Commit Graph

754 Commits

Author SHA1 Message Date
Ken Brown 5b8358e6ed Cygwin: remove the OPEN_MAX_MAX macro
Replace all occurrences of OPEN_MAX_MAX by OPEN_MAX, and define the
latter to be 3200, which was the value of the former.  In view of the
recent change to getdtablesize, there is no longer a need to
distinguish between these two macros.
2021-02-01 09:55:08 -05:00
Ken Brown 3d256e22e2 Cygwin: getdtablesize: always return OPEN_MAX_MAX
According to the Linux man page for getdtablesize(3), the latter is
supposed to return "the maximum number of files a process can have
open, one more than the largest possible value for a file descriptor."
The constant OPEN_MAX_MAX is the only limit enforced by Cygwin, so we
now return that.

Previously getdtablesize returned the current size of cygheap->fdtab,
Cygwin's internal file descriptor table.  But this is a dynamically
growing table, and its current size does not reflect an actual limit
on the number of open files.

With this change, gnulib now reports that getdtablesize and
fcntl(F_DUPFD) work on Cygwin.  Packages like GNU tar that use the
corresponding gnulib modules will no longer use gnulib replacements on
Cygwin.
2021-02-01 09:55:07 -05:00
Ken Brown 883abd9d7d Cygwin: fchmodat: add limited support for AT_SYMLINK_NOFOLLOW
Allow fchmodat with the AT_SYMLINK_NOFOLLOW flag to succeed on
non-symlinks.  Previously it always failed, as it does on Linux.  But
POSIX permits it to succeed on non-symlinks even if it fails on
symlinks.

The reason for following POSIX rather than Linux is to make gnulib
report that fchmodat works on Cygwin.  This improves the efficiency of
packages like GNU tar that use gnulib's fchmodat module.  Previously
such packages would use a gnulib replacement for fchmodat on Cygwin.
2021-01-29 11:50:53 -05:00
Corinna Vinschen 5b941f21b5 Cygwin: Align *utime*() with POSIX/glibc
Followup to previous patch, this time matching definitions in Cygwin

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2021-01-26 17:27:35 +01:00
Ben Wijen f4cac1217e syscalls.cc: Deduplicate remove
The remove code is already in the _remove_r function.
So, just call the _remove_r function.
2021-01-25 19:57:46 +01:00
Ben Wijen cb41c375a6 syscalls.cc: unlink_nt: Try FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE
I think we don't need an extra flag as we can utilize: access & FILE_WRITE_ATTRIBUTES
What do you think?

Ben Wijen (1):
  syscalls.cc: unlink_nt: Try FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE

 winsup/cygwin/ntdll.h     |  3 ++-
 winsup/cygwin/syscalls.cc | 22 +++++++--------
 winsup/cygwin/wincap.cc   | 11 ++++++++
 winsup/cygwin/wincap.h    | 56 ++++++++++++++++++++-------------------
 4 files changed, 53 insertions(+), 39 deletions(-)

--
2.30.0

>From 2d0ff6fec10d03c24d11c747852018b7bc1136ac Mon Sep 17 00:00:00 2001
In-Reply-To: <20210122105201.GD810271@calimero.vinschen.de>
References: <20210122105201.GD810271@calimero.vinschen.de>
From: Ben Wijen <ben@wijen.net>
Date: Tue, 17 Dec 2019 15:15:25 +0100
Subject: [PATCH v3 1/8] syscalls.cc: unlink_nt: Try
 FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE

Implement wincap.has_posix_unlink_semantics_with_ignore_readonly and when set
skip setting/clearing of READONLY attribute and instead use
FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE
2021-01-25 10:50:13 +01:00
Ken Brown a60a4501b7 Cygwin: ptsname_r: always return an error number on failure
Return EBADF on a bad file descriptor.  Previously 0 was returned, in
violation of the requirement in
https://man7.org/linux/man-pages/man3/ptsname_r.3.html that an error
number should be returned on failure.

We are intentionally deviating from Linux, on which ENOTTY is
returned.

