case owner SID == group SID.
(getacl): Reverse order of SID test against group or owner sid to
prefer owner attributes over group attributes. Disable setting group
permissions equivalent to owner permissions if owner == group. Add
comment to explain why. Fix indentation.
* security.cc (get_attribute_from_acl): Change type of local variables
containing permission to mode_t. Apply deny mask to group if group SID
== owner SID to avoid Everyone permissions to spill over into group
permissions. Disable setting group permissions equivalent to owner
permissions if owner == group. Add comment to explain why.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Allow user SID as
group account if user is a "Microsoft Account". Explain why. Drop
workaround enforcing primary group "Users" for "Microsoft Accounts".
cygwait should be in EINTR or in restart mode. Call signal handler
if in EINTR mode.
(mq_getattr): Call ipc_mutex_lock in restart mode.
(mq_setattr): Ditto.
(mq_notify): Ditto.
(_mq_send): Call ipc_mutex_lock in EINTR mode.
(_mq_receive): Ditto.
(class cyg_ldap): Remove members srch_msg and srch_entry.
(cyg_ldap::get_string_attribute): Remove private method taking index
argument.
(cyg_ldap::get_num_attribute): Ditto. Add method taking attribute name.
(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
(cyg_ldap::get_unix_uid): Ditto.
(cyg_ldap::get_unix_gid): Ditto.
* ldap.cc: Throughout, use msg and entry in place of srch_msg and
srch_entry.
(std_user_attr): Add sAMAccountName and objectSid.
(group_attr): Ditto.
(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
(cyg_ldap::get_string_attribute): Move earlier in file.
(cyg_ldap::get_num_attribute): Ditto.
(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
Use group_attr or user_attr rather than sid_attr to fetch all desired
attributes for an account right away.
(cyg_ldap::next_account): Store found SID in last_fetched_sid to
skip calls to fetch_ad_account from fetch_account_from_windows.
(cyg_ldap::get_string_attribute): Remove method taking index argument.
(cyg_ldap::get_num_attribute): Ditto.
* pwdgrp.h (class pg_ent): Fix formatting. Add member dom.
* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
in dom. Construct fetch_acc_t argument from LDAP attributes and
call fetch_account_from_windows with that.
* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
FULL_acc_arg. Change throughout.
(struct fetch_acc_t): Rename from fetch_full_grp_t. Change throughout.
(struct fetch_user_arg_t): Rename full_grp to full_acc. Change
throughout.
* fhandler.cc (fhandler_base::set_flags): Set was_nonblocking if the
O_NONBLOCK flag has been specified.
(fhandler_base_overlapped::close): Check for was_nonblocking instead
of for is_nonblocking. Explain why.
(fhandler_base::set_nonblocking): Set was_nonblocking if noblocking
mode gets enabled.
* cygserver_pwdgrp.h: Include userinfo.h. Drop workaround defining
fetch_user_arg_type_t locally.
* grp.cc (internal_getgrsid_cachedonly): New function.
(internal_getgrfull): Ditto.
(internal_getgroups): Rearrange function. Center around fetching all
cached group info first, calling LsaLookupSids on all so far non-cached
groups second. Pass all available info to new internal_getgrfull call.
* pwdgrp.h: Include userinfo.h. Move definitions of
fetch_user_arg_type_t and fetch_user_arg_t there.
(pwdgrp::add_group_from_windows): Declare with getting full group info.
Called from internal_getgrfull.
* uinfo.cc (pwdgrp::add_group_from_windows): Define.
(pwdgrp::fetch_account_from_line): Add default case.
(pwdgrp::fetch_account_from_file): Ditto.
(pwdgrp::fetch_account_from_windows): Handle FULL_grp_arg.
(client_request_pwdgrp::client_request_pwdgrp): Add default case.
* userinfo.h: New header.
(enum fetch_user_arg_type_t): Add FULL_grp_arg.
(struct fetch_full_grp_t): New datatype.
to explain the meaning of the possible values.
* cygwait.cc (is_cw_sig_restart): Define.
(is_cw_sig_handle): Check for cw_sig_restart as well.
