newlib-cygwin/winsup/cygwin/security.cc

1209 lines
37 KiB
C++
Raw Normal View History

/* security.cc: NT file access control functions
2000-02-18 03:38:33 +08:00
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
Introduce reading passwd/group entries from SAM/AD. Introduce /etc/nsswitch.conf file to configure it. * Makefile.in (DLL_OFILES): Add ldap.o. * autoload.cc: Import ldap functions from wldap32.dll. (DsEnumerateDomainTrustsW): Import. (NetGroupGetInfo): Import. * cygheap.h (class cygheap_domain_info): New class to keep global domain info. (class cygheap_pwdgrp): New class to keep passwd/group caches and configuration info from /etc/nssswitch.conf. (struct init_cygheap): Add cygheap_domain_info member "dom" and cygheap_pwdgrp member "pg". * cygtls.h (struct _local_storage): Remove unused member "res". Rearrange slightly, Add members pwbuf and grbuf to implement non-caching passwd/group fetching from SAM/AD. Make pw_pos and pw_pos unsigned. * fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307 uid/gid mapping. * fhandler_process.cc: Drop including pwdgrp.h. * fhandler_procsysvipc.cc: Ditto. * fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID. * grp.cc (group_buf): Drop. (gr): Drop. (pwdgrp::parse_group): Fill pg_grp. (pwdgrp::read_group): Remove. (pwdgrp::init_grp): New method. (pwdgrp::prep_tls_grbuf): New method. (pwdgrp::find_group): New methods. (internal_getgrsid): Convert to call new pwdgrp methods. (internal_getgrnam): Ditto. (internal_getgrgid): Ditto. (getgrgid_r): Drop 2nd parameter from internal_getgrgid call. (getgrgid32): Ditto. (getgrnam_r): Ditto for internal_getgrnam. (getgrnam32): Ditto. (getgrent32): Convert to call new pwdgrp methods. (internal_getgrent): Remove. (internal_getgroups): Simplify, especially drop calls to internal_getgrent. * ldap.cc: New file implementing cyg_ldap class for LDAP access to AD and RFC 2307 server. * ldap.h: New header, declaring cyg_ldap class. * passwd.cc (passwd_buf): Drop. (pr): Drop. (pwdgrp::parse_passwd): Fill pg_pwd. (pwdgrp::read_passwd): Remove. (pwdgrp::init_pwd): New method. (pwdgrp::prep_tls_pwbuf): New method. (find_user): New methods. (internal_getpwsid): Convert to call new pwdgrp methods. (internal_getpwnam): Ditto. (internal_getpwuid): Ditto. (getpwuid32): Drop 2nd parameter from internal_getpwuid call. (getpwuid_r): Ditto. (getpwnam): Ditto for internal_getpwnam. (getpwnam_r): Ditto. (getpwent): Convert to call new pwdgrp methods. * path.cc (class etc): Remove all methods. * path.h (class etc): Drop. * pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather than UNKNOWN_GID. (pinfo_init): Ditto. * pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration. (internal_getpwuid): Ditto. (internal_getgrgid): Ditto. (internal_getgrnam): Ditto. (internal_getgrent): Drop declaration. (enum fetch_user_arg_type_t): New type. (struct fetch_user_arg_t): New type. (struct pg_pwd): New type. (struct pg_grp): New type. (class pwdgrp): Rework to provide functions for file and db requests and caching. (class ugid_cache_t): New class to provide RFC 2307 uid map caching. (ugid_cache): Declare. * sec_acl.cc: Drop including pwdgrp.h. * sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h. (get_logon_server): Convert third parameter to ULONG flags argument to allow arbitrary flags values in DsGetDcNameW call and change calls to this function throughout. Use cached account domain name rather than calling GetComputerNameW. (get_unix_group_sidlist): Remove. (get_server_groups): Drop call to get_unix_group_sidlist. (verify_token): Rework token group check without calling internal_getgrent. * sec_helper.cc (cygpsid::pstring): New methods, like string() but return pointer to end of string. (cygsid::getfromstr): Add wide character implementation. (get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares. * security.cc: Drop including pwdgrp.h. * security.h (DEFAULT_UID): Remove. (UNKNOWN_UID): Remove. (UNKNOWN_GID): Remove. (uinfo_init): Move here from winsup.h. (ILLEGAL_UID): Ditto. (ILLEGAL_GID): Ditto. (UNIX_POSIX_OFFSET): Define. Add lengthy comment. (UNIX_POSIX_MASK): Ditto. (MAP_UNIX_TO_CYGWIN_ID): Ditto. (ILLEGAL_UID16): Move here from winsup.h. (ILLEGAL_GID16): Ditto. (uid16touid32): Ditto. (gid16togid32): Ditto. (sid_id_auth): New convenience macro for SID component access. (sid_sub_auth_count): Ditto. (sid_sub_auth): Ditto. (sid_sub_auth_rid): Ditto. (cygpsid::pstring): Declare. (cygsid::getfromstr): Declare wide character variant. (cygsid::operator=): Ditto. (cygsid::operator*=): Ditto. (get_logon_server): Change declaration according to source code. * setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam call. * shared.cc (memory_init): Call cygheap->pg.init in first process. * syscalls.cc: Drop including pwdgrp.h. * tlsoffsets.h: Regenerate. * tlsoffsets64.h: Ditto. * uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid call. Fix debug output. Overwrite user gid in border case of a missing passwd file while a group file exists. (pwdgrp::add_line): Allocate memory on cygheap. (pwdgrp::load): Remove. (ugid_cache): Define. (cygheap_pwdgrp::init): New method. (cygheap_pwdgrp::nss_init_line): New method. (cygheap_pwdgrp::_nss_init): New method. (cygheap_domain_info::init): New method. (logon_sid): Define. (get_logon_sid): New function. (pwdgrp::add_account_post_fetch): New method. (pwdgrp::add_account_from_file): New methods. (pwdgrp::add_account_from_windows): New methods. (pwdgrp::check_file): New method. (pwdgrp::fetch_account_from_line): New method. (pwdgrp::fetch_account_from_file): New method. (pwdgrp::fetch_account_from_windows): New method. * winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-10 03:44:56 +08:00
2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc.
2000-02-18 03:38:33 +08:00
Originaly written by Gunther Ebert, gunther.ebert@ixos-leipzig.de
2001-02-22 06:59:11 +08:00
Completely rewritten by Corinna Vinschen <corinna@vinschen.de>
2000-02-18 03:38:33 +08:00
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#include "winsup.h"
2000-02-18 03:38:33 +08:00
#include <unistd.h>
#include <stdlib.h>
#include "cygerrno.h"
#include "security.h"
#include "path.h"
* devices.cc: New file. * devices.gperf: New file. * devices.shilka: New file. * cygwin-gperf: New file. * cygwin-shilka: New file. * fhandler_fifo.cc: New file. * fhandler_nodevice.cc : New file. Reorganize headers so that path.h precedes fhandler.h throughout. Remove device argument and unit arguments from fhandler constructors throughout. Remove pc arguments to fhandler functions and use internal pc element instead, throughout. Use dev element in pc throughout. Use major/minor elements rather than units and device numbers previously in fhandler class. Use correct methods for fhandler file names rather than directly accessing file name variables, throughout. * Makefile.in (DLL_OFILES): Add devices.o, fhandler_fifo.o * dcrt0.cc (dll_crt0_1): Call device::init. * devices.h: Renumber devices based on more Linux-like major/minor numbers. Add more devices. Declare standard device storage. (device): Declare struct. * dir.cc (opendir): Use new 'build_fh_name' to construct a fhandler_* type. * dtable.cc (dtable::get_debugger_info): Ditto. (cygwin_attach_handle_to_fd): Ditto. (dtable::release): Remove special FH_SOCKET case in favor of generic "need_fixup_before" test. (dtable::init_std_file_from_handle): Use either build_fh_dev or build_fh_name to build standard fhandler. (dtable::build_fh_name): Renamed from dtable::build_fhandler_from_name. Move out of dtable class. Don't accept a path_conv argument. Just build it here and pass it to: (build_fh_pc): Renamed from dtable::build_fhandler. Move out of dtable class. Use intrinsic device type in path_conv to create new fhandler. (build_fh_dev): Renamed from dtable::build_fhandler. Move out of dtable class. Simplify arguments to just take new 'device' type and a name. Just return pointer to fhandler rather than trying to insert into dtable. (dtable::dup_worker): Accommodate above build_fh name changes. (dtable::find_fifo): New (currently broken) function. (handle_to_fn): Use strechr for efficiency. * dtable.h: Reflect above build_fh name changes and argument differences. (fhandler_base *&operator []): Return self rather than copy of self. * fhandler.cc (fhandler_base::operator =): Use pc element to set normalized path. (fhandler_base::set_name): Ditto. (fhandler_base::raw_read): Use method to access name. (fhandler_base::write): Correctly use get_output_handle rather than get_handle. (handler_base::device_access_denied): New function. (fhandler_base::open): Eliminate pc argument and use pc element of fhandler_base throughout. (fhandler_base::fstat): Detect if device is based in filesystem and use fstat_fs to calculate stat, if so. (fhandler_base::fhandler_base): Eliminate handling of file names and, instead, just free appropriate component from pc. (fhandler_base::opendir): Remove path_conv parameter. * fhandler.h: Remove all device flags. (fhandler_base::pc): New element. (fhandler_base::set_name): Change argument to path_conv. (fhandler_base::error): New function. (fhandler_base::exists): New function. (fhandler_base::pc_binmode): New function. (fhandler_base::dev): New function. (fhandler_base::open_fs): New function. (fhandler_base::fstat_fs): New function. (fhandler_base::fstat_by_name): New function. (fhandler_base::fstat_by_handle): New function. (fhandler_base::isfifo): New function. (fhandler_base::is_slow): New function. (fhandler_base::is_auto_device): New function. (fhandler_base::is_fs_special): New function. (fhandler_base::device_access_denied): New function. (fhandler_base::operator DWORD&): New operator. (fhandler_base::get_name): Return normalized path from pc. (fhandler_base::get_win32_name): Return windows path from pc. (fhandler_base::isdevice): Renamed from is_device. (fhandler_base::get_native_name): Return device format. (fhandler_fifo): New class. (fhandler_nodevice): New class. (select_stuff::device_specific): Remove array. (select_stuff::device_specific_pipe): New class element. (select_stuff::device_specific_socket): New class element. (select_stuff::device_specific_serial): New class element. (select_stuff::select_stuff): Initialize new elements. * fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Move to base class from fhandler_disk_file. (fhandler_base::fstat_by_name): Ditto. (fhandler_base::fstat_by_name): Ditto. (fhandler_disk_file::open): Move most functionality into fhandler_base::open_fs. (fhandler_base::open_fs): New function. (fhandler_disk_file::close): Move most functionality into fhandler_base::close_fs. (fhandler_base::close_fs): New function. * fhandler_mem.cc (fhandler_dev_mem::open): Use device name in debugging output. * fhandler_socket.cc (fhandler_socket::set_connect_secret): Copy standard urandom device into appropriate place. (fhandler_socket::accept): Reflect change in fdsock return value. * fhandler_tty.cc: See "throughouts" above. * net.cc: Accommodate fdsock change throughout. (fdsock): Return success or failure, accept fd argument and device argument. * path.cc (symlink_info::major): New element. (symlink_info::minor): New element. (symlink_info::parse_device): Declare new function. (fs_info::update): Accommodate changes in path_conv class. (path_conv::fillin): Ditto. (path_conv::return_and_clear_normalized_path): Eliminate. (path_conv::set_normalized_path): New function. (path_conv::path_conv): Set info in dev element. Use path_conv methods Check for FH_FS rather than FH_BAD to indicate when to fill in filesystem stuff. where appropriate rather than direct access. Use set_normalized_path to set normalized path. (windows_device_names): Eliminate. (get_dev): Ditto. (get_raw_device_number): Ditto. (get_device_number): Ditto. (win32_device_name): Call new device name parser to do most of the heavy lifting. (mount_info::conv_to_win32_path): Fill in dev field as appropriate. (symlink_worker): Handle new device files. (symlink_info::check): Ditto. (symlink_info::parse_device): Define new function. * path.h (executable_states): Move here from fhandler.h. (fs_info): Rename variables to *_storage and create methods for accessing same. (path_conv): Add dev element, remove devn and unit and adjust inline methods to accommodate. (set_normalized_path): Declare new function. * pinfo.cc (_pinfo::commune_recv): Add broken support for handling fifos. (_pinfo::commune_send): Ditto. * pipe.cc (fhandler_pipe::close): check for existence of handle before closing it. (handler_pipe::create): Rename from make_pipe. Change arguments to accept fhandler_pipe array. Accommodate fifos. (pipe): Rework to deal with fhandler_pipe::create changes. (_pipe): Ditto. * select.cc: Use individual device_specific types throughout rather than indexing with obsolete device number. (set_bits): Use is_socket call rather than checking device number. * shared_info.h (CURR_MOUNT_MAGIC): Update. (conv_to_win32_path): Reflect addition of device argument. * syscalls.cc (mknod_worker): New function. (open): Use build_fh_name to build fhandler. (chown_worker): Detect if this is an 'auto' device rather than an on-filesystem device and handle appropriately. (chmod_device): New function. (chmod): Detect if this is an 'auto' device rather than an on-filesystem device and handle appropriately. Use chmod_device to set mode of in-filesystem devices. (stat_worker): Eliminate path_conv argument. Call build_fh_name to construct fhandler. Use fh->error() rather than pc->error to detect errors in fhandler construction. (access_worker): New function pulled from access. Accommodate in-filesystem devices. (access): Use access_worker. (fpathconf): Detect if this is an 'auto' device rather than an on-filesystem device and handle appropriately. (mknod_worker): New function. (mknod32): New function. (chroot): Free normalized path -- assuming it was actually cmalloced. * tty.cc (create_tty_master): Tweak for new device class. (tty::common_init): Ditto. * winsup.h (stat_worker): Remove. (symlink_worker): Declare. * exceptions.cc (set_process_mask): Just call sig_dispatch_pending and don't worry about pending_signals since sig_dispatch_pending should always do the right thing now. (sig_handle): Reorganize SIGCONT handling to more closely conform to SUSv3. * pinfo.h: Move __SIG enum to sigproc.h. (PICOM_FIFO): New enum element. (_pinfo): Remove 'thread2signal' stuff throughout class. (_pinfo::commune_send): Make varargs. (_pinfo::sigtodo): Eliminate. (_pinfo::thread2signal): Ditto. * signal.cc (kill_worker): Eliminate call to setthread2signal. * sigproc.cc (local_sigtodo): Eliminate. (getlocal_sigtodo): Ditto. (sigelem): New class. (pending_signals): New class. (sigqueue): New variable, start of sigqueue linked list. (sigcatch_nonmain): Eliminate. (sigcatch_main): Eliminate. (sigcatch_nosync): Eliminate. (sigcomplete_nonmain): Eliminate. (pending_signals): Eliminate. (sig_clear): Call signal thread to clear pending signals, unless already in signal thread. (sigpending): Call signal thread to get pending signals. (sig_dispatch_pending): Eliminate use of pending_signals and just check sigqueue. (sigproc_terminate): Eliminate all of the obsolete semaphore stuff. Close signal pipe handle. (sig_send): Eliminate all of the obsolete semaphore stuff and use pipe to send signals. (getevent): Eliminate. (pending_signals::add): New function. (pending_signals::del): New function. (pending_signals::next): New function. (wait_sig): Eliminate all of the obsolete semaphore stuff. Use pipe to communicate and maintain a linked list of signals. * sigproc.h: Move __SIG defines here. Add __SIGPENDING. (sig_dispatch_pending): Remove "C" specifier. (sig_handle): Accept a mask argument. * thread.cc: Remove signal handling considerations throughout.
