Add data members 'reader', 'writer', and 'duplexer' to the
fhandler_fifo class. Set them in fhandler_fifo::open. ('duplexer'
replaces the previous '_duplexer'.)
This will be useful in later commits.
The word "client" suggests something that holds a handle to the client
side of the pipe (in Windows terminology). But our
fifo_client_handlers hold a handle the server side of the pipe, and
they *connect* to clients.
- Add 24 bit color support using xterm compatibility mode in
Windows 10 1703 or later.
- Add fake 24 bit color support for legacy console, which uses
the nearest color from 16 system colors.
Make fhandler_base::clear_readahead virtual, and implement
fhandler_fifo::clear_readahead. This is called by
dtable::fixup_after_exec; it clears the readahead in each client.
If a FIFO is opened with O_RDWR access, create the pipe with
read/write access, and make the first client have the handle of that
pipe as its I/O handle.
Adjust fhandler_fifo::raw_read to account for the result of trying to
read from that client if there's no data.
fhandler_fifo::clone called fhandler_base::clone on each client
fhandler. But those fhandlers are actually fhandler_fifo objects, so
when fhandler_base::clone calls copyto, it's actually
fhandler_fifo::copyto that gets called. This can lead to mysterious
crashes.
Fix this by simply calling clone (which translates to
fhandler_fifo::clone) on each client fhandler.
Add static functions peek_fifo, thread_fifo, start_thread_fifo, and
fifo_cleanup to select.cc. These are based on the corresponding pipe
functions, the main difference being that peek_fifo loops through the
connected clients to see if any of them have data available for
reading.
Add the fhandler_fifo methods select_read, select_write, and
select_except.
Add accessor methods get_nclients, get_handle, and is_connected that
are needed by peek_fifo.
Add a hit_eof method that tries to detect whether any clients are
connected. Before concluding that there are none, it gives the
listen_client thread time to update the client data.
Introduce a 'fifo_client_handler' structure that can be used by a
reader to communicate with a writer using an instance of the named
pipe. An fhandler_fifo opened for reading creates a thread that does
the following:
- maintains a list of fifo_client_handlers
- listens for_clients trying to connect
- creates new pipe instances as needed so that there's always at
least one available for connecting.
The pipe instances are initially created in blocking mode, but they
are set to be non-blocking after a connection is made.
fhandler_fifo::raw_read now loops through the connected clients and
reads from the first one that has data available.
New fhandler_fifo methods: add_client, listen_client,
listen_client_thread, check_listen_client_thread.
Replace the create_pipe method by create_pipe_instance, which allows
unlimited pipe instances.
New helper functions: create_event, set_pipe_non_blocking.
Make fhandler_fifo a derived class of fhandler_base instead of
fhandler_base_overlapped.
Replace the create_pipe macro, which is based on
fhandler_pipe::create, by new create_pipe and open_pipe methods.
These use NT functions instead of Win32 functions. Replace fifo_name
by get_pipe_name, which returns a pointer to a UNICODE_STRING.
Remove the fnevent macro, which would now be needed only once.
Add a raw_write method, adapted from fhandler_base::raw_write.
Adapt all functions to the changes above.
timerfd_tracker and timerfd_shared classes:
- Just because handles are shared, we don't have to store them in
shared memory. Move share handles into timerfd_tracker class.
- Drop shared instance counter since it's not required anymore.
timerfd_shared only stores the actual timer data.
- Drop timerfd_shared::create, just set clock id.
- Drop timerfd_shared::dtor, it's not required anymore.
- Drop timerfd_tracker::close, just call dtor where required.
- Rename timerfd_tracker::increment_instances to timerfd_tracker::dup.
It's the only reason it exists...
- timerfd_tracker::dtor now checks the non-shared pointers for NULL
before attempting to close them.
- timerfd_tracker::dtor handles decrementing the local instance count
by itself.
- Add a method timerfd_tracker::init_fixup_after_fork_exec to set
non-shared pointers to NULL. Together with the dtor patches it
fixes a problem with close_on_exec timerfd descriptors.
- Fix a bug in handling the thread synchronization event. It's
actually nice to create it before using it...
- Drop using sec_none{_nih} in InitializeObjectAttributes. It's
an unnecessary roundabout route just to get a NULL pointer.
- Slightly rework timechange window handling.
- Add more comments to explain what happens.
fhandler_timerfd:
- Drop cnew macro, it just hides what happens.
- fhandler_timerfd::fixup_after_exec now calls
timerfd_tracker::init_fixup_after_fork_exec first, so a subsequent
call to timerfd_tracker::dtor only works on valid handles.
- fhandler_timerfd::close directly calls timerfd_tracker::dtor now.
- Drop dtor call in fhandler_timerfd destructor.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The reopen code neglected to pass along the requested open
mode correctly. This may end up reopening the file with
incorrect access mask, or duplicating the wrong pipe handle.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Using posix timers "timer_tracker" as base class for timerfd was flawed.
