From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
	id 3E0983858D20; Fri,  2 Dec 2022 15:52:33 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3E0983858D20
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1669996353;
	bh=f7QXf2vfFtgwneVG4PMH8sdUcbZ9HvkiAYUISlVOP4Q=;
	h=From:To:Subject:Date:From;
	b=YVtyBF2uI3YRN7CvrJ+DPHIMiZpEqHEZZRrk9aAJCt/uUrERb/sioQnvI6xZRSPEA
	 FqZ8vb9WDdpiy/BbL8gnxIJfRQSCO4wELAawD04nINSpH5eeTDc/bNGOFLIDqZ2uCc
	 qMRCOq3q+Q0VezFAg3A6flqqumZxcz3c15NCb060=
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Corinna Vinschen <corinna@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: uinfo: Drop long disabled nss_prefix and nss_separator
X-Act-Checkin: newlib-cygwin
X-Git-Author: Corinna Vinschen <corinna@vinschen.de>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 30add3e6b3e3211b3e2d4a093f45bee5c6e24b8b
X-Git-Newrev: 3b37a11870d5eb7880018955e88771c251c2c608
Message-Id: <20221202155233.3E0983858D20@sourceware.org>
Date: Fri,  2 Dec 2022 15:52:33 +0000 (GMT)
List-Id: <cygwin-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3D3b37a11870d=
5eb7880018955e88771c251c2c608

commit 3b37a11870d5eb7880018955e88771c251c2c608
Author:     Corinna Vinschen <corinna@vinschen.de>
AuthorDate: Fri Dec 2 15:13:24 2022 +0100
Commit:     Corinna Vinschen <corinna@vinschen.de>
CommitDate: Fri Dec 2 16:35:31 2022 +0100

    Cygwin: uinfo: Drop long disabled nss_prefix and nss_separator
   =20
    Originally the code was written to allow three ways of prefixing
    accounts and to freely define a domain/account separator.  This code
    has been disabled even before being officially released, and it was
    never re-enabled. Given there has been no complaints for eight years
    now, drop this code eventually.  Just add a macro to define the
    domain/account separator statically.
   =20
    Fixes: cc332c9e271b ("(cygheap_pwdgrp::nss_init_line): Disable db_prefix
    and db_separator settings.  Add comment")
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/external.cc              |   2 +-
 winsup/cygwin/local_includes/cygheap.h |  14 +--
 winsup/cygwin/uinfo.cc                 |  71 +++------------
 winsup/doc/ntsec.xml                   | 156 -----------------------------=
----
 4 files changed, 14 insertions(+), 229 deletions(-)

diff --git a/winsup/cygwin/external.cc b/winsup/cygwin/external.cc
index bc6a3139ddb9..582bab84f725 100644
--- a/winsup/cygwin/external.cc
+++ b/winsup/cygwin/external.cc
@@ -604,7 +604,7 @@ cygwin_internal (cygwin_getinfo_types t, ...)
