JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Drop max_sys_priv wincap

Browse Source 
Convert sys_privs to const struct with TOKEN_PRIVILEGES layout.
Drop function get_system_priv_list.  Just use pointer to sys_privs.

Dropping max_sys_priv from wincaps requires to make sure that the
bitfield is 8 byte aligned on x86_64, otherwise gcc (5.3 only?)
apparently breaks access to the bitfield (off by 4 bytes).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2015-12-15 16:34:40 +01:00
parent b15d129559
commit 67fd2101ab
5 changed files with 152 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
winsup/cygwin/environ.cc
View File

@ -83,22 +83,9 @@ set_winsymlinks (const char *buf)
allow_winsymlinks = WSYM_lnk; allow_winsymlinks = WSYM_lnk;
/* Make sure to try native symlinks only on systems supporting them. */ /* Make sure to try native symlinks only on systems supporting them. */
else if (ascii_strncasematch (buf, "native", 6)) else if (ascii_strncasematch (buf, "native", 6))
{
if (wincap.max_sys_priv () < SE_CREATE_SYMBOLIC_LINK_PRIVILEGE)
{
if (!user_shared->warned_nonativesyms)
{
small_printf ("\"winsymlinks:%s\" option detected in CYGWIN environment variable.\n"
"Native symlinks are not supported on Windows versions prior to\n"
"Windows Vista/Server 2008. This option will be ignored.\n", buf);
user_shared->warned_nonativesyms = 1;
}
}
else
allow_winsymlinks = ascii_strcasematch (buf + 6, "strict") allow_winsymlinks = ascii_strcasematch (buf + 6, "strict")
? WSYM_nativestrict : WSYM_native; ? WSYM_nativestrict : WSYM_native;
} }
}
/* The structure below is used to set up an array which is used to /* The structure below is used to set up an array which is used to
parse the CYGWIN environment variable or, if enabled, options from parse the CYGWIN environment variable or, if enabled, options from

8
winsup/cygwin/path.cc
View File

@ -1759,15 +1759,7 @@ symlink_worker (const char *oldpath, const char *newpath, bool isdevice)
wsym_type = WSYM_lnk; wsym_type = WSYM_lnk;
/* AFS only supports native symlinks. */ /* AFS only supports native symlinks. */
else if (win32_newpath.fs_is_afs ()) else if (win32_newpath.fs_is_afs ())
{
/* Bail out if OS doesn't support native symlinks. */
if (wincap.max_sys_priv () < SE_CREATE_SYMBOLIC_LINK_PRIVILEGE)
{
set_errno (EPERM);
__leave;
}
wsym_type = WSYM_nativestrict; wsym_type = WSYM_nativestrict;
}
/* Don't try native symlinks on FSes not supporting reparse points. */ /* Don't try native symlinks on FSes not supporting reparse points. */
else if ((wsym_type == WSYM_native || wsym_type == WSYM_nativestrict) else if ((wsym_type == WSYM_native || wsym_type == WSYM_nativestrict)
&& !(win32_newpath.fs_flags () & FILE_SUPPORTS_REPARSE_POINTS)) && !(win32_newpath.fs_flags () & FILE_SUPPORTS_REPARSE_POINTS))