Posix timers are not inherited by child processes and don't survive
execve. The method used by posix timers didn't allow to share timers
between processes. The timers were still per-process timers and worked
entirely separate from each other. Reading from these timers via
different descriptors was only synchronized within the same process.
This does not reflect the timerfd semantics in Linux: The per-file
timers can be dup'ed and survive fork and execve. They are still just
descriptors pointing to the same timer object originally created by
timerfd_create. Synchronization is performed between all descriptor
instances of the same timer, system-wide.
Thus, reimplement timerfd using a timer instance in shared memory,
a kernel timer, and a handful of sync objects.
Every process maintains a per-process timerfd struct on the cygheap
maintaining a per-process thread. Every process sharing the same
timerfd will run this thread checking the state of the timer, similar
to the posix timer thread, just working on the shared objects and
synchronizing its job with each other thread.
Drop the timerfd implementation in the posix timer code and move the
public API to fhandler_timerfd.c. Keep the ttstart timer_tracker
anchor out of "NO_COPY" since the fixup_after_fork code should run to
avoid memory leakage.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Linux returns EINVAL, "fd is attached to an object which is unsuitable
for writing". If we don't handle write locally, write returns EBADF.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Puzzeling: Commit ec98d19a08
changed ttstart to NO_COPY but kept all the code to handle
fixup after fork. Revert to not-NO_COPY and make timerfd
fork work.
- On fixup_after_fork, keep timerfd timers and restart thread
if they were armed in the parent.
- Move timerfd timer_trackers to cygheap. Overload timer_tracker
new and delete methods to handle timers accordingly. This is not
exactly required for fork, but exec will be grateful.
- Give up on TFD_TIMER_CANCEL_ON_SET for now. There's no easy way
to recognize a discontinuous change in a clock.
- Be paranoid when cleaning out ttstart.
- Fix some minor issues.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
First cut of a timerfd implementation.
Still TODO:
- fork/exec semantics
- timerfd_settime TFD_TIMER_CANCEL_ON_SET flag
- ioctl(TFD_IOC_SET_TICKS)
- bug fixes
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Allow the signal thread to recognize we're called in consequence of
select on a signalfd. If the signal is part of the wait mask, don't
call any signal handler and don't remove the signal from the queue,
so a subsequent read (or sigwaitinfo/sigtimedwait) still gets the
signal. Instead, just signal the event object at
_cygtls::signalfd_select_wait for the thread running select.
The addition of signalfd_select_wait to _cygtls unearthed the alignment
problem of the context member again. To make sure this doesn't get lost,
improve the related comment in the header file so that this (hopefully)
doesn't get lost (again).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
First cut of a signalfd implementation.
Still TODO: Non-polling select.
This should mostly work as on Linux except for missing support
for some members of struct signalfd_siginfo, namely ssi_fd,
ssi_band (both SIGIO/SIGPOLL, not fully implemented) and ssi_trapno
(HW exception, required HW support).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The new proc fd code accidentally allowed to linkat an O_TMPFILE
even if the file has been opened with O_EXCL. This patch fixes it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
move special fd symlink code into own fhandler_process_fd class
to simplify further additions to /proc/PID/fd/DESCRIPTOR symlink
handling.
Add a method to handle stat(2) on such a proc fd symlink by handle.
This allows correct reply from stat(2) if the target file has been
deleted. This eventually fixes `awk -f /dev/fd/3 3<<eof'.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Along the same lines as the previous patch: By reopening an
O_TMPFILE by handle, we can now move the file to the bin at
open time and thus free'ing up the parent dir and *still*
open the file as /proc/PID/fd/DESCRIPTOR by linkat(2).
Allows expressions along the lines of `cat /proc/self/fd/0 <<EOF'.
The problem here is that the temporary file used for the here script
has already been deleted by the shell. Opening by filename, as
implemented so far, doesn't work because the file has been moved
to the bin.
Allow reopening files by handle the same way from another process
as long as we have sufficient permissions on the foreign process.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The fhandler_base_overlapped::copyto clears atomic_write_buf on the
clone, but none of the derived classes were doing this. This allowed
the destructor to double-free the buffer and corrupt cygheap.
Clear atomic_write_buf in copyto of all derived classes.
This code is where the AIO implementation is wired into existing Cygwin
mechanisms for file and device I/O: the fhandler* functions. It makes
use of an existing internal routine prw_open to supply a "shadow fd"
that permits asynchronous operations on a file the user app accesses
via its own fd. This allows AIO to read or write at arbitrary locations
within a file without disturbing the app's file pointer. (This was
already the case with normal pread|pwrite; we're just adding "async"
to the mix.)
* fhandler.h (class fhandler_socket_inet): Add variable bool oobinline.
* fhandler_socket_inet.cc (fhandler_socket_inet::fhandler_socket_inet):
Initialize variable oobinline.
