Commit Graph

94 Commits

Author SHA1 Message Date
Christopher Faylor b9aa81491f Throughout, remove extra space after function name from debugging output.
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
2011-12-03 21:43:27 +00:00
Corinna Vinschen c52fd6cd47 * sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on
systems supporting it.  Never add SERVICE SID but keep code in for
	future reference.  Explain why.
	(get_priv_list): Add cygpsid pointer parameter.  Point it to the
	mandatory integrity SID which matches account and privileges.
	(create_token): Fetch mandatory integrity SID from call to
	get_priv_list.
	(lsaauth): Call get_priv_list with additional NULL pointer.  Change
	comment accordingly.
	* sec_helper.cc (well_known_console_logon_sid): New static SID.
	(cygpriv): Change to structure containing extra flag to store info
	about required integrity level.
	(privilege_luid): Accommodate changes to cygpriv.  Return integrity
	level in new high_integrity parameter.
	(privilege_name): Accommodate changes to cygpriv.
	(set_privilege): Drop trailing \n from debug output.
	(set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore
	since it's just not needed, but keep code in for future reference.
	Change comment accordingly.
	* security.h (well_known_console_logon_sid): Declare.
	(privilege_luid): Align declaration to above change.
	* wincap.h (wincaps::has_console_logon_sid): New element.
	* wincap.cc: Implement above element throughout.
2011-10-15 16:31:57 +00:00
Corinna Vinschen 5735d5f6f4 * advapi32.cc: Add comment.
(EqualSid): Remove.
	(CopySid): Remove.
	(AddAccessAllowedAce): Remove.
	(AddAccessDeniedAce): Remove.
	(MakeSelfRelativeSD): Remove.
	* flock.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
	* security.h: Ditto.
	(RtlEqualSid): Declare.  Explain why.
	(RtlCopySid): Ditto.
2011-04-29 10:38:12 +00:00
Corinna Vinschen fd04c2f004 * advapi32.cc (SetSecurityDescriptorDacl): Remove.
(SetSecurityDescriptorGroup): Remove.
	(SetSecurityDescriptorOwner): Remove.
	* pinfo.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.

	* sec_helper.cc (__sec_user): Remove old comment.
2011-04-28 15:54:47 +00:00
Corinna Vinschen 1754539e56 * advapi32.cc (InitializeAcl): Remove.
(AddAce): Remove.
	(FindFirstFreeAce): Remove.
	(GetAce): Remove.
	(InitializeSecurityDescriptor): Remove.
	(OpenProcessToken): Remove.
	* dcrt0.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* fhandler_tty.cc: Ditto.
	* flock.cc: Ditto.
	* pinfo.cc: Ditto.  Drop unnecessary error handling.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
2011-04-28 09:30:36 +00:00
Corinna Vinschen 158e516b9d * advapi32.cc (InitializeSid): Remove.
(EqualPrefixSid): Remove.
	(GetLengthSid): Remove.
	(GetSidSubAuthority): Remove.
	(GetSidSubAuthorityCount): Remove.
	(GetSidIdentifierAuthority): Remove.
	* fhandler_disk_file.cc: Remove above functions throughout with their
	ntdll.dll equivalent.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
2011-04-28 08:34:49 +00:00
Corinna Vinschen 99edadedc9 * sec_auth.cc (get_user_groups): Mark well-known groups as well-known.
(get_user_local_groups): Ditto.
	(verify_token): Drop useless label.
	* sec_helper.cc (cygsid::get_sid): Check for well-known SID if
	well_known isn't set.
	* security.h (well_known_sid_type): New inline function.
2011-04-04 09:00:02 +00:00
Corinna Vinschen b5efa8990f * sec_helper.cc (get_null_sd): Make static. Use PSECURITY_DESCRIPTOR
instead of SECURITY_DESCRIPTOR *.
	(sec_acl): Fix fomratting.
	* security.h (get_null_sd): Drop declaration.
2010-04-17 15:51:09 +00:00
Corinna Vinschen b873ce0686 * sec_helper.cc (set_cygwin_privileges): Enable SE_DEBUG_PRIVILEGE, if
available.  Add comments.
2010-04-15 17:17:59 +00:00
Corinna Vinschen e122c47112 * sec_auth.cc (get_user_local_groups): Retrieve name of well known
builtin group from system.  Explain why.
	* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
	* security.h (well_known_builtin_sid): Declare.
2010-02-12 17:40:42 +00:00
Corinna Vinschen 9f00d74664 * sec_auth.cc (get_token_group_sidlist): Add BUILTIN\Users account
to all created tokens.
	* sec_helper.cc (well_known_users_sid): Define as BUILTIN\Users.
	* security.h (well_known_users_sid): Declare.
2010-01-08 15:55:27 +00:00
Corinna Vinschen 7c16c02dbb * sec_helper.cc (security_descriptor::realloc): Call free first if
current security desriptor has been allocated by GetSecurityInfo.
2009-10-31 09:31:47 +00:00
Corinna Vinschen b42441d32b * sec_helper.cc (security_descriptor::free): If sd_size is 0, call
LocalFree instead of ::free.

	* sec_acl.cc: Throughout replace old ACE flag definitions with current
	definitions as used in MSDN man pages.
	* security.cc: Ditto.

	* fhandler.cc (fhandler_base::open): Make sure file has really been
	just created before fixing file permissions.  Add S_JUSTCREATED
	attribute to set_file_attribute call.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
	with default security descriptor and fix descriptor afterwards.
	Add S_JUSTCREATED flag to set_file_attribute call.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Call GetSecurityInfo rather than
	NtQuerySecurityObject.  Explain why.  Change error handling accordingly.
