PlaneteCasio
/
libc
1
0
Fork 0
Code Issues 6 Pull Requests Releases Wiki Activity

* cygheap.h (cygheap_user::sid): Return reference to cygpsid rather 

than PSID.
	(cygheap_user::saved_sid): Ditto.
	(cygheap_pwdgrp::cache_t): New type.
	(cygheap_pwdgrp::caching): Convert to cache_t.
	(cygheap_pwdgrp::nss_db_caching): Change accordingly.
	(cygheap_pwdgrp::nss_db_full_caching): New inline method.
	* grp.cc (internal_getgroups): Reinvent.  Take cyg_ldap pointer as
	third parameter and use throughout.
	(getgroups32): Call internal_getgroups.
	* pwdgrp.h (internal_getgroups): Declare.
	* uinfo.cc (internal_getlogin): Partial rewrite to accommodate having
	no connection to the DC.  Give primary group from user token more
	weight.  Generate group entries for all groups in the user token if
	caching is set to NSS_FULL_CACHING.
	(cygheap_pwdgrp::init): Initialize caching to NSS_FULL_CACHING.
	(cygheap_pwdgrp::nss_init_line): Handle "db_cache: full".
	(pwdgrp::add_account_from_windows): Fix group handling in non-caching
	mode.
	(pwdgrp::fetch_account_from_windows): Default primary group for the
	current user to primary group from user token.  Check for primary
	domain first after LookupAccountSid failed.
This commit is contained in:
Corinna Vinschen 2014-02-28 11:37:02 +00:00
parent b39fa2c88d
commit 6cc7c925ce
5 changed files with 138 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,28 @@
2014-02-28 Corinna Vinschen <corinna@vinschen.de>
* cygheap.h (cygheap_user::sid): Return reference to cygpsid rather
than PSID.
(cygheap_user::saved_sid): Ditto.
(cygheap_pwdgrp::cache_t): New type.
(cygheap_pwdgrp::caching): Convert to cache_t.
(cygheap_pwdgrp::nss_db_caching): Change accordingly.
(cygheap_pwdgrp::nss_db_full_caching): New inline method.
* grp.cc (internal_getgroups): Reinvent. Take cyg_ldap pointer as
third parameter and use throughout.
(getgroups32): Call internal_getgroups.
* pwdgrp.h (internal_getgroups): Declare.
* uinfo.cc (internal_getlogin): Partial rewrite to accommodate having
no connection to the DC. Give primary group from user token more
weight. Generate group entries for all groups in the user token if
caching is set to NSS_FULL_CACHING.
(cygheap_pwdgrp::init): Initialize caching to NSS_FULL_CACHING.
(cygheap_pwdgrp::nss_init_line): Handle "db_cache: full".
(pwdgrp::add_account_from_windows): Fix group handling in non-caching
mode.
(pwdgrp::fetch_account_from_windows): Default primary group for the
current user to primary group from user token. Check for primary
domain first after LookupAccountSid failed.
2014-02-27 Corinna Vinschen <corinna@vinschen.de>
* autoload.cc (CheckTokenMembership): Import.

29
winsup/cygwin/cygheap.h
View File

@ -156,8 +156,8 @@ public:
}
void set_sid (PSID new_sid) { effec_cygsid = new_sid;}
void set_saved_sid () { saved_cygsid = effec_cygsid; }
PSID sid () { return effec_cygsid; }
PSID saved_sid () { return saved_cygsid; }
cygpsid &sid () { return effec_cygsid; }
cygpsid &saved_sid () { return saved_cygsid; }
const char *ontherange (homebodies what, struct passwd * = NULL);
#define NO_IMPERSONATION NULL
bool issetuid () const { return curr_imp_token != NO_IMPERSONATION; }
@ -400,14 +400,19 @@ class cygheap_pwdgrp
NSS_PRIMARY,
NSS_ALWAYS
};
bool nss_inited;
int pwd_src;
int grp_src;
pfx_t prefix;
WCHAR separator[2];
bool caching;
int enums;
PWCHAR enum_tdoms;
enum cache_t {
NSS_NO_CACHING = 0,
NSS_CACHING,
NSS_FULL_CACHING
};
bool nss_inited;
int pwd_src;
int grp_src;
pfx_t prefix;
WCHAR separator[2];
cache_t caching;
int enums;
PWCHAR enum_tdoms;
void nss_init_line (const char *line);
void _nss_init ();
@ -433,7 +438,9 @@ public:
inline bool nss_prefix_primary () const { return prefix == NSS_PRIMARY; }
inline bool nss_prefix_always () const { return prefix == NSS_ALWAYS; }
inline PCWSTR nss_separator () const { return separator; }
inline bool nss_db_caching () const { return caching; }
inline bool nss_db_caching () const { return caching != NSS_NO_CACHING; }
inline bool nss_db_full_caching () const
{ return caching == NSS_FULL_CACHING; }
inline int nss_db_enums () const { return enums; }
inline PCWSTR nss_db_enum_tdoms () const { return enum_tdoms; }
};

