Try best to handle user from domain not in trusted domain list.

* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
	* uinfo.cc (cygheap_domain_info::add_domain): New method.
	(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
	if it was not in the original list of trusted domains and go ahead
	rather than bailing out.  Add comment to explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-03-30 18:05:06 +02:00
parent 3fb21f9143
commit d4f8c94a9b
3 changed files with 45 additions and 4 deletions

View File

@ -1,3 +1,11 @@
2015-03-30 Corinna Vinschen <corinna@vinschen.de>
* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
* uinfo.cc (cygheap_domain_info::add_domain): New method.
(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
if it was not in the original list of trusted domains and go ahead
rather than bailing out. Add comment to explain why.
2015-03-30 Corinna Vinschen <corinna@vinschen.de> 2015-03-30 Corinna Vinschen <corinna@vinschen.de>
* cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT. * cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT.

View File

@ -393,6 +393,7 @@ public:
inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
{ return (idx < tdom_count) ? tdom + idx : NULL; } { return (idx < tdom_count) ? tdom + idx : NULL; }
PDS_DOMAIN_TRUSTSW add_domain (PCWSTR, PSID);
inline PWCHAR get_rfc2307_domain () const inline PWCHAR get_rfc2307_domain () const
{ return rfc2307_domain_buf ?: NULL; } { return rfc2307_domain_buf ?: NULL; }

View File

@ -1428,6 +1428,29 @@ cygheap_domain_info::init ()
return true; return true;
} }
PDS_DOMAIN_TRUSTSW
cygheap_domain_info::add_domain (PCWSTR domain, PSID sid)
{
PDS_DOMAIN_TRUSTSW new_tdom;
cygsid tsid (sid);
new_tdom = (PDS_DOMAIN_TRUSTSW) crealloc (tdom, (tdom_count + 1)
* sizeof (DS_DOMAIN_TRUSTSW));
if (!new_tdom)
return NULL;
tdom = new_tdom;
new_tdom = &tdom[tdom_count];
new_tdom->DnsDomainName = new_tdom->NetbiosDomainName = cwcsdup (domain);
--*RtlSubAuthorityCountSid (tsid);
ULONG len = RtlLengthSid (tsid);
new_tdom->DomainSid = cmalloc_abort(HEAP_BUF, len);
RtlCopySid (len, new_tdom->DomainSid, tsid);
new_tdom->PosixOffset = 0;
++tdom_count;
return new_tdom;
}
/* Per session, so it changes potentially when switching the user context. */ /* Per session, so it changes potentially when switching the user context. */
static cygsid logon_sid (""); static cygsid logon_sid ("");
@ -2135,16 +2158,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
if (!wcscasecmp (dom, td->NetbiosDomainName)) if (!wcscasecmp (dom, td->NetbiosDomainName))
{ {
domain = td->DnsDomainName; domain = td->DnsDomainName;
posix_offset =
fetch_posix_offset (td, &loc_ldap);
break; break;
} }
if (!domain) if (!domain)
{ {
/* This shouldn't happen, in theory, but it does. There
are cases where the user's logon domain does not show
up in the list of trusted domains. We're desperately
trying to workaround that here bu adding an entry for
this domain to the trusted domains and ask the DC for
a posix_offset. There's a good chance this doesn't
work either, but at least we tried, and the user can
work. */
debug_printf ("Unknown domain %W", dom); debug_printf ("Unknown domain %W", dom);
return NULL; td = cygheap->dom.add_domain (dom, sid);
if (td)
domain = td->DnsDomainName;
} }
if (domain)
posix_offset = fetch_posix_offset (td, &loc_ldap);
} }
} }
/* If the domain returned by LookupAccountSid is not our machine /* If the domain returned by LookupAccountSid is not our machine