Commit Graph

265 Commits

Author SHA1 Message Date
Corinna Vinschen 1ca20a1cd2 Introduce reading passwd/group entries from SAM/AD. Introduce
/etc/nsswitch.conf file to configure it.
	* Makefile.in (DLL_OFILES): Add ldap.o.
	* autoload.cc: Import ldap functions from wldap32.dll.
	(DsEnumerateDomainTrustsW): Import.
	(NetGroupGetInfo): Import.
	* cygheap.h (class cygheap_domain_info): New class to keep global
	domain info.
	(class cygheap_pwdgrp): New class to keep passwd/group caches and
	configuration info from /etc/nssswitch.conf.
	(struct init_cygheap): Add cygheap_domain_info member "dom" and
	cygheap_pwdgrp member "pg".
	* cygtls.h (struct _local_storage): Remove unused member "res".
	Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
	passwd/group fetching from SAM/AD.  Make pw_pos and pw_pos unsigned.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
	uid/gid mapping.
	* fhandler_process.cc: Drop including pwdgrp.h.
	* fhandler_procsysvipc.cc: Ditto.
	* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
	to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
	* grp.cc (group_buf): Drop.
	(gr): Drop.
	(pwdgrp::parse_group): Fill pg_grp.
	(pwdgrp::read_group): Remove.
	(pwdgrp::init_grp): New method.
	(pwdgrp::prep_tls_grbuf): New method.
	(pwdgrp::find_group): New methods.
	(internal_getgrsid): Convert to call new pwdgrp methods.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
	(getgrgid32): Ditto.
	(getgrnam_r): Ditto for internal_getgrnam.
	(getgrnam32): Ditto.
	(getgrent32): Convert to call new pwdgrp methods.
	(internal_getgrent): Remove.
	(internal_getgroups): Simplify, especially drop calls to
	internal_getgrent.
	* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
	and RFC 2307 server.
	* ldap.h: New header, declaring cyg_ldap class.
	* passwd.cc (passwd_buf): Drop.
	(pr): Drop.
	(pwdgrp::parse_passwd): Fill pg_pwd.
	(pwdgrp::read_passwd): Remove.
	(pwdgrp::init_pwd): New method.
	(pwdgrp::prep_tls_pwbuf): New method.
	(find_user): New methods.
	(internal_getpwsid): Convert to call new pwdgrp methods.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
	(getpwuid_r): Ditto.
	(getpwnam): Ditto for internal_getpwnam.
	(getpwnam_r): Ditto.
	(getpwent): Convert to call new pwdgrp methods.
	* path.cc (class etc): Remove all methods.
	* path.h (class etc): Drop.
	* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
	than UNKNOWN_GID.
	(pinfo_init): Ditto.
	* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
	(internal_getpwuid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgrent): Drop declaration.
	(enum fetch_user_arg_type_t): New type.
	(struct fetch_user_arg_t): New type.
	(struct pg_pwd): New type.
	(struct pg_grp): New type.
	(class pwdgrp): Rework to provide functions for file and db requests
	and caching.
	(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
	(ugid_cache): Declare.
	* sec_acl.cc: Drop including pwdgrp.h.
	* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
	(get_logon_server): Convert third parameter to ULONG flags argument
	to allow arbitrary flags values in DsGetDcNameW call and change calls
	to this function throughout.  Use cached account domain name rather
	than calling GetComputerNameW.
	(get_unix_group_sidlist): Remove.
	(get_server_groups): Drop call to get_unix_group_sidlist.
	(verify_token): Rework token group check without calling
	internal_getgrent.
	* sec_helper.cc (cygpsid::pstring): New methods, like string() but
	return pointer to end of string.
	(cygsid::getfromstr): Add wide character implementation.
	(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
	* security.cc: Drop including pwdgrp.h.
	* security.h (DEFAULT_UID): Remove.
	(UNKNOWN_UID): Remove.
	(UNKNOWN_GID): Remove.
	(uinfo_init): Move here from winsup.h.
	(ILLEGAL_UID): Ditto.
	(ILLEGAL_GID): Ditto.
	(UNIX_POSIX_OFFSET): Define.  Add lengthy comment.
	(UNIX_POSIX_MASK): Ditto.
	(MAP_UNIX_TO_CYGWIN_ID): Ditto.
	(ILLEGAL_UID16): Move here from winsup.h.
	(ILLEGAL_GID16): Ditto.
	(uid16touid32): Ditto.
	(gid16togid32): Ditto.
	(sid_id_auth): New convenience macro for SID component access.
	(sid_sub_auth_count): Ditto.