(fhandler_socket_inet::recv_internal): Make the handling of OOB data
as consistent with POSIX as possible. Add simulation of inline mode
for OOB data as a workaround for broken winsock behavior.
(fhandler_socket_inet::setsockopt): Ditto.
(fhandler_socket_inet::getsockopt): Ditto.
(fhandler_socket_wsock::ioctl): Fix return value of SIOCATMARK command.
The return value of SIOCATMARK of winsock is almost opposite to
expectation.
* fhandler_socket_local.cc (fhandler_socket_local::recv_internal):
Remove the handling of OOB data from AF_LOCAL domain socket. Operation
related to OOB data will result in an error like Linux does.
(fhandler_socket_local::sendto): Ditto.
(fhandler_socket_local::sendmsg): Ditto.
This fixes the issue reported in following post.
https://cygwin.com/ml/cygwin/2018-06/msg00143.html
* Change set_socket_type/get_socket_type to virtual methods
* Move various variables into af_unix_shmem_t
* Change sun_name_t to match new usage pattern
* Move shut_state definition and add a name for the 0 value
* Allow marking packet as administrative packet. This allows
filtering out info packets exchange between peers and tweak
data accordingly.
* Rename send_my_name to send_sock_info and send credentials
if not called from bind (so the socket was already connected)
* Handle SO_PASSCRED in setsockopt/getsockopt
* Add input size checking to setsockopt/getsockopt
* Use NT functions where appropriate
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
We need to share socket info between threads *and* processes.
SRWLOCKs are single-process only, unfortunately. Provide a
sharable low-profile spinlock instead.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
E.g. arm ABI requires -fshort-enums for bare-metal toolchains.
Given there are only 29 category enums, the compiler chooses an
8 bit enum type, so a size of 11 bits for the bitfield leads to
a compile time error:
error: width of 'cat' exceeds its type
enum category cat: 11;
^~~
Fix this by aligning the size of the category members to byte
borders.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Per-socket info in fhandler isn't correctly shared between multiple
instances of th same descriptor. Implement a basic shared info which
is shared between all instances of a socket.
This also requires to move the fhandler_socket status bits into
fhandler_socket_wsock since the data is moved to the shared region
for AF_UNIX sockets.
Also, drop backing file requirement for socketpair server socket.
This will be handled differently in recvmsg/sendmsg.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Using TerminateThread potentially leaks resources. In our case,
the connect wait thread may be forcefully terminated after
having successfully opened a client side pipe handle. If this
occurs, we have a stale pipe server instance, so the pipe will
never be closed as long as the process lives.
Avoid this by changing the npfs handle to non-blocking, so we can
wait on a termination event object from inside the thread itself
and cleanly exit from the thread instead of terminating.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The handle to the device is never needed. As the name impies,
FSCTL_PIPE_WAIT works on the file system, not on the device level.
Drop opening the device and make sure to open only one handle to NPFS.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
They are only used there anyway and it allows to use the AF_UNIX
macro without tweaking header files. While at it, improve
both constructors. The default constructor now creates the name
of an unnamed socket, the constructor taking parameters carefully
checks its input.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
...plus lots of helper functions. Add comment to explain how everything
works. This comment will be improved while implementing the yet missing
parts.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add constructors and new/delete operators to make sure sun_name_t
objects are allocated on the cygheap.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
fhandler_cygdrive has a size of 696 bytes on x86_64, while the next
biggest fhandler type, fhandler_pty_master, is 584 bytes. The members
responsible for the size are private to opendir/readdir/closedir usage.
fhandler_disk_file stores private readdir data in DIR->__d_internal
instead. Use equivalent method with fhandler_cygdrive. This drops
the size to 464 bytes.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* Make distinct from AF_LOCAL for testing purposes. This will have
to be reverted as soon as fhandler_socket_unix goes life.
* Move saw_reuseaddr flag back to fhandler_socket status
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Insert another class fhandler_socket_wsock between fhandler_socket
and fhandler_socket_inet/fhandler_socket_local.
Also, add a new method fhandler::is_wsock_socket to allow asking
for sockets in general (is_socket) vs. Winsock-based sockets
(is_wsock_socket).
This allows to develop a new handler_socket_unix class as derived
class from fhandler_socket without any trace of wsock code left
in fhandler_socket.
While this is basically a temporary measure at this time, it may
prove useful for later interoperability with the upcoming Windows 10
AF_UNIX implementation at one point.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
First cut, still incomplete
* fhandler_socket is now base class for other socket classes
* fhandler_socket_inet handles AF_INET and AF_INET6 sockets
* fhandler_socket_local handles AF_LOCAL/AF_UNIX sockets
* finally get rid of fdsock by using set_socket_handle in accept4
* align file-related calls (fstat, fstatvfs, fchown, fchmod, facl)
to Linux.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add fhandler_socket::socket method
Add fhandler_socket::set_socket_handle method, basically duplicating
what fdsock is doing. This is the first step in getting rid of fdsock.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Windows does not remove FILE_ATTRIBUTE_TEMPORARY by itself after a
file has been closed. It's just some attribute which can be set or
removed at will, despite its purpose.
