Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
systems supporting it. Never add SERVICE SID but keep code in for
future reference. Explain why.
(get_priv_list): Add cygpsid pointer parameter. Point it to the
mandatory integrity SID which matches account and privileges.
(create_token): Fetch mandatory integrity SID from call to
get_priv_list.
(lsaauth): Call get_priv_list with additional NULL pointer. Change
comment accordingly.
* sec_helper.cc (well_known_console_logon_sid): New static SID.
(cygpriv): Change to structure containing extra flag to store info
about required integrity level.
(privilege_luid): Accommodate changes to cygpriv. Return integrity
level in new high_integrity parameter.
(privilege_name): Accommodate changes to cygpriv.
(set_privilege): Drop trailing \n from debug output.
(set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore
since it's just not needed, but keep code in for future reference.
Change comment accordingly.
* security.h (well_known_console_logon_sid): Declare.
(privilege_luid): Align declaration to above change.
* wincap.h (wincaps::has_console_logon_sid): New element.
* wincap.cc: Implement above element throughout.
builtin group from system. Explain why.
* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
* security.h (well_known_builtin_sid): Declare.
LocalFree instead of ::free.
* sec_acl.cc: Throughout replace old ACE flag definitions with current
definitions as used in MSDN man pages.
* security.cc: Ditto.
* fhandler.cc (fhandler_base::open): Make sure file has really been
just created before fixing file permissions. Add S_JUSTCREATED
attribute to set_file_attribute call.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
with default security descriptor and fix descriptor afterwards.
Add S_JUSTCREATED flag to set_file_attribute call.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Call GetSecurityInfo rather than
NtQuerySecurityObject. Explain why. Change error handling accordingly.
(alloc_sd): Skip non-inherited, non-standard entries in ACL if
S_JUSTCREATED attribute is set. Explain why. Minor format fixes.
* security.h (S_JUSTCREATED): New define.
(security_descriptor::operator=): New operator.
error when changing the user account on a standalone Samba server.
Explain why.
* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
(well_known_samba_unix_user_fake_sid): Define.
* security.cc (set_file_sd): Take additional parameter if ownership
should be changed. Restrict requested permissions accordingly.
(set_file_attribute): Accommodate additional parameter to set_file_sd.
* security.h (well_known_samba_unix_user_fake_sid): Declare.
(set_file_sd): Align declaration to above change.
* fhandler_fifo.cc (fhandler_fifo::open): Rework to cause errno to be set to
ENXIO when opening a fifo write/nonblocking.
* environ.cc (ucreqenv): Rename to ucenv. Move code from old ucenv here and
conditionalize it on create_upcaseenv.
(ucenv): Delete.
(environ_init): Fix compiler warning by moving create_upcaseenv test to ucenv.
Don't bother checking for child_proc_info when calling ucenv since it is
assumed to be NULL at the point where the function is called.
* path.cc (symlink_worker): Turn off MS-DOS path warnings when dealing with
devices since the device handler passes in a translated MS-DOS path.
* sec_auth.cc (lsaprivkeyauth): Avoid variable initialization which causes a
compiler error.
* fhandler_netdrive.cc: Update copyright.
from complaining about the very thing we're trying to test.
* ntea.cc (read_ea): Reorganize to avoid a new compiler warning/error.
* sched.cc (sched_rr_get_interval): Ditto.
* select.cc (peek_serial): Ditto.
* libc/rexec.cc (ruserpass): Ditto.
* posix_ipc.cc (ipc_names): Make static to avoid a compiler warning
(and it's the right thing to do anyway).
MAX_DOMAIN_NAME_LEN throughout.
* cyglsa.h (CYG_LSA_MAGIC): New value.
(cyglsa_t): Define username and domain as WCHAR arrays.
* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
appropriate.
(extract_nt_dom_user): Prefer resolving by SID before resolving by
domain\name pair.
(cygwin_logon_user): Don't print cleartext password in debug output.
Change comment.
(get_user_groups): Revert calls to LookupAccountNameW to use NULL
server instead of explicit server name, according to MSDN.