	(sid_sub_auth): Ditto.
	(sid_sub_auth_rid): Ditto.
	(cygpsid::pstring): Declare.
	(cygsid::getfromstr): Declare wide character variant.
	(cygsid::operator=): Ditto.
	(cygsid::operator*=): Ditto.
	(get_logon_server): Change declaration according to source code.
	* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
	call.
	* shared.cc (memory_init): Call cygheap->pg.init in first process.
	* syscalls.cc: Drop including pwdgrp.h.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
	call.  Fix debug output.  Overwrite user gid in border case of a
	missing passwd file while a group file exists.
	(pwdgrp::add_line): Allocate memory on cygheap.
	(pwdgrp::load): Remove.
	(ugid_cache): Define.
	(cygheap_pwdgrp::init): New method.
	(cygheap_pwdgrp::nss_init_line): New method.
	(cygheap_pwdgrp::_nss_init): New method.
	(cygheap_domain_info::init): New method.
	(logon_sid): Define.
	(get_logon_sid): New function.
	(pwdgrp::add_account_post_fetch): New method.
	(pwdgrp::add_account_from_file): New methods.
	(pwdgrp::add_account_from_windows): New methods.
	(pwdgrp::check_file): New method.
	(pwdgrp::fetch_account_from_line): New method.
	(pwdgrp::fetch_account_from_file): New method.
	(pwdgrp::fetch_account_from_windows): New method.
	* winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-09 19:44:56 +00:00
Corinna Vinschen 61522196c7 * Merge in cygwin-64bit-branch. 2013-04-23 09:44:36 +00:00
Christopher Faylor bc837d22f3 Throughout, update copyrights to reflect dates which correspond to main-branch
checkins.  Regularize copyright format.
2013-01-21 04:38:31 +00:00
Corinna Vinschen 115d74b99e * globals.cc (ro_u_refs): New R/O unicode string.
* mount.cc (fs_info::update): Recognize ReFS.
	* mount.h (enum fs_info_type): Add refs.
	(class fs_info): Add refs flag and accessor methods.
	* ntdll.h (RtlAddAccessAllowedAceEx): Declare.
	(RtlAddAccessDeniedAceEx): Declare.
	* path.h (path_conv::fs_is_refs): Define.
	* sec_helper.cc (_recycler_sd): New function to create security
	descriptors suitable for the recycler bin starting with Vista.
	* security.cc (add_access_allowed_ace): Use RtlAddAccessAllowedAceEx
	and drop code to set AceFlags explicitely.
	(add_access_denied_ace): Use RtlAddAccessDeniedAceEx and drop code to
	set AceFlags explicitely.
	* security.h (_recycler_sd): Declare.
	(recycler_sd): Define.
	* syscalls.cc (desktop_ini): Change formatting.
	(desktop_ini_ext): Define third line of recycler desktop.ini file
	since Vista,
	(try_to_bin): Handle ReFS just like NTFS.  Write Vista and later
	Recycler in all uppercase, just like shell32 does when recreating it.
	Fix comments to include ReFS.  Don't implicitely reuse object
	attributes from earlier NtOpenFile call, rather recreate it for safety.
	Use recycler_sd call when creating security descriptor for Recycler
	dirs and files on Vista and later.  Write third line of desktop.ini
	when on Vista and later.
2012-06-03 16:46:53 +00:00
Christopher Faylor b9aa81491f Throughout, remove extra space after function name from debugging output.
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
2011-12-03 21:43:27 +00:00
Corinna Vinschen 303dc0230d * fhandler_disk_file.cc (__DIR_mounts::eval_ino): Create path_conv
with PC_KEEP_HANDLE flag.
	* path.h (path_conv::operator =): Duplicate UNICODE path as well.
	* security.cc (check_file_access): Use path_conv handle if available.
	* syscalls.cc (access): Create fhandler with PC_KEEP_HANDLE flag set.
	(euidaccess): Ditto.
	(faccessat): Ditto.
2011-07-26 13:30:41 +00:00
Corinna Vinschen 3fe31f2633 * security.cc (get_file_sd): Fix comment. 2011-07-05 15:42:43 +00:00
Christopher Faylor b86f999af1 whitespace elimination 2011-06-06 05:02:13 +00:00
Christian Franke 3bcc74a9ae * security.cc (check_registry_access): Handle missing
security descriptor of HKEY_PERFORMANCE_DATA.
2011-05-10 17:19:37 +00:00
Corinna Vinschen 5735d5f6f4 * advapi32.cc: Add comment.
(EqualSid): Remove.
