Commit Graph

262 Commits

Author SHA1 Message Date
Corinna Vinschen 97b09fe1c5 Partially revert change from 2006-10-22. GetSecurityInfo messes up
user information on NT4.
	* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
	considerations.
	(security_descriptor::realloc): Ditto.
	(security_descriptor::free): Ditto.
	* security.cc (get_reg_security): Reinstantiate.
	(get_nt_object_security): Revert to using NtQuerySecurityObject.
	* security.h (class security_descriptor): Drop type member.
	Accommodate throughout.
	(security_descriptor::size): Constify.
	(security_descriptor::copy): Ditto.
2006-12-20 17:14:23 +00:00
Corinna Vinschen 56face1741 * security.cc (lsaauth): Initialize lsa to INVALID_HANDLE_VALUE to
avoid potential access violation.
2006-12-13 09:53:42 +00:00
Corinna Vinschen 26684e48d2 * environ.cc (subauth_id_init): Remove.
(parse_thing): Drop "subauth_id" option.
	* security.cc (get_token_group_sidlist): Drop comments concerning
	subauthentication.
	(create_token): Back out subauthentication related changes.
	(subauth): Remove.
	* security.h (create_token): Remove declaration.
	(subauth): Ditto.
	* syscalls.cc (seteuid32): Drop subauthentication handling entirely.
2006-12-12 19:18:56 +00:00
Corinna Vinschen a889232410 * environ.cc (set_traverse): Remove.
(parse_thing): Drop "traverse" option.
	* path.cc (fs_info::update): Don't request SE_CHANGE_NOTIFY_PRIV
	privilege.
	* sec_helper.cc (set_cygwin_privileges): Ditto.
	* security.cc (allow_traverse): Remove.
	(alloc_sd): Drop special allow_traverse code.
	* security.h (allow_traverse): Drop declaration.
	* syscalls.cc (statvfs): Don't request SE_CHANGE_NOTIFY_PRIV privilege.
2006-12-12 18:47:25 +00:00
Corinna Vinschen 5684cfebba Partially revert change from 2005-04-03, always running under an
impersonation token, which collides with Vista UAC.
	* cygheap.h (deimpersonate): revert to self instead of impersonating
	hProcImpToken.
	(reimpersonate): Only impersonate if setuid.
	* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
	(dll_crt0_1): Set privileges on hProcToken.
	* fork.cc (frok::child): Set privileges on hProcToken.  Close handle to
	hProcImpToken.
	* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
	* security.cc (check_access): Create hProcImpToken on demand here.
	* security.h (set_process_privilege): Set privileges on hProcToken.
	(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
	(pop_thread_privilege): If not setuid'ed, revert to self.
	* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
	Close handle to hProcImpToken.
	* uinfo.cc (internal_getlogin): Ditto.
	* winsup.h (clear_procimptoken): New inline function.
2006-12-12 16:27:32 +00:00
Corinna Vinschen 75bb63452d * security.cc (create_token): Revert erroneous change to test
subauth_token for INVAILD_HANDLE_VALUE.
	* syscalls.cc (seteuid32): Set create_token's subauth_token parameter
	back to NULL.
2006-11-28 23:15:01 +00:00
Corinna Vinschen b825c587ba * cyglsa.h: New header file.
* environ.cc: Disable subauth settings.
	* grp.cc: Accomodate cygsidlist's count now being a method.
	* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
	(mandatory_medium_integrity_sid): Remove.
	(mandatory_high_integrity_sid): Remove.
	(mandatory_system_integrity_sid): Remove.
	(fake_logon_sid): Add.
	(cygsid::get_sid): Add well_known parameter.  Set well_known_sid
	accordingly.
	(cygsid::getfromstr): Ditto.
	(cygsidlist::alloc_sids): Move here from security.cc.
	(cygsidlist::free_sids): Ditto.
	(cygsidlist::add): Move here from security.h.  Add well_known parameter.
	Set well_known_sid accordingly.  Don't allow duplicate SIDs.
	* security.cc: Include cyglsa.h and cygwin/version.h.  Throughout
	accomodate cygsidlist's count now being a method.  Throughout drop
	redundant "contains" tests.
	(get_user_local_groups): Add local groups as well known SIDs.
	(get_token_group_sidlist): Add well known groups as well known SIDs.
	(get_server_groups): Ditto.  Only call get_unix_group_sidlist after
	get_user_local_groups to maintain "well_known_sid" attribute.
	(get_initgroups_sidlist): Add well known groups as well known SIDs.
	(get_setgroups_sidlist): Add usersid and struct passwd parameter to
	allow calling get_server_groups from here.
	(get_system_priv_list): Make static.  Return size of TOKEN_PRIVILEGES
	structure.
	(get_priv_list): Ditto.
	(create_token): Accomodate above changes.  Drop misguided attempt to
	add MIC SIDs to created user token.  Print returned token as hex value.
	(subauth): Disable.
	(lsaauth): New function implementing client side of LSA authentication.
	* security.h (class cygsid): Add well_known_sid attribute.  Accomodate
	throughout.  Add *= operator to create a well known SID.
	(class cygsidlist): Rename count to cnt.  Make count a method.
	(cygsidlist::add): Move to sec_helper.cc.
	(cygsidlist::operator *=): New method to add well known SID.
	(cygsidlist::non_well_known_count): New method returning number of
	non well known SIDs in list.
	(cygsidlist::next_non_well_known_sid): New method returning next non
	well known SID by index.
	(mandatory_medium_integrity_sid): Drop declaration.
	(mandatory_high_integrity_sid): Drop declaration.
	(mandatory_system_integrity_sid): Drop declaration.
	(fake_logon_sid): Add declaration.
	(subauth): Disable declaration.
	(lsaauth): Add declaration.
	* syscalls.cc (seteuid32): Disable subauthentication.  Add LSA
	authentication.
	* wincap.h: Define needs_logon_sid_in_sid_list throughout.
	* wincap.cc: Ditto.
2006-11-27 12:59:59 +00:00
Corinna Vinschen c3a0492e16 * autoload.cc (EqualPrefixSid): Define.
* security.cc (create_token): Drop grps_buf.  Use alloca instead.
	Only add the MIC SID to the TOKEN_GROUPS list for the NtCreateToken
	call.  If the subauthentication token exists, use its MIC SID.
	Set SID Attributes for the MIC SID to 0.
2006-11-09 15:24:34 +00:00
Corinna Vinschen 2fd2ddf3f5 * sec_helper.cc (sid_auth): Remove.
(well_known_this_org_sid): New well known sid.
	(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
	(mandatory_medium_integrity_sid): New well known sid.
	(mandatory_high_integrity_sid): Ditto.
	(mandatory_system_integrity_sid): Ditto.
	(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY.  Allow all
	authorities fitting in a UCHAR.
	* security.cc (get_token_group_sidlist): Always add the local
	group to the token.  Add comment.  Add "This Organization" group
	if available in incoming group list.
	(get_server_groups): Only add world and authenticated users groups
	if not already in list.
	(create_token): Add matching mandatory integrity SID to group list
	on systems supporting Mandatory Integrity Control.
	* security.h (well_known_this_org_sid): Define.
	(mandatory_medium_integrity_sid): Define.
	(mandatory_high_integrity_sid): Define.
	(mandatory_system_integrity_sid): Define.
	* wincap.h: Define has_mandatory_integrity_control throughout.
	* wincap.cc: Ditto.
2006-11-08 11:38:05 +00:00
Corinna Vinschen b904c35100 * security.h (cygpriv_idx): Add privileges new in Vista.
* security.cc (sys_privs): Ditto.
	* sec_helper.cc (cygpriv): Ditto.  Fix comment.
2006-11-01 09:00:14 +00:00
Corinna Vinschen fc545fe933 * fhandler_disk_file.cc (fhandler_disk_file::facl): Fix whitespace.
* external.cc: Update copyright.
	* fhandler.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.h: Ditto.
	* security.cc: Ditto.
	(check_registry_access): Return -1 if W_OK is requested.
2006-10-22 19:31:33 +00:00
Corinna Vinschen 2be593d961 * external.cc (cygwin_internal): Use security_descriptor::copy method.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
	Set type.
	(security_descriptor::realloc): Handle the case that psd has been
	allocated using LocalAlloc.  Set type.
	(security_descriptor::free): Ditto.
	* security.cc (get_nt_attribute): Remove.
	(get_reg_security): Remove.
	(get_nt_object_security): Use GetSecurityInfo which handles all
	securable objects.
	(get_nt_object_attribute): Remove.
	(get_object_attribute): Call get_nt_object_security instead of
	get_nt_object_attribute.
	(get_file_attribute): Ditto.
	(check_registry_access): Call get_nt_object_security instead of
	get_reg_security.
	* security.h (cygpsid::operator PSID): Make method const, not the
	result.
	(class security_descriptor): Add type member.  Accomodate throughout.
	(security_descriptor::copy): New method.
	(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
2006-10-22 14:57:43 +00:00
Corinna Vinschen 1b4153db74 * fhandler.cc (fhandler_base::fhaccess): Call check_registry_access
for registry keys/values if ntsec is on.
	* security.cc (check_access): New static function derived from
	check_file_access, but object type agnostic.
	(check_file_access): Only do file specific stuff.  Call check_access.
	(check_registry_access): New access check function for registry keys/
	values.
	* security.h (check_registry_access): Declare.
2006-10-21 11:05:32 +00:00
Corinna Vinschen 2c1ffdbf5e * autoload.cc (PrivilegeCheck): Define.
* fhandler.cc (fhandler_base::open): Always try opening with backup
	resp. restore intent.
	* fhandler_disk_file.cc (fhandler_disk_file::opendir): Always try
	opening with backup intent.
	(fhandler_disk_file::readdir): Ditto when trying to retrieve file id
	explicitely.
	* security.cc (check_file_access): Replace pbuf with correctly
	PPRIVILEGE_SET typed pset.  Check explicitely for backup and/or restore
	privileges when AccessCheck fails, to circumvent AccessCheck
	shortcoming.  Add comment to explain.
2006-10-16 12:26:59 +00:00
Corinna Vinschen fb7dc2480c * autoload.cc (Wow64DisableWow64FsRedirection): Define.
(Wow64RevertWow64FsRedirection): Define.
	* security.cc (cygsuba_installed): New shared variable to store result
	of cygsuba.dll installation test.
	(subauth): Check if cygsuba.dll has been installed and registered
	before issuing the (sub)authentication.
2006-10-13 11:10:28 +00:00
Corinna Vinschen 208e95c2f2 * security.cc (create_token): Fix condition for source identifier. 2006-10-12 15:38:26 +00:00
Corinna Vinschen 94dc73adc5 * security.cc (subauth): Initialize user_token to NULL. Add comment. 2006-08-14 11:32:11 +00:00
Christopher Faylor 724c4ed146 * security.cc (get_logon_server): Remove nret and use dret for everything to
avoid a g++ warning.
2006-07-25 19:44:17 +00:00
Corinna Vinschen 70e476d27b 2006-07-25 Corinna Vinschen <corinna@vinschen.de>
* include/cygwin/version.h: Bump DLL version to 1.7.0.

2006-07-25  Corinna Vinschen  <corinna@vinschen.de>

	* select.h: Remove.
	* fhandler_socket.cc: Don't include select.h.
	* select.cc: Ditto.

