* ldap.h: Remove index macros.

	(class cyg_ldap): Remove members srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Remove private method taking index
	argument.
	(cyg_ldap::get_num_attribute): Ditto.  Add method taking attribute name.
	(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
	(cyg_ldap::get_unix_uid): Ditto.
	(cyg_ldap::get_unix_gid): Ditto.
	* ldap.cc: Throughout, use msg and entry in place of srch_msg and
	srch_entry.
	(std_user_attr): Add sAMAccountName and objectSid.
	(group_attr): Ditto.
	(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Move earlier in file.
	(cyg_ldap::get_num_attribute): Ditto.
	(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
	Use group_attr or user_attr rather than sid_attr to fetch all desired
	attributes for an account right away.
	(cyg_ldap::next_account): Store found SID in last_fetched_sid to
	skip calls to fetch_ad_account from fetch_account_from_windows.
	(cyg_ldap::get_string_attribute): Remove method taking index argument.
	(cyg_ldap::get_num_attribute): Ditto.
	* pwdgrp.h (class pg_ent): Fix formatting.  Add member dom.
	* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
	in dom.  Construct fetch_acc_t argument from LDAP attributes and
	call fetch_account_from_windows with that.
	* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
	FULL_acc_arg.  Change throughout.
	(struct fetch_acc_t): Rename from fetch_full_grp_t.  Change throughout.
	(struct fetch_user_arg_t): Rename full_grp to full_acc.  Change
	throughout.

1 files changed, 47 insertions, 46 deletions

diff --git a/winsup/cygwin/ldap.cc b/winsup/cygwin/ldap.cc
index 890ab38df..4935d467f 100644
--- a/winsup/cygwin/ldap.cc
+++ b/winsup/cygwin/ldap.cc
@@ -34,6 +34,8 @@ static PWCHAR rootdse_attr[] =
 
 static const PCWSTR std_user_attr[] =
 {
+  L"sAMAccountName",
+  L"objectSid",
   L"primaryGroupID",
   L"uidNumber",
   L"cygwinUnixUid",		/* TODO */
@@ -55,7 +57,8 @@ static const PCWSTR std_user_attr[] =
 
 static PWCHAR group_attr[] =
 {
-  (PWCHAR) L"cn",
+  (PWCHAR) L"sAMAccountName",
+  (PWCHAR) L"objectSid",
   (PWCHAR) L"gidNumber",
   (PWCHAR) L"cygwinUnixGid",	/* TODO */
   NULL
@@ -283,9 +286,9 @@ cyg_ldap::next_page_s ()
   do
     {
       ret = ldap_get_next_page_s (lh, srch_id, NULL, CYG_LDAP_ENUM_PAGESIZE,
-				  &total, &srch_msg);
+				  &total, &msg);
     }
-  while (ret == LDAP_SUCCESS && ldap_count_entries (lh, srch_msg) == 0);
+  while (ret == LDAP_SUCCESS && ldap_count_entries (lh, msg) == 0);
   if (ret && ret != LDAP_NO_RESULTS_RETURNED)
     debug_printf ("ldap_result() error 0x%02x", ret);
   return ret;
@@ -367,8 +370,6 @@ cyg_ldap::close ()
     ldap_search_abandon_page (lh, srch_id);
   if (lh)
     ldap_unbind (lh);
-  if (srch_msg)
-    ldap_msgfree (srch_msg);
   if (msg)
     ldap_msgfree (msg);
   if (val)
@@ -380,10 +381,29 @@ cyg_ldap::close ()
   val = NULL;
   def_context = NULL;
   srch_id = NULL;
-  srch_msg = srch_entry = NULL;
   last_fetched_sid = NO_SID;
 }
 
