2000-02-18 03:38:33 +08:00
|
|
|
/* uinfo.cc: user info (uid, gid, etc...)
|
|
|
|
|
2013-01-21 12:38:31 +08:00
|
|
|
Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
2014-02-10 03:44:56 +08:00
|
|
|
2007, 2008, 2009, 2010, 2011, 2012, 2014 Red Hat, Inc.
|
2000-02-18 03:38:33 +08:00
|
|
|
|
|
|
|
This file is part of Cygwin.
|
|
|
|
|
|
|
|
This software is a copyrighted work licensed under the terms of the
|
|
|
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|
|
|
details. */
|
|
|
|
|
|
|
|
#include "winsup.h"
|
2014-02-10 03:44:56 +08:00
|
|
|
#include <iptypes.h>
|
|
|
|
#include <lm.h>
|
|
|
|
#include <ntsecapi.h>
|
2001-05-01 02:21:48 +08:00
|
|
|
#include <wininet.h>
|
2014-02-10 03:44:56 +08:00
|
|
|
#include <unistd.h>
|
2000-02-18 03:38:33 +08:00
|
|
|
#include <stdlib.h>
|
2014-02-10 03:44:56 +08:00
|
|
|
#include <stdio.h>
|
2008-07-25 02:25:52 +08:00
|
|
|
#include <wchar.h>
|
2000-11-16 17:53:26 +08:00
|
|
|
#include <sys/cygwin.h>
|
2005-01-13 06:40:46 +08:00
|
|
|
#include "cygerrno.h"
|
2000-08-12 13:35:42 +08:00
|
|
|
#include "pinfo.h"
|
2001-10-01 12:10:07 +08:00
|
|
|
#include "path.h"
|
* devices.cc: New file.
* devices.gperf: New file.
* devices.shilka: New file.
* cygwin-gperf: New file.
* cygwin-shilka: New file.
* fhandler_fifo.cc: New file.
* fhandler_nodevice.cc : New file. Reorganize headers so that path.h precedes
fhandler.h throughout. Remove device argument and unit arguments from fhandler
constructors throughout. Remove pc arguments to fhandler functions and use
internal pc element instead, throughout. Use dev element in pc throughout.
Use major/minor elements rather than units and device numbers previously in
fhandler class. Use correct methods for fhandler file names rather than
directly accessing file name variables, throughout.
* Makefile.in (DLL_OFILES): Add devices.o, fhandler_fifo.o
* dcrt0.cc (dll_crt0_1): Call device::init.
* devices.h: Renumber devices based on more Linux-like major/minor numbers.
Add more devices. Declare standard device storage.
(device): Declare struct.
* dir.cc (opendir): Use new 'build_fh_name' to construct a fhandler_* type.
* dtable.cc (dtable::get_debugger_info): Ditto.
(cygwin_attach_handle_to_fd): Ditto.
(dtable::release): Remove special FH_SOCKET case in favor of generic
"need_fixup_before" test.
(dtable::init_std_file_from_handle): Use either build_fh_dev or build_fh_name
to build standard fhandler.
(dtable::build_fh_name): Renamed from dtable::build_fhandler_from_name. Move
out of dtable class. Don't accept a path_conv argument. Just build it here
and pass it to:
(build_fh_pc): Renamed from dtable::build_fhandler. Move out of dtable class.
Use intrinsic device type in path_conv to create new fhandler.
(build_fh_dev): Renamed from dtable::build_fhandler. Move out of dtable class.
Simplify arguments to just take new 'device' type and a name. Just return
pointer to fhandler rather than trying to insert into dtable.
(dtable::dup_worker): Accommodate above build_fh name changes.
(dtable::find_fifo): New (currently broken) function.
(handle_to_fn): Use strechr for efficiency.
* dtable.h: Reflect above build_fh name changes and argument differences.
(fhandler_base *&operator []): Return self rather than copy of self.
* fhandler.cc (fhandler_base::operator =): Use pc element to set normalized
path.
(fhandler_base::set_name): Ditto.
(fhandler_base::raw_read): Use method to access name.
(fhandler_base::write): Correctly use get_output_handle rather than get_handle.
(handler_base::device_access_denied): New function.
(fhandler_base::open): Eliminate pc argument and use pc element of
fhandler_base throughout.
(fhandler_base::fstat): Detect if device is based in filesystem and use
fstat_fs to calculate stat, if so.
(fhandler_base::fhandler_base): Eliminate handling of file names and, instead,
just free appropriate component from pc.
(fhandler_base::opendir): Remove path_conv parameter.
* fhandler.h: Remove all device flags.
(fhandler_base::pc): New element.
(fhandler_base::set_name): Change argument to path_conv.
(fhandler_base::error): New function.
(fhandler_base::exists): New function.
(fhandler_base::pc_binmode): New function.
(fhandler_base::dev): New function.
(fhandler_base::open_fs): New function.
(fhandler_base::fstat_fs): New function.
(fhandler_base::fstat_by_name): New function.
(fhandler_base::fstat_by_handle): New function.
(fhandler_base::isfifo): New function.
(fhandler_base::is_slow): New function.
(fhandler_base::is_auto_device): New function.
(fhandler_base::is_fs_special): New function.
(fhandler_base::device_access_denied): New function.
(fhandler_base::operator DWORD&): New operator.
(fhandler_base::get_name): Return normalized path from pc.
(fhandler_base::get_win32_name): Return windows path from pc.
(fhandler_base::isdevice): Renamed from is_device.
(fhandler_base::get_native_name): Return device format.
(fhandler_fifo): New class.
(fhandler_nodevice): New class.
(select_stuff::device_specific): Remove array.
(select_stuff::device_specific_pipe): New class element.
(select_stuff::device_specific_socket): New class element.
(select_stuff::device_specific_serial): New class element.
(select_stuff::select_stuff): Initialize new elements.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Move to base class
from fhandler_disk_file.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_disk_file::open): Move most functionality into
fhandler_base::open_fs.
(fhandler_base::open_fs): New function.
(fhandler_disk_file::close): Move most functionality into
fhandler_base::close_fs.
(fhandler_base::close_fs): New function.
* fhandler_mem.cc (fhandler_dev_mem::open): Use device name in debugging
output.
* fhandler_socket.cc (fhandler_socket::set_connect_secret): Copy standard
urandom device into appropriate place.
(fhandler_socket::accept): Reflect change in fdsock return value.
* fhandler_tty.cc: See "throughouts" above.
* net.cc: Accommodate fdsock change throughout.
(fdsock): Return success or failure, accept fd argument and device argument.
* path.cc (symlink_info::major): New element.
(symlink_info::minor): New element.
(symlink_info::parse_device): Declare new function.
(fs_info::update): Accommodate changes in path_conv class.
(path_conv::fillin): Ditto.
(path_conv::return_and_clear_normalized_path): Eliminate.
(path_conv::set_normalized_path): New function.
(path_conv::path_conv): Set info in dev element. Use path_conv methods Check
for FH_FS rather than FH_BAD to indicate when to fill in filesystem stuff.
where appropriate rather than direct access. Use set_normalized_path to set
normalized path.
(windows_device_names): Eliminate.
(get_dev): Ditto.
(get_raw_device_number): Ditto.
(get_device_number): Ditto.
(win32_device_name): Call new device name parser to do most of the heavy
lifting.
(mount_info::conv_to_win32_path): Fill in dev field as appropriate.
(symlink_worker): Handle new device files.
(symlink_info::check): Ditto.
(symlink_info::parse_device): Define new function.
* path.h (executable_states): Move here from fhandler.h.
(fs_info): Rename variables to *_storage and create methods for accessing same.
(path_conv): Add dev element, remove devn and unit and adjust inline methods to
accommodate.
(set_normalized_path): Declare new function.
* pinfo.cc (_pinfo::commune_recv): Add broken support for handling fifos.
(_pinfo::commune_send): Ditto.
* pipe.cc (fhandler_pipe::close): check for existence of handle before closing
it.
(handler_pipe::create): Rename from make_pipe. Change arguments to accept
fhandler_pipe array. Accommodate fifos.
(pipe): Rework to deal with fhandler_pipe::create changes.
(_pipe): Ditto.
* select.cc: Use individual device_specific types throughout rather than
indexing with obsolete device number.
(set_bits): Use is_socket call rather than checking device number.
* shared_info.h (CURR_MOUNT_MAGIC): Update.
(conv_to_win32_path): Reflect addition of device argument.
* syscalls.cc (mknod_worker): New function.
(open): Use build_fh_name to build fhandler.
(chown_worker): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(chmod_device): New function.
(chmod): Detect if this is an 'auto' device rather than an on-filesystem device
and handle appropriately. Use chmod_device to set mode of in-filesystem
devices.
(stat_worker): Eliminate path_conv argument. Call build_fh_name to construct
fhandler. Use fh->error() rather than pc->error to detect errors in fhandler
construction.
(access_worker): New function pulled from access. Accommodate in-filesystem
devices.
(access): Use access_worker.
(fpathconf): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(mknod_worker): New function.
(mknod32): New function.
(chroot): Free normalized path -- assuming it was actually cmalloced.
* tty.cc (create_tty_master): Tweak for new device class.
(tty::common_init): Ditto.
* winsup.h (stat_worker): Remove.
(symlink_worker): Declare.
* exceptions.cc (set_process_mask): Just call sig_dispatch_pending and don't
worry about pending_signals since sig_dispatch_pending should always do the
right thing now.
(sig_handle): Reorganize SIGCONT handling to more closely conform to SUSv3.
* pinfo.h: Move __SIG enum to sigproc.h.
(PICOM_FIFO): New enum element.
(_pinfo): Remove 'thread2signal' stuff throughout class.
(_pinfo::commune_send): Make varargs.
(_pinfo::sigtodo): Eliminate.
(_pinfo::thread2signal): Ditto.
* signal.cc (kill_worker): Eliminate call to setthread2signal.
* sigproc.cc (local_sigtodo): Eliminate.
(getlocal_sigtodo): Ditto.
(sigelem): New class.
(pending_signals): New class.
(sigqueue): New variable, start of sigqueue linked list.
(sigcatch_nonmain): Eliminate.
(sigcatch_main): Eliminate.
(sigcatch_nosync): Eliminate.
(sigcomplete_nonmain): Eliminate.
(pending_signals): Eliminate.
(sig_clear): Call signal thread to clear pending signals, unless already in
signal thread.
(sigpending): Call signal thread to get pending signals.
(sig_dispatch_pending): Eliminate use of pending_signals and just check
sigqueue.
(sigproc_terminate): Eliminate all of the obsolete semaphore stuff. Close
signal pipe handle.
(sig_send): Eliminate all of the obsolete semaphore stuff and use pipe to send
signals.
(getevent): Eliminate.
(pending_signals::add): New function.
(pending_signals::del): New function.
(pending_signals::next): New function.
(wait_sig): Eliminate all of the obsolete semaphore stuff. Use pipe to
communicate and maintain a linked list of signals.
* sigproc.h: Move __SIG defines here. Add __SIGPENDING.
(sig_dispatch_pending): Remove "C" specifier.
(sig_handle): Accept a mask argument.
* thread.cc: Remove signal handling considerations throughout.
2003-09-25 08:37:18 +08:00
|
|
|
#include "fhandler.h"
|
2001-04-19 05:10:15 +08:00
|
|
|
#include "dtable.h"
|
2000-11-15 08:13:09 +08:00
|
|
|
#include "cygheap.h"
|
2008-07-25 02:25:52 +08:00
|
|
|
#include "shared_info.h"
|
2000-09-08 10:56:55 +08:00
|
|
|
#include "registry.h"
|
2002-06-15 02:01:21 +08:00
|
|
|
#include "child_info.h"
|
2002-06-29 10:36:08 +08:00
|
|
|
#include "environ.h"
|
2008-03-12 20:41:50 +08:00
|
|
|
#include "tls_pbuf.h"
|
2014-02-10 03:44:56 +08:00
|
|
|
#include "miscfuncs.h"
|
2007-07-19 16:36:32 +08:00
|
|
|
#include "ntdll.h"
|
2014-02-10 03:44:56 +08:00
|
|
|
#include "ldap.h"
|
2014-03-13 01:36:56 +08:00
|
|
|
#include "cygserver_pwdgrp.h"
|
2014-02-10 03:44:56 +08:00
|
|
|
|
2003-09-11 05:01:40 +08:00
|
|
|
/* Initialize the part of cygheap_user that does not depend on files.
|
|
|
|
The information is used in shared.cc for the user shared.
