* ntdll.h (RtlConvertToAutoInheritSecurityObject): Declare.
(RtlDeleteSecurityObject): Declare.
(RtlGetControlSecurityDescriptor): Declare.
(RtlLengthSecurityDescriptor): Declare.
* security.cc (file_mapping): New global variable.
(get_file_sd): Rewrite. Clean up code. Get rid of GetSecurityInfo
call.
(alloc_sd): Call RtlSetControlSecurityDescriptor to set
SE_DACL_PROTECTED flag.
(check_file_access): Remove mapping. Use file_mapping instead.
(check_registry_access): Rename mapping to reg_mapping.
* wincap.cc: Througout, drop use_get_sec_info_on_dirs,
* wincap.h (struct wincaps): Drop use_get_sec_info_on_dirs.
filesystem supporting ACLs, create the file with WRITE_DAC access.
Explain why.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Ditto for
directories.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for sockets.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Always call GetSecurityInfo for directories
on XP and Server 2003. Improve comment to explain why.
(set_file_attribute): Explicitely cast mode_t value to bool in call to
get_file_sd.
* wincap.h (wincaps::use_get_sec_info_on_dirs): New element.
* wincap.cc: Implement above element throughout.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Handle ENOSYS and
point to the explanation.
* ntdll.h (STATUS_NOT_IMPLEMENTED): Define.
* path.cc (symlink_info::check): Handle the inability of NT4 to use
FileNetworkOpenInformation on share root dirs in either direction.
* path.h (slash_unc_prefix_p): Remove unused declaration.
* security.cc (get_info_from_sd): Handle ENOSYS from get_file_sd.
Explain when this happens.
instead of ACL_DEFAULT_SIZE.
* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
* security.h (ACL_DEFAULT_SIZE): Drop definition.
(ACL_MAXIMUM_SIZE): Define.
(SD_MAXIMUM_SIZE): Define.
* security.cc (get_file_sd): Allocate security_decscriptor with size
SD_MAXIMUM_SIZE.
(alloc_sd): Use TLS buffer to allow maximum ACL size.
GetSecurityInfo only if justcreated is true, NtQuerySecurityObject
otherwise. Add comment to explain why. Don't waste time to call
NtQuerySecurityObject twice, just allocate big enough area.
(get_file_attribute): Call get_file_sd with justcreated set to false.
(set_file_attribute): Call get_file_sd with justcreated depending on
S_JUSTCREATED pseudo file attribute.
(check_file_access): Call get_file_sd with justcreated set to false.
* sec_acl.cc (setacl): Ditto.
(getacl): Ditto.
* security.h: Convert many functions to regparm functions.
(get_file_sd): Declare with extra bool parameter.
* fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private.
(fhandler_tty_slave::fch_close_handles): Ditto.
(fhandler_tty_slave::cygserver_attach_tty): Drop declaration.
(fhandler_tty_slave::fstat): Declare public.
(fhandler_tty_slave::fchmod): Declare public.
(fhandler_tty_slave::fchown): Declare public.
(class fhandler_pty_master): Add master_ctl handle.
(fhandler_pty_master::pty_master_thread): Declare public.
* fhandler_termios.cc (fhandler_termios::tcinit): If the process
is started from a non-Cygwin process, make it tty process group
leader.
* fhandler_tty.cc: Throughout accommodate additional security related
arguments in calls to functions creating or opening objects.
(close_maybe): Move to start of file to reuse it
in other methods.
(struct pipe_request): Define.
(struct pipe_reply): Define.
(fhandler_tty_slave::open): Throughout, try to open synchronization
objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver.
Try to duplicate pipe handles via master_ctl pipe if duplicating
directly doesn't work.
(fhandler_tty_slave::cygserver_attach_tty): Remove.
(fhandler_tty_slave::init): Close unused incoming pipe handle.
(fhandler_pty_master::close): Send exit message to master control
thread and close master_ctl handle.
(fhandler_pty_master::pty_master_thread): New method, implementing the
master control thread.
(pty_master_thread): Static helper to start master control thread.
(fhandler_pty_master::setup): Simplify creating pipe inheritance.
Make sure we're the one creating the input_available_event. Add
comment to explain why. Create master_ctl pipe and start master
control thread. Close master_ctl handle in case of error.
* security.cc (alloc_sd): Add code to handle tty objects. Add comments
to explain what exactly is required.
(get_object_sd): New function.
(get_object_attribute): New function.
(create_object_sd_from_attribute): New function.
(set_object_sd): New function.
(set_object_attribute): New function.
(set_file_attribute): Change attribute type to mode_t.
* security.h (set_file_attribute): Change attribute type to mode_t.
(get_object_sd): Declare.
(get_object_attribute): Declare.
(create_object_sd_from_attribute): Declare.
(set_object_sd): Declare.
(set_object_attribute): Declare.
* tty.cc (tty::slave_alive): Implement directly instead of via alive.
(tty::exists): Open mutex handle with READ_CONTROL access.
(tty::alive): Remove.
(tty::open_output_mutex): Convert to inline method.
(tty::open_input_mutex): Ditto.
(tty::open_mutex): Take additional ACCESS_MASK parameter for the
mutex open access mask.
(tty::open_inuse): New method.
(tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt
name parameter. Always create TTY_SLAVE_ALIVE event.
(tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for
CreateEvent.
