public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Cygwin: uinfo: Drop long disabled nss_prefix and nss_separator
@ 2022-12-02 15:52 Corinna Vinschen
  0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2022-12-02 15:52 UTC (permalink / raw)
  To: cygwin-cvs

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=3b37a11870d5eb7880018955e88771c251c2c608

commit 3b37a11870d5eb7880018955e88771c251c2c608
Author:     Corinna Vinschen <corinna@vinschen.de>
AuthorDate: Fri Dec 2 15:13:24 2022 +0100
Commit:     Corinna Vinschen <corinna@vinschen.de>
CommitDate: Fri Dec 2 16:35:31 2022 +0100

    Cygwin: uinfo: Drop long disabled nss_prefix and nss_separator
    
    Originally the code was written to allow three ways of prefixing
    accounts and to freely define a domain/account separator.  This code
    has been disabled even before being officially released, and it was
    never re-enabled. Given there has been no complaints for eight years
    now, drop this code eventually.  Just add a macro to define the
    domain/account separator statically.
    
    Fixes: cc332c9e271b ("(cygheap_pwdgrp::nss_init_line): Disable db_prefix
    and db_separator settings.  Add comment")
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/external.cc              |   2 +-
 winsup/cygwin/local_includes/cygheap.h |  14 +--
 winsup/cygwin/uinfo.cc                 |  71 +++------------
 winsup/doc/ntsec.xml                   | 156 ---------------------------------
 4 files changed, 14 insertions(+), 229 deletions(-)

diff --git a/winsup/cygwin/external.cc b/winsup/cygwin/external.cc
index bc6a3139ddb9..582bab84f725 100644
--- a/winsup/cygwin/external.cc
+++ b/winsup/cygwin/external.cc
@@ -604,7 +604,7 @@ cygwin_internal (cygwin_getinfo_types t, ...)
 	break;
 
       case CW_GETNSSSEP:
-	res = (uintptr_t) cygheap->pg.nss_separator ();
+	res = (uintptr_t) NSS_SEPARATOR_STRING;
 	break;
 
       case CW_GETNSS_PWD_SRC:
diff --git a/winsup/cygwin/local_includes/cygheap.h b/winsup/cygwin/local_includes/cygheap.h
index e671c3d326b3..347cbf448d50 100644
--- a/winsup/cygwin/local_includes/cygheap.h
+++ b/winsup/cygwin/local_includes/cygheap.h
@@ -393,13 +393,11 @@ public:
     { return rfc2307_domain_buf ?: NULL; }
 };
 
+#define NSS_SEPARATOR_STRING	L"+"
+#define NSS_SEPARATOR_CHAR	(NSS_SEPARATOR_STRING[0])
+
 class cygheap_pwdgrp
 {
-  enum nss_pfx_t {
-    NSS_PFX_AUTO = 0,
-    NSS_PFX_PRIMARY,
-    NSS_PFX_ALWAYS
-  };
 public:
   enum nss_scheme_method {
     NSS_SCHEME_FALLBACK = 0,
@@ -418,8 +416,6 @@ private:
   bool		nss_inited;
   uint32_t	pwd_src;
   uint32_t	grp_src;
-  nss_pfx_t	prefix;
-  WCHAR		separator[2];
   bool		caching;
 
 #define NSS_SCHEME_MAX	4
@@ -458,10 +454,6 @@ public:
   inline bool nss_grp_files () const { return !!(grp_src & NSS_SRC_FILES); }
   inline bool nss_grp_db () const { return !!(grp_src & NSS_SRC_DB); }
   inline int  nss_grp_src () const { return grp_src; } /* CW_GETNSS_GRP_SRC */
-  inline bool nss_prefix_auto () const { return prefix == NSS_PFX_AUTO; }
-  inline bool nss_prefix_primary () const { return prefix == NSS_PFX_PRIMARY; }
-  inline bool nss_prefix_always () const { return prefix == NSS_PFX_ALWAYS; }
-  inline PCWSTR nss_separator () const { return separator; }
   inline bool nss_cygserver_caching () const { return caching; }
   inline void nss_disable_cygserver_caching () { caching = false; }
 