	(alloc_sd): Skip non-inherited, non-standard entries in ACL if
	S_JUSTCREATED attribute is set.  Explain why.  Minor format fixes.
	* security.h (S_JUSTCREATED): New define.
	(security_descriptor::operator=): New operator.
2009-10-30 19:58:53 +00:00
Corinna Vinschen 2d647173bb * fhandler_disk_file.cc (fhandler_disk_file::fchown): Catch an
error when changing the user account on a standalone Samba server.
	Explain why.
	* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
	* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
	(well_known_samba_unix_user_fake_sid): Define.
	* security.cc (set_file_sd): Take additional parameter if ownership
	should be changed.  Restrict requested permissions accordingly.
	(set_file_attribute): Accommodate additional parameter to set_file_sd.
	* security.h (well_known_samba_unix_user_fake_sid): Declare.
	(set_file_sd): Align declaration to above change.
2009-04-09 09:19:03 +00:00
Christopher Faylor 025c1fac6e Remove unneeded whitespace.
* fhandler_fifo.cc (fhandler_fifo::open): Rework to cause errno to be set to
ENXIO when opening a fifo write/nonblocking.
* environ.cc (ucreqenv): Rename to ucenv.  Move code from old ucenv here and
conditionalize it on create_upcaseenv.
(ucenv): Delete.
(environ_init): Fix compiler warning by moving create_upcaseenv test to ucenv.
Don't bother checking for child_proc_info when calling ucenv since it is
assumed to be NULL at the point where the function is called.
* path.cc (symlink_worker): Turn off MS-DOS path warnings when dealing with
devices since the device handler passes in a translated MS-DOS path.
* sec_auth.cc (lsaprivkeyauth): Avoid variable initialization which causes a
compiler error.
* fhandler_netdrive.cc: Update copyright.
2008-11-26 17:21:04 +00:00
Christopher Faylor cb7e1879ee * localtime.cc (increment_overflow): Mark as non-inline to prevent compiler
from complaining about the very thing we're trying to test.
* ntea.cc (read_ea): Reorganize to avoid a new compiler warning/error.
* sched.cc (sched_rr_get_interval): Ditto.
* select.cc (peek_serial): Ditto.
* libc/rexec.cc (ruserpass): Ditto.
* posix_ipc.cc (ipc_names): Make static to avoid a compiler warning
(and it's the right thing to do anyway).
2008-09-11 05:43:11 +00:00
Corinna Vinschen 9a51257715 Change length for domain buffers from INTERNET_MAX_HOST_NAME_LENGTH to
MAX_DOMAIN_NAME_LEN throughout.
	* cyglsa.h (CYG_LSA_MAGIC): New value.
	(cyglsa_t): Define username and domain as WCHAR arrays.
	* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
	* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
	appropriate.
	(extract_nt_dom_user): Prefer resolving by SID before resolving by
	domain\name pair.
	(cygwin_logon_user): Don't print cleartext password in debug output.
	Change comment.
	(get_user_groups): Revert calls to LookupAccountNameW to use NULL
	server instead of explicit server name, according to MSDN.
	(get_user_local_groups): Ditto.
	(get_server_groups): Fetch domain and user name from usersid per
	LookupAccountSidW instead of calling extract_nt_dom_user.
	(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
	instead of calling extract_nt_dom_user.
	* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
	(privilege_luid): Convert first parameter to  PWCHAR.
	(privilege_name): Return wchar_t pointer.
	(set_privileges): Accommodate debug output.
	* security.h (privilege_luid): Change prototype accordingly.
2008-07-11 10:00:36 +00:00
Corinna Vinschen b1138f3d4b * sec_auth.cc (create_token): Add integrity level SID to token on
systems supporting that.  Remove useless check for dynamically loading
	NtCreateToken function.
	* sec_helper.cc (mandatory_medium_integrity_sid): Define.
	(mandatory_high_integrity_sid): Define.
	(mandatory_system_integrity_sid): Define.
	* sec_helper.h (mandatory_medium_integrity_sid): Declare.
	(mandatory_high_integrity_sid): Declare.
	(mandatory_system_integrity_sid): Declare.
2008-04-22 10:45:34 +00:00
Corinna Vinschen db5ae61884 * fhandler.h (-struct wsa_event): Move to wsa_event.h. Include
wsa_event.h instead.
	* fhandler_socket.cc (NUM_SOCKS): Move to wsa_event.h.
	(wsa_events): Move from DLL shared area to cygwin_shared shared
	memory.  Accommodate throughout.
	(socket_serial_number): Ditto.
	* fhandler_tape.cc (mt): Ditto.
	(mtinfo_init): Remove.
	(mt): Define as cygwin_shared->mt.
	* flock.cc (FLOCK_PARENT_DIR_ACCESS): Remove.
	(FLOCK_INODE_DIR_ACCESS): Move up in file.
	(FLOCK_MUTANT_ACCESS): Ditto.
	(FLOCK_EVENT_ACCESS): Ditto.
	(get_lock_parent_dir): Remove.
	(inode_t::inode_t): Call get_shared_parent_dir to get parent dir handle.
	Add a "flock-" prefix to file's lock directory name for clarity.
	* mtinfo.h (mtinfo_init): Drop declaration.
	* net.cc (last_used_bindresvport): Move from DLL shared area to
	cygwin_shared shared memory.
	(cygwin_bindresvport_sa): Accommodate above change.
	* sec_helper.cc (_everyone_sd): Move here from flock.cc.
	* security.h (SD_MIN_SIZE): Ditto.
	(everyone_sd): Ditto.
