JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2006-07-25 Corinna Vinschen <corinna@vinschen.de>

Browse Source 
* include/cygwin/version.h: Bump DLL version to 1.7.0.

2006-07-25  Corinna Vinschen  <corinna@vinschen.de>

	* select.h: Remove.
	* fhandler_socket.cc: Don't include select.h.
	* select.cc: Ditto.

2006-07-25  Corinna Vinschen  <corinna@vinschen.de>

	* cygtls.h: Drop socket related includes.
	(struct _local_storage): Remove exitsock and exitsock_sin. Add
	select_sockevt.
	* cygtls.cc: Accomodate above change throughout.
	* fhandler.h (class fhandler_socket): Make wsock_evt public.
	* fhandler_socket.cc (fhandler_socket::fhandler_socket): Accomodate
	reordering members.
	(fhandler_socket::evaluate_events): Drop FD_CONNECT event as soon as
	it gets read once.  Never remove FD_WRITE event here.
	(fhandler_socket::wait_for_events): Wait 50 ms instead of INFINITE for
	socket events.
	(fhandler_socket::accept): Fix conditional.  Set wsock_events members
	of accepted socket to useful start values.
	(fhandler_socket::recv_internal): Always drop FD_READ/FD_OOB events from
	wsock_events after the call to WSARecvFrom.
	(fhandler_socket::send_internal): Drop FD_WRITE event from wsock_events
	if the call to WSASendTo fails with WSAEWOULDBLOCK.  Fix return value
	condition.
	* select.cc (struct socketinf): Change to accomodate using socket event
	handling.
	(peek_socket): Use event handling for peeking socket.
	(thread_socket): Ditto.
	(start_thread_socket): Ditto.
	(socket_cleanup): Same here.
	* tlsoffsets.h: Regenerate.

2006-07-20  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler.h (class fhandler_socket): Rearrange slightly to keep
	event handling methods and members together.  Drop owner status flag.
	Split wait method.  Rename event handling methods for readability.
	* fhandler_socket.cc (struct wsa_event): Add owner field.
	(LOCK_EVENTS): New macro.
	(UNLOCK_EVENTS): Ditto.
	(fhandler_socket::init_events): rename from prepare.
	(fhandler_socket::evaluate_events): First half of former wait method.
	Do everything but wait.  Allow specifiying whether or not events from
	event_mask should be erased from wsock_events->events.  Simplify
	OOB handling.  Allow sending SIGURG to any process (group).
	(fhandler_socket::wait_for_events): Second half of former wait method.
	Call evaluate_events and wait in a loop if socket is blocking.
	(fhandler_socket::release_events): Rename from release.
	(fhandler_socket::connect): Accomodate above name changes.
	(fhandler_socket::accept): Ditto.
	(fhandler_socket::recv_internal): Ditto.
	(fhandler_socket::send_internal): Ditto.
	(fhandler_socket::close): Ditto.
	(fhandler_socket::fcntl): Always set owner to given input value on
	F_SETOWN.  Handle F_GETOWN.
	* net.cc (fdsock): Accomodate above name changes.

2006-07-20  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::wait): Set Winsock errno to
	WSAEWOULDBLOCK instead of WSAEINPROGRESS.

2006-07-18  Brian Ford  <Brian.Ford@FlightSafety.com>
	    Corinna Vinschen  <corinna@vinschen.de>

	* winsup.h (mmap_region_status): New enum.
	(mmap_is_attached_or_noreserve_page): Adjust prototype and rename
	as below.
	* mmap.cc (mmap_is_attached_or_noreserve_page):  Rename
	mmap_is_attached_or_noreserve.  Add region length parameter.
	Return enum above.
	* exceptions.cc (_cygtls::handle_exceptions): Accomodate above.
	* fhandler.cc (fhandler_base::raw_read): Call above for NOACCESS
	errors and retry on success to allow reads into untouched
	MAP_NORESERVE buffers.