2003-09-25 08:37:18 +08:00
#include "fhandler.h"
#include "dtable.h"
#include "pinfo.h"
#include "cygheap.h"
* autoload.cc: Add load statements for `LookupAccountNameW', `LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory', `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum', `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and `NtCreateToken'. * ntdll.h: Add declaration for `NtCreateToken'. * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. (cygsid::string): Define as const method. (cygsid::get_sid): Set psid to NO_SID on error. (cygsid::getfromstr): Ditto. (cygsid::getfrompw): Simplify. (cygsid::getfromgr): Check for gr == NULL. (legal_sid_type): Move to security.h. (set_process_privilege): Return -1 on error, otherwise 0 or 1 related to previous privilege setting. * security.cc (extract_nt_dom_user): Remove `static'. (lsa2wchar): New function. (open_local_policy): Ditto. (close_local_policy): Ditto. (get_lsa_srv_inf): Ditto. (get_logon_server): Ditto. (get_logon_server_and_user_domain): Ditto. (get_user_groups): Ditto. (is_group_member): Ditto. (get_user_local_groups): Ditto. (sid_in_token_groups): Ditto. (get_user_primary_group): Ditto. (get_group_sidlist): Ditto. (get_system_priv_list): Ditto. (get_priv_list): Ditto. (get_dacl): Ditto. (create_token): Ditto. (subauth): Return immediately if SE_TCB_NAME can't be assigned. Change all return statements in case of error to jumps to `out' label. Add `out' label to support cleanup. * security.h: Add extern declarations for `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. Add extern declarations for functions `create_token', `extract_nt_dom_user' and `get_logon_server_and_user_domain'. (class cygsid): Add method `assign'. Change operator= to call new `assign' method. Add `debug_print' method. (class cygsidlist): New class. (legal_sid_type): Moved from sec_helper.cc to here. * spawn.cc (spawn_guts) Revert reversion of previous patch. Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid' again. * syscalls.cc (seteuid): Rearranged. Call `create_token' now when needed. Call `subauth' if `create_token' fails. Try setting token owner and primary group only if token was not explicitely created by `create_token'. * uinfo.cc (internal_getlogin): Try harder to generate correct user information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
#include "ntdll.h"
#include "tls_pbuf.h"
#include <aclapi.h>
#define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \
| GROUP_SECURITY_INFORMATION \
| OWNER_SECURITY_INFORMATION)
* autoload.cc: Add load statements for `LookupAccountNameW', `LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory', `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum', `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and `NtCreateToken'. * ntdll.h: Add declaration for `NtCreateToken'. * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. (cygsid::string): Define as const method. (cygsid::get_sid): Set psid to NO_SID on error. (cygsid::getfromstr): Ditto. (cygsid::getfrompw): Simplify. (cygsid::getfromgr): Check for gr == NULL. (legal_sid_type): Move to security.h. (set_process_privilege): Return -1 on error, otherwise 0 or 1 related to previous privilege setting. * security.cc (extract_nt_dom_user): Remove `static'. (lsa2wchar): New function. (open_local_policy): Ditto. (close_local_policy): Ditto. (get_lsa_srv_inf): Ditto. (get_logon_server): Ditto. (get_logon_server_and_user_domain): Ditto. (get_user_groups): Ditto. (is_group_member): Ditto. (get_user_local_groups): Ditto. (sid_in_token_groups): Ditto. (get_user_primary_group): Ditto. (get_group_sidlist): Ditto. (get_system_priv_list): Ditto. (get_priv_list): Ditto. (get_dacl): Ditto. (create_token): Ditto. (subauth): Return immediately if SE_TCB_NAME can't be assigned. Change all return statements in case of error to jumps to `out' label. Add `out' label to support cleanup. * security.h: Add extern declarations for `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. Add extern declarations for functions `create_token', `extract_nt_dom_user' and `get_logon_server_and_user_domain'. (class cygsid): Add method `assign'. Change operator= to call new `assign' method. Add `debug_print' method. (class cygsidlist): New class. (legal_sid_type): Moved from sec_helper.cc to here. * spawn.cc (spawn_guts) Revert reversion of previous patch. Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid' again. * syscalls.cc (seteuid): Rearranged. Call `create_token' now when needed. Call `subauth' if `create_token' fails. Try setting token owner and primary group only if token was not explicitely created by `create_token'. * uinfo.cc (internal_getlogin): Try harder to generate correct user information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
2013-04-23 17:44:36 +08:00
static GENERIC_MAPPING NO_COPY_RO file_mapping = { FILE_GENERIC_READ,
FILE_GENERIC_WRITE,
FILE_GENERIC_EXECUTE,
FILE_ALL_ACCESS };
LONG
get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
bool justcreated)
* autoload.cc: Add load statements for `LookupAccountNameW', `LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory', `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum', `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and `NtCreateToken'. * ntdll.h: Add declaration for `NtCreateToken'. * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. (cygsid::string): Define as const method. (cygsid::get_sid): Set psid to NO_SID on error. (cygsid::getfromstr): Ditto. (cygsid::getfrompw): Simplify. (cygsid::getfromgr): Check for gr == NULL. (legal_sid_type): Move to security.h. (set_process_privilege): Return -1 on error, otherwise 0 or 1 related to previous privilege setting. * security.cc (extract_nt_dom_user): Remove `static'. (lsa2wchar): New function. (open_local_policy): Ditto. (close_local_policy): Ditto. (get_lsa_srv_inf): Ditto. (get_logon_server): Ditto. (get_logon_server_and_user_domain): Ditto. (get_user_groups): Ditto. (is_group_member): Ditto. (get_user_local_groups): Ditto. (sid_in_token_groups): Ditto. (get_user_primary_group): Ditto. (get_group_sidlist): Ditto. (get_system_priv_list): Ditto. (get_priv_list): Ditto. (get_dacl): Ditto. (create_token): Ditto. (subauth): Return immediately if SE_TCB_NAME can't be assigned. Change all return statements in case of error to jumps to `out' label. Add `out' label to support cleanup. * security.h: Add extern declarations for `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. Add extern declarations for functions `create_token', `extract_nt_dom_user' and `get_logon_server_and_user_domain'. (class cygsid): Add method `assign'. Change operator= to call new `assign' method. Add `debug_print' method. (class cygsidlist): New class. (legal_sid_type): Moved from sec_helper.cc to here. * spawn.cc (spawn_guts) Revert reversion of previous patch. Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid' again. * syscalls.cc (seteuid): Rearranged. Call `create_token' now when needed. Call `subauth' if `create_token' fails. Try setting token owner and primary group only if token was not explicitely created by `create_token'. * uinfo.cc (internal_getlogin): Try harder to generate correct user information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
{
NTSTATUS status = STATUS_SUCCESS;
OBJECT_ATTRIBUTES attr;
IO_STATUS_BLOCK io;
ULONG len = SD_MAXIMUM_SIZE, rlen;
* autoload.cc: Add load statements for `LookupAccountNameW', `LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory', `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum', `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and `NtCreateToken'. * ntdll.h: Add declaration for `NtCreateToken'. * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. (cygsid::string): Define as const method. (cygsid::get_sid): Set psid to NO_SID on error. (cygsid::getfromstr): Ditto. (cygsid::getfrompw): Simplify. (cygsid::getfromgr): Check for gr == NULL. (legal_sid_type): Move to security.h. (set_process_privilege): Return -1 on error, otherwise 0 or 1 related to previous privilege setting. * security.cc (extract_nt_dom_user): Remove `static'. (lsa2wchar): New function. (open_local_policy): Ditto. (close_local_policy): Ditto. (get_lsa_srv_inf): Ditto. (get_logon_server): Ditto. (get_logon_server_and_user_domain): Ditto. (get_user_groups): Ditto. (is_group_member): Ditto. (get_user_local_groups): Ditto. (sid_in_token_groups): Ditto. (get_user_primary_group): Ditto. (get_group_sidlist): Ditto. (get_system_priv_list): Ditto. (get_priv_list): Ditto. (get_dacl): Ditto. (create_token): Ditto. (subauth): Return immediately if SE_TCB_NAME can't be assigned. Change all return statements in case of error to jumps to `out' label. Add `out' label to support cleanup. * security.h: Add extern declarations for `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. Add extern declarations for functions `create_token', `extract_nt_dom_user' and `get_logon_server_and_user_domain'. (class cygsid): Add method `assign'. Change operator= to call new `assign' method. Add `debug_print' method. (class cygsidlist): New class. (legal_sid_type): Moved from sec_helper.cc to here. * spawn.cc (spawn_guts) Revert reversion of previous patch. Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid' again. * syscalls.cc (seteuid): Rearranged. Call `create_token' now when needed. Call `subauth' if `create_token' fails. Try setting token owner and primary group only if token was not explicitely created by `create_token'. * uinfo.cc (internal_getlogin): Try harder to generate correct user information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
/* Allocate space for the security descriptor. */
if (!sd.malloc (len))
* autoload.cc: Add load statements for `LookupAccountNameW', `LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory', `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum', `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and `NtCreateToken'. * ntdll.h: Add declaration for `NtCreateToken'. * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. (cygsid::string): Define as const method. (cygsid::get_sid): Set psid to NO_SID on error. (cygsid::getfromstr): Ditto. (cygsid::getfrompw): Simplify. (cygsid::getfromgr): Check for gr == NULL. (legal_sid_type): Move to security.h. (set_process_privilege): Return -1 on error, otherwise 0 or 1 related to previous privilege setting. * security.cc (extract_nt_dom_user): Remove `static'. (lsa2wchar): New function. (open_local_policy): Ditto. (close_local_policy): Ditto. (get_lsa_srv_inf): Ditto. (get_logon_server): Ditto. (get_logon_server_and_user_domain): Ditto. (get_user_groups): Ditto. (is_group_member): Ditto. (get_user_local_groups): Ditto. (sid_in_token_groups): Ditto. (get_user_primary_group): Ditto. (get_group_sidlist): Ditto. (get_system_priv_list): Ditto. (get_priv_list): Ditto. (get_dacl): Ditto. (create_token): Ditto. (subauth): Return immediately if SE_TCB_NAME can't be assigned. Change all return statements in case of error to jumps to `out' label. Add `out' label to support cleanup. * security.h: Add extern declarations for `well_known_local_sid', `well_known_dialup_sid', `well_known_network_sid', `well_known_batch_sid', `well_known_interactive_sid', `well_known_service_sid' and `well_known_authenticated_users_sid'. Add extern declarations for functions `create_token', `extract_nt_dom_user' and `get_logon_server_and_user_domain'. (class cygsid): Add method `assign'. Change operator= to call new `assign' method. Add `debug_print' method. (class cygsidlist): New class. (legal_sid_type): Moved from sec_helper.cc to here. * spawn.cc (spawn_guts) Revert reversion of previous patch. Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid' again. * syscalls.cc (seteuid): Rearranged. Call `create_token' now when needed. Call `subauth' if `create_token' fails. Try setting token owner and primary group only if token was not explicitely created by `create_token'. * uinfo.cc (internal_getlogin): Try harder to generate correct user information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
{
set_errno (ENOMEM);
return -1;
}
/* Try to fetch the security descriptor if the handle is valid. */
if (fh)
{
status = NtQuerySecurityObject (fh, ALL_SECURITY_INFORMATION,
sd, len, &rlen);
if (!NT_SUCCESS (status))
debug_printf ("NtQuerySecurityObject (%S), status %y",
pc.get_nt_native_path (), status);
}
/* If the handle was NULL, or fetching with the original handle didn't work,
try to reopen the file with READ_CONTROL and fetch the security descriptor
using that handle. */
if (!fh || !NT_SUCCESS (status))
{
status = NtOpenFile (&fh, READ_CONTROL,
fh ? pc.init_reopen_attr (attr, fh)
: pc.get_object_attr (attr, sec_none_nih),
&io, FILE_SHARE_VALID_FLAGS,
FILE_OPEN_FOR_BACKUP_INTENT);
if (!NT_SUCCESS (status))
2011-06-06 13:02:13 +08:00
{
sd.free ();
__seterrno_from_nt_status (status);
return -1;
}
status = NtQuerySecurityObject (fh, ALL_SECURITY_INFORMATION,
sd, len, &rlen);
NtClose (fh);
if (!NT_SUCCESS (status))
{
sd.free ();
__seterrno_from_nt_status (status);
return -1;
* cyglsa.h: New header file. * environ.cc: Disable subauth settings. * grp.cc: Accomodate cygsidlist's count now being a method. * sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove. (mandatory_medium_integrity_sid): Remove. (mandatory_high_integrity_sid): Remove. (mandatory_system_integrity_sid): Remove. (fake_logon_sid): Add. (cygsid::get_sid): Add well_known parameter. Set well_known_sid accordingly. (cygsid::getfromstr): Ditto. (cygsidlist::alloc_sids): Move here from security.cc. (cygsidlist::free_sids): Ditto. (cygsidlist::add): Move here from security.h. Add well_known parameter. Set well_known_sid accordingly. Don't allow duplicate SIDs. * security.cc: Include cyglsa.h and cygwin/version.h. Throughout accomodate cygsidlist's count now being a method. Throughout drop redundant "contains" tests. (get_user_local_groups): Add local groups as well known SIDs. (get_token_group_sidlist): Add well known groups as well known SIDs. (get_server_groups): Ditto. Only call get_unix_group_sidlist after get_user_local_groups to maintain "well_known_sid" attribute. (get_initgroups_sidlist): Add well known groups as well known SIDs. (get_setgroups_sidlist): Add usersid and struct passwd parameter to allow calling get_server_groups from here. (get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES structure. (get_priv_list): Ditto. (create_token): Accomodate above changes. Drop misguided attempt to add MIC SIDs to created user token. Print returned token as hex value. (subauth): Disable. (lsaauth): New function implementing client side of LSA authentication. * security.h (class cygsid): Add well_known_sid attribute. Accomodate throughout. Add *= operator to create a well known SID. (class cygsidlist): Rename count to cnt. Make count a method. (cygsidlist::add): Move to sec_helper.cc. (cygsidlist::operator *=): New method to add well known SID. (cygsidlist::non_well_known_count): New method returning number of non well known SIDs in list. (cygsidlist::next_non_well_known_sid): New method returning next non well known SID by index. (mandatory_medium_integrity_sid): Drop declaration. (mandatory_high_integrity_sid): Drop declaration. (mandatory_system_integrity_sid): Drop declaration. (fake_logon_sid): Add declaration. (subauth): Disable declaration. (lsaauth): Add declaration. * syscalls.cc (seteuid32): Disable subauthentication. Add LSA authentication. * wincap.h: Define needs_logon_sid_in_sid_list throughout. * wincap.cc: Ditto.