|
|
|
|
Final initialization occurs in uinfo_init */
|
2002-06-15 02:01:21 +08:00
|
|
|
void
|
2003-11-29 04:55:59 +08:00
|
|
|
cygheap_user::init ()
|
2000-02-18 03:38:33 +08:00
|
|
|
{
|
2010-09-26 23:45:10 +08:00
|
|
|
WCHAR user_name[UNLEN + 1];
|
2010-09-28 22:49:31 +08:00
|
|
|
DWORD user_name_len = UNLEN + 1;
|
2003-09-11 05:01:40 +08:00
|
|
|
|
2011-03-31 23:33:53 +08:00
|
|
|
/* This code is only run if a Cygwin process gets started by a native
|
|
|
|
Win32 process. We try to get the username from the environment,
|
|
|
|
first USERNAME (Win32), then USER (POSIX). If that fails (which is
|
|
|
|
very unlikely), it only has an impact if we don't have an entry in
|
|
|
|
/etc/passwd for this user either. In that case the username sticks
|
|
|
|
to "unknown". Since this is called early in initialization, and
|
|
|
|
since we don't want pull in a dependency to any other DLL except
|
|
|
|
ntdll and kernel32 at this early stage, don't call GetUserName,
|
|
|
|
GetUserNameEx, NetWkstaUserGetInfo, etc. */
|
|
|
|
if (GetEnvironmentVariableW (L"USERNAME", user_name, user_name_len)
|
|
|
|
|| GetEnvironmentVariableW (L"USER", user_name, user_name_len))
|
|
|
|
{
|
|
|
|
char mb_user_name[user_name_len = sys_wcstombs (NULL, 0, user_name)];
|
|
|
|
sys_wcstombs (mb_user_name, user_name_len, user_name);
|
|
|
|
set_name (mb_user_name);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
set_name ("unknown");
|
2000-11-15 08:13:09 +08:00
|
|
|
|
2011-04-29 15:34:05 +08:00
|
|
|
NTSTATUS status;
|
|
|
|
ULONG size;
|
2004-02-06 18:37:37 +08:00
|
|
|
PSECURITY_DESCRIPTOR psd;
|
2003-09-27 09:56:36 +08:00
|
|
|
|
2011-04-29 15:34:05 +08:00
|
|
|
status = NtQueryInformationToken (hProcToken, TokenPrimaryGroup,
|
|
|
|
&groups.pgsid, sizeof (cygsid), &size);
|
|
|
|
if (!NT_SUCCESS (status))
|
2013-04-23 17:44:36 +08:00
|
|
|
system_printf ("NtQueryInformationToken (TokenPrimaryGroup), %y", status);
|
2003-09-27 09:56:36 +08:00
|
|
|
|
|
|
|
/* Get the SID from current process and store it in effec_cygsid */
|
2011-04-29 15:34:05 +08:00
|
|
|
status = NtQueryInformationToken (hProcToken, TokenUser, &effec_cygsid,
|
|
|
|
sizeof (cygsid), &size);
|
|
|
|
if (!NT_SUCCESS (status))
|
2003-09-27 09:56:36 +08:00
|
|
|
{
|
2013-04-23 17:44:36 +08:00
|
|
|
system_printf ("NtQueryInformationToken (TokenUser), %y", status);
|
2005-04-03 21:06:43 +08:00
|
|
|
return;
|
2003-09-27 09:56:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Set token owner to the same value as token user */
|
2011-04-29 15:34:05 +08:00
|
|
|
status = NtSetInformationToken (hProcToken, TokenOwner, &effec_cygsid,
|
|
|
|
sizeof (cygsid));
|
|
|
|
if (!NT_SUCCESS (status))
|
2013-04-23 17:44:36 +08:00
|
|
|
debug_printf ("NtSetInformationToken(TokenOwner), %y", status);
|
2003-09-27 09:56:36 +08:00
|
|
|
|
2004-02-06 18:37:37 +08:00
|
|
|
/* Standard way to build a security descriptor with the usual DACL */
|
2005-06-08 03:31:42 +08:00
|
|
|
PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
|
2005-04-03 21:06:43 +08:00
|
|
|
psd = (PSECURITY_DESCRIPTOR)
|
2011-06-06 13:02:13 +08:00
|
|
|
(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;
|
2003-09-27 09:56:36 +08:00
|
|
|
|
2011-04-28 17:53:11 +08:00
|
|
|
BOOLEAN acl_exists, dummy;
|
2004-02-06 18:37:37 +08:00
|
|
|
TOKEN_DEFAULT_DACL dacl;
|
2011-04-28 17:53:11 +08:00
|
|
|
|
|
|
|
status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &dacl.DefaultDacl,
|
|
|
|
&dummy);
|
|
|
|
if (NT_SUCCESS (status) && acl_exists && dacl.DefaultDacl)
|
2004-02-06 18:37:37 +08:00
|
|
|
{
|
2007-07-19 16:36:32 +08:00
|
|
|
|
2004-02-06 18:37:37 +08:00
|
|
|
/* Set the default DACL and the process DACL */
|
2011-04-29 15:34:05 +08:00
|
|
|
status = NtSetInformationToken (hProcToken, TokenDefaultDacl, &dacl,
|
|
|
|
sizeof (dacl));
|
|
|
|
if (!NT_SUCCESS (status))
|
2013-04-23 17:44:36 +08:00
|
|
|
system_printf ("NtSetInformationToken (TokenDefaultDacl), %y", status);
|
2009-12-19 04:32:04 +08:00
|
|
|
if ((status = NtSetSecurityObject (NtCurrentProcess (),
|
|
|
|
DACL_SECURITY_INFORMATION, psd)))
|
2013-04-23 17:44:36 +08:00
|
|
|
system_printf ("NtSetSecurityObject, %y", status);
|
2003-09-11 05:01:40 +08:00
|
|
|
}
|
2004-02-06 18:37:37 +08:00
|
|
|
else
|
2004-09-03 09:53:12 +08:00
|
|
|
system_printf("Cannot get dacl, %E");
|
2003-09-11 05:01:40 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
internal_getlogin (cygheap_user &user)
|
|
|
|
{
|
2014-02-28 19:37:02 +08:00
|
|
|
struct passwd *pwd;
|
|
|
|
struct group *pgrp, *grp, *grp2;
|
2014-02-27 20:57:27 +08:00
|
|
|
cyg_ldap cldap;
|
2003-09-11 05:01:40 +08:00
|
|
|
|
2014-02-28 19:37:02 +08:00
|
|
|
/* Fetch (and potentially generate) passwd and group entries for the user
|
|
|
|
and the primary group in the token. */
|
|
|
|
pwd = internal_getpwsid (user.sid (), &cldap);
|
|
|
|
pgrp = internal_getgrsid (user.groups.pgsid, &cldap);
|
2014-03-13 01:36:56 +08:00
|
|
|
if (!cygheap->pg.nss_cygserver_caching ())
|
2014-02-28 19:37:02 +08:00
|
|
|
internal_getgroups (0, NULL, &cldap);
|
|
|
|
if (!pwd)
|
|
|
|
debug_printf ("user not found in passwd DB");
|
2002-11-21 01:10:05 +08:00
|
|
|
else
|
2002-06-15 02:01:21 +08:00
|
|
|
{
|
2007-02-23 23:15:50 +08:00
|
|
|
cygsid gsid;
|
|
|
|
|
2014-02-28 19:37:02 +08:00
|
|
|
user.set_name (pwd->pw_name);
|
|
|
|
myself->uid = pwd->pw_uid;
|
|
|
|
myself->gid = pwd->pw_gid;
|
|
|
|
/* Is the primary group in the passwd DB is different from the primary
|
|
|
|
group in the user token, we have to find the SID of that group and
|
|
|
|
try to override the token primary group. */
|
|
|
|
if (!pgrp || myself->gid != pgrp->gr_gid)
|
2002-11-27 10:26:44 +08:00
|
|
|
{
|
2014-02-28 19:37:02 +08:00
|
|
|
if (gsid.getfromgr (grp = internal_getgrgid (pwd->pw_gid, &cldap)))
|
2002-11-21 01:10:05 +08:00
|
|
|
{
|
2014-02-28 19:37:02 +08:00
|
|
|
/* We might have a group file with a group entry for the current
|
|
|
|
user's primary group, but the current user has no entry in
|
|
|
|
passwd. If so, pw_gid is taken from windows and might
|
|
|
|
disagree with gr_gid from the group file. Overwrite it. */
|
|
|
|
if ((grp2 = internal_getgrsid (gsid, &cldap)) && grp2 != grp)
|
|
|
|
myself->gid = pwd->pw_gid = grp2->gr_gid;
|
|
|
|
/* Set primary group to the group in /etc/passwd. */
|
|
|
|
if (gsid != user.groups.pgsid)
|
|
|
|
{
|
|
|
|
NTSTATUS status = NtSetInformationToken (hProcToken,
|
|
|
|
TokenPrimaryGroup,
|
|
|
|
&gsid, sizeof gsid);
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
{
|
|
|
|
debug_printf ("NtSetInformationToken (TokenPrimaryGroup),"
|
|
|
|
" %y", status);
|
|
|
|
/* Revert the primary group setting and override the
|
|
|
|
setting in the passwd entry. */
|
|
|
|
if (pgrp)
|
|
|
|
myself->gid = pwd->pw_gid = pgrp->gr_gid;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
user.groups.pgsid = gsid;
|
|
|
|
clear_procimptoken ();
|
|
|
|
}
|
2002-11-21 01:10:05 +08:00
|
|
|
}
|
2014-02-28 19:37:02 +08:00
|
|
|
else
|
|
|
|
debug_printf ("group not found in group DB");
|
2002-11-21 01:10:05 +08:00
|
|
|
}
|
2002-06-15 02:01:21 +08:00
|
|
|
}
|
2014-02-28 19:37:02 +08:00
|
|
|
cygheap->user.ontherange (CH_HOME, pwd);
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
uinfo_init ()
|
|
|
|
{
|
2003-06-30 21:07:36 +08:00
|
|
|
if (child_proc_info && !cygheap->user.has_impersonation_tokens ())
|
2003-06-09 21:29:12 +08:00
|
|
|
return;
|
|
|
|
|
|
|
|
if (!child_proc_info)
|
|
|
|
internal_getlogin (cygheap->user); /* Set the cygheap->user. */
|
|
|
|
/* Conditions must match those in spawn to allow starting child
|
|
|
|
processes with ruid != euid and rgid != egid. */
|
|
|
|
else if (cygheap->user.issetuid ()
|
2004-05-29 03:50:07 +08:00
|
|
|
&& cygheap->user.saved_uid == cygheap->user.real_uid
|
2003-09-16 17:24:52 +08:00
|
|
|
&& cygheap->user.saved_gid == cygheap->user.real_gid
|
2009-10-13 18:23:31 +08:00
|
|
|
&& !cygheap->user.groups.issetgroups ()
|
|
|
|
&& !cygheap->user.setuid_to_restricted)
|
2003-01-25 18:36:46 +08:00
|
|
|
{
|
2003-06-30 21:07:36 +08:00
|
|
|
cygheap->user.reimpersonate ();
|
2003-06-09 21:29:12 +08:00
|
|
|
return;
|
2003-01-25 18:36:46 +08:00
|
|
|
}
|
2003-06-09 21:29:12 +08:00
|
|
|
else
|
2003-06-30 21:07:36 +08:00
|
|
|
cygheap->user.close_impersonation_tokens ();
|
2003-06-09 21:29:12 +08:00
|
|
|
|
2003-09-16 17:24:52 +08:00
|
|
|
cygheap->user.saved_uid = cygheap->user.real_uid = myself->uid;
|
|
|
|
cygheap->user.saved_gid = cygheap->user.real_gid = myself->gid;
|
2004-10-28 09:46:01 +08:00
|
|
|
cygheap->user.external_token = NO_IMPERSONATION;
|
|
|
|
cygheap->user.internal_token = NO_IMPERSONATION;
|
2005-04-03 21:06:43 +08:00
|
|
|
cygheap->user.curr_primary_token = NO_IMPERSONATION;
|
2007-07-17 04:01:15 +08:00
|
|
|
cygheap->user.curr_imp_token = NO_IMPERSONATION;
|
2009-10-13 18:23:31 +08:00
|
|
|
cygheap->user.ext_token_is_restricted = false;
|
|
|
|
cygheap->user.curr_token_is_restricted = false;
|
|
|
|
cygheap->user.setuid_to_restricted = false;
|
2003-09-16 17:24:52 +08:00
|
|
|
cygheap->user.set_saved_sid (); /* Update the original sid */
|
2009-10-18 17:07:13 +08:00
|
|
|
cygheap->user.deimpersonate ();
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
|
|
|
|
2004-05-18 00:06:02 +08:00
|
|
|
extern "C" int
|
|
|
|
getlogin_r (char *name, size_t namesize)
|
|
|
|
{
|
2011-05-17 01:58:21 +08:00
|
|
|
const char *login = cygheap->user.name ();
|
2004-05-18 00:06:02 +08:00
|
|
|
size_t len = strlen (login) + 1;
|
|
|
|
if (len > namesize)
|
|
|
|
return ERANGE;
|
2005-07-03 10:40:30 +08:00
|
|
|
myfault efault;
|
|
|
|
if (efault.faulted ())
|
|
|
|
return EFAULT;
|
2004-05-18 00:06:02 +08:00
|
|
|
strncpy (name, login, len);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2000-02-18 03:38:33 +08:00
|
|
|
extern "C" char *
|
|
|
|
getlogin (void)
|
|
|
|
{
|
2011-05-17 01:58:21 +08:00
|
|
|
static char username[UNLEN];
|
|
|
|
int ret = getlogin_r (username, UNLEN);
|
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
set_errno (ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return username;
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
extern "C" uid_t
|
2002-05-29 23:04:29 +08:00
|
|
|
getuid32 (void)
|
|
|
|
{
|
|
|
|
return cygheap->user.real_uid;
|
|
|
|
}
|
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
#ifdef __x86_64__
|
|
|
|
EXPORT_ALIAS (getuid32, getuid)
|
|
|
|
#else
|
* (child_info.h, cygheap.h, dcrt0.cc, dir.cc, fhandler.cc, fhandler.h,
fhandler_clipboard.cc, fhandler_disk_file.cc, fhandler_dsp.cc,
fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
security.h, spawn.cc, syscalls.cc, thread.h, uinfo.cc, winsup.h):
Change usage of uid_t to __uid16_t, gid_t to __gid16_t and
off_t to __off32_t throughout. Use INVALID_UID, INVALID_GID and
INVALID_SEEK instead casting -1 to the appropriate type.
* winsup.h: Define INVALID_UID, INVALID_GID and INVALID_SEEK.
* include/cygwin/acl.h: Define internal __aclent16_t and __aclent32_t
types. Don't declare acl functions when compiling Cygwin.
* include/cygwin/grp.h: Declare getgrgid() and getgrnam() with
correct types for internal usage.
2002-02-10 21:38:51 +08:00
|
|
|
extern "C" __uid16_t
|
2000-02-18 03:38:33 +08:00
|
|
|
getuid (void)
|
|
|
|
{
|
2000-11-15 08:13:09 +08:00
|
|
|
return cygheap->user.real_uid;
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
2013-04-23 17:44:36 +08:00
|
|
|
#endif
|
2000-02-18 03:38:33 +08:00
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
extern "C" gid_t
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
getgid32 (void)
|
|
|
|
{
|
|
|
|
return cygheap->user.real_gid;
|
|
|
|
}
|
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
#ifdef __x86_64__
|
|
|
|
EXPORT_ALIAS (getgid32, getgid)
|
|
|
|
#else
|
* (child_info.h, cygheap.h, dcrt0.cc, dir.cc, fhandler.cc, fhandler.h,
fhandler_clipboard.cc, fhandler_disk_file.cc, fhandler_dsp.cc,
fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
security.h, spawn.cc, syscalls.cc, thread.h, uinfo.cc, winsup.h):
Change usage of uid_t to __uid16_t, gid_t to __gid16_t and
off_t to __off32_t throughout. Use INVALID_UID, INVALID_GID and
INVALID_SEEK instead casting -1 to the appropriate type.
* winsup.h: Define INVALID_UID, INVALID_GID and INVALID_SEEK.
* include/cygwin/acl.h: Define internal __aclent16_t and __aclent32_t
types. Don't declare acl functions when compiling Cygwin.
* include/cygwin/grp.h: Declare getgrgid() and getgrnam() with
correct types for internal usage.
2002-02-10 21:38:51 +08:00
|
|
|
extern "C" __gid16_t
|
2000-02-18 03:38:33 +08:00
|
|
|
getgid (void)
|
|
|
|
{
|
2000-11-15 08:13:09 +08:00
|
|
|
return cygheap->user.real_gid;
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
2013-04-23 17:44:36 +08:00
|
|
|
#endif
|
2000-02-18 03:38:33 +08:00
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
extern "C" uid_t
|
2002-05-29 23:04:29 +08:00
|
|
|
geteuid32 (void)
|
|
|
|
{
|
|
|
|
return myself->uid;
|
|
|
|
}
|
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
#ifdef __x86_64__
|
|
|
|
EXPORT_ALIAS (geteuid32, geteuid)
|
|
|
|
#else
|
|
|
|
extern "C" uid_t
|
2000-02-18 03:38:33 +08:00
|
|
|
geteuid (void)
|
|
|
|
{
|
2000-06-17 03:36:07 +08:00
|
|
|
return myself->uid;
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
2013-04-23 17:44:36 +08:00
|
|
|
#endif
|
2000-02-18 03:38:33 +08:00
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
extern "C" gid_t
|
Change internal gid datatype from __gid16_t to __gid32_t
throughout.
* cygwin.din: Export new symbols chown32, fchown32, getegid32,
getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
setgid32, setegid32, getgrent32.
* grp.cc (grp32togrp16): New static function.
(getgrgid32): New function.
(getgrnam32): Ditto.
(getgrent32): Ditto.
(getgroups32): Change name of internal function from getgroups.
(getgroups32): New function.
(initgroups32): Ditto.
* syscalls.cc (chown32): Ditto.
(lchown32): Ditto.
(fchown32): Ditto.
(setegid32): Ditto.
(setgid32): Ditto.
* uinfo.cc (getgid32): Ditto.
