systems supporting it. Never add SERVICE SID but keep code in for
future reference. Explain why.
(get_priv_list): Add cygpsid pointer parameter. Point it to the
mandatory integrity SID which matches account and privileges.
(create_token): Fetch mandatory integrity SID from call to
get_priv_list.
(lsaauth): Call get_priv_list with additional NULL pointer. Change
comment accordingly.
* sec_helper.cc (well_known_console_logon_sid): New static SID.
(cygpriv): Change to structure containing extra flag to store info
about required integrity level.
(privilege_luid): Accommodate changes to cygpriv. Return integrity
level in new high_integrity parameter.
(privilege_name): Accommodate changes to cygpriv.
(set_privilege): Drop trailing \n from debug output.
(set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore
since it's just not needed, but keep code in for future reference.
Change comment accordingly.
* security.h (well_known_console_logon_sid): Declare.
(privilege_luid): Align declaration to above change.
* wincap.h (wincaps::has_console_logon_sid): New element.
* wincap.cc: Implement above element throughout.
Use CryptAcquireContextW.
* ntdll.h (STATUS_PROCEDURE_NOT_FOUND): Define.
* sec_auth.cc (open_local_policy): Rename NTSTATUS variable ret to
status. Drop usage of LsaNtStatusToWinError.
(verify_token): Call NtQuerySecurityObject instead of
GetKernelObjectSecurity.
(create_token): Rename NTSTATUS variable ret to status. Rename ret2 to
sub_status. Drop usage of LsaNtStatusToWinError. In case LsaLogonUser
fails, report the sub_status as well.
secur32 functions, except for LsaRegisterLogonProcess. Change return
value to ERROR_PROC_NOT_FOUND. Explain why.
* sec_auth.cc (lsaauth): Handle ERROR_PROC_NOT_FOUND from call to
LsaRegisterLogonProcess when generating the errno value.
builtin group from system. Explain why.
* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
* security.h (well_known_builtin_sid): Declare.
to fetch token with full privileges from logon token in Vista and
later, and to make token inheritable. Add lengthy comments to explain
the function's job.
(cygwin_logon_user): Drop calling SetHandleInformation. Enable TCB
privilege and call get_full_privileged_inheritable_token.
(lsaauth): Don't fetch linked token and don't make handle inheritable
here, just call get_full_privileged_inheritable_token instead.
(lsaprivkeyauth): Ditto.
CW_SET_EXTERNAL_TOKEN.
Add new enum CW_TOKEN_IMPERSONATION, CW_TOKEN_RESTRICTED.
* cygheap.h (cyguser): New flags ext_token_is_restricted,
curr_token_is_restricted and setuid_to_restricted.
* external.cc (cygwin_internal): Add CW_SET_EXTERNAL_TOKEN.
* sec_auth.cc (set_imp_token): New function.
(cygwin_set_impersonation_token): Call set_imp_token ().
* security.h (set_imp_token): New prototype.
* spawn.cc (spawn_guts): Use CreateProcessAsUserW if restricted token
was enabled by setuid(). Do not create new window station in this case.
* syscalls.cc (seteuid32): Add handling of restricted external tokens.
Set HANDLE_FLAG_INHERIT for primary token.
(setuid32): Set setuid_to_restricted flag.
* uinfo.cc (uinfo_init): Do not reimpersonate if restricted token was
enabled by setuid (). Initialize user.*_restricted flags.
* path.cc (str2uni_cat): ...to here. Simplify. Make static inline.
(get_nt_native_path): Use RtlAppendUnicodeToString rather than
str2uni_cat for constant strings for speed.
* security.h (str2uni_cat): Drop declaration.
_TOKEN_LINKED_TOKEN and TokenLinkedToken in favor of definitions
from winnt.h.
(lsaprivkeyauth): As in lsaauth, fetch linked token if available and
return that in favor of default token.
(NetLocalGroupGetMembers): Remove.
(NetUserGetLocalGroups): Add.
* sec_auth.cc (is_group_member): Remove function.
(get_user_local_groups): Get user as string instead of as SID.
Call NetUserGetLocalGroups instead of NetLocalGroupEnum. Drop call
to is_group_member.
(get_server_groups): Call get_user_local_groups with user name instead
of user SID.
* fhandler_fifo.cc (fhandler_fifo::open): Rework to cause errno to be set to
ENXIO when opening a fifo write/nonblocking.
* environ.cc (ucreqenv): Rename to ucenv. Move code from old ucenv here and
conditionalize it on create_upcaseenv.
(ucenv): Delete.
(environ_init): Fix compiler warning by moving create_upcaseenv test to ucenv.
Don't bother checking for child_proc_info when calling ucenv since it is
assumed to be NULL at the point where the function is called.
* path.cc (symlink_worker): Turn off MS-DOS path warnings when dealing with
devices since the device handler passes in a translated MS-DOS path.
* sec_auth.cc (lsaprivkeyauth): Avoid variable initialization which causes a
compiler error.
* fhandler_netdrive.cc: Update copyright.
* cygserver.h (CYGWIN_SERVER_VERSION_API): Bump.
(request_code_t): Define CYGSERVER_REQUEST_SETPWD request type.
* cygserver_msg.h (client_request_msg::retval): Use default value of -1
for retval if msglen is 0.
* cygserver_sem.h (client_request_sem::retval): Ditto.
* cygserver_shm.h (client_request_shm::retval): Ditto.
* cygserver_setpwd.h: New file.