+PWCHAR
+cyg_ldap::get_string_attribute (PCWSTR name)
+{
+  if (val)
+    ldap_value_freeW (val);
+  val = ldap_get_valuesW (lh, entry, (PWCHAR) name);
+  if (val)
+    return val[0];
+  return NULL;
+}
+
+uint32_t
+cyg_ldap::get_num_attribute (PCWSTR name)
+{
+  PWCHAR ret = get_string_attribute (name);
+  if (ret)
+    return (uint32_t) wcstoul (ret, NULL, 10);
+  return (uint32_t) -1;
+}
+
 #define ACCOUNT_FILTER_START	L"(&(|(&(objectCategory=Person)" \
 				       "(objectClass=User))" \
 				     "(objectClass=Group))" \
@@ -478,19 +498,26 @@ cyg_ldap::enumerate_ad_accounts (PCWSTR domain, bool group)
   if (!group)
     filter = L"(&(objectCategory=Person)"
 		"(objectClass=User)"
-		/* 512 == ADS_UF_NORMAL_ACCOUNT */
+		/* 512 == ADS_UF_NORMAL_ACCOUNT
+		   Without checking this flag we'd enumerate undesired accounts
+		   like, e.g., interdomain trusts. */
 	        "(userAccountControl:" LDAP_MATCHING_RULE_BIT_AND ":=512)"
 	        "(objectSid=*))";
   else if (!domain)
+    /* From the local domain, we fetch well-known groups. */
     filter = L"(&(objectClass=Group)"
 		"(objectSid=*))";
   else
+    /* From foreign domains, we don't. */
     filter = L"(&(objectClass=Group)"
 		/* 1 == BUILTIN_LOCAL_GROUP */
 		"(!(groupType:" LDAP_MATCHING_RULE_BIT_AND ":=1))"
 		"(objectSid=*))";
+  if (!user_attr)
+    cygheap->pg.init_ldap_user_attr ();
+  attr = group ? group_attr : user_attr;
   srch_id = ldap_search_init_pageW (lh, def_context, LDAP_SCOPE_SUBTREE,
-				    (PWCHAR) filter, sid_attr, 0, NULL, NULL,
+				    (PWCHAR) filter, attr, 0, NULL, NULL,
 				    INFINITE, CYG_LDAP_ENUM_PAGESIZE, NULL);
   if (srch_id == NULL)
     {
@@ -507,25 +534,25 @@ cyg_ldap::next_account (cygsid &sid)
   ULONG ret;
   PLDAP_BERVAL *bval;
 
-  if (srch_entry)
+  if (entry)
     {
-      if ((srch_entry = ldap_next_entry (lh, srch_entry))
-	  && (bval = ldap_get_values_lenW (lh, srch_entry, sid_attr[0])))
+      if ((entry = ldap_next_entry (lh, entry))
+	  && (bval = ldap_get_values_lenW (lh, entry, (PWCHAR) L"objectSid")))
 	{
-	  sid = (PSID) bval[0]->bv_val;
+	  last_fetched_sid = sid = (PSID) bval[0]->bv_val;
 	  ldap_value_free_len (bval);
 	  return NO_ERROR;
 	}
-      ldap_msgfree (srch_msg);
-      srch_msg = srch_entry = NULL;
+      ldap_msgfree (msg);
+      msg = entry = NULL;
     }
   ret = next_page ();
   if (ret == NO_ERROR)
     {
-      if ((srch_entry = ldap_first_entry (lh, srch_msg))
-	  && (bval = ldap_get_values_lenW (lh, srch_entry, sid_attr[0])))
+      if ((entry = ldap_first_entry (lh, msg))
+	  && (bval = ldap_get_values_lenW (lh, entry, (PWCHAR) L"objectSid")))
 	{
-	  sid = (PSID) bval[0]->bv_val;
+	  last_fetched_sid = sid = (PSID) bval[0]->bv_val;
 	  ldap_value_free_len (bval);
 	  return NO_ERROR;
 	}
@@ -574,33 +601,7 @@ cyg_ldap::fetch_posix_offset_for_domain (PCWSTR domain)
       debug_printf ("No entry for %W in def_context %W", filter, def_context);
       return UINT32_MAX;
     }
-  return get_num_attribute (0);
-}
-
-PWCHAR
-cyg_ldap::get_string_attribute (PCWSTR name)
-{
-  if (val)
-    ldap_value_freeW (val);
-  val = ldap_get_valuesW (lh, entry, (PWCHAR) name);
-  if (val)
-    return val[0];
-  return NULL;
-}
-
-PWCHAR
-cyg_ldap::get_string_attribute (int idx)
-{
-  return get_string_attribute (attr[idx]);
-}
-
-uint32_t
-cyg_ldap::get_num_attribute (int idx)
-{
-  PWCHAR ret = get_string_attribute (attr[idx]);
-  if (ret)
-    return (uint32_t) wcstoul (ret, NULL, 10);
-  return (uint32_t) -1;
+  return get_num_attribute (tdom_attr[0]);
 }
 
 #define UXID_FILTER_GRP L"(&(objectClass=Group)" \
@@ -625,7 +626,7 @@ cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group)
   if (search (def_context, LDAP_SCOPE_SUBTREE, filter, sid_attr) != 0)
     return false;
   if ((entry = ldap_first_entry (lh, msg))
-      && (bval = ldap_get_values_lenW (lh, entry, sid_attr[0])))
+      && (bval = ldap_get_values_lenW (lh, entry, (PWCHAR) L"objectSid")))
     {
       sid = (PSID) bval[0]->bv_val;
       ldap_value_free_len (bval);
@@ -664,7 +665,7 @@ cyg_ldap::fetch_unix_name_from_rfc2307 (uint32_t id, bool group)
       debug_printf ("No entry for %W in def_context %W", filter, def_context);
       return NULL;
     }
-  return get_string_attribute (0);
+  return get_string_attribute (attr[0]);
 }
 
 uid_t