(getegid32): Ditto.
* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
Declare getgrgid32() and getgrnam32() instead. Declare getgid32().
2002-05-28 22:10:55 +08:00
|
|
|
getegid32 (void)
|
|
|
|
{
|
|
|
|
return myself->gid;
|
|
|
|
}
|
|
|
|
|
2013-04-23 17:44:36 +08:00
|
|
|
#ifdef __x86_64__
|
|
|
|
EXPORT_ALIAS (getegid32, getegid)
|
|
|
|
#else
|
* (child_info.h, cygheap.h, dcrt0.cc, dir.cc, fhandler.cc, fhandler.h,
fhandler_clipboard.cc, fhandler_disk_file.cc, fhandler_dsp.cc,
fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
security.h, spawn.cc, syscalls.cc, thread.h, uinfo.cc, winsup.h):
Change usage of uid_t to __uid16_t, gid_t to __gid16_t and
off_t to __off32_t throughout. Use INVALID_UID, INVALID_GID and
INVALID_SEEK instead casting -1 to the appropriate type.
* winsup.h: Define INVALID_UID, INVALID_GID and INVALID_SEEK.
* include/cygwin/acl.h: Define internal __aclent16_t and __aclent32_t
types. Don't declare acl functions when compiling Cygwin.
* include/cygwin/grp.h: Declare getgrgid() and getgrnam() with
correct types for internal usage.
2002-02-10 21:38:51 +08:00
|
|
|
extern "C" __gid16_t
|
2000-02-18 03:38:33 +08:00
|
|
|
getegid (void)
|
|
|
|
{
|
2000-06-17 03:36:07 +08:00
|
|
|
return myself->gid;
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
2013-04-23 17:44:36 +08:00
|
|
|
#endif
|
2000-02-18 03:38:33 +08:00
|
|
|
|
|
|
|
/* Not quite right - cuserid can change, getlogin can't */
|
|
|
|
extern "C" char *
|
|
|
|
cuserid (char *src)
|
|
|
|
{
|
2002-06-12 13:13:54 +08:00
|
|
|
if (!src)
|
|
|
|
return getlogin ();
|
|
|
|
|
|
|
|
strcpy (src, getlogin ());
|
|
|
|
return src;
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
|
|
|
cygheap_user::ontherange (homebodies what, struct passwd *pw)
|
|
|
|
{
|
|
|
|
LPUSER_INFO_3 ui = NULL;
|
|
|
|
WCHAR wuser[UNLEN + 1];
|
|
|
|
NET_API_STATUS ret;
|
2002-06-28 04:44:27 +08:00
|
|
|
char homedrive_env_buf[3];
|
|
|
|
char *newhomedrive = NULL;
|
|
|
|
char *newhomepath = NULL;
|
2008-03-12 20:41:50 +08:00
|
|
|
tmp_pathbuf tp;
|
2002-06-12 13:13:54 +08:00
|
|
|
|
2002-06-29 10:36:08 +08:00
|
|
|
debug_printf ("what %d, pw %p", what, pw);
|
2002-06-12 13:13:54 +08:00
|
|
|
if (what == CH_HOME)
|
|
|
|
{
|
|
|
|
char *p;
|
2002-06-16 13:26:14 +08:00
|
|
|
|
2002-06-12 13:13:54 +08:00
|
|
|
if ((p = getenv ("HOME")))
|
|
|
|
debug_printf ("HOME is already in the environment %s", p);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (pw && pw->pw_dir && *pw->pw_dir)
|
|
|
|
{
|
|
|
|
debug_printf ("Set HOME (from /etc/passwd) to %s", pw->pw_dir);
|
2002-07-01 11:57:17 +08:00
|
|
|
setenv ("HOME", pw->pw_dir, 1);
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
2002-07-01 11:57:17 +08:00
|
|
|
else
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
2009-05-06 19:52:20 +08:00
|
|
|
char home[strlen (name ()) + 8];
|
|
|
|
|
|
|
|
debug_printf ("Set HOME to default /home/USER");
|
|
|
|
__small_sprintf (home, "/home/%s", name ());
|
2002-07-01 11:57:17 +08:00
|
|
|
setenv ("HOME", home, 1);
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-06-29 10:36:08 +08:00
|
|
|
if (what != CH_HOME && homepath == NULL && newhomepath == NULL)
|
2000-02-18 03:38:33 +08:00
|
|
|
{
|
2008-03-12 20:41:50 +08:00
|
|
|
char *homepath_env_buf = tp.c_get ();
|
2002-06-12 13:13:54 +08:00
|
|
|
if (!pw)
|
2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by
pwdgrp_check::isinitializing ().
(pwdgrp_check::isinitializing): Create.
* passwd.cc (grab_int): Change type to unsigned, use strtoul and
set the pointer content to 0 if the field is invalid.
(parse_pwd): Move validity test after getting pw_gid.
(read_etc_passwd): Replace "passwd_state <= " by
passwd_state::isinitializing ().
(internal_getpwuid): Ditto.
(internal_getpwnam): Ditto.
(getpwent): Ditto.
(getpass): Ditto.
* grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity.
(read_etc_group): Replace "group_state <= " by
group_state::isinitializing ().
(internal_getgrgid): Ditto.
(getgrent32): Ditto.
(internal_getgrent): Ditto.
2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* security.h: Move declarations of internal_getgrent,
internal_getpwsid and internal_getgrsid to pwdgrp.h.
* pwdgrp.h: Declare internal_getpwsid, internal_getpwnam,
internal_getpwuid, internal_getgrsid, internal_getgrgid,
internal_getgrnam, internal_getgrent and internal_getgroups.
Delete "emulated" from enum pwdgrp_state.
(pwdgrp_check::isuninitialized): Create.
(pwdgrp_check::pwdgrp_state): Change state to initializing
rather than to uninitialized.
(pwdgrp_read::gets): Remove trailing CRs.
* passwd.cc (grab_string): Don't look for NLs.
(grab_int): Ditto.
(parse_pwd): Don't look for CRs. Return 0 if entry is too short.
(search_for): Delete.
(read_etc_passwd): Simplify tests to actually read the file.
Set state to loaded before making internal_getpwXX calls.
Replace search_for calls by equivalent internal_pwgetXX calls.
(internal_getpwsid): Use passwd_state.isuninitialized to decide
to call read_etc_passwd.
(internal_getpwuid): Create.
(internal_getpwnam): Create.
(getpwuid32): Simply call internal_getpwuid.
(getpwuid_r32): Call internal_getpwuid.
(getpwnam): Simply call internal_getpwnam.
(getpwnam_r): Call internal_getpwnam.
* grp.cc (parse_grp): Don't look for CRs. Adjust blank space.
(add_grp_line): Adjust blank space.
(class group_lock): Ditto.
(read_etc_group): Simplify tests to actually read the file.
Set state to loaded before making internal_getgrXX calls.
Replace getgrXX calls by equivalent internal calls.
(internal_getgrsid): Use group_state.isuninitialized to decide
to call read_etc_group.
(internal_getgrgid): Create.
(internal_getgrnam): Create.
(getgroups32): Simply call internal_getgrgid.
(getgrnam32): Simply call internal_getgrnam.
(internal_getgrent): Call group_state.isuninitialized.
(internal_getgroups): Create from the former getgroups32, using
two of the four arguments. Set gid to myself->gid and username
to cygheap->user.name ().
(getgroups32): Simply call internal_getgroup.
(getgroups): Call internal_getgroup instead of getgroups32.
(setgroups32): Call internal versions of get{pw,gr}XX.
* sec_helper.cc: Include pwdgrp.h.
(is_grp_member): Call internal versions of get{pw,gr}XX.
* security.cc: Include pwdgrp.h.
(alloc_sd): Call internal versions of get{pw,gr}XX.
* syscalls.cc: Include pwdgrp.h.
(seteuid32): Call internal versions of get{pw,gr}XX.
(setegid32): Ditto.
* uinfo.cc: Include pwdgrp.h.
(internal_getlogin): Call internal versions of get{pw,gr}XX.
(cygheap_user::ontherange): Ditto.
* sec_acl.cc: Include pwdgrp.h.
(setacl): Call internal versions of get{pw,gr}XX.
(acl_access): Ditto and simplify logic.
(aclfromtext): Ditto.
2002-12-10 20:43:49 +08:00
|
|
|
pw = internal_getpwnam (name ());
|
2002-06-12 13:13:54 +08:00
|
|
|
if (pw && pw->pw_dir && *pw->pw_dir)
|
2008-03-12 20:41:50 +08:00
|
|
|
cygwin_conv_path (CCP_POSIX_TO_WIN_A, pw->pw_dir, homepath_env_buf,
|
|
|
|
NT_MAX_PATH);
|
2002-06-12 13:13:54 +08:00
|
|
|
else
|
|
|
|
{
|
2002-06-28 04:44:27 +08:00
|
|
|
homepath_env_buf[0] = homepath_env_buf[1] = '\0';
|
2002-06-29 10:36:08 +08:00
|
|
|
if (logsrv ())
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
2002-06-19 21:56:34 +08:00
|
|
|
WCHAR wlogsrv[INTERNET_MAX_HOST_NAME_LENGTH + 3];
|
2008-02-26 02:32:23 +08:00
|
|
|
sys_mbstowcs (wlogsrv, sizeof (wlogsrv) / sizeof (*wlogsrv),
|
|
|
|
logsrv ());
|
|
|
|
sys_mbstowcs (wuser, sizeof (wuser) / sizeof (*wuser), winname ());
|
2003-11-29 04:55:59 +08:00
|
|
|
if (!(ret = NetUserGetInfo (wlogsrv, wuser, 3, (LPBYTE *) &ui)))
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
2008-03-12 20:41:50 +08:00
|
|
|
sys_wcstombs (homepath_env_buf, NT_MAX_PATH,
|
2011-06-06 13:02:13 +08:00
|
|
|
ui->usri3_home_dir);
|
2002-06-19 21:56:34 +08:00
|
|
|
if (!homepath_env_buf[0])
|
|
|
|
{
|
2008-03-12 20:41:50 +08:00
|
|
|
sys_wcstombs (homepath_env_buf, NT_MAX_PATH,
|
2006-02-07 23:49:08 +08:00
|
|
|
ui->usri3_home_dir_drive);
|
2002-06-19 21:56:34 +08:00
|
|
|
if (homepath_env_buf[0])
|
|
|
|
strcat (homepath_env_buf, "\\");
|
2002-07-01 23:50:02 +08:00
|
|
|
else
|
2008-03-12 20:41:50 +08:00
|
|
|
cygwin_conv_path (CCP_POSIX_TO_WIN_A | CCP_ABSOLUTE,
|
|
|
|
"/", homepath_env_buf, NT_MAX_PATH);
|
2002-06-19 21:56:34 +08:00
|
|
|
}
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (ui)
|
|
|
|
NetApiBufferFree (ui);
|
|
|
|
}
|
|
|
|
|
2002-06-15 04:36:42 +08:00
|
|
|
if (homepath_env_buf[1] != ':')
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
2002-06-28 04:44:27 +08:00
|
|
|
newhomedrive = almost_null;
|
|
|
|
newhomepath = homepath_env_buf;
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2002-06-15 04:36:42 +08:00
|
|
|
homedrive_env_buf[0] = homepath_env_buf[0];
|
|
|
|
homedrive_env_buf[1] = homepath_env_buf[1];
|
2002-06-28 04:44:27 +08:00
|
|
|
homedrive_env_buf[2] = '\0';
|
|
|
|
newhomedrive = homedrive_env_buf;
|
|
|
|
newhomepath = homepath_env_buf + 2;
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
2002-06-12 13:13:54 +08:00
|
|
|
|
2002-07-01 11:57:17 +08:00
|
|
|
if (newhomedrive && newhomedrive != homedrive)
|
2002-06-28 04:44:27 +08:00
|
|
|
cfree_and_set (homedrive, (newhomedrive == almost_null)
|
2002-09-19 11:30:20 +08:00
|
|
|
? almost_null : cstrdup (newhomedrive));
|
2002-06-28 04:44:27 +08:00
|
|
|
|
2002-07-01 11:57:17 +08:00
|
|
|
if (newhomepath && newhomepath != homepath)
|
2002-06-28 04:44:27 +08:00
|
|
|
cfree_and_set (homepath, cstrdup (newhomepath));
|
|
|
|
|
2002-06-12 13:13:54 +08:00
|
|
|
switch (what)
|
2000-02-18 03:38:33 +08:00
|
|
|
{
|
2002-06-12 13:13:54 +08:00
|
|
|
case CH_HOMEDRIVE:
|
|
|
|
return homedrive;
|
|
|
|
case CH_HOMEPATH:
|
|
|
|
return homepath;
|
|
|
|
default:
|
|
|
|
return homepath;
|
2000-02-18 03:38:33 +08:00
|
|
|
}
|
|
|
|
}
|
2002-06-12 13:13:54 +08:00
|
|
|
|
|
|
|
const char *
|
2002-06-29 10:36:08 +08:00
|
|
|
cygheap_user::test_uid (char *&what, const char *name, size_t namelen)
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
2002-07-01 11:57:17 +08:00
|
|
|
if (!what && !issetuid ())
|
2002-06-29 14:50:17 +08:00
|
|
|
what = getwinenveq (name, namelen, HEAP_STR);
|
2002-06-29 10:36:08 +08:00
|
|
|
return what;
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
|
|
|
cygheap_user::env_logsrv (const char *name, size_t namelen)
|
|
|
|
{
|
|
|
|
if (test_uid (plogsrv, name, namelen))
|
2002-06-15 02:01:21 +08:00
|
|
|
return plogsrv;
|
2002-06-12 13:13:54 +08:00
|
|
|
|
2002-06-30 06:05:30 +08:00
|
|
|
const char *mydomain = domain ();
|
|
|
|
const char *myname = winname ();
|
2008-02-01 20:37:51 +08:00
|
|
|
if (!mydomain || ascii_strcasematch (myname, "SYSTEM"))
|
2002-06-29 11:14:12 +08:00
|
|
|
return almost_null;
|
2002-06-16 13:26:14 +08:00
|
|
|
|
2008-07-11 18:00:36 +08:00
|
|
|
WCHAR wdomain[MAX_DOMAIN_NAME_LEN + 1];
|
2008-07-09 19:58:38 +08:00
|
|
|
WCHAR wlogsrv[INTERNET_MAX_HOST_NAME_LENGTH + 3];
|
2008-07-11 18:00:36 +08:00
|
|
|
sys_mbstowcs (wdomain, MAX_DOMAIN_NAME_LEN + 1, mydomain);
|
2002-06-28 04:44:27 +08:00
|
|
|
cfree_and_set (plogsrv, almost_null);
|
2014-02-10 03:44:56 +08:00
|
|
|
if (get_logon_server (wdomain, wlogsrv, DS_IS_FLAT_NAME))
|
2008-07-09 19:58:38 +08:00
|
|
|
sys_wcstombs_alloc (&plogsrv, HEAP_STR, wlogsrv);
|
2002-06-28 04:44:27 +08:00
|
|
