4
0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-01-25 16:47:20 +08:00

933 Commits

Author SHA1 Message Date
Corinna Vinschen
bc444e5aa4 Reapply POSIX ACL changes.
- New, unified implementation of POSIX permission and ACL handling.  The
    new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
    they allow to inherit the S_ISGID bit.  ACL inheritance now really
    works as desired, in a limited, but theoretically equivalent fashion
    even for non-Cygwin processes.

    To accommodate Windows default ACLs, the new code ignores SYSTEM and
    Administrators group permissions when computing the MASK/CLASS_OBJ
    permission mask on old ACLs, and it doesn't deny access to SYSTEM and
    Administrators group based on the value of MASK/CLASS_OBJ when
    creating the new ACLs.

    The new code now handles the S_ISGID bit on directories as on Linux:
    Setting S_ISGID on a directory causes new files and subdirs created
    within to inherit its group, rather than the primary group of the user
    who created the file.  This only works for files and directories
    created by Cygwin processes.

2015-05-29  Corinna Vinschen  <corinna@vinschen.de>

	Reapply POSIX ACL changes.

	* utils.xml (setfacl): Show new option output.
	(getfacl): Show new option output.

	* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
	Apply umask, if so.  Align comments.
	* security.cc (set_created_file_access): Fix permission masking by
	incoming requested file mode.

	* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
	for SYSTEM and Admins group.

	* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
	GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.

	* fhandler.h (fhandler_pty_slave::facl): Add prototype.
	* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
	(fhandler_pty_slave::fchown): Fix uid/gid handling.
	* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
	Simplify and move around code in a few places.  To improve ACL
	readability, add r/w permissions to Admins ACE appended to pty ACL.
	Add comment to explain Windows ACE Mask filtering being in the way of
	creating a real CLASS_OBJ.
	(get_posix_access): Fake CLASS_OBJ for ptys.  Explain why.
	* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
	when calling get_posix_access.

	* sec_acl.cc (set_posix_access): Move merging group perms into owner
	perms in case of owner == group after mask has been computed.  Take
	mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.

	* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
	the ACCESS_ALLOWED_ACE.

	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
	set GROUP_OBJ and CLASS_OBJ perms to new group perms.  Add comment
	to explain why.
	* security.cc (set_created_file_access): Ditto.

	* sec_acl.cc (set_posix_access): Replace previous patch.  Return
	EINVAL if uid and/or guid is invalid and not backed by an actual
	Windows account.

	* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.

	* sec_acl.cc (set_posix_access): Handle files with owner == group.
	Rephrase switch statement checking against unfiltered a_type value.
	(get_posix_access): Handle files with owner == group.

	* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
	CLASS_OBJ mask on old-style ACLs.  Fix a comment.

	* sec_acl.cc (set_posix_access): Always make sure Admins have
	WRITE_DAC and WRITE_OWNER permissions.
	* security.h (create_object_sd_from_attribute): Drop handle parameter
	from prototype.
	* security.cc (create_object_sd_from_attribute): Drop handle parameter.
	Just create the standard POSIXy security descriptor.
	(set_object_attribute): Accommodate dropped paramter in call to
	create_object_sd_from_attribute.
	* fhandler_tty.cc: Ditto, throughout.

	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
	mask computation.

	* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
	not umasked.
	(fhandler_base::open): Explicitely umask mode on NFS here.  Call new
	set_created_file_access rather than set_file_attribute.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
	setting permissions on filesystems supporting ACLs using the new
	set_posix_access call.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::mkdir): Call new set_created_file_access rather
	than set_file_attribute.
	* fhandler_socket.cc (fhandler_socket::bind): Don't umask here.  Add
	WRITE_OWNER access to allow writing group in case of SGID bit set.
	Call new set_created_file_access rather than set_file_attribute.
	* path.cc (symlink_worker): Call new set_created_file_access rather
	than set_file_attribute.
	* sec_acl.cc (searchace): Un-staticize.
	(set_posix_access): New, complementary functionality to
	get_posix_access.
	(setacl): Implement in terms of get_posix_access/set_posix_access.
	(get_posix_access): Add handling for just created files requiring
	their first Cygwin ACL.  Fix new_style recognition.  Handle SGID
	bit.  For old-style ACLs, ignore SYSTEM and Administrators when
	computing the {DEF_}CLASS_OBJ perms.
	* security.cc (get_file_sd): Revamp comment.  Change and (hopefully)
	speed up inheritance processing for just created files.
	(alloc_sd): Remove.
	(set_security_attribute): Call set_posix_access instead of alloc_sd.
	(get_object_attribute): Fix return value.
	(create_object_sd_from_attribute): Call set_posix_access instead of
	alloc_sd.
	(set_file_attribute): Remove.
	(set_created_file_access): New function implemented in terms of
	get_posix_access/set_posix_access.
	* security.h (set_file_attribute): Remove prototype.
	(set_created_file_access): Add prototype.
	(searchace): Ditto.
	(set_posix_access): Ditto.
	* syscalls.cc (open): Call open_with_arch with mode not umasked.

	* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
	Describe how to generate deny ACEs in more detail.  Accommodate the
	fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
	a special Cygwin ACE.  Improve further comments.
	(CYG_ACE_NEW_STYLE): Define.
	(get_posix_access): Change from Cygwin ACE to NULL deny ACE.  Fix
	CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
	NULL deny ACE if the inheritance flags say so.
	* sec_helper.cc (well_known_cygwin_sid): Remove.
	* security.h (well_known_cygwin_sid): Drop declaration.

	* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
	(get_posix_access): Rename index variable from i to idx.  Define only
	once at top level.

	* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
	Accommodate throughout.
	(add_access_denied_ace): Ditto.
	* sec_acl.cc: Accommodate above change throughout.
	* security.h (add_access_allowed_ace): Adjust prototype to above change.
	(add_access_denied_ace): Ditto.

	* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
	owner and primary group of the file.  Handle the default primary
	group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
	set.  Add comments.  Minor code rearrangements.

	Preliminary read side implementation of new permission handling.
	* acl.h (MAX_ACL_ENTRIES): Raise to 2730.  Add comment to explain.
	* sec_acl.cc:  Add leading comment to explain new ACL style.
	Add definitions and macros to use for bits in new Cygwin ACL.
	(DENY_RWX): New mask value for all temporary deny bits.
	(getace): Add bool parameter to decide when leaving all bits intact,
	rather than filtering them per the already set bits.
	(get_posix_access): New function, taking over functionality to read
	POSIX ACL from SECURITY_DESCRIPTOR.
	(getacl): Just call get_posix_access.
	* sec_helper.cc (well_known_cygwin_sid): Define.
	* security.cc (get_attribute_from_acl): Remove.
	(get_info_from_sd): Remove.
	(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
	(get_file_attribute): Ditto.
	(get_object_attribute): Ditto.
	* security.h (well_known_cygwin_sid): Declare.
	(get_posix_access): Add prototype.

	* Throughout, use simpler ACE macros from Windows' accctrl.h.

	* getfacl.c (main): Special-case SYSTEM and Admins group.  Add comments.

	* setfacl.c: Align more to Linux tool.
	(delacl): New function to delete acl entries only.
	(modacl): Drop delete functionality.  Add handling of recomputing the
	mask and default mask values.
	(delallacl): Rename from delacl.
	(setfacl): Call delacl in Delete case.  Call delallacl in DeleteAll
	and DeleteDef case.
	(usage): Accommodate new options.  Rearrange and rephrase slightly.
	(longopts): Emit 'x' in --delete case.  Add --no-mask and --mask
	options.
	(opts): Add -x and -n options.
	(main): Handle -d and -x the same.  Handle -n and --mask options.
	Drop handling for -r option.

	* getfacl.c (usage): Align more closely to Linux version.  Add new
	options -c, -e, -E.  Change formatting to accommodate longer options.
	(longopts): Rename --noname to --numeric.  Keep --noname for backward
	compatibility.  Add --omit-header, --all-effective and --no-effective
	options.
	(opts): Add -c, -e and -E option.
	(main): Handle new -c, -e, and -E options.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:27:54 +01:00
Yaakov Selkowitz
505812d042 winsup/utils: add CPU cache variables to getconf(1)
* getconf.c (conf_table): Add LEVEL*_CACHE_* variables.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2015-10-22 12:51:20 -05:00
Corinna Vinschen
5a3d536ce1 cygcheck.cc: Fix missing commas in products array
* cygcheck.cc (dump_sysinfo): Fix missing commas in products array.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-30 21:46:58 +02:00
Corinna Vinschen
e3de6b0a4d cygcheck.cc: Fix debugger problem
* cygcheck.cc (load_cygwin): Only unload cygwin DLL if not running
        under a debugger.  Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-30 21:39:19 +02:00
Corinna Vinschen
6fbb37b3fa cygcheck.cc: Handle W10/2016 sysinfo
* cygcheck.cc (dump_sysinfo): Correctly handle Windows 10/Server 2016.
        Add missing product types.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-30 21:39:19 +02:00
Corinna Vinschen
e2ae671ce1 cygcheck.cc: Fix downlevel DLL handling
* cygcheck.cc (track_down): Skip error output for "api-ms-win-"
        downlevel DLLs.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-30 21:39:19 +02:00
Corinna Vinschen
fe24411770 strace: Handle ofile descriptor more carefully.
Fix coverity CIDs 128250 - 128252

