Commit Graph

291 Commits

Author SHA1 Message Date
Corinna Vinschen 5c4ce731ac Cygwin: Revert attempting to unload user profile after use
Revert "Cywin: user profile: unload impersonation user profile on exit"
Revert "Cygwin: seteuid: allow inheriting impersonation user profile handle"
Revert "Cygwin: user profile: add debug output to unload_user_profile"
Revert "Cygwin: user profile: Make an effort to unload unused user profiles"

This reverts commit bcb33dc4f0.
This reverts commit dd3730ed9c.
This reverts commit 8eee25241e.
This reverts commit 71b8777a71.

This patchset actually results in the following problem:

- After a couple of ssh logon/logoff attempts, an interactive session
  of the same user loging in, is broken.

Apparently UnloadUserProfile manages to unload the user's profile
even while a parallel interactive session still uses the user's
profile.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-04 17:31:27 +01:00
Corinna Vinschen 71b8777a71 Cygwin: user profile: Make an effort to unload unused user profiles
Does this work?  There's not much feedback given.

TODO: We might want to try unloading the user profile at process
exit as well, FWIW.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:30:44 +01:00
Corinna Vinschen 18c203fb6e Cygwin: passwd/group: drop fetching case-correct group names from LDAP
Commit 4e34a39b5c made sure all user and
group names are case-correct, but it introduced a hefty performance hit
on starting the first Cygwin process.

Adding an ldap call for each AD group in a user token takes its toll in
bigger AD environments with lots of groups in a user token.  Real-life
example: 300 groups w/ roundtrip time to the LDAP server of 0.25 secs
per call...

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 9883959f08 Revert "Cygwin: passwd/group: allow specifying "." as local computername"
This reverts commit 7c34811440.

This potentially allows to circumvent OpenSSHs user/group name matching,
unless the Admin knows to add every local user twice or to use patterns,
e.g.:

  Match user MACHINE+user,.+user
  Match user *+user

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 10:38:08 +01:00
Corinna Vinschen 7c34811440 Cygwin: passwd/group: allow specifying "." as local computername
Convenience only.  The resulting passwd/group antry is still
fully qualified.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-16 18:36:21 +01:00
Corinna Vinschen 4e34a39b5c Cygwin: passwd/group: store account name case correct, take 2
The solution from commit  9a3cc77b2a
didn't work for foreign domain accounts.  Rather than calling
LookupAccountSid we now use the info when we fetch it anyway
via LDAP or Net*GetInfo.  Only in case of domain groups we have
to add an LDAP call explicitly.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 13:16:15 +01:00
Corinna Vinschen 09bbcf8788 Cygwin: passwd/group: rename get_group_name to get_account_name
The function is the same for user and grou accounts.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 12:42:56 +01:00
Corinna Vinschen 507982af79 Cygwin: passwd/group: raise local name buffer size
Make sure a domain+username fits into the local name buffer.
The former buffer size didn't take adding a domain name to
a really_really_long_user_name into account.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 12:41:55 +01:00
Corinna Vinschen 9a3cc77b2a Cygwin: passwd/group: store account name case correct
When looking up valid accounts by name, LookupAccountName returns
a SID and a case-correct domain name.  However, the name was input
and LookupAccountName is case-insensitive, so the name is not
necessarily written the same way as in SAM or AD.

Fix that by doing a reverse lookup on the just fetched SID.  This
fetches the account name in the correct case.  Override the
incoming name with the case correct name from LookupAccountSid.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 11:13:28 +01:00
Corinna Vinschen 43fa1aafa6 Cygwin: uinfo.cc: fix formatting
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 11:10:41 +01:00
Corinna Vinschen ef8ce3077f Cygwin: fork: fix child process permissions, take 2
VirtualQueryEx, called by fixup_mmaps_after_fork, requires
PROCESS_QUERY_INFORMATION permissions per MSDN.  However, testing
shows that PROCESS_QUERY_LIMITED_INFORMATION is sufficient when
running the same code on Windows 8.1 or Windows 10.  Fix the code
to give the forked child always PROCESS_QUERY_INFORMATION perms
on Windows Vista/7 and respective server releases.

Revert now unneeded patch to check_token_membership as well.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-30 12:18:03 +01:00
Corinna Vinschen 5a0f2c00aa Cygwin: fork/exec: fix child process permissions
- Exec'ed/spawned processes don't need PROCESS_DUP_HANDLE.  Remove that
  permission from the parent handle.