|
return plogsrv;
|
2002-06-15 02:01:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
2002-06-29 10:36:08 +08:00
|
|
|
cygheap_user::env_domain (const char *name, size_t namelen)
|
2002-06-15 02:01:21 +08:00
|
|
|
{
|
2002-06-29 14:50:17 +08:00
|
|
|
if (pwinname && test_uid (pdomain, name, namelen))
|
2002-06-15 02:01:21 +08:00
|
|
|
return pdomain;
|
|
|
|
|
2011-03-29 18:46:04 +08:00
|
|
|
DWORD ulen = UNLEN + 1;
|
|
|
|
WCHAR username[ulen];
|
2011-03-31 23:33:53 +08:00
|
|
|
DWORD dlen = MAX_DOMAIN_NAME_LEN + 1;
|
2011-03-29 18:46:04 +08:00
|
|
|
WCHAR userdomain[dlen];
|
2002-06-15 02:01:21 +08:00
|
|
|
SID_NAME_USE use;
|
|
|
|
|
2002-06-29 10:36:08 +08:00
|
|
|
cfree_and_set (pwinname, almost_null);
|
2002-06-28 04:44:27 +08:00
|
|
|
cfree_and_set (pdomain, almost_null);
|
2011-03-29 18:46:04 +08:00
|
|
|
if (!LookupAccountSidW (NULL, sid (), username, &ulen,
|
|
|
|
userdomain, &dlen, &use))
|
2002-06-28 04:44:27 +08:00
|
|
|
__seterrno ();
|
|
|
|
else
|
2002-06-15 02:01:21 +08:00
|
|
|
{
|
2011-03-29 18:46:04 +08:00
|
|
|
sys_wcstombs_alloc (&pwinname, HEAP_STR, username);
|
|
|
|
sys_wcstombs_alloc (&pdomain, HEAP_STR, userdomain);
|
2002-06-15 02:01:21 +08:00
|
|
|
}
|
2002-06-28 04:44:27 +08:00
|
|
|
return pdomain;
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
2002-06-29 10:36:08 +08:00
|
|
|
cygheap_user::env_userprofile (const char *name, size_t namelen)
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
2002-06-29 10:36:08 +08:00
|
|
|
if (test_uid (puserprof, name, namelen))
|
|
|
|
return puserprof;
|
|
|
|
|
2012-02-11 04:56:22 +08:00
|
|
|
/* User hive path is never longer than MAX_PATH. */
|
|
|
|
WCHAR userprofile_env_buf[MAX_PATH];
|
2008-02-15 00:47:11 +08:00
|
|
|
WCHAR win_id[UNLEN + 1]; /* Large enough for SID */
|
2004-11-21 03:09:19 +08:00
|
|
|
|
2002-06-28 04:44:27 +08:00
|
|
|
cfree_and_set (puserprof, almost_null);
|
2004-11-21 03:09:19 +08:00
|
|
|
if (get_registry_hive_path (get_windows_id (win_id), userprofile_env_buf))
|
2012-02-11 04:56:22 +08:00
|
|
|
sys_wcstombs_alloc (&puserprof, HEAP_STR, userprofile_env_buf);
|
2002-06-16 13:26:14 +08:00
|
|
|
|
2002-06-28 04:44:27 +08:00
|
|
|
return puserprof;
|
2002-06-12 13:13:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
2002-06-29 10:36:08 +08:00
|
|
|
cygheap_user::env_homepath (const char *name, size_t namelen)
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
|
|
|
return ontherange (CH_HOMEPATH);
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
2002-06-29 10:36:08 +08:00
|
|
|
cygheap_user::env_homedrive (const char *name, size_t namelen)
|
2002-06-12 13:13:54 +08:00
|
|
|
{
|
|
|
|
return ontherange (CH_HOMEDRIVE);
|
|
|
|
}
|
2002-06-15 02:01:21 +08:00
|
|
|
|
|
|
|
const char *
|
2002-06-29 10:36:08 +08:00
|
|
|
cygheap_user::env_name (const char *name, size_t namelen)
|
2002-06-15 02:01:21 +08:00
|
|
|
{
|
2002-06-29 10:36:08 +08:00
|
|
|
if (!test_uid (pwinname, name, namelen))
|
2005-07-07 04:05:03 +08:00
|
|
|
domain ();
|
2002-06-29 10:36:08 +08:00
|
|
|
return pwinname;
|
2002-06-15 02:01:21 +08:00
|
|
|
}
|
2003-01-17 13:18:30 +08:00
|
|
|
|
2004-10-08 05:28:57 +08:00
|
|
|
const char *
|
|
|
|
cygheap_user::env_systemroot (const char *name, size_t namelen)
|
|
|
|
{
|
|
|
|
if (!psystemroot)
|
|
|
|
{
|
2011-04-19 18:15:09 +08:00
|
|
|
int size = GetSystemWindowsDirectoryW (NULL, 0);
|
2004-10-08 05:28:57 +08:00
|
|
|
if (size > 0)
|
2005-05-02 11:50:11 +08:00
|
|
|
{
|
2011-04-19 18:15:09 +08:00
|
|
|
WCHAR wsystemroot[size];
|
|
|
|
size = GetSystemWindowsDirectoryW (wsystemroot, size);
|
|
|
|
if (size > 0)
|
|
|
|
sys_wcstombs_alloc (&psystemroot, HEAP_STR, wsystemroot);
|
2004-10-08 05:28:57 +08:00
|
|
|
}
|
|
|
|
if (size <= 0)
|
2011-04-19 18:15:09 +08:00
|
|
|
debug_printf ("GetSystemWindowsDirectoryW(), %E");
|
2004-10-08 05:28:57 +08:00
|
|
|
}
|
|
|
|
return psystemroot;
|
|
|
|
}
|
|
|
|
|
2003-01-20 10:57:54 +08:00
|
|
|
char *
|
2003-01-24 11:53:46 +08:00
|
|
|
pwdgrp::next_str (char c)
|
2003-01-17 13:18:30 +08:00
|
|
|
{
|
2003-01-24 11:53:46 +08:00
|
|
|
char *res = lptr;
|
2012-10-27 20:09:38 +08:00
|
|
|
lptr = strchrnul (lptr, c);
|
2003-01-27 08:16:01 +08:00
|
|
|
if (*lptr)
|
|
|
|
*lptr++ = '\0';
|
2003-01-24 11:53:46 +08:00
|
|
|
return res;
|
2003-01-20 10:57:54 +08:00
|
|
|
}
|
2003-01-17 13:18:30 +08:00
|
|
|
|
2003-01-26 13:38:38 +08:00
|
|
|
bool
|
|
|
|
pwdgrp::next_num (unsigned long& n)
|
2003-01-24 11:53:46 +08:00
|
|
|
{
|
2003-01-27 08:16:01 +08:00
|
|
|
char *p = next_str (':');
|
2003-01-24 11:53:46 +08:00
|
|
|
char *cp;
|
2003-01-26 13:38:38 +08:00
|
|
|
n = strtoul (p, &cp, 10);
|
|
|
|
return p != cp && !*cp;
|
2003-01-24 11:53:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
pwdgrp::add_line (char *eptr)
|
2003-01-20 10:57:54 +08:00
|
|
|
{
|
2003-01-24 11:53:46 +08:00
|
|
|
if (eptr)
|
2003-01-20 10:57:54 +08:00
|
|
|
{
|
2003-01-24 11:53:46 +08:00
|
|
|
if (curr_lines >= max_lines)
|
|
|
|
{
|
|
|
|
max_lines += 10;
|
2014-02-10 03:44:56 +08:00
|
|
|
pwdgrp_buf = crealloc_abort (pwdgrp_buf,
|
|
|
|
max_lines * pwdgrp_buf_elem_size);
|
2003-01-24 11:53:46 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
lptr = eptr;
|
2003-01-26 13:38:38 +08:00
|
|
|
if ((this->*parse) ())
|
|
|
|
curr_lines++;
|
2003-01-20 10:57:54 +08:00
|
|
|
}
|
2003-01-24 11:53:46 +08:00
|
|
|
return eptr;
|
2003-01-17 13:18:30 +08:00
|
|
|
}
|
|
|
|
|
2003-01-26 13:38:38 +08:00
|
|
|
void
|
2014-02-10 03:44:56 +08:00
|
|
|
cygheap_pwdgrp::init ()
|
2003-01-17 13:18:30 +08:00
|
|
|
{
|
2014-03-13 01:36:56 +08:00
|
|
|
pwd_cache.cygserver.init_pwd ();
|
2014-02-10 03:44:56 +08:00
|
|
|
pwd_cache.file.init_pwd ();
|
|
|
|
pwd_cache.win.init_pwd ();
|
2014-03-13 01:36:56 +08:00
|
|
|
grp_cache.cygserver.init_grp ();
|
2014-02-10 03:44:56 +08:00
|
|
|
grp_cache.file.init_grp ();
|
|
|
|
grp_cache.win.init_grp ();
|
|
|
|
/* Default settings:
|
|
|
|
|
|
|
|
passwd: files db
|
|
|
|
group: files db
|
|
|
|
db_prefix: auto
|
|
|
|
db_cache: yes
|
|
|
|
db_separator: +
|
2014-02-17 23:36:33 +08:00
|
|
|
db_enum: cache builtin
|
2014-02-10 03:44:56 +08:00
|
|
|
*/
|
|
|
|
pwd_src = (NSS_FILES | NSS_DB);
|
|
|
|
grp_src = (NSS_FILES | NSS_DB);
|
|
|
|
prefix = NSS_AUTO;
|
|
|
|
separator[0] = L'+';
|
2014-03-13 01:36:56 +08:00
|
|
|
caching = true;
|
2014-02-17 23:36:33 +08:00
|
|
|
enums = (ENUM_CACHE | ENUM_BUILTIN);
|
|
|
|
enum_tdoms = NULL;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
2007-08-22 01:38:27 +08:00
|
|
|
|
2014-02-17 23:36:33 +08:00
|
|
|
/* The /etc/nsswitch.conf file is read exactly once by the root process of a
|
2014-02-10 03:44:56 +08:00
|
|
|
process tree. We can't afford methodical changes during the lifetime of a
|
|
|
|
process tree. */
|
|
|
|
void
|
|
|
|
cygheap_pwdgrp::nss_init_line (const char *line)
|
|
|
|
{
|
|
|
|
const char *c = line + strspn (line, " \t");
|
|
|
|
switch (*c)
|
|
|
|
{
|
|
|
|
case 'p':
|
|
|
|
case 'g':
|
|
|
|
{
|
|
|
|
int *src = NULL;
|
|
|
|
if (!strncmp (c, "passwd:", 7))
|
|
|
|
{
|
|
|
|
src = &pwd_src;
|
|
|
|
c += 7;
|
|
|
|
}
|
|
|
|
else if (!strncmp (c, "group:", 6))
|
|
|
|
{
|
|
|
|
src = &grp_src;
|
|
|
|
c += 6;
|
|
|
|
}
|
|
|
|
if (src)
|
|
|
|
{
|
|
|
|
*src = 0;
|
|
|
|
while (*c)
|
|
|
|
{
|
|
|
|
c += strspn (c, " \t");
|
|
|
|
if (!*c || *c == '#')
|
|
|
|
break;
|
|
|
|
if (!strncmp (c, "files", 5) && strchr (" \t", c[5]))
|
|
|
|
{
|
|
|
|
*src |= NSS_FILES;
|
|
|
|
c += 5;
|
|
|
|
}
|
|
|
|
else if (!strncmp (c, "db", 2) && strchr (" \t", c[2]))
|
|
|
|
{
|
|
|
|
*src |= NSS_DB;
|
|
|
|
c += 2;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
c += strcspn (c, " \t");
|
|
|
|
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (*src == 0)
|
|
|
|
*src = (NSS_FILES | NSS_DB);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'd':
|
|
|
|
if (strncmp (c, "db_", 3))
|
|
|
|
{
|
|
|
|
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
c += 3;
|
|
|
|
if (!strncmp (c, "prefix:", 7))
|
|
|
|
{
|
|
|
|
c += 7;
|
|
|
|
c += strspn (c, " \t");
|
|
|
|
if (!strncmp (c, "auto", 4) && strchr (" \t", c[4]))
|
|
|
|
prefix = NSS_AUTO;
|
|
|
|
else if (!strncmp (c, "primary", 7) && strchr (" \t", c[7]))
|
|
|
|
prefix = NSS_PRIMARY;
|
|
|
|
else if (!strncmp (c, "always", 6) && strchr (" \t", c[6]))
|
|
|
|
prefix = NSS_ALWAYS;
|
|
|
|
else
|
|
|
|
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
|
|
}
|
|
|
|
else if (!strncmp (c, "separator:", 10))
|
|
|
|
{
|
|
|
|
c += 10;
|
|
|
|
c += strspn (c, " \t");
|
2014-02-12 21:01:10 +08:00
|
|
|
if ((unsigned char) *c <= 0x7f && *c != ':' && strchr (" \t", c[1]))
|
2014-02-10 03:44:56 +08:00
|
|
|
separator[0] = (unsigned char) *c;
|
|
|
|
else
|
|
|
|
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
|
|
}
|
2014-02-17 23:36:33 +08:00
|
|
|
else if (!strncmp (c, "enum:", 5))
|
|
|
|
{
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
char *tdoms = tp.c_get ();
|
|
|
|
char *td = tdoms;
|
|
|
|
int new_enums = ENUM_NONE;
|
|
|
|
|
|
|
|
td[0] = '\0';
|
|
|
|
c += 5;
|
|
|
|
c += strspn (c, " \t");
|
|
|
|
while (!strchr (" \t", *c))
|
|
|
|
{
|
|
|
|
const char *e = c + strcspn (c, " \t");
|
|
|
|
if (!strncmp (c, "none", 4) && strchr (" \t", c[4]))
|
|
|
|
new_enums = ENUM_NONE;
|
|
|
|
else if (!strncmp (c, "builtin", 7) && strchr (" \t", c[7]))
|
|
|
|
new_enums |= ENUM_BUILTIN;
|
|
|
|
else if (!strncmp (c, "cache", 5) && strchr (" \t", c[5]))
|
|
|
|
new_enums |= ENUM_CACHE;
|
|
|
|
else if (!strncmp (c, "files", 5) && strchr (" \t", c[5]))
|
|
|
|
new_enums |= ENUM_FILES;
|
|
|
|
else if (!strncmp (c, "local", 5) && strchr (" \t", c[5]))
|
|
|
|
new_enums |= ENUM_LOCAL;
|
|
|
|
else if (!strncmp (c, "primary", 7) && strchr (" \t", c[7]))
|
|
|
|
new_enums |= ENUM_PRIMARY;
|
|
|
|
else if (!strncmp (c, "alltrusted", 10) && strchr (" \t", c[10]))
|
|
|
|
new_enums |= ENUM_TDOMS | ENUM_TDOMS_ALL;
|
|
|
|
else if (!strncmp (c, "all", 3) && strchr (" \t", c[3]))
|
|
|
|
new_enums |= ENUM_ALL;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
td = stpcpy (stpncpy (td, c, e - c), " ");
|
|
|
|
new_enums |= ENUM_TDOMS;
|
|
|
|
}
|
|
|
|
c = e;
|
|
|
|
c += strspn (c, " \t");
|
|
|
|
}
|
|
|
|
if ((new_enums & (ENUM_TDOMS | ENUM_TDOMS_ALL)) == ENUM_TDOMS)
|
|
|
|
{
|
|
|
|
if (td > tdoms)
|
|
|
|
{
|
|
|
|
PWCHAR spc;
|
|
|
|
sys_mbstowcs_alloc (&enum_tdoms, HEAP_BUF, tdoms);
|
|
|
|
/* Convert string to REG_MULTI_SZ-style. */
|
|
|
|
while ((spc = wcsrchr (enum_tdoms, L' ')))
|
|
|
|
*spc = L'\0';
|
|
|
|
}
|
|
|
|
else
|
|
|
|
new_enums &= ~(ENUM_TDOMS | ENUM_TDOMS_ALL);
|
|
|
|
}
|
|
|
|
enums = new_enums;
|
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
break;
|
|
|
|
case '\0':
|
|
|
|
case '#':
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
debug_printf ("Invalid nsswitch.conf content: %s", line);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
cygheap_pwdgrp::_nss_init ()
|
|
|
|
{
|
|
|
|
UNICODE_STRING path;
|
2007-08-22 01:38:27 +08:00
|
|
|
OBJECT_ATTRIBUTES attr;
|
2014-02-10 03:44:56 +08:00
|
|
|
NT_readline rl;
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
char *buf = tp.c_get ();
|
|
|
|
|
|
|
|
PCWSTR rel_path = L"\\etc\\nsswitch.conf";
|
|
|
|
path.Buffer = (PWCHAR) alloca ((wcslen (cygheap->installation_root)
|
|
|
|