* external.cc (cygwin_internal): Implement new CW_SET_PRIV_KEY type.
* sec_auth.cc (open_local_policy): Make externally available.
Get ACCESS_MASK as argument.
(create_token): Accommodate change to open_local_policy.
(lsaauth): Ditto.
(lsaprivkeyauth): New function fetching token by retrieving
password stored in Cygwin or Interix LSA private data area and
calling LogonUser with it.
* security.h (lsaprivkeyauth): Declare.
(open_local_policy): Declare.
* setlsapwd.cc: New file implementing setting LSA private data password
using LsaStorePrivateData or by calling cygserver if available.
* syscalls.cc (seteuid32): Add workaround to get the original token
when switching back to the original privileged user, even if
setgroups group list is still active. Add long comment to explain why.
Call lsaprivkeyauth first, only if that fails call lsaauth or
create_token.
* include/cygwin/version.h: Bump API minor number.
* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_SET_PRIV_KEY.
* dtable.cc (handle_to_fn): Ditto.
* fhandler_console.cc (fhandler_console::read): Ditto.
(fhandler_console::scroll_screen): Ditto.
(dev_console::set_color): Ditto.
* fhandler_dsp.cc (fhandler_dev_dsp::write): Ditto.
(fhandler_dev_dsp::read): Ditto.
* fhandler_tape.cc (mtinfo_drive::get_status): Ditto.
* hookapi.cc (find_first_notloaded_dll): Ditto.
* mmap.cc (msync): Ditto.
* pipe.cc (pipesync::pipesync): Ditto.
* sec_acl.cc (getace): Ditto.
* sec_auth.cc (create_token): Ditto.
(lsaauth): Ditto.
* select.cc (peek_pipe): Ditto.
* spawn.cc (av::fixup): Ditto.
* syscalls.cc (popen): Ditto.
* tty.cc (tty::init_session): Ditto.
* uinfo.cc (pwdgrp::load): Ditto.
* fhandler.cc (fhandler_base::setup_overlapped): Ditto.
(fhandler_base::wait_overlapped): Rename second use of res variable to wres or
errors are not returned correctly.
* dcrt0.cc: Remove obsolete variable.
* dll_init.cc (release_upto): Fix typo involving incorrect use of '|'.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Avoid a compiler
warning regarding coercing type-punned variables.
(fhandler_base::fstat_by_name): Ditto. fhandler_fifo.cc
(fhandler_fifo::open_nonserver): Fix = vs. == typo.
(fhandler_fifo::wait): Add all conditions to switch statement to avoid a
compiler warning.
* fhandler_process.cc: Avoid unneeded initialization of variables to zero.
(fhandler_socket::listen): Add braces around initializer.
* flock.cc (inode_t::get_all_locks_list): Reorganize to avoid a compiler
warning. Fix problem with EWOULDBLOCK error return.
* path.cc (GUID_shortcut): Use braces around struct initializer.
(cygwin_conv_path): Reorganize to avoid a compiler warning.
* random.cc (dummy): Mark variable as volatile to avoid a "used uninitialized"
warning.
* libc/getopt.c: Mark some variables as dllexport although gcc doesn't seem to
do the right thing with them.
* libc/minires-os-if.c (get_registry_dns_items): Coerce some function arguments
to avoid a compiler warning.
MAX_DOMAIN_NAME_LEN throughout.
* cyglsa.h (CYG_LSA_MAGIC): New value.
(cyglsa_t): Define username and domain as WCHAR arrays.
* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
appropriate.
(extract_nt_dom_user): Prefer resolving by SID before resolving by
domain\name pair.
(cygwin_logon_user): Don't print cleartext password in debug output.
Change comment.
(get_user_groups): Revert calls to LookupAccountNameW to use NULL
server instead of explicit server name, according to MSDN.
(get_user_local_groups): Ditto.
(get_server_groups): Fetch domain and user name from usersid per
LookupAccountSidW instead of calling extract_nt_dom_user.
(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
instead of calling extract_nt_dom_user.
* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
(privilege_luid): Convert first parameter to PWCHAR.
(privilege_name): Return wchar_t pointer.
(set_privileges): Accommodate debug output.
* security.h (privilege_luid): Change prototype accordingly.
(enum _SECPKG_NAME_TYPE): Define.
(struct _SECPKG_CALL_INFO): Define.
(struct _LSA_SECPKG_FUNCS): Extend to full size. Define unused
functions lazily.
(cygprf_t): Define.
* sec_auth.cc (lsaauth): Use actual primary group if no admins group.
Add (disabled) code to fetch token from profil data.
* dcrt0.cc (child_info_spawn::handle_spawn): Drop artificial
supplementary group list from calling setgroups in parent.
* grp.cc (internal_getgroups): Drop 9x-only code. Reformat.
* sec_auth.cc (get_logon_server): Do everything in WCHAR only.
(get_user_groups): Ditto. Use wlogonserver in LookupAccountNameW
calls, too.
(is_group_member): Get logon server as first argument and use in call
to NetLocalGroupGetMembers.
(get_user_local_groups): Get logon server as first argument and use in
calls to NetLocalGroupEnum and LookupAccountNameW. Revamp to work
more correctly in domain environments.
(get_server_groups): Accommodate aforementioned changed function calls.
* security.h (get_logon_server): Change prototype accordingly.
* uinfo.cc (cygheap_user::env_logsrv): Accommodate changed
get_logon_server call.
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.