Commit Graph

117 Commits

Author SHA1 Message Date
Ken Brown 22fe938fb5 Cygwin: get_posix_access: avoid negative subscript
Don't refer to lacl[pos] unless we know that pos >= 0.
2020-10-14 10:53:59 -04:00
Corinna Vinschen 004d8adfa2 Cygwin: acls: allow converting empty acl to text
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-13 12:09:11 +01:00
Corinna Vinschen 76f06705be cygwin: convert most #ifndef __x86_64__ to #ifdef __i386__
Address the real offender

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-27 14:36:06 +01:00
Corinna Vinschen a8716448ce Simplify "Windows-standard-like" permissions
Commit 97d0449 left a bit to be desired.  First, the fact that any
new-style ACL couldn't be "standard ACL" anymore was very much over
the top.  On one hand Admins and SYSTEM ACEs are not supposed to be
masked, but on the other hand we *must* create the CLASS_OBJ
because otherwise we don't have information about masking the
execute perms for both groups.  The ACL would also fail aclcheck.

And while get_posix_access now returns the "is standard acl" flag,
it hasn't been utilized by set_created_file_access.  Rather,
set_created_file_access has simply continued to check for
nentries > MIN_ACL_ENTRIES, which led to all kinds of weird group
and CLASS_OBJ perms.  The new code now always manipulates CLASS_OBJ
perms if a CLASS_OBJ is present, and it always manipulates group perms
if the ACL has been marked as "standard" ACL.

Another problem (not related to commit 97d0449) is the order
get_posix_access adds missing perms.  CLASS_OBJ perms are computed
*before* missing GROUP_OBJ perms have been added.  Thus the CLASS_OBJ
perms could be too tight and led to additional, buggy DENY ACEs.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-08-19 16:50:15 +02:00
Corinna Vinschen 6e623e9320 Switching the Cygwin DLL to LGPLv3+, dropping commercial buyout option
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.

Everything else stays under GPLv3+.

New Linking Exception exempts resulting executables from LGPLv3 section 4.

Add CONTRIBUTORS file to keep track of licensing.

Remove 'Copyright Red Hat Inc' comments.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-23 10:09:17 +02:00
Corinna Vinschen 7a5b452443 Disallow S_ISGID on directories without default ACL entries
We can't handle the S_ISGID bit if the child didn't inherit a NULL SID
ACE with the S_ISGID bit set.  On directories without default ACL
entries we would have to add an inheritable NULL SID ACE and nothing else.
This in turn results in permission problems when calling set_file_sd
from set_created_file_access.  That's fixable, but it would only work
for files created from Cygwin while files created from native Windows
tools end up with really ugly permissions.

This patch only makes sure that the S_ISGID bit is reset for a directory
if it has no inheritable ACEs.  Still having the 's' bit shown in ls or
getfacl output would be misleading.  So, calling `setfacl -k' on a dir
also removes the S_ISGID bit now.

	* sec_acl.cc (set_posix_access): Drop S_ISGID bit on directories
	without inheritable ACEs.  Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-04-19 10:23:49 +02:00
Corinna Vinschen 97d0449325 Handle permissions a bit closer to POSIX 1003.1e
So far we tweaked ACL_GROUP_OBJ and ACL_MASK values the same way when
creating a file.  We now do what POSIX requires, namely just change
ACL_MASK if it's present, otherwise ACL_GROUP_OBJ.  Note that we only
do this at creation time.  Chmod still tweaks both to create less
surprising results for the unsuspecting user.

Additionally make sure to take umask only into account if no ACL_MASK
value is present.  That has been missed so far.

	* sec_acl.cc (set_posix_access): Perform check for non-existant
	default	ACEs earlier.  Ignore umask also if ACL_MASK is present.
	Only set owner_eq_group if we're actually handling a user entry.
	Mention chmod in a comment.
	* security.cc (set_created_file_access): Perform group/mask
	permission setting as required by POSIX 1003.1e.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-04-18 20:43:00 +02:00
Corinna Vinschen 12cc8290e8 Also create NULL SID ACE if special POSIX bits are set
Commit e2ea143 forgot to take special POSIX bits into account.

	* sec_acl.cc (set_posix_access): Make sure to create NULL SID
	ACE if any special POSIX permission bits are set.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-04-18 15:36:34 +02:00
Corinna Vinschen e2ea143083 Fix attempt to create ACLs without NULL SID
Commit f75114fc was supposed to drop NULL SIDs in case the permissions
are simple enough not to require mask values or special POSIX bits
(S_ISVTX, etc).  The check was incorrect.  This patch is supposed to
fix the problem.