+ wcslen (rel_path) + 1) * sizeof (WCHAR));
|
|
|
|
wcpcpy (wcpcpy (path.Buffer, cygheap->installation_root), rel_path);
|
|
|
|
RtlInitUnicodeString (&path, path.Buffer);
|
|
|
|
InitializeObjectAttributes (&attr, &path, OBJ_CASE_INSENSITIVE,
|
|
|
|
NULL, NULL);
|
|
|
|
if (rl.init (&attr, buf, NT_MAX_PATH))
|
|
|
|
while ((buf = rl.gets ()))
|
|
|
|
nss_init_line (buf);
|
|
|
|
nss_inited = true;
|
|
|
|
}
|
2003-01-26 13:38:38 +08:00
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
/* Override the ParentIndex value of the PDS_DOMAIN_TRUSTSW entry with the
|
|
|
|
PosixOffset. */
|
|
|
|
#define PosixOffset ParentIndex
|
2003-01-20 10:57:54 +08:00
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
bool
|
|
|
|
cygheap_domain_info::init ()
|
|
|
|
{
|
|
|
|
HANDLE lsa;
|
|
|
|
NTSTATUS status;
|
|
|
|
ULONG ret;
|
|
|
|
/* We *have* to copy the information. Apart from our wish to have the
|
|
|
|
stuff in the cygheap, even when not calling LsaFreeMemory on the result,
|
|
|
|
the data will be overwritten later. From what I gather, the information
|
|
|
|
is, in fact, stored on the stack. */
|
|
|
|
PPOLICY_DNS_DOMAIN_INFO pdom;
|
|
|
|
PPOLICY_ACCOUNT_DOMAIN_INFO adom;
|
|
|
|
PDS_DOMAIN_TRUSTSW td;
|
|
|
|
ULONG tdom_cnt;
|
|
|
|
|
|
|
|
if (adom_name)
|
|
|
|
return true;
|
|
|
|
lsa = lsa_open_policy (NULL, POLICY_VIEW_LOCAL_INFORMATION);
|
|
|
|
if (!lsa)
|
|
|
|
{
|
|
|
|
system_printf ("lsa_open_policy(NULL) failed");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
/* Fetch primary domain information from local LSA. */
|
|
|
|
status = LsaQueryInformationPolicy (lsa, PolicyDnsDomainInformation,
|
|
|
|
(PVOID *) &pdom);
|
|
|
|
if (status != STATUS_SUCCESS)
|
2003-01-26 13:38:38 +08:00
|
|
|
{
|
2014-02-12 01:45:09 +08:00
|
|
|
system_printf ("LsaQueryInformationPolicy(Primary) %y", status);
|
2014-02-10 03:44:56 +08:00
|
|
|
return false;
|
2003-01-26 13:38:38 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
/* Copy primary domain info to cygheap. */
|
|
|
|
pdom_name = cwcsdup (pdom->Name.Buffer);
|
|
|
|
pdom_dns_name = pdom->DnsDomainName.Length
|
|
|
|
? cwcsdup (pdom->DnsDomainName.Buffer) : NULL;
|
|
|
|
pdom_sid = pdom->Sid;
|
|
|
|
LsaFreeMemory (pdom);
|
|
|
|
/* Fetch account domain information from local LSA. */
|
|
|
|
status = LsaQueryInformationPolicy (lsa, PolicyAccountDomainInformation,
|
|
|
|
(PVOID *) &adom);
|
|
|
|
if (status != STATUS_SUCCESS)
|
|
|
|
{
|
2014-02-12 01:45:09 +08:00
|
|
|
system_printf ("LsaQueryInformationPolicy(Account) %y", status);
|
2014-02-10 03:44:56 +08:00
|
|
|
return false;
|
|
|
|
}
|
2014-02-11 04:16:55 +08:00
|
|
|
/* Copy account domain info to cygheap. If we're running on a DC the account
|
|
|
|
domain is identical to the primary domain. This leads to confusion when
|
|
|
|
trying to compute the uid/gid values. Therefore we invalidate the account
|
|
|
|
domain name if we're running on a DC. */
|
2014-02-10 03:44:56 +08:00
|
|
|
adom_sid = adom->DomainSid;
|
2014-02-11 04:28:32 +08:00
|
|
|
adom_name = cwcsdup (pdom_sid == adom_sid ? L"@" : adom->DomainName.Buffer);
|
2014-02-10 03:44:56 +08:00
|
|
|
LsaFreeMemory (adom);
|
|
|
|
lsa_close_policy (lsa);
|
|
|
|
if (cygheap->dom.member_machine ())
|
|
|
|
{
|
|
|
|
/* For a domain member machine fetch all trusted domain info. */
|
|
|
|
lowest_tdo_posix_offset = UNIX_POSIX_OFFSET - 1;
|
|
|
|
ret = DsEnumerateDomainTrustsW (NULL, DS_DOMAIN_DIRECT_INBOUND
|
|
|
|
| DS_DOMAIN_DIRECT_OUTBOUND
|
|
|
|
| DS_DOMAIN_IN_FOREST,
|
|
|
|
&td, &tdom_cnt);
|
|
|
|
if (ret != ERROR_SUCCESS)
|
|
|
|
{
|
|
|
|
SetLastError (ret);
|
|
|
|
debug_printf ("DsEnumerateDomainTrusts: %E");
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
if (tdom_cnt == 0)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
/* Copy trusted domain info to cygheap, setting PosixOffset on the fly. */
|
|
|
|
tdom = (PDS_DOMAIN_TRUSTSW)
|
|
|
|
cmalloc_abort (HEAP_BUF, tdom_cnt * sizeof (DS_DOMAIN_TRUSTSW));
|
|
|
|
memcpy (tdom, td, tdom_cnt * sizeof (DS_DOMAIN_TRUSTSW));
|
|
|
|
for (ULONG idx = 0; idx < tdom_cnt; ++idx)
|
|
|
|
{
|
|
|
|
/* Copy... */
|
|
|
|
tdom[idx].NetbiosDomainName = cwcsdup (td[idx].NetbiosDomainName);
|
2014-02-13 22:04:03 +08:00
|
|
|
/* DnsDomainName as well as DomainSid can be NULL. The reason is
|
|
|
|
usually a domain of type TRUST_TYPE_DOWNLEVEL. This can be an
|
|
|
|
old pre-AD domain, or a Netware domain, etc. If DnsDomainName
|
|
|
|
is NULL, just set it to NetbiosDomainName. This simplifies
|
|
|
|
subsequent code which doesn't have to check for a NULL pointer. */
|
|
|
|
tdom[idx].DnsDomainName = td[idx].DnsDomainName
|
|
|
|
? cwcsdup (td[idx].DnsDomainName)
|
|
|
|
: tdom[idx].NetbiosDomainName;
|
|
|
|
if (td[idx].DomainSid)
|
|
|
|
{
|
|
|
|
ULONG len = RtlLengthSid (td[idx].DomainSid);
|
|
|
|
tdom[idx].DomainSid = cmalloc_abort(HEAP_BUF, len);
|
|
|
|
RtlCopySid (len, tdom[idx].DomainSid, td[idx].DomainSid);
|
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
/* ...and set PosixOffset to 0. This */
|
|
|
|
tdom[idx].PosixOffset = 0;
|
|
|
|
}
|
|
|
|
NetApiBufferFree (td);
|
|
|
|
tdom_count = tdom_cnt;
|
|
|
|
}
|
2014-02-13 22:04:03 +08:00
|
|
|
/* If we have Microsoft Client for NFS installed, we make use of a name
|
|
|
|
mapping server. This can be either Active Directory to map uids/gids
|
|
|
|
directly to Windows SIDs, or an AD LDS or other RFC 2307 compatible
|
|
|
|
identity store. The name of the mapping domain can be fetched from the
|
|
|
|
registry key created by the NFS client installation and entered by the
|
|
|
|
user via nfsadmin or the "Services For NFS" MMC snap-in.
|
2014-02-10 03:44:56 +08:00
|
|
|
|
|
|
|
Reference:
|
|
|
|
http://blogs.technet.com/b/filecab/archive/2012/10/09/nfs-identity-mapping-in-windows-server-2012.aspx
|
|
|
|
Note that we neither support UNMP nor local passwd/group file mapping,
|
|
|
|
nor UUUA.
|
|
|
|
|
|
|
|
This function returns the mapping server from the aforementioned registry
|
|
|
|
key, or, if none is configured, NULL, which will be resolved to the
|
|
|
|
primary domain of the machine by the ldap_init function.
|
|
|
|
|
|
|
|
The latter is useful to get an RFC 2307 mapping for Samba UNIX accounts,
|
|
|
|
even if no NFS name mapping is configured on the machine. Fortunately,
|
|
|
|
the posixAccount and posixGroup schemas are already available in the
|
|
|
|
Active Directory default setup since Windows Server 2003 R2. */
|
|
|
|
reg_key reg (HKEY_LOCAL_MACHINE, KEY_READ | KEY_WOW64_64KEY,
|
|
|
|
L"SOFTWARE", L"Microsoft", L"ServicesForNFS", NULL);
|
|
|
|
if (!reg.error ())
|
|
|
|
{
|
|
|
|
DWORD rfc2307 = reg.get_dword (L"Rfc2307", 0);
|
|
|
|
if (rfc2307)
|
|
|
|
{
|
|
|
|
rfc2307_domain_buf = (PWCHAR) ccalloc_abort (HEAP_STR, 257,
|
|
|
|
sizeof (WCHAR));
|
|
|
|
reg.get_string (L"Rfc2307Domain", rfc2307_domain_buf, 257, L"");
|
|
|
|
if (!rfc2307_domain_buf[0])
|
|
|
|
{
|
|
|
|
cfree (rfc2307_domain_buf);
|
|
|
|
rfc2307_domain_buf = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
2008-07-25 02:25:52 +08:00
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
/* Per session, so it changes potentially when switching the user context. */
|
|
|
|
static cygsid logon_sid ("");
|
2008-07-25 02:25:52 +08:00
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
static void
|
|
|
|
get_logon_sid ()
|
|
|
|
{
|
|
|
|
if (PSID (logon_sid) == NO_SID)
|
|
|
|
{
|
|
|
|
NTSTATUS status;
|
|
|
|
ULONG size;
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
PTOKEN_GROUPS groups = (PTOKEN_GROUPS) tp.c_get ();
|
2008-07-25 02:25:52 +08:00
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
status = NtQueryInformationToken (hProcToken, TokenGroups, groups,
|
|
|
|
NT_MAX_PATH, &size);
|
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
debug_printf ("NtQueryInformationToken() %y", status);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
|
|
|
|
if (groups->Groups[pg].Attributes & SE_GROUP_LOGON_ID)
|
|
|
|
{
|
|
|
|
logon_sid = groups->Groups[pg].Sid;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
2014-02-17 23:36:33 +08:00
|
|
|
pwdgrp::add_account_post_fetch (char *line, bool lock)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
if (line)
|
|
|
|
{
|
|
|
|
void *ret;
|
2014-02-17 23:36:33 +08:00
|
|
|
if (lock)
|
|
|
|
pglock.init ("pglock")->acquire ();
|
2014-02-10 03:44:56 +08:00
|
|
|
add_line (line);
|
|
|
|
ret = ((char *) pwdgrp_buf) + (curr_lines - 1) * pwdgrp_buf_elem_size;
|
2014-02-17 23:36:33 +08:00
|
|
|
if (lock)
|
|
|
|
pglock.release ();
|
2014-02-10 03:44:56 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
pwdgrp::add_account_from_file (cygpsid &sid)
|
|
|
|
{
|
|
|
|
if (!path.MaximumLength)
|
|
|
|
return NULL;
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = SID_arg;
|
|
|
|
arg.sid = &sid;
|
|
|
|
char *line = fetch_account_from_file (arg);
|
2014-02-17 23:36:33 +08:00
|
|
|
return (struct passwd *) add_account_post_fetch (line, true);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
pwdgrp::add_account_from_file (const char *name)
|
|
|
|
{
|
|
|
|
if (!path.MaximumLength)
|
|
|
|
return NULL;
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = NAME_arg;
|
|
|
|
arg.name = name;
|
|
|
|
char *line = fetch_account_from_file (arg);
|
2014-02-17 23:36:33 +08:00
|
|
|
return (struct passwd *) add_account_post_fetch (line, true);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
pwdgrp::add_account_from_file (uint32_t id)
|
|
|
|
{
|
|
|
|
if (!path.MaximumLength)
|
|
|
|
return NULL;
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = ID_arg;
|
|
|
|
arg.id = id;
|
|
|
|
char *line = fetch_account_from_file (arg);
|
2014-02-17 23:36:33 +08:00
|
|
|
return (struct passwd *) add_account_post_fetch (line, true);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
2014-03-08 04:38:48 +08:00
|
|
|
pwdgrp::add_account_from_windows (cygpsid &sid, cyg_ldap *pldap)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = SID_arg;
|
|
|
|
arg.sid = &sid;
|
2014-03-08 04:38:48 +08:00
|
|
|
char *line = fetch_account_from_windows (arg, pldap);
|
2014-02-10 03:44:56 +08:00
|
|
|
if (!line)
|
|
|
|
return NULL;
|
2014-03-13 01:36:56 +08:00
|
|
|
return add_account_post_fetch (line, true);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
2014-03-08 04:38:48 +08:00
|
|
|
pwdgrp::add_account_from_windows (const char *name, cyg_ldap *pldap)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = NAME_arg;
|
|
|
|
arg.name = name;
|
2014-03-08 04:38:48 +08:00
|
|
|
char *line = fetch_account_from_windows (arg, pldap);
|
2014-02-10 03:44:56 +08:00
|
|
|
if (!line)
|
|
|
|
return NULL;
|
2014-03-13 01:36:56 +08:00
|
|
|
return add_account_post_fetch (line, true);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
2014-03-08 04:38:48 +08:00
|
|
|
pwdgrp::add_account_from_windows (uint32_t id, cyg_ldap *pldap)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = ID_arg;
|
|
|
|
arg.id = id;
|
2014-03-08 04:38:48 +08:00
|
|
|
char *line = fetch_account_from_windows (arg, pldap);
|
2014-02-10 03:44:56 +08:00
|
|
|
if (!line)
|
|
|
|
return NULL;
|
2014-03-13 01:36:56 +08:00
|
|
|
return add_account_post_fetch (line, true);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Check if file exists and if it has been written to since last checked.