	* shared.cc (cygwin_shared_area): Remove.
	(cygwin_shared_h): New handle.
	(get_shared_parent_dir): New static function.
	(shared_name): Drop session_local argument.  Call get_shared_parent_dir
	here.  Add cygwin-shared subdir to object name.
	(offsets): Reinstantiate SH_CYGWIN_SHARED member.
	(open_shared): Revert change from 2007-03-29 for systems supporting
	SeCreateGlobalPrivilege.
	(shared_info::initialize): Call mtinfo's initialize here.
	(memory_init): Drop call to mtinfo_init.
	* shared_info.h (SHARED_INFO_CB): Accommodate change to shared_info.
	(CURR_SHARED_MAGIC): Ditto.
	(class shared_info): Add members for global socket and tape info
	sharing.
	(enum shared_locations): Reinstantiate SH_CYGWIN_SHARED.
	(get_shared_parent_dir): Declare.
	(shared_name): Drop session_local argument from declaration.
	* wsa_event.h: New file.  Move definitions of NUM_SOCKS and
	struct wsa_event here.
2008-04-18 20:13:37 +00:00
Corinna Vinschen a7d2cc16e2 * Fix copyright dates. 2008-04-01 13:22:47 +00:00
Christopher Faylor 70300fdb1c Perform whitespace cleanup throughout.
* dcrt0.cc (signal_shift_subtract): Eliminate ancient backwards compatibility.
(check_sanity_and_sync): Ditto.
* winsup.h (SIGTOMASK): Ditto.  Just use constant in signal calculation.
* include/cygwin/version: Remove backwards signal mask compatibility define.
* path.cc (symlink_info::check_sysfile): Cosmetic change.
* registry.cc (get_registry_hive_path): Remove unneeded variable.
* exceptions.cc (handle_sigsuspend): Eliminate thread signal mask and use
either main sigmask or current thread sigmask.
(set_process_mask): Ditto.
(sighold): Ditto.
(sigrelse): Ditto.
(sigset): Ditto.
(set_process_mask_delta): Ditto.
(_cygtls::call_signal_handler): Ditto.
* fhandler_process.cc (format_process_status): Ditto.
* fhandler_termios.cc (fhandler_termios::bg_check): Ditto.
* pinfo.h (class pinfo): Ditto.
* select.cc (pselect): Ditto.
* signal.cc (sigprocmask): Ditto.
(abort): Ditto.
(sigpause): Ditto.
(sigsend): Ditto.
(wait_sig): Ditto.
* thread.h (pthread::parent_tls): New member.
* thread.cc (pthread::pthread): Record parent_tls here.
(pthread::thread_init_wrapper): Initialize sigmask from parent thread.
2008-02-15 17:53:11 +00:00
Corinna Vinschen 7b4b41ab3e * cygheap.cc (cwcsdup): New function.
(cwcsdup1): New function.
	* cygheap.h (cygheap_user::get_windows_id): New method returning PWCHAR.
	(cwcsdup): Declare.
	(cwcsdup1): Declare.
	* registry.cc (get_registry_hive_path): Use WCHAR instead of char
	throughout.
	(load_registry_hive): Ditto.
	* registry.h (get_registry_hive_path): Change declaration accordingly.
	(load_registry_hive): Ditto.
	* sec_helper.cc (cygpsid::string): New method returning PWCHAR.
	* security.h (cygpsid::string): Declare.
	* syscalls.cc (seteuid32): Convert local name var to WCHAR.
	* uinfo.cc (cygheap_user::env_userprofile): Convert local name buffers
	to WCHAR.  Call sys_wcstombs_alloc to generate puserprof buffer.

	* winsup.h: Fix comment.
	(NT_MAX_PATH): New definition for maximum internal path length.
	Use throughout where appropriate.
	* include/limits.h (PATH_MAX): Set to 4096 as on Linux.
2008-02-14 16:47:11 +00:00
Corinna Vinschen eea4e48208 * fhandler.cc (fhandler_base::fhaccess): Accommodate interface changes
of access control functions throughout.
	* fhandler_disk_file.cc: Ditto.
	* fhandler_registry.cc: Ditto.
	* sec_acl.cc: Drop unnecessary includes.
	(setacl): Take path_conv instead of file name as parameter.
	Accommodate interface changes of access control functions.
	(getacl): Ditto.
	* sec_auth.cc: New file, taking over all authentication related
	functions from security.cc.
	* sec_helper.cc: Drop unnecessary includes.
	* security.cc: Ditto.  Move all authentication related functions to
	sec_auth.cc.
	(ALL_SECURITY_INFORMATION): New define.  Use throughout.
	(set_file_sd): New function, replacing read_sd and the file related
	part of get_nt_object_security.
	(get_reg_sd): Rename from get_reg_security.  Drop type parameter.
	(get_reg_attribute): New function, replacing the registry related part
	of get_nt_object_security.
	(get_file_attribute): Take path_conv instead of file name as parameter.
	Use new get_file_sd call.
	(set_file_attribute): Ditto plus new set_file_sd.  Drop unnecessary
	implementation without uid/gid parameters.
	(check_file_access): Take path_conv instead of file name as parameter.
	Use new get_file_sd call.
	(check_registry_access): Use new get_reg_sd call.
	* security.h: Accommodate above interface changes.
2007-07-20 14:29:43 +00:00
Corinna Vinschen 892635fd9f * sec_helper.cc: Remove unused code. 2007-07-19 09:12:09 +00:00
Corinna Vinschen cce28460fe * cygheap.h (init_cygheap::luid): Remove.
* mmap.cc (mlock): Accommodate parameter change in call to
	push_thread_privilege.