(get_user_local_groups): Ditto.
(get_server_groups): Fetch domain and user name from usersid per
LookupAccountSidW instead of calling extract_nt_dom_user.
(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
instead of calling extract_nt_dom_user.
* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
(privilege_luid): Convert first parameter to PWCHAR.
(privilege_name): Return wchar_t pointer.
(set_privileges): Accommodate debug output.
* security.h (privilege_luid): Change prototype accordingly.
wsa_event.h instead.
* fhandler_socket.cc (NUM_SOCKS): Move to wsa_event.h.
(wsa_events): Move from DLL shared area to cygwin_shared shared
memory. Accommodate throughout.
(socket_serial_number): Ditto.
* fhandler_tape.cc (mt): Ditto.
(mtinfo_init): Remove.
(mt): Define as cygwin_shared->mt.
* flock.cc (FLOCK_PARENT_DIR_ACCESS): Remove.
(FLOCK_INODE_DIR_ACCESS): Move up in file.
(FLOCK_MUTANT_ACCESS): Ditto.
(FLOCK_EVENT_ACCESS): Ditto.
(get_lock_parent_dir): Remove.
(inode_t::inode_t): Call get_shared_parent_dir to get parent dir handle.
Add a "flock-" prefix to file's lock directory name for clarity.
* mtinfo.h (mtinfo_init): Drop declaration.
* net.cc (last_used_bindresvport): Move from DLL shared area to
cygwin_shared shared memory.
(cygwin_bindresvport_sa): Accommodate above change.
* sec_helper.cc (_everyone_sd): Move here from flock.cc.
* security.h (SD_MIN_SIZE): Ditto.
(everyone_sd): Ditto.
* shared.cc (cygwin_shared_area): Remove.
(cygwin_shared_h): New handle.
(get_shared_parent_dir): New static function.
(shared_name): Drop session_local argument. Call get_shared_parent_dir
here. Add cygwin-shared subdir to object name.
(offsets): Reinstantiate SH_CYGWIN_SHARED member.
(open_shared): Revert change from 2007-03-29 for systems supporting
SeCreateGlobalPrivilege.
(shared_info::initialize): Call mtinfo's initialize here.
(memory_init): Drop call to mtinfo_init.
* shared_info.h (SHARED_INFO_CB): Accommodate change to shared_info.
(CURR_SHARED_MAGIC): Ditto.
(class shared_info): Add members for global socket and tape info
sharing.
(enum shared_locations): Reinstantiate SH_CYGWIN_SHARED.
(get_shared_parent_dir): Declare.
(shared_name): Drop session_local argument from declaration.
* wsa_event.h: New file. Move definitions of NUM_SOCKS and
struct wsa_event here.
(cwcsdup1): New function.
* cygheap.h (cygheap_user::get_windows_id): New method returning PWCHAR.
(cwcsdup): Declare.
(cwcsdup1): Declare.
* registry.cc (get_registry_hive_path): Use WCHAR instead of char
throughout.
(load_registry_hive): Ditto.
* registry.h (get_registry_hive_path): Change declaration accordingly.
(load_registry_hive): Ditto.
* sec_helper.cc (cygpsid::string): New method returning PWCHAR.
* security.h (cygpsid::string): Declare.
* syscalls.cc (seteuid32): Convert local name var to WCHAR.
* uinfo.cc (cygheap_user::env_userprofile): Convert local name buffers
to WCHAR. Call sys_wcstombs_alloc to generate puserprof buffer.
* winsup.h: Fix comment.
(NT_MAX_PATH): New definition for maximum internal path length.
Use throughout where appropriate.
* include/limits.h (PATH_MAX): Set to 4096 as on Linux.
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.
* mmap.cc (mlock): Accommodate parameter change in call to
push_thread_privilege.
(munlock): Ditto.
* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
(NtAdjustPrivilegesToken): Declare.
* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
(privilege_luid): Take job of privilege_luid_by_name, using new
cygpriv.
(privilege_luid_by_name): Remove.
