Introduce reading passwd/group entries from SAM/AD. Introduce

/etc/nsswitch.conf file to configure it.
	* Makefile.in (DLL_OFILES): Add ldap.o.
	* autoload.cc: Import ldap functions from wldap32.dll.
	(DsEnumerateDomainTrustsW): Import.
	(NetGroupGetInfo): Import.
	* cygheap.h (class cygheap_domain_info): New class to keep global
	domain info.
	(class cygheap_pwdgrp): New class to keep passwd/group caches and
	configuration info from /etc/nssswitch.conf.
	(struct init_cygheap): Add cygheap_domain_info member "dom" and
	cygheap_pwdgrp member "pg".
	* cygtls.h (struct _local_storage): Remove unused member "res".
	Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
	passwd/group fetching from SAM/AD.  Make pw_pos and pw_pos unsigned.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
	uid/gid mapping.
	* fhandler_process.cc: Drop including pwdgrp.h.
	* fhandler_procsysvipc.cc: Ditto.
	* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
	to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
	* grp.cc (group_buf): Drop.
	(gr): Drop.
	(pwdgrp::parse_group): Fill pg_grp.
	(pwdgrp::read_group): Remove.
	(pwdgrp::init_grp): New method.
	(pwdgrp::prep_tls_grbuf): New method.
	(pwdgrp::find_group): New methods.
	(internal_getgrsid): Convert to call new pwdgrp methods.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
	(getgrgid32): Ditto.
	(getgrnam_r): Ditto for internal_getgrnam.
	(getgrnam32): Ditto.
	(getgrent32): Convert to call new pwdgrp methods.
	(internal_getgrent): Remove.
	(internal_getgroups): Simplify, especially drop calls to
	internal_getgrent.
	* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
	and RFC 2307 server.
	* ldap.h: New header, declaring cyg_ldap class.
	* passwd.cc (passwd_buf): Drop.
	(pr): Drop.
	(pwdgrp::parse_passwd): Fill pg_pwd.
	(pwdgrp::read_passwd): Remove.
	(pwdgrp::init_pwd): New method.
	(pwdgrp::prep_tls_pwbuf): New method.
	(find_user): New methods.
	(internal_getpwsid): Convert to call new pwdgrp methods.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
	(getpwuid_r): Ditto.
	(getpwnam): Ditto for internal_getpwnam.
	(getpwnam_r): Ditto.
	(getpwent): Convert to call new pwdgrp methods.
	* path.cc (class etc): Remove all methods.
	* path.h (class etc): Drop.
	* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
	than UNKNOWN_GID.
	(pinfo_init): Ditto.
	* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
	(internal_getpwuid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgrent): Drop declaration.
	(enum fetch_user_arg_type_t): New type.
	(struct fetch_user_arg_t): New type.
	(struct pg_pwd): New type.
	(struct pg_grp): New type.
	(class pwdgrp): Rework to provide functions for file and db requests
	and caching.
	(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
	(ugid_cache): Declare.
	* sec_acl.cc: Drop including pwdgrp.h.
	* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
	(get_logon_server): Convert third parameter to ULONG flags argument
	to allow arbitrary flags values in DsGetDcNameW call and change calls
	to this function throughout.  Use cached account domain name rather
	than calling GetComputerNameW.
	(get_unix_group_sidlist): Remove.
	(get_server_groups): Drop call to get_unix_group_sidlist.
	(verify_token): Rework token group check without calling
	internal_getgrent.
	* sec_helper.cc (cygpsid::pstring): New methods, like string() but
	return pointer to end of string.
	(cygsid::getfromstr): Add wide character implementation.
	(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
	* security.cc: Drop including pwdgrp.h.
	* security.h (DEFAULT_UID): Remove.
	(UNKNOWN_UID): Remove.
	(UNKNOWN_GID): Remove.
	(uinfo_init): Move here from winsup.h.
	(ILLEGAL_UID): Ditto.
	(ILLEGAL_GID): Ditto.
	(UNIX_POSIX_OFFSET): Define.  Add lengthy comment.
	(UNIX_POSIX_MASK): Ditto.
	(MAP_UNIX_TO_CYGWIN_ID): Ditto.
	(ILLEGAL_UID16): Move here from winsup.h.
	(ILLEGAL_GID16): Ditto.
	(uid16touid32): Ditto.
	(gid16togid32): Ditto.
	(sid_id_auth): New convenience macro for SID component access.
	(sid_sub_auth_count): Ditto.
	(sid_sub_auth): Ditto.
	(sid_sub_auth_rid): Ditto.
	(cygpsid::pstring): Declare.
	(cygsid::getfromstr): Declare wide character variant.
	(cygsid::operator=): Ditto.
	(cygsid::operator*=): Ditto.
	(get_logon_server): Change declaration according to source code.
	* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
	call.
	* shared.cc (memory_init): Call cygheap->pg.init in first process.
	* syscalls.cc: Drop including pwdgrp.h.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
	call.  Fix debug output.  Overwrite user gid in border case of a
	missing passwd file while a group file exists.
	(pwdgrp::add_line): Allocate memory on cygheap.
	(pwdgrp::load): Remove.
	(ugid_cache): Define.
	(cygheap_pwdgrp::init): New method.
	(cygheap_pwdgrp::nss_init_line): New method.
	(cygheap_pwdgrp::_nss_init): New method.
	(cygheap_domain_info::init): New method.
	(logon_sid): Define.
	(get_logon_sid): New function.
	(pwdgrp::add_account_post_fetch): New method.
	(pwdgrp::add_account_from_file): New methods.
	(pwdgrp::add_account_from_windows): New methods.
	(pwdgrp::check_file): New method.
	(pwdgrp::fetch_account_from_line): New method.
	(pwdgrp::fetch_account_from_file): New method.
	(pwdgrp::fetch_account_from_windows): New method.
	* winsup.h: Move aforementioned macros and declarations to security.h.
This commit is contained in:
Corinna Vinschen 2014-02-09 19:44:56 +00:00
parent 01fc6f8d21
commit 1ca20a1cd2
29 changed files with 2740 additions and 860 deletions

View File

@ -1,3 +1,144 @@
2014-02-09 Corinna Vinschen <corinna@vinschen.de>
Introduce reading passwd/group entries from SAM/AD. Introduce
/etc/nsswitch.conf file to configure it.
* Makefile.in (DLL_OFILES): Add ldap.o.
* autoload.cc: Import ldap functions from wldap32.dll.
(DsEnumerateDomainTrustsW): Import.
(NetGroupGetInfo): Import.
* cygheap.h (class cygheap_domain_info): New class to keep global
domain info.
(class cygheap_pwdgrp): New class to keep passwd/group caches and
configuration info from /etc/nssswitch.conf.
(struct init_cygheap): Add cygheap_domain_info member "dom" and
cygheap_pwdgrp member "pg".
* cygtls.h (struct _local_storage): Remove unused member "res".
Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
passwd/group fetching from SAM/AD. Make pw_pos and pw_pos unsigned.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
uid/gid mapping.
* fhandler_process.cc: Drop including pwdgrp.h.
* fhandler_procsysvipc.cc: Ditto.
* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
* grp.cc (group_buf): Drop.
(gr): Drop.
(pwdgrp::parse_group): Fill pg_grp.
(pwdgrp::read_group): Remove.
(pwdgrp::init_grp): New method.
(pwdgrp::prep_tls_grbuf): New method.
(pwdgrp::find_group): New methods.
(internal_getgrsid): Convert to call new pwdgrp methods.
(internal_getgrnam): Ditto.
(internal_getgrgid): Ditto.
(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
(getgrgid32): Ditto.
(getgrnam_r): Ditto for internal_getgrnam.
(getgrnam32): Ditto.
(getgrent32): Convert to call new pwdgrp methods.
(internal_getgrent): Remove.
(internal_getgroups): Simplify, especially drop calls to
internal_getgrent.
* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
and RFC 2307 server.
* ldap.h: New header, declaring cyg_ldap class.
* passwd.cc (passwd_buf): Drop.
(pr): Drop.
(pwdgrp::parse_passwd): Fill pg_pwd.
(pwdgrp::read_passwd): Remove.
(pwdgrp::init_pwd): New method.
(pwdgrp::prep_tls_pwbuf): New method.
(find_user): New methods.
(internal_getpwsid): Convert to call new pwdgrp methods.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
(getpwuid_r): Ditto.
(getpwnam): Ditto for internal_getpwnam.
(getpwnam_r): Ditto.
(getpwent): Convert to call new pwdgrp methods.
* path.cc (class etc): Remove all methods.
* path.h (class etc): Drop.
* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
than UNKNOWN_GID.
(pinfo_init): Ditto.
* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
(internal_getpwuid): Ditto.
(internal_getgrgid): Ditto.
(internal_getgrnam): Ditto.
(internal_getgrent): Drop declaration.
(enum fetch_user_arg_type_t): New type.
(struct fetch_user_arg_t): New type.
(struct pg_pwd): New type.
(struct pg_grp): New type.
(class pwdgrp): Rework to provide functions for file and db requests
and caching.
(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
(ugid_cache): Declare.
* sec_acl.cc: Drop including pwdgrp.h.
* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
(get_logon_server): Convert third parameter to ULONG flags argument
to allow arbitrary flags values in DsGetDcNameW call and change calls
to this function throughout. Use cached account domain name rather
than calling GetComputerNameW.
(get_unix_group_sidlist): Remove.
(get_server_groups): Drop call to get_unix_group_sidlist.
(verify_token): Rework token group check without calling
internal_getgrent.
* sec_helper.cc (cygpsid::pstring): New methods, like string() but
return pointer to end of string.
(cygsid::getfromstr): Add wide character implementation.
(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
* security.cc: Drop including pwdgrp.h.
* security.h (DEFAULT_UID): Remove.
(UNKNOWN_UID): Remove.
(UNKNOWN_GID): Remove.
(uinfo_init): Move here from winsup.h.
(ILLEGAL_UID): Ditto.
(ILLEGAL_GID): Ditto.
(UNIX_POSIX_OFFSET): Define. Add lengthy comment.
(UNIX_POSIX_MASK): Ditto.
(MAP_UNIX_TO_CYGWIN_ID): Ditto.
(ILLEGAL_UID16): Move here from winsup.h.
(ILLEGAL_GID16): Ditto.
(uid16touid32): Ditto.
(gid16togid32): Ditto.
(sid_id_auth): New convenience macro for SID component access.
(sid_sub_auth_count): Ditto.
(sid_sub_auth): Ditto.
(sid_sub_auth_rid): Ditto.
(cygpsid::pstring): Declare.
(cygsid::getfromstr): Declare wide character variant.
(cygsid::operator=): Ditto.
(cygsid::operator*=): Ditto.
(get_logon_server): Change declaration according to source code.
* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
call.
* shared.cc (memory_init): Call cygheap->pg.init in first process.
* syscalls.cc: Drop including pwdgrp.h.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
call. Fix debug output. Overwrite user gid in border case of a
missing passwd file while a group file exists.
(pwdgrp::add_line): Allocate memory on cygheap.
(pwdgrp::load): Remove.
(ugid_cache): Define.
(cygheap_pwdgrp::init): New method.
(cygheap_pwdgrp::nss_init_line): New method.
(cygheap_pwdgrp::_nss_init): New method.
(cygheap_domain_info::init): New method.
(logon_sid): Define.
(get_logon_sid): New function.
(pwdgrp::add_account_post_fetch): New method.
(pwdgrp::add_account_from_file): New methods.
(pwdgrp::add_account_from_windows): New methods.
(pwdgrp::check_file): New method.
(pwdgrp::fetch_account_from_line): New method.
(pwdgrp::fetch_account_from_file): New method.
(pwdgrp::fetch_account_from_windows): New method.
* winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-09 Christopher Faylor <me.cygwin2014@cgf.cx>
* sigproc.cc (sig_send): Don't bother with an error message if we are
@ -21,6 +162,9 @@
* net.cc (cygwin_gethostname): Call GetComputerNameExA rather than
GetComputerNameA if gethostname failed.
* shared.cc (user_info::initialize): Fix formatting.
2014-02-06 Corinna Vinschen <corinna@vinschen.de>
* include/sys/file.h: Define flock and accompanying macros if not
already defined in sys/_default_fcntl.h.