(cygwait): Restart always if cw_sig_restart is set.
* thread.cc (pthread::join): Call cygwait with cw_sig_restart flag
to avoid having to handle signals at all.
* include/cygwin/stdlib.h (initstate, random, setstate, srandom):
Check if __XSI_VISIBLE is set by sys/cdefs.h, rather than testing
for _XOPEN_SOURCE directly, to work correctly when _GNU_SOURCE is
set.
(cyg_ldap::search_s): Add parameter scope. Use as LDAP search scope
instead of fixed LDAP_SCOPE_SUBTREE scope.
(ldap_search_thr): Call cyg_ldap::search_s with scope from argument.
(cyg_ldap::search): Add parameter scope and fill in to cyg_ldap_search.
(cyg_ldap::fetch_ad_account): Call search with LDAP_SCOPE_SUBTREE scope.
(cyg_ldap::fetch_posix_offset_for_domain): Call search with
LDAP_SCOPE_ONELEVEL scope.
(cyg_ldap::fetch_unix_sid_from_ad): Call search with LDAP_SCOPE_SUBTREE
scope.
(cyg_ldap::fetch_unix_name_from_rfc2307): Ditto.
* ldap.h (cyg_ldap::search): Align prototype to above change.
(cyg_ldap::search_s): Ditto.
throughout.
* ldap.cc (cyg_ldap::open): Fix debug output.
(cyg_ldap::fetch_ad_account): Rename rdse to base. Restrict LDAP
query to users and groups only.
(cyg_ldap::enumerate_ad_accounts): Rearrange filter expression for
user accounts.
(SYSTEM_CONTAINER): New macro.
(cyg_ldap::fetch_posix_offset_for_domain): Set base in LDAP search
to the "System" container in the default naming context to restrict
the search scope.
(cyg_ldap::fetch_unix_sid_from_ad): Add objectCategory=Person to
search filter for users.
suffix and make private. Rename normalized_path to posix_path and
make privtae. Accommodate name changes throughout in path_conv
methods.
(path_conv::known_suffix): New method. Use throughout instead of
accessing suffix directly.
(path_conv::get_win32): Constify.
(path_conv::get_posix): New method to read posix_path. Use throughout
instead of accessing normalized_path directly.
(path_conv::set_posix): Rename from set_normalized_path. Accommodate
name change throughout.
* spawn.cc (find_exec): Return POSIX path, not Win32 path.
declaration in ldap-related method.
(cygheap_pwdgrp::get_shell): Ditto.
(cygheap_pwdgrp::get_gecos): Ditto.
* ldap.cc (cyg_ldap::open): Use NO_ERROR instead of 0.
(cyg_ldap::close): Reset last_fetched_sid.
(cyg_ldap::fetch_ad_account): Return immediately if sid is the same as
last_fetched_sid. Open LDAP connection from here. Move initialization
of rdse after open call. Set last_fetched_sid if LDAP call was
successful.
* ldap.h (class cyg_ldap): Add member last_fetched_sid.
(cyg_ldap::cyg_ldap): Initialize last_fetched_sid.
(cyg_ldap::is_open): New inline method.
* uinfo.cc (cygheap_pwdgrp::init): Drop initialization of db_home,
db_shell and db_gecos with "cygwin desc", thus only using the fallback
by default.
(fetch_windows_home): Add parameter dnsdomain. Call
cyg_ldap::fetch_ad_account if required.
(fetch_from_path): Add parameter dnsdomain. Call fetch_windows_home
accordingly.
(cygheap_pwdgrp::get_home): Accomodate call to fetch_windows_home.
Add dnsdomain parameter in ldap-related method. Call
cyg_ldap::fetch_ad_account if required.
(cygheap_pwdgrp::get_shell): Ditto.
(cygheap_pwdgrp::get_gecos): Ditto.
(pwdgrp::fetch_account_from_windows): Drop cyg_ldap::open call prior to
cyg_ldap::fetch_ad_account call. Set is_current_user to true if we're
handling the current user account. Make sure to perform the LDAP calls
only for users, and only if required.
(gfpod_helper): Drop equality sign from environment variable name
in call to check_path_access.
