* autoload.cc (CheckTokenMembership): Import.

	* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id.
	* grp.cc (internal_getgrsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_group_from_windows.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(gr_ent::enumerate_local): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(getgroups32): Rename from internal_getgroups and drop getgroups32 stub.
	Drop srchsid parameter and code handling it.  Add local cyg_ldap
	instance and forward to internal_getgrXXX.
	(getgroups): Call getgroups32.
	(get_groups): Add local cyg_ldap instance and forward to
	internal_getgrXXX.
	(getgrouplist): Ditto.
	(setgroups32): Ditto.
	* ldap.cc (cyg_ldap::open): Don't call close.  Return true if connection
	is already open.
	(cyg_ldap::remap_uid): Forward this to internal_getpwsid.
	(cyg_ldap::remap_gid): Forward this to internal_getgrsid.
	* passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_user_from_windows.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(pg_ent::enumerate_builtin): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(pg_ent::enumerate_sam): Ditto.
	(pg_ent::enumerate_ad): Ditto.  Forward local cldap instead.
	* pwdgrp.h (internal_getpwsid): Align declaration to above change.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(internal_getgrsid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgroups): Drop declaration.
	(pwdgrp::add_account_from_windows): Align declaration to below change.
	(pwdgrp::add_user_from_windows): Ditto.
	(pwdgrp::add_group_from_windows): Ditto.
	* sec_acl.cc (setacl): Add local cyg_ldap instance and forward to
	internal_getpwuid and internal_getgrgid.
	(getacl): Add local cyg_ldap instance and forward to cygpsid::get_id.
	(aclfromtext32): Add local cyg_ldap instance and forward to
	internal_getpwnam and internal_getgrnam.
	* sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer.
	Forward to internal_getgrsid and internal_getpwsid.
	(get_sids_info): Drop ldap_open.  Forward local cldap to
	internal_getpwsid and internal_getgrXXX.  Call CheckTokenMembership
	rather than internal_getgroups.
	* security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default
	parameter.
	(cygpsid::get_uid): Add cyg_ldap pointer.  Call get_id accordingly.
	(cygpsid::get_gid): Ditto.
	* uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward
	to internal_getpwXXX and internal_getgrXXX calls.
	(pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer.
	Forward to pwdgrp::fetch_account_from_windows.
	(fetch_posix_offset): Drop ldap_open argument and handling.  Get
	cyg_ldap instance as pointer.
	(pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer.
	Use it if it's not NULL, local instance otherwise.  Drop ldap_open.
	Drop fetching extended group arguments from AD for speed.

1 files changed, 37 insertions, 50 deletions

diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index 2ced067..31bfeda 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -117,7 +117,7 @@ pwdgrp::find_group (gid_t gid)
 }
 
 struct group *
-internal_getgrsid (cygpsid &sid)
+internal_getgrsid (cygpsid &sid, cyg_ldap *pldap)
 {
   struct group *ret;
 
@@ -134,7 +134,7 @@ internal_getgrsid (cygpsid &sid)
     {
       if ((ret = cygheap->pg.grp_cache.win.find_group (sid)))
 	return ret;
-      return cygheap->pg.grp_cache.win.add_group_from_windows (sid);
+      return cygheap->pg.grp_cache.win.add_group_from_windows (sid, pldap);
     }
   return NULL;
 }
@@ -148,7 +148,7 @@ internal_getgrsid_from_db (cygpsid &sid)
 }
 
 struct group *
-internal_getgrnam (const char *name)
+internal_getgrnam (const char *name, cyg_ldap *pldap)
 {
   struct group *ret;
 
@@ -165,13 +165,13 @@ internal_getgrnam (const char *name)
     {
       if ((ret = cygheap->pg.grp_cache.win.find_group (name)))
 	return ret;
-      return cygheap->pg.grp_cache.win.add_group_from_windows (name);
+      return cygheap->pg.grp_cache.win.add_group_from_windows (name, pldap);
     }
   return NULL;
 }
 
 struct group *
-internal_getgrgid (gid_t gid)
+internal_getgrgid (gid_t gid, cyg_ldap *pldap)
 {
   struct group *ret;
 