(privilege_name): Accommodate new cygpriv array.
(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
Accommodate changes to privilege_name.
(set_cygwin_privileges): Simplify. Don't try to set
SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
* security.cc (sys_privs): Reorder to match numerical privilege order.
Use real privilege values as defined in security.h.
(get_system_priv_list): Drop unused grp_list argument. Create
list of privileges according to new wincapc::max_sys_priv value.
(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
Make priv a local value instead of a pointer.
(create_token): Accommodate parameter change in call to
push_self_privilege.
(lsaauth): Ditto.
(check_access): Use privilege values directly instead of calling
privilege_luid.
* security.h: Define real privilege values.
(cygpriv_idx): Remove.
(privilege_luid): Change declaration.
(privilege_luid_by_name): Drop declaration.
(set_privilege): Change declaration.
(set_process_privilege): Drop definition.
(_push_thread_privilege): Accomodate new set_privilege parameters.
* wincap.h (wincapc::max_sys_priv): New element.
* wincap.cc: Implement above element throughout.
(wincap_2000sp4): New wincaps structure.
(wincap_xpsp1): Ditto.
(wincap_xpsp2): Ditto.
(wincapc::init): Use new wincaps.
(wincapc::max_sys_priv): New element.
shared_prefix depending only on terminal service capability.
* dcrt0.cc (dll_crt0_1): Don't call set_cygwin_privileges here.
* fhandler_fifo.cc (fhandler_fifo::open): Create the mutex as global
object.
* posix_ipc.cc (ipc_mutex_init): Use cygheap->shared_prefix.
(ipc_cond_init): Ditto.
* sec_helper.cc (privilege_name): Make static. Use LookupPrivilegeName
directly to be independent of the state of cygheap.
(set_privilege): Take a LUID as parameter instead of an index value.
Only print debug output in case of failure.
(set_cygwin_privileges): Add comment. Use LookupPrivilegeValue to
get privilege LUIDs.
(init_global_security): Call set_cygwin_privileges here.
* security.h (privilege_name): Drop declaration.
(set_privilege): Declare according to above change.
(set_process_privilege): Call privilege_luid to get LUID.
(_push_thread_privilege): Ditto.
* shared.cc (open_shared): Add comment. On systems supporting the
SeCreateGlobalPrivilege, try to create/open global shared memory first.
Fall back to local shared memory if that fails.
* thread.cc (semaphore::semaphore): Use cygheap->shared_prefix.
* wincap.h (wincapc::has_create_global_privilege): New element.
* wincap.cc: Implement above element throughout.
user information on NT4.
* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
considerations.
(security_descriptor::realloc): Ditto.
(security_descriptor::free): Ditto.
* security.cc (get_reg_security): Reinstantiate.
(get_nt_object_security): Revert to using NtQuerySecurityObject.
* security.h (class security_descriptor): Drop type member.
Accommodate throughout.
(security_descriptor::size): Constify.
(security_descriptor::copy): Ditto.
* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
(well_known_this_org_sid): New well known sid.
(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
(mandatory_medium_integrity_sid): New well known sid.
(mandatory_high_integrity_sid): Ditto.
(mandatory_system_integrity_sid): Ditto.
(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY. Allow all
authorities fitting in a UCHAR.
* security.cc (get_token_group_sidlist): Always add the local
group to the token. Add comment. Add "This Organization" group
if available in incoming group list.
(get_server_groups): Only add world and authenticated users groups
if not already in list.
(create_token): Add matching mandatory integrity SID to group list
on systems supporting Mandatory Integrity Control.
* security.h (well_known_this_org_sid): Define.
(mandatory_medium_integrity_sid): Define.
(mandatory_high_integrity_sid): Define.
(mandatory_system_integrity_sid): Define.
* wincap.h: Define has_mandatory_integrity_control throughout.
* wincap.cc: Ditto.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
Set type.
(security_descriptor::realloc): Handle the case that psd has been
allocated using LocalAlloc. Set type.
(security_descriptor::free): Ditto.
* security.cc (get_nt_attribute): Remove.
