From 380aaf2d2ced0e305e91c85d8bda2de6092b424f Mon Sep 17 00:00:00 2001 From: Christopher Faylor Date: Tue, 11 Jun 2002 02:08:00 +0000 Subject: [PATCH] * Makefile.in: Ensure that -MD gets added to CFLAGS regardless of CFLAGS command-line setting. * cygwin.din: Export sexec* functions as function which returns ENOSYS (i.e., sexec* is deprecated). * dtable.cc (dtable::vfork_child_dup): Ensure that impersonation is restored even on failure. * exec.cc: Throughout, remove references to sexec* and _spawnve. * pinfo.h: Remove _spawnve declaration. * spawn.cc: Rename _spawnve to spawnve and use throughout. (spawn_guts): Eliminate hToken argument and processing of same. Just perform special actions if impersonating. (spawnve): Rename from _spawnve. --- winsup/cygwin/ChangeLog | 16 +++++ winsup/cygwin/Makefile.in | 2 +- winsup/cygwin/cygwin.din | 16 ++--- winsup/cygwin/dtable.cc | 8 +-- winsup/cygwin/exec.cc | 123 ++------------------------------------ winsup/cygwin/pinfo.h | 3 - winsup/cygwin/security.cc | 6 +- winsup/cygwin/spawn.cc | 53 +++++++--------- 8 files changed, 56 insertions(+), 171 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 2e3649f79..70088c084 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,19 @@ +2002-06-10 Christopher Faylor + + * Makefile.in: Ensure that -MD gets added to CFLAGS regardless of + CFLAGS command-line setting. + + * cygwin.din: Export sexec* functions as function which returns ENOSYS + (i.e., sexec* is deprecated). + * dtable.cc (dtable::vfork_child_dup): Ensure that impersonation is + restored even on failure. + * exec.cc: Throughout, remove references to sexec* and _spawnve. + * pinfo.h: Remove _spawnve declaration. + * spawn.cc: Rename _spawnve to spawnve and use throughout. + (spawn_guts): Eliminate hToken argument and processing of same. Just + perform special actions if impersonating. + (spawnve): Rename from _spawnve. + 2002-06-10 Christopher Faylor * include/sys/strace.h (strace): Avoid use of constructor. diff --git a/winsup/cygwin/Makefile.in b/winsup/cygwin/Makefile.in index c3c778fb7..d10bdf2b5 100644 --- a/winsup/cygwin/Makefile.in +++ b/winsup/cygwin/Makefile.in @@ -51,7 +51,7 @@ CC:=@CC@ # FIXME: Which is it, CC or CC_FOR_TARGET? CC_FOR_TARGET:=$(CC) CFLAGS:=@CFLAGS@ -CFLAGS+=-MMD -fbuiltin +override CFLAGS+=-MMD -fbuiltin CXX:=@CXX@ CXXFLAGS:=@CXXFLAGS@ diff --git a/winsup/cygwin/cygwin.din b/winsup/cygwin/cygwin.din index c687f7223..c9e7aac28 100644 --- a/winsup/cygwin/cygwin.din +++ b/winsup/cygwin/cygwin.din @@ -1144,14 +1144,14 @@ _tzname DATA ptsname grantpt unlockpt -sexecve -sexecl -sexecle -sexeclp -sexeclpe -sexecv -sexecp -sexecvpe +sexecve = sexecve_is_bad +sexecl = sexecve_is_bad +sexecle = sexecve_is_bad +sexeclp = sexecve_is_bad +sexeclpe = sexecve_is_bad +sexecv = sexecve_is_bad +sexecp = sexecve_is_bad +sexecvpe = sexecve_is_bad ttyslot rcmd = cygwin_rcmd rresvport = cygwin_rresvport diff --git a/winsup/cygwin/dtable.cc b/winsup/cygwin/dtable.cc index 71bf25a17..241528a3d 100644 --- a/winsup/cygwin/dtable.cc +++ b/winsup/cygwin/dtable.cc @@ -633,14 +633,14 @@ dtable::vfork_child_dup () goto out; } - /* Restore impersonation */ - if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) - ImpersonateLoggedOnUser (cygheap->user.token); - fds_on_hold = fds; fds = newtable; out: + /* Restore impersonation */ + if (cygheap->user.impersonated && cygheap->user.token != INVALID_HANDLE_VALUE) + ImpersonateLoggedOnUser (cygheap->user.token); + ReleaseResourceLock (LOCK_FD_LIST, WRITE_LOCK | READ_LOCK, "dup"); return 1; } diff --git a/winsup/cygwin/exec.cc b/winsup/cygwin/exec.cc index 12f75fdb8..942b79d83 100644 --- a/winsup/cygwin/exec.cc +++ b/winsup/cygwin/exec.cc @@ -19,6 +19,7 @@ details. */ #include "path.h" #include "pinfo.h" #include "environ.h" +#include "cygerrno.h" /* This is called _execve and not execve because the real execve is defined in libc/posix/execve.c. It calls us. */ @@ -30,7 +31,7 @@ _execve (const char *path, char *const argv[], char *const envp[]) MALLOC_CHECK; if (!envp) envp = empty_env; - return _spawnve (NULL, _P_OVERLAY, path, argv, envp); + return spawnve (_P_OVERLAY, path, argv, envp); } extern "C" int @@ -58,116 +59,11 @@ execv (const char *path, char * const *argv) return _execve (path, (char * const *) argv, cur_environ ()); } -/* the same as a standard exec() calls family, but with NT security support */ - extern "C" pid_t -sexecve (HANDLE hToken, const char *path, const char *const argv[], - const char *const envp[]) +sexecve_is_bad () { - _spawnve (hToken, _P_OVERLAY, path, argv, envp); - return -1; -} - -extern "C" int -sexecl (HANDLE hToken, const char *path, const char *arg0, ...) -{ - int i; - va_list args; - const char *argv[1024]; - - va_start (args, arg0); - argv[0] = arg0; - i = 1; - - do - argv[i] = va_arg (args, const char *); - while (argv[i++] != NULL); - - va_end (args); - - MALLOC_CHECK; - return sexecve (hToken, path, (char * const *) argv, cur_environ ()); -} - -extern "C" int -sexecle (HANDLE hToken, const char *path, const char *arg0, ...) -{ - int i; - va_list args; - const char * const *envp; - const char *argv[1024]; - - va_start (args, arg0); - argv[0] = arg0; - i = 1; - - do - argv[i] = va_arg (args, const char *); - while (argv[i++] != NULL); - - envp = va_arg (args, const char * const *); - va_end (args); - - MALLOC_CHECK; - return sexecve(hToken, path, (char * const *) argv, (char * const *) envp); -} - -extern "C" int -sexeclp (HANDLE hToken, const char *path, const char *arg0, ...) -{ - int i; - va_list args; - const char *argv[1024]; - - va_start (args, arg0); - argv[0] = arg0; - i = 1; - - do - argv[i] = va_arg (args, const char *); - while (argv[i++] != NULL); - - va_end (args); - - MALLOC_CHECK; - return sexecvpe (hToken, path, (const char * const *) argv, cur_environ ()); -} - -extern "C" int -sexeclpe (HANDLE hToken, const char *path, const char *arg0, ...) -{ - int i; - va_list args; - const char * const *envp; - const char *argv[1024]; - - va_start (args, arg0); - argv[0] = arg0; - i = 1; - - do - argv[i] = va_arg (args, const char *); - while (argv[i++] != NULL); - - envp = va_arg (args, const char * const *); - va_end (args); - - MALLOC_CHECK; - return sexecvpe (hToken, path, argv, envp); -} - -extern "C" int -sexecv (HANDLE hToken, const char *path, const char * const *argv) -{ - MALLOC_CHECK; - return sexecve (hToken, path, argv, cur_environ ()); -} - -extern "C" int -sexecp (HANDLE hToken, const char *path, const char * const *argv) -{ - MALLOC_CHECK; - return sexecvpe (hToken, path, argv, cur_environ ()); + set_errno (ENOSYS); + return 0; } /* @@ -187,15 +83,6 @@ strccpy (char *s1, const char **s2, char c) return s1; } -extern "C" int -sexecvpe (HANDLE hToken, const char *file, const char * const *argv, - const char *const *envp) -{ - path_conv buf; - MALLOC_CHECK; - return sexecve (hToken, find_exec (file, buf), argv, envp); -} - extern "C" int execvp (const char *path, char * const *argv) { diff --git a/winsup/cygwin/pinfo.h b/winsup/cygwin/pinfo.h index f68c155e5..8a090cfd9 100644 --- a/winsup/cygwin/pinfo.h +++ b/winsup/cygwin/pinfo.h @@ -199,9 +199,6 @@ void __stdcall set_myself (pid_t pid, HANDLE h = NULL); extern pinfo myself; #define _P_VFORK 0 -extern "C" int _spawnve (HANDLE hToken, int mode, const char *path, - const char *const *argv, const char *const *envp); - extern void __stdcall pinfo_fixup_after_fork (); extern HANDLE hexec_proc; diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index e6414cfd4..5920cac50 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -46,8 +46,7 @@ BOOL allow_ntsec; The default is TRUE to reflect the old behaviour. */ BOOL allow_smbntsec = TRUE; -extern "C" -void +extern "C" void cygwin_set_impersonation_token (const HANDLE hToken) { debug_printf ("set_impersonation_token (%d)", hToken); @@ -100,8 +99,7 @@ extract_nt_dom_user (const struct passwd *pw, char *domain, char *user) } } -extern "C" -HANDLE +extern "C" HANDLE cygwin_logon_user (const struct passwd *pw, const char *password) { if (!wincap.has_security ()) diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc index 5b110548b..a63adc664 100644 --- a/winsup/cygwin/spawn.cc +++ b/winsup/cygwin/spawn.cc @@ -316,7 +316,7 @@ av::unshift (const char *what, int conv) } static int __stdcall -spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, +spawn_guts (const char * prog_arg, const char *const *argv, const char *const envp[], int mode) { BOOL rc; @@ -612,21 +612,18 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, else envblock = winenv (envp, 