	(munlock): Ditto.
	* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
	(NtAdjustPrivilegesToken): Declare.
	* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
	(privilege_luid): Take job of privilege_luid_by_name, using new
	cygpriv.
	(privilege_luid_by_name): Remove.
	(privilege_name): Accommodate new cygpriv array.
	(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
	Accommodate changes to privilege_name.
	(set_cygwin_privileges): Simplify.  Don't try to set
	SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
	* security.cc (sys_privs): Reorder to match numerical privilege order.
	Use real privilege values as defined in security.h.
	(get_system_priv_list): Drop unused grp_list argument.  Create
	list of privileges according to new wincapc::max_sys_priv value.
	(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
	Make priv a local value instead of a pointer.
	(create_token): Accommodate parameter change in call to
	push_self_privilege.
	(lsaauth): Ditto.
	(check_access): Use privilege values directly instead of calling
	privilege_luid.
	* security.h: Define real privilege values.
	(cygpriv_idx): Remove.
	(privilege_luid): Change declaration.
	(privilege_luid_by_name): Drop declaration.
	(set_privilege): Change declaration.
	(set_process_privilege): Drop definition.
	(_push_thread_privilege): Accomodate new set_privilege parameters.
	* wincap.h (wincapc::max_sys_priv): New element.
	* wincap.cc: Implement above element throughout.
	(wincap_2000sp4): New wincaps structure.
	(wincap_xpsp1): Ditto.
	(wincap_xpsp2): Ditto.
	(wincapc::init): Use new wincaps.
	(wincapc::max_sys_priv): New element.
2007-07-19 08:33:22 +00:00
Corinna Vinschen 5fbf573cd3 * dcrt0.cc (dll_crt0_0): Call set_cygwin_privileges here, after
initializing hProcToken.
	* sec_helper.cc (init_global_security): Don't call set_cygwin_privileges        here.
2007-07-19 07:24:17 +00:00
Corinna Vinschen e6fbf13e48 * cygheap.cc (cygheap_init): Fix formatting. Remove comment. Set
shared_prefix depending only on terminal service capability.
	* dcrt0.cc (dll_crt0_1): Don't call set_cygwin_privileges here.
	* fhandler_fifo.cc (fhandler_fifo::open): Create the mutex as global
	object.
	* posix_ipc.cc (ipc_mutex_init): Use cygheap->shared_prefix.
	(ipc_cond_init): Ditto.
	* sec_helper.cc (privilege_name): Make static.  Use LookupPrivilegeName
	directly to be independent of the state of cygheap.
	(set_privilege): Take a LUID as parameter instead of an index value.
	Only print debug output in case of failure.
	(set_cygwin_privileges): Add comment.  Use LookupPrivilegeValue to
	get privilege LUIDs.
	(init_global_security): Call set_cygwin_privileges here.
	* security.h (privilege_name): Drop declaration.
	(set_privilege): Declare according to above change.
	(set_process_privilege): Call privilege_luid to get LUID.
	(_push_thread_privilege): Ditto.
	* shared.cc (open_shared): Add comment.  On systems supporting the
	SeCreateGlobalPrivilege, try to create/open global shared memory first.
	Fall back to local shared memory if that fails.
	* thread.cc (semaphore::semaphore): Use cygheap->shared_prefix.
	* wincap.h (wincapc::has_create_global_privilege): New element.
	* wincap.cc: Implement above element throughout.
2007-03-29 16:37:36 +00:00
Corinna Vinschen a76877e977 Throughout remove all usage of wincap.has_security.
* environ.cc (environ_init): Drop setting allow_ntsec here.
	* grp.cc (initgroups32): Drop usage of label "out".
	* security.cc (allow_ntsec): Set to true by default.
	* syscalls.cc (seteuid32): Remove label success_9x.
	* wincap.cc: Remove has_security throughout.
	* wincap.h: Ditto.
2007-02-23 15:15:50 +00:00
Christopher Faylor 510a85cbf9 Remove extraneous whitespace.
* pinfo.cc (commune_process): Use default argument to lock_process.
* sigproc.cc: Update copyright.
* select.cc: Ditto.
2007-02-20 00:16:18 +00:00
Corinna Vinschen 97b09fe1c5 Partially revert change from 2006-10-22. GetSecurityInfo messes up
user information on NT4.
	* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
	considerations.
	(security_descriptor::realloc): Ditto.
	(security_descriptor::free): Ditto.
	* security.cc (get_reg_security): Reinstantiate.
	(get_nt_object_security): Revert to using NtQuerySecurityObject.
	* security.h (class security_descriptor): Drop type member.
	Accommodate throughout.
	(security_descriptor::size): Constify.
	(security_descriptor::copy): Ditto.
2006-12-20 17:14:23 +00:00
Corinna Vinschen a889232410 * environ.cc (set_traverse): Remove.
(parse_thing): Drop "traverse" option.
	* path.cc (fs_info::update): Don't request SE_CHANGE_NOTIFY_PRIV
	privilege.
	* sec_helper.cc (set_cygwin_privileges): Ditto.
	* security.cc (allow_traverse): Remove.
	(alloc_sd): Drop special allow_traverse code.
	* security.h (allow_traverse): Drop declaration.
	* syscalls.cc (statvfs): Don't request SE_CHANGE_NOTIFY_PRIV privilege.
2006-12-12 18:47:25 +00:00
Corinna Vinschen b825c587ba * cyglsa.h: New header file.
* environ.cc: Disable subauth settings.
	* grp.cc: Accomodate cygsidlist's count now being a method.
	* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
	(mandatory_medium_integrity_sid): Remove.
