* Makefile.in (DLL_OFILES): Add sec_posixacl.o.
(SUBLIBS): Add libacl.a
(libacl.a): New rule to create libacl.a.
* common.din: Export POSIX ACL functions as well as most libacl.a
extensions.
* fhandler.h (fhander_base::acl_get): New prototype.
(fhander_base::acl_set): Ditto.
(fhandler_disk_file::acl_get): Ditto.
(fhandler_disk_file::acl_set): Ditto.
* include/acl/libacl.h: New file.
* include/cygwin/version.h: Bump API minor version.
* include/sys/acl.h: Drop including cygwin/acl.h. Accommodate
throughout Cygwin. Add POSIX ACL definitions.
* sec_acl.cc: Include sec_posixacl.h. Replace ILLEGAL_UID and
ILLEGAL_GID with ACL_UNDEFINED_ID where sensible.
(__aclcheck): New internal acl check function to be used for
Solaris and POSIX ACLs.
(aclcheck32): Call __aclcheck.
(__aclcalcmask): New function to compute ACL_MASK value.
(__aclsort): New internal acl sort function to be used for Solaris
and POSIX ACLs.
(aclsort32): Call __aclsort.
(permtostr): Work directly on provided buffer.
(__acltotext): New internal acltotext function to be used for
Solaris and POSIX ACLs.
(acltotext32): Call __acltotext.
(__aclfromtext): New internal aclfromtext function to be used for
Solaris and POSIX ACLs.
(aclfromtext32): Call __aclfromtext.
* sec_posixacl.cc: New file implemeting POSIX ACL functions.
* sec_posixacl.h: New internal header.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
POSIX.1e requires that chmod changes the MASK rather than the
GROUP_OBJ value if the ACL is non-trivial.
On Windows, especially on home machines, a standard ACL often
consists of entries for the user, maybe the group, and additional
entries for SYSTEM and the Administrators group. A user calling
chmod on a file with bog standard Windows perms usually expects
that chmod changes the GROUP_OBJ perms, but given the rules from
POSIX.1e we can't do that.
However, since we already treat Admins and SYSTEM special in a
ACL (they are not used in MASK computations) we go a step in the
Windows direction to follow user expectations. If an ACL only
consists of the three POSIX permissions, plus entries for Admins
and SYSTEM *only*, then we change the permissions of the GROUP_OBJ
entry *and* the MASK entry.
* fhandler_disk_file.cc (fhandler_disk_file::chmod): Drop unused
code. Add special handling for a "standard" Windows ACL. Add
comment to explain.
* sec_acl.cc (get_posix_access): Allow to return "standard-ness"
of an ACL to the caller. Add preceeding comment to explain a bit.
* security.h (get_posix_access): Align prototype.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Only request
query_write_dac rather than query_write_control access when writing
an ACL. Fix a comment.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* path.h (class path_conv_handle): Use FILE_ALL_INFORMATION instead of
FILE_NETWORK_OPEN_INFORMATION. Use definitions from ntdll.h since it's
included anyway.
(path_conv_handle::fai): Change name from fnoi.
(path_conv::fai): Ditto.
(file_get_fai): Change name from file_get_fnoi. Drop second parameter.
* path.cc (file_get_fai): Ditto. Fetch FileAllInformation rather than
FileNetworkOpenInformation. Convert STATUS_BUFFER_OVERFLOW to
STATUS_SUCCESS. Remove workaround to fetch FileBasicInformation and
FileStandardInformation on filesystems with broken
FileNetworkOpenInformation handling.
(symlink_info::check): Accommodate above changes. In case of using
the NtQueryDirectoryFile fallback, fetch FileIdBothDirectoryInformation
to get inode number as well.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Drop outdated
comment. Accommodate change to using FileAllInformation. Drop
extra function calls to fetch NumberOfLinks and IndexNumber. Set ino
directly from IndexNumber stored in pc.fai(). Drop second argument
from call to fstat_helper.
(fhandler_base::fstat_by_name): Drop second argument from call to
fstat_helper.
(fhandler_base::fstat_helper): Drop second parameter. Accommodate
the fact that we access a FILE_ALL_INFORMATION structure now.
(fhandler_base::open_fs): Set ino directly from IndexNumber stored in
pc.fai().
* fhandler.h (fhandler_base::fstat_helper): Fix declaration accrdingly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (path_conv::get_ino_by_handle): Rename fai to
fii for clearness.
(fhandler_disk_file::readdir): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Disable
deviation from POSIX 1003.1e in terms of GROUP_OBJ/CLASS_OBJ
permissions. Follow POSIX 1003.1e again. Keep old code in
for future reference.
* sec_acl.cc: Accommodate changes in ACE creation in leading
comment.