(get_reg_security): Remove.
(get_nt_object_security): Use GetSecurityInfo which handles all
securable objects.
(get_nt_object_attribute): Remove.
(get_object_attribute): Call get_nt_object_security instead of
get_nt_object_attribute.
(get_file_attribute): Ditto.
(check_registry_access): Call get_nt_object_security instead of
get_reg_security.
* security.h (cygpsid::operator PSID): Make method const, not the
result.
(class security_descriptor): Add type member. Accomodate throughout.
(security_descriptor::copy): New method.
(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
everywhere. Leave some thread.cc stuff alone for now.
* cygtls.h: Kludge some definitions to avoid including a problematic windows
header.
(_cygtls::_myfault): New entry.
(_cygtls::_myfault_errno): Ditto.
(_cygtls::fault_guarded): New function.
(_cygtls::setup_fault): Ditto.
(_cygtls::return_from_fault): Ditto.
(_cygtls::clear_fault): Ditto.
(myfault): New class.
* exceptions.cc (handle_exceptions): Handle case of guarded fault in system
routine.
* gendef: Add another entry point for setjmp that the compiler doesn't know
about and won't complain about.
* gentls_offsets: Just include windows.h rather than kludging a HANDLE def.
* miscfuncs.cc (check_null_str): Delete.
(check_null_empty_str): Ditto.
(check_null_empty_str_errno): Ditto.
(check_null_str_errno): Ditto.
(__check_null_invalid_struct): Ditto.
(__check_null_invalid_struct_errno): Ditto.
(__check_invalid_read_ptr): Ditto.
(__check_invalid_read_ptr_errno): Ditto.
(dummytest): New function.
(check_iovec_for_read): Delete.
(chec_iovec): Rename from check_iovec_for_write. Take a read/write parameter.
* tlsoffsets.h: Regenerate.
* winsup.h: Remove check_* declarations.
(check_iovec_for_read): Delete declaration. Turn into a define instead.
(check_iovec_for_write): Ditto.
(check_iovec): New declaration.
* thread.h: Use ifdef guard name consistent with other header files.
allocate dynamically.
(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
* sec_acl.cc (setacl): Allocate acl dynamically.
* sec_helper.cc (sec_acl): Add test for alignment of acl when
DEBUGGING is defined.
(__sec_user): Same for sa_buf.
* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
and allocate dynamically.
(alloc_sd): Allocate acl dynamically.
security.h (sec_user_nih): Change first parameter to
SECURITY_ATTRIBUTES *.
(sec_user): Ditto.
* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
dynamically.
* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
and allocate dynamically.
* winbase.h (ilockincr): Mark first argument of inline assembly as
earlyclobber.
(ilockdecr): Ditto.
* cygheap.h (cygheap_user::curr_primary_token): New member.
(cygheap_user::primary_token): New method.
(cygheap_user::deimpersonate): Always revert to processes'
impersonation token.
(cygheap_user::reimpersonate): Set processes' or setuid token as
necessary.
(cygheap_user::has_impersonation_tokens): Look for curr_primary_token
value.
(cygheap_user::close_impersonation_tokens): Close curr_primary_token
here if necessary. Don't reset token values to NO_IMPERSONATION since
that's done in uinfo_init anyway.
(init_cygheap::luid): New LUID array keeping privilege LUIDs.
* cygtls.cc (_cygtls::init_thread): Call cygheap->user.reimpersonate.
* dcrt0.cc (hProcToken): New global variable to keep process token.
(hProcImpToken): Ditto for process impersonation token.
(dll_crt0_0): Open process token here once. Duplicate to create
hProcImpToken.
(dll_crt0_1): Call set_cygwin_privileges.
* environ.cc (allow_ntea): Drop duplicate declaration.
(allow_smbntsec): Ditto.
(set_traverse): Only set allow_traverse here.
(environ_init): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Drop call to
enable_restore_privilege.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::facl): Ditto.
* fork.cc (fork_child): Move call to cygheap->user.reimpersonate after
syn with parent. Call set_cygwin_privileges.
