builtin group from system. Explain why.
* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
* security.h (well_known_builtin_sid): Declare.
LocalFree instead of ::free.
* sec_acl.cc: Throughout replace old ACE flag definitions with current
definitions as used in MSDN man pages.
* security.cc: Ditto.
* fhandler.cc (fhandler_base::open): Make sure file has really been
just created before fixing file permissions. Add S_JUSTCREATED
attribute to set_file_attribute call.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
with default security descriptor and fix descriptor afterwards.
Add S_JUSTCREATED flag to set_file_attribute call.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Call GetSecurityInfo rather than
NtQuerySecurityObject. Explain why. Change error handling accordingly.
(alloc_sd): Skip non-inherited, non-standard entries in ACL if
S_JUSTCREATED attribute is set. Explain why. Minor format fixes.
* security.h (S_JUSTCREATED): New define.
(security_descriptor::operator=): New operator.
error when changing the user account on a standalone Samba server.
Explain why.
* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
(well_known_samba_unix_user_fake_sid): Define.
* security.cc (set_file_sd): Take additional parameter if ownership
should be changed. Restrict requested permissions accordingly.
(set_file_attribute): Accommodate additional parameter to set_file_sd.
* security.h (well_known_samba_unix_user_fake_sid): Declare.
(set_file_sd): Align declaration to above change.
* fhandler_fifo.cc (fhandler_fifo::open): Rework to cause errno to be set to
ENXIO when opening a fifo write/nonblocking.
* environ.cc (ucreqenv): Rename to ucenv. Move code from old ucenv here and
conditionalize it on create_upcaseenv.
(ucenv): Delete.
(environ_init): Fix compiler warning by moving create_upcaseenv test to ucenv.
Don't bother checking for child_proc_info when calling ucenv since it is
assumed to be NULL at the point where the function is called.
* path.cc (symlink_worker): Turn off MS-DOS path warnings when dealing with
devices since the device handler passes in a translated MS-DOS path.
* sec_auth.cc (lsaprivkeyauth): Avoid variable initialization which causes a
compiler error.
* fhandler_netdrive.cc: Update copyright.
from complaining about the very thing we're trying to test.
* ntea.cc (read_ea): Reorganize to avoid a new compiler warning/error.
* sched.cc (sched_rr_get_interval): Ditto.
* select.cc (peek_serial): Ditto.
* libc/rexec.cc (ruserpass): Ditto.
* posix_ipc.cc (ipc_names): Make static to avoid a compiler warning
(and it's the right thing to do anyway).
MAX_DOMAIN_NAME_LEN throughout.
* cyglsa.h (CYG_LSA_MAGIC): New value.
(cyglsa_t): Define username and domain as WCHAR arrays.
* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
appropriate.
(extract_nt_dom_user): Prefer resolving by SID before resolving by
domain\name pair.
(cygwin_logon_user): Don't print cleartext password in debug output.
Change comment.
(get_user_groups): Revert calls to LookupAccountNameW to use NULL
server instead of explicit server name, according to MSDN.
(get_user_local_groups): Ditto.
(get_server_groups): Fetch domain and user name from usersid per
LookupAccountSidW instead of calling extract_nt_dom_user.
(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
instead of calling extract_nt_dom_user.
* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
(privilege_luid): Convert first parameter to PWCHAR.
(privilege_name): Return wchar_t pointer.
(set_privileges): Accommodate debug output.
* security.h (privilege_luid): Change prototype accordingly.
wsa_event.h instead.
* fhandler_socket.cc (NUM_SOCKS): Move to wsa_event.h.
(wsa_events): Move from DLL shared area to cygwin_shared shared
memory. Accommodate throughout.
(socket_serial_number): Ditto.
* fhandler_tape.cc (mt): Ditto.
(mtinfo_init): Remove.
(mt): Define as cygwin_shared->mt.
* flock.cc (FLOCK_PARENT_DIR_ACCESS): Remove.
(FLOCK_INODE_DIR_ACCESS): Move up in file.
(FLOCK_MUTANT_ACCESS): Ditto.
(FLOCK_EVENT_ACCESS): Ditto.
(get_lock_parent_dir): Remove.
(inode_t::inode_t): Call get_shared_parent_dir to get parent dir handle.
Add a "flock-" prefix to file's lock directory name for clarity.
