(cygheap_user::token): Delete.
(cygheap_user::impersonated): Delete.
(cygheap_user::external_token): New member.
(cygheap_user::internal_token): New member.
(cygheap_user::impersonation_state): New member.
(cygheap_user::issetuid): Modify.
(cygheap_user::token): New method.
(cygheap_user::deimpersonate): New method.
(cygheap_user::reimpersonate): New method.
(cygheap_user::has_impersonation_tokens): New method.
(cygheap_user::close_impersonation_tokens): New method.
* dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods.
* fhandler_socket.cc (fhandler_socket::dup): Ditto.
* fork.cc (fork_child): Ditto.
(fork_parent): Ditto.
* grp.cc (internal_getgroups): Ditto.
* security.cc (verify_token): Ditto.
(check_file_access): Ditto.
(cygwin_set_impersonation_token): Detect conflicts. Set
user.external_token.
* spawn.cc (spawn_guts): Use new cygheap_user methods.
* syscalls.cc (seteuid32): Rearrange to use the two tokens
in cygheap_user.
(setegid32): Use new cygheap_user methods.
* uinfo.cc: (internal_getlogin): Ditto.
cygerrno.h.
* include/cygwin/config.h (__DYNAMIC_REENT__): Define.
* include/cygwin/version.h: Bump API minor version.
* cygwin.din: Export __getreent
* cygerrno.h: Include errno.h. Fix places where _impure_ptr is used directly
to store the errno value.
* debug.cc (__set_errno): Ditto.
* errno.cc: Remove _RRENT_ONLY define to get errno.cc compiled.
* signal.cc: Rename _reent_clib to _REENT throughout.
* thread.h (reent_clib): Remove prototype.
* thread.cc (reent_clib): Rename reent_clib to __getreent. Return _impure_ptr
until MTinterface is initialized.
(reent_winsup): Fix a possible SEGV when _r == NULL. Return NULL instead.
* MTinterface::fixup_after_fork: Switch reent back to _impure_ptr to keep
signal handling running when fork is called from a thread other than the
mainthread.
(get_nt_attribute): Only call read_sd and get_info_from_sd.
Return void.
(get_file_attribute): Move sd error handling to get_info_from_sd.
and symlink handling to fhandler_disk_file::fstat_helper.
(get_nt_object_attribute): Only call read_sd and get_info_from_sd.
Return void.
(get_object_attribute): Remove symlink handling and simply return -1
when ntsec is off.
* fhandler_disk_file.cc (fhandler_disk_file::fstat_helper): For
symlinks set the attribute, call get_file_attribute to get the ids
and return. In the normal case call get_file_attribute with the
addresses of the buffer ids and do not recheck if the file is a socket.
from the current effective ids.
* fhandler_socket.cc (fhandler_socket::fstat): Keep the uid and gid set
by fhandler_base::fstat.
* security.cc (get_nt_attribute): Do not test wincap.has_security ().
(get_nt_object_attribute): Ditto.
(get_file_attribute): Add test for wincap.has_security ().
(get_object_attribute): Ditto.
data on sockets to evaluate AF_LOCAL sockets correctly.
(dtable::build_fhandler): Set unit number on sockets.
* fhandler.h (fhandler_socket): Add unit number.
(fhandler_socket::get_unit): New method.
* fhandler_socket.cc (fhandler_socket::fhandler_socket): Set unit
number.
(fhandler_socket::fstat): Reorganize to return more Linux-like
values.
* net.cc: include ctype.h.
(fdsock): Set unit number when building fhandler.
* path.cc (path_conv::check): Set device type to FH_SOCKET if file
is a AF_UNIX socket.
(get_devn): Evaluate unit for virtual socket devices.
(win32_device_name): Set windows path for sockets to unix_path with
just backslashes to keep the different names.
* syscalls.cc (fstat64): Don't override st_ino, st_dev and st_rdev
for sockets.
(stat_worker): Ditto.
From Pierre Humblet:
* autoload.cc (AccessCheck): Add.
(DuplicateToken): Add.
* security.h (check_file_access): Declare.
* syscalls.cc (access): Convert path to Windows, check existence
and readonly attribute. Call check_file_access instead of acl_access.
* security.cc (check_file_access): Create.
* sec_acl (acl_access): Delete.
loop. Set default rights to same values as in alloc_sd(). Set DELETE
for owner and default owner only if S_IWOTH is given.
* sec_acl.cc: Change all __aclent16_t to __aclent32_t except in
wrapper function definitions. Replace call to the aclXYZ functions by
calls aclXYZ32.
