Try best to handle user from domain not in trusted domain list.

	* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
	* uinfo.cc (cygheap_domain_info::add_domain): New method.
	(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
	if it was not in the original list of trusted domains and go ahead
	rather than bailing out.  Add comment to explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

3 files changed, 45 insertions, 4 deletions

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index a0a8c8a6e..7e925995f 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,5 +1,13 @@
 2015-03-30  Corinna Vinschen  <corinna@vinschen.de>
 
+	* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
+	* uinfo.cc (cygheap_domain_info::add_domain): New method.
+	(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
+	if it was not in the original list of trusted domains and go ahead
+	rather than bailing out.  Add comment to explain why.
+
+2015-03-30  Corinna Vinschen  <corinna@vinschen.de>
+
 	* cygtls.h (struct _cygtls): Convert thread_context to type CONTEXT.
 	* exceptions.cc (_cygtls::signal_debugger): Use sizeof (CONTEXT) for
 	size of CONTEXT copied for GDB's digestion.
diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index 6fb7a063b..fd848144f 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -393,6 +393,7 @@ public:
 
   inline PDS_DOMAIN_TRUSTSW trusted_domain (ULONG idx) const
     { return (idx < tdom_count) ? tdom + idx : NULL; }
+  PDS_DOMAIN_TRUSTSW add_domain (PCWSTR, PSID);
 
   inline PWCHAR get_rfc2307_domain () const
     { return rfc2307_domain_buf ?: NULL; }
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index b1025b02c..f78e484dd 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1428,6 +1428,29 @@ cygheap_domain_info::init ()
   return true;
 }
 
+PDS_DOMAIN_TRUSTSW
+cygheap_domain_info::add_domain (PCWSTR domain, PSID sid)
+{
+  PDS_DOMAIN_TRUSTSW new_tdom;
+  cygsid tsid (sid);
+
+  new_tdom = (PDS_DOMAIN_TRUSTSW) crealloc (tdom, (tdom_count + 1)
+						  * sizeof (DS_DOMAIN_TRUSTSW));
+  if (!new_tdom)
+    return NULL;
+
+  tdom = new_tdom;
+  new_tdom = &tdom[tdom_count];
+  new_tdom->DnsDomainName = new_tdom->NetbiosDomainName = cwcsdup (domain);
+  --*RtlSubAuthorityCountSid (tsid);
+  ULONG len = RtlLengthSid (tsid);
+  new_tdom->DomainSid = cmalloc_abort(HEAP_BUF, len);
+  RtlCopySid (len, new_tdom->DomainSid, tsid);
+  new_tdom->PosixOffset = 0;
+  ++tdom_count;
+  return new_tdom;
+}
+
 /* Per session, so it changes potentially when switching the user context. */
 static cygsid logon_sid ("");
 
@@ -2135,16 +2158,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 		    if (!wcscasecmp (dom, td->NetbiosDomainName))
 		      {
 			domain = td->DnsDomainName;
-			posix_offset =
-			  fetch_posix_offset (td, &loc_ldap);
 			break;
 		      }
-
 		  if (!domain)
 		    {
+		      /* This shouldn't happen, in theory, but it does.  There
+			 are cases where the user's logon domain does not show
+			 up in the list of trusted domains.  We're desperately
+			 trying to workaround that here bu adding an entry for
+			 this domain to the trusted domains and ask the DC for
+			 a  posix_offset.  There's a good chance this doesn't
+			 work either, but at least we tried, and the user can
+			 work. */
 		      debug_printf ("Unknown domain %W", dom);
-		      return NULL;
+		      td = cygheap->dom.add_domain (dom, sid);
+		      if (td)
+			domain = td->DnsDomainName;
 		    }
+		  if (domain)
+		    posix_offset = fetch_posix_offset (td, &loc_ldap);
 		}
 	    }
 	  /* If the domain returned by LookupAccountSid is not our machine