Throughout remove all usage of wincap.has_security.

* environ.cc (environ_init): Drop setting allow_ntsec here.
	* grp.cc (initgroups32): Drop usage of label "out".
	* security.cc (allow_ntsec): Set to true by default.
	* syscalls.cc (seteuid32): Remove label success_9x.
	* wincap.cc: Remove has_security throughout.
	* wincap.h: Ditto.
This commit is contained in:
Corinna Vinschen
2007-02-23 15:15:50 +00:00
parent 9fa43ff6c6
commit a76877e977
16 changed files with 98 additions and 161 deletions

View File

@@ -1,3 +1,13 @@
2007-02-23 Corinna Vinschen <corinna@vinschen.de>
Throughout remove all usage of wincap.has_security.
* environ.cc (environ_init): Drop setting allow_ntsec here.
* grp.cc (initgroups32): Drop usage of label "out".
* security.cc (allow_ntsec): Set to true by default.
* syscalls.cc (seteuid32): Remove label success_9x.
* wincap.cc: Remove has_security throughout.
* wincap.h: Ditto.
2007-02-23 Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (class fhandler_pipe): Remove members writepipe_exists,

View File

@@ -1,6 +1,6 @@
/* cygtls.cc
Copyright 2003, 2004, 2005, 2006 Red Hat, Inc.
Copyright 2003, 2004, 2005, 2006, 2007 Red Hat, Inc.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
@@ -113,7 +113,6 @@ _cygtls::init_thread (void *x, DWORD (*func) (void *, void *))
|| (void *) func == (void *) cygthread::simplestub)
return;
if (wincap.has_security ())
cygheap->user.reimpersonate ();
sentry here (INFINITE);

View File

@@ -734,7 +734,6 @@ dll_crt0_0 ()
DuplicateHandle (hMainProc, GetCurrentThread (), hMainProc,
&hMainThread, 0, false, DUPLICATE_SAME_ACCESS);
if (wincap.has_security ())
OpenProcessToken (hMainProc, MAXIMUM_ALLOWED, &hProcToken);
device::init ();
@@ -841,7 +840,6 @@ dll_crt0_1 (void *)
pinfo_init (envp, envc);
/* Can be set only after environment has been initialized. */
if (wincap.has_security ())
set_cygwin_privileges (hProcToken);
if (!old_title && GetConsoleTitle (title_buf, TITLESIZE))

View File

@@ -2,7 +2,7 @@
process's environment.
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006 Red Hat, Inc.
2006, 2007 Red Hat, Inc.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
@@ -544,19 +544,19 @@ set_proc_retry (const char *buf)
static void
set_ntea (const char *buf)
{
allow_ntea = (buf && strcasematch (buf, "yes") && wincap.has_security ());
allow_ntea = (buf && strcasematch (buf, "yes"));
}
static void
set_ntsec (const char *buf)
{
allow_ntsec = (buf && strcasematch (buf, "yes") && wincap.has_security ());
allow_ntsec = (buf && strcasematch (buf, "yes"));
}
static void
set_smbntsec (const char *buf)
{
allow_smbntsec = (buf && strcasematch (buf, "yes") && wincap.has_security ());
allow_smbntsec = (buf && strcasematch (buf, "yes"));
}
/* The structure below is used to set up an array which is used to
@@ -749,10 +749,6 @@ environ_init (char **envp, int envc)
if (myself->progname[0])
got_something_from_registry = regopt (myself->progname) || got_something_from_registry;
/* Set ntsec explicit as default, if NT is running */
if (wincap.has_security ())
allow_ntsec = true;
if (!envp)
envp_passed_in = 0;
else

View File

@@ -1575,10 +1575,6 @@ fhandler_base::fsync ()
static int
check_posix_perm (const char *fname, int v)
{
/* Windows 95/98/ME don't support file system security at all. */
if (!wincap.has_security ())
return 0;
/* ntea is ok for supporting permission bits but it doesn't support
full POSIX security settings. */
if (v == _PC_POSIX_PERMISSIONS && allow_ntea)

View File

@@ -1,7 +1,7 @@
/* fhandler_tty.cc
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006 Red Hat, Inc.
2006, 2007 Red Hat, Inc.
This file is part of Cygwin.
@@ -535,8 +535,7 @@ fhandler_tty_slave::open (int flags, mode_t)
from_master_local = to_master_local = NULL;
#ifdef USE_SERVER
if (!wincap.has_security ()
|| cygserver_running == CYGSERVER_UNAVAIL
if (cygserver_running == CYGSERVER_UNAVAIL
|| !cygserver_attach_tty (&from_master_local, &to_master_local))
#endif
{
@@ -1384,11 +1383,8 @@ fhandler_pty_master::setup (bool ispty)
In the future the cygserver may allow access by others. */
#ifdef USE_SERVER
if (wincap.has_security ())
{
if (cygserver_running == CYGSERVER_UNKNOWN)
cygserver_init ();
}
#endif
/* Create synchronisation events */