@@ -191,7 +191,7 @@ internal_getgrgid (gid_t gid)
       return cygheap->pg.grp_cache.win.add_group_from_windows (gid);
     }
   else if (gid == ILLEGAL_GID)
-    return cygheap->pg.grp_cache.win.add_group_from_windows (gid);
+    return cygheap->pg.grp_cache.win.add_group_from_windows (gid, pldap);
   return NULL;
 }
 
@@ -389,7 +389,7 @@ gr_ent::enumerate_local ()
 	  fetch_user_arg_t arg;
 	  arg.type = SID_arg;
 	  arg.sid = &sid;
-	  char *line = pg.fetch_account_from_windows (arg, true, false);
+	  char *line = pg.fetch_account_from_windows (arg, true);
 	  if (line)
 	    return pg.add_account_post_fetch (line, false);
 	}
@@ -459,19 +459,21 @@ endgrent_filtered (void *gr)
   ((gr_ent *) gr)->endgrent ();
 }
 
-int
-internal_getgroups (int gidsetsize, gid_t *grouplist, cygpsid *srchsid)
+extern "C" int
+getgroups32 (int gidsetsize, gid_t *grouplist)
 {
   NTSTATUS status;
-  HANDLE hToken = NULL;
+  HANDLE tok;
   ULONG size;
   int cnt = 0;
   struct group *grp;
+  cyg_ldap cldap;
 
-  if (!srchsid && cygheap->user.groups.issetgroups ())
+  if (cygheap->user.groups.issetgroups ())
     {
       for (int pg = 0; pg < cygheap->user.groups.sgsids.count (); ++pg)
-	if ((grp = internal_getgrsid (cygheap->user.groups.sgsids.sids[pg])))
+	if ((grp = internal_getgrsid (cygheap->user.groups.sgsids.sids[pg],
+				      &cldap)))
 	  {
 	    if (cnt < gidsetsize)
 	      grouplist[cnt] = grp->gr_gid;
@@ -483,45 +485,32 @@ internal_getgroups (int gidsetsize, gid_t *grouplist, cygpsid *srchsid)
     }
 
   /* If impersonated, use impersonation token. */
-  if (cygheap->user.issetuid ())
-    hToken = cygheap->user.primary_token ();
-  else
-    hToken = hProcToken;
+  tok = cygheap->user.issetuid () ? cygheap->user.primary_token () : hProcToken;
 
-  status = NtQueryInformationToken (hToken, TokenGroups, NULL, 0, &size);
+  status = NtQueryInformationToken (tok, TokenGroups, NULL, 0, &size);
   if (NT_SUCCESS (status) || status == STATUS_BUFFER_TOO_SMALL)
     {
       PTOKEN_GROUPS groups = (PTOKEN_GROUPS) alloca (size);
 
-      status = NtQueryInformationToken (hToken, TokenGroups, groups,
-					size, &size);
+      status = NtQueryInformationToken (tok, TokenGroups, groups, size, &size);
       if (NT_SUCCESS (status))
 	{
 	  cygsid sid;
 