- PROCESS_QUERY_LIMITED_INFORMATION doesn't work for Windows 7 if the
  process is started as a service.  Add PROCESS_QUERY_INFORMATION for
  pre-Windows 8 in that case.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-29 17:59:23 +01:00
Corinna Vinschen 866901441b Cygwin: cygheap: convert installation paths to UNICODE_STRINGS
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-12-25 01:06:34 +01:00
Corinna Vinschen 03cd2c4efa Cygwin: Accommodate logon sessions on Windows 10
Starting with Windows 10, LookupAccountSid/Name return valid
info for the login session with new SID_NAME_USE value
SidTypeLogonSession.  To return the same info as on pre-Windows 10,
we have to handle this type.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-08-28 11:28:28 +02:00
Corinna Vinschen 3aba266aa9 Cygwin: drop workaround for missing USER_INFO_24 definition
Recent mingw64 provide USER_INFO_24

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-08-28 11:24:59 +02:00
Corinna Vinschen 33b8c406dc Cygwin: Add name->SID conversion for self-constructed names
...as far as it makes sense.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-08-27 18:28:33 +02:00
Corinna Vinschen 859d215b7e Cygwin: split out fhandler_socket into inet and local classes
First cut, still incomplete

* fhandler_socket is now base class for other socket classes
* fhandler_socket_inet handles AF_INET and AF_INET6 sockets
* fhandler_socket_local handles AF_LOCAL/AF_UNIX sockets
* finally get rid of fdsock by using set_socket_handle in accept4
* align file-related calls (fstat,  fstatvfs, fchown, fchmod, facl)
  to Linux.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-02-21 21:40:01 +01:00
Corinna Vinschen 76f06705be cygwin: convert most #ifndef __x86_64__ to #ifdef __i386__
Address the real offender

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-27 14:36:06 +01:00
Corinna Vinschen eb61113daf Workaround AzureAD shortcomings
No real domain, no DC, no infos via NetUserGetInfo... nothing.  Just nothing.

Use fixed uid 0x1000 (4096) for AzureAD user and gid 0x1001 (4097) for
AzureAD group.  Note that this group is part of the user token, but it's
not the primary group.  The primary group SID is, unfortunately, the
user's SID.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-08-18 10:27:28 +02:00
Corinna Vinschen 25cb82a55e Change "nodomain+nobody" to "no+body"
Per https://cygwin.com/ml/cygwin-apps/2016-07/msg00059.html

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-07-22 09:41:23 +02:00
Corinna Vinschen 1a988fc6ba Handle WinFSP nobody account
Per discussion started at
https://cygwin.com/ml/cygwin/2016-06/msg00347.html

S-1-0-65534 == uid/gid 65534 == nodomain+nobody

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-07-19 11:14:50 +02:00
Corinna Vinschen bb0fc7a2c0 cygheap_domain_info::init: Fix comment 2016-06-24 23:21:48 +02:00
Corinna Vinschen 6e623e9320 Switching the Cygwin DLL to LGPLv3+, dropping commercial buyout option
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.

Everything else stays under GPLv3+.

New Linking Exception exempts resulting executables from LGPLv3 section 4.

Add CONTRIBUTORS file to keep track of licensing.

Remove 'Copyright Red Hat Inc' comments.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-23 10:09:17 +02:00
Corinna Vinschen 747b3f44e3 uinfo.cc: More comment fixes, remove unused testing code.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-15 19:48:43 +02:00
Corinna Vinschen 5881f0c0c8 uinfo.cc: Fix comment
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-15 18:04:00 +02:00
Corinna Vinschen 59b3bd2aa6 Only allow enabled groups as primary group
So far any group in the user's token could be used as primary group.
Windows doesn't check if the primary group is enabled or not, it just
has no meaning.  From a POSIXy point of view it can lead to weird
results though.

	* uinfo.cc (check_token_membership): New static function.
	(internal_getlogin): Only allow enabled groups as primary group.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-23 17:51:03 +01:00
Corinna Vinschen fc504453fd Use 64K buffers for TOKEN_GROUPS
A user token can be up to 64K in size.  Using 32K buffers for TOKEN_GROUPS
may be insufficient.

