Commit Graph

146 Commits

Author SHA1 Message Date
Corinna Vinschen 02373d8bec Cygwin: seteuid: work with password-less user switch as well
The previous patch failed with password-less auth because in
that case the return code from get_server_groups wasn't tested.
Fix that.  Also make sure that get_server_groups does not
check if the account is disabled or locked out when just fetching
the group list for initgroups or getgrouplist.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-01-24 21:20:09 +01:00
Corinna Vinschen 859d215b7e Cygwin: split out fhandler_socket into inet and local classes
First cut, still incomplete

* fhandler_socket is now base class for other socket classes
* fhandler_socket_inet handles AF_INET and AF_INET6 sockets
* fhandler_socket_local handles AF_LOCAL/AF_UNIX sockets
* finally get rid of fdsock by using set_socket_handle in accept4
* align file-related calls (fstat,  fstatvfs, fchown, fchmod, facl)
  to Linux.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-02-21 21:40:01 +01:00
Corinna Vinschen 76f06705be cygwin: convert most #ifndef __x86_64__ to #ifdef __i386__
Address the real offender

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2017-11-27 14:36:06 +01:00
Corinna Vinschen 3e8f833df0 Fix outdated S_JUSTCREATED comment
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-08-19 16:27:07 +02:00
Corinna Vinschen 00e9bf2bb3 Fix various OS-related comments
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-24 23:32:39 +02:00
Corinna Vinschen 6e623e9320 Switching the Cygwin DLL to LGPLv3+, dropping commercial buyout option
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.

Everything else stays under GPLv3+.

New Linking Exception exempts resulting executables from LGPLv3 section 4.

Add CONTRIBUTORS file to keep track of licensing.

Remove 'Copyright Red Hat Inc' comments.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-06-23 10:09:17 +02:00
Corinna Vinschen 018fa93e2b Add cygsid methods to create SIDs from scratch
So far creating cygsids requires to generate an "S-1-..." string
which is then converted to a SID by cygsid::getfromstr.

Add two new methods:

- cygsid::create (DWORD auth, DWORD subauth_count, ...)

    ... is a variable length list of subauth_count DWORD values being
    the actual subauths.

- cygsid::append (DWORD rid)

    allows to append a single RID to an alreaday constituted SID.

	* security.h (cygsid::create): Declare public.
	(cygsid::append): Ditto.
	* sec_helper.cc (cygsid::create): Implement.
	(cygsid::append): Implement.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Use both new
	methods as appropriate.  Drop setting csid from string.  Create
	SID strings for printing SIDs only.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-03-12 16:39:19 +01:00
Corinna Vinschen ac4648c13e Treat ACLs with extra ACEs for Admins and SYSTEM like a trivial ACL
POSIX.1e requires that chmod changes the MASK rather than the
	GROUP_OBJ value if the ACL is non-trivial.

	On Windows, especially on home machines, a standard ACL often
	consists of entries for the user, maybe the group, and additional
	entries for SYSTEM and the Administrators group.  A user calling
	chmod on a file with bog standard Windows perms usually expects
	that chmod changes the GROUP_OBJ perms, but given the rules from
	POSIX.1e we can't do that.

	However, since we already treat Admins and SYSTEM special in a
	ACL (they are not used in MASK computations) we go a step in the
	Windows direction to follow user expectations.  If an ACL only
	consists of the three POSIX permissions, plus entries for Admins
	and SYSTEM *only*, then we change the permissions of the GROUP_OBJ
	entry *and* the MASK entry.

	* fhandler_disk_file.cc (fhandler_disk_file::chmod): Drop unused
	code.  Add special handling for a "standard" Windows ACL.  Add
	comment to explain.
	* sec_acl.cc (get_posix_access): Allow to return "standard-ness"
	of an ACL to the caller.  Add preceeding comment to explain a bit.
	* security.h (get_posix_access): Align prototype.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-01-28 22:05:49 +01:00
Corinna Vinschen 911808dd5e Fix permission evaluation for !new_style ACLs
* security.h (authz_get_user_attribute): Declare bool.
	* sec_helper.cc (authz_ctx::get_user_attribute): Make bool method.
	Set S_IxOTH bits in returned attributes rather than S_IxUSR bits.
	(authz_get_user_attribute): Make bool function.
	* sec_acl.cc (get_posix_access): Introduce cygsid array to keep
	track of all SIDs in the ACL.  Move AuthZ calls into !new_style
	permission post processing.  When not using AuthZ, use
	CheckTokenMembership to collect group permissions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:30:38 +01:00
Corinna Vinschen 42fad6ffa5 Add Authz class to compute exact POSIX user perms in a security descriptor
* autoload.cc (AuthzAccessCheck): Import.
	(AuthzFreeContext): Import.
	(AuthzInitializeContextFromSid): Import.
	(AuthzInitializeContextFromToken): Import.
	(AuthzInitializeResourceManager): Import.
	* sec_helper.cc (get_sids_info): Remove.
	(class authz_ctx_cache_entry): New class.
	(class authz_ctx_cache): New class.
	(class authz_ctx): New class.
	(authz_get_user_attribute): New function.
	* security.h (get_sids_info): Drop prototype.
	(authz_get_user_attribute): Add prototype.
	* winlean.h (_AUTHZ_): Define.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:28:33 +01:00
Corinna Vinschen bc444e5aa4 Reapply POSIX ACL changes.
- New, unified implementation of POSIX permission and ACL handling.  The
    new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
    they allow to inherit the S_ISGID bit.  ACL inheritance now really
    works as desired, in a limited, but theoretically equivalent fashion
    even for non-Cygwin processes.

    To accommodate Windows default ACLs, the new code ignores SYSTEM and
    Administrators group permissions when computing the MASK/CLASS_OBJ
    permission mask on old ACLs, and it doesn't deny access to SYSTEM and
    Administrators group based on the value of MASK/CLASS_OBJ when
    creating the new ACLs.

    The new code now handles the S_ISGID bit on directories as on Linux:
    Setting S_ISGID on a directory causes new files and subdirs created
    within to inherit its group, rather than the primary group of the user
    who created the file.  This only works for files and directories
    created by Cygwin processes.

2015-05-29  Corinna Vinschen  <corinna@vinschen.de>

	Reapply POSIX ACL changes.

	* utils.xml (setfacl): Show new option output.
	(getfacl): Show new option output.

	* sec_acl.cc (get_posix_access): Check for Cygwin "standard" ACL.
	Apply umask, if so.  Align comments.
	* security.cc (set_created_file_access): Fix permission masking by
	incoming requested file mode.

	* sec_acl.cc (set_posix_access): Apply mask only in terms of execute bit
	for SYSTEM and Admins group.

	* sec_acl.cc (set_posix_access): Don't create DENY ACEs for USER and
	GROUP entries if they are the same as USER_OBJ or GROUP_OBJ.

	* fhandler.h (fhandler_pty_slave::facl): Add prototype.
	* fhandler_tty.cc (fhandler_pty_slave::facl): New method.
	(fhandler_pty_slave::fchown): Fix uid/gid handling.
	* sec_acl.cc (set_posix_access): Drop superfluous class_idx variable.
	Simplify and move around code in a few places.  To improve ACL
	readability, add r/w permissions to Admins ACE appended to pty ACL.
	Add comment to explain Windows ACE Mask filtering being in the way of
	creating a real CLASS_OBJ.
	(get_posix_access): Fake CLASS_OBJ for ptys.  Explain why.
	* security.cc (get_object_attribute): Add S_IFCHR flag to attributes
	when calling get_posix_access.