(set_posix_access): Fix user deny ACE creation. Split group
deny ACE creation into two steps, one to reflect CLASS_OBJ,
the other to reflect OTHER_OBJ.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- New, unified implementation of POSIX permission and ACL handling. The
new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
they allow to inherit the S_ISGID bit. ACL inheritance now really
works as desired, in a limited, but theoretically equivalent fashion
even for non-Cygwin processes.
To accommodate Windows default ACLs, the new code ignores SYSTEM and
Administrators group permissions when computing the MASK/CLASS_OBJ
permission mask on old ACLs, and it doesn't deny access to SYSTEM and
Administrators group based on the value of MASK/CLASS_OBJ when
creating the new ACLs.
The new code now handles the S_ISGID bit on directories as on Linux:
Setting S_ISGID on a directory causes new files and subdirs created
within to inherit its group, rather than the primary group of the user
who created the file. This only works for files and directories
created by Cygwin processes.
2015-05-29 Corinna Vinschen <corinna@vinschen.de>
Reapply POSIX ACL changes.
* utils.xml (setfacl): Show new option output.
(getfacl): Show new option output.
* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
Apply umask, if so. Align comments.
* security.cc (set_created_file_access): Fix permission masking by
incoming requested file mode.
* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
for SYSTEM and Admins group.
* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
* fhandler.h (fhandler_pty_slave::facl): Add prototype.
* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
(fhandler_pty_slave::fchown): Fix uid/gid handling.
* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
Simplify and move around code in a few places. To improve ACL
readability, add r/w permissions to Admins ACE appended to pty ACL.
Add comment to explain Windows ACE Mask filtering being in the way of
creating a real CLASS_OBJ.
(get_posix_access): Fake CLASS_OBJ for ptys. Explain why.
* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
when calling get_posix_access.
* sec_acl.cc (set_posix_access): Move merging group perms into owner
perms in case of owner == group after mask has been computed. Take
mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
the ACCESS_ALLOWED_ACE.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment
to explain why.
* security.cc (set_created_file_access): Ditto.
* sec_acl.cc (set_posix_access): Replace previous patch. Return
EINVAL if uid and/or guid is invalid and not backed by an actual
Windows account.
* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.
* sec_acl.cc (set_posix_access): Handle files with owner == group.
Rephrase switch statement checking against unfiltered a_type value.
(get_posix_access): Handle files with owner == group.
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
CLASS_OBJ mask on old-style ACLs. Fix a comment.
* sec_acl.cc (set_posix_access): Always make sure Admins have
WRITE_DAC and WRITE_OWNER permissions.
* security.h (create_object_sd_from_attribute): Drop handle parameter
from prototype.
* security.cc (create_object_sd_from_attribute): Drop handle parameter.
Just create the standard POSIXy security descriptor.
(set_object_attribute): Accommodate dropped paramter in call to
create_object_sd_from_attribute.
* fhandler_tty.cc: Ditto, throughout.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
mask computation.
* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
not umasked.
(fhandler_base::open): Explicitely umask mode on NFS here. Call new
set_created_file_access rather than set_file_attribute.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
setting permissions on filesystems supporting ACLs using the new
set_posix_access call.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::mkdir): Call new set_created_file_access rather
than set_file_attribute.
* fhandler_socket.cc (fhandler_socket::bind): Don't umask here. Add
WRITE_OWNER access to allow writing group in case of SGID bit set.
Call new set_created_file_access rather than set_file_attribute.
* path.cc (symlink_worker): Call new set_created_file_access rather
than set_file_attribute.
* sec_acl.cc (searchace): Un-staticize.
(set_posix_access): New, complementary functionality to
get_posix_access.
(setacl): Implement in terms of get_posix_access/set_posix_access.
(get_posix_access): Add handling for just created files requiring
their first Cygwin ACL. Fix new_style recognition. Handle SGID
bit. For old-style ACLs, ignore SYSTEM and Administrators when
computing the {DEF_}CLASS_OBJ perms.
* security.cc (get_file_sd): Revamp comment. Change and (hopefully)
speed up inheritance processing for just created files.
(alloc_sd): Remove.
(set_security_attribute): Call set_posix_access instead of alloc_sd.
(get_object_attribute): Fix return value.
(create_object_sd_from_attribute): Call set_posix_access instead of
alloc_sd.
(set_file_attribute): Remove.
(set_created_file_access): New function implemented in terms of
get_posix_access/set_posix_access.
* security.h (set_file_attribute): Remove prototype.
(set_created_file_access): Add prototype.
(searchace): Ditto.
(set_posix_access): Ditto.
* syscalls.cc (open): Call open_with_arch with mode not umasked.
* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
Describe how to generate deny ACEs in more detail. Accommodate the
fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
a special Cygwin ACE. Improve further comments.
(CYG_ACE_NEW_STYLE): Define.
(get_posix_access): Change from Cygwin ACE to NULL deny ACE. Fix
CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
NULL deny ACE if the inheritance flags say so.
* sec_helper.cc (well_known_cygwin_sid): Remove.