	(CopySid): Remove.
	(AddAccessAllowedAce): Remove.
	(AddAccessDeniedAce): Remove.
	(MakeSelfRelativeSD): Remove.
	* flock.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
	* security.h: Ditto.
	(RtlEqualSid): Declare.  Explain why.
	(RtlCopySid): Ditto.
2011-04-29 10:38:12 +00:00
Corinna Vinschen 3e8e0c33c0 * advapi32.cc (AccessCheck): Remove.
(PrivilegeCheck): Remove.
	(OpenThreadToken): Remove.
	* fhandler_tty.cc: Replace above functions throughout with their
	ntdll.dll equivalent.
	* security.cc: Ditto.
2011-04-29 09:48:25 +00:00
Corinna Vinschen fd04c2f004 * advapi32.cc (SetSecurityDescriptorDacl): Remove.
(SetSecurityDescriptorGroup): Remove.
	(SetSecurityDescriptorOwner): Remove.
	* pinfo.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.

	* sec_helper.cc (__sec_user): Remove old comment.
2011-04-28 15:54:47 +00:00
Corinna Vinschen 1838d97b0a * advapi32.cc (GetSecurityDescriptorDacl): Remove.
(GetSecurityDescriptorGroup): Remove.
	(GetSecurityDescriptorOwner): Remove.
	* sec_acl.cc: Replace above functions throughout with their ntdll.dll
	equivalent.  Remove redundant debug output.
	* sec_auth.cc: Ditto.
	* security.cc: Ditto.
	* uinfo.cc: Ditto.
2011-04-28 09:53:11 +00:00
Corinna Vinschen 1754539e56 * advapi32.cc (InitializeAcl): Remove.
(AddAce): Remove.
	(FindFirstFreeAce): Remove.
	(GetAce): Remove.
	(InitializeSecurityDescriptor): Remove.
	(OpenProcessToken): Remove.
	* dcrt0.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* fhandler_tty.cc: Ditto.
	* flock.cc: Ditto.
	* pinfo.cc: Ditto.  Drop unnecessary error handling.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
2011-04-28 09:30:36 +00:00
Corinna Vinschen 158e516b9d * advapi32.cc (InitializeSid): Remove.
(EqualPrefixSid): Remove.
	(GetLengthSid): Remove.
	(GetSidSubAuthority): Remove.
	(GetSidSubAuthorityCount): Remove.
	(GetSidIdentifierAuthority): Remove.
	* fhandler_disk_file.cc: Remove above functions throughout with their
	ntdll.dll equivalent.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
2011-04-28 08:34:49 +00:00
Corinna Vinschen f97612978a * autoload.cc (GetSecurityInfo): Remove.
* ntdll.h (RtlConvertToAutoInheritSecurityObject): Declare.
	(RtlDeleteSecurityObject): Declare.
	(RtlGetControlSecurityDescriptor): Declare.
	(RtlLengthSecurityDescriptor): Declare.
	* security.cc (file_mapping): New global variable.
	(get_file_sd): Rewrite.  Clean up code.  Get rid of GetSecurityInfo
	call.
	(alloc_sd): Call RtlSetControlSecurityDescriptor to set
	SE_DACL_PROTECTED flag.
	(check_file_access): Remove mapping.  Use file_mapping instead.
	(check_registry_access): Rename mapping to reg_mapping.
	* wincap.cc: Througout, drop use_get_sec_info_on_dirs,
	* wincap.h (struct wincaps): Drop use_get_sec_info_on_dirs.
2011-04-28 07:27:51 +00:00
Corinna Vinschen 6ce541281e Drop NT4 support.
* autoload.cc (DnsQuery_A): Fatal if not available.
	(DnsRecordListFree): Ditto.
	(DsGetDcNameW): Ditto.
	(NetGetAnyDCName): Remove.
	(NetGetDCName): Remove.
	(EnumProcessModules): Fatal if not available.
	(GetModuleFileNameExW): Ditto.
	(GetModuleInformation): Ditto.
	(GetProcessMemoryInfo): Ditto.
	(QueryWorkingSet): Ditto.
	(LsaRegisterLogonProcess): Ditto.
	* fenv.cc (_feinitialise): Drop supports_sse condition.
	* fhandler_disk_file.cc (path_conv::isgood_inode): Fix comment.
	(fhandler_base::fstat_by_name): Drop has_fileid_dirinfo condition.
	(fhandler_disk_file::opendir): Ditto.
	* fhandler_netdrive.cc (fhandler_netdrive::readdir): Fix comment.