Addresses: https://lists.gnu.org/archive/html/bug-gnulib/2021-01/msg00245.html
2021-01-22 10:36:43 -05:00
Ben Wijen 0c0ff5dc21 Cygwin: Move post-dir unlink check
Move post-dir unlink check from fhandler_disk_file::rmdir to
_unlink_nt_post_dir_check

If a directory is not removed through fhandler_disk_file::rmdir
we can now make sure the post dir check is performed.
2021-01-22 13:35:11 +01:00
Ben Wijen cbeb1009a9 syscalls.cc: Use EISDIR
This is the non-POSIX value returned by Linux since 2.1.132.
2021-01-18 12:04:42 +01:00
Ben Wijen 17ede0eae5 syscalls.cc: Fix num_links
NtQueryInformationFile on fh_ro needs FILE_READ_ATTRIBUTES
to succeed.
2021-01-18 12:01:19 +01:00
Ken Brown 9ad86f619c Cygwin: fstatat: call fstat64 instead of fstat
This fixes a bug on 32-bit Cygwin that was introduced in commit
84252946, "Cygwin: fstatat, fchownat: support the AT_EMPTY_PATH flag".

Add a comment explaining why fstat should not be called.

Addresses: https://cygwin.com/pipermail/cygwin/2021-January/247399.html
2021-01-12 14:41:53 -05:00
Corinna Vinschen 4bfa93f1a0 Cygwin: symlink/mknod: fix ACL handling
mknod32 actually creates a path_conv, just to call mknod_worker
with a win32 path.  This doesn't only require to create path_conv
twice, it also breaks permissions on filesystems supporting ACLs.

Fix this by passing the path_conv created in the caller down to
symlink_worker.  Also, while at it, simplify the handling of trailing
slashes and move it out of symlink_worker.  Especially use the
new PC_SYM_NOFOLLOW_DIR flag to avoid fiddeling with creating
a new path copy without the trailing slash.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2020-01-28 17:58:06 +01:00
Corinna Vinschen cf6c439b6d Cygwin: drop __stdcall from close_all_files
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2020-01-28 15:33:53 +01:00
Ken Brown 352dbd304b Cygwin: fstatat, fchownat: support the AT_EMPTY_PATH flag
Following Linux, allow the pathname argument to be an empty string if
the AT_EMPTY_PATH flag is specified.  In this case the dirfd argument
can refer to any type of file, not just a directory, and the call
operates on that file.  In particular, dirfd can refer to a symlink
that was opened with O_PATH | O_NOFOLLOW.
2020-01-20 09:47:15 -05:00
Ken Brown 6cc05784e1 Cygwin: readlinkat: allow pathname to be empty
Following Linux, allow the pathname argument to be an empty string,
provided the dirfd argument refers to a symlink opened with
O_PATH | O_NOFOLLOW.  The readlinkat call then operates on that
symlink.
2020-01-17 10:27:48 -05:00
Ken Brown 35a1a6dbdf Cygwin: allow opening a symlink with O_PATH | O_NOFOLLOW
Up to now, opening a symlink with O_NOFOLLOW fails with ELOOP.
Following Linux, allow this to succeed if O_PATH is also specified.
2020-01-17 07:43:02 -05:00
Anton Lavrentiev via cygwin-patches fe239aef1b Cygwin: getpriority() consistent with process priority
https://cygwin.com/ml/cygwin/2019-08/msg00122.html
2019-10-31 21:40:22 +01:00
Corinna Vinschen 8551226961 Cygwin: seteuid: do not verify lsaprivkeyauth token
We don't support setting groups via /etc/groups anymore.  Also, the
initgroups group list is created via S4U, so we have "Interactive" vs.
"Network" token, an artificial and entirely irrelevant difference.

So,  "verifying" the lsaprivkeyauth token may lead to rejecting a prefectly
valid token.  Just remove the verify_token call.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 20:36:26 +01:00
Corinna Vinschen 5c4ce731ac Cygwin: Revert attempting to unload user profile after use
Revert "Cywin: user profile: unload impersonation user profile on exit"
Revert "Cygwin: seteuid: allow inheriting impersonation user profile handle"
Revert "Cygwin: user profile: add debug output to unload_user_profile"
Revert "Cygwin: user profile: Make an effort to unload unused user profiles"

This reverts commit bcb33dc4f0.
This reverts commit dd3730ed9c.
This reverts commit 8eee25241e.
This reverts commit 71b8777a71.

This patchset actually results in the following problem:

- After a couple of ssh logon/logoff attempts, an interactive session
  of the same user loging in, is broken.