2006-07-18  Corinna Vinschen  <corinna@vinschen.de>

	* cygwin.din (posix_openpt): Export.
	* tty.cc (posix_openpt): New function.
	* include/cygwin/stdlib.h (posix_openpt): Declare.
	* include/cygwin/version.h: Bump API minor number.

2006-07-14  Corinna Vinschen  <corinna@vinschen.de>

	* security.cc (get_token_group_sidlist): Always add the interactive
	group to the token.  Add comment.  Create logon_id group SID by
	copying it from incoming group list.
	(create_token): Add subauth_token parameter.  Use information in
	subauth_token if present.  Tweak SourceIdentifier if subauth_token
	is present for debugging purposes.
	* security.h (create_token): Add subauth_token parameter in declaration.
	* syscalls.cc (seteuid32): Call subauth first.  Call create_token
	regardless.  Use subauth token in call to create_token if subauth
	succeeded.

2006-07-13  Corinna Vinschen  <corinna@vinschen.de>

	* include/netinet/in.h: Update copyright.

2006-07-13  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::wait): Rework function so that
	WaitForMultipleObjects is really only called when necessary.

2006-07-12  Corinna Vinschen  <corinna@vinschen.de>

	* include/netdb.h: Declare rcmd, rcmd_af, rexec, rresvport,
	rresvport_af, iruserok, iruserok_sa, ruserok.

2006-07-12  Corinna Vinschen  <corinna@vinschen.de>

	* Makefile.in (DLL_OFILES): Drop iruserok.o.  Add rcmd.o.
	* autoload.cc (rcmd): Drop definition.
	* cygwin.din: Export bindresvport, bindresvport_sa, iruserok_sa,
	rcmd_af, rresvport_af.
	* net.cc (cygwin_rcmd): Remove.
	(last_used_bindresvport): Rename from last_used_rrecvport.
	(cygwin_bindresvport_sa): New function implementing bindresvport_sa.
	(cygwin_bindresvport): New function implementing bindresvport.
	(cygwin_rresvport): Remove.
	* include/cygwin/version.h: Bump API minor number.
	* include/netinet/in.h: Declare bindresvport and bindresvport_sa.
	* libc/iruserok.c: Remove file.
	* libc/rcmd.cc: New file implementing rcmd, rcmd_af, rresvport,
	rresvport_af, iruserok_sa, iruserok and ruserok.

2006-07-12  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::getsockname): Return valid
	result for unbound sockets.

2006-07-11  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::fixup_after_fork): Handle
	wsock_mtx and wsock_evt on fork, thus handling close_on_exec correctly.
	(fhandler_socket::fixup_after_exec): Drop misguided attempt to handle
	close_on_exec here.
	(fhandler_socket::dup): Call fixup_after_fork with NULL parent.
	Add comment.
	(fhandler_socket::set_close_on_exec): Handle wsock_mtx and wsock_evt.

