* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
Change FS_IS_SAMBA and FS_IS_SAMBA_WITH_QUOTA and their usage
accordingly. Define FS_IS_NETAPP_DATAONTAP. Recognize NetApp device
and store in is_netapp flag. Mark NetApp device as having no good
inodes.
* path.h (struct fs_info): Add is_netapp flag. Add matching accessors.
* security.cc (create_token): Drop grps_buf. Use alloca instead.
Only add the MIC SID to the TOKEN_GROUPS list for the NtCreateToken
call. If the subauthentication token exists, use its MIC SID.
Set SID Attributes for the MIC SID to 0.
(well_known_this_org_sid): New well known sid.
(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
(mandatory_medium_integrity_sid): New well known sid.
(mandatory_high_integrity_sid): Ditto.
(mandatory_system_integrity_sid): Ditto.
(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY. Allow all
authorities fitting in a UCHAR.
* security.cc (get_token_group_sidlist): Always add the local
group to the token. Add comment. Add "This Organization" group
if available in incoming group list.
(get_server_groups): Only add world and authenticated users groups
if not already in list.
(create_token): Add matching mandatory integrity SID to group list
on systems supporting Mandatory Integrity Control.
* security.h (well_known_this_org_sid): Define.
(mandatory_medium_integrity_sid): Define.
(mandatory_high_integrity_sid): Define.
(mandatory_system_integrity_sid): Define.
* wincap.h: Define has_mandatory_integrity_control throughout.
* wincap.cc: Ditto.
paths in symlinks to POSIX.
(symlink_info::check_shortcut): Allocate buf allowing for a trailing 0.
Call posixify on the result.
(symlink_info::check_sysfile): Read from file into local buffer.
Eliminate old b16 considerations. Call posixify on the result.
(symlink_info::check_reparse_point): Don't use PrintName but
SubstituteName which is relevant for Windows' path handling.
Call posixify on the result.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
Set type.
(security_descriptor::realloc): Handle the case that psd has been
allocated using LocalAlloc. Set type.
(security_descriptor::free): Ditto.
* security.cc (get_nt_attribute): Remove.
(get_reg_security): Remove.
(get_nt_object_security): Use GetSecurityInfo which handles all
securable objects.
(get_nt_object_attribute): Remove.
(get_object_attribute): Call get_nt_object_security instead of
get_nt_object_attribute.
(get_file_attribute): Ditto.
(check_registry_access): Call get_nt_object_security instead of
get_reg_security.
* security.h (cygpsid::operator PSID): Make method const, not the
result.
(class security_descriptor): Add type member. Accomodate throughout.
(security_descriptor::copy): New method.
(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
actually created a handle. This handles the registry root dir.
* fhandler_registry.cc (fhandler_registry::open): Set io_handle in
case of opening one of the predefined registry keys.
for registry keys/values if ntsec is on.
* security.cc (check_access): New static function derived from
check_file_access, but object type agnostic.
(check_file_access): Only do file specific stuff. Call check_access.
(check_registry_access): New access check function for registry keys/
values.
* security.h (check_registry_access): Declare.
(class fhandler_registry): Add wow64 and prefix_len members.
Declare set_name method.
* fhandler_proc.cc (PROC_REGISTRY32): Define.
(PROC_REGISTRY64): Define.
(proc_listing): Add "registry32" and "registry64" elements.
(proc_fhandlers): Add corresponding FH_REGISTRY values.
* fhandler_registry.cc (registry_len): Drop static value in favor of
class member prefix_len. Use preifx_len instead of registry_len
throughout.
(fhandler_registry::set_name): Define. Set wow64 and prefix_len
according to directory prefix.
(fhandler_registry::fhandler_registry): Set wow64 and prefix_len to
default values.
(open_key): Add wow64 argument. Handle wow64 in call to RegOpenKeyEx.
Use fhandler_registry member wow64 in this place throughout.
* glob.cc: New file. Latest glob version from FreeBSD plus Cygwin
specific changes (__stat64/__stat32, ignore_case_with_glob,
drop collate functions).
(glob3): Return GLOB_ABORTED in case directory is unreadable and
GLOB_ERR is set, as demanded by SUSv3.
* glob.h: Import latest version from FreeBSD.
(Wow64RevertWow64FsRedirection): Define.
* security.cc (cygsuba_installed): New shared variable to store result
of cygsuba.dll installation test.
(subauth): Check if cygsuba.dll has been installed and registered
before issuing the (sub)authentication.
allocated arrays. Add max_w4 member to keep track.
(thread_socket): Make timeout depending on number of sockets to wait
for. Loop WFMO over all sockets.
(start_thread_socket): Handle any number of sockets. Fix typo. Don't
close socket event in out of memory condition.
(socket_cleanup): Free ser_num and w4.
(mount_info::conv_to_win32_path): Update comment.
* fhandler_disk_file.cc (path_conv::ndisk_links): Use backslashes
to make NT kernel functions work for \\?\GLOBALROOT paths.
performance on remote shares.
(fhandler_disk_file::opendir): Move comment about Samba weirdness into
fhandler_disk_file::readdir. Don't disallow
FileIdBothDirectoryInformation on Samba.
(fhandler_disk_file::readdir): Workaround Samba problem with
FileIdBothDirectoryInformation by rereading already read entries
using FileBothDirectoryInformation. Change comment about Samba
weirdness explaining this change.
vmin_ > ulen case into account. Simplify evaluating the bytes to read.
Don't use bytes in Queue value from ClearCommError call in case vtime_
is > 0. Reformat GetOverlappedResult call. Simplify call to ReadFile.
Corinna Vinschen
Christopher Faylor