 	break;
=20
       case CW_GETNSSSEP:
-	res =3D (uintptr_t) cygheap->pg.nss_separator ();
+	res =3D (uintptr_t) NSS_SEPARATOR_STRING;
 	break;
=20
       case CW_GETNSS_PWD_SRC:
diff --git a/winsup/cygwin/local_includes/cygheap.h b/winsup/cygwin/local_i=
ncludes/cygheap.h
index e671c3d326b3..347cbf448d50 100644
--- a/winsup/cygwin/local_includes/cygheap.h
+++ b/winsup/cygwin/local_includes/cygheap.h
@@ -393,13 +393,11 @@ public:
     { return rfc2307_domain_buf ?: NULL; }
 };
=20
+#define NSS_SEPARATOR_STRING	L"+"
+#define NSS_SEPARATOR_CHAR	(NSS_SEPARATOR_STRING[0])
+
 class cygheap_pwdgrp
 {
-  enum nss_pfx_t {
-    NSS_PFX_AUTO =3D 0,
-    NSS_PFX_PRIMARY,
-    NSS_PFX_ALWAYS
-  };
 public:
   enum nss_scheme_method {
     NSS_SCHEME_FALLBACK =3D 0,
@@ -418,8 +416,6 @@ private:
   bool		nss_inited;
   uint32_t	pwd_src;
   uint32_t	grp_src;
-  nss_pfx_t	prefix;
-  WCHAR		separator[2];
   bool		caching;
=20
 #define NSS_SCHEME_MAX	4
@@ -458,10 +454,6 @@ public:
   inline bool nss_grp_files () const { return !!(grp_src & NSS_SRC_FILES);=
 }
   inline bool nss_grp_db () const { return !!(grp_src & NSS_SRC_DB); }
   inline int  nss_grp_src () const { return grp_src; } /* CW_GETNSS_GRP_SR=
C */
-  inline bool nss_prefix_auto () const { return prefix =3D=3D NSS_PFX_AUTO=
; }
-  inline bool nss_prefix_primary () const { return prefix =3D=3D NSS_PFX_P=
RIMARY; }
-  inline bool nss_prefix_always () const { return prefix =3D=3D NSS_PFX_AL=
WAYS; }
-  inline PCWSTR nss_separator () const { return separator; }
   inline bool nss_cygserver_caching () const { return caching; }
   inline void nss_disable_cygserver_caching () { caching =3D false; }
=20
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index ce997c0f824e..a96c5e7fc6a0 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -579,14 +579,10 @@ cygheap_pwdgrp::init ()
=20
      passwd: files db
      group:  files db
-     db_prefix: auto		DISABLED
-     db_separator: +		DISABLED
      db_enum: cache builtin
   */
   pwd_src =3D (NSS_SRC_FILES | NSS_SRC_DB);
   grp_src =3D (NSS_SRC_FILES | NSS_SRC_DB);
-  prefix =3D NSS_PFX_AUTO;
-  separator[0] =3D L'+';
   enums =3D (ENUM_CACHE | ENUM_BUILTIN);
   enum_tdoms =3D NULL;
   caching =3D true;	/* INTERNAL ONLY */
@@ -650,32 +646,6 @@ cygheap_pwdgrp::nss_init_line (const char *line)
 	  break;
 	}
       c +=3D 3;
-#if 0 /* Disable setting prefix and separator from nsswitch.conf for now.
-	 Remove if nobody complains too loudly. */
-      if (NSS_NCMP ("prefix:"))
-	{
-	  c =3D strchr (c, ':') + 1;
-	  c +=3D strspn (c, " \t");
-	  if (NSS_CMP ("auto"))
-	    prefix =3D NSS_AUTO;
-	  else if (NSS_CMP ("primary"))
-	    prefix =3D NSS_PRIMARY;
-	  else if (NSS_CMP ("always"))
-	    prefix =3D NSS_ALWAYS;
-	  else
-	    debug_printf ("Invalid nsswitch.conf content: %s", line);
-	}
-      else if (NSS_NCMP ("separator:"))
-	{
-	  c =3D strchr (c, ':') + 1;
-	  c +=3D strspn (c, " \t");
-	  if ((unsigned char) *c <=3D 0x7f && *c !=3D ':' && strchr (" \t", c[1]))
-	    separator[0] =3D (unsigned char) *c;
-	  else
-	    debug_printf ("Invalid nsswitch.conf content: %s", line);
-	}
-      else
-#endif
       if (NSS_NCMP ("enum:"))
 	{
 	  tmp_pathbuf tp;
@@ -904,7 +874,7 @@ fetch_from_path (cyg_ldap *pldap, PUSER_INFO_3 ui, cygp=
sid &sid, PCWSTR str,
 		{
 		  w =3D wcpncpy (w, dom, we - w);
