from the current effective ids.
* fhandler_socket.cc (fhandler_socket::fstat): Keep the uid and gid set
by fhandler_base::fstat.
* security.cc (get_nt_attribute): Do not test wincap.has_security ().
(get_nt_object_attribute): Ditto.
(get_file_attribute): Add test for wincap.has_security ().
(get_object_attribute): Ditto.
data on sockets to evaluate AF_LOCAL sockets correctly.
(dtable::build_fhandler): Set unit number on sockets.
* fhandler.h (fhandler_socket): Add unit number.
(fhandler_socket::get_unit): New method.
* fhandler_socket.cc (fhandler_socket::fhandler_socket): Set unit
number.
(fhandler_socket::fstat): Reorganize to return more Linux-like
values.
* net.cc: include ctype.h.
(fdsock): Set unit number when building fhandler.
* path.cc (path_conv::check): Set device type to FH_SOCKET if file
is a AF_UNIX socket.
(get_devn): Evaluate unit for virtual socket devices.
(win32_device_name): Set windows path for sockets to unix_path with
just backslashes to keep the different names.
* syscalls.cc (fstat64): Don't override st_ino, st_dev and st_rdev
for sockets.
(stat_worker): Ditto.
From Pierre Humblet:
* autoload.cc (AccessCheck): Add.
(DuplicateToken): Add.
* security.h (check_file_access): Declare.
* syscalls.cc (access): Convert path to Windows, check existence
and readonly attribute. Call check_file_access instead of acl_access.
* security.cc (check_file_access): Create.
* sec_acl (acl_access): Delete.
loop. Set default rights to same values as in alloc_sd(). Set DELETE
for owner and default owner only if S_IWOTH is given.
* sec_acl.cc: Change all __aclent16_t to __aclent32_t except in
wrapper function definitions. Replace call to the aclXYZ functions by
calls aclXYZ32.
(searchace): Change type of third argument to __uid32_t and use
ILLEGAL_UID instead of -1;
(setacl): Remove some initializations. Only give STANDARD_RIGHTS_WRITE
for S_IWOTH. Replace -1 by ILLEGAL_UID.
(getacl): Change type of owner_sid, group_sid and ace_sid to cygpsid.
In last else clause, suppress second call to ace_sid.get_id and use
TRUE in first call. Replace EqualSid by ==.
(acl_access): Call internal_getgroups in USER and GROUP cases.
(acecmp: Define static.
(acl32): Create from 16 bit type.
(facl32): Ditto.
(lacl32): Ditto.
(aclcheck32): Ditto.
(aclsort32): Ditto.
(acltomode32): Ditto.
(aclfrommode32): Ditto.
(acltopbits32): Ditto.
(aclfrompbits32): Ditto.
(acltotext32): Ditto.
(aclfromtext32): Ditto, and use strechr.
(acl16to32): Create.
(acl): Make it a wrapper function.
(facl): Ditto.
(lacl): Ditto.
(aclcheck): Ditto.
(aclsort): Ditto.
(acltomode): Ditto.
(aclfrommode): Ditto.
(acltopbits): Ditto.
(aclfrompbits): Ditto.
(acltotext): Ditto.
(aclfromtext): Ditto.
* security.cc (write_sd): Call set_process_privilege and check
ownership.
(alloc_sd): Remove call to set_process_privilege and the owner check.
* security.cc (extract_nt_dom_user): Simplify with strechr.
(get_user_groups): Initialize glen to MAX_SID_LEN.
(get_user_local_groups): Ditto.
(get_attribute_from_acl): Define ace_sid as cygpsid.
(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
(get_nt_object_attribute): Ditto.
(alloc_sd): Define ace_sid as cygpsid.
* autoload.cc: Add OpenThreadToken.
* sec_helper.cc (set_process_privilege): Add and use use_thread
argument.
* security.cc (alloc_sd): Modify call to set_process_privilege.
Remember the result in each process. If failed and file owner is not
the user, fail.
(setacl): Start the search for a matching default at the next entry.
Invalidate the type of merged entries instead of clearing it.
Use well_known_creator for default owner and owning group and do
not try to merge non-default and default entries in these cases.
(getacl): Recognize well_known_creator for default owner and group.
(acl_worker): Improve errno settings and streamline the nontsec case.
* security.cc (write_sd): Remove the call to set_process_privilege.
(alloc_sd): If the owner changes, call set_process_privilege and return
immediately on failure. Change inheritance rules: on new directories add
inherit only allow ACEs for creator_owner, creator_group and everyone.
