Commit Graph

12062 Commits

Author SHA1 Message Date
Corinna Vinschen 166913fb23 Cygwin: authentication: Always initialize domain info
...before calling any of its method.  It's no safe bet that
it's already initialized when calling s4uauth and adding it
to load_user_profile certainly doesn't hurt.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen bffd21ad80 Cygwin: load_user_profile: use local pointer when appropriate
dnsdomain does not have to be a copy of the domain, a pointer into
cygheap is sufficient.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen 7ba9d12a72 Cygwin: load_user_profile: fix use-after-free issue
In case of a local machine account login, pi.lpProfilePath points
to the buffer returned by NetUserGetInfo, but NetApiBufferFree
is called prior to calling LoadUserProfileW.  Fix by copying over
usri3_profile to the local userpath buffer, just as in the AD case.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 21:08:44 +01:00
Corinna Vinschen 6aef5a46d7 Cygwin: load_user_profile: temporarily extend debug output
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 16:05:33 +01:00
Corinna Vinschen f18a161cff Cygwin: s4uauth: drop fallback to MsV1_0 if Kerberos fails
This never really worked.  While at it, restructure code to
do common stuff only in one spot.  Improve debug output.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 16:04:51 +01:00
Corinna Vinschen 379598dd67 Cygwin: Disable creating case-sensitive folders by default
Inspecting the content of case-sensitive directories
on remote machines results in lots of errors like
disappearing diretories and files, file not found, etc.

This is not feasible as default behaviour

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-03-01 14:38:36 +01:00
Corinna Vinschen 5d9ac1291d Cygwin: load_user_profile: chack if we got a valid, known domainname
...otherwise we may suffer a SEGV because dnsdomain is NULL.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-28 23:17:55 +01:00
Corinna Vinschen 495ae41891 Cygwin: wincap: fix copy/paste bug
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-28 16:55:39 +01:00
Corinna Vinschen 639645a2fd Cygwin: timerfd: add a sleep when being debugged
A sleep is required on Windows 10 64 bit only before calling
RegisterClassW in the timerfd thread, and only when running
under strace.  One of the child processes inheriting the timerfd
descriptor will get a STATUS_FLOAT_INEXACT_RESULT exception inside
of msvcrt.dll.  It's apparently some timing problem.  It occurs
in 4 out of 5 runs under strace only.  WOW64 and Windows 7 64 bit
don't have this problem.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-26 10:46:05 +01:00
Corinna Vinschen 5a483b6bca Cygwin: timerfd: reduce size of shared mem region to a single page
The share section was created using the PAGE_SIZE constant,
but PAGE_SIZE is 64K.  Fix that by using wincap.page_size()
instead, which returns the desired actual page size of 4K.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-26 10:19:08 +01:00
Corinna Vinschen 3b3ba558e9 Cygwin: use NULL security descriptor in InitializeObjectAttributes
Using sec_none{_nih} is just a roundabout way to specify a
NULL SD.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-25 21:06:15 +01:00
Corinna Vinschen 98afd02be3 Cygwin: timerfd: rework implementation
timerfd_tracker and timerfd_shared classes:

- Just because handles are shared, we don't have to store them in
  shared memory.  Move share handles into timerfd_tracker class.

- Drop shared instance counter since it's not required anymore.
  timerfd_shared only stores the actual timer data.

- Drop timerfd_shared::create, just set clock id.

- Drop timerfd_shared::dtor, it's not required anymore.

- Drop timerfd_tracker::close, just call dtor where required.

- Rename timerfd_tracker::increment_instances to timerfd_tracker::dup.
  It's the only reason it exists...

- timerfd_tracker::dtor now checks the non-shared pointers for NULL
  before attempting to close them.

- timerfd_tracker::dtor handles decrementing the local instance count
  by itself.

- Add a method timerfd_tracker::init_fixup_after_fork_exec to set
  non-shared pointers to NULL.  Together with the dtor patches it
  fixes a problem with close_on_exec timerfd descriptors.

- Fix a bug in handling the thread synchronization event.  It's
  actually nice to create it before using it...

- Drop using sec_none{_nih} in InitializeObjectAttributes.  It's
  an unnecessary roundabout route just to get a NULL pointer.

- Slightly rework timechange window handling.

- Add more comments to explain what happens.

fhandler_timerfd:

- Drop cnew macro, it just hides what happens.

- fhandler_timerfd::fixup_after_exec now calls
  timerfd_tracker::init_fixup_after_fork_exec first, so a subsequent
  call to timerfd_tracker::dtor only works on valid handles.

- fhandler_timerfd::close directly calls timerfd_tracker::dtor now.