129
winsup/cygwin/sec_auth.cc
View File

@ -598,68 +598,75 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid,
tmp_list += groups.pgsid; tmp_list += groups.pgsid;
} }
static ULONG sys_privs[] = { /* Fixed size TOKEN_PRIVILEGES list to reflect privileges given to the
SE_CREATE_TOKEN_PRIVILEGE, SYSTEM account by default. */
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, const struct
SE_LOCK_MEMORY_PRIVILEGE, {
SE_INCREASE_QUOTA_PRIVILEGE, DWORD PrivilegeCount;
SE_TCB_PRIVILEGE, LUID_AND_ATTRIBUTES Privileges[28];
SE_SECURITY_PRIVILEGE, } sys_privs =
SE_TAKE_OWNERSHIP_PRIVILEGE, {
SE_LOAD_DRIVER_PRIVILEGE, 28,
SE_SYSTEM_PROFILE_PRIVILEGE, /* Vista ONLY */ {
SE_SYSTEMTIME_PRIVILEGE, { { SE_CREATE_TOKEN_PRIVILEGE, 0 },
SE_PROF_SINGLE_PROCESS_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_INC_BASE_PRIORITY_PRIVILEGE, { { SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0 },
SE_CREATE_PAGEFILE_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_CREATE_PERMANENT_PRIVILEGE, { { SE_LOCK_MEMORY_PRIVILEGE, 0 },
SE_BACKUP_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_RESTORE_PRIVILEGE, { { SE_INCREASE_QUOTA_PRIVILEGE, 0 },
SE_SHUTDOWN_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_DEBUG_PRIVILEGE, { { SE_TCB_PRIVILEGE, 0 },
SE_AUDIT_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_SYSTEM_ENVIRONMENT_PRIVILEGE, { { SE_SECURITY_PRIVILEGE, 0 },
SE_CHANGE_NOTIFY_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_UNDOCK_PRIVILEGE, { { SE_TAKE_OWNERSHIP_PRIVILEGE, 0 },
SE_MANAGE_VOLUME_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_IMPERSONATE_PRIVILEGE, { { SE_LOAD_DRIVER_PRIVILEGE, 0 },
SE_CREATE_GLOBAL_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_INCREASE_WORKING_SET_PRIVILEGE, { { SE_SYSTEM_PROFILE_PRIVILEGE, 0 },
SE_TIME_ZONE_PRIVILEGE, SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
SE_CREATE_SYMBOLIC_LINK_PRIVILEGE { { SE_SYSTEMTIME_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_INC_BASE_PRIORITY_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_CREATE_PAGEFILE_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_CREATE_PERMANENT_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_BACKUP_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_RESTORE_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_SHUTDOWN_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_DEBUG_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_AUDIT_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_CHANGE_NOTIFY_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_UNDOCK_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_MANAGE_VOLUME_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_IMPERSONATE_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_CREATE_GLOBAL_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_INCREASE_WORKING_SET_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_TIME_ZONE_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ { SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0 },
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
}
}; };
#define SYSTEM_PRIVILEGES_COUNT (sizeof sys_privs / sizeof *sys_privs)
static PTOKEN_PRIVILEGES
get_system_priv_list (size_t &size)
{
ULONG max_idx = 0;
while (max_idx < SYSTEM_PRIVILEGES_COUNT
&& sys_privs[max_idx] != wincap.max_sys_priv ())
++max_idx;
if (max_idx >= SYSTEM_PRIVILEGES_COUNT)
api_fatal ("Coding error: wincap privilege %u doesn't exist in sys_privs",
wincap.max_sys_priv ());
size = sizeof (ULONG) + (max_idx + 1) * sizeof (LUID_AND_ATTRIBUTES);
PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (size);
if (!privs)
{
debug_printf ("malloc (system_privs) failed.");
return NULL;
}
privs->PrivilegeCount = 0;
for (ULONG i = 0; i <= max_idx; ++i)
{
privs->Privileges[privs->PrivilegeCount].Luid.HighPart = 0L;
privs->Privileges[privs->PrivilegeCount].Luid.LowPart = sys_privs[i];
privs->Privileges[privs->PrivilegeCount].Attributes =
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
++privs->PrivilegeCount;
}
return privs;
}
static PTOKEN_PRIVILEGES static PTOKEN_PRIVILEGES
get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list, get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
size_t &size, cygpsid *mandatory_integrity_sid) size_t &size, cygpsid *mandatory_integrity_sid)
@ -672,7 +679,7 @@ get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
{ {
if (mandatory_integrity_sid) if (mandatory_integrity_sid)
*mandatory_integrity_sid = mandatory_system_integrity_sid; *mandatory_integrity_sid = mandatory_system_integrity_sid;
return get_system_priv_list (size); return (PTOKEN_PRIVILEGES) &sys_privs;
} }
if (mandatory_integrity_sid) if (mandatory_integrity_sid)