(searchace): Change type of third argument to __uid32_t and use
ILLEGAL_UID instead of -1;
(setacl): Remove some initializations. Only give STANDARD_RIGHTS_WRITE
for S_IWOTH. Replace -1 by ILLEGAL_UID.
(getacl): Change type of owner_sid, group_sid and ace_sid to cygpsid.
In last else clause, suppress second call to ace_sid.get_id and use
TRUE in first call. Replace EqualSid by ==.
(acl_access): Call internal_getgroups in USER and GROUP cases.
(acecmp: Define static.
(acl32): Create from 16 bit type.
(facl32): Ditto.
(lacl32): Ditto.
(aclcheck32): Ditto.
(aclsort32): Ditto.
(acltomode32): Ditto.
(aclfrommode32): Ditto.
(acltopbits32): Ditto.
(aclfrompbits32): Ditto.
(acltotext32): Ditto.
(aclfromtext32): Ditto, and use strechr.
(acl16to32): Create.
(acl): Make it a wrapper function.
(facl): Ditto.
(lacl): Ditto.
(aclcheck): Ditto.
(aclsort): Ditto.
(acltomode): Ditto.
(aclfrommode): Ditto.
(acltopbits): Ditto.
(aclfrompbits): Ditto.
(acltotext): Ditto.
(aclfromtext): Ditto.
* security.cc (write_sd): Call set_process_privilege and check
ownership.
(alloc_sd): Remove call to set_process_privilege and the owner check.
* security.cc (extract_nt_dom_user): Simplify with strechr.
(get_user_groups): Initialize glen to MAX_SID_LEN.
(get_user_local_groups): Ditto.
(get_attribute_from_acl): Define ace_sid as cygpsid.
(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
(get_nt_object_attribute): Ditto.
(alloc_sd): Define ace_sid as cygpsid.
* autoload.cc: Add OpenThreadToken.
* sec_helper.cc (set_process_privilege): Add and use use_thread
argument.
* security.cc (alloc_sd): Modify call to set_process_privilege.
Remember the result in each process. If failed and file owner is not
the user, fail.
(setacl): Start the search for a matching default at the next entry.
Invalidate the type of merged entries instead of clearing it.
Use well_known_creator for default owner and owning group and do
not try to merge non-default and default entries in these cases.
(getacl): Recognize well_known_creator for default owner and group.
(acl_worker): Improve errno settings and streamline the nontsec case.
* security.cc (write_sd): Remove the call to set_process_privilege.
(alloc_sd): If the owner changes, call set_process_privilege and return
immediately on failure. Change inheritance rules: on new directories add
inherit only allow ACEs for creator_owner, creator_group and everyone.
Preserve all inheritances through chmod and chown calls. Introduce
isownergroup to implement the uid == gid case, to keep the inheritance
code simple. Do not initialize owner_sid and group_sid and stop using
the variable psd.
* pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by
pwdgrp_check::isinitializing ().
(pwdgrp_check::isinitializing): Create.
* passwd.cc (grab_int): Change type to unsigned, use strtoul and
set the pointer content to 0 if the field is invalid.
(parse_pwd): Move validity test after getting pw_gid.
(read_etc_passwd): Replace "passwd_state <= " by
passwd_state::isinitializing ().
(internal_getpwuid): Ditto.
(internal_getpwnam): Ditto.
(getpwent): Ditto.
(getpass): Ditto.
* grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity.
(read_etc_group): Replace "group_state <= " by
group_state::isinitializing ().
(internal_getgrgid): Ditto.
(getgrent32): Ditto.
(internal_getgrent): Ditto.
2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* security.h: Move declarations of internal_getgrent,
internal_getpwsid and internal_getgrsid to pwdgrp.h.
* pwdgrp.h: Declare internal_getpwsid, internal_getpwnam,
internal_getpwuid, internal_getgrsid, internal_getgrgid,
internal_getgrnam, internal_getgrent and internal_getgroups.
Delete "emulated" from enum pwdgrp_state.
(pwdgrp_check::isuninitialized): Create.
(pwdgrp_check::pwdgrp_state): Change state to initializing
rather than to uninitialized.
(pwdgrp_read::gets): Remove trailing CRs.
* passwd.cc (grab_string): Don't look for NLs.
(grab_int): Ditto.
(parse_pwd): Don't look for CRs. Return 0 if entry is too short.
(search_for): Delete.
(read_etc_passwd): Simplify tests to actually read the file.
Set state to loaded before making internal_getpwXX calls.
Replace search_for calls by equivalent internal_pwgetXX calls.
