Commit Graph

16476 Commits

Author SHA1 Message Date
Corinna Vinschen e26cf1c5d7 Fix merging group perms into owner perms in owner == group case
* sec_acl.cc (set_posix_access): Move merging group perms into owner
        perms in case of owner == group after mask has been computed.  Take
        mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 22:27:49 +02:00
Corinna Vinschen c14215de38 Fix setting saw_group_obj flag
* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
        the ACCESS_ALLOWED_ACE.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 22:25:23 +02:00
Corinna Vinschen a69b0cef71 Set GROUP_OBJ and CLASS_OBJ perms to new group perms
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
        set GROUP_OBJ and CLASS_OBJ perms to new group perms.  Add comment
        to explain why.
        * security.cc (set_created_file_access): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 22:23:46 +02:00
Corinna Vinschen ea503bf4c9 Better workaround owner/group SIDs being NULL
* sec_acl.cc (set_posix_access): Replace previous patch.  Return
        EINVAL if uid and/or guid is invalid and not backed by an actual
        Windows account.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 22:19:57 +02:00
Corinna Vinschen de67909ac1 Workaround owner/group SIDs being NULL
* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 18:29:16 +02:00
Corinna Vinschen baacff7c79 Add mask recomputation as on Linux
* setfacl.c: Align more to Linux tool.
        (delacl): New function to delete acl entries only.
        (modacl): Drop delete functionality.  Add handling of recomputing the
        mask and default mask values.
        (delallacl): Rename from delacl.
        (setfacl): Call delacl in Delete case.  Call delallacl in DeleteAll
        and DeleteDef case.
        (usage): Accommodate new options.  Rearrange and rephrase slightly.
        (longopts): Emit 'x' in --delete case.  Add --no-mask and --mask
        options.
        (opts): Add -x and -n options.
        (main): Handle -d and -x the same.  Handle -n and --mask options.
        Drop handling for -r option.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 17:57:53 +02:00
Corinna Vinschen bd57946148 Add output of effective rights to getfacl
* getfacl.c (usage): Align more closely to Linux version.  Add new
        options -c, -e, -E.  Change formatting to accommodate longer options.
        (longopts): Rename --noname to --numeric.  Keep --noname for backward
        compatibility.  Add --omit-header, --all-effective and --no-effective
        options.
        (opts): Add -c, -e and -E option.
        (main): Handle new -c, -e, and -E options.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 13:31:16 +02:00
Corinna Vinschen 5d31049e66 Handle files with owner == group.
* sec_acl.cc (set_posix_access): Handle files with owner == group.
	Rephrase switch statement checking against unfiltered a_type value.
	(get_posix_access): Handle files with owner == group.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-15 17:20:14 +02:00
Corinna Vinschen c7bd0c3778 Fix typo in comment
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-14 16:57:23 +02:00
Corinna Vinschen 40653522b9 Fix thinko in creating the {DEF_}CLASS_OBJ value on old-style ACLs
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
	CLASS_OBJ mask on old-style ACLs.  Fix a comment.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-14 10:42:29 +02:00
Corinna Vinschen cf6ff1c321 Fix pty permssion handling in new permission handling code
* sec_acl.cc (set_posix_access): Always make sure Admins have
        WRITE_DAC and WRITE_OWNER permissions.
        * security.h (create_object_sd_from_attribute): Drop handle parameter
        from prototype.
        * security.cc (create_object_sd_from_attribute): Drop handle parameter.
        Just create the standard POSIXy security descriptor.
        (set_object_attribute): Accommodate dropped paramter in call to
        create_object_sd_from_attribute.
        * fhandler_tty.cc: Ditto, throughout.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-12 20:26:27 +02:00
Corinna Vinschen 7d061316c0 Don't rely on size argument in shmget call
* shm.cc (shmget): Fetch segment size from server rather than using
	size argument to accommodate existing segments.  Add comment to explain
	why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-12 14:05:12 +02:00
Corinna Vinschen 8ede2acefd Fix typo in new fchmod implementation
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
	mask computation.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-11 16:03:18 +02:00
Corinna Vinschen 42d0aa4121 Bump Cygwin version to 2.0.0.
* include/cygwin/version.h (CYGWIN_VERSION_DLL_MAJOR): Bump to 2000.
	(CYGWIN_VERSION_DLL_MINOR): Set to 0.