- Drop dtor call in fhandler_timerfd destructor.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-25 21:01:32 +01:00
Corinna Vinschen a4e2eb6ba3 Cygwin: timerfd: fix shared memory allocation in fork/exec
timerfd_tracker::fixup_after_fork_exec always tries to restore
the shared timer region at the same address as in the parent.
This is entirely unnecessary and wasn't intended, rather some
kind of copy/paste thinko.  Fix that.  Print NtMapViewOfSection
status code in api_fatal on failure for debugging.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-24 20:23:34 +01:00
Corinna Vinschen aeaa051f3b Cygwin: POSIX timers: Fix timer values returned for unarmed timer
The "optimized" condition to recognize an unarmed timer was plain
wrong.  Replace it by checking the stored it_value against 0.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-24 10:12:03 +01:00
Corinna Vinschen f3be186911 Cygwin: Add 3.0.2 release file
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 23:07:42 +01:00
Corinna Vinschen 0fb41d48aa Cygwin: timerfd: fix select always returning immediately
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 23:02:44 +01:00
Corinna Vinschen bcb33dc4f0 Cywin: user profile: unload impersonation user profile on exit
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 21:06:12 +01:00
Corinna Vinschen dd3730ed9c Cygwin: seteuid: allow inheriting impersonation user profile handle
The child process needs access to the handle to be able to
unload it when switching user context.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 20:48:59 +01:00
Corinna Vinschen 8eee25241e Cygwin: user profile: add debug output to unload_user_profile
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 20:46:48 +01:00
Corinna Vinschen 71b8777a71 Cygwin: user profile: Make an effort to unload unused user profiles
Does this work?  There's not much feedback given.

TODO: We might want to try unloading the user profile at process
exit as well, FWIW.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:30:44 +01:00
Corinna Vinschen 331653a215 Cygwin: cygheap: drop unnecessary code closing curr_primary_token
curr_primary_token is either NO_IMPERSONATION or the external_token
or the internal_token, so it's never required to be closed by itself.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:29:42 +01:00
Corinna Vinschen 9db6048c0f Cygwin: cygheap: better comment impersonation tokens
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:28:12 +01:00
Corinna Vinschen 13b1f9c0d1 Cygwin: seteuid32: don't use INVALID_HANDLE_VALUE
NULL is the natural state of an unused handle

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:24:05 +01:00
Corinna Vinschen 322ab51659 Cygwin: user profile: fetch roaming profile path via LDAP
Commit 649911fb40 avoids the
calls to NetUserGetGroups and NetUserGetLocalGroups since
these can take a lot of time.  The same problem potentially
occurs when loading the user profile.  The code fetches
the roaming profile path calling NetUserGetInfo, which also
can be rather slow.

To avoid this problem, fetch the profile patch using LDAP.
Also, don't bail out early if the user's registry hive already
exists.  This may result in outdated information.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-23 17:22:44 +01:00
Corinna Vinschen 649911fb40 Cygwin: get_user_groups: fetch a user's group list from identification token
NetUserGetGroups and NetUserGetLocalGroups sometimes take a lot of time
(up to more than 2 mins) for no apparent reason.

Call s4uauth to generate an identification token for the user and fetch
the group list from there.  This is *much* faster.

Keep the old code only for the sake of WOW64 on Vista and Windows 7,
which don't implement MsV1_0S4ULogon.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 105fbdebdd Cygwin: s4uauth: allow to be called for identification only
s4uath was only callable to create an impersonation token so
far.  Rework the function to allow creating an identification
token for informational purposes even from untrusted processes.

Take domainname and username instead of a passwd pointer to be
more multi-purpose.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 82c2cf6abc Cygwin: drop unused parameter from get_user_local_groups
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 18c203fb6e Cygwin: passwd/group: drop fetching case-correct group names from LDAP
Commit 4e34a39b5c made sure all user and
group names are case-correct, but it introduced a hefty performance hit
on starting the first Cygwin process.

Adding an ldap call for each AD group in a user token takes its toll in
bigger AD environments with lots of groups in a user token.  Real-life
example: 300 groups w/ roundtrip time to the LDAP server of 0.25 secs
per call...

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 21:58:51 +01:00
Corinna Vinschen 14e2268853 Cygwin: fetch local groups from local machine
...even for domain accounts, otherwise local group membership is ignored.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 00:13:57 +01:00
Corinna Vinschen 65c569f9fd Cygwin: bump version to 3.0.2
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-22 00:13:06 +01:00
Yaakov Selkowitz a62b29bfec Cygwin: document secure_getenv
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2019-02-19 14:34:18 -06:00
Yaakov Selkowitz 850705f92e Cygwin: add secure_getenv
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2019-02-19 13:01:50 -06:00
Corinna Vinschen dd415f1a8c Cygwin: sys/mount.h: fix comment
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-19 19:34:40 +01:00
Corinna Vinschen 30782f7de4 Cygwin: s4uauth: convert token to primary token
Up to Vista CreateProcessAsUser only worked with primary tokens,
so convert S4U impersonation token to primary token.  MSDN still
documents it that way, but actually an impersonation token is
sufficient since Windows 7.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 21:45:34 +01:00
Corinna Vinschen e53373bbdb Cygwin: re-enable create_token for older systems
Under WOW64 on 64 bit Windows 7, MsV1_0S4ULogon appears to be
unimplemented, probably under Vista as well.  Re-enable
create_token method, to allow basic seteuid on W7 WOW64 and
Vista as well.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 21:00:59 +01:00
Corinna Vinschen a96d68c5bd Cygwin: s4uauth: make sure to fetch correct package id
for domain accounts we try KerbS4ULogon first, MsV1_0S4ULogon
second.  But we only fetch the package id for the supporting
authentication package (Kerberos/MsV1_0) once at the start.

