Add a hit_eof method that tries to detect whether any clients are
connected. Before concluding that there are none, it gives the
listen_client thread time to update the client data.
Introduce a 'fifo_client_handler' structure that can be used by a
reader to communicate with a writer using an instance of the named
pipe. An fhandler_fifo opened for reading creates a thread that does
the following:
- maintains a list of fifo_client_handlers
- listens for_clients trying to connect
- creates new pipe instances as needed so that there's always at
least one available for connecting.
The pipe instances are initially created in blocking mode, but they
are set to be non-blocking after a connection is made.
fhandler_fifo::raw_read now loops through the connected clients and
reads from the first one that has data available.
New fhandler_fifo methods: add_client, listen_client,
listen_client_thread, check_listen_client_thread.
Replace the create_pipe method by create_pipe_instance, which allows
unlimited pipe instances.
New helper functions: create_event, set_pipe_non_blocking.
Make fhandler_fifo a derived class of fhandler_base instead of
fhandler_base_overlapped.
Replace the create_pipe macro, which is based on
fhandler_pipe::create, by new create_pipe and open_pipe methods.
These use NT functions instead of Win32 functions. Replace fifo_name
by get_pipe_name, which returns a pointer to a UNICODE_STRING.
Remove the fnevent macro, which would now be needed only once.
Add a raw_write method, adapted from fhandler_base::raw_write.
Adapt all functions to the changes above.
Switching to Cywin-only PIDs introduced a new problem when collecting
Cygwin processes for `ps -W': A process can show up multiple times
again, if the Cygwin procinfo has been opened for a just execing
process. The execed process then shows up twice, once as Cygwin
process, but with the wrong Windows PID of the execing process,
once as Windows-only process.
The mechanism used to exclude these stray processes didn't work with
the new Cygwin pid handling anymore. To fix this
* check if the incoming Windows PID is the same as the PID in the
procinfo. If not, we have the PID of the execing process while
procinfo was already changed,
* always check if the process has already been handled, not only
for processes we got a procinfo for,
* simplify adding pid to pidlist since pid is now always correct.
While at it, fix comments and comment formatting.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
strace only printed the Windows PID in event output so far.
Especially now that Windows and Cygwin PID are decoupled, the
strace user might like to see the Cygwin pid in event output as
well. However, at process startup, the process might not have
a Cygwin PID yet.
To mitigate this, always print the Windows PID and only add the
Cygwin pid if it exists.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
commit c0d7d3e1a2 removed the usage of the
LCMAP_BYTEREV flag in the call to LCMapStringW to workaround a strange
bug in LCMapStringW. This patch didn't take a userspace call of
wcsxfrm{_l} with NULL buffer and 0 size to evaluate the required buffer
size into account. This introduced a crash trying to byte swap the
NULL buffer. This patch fixes that problem.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
3.0.0 changed uname but missed to align /proc/version
which then used the old uname function on the new uname
struct.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Always use NtQuerySystemInformation(SystemProcessIdInformation).
This drops two code paths calling NtQueryInformationProcess or
GetModuleFileNameExW and only requires to open the process
to fetch system time info.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There's a long-standing bug in ps -W. It only shows processes which ps
can open with PROCESS_QUERY_LIMITED_INFORMATION permissions. However,
that fails for a lot of system processes. Due to that, output is
basically restricted to processes in the same session, as well as Cygwin
processes... which isn't *quite* what ps -W was supposed to do.
Basically we only need to open the process to fetch the image name. If
that fails, utilize the undocumented SystemProcessIdInformation info
class introduced with Windows Vista, which allows to fetch the image
name by specifying the PID. Restructure the code a bit.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When logging in via ssh with an unprivileged account,
PdhAddEnglishCounter returns with status 0x800007D0,
PDH_CSTATUS_NO_MACHINE. We didn't find any workaround
but the changes to improve debugging output may help
in future. Using UNICODE instead of ANSI functions is
a result of trying to fix this problem.
Also drop the prototype workaround for PdhAddEnglishCounterA.
It's not required anymore since Mingw-w64's pdh.h catched up.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Create process with standard rights, plus
PROCESS_QUERY_LIMITED_INFORMATION for authenticated users. This
allows to fetch basic process information and thus /proc/<PID>/stat
to succeed on foreign processes.
While at it, fix formatting in CreateProcess calls.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There's no good reason to return blank if some of the info
couldn't be collected. Drop useless call collecting
SystemProcessorPerformanceInformation. Always return some
valid start_time, even if we couldn't collect ProcessTimes.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The OpenProcess call to generate /proc/<PID>/stat info requests
PROCESS_VM_READ, but that's not required. Drop it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Creating /proc/<PID>/cmdline requires permissions to communicate
with the target process via its signal pipe. If that fails, the
output is "<defunct>" which doesn't make sense most of the time.