	* sec_acl.cc (set_posix_access): Move merging group perms into owner
	perms in case of owner == group after mask has been computed.  Take
	mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.

	* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
	the ACCESS_ALLOWED_ACE.

	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Deliberatly
	set GROUP_OBJ and CLASS_OBJ perms to new group perms.  Add comment
	to explain why.
	* security.cc (set_created_file_access): Ditto.

	* sec_acl.cc (set_posix_access): Replace previous patch.  Return
	EINVAL if uid and/or guid is invalid and not backed by an actual
	Windows account.

	* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.

	* sec_acl.cc (set_posix_access): Handle files with owner == group.
	Rephrase switch statement checking against unfiltered a_type value.
	(get_posix_access): Handle files with owner == group.

	* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
	CLASS_OBJ mask on old-style ACLs.  Fix a comment.

	* sec_acl.cc (set_posix_access): Always make sure Admins have
	WRITE_DAC and WRITE_OWNER permissions.
	* security.h (create_object_sd_from_attribute): Drop handle parameter
	from prototype.
	* security.cc (create_object_sd_from_attribute): Drop handle parameter.
	Just create the standard POSIXy security descriptor.
	(set_object_attribute): Accommodate dropped paramter in call to
	create_object_sd_from_attribute.
	* fhandler_tty.cc: Ditto, throughout.

	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Fix typo in
	mask computation.

	* fhandler.cc (fhandler_base::open_with_arch): Call open with mode
	not umasked.
	(fhandler_base::open): Explicitely umask mode on NFS here.  Call new
	set_created_file_access rather than set_file_attribute.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Reimplement
	setting permissions on filesystems supporting ACLs using the new
	set_posix_access call.
	(fhandler_disk_file::fchown): Ditto.
	(fhandler_disk_file::mkdir): Call new set_created_file_access rather
	than set_file_attribute.
	* fhandler_socket.cc (fhandler_socket::bind): Don't umask here.  Add
	WRITE_OWNER access to allow writing group in case of SGID bit set.
	Call new set_created_file_access rather than set_file_attribute.
	* path.cc (symlink_worker): Call new set_created_file_access rather
	than set_file_attribute.
	* sec_acl.cc (searchace): Un-staticize.
	(set_posix_access): New, complementary functionality to
	get_posix_access.
	(setacl): Implement in terms of get_posix_access/set_posix_access.
	(get_posix_access): Add handling for just created files requiring
	their first Cygwin ACL.  Fix new_style recognition.  Handle SGID
	bit.  For old-style ACLs, ignore SYSTEM and Administrators when
	computing the {DEF_}CLASS_OBJ perms.
	* security.cc (get_file_sd): Revamp comment.  Change and (hopefully)
	speed up inheritance processing for just created files.
	(alloc_sd): Remove.
	(set_security_attribute): Call set_posix_access instead of alloc_sd.
	(get_object_attribute): Fix return value.
	(create_object_sd_from_attribute): Call set_posix_access instead of
	alloc_sd.
	(set_file_attribute): Remove.
	(set_created_file_access): New function implemented in terms of
	get_posix_access/set_posix_access.
	* security.h (set_file_attribute): Remove prototype.
	(set_created_file_access): Add prototype.
	(searchace): Ditto.
	(set_posix_access): Ditto.
	* syscalls.cc (open): Call open_with_arch with mode not umasked.

	* sec_acl.cc: Change preceeding comment explaining new-style ACLs.
	Describe how to generate deny ACEs in more detail.  Accommodate the
	fact that a NULL deny ACE is used for {DEF_}CLASS_OBJ, rather than
	a special Cygwin ACE.  Improve further comments.
	(CYG_ACE_NEW_STYLE): Define.
	(get_posix_access): Change from Cygwin ACE to NULL deny ACE.  Fix
	CLASS_OBJ handling to generate CLASS_OBJ and DEF_CLASS_OBJ from a single
	NULL deny ACE if the inheritance flags say so.
	* sec_helper.cc (well_known_cygwin_sid): Remove.
	* security.h (well_known_cygwin_sid): Drop declaration.

	* sec_acl.cc (CYG_ACE_ISBITS_TO_WIN): Fix typo.
	(get_posix_access): Rename index variable from i to idx.  Define only
	once at top level.

	* security.cc (add_access_allowed_ace): Drop unused parameter "offset".
	Accommodate throughout.
	(add_access_denied_ace): Ditto.
	* sec_acl.cc: Accommodate above change throughout.
	* security.h (add_access_allowed_ace): Adjust prototype to above change.
	(add_access_denied_ace): Ditto.

	* sec_acl.cc (get_posix_access): Handle multiple ACEs for the
	owner and primary group of the file.  Handle the default primary
	group ACE as DEF_GROUP_OBJ entry if the directory has the S_ISGID bit
	set.  Add comments.  Minor code rearrangements.

	Preliminary read side implementation of new permission handling.
	* acl.h (MAX_ACL_ENTRIES): Raise to 2730.  Add comment to explain.
	* sec_acl.cc:  Add leading comment to explain new ACL style.
	Add definitions and macros to use for bits in new Cygwin ACL.
	(DENY_RWX): New mask value for all temporary deny bits.
	(getace): Add bool parameter to decide when leaving all bits intact,
	rather than filtering them per the already set bits.
	(get_posix_access): New function, taking over functionality to read
	POSIX ACL from SECURITY_DESCRIPTOR.
	(getacl): Just call get_posix_access.
	* sec_helper.cc (well_known_cygwin_sid): Define.
	* security.cc (get_attribute_from_acl): Remove.
	(get_info_from_sd): Remove.
	(get_reg_sd): Call get_posix_access instead of get_info_from_sd.
	(get_file_attribute): Ditto.
	(get_object_attribute): Ditto.
	* security.h (well_known_cygwin_sid): Declare.
	(get_posix_access): Add prototype.

	* Throughout, use simpler ACE macros from Windows' accctrl.h.

	* getfacl.c (main): Special-case SYSTEM and Admins group.  Add comments.

	* setfacl.c: Align more to Linux tool.
	(delacl): New function to delete acl entries only.
	(modacl): Drop delete functionality.  Add handling of recomputing the
	mask and default mask values.
	(delallacl): Rename from delacl.
	(setfacl): Call delacl in Delete case.  Call delallacl in DeleteAll
	and DeleteDef case.
	(usage): Accommodate new options.  Rearrange and rephrase slightly.
	(longopts): Emit 'x' in --delete case.  Add --no-mask and --mask
	options.
	(opts): Add -x and -n options.
	(main): Handle -d and -x the same.  Handle -n and --mask options.
	Drop handling for -r option.