View File

@@ -191,12 +191,9 @@ frok::child (volatile char * volatile here)
_impure_ptr = &_main_tls->local_clib;
}
if (wincap.has_security ())
{
set_cygwin_privileges (hProcToken);
clear_procimptoken ();
cygheap->user.reimpersonate ();
}
#ifdef DEBUGGING
char c;

View File

@@ -1,7 +1,7 @@
/* grp.cc
Copyright 1996, 1997, 1998, 2000, 2001, 2002, 2003, 2004, 2005
Red Hat, Inc.
Copyright 1996, 1997, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
2007 Red Hat, Inc.
Original stubs by Jason Molenda of Cygnus Support, crash@cygnus.com
First implementation by Gunther Ebert, gunther.ebert@ixos-leipzig.de
@@ -84,15 +84,11 @@ pwdgrp::read_group ()
static char linebuf [200];
char group_name [UNLEN + 1] = "mkgroup";
char strbuf[128] = "";
if (wincap.has_security ())
{
struct __group32 *gr;
cygheap->user.groups.pgsid.string (strbuf);
if ((gr = internal_getgrsid (cygheap->user.groups.pgsid)))
strlcpy (group_name, gr->gr_name, sizeof (group_name));
}
if (myself->uid == UNKNOWN_UID)
strcpy (group_name, "mkpasswd"); /* Feedback... */
snprintf (linebuf, sizeof (linebuf), "%s:%s:%lu:%s",
@@ -101,7 +97,6 @@ pwdgrp::read_group ()
add_line (linebuf);
}
static char NO_COPY pretty_ls[] = "????????::-1:";
if (wincap.has_security ())
add_line (pretty_ls);
}
@@ -467,33 +462,28 @@ getgroups (int gidsetsize, __gid16_t *grouplist)
extern "C" int
initgroups32 (const char *name, __gid32_t gid)
{
int ret;
if (wincap.has_security ())
{
ret = -1;
int ret = -1;
cygheap->user.deimpersonate ();
struct passwd *pw = internal_getpwnam (name);
struct __group32 *gr = internal_getgrgid (gid);
cygsid usersid, grpsid;
if (!usersid.getfrompw (pw) || !grpsid.getfromgr (gr))
{
set_errno (EINVAL);
goto out;
}
else
{
cygsidlist tmp_gsids (cygsidlist_auto, 12);
if (!get_server_groups (tmp_gsids, usersid, pw))
goto out;
if (get_server_groups (tmp_gsids, usersid, pw))
{
tmp_gsids += grpsid;
cygsidlist new_gsids (cygsidlist_alloc, tmp_gsids.count ());
for (int i = 0; i < tmp_gsids.count (); i++)
new_gsids.sids[i] = tmp_gsids.sids[i];
new_gsids.count (tmp_gsids.count ());
cygheap->user.groups.update_supp (new_gsids);
}
ret = 0;
out:
if (wincap.has_security ())
}
}
cygheap->user.reimpersonate ();
syscall_printf ( "%d = initgroups (%s, %u)", ret, name, gid);
return ret;
@@ -516,9 +506,6 @@ setgroups32 (int ngroups, const __gid32_t *grouplist)
return -1;
}
if (!wincap.has_security ())
return 0;
cygsidlist gsids (cygsidlist_alloc, ngroups);
struct __group32 *gr;

View File

@@ -1,6 +1,6 @@
/* passwd.cc: getpwnam () and friends
Copyright 1996, 1997, 1998, 2001, 2002, 2003 Red Hat, Inc.
Copyright 1996, 1997, 1998, 2001, 2002, 2003, 2007 Red Hat, Inc.
This file is part of Cygwin.
@@ -58,19 +58,14 @@ pwdgrp::read_passwd ()
char strbuf[128] = "";
bool searchentry = true;
struct passwd *pw;
if (wincap.has_security ())
{
/* must be static */
static char NO_COPY pretty_ls[] = "????????:*:-1:-1:";
add_line (pretty_ls);
cygsid tu = cygheap->user.sid ();
tu.string (strbuf);
if (myself->uid == ILLEGAL_UID)
searchentry = !internal_getpwsid (tu);
}
else if (myself->uid == ILLEGAL_UID)
searchentry = !internal_getpwuid (DEFAULT_UID);
if (searchentry &&
(!(pw = internal_getpwnam (cygheap->user.name ())) ||
(myself->uid != ILLEGAL_UID &&