Rather, call format_process_exename in this case to get more useful
process name info, albeit not the full cmdline.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The winpid symlinks got created with no query permissions, so
only admins could see all Cygwin processes. Create symlinks
so everyone has query permissions instead.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Canceling the timer thread runs under lock. The thread uses the same
lock to guard its timer_tracker struct access. If the timing is bad,
timer_settime or timer_delete grab the lock at the same time, the timer
expires. In the end, cancel waits for the thread sync while the thread
waits for ther lock to be released.
Fix this by not waiting for the thread sync under lock.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
On setting the timer, the thread is accidentally only canceled when
disarming the timer. This leaks one thread per timer_settimer call.
Move the thread cancellation where it belongs.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
We don't support setting groups via /etc/groups anymore. Also, the
initgroups group list is created via S4U, so we have "Interactive" vs.
"Network" token, an artificial and entirely irrelevant difference.
So, "verifying" the lsaprivkeyauth token may lead to rejecting a prefectly
valid token. Just remove the verify_token call.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Revert "Cywin: user profile: unload impersonation user profile on exit"
Revert "Cygwin: seteuid: allow inheriting impersonation user profile handle"
Revert "Cygwin: user profile: add debug output to unload_user_profile"
Revert "Cygwin: user profile: Make an effort to unload unused user profiles"
This reverts commit bcb33dc4f0.
This reverts commit dd3730ed9c.
This reverts commit 8eee25241e.
This reverts commit 71b8777a71.
This patchset actually results in the following problem:
- After a couple of ssh logon/logoff attempts, an interactive session
of the same user loging in, is broken.
Apparently UnloadUserProfile manages to unload the user's profile
even while a parallel interactive session still uses the user's
profile.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Per MSDN VirtualQueryEx requires PROCESS_QUERY_INFORMATION.
Testing showed that PROCESS_QUERY_LIMITED_INFORMATION is sufficient
since Windows 8.1. The assumption that Windows 8 is the same as
Windows 8 was not correct, it requires PROCESS_QUERY_INFORMATION
as well.
Fix that by splitting the Windows 8 wincaps into one for Windows 8
and one for Windows 8.1. Set needs_query_information for Windows 8.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
If the user domain is the primary domain, LDAP is supposed to
use the default naming context. This is accomplished by setting
domain name to NULL in the call to cyg_ldap::fetch_ad_account.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
cyg_ldap::fetch_ad_account creates a naming context from the
incoming domain, if it's not NULL. The algorithm overwrites
dots with \0 in domain while creating the naming context, but
neglects to restore the dots.
Fix that by never overwriting the incoming domain name.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- feenableexcept,fedisableexcept, fegetexcept are GNU-only
- fegetprec, fesetprec are Solaris, use __MISC_VISIBLE
- _feinitialise is Cygwin-internal only
- Replace self-named FP precision values to values from
http://www.open-std.org/jtc1/sc22//WG14/www/docs/n752.htm
as used by Solaris.
- Change return value of fesetprec to adhere to the above document
and Solaris.
- Document fegetprec, fesetprec as Solaris functions, not as GNU
functions
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
...before calling any of its method. It's no safe bet that
it's already initialized when calling s4uauth and adding it
to load_user_profile certainly doesn't hurt.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In case of a local machine account login, pi.lpProfilePath points
to the buffer returned by NetUserGetInfo, but NetApiBufferFree
is called prior to calling LoadUserProfileW. Fix by copying over
usri3_profile to the local userpath buffer, just as in the AD case.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This never really worked. While at it, restructure code to
do common stuff only in one spot. Improve debug output.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Inspecting the content of case-sensitive directories
on remote machines results in lots of errors like
disappearing diretories and files, file not found, etc.
This is not feasible as default behaviour
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
A sleep is required on Windows 10 64 bit only before calling
RegisterClassW in the timerfd thread, and only when running
under strace. One of the child processes inheriting the timerfd
descriptor will get a STATUS_FLOAT_INEXACT_RESULT exception inside
of msvcrt.dll. It's apparently some timing problem. It occurs
in 4 out of 5 runs under strace only. WOW64 and Windows 7 64 bit
don't have this problem.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The share section was created using the PAGE_SIZE constant,
but PAGE_SIZE is 64K. Fix that by using wincap.page_size()
instead, which returns the desired actual page size of 4K.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
timerfd_tracker and timerfd_shared classes:
- Just because handles are shared, we don't have to store them in
shared memory. Move share handles into timerfd_tracker class.
