https://cygwin.com/pipermail/cygwin/2020-December/246938.html
reports a problem where, when adding a Cygwin default symlink
to $PATH since Cygwin 3.1.5, $PATH handling appears to be broken.
3.1.5 switched to WSL symlinks as Cygwin default symlinks.
A piece of code in path handling skips resolving reparse points
if they are the last component in the path. Thus a reparse point
in $PATH is not resolved but converted to Windows path syntax
verbatim.
If you do this with a WSL symlink, certain WinAPI functions fail.
The underlying $PATH handling fails to recognize the reparse
point in $PATH and returns with STATUS_IO_REPARSE_TAG_NOT_HANDLED.
As a result, the calling WinAPI function fails, most prominently
so CreateProcess.
Fix this problem by adding a PATH_REP_NOAPI bit to path_types
and a matching method path_conv::is_winapi_reparse_point().
Right now this flag is set for WSL symlinks and Cygwin AF_UNIX
sockets (new type implemented as reparse points).
The aforementioned code skipping repare point path resolution calls
is_winapi_reparse_point() rather than is_known_reparse_point(),
so now path resolution is only skipped for reparse points known
to WinAPI.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Use fhandler_dev_floppy instead of fhandler_procsys for such devices.
The read()/write() functions from fhandler_procsys do not ensure
sector aligned transfers and lseek() fails always.
Signed-off-by: Christian Franke <franke@computer.org>
If __WITH_AF_UNIX is defined when Cygwin is built, then a named
AF_UNIX socket is represented by a reparse point with a
Cygwin-specific tag and GUID. Make such files recognizable as reparse
points (but not as sockets) even if __WITH_AF_UNIX is not defined.
That way utilities such as 'ls' and 'rm' still behave reasonably.
This requires two changes:
- Define the GUID __cygwin_socket_guid unconditionally.
- Make check_reparse_point_target return PATH_REP on a reparse point
of this type if __WITH_AF_UNIX is not defined.
Commit aa467e6e, "Cygwin: add AF_UNIX reparse points to path
handling", changed check_reparse_point_target so that it could return
a positive value on a known reparse point that is not a symlink. But
some of the code in check_reparse_point that handles this positive
return value was executed unconditionally, when it should have been
executed only for symlinks.
As a result, posixify could be called on a buffer containing garbage,
and check_reparse_point could erroneously return a positive value on a
non-symlink. This is now fixed so that posixify is only called if the
reparse point is a symlink, and check_reparse_point returns 0 if the
reparse point is not a symlink.
Also fix symlink_info::check to handle this last case, in which
check_reparse_point returns 0 on a known reparse point.
Commit aa467e6e, "Cygwin: add AF_UNIX reparse points to path
handling", changed the return values of check_reparse_point_target.
Update the comment accordingly.
fhandler_process::exists is called when we are checking a path
starting with "/proc/<pid>/fd". If it returns virt_none and sets an
errno, there is no need for further checking. Just set 'error' and
return.
This patch has been inspired by the Linux kernel patch
294f69e662d1 compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use
written by Joe Perches <joe AT perches DOT com> based on an idea from
Dan Carpenter <dan DOT carpenter AT oracle DOT com>. The following text
is from the original log message:
Reserve the pseudo keyword 'fallthrough' for the ability to convert the
various case block /* fallthrough */ style comments to appear to be an
actual reserved word with the same gcc case block missing fallthrough
warning capability.
All switch/case blocks now should end in one of:
break;
fallthrough;
goto <label>;
return [expression];
continue;
In C mode, GCC supports the __fallthrough__ attribute since 7.1,
the same time the warning and the comment parsing were introduced.
Cygwin-only: add an explicit -Wimplicit-fallthrough=5 to the build
flags.
If the cygdrive prefix is /, then the following happens right now:
$ ln -s /tmp/foo .
$ ls -l foo
lrwxrwxrwx 1 user group 12 Apr 15 23:44 foo -> /mnt/tmp/foo
Fix this by skipping cygdrive prefix conversion to WSL drive
prefix "/mnt", if the cygdrive prefix is just "/". There's no
satisfying way to do the right thing all the time in this case
anyway. For a description and the alternatives, see
https://cygwin.com/pipermail/cygwin-developers/2020-April/011859.html
Also, fix a typo in a comment.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Unfortunately Windows doesn't understand WSL symlinks,
despite being a really easy job. NT functions trying
to access paths traversing WSL symlinks return the status
code STATUS_IO_REPARSE_TAG_NOT_HANDLED. Handle this
status code same as STATUS_OBJECT_PATH_NOT_FOUND in
symlink_info::check to align behaviour to traversing
paths with other non-NTFS type symlinks.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
WSL symlinks are reparse points containing a POSIX path in UTF-8.
On filesystems supporting reparse points, use this symlink type.
On other filesystems, or in case of error, fall back to the good
old plain SYSTEM file.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 4a36897af3 allowed to convert /mnt/<drive> path
prefixes to Cygwin cygdrive prefixes on the fly. However,
the patch neglected WSL symlinks pointing to the /mnt
directory. Rearrange path conversion so /mnt is converted
to the cygdrive prefix path itself.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Treat WSL symlinks just like other symlinks. Convert
absolute paths pointing to Windows drives via
/mnt/<driveletter> to Windows-style paths <driveletter>:
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This option has been disabled long ago and nobody missed it.