	* getfacl.c (usage): Align more closely to Linux version.  Add new
	options -c, -e, -E.  Change formatting to accommodate longer options.
	(longopts): Rename --noname to --numeric.  Keep --noname for backward
	compatibility.  Add --omit-header, --all-effective and --no-effective
	options.
	(opts): Add -c, -e and -E option.
	(main): Handle new -c, -e, and -E options.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-11-18 22:27:54 +01:00
Corinna Vinschen 4a9636b1d6
Implmenet faster getfrompw/getfromgr
* grp.cc (pwdgrp::parse_group): Call cygsid::getfromgr_passwd.
	* passwd.cc (pwdgrp::parse_passwd): Call cygsid::getfrompw_gecos.
	* pwdgrp.h (cygsid::getfrompw): Implement as inline method here,
	accessing pg_pwd's sid member directly.
	(cygsid::getfromgr): Implement as inline method here, accessing
	pg_grp's sid member directly.
	* sec_auth.cc (extract_nt_dom_user): Call cygsid::getfrompw_gecos.
	Explain why.
	* sec_helper.cc (cygsid::getfrompw): Drop implementation.
	(cygsid::getfromgr): Ditto.
	* security.h (cygsid::getfrompw_gecos): Implement former getfrompw
	inline here.
	(cygsid::getfromgr_passwd): Implement former getfromgr inline here.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-18 17:15:27 +01:00
Corinna Vinschen 1d91d469ee
Drop unneeded passwd argument from security functions
* sec_auth.cc (get_server_groups): Drop unused passwd argument.  Adjust
	calls throughout.
	(get_initgroups_sidlist): Ditto.
	(get_setgroups_sidlist): Ditto.
	(create_token): Ditto.
	(lsaauth): Ditto.
	* security.h (create_token): Adjust prototype to above change.
	(lsaauth): Ditto.
	(get_server_groups): Ditto.
	* grp.cc (get_groups): Adjust call to get_server_groups.
	* syscalls.cc (seteuid32): Adjust calls to lsaauth and create_token.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-03-18 16:54:19 +01:00
Corinna Vinschen f485f16276 * sec_auth.cc (get_logon_server): Constify domain parameter.
* security.h (get_logon_server): Same in prototype.
2015-01-21 16:31:38 +00:00
Corinna Vinschen 41f77e25f1 * autoload.cc (CreateProfile): Import.
(LoadUserProfileW): Import.
	* registry.cc (get_registry_hive_path): Move to sec_auth.cc.
	(load_registry_hive): Remove.
	* registry.h (get_registry_hive_path): Drop declaration.
	(load_registry_hive): Ditto.
	* sec_auth.cc (get_user_profile_directory): Moved from registry.cc and
	renamed.  Take third parameter with buffer length.
	(load_user_profile): New function taking over for load_registry_hive.
	Use official functions to load profile.  If profile is missing, create
	it on Vista and later.
	* security.h (get_user_profile_directory): Declare.
	(load_user_profile): Declare.
	* syscalls.cc (seteuid32): Replace call to load_registry_hive with call
	to load_user_profile.
	* uinfo.cc (cygheap_user::env_userprofile): Replace call to
	get_registry_hive_path with call to get_user_profile_directory.
2014-12-02 10:49:47 +00:00
Corinna Vinschen 898e26c82f * cygheap.h (class cygheap_domain_info): Remove lowest_tdo_posix_offset.
* ldap.cc (cyg_ldap::fetch_posix_offset_for_domain): Return UINT32_MAX
	in case of error.
	* security.h (PRIMARY_POSIX_OFFSET): Define.
	(NOACCESS_POSIX_OFFSET): Define.
	(UNUSABLE_POSIX_OFFSET): Define.
	* uinfo.cc (cygheap_domain_info::init): Drop initializing
	lowest_tdo_posix_offset.
	(pwdgrp::fetch_account_from_file): Set PosixOffset to either
	UNUSABLE_POSIX_OFFSET or NOACCESS_POSIX_OFFSET in case we don't get a
	sensible offset from AD.  Explain why.  Drop setting ch
	lowest_tdo_posix_offset.
	(pwdgrp::fetch_account_from_windows): Replace constant 0x100000 with
	PRIMARY_POSIX_OFFSET throughout.
2014-07-29 08:53:13 +00:00
Corinna Vinschen fc3a3524b2 * security.h (MAX_SUBAUTH_CNT): Drop. Use SID_MAX_SUB_AUTHORITIES
instead throughout.
	(MAX_SID_LEN): Drop.  Use SECURITY_MAX_SID_SIZE instead throughout.
2014-05-06 12:28:33 +00:00
Corinna Vinschen 439b7db785 * grp.cc (internal_getgroups): Drop unused cygsid variable.
* sec_helper.cc (cygpsid::pstring): Use sid_sub_auth_count macro.
	(cygsid::get_sid): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
	Don't call memcpy to copy subauthorities into SID, use assignment.
	(cygsid::getfromstr): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
	* security.h (MAX_SUBAUTH_CNT): New definition.  Set to 11 to cover
	Microsoft Accounts.
	(MAX_SID_LEN): Define in terms of SID member sizes and MAX_SUBAUTH_CNT.
	(DBGSID): Use MAX_SUBAUTH_CNT to define size of SubAuthority array.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle Micosoft
	Accounts.  Handle them as well known group.  Compare domain names
	case-insensitive.
	* winlean.h (PIPE_REJECT_REMOTE_CLIENTS): Drop temporary definition
	since Mingw64 catched up.
	(DNLEN): Redefine as 16.  Explain why.
2014-05-06 12:02:48 +00:00
Corinna Vinschen 29adfd78bd * passwd.cc (pg_ent::enumerate_builtin): Convert pwd_builtins and
grp_builtins to array of cygpsid pointers.  Replace SID strings with
	pointers to well known SIDs.
	* sec_helper.cc (well_known_local_service_sid): Define.
	(well_known_network_service_sid): Define.
	(trusted_installer_sid): Define.
	* security.h (well_known_local_service_sid): Declare.
	(well_known_network_service_sid): Declare.
	(trusted_installer_sid): Declare.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Throughout set acc_type
	to SidTypeUnknown if LookupAccountXXX function failed.  Create
	simplified passwd entry for non-user accounts, except for LocalSystem.
	Add comment.
2014-03-06 18:54:08 +00:00
Corinna Vinschen b39fa2c88d * autoload.cc (CheckTokenMembership): Import.
* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id.
	* grp.cc (internal_getgrsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_group_from_windows.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(gr_ent::enumerate_local): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(getgroups32): Rename from internal_getgroups and drop getgroups32 stub.
	Drop srchsid parameter and code handling it.  Add local cyg_ldap
	instance and forward to internal_getgrXXX.
	(getgroups): Call getgroups32.
	(get_groups): Add local cyg_ldap instance and forward to
	internal_getgrXXX.
	(getgrouplist): Ditto.
	(setgroups32): Ditto.
	* ldap.cc (cyg_ldap::open): Don't call close.  Return true if connection
	is already open.
	(cyg_ldap::remap_uid): Forward this to internal_getpwsid.
	(cyg_ldap::remap_gid): Forward this to internal_getgrsid.
	* passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer.
	Forward to pwdgrp::add_user_from_windows.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(pg_ent::enumerate_builtin): Drop ugid_caching bool from call to
	pwdgrp::fetch_account_from_windows.