Preserve all inheritances through chmod and chown calls. Introduce
isownergroup to implement the uid == gid case, to keep the inheritance
code simple. Do not initialize owner_sid and group_sid and stop using
the variable psd.
* pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by
pwdgrp_check::isinitializing ().
(pwdgrp_check::isinitializing): Create.
* passwd.cc (grab_int): Change type to unsigned, use strtoul and
set the pointer content to 0 if the field is invalid.
(parse_pwd): Move validity test after getting pw_gid.
(read_etc_passwd): Replace "passwd_state <= " by
passwd_state::isinitializing ().
(internal_getpwuid): Ditto.
(internal_getpwnam): Ditto.
(getpwent): Ditto.
(getpass): Ditto.
* grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity.
(read_etc_group): Replace "group_state <= " by
group_state::isinitializing ().
(internal_getgrgid): Ditto.
(getgrent32): Ditto.
(internal_getgrent): Ditto.
2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* security.h: Move declarations of internal_getgrent,
internal_getpwsid and internal_getgrsid to pwdgrp.h.
* pwdgrp.h: Declare internal_getpwsid, internal_getpwnam,
internal_getpwuid, internal_getgrsid, internal_getgrgid,
internal_getgrnam, internal_getgrent and internal_getgroups.
Delete "emulated" from enum pwdgrp_state.
(pwdgrp_check::isuninitialized): Create.
(pwdgrp_check::pwdgrp_state): Change state to initializing
rather than to uninitialized.
(pwdgrp_read::gets): Remove trailing CRs.
* passwd.cc (grab_string): Don't look for NLs.
(grab_int): Ditto.
(parse_pwd): Don't look for CRs. Return 0 if entry is too short.
(search_for): Delete.
(read_etc_passwd): Simplify tests to actually read the file.
Set state to loaded before making internal_getpwXX calls.
Replace search_for calls by equivalent internal_pwgetXX calls.
(internal_getpwsid): Use passwd_state.isuninitialized to decide
to call read_etc_passwd.
(internal_getpwuid): Create.
(internal_getpwnam): Create.
(getpwuid32): Simply call internal_getpwuid.
(getpwuid_r32): Call internal_getpwuid.
(getpwnam): Simply call internal_getpwnam.
(getpwnam_r): Call internal_getpwnam.
* grp.cc (parse_grp): Don't look for CRs. Adjust blank space.
(add_grp_line): Adjust blank space.
(class group_lock): Ditto.
(read_etc_group): Simplify tests to actually read the file.
Set state to loaded before making internal_getgrXX calls.
Replace getgrXX calls by equivalent internal calls.
(internal_getgrsid): Use group_state.isuninitialized to decide
to call read_etc_group.
(internal_getgrgid): Create.
(internal_getgrnam): Create.
(getgroups32): Simply call internal_getgrgid.
(getgrnam32): Simply call internal_getgrnam.
(internal_getgrent): Call group_state.isuninitialized.
(internal_getgroups): Create from the former getgroups32, using
two of the four arguments. Set gid to myself->gid and username
to cygheap->user.name ().
(getgroups32): Simply call internal_getgroup.
(getgroups): Call internal_getgroup instead of getgroups32.
(setgroups32): Call internal versions of get{pw,gr}XX.
* sec_helper.cc: Include pwdgrp.h.
(is_grp_member): Call internal versions of get{pw,gr}XX.
* security.cc: Include pwdgrp.h.
(alloc_sd): Call internal versions of get{pw,gr}XX.
* syscalls.cc: Include pwdgrp.h.
(seteuid32): Call internal versions of get{pw,gr}XX.
(setegid32): Ditto.
* uinfo.cc: Include pwdgrp.h.
(internal_getlogin): Call internal versions of get{pw,gr}XX.
(cygheap_user::ontherange): Ditto.
* sec_acl.cc: Include pwdgrp.h.
(setacl): Call internal versions of get{pw,gr}XX.
(acl_access): Ditto and simplify logic.
(aclfromtext): Ditto.
just in case an access_denied ACE follows an access_allowed.
Handle the case owner_sid == group_sid, with a FIXME.
Remove unnecessary tests for non-NULL PSIDs.
(alloc_sd): Use existing owner and group sids if {ug}id == -1.
Handle case where owner_sid == group_sid.
Do not call is_grp_member. Try to preserve canonical ACE order.