2006-11-27 20:59:59 +08:00
}
}
/* Ok, so we have a security descriptor now. Unfortunately, if you want
to know if an ACE is inherited from the parent object, you can't just
call NtQuerySecurityObject once. The problem is this:
In the simple case, the SDs control word contains one of the
SE_DACL_AUTO_INHERITED or SE_DACL_PROTECTED flags, or at least one of
the ACEs has the INHERITED_ACE flag set. In all of these cases the
GetSecurityInfo function calls NtQuerySecurityObject only once, too,
apparently because it figures that the DACL is self-sufficient, which
it usually is. Windows Explorer, for instance, takes great care to
set these flags in a security descriptor if you change the ACL in the
GUI property dialog.
The tricky case is if none of these flags is set in the SD. That means
the information whether or not an ACE has been inherited is not available
in the DACL of the object. In this case GetSecurityInfo also fetches the
SD from the parent directory and tests if the object's SD contains
inherited ACEs from the parent. The below code is closly emulating the
behaviour of GetSecurityInfo so we can get rid of this advapi32 dependency.
However, this functionality is slow, and the extra information is only
required when the file has been created and the permissions are about
to be set to POSIX permissions. Therefore we only use it in case the
file just got created.
Note that GetSecurityInfo has a problem on 5.1 and 5.2 kernels. Sometimes
it returns ERROR_INVALID_ADDRESS if a former request for the parent
directories' SD used NtQuerySecurityObject, rather than GetSecurityInfo
as well. See http://cygwin.com/ml/cygwin-developers/2011-03/msg00027.html
for the solution. This problem does not occur with the below code, so
the workaround has been removed. */
if (justcreated)
{
SECURITY_DESCRIPTOR_CONTROL ctrl;
ULONG dummy;
PACL dacl;
BOOLEAN exists, def;
ACCESS_ALLOWED_ACE *ace;
UNICODE_STRING dirname;
PSECURITY_DESCRIPTOR psd, nsd;
tmp_pathbuf tp;
/* Check SDs control flags. If SE_DACL_AUTO_INHERITED or
SE_DACL_PROTECTED is set we're done. */
RtlGetControlSecurityDescriptor (sd, &ctrl, &dummy);
if (ctrl & (SE_DACL_AUTO_INHERITED | SE_DACL_PROTECTED))
return 0;
/* Otherwise iterate over the ACEs and see if any one of them has the
INHERITED_ACE flag set. If so, we're done. */
if (NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd, &exists, &dacl, &def))
&& exists && dacl)
for (ULONG idx = 0; idx < dacl->AceCount; ++idx)
if (NT_SUCCESS (RtlGetAce (dacl, idx, (PVOID *) &ace))
&& (ace->Header.AceFlags & INHERITED_ACE))
return 0;
/* Otherwise, open the parent directory with READ_CONTROL... */
RtlSplitUnicodePath (pc.get_nt_native_path (), &dirname, NULL);
InitializeObjectAttributes (&attr, &dirname, pc.objcaseinsensitive (),
NULL, NULL);
status = NtOpenFile (&fh, READ_CONTROL, &attr, &io,
FILE_SHARE_VALID_FLAGS,
FILE_OPEN_FOR_BACKUP_INTENT
| FILE_OPEN_REPARSE_POINT);
if (!NT_SUCCESS (status))
{
2013-04-23 17:44:36 +08:00
debug_printf ("NtOpenFile (%S), status %y", &dirname, status);
return 0;
}
/* ... fetch the parent's security descriptor ... */
psd = (PSECURITY_DESCRIPTOR) tp.w_get ();
status = NtQuerySecurityObject (fh, ALL_SECURITY_INFORMATION,
psd, len, &rlen);
NtClose (fh);
if (!NT_SUCCESS (status))
{
2013-04-23 17:44:36 +08:00
debug_printf ("NtQuerySecurityObject (%S), status %y",
&dirname, status);
return 0;
}
/* ... and create a new security descriptor in which all inherited ACEs
2011-06-06 13:02:13 +08:00
are marked with the INHERITED_ACE flag. For a description of the
undocumented RtlConvertToAutoInheritSecurityObject function from
ntdll.dll see the MSDN man page for the advapi32 function
ConvertToAutoInheritPrivateObjectSecurity. Fortunately the latter
is just a shim. */
status = RtlConvertToAutoInheritSecurityObject (psd, sd, &nsd, NULL,
pc.isdir (),
&file_mapping);
if (!NT_SUCCESS (status))
{
2013-04-23 17:44:36 +08:00
debug_printf ("RtlConvertToAutoInheritSecurityObject (%S), status %y",
&dirname, status);
return 0;
}
/* Eventually copy the new security descriptor into sd and delete the
2011-06-06 13:02:13 +08:00
original one created by RtlConvertToAutoInheritSecurityObject from
the heap. */
len = RtlLengthSecurityDescriptor (nsd);
memcpy ((PSECURITY_DESCRIPTOR) sd, nsd, len);
RtlDeleteSecurityObject (&nsd);
}
return 0;
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
}
2000-02-18 03:38:33 +08:00
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
LONG
set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, bool is_chown)
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
{
NTSTATUS status = STATUS_SUCCESS;
int retry = 0;
* autoload.cc (NtCreateFile): Add. * dir.cc (mkdir): Change set_file_attribute call to indicate that NT security isn't used. * fhandler.cc (fhandler_base::open_9x): New method, created from fhandler_base::open. (fhandler_base::open): Rearrange to use NtCreateFile instead of CreateFile. * fhandler.h (enum query_state): Redefine query_null_access to query_stat_control. query_null_access isn't allowed in NtCreateFile. (fhandler_base::open_9x): Declare. * fhandler_disk_file.cc (fhandler_base::fstat_fs): Use query_stat_control first, query_read_control if that fails. (fhandler_disk_file::fchmod): Call enable_restore_privilege before trying to open for query_write_control. Don't fall back to opening for query_read_control. (fhandler_disk_file::fchown): Ditto. (fhandler_disk_file::facl): Only request restore privilege and query access necessary for given cmd. * fhandler_raw.cc (fhandler_dev_raw::open): Call fhandler_base::open instead of opening device here. * ntdll.h (NtCreateFile): Declare. * path.cc (symlink_worker): Change set_file_attribute call to indicate that NT security isn't used. * sec_acl.cc (getacl): Fix bracketing. * sec_helper.cc (enable_restore_privilege): New function. * security.cc (str2buf2uni_cat): New function. (write_sd): Don't request restore permission here. * security.h (set_process_privileges): Drop stale declaration. (str2buf2uni): Declare. (str2buf2uni_cat): Declare. (enable_restore_privilege): Declare. * syscalls.cc (fchown32): Return immediate success on 9x.
2004-04-17 05:22:13 +08:00
int res = -1;
for (; retry < 2; ++retry)
{
if (fh)
{
status = NtSetSecurityObject (fh,
is_chown ? ALL_SECURITY_INFORMATION
: DACL_SECURITY_INFORMATION,
sd);
if (NT_SUCCESS (status))
{
res = 0;
break;
}
}
if (!retry)
{
OBJECT_ATTRIBUTES attr;
IO_STATUS_BLOCK io;
status = NtOpenFile (&fh, (is_chown ? WRITE_OWNER : 0) | WRITE_DAC,
fh ? pc.init_reopen_attr (attr, fh)
: pc.get_object_attr (attr, sec_none_nih),
&io,
FILE_SHARE_VALID_FLAGS,
FILE_OPEN_FOR_BACKUP_INTENT);
if (!NT_SUCCESS (status))
{
fh = NULL;
break;
}
}
}
if (retry && fh)
NtClose (fh);
if (!NT_SUCCESS (status))
__seterrno_from_nt_status (status);
return res;
2000-02-18 03:38:33 +08:00
}
static void
get_attribute_from_acl (mode_t *attribute, PACL acl, PSID owner_sid,
PSID group_sid, bool grp_member)
{
ACCESS_ALLOWED_ACE *ace;
int allow = 0;
int deny = 0;
int *flags, *anti;
for (DWORD i = 0; i < acl->AceCount; ++i)
{
if (!NT_SUCCESS (RtlGetAce (acl, i, (PVOID *) &ace)))
continue;
if (ace->Header.AceFlags & INHERIT_ONLY_ACE)
continue;
switch (ace->Header.AceType)
{
case ACCESS_ALLOWED_ACE_TYPE:
flags = &allow;
anti = &deny;
break;
case ACCESS_DENIED_ACE_TYPE:
flags = &deny;
anti = &allow;
break;
default:
continue;
}
cygpsid ace_sid ((PSID) &ace->SidStart);
if (ace_sid == well_known_world_sid)
{
if (ace->Mask & FILE_READ_BITS)
*flags |= ((!(*anti & S_IROTH)) ? S_IROTH : 0)
| ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
| ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
if (ace->Mask & FILE_WRITE_BITS)
*flags |= ((!(*anti & S_IWOTH)) ? S_IWOTH : 0)
| ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
| ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
if (ace->Mask & FILE_EXEC_BITS)
*flags |= ((!(*anti & S_IXOTH)) ? S_IXOTH : 0)
| ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
| ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
if ((S_ISDIR (*attribute)) &&
(ace->Mask & (FILE_WRITE_DATA | FILE_EXECUTE | FILE_DELETE_CHILD))
== (FILE_WRITE_DATA | FILE_EXECUTE))
*flags |= S_ISVTX;
}
else if (ace_sid == well_known_null_sid)
{
/* Read SUID, SGID and VTX bits from NULL ACE. */
if (ace->Mask & FILE_READ_DATA)
*flags |= S_ISVTX;
if (ace->Mask & FILE_WRITE_DATA)
*flags |= S_ISGID;
if (ace->Mask & FILE_APPEND_DATA)
*flags |= S_ISUID;
}
else if (ace_sid == owner_sid)
{
if (ace->Mask & FILE_READ_BITS)
*flags |= ((!(*anti & S_IRUSR)) ? S_IRUSR : 0);
if (ace->Mask & FILE_WRITE_BITS)
*flags |= ((!(*anti & S_IWUSR)) ? S_IWUSR : 0);
if (ace->Mask & FILE_EXEC_BITS)
*flags |= ((!(*anti & S_IXUSR)) ? S_IXUSR : 0);
}
else if (ace_sid == group_sid)
{
if (ace->Mask & FILE_READ_BITS)
*flags |= ((!(*anti & S_IRGRP)) ? S_IRGRP : 0)
| ((grp_member && !(*anti & S_IRUSR)) ? S_IRUSR : 0);
if (ace->Mask & FILE_WRITE_BITS)
*flags |= ((!(*anti & S_IWGRP)) ? S_IWGRP : 0)
| ((grp_member && !(*anti & S_IWUSR)) ? S_IWUSR : 0);
if (ace->Mask & FILE_EXEC_BITS)
*flags |= ((!(*anti & S_IXGRP)) ? S_IXGRP : 0)
| ((grp_member && !(*anti & S_IXUSR)) ? S_IXUSR : 0);
}
else if (flags == &allow)
{
/* Simplified computation of additional group permissions based on
the CLASS_OBJ value. CLASS_OBJ represents the or'ed value of
the primary group permissions and all secondary user and group
permissions. FIXME: This only takes ACCESS_ALLOWED_ACEs into
account. The computation with additional ACCESS_DENIED_ACE
handling is much more complicated. */
if (ace->Mask & FILE_READ_BITS)
*flags |= S_IRGRP;
if (ace->Mask & FILE_WRITE_BITS)
*flags |= S_IWGRP;
if (ace->Mask & FILE_EXEC_BITS)
*flags |= S_IXGRP;
}
}
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX | S_ISGID | S_ISUID);
if (owner_sid && group_sid && RtlEqualSid (owner_sid, group_sid)
/* FIXME: temporary exception for /var/empty */
&& well_known_system_sid != group_sid)
{
allow &= ~(S_IRGRP | S_IWGRP | S_IXGRP);
allow |= (((allow & S_IRUSR) ? S_IRGRP : 0)
| ((allow & S_IWUSR) ? S_IWGRP : 0)
| ((allow & S_IXUSR) ? S_IXGRP : 0));
}
*attribute |= allow;
}
static void
get_info_from_sd (PSECURITY_DESCRIPTOR psd, mode_t *attribute,
2013-04-23 17:44:36 +08:00
uid_t *uidret, gid_t *gidret)
2000-02-18 03:38:33 +08:00
{
if (!psd)
2000-02-18 03:38:33 +08:00
{
/* If reading the security descriptor failed, treat the object
as unreadable. */
if (attribute)
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO);
if (uidret)
*uidret = ILLEGAL_UID;
if (gidret)
*gidret = ILLEGAL_GID;
return;
2000-02-18 03:38:33 +08:00
}
cygpsid owner_sid;
cygpsid group_sid;
NTSTATUS status;
BOOLEAN dummy;
2000-02-18 03:38:33 +08:00
status = RtlGetOwnerSecurityDescriptor (psd, (PSID *) &owner_sid, &dummy);
if (!NT_SUCCESS (status))
2013-04-23 17:44:36 +08:00
debug_printf ("RtlGetOwnerSecurityDescriptor: %y", status);
status = RtlGetGroupSecurityDescriptor (psd, (PSID *) &group_sid, &dummy);
if (!NT_SUCCESS (status))
2013-04-23 17:44:36 +08:00
debug_printf ("RtlGetGroupSecurityDescriptor: %y", status);
2000-02-18 03:38:33 +08:00
2013-04-23 17:44:36 +08:00
uid_t uid;
gid_t gid;
bool grp_member = get_sids_info (owner_sid, group_sid, &uid, &gid);
if (uidret)
*uidret = uid;
if (gidret)
*gidret = gid;
Throughout, change 'cygwin_shared.mount' to 'mount_table'. * child_info.h (child_info): Move shared_h, console_h to cygheap. Add mount_h. * cygheap.h (init_cygheap): Add shared_h, console_h. * cygheap.cc (init_cheap): Initialize heap at a fixed location after the shared memory regions. Initialize cygheap->user name here. * dcrt0.cc (dll_crt0_1): Call getpagesize () to initialize constants. Remove cygheap_init since it is done in shared_init now. (_dll_crt0): Initialize mount_h, remove shared_h and console_h initialization. * fhandler_console.cc (console_shared_h): Eliminate. (get_tty_stuff): Use cygheap->console_h rather than console_shared_h. * heap.cc (heap_init): Use page size constant calculated earlier in initialization. * shared.cc: Eliminate cygwin_shared_h. Add cygwin_mount_h. (mount_table_init): New function for initializing a user mount table. (open_shared_file_map): Use constant for shared memory region. Initialize cygheap and mount table here. (open_shared): Improve debugging output. (shared_info::initialize): Eliminate call to mount.init. (shared_terminate): Use cygheap->shared_h. Close cygwin_mount_h. (open_shared_file_map): Eliminate. * shared_info.h (mount_info): Add a version field. (shared_align_past): New macro for calculating location for shared memory regions. * sigproc.cc (init_child_info): Eliminate shared_h, console_h. * spawn.cc (spawn_guts): Pass on cygwin_mount_h iff not a different user. * syscalls.cc (system_info): New global holding system memory defaults. (getpagesize): Use system_info. * uinfo.cc (internal_getlogin): Only fill in user name if nonexistent. * winsup.h: Declare system_info. * passwd.cc (read_etc_passwd): Use cygheap->user.name () rather than retrieving the name again.