- Drop shared instance counter since it's not required anymore.
timerfd_shared only stores the actual timer data.
- Drop timerfd_shared::create, just set clock id.
- Drop timerfd_shared::dtor, it's not required anymore.
- Drop timerfd_tracker::close, just call dtor where required.
- Rename timerfd_tracker::increment_instances to timerfd_tracker::dup.
It's the only reason it exists...
- timerfd_tracker::dtor now checks the non-shared pointers for NULL
before attempting to close them.
- timerfd_tracker::dtor handles decrementing the local instance count
by itself.
- Add a method timerfd_tracker::init_fixup_after_fork_exec to set
non-shared pointers to NULL. Together with the dtor patches it
fixes a problem with close_on_exec timerfd descriptors.
- Fix a bug in handling the thread synchronization event. It's
actually nice to create it before using it...
- Drop using sec_none{_nih} in InitializeObjectAttributes. It's
an unnecessary roundabout route just to get a NULL pointer.
- Slightly rework timechange window handling.
- Add more comments to explain what happens.
fhandler_timerfd:
- Drop cnew macro, it just hides what happens.
- fhandler_timerfd::fixup_after_exec now calls
timerfd_tracker::init_fixup_after_fork_exec first, so a subsequent
call to timerfd_tracker::dtor only works on valid handles.
- fhandler_timerfd::close directly calls timerfd_tracker::dtor now.
- Drop dtor call in fhandler_timerfd destructor.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
timerfd_tracker::fixup_after_fork_exec always tries to restore
the shared timer region at the same address as in the parent.
This is entirely unnecessary and wasn't intended, rather some
kind of copy/paste thinko. Fix that. Print NtMapViewOfSection
status code in api_fatal on failure for debugging.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The "optimized" condition to recognize an unarmed timer was plain
wrong. Replace it by checking the stored it_value against 0.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The child process needs access to the handle to be able to
unload it when switching user context.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Does this work? There's not much feedback given.
TODO: We might want to try unloading the user profile at process
exit as well, FWIW.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
curr_primary_token is either NO_IMPERSONATION or the external_token
or the internal_token, so it's never required to be closed by itself.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 649911fb40 avoids the
calls to NetUserGetGroups and NetUserGetLocalGroups since
these can take a lot of time. The same problem potentially
occurs when loading the user profile. The code fetches
the roaming profile path calling NetUserGetInfo, which also
can be rather slow.
To avoid this problem, fetch the profile patch using LDAP.
Also, don't bail out early if the user's registry hive already
exists. This may result in outdated information.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
NetUserGetGroups and NetUserGetLocalGroups sometimes take a lot of time
(up to more than 2 mins) for no apparent reason.
Call s4uauth to generate an identification token for the user and fetch
the group list from there. This is *much* faster.
Keep the old code only for the sake of WOW64 on Vista and Windows 7,
which don't implement MsV1_0S4ULogon.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
s4uath was only callable to create an impersonation token so
far. Rework the function to allow creating an identification
token for informational purposes even from untrusted processes.
Take domainname and username instead of a passwd pointer to be
more multi-purpose.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 4e34a39b5c made sure all user and
group names are case-correct, but it introduced a hefty performance hit
on starting the first Cygwin process.
Adding an ldap call for each AD group in a user token takes its toll in
bigger AD environments with lots of groups in a user token. Real-life
example: 300 groups w/ roundtrip time to the LDAP server of 0.25 secs
per call...
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Up to Vista CreateProcessAsUser only worked with primary tokens,
so convert S4U impersonation token to primary token. MSDN still
documents it that way, but actually an impersonation token is
sufficient since Windows 7.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Under WOW64 on 64 bit Windows 7, MsV1_0S4ULogon appears to be
unimplemented, probably under Vista as well. Re-enable
create_token method, to allow basic seteuid on W7 WOW64 and
Vista as well.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
for domain accounts we try KerbS4ULogon first, MsV1_0S4ULogon
second. But we only fetch the package id for the supporting
authentication package (Kerberos/MsV1_0) once at the start.
Duplicate LsaLookupAuthenticationPackage call and move into the
Kerb/MsV1_0 branches so that it fetches the correct package id
for the method we call next.
Curious enough this worked before. Apparently both methods
work with the MICROSOFT_KERBEROS_NAME_A package id. However,
requesting and using the right authentication package id is
the prudent thing to do.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit 7c34811440.