(internal_getpwsid): Use passwd_state.isuninitialized to decide
to call read_etc_passwd.
(internal_getpwuid): Create.
(internal_getpwnam): Create.
(getpwuid32): Simply call internal_getpwuid.
(getpwuid_r32): Call internal_getpwuid.
(getpwnam): Simply call internal_getpwnam.
(getpwnam_r): Call internal_getpwnam.
* grp.cc (parse_grp): Don't look for CRs. Adjust blank space.
(add_grp_line): Adjust blank space.
(class group_lock): Ditto.
(read_etc_group): Simplify tests to actually read the file.
Set state to loaded before making internal_getgrXX calls.
Replace getgrXX calls by equivalent internal calls.
(internal_getgrsid): Use group_state.isuninitialized to decide
to call read_etc_group.
(internal_getgrgid): Create.
(internal_getgrnam): Create.
(getgroups32): Simply call internal_getgrgid.
(getgrnam32): Simply call internal_getgrnam.
(internal_getgrent): Call group_state.isuninitialized.
(internal_getgroups): Create from the former getgroups32, using
two of the four arguments. Set gid to myself->gid and username
to cygheap->user.name ().
(getgroups32): Simply call internal_getgroup.
(getgroups): Call internal_getgroup instead of getgroups32.
(setgroups32): Call internal versions of get{pw,gr}XX.
* sec_helper.cc: Include pwdgrp.h.
(is_grp_member): Call internal versions of get{pw,gr}XX.
* security.cc: Include pwdgrp.h.
(alloc_sd): Call internal versions of get{pw,gr}XX.
* syscalls.cc: Include pwdgrp.h.
(seteuid32): Call internal versions of get{pw,gr}XX.
(setegid32): Ditto.
* uinfo.cc: Include pwdgrp.h.
(internal_getlogin): Call internal versions of get{pw,gr}XX.
(cygheap_user::ontherange): Ditto.
* sec_acl.cc: Include pwdgrp.h.
(setacl): Call internal versions of get{pw,gr}XX.
(acl_access): Ditto and simplify logic.
(aclfromtext): Ditto.
just in case an access_denied ACE follows an access_allowed.
Handle the case owner_sid == group_sid, with a FIXME.
Remove unnecessary tests for non-NULL PSIDs.
(alloc_sd): Use existing owner and group sids if {ug}id == -1.
Handle case where owner_sid == group_sid.
Do not call is_grp_member. Try to preserve canonical ACE order.
Remove unnecessary tests for non-NULL PSIDs. Reorganize
debug_printf's.
(get_initgroups_sidlist): Put well_known_system_sid on left
side of ==.
(add_access_denied_ace): Only call GetAce if inherit != 0.
(add_access_allowed_ace): Ditto. Use appropriate sizeof.
* syscalls.cc (chown_worker): Pass {ug}id equal to -1 to
alloc_sd, which removes the need to obtain old_{ug}id.
(chmod): Remove call to get_file_attribute (), simply pass
{ug}id equal to -1 to alloc_sd.
cygheap->user, return the uid or gid from myself.
* security.cc (alloc_sd): If gid == myself->gid, return the group sid from
cygheap->user. Remove the test for uid == original_uid, which is
counter-productive.
already taken care of that.
* fhandler_console.cc (fhandler_console::open): Initialize handles to NULL.
(fhandler_console::close): Ditto. GNUify non-GNU formatted functions calls
throughout.
may not end up in the pool.
(cygthread::new): Avoid race when checking for initialized. Add debugging
code.
* fhandler.cc (fhandler_base::raw_read): Add case for ERROR_INVALID_HANDLE due
to Win95 directories.
(fhandler_base::open): Handle errors due to Win95 directories.
(fhandler_base::close): Add get_nohandle () test.
(fhandler_base::set_close_on_exec): Ditto.
(fhandler_base::fork_fixup): Ditto.
(fhandler_base::lock): Change error code to Posix EINVAL.
(fhandler_base::dup): If get_nohandle (), set new value to INVALID_HANDLE_VALUE
instead of NULL.
* fhandler_disk_file.cc (fhandler_disk_file::fstat): Call fstat_by_name if
get_nohandle (). Remove extraneous element from strpbrk.
(fhandler_disk_file::open): Remove test for Win95 directory.
* fhandler_random.cc (fhandler_dev_random::open): Add set_nohandle ().
* fhandler_clipboard.cc (fhandler_dev_clipboard::open): Ditto.
* fhandler_zero.cc (fhandler_dev_zero::open): Ditto.
(fhandler_dev_zero::close): Delete.