Removing drops a bit of unneeded code
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
mknod32 actually creates a path_conv, just to call mknod_worker
with a win32 path. This doesn't only require to create path_conv
twice, it also breaks permissions on filesystems supporting ACLs.
Fix this by passing the path_conv created in the caller down to
symlink_worker. Also, while at it, simplify the handling of trailing
slashes and move it out of symlink_worker. Especially use the
new PC_SYM_NOFOLLOW_DIR flag to avoid fiddeling with creating
a new path copy without the trailing slash.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Usually a trailing slash requires to follow an existing symlink,
even with PC_SYM_NOFOLLOW. The reason is that "foo/" is equivalent
to "foo/." so the symlink is in fact not the last path component,
"." is. This is default for almost all scenarios.
PC_SYM_NOFOLLOW_DIR now allows the caller to request not to
follow the symlink even if a trailing slash is given. This can
be used in callers to perform certain functions Linux-compatible.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 283cb372, "Cygwin: normalize_win32_path: improve error
checking", required a prefix '\\?\' or '\??\' in the source path to be
followed by 'UNC\' or 'X:\', where X is a drive letter. That was too
restrictive, since it disallowed the paths '\\?\X: and '\??\X:'. This
caused problems when a user tried to use the root of a drive as the
Cygwin installation root, as reported here:
https://cygwin.com/ml/cygwin/2020-01/msg00111.html
Modify the requirement so that '\??\X:' and '\\?\X:' are now allowed
as source paths, without a trailing backslash.
On certain error conditions there is a code snippet that checks
whether the last component of the path has a trailing dot or space or
a leading space. Skip this check if the last component is empty,
i.e., if the path ends with a backslash. This avoids an assertion
failure if the trailing backslash is the only backslash in the path,
as is the case for a DOS drive 'X:\'.
Addresses: https://cygwin.com/ml/cygwin/2019-12/msg00016.html
If the source path starts with the Win32 long path prefix '\\?\' or
the NT object directory prefix '\??\', require the prefix to be
followed by 'UNC\' or '<drive letter>:\'. Otherwise return EINVAL.
This fixes the assertion failure in symlink_info::check that was
reported here:
https://cygwin.com/ml/cygwin/2019-09/msg00228.html
That assertion failure was caused by normalize_win32_path returning a
path with no backslashes when the source path was '\\?\DRIVE'.
Prior to commit b0717aae, path_conv::check had the following code:
if (strncmp (path, "\\\\.\\", 4))
{
/* Windows ignores trailing dots and spaces in the last path
component, and ignores exactly one trailing dot in inner
path components. */
char *tail = NULL;
[...]
if (!tail || tail == path)
/* nothing */;
else if (tail[-1] != '\\')
{
*tail = '\0';
[...]
}
Commit b0717aae0 intended to disable this code, but it inadvertently
disabled only part of it. In particular, the declaration of the local
tail variable was in the disabled code, but the following remained:
if (!tail || tail == path)
/* nothing */;
else if (tail[-1] != '\\')
{
*tail = '\0';
[...]
}
[A later commit removed the disabled code.]
The tail variable here points into a string different from path,
causing that string to be truncated under some circumstances. See
https://cygwin.com/ml/cygwin/2019-09/msg00001.html
for more details.
This commit fixes the problem by removing the leftover code
that was intended to be removed in b0717aae.
It is used only once, and the name is supposed to suggest "device that
is not based on the filesystem". This intended meaning is clearer if
we just replace is_auto_device() by its definition at the place where
it's used.
path_conv now sets the PATH_RESOLVE_PROCFD flag in path_flags if
the PC_SYM_NOFOLLOW_PROCFD pathconv_arg flag has been set on input
*and* the file is actually a proc fd symlink.
Add matching path_conv::follow_fd_symlink method for checking and
use it in open(2).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Remove another unfortunate amalgamation: Mount flags (MOUNT_xxx)
are converted to path_types (PATH_xxx) and mixed with non-mount
path_types flags in the same storage, leading to a tangled,
pell-mell usage of mount flags and path flags in path_conv and
symlink_info.
- There's also the case of PC_NONULLEMPTY. It's used in exactly
one place with a path_conv constructor only used in this single
place, just to override the automatic PC_NULLEMPTY addition
when calling the other path_conv constructors. Crazily,
PC_NONULLEMPTY is a define, no path_types flag, despite its
name.
- It doesn't help that the binary flag exists as mount and path
flag, while the text flag only exists as path flag. This leads
to mount code using path flags to set text/binary. Very confusing
is the fact that a text mount/path flag is not actually required;
the mount code sets the text flag on non binary mounts anyway, so
there are only two states. However, to puzzle people a bit more,
path_conv::binary wrongly implies there's a third, non-binary/non-text
state.
Clean up this mess:
- Store path flags separately from mount flags in path_conv and
symlink_info classes and change all checks and testing inline
methods accordingly.
- Make PC_NONULLEMPTY a simple path_types flag and drop the
redundant path_check constructor.
- Clean up the definition of pathconv_arg, path_types, and mount flags.
Use _BIT expression, newly define in cygwin/bits.h.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There's an unfortunate amalgamation of caller-provided pathconv_arg
flags with path_types flags which in turn are mostly mount flags.
