From d4f8c94a9b62706d88f8b6b80697023ab32ae497 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Mon, 30 Mar 2015 18:05:06 +0200 Subject: [PATCH] Try best to handle user from domain not in trusted domain list. * cygheap.h (cygheap_domain_info::add_domain): Add prototype. * uinfo.cc (cygheap_domain_info::add_domain): New method. (pwdgrp::fetch_account_from_windows): Try to add domain explicitely if it was not in the original list of trusted domains and go ahead rather than bailing out. Add comment to explain why. Signed-off-by: Corinna Vinschen --- winsup/cygwin/ChangeLog | 8 ++++++++ winsup/cygwin/cygheap.h | 1 + winsup/cygwin/uinfo.cc | 40 ++++++++++++++++++++++++++++++++++++---- 3 files changed, 45 insertions(+), 4 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index a0a8c8a6e..7e925995f 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,11 @@ +2015-03-30 Corinna Vinschen + + * cygheap.h (cygheap_domain_info::add_domain): Add prototype. + * uinfo.cc (cygheap_domain_info::add_domain): New method. + (pwdgrp::fetch_account_from_windows): Try to add domain explicitely + if it was not in the original list of trusted domains and go ahead + rather than bailing out. Add comment to explain why. + 2015-03-30 Corinna Vinschen * cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT. diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h index 6fb7a063b..fd848144f 100644 --- a/winsup/cygwin/cygheap.h +++ b/winsup/cygwin/cygheap.h @@ -393,6 +393,7 @@ public: inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const { return (idx < tdom_count) ? tdom + idx : NULL; } + PDS_DOMAIN_TRUSTSW add_domain (PCWSTR, PSID); inline PWCHAR get_rfc2307_domain () const { return rfc2307_domain_buf ?: NULL; } diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index b1025b02c..f78e484dd 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -1428,6 +1428,29 @@ cygheap_domain_info::init () return true; } +PDS_DOMAIN_TRUSTSW +cygheap_domain_info::add_domain (PCWSTR domain, PSID sid) +{ + PDS_DOMAIN_TRUSTSW new_tdom; + cygsid tsid (sid); + + new_tdom = (PDS_DOMAIN_TRUSTSW) crealloc (tdom, (tdom_count + 1) + * sizeof (DS_DOMAIN_TRUSTSW)); + if (!new_tdom) + return NULL; + + tdom = new_tdom; + new_tdom = &tdom[tdom_count]; + new_tdom->DnsDomainName = new_tdom->NetbiosDomainName = cwcsdup (domain); + --*RtlSubAuthorityCountSid (tsid); + ULONG len = RtlLengthSid (tsid); + new_tdom->DomainSid = cmalloc_abort(HEAP_BUF, len); + RtlCopySid (len, new_tdom->DomainSid, tsid); + new_tdom->PosixOffset = 0; + ++tdom_count; + return new_tdom; +} + /* Per session, so it changes potentially when switching the user context. */ static cygsid logon_sid (""); @@ -2135,16 +2158,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap) if (!wcscasecmp (dom, td->NetbiosDomainName)) { domain = td->DnsDomainName; - posix_offset = - fetch_posix_offset (td, &loc_ldap); break; } - if (!domain) { + /* This shouldn't happen, in theory, but it does. There + are cases where the user's logon domain does not show + up in the list of trusted domains. We're desperately + trying to workaround that here bu adding an entry for + this domain to the trusted domains and ask the DC for + a posix_offset. There's a good chance this doesn't + work either, but at least we tried, and the user can + work. */ debug_printf ("Unknown domain %W", dom); - return NULL; + td = cygheap->dom.add_domain (dom, sid); + if (td) + domain = td->DnsDomainName; } + if (domain) + posix_offset = fetch_posix_offset (td, &loc_ldap); } } /* If the domain returned by LookupAccountSid is not our machine