From 88dce3abd82c49ef879e6babcd91c1977dc212d9 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Mon, 17 Aug 2015 20:24:49 +0200
Subject: [PATCH] Try harder to avoid LDAP access for RFC2307 mapping

        * fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
        to fall back to myself uid/gid in case we don't utilize Windows
        account DBs, just as prior to 1.7.34.
        * sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
        RFC2307 if we're not utilizing Windows account DBs.
        * security.cc (convert_samba_sd): Revert previous patch.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/ChangeLog             |  9 ++++
 winsup/cygwin/fhandler_disk_file.cc | 69 +++++++++++++++++------------
 winsup/cygwin/sec_helper.cc         |  4 +-
 winsup/cygwin/security.cc           | 10 ++---
 4 files changed, 55 insertions(+), 37 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index b026b0e43..6696d5023 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,12 @@
+2015-08-17  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
+	to fall back to myself uid/gid in case we don't utilize Windows
+	account DBs, just as prior to 1.7.34.
+	* sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
+	RFC2307 if we're not utilizing Windows account DBs.
+	* security.cc (convert_samba_sd): Revert previous patch.
+
 2015-08-17  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_proc.cc (format_proc_cpuinfo): Handle AMDs providing
diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc
index 08ce81fad..455c478fb 100644
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -343,36 +343,47 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
   buf->st_mode = (nfs_attr->mode & 0xfff)
 		 | nfs_type_mapping[nfs_attr->type & 7];
   buf->st_nlink = nfs_attr->nlink;
-  /* Try to map UNIX uid/gid to Cygwin uid/gid.  If there's no mapping in
-     the cache, try to fetch it from the configured RFC 2307 domain (see
-     last comment in cygheap_domain_info::init() for more information) and
-     add it to the mapping cache. */
-  buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
-  buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
-  if (buf->st_uid == ILLEGAL_UID && cygheap->pg.nss_pwd_db ())
-    {
-      uid_t map_uid = ILLEGAL_UID;
-
-      domain = cygheap->dom.get_rfc2307_domain ();
-      if ((ldap_open = (cldap.open (domain) == NO_ERROR)))
-	map_uid = cldap.remap_uid (nfs_attr->uid);
-      if (map_uid == ILLEGAL_UID)
-	map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
-      cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
-      buf->st_uid = map_uid;
-    }
-  if (buf->st_gid == ILLEGAL_GID && cygheap->pg.nss_grp_db ())
-    {
-      gid_t map_gid = ILLEGAL_GID;
-
-      domain = cygheap->dom.get_rfc2307_domain ();
-      if ((ldap_open || cldap.open (domain) == NO_ERROR))
-	map_gid = cldap.remap_gid (nfs_attr->gid);
-      if (map_gid == ILLEGAL_GID)
-	map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
-      cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
-      buf->st_gid = map_gid;
+  if (cygheap->pg.nss_pwd_db ())
+    {
+      /* Try to map UNIX uid/gid to Cygwin uid/gid.  If there's no mapping in
+	 the cache, try to fetch it from the configured RFC 2307 domain (see
+	 last comment in cygheap_domain_info::init() for more information) and
+	 add it to the mapping cache. */
+      buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
+      if (buf->st_uid == ILLEGAL_UID)
+	{
+	  uid_t map_uid = ILLEGAL_UID;
+
+	  domain = cygheap->dom.get_rfc2307_domain ();
+	  if ((ldap_open = (cldap.open (domain) == NO_ERROR)))
+	    map_uid = cldap.remap_uid (nfs_attr->uid);
+	  if (map_uid == ILLEGAL_UID)
+	    map_uid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->uid);
+	  cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
+	  buf->st_uid = map_uid;
+	}
+    }
+  else /* fake files being owned by current user. */
+    buf->st_uid = myself->uid;
+  if (cygheap->pg.nss_grp_db ())
+    {
+      /* See above */
+      buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
+      if (buf->st_gid == ILLEGAL_GID)
+	{
+	  gid_t map_gid = ILLEGAL_GID;
+
+	  domain = cygheap->dom.get_rfc2307_domain ();
+	  if ((ldap_open || cldap.open (domain) == NO_ERROR))
+	    map_gid = cldap.remap_gid (nfs_attr->gid);
+	  if (map_gid == ILLEGAL_GID)
+	    map_gid = MAP_UNIX_TO_CYGWIN_ID (nfs_attr->gid);
+	  cygheap->ugid_cache.add_gid (nfs_attr->gid, map_gid);
+	  buf->st_gid = map_gid;
+	}
     }
+  else /* fake files being owned by current group. */
+    buf->st_gid = myself->gid;
   buf->st_rdev = makedev (nfs_attr->rdev.specdata1,
 			  nfs_attr->rdev.specdata2);
   buf->st_size = nfs_attr->size;
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 679f3a858..0c3a51c7e 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -112,7 +112,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
       struct group *gr;
       if (cygheap->user.groups.pgsid == psid)
 	id = myself->gid;
-      else if (sid_id_auth (psid) == 22)
+      else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_grp_db ())
 	{
 	  /* Samba UNIX group.  Try to map to Cygwin gid.  If there's no
 	     mapping in the cache, try to fetch it from the configured
@@ -144,7 +144,7 @@ cygpsid::get_id (BOOL search_grp, int *type, cyg_ldap *pldap)
       struct passwd *pw;
       if (*this == cygheap->user.sid ())
 	id = myself->uid;
-      else if (sid_id_auth (psid) == 22)
+      else if (sid_id_auth (psid) == 22 && cygheap->pg.nss_pwd_db ())
 	{
 	  /* Samba UNIX user.  See comment above. */
 	  uid_t uid = sid_sub_auth_rid (psid);
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 5e771e257..9a94c53d1 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1122,14 +1122,14 @@ convert_samba_sd (security_descriptor &sd_ret)
     return;
   group = sid;
 
-  if (sid_id_auth (owner) == 22 && cygheap->pg.nss_pwd_db ())
+  if (sid_id_auth (owner) == 22)
     {
       struct passwd *pwd;
       uid_t uid = owner.get_uid (&cldap);
       if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
 	owner.getfrompw (pwd);
     }
-  if (sid_id_auth (group) == 22 && cygheap->pg.nss_grp_db ())
+  if (sid_id_auth (group) == 22)
     {
       struct group *grp;
       gid_t gid = group.get_gid (&cldap);
@@ -1150,16 +1150,14 @@ convert_samba_sd (security_descriptor &sd_ret)
 	cygsid ace_sid ((PSID) &ace->SidStart);
 	if (sid_id_auth (ace_sid) == 22)
 	  {
-	    if (sid_sub_auth (ace_sid, 0) == 1 /* user */
-		&& cygheap->pg.nss_pwd_db ())
+	    if (sid_sub_auth (ace_sid, 0) == 1) /* user */
 	      {
 		struct passwd *pwd;
 		uid_t uid = ace_sid.get_uid (&cldap);
 		if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
 		  ace_sid.getfrompw (pwd);
 	      }
-	    else if (sid_sub_auth (ace_sid, 0) == 2 /* group */
-		     && cygheap->pg.nss_grp_db ())
+	    else if (sid_sub_auth (ace_sid, 0) == 2) /* group */
 	      {
 		struct group *grp;
 		gid_t gid = ace_sid.get_gid (&cldap);
-- 
2.43.5