This leads to a confusion of flag values in sylink_info::pflags and,
in turn, in path_conv::path_flags.
This patch decouples pathconv_flags from the other flags by making
sure that a pathconv_flag is never copied into a variable used for
path_types flags. Also, remove PATH_NO_ACCESS_CHECK since it's
not necessary.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Allows expressions along the lines of `cat /proc/self/fd/0 <<EOF'.
The problem here is that the temporary file used for the here script
has already been deleted by the shell. Opening by filename, as
implemented so far, doesn't work because the file has been moved
to the bin.
Allow reopening files by handle the same way from another process
as long as we have sufficient permissions on the foreign process.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 35998fc2fa fixed the buffer underun
in win32 path normalization, but introduced a new bug: A wrong
assumption led to the inability to backtrack the path outside of the
current working directory in case of relative paths.
This patch fixes this problem, together with a minor problem if the CWD
is on a network share: The result erroneously started with tripple
backslash if the src path starts with a single backslash.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Bug in current ARM64 WOW64: GetNativeSystemInfo returns
PROCESSOR_ARCHITECTURE_INTEL rather than PROCESSOR_ARCHITECTURE_ARM64.
Provide for this.
Make code better readable.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Guard the entire operation with the FastPebLock critical section
used by RtlSetCurrentDirectory_U as well, thus eliminating the
race between concurrent chdir/fchdir/SetCurrentDirectory calls.
Streamline comment explaining the fallback method.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Thanks to Ken Harris <Ken.Harris@mathworks.com> for the diagnosis.
When backing up tail to handle a "..", the code only checked that
it didn't underrun the destination buffer while removing path
components. It did *not* take into account that the first backslash
in the path had to be kept intact. Example path to trigger the
problem: "C:\A..\..\..\B'
Fix this by moving the dst pointer to the first backslash so subsequent
tests cannot underrun this position. Also make sure that we always
*have* a backslash.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Thanks to Ken Harris <Ken.Harris@mathworks.com> for the diagnosis
which led to a buffer underrun in this loop.
Revert before release.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* check_reparse_point_target returns a path flag mask, rather than
just 1. Return PATH_SYMLINK | PATH_REP for symlinks and directory
mount points, PATH_SOCKET | PATH_REP for AF_UNIX sockets.
* Define Cygwin AF_UNIX socket reparse tag and GUID in ntdll.h.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* Rename DEV_TCP_MAJOR to DEV_SOCK_MAJOR
* Drop FH_TCP, FH_UDP, FH_ICMP in favor of single FH_INET
* Drop FH_UNIX, FH_STREAM, FH_DGRAM in favor of single FH_LOCAL
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we had two functions checking the content of a reparse point,
readdir_check_reparse_point in fhandler_disk_file.cc for the sake of
readdir, and symlink_info::check_reparse_point for the sake of
generic path checking.
* Rename check_reparse_point_target helper to check_reparse_point_string
and convert to static function.
* Create new check_reparse_point_target helper containing the core
reparse point checking code
* Just call check_reparse_point_target from readdir_check_reparse_point
and symlink_info::check_reparse_point and only perform the unique
task in those functions.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add new SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE flag to
CreateSymbolicLinkW call when running on W10 1703 or later.
Don't do that on older versions to avoid ERROR_INVALID_PARAMETER.
Preliminary, needs testing. There's an off-chance that the
flag results in the same ERROR_INVALID_PARAMETER on 1703 if the
developer settings are not enabled.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There are certain, very obscure scenarios, which render the Windows
CWD handle inaccessible for reopening. An easy one is, the handle can
be NULL if the permissions of the CWD changed under the parent processes
feet.
Originally we just set errno and returned, but in case of init at
process startup that left the "posix" member NULL and subsequent
calls to getcwd failed with EFAULT.
We now check for a NULL handle and change the reopen approach
accordingly. If that doesn't work, try to duplicate the handle instead.
If duplicating fails, too, we set the dir handle to NULL and carry on.
This will at least set posix to some valid path and subsequent getcwd
calls won't fail. A NULL dir handle is ok, because we already do this
for virtual paths.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
A *very* recent Windows build adds more code to the preamble of
RtlGetCurrentDirectory_U() so that the previous heuristic failed to find
the call to the locking routine.
This only affects the 64-bit version of ntdll, where the 0xe8 byte is
now found at offset 40, not the 32-bit version. However, let's just
double the area we search for said byte for good measure.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
NtOpenFile/NtCreateFile on non-existent paths on network drives has a
bug. Assuming a path Z:\dir\file. Further assuming that Z:\dir does
not exist.
The first NtOpenFile("Z:\dir\file") correctly returns
STATUS_OBJECT_PATH_NOT_FOUND. Subsequent calls incorrectly
return STATUS_OBJECT_NAME_NOT_FOUND.
This appears to be some kind of caching behaviour. Waiting a while
before repeating the call correctly returns STATUS_OBJECT_PATH_NOT_FOUND
again.