	* new-features.xml (ov-new2.0): Rename from ov-new1.7.36 and change
	version number to 2.0.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-10 20:41:00 +02:00
Jon TURNEY 0bb27f15ec Set mcontext.cr2 to the faulting address
* exceptions.cc (call_signal_handler): Set mcontext.cr2 to the
	faulting address.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-10 15:34:44 +01:00
Jon TURNEY 0a0565d881 Only construct ucontext for SA_SIGINFO signal handlers
* exceptions.cc (call_signal_handler): Only bother to construct
	the ucontext for signal handlers with SA_SIGINFO set.  Set
	mcontext.oldmask.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-10 15:34:42 +01:00
Jon TURNEY a5efc75cc1 Initialize context before RtlContextCapture
* exceptions.cc (call_signal_handler): Zero initialize context and set
	context flags, as RlCaptureContext doesn't.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-10 15:34:39 +01:00
Corinna Vinschen a44e09fd49 First cut of full implementation of new permission handling
* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
        not umasked.
        (fhandler_base::open): Explicitely umask mode on NFS here.  Call new
        set_created_file_access rather than set_file_attribute.
        * fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
        setting permissions on filesystems supporting ACLs using the new
        set_posix_access call.
        (fhandler_disk_file::fchown): Ditto.
        (fhandler_disk_file::mkdir): Call new set_created_file_access rather
        than set_file_attribute.
        * fhandler_socket.cc (fhandler_socket::bind): Don't umask here.  Add
        WRITE_OWNER access to allow writing group in case of SGID bit set.
        Call new set_created_file_access rather than set_file_attribute.
        * path.cc (symlink_worker): Call new set_created_file_access rather
        than set_file_attribute.
        * sec_acl.cc (searchace): Un-staticize.
        (set_posix_access): New, complementary functionality to
        get_posix_access.
        (setacl): Implement in terms of get_posix_access/set_posix_access.
        (get_posix_access): Add handling for just created files requiring
        their first Cygwin ACL.  Fix new_style recognition.  Handle SGID
        bit.  For old-style ACLs, ignore SYSTEM and Administrators when
        computing the {DEF_}CLASS_OBJ perms.
        * security.cc (get_file_sd): Revamp comment.  Change and (hopefully)
        speed up inheritance processing for just created files.
        (alloc_sd): Remove.
        (set_security_attribute): Call set_posix_access instead of alloc_sd.
        (get_object_attribute): Fix return value.
        (create_object_sd_from_attribute): Call set_posix_access instead of
        alloc_sd.
        (set_file_attribute): Remove.
        (set_created_file_access): New function implemented in terms of
        get_posix_access/set_posix_access.
        * security.h (set_file_attribute): Remove prototype.
        (set_created_file_access): Add prototype.
        (searchace): Ditto.
        (set_posix_access): Ditto.
        * syscalls.cc (open): Call open_with_arch with mode not umasked.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-10 11:39:15 +02:00
Corinna Vinschen aadd5f0295 Call open_null to open fake handle
* fhandler_dsp.cc (fhandler_dev_dsp::open): Call open_null.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-09 21:49:36 +02:00
Nick Clifton ab8bc7614c For the RX port, avoid using string instructions when __RX_DISALLOW_STRING_INSNS__ is defined.
* rx/crt0.S (_start): If string instructions are not allowed,
	avoid using SMOVF.

	* libc/machine/rx/memchr.S: Add non-string insn using version.
	* libc/machine/rx/memcpy.S: Likewise.
	* libc/machine/rx/memmove.S: Likewise.
	* libc/machine/rx/mempcpy.S: Likewise.
	* libc/machine/rx/strcat.S: Likewise.
	* libc/machine/rx/strcmp.S: Likewise.
	* libc/machine/rx/strcpy.S: Likewise.
	* libc/machine/rx/strlen.S: Likewise.
	* libc/machine/rx/strncat.S: Likewise.
	* libc/machine/rx/strncmp.S: Likewise.
	* libc/machine/rx/strncpy.S: Likewise.
2015-04-09 09:20:47 +01:00
Nick Clifton 5b8fb10d65 Add .note and DWARF3 sections to RX linker scripts.
* rx/rx.ld: Add .note and DWARF3 sections.
	* rx/rx-sim.ld: Likewise.
2015-04-08 10:06:14 +01:00
Corinna Vinschen 0f4510230a Introduce sidfromuid and sidfromgid
* pwdgrp.h (sidfromuid): New inline function.
	(sidfromgid): Ditto.
	* fhandler_disk_file.cc (fhandler_disk_file::fchown): Use sidfromuid.
	* quotactl.cc (quotactl): Use sidfromuid and sidfromgid.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-08 11:00:08 +02:00
Corinna Vinschen 0411e86216 Use NULL dey ACE rather than special Cygwin ACE
* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
	Describe how to generate deny ACEs in more detail.  Accommodate the
	fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
	a special Cygwin ACE.  Improve further comments.
	(CYG_ACE_NEW_STYLE): Define.
	(get_posix_access): Change from Cygwin ACE to NULL deny ACE.  Fix
	CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
	NULL deny ACE if the inheritance flags say so.
	* sec_helper.cc (well_known_cygwin_sid): Remove.
	* security.h (well_known_cygwin_sid): Drop declaration.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-08 10:19:33 +02:00
Corinna Vinschen 6326a8c0f3 Remove __acl16 from official header
* include/cyggwin/acl.h (struct __acl16): Move from here...
	* sec_acl.cc: ...to here.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-08 10:19:33 +02:00
Nick Clifton 5707076d0c Always include the .csstart section in RL78 executables.
* rl78/rl78.ld (.csstart): Add a KEEP directive.
	* rl78/rl78-sim.ld (.csstart): Add a KEEP directive.
2015-04-07 14:51:44 +01:00
Corinna Vinschen cf38039975
Remove unused 32/64 bit tty code
* tty.h (class tty): Remove unused 32/64 bit interoperability
	considerations.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-07 12:16:07 +02:00
Corinna Vinschen de7944034d Raise # of ptys to 128.
* tty.h (NTTYS): Raise to 128.
	* devices.in: Change pty, ptym, and cons expressions accordingly.
	* devices.cc: Regenerate.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-07 12:14:22 +02:00
Jon TURNEY 72f7cd89f2 Compile exceptions.cc with -fno-omit-frame-pointer on x86
Selectively using -fomit-frame-pointer when -O is used doesn't make sense
anymore, apparently since gcc 4.6, -O implies -fomit-frame-pointer.