Apparently UnloadUserProfile manages to unload the user's profile
even while a parallel interactive session still uses the user's
profile.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 17:31:27 +01:00
Corinna Vinschen dd3730ed9c Cygwin: seteuid: allow inheriting impersonation user profile handle
The child process needs access to the handle to be able to
unload it when switching user context.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 20:48:59 +01:00
Corinna Vinschen 71b8777a71 Cygwin: user profile: Make an effort to unload unused user profiles
Does this work?  There's not much feedback given.

TODO: We might want to try unloading the user profile at process
exit as well, FWIW.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:30:44 +01:00
Corinna Vinschen 13b1f9c0d1 Cygwin: seteuid32: don't use INVALID_HANDLE_VALUE
NULL is the natural state of an unused handle

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:24:05 +01:00
Corinna Vinschen 105fbdebdd Cygwin: s4uauth: allow to be called for identification only
s4uath was only callable to create an impersonation token so
far.  Rework the function to allow creating an identification
token for informational purposes even from untrusted processes.

Take domainname and username instead of a passwd pointer to be
more multi-purpose.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen e53373bbdb Cygwin: re-enable create_token for older systems
Under WOW64 on 64 bit Windows 7, MsV1_0S4ULogon appears to be
unimplemented, probably under Vista as well.  Re-enable
create_token method, to allow basic seteuid on W7 WOW64 and
Vista as well.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 21:00:59 +01:00
Michael Haubenwallner 8ddb1f60c8 forkables: Create forkable hardlinks, yet unused.
In preparation to protect fork() against dll- and exe-updates, create
hardlinks to the main executable and each loaded dll in subdirectories
of /var/run/cygfork/, if that one exists on the NTFS file system.

The directory names consist of the user sid, the main executable's NTFS
IndexNumber, and the most recent LastWriteTime of all involved binaries
(dlls and main executable).  Next to the main.exe hardlink we create the
empty file main.exe.local to enable dll redirection.

The name of the mutex to synchronize hardlink creation/cleanup also is
assembled from these directory names, to allow for synchronized cleanup
of even orphaned hardlink directories.

The hardlink to each dynamically loaded dll goes into another directory,
named using the NTFS IndexNumber of the dll's original directory.

	* Makefile.in (DLL_OFILES): Add forkable.o.
	* dll_init.h (struct dll): Declare member variables fbi, fii,
	forkable_ntname.  Declare methods nominate_forkable,
	create_forkable.
	(struct dll_list): Declare enum forkables_needs.  Declare member
	variables forkables_dirx_size, forkables_dirx_ntname,
	forkables_mutex_name, forkables_mutex.  Declare private methods
	forkable_ntnamesize, prepare_forkables_nomination,
	update_forkables_needs, update_forkables, create_forkables,
	denominate_forkables, close_mutex, try_remove_forkables,
	set_forkables_inheritance, request_forkables.  Declare public
	static methods ntopenfile, read_fii, read_fbi.  Declare public
	methods release_forkables, cleanup_forkables.  Define public
	inline method setup_forkables.
	* dll_init.cc (dll_list::alloc): Allocate memory to hold the
	name of the hardlink in struct dll member forkable_ntname.
	Initialize struct dll members fbi, fii.
	(dll_list::load_after_fork): Call release_forkables method.
	* fork.cc: Rename public fork function to static dofork, add
	with_forkables as bool pointer parameter.  Add new fork function
	calling dofork.  (struct frok): Add bool pointer member
	with_forkables, add as constructor parameter.
	(frok::parent): Call dlls.setup_forkables before CreateProcessW,
	dlls.release_forkables afterwards.
	* pinfo.cc (pinfo::exit): Call dlls.cleanup_forkables.
	* syscalls.cc (_unlink_nt): Rename public unlink_nt function to
	static _unlink_nt, with 'shareable' as additional argument.
	(unlink_nt): New, wrap _unlink_nt for original behaviour.
	(unlink_nt_shareable): New, wrap _unlink_nt to keep a binary
	file still loadable while removing one of its hardlinks.
	* forkable.cc: New file.
	Implement static functions mkdirs, rmdirs, rmdirs_synchronized,
	stat_real_file_once, format_IndexNumber, rootname, sidname,
	exename, lwtimename.  Define static array forkable_nameparts.
	(struct dll): Implement nominate_forkable, create_forkable.
	(struct dll_list): Implement static methods ntopenfile,
	read_fii, read_fbi.  Implement forkable_ntnamesize,
2019-02-07 15:58:02 +01:00
Corinna Vinschen 9fa22dba55 Cygwin: unlink: allow fallback from POSIX to default method
Trying to delete in-use executables and DLLs using
FILE_DISPOSITION_POSIX_SEMANTICS returns STATUS_CANNOT_DELETE.
Fall back to the former method if that error occurs to allow
unlinking these files.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-06 21:17:35 +01:00
Corinna Vinschen 5628399c84 Cygwin: proc fd: fix handling of pipes, sockets, etc
The symlink target of /proc/PID/fd files pointing to pipes and
sockets are just artificial filenames referencing the object using
some internal number.  The pipe open code expects a path specifying
process pid and the internal number so it access the right process
and pipe.