This patch works around the observed misbehaviour.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far, when converting from POSIX to Windows notation, cygwin_conv_path
fails to check for .exe suffix, so /path/foo did not return /path/foo.exe
even if this file exists.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The original code only skipped the "./", but missed to test if more
trailing slashes are present. This in turn leads to invalid conversion.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
get_nt_native_path handles the transposition of chars not allowed
in Windows pathnames. However, it never starts transposition at
the start of the string, which is wrong for relative paths. Fix it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Convert sys_privs to const struct with TOKEN_PRIVILEGES layout.
Drop function get_system_priv_list. Just use pointer to sys_privs.
Dropping max_sys_priv from wincaps requires to make sure that the
bitfield is 8 byte aligned on x86_64, otherwise gcc (5.3 only?)
apparently breaks access to the bitfield (off by 4 bytes).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Revamp device parsing code. Introducing support for more partitions
into the shilka-generated parser has the unfortunate side-effect of
raising the size of the DLL by almost 2 Megs. Therefore we split out
the handling for /dev/sdXY devices into a tiny bit of hand-written
code.
While at it, remove some unused cruft from devices.* and generally
clean up the device class to provide access methods instead of direct
access to members.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.
Everything else stays under GPLv3+.
New Linking Exception exempts resulting executables from LGPLv3 section 4.
Add CONTRIBUTORS file to keep track of licensing.
Remove 'Copyright Red Hat Inc' comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This avoids having to call nfs_fetch_fattr3/file_get_fai depending
on FS type as well as having to extract the info FS dependent.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far drive letter paths have been handled special since path_conv
leaves the incoming path untouched except for converting backslashes
to forward slashes. However, if the incoming path starts with a
long path prefix, the same problem occurs. Therefore handle all
paths starting with a backslahs the same way.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit 0008bdea02.
This patch introduced a regression. Calling FOO=$(...) in zsh hangs
indefinitely and has to be killed forcefully.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
G++ 6.0 asserts that the "this" pointer is non-null for member
functions.
Refactor methods that check if "this" is non-null to resolve this.
winsup/cygwin/ChangeLog:
external.cc (cygwin_internal): Check for a null pinfo before calling
cmdline.
fhandler_dsp.cc (Audio::blockSize): Make static.
fhandler_dsp.cc (Audio_in): add default_buf_info.
fhandler_dsp.cc (Audio_out): Ditto.
fhandler_dsp.cc (Audio_out::buf_info): Refactor method to call
default_buf_info if dev_ is null.
fhandler_dsp.cc (Audio_in::buf_info): Ditto.
fhandler_dsp.cc (fhandler_dev_dsp::_ioctl): Call Audio_out::default_buf_info if audio_out_ is null.
fhandler_dsp.cc (fhandler_dev_dsp::_ioctl): Call Audio_in::default_buf_info if audio_in_ is null.
fhandler_process.cc (format_process_fd): Check if pinfo is null.
fhandler_process.cc (format_process_root): Ditto.
fhandler_process.cc (format_process_cwd): Ditto.
fhandler_process.cc (format_process_cmdline): Ditto.
signal.cc (tty_min::kill_pgrp): Ditto.
signal.cc (_pinfo::kill0): Ditto.
sigproc.cc (pid_exists): Ditto.
sigproc.cc (remove_proc): Ditto.
times.cc (clock_gettime): Ditto.
times.cc (clock_getcpuclockid): Ditto.
path.cc (cwdstuff::override_win32_cwd): Check if old_cwd is null.
path.cc (fcwd_access_t::Free): Factor null check of "this" out to
caller(s).
pinfo.cc (_pinfo::exists): Ditto.
pinfo.cc (_pinfo::fd): Ditto.
pinfo.cc (_pinfo::fds): Ditto.
pinfo.cc (_pinfo::root): Ditto.
pinfo.cc (_pinfo::cwd): Ditto.
pinfo.cc (_pinfo::cmdline): Ditto.
signal.cc (_pinfo::kill): Ditto.
pinfo.cc (_pinfo::commune_request): remove non-null check on "this", as
this method is only called from pinfo.cc after null checks
pinfo.cc (_pinfo::pipe_fhandler): remove non-null check on "this", as
this method is only called from pipe.cc (fhandler_pipe::open) after a null check.
Signed-off-by: Peter Foley <pefoley2@pefoley.com>
* path.h (class path_conv_handle): Use FILE_ALL_INFORMATION instead of
FILE_NETWORK_OPEN_INFORMATION. Use definitions from ntdll.h since it's
included anyway.
(path_conv_handle::fai): Change name from fnoi.
(path_conv::fai): Ditto.
(file_get_fai): Change name from file_get_fnoi. Drop second parameter.
* path.cc (file_get_fai): Ditto. Fetch FileAllInformation rather than
FileNetworkOpenInformation. Convert STATUS_BUFFER_OVERFLOW to
STATUS_SUCCESS. Remove workaround to fetch FileBasicInformation and
FileStandardInformation on filesystems with broken
FileNetworkOpenInformation handling.
(symlink_info::check): Accommodate above changes. In case of using
the NtQueryDirectoryFile fallback, fetch FileIdBothDirectoryInformation
to get inode number as well.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Drop outdated
comment. Accommodate change to using FileAllInformation. Drop
extra function calls to fetch NumberOfLinks and IndexNumber. Set ino
directly from IndexNumber stored in pc.fai(). Drop second argument
from call to fstat_helper.
(fhandler_base::fstat_by_name): Drop second argument from call to
fstat_helper.