	* uinfo.cc (get_logon_sid): Use 64K buffers for the TOKEN_GROUPS
	array.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-23 17:42:04 +01:00
Corinna Vinschen 018fa93e2b Add cygsid methods to create SIDs from scratch
So far creating cygsids requires to generate an "S-1-..." string
which is then converted to a SID by cygsid::getfromstr.

Add two new methods:

- cygsid::create (DWORD auth, DWORD subauth_count, ...)

    ... is a variable length list of subauth_count DWORD values being
    the actual subauths.

- cygsid::append (DWORD rid)

    allows to append a single RID to an alreaday constituted SID.

	* security.h (cygsid::create): Declare public.
	(cygsid::append): Ditto.
	* sec_helper.cc (cygsid::create): Implement.
	(cygsid::append): Implement.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Use both new
	methods as appropriate.  Drop setting csid from string.  Create
	SID strings for printing SIDs only.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-12 16:39:19 +01:00
Corinna Vinschen e7414a317a Only generate BUILTIN SIDs for uid/gid values <= 999
* uinfo.cc (pwdgrp::fetch_account_from_windows): Only create 1-5-32-x
	SIDs from ids for x <= 999.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-29 21:21:35 +01:00
Corinna Vinschen ef75017378 Fix length returned from sys_cp_wcstombs in case nwc > # of wchars
* strfuncs.cc (sys_cp_wcstombs): Always return number of multibytes
	without trailing NUL as the documentation implies.  Throughout Cygwin,
	fix usage to align to this pattern.
	* fhandler_process.cc (format_process_winexename): Drop trailing NUL
	and LF from output.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-10-22 14:22:07 +02:00
Corinna Vinschen 1641a85e8f Revert to leaving $HOME alone
* uinfo.cc (cygheap_user::ontherange): Revert previous patch.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-08-10 12:00:12 +02:00
Corinna Vinschen 1e80973f28 Ignore non-absolute $HOME when started from native process
* uinfo.cc (cygheap_user::ontherange): Ignore $HOME if it's not
	starting with a slash (aka, absolute POSIX Path).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-07-23 17:42:07 +02:00
Corinna Vinschen 5dc398f1d9 Fix broken SID in passwd/group entry for unkown account
* uinfo.cc (pwdgrp::fetch_account_from_windows): Always revert SID
        subauth count after checking for known domain.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 22:01:53 +02:00
Corinna Vinschen f0b38a8af6 Don't allow fully qualified Windows account names.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Don't allow fully
	qualified Windows account names (domain\user or user@domain).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 21:57:09 +02:00
Corinna Vinschen d4f8c94a9b Try best to handle user from domain not in trusted domain list.
* cygheap.h (cygheap_domain_info::add_domain): Add prototype.
	* uinfo.cc (cygheap_domain_info::add_domain): New method.
	(pwdgrp::fetch_account_from_windows): Try to add domain explicitely
	if it was not in the original list of trusted domains and go ahead
	rather than bailing out.  Add comment to explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-23 21:57:07 +02:00
Corinna Vinschen 6f93f1d6a5
Drop unused timeoput paramter to internal_getlogin
* grp.cc (internal_getgroups): Drop unused timeout parameter.
	* pwdgrp.h (internal_getgroups): Ditto in prototype.
	* uinfo.cc (internal_getlogin): Ditto in usage.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-17 15:42:59 +01:00
Corinna Vinschen 146200310f * uinfo.cc (pwdgrp::add_line): Return NULL if parsing a line failed.
(pwdgrp::add_account_post_fetch): Check return value from add_line and
	return NULL if add_line returns NULL.
2015-02-28 12:12:34 +00:00
Corinna Vinschen 211cb4df18 * uinfo.cc (pwdgrp::fetch_account_from_windows): Drop redundant test
for SidTypeUser.
2015-02-27 14:03:29 +00:00