* security.h (well_known_cygwin_sid): Drop declaration.
* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
(get_posix_access): Rename index variable from i to idx. Define only
once at top level.
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
Accommodate throughout.
(add_access_denied_ace): Ditto.
* sec_acl.cc: Accommodate above change throughout.
* security.h (add_access_allowed_ace): Adjust prototype to above change.
(add_access_denied_ace): Ditto.
* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
owner and primary group of the file. Handle the default primary
group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
set. Add comments. Minor code rearrangements.
Preliminary read side implementation of new permission handling.
* acl.h (MAX_ACL_ENTRIES): Raise to 2730. Add comment to explain.
* sec_acl.cc: Add leading comment to explain new ACL style.
Add definitions and macros to use for bits in new Cygwin ACL.
(DENY_RWX): New mask value for all temporary deny bits.
(getace): Add bool parameter to decide when leaving all bits intact,
rather than filtering them per the already set bits.
(get_posix_access): New function, taking over functionality to read
POSIX ACL from SECURITY_DESCRIPTOR.
(getacl): Just call get_posix_access.
* sec_helper.cc (well_known_cygwin_sid): Define.
* security.cc (get_attribute_from_acl): Remove.
(get_info_from_sd): Remove.
(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
(get_file_attribute): Ditto.
(get_object_attribute): Ditto.
* security.h (well_known_cygwin_sid): Declare.
(get_posix_access): Add prototype.
* Throughout, use simpler ACE macros from Windows' accctrl.h.
* getfacl.c (main): Special-case SYSTEM and Admins group. Add comments.
* setfacl.c: Align more to Linux tool.
(delacl): New function to delete acl entries only.
(modacl): Drop delete functionality. Add handling of recomputing the
mask and default mask values.
(delallacl): Rename from delacl.
(setfacl): Call delacl in Delete case. Call delallacl in DeleteAll
and DeleteDef case.
(usage): Accommodate new options. Rearrange and rephrase slightly.
(longopts): Emit 'x' in --delete case. Add --no-mask and --mask
options.
(opts): Add -x and -n options.
(main): Handle -d and -x the same. Handle -n and --mask options.
Drop handling for -r option.
* getfacl.c (usage): Align more closely to Linux version. Add new
options -c, -e, -E. Change formatting to accommodate longer options.
(longopts): Rename --noname to --numeric. Keep --noname for backward
compatibility. Add --omit-header, --all-effective and --no-effective
options.
(opts): Add -c, -e and -E option.
(main): Handle new -c, -e, and -E options.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Rearrange
to fall back to myself uid/gid in case we don't utilize Windows
account DBs, just as prior to 1.7.34.
* sec_helper.cc (cygpsid::get_id): Disable Samba user/group mapping per
RFC2307 if we're not utilizing Windows account DBs.
* security.cc (convert_samba_sd): Revert previous patch.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Only try
to map user and group info per RFC2307 if account info is fetched
from Windows account DB.
(convert_samba_sd): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
suffix and make private. Rename normalized_path to posix_path and
make privtae. Accommodate name changes throughout in path_conv
methods.
(path_conv::known_suffix): New method. Use throughout instead of
accessing suffix directly.
(path_conv::get_win32): Constify.
(path_conv::get_posix): New method to read posix_path. Use throughout
instead of accessing normalized_path directly.
(path_conv::set_posix): Rename from set_normalized_path. Accommodate
name change throughout.
* spawn.cc (find_exec): Return POSIX path, not Win32 path.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Ditto in noacl case.
* sec_acl.cc (getacl): Compute useful fake CLASS_OBJ and DEF_CLASS_OBJ
permission bits based on how these values are generated on Linux.
Add commants to explain what the code is doing.
* security.cc (get_attribute_from_acl): Compute group permission based
on the actual primary group permissions and all secondary user and group
ACCESS_ALLOWED_ACEs to emulate Linux' behaviour more closely.
(check_access): Fix typos im comment.
* include/cygwin/acl.h (MIN_ACL_ENTRIES): Redefine as 3.
to declaration.
* fhandler_tty.cc (fhandler_pty_slave::fch_open_handles): Add bool
parameter "chown". Only request WRITE_OWNER access when opening pty
synchronization objects if "chown" is set.
(fhandler_pty_slave::fchmod): Call fch_open_handles with new bool
parameter set to false.
(fhandler_pty_slave::fchown): Call fch_open_handles with new bool
parameter set to true.
* kernel32.cc (CreateFileMappingW): Fix default standard rights for
file mappings from READ_CONTROL to STANDARD_RIGHTS_REQUIRED to allow
changing the DACL (fixes "access denied" error in pinfo::set_acl).
* fhandler_disk_file.cc (fhandler_base::fstat_helper): Change debug
output to print mode bits in octal.
* security.cc (alloc_sd): Ditto.
(set_file_attribute): Ditto.
