPT_TIMELIMIT.
	Add call to ldap_search_sW to fetch root DSE.
	(cyg_ldap::connect_non_ssl): Ditto.
	(ldap_init_thr): New static thread function.
	(cyg_ldap::connect): New method to call connect_ssl/connect_non_ssl in
	an interruptible cygthread.
	(struct cyg_ldap_search): New struct.
	(cyg_ldap::search_s): New method to perform generic synchronous search.
	(ldap_search_thr): New static thread function.
	(cyg_ldap::search): New method to call search_s in an interruptible
	cygthread.
	(struct cyg_ldap_next_page): New struct.
	(cyg_ldap::next_page_s): New method to perform generic synchronous
	paged search.
	(ldap_next_page_thr): New static thread function.
	(cyg_ldap::next_page): New method to call next_page_s in an
	interruptible cygthread.
	(cyg_ldap::open): Return POSIX errno.  Call connect method.
	(cyg_ldap::fetch_ad_account): Call search method rather than
	ldap_search_stW.
	(cyg_ldap::enumerate_ad_accounts): Return POSIX errno.  Use infinite
	timeout in call to ldap_search_init_pageW.
	(cyg_ldap::next_account): Return POSIX errno.  Call next_page method
	rather than ldap_get_next_page_s.
	(cyg_ldap::fetch_posix_offset_for_domain): Call search method rather
	than ldap_search_stW.
	(cyg_ldap::fetch_unix_sid_from_ad): Ditto.
	(cyg_ldap::fetch_unix_name_from_rfc2307): Ditto.
	* ldap.h (class cyg_ldap): Accommodate aforementioned changes.
	* passwd.cc (pg_ent::enumerate_ad): Ditto.  Break search if one of
	cyg_ldap::enumerate_ad_accounts or cldap.next_account returns with
	an error code other than ENMFILE.
	* sec_helper.cc (cygpsid::get_id): Accommodate change to cyg_ldap::open.
	* uinfo.cc (fetch_posix_offset): Ditto.
2014-06-25 09:10:50 +00:00
Corinna Vinschen 852ed641ee * ldap.cc (CYG_LDAP_TIMEOUT): Set to 5 secs.
(CYG_LDAP_ENUM_TIMEOUT): New timeout value for enumeration only.  Set
	to 60 secs.
	(CYG_LDAP_ENUM_PAGESIZE): Define as number of entries per single
	search page.  Set to 100.  Use throughout.
	(def_tv): Rename from tv.  Use throughout.
	(enum_tv): New variable.  Use in call to ldap_get_next_page_s.
2014-06-23 09:09:54 +00:00
Corinna Vinschen b1c17593f8 * ldap.cc (CYG_LDAP_TIMEOUT): Define as timeout value. Set to 30 secs
for now.  Use throughout.
	* uinfo.cc (colon_to_semicolon): New local function.
	(pwdgrp::fetch_account_from_windows): Convert all colons in AD gecos
	entry to commas.
2014-06-18 17:41:52 +00:00
Corinna Vinschen f9f90410fd * autoload.cc (ldap_memfreeW): Remove.
(ldap_msgfree): Import.
	* ldap.cc: Throughout, use ldap_msgfree to free LDAPMessage memory,
	rather than ldap_memfreeW.
	(cyg_ldap::next_account): Immediately abandon search when quiting from
	search.
2014-05-23 10:29:11 +00:00
Corinna Vinschen 449429c16a * autoload.cc (ldap_abandon): Remove.
(ldap_count_entries): Import.
	(ldap_get_next_page_s): Import.
	(ldap_result): Remove.
	(ldap_searchW): Remove.
	(ldap_search_abandon_page): Import.
	(ldap_search_init_pageW): Import.
	* ldap.cc (cyg_ldap::close): Use ldap_search_abandon_page to abandon
	search.  Reset srch_id, srch_msg and srch_entry.