Apparently there are tools out there which use FILE_ATTRIBUTE_TEMPORARY
accidentally or wrongly, even Microsoft's own tools are affected. In
the end, the filesystem is potentially full of files with this attribute
set.
Implement O_TMPFILE files with FILE_ATTRIBUTE_TEMPORARY and
FILE_ATTRIBUTE_HIDDEN set. This combination is pretty unlikely.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Windows NUL device returns only the lower 32 bit of the number of
bytes written. Implement a fake write function to ignore the underlying
NUL device.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The termios code doesn't handle erasing of multibyte characters
in canonical mode, it always erases a single byte. When entering
a multibyte character and then pressing VERASE, the input ends up
with an invalid character.
Following Linux we introduce the IUTF8 input flag now, set by
default. When this flag is set, VERASE or VWERASE will check
if the just erased input byte is a UTF-8 continuation byte. If
so, it erases another byte and checks again until the entire
UTF-8 character has been removed from the input buffer.
Note that this (just as on Linux) does NOT work with arbitrary
multibyte codesets. This only works with UTF-8.
For a discussion what happens, see
https://cygwin.com/ml/cygwin/2017-01/msg00299.html
Sidenote: The eat_readahead function is now member of fhandler_termios,
not fhandler_base. That's necessary to get access to the terminal's
termios flags.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Remove charset parameter from low level __foo_wctomb/__foo_mbtowc calls.
- Instead, create array of function for ISO and Windows codepages to point
to function which does not require to evaluate the charset string on
each call. Create matching helper functions. I.e., __iso_wctomb,
__iso_mbtowc, __cp_wctomb and __cp_mbtowc are functions returning the
right function pointer now.
- Create __WCTOMB/__MBTOWC macros utilizing per-reent locale and replace
calls to __wctomb/__mbtowc with calls to __WCTOMB/__MBTOWC.
- Drop global __wctomb/__mbtowc vars.
- Utilize aforementioned changes in Cygwin to get rid of charset in other,
calling functions and simplify the code.
- In Cygwin restrict global cygheap locale info to the job performed
by internal_setlocale. Use UTF-8 instead of ASCII on the fly in
internal conversion functions.
- In Cygwin dll_entry, make sure to initialize a TLS area with a NULL
_REENT->_locale pointer. Add comment to explain why.
Signed-off by: Corinna Vinschen <corinna@vinschen.de>
SIGTTIN should be raised when read() is made on a tty in a backgrounded
process, but not when it's tested with poll()/select().
I guess poll()/select() does need to call bg_check(), in order to detect the
error conditions that notices (that is, if bg_check() returns bg_eof or
bg_error, then fd is ready as an error condition exists) so add an optional
parameter to fhandler_base::bg_select() to indicate that signals aren't
desired.
See https://cygwin.com/ml/cygwin-developers/2016-07/msg00004.html
Revamp device parsing code. Introducing support for more partitions
into the shilka-generated parser has the unfortunate side-effect of
raising the size of the DLL by almost 2 Megs. Therefore we split out
the handling for /dev/sdXY devices into a tiny bit of hand-written
code.
While at it, remove some unused cruft from devices.* and generally
clean up the device class to provide access methods instead of direct
access to members.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.
Everything else stays under GPLv3+.
New Linking Exception exempts resulting executables from LGPLv3 section 4.
Add CONTRIBUTORS file to keep track of licensing.
Remove 'Copyright Red Hat Inc' comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Throughout mmap, size-related variables and parameters are still using
DWORD as type, which disallows mapping ranges > 4Gigs. Fix this by
using SIZE_T throughout for those vars and parameters.
Also, drop unused off parameter from 1st variant of mmap_record::map_pages.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In 7346568 (Make requested console reports work, 2016-03-16), code was
introduced to report the current cursor position. It works by using a
pointer that either points to the next byte in the readahead buffer, or
to a NUL byte if the buffer is depleted, or the pointer is NULL.
These conditions are heeded in the fhandler_console::read() method, but
the condition that the pointer can point at the end of the readahead
buffer was not handled properly in the get_cons_readahead_valid()
method.
This poses a problem e.g. in Git for Windows (which uses a slightly
modified MSYS2 runtime which is in turn a slightly modified Cygwin
runtime) when vim queries the cursor position and immediately goes on to
read console input, erroneously thinking that the readahead buffer is
valid when it is already depleted instead. This condition results in an
apparent freeze that can be helped only by pressing keys repeatedly.
The full Git for Windows bug report is here:
https://github.com/git-for-windows/git/issues/711
Let's just teach the get_cons_readahead_valid() method to handle a
depleted readahead buffer correctly.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* fhandler.h (fhandler_console): Move get_nonascii_key() from
select.c into this class.