 		  if (w < we)
-		    *w++ =3D cygheap->pg.nss_separator ()[0];
+		    *w++ =3D NSS_SEPARATOR_CHAR;
 		}
 	      w =3D wcpncpy (w, name, we - w);
 	      break;
@@ -1939,14 +1909,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_=
t &arg, cyg_ldap *pldap)
       sys_mbstowcs (name, UNLEN + 1, arg.name);
       /* If the incoming name has a backslash or at sign, and neither back=
slash
 	 nor at are the domain separator chars, the name is invalid. */
-      if ((p =3D wcspbrk (name, L"\\@")) && *p !=3D cygheap->pg.nss_separa=
tor ()[0])
+      if ((p =3D wcspbrk (name, L"\\@")) && *p !=3D NSS_SEPARATOR_CHAR)
 	{
 	  debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
 	  return NULL;
 	}
       /* Replace domain separator char with backslash and make sure p is N=
ULL
 	 or points to the backslash. */
-      if ((p =3D wcschr (name, cygheap->pg.nss_separator ()[0])))
+      if ((p =3D wcschr (name, NSS_SEPARATOR_CHAR)))
 	{
 	  fq_name =3D true;
 	  *p =3D L'\\';
@@ -1992,13 +1962,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t=
 &arg, cyg_ldap *pldap)
 	  /* AzureAD user must be prepended by "domain" name. */
 	  if (sid_id_auth (sid) =3D=3D 12)
 	    return NULL;
-	  /* name_only only if db_prefix is auto. */
-	  if (!cygheap->pg.nss_prefix_auto ())
-	    {
-	      debug_printf ("Invalid account name <%s> (name only/"
-			    "db_prefix not auto)", arg.name);
-	      return NULL;
-	    }
 	  /* name_only account is either builtin or primary domain, or
 	     account domain on non-domain machines. */
 	  if (sid_id_auth (sid) =3D=3D 5 /* SECURITY_NT_AUTHORITY */
@@ -2023,9 +1986,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
 	}
       else
 	{
-	  /* All is well if db_prefix is always. */
-	  if (cygheap->pg.nss_prefix_always ())
-	    break;
 	  /* AzureAD accounts should be fully qualifed either. */
 	  if (sid_id_auth (sid) =3D=3D 12)
 	    break;
@@ -2042,9 +2002,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
 			    "not NON_UNIQUE or NT_SERVICE)", arg.name);
 	      return NULL;
 	    }
-	  /* All is well if db_prefix is primary. */
-	  if (cygheap->pg.nss_prefix_primary ())
-	    break;
 	  /* Domain member and domain =3D=3D primary domain? */
 	  if (cygheap->dom.member_machine ())
 	    {
@@ -2263,15 +2220,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_=
t &arg, cyg_ldap *pldap)
 #else
 	      posix_offset =3D 0;
 #endif
-	      fully_qualified_name =3D cygheap->pg.nss_prefix_always ();
 	      is_domain_account =3D false;
 	    }
 	  /* Account domain account? */
 	  else if (!wcscasecmp (dom, cygheap->dom.account_flat_name ()))
 	    {
 	      posix_offset =3D 0x30000;
-	      if (cygheap->dom.member_machine ()
-		  || !cygheap->pg.nss_prefix_auto ())
+	      if (cygheap->dom.member_machine ())
 		fully_qualified_name =3D true;
 	      is_domain_account =3D false;
 	    }
@@ -2290,8 +2245,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
 		     set domain here to non-NULL, unless you're sure you have
 		     also changed subsequent assumptions that domain is NULL
 		     if it's a primary domain account. */
-		  if (!cygheap->pg.nss_prefix_auto ())
-		    fully_qualified_name =3D true;
 		}
 	      else
 		{
@@ -2486,18 +2439,16 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_=
t &arg, cyg_ldap *pldap)