2006-07-25  Corinna Vinschen  <corinna@vinschen.de>

	* cygtls.h: Drop socket related includes.
	(struct _local_storage): Remove exitsock and exitsock_sin. Add
	select_sockevt.
	* cygtls.cc: Accomodate above change throughout.
	* fhandler.h (class fhandler_socket): Make wsock_evt public.
	* fhandler_socket.cc (fhandler_socket::fhandler_socket): Accomodate
	reordering members.
	(fhandler_socket::evaluate_events): Drop FD_CONNECT event as soon as
	it gets read once.  Never remove FD_WRITE event here.
	(fhandler_socket::wait_for_events): Wait 50 ms instead of INFINITE for
	socket events.
	(fhandler_socket::accept): Fix conditional.  Set wsock_events members
	of accepted socket to useful start values.
	(fhandler_socket::recv_internal): Always drop FD_READ/FD_OOB events from
	wsock_events after the call to WSARecvFrom.
	(fhandler_socket::send_internal): Drop FD_WRITE event from wsock_events
	if the call to WSASendTo fails with WSAEWOULDBLOCK.  Fix return value
	condition.
	* select.cc (struct socketinf): Change to accomodate using socket event
	handling.
	(peek_socket): Use event handling for peeking socket.
	(thread_socket): Ditto.
	(start_thread_socket): Ditto.
	(socket_cleanup): Same here.
	* tlsoffsets.h: Regenerate.

2006-07-20  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler.h (class fhandler_socket): Rearrange slightly to keep
	event handling methods and members together.  Drop owner status flag.
	Split wait method.  Rename event handling methods for readability.
	* fhandler_socket.cc (struct wsa_event): Add owner field.
	(LOCK_EVENTS): New macro.
	(UNLOCK_EVENTS): Ditto.
	(fhandler_socket::init_events): rename from prepare.
	(fhandler_socket::evaluate_events): First half of former wait method.
	Do everything but wait.  Allow specifiying whether or not events from
	event_mask should be erased from wsock_events->events.  Simplify
	OOB handling.  Allow sending SIGURG to any process (group).
	(fhandler_socket::wait_for_events): Second half of former wait method.
	Call evaluate_events and wait in a loop if socket is blocking.
	(fhandler_socket::release_events): Rename from release.
	(fhandler_socket::connect): Accomodate above name changes.
	(fhandler_socket::accept): Ditto.
	(fhandler_socket::recv_internal): Ditto.
	(fhandler_socket::send_internal): Ditto.
	(fhandler_socket::close): Ditto.
	(fhandler_socket::fcntl): Always set owner to given input value on
	F_SETOWN.  Handle F_GETOWN.
	* net.cc (fdsock): Accomodate above name changes.

2006-07-20  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::wait): Set Winsock errno to
	WSAEWOULDBLOCK instead of WSAEINPROGRESS.

2006-07-18  Brian Ford  <Brian.Ford@FlightSafety.com>
	    Corinna Vinschen  <corinna@vinschen.de>

	* winsup.h (mmap_region_status): New enum.
	(mmap_is_attached_or_noreserve_page): Adjust prototype and rename
	as below.
	* mmap.cc (mmap_is_attached_or_noreserve_page):  Rename
	mmap_is_attached_or_noreserve.  Add region length parameter.
	Return enum above.
	* exceptions.cc (_cygtls::handle_exceptions): Accomodate above.
	* fhandler.cc (fhandler_base::raw_read): Call above for NOACCESS
	errors and retry on success to allow reads into untouched
	MAP_NORESERVE buffers.

2006-07-18  Corinna Vinschen  <corinna@vinschen.de>

	* cygwin.din (posix_openpt): Export.
	* tty.cc (posix_openpt): New function.
	* include/cygwin/stdlib.h (posix_openpt): Declare.
	* include/cygwin/version.h: Bump API minor number.

2006-07-14  Corinna Vinschen  <corinna@vinschen.de>

	* security.cc (get_token_group_sidlist): Always add the interactive
	group to the token.  Add comment.  Create logon_id group SID by
	copying it from incoming group list.
	(create_token): Add subauth_token parameter.  Use information in
	subauth_token if present.  Tweak SourceIdentifier if subauth_token
	is present for debugging purposes.
	* security.h (create_token): Add subauth_token parameter in declaration.
	* syscalls.cc (seteuid32): Call subauth first.  Call create_token
	regardless.  Use subauth token in call to create_token if subauth
	succeeded.

2006-07-13  Corinna Vinschen  <corinna@vinschen.de>

	* include/netinet/in.h: Update copyright.

2006-07-13  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::wait): Rework function so that
	WaitForMultipleObjects is really only called when necessary.

2006-07-12  Corinna Vinschen  <corinna@vinschen.de>

	* include/netdb.h: Declare rcmd, rcmd_af, rexec, rresvport,
	rresvport_af, iruserok, iruserok_sa, ruserok.

2006-07-12  Corinna Vinschen  <corinna@vinschen.de>

	* Makefile.in (DLL_OFILES): Drop iruserok.o.  Add rcmd.o.
	* autoload.cc (rcmd): Drop definition.
	* cygwin.din: Export bindresvport, bindresvport_sa, iruserok_sa,
	rcmd_af, rresvport_af.
	* net.cc (cygwin_rcmd): Remove.
	(last_used_bindresvport): Rename from last_used_rrecvport.
	(cygwin_bindresvport_sa): New function implementing bindresvport_sa.
	(cygwin_bindresvport): New function implementing bindresvport.
	(cygwin_rresvport): Remove.
	* include/cygwin/version.h: Bump API minor number.
	* include/netinet/in.h: Declare bindresvport and bindresvport_sa.
	* libc/iruserok.c: Remove file.
	* libc/rcmd.cc: New file implementing rcmd, rcmd_af, rresvport,
	rresvport_af, iruserok_sa, iruserok and ruserok.

2006-07-12  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::getsockname): Return valid
	result for unbound sockets.

2006-07-11  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler_socket.cc (fhandler_socket::fixup_after_fork): Handle
	wsock_mtx and wsock_evt on fork, thus handling close_on_exec correctly.
	(fhandler_socket::fixup_after_exec): Drop misguided attempt to handle
	close_on_exec here.
	(fhandler_socket::dup): Call fixup_after_fork with NULL parent.
	Add comment.
	(fhandler_socket::set_close_on_exec): Handle wsock_mtx and wsock_evt.

2006-07-10  Corinna Vinschen  <corinna@vinschen.de>

	* fhandler.h (class fhandler_socket): Add wsock_mtx, wsock_evt
	and wsock_events members.  Remove closed status flag, add listener
	status flag.  Accomodate new implementation of socket event handling
	methods.  Declare recv* and send* functions ssize_t as the POSIX
	equivalents.
	(fhandler_socket::recv_internal): Declare.
	(fhandler_socket::send_internal): Ditto.
	* fhandler_socket.cc (EVENT_MASK): Define mask of selected events.
	(fhandler_socket::fhandler_socket): Initialize new members.
	(fhandler_socket::af_local_setblocking): Don't actually set the
	socket to blocking mode.  Keep sane event selection.
	(fhandler_socket::af_local_unsetblocking): Don't actually set the
	socket to previous blocking setting, just remember it.
	(struct wsa_event): New structure to keep event data per shared
	socket.
	(NUM_SOCKS): Define number of shared sockets concurrently handled by
	all active Cygwin processes.
	(wsa_events): New shared datastructure keeping all wsa_event records.
	(socket_serial_number): New shared variable to identify shared sockets.
	(wsa_slot_mtx): Global mutex to serialize wsa_events access.
	(search_wsa_event_slot): New static function to select a new wsa_event
	slot for a new socket.
	(fhandler_socket::prepare): Rewrite.  Prepare event selection
	per new socket.
	(fhandler_socket::wait): Rewrite.  Wait for socket events in thread
	safe and multiple process safe.
	(fhandler_socket::release): Rewrite.  Close per-socket descriptor
	mutex handle and event handle.
	(fhandler_socket::dup): Duplicate wsock_mtx and wsock_evt.  Fix
	copy-paste error in debug output.
	(fhandler_socket::connect): Accomodate new event handling.
	(fhandler_socket::listen): Set listener flag on successful listen.
	(fhandler_socket::accept): Accomodate new event handling.
	(fhandler_socket::recv_internal): New inline method centralizing
	common recv code.
	(fhandler_socket::recvfrom): Call recv_internal now.
	(fhandler_socket::recvmsg): Ditto.  Streamline copying from iovec
	to WSABUF.
	(fhandler_socket::send_internal): New inline method centralizing
	common send code.
	(fhandler_socket::sendto): Call send_internal now.
	(fhandler_socket::sendmsg): Ditto.  Streamline copying from iovec
	to WSABUF.
	(fhandler_socket::close): Call release now.
	(fhandler_socket::ioctl): Never actually switch to blocking mode.
	Just keep track of the setting.
	* net.cc (fdsock): Call prepare now.
	(cygwin_connect): Revert again to event driven technique.
	(cygwin_accept): Ditto.
	* poll.cc (poll): Don't call recvfrom on a listening socket.
	Remove special case for failing recvfrom.
	* include/sys/socket.h: Declare recv* and send* functions ssize_t as
	requested by POSIX.

2006-07-07  Corinna Vinschen  <corinna@vinschen.de>

	* net.cc (cygwin_inet_ntop): Fix data type of forth parameter.

2006-07-06  Corinna Vinschen  <corinna@vinschen.de>

	* include/cygwin/in6.h (struct in6_addr): Fix typo.

2006-07-06  Corinna Vinschen  <corinna@vinschen.de>

	* cygwin.din: Export in6addr_any, in6addr_loopback, freeaddrinfo,
	gai_strerror, getaddrinfo, getnameinfo.
	* fhandler_socket.cc: Include cygwin/in6.h.
	(get_inet_addr): Accomodate AF_INET6 usage.
	(fhandler_socket::connect): Ditto.
	(fhandler_socket::listen): Ditto.
	(fhandler_socket::sendto): Ditto.
	* net.cc: Include cygwin/in6.h.
	(in6addr_any): Define.
	(in6addr_loopback): Define.
	(cygwin_socket): Accomodate AF_INET6 usage.
	(socketpair): Bind socketpairs only to loopback for security.
	(inet_pton4): New static function.
	(inet_pton6): Ditto.
	(cygwin_inet_pton): New AF_INET6 aware inet_pton implementation.
	(inet_ntop4): New static function.
	(inet_ntop6): Ditto.
	(cygwin_inet_ntop): New AF_INET6 aware inet_ntop implementation.
	(ga_aistruct): New static function.
	(ga_clone): Ditto.
	(ga_echeck): Ditto.
	(ga_nsearch): Ditto.
	(ga_port): Ditto.
	(ga_serv): Ditto.
	(ga_unix): Ditto.
	(gn_ipv46): Ditto.
	(ipv4_freeaddrinfo): Ditto.
	(ipv4_getaddrinfo): Ditto.
	(ipv4_getnameinfo): Ditto.
	(gai_errmap_t): New structure holding error code - error string mapping.
	(cygwin_gai_strerror): New function implementing gai_strerror.
	(w32_to_gai_err): New static function.
	(get_ipv6_funcs): Ditto.
	(load_ipv6_funcs): Ditto.
	(cygwin_freeaddrinfo): New function implementing freeaddrinfo.
	(cygwin_getaddrinfo): New function implementing getaddrinfo.
	(cygwin_getnameinfo): New function implementing getnameinfo.
	* include/netdb.h: Include stdint.h and cygwin/socket.h.  Define
	data types and macros used by getaddrinfo and friends.  Declare
	freeaddrinfo, gai_strerror, getaddrinfo and getnameinfo.
	* include/cygwin/in.h: Add IPv6 related IPPROTOs. Remove definition
	of struct sockaddr_in6.  Include cygwin/in6.h instead.
	* include/cygwin/in6.h: New header file defining IPv6 releated
	data types and macros.
	* include/cygwin/socket.h: Enable AF_INET6 and PF_INET6.  Add
	IPv6 related socket options.
	* include/cygwin/version.h: Bump API minor number.