* mtinfo.h (mtinfo_init): Drop declaration.
* net.cc (last_used_bindresvport): Move from DLL shared area to
cygwin_shared shared memory.
(cygwin_bindresvport_sa): Accommodate above change.
* sec_helper.cc (_everyone_sd): Move here from flock.cc.
* security.h (SD_MIN_SIZE): Ditto.
(everyone_sd): Ditto.
* shared.cc (cygwin_shared_area): Remove.
(cygwin_shared_h): New handle.
(get_shared_parent_dir): New static function.
(shared_name): Drop session_local argument. Call get_shared_parent_dir
here. Add cygwin-shared subdir to object name.
(offsets): Reinstantiate SH_CYGWIN_SHARED member.
(open_shared): Revert change from 2007-03-29 for systems supporting
SeCreateGlobalPrivilege.
(shared_info::initialize): Call mtinfo's initialize here.
(memory_init): Drop call to mtinfo_init.
* shared_info.h (SHARED_INFO_CB): Accommodate change to shared_info.
(CURR_SHARED_MAGIC): Ditto.
(class shared_info): Add members for global socket and tape info
sharing.
(enum shared_locations): Reinstantiate SH_CYGWIN_SHARED.
(get_shared_parent_dir): Declare.
(shared_name): Drop session_local argument from declaration.
* wsa_event.h: New file. Move definitions of NUM_SOCKS and
struct wsa_event here.
(cwcsdup1): New function.
* cygheap.h (cygheap_user::get_windows_id): New method returning PWCHAR.
(cwcsdup): Declare.
(cwcsdup1): Declare.
* registry.cc (get_registry_hive_path): Use WCHAR instead of char
throughout.
(load_registry_hive): Ditto.
* registry.h (get_registry_hive_path): Change declaration accordingly.
(load_registry_hive): Ditto.
* sec_helper.cc (cygpsid::string): New method returning PWCHAR.
* security.h (cygpsid::string): Declare.
* syscalls.cc (seteuid32): Convert local name var to WCHAR.
* uinfo.cc (cygheap_user::env_userprofile): Convert local name buffers
to WCHAR. Call sys_wcstombs_alloc to generate puserprof buffer.
* winsup.h: Fix comment.
(NT_MAX_PATH): New definition for maximum internal path length.
Use throughout where appropriate.
* include/limits.h (PATH_MAX): Set to 4096 as on Linux.
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.
* mmap.cc (mlock): Accommodate parameter change in call to
push_thread_privilege.
(munlock): Ditto.
* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
(NtAdjustPrivilegesToken): Declare.
* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
(privilege_luid): Take job of privilege_luid_by_name, using new
cygpriv.
(privilege_luid_by_name): Remove.
(privilege_name): Accommodate new cygpriv array.
(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
Accommodate changes to privilege_name.
(set_cygwin_privileges): Simplify. Don't try to set
SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
* security.cc (sys_privs): Reorder to match numerical privilege order.
Use real privilege values as defined in security.h.
(get_system_priv_list): Drop unused grp_list argument. Create
list of privileges according to new wincapc::max_sys_priv value.
(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
Make priv a local value instead of a pointer.
(create_token): Accommodate parameter change in call to
push_self_privilege.
(lsaauth): Ditto.
(check_access): Use privilege values directly instead of calling
privilege_luid.
* security.h: Define real privilege values.
(cygpriv_idx): Remove.
(privilege_luid): Change declaration.
(privilege_luid_by_name): Drop declaration.
(set_privilege): Change declaration.
(set_process_privilege): Drop definition.
(_push_thread_privilege): Accomodate new set_privilege parameters.
* wincap.h (wincapc::max_sys_priv): New element.
* wincap.cc: Implement above element throughout.
(wincap_2000sp4): New wincaps structure.
(wincap_xpsp1): Ditto.
(wincap_xpsp2): Ditto.
(wincapc::init): Use new wincaps.
(wincapc::max_sys_priv): New element.
shared_prefix depending only on terminal service capability.
* dcrt0.cc (dll_crt0_1): Don't call set_cygwin_privileges here.
* fhandler_fifo.cc (fhandler_fifo::open): Create the mutex as global
object.
* posix_ipc.cc (ipc_mutex_init): Use cygheap->shared_prefix.
(ipc_cond_init): Ditto.