(fhandler_base::fstat_helper): Drop second parameter. Accommodate
the fact that we access a FILE_ALL_INFORMATION structure now.
(fhandler_base::open_fs): Set ino directly from IndexNumber stored in
pc.fai().
* fhandler.h (fhandler_base::fstat_helper): Fix declaration accrdingly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* include/sys/cygwin.h (CCP_PROC_CYGDRIVE): New flag.
* mount.cc (mount_info::cygdrive_posix_path): Take flag values rather
than just a trailing_slash_p bool. Emit /proc/cygdrive path if
CCP_PROC_CYGDRIVE flag is given.
(mount_info::conv_to_posix_path): Take flag values rather than just
a keep_rel_p bool. Rename _p variables. Print flag value as hex in
debug_printf. Call cygdrive_posix_path with flag values.
* mount.h (mount_info::cygdrive_posix_path): Accommodate above change
in declaration.
(mount_info::conv_to_posix_path): Ditto.
* fhandler_process.cc (format_process_exename): Accommodate change to
mount_info::conv_to_posix_path.
* path.cc (cygwin_conv_path): Ditto.
* cygpath.cc (absolute_flag): Initialize to CCP_RELATIVE to simplify
expressions.
(cygdrive_flag): New global flag.
(long_options): Add --proc-cygdrive option.
(options): Add -U option.
(usage): Add description for -U option.
(do_sysfolders): Or cygdrive_flag to cygwin_conv_path call.
(do_pathconv): Simply or absolute_flag to conv_func. Or
cygdrive_flag to conv_func.
(do_options): Initalize absolute_flag to CCP_RELATIVE. Initialize new
cygdrive_flag. Set absolute_flag to CCP_ABSOLUTE on -a. Set
cygdrive_flag to CCP_PROC_CYGDRIVE on -U.
* new-features.xml (ov-new2.4): Document cygpath -U option.
* utils.xml (cygpath): Ditto.
* path.xml (func-cygwin-path): Add CCP_PROC_CYGDRIVE description.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- New, unified implementation of POSIX permission and ACL handling. The
new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
they allow to inherit the S_ISGID bit. ACL inheritance now really
works as desired, in a limited, but theoretically equivalent fashion
even for non-Cygwin processes.
To accommodate Windows default ACLs, the new code ignores SYSTEM and
Administrators group permissions when computing the MASK/CLASS_OBJ
permission mask on old ACLs, and it doesn't deny access to SYSTEM and
Administrators group based on the value of MASK/CLASS_OBJ when
creating the new ACLs.
The new code now handles the S_ISGID bit on directories as on Linux:
Setting S_ISGID on a directory causes new files and subdirs created
within to inherit its group, rather than the primary group of the user
who created the file. This only works for files and directories
created by Cygwin processes.
2015-05-29 Corinna Vinschen <corinna@vinschen.de>
Reapply POSIX ACL changes.
* utils.xml (setfacl): Show new option output.
(getfacl): Show new option output.
* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
Apply umask, if so. Align comments.
* security.cc (set_created_file_access): Fix permission masking by
incoming requested file mode.
* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
for SYSTEM and Admins group.
* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.
* fhandler.h (fhandler_pty_slave::facl): Add prototype.
* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
(fhandler_pty_slave::fchown): Fix uid/gid handling.
* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
Simplify and move around code in a few places. To improve ACL
readability, add r/w permissions to Admins ACE appended to pty ACL.
Add comment to explain Windows ACE Mask filtering being in the way of
creating a real CLASS_OBJ.
(get_posix_access): Fake CLASS_OBJ for ptys. Explain why.
* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
when calling get_posix_access.
* sec_acl.cc (set_posix_access): Move merging group perms into owner
perms in case of owner == group after mask has been computed. Take
mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
the ACCESS_ALLOWED_ACE.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
set GROUP_OBJ and CLASS_OBJ perms to new group perms. Add comment
to explain why.
* security.cc (set_created_file_access): Ditto.
* sec_acl.cc (set_posix_access): Replace previous patch. Return
EINVAL if uid and/or guid is invalid and not backed by an actual
Windows account.
* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.
* sec_acl.cc (set_posix_access): Handle files with owner == group.
Rephrase switch statement checking against unfiltered a_type value.
(get_posix_access): Handle files with owner == group.
* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
CLASS_OBJ mask on old-style ACLs. Fix a comment.
* sec_acl.cc (set_posix_access): Always make sure Admins have
WRITE_DAC and WRITE_OWNER permissions.
* security.h (create_object_sd_from_attribute): Drop handle parameter
from prototype.
* security.cc (create_object_sd_from_attribute): Drop handle parameter.
Just create the standard POSIXy security descriptor.
(set_object_attribute): Accommodate dropped paramter in call to
create_object_sd_from_attribute.
* fhandler_tty.cc: Ditto, throughout.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
mask computation.
* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
not umasked.
(fhandler_base::open): Explicitely umask mode on NFS here. Call new
set_created_file_access rather than set_file_attribute.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
setting permissions on filesystems supporting ACLs using the new
set_posix_access call.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::mkdir): Call new set_created_file_access rather
than set_file_attribute.
* fhandler_socket.cc (fhandler_socket::bind): Don't umask here. Add
WRITE_OWNER access to allow writing group in case of SGID bit set.