2006-07-10  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler.h (class fhandler_socket): Add wsock_mtx, wsock_evt
	and wsock_events members.  Remove closed status flag, add listener
	status flag.  Accomodate new implementation of socket event handling
	methods.  Declare recv* and send* functions ssize_t as the POSIX
	equivalents.
	(fhandler_socket::recv_internal): Declare.
	(fhandler_socket::send_internal): Ditto.
	* fhandler_socket.cc (EVENT_MASK): Define mask of selected events.
	(fhandler_socket::fhandler_socket): Initialize new members.
	(fhandler_socket::af_local_setblocking): Don't actually set the
	socket to blocking mode.  Keep sane event selection.
	(fhandler_socket::af_local_unsetblocking): Don't actually set the
	socket to previous blocking setting, just remember it.
	(struct wsa_event): New structure to keep event data per shared
	socket.
	(NUM_SOCKS): Define number of shared sockets concurrently handled by
	all active Cygwin processes.
	(wsa_events): New shared datastructure keeping all wsa_event records.
	(socket_serial_number): New shared variable to identify shared sockets.
	(wsa_slot_mtx): Global mutex to serialize wsa_events access.
	(search_wsa_event_slot): New static function to select a new wsa_event
	slot for a new socket.
	(fhandler_socket::prepare): Rewrite.  Prepare event selection
	per new socket.
	(fhandler_socket::wait): Rewrite.  Wait for socket events in thread
	safe and multiple process safe.
	(fhandler_socket::release): Rewrite.  Close per-socket descriptor
	mutex handle and event handle.
	(fhandler_socket::dup): Duplicate wsock_mtx and wsock_evt.  Fix
	copy-paste error in debug output.
	(fhandler_socket::connect): Accomodate new event handling.
	(fhandler_socket::listen): Set listener flag on successful listen.
	(fhandler_socket::accept): Accomodate new event handling.
	(fhandler_socket::recv_internal): New inline method centralizing
	common recv code.
	(fhandler_socket::recvfrom): Call recv_internal now.
	(fhandler_socket::recvmsg): Ditto.  Streamline copying from iovec
	to WSABUF.
	(fhandler_socket::send_internal): New inline method centralizing
	common send code.
	(fhandler_socket::sendto): Call send_internal now.
	(fhandler_socket::sendmsg): Ditto.  Streamline copying from iovec
	to WSABUF.
	(fhandler_socket::close): Call release now.
	(fhandler_socket::ioctl): Never actually switch to blocking mode.
	Just keep track of the setting.
	* net.cc (fdsock): Call prepare now.
	(cygwin_connect): Revert again to event driven technique.
	(cygwin_accept): Ditto.
	* poll.cc (poll): Don't call recvfrom on a listening socket.
	Remove special case for failing recvfrom.
	* include/sys/socket.h: Declare recv* and send* functions ssize_t as
	requested by POSIX.

2006-07-07  Corinna Vinschen  <corinna@vinschen.de>

	* net.cc (cygwin_inet_ntop): Fix data type of forth parameter.

2006-07-06  Corinna Vinschen  <corinna@vinschen.de>

	* include/cygwin/in6.h (struct in6_addr): Fix typo.

2006-07-06  Corinna Vinschen  <corinna@vinschen.de>

	* cygwin.din: Export in6addr_any, in6addr_loopback, freeaddrinfo,
	gai_strerror, getaddrinfo, getnameinfo.
	* fhandler_socket.cc: Include cygwin/in6.h.
	(get_inet_addr): Accomodate AF_INET6 usage.
	(fhandler_socket::connect): Ditto.
	(fhandler_socket::listen): Ditto.
	(fhandler_socket::sendto): Ditto.
	* net.cc: Include cygwin/in6.h.
	(in6addr_any): Define.
	(in6addr_loopback): Define.
	(cygwin_socket): Accomodate AF_INET6 usage.
	(socketpair): Bind socketpairs only to loopback for security.
	(inet_pton4): New static function.
	(inet_pton6): Ditto.
	(cygwin_inet_pton): New AF_INET6 aware inet_pton implementation.
	(inet_ntop4): New static function.
	(inet_ntop6): Ditto.
	(cygwin_inet_ntop): New AF_INET6 aware inet_ntop implementation.
	(ga_aistruct): New static function.
	(ga_clone): Ditto.
	(ga_echeck): Ditto.
	(ga_nsearch): Ditto.
	(ga_port): Ditto.
	(ga_serv): Ditto.
	(ga_unix): Ditto.
	(gn_ipv46): Ditto.
	(ipv4_freeaddrinfo): Ditto.
	(ipv4_getaddrinfo): Ditto.
	(ipv4_getnameinfo): Ditto.
	(gai_errmap_t): New structure holding error code - error string mapping.
	(cygwin_gai_strerror): New function implementing gai_strerror.
	(w32_to_gai_err): New static function.
	(get_ipv6_funcs): Ditto.
	(load_ipv6_funcs): Ditto.
	(cygwin_freeaddrinfo): New function implementing freeaddrinfo.
	(cygwin_getaddrinfo): New function implementing getaddrinfo.
	(cygwin_getnameinfo): New function implementing getnameinfo.
	* include/netdb.h: Include stdint.h and cygwin/socket.h.  Define
	data types and macros used by getaddrinfo and friends.  Declare
	freeaddrinfo, gai_strerror, getaddrinfo and getnameinfo.
	* include/cygwin/in.h: Add IPv6 related IPPROTOs. Remove definition
	of struct sockaddr_in6.  Include cygwin/in6.h instead.
	* include/cygwin/in6.h: New header file defining IPv6 releated
	data types and macros.
	* include/cygwin/socket.h: Enable AF_INET6 and PF_INET6.  Add
	IPv6 related socket options.
	* include/cygwin/version.h: Bump API minor number.