POBJECT_ATTRIBUTES. Take OBJECT_ATTRIBUTES reference as argument, not
pointer.
* fhandler_disk_file.cc: Throughout accommodate above change.
* syscalls.cc: Ditto.
* ntea.cc (read_ea): Don't set hdl to NULL if it's already NULL. Set
attr with pc.init_reopen_attr before trying to reopen file.
(write_ea): Ditto.
* security.cc (get_file_sd): Use pc.init_reopen_attr rather than
pc.get_object_attr when trying to reopen file.
(set_file_sd): Ditto.
(LdapMapErrorToWin32): Import.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Accommodate
change to cyg_ldap::open.
* ldap.cc (CYG_LDAP_TIMEOUT): Remove.
(CYG_LDAP_ENUM_TIMEOUT): Remove.
(def_tv): Remove.
(enum_tv): Remove.
(cyg_ldap::map_ldaperr_to_errno): New method to map LDAP error codes to
POSIX errno codes. Explicitly map LDAP_NO_RESULTS_RETURNED to ENMFILE.
(cyg_ldap::wait): Ditto.
(struct cyg_ldap_init): New struct.
(cyg_ldap::connect_ssl): Return ULONG. Drop setting LDAP_OPT_TIMELIMIT.
Add call to ldap_search_sW to fetch root DSE.
(cyg_ldap::connect_non_ssl): Ditto.
(ldap_init_thr): New static thread function.
(cyg_ldap::connect): New method to call connect_ssl/connect_non_ssl in
an interruptible cygthread.
(struct cyg_ldap_search): New struct.
(cyg_ldap::search_s): New method to perform generic synchronous search.
(ldap_search_thr): New static thread function.
(cyg_ldap::search): New method to call search_s in an interruptible
cygthread.
(struct cyg_ldap_next_page): New struct.
(cyg_ldap::next_page_s): New method to perform generic synchronous
paged search.
(ldap_next_page_thr): New static thread function.
(cyg_ldap::next_page): New method to call next_page_s in an
interruptible cygthread.
(cyg_ldap::open): Return POSIX errno. Call connect method.
(cyg_ldap::fetch_ad_account): Call search method rather than
ldap_search_stW.
(cyg_ldap::enumerate_ad_accounts): Return POSIX errno. Use infinite
timeout in call to ldap_search_init_pageW.
(cyg_ldap::next_account): Return POSIX errno. Call next_page method
rather than ldap_get_next_page_s.
(cyg_ldap::fetch_posix_offset_for_domain): Call search method rather
than ldap_search_stW.
(cyg_ldap::fetch_unix_sid_from_ad): Ditto.
(cyg_ldap::fetch_unix_name_from_rfc2307): Ditto.
* ldap.h (class cyg_ldap): Accommodate aforementioned changes.
* passwd.cc (pg_ent::enumerate_ad): Ditto. Break search if one of
cyg_ldap::enumerate_ad_accounts or cldap.next_account returns with
an error code other than ENMFILE.
* sec_helper.cc (cygpsid::get_id): Accommodate change to cyg_ldap::open.
* uinfo.cc (fetch_posix_offset): Ditto.
* cygheap.h (class cygheap_ugid_cache): Move ugid_cache_t type here
and rename.
(struct init_cygheap): Add cygheap_ugid_cache member "ugid_cache".
* pwdgrp.h (class ugid_cache_t): Remove here.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Accommodate
move of ugid_cache to cygheap.
* sec_helper.cc (get_sids_info): Ditto.
* uinfo.cc (ugid_cache): Remove.
(pwdgrp::fetch_account_from_windows): Define id_val globally.
Move SidTypeAlias handling into SidTypeUser/SidTypeGroup branch since
aliases are handled like groups in SAM. Accommodate move of ugid_cache
to cygheap. Consolidate code reading SAM comments into a single branch
for both, SidTypeUser and SidTypeAlias. For SidTypeAlias, fix thinko
and call NetLocalGroupGetInfo rather than NetGroupGetInfo. Simplify
code setting Cygwin primary group for SAM accounts. Add code to handle
UNIX uid/gid from SAM comment.
/etc/nsswitch.conf file to configure it.
* Makefile.in (DLL_OFILES): Add ldap.o.
* autoload.cc: Import ldap functions from wldap32.dll.
(DsEnumerateDomainTrustsW): Import.
(NetGroupGetInfo): Import.
* cygheap.h (class cygheap_domain_info): New class to keep global
domain info.
(class cygheap_pwdgrp): New class to keep passwd/group caches and
configuration info from /etc/nssswitch.conf.
(struct init_cygheap): Add cygheap_domain_info member "dom" and
cygheap_pwdgrp member "pg".
* cygtls.h (struct _local_storage): Remove unused member "res".
Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
passwd/group fetching from SAM/AD. Make pw_pos and pw_pos unsigned.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
uid/gid mapping.