* fhandler.h (class fhandler_dev_zero): Ditto.
supplementary group sids that may have been set by setgroups.
* security.cc (cygsidlist::free_sids): Also zero the class members.
* security.h (groups::clear_supp): New.
Rename cygsidlist_unknown to cygsidlist_empty.
before owner_sid and group_sid so that well_known_world_sid
means "other" even when owner_sid and/or group_sid are Everyone.
* security.cc (get_attribute_from_acl): Created from code common
to get_nt_attribute() and get_nt_object_attribute(), with same
reordering as in getacl() above.
(get_nt_attribute): Call get_attribute_from_acl().
(get_nt_object_attribute): Ditto.
the supplementary group list is missing Everyone or a groupsid
equal to usersid, or because the primary group is not in the token,
as long as it is equal to the usersid.
* syscalls.cc (seteuid32): Use common code for all successful returns.
* grp.cc (getgroups32): Never includes Everyone in the output.
* include/cygwin/version.h: Bump API minor version.
* cygheap.h (class cygheap_user): Add member groups.
* security.h (class cygsidlist): Add members type and maxcount,
methods position, addfromgr, alloc_sids and free_sids and
operator+= (const PSID psid). Modify contains () to call
position () and optimize add () to use maxcount.
(class user_groups): Create.
Update declarations of verify_token and create_token.
* security.cc (cygsidlist::alloc_sids): New.
(cygsidlist::free_sids): New.
(get_token_group_sidlist): Create from get_group_sidlist.
(get_initgroups_sidlist): Create from get_group_sidlist.
(get_group_sidlist): Suppress.
(get_setgroups_sidlist): Create.
(verify_token): Modify arguments. Add setgroups case.
(create_token): Modify arguments. Call get_initgroups_sidlist and
get_setgroups_sidlist as needed. Set SE_GROUP_LOGON_ID from auth_pos
outside of the loop. Rename the various group sid lists consistently.
* syscalls.cc (seteuid32): Modify to use cygheap->user.groups.
(setegid32): Call cygheap->user.groups.update_pgrp.
* grp.cc (setgroups): Create.
(setgroups32): Create.
* uinfo.cc (internal_getlogin): Initialize and update user.groups.pgsid.
* cygwin.din: Add setgroups and setgroups32.
(get_supplementary_group_sidlist): Evolve into get_unix_group_sidlist.
(get_user_local_groups): Add check for duplicates.
(get_user_primary_group): Suppress.
(get_group_sidlist): Silently ignore PDC unavailability.
Call get_unix_group_sidlist() before get_user_local_groups().
Remove call to get_supplementary_group_sidlist(). Never call
get_user_primary_group() as the passwd group is always included.
Add well_known_authenticated_users_sid in only one statement.
domain as the local domain.
(get_group_sidlist): Add authenticated users SID to SYSTEM's group
list instead of SYSTEM itself.
(verify_token): Accept the primary group sid if it equals
the token user sid.
(INHERIT_ALL): Ditto.
(INHERIT_ONLY): Ditto.
* sec_acl.cc: Use appropriate defines from accctrl.h instead of the
above throughout.
* security.cc: Ditto.
(RegQueryInfoKeyA): Ditto.
* fhandler.h (fhandler_virtual::fill_filebuf): Change return type to bool.
(fhandler_proc::fill_filebuf): Ditto.
(fhandler_registry::fill_filebuf): Ditto.
(fhandler_process::fill_filebuf): Ditto.
(fhandler_registry::value_name): Add new member.
(fhandler_registry::close): Add new method.
(fhandler_process::p): Remove member.
* fhandler_proc.cc (fhandler_proc::open): Add set_nohandle after calling
superclass method. Check return value of fill_filebuf.
(fhandler_proc::fill_filebuf): Change return type to bool. Add return
statement.
* fhandler_process.cc (fhandler_process::open): Add set_nohandle after calling
superclass method. Remove references to p. Check return value of
fill_filebuf.
(fhandler_process::fill_filebuf): Change return type to bool. Don't use
dereference operator on p. Add return statement.
(fhandler_process::format_process_stat): Fix typo.
* fhandler_registry.cc: Add static open_key declaration.
(fhandler_registry::exists): Assume path is already normalised. Try opening
the path as a key in its own right first, before reverting to enumerating
subkeys and values of the parent key.
(fhandler_registry::fstat): Add additional code to return more relevant
information about the registry key/value.
(fhandler_registry::readdir): Explicitly set desired access when opening
registry key. Remove output of buf from debug_printf format string.