exceptions.cc must be compiled with -fno-omit-frame-pointer on x86, as it uses
RtlCaptureContext, which requires a frame pointer.

	* Makefile.in : Remove setting -fomit-frame-pointer for compiling
	various files, it is already the default.  Set
	-fno-omit-frame-pointer for exceptions.cc on x86.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-07 12:08:40 +02:00
Takashi Yano 8e01f34ed1 Cygwin hangs up if several keys are typed during outputting a lot of texts.
* fhandler_tty.cc (fhandler_pty_slave::read): Change calculation of
	"readlen" not to use "bytes_in_pipe" value directly.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-03 13:23:51 +02:00
David A. Wheeler 78cfc586c8 Add FAQ entry on how Cygwin counters install and update MITM attacks
* faq-setup.xml: Document how Cygwin secures installation and
	update against man-in-the-middle (MITM) attacks.  Note that
	setup embeds a public key to check the signature of setup.ini,
	and that setup.ini includes SHA-512 cryptographic hashes.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2015-04-03 13:07:26 +02:00
Jon TURNEY cbb9849fa7 Try to make sure struct _mcontext is 16-byte aligned
On x86_64, RtlCaptureContext() uses fxsave to save FPU/MMX/SSE state.

fxsave requires that the destination address is 16-byte aligned, or it will
fault.

CONTEXT is already annotated __attribute__ ((aligned (16))), do the same with
struct _mcontext.

Rearrange ucontext_t so that it's struct _mcontext element is also correctly
aligned.

	* include/cygwin/signal.h (struct __mcontext): 16-byte align.
	* include/sys/ucontext.h (ucontext_t): Ditto.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-02 18:05:32 +01:00
Corinna Vinschen 94bb7da6b4
Rename index variable from i to idx.
* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
	(get_posix_access): Rename index variable from i to idx.  Define only
	once at top level.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-02 13:48:55 +02:00
Corinna Vinschen ca973c0224
Drop unused parameter from add_access_*_ace
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
	Accommodate throughout.
	(add_access_denied_ace): Ditto.
	* sec_acl.cc: Accommodate above change throughout.
	* security.h (add_access_allowed_ace): Adjust prototype to above change.
	(add_access_denied_ace): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-02 13:46:04 +02:00
Corinna Vinschen d41baf3578
Add parens around MIN/MAX values in stdint.h.
* libc/include/stdint.h: Throughout add parens around MIN/MAX values.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-01 20:40:43 +02:00
Corinna Vinschen b5fdd3cd8e
Drop local stdint.h and inttypes.h in favor of newlib files
* include/cygwin/types.h: Include sys/_stdint.h rather than stdint.h.
	* include/stdint.h: Drop in favor of newlib version.
	* include/inttypes.h: Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-01 20:37:58 +02:00
Sebastian Huber b574832830
Add <sys/_stdint.h> for FreeBSD compatibility
* libc/include/sys/_stdint.h: New file.
        * libc/include/stdint.h (int8_t): Move to <sys/_stdint.h>.
        (uint8_t): Likewise.
        (int16_t): Likewise.
        (uint16_t): Likewise.
        (int32_t): Likewise.
        (uint32_t): Likewise.
        (int64_t): Likewise.
        (uint64_t): Likewise.
        (intptr_t): Likewise.
        (uintptr_t): Likewise.
        * libc/include/sys/types.h: Include <sys/_stdint.h>.
        * libc/sys/rtems/machine/_types.h: Remove <stdint.h> include.
        * libc/sys/time.h>: Replace __uint32_t with uint32_t and
        __uint64_t with uint64_t.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-01 20:35:38 +02:00
Jon TURNEY 28e457cd71 Provide ucontext to signal handlers
Add ucontext.h header, defining ucontext_t and mcontext_t types.