View File

@ -1,6 +1,6 @@
# Makefile.in for Cygwin.
# Copyright 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc.
# 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
#
# This file is part of Cygwin.
#
@ -166,7 +166,7 @@ DLL_OFILES:=advapi32.o arc4random.o assert.o autoload.o base64.o bsdlib.o ctype.
fhandler_termios.o fhandler_tty.o fhandler_virtual.o fhandler_windows.o \
fhandler_zero.o flock.o fnmatch.o fork.o fts.o ftw.o getopt.o glob.o \
glob_pattern_p.o globals.o grp.o heap.o hookapi.o inet_addr.o \
inet_network.o init.o ioctl.o ipc.o kernel32.o libstdcxx_wrapper.o \
inet_network.o init.o ioctl.o ipc.o kernel32.o ldap.o libstdcxx_wrapper.o \
localtime.o lsearch.o malloc_wrapper.o minires-os-if.o minires.o \
miscfuncs.o mktemp.o mmap.o msg.o mount.o net.o netdb.o nfs.o nftw.o \
nlsfuncs.o ntea.o passwd.o path.o pinfo.o pipe.o poll.o posix_ipc.o \

View File

@ -1,7 +1,7 @@
/* autoload.cc: all dynamic load stuff.
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2011, 2012, 2013 Red Hat, Inc.
2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@ -580,14 +580,37 @@ LoadDLLfuncEx2 (IdnToAscii, 20, kernel32, 1, 0)
LoadDLLfuncEx2 (IdnToUnicode, 20, kernel32, 1, 0)
LoadDLLfunc (LocaleNameToLCID, 8, kernel32)
/* ldap functions are cdecl! */
#pragma push_macro ("mangle")
#undef mangle
#define mangle(name, n) #name
LoadDLLfunc (ldap_bind_s, 0, wldap32)
LoadDLLfunc (ldap_count_valuesW, 0, wldap32)
LoadDLLfunc (ldap_first_entry, 0, wldap32)
LoadDLLfunc (ldap_get_valuesW, 0, wldap32)
LoadDLLfunc (ldap_get_values_lenW, 0, wldap32)
LoadDLLfunc (ldap_initW, 0, wldap32)
LoadDLLfunc (ldap_memfreeW, 0, wldap32)
LoadDLLfunc (ldap_next_entry, 0, wldap32)
LoadDLLfunc (ldap_search_stW, 0, wldap32)
LoadDLLfunc (ldap_set_option, 0, wldap32)
LoadDLLfunc (ldap_sslinitW, 0, wldap32)
LoadDLLfunc (ldap_unbind, 0, wldap32)
LoadDLLfunc (ldap_value_freeW, 0, wldap32)
LoadDLLfunc (ldap_value_free_len, 0, wldap32)
LoadDLLfunc (LdapGetLastError, 0, wldap32)
#pragma pop_macro ("mangle")
LoadDLLfunc (WNetCloseEnum, 4, mpr)
LoadDLLfunc (WNetEnumResourceA, 16, mpr)
LoadDLLfunc (WNetGetProviderNameA, 12, mpr)
LoadDLLfunc (WNetGetResourceInformationA, 16, mpr)
LoadDLLfunc (WNetOpenEnumA, 20, mpr)
LoadDLLfunc (DsEnumerateDomainTrustsW, 16, netapi32)
LoadDLLfunc (DsGetDcNameW, 24, netapi32)
LoadDLLfunc (NetApiBufferFree, 4, netapi32)
LoadDLLfunc (NetGroupGetInfo, 16, netapi32)
LoadDLLfunc (NetUseGetInfo, 16, netapi32)
LoadDLLfunc (NetUserGetGroups, 28, netapi32)
LoadDLLfunc (NetUserGetInfo, 16, netapi32)

View File

@ -1,7 +1,7 @@
/* cygheap.h: Cygwin heap manager.
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2011, 2012, 2013 Red Hat, Inc.
2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@ -11,6 +11,7 @@ details. */
#include "hires.h"
#include "cygheap_malloc.h"
#include "pwdgrp.h"
#define incygheap(s) (cygheap && ((char *) (s) >= (char *) cygheap) && ((char *) (s) <= ((char *) cygheap_max)))
@ -355,6 +356,84 @@ struct user_heap_info
void __reg1 init ();
};
class cygheap_domain_info
{
PWCHAR pdom_name;
PWCHAR pdom_dns_name;
cygsid pdom_sid;
PWCHAR adom_name;
cygsid adom_sid;
PDS_DOMAIN_TRUSTSW tdom;
ULONG tdom_count;
PWCHAR rfc2307_domain_buf;
public:
ULONG lowest_tdo_posix_offset;
bool init ();
inline PCWSTR primary_flat_name () const { return pdom_name; }
inline PCWSTR primary_dns_name () const { return pdom_dns_name; }
inline cygsid &primary_sid () { return pdom_sid; }
inline bool member_machine () const { return pdom_sid != NO_SID; }
inline PCWSTR account_flat_name () const { return adom_name; }
inline cygsid &account_sid () { return adom_sid; }
inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
{ return (idx < tdom_count) ? tdom + idx : NULL; }
inline PWCHAR get_rfc2307_domain () const
{ return rfc2307_domain_buf ?: NULL; }
};
class cygheap_pwdgrp
{
static const int NSS_FILES = 1;
static const int NSS_DB = 2;
enum pfx_t {
NSS_AUTO = 0,
NSS_PRIMARY,
NSS_ALWAYS
};
bool nss_inited;
int pwd_src;
int grp_src;
pfx_t prefix;
WCHAR separator[2];
bool caching;
void nss_init_line (const char *line);
void _nss_init ();
public:
struct {
pwdgrp file;
pwdgrp win;
} pwd_cache;
struct {
pwdgrp file;
pwdgrp win;
} grp_cache;
void init ();
inline void nss_init () { if (!nss_inited) _nss_init (); }
inline bool nss_pwd_files () const { return !!(pwd_src & NSS_FILES); }
inline bool nss_pwd_db () const { return !!(pwd_src & NSS_DB); }
inline bool nss_grp_files () const { return !!(grp_src & NSS_FILES); }
inline bool nss_grp_db () const { return !!(grp_src & NSS_DB); }
inline bool nss_prefix_auto () const { return prefix == NSS_AUTO; }
inline bool nss_prefix_primary () const { return prefix == NSS_PRIMARY; }
inline bool nss_prefix_always () const { return prefix == NSS_ALWAYS; }
inline PCWSTR nss_separator () const { return separator; }
inline bool nss_db_caching () const { return caching; }
};
struct hook_chain
{
void **loc;
@ -378,6 +457,8 @@ struct init_cygheap: public mini_cygheap
UNICODE_STRING installation_key;
WCHAR installation_key_buf[18];
cygheap_root root;
cygheap_domain_info dom;
cygheap_pwdgrp pg;
cygheap_user user;
user_heap_info user_heap;
mode_t umask;

View File

@ -1,7 +1,7 @@
/* cygtls.h
Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
Red Hat, Inc.
Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
2014 Red Hat, Inc.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
@ -79,20 +79,19 @@ public:
struct _local_storage
{
/*
Needed for the group functions
*/
int grp_pos;
/* passwd.cc */
void *pwbuf;
char pass[_PASSWORD_LEN];
ULONG pw_pos;
/* grp.cc */
void *grbuf;
ULONG grp_pos;
/* dlfcn.cc */
int dl_error;
char dl_buffer[256];
/* passwd.cc */
struct passwd res;
char pass[_PASSWORD_LEN];
int pw_pos;
/* path.cc */
struct mntent mntbuf;
int iteration;

View File

@ -10,6 +10,8 @@ Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#include "winsup.h"
#include <winioctl.h>
#include <lm.h>
#include <stdlib.h>
#include <sys/acl.h>
#include <sys/statvfs.h>
@ -23,10 +25,8 @@ details. */
#include "pinfo.h"
#include "ntdll.h"
#include "tls_pbuf.h"
#include "pwdgrp.h"
#include <winioctl.h>
#include <lm.h>
#include "devices.h"
#include "ldap.h"
#define _COMPILING_NEWLIB
#include <dirent.h>
@ -323,6 +323,9 @@ int __reg2
fhandler_base::fstat_by_nfs_ea (struct stat *buf)
{
fattr3 *nfs_attr = pc.nfsattr ();
PWCHAR domain;
cyg_ldap cldap;
bool ldap_open = false;
if (get_io_handle ())
{
@ -340,14 +343,36 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
buf->st_mode = (nfs_attr->mode & 0xfff)
| nfs_type_mapping[nfs_attr->type & 7];
buf->st_nlink = nfs_attr->nlink;
/* FIXME: How to convert UNIX uid/gid to Windows SIDs? */
#if 0
buf->st_uid = nfs_attr->uid;
buf->st_gid = nfs_attr->gid;
#else
buf->st_uid = myself->uid;
buf->st_gid = myself->gid;
#endif
/* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in
the cache, try to fetch it from the configured RFC 2307 domain (see
last comment in cygheap_domain_info::init() for more information) and
add it to the mapping cache. */
buf->st_uid = ugid_cache.get_uid (nfs_attr->uid);
buf->st_gid = ugid_cache.get_gid (nfs_attr->gid);
if (buf->st_uid == ILLEGAL_UID)
{
uid_t map_uid = ILLEGAL_UID;
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open = cldap.open (domain)))
map_uid = cldap.remap_uid (nfs_attr->uid);
if (map_uid == ILLEGAL_UID)
map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
ugid_cache.add_uid (nfs_attr->uid, map_uid);
buf->st_uid = map_uid;
}
if (buf->st_gid == ILLEGAL_GID)
{
gid_t map_gid = ILLEGAL_GID;
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open || cldap.open (domain)))
map_gid = cldap.remap_gid (nfs_attr->gid);
if (map_gid == ILLEGAL_GID)
map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
ugid_cache.add_gid (nfs_attr->gid, map_gid);
buf->st_gid = map_gid;
}
buf->st_rdev = makedev (nfs_attr->rdev.specdata1,
nfs_attr->rdev.specdata2);
buf->st_size = nfs_attr->size;

View File

@ -1,7 +1,7 @@
/* fhandler_process.cc: fhandler for /proc/<pid> virtual filesystem
Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012,
2013 Red Hat, Inc.
2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@ -24,7 +24,6 @@ details. */
#include "cygheap.h"
#include "ntdll.h"
#include "cygtls.h"
#include "pwdgrp.h"
#include "mount.h"
#include "tls_pbuf.h"
#include <sys/sysmacros.h>

View File

@ -1,6 +1,6 @@
/* fhandler_procsysvipc.cc: fhandler for /proc/sysvipc virtual filesystem
Copyright 2011, 2012, 2013 Red Hat, Inc.
Copyright 2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@ -24,7 +24,6 @@ details. */
#include "cygheap.h"
#include "ntdll.h"
#include "cygtls.h"
#include "pwdgrp.h"
#include "tls_pbuf.h"
#include <sys/param.h>
#include <ctype.h>

View File

@ -586,8 +586,8 @@ fhandler_registry::fstat (struct stat *buf)
and it's also rather unlikely that the user is the owner.
Therefore it's probably most safe to assume unknown ownership
and no permissions for nobody. */
buf->st_uid = UNKNOWN_UID;
buf->st_gid = UNKNOWN_GID;
buf->st_uid = ILLEGAL_UID;
buf->st_gid = ILLEGAL_GID;
buf->st_mode &= ~0777;
}
}