 	      if (pgrp)
 		{
 		  /* Set primary group from the "Description" field.  Prepend
-		     account domain if this is a domain member machine or the
-		     db_prefix setting requires it. */
+		     account domain if this is a domain member machine. */
 		  char gname[2 * DNLEN + strlen (pgrp) + 1], *gp =3D gname;
 		  struct group *gr;
=20
-		  if (cygheap->dom.member_machine ()
-		      || !cygheap->pg.nss_prefix_auto ())
+		  if (cygheap->dom.member_machine ())
 		    {
 		      gp =3D gname
 			   + sys_wcstombs (gname, sizeof gname,
 					   cygheap->dom.account_flat_name ());
-		      *gp++ =3D cygheap->pg.nss_separator ()[0];
+		      *gp++ =3D NSS_SEPARATOR_CHAR;
 		    }
 		  stpcpy (gp, pgrp);
 		  if ((gr =3D internal_getgrnam (gname, cldap)))
@@ -2521,9 +2472,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
 	    }
 	  break;
 	case SidTypeWellKnownGroup:
-	  fully_qualified_name =3D (cygheap->pg.nss_prefix_always ()
+	  fully_qualified_name =3D (
 		  /* NT SERVICE Account */
-		  || (sid_id_auth (sid) =3D=3D 5 /* SECURITY_NT_AUTHORITY */
+		  (sid_id_auth (sid) =3D=3D 5 /* SECURITY_NT_AUTHORITY */
 		      && sid_sub_auth (sid, 0) =3D=3D SECURITY_SERVICE_ID_BASE_RID)
 		  /* Microsoft Account */
 		  || sid_id_auth (sid) =3D=3D 11);
@@ -2582,7 +2533,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
 	  break;
 	case SidTypeLabel:
 	  uid =3D 0x60000 + sid_sub_auth_rid (sid);
-	  fully_qualified_name =3D cygheap->pg.nss_prefix_always ();
 	  break;
 	default:
 	  return NULL;
@@ -2641,7 +2591,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
       wcpcpy (name =3D namebuf, sid_sub_auth_rid (sid) =3D=3D 1
 	      ? (PWCHAR) L"Authentication authority asserted identity"
 	      : (PWCHAR) L"Service asserted identity");
-      fully_qualified_name =3D false;
       acc_type =3D SidTypeUnknown;
     }
   else if (sid_id_auth (sid) =3D=3D 22)
@@ -2711,7 +2660,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t =
&arg, cyg_ldap *pldap)
   if (gid =3D=3D ILLEGAL_GID)
     gid =3D uid;
   if (fully_qualified_name)
-    p =3D wcpcpy (wcpcpy (p, dom), cygheap->pg.nss_separator ());
+    p =3D wcpcpy (wcpcpy (p, dom), NSS_SEPARATOR_STRING);
   wcpcpy (p, name);
=20
   if (is_group ())
diff --git a/winsup/doc/ntsec.xml b/winsup/doc/ntsec.xml
index d089964660df..c6871ecf051e 100644
--- a/winsup/doc/ntsec.xml
+++ b/winsup/doc/ntsec.xml
@@ -870,9 +870,6 @@ set up to all default values:
   # /etc/nsswitch.conf
   passwd: files db
   group:  files db
-<!--
-  db_prefix:    auto
-  db_separator: + -->
   db_enum:  cache builtin
   db_home:  /home/%U
   db_shell: /bin/bash
@@ -991,159 +988,6 @@ and <literal>group</literal> information from the dat=
abase.
=20
 </sect4>
=20
-<!--
-
-  DESCRIPTION OF db_prefix AND db_separator
-
-  Keep in for reference
-
-
-<itemizedlist spacing=3D"compact">
-
-<listitem>
-<para>
-<literal>db_prefix:</literal> determines how the Cygwin user or group name
-is created.  The recognized values are:
-</para>
-
-<variablelist>
-  <varlistentry>
-    <term><literal>auto</literal></term>
-    <listitem>
-      <para>
-      This is the default.  If your account is from the primary domain of =
your
-      machine, or if your machine is a standalone machine (not a domain me=
mber),
-      your Cygwin account name is just the Windows account name.