* grp.cc (internal_getgroups): Use hProcImpToken instead of opening
process token.
* path.cc (fs_info::update): Bypass traverse checking when retrieving
volume information using push/pop_thread_privileges.
* registry.cc (load_registry_hive): Drop setting restore privilege
since it's already set if available.
* sec_helper.cc: Include cygtls.h.
(cygpriv): Privilege string array.
(privilege_luid): New function, evaluate LUID from cygpriv_idx.
(privilege_luid_by_name): New function, evaluate LUID from privilege
string.
(privilege_name): New function, evaluate privilege string from
cygpriv_idx.
(set_privilege): New static function called by set_process_privilege
and set_thread_privilege. Call privilege_luid to get privilege LUID.
Fix bug in return value evaluation. Improve debug output.
(set_cygwin_privileges): New function.
(set_process_privilege): Remove.
(enable_restore_privilege): Remove.
* security.cc (allow_traverse): New global variable.
(sys_privs): Change type to cygpriv_idx and store privilege indices
instead of strings.
(SYSTEM_PRIVILEGES_COUNT): Renamed from SYSTEM_PERMISSION_COUNT.
(get_system_priv_list): Don't use numerical constant in malloc call.
Use privilege_luid to get privilege LUIDs.
(get_priv_list): Call privilege_luid_by_name to get LUIDs. Improve
inner privilege LUID comparison loop.
(create_token): Enable create token privilege using
push/pop_self_privileges. Use hProcToken instead of opening process
token. Use default DACL when duplicating token.
(subauth): Enable tcb privilege using push/pop_self_privileges.
Use sec_none instead of homw made security attributes when duplicating
token.
(check_file_access): Don't duplicate access token, use active
impersonation token as is.
* security.h (enum cygpriv_idx): New enumeration type enumerating
possible privileges.
(privilege_luid): Declare new function.
(privilege_luid_by_name): Ditto.
(privilege_name): Ditto.
(allow_traverse): Declare.
(set_privilege): Declare function.
(set_process_privilege): Define as macro.
(enable_restore_privilege): Remove declaration.
(_push_thread_privilege): Define macro.
(push_thread_privilege): Ditto.
(pop_thread_privilege): Ditto.
(pop_self_privilege): Ditto.
* spawn.cc (spawn_guts): Use cygheap->user.primary_token instead of
cygheap->user.token.
* syscalls.cc (statvfs): Bypass traverse checking when retrieving
volume information using push/pop_thread_privileges. Rearrange code
to simplify push/pop bracketing.
(seteuid32): Use hProcToken instead of opening process token. Call
cygheap->user.deimpersonate instead of RevertToSelf. Create
impersonation token from primary internal or external token. Set
cygheap->user.curr_primary_token and cygheap->user.current_token
privileges once here. Drop "failed" and "failed_ptok" labels.
Drop setting DefaultDacl of process token.
(setegid32): Use hProcToken and hProcImpToken instead of opening
process token. Always reimpersonate afterwards.
* uinfo.cc (cygheap_user::init): Use hProcToken instead of opening
process token.
(internal_getlogin): Ditto. Set hProcImpToken, too.
(uinfo_init): Initialize cygheap->user.curr_primary_token.
* winsup.h (hProcToken): Declare.
(hProcImpToken): Declare.
* dir.cc (mkdir): Change set_file_attribute call to indicate that
NT security isn't used.
* fhandler.cc (fhandler_base::open_9x): New method, created from
fhandler_base::open.
(fhandler_base::open): Rearrange to use NtCreateFile instead of
CreateFile.
* fhandler.h (enum query_state): Redefine query_null_access to
query_stat_control. query_null_access isn't allowed in NtCreateFile.
(fhandler_base::open_9x): Declare.
* fhandler_disk_file.cc (fhandler_base::fstat_fs): Use
query_stat_control first, query_read_control if that fails.
(fhandler_disk_file::fchmod): Call enable_restore_privilege before
trying to open for query_write_control. Don't fall back to
opening for query_read_control.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::facl): Only request restore privilege and query
access necessary for given cmd.