View File

@ -1,7 +1,7 @@
/* grp.cc
Copyright 1996, 1997, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2011, 2012, 2013 Red Hat, Inc.
2008, 2009, 2011, 2012, 2013, 2014 Red Hat, Inc.
Original stubs by Jason Molenda of Cygnus Support, crash@cygnus.com
First implementation by Gunther Ebert, gunther.ebert@ixos-leipzig.de
@ -23,134 +23,163 @@ details. */
#include "dtable.h"
#include "cygheap.h"
#include "ntdll.h"
#include "pwdgrp.h"
static group *group_buf;
static pwdgrp gr (group_buf);
static char * NO_COPY_RO null_ptr;
bool
pwdgrp::parse_group ()
{
group &grp = (*group_buf)[curr_lines];
grp.gr_name = next_str (':');
if (!*grp.gr_name)
pg_grp &grp = group ()[curr_lines];
grp.g.gr_name = next_str (':');
if (!*grp.g.gr_name)
return false;
grp.gr_passwd = next_str (':');
if (!next_num (grp.gr_gid))
grp.g.gr_passwd = next_str (':');
if (!next_num (grp.g.gr_gid))
return false;
int n;
char *dp = raw_ptr ();
for (n = 0; *next_str (','); n++)
continue;
grp.gr_mem = &null_ptr;
grp.g.gr_mem = &null_ptr;
if (n)
{
char **namearray = (char **) calloc (n + 1, sizeof (char *));
char **namearray = (char **) ccalloc (HEAP_BUF, n + 1, sizeof (char *));
if (namearray)
{
for (int i = 0; i < n; i++, dp = strchr (dp, '\0') + 1)
namearray[i] = dp;
grp.gr_mem = namearray;
grp.g.gr_mem = namearray;
}
}
grp.sid.getfromgr (&grp.g);
return true;
}
/* Cygwin internal */
/* Read in /etc/group and save contents in the group cache */
/* This sets group_in_memory_p to 1 so functions in this file can
tell that /etc/group has been read in */
void
pwdgrp::read_group ()
{
for (int i = 0; i < gr.curr_lines; i++)
if ((*group_buf)[i].gr_mem != &null_ptr)
free ((*group_buf)[i].gr_mem);
load (L"\\etc\\group");
/* Complete /etc/group in memory if needed */
if (!internal_getgrgid (myself->gid))
{
static char linebuf [200];
char group_name [UNLEN + 1] = "mkgroup";
char strbuf[128] = "";
struct group *gr;
cygheap->user.groups.pgsid.string (strbuf);
if ((gr = internal_getgrsid (cygheap->user.groups.pgsid)))
snprintf (group_name, sizeof (group_name),
"passwd/group_GID_clash(%u/%u)", myself->gid, gr->gr_gid);
if (myself->uid == UNKNOWN_UID)
strcpy (group_name, "mkpasswd"); /* Feedback... */
snprintf (linebuf, sizeof (linebuf), "%s:%s:%u:%s",
group_name, strbuf, myself->gid, cygheap->user.name ());
debug_printf ("Completing /etc/group: %s", linebuf);
add_line (linebuf);
}
static char NO_COPY pretty_ls[] = "????????::-1:";
add_line (pretty_ls);
}
muto NO_COPY pwdgrp::pglock;
pwdgrp::pwdgrp (passwd *&pbuf) :
pwdgrp_buf_elem_size (sizeof (*pbuf)), passwd_buf (&pbuf)
void
pwdgrp::init_grp ()
{
read = &pwdgrp::read_passwd;
parse = &pwdgrp::parse_passwd;
pglock.init ("pglock");
pwdgrp_buf_elem_size = sizeof (pg_grp);
parse = &pwdgrp::parse_group;
}
pwdgrp::pwdgrp (group *&gbuf) :
pwdgrp_buf_elem_size (sizeof (*gbuf)), group_buf (&gbuf)
pwdgrp *
pwdgrp::prep_tls_grbuf ()
{
read = &pwdgrp::read_group;
parse = &pwdgrp::parse_group;
pglock.init ("pglock");
if (!_my_tls.locals.grbuf)
{
_my_tls.locals.grbuf = ccalloc_abort (HEAP_BUF, 1,
sizeof (pwdgrp) + sizeof (pg_grp));
pwdgrp *gr = (pwdgrp *) _my_tls.locals.grbuf;
gr->init_grp ();
gr->pwdgrp_buf = (void *) (gr + 1);
gr->max_lines = 1;
}
pwdgrp *gr = (pwdgrp *) _my_tls.locals.grbuf;
if (gr->curr_lines)
{
cfree (gr->group ()[0].g.gr_name);
gr->curr_lines = 0;
}
return gr;
}
struct group *
pwdgrp::find_group (cygpsid &sid)
{
for (ULONG i = 0; i < curr_lines; i++)
if (sid == group ()[i].sid)
return &group ()[i].g;
return NULL;
}
struct group *
pwdgrp::find_group (const char *name)
{
for (ULONG i = 0; i < curr_lines; i++)
if (strcasematch (group ()[i].g.gr_name, name))
return &group ()[i].g;
return NULL;
}
struct group *
pwdgrp::find_group (gid_t gid)
{
for (ULONG i = 0; i < curr_lines; i++)
if (gid == group ()[i].g.gr_gid)
return &group ()[i].g;
return NULL;
}
struct group *
internal_getgrsid (cygpsid &sid)
{
char sid_string[128];
struct group *ret;
gr.refresh (false);
if (sid.string (sid_string))
for (int i = 0; i < gr.curr_lines; i++)
if (!strcmp (sid_string, group_buf[i].gr_passwd))
return group_buf + i;
cygheap->pg.nss_init ();
if (cygheap->pg.nss_grp_files ())
{
cygheap->pg.grp_cache.file.check_file (true);
if ((ret = cygheap->pg.grp_cache.file.find_group (sid)))
return ret;
if ((ret = cygheap->pg.grp_cache.file.add_group_from_file (sid)))
return ret;
}
if (cygheap->pg.nss_grp_db ())
{
if ((ret = cygheap->pg.grp_cache.win.find_group (sid)))
return ret;
return cygheap->pg.grp_cache.win.add_group_from_windows (sid);
}
return NULL;
}
struct group *
internal_getgrgid (gid_t gid, bool check)
internal_getgrnam (const char *name)
{
gr.refresh (check);
struct group *ret;
for (int i = 0; i < gr.curr_lines; i++)
if (group_buf[i].gr_gid == gid)
return group_buf + i;
cygheap->pg.nss_init ();
if (cygheap->pg.nss_grp_files ())
{
cygheap->pg.grp_cache.file.check_file (true);
if ((ret = cygheap->pg.grp_cache.file.find_group (name)))
return ret;
if ((ret = cygheap->pg.grp_cache.file.add_group_from_file (name)))
return ret;
}
if (cygheap->pg.nss_grp_db ())
{
if ((ret = cygheap->pg.grp_cache.win.find_group (name)))
return ret;
return cygheap->pg.grp_cache.win.add_group_from_windows (name);
}
return NULL;
}
struct group *
internal_getgrnam (const char *name, bool check)
internal_getgrgid (gid_t gid)
{
gr.refresh (check);
struct group *ret;
for (int i = 0; i < gr.curr_lines; i++)
if (strcasematch (group_buf[i].gr_name, name))
return group_buf + i;
/* Didn't find requested group */
cygheap->pg.nss_init ();
if (cygheap->pg.nss_grp_files ())
{
cygheap->pg.grp_cache.file.check_file (true);
if ((ret = cygheap->pg.grp_cache.file.find_group (gid)))
return ret;
if ((ret = cygheap->pg.grp_cache.file.add_group_from_file (gid)))
return ret;
}
if (cygheap->pg.nss_grp_db ())
{
if ((ret = cygheap->pg.grp_cache.win.find_group (gid)))
return ret;
return cygheap->pg.grp_cache.win.add_group_from_windows (gid);
}
else if (gid == ILLEGAL_GID)
return cygheap->pg.grp_cache.win.add_group_from_windows (gid);
return NULL;
}
@ -181,7 +210,7 @@ getgrgid_r (gid_t gid, struct group *grp, char *buffer, size_t bufsize,
if (!grp || !buffer)
return ERANGE;
struct group *tempgr = internal_getgrgid (gid, true);
struct group *tempgr = internal_getgrgid (gid);
pthread_testcancel ();
if (!tempgr)
return 0;
@ -211,7 +240,7 @@ getgrgid_r (gid_t gid, struct group *grp, char *buffer, size_t bufsize,
extern "C" struct group *
getgrgid32 (gid_t gid)
{
return internal_getgrgid (gid, true);
return internal_getgrgid (gid);
}
#ifdef __x86_64__
@ -235,7 +264,7 @@ getgrnam_r (const char *nam, struct group *grp, char *buffer,
if (!grp || !buffer)
return ERANGE;
struct group *tempgr = internal_getgrnam (nam, true);
struct group *tempgr = internal_getgrnam (nam);
pthread_testcancel ();
if (!tempgr)
return 0;
@ -265,7 +294,7 @@ getgrnam_r (const char *nam, struct group *grp, char *buffer,
extern "C" struct group *
getgrnam32 (const char *name)
{
return internal_getgrnam (name, true);
return internal_getgrnam (name);
}
#ifdef __x86_64__
@ -289,11 +318,19 @@ endgrent ()
extern "C" struct group *
getgrent32 ()
{
if (_my_tls.locals.grp_pos == 0)
gr.refresh (true);
if (_my_tls.locals.grp_pos < gr.curr_lines)
return group_buf + _my_tls.locals.grp_pos++;
pwdgrp &grf = cygheap->pg.grp_cache.file;
if (cygheap->pg.nss_grp_files ())
{
cygheap->pg.grp_cache.file.check_file (true);
if (_my_tls.locals.grp_pos < grf.cached_groups ())
return &grf.group ()[_my_tls.locals.grp_pos++].g;
}
if ((cygheap->pg.nss_grp_db ()) && cygheap->pg.nss_db_caching ())
{
pwdgrp &grw = cygheap->pg.grp_cache.win;
if (_my_tls.locals.grp_pos - grf.cached_groups () < grw.cached_groups ())
return &grw.group ()[_my_tls.locals.grp_pos++ - grf.cached_groups ()].g;
}
return NULL;
}
@ -315,46 +352,29 @@ setgrent ()
_my_tls.locals.grp_pos = 0;
}
/* Internal function. ONLY USE THIS INTERNALLY, NEVER `getgrent'!!! */
struct group *
internal_getgrent (int pos)
{
gr.refresh (false);
if (pos < gr.curr_lines)
return group_buf + pos;
return NULL;
}
int
internal_getgroups (int gidsetsize, gid_t *grouplist, cygpsid * srchsid)
internal_getgroups (int gidsetsize, gid_t *grouplist, cygpsid *srchsid)
{
NTSTATUS status;
HANDLE hToken = NULL;
ULONG size;
int cnt = 0;
struct group *gr;
struct group *grp;
if (!srchsid && cygheap->user.groups.issetgroups ())
{
cygsid sid;
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (sid.getfromgr (gr))
for (int pg = 0; pg < cygheap->user.groups.sgsids.count (); ++pg)
if (sid == cygheap->user.groups.sgsids.sids[pg]
&& sid != well_known_world_sid)
{
if (cnt < gidsetsize)
grouplist[cnt] = gr->gr_gid;
++cnt;
if (gidsetsize && cnt > gidsetsize)
goto error;
break;
}
for (int pg = 0; pg < cygheap->user.groups.sgsids.count (); ++pg)
if ((grp = internal_getgrsid (cygheap->user.groups.sgsids.sids[pg])))
{
if (cnt < gidsetsize)
grouplist[cnt] = grp->gr_gid;
++cnt;
if (gidsetsize && cnt > gidsetsize)
goto error;
}
return cnt;
}
/* If impersonated, use impersonation token. */
if (cygheap->user.issetuid ())
hToken = cygheap->user.primary_token ();
@ -379,21 +399,25 @@ internal_getgroups (int gidsetsize, gid_t *grouplist, cygpsid * srchsid)
break;
}
else
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (sid.getfromgr (gr))
for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
if (sid == groups->Groups[pg].Sid
&& (groups->Groups[pg].Attributes
& (SE_GROUP_ENABLED | SE_GROUP_INTEGRITY_ENABLED))
&& sid != well_known_world_sid)
{
for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
{
cygpsid sid = groups->Groups[pg].Sid;
if ((grp = internal_getgrsid (sid)))
{
if (cnt < gidsetsize)
grouplist[cnt] = gr->gr_gid;
++cnt;
if (gidsetsize && cnt > gidsetsize)
goto error;
break;
if ((groups->Groups[pg].Attributes
& (SE_GROUP_ENABLED | SE_GROUP_INTEGRITY_ENABLED))
&& sid != well_known_world_sid)
{
if (cnt < gidsetsize)
grouplist[cnt] = grp->gr_gid;
++cnt;
if (gidsetsize && cnt > gidsetsize)
goto error;
}
}
}
}
}
}
else
@ -443,11 +467,11 @@ get_groups (const char *user, gid_t gid, cygsidlist &gsids)
{
cygheap->user.deimpersonate ();
struct passwd *pw = internal_getpwnam (user);
struct group *gr = internal_getgrgid (gid);
struct group *grp = internal_getgrgid (gid);
cygsid usersid, grpsid;
if (usersid.getfrompw (pw))
get_server_groups (gsids, usersid, pw);
if (grpsid.getfromgr (gr))
if (grpsid.getfromgr (grp))
gsids += grpsid;
cygheap->user.reimpersonate ();
}
@ -482,7 +506,7 @@ getgrouplist (const char *user, gid_t gid, gid_t *groups, int *ngroups)
{
int ret = 0;
int cnt = 0;
struct group *gr;
struct group *grp;
/* Note that it's not defined if groups or ngroups may be NULL!
GLibc does not check the pointers on entry and just uses them.
@ -495,10 +519,10 @@ getgrouplist (const char *user, gid_t gid, gid_t *groups, int *ngroups)
cygsidlist tmp_gsids (cygsidlist_auto, 12);
get_groups (user, gid, tmp_gsids);
for (int i = 0; i < tmp_gsids.count (); i++)
if ((gr = internal_getgrsid (tmp_gsids.sids[i])) != NULL)
if ((grp = internal_getgrsid (tmp_gsids.sids[i])) != NULL)
{
if (groups && cnt < *ngroups)
groups[cnt] = gr->gr_gid;
groups[cnt] = grp->gr_gid;
++cnt;
}
if (cnt > *ngroups)
@ -522,15 +546,15 @@ setgroups32 (int ngroups, const gid_t *grouplist)
}
cygsidlist gsids (cygsidlist_alloc, ngroups);
struct group *gr;
struct group *grp;
if (ngroups && !gsids.sids)
return -1;
for (int gidx = 0; gidx < ngroups; ++gidx)
{
if ((gr = internal_getgrgid (grouplist[gidx]))
&& gsids.addfromgr (gr))
if ((grp = internal_getgrgid (grouplist[gidx]))
&& gsids.addfromgr (grp))
continue;
debug_printf ("No sid found for gid %u", grouplist[gidx]);
gsids.free_sids ();