* sec_helper.cc (privilege_name): Make static. Use LookupPrivilegeName
directly to be independent of the state of cygheap.
(set_privilege): Take a LUID as parameter instead of an index value.
Only print debug output in case of failure.
(set_cygwin_privileges): Add comment. Use LookupPrivilegeValue to
get privilege LUIDs.
(init_global_security): Call set_cygwin_privileges here.
* security.h (privilege_name): Drop declaration.
(set_privilege): Declare according to above change.
(set_process_privilege): Call privilege_luid to get LUID.
(_push_thread_privilege): Ditto.
* shared.cc (open_shared): Add comment. On systems supporting the
SeCreateGlobalPrivilege, try to create/open global shared memory first.
Fall back to local shared memory if that fails.
* thread.cc (semaphore::semaphore): Use cygheap->shared_prefix.
* wincap.h (wincapc::has_create_global_privilege): New element.
* wincap.cc: Implement above element throughout.
user information on NT4.
* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
considerations.
(security_descriptor::realloc): Ditto.
(security_descriptor::free): Ditto.
* security.cc (get_reg_security): Reinstantiate.
(get_nt_object_security): Revert to using NtQuerySecurityObject.
* security.h (class security_descriptor): Drop type member.
Accommodate throughout.
(security_descriptor::size): Constify.
(security_descriptor::copy): Ditto.
* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
(well_known_this_org_sid): New well known sid.
(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
(mandatory_medium_integrity_sid): New well known sid.
(mandatory_high_integrity_sid): Ditto.
(mandatory_system_integrity_sid): Ditto.
(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY. Allow all
authorities fitting in a UCHAR.
* security.cc (get_token_group_sidlist): Always add the local
group to the token. Add comment. Add "This Organization" group
if available in incoming group list.
(get_server_groups): Only add world and authenticated users groups
if not already in list.
(create_token): Add matching mandatory integrity SID to group list
on systems supporting Mandatory Integrity Control.
* security.h (well_known_this_org_sid): Define.
(mandatory_medium_integrity_sid): Define.
(mandatory_high_integrity_sid): Define.
(mandatory_system_integrity_sid): Define.
* wincap.h: Define has_mandatory_integrity_control throughout.
* wincap.cc: Ditto.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
Set type.
(security_descriptor::realloc): Handle the case that psd has been
allocated using LocalAlloc. Set type.
(security_descriptor::free): Ditto.
* security.cc (get_nt_attribute): Remove.
(get_reg_security): Remove.
(get_nt_object_security): Use GetSecurityInfo which handles all
securable objects.
(get_nt_object_attribute): Remove.
(get_object_attribute): Call get_nt_object_security instead of
get_nt_object_attribute.
(get_file_attribute): Ditto.
(check_registry_access): Call get_nt_object_security instead of
get_reg_security.
* security.h (cygpsid::operator PSID): Make method const, not the
result.
(class security_descriptor): Add type member. Accomodate throughout.
(security_descriptor::copy): New method.
(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
everywhere. Leave some thread.cc stuff alone for now.
* cygtls.h: Kludge some definitions to avoid including a problematic windows
header.
(_cygtls::_myfault): New entry.
(_cygtls::_myfault_errno): Ditto.
(_cygtls::fault_guarded): New function.
(_cygtls::setup_fault): Ditto.
(_cygtls::return_from_fault): Ditto.
(_cygtls::clear_fault): Ditto.
(myfault): New class.
* exceptions.cc (handle_exceptions): Handle case of guarded fault in system
routine.
* gendef: Add another entry point for setjmp that the compiler doesn't know
about and won't complain about.
* gentls_offsets: Just include windows.h rather than kludging a HANDLE def.
* miscfuncs.cc (check_null_str): Delete.
(check_null_empty_str): Ditto.
(check_null_empty_str_errno): Ditto.
(check_null_str_errno): Ditto.
(__check_null_invalid_struct): Ditto.
(__check_null_invalid_struct_errno): Ditto.
(__check_invalid_read_ptr): Ditto.
(__check_invalid_read_ptr_errno): Ditto.
(dummytest): New function.
(check_iovec_for_read): Delete.
(chec_iovec): Rename from check_iovec_for_write. Take a read/write parameter.
* tlsoffsets.h: Regenerate.
* winsup.h: Remove check_* declarations.
(check_iovec_for_read): Delete declaration. Turn into a define instead.