2001-01-28 13:51:15 +08:00
if (!attribute)
{
2013-04-23 17:44:36 +08:00
syscall_printf ("uid %u, gid %u", uid, gid);
return;
}
PACL acl;
BOOLEAN acl_exists;
status = RtlGetDaclSecurityDescriptor (psd, &acl_exists, &acl, &dummy);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
*attribute &= ~(S_IRWXU | S_IRWXG | S_IRWXO);
2000-02-18 03:38:33 +08:00
}
else if (!acl_exists || !acl)
*attribute |= S_IRWXU | S_IRWXG | S_IRWXO;
else
get_attribute_from_acl (attribute, acl, owner_sid, group_sid, grp_member);
2000-02-18 03:38:33 +08:00
2013-04-23 17:44:36 +08:00
syscall_printf ("%sACL %y, uid %u, gid %u",
(!acl_exists || !acl)?"NO ":"", *attribute, uid, gid);
}
static int
get_reg_sd (HANDLE handle, security_descriptor &sd_ret)
{
LONG ret;
DWORD len = 0;
ret = RegGetKeySecurity ((HKEY) handle, ALL_SECURITY_INFORMATION,
sd_ret, &len);
if (ret == ERROR_INSUFFICIENT_BUFFER)
{
if (!sd_ret.malloc (len))
set_errno (ENOMEM);
else
ret = RegGetKeySecurity ((HKEY) handle, ALL_SECURITY_INFORMATION,
sd_ret, &len);
}
if (ret != ERROR_SUCCESS)
{
__seterrno ();
return -1;
}
return 0;
}
int
2013-04-23 17:44:36 +08:00
get_reg_attribute (HKEY hkey, mode_t *attribute, uid_t *uidret,
gid_t *gidret)
* autoload.cc (GetSecurityInfo): Define new autoload function. (RegQueryInfoKeyA): Ditto. * fhandler.h (fhandler_virtual::fill_filebuf): Change return type to bool. (fhandler_proc::fill_filebuf): Ditto. (fhandler_registry::fill_filebuf): Ditto. (fhandler_process::fill_filebuf): Ditto. (fhandler_registry::value_name): Add new member. (fhandler_registry::close): Add new method. (fhandler_process::p): Remove member. * fhandler_proc.cc (fhandler_proc::open): Add set_nohandle after calling superclass method. Check return value of fill_filebuf. (fhandler_proc::fill_filebuf): Change return type to bool. Add return statement. * fhandler_process.cc (fhandler_process::open): Add set_nohandle after calling superclass method. Remove references to p. Check return value of fill_filebuf. (fhandler_process::fill_filebuf): Change return type to bool. Don't use dereference operator on p. Add return statement. (fhandler_process::format_process_stat): Fix typo. * fhandler_registry.cc: Add static open_key declaration. (fhandler_registry::exists): Assume path is already normalised. Try opening the path as a key in its own right first, before reverting to enumerating subkeys and values of the parent key. (fhandler_registry::fstat): Add additional code to return more relevant information about the registry key/value. (fhandler_registry::readdir): Explicitly set desired access when opening registry key. Remove output of buf from debug_printf format string. (fhandler_registry::open): Use set_io_handle to store registry key handle. Set value_name member. Move code to read a value from the registry to fill_filebuf. Add call to fill_filebuf. (fhandler_registry::close): New method. (fhandler_registry::fill_filebuf): Change return type to bool. Add code to read a value from registry. (fhandler_registry::open_key): Make function static. Use KEY_READ as desired access unless this is the last path component. Check the return value of RegOpenKeyEx for an error instead of hKey. * fhandler_virtual.cc (fhandler_virtual::lseek): Check the return value of fill_filebuf. (fhandler_virtual::open): Remove call to set_nohandle. (fhandler_virtual::fill_filebuf): Change return type to bool. Add return statement. * security.cc (get_nt_object_attribute): New function. (get_object_attribute): New function. * security.h (get_object_attribute): New function declaration.
2002-07-02 09:36:15 +08:00
{
security_descriptor sd;
if (!get_reg_sd (hkey, sd))
{
get_info_from_sd (sd, attribute, uidret, gidret);
return 0;
* autoload.cc (GetSecurityInfo): Define new autoload function. (RegQueryInfoKeyA): Ditto. * fhandler.h (fhandler_virtual::fill_filebuf): Change return type to bool. (fhandler_proc::fill_filebuf): Ditto. (fhandler_registry::fill_filebuf): Ditto. (fhandler_process::fill_filebuf): Ditto. (fhandler_registry::value_name): Add new member. (fhandler_registry::close): Add new method. (fhandler_process::p): Remove member. * fhandler_proc.cc (fhandler_proc::open): Add set_nohandle after calling superclass method. Check return value of fill_filebuf. (fhandler_proc::fill_filebuf): Change return type to bool. Add return statement. * fhandler_process.cc (fhandler_process::open): Add set_nohandle after calling superclass method. Remove references to p. Check return value of fill_filebuf. (fhandler_process::fill_filebuf): Change return type to bool. Don't use dereference operator on p. Add return statement. (fhandler_process::format_process_stat): Fix typo. * fhandler_registry.cc: Add static open_key declaration. (fhandler_registry::exists): Assume path is already normalised. Try opening the path as a key in its own right first, before reverting to enumerating subkeys and values of the parent key. (fhandler_registry::fstat): Add additional code to return more relevant information about the registry key/value. (fhandler_registry::readdir): Explicitly set desired access when opening registry key. Remove output of buf from debug_printf format string. (fhandler_registry::open): Use set_io_handle to store registry key handle. Set value_name member. Move code to read a value from the registry to fill_filebuf. Add call to fill_filebuf. (fhandler_registry::close): New method. (fhandler_registry::fill_filebuf): Change return type to bool. Add code to read a value from registry. (fhandler_registry::open_key): Make function static. Use KEY_READ as desired access unless this is the last path component. Check the return value of RegOpenKeyEx for an error instead of hKey. * fhandler_virtual.cc (fhandler_virtual::lseek): Check the return value of fill_filebuf. (fhandler_virtual::open): Remove call to set_nohandle. (fhandler_virtual::fill_filebuf): Change return type to bool. Add return statement. * security.cc (get_nt_object_attribute): New function. (get_object_attribute): New function. * security.h (get_object_attribute): New function declaration.
2002-07-02 09:36:15 +08:00
}
/* The entries are already set to default values */
return -1;
* autoload.cc (GetSecurityInfo): Define new autoload function. (RegQueryInfoKeyA): Ditto. * fhandler.h (fhandler_virtual::fill_filebuf): Change return type to bool. (fhandler_proc::fill_filebuf): Ditto. (fhandler_registry::fill_filebuf): Ditto. (fhandler_process::fill_filebuf): Ditto. (fhandler_registry::value_name): Add new member. (fhandler_registry::close): Add new method. (fhandler_process::p): Remove member. * fhandler_proc.cc (fhandler_proc::open): Add set_nohandle after calling superclass method. Check return value of fill_filebuf. (fhandler_proc::fill_filebuf): Change return type to bool. Add return statement. * fhandler_process.cc (fhandler_process::open): Add set_nohandle after calling superclass method. Remove references to p. Check return value of fill_filebuf. (fhandler_process::fill_filebuf): Change return type to bool. Don't use dereference operator on p. Add return statement. (fhandler_process::format_process_stat): Fix typo. * fhandler_registry.cc: Add static open_key declaration. (fhandler_registry::exists): Assume path is already normalised. Try opening the path as a key in its own right first, before reverting to enumerating subkeys and values of the parent key. (fhandler_registry::fstat): Add additional code to return more relevant information about the registry key/value. (fhandler_registry::readdir): Explicitly set desired access when opening registry key. Remove output of buf from debug_printf format string. (fhandler_registry::open): Use set_io_handle to store registry key handle. Set value_name member. Move code to read a value from the registry to fill_filebuf. Add call to fill_filebuf. (fhandler_registry::close): New method. (fhandler_registry::fill_filebuf): Change return type to bool. Add code to read a value from registry. (fhandler_registry::open_key): Make function static. Use KEY_READ as desired access unless this is the last path component. Check the return value of RegOpenKeyEx for an error instead of hKey. * fhandler_virtual.cc (fhandler_virtual::lseek): Check the return value of fill_filebuf. (fhandler_virtual::open): Remove call to set_nohandle. (fhandler_virtual::fill_filebuf): Change return type to bool. Add return statement. * security.cc (get_nt_object_attribute): New function. (get_object_attribute): New function. * security.h (get_object_attribute): New function declaration.
2002-07-02 09:36:15 +08:00
}
int
get_file_attribute (HANDLE handle, path_conv &pc,
2013-04-23 17:44:36 +08:00
mode_t *attribute, uid_t *uidret, gid_t *gidret)
{
if (pc.has_acls ())
{
security_descriptor sd;
if (!get_file_sd (handle, pc, sd, false))
{
get_info_from_sd (sd, attribute, uidret, gidret);
return 0;
}
/* ENOSYS is returned by get_file_sd if fetching the DACL from a remote
share returns STATUS_INVALID_NETWORK_RESPONSE, which in turn is
converted to ERROR_BAD_NET_RESP. This potentially occurs when trying
to fetch DACLs from a NT4 machine which is not part of the domain of
the requesting machine. */
else if (get_errno () != ENOSYS)
{
if (uidret)
*uidret = ILLEGAL_UID;
if (gidret)
*gidret = ILLEGAL_GID;
return -1;
}
}
if (uidret)
*uidret = myself->uid;
if (gidret)
*gidret = myself->gid;
return -1;
}
bool
add_access_allowed_ace (PACL acl, int offset, DWORD attributes,
PSID sid, size_t &len_add, DWORD inherit)
2000-02-18 03:38:33 +08:00
{
NTSTATUS status = RtlAddAccessAllowedAceEx (acl, ACL_REVISION, inherit,
attributes, sid);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
return false;
2000-02-18 03:38:33 +08:00
}
len_add += sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
return true;
2000-02-18 03:38:33 +08:00
}
bool
add_access_denied_ace (PACL acl, int offset, DWORD attributes,
PSID sid, size_t &len_add, DWORD inherit)
2000-02-18 03:38:33 +08:00
{
NTSTATUS status = RtlAddAccessDeniedAceEx (acl, ACL_REVISION, inherit,
attributes, sid);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
return false;
2000-02-18 03:38:33 +08:00
}
len_add += sizeof (ACCESS_DENIED_ACE) - sizeof (DWORD) + RtlLengthSid (sid);
return true;
2000-02-18 03:38:33 +08:00
}
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
static PSECURITY_DESCRIPTOR
2013-04-23 17:44:36 +08:00
alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
security_descriptor &sd_ret)
2000-02-18 03:38:33 +08:00
{
NTSTATUS status;
BOOLEAN dummy;
tmp_pathbuf tp;
2000-02-18 03:38:33 +08:00
/* NOTE: If the high bit of attribute is set, we have just created
a file or directory. See below for an explanation. */
debug_printf("uid %u, gid %u, attribute 0%o", uid, gid, attribute);
2000-02-18 03:38:33 +08:00
/* Get owner and group from current security descriptor. */
PSID cur_owner_sid = NULL;
PSID cur_group_sid = NULL;
status = RtlGetOwnerSecurityDescriptor (sd_ret, &cur_owner_sid, &dummy);
if (!NT_SUCCESS (status))
2013-04-23 17:44:36 +08:00
debug_printf ("RtlGetOwnerSecurityDescriptor: %y", status);
status = RtlGetGroupSecurityDescriptor (sd_ret, &cur_group_sid, &dummy);
if (!NT_SUCCESS (status))
2013-04-23 17:44:36 +08:00
debug_printf ("RtlGetGroupSecurityDescriptor: %y", status);
/* Get SID of owner. */
cygsid owner_sid;
/* Check for current user first */
if (uid == myself->uid)
owner_sid = cygheap->user.sid ();
else if (uid == ILLEGAL_UID)
owner_sid = cur_owner_sid;
2002-12-10 Pierre Humblet <pierre.humblet@ieee.org> * pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by pwdgrp_check::isinitializing (). (pwdgrp_check::isinitializing): Create. * passwd.cc (grab_int): Change type to unsigned, use strtoul and set the pointer content to 0 if the field is invalid. (parse_pwd): Move validity test after getting pw_gid. (read_etc_passwd): Replace "passwd_state <= " by passwd_state::isinitializing (). (internal_getpwuid): Ditto. (internal_getpwnam): Ditto. (getpwent): Ditto. (getpass): Ditto. * grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity. (read_etc_group): Replace "group_state <= " by group_state::isinitializing (). (internal_getgrgid): Ditto. (getgrent32): Ditto. (internal_getgrent): Ditto. 2002-12-10 Pierre Humblet <pierre.humblet@ieee.org> * security.h: Move declarations of internal_getgrent, internal_getpwsid and internal_getgrsid to pwdgrp.h. * pwdgrp.h: Declare internal_getpwsid, internal_getpwnam, internal_getpwuid, internal_getgrsid, internal_getgrgid, internal_getgrnam, internal_getgrent and internal_getgroups. Delete "emulated" from enum pwdgrp_state. (pwdgrp_check::isuninitialized): Create. (pwdgrp_check::pwdgrp_state): Change state to initializing rather than to uninitialized. (pwdgrp_read::gets): Remove trailing CRs. * passwd.cc (grab_string): Don't look for NLs. (grab_int): Ditto. (parse_pwd): Don't look for CRs. Return 0 if entry is too short. (search_for): Delete. (read_etc_passwd): Simplify tests to actually read the file. Set state to loaded before making internal_getpwXX calls. Replace search_for calls by equivalent internal_pwgetXX calls. (internal_getpwsid): Use passwd_state.isuninitialized to decide to call read_etc_passwd. (internal_getpwuid): Create. (internal_getpwnam): Create. (getpwuid32): Simply call internal_getpwuid. (getpwuid_r32): Call internal_getpwuid. (getpwnam): Simply call internal_getpwnam. (getpwnam_r): Call internal_getpwnam. * grp.cc (parse_grp): Don't look for CRs. Adjust blank space. (add_grp_line): Adjust blank space. (class group_lock): Ditto. (read_etc_group): Simplify tests to actually read the file. Set state to loaded before making internal_getgrXX calls. Replace getgrXX calls by equivalent internal calls. (internal_getgrsid): Use group_state.isuninitialized to decide to call read_etc_group. (internal_getgrgid): Create. (internal_getgrnam): Create. (getgroups32): Simply call internal_getgrgid. (getgrnam32): Simply call internal_getgrnam. (internal_getgrent): Call group_state.isuninitialized. (internal_getgroups): Create from the former getgroups32, using two of the four arguments. Set gid to myself->gid and username to cygheap->user.name (). (getgroups32): Simply call internal_getgroup. (getgroups): Call internal_getgroup instead of getgroups32. (setgroups32): Call internal versions of get{pw,gr}XX. * sec_helper.cc: Include pwdgrp.h. (is_grp_member): Call internal versions of get{pw,gr}XX. * security.cc: Include pwdgrp.h. (alloc_sd): Call internal versions of get{pw,gr}XX. * syscalls.cc: Include pwdgrp.h. (seteuid32): Call internal versions of get{pw,gr}XX. (setegid32): Ditto. * uinfo.cc: Include pwdgrp.h. (internal_getlogin): Call internal versions of get{pw,gr}XX. (cygheap_user::ontherange): Ditto. * sec_acl.cc: Include pwdgrp.h. (setacl): Call internal versions of get{pw,gr}XX. (acl_access): Ditto and simplify logic. (aclfromtext): Ditto.