2006-07-06  Corinna Vinschen  <corinna@vinschen.de>

	* autoload.cc (DsGetDcNameA): Define.
	(NetGetAnyDCName): Define.
	* security.cc: Include dsgetdc.h.
	(DsGetDcNameA): Declare.
	(DS_FORCE_REDISCOVERY): Define.
	(get_logon_server): Add bool parameter to control rediscovery of DC.
	Use DsGetDcNameA function if supported, NetGetDCName/NetGetAnyDCName
	otherwise.
	(get_server_groups): Rediscover DC if get_user_groups fails and
	try again.
	(get_reg_security): Use correct error code macro when testing
	RegGetKeySecurity return value.
	* security.h (get_logon_server): Remove default vaue from wserver
	parameter.  Add rediscovery parameter.
	* uinfo.cc (cygheap_user::env_logsrv): Accomodate rediscovery parameter
	in call to get_logon_server.
This commit is contained in:
Corinna Vinschen
2006-07-25 19:23:23 +00:00
parent e9d500b6a0
commit 70e476d27b
32 changed files with 3554 additions and 1273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
winsup/cygwin/security.cc
View File

@ -28,6 +28,7 @@ details. */
#include <ntsecapi.h>
#include <subauth.h>
#include <aclapi.h>
#include <dsgetdc.h>
#include "cygerrno.h"
#include "security.h"
#include "path.h"
@ -208,13 +209,21 @@ close_local_policy (LSA_HANDLE &lsa)
lsa = INVALID_HANDLE_VALUE;
}
/* CV, 2006-07-06: Missing in w32api. */
extern "C" DWORD WINAPI DsGetDcNameA (LPCSTR, LPCSTR, GUID *, LPCSTR, ULONG,
PDOMAIN_CONTROLLER_INFOA *);
#define DS_FORCE_REDISCOVERY 1
bool
get_logon_server (const char *domain, char *server, WCHAR *wserver)
get_logon_server (const char *domain, char *server, WCHAR *wserver,
bool rediscovery)
{
WCHAR wdomain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
NET_API_STATUS ret;
DWORD dret;
PDOMAIN_CONTROLLER_INFOA pci;
NET_API_STATUS nret;
WCHAR *buf;
DWORD size = INTERNET_MAX_HOST_NAME_LENGTH + 1;
WCHAR wdomain[size];
/* Empty domain is interpreted as local system */
if ((GetComputerName (server + 2, &size)) &&
@ -226,18 +235,37 @@ get_logon_server (const char *domain, char *server, WCHAR *wserver)
return true;
}
/* Try to get the primary domain controller for the domain */
sys_mbstowcs (wdomain, domain, INTERNET_MAX_HOST_NAME_LENGTH + 1);
if ((ret = NetGetDCName (NULL, wdomain, (LPBYTE *) &buf)) == STATUS_SUCCESS)
/* Try to get any available domain controller for this domain */
dret = DsGetDcNameA (NULL, domain, NULL, NULL,
rediscovery ? DS_FORCE_REDISCOVERY : 0, &pci);
if (dret == ERROR_SUCCESS)
{
sys_wcstombs (server, INTERNET_MAX_HOST_NAME_LENGTH + 1, buf);
if (wserver)
for (WCHAR *ptr1 = buf; (*wserver++ = *ptr1++);)
;
NetApiBufferFree (buf);
strcpy (server, pci->DomainControllerName);
sys_mbstowcs (wserver, server, INTERNET_MAX_HOST_NAME_LENGTH + 1);
NetApiBufferFree (pci);
debug_printf ("DC: rediscovery: %d, server: %s", rediscovery, server);
return true;
}
__seterrno_from_win_error (ret);
else if (dret == ERROR_PROC_NOT_FOUND)