(check_iovec_for_write): Ditto.
(check_iovec): New declaration.
* thread.h: Use ifdef guard name consistent with other header files.
allocate dynamically.
(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
* sec_acl.cc (setacl): Allocate acl dynamically.
* sec_helper.cc (sec_acl): Add test for alignment of acl when
DEBUGGING is defined.
(__sec_user): Same for sa_buf.
* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
and allocate dynamically.
(alloc_sd): Allocate acl dynamically.
security.h (sec_user_nih): Change first parameter to
SECURITY_ATTRIBUTES *.
(sec_user): Ditto.
* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
dynamically.
* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
and allocate dynamically.
* winbase.h (ilockincr): Mark first argument of inline assembly as
earlyclobber.
(ilockdecr): Ditto.
* cygheap.h (cygheap_user::curr_primary_token): New member.
(cygheap_user::primary_token): New method.
(cygheap_user::deimpersonate): Always revert to processes'
impersonation token.
(cygheap_user::reimpersonate): Set processes' or setuid token as
necessary.
(cygheap_user::has_impersonation_tokens): Look for curr_primary_token
value.
(cygheap_user::close_impersonation_tokens): Close curr_primary_token
here if necessary. Don't reset token values to NO_IMPERSONATION since
that's done in uinfo_init anyway.
(init_cygheap::luid): New LUID array keeping privilege LUIDs.
* cygtls.cc (_cygtls::init_thread): Call cygheap->user.reimpersonate.
* dcrt0.cc (hProcToken): New global variable to keep process token.
(hProcImpToken): Ditto for process impersonation token.
(dll_crt0_0): Open process token here once. Duplicate to create
hProcImpToken.
(dll_crt0_1): Call set_cygwin_privileges.
* environ.cc (allow_ntea): Drop duplicate declaration.
(allow_smbntsec): Ditto.
(set_traverse): Only set allow_traverse here.
(environ_init): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Drop call to
enable_restore_privilege.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::facl): Ditto.
* fork.cc (fork_child): Move call to cygheap->user.reimpersonate after
syn with parent. Call set_cygwin_privileges.
* grp.cc (internal_getgroups): Use hProcImpToken instead of opening
process token.
* path.cc (fs_info::update): Bypass traverse checking when retrieving
volume information using push/pop_thread_privileges.
* registry.cc (load_registry_hive): Drop setting restore privilege
since it's already set if available.
* sec_helper.cc: Include cygtls.h.
(cygpriv): Privilege string array.
(privilege_luid): New function, evaluate LUID from cygpriv_idx.
(privilege_luid_by_name): New function, evaluate LUID from privilege
string.
(privilege_name): New function, evaluate privilege string from
cygpriv_idx.
(set_privilege): New static function called by set_process_privilege
and set_thread_privilege. Call privilege_luid to get privilege LUID.
Fix bug in return value evaluation. Improve debug output.
(set_cygwin_privileges): New function.
(set_process_privilege): Remove.
(enable_restore_privilege): Remove.
* security.cc (allow_traverse): New global variable.
(sys_privs): Change type to cygpriv_idx and store privilege indices
instead of strings.
(SYSTEM_PRIVILEGES_COUNT): Renamed from SYSTEM_PERMISSION_COUNT.
(get_system_priv_list): Don't use numerical constant in malloc call.
Use privilege_luid to get privilege LUIDs.
(get_priv_list): Call privilege_luid_by_name to get LUIDs. Improve
inner privilege LUID comparison loop.
(create_token): Enable create token privilege using
push/pop_self_privileges. Use hProcToken instead of opening process
token. Use default DACL when duplicating token.
(subauth): Enable tcb privilege using push/pop_self_privileges.
Use sec_none instead of homw made security attributes when duplicating
token.
(check_file_access): Don't duplicate access token, use active
impersonation token as is.
* security.h (enum cygpriv_idx): New enumeration type enumerating
possible privileges.
(privilege_luid): Declare new function.
(privilege_luid_by_name): Ditto.
(privilege_name): Ditto.
(allow_traverse): Declare.
(set_privilege): Declare function.
(set_process_privilege): Define as macro.
(enable_restore_privilege): Remove declaration.
(_push_thread_privilege): Define macro.
(push_thread_privilege): Ditto.
(pop_thread_privilege): Ditto.