View File

@@ -1,6 +1,6 @@
/* sec_helper.cc: NT security helper functions
Copyright 2000, 2001, 2002, 2003, 2004, 2006 Red Hat, Inc.
Copyright 2000, 2001, 2002, 2003, 2004, 2006, 2007 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
@@ -577,8 +577,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
if ((unsigned long) sa_buf % 4)
api_fatal ("Incorrectly aligned incoming SA buffer!");
#endif
if (!wincap.has_security ()
|| !sec_acl (acl, true, true, sid1, sid2, access2))
if (!sec_acl (acl, true, true, sid1, sid2, access2))
return inherit ? &sec_none : &sec_none_nih;
if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))

View File

@@ -1,7 +1,7 @@
/* security.cc: NT security functions
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006 Red Hat, Inc.
2006, 2007 Red Hat, Inc.
Originaly written by Gunther Ebert, gunther.ebert@ixos-leipzig.de
Completely rewritten by Corinna Vinschen <corinna@vinschen.de>
@@ -43,7 +43,8 @@ details. */
#include "cyglsa.h"
#include <cygwin/version.h>
bool allow_ntsec;
/* Set ntsec explicit as default. */
bool allow_ntsec = true;
/* allow_smbntsec is handled exclusively in path.cc (path_conv::check).
It's defined here because of it's strong relationship to allow_ntsec. */
bool allow_smbntsec;
@@ -89,11 +90,6 @@ extract_nt_dom_user (const struct passwd *pw, char *domain, char *user)
extern "C" HANDLE
cygwin_logon_user (const struct passwd *pw, const char *password)
{
if (!wincap.has_security ())
{
set_errno (ENOSYS);
return INVALID_HANDLE_VALUE;
}
if (!pw)
{
set_errno (EINVAL);
@@ -1915,9 +1911,6 @@ static int
set_nt_attribute (HANDLE handle, const char *file,
__uid32_t uid, __gid32_t gid, int attribute)
{
if (!wincap.has_security ())
return 0;
security_descriptor sd;
if ((!handle || get_nt_object_security (handle, SE_FILE_OBJECT, sd))

View File

@@ -388,10 +388,8 @@ void set_cygwin_privileges (HANDLE token);
#define set_process_privilege(p,v) set_privilege (hProcToken, (p), (v))
#define _push_thread_privilege(_priv, _val, _check) { \
HANDLE _token = NULL, _dup_token = NULL; \
if (wincap.has_security ()) \
{ \
_token = (cygheap->user.issetuid () && (_check)) \
HANDLE _dup_token = NULL; \
HANDLE _token = (cygheap->user.issetuid () && (_check)) \
? cygheap->user.token () : hProcToken; \
if (!DuplicateTokenEx (_token, MAXIMUM_ALLOWED, NULL, \
SecurityImpersonation, TokenImpersonation, \
@@ -400,8 +398,8 @@ void set_cygwin_privileges (HANDLE token);
else if (!ImpersonateLoggedOnUser (_dup_token)) \
debug_printf ("ImpersonateLoggedOnUser: %E"); \
else \
set_privilege (_dup_token, (_priv), (_val)); \
}
set_privilege (_dup_token, (_priv), (_val));
#define push_thread_privilege(_priv, _val) _push_thread_privilege(_priv,_val,1)
#define push_self_privilege(_priv, _val) _push_thread_privilege(_priv,_val,0)
@@ -415,6 +413,7 @@ void set_cygwin_privileges (HANDLE token);
CloseHandle (_dup_token); \
} \
}
#define pop_self_privilege() pop_thread_privilege()
/* shared.cc: */

View File

@@ -889,9 +889,6 @@ link (const char *oldpath, const char *newpath)
static int
chown_worker (const char *name, unsigned fmode, __uid32_t uid, __gid32_t gid)
{
if (!wincap.has_security ()) // real chown only works on NT
return 0; // return zero (and do nothing) under Windows 9x
int res = -1;
fhandler_base *fh;
@@ -942,9 +939,6 @@ lchown (const char * name, __uid16_t uid, __gid16_t gid)
extern "C" int
fchown32 (int fd, __uid32_t uid, __gid32_t gid)
{
if (!wincap.has_security ()) // real chown only works on NT
return 0; // return zero (and do nothing) under Windows 9x
cygheap_fdget cfd (fd);
if (cfd < 0)
{
@@ -2162,11 +2156,6 @@ seteuid32 (__uid32_t uid)
bool token_is_internal, issamesid = false;
pw_new = internal_getpwuid (uid);
if (!wincap.has_security () && pw_new)
{
load_registry_hive (pw_new->pw_name);
goto success_9x;
}
if (!usersid.getfrompw (pw_new))
{
set_errno (EINVAL);
@@ -2271,7 +2260,6 @@ seteuid32 (__uid32_t uid)
return -1;
}
success_9x:
cygheap->user.set_name (pw_new->pw_name);
myself->uid = uid;
groups.ischanged = FALSE;
@@ -2334,7 +2322,7 @@ setegid32 (__gid32_t gid)
{
debug_printf ("new egid: %u current: %u", gid, myself->gid);
if (gid == myself->gid || !wincap.has_security ())
if (gid == myself->gid)
{
myself->gid = gid;
return 0;