	* sec_acl.cc (set_posix_access): Fix condition under which we
	write a NULL SID.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-04-18 12:07:04 +02:00
Corinna Vinschen f75114fc59 Don't write NULL SID ACE if it's not necessary.
If the ACL is supposed to reflect only standard POSIX permissions,
and if the permissions are so that user has more perms than group
and group has more perms than other, we don't really need the NULL
SID ACE.  If the permissions are that simple, get_posix_access will
not call AuthZ.

	* sec_acl.cc (set_posix_perms): Don't write NULL SID ACE if it's
	not required.  Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-13 16:02:55 +01:00
Corinna Vinschen fcd8a0d4f4 Fix typo which might break permission evaluation
* sec_acl.cc (get_posix_access): Fix a typo checking for a_id
	rather than a_type.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-12 17:57:34 +01:00
Corinna Vinschen fc180edcf4 Fix reading/writing Samba ACLs using RFC2307 mapping
When using RFC2307 uid/gid-mapping on Samba shares, the POSIX ACL contains
the Windows SIDs.  When writing back such an ACL we have to map the
Windows SIDs back to the corresponding Samba SIDs representing the UNIX
uid/gid value.  When reading Samba SIDs, make sure never to evaluate a
UNIX user account as group.

	* sec_acl.cc (set_posix_access): Convert Windows SIDs to
	RFC2307-mapped Sambe UNIX SIDs.
	* sec_helper.cc (cygpsid::get_id): Skip UNIX user accounts when
	trying to evaluate a SID as group.  Skip UNIX group accounts when
	trying to evaluate a SID as user.
	* cygheap.h (cygheap_ugid_cache::reverse_get): New method to
	get nfs id from cygwin id.
	(cygheap_ugid_cache::reverse_get_uid): Wrapper for uids.
	(cygheap_ugid_cache::reverse_get_gid): Wrapper for gids.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-12 17:56:21 +01:00
Corinna Vinschen 3d88f10983 __acltotext: Always append NUL
* sec_acl.cc (__acltotext): Append NUL unconditionally.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-08 13:56:40 +01:00
Corinna Vinschen 9ddf063921 Implement POSIX.1e ACL functions
* Makefile.in (DLL_OFILES): Add sec_posixacl.o.
	(SUBLIBS): Add libacl.a
	(libacl.a): New rule to create libacl.a.
	* common.din: Export POSIX ACL functions as well as most libacl.a
	extensions.
	* fhandler.h (fhander_base::acl_get): New prototype.
	(fhander_base::acl_set): Ditto.
	(fhandler_disk_file::acl_get): Ditto.
	(fhandler_disk_file::acl_set): Ditto.
	* include/acl/libacl.h: New file.
	* include/cygwin/version.h: Bump API minor version.
	* include/sys/acl.h: Drop including cygwin/acl.h.  Accommodate
	throughout Cygwin.  Add POSIX ACL definitions.
	* sec_acl.cc: Include sec_posixacl.h.  Replace ILLEGAL_UID and
	ILLEGAL_GID with ACL_UNDEFINED_ID where sensible.
	(__aclcheck): New internal acl check function to be used for
	Solaris and POSIX ACLs.
	(aclcheck32): Call __aclcheck.
	(__aclcalcmask): New function to compute ACL_MASK value.
	(__aclsort): New internal acl sort function to be used for Solaris
	and POSIX ACLs.
	(aclsort32): Call __aclsort.
	(permtostr): Work directly on provided buffer.
	(__acltotext): New internal acltotext function to be used for
	Solaris and POSIX ACLs.
	(acltotext32): Call __acltotext.
	(__aclfromtext): New internal aclfromtext function to be used for
	Solaris and POSIX ACLs.
	(aclfromtext32): Call __aclfromtext.
	* sec_posixacl.cc: New file implemeting POSIX ACL functions.
	* sec_posixacl.h: New internal header.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-08 13:56:40 +01:00
Corinna Vinschen b89d317cdc Fix comments in sec_acl.cc
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-02-22 10:54:13 +01:00
Corinna Vinschen ac4648c13e Treat ACLs with extra ACEs for Admins and SYSTEM like a trivial ACL
POSIX.1e requires that chmod changes the MASK rather than the
	GROUP_OBJ value if the ACL is non-trivial.