Remove unnecessary tests for non-NULL PSIDs. Reorganize
debug_printf's.
(get_initgroups_sidlist): Put well_known_system_sid on left
side of ==.
(add_access_denied_ace): Only call GetAce if inherit != 0.
(add_access_allowed_ace): Ditto. Use appropriate sizeof.
* syscalls.cc (chown_worker): Pass {ug}id equal to -1 to
alloc_sd, which removes the need to obtain old_{ug}id.
(chmod): Remove call to get_file_attribute (), simply pass
{ug}id equal to -1 to alloc_sd.
cygheap->user, return the uid or gid from myself.
* security.cc (alloc_sd): If gid == myself->gid, return the group sid from
cygheap->user. Remove the test for uid == original_uid, which is
counter-productive.
already taken care of that.
* fhandler_console.cc (fhandler_console::open): Initialize handles to NULL.
(fhandler_console::close): Ditto. GNUify non-GNU formatted functions calls
throughout.
may not end up in the pool.
(cygthread::new): Avoid race when checking for initialized. Add debugging
code.
* fhandler.cc (fhandler_base::raw_read): Add case for ERROR_INVALID_HANDLE due
to Win95 directories.
(fhandler_base::open): Handle errors due to Win95 directories.
(fhandler_base::close): Add get_nohandle () test.
(fhandler_base::set_close_on_exec): Ditto.
(fhandler_base::fork_fixup): Ditto.
(fhandler_base::lock): Change error code to Posix EINVAL.
(fhandler_base::dup): If get_nohandle (), set new value to INVALID_HANDLE_VALUE
instead of NULL.
* fhandler_disk_file.cc (fhandler_disk_file::fstat): Call fstat_by_name if
get_nohandle (). Remove extraneous element from strpbrk.
(fhandler_disk_file::open): Remove test for Win95 directory.
* fhandler_random.cc (fhandler_dev_random::open): Add set_nohandle ().
* fhandler_clipboard.cc (fhandler_dev_clipboard::open): Ditto.
* fhandler_zero.cc (fhandler_dev_zero::open): Ditto.
(fhandler_dev_zero::close): Delete.
* fhandler.h (class fhandler_dev_zero): Ditto.
supplementary group sids that may have been set by setgroups.
* security.cc (cygsidlist::free_sids): Also zero the class members.
* security.h (groups::clear_supp): New.
Rename cygsidlist_unknown to cygsidlist_empty.
before owner_sid and group_sid so that well_known_world_sid
means "other" even when owner_sid and/or group_sid are Everyone.
* security.cc (get_attribute_from_acl): Created from code common
to get_nt_attribute() and get_nt_object_attribute(), with same
reordering as in getacl() above.
(get_nt_attribute): Call get_attribute_from_acl().
(get_nt_object_attribute): Ditto.
the supplementary group list is missing Everyone or a groupsid
equal to usersid, or because the primary group is not in the token,
as long as it is equal to the usersid.
* syscalls.cc (seteuid32): Use common code for all successful returns.
* grp.cc (getgroups32): Never includes Everyone in the output.
* include/cygwin/version.h: Bump API minor version.
* cygheap.h (class cygheap_user): Add member groups.
* security.h (class cygsidlist): Add members type and maxcount,
methods position, addfromgr, alloc_sids and free_sids and
operator+= (const PSID psid). Modify contains () to call
position () and optimize add () to use maxcount.
(class user_groups): Create.
Update declarations of verify_token and create_token.
* security.cc (cygsidlist::alloc_sids): New.
(cygsidlist::free_sids): New.
(get_token_group_sidlist): Create from get_group_sidlist.
(get_initgroups_sidlist): Create from get_group_sidlist.
(get_group_sidlist): Suppress.
(get_setgroups_sidlist): Create.
(verify_token): Modify arguments. Add setgroups case.
(create_token): Modify arguments. Call get_initgroups_sidlist and
get_setgroups_sidlist as needed. Set SE_GROUP_LOGON_ID from auth_pos
outside of the loop. Rename the various group sid lists consistently.
* syscalls.cc (seteuid32): Modify to use cygheap->user.groups.
(setegid32): Call cygheap->user.groups.update_pgrp.
* grp.cc (setgroups): Create.
(setgroups32): Create.
* uinfo.cc (internal_getlogin): Initialize and update user.groups.pgsid.
* cygwin.din: Add setgroups and setgroups32.