	* fhandler_proc.cc (format_proc_partitions): Drop NT4-only code.
	* fhandler_process.cc (get_process_state): Ditto.
	* kernel32.cc (GetWindowsDirectoryW): Remove.
	(GetWindowsDirectoryA): Remove.
	* miscfuncs.cc (nice_to_winprio): Drop NT4-only code.
	* mount.cc (fs_info::update): Fix comments.
	* net.cc (get_2k_ifs): Drop NT4-only code.
	* sec_auth.cc (get_logon_server): Ditto.
	(lsaauth): Drop NT4-specific error handling.
	* security.cc (alloc_sd): Set SE_DACL_PROTECTED unconditionally.
	* select.cc (select_stuff::wait): Always use MWMO_INPUTAVAILABLE.
	(peek_windows): Drop NT4-only condition in call to PeekMessage.
	* syscalls.cc (gethostid): Remove NT4-only workaround.
	* wincap.cc: Througout, drop has_dacl_protect,
	has_broken_if_oper_status, has_process_io_counters,
	has_terminal_services, has_extended_priority_class, has_guid_volumes,
	has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse from
	wincaps.
	(wincap_nt4sp4): Remove.
	(wincap_minimal): Set to wincap_2000.
	(wincapc::init): Rely on availability of OSVERSIONINFOEX structure.
	Treat error from GetVersionEx as fatal.  Treat NT4 as fatal.
	* wincap.h (struct wincaps): Drop has_dacl_protect,
	has_broken_if_oper_status, has_process_io_counters,
	has_terminal_services, has_extended_priority_class, has_guid_volumes,
	has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse flags
	and methods.
	* winlean.h (GetWindowsDirectoryW) Define as GetSystemWindowsDirectoryW.
	(GetWindowsDirectoryA): Define as GetSystemWindowsDirectoryA.
2011-04-04 12:23:36 +00:00
Corinna Vinschen e7b5eaaac9 * security.cc: Fix copyright dates. 2011-03-08 15:12:58 +00:00
Corinna Vinschen 69d7815eae * fhandler.cc (fhandler_base::open): When creating a file on a
filesystem supporting ACLs, create the file with WRITE_DAC access.
	Explain why.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Ditto for
	directories.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for sockets.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Always call GetSecurityInfo for directories
	on XP and Server 2003.  Improve comment to explain why.
	(set_file_attribute): Explicitely cast mode_t value to bool in call to
	get_file_sd.
	* wincap.h (wincaps::use_get_sec_info_on_dirs): New element.
	* wincap.cc: Implement above element throughout.
2011-03-08 14:26:15 +00:00
Corinna Vinschen 9296807af3 * security.cc (alloc_sd): Really fix erroneous inheritence entry
duplication now.  Add more comments for clarity.
2010-12-16 10:31:09 +00:00
Corinna Vinschen 38042584f3 * security.cc (alloc_sd): Fix erroneous inheritence entry duplication. 2010-12-15 13:56:32 +00:00
Corinna Vinschen 3498f76deb * errno.cc (errmap): Map ERROR_BAD_NET_RESP to ENOSYS.
* fhandler_disk_file.cc (fhandler_disk_file::facl): Handle ENOSYS and
	point to  the explanation.
	* ntdll.h (STATUS_NOT_IMPLEMENTED): Define.
	* path.cc (symlink_info::check): Handle the inability of NT4 to use
	FileNetworkOpenInformation on share root dirs in either direction.
	* path.h (slash_unc_prefix_p): Remove unused declaration.
	* security.cc (get_info_from_sd): Handle ENOSYS from get_file_sd.
	Explain when this happens.
2010-09-24 12:41:33 +00:00
Corinna Vinschen 4e8f539f15 * flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
instead of ACL_DEFAULT_SIZE.
	* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
	* security.h (ACL_DEFAULT_SIZE): Drop definition.
	(ACL_MAXIMUM_SIZE): Define.
	(SD_MAXIMUM_SIZE): Define.
	* security.cc (get_file_sd): Allocate security_decscriptor with size
	SD_MAXIMUM_SIZE.
	(alloc_sd): Use TLS buffer to allow maximum ACL size.
2010-09-10 14:53:44 +00:00
Corinna Vinschen 67a9307898 * security.cc (get_file_sd): Add bool parameter justcreated. Use
GetSecurityInfo only if justcreated is true, NtQuerySecurityObject
	otherwise.  Add comment to explain why.  Don't waste time to call
	NtQuerySecurityObject twice, just allocate big enough area.
	(get_file_attribute): Call get_file_sd with justcreated set to false.