Corinna Vinschen 06371539bd * sec_acl.cc (setacl): Fix bug which leads to ACE duplication in
case owner SID == group SID.
	(getacl): Reverse order of SID test against group or owner sid to
	prefer owner attributes over group attributes.  Disable setting group
	permissions equivalent to owner permissions if owner == group.  Add
	comment to explain why.  Fix indentation.
	* security.cc (get_attribute_from_acl): Change type of local variables
	containing permission to mode_t.  Apply deny mask to group if group SID
	== owner SID to avoid Everyone permissions to spill over into group
	permissions.  Disable setting group permissions equivalent to owner
	permissions if owner == group.  Add comment to explain why.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Allow user SID as
	group account if user is a "Microsoft Account".  Explain why.  Drop
	workaround enforcing primary group "Users" for "Microsoft Accounts".
2015-02-27 12:59:09 +00:00
Corinna Vinschen bc3116147b * uinfo.cc (client_request_pwdgrp::client_request_pwdgrp): Add missing
break in switch statement.
2015-02-25 08:44:54 +00:00
Corinna Vinschen ad8d295e7c * ldap.h: Remove index macros.
(class cyg_ldap): Remove members srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Remove private method taking index
	argument.
	(cyg_ldap::get_num_attribute): Ditto.  Add method taking attribute name.
	(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
	(cyg_ldap::get_unix_uid): Ditto.
	(cyg_ldap::get_unix_gid): Ditto.
	* ldap.cc: Throughout, use msg and entry in place of srch_msg and
	srch_entry.
	(std_user_attr): Add sAMAccountName and objectSid.
	(group_attr): Ditto.
	(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
	(cyg_ldap::get_string_attribute): Move earlier in file.
	(cyg_ldap::get_num_attribute): Ditto.
	(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
	Use group_attr or user_attr rather than sid_attr to fetch all desired
	attributes for an account right away.
	(cyg_ldap::next_account): Store found SID in last_fetched_sid to
	skip calls to fetch_ad_account from fetch_account_from_windows.
	(cyg_ldap::get_string_attribute): Remove method taking index argument.
	(cyg_ldap::get_num_attribute): Ditto.
	* pwdgrp.h (class pg_ent): Fix formatting.  Add member dom.
	* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
	in dom.  Construct fetch_acc_t argument from LDAP attributes and
	call fetch_account_from_windows with that.
	* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
	FULL_acc_arg.  Change throughout.
	(struct fetch_acc_t): Rename from fetch_full_grp_t.  Change throughout.
	(struct fetch_user_arg_t): Rename full_grp to full_acc.  Change
	throughout.
2015-02-24 20:52:57 +00:00
Corinna Vinschen bef55bb5c3 * autoload.cc (LsaLookupSids): Import.
* cygserver_pwdgrp.h: Include userinfo.h.  Drop workaround defining
	fetch_user_arg_type_t locally.
	* grp.cc (internal_getgrsid_cachedonly): New function.
	(internal_getgrfull): Ditto.
	(internal_getgroups): Rearrange function.  Center around fetching all
	cached group info first, calling LsaLookupSids on all so far non-cached
	groups second.  Pass all available info to new internal_getgrfull call.
	* pwdgrp.h: Include userinfo.h.  Move definitions of
	fetch_user_arg_type_t and fetch_user_arg_t there.
	(pwdgrp::add_group_from_windows): Declare with getting full group info.
	Called from internal_getgrfull.
	* uinfo.cc (pwdgrp::add_group_from_windows): Define.
	(pwdgrp::fetch_account_from_line): Add default case.
	(pwdgrp::fetch_account_from_file): Ditto.
	(pwdgrp::fetch_account_from_windows): Handle FULL_grp_arg.
	(client_request_pwdgrp::client_request_pwdgrp): Add default case.
	* userinfo.h: New header.
	(enum fetch_user_arg_type_t): Add FULL_grp_arg.
	(struct fetch_full_grp_t): New datatype.
2015-02-23 20:51:12 +00:00
Corinna Vinschen d6f62a1178 * grp.cc (internal_getgroups): Take additional timeout_ns parameter.
Restrict fetching group account entries from user token groups by