443
winsup/cygwin/ldap.cc Normal file
View File

@ -0,0 +1,443 @@
/* ldap.cc: Helper functions for ldap access to Active Directory.
Copyright 2014 Red Hat, Inc.
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#include "winsup.h"
#include "ldap.h"
#include "cygerrno.h"
#include "security.h"
#include "path.h"
#include "fhandler.h"
#include "dtable.h"
#include "cygheap.h"
#include "registry.h"
#include "pinfo.h"
#include "lm.h"
#include "dsgetdc.h"
static LDAP_TIMEVAL tv = { 3, 0 };
static PWCHAR rootdse_attr[] =
{
(PWCHAR) L"defaultNamingContext",
(PWCHAR) L"supportedCapabilities",
NULL
};
static PWCHAR user_attr[] =
{
(PWCHAR) L"uid",
(PWCHAR) L"primaryGroupID",
(PWCHAR) L"gecos",
(PWCHAR) L"unixHomeDirectory",
(PWCHAR) L"loginShell",
(PWCHAR) L"uidNumber",
NULL
};
static PWCHAR group_attr[] =
{
(PWCHAR) L"cn",
(PWCHAR) L"gidNumber",
NULL
};
PWCHAR tdom_attr[] =
{
(PWCHAR) L"trustPosixOffset",
NULL
};
PWCHAR nfs_attr[] =
{
(PWCHAR) L"objectSid",
NULL
};
PWCHAR rfc2307_uid_attr[] =
{
(PWCHAR) L"uid",
NULL
};
PWCHAR rfc2307_gid_attr[] =
{
(PWCHAR) L"cn",
NULL
};
DWORD WINAPI
rediscover_thread (LPVOID dummy)
{
PDOMAIN_CONTROLLER_INFOW pdci;
DWORD ret = DsGetDcNameW (NULL, (PWCHAR) dummy, NULL, NULL,
DS_FORCE_REDISCOVERY | DS_ONLY_LDAP_NEEDED, &pdci);
if (ret == ERROR_SUCCESS)
NetApiBufferFree (pdci);
else
debug_printf ("DsGetDcNameW(%W) failed with error %u", dummy, ret);
return 0;
}
bool
cyg_ldap::connect_ssl (PCWSTR domain)
{
ULONG ret, timelimit = 3; /* secs */
if (!(lh = ldap_sslinitW ((PWCHAR) domain, LDAP_SSL_PORT, 1)))
{
debug_printf ("ldap_init(%W) error 0x%02x", domain, LdapGetLastError ());
return false;
}
if ((ret = ldap_set_option (lh, LDAP_OPT_TIMELIMIT, &timelimit))
!= LDAP_SUCCESS)
debug_printf ("ldap_set_option(LDAP_OPT_TIMELIMIT) error 0x%02x", ret);
if ((ret = ldap_bind_s (lh, NULL, NULL, LDAP_AUTH_NEGOTIATE)) != LDAP_SUCCESS)
{
debug_printf ("ldap_bind(%W) 0x%02x", domain, ret);
ldap_unbind (lh);
lh = NULL;
return false;
}
return true;
}
bool
cyg_ldap::connect_non_ssl (PCWSTR domain)
{
ULONG ret, timelimit = 3; /* secs */
if (!(lh = ldap_initW ((PWCHAR) domain, LDAP_PORT)))
{
debug_printf ("ldap_init(%W) error 0x%02x", domain, LdapGetLastError ());
return false;
}
if ((ret = ldap_set_option (lh, LDAP_OPT_SIGN, LDAP_OPT_ON))
!= LDAP_SUCCESS)
debug_printf ("ldap_set_option(LDAP_OPT_SIGN) error 0x%02x", ret);
if ((ret = ldap_set_option (lh, LDAP_OPT_ENCRYPT, LDAP_OPT_ON))
!= LDAP_SUCCESS)
debug_printf ("ldap_set_option(LDAP_OPT_ENCRYPT) error 0x%02x", ret);
if ((ret = ldap_set_option (lh, LDAP_OPT_TIMELIMIT, &timelimit))
!= LDAP_SUCCESS)
debug_printf ("ldap_set_option(LDAP_OPT_TIMELIMIT) error 0x%02x", ret);
if ((ret = ldap_bind_s (lh, NULL, NULL, LDAP_AUTH_NEGOTIATE)) != LDAP_SUCCESS)
{
debug_printf ("ldap_bind(%W) 0x%02x", domain, ret);
ldap_unbind (lh);
lh = NULL;
return false;
}
return true;
}
bool
cyg_ldap::open (PCWSTR domain)
{
LARGE_INTEGER start, stop;
static LARGE_INTEGER last_rediscover;
ULONG ret;
close ();
GetSystemTimeAsFileTime ((LPFILETIME) &start);
/* FIXME? connect_ssl can take ages even when failing, so we're trying to
do everything the non-SSL (but still encrypted) way. */
if (/*!connect_ssl (NULL) && */ !connect_non_ssl (domain))
return false;
/* For some obscure reason, there's a chance that the ldap_bind_s call takes
a long time, if the current primary DC is... well, burping or something.
If so, we rediscover in the background which usually switches to the next
fastest DC. */
GetSystemTimeAsFileTime ((LPFILETIME) &stop);
if ((stop.QuadPart - start.QuadPart) >= 3000000LL /* 0.3s */
&& (stop.QuadPart - last_rediscover.QuadPart) >= 30000000LL) /* 3s */
{
debug_printf ("ldap_bind_s is laming. Try to rediscover.");
HANDLE thr = CreateThread (&sec_none_nih, 4 * PTHREAD_STACK_MIN,
rediscover_thread, (LPVOID) domain,
STACK_SIZE_PARAM_IS_A_RESERVATION, NULL);
if (!thr)
debug_printf ("Couldn't start rediscover thread.");
else
{
last_rediscover = stop;
CloseHandle (thr);
}
}
if ((ret = ldap_search_stW (lh, NULL, LDAP_SCOPE_BASE,
(PWCHAR) L"(objectclass=*)", rootdse_attr,
0, &tv, &msg))
!= LDAP_SUCCESS)
{
debug_printf ("ldap_search(%W, ROOTDSE) error 0x%02x", domain, ret);
goto err;
}
if (!(entry = ldap_first_entry (lh, msg)))
{
debug_printf ("No ROOTDSE entry for %W", domain);
goto err;
}
if (!(val = ldap_get_valuesW (lh, entry, rootdse_attr[0])))
{
debug_printf ("No ROOTDSE value for %W", domain);
goto err;
}
if (!(rootdse = wcsdup (val[0])))
{
debug_printf ("wcsdup(%W, ROOTDSE) %d", domain, get_errno ());
goto err;
}
ldap_value_freeW (val);
if ((val = ldap_get_valuesW (lh, entry, rootdse_attr[1])))
{
for (ULONG idx = 0; idx < ldap_count_valuesW (val); ++idx)
if (!wcscmp (val[idx], LDAP_CAP_ACTIVE_DIRECTORY_OID_W))
{
isAD = true;
break;
}
}
ldap_value_freeW (val);
val = NULL;
ldap_memfreeW ((PWCHAR) msg);
msg = entry = NULL; return true;
err:
close ();
return false;
}
void
cyg_ldap::close ()
{
if (lh)
ldap_unbind (lh);
if (msg)
ldap_memfreeW ((PWCHAR) msg);
if (val)
ldap_value_freeW (val);
if (rootdse)
free (rootdse);
lh = NULL;
msg = entry = NULL;
val = NULL;
rootdse = NULL;
}
bool
cyg_ldap::fetch_ad_account (PSID sid, bool group)
{
WCHAR filter[512], *f;
LONG len = (LONG) RtlLengthSid (sid);
PBYTE s = (PBYTE) sid;
static WCHAR hex_wchars[] = L"0123456789abcdef";
ULONG ret;
if (msg)
{
ldap_memfreeW ((PWCHAR) msg);
msg = entry = NULL;
}
if (val)
{
ldap_value_freeW (val);
val = NULL;
}
f = wcpcpy (filter, L"(objectSid=");
while (len-- > 0)
{
*f++ = L'\\';
*f++ = hex_wchars[*s >> 4];
*f++ = hex_wchars[*s++ & 0xf];
}
wcpcpy (f, L")");
attr = group ? group_attr : user_attr;
if ((ret = ldap_search_stW (lh, rootdse, LDAP_SCOPE_SUBTREE, filter,
attr, 0, &tv, &msg)) != LDAP_SUCCESS)
{
debug_printf ("ldap_search_stW(%W,%W) error 0x%02x",
rootdse, filter, ret);
return false;
}
if (!(entry = ldap_first_entry (lh, msg)))
{
debug_printf ("No entry for %W in rootdse %W", filter, rootdse);
return false;
}
return true;
}
uint32_t
cyg_ldap::fetch_posix_offset_for_domain (PCWSTR domain)
{
WCHAR filter[512];
ULONG ret;
if (msg)
{
ldap_memfreeW ((PWCHAR) msg);
msg = entry = NULL;
}
if (val)
{
ldap_value_freeW (val);
val = NULL;
}
__small_swprintf (filter, L"(&(objectClass=trustedDomain)(name=%W))", domain);
if ((ret = ldap_search_stW (lh, rootdse, LDAP_SCOPE_SUBTREE, filter,
attr = tdom_attr, 0, &tv, &msg)) != LDAP_SUCCESS)
{
debug_printf ("ldap_search_stW(%W,%W) error 0x%02x",
rootdse, filter, ret);
return 0;
}
if (!(entry = ldap_first_entry (lh, msg)))
{
debug_printf ("No entry for %W in rootdse %W", filter, rootdse);
return 0;
}
return get_num_attribute (0);
}
PWCHAR
cyg_ldap::get_string_attribute (int idx)
{
if (val)
ldap_value_freeW (val);
val = ldap_get_valuesW (lh, entry, attr[idx]);
if (val)
return val[0];
return NULL;
}
uint32_t
cyg_ldap::get_num_attribute (int idx)
{
PWCHAR ret = get_string_attribute (idx);
if (ret)
return (uint32_t) wcstoul (ret, NULL, 10);
return (uint32_t) -1;
}
bool
cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group)
{
WCHAR filter[512];
ULONG ret;
PLDAP_BERVAL *bval;
if (msg)
{
ldap_memfreeW ((PWCHAR) msg);
msg = entry = NULL;
}
if (group)
__small_swprintf (filter, L"(&(objectClass=Group)(gidNumber=%u))", id);
else
__small_swprintf (filter, L"(&(objectClass=User)(uidNumber=%u))", id);
if ((ret = ldap_search_stW (lh, rootdse, LDAP_SCOPE_SUBTREE, filter,
nfs_attr, 0, &tv, &msg)) != LDAP_SUCCESS)
{
debug_printf ("ldap_search_stW(%W,%W) error 0x%02x",
rootdse, filter, ret);
return false;
}
if ((entry = ldap_first_entry (lh, msg))
&& (bval = ldap_get_values_lenW (lh, entry, nfs_attr[0])))
{
sid = (PSID) bval[0]->bv_val;
ldap_value_free_len (bval);
}
return true;
}
PWCHAR
cyg_ldap::fetch_unix_name_from_rfc2307 (uint32_t id, bool group)
{
WCHAR filter[512];
ULONG ret;
if (msg)
{
ldap_memfreeW ((PWCHAR) msg);
msg = entry = NULL;
}
if (val)
{
ldap_value_freeW (val);
val = NULL;
}
attr = group ? rfc2307_gid_attr : rfc2307_uid_attr;
if (group)
__small_swprintf (filter, L"(&(objectClass=posixGroup)(gidNumber=%u))", id);
else
__small_swprintf (filter, L"(&(objectClass=posixAccount)(uidNumber=%u))",
id);
if ((ret = ldap_search_stW (lh, rootdse, LDAP_SCOPE_SUBTREE, filter, attr,
0, &tv, &msg)) != LDAP_SUCCESS)
{
debug_printf ("ldap_search_stW(%W,%W) error 0x%02x",
rootdse, filter, ret);
return NULL;
}
if (!(entry = ldap_first_entry (lh, msg)))
{
debug_printf ("No entry for %W in rootdse %W", filter, rootdse);
return NULL;
}
return get_string_attribute (0);
}
uid_t
cyg_ldap::remap_uid (uid_t uid)
{
cygsid user (NO_SID);
PWCHAR name;
struct passwd *pw;
if (isAD)
{
if (fetch_unix_sid_from_ad (uid, user, false)
&& user != NO_SID
&& (pw = internal_getpwsid (user)))
return pw->pw_uid;
}
else if ((name = fetch_unix_name_from_rfc2307 (uid, false)))
{
char *mbname = NULL;
sys_wcstombs_alloc (&mbname, HEAP_NOTHEAP, name);
if ((pw = internal_getpwnam (mbname)))
return pw->pw_uid;
}
return ILLEGAL_UID;
}
gid_t
cyg_ldap::remap_gid (gid_t gid)
{
cygsid group (NO_SID);
PWCHAR name;
struct group *gr;
if (isAD)
{
if (fetch_unix_sid_from_ad (gid, group, true)
&& group != NO_SID
&& (gr = internal_getgrsid (group)))
return gr->gr_gid;
}
else if ((name = fetch_unix_name_from_rfc2307 (gid, true)))
{
char *mbname = NULL;
sys_wcstombs_alloc (&mbname, HEAP_NOTHEAP, name);
if ((gr = internal_getgrnam (mbname)))
return gr->gr_gid;
}
return ILLEGAL_GID;
}

68
winsup/cygwin/ldap.h Normal file
View File

@ -0,0 +1,68 @@
/* ldap.h.
Copyright 2014 Red Hat, Inc.
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#pragma push_macro ("DECLSPEC_IMPORT")
#undef DECLSPEC_IMPORT
#define DECLSPEC_IMPORT
#include <winldap.h>
#include <ntldap.h>
#pragma pop_macro ("DECLSPEC_IMPORT")
#define LDAP_USER_NAME_ATTR 0
#define LDAP_USER_PGRP_ATTR 1
#define LDAP_USER_GECOS_ATTR 2
#define LDAP_USER_HOME_ATTR 3
#define LDAP_USER_SHELL_ATTR 4
#define LDAP_USER_UID_ATTR 5
#define LDAP_GROUP_NAME_ATTR 0
#define LDAP_GROUP_GID_ATTR 1
class cyg_ldap {
PLDAP lh;
PWCHAR rootdse;
PLDAPMessage msg, entry;
PWCHAR *val;
PWCHAR *attr;
bool isAD;
bool connect_ssl (PCWSTR domain);
bool connect_non_ssl (PCWSTR domain);
bool fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group);
PWCHAR fetch_unix_name_from_rfc2307 (uint32_t id, bool group);
PWCHAR get_string_attribute (int idx);
uint32_t get_num_attribute (int idx);
public:
cyg_ldap () : lh (NULL), rootdse (NULL), msg (NULL), entry (NULL),
val (NULL), isAD (false)
{}
~cyg_ldap () { close (); }
operator PLDAP () const { return lh; }
bool open (PCWSTR in_domain);
void close ();
bool fetch_ad_account (PSID sid, bool group);
uint32_t fetch_posix_offset_for_domain (PCWSTR domain);
uid_t remap_uid (uid_t uid);
gid_t remap_gid (gid_t gid);
PWCHAR get_user_name () { return get_string_attribute (LDAP_USER_NAME_ATTR); }
/* User only */
gid_t get_primary_gid () { return get_num_attribute (LDAP_USER_PGRP_ATTR); }
PWCHAR get_gecos () { return get_string_attribute (LDAP_USER_GECOS_ATTR); }
PWCHAR get_home ()
{ return get_string_attribute (LDAP_USER_HOME_ATTR); }
PWCHAR get_shell () { return get_string_attribute (LDAP_USER_SHELL_ATTR); }
gid_t get_unix_uid () { return get_num_attribute (LDAP_USER_UID_ATTR); }
/* group only */
PWCHAR get_group_name ()
{ return get_string_attribute (LDAP_GROUP_NAME_ATTR); }
gid_t get_unix_gid () { return get_num_attribute (LDAP_GROUP_GID_ATTR); }
};