	(set_file_attribute): Call get_file_sd with justcreated depending on
	S_JUSTCREATED pseudo file attribute.
	(check_file_access): Call get_file_sd with justcreated set to false.
	* sec_acl.cc (setacl): Ditto.
	(getacl): Ditto.
	* security.h: Convert many functions to regparm functions.
	(get_file_sd): Declare with extra bool parameter.
2010-09-10 09:32:13 +00:00
Corinna Vinschen c7b24005e6 * sec_acl.cc (setacl): Use the long time unused ACL_DEFAULT_SIZE
instead of a constant value.
	* security.cc (alloc_sd): Ditto.
2010-06-22 09:54:36 +00:00
Corinna Vinschen cc01c77f7e * autoload.cc (GetNamedPipeClientProcessId): Define.
* fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private.
	(fhandler_tty_slave::fch_close_handles): Ditto.
	(fhandler_tty_slave::cygserver_attach_tty): Drop declaration.
	(fhandler_tty_slave::fstat): Declare public.
	(fhandler_tty_slave::fchmod): Declare public.
	(fhandler_tty_slave::fchown): Declare public.
	(class fhandler_pty_master): Add master_ctl handle.
	(fhandler_pty_master::pty_master_thread): Declare public.
	* fhandler_termios.cc (fhandler_termios::tcinit): If the process
	is started from a non-Cygwin process, make it tty process group
	leader.
	* fhandler_tty.cc: Throughout accommodate additional security related
	arguments in calls to functions creating or opening objects.
	(close_maybe): Move to start of file to reuse it
	in other methods.
	(struct pipe_request): Define.
	(struct pipe_reply): Define.
	(fhandler_tty_slave::open): Throughout, try to open synchronization
	objects with MAXIMUM_ALLOWED permissions.  Drop call to cygserver.
	Try to duplicate pipe handles via master_ctl pipe if duplicating
	directly doesn't work.
	(fhandler_tty_slave::cygserver_attach_tty): Remove.
	(fhandler_tty_slave::init): Close unused incoming pipe handle.
	(fhandler_pty_master::close): Send exit message to master control
	thread and close master_ctl handle.
	(fhandler_pty_master::pty_master_thread): New method, implementing the
	master control thread.
	(pty_master_thread): Static helper to start master control thread.
	(fhandler_pty_master::setup): Simplify creating pipe inheritance.
	Make sure we're the one creating the input_available_event.  Add
	comment to explain why.  Create master_ctl pipe and start master
	control thread.  Close master_ctl handle in case of error.
	* security.cc (alloc_sd): Add code to handle tty objects.  Add comments
	to explain what exactly is required.
	(get_object_sd): New function.
	(get_object_attribute): New function.
	(create_object_sd_from_attribute): New function.
	(set_object_sd): New function.
	(set_object_attribute): New function.
	(set_file_attribute): Change attribute type to mode_t.
	* security.h (set_file_attribute): Change attribute type to mode_t.
	(get_object_sd): Declare.
	(get_object_attribute): Declare.
	(create_object_sd_from_attribute): Declare.
	(set_object_sd): Declare.
	(set_object_attribute): Declare.
	* tty.cc (tty::slave_alive): Implement directly instead of via alive.
	(tty::exists): Open mutex handle with READ_CONTROL access.
	(tty::alive): Remove.
	(tty::open_output_mutex): Convert to inline method.
	(tty::open_input_mutex): Ditto.
	(tty::open_mutex): Take additional ACCESS_MASK parameter for the
	mutex open access mask.
	(tty::open_inuse): New method.
	(tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter.  Drop fmt
	name parameter.  Always create TTY_SLAVE_ALIVE event.
	(tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for
	CreateEvent.
	* tty.h (class tty): Change declarations according to aforementioned
	changes.
	(tty::open_output_mutex): Implement as inline method.
	(tty::open_input_mutex): Ditto.
2010-04-19 19:52:43 +00:00
Pierre Humblet a90dc29d18 2010-02-26 Pierre Humblet <Pierre.Humblet@ieee.org>
* security.cc (check_access): Use user.imp_token if appropriate.
        Set errno and return if DuplicateTokenEx fails .
2010-02-26 14:51:59 +00:00
Corinna Vinschen 18f7c50401 * security.cc (alloc_sd): Re-introduce setting the SE_DACL_PROTECTED
flag.  Remove INHERITED_ACE flag from all inherited ACEs.  Add comment.
	Fix ace_off counter in unrelated ACE loop.
	* wincap.cc: Re-add has_dacl_protect throughout.
