This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin/cygwin-2.0] Try best to handle user from domain not in trusted domain list.


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=d4f8c94a9b62706d88f8b6b80697023ab32ae497

commit d4f8c94a9b62706d88f8b6b80697023ab32ae497
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Mon Mar 30 18:05:06 2015 +0200

    Try best to handle user from domain not in trusted domain list.
    
    	* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
    	* uinfo.cc (cygheap_domain_info::add_domain): New method.
    	(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
    	if it was not in the original list of trusted domains and go ahead
    	rather than bailing out.  Add comment to explain why.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/ChangeLog |  8 ++++++++
 winsup/cygwin/cygheap.h |  1 +
 winsup/cygwin/uinfo.cc  | 40 ++++++++++++++++++++++++++++++++++++----
 3 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a0a8c8a..7e92599 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,13 @@
 2015-03-30  Corinna Vinschen  <corinna@vinschen.de>
 
+	* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
+	* uinfo.cc (cygheap_domain_info::add_domain): New method.
+	(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
+	if it was not in the original list of trusted domains and go ahead
+	rather than bailing out.  Add comment to explain why.
+
+2015-03-30  Corinna Vinschen  <corinna@vinschen.de>
+
 	* cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT.
 	* exceptions.cc (_cygtls::signal_debugger): Use sizeof (CONTEXT) for
 	size of CONTEXT copied for GDB's digestion.
diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index 6fb7a06..fd84814 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -393,6 +393,7 @@ public:
 
   inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
     { return (idx < tdom_count) ? tdom + idx : NULL; }
+  PDS_DOMAIN_TRUSTSW add_domain (PCWSTR, PSID);
 
   inline PWCHAR get_rfc2307_domain () const
     { return rfc2307_domain_buf ?: NULL; }
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index b1025b0..f78e484 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1428,6 +1428,29 @@ cygheap_domain_info::init ()
   return true;
 }
 
+PDS_DOMAIN_TRUSTSW
+cygheap_domain_info::add_domain (PCWSTR domain, PSID sid)
+{
+  PDS_DOMAIN_TRUSTSW new_tdom;
+  cygsid tsid (sid);
+
+  new_tdom = (PDS_DOMAIN_TRUSTSW) crealloc (tdom, (tdom_count + 1)
+						  * sizeof (DS_DOMAIN_TRUSTSW));
+  if (!new_tdom)
+    return NULL;
+
+  tdom = new_tdom;
+  new_tdom = &tdom[tdom_count];
+  new_tdom->DnsDomainName = new_tdom->NetbiosDomainName = cwcsdup (domain);
+  --*RtlSubAuthorityCountSid (tsid);
+  ULONG len = RtlLengthSid (tsid);
+  new_tdom->DomainSid = cmalloc_abort(HEAP_BUF, len);
+  RtlCopySid (len, new_tdom->DomainSid, tsid);
+  new_tdom->PosixOffset = 0;
+  ++tdom_count;
+  return new_tdom;
+}
+
 /* Per session, so it changes potentially when switching the user context. */
 static cygsid logon_sid ("");
 
@@ -2135,16 +2158,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 		    if (!wcscasecmp (dom, td->NetbiosDomainName))
 		      {
 			domain = td->DnsDomainName;
-			posix_offset =
-			  fetch_posix_offset (td, &loc_ldap);
 			break;
 		      }
-
 		  if (!domain)
 		    {
+		      /* This shouldn't happen, in theory, but it does.  There
+			 are cases where the user's logon domain does not show
+			 up in the list of trusted domains.  We're desperately
+			 trying to workaround that here bu adding an entry for
+			 this domain to the trusted domains and ask the DC for
+			 a  posix_offset.  There's a good chance this doesn't
+			 work either, but at least we tried, and the user can
+			 work. */
 		      debug_printf ("Unknown domain %W", dom);
-		      return NULL;
+		      td = cygheap->dom.add_domain (dom, sid);
+		      if (td)
+			domain = td->DnsDomainName;
 		    }
+		  if (domain)
+		    posix_offset = fetch_posix_offset (td, &loc_ldap);
 		}
 	    }
 	  /* If the domain returned by LookupAccountSid is not our machine


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]