	(mandatory_high_integrity_sid): Remove.
	(mandatory_system_integrity_sid): Remove.
	(fake_logon_sid): Add.
	(cygsid::get_sid): Add well_known parameter.  Set well_known_sid
	accordingly.
	(cygsid::getfromstr): Ditto.
	(cygsidlist::alloc_sids): Move here from security.cc.
	(cygsidlist::free_sids): Ditto.
	(cygsidlist::add): Move here from security.h.  Add well_known parameter.
	Set well_known_sid accordingly.  Don't allow duplicate SIDs.
	* security.cc: Include cyglsa.h and cygwin/version.h.  Throughout
	accomodate cygsidlist's count now being a method.  Throughout drop
	redundant "contains" tests.
	(get_user_local_groups): Add local groups as well known SIDs.
	(get_token_group_sidlist): Add well known groups as well known SIDs.
	(get_server_groups): Ditto.  Only call get_unix_group_sidlist after
	get_user_local_groups to maintain "well_known_sid" attribute.
	(get_initgroups_sidlist): Add well known groups as well known SIDs.
	(get_setgroups_sidlist): Add usersid and struct passwd parameter to
	allow calling get_server_groups from here.
	(get_system_priv_list): Make static.  Return size of TOKEN_PRIVILEGES
	structure.
	(get_priv_list): Ditto.
	(create_token): Accomodate above changes.  Drop misguided attempt to
	add MIC SIDs to created user token.  Print returned token as hex value.
	(subauth): Disable.
	(lsaauth): New function implementing client side of LSA authentication.
	* security.h (class cygsid): Add well_known_sid attribute.  Accomodate
	throughout.  Add *= operator to create a well known SID.
	(class cygsidlist): Rename count to cnt.  Make count a method.
	(cygsidlist::add): Move to sec_helper.cc.
	(cygsidlist::operator *=): New method to add well known SID.
	(cygsidlist::non_well_known_count): New method returning number of
	non well known SIDs in list.
	(cygsidlist::next_non_well_known_sid): New method returning next non
	well known SID by index.
	(mandatory_medium_integrity_sid): Drop declaration.
	(mandatory_high_integrity_sid): Drop declaration.
	(mandatory_system_integrity_sid): Drop declaration.
	(fake_logon_sid): Add declaration.
	(subauth): Disable declaration.
	(lsaauth): Add declaration.
	* syscalls.cc (seteuid32): Disable subauthentication.  Add LSA
	authentication.
	* wincap.h: Define needs_logon_sid_in_sid_list throughout.
	* wincap.cc: Ditto.
2006-11-27 12:59:59 +00:00
Corinna Vinschen 124b187f16 * security.h (DBGSID): Define for debugging purposes.
(MKSID): Rename from SID so as to not hide SID definition from winnt.h.
	* sec_helper.cc: Change SID to MKSID throughout.
2006-11-23 16:44:55 +00:00
Corinna Vinschen 2fd2ddf3f5 * sec_helper.cc (sid_auth): Remove.
(well_known_this_org_sid): New well known sid.
	(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
	(mandatory_medium_integrity_sid): New well known sid.
	(mandatory_high_integrity_sid): Ditto.
	(mandatory_system_integrity_sid): Ditto.
	(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY.  Allow all
	authorities fitting in a UCHAR.
	* security.cc (get_token_group_sidlist): Always add the local
	group to the token.  Add comment.  Add "This Organization" group
	if available in incoming group list.
	(get_server_groups): Only add world and authenticated users groups
	if not already in list.
	(create_token): Add matching mandatory integrity SID to group list
	on systems supporting Mandatory Integrity Control.
	* security.h (well_known_this_org_sid): Define.
	(mandatory_medium_integrity_sid): Define.
	(mandatory_high_integrity_sid): Define.
	(mandatory_system_integrity_sid): Define.
	* wincap.h: Define has_mandatory_integrity_control throughout.
	* wincap.cc: Ditto.
2006-11-08 11:38:05 +00:00
Corinna Vinschen b904c35100 * security.h (cygpriv_idx): Add privileges new in Vista.
* security.cc (sys_privs): Ditto.
	* sec_helper.cc (cygpriv): Ditto.  Fix comment.
2006-11-01 09:00:14 +00:00
Corinna Vinschen fc545fe933 * fhandler_disk_file.cc (fhandler_disk_file::facl): Fix whitespace.
* external.cc: Update copyright.
	* fhandler.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.h: Ditto.
	* security.cc: Ditto.
	(check_registry_access): Return -1 if W_OK is requested.
2006-10-22 19:31:33 +00:00
Corinna Vinschen 2be593d961 * external.cc (cygwin_internal): Use security_descriptor::copy method.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
	Set type.
	(security_descriptor::realloc): Handle the case that psd has been
	allocated using LocalAlloc.  Set type.
	(security_descriptor::free): Ditto.
	* security.cc (get_nt_attribute): Remove.
	(get_reg_security): Remove.
	(get_nt_object_security): Use GetSecurityInfo which handles all
	securable objects.
	(get_nt_object_attribute): Remove.
	(get_object_attribute): Call get_nt_object_security instead of
	get_nt_object_attribute.
	(get_file_attribute): Ditto.
	(check_registry_access): Call get_nt_object_security instead of
	get_reg_security.
	* security.h (cygpsid::operator PSID): Make method const, not the
	result.
	(class security_descriptor): Add type member.  Accomodate throughout.
	(security_descriptor::copy): New method.
	(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
2006-10-22 14:57:43 +00:00
Christopher Faylor f62412f235 GCC 4.1 fixes.
* cygheap.h (cygheap_user): Remove unneeded class names from function
declaration.