Call new set_created_file_access rather than set_file_attribute.
* path.cc (symlink_worker): Call new set_created_file_access rather
than set_file_attribute.
* sec_acl.cc (searchace): Un-staticize.
(set_posix_access): New, complementary functionality to
get_posix_access.
(setacl): Implement in terms of get_posix_access/set_posix_access.
(get_posix_access): Add handling for just created files requiring
their first Cygwin ACL. Fix new_style recognition. Handle SGID
bit. For old-style ACLs, ignore SYSTEM and Administrators when
computing the {DEF_}CLASS_OBJ perms.
* security.cc (get_file_sd): Revamp comment. Change and (hopefully)
speed up inheritance processing for just created files.
(alloc_sd): Remove.
(set_security_attribute): Call set_posix_access instead of alloc_sd.
(get_object_attribute): Fix return value.
(create_object_sd_from_attribute): Call set_posix_access instead of
alloc_sd.
(set_file_attribute): Remove.
(set_created_file_access): New function implemented in terms of
get_posix_access/set_posix_access.
* security.h (set_file_attribute): Remove prototype.
(set_created_file_access): Add prototype.
(searchace): Ditto.
(set_posix_access): Ditto.
* syscalls.cc (open): Call open_with_arch with mode not umasked.
* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
Describe how to generate deny ACEs in more detail. Accommodate the
fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
a special Cygwin ACE. Improve further comments.
(CYG_ACE_NEW_STYLE): Define.
(get_posix_access): Change from Cygwin ACE to NULL deny ACE. Fix
CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
NULL deny ACE if the inheritance flags say so.
* sec_helper.cc (well_known_cygwin_sid): Remove.
* security.h (well_known_cygwin_sid): Drop declaration.
* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
(get_posix_access): Rename index variable from i to idx. Define only
once at top level.
* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
Accommodate throughout.
(add_access_denied_ace): Ditto.
* sec_acl.cc: Accommodate above change throughout.
* security.h (add_access_allowed_ace): Adjust prototype to above change.
(add_access_denied_ace): Ditto.
* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
owner and primary group of the file. Handle the default primary
group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
set. Add comments. Minor code rearrangements.
Preliminary read side implementation of new permission handling.
* acl.h (MAX_ACL_ENTRIES): Raise to 2730. Add comment to explain.
* sec_acl.cc: Add leading comment to explain new ACL style.
Add definitions and macros to use for bits in new Cygwin ACL.
(DENY_RWX): New mask value for all temporary deny bits.
(getace): Add bool parameter to decide when leaving all bits intact,
rather than filtering them per the already set bits.
(get_posix_access): New function, taking over functionality to read
POSIX ACL from SECURITY_DESCRIPTOR.
(getacl): Just call get_posix_access.
* sec_helper.cc (well_known_cygwin_sid): Define.
* security.cc (get_attribute_from_acl): Remove.
(get_info_from_sd): Remove.
(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
(get_file_attribute): Ditto.
(get_object_attribute): Ditto.
* security.h (well_known_cygwin_sid): Declare.
(get_posix_access): Add prototype.
* Throughout, use simpler ACE macros from Windows' accctrl.h.
* getfacl.c (main): Special-case SYSTEM and Admins group. Add comments.
* setfacl.c: Align more to Linux tool.
(delacl): New function to delete acl entries only.
(modacl): Drop delete functionality. Add handling of recomputing the
mask and default mask values.
(delallacl): Rename from delacl.
(setfacl): Call delacl in Delete case. Call delallacl in DeleteAll
and DeleteDef case.
(usage): Accommodate new options. Rearrange and rephrase slightly.
(longopts): Emit 'x' in --delete case. Add --no-mask and --mask
options.
(opts): Add -x and -n options.
(main): Handle -d and -x the same. Handle -n and --mask options.
Drop handling for -r option.
* getfacl.c (usage): Align more closely to Linux version. Add new
options -c, -e, -E. Change formatting to accommodate longer options.
(longopts): Rename --noname to --numeric. Keep --noname for backward
compatibility. Add --omit-header, --all-effective and --no-effective
options.
(opts): Add -c, -e and -E option.
(main): Handle new -c, -e, and -E options.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* path.cc (symlink_native): Don't generate native symlink targeting
Cygwin special file. Inform the caller.
(symlink_worker): Don;t bail out in WSYM_nativestrict case if the
target is a Cygwin special file.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* strfuncs.cc (sys_cp_wcstombs): Always return number of multibytes
without trailing NUL as the documentation implies. Throughout Cygwin,
fix usage to align to this pattern.
* fhandler_process.cc (format_process_winexename): Drop trailing NUL
and LF from output.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* path.cc (path_conv::set_nt_native_path): New function.
* path.h (path_conv::set_nt_native_path): Add prototype.
* syscall.cc (try_to_bin): Handle moving files to the recycler
accessed via a local virtual drive (subst). Fix a problem renaming
the file to the unique replacement name on Samba. Align comment.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* path.cc (basename): Undefine basename before defining function to
avoid type collision with prototype in string.h.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
winsup/cygwin/
* common.din (__gnu_basename): Export.
* path.cc (__gnu_basename): New function.
winsup/doc/
* posix.xml (std-gnu): Add basename.