(pop_self_privilege): Ditto.
* spawn.cc (spawn_guts): Use cygheap->user.primary_token instead of
cygheap->user.token.
* syscalls.cc (statvfs): Bypass traverse checking when retrieving
volume information using push/pop_thread_privileges. Rearrange code
to simplify push/pop bracketing.
(seteuid32): Use hProcToken instead of opening process token. Call
cygheap->user.deimpersonate instead of RevertToSelf. Create
impersonation token from primary internal or external token. Set
cygheap->user.curr_primary_token and cygheap->user.current_token
privileges once here. Drop "failed" and "failed_ptok" labels.
Drop setting DefaultDacl of process token.
(setegid32): Use hProcToken and hProcImpToken instead of opening
process token. Always reimpersonate afterwards.
* uinfo.cc (cygheap_user::init): Use hProcToken instead of opening
process token.
(internal_getlogin): Ditto. Set hProcImpToken, too.
(uinfo_init): Initialize cygheap->user.curr_primary_token.
* winsup.h (hProcToken): Declare.
(hProcImpToken): Declare.
* dir.cc (mkdir): Change set_file_attribute call to indicate that
NT security isn't used.
* fhandler.cc (fhandler_base::open_9x): New method, created from
fhandler_base::open.
(fhandler_base::open): Rearrange to use NtCreateFile instead of
CreateFile.
* fhandler.h (enum query_state): Redefine query_null_access to
query_stat_control. query_null_access isn't allowed in NtCreateFile.
(fhandler_base::open_9x): Declare.
* fhandler_disk_file.cc (fhandler_base::fstat_fs): Use
query_stat_control first, query_read_control if that fails.
(fhandler_disk_file::fchmod): Call enable_restore_privilege before
trying to open for query_write_control. Don't fall back to
opening for query_read_control.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::facl): Only request restore privilege and query
access necessary for given cmd.
* fhandler_raw.cc (fhandler_dev_raw::open): Call fhandler_base::open
instead of opening device here.
* ntdll.h (NtCreateFile): Declare.
* path.cc (symlink_worker): Change set_file_attribute call to indicate
that NT security isn't used.
* sec_acl.cc (getacl): Fix bracketing.
* sec_helper.cc (enable_restore_privilege): New function.
* security.cc (str2buf2uni_cat): New function.
(write_sd): Don't request restore permission here.
* security.h (set_process_privileges): Drop stale declaration.
(str2buf2uni): Declare.
(str2buf2uni_cat): Declare.
(enable_restore_privilege): Declare.
* syscalls.cc (fchown32): Return immediate success on 9x.
(well_known_*_sid): Change type to cygpsid.
(cygsid::init): Delete declaration.
* sec_helper.cc (well_known_*_sid): Define using above SID macro.
(cygsid::init): Delete.
* dcrt0.cc (dll_crt0_0): Do not call cygsid::init.
* security.cc (get_user_local_groups): Change the second argument type
to cygpsid.
throughout.
* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity and edit
some comments.
* cygheap.h (init_cygheap::ctty): Add new element.
* devices.in (device::parse): Remove special handling for /dev/tty.
* devices.cc: Regenerate.
* dtable.cc (build_fh_pc): Don't reset /dev/tty device. Let the device opener
do that.
* fhandler_termios.cc (tty_min::set_ctty): Redefine to _pinfo class.
* fhandler_tty.cc (fhandler_tty_common::set_close_on_exec): Avoid setting
noninherit flag for ctty.
* tty.h: Move BOOLs to bools.
(tty_min::set_ctty): Redeclare to _pinfo class.
* pinfo.cc (_pinfo::set_ctty): Define new function based on tty_min::set_ctty.
Change first argument from tty number to tty_min class.
* pinfo.h (_pinfo::set_ctty): Declare.
* fhandler_console.cc (fhandler_console::get_tty_stuff): Reflect move of
set_ctty to _pinfo class.
* fhandler_tty.cc (fhandler_tty_slave::open): Treat FH_TTY specially. Use
saved cygheap value if it exists. Otherwise convert to real device and save on
first time open.
(fhandler_tty_common::dup): Potentially set controlling tty if duping a slave
tty.
* syscalls.cc (setsid): Close controlling tty in cygheap.
* tty.cc: Change some BOOLs to bools.
set_security_attribute appropriately.