* fhandler_process.cc: Drop including pwdgrp.h.
* fhandler_procsysvipc.cc: Ditto.
* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
* grp.cc (group_buf): Drop.
(gr): Drop.
(pwdgrp::parse_group): Fill pg_grp.
(pwdgrp::read_group): Remove.
(pwdgrp::init_grp): New method.
(pwdgrp::prep_tls_grbuf): New method.
(pwdgrp::find_group): New methods.
(internal_getgrsid): Convert to call new pwdgrp methods.
(internal_getgrnam): Ditto.
(internal_getgrgid): Ditto.
(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
(getgrgid32): Ditto.
(getgrnam_r): Ditto for internal_getgrnam.
(getgrnam32): Ditto.
(getgrent32): Convert to call new pwdgrp methods.
(internal_getgrent): Remove.
(internal_getgroups): Simplify, especially drop calls to
internal_getgrent.
* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
and RFC 2307 server.
* ldap.h: New header, declaring cyg_ldap class.
* passwd.cc (passwd_buf): Drop.
(pr): Drop.
(pwdgrp::parse_passwd): Fill pg_pwd.
(pwdgrp::read_passwd): Remove.
(pwdgrp::init_pwd): New method.
(pwdgrp::prep_tls_pwbuf): New method.
(find_user): New methods.
(internal_getpwsid): Convert to call new pwdgrp methods.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
(getpwuid_r): Ditto.
(getpwnam): Ditto for internal_getpwnam.
(getpwnam_r): Ditto.
(getpwent): Convert to call new pwdgrp methods.
* path.cc (class etc): Remove all methods.
* path.h (class etc): Drop.
* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
than UNKNOWN_GID.
(pinfo_init): Ditto.
* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
(internal_getpwuid): Ditto.
(internal_getgrgid): Ditto.
(internal_getgrnam): Ditto.
(internal_getgrent): Drop declaration.
(enum fetch_user_arg_type_t): New type.
(struct fetch_user_arg_t): New type.
(struct pg_pwd): New type.
(struct pg_grp): New type.
(class pwdgrp): Rework to provide functions for file and db requests
and caching.
(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
(ugid_cache): Declare.
* sec_acl.cc: Drop including pwdgrp.h.
* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
(get_logon_server): Convert third parameter to ULONG flags argument
to allow arbitrary flags values in DsGetDcNameW call and change calls
to this function throughout. Use cached account domain name rather
than calling GetComputerNameW.
(get_unix_group_sidlist): Remove.
(get_server_groups): Drop call to get_unix_group_sidlist.
(verify_token): Rework token group check without calling
internal_getgrent.
* sec_helper.cc (cygpsid::pstring): New methods, like string() but
return pointer to end of string.
(cygsid::getfromstr): Add wide character implementation.
(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
* security.cc: Drop including pwdgrp.h.
* security.h (DEFAULT_UID): Remove.
(UNKNOWN_UID): Remove.
(UNKNOWN_GID): Remove.
(uinfo_init): Move here from winsup.h.
(ILLEGAL_UID): Ditto.
(ILLEGAL_GID): Ditto.
(UNIX_POSIX_OFFSET): Define. Add lengthy comment.
(UNIX_POSIX_MASK): Ditto.
(MAP_UNIX_TO_CYGWIN_ID): Ditto.
(ILLEGAL_UID16): Move here from winsup.h.
(ILLEGAL_GID16): Ditto.
(uid16touid32): Ditto.
(gid16togid32): Ditto.
(sid_id_auth): New convenience macro for SID component access.
(sid_sub_auth_count): Ditto.
(sid_sub_auth): Ditto.
(sid_sub_auth_rid): Ditto.
(cygpsid::pstring): Declare.
(cygsid::getfromstr): Declare wide character variant.
(cygsid::operator=): Ditto.
(cygsid::operator*=): Ditto.
(get_logon_server): Change declaration according to source code.
* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
call.
* shared.cc (memory_init): Call cygheap->pg.init in first process.
* syscalls.cc: Drop including pwdgrp.h.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
call. Fix debug output. Overwrite user gid in border case of a
missing passwd file while a group file exists.
(pwdgrp::add_line): Allocate memory on cygheap.
(pwdgrp::load): Remove.
(ugid_cache): Define.
(cygheap_pwdgrp::init): New method.
(cygheap_pwdgrp::nss_init_line): New method.
(cygheap_pwdgrp::_nss_init): New method.
(cygheap_domain_info::init): New method.
(logon_sid): Define.
(get_logon_sid): New function.
(pwdgrp::add_account_post_fetch): New method.
(pwdgrp::add_account_from_file): New methods.
(pwdgrp::add_account_from_windows): New methods.
(pwdgrp::check_file): New method.
(pwdgrp::fetch_account_from_line): New method.
(pwdgrp::fetch_account_from_file): New method.
