diff --git a/winsup/cygwin/external.cc b/winsup/cygwin/external.cc
index bc6a3139d..582bab84f 100644
--- a/winsup/cygwin/external.cc
+++ b/winsup/cygwin/external.cc
@@ -604,7 +604,7 @@ cygwin_internal (cygwin_getinfo_types t, ...)
break;
case CW_GETNSSSEP:
- res = (uintptr_t) cygheap->pg.nss_separator ();
+ res = (uintptr_t) NSS_SEPARATOR_STRING;
break;
case CW_GETNSS_PWD_SRC:
diff --git a/winsup/cygwin/local_includes/cygheap.h b/winsup/cygwin/local_includes/cygheap.h
index e671c3d32..347cbf448 100644
--- a/winsup/cygwin/local_includes/cygheap.h
+++ b/winsup/cygwin/local_includes/cygheap.h
@@ -393,13 +393,11 @@ public:
{ return rfc2307_domain_buf ?: NULL; }
};
+#define NSS_SEPARATOR_STRING L"+"
+#define NSS_SEPARATOR_CHAR (NSS_SEPARATOR_STRING[0])
+
class cygheap_pwdgrp
{
- enum nss_pfx_t {
- NSS_PFX_AUTO = 0,
- NSS_PFX_PRIMARY,
- NSS_PFX_ALWAYS
- };
public:
enum nss_scheme_method {
NSS_SCHEME_FALLBACK = 0,
@@ -418,8 +416,6 @@ private:
bool nss_inited;
uint32_t pwd_src;
uint32_t grp_src;
- nss_pfx_t prefix;
- WCHAR separator[2];
bool caching;
#define NSS_SCHEME_MAX 4
@@ -458,10 +454,6 @@ public:
inline bool nss_grp_files () const { return !!(grp_src & NSS_SRC_FILES); }
inline bool nss_grp_db () const { return !!(grp_src & NSS_SRC_DB); }
inline int nss_grp_src () const { return grp_src; } /* CW_GETNSS_GRP_SRC */
- inline bool nss_prefix_auto () const { return prefix == NSS_PFX_AUTO; }
- inline bool nss_prefix_primary () const { return prefix == NSS_PFX_PRIMARY; }
- inline bool nss_prefix_always () const { return prefix == NSS_PFX_ALWAYS; }
- inline PCWSTR nss_separator () const { return separator; }
inline bool nss_cygserver_caching () const { return caching; }
inline void nss_disable_cygserver_caching () { caching = false; }
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index ce997c0f8..a96c5e7fc 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -579,14 +579,10 @@ cygheap_pwdgrp::init ()
passwd: files db
group: files db
- db_prefix: auto DISABLED
- db_separator: + DISABLED
db_enum: cache builtin
*/
pwd_src = (NSS_SRC_FILES | NSS_SRC_DB);
grp_src = (NSS_SRC_FILES | NSS_SRC_DB);
- prefix = NSS_PFX_AUTO;
- separator[0] = L'+';
enums = (ENUM_CACHE | ENUM_BUILTIN);
enum_tdoms = NULL;
caching = true; /* INTERNAL ONLY */
@@ -650,32 +646,6 @@ cygheap_pwdgrp::nss_init_line (const char *line)
break;
}
c += 3;
-#if 0 /* Disable setting prefix and separator from nsswitch.conf for now.
- Remove if nobody complains too loudly. */
- if (NSS_NCMP ("prefix:"))
- {
- c = strchr (c, ':') + 1;
- c += strspn (c, " \t");
- if (NSS_CMP ("auto"))
- prefix = NSS_AUTO;
- else if (NSS_CMP ("primary"))
- prefix = NSS_PRIMARY;
- else if (NSS_CMP ("always"))
- prefix = NSS_ALWAYS;
- else
- debug_printf ("Invalid nsswitch.conf content: %s", line);
- }
- else if (NSS_NCMP ("separator:"))
- {
- c = strchr (c, ':') + 1;
- c += strspn (c, " \t");
- if ((unsigned char) *c <= 0x7f && *c != ':' && strchr (" \t", c[1]))
- separator[0] = (unsigned char) *c;
- else
- debug_printf ("Invalid nsswitch.conf content: %s", line);
- }
- else
-#endif
if (NSS_NCMP ("enum:"))
{
tmp_pathbuf tp;
@@ -904,7 +874,7 @@ fetch_from_path (cyg_ldap *pldap, PUSER_INFO_3 ui, cygpsid &sid, PCWSTR str,
{
w = wcpncpy (w, dom, we - w);
if (w < we)
- *w++ = cygheap->pg.nss_separator ()[0];
+ *w++ = NSS_SEPARATOR_CHAR;
}
w = wcpncpy (w, name, we - w);
break;
@@ -1939,14 +1909,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
sys_mbstowcs (name, UNLEN + 1, arg.name);
/* If the incoming name has a backslash or at sign, and neither backslash
nor at are the domain separator chars, the name is invalid. */
- if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0])
+ if ((p = wcspbrk (name, L"\\@")) && *p != NSS_SEPARATOR_CHAR)
{
debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
return NULL;
}
/* Replace domain separator char with backslash and make sure p is NULL
or points to the backslash. */
- if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))
+ if ((p = wcschr (name, NSS_SEPARATOR_CHAR)))
{
fq_name = true;
*p = L'\\';
@@ -1992,13 +1962,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