View File

@@ -42,9 +42,6 @@ cygheap_user::init ()
set_name (GetUserName (user_name, &user_name_len) ? user_name : "unknown");
if (!wincap.has_security ())
return;
DWORD siz;
PSECURITY_DESCRIPTOR psd;
@@ -91,23 +88,19 @@ internal_getlogin (cygheap_user &user)
{
struct passwd *pw = NULL;
if (wincap.has_security ())
{
cygpsid psid = user.sid ();
pw = internal_getpwsid (psid);
}
if (!pw && !(pw = internal_getpwnam (user.name ()))
&& !(pw = internal_getpwuid (DEFAULT_UID)))
debug_printf ("user not found in augmented /etc/passwd");
else
{
cygsid gsid;
myself->uid = pw->pw_uid;
myself->gid = pw->pw_gid;
user.set_name (pw->pw_name);
if (wincap.has_security ())
{
cygsid gsid;
if (gsid.getfromgr (internal_getgrgid (pw->pw_gid)))
{
if (gsid != user.groups.pgsid)
@@ -124,7 +117,6 @@ internal_getlogin (cygheap_user &user)
else
debug_printf ("gsid not found in augmented /etc/group");
}
}
cygheap->user.ontherange (CH_HOME, pw);
}

View File

@@ -16,7 +16,6 @@ static NO_COPY wincaps wincap_unknown = {
chunksize:0,
heapslop:0x0,
is_server:false,
has_security:true,
has_security_descriptor_control:false,
has_ip_helper_lib:false,
has_physical_mem_access:true,
@@ -43,7 +42,6 @@ static NO_COPY wincaps wincap_nt4 = {
chunksize:0,
heapslop:0x0,
is_server:false,
has_security:true,
has_security_descriptor_control:false,
has_ip_helper_lib:false,
has_physical_mem_access:true,
@@ -70,7 +68,6 @@ static NO_COPY wincaps wincap_nt4sp4 = {
chunksize:0,
heapslop:0x0,
is_server:false,
has_security:true,
has_security_descriptor_control:false,
has_ip_helper_lib:true,
has_physical_mem_access:true,
@@ -97,7 +94,6 @@ static NO_COPY wincaps wincap_2000 = {
chunksize:0,
heapslop:0x0,
is_server:false,
has_security:true,
has_security_descriptor_control:true,
has_ip_helper_lib:true,
has_physical_mem_access:true,
@@ -124,7 +120,6 @@ static NO_COPY wincaps wincap_xp = {
chunksize:0,
heapslop:0x0,
is_server:false,
has_security:true,
has_security_descriptor_control:true,
has_ip_helper_lib:true,
has_physical_mem_access:true,
@@ -151,7 +146,6 @@ static NO_COPY wincaps wincap_2003 = {
chunksize:0,
heapslop:0x4,
is_server:true,
has_security:true,
has_security_descriptor_control:true,
has_ip_helper_lib:true,
has_physical_mem_access:false,
@@ -178,7 +172,6 @@ static NO_COPY wincaps wincap_vista = {
chunksize:0,
heapslop:0x4,
is_server:false,
has_security:true,
has_security_descriptor_control:true,
has_ip_helper_lib:true,
has_physical_mem_access:false,
@@ -265,7 +258,8 @@ wincapc::init ()
}
break;
case VER_PLATFORM_WIN32_WINDOWS:
/* This is just preliminary. */
/* I'd be very surprised if this code is ever hit, but it doesn't
hurt to keep it. */
api_fatal ("Windows 95/98/Me are not supported.");
break;
default:

View File

@@ -16,7 +16,6 @@ struct wincaps
DWORD chunksize;
DWORD heapslop;
unsigned is_server : 1;
unsigned has_security : 1;
unsigned has_security_descriptor_control : 1;
unsigned has_ip_helper_lib : 1;
unsigned has_physical_mem_access : 1;
@@ -59,7 +58,6 @@ public:
DWORD IMPLEMENT (chunksize)
DWORD IMPLEMENT (heapslop)
bool IMPLEMENT (is_server)
bool IMPLEMENT (has_security)
bool IMPLEMENT (has_security_descriptor_control)
bool IMPLEMENT (has_ip_helper_lib)
bool IMPLEMENT (has_physical_mem_access)