* autoload.cc (NetLocalGroupEnum): Remove.

(NetLocalGroupGetMembers): Remove. (NetUserGetLocalGroups): Add. * sec_auth.cc (is_group_member): Remove function. (get_user_local_groups): Get user as string instead of as SID. Call NetUserGetLocalGroups instead of NetLocalGroupEnum. Drop call to is_group_member. (get_server_groups): Call get_user_local_groups with user name instead of user SID.
2009-02-20 16:10:45 +00:00 · 2009-02-20 16:10:45 +00:00 · 348267bdf6
parent 964abbd08e
commit 348267bdf6
3 changed files with 45 additions and 78 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,15 @@
+2009-02-20  Corinna Vinschen  <corinna@vinschen.de>
+
+	* autoload.cc (NetLocalGroupEnum): Remove.
+	(NetLocalGroupGetMembers): Remove.
+	(NetUserGetLocalGroups): Add.
+	* sec_auth.cc (is_group_member): Remove function.
+	(get_user_local_groups): Get user as string instead of as SID.
+	Call NetUserGetLocalGroups instead of NetLocalGroupEnum.  Drop call
+	to is_group_member.
+	(get_server_groups): Call get_user_local_groups with user name instead
+	of user SID.
+
 2009-02-19  Corinna Vinschen  <corinna@vinschen.de>

 	* winver.rc: Fix Copyright date.
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@ -306,8 +306,7 @@ LoadDLLfuncEx2 (DsGetDcNameW, 24, netapi32, 1, 127)
 LoadDLLfunc (NetApiBufferFree, 4, netapi32)
 LoadDLLfuncEx (NetGetAnyDCName, 12, netapi32, 1)
 LoadDLLfuncEx (NetGetDCName, 12, netapi32, 1)
-LoadDLLfunc (NetLocalGroupEnum, 28, netapi32)
-LoadDLLfunc (NetLocalGroupGetMembers, 32, netapi32)
+LoadDLLfunc (NetUserGetLocalGroups, 32, netapi32)
 LoadDLLfunc (NetUserGetGroups, 28, netapi32)
 LoadDLLfunc (NetUserGetInfo, 16, netapi32)

--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@ -1,7 +1,7 @@
 /* sec_auth.cc: NT authentication functions

   Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
-   2006, 2007, 2008 Red Hat, Inc.
+   2006, 2007, 2008, 2009 Red Hat, Inc.

 This file is part of Cygwin.

@ -265,60 +265,17 @@ get_user_groups (WCHAR *logonserver, cygsidlist &grp_list,
  return true;
 }

-static bool
-is_group_member (PWCHAR logonserver, PWCHAR group, PSID pusersid,
-		 cygsidlist &grp_list)
-{
-  LPLOCALGROUP_MEMBERS_INFO_1 buf;
-  DWORD cnt, tot;
-  NET_API_STATUS ret;
-
-  /* Members can be users or global groups */
-  ret = NetLocalGroupGetMembers (logonserver, group, 1, (LPBYTE *) &buf,
-				 MAX_PREFERRED_LENGTH, &cnt, &tot, NULL);
-  if (ret)
-    return false;
-
-  bool retval = true;
-  for (DWORD bidx = 0; bidx < cnt; ++bidx)
-    if (EqualSid (pusersid, buf[bidx].lgrmi1_sid))
-      goto done;
-    else
-      {
-	/* The extra test for the group being a global group or a well-known
-	   group is necessary, since apparently also aliases (for instance
-	   Administrators or Users) can be members of local groups, even
-	   though MSDN states otherwise.  The GUI refuses to put aliases into
-	   local groups, but the CLI interface allows it.  However, a normal
-	   logon token does not contain groups, in which the user is only
-	   indirectly a member by being a member of an alias in this group.
-	   So we also should not put them into the token group list.
-	   Note: Allowing those groups in our group list renders external
-	   tokens invalid, so that it becomes impossible to logon with
-	   password and valid logon token. */
-	for (int glidx = 0; glidx < grp_list.count (); ++glidx)
-	  if ((buf[bidx].lgrmi1_sidusage == SidTypeGroup
-	       || buf[bidx].lgrmi1_sidusage == SidTypeWellKnownGroup)
-	      && EqualSid (grp_list.sids[glidx], buf[bidx].lgrmi1_sid))
-	    goto done;
-      }
-
-  retval = false;
- done:
-  NetApiBufferFree (buf);
-  return retval;
-}
-
 static bool
 get_user_local_groups (PWCHAR logonserver, PWCHAR domain,
-		       cygsidlist &grp_list, PSID pusersid)
+		       cygsidlist &grp_list, PWCHAR user)
 {
  LPLOCALGROUP_INFO_0 buf;
  DWORD cnt, tot;
  NET_API_STATUS ret;

-  ret = NetLocalGroupEnum (logonserver, 0, (LPBYTE *) &buf,
-			   MAX_PREFERRED_LENGTH, &cnt, &tot, NULL);
+  ret = NetUserGetLocalGroups (logonserver, user, 0, LG_INCLUDE_INDIRECT,
+			       (LPBYTE *) &buf, MAX_PREFERRED_LENGTH,
+			       &cnt, &tot);
  if (ret)
    {
      __seterrno_from_win_error (ret);
@ -335,7 +292,6 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain,
  bg_ptr = wcpcpy (builtin_grp, L"BUILTIN\\");

  for (DWORD i = 0; i < cnt; ++i)
-    if (is_group_member (logonserver, buf[i].lgrpi0_name, pusersid, grp_list))
    {
      cygsid gsid;
      DWORD glen = MAX_SID_LEN;
@ -466,7 +422,7 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
      && !get_user_groups (server, grp_list, user, domain)
      && get_logon_server (domain, server, true))
    get_user_groups (server, grp_list, user, domain);
-  if (get_user_local_groups (server, domain, grp_list, usersid))
+  if (get_user_local_groups (server, domain, grp_list, user))
    {
      get_unix_group_sidlist (pw, grp_list);
      return true;