	(cyg_ldap::enumerate_ad_accounts): Use paged search to overcome server
	side search result set restriction.
	(cyg_ldap::next_account): Ditto.
	* ldap.h (class cyg_ldap): Add members srch_id, srch_msg and srch_entry.
	Remove member msg_id.
	(cyg_ldap::cyg_ldap): Change initialization accordingly.
2014-05-22 20:07:25 +00:00
Corinna Vinschen 03e3cf9846 * ldap.cc (cyg_ldap::fetch_ad_account): Take additional domain string
parameter.  Convert into likely rootDSE string if not NULL, and use in
	subsequent call to ldap_search_stW.  Add comment to explain that this
	is not the exactly correct solution.
	* ldap.h (cyg_ldap::fetch_ad_account): Change prototype accordingly.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Always use loc_ldap
	in call to fetch_posix_offset to make sure we're fetchoinmg the posix
	offsets from *our* domain controller.  Only set domain variable to
	non-NULL if the account is from a trusted domain.  Use domain in call
	to cyg_ldap::fetch_ad_account.
2014-05-22 14:50:24 +00:00
Corinna Vinschen 93a1517f68 * ldap.cc (user_attr): Remove "uid" attribute.
* ldap.h (LDAP_USER_NAME_ATTR): Remove.  Change other attribute index
	values as required.
	(cyg_ldap::get_user_name): Remove inline function.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Remove code to handle
	Cygwin username different from Windows username.
	(pwdgrp::add_account_from_cygserver): Remove unnecessary cast.
2014-04-22 10:36:35 +00:00
Corinna Vinschen 5e6b3cafa2 * ldap.cc (rediscover_thread): Remove.
(cyg_ldap::open): Remove code to rediscover DC.  It just won't do the
	right thing.
	(cyg_ldap::enumerate_ad_accounts): Change to be self-sufficient (no
	explicit open call required).  Enumerate on a DC of the domain itself
	instead of relying on delegation.  Remove ill-advised code trying to
	generate rootdse from domain name.
	* passwd.cc (pg_ent::enumerate_ad): Drop explicit call to
	cyg_ldap::open.
2014-03-05 20:58:33 +00:00
Corinna Vinschen b39fa2c88d * autoload.cc (CheckTokenMembership): Import.
* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id.
	* grp.cc (internal_getgrsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_group_from_windows.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(gr_ent::enumerate_local): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(getgroups32): Rename from internal_getgroups and drop getgroups32 stub.
	Drop srchsid parameter and code handling it.  Add local cyg_ldap
	instance and forward to internal_getgrXXX.
	(getgroups): Call getgroups32.
	(get_groups): Add local cyg_ldap instance and forward to
	internal_getgrXXX.
	(getgrouplist): Ditto.
	(setgroups32): Ditto.
	* ldap.cc (cyg_ldap::open): Don't call close.  Return true if connection
	is already open.
	(cyg_ldap::remap_uid): Forward this to internal_getpwsid.
	(cyg_ldap::remap_gid): Forward this to internal_getgrsid.
	* passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_user_from_windows.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(pg_ent::enumerate_builtin): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(pg_ent::enumerate_sam): Ditto.
	(pg_ent::enumerate_ad): Ditto.  Forward local cldap instead.
	* pwdgrp.h (internal_getpwsid): Align declaration to above change.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(internal_getgrsid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgroups): Drop declaration.
	(pwdgrp::add_account_from_windows): Align declaration to below change.
	(pwdgrp::add_user_from_windows): Ditto.
	(pwdgrp::add_group_from_windows): Ditto.
	* sec_acl.cc (setacl): Add local cyg_ldap instance and forward to
	internal_getpwuid and internal_getgrgid.
	(getacl): Add local cyg_ldap instance and forward to cygpsid::get_id.
	(aclfromtext32): Add local cyg_ldap instance and forward to
	internal_getpwnam and internal_getgrnam.
	* sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer.