View File

@ -19,125 +19,158 @@ details. */
#include "dtable.h"
#include "pinfo.h"
#include "cygheap.h"
#include "pwdgrp.h"
#include "shared_info.h"
/* Read /etc/passwd only once for better performance. This is done
on the first call that needs information from it. */
passwd *passwd_buf;
static pwdgrp pr (passwd_buf);
/* Parse /etc/passwd line into passwd structure. */
bool
pwdgrp::parse_passwd ()
{
passwd &res = (*passwd_buf)[curr_lines];
res.pw_name = next_str (':');
res.pw_passwd = next_str (':');
if (!next_num (res.pw_uid))
pg_pwd &res = passwd ()[curr_lines];
res.p.pw_name = next_str (':');
res.p.pw_passwd = next_str (':');
if (!next_num (res.p.pw_uid))
return false;
if (!next_num (res.pw_gid))
if (!next_num (res.p.pw_gid))
return false;
res.pw_comment = NULL;
res.pw_gecos = next_str (':');
res.pw_dir = next_str (':');
res.pw_shell = next_str (':');
res.p.pw_comment = NULL;
res.p.pw_gecos = next_str (':');
res.p.pw_dir = next_str (':');
res.p.pw_shell = next_str (':');
res.sid.getfrompw (&res.p);
return true;
}
/* Read in /etc/passwd and save contents in the password cache.
This sets pr to loaded or emulated so functions in this file can
tell that /etc/passwd has been read in or will be emulated. */
void
pwdgrp::read_passwd ()
pwdgrp::init_pwd ()
{
load (L"\\etc\\passwd");
pwdgrp_buf_elem_size = sizeof (pg_pwd);
parse = &pwdgrp::parse_passwd;
}
char strbuf[128] = "";
bool searchentry = true;
struct passwd *pw;
/* must be static */
static char NO_COPY pretty_ls[] = "????????:*:-1:-1:::";
add_line (pretty_ls);
cygsid tu = cygheap->user.sid ();
tu.string (strbuf);
if (!user_shared->cb || myself->uid == ILLEGAL_UID)
searchentry = !internal_getpwsid (tu);
if (searchentry
&& (!(pw = internal_getpwnam (cygheap->user.name ()))
|| !user_shared->cb
|| (myself->uid != ILLEGAL_UID
&& myself->uid != pw->pw_uid
&& !internal_getpwuid (myself->uid))))
pwdgrp *
pwdgrp::prep_tls_pwbuf ()
{
if (!_my_tls.locals.pwbuf)
{
static char linebuf[1024]; // must be static and
// should not be NO_COPY
snprintf (linebuf, sizeof (linebuf), "%s:*:%u:%u:,%s:%s:/bin/sh",
cygheap->user.name (),
(!user_shared->cb || myself->uid == ILLEGAL_UID)
? UNKNOWN_UID : myself->uid,
!user_shared->cb ? UNKNOWN_GID : myself->gid,
strbuf, getenv ("HOME") ?: "");
debug_printf ("Completing /etc/passwd: %s", linebuf);
add_line (linebuf);
_my_tls.locals.pwbuf = ccalloc_abort (HEAP_BUF, 1,
sizeof (pwdgrp) + sizeof (pg_pwd));
pwdgrp *pw = (pwdgrp *) _my_tls.locals.pwbuf;
pw->init_pwd ();
pw->pwdgrp_buf = (void *) (pw + 1);
pw->max_lines = 1;
}
pwdgrp *pw = (pwdgrp *) _my_tls.locals.pwbuf;
if (pw->curr_lines)
{
cfree (pw->passwd ()[0].p.pw_name);
pw->curr_lines = 0;
}
return pw;
}
struct passwd *
pwdgrp::find_user (cygpsid &sid)
{
for (ULONG i = 0; i < curr_lines; i++)
if (sid == passwd ()[i].sid)
return &passwd ()[i].p;
return NULL;
}
struct passwd *
pwdgrp::find_user (const char *name)
{
for (ULONG i = 0; i < curr_lines; i++)
/* on Windows NT user names are case-insensitive */
if (strcasematch (name, passwd ()[i].p.pw_name))
return &passwd ()[i].p;
return NULL;
}
struct passwd *
pwdgrp::find_user (uid_t uid)
{
for (ULONG i = 0; i < curr_lines; i++)
if (uid == passwd ()[i].p.pw_uid)
return &passwd ()[i].p;
return NULL;
}
struct passwd *
internal_getpwsid (cygpsid &sid)
{
struct passwd *pw;
char *ptr1, *ptr2, *endptr;
char sid_string[128] = {0,','};
struct passwd *ret;
pr.refresh (false);
if (sid.string (sid_string + 2))
cygheap->pg.nss_init ();
if (cygheap->pg.nss_pwd_files ())
{
endptr = strchr (sid_string + 2, 0) - 1;
for (int i = 0; i < pr.curr_lines; i++)
{
pw = passwd_buf + i;
if (pw->pw_dir > pw->pw_gecos + 8)
for (ptr1 = endptr, ptr2 = pw->pw_dir - 2;
*ptr1 == *ptr2; ptr2--)
if (!*--ptr1)
return pw;
}
cygheap->pg.pwd_cache.file.check_file (false);
if ((ret = cygheap->pg.pwd_cache.file.find_user (sid)))
return ret;
if ((ret = cygheap->pg.pwd_cache.file.add_user_from_file (sid)))
return ret;
}
if (cygheap->pg.nss_pwd_db ())
{
if ((ret = cygheap->pg.pwd_cache.win.find_user (sid)))
return ret;
return cygheap->pg.pwd_cache.win.add_user_from_windows (sid);
}
return NULL;
}
struct passwd *
internal_getpwuid (uid_t uid, bool check)
internal_getpwnam (const char *name)
{
pr.refresh (check);
struct passwd *ret;
for (int i = 0; i < pr.curr_lines; i++)
if (uid == passwd_buf[i].pw_uid)
return passwd_buf + i;
cygheap->pg.nss_init ();
if (cygheap->pg.nss_pwd_files ())
{
cygheap->pg.pwd_cache.file.check_file (false);
if ((ret = cygheap->pg.pwd_cache.file.find_user (name)))
return ret;
if ((ret = cygheap->pg.pwd_cache.file.add_user_from_file (name)))
return ret;
}
if (cygheap->pg.nss_pwd_db ())
{
if ((ret = cygheap->pg.pwd_cache.win.find_user (name)))
return ret;
return cygheap->pg.pwd_cache.win.add_user_from_windows (name);
}
return NULL;
}
struct passwd *
internal_getpwnam (const char *name, bool check)
internal_getpwuid (uid_t uid)
{
pr.refresh (check);
struct passwd *ret;
for (int i = 0; i < pr.curr_lines; i++)
/* on Windows NT user names are case-insensitive */
if (strcasematch (name, passwd_buf[i].pw_name))
return passwd_buf + i;
cygheap->pg.nss_init ();
if (cygheap->pg.nss_pwd_files ())
{
cygheap->pg.pwd_cache.file.check_file (false);
if ((ret = cygheap->pg.pwd_cache.file.find_user (uid)))
return ret;
if ((ret = cygheap->pg.pwd_cache.file.add_user_from_file (uid)))
return ret;
}
if (cygheap->pg.nss_pwd_db ())
{
if ((ret = cygheap->pg.pwd_cache.win.find_user (uid)))
return ret;
return cygheap->pg.pwd_cache.win.add_user_from_windows (uid);
}
else if (uid == ILLEGAL_UID)
return cygheap->pg.pwd_cache.win.add_user_from_windows (uid);
return NULL;
}
extern "C" struct passwd *
getpwuid32 (uid_t uid)
{
struct passwd *temppw = internal_getpwuid (uid, true);
struct passwd *temppw = internal_getpwuid (uid);
pthread_testcancel ();
return temppw;
}
@ -160,7 +193,7 @@ getpwuid_r32 (uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, struc
if (!pwd || !buffer)
return ERANGE;
struct passwd *temppw = internal_getpwuid (uid, true);
struct passwd *temppw = internal_getpwuid (uid);
pthread_testcancel ();
if (!temppw)
return 0;
@ -198,7 +231,7 @@ getpwuid_r (__uid16_t uid, struct passwd *pwd, char *buffer, size_t bufsize, str
extern "C" struct passwd *
getpwnam (const char *name)
{
struct passwd *temppw = internal_getpwnam (name, true);
struct passwd *temppw = internal_getpwnam (name);
pthread_testcancel ();
return temppw;
}
@ -216,7 +249,7 @@ getpwnam_r (const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, s
if (!pwd || !buffer || !nam)
return ERANGE;
struct passwd *temppw = internal_getpwnam (nam, true);
struct passwd *temppw = internal_getpwnam (nam);
pthread_testcancel ();
if (!temppw)
@ -245,11 +278,19 @@ getpwnam_r (const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, s
extern "C" struct passwd *
getpwent (void)
{
if (_my_tls.locals.pw_pos == 0)
pr.refresh (true);
if (_my_tls.locals.pw_pos < pr.curr_lines)
return passwd_buf + _my_tls.locals.pw_pos++;
pwdgrp &prf = cygheap->pg.pwd_cache.file;
if (cygheap->pg.nss_pwd_files ())
{
cygheap->pg.pwd_cache.file.check_file (false);
if (_my_tls.locals.pw_pos < prf.cached_users ())
return &prf.passwd ()[_my_tls.locals.pw_pos++].p;
}
if ((cygheap->pg.nss_pwd_db ()) && cygheap->pg.nss_db_caching ())
{
pwdgrp &prw = cygheap->pg.pwd_cache.win;
if (_my_tls.locals.pw_pos - prf.cached_users () < prw.cached_users ())
return &prw.passwd ()[_my_tls.locals.pw_pos++ - prf.cached_users ()].p;
}
return NULL;
}

View File

@ -4612,142 +4612,6 @@ out:
return buf;
}
int etc::curr_ix = 0;
/* Note that the first elements of the below arrays are unused */
bool etc::change_possible[MAX_ETC_FILES + 1];
OBJECT_ATTRIBUTES etc::fn[MAX_ETC_FILES + 1];
LARGE_INTEGER etc::last_modified[MAX_ETC_FILES + 1];
int
etc::init (int n, POBJECT_ATTRIBUTES attr)
{
if (n > 0)
/* ok */;
else if (++curr_ix <= MAX_ETC_FILES)
n = curr_ix;
else
api_fatal ("internal error");
fn[n] = *attr;
change_possible[n] = false;
test_file_change (n);
paranoid_printf ("fn[%d] %S, curr_ix %d", n, fn[n].ObjectName, curr_ix);
return n;
}
bool
etc::test_file_change (int n)
{
NTSTATUS status;
FILE_NETWORK_OPEN_INFORMATION fnoi;
bool res;
status = NtQueryFullAttributesFile (&fn[n], &fnoi);
if (!NT_SUCCESS (status))
{
res = status != STATUS_OBJECT_NAME_NOT_FOUND;
memset (last_modified + n, 0, sizeof (last_modified[n]));
debug_printf ("NtQueryFullAttributesFile (%S) failed, %y",
fn[n].ObjectName, status);
}
else
{
res = CompareFileTime ((FILETIME *) &fnoi.LastWriteTime,
(FILETIME *) last_modified + n) > 0;
last_modified[n].QuadPart = fnoi.LastWriteTime.QuadPart;
}
paranoid_printf ("fn[%d] %S res %d", n, fn[n].ObjectName, res);
return res;
}
bool
etc::dir_changed (int n)
{
/* io MUST be static because NtNotifyChangeDirectoryFile works asynchronously.
It may write into io after the function has left, which may result in all
sorts of stack corruption. */
static IO_STATUS_BLOCK io NO_COPY;
static HANDLE changed_h NO_COPY;
if (!change_possible[n])
{
NTSTATUS status;
if (!changed_h)
{
OBJECT_ATTRIBUTES attr;
path_conv dir ("/etc");
status = NtOpenFile (&changed_h, SYNCHRONIZE | FILE_LIST_DIRECTORY,
dir.get_object_attr (attr, sec_none_nih), &io,
FILE_SHARE_VALID_FLAGS, FILE_DIRECTORY_FILE);
if (!NT_SUCCESS (status))
{
#ifdef DEBUGGING
system_printf ("NtOpenFile (%S) failed, %y",
dir.get_nt_native_path (), status);
#endif
changed_h = INVALID_HANDLE_VALUE;
}
else
{
status = NtNotifyChangeDirectoryFile (changed_h, NULL, NULL,
NULL, &io, NULL, 0,
FILE_NOTIFY_CHANGE_LAST_WRITE
| FILE_NOTIFY_CHANGE_FILE_NAME,
FALSE);
if (!NT_SUCCESS (status))
{
#ifdef DEBUGGING
system_printf ("NtNotifyChangeDirectoryFile (1) failed, %y",
status);
#endif
NtClose (changed_h);
changed_h = INVALID_HANDLE_VALUE;
}
}
memset (change_possible, true, sizeof (change_possible));
}
if (changed_h == INVALID_HANDLE_VALUE)
change_possible[n] = true;
else if (WaitForSingleObject (changed_h, 0) == WAIT_OBJECT_0)
{
status = NtNotifyChangeDirectoryFile (changed_h, NULL, NULL,
NULL, &io, NULL, 0,
FILE_NOTIFY_CHANGE_LAST_WRITE
| FILE_NOTIFY_CHANGE_FILE_NAME,
FALSE);
if (!NT_SUCCESS (status))
{
#ifdef DEBUGGING
system_printf ("NtNotifyChangeDirectoryFile (2) failed, %y",
status);
#endif
NtClose (changed_h);
changed_h = INVALID_HANDLE_VALUE;
}
memset (change_possible, true, sizeof change_possible);
}
}
paranoid_printf ("fn[%d] %S change_possible %d",
n, fn[n].ObjectName, change_possible[n]);
return change_possible[n];
}
bool
etc::file_changed (int n)
{
bool res = false;
if (dir_changed (n) && test_file_change (n))
res = true;
change_possible[n] = false; /* Change is no longer possible */
paranoid_printf ("fn[%d] %S res %d", n, fn[n].ObjectName, res);
return res;
}
/* No need to be reentrant or thread-safe according to SUSv3.
/ and \\ are treated equally. Leading drive specifiers are
kept intact as far as it makes sense. Everything else is

View File

@ -447,21 +447,4 @@ int normalize_win32_path (const char *, char *, char *&);
int normalize_posix_path (const char *, char *, char *&);
PUNICODE_STRING __reg3 get_nt_native_path (const char *, UNICODE_STRING&, bool);
/* FIXME: Move to own include file eventually */
#define MAX_ETC_FILES 2
class etc
{
friend class dtable;
static int curr_ix;
static bool change_possible[MAX_ETC_FILES + 1];
static OBJECT_ATTRIBUTES fn[MAX_ETC_FILES + 1];
static LARGE_INTEGER last_modified[MAX_ETC_FILES + 1];
static bool dir_changed (int);
static int init (int, POBJECT_ATTRIBUTES);
static bool file_changed (int);
static bool test_file_change (int);
friend class pwdgrp;
};
int __reg3 symlink_worker (const char *, const char *, bool);

View File

@ -41,7 +41,7 @@ pinfo_basic::pinfo_basic ()
GetModuleFileNameW (NULL, progname, sizeof (progname));
/* Default uid/gid are needed very early to initialize shared user info. */
uid = ILLEGAL_UID;
gid = UNKNOWN_GID;
gid = ILLEGAL_GID;
}
pinfo_basic myself_initial NO_COPY;
@ -100,7 +100,7 @@ pinfo_init (char **envp, int envc)
myself->pgid = myself->sid = myself->pid;
myself->ctty = -1;
myself->uid = ILLEGAL_UID;
myself->gid = UNKNOWN_GID;
myself->gid = ILLEGAL_GID;
environ_init (NULL, 0); /* call after myself has been set up */
myself->nice = winprio_to_nice (GetPriorityClass (GetCurrentProcess ()));
myself->ppid = 1; /* always set last */