* fhandler.h (fhandler_base): Ditto.
(fhandler_dev_floppy): Ditto.
(fhandler_console): Ditto.
* wininfo.h (wininfo): Ditto.
* exceptions.cc (sigpacket::process): Avoid compiler errors about gotos and
initialization.
* fhandler_fifo.cc (fhandler_fifo::open): Ditto.
* fhandler_floppy.cc (fhandler_dev_floppy::ioctl): Ditto.
* fhandler_tty.cc (fhandler_tty_slave::ioctl): Ditto.
* mmap.cc (mmap64): Ditto.
* pipe.cc (fhandler_pipe::open): Ditto.
* spawn.cc (spawn_guts): Ditto.
* sec_helper.cc: Fix some comments.
(get_null_sd): Move file-scope static to only function where it is used.
2006-07-17 19:30:30 +00:00
Corinna Vinschen 352059d4b1 * sec_helper.cc (set_cygwin_privileges): Request SE_BACKUP_NAME
privileges.
2006-03-01 23:14:25 +00:00
Christopher Faylor 2f9ae2ed94 Change foo (void) to foo () for all c++ functions throughout. Remove all
fhandler_*::dump functions throughout.
* fhandler.h (fhandler_dev_mem::close): Remove pass-through function in favor
of virtual method.
(handler_dev_raw::close): Ditto.
(fhandler_dev_clipboard::fixup_after_exec): New method.
* fhandler_dev_mem.cc (fhandler_dev_mem::close): Eliminate pass through
* fhandler_dev_raw.cc (fhandler_dev_raw::close): Ditto.
* fhandler_clipboard.cc (fhandler_dev_clipboard::close): Don't go to extra
effort when execing.
(fhandler_dev_clipboard::fixup_after_exec): New function.
* fhandler_console.cc (fhandler_console::close): Don't do "extra stuff" when we
know we're execing.
* fhandler_disk_file.cc (fhandler_disk_file::close): Ditto.
* fhandler_dsp.cc (fhandler_dev_dsp::close): Ditto.
* fhandler_fifo.cc (fhandler_fifo.cc::close): Ditto.  function in favor of base
function.
* fhandler_random.cc (fhandler_dev_random::close): Ditto.
* fhandler_registry.cc (fhandler_registry::close): Ditto.
* fhandler_tty.cc (fhandler_tty_slave::close): Ditto.
* fhandler_virtual.cc (fhandler_virtual::close): Ditto.
* pinfo.cc (proc_waiter): Remove unneeded hExeced declaration.
* sigproc.cc: Ditto.
* winsup.h (hExeced): Define here.
* fhandler_virtual.cc (fhandler_virtual::fixup_after_exec): Just call close()
to reinitialize things to known state.
2005-07-05 03:16:46 +00:00
Christopher Faylor 893ac8e03c Replace valid memory checks with new myfault class "exception handling", almost
everywhere.  Leave some thread.cc stuff alone for now.
* cygtls.h: Kludge some definitions to avoid including a problematic windows
header.
(_cygtls::_myfault): New entry.
(_cygtls::_myfault_errno): Ditto.
(_cygtls::fault_guarded): New function.
(_cygtls::setup_fault): Ditto.
(_cygtls::return_from_fault): Ditto.
(_cygtls::clear_fault): Ditto.
(myfault): New class.
* exceptions.cc (handle_exceptions): Handle case of guarded fault in system
routine.
* gendef: Add another entry point for setjmp that the compiler doesn't know
about and won't complain about.
* gentls_offsets: Just include windows.h rather than kludging a HANDLE def.
* miscfuncs.cc (check_null_str): Delete.
(check_null_empty_str): Ditto.
(check_null_empty_str_errno): Ditto.
(check_null_str_errno): Ditto.
(__check_null_invalid_struct): Ditto.
(__check_null_invalid_struct_errno): Ditto.
(__check_invalid_read_ptr): Ditto.
(__check_invalid_read_ptr_errno): Ditto.
(dummytest): New function.
(check_iovec_for_read): Delete.
(chec_iovec): Rename from check_iovec_for_write.  Take a read/write parameter.
* tlsoffsets.h: Regenerate.
* winsup.h: Remove check_* declarations.
(check_iovec_for_read): Delete declaration.  Turn into a define instead.
(check_iovec_for_write): Ditto.
(check_iovec): New declaration.
* thread.h: Use ifdef guard name consistent with other header files.
2005-07-03 02:40:30 +00:00
Corinna Vinschen 7311cc1f0c * pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
	(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
	* sec_acl.cc (setacl): Allocate acl dynamically.
	* sec_helper.cc (sec_acl): Add test for alignment of acl when
	DEBUGGING is defined.
	(__sec_user): Same for sa_buf.
	* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
	and allocate dynamically.
	(alloc_sd): Allocate acl dynamically.
	security.h (sec_user_nih): Change first parameter to
	SECURITY_ATTRIBUTES *.
	(sec_user): Ditto.
	* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
	allocate dynamically.
	* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
	dynamically.
	* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
	and allocate dynamically.
	* winbase.h (ilockincr): Mark first argument of inline assembly as
	earlyclobber.
	(ilockdecr): Ditto.
2005-06-07 19:31:42 +00:00
Corinna Vinschen f4a1f8a1db * cygheap.cc (cygheap_init): Accomodate set_process_privilege change.
* cygheap.h (cygheap_user::curr_primary_token): New member.
	(cygheap_user::primary_token): New method.
	(cygheap_user::deimpersonate): Always revert to processes'
	impersonation token.
	(cygheap_user::reimpersonate): Set processes' or setuid token as
	necessary.