-      </para>
-
-      <para>
-      If your account is from another domain, or if you're logged in as
-      local user on a domain machine, the Cygwin username will be the
-      combination of Windows domainname and username, with the separator
-      char in between:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation=3D"table"?>
-	<seglistitem>
-	  <seg><literal>MY_DOM+username</literal></seg>
-	  <seg>(foreign domain)</seg>
-	</seglistitem>
-	<seglistitem>
-	  <seg><literal>MACHINE+username</literal></seg>
-	  <seg>(local account)</seg>
-	</seglistitem>
-      </segmentedlist>
-
-      <para>
-      Builtin accounts are simply used as is:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation=3D"table"?>
-	<seglistitem>
-	  <seg><literal>LOCAL</literal></seg>
-	</seglistitem>
-	<seglistitem>
-	  <seg><literal>Users</literal></seg>
-	</seglistitem>
-      </segmentedlist>
-
-      <para>
-      Unknown accounts on NFS or Samba shares (that is, accounts which can=
not be
-      mapped to Windows user accounts via
-      <ulink url=3D"https://tools.ietf.org/html/rfc2307">RFC 2307</ulink>)=
 get a
-      Cygwin account name consisting of the artificial domains
-      <literal>Unix_User</literal> or <literal>Unix_Group</literal> and the
-      uid/gid value, for instance:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation=3D"table"?>
-	<seglistitem>
-	  <seg><literal>Unix_User+0</literal></seg>
-	  <seg>(root)</seg>
-	</seglistitem>
-	<seglistitem>
-	  <seg><literal>Unix_Group+10</literal></seg>
-	  <seg>(wheel)</seg>
-	</seglistitem>
-      </segmentedlist>
-    </listitem>
-  </varlistentry>
-
-  <varlistentry>
-    <term><literal>primary</literal></term>
-    <listitem>
-      <para>
-      Like <literal>auto</literal>, but primary domain accounts will be
-      prepended by the domainname as well.
-      </para>
-    </listitem>
-  </varlistentry>
-
-  <varlistentry>
-    <term><literal>always</literal></term>
-    <listitem>
-      <para>
-      All accounts, even the builtin accounts, will have the domain name
-      prepended:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation=3D"table"?>
-	<seglistitem>
-	  <seg><literal>BUILTIN+Users</literal></seg>
-	</seglistitem>
-      </segmentedlist>
-
-      <para>
-      A special case are builtin accounts which have an emtpy domain name.
-      These will be prependend by just the separator character in
-      <literal>always</literal> mode:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation=3D"table"?>
-	<seglistitem>
-	  <seg><literal>+LOCAL</literal></seg>
-	</seglistitem>
-      </segmentedlist>
-    </listitem>
-  </varlistentry>
-</variablelist>
-
-</listitem>
-
-<listitem>
-<para>
-<literal>db_separator:</literal> defines the spearator char used to prepen=
d the
-domain name to the user or group name.  The default is the plus character
-<literal>+</literal>.
-</para>
-
-<screen>
-  MY_DOM+username
-</screen>
-
-<para>
-With <literal>db_separator:</literal>, you can define any ASCII char except
-space, tab, carriage return, line feed, and the colon, as separator char.
-Example:
-</para>
-
-<screen>
-  db_separator: \
-</screen>
-
-<para>
-This results in usernames with the backslash as separator:
-</para>
-
-<screen>
-  MY_DOM\username
-</screen>
-
-</listitem>
-
-</itemizedlist>
--->
-
 <sect4 id=3D"ntsec-mapping-nsswitch-enum"><title id=3D"ntsec-mapping-nsswi=
tch-enum.title">The <literal>db_enum:</literal> setting</title>
=20
 <para>