	* wincap.h: Ditto.
2009-11-03 09:31:45 +00:00
Corinna Vinschen 1bb3825949 * security.cc (alloc_sd): Re-enable generating default permission
entries for directories.
2009-11-02 20:50:15 +00:00
Corinna Vinschen b42441d32b * sec_helper.cc (security_descriptor::free): If sd_size is 0, call
LocalFree instead of ::free.

	* sec_acl.cc: Throughout replace old ACE flag definitions with current
	definitions as used in MSDN man pages.
	* security.cc: Ditto.

	* fhandler.cc (fhandler_base::open): Make sure file has really been
	just created before fixing file permissions.  Add S_JUSTCREATED
	attribute to set_file_attribute call.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
	with default security descriptor and fix descriptor afterwards.
	Add S_JUSTCREATED flag to set_file_attribute call.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Call GetSecurityInfo rather than
	NtQuerySecurityObject.  Explain why.  Change error handling accordingly.
	(alloc_sd): Skip non-inherited, non-standard entries in ACL if
	S_JUSTCREATED attribute is set.  Explain why.  Minor format fixes.
	* security.h (S_JUSTCREATED): New define.
	(security_descriptor::operator=): New operator.
2009-10-30 19:58:53 +00:00
Corinna Vinschen 1647bf67c1 * fhandler.cc (fhandler_base::open): Always create file with default
security descriptor and fix descriptor afterwards.  Change comment to
	explain why.
	* security.cc (alloc_sd): Drop setting the SE_DACL_PROTECTED flag.
	* wincap.cc: Remove has_dacl_protect throughout.
	* wincap.h: Ditto.
2009-10-24 08:26:01 +00:00
Eric Blake 3dbe243afa Fix faccessat(,0) and access() semantics.
* fhandler.h (fhandler_base::fhaccess): Add parameter.
* security.h (check_file_access, check_registry_access): Likewise.
* security.cc (check_file_access, check_registry_access)
(check_access): Implement new parameter.
* fhandler.cc (fhandler_base::fhaccess): Likewise.
(device_access_denied): Update caller.
* syscalls.cc (access, faccessat): Update callers.
* spawn.cc (find_exec, fixup): Likewise.
2009-09-25 13:44:45 +00:00
Corinna Vinschen 9d86c13dbb * security.cc (set_file_sd): Drop using FILE_OPEN_FOR_RECOVERY flag in
call to NtOpenFile.
	* exceptions.cc (open_stackdumpfile): Ditto in call to NtCreateFile.
	* fhandler.cc (fhandler_base::open): Ditto.  Simplify setting
	create_options.

	* mount.cc (fs_info::update): Recognize offline storage.
	(fillout_mntent): Report UDF and offline storage.
	* mount.h (class fs_info): Add is_csc_cache status flag.
2009-05-04 09:16:42 +00:00
Corinna Vinschen 2d647173bb * fhandler_disk_file.cc (fhandler_disk_file::fchown): Catch an
error when changing the user account on a standalone Samba server.
	Explain why.
	* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
	* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
	(well_known_samba_unix_user_fake_sid): Define.
	* security.cc (set_file_sd): Take additional parameter if ownership
	should be changed.  Restrict requested permissions accordingly.
	(set_file_attribute): Accommodate additional parameter to set_file_sd.
	* security.h (well_known_samba_unix_user_fake_sid): Declare.
	(set_file_sd): Align declaration to above change.
2009-04-09 09:19:03 +00:00
Corinna Vinschen 29e22d07d6 * security.cc (alloc_sd): Disable generating default permission entries
for directories.
2009-02-04 15:26:22 +00:00
Corinna Vinschen 5f9ca0d25a * sec_acl.cc (setacl): Align standard owner and group permissions
with alloc_sd.  Strip FILE_READ_ATTRIBUTES fromn setting
	FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
	* security.cc (alloc_sd): Reformat expression.  Strip EA permission
	bits from owner_deny and group_deny computation.
2008-10-13 16:01:50 +00:00
Corinna Vinschen ec8a7e416f * fhandler_disk_file.cc (fhandler_disk_file::mkdir): Drop fattr variable
and use FILE_ATTRIBUTE_DIRECTORY directly in call to NtCreateFile.
	* posix_ipc.cc (ipc_mutex_init): Fix format string when creating IPC
	object name.
	(ipc_cond_init): Ditto.
	* security.cc (alloc_sd): Add parentheses to fix setting initial
	owner_allow value.
2008-08-19 09:46:31 +00:00
Corinna Vinschen 88797e5979 * external.cc (cygwin_internal): Call set_security_attribute with
additional path_conv argument.
