diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2014-02-17 15:36:33 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2014-02-17 15:36:33 +0000 |
| commit | a8cf6887a2ea00524ebf330eb50a05cf8e67bc5c (patch) | |
| tree | 63b01096a3b6deb0afe5fdfddc43ec5ddd1487c6 /winsup/cygwin/ldap.cc | |
| parent | 1e705e29329a0bca000bfb1f199042ffedfe477b (diff) | |
| download | cygnal-a8cf6887a2ea00524ebf330eb50a05cf8e67bc5c.tar.gz cygnal-a8cf6887a2ea00524ebf330eb50a05cf8e67bc5c.tar.bz2 cygnal-a8cf6887a2ea00524ebf330eb50a05cf8e67bc5c.zip | |
* autoload.cc (ldap_abandon): Import.
(ldap_result): Import.
(ldap_searchW): Import.
(NetGroupEnum): Import.
(NetLocalGroupEnum): Import.
(NetUserEnum): Import.
* cygheap.h (class cygheap_pwdgrp): Add members enums and enum_tdoms.
(cygheap_pwdgrp::nss_db_enums): New inline method.
(cygheap_pwdgrp::nss_db_enum_tdoms): Ditto.
* cygtls.h (struct _local_storage): Drop unused members pw_pos and
grp_pos.
* grp.cc (grent): New static variable of class gr_ent.
(gr_ent::enumerate_caches): New method.
(gr_ent::enumerate_local): New method.
(gr_ent::getgrent): New method.
(setgrent): Call gr_ent method.
(getgrent32): Ditto.
(endgrent): Ditto.
* ldap.cc (sid_attr): Rename from nfs_attr.
(cyg_ldap::close): Abandon still running asynchronous search.
(cyg_ldap::fetch_ad_account): Reduce filter buffer size.
(cyg_ldap::enumerate_ad_accounts): New method.
(cyg_ldap::next_account): New method.
(cyg_ldap::fetch_posix_offset_for_domain): Reduce filter buffer size.
(cyg_ldap::fetch_unix_sid_from_ad): Ditto. Fix return value in case
no value has been read.
(cyg_ldap::fetch_unix_name_from_rfc2307): Reduce filter buffer size.
* ldap.h (class cyg_ldap): Add msg_id member.
(cyg_ldap::enumerate_ad_accounts): Declare.
(cyg_ldap::next_account): Declare:
* passwd.cc (pwent): New static variable of class pw_ent.
(pg_ent::clear_cache): New method.
(pg_ent::setent): New method.
(pg_ent::getent): New method.
(pg_ent::endent): New method.
(pg_ent::enumerate_file): New method.
(pg_ent::enumerate_builtin): New method.
(pg_ent::enumerate_sam): New method.
(pg_ent::enumerate_ad): New method.
(pw_ent::enumerate_caches): New method.
(pw_ent::enumerate_local): New method.
(pw_ent::getpwent): New method.
(setpwent): Call pw_ent method.
(getpwent): Ditto.
(endpwent): Ditto.
* pwdgrp.h (class pwdgrp): Define pg_ent, pw_ent and gr_ent as friend
classes.
(pwdgrp::add_account_post_fetch): Declare with extra bool parameter.
(pwdgrp::file_attr): New inline method.
(enum nss_enum_t): Define.
(class pg_ent): Define.
(class pw_ent): Define.
(class gr_ent): Define.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (cygheap_pwdgrp::init): Initialize enums and enum_tdoms.
(cygheap_pwdgrp::nss_init_line): Fix typo in preceeding comment.
Handle new "db_enum" keyword.
(pwdgrp::add_account_post_fetch): Take additional `bool lock' parameter
and acquire pglock before adding element to array if lock is true.
(pwdgrp::add_account_from_file): Call add_account_post_fetch with lock
set to true.
(pwdgrp::add_account_from_windows): Ditto in case of caching.
(pwdgrp::fetch_account_from_windows): Handle builtin aliases only
known to the domain controller. Only call NetLocalGroupGetInfo for
aliases.