	(cygheap_user::has_impersonation_tokens): Look for curr_primary_token
	value.
	(cygheap_user::close_impersonation_tokens): Close curr_primary_token
	here if necessary.  Don't reset token values to NO_IMPERSONATION since
	that's done in uinfo_init anyway.
	(init_cygheap::luid): New LUID array keeping privilege LUIDs.
	* cygtls.cc (_cygtls::init_thread): Call cygheap->user.reimpersonate.
	* dcrt0.cc (hProcToken): New global variable to keep process token.
	(hProcImpToken): Ditto for process impersonation token.
	(dll_crt0_0): Open process token here once.  Duplicate to create
	hProcImpToken.
	(dll_crt0_1): Call set_cygwin_privileges.
	* environ.cc (allow_ntea): Drop duplicate declaration.
	(allow_smbntsec): Ditto.
	(set_traverse): Only set allow_traverse here.
	(environ_init): Ditto.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Drop call to
	enable_restore_privilege.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::facl): Ditto.
	* fork.cc (fork_child): Move call to cygheap->user.reimpersonate after
	syn with parent. Call set_cygwin_privileges.
	* grp.cc (internal_getgroups): Use hProcImpToken instead of opening
	process token.
	* path.cc (fs_info::update): Bypass traverse checking when retrieving
	volume information using push/pop_thread_privileges.
	* registry.cc (load_registry_hive): Drop setting restore privilege
	since it's already set if available.
	* sec_helper.cc: Include cygtls.h.
	(cygpriv): Privilege string array.
	(privilege_luid): New function, evaluate LUID from cygpriv_idx.
	(privilege_luid_by_name): New function, evaluate LUID from privilege
	string.
	(privilege_name): New function, evaluate privilege string from
	cygpriv_idx.
	(set_privilege): New static function called by set_process_privilege
	and set_thread_privilege.  Call privilege_luid to get privilege LUID.
	Fix bug in return value evaluation. Improve debug output.
	(set_cygwin_privileges): New function.
	(set_process_privilege): Remove.
	(enable_restore_privilege): Remove.
	* security.cc (allow_traverse): New global variable.
	(sys_privs): Change type to cygpriv_idx and store privilege indices
	instead of strings.
	(SYSTEM_PRIVILEGES_COUNT): Renamed from SYSTEM_PERMISSION_COUNT.
	(get_system_priv_list): Don't use numerical constant in malloc call.
	Use privilege_luid to get privilege LUIDs.
	(get_priv_list): Call privilege_luid_by_name to get LUIDs. Improve
	inner privilege LUID comparison loop.
	(create_token): Enable create token privilege using
	push/pop_self_privileges. Use hProcToken instead of opening process
	token. Use default DACL when duplicating token.
	(subauth): Enable tcb privilege using push/pop_self_privileges.
	Use sec_none instead of homw made security attributes when duplicating
	token.
	(check_file_access): Don't duplicate access token, use active
	impersonation token as is.
	* security.h (enum cygpriv_idx): New enumeration type enumerating
	possible privileges.
	(privilege_luid): Declare new function.
	(privilege_luid_by_name): Ditto.
	(privilege_name): Ditto.
	(allow_traverse): Declare.
	(set_privilege): Declare function.
	(set_process_privilege): Define as macro.
	(enable_restore_privilege): Remove declaration.
	(_push_thread_privilege): Define macro.
	(push_thread_privilege): Ditto.
	(pop_thread_privilege): Ditto.
	(pop_self_privilege): Ditto.
	* spawn.cc (spawn_guts): Use cygheap->user.primary_token instead of
	cygheap->user.token.
	* syscalls.cc (statvfs): Bypass traverse checking when retrieving
	volume information using push/pop_thread_privileges. Rearrange code
	to simplify push/pop bracketing.
	(seteuid32): Use hProcToken instead of opening process token. Call
	cygheap->user.deimpersonate instead of RevertToSelf.  Create
	impersonation token from primary internal or external token.  Set
	cygheap->user.curr_primary_token and cygheap->user.current_token
	privileges once here.  Drop "failed" and "failed_ptok" labels.
	Drop setting DefaultDacl of process token.
	(setegid32): Use hProcToken and hProcImpToken instead of opening
	process token. Always reimpersonate afterwards.
	* uinfo.cc (cygheap_user::init): Use hProcToken instead of opening
	process token.
	(internal_getlogin): Ditto. Set hProcImpToken, too.
	(uinfo_init): Initialize cygheap->user.curr_primary_token.
	* winsup.h (hProcToken): Declare.
	(hProcImpToken): Declare.
2005-04-03 13:06:43 +00:00
Christopher Faylor e3778517d9 * path.cc (chdir): Always use the normalized_path as posix_cwd, except if it
starts with a drive.

Also perform whitespace cleanup.
2004-05-28 19:50:07 +00:00
Corinna Vinschen e859706578 * autoload.cc (NtCreateFile): Add.
* dir.cc (mkdir): Change set_file_attribute call to indicate that
	NT security isn't used.
	* fhandler.cc (fhandler_base::open_9x): New method, created from
	fhandler_base::open.
	(fhandler_base::open): Rearrange to use NtCreateFile instead of
	CreateFile.
	* fhandler.h (enum query_state): Redefine query_null_access to
	query_stat_control.  query_null_access isn't allowed in NtCreateFile.
	(fhandler_base::open_9x): Declare.
	* fhandler_disk_file.cc (fhandler_base::fstat_fs): Use
	query_stat_control first, query_read_control if that fails.
