Commit Graph

18877 Commits

Author SHA1 Message Date
Corinna Vinschen 4ce7e1bbaa Cygwin: proc: don't request PROCESS_VM_READ perms for stat
The OpenProcess call to generate /proc/<PID>/stat info requests
PROCESS_VM_READ, but that's not required.  Drop it.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-12 11:20:42 +01:00
Corinna Vinschen 048f28bfe4 Cygwin: proc: return more useful cmdline
Creating /proc/<PID>/cmdline requires permissions to communicate
with the target process via its signal pipe.  If that fails, the
output is "<defunct>" which doesn't make sense most of the time.
Rather, call format_process_exename in this case to get more useful
process name info, albeit not the full cmdline.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-12 11:17:11 +01:00
Corinna Vinschen d9f934c9e9 Cygwin: fix permissions of winpid symlinks
The winpid symlinks got created with no query permissions, so
only admins could see all Cygwin processes.  Create symlinks
so everyone has query permissions instead.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-11 21:40:04 +01:00
Corinna Vinschen 7cbe4b59d6 Cygwin: bump version to 3.0.4
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-09 20:13:50 +01:00
Corinna Vinschen 4ec5ffc198 Cygwin: posix timers: fix a deadlock
Canceling the timer thread runs under lock.  The thread uses the same
lock to guard its timer_tracker struct access.  If the timing is bad,
timer_settime or timer_delete grab the lock at the same time, the timer
expires.  In the end, cancel waits for the thread sync while the thread
waits for ther lock to be released.

Fix this by not waiting for the thread sync under lock.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-08 12:57:42 +01:00
Corinna Vinschen 094a2a17ad Cygwin: posix timers: fix resource leak
On setting the timer, the thread is accidentally only canceled when
disarming the timer.  This leaks one thread per timer_settimer call.
Move the thread cancellation where it belongs.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-06 22:19:16 +01:00
Corinna Vinschen 633278b877 Cygwin: bump version to 3.0.3
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-05 20:00:30 +01:00
Corinna Vinschen 8551226961 Cygwin: seteuid: do not verify lsaprivkeyauth token
We don't support setting groups via /etc/groups anymore.  Also, the
initgroups group list is created via S4U, so we have "Interactive" vs.
"Network" token, an artificial and entirely irrelevant difference.

So,  "verifying" the lsaprivkeyauth token may lead to rejecting a prefectly
valid token.  Just remove the verify_token call.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 20:36:26 +01:00
Corinna Vinschen ad49232083 Revert "Cygwin: load_user_profile: temporarily extend debug output"
This reverts commit 6aef5a46d7.
2019-03-04 17:31:34 +01:00
Corinna Vinschen 5c4ce731ac Cygwin: Revert attempting to unload user profile after use
Revert "Cywin: user profile: unload impersonation user profile on exit"
Revert "Cygwin: seteuid: allow inheriting impersonation user profile handle"
Revert "Cygwin: user profile: add debug output to unload_user_profile"
Revert "Cygwin: user profile: Make an effort to unload unused user profiles"

This reverts commit bcb33dc4f0.
This reverts commit dd3730ed9c.
This reverts commit 8eee25241e.
This reverts commit 71b8777a71.

This patchset actually results in the following problem:

- After a couple of ssh logon/logoff attempts, an interactive session
  of the same user loging in, is broken.

Apparently UnloadUserProfile manages to unload the user's profile
even while a parallel interactive session still uses the user's
profile.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 17:31:27 +01:00
Corinna Vinschen fc5b248784 Cygwin: update 3.0.2 release file
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 14:14:15 +01:00
Corinna Vinschen c18f7d72dc Cygwin: doc: update case-sensitive dirs description
Since we have to disable automatic case-sensitive mkdir again,
change documentation accordingly.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 14:03:32 +01:00
Corinna Vinschen 38dde5f4c4 Cygwin: fork: fix child process permissions, take 3
Per MSDN VirtualQueryEx requires PROCESS_QUERY_INFORMATION.
Testing showed that PROCESS_QUERY_LIMITED_INFORMATION is sufficient
since Windows 8.1.  The assumption that Windows 8 is the same as
Windows 8 was not correct, it requires PROCESS_QUERY_INFORMATION
as well.

Fix that by splitting the Windows 8 wincaps into one for Windows 8
and one for Windows 8.1.  Set needs_query_information for Windows 8.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-03 10:59:13 +01:00
Corinna Vinschen 4abac62193 Cygwin: load_user_profile: Don't give primary domain to ldap
If the user domain is the primary domain, LDAP is supposed to
use the default naming context.  This is accomplished by setting
domain name to NULL in the call to cyg_ldap::fetch_ad_account.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-02 12:47:54 +01:00
Corinna Vinschen 6c86b85f4e Cygwin: ldap: Fix overwriting domain when creating naming context
cyg_ldap::fetch_ad_account creates a naming context from the
incoming domain, if it's not NULL.  The algorithm overwrites
dots with \0 in domain while creating the naming context, but
neglects to restore the dots.