(fhandler_registry::open): Use set_io_handle to store registry key handle. Set
value_name member. Move code to read a value from the registry to
fill_filebuf. Add call to fill_filebuf.
(fhandler_registry::close): New method.
(fhandler_registry::fill_filebuf): Change return type to bool. Add code to
read a value from registry.
(fhandler_registry::open_key): Make function static. Use KEY_READ as desired
access unless this is the last path component. Check the return value of
RegOpenKeyEx for an error instead of hKey.
* fhandler_virtual.cc (fhandler_virtual::lseek): Check the return value of
fill_filebuf.
(fhandler_virtual::open): Remove call to set_nohandle.
(fhandler_virtual::fill_filebuf): Change return type to bool. Add return
statement.
* security.cc (get_nt_object_attribute): New function.
(get_object_attribute): New function.
* security.h (get_object_attribute): New function declaration.
Call LookupAccountSid after trying to get domain & user from passwd.
(get_group_sidlist): Obtain the domain and user by calling
extract_nt_dom_user instead of LookupAccountSid.
to get_supplementary_group_sidlist.
(create_token): Add pw argument and use it in call to get_group_sidlist.
* security.h: Add pw argument in declaration of create_token.
* syscalls.cc (seteuid32): Add pw argument in call to create_token.
Check uid for current user first and use SIDs from cygheap if so.
Set errno to EINVAL if user SID isn't retrievable. Just print user SID
as debug output.
Don't bail out if group SID isn't retrievable. Change debug output
appropriately.
(cygheap_user::env_logsrv): Verify env_domain is valid.
* environ.cc: Include child_info.h and keep spenvs[] sorted.
(environ_init): Check child_proc_info instead of myself->ppid_handle.
* environ.cc (spenv::retrieve): Add debugging statements.
* pinfo.cc (set_myself): Don't call strace.hello if already stracing.
* strace.cc (strace): Move NO_COPY keyword so that it will actually take
effect.
command-line setting.
* cygwin.din: Export sexec* functions as function which returns ENOSYS
(i.e., sexec* is deprecated).
* dtable.cc (dtable::vfork_child_dup): Ensure that impersonation is restored
even on failure.
* exec.cc: Throughout, remove references to sexec* and _spawnve.
* pinfo.h: Remove _spawnve declaration.
* spawn.cc: Rename _spawnve to spawnve and use throughout.
(spawn_guts): Eliminate hToken argument and processing of same. Just perform
special actions if impersonating.
(spawnve): Rename from _spawnve.
* security.cc (alloc_sd): Remove logsrv argument.
Remove two calls to lookup_name.
(set_security_attribute): Remove logsrv argument.
Remove logsrv argument in call to alloc_sd.
(set_nt_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_security_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_nt_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_file_attribute.
* syscalls.cc (chown_worker): Remove logserver argument in
call to set_file_attribute.
(chmod): Ditto.
* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
* uinfo.cc (internal_getlogin): Replace calls to
lookup_name by call to LookupAccountName.
* security.h: Remove logsrv in declarations of set_file_attribute
and alloc_sd. Remove declaration of lookup_name.
(get_lsa_srv_inf): Suppressed.
(get_logon_server_and_user_domain): Suppressed.
(get_logon_server): Essentially new.
(get_user_groups): Add "domain" argument. Only lookup the
designated server and use "domain" in LookupAccountName.
(is_group_member): Simplify the arguments.
(get_user_local_groups): Simplify the arguments. Do only a
local lookup. Use "BUILTIN" and local domain in LookupAccountName.
(get_user_primary_group). Only lookup the designated server.
(get_group_sidlist): Remove logonserver argument. Do not lookup
any server for the SYSTEM account.
(create_token): Delete logonserver and call to get_logon_server.
Adjust arguments of get_group_sidlist, see above.
* security.h: Delete declaration of get_logon_server_and_user_domain
and add declaration of get_logon_server.
* uinfo.cc (internal_get_login): Call get_logon_server instead of
get_logon_server_and_user_domain.
* fhandler.h (fhandler_proc::fill_filebuf): Take a pinfo argument.
* fhandler_proc.cc (fhandler_proc::get_proc_fhandler): Simplify search for
given pid.
(fhandler_proc::readdir): Assume that pid exists if it shows up in the winpid
list.
* fhandler_process.cc (fhandler_process::open): Simplify search for given pid.
Call fill_filebuf with pinfo argument.
(fhandler_process::fill_filebuf): Pass pinfo here and assume that it exists.
* pinfo.h (pinfo::remember): Define differently if sigproc.h is not included.
* dll_init.cc (dll_list::detach): Don't run destructor on exit.