        * strace.cc (main2): Don't call setvbuf on NULL descriptor.
        Explicitely fclose ofile.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-03 12:02:17 +02:00
Corinna Vinschen
d32ea61ae4 cygwin: Fix copyright dates
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-07-29 13:45:46 +02:00
Corinna Vinschen
6ab56bdd3f cygwin: Fix crashes under AllocationPreference=0x100000 condition
* cygtls.h: Include cygtls_padsize.h and define CYGTLS_PADSIZE there.
        * cygtls_padsize.h: New file.  Define CYGTLS_PADSIZE.
        * environ.cc (parse_options): Fix NULL pointer access.
        * init.cc (threadfunc_fe): Do not force stack align on x86_64.

        * strace.cc (main2): Rename from main.
        (main): Make room for _cygtls area on stack and just call main2.  Add
        comment to explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-07-29 13:32:29 +02:00
Corinna Vinschen
23ad79d7de Fix potential hang in ldd if DLL encounters missing entry point
* ldd.cc (STATUS_DLL_NOT_FOUND): Drop definition.
        (report): Handle STATUS_ENTRYPOINT_NOT_FOUND exception.  Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-07-20 18:32:24 +02:00
Corinna Vinschen
b90a91a618 tzset: Check timezone and country case-insensitive
* tzset.c (main): Check timezone and country case-insensitive.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-07-08 10:25:49 +02:00
Jon TURNEY
5c4129d937 Improve strace to log most Windows debug events
Not sure if this is wanted, but on a couple of occasions recently I have been
presented with strace output which contains an exception at an address in an
unknown module (i.e. not in the cygwin DLL or the main executable), so here is a
patch which adds some more information, including DLL load addresses, to help
interpret such straces.

v2:
Use NtQueryObject() for HANDLE -> filename conversion
Add new '-e' option to toggle this additional logging