	On Windows, especially on home machines, a standard ACL often
	consists of entries for the user, maybe the group, and additional
	entries for SYSTEM and the Administrators group.  A user calling
	chmod on a file with bog standard Windows perms usually expects
	that chmod changes the GROUP_OBJ perms, but given the rules from
	POSIX.1e we can't do that.

	However, since we already treat Admins and SYSTEM special in a
	ACL (they are not used in MASK computations) we go a step in the
	Windows direction to follow user expectations.  If an ACL only
	consists of the three POSIX permissions, plus entries for Admins
	and SYSTEM *only*, then we change the permissions of the GROUP_OBJ
	entry *and* the MASK entry.

	* fhandler_disk_file.cc (fhandler_disk_file::chmod): Drop unused
	code.  Add special handling for a "standard" Windows ACL.  Add
	comment to explain.
	* sec_acl.cc (get_posix_access): Allow to return "standard-ness"
	of an ACL to the caller.  Add preceeding comment to explain a bit.
	* security.h (get_posix_access): Align prototype.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-01-28 22:05:49 +01:00
Corinna Vinschen a16ab1751c get_posix_access: Fix primary group handing when multiple ACEs exist
Handle additional ACE for primary group only as another GROUP
	entry if it's an allow ACE.  Deny ACEs don't qualify.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-01-28 14:34:11 +01:00
Corinna Vinschen d2216272f5 get_posix_access: Fix group deny bits leaking into file type attribute bits
* sec_acl.cc (get_posix_access): Fix bracketing in expression
	constructing POSIX group permissions so as not leaking deny bits
	into POSIX file type bits.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-01-15 15:13:11 +01:00
Corinna Vinschen b8f9d8de2c Drop use of not yet available type acl_perm_t
* sec_acl.cc (__aclcalcmask): Use mode_t instead of acl_perm_t

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-01-07 13:28:12 +01:00
Corinna Vinschen ed3c07215c aclsort: Honor calclass argument and allow recalculating ACL mask.
* sec_acl.cc (__aclcalcmask): New function to recalculate ACL masks.
        (aclsort32): Honor calclass argument.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-12-24 00:48:20 +01:00
Corinna Vinschen 7a1ac642f6 aclfromtext: Actually return aclcnt parameter
* sec_acl.cc (aclfromtext32): Return missing aclcnt parameter.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-12-24 00:39:45 +01:00
Corinna Vinschen 3b8372c1f2 Use TLS buffer in ACL<->text conversion
* sec_acl.cc (acltotext32): Use tmp_pathbuf rather than stack buffer.
        (aclfromtext32): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-12-24 00:32:54 +01:00
Corinna Vinschen 62fe4404a7 sec_acl.cc: Cosmetic changes
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-12-24 00:24:39 +01:00
Corinna Vinschen 47e7288769 Use correct gid value for Microsoft Account when /etc/group is in use
* sec_acl.cc (get_posix_access): In case owner SID == group SID, when
	encountering the group entry, change the value of `id' accordingly.
	Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-29 20:26:48 +01:00
Corinna Vinschen 90e006a63d get_posix_access: Skip merging permissions if user can't get more permissions
* sec_acl.cc (get_posix_access): Skip merging permissions if current
        user has rwx permissions anywa, or if the sum of all group and other
        permissions is less than or equal to the user's permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:56:38 +01:00
Corinna Vinschen a5d81afc71 get_posix_access: Fix computation of effective user permissions
* sec_acl.cc (get_posix_access): Fix computation of effective user
	permissions to handle current user, not only the file owner.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:55:19 +01:00
Corinna Vinschen 911808dd5e Fix permission evaluation for !new_style ACLs
* security.h (authz_get_user_attribute): Declare bool.
	* sec_helper.cc (authz_ctx::get_user_attribute): Make bool method.
	Set S_IxOTH bits in returned attributes rather than S_IxUSR bits.
	(authz_get_user_attribute): Make bool function.
	* sec_acl.cc (get_posix_access): Introduce cygsid array to keep
	track of all SIDs in the ACL.  Move AuthZ calls into !new_style
	permission post processing.  When not using AuthZ, use
	CheckTokenMembership to collect group permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:30:38 +01:00
Corinna Vinschen 7edb6b8d3e Fix up POSIX permission handling
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Disable
	deviation from POSIX 1003.1e in terms of GROUP_OBJ/CLASS_OBJ
	permissions.  Follow POSIX 1003.1e again.  Keep old code in
	for future reference.
	* sec_acl.cc: Accommodate changes in ACE creation in leading
	comment.
	(set_posix_access): Fix user deny ACE creation.  Split group
	deny ACE creation into two steps, one to reflect CLASS_OBJ,
	the other to reflect OTHER_OBJ.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:29:46 +01:00
Corinna Vinschen 7972e63402 Use Authz to fetch correct user permissions.
* sec_acl.cc (getacl): Use Authz to fetch correct user permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:28:40 +01:00
Corinna Vinschen e2742d467a * sec_acl.cc (get_posix_access): Fix class_perm in !new_style case.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:28:27 +01:00
Corinna Vinschen bc444e5aa4 Reapply POSIX ACL changes.
- New, unified implementation of POSIX permission and ACL handling.  The
    new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
    they allow to inherit the S_ISGID bit.  ACL inheritance now really
    works as desired, in a limited, but theoretically equivalent fashion
    even for non-Cygwin processes.