	Forward to internal_getgrsid and internal_getpwsid.
	(get_sids_info): Drop ldap_open.  Forward local cldap to
	internal_getpwsid and internal_getgrXXX.  Call CheckTokenMembership
	rather than internal_getgroups.
	* security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default
	parameter.
	(cygpsid::get_uid): Add cyg_ldap pointer.  Call get_id accordingly.
	(cygpsid::get_gid): Ditto.
	* uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward
	to internal_getpwXXX and internal_getgrXXX calls.
	(pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer.
	Forward to pwdgrp::fetch_account_from_windows.
	(fetch_posix_offset): Drop ldap_open argument and handling.  Get
	cyg_ldap instance as pointer.
	(pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer.
	Use it if it's not NULL, local instance otherwise.  Drop ldap_open.
	Drop fetching extended group arguments from AD for speed.
2014-02-27 12:57:27 +00:00
Corinna Vinschen a8cf6887a2 * autoload.cc (ldap_abandon): Import.
(ldap_result): Import.
	(ldap_searchW): Import.
	(NetGroupEnum): Import.
	(NetLocalGroupEnum): Import.
	(NetUserEnum): Import.
	* cygheap.h (class cygheap_pwdgrp): Add members enums and enum_tdoms.
	(cygheap_pwdgrp::nss_db_enums): New inline method.
	(cygheap_pwdgrp::nss_db_enum_tdoms): Ditto.
	* cygtls.h (struct _local_storage): Drop unused members pw_pos and
	grp_pos.
	* grp.cc (grent): New static variable of class gr_ent.
	(gr_ent::enumerate_caches): New method.
	(gr_ent::enumerate_local): New method.
	(gr_ent::getgrent): New method.
	(setgrent): Call gr_ent method.
	(getgrent32): Ditto.
	(endgrent): Ditto.
	* ldap.cc (sid_attr): Rename from nfs_attr.
	(cyg_ldap::close): Abandon still running asynchronous search.
	(cyg_ldap::fetch_ad_account): Reduce filter buffer size.
	(cyg_ldap::enumerate_ad_accounts): New method.
	(cyg_ldap::next_account): New method.
	(cyg_ldap::fetch_posix_offset_for_domain): Reduce filter buffer size.
	(cyg_ldap::fetch_unix_sid_from_ad): Ditto.  Fix return value in case
	no value has been read.
	(cyg_ldap::fetch_unix_name_from_rfc2307): Reduce filter buffer size.
	* ldap.h (class cyg_ldap): Add msg_id member.
	(cyg_ldap::enumerate_ad_accounts): Declare.
	(cyg_ldap::next_account): Declare:
	* passwd.cc (pwent): New static variable of class pw_ent.
	(pg_ent::clear_cache): New method.
	(pg_ent::setent): New method.
	(pg_ent::getent): New method.
	(pg_ent::endent): New method.
	(pg_ent::enumerate_file): New method.
	(pg_ent::enumerate_builtin): New method.
	(pg_ent::enumerate_sam): New method.
	(pg_ent::enumerate_ad): New method.
	(pw_ent::enumerate_caches): New method.
	(pw_ent::enumerate_local): New method.
	(pw_ent::getpwent): New method.
	(setpwent): Call pw_ent method.
	(getpwent): Ditto.
	(endpwent): Ditto.
	* pwdgrp.h (class pwdgrp): Define pg_ent, pw_ent and gr_ent as friend
	classes.
	(pwdgrp::add_account_post_fetch): Declare with extra bool parameter.
	(pwdgrp::file_attr): New inline method.
	(enum nss_enum_t): Define.
	(class pg_ent): Define.
	(class pw_ent): Define.
	(class gr_ent): Define.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (cygheap_pwdgrp::init): Initialize enums and enum_tdoms.
	(cygheap_pwdgrp::nss_init_line): Fix typo in preceeding comment.
	Handle new "db_enum" keyword.