17
winsup/cygwin/grp.cc
View File

@ -459,21 +459,20 @@ endgrent_filtered (void *gr)
((gr_ent *) gr)->endgrent ();
}
extern "C" int
getgroups32 (int gidsetsize, gid_t *grouplist)
int
internal_getgroups (int gidsetsize, gid_t *grouplist, cyg_ldap *pldap)
{
NTSTATUS status;
HANDLE tok;
ULONG size;
int cnt = 0;
struct group *grp;
cyg_ldap cldap;
if (cygheap->user.groups.issetgroups ())
{
for (int pg = 0; pg < cygheap->user.groups.sgsids.count (); ++pg)
if ((grp = internal_getgrsid (cygheap->user.groups.sgsids.sids[pg],
&cldap)))
pldap)))
{
if (cnt < gidsetsize)
grouplist[cnt] = grp->gr_gid;
@ -500,7 +499,7 @@ getgroups32 (int gidsetsize, gid_t *grouplist)
for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
{
cygpsid sid = groups->Groups[pg].Sid;
if ((grp = internal_getgrsid (sid, &cldap)))
if ((grp = internal_getgrsid (sid, pldap)))
{
if ((groups->Groups[pg].Attributes
& (SE_GROUP_ENABLED | SE_GROUP_INTEGRITY_ENABLED))
@ -525,6 +524,14 @@ error:
return -1;
}
extern "C" int
getgroups32 (int gidsetsize, gid_t *grouplist)
{
cyg_ldap cldap;
return internal_getgroups (gidsetsize, grouplist, &cldap);
}
#ifdef __x86_64__
EXPORT_ALIAS (getgroups32, getgroups)
#else

2
winsup/cygwin/pwdgrp.h
View File

@ -27,6 +27,8 @@ extern struct group *internal_getgrsid_from_db (cygpsid &sid);
extern struct group *internal_getgrgid (gid_t, cyg_ldap * = NULL);
extern struct group *internal_getgrnam (const char *, cyg_ldap * = NULL);
extern int internal_getgroups (int, gid_t *, cyg_ldap *);
/* These functions are called from mkpasswd/mkgroup via cygwin_internal. */
void *setpwent_filtered (int enums, PCWSTR enum_tdoms);
void *getpwent_filtered (void *gr);