* select.cc (peek_console): Move get_nonascii_key() into
fhandler_console class.
* Makefile.in (DLL_OFILES): Add sec_posixacl.o.
(SUBLIBS): Add libacl.a
(libacl.a): New rule to create libacl.a.
* common.din: Export POSIX ACL functions as well as most libacl.a
extensions.
* fhandler.h (fhander_base::acl_get): New prototype.
(fhander_base::acl_set): Ditto.
(fhandler_disk_file::acl_get): Ditto.
(fhandler_disk_file::acl_set): Ditto.
* include/acl/libacl.h: New file.
* include/cygwin/version.h: Bump API minor version.
* include/sys/acl.h: Drop including cygwin/acl.h. Accommodate
throughout Cygwin. Add POSIX ACL definitions.
* sec_acl.cc: Include sec_posixacl.h. Replace ILLEGAL_UID and
ILLEGAL_GID with ACL_UNDEFINED_ID where sensible.
(__aclcheck): New internal acl check function to be used for
Solaris and POSIX ACLs.
(aclcheck32): Call __aclcheck.
(__aclcalcmask): New function to compute ACL_MASK value.
(__aclsort): New internal acl sort function to be used for Solaris
and POSIX ACLs.
(aclsort32): Call __aclsort.
(permtostr): Work directly on provided buffer.
(__acltotext): New internal acltotext function to be used for
Solaris and POSIX ACLs.
(acltotext32): Call __acltotext.
(__aclfromtext): New internal aclfromtext function to be used for
Solaris and POSIX ACLs.
(aclfromtext32): Call __aclfromtext.
* sec_posixacl.cc: New file implemeting POSIX ACL functions.
* sec_posixacl.h: New internal header.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (fhandler_base::get_plain_ino): New inline method.
Add comment to explain what it's supposed to be used for.
* fhandler_socket.cc (fhandler_socket::get_proc_fd_name): Create
filename using inode number.
(fhandler_socket::fstat): Generate inode number from filename if
ino is not set (that's the case in a stat(2) call).
* pipe.cc: Throughout, use get_plain_ino when appropriate.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (class fhandler_base): Convert unique_id to int64_t.
(fhandler_base::set_ino): New protected inline method.
(fhandler_base::get_unique_id): Convert to int64_t.
(fhandler_base::set_unique_id): New inline method taking int64_t.
(fhandler_pipe::fstat): Declare.
(fhandler_pipe::init): Take extra parameter.
(fhandler_pipe::create): Ditto.
* fhandler_socket.cc (fhandler_socket::init_events): Set inode number
to serial number.
(fhandler_socket::fstat): Set device to DEV_TCP_MAJOR. Create st_ino
from get_ino.
* include/cygwin/signal.h (struct _sigcommune): Replace
_si_pipe_fhandler with _si_pipe_unique_id.
* pinfo.h (_pinfo::pipe_fhandler): Take unique id instead of HANDLE.
* pinfo.cc (commune_process): Accommodate change to _si_pipe_unique_id.
(_pinfo::commune_request): Ditto.
(_pinfo::pipe_fhandler): Ditto.
* pipe.cc (fhandler_pipe::init): Take unique id as argument and set
inode number and unique_id from there.
(fhandler_pipe::open): Rework to find any matching pipe from unique
id in filename.
(fhandler_pipe::get_proc_fd_name): Create filename using inode number.
(fhandler_pipe::create): Generate and return unique id from process pid
and pipe_unique_id. In outer method, call init with additional unique
id as parameter.
(fhandler_pipe::fstat): New method.
(pipe_worker): Accommodate using 64 bit inode number in filename.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* path.h (class path_conv_handle): Use FILE_ALL_INFORMATION instead of
FILE_NETWORK_OPEN_INFORMATION. Use definitions from ntdll.h since it's
included anyway.
(path_conv_handle::fai): Change name from fnoi.
(path_conv::fai): Ditto.
(file_get_fai): Change name from file_get_fnoi. Drop second parameter.
* path.cc (file_get_fai): Ditto. Fetch FileAllInformation rather than
FileNetworkOpenInformation. Convert STATUS_BUFFER_OVERFLOW to
STATUS_SUCCESS. Remove workaround to fetch FileBasicInformation and
FileStandardInformation on filesystems with broken
FileNetworkOpenInformation handling.
(symlink_info::check): Accommodate above changes. In case of using
the NtQueryDirectoryFile fallback, fetch FileIdBothDirectoryInformation
to get inode number as well.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Drop outdated
comment. Accommodate change to using FileAllInformation. Drop
extra function calls to fetch NumberOfLinks and IndexNumber. Set ino
directly from IndexNumber stored in pc.fai(). Drop second argument
from call to fstat_helper.
(fhandler_base::fstat_by_name): Drop second argument from call to
fstat_helper.