	(pg_ent::enumerate_sam): Ditto.
	(pg_ent::enumerate_ad): Ditto.  Forward local cldap instead.
	* pwdgrp.h (internal_getpwsid): Align declaration to above change.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(internal_getgrsid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgroups): Drop declaration.
	(pwdgrp::add_account_from_windows): Align declaration to below change.
	(pwdgrp::add_user_from_windows): Ditto.
	(pwdgrp::add_group_from_windows): Ditto.
	* sec_acl.cc (setacl): Add local cyg_ldap instance and forward to
	internal_getpwuid and internal_getgrgid.
	(getacl): Add local cyg_ldap instance and forward to cygpsid::get_id.
	(aclfromtext32): Add local cyg_ldap instance and forward to
	internal_getpwnam and internal_getgrnam.
	* sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer.
	Forward to internal_getgrsid and internal_getpwsid.
	(get_sids_info): Drop ldap_open.  Forward local cldap to
	internal_getpwsid and internal_getgrXXX.  Call CheckTokenMembership
	rather than internal_getgroups.
	* security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default
	parameter.
	(cygpsid::get_uid): Add cyg_ldap pointer.  Call get_id accordingly.
	(cygpsid::get_gid): Ditto.
	* uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward
	to internal_getpwXXX and internal_getgrXXX calls.
	(pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer.
	Forward to pwdgrp::fetch_account_from_windows.
	(fetch_posix_offset): Drop ldap_open argument and handling.  Get
	cyg_ldap instance as pointer.
	(pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer.
	Use it if it's not NULL, local instance otherwise.  Drop ldap_open.
	Drop fetching extended group arguments from AD for speed.
2014-02-27 12:57:27 +00:00
Corinna Vinschen 1e705e2932 * miscfuncs.h (NT_readline::close): New function to close handle.
(NT_readline::~NT_readline): Call close.
	* sec_auth.cc (verify_token): Use constructor to initialize tok_usersid.
	* security.h (cygsid::cygsid): Add copy constructor taking cygsid as
	source.
2014-02-16 16:02:18 +00:00
Corinna Vinschen 1ca20a1cd2 Introduce reading passwd/group entries from SAM/AD. Introduce
/etc/nsswitch.conf file to configure it.
	* Makefile.in (DLL_OFILES): Add ldap.o.
	* autoload.cc: Import ldap functions from wldap32.dll.
	(DsEnumerateDomainTrustsW): Import.
	(NetGroupGetInfo): Import.
	* cygheap.h (class cygheap_domain_info): New class to keep global
	domain info.
	(class cygheap_pwdgrp): New class to keep passwd/group caches and
	configuration info from /etc/nssswitch.conf.
	(struct init_cygheap): Add cygheap_domain_info member "dom" and
	cygheap_pwdgrp member "pg".
	* cygtls.h (struct _local_storage): Remove unused member "res".
	Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
	passwd/group fetching from SAM/AD.  Make pw_pos and pw_pos unsigned.
	* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
	uid/gid mapping.
	* fhandler_process.cc: Drop including pwdgrp.h.
	* fhandler_procsysvipc.cc: Ditto.
	* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
	to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
	* grp.cc (group_buf): Drop.
	(gr): Drop.
	(pwdgrp::parse_group): Fill pg_grp.
	(pwdgrp::read_group): Remove.
	(pwdgrp::init_grp): New method.
	(pwdgrp::prep_tls_grbuf): New method.
	(pwdgrp::find_group): New methods.
	(internal_getgrsid): Convert to call new pwdgrp methods.
	(internal_getgrnam): Ditto.
	(internal_getgrgid): Ditto.
	(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
	(getgrgid32): Ditto.
	(getgrnam_r): Ditto for internal_getgrnam.
	(getgrnam32): Ditto.
	(getgrent32): Convert to call new pwdgrp methods.
	(internal_getgrent): Remove.
	(internal_getgroups): Simplify, especially drop calls to
	internal_getgrent.
	* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
	and RFC 2307 server.
	* ldap.h: New header, declaring cyg_ldap class.
	* passwd.cc (passwd_buf): Drop.
	(pr): Drop.
	(pwdgrp::parse_passwd): Fill pg_pwd.
	(pwdgrp::read_passwd): Remove.
	(pwdgrp::init_pwd): New method.
	(pwdgrp::prep_tls_pwbuf): New method.
	(find_user): New methods.
	(internal_getpwsid): Convert to call new pwdgrp methods.
	(internal_getpwnam): Ditto.
	(internal_getpwuid): Ditto.
	(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
	(getpwuid_r): Ditto.
	(getpwnam): Ditto for internal_getpwnam.
	(getpwnam_r): Ditto.
	(getpwent): Convert to call new pwdgrp methods.
	* path.cc (class etc): Remove all methods.
	* path.h (class etc): Drop.
	* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
	than UNKNOWN_GID.
	(pinfo_init): Ditto.
	* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
	(internal_getpwuid): Ditto.
	(internal_getgrgid): Ditto.
	(internal_getgrnam): Ditto.
	(internal_getgrent): Drop declaration.
	(enum fetch_user_arg_type_t): New type.
	(struct fetch_user_arg_t): New type.
	(struct pg_pwd): New type.
	(struct pg_grp): New type.
	(class pwdgrp): Rework to provide functions for file and db requests
	and caching.
	(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
	(ugid_cache): Declare.
	* sec_acl.cc: Drop including pwdgrp.h.
	* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
	(get_logon_server): Convert third parameter to ULONG flags argument
	to allow arbitrary flags values in DsGetDcNameW call and change calls
	to this function throughout.  Use cached account domain name rather
	than calling GetComputerNameW.
	(get_unix_group_sidlist): Remove.
	(get_server_groups): Drop call to get_unix_group_sidlist.
	(verify_token): Rework token group check without calling
	internal_getgrent.
	* sec_helper.cc (cygpsid::pstring): New methods, like string() but
	return pointer to end of string.
	(cygsid::getfromstr): Add wide character implementation.
	(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
	* security.cc: Drop including pwdgrp.h.
	* security.h (DEFAULT_UID): Remove.
	(UNKNOWN_UID): Remove.
	(UNKNOWN_GID): Remove.
	(uinfo_init): Move here from winsup.h.
	(ILLEGAL_UID): Ditto.
	(ILLEGAL_GID): Ditto.
	(UNIX_POSIX_OFFSET): Define.  Add lengthy comment.
	(UNIX_POSIX_MASK): Ditto.
	(MAP_UNIX_TO_CYGWIN_ID): Ditto.
	(ILLEGAL_UID16): Move here from winsup.h.
	(ILLEGAL_GID16): Ditto.
	(uid16touid32): Ditto.
	(gid16togid32): Ditto.
	(sid_id_auth): New convenience macro for SID component access.
	(sid_sub_auth_count): Ditto.
	(sid_sub_auth): Ditto.
	(sid_sub_auth_rid): Ditto.
	(cygpsid::pstring): Declare.
	(cygsid::getfromstr): Declare wide character variant.
	(cygsid::operator=): Ditto.
	(cygsid::operator*=): Ditto.
	(get_logon_server): Change declaration according to source code.
	* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
	call.
	* shared.cc (memory_init): Call cygheap->pg.init in first process.