2006-07-06  Corinna Vinschen  <corinna@vinschen.de>

	* autoload.cc (DsGetDcNameA): Define.
	(NetGetAnyDCName): Define.
	* security.cc: Include dsgetdc.h.
	(DsGetDcNameA): Declare.
	(DS_FORCE_REDISCOVERY): Define.
	(get_logon_server): Add bool parameter to control rediscovery of DC.
	Use DsGetDcNameA function if supported, NetGetDCName/NetGetAnyDCName
	otherwise.
	(get_server_groups): Rediscover DC if get_user_groups fails and
	try again.
	(get_reg_security): Use correct error code macro when testing
	RegGetKeySecurity return value.
	* security.h (get_logon_server): Remove default vaue from wserver
	parameter.  Add rediscovery parameter.
	* uinfo.cc (cygheap_user::env_logsrv): Accomodate rediscovery parameter
	in call to get_logon_server.
2006-07-25 19:23:23 +00:00
Corinna Vinschen 4635b6ebd8 * autoload.cc (NtQueryEaFile): Define.
(NtSetEaFile): Define.
	* fhandler.cc (fhandler_base::open): Use appropriate open flags
	in query case when allow_ntea is set.
	* ntdll.h (struct _FILE_GET_EA_INFORMATION): Define.
	(struct _FILE_FULL_EA_INFORMATION): Define.
	(NtQueryEaFile): Declare.
	(NtSetEaFile): Declare.
	* ntea.cc (read_ea): Rename from NTReadEA and rewrite using
	NtQueryEaFile.
	(write_ea): Rename from NTWriteEA and rewrite using NtSetEaFile.
	* path.cc (get_symlink_ea): Make static.  Add handle parameter to
	accomodate new read_ea call.
	(set_symlink_ea): Make static.  Add handle parameter to accomodate new
	write_ea call.
	(symlink_worker): Call set_symlink_ea while file is still open.
	(symlink_info::check): Call get_symlink_ea after file has been opened.
	* security.cc (get_file_attribute): Accomodate new read_ea call.
	(set_file_attribute): Accomodate new write_ea call.
	* security.h (read_ea): Change declaration accordingly.
	(write_ea): Ditto.
2006-07-03 18:30:08 +00:00
Corinna Vinschen 03a49a00ab * dtable.cc (handle_to_fn): Accomodate new argument order in call to
sys_wcstombs.
	* fhandler_disk_file.cc (fhandler_disk_file::readdir): Call sys_wcstombs
	instead of just wcstombs to accomodate OEM codepages.
	* miscfuncs.cc (sys_wcstombs): Split len argument in source and target
	length.  Always 0-terminate result in target string.
	* security.cc (lsa2wchar): Remove unused function.
	(lsa2str): Ditto.
	(get_lsa_srv_inf): Ditto.
	(get_logon_server): Accomodate new argument order in call to
	sys_wcstombs.
	(get_user_groups): Ditto.
	(get_user_local_groups): Ditto.
	(get_priv_list): Call sys_wcstombs directly instead of lsa2str.
	* uinfo.cc (cygheap_user::ontherange): Accomodate new argument order
	in call to sys_wcstombs.
	* winsup.h (sys_wcstombs): Change prototype to match new argument order.
2006-02-07 15:49:08 +00:00
Corinna Vinschen bb6f800d18 * security.cc (is_group_member): Fix comment. 2006-02-02 11:35:52 +00:00
Corinna Vinschen 49e803c0b6 * security.cc (is_group_member): Use local group info type 1. Test
group for being a global group or a well-known SID before adding it
	to the group list.  Add comment.
2006-02-02 11:22:10 +00:00
Christopher Faylor 3aca3cb636 Remove some more unneeded 'return;'s throughout. 2005-09-14 14:27:56 +00:00
Christopher Faylor 1cd065837c white space 2005-08-12 02:39:13 +00:00
Corinna Vinschen 2ab8ea6738 * security.cc (get_reg_security): New static function.
(get_nt_object_security): Call get_reg_security for registry keys
	to circumvent problems with predefined registry keys.
2005-08-08 16:30:15 +00:00
Corinna Vinschen 2a770b2a6f * security.cc (get_initgroups_sidlist): Drop special_pgrp parameter.
(get_setgroups_sidlist): Avoid duplicate groups in group list.
	(create_token): Remove special_pgrp local variable.  Accomodate
	change to get_initgroups_sidlist call.
2005-06-21 20:38:05 +00:00
Corinna Vinschen ce132d0ffd * security.cc (cygwin_logon_user): Run LogonUser in the primary
process token context.  Fix potential handle leak.
2005-06-08 10:06:17 +00:00
Corinna Vinschen 7311cc1f0c * pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
	(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
	* sec_acl.cc (setacl): Allocate acl dynamically.
	* sec_helper.cc (sec_acl): Add test for alignment of acl when
	DEBUGGING is defined.
	(__sec_user): Same for sa_buf.
	* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
	and allocate dynamically.
	(alloc_sd): Allocate acl dynamically.
	security.h (sec_user_nih): Change first parameter to
	SECURITY_ATTRIBUTES *.
	(sec_user): Ditto.
	* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
	allocate dynamically.
	* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
	dynamically.
	* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
	and allocate dynamically.
	* winbase.h (ilockincr): Mark first argument of inline assembly as
	earlyclobber.
	(ilockdecr): Ditto.
2005-06-07 19:31:42 +00:00
Corinna Vinschen 28f2a08860 * security.cc (alloc_sd): Remove DELETE bit from user's ACE if
allow_traverse is set.
2005-04-19 10:10:13 +00:00
Corinna Vinschen 68a3f0d34a * security.h (cygsidlist::addfromgr): Allow duplicate entries.
(get_server_groups): Declare new function.
	* security.cc (is_group_member): Simplify.
	(get_server_groups): New function.
	(get_initgroups_sidlist): Call get_server_groups.
	(verify_token): Allow token when supplementary sids are not in
	/etc/group but are in the token.
	Streamline the code.
	* grp.cc (initgroups32): New implementation.
	(getgroups32): Handle case where the supplementary groups are set.
2005-04-16 15:21:47 +00:00
Corinna Vinschen 7460bfd32b * cygerrno.h (__seterrno_from_nt_status): Define. Always set Win32
error code as well as errno. Use throughout where errno is set from
	NT status.
	(set_errno): Evaluate val only once.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Fix typo in
	debug output.
	* fhandler_mem.cc (fhandler_dev_mem::open): Rely on
	__seterrno_from_nt_status setting Win32 error code in debug output.
	* fhandler_proc.cc (format_proc_uptime): Ditto.
	(format_proc_stat): Ditto.
	* fhandler_process.cc (format_process_stat): Ditto.
	* sysconf.cc (sysconf): Ditto.
2005-04-13 16:41:33 +00:00
Corinna Vinschen f4a1f8a1db * cygheap.cc (cygheap_init): Accomodate set_process_privilege change.
* cygheap.h (cygheap_user::curr_primary_token): New member.
	(cygheap_user::primary_token): New method.
	(cygheap_user::deimpersonate): Always revert to processes'
	impersonation token.
	(cygheap_user::reimpersonate): Set processes' or setuid token as
	necessary.
	(cygheap_user::has_impersonation_tokens): Look for curr_primary_token
	value.
	(cygheap_user::close_impersonation_tokens): Close curr_primary_token
	here if necessary.  Don't reset token values to NO_IMPERSONATION since
	that's done in uinfo_init anyway.
	(init_cygheap::luid): New LUID array keeping privilege LUIDs.
	* cygtls.cc (_cygtls::init_thread): Call cygheap->user.reimpersonate.
	* dcrt0.cc (hProcToken): New global variable to keep process token.
	(hProcImpToken): Ditto for process impersonation token.
	(dll_crt0_0): Open process token here once.  Duplicate to create
	hProcImpToken.
	(dll_crt0_1): Call set_cygwin_privileges.
	* environ.cc (allow_ntea): Drop duplicate declaration.
	(allow_smbntsec): Ditto.
	(set_traverse): Only set allow_traverse here.
	(environ_init): Ditto.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Drop call to
	enable_restore_privilege.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::facl): Ditto.
	* fork.cc (fork_child): Move call to cygheap->user.reimpersonate after
	syn with parent. Call set_cygwin_privileges.
	* grp.cc (internal_getgroups): Use hProcImpToken instead of opening
	process token.
	* path.cc (fs_info::update): Bypass traverse checking when retrieving
	volume information using push/pop_thread_privileges.
	* registry.cc (load_registry_hive): Drop setting restore privilege
	since it's already set if available.
	* sec_helper.cc: Include cygtls.h.
	(cygpriv): Privilege string array.
	(privilege_luid): New function, evaluate LUID from cygpriv_idx.
	(privilege_luid_by_name): New function, evaluate LUID from privilege
	string.
	(privilege_name): New function, evaluate privilege string from
	cygpriv_idx.
	(set_privilege): New static function called by set_process_privilege
	and set_thread_privilege.  Call privilege_luid to get privilege LUID.
	Fix bug in return value evaluation. Improve debug output.
	(set_cygwin_privileges): New function.
	(set_process_privilege): Remove.
	(enable_restore_privilege): Remove.
	* security.cc (allow_traverse): New global variable.
	(sys_privs): Change type to cygpriv_idx and store privilege indices
	instead of strings.
	(SYSTEM_PRIVILEGES_COUNT): Renamed from SYSTEM_PERMISSION_COUNT.
	(get_system_priv_list): Don't use numerical constant in malloc call.
	Use privilege_luid to get privilege LUIDs.
	(get_priv_list): Call privilege_luid_by_name to get LUIDs. Improve
	inner privilege LUID comparison loop.
	(create_token): Enable create token privilege using
	push/pop_self_privileges. Use hProcToken instead of opening process
	token. Use default DACL when duplicating token.
	(subauth): Enable tcb privilege using push/pop_self_privileges.
	Use sec_none instead of homw made security attributes when duplicating
	token.
	(check_file_access): Don't duplicate access token, use active
	impersonation token as is.
	* security.h (enum cygpriv_idx): New enumeration type enumerating
	possible privileges.
	(privilege_luid): Declare new function.
	(privilege_luid_by_name): Ditto.
	(privilege_name): Ditto.
	(allow_traverse): Declare.
	(set_privilege): Declare function.
	(set_process_privilege): Define as macro.
	(enable_restore_privilege): Remove declaration.
	(_push_thread_privilege): Define macro.
	(push_thread_privilege): Ditto.
	(pop_thread_privilege): Ditto.
	(pop_self_privilege): Ditto.
	* spawn.cc (spawn_guts): Use cygheap->user.primary_token instead of
	cygheap->user.token.
	* syscalls.cc (statvfs): Bypass traverse checking when retrieving
	volume information using push/pop_thread_privileges. Rearrange code
	to simplify push/pop bracketing.
	(seteuid32): Use hProcToken instead of opening process token. Call
	cygheap->user.deimpersonate instead of RevertToSelf.  Create
	impersonation token from primary internal or external token.  Set
	cygheap->user.curr_primary_token and cygheap->user.current_token
	privileges once here.  Drop "failed" and "failed_ptok" labels.
	Drop setting DefaultDacl of process token.
	(setegid32): Use hProcToken and hProcImpToken instead of opening
	process token. Always reimpersonate afterwards.
	* uinfo.cc (cygheap_user::init): Use hProcToken instead of opening
	process token.
	(internal_getlogin): Ditto. Set hProcImpToken, too.
	(uinfo_init): Initialize cygheap->user.curr_primary_token.
	* winsup.h (hProcToken): Declare.
	(hProcImpToken): Declare.
2005-04-03 13:06:43 +00:00
Christopher Faylor ec98d19a08 * wininfo.h (wininfo::timer_active): Delete.
(wininfo::itv): Ditto.
(wininfo::start_time): Ditto.
(wininfo::window_started): Ditto.
(wininfo::getitimer): Ditto.
(wininfo::setitimer): Ditto.
(wininfo::wininfo): Ditto.
(wininfo::lock): New method.
(wininfo::release): Ditto.
* window.cc: Use new lock/acquire wininfo methods throughout.
(wininfo::wininfo): Delete
(wininfo::getitimer): Ditto.
(wininfo::setitimer): Ditto.
(getitimer): Ditto.
(setitimer): Ditto.
(ualarm): Ditto.
(alarm): Ditto.
(wininfo::lock): Define new function.
(wininfo::release): Ditto.
(wininfo::process): Delete WM_TIMER handling.
* timer.cc (struct timetracker): Delete it, flags.  Add it_interval,
interval_us, sleepto_us, running, init_muto(), syncthread, and gettime().
(ttstart): Make NO_COPY.
(lock_timer_tracker): New class.
(timer_tracker::timer_tracker): Distinguish ttstart case.
(timer_tracker::~timer_tracker): New destructor.  Clean out events, and reset
magic.
(timer_tracker::init_muto): New method.
(to_us): Round up as per POSIX.
(timer_thread): Reorganize to match timer_tracker::settime and
timer_tracker::gettime.  Call sig_send without wait.  Call auto_release.
(timer_tracker::settime): Reorganize logic to avoid race.  Call gettime to
recover old value.
(timer_tracker::gettime): New method.
(timer_create): Properly set errno on invalid timerid.  Use new
lock_timer_tracker method.
(timer_delete): Ditto.  Simplify code slightly.
(timer_gettime): New function.
(fixup_timers_after_fork): Reinit ttstart.
(getitimer): New implementation.
(setitimer): Ditto.
(ualarm): Ditto.
(alarm): Ditto.
* cygwin.din: Export timer_gettime.
* winsup.h: Remove has has_visible_window_station declaration.
* Makefile.in (DLL_OFILES): Add lsearch.o.
* cygthread.h (cygthread::notify_detached): New element.
(cygthread::cygthread): Take optional fourth argument signifying event to
signal on thread completion.
* cygthread.cc (cygthread::stub): Signal notify_detached event, if it exists.
(cygthread::cygthread): Initialize notify_detached from fourth argument.
(cygthread::detach): Wait for notify_detached field is present.
* lsearch.cc: New file.
* search.h: Ditto.
* include/cygwin/version.h: Bump API minor number to 126.
* cygwin.din: Export lsearch, lfind.
2005-03-27 01:57:38 +00:00
Christopher Faylor 29acee4020 * fhandler_tape.cc (get_ll): This is a generally useful function so move it
* winsup.h (get_ll): to here
* security.cc (get_token_group_sidlist): Use get_ll to figure out the long long
version of the luid since QuadPart is not part of the standard Windows API.
2005-03-16 21:52:06 +00:00
Pierre Humblet 531979231d 2004-10-28 Pierre Humblet <pierre.humblet@ieee.org>
* path.cc (mount_info::from_registry): Deimpersonate while
        accessing HKLM.
        (mount_info::read_cygdrive_info_from_registry): Ditto.
        * cygheap.h: Define NO_IMPERSONATION.
        (cygheap_user::issetuid): Replace INVALID_HANDLE_VALUE by
        NO_IMPERSONATION.
        (cygheap_user::has_impersonation_tokens): Ditto.
        (cygheap_user::close_impersonation_tokens): Ditto.
        * uinfo.cc (uinfo_init): Ditto.
        * syscalls.cc (seteuid32): Ditto.
        * security.cc (set_impersonation_token): Ditto.
2004-10-28 01:46:01 +00:00
Pierre Humblet b0637a5191 2004-10-05 Pierre Humblet <pierre.humblet@ieee.org>
* external.cc (check_ntsec): Do not call wincap.has_security.
	* path.cc (path_conv::check): Ditto.
	* security.cc (get_object_attribute): Ditto.
	(get_file_attribute): Ditto.
2004-10-06 01:33:39 +00:00
Christopher Faylor d584454c82 * exceptions.cc: (ctrl_c_handler): Do nothing while a Cygwin subprocess is
starting.
* child_info.h (init_child_info): Remove pid argument from declaration.
* cygheap.h (init_cygheap::pid): New element.
* dcrt0.cc (dll_crt0_0): Eliminate handling of now-noexistent cygpid parameter
in child_info struct.  Set forkee to 'true' rather than cygpid since the pid
value was never used.
(dll_crt0_1): Ditto.
(_dll_crt0): Ditto.
* fork.cc (fork_child): Don't wait for sigthread.  This is handled in the fork
call now.
(fork_parent): Remove obsolete pid argument from init_child_info call.  Don't
do anything special with cygpid when DEBUGGING.
(fork): Delay all signals during fork.
(fork_init): Don't do anything special when DEBUGGING.
* pinfo.cc (set_myself): Remove pid parameter.  Use new pid field in cygheap.
(pinfo_init): Don't pass pid argument to set_myself.
* sigproc.cc (sig_send): Wait for dwProcessId to be non-zero as well as
sendsig.
(init_child_info): Eliminate handling of pid.
(wait_sig): Implement method to temporarily hold off sending signals.
* sigproc.h (__SIGHOLD): New enum.
(__SIGNOHOLD): Ditto.
* spawn.cc (spawn_guts): Remove obsolete pid argument from init_child_info
call.
2004-09-12 03:47:57 +00:00
Corinna Vinschen eea5dd9707 * security.cc: Fix a few more strace_prints. 2004-09-03 08:18:41 +00:00
Christopher Faylor 0cd9f74fa5 Regularize most strace_prints throughout so that %E is always preceded by a
comma and elminate most uses of "foo = %s" to "foo %s".
2004-09-03 01:53:12 +00:00
Pierre Humblet bd0e9c7aa6 2004-06-17 Pierre Humblet <pierre.humblet@ieee.org>
* fhandler.cc (fhandler_base::open_9x): Do not check for null name.
        Move debug_printf to common code line.
        (fhandler_base::open): Ditto. Initialize upath. Remove second argument
        of pc.get_nt_native_path.
        * path.h (path_conv::get_nt_native_path): Remove second argument.
        * path.cc (path_conv::get_nt_native_path): Ditto. Call str2uni_cat.
        * security.h (str2buf2uni_cat): Delete declaration.
        (str2uni_cat): New declaration.
        * security.cc (str2buf2uni): Get length from sys_mbstowcs call.
        (str2buf2uni_cat): Delete function.
        (str2uni_cat): New function.
        * miscfuncs.cc (sys_mbstowcs): Add debug_printf.
2004-06-17 13:34:26 +00:00
Christopher Faylor e3778517d9 * path.cc (chdir): Always use the normalized_path as posix_cwd, except if it
starts with a drive.