{
/* NT4 w/o DSClient */
sys_mbstowcs (wdomain, domain, INTERNET_MAX_HOST_NAME_LENGTH + 1);
if (rediscovery)
nret = NetGetAnyDCName (NULL, wdomain, (LPBYTE *) &buf);
else
nret = NetGetDCName (NULL, wdomain, (LPBYTE *) &buf);
if (nret == NERR_Success)
{
sys_wcstombs (server, INTERNET_MAX_HOST_NAME_LENGTH + 1, buf);
if (wserver)
for (WCHAR *ptr1 = buf; (*wserver++ = *ptr1++);)
;
NetApiBufferFree (buf);
debug_printf ("NT: rediscovery: %d, server: %s", rediscovery, server);
return true;
}
}
__seterrno_from_win_error (nret);
return false;
}
@ -473,7 +501,11 @@ get_token_group_sidlist (cygsidlist &grp_list, PTOKEN_GROUPS my_grps,
grp_list += well_known_network_sid;
if (sid_in_token_groups (my_grps, well_known_batch_sid))
grp_list += well_known_batch_sid;
if (sid_in_token_groups (my_grps, well_known_interactive_sid))
/* This is a problem on 2K3 (only domain controllers?!?) which only
enables tools for selected special groups. A subauth token is
only NETWORK, but NETWORK has no access to these tools. Therefore
we always add INTERACTIVE here. */
/*if (sid_in_token_groups (my_grps, well_known_interactive_sid))*/
grp_list += well_known_interactive_sid;
if (sid_in_token_groups (my_grps, well_known_service_sid))
grp_list += well_known_service_sid;
@ -485,11 +517,13 @@ get_token_group_sidlist (cygsidlist &grp_list, PTOKEN_GROUPS my_grps,
}
if (get_ll (auth_luid) != 999LL) /* != SYSTEM_LUID */
{
char buf[64];
__small_sprintf (buf, "S-1-5-5-%u-%u", auth_luid.HighPart,
auth_luid.LowPart);
grp_list += buf;
auth_pos = grp_list.count - 1;
for (DWORD i = 0; i < my_grps->GroupCount; ++i)
if (my_grps->Groups[i].Attributes & SE_GROUP_LOGON_ID)
{
grp_list += my_grps->Groups[i].Sid;
auth_pos = grp_list.count - 1;
break;
}
}
}
@ -511,7 +545,9 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
grp_list += well_known_world_sid;
grp_list += well_known_authenticated_users_sid;
extract_nt_dom_user (pw, domain, user);
if (get_logon_server (domain, server, wserver))
if (get_logon_server (domain, server, wserver, false)
&& !get_user_groups (wserver, grp_list, user, domain)
&& get_logon_server (domain, server, wserver, true))
get_user_groups (wserver, grp_list, user, domain);
get_unix_group_sidlist (pw, grp_list);
return get_user_local_groups (grp_list, usersid);
@ -780,7 +816,8 @@ done:
}
HANDLE
create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw,
HANDLE subauth_token)
{
NTSTATUS ret;
LSA_HANDLE lsa = INVALID_HANDLE_VALUE;
@ -803,7 +840,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
TOKEN_STATISTICS stats;
memcpy (source.SourceName, "Cygwin.1", 8);
source.SourceIdentifier.HighPart = 0;
source.SourceIdentifier.LowPart = 0x0101;
source.SourceIdentifier.LowPart = (subauth_token ? 0x0102 : 0x0101);
HANDLE token = INVALID_HANDLE_VALUE;
HANDLE primary_token = INVALID_HANDLE_VALUE;