	* syscalls.cc: Drop including pwdgrp.h.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Ditto.
	* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
	call.  Fix debug output.  Overwrite user gid in border case of a
	missing passwd file while a group file exists.
	(pwdgrp::add_line): Allocate memory on cygheap.
	(pwdgrp::load): Remove.
	(ugid_cache): Define.
	(cygheap_pwdgrp::init): New method.
	(cygheap_pwdgrp::nss_init_line): New method.
	(cygheap_pwdgrp::_nss_init): New method.
	(cygheap_domain_info::init): New method.
	(logon_sid): Define.
	(get_logon_sid): New function.
	(pwdgrp::add_account_post_fetch): New method.
	(pwdgrp::add_account_from_file): New methods.
	(pwdgrp::add_account_from_windows): New methods.
	(pwdgrp::check_file): New method.
	(pwdgrp::fetch_account_from_line): New method.
	(pwdgrp::fetch_account_from_file): New method.
	(pwdgrp::fetch_account_from_windows): New method.
	* winsup.h: Move aforementioned macros and declarations to security.h.
2014-02-09 19:44:56 +00:00
Corinna Vinschen 76e4f83fc6 * security.h (open_local_policy): Remove declaration.
(lsa_open_policy): Declare.
	(lsa_close_policy): Declare.
	* sec_auth.cc (lsa_open_policy): Rename from open_local_policy.  Take
	server name as parameter.  Return NULL in case of error, rather than
	INVALID_HANDLE_VALUE.
	(lsa_close_policy): Rename from close_local_policy.  Make externally
	available.  Get handle by value.
	(create_token): Convert call to open_local_policy/close_local_policy
	according to aforementioned changes.
	(lsaauth): Ditto.
	(lsaprivkeyauth): Ditto.
	* setlsapwd.cc (setlsapwd): Ditto.
2014-01-23 17:02:30 +00:00
Corinna Vinschen 9ecd475cd8 * autoload.cc (CreateSymbolicLink): Define.
* environ.cc (set_winsymlinks): Set allow_winsymlinks.
	(parse_thing): Change "winsymlinks" to set by function.
	* globals.cc (enum winsym_t): Define.
	(allow_winsymlinks): Define as winsym_t.
	(ro_u_afs): New R/O Unicode string.
	* mount.cc (fs_info::update): Fix comment.  Handle AFS.
	(fs_names): Add "afs".
	* mount.h (enum fs_info_type): Add afs.
	(class fs_info): Implement afs.
	* path.cc (symlink): Drop third parameter in call to symlink_worker.
	(symlink_nfs): New function.
	(symlink_native): New function.
	(symlink_worker): Drop third argument.  Handle native symlink type by
	calling symlink_native.  Move code to handle NFS to symlink_nfs.  Fix
	formatting.  Slightly restructure code.
	* path.h (class path_conv): Add fs_is_afs method.
	(symlink_worker): Declare here.
	* security.h: Define privilege constants as unsigned int instead of as
	unsigned long.
	* syscalls.cc (mknod_worker): Set third parameter in symlink_worker
	call to WSYM_lnk.
	* winsup.h (symlink_worker): Drop declaration here.
2013-04-24 10:16:13 +00:00
Corinna Vinschen 61522196c7 * Merge in cygwin-64bit-branch. 2013-04-23 09:44:36 +00:00
Christopher Faylor 6e75c72b89 Throughout, change __attribute__ ((regparm (N))) to just __regN. Throughout,
(mainly in fhandler*) start fixing gcc 4.7.2 mismatch between regparm
definitions and declarations.
* gendef: Define some functions to take @ declaration to accommodate _regN
defines which use __stdcall.
* gentls_offsets: Define __regN macros as empty.
* autoload.cc (wsock_init): Remove unneeded regparm attribute.
* winsup.h (__reg1): Define.
(__reg2): Define.
(__reg3): Define.
* advapi32.cc (DuplicateTokenEx): Coerce some initializers to avoid warnings
from gcc 4.7.2.
* exceptions.cc (status_info): Declare struct to use NTSTATUS.
(cygwin_exception::dump_exception): Coerce e->ExceptionCode to NTSTATUS.
* fhandler_clipboard.cc (cygnativeformat): Redefine as UINT to avoid gcc 4.7.2
warnings.
(fhandler_dev_clipboard::read): Ditto.
2013-01-21 04:34:52 +00:00
Christopher Faylor c3a4634985 Revert the reversion and go with implementation described in cgf-000017, with
some modifications.
* init.cc (dll_entry): Revert previous change.
* miscfuncs.cc: Include sigproc.h for exit_thread declaration.
* winsup.h (ExitThread): Define as 'exit_thread' to ensure no accidental use.
* sigproc.cc (exit_thread): New function.
(wait_sig): Handle __SIGTHREADEXIT case.  Don't just block rather than
returning from this function.
* sigproc.h (__SIGTHREADEXIT): New enum.
(exit_thread): Declare.
* sync.cc (muto::release): Accept a tls command-line argument.
* sync.h (muto::release): Accept a tls command-line parameter.  Default to
&_my_tls.
* cygerrno.h (__set_errno): Define as extern so that no function code is ever
emitted.
* cygserver_ipc.h (cygserver_ipc.h): Ditto.
* miscfuncs.h (transform_chars): Ditto.
* path.h (has_attribute): Ditto.
* security.h (privilege_luid): Ditto.
* winsup.h (flush_file_buffers): Ditto.
2012-12-21 21:30:56 +00:00
Christopher Faylor 962f9a2ccc * DevNotes: Add entry cgf-000013.
* cygserver_ipc.h (ipc_set_proc_info): Use _cygtls::ipc_set_proc_info to set
per-thread signal arrived value.
* cygthread.cc (cygthread::detach): Use per-thread signal_arrived via
set_thread_waiting.
* fork.cc (_cygtls::fixup_after_fork): Clear signal_arrived.
(_cygtls::remove): Close any signal_arrived handle when thread exists.
(_cygtls::find_tls): Remove unneeded function.
* cygtls.h: Update copyright.
(class _cygtls): Reorganize to help avoid rebuilding newlib when structure
changes.
(_cygtls::event): Delete.
(_cygtls::threadkill): Ditto.
(_cygtls::signal_waiting): Declare new bool.
(_cygtls::find_tls): Delete declaration.
(_cygtls::set_threadkill): Ditto.
(_cygtls::reset_threadkill): Ditto.
(_cygtls::set_signal_arrived): Declare new function.
(class set_thread_waiting): Declare new class.
* cygwait.cc (cw_nowait_storage): Define.
(cygwait): Set per-thread signal_arrived via set_thread_waiting.  Don't
special-case _main_tls.
* cygwait.h (cw_nowait): Define.
(cw_infinite): Ditto.
(cygwait): Redefine pathological wait-only case.
* dcrt0.cc (dll_crt0_0): Remove call to now-defunct events_init().
(dll_crt0_1): Remove call to now-defunct create_signal_arrived().
* exceptions.cc: Reflect set_signal_mask() argument reordering throughout.
Remove signal mask synchronization throughout.
(events_init): Delete definition.
(mask_sync): Delete now-unneeded mask synchronization.
(set_signal_mask): Reverse order of arguments to "standard" to, from layout.
Rename "newmask" argument to "setmask".  Remove debugging.
(sig_handle_tty_stop): Use cancelable_wait rather than WFMO.
(_cygtls::interrupt_setup): Don't treat "threadkill" events specially.
Conditionally set signal_arrived depending on whether the thread has created it
or not.
(sigpacket::process): Reorganize to reflect thread-specific sending of signals
which is more in line with the way it was actually supposed to work.