(pwdgrp::fetch_account_from_windows): New method.
* winsup.h: Move aforementioned macros and declarations to security.h.
comment.
* mount.cc (mount_info::from_fstab): Use tmp_pathbuf rather than
stack for big local buffer.
* net.cc (cygwin_gethostname): Call GetComputerNameExA rather than
GetComputerNameA if gethostname failed.
* shared.cc (user_info::initialize): Fix formatting.
* include/sys/file.h: Define flock and accompanying macros if not
already defined in sys/_default_fcntl.h.
(dev_storage): Ditto for /dev.
* devices.cc: Regenerate.
* fhandler.cc (fhandler_base::open_null): New method to open a fake
\Device\Null handler.
(fhandler_base::open): Fix formatting. Change O_ACCMODE test to a
switch statement. Simplify a test which still tested for a now unused
create_disposition.
* fhandler.h (fhandler_base::open_null): Declare.
(fhandler_netdrive::close): Declare.
* fhandler_dev.cc (fhandler_dev::open): Open fake \Device\Null handle
by just calling new open_null method.
* fhandler_disk_file.cc (fhandler_cygdrive::open): Ditto.
* fhandler_netdrive.cc (fhandler_netdrive::open): Call open_null
rather than setting nohandle.
(fhandler_netdrive::close): New method.
* fhandler_registry.cc (fetch_hkey): Fix token in RegOpenUserClassesRoot
call. Create valid key for HKEY_CURRENT_CONFIG by mapping to real key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current.
(fhandler_registry::open): Set nohandle only when using pseudo registry
handle.
* fhandler_virtual.cc (fhandler_virtual::opendir): Call open rather
than just setting nohandle here.
* fhandler_virtual::fstatvfs): Set ST_RDONLY fs flag.
* globals.cc (ro_u_null): New readonly UNICODE_STRING for \Device\Null.
* path.h (path_conv::set_path): Revert previous change caring for
wide_path.
(dev_storage): Map /dev and /dev/windows to \Device\Null.
* devices.cc: Regenerate.
* dir.cc (opendir): Create unique id. Explain why.
* fhandler.h (fhandler_dev::get_dev): Implement inline.
(fhandler_cygdrive::close): Drop declaration.
(fhandler_cygdrive::get_dev): Implement inline.
(fhandler_windows::get_hwnd): Ditto.
(fhandler_windows::set_close_on_exec): Drop declaration.
(fhandler_windows::fixup_after_fork): Ditto.
* fhandler_dev.cc (fhandler_dev::open): Call fhandler_disk_file::open
without O_CREAT flag. Explain why. Create \Device\Null handle if
/dev/ doesn't actually exist.
(fhandler_dev::close): Drop nohandle case.
(fhandler_dev::fstatvfs): Drop nohandle check. Test for fs_got_fs
instead. Set ST_RDONLY fs flag for simulated /dev.
(fhandler_dev::opendir): If /dev doesn't exist, call open() to create
fake \Device\Null handle. Don't set nohandle. Set dir_exists
correctly.
(fhandler_dev::rewinddir): Call fhandler_disk_file::rewinddir only if
/dev is a real directory.
* fhandler_disk_file.cc (fhandler_disk_file::opendir): If called for
the cygdrive dir, call open() to create fake \Device\Null handle.
Only attach __DIR_mounts buffer to dir if not called for cygdrive dir.
Don't set nohandle.
(fhandler_cygdrive::open): Create \Device\Null handle.
(fhandler_cygdrive::close): Remove.
(fhandler_cygdrive::fstatvfs): Set ST_RDONLY fs flag.
* fhandler_windows.cc (fhandler_windows::open): Create \Device\Null
handle.
(fhandler_windows::read): Don't add io_handle to WFMO handle array.
Change subsequent test for return value accordingly. Fix test for
"message arrived".
(fhandler_windows::set_close_on_exec): Remove.
(fhandler_windows::fixup_after_fork): Remove.
* path.h (path_conv::set_path): Make sure wide_path is NULL when
setting a new path.
* select.cc (peek_windows): Use correct hWnd value, not io_handle.
(fhandler_windows::select_read): Don't use io_handle as wait object.
(fhandler_windows::select_write): Ditto.
(fhandler_windows::select_except): Ditto.
* devices.cc: Regenerate.
* dtable.h (struct dtable): Make fhandler_base friend, rather
than fhandler_disk_file.
* fhandler.cc (fhandler_base::open_with_arch): Create unique id.
(fhandler_base::cleanup): Call del_my_locks.
(fhandler_base::fcntl): Handle F_GETLK, F_SETLK and F_SETLKW.
* fhandler.h (fhandler_base::get_dev): Return real device number.
(fhandler_base::set_unique_id): New inline method.
(fhandler_disk_file::lock): Drop declaration.
(fhandler_disk_file::get_dev): New method, return pc.fs_serial_number.