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index ce997c0f824e..a96c5e7fc6a0 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -579,14 +579,10 @@ cygheap_pwdgrp::init ()
 
      passwd: files db
      group:  files db
-     db_prefix: auto		DISABLED
-     db_separator: +		DISABLED
      db_enum: cache builtin
   */
   pwd_src = (NSS_SRC_FILES | NSS_SRC_DB);
   grp_src = (NSS_SRC_FILES | NSS_SRC_DB);
-  prefix = NSS_PFX_AUTO;
-  separator[0] = L'+';
   enums = (ENUM_CACHE | ENUM_BUILTIN);
   enum_tdoms = NULL;
   caching = true;	/* INTERNAL ONLY */
@@ -650,32 +646,6 @@ cygheap_pwdgrp::nss_init_line (const char *line)
 	  break;
 	}
       c += 3;
-#if 0 /* Disable setting prefix and separator from nsswitch.conf for now.
-	 Remove if nobody complains too loudly. */
-      if (NSS_NCMP ("prefix:"))
-	{
-	  c = strchr (c, ':') + 1;
-	  c += strspn (c, " \t");
-	  if (NSS_CMP ("auto"))
-	    prefix = NSS_AUTO;
-	  else if (NSS_CMP ("primary"))
-	    prefix = NSS_PRIMARY;
-	  else if (NSS_CMP ("always"))
-	    prefix = NSS_ALWAYS;
-	  else
-	    debug_printf ("Invalid nsswitch.conf content: %s", line);
-	}
-      else if (NSS_NCMP ("separator:"))
-	{
-	  c = strchr (c, ':') + 1;
-	  c += strspn (c, " \t");
-	  if ((unsigned char) *c <= 0x7f && *c != ':' && strchr (" \t", c[1]))
-	    separator[0] = (unsigned char) *c;
-	  else
-	    debug_printf ("Invalid nsswitch.conf content: %s", line);
-	}
-      else
-#endif
       if (NSS_NCMP ("enum:"))
 	{
 	  tmp_pathbuf tp;
@@ -904,7 +874,7 @@ fetch_from_path (cyg_ldap *pldap, PUSER_INFO_3 ui, cygpsid &sid, PCWSTR str,
 		{
 		  w = wcpncpy (w, dom, we - w);
 		  if (w < we)
-		    *w++ = cygheap->pg.nss_separator ()[0];
+		    *w++ = NSS_SEPARATOR_CHAR;
 		}
 	      w = wcpncpy (w, name, we - w);
 	      break;
@@ -1939,14 +1909,14 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
       sys_mbstowcs (name, UNLEN + 1, arg.name);
       /* If the incoming name has a backslash or at sign, and neither backslash
 	 nor at are the domain separator chars, the name is invalid. */
-      if ((p = wcspbrk (name, L"\\@")) && *p != cygheap->pg.nss_separator ()[0])
+      if ((p = wcspbrk (name, L"\\@")) && *p != NSS_SEPARATOR_CHAR)
 	{
 	  debug_printf ("Invalid account name <%s> (backslash/at)", arg.name);
 	  return NULL;
 	}
       /* Replace domain separator char with backslash and make sure p is NULL
 	 or points to the backslash. */
-      if ((p = wcschr (name, cygheap->pg.nss_separator ()[0])))
+      if ((p = wcschr (name, NSS_SEPARATOR_CHAR)))
 	{
 	  fq_name = true;
 	  *p = L'\\';
@@ -1992,13 +1962,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	  /* AzureAD user must be prepended by "domain" name. */
 	  if (sid_id_auth (sid) == 12)
 	    return NULL;
-	  /* name_only only if db_prefix is auto. */
-	  if (!cygheap->pg.nss_prefix_auto ())
-	    {
-	      debug_printf ("Invalid account name <%s> (name only/"
-			    "db_prefix not auto)", arg.name);
-	      return NULL;
-	    }
 	  /* name_only account is either builtin or primary domain, or
 	     account domain on non-domain machines. */
 	  if (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
@@ -2023,9 +1986,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	}
       else
 	{
-	  /* All is well if db_prefix is always. */
-	  if (cygheap->pg.nss_prefix_always ())
-	    break;
 	  /* AzureAD accounts should be fully qualifed either. */
 	  if (sid_id_auth (sid) == 12)
 	    break;
@@ -2042,9 +2002,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 			    "not NON_UNIQUE or NT_SERVICE)", arg.name);
 	      return NULL;
 	    }
-	  /* All is well if db_prefix is primary. */
-	  if (cygheap->pg.nss_prefix_primary ())
-	    break;
 	  /* Domain member and domain == primary domain? */
 	  if (cygheap->dom.member_machine ())
 	    {
@@ -2263,15 +2220,13 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 #else
 	      posix_offset = 0;
 #endif
-	      fully_qualified_name = cygheap->pg.nss_prefix_always ();
 	      is_domain_account = false;
 	    }
 	  /* Account domain account? */
 	  else if (!wcscasecmp (dom, cygheap->dom.account_flat_name ()))
 	    {
 	      posix_offset = 0x30000;
-	      if (cygheap->dom.member_machine ()
-		  || !cygheap->pg.nss_prefix_auto ())
+	      if (cygheap->dom.member_machine ())
 		fully_qualified_name = true;
 	      is_domain_account = false;
 	    }
@@ -2290,8 +2245,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 		     set domain here to non-NULL, unless you're sure you have
 		     also changed subsequent assumptions that domain is NULL
 		     if it's a primary domain account. */
-		  if (!cygheap->pg.nss_prefix_auto ())
-		    fully_qualified_name = true;
 		}
 	      else
 		{
@@ -2486,18 +2439,16 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	      if (pgrp)
 		{
 		  /* Set primary group from the "Description" field.  Prepend
-		     account domain if this is a domain member machine or the
-		     db_prefix setting requires it. */
+		     account domain if this is a domain member machine. */
 		  char gname[2 * DNLEN + strlen (pgrp) + 1], *gp = gname;
 		  struct group *gr;
 
