Don't perform RFC2307 account mapping without account DB

        * fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Only try
        to map user and group info per RFC2307 if account info is fetched
        from Windows account DB.
        (convert_samba_sd): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

4 files changed, 21 insertions, 8 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 4cde08bcb..3c17f1495 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,12 @@
 2015-08-14  Corinna Vinschen  <corinna@vinschen.de>
 
+	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Only try
+	to map user and group info per RFC2307 if account info is fetched
+	from Windows account DB.
+	(convert_samba_sd): Ditto.
+
+2015-08-14  Corinna Vinschen  <corinna@vinschen.de>
+
 	* security,cc (get_attribute_from_acl): Merge all group perms into
 	user perms if user is member of group.
 
diff --git a/winsup/cygwin/fhandler_disk_file.cc b/winsup/cygwin/fhandler_disk_file.cc
index f5edb03de..08ce81fad 100644
--- a/winsup/cygwin/fhandler_disk_file.cc
+++ b/winsup/cygwin/fhandler_disk_file.cc
@@ -349,7 +349,7 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
      add it to the mapping cache. */
   buf->st_uid = cygheap->ugid_cache.get_uid (nfs_attr->uid);
   buf->st_gid = cygheap->ugid_cache.get_gid (nfs_attr->gid);
-  if (buf->st_uid == ILLEGAL_UID)
+  if (buf->st_uid == ILLEGAL_UID && cygheap->pg.nss_pwd_db ())
     {
       uid_t map_uid = ILLEGAL_UID;
 
@@ -361,7 +361,7 @@ fhandler_base::fstat_by_nfs_ea (struct stat *buf)
       cygheap->ugid_cache.add_uid (nfs_attr->uid, map_uid);
       buf->st_uid = map_uid;
     }
-  if (buf->st_gid == ILLEGAL_GID)
+  if (buf->st_gid == ILLEGAL_GID && cygheap->pg.nss_grp_db ())
     {
       gid_t map_gid = ILLEGAL_GID;
 
diff --git a/winsup/cygwin/release/2.2.1 b/winsup/cygwin/release/2.2.1
index d8453d3a3..b31f18293 100644
--- a/winsup/cygwin/release/2.2.1
+++ b/winsup/cygwin/release/2.2.1
@@ -15,3 +15,7 @@ Bug Fixes
 
 - Fix output of /proc/cpuinfo in terms of cpu topology and cache size for
   modern CPUs and modern Windows OSes supporting more than 64 logical CPUs.
+
+- Don't try to perform RFC2307 owner/group mapping on Samba/NFS if account
+  info is only fetched from local passwd/group files.
+  Addresses: https://cygwin.com/ml/cygwin/2015-07/msg00270.html
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 462506028..939dc35e0 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1122,19 +1122,19 @@ convert_samba_sd (security_descriptor &sd_ret)
     return;
   group = sid;
 
-  if (sid_id_auth (owner) == 22)
+  if (sid_id_auth (owner) == 22 && cygheap->pg.nss_pwd_db ())
     {
       struct passwd *pwd;
       uid_t uid = owner.get_uid (&cldap);
       if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
-      	owner.getfrompw (pwd);
+	owner.getfrompw (pwd);
     }
-  if (sid_id_auth (group) == 22)
+  if (sid_id_auth (group) == 22 && cygheap->pg.nss_grp_db ())
     {
       struct group *grp;
       gid_t gid = group.get_gid (&cldap);
       if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
-      	group.getfromgr (grp);
+	group.getfromgr (grp);
     }
 
   if (!NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd_ret, &dummy,
@@ -1150,14 +1150,16 @@ convert_samba_sd (security_descriptor &sd_ret)
 	cygsid ace_sid ((PSID) &ace->SidStart);
 	if (sid_id_auth (ace_sid) == 22)
 	  {
-	    if (sid_sub_auth (ace_sid, 0) == 1) /* user */
+	    if (sid_sub_auth (ace_sid, 0) == 1 /* user */
+		&& cygheap->pg.nss_pwd_db ())
 	      {
 		struct passwd *pwd;
 		uid_t uid = ace_sid.get_uid (&cldap);
 		if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
 		  ace_sid.getfrompw (pwd);
 	      }
-	    else /* group */
+	    else if (sid_sub_auth (ace_sid, 0) == 1 /* group */
+		     && cygheap->pg.nss_grp_db ())
 	      {
 		struct group *grp;
 		gid_t gid = ace_sid.get_gid (&cldap);