* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
(conv_envvars): Use env_win32_to_posix_path_list rather than
cygwin_win32_to_posix_path_list.
(posify): Translate back to win32 path if errno is EIDRM.
* environ.h: Update copyright. Define ENV_CVT.
* path.cc (conv_path_list): If converting for the environment and removed an
element set errno to ENV_CVT.
(env_win32_to_posix_path_list): New function.
(getearly): Rename 's' variable to 'len' since 's' is used fairly consistently
throughout cygwin as a string variable. Remove rawenv declaration. Perform
other minor cleanups.
(environ_init): Remove rawenv declaration. Only set rawenv to
GetEnvironmentStrings() if it has not already been set. Properly free rawenv
in all cases.
(findenv_func): New function pointer, predefined to getearly.
(getenv): Call findenv function over the findenv_func pointer.
(environ_init): Change findenv_func pointer to my_findenv after Cygwin
environment is initialized.
* dcrt0.cc (dll_crt0_0): Semi-revert 2006-03-14 change which moved pinfo_init
and uinfo_init here.
(dll_crt0_1): Ditto.
(__dll_crt0): Ditto. Don't call update_envptrs here.
(dll_crt0_1): Ditto. Move wait_for_sigthread call here from dll_crt0_0.
* environ.cc (environ_init): Call it here instead.
* sigproc.cc (my_readsig): New static variable.
(wait_for_sigthread): Set up read pipe here since we are assured that we have
the proper privileges when this is called.
(talktome): Eliminate second argument since it is available as a global now.
(wait_sig): Reflect use of my_readsig.
(child_info::retry): Move here from fork subclass.
(child_info::exit_code): New field.
(child_info::retry_count): Max retry count for process start.
(child_info::proc_retry): Declare new function.
(child_info_fork::retry): Move to parent.
(child_info_fork::fork_retry): Ditto.
* dcrt0.cc (child_info::fork_retry): Rename and move.
(child_info_fork::handle_failure): Move.
(dll_crt0_0): Initialize console handler based on whether we have a controlling
tty or not. Avoid nonsensical check for fork where it can never occur.
* environ.cc (set_proc_retry): Rename from set_fork_retry. Set retry_count in
child_info.
(parse_thing): Reflect above change.
* exceptions.cc (dummy_ctrl_c_handler): Remove unused variable name.
(ctrl_c_handler): Always return TRUE for the annoying CTRL_LOGOFF_EVENT.
* fhandler_termios.cc (fhandler_termios::tcsetpgrp): Remove call to
init_console_handler.
* fhandler_tty.cc (fhandler_tty_slave::open): Just call mange_console_count
here and let it decide what to do with initializing console control handling.
* fork.cc (fork_retry): Remove definition.
(frok::parent): Define static errbuf and use in error messages (not thread safe
yet). Close pi.hThread as soon as possible. Protect pi.hProcess as soon as
possible. Don't set retry_count. That happens automatically in the
constructor now. Accommodate name change from fork_retry to proc_retry.
* init.cc (dll_entry): Turn off ctrl-c handling early until we know how it is
supposed to be handled.
* pinfo.cc (_pinfo::dup_proc_pipe): Remember original proc pipe value for
failure error message. Tweak debug message slightly.
* sigproc.cc (child_info::retry_count): Define.
(child_info::child_info): Initialize retry count.
(child_info::sync): Set exit code if process dies before synchronization.
(child_info::proc_retry): Rename from child_info_fork::fork_retry. Use
previously derived exit code. Be more defensive about what is classified as an
error exit.
(child_info_fork::handle_failure): Move here from dcrt0.cc.
* spawn.cc (spawn_guts): Maintain error mode when starting new process to avoid
annoying pop ups. Move deimpersonate call within new loop. Move envblock
freeing to end. Loop if process dies prematurely with bad exit code.
* syscalls.cc (init_console_handler): Remove hopefully unneeded call to
init_console_handler.
(child_info_fork::retry): New field.
* dcrt0.cc (__api_fatal_exit_val): Define.
(child_info_fork::handle_failure): Define new function.
(__api_fatal): Exit using __api_fatal_exit_val value.
* environ.cc (set_fork_retry): Set fork_retry based on CYGWIN environment
variable.
(parse_thing): Add "fork_retry" setting.
* fork.cc (fork_retry): Define.
(frok::parent): Reorganize to allow retry of failed child creation if child
signalled that it was ok to do so.
* heap.cc (heap_init): Signal parent via handle_failure when VirtualAlloc
fails.
* pinfo.h (EXITCODE_RETRY): Declare.
* sigproc.cc (child_info::sync): Properly exit with failure condition if called
for fork and didn't see subproc_ready.
* spawn.cc (spawn_guts): Use windows pid as first argument.
* winsup.h: Remove obsolete NEW_MACRO_VARARGS define.
(__api_fatal_exit_val): Declare.
(set_api_fatal_return): Define.
(in_dllentry): Declare.
* exceptions.cc (inside_kernel): Remove unneeded in_dllentry declaration.
appropriately.