(fhandler_base::fstat_helper): Drop second parameter. Accommodate
the fact that we access a FILE_ALL_INFORMATION structure now.
(fhandler_base::open_fs): Set ino directly from IndexNumber stored in
pc.fai().
* fhandler.h (fhandler_base::fstat_helper): Fix declaration accrdingly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- New, unified implementation of POSIX permission and ACL handling. The
new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
they allow to inherit the S_ISGID bit. ACL inheritance now really
works as desired, in a limited, but theoretically equivalent fashion
even for non-Cygwin processes.
To accommodate Windows default ACLs, the new code ignores SYSTEM and
Administrators group permissions when computing the MASK/CLASS_OBJ
permission mask on old ACLs, and it doesn't deny access to SYSTEM and
Administrators group based on the value of MASK/CLASS_OBJ when
creating the new ACLs.
The new code now handles the S_ISGID bit on directories as on Linux:
Setting S_ISGID on a directory causes new files and subdirs created
within to inherit its group, rather than the primary group of the user
who created the file. This only works for files and directories
created by Cygwin processes.
2015-05-29 Corinna Vinschen <corinna@vinschen.de>
Reapply POSIX ACL changes.
* utils.xml (setfacl): Show new option output.
(getfacl): Show new option output.
* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
Apply umask, if so. Align comments.
* security.cc (set_created_file_access): Fix permission masking by
incoming requested file mode.
* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
for SYSTEM and Admins group.
* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
* fhandler.h (fhandler_pty_slave::facl): Add prototype.
* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
(fhandler_pty_slave::fchown): Fix uid/gid handling.
* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
Simplify and move around code in a few places. To improve ACL
readability, add r/w permissions to Admins ACE appended to pty ACL.
Add comment to explain Windows ACE Mask filtering being in the way of
creating a real CLASS_OBJ.
(get_posix_access): Fake CLASS_OBJ for ptys. Explain why.
* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
when calling get_posix_access.
* sec_acl.cc (set_posix_access): Move merging group perms into owner
perms in case of owner == group after mask has been computed. Take
mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
the ACCESS_ALLOWED_ACE.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment
to explain why.
* security.cc (set_created_file_access): Ditto.
* sec_acl.cc (set_posix_access): Replace previous patch. Return
EINVAL if uid and/or guid is invalid and not backed by an actual
Windows account.
* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.
* sec_acl.cc (set_posix_access): Handle files with owner == group.
Rephrase switch statement checking against unfiltered a_type value.
(get_posix_access): Handle files with owner == group.
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
CLASS_OBJ mask on old-style ACLs. Fix a comment.
* sec_acl.cc (set_posix_access): Always make sure Admins have
WRITE_DAC and WRITE_OWNER permissions.
* security.h (create_object_sd_from_attribute): Drop handle parameter
from prototype.
* security.cc (create_object_sd_from_attribute): Drop handle parameter.
Just create the standard POSIXy security descriptor.
(set_object_attribute): Accommodate dropped paramter in call to
create_object_sd_from_attribute.
* fhandler_tty.cc: Ditto, throughout.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
mask computation.
* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
not umasked.
(fhandler_base::open): Explicitely umask mode on NFS here. Call new
set_created_file_access rather than set_file_attribute.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
setting permissions on filesystems supporting ACLs using the new
set_posix_access call.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::mkdir): Call new set_created_file_access rather
than set_file_attribute.
* fhandler_socket.cc (fhandler_socket::bind): Don't umask here. Add
WRITE_OWNER access to allow writing group in case of SGID bit set.
Call new set_created_file_access rather than set_file_attribute.
* path.cc (symlink_worker): Call new set_created_file_access rather
than set_file_attribute.
* sec_acl.cc (searchace): Un-staticize.
(set_posix_access): New, complementary functionality to
get_posix_access.
(setacl): Implement in terms of get_posix_access/set_posix_access.
(get_posix_access): Add handling for just created files requiring
their first Cygwin ACL. Fix new_style recognition. Handle SGID
bit. For old-style ACLs, ignore SYSTEM and Administrators when
computing the {DEF_}CLASS_OBJ perms.
* security.cc (get_file_sd): Revamp comment. Change and (hopefully)
speed up inheritance processing for just created files.
(alloc_sd): Remove.
(set_security_attribute): Call set_posix_access instead of alloc_sd.
(get_object_attribute): Fix return value.
(create_object_sd_from_attribute): Call set_posix_access instead of
alloc_sd.
(set_file_attribute): Remove.
(set_created_file_access): New function implemented in terms of
get_posix_access/set_posix_access.
* security.h (set_file_attribute): Remove prototype.
(set_created_file_access): Add prototype.
(searchace): Ditto.
(set_posix_access): Ditto.
* syscalls.cc (open): Call open_with_arch with mode not umasked.
* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
Describe how to generate deny ACEs in more detail. Accommodate the
fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
a special Cygwin ACE. Improve further comments.