Diffstat (limited to 'winsup/cygwin/ldap.cc')
| -rw-r--r-- | winsup/cygwin/ldap.cc | 120 |
1 files changed, 112 insertions, 8 deletions
diff --git a/winsup/cygwin/ldap.cc b/winsup/cygwin/ldap.cc index 64e8949da..740995a61 100644 --- a/winsup/cygwin/ldap.cc +++ b/winsup/cygwin/ldap.cc @@ -20,6 +20,7 @@ details. */ #include "pinfo.h" #include "lm.h" #include "dsgetdc.h" +#include "tls_pbuf.h" static LDAP_TIMEVAL tv = { 3, 0 }; @@ -54,7 +55,7 @@ PWCHAR tdom_attr[] = NULL }; -PWCHAR nfs_attr[] = +PWCHAR sid_attr[] = { (PWCHAR) L"objectSid", NULL @@ -216,6 +217,8 @@ err: void cyg_ldap::close () { + if (msg_id != (ULONG) -1) + ldap_abandon (lh, msg_id); if (lh) ldap_unbind (lh); if (msg) @@ -228,12 +231,13 @@ cyg_ldap::close () msg = entry = NULL; val = NULL; rootdse = NULL; + msg_id = (ULONG) -1; } bool cyg_ldap::fetch_ad_account (PSID sid, bool group) { - WCHAR filter[512], *f; + WCHAR filter[140], *f; LONG len = (LONG) RtlLengthSid (sid); PBYTE s = (PBYTE) sid; static WCHAR hex_wchars[] = L"0123456789abcdef"; @@ -273,10 +277,109 @@ cyg_ldap::fetch_ad_account (PSID sid, bool group) return true; } +bool +cyg_ldap::enumerate_ad_accounts (PCWSTR domain, bool group) +{ + tmp_pathbuf tp; + PCWSTR filter; + PWCHAR dse; + + if (msg) + { + ldap_memfreeW ((PWCHAR) msg); + msg = entry = NULL; + } + if (val) + { + ldap_value_freeW (val); + val = NULL; + } + if (!group) + filter = L"(&(objectClass=User)" + "(objectCategory=Person)" + /* 512 == ADS_UF_NORMAL_ACCOUNT */ + "(userAccountControl:" LDAP_MATCHING_RULE_BIT_AND ":=512)" + "(objectSid=*))"; + else if (!domain) + filter = L"(&(objectClass=Group)" + "(objectSid=*))"; + else + filter = L"(&(objectClass=Group)" + /* 1 == ACCOUNT_GROUP */ + "(!(groupType:" LDAP_MATCHING_RULE_BIT_AND ":=1))" + "(objectSid=*))"; + if (!domain) + dse = rootdse; + else + { + /* create rootdse from domain name. */ + dse = tp.w_get (); + PCWSTR ps, pe; + PWCHAR d; + + d = dse; + for (ps = domain; (pe = wcschr (ps, L'.')); ps = pe + 1) + { + if (d > dse) + d = wcpcpy (d, L","); + d = wcpncpy (wcpcpy (d, L"DC="), ps, pe - ps); + } + if (d > dse) + d = wcpcpy (d, L","); + d = wcpcpy (wcpcpy (d, L"DC="), ps); + } + msg_id = ldap_searchW (lh, dse, LDAP_SCOPE_SUBTREE, (PWCHAR) filter, + sid_attr, 0); + if (msg_id == (ULONG) -1) + { + debug_printf ("ldap_searchW(%W,%W) error 0x%02x", dse, filter, + LdapGetLastError ()); + return false; + } + return true; +} + +bool +cyg_ldap::next_account (cygsid &sid) +{ + ULONG ret; + PLDAP_BERVAL *bval; + + if (msg) + { + ldap_memfreeW ((PWCHAR) msg); + msg = entry = NULL; + } + if (val) + { + ldap_value_freeW (val); + val = NULL; + } + ret = ldap_result (lh, msg_id, LDAP_MSG_ONE, &tv, &msg); + if (ret == 0) + { + debug_printf ("ldap_result() timeout!"); + return false; + } + if (ret == (ULONG) -1) + { + debug_printf ("ldap_result() error 0x%02x", LdapGetLastError ()); + return false; + } + if ((entry = ldap_first_entry (lh, msg)) + && (bval = ldap_get_values_lenW (lh, entry, sid_attr[0]))) + { + sid = (PSID) bval[0]->bv_val; + ldap_value_free_len (bval); + return true; + } + return false; +} + uint32_t cyg_ldap::fetch_posix_offset_for_domain (PCWSTR domain) { - WCHAR filter[512]; + WCHAR filter[300]; ULONG ret; if (msg) @@ -331,7 +434,7 @@ cyg_ldap::get_num_attribute (int idx) bool cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group) { - WCHAR filter[512]; + WCHAR filter[48]; ULONG ret; PLDAP_BERVAL *bval; @@ -345,25 +448,26 @@ cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group) else __small_swprintf (filter, L"(&(objectClass=User)(uidNumber=%u))", id); if ((ret = ldap_search_stW (lh, rootdse, LDAP_SCOPE_SUBTREE, filter, - nfs_attr, 0, &tv, &msg)) != LDAP_SUCCESS) + sid_attr, 0, &tv, &msg)) != LDAP_SUCCESS) { debug_printf ("ldap_search_stW(%W,%W) error 0x%02x", rootdse, filter, ret); return false; } if ((entry = ldap_first_entry (lh, msg)) - && (bval = ldap_get_values_lenW (lh, entry, nfs_attr[0]))) + && (bval = ldap_get_values_lenW (lh, entry, sid_attr[0]))) { sid = (PSID) bval[0]->bv_val; ldap_value_free_len (bval); + return true; } - return true; + return false; } PWCHAR cyg_ldap::fetch_unix_name_from_rfc2307 (uint32_t id, bool group) { - WCHAR filter[512]; + WCHAR filter[52]; ULONG ret; if (msg) |