    To accommodate Windows default ACLs, the new code ignores SYSTEM and
    Administrators group permissions when computing the MASK/CLASS_OBJ
    permission mask on old ACLs, and it doesn't deny access to SYSTEM and
    Administrators group based on the value of MASK/CLASS_OBJ when
    creating the new ACLs.

    The new code now handles the S_ISGID bit on directories as on Linux:
    Setting S_ISGID on a directory causes new files and subdirs created
    within to inherit its group, rather than the primary group of the user
    who created the file.  This only works for files and directories
    created by Cygwin processes.

2015-05-29  Corinna Vinschen  <corinna@vinschen.de>

	Reapply POSIX ACL changes.

	* utils.xml (setfacl): Show new option output.
	(getfacl): Show new option output.

	* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
	Apply umask, if so.  Align comments.
	* security.cc (set_created_file_access): Fix permission masking by
	incoming requested file mode.

	* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
	for SYSTEM and Admins group.

	* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
	GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.

	* fhandler.h (fhandler_pty_slave::facl): Add prototype.
	* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
	(fhandler_pty_slave::fchown): Fix uid/gid handling.
	* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
	Simplify and move around code in a few places.  To improve ACL
	readability, add r/w permissions to Admins ACE appended to pty ACL.
	Add comment to explain Windows ACE Mask filtering being in the way of
	creating a real CLASS_OBJ.
	(get_posix_access): Fake CLASS_OBJ for ptys.  Explain why.
	* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
	when calling get_posix_access.

	* sec_acl.cc (set_posix_access): Move merging group perms into owner
	perms in case of owner == group after mask has been computed.  Take
	mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.

	* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
	the ACCESS_ALLOWED_ACE.

	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
	set GROUP_OBJ and CLASS_OBJ perms to new group perms.  Add comment
	to explain why.
	* security.cc (set_created_file_access): Ditto.

	* sec_acl.cc (set_posix_access): Replace previous patch.  Return
	EINVAL if uid and/or guid is invalid and not backed by an actual
	Windows account.

	* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.

	* sec_acl.cc (set_posix_access): Handle files with owner == group.
	Rephrase switch statement checking against unfiltered a_type value.
	(get_posix_access): Handle files with owner == group.

	* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
	CLASS_OBJ mask on old-style ACLs.  Fix a comment.

	* sec_acl.cc (set_posix_access): Always make sure Admins have
	WRITE_DAC and WRITE_OWNER permissions.
	* security.h (create_object_sd_from_attribute): Drop handle parameter
	from prototype.
	* security.cc (create_object_sd_from_attribute): Drop handle parameter.
	Just create the standard POSIXy security descriptor.
	(set_object_attribute): Accommodate dropped paramter in call to
	create_object_sd_from_attribute.
	* fhandler_tty.cc: Ditto, throughout.

	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
	mask computation.

	* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
	not umasked.
	(fhandler_base::open): Explicitely umask mode on NFS here.  Call new
	set_created_file_access rather than set_file_attribute.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
	setting permissions on filesystems supporting ACLs using the new
	set_posix_access call.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::mkdir): Call new set_created_file_access rather
	than set_file_attribute.
	* fhandler_socket.cc (fhandler_socket::bind): Don't umask here.  Add
	WRITE_OWNER access to allow writing group in case of SGID bit set.
	Call new set_created_file_access rather than set_file_attribute.
	* path.cc (symlink_worker): Call new set_created_file_access rather
	than set_file_attribute.
	* sec_acl.cc (searchace): Un-staticize.
	(set_posix_access): New, complementary functionality to
	get_posix_access.
	(setacl): Implement in terms of get_posix_access/set_posix_access.
	(get_posix_access): Add handling for just created files requiring
	their first Cygwin ACL.  Fix new_style recognition.  Handle SGID
	bit.  For old-style ACLs, ignore SYSTEM and Administrators when
	computing the {DEF_}CLASS_OBJ perms.
	* security.cc (get_file_sd): Revamp comment.  Change and (hopefully)
	speed up inheritance processing for just created files.
	(alloc_sd): Remove.
	(set_security_attribute): Call set_posix_access instead of alloc_sd.
	(get_object_attribute): Fix return value.
	(create_object_sd_from_attribute): Call set_posix_access instead of
	alloc_sd.
	(set_file_attribute): Remove.
	(set_created_file_access): New function implemented in terms of
	get_posix_access/set_posix_access.
	* security.h (set_file_attribute): Remove prototype.
	(set_created_file_access): Add prototype.
	(searchace): Ditto.
	(set_posix_access): Ditto.
	* syscalls.cc (open): Call open_with_arch with mode not umasked.

	* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
	Describe how to generate deny ACEs in more detail.  Accommodate the
	fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
	a special Cygwin ACE.  Improve further comments.
	(CYG_ACE_NEW_STYLE): Define.
	(get_posix_access): Change from Cygwin ACE to NULL deny ACE.  Fix
	CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
	NULL deny ACE if the inheritance flags say so.
	* sec_helper.cc (well_known_cygwin_sid): Remove.
	* security.h (well_known_cygwin_sid): Drop declaration.

	* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
	(get_posix_access): Rename index variable from i to idx.  Define only
	once at top level.

	* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
	Accommodate throughout.
	(add_access_denied_ace): Ditto.
	* sec_acl.cc: Accommodate above change throughout.
	* security.h (add_access_allowed_ace): Adjust prototype to above change.
	(add_access_denied_ace): Ditto.

	* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
	owner and primary group of the file.  Handle the default primary
	group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
	set.  Add comments.  Minor code rearrangements.

	Preliminary read side implementation of new permission handling.
	* acl.h (MAX_ACL_ENTRIES): Raise to 2730.  Add comment to explain.
	* sec_acl.cc:  Add leading comment to explain new ACL style.
	Add definitions and macros to use for bits in new Cygwin ACL.
	(DENY_RWX): New mask value for all temporary deny bits.
	(getace): Add bool parameter to decide when leaving all bits intact,
	rather than filtering them per the already set bits.
	(get_posix_access): New function, taking over functionality to read
	POSIX ACL from SECURITY_DESCRIPTOR.
	(getacl): Just call get_posix_access.
	* sec_helper.cc (well_known_cygwin_sid): Define.
	* security.cc (get_attribute_from_acl): Remove.
	(get_info_from_sd): Remove.
	(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
	(get_file_attribute): Ditto.
	(get_object_attribute): Ditto.
	* security.h (well_known_cygwin_sid): Declare.
	(get_posix_access): Add prototype.

	* Throughout, use simpler ACE macros from Windows' accctrl.h.

	* getfacl.c (main): Special-case SYSTEM and Admins group.  Add comments.

	* setfacl.c: Align more to Linux tool.
	(delacl): New function to delete acl entries only.
	(modacl): Drop delete functionality.  Add handling of recomputing the
	mask and default mask values.
	(delallacl): Rename from delacl.
	(setfacl): Call delacl in Delete case.  Call delallacl in DeleteAll
	and DeleteDef case.
	(usage): Accommodate new options.  Rearrange and rephrase slightly.
	(longopts): Emit 'x' in --delete case.  Add --no-mask and --mask
	options.
	(opts): Add -x and -n options.
	(main): Handle -d and -x the same.  Handle -n and --mask options.
	Drop handling for -r option.