	* fhandler.cc (fhandler_base::open): Ditto.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
	R/O attribute when using ACLs.
	(fhandler_disk_file::mkdir): Ditto.  Set
	security descriptor on remote dirs after creating the dir, same as in
	fhandler_base::open.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto. for remote symlinks.
	* security.cc (alloc_sd): Take additional path_conv argument.
	Accommodate throughout.  Drop setting FILE_WRITE_EA/FILE_READ_EA
	flags unconditionally (was only necessary for "ntea"). Don't set
	FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
	Samba.  Add comment to explain.  Drop useless setting of
	STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
	Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
	to enforce read permissions on Samba.
	(set_security_attribute): Take additional path_conv argument.
	* security.h (set_security_attribute): Change prototype accordingly.
2008-08-14 14:05:04 +00:00
Corinna Vinschen e2406d71aa Throughout drop allow_ntsec and allow_smbntsec handling.
* environ.cc (set_ntsec): Remove.
	(set_smbntsec): Remove.
	(known): Remove ntsec and smbntsec options.
	* external.cc (check_ntsec): Return true if no filename is given.
	* mount.cc (oopts): Add "acl" and "noacl" options.  Set MOUNT_NOACL
	flag accordingly.
	(fillout_mntent): Handle MOUNT_NOACL flag.
	* path.h (enum path_types): Add PATH_NOACL.
	* security.cc (allow_ntsec): Remove.
	(allow_smbntsec): Remove.
	* security.h (allow_ntsec): Drop declaration.
	(allow_smbntsec): Drop declaration.
	* include/sys/mount.h (MOUNT_NOACL): Define.
2008-07-14 20:22:03 +00:00
Christopher Faylor 70300fdb1c Perform whitespace cleanup throughout.
* dcrt0.cc (signal_shift_subtract): Eliminate ancient backwards compatibility.
(check_sanity_and_sync): Ditto.
* winsup.h (SIGTOMASK): Ditto.  Just use constant in signal calculation.
* include/cygwin/version: Remove backwards signal mask compatibility define.
* path.cc (symlink_info::check_sysfile): Cosmetic change.
* registry.cc (get_registry_hive_path): Remove unneeded variable.
* exceptions.cc (handle_sigsuspend): Eliminate thread signal mask and use
either main sigmask or current thread sigmask.
(set_process_mask): Ditto.
(sighold): Ditto.
(sigrelse): Ditto.
(sigset): Ditto.
(set_process_mask_delta): Ditto.
(_cygtls::call_signal_handler): Ditto.
* fhandler_process.cc (format_process_status): Ditto.
* fhandler_termios.cc (fhandler_termios::bg_check): Ditto.
* pinfo.h (class pinfo): Ditto.
* select.cc (pselect): Ditto.
* signal.cc (sigprocmask): Ditto.
(abort): Ditto.
(sigpause): Ditto.
(sigsend): Ditto.
(wait_sig): Ditto.
* thread.h (pthread::parent_tls): New member.
* thread.cc (pthread::pthread): Record parent_tls here.
(pthread::thread_init_wrapper): Initialize sigmask from parent thread.
2008-02-15 17:53:11 +00:00
Corinna Vinschen d81b646dc3 * security.cc (set_file_sd): Open file with FILE_OPEN_FOR_BACKUP_INTENT
too.
2007-09-18 14:36:29 +00:00
Corinna Vinschen 29fec364c0 * dir.cc (readdir_worker): Convert w32name to PUNICODE_STRING.
* sec_acl.cc (getacl): Convert debug output to print native NT path.
	* security.cc (set_file_attribute): Ditto.
	* syscalls.cc (try_to_bin): Ditto and fix buggy debug statement.
2007-08-16 14:46:23 +00:00
Corinna Vinschen 378692ee42 * fhandler_disk_file.cc (fhandler_disk_file::facl): If file can't be
opened for reading the ACLs, fall back to faking them.
	* sec_acl.cc (acl_worker): Handle non-existing files.
	* security.cc (get_file_attribute): Return ILLEGAL_UID/ILLEGAL_GID
	as owner/group for non-readable ACLs on file systems supporting them.
2007-07-30 10:58:16 +00:00
Corinna Vinschen eea4e48208 * fhandler.cc (fhandler_base::fhaccess): Accommodate interface changes
of access control functions throughout.
	* fhandler_disk_file.cc: Ditto.
	* fhandler_registry.cc: Ditto.
	* sec_acl.cc: Drop unnecessary includes.