Also perform whitespace cleanup.
2004-05-28 19:50:07 +00:00
Corinna Vinschen e859706578 * autoload.cc (NtCreateFile): Add.
* dir.cc (mkdir): Change set_file_attribute call to indicate that
	NT security isn't used.
	* fhandler.cc (fhandler_base::open_9x): New method, created from
	fhandler_base::open.
	(fhandler_base::open): Rearrange to use NtCreateFile instead of
	CreateFile.
	* fhandler.h (enum query_state): Redefine query_null_access to
	query_stat_control.  query_null_access isn't allowed in NtCreateFile.
	(fhandler_base::open_9x): Declare.
	* fhandler_disk_file.cc (fhandler_base::fstat_fs): Use
	query_stat_control first, query_read_control if that fails.
	(fhandler_disk_file::fchmod): Call enable_restore_privilege before
	trying to open for query_write_control.  Don't fall back to
	opening for query_read_control.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::facl):  Only request restore privilege and query
	access necessary for given cmd.
	* fhandler_raw.cc (fhandler_dev_raw::open): Call fhandler_base::open
	instead of opening device here.
	* ntdll.h (NtCreateFile): Declare.
	* path.cc (symlink_worker): Change set_file_attribute call to indicate
	that NT security isn't used.
	* sec_acl.cc (getacl): Fix bracketing.
	* sec_helper.cc (enable_restore_privilege): New function.
	* security.cc (str2buf2uni_cat): New function.
	(write_sd): Don't request restore permission here.
	* security.h (set_process_privileges): Drop stale declaration.
	(str2buf2uni): Declare.
	(str2buf2uni_cat): Declare.
	(enable_restore_privilege): Declare.
	* syscalls.cc (fchown32): Return immediate success on 9x.
2004-04-16 21:22:13 +00:00
Corinna Vinschen a653f600f5 * sec_acl.cc (getacl): Avoid compiler warning.
* security.cc (write_sd): Ditto.  Fix error handling.
2004-04-14 20:16:29 +00:00
Corinna Vinschen e3d1d51579 * fhandler.cc (fhandler_base::open): Simplify access evaluation
expression.
	(fhandler_base::facl): New method.
	* fhandler.h: Declare facl method in fhandler_base,
	fhandler_disk_file and fhandler_virtual.
	* fhandler_disk_file.cc (fhandler_disk_file::facl): New method.
	* fhandler_virtual.cc (fhandler_virtual::facl): New method.
	* sec_acl.cc: Remove forward declaration for aclsort32 and acl32.
	(setacl): Remove static.  Add and use handle parameter.
	(getacl): Ditto.
	(acl_worker): Reorganize to call fhandler's facl method eventually.
	(facl32): Ditto.
	* security.cc (get_nt_object_security): Remove static.
	* security.h: Add extern declarations for get_nt_object_security,
	aclsort32, acl32, getacl and setacl.


	Apply missing syscalls.cc patch and ChangeLog of previous check in.
	* syscalls.cc (chown_worker): Reorganize to call fhandler's fchown
	method eventually.
	(fchown): Ditto.
2004-04-14 16:36:26 +00:00
Corinna Vinschen ddf9c4a744 * fhandler.cc (fhandler_base::open): Accomodate query_write_control
query_state.
	(fhandler_base::fchown): New method.
	* fhandler.h: Declare fchown method in fhandler_base,
	fhandler_disk_file and fhandler_virtual.
	(enum query_state): Add query_write_control.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Set query_state
	to query_write_control.  Only remove FILE_ATTRIBUTE_READONLY if not
	setting security descriptor.
	(fhandler_disk_file::fchown): New method.
	* fhandler_virtual.cc (fhandler_virtual::fchown): New method.
	* sec_acl.cc (setacl): Call write_sd with additional handle attribute.
	* security.cc (write_sd): Take handle argument.  Only request owner
	if getting SE_RESTORE_NAME privilege failed.  Only open file if
	NtSetSecurityObject failed or handle is NULL.
	(set_nt_attribute): Call write_sd with additional handle attribute.
	* security.h (write_sd): Declare with additional handle argument.
2004-04-14 13:40:07 +00:00
Corinna Vinschen f4ae6dc62c * autoload.cc (NtSetSecurityObject): Add.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Only request
	READ_CONTROL rights when opening the file.
	* ntdll.h (NtSetSecurityObject): Add declaration.
	* security.cc (write_sd): Call NtSetSecurityObject instead of
	BackupWrite.
	(get_nt_object_security): Don't free security descriptor here.