* fhandler_socket.cc (get_inet_addr): Use cancelable_wait rather than
IsEventSignalled to avoid potential race.
(fhandler_socket::wait_for_events): Set signal_arrived event using
set_thread_waiting().
(fhandler_socket::close): Use cygwait for the case of just waiting 10 ms for a
signal.
* fhandler_tape.cc (fhandler_dev_tape::_lock): Use cancelable_wait rather than
WFMO.  Redo switch/case tests accordingly.
* fhandler_termios.cc (fhandler_termios::bg_check): Use cygwait for case of
just waiting 0 ms for a potential signal.
* fhandler_tty.cc (fhandler_pty_master::process_slave_output): Use
cancelable_wait rather than WFSO.
* fhandler_windows.cc (fhandler_windows::read): Set per-thread signal_arrived
via set_thread_waiting().
* flock.cc (lf_setlock): Ditto.
* select.cc (pselect): Ditto.  Set per-thread signal_arrived using
set_thread_waiting().
* gendef: Don't special case handling of _cygtls::sig for threads.
* gentls_offsets: Use #pragma once in tlsoffsets.h.
* ntdll.h: Use #pragma once.
* poll.cc: Reflect set_signal_mask() argument reordering.
* posix_ipc.cc (ipc_mutex_lock): Use cancelable_wait rather than WFMO.
(ipc_cond_timedwait): Set perl-thread signal arrived using
set_thread_waiting().
* security.h: Use #pragma once.
* signal.cc (abort): Reflect set_signal_mask() argument reordering.
(clock_nanosleep): Ditto.  Change call to cancelable_wait to properly specify
handling of cancel and interrupt.
(sigwaitinfo): Remove handling of per-thread event in favor of per-thread
signal_arrived.  Use cancelable_wait rather than WFSO.
* sigproc.cc (signal_arrived): Delete definition.
(create_signal_arrived): Ditto.
* sigproc.h (signal_arrived): Delete declaration.
(set_signal_mask): Avoid defining as a "C" function.  Don't conditionally
declare.
(create_signal_arrived): Delete declaration.
* syscalls.cc (rename): Use cygwait() rather than WFSO.
* thread.h (fast_mutex::lock): Use cw_infinite rather than LARGE_NULL.
* wait.cc (wait4): Ditto.
* thread.cc (pthread_mutex::lock): Ditto.
(pthread::join): Ditto.
(semaphore::_wait): Ditto.
(pthread_kill): Remove set_threadkill() accommodation.
* tlsoffsets.h: Regenerate.
2012-07-21 22:58:20 +00:00
Corinna Vinschen 115d74b99e * globals.cc (ro_u_refs): New R/O unicode string.
* mount.cc (fs_info::update): Recognize ReFS.
	* mount.h (enum fs_info_type): Add refs.
	(class fs_info): Add refs flag and accessor methods.
	* ntdll.h (RtlAddAccessAllowedAceEx): Declare.
	(RtlAddAccessDeniedAceEx): Declare.
	* path.h (path_conv::fs_is_refs): Define.
	* sec_helper.cc (_recycler_sd): New function to create security
	descriptors suitable for the recycler bin starting with Vista.
	* security.cc (add_access_allowed_ace): Use RtlAddAccessAllowedAceEx
	and drop code to set AceFlags explicitely.
	(add_access_denied_ace): Use RtlAddAccessDeniedAceEx and drop code to
	set AceFlags explicitely.
	* security.h (_recycler_sd): Declare.
	(recycler_sd): Define.
	* syscalls.cc (desktop_ini): Change formatting.
	(desktop_ini_ext): Define third line of recycler desktop.ini file
	since Vista,
	(try_to_bin): Handle ReFS just like NTFS.  Write Vista and later
	Recycler in all uppercase, just like shell32 does when recreating it.
	Fix comments to include ReFS.  Don't implicitely reuse object
	attributes from earlier NtOpenFile call, rather recreate it for safety.
	Use recycler_sd call when creating security descriptor for Recycler
	dirs and files on Vista and later.  Write third line of desktop.ini
	when on Vista and later.
2012-06-03 16:46:53 +00:00
Corinna Vinschen d560c4b2ba * security.h (cygsidlist::+=): Correctly copy well_known_sid info from
source cygsid.
2012-05-29 13:01:50 +00:00
Corinna Vinschen c52fd6cd47 * sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on
systems supporting it.  Never add SERVICE SID but keep code in for
	future reference.  Explain why.
	(get_priv_list): Add cygpsid pointer parameter.  Point it to the
	mandatory integrity SID which matches account and privileges.
	(create_token): Fetch mandatory integrity SID from call to
	get_priv_list.
	(lsaauth): Call get_priv_list with additional NULL pointer.  Change
	comment accordingly.
	* sec_helper.cc (well_known_console_logon_sid): New static SID.
	(cygpriv): Change to structure containing extra flag to store info
	about required integrity level.
	(privilege_luid): Accommodate changes to cygpriv.  Return integrity
	level in new high_integrity parameter.
	(privilege_name): Accommodate changes to cygpriv.
	(set_privilege): Drop trailing \n from debug output.
	(set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore
	since it's just not needed, but keep code in for future reference.
	Change comment accordingly.
	* security.h (well_known_console_logon_sid): Declare.
	(privilege_luid): Align declaration to above change.
	* wincap.h (wincaps::has_console_logon_sid): New element.
	* wincap.cc: Implement above element throughout.
2011-10-15 16:31:57 +00:00
Corinna Vinschen 5735d5f6f4 * advapi32.cc: Add comment.
(EqualSid): Remove.
	(CopySid): Remove.
	(AddAccessAllowedAce): Remove.
	(AddAccessDeniedAce): Remove.
	(MakeSelfRelativeSD): Remove.
	* flock.cc: Replace above functions throughout with their ntdll.dll
	equivalent.
	* sec_acl.cc: Ditto.
	* sec_auth.cc: Ditto.
	* sec_helper.cc: Ditto.
	* security.cc: Ditto.
	* security.h: Ditto.
	(RtlEqualSid): Declare.  Explain why.
	(RtlCopySid): Ditto.
2011-04-29 10:38:12 +00:00
Corinna Vinschen 99edadedc9 * sec_auth.cc (get_user_groups): Mark well-known groups as well-known.
(get_user_local_groups): Ditto.
	(verify_token): Drop useless label.
	* sec_helper.cc (cygsid::get_sid): Check for well-known SID if
	well_known isn't set.
	* security.h (well_known_sid_type): New inline function.
2011-04-04 09:00:02 +00:00
Corinna Vinschen 4e8f539f15 * flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use
instead of ACL_DEFAULT_SIZE.
	* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
	* security.h (ACL_DEFAULT_SIZE): Drop definition.
	(ACL_MAXIMUM_SIZE): Define.
	(SD_MAXIMUM_SIZE): Define.
	* security.cc (get_file_sd): Allocate security_decscriptor with size
	SD_MAXIMUM_SIZE.
	(alloc_sd): Use TLS buffer to allow maximum ACL size.
2010-09-10 14:53:44 +00:00
Corinna Vinschen 67a9307898 * security.cc (get_file_sd): Add bool parameter justcreated. Use
GetSecurityInfo only if justcreated is true, NtQuerySecurityObject
	otherwise.  Add comment to explain why.  Don't waste time to call
	NtQuerySecurityObject twice, just allocate big enough area.
	(get_file_attribute): Call get_file_sd with justcreated set to false.
	(set_file_attribute): Call get_file_sd with justcreated depending on
	S_JUSTCREATED pseudo file attribute.