|
|
|
|
If file has been changed, invalidate the current cache.
|
|
|
|
|
|
|
|
If the file doesn't exist when this function is called the first time,
|
|
|
|
by the first Cygwin process in a process tree, the file will never be
|
|
|
|
visited again by any process in this process tree. This is important,
|
|
|
|
because we cannot allow a change of UID/GID values for the lifetime
|
|
|
|
of a process tree.
|
|
|
|
|
|
|
|
If the file gets deleted or unreadable, the file cache will stay in
|
|
|
|
place, but we won't try to read new accounts from the file.
|
|
|
|
|
|
|
|
The return code indicates to the calling function if the file exists. */
|
|
|
|
bool
|
2014-03-08 04:38:48 +08:00
|
|
|
pwdgrp::check_file ()
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
FILE_BASIC_INFORMATION fbi;
|
|
|
|
NTSTATUS status;
|
|
|
|
|
|
|
|
if (!path.Buffer)
|
2003-01-20 10:57:54 +08:00
|
|
|
{
|
2014-03-08 04:38:48 +08:00
|
|
|
PCWSTR rel_path = is_group () ? L"\\etc\\group" : L"\\etc\\passwd";
|
2014-02-10 03:44:56 +08:00
|
|
|
path.Buffer = (PWCHAR) cmalloc_abort (HEAP_BUF,
|
|
|
|
(wcslen (cygheap->installation_root)
|
|
|
|
+ wcslen (rel_path) + 1)
|
|
|
|
* sizeof (WCHAR));
|
|
|
|
wcpcpy (wcpcpy (path.Buffer, cygheap->installation_root), rel_path);
|
|
|
|
RtlInitUnicodeString (&path, path.Buffer);
|
|
|
|
InitializeObjectAttributes (&attr, &path, OBJ_CASE_INSENSITIVE,
|
|
|
|
NULL, NULL);
|
2003-01-17 13:18:30 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
else if (path.MaximumLength == 0) /* Indicates that the file doesn't exist. */
|
|
|
|
return false;
|
|
|
|
status = NtQueryAttributesFile (&attr, &fbi);
|
2007-08-22 01:38:27 +08:00
|
|
|
if (!NT_SUCCESS (status))
|
|
|
|
{
|
2014-02-10 03:44:56 +08:00
|
|
|
if (last_modified.QuadPart)
|
|
|
|
last_modified.QuadPart = 0LL;
|
|
|
|
else
|
|
|
|
path.MaximumLength = 0;
|
|
|
|
return false;
|
2007-08-22 01:38:27 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
if (fbi.LastWriteTime.QuadPart > last_modified.QuadPart)
|
2007-08-22 01:38:27 +08:00
|
|
|
{
|
2014-02-10 03:44:56 +08:00
|
|
|
last_modified.QuadPart = fbi.LastWriteTime.QuadPart;
|
|
|
|
if (curr_lines > 0)
|
|
|
|
{
|
|
|
|
pglock.init ("pglock")->acquire ();
|
|
|
|
int curr = curr_lines;
|
|
|
|
curr_lines = 0;
|
|
|
|
for (int i = 0; i < curr; ++i)
|
2014-03-08 04:38:48 +08:00
|
|
|
cfree (is_group () ? this->group ()[i].g.gr_name
|
2014-02-10 03:44:56 +08:00
|
|
|
: this->passwd ()[i].p.pw_name);
|
|
|
|
pglock.release ();
|
|
|
|
}
|
2007-08-22 01:38:27 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
pwdgrp::fetch_account_from_line (fetch_user_arg_t &arg, const char *line)
|
|
|
|
{
|
|
|
|
char *p, *e;
|
|
|
|
|
|
|
|
switch (arg.type)
|
|
|
|
{
|
|
|
|
case SID_arg:
|
|
|
|
/* Ignore fields, just scan for SID string. */
|
|
|
|
if (!(p = strstr (line, arg.name)) || p[arg.len] != ':')
|
|
|
|
return NULL;
|
|
|
|
break;
|
|
|
|
case NAME_arg:
|
|
|
|
/* First field is always name. */
|
|
|
|
if (!strncasematch (line, arg.name, arg.len) || line[arg.len] != ':')
|
|
|
|
return NULL;
|
|
|
|
break;
|
|
|
|
case ID_arg:
|
|
|
|
/* Skip to third field. */
|
|
|
|
if (!(p = strchr (line, ':')) || !(p = strchr (p + 1, ':')))
|
|
|
|
return NULL;
|
|
|
|
if (strtoul (p + 1, &e, 10) != arg.id || !e || *e != ':')
|
|
|
|
return NULL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return cstrdup (line);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
pwdgrp::fetch_account_from_file (fetch_user_arg_t &arg)
|
|
|
|
{
|
|
|
|
NT_readline rl;
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
char *buf = tp.c_get ();
|
2014-02-13 22:04:03 +08:00
|
|
|
char str[128];
|
2014-02-10 03:44:56 +08:00
|
|
|
char *ret = NULL;
|
|
|
|
|
|
|
|
/* Create search string. */
|
|
|
|
switch (arg.type)
|
|
|
|
{
|
|
|
|
case SID_arg:
|
|
|
|
/* Override SID with SID string. */
|
|
|
|
arg.sid->string (str);
|
|
|
|
arg.name = str;
|
|
|
|
/*FALLTHRU*/
|
|
|
|
case NAME_arg:
|
|
|
|
arg.len = strlen (arg.name);
|
|
|
|
break;
|
|
|
|
case ID_arg:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (rl.init (&attr, buf, NT_MAX_PATH))
|
|
|
|
while ((buf = rl.gets ()))
|
|
|
|
if ((ret = fetch_account_from_line (arg, buf)))
|
|
|
|
return ret;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2014-02-13 22:04:03 +08:00
|
|
|
static ULONG
|
2014-02-27 20:57:27 +08:00
|
|
|
fetch_posix_offset (PDS_DOMAIN_TRUSTSW td, cyg_ldap *cldap)
|
2014-02-13 22:04:03 +08:00
|
|
|
{
|
|
|
|
uint32_t id_val;
|
|
|
|
|
|
|
|
if (!td->PosixOffset && !(td->Flags & DS_DOMAIN_PRIMARY) && td->DomainSid)
|
|
|
|
{
|
2014-02-27 20:57:27 +08:00
|
|
|
if (!cldap->open (NULL))
|
2014-02-13 22:04:03 +08:00
|
|
|
{
|
|
|
|
/* We're probably running under a local account, so we're not allowed
|
|
|
|
to fetch any information from AD beyond the most obvious. Never
|
|
|
|
mind, just fake a reasonable posix offset. */
|
|
|
|
id_val = cygheap->dom.lowest_tdo_posix_offset
|
|
|
|
- 0x01000000;
|
|
|
|
}
|
|
|
|
else
|
2014-02-27 20:57:27 +08:00
|
|
|
id_val = cldap->fetch_posix_offset_for_domain (td->DnsDomainName);
|
2014-02-13 22:04:03 +08:00
|
|
|
if (id_val)
|
|
|
|
{
|
|
|
|
td->PosixOffset = id_val;
|
|
|
|
if (id_val < cygheap->dom.lowest_tdo_posix_offset)
|
|
|
|
cygheap->dom.lowest_tdo_posix_offset = id_val;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return td->PosixOffset;
|
|
|
|
}
|
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
char *
|
2014-03-08 04:38:48 +08:00
|
|
|
pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
/* Used in LookupAccount calls. */
|
|
|
|
WCHAR namebuf[UNLEN + 1], *name = namebuf;
|
|
|
|
WCHAR dom[DNLEN + 1] = L"";
|
|
|
|
cygsid csid;
|
|
|
|
DWORD nlen = UNLEN + 1;
|
|
|
|
DWORD dlen = DNLEN + 1;
|
|
|
|
DWORD slen = MAX_SID_LEN;
|
2014-02-27 20:57:27 +08:00
|
|
|
cygpsid sid (NO_SID);
|
2014-02-10 03:44:56 +08:00
|
|
|
SID_NAME_USE acc_type;
|
|
|
|
BOOL ret = false;
|
|
|
|
/* Cygwin user name style. */
|
|
|
|
enum {
|
|
|
|
name_only,
|
|
|
|
plus_prepended,
|
|
|
|
fully_qualified
|
|
|
|
} name_style = name_only;
|
|
|
|
/* Computed stuff. */
|
|
|
|
uid_t uid = ILLEGAL_UID;
|
|
|
|
gid_t gid = ILLEGAL_GID;
|
|
|
|
bool is_domain_account = true;
|
|
|
|
PCWSTR domain = NULL;
|
|
|
|
PWCHAR shell = NULL;
|
|
|
|
PWCHAR user = NULL;
|
|
|
|
PWCHAR home = NULL;
|
|
|
|
PWCHAR gecos = NULL;
|
2014-02-27 20:57:27 +08:00
|
|
|
/* Temporary stuff. */
|
2014-02-10 03:44:56 +08:00
|
|
|
PWCHAR p;
|
|
|
|
WCHAR sidstr[128];
|
|
|
|
ULONG posix_offset = 0;
|
2014-02-11 19:51:29 +08:00
|
|
|
uint32_t id_val;
|
2014-02-27 20:57:27 +08:00
|
|
|
cyg_ldap loc_ldap;
|
|
|
|
cyg_ldap *cldap = pldap ?: &loc_ldap;
|
2014-02-10 03:44:56 +08:00
|
|
|
|
|
|
|
/* Initialize */
|
|
|
|
if (!cygheap->dom.init ())
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
switch (arg.type)
|
2007-08-22 01:38:27 +08:00
|
|
|
{
|
2014-02-10 03:44:56 +08:00
|
|
|
case SID_arg:
|
|
|
|
sid = *arg.sid;
|
|
|
|
ret = LookupAccountSidW (NULL, sid, name, &nlen, dom, &dlen, &acc_type);
|
2014-02-17 23:36:33 +08:00
|
|
|
if (!ret
|
|
|
|
&& cygheap->dom.member_machine ()
|
|
|
|
&& sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
|
|
|
&& sid_sub_auth (sid, 0) == SECURITY_BUILTIN_DOMAIN_RID)
|
|
|
|
{
|
|
|
|
/* LookupAccountSid called on a non-DC cannot resolve aliases which
|
|
|
|
are not defined in the local SAM. If we encounter an alias which
|
|
|
|
can't be resolved, and if we're a domain member machine, ask a DC.
|
|
|
|
Do *not* use LookupAccountSidW. It can take ages when called on a
|
|
|
|
DC for some weird reason. Use LDAP instead. */
|
|
|
|
PWCHAR val;
|
|
|
|
|
2014-02-27 20:57:27 +08:00
|
|
|
if (cldap->open (NULL)
|
2014-03-08 04:38:48 +08:00
|
|
|
&& cldap->fetch_ad_account (sid, is_group ())
|
2014-02-27 20:57:27 +08:00
|
|
|
&& (val = cldap->get_group_name ()))
|
2014-02-17 23:36:33 +08:00
|
|
|
{
|
|
|
|
wcpcpy (name, val);
|
|
|
|
wcpcpy (dom, L"BUILTIN");
|
|
|
|
acc_type = SidTypeAlias;
|
|
|
|
ret = true;
|
|
|
|
}
|
|
|
|
}
|
2014-02-13 22:04:03 +08:00
|
|
|
if (!ret)
|
|
|
|
debug_printf ("LookupAccountSid(%W), %E", sid.string (sidstr));
|
2014-02-10 03:44:56 +08:00
|
|
|
break;
|
|
|
|
case NAME_arg:
|
|
|
|
/* Skip leading domain separator. This denotes an alias or well-known
|
|
|
|
group, which will be found first by LookupAccountNameW anyway.
|
|
|
|
Otherwise, if the name has no leading domain name, it's either a
|
|
|
|
standalone machine, or the username must be from the primary domain.
|
|
|
|
In the latter case, prepend the primary domain name so as not to
|
|
|
|
collide with an account from the account domain with the same name. */
|
|
|
|
p = name;
|
|
|
|
if (*arg.name == cygheap->pg.nss_separator ()[0])
|
|
|
|
++arg.name;
|
|
|
|
else if (!strchr (arg.name, cygheap->pg.nss_separator ()[0])
|
|
|
|
&& cygheap->dom.member_machine ())
|
|
|
|
p = wcpcpy (wcpcpy (p, cygheap->dom.primary_flat_name ()),
|
|
|
|
cygheap->pg.nss_separator ());
|
|
|
|
/* Now fill up with name to search. */
|
|
|
|
sys_mbstowcs (p, UNLEN + 1, arg.name);
|
|
|
|
/* Replace domain separator char with backslash and make sure p is NULL
|
|
|
|
or points to the backslash, so... */
|
|
|
|
if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))
|
|
|
|
*p = L'\\';
|
|
|
|
sid = csid;
|
|
|
|
ret = LookupAccountNameW (NULL, name, sid, &slen, dom, &dlen, &acc_type);
|
|
|
|
if (!ret)
|
|
|
|
{
|
|
|
|
debug_printf ("LookupAccountNameW (%W), %E", name);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
/* ... we can skip the backslash in the rest of this function. */
|
|
|
|
if (p)
|
|
|
|
name = p + 1;
|
|
|
|
break;
|
|
|
|
case ID_arg:
|
|
|
|
/* Construct SID from ID using the SFU rules, just like the code below
|
|
|
|
goes the opposite route. */
|
|
|
|
#ifndef INTERIX_COMPATIBLE
|
|
|
|
/* Except for Builtin and Alias groups in the SECURITY_NT_AUTHORITY.