15
winsup/cygwin/wincap.cc
View File

@ -19,7 +19,7 @@ details. */
wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = { wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
def_guard_pages:1, def_guard_pages:1,
max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, {
is_server:false, is_server:false,
needs_count_in_si_lpres2:true, needs_count_in_si_lpres2:true,
has_gaa_largeaddress_bug:true, has_gaa_largeaddress_bug:true,
@ -31,11 +31,12 @@ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
has_broken_prefetchvm:false, has_broken_prefetchvm:false,
has_new_pebteb_region:false, has_new_pebteb_region:false,
has_broken_whoami:true, has_broken_whoami:true,
},
}; };
wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = { wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
def_guard_pages:1, def_guard_pages:1,
max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
has_gaa_largeaddress_bug:true, has_gaa_largeaddress_bug:true,
@ -47,11 +48,12 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_broken_prefetchvm:false, has_broken_prefetchvm:false,
has_new_pebteb_region:false, has_new_pebteb_region:false,
has_broken_whoami:true, has_broken_whoami:true,
},
}; };
wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = { wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
def_guard_pages:2, def_guard_pages:2,
max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
@ -63,11 +65,12 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_broken_prefetchvm:false, has_broken_prefetchvm:false,
has_new_pebteb_region:false, has_new_pebteb_region:false,
has_broken_whoami:false, has_broken_whoami:false,
},
}; };
wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = { wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = {
def_guard_pages:2, def_guard_pages:2,
max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
@ -79,11 +82,12 @@ wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_broken_prefetchvm:true, has_broken_prefetchvm:true,
has_new_pebteb_region:false, has_new_pebteb_region:false,
has_broken_whoami:false, has_broken_whoami:false,
},
}; };
wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) = { wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) = {
def_guard_pages:2, def_guard_pages:2,
max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, {
is_server:false, is_server:false,
needs_count_in_si_lpres2:false, needs_count_in_si_lpres2:false,
has_gaa_largeaddress_bug:false, has_gaa_largeaddress_bug:false,
@ -95,6 +99,7 @@ wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) =
has_broken_prefetchvm:false, has_broken_prefetchvm:false,
has_new_pebteb_region:true, has_new_pebteb_region:true,
has_broken_whoami:false, has_broken_whoami:false,
},
}; };
wincapc wincap __attribute__((section (".cygwin_dll_common"), shared)); wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));

6
winsup/cygwin/wincap.h
View File

@ -12,7 +12,9 @@ details. */
struct wincaps struct wincaps
{ {
DWORD def_guard_pages; DWORD def_guard_pages;
DWORD max_sys_priv; /* The bitfields must be 8 byte aligned on x86_64, otherwise the bitfield
ops generated by gcc are off by 4 bytes. */
struct __attribute__ ((aligned (8))) {
unsigned is_server : 1; unsigned is_server : 1;
unsigned needs_count_in_si_lpres2 : 1; unsigned needs_count_in_si_lpres2 : 1;
unsigned has_gaa_largeaddress_bug : 1; unsigned has_gaa_largeaddress_bug : 1;
@ -25,6 +27,7 @@ struct wincaps
unsigned has_new_pebteb_region : 1; unsigned has_new_pebteb_region : 1;
unsigned has_broken_whoami : 1; unsigned has_broken_whoami : 1;
}; };
};
class wincapc class wincapc
{ {
@ -53,7 +56,6 @@ public:
{ {
return ((wincaps *) this->caps)->def_guard_pages * page_size (); return ((wincaps *) this->caps)->def_guard_pages * page_size ();
} }
DWORD IMPLEMENT (max_sys_priv)
bool IMPLEMENT (is_server) bool IMPLEMENT (is_server)
bool IMPLEMENT (needs_count_in_si_lpres2) bool IMPLEMENT (needs_count_in_si_lpres2)
bool IMPLEMENT (has_gaa_largeaddress_bug) bool IMPLEMENT (has_gaa_largeaddress_bug)