* external.cc (cygwin_internal): Ditto.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_socket.cc (fhandler_socket::bind): Ditto.
* path.cc (symlink_worker): Ditto.
* sec_acl.cc (setacl): Ditto. Call read_sd appropriately.
(getace): Ditto.
* sec_helper.cc (security_descriptor::malloc): New method.
(security_descriptor::realloc): New method.
(security_descriptor::free): New method.
* security.cc (read_sd): Get security_descriptor as parameter instead
of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
Allocate the security_descriptor buffer according to size returned by
a call to GetFileSecurity. Return buffer size on success.
(write_sd): Get security_descriptor as parameter instead of
PSECURITY_DESCRIPTOR and a size.
(get_nt_attribute): Use local security_descriptor.
(get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY.
Allocate security_descriptor buffer according to size returned by
a call to RegGetKeySecurity.
(alloc_sd): Make static. Get security_descriptor as parameter instead
of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
(set_security_attribute): Get security_descriptor as parameter instead
of PSECURITY_DESCRIPTOR and a size.
(set_nt_attribute): Use local security_descriptor.
(check_file_access): Ditto.
* security.h: Add class security_descriptor.
(read_sd): Change declaration to get security_descriptor as parameter
instead of PSECURITY_DESCRIPTOR and a size.
(write_sd): Ditto.
(set_security_attribute): Ditto.
(alloc_sd): Remove declaration.
* thread.cc (semaphore::semaphore): Use local security_descriptor. Call
set_security_attribute appropriately.
* uinfo.cc (cygheap_user::init): Make sure the current user appears
in the default DACL. Rearrange to decrease the indentation levels.
Initialize the effec_cygsid directly.
(internal_getlogin): Do not reinitialize myself->gid. Open the process
token with the required access.
* cygheap.h (class cygheap_user): Delete members pid and saved_psid.
Create members effec_cygsid and saved_cygsid.
(cygheap_user::set_sid): Define inline.
(cygheap_user::set_saved_sid): Ditto.
(cygheap_user::sid): Modify.
(cygheap_user::saved_sid): Modify.
* cygheap.cc (cygheap_user::set_sid): Delete.
(cygheap_user::set_saved_sid): Ditto.
* sec_helper.cc (sec_acl): Set the correct acl size.
* autoload.cc (FindFirstFreeAce): Add.
* security.h: Define ACL_DEFAULT_SIZE.
* devices.gperf: New file.
* devices.shilka: New file.
* cygwin-gperf: New file.
* cygwin-shilka: New file.
* fhandler_fifo.cc: New file.
* fhandler_nodevice.cc : New file. Reorganize headers so that path.h precedes
fhandler.h throughout. Remove device argument and unit arguments from fhandler
constructors throughout. Remove pc arguments to fhandler functions and use
internal pc element instead, throughout. Use dev element in pc throughout.
Use major/minor elements rather than units and device numbers previously in
fhandler class. Use correct methods for fhandler file names rather than
directly accessing file name variables, throughout.
* Makefile.in (DLL_OFILES): Add devices.o, fhandler_fifo.o
* dcrt0.cc (dll_crt0_1): Call device::init.
* devices.h: Renumber devices based on more Linux-like major/minor numbers.
Add more devices. Declare standard device storage.
(device): Declare struct.
* dir.cc (opendir): Use new 'build_fh_name' to construct a fhandler_* type.
* dtable.cc (dtable::get_debugger_info): Ditto.
(cygwin_attach_handle_to_fd): Ditto.
(dtable::release): Remove special FH_SOCKET case in favor of generic
"need_fixup_before" test.
(dtable::init_std_file_from_handle): Use either build_fh_dev or build_fh_name
to build standard fhandler.
(dtable::build_fh_name): Renamed from dtable::build_fhandler_from_name. Move
out of dtable class. Don't accept a path_conv argument. Just build it here
and pass it to:
(build_fh_pc): Renamed from dtable::build_fhandler. Move out of dtable class.
Use intrinsic device type in path_conv to create new fhandler.
(build_fh_dev): Renamed from dtable::build_fhandler. Move out of dtable class.
Simplify arguments to just take new 'device' type and a name. Just return
pointer to fhandler rather than trying to insert into dtable.
(dtable::dup_worker): Accommodate above build_fh name changes.
(dtable::find_fifo): New (currently broken) function.