2002-12-10 20:43:49 +08:00
else if (!owner_sid.getfrompw (internal_getpwuid (uid)))
{
set_errno (EINVAL);
return NULL;
}
owner_sid.debug_print ("alloc_sd: owner SID =");
2000-02-18 03:38:33 +08:00
/* Get SID of new group. */
cygsid group_sid;
/* Check for current user first */
if (gid == myself->gid)
group_sid = cygheap->user.groups.pgsid;
else if (gid == ILLEGAL_GID)
group_sid = cur_group_sid;
2002-12-10 Pierre Humblet <pierre.humblet@ieee.org> * pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by pwdgrp_check::isinitializing (). (pwdgrp_check::isinitializing): Create. * passwd.cc (grab_int): Change type to unsigned, use strtoul and set the pointer content to 0 if the field is invalid. (parse_pwd): Move validity test after getting pw_gid. (read_etc_passwd): Replace "passwd_state <= " by passwd_state::isinitializing (). (internal_getpwuid): Ditto. (internal_getpwnam): Ditto. (getpwent): Ditto. (getpass): Ditto. * grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity. (read_etc_group): Replace "group_state <= " by group_state::isinitializing (). (internal_getgrgid): Ditto. (getgrent32): Ditto. (internal_getgrent): Ditto. 2002-12-10 Pierre Humblet <pierre.humblet@ieee.org> * security.h: Move declarations of internal_getgrent, internal_getpwsid and internal_getgrsid to pwdgrp.h. * pwdgrp.h: Declare internal_getpwsid, internal_getpwnam, internal_getpwuid, internal_getgrsid, internal_getgrgid, internal_getgrnam, internal_getgrent and internal_getgroups. Delete "emulated" from enum pwdgrp_state. (pwdgrp_check::isuninitialized): Create. (pwdgrp_check::pwdgrp_state): Change state to initializing rather than to uninitialized. (pwdgrp_read::gets): Remove trailing CRs. * passwd.cc (grab_string): Don't look for NLs. (grab_int): Ditto. (parse_pwd): Don't look for CRs. Return 0 if entry is too short. (search_for): Delete. (read_etc_passwd): Simplify tests to actually read the file. Set state to loaded before making internal_getpwXX calls. Replace search_for calls by equivalent internal_pwgetXX calls. (internal_getpwsid): Use passwd_state.isuninitialized to decide to call read_etc_passwd. (internal_getpwuid): Create. (internal_getpwnam): Create. (getpwuid32): Simply call internal_getpwuid. (getpwuid_r32): Call internal_getpwuid. (getpwnam): Simply call internal_getpwnam. (getpwnam_r): Call internal_getpwnam. * grp.cc (parse_grp): Don't look for CRs. Adjust blank space. (add_grp_line): Adjust blank space. (class group_lock): Ditto. (read_etc_group): Simplify tests to actually read the file. Set state to loaded before making internal_getgrXX calls. Replace getgrXX calls by equivalent internal calls. (internal_getgrsid): Use group_state.isuninitialized to decide to call read_etc_group. (internal_getgrgid): Create. (internal_getgrnam): Create. (getgroups32): Simply call internal_getgrgid. (getgrnam32): Simply call internal_getgrnam. (internal_getgrent): Call group_state.isuninitialized. (internal_getgroups): Create from the former getgroups32, using two of the four arguments. Set gid to myself->gid and username to cygheap->user.name (). (getgroups32): Simply call internal_getgroup. (getgroups): Call internal_getgroup instead of getgroups32. (setgroups32): Call internal versions of get{pw,gr}XX. * sec_helper.cc: Include pwdgrp.h. (is_grp_member): Call internal versions of get{pw,gr}XX. * security.cc: Include pwdgrp.h. (alloc_sd): Call internal versions of get{pw,gr}XX. * syscalls.cc: Include pwdgrp.h. (seteuid32): Call internal versions of get{pw,gr}XX. (setegid32): Ditto. * uinfo.cc: Include pwdgrp.h. (internal_getlogin): Call internal versions of get{pw,gr}XX. (cygheap_user::ontherange): Ditto. * sec_acl.cc: Include pwdgrp.h. (setacl): Call internal versions of get{pw,gr}XX. (acl_access): Ditto and simplify logic. (aclfromtext): Ditto.
2002-12-10 20:43:49 +08:00
else if (!group_sid.getfromgr (internal_getgrgid (gid)))
{
set_errno (EINVAL);
return NULL;
}
group_sid.debug_print ("alloc_sd: group SID =");
/* Initialize local security descriptor. */
2000-02-18 03:38:33 +08:00
SECURITY_DESCRIPTOR sd;
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
2000-02-18 03:38:33 +08:00
/* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
Drop NT4 support. * autoload.cc (DnsQuery_A): Fatal if not available. (DnsRecordListFree): Ditto. (DsGetDcNameW): Ditto. (NetGetAnyDCName): Remove. (NetGetDCName): Remove. (EnumProcessModules): Fatal if not available. (GetModuleFileNameExW): Ditto. (GetModuleInformation): Ditto. (GetProcessMemoryInfo): Ditto. (QueryWorkingSet): Ditto. (LsaRegisterLogonProcess): Ditto. * fenv.cc (_feinitialise): Drop supports_sse condition. * fhandler_disk_file.cc (path_conv::isgood_inode): Fix comment. (fhandler_base::fstat_by_name): Drop has_fileid_dirinfo condition. (fhandler_disk_file::opendir): Ditto. * fhandler_netdrive.cc (fhandler_netdrive::readdir): Fix comment. * fhandler_proc.cc (format_proc_partitions): Drop NT4-only code. * fhandler_process.cc (get_process_state): Ditto. * kernel32.cc (GetWindowsDirectoryW): Remove. (GetWindowsDirectoryA): Remove. * miscfuncs.cc (nice_to_winprio): Drop NT4-only code. * mount.cc (fs_info::update): Fix comments. * net.cc (get_2k_ifs): Drop NT4-only code. * sec_auth.cc (get_logon_server): Ditto. (lsaauth): Drop NT4-specific error handling. * security.cc (alloc_sd): Set SE_DACL_PROTECTED unconditionally. * select.cc (select_stuff::wait): Always use MWMO_INPUTAVAILABLE. (peek_windows): Drop NT4-only condition in call to PeekMessage. * syscalls.cc (gethostid): Remove NT4-only workaround. * wincap.cc: Througout, drop has_dacl_protect, has_broken_if_oper_status, has_process_io_counters, has_terminal_services, has_extended_priority_class, has_guid_volumes, has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse from wincaps. (wincap_nt4sp4): Remove. (wincap_minimal): Set to wincap_2000. (wincapc::init): Rely on availability of OSVERSIONINFOEX structure. Treat error from GetVersionEx as fatal. Treat NT4 as fatal. * wincap.h (struct wincaps): Drop has_dacl_protect, has_broken_if_oper_status, has_process_io_counters, has_terminal_services, has_extended_priority_class, has_guid_volumes, has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse flags and methods. * winlean.h (GetWindowsDirectoryW) Define as GetSystemWindowsDirectoryW. (GetWindowsDirectoryA): Define as GetSystemWindowsDirectoryA.
2011-04-04 20:23:36 +08:00
modified by inheritable ACEs. */
RtlSetControlSecurityDescriptor (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
/* Create owner for local security descriptor. */
status = RtlSetOwnerSecurityDescriptor (&sd, owner_sid, FALSE);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
2000-02-18 03:38:33 +08:00
return NULL;
}
/* Create group for local security descriptor. */
status = RtlSetGroupSecurityDescriptor (&sd, group_sid, FALSE);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
2000-02-18 03:38:33 +08:00
return NULL;
}
/* Initialize local access control list. */
PACL acl = (PACL) tp.w_get ();
RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION);
2000-02-18 03:38:33 +08:00
/* From here fill ACL. */
2000-02-18 03:38:33 +08:00
size_t acl_len = sizeof (ACL);
int ace_off = 0;
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
/* Only used for sync objects (for ttys). The admins group should
always have the right to manipulate the ACL, so we have to make sure
that the ACL gives the admins group STANDARD_RIGHTS_ALL access. */
bool saw_admins = false;
2000-02-18 03:38:33 +08:00
/* Construct allow attribute for owner.
Don't set FILE_READ/WRITE_ATTRIBUTES unconditionally on Samba, otherwise
it enforces read permissions. Same for other's below. */
DWORD owner_allow = STANDARD_RIGHTS_ALL
| (pc.fs_is_samba ()
? 0 : (FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES));
2000-02-18 03:38:33 +08:00
if (attribute & S_IRUSR)
owner_allow |= FILE_GENERIC_READ;
if (attribute & S_IWUSR)
owner_allow |= FILE_GENERIC_WRITE;
2000-02-18 03:38:33 +08:00
if (attribute & S_IXUSR)
owner_allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES;
if (S_ISDIR (attribute)
&& (attribute & (S_IWUSR | S_IXUSR)) == (S_IWUSR | S_IXUSR))
2000-02-18 03:38:33 +08:00
owner_allow |= FILE_DELETE_CHILD;
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
/* For sync objects note that the owner is admin. */
if (S_ISCHR (attribute) && owner_sid == well_known_admins_sid)
saw_admins = true;
2000-02-18 03:38:33 +08:00
/* Construct allow attribute for group. */
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
DWORD group_allow = STANDARD_RIGHTS_READ | SYNCHRONIZE
| (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES);
2000-02-18 03:38:33 +08:00
if (attribute & S_IRGRP)
group_allow |= FILE_GENERIC_READ;
if (attribute & S_IWGRP)
group_allow |= FILE_GENERIC_WRITE;
2000-02-18 03:38:33 +08:00
if (attribute & S_IXGRP)
group_allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES;
if (S_ISDIR (attribute)
&& (attribute & (S_IWGRP | S_IXGRP)) == (S_IWGRP | S_IXGRP)
&& !(attribute & S_ISVTX))
2000-02-18 03:38:33 +08:00
group_allow |= FILE_DELETE_CHILD;
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
/* For sync objects, add STANDARD_RIGHTS_ALL for admins group. */
if (S_ISCHR (attribute) && group_sid == well_known_admins_sid)
{
group_allow |= STANDARD_RIGHTS_ALL;
saw_admins = true;
}
2000-02-18 03:38:33 +08:00
/* Construct allow attribute for everyone. */
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
DWORD other_allow = STANDARD_RIGHTS_READ | SYNCHRONIZE
| (pc.fs_is_samba () ? 0 : FILE_READ_ATTRIBUTES);
2000-02-18 03:38:33 +08:00
if (attribute & S_IROTH)
other_allow |= FILE_GENERIC_READ;
if (attribute & S_IWOTH)
other_allow |= FILE_GENERIC_WRITE;
2000-02-18 03:38:33 +08:00
if (attribute & S_IXOTH)
other_allow |= FILE_GENERIC_EXECUTE & ~FILE_READ_ATTRIBUTES;
if (S_ISDIR (attribute)
&& (attribute & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH)
&& !(attribute & S_ISVTX))
2000-02-18 03:38:33 +08:00
other_allow |= FILE_DELETE_CHILD;
/* Construct SUID, SGID and VTX bits in NULL ACE. */
DWORD null_allow = 0L;
if (attribute & (S_ISUID | S_ISGID | S_ISVTX))
{
if (attribute & S_ISUID)
null_allow |= FILE_APPEND_DATA;
if (attribute & S_ISGID)
null_allow |= FILE_WRITE_DATA;
if (attribute & S_ISVTX)
null_allow |= FILE_READ_DATA;
}
/* Add owner and group permissions if SIDs are equal
and construct deny attributes for group and owner. */
bool isownergroup;
if ((isownergroup = (owner_sid == group_sid)))
owner_allow |= group_allow;
DWORD owner_deny = ~owner_allow & (group_allow | other_allow);
2000-02-18 03:38:33 +08:00
owner_deny &= ~(STANDARD_RIGHTS_READ
| FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES);
2000-02-18 03:38:33 +08:00
DWORD group_deny = ~group_allow & other_allow;
group_deny &= ~(STANDARD_RIGHTS_READ | FILE_READ_ATTRIBUTES);
/* Set deny ACE for owner. */
2000-02-18 03:38:33 +08:00
if (owner_deny
Throughout, change 'cygwin_shared.mount' to 'mount_table'. * child_info.h (child_info): Move shared_h, console_h to cygheap. Add mount_h. * cygheap.h (init_cygheap): Add shared_h, console_h. * cygheap.cc (init_cheap): Initialize heap at a fixed location after the shared memory regions. Initialize cygheap->user name here. * dcrt0.cc (dll_crt0_1): Call getpagesize () to initialize constants. Remove cygheap_init since it is done in shared_init now. (_dll_crt0): Initialize mount_h, remove shared_h and console_h initialization. * fhandler_console.cc (console_shared_h): Eliminate. (get_tty_stuff): Use cygheap->console_h rather than console_shared_h. * heap.cc (heap_init): Use page size constant calculated earlier in initialization. * shared.cc: Eliminate cygwin_shared_h. Add cygwin_mount_h. (mount_table_init): New function for initializing a user mount table. (open_shared_file_map): Use constant for shared memory region. Initialize cygheap and mount table here. (open_shared): Improve debugging output. (shared_info::initialize): Eliminate call to mount.init. (shared_terminate): Use cygheap->shared_h. Close cygwin_mount_h. (open_shared_file_map): Eliminate. * shared_info.h (mount_info): Add a version field. (shared_align_past): New macro for calculating location for shared memory regions. * sigproc.cc (init_child_info): Eliminate shared_h, console_h. * spawn.cc (spawn_guts): Pass on cygwin_mount_h iff not a different user. * syscalls.cc (system_info): New global holding system memory defaults. (getpagesize): Use system_info. * uinfo.cc (internal_getlogin): Only fill in user name if nonexistent. * winsup.h: Declare system_info. * passwd.cc (read_etc_passwd): Use cygheap->user.name () rather than retrieving the name again.
