Don't perform RFC2307 account mapping without account DB

* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Only try to map user and group info per RFC2307 if account info is fetched from Windows account DB. (convert_samba_sd): Ditto. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-14 21:41:37 +02:00 · 2015-08-14 21:41:37 +02:00 · 5de7f2e6c3
parent c19f1b9f8e
commit 5de7f2e6c3
4 changed files with 21 additions and 8 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,10 @@
+2015-08-14  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Only try
+	to map user and group info per RFC2307 if account info is fetched
+	from Windows account DB.
+	(convert_samba_sd): Ditto.
+
 2015-08-14  Corinna Vinschen  <corinna@vinschen.de>

 	* security,cc (get_attribute_from_acl): Merge all group perms into
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@ -349,7 +349,7 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
     add it to the mapping cache. */
  buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
  buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
-  if (buf->st_uid == ILLEGAL_UID)
+  if (buf->st_uid == ILLEGAL_UID && cygheap->pg.nss_pwd_db ())
    {
      uid_t map_uid = ILLEGAL_UID;

@ -361,7 +361,7 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
      cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
      buf->st_uid = map_uid;
    }
-  if (buf->st_gid == ILLEGAL_GID)
+  if (buf->st_gid == ILLEGAL_GID && cygheap->pg.nss_grp_db ())
    {
      gid_t map_gid = ILLEGAL_GID;

--- a/winsup/cygwin/release/2.2.1
+++ b/winsup/cygwin/release/2.2.1
@ -15,3 +15,7 @@ Bug Fixes

 - Fix output of /proc/cpuinfo in terms of cpu topology and cache size for
  modern CPUs and modern Windows OSes supporting more than 64 logical CPUs.
+
+- Don't try to perform RFC2307 owner/group mapping on Samba/NFS if account
+  info is only fetched from local passwd/group files.
+  Addresses: https://cygwin.com/ml/cygwin/2015-07/msg00270.html
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -1122,19 +1122,19 @@ convert_samba_sd (security_descriptor &sd_ret)
    return;
  group = sid;

-  if (sid_id_auth (owner) == 22)
+  if (sid_id_auth (owner) == 22 && cygheap->pg.nss_pwd_db ())
    {
      struct passwd *pwd;
      uid_t uid = owner.get_uid (&cldap);
      if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
-      	owner.getfrompw (pwd);
+	owner.getfrompw (pwd);
    }
-  if (sid_id_auth (group) == 22)
+  if (sid_id_auth (group) == 22 && cygheap->pg.nss_grp_db ())
    {
      struct group *grp;
      gid_t gid = group.get_gid (&cldap);
      if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
-      	group.getfromgr (grp);
+	group.getfromgr (grp);
    }

  if (!NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd_ret, &dummy,
@ -1150,14 +1150,16 @@ convert_samba_sd (security_descriptor &sd_ret)
 	cygsid ace_sid ((PSID) &ace->SidStart);
 	if (sid_id_auth (ace_sid) == 22)
 	  {
-	    if (sid_sub_auth (ace_sid, 0) == 1) /* user */
+	    if (sid_sub_auth (ace_sid, 0) == 1 /* user */
+		&& cygheap->pg.nss_pwd_db ())
 	      {
 		struct passwd *pwd;
 		uid_t uid = ace_sid.get_uid (&cldap);
 		if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
 		  ace_sid.getfrompw (pwd);
 	      }
-	    else /* group */
+	    else if (sid_sub_auth (ace_sid, 0) == 1 /* group */
+		     && cygheap->pg.nss_grp_db ())
 	      {
 		struct group *grp;
 		gid_t gid = ace_sid.get_gid (&cldap);