	(check_file_access): Call get_file_sd with justcreated set to false.
	* sec_acl.cc (setacl): Ditto.
	(getacl): Ditto.
	* security.h: Convert many functions to regparm functions.
	(get_file_sd): Declare with extra bool parameter.
2010-09-10 09:32:13 +00:00
Corinna Vinschen cc01c77f7e * autoload.cc (GetNamedPipeClientProcessId): Define.
* fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private.
	(fhandler_tty_slave::fch_close_handles): Ditto.
	(fhandler_tty_slave::cygserver_attach_tty): Drop declaration.
	(fhandler_tty_slave::fstat): Declare public.
	(fhandler_tty_slave::fchmod): Declare public.
	(fhandler_tty_slave::fchown): Declare public.
	(class fhandler_pty_master): Add master_ctl handle.
	(fhandler_pty_master::pty_master_thread): Declare public.
	* fhandler_termios.cc (fhandler_termios::tcinit): If the process
	is started from a non-Cygwin process, make it tty process group
	leader.
	* fhandler_tty.cc: Throughout accommodate additional security related
	arguments in calls to functions creating or opening objects.
	(close_maybe): Move to start of file to reuse it
	in other methods.
	(struct pipe_request): Define.
	(struct pipe_reply): Define.
	(fhandler_tty_slave::open): Throughout, try to open synchronization
	objects with MAXIMUM_ALLOWED permissions.  Drop call to cygserver.
	Try to duplicate pipe handles via master_ctl pipe if duplicating
	directly doesn't work.
	(fhandler_tty_slave::cygserver_attach_tty): Remove.
	(fhandler_tty_slave::init): Close unused incoming pipe handle.
	(fhandler_pty_master::close): Send exit message to master control
	thread and close master_ctl handle.
	(fhandler_pty_master::pty_master_thread): New method, implementing the
	master control thread.
	(pty_master_thread): Static helper to start master control thread.
	(fhandler_pty_master::setup): Simplify creating pipe inheritance.
	Make sure we're the one creating the input_available_event.  Add
	comment to explain why.  Create master_ctl pipe and start master
	control thread.  Close master_ctl handle in case of error.
	* security.cc (alloc_sd): Add code to handle tty objects.  Add comments
	to explain what exactly is required.
	(get_object_sd): New function.
	(get_object_attribute): New function.
	(create_object_sd_from_attribute): New function.
	(set_object_sd): New function.
	(set_object_attribute): New function.
	(set_file_attribute): Change attribute type to mode_t.
	* security.h (set_file_attribute): Change attribute type to mode_t.
	(get_object_sd): Declare.
	(get_object_attribute): Declare.
	(create_object_sd_from_attribute): Declare.
	(set_object_sd): Declare.
	(set_object_attribute): Declare.
	* tty.cc (tty::slave_alive): Implement directly instead of via alive.
	(tty::exists): Open mutex handle with READ_CONTROL access.
	(tty::alive): Remove.
	(tty::open_output_mutex): Convert to inline method.
	(tty::open_input_mutex): Ditto.
	(tty::open_mutex): Take additional ACCESS_MASK parameter for the
	mutex open access mask.
	(tty::open_inuse): New method.
	(tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter.  Drop fmt
	name parameter.  Always create TTY_SLAVE_ALIVE event.
	(tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for
	CreateEvent.
	* tty.h (class tty): Change declarations according to aforementioned
	changes.
	(tty::open_output_mutex): Implement as inline method.
	(tty::open_input_mutex): Ditto.
2010-04-19 19:52:43 +00:00
Corinna Vinschen b5efa8990f * sec_helper.cc (get_null_sd): Make static. Use PSECURITY_DESCRIPTOR
instead of SECURITY_DESCRIPTOR *.
	(sec_acl): Fix fomratting.
	* security.h (get_null_sd): Drop declaration.
2010-04-17 15:51:09 +00:00
Corinna Vinschen e122c47112 * sec_auth.cc (get_user_local_groups): Retrieve name of well known
builtin group from system.  Explain why.
	* sec_helper.cc (well_known_builtin_sid): New SID for BUILTIN group.
	* security.h (well_known_builtin_sid): Declare.
2010-02-12 17:40:42 +00:00
Corinna Vinschen e70fdfb99f * cygwin.din (dup3): Export.
(pipe2): Export.
	* dtable.cc (dtable::dup_worker): Take additional flags parameter.
	Handle O_CLOEXEC flag.
	(dtable::dup3): Rename from dup2.  Take additional flags parameter.
	Check for valid flags.  Drop check for newfd == oldfd.
	* dtable.h (dtable::dup_worker): Add flags parameter.
	(dtable::dup3): Rename from dup2.
	* fcntl.cc (fcntl64): Add F_DUPFD_CLOEXEC case.
	* fhandler.h (fhandler_mailslot::get_object_attr): Add flags parameter.
	* fhandler.cc (fhandler_base::open): Use security attribute with
	inheritance according to setting of O_CLOEXEC flag.
	* fhandler_console.cc (fhandler_console::open): Ditto.
	* fhandler_fifo.cc (sec_user_cloexec): New inline function to
	create security attribute with inheritance according to setting of
	O_CLOEXEC flag.
	(fhandler_fifo::open): Call sec_user_cloexec to fetch security
	attribute.
	(fhandler_fifo::wait): Ditto.
	* fhandler_mem.cc (fhandler_dev_mem::open): Ditto.
	* fhandler_mailslot.cc (fhandler_mailslot::get_object_attr): Take
	additional flags parameter.  Use security attribute with inheritance
	according to setting of O_CLOEXEC flag.
	(fhandler_mailslot::open): Call get_object_attr with flags parameter.
	* fhandler_registry.cc (fhandler_registry::open): Call set_close_on_exec
	on real handles to accommodate O_CLOEXEC flag.
	* fhandler_tty.cc (fhandler_tty_slave::open): Ditto.
	* fhandler_tape.cc: Create mutex with inheritance according to setting
	of O_CLOEXEC flag.
	* pipe.cc: Replace usage of O_NOINHERIT with O_CLOEXEC.
	 (fhandler_pipe::init): Simplify setting close_on_exec flag.
	(fhandler_pipe::open): Remove setting close_on_exec flag.
	(fhandler_pipe::create): Use security attribute with inheritance
	according to setting of O_CLOEXEC flag.
	(pipe2): New exported function.
	* posix_ipc.cc: Throughout, open backing files with O_CLOEXEC
	flag to follow POSIX semantics.
	* security.h (sec_none_cloexec): New define.
	* syscalls.cc (dup): Add missing extern "C" qualifier.  Accommodate
	renaming of dtable::dup2 to dtable::dup3.
	(dup2): Ditto.  Check newfd == oldfd here.
	(dup3): New function.  Check newfd == oldfd here.
	(open): Set close_on_exec flag according to O_CLOEXEC flag before
	calling fhandler->open.
	* include/cygwin/version.h (CYGWIN_VERSION_API_MINOR): Bump.
2010-01-14 18:46:02 +00:00
Corinna Vinschen 9f00d74664 * sec_auth.cc (get_token_group_sidlist): Add BUILTIN\Users account
to all created tokens.
	* sec_helper.cc (well_known_users_sid): Define as BUILTIN\Users.
	* security.h (well_known_users_sid): Declare.
2010-01-08 15:55:27 +00:00
Corinna Vinschen b42441d32b * sec_helper.cc (security_descriptor::free): If sd_size is 0, call
LocalFree instead of ::free.