2001-01-28 13:51:15 +08:00
&& !add_access_denied_ace (acl, ace_off++, owner_deny,
owner_sid, acl_len, NO_INHERITANCE))
return NULL;
/* Set deny ACE for group here to respect the canonical order,
if this does not impact owner */
if (group_deny && !(group_deny & owner_allow) && !isownergroup
&& !add_access_denied_ace (acl, ace_off++, group_deny,
group_sid, acl_len, NO_INHERITANCE))
return NULL;
/* Set allow ACE for owner. */
Throughout, change 'cygwin_shared.mount' to 'mount_table'. * child_info.h (child_info): Move shared_h, console_h to cygheap. Add mount_h. * cygheap.h (init_cygheap): Add shared_h, console_h. * cygheap.cc (init_cheap): Initialize heap at a fixed location after the shared memory regions. Initialize cygheap->user name here. * dcrt0.cc (dll_crt0_1): Call getpagesize () to initialize constants. Remove cygheap_init since it is done in shared_init now. (_dll_crt0): Initialize mount_h, remove shared_h and console_h initialization. * fhandler_console.cc (console_shared_h): Eliminate. (get_tty_stuff): Use cygheap->console_h rather than console_shared_h. * heap.cc (heap_init): Use page size constant calculated earlier in initialization. * shared.cc: Eliminate cygwin_shared_h. Add cygwin_mount_h. (mount_table_init): New function for initializing a user mount table. (open_shared_file_map): Use constant for shared memory region. Initialize cygheap and mount table here. (open_shared): Improve debugging output. (shared_info::initialize): Eliminate call to mount.init. (shared_terminate): Use cygheap->shared_h. Close cygwin_mount_h. (open_shared_file_map): Eliminate. * shared_info.h (mount_info): Add a version field. (shared_align_past): New macro for calculating location for shared memory regions. * sigproc.cc (init_child_info): Eliminate shared_h, console_h. * spawn.cc (spawn_guts): Pass on cygwin_mount_h iff not a different user. * syscalls.cc (system_info): New global holding system memory defaults. (getpagesize): Use system_info. * uinfo.cc (internal_getlogin): Only fill in user name if nonexistent. * winsup.h: Declare system_info. * passwd.cc (read_etc_passwd): Use cygheap->user.name () rather than retrieving the name again.
2001-01-28 13:51:15 +08:00
if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
owner_sid, acl_len, NO_INHERITANCE))
2000-02-18 03:38:33 +08:00
return NULL;
/* Set deny ACE for group, if still needed. */
if (group_deny & owner_allow && !isownergroup
Throughout, change 'cygwin_shared.mount' to 'mount_table'. * child_info.h (child_info): Move shared_h, console_h to cygheap. Add mount_h. * cygheap.h (init_cygheap): Add shared_h, console_h. * cygheap.cc (init_cheap): Initialize heap at a fixed location after the shared memory regions. Initialize cygheap->user name here. * dcrt0.cc (dll_crt0_1): Call getpagesize () to initialize constants. Remove cygheap_init since it is done in shared_init now. (_dll_crt0): Initialize mount_h, remove shared_h and console_h initialization. * fhandler_console.cc (console_shared_h): Eliminate. (get_tty_stuff): Use cygheap->console_h rather than console_shared_h. * heap.cc (heap_init): Use page size constant calculated earlier in initialization. * shared.cc: Eliminate cygwin_shared_h. Add cygwin_mount_h. (mount_table_init): New function for initializing a user mount table. (open_shared_file_map): Use constant for shared memory region. Initialize cygheap and mount table here. (open_shared): Improve debugging output. (shared_info::initialize): Eliminate call to mount.init. (shared_terminate): Use cygheap->shared_h. Close cygwin_mount_h. (open_shared_file_map): Eliminate. * shared_info.h (mount_info): Add a version field. (shared_align_past): New macro for calculating location for shared memory regions. * sigproc.cc (init_child_info): Eliminate shared_h, console_h. * spawn.cc (spawn_guts): Pass on cygwin_mount_h iff not a different user. * syscalls.cc (system_info): New global holding system memory defaults. (getpagesize): Use system_info. * uinfo.cc (internal_getlogin): Only fill in user name if nonexistent. * winsup.h: Declare system_info. * passwd.cc (read_etc_passwd): Use cygheap->user.name () rather than retrieving the name again.
2001-01-28 13:51:15 +08:00
&& !add_access_denied_ace (acl, ace_off++, group_deny,
group_sid, acl_len, NO_INHERITANCE))
return NULL;
/* Set allow ACE for group. */
if (!isownergroup
&& !add_access_allowed_ace (acl, ace_off++, group_allow,
group_sid, acl_len, NO_INHERITANCE))
2000-02-18 03:38:33 +08:00
return NULL;
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
/* For sync objects, if we didn't see the admins group so far, add entry
with STANDARD_RIGHTS_ALL access. */
if (S_ISCHR (attribute) && !saw_admins)
{
if (!add_access_allowed_ace (acl, ace_off++, STANDARD_RIGHTS_ALL,
well_known_admins_sid, acl_len,
NO_INHERITANCE))
return NULL;
saw_admins = true;
}
/* Set allow ACE for everyone. */
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
well_known_world_sid, acl_len, NO_INHERITANCE))
return NULL;
/* Set null ACE for special bits. */
if (null_allow
&& !add_access_allowed_ace (acl, ace_off++, null_allow,
well_known_null_sid, acl_len, NO_INHERITANCE))
return NULL;
/* Fill ACL with unrelated ACEs from current security descriptor. */
2000-02-18 03:38:33 +08:00
PACL oacl;
BOOLEAN acl_exists = FALSE;
2000-02-18 03:38:33 +08:00
ACCESS_ALLOWED_ACE *ace;
status = RtlGetDaclSecurityDescriptor (sd_ret, &acl_exists, &oacl, &dummy);
if (NT_SUCCESS (status) && acl_exists && oacl)
2000-02-18 03:38:33 +08:00
for (DWORD i = 0; i < oacl->AceCount; ++i)
if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
* Makefile.in: Add cygheap.o. * child_info.h: Add specific exec class. * cygheap.h: New file. Contains declarations for cygwin heap. * cygheap.cc: New file. Implements cygwin heap functions. * dcrt0.cc (quoted): Simplify due to new method for passing arguments between cygwin programs. (alloc_stack_hard_way): Attempt to handle overlapped stack. (dll_crt0_1): Move child_info processing here. Accomodate new method for passing arguments between cygwin programs. Initialize cygwin heap. Establish __argc and __argv variables. (_dll_crt0): Move most of child_info processing to dll_crt0_1. (cygwin_dll_init): Remove duplication. * dtable.cc (dtable::extend): Allocate dtable using cygwin heap. (dtable::build_fhandler): Ditto for fhandler type being constructed. (dtable::dup_worker): Free new fhandler from cygwin heap on error. (dtable::select_*): Don't assume that this == fdtab. (dtable::linearize_fd_array): Delete. (dtable::delinearize_fd_array): Delete. (dtable::fixup_after_exec): New file. (dtable::vfork_child_dup): Use cygwin heap. (dtable::vfork_parent_restore): Ditto. * dtable.h: Remove obsolete methods. Add new method. * environ.cc (posify): Eliminate already_posix parameter and logic. (envsize): New function. (_addenv): Use envsize. (environ_init): Accept an argument pointing to an existing environment list. If supplied, allocate space for this in the the program's heap. * fhandler.cc (fhandler_base::operator =): Move here from fhandler.h. Use cygwin heap to allocate filenames. (fhandler_base::set_name): Allocate/free names from cygwin heap. (fhandler_base::linearize): Delete. (fhandler_base::de_linearize): Delete. (fhandler_base::operator delete): Free from cygwin heap. (fhandler_base::~fhandler_base): Ditto. * fhandler.h: Accomodate elimination of *linearize and other changes above. * fhandler_console.cc (fhandler_console::fixup_after_exec): Rename from de_linearize. * heap.h: New file. * fhandler_tty.cc (fhandler_tty_slave::fhandler_tty_slave): Use cygwin heap for name. fhandler_tty::fixup_after_exec): Rename from de_linearize. * fork.cc (fork): Call cygheap_fixup_in_child. * heap.cc: Use declarations in heap.h. * malloc.cc: Sprinkle assertions throughout to catch attempts to free/realloc something from the cygwin heap. * path.cc: Throughout, eliminate use of per-thread cache for cwd. Use cwd_* functions rather than cwd_* variables to access cwd_win32 and cwd_posix. (cwd_win32): New function. (cwd_posix): New function. (cwd_hash): New function. (cwd_fixup_after_exec): New function. * path.h: Accomodate path.cc changes. * pinfo.cc (pinfo_init): Accept a pointer to an environment table. Pass this to environ_init. Eliminate old 'title' tests. * pinfo.h: Accomodate above change in argument. * spawn.cc (struct av): New method for building argv list. (av::unshift): New method. (spawn_guts): Allocate everything that the child process needs in the cygwin heap and pass a pointer to this to the child. Build argv list using new method. Eliminate delinearize stuff. * thread.h: Eliminate _cwd_win32 and _cwd_posix buffers. * winsup.h: Eliminate obsolete functions. Add envsize() declaration.
2000-09-03 12:16:35 +08:00
{
cygpsid ace_sid ((PSID) &ace->SidStart);
/* Always skip NULL SID as well as admins SID on virtual device files
in /proc/sys. */
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
if (ace_sid == well_known_null_sid
|| (S_ISCHR (attribute) && ace_sid == well_known_admins_sid))
continue;
/* Check for ACEs which are always created in the preceding code
and check for the default inheritence ACEs which will be created
for just created directories. Skip them for just created
directories or if they are not inherited. If they are inherited,
make sure they are *only* inherited, so they don't collide with
the permissions set in this function. */
if ((ace_sid == cur_owner_sid)
|| (ace_sid == owner_sid)
|| (ace_sid == cur_group_sid)
|| (ace_sid == group_sid)
|| (ace_sid == well_known_creator_owner_sid)
|| (ace_sid == well_known_creator_group_sid)
|| (ace_sid == well_known_world_sid))
{
if ((S_ISDIR (attribute) && (attribute & S_JUSTCREATED))
|| (ace->Header.AceFlags
& (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE)) == 0)
continue;
else
ace->Header.AceFlags |= INHERIT_ONLY_ACE;
}
if (attribute & S_JUSTCREATED)
{
/* Since files and dirs are created with a NULL descriptor,
inheritence rules kick in. If no inheritable entries exist
in the parent object, Windows will create entries from the
user token's default DACL in the file DACL. These entries
are not desired and we drop them silently. */
if (!(ace->Header.AceFlags & INHERITED_ACE))
continue;
/* Remove the INHERITED_ACE flag since on POSIX systems
inheritance is settled when the file has been created.
This also avoids error messages in Windows Explorer when
opening a file's security tab. Explorer complains if
inheritable ACEs are preceding non-inheritable ACEs. */
ace->Header.AceFlags &= ~INHERITED_ACE;
}
/*
* Add unrelated ACCESS_DENIED_ACE to the beginning but
* behind the owner_deny, ACCESS_ALLOWED_ACE to the end.