-		  if (cygheap->dom.member_machine ()
-		      || !cygheap->pg.nss_prefix_auto ())
+		  if (cygheap->dom.member_machine ())
 		    {
 		      gp = gname
 			   + sys_wcstombs (gname, sizeof gname,
 					   cygheap->dom.account_flat_name ());
-		      *gp++ = cygheap->pg.nss_separator ()[0];
+		      *gp++ = NSS_SEPARATOR_CHAR;
 		    }
 		  stpcpy (gp, pgrp);
 		  if ((gr = internal_getgrnam (gname, cldap)))
@@ -2521,9 +2472,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	    }
 	  break;
 	case SidTypeWellKnownGroup:
-	  fully_qualified_name = (cygheap->pg.nss_prefix_always ()
+	  fully_qualified_name = (
 		  /* NT SERVICE Account */
-		  || (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
+		  (sid_id_auth (sid) == 5 /* SECURITY_NT_AUTHORITY */
 		      && sid_sub_auth (sid, 0) == SECURITY_SERVICE_ID_BASE_RID)
 		  /* Microsoft Account */
 		  || sid_id_auth (sid) == 11);
@@ -2582,7 +2533,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 	  break;
 	case SidTypeLabel:
 	  uid = 0x60000 + sid_sub_auth_rid (sid);
-	  fully_qualified_name = cygheap->pg.nss_prefix_always ();
 	  break;
 	default:
 	  return NULL;
@@ -2641,7 +2591,6 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
       wcpcpy (name = namebuf, sid_sub_auth_rid (sid) == 1
 	      ? (PWCHAR) L"Authentication authority asserted identity"
 	      : (PWCHAR) L"Service asserted identity");
-      fully_qualified_name = false;
       acc_type = SidTypeUnknown;
     }
   else if (sid_id_auth (sid) == 22)
@@ -2711,7 +2660,7 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
   if (gid == ILLEGAL_GID)
     gid = uid;
   if (fully_qualified_name)
-    p = wcpcpy (wcpcpy (p, dom), cygheap->pg.nss_separator ());
+    p = wcpcpy (wcpcpy (p, dom), NSS_SEPARATOR_STRING);
   wcpcpy (p, name);
 
   if (is_group ())
diff --git a/winsup/doc/ntsec.xml b/winsup/doc/ntsec.xml
index d089964660df..c6871ecf051e 100644
--- a/winsup/doc/ntsec.xml
+++ b/winsup/doc/ntsec.xml
@@ -870,9 +870,6 @@ set up to all default values:
   # /etc/nsswitch.conf
   passwd: files db
   group:  files db
-<!--
-  db_prefix:    auto
-  db_separator: + -->
   db_enum:  cache builtin
   db_home:  /home/%U
   db_shell: /bin/bash
@@ -991,159 +988,6 @@ and <literal>group</literal> information from the database.
 