2015-06-07  Jon Turney  <jon.turney@dronecode.org.uk>

	* strace.cc (proc_child): Log process and thread create and exit,
	and DLL load and unload.
	(GetFileNameFromHandle): New function.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-06-11 12:00:51 +01:00
Corinna Vinschen
7701a023ff Drop Windows 2000 considerations in ps, fix uid field length
* ps.cc (main): Widen UID field in long format to accommodate longer
	UIDs since Cygwin 1.7.34.  Remove Windows 2000 considerations.  Fix
	comments accordingly.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-06-10 11:07:27 +02:00
Corinna Vinschen
117ebc802f Bind mounts require POSIX paths
* path.cc (from_fstab_line): Don't convert slashes to backslashes for
	bind mounts.  Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-06-08 17:37:55 +02:00
Corinna Vinschen
68994d6828 Asia/Calcutta -> Asia/Kolkata (not on unicode.org)
* tzmap-from-unicode.org: Convert Calcutta to Kolkata.
        * tzmap.h: Regenerate.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 22:03:45 +02:00
Corinna Vinschen
3da543e5bd * getfacl.c (usage): Change --all to --access, --dir to --default.
Align text to output of Linux tool.
	(longopts): Add --access and --default options.
2015-02-28 13:13:19 +00:00
Corinna Vinschen
773f4fa586 * mkgroup.c (MAX_SID_LEN): Remove. Instead, use SECURITY_MAX_SID_SIZE
throughout.
	(enum_unix_groups): Introduce numeric_psid and rearrange code to avoid
	potential heap corruption.
	* mkpasswd.c: Ditto.
2015-02-25 20:18:29 +00:00
Ken Brown
1415f18720 * dump_setup.cc (check_package_files): Accommodate postinstall
files in any directory whose name contains "/postinstall/", not
just /etc/postinstall.
2015-02-17 23:36:23 +00:00
Corinna Vinschen
a6791b3bc7 * regtool.cc (longopts): Add --force option.
(opts): Add -f option.
	(restore_flags): New variable.
	(usage): Clarify working of save action.  Add restore action.  Add
	description for -f/--force option.
	(set_privilege): Drop function.  The Cygwin DLL is doing that anyway.
	(cmd_save): Drop call to set_privilege.
	(cmd_restore): New function.
	(main): Handle -f/--force option.
2015-02-03 15:14:57 +00:00
Corinna Vinschen
e7ead873a8 * setfacl.c (action_t): Add DeleteDef value.
(delacl): Take new parameter to differe between DeleteAll and DeleteDef.
	Extend conditional to handle DefaultDef.  Change comment accordingly.
	(setfacl): Call delacl in DefaultDef case as well.
	(usage): Add and describe -k option.  Add -k to require options.
	(longopts): Add --remove-default option.
	(opts): Add -k option.
	(main): Handle -k option.
2014-12-15 20:29:43 +00:00
Corinna Vinschen
ce6c6a4d82 * tzmap-from-unicode.org: Create tzmap as const.
* tzmap.h: Regenerate.
2014-12-05 14:39:04 +00:00
Corinna Vinschen
4c2380d396 * Makefile.in: Add rules to create and depend on tzmap.h.
* tzmap-from-unicode.org: New script to create tzmap.h.
	* tzmap.h: New auto-generated file.
	* tzset.c: Drop tzmap from here and include tzmap.h instead.  Drop
	Windows 2000 considerations.
2014-12-05 13:41:52 +00:00
Corinna Vinschen
3bde24b892 * mkgroup.c (main): Call enum_local_groups with offset 0x30000 for local
machine, too.
2014-11-28 08:44:39 +00:00
Corinna Vinschen
f3939c059c * mkgroup.c (main): Call enum_groups with offset 0x30000 for local
machine, same as from DB.
	* mkpasswd.c (enum_unix_users): Set pw_passwd field to '*'.
	(enum_users): Ditto.
	(main): Call enum_users with offset of 0x30000 for local machine,
	same as from DB.
2014-11-27 19:55:37 +00:00
Corinna Vinschen
cfd6979c39 * passwd.c (GetPW): If server is NULL, and the user is not a local
user, try to fetch the DC to use as server.
	(ChangePW): Get Windows username via extra parameter.
	(usage): Reduce -d help text to reflect above change.
	(main): Fix typo in comment.  Call GetPW and ChangePW as per the
	changes above.
2014-11-24 11:07:32 +00:00
Corinna Vinschen
35983199f3 * mkgroup.c (usage): Fix language.
* mkpasswd.c (usage): Ditto.
2014-11-12 14:22:05 +00:00
Corinna Vinschen
4acb3408e9 * mkgroup.c (enum_unix_groups): Always print groupname with machine
prefix.
	(usage): Extend help output for -l option.
	(main): Drop superfluous goto and label.  Make machine prefixing for
	local machine when using -l option dependend on options in
	/etc/nsswitch.conf.
	* mkpasswd.c: Ditto.
2014-11-12 14:13:56 +00:00
Corinna Vinschen
df59ab7e7a * cygcheck.cc (dump_sysinfo): Handle Windows 10/Server 2014(?). 2014-11-10 16:21:52 +00:00
Corinna Vinschen
1c53098be3 Add accidentally missing patch 2014-11-03 16:29:03 +00:00
Corinna Vinschen