(CYG_ACE_NEW_STYLE): Define.
(get_posix_access): Change from Cygwin ACE to NULL deny ACE. Fix
CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
NULL deny ACE if the inheritance flags say so.
* sec_helper.cc (well_known_cygwin_sid): Remove.
* security.h (well_known_cygwin_sid): Drop declaration.
* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
(get_posix_access): Rename index variable from i to idx. Define only
once at top level.
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
Accommodate throughout.
(add_access_denied_ace): Ditto.
* sec_acl.cc: Accommodate above change throughout.
* security.h (add_access_allowed_ace): Adjust prototype to above change.
(add_access_denied_ace): Ditto.
* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
owner and primary group of the file. Handle the default primary
group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
set. Add comments. Minor code rearrangements.
Preliminary read side implementation of new permission handling.
* acl.h (MAX_ACL_ENTRIES): Raise to 2730. Add comment to explain.
* sec_acl.cc: Add leading comment to explain new ACL style.
Add definitions and macros to use for bits in new Cygwin ACL.
(DENY_RWX): New mask value for all temporary deny bits.
(getace): Add bool parameter to decide when leaving all bits intact,
rather than filtering them per the already set bits.
(get_posix_access): New function, taking over functionality to read
POSIX ACL from SECURITY_DESCRIPTOR.
(getacl): Just call get_posix_access.
* sec_helper.cc (well_known_cygwin_sid): Define.
* security.cc (get_attribute_from_acl): Remove.
(get_info_from_sd): Remove.
(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
(get_file_attribute): Ditto.
(get_object_attribute): Ditto.
* security.h (well_known_cygwin_sid): Declare.
(get_posix_access): Add prototype.
* Throughout, use simpler ACE macros from Windows' accctrl.h.
* getfacl.c (main): Special-case SYSTEM and Admins group. Add comments.
* setfacl.c: Align more to Linux tool.
(delacl): New function to delete acl entries only.
(modacl): Drop delete functionality. Add handling of recomputing the
mask and default mask values.
(delallacl): Rename from delacl.
(setfacl): Call delacl in Delete case. Call delallacl in DeleteAll
and DeleteDef case.
(usage): Accommodate new options. Rearrange and rephrase slightly.
(longopts): Emit 'x' in --delete case. Add --no-mask and --mask
options.
(opts): Add -x and -n options.
(main): Handle -d and -x the same. Handle -n and --mask options.
Drop handling for -r option.
* getfacl.c (usage): Align more closely to Linux version. Add new
options -c, -e, -E. Change formatting to accommodate longer options.
(longopts): Rename --noname to --numeric. Keep --noname for backward
compatibility. Add --omit-header, --all-effective and --no-effective
options.
(opts): Add -c, -e and -E option.
(main): Handle new -c, -e, and -E options.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler.cc (fhandler_base_overlapped::raw_write): When performing
nonblocking I/O, copy user space data into own buffer. Add longish
comment to explain why.
* fhandler.h (fhandler_base_overlapped::atomic_write_buf): New member.
(fhandler_base_overlapped::fhandler_base_overlapped): Initialize
atomic_write_buf.
(fhandler_base_overlapped::fhandler_base_overlapped): New destructor,
free'ing atomic_write_buf.
(fhandler_base_overlapped::copyto): Set atomic_write_buf to NULL in
copied fhandler.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (class fhandler_base): Add virtual function
get_io_handle_cyg() to get handle from which OPOST-processed output is
read on PTY master.
(class fhandler_pty_slave): Add variable output_handle_cyg to store a
handle to which OPOST-processed output is written. Add two functions,
i.e., set_output_handle_cyg() and get_output_handle_cyg(), regarding
variable output_handle_cyg. Now, output_handle is used only by native
windows program. The data before OPOST-processing is written to
output_handle and OPOST-processing is applied in the master-side. For a
cygwin process, OPOST-processing is applied in the slave-side, and the
data after OPOST-processing is written to output_handle_cyg.
(class fhandler_pty_master): Add two variables, i.e., io_handle_cyg and
to_master_cyg, to store handles of a pipe through which OPOST-processed
output passes. Add pty_master_fwd_thread and function
pty_master_fwd_thread() for a thread which applies OPOST-processing
and forwards data from io_handle to to_master_cyg. Add function
get_io_handle_cyg() regarding variable io_handle_cyg. Now, the pipe
between io_handle and to_master are used only by native windows program
for applying OPOST-processing in the master-side. For a cygwin process,
the pipe between io_handle_cyg and to_master_cyg is used for passing
through the data which is applied OPOST-processing in the slave-side.
* fhandler_tty.cc (struct pipe_reply): Add member to_master_cyg.
(fhandler_pty_master::process_slave_output): Read slave output from
io_handle_cyg rather than io_handle.
(fhandler_pty_slave::fhandler_pty_salve): Initialize output_handle_cyg.