(std-notes): Add note about two forms of basename.
suffix and make private. Rename normalized_path to posix_path and
make privtae. Accommodate name changes throughout in path_conv
methods.
(path_conv::known_suffix): New method. Use throughout instead of
accessing suffix directly.
(path_conv::get_win32): Constify.
(path_conv::get_posix): New method to read posix_path. Use throughout
instead of accessing normalized_path directly.
(path_conv::set_posix): Rename from set_normalized_path. Accommodate
name change throughout.
* spawn.cc (find_exec): Return POSIX path, not Win32 path.
* fhandler_process.cc (process_tab): Fix indentation.
(fhandler_process::exists): Rely on format_process_fd returning file
type in fd_type.
(struct process_fd_t): Add fd_type member.
(fhandler_process::fill_filebuf): Allow format_process_fd to set
this->fd_type member.
(format_process_fd): Fix path evaluation to allow recognizing trailing
path components. Fix check for file descriptor path component. Return
virt_symlink in fd_type if no trailing path compenents exist, return
virt_fsdir otherwise and copy full resulting path into destbuf.
* path.cc (path_conv::check): If /proc/$PID/fd symlink has trailing
path components, reparse resulting path as if it's the incoming path.
Add comment to wail over the outdated and hackish check method, and to
explain what we do here.
* path.cc (warn_msdos): Make static. Drop test for dos_file_warning.
(path_conv::check): Check for dos_file_warning here to avoid a function
call in the default case.
handler.
* cygtls.cc (_cygtls::remove): Accommodate the fact that pathbufs
has been moved from _local_storage to _cygtls.
* cygtls.h (class tls_pathbuf): Add comment to hint to gendef usage
of counters. Change type of counters to uint32_t for clarity.
Remove _cygtls as friend class.
(struct _local_storage): Move pathbufs from here...
(struct _cygtls): ...to here, allowing to access it from _sigbe.
(class san): Only define on 32 bit. Remove errno, _c_cnt and _w_cnt
members.
(san::setup): Drop parameter. Don't initialize removed members.
(san::leave): Don't set removed members.
(class myfault): Only define on 32 bit.
(myfault::faulted): Only keep implementation not taking any parameter.
Drop argument in call to sebastian.setup.
(__try/__leave/__except/__endtry): Implement to support real SEH. For
now stick to SJLJ on 32 bit.
* dcrt0.cc (dll_crt0_0): Drop 64 bit call to
exception::install_myfault_handler.
* exception.h (exception_handler): Define with EXCEPTION_DISPOSITION
as return type.
(PDISPATCHER_CONTEXT): Define as void * on 32 bit. Define as pointer
to _DISPATCHER_CONTEXT on 64 bit.
(class exception): Define separately for 32 and 64 bit.
(exception::myfault): Add handler for myfault SEH handling on 64 bit.
(exception::exception): Fix mangled method name to account for change
in type of last parameter.
(exception::install_myfault_handler): Remove.
* exceptions.cc (exception::myfault_handle): Remove.
(exception::myfault): New SEH handler for 64 bit.
* gendef (_sigbe): Set tls_pathbuf counters to 0 explicitely when
returning to the caller.
* ntdll.h: Move a comment to a better place.
(struct _SCOPE_TABLE): Define on 64 bit.
* thread.cc (verifyable_object_isvalid): Remove gcc 4.7 workaround.
* tls_pbuf.cc (tls_pbuf): Fix to accommodate new place of pathbufs.
(tls_pathbuf::destroy): Change type of loop variables to uint32_t.
* tls_pbuf.h (class tmp_pathbuf): Change type of buffer counters to
uint32_t. Accommodate new place of pathbufs.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Regenerate.
path_conv <-> normalize_posix_path, plus a bit of buffer.
(TP_NUM_W_BUFS): Ditto.
(class san): Change type of _c_cnt and _w_cnt to unsigned.
* path.cc (normalize_posix_path): Guard recursion into path_conv
against tmp_pathbuf overflow. Generate normalized path in call to
path_conv. If the path is valid, replace dst with the normalized_path
from path_conv call. Add comment to explain why we're doing this.
* tls_pbuf.cc (tls_pathbuf::destroy): Only free buffers until the
first buffer pointer is NULL.
(tmp_pathbuf::c_get): Simplify error message.
(tmp_pathbuf::w_get): Ditto.
* tls_pbuf.h (class tmp_pathbuf): Change type of c_buf_old and w_buf_old
to unsigned.
(tmp_pathbuf::check_usage): New inline method to check if we have
enough tmp_pathbuf buffers left to call a function using tmp_pathbuf
buffers.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Regenerate.
/etc/nsswitch.conf file to configure it.
* Makefile.in (DLL_OFILES): Add ldap.o.
* autoload.cc: Import ldap functions from wldap32.dll.
(DsEnumerateDomainTrustsW): Import.
(NetGroupGetInfo): Import.
* cygheap.h (class cygheap_domain_info): New class to keep global
domain info.
(class cygheap_pwdgrp): New class to keep passwd/group caches and
configuration info from /etc/nssswitch.conf.
(struct init_cygheap): Add cygheap_domain_info member "dom" and
cygheap_pwdgrp member "pg".
* cygtls.h (struct _local_storage): Remove unused member "res".
Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
passwd/group fetching from SAM/AD. Make pw_pos and pw_pos unsigned.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
uid/gid mapping.
* fhandler_process.cc: Drop including pwdgrp.h.
* fhandler_procsysvipc.cc: Ditto.
* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
* grp.cc (group_buf): Drop.
(gr): Drop.
(pwdgrp::parse_group): Fill pg_grp.
(pwdgrp::read_group): Remove.
(pwdgrp::init_grp): New method.
(pwdgrp::prep_tls_grbuf): New method.
(pwdgrp::find_group): New methods.
(internal_getgrsid): Convert to call new pwdgrp methods.
(internal_getgrnam): Ditto.
(internal_getgrgid): Ditto.
(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
(getgrgid32): Ditto.
(getgrnam_r): Ditto for internal_getgrnam.
(getgrnam32): Ditto.
(getgrent32): Convert to call new pwdgrp methods.
(internal_getgrent): Remove.
(internal_getgroups): Simplify, especially drop calls to
internal_getgrent.
* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
and RFC 2307 server.
* ldap.h: New header, declaring cyg_ldap class.
* passwd.cc (passwd_buf): Drop.
(pr): Drop.
(pwdgrp::parse_passwd): Fill pg_pwd.
(pwdgrp::read_passwd): Remove.
(pwdgrp::init_pwd): New method.
(pwdgrp::prep_tls_pwbuf): New method.
(find_user): New methods.
(internal_getpwsid): Convert to call new pwdgrp methods.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
(getpwuid_r): Ditto.
(getpwnam): Ditto for internal_getpwnam.
(getpwnam_r): Ditto.
(getpwent): Convert to call new pwdgrp methods.
* path.cc (class etc): Remove all methods.
* path.h (class etc): Drop.
* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
than UNKNOWN_GID.
(pinfo_init): Ditto.
* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
(internal_getpwuid): Ditto.
(internal_getgrgid): Ditto.
(internal_getgrnam): Ditto.
(internal_getgrent): Drop declaration.
(enum fetch_user_arg_type_t): New type.
(struct fetch_user_arg_t): New type.
(struct pg_pwd): New type.
(struct pg_grp): New type.
(class pwdgrp): Rework to provide functions for file and db requests
and caching.
(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
(ugid_cache): Declare.
* sec_acl.cc: Drop including pwdgrp.h.
* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
(get_logon_server): Convert third parameter to ULONG flags argument
to allow arbitrary flags values in DsGetDcNameW call and change calls
to this function throughout. Use cached account domain name rather
than calling GetComputerNameW.
(get_unix_group_sidlist): Remove.
(get_server_groups): Drop call to get_unix_group_sidlist.
(verify_token): Rework token group check without calling
internal_getgrent.
* sec_helper.cc (cygpsid::pstring): New methods, like string() but
return pointer to end of string.
(cygsid::getfromstr): Add wide character implementation.
(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
* security.cc: Drop including pwdgrp.h.
* security.h (DEFAULT_UID): Remove.
(UNKNOWN_UID): Remove.
(UNKNOWN_GID): Remove.
(uinfo_init): Move here from winsup.h.
(ILLEGAL_UID): Ditto.
(ILLEGAL_GID): Ditto.
(UNIX_POSIX_OFFSET): Define. Add lengthy comment.
(UNIX_POSIX_MASK): Ditto.
(MAP_UNIX_TO_CYGWIN_ID): Ditto.
(ILLEGAL_UID16): Move here from winsup.h.
(ILLEGAL_GID16): Ditto.
(uid16touid32): Ditto.
(gid16togid32): Ditto.
(sid_id_auth): New convenience macro for SID component access.
(sid_sub_auth_count): Ditto.
(sid_sub_auth): Ditto.
(sid_sub_auth_rid): Ditto.
(cygpsid::pstring): Declare.
(cygsid::getfromstr): Declare wide character variant.
(cygsid::operator=): Ditto.
(cygsid::operator*=): Ditto.
(get_logon_server): Change declaration according to source code.
* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
call.
* shared.cc (memory_init): Call cygheap->pg.init in first process.
* syscalls.cc: Drop including pwdgrp.h.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
call. Fix debug output. Overwrite user gid in border case of a
missing passwd file while a group file exists.
(pwdgrp::add_line): Allocate memory on cygheap.
(pwdgrp::load): Remove.
(ugid_cache): Define.
(cygheap_pwdgrp::init): New method.
(cygheap_pwdgrp::nss_init_line): New method.
(cygheap_pwdgrp::_nss_init): New method.
(cygheap_domain_info::init): New method.
(logon_sid): Define.
(get_logon_sid): New function.
(pwdgrp::add_account_post_fetch): New method.
(pwdgrp::add_account_from_file): New methods.
(pwdgrp::add_account_from_windows): New methods.
(pwdgrp::check_file): New method.
(pwdgrp::fetch_account_from_line): New method.
(pwdgrp::fetch_account_from_file): New method.
(pwdgrp::fetch_account_from_windows): New method.
* winsup.h: Move aforementioned macros and declarations to security.h.
Corinna Vinschen
Christian Franke
Ken Brown
Arseniy Lartsev
Joe_Lowe
Johannes Schindelin
Peter Foley
Yaakov Selkowitz