- Set the posix path of the pipe to the simple pipe name only,
  as it shows up in /proc/PID/fd.  A /proc/self prefix is just
  as wrong as a /dev/fd prefix.

- Revert thinko in fhandler_pipe::open expecting the name as
  /proc/self/fd/...  In fact this should never happen.

- Fix up the path before re-opening the pipe instead.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-05 15:32:08 +01:00
Corinna Vinschen 1f6340aa8b Cygwin: proc fd: pass along open mode when reopening file
The reopen code neglected to pass along the requested open
mode correctly.  This may end up reopening the file with
incorrect access mask, or duplicating the wrong pipe handle.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-05 15:20:13 +01:00
Corinna Vinschen 0fb497165f Cygwin: seteuid: use Kerberos/MsV1_0 S4U authentication by default
- This simple and official method replaces cyglsa and "create token"
  methods.  No network share access, same as before.

- lsaauth and create_token are disabled now.  If problems crop up,
  they can be easily reactivated.  If no problems crop up, they
  can be removed in a while, together with the lsaauth subdir.

- Bump Cygwin version to 3.0.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-26 19:41:03 +01:00
Corinna Vinschen 0e3fd33321 Cygwin: create_token: Return NULL, not INVALID_HANDLE_VALUE
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-26 12:42:38 +01:00
Corinna Vinschen 3a1ed0ef70 Cygwin: syscalls.cc: fix formatting
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-26 12:42:38 +01:00
Corinna Vinschen 5275b3e3f2 Cygwin: wincap: split has_posix_file_info
While FileRenameInformationEx is defined starting with Windows
10 1709 per MSDN, it only starts working in W10 1809, apparently.
Users of 1803 report "Function not implemented".

Introduce wincap_10_1809 and change the version check in
wincapc::init accordingly.  Split has_posix_file_info into
has_posix_unlink_semantics and has_posix_rename_semantics.
Enable the latter only starting with W10 1809.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-14 20:38:24 +01:00
Corinna Vinschen fbd3835384 Cygwin: try_to_bin: don't check recycler filename all the time
So far we check the recycler name all the time, and the last interation
also only managed to handle two ways to write the recycler.  However,
an adventurous user might change the case of the recycler arbitrarily.

Fix this problem by keeping track of the name in a somewhat relaxed
fashion.  Use camel back on drive C by default, all upper case elsewhere.
Only if the rename op fails do we fix the recycler name on the fly
when trying to create it, and it turns out it already existed.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-09 21:48:43 +01:00
Corinna Vinschen b7a6d357ee Cygwin: try_to_bin: fix rootdir handle after reopening
If the first rename fails, we reopen the rootdir for creating a subdir.
The rootdir handle can change its value at this point, but the code
doesn't take this into account.  The subsequent rename then fails with
STATUS_INVALID_HANDLE.  Fix this by copying the new rootdir value to
pfri->RootDirectory.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-09 21:48:43 +01:00
Corinna Vinschen ec457e0351 Cygwin: rename: use FILE_RENAME_POSIX_SEMANTICS if available
starting with W10 1709 on local NTFS drives

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-09 15:47:43 +01:00
Corinna Vinschen 15094d5d01 Cygwin: rename: rename incoming flags argument to at2flags
Avoid name confusion with later used flags variable

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-09 14:45:37 +01:00
Corinna Vinschen dee6cb133a Cygwin: try_to_bin: don't reopen the file
So far we reopened the file if it was opened case sensitive to
workaround the problem that the recycler could be named in
camel back or all upper case, depending on who created it.
That's a problem for O_TMPFILE on pre-W10.  As soon as the
original HANDLE gets closed, delete-on-close is converted to full
delete disposition and all useful operations on the file cease to
work (STATUS_ACCESS_DENIED or STATUS_FILE_DELETED).