	* syscalls.cc (ttyname): Use buffer of length TTY_NAME_MAX + 1.
	* sysconf.cc (sysconf): Handle _SC_TTY_NAME_MAX request.
	* include/limits.h: Define TTY_NAME_MAX and _POSIX_TTY_NAME_MAX.
2004-04-14 10:20:26 +00:00
Corinna Vinschen 29b6b8ca64 * security.cc (set_nt_attribute): Only call get_nt_object_security
if handle is NULL.
2004-04-13 20:45:14 +00:00
Corinna Vinschen 854c870051 * dir.cc (mkdir): Call set_file_attribute with additional handle
argument.
	* fhandler.cc (fhandler_base::fchmod): New method.
	* fhandler.h: Declare fchmod method in fhandler_base,
	fhandler_disk_file and fhandler_virtual.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): New method.
	(fhandler_base::open_fs): Call set_file_attribute with additional
	handle argument.
	* fhandler_virtual.cc (fhandler_virtual::fchmod): New method.
	* path.cc (symlink_worker): Call set_file_attribute with additional
	handle argument.
	* security.cc (get_nt_object_security): New function.
	(get_nt_object_attribute): Call get_nt_object_security.
	(set_nt_attribute): Add handle argument.  Call get_nt_object_security
	first, read_sd only if that fails.
	(set_file_attribute): Add handle argument.
	* security.h (set_file_attribute): Declare with additional handle
	argument.
	* syscalls.cc (stat_suffixes): Move to beginning of file.
	(chown_worker): Call set_file_attribute with additional handle argument.
	(chmod): Reorganize to call fhandler's fchmod method eventually.
	(fchmod): Ditto.
2004-04-13 20:36:58 +00:00
Corinna Vinschen 71ffba498c * autoload.cc (NtQuerySecurityObject): Add.
* ntdll.h (STATUS_BUFFER_TOO_SMALL): Add definition.
	(NtQuerySecurityObject): Add declaration.
	* security.cc (get_nt_object_attribute): Always use
	NtQuerySecurityObject to retrieve security descriptor.
2004-04-13 12:14:59 +00:00
Corinna Vinschen 00dd058f7e * security.cc (get_file_attribute): Fix conditional. 2004-04-09 07:55:56 +00:00
Corinna Vinschen a9a5b2eab0 * fhandler.cc (fhandler_base::open): Set query access mode according
to query_open setting.
	(fhandler_base::fhandler_base): Initialize query_open.
	* fhandler.h (FH_QUERYOPEN): Drop.
	(enum query_state): Add.
	(class fhandler_base): Add query_open member.
	(fhandler_base::get_query_open): Redefine to use query_open.
	(fhandler_base::set_query_open): Ditto.
	* fhandler_disk_file.cc (fhandler_base::fstat_fs): Remove O_DIROPEN
	from open_flags since it's added in open_fs anyway.  Remove
	query_open_already.  Use new query_open settings.  Rearrange slightly.
	(fhandler_base::fstat_helper): Add get_io_handle as parameter to
	get_file_attribute.
	* security.cc (get_nt_object_attribute): Make returning an int.
	Return -1 on error, 0 otherwise.
	(get_file_attribute): Take an object handle as argument. Move down
	to allow calling get_nt_object_attribute in case a non-NULL handle
	is given.
	* security.h (get_file_attribute): Add handle to argument list.
	* syscalls.cc (chown_worker): Accomodate new definition of
	get_file_attribute.
2004-04-08 07:57:28 +00:00
Corinna Vinschen 897c785600 * security.cc (get_nt_object_attribute): Fix error handling. 2004-02-11 17:54:34 +00:00
Christopher Faylor cec4879206 * debug.h (console_printf): Define for non-debugging condition.
* cygtls.h (_threadinfo::lock): Remove wait argument.
(_threadinfo::interrupt_setup): Remove retaddr argument.
* exceptions.cc (_threadinfo::interrupt_setup): Ditto.
(_threadinfo::interrupt_now): Accommodate change to interrupt_setup argument.
(setup_handler): Ditto.  Always lock sig stack prior to determining interrupt
method.
* gendef (_sigfe): Correct thinko regarding cmpxchg.
(_sigbe): Ditto.
(_threadinfo::lock): Ditto.
(_threadinfo::pop): Eliminate left-over stack unlock.
* sigproc.cc (proc_subproc): Chnage debugging output to printed warning.
2004-02-09 04:04:24 +00:00
Corinna Vinschen d82c6f474d * security.h (SID): New macro.
(well_known_*_sid): Change type to cygpsid.
	(cygsid::init): Delete declaration.
	* sec_helper.cc (well_known_*_sid): Define using above SID macro.
	(cygsid::init): Delete.
	* dcrt0.cc (dll_crt0_0): Do not call cygsid::init.
	* security.cc (get_user_local_groups): Change the second argument type
	to cygpsid.
2004-02-05 17:23:19 +00:00
Christopher Faylor 2e008fb91f Change use of BOOL, TRUE, FALSE to bool, true, false, as appropriate,
throughout.
* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity and edit
some comments.
* cygheap.h (init_cygheap::ctty): Add new element.
* devices.in (device::parse): Remove special handling for /dev/tty.
* devices.cc: Regenerate.
* dtable.cc (build_fh_pc): Don't reset /dev/tty device.  Let the device opener
do that.
* fhandler_termios.cc (tty_min::set_ctty): Redefine to _pinfo class.
* fhandler_tty.cc (fhandler_tty_common::set_close_on_exec): Avoid setting
noninherit flag for ctty.
* tty.h: Move BOOLs to bools.
(tty_min::set_ctty): Redeclare to _pinfo class.
* pinfo.cc (_pinfo::set_ctty): Define new function based on tty_min::set_ctty.
Change first argument from tty number to tty_min class.
* pinfo.h (_pinfo::set_ctty): Declare.
* fhandler_console.cc (fhandler_console::get_tty_stuff): Reflect move of
set_ctty to _pinfo class.
* fhandler_tty.cc (fhandler_tty_slave::open): Treat FH_TTY specially.  Use
saved cygheap value if it exists.  Otherwise convert to real device and save on
first time open.
(fhandler_tty_common::dup): Potentially set controlling tty if duping a slave
tty.
* syscalls.cc (setsid): Close controlling tty in cygheap.
* tty.cc: Change some BOOLs to bools.
2003-12-07 22:37:12 +00:00
Corinna Vinschen 145b4dc249 Substitute 0x7fffffff and 0xffffffff by INT32_MAX and UINT32_MAX
throughout, except in assembler code.
2003-12-03 16:35:52 +00:00
Corinna Vinschen 12069cf31b * dir.cc (mkdir): Use local security_descriptor. Call
set_security_attribute appropriately.
	* external.cc (cygwin_internal): Ditto.
	* fhandler.cc (fhandler_base::open): Ditto.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto.
	* path.cc (symlink_worker): Ditto.
	* sec_acl.cc (setacl): Ditto. Call read_sd appropriately.
	(getace): Ditto.
	* sec_helper.cc (security_descriptor::malloc): New method.
	(security_descriptor::realloc): New method.
	(security_descriptor::free): New method.
	* security.cc (read_sd): Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
	Allocate the security_descriptor buffer according to size returned by
	a call to GetFileSecurity. Return buffer size on success.
	(write_sd): Get security_descriptor as parameter instead of
	PSECURITY_DESCRIPTOR and a size.
	(get_nt_attribute): Use local security_descriptor.
	(get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY.
	Allocate security_descriptor buffer according to size returned by
	a call to RegGetKeySecurity.
	(alloc_sd): Make static. Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
	(set_security_attribute): Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size.
	(set_nt_attribute): Use local security_descriptor.
	(check_file_access): Ditto.
	* security.h: Add class security_descriptor.
	(read_sd): Change declaration to get security_descriptor as parameter
	instead of PSECURITY_DESCRIPTOR and a size.
	(write_sd): Ditto.
	(set_security_attribute): Ditto.
	(alloc_sd): Remove declaration.
	* thread.cc (semaphore::semaphore): Use local security_descriptor. Call
	set_security_attribute appropriately.
2003-11-26 13:23:27 +00:00
Corinna Vinschen 3db690789f * sec_acl.h (getace): Use FILE_*_BITS as permission mask.
* security.cc (get_attribute_from_acl): Ditto.
	* security.h (FILE_READ_BITS): Define to match also GENERIC bits.
	(FILE_WRITE_BITS): Ditto.
	(FILE_EXEC_BITS): Ditto.
2003-11-26 10:52:21 +00:00
Pierre Humblet 9808b5c420 2003-10-16 Pierre Humblet <pierre.humblet@ieee.org>
* syscalls.cc (seteuid32): Always construct a default DACL including
	the new sid, Admins and SYSTEM and copy it to the new thread token.
	* security.cc (create_token): Use a NULL default DACL in NtCreateToken.
2003-10-16 23:20:41 +00:00
Christopher Faylor cd2bce7142 * include/tzfile.h: Add some missing entries. 2003-09-25 03:51:51 +00:00
Christopher Faylor 7ac6173643 * devices.cc: New file.
* devices.gperf: New file.
* devices.shilka: New file.
* cygwin-gperf: New file.
* cygwin-shilka: New file.
* fhandler_fifo.cc: New file.
* fhandler_nodevice.cc : New file.  Reorganize headers so that path.h precedes
fhandler.h throughout.  Remove device argument and unit arguments from fhandler
constructors throughout.  Remove pc arguments to fhandler functions and use
internal pc element instead, throughout.  Use dev element in pc throughout.
Use major/minor elements rather than units and device numbers previously in
fhandler class.  Use correct methods for fhandler file names rather than
directly accessing file name variables, throughout.
* Makefile.in (DLL_OFILES): Add devices.o, fhandler_fifo.o
* dcrt0.cc (dll_crt0_1): Call device::init.
* devices.h: Renumber devices based on more Linux-like major/minor numbers.
Add more devices.  Declare standard device storage.
(device): Declare struct.
* dir.cc (opendir): Use new 'build_fh_name' to construct a fhandler_* type.
* dtable.cc (dtable::get_debugger_info): Ditto.
(cygwin_attach_handle_to_fd): Ditto.
(dtable::release): Remove special FH_SOCKET case in favor of generic
"need_fixup_before" test.
(dtable::init_std_file_from_handle): Use either build_fh_dev or build_fh_name
to build standard fhandler.
(dtable::build_fh_name): Renamed from dtable::build_fhandler_from_name.  Move
out of dtable class.  Don't accept a path_conv argument.  Just build it here
and pass it to:
(build_fh_pc): Renamed from dtable::build_fhandler.  Move out of dtable class.
Use intrinsic device type in path_conv to create new fhandler.
(build_fh_dev): Renamed from dtable::build_fhandler.  Move out of dtable class.
Simplify arguments to just take new 'device' type and a name.  Just return
pointer to fhandler rather than trying to insert into dtable.
(dtable::dup_worker): Accommodate above build_fh name changes.
(dtable::find_fifo): New (currently broken) function.
(handle_to_fn): Use strechr for efficiency.
* dtable.h: Reflect above build_fh name changes and argument differences.
(fhandler_base *&operator []): Return self rather than copy of self.
* fhandler.cc (fhandler_base::operator =): Use pc element to set normalized
path.
(fhandler_base::set_name): Ditto.
(fhandler_base::raw_read): Use method to access name.
(fhandler_base::write): Correctly use get_output_handle rather than get_handle.
(handler_base::device_access_denied): New function.
(fhandler_base::open): Eliminate pc argument and use pc element of
fhandler_base throughout.
(fhandler_base::fstat): Detect if device is based in filesystem and use
fstat_fs to calculate stat, if so.
(fhandler_base::fhandler_base): Eliminate handling of file names and, instead,
just free appropriate component from pc.
(fhandler_base::opendir): Remove path_conv parameter.
* fhandler.h: Remove all device flags.
(fhandler_base::pc): New element.
(fhandler_base::set_name): Change argument to path_conv.
(fhandler_base::error): New function.
(fhandler_base::exists): New function.
(fhandler_base::pc_binmode): New function.
(fhandler_base::dev): New function.
(fhandler_base::open_fs): New function.
(fhandler_base::fstat_fs): New function.
(fhandler_base::fstat_by_name): New function.
(fhandler_base::fstat_by_handle): New function.
(fhandler_base::isfifo): New function.
(fhandler_base::is_slow): New function.
(fhandler_base::is_auto_device): New function.
(fhandler_base::is_fs_special): New function.
(fhandler_base::device_access_denied): New function.
(fhandler_base::operator DWORD&): New operator.
(fhandler_base::get_name): Return normalized path from pc.
(fhandler_base::get_win32_name): Return windows path from pc.
(fhandler_base::isdevice): Renamed from is_device.
(fhandler_base::get_native_name): Return device format.
(fhandler_fifo): New class.
(fhandler_nodevice): New class.
(select_stuff::device_specific): Remove array.
(select_stuff::device_specific_pipe): New class element.
(select_stuff::device_specific_socket): New class element.
(select_stuff::device_specific_serial): New class element.
(select_stuff::select_stuff): Initialize new elements.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Move to base class
from fhandler_disk_file.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_base::fstat_by_name): Ditto.
(fhandler_disk_file::open): Move most functionality into
fhandler_base::open_fs.
(fhandler_base::open_fs): New function.
(fhandler_disk_file::close): Move most functionality into
fhandler_base::close_fs.
(fhandler_base::close_fs): New function.
* fhandler_mem.cc (fhandler_dev_mem::open): Use device name in debugging
output.
* fhandler_socket.cc (fhandler_socket::set_connect_secret): Copy standard
urandom device into appropriate place.
(fhandler_socket::accept): Reflect change in fdsock return value.
* fhandler_tty.cc: See "throughouts" above.
* net.cc: Accommodate fdsock change throughout.
(fdsock): Return success or failure, accept fd argument and device argument.
* path.cc (symlink_info::major): New element.
(symlink_info::minor): New element.
(symlink_info::parse_device): Declare new function.
(fs_info::update): Accommodate changes in path_conv class.
(path_conv::fillin): Ditto.
(path_conv::return_and_clear_normalized_path): Eliminate.
(path_conv::set_normalized_path): New function.
(path_conv::path_conv): Set info in dev element.  Use path_conv methods Check
for FH_FS rather than FH_BAD to indicate when to fill in filesystem stuff.
where appropriate rather than direct access.  Use set_normalized_path to set
normalized path.
(windows_device_names): Eliminate.
(get_dev): Ditto.
(get_raw_device_number): Ditto.
(get_device_number): Ditto.
(win32_device_name): Call new device name parser to do most of the heavy
lifting.
(mount_info::conv_to_win32_path): Fill in dev field as appropriate.
(symlink_worker): Handle new device files.
(symlink_info::check): Ditto.
(symlink_info::parse_device): Define new function.
* path.h (executable_states): Move here from fhandler.h.
(fs_info): Rename variables to *_storage and create methods for accessing same.
(path_conv): Add dev element, remove devn and unit and adjust inline methods to
accommodate.
(set_normalized_path): Declare new function.
* pinfo.cc (_pinfo::commune_recv): Add broken support for handling fifos.
(_pinfo::commune_send): Ditto.
* pipe.cc (fhandler_pipe::close): check for existence of handle before closing
it.
(handler_pipe::create): Rename from make_pipe.  Change arguments to accept
fhandler_pipe array.  Accommodate fifos.
(pipe): Rework to deal with fhandler_pipe::create changes.
(_pipe): Ditto.
* select.cc: Use individual device_specific types throughout rather than
indexing with obsolete device number.
(set_bits): Use is_socket call rather than checking device number.
* shared_info.h (CURR_MOUNT_MAGIC): Update.
(conv_to_win32_path): Reflect addition of device argument.
* syscalls.cc (mknod_worker): New function.
(open): Use build_fh_name to build fhandler.
(chown_worker): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(chmod_device): New function.
(chmod): Detect if this is an 'auto' device rather than an on-filesystem device
and handle appropriately.  Use chmod_device to set mode of in-filesystem
devices.
(stat_worker): Eliminate path_conv argument.  Call build_fh_name to construct
fhandler.  Use fh->error() rather than pc->error to detect errors in fhandler
construction.
(access_worker): New function pulled from access.  Accommodate in-filesystem
devices.
(access): Use access_worker.
(fpathconf): Detect if this is an 'auto' device rather than an on-filesystem
device and handle appropriately.
(mknod_worker): New function.
(mknod32): New function.
(chroot): Free normalized path -- assuming it was actually cmalloced.
* tty.cc (create_tty_master): Tweak for new device class.
(tty::common_init): Ditto.
* winsup.h (stat_worker): Remove.
(symlink_worker): Declare.
* exceptions.cc (set_process_mask): Just call sig_dispatch_pending and don't
worry about pending_signals since sig_dispatch_pending should always do the
right thing now.
(sig_handle): Reorganize SIGCONT handling to more closely conform to SUSv3.
* pinfo.h: Move __SIG enum to sigproc.h.
(PICOM_FIFO): New enum element.
(_pinfo): Remove 'thread2signal' stuff throughout class.
(_pinfo::commune_send): Make varargs.
(_pinfo::sigtodo): Eliminate.
(_pinfo::thread2signal): Ditto.
* signal.cc (kill_worker): Eliminate call to setthread2signal.
* sigproc.cc (local_sigtodo): Eliminate.
(getlocal_sigtodo): Ditto.
(sigelem): New class.
(pending_signals): New class.
(sigqueue): New variable, start of sigqueue linked list.
(sigcatch_nonmain): Eliminate.
(sigcatch_main): Eliminate.
(sigcatch_nosync): Eliminate.
(sigcomplete_nonmain): Eliminate.
(pending_signals): Eliminate.
(sig_clear): Call signal thread to clear pending signals, unless already in
signal thread.
(sigpending): Call signal thread to get pending signals.
(sig_dispatch_pending): Eliminate use of pending_signals and just check
sigqueue.
(sigproc_terminate): Eliminate all of the obsolete semaphore stuff.  Close
signal pipe handle.
(sig_send): Eliminate all of the obsolete semaphore stuff and use pipe to send
signals.
(getevent): Eliminate.
(pending_signals::add): New function.
(pending_signals::del): New function.
(pending_signals::next): New function.
(wait_sig): Eliminate all of the obsolete semaphore stuff.  Use pipe to
communicate and maintain a linked list of signals.
* sigproc.h: Move __SIG defines here.  Add __SIGPENDING.
(sig_dispatch_pending): Remove "C" specifier.
(sig_handle): Accept a mask argument.
* thread.cc: Remove signal handling considerations throughout.
2003-09-25 00:37:18 +00:00
Pierre Humblet c61ada9bd3 2003-09-15 Pierre Humblet <pierre.humblet@ieee.org>
* security.h (__sec_user): Add "access2" argument.
	(sec_acl): Add "original" and "access2" arguments.
	(sec_user): Add "sid2" and "access2" argument. Remove dependence on
	allow_ntsec.
	(sec_user_nih): Ditto.
	* sec_helper.cc (__sec_user): Add "has_security" test.
	Call sec_acl with new arguments, letting it handle original_sid.
	(sec_acl): Add "original" and "access2" arguments. Handle original_sid
	depending on flag but avoiding duplicates. Use "access2" for sid2.
	* pinfo.cc (pinfo::init): Use security attributes created by sec_user
	when creating the mapping.
	* security.cc (create_token): Adjust arguments in call to sec_acl.
	Call sec_user instead of __sec_user.
	* syscall.cc (seteuid32):  Adjust arguments in call to sec_acl. Remove
	now unnecessary test. Remove useless conversions to psid.
	* dcrt0.cc (dll_crt0_1): Call cygsid::init before pinfo_init.
2003-09-16 00:45:50 +00:00
Christopher Faylor df04ae29b2 * exceptions.cc (ctrl_c_handler): Send SIGHUP when events occur only if there
is a tty associated with the process.  Send SIGHUP on CTRL_LOGOFF_EVENT.
* fhandler_tty.cc (fhandler_tty_slave::open): Adjust console open handle
counter regardless of whether this is a pty or tty.
(fhandler_tty_slave::open): Ditto.
(fhandler_tty_slave::dup): Ditto.
(fhandler_tty_common::set_close_on_exec): Ditto.
(fhandler_tty_master::init_console): Decrement console open handle counter
after init since it will now be handled by all tty open.
* syscalls.cc (setsid): Rework debugging output slightly.
2003-07-26 04:53:59 +00:00
Pierre Humblet b4ece40c0f 2003-07-18 Pierre Humblet <pierre.humblet@ieee.org>
* security.cc (verify_token): Fix white space and style.
        Use type bool instead of BOOL and char. Use alloca
        instead of malloc and free for my_grps.
2003-07-18 02:14:42 +00:00
Corinna Vinschen ea3ba11499 * cygheap.h (class cygheap_user): Use INVALID_HANDLE_VALUE as invalid
value for tokens.
	* syscalls.cc (seteuid32): Ditto.  Set new_token to process token if
	process token is suitable.
	* uinfo.cc (uinfo_init): Initialize tokens in cygheap user info
	to INVALID_HANDLE_VALUE.