-	  if (srchsid)
-	    {
-	      for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
-		if ((cnt = (*srchsid == groups->Groups[pg].Sid)))
-		  break;
-	    }
-	  else
+	  for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
 	    {
-	      for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
+	      cygpsid sid = groups->Groups[pg].Sid;
+	      if ((grp = internal_getgrsid (sid, &cldap)))
 		{
-		  cygpsid sid = groups->Groups[pg].Sid;
-		  if ((grp = internal_getgrsid (sid)))
+		  if ((groups->Groups[pg].Attributes
+		      & (SE_GROUP_ENABLED | SE_GROUP_INTEGRITY_ENABLED))
+		      && sid != well_known_world_sid)
 		    {
-		      if ((groups->Groups[pg].Attributes
-			  & (SE_GROUP_ENABLED | SE_GROUP_INTEGRITY_ENABLED))
-			  && sid != well_known_world_sid)
-			{
-			  if (cnt < gidsetsize)
-			    grouplist[cnt] = grp->gr_gid;
-			  ++cnt;
-			  if (gidsetsize && cnt > gidsetsize)
-			    goto error;
-			}
+		      if (cnt < gidsetsize)
+			grouplist[cnt] = grp->gr_gid;
+		      ++cnt;
+		      if (gidsetsize && cnt > gidsetsize)
+			goto error;
 		    }
 		}
 	    }
@@ -536,12 +525,6 @@ error:
   return -1;
 }
 
-extern "C" int
-getgroups32 (int gidsetsize, gid_t *grouplist)
-{
-  return internal_getgroups (gidsetsize, grouplist);
-}
-
 #ifdef __x86_64__
 EXPORT_ALIAS (getgroups32, getgroups)
 #else
@@ -558,7 +541,7 @@ getgroups (int gidsetsize, __gid16_t *grouplist)
   if (gidsetsize > 0 && grouplist)
     grouplist32 = (gid_t *) alloca (gidsetsize * sizeof (gid_t));
 
-  int ret = internal_getgroups (gidsetsize, grouplist32);
+  int ret = getgroups32 (gidsetsize, grouplist32);
 
   if (gidsetsize > 0 && grouplist)
     for (int i = 0; i < ret; ++ i)
@@ -572,9 +555,11 @@ getgroups (int gidsetsize, __gid16_t *grouplist)
 static void
 get_groups (const char *user, gid_t gid, cygsidlist &gsids)
 {
+  cyg_ldap cldap;
+
   cygheap->user.deimpersonate ();
-  struct passwd *pw = internal_getpwnam (user);
-  struct group *grp = internal_getgrgid (gid);
+  struct passwd *pw = internal_getpwnam (user, &cldap);
+  struct group *grp = internal_getgrgid (gid, &cldap);
   cygsid usersid, grpsid;
   if (usersid.getfrompw (pw))
     get_server_groups (gsids, usersid, pw);
@@ -614,6 +599,7 @@ getgrouplist (const char *user, gid_t gid, gid_t *groups, int *ngroups)
   int ret = 0;
   int cnt = 0;
   struct group *grp;
+  cyg_ldap cldap;
 
   /* Note that it's not defined if groups or ngroups may be NULL!
      GLibc does not check the pointers on entry and just uses them.
@@ -626,7 +612,7 @@ getgrouplist (const char *user, gid_t gid, gid_t *groups, int *ngroups)
   cygsidlist tmp_gsids (cygsidlist_auto, 12);
   get_groups (user, gid, tmp_gsids);
   for (int i = 0; i < tmp_gsids.count (); i++)
-    if ((grp = internal_getgrsid (tmp_gsids.sids[i])) != NULL)
+    if ((grp = internal_getgrsid (tmp_gsids.sids[i], &cldap)) != NULL)
       {
 	if (groups && cnt < *ngroups)
 	  groups[cnt] = grp->gr_gid;
@@ -656,13 +642,14 @@ setgroups32 (int ngroups, const gid_t *grouplist)
 
   cygsidlist gsids (cygsidlist_alloc, ngroups);
   struct group *grp;
+  cyg_ldap cldap;
 
   if (ngroups && !gsids.sids)
     return -1;
 
   for (int gidx = 0; gidx < ngroups; ++gidx)
     {
-      if ((grp = internal_getgrgid (grouplist[gidx]))
+      if ((grp = internal_getgrgid (grouplist[gidx], &cldap))
 	  && gsids.addfromgr (grp))
 	continue;
       debug_printf ("No sid found for gid %u", grouplist[gidx]);