	(pwdgrp::add_account_post_fetch): Take additional `bool lock' parameter
	and acquire pglock before adding element to array if lock is true.
	(pwdgrp::add_account_from_file): Call add_account_post_fetch with lock
	set to true.
	(pwdgrp::add_account_from_windows): Ditto in case of caching.
	(pwdgrp::fetch_account_from_windows): Handle builtin aliases only
	known to the domain controller.  Only call NetLocalGroupGetInfo for
	aliases.
2014-02-17 15:36:33 +00:00
Corinna Vinschen 85b8256d2e * ldap.cc (cyg_ldap::fetch_posix_offset_for_domain): If domain name
has no dot, it's a Netbios name.  Change the search filter expression
	accordingly and filter by flatName.  Add comment.
	* uinfo.cc (cygheap_domain_info::init):  Gracefully handle NULL
	DnsDomainName and DomainSid members in DS_DOMAIN_TRUSTSW strutures.
	Add comment.  Fix comment preceeding fetching the mapping server
	from registry.
	(pwdgrp::fetch_account_from_file): Convert str to a local array.
	(fetch_posix_offset): New static function.
	(pwdgrp::fetch_account_from_windows): Add debug output in case
	LookupAccountSidW fails.  Simplify code by calling fetch_posix_offset
	where appropriate.  If LookupAccountSidW fails, check if the SID is
	one of the known trusted domains.  If so, create a more informative
	account entry.
2014-02-13 14:04:03 +00:00
Corinna Vinschen f8efc42f66 * ldap.cc (rediscover_thread): Give argument a useful name.
* miscfuncs.cc (NT_readline::init): It's a really bad idea trying to
	print a pointer to a PUNICODE_STRING as PUNICODE_STRING.  Fix it.
	* uinfo.cc (cygheap_domain_info::init): Print status codes as hex
	values in debug output.
2014-02-11 17:45:09 +00:00
Corinna Vinschen 1ca20a1cd2 Introduce reading passwd/group entries from SAM/AD. Introduce
/etc/nsswitch.conf file to configure it.
	* Makefile.in (DLL_OFILES): Add ldap.o.
	* autoload.cc: Import ldap functions from wldap32.dll.
	(DsEnumerateDomainTrustsW): Import.
	(NetGroupGetInfo): Import.
	* cygheap.h (class cygheap_domain_info): New class to keep global
	domain info.
	(class cygheap_pwdgrp): New class to keep passwd/group caches and
	configuration info from /etc/nssswitch.conf.
	(struct init_cygheap): Add cygheap_domain_info member "dom" and
	cygheap_pwdgrp member "pg".
	* cygtls.h (struct _local_storage): Remove unused member "res".
	Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
	passwd/group fetching from SAM/AD.  Make pw_pos and pw_pos unsigned.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
	uid/gid mapping.
	* fhandler_process.cc: Drop including pwdgrp.h.
	* fhandler_procsysvipc.cc: Ditto.
	* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
	to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
	* grp.cc (group_buf): Drop.
	(gr): Drop.
	(pwdgrp::parse_group): Fill pg_grp.
	(pwdgrp::read_group): Remove.
	(pwdgrp::init_grp): New method.
	(pwdgrp::prep_tls_grbuf): New method.
	(pwdgrp::find_group): New methods.
	(internal_getgrsid): Convert to call new pwdgrp methods.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
	(getgrgid32): Ditto.
	(getgrnam_r): Ditto for internal_getgrnam.
	(getgrnam32): Ditto.
	(getgrent32): Convert to call new pwdgrp methods.
	(internal_getgrent): Remove.
	(internal_getgroups): Simplify, especially drop calls to
	internal_getgrent.
	* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
	and RFC 2307 server.
	* ldap.h: New header, declaring cyg_ldap class.
	* passwd.cc (passwd_buf): Drop.
	(pr): Drop.
	(pwdgrp::parse_passwd): Fill pg_pwd.