(get_supplementary_group_sidlist): Evolve into get_unix_group_sidlist.
(get_user_local_groups): Add check for duplicates.
(get_user_primary_group): Suppress.
(get_group_sidlist): Silently ignore PDC unavailability.
Call get_unix_group_sidlist() before get_user_local_groups().
Remove call to get_supplementary_group_sidlist(). Never call
get_user_primary_group() as the passwd group is always included.
Add well_known_authenticated_users_sid in only one statement.
domain as the local domain.
(get_group_sidlist): Add authenticated users SID to SYSTEM's group
list instead of SYSTEM itself.
(verify_token): Accept the primary group sid if it equals
the token user sid.
(INHERIT_ALL): Ditto.
(INHERIT_ONLY): Ditto.
* sec_acl.cc: Use appropriate defines from accctrl.h instead of the
above throughout.
* security.cc: Ditto.
(RegQueryInfoKeyA): Ditto.
* fhandler.h (fhandler_virtual::fill_filebuf): Change return type to bool.
(fhandler_proc::fill_filebuf): Ditto.
(fhandler_registry::fill_filebuf): Ditto.
(fhandler_process::fill_filebuf): Ditto.
(fhandler_registry::value_name): Add new member.
(fhandler_registry::close): Add new method.
(fhandler_process::p): Remove member.
* fhandler_proc.cc (fhandler_proc::open): Add set_nohandle after calling
superclass method. Check return value of fill_filebuf.
(fhandler_proc::fill_filebuf): Change return type to bool. Add return
statement.
* fhandler_process.cc (fhandler_process::open): Add set_nohandle after calling
superclass method. Remove references to p. Check return value of
fill_filebuf.
(fhandler_process::fill_filebuf): Change return type to bool. Don't use
dereference operator on p. Add return statement.
(fhandler_process::format_process_stat): Fix typo.
* fhandler_registry.cc: Add static open_key declaration.
(fhandler_registry::exists): Assume path is already normalised. Try opening
the path as a key in its own right first, before reverting to enumerating
subkeys and values of the parent key.
(fhandler_registry::fstat): Add additional code to return more relevant
information about the registry key/value.
(fhandler_registry::readdir): Explicitly set desired access when opening
registry key. Remove output of buf from debug_printf format string.
(fhandler_registry::open): Use set_io_handle to store registry key handle. Set
value_name member. Move code to read a value from the registry to
fill_filebuf. Add call to fill_filebuf.
(fhandler_registry::close): New method.
(fhandler_registry::fill_filebuf): Change return type to bool. Add code to
read a value from registry.
(fhandler_registry::open_key): Make function static. Use KEY_READ as desired
access unless this is the last path component. Check the return value of
RegOpenKeyEx for an error instead of hKey.
* fhandler_virtual.cc (fhandler_virtual::lseek): Check the return value of
fill_filebuf.
(fhandler_virtual::open): Remove call to set_nohandle.
(fhandler_virtual::fill_filebuf): Change return type to bool. Add return
statement.
* security.cc (get_nt_object_attribute): New function.
(get_object_attribute): New function.
* security.h (get_object_attribute): New function declaration.
Call LookupAccountSid after trying to get domain & user from passwd.
(get_group_sidlist): Obtain the domain and user by calling
extract_nt_dom_user instead of LookupAccountSid.
to get_supplementary_group_sidlist.
(create_token): Add pw argument and use it in call to get_group_sidlist.
* security.h: Add pw argument in declaration of create_token.
* syscalls.cc (seteuid32): Add pw argument in call to create_token.
Check uid for current user first and use SIDs from cygheap if so.
Set errno to EINVAL if user SID isn't retrievable. Just print user SID
as debug output.
Don't bail out if group SID isn't retrievable. Change debug output
appropriately.
(cygheap_user::env_logsrv): Verify env_domain is valid.
* environ.cc: Include child_info.h and keep spenvs[] sorted.
(environ_init): Check child_proc_info instead of myself->ppid_handle.
* environ.cc (spenv::retrieve): Add debugging statements.
* pinfo.cc (set_myself): Don't call strace.hello if already stracing.
* strace.cc (strace): Move NO_COPY keyword so that it will actually take
effect.
command-line setting.
* cygwin.din: Export sexec* functions as function which returns ENOSYS
(i.e., sexec* is deprecated).
* dtable.cc (dtable::vfork_child_dup): Ensure that impersonation is restored
even on failure.
