From 7131554a692a675bfff2d95f224c54dfdb88686c Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Fri, 23 Feb 2007 11:43:48 +0000 Subject: [PATCH] Throughout remove using wincap. * Makefile.in (OBJS): Remove wincap.o. * README: Don't mention 9x. * bsd_mutex.cc (_mtx_unlock): Drop checking for 9x error codes. * cygserver.cc (server_submission_loop::request_loop): Add FIXME comment. * wincap.cc: Remove. * wincap.h: Remove. * woutsup.h: Don't include wincap.h. --- winsup/cygserver/ChangeLog | 12 ++++++ winsup/cygserver/Makefile.in | 2 +- winsup/cygserver/README | 15 ++----- winsup/cygserver/bsd_helper.cc | 23 +++-------- winsup/cygserver/bsd_mutex.cc | 11 ++--- winsup/cygserver/cygserver.cc | 74 ++++++++++++++-------------------- winsup/cygserver/wincap.cc | 23 ----------- winsup/cygserver/wincap.h | 30 -------------- winsup/cygserver/woutsup.h | 4 +- 9 files changed, 59 insertions(+), 135 deletions(-) delete mode 100644 winsup/cygserver/wincap.cc delete mode 100644 winsup/cygserver/wincap.h diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog index 360685483..eab1b5f8d 100644 --- a/winsup/cygserver/ChangeLog +++ b/winsup/cygserver/ChangeLog @@ -1,3 +1,15 @@ +2007-02-23 Corinna Vinschen + + Throughout remove using wincap. + * Makefile.in (OBJS): Remove wincap.o. + * README: Don't mention 9x. + * bsd_mutex.cc (_mtx_unlock): Drop checking for 9x error codes. + * cygserver.cc (server_submission_loop::request_loop): Add FIXME + comment. + * wincap.cc: Remove. + * wincap.h: Remove. + * woutsup.h: Don't include wincap.h. + 2007-02-22 Corinna Vinschen * Makefile.in (OBJS): Drop transport_sockets.o. diff --git a/winsup/cygserver/Makefile.in b/winsup/cygserver/Makefile.in index 6476fe87e..550f47238 100644 --- a/winsup/cygserver/Makefile.in +++ b/winsup/cygserver/Makefile.in @@ -40,7 +40,7 @@ override CXXFLAGS+=-MMD -DHAVE_DECL_GETOPT=0 -D__OUTSIDE_CYGWIN__ -DSYSCONFDIR=" OBJS:= cygserver.o client.o process.o msg.o sem.o shm.o threaded_queue.o \ transport.o transport_pipes.o \ bsd_helper.o bsd_log.o bsd_mutex.o \ - sysv_msg.o sysv_sem.o sysv_shm.o wincap.o + sysv_msg.o sysv_sem.o sysv_shm.o LIBOBJS:=${patsubst %.o,lib%.o,$(OBJS)} CYGWIN_OBJS:=$(cygwin_build)/smallprint.o $(cygwin_build)/version.o diff --git a/winsup/cygserver/README b/winsup/cygserver/README index 39dcd9f98..279e513eb 100644 --- a/winsup/cygserver/README +++ b/winsup/cygserver/README @@ -93,9 +93,7 @@ Cygserver command line options: -y, --syslog Force logging to the system log. This is the default, if stderr is not - connected to a tty, e. g. redirected to a file. Note, that on 9x/Me - systems the syslog is faked by a file C:\CYGWIN_SYSLOG.TXT. - Configuration file option: kern.log.syslog + connected to a tty, e. g. redirected to a file. -Y, --no-syslog @@ -150,14 +148,9 @@ How to start Cygserver: Due to the wide configurability by changing the configuration file, that's typically not necessary. - On Windows 9x/Me, just start Cygserver in any console window. It's - advisable to redirect stderr to a file of choice (e. g. - /var/log/cygserver.log) and to use the -e and -Y options or the - set the appropriate settings in the configuration file (see below). - - On Windows NT/2000/XP or 2003, you should always run Cygserver as a - service under LocalSystem account. This is the way it is installed - for you by the /usr/bin/cygserver-config script. + It's best practice to run Cygserver as a service under LocalSystem + account. This is the way it is installed for you by the + /usr/bin/cygserver-config script. How to use the Cygserver services: diff --git a/winsup/cygserver/bsd_helper.cc b/winsup/cygserver/bsd_helper.cc index 53ae4a070..022a20cea 100644 --- a/winsup/cygserver/bsd_helper.cc +++ b/winsup/cygserver/bsd_helper.cc @@ -1,6 +1,6 @@ /* bsd_helper.cc - Copyright 2003, 2004, 2005 Red Hat Inc. + Copyright 2003, 2004, 2005, 2007 Red Hat Inc. This file is part of Cygwin. @@ -233,14 +233,11 @@ PSID admininstrator_group_sid; static void init_admin_sid (void) { - if (wincap.has_security ()) - { - SID_IDENTIFIER_AUTHORITY nt_auth = {SECURITY_NT_AUTHORITY}; - if (! AllocateAndInitializeSid (&nt_auth, 2, 32, 544, 0, 0, 0, 0, 0, 0, - &admininstrator_group_sid)) - panic ("failed to create well known sids, error = %lu", - GetLastError ()); - } + SID_IDENTIFIER_AUTHORITY nt_auth = {SECURITY_NT_AUTHORITY}; + if (! AllocateAndInitializeSid (&nt_auth, 2, 32, 544, 0, 0, 0, 0, 0, 0, + &admininstrator_group_sid)) + panic ("failed to create well known sids, error = %lu", + GetLastError ()); } SECURITY_DESCRIPTOR sec_all_nih_sd; @@ -367,10 +364,6 @@ ipcperm (struct thread *td, ipc_perm *perm, unsigned int mode) int suser (struct thread *td) { - /* Always superuser on 9x. */ - if (!wincap.has_security ()) - return 0; - /* This value has been set at ImpersonateNamedPipeClient() time using the token information. See adjust_identity_info() below. */ return td->ipcblk->is_admin ? 0 : EACCES; @@ -385,10 +378,6 @@ adjust_identity_info (struct proc *p) { HANDLE tok; - /* No access tokens on 9x. */ - if (!wincap.has_security ()) - return true; - if (!OpenThreadToken (GetCurrentThread (), TOKEN_READ, TRUE, &tok)) { debug ("Failed to open worker thread access token for pid %d, winpid %d", diff --git a/winsup/cygserver/bsd_mutex.cc b/winsup/cygserver/bsd_mutex.cc index bbd7fd280..5e8e54381 100644 --- a/winsup/cygserver/bsd_mutex.cc +++ b/winsup/cygserver/bsd_mutex.cc @@ -1,6 +1,6 @@ /* bsd_mutex.cc - Copyright 2003, 2004, 2005 Red Hat Inc. + Copyright 2003, 2004, 2005, 2007 Red Hat Inc. This file is part of Cygwin. @@ -83,11 +83,8 @@ _mtx_unlock (mtx *m, const char *file, int line) In that case, m->h is NULL. */ if (m->h && !ReleaseSemaphore (m->h, 1, NULL)) { - /* Check if the semaphore was already on it's max value. In this case, - ReleaseSemaphore returns FALSE with an error code which *sic* depends - on the OS. */ - if ( (!wincap.is_winnt () && GetLastError () != ERROR_INVALID_PARAMETER) - || (wincap.is_winnt () && GetLastError () != ERROR_TOO_MANY_POSTS)) + /* Check if the semaphore was already on it's max value. */ + if (GetLastError () != ERROR_TOO_MANY_POSTS) _panic (file, line, "release of mutex %s failed, %E", m->name); } _log (file, line, LOG_DEBUG, "Unlocked mutex %s/%u (owner: %u)", @@ -112,7 +109,7 @@ win_priority (int priority) { int p = (int)((priority) & PRIO_MASK) - PZERO; /* Generating a valid priority value is a bit tricky. The only valid - values on 9x and NT4 are -15, -2, -1, 0, 1, 2, 15. */ + values on NT4 are -15, -2, -1, 0, 1, 2, 15. */ switch (p) { case -15: case -14: case -13: case -12: case -11: diff --git a/winsup/cygserver/cygserver.cc b/winsup/cygserver/cygserver.cc index a73c5ef95..262734f95 100644 --- a/winsup/cygserver/cygserver.cc +++ b/winsup/cygserver/cygserver.cc @@ -1,6 +1,6 @@ /* cygserver.cc - Copyright 2001, 2002, 2003, 2004, 2005 Red Hat Inc. + Copyright 2001, 2002, 2003, 2004, 2005, 2007 Red Hat Inc. Written by Egor Duda @@ -92,6 +92,12 @@ check_and_dup_handle (HANDLE from_process, HANDLE to_process, { HANDLE local_handle = NULL; int ret_val = EACCES; + char sd_buf [1024]; + PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) &sd_buf; + DWORD bytes_needed; + PRIVILEGE_SET ps; + DWORD ps_len = sizeof (ps); + BOOL status; if (from_process != GetCurrentProcess ()) { @@ -107,42 +113,30 @@ check_and_dup_handle (HANDLE from_process, HANDLE to_process, } else local_handle = from_handle; - if (!wincap.has_security ()) - assert (!from_process_token); - else + if (!GetKernelObjectSecurity (local_handle, + (OWNER_SECURITY_INFORMATION + | GROUP_SECURITY_INFORMATION + | DACL_SECURITY_INFORMATION), + sd, sizeof (sd_buf), &bytes_needed)) { - char sd_buf [1024]; - PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) &sd_buf; - DWORD bytes_needed; - PRIVILEGE_SET ps; - DWORD ps_len = sizeof (ps); - BOOL status; + log (LOG_ERR, "error getting handle SD (%lu)", GetLastError ()); + goto out; + } - if (!GetKernelObjectSecurity (local_handle, - (OWNER_SECURITY_INFORMATION - | GROUP_SECURITY_INFORMATION - | DACL_SECURITY_INFORMATION), - sd, sizeof (sd_buf), &bytes_needed)) - { - log (LOG_ERR, "error getting handle SD (%lu)", GetLastError ()); - goto out; - } + MapGenericMask (&access, &access_mapping); - MapGenericMask (&access, &access_mapping); + if (!AccessCheck (sd, from_process_token, access, &access_mapping, + &ps, &ps_len, &access, &status)) + { + log (LOG_ERR, "error checking access rights (%lu)", + GetLastError ()); + goto out; + } - if (!AccessCheck (sd, from_process_token, access, &access_mapping, - &ps, &ps_len, &access, &status)) - { - log (LOG_ERR, "error checking access rights (%lu)", - GetLastError ()); - goto out; - } - - if (!status) - { - log (LOG_ERR, "access to object denied"); - goto out; - } + if (!status) + { + log (LOG_ERR, "access to object denied"); + goto out; } if (!DuplicateHandle (from_process, from_handle, @@ -176,14 +170,6 @@ client_request_attach_tty::serve (transport_layer_base *const conn, assert (!error_code ()); - if (!wincap.has_security ()) - { - log (LOG_NOTICE, "operation only supported on systems with security"); - error_code (EINVAL); - msglen (0); - return; - } - if (msglen () != sizeof (req)) { log (LOG_ERR, "bad request body length: expecting %lu bytes, got %lu", @@ -382,6 +368,9 @@ server_submission_loop::request_loop () * thread's priority to a level one above that. This fails on * win9x/ME so assume any failure in that call is due to that and * simply call again at one priority level lower. + * FIXME: This looks weird and is an issue on NT, too. Per MSDN, + * THREAD_PRIORITY_HIGHEST + 1 is only a valid priority level if + * the priority class is set to REALTIME_PRIORITY_CLASS. */ if (!SetThreadPriority (GetCurrentThread (), THREAD_PRIORITY_HIGHEST + 1)) if (!SetThreadPriority (GetCurrentThread (), THREAD_PRIORITY_HIGHEST)) @@ -570,7 +559,6 @@ main (const int argc, char *argv[]) int opt; - wincap.init (); securityinit (); opterr = 0; @@ -719,7 +707,7 @@ main (const int argc, char *argv[]) if (support_semaphores == TUN_UNDEF) support_semaphores = TUN_TRUE; - if (wincap.has_security () && !setup_privileges ()) + if (!setup_privileges ()) panic ("Setting process privileges failed."); ipcinit (); diff --git a/winsup/cygserver/wincap.cc b/winsup/cygserver/wincap.cc deleted file mode 100644 index 875415d28..000000000 --- a/winsup/cygserver/wincap.cc +++ /dev/null @@ -1,23 +0,0 @@ -/* wincap.cc -- figure out on which OS we're running. - Lightweight version for Cygserver - - Copyright 2006 Red Hat, Inc. - -This file is part of Cygwin. - -This software is a copyrighted work licensed under the terms of the -Cygwin license. Please consult the file "CYGWIN_LICENSE" for -details. */ - -#include "woutsup.h" - -wincapc wincap; - -void -wincapc::init () -{ - memset (&version, 0, sizeof version); - /* Request simple version info. */ - version.dwOSVersionInfoSize = sizeof (OSVERSIONINFO); - GetVersionEx (&version); -} diff --git a/winsup/cygserver/wincap.h b/winsup/cygserver/wincap.h deleted file mode 100644 index af09cadf8..000000000 --- a/winsup/cygserver/wincap.h +++ /dev/null @@ -1,30 +0,0 @@ -/* wincap.h: Header for OS capability class. - Lightweight version for Cygserver. - - Copyright 2006 Red Hat, Inc. - -This file is part of Cygwin. - -This software is a copyrighted work licensed under the terms of the -Cygwin license. Please consult the file "CYGWIN_LICENSE" for -details. */ - -#ifndef _CYGSERVER_WINCAP_H -#define _CYGSERVER_WINCAP_H - -class wincapc -{ - OSVERSIONINFO version; - -public: - void init (); - - bool is_winnt () const - { return version.dwPlatformId == VER_PLATFORM_WIN32_NT; } - bool has_security () const - { return version.dwPlatformId == VER_PLATFORM_WIN32_NT; } -}; - -extern wincapc wincap; - -#endif /* _CYGSERVER_WINCAP_H */ diff --git a/winsup/cygserver/woutsup.h b/winsup/cygserver/woutsup.h index 39db63997..b262ae2a1 100644 --- a/winsup/cygserver/woutsup.h +++ b/winsup/cygserver/woutsup.h @@ -1,6 +1,6 @@ /* woutsup.h: for Cygwin code compiled outside the DLL (i.e. cygserver). - Copyright 2002, 2003 Red Hat, Inc. + Copyright 2002, 2003, 2007 Red Hat, Inc. This file is part of Cygwin. @@ -40,8 +40,6 @@ details. */ #undef _WINNETWK_H #undef _WINSVC_H -#include "wincap.h" - #include "bsd_helper.h" #include "bsd_log.h" #include "bsd_mutex.h"