	* cygheap.h (enum impersonation): Delete.
	(cygheap_user::impersonation_state): Delete.
	(cygheap_user::current_token): New.
	(cygheap_user::issetuid): Modify to use current_token.
	(cygheap_user::token): Ditto.
	(cygheap_user::deimpersonate): Ditto.
	(cygheap_user::reimpersonate): Ditto.
	(cygheap_user::has_impersonation_tokens): Ditto.
	(cygheap_user::close_impersonation_tokens): Ditto.
	* security.cc (cygwin_set_impersonation_token): Always set the token.
	(verify_token): Change type of gsid to cygpsid.
	(get_file_attribute): Use the effective ids.
	* syscalls.cc (seteuid32): Modify to use cygheap_user::current_token.
	* uinfo.cc (uinfo_init) Do not set cygheap->user.impersonation_state.
2003-07-14 17:04:21 +00:00
Christopher Faylor 3872e9a419 * Makefile.in: Remove cygserver stuff.
* acconfig.h: Add USE_CYGSERVER define.
* config.h.in: Regenerate.
* configure.in: Add --enable-server setting.
* configure: Regenerate.
* fhandler_tty.cc (fhandler_tty_slave::open): Conditionalize compilation of
cygserver stuff.
* fork.cc (fork_child): Ditto.
* shm.cc: Ditto.
* tty.cc (tty::common_init): Ditto.
* dcrt0.cc: Use bool rather than BOOL for CYGWIN environment variable
definitions.
* environ.cc: Ditto.
* ntea.cc: Ditto.
* security.cc: Ditto.
* security.h: Ditto.
* syscalls.cc (check_posix_perm): Remove externs that were already declared in
a header.
* winsup.h: Ditto.  Declare _MT_SAFE here.  Delete it someday since cygwin
should always be _MT_SAFE.
2003-07-02 03:16:00 +00:00
Corinna Vinschen 70249d5687 * cygheap.h (enum impersonation): New enum.
(cygheap_user::token): Delete.
	(cygheap_user::impersonated): Delete.
	(cygheap_user::external_token): New member.
	(cygheap_user::internal_token): New member.
	(cygheap_user::impersonation_state): New member.
	(cygheap_user::issetuid): Modify.
	(cygheap_user::token): New method.
	(cygheap_user::deimpersonate): New method.
	(cygheap_user::reimpersonate): New method.
	(cygheap_user::has_impersonation_tokens): New method.
	(cygheap_user::close_impersonation_tokens): New method.
	* dtable.cc (dtable::vfork_child_dup): Use new cygheap_user methods.
	* fhandler_socket.cc (fhandler_socket::dup): Ditto.
	* fork.cc (fork_child): Ditto.
	(fork_parent): Ditto.
	* grp.cc (internal_getgroups): Ditto.
	* security.cc (verify_token): Ditto.
	(check_file_access): Ditto.
	(cygwin_set_impersonation_token): Detect conflicts. Set
	user.external_token.
	* spawn.cc (spawn_guts): Use new cygheap_user methods.
	* syscalls.cc (seteuid32): Rearrange to use the two tokens
	in cygheap_user.
	(setegid32): Use new cygheap_user methods.
	* uinfo.cc: (internal_getlogin): Ditto.
2003-06-30 13:07:36 +00:00
Christopher Faylor c433f4617f Throughout, remove "include <errno.h>" from files which already include
cygerrno.h.
* include/cygwin/config.h (__DYNAMIC_REENT__): Define.
* include/cygwin/version.h: Bump API minor version.
* cygwin.din: Export __getreent
* cygerrno.h: Include errno.h.  Fix places where _impure_ptr is used directly
to store the errno value.
* debug.cc (__set_errno): Ditto.
* errno.cc: Remove _RRENT_ONLY define to get errno.cc compiled.
* signal.cc: Rename _reent_clib to _REENT throughout.
* thread.h (reent_clib): Remove prototype.
* thread.cc (reent_clib): Rename reent_clib to __getreent.  Return _impure_ptr
until MTinterface is initialized.
(reent_winsup): Fix a possible SEGV when _r == NULL.  Return NULL instead.
* MTinterface::fixup_after_fork: Switch reent back to _impure_ptr to keep
signal handling running when fork is called from a thread other than the
mainthread.
2003-06-16 03:24:13 +00:00
Corinna Vinschen 2e23862a8a * security.cc (get_info_from_sd): New function.
(get_nt_attribute): Only call read_sd and get_info_from_sd.
	Return void.
	(get_file_attribute): Move sd error handling to get_info_from_sd.
	and symlink handling to fhandler_disk_file::fstat_helper.
	(get_nt_object_attribute): Only call read_sd and get_info_from_sd.
	Return void.
	(get_object_attribute): Remove symlink handling and simply return -1
	when ntsec is off.
	* fhandler_disk_file.cc (fhandler_disk_file::fstat_helper): For
	symlinks set the attribute, call get_file_attribute to get the ids
	and return.  In the normal case call get_file_attribute with the
	addresses of the buffer ids and do not recheck if the file is a socket.
2003-04-11 09:38:07 +00:00
Corinna Vinschen 2d388e433f * fhandler.cc (fhandler_base::fstat): Set the uid and gid fields
from the current effective ids.
	* fhandler_socket.cc (fhandler_socket::fstat): Keep the uid and gid set
	by fhandler_base::fstat.
	* security.cc (get_nt_attribute): Do not test wincap.has_security ().
	(get_nt_object_attribute): Ditto.
	(get_file_attribute): Add test for wincap.has_security ().
	(get_object_attribute): Ditto.
2003-04-01 17:17:46 +00:00
Corinna Vinschen 98b36ec8ed * autoload.cc: added RegGetKeySecurity()
* security.cc (get_nt_object_attribute): use RegGetKeySecurity() for
	performance.
2003-03-27 09:40:25 +00:00
Corinna Vinschen b1897d27a8 * fhandler_disk_file.cc (fhandler_disk_file::fstat_helper): Fix
wrong usage of S_IFDIR.
	* security.cc (get_attribute_from_acl): Ditto.
	(get_file_attribute): Fix wrong usage of S_IFLNK.
	(get_object_attribute): Ditto.
	(alloc_sd): Fix wrong usage of S_IFDIR.
	* syscalls.cc (chmod): Allow chmod'ing of socket files.
2003-03-19 21:34:38 +00:00
Corinna Vinschen 556ceaeb58 * sec_acl.cc (setacl): Don't handle DELETE flag specially.
* security.cc (alloc_sd): Ditto.
2003-03-10 16:25:48 +00:00
Christopher Faylor a113a3c540 whitespace cleanup 2003-03-09 20:31:07 +00:00
Corinna Vinschen cf762b08cf * dtable.cc (dtable::build_fhandler_from_name): Set some fhandler
data on sockets to evaluate AF_LOCAL sockets correctly.
	(dtable::build_fhandler): Set unit number on sockets.
	* fhandler.h (fhandler_socket): Add unit number.
	(fhandler_socket::get_unit): New method.
	* fhandler_socket.cc (fhandler_socket::fhandler_socket): Set unit
	number.
	(fhandler_socket::fstat): Reorganize to return more Linux-like
	values.
	* net.cc: include ctype.h.
	(fdsock): Set unit number when building fhandler.
	* path.cc (path_conv::check): Set device type to FH_SOCKET if file
	is a AF_UNIX socket.
	(get_devn): Evaluate unit for virtual socket devices.
	(win32_device_name): Set windows path for sockets to unix_path with
	just backslashes to keep the different names.
	* syscalls.cc (fstat64): Don't override st_ino, st_dev and st_rdev
	for sockets.
	(stat_worker): Ditto.