* exec.cc: Throughout, remove references to sexec* and _spawnve.
* pinfo.h: Remove _spawnve declaration.
* spawn.cc: Rename _spawnve to spawnve and use throughout.
(spawn_guts): Eliminate hToken argument and processing of same. Just perform
special actions if impersonating.
(spawnve): Rename from _spawnve.
* security.cc (alloc_sd): Remove logsrv argument.
Remove two calls to lookup_name.
(set_security_attribute): Remove logsrv argument.
Remove logsrv argument in call to alloc_sd.
(set_nt_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_security_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_nt_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_file_attribute.
* syscalls.cc (chown_worker): Remove logserver argument in
call to set_file_attribute.
(chmod): Ditto.
* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
* uinfo.cc (internal_getlogin): Replace calls to
lookup_name by call to LookupAccountName.
* security.h: Remove logsrv in declarations of set_file_attribute
and alloc_sd. Remove declaration of lookup_name.
(get_lsa_srv_inf): Suppressed.
(get_logon_server_and_user_domain): Suppressed.
(get_logon_server): Essentially new.
(get_user_groups): Add "domain" argument. Only lookup the
designated server and use "domain" in LookupAccountName.
(is_group_member): Simplify the arguments.
(get_user_local_groups): Simplify the arguments. Do only a
local lookup. Use "BUILTIN" and local domain in LookupAccountName.
(get_user_primary_group). Only lookup the designated server.
(get_group_sidlist): Remove logonserver argument. Do not lookup
any server for the SYSTEM account.
(create_token): Delete logonserver and call to get_logon_server.
Adjust arguments of get_group_sidlist, see above.
* security.h: Delete declaration of get_logon_server_and_user_domain
and add declaration of get_logon_server.
* uinfo.cc (internal_get_login): Call get_logon_server instead of
get_logon_server_and_user_domain.
* fhandler.h (fhandler_proc::fill_filebuf): Take a pinfo argument.
* fhandler_proc.cc (fhandler_proc::get_proc_fhandler): Simplify search for
given pid.
(fhandler_proc::readdir): Assume that pid exists if it shows up in the winpid
list.
* fhandler_process.cc (fhandler_process::open): Simplify search for given pid.
Call fill_filebuf with pinfo argument.
(fhandler_process::fill_filebuf): Pass pinfo here and assume that it exists.
* pinfo.h (pinfo::remember): Define differently if sigproc.h is not included.
* dll_init.cc (dll_list::detach): Don't run destructor on exit.
(LoadFuncEx2): Adapted from LoadFuncEx. Provides control of return value for
nonexistent function.
(NtQueryObject): Declare.
(IsDebuggerPresent): Declare via LoadFuncEx2 and always return true if not
available.
* debug.h (being_debugged): Just rely on IsDebuggerPresent return value.
* dtable.cc (handle_to_fn): New function.
(dtable::init_std_file_from_handle): Attempt to derive std handle's name via
handle_to_fn.
(dtable::build_fhandler_from_name): Fill in what we can in path_conv structure
when given a handle and path doesn't exist.
* fhandler.cc (fhandler_base::open): Don't set the file pointer here. Use
pc->exists () to determine if file exists rather than calling GetFileAttributes
again.
* fhandler.h (fhandler_base::exec_state_isknown): New method.
(fhandler_base::fstat_helper): Add extra arguments to declaration.
(fhandler_base::fstat_by_handle): Declare new method.
(fhandler_base::fstat_by_name): Declare new method.
* fhandler_disk_file (num_entries): Make __stdcall.
(fhandler_base::fstat_by_handle): Define new method.
(fhandler_base::fstat_by_name): Define new method.
(fhandler_base:fstat): Call fstat_by_{handle,name} as appropriate.
(fhandler_disk_file::fstat_helper): Accept extra arguments for filling out stat
structure. Move handle or name specific stuff to new methods above.
(fhandler_disk_file::open): Use real_path->exists rather than calling
GetFileAttributes again.
* ntdll.h (FILE_NAME_INFORMATION): Define new structure.
(OBJECT_INFORMATION_CLASS): Partially define new enum.
(OBJECT_NAME_INFORMATION): Define new structure.
(NtQueryInformationFile): New declaration.
(NtQueryObject): New declaration.
* path.cc (path_conv::fillin): Define new method.
* path.h (path_conv::fillin): Declare new method.
(path_conv::drive_thpe): Rename from 'get_drive_type'.
(path_conv::volser): Declare new method.