Fix that by never overwriting the incoming domain name.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-02 12:43:34 +01:00
Corinna Vinschen 40958b0d86 Cygwin: fenv.h: Add feature test macros, fix values
- feenableexcept,fedisableexcept, fegetexcept are GNU-only
- fegetprec, fesetprec are Solaris, use __MISC_VISIBLE
- _feinitialise is Cygwin-internal only
- Replace self-named FP precision values to values from
  http://www.open-std.org/jtc1/sc22//WG14/www/docs/n752.htm
  as used by Solaris.
- Change return value of fesetprec to adhere to the above document
  and Solaris.
- Document fegetprec, fesetprec as Solaris functions, not as GNU
  functions

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen 166913fb23 Cygwin: authentication: Always initialize domain info
...before calling any of its method.  It's no safe bet that
it's already initialized when calling s4uauth and adding it
to load_user_profile certainly doesn't hurt.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen bffd21ad80 Cygwin: load_user_profile: use local pointer when appropriate
dnsdomain does not have to be a copy of the domain, a pointer into
cygheap is sufficient.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen 7ba9d12a72 Cygwin: load_user_profile: fix use-after-free issue
In case of a local machine account login, pi.lpProfilePath points
to the buffer returned by NetUserGetInfo, but NetApiBufferFree
is called prior to calling LoadUserProfileW.  Fix by copying over
usri3_profile to the local userpath buffer, just as in the AD case.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen 6aef5a46d7 Cygwin: load_user_profile: temporarily extend debug output
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 16:05:33 +01:00
Corinna Vinschen f18a161cff Cygwin: s4uauth: drop fallback to MsV1_0 if Kerberos fails
This never really worked.  While at it, restructure code to
do common stuff only in one spot.  Improve debug output.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 16:04:51 +01:00
Corinna Vinschen 379598dd67 Cygwin: Disable creating case-sensitive folders by default
Inspecting the content of case-sensitive directories
on remote machines results in lots of errors like
disappearing diretories and files, file not found, etc.

This is not feasible as default behaviour

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 14:38:36 +01:00
Corinna Vinschen 5d9ac1291d Cygwin: load_user_profile: chack if we got a valid, known domainname
...otherwise we may suffer a SEGV because dnsdomain is NULL.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-28 23:17:55 +01:00
Corinna Vinschen 495ae41891 Cygwin: wincap: fix copy/paste bug
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-28 16:55:39 +01:00
Corinna Vinschen 639645a2fd Cygwin: timerfd: add a sleep when being debugged
A sleep is required on Windows 10 64 bit only before calling
RegisterClassW in the timerfd thread, and only when running
under strace.  One of the child processes inheriting the timerfd
descriptor will get a STATUS_FLOAT_INEXACT_RESULT exception inside
of msvcrt.dll.  It's apparently some timing problem.  It occurs
in 4 out of 5 runs under strace only.  WOW64 and Windows 7 64 bit
don't have this problem.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-26 10:46:05 +01:00
Corinna Vinschen 5a483b6bca Cygwin: timerfd: reduce size of shared mem region to a single page
The share section was created using the PAGE_SIZE constant,
but PAGE_SIZE is 64K.  Fix that by using wincap.page_size()
instead, which returns the desired actual page size of 4K.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-26 10:19:08 +01:00
Corinna Vinschen 3b3ba558e9 Cygwin: use NULL security descriptor in InitializeObjectAttributes
Using sec_none{_nih} is just a roundabout way to specify a
NULL SD.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-25 21:06:15 +01:00
Corinna Vinschen 98afd02be3 Cygwin: timerfd: rework implementation
timerfd_tracker and timerfd_shared classes:

- Just because handles are shared, we don't have to store them in
  shared memory.  Move share handles into timerfd_tracker class.

- Drop shared instance counter since it's not required anymore.
  timerfd_shared only stores the actual timer data.

- Drop timerfd_shared::create, just set clock id.

- Drop timerfd_shared::dtor, it's not required anymore.

- Drop timerfd_tracker::close, just call dtor where required.

- Rename timerfd_tracker::increment_instances to timerfd_tracker::dup.
  It's the only reason it exists...

- timerfd_tracker::dtor now checks the non-shared pointers for NULL
  before attempting to close them.

- timerfd_tracker::dtor handles decrementing the local instance count
  by itself.

- Add a method timerfd_tracker::init_fixup_after_fork_exec to set
  non-shared pointers to NULL.  Together with the dtor patches it
  fixes a problem with close_on_exec timerfd descriptors.

- Fix a bug in handling the thread synchronization event.  It's
  actually nice to create it before using it...

- Drop using sec_none{_nih} in InitializeObjectAttributes.  It's
  an unnecessary roundabout route just to get a NULL pointer.

- Slightly rework timechange window handling.

- Add more comments to explain what happens.

fhandler_timerfd:

- Drop cnew macro, it just hides what happens.

- fhandler_timerfd::fixup_after_exec now calls
  timerfd_tracker::init_fixup_after_fork_exec first, so a subsequent
  call to timerfd_tracker::dtor only works on valid handles.