From Pierre Humblet:

	* autoload.cc (AccessCheck): Add.
	(DuplicateToken): Add.
	* security.h (check_file_access): Declare.
	* syscalls.cc (access): Convert path to Windows, check existence
	and readonly attribute. Call check_file_access instead of acl_access.
	* security.cc (check_file_access): Create.
	* sec_acl (acl_access): Delete.
2003-02-21 14:29:18 +00:00
Christopher Faylor 407b8df695 * include/cygwin/in.h (in_attr_t): Define new type.
* include/arpa/inet.h (inet_addr): Change return type to in_addr_t.
(inet_lnaof): Ditto.
(inet_netof): Ditto.
(inet_network): Ditto.
* include/cygwin/types.h: Move many *_t typedefs here.  Protect them with
ifdefs.
* fhandler_disk_file.cc (fhandler_disk_file::fstat): Change ntsec_atts to
mode_t.
* security.cc (get_attribute_from_acl): Accept mode_t attribute.
(get_nt_attribute): Ditto.
(get_file_attribute): Ditto.
(get_nt_object_attribute): Ditto.
(get_object_attribute): Ditto.
* security.h: Reflect above changes.
* syscalls.cc (chown_worker): Change attrib to mode_t.
2003-02-10 22:43:29 +00:00
Corinna Vinschen 62cd433e98 * sec_acl.cc (setacl): Move all permission settings to beginning of
loop.  Set default rights to same values as in alloc_sd().  Set DELETE
	for owner and default owner only if S_IWOTH is given.

	* sec_acl.cc: Change all  __aclent16_t to  __aclent32_t except in
	wrapper function definitions. Replace call to the aclXYZ functions by
	calls aclXYZ32.
	(searchace): Change type of third argument to __uid32_t and use
	ILLEGAL_UID instead of -1;
	(setacl): Remove some initializations. Only give STANDARD_RIGHTS_WRITE
	for S_IWOTH. Replace -1 by ILLEGAL_UID.
	(getacl): Change type of owner_sid, group_sid and ace_sid to cygpsid.
	In last else clause, suppress second call to ace_sid.get_id and use
	TRUE in first call. Replace EqualSid by ==.
	(acl_access): Call internal_getgroups in USER and GROUP cases.
	(acecmp: Define static.
	(acl32): Create from 16 bit type.
	(facl32): Ditto.
	(lacl32): Ditto.
	(aclcheck32): Ditto.
	(aclsort32): Ditto.
	(acltomode32): Ditto.
	(aclfrommode32): Ditto.
	(acltopbits32): Ditto.
	(aclfrompbits32): Ditto.
	(acltotext32): Ditto.
	(aclfromtext32): Ditto, and use strechr.
	(acl16to32): Create.
	(acl): Make it a wrapper function.
	(facl): Ditto.
	(lacl): Ditto.
	(aclcheck): Ditto.
	(aclsort): Ditto.
	(acltomode): Ditto.
	(aclfrommode): Ditto.
	(acltopbits): Ditto.
	(aclfrompbits): Ditto.
	(acltotext): Ditto.
	(aclfromtext): Ditto.
	* security.cc (write_sd): Call set_process_privilege and check
	ownership.
	(alloc_sd): Remove call to set_process_privilege and the owner check.
2003-02-05 16:15:22 +00:00
Corinna Vinschen 0c8455c344 * sec_helper.cc (get_sids_info): New function.
* security.cc (extract_nt_dom_user): Simplify with strechr.
	(get_user_groups): Initialize glen to MAX_SID_LEN.
	(get_user_local_groups): Ditto.
	(get_attribute_from_acl): Define ace_sid as cygpsid.
	(get_nt_attribute): Define owner_sid and group_sid as cygpsid.
	Call get_sids_info instead of cygsid.get_{u,g}id and is_grp_member.
	(get_nt_object_attribute): Ditto.
	(alloc_sd): Define ace_sid as cygpsid.
2003-02-05 13:47:47 +00:00
Corinna Vinschen 3dbafd873e * path.cc (symlink): Create security attributes so that only the
user can modify the symlink.
	* security.cc (set_security_attribute): Remove symlink special
	handling.
2003-02-04 19:26:01 +00:00
Corinna Vinschen 153e83c605 * security.h: Add third argument to set_process_privilege.
* autoload.cc: Add OpenThreadToken.
	* sec_helper.cc (set_process_privilege): Add and use use_thread
	argument.
	* security.cc (alloc_sd): Modify call to set_process_privilege.
	Remember the result in each process. If failed and file owner is not
	the user, fail.
2003-02-03 15:55:20 +00:00
Christopher Faylor 9a75162166 * uinfo.cc (pwdgrp::load): Regularize strace output. Add warning for
CreateFile failure.
2003-01-26 06:42:40 +00:00
Corinna Vinschen ab2dbccc11 * sec_acl.cc (search_ace): Use id == -1, instead of < 0, as wildcard.
(setacl): Start the search for a matching default at the next entry.
	Invalidate the type of merged entries instead of clearing it.
	Use well_known_creator for default owner and owning group and do
	not try to merge non-default and default entries in these cases.
	(getacl): Recognize well_known_creator for default owner and group.
	(acl_worker): Improve errno settings and streamline the nontsec case.
	* security.cc (write_sd): Remove the call to set_process_privilege.
	(alloc_sd): If the owner changes, call set_process_privilege and return
	immediately on failure. Change inheritance rules: on new directories add
	inherit only allow ACEs for creator_owner, creator_group and everyone.
	Preserve all inheritances through chmod and chown calls. Introduce
	isownergroup to implement the uid == gid case, to keep the inheritance
	code simple. Do not initialize owner_sid and group_sid and stop using
	the variable psd.
2003-01-12 11:38:51 +00:00
Corinna Vinschen 3eb27a4e9e * security.cc (get_nt_attribute): Always return -1 when read_sd()
fails.
	(get_file_attribute): Set permissions to 0 and owner/group to -1
	if security descriptor is unreadable.
2003-01-09 11:44:17 +00:00
Corinna Vinschen 6e8a0232df * security.cc (get_user_local_groups): Use LookupAccountSid to find the
local equivalent of BUILTIN.
2002-12-14 16:57:25 +00:00
Corinna Vinschen d6ffc07588 2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by
	pwdgrp_check::isinitializing ().
	(pwdgrp_check::isinitializing): Create.
	* passwd.cc (grab_int): Change type to unsigned, use strtoul and
	set the pointer content to 0 if the field is invalid.
	(parse_pwd): Move validity test after getting pw_gid.
	(read_etc_passwd): Replace "passwd_state <= " by
	passwd_state::isinitializing ().
	(internal_getpwuid): Ditto.
	(internal_getpwnam): Ditto.
	(getpwent): Ditto.
	(getpass): Ditto.
	* grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity.
	(read_etc_group): Replace "group_state <= " by
	group_state::isinitializing ().
	(internal_getgrgid): Ditto.
	(getgrent32): Ditto.
	(internal_getgrent): Ditto.