	* sec_acl.cc: Throughout replace old ACE flag definitions with current
	definitions as used in MSDN man pages.
	* security.cc: Ditto.

	* fhandler.cc (fhandler_base::open): Make sure file has really been
	just created before fixing file permissions.  Add S_JUSTCREATED
	attribute to set_file_attribute call.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
	with default security descriptor and fix descriptor afterwards.
	Add S_JUSTCREATED flag to set_file_attribute call.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Call GetSecurityInfo rather than
	NtQuerySecurityObject.  Explain why.  Change error handling accordingly.
	(alloc_sd): Skip non-inherited, non-standard entries in ACL if
	S_JUSTCREATED attribute is set.  Explain why.  Minor format fixes.
	* security.h (S_JUSTCREATED): New define.
	(security_descriptor::operator=): New operator.
2009-10-30 19:58:53 +00:00
Corinna Vinschen 0191627a26 * include/sys/cygwin.h: Add new cygwin_getinfo_type
CW_SET_EXTERNAL_TOKEN.
	Add new enum CW_TOKEN_IMPERSONATION, CW_TOKEN_RESTRICTED.
	* cygheap.h (cyguser): New flags ext_token_is_restricted,
	curr_token_is_restricted and setuid_to_restricted.
	* external.cc (cygwin_internal): Add CW_SET_EXTERNAL_TOKEN.
	* sec_auth.cc (set_imp_token): New function.
	(cygwin_set_impersonation_token): Call set_imp_token ().
	* security.h (set_imp_token): New prototype.
	* spawn.cc (spawn_guts): Use CreateProcessAsUserW if restricted token
	was enabled by setuid().  Do not create new window station in this case.
	* syscalls.cc (seteuid32): Add handling of restricted external tokens.
	Set HANDLE_FLAG_INHERIT for primary token.
	(setuid32): Set setuid_to_restricted flag.
	* uinfo.cc (uinfo_init): Do not reimpersonate if restricted token was
	enabled by setuid ().  Initialize user.*_restricted flags.
2009-10-13 10:23:31 +00:00
Eric Blake 3dbe243afa Fix faccessat(,0) and access() semantics.
* fhandler.h (fhandler_base::fhaccess): Add parameter.
* security.h (check_file_access, check_registry_access): Likewise.
* security.cc (check_file_access, check_registry_access)
(check_access): Implement new parameter.
* fhandler.cc (fhandler_base::fhaccess): Likewise.
(device_access_denied): Update caller.
* syscalls.cc (access, faccessat): Update callers.
* spawn.cc (find_exec, fixup): Likewise.
2009-09-25 13:44:45 +00:00
Corinna Vinschen a22af4a956 * sec_auth.cc (str2uni_cat): Move from here...
* path.cc (str2uni_cat): ...to here.  Simplify.  Make static inline.
	(get_nt_native_path): Use RtlAppendUnicodeToString rather than
	str2uni_cat for constant strings for speed.
	* security.h (str2uni_cat): Drop declaration.
2009-05-09 15:08:16 +00:00
Corinna Vinschen 2d647173bb * fhandler_disk_file.cc (fhandler_disk_file::fchown): Catch an
error when changing the user account on a standalone Samba server.
	Explain why.
	* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
	* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
	(well_known_samba_unix_user_fake_sid): Define.
	* security.cc (set_file_sd): Take additional parameter if ownership
	should be changed.  Restrict requested permissions accordingly.
	(set_file_attribute): Accommodate additional parameter to set_file_sd.
	* security.h (well_known_samba_unix_user_fake_sid): Declare.
	(set_file_sd): Align declaration to above change.
2009-04-09 09:19:03 +00:00
Corinna Vinschen 6a32d500a9 * sec_auth.cc (str2buf2uni): Remove.
* security.h (str2buf2uni): Remove declaration.
2009-03-24 10:53:57 +00:00
Christopher Faylor 66a83f3eac Remove unneeded header files from source files throughout. Update copyrights
where appropriate.
* globals.cc: New file for generic global variables.
* mkglobals_h: New file to generate globals.h.
* mkstatic: New Script used to build a (currently non-working) static
libcygwin_s.a.
* Makefile.in: Add unused rule to build a non-working libcygwin_s.a.
(DLL_OFILES): Add globals.o.  Make all objects rely on globals.h.
(globals.h): New target.  Generate globals.h.
* cygtls.h: Honor new CYGTLS_HANDLE define to control when the HANDLE operator
is allowed in _cygtls.
* dcrt0.cc: Move most globals to globals.cc.
* init.cc: Ditto.
* environ.cc (strip_title_path): Remove now-unneeded extern.
* fhandler_serial.cc (fhandler_serial::open): Ditto.
* pinfo.cc: Ditto.
(commune_process): Ditto.
* shared.cc: Ditto.
* glob.cc: Ditto.
* strace.cc: Ditto.
* exceptions.cc: Define CYGTLS_HANDLE before including winsup.h.
* path.cc (stat_suffixes): Move here.
* security.h: Add forward class path_conv declaration.
* smallprint.cc (__small_vsprintf): Make a true c++ function.
(__small_sprintf): Ditto.
(small_printf): Ditto.
(console_printf): Ditto.
(__small_vswprintf): Ditto.
(__small_swprintf): Ditto.
* spawn.cc (spawn_guts): Remove _stdcall decoration in favor of regparm.
(hExeced): Move to globals.cc
* strfuncs.cc (current_codepage): Ditto.
(active_codepage): Ditto.
* sync.cc (lock_process::locker): Move here from dcrt0.cc.
* syscalls.cc (stat_suffixes): Move to path.cc.
* tty.cc (tty::create_master): Uncapitalize fatal warning for consistency.
* winsup.h: Include globals.h to declare most of the grab bag list of globals
which were previously defined here.
* mount.h: Move USER_* defines back to shared_info.h.
* speclib: Force temporary directory cleanup.
2009-01-03 05:12:22 +00:00
Corinna Vinschen 51303cbd0c * Makefile.in (DLL_OFILES): Add setlsapwd.o.
* cygserver.h (CYGWIN_SERVER_VERSION_API): Bump.
	(request_code_t): Define CYGSERVER_REQUEST_SETPWD request type.
	* cygserver_msg.h (client_request_msg::retval): Use default value of -1
	for retval if msglen is 0.
	* cygserver_sem.h (client_request_sem::retval): Ditto.
	* cygserver_shm.h (client_request_shm::retval): Ditto.
	* cygserver_setpwd.h: New file.
	* external.cc (cygwin_internal): Implement new CW_SET_PRIV_KEY type.
	* sec_auth.cc (open_local_policy): Make externally available.
	Get ACCESS_MASK as argument.
	(create_token): Accommodate change to open_local_policy.
	(lsaauth): Ditto.
	(lsaprivkeyauth): New function fetching token