To avoid that problem drop the reopen code and check for the exact
recycler filename, either $Recycle.Bin or $RECYCLE.BIN, if the file
has been opened case sensitive.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-08 21:47:28 +01:00
Corinna Vinschen 9443efe099 Cygwin: linkat: support Linux-specific AT_EMPTY_PATH flag
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-07 19:36:37 +01:00
Corinna Vinschen b93022a82d Cygwin: open: support Linux-specific O_PATH flag
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-07 19:35:00 +01:00
Corinna Vinschen 91ca95ae4a Cygwin: rename pipe.cc to fhandler_pipe.cc
move pipe syscalls to syscalls.cc

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-07 12:31:28 +01:00
Corinna Vinschen 7aca27b4fe Cygwin: introduce fhandler_process_fd and add stat(2) handling
move special fd symlink code into own fhandler_process_fd class
to simplify further additions to /proc/PID/fd/DESCRIPTOR symlink
handling.

Add a method to handle stat(2) on such a proc fd symlink by handle.
This allows correct reply from stat(2) if the target file has been
deleted.  This eventually fixes `awk -f /dev/fd/3 3<<eof'.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-06 20:30:14 +01:00
Corinna Vinschen ba12614f79 Cygwin: path_conv: add PATH_RESOLVE_PROCFD path_types flag
path_conv now sets the PATH_RESOLVE_PROCFD flag in path_flags if
the PC_SYM_NOFOLLOW_PROCFD pathconv_arg flag has been set on input
*and* the file is actually a proc fd symlink.

Add matching path_conv::follow_fd_symlink method for checking and
use it in open(2).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-06 20:30:14 +01:00
Corinna Vinschen 7dbe307e38 Cygwin: Move O_TMPFILE to bin and allow linkat by handle
Along the same lines as the previous patch: By reopening an
O_TMPFILE by handle, we can now move the file to the bin at
open time and thus free'ing up the parent dir and *still*
open the file as /proc/PID/fd/DESCRIPTOR by linkat(2).
2019-01-06 20:30:14 +01:00
Corinna Vinschen a1a750325e Cygwin: try_to_bin: allow to move O_TMPFILE files into bin
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-06 20:30:14 +01:00
Corinna Vinschen 732613f30a Cygwin: implement /proc/PID/fd/DESCRIPTOR reopening by handle
Allows expressions along the lines of `cat /proc/self/fd/0 <<EOF'.
The problem here is that the temporary file used for the here script
has already been deleted by the shell.  Opening by filename, as
implemented so far, doesn't work because the file has been moved
to the bin.

Allow reopening files by handle the same way from another process
as long as we have sufficient permissions on the foreign process.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-06 20:30:14 +01:00
Corinna Vinschen 36ff506ddc Cygwin: try_to_bin: fix typos in comments
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-05 11:32:23 +01:00
Corinna Vinschen 34d9bb7093 Cygwin: drop disabled O_TMPFILE POSIX unlink code
The commit message of commit 07e0a9584f
and the expectation set therein, are wrong.

There's no POSIX semantics allowing to link a file with a link
count of 0 and making it available in the file system again.
In fact, the Linux linkat extension AT_EMPTY_PATH explicitely
disallows to link a file descriptor to a file with a link count
of 0, except for O_TMPFILE without O_EXCL.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-04 11:01:47 +01:00
Corinna Vinschen 07e0a9584f Cygwin: open(2): Change comment in disabled O_TMPFILE POSIX unlink code
- Turns out, the definition of POSIX unlink semantics is half-hearted
  so far: It's not possible to link an open file HANDLE if it has
  been deleted with POSIX semantics, nor is it possible to remove
  the delete disposition.  This breaks linkat on an O_TMPFILE.

  Tested with W10 1809.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-12-26 22:16:59 +01:00
Corinna Vinschen a7f392686b Cygwin: utilize FILE_DISPOSITION_POSIX_SEMANTICS
- short-circuit most code in unlink_nt since it's not necessary
  anymore if FILE_DISPOSITION_POSIX_SEMANTICS is supported.

- Immediately remove O_TMPFILE from filesystem after creation.
  Disable code for now because we have to implement /proc/self/fd
  opening by handle first, lest linkat fails.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-12-23 21:36:42 +01:00
Corinna Vinschen 65267a9a34 Cygwin: move transaction helpers into ntdll.h
We'll need them elsewhere in future.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de
2018-03-01 16:51:12 +01:00