	timeout_ns 100ns-intervals.  Add preceding comment to explain why.
	* pwdgrp.h (internal_getgroups): Align prototype.
	* times.cc (GetTickCount_ns): New function.
	* uinfo.cc (internal_getlogin): Call internal_getgroups wih 300ms
	timeout.
	* winsup.h (GetTickCount_ns): Declare.
2015-02-20 15:13:46 +00:00
Corinna Vinschen b49934db7f * cygheap.h (cygheap_pwdgrp::get_home): Add dnsdomain parameter to
declaration in ldap-related method.
	(cygheap_pwdgrp::get_shell): Ditto.
	(cygheap_pwdgrp::get_gecos): Ditto.
	* ldap.cc (cyg_ldap::open): Use NO_ERROR instead of 0.
	(cyg_ldap::close): Reset last_fetched_sid.
	(cyg_ldap::fetch_ad_account): Return immediately if sid is the same as
	last_fetched_sid.  Open LDAP connection from here.  Move initialization
	of rdse after open call.  Set last_fetched_sid if LDAP call was
	successful.
	* ldap.h (class cyg_ldap): Add member last_fetched_sid.
	(cyg_ldap::cyg_ldap): Initialize last_fetched_sid.
	(cyg_ldap::is_open): New inline method.
	* uinfo.cc (cygheap_pwdgrp::init): Drop initialization of db_home,
	db_shell and db_gecos with "cygwin desc", thus only using the fallback
	by default.
	(fetch_windows_home): Add parameter dnsdomain.  Call
	cyg_ldap::fetch_ad_account if required.
	(fetch_from_path): Add parameter dnsdomain.  Call fetch_windows_home
	accordingly.
	(cygheap_pwdgrp::get_home): Accomodate call to fetch_windows_home.
	Add dnsdomain parameter in ldap-related method.  Call
	cyg_ldap::fetch_ad_account if required.
	(cygheap_pwdgrp::get_shell): Ditto.
	(cygheap_pwdgrp::get_gecos): Ditto.
	(pwdgrp::fetch_account_from_windows): Drop cyg_ldap::open call prior to
	cyg_ldap::fetch_ad_account call.  Set is_current_user to true if we're
	handling the current user account.  Make sure to perform the LDAP calls
	only for users, and only if required.
2015-02-12 16:55:38 +00:00
Corinna Vinschen 638dd243f2 * uinfo.cc (pwdgrp::fetch_account_from_windows): Allow fetching gid,
home, shell and gecos info from NT4 domain.
2015-01-21 20:40:33 +00:00
Corinna Vinschen 5e41539dfc * uinfo.cc (fetch_windows_home): Disable fetching from homeDrive or
usri3_home_dir_drive.  Add comment.
2015-01-14 11:13:23 +00:00
Corinna Vinschen f5a9dd02c4 * uinfo.cc (pwdgrp::fetch_account_from_windows): Drop code from
2014-11-17, always prepending domain to NT SERVICE accounts when
	searching by name.  Fix test expression to allow fully qualified
	names for NT SERVICE accounts.  Extend comment to explain a bit.
2015-01-13 09:06:53 +00:00
Corinna Vinschen fae48dd783 * cygheap.h (cygheap_pwdgrp::get_shell): Add sid to argument list.
(cygheap_pwdgrp::get_gecos): Ditto.
	* uinfo.cc (fetch_windows_home): Accept cyg_ldap and PUSER_INFO_3
	arguments, and fetch db home dir values right here.
	(fetch_from_path): Accept cyg_ldap, PUSER_INFO_3 pointers and sid
	arguments.  Add '%H' format specifier to fetch Windows home dir in
	POSIX notation.
	(cygheap_pwdgrp::get_home): Accommodate changes to fetch_windows_home
	and fetch_from_path.
	(cygheap_pwdgrp::get_shell): Ditto.
	(cygheap_pwdgrp::get_gecos): Ditto.
	(pwdgrp::fetch_account_from_windows): Accommodate sid argument to
	cygheap_pwdgrp::get_shell and cygheap_pwdgrp::get_gecos.
2015-01-08 17:08:47 +00:00
Corinna Vinschen 44cacc7f44 * uinfo.cc (fetch_windows_home): New function fetching Windows-compliant
home directory.  Include longish comment to explain what we're doing.
	(cygheap_pwdgrp::get_home): Take additional sid parameter.  In
	NSS_SCHEME_WINDOWS case, call fetch_windows_home to create home
	directory.
	(pwdgrp::fetch_account_from_windows): Call cygheap_pwdgrp::get_home
	with additional sid argument.
	* cygheap.h (cygheap_pwdgrp::get_home): Align declaration to above
	change.
2014-12-02 11:30:04 +00:00
Corinna Vinschen 4fe712cd80 * uinfo.cc (cygheap_user::ontherange): Fix order of fallbacks creating
HOMEDRIVE/HOMEPATH values to be Windows-compliant.  Add comments.
2014-12-02 11:26:22 +00:00