https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=88dce3abd82c49ef879e6babcd91c1977dc212d9
commit 88dce3abd82c49ef879e6babcd91c1977dc212d9
Author: Corinna Vinschen <cori...@vinschen.de>
Date: Mon Aug 17 20:24:49 2015 +0200
Try harder to avoid LDAP access for RFC2307 mapping
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
to fall back to myself uid/gid in case we don't utilize Windows
account DBs, just as prior to 1.7.34.
* sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping
per
RFC2307 if we're not utilizing Windows account DBs.
* security.cc (convert_samba_sd): Revert previous patch.
Signed-off-by: Corinna Vinschen <cori...@vinschen.de>
Diff:
---
winsup/cygwin/ChangeLog | 9 +++++
winsup/cygwin/fhandler_disk_file.cc | 69 +++++++++++++++++++++----------------
winsup/cygwin/sec_helper.cc | 4 +--
winsup/cygwin/security.cc | 10 +++---
4 files changed, 55 insertions(+), 37 deletions(-)
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index b026b0e..6696d50 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,14 @@
2015-08-17 Corinna Vinschen <cori...@vinschen.de>
+ * fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
+ to fall back to myself uid/gid in case we don't utilize Windows
+ account DBs, just as prior to 1.7.34.
+ * sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
+ RFC2307 if we're not utilizing Windows account DBs.
+ * security.cc (convert_samba_sd): Revert previous patch.
+
+2015-08-17 Corinna Vinschen <cori...@vinschen.de>
+
* fhandler_proc.cc (format_proc_cpuinfo): Handle AMDs providing
extended topology info in CPUID leaf 0x8000001e. Fix handling of
AMD CPUs providing extended legacy core info in CPUID leaf 0x80000008.
diff --git a/winsup/cygwin/fhandler_disk_file.cc
b/winsup/cygwin/fhandler_disk_file.cc
index 08ce81f..455c478 100644
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -343,36 +343,47 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
buf->st_mode = (nfs_attr->mode & 0xfff)
| nfs_type_mapping[nfs_attr->type & 7];
buf->st_nlink = nfs_attr->nlink;
- /* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in
- the cache, try to fetch it from the configured RFC 2307 domain (see
- last comment in cygheap_domain_info::init() for more information) and
- add it to the mapping cache. */
- buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
- buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
- if (buf->st_uid == ILLEGAL_UID && cygheap->pg.nss_pwd_db ())
- {
- uid_t map_uid = ILLEGAL_UID;
-
- domain = cygheap->dom.get_rfc2307_domain ();
- if ((ldap_open = (cldap.open (domain) == NO_ERROR)))
- map_uid = cldap.remap_uid (nfs_attr->uid);
- if (map_uid == ILLEGAL_UID)
- map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
- cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
- buf->st_uid = map_uid;
- }
- if (buf->st_gid == ILLEGAL_GID && cygheap->pg.nss_grp_db ())
- {
- gid_t map_gid = ILLEGAL_GID;
-
- domain = cygheap->dom.get_rfc2307_domain ();
- if ((ldap_open || cldap.open (domain) == NO_ERROR))
- map_gid = cldap.remap_gid (nfs_attr->gid);
- if (map_gid == ILLEGAL_GID)
- map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
- cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
- buf->st_gid = map_gid;
+ if (cygheap->pg.nss_pwd_db ())
+ {
+ /* Try to map UNIX uid/gid to Cygwin uid/gid. If there's no mapping in
+ the cache, try to fetch it from the configured RFC 2307 domain (see
+ last comment in cygheap_domain_info::init() for more information) and
+ add it to the mapping cache. */
+ buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
+ if (buf->st_uid == ILLEGAL_UID)
+ {
+ uid_t map_uid = ILLEGAL_UID;
+
+ domain = cygheap->dom.get_rfc2307_domain ();
+ if ((ldap_open = (cldap.open (domain) == NO_ERROR)))
+ map_uid = cldap.remap_uid (nfs_attr->uid);
+ if (map_uid == ILLEGAL_UID)
+ map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
+ cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
+ buf->st_uid = map_uid;
+ }
+ }
+ else /* fake files being owned by current user. */
+ buf->st_uid = myself->uid;
+ if (cygheap->pg.nss_grp_db ())
+ {
+ /* See above */
+ buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
+ if (buf->st_gid == ILLEGAL_GID)
+ {
+ gid_t map_gid = ILLEGAL_GID;
+
+ domain = cygheap->dom.get_rfc2307_domain ();
+ if ((ldap_open || cldap.open (domain) == NO_ERROR))
+ map_gid = cldap.remap_gid (nfs_attr->gid);
+ if (map_gid == ILLEGAL_GID)
+ map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
+ cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
+ buf->st_gid = map_gid;
+ }
}
+ else /* fake files being owned by current group. */
+ buf->st_gid = myself->gid;
buf->st_rdev = makedev (nfs_attr->rdev.specdata1,
nfs_attr->rdev.specdata2);
buf->st_size = nfs_attr->size;
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 679f3a8..0c3a51c 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -112,7 +112,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap
*pldap)
struct group *gr;
if (cygheap->user.groups.pgsid == psid)
id = myself->gid;
- else if (sid_id_auth (psid) == 22)
+ else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_grp_db ())
{
/* Samba UNIX group. Try to map to Cygwin gid. If there's no
mapping in the cache, try to fetch it from the configured
@@ -144,7 +144,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap
*pldap)
struct passwd *pw;
if (*this == cygheap->user.sid ())
id = myself->uid;
- else if (sid_id_auth (psid) == 22)
+ else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_pwd_db ())
{
/* Samba UNIX user. See comment above. */
uid_t uid = sid_sub_auth_rid (psid);
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 5e771e2..9a94c53 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1122,14 +1122,14 @@ convert_samba_sd (security_descriptor &sd_ret)
return;
group = sid;
- if (sid_id_auth (owner) == 22 && cygheap->pg.nss_pwd_db ())
+ if (sid_id_auth (owner) == 22)
{
struct passwd *pwd;
uid_t uid = owner.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
owner.getfrompw (pwd);
}
- if (sid_id_auth (group) == 22 && cygheap->pg.nss_grp_db ())
+ if (sid_id_auth (group) == 22)
{
struct group *grp;
gid_t gid = group.get_gid (&cldap);
@@ -1150,16 +1150,14 @@ convert_samba_sd (security_descriptor &sd_ret)
cygsid ace_sid ((PSID) &ace->SidStart);
if (sid_id_auth (ace_sid) == 22)
{
- if (sid_sub_auth (ace_sid, 0) == 1 /* user */
- && cygheap->pg.nss_pwd_db ())
+ if (sid_sub_auth (ace_sid, 0) == 1) /* user */
{
struct passwd *pwd;
uid_t uid = ace_sid.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
ace_sid.getfrompw (pwd);
}
- else if (sid_sub_auth (ace_sid, 0) == 2 /* group */
- && cygheap->pg.nss_grp_db ())
+ else if (sid_sub_auth (ace_sid, 0) == 2) /* group */
{
struct group *grp;
gid_t gid = ace_sid.get_gid (&cldap);