/* AzureAD user must be prepended by "domain" name. */
if (sid_id_auth (sid) == 12)
return NULL;
- /* name_only only if db_prefix is auto. */
- if (!cygheap->pg.nss_prefix_auto ())
- {
- debug_printf ("Invalid account name <%s> (name only/"
- "db_prefix not auto)", arg.name);
- return NULL;
- }
/* name_only account is either builtin or primary domain, or
account domain on non-domain machines. */
if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
@@ -2023,9 +1986,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
}
else
{
- /* All is well if db_prefix is always. */
- if (cygheap->pg.nss_prefix_always ())
- break;
/* AzureAD accounts should be fully qualifed either. */
if (sid_id_auth (sid) == 12)
break;
@@ -2042,9 +2002,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
"not NON_UNIQUE or NT_SERVICE)", arg.name);
return NULL;
}
- /* All is well if db_prefix is primary. */
- if (cygheap->pg.nss_prefix_primary ())
- break;
/* Domain member and domain == primary domain? */
if (cygheap->dom.member_machine ())
{
@@ -2263,15 +2220,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
#else
posix_offset = 0;
#endif
- fully_qualified_name = cygheap->pg.nss_prefix_always ();
is_domain_account = false;
}
/* Account domain account? */
else if (!wcscasecmp (dom, cygheap->dom.account_flat_name ()))
{
posix_offset = 0x30000;
- if (cygheap->dom.member_machine ()
- || !cygheap->pg.nss_prefix_auto ())
+ if (cygheap->dom.member_machine ())
fully_qualified_name = true;
is_domain_account = false;
}
@@ -2290,8 +2245,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
set domain here to non-NULL, unless you're sure you have
also changed subsequent assumptions that domain is NULL
if it's a primary domain account. */
- if (!cygheap->pg.nss_prefix_auto ())
- fully_qualified_name = true;
}
else
{
@@ -2486,18 +2439,16 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
if (pgrp)
{
/* Set primary group from the "Description" field. Prepend
- account domain if this is a domain member machine or the
- db_prefix setting requires it. */
+ account domain if this is a domain member machine. */
char gname[2 * DNLEN + strlen (pgrp) + 1], *gp = gname;
struct group *gr;
- if (cygheap->dom.member_machine ()
- || !cygheap->pg.nss_prefix_auto ())
+ if (cygheap->dom.member_machine ())
{
gp = gname
+ sys_wcstombs (gname, sizeof gname,
cygheap->dom.account_flat_name ());
- *gp++ = cygheap->pg.nss_separator ()[0];
+ *gp++ = NSS_SEPARATOR_CHAR;
}
stpcpy (gp, pgrp);
if ((gr = internal_getgrnam (gname, cldap)))
@@ -2521,9 +2472,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
}
break;
case SidTypeWellKnownGroup:
- fully_qualified_name = (cygheap->pg.nss_prefix_always ()
+ fully_qualified_name = (
/* NT SERVICE Account */
- || (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+ (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (sid, 0) == SECURITY_SERVICE_ID_BASE_RID)
/* Microsoft Account */
|| sid_id_auth (sid) == 11);
@@ -2582,7 +2533,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
break;
case SidTypeLabel:
uid = 0x60000 + sid_sub_auth_rid (sid);
- fully_qualified_name = cygheap->pg.nss_prefix_always ();
break;
default:
return NULL;
@@ -2641,7 +2591,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
wcpcpy (name = namebuf, sid_sub_auth_rid (sid) == 1
? (PWCHAR) L"Authentication authority asserted identity"
: (PWCHAR) L"Service asserted identity");
- fully_qualified_name = false;
acc_type = SidTypeUnknown;
}
else if (sid_id_auth (sid) == 22)
@@ -2711,7 +2660,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
if (gid == ILLEGAL_GID)
gid = uid;
if (fully_qualified_name)
- p = wcpcpy (wcpcpy (p, dom), cygheap->pg.nss_separator ());
+ p = wcpcpy (wcpcpy (p, dom), NSS_SEPARATOR_STRING);
wcpcpy (p, name);
if (is_group ())
diff --git a/winsup/doc/ntsec.xml b/winsup/doc/ntsec.xml
index d08996466..c6871ecf0 100644
--- a/winsup/doc/ntsec.xml
+++ b/winsup/doc/ntsec.xml
@@ -870,9 +870,6 @@ set up to all default values:
# /etc/nsswitch.conf
passwd: files db
group: files db
-
db_enum: cache builtin
db_home: /home/%U
db_shell: /bin/bash
@@ -991,159 +988,6 @@ and group information from the database.
-
-
The db_enum: setting