124
winsup/cygwin/uinfo.cc
View File

@ -116,48 +116,63 @@ cygheap_user::init ()
void
internal_getlogin (cygheap_user &user)
{
struct passwd *pw = NULL;
struct group *gr, *gr2;
struct passwd *pwd;
struct group *pgrp, *grp, *grp2;
cyg_ldap cldap;
cygpsid psid = user.sid ();
pw = internal_getpwsid (psid, &cldap);
if (!pw && !(pw = internal_getpwnam (user.name (), &cldap)))
debug_printf ("user not found in /etc/passwd");
/* Fetch (and potentially generate) passwd and group entries for the user
and the primary group in the token. */
pwd = internal_getpwsid (user.sid (), &cldap);
pgrp = internal_getgrsid (user.groups.pgsid, &cldap);
if (cygheap->pg.nss_db_full_caching ())
internal_getgroups (0, NULL, &cldap);
if (!pwd)
debug_printf ("user not found in passwd DB");
else
{
cygsid gsid;
myself->uid = pw->pw_uid;
myself->gid = pw->pw_gid;
user.set_name (pw->pw_name);
if (gsid.getfromgr (gr = internal_getgrgid (pw->pw_gid, &cldap)))
user.set_name (pwd->pw_name);
myself->uid = pwd->pw_uid;
myself->gid = pwd->pw_gid;
/* Is the primary group in the passwd DB is different from the primary
group in the user token, we have to find the SID of that group and
try to override the token primary group. */
if (!pgrp || myself->gid != pgrp->gr_gid)
{
/* We might have a group file with a group entry for the current
user's primary group, but the current user has no entry in passwd.
If so, pw_gid is taken from windows and might disagree with the
gr_gid from the group file. Overwrite it brutally. */
if ((gr2 = internal_getgrsid (gsid, &cldap)) && gr2 != gr)
myself->gid = pw->pw_gid = gr2->gr_gid;
/* Set primary group to the group in /etc/passwd. */
if (gsid != user.groups.pgsid)
if (gsid.getfromgr (grp = internal_getgrgid (pwd->pw_gid, &cldap)))
{
NTSTATUS status = NtSetInformationToken (hProcToken,
TokenPrimaryGroup,
&gsid, sizeof gsid);
if (!NT_SUCCESS (status))
debug_printf ("NtSetInformationToken (TokenPrimaryGroup), %y",
status);
else
user.groups.pgsid = gsid;
clear_procimptoken ();
/* We might have a group file with a group entry for the current
user's primary group, but the current user has no entry in
passwd. If so, pw_gid is taken from windows and might
disagree with gr_gid from the group file. Overwrite it. */
if ((grp2 = internal_getgrsid (gsid, &cldap)) && grp2 != grp)
myself->gid = pwd->pw_gid = grp2->gr_gid;
/* Set primary group to the group in /etc/passwd. */
if (gsid != user.groups.pgsid)
{
NTSTATUS status = NtSetInformationToken (hProcToken,
TokenPrimaryGroup,
&gsid, sizeof gsid);
if (!NT_SUCCESS (status))
{
debug_printf ("NtSetInformationToken (TokenPrimaryGroup),"
" %y", status);
/* Revert the primary group setting and override the
setting in the passwd entry. */
if (pgrp)
myself->gid = pwd->pw_gid = pgrp->gr_gid;
}
else
user.groups.pgsid = gsid;
clear_procimptoken ();
}
}
else
debug_printf ("group not found in group DB");
}
else
debug_printf ("gsid not found in augmented /etc/group");
}
cygheap->user.ontherange (CH_HOME, pw);
cygheap->user.ontherange (CH_HOME, pwd);
}
void
@ -569,7 +584,7 @@ cygheap_pwdgrp::init ()
grp_src = (NSS_FILES | NSS_DB);
prefix = NSS_AUTO;
separator[0] = L'+';
caching = true;
caching = NSS_FULL_CACHING;
enums = (ENUM_CACHE | ENUM_BUILTIN);
enum_tdoms = NULL;
}
@ -659,10 +674,12 @@ cygheap_pwdgrp::nss_init_line (const char *line)
{
c += 6;
c += strspn (c, " \t");
if (!strncmp (c, "yes", 3) && strchr (" \t", c[3]))
caching = true;
if (!strncmp (c, "full", 3) && strchr (" \t", c[3]))
caching = NSS_FULL_CACHING;
else if (!strncmp (c, "yes", 3) && strchr (" \t", c[3]))
caching = NSS_CACHING;
else if (!strncmp (c, "no", 2) && strchr (" \t", c[2]))
caching = false;
caching = NSS_NO_CACHING;
else
debug_printf ("Invalid nsswitch.conf content: %s", line);
}
@ -986,6 +1003,8 @@ pwdgrp::add_account_from_windows (cygpsid &sid, bool group, cyg_ldap *pldap)
return NULL;
if (cygheap->pg.nss_db_caching ())
return add_account_post_fetch (line, true);
if (group)
return (prep_tls_grbuf ())->add_account_post_fetch (line, false);
return (prep_tls_pwbuf ())->add_account_post_fetch (line, false);
}
@ -1000,6 +1019,8 @@ pwdgrp::add_account_from_windows (const char *name, bool group, cyg_ldap *pldap)
return NULL;
if (cygheap->pg.nss_db_caching ())
return add_account_post_fetch (line, true);
if (group)
return (prep_tls_grbuf ())->add_account_post_fetch (line, false);
return (prep_tls_pwbuf ())->add_account_post_fetch (line, false);
}
@ -1014,6 +1035,8 @@ pwdgrp::add_account_from_windows (uint32_t id, bool group, cyg_ldap *pldap)
return NULL;
if (cygheap->pg.nss_db_caching ())
return add_account_post_fetch (line, true);
if (group)
return (prep_tls_grbuf ())->add_account_post_fetch (line, false);
return (prep_tls_pwbuf ())->add_account_post_fetch (line, false);
}
@ -1481,7 +1504,16 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
if (acc_type != SidTypeUser)
break;
gid = posix_offset + DOMAIN_GROUP_RID_USERS; /* Default. */
/* Default primary group. If the sid is the current user, fetch
the default group from the current user token, otherwise make
the educated guess that the user is in group "Domain Users"
or "None". */
if (sid == cygheap->user.sid ())
gid = posix_offset
+ sid_sub_auth_rid (cygheap->user.groups.pgsid);
else
gid = posix_offset + DOMAIN_GROUP_RID_USERS;
/* Use LDAP to fetch domain account infos. */
if (!cldap->open (NULL))
break;
@ -1724,13 +1756,19 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, bool group,
PDS_DOMAIN_TRUSTSW td = NULL;
sid_sub_auth_count (sid) = sid_sub_auth_count (sid) - 1;
for (ULONG idx = 0; (td = cygheap->dom.trusted_domain (idx)); ++idx)
if (td->DomainSid && RtlEqualSid (sid, td->DomainSid))
{
domain = td->NetbiosDomainName;
posix_offset = fetch_posix_offset (td, cldap);
break;
}
if (RtlEqualSid (sid, cygheap->dom.primary_sid ()))
{
domain = cygheap->dom.primary_flat_name ();
posix_offset = 0x100000;
}
else
for (ULONG idx = 0; (td = cygheap->dom.trusted_domain (idx)); ++idx)
if (td->DomainSid && RtlEqualSid (sid, td->DomainSid))
{
domain = td->NetbiosDomainName;
posix_offset = fetch_posix_offset (td, cldap);
break;
}
}
if (domain)
{