* pinfo.cc (pinfo::exit): Always call sigproc_terminate here. Rely on
sigproc_terminate to signal signal thread to handle eventual process exit.
* sigproc.cc (no_signals_available): Change criteria for determining if this
process can handle signals to itself.
(my_sendsig): New variable. Copy of my sendsig handle.
(proc_can_be_signalled): Don't send signals if exit code is set.
(sigproc_terminate): Use and set exit_state appropriately to determine when to
do anything. Send __SIGEXIT to self to control process exit.
(sig_send): Use my_sendsig for sending signals. Don't call
proc_can_be_signalled for myself since the criteria is now different for
sending signals to myself.
(wait_sig): Copy myself->sendsig to my_sendsig for future use. Exit signal
loop when __SIGEXIT is received. Wait for main thread to exit and use its exit
status to actually exit process.
* sigproc.h (__SIGEXIT): New enum.
* dcrt0.cc (alloc_stack): Eliminate superfluous "return;".
* debug.cc (add_handle): Ditto.
* devices.in (device::parse): Ditto.
* dtable.cc (dtable::vfork_parent_restore): Ditto.
(dtable::vfork_child_fixup): Ditto.
* environ.cc (parse_options): Ditto.
* errno.cc (seterrno_from_win_error): Ditto.
* exceptions.cc (sig_handle_tty_stop): Ditto.
(set_signal_mask): Ditto.
* fhandler.cc (fhandler_base::read): Ditto.
(fhandler_base::operator delete): Ditto.
(fhandler_base::seekdir): Ditto.
(fhandler_base::rewinddir): Ditto.
* fhandler_console.cc (fhandler_console::read): Ditto.
(fhandler_console::fixup_after_exec): Ditto.
* sigproc.cc (sigproc_init): Ditto.
(sigproc_terminate): Ditto.
* devices.cc: Regenerate.
everywhere. Leave some thread.cc stuff alone for now.
* cygtls.h: Kludge some definitions to avoid including a problematic windows
header.
(_cygtls::_myfault): New entry.
(_cygtls::_myfault_errno): Ditto.
(_cygtls::fault_guarded): New function.
(_cygtls::setup_fault): Ditto.
(_cygtls::return_from_fault): Ditto.
(_cygtls::clear_fault): Ditto.
(myfault): New class.
* exceptions.cc (handle_exceptions): Handle case of guarded fault in system
routine.
* gendef: Add another entry point for setjmp that the compiler doesn't know
about and won't complain about.
* gentls_offsets: Just include windows.h rather than kludging a HANDLE def.
* miscfuncs.cc (check_null_str): Delete.
(check_null_empty_str): Ditto.
(check_null_empty_str_errno): Ditto.
(check_null_str_errno): Ditto.
(__check_null_invalid_struct): Ditto.
(__check_null_invalid_struct_errno): Ditto.
(__check_invalid_read_ptr): Ditto.
(__check_invalid_read_ptr_errno): Ditto.
(dummytest): New function.
(check_iovec_for_read): Delete.
(chec_iovec): Rename from check_iovec_for_write. Take a read/write parameter.
* tlsoffsets.h: Regenerate.
* winsup.h: Remove check_* declarations.
(check_iovec_for_read): Delete declaration. Turn into a define instead.
(check_iovec_for_write): Ditto.
(check_iovec): New declaration.
* thread.h: Use ifdef guard name consistent with other header files.
variable.
* dlfcn.cc (get_full_path_of_dll): Search /usr/bin (for windows compatibility)
and /usr/lib (for UNIX compatibility) when looking for shared libraries.
* environ.cc (conv_envvars): Put back LD_LIBRARY_PATH since it is used by
get_full_path_of_dll().
* errno.cc (errmap): Map MOD_NOT_FOUND to ENOENT.
* cygmagic: Remove debugging cruft.
(spenv::add_if_exists): Rename from force.
(build_env): Accommodate name changes. Make sure that stuff that is always
supposed to be in the environment is actually added to the environment.
* shared.cc (open_shared): Restore VirtualFree eliminated by 2005-04-28 change.
* cygheap.h (cygheap_user::curr_primary_token): New member.
(cygheap_user::primary_token): New method.
(cygheap_user::deimpersonate): Always revert to processes'
impersonation token.
(cygheap_user::reimpersonate): Set processes' or setuid token as
necessary.
(cygheap_user::has_impersonation_tokens): Look for curr_primary_token
value.
(cygheap_user::close_impersonation_tokens): Close curr_primary_token
here if necessary. Don't reset token values to NO_IMPERSONATION since
that's done in uinfo_init anyway.
(init_cygheap::luid): New LUID array keeping privilege LUIDs.
* cygtls.cc (_cygtls::init_thread): Call cygheap->user.reimpersonate.
* dcrt0.cc (hProcToken): New global variable to keep process token.
(hProcImpToken): Ditto for process impersonation token.
(dll_crt0_0): Open process token here once. Duplicate to create
hProcImpToken.
(dll_crt0_1): Call set_cygwin_privileges.