fcb1765e87 * mkgroup.c (enum_local_groups): Don't generate leading separator char
for builtin accounts.
2014-11-03 14:54:43 +00:00
Corinna Vinschen
d5b68452aa * setfacl.c (setfacl): Fix bracketing in expression. 2014-10-29 10:24:49 +00:00
Corinna Vinschen
8170e43b48 * setfacl.c (usage): Add -b to require options. 2014-10-27 10:28:13 +00:00
Corinna Vinschen
fc58f46dd6 * setfacl.c (action_t): Add DeleteAll value.
(delacl): New function to remove all ACL entries not representing POSIX
	permissions.
	(setfacl): Rearrange conditional expression into switch statement.
	Add DeleteAll case.
	(usage): Add and describe -b option.
	(longopts): Add --remove-all option.
	(opts): Add -b option.
	(main): Handle -b option.
2014-10-27 10:25:02 +00:00
Corinna Vinschen
a208583750 * cygcheck.cc (CYGLSA64_DLL): Remove unused macro.
(dump_sysinfo): If COMSPEC isn't set in the MSVCRT environment, set it.
	Explain why.
2014-10-21 10:59:40 +00:00
Corinna Vinschen
ef1e66cfbf * setfacl.c (addmissing): New function to add missing acl entries to
a modified acl per the rules set by aclcheck.
	(setfacl): Call addmissing unless action is Delete.
2014-09-03 12:44:05 +00:00
Corinna Vinschen
451e1f4879 * setfacl.c (getaclentry): Fix previous fix again. Allow lone 'm' as
well as any lone default entry if action is Delete.  Fix comments.
	(usage): Align usage text.
2014-09-03 09:32:53 +00:00
Corinna Vinschen
89d195a7d1 * setfacl.c (getaclentry): Fix return value in case of a lone 'm' if
action is Delete.  Drop requirement for a trailing colon if action is
	Delete.
2014-09-03 08:57:20 +00:00
Corinna Vinschen
9845fcbb6b * setfacl.c (usage): Drop outdated note that default ACEs are not
taken into account.
2014-08-31 19:20:04 +00:00
Corinna Vinschen
c7953da22d * getfacl.c (usage): Add flags description.
(main): Print suid/sgid/vtx flags if available.
2014-08-31 13:46:34 +00:00
Corinna Vinschen
7e46c0af62 * configure.ac: Convert to new AC_INIT style.
* configure: Regenerate.
2014-08-15 21:24:35 +00:00
Corinna Vinschen
fbf2e44799 * utils.xml: Move to ../doc. 2014-08-14 19:33:57 +00:00
Corinna Vinschen
5528975705 * passwd.c (usage): Rename DAYS to MINDAYS and MAXDAYS.
* utils.xml (passwd): Ditto.
2014-08-06 19:24:57 +00:00
Corinna Vinschen
03ad777ab0 Add missing utils.xml 2014-07-29 13:31:33 +00:00
Corinna Vinschen
c72a0d361d * mkgroup.c (usage): Move info message that this /etc/group isn't really
required anymore more to the top of the usage output.
	* mkpasswd.c (usage): Ditto for /etc/passwd.  Drop old text from output.
2014-07-29 13:29:54 +00:00
Corinna Vinschen
1f4923ae73 * passwd.c (main): Fix typo in error output. 2014-06-16 13:27:08 +00:00
Jon TURNEY
2915feb81e * minidumper.cc (filter_minidump_type): New function.
(minidump): Change default dump type from MiniDumpNormal to
	something with more useful information without getting too
	big. Use filter_minidump_type() to filter out unsupported dump
	types.
2014-05-13 10:26:26 +00:00
Jon TURNEY
8f8e7757cf * Makefile.in (minidumper.exe): Link directly with dbghelp.
* minidumper.cc (minidump): Ditto.
2014-05-13 10:24:16 +00:00
Jon TURNEY
638f0ebf90 * minidumper.cc (minidump): Fix copy and paste error in checking
result of OpenProcess().
2014-04-21 12:02:59 +00:00
Corinna Vinschen
16c7ecbb9d Fix ChangeLog entry date. 2014-03-11 15:15:33 +00:00
Corinna Vinschen
16a976cff4 * mkgroup.c (domlist_t): Drop id_offset.
(get_dcname): Remove.
	(current_group): Remove.
	(enum_unix_groups): Simplify.  Change space to underscore in domain
	name.
	(enum_local_groups): Simplify to accommodate the fact that it's only
	called for foreign machines.
	(enum_groups): Ditto.
	(print_special_by_sid): Remove.
	(print_special_by_name): Remove.
	(usage): Align to new code.
	(fetch_primary_domain): Remove.
	(main): Use cygwin_internal CW_SETENT, CW_GETENT and CW_ENDENT method.
	Call enum_local_groups, enum_groups, and enum_unix_groups only for
	foreign machines.
	* mkpasswd.c (get_dcname): Remove.
	(current_user): Remove.
	(enum_unix_users): Simplify.  Change space to underscore in domain name.
	(enum_users): Simplify to accommodate the fact that it's only
	called for foreign machines.
	(print_special_by_sid): Remove.
	(usage): Align to new code.
	(longopts): Add -b/--no-builtin option.
	(opts): Add -b option.
	(print_special_by_name): Remove.
	(enum_std_accounts): Remove.
	(fetch_primary_domain): Remove.
	(main): Use cygwin_internal CW_SETENT, CW_GETENT and CW_ENDENT method.
	Call enum_users and enum_unix_users only for foreign machines.
	* utils.xml (mkgroup): Align documentation to new usage.
	(mkpasswd): Ditto.
2014-02-24 10:51:42 +00:00