(fhandler_pty_slave::open): Set output_handle_cyg by duplicating handle
to_master_cyg on PTY master.
(fhandler_pty_slave::close): Close handle output_handle_cyg.
(fhandler_pty_slave::write): Write data to output_handle_cyg rather
than output_handle.
(fhandler_pty_slave::fch_close_handles): Close handle output_handle_cyg.
(fhandler_pty_master::fhandler_pty_master): Initialize io_handle_cyg,
to_master_cyg and master_fwd_thread.
(fhandler_pty_master::cleanup): Clean up to_master_cyg as well.
(fhandler_pty_master::close): Print to_master_cyg as well in debug
message. Terminate master forwarding thread. Close handles
to_master_cyg and io_handle_cyg.
(fhandler_pty_master::ioctl): Use io_handle_cyg rather than to_master.
(fhandler_pty_master::pty_master_thread): Add code for duplicating
handle to_master_cyg.
(fhandler_pty_master::pty_master_fwd_thread): New function for a thread
to forward OPOST-processed data from io_handle to to_master_cyg. This
thread applies OPOST-processing to the output of native windows program.
(::pty_master_fwd_thread): Ditto.
(fhandler_pty_master::setup): Create a new pipe to pass thruegh OPOST-
processed output. Create new thread to forward data from io_handle to
to_master_cyg. Set handle to_master_cyg to tty. Print io_handle_cyg as
well in debug message. Close handles io_handle_cyg and to_master_cyg in
case of error.
(fhandler_pty_master::fixup_after_fork): Set handle to_master_cyg to
tty. Copy handle to_master_cyg from arch->to_master_cyg.
(fhandler_pty_master::fixup_after_exec): Clean up to_master_cyg.
* select.cc: Check handle returned by get_io_handle_cyg() rather than
get_handle().
* tty.h (class tty): Add variable _to_master_cyg to store a handle to
which OPOST-processed data is written. Add two functions,
to_master_cyg() and set_to_master_cyg(), regarding _to_master_cyg.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* tty.h (class tty_min): Remove variable "write_error" to which any
errors are not currently set at anywhere.
(class tty): Add variable "column" for handling ONOCR.
* tty.cc (tty::init): Add initialization code for variable "column".
* fhandler.h (class fhandler_pty_master): Remove variable "need_nl"
which is not necessary any more. "need_nl" was needed by OPOST process
in fhandler_pty_master::process_slave_output().
(class fhandler_pty_common): Add function process_opost_output() for
handling post processing for OPOST in write process.
* fhandler_tty.cc (fhandler_pty_master::process_slave_output): Count
TIOCPKT control byte into length to be read in TIOCPKT mode. Move
post processing for OPOST to write process. Remove code related to
variable "write_error". Return with EIO error if slave is already
closed.
(fhandler_pty_master::fhandler_pty_master): Remove initialization
code for variable "need_nl".
(fhandler_pty_common::process_opost_output): Add this function for
handling of OPOST in write process. Add code to avoid blocking in
non-blocking mode when output is suspended by ^S.
(fhandler_pty_slave::write): Call fhandler_pty_common::
process_opost_output() instead of WriteFile(). Remove code related to
variable "write_error".
(fhandler_pty_master::doecho): Call fhandler_pty_common::
process_opost_output() instead of WriteFile().
* select.cc (peek_pipe): Remove code related to variable "need_nl".
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
(class fhandler_pty_master): Add echo_r and echo_w handles constituting
read and write side of new echo pipe.
* select.cc (peek_pipe): On pty masters, check additionally if input
from the echo pipe is available.
* fhandler_tty.cc (fhandler_pty_master::doecho): Drop output_mutex
locking. Write output to echo pipe.
(fhandler_pty_master::process_slave_output): Check if input is available
in echo pipe and prefer to read from it, if so.
(fhandler_pty_slave::write): Drop output_mutex locking.
(fhandler_pty_master::fhandler_pty_master): Initialize echo pipe
handles to NULL.
(fhandler_pty_master::close): Close and NULL echo pipe handles.
(fhandler_pty_master::setup): Create echo pipe, close in case of error.
* fhandler.cc (fhandler_base::set_flags): Set was_nonblocking if the
O_NONBLOCK flag has been specified.
(fhandler_base_overlapped::close): Check for was_nonblocking instead
of for is_nonblocking. Explain why.
(fhandler_base::set_nonblocking): Set was_nonblocking if noblocking
mode gets enabled.
suffix and make private. Rename normalized_path to posix_path and
make privtae. Accommodate name changes throughout in path_conv
methods.
(path_conv::known_suffix): New method. Use throughout instead of
accessing suffix directly.
(path_conv::get_win32): Constify.
(path_conv::get_posix): New method to read posix_path. Use throughout
instead of accessing normalized_path directly.
(path_conv::set_posix): Rename from set_normalized_path. Accommodate
name change throughout.
* spawn.cc (find_exec): Return POSIX path, not Win32 path.