* environ.cc (allow_ntea): Drop duplicate declaration.
(allow_smbntsec): Ditto.
(set_traverse): Only set allow_traverse here.
(environ_init): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Drop call to
enable_restore_privilege.
(fhandler_disk_file::fchown): Ditto.
(fhandler_disk_file::facl): Ditto.
* fork.cc (fork_child): Move call to cygheap->user.reimpersonate after
syn with parent. Call set_cygwin_privileges.
* grp.cc (internal_getgroups): Use hProcImpToken instead of opening
process token.
* path.cc (fs_info::update): Bypass traverse checking when retrieving
volume information using push/pop_thread_privileges.
* registry.cc (load_registry_hive): Drop setting restore privilege
since it's already set if available.
* sec_helper.cc: Include cygtls.h.
(cygpriv): Privilege string array.
(privilege_luid): New function, evaluate LUID from cygpriv_idx.
(privilege_luid_by_name): New function, evaluate LUID from privilege
string.
(privilege_name): New function, evaluate privilege string from
cygpriv_idx.
(set_privilege): New static function called by set_process_privilege
and set_thread_privilege. Call privilege_luid to get privilege LUID.
Fix bug in return value evaluation. Improve debug output.
(set_cygwin_privileges): New function.
(set_process_privilege): Remove.
(enable_restore_privilege): Remove.
* security.cc (allow_traverse): New global variable.
(sys_privs): Change type to cygpriv_idx and store privilege indices
instead of strings.
(SYSTEM_PRIVILEGES_COUNT): Renamed from SYSTEM_PERMISSION_COUNT.
(get_system_priv_list): Don't use numerical constant in malloc call.
Use privilege_luid to get privilege LUIDs.
(get_priv_list): Call privilege_luid_by_name to get LUIDs. Improve
inner privilege LUID comparison loop.
(create_token): Enable create token privilege using
push/pop_self_privileges. Use hProcToken instead of opening process
token. Use default DACL when duplicating token.
(subauth): Enable tcb privilege using push/pop_self_privileges.
Use sec_none instead of homw made security attributes when duplicating
token.
(check_file_access): Don't duplicate access token, use active
impersonation token as is.
* security.h (enum cygpriv_idx): New enumeration type enumerating
possible privileges.
(privilege_luid): Declare new function.
(privilege_luid_by_name): Ditto.
(privilege_name): Ditto.
(allow_traverse): Declare.
(set_privilege): Declare function.
(set_process_privilege): Define as macro.
(enable_restore_privilege): Remove declaration.
(_push_thread_privilege): Define macro.
(push_thread_privilege): Ditto.
(pop_thread_privilege): Ditto.
(pop_self_privilege): Ditto.
* spawn.cc (spawn_guts): Use cygheap->user.primary_token instead of
cygheap->user.token.
* syscalls.cc (statvfs): Bypass traverse checking when retrieving
volume information using push/pop_thread_privileges. Rearrange code
to simplify push/pop bracketing.
(seteuid32): Use hProcToken instead of opening process token. Call
cygheap->user.deimpersonate instead of RevertToSelf. Create
impersonation token from primary internal or external token. Set
cygheap->user.curr_primary_token and cygheap->user.current_token
privileges once here. Drop "failed" and "failed_ptok" labels.
Drop setting DefaultDacl of process token.
(setegid32): Use hProcToken and hProcImpToken instead of opening
process token. Always reimpersonate afterwards.
* uinfo.cc (cygheap_user::init): Use hProcToken instead of opening
process token.
(internal_getlogin): Ditto. Set hProcImpToken, too.
(uinfo_init): Initialize cygheap->user.curr_primary_token.
* winsup.h (hProcToken): Declare.
(hProcImpToken): Declare.
(win_env::operator = ): Declare new operator.
(win_env::reset): Declare new function.
(win_env::~win_env): Declare new destructor.
(getwinenv): Add optional third argument to declaration.
* environ.cc (conv_envvars): Accommodate immediate field.
(win_env::operator =): Define new operator.
(win_env::~win_env): Define new destructor.
(win_env::add_cache): Add value to environment immediately if "immediate" is
set.
(getwinenv): Accept optional third argument which will be used to store
"cached" values to avoid overwriting real cache.
(spenv::force): Declare new field.
(spenvs): Accommodate force field. Add "PATH=" with force set to true.
(spenv::retrieve): Avoid duping anything if we're not building an envblock.
(build_env): Ditto. Use size of potentially constructed new environment block
to determine if we need to create an environment block. Pass getwinenv
temporary storage to avoid inappropriately overwriting the environment cache.
* fhandler.h (select_record::thread_errno): Save any encountered errno here.
(select_record::set_select_errno): New function.
(select_record::saw_error): New function.
(select_record::select_record): Initialize thread_errno to zero.
* select.cc (set_handle_or_return_if_not_open): Set thread_errno on failure.
(select_stuff::wait): Record errno for later resurrection in calling thread.
(peek_serial): Ditto.
Corinna Vinschen
Christopher Faylor
Pierre Humblet