* FIXME: this would break the order of the inherit-only ACEs
*/
status = RtlAddAce (acl, ACL_REVISION,
ace->Header.AceType == ACCESS_DENIED_ACE_TYPE
? (owner_deny ? 1 : 0) : MAXDWORD,
(LPVOID) ace, ace->Header.AceSize);
if (!NT_SUCCESS (status))
* Makefile.in: Add cygheap.o. * child_info.h: Add specific exec class. * cygheap.h: New file. Contains declarations for cygwin heap. * cygheap.cc: New file. Implements cygwin heap functions. * dcrt0.cc (quoted): Simplify due to new method for passing arguments between cygwin programs. (alloc_stack_hard_way): Attempt to handle overlapped stack. (dll_crt0_1): Move child_info processing here. Accomodate new method for passing arguments between cygwin programs. Initialize cygwin heap. Establish __argc and __argv variables. (_dll_crt0): Move most of child_info processing to dll_crt0_1. (cygwin_dll_init): Remove duplication. * dtable.cc (dtable::extend): Allocate dtable using cygwin heap. (dtable::build_fhandler): Ditto for fhandler type being constructed. (dtable::dup_worker): Free new fhandler from cygwin heap on error. (dtable::select_*): Don't assume that this == fdtab. (dtable::linearize_fd_array): Delete. (dtable::delinearize_fd_array): Delete. (dtable::fixup_after_exec): New file. (dtable::vfork_child_dup): Use cygwin heap. (dtable::vfork_parent_restore): Ditto. * dtable.h: Remove obsolete methods. Add new method. * environ.cc (posify): Eliminate already_posix parameter and logic. (envsize): New function. (_addenv): Use envsize. (environ_init): Accept an argument pointing to an existing environment list. If supplied, allocate space for this in the the program's heap. * fhandler.cc (fhandler_base::operator =): Move here from fhandler.h. Use cygwin heap to allocate filenames. (fhandler_base::set_name): Allocate/free names from cygwin heap. (fhandler_base::linearize): Delete. (fhandler_base::de_linearize): Delete. (fhandler_base::operator delete): Free from cygwin heap. (fhandler_base::~fhandler_base): Ditto. * fhandler.h: Accomodate elimination of *linearize and other changes above. * fhandler_console.cc (fhandler_console::fixup_after_exec): Rename from de_linearize. * heap.h: New file. * fhandler_tty.cc (fhandler_tty_slave::fhandler_tty_slave): Use cygwin heap for name. fhandler_tty::fixup_after_exec): Rename from de_linearize. * fork.cc (fork): Call cygheap_fixup_in_child. * heap.cc: Use declarations in heap.h. * malloc.cc: Sprinkle assertions throughout to catch attempts to free/realloc something from the cygwin heap. * path.cc: Throughout, eliminate use of per-thread cache for cwd. Use cwd_* functions rather than cwd_* variables to access cwd_win32 and cwd_posix. (cwd_win32): New function. (cwd_posix): New function. (cwd_hash): New function. (cwd_fixup_after_exec): New function. * path.h: Accomodate path.cc changes. * pinfo.cc (pinfo_init): Accept a pointer to an environment table. Pass this to environ_init. Eliminate old 'title' tests. * pinfo.h: Accomodate above change in argument. * spawn.cc (struct av): New method for building argv list. (av::unshift): New method. (spawn_guts): Allocate everything that the child process needs in the cygwin heap and pass a pointer to this to the child. Build argv list using new method. Eliminate delinearize stuff. * thread.h: Eliminate _cwd_win32 and _cwd_posix buffers. * winsup.h: Eliminate obsolete functions. Add envsize() declaration.
2000-09-03 12:16:35 +08:00
{
__seterrno_from_nt_status (status);
* Makefile.in: Add cygheap.o. * child_info.h: Add specific exec class. * cygheap.h: New file. Contains declarations for cygwin heap. * cygheap.cc: New file. Implements cygwin heap functions. * dcrt0.cc (quoted): Simplify due to new method for passing arguments between cygwin programs. (alloc_stack_hard_way): Attempt to handle overlapped stack. (dll_crt0_1): Move child_info processing here. Accomodate new method for passing arguments between cygwin programs. Initialize cygwin heap. Establish __argc and __argv variables. (_dll_crt0): Move most of child_info processing to dll_crt0_1. (cygwin_dll_init): Remove duplication. * dtable.cc (dtable::extend): Allocate dtable using cygwin heap. (dtable::build_fhandler): Ditto for fhandler type being constructed. (dtable::dup_worker): Free new fhandler from cygwin heap on error. (dtable::select_*): Don't assume that this == fdtab. (dtable::linearize_fd_array): Delete. (dtable::delinearize_fd_array): Delete. (dtable::fixup_after_exec): New file. (dtable::vfork_child_dup): Use cygwin heap. (dtable::vfork_parent_restore): Ditto. * dtable.h: Remove obsolete methods. Add new method. * environ.cc (posify): Eliminate already_posix parameter and logic. (envsize): New function. (_addenv): Use envsize. (environ_init): Accept an argument pointing to an existing environment list. If supplied, allocate space for this in the the program's heap. * fhandler.cc (fhandler_base::operator =): Move here from fhandler.h. Use cygwin heap to allocate filenames. (fhandler_base::set_name): Allocate/free names from cygwin heap. (fhandler_base::linearize): Delete. (fhandler_base::de_linearize): Delete. (fhandler_base::operator delete): Free from cygwin heap. (fhandler_base::~fhandler_base): Ditto. * fhandler.h: Accomodate elimination of *linearize and other changes above. * fhandler_console.cc (fhandler_console::fixup_after_exec): Rename from de_linearize. * heap.h: New file. * fhandler_tty.cc (fhandler_tty_slave::fhandler_tty_slave): Use cygwin heap for name. fhandler_tty::fixup_after_exec): Rename from de_linearize. * fork.cc (fork): Call cygheap_fixup_in_child. * heap.cc: Use declarations in heap.h. * malloc.cc: Sprinkle assertions throughout to catch attempts to free/realloc something from the cygwin heap. * path.cc: Throughout, eliminate use of per-thread cache for cwd. Use cwd_* functions rather than cwd_* variables to access cwd_win32 and cwd_posix. (cwd_win32): New function. (cwd_posix): New function. (cwd_hash): New function. (cwd_fixup_after_exec): New function. * path.h: Accomodate path.cc changes. * pinfo.cc (pinfo_init): Accept a pointer to an environment table. Pass this to environ_init. Eliminate old 'title' tests. * pinfo.h: Accomodate above change in argument. * spawn.cc (struct av): New method for building argv list. (av::unshift): New method. (spawn_guts): Allocate everything that the child process needs in the cygwin heap and pass a pointer to this to the child. Build argv list using new method. Eliminate delinearize stuff. * thread.h: Eliminate _cwd_win32 and _cwd_posix buffers. * winsup.h: Eliminate obsolete functions. Add envsize() declaration.
2000-09-03 12:16:35 +08:00
return NULL;
}
ace_off++;
* Makefile.in: Add cygheap.o. * child_info.h: Add specific exec class. * cygheap.h: New file. Contains declarations for cygwin heap. * cygheap.cc: New file. Implements cygwin heap functions. * dcrt0.cc (quoted): Simplify due to new method for passing arguments between cygwin programs. (alloc_stack_hard_way): Attempt to handle overlapped stack. (dll_crt0_1): Move child_info processing here. Accomodate new method for passing arguments between cygwin programs. Initialize cygwin heap. Establish __argc and __argv variables. (_dll_crt0): Move most of child_info processing to dll_crt0_1. (cygwin_dll_init): Remove duplication. * dtable.cc (dtable::extend): Allocate dtable using cygwin heap. (dtable::build_fhandler): Ditto for fhandler type being constructed. (dtable::dup_worker): Free new fhandler from cygwin heap on error. (dtable::select_*): Don't assume that this == fdtab. (dtable::linearize_fd_array): Delete. (dtable::delinearize_fd_array): Delete. (dtable::fixup_after_exec): New file. (dtable::vfork_child_dup): Use cygwin heap. (dtable::vfork_parent_restore): Ditto. * dtable.h: Remove obsolete methods. Add new method. * environ.cc (posify): Eliminate already_posix parameter and logic. (envsize): New function. (_addenv): Use envsize. (environ_init): Accept an argument pointing to an existing environment list. If supplied, allocate space for this in the the program's heap. * fhandler.cc (fhandler_base::operator =): Move here from fhandler.h. Use cygwin heap to allocate filenames. (fhandler_base::set_name): Allocate/free names from cygwin heap. (fhandler_base::linearize): Delete. (fhandler_base::de_linearize): Delete. (fhandler_base::operator delete): Free from cygwin heap. (fhandler_base::~fhandler_base): Ditto. * fhandler.h: Accomodate elimination of *linearize and other changes above. * fhandler_console.cc (fhandler_console::fixup_after_exec): Rename from de_linearize. * heap.h: New file. * fhandler_tty.cc (fhandler_tty_slave::fhandler_tty_slave): Use cygwin heap for name. fhandler_tty::fixup_after_exec): Rename from de_linearize. * fork.cc (fork): Call cygheap_fixup_in_child. * heap.cc: Use declarations in heap.h. * malloc.cc: Sprinkle assertions throughout to catch attempts to free/realloc something from the cygwin heap. * path.cc: Throughout, eliminate use of per-thread cache for cwd. Use cwd_* functions rather than cwd_* variables to access cwd_win32 and cwd_posix. (cwd_win32): New function. (cwd_posix): New function. (cwd_hash): New function. (cwd_fixup_after_exec): New function. * path.h: Accomodate path.cc changes. * pinfo.cc (pinfo_init): Accept a pointer to an environment table. Pass this to environ_init. Eliminate old 'title' tests. * pinfo.h: Accomodate above change in argument. * spawn.cc (struct av): New method for building argv list. (av::unshift): New method. (spawn_guts): Allocate everything that the child process needs in the cygwin heap and pass a pointer to this to the child. Build argv list using new method. Eliminate delinearize stuff. * thread.h: Eliminate _cwd_win32 and _cwd_posix buffers. * winsup.h: Eliminate obsolete functions. Add envsize() declaration.
2000-09-03 12:16:35 +08:00
acl_len += ace->Header.AceSize;
}
2000-02-18 03:38:33 +08:00
/* Construct appropriate inherit attribute for new directories. Keep in
mind that we do this only for the sake of non-Cygwin applications.
Cygwin applications don't need this. */
if (S_ISDIR (attribute) && (attribute & S_JUSTCREATED))
{
const DWORD inherit = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
| INHERIT_ONLY_ACE;
#if 0 /* FIXME: Not done currently as this breaks the canonical order */
/* Set deny ACE for owner. */
if (owner_deny
&& !add_access_denied_ace (acl, ace_off++, owner_deny,
well_known_creator_owner_sid, acl_len, inherit))
return NULL;
/* Set deny ACE for group here to respect the canonical order,
if this does not impact owner */
if (group_deny && !(group_deny & owner_allow)
&& !add_access_denied_ace (acl, ace_off++, group_deny,
well_known_creator_group_sid, acl_len, inherit))
return NULL;
#endif
/* Set allow ACE for owner. */
if (!add_access_allowed_ace (acl, ace_off++, owner_allow,
well_known_creator_owner_sid, acl_len,
inherit))
return NULL;
#if 0 /* FIXME: Not done currently as this breaks the canonical order and
won't be preserved on chown and chmod */
/* Set deny ACE for group, conflicting with owner_allow. */
if (group_deny & owner_allow
&& !add_access_denied_ace (acl, ace_off++, group_deny,
well_known_creator_group_sid, acl_len, inherit))
return NULL;
#endif
/* Set allow ACE for group. */
if (!add_access_allowed_ace (acl, ace_off++, group_allow,
well_known_creator_group_sid, acl_len,
inherit))
return NULL;
/* Set allow ACE for everyone. */
if (!add_access_allowed_ace (acl, ace_off++, other_allow,
well_known_world_sid, acl_len, inherit))
return NULL;
}
/* Set AclSize to computed value. */
2000-02-18 03:38:33 +08:00
acl->AclSize = acl_len;
debug_printf ("ACL-Size: %d", acl_len);
/* Create DACL for local security descriptor. */
status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
2000-02-18 03:38:33 +08:00
return NULL;
}
/* Make self relative security descriptor. */
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
DWORD sd_size = 0;
RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
if (sd_size <= 0)
2000-02-18 03:38:33 +08:00
{
__seterrno ();
return NULL;
}
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
if (!sd_ret.malloc (sd_size))
{
set_errno (ENOMEM);
return NULL;
}
status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (!NT_SUCCESS (status))
2000-02-18 03:38:33 +08:00
{
__seterrno_from_nt_status (status);
2000-02-18 03:38:33 +08:00
return NULL;
}
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
debug_printf ("Created SD-Size: %u", sd_ret.size ());
2000-02-18 03:38:33 +08:00
return sd_ret;
2000-02-18 03:38:33 +08:00
}
void
set_security_attribute (path_conv &pc, int attribute, PSECURITY_ATTRIBUTES psa,
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
security_descriptor &sd)
{
* dir.cc (mkdir): Use local security_descriptor. Call set_security_attribute appropriately. * external.cc (cygwin_internal): Ditto. * fhandler.cc (fhandler_base::open): Ditto. * fhandler_socket.cc (fhandler_socket::bind): Ditto. * path.cc (symlink_worker): Ditto. * sec_acl.cc (setacl): Ditto. Call read_sd appropriately. (getace): Ditto. * sec_helper.cc (security_descriptor::malloc): New method. (security_descriptor::realloc): New method. (security_descriptor::free): New method. * security.cc (read_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. Allocate the security_descriptor buffer according to size returned by a call to GetFileSecurity. Return buffer size on success. (write_sd): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (get_nt_attribute): Use local security_descriptor. (get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY. Allocate security_descriptor buffer according to size returned by a call to RegGetKeySecurity. (alloc_sd): Make static. Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check. (set_security_attribute): Get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (set_nt_attribute): Use local security_descriptor. (check_file_access): Ditto. * security.h: Add class security_descriptor. (read_sd): Change declaration to get security_descriptor as parameter instead of PSECURITY_DESCRIPTOR and a size. (write_sd): Ditto. (set_security_attribute): Ditto. (alloc_sd): Remove declaration. * thread.cc (semaphore::semaphore): Use local security_descriptor. Call set_security_attribute appropriately.