(path_conv::volname): Declare new method.
(path_conv::root_dir): Declare new method.
* syscalls.cc (fstat64): Send real path_conv to fstat as second argument.
where appropriate, throughout. Remove unneeded exceptions.h, where
appropriate, throughout. Remove unneeded perprocess.h, where appropriate,
throughout.
INVALID_HANDLE_VALUE instead of NULL.
(get_logon_server_and_user_domain): Test for INVALID_HANDLE_VALUE
instead of NULL.
(create_token): Both of the above.
Replace in-line code by call to verify_token().
(setegid): Reverse change from 2002-01-21. Add call to
RevertToSelf and set primary group in impersonation token.
* security.cc (create_token): Store pgrpsid in token security
descriptor, except if it already appears in my_grps.
Use sec_acl() in place of get_dacl().
(verify_token): Create from code in seteuid(), with tighter checks.
(get_dacl) Deleted.
(get_group_sidlist): Add argument to indicate if pgrpsid is already
in the groups.
* security.h: Define verify_token().
* autoload.cc: Load GetKernelObjectSecurity().
(NetServerEnum): Remove symbol.
* security.cc (get_lsa_srv_inf): Call NetGetDCName() instead of
NetServerEnum() since it's faster. Don't call it at all if machine
is not a domain member.
inheritance/permission.
* spawn.cc (spawn_guts): Ditto.
* security.cc (create_token): Initialize token so that it is not tested for
bogus value later. Use sec_user to control process/thread creation.
* security.h (__sec_user): Rename declaration from sec_user.
(sec_user_nih): Declare here as inline function wrapper for __sec_user.
(sec_user): Ditto.
* sigproc.cc (czombies): Allocate a character array for zombies to avoid
constructor overhead
(extremely hackish, I know).
(cpchildren): Ditto.
(pchildren): New define.
(zombies): Ditto.
(getsem): Use sec_user_nih to control semaphore inheritance/permission.
(get_group_sidlist): Call get_supplementary_group_sidlist() to
retrieve list of supplementary groups SIDs from /etc/group and
add them to the user's group list.
* fhandler.h (fhandler_dev_raw::get_unit): New method.
(fhandler_dev_tape::norewind): Eliminate.
(fhandler_dev_tape::is_rewind_device): New method.
* fhandler_raw.cc (fhandler_dev_raw::open): Open new
fixed device name devices using NT internal method.
Keep calling fhandler_base::open() for old mount table
device mapping compatibility devices.
(fhandler_dev_raw::fstat): Eliminate. Settings are done
by fhandler_base::fstat() already.
* fhandler_tape.cc: Remove `norewind' usage throughout.
* ntdll.h: Define FILE_SYNCHRONOUS_IO_NONALERT.
Define struct _IO_STATUS_BLOCK.
Declare NtOpenFile().
* path.cc (get_raw_device_number): Add new approach for
using fixed device names.
(win32_device_name): Ditto.
(get_device_number): Ditto. Require POSIX path to begin
with "/dev/".
(mount_info::conv_to_win32_path): Call win32_device_name()
instead of get_device_number() after evaluating mount points
to allow changing the win32 destination path again.
* security.cc (str2buf2uni): Remove `static' to be able to
call function from fhandler_dev_raw::open().
* wincap.cc: Set flag has_raw_devices appropriately.
* wincap.h: Add flag has_raw_devices.
a failure.
* times.cc (utimes): On NTFS with ntsec ON, change the file's
security descriptor temporarily to acquire write access if
opening the file failed.
* dcrt0.cc (set_os_type): Set 'iswinnt' appropriately.
* cygheap.cc (init_cheap): Revert to using VirtualAlloc for allocating cygheap.
(cygheap_setup_for_child_cleanup): New function. Standard function to call
after calling CreateProcess to cleanup cygheap info passed to child.
(cygheap_fixup_in_child): Copy cygheap from shared memory into allocated space
under Windows 9x or if can't relocate shared space under NT.
* cygheap.h: Declare new function.
* spawn.cc (spawn_guts): Use cygheap_fixup_in_child.
* fork.cc (fork_parent): Ditto.
* winsup.h: Declare iswinnt.
fhandler.h.
* fhandler.h (fhandler_base::get_inheritance): New method.
* fhandler_socket.cc (fhandler_socket::create_secret_event): Use proper
close-on-exec inheritance when creating.
(fhandler_socket::check_peer_secret_event): Create handle as non-inheritable.