Duplicate LsaLookupAuthenticationPackage call and move into the
Kerb/MsV1_0 branches so that it fetches the correct package id
for the method we call next.

Curious enough this worked before.  Apparently both methods
work with the MICROSOFT_KERBEROS_NAME_A package id.  However,
requesting and using the right authentication package id is
the prudent thing to do.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 17:59:56 +01:00
Corinna Vinschen 959077ac0a CYgwin: bump API minor for MOUNT_BINARY -> MOUNT_TEXT change
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 11:04:38 +01:00
Corinna Vinschen 26e0b37ed0 Cygwin: utils: MOUNT_BINARY -> MOUNT_TEXT
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 11:02:03 +01:00
Corinna Vinschen 9883959f08 Revert "Cygwin: passwd/group: allow specifying "." as local computername"
This reverts commit 7c34811440.

This potentially allows to circumvent OpenSSHs user/group name matching,
unless the Admin knows to add every local user twice or to use patterns,
e.g.:

  Match user MACHINE+user,.+user
  Match user *+user

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 10:38:08 +01:00
Corinna Vinschen 367c1ae161 Cygwin: mount: define binary mount as default
Commit c1023ee353 changed the way
path_conv::binmode() works.  Rather than returning three states,
O_BINARY, O_TEXT, 0, it only returned 2 states, O_BINARY, O_TEXT.  Since
mounts are only binary if they are explicitely mounted binary by setting
the MOUNT_BINARY flag, textmode is default.

This introduced a new bug.  When inheriting stdio HANDLEs from native
Windows processes, the fhandler and its path_conv are created from a
device struct only.  None of the path or mount flags get set this way.
So the mount flags are 0 and path_conv::binmode() returned 0.

After the path_conv::binmode() change it returned O_TEXT since, as
explained above, the default mount mode is textmode.

Rather than just enforcing binary mode for path_conv's created from
device structs, this patch changes the default mount mode to binary:

Replace MOUNT_BINARY flag with MOUNT_TEXT flag with opposite meaning.
Drop all explicit setting of MOUNT_BINARY.  Drop local set_flags
function, it doesn't add any value.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 10:26:53 +01:00
Corinna Vinschen f76c8519ac Cygwin: mount: remove unused method mount_info::set_flags_from_win32_path
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 10:23:15 +01:00
Corinna Vinschen 5e6ce1cfb2 Cygwin: utils: kill: revert erroneously removed optind correction
When recognizing a negative pid, optind is off by one.  The
code correcting this has been erroneously removed by commit
8de660271f.  Revert that.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 10:22:37 +01:00
Corinna Vinschen 7e671e7578 Cygwin: fork: add PROCESS_VM_OPERATION to child process permissions
...on parent process.  This is required for successful mmap propagation.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-18 10:19:44 +01:00
Corinna Vinschen 7c34811440 Cygwin: passwd/group: allow specifying "." as local computername
Convenience only.  The resulting passwd/group antry is still
fully qualified.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-16 18:36:21 +01:00
Corinna Vinschen 538e7abc36 Cygwin: bump version to 3.0.1
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-16 18:11:16 +01:00
Corinna Vinschen 4e34a39b5c Cygwin: passwd/group: store account name case correct, take 2
The solution from commit  9a3cc77b2a
didn't work for foreign domain accounts.  Rather than calling
LookupAccountSid we now use the info when we fetch it anyway
via LDAP or Net*GetInfo.  Only in case of domain groups we have
to add an LDAP call explicitly.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 13:16:15 +01:00
Corinna Vinschen 79c4e95fad Cygwin: ldap.cc: fix formatting
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 12:43:25 +01:00
Corinna Vinschen 09bbcf8788 Cygwin: passwd/group: rename get_group_name to get_account_name
The function is the same for user and grou accounts.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 12:42:56 +01:00
Corinna Vinschen 507982af79 Cygwin: passwd/group: raise local name buffer size
Make sure a domain+username fits into the local name buffer.
The former buffer size didn't take adding a domain name to
a really_really_long_user_name into account.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 12:41:55 +01:00
Corinna Vinschen 9a3cc77b2a Cygwin: passwd/group: store account name case correct
When looking up valid accounts by name, LookupAccountName returns
a SID and a case-correct domain name.  However, the name was input
and LookupAccountName is case-insensitive, so the name is not
necessarily written the same way as in SAM or AD.

Fix that by doing a reverse lookup on the just fetched SID.  This
fetches the account name in the correct case.  Override the
incoming name with the case correct name from LookupAccountSid.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-02-13 11:13:28 +01:00