(CYG_LDAP_ENUM_TIMEOUT): New timeout value for enumeration only. Set
to 60 secs.
(CYG_LDAP_ENUM_PAGESIZE): Define as number of entries per single
search page. Set to 100. Use throughout.
(def_tv): Rename from tv. Use throughout.
(enum_tv): New variable. Use in call to ldap_get_next_page_s.
for now. Use throughout.
* uinfo.cc (colon_to_semicolon): New local function.
(pwdgrp::fetch_account_from_windows): Convert all colons in AD gecos
entry to commas.
(ldap_msgfree): Import.
* ldap.cc: Throughout, use ldap_msgfree to free LDAPMessage memory,
rather than ldap_memfreeW.
(cyg_ldap::next_account): Immediately abandon search when quiting from
search.
(ldap_count_entries): Import.
(ldap_get_next_page_s): Import.
(ldap_result): Remove.
(ldap_searchW): Remove.
(ldap_search_abandon_page): Import.
(ldap_search_init_pageW): Import.
* ldap.cc (cyg_ldap::close): Use ldap_search_abandon_page to abandon
search. Reset srch_id, srch_msg and srch_entry.
(cyg_ldap::enumerate_ad_accounts): Use paged search to overcome server
side search result set restriction.
(cyg_ldap::next_account): Ditto.
* ldap.h (class cyg_ldap): Add members srch_id, srch_msg and srch_entry.
Remove member msg_id.
(cyg_ldap::cyg_ldap): Change initialization accordingly.
parameter. Convert into likely rootDSE string if not NULL, and use in
subsequent call to ldap_search_stW. Add comment to explain that this
is not the exactly correct solution.
* ldap.h (cyg_ldap::fetch_ad_account): Change prototype accordingly.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Always use loc_ldap
in call to fetch_posix_offset to make sure we're fetchoinmg the posix
offsets from *our* domain controller. Only set domain variable to
non-NULL if the account is from a trusted domain. Use domain in call
to cyg_ldap::fetch_ad_account.
(CID 60021).
* sec_auth.cc (cygwin_logon_user): Securely erase password copy.
(lsaprivkeyauth): Avoid trying to dereference data if no key is stored
in the registry (CID 60122). Securely erase passwords after usage.
from GetAdaptersAddresses (CID 60218).
(get_ifs): Add missing braces in AF_INET6 case which broke netmask
computation. Break out of loop if prefix gets <= 0 (CID 59939).
non-builtin accounts.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Check incoming
account name for validity in terms of the current name prefixing rules
and refuse invalid names.
gr_mem entries.
(getgrgid_r): Don't try to copy gr_mem entries. Always set gr_mem
to an empty list.
(getgrnam_r): Ditto.
(app_gr): New static struct to store group data propagated to the
calling application via getgrgid/getgrnam.
(getgr_cp): Fill app_gr and return pointer to app_gr.g.
(getgrgid32): Call getgr_cp.
(getgrnam32): Ditto.
* passwd.cc (pwdgrp::parse_passwd): Set res.len.
(app_pw): New static struct to store passwd data propagated to the
calling application via getpwuid/getpwnam.
(getpw_cp): Fill app_pw and return pointer to app_pw.p.
(getpwuid32): Cal getpw_cp.
(getpwnam): Ditto.
* pwdgrp.h (struct pg_pwd): Add len member.
(struct pg_grp): Ditto.
* sec_helper.cc (cygpsid::pstring): Use sid_sub_auth_count macro.
(cygsid::get_sid): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
Don't call memcpy to copy subauthorities into SID, use assignment.
(cygsid::getfromstr): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
* security.h (MAX_SUBAUTH_CNT): New definition. Set to 11 to cover
Microsoft Accounts.
(MAX_SID_LEN): Define in terms of SID member sizes and MAX_SUBAUTH_CNT.
(DBGSID): Use MAX_SUBAUTH_CNT to define size of SubAuthority array.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle Micosoft
Accounts. Handle them as well known group. Compare domain names
case-insensitive.
* winlean.h (PIPE_REJECT_REMOTE_CLIENTS): Drop temporary definition
since Mingw64 catched up.
(DNLEN): Redefine as 16. Explain why.
Corinna Vinschen
Christopher Faylor