0); + const char *runpath = null_app_name ? NULL : (const char *) real_path; + + syscall_printf ("null_app_name %d (%s, %.132s)", null_app_name, runpath, one_line.buf); + + void *newheap; /* Preallocated buffer for `sec_user' call */ char sa_buf[1024]; - if (!hToken && cygheap->user.impersonated - && cygheap->user.token != INVALID_HANDLE_VALUE) - hToken = cygheap->user.token; - - const char *runpath = null_app_name ? NULL : (const char *) real_path; - - syscall_printf ("spawn_guts null_app_name %d (%s, %.132s)", null_app_name, runpath, one_line.buf); - - void *newheap; cygbench ("spawn-guts"); - if (!hToken) + if (!cygheap->user.impersonated || cygheap->user.token == INVALID_HANDLE_VALUE) { + ciresrv.moreinfo->uid = getuid32 (); /* FIXME: This leaks a handle in the CreateProcessAsUser case since the child process doesn't know about cygwin_mount_h. */ @@ -649,7 +646,8 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, { cygsid sid; DWORD ret_len; - if (!GetTokenInformation (hToken, TokenUser, &sid, sizeof sid, &ret_len)) + if (!GetTokenInformation (cygheap->user.token, TokenUser, &sid, + sizeof sid, &ret_len)) { sid = NO_SID; system_printf ("GetTokenInformation: %E"); @@ -685,7 +683,7 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, si.lpDesktop = wstname; newheap = cygheap_setup_for_child (&ciresrv, cygheap->fdtab.need_fixup_before ()); - rc = CreateProcessAsUser (hToken, + rc = CreateProcessAsUser (cygheap->user.token, runpath, /* image name - with full path */ one_line.buf, /* what was passed to exec */ sec_attribs, /* process security attrs */ @@ -786,9 +784,6 @@ spawn_guts (HANDLE hToken, const char * prog_arg, const char *const *argv, sigproc_printf ("spawned windows pid %d", pi.dwProcessId); - if (hToken && hToken != cygheap->user.token) - CloseHandle (hToken); - DWORD res; BOOL exited; @@ -909,8 +904,8 @@ cwait (int *result, int pid, int) */ extern "C" int -_spawnve (HANDLE hToken, int mode, const char *path, const char *const *argv, - const char *const *envp) +spawnve (int mode, const char *path, const char *const *argv, + const char *const *envp) { int ret; vfork_save *vf = vfork_storage.val (); @@ -920,14 +915,14 @@ _spawnve (HANDLE hToken, int mode, const char *path, const char *const *argv, else vf = NULL; - syscall_printf ("_spawnve (%s, %s, %x)", path, argv[0], envp); + syscall_printf ("spawnve (%s, %s, %x)", path, argv[0], envp); switch (mode) { case _P_OVERLAY: /* We do not pass _P_SEARCH_PATH here. execve doesn't search PATH.*/ /* Just act as an exec if _P_OVERLAY set. */ - spawn_guts (hToken, path, argv, envp, mode); + spawn_guts (path, argv, envp, mode); /* Errno should be set by spawn_guts. */ ret = -1; break; @@ -937,7 +932,7 @@ _spawnve (HANDLE hToken, int mode, const char *path, const char *const *argv, case _P_WAIT: case _P_DETACH: subproc_init (); - ret = spawn_guts (hToken, path, argv, envp, mode); + ret = spawn_guts (path, argv, envp, mode); if (vf && ret > 0) { debug_printf ("longjmping due to vfork"); @@ -975,7 +970,7 @@ spawnl (int mode, const char *path, const char *arg0, ...) va_end (args); - return _spawnve (NULL, mode, path, (char * const *) argv, cur_environ ()); + return spawnve (mode, path, (char * const *) argv, cur_environ ()); } extern "C" int @@ -997,8 +992,7 @@ spawnle (int mode, const char *path, const char *arg0, ...) envp = va_arg (args, const char * const *); va_end (args); - return _spawnve (NULL, mode, path, (char * const *) argv, - (char * const *) envp); + return spawnve (mode, path, (char * const *) argv, (char * const *) envp); } extern "C" int @@ -1046,14 +1040,7 @@ spawnlpe (int mode, const char *path, const char *arg0, ...) extern "C" int spawnv (int mode, const char *path, const char * const *argv) { - return _spawnve (NULL, mode, path, argv, cur_environ ()); -} - -extern "C" int -spawnve (int mode, const char *path, char * const *argv, - const char * const *envp) -{ - return _spawnve (NULL, mode, path, argv, envp); + return spawnve (mode, path, argv, cur_environ ()); } extern "C" int @@ -1067,5 +1054,5 @@ spawnvpe (int mode, const char *file, const char * const *argv, const char * const *envp) { path_conv buf; - return _spawnve (NULL, mode, find_exec (file, buf), argv, envp); + return spawnve (mode, find_exec (file, buf), argv, envp); }