	(setacl): Take path_conv instead of file name as parameter.
	Accommodate interface changes of access control functions.
	(getacl): Ditto.
	* sec_auth.cc: New file, taking over all authentication related
	functions from security.cc.
	* sec_helper.cc: Drop unnecessary includes.
	* security.cc: Ditto.  Move all authentication related functions to
	sec_auth.cc.
	(ALL_SECURITY_INFORMATION): New define.  Use throughout.
	(set_file_sd): New function, replacing read_sd and the file related
	part of get_nt_object_security.
	(get_reg_sd): Rename from get_reg_security.  Drop type parameter.
	(get_reg_attribute): New function, replacing the registry related part
	of get_nt_object_security.
	(get_file_attribute): Take path_conv instead of file name as parameter.
	Use new get_file_sd call.
	(set_file_attribute): Ditto plus new set_file_sd.  Drop unnecessary
	implementation without uid/gid parameters.
	(check_file_access): Take path_conv instead of file name as parameter.
	Use new get_file_sd call.
	(check_registry_access): Use new get_reg_sd call.
	* security.h: Accommodate above interface changes.
2007-07-20 14:29:43 +00:00
Corinna Vinschen f36b37ed6e * security.cc (set_nt_attribute): Remove.
(set_file_attribute): Do it yourself instead of calling
	set_nt_attribute.
2007-07-19 17:42:11 +00:00
Corinna Vinschen 63a87c815a * autoload.cc (SetSecurityDescriptorControl): Drop.
* security.cc (alloc_sd): Set security descriptor control flag without
	calling SetSecurityDescriptorControl function.
	* wincap.h (wincapc::has_dacl_protect): Rename from
	has_security_descriptor_control.
	* wincap.cc: Ditto throughout.
2007-07-19 09:06:54 +00:00
Corinna Vinschen cce28460fe * cygheap.h (init_cygheap::luid): Remove.
* mmap.cc (mlock): Accommodate parameter change in call to
	push_thread_privilege.
	(munlock): Ditto.
	* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
	(NtAdjustPrivilegesToken): Declare.
	* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
	(privilege_luid): Take job of privilege_luid_by_name, using new
	cygpriv.
	(privilege_luid_by_name): Remove.
	(privilege_name): Accommodate new cygpriv array.
	(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
	Accommodate changes to privilege_name.
	(set_cygwin_privileges): Simplify.  Don't try to set
	SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
	* security.cc (sys_privs): Reorder to match numerical privilege order.
	Use real privilege values as defined in security.h.
	(get_system_priv_list): Drop unused grp_list argument.  Create
	list of privileges according to new wincapc::max_sys_priv value.
	(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
	Make priv a local value instead of a pointer.
	(create_token): Accommodate parameter change in call to
	push_self_privilege.
	(lsaauth): Ditto.
	(check_access): Use privilege values directly instead of calling
	privilege_luid.
	* security.h: Define real privilege values.
	(cygpriv_idx): Remove.
	(privilege_luid): Change declaration.
	(privilege_luid_by_name): Drop declaration.
	(set_privilege): Change declaration.
	(set_process_privilege): Drop definition.
	(_push_thread_privilege): Accomodate new set_privilege parameters.
	* wincap.h (wincapc::max_sys_priv): New element.
	* wincap.cc: Implement above element throughout.
	(wincap_2000sp4): New wincaps structure.
	(wincap_xpsp1): Ditto.
	(wincap_xpsp2): Ditto.
	(wincapc::init): Use new wincaps.
	(wincapc::max_sys_priv): New element.
2007-07-19 08:33:22 +00:00
Corinna Vinschen 52a6e6d8c7 * fhandler.cc (fhandler_base::fhaccess): Add check for R/O file system.
* security.cc (check_registry_access): Set errno to EROFS when checking
	for W_OK.
2007-07-17 14:39:02 +00:00
Corinna Vinschen 77ee880504 * cygheap.h (cygheap_user::curr_imp_token): Rename from current_token.
Accommodate changge throughout Cygwin.
	(cygheap_user::imp_token): Rename from token.  Accommodate changge
	throughout Cygwin.
	(rcygheap_user::eimpersonate): Use primary token for impersonation.
	* grp.cc (internal_getgroups): Use primary impersonation token when
	impersonated.
	* security.h (_push_thread_privilege): Use primary impersonation token
	when impersonated.
2007-07-16 20:01:15 +00:00
Corinna Vinschen 3532877889 * security.cc (get_file_attribute): Avoid compiler warning. 2007-03-02 19:54:20 +00:00