(handle_to_fn): Use strechr for efficiency.
* dtable.h: Reflect above build_fh name changes and argument differences.
(fhandler_base *&operator []): Return self rather than copy of self.
* fhandler.cc (fhandler_base::operator =): Use pc element to set normalized
path.
(fhandler_base::set_name): Ditto.
(fhandler_base::raw_read): Use method to access name.
(fhandler_base::write): Correctly use get_output_handle rather than get_handle.
(handler_base::device_access_denied): New function.
(fhandler_base::open): Eliminate pc argument and use pc element of
fhandler_base throughout.
(fhandler_base::fstat): Detect if device is based in filesystem and use
fstat_fs to calculate stat, if so.
(fhandler_base::fhandler_base): Eliminate handling of file names and, instead,
just free appropriate component from pc.
(fhandler_base::opendir): Remove path_conv parameter.
* fhandler.h: Remove all device flags.
(fhandler_base::pc): New element.
(fhandler_base::set_name): Change argument to path_conv.
(fhandler_base::error): New function.
(fhandler_base::exists): New function.
(fhandler_base::pc_binmode): New function.
(fhandler_base::dev): New function.
(fhandler_base::open_fs): New function.
(fhandler_base::fstat_fs): New function.
(fhandler_base::fstat_by_name): New function.
(fhandler_base::fstat_by_handle): New function.
(fhandler_base::isfifo): New function.
(fhandler_base::is_slow): New function.
(fhandler_base::is_auto_device): New function.
(fhandler_base::is_fs_special): New function.
(fhandler_base::device_access_denied): New function.
(fhandler_base::operator DWORD&): New operator.
(fhandler_base::get_name): Return normalized path from pc.
(fhandler_base::get_win32_name): Return windows path from pc.
(fhandler_base::isdevice): Renamed from is_device.
(fhandler_base::get_native_name): Return device format.
(fhandler_fifo): New class.
(fhandler_nodevice): New class.
(select_stuff::device_specific): Remove array.
(select_stuff::device_specific_pipe): New class element.
(select_stuff::device_specific_socket): New class element.
(select_stuff::device_specific_serial): New class element.
(select_stuff::select_stuff): Initialize new elements.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Move to base class
from fhandler_disk_file.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_disk_file::open): Move most functionality into
fhandler_base::open_fs.
(fhandler_base::open_fs): New function.
(fhandler_disk_file::close): Move most functionality into
fhandler_base::close_fs.
(fhandler_base::close_fs): New function.
* fhandler_mem.cc (fhandler_dev_mem::open): Use device name in debugging
output.
* fhandler_socket.cc (fhandler_socket::set_connect_secret): Copy standard
urandom device into appropriate place.
(fhandler_socket::accept): Reflect change in fdsock return value.
* fhandler_tty.cc: See "throughouts" above.
* net.cc: Accommodate fdsock change throughout.
(fdsock): Return success or failure, accept fd argument and device argument.
* path.cc (symlink_info::major): New element.
(symlink_info::minor): New element.
(symlink_info::parse_device): Declare new function.
(fs_info::update): Accommodate changes in path_conv class.
(path_conv::fillin): Ditto.
(path_conv::return_and_clear_normalized_path): Eliminate.
(path_conv::set_normalized_path): New function.
(path_conv::path_conv): Set info in dev element. Use path_conv methods Check
for FH_FS rather than FH_BAD to indicate when to fill in filesystem stuff.
where appropriate rather than direct access. Use set_normalized_path to set
normalized path.
(windows_device_names): Eliminate.
(get_dev): Ditto.
(get_raw_device_number): Ditto.
(get_device_number): Ditto.
(win32_device_name): Call new device name parser to do most of the heavy
lifting.
(mount_info::conv_to_win32_path): Fill in dev field as appropriate.
(symlink_worker): Handle new device files.
(symlink_info::check): Ditto.
(symlink_info::parse_device): Define new function.
* path.h (executable_states): Move here from fhandler.h.
(fs_info): Rename variables to *_storage and create methods for accessing same.
(path_conv): Add dev element, remove devn and unit and adjust inline methods to
accommodate.
(set_normalized_path): Declare new function.
* pinfo.cc (_pinfo::commune_recv): Add broken support for handling fifos.
(_pinfo::commune_send): Ditto.
* pipe.cc (fhandler_pipe::close): check for existence of handle before closing
it.