	* getfacl.c (usage): Align more closely to Linux version.  Add new
	options -c, -e, -E.  Change formatting to accommodate longer options.
	(longopts): Rename --noname to --numeric.  Keep --noname for backward
	compatibility.  Add --omit-header, --all-effective and --no-effective
	options.
	(opts): Add -c, -e and -E option.
	(main): Handle new -c, -e, and -E options.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:27:54 +01:00
Corinna Vinschen 651bb62ae2 Remove __acl16 from official header
* include/cyggwin/acl.h (struct __acl16): Move from here...
	* sec_acl.cc: ...to here.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 21:57:12 +02:00
Corinna Vinschen 83b0e8cffe * sec_acl.cc (getacl): Add mask even if all group and secondary account
permissions are 0.
2015-02-27 14:51:00 +00:00
Corinna Vinschen 06371539bd * sec_acl.cc (setacl): Fix bug which leads to ACE duplication in
case owner SID == group SID.
	(getacl): Reverse order of SID test against group or owner sid to
	prefer owner attributes over group attributes.  Disable setting group
	permissions equivalent to owner permissions if owner == group.  Add
	comment to explain why.  Fix indentation.
	* security.cc (get_attribute_from_acl): Change type of local variables
	containing permission to mode_t.  Apply deny mask to group if group SID
	== owner SID to avoid Everyone permissions to spill over into group
	permissions.  Disable setting group permissions equivalent to owner
	permissions if owner == group.  Add comment to explain why.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Allow user SID as
	group account if user is a "Microsoft Account".  Explain why.  Drop
	workaround enforcing primary group "Users" for "Microsoft Accounts".
2015-02-27 12:59:09 +00:00
Corinna Vinschen 3667a9f444 * sec_acl.cc (setacl): Always grant default owner entry
STANDARD_RIGHTS_ALL and FILE_WRITE_ATTRIBUTES access, too.
2015-02-25 21:30:45 +00:00
Corinna Vinschen c53c879db4 * sec_acl.cc (setacl): Always grant owner FILE_WRITE_ATTRIBUTES access. 2015-02-19 14:15:44 +00:00
Corinna Vinschen 1072cb2e7d * sec_acl.cc (setacl): Introduce bool array "invalid" to note the
invalidation of incoming acl entries while iterating over them.
2015-02-12 17:53:24 +00:00
Corinna Vinschen e5110581dc * sec_acl.cc (aclcheck32): Check for required default entries as well.
Enable check for missing CLASS_OBJ entries, now that setfacl creates
	them.
2014-09-03 12:46:19 +00:00
Corinna Vinschen 7a1cf1a003 * sec_acl.cc (aclsort32): Set errno to EINVAL if aclcheck32 failed. 2014-09-02 20:07:21 +00:00
Corinna Vinschen ebf78cec85 * sec_acl.cc (setacl): Add comment. Handle NULL ACE for SUID, SGID,
and VTX bits.  Create owner, group, other and NULL entries in the same
	way and in the same order as alloc_sd.
	(getacl): Skip NULL ACE.
2014-08-31 14:13:01 +00:00
Corinna Vinschen 1a33a5c6d3 * fhandler.cc (fhandler_base::facl): Drop CLASS_OBJ entry.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Ditto in noacl case.
	* sec_acl.cc (getacl): Compute useful fake CLASS_OBJ and DEF_CLASS_OBJ
	permission bits based on how these values are generated on Linux.
	Add commants to explain what the code is doing.
	* security.cc (get_attribute_from_acl): Compute group permission based
	on the actual primary group permissions and all secondary user and group
	ACCESS_ALLOWED_ACEs to emulate Linux' behaviour more closely.
	(check_access): Fix typos im comment.
	* include/cygwin/acl.h (MIN_ACL_ENTRIES): Redefine as 3.
2014-08-28 12:38:52 +00:00
Corinna Vinschen b39fa2c88d * autoload.cc (CheckTokenMembership): Import.
* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id.
	* grp.cc (internal_getgrsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_group_from_windows.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(gr_ent::enumerate_local): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(getgroups32): Rename from internal_getgroups and drop getgroups32 stub.
	Drop srchsid parameter and code handling it.  Add local cyg_ldap
	instance and forward to internal_getgrXXX.
	(getgroups): Call getgroups32.
	(get_groups): Add local cyg_ldap instance and forward to
	internal_getgrXXX.
	(getgrouplist): Ditto.
	(setgroups32): Ditto.
	* ldap.cc (cyg_ldap::open): Don't call close.  Return true if connection
	is already open.
	(cyg_ldap::remap_uid): Forward this to internal_getpwsid.
	(cyg_ldap::remap_gid): Forward this to internal_getgrsid.
	* passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_user_from_windows.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(pg_ent::enumerate_builtin): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(pg_ent::enumerate_sam): Ditto.
	(pg_ent::enumerate_ad): Ditto.  Forward local cldap instead.
	* pwdgrp.h (internal_getpwsid): Align declaration to above change.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(internal_getgrsid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgroups): Drop declaration.
	(pwdgrp::add_account_from_windows): Align declaration to below change.
	(pwdgrp::add_user_from_windows): Ditto.
	(pwdgrp::add_group_from_windows): Ditto.
	* sec_acl.cc (setacl): Add local cyg_ldap instance and forward to
	internal_getpwuid and internal_getgrgid.
	(getacl): Add local cyg_ldap instance and forward to cygpsid::get_id.
	(aclfromtext32): Add local cyg_ldap instance and forward to
	internal_getpwnam and internal_getgrnam.
	* sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer.
	Forward to internal_getgrsid and internal_getpwsid.
	(get_sids_info): Drop ldap_open.  Forward local cldap to
	internal_getpwsid and internal_getgrXXX.  Call CheckTokenMembership
	rather than internal_getgroups.
	* security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default
	parameter.
	(cygpsid::get_uid): Add cyg_ldap pointer.  Call get_id accordingly.
	(cygpsid::get_gid): Ditto.
	* uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward
	to internal_getpwXXX and internal_getgrXXX calls.
	(pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer.
	Forward to pwdgrp::fetch_account_from_windows.
	(fetch_posix_offset): Drop ldap_open argument and handling.  Get
	cyg_ldap instance as pointer.
	(pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer.
	Use it if it's not NULL, local instance otherwise.  Drop ldap_open.
	Drop fetching extended group arguments from AD for speed.
2014-02-27 12:57:27 +00:00
Corinna Vinschen 1ca20a1cd2 Introduce reading passwd/group entries from SAM/AD. Introduce
/etc/nsswitch.conf file to configure it.
	* Makefile.in (DLL_OFILES): Add ldap.o.
	* autoload.cc: Import ldap functions from wldap32.dll.
	(DsEnumerateDomainTrustsW): Import.
	(NetGroupGetInfo): Import.
	* cygheap.h (class cygheap_domain_info): New class to keep global
	domain info.
	(class cygheap_pwdgrp): New class to keep passwd/group caches and
	configuration info from /etc/nssswitch.conf.
	(struct init_cygheap): Add cygheap_domain_info member "dom" and
	cygheap_pwdgrp member "pg".
	* cygtls.h (struct _local_storage): Remove unused member "res".
	Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
	passwd/group fetching from SAM/AD.  Make pw_pos and pw_pos unsigned.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
	uid/gid mapping.
	* fhandler_process.cc: Drop including pwdgrp.h.
	* fhandler_procsysvipc.cc: Ditto.
	* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
	to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
	* grp.cc (group_buf): Drop.
	(gr): Drop.
	(pwdgrp::parse_group): Fill pg_grp.
	(pwdgrp::read_group): Remove.
	(pwdgrp::init_grp): New method.
	(pwdgrp::prep_tls_grbuf): New method.
	(pwdgrp::find_group): New methods.
	(internal_getgrsid): Convert to call new pwdgrp methods.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
	(getgrgid32): Ditto.
	(getgrnam_r): Ditto for internal_getgrnam.
	(getgrnam32): Ditto.
	(getgrent32): Convert to call new pwdgrp methods.
	(internal_getgrent): Remove.
	(internal_getgroups): Simplify, especially drop calls to
	internal_getgrent.
	* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
	and RFC 2307 server.
	* ldap.h: New header, declaring cyg_ldap class.
	* passwd.cc (passwd_buf): Drop.
	(pr): Drop.
	(pwdgrp::parse_passwd): Fill pg_pwd.
	(pwdgrp::read_passwd): Remove.
	(pwdgrp::init_pwd): New method.
	(pwdgrp::prep_tls_pwbuf): New method.
	(find_user): New methods.
	(internal_getpwsid): Convert to call new pwdgrp methods.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
	(getpwuid_r): Ditto.
	(getpwnam): Ditto for internal_getpwnam.
	(getpwnam_r): Ditto.
	(getpwent): Convert to call new pwdgrp methods.
	* path.cc (class etc): Remove all methods.
	* path.h (class etc): Drop.
	* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
	than UNKNOWN_GID.
	(pinfo_init): Ditto.
	* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
	(internal_getpwuid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgrent): Drop declaration.