* fhandler_raw.cc (fhandler_dev_raw::open): Call fhandler_base::open
instead of opening device here.
* ntdll.h (NtCreateFile): Declare.
* path.cc (symlink_worker): Change set_file_attribute call to indicate
that NT security isn't used.
* sec_acl.cc (getacl): Fix bracketing.
* sec_helper.cc (enable_restore_privilege): New function.
* security.cc (str2buf2uni_cat): New function.
(write_sd): Don't request restore permission here.
* security.h (set_process_privileges): Drop stale declaration.
(str2buf2uni): Declare.
(str2buf2uni_cat): Declare.
(enable_restore_privilege): Declare.
* syscalls.cc (fchown32): Return immediate success on 9x.
(well_known_*_sid): Change type to cygpsid.
(cygsid::init): Delete declaration.
* sec_helper.cc (well_known_*_sid): Define using above SID macro.
(cygsid::init): Delete.
* dcrt0.cc (dll_crt0_0): Do not call cygsid::init.
* security.cc (get_user_local_groups): Change the second argument type
to cygpsid.
throughout.
* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity and edit
some comments.
* cygheap.h (init_cygheap::ctty): Add new element.
* devices.in (device::parse): Remove special handling for /dev/tty.
* devices.cc: Regenerate.
* dtable.cc (build_fh_pc): Don't reset /dev/tty device. Let the device opener
do that.
* fhandler_termios.cc (tty_min::set_ctty): Redefine to _pinfo class.
* fhandler_tty.cc (fhandler_tty_common::set_close_on_exec): Avoid setting
noninherit flag for ctty.
* tty.h: Move BOOLs to bools.
(tty_min::set_ctty): Redeclare to _pinfo class.
* pinfo.cc (_pinfo::set_ctty): Define new function based on tty_min::set_ctty.
Change first argument from tty number to tty_min class.
* pinfo.h (_pinfo::set_ctty): Declare.
* fhandler_console.cc (fhandler_console::get_tty_stuff): Reflect move of
set_ctty to _pinfo class.
* fhandler_tty.cc (fhandler_tty_slave::open): Treat FH_TTY specially. Use
saved cygheap value if it exists. Otherwise convert to real device and save on
first time open.
(fhandler_tty_common::dup): Potentially set controlling tty if duping a slave
tty.
* syscalls.cc (setsid): Close controlling tty in cygheap.
* tty.cc: Change some BOOLs to bools.
set_security_attribute appropriately.
* external.cc (cygwin_internal): Ditto.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_socket.cc (fhandler_socket::bind): Ditto.
* path.cc (symlink_worker): Ditto.
* sec_acl.cc (setacl): Ditto. Call read_sd appropriately.
(getace): Ditto.
* sec_helper.cc (security_descriptor::malloc): New method.
(security_descriptor::realloc): New method.
(security_descriptor::free): New method.
* security.cc (read_sd): Get security_descriptor as parameter instead
of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
Allocate the security_descriptor buffer according to size returned by
a call to GetFileSecurity. Return buffer size on success.
(write_sd): Get security_descriptor as parameter instead of
PSECURITY_DESCRIPTOR and a size.
(get_nt_attribute): Use local security_descriptor.
(get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY.
Allocate security_descriptor buffer according to size returned by
a call to RegGetKeySecurity.
(alloc_sd): Make static. Get security_descriptor as parameter instead
of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
(set_security_attribute): Get security_descriptor as parameter instead
of PSECURITY_DESCRIPTOR and a size.
(set_nt_attribute): Use local security_descriptor.
(check_file_access): Ditto.
* security.h: Add class security_descriptor.
(read_sd): Change declaration to get security_descriptor as parameter
instead of PSECURITY_DESCRIPTOR and a size.
(write_sd): Ditto.
(set_security_attribute): Ditto.
(alloc_sd): Remove declaration.
* thread.cc (semaphore::semaphore): Use local security_descriptor. Call
set_security_attribute appropriately.