 </sect4>
 
-<!--
-
-  DESCRIPTION OF db_prefix AND db_separator
-
-  Keep in for reference
-
-
-<itemizedlist spacing="compact">
-
-<listitem>
-<para>
-<literal>db_prefix:</literal> determines how the Cygwin user or group name
-is created.  The recognized values are:
-</para>
-
-<variablelist>
-  <varlistentry>
-    <term><literal>auto</literal></term>
-    <listitem>
-      <para>
-      This is the default.  If your account is from the primary domain of your
-      machine, or if your machine is a standalone machine (not a domain member),
-      your Cygwin account name is just the Windows account name.
-      </para>
-
-      <para>
-      If your account is from another domain, or if you're logged in as
-      local user on a domain machine, the Cygwin username will be the
-      combination of Windows domainname and username, with the separator
-      char in between:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation="table"?>
-	<seglistitem>
-	  <seg><literal>MY_DOM+username</literal></seg>
-	  <seg>(foreign domain)</seg>
-	</seglistitem>
-	<seglistitem>
-	  <seg><literal>MACHINE+username</literal></seg>
-	  <seg>(local account)</seg>
-	</seglistitem>
-      </segmentedlist>
-
-      <para>
-      Builtin accounts are simply used as is:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation="table"?>
-	<seglistitem>
-	  <seg><literal>LOCAL</literal></seg>
-	</seglistitem>
-	<seglistitem>
-	  <seg><literal>Users</literal></seg>
-	</seglistitem>
-      </segmentedlist>
-
-      <para>
-      Unknown accounts on NFS or Samba shares (that is, accounts which cannot be
-      mapped to Windows user accounts via
-      <ulink url="https://tools.ietf.org/html/rfc2307">RFC 2307</ulink>) get a
-      Cygwin account name consisting of the artificial domains
-      <literal>Unix_User</literal> or <literal>Unix_Group</literal> and the
-      uid/gid value, for instance:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation="table"?>
-	<seglistitem>
-	  <seg><literal>Unix_User+0</literal></seg>
-	  <seg>(root)</seg>
-	</seglistitem>
-	<seglistitem>
-	  <seg><literal>Unix_Group+10</literal></seg>
-	  <seg>(wheel)</seg>
-	</seglistitem>
-      </segmentedlist>
-    </listitem>
-  </varlistentry>
-
-  <varlistentry>
-    <term><literal>primary</literal></term>
-    <listitem>
-      <para>
-      Like <literal>auto</literal>, but primary domain accounts will be
-      prepended by the domainname as well.
-      </para>
-    </listitem>
-  </varlistentry>
-
-  <varlistentry>
-    <term><literal>always</literal></term>
-    <listitem>
-      <para>
-      All accounts, even the builtin accounts, will have the domain name
-      prepended:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation="table"?>
-	<seglistitem>
-	  <seg><literal>BUILTIN+Users</literal></seg>
-	</seglistitem>
-      </segmentedlist>
-
-      <para>
-      A special case are builtin accounts which have an emtpy domain name.
-      These will be prependend by just the separator character in
-      <literal>always</literal> mode:
-      </para>
-
-      <segmentedlist><?dbhtml list-presentation="table"?>
-	<seglistitem>
-	  <seg><literal>+LOCAL</literal></seg>
-	</seglistitem>
-      </segmentedlist>
-    </listitem>
-  </varlistentry>
-</variablelist>
-
-</listitem>
-
-<listitem>
-<para>
-<literal>db_separator:</literal> defines the spearator char used to prepend the
-domain name to the user or group name.  The default is the plus character
-<literal>+</literal>.
-</para>
-
-<screen>
-  MY_DOM+username
-</screen>
-
-<para>
-With <literal>db_separator:</literal>, you can define any ASCII char except
-space, tab, carriage return, line feed, and the colon, as separator char.
-Example:
-</para>
-
-<screen>
-  db_separator: \
-</screen>
-
-<para>
-This results in usernames with the backslash as separator:
-</para>
-
-<screen>
-  MY_DOM\username
-</screen>
-
-</listitem>
-
-</itemizedlist>
--->
-
 <sect4 id="ntsec-mapping-nsswitch-enum"><title id="ntsec-mapping-nsswitch-enum.title">The <literal>db_enum:</literal> setting</title>
 
 <para>

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-12-02 15:52 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-02 15:52 [newlib-cygwin] Cygwin: uinfo: Drop long disabled nss_prefix and nss_separator Corinna Vinschen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).