* exec.cc (execlp): Drop equality sign from environment variable name
in call to find_exec.
(execvp): Ditto.
(execvpe): Ditto.
* path.h (enum fe_types): Drop FE_NATIVE.
(find_exec): Rename third paramter in declaration from search. Drop
equality sign from default value.
* spawn.cc (perhaps_suffix): Add PC_POSIX to path_conv::check call.
(find_exec): Simplify function. Iterate over POSIX pathlist rather
than Windows pathlist. Drop handling of FE_NATIVE flag. Always fill
posix path of incoming path_conv buf, unless FE_NNF flag is given.
(av::setup): Drop equality sign from environment variable name
in call to find_exec. Call unshift with normalized_path.
* winf.cc (av::unshift): Drop conv parameter and code converting
Windows to POSIX path.
* winf.h (av::unshift): Accommodate prototype.
(opts): Add -f option.
(restore_flags): New variable.
(usage): Clarify working of save action. Add restore action. Add
description for -f/--force option.
(set_privilege): Drop function. The Cygwin DLL is doing that anyway.
(cmd_save): Drop call to set_privilege.
(cmd_restore): New function.
(main): Handle -f/--force option.
sourceware.org URLs are concerned.
* Throughout, simplify ulink expressions if the visible text is the
URL anyway.
* faq-programming.xml (faq.programming.dll-relocatable): Remove.
* faq-setup.xml (faq.setup.name-with-space): Change for 1.7.34.
(faq.setup.home): Ditto.
* faq-using.xml (faq.using.printing): Clarify old links and availability
of a2ps and file.
(faq.using.xemacs): Drop outdated version info and pointers to native
XEmacs.
(faq.using.ntemacs): Remove.
* faq-what.xml (faq.what.what): Rephrase to reflect reality.
(faq.what.supported): Ditto.
(faq.what.who): Rephrase slightly.
* legal.xml: Bump copyright.
* setup-net.xml (internet-setup): Fix references to setup executables.
with version information. Use throughout.
(clean): Drop winver_stamp.
(version.cc winver.o): Drop empty rule.
(winver_stamp): Convert to rule targeting version.cc and winver.o
directly. Drop touching winver_stamp. Fix typo.
* fhandler_process.cc (process_tab): Fix indentation.
(fhandler_process::exists): Rely on format_process_fd returning file
type in fd_type.
(struct process_fd_t): Add fd_type member.
(fhandler_process::fill_filebuf): Allow format_process_fd to set
this->fd_type member.
(format_process_fd): Fix path evaluation to allow recognizing trailing
path components. Fix check for file descriptor path component. Return
virt_symlink in fd_type if no trailing path compenents exist, return
virt_fsdir otherwise and copy full resulting path into destbuf.
* path.cc (path_conv::check): If /proc/$PID/fd symlink has trailing
path components, reparse resulting path as if it's the incoming path.
Add comment to wail over the outdated and hackish check method, and to
explain what we do here.
* bsd_mutex.cc (_msleep): Fetch signal_arrived handle from thread's
ipcblk.
* process.h (class process): Drop _signal_arrived and align methods.
(process_cache::process): Drop signal_arrived parameter.
* process.cc (process::process): Ditto. Drop related code.
(process::~process): Drop closing signal_arrived handle.
(process_cache::process): Drop signal_arrived parameter in call to
process::process.
(thread::dup_signal_arrived): New method duplicating thread's
signal_arrived handle.
(thread::close_signal_arrived): New method closing thread's
signal_arrived handle.
* msg.cc (client_request_msg::serve): Drop signal_arrived parameter from
call to process_cache::process. Use thread constructor to initialize td.
* sem.cc (client_request_sem::serve): Ditto.
* shm.cc (client_request_shm::serve): Ditto.
(class thread): struct->class. Add prototypes for new private methods
dup_signal_arrived and close_signal_arrived. Implement constructor and
destructor.
2014-11-17, always prepending domain to NT SERVICE accounts when
searching by name. Fix test expression to allow fully qualified
names for NT SERVICE accounts. Extend comment to explain a bit.