2002-12-10  Pierre Humblet <pierre.humblet@ieee.org>

	* security.h: Move declarations of internal_getgrent,
	internal_getpwsid and internal_getgrsid to pwdgrp.h.
	* pwdgrp.h: Declare internal_getpwsid, internal_getpwnam,
	internal_getpwuid, internal_getgrsid, internal_getgrgid,
	internal_getgrnam, internal_getgrent and internal_getgroups.
	Delete "emulated" from enum pwdgrp_state.
	(pwdgrp_check::isuninitialized): Create.
	(pwdgrp_check::pwdgrp_state): Change state to initializing
	rather than to uninitialized.
	(pwdgrp_read::gets): Remove trailing CRs.
	* passwd.cc (grab_string): Don't look for NLs.
	(grab_int): Ditto.
	(parse_pwd): Don't look for CRs. Return 0 if entry is too short.
	(search_for): Delete.
	(read_etc_passwd): Simplify tests to actually read the file.
	Set state to loaded before making internal_getpwXX calls.
	Replace search_for calls by equivalent internal_pwgetXX calls.
	(internal_getpwsid): Use passwd_state.isuninitialized to decide
	to call read_etc_passwd.
	(internal_getpwuid): Create.
	(internal_getpwnam): Create.
	(getpwuid32): Simply call internal_getpwuid.
	(getpwuid_r32): Call internal_getpwuid.
	(getpwnam): Simply call internal_getpwnam.
	(getpwnam_r): Call internal_getpwnam.
	* grp.cc (parse_grp): Don't look for CRs. Adjust blank space.
	(add_grp_line): Adjust blank space.
	(class group_lock): Ditto.
	(read_etc_group): Simplify tests to actually read the file.
	Set state to loaded before making internal_getgrXX calls.
	Replace getgrXX calls by equivalent internal calls.
	(internal_getgrsid): Use group_state.isuninitialized to decide
	to call read_etc_group.
	(internal_getgrgid): Create.
	(internal_getgrnam): Create.
	(getgroups32): Simply call internal_getgrgid.
	(getgrnam32): Simply call internal_getgrnam.
	(internal_getgrent): Call group_state.isuninitialized.
	(internal_getgroups): Create from the former getgroups32, using
	two of the four arguments. Set gid to myself->gid and username
	to cygheap->user.name ().
	(getgroups32): Simply call internal_getgroup.
	(getgroups): Call internal_getgroup instead of getgroups32.
	(setgroups32): Call internal versions of get{pw,gr}XX.
	* sec_helper.cc: Include pwdgrp.h.
	(is_grp_member): Call internal versions of get{pw,gr}XX.
	* security.cc: Include pwdgrp.h.
	(alloc_sd): Call internal versions of get{pw,gr}XX.
	* syscalls.cc: Include pwdgrp.h.
	(seteuid32): Call internal versions of get{pw,gr}XX.
	(setegid32): Ditto.
	* uinfo.cc: Include pwdgrp.h.
	(internal_getlogin): Call internal versions of get{pw,gr}XX.
	(cygheap_user::ontherange): Ditto.
	* sec_acl.cc: Include pwdgrp.h.
	(setacl): Call internal versions of get{pw,gr}XX.
	(acl_access): Ditto and simplify logic.
	(aclfromtext): Ditto.
2002-12-10 12:43:49 +00:00
Corinna Vinschen dbcb75780a * security.cc (get_attribute_from_acl): Always test "anti",
just in case an access_denied ACE follows an access_allowed.
	Handle the case owner_sid == group_sid, with a FIXME.
	Remove unnecessary tests for non-NULL PSIDs.
	(alloc_sd): Use existing owner and group sids if {ug}id == -1.
	Handle case where owner_sid == group_sid.
	Do not call is_grp_member. Try to preserve canonical ACE order.
	Remove unnecessary tests for non-NULL PSIDs. Reorganize
	debug_printf's.
	(get_initgroups_sidlist): Put well_known_system_sid on left
	side of ==.
	(add_access_denied_ace): Only call GetAce if inherit != 0.
	(add_access_allowed_ace): Ditto. Use appropriate sizeof.
	* syscalls.cc (chown_worker): Pass {ug}id equal to -1 to
	alloc_sd, which removes the need to obtain old_{ug}id.
	(chmod): Remove call to get_file_attribute (), simply pass
	{ug}id equal to -1 to alloc_sd.
2002-11-20 09:23:21 +00:00
Christopher Faylor 329b9ead3e * sec_helper.cc (cygsid::get_id): If the sid matches a sid stored in
cygheap->user, return the uid or gid from myself.
* security.cc (alloc_sd): If gid == myself->gid, return the group sid from
cygheap->user.  Remove the test for uid == original_uid, which is
counter-productive.
2002-10-22 16:22:10 +00:00
Christopher Faylor f70389b541 Remove \n from calls to strace class printfs throughout. 2002-09-30 04:35:18 +00:00
Christopher Faylor f789fbbf35 * security.cc (allow_ntsec): Default to zero.
* environ.cc (environ_init): Set allow_ntsec to TRUE by default, assuming OS
allows it.
2002-09-30 03:05:13 +00:00
Christopher Faylor c90e1cf179 * fhandler.cc (fhandler_base::dup): Don't set handle on failure. Caller has
already taken care of that.
* fhandler_console.cc (fhandler_console::open): Initialize handles to NULL.
(fhandler_console::close): Ditto.  GNUify non-GNU formatted functions calls
throughout.
2002-09-22 03:38:57 +00:00
Christopher Faylor 5bf785a017 * cygthread.cc (cygthread::initialized): Avoid copying on fork or some threads
may not end up in the pool.
(cygthread::new): Avoid race when checking for initialized.  Add debugging
code.
* fhandler.cc (fhandler_base::raw_read): Add case for ERROR_INVALID_HANDLE due
to Win95 directories.
(fhandler_base::open): Handle errors due to Win95 directories.
(fhandler_base::close): Add get_nohandle () test.
(fhandler_base::set_close_on_exec): Ditto.
(fhandler_base::fork_fixup): Ditto.
(fhandler_base::lock): Change error code to Posix EINVAL.
(fhandler_base::dup): If get_nohandle (), set new value to INVALID_HANDLE_VALUE
instead of NULL.
* fhandler_disk_file.cc (fhandler_disk_file::fstat): Call fstat_by_name if
get_nohandle ().  Remove extraneous element from strpbrk.
(fhandler_disk_file::open): Remove test for Win95 directory.
* fhandler_random.cc (fhandler_dev_random::open): Add set_nohandle ().
* fhandler_clipboard.cc (fhandler_dev_clipboard::open): Ditto.
* fhandler_zero.cc (fhandler_dev_zero::open): Ditto.
(fhandler_dev_zero::close): Delete.
* fhandler.h (class fhandler_dev_zero): Ditto.
2002-09-19 03:30:20 +00:00
Corinna Vinschen 5a8746b732 * grp.cc (initgroups): Call groups::clear_supp to free the
supplementary group sids that may have been set by setgroups.
	* security.cc (cygsidlist::free_sids): Also zero the class members.
	* security.h (groups::clear_supp): New.
	Rename cygsidlist_unknown to cygsidlist_empty.
2002-09-11 10:37:11 +00:00
Corinna Vinschen 38170b13ea * sec_acl.cc (getacl): Check ace_sid == well_known_world_sid
before owner_sid and group_sid so that well_known_world_sid
	means "other" even when owner_sid and/or group_sid are Everyone.
	* security.cc (get_attribute_from_acl): Created from code common
	to get_nt_attribute() and get_nt_object_attribute(), with same
	reordering as in getacl() above.
	(get_nt_attribute): Call get_attribute_from_acl().
	(get_nt_object_attribute): Ditto.
2002-08-26 09:56:06 +00:00
Corinna Vinschen 23d93d8db7 * security.cc (verify_token): Do not reject a token just because
the supplementary group list is missing Everyone or a groupsid
	equal to usersid, or because the primary group is not in the token,
	as long as it is equal to the usersid.
	* syscalls.cc (seteuid32): Use common code for all successful returns.
	* grp.cc (getgroups32): Never includes Everyone in the output.
2002-08-02 11:00:18 +00:00
Corinna Vinschen 5519d54352 * security.cc: Change some formatting.
* include/cygwin/version.h: Bump API minor version.

        * cygheap.h (class cygheap_user): Add member groups.
        * security.h (class cygsidlist): Add members type and maxcount,
        methods position, addfromgr, alloc_sids and free_sids and
        operator+= (const PSID psid). Modify contains () to call
        position () and optimize add () to use maxcount.
        (class user_groups): Create.
        Update declarations of verify_token and create_token.
        * security.cc (cygsidlist::alloc_sids): New.
        (cygsidlist::free_sids): New.
        (get_token_group_sidlist): Create from get_group_sidlist.
        (get_initgroups_sidlist): Create from get_group_sidlist.
        (get_group_sidlist): Suppress.
        (get_setgroups_sidlist): Create.
        (verify_token): Modify arguments. Add setgroups case.
        (create_token): Modify arguments. Call get_initgroups_sidlist and
        get_setgroups_sidlist as needed. Set SE_GROUP_LOGON_ID from auth_pos
        outside of the loop. Rename the various group sid lists consistently.
        * syscalls.cc (seteuid32): Modify to use cygheap->user.groups.
        (setegid32): Call cygheap->user.groups.update_pgrp.
        * grp.cc (setgroups): Create.
        (setgroups32): Create.
        * uinfo.cc (internal_getlogin): Initialize and update user.groups.pgsid.
        * cygwin.din: Add setgroups and setgroups32.
2002-07-29 12:51:52 +00:00
Christopher Faylor 68fb3cca64 * security.cc (allow_ntsec): Default to on.
(allow_smbntsec): Default to off.
2002-07-25 17:04:13 +00:00
Corinna Vinschen fdb93cd2e1 * security.cc (get_group_sidlist): Create group list from /etc files
even if DC is available but access fails.
2002-07-23 14:34:27 +00:00
Christopher Faylor 44480f46ea white space 2002-07-19 23:48:17 +00:00
Corinna Vinschen 095a1272e8 * security.cc (get_unix_group_sidlist): Create.
(get_supplementary_group_sidlist): Evolve into get_unix_group_sidlist.
	(get_user_local_groups): Add check for duplicates.
	(get_user_primary_group): Suppress.
	(get_group_sidlist): Silently ignore PDC unavailability.
	Call get_unix_group_sidlist() before get_user_local_groups().
	Remove call to get_supplementary_group_sidlist(). Never call
	get_user_primary_group() as the passwd group is always included.
	Add well_known_authenticated_users_sid in only one statement.
2002-07-19 15:04:18 +00:00