* uinfo.cc (pwdgrp::fetch_account_from_windows): Allow fetching gid,

	home, shell and gecos info from NT4 domain.

2 files changed, 56 insertions, 21 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 9aa56f21d..87d0ffe7c 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,10 @@
 2015-01-21  Corinna Vinschen  <corinna@vinschen.de>
 
+	* uinfo.cc (pwdgrp::fetch_account_from_windows): Allow fetching gid,
+	home, shell and gecos info from NT4 domain.
+
+2015-01-21  Corinna Vinschen  <corinna@vinschen.de>
+
 	* sec_auth.cc (get_logon_server): Constify domain parameter.
 	* security.h (get_logon_server): Same in prototype.
 
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index ebc2991e9..f1fb99d01 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -2077,32 +2077,62 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 
 	  if (is_domain_account)
 	    {
-	      /* Use LDAP to fetch domain account infos. */
-	      if (cldap->open (NULL) != NO_ERROR)
-		break;
-	      if (cldap->fetch_ad_account (sid, is_group (), domain))
+	      /* On AD machines, use LDAP to fetch domain account infos. */
+	      if (cygheap->dom.primary_dns_name ())
 		{
-		  if ((id_val = cldap->get_primary_gid ()) != ILLEGAL_GID)
-		    gid = posix_offset + id_val;
-		  if (!is_group ())
+		  if (cldap->open (NULL) != NO_ERROR)
+		    break;
+		  if (cldap->fetch_ad_account (sid, is_group (), domain))
 		    {
-		      home = cygheap->pg.get_home (cldap, sid, dom, name,
-						   fully_qualified_name);
-		      shell = cygheap->pg.get_shell (cldap, sid, dom, name,
-						     fully_qualified_name);
-		      gecos = cygheap->pg.get_gecos (cldap, sid, dom, name,
-						     fully_qualified_name);
+		      if ((id_val = cldap->get_primary_gid ()) != ILLEGAL_GID)
+			gid = posix_offset + id_val;
+		      if (!is_group ())
+			{
+			  home = cygheap->pg.get_home (cldap, sid, dom, name,
+						       fully_qualified_name);
+			  shell = cygheap->pg.get_shell (cldap, sid, dom, name,
+							 fully_qualified_name);
+			  gecos = cygheap->pg.get_gecos (cldap, sid, dom, name,
+							 fully_qualified_name);
+			}
+		      /* Check and, if necessary, add unix<->windows id mapping
+			 on the fly, unless we're called from getpwent. */
+		      if (!pldap)
+			{
+			  id_val = cldap->get_unix_uid ();
+			  if (id_val != ILLEGAL_UID
+			      && cygheap->ugid_cache.get_uid (id_val)
+				 == ILLEGAL_UID)
+			    cygheap->ugid_cache.add_uid (id_val, uid);
+			}
 		    }
-		  /* Check and, if necessary, add unix<->windows id mapping on
-		     the fly, unless we're called from getpwent. */
-		  if (!pldap)
+		}
+	      /* If primary_dns_name() is empty, we're likely running under an
+		 NT4 domain, so we can't use LDAP.  For user accounts fall back
+		 to NetUserGetInfo.  This isn't overly fast, but keep in mind
+		 that NT4 domains are mostly replaced by AD these days. */
+	      else if (!is_group () && acc_type == SidTypeUser)
+		{
+		  WCHAR server[INTERNET_MAX_HOST_NAME_LENGTH + 3];
+		  NET_API_STATUS nas;
+		  PUSER_INFO_3 ui;
+		  
+		  if (!get_logon_server (cygheap->dom.primary_flat_name (),
+					 server, DS_IS_FLAT_NAME))
+		    break;
+		  nas = NetUserGetInfo (server, name, 3, (PBYTE *) &ui);
+		  if (nas != NERR_Success)
 		    {
-		      id_val = cldap->get_unix_uid ();
-		      if (id_val != ILLEGAL_UID
-			  && cygheap->ugid_cache.get_uid (id_val)
-			     == ILLEGAL_UID)
-			cygheap->ugid_cache.add_uid (id_val, uid);
+		      debug_printf ("NetUserGetInfo(%W) %u", name, nas);
+		      break;
 		    }
+		  gid = posix_offset + ui->usri3_primary_group_id;
+		  home = cygheap->pg.get_home (ui, sid, dom, name,
+					       fully_qualified_name);
+		  shell = cygheap->pg.get_shell (ui, sid, dom, name,
+						 fully_qualified_name);
+		  gecos = cygheap->pg.get_gecos (ui, sid, dom, name,
+						 fully_qualified_name);
 		}
 	    }
 	  /* Otherwise check account domain (local SAM).*/