* security.cc (create_token): Drop grps_buf. Use alloca instead.
Only add the MIC SID to the TOKEN_GROUPS list for the NtCreateToken
call. If the subauthentication token exists, use its MIC SID.
Set SID Attributes for the MIC SID to 0.
(well_known_this_org_sid): New well known sid.
(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
(mandatory_medium_integrity_sid): New well known sid.
(mandatory_high_integrity_sid): Ditto.
(mandatory_system_integrity_sid): Ditto.
(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY. Allow all
authorities fitting in a UCHAR.
* security.cc (get_token_group_sidlist): Always add the local
group to the token. Add comment. Add "This Organization" group
if available in incoming group list.
(get_server_groups): Only add world and authenticated users groups
if not already in list.
(create_token): Add matching mandatory integrity SID to group list
on systems supporting Mandatory Integrity Control.
* security.h (well_known_this_org_sid): Define.
(mandatory_medium_integrity_sid): Define.
(mandatory_high_integrity_sid): Define.
(mandatory_system_integrity_sid): Define.
* wincap.h: Define has_mandatory_integrity_control throughout.
* wincap.cc: Ditto.
paths in symlinks to POSIX.
(symlink_info::check_shortcut): Allocate buf allowing for a trailing 0.
Call posixify on the result.
(symlink_info::check_sysfile): Read from file into local buffer.
Eliminate old b16 considerations. Call posixify on the result.
(symlink_info::check_reparse_point): Don't use PrintName but
SubstituteName which is relevant for Windows' path handling.
Call posixify on the result.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
Set type.
(security_descriptor::realloc): Handle the case that psd has been
allocated using LocalAlloc. Set type.
(security_descriptor::free): Ditto.
* security.cc (get_nt_attribute): Remove.
(get_reg_security): Remove.
(get_nt_object_security): Use GetSecurityInfo which handles all
securable objects.
(get_nt_object_attribute): Remove.
(get_object_attribute): Call get_nt_object_security instead of
get_nt_object_attribute.
(get_file_attribute): Ditto.
(check_registry_access): Call get_nt_object_security instead of
get_reg_security.
* security.h (cygpsid::operator PSID): Make method const, not the
result.
(class security_descriptor): Add type member. Accomodate throughout.
(security_descriptor::copy): New method.
(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
actually created a handle. This handles the registry root dir.
* fhandler_registry.cc (fhandler_registry::open): Set io_handle in
case of opening one of the predefined registry keys.
for registry keys/values if ntsec is on.
* security.cc (check_access): New static function derived from
check_file_access, but object type agnostic.
(check_file_access): Only do file specific stuff. Call check_access.
(check_registry_access): New access check function for registry keys/
values.
* security.h (check_registry_access): Declare.
(class fhandler_registry): Add wow64 and prefix_len members.
Declare set_name method.
* fhandler_proc.cc (PROC_REGISTRY32): Define.
(PROC_REGISTRY64): Define.
(proc_listing): Add "registry32" and "registry64" elements.
(proc_fhandlers): Add corresponding FH_REGISTRY values.
* fhandler_registry.cc (registry_len): Drop static value in favor of
class member prefix_len. Use preifx_len instead of registry_len
throughout.
(fhandler_registry::set_name): Define. Set wow64 and prefix_len
according to directory prefix.
(fhandler_registry::fhandler_registry): Set wow64 and prefix_len to
default values.
(open_key): Add wow64 argument. Handle wow64 in call to RegOpenKeyEx.
Use fhandler_registry member wow64 in this place throughout.
* glob.cc: New file. Latest glob version from FreeBSD plus Cygwin
specific changes (__stat64/__stat32, ignore_case_with_glob,
drop collate functions).
(glob3): Return GLOB_ABORTED in case directory is unreadable and
GLOB_ERR is set, as demanded by SUSv3.
* glob.h: Import latest version from FreeBSD.
(Wow64RevertWow64FsRedirection): Define.
* security.cc (cygsuba_installed): New shared variable to store result
of cygsuba.dll installation test.
(subauth): Check if cygsuba.dll has been installed and registered
before issuing the (sub)authentication.
allocated arrays. Add max_w4 member to keep track.
(thread_socket): Make timeout depending on number of sockets to wait
for. Loop WFMO over all sockets.
(start_thread_socket): Handle any number of sockets. Fix typo. Don't
close socket event in out of memory condition.
(socket_cleanup): Free ser_num and w4.
(mount_info::conv_to_win32_path): Update comment.
* fhandler_disk_file.cc (path_conv::ndisk_links): Use backslashes
to make NT kernel functions work for \\?\GLOBALROOT paths.
performance on remote shares.
(fhandler_disk_file::opendir): Move comment about Samba weirdness into
fhandler_disk_file::readdir. Don't disallow
FileIdBothDirectoryInformation on Samba.
(fhandler_disk_file::readdir): Workaround Samba problem with
FileIdBothDirectoryInformation by rereading already read entries
using FileBothDirectoryInformation. Change comment about Samba
weirdness explaining this change.
vmin_ > ulen case into account. Simplify evaluating the bytes to read.
Don't use bytes in Queue value from ClearCommError call in case vtime_
is > 0. Reformat GetOverlappedResult call. Simplify call to ReadFile.
Corinna Vinschen
Christopher Faylor