|
|
|
|
We create uid/gid values compatible with the old values generated
|
|
|
|
by mkpasswd/mkgroup. */
|
|
|
|
if (arg.id < 0x200)
|
|
|
|
__small_swprintf (sidstr, L"S-1-5-%u", arg.id & 0x1ff);
|
|
|
|
else if (arg.id <= 0x7ff)
|
|
|
|
__small_swprintf (sidstr, L"S-1-5-32-%u", arg.id & 0x7ff);
|
|
|
|
else
|
|
|
|
#endif
|
|
|
|
if (arg.id == 0xffe)
|
|
|
|
{
|
|
|
|
/* OtherSession != Logon SID. */
|
|
|
|
get_logon_sid ();
|
|
|
|
/* LookupAccountSidW will fail. */
|
|
|
|
sid = csid = logon_sid;
|
|
|
|
sid_sub_auth_rid (sid) = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else if (arg.id == 0xfff)
|
|
|
|
{
|
|
|
|
/* CurrentSession == Logon SID. */
|
|
|
|
get_logon_sid ();
|
|
|
|
/* LookupAccountSidW will fail. */
|
|
|
|
sid = logon_sid;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else if (arg.id < 0x10000)
|
|
|
|
{
|
|
|
|
/* Nothing. */
|
|
|
|
debug_printf ("Invalid POSIX id %u", arg.id);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
else if (arg.id < 0x20000)
|
|
|
|
{
|
|
|
|
/* Well-Known Group */
|
|
|
|
arg.id -= 0x10000;
|
|
|
|
__small_swprintf (sidstr, L"S-1-%u-%u", arg.id >> 8, arg.id & 0xff);
|
|
|
|
}
|
|
|
|
else if (arg.id >= 0x30000 && arg.id < 0x40000)
|
|
|
|
{
|
|
|
|
/* Account domain user or group. */
|
|
|
|
PWCHAR s = cygheap->dom.account_sid ().pstring (sidstr);
|
|
|
|
__small_swprintf (s, L"-%u", arg.id & 0xffff);
|
|
|
|
}
|
|
|
|
else if (arg.id < 0x60000)
|
|
|
|
{
|
|
|
|
/* Builtin Alias */
|
|
|
|
__small_swprintf (sidstr, L"S-1-5-%u-%u",
|
|
|
|
arg.id >> 12, arg.id & 0xffff);
|
|
|
|
}
|
|
|
|
else if (arg.id < 0x70000)
|
|
|
|
{
|
|
|
|
/* Mandatory Label. */
|
|
|
|
__small_swprintf (sidstr, L"S-1-16-%u", arg.id & 0xffff);
|
|
|
|
}
|
|
|
|
else if (arg.id < 0x80000)
|
|
|
|
{
|
|
|
|
/* Identity assertion SIDs. */
|
|
|
|
__small_swprintf (sidstr, L"S-1-18-%u", arg.id & 0xffff);
|
|
|
|
}
|
|
|
|
else if (arg.id < 0x100000)
|
|
|
|
{
|
|
|
|
/* Nothing. */
|
|
|
|
debug_printf ("Invalid POSIX id %u", arg.id);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
else if (arg.id == ILLEGAL_UID)
|
|
|
|
{
|
|
|
|
/* Just some fake. */
|
|
|
|
sid = csid = "S-1-99-0";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else if (arg.id >= UNIX_POSIX_OFFSET)
|
|
|
|
{
|
|
|
|
/* UNIX (unknown NFS or Samba) user account. */
|
|
|
|
__small_swprintf (sidstr, L"S-1-22-%u-%u",
|
2014-03-08 04:38:48 +08:00
|
|
|
is_group () ? 2 : 1, arg.id & UNIX_POSIX_MASK);
|
2014-02-10 03:44:56 +08:00
|
|
|
/* LookupAccountSidW will fail. */
|
|
|
|
sid = csid = sidstr;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Some trusted domain? */
|
|
|
|
PDS_DOMAIN_TRUSTSW td = NULL;
|
|
|
|
|
|
|
|
for (ULONG idx = 0; (td = cygheap->dom.trusted_domain (idx)); ++idx)
|
|
|
|
{
|
2014-02-27 20:57:27 +08:00
|
|
|
fetch_posix_offset (td, cldap);
|
2014-02-10 03:44:56 +08:00
|
|
|
if (td->PosixOffset > posix_offset && td->PosixOffset <= arg.id)
|
|
|
|
posix_offset = td->PosixOffset;
|
|
|
|
}
|
|
|
|
if (posix_offset)
|
|
|
|
{
|
|
|
|
cygpsid tsid (td->DomainSid);
|
|
|
|
PWCHAR s = tsid.pstring (sidstr);
|
|
|
|
__small_swprintf (s, L"-%u", arg.id - posix_offset);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Primary domain */
|
|
|
|
PWCHAR s = cygheap->dom.primary_sid ().pstring (sidstr);
|
|
|
|
__small_swprintf (s, L"-%u", arg.id - 0x100000);
|
|
|
|
}
|
|
|
|
posix_offset = 0;
|
|
|
|
}
|
|
|
|
sid = csid = sidstr;
|
|
|
|
ret = LookupAccountSidW (NULL, sid, name, &nlen, dom, &dlen, &acc_type);
|
|
|
|
if (!ret)
|
|
|
|
{
|
|
|
|
debug_printf ("LookupAccountSidW (%W), %E", sidstr);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
break;
|
2007-08-22 01:38:27 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
/* Builtin account? SYSTEM, for instance, is returned as SidTypeUser,
|
|
|
|
if a process is running as LocalSystem service. */
|
|
|
|
if (acc_type == SidTypeUser && sid_sub_auth_count (sid) <= 3)
|
|
|
|
acc_type = SidTypeWellKnownGroup;
|
|
|
|
switch (acc_type)
|
|
|
|
{
|
|
|
|
case SidTypeUser:
|
|
|
|
case SidTypeGroup:
|
2014-02-11 19:51:29 +08:00
|
|
|
case SidTypeAlias:
|
|
|
|
/* Predefined alias? */
|
|
|
|
if (acc_type == SidTypeAlias
|
|
|
|
&& sid_sub_auth (sid, 0) != SECURITY_NT_NON_UNIQUE)
|
|
|
|
{
|
|
|
|
#ifdef INTERIX_COMPATIBLE
|
|
|
|
posix_offset = 0x30000;
|
|
|
|
uid = 0x1000 * sid_sub_auth (sid, 0)
|
|
|
|
+ (sid_sub_auth_rid (sid) & 0xffff);
|
|
|
|
#else
|
|
|
|
posix_offset = 0;
|
|
|
|
#endif
|
|
|
|
name_style = (cygheap->pg.nss_prefix_always ()) ? fully_qualified
|
|
|
|
: plus_prepended;
|
|
|
|
domain = cygheap->dom.account_flat_name ();
|
|
|
|
is_domain_account = false;
|
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
/* Account domain account? */
|
2014-02-11 19:51:29 +08:00
|
|
|
else if (!wcscmp (dom, cygheap->dom.account_flat_name ()))
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
posix_offset = 0x30000;
|
|
|
|
if (cygheap->dom.member_machine ()
|
|
|
|
|| !cygheap->pg.nss_prefix_auto ())
|
|
|
|
name_style = fully_qualified;
|
|
|
|
domain = cygheap->dom.account_flat_name ();
|
|
|
|
is_domain_account = false;
|
|
|
|
}
|
|
|
|
/* Domain member machine? */
|
|
|
|
else if (cygheap->dom.member_machine ())
|
|
|
|
{
|
|
|
|
/* Primary domain account? */
|
|
|
|
if (!wcscmp (dom, cygheap->dom.primary_flat_name ()))
|
|
|
|
{
|
|
|
|
posix_offset = 0x100000;
|
|
|
|
/* In theory domain should have been set to
|
|
|
|
cygheap->dom.primary_dns_name (), but it turns out
|
|
|
|
that not setting the domain here has advantages.
|
|
|
|
We open the ldap connection to NULL (== some domain
|
|
|
|
control of our primary domain) anyway. So the domain
|
|
|
|
is only used
|
|
|
|
later on. So, don't set domain here to non-NULL, unless
|
|
|
|
you're sure you have also changed subsequent assumptions
|
|
|
|
that domain is NULL if it's a primary domain account. */
|
|
|
|
domain = NULL;
|
|
|
|
if (!cygheap->pg.nss_prefix_auto ())
|
|
|
|
name_style = fully_qualified;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* No, fetch POSIX offset. */
|
|
|
|
PDS_DOMAIN_TRUSTSW td = NULL;
|
|
|
|
|
|
|
|
name_style = fully_qualified;
|
|
|
|
for (ULONG idx = 0;
|
|
|
|
(td = cygheap->dom.trusted_domain (idx));
|
|
|
|
++idx)
|
2014-02-13 22:04:03 +08:00
|
|
|
if (!wcscmp (dom, td->NetbiosDomainName))
|
|
|
|
{
|
|
|
|
domain = td->DnsDomainName;
|
|
|
|
posix_offset =
|
2014-02-27 20:57:27 +08:00
|
|
|
fetch_posix_offset (td, cldap);
|
2014-02-13 22:04:03 +08:00
|
|
|
break;
|
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
|
|
|
|
if (!domain)
|
|
|
|
{
|
|
|
|
debug_printf ("Unknown domain %W", dom);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* If the domain returned by LookupAccountSid is not our machine
|
|
|
|
name, and if our machine is no domain member, we lose. We have
|
|
|
|
nobody to ask for the POSIX offset. */
|
|
|
|
else
|
|
|
|
{
|
|
|
|
debug_printf ("Unknown domain %W", dom);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
/* Generate values. */
|
2014-02-11 19:51:29 +08:00
|
|
|
if (uid == ILLEGAL_UID)
|
|
|
|
uid = posix_offset + sid_sub_auth_rid (sid);
|
2014-02-10 03:44:56 +08:00
|
|
|
|
|
|
|
if (is_domain_account)
|
|
|
|
{
|
2014-03-01 03:10:40 +08:00
|
|
|
/* We only care for the extended user information if we're
|
|
|
|
creating a passwd entry and the account is, in fact, a user. */
|
2014-03-08 04:38:48 +08:00
|
|
|
if (is_group () || acc_type != SidTypeUser)
|
2014-02-27 20:57:27 +08:00
|
|
|
break;
|
|
|
|
|
2014-02-28 19:37:02 +08:00
|
|
|
/* Default primary group. If the sid is the current user, fetch
|
|
|
|
the default group from the current user token, otherwise make
|
|
|
|
the educated guess that the user is in group "Domain Users"
|
|
|
|
or "None". */
|
|
|
|
if (sid == cygheap->user.sid ())
|
|
|
|
gid = posix_offset
|
|
|
|
+ sid_sub_auth_rid (cygheap->user.groups.pgsid);
|
|
|
|
else
|
|
|
|
gid = posix_offset + DOMAIN_GROUP_RID_USERS;
|
|
|
|
|
2014-02-10 03:44:56 +08:00
|
|
|
/* Use LDAP to fetch domain account infos. */
|
2014-02-27 20:57:27 +08:00
|
|
|
if (!cldap->open (NULL))
|
2014-02-10 03:44:56 +08:00
|
|
|
break;
|
2014-03-08 04:38:48 +08:00
|
|
|
if (cldap->fetch_ad_account (sid, is_group ()))
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
PWCHAR val;
|
2014-02-27 20:57:27 +08:00
|
|
|
|
|
|
|
if ((id_val = cldap->get_primary_gid ()) != ILLEGAL_GID)
|
|
|
|
gid = posix_offset + id_val;
|
|
|
|
if ((val = cldap->get_user_name ())
|
|
|
|
&& wcscmp (name, val))
|
|
|
|
user = wcscpy ((PWCHAR) alloca ((wcslen (val) + 1)
|
|
|
|
* sizeof (WCHAR)), val);
|
|
|
|
if ((val = cldap->get_gecos ()))
|
|
|
|
gecos = wcscpy ((PWCHAR) alloca ((wcslen (val) + 1)
|
|
|
|
* sizeof (WCHAR)), val);
|
|
|
|
if ((val = cldap->get_home ()))
|
|
|
|
home = wcscpy ((PWCHAR) alloca ((wcslen (val) + 1)
|
|
|
|
* sizeof (WCHAR)), val);
|
|
|
|
if ((val = cldap->get_shell ()))
|
|
|
|
shell = wcscpy ((PWCHAR) alloca ((wcslen (val) + 1)
|
|
|
|
* sizeof (WCHAR)), val);
|
|
|
|
/* Check and, if necessary, add unix<->windows id mapping on
|
|
|
|
the fly, unless we're called from getpwent. */
|
|
|
|
if (!pldap)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
2014-02-27 20:57:27 +08:00
|
|
|
id_val = cldap->get_unix_uid ();
|
|
|
|
if (id_val != ILLEGAL_UID
|
|
|
|
&& cygheap->ugid_cache.get_uid (id_val)
|
|
|
|
== ILLEGAL_UID)
|
|
|
|
cygheap->ugid_cache.add_uid (id_val, uid);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* Otherwise check account domain (local SAM).*/
|
2014-02-11 19:51:29 +08:00
|
|
|
else
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
|
|
|
NET_API_STATUS nas;
|
|
|
|
PUSER_INFO_4 ui;
|
2014-02-11 19:51:29 +08:00
|
|
|
PLOCALGROUP_INFO_1 gi;
|
|
|
|
PCWSTR comment;
|
|
|
|
PWCHAR pgrp = NULL;
|
|
|
|
PWCHAR uxid = NULL;
|
|
|
|
struct {
|
|
|
|
PCWSTR str;
|
|
|
|
size_t len;
|
|
|
|
PWCHAR *tgt;
|
|
|
|
bool group;
|
|
|
|
} search[] = {
|
|
|
|
{ L"name=\"", 6, &user, true },
|
|
|
|
{ L"unix=\"", 6, &uxid, true },
|
|
|
|
{ L"home=\"", 6, &home, false },
|
|
|
|
{ L"shell=\"", 7, &shell, false },
|
|
|
|
{ L"group=\"", 7, &pgrp, false },
|
|
|
|
{ NULL, 0, NULL }
|
|
|
|
};
|
|
|
|
PWCHAR s, e;
|
|
|
|
|
|
|
|
if (acc_type == SidTypeUser)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
2014-02-11 19:51:29 +08:00
|
|
|
nas = NetUserGetInfo (NULL, name, 4, (PBYTE *) &ui);
|
|
|
|
if (nas != NERR_Success)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
2014-02-11 19:51:29 +08:00
|
|
|
debug_printf ("NetUserGetInfo(%W) %u", name, nas);
|
|
|
|
break;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
2014-02-11 19:51:29 +08:00
|
|
|
/* Set comment variable for below attribute loop. */
|
|
|
|
comment = ui->usri4_comment;
|
|
|
|
}
|
2014-02-17 23:36:33 +08:00
|
|
|
else if (acc_type == SidTypeAlias)
|
2014-02-11 19:51:29 +08:00
|
|
|
{
|
|
|
|
nas = NetLocalGroupGetInfo (NULL, name, 1, (PBYTE *) &gi);
|
|
|
|
if (nas != NERR_Success)
|
2014-02-11 02:28:51 +08:00
|
|
|
{
|
2014-02-11 19:51:29 +08:00
|
|
|
debug_printf ("NetLocalGroupGetInfo(%W) %u", name, nas);
|
|
|
|
break;
|
2014-02-11 02:28:51 +08:00
|
|
|
}
|
2014-02-11 19:51:29 +08:00
|
|
|
/* Set comment variable for below attribute loop. */
|
|
|
|
comment = gi->lgrpi1_comment;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
2014-02-17 23:36:33 +08:00
|
|
|
else /* SidTypeGroup. No way to add a comment to "None" :( */
|
|
|
|
break;
|
2014-02-11 19:51:29 +08:00
|
|
|
/* Local SAM accounts have only a handful attributes
|
|
|
|
available to home users. Therefore, fetch additional
|
|
|
|
passwd/group attributes from the "Description" field
|
|
|
|
in XML short style. */
|
|
|
|
if ((s = wcsstr (comment, L"<cygwin "))
|