	(pwdgrp::read_passwd): Remove.
	(pwdgrp::init_pwd): New method.
	(pwdgrp::prep_tls_pwbuf): New method.
	(find_user): New methods.
	(internal_getpwsid): Convert to call new pwdgrp methods.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
	(getpwuid_r): Ditto.
	(getpwnam): Ditto for internal_getpwnam.
	(getpwnam_r): Ditto.
	(getpwent): Convert to call new pwdgrp methods.
	* path.cc (class etc): Remove all methods.
	* path.h (class etc): Drop.
	* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
	than UNKNOWN_GID.
	(pinfo_init): Ditto.
	* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
	(internal_getpwuid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgrent): Drop declaration.
	(enum fetch_user_arg_type_t): New type.
	(struct fetch_user_arg_t): New type.
	(struct pg_pwd): New type.
	(struct pg_grp): New type.
	(class pwdgrp): Rework to provide functions for file and db requests
	and caching.
	(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
	(ugid_cache): Declare.
	* sec_acl.cc: Drop including pwdgrp.h.
	* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
	(get_logon_server): Convert third parameter to ULONG flags argument
	to allow arbitrary flags values in DsGetDcNameW call and change calls
	to this function throughout.  Use cached account domain name rather
	than calling GetComputerNameW.
	(get_unix_group_sidlist): Remove.
	(get_server_groups): Drop call to get_unix_group_sidlist.
	(verify_token): Rework token group check without calling
	internal_getgrent.
	* sec_helper.cc (cygpsid::pstring): New methods, like string() but
	return pointer to end of string.
	(cygsid::getfromstr): Add wide character implementation.
	(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
	* security.cc: Drop including pwdgrp.h.
	* security.h (DEFAULT_UID): Remove.
	(UNKNOWN_UID): Remove.
	(UNKNOWN_GID): Remove.
	(uinfo_init): Move here from winsup.h.
	(ILLEGAL_UID): Ditto.
	(ILLEGAL_GID): Ditto.
	(UNIX_POSIX_OFFSET): Define.  Add lengthy comment.
	(UNIX_POSIX_MASK): Ditto.
	(MAP_UNIX_TO_CYGWIN_ID): Ditto.
	(ILLEGAL_UID16): Move here from winsup.h.
	(ILLEGAL_GID16): Ditto.
	(uid16touid32): Ditto.
	(gid16togid32): Ditto.
	(sid_id_auth): New convenience macro for SID component access.
	(sid_sub_auth_count): Ditto.
	(sid_sub_auth): Ditto.
	(sid_sub_auth_rid): Ditto.
	(cygpsid::pstring): Declare.
	(cygsid::getfromstr): Declare wide character variant.
	(cygsid::operator=): Ditto.
	(cygsid::operator*=): Ditto.
	(get_logon_server): Change declaration according to source code.
	* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
	call.
	* shared.cc (memory_init): Call cygheap->pg.init in first process.
	* syscalls.cc: Drop including pwdgrp.h.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
	call.  Fix debug output.  Overwrite user gid in border case of a
	missing passwd file while a group file exists.
	(pwdgrp::add_line): Allocate memory on cygheap.
	(pwdgrp::load): Remove.
	(ugid_cache): Define.
	(cygheap_pwdgrp::init): New method.
	(cygheap_pwdgrp::nss_init_line): New method.
	(cygheap_pwdgrp::_nss_init): New method.
	(cygheap_domain_info::init): New method.
	(logon_sid): Define.
	(get_logon_sid): New function.
	(pwdgrp::add_account_post_fetch): New method.
	(pwdgrp::add_account_from_file): New methods.
	(pwdgrp::add_account_from_windows): New methods.
	(pwdgrp::check_file): New method.
	(pwdgrp::fetch_account_from_line): New method.
	(pwdgrp::fetch_account_from_file): New method.
	(pwdgrp::fetch_account_from_windows): New method.
	* winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-09 19:44:56 +00:00