@ -824,33 +861,60 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
owner.Owner = usersid;
/* Retrieve authentication id and group list from own process. */
if (hProcToken)
HANDLE get_token;
if (subauth_token)
{
debug_printf ("get_token = subauth_token");
get_token = subauth_token;
}
else
{
debug_printf ("get_token = hProcToken");
get_token = hProcToken;
}
if (get_token)
{
/* Switching user context to SYSTEM doesn't inherit the authentication
id of the user account running current process. */
if (usersid != well_known_system_sid)
if (!GetTokenInformation (hProcToken, TokenStatistics,
if (!GetTokenInformation (get_token, TokenStatistics,
&stats, sizeof stats, &size))
debug_printf
("GetTokenInformation(hProcToken, TokenStatistics), %E");
("GetTokenInformation(get_token, TokenStatistics), %E");
else
auth_luid = stats.AuthenticationId;
/* Retrieving current processes group list to be able to inherit
some important well known group sids. */
if (!GetTokenInformation (hProcToken, TokenGroups, NULL, 0, &size) &&
GetLastError () != ERROR_INSUFFICIENT_BUFFER)
debug_printf ("GetTokenInformation(hProcToken, TokenGroups), %E");
if (!GetTokenInformation (get_token, TokenGroups, NULL, 0, &size)
&& GetLastError () != ERROR_INSUFFICIENT_BUFFER)
debug_printf ("GetTokenInformation(get_token, TokenGroups), %E");
else if (!(my_tok_gsids = (PTOKEN_GROUPS) malloc (size)))
debug_printf ("malloc (my_tok_gsids) failed.");
else if (!GetTokenInformation (hProcToken, TokenGroups, my_tok_gsids,
else if (!GetTokenInformation (get_token, TokenGroups, my_tok_gsids,
size, &size))
{
debug_printf ("GetTokenInformation(hProcToken, TokenGroups), %E");
debug_printf ("GetTokenInformation(get_token, TokenGroups), %E");
free (my_tok_gsids);
my_tok_gsids = NULL;
}
}
if (subauth_token)
{
if (!GetTokenInformation (subauth_token, TokenPrivileges, NULL, 0, &size)
&& GetLastError () != ERROR_INSUFFICIENT_BUFFER)
debug_printf ("GetTokenInformation(subauth_token, TokenPrivileges), %E");
else if (!(privs = (PTOKEN_PRIVILEGES) malloc (size)))
debug_printf ("malloc (privs) failed.");
else if (!GetTokenInformation (subauth_token, TokenPrivileges, privs,
size, &size))
{
debug_printf ("GetTokenInformation(subauth_token, TokenPrivileges), %E");
free (privs);
privs = NULL;
}
}
/* Create list of groups, the user is member in. */
int auth_pos;
@ -878,7 +942,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
new_tok_gsids->Groups[auth_pos].Attributes |= SE_GROUP_LOGON_ID;
/* Retrieve list of privileges of that user. */
if (!(privs = get_priv_list (lsa, usersid, tmp_gsids)))
if (!privs && !(privs = get_priv_list (lsa, usersid, tmp_gsids)))
goto out;
/* Let's be heroic... */
@ -1299,7 +1363,7 @@ get_reg_security (HANDLE handle, security_descriptor &sd_ret)
| OWNER_SECURITY_INFORMATION,
sd_ret, &len);
}
if (ret != STATUS_SUCCESS)
if (ret != ERROR_SUCCESS)
{
__seterrno ();
return -1;