(fhandler_dev_zero::open): Drop declaration.
* fhandler_disk_file.cc (fhandler_disk_file::close): Move
del_my_locks call to fhandler_base::open_with_arch.
(fhandler_disk_file::fcntl): Move handling of locking commands to
fhandler_base::fcntl.
(fhandler_base::open_fs): Drop call to NtAllocateLocallyUniqueId.
* fhandler_zero.cc (fhandler_dev_zero::open): Remove so that default
fhandler_base::open is used to open \Device\Null.
* flock.cc (fixup_lockf_after_exec): Finding a single fhandler is
enough here.
(fhandler_base::lock): Replace fhandler_disk_file::lock. Refuse to lock
nohandle devices. Handle read/write test using POSIX flags. Explain
why. Never fail on SEEK_CUR or SEEK_END, rather assume position 0,
just as Linux.
* net.cc (fdsock): Create unique id.
Windows 9x compatibility.
* fhandler_disk_file.cc (fhandler_base::fstat_helper): Drop now unneeded
casts in calls to_timestruc_t.
(fhandler_base::utimens_fs): Ditto for timespec_to_filetime.
* fhandler_proc.cc (format_proc_stat): Ditto for to_time_t.
* hires.h (class hires_ms): Remove unused member initime_ns.
Remove declarations for timeGetTime_ns and prime.
(hires_ms::uptime): Remove.
* posix_ipc.cc (ipc_cond_timedwait): Ditto for timespec_to_filetime.
* fhandler_registry.cc (fhandler_registry::fstat): Add cast.
* resource.cc (fill_rusage): Call NtQueryInformationProcess rather than
GetProcessTimes to deal with LARGE_INTEGER rather than FILETIME.
* times.cc: Simplify time handling. Throughout, use LARGE_INTEGER
rather than FILETIME to simplify computations. Throughout use
{u}int64_t rather than {unsigned} long long. Drop unneeded casts since
NSPERSEC is 64 bit anyway.
(systime_ns): Remove.
(times): Call NtQuerySystemInformation to fetch boot time. Call
NtQueryInformationProcess rather than GetProcessTimes to deal with
LARGE_INTEGER rather than FILETIME. Call GetSystemTimeAsFileTime.
(totimeval): Use constant 1000000 as in other functions.
(time_t_to_filetime): Remove.
(to_time_t): Change return type to time_t.
(time_as_timestruc_t): Rename filetime to systime.
(time): Ditto. Add cast.
(hires_ns::nsecs): Fix return type cast.
(hires_ms::timeGetTime_ns): Remove.
(hires_ns::prime): Remove.
(hires_ms::nsecs): Drop call to prime. Call GetSystemTimeAsFileTime
directly. Subtract FACTOR here since it's the only function needing
to do so.
(minperiod): Cosmetically change to ULONG.
(hires_ns::resolution): Fix return type cast.
(hires_ms::resolution): Simplify, rely on NtQueryTimerResolution.
* winsup.h: Align time related prototypes to above changes.
code if mandatory locking is used on this descriptor. Explain why.
(fhandler_disk_file::pwrite): Ditto.
* posix.sgml (std-notes): Extend description of file locking.
warnings between regparm definitions and declarations.
* smallprint.cc (__small_vswprintf): Conditionalize declaration and
setting of l_opt for only x86_64.
* spawn.cc (child_info_spawn::worker): Remove unused 'pid' variable.
* thread.cc (verifyable_object_isvalid): Temporarily define as
non-inline with gcc 4.7+, regardless of target.
(mainly in fhandler*) start fixing gcc 4.7.2 mismatch between regparm
definitions and declarations.
* gendef: Define some functions to take @ declaration to accommodate _regN
defines which use __stdcall.
* gentls_offsets: Define __regN macros as empty.
* autoload.cc (wsock_init): Remove unneeded regparm attribute.
* winsup.h (__reg1): Define.
(__reg2): Define.
(__reg3): Define.
* advapi32.cc (DuplicateTokenEx): Coerce some initializers to avoid warnings
from gcc 4.7.2.
* exceptions.cc (status_info): Declare struct to use NTSTATUS.
(cygwin_exception::dump_exception): Coerce e->ExceptionCode to NTSTATUS.
* fhandler_clipboard.cc (cygnativeformat): Redefine as UINT to avoid gcc 4.7.2
warnings.
(fhandler_dev_clipboard::read): Ditto.
an already sparse file. Drop check for FILE_SUPPORTS_SPARSE_FILES
flag. Explicitely set FILE_ATTRIBUTE_SPARSE_FILE attribute in
cached attributes.
(fhandler_base::lseek): Only set did_lseek if sparseness is supported.
* fhandler_disk_file.cc (fhandler_disk_file::ftruncate): Don't attempt
to sparsify an already sparse file. Explicitely set
FILE_ATTRIBUTE_SPARSE_FILE attribute in cached attributes.