- fhandler_timerfd::close directly calls timerfd_tracker::dtor now.

- Drop dtor call in fhandler_timerfd destructor.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-25 21:01:32 +01:00
Corinna Vinschen a4e2eb6ba3 Cygwin: timerfd: fix shared memory allocation in fork/exec
timerfd_tracker::fixup_after_fork_exec always tries to restore
the shared timer region at the same address as in the parent.
This is entirely unnecessary and wasn't intended, rather some
kind of copy/paste thinko.  Fix that.  Print NtMapViewOfSection
status code in api_fatal on failure for debugging.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-24 20:23:34 +01:00
Corinna Vinschen aeaa051f3b Cygwin: POSIX timers: Fix timer values returned for unarmed timer
The "optimized" condition to recognize an unarmed timer was plain
wrong.  Replace it by checking the stored it_value against 0.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-24 10:12:03 +01:00
Corinna Vinschen f3be186911 Cygwin: Add 3.0.2 release file
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 23:07:42 +01:00
Corinna Vinschen 0fb41d48aa Cygwin: timerfd: fix select always returning immediately
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 23:02:44 +01:00
Corinna Vinschen bcb33dc4f0 Cywin: user profile: unload impersonation user profile on exit
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 21:06:12 +01:00
Corinna Vinschen dd3730ed9c Cygwin: seteuid: allow inheriting impersonation user profile handle
The child process needs access to the handle to be able to
unload it when switching user context.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 20:48:59 +01:00
Corinna Vinschen 8eee25241e Cygwin: user profile: add debug output to unload_user_profile
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 20:46:48 +01:00
Corinna Vinschen 71b8777a71 Cygwin: user profile: Make an effort to unload unused user profiles
Does this work?  There's not much feedback given.

TODO: We might want to try unloading the user profile at process
exit as well, FWIW.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:30:44 +01:00
Corinna Vinschen 331653a215 Cygwin: cygheap: drop unnecessary code closing curr_primary_token
curr_primary_token is either NO_IMPERSONATION or the external_token
or the internal_token, so it's never required to be closed by itself.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:29:42 +01:00
Corinna Vinschen 9db6048c0f Cygwin: cygheap: better comment impersonation tokens
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:28:12 +01:00
Corinna Vinschen 13b1f9c0d1 Cygwin: seteuid32: don't use INVALID_HANDLE_VALUE
NULL is the natural state of an unused handle

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:24:05 +01:00
Corinna Vinschen 322ab51659 Cygwin: user profile: fetch roaming profile path via LDAP
Commit 649911fb40 avoids the
calls to NetUserGetGroups and NetUserGetLocalGroups since
these can take a lot of time.  The same problem potentially
occurs when loading the user profile.  The code fetches
the roaming profile path calling NetUserGetInfo, which also
can be rather slow.

To avoid this problem, fetch the profile patch using LDAP.
Also, don't bail out early if the user's registry hive already
exists.  This may result in outdated information.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:22:44 +01:00
Corinna Vinschen 649911fb40 Cygwin: get_user_groups: fetch a user's group list from identification token
NetUserGetGroups and NetUserGetLocalGroups sometimes take a lot of time
(up to more than 2 mins) for no apparent reason.

Call s4uauth to generate an identification token for the user and fetch
the group list from there.  This is *much* faster.

Keep the old code only for the sake of WOW64 on Vista and Windows 7,
which don't implement MsV1_0S4ULogon.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 105fbdebdd Cygwin: s4uauth: allow to be called for identification only
s4uath was only callable to create an impersonation token so
far.  Rework the function to allow creating an identification
token for informational purposes even from untrusted processes.

Take domainname and username instead of a passwd pointer to be
more multi-purpose.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 82c2cf6abc Cygwin: drop unused parameter from get_user_local_groups
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 18c203fb6e Cygwin: passwd/group: drop fetching case-correct group names from LDAP
Commit 4e34a39b5c made sure all user and
group names are case-correct, but it introduced a hefty performance hit
on starting the first Cygwin process.

Adding an ldap call for each AD group in a user token takes its toll in
bigger AD environments with lots of groups in a user token.  Real-life
example: 300 groups w/ roundtrip time to the LDAP server of 0.25 secs
per call...

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 5fcbbf7ead stdio: drop unused O_TEXT handling on non-Cygwin
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 14e2268853 Cygwin: fetch local groups from local machine
...even for domain accounts, otherwise local group membership is ignored.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 00:13:57 +01:00
Corinna Vinschen 65c569f9fd Cygwin: bump version to 3.0.2
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 00:13:06 +01:00
Yaakov Selkowitz a62b29bfec Cygwin: document secure_getenv
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2019-02-19 14:34:18 -06:00
Yaakov Selkowitz 850705f92e Cygwin: add secure_getenv
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2019-02-19 13:01:50 -06:00
Corinna Vinschen dd415f1a8c Cygwin: sys/mount.h: fix comment
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-19 19:34:40 +01:00