2003-11-26 21:23:27 +08:00
psa->lpSecurityDescriptor = sd.malloc (SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor ((PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
psa->lpSecurityDescriptor = alloc_sd (pc, geteuid32 (), getegid32 (),
attribute, sd);
}
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
int
get_object_sd (HANDLE handle, security_descriptor &sd)
{
ULONG len = 0;
NTSTATUS status;
status = NtQuerySecurityObject (handle, ALL_SECURITY_INFORMATION,
sd, len, &len);
if (status != STATUS_BUFFER_TOO_SMALL)
{
__seterrno_from_nt_status (status);
return -1;
}
if (!sd.malloc (len))
{
set_errno (ENOMEM);
return -1;
}
status = NtQuerySecurityObject (handle, ALL_SECURITY_INFORMATION,
sd, len, &len);
if (!NT_SUCCESS (status))
{
__seterrno_from_nt_status (status);
return -1;
}
return 0;
}
int
2013-04-23 17:44:36 +08:00
get_object_attribute (HANDLE handle, uid_t *uidret, gid_t *gidret,
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
mode_t *attribute)
{
security_descriptor sd;
if (get_object_sd (handle, sd))
return -1;
get_info_from_sd (sd, attribute, uidret, gidret);
return 0;
}
int
2013-04-23 17:44:36 +08:00
create_object_sd_from_attribute (HANDLE handle, uid_t uid, gid_t gid,
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
mode_t attribute, security_descriptor &sd)
{
path_conv pc;
if ((handle && get_object_sd (handle, sd))
|| !alloc_sd (pc, uid, gid, attribute, sd))
return -1;
return 0;
}
int
set_object_sd (HANDLE handle, security_descriptor &sd, bool chown)
{
NTSTATUS status;
status = NtSetSecurityObject (handle, chown ? ALL_SECURITY_INFORMATION
: DACL_SECURITY_INFORMATION, sd);
if (!NT_SUCCESS (status))
{
__seterrno_from_nt_status (status);
return -1;
}
return 0;
}
int
2013-04-23 17:44:36 +08:00
set_object_attribute (HANDLE handle, uid_t uid, gid_t gid,
* autoload.cc (GetNamedPipeClientProcessId): Define. * fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private. (fhandler_tty_slave::fch_close_handles): Ditto. (fhandler_tty_slave::cygserver_attach_tty): Drop declaration. (fhandler_tty_slave::fstat): Declare public. (fhandler_tty_slave::fchmod): Declare public. (fhandler_tty_slave::fchown): Declare public. (class fhandler_pty_master): Add master_ctl handle. (fhandler_pty_master::pty_master_thread): Declare public. * fhandler_termios.cc (fhandler_termios::tcinit): If the process is started from a non-Cygwin process, make it tty process group leader. * fhandler_tty.cc: Throughout accommodate additional security related arguments in calls to functions creating or opening objects. (close_maybe): Move to start of file to reuse it in other methods. (struct pipe_request): Define. (struct pipe_reply): Define. (fhandler_tty_slave::open): Throughout, try to open synchronization objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver. Try to duplicate pipe handles via master_ctl pipe if duplicating directly doesn't work. (fhandler_tty_slave::cygserver_attach_tty): Remove. (fhandler_tty_slave::init): Close unused incoming pipe handle. (fhandler_pty_master::close): Send exit message to master control thread and close master_ctl handle. (fhandler_pty_master::pty_master_thread): New method, implementing the master control thread. (pty_master_thread): Static helper to start master control thread. (fhandler_pty_master::setup): Simplify creating pipe inheritance. Make sure we're the one creating the input_available_event. Add comment to explain why. Create master_ctl pipe and start master control thread. Close master_ctl handle in case of error. * security.cc (alloc_sd): Add code to handle tty objects. Add comments to explain what exactly is required. (get_object_sd): New function. (get_object_attribute): New function. (create_object_sd_from_attribute): New function. (set_object_sd): New function. (set_object_attribute): New function. (set_file_attribute): Change attribute type to mode_t. * security.h (set_file_attribute): Change attribute type to mode_t. (get_object_sd): Declare. (get_object_attribute): Declare. (create_object_sd_from_attribute): Declare. (set_object_sd): Declare. (set_object_attribute): Declare. * tty.cc (tty::slave_alive): Implement directly instead of via alive. (tty::exists): Open mutex handle with READ_CONTROL access. (tty::alive): Remove. (tty::open_output_mutex): Convert to inline method. (tty::open_input_mutex): Ditto. (tty::open_mutex): Take additional ACCESS_MASK parameter for the mutex open access mask. (tty::open_inuse): New method. (tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt name parameter. Always create TTY_SLAVE_ALIVE event. (tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for CreateEvent. * tty.h (class tty): Change declarations according to aforementioned changes. (tty::open_output_mutex): Implement as inline method. (tty::open_input_mutex): Ditto.
2010-04-20 03:52:43 +08:00
mode_t attribute)
{
security_descriptor sd;
if (create_object_sd_from_attribute (handle, uid, gid, attribute, sd)
|| set_object_sd (handle, sd, uid != ILLEGAL_UID || gid != ILLEGAL_GID))
return -1;
return 0;
}
2000-02-18 03:38:33 +08:00
int
set_file_attribute (HANDLE handle, path_conv &pc,
2013-04-23 17:44:36 +08:00
uid_t uid, gid_t gid, mode_t attribute)
2000-02-18 03:38:33 +08:00
{
int ret = -1;
if (pc.has_acls ())
{
security_descriptor sd;
if (!get_file_sd (handle, pc, sd, (bool)(attribute & S_JUSTCREATED))
&& alloc_sd (pc, uid, gid, attribute, sd))
ret = set_file_sd (handle, pc, sd,
uid != ILLEGAL_UID || gid != ILLEGAL_GID);
}
else
ret = 0;
syscall_printf ("%d = set_file_attribute(%S, %d, %d, 0%o)",
ret, pc.get_nt_native_path (), uid, gid, attribute);
return ret;
2000-02-18 03:38:33 +08:00
}
static int
check_access (security_descriptor &sd, GENERIC_MAPPING &mapping,
ACCESS_MASK desired, int flags, bool effective)
{
int ret = -1;
NTSTATUS status, allow;
ACCESS_MASK granted;
DWORD plen = sizeof (PRIVILEGE_SET) + 3 * sizeof (LUID_AND_ATTRIBUTES);
PPRIVILEGE_SET pset = (PPRIVILEGE_SET) alloca (plen);
HANDLE tok = ((effective && cygheap->user.issetuid ())
? cygheap->user.imp_token ()
: hProcImpToken);
if (!tok)
{
if (!DuplicateTokenEx (hProcToken, MAXIMUM_ALLOWED, NULL,
2011-06-06 13:02:13 +08:00
SecurityImpersonation, TokenImpersonation,
&hProcImpToken))
2011-06-06 13:02:13 +08:00
{
__seterrno ();
return ret;
}
tok = hProcImpToken;
2011-06-06 13:02:13 +08:00
}
status = NtAccessCheck (sd, tok, desired, &mapping, pset, &plen, &granted,
&allow);
if (!NT_SUCCESS (status))
__seterrno ();
else if (!NT_SUCCESS (allow))
{
/* CV, 2006-10-16: Now, that's really weird. Imagine a user who has no
standard access to a file, but who has backup and restore privileges
and these privileges are enabled in the access token. One would
expect that the AccessCheck function takes this into consideration
when returning the access status. Otherwise, why bother with the
pset parameter, right?
But not so. AccessCheck actually returns a status of "false" here,
even though opening a file with backup resp. restore intent
naturally succeeds for this user. This definitely spoils the results
of access(2) for administrative users or the SYSTEM account. So, in
case the access check fails, another check against the user's
backup/restore privileges has to be made. Sigh. */
int granted_flags = 0;
BOOLEAN has_priv;
if (flags & R_OK)
{
pset->PrivilegeCount = 1;
pset->Control = 0;
* cygheap.h (init_cygheap::luid): Remove. * mmap.cc (mlock): Accommodate parameter change in call to push_thread_privilege. (munlock): Ditto. * ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define. (NtAdjustPrivilegesToken): Declare. * sec_helper.cc (cygpriv): Reorder to match numerical privilege order. (privilege_luid): Take job of privilege_luid_by_name, using new cygpriv. (privilege_luid_by_name): Remove. (privilege_name): Accommodate new cygpriv array. (set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32. Accommodate changes to privilege_name. (set_cygwin_privileges): Simplify. Don't try to set SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it. * security.cc (sys_privs): Reorder to match numerical privilege order. Use real privilege values as defined in security.h. (get_system_priv_list): Drop unused grp_list argument. Create list of privileges according to new wincapc::max_sys_priv value. (get_priv_list): Call privilege_luid instead of privilege_luid_by_name. Make priv a local value instead of a pointer. (create_token): Accommodate parameter change in call to push_self_privilege. (lsaauth): Ditto. (check_access): Use privilege values directly instead of calling privilege_luid. * security.h: Define real privilege values. (cygpriv_idx): Remove. (privilege_luid): Change declaration. (privilege_luid_by_name): Drop declaration. (set_privilege): Change declaration. (set_process_privilege): Drop definition. (_push_thread_privilege): Accomodate new set_privilege parameters. * wincap.h (wincapc::max_sys_priv): New element. * wincap.cc: Implement above element throughout. (wincap_2000sp4): New wincaps structure. (wincap_xpsp1): Ditto. (wincap_xpsp2): Ditto. (wincapc::init): Use new wincaps. (wincapc::max_sys_priv): New element.
2007-07-19 16:33:22 +08:00
pset->Privilege[0].Luid.HighPart = 0L;
pset->Privilege[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
pset->Privilege[0].Attributes = 0;
status = NtPrivilegeCheck (tok, pset, &has_priv);
if (NT_SUCCESS (status) && has_priv)
granted_flags |= R_OK;
}
if (flags & W_OK)
{
pset->PrivilegeCount = 1;
pset->Control = 0;
* cygheap.h (init_cygheap::luid): Remove. * mmap.cc (mlock): Accommodate parameter change in call to push_thread_privilege. (munlock): Ditto. * ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define. (NtAdjustPrivilegesToken): Declare. * sec_helper.cc (cygpriv): Reorder to match numerical privilege order. (privilege_luid): Take job of privilege_luid_by_name, using new cygpriv. (privilege_luid_by_name): Remove. (privilege_name): Accommodate new cygpriv array. (set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32. Accommodate changes to privilege_name. (set_cygwin_privileges): Simplify. Don't try to set SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it. * security.cc (sys_privs): Reorder to match numerical privilege order. Use real privilege values as defined in security.h. (get_system_priv_list): Drop unused grp_list argument. Create list of privileges according to new wincapc::max_sys_priv value. (get_priv_list): Call privilege_luid instead of privilege_luid_by_name. Make priv a local value instead of a pointer. (create_token): Accommodate parameter change in call to push_self_privilege. (lsaauth): Ditto. (check_access): Use privilege values directly instead of calling privilege_luid. * security.h: Define real privilege values. (cygpriv_idx): Remove. (privilege_luid): Change declaration. (privilege_luid_by_name): Drop declaration. (set_privilege): Change declaration. (set_process_privilege): Drop definition. (_push_thread_privilege): Accomodate new set_privilege parameters. * wincap.h (wincapc::max_sys_priv): New element. * wincap.cc: Implement above element throughout. (wincap_2000sp4): New wincaps structure. (wincap_xpsp1): Ditto. (wincap_xpsp2): Ditto. (wincapc::init): Use new wincaps. (wincapc::max_sys_priv): New element.
2007-07-19 16:33:22 +08:00
pset->Privilege[0].Luid.HighPart = 0L;
pset->Privilege[0].Luid.LowPart = SE_RESTORE_PRIVILEGE;
pset->Privilege[0].Attributes = 0;
status = NtPrivilegeCheck (tok, pset, &has_priv);
if (NT_SUCCESS (status) && has_priv)
granted_flags |= W_OK;
}
if (granted_flags == flags)
ret = 0;
else
set_errno (EACCES);
}
else
ret = 0;
return ret;
}
/* Samba override. Check security descriptor for Samba UNIX user and group
accounts and check if we have an RFC 2307 mapping to a Windows account.
Create a new security descriptor with all of the UNIX accounts with
valid mapping replaced with their Windows counterpart. */
static void
convert_samba_sd (security_descriptor &sd_ret)
{
NTSTATUS status;
BOOLEAN dummy;
PSID sid;
cygsid owner;
cygsid group;
SECURITY_DESCRIPTOR sd;
cyg_ldap cldap;
tmp_pathbuf tp;
PACL acl, oacl;
size_t acl_len;
PACCESS_ALLOWED_ACE ace;
if (!NT_SUCCESS (RtlGetOwnerSecurityDescriptor (sd_ret, &sid, &dummy)))
return;
owner = sid;
if (!NT_SUCCESS (RtlGetGroupSecurityDescriptor (sd_ret, &sid, &dummy)))
return;
group = sid;
if (sid_id_auth (owner) == 22)
{
struct passwd *pwd;
uid_t uid = owner.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
owner.getfrompw (pwd);
}
if (sid_id_auth (group) == 22)
{
struct group *grp;
gid_t gid = group.get_gid (&cldap);
if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
group.getfromgr (grp);
}
if (!NT_SUCCESS (RtlGetDaclSecurityDescriptor (sd_ret, &dummy,
&oacl, &dummy)))
return;
acl = (PACL) tp.w_get ();
RtlCreateAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION);
acl_len = sizeof (ACL);
for (DWORD i = 0; i < oacl->AceCount; ++i)
if (NT_SUCCESS (RtlGetAce (oacl, i, (PVOID *) &ace)))
{
cygsid ace_sid ((PSID) &ace->SidStart);
if (sid_id_auth (ace_sid) == 22)
{
if (sid_sub_auth (ace_sid, 0) == 1) /* user */
{
struct passwd *pwd;
uid_t uid = ace_sid.get_uid (&cldap);
if (uid < UNIX_POSIX_OFFSET && (pwd = internal_getpwuid (uid)))
ace_sid.getfrompw (pwd);
}
else /* group */
{
struct group *grp;
gid_t gid = ace_sid.get_gid (&cldap);
if (gid < UNIX_POSIX_OFFSET && (grp = internal_getgrgid (gid)))
ace_sid.getfromgr (grp);
}
if (!add_access_allowed_ace (acl, i, ace->Mask, ace_sid, acl_len,
ace->Header.AceFlags))
return;
}
}
acl->AclSize = acl_len;
RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
RtlSetControlSecurityDescriptor (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE);
RtlSetGroupSecurityDescriptor (&sd, group, FALSE);
status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
if (!NT_SUCCESS (status))
return;
DWORD sd_size = 0;
status = RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
if (sd_size > 0 && sd_ret.malloc (sd_size))
RtlAbsoluteToSelfRelativeSD (&sd, sd_ret, &sd_size);
}
int
check_file_access (path_conv &pc, int flags, bool effective)
{
security_descriptor sd;
int ret = -1;
ACCESS_MASK desired = 0;
if (flags & R_OK)
desired |= FILE_READ_DATA;
if (flags & W_OK)
desired |= FILE_WRITE_DATA;
if (flags & X_OK)
desired |= FILE_EXECUTE;
if (!get_file_sd (pc.handle (), pc, sd, false))
{
/* Tweak Samba security descriptor as necessary. */
if (pc.fs_is_samba ())
convert_samba_sd (sd);
ret = check_access (sd, file_mapping, desired, flags, effective);
}
2013-04-23 17:44:36 +08:00
debug_printf ("flags %y, ret %d", flags, ret);
return ret;
}
int
check_registry_access (HANDLE hdl, int flags, bool effective)
{
security_descriptor sd;
int ret = -1;
2013-04-23 17:44:36 +08:00
static GENERIC_MAPPING NO_COPY_RO reg_mapping = { KEY_READ,
KEY_WRITE,
KEY_EXECUTE,
KEY_ALL_ACCESS };
ACCESS_MASK desired = 0;
if (flags & R_OK)
desired |= KEY_ENUMERATE_SUB_KEYS;
if (flags & W_OK)
desired |= KEY_SET_VALUE;
if (flags & X_OK)
desired |= KEY_QUERY_VALUE;
if ((HKEY) hdl == HKEY_PERFORMANCE_DATA)
/* RegGetKeySecurity() always fails with ERROR_INVALID_HANDLE. */
ret = 0;
else if (!get_reg_sd (hdl, sd))
ret = check_access (sd, reg_mapping, desired, flags, effective);
/* As long as we can't write the registry... */
if (flags & W_OK)
{
set_errno (EROFS);
ret = -1;
}
2013-04-23 17:44:36 +08:00
debug_printf ("flags %y, ret %d", flags, ret);
return ret;
}