* sec_acl.cc (setacl): Never set DELETE permission. Set
FILE_DELETE_CHILD only on readable and executable directories.
* sec_helper.cc: Add constructor for `well_known_null_sid'.
* security.cc (get_nt_attribute): Set S_ISVTX for directories if
FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
(alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
only on readable and executable directories.
Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
* security.h: Add extern declaration for `well_known_null_sid'.
* thread.cc (pthread_cond::TimedWait): Check for WAIT_TIMEOUT as well as
WAIT_ABANDONED.
(__pthread_cond_timedwait): Calculate a relative wait from the abstime
parameter.
* ntea.cc (NTReadEA): Don't check for global ntea setting, now
it's caller responsibility.
(NTWriteEA): Ditto.
* security.cc (get_file_attribute): Read attribute from EA only
if 'ntea' is enabled.
(set_file_attribute): Ditto.
* path.h: (class path_conv): Add members to store file system
information.
(path_conv::get_drive_type): New function.
* syscalls.cc (stat_worker): Use it.
* path.cc (path_conv::update_fs_info): New functions.
(path_conv::check): Get file system information from device where
file resides. On NTFS, try to read symlink contents from EA.
(get_symlink_ea): New function.
(set_symlink_ea): Ditto.
(symlink): Store symlink in extended attribute, if possible.
doesn't deal well with "negative" chars.
* fhandler.cc (fhandler_disk_file::open): Propagate remote status of file
garnered from path_conv. Move #! checking to fstat.
(fhandler_disk_file::fstat): Reorganize st_mode setting to eliminate
duplication. Move check for #! here from fhandler::open.
* fhandler.h (fhandler_base::isremote): New method.
(fhandler_base::set_isremote): Ditto.
(fhandler_base::set_execable_p): Also record "don't care if executable state".
(fhandler_base::dont_care_if_execable): New method.
* path.cc (path_conv::check): Clear new flags. Appropriately set vol_flags,
drive_type, and is_remote_drive.
* path.h: Add new flags and methods for manipulating them.
* syscalls.cc (_unlink): Use isremote() to determine if a path is remote rather
than calling GetDriveType.
(stat_worker): Ditto.
* security.cc (get_file_attribute): Or attribute with result of NTReadEA to be
consistent with get_nt_attribute.
(cygsid::getfromgr): Ditto.
* security.cc: Use `sys_mbstowcs' and `sys_wcstombs' throughout.
(extract_nt_dom_user): Try to get user and domain from SID in
pw->pw_gecos first.
* security.h (class cygsid): Change parameter of getfrompw() and
getfromgr() to `const'.
* uinfo.cc (internal_getlogin): Change order for evaluating user
information in winNT case. Drop usage of NetWkstaUserGetInfo().
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
* security.h: New define `NO_SID'. Remove declarations of functions
moved to methods into class cygsid.
(class cygsid): Declare new methods `getfromstr', `get_sid',
`getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
and new constructors and operators =, == and !=.
Declare new global cygsids `well_known_XXX_sid' substituting the
corresponding `get_XXX_sid' functions. Remove declarations of
these functions.
* sec_helper.cc (well_known_admin_sid): New global variable.
(well_known_system_sid): Ditto
(well_known_creator_owner_sid): Ditto
(well_known_world_sid): Ditto
(cygsid::string): New method, substituting `convert_sid_to_string_sid'.
(cygsid::get_sid): New method, substituting `get_sid'.
(cygsid::getfromstr): New method, substituting
`convert_string_sid_to_sid'.
(cygsid::getfrompw): New method, substituting `get_pw_sid'.
(cygsid::getfromgr): New method, substituting `get_gr_sid'.
(cygsid::get_id): New method, substituting `get_id_from_sid'.
(get_admin_sid): Eliminated.
(get_system_sid): Ditto.
(get_creator_owner_sid): Ditto.
(get_world_sid): Ditto.
* grp.cc: Use new cygsid methods and well known sids throughout.
* registry.cc: Ditto.
* sec_acl.cc: Ditto.
* security.cc: Ditto.
* shared.cc: Ditto.
* syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
* uinfo.cc (internal_getlogin): Ditto.
* spawn.cc (spawn_guts) Revert previous patch.
`WSACloseEvent', `WSACreateEvent', `WSAGetOverlappedResult',
`WSARecv', `WSARecvFrom', `WSASend', `WSASendTo' and `WSASetEvent',
`WSAWaitForMultipleEvents'.