Provide sigaction sighandlers with a ucontext_t parameter, containing stack and
context information.

	* include/sys/ucontext.h : New header.
	* include/ucontext.h : Ditto.
	* exceptions.cc (call_signal_handler): Provide ucontext_t
	parameter to signal handler function.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-01 19:09:28 +01:00
Jon TURNEY f992ae6f4d Make stack_t typedef generally available
* libc/include/sys/signal.h (stack_t): Make typedef generally
	available.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-01 19:09:19 +01:00
Jon TURNEY 431b28c196 Add cygwin_internal() operation to retrieve the EXCEPTION_RECORD from a siginfo_t *
* external.cc (cygwin_internal): Add operation to retrieve a copy
	of the EXCEPTION_RECORD from a siginfo_t *.
	* include/sys/cygwin.h (cygwin_getinfo_types): Ditto.
	* exception.h (cygwin_exception): Add exception_record accessor.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-01 18:32:01 +01:00
Jon TURNEY abf6791ecb Rename struct ucontext to struct __mcontext
* include/cygwin/signal.h : Rename struct ucontext to struct
	__mcontext.  Fix layout differences from the Win32 API CONTEXT
	type.  Remove unused member _internal.  Rename member which
	corresponds to ContextFlags.  Add cr2 member.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-04-01 18:26:45 +01:00
Corinna Vinschen 829c8f6c2d
Fix UTF-16 surrogate handling in wctomb and friends.
* libc/stdlib/wctomb_r.c (__utf8_wctomb): Fix check for handling a
	lone high surrogate.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-01 15:31:18 +02:00
Corinna Vinschen 849044a1e9
Avoid potential crash at startup or in getgroups(2).
* grp.cc (internal_getgroups): Handle negative domain index to avoid
	crashes.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-01 13:15:18 +02:00
Jon TURNEY 69d477a25c Fix documentation of cygwin_internal()'s return type.
* misc-funcs.xml (cygwin_internal): Correct return type.

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
2015-03-31 23:15:42 +01:00
Renato Silva 2cf6edf4ef
Fix buffer size error handling in gethostname.
* net.cc (cygwin_gethostname): Fix buffer size error handling.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 21:18:46 +02:00
Corinna Vinschen 46d2802c27
Add release msg
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 13:13:06 +02:00
Corinna Vinschen 87dd9bec10
Document GNU basename.
* new-features.xml (ov-new1.7.36): Add new section.  Document GNU
	basename.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 13:12:24 +02:00
Corinna Vinschen 1c7ac6e190
Don't allow fully qualified Windows account names.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully
	qualified Windows account names (domain\user or user@domain).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 11:54:34 +02:00
Corinna Vinschen 70399a721c
Avoid excessive locking and calling tzset in time functions.
* libc/time/lcltime_r.c (localtime_r): Call _tzset_unlocked inside
	TZ lock.
	* libc/time/mktime.c (mktime):  Ditto.
	* libc/time/strftime.c (strftime, wcsftime): Ditto.  Guard against
	calling _tzset_unlocked more than once (baring recursion).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 11:22:50 +02:00
Corinna Vinschen 5f4e1e895c
Add _tzset_unlocked and _tzset_unlocked_r
newlib:

	* libc/time/local.h (_tzset_unlocked_r): Add prototype.
	(_tzset_unlocked): Ditto.
	* libc/time/tzset.c (_tzset_unlocked): New function, call
	_tzset_unlocked_r.
	(tzset): Lock and call _tzset_unlocked_r.
	* libc/time/tzset_r (_tzset_unlocked_r): Remove locking and rename
	from _tzset_r.
	(_tzset_r): Lock and call _tzset_unlocked_r.

cygwin:

	* localtime.cc (tzset_unlocked): Export as _tzset_unlocked.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 11:14:22 +02:00
Craig Howland 792ecd7c34
Move tzset calls to time functions.
* libc/stdlib/setenv_r.c (_setenv_r): Remove tzset() call for TZ
	definition.
	* libc/time/lcltime_r.c (localtime_r): Add tzset() call
	* libc/time/mktime.c (mktime):  Ditto.
	* libc/time/strftime.c (strftime, wcsftime): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-31 10:26:49 +02:00