* mount.cc (oopt): Add "sparse" flag.
(fillout_mntent): Ditto.
* path.h (enum path_types): Add PATH_SPARSE.
(path_conv::support_sparse): New method.
(path_conv::fs_flags): Constify.
(path_conv::fs_name_len): Ditto.
include/sys/mount.h: Replace unused MOUNT_MIXED flag with MOUNT_SPARSE.
why -fomit-frame-pointer doesn't work right for passwd.o and path.o. Add
-static to link command line for cygwin0.dll.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Reorganize slightly to
silence compiler warning when compiling with -fstack-check.
* net.cc (inet_ntop6): Initialize structure members to silence compiler warning
when compiling with -fstack-check.
* pseudo-reloc.cc (_pei386_runtime_relocator): Make this a C function. Detect
NULL u.
* winsup.h (_pei386_runtime_relocator): Declare this as extern "C".
* lib/_cygwin_crt0_common.cc (_pei386_runtime_relocator): Call with NULL
argument.
* signal.cc (sigaction_worker): Eliminate last argument. Let callers report
their own strace info. Regparmize.
(sigaction): Reflect sigaction_worker changes.
(siginterrupt): Ditto.
* exceptions.cc: Update copyright.
* devices.cc: Regenerate.
* devices.h (device::noexpose): New field.
(device::dev_on_fs): Make a bit field.
(get_major): Use proper type for declaration.
(expose): New field.
(ext_dev_storage): Delete declaration.
(dev_storage_size): Ditto.
(dev_storage): New declaration.
(dev_storage_end): Ditto.
* devices.in: Mark /dev/ptym*, /dev/com*, /dev/pipe, /dev/fifo, and "/dev" as
"no expose".
* fhandler.h (fhandler_dev::lastrealpos): Delete declaration.
(fhandler_dev::devidx): Declare new field.
* fhandler_disk_file.cc: Move fhandler_dev functions into fhandler_dev.cc.
* fhandler_dev.cc: Add includes needed for functions moved from
fhandler_disk_file.cc.
(dev_storage_scan_start): Define place to start listing devices.
(dev_storage_size): Define size of array to scan.
(fhandler_dev::fhandler_dev): Move here from fhandler_disk_file.cc.
(fhandler_dev::opendir): Ditto.
(fhandler_dev::readdir): Just check devidx for non-NULL to determine when to go
to disk for /dev content. Use dev_storage rather than ext_dev_storage.
Iterate over dev_storage using devidx pointer. Use accessor functions rather
than raw references to the device struct. Only increment dir->__d_position
when we are actually going to be returning something. Add debug_printf for
exit.
(fhandler_dev::rewinddir): Set devidx as appropriate depending on whether
there's a /dev on disk or not.
* gendevices: Don't mark dev_storage static but do put it in the _RDATA
section.
* path.cc (path_conv::check): Use new "device::expose()" function to decide to
forbid programs from referencing internal device types.
* fhandler_disk_file.cc (fhandler_cygdrive::opendir): Rename flptst
to drive. Call new get_disk_type function rather than is_floppy and
check SMB drives with the NetUseGetInfo function. Explain why.
* mount.cc (get_disk_type): New function to evaluate disk type from
native NT device name.
(is_floppy): Remove.
* mount.h (enum disk_type): Define.
(get_disk_type): Declare.
* path.h (is_floppy): Drop declaration.
* dir.cc (closedir): Call global close instead of just releasing the
fhandler.
* fhandler_disk_file.cc (fhandler_disk_file::closedir): Don't close
fhandler handle here, rely on global closedir doing the right thing.
* fhandler_registry.cc (fhandler_registry::readdir): Also delete
d_hash when closing registry key.
(fhandler_registry::rewinddir): Ditto.
Avoid infinite recursion in VirtualStore under UAC:
* fhandler_registry.cc (VIRT_CLASSES_KEY_PREFIX): Define.
(VIRT_CLASSES_KEY_SUFFIX): Ditto.
(VIRT_CLASSES_KEY): Ditto.
(VIRT_CLASSES_LINKTGT): Ditto.
(fhandler_registry::exists): Return virt_symlink as file type if
this is a Classes key under the VirtualStore.
(fhandler_registry::fstat): Handle virt_symlink.
(fhandler_registry::readdir): Return DT_LNK as d_type if this is a
Classes key under the VirtualStore.
(fhandler_registry::fill_filebuf): Handle Classes symlink.
Handle user impersonation in /proc/registry access:
* autoload.cc (RegOpenUserClassesRoot): Define.
(RegOpenCurrentUser): Define.
* fhandler_registry.cc (RegOpenUserClassesRoot): Declare function
missing in w32api.
(RegOpenCurrentUser): Ditto.
(fetch_hkey): New function.
(fhandler_registry::open): Call fetch_hkey to get root registry key.
(open_key): Ditto.