* net.cc: Define wsock_evt.
(wsock_event): New class.
(cygwin_sendto): Use overlapped socket io if available.
(cygwin_recvfrom): Ditto.
(cygwin_recv): Ditto.
(cygwin_send): Ditto.
* security.cc (subauth): Set Win32 error to 0 to safely ask for the
error code of dynamically loaded function `LsaRegisterLogonProcess'.
Add LoadDLLfuncEx statements for AllocateLocallyUniqueId@4,
DuplicateTokenEx@24, LsaNtStatusToWinError@4,
LsaDeregisterLogonProcess@4, LsaFreeReturnBuffer@4,
LsaLogonUser@56, LsaLookupAuthenticationPackage@12,
LsaRegisterLogonProcess@12,
* environ.cc: Add extern declaration for `subauth_id'.
(subauth_id_init): New function for setting `subauth_id'.
(struct parse_thing): Add entry for `subauth_id'.
* fork.cc (fork_parent): Call `RevertToSelf' and
`ImpersonateLoggedOnUser' instead of `seteuid'.
* security.cc: Define global variable `subauth_id'.
(extract_nt_dom_user): New function.
(cygwin_logon_user): Call `extract_nt_dom_user' now.
(str2lsa): New static function.
(str2buf2lsa): Ditto.
(str2buf2uni): Ditto.
(subauth): Ditto.
* security.h: Add prototype for `subauth'.
* spawn.cc (spawn_guts): Use cygheap->user.token only if impersonated.
Use `cygsid' type. Remove impersonation before allowing access to
workstation/desktop to everyone. Call `RevertToSelf' and
`ImpersonateLoggedOnUser' instead of `seteuid'.
* syscalls.cc (seteuid): Rearranged to allow using subauthentication
to retrieve user tokens when needed.
(read_etc_group): Substitute MAX_DOMAIN_NAME by
INTERNET_MAX_HOST_NAME_LENGTH.
* passwd.cc (parse_pwd): Don't force pw_name to be lower case.
* sec_helper.cc: Substitute MAX_USER_NAME by UNLEN,
MAX_COMPUTERNAME_LENGTH by INTERNET_MAX_HOST_NAME_LENGTH throughout.
(lookup_name): Slight cleanup.
* security.cc (alloc_sd): Substitute MAX_USER_NAME by UNLEN.
* security.h: Define DEFAULT_UID as DOMAIN_USER_RID_ADMIN and
DEFAULT_GID as DOMAIN_ALIAS_RID_ADMINS.
* shared.cc (memory_init): Substitute MAX_USER_NAME by UNLEN.
* thread.h: Ditto.
* uinfo.cc (internal_getlogin): Substitute MAX_USER_NAME by UNLEN.
Substitute MAX_COMPUTERNAME_LENGTH and MAX_HOST_NAME by
INTERNET_MAX_HOST_NAME_LENGTH.
* winsup.h: Include lmcons.h. Eliminate MAX_USER_NAME and
MAX_HOST_NAME. Move DEFAULT_UID and DEFAULT_GID to security.h.
* cygheap.cc: Include security.h.
* grp.cc (internal_getgrent): New function.
(getgroups): Rearranged using `internal_getgrent' and the new
`cygsid' class.
* passwd.cc (internal_getpwent): New function.
* sec_acl.cc: Use new `cygsid' class throughout.
(acl_access): Use `internal_getgrent' instead of `getgrent'.
* sec_helper.cc: Use new `cygsid' class throughout.
(get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
Use `internal_getpwent' instead of `getpwent'.
* security.cc: Use new `cygsid' class throughout.
* security.h: Move `MAX_SID_LEN' from winsup.h to here.
Add extern declarations for `internal_getgrent' and `internal_getpwent'.
(class cygsid): New class.
* shared.cc (sec_user): Use new `cygsid' class.
* syscalls.cc (seteuid): Try to set owner to user and primary group to
current group in impersonation token before performing impersonation.
(setegid): Try to set primary group in process token to the new group
if ntsec is on.
* uinfo.cc (internal_getlogin): Use new `cygsid' class.
Try to set owner to user and primary group to current group in process
token if the process has been started from a non cygwin process.
(uinfo_init): Set primary group only if the process has been started
from a non cygwin process.
* winsup.h: Move define for `MAX_SID_LEN' to security.h.
Corinna Vinschen
Christopher Faylor
Egor Duda