	(fhandler_disk_file::fchmod): Call enable_restore_privilege before
	trying to open for query_write_control.  Don't fall back to
	opening for query_read_control.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::facl):  Only request restore privilege and query
	access necessary for given cmd.
	* fhandler_raw.cc (fhandler_dev_raw::open): Call fhandler_base::open
	instead of opening device here.
	* ntdll.h (NtCreateFile): Declare.
	* path.cc (symlink_worker): Change set_file_attribute call to indicate
	that NT security isn't used.
	* sec_acl.cc (getacl): Fix bracketing.
	* sec_helper.cc (enable_restore_privilege): New function.
	* security.cc (str2buf2uni_cat): New function.
	(write_sd): Don't request restore permission here.
	* security.h (set_process_privileges): Drop stale declaration.
	(str2buf2uni): Declare.
	(str2buf2uni_cat): Declare.
	(enable_restore_privilege): Declare.
	* syscalls.cc (fchown32): Return immediate success on 9x.
2004-04-16 21:22:13 +00:00
Christopher Faylor cec4879206 * debug.h (console_printf): Define for non-debugging condition.
* cygtls.h (_threadinfo::lock): Remove wait argument.
(_threadinfo::interrupt_setup): Remove retaddr argument.
* exceptions.cc (_threadinfo::interrupt_setup): Ditto.
(_threadinfo::interrupt_now): Accommodate change to interrupt_setup argument.
(setup_handler): Ditto.  Always lock sig stack prior to determining interrupt
method.
* gendef (_sigfe): Correct thinko regarding cmpxchg.
(_sigbe): Ditto.
(_threadinfo::lock): Ditto.
(_threadinfo::pop): Eliminate left-over stack unlock.
* sigproc.cc (proc_subproc): Chnage debugging output to printed warning.
2004-02-09 04:04:24 +00:00
Corinna Vinschen d82c6f474d * security.h (SID): New macro.
(well_known_*_sid): Change type to cygpsid.
	(cygsid::init): Delete declaration.
	* sec_helper.cc (well_known_*_sid): Define using above SID macro.
	(cygsid::init): Delete.
	* dcrt0.cc (dll_crt0_0): Do not call cygsid::init.
	* security.cc (get_user_local_groups): Change the second argument type
	to cygpsid.
2004-02-05 17:23:19 +00:00
Christopher Faylor 2e008fb91f Change use of BOOL, TRUE, FALSE to bool, true, false, as appropriate,
throughout.
* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity and edit
some comments.
* cygheap.h (init_cygheap::ctty): Add new element.
* devices.in (device::parse): Remove special handling for /dev/tty.
* devices.cc: Regenerate.
* dtable.cc (build_fh_pc): Don't reset /dev/tty device.  Let the device opener
do that.
* fhandler_termios.cc (tty_min::set_ctty): Redefine to _pinfo class.
* fhandler_tty.cc (fhandler_tty_common::set_close_on_exec): Avoid setting
noninherit flag for ctty.
* tty.h: Move BOOLs to bools.
(tty_min::set_ctty): Redeclare to _pinfo class.
* pinfo.cc (_pinfo::set_ctty): Define new function based on tty_min::set_ctty.
Change first argument from tty number to tty_min class.
* pinfo.h (_pinfo::set_ctty): Declare.
* fhandler_console.cc (fhandler_console::get_tty_stuff): Reflect move of
set_ctty to _pinfo class.
* fhandler_tty.cc (fhandler_tty_slave::open): Treat FH_TTY specially.  Use
saved cygheap value if it exists.  Otherwise convert to real device and save on
first time open.
(fhandler_tty_common::dup): Potentially set controlling tty if duping a slave
tty.
* syscalls.cc (setsid): Close controlling tty in cygheap.
* tty.cc: Change some BOOLs to bools.
2003-12-07 22:37:12 +00:00
Corinna Vinschen cb55867514 * sec_helper.cc (set_process_privilege): Rename restore_priv to
priv_luid.

	* sec_helper.cc (set_process_privilege): Call LookupPrivilegeValue
	before opening the token.
2003-11-26 14:29:22 +00:00
Corinna Vinschen 12069cf31b * dir.cc (mkdir): Use local security_descriptor. Call
set_security_attribute appropriately.
	* external.cc (cygwin_internal): Ditto.
	* fhandler.cc (fhandler_base::open): Ditto.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto.
	* path.cc (symlink_worker): Ditto.
	* sec_acl.cc (setacl): Ditto. Call read_sd appropriately.
	(getace): Ditto.
	* sec_helper.cc (security_descriptor::malloc): New method.
	(security_descriptor::realloc): New method.
	(security_descriptor::free): New method.
	* security.cc (read_sd): Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
	Allocate the security_descriptor buffer according to size returned by
	a call to GetFileSecurity. Return buffer size on success.
	(write_sd): Get security_descriptor as parameter instead of
	PSECURITY_DESCRIPTOR and a size.
	(get_nt_attribute): Use local security_descriptor.
	(get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY.
	Allocate security_descriptor buffer according to size returned by
	a call to RegGetKeySecurity.
	(alloc_sd): Make static. Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
	(set_security_attribute): Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size.
	(set_nt_attribute): Use local security_descriptor.
	(check_file_access): Ditto.
	* security.h: Add class security_descriptor.
	(read_sd): Change declaration to get security_descriptor as parameter
	instead of PSECURITY_DESCRIPTOR and a size.
	(write_sd): Ditto.
	(set_security_attribute): Ditto.
	(alloc_sd): Remove declaration.
	* thread.cc (semaphore::semaphore): Use local security_descriptor. Call
	set_security_attribute appropriately.
2003-11-26 13:23:27 +00:00