	(enum fetch_user_arg_type_t): New type.
	(struct fetch_user_arg_t): New type.
	(struct pg_pwd): New type.
	(struct pg_grp): New type.
	(class pwdgrp): Rework to provide functions for file and db requests
	and caching.
	(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
	(ugid_cache): Declare.
	* sec_acl.cc: Drop including pwdgrp.h.
	* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
	(get_logon_server): Convert third parameter to ULONG flags argument
	to allow arbitrary flags values in DsGetDcNameW call and change calls
	to this function throughout.  Use cached account domain name rather
	than calling GetComputerNameW.
	(get_unix_group_sidlist): Remove.
	(get_server_groups): Drop call to get_unix_group_sidlist.
	(verify_token): Rework token group check without calling
	internal_getgrent.
	* sec_helper.cc (cygpsid::pstring): New methods, like string() but
	return pointer to end of string.
	(cygsid::getfromstr): Add wide character implementation.
	(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
	* security.cc: Drop including pwdgrp.h.
	* security.h (DEFAULT_UID): Remove.
	(UNKNOWN_UID): Remove.
	(UNKNOWN_GID): Remove.
	(uinfo_init): Move here from winsup.h.
	(ILLEGAL_UID): Ditto.
	(ILLEGAL_GID): Ditto.
	(UNIX_POSIX_OFFSET): Define.  Add lengthy comment.
	(UNIX_POSIX_MASK): Ditto.
	(MAP_UNIX_TO_CYGWIN_ID): Ditto.
	(ILLEGAL_UID16): Move here from winsup.h.
	(ILLEGAL_GID16): Ditto.
	(uid16touid32): Ditto.
	(gid16togid32): Ditto.
	(sid_id_auth): New convenience macro for SID component access.
	(sid_sub_auth_count): Ditto.
	(sid_sub_auth): Ditto.
	(sid_sub_auth_rid): Ditto.
	(cygpsid::pstring): Declare.
	(cygsid::getfromstr): Declare wide character variant.
	(cygsid::operator=): Ditto.
	(cygsid::operator*=): Ditto.
	(get_logon_server): Change declaration according to source code.
	* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
	call.
	* shared.cc (memory_init): Call cygheap->pg.init in first process.
	* syscalls.cc: Drop including pwdgrp.h.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
	call.  Fix debug output.  Overwrite user gid in border case of a
	missing passwd file while a group file exists.
	(pwdgrp::add_line): Allocate memory on cygheap.
	(pwdgrp::load): Remove.
	(ugid_cache): Define.
	(cygheap_pwdgrp::init): New method.
	(cygheap_pwdgrp::nss_init_line): New method.
	(cygheap_pwdgrp::_nss_init): New method.
	(cygheap_domain_info::init): New method.
	(logon_sid): Define.
	(get_logon_sid): New function.
	(pwdgrp::add_account_post_fetch): New method.
	(pwdgrp::add_account_from_file): New methods.
	(pwdgrp::add_account_from_windows): New methods.
	(pwdgrp::check_file): New method.
	(pwdgrp::fetch_account_from_line): New method.
	(pwdgrp::fetch_account_from_file): New method.
	(pwdgrp::fetch_account_from_windows): New method.
	* winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-09 19:44:56 +00:00
Corinna Vinschen 61522196c7 * Merge in cygwin-64bit-branch. 2013-04-23 09:44:36 +00:00
Christopher Faylor bc837d22f3 Throughout, update copyrights to reflect dates which correspond to main-branch
checkins.  Regularize copyright format.
2013-01-21 04:38:31 +00:00
Kai Tietz f71f133bda * dcrt0.cc (quoted): Renamed strechr to strchrnul.
* environ.cc (environ_init): Likewise.
        * sec_acl.cc (aclfromtext32): Likewise.
        * sec_auth.cc (extract_nt_dom_user): Likewise.
        * uinfo.cc (pwdgrp::next_str): Likewise.
        * string.h (strechr): Likewise.
2012-10-27 12:09:38 +00:00
Corinna Vinschen 60ecc3d68b * sec_acl.cc (acl32): Fix potnetial crash if build_fh_name returns NULL. 2012-03-29 15:01:18 +00:00
Christopher Faylor b9aa81491f Throughout, remove extra space after function name from debugging output.
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
2011-12-03 21:43:27 +00:00
Corinna Vinschen 5735d5f6f4 * advapi32.cc: Add comment.
(EqualSid): Remove.
	(CopySid): Remove.
	(AddAccessAllowedAce): Remove.
	(AddAccessDeniedAce): Remove.
	(MakeSelfRelativeSD): Remove.
	* flock.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
	* security.h: Ditto.
	(RtlEqualSid): Declare.  Explain why.
	(RtlCopySid): Ditto.
2011-04-29 10:38:12 +00:00
Corinna Vinschen fd04c2f004 * advapi32.cc (SetSecurityDescriptorDacl): Remove.
(SetSecurityDescriptorGroup): Remove.
	(SetSecurityDescriptorOwner): Remove.
	* pinfo.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.

	* sec_helper.cc (__sec_user): Remove old comment.
2011-04-28 15:54:47 +00:00