This potentially allows to circumvent OpenSSHs user/group name matching,
unless the Admin knows to add every local user twice or to use patterns,
e.g.:
Match user MACHINE+user,.+user
Match user *+user
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit c1023ee353 changed the way
path_conv::binmode() works. Rather than returning three states,
O_BINARY, O_TEXT, 0, it only returned 2 states, O_BINARY, O_TEXT. Since
mounts are only binary if they are explicitely mounted binary by setting
the MOUNT_BINARY flag, textmode is default.
This introduced a new bug. When inheriting stdio HANDLEs from native
Windows processes, the fhandler and its path_conv are created from a
device struct only. None of the path or mount flags get set this way.
So the mount flags are 0 and path_conv::binmode() returned 0.
After the path_conv::binmode() change it returned O_TEXT since, as
explained above, the default mount mode is textmode.
Rather than just enforcing binary mode for path_conv's created from
device structs, this patch changes the default mount mode to binary:
Replace MOUNT_BINARY flag with MOUNT_TEXT flag with opposite meaning.
Drop all explicit setting of MOUNT_BINARY. Drop local set_flags
function, it doesn't add any value.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When recognizing a negative pid, optind is off by one. The
code correcting this has been erroneously removed by commit
8de660271f. Revert that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The solution from commit 9a3cc77b2a
didn't work for foreign domain accounts. Rather than calling
LookupAccountSid we now use the info when we fetch it anyway
via LDAP or Net*GetInfo. Only in case of domain groups we have
to add an LDAP call explicitly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Make sure a domain+username fits into the local name buffer.
The former buffer size didn't take adding a domain name to
a really_really_long_user_name into account.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When looking up valid accounts by name, LookupAccountName returns
a SID and a case-correct domain name. However, the name was input
and LookupAccountName is case-insensitive, so the name is not
necessarily written the same way as in SAM or AD.
Fix that by doing a reverse lookup on the just fetched SID. This
fetches the account name in the correct case. Override the
incoming name with the case correct name from LookupAccountSid.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This is a really old and crappy API, as the previous commit shows.
Use NtQueryInformationFile(FilePositionInformation) here instead.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
dtable::set_file_pointers_for_exec is called from
child_info_spawn::worker to move the file position of O_APPEND
files to EOF if the child is a native child.
However, this only works correctly for the first O_APPEND
file descriptor:
- set_file_pointers_for_exec calls SetFilePointer. The higher
4 bytes of the desired file offset are given to SetFilePointer
as pointer to a DWORD value. On return, SetFilePointer returns
the higher 4 bytes of the new file position in this DWORD.
- So for the second and subsequent descriptors the higher 4 byte
of the file position depend on what the actual file position
of the previous file has been set to:
- If the file is > 2 Gigs, the high offset will not be 0 anymore.
- If the desciptor points to a non-seekable file (i.e., a pipe
or socket), SetFilePosition returns an error and sets the high
position to -1.
Fix this by calling SetFilePointerEx instead, which does not
modify the incoming position value.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When calling spawnve, in contrast to execve, the parent has
to create the pid for the child. With the old technique
this was simply the Windows pid, but now we have to inform
the child about its new pid.
Add a cygpid member to class child_info_spawn. Set it in
child_info_spawn::worker, just prior to calling CreateProcess
rather than afterwards. Overwrite cygheap->pid in
child_info_spawn::handle_spawn before calling pinfo::thisproc.
Make sure pinfo::thisproc knows the pid is already set by
setting the handle argument to INVALID_HANDLE_VALUE.
Also set procinfo->dwProcessId to myself_initial.dwProcessId
instead of to myself_initial.pid for clarity.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When the current process has renamed (to bin) a readonly dll, we get
STATUS_TRANSACTION_NOT_ACTIVE for unknown reason when subsequently
creating the forkable hardlink. A workaround is to open the original
file with FILE_WRITE_ATTRIBUTES access, but that fails with permission
denied for users not owning the original file.
* forkable.cc (dll::create_forkable): Retry hardlink creation using the
original file's handle opened with FILE_WRITE_ATTRIBUTES access when the
first attempt fails with STATUS_TRANSACTION_NOT_ACTIVE.
* Rename cygwin_shared->prefer_forkable_hardlinks to
forkable_hardlink_support, with values
0 for Unknown, 1 for Supported, -1 for Unsupported.
Upon first dll loaded ever, dll_list::forkable_ntnamesize checks the
/var/run/cygfork directory to both exist and reside on NTFS, setting
cygwin_shared->forkable_hardlink_support accordingly.
* Replace enum forkables_needs by bool forkables_created: Set
to True by request_forkables after creating forkable hardlinks.