* tty.h (class tty): Change declarations according to aforementioned
changes.
(tty::open_output_mutex): Implement as inline method.
(tty::open_input_mutex): Ditto.
LocalFree instead of ::free.
* sec_acl.cc: Throughout replace old ACE flag definitions with current
definitions as used in MSDN man pages.
* security.cc: Ditto.
* fhandler.cc (fhandler_base::open): Make sure file has really been
just created before fixing file permissions. Add S_JUSTCREATED
attribute to set_file_attribute call.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
with default security descriptor and fix descriptor afterwards.
Add S_JUSTCREATED flag to set_file_attribute call.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Call GetSecurityInfo rather than
NtQuerySecurityObject. Explain why. Change error handling accordingly.
(alloc_sd): Skip non-inherited, non-standard entries in ACL if
S_JUSTCREATED attribute is set. Explain why. Minor format fixes.
* security.h (S_JUSTCREATED): New define.
(security_descriptor::operator=): New operator.
error when changing the user account on a standalone Samba server.
Explain why.
* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
(well_known_samba_unix_user_fake_sid): Define.
* security.cc (set_file_sd): Take additional parameter if ownership
should be changed. Restrict requested permissions accordingly.
(set_file_attribute): Accommodate additional parameter to set_file_sd.
* security.h (well_known_samba_unix_user_fake_sid): Declare.
(set_file_sd): Align declaration to above change.
with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting
FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
* security.cc (alloc_sd): Reformat expression. Strip EA permission
bits from owner_deny and group_deny computation.
and use FILE_ATTRIBUTE_DIRECTORY directly in call to NtCreateFile.
* posix_ipc.cc (ipc_mutex_init): Fix format string when creating IPC
object name.
(ipc_cond_init): Ditto.
* security.cc (alloc_sd): Add parentheses to fix setting initial
owner_allow value.
additional path_conv argument.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
R/O attribute when using ACLs.
(fhandler_disk_file::mkdir): Ditto. Set
security descriptor on remote dirs after creating the dir, same as in
fhandler_base::open.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto. for remote symlinks.
* security.cc (alloc_sd): Take additional path_conv argument.
Accommodate throughout. Drop setting FILE_WRITE_EA/FILE_READ_EA
flags unconditionally (was only necessary for "ntea"). Don't set
FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
Samba. Add comment to explain. Drop useless setting of
STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
to enforce read permissions on Samba.
(set_security_attribute): Take additional path_conv argument.
* security.h (set_security_attribute): Change prototype accordingly.
opened for reading the ACLs, fall back to faking them.
* sec_acl.cc (acl_worker): Handle non-existing files.
* security.cc (get_file_attribute): Return ILLEGAL_UID/ILLEGAL_GID
as owner/group for non-readable ACLs on file systems supporting them.
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.
* security.cc (alloc_sd): Set security descriptor control flag without
calling SetSecurityDescriptorControl function.
* wincap.h (wincapc::has_dacl_protect): Rename from
has_security_descriptor_control.
* wincap.cc: Ditto throughout.
* mmap.cc (mlock): Accommodate parameter change in call to
push_thread_privilege.
(munlock): Ditto.
* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
(NtAdjustPrivilegesToken): Declare.
* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
(privilege_luid): Take job of privilege_luid_by_name, using new
cygpriv.
(privilege_luid_by_name): Remove.
(privilege_name): Accommodate new cygpriv array.
(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
Accommodate changes to privilege_name.
(set_cygwin_privileges): Simplify. Don't try to set
SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
* security.cc (sys_privs): Reorder to match numerical privilege order.
Use real privilege values as defined in security.h.
(get_system_priv_list): Drop unused grp_list argument. Create
list of privileges according to new wincapc::max_sys_priv value.
(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
Make priv a local value instead of a pointer.
(create_token): Accommodate parameter change in call to
push_self_privilege.
(lsaauth): Ditto.
(check_access): Use privilege values directly instead of calling
privilege_luid.
* security.h: Define real privilege values.
(cygpriv_idx): Remove.
(privilege_luid): Change declaration.
(privilege_luid_by_name): Drop declaration.
(set_privilege): Change declaration.
(set_process_privilege): Drop definition.
(_push_thread_privilege): Accomodate new set_privilege parameters.
* wincap.h (wincapc::max_sys_priv): New element.
* wincap.cc: Implement above element throughout.
(wincap_2000sp4): New wincaps structure.
(wincap_xpsp1): Ditto.
(wincap_xpsp2): Ditto.
(wincapc::init): Use new wincaps.
(wincapc::max_sys_priv): New element.
Accommodate changge throughout Cygwin.
(cygheap_user::imp_token): Rename from token. Accommodate changge
throughout Cygwin.
(rcygheap_user::eimpersonate): Use primary token for impersonation.
* grp.cc (internal_getgroups): Use primary impersonation token when
impersonated.
* security.h (_push_thread_privilege): Use primary impersonation token
when impersonated.
user information on NT4.
* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
considerations.
(security_descriptor::realloc): Ditto.
(security_descriptor::free): Ditto.
* security.cc (get_reg_security): Reinstantiate.
(get_nt_object_security): Revert to using NtQuerySecurityObject.
* security.h (class security_descriptor): Drop type member.
Accommodate throughout.
(security_descriptor::size): Constify.
(security_descriptor::copy): Ditto.