Try best to handle user from domain not in trusted domain list.
* cygheap.h (cygheap_domain_info::add_domain): Add prototype. * uinfo.cc (cygheap_domain_info::add_domain): New method. (pwdgrp::fetch_account_from_windows): Try to add domain explicitely if it was not in the original list of trusted domains and go ahead rather than bailing out. Add comment to explain why. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
3fb21f9143
commit
d4f8c94a9b
|
@ -1,3 +1,11 @@
|
||||||
|
2015-03-30 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
|
||||||
|
* uinfo.cc (cygheap_domain_info::add_domain): New method.
|
||||||
|
(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
|
||||||
|
if it was not in the original list of trusted domains and go ahead
|
||||||
|
rather than bailing out. Add comment to explain why.
|
||||||
|
|
||||||
2015-03-30 Corinna Vinschen <corinna@vinschen.de>
|
2015-03-30 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT.
|
* cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT.
|
||||||
|
|
|
@ -393,6 +393,7 @@ public:
|
||||||
|
|
||||||
inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
|
inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
|
||||||
{ return (idx < tdom_count) ? tdom + idx : NULL; }
|
{ return (idx < tdom_count) ? tdom + idx : NULL; }
|
||||||
|
PDS_DOMAIN_TRUSTSW add_domain (PCWSTR, PSID);
|
||||||
|
|
||||||
inline PWCHAR get_rfc2307_domain () const
|
inline PWCHAR get_rfc2307_domain () const
|
||||||
{ return rfc2307_domain_buf ?: NULL; }
|
{ return rfc2307_domain_buf ?: NULL; }
|
||||||
|
|
|
@ -1428,6 +1428,29 @@ cygheap_domain_info::init ()
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PDS_DOMAIN_TRUSTSW
|
||||||
|
cygheap_domain_info::add_domain (PCWSTR domain, PSID sid)
|
||||||
|
{
|
||||||
|
PDS_DOMAIN_TRUSTSW new_tdom;
|
||||||
|
cygsid tsid (sid);
|
||||||
|
|
||||||
|
new_tdom = (PDS_DOMAIN_TRUSTSW) crealloc (tdom, (tdom_count + 1)
|
||||||
|
* sizeof (DS_DOMAIN_TRUSTSW));
|
||||||
|
if (!new_tdom)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
tdom = new_tdom;
|
||||||
|
new_tdom = &tdom[tdom_count];
|
||||||
|
new_tdom->DnsDomainName = new_tdom->NetbiosDomainName = cwcsdup (domain);
|
||||||
|
--*RtlSubAuthorityCountSid (tsid);
|
||||||
|
ULONG len = RtlLengthSid (tsid);
|
||||||
|
new_tdom->DomainSid = cmalloc_abort(HEAP_BUF, len);
|
||||||
|
RtlCopySid (len, new_tdom->DomainSid, tsid);
|
||||||
|
new_tdom->PosixOffset = 0;
|
||||||
|
++tdom_count;
|
||||||
|
return new_tdom;
|
||||||
|
}
|
||||||
|
|
||||||
/* Per session, so it changes potentially when switching the user context. */
|
/* Per session, so it changes potentially when switching the user context. */
|
||||||
static cygsid logon_sid ("");
|
static cygsid logon_sid ("");
|
||||||
|
|
||||||
|
@ -2135,16 +2158,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
|
||||||
if (!wcscasecmp (dom, td->NetbiosDomainName))
|
if (!wcscasecmp (dom, td->NetbiosDomainName))
|
||||||
{
|
{
|
||||||
domain = td->DnsDomainName;
|
domain = td->DnsDomainName;
|
||||||
posix_offset =
|
|
||||||
fetch_posix_offset (td, &loc_ldap);
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!domain)
|
if (!domain)
|
||||||
{
|
{
|
||||||
|
/* This shouldn't happen, in theory, but it does. There
|
||||||
|
are cases where the user's logon domain does not show
|
||||||
|
up in the list of trusted domains. We're desperately
|
||||||
|
trying to workaround that here bu adding an entry for
|
||||||
|
this domain to the trusted domains and ask the DC for
|
||||||
|
a posix_offset. There's a good chance this doesn't
|
||||||
|
work either, but at least we tried, and the user can
|
||||||
|
work. */
|
||||||
debug_printf ("Unknown domain %W", dom);
|
debug_printf ("Unknown domain %W", dom);
|
||||||
return NULL;
|
td = cygheap->dom.add_domain (dom, sid);
|
||||||
|
if (td)
|
||||||
|
domain = td->DnsDomainName;
|
||||||
}
|
}
|
||||||
|
if (domain)
|
||||||
|
posix_offset = fetch_posix_offset (td, &loc_ldap);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* If the domain returned by LookupAccountSid is not our machine
|
/* If the domain returned by LookupAccountSid is not our machine
|
||||||
|
|
Loading…
Reference in New Issue