(handler_pipe::create): Rename from make_pipe. Change arguments to accept
fhandler_pipe array. Accommodate fifos.
(pipe): Rework to deal with fhandler_pipe::create changes.
(_pipe): Ditto.
* select.cc: Use individual device_specific types throughout rather than
indexing with obsolete device number.
(set_bits): Use is_socket call rather than checking device number.
* shared_info.h (CURR_MOUNT_MAGIC): Update.
(conv_to_win32_path): Reflect addition of device argument.
* syscalls.cc (mknod_worker): New function.
(open): Use build_fh_name to build fhandler.
(chown_worker): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(chmod_device): New function.
(chmod): Detect if this is an 'auto' device rather than an on-filesystem device
and handle appropriately. Use chmod_device to set mode of in-filesystem
devices.
(stat_worker): Eliminate path_conv argument. Call build_fh_name to construct
fhandler. Use fh->error() rather than pc->error to detect errors in fhandler
construction.
(access_worker): New function pulled from access. Accommodate in-filesystem
devices.
(access): Use access_worker.
(fpathconf): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(mknod_worker): New function.
(mknod32): New function.
(chroot): Free normalized path -- assuming it was actually cmalloced.
* tty.cc (create_tty_master): Tweak for new device class.
(tty::common_init): Ditto.
* winsup.h (stat_worker): Remove.
(symlink_worker): Declare.
* exceptions.cc (set_process_mask): Just call sig_dispatch_pending and don't
worry about pending_signals since sig_dispatch_pending should always do the
right thing now.
(sig_handle): Reorganize SIGCONT handling to more closely conform to SUSv3.
* pinfo.h: Move __SIG enum to sigproc.h.
(PICOM_FIFO): New enum element.
(_pinfo): Remove 'thread2signal' stuff throughout class.
(_pinfo::commune_send): Make varargs.
(_pinfo::sigtodo): Eliminate.
(_pinfo::thread2signal): Ditto.
* signal.cc (kill_worker): Eliminate call to setthread2signal.
* sigproc.cc (local_sigtodo): Eliminate.
(getlocal_sigtodo): Ditto.
(sigelem): New class.
(pending_signals): New class.
(sigqueue): New variable, start of sigqueue linked list.
(sigcatch_nonmain): Eliminate.
(sigcatch_main): Eliminate.
(sigcatch_nosync): Eliminate.
(sigcomplete_nonmain): Eliminate.
(pending_signals): Eliminate.
(sig_clear): Call signal thread to clear pending signals, unless already in
signal thread.
(sigpending): Call signal thread to get pending signals.
(sig_dispatch_pending): Eliminate use of pending_signals and just check
sigqueue.
(sigproc_terminate): Eliminate all of the obsolete semaphore stuff. Close
signal pipe handle.
(sig_send): Eliminate all of the obsolete semaphore stuff and use pipe to send
signals.
(getevent): Eliminate.
(pending_signals::add): New function.
(pending_signals::del): New function.
(pending_signals::next): New function.
(wait_sig): Eliminate all of the obsolete semaphore stuff. Use pipe to
communicate and maintain a linked list of signals.
* sigproc.h: Move __SIG defines here. Add __SIGPENDING.
(sig_dispatch_pending): Remove "C" specifier.
(sig_handle): Accept a mask argument.
* thread.cc: Remove signal handling considerations throughout.
* security.h (__sec_user): Add "access2" argument.
(sec_acl): Add "original" and "access2" arguments.
(sec_user): Add "sid2" and "access2" argument. Remove dependence on
allow_ntsec.
(sec_user_nih): Ditto.
* sec_helper.cc (__sec_user): Add "has_security" test.
Call sec_acl with new arguments, letting it handle original_sid.
(sec_acl): Add "original" and "access2" arguments. Handle original_sid
depending on flag but avoiding duplicates. Use "access2" for sid2.
* pinfo.cc (pinfo::init): Use security attributes created by sec_user
when creating the mapping.
* security.cc (create_token): Adjust arguments in call to sec_acl.
Call sec_user instead of __sec_user.
* syscall.cc (seteuid32): Adjust arguments in call to sec_acl. Remove
now unnecessary test. Remove useless conversions to psid.
* dcrt0.cc (dll_crt0_1): Call cygsid::init before pinfo_init.