|
|
|
&& (e = wcsstr (s + 8, L"/>")))
|
|
|
|
{
|
|
|
|
s += 8;
|
|
|
|
*e = L'\0';
|
|
|
|
while (*s)
|
|
|
|
{
|
|
|
|
bool found = false;
|
|
|
|
|
|
|
|
while (*s == L' ')
|
|
|
|
++s;
|
|
|
|
for (size_t i = 0; search[i].str; ++i)
|
|
|
|
if ((acc_type == SidTypeUser || search[i].group)
|
|
|
|
&& !wcsncmp (s, search[i].str, search[i].len))
|
|
|
|
{
|
|
|
|
s += search[i].len;
|
|
|
|
if ((e = wcschr (s, L'"'))
|
|
|
|
&& (i > 0 || wcsncmp (name, s, e - s)))
|
|
|
|
{
|
|
|
|
*search[i].tgt =
|
|
|
|
(PWCHAR) alloca ((e - s + 1)
|
|
|
|
* sizeof (WCHAR));
|
|
|
|
*wcpncpy (*search[i].tgt, s, e - s) = L'\0';
|
|
|
|
s = e + 1;
|
|
|
|
found = true;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!found)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (acc_type == SidTypeUser)
|
|
|
|
NetApiBufferFree (ui);
|
2014-02-10 03:44:56 +08:00
|
|
|
else
|
2014-02-11 19:51:29 +08:00
|
|
|
NetApiBufferFree (gi);
|
|
|
|
if (pgrp)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
2014-02-11 19:51:29 +08:00
|
|
|
/* For setting the primary group, we have to test
|
|
|
|
with and without prepended separator. */
|
|
|
|
char gname[2 * UNLEN + 2];
|
|
|
|
struct group *gr;
|
|
|
|
|
|
|
|
*gname = cygheap->pg.nss_separator ()[0];
|
|
|
|
sys_wcstombs (gname + 1, 2 * UNLEN + 1, pgrp);
|
2014-02-27 20:57:27 +08:00
|
|
|
if ((gr = internal_getgrnam (gname, cldap))
|
|
|
|
|| (gr = internal_getgrnam (gname + 1, cldap)))
|
2014-02-11 19:51:29 +08:00
|
|
|
gid = gr->gr_gid;
|
|
|
|
}
|
2014-02-27 20:57:27 +08:00
|
|
|
if (!pldap && uxid && ((id_val = wcstoul (uxid, &e, 10)), !*e))
|
2014-02-11 19:51:29 +08:00
|
|
|
{
|
|
|
|
if (acc_type == SidTypeUser)
|
2014-02-10 03:44:56 +08:00
|
|
|
{
|
2014-02-11 19:51:29 +08:00
|
|
|
if (cygheap->ugid_cache.get_uid (id_val) == ILLEGAL_UID)
|
|
|
|
cygheap->ugid_cache.add_uid (id_val, uid);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
2014-02-11 19:51:29 +08:00
|
|
|
else if (cygheap->ugid_cache.get_gid (id_val) == ILLEGAL_GID)
|
|
|
|
cygheap->ugid_cache.add_gid (id_val, uid);
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SidTypeWellKnownGroup:
|
|
|
|
name_style = (cygheap->pg.nss_prefix_always ()) ? fully_qualified
|
|
|
|
: plus_prepended;
|
|
|
|
#ifdef INTERIX_COMPATIBLE
|
|
|
|
if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
|
|
|
&& sid_sub_auth_count (sid) > 1)
|
|
|
|
{
|
|
|
|
uid = 0x1000 * sid_sub_auth (sid, 0)
|
|
|
|
+ (sid_sub_auth_rid (sid) & 0xffff);
|
2014-02-11 19:51:29 +08:00
|
|
|
name_style = fully_qualified;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
else
|
|
|
|
uid = 0x10000 + 0x100 * sid_id_auth (sid)
|
|
|
|
+ (sid_sub_auth_rid (sid) & 0xff);
|
|
|
|
#else
|
|
|
|
if (sid_id_auth (sid) != 5 /* SECURITY_NT_AUTHORITY */)
|
|
|
|
uid = 0x10000 + 0x100 * sid_id_auth (sid)
|
|
|
|
+ (sid_sub_auth_rid (sid) & 0xff);
|
|
|
|
else if (sid_sub_auth (sid, 0) < SECURITY_PACKAGE_BASE_RID)
|
|
|
|
uid = sid_sub_auth_rid (sid) & 0x7ff;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
uid = 0x1000 * sid_sub_auth (sid, 0)
|
|
|
|
+ (sid_sub_auth_rid (sid) & 0xffff);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
/* Special case for "Everyone". We don't want to return Everyone
|
|
|
|
as user or group. Ever. */
|
|
|
|
if (uid == 0x10100) /* Computed from S-1-1-0. */
|
|
|
|
return NULL;
|
|
|
|
break;
|
|
|
|
case SidTypeLabel:
|
|
|
|
uid = 0x60000 + sid_sub_auth_rid (sid);
|
|
|
|
name_style = (cygheap->pg.nss_prefix_always ()) ? fully_qualified
|
|
|
|
: plus_prepended;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
|
|
|
&& sid_sub_auth (sid, 0) == SECURITY_LOGON_IDS_RID)
|
|
|
|
{
|
|
|
|
/* Logon ID. Mine or other? */
|
|
|
|
get_logon_sid ();
|
|
|
|
if (PSID (logon_sid) == NO_SID)
|
|
|
|
return NULL;
|
|
|
|
if (RtlEqualSid (sid, logon_sid))
|
|
|
|
{
|
|
|
|
uid = 0xfff;
|
|
|
|
wcpcpy (name = namebuf, L"CurrentSession");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
uid = 0xffe;
|
|
|
|
wcpcpy (name = namebuf, L"OtherSession");
|
|
|
|
}
|
2014-03-07 02:54:08 +08:00
|
|
|
acc_type = SidTypeUnknown;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
else if (sid_id_auth (sid) == 18)
|
|
|
|
{
|
|
|
|
/* Authentication assertion SIDs.
|
|
|
|
|
|
|
|
Available when using a 2012R2 DC, but not supported by
|
|
|
|
LookupAccountXXX on pre Windows 8/2012 machines */
|
|
|
|
uid = 0x11200 + sid_sub_auth_rid (sid);
|
|
|
|
wcpcpy (name = namebuf, sid_sub_auth_rid (sid) == 1
|
|
|
|
? (PWCHAR) L"Authentication authority asserted identity"
|
|
|
|
: (PWCHAR) L"Service asserted identity");
|
|
|
|
name_style = plus_prepended;
|
2014-03-07 02:54:08 +08:00
|
|
|
acc_type = SidTypeUnknown;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
else if (sid_id_auth (sid) == 22)
|
|
|
|
{
|
|
|
|
/* Samba UNIX Users/Groups
|
|
|
|
|
2014-02-23 03:38:12 +08:00
|
|
|
This *might* collide with a posix_offset of some trusted domain.
|
2014-02-10 03:44:56 +08:00
|
|
|
It's just very unlikely. */
|
|
|
|
uid = MAP_UNIX_TO_CYGWIN_ID (sid_sub_auth_rid (sid));
|
|
|
|
/* Unfortunately we have no access to the file server from here,
|
|
|
|
so we can't generate correct user names. */
|
2014-02-23 03:38:12 +08:00
|
|
|
p = wcpcpy (dom, L"Unix_");
|
2014-02-10 03:44:56 +08:00
|
|
|
wcpcpy (p, sid_sub_auth (sid, 0) == 1 ? L"User" : L"Group");
|
|
|
|
__small_swprintf (name = namebuf, L"%d", uid & UNIX_POSIX_MASK);
|
|
|
|
name_style = fully_qualified;
|
2014-03-07 02:54:08 +08:00
|
|
|
acc_type = SidTypeUnknown;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2014-03-12 23:46:07 +08:00
|
|
|
if (cygheap->dom.member_machine ()
|
|
|
|
&& sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
|
2014-02-13 22:04:03 +08:00
|
|
|
&& sid_sub_auth (sid, 0) == SECURITY_NT_NON_UNIQUE)
|
|
|
|
{
|
|
|
|
/* Check if we know the domain. If so, create a passwd/group
|
|
|
|
entry with domain prefix and RID as username. */
|
|
|
|
PDS_DOMAIN_TRUSTSW td = NULL;
|
|
|
|
|
|
|
|
sid_sub_auth_count (sid) = sid_sub_auth_count (sid) - 1;
|
2014-02-28 19:37:02 +08:00
|
|
|
if (RtlEqualSid (sid, cygheap->dom.primary_sid ()))
|
|
|
|
{
|
|
|
|
domain = cygheap->dom.primary_flat_name ();
|
|
|
|
posix_offset = 0x100000;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
for (ULONG idx = 0; (td = cygheap->dom.trusted_domain (idx)); ++idx)
|
|
|
|
if (td->DomainSid && RtlEqualSid (sid, td->DomainSid))
|
|
|
|
{
|
|
|
|
domain = td->NetbiosDomainName;
|
|
|
|
posix_offset = fetch_posix_offset (td, cldap);
|
|
|
|
break;
|
|
|
|
}
|
2014-02-13 22:04:03 +08:00
|
|
|
}
|
|
|
|
if (domain)
|
|
|
|
{
|
|
|
|
sid_sub_auth_count (sid) = sid_sub_auth_count (sid) + 1;
|
|
|
|
wcscpy (dom, domain);
|
|
|
|
__small_swprintf (name = namebuf, L"%W(%u)",
|
2014-03-08 04:38:48 +08:00
|
|
|
is_group () ? L"Group" : L"User",
|
2014-02-13 22:04:03 +08:00
|
|
|
sid_sub_auth_rid (sid));
|
|
|
|
uid = posix_offset + sid_sub_auth_rid (sid);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
wcpcpy (dom, L"Unknown");
|
2014-03-08 04:38:48 +08:00
|
|
|
wcpcpy (name = namebuf, is_group () ? L"Group" : L"User");
|
2014-02-13 22:04:03 +08:00
|
|
|
}
|
2014-02-10 03:44:56 +08:00
|
|
|
name_style = fully_qualified;
|
2014-03-07 02:54:08 +08:00
|
|
|
acc_type = SidTypeUnknown;
|
2014-02-10 03:44:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
tmp_pathbuf tp;
|
|
|
|
PWCHAR linebuf = tp.w_get ();
|
|
|
|
char *line = NULL;
|
|
|
|
|
|
|
|
WCHAR posix_name[UNLEN + 1 + DNLEN + 1];
|
|
|
|
p = posix_name;
|
|
|
|
if (gid == ILLEGAL_GID)
|
|
|
|
gid = uid;
|
|
|
|
if (name_style >= fully_qualified)
|
2014-03-08 04:38:48 +08:00
|
|
|
p = wcpcpy (p, user ? is_group () ? L"Posix_Group" : L"Posix_User" : dom);
|
2014-02-10 03:44:56 +08:00
|
|
|
if (name_style >= plus_prepended)
|
|
|
|
p = wcpcpy (p, cygheap->pg.nss_separator ());
|
|
|
|
wcpcpy (p, user ?: name);
|
|
|
|
|
2014-03-08 04:38:48 +08:00
|
|
|
if (is_group ())
|
2014-02-10 03:44:56 +08:00
|
|
|
__small_swprintf (linebuf, L"%W:%W:%u:",
|
|
|
|
posix_name, sid.string (sidstr), uid);
|
2014-03-07 02:54:08 +08:00
|
|
|
/* For non-users, create a passwd entry which doesn't allow interactive
|
|
|
|
logon. Unless it's the SYSTEM account. This conveniently allows to
|
|
|
|
long interactively as SYSTEM for debugging purposes. */
|
|
|
|
else if (acc_type != SidTypeUser && sid != well_known_system_sid)
|
|
|
|
__small_swprintf (linebuf, L"%W:*:%u:%u:,%W:/:/sbin/nologin",
|
|
|
|
posix_name, uid, gid, sid.string (sidstr));
|
2014-02-10 03:44:56 +08:00
|
|
|
else
|
|
|
|
__small_swprintf (linebuf, L"%W:*:%u:%u:%W%WU-%W\\%W,%W:%W%W:%W",
|
|
|
|
posix_name, uid, gid,
|
|
|
|
gecos ?: L"", gecos ? L"," : L"",
|
|
|
|
dom, name,
|
|
|
|
sid.string (sidstr),
|
|
|
|
home ? L"" : L"/home/", home ?: user ?: name,
|
2014-02-14 22:25:19 +08:00
|
|
|
shell ?: L"/bin/bash");
|
2014-02-10 03:44:56 +08:00
|
|
|
sys_wcstombs_alloc (&line, HEAP_BUF, linebuf);
|
|
|
|
debug_printf ("line: <%s>", line);
|
|
|
|
return line;
|
2003-01-17 13:18:30 +08:00
|
|
|
}
|
2014-03-13 01:36:56 +08:00
|
|
|
|
|
|
|
client_request_pwdgrp::client_request_pwdgrp (fetch_user_arg_t &arg, bool group)
|
|
|
|
: client_request (CYGSERVER_REQUEST_PWDGRP, &_parameters, sizeof (_parameters))
|
|
|
|
{
|
|
|
|
size_t len = 0;
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
_parameters.in.group = group;
|
|
|
|
_parameters.in.type = arg.type;
|
|
|
|
switch (arg.type)
|
|
|
|
{
|
|
|
|
case SID_arg:
|
|
|
|
RtlCopySid (sizeof (DBGSID), (PSID) &_parameters.in.arg.sid, *arg.sid);
|
|
|
|
len = RtlLengthSid (*arg.sid);
|
|
|
|
break;
|
|
|
|
case NAME_arg:
|
|
|
|
p = stpcpy (_parameters.in.arg.name, arg.name);
|
|
|
|
len = p - _parameters.in.arg.name;
|
|
|
|
break;
|
|
|
|
case ID_arg:
|
|
|
|
_parameters.in.arg.id = arg.id;
|
|
|
|
len = sizeof (uint32_t);
|
|
|
|
}
|
|
|
|
msglen (__builtin_offsetof (struct _pwdgrp_param_t::_pwdgrp_in_t, arg) + len);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
pwdgrp::fetch_account_from_cygserver (fetch_user_arg_t &arg)
|
|
|
|
{
|
|
|
|
client_request_pwdgrp request (arg, is_group ());
|
|
|
|
if (request.make_request () == -1 || request.error_code ())
|
|
|
|
{
|
|
|
|
/* Cygserver not running? Don't try again. This will automatically
|
|
|
|
avoid an endless loop in cygserver itself. */
|
|
|
|
if (request.error_code () == ENOSYS)
|
|
|
|
cygheap->pg.nss_disable_cygserver_caching ();
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
if (!request.line ())
|
|
|
|
return NULL;
|
|
|
|
return cstrdup (request.line ());
|
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
pwdgrp::add_account_from_cygserver (cygpsid &sid)
|
|
|
|
{
|
|
|
|
/* No, Everyone is no group in terms of POSIX. */
|
|
|
|
if (sid_id_auth (sid) == 1 /* SECURITY_WORLD_SID_AUTHORITY */
|
|
|
|
&& sid_sub_auth (sid, 0) == SECURITY_WORLD_RID)
|
|
|
|
return NULL;
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = SID_arg;
|
|
|
|
arg.sid = &sid;
|
|
|
|
char *line = fetch_account_from_cygserver (arg);
|
|
|
|
return (struct passwd *) add_account_post_fetch (line, true);
|
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
pwdgrp::add_account_from_cygserver (const char *name)
|
|
|
|
{
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = NAME_arg;
|
|
|
|
arg.name = name;
|
|
|
|
char *line = fetch_account_from_cygserver (arg);
|
|
|
|
return (struct passwd *) add_account_post_fetch (line, true);
|
|
|
|
}
|
|
|
|
|
|
|
|
void *
|
|
|
|
pwdgrp::add_account_from_cygserver (uint32_t id)
|
|
|
|
{
|
|
|
|
fetch_user_arg_t arg;
|
|
|
|
arg.type = ID_arg;
|
|
|
|
arg.id = id;
|
|
|
|
char *line = fetch_account_from_cygserver (arg);
|
|
|
|
return (struct passwd *) add_account_post_fetch (line, true);
|
|
|
|
}
|