View File

@ -1,6 +1,6 @@
/* pwdgrp.h
Copyright 2001, 2002, 2003 Red Hat inc.
Copyright 2001, 2002, 2003, 2014 Red Hat inc.
Stuff common to pwd and grp handling.
@ -10,42 +10,65 @@ This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#pragma once
/* These functions are needed to allow searching and walking through
the passwd and group lists */
extern struct passwd *internal_getpwsid (cygpsid &);
extern struct passwd *internal_getpwnam (const char *, bool = FALSE);
extern struct passwd *internal_getpwuid (uid_t, bool = FALSE);
extern struct passwd *internal_getpwnam (const char *);
extern struct passwd *internal_getpwuid (uid_t);
extern struct group *internal_getgrsid (cygpsid &);
extern struct group *internal_getgrgid (gid_t gid, bool = FALSE);
extern struct group *internal_getgrnam (const char *, bool = FALSE);
extern struct group *internal_getgrent (int);
extern struct group *internal_getgrgid (gid_t);
extern struct group *internal_getgrnam (const char *);
int internal_getgroups (int, gid_t *, cygpsid * = NULL);
#include "sync.h"
#include "cygtls.h"
enum fetch_user_arg_type_t {
SID_arg,
NAME_arg,
ID_arg
};
struct fetch_user_arg_t
{
fetch_user_arg_type_t type;
union {
cygpsid *sid;
const char *name;
uint32_t id;
};
/* Only used in fetch_account_from_file/line. */
size_t len;
};
struct pg_pwd
{
struct passwd p;
cygsid sid;
};
struct pg_grp
{
struct group g;
cygsid sid;
};
class pwdgrp
{
unsigned pwdgrp_buf_elem_size;
union
{
passwd **passwd_buf;
group **group_buf;
void **pwdgrp_buf;
};
void (pwdgrp::*read) ();
void *pwdgrp_buf;
bool (pwdgrp::*parse) ();
int etc_ix;
UNICODE_STRING upath;
PWCHAR path;
char *buf, *lptr;
int max_lines;
bool initialized;
UNICODE_STRING path;
OBJECT_ATTRIBUTES attr;
LARGE_INTEGER last_modified;
char *lptr;
ULONG curr_lines;
ULONG max_lines;
static muto pglock;
bool parse_passwd ();
bool parse_group ();
void read_passwd ();
void read_group ();
char *add_line (char *);
char *raw_ptr () const {return lptr;}
char *next_str (char);
@ -64,21 +87,96 @@ class pwdgrp
i = (int) x;
return res;
}
void *add_account_post_fetch (char *line);
void *add_account_from_file (cygpsid &sid);
void *add_account_from_file (const char *name);
void *add_account_from_file (uint32_t id);
void *add_account_from_windows (cygpsid &sid, bool group);
void *add_account_from_windows (const char *name, bool group);
void *add_account_from_windows (uint32_t id, bool group);
char *fetch_account_from_line (fetch_user_arg_t &arg, const char *line);
char *fetch_account_from_file (fetch_user_arg_t &arg);
char *fetch_account_from_windows (fetch_user_arg_t &arg, bool group);
pwdgrp *prep_tls_pwbuf ();
pwdgrp *prep_tls_grbuf ();
public:
int curr_lines;
ULONG cached_users () const { return curr_lines; }
ULONG cached_groups () const { return curr_lines; }
bool check_file (bool group);
void load (const wchar_t *);
inline void refresh (bool check)
{
if (!check && initialized)
return;
if (pglock.acquire () == 1 &&
(!initialized || (check && etc::file_changed (etc_ix))))
(this->*read) ();
pglock.release ();
}
void init_pwd ();
pg_pwd *passwd () const { return (pg_pwd *) pwdgrp_buf; };
inline struct passwd *add_user_from_file (cygpsid &sid)
{ return (struct passwd *) add_account_from_file (sid); }
struct passwd *add_user_from_file (const char *name)
{ return (struct passwd *) add_account_from_file (name); }
struct passwd *add_user_from_file (uint32_t id)
{ return (struct passwd *) add_account_from_file (id); }
struct passwd *add_user_from_windows (cygpsid &sid)
{ return (struct passwd *) add_account_from_windows (sid, false); }
struct passwd *add_user_from_windows (const char *name)
{ return (struct passwd *) add_account_from_windows (name, false); }
struct passwd *add_user_from_windows (uint32_t id)
{ return (struct passwd *) add_account_from_windows (id, false); }
struct passwd *find_user (cygpsid &sid);
struct passwd *find_user (const char *name);
struct passwd *find_user (uid_t uid);
pwdgrp (passwd *&pbuf);
pwdgrp (group *&gbuf);
void init_grp ();
pg_grp *group () const { return (pg_grp *) pwdgrp_buf; };
struct group *add_group_from_file (cygpsid &sid)
{ return (struct group *) add_account_from_file (sid); }
struct group *add_group_from_file (const char *name)
{ return (struct group *) add_account_from_file (name); }
struct group *add_group_from_file (uint32_t id)
{ return (struct group *) add_account_from_file (id); }
struct group *add_group_from_windows (cygpsid &sid)
{ return (struct group *) add_account_from_windows (sid, true); }
struct group *add_group_from_windows (const char *name)
{ return (struct group *) add_account_from_windows (name, true); }
struct group *add_group_from_windows (uint32_t id)
{ return (struct group *) add_account_from_windows (id, true); }
struct group *find_group (cygpsid &sid);
struct group *find_group (const char *name);
struct group *find_group (gid_t gid);
};
class ugid_cache_t
{
struct idmap {
uint32_t nfs_id;
uint32_t cyg_id;
};
class idmaps {
uint32_t _cnt;
uint32_t _max;
idmap *_map;
public:
idmaps () : _cnt (0), _max (0), _map (NULL) {}
uint32_t get (uint32_t id) const
{
for (uint32_t i = 0; i < _cnt; ++i)
if (_map[i].nfs_id == id)
return _map[i].cyg_id;
return (uint32_t) -1;
}
void add (uint32_t nfs_id, uint32_t cyg_id)
{
if (_cnt >= _max)
_map = (idmap *) realloc (_map, (_max += 10) * sizeof (*_map));
_map[_cnt].nfs_id = nfs_id;
_map[_cnt].cyg_id = cyg_id;
++_cnt;
}
};
idmaps uids;
idmaps gids;
public:
uid_t get_uid (uid_t uid) const { return uids.get (uid); }
gid_t get_gid (gid_t gid) const { return gids.get (gid); }
void add_uid (uid_t nfs_uid, uid_t cyg_uid) { uids.add (nfs_uid, cyg_uid); }
void add_gid (gid_t nfs_gid, gid_t cyg_gid) { gids.add (nfs_gid, cyg_gid); }
};
extern ugid_cache_t ugid_cache;

View File

@ -1,7 +1,7 @@
/* sec_acl.cc: Sun compatible ACL functions.
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2011, 2012 Red Hat, Inc.
2011, 2012, 2014 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
@ -22,7 +22,6 @@ details. */
#include "dtable.h"
#include "cygheap.h"
#include "ntdll.h"
#include "pwdgrp.h"
#include "tls_pbuf.h"
static int

View File

@ -14,7 +14,6 @@ details. */
#include <wchar.h>
#include <wininet.h>
#include <ntsecapi.h>
#include <dsgetdc.h>
#include "cygerrno.h"
#include "security.h"
#include "path.h"
@ -25,7 +24,6 @@ details. */
#include "tls_pbuf.h"
#include <lm.h>
#include <iptypes.h>
#include "pwdgrp.h"
#include "cyglsa.h"
#include "cygserver_setpwd.h"
#include <cygwin/version.h>
@ -220,28 +218,25 @@ lsa_close_policy (HANDLE lsa)
}
bool
get_logon_server (PWCHAR domain, WCHAR *server, bool rediscovery)
get_logon_server (PWCHAR domain, WCHAR *server, ULONG flags)
{
DWORD ret;
PDOMAIN_CONTROLLER_INFOW pci;
DWORD size = MAX_COMPUTERNAME_LENGTH + 1;
/* Empty domain is interpreted as local system */
if ((GetComputerNameW (server + 2, &size)) &&
(!wcscasecmp (domain, server + 2) || !domain[0]))
if (!domain[0] || !wcscasecmp (domain, cygheap->dom.account_flat_name ()))
{
server[0] = server[1] = L'\\';
wcpcpy (wcpcpy (server, L"\\\\"), cygheap->dom.account_flat_name ());
return true;
}
/* Try to get any available domain controller for this domain */
ret = DsGetDcNameW (NULL, domain, NULL, NULL,
rediscovery ? DS_FORCE_REDISCOVERY : 0, &pci);
ret = DsGetDcNameW (NULL, domain, NULL, NULL, flags, &pci);
if (ret == ERROR_SUCCESS)
{
wcscpy (server, pci->DomainControllerName);
NetApiBufferFree (pci);
debug_printf ("DC: rediscovery: %d, server: %W", rediscovery, server);
debug_printf ("DC: server: %W", server);
return true;
}
__seterrno_from_win_error (ret);
@ -396,28 +391,6 @@ sid_in_token_groups (PTOKEN_GROUPS grps, cygpsid sid)
return false;
}
static void
get_unix_group_sidlist (struct passwd *pw, cygsidlist &grp_list)
{
struct group *gr;
cygsid gsid;
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
{
if (gr->gr_gid == pw->pw_gid)
goto found;
else if (gr->gr_mem)
for (int gi = 0; gr->gr_mem[gi]; ++gi)
if (strcasematch (pw->pw_name, gr->gr_mem[gi]))
goto found;
continue;
found:
if (gsid.getfromgr (gr))
grp_list += gsid;
}
}
static void
get_token_group_sidlist (cygsidlist &grp_list, PTOKEN_GROUPS my_grps,
LUID auth_luid, int &auth_pos)
@ -479,7 +452,6 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
if (well_known_system_sid == usersid)
{
grp_list *= well_known_admins_sid;
get_unix_group_sidlist (pw, grp_list);
return true;
}
@ -491,12 +463,9 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
__seterrno ();
return false;
}
if (get_logon_server (domain, server, false)
&& !get_user_groups (server, grp_list, user, domain)
&& get_logon_server (domain, server, true))
if (get_logon_server (domain, server, DS_IS_FLAT_NAME))
get_user_groups (server, grp_list, user, domain);
get_user_local_groups (server, domain, grp_list, user);
get_unix_group_sidlist (pw, grp_list);
return true;
}
@ -757,35 +726,26 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
if (groups.issetgroups ()) /* setgroups was called */
{
cygsid gsid;
struct group *gr;
cygpsid gsid;
bool saw[groups.sgsids.count ()];
memset (saw, 0, sizeof(saw));
/* token groups found in /etc/group match the user.gsids ? */
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (gsid.getfromgr (gr) && sid_in_token_groups (my_grps, gsid))
{
int pos = groups.sgsids.position (gsid);
if (pos >= 0)
saw[pos] = true;
else if (groups.pgsid == gsid)
sawpg = true;
#if 0
/* With this `else', verify_token returns false if we find
groups in the token, which are not in the group list set
with setgroups(). That's rather dangerous. What we're
really interested in is that all groups in the setgroups()
list are in the token. A token created through ADVAPI
should be allowed to contain more groups than requested
through setgroups(), esecially since Vista and the
addition of integrity groups. So we disable this statement
for now. */
else if (gsid != well_known_world_sid
&& gsid != usersid)
goto done;
#endif
}
/* Check that all groups in the setgroups () list are in the token.
A token created through ADVAPI should be allowed to contain more
groups than requested through setgroups(), especially since Vista
and the addition of integrity groups. */
memset (saw, 0, sizeof(saw));
for (int gidx = 0; gidx < groups.sgsids.count (); gidx++)
{
gsid = groups.sgsids.sids[gidx];
if (sid_in_token_groups (my_grps, gsid))
{
int pos = groups.sgsids.position (gsid);
if (pos >= 0)
saw[pos] = true;
else if (groups.pgsid == gsid)
sawpg = true;
}
}
/* user.sgsids groups must be in the token, except for builtin groups.
These can be different on domain member machines compared to
domain controllers, so these builtin groups may be validly missing

View File

@ -1,7 +1,7 @@
/* sec_helper.cc: NT security helper functions
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2011, 2012, 2013 Red Hat, Inc.
2011, 2012, 2013, 2014 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
@ -22,8 +22,8 @@ details. */
#include "dtable.h"
#include "pinfo.h"
#include "cygheap.h"
#include "pwdgrp.h"
#include "ntdll.h"
#include "ldap.h"
/* General purpose security attribute objects for global use. */
static NO_COPY_RO SECURITY_DESCRIPTOR null_sdp =
@ -126,7 +126,7 @@ cygpsid::get_id (BOOL search_grp, int *type)
}
PWCHAR
cygpsid::string (PWCHAR nsidstr) const
cygpsid::pstring (PWCHAR nsidstr) const
{
UNICODE_STRING sid;
@ -134,11 +134,19 @@ cygpsid::string (PWCHAR nsidstr) const
return NULL;
RtlInitEmptyUnicodeString (&sid, nsidstr, 256);
RtlConvertSidToUnicodeString (&sid, psid, FALSE);
return nsidstr;
return nsidstr + sid.Length / sizeof (WCHAR);
}
PWCHAR
cygpsid::string (PWCHAR nsidstr) const
{
if (pstring (nsidstr))
return nsidstr;
return NULL;
}
char *
cygpsid::string (char *nsidstr) const
cygpsid::pstring (char *nsidstr) const
{
char *t;
DWORD i;
@ -147,10 +155,18 @@ cygpsid::string (char *nsidstr) const
return NULL;
strcpy (nsidstr, "S-1-");
t = nsidstr + sizeof ("S-1-") - 1;
t += __small_sprintf (t, "%u", RtlIdentifierAuthoritySid (psid)->Value[5]);
t += __small_sprintf (t, "%u", sid_id_auth (psid));
for (i = 0; i < *RtlSubAuthorityCountSid (psid); ++i)
t += __small_sprintf (t, "-%lu", *RtlSubAuthoritySid (psid, i));
return nsidstr;
t += __small_sprintf (t, "-%lu", sid_sub_auth (psid, i));
return t;
}
char *
cygpsid::string (char *nsidstr) const
{
if (pstring (nsidstr))
return nsidstr;
return NULL;
}
PSID
@ -184,6 +200,24 @@ cygsid::get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known)
return psid;
}
const PSID
cygsid::getfromstr (PCWSTR nsidstr, bool well_known)
{
PWCHAR lasts;
DWORD s, cnt = 0;
DWORD r[8];
if (nsidstr && !wcsncmp (nsidstr, L"S-1-", 4))
{
s = wcstoul (nsidstr + 4, &lasts, 10);
while (cnt < 8 && *lasts == '-')
r[cnt++] = wcstoul (lasts + 1, &lasts, 10);
if (!*lasts)
return get_sid (s, cnt, r, well_known);
}
return psid = NO_SID;
}
const PSID
cygsid::getfromstr (const char *nsidstr, bool well_known)
{
@ -264,12 +298,34 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
struct passwd *pw;
struct group *gr = NULL;
bool ret = false;
PWCHAR domain;
cyg_ldap cldap;
bool ldap_open = false;
owner_sid.debug_print ("get_sids_info: owner SID =");
group_sid.debug_print ("get_sids_info: group SID =");
if (group_sid == cygheap->user.groups.pgsid)
*gidret = myself->gid;
else if (sid_id_auth (group_sid) == 22)
{
/* Samba UNIX group. Try to map to Cygwin gid. If there's no mapping in
the cache, try to fetch it from the configured RFC 2307 domain (see
last comment in cygheap_domain_info::init() for more information) and
add it to the mapping cache. */
gid_t gid = sid_sub_auth_rid (group_sid);
gid_t map_gid = ugid_cache.get_gid (gid);
if (map_gid == ILLEGAL_GID)
{
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open = cldap.open (domain)))
map_gid = cldap.remap_gid (gid);
if (map_gid == ILLEGAL_GID)
map_gid = MAP_UNIX_TO_CYGWIN_ID (gid);
ugid_cache.add_gid (gid, map_gid);
}
*gidret = map_gid;
}
else if ((gr = internal_getgrsid (group_sid)))
*gidret = gr->gr_gid;
else
@ -283,6 +339,22 @@ get_sids_info (cygpsid owner_sid, cygpsid group_sid, uid_t * uidret, gid_t * gid
else
ret = (internal_getgroups (0, NULL, &group_sid) > 0);
}
else if (sid_id_auth (owner_sid) == 22)
{
/* Samba UNIX user. See comment above. */
uid_t uid = sid_sub_auth_rid (owner_sid);
uid_t map_uid = ugid_cache.get_uid (uid);
if (map_uid == ILLEGAL_UID)
{
domain = cygheap->dom.get_rfc2307_domain ();
if ((ldap_open || cldap.open (domain)))
map_uid = cldap.remap_uid (uid);
if (map_uid == ILLEGAL_UID)
map_uid = MAP_UNIX_TO_CYGWIN_ID (uid);
ugid_cache.add_uid (uid, map_uid);
}
*uidret = map_uid;
}
else if ((pw = internal_getpwsid (owner_sid)))
{
*uidret = pw->pw_uid;

View File

@ -1,7 +1,7 @@
/* security.cc: NT file access control functions
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc.
2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
Originaly written by Gunther Ebert, gunther.ebert@ixos-leipzig.de
Completely rewritten by Corinna Vinschen <corinna@vinschen.de>
@ -23,7 +23,6 @@ details. */
#include "pinfo.h"
#include "cygheap.h"
#include "ntdll.h"
#include "pwdgrp.h"
#include "tls_pbuf.h"
#include <aclapi.h>

View File

@ -12,14 +12,38 @@ details. */
#pragma once
#include <accctrl.h>
#include <dsgetdc.h>
/* Special file attribute set, for instance, in open() and mkdir() to
flag that a file has just been created. Used in alloc_sd, see there. */
#define S_JUSTCREATED 0x80000000
#define DEFAULT_UID DOMAIN_USER_RID_ADMIN
#define UNKNOWN_UID 400 /* Non conflicting number */
#define UNKNOWN_GID 401
/* UID/GID */
void uinfo_init ();
#define ILLEGAL_UID ((uid_t)-1)
#define ILLEGAL_GID ((gid_t)-1)
/* For UNIX accounts not mapped to Windows accounts via winbind, Samba returns
SIDs of the form S-1-22-x-y, with x == 1 for users and x == 2 for groups,
and y == UNIX uid/gid. NFS returns no SIDs at all, but the plain UNIX
uid/gid values.
UNIX uid/gid values are mapped to Cygwin uid/gid values 0xff000000 +
unix uid/gid. This *might* collide with a posix_offset of some trusted
domain, but it's *very* unlikely. Define the mapping as macro. */
#define UNIX_POSIX_OFFSET (0xff000000)
#define UNIX_POSIX_MASK (0x00ffffff)
#define MAP_UNIX_TO_CYGWIN_ID(id) (UNIX_POSIX_OFFSET \
| ((id) & UNIX_POSIX_MASK))
#ifndef __x86_64__
#define ILLEGAL_UID16 ((__uid16_t)-1)
#define ILLEGAL_GID16 ((__gid16_t)-1)
#define uid16touid32(u16) ((u16)==ILLEGAL_UID16?ILLEGAL_UID:(uid_t)(u16))
#define gid16togid32(g16) ((g16)==ILLEGAL_GID16?ILLEGAL_GID:(gid_t)(g16))
#endif
#define MAX_SID_LEN 40
#define MAX_DACL_LEN(n) (sizeof (ACL) \
@ -92,6 +116,16 @@ cygpsid NO_COPY name = (PSID) &name##_struct;
#define FILE_WRITE_BITS (FILE_WRITE_DATA | GENERIC_WRITE | GENERIC_ALL)
#define FILE_EXEC_BITS (FILE_EXECUTE | GENERIC_EXECUTE | GENERIC_ALL)
/* Convenience macros. The Windows SID access functions are crude. */
#define sid_id_auth(s) \
(RtlIdentifierAuthoritySid (s)->Value[5])
#define sid_sub_auth_count(s) \
(*RtlSubAuthorityCountSid ((s)))
#define sid_sub_auth(s,i) \
(*RtlSubAuthoritySid ((s),(i)))
#define sid_sub_auth_rid(s) \
(*RtlSubAuthoritySid ((s), (*RtlSubAuthorityCountSid ((s)) - 1)))
#ifdef __cplusplus
extern "C"
{
@ -116,7 +150,9 @@ public:
int get_uid () { return get_id (FALSE); }
int get_gid () { return get_id (TRUE); }
PWCHAR pstring (PWCHAR nsidstr) const;
PWCHAR string (PWCHAR nsidstr) const;
char *pstring (char *nsidstr) const;
char *string (char *nsidstr) const;
bool operator== (const PSID nsid) const
@ -142,6 +178,7 @@ class cygsid : public cygpsid {
char sbuf[MAX_SID_LEN];
bool well_known_sid;
const PSID getfromstr (PCWSTR nsidstr, bool well_known);
const PSID getfromstr (const char *nsidstr, bool well_known);
PSID get_sid (DWORD s, DWORD cnt, DWORD *r, bool well_known);
@ -169,12 +206,16 @@ public:
{ return assign (nsid, nsid.well_known_sid); }
inline const PSID operator= (const PSID nsid)
{ return assign (nsid, false); }
inline const PSID operator= (PCWSTR nsidstr)
{ return getfromstr (nsidstr, false); }
inline const PSID operator= (const char *nsidstr)
{ return getfromstr (nsidstr, false); }
inline const PSID operator*= (cygsid &nsid)
{ return assign (nsid, true); }
inline const PSID operator*= (const PSID nsid)
{ return assign (nsid, true); }
inline const PSID operator*= (PCWSTR nsidstr)
{ return getfromstr (nsidstr, true); }
inline const PSID operator*= (const char *nsidstr)
{ return getfromstr (nsidstr, true); }
@ -414,7 +455,7 @@ bool get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw);
/* Extract U-domain\user field from passwd entry. */
void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user);
/* Get default logonserver for a domain. */
bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery);
bool get_logon_server (PWCHAR domain, PWCHAR wserver, ULONG flags);
HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access);
void lsa_close_policy (HANDLE lsa);

View File

@ -17,7 +17,6 @@ details. */
#include "cygheap.h"
#include "security.h"
#include "cygserver_setpwd.h"
#include "pwdgrp.h"
#include "ntdll.h"
#include <ntsecapi.h>
#include <stdlib.h>
@ -51,7 +50,7 @@ setlsapwd (const char *passwd, const char *username)
if (username)
{
cygsid psid;
struct passwd *pw = internal_getpwnam (username, false);
struct passwd *pw = internal_getpwnam (username);
if (!pw || !psid.getfrompw (pw))
{

View File

@ -22,7 +22,6 @@ details. */
#include "shared_info_magic.h"
#include "registry.h"
#include "cygwin_version.h"
#include "pwdgrp.h"
#include "spinlock.h"
#include <alloca.h>
#include <wchar.h>
@ -352,6 +351,7 @@ memory_init (bool init_cygheap)
cygheap_init ();
cygheap->user.init ();
cygheap->init_installation_root (); /* Requires user.init! */
cygheap->pg.init ();
}
shared_info::create (); /* Initialize global shared memory */

View File

@ -58,7 +58,6 @@ details. */
#include "pinfo.h"
#include "shared_info.h"
#include "cygheap.h"
#include "pwdgrp.h"
#include "cpuid.h"
#include "registry.h"
#include "environ.h"

View File

@ -3,115 +3,115 @@
//; $tls::start_offset = -12700;
//; $tls::locals = -12700;
//; $tls::plocals = 0;
//; $tls::local_clib = -11260;
//; $tls::plocal_clib = 1440;
//; $tls::__dontuse = -11260;
//; $tls::p__dontuse = 1440;
//; $tls::func = -10172;
//; $tls::pfunc = 2528;
//; $tls::saved_errno = -10168;
//; $tls::psaved_errno = 2532;
//; $tls::sa_flags = -10164;
//; $tls::psa_flags = 2536;
//; $tls::oldmask = -10160;
//; $tls::poldmask = 2540;
//; $tls::deltamask = -10156;
//; $tls::pdeltamask = 2544;
//; $tls::errno_addr = -10152;
//; $tls::perrno_addr = 2548;
//; $tls::sigmask = -10148;
//; $tls::psigmask = 2552;
//; $tls::sigwait_mask = -10144;
//; $tls::psigwait_mask = 2556;
//; $tls::sigwait_info = -10140;
//; $tls::psigwait_info = 2560;
//; $tls::signal_arrived = -10136;
//; $tls::psignal_arrived = 2564;
//; $tls::will_wait_for_signal = -10132;
//; $tls::pwill_wait_for_signal = 2568;
//; $tls::thread_context = -10128;
//; $tls::pthread_context = 2572;
//; $tls::thread_id = -9916;
//; $tls::pthread_id = 2784;
//; $tls::infodata = -9912;
//; $tls::pinfodata = 2788;
//; $tls::tid = -9764;
//; $tls::ptid = 2936;
//; $tls::_ctinfo = -9760;
//; $tls::p_ctinfo = 2940;
//; $tls::andreas = -9756;
//; $tls::pandreas = 2944;
//; $tls::wq = -9752;
//; $tls::pwq = 2948;
//; $tls::sig = -9724;
//; $tls::psig = 2976;
//; $tls::incyg = -9720;
//; $tls::pincyg = 2980;
//; $tls::spinning = -9716;
//; $tls::pspinning = 2984;
//; $tls::stacklock = -9712;
//; $tls::pstacklock = 2988;
//; $tls::stackptr = -9708;
//; $tls::pstackptr = 2992;
//; $tls::stack = -9704;
//; $tls::pstack = 2996;
//; $tls::initialized = -8680;
//; $tls::pinitialized = 4020;
//; $tls::local_clib = -11284;
//; $tls::plocal_clib = 1416;
//; $tls::__dontuse = -11284;
//; $tls::p__dontuse = 1416;
//; $tls::func = -10196;
//; $tls::pfunc = 2504;
//; $tls::saved_errno = -10192;
//; $tls::psaved_errno = 2508;
//; $tls::sa_flags = -10188;
//; $tls::psa_flags = 2512;
//; $tls::oldmask = -10184;
//; $tls::poldmask = 2516;
//; $tls::deltamask = -10180;
//; $tls::pdeltamask = 2520;
//; $tls::errno_addr = -10176;
//; $tls::perrno_addr = 2524;
//; $tls::sigmask = -10172;
//; $tls::psigmask = 2528;
//; $tls::sigwait_mask = -10168;
//; $tls::psigwait_mask = 2532;
//; $tls::sigwait_info = -10164;
//; $tls::psigwait_info = 2536;
//; $tls::signal_arrived = -10160;
//; $tls::psignal_arrived = 2540;
//; $tls::will_wait_for_signal = -10156;
//; $tls::pwill_wait_for_signal = 2544;
//; $tls::thread_context = -10152;
//; $tls::pthread_context = 2548;
//; $tls::thread_id = -9940;
//; $tls::pthread_id = 2760;
//; $tls::infodata = -9936;
//; $tls::pinfodata = 2764;
//; $tls::tid = -9788;
//; $tls::ptid = 2912;
//; $tls::_ctinfo = -9784;
//; $tls::p_ctinfo = 2916;
//; $tls::andreas = -9780;
//; $tls::pandreas = 2920;
//; $tls::wq = -9776;
//; $tls::pwq = 2924;
//; $tls::sig = -9748;
//; $tls::psig = 2952;
//; $tls::incyg = -9744;
//; $tls::pincyg = 2956;
//; $tls::spinning = -9740;
//; $tls::pspinning = 2960;
//; $tls::stacklock = -9736;
//; $tls::pstacklock = 2964;
//; $tls::stackptr = -9732;
//; $tls::pstackptr = 2968;
//; $tls::stack = -9728;
//; $tls::pstack = 2972;
//; $tls::initialized = -8704;
//; $tls::pinitialized = 3996;
//; __DATA__
#define tls_locals (-12700)
#define tls_plocals (0)
#define tls_local_clib (-11260)
#define tls_plocal_clib (1440)
#define tls___dontuse (-11260)
#define tls_p__dontuse (1440)
#define tls_func (-10172)
#define tls_pfunc (2528)
#define tls_saved_errno (-10168)
#define tls_psaved_errno (2532)
#define tls_sa_flags (-10164)
#define tls_psa_flags (2536)
#define tls_oldmask (-10160)
#define tls_poldmask (2540)
#define tls_deltamask (-10156)
#define tls_pdeltamask (2544)
#define tls_errno_addr (-10152)
#define tls_perrno_addr (2548)
#define tls_sigmask (-10148)
#define tls_psigmask (2552)
#define tls_sigwait_mask (-10144)
#define tls_psigwait_mask (2556)
#define tls_sigwait_info (-10140)
#define tls_psigwait_info (2560)
#define tls_signal_arrived (-10136)
#define tls_psignal_arrived (2564)
#define tls_will_wait_for_signal (-10132)
#define tls_pwill_wait_for_signal (2568)
#define tls_thread_context (-10128)
#define tls_pthread_context (2572)
#define tls_thread_id (-9916)
#define tls_pthread_id (2784)
#define tls_infodata (-9912)
#define tls_pinfodata (2788)
#define tls_tid (-9764)
#define tls_ptid (2936)
#define tls__ctinfo (-9760)
#define tls_p_ctinfo (2940)
#define tls_andreas (-9756)
#define tls_pandreas (2944)
#define tls_wq (-9752)
#define tls_pwq (2948)
#define tls_sig (-9724)
#define tls_psig (2976)
#define tls_incyg (-9720)
#define tls_pincyg (2980)
#define tls_spinning (-9716)
#define tls_pspinning (2984)
#define tls_stacklock (-9712)
#define tls_pstacklock (2988)
#define tls_stackptr (-9708)
#define tls_pstackptr (2992)
#define tls_stack (-9704)
#define tls_pstack (2996)
#define tls_initialized (-8680)
#define tls_pinitialized (4020)
#define tls_local_clib (-11284)
#define tls_plocal_clib (1416)
#define tls___dontuse (-11284)
#define tls_p__dontuse (1416)
#define tls_func (-10196)
#define tls_pfunc (2504)
#define tls_saved_errno (-10192)
#define tls_psaved_errno (2508)
#define tls_sa_flags (-10188)
#define tls_psa_flags (2512)
#define tls_oldmask (-10184)
#define tls_poldmask (2516)
#define tls_deltamask (-10180)
#define tls_pdeltamask (2520)
#define tls_errno_addr (-10176)
#define tls_perrno_addr (2524)
#define tls_sigmask (-10172)
#define tls_psigmask (2528)
#define tls_sigwait_mask (-10168)
#define tls_psigwait_mask (2532)
#define tls_sigwait_info (-10164)
#define tls_psigwait_info (2536)
#define tls_signal_arrived (-10160)
#define tls_psignal_arrived (2540)
#define tls_will_wait_for_signal (-10156)
#define tls_pwill_wait_for_signal (2544)
#define tls_thread_context (-10152)
#define tls_pthread_context (2548)
#define tls_thread_id (-9940)
#define tls_pthread_id (2760)
#define tls_infodata (-9936)
#define tls_pinfodata (2764)
#define tls_tid (-9788)
#define tls_ptid (2912)
#define tls__ctinfo (-9784)
#define tls_p_ctinfo (2916)
#define tls_andreas (-9780)
#define tls_pandreas (2920)
#define tls_wq (-9776)
#define tls_pwq (2924)
#define tls_sig (-9748)
#define tls_psig (2952)
#define tls_incyg (-9744)
#define tls_pincyg (2956)
#define tls_spinning (-9740)
#define tls_pspinning (2960)
#define tls_stacklock (-9736)
#define tls_pstacklock (2964)
#define tls_stackptr (-9732)
#define tls_pstackptr (2968)
#define tls_stack (-9728)
#define tls_pstack (2972)
#define tls_initialized (-8704)
#define tls_pinitialized (3996)

View File

@ -3,115 +3,115 @@
//; $tls::start_offset = -12800;
//; $tls::locals = -12800;
//; $tls::plocals = 0;
//; $tls::local_clib = -11200;
//; $tls::plocal_clib = 1600;
//; $tls::__dontuse = -11200;
//; $tls::p__dontuse = 1600;
//; $tls::func = -9312;
//; $tls::pfunc = 3488;
//; $tls::saved_errno = -9304;
//; $tls::psaved_errno = 3496;
//; $tls::sa_flags = -9300;
//; $tls::psa_flags = 3500;
//; $tls::oldmask = -9296;
//; $tls::poldmask = 3504;
//; $tls::deltamask = -9288;
//; $tls::pdeltamask = 3512;
//; $tls::errno_addr = -9280;
//; $tls::perrno_addr = 3520;
//; $tls::sigmask = -9272;
//; $tls::psigmask = 3528;
//; $tls::sigwait_mask = -9264;
//; $tls::psigwait_mask = 3536;
//; $tls::sigwait_info = -9256;
//; $tls::psigwait_info = 3544;
//; $tls::signal_arrived = -9248;
//; $tls::psignal_arrived = 3552;
//; $tls::will_wait_for_signal = -9240;
//; $tls::pwill_wait_for_signal = 3560;
//; $tls::thread_context = -9232;
//; $tls::pthread_context = 3568;
//; $tls::thread_id = -8400;
//; $tls::pthread_id = 4400;
//; $tls::infodata = -8396;
//; $tls::pinfodata = 4404;
//; $tls::tid = -8248;
//; $tls::ptid = 4552;
//; $tls::_ctinfo = -8240;
//; $tls::p_ctinfo = 4560;
//; $tls::andreas = -8232;
//; $tls::pandreas = 4568;
//; $tls::wq = -8224;
//; $tls::pwq = 4576;
//; $tls::sig = -8176;
//; $tls::psig = 4624;
//; $tls::incyg = -8172;
//; $tls::pincyg = 4628;
//; $tls::spinning = -8168;
//; $tls::pspinning = 4632;
//; $tls::stacklock = -8164;
//; $tls::pstacklock = 4636;
//; $tls::stackptr = -8160;
//; $tls::pstackptr = 4640;
//; $tls::stack = -8152;
//; $tls::pstack = 4648;
//; $tls::initialized = -6104;
//; $tls::pinitialized = 6696;
//; $tls::local_clib = -11240;
//; $tls::plocal_clib = 1560;
//; $tls::__dontuse = -11240;
//; $tls::p__dontuse = 1560;
//; $tls::func = -9352;
//; $tls::pfunc = 3448;
//; $tls::saved_errno = -9344;
//; $tls::psaved_errno = 3456;
//; $tls::sa_flags = -9340;
//; $tls::psa_flags = 3460;
//; $tls::oldmask = -9336;
//; $tls::poldmask = 3464;
//; $tls::deltamask = -9328;
//; $tls::pdeltamask = 3472;
//; $tls::errno_addr = -9320;
//; $tls::perrno_addr = 3480;
//; $tls::sigmask = -9312;
//; $tls::psigmask = 3488;
//; $tls::sigwait_mask = -9304;
//; $tls::psigwait_mask = 3496;
//; $tls::sigwait_info = -9296;
//; $tls::psigwait_info = 3504;
//; $tls::signal_arrived = -9288;
//; $tls::psignal_arrived = 3512;
//; $tls::will_wait_for_signal = -9280;
//; $tls::pwill_wait_for_signal = 3520;
//; $tls::thread_context = -9272;
//; $tls::pthread_context = 3528;
//; $tls::thread_id = -8440;
//; $tls::pthread_id = 4360;
//; $tls::infodata = -8436;
//; $tls::pinfodata = 4364;
//; $tls::tid = -8288;
//; $tls::ptid = 4512;
//; $tls::_ctinfo = -8280;
//; $tls::p_ctinfo = 4520;
//; $tls::andreas = -8272;
//; $tls::pandreas = 4528;
//; $tls::wq = -8264;
//; $tls::pwq = 4536;
//; $tls::sig = -8216;
//; $tls::psig = 4584;
//; $tls::incyg = -8212;
//; $tls::pincyg = 4588;
//; $tls::spinning = -8208;
//; $tls::pspinning = 4592;
//; $tls::stacklock = -8204;
//; $tls::pstacklock = 4596;
//; $tls::stackptr = -8200;
//; $tls::pstackptr = 4600;
//; $tls::stack = -8192;
//; $tls::pstack = 4608;
//; $tls::initialized = -6144;
//; $tls::pinitialized = 6656;
//; __DATA__
#define tls_locals (-12800)
#define tls_plocals (0)
#define tls_local_clib (-11200)
#define tls_plocal_clib (1600)
#define tls___dontuse (-11200)
#define tls_p__dontuse (1600)
#define tls_func (-9312)
#define tls_pfunc (3488)
#define tls_saved_errno (-9304)
#define tls_psaved_errno (3496)
#define tls_sa_flags (-9300)
#define tls_psa_flags (3500)
#define tls_oldmask (-9296)
#define tls_poldmask (3504)
#define tls_deltamask (-9288)
#define tls_pdeltamask (3512)
#define tls_errno_addr (-9280)
#define tls_perrno_addr (3520)
#define tls_sigmask (-9272)
#define tls_psigmask (3528)
#define tls_sigwait_mask (-9264)
#define tls_psigwait_mask (3536)
#define tls_sigwait_info (-9256)
#define tls_psigwait_info (3544)
#define tls_signal_arrived (-9248)
#define tls_psignal_arrived (3552)
#define tls_will_wait_for_signal (-9240)
#define tls_pwill_wait_for_signal (3560)
#define tls_thread_context (-9232)
#define tls_pthread_context (3568)
#define tls_thread_id (-8400)
#define tls_pthread_id (4400)
#define tls_infodata (-8396)
#define tls_pinfodata (4404)
#define tls_tid (-8248)
#define tls_ptid (4552)
#define tls__ctinfo (-8240)
#define tls_p_ctinfo (4560)
#define tls_andreas (-8232)
#define tls_pandreas (4568)
#define tls_wq (-8224)
#define tls_pwq (4576)
#define tls_sig (-8176)
#define tls_psig (4624)
#define tls_incyg (-8172)
#define tls_pincyg (4628)
#define tls_spinning (-8168)
#define tls_pspinning (4632)
#define tls_stacklock (-8164)
#define tls_pstacklock (4636)
#define tls_stackptr (-8160)
#define tls_pstackptr (4640)
#define tls_stack (-8152)
#define tls_pstack (4648)
#define tls_initialized (-6104)
#define tls_pinitialized (6696)
#define tls_local_clib (-11240)
#define tls_plocal_clib (1560)
#define tls___dontuse (-11240)
#define tls_p__dontuse (1560)
#define tls_func (-9352)
#define tls_pfunc (3448)
#define tls_saved_errno (-9344)
#define tls_psaved_errno (3456)
#define tls_sa_flags (-9340)
#define tls_psa_flags (3460)
#define tls_oldmask (-9336)
#define tls_poldmask (3464)
#define tls_deltamask (-9328)
#define tls_pdeltamask (3472)
#define tls_errno_addr (-9320)
#define tls_perrno_addr (3480)
#define tls_sigmask (-9312)
#define tls_psigmask (3488)
#define tls_sigwait_mask (-9304)
#define tls_psigwait_mask (3496)
#define tls_sigwait_info (-9296)
#define tls_psigwait_info (3504)
#define tls_signal_arrived (-9288)
#define tls_psignal_arrived (3512)
#define tls_will_wait_for_signal (-9280)
#define tls_pwill_wait_for_signal (3520)
#define tls_thread_context (-9272)
#define tls_pthread_context (3528)
#define tls_thread_id (-8440)
#define tls_pthread_id (4360)
#define tls_infodata (-8436)
#define tls_pinfodata (4364)
#define tls_tid (-8288)
#define tls_ptid (4512)
#define tls__ctinfo (-8280)
#define tls_p_ctinfo (4520)
#define tls_andreas (-8272)
#define tls_pandreas (4528)
#define tls_wq (-8264)
#define tls_pwq (4536)
#define tls_sig (-8216)
#define tls_psig (4584)
#define tls_incyg (-8212)
#define tls_pincyg (4588)
#define tls_spinning (-8208)
#define tls_pspinning (4592)
#define tls_stacklock (-8204)
#define tls_pstacklock (4596)
#define tls_stackptr (-8200)
#define tls_pstackptr (4600)
#define tls_stack (-8192)
#define tls_pstack (4608)
#define tls_initialized (-6144)
#define tls_pinitialized (6656)

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
/* winsup.h: main Cygwin header file.
Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
2007, 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc.
2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
This file is part of Cygwin.
@ -172,20 +172,8 @@ void __reg1 do_exit (int) __attribute__ ((noreturn));
/* libstdc++ malloc operator wrapper support. */
extern struct per_process_cxx_malloc default_cygwin_cxx_malloc;
/* UID/GID */
void uinfo_init ();
#define ILLEGAL_UID ((uid_t)-1)
#define ILLEGAL_GID ((gid_t)-1)
#define ILLEGAL_SEEK ((off_t)-1)
#ifndef __x86_64__
#define ILLEGAL_UID16 ((__uid16_t)-1)
#define ILLEGAL_GID16 ((__gid16_t)-1)
#define uid16touid32(u16) ((u16)==ILLEGAL_UID16?ILLEGAL_UID:(uid_t)(u16))
#define gid16togid32(g16) ((g16)==ILLEGAL_GID16?ILLEGAL_GID:(gid_t)(g16))
#endif
/* Convert LARGE_INTEGER into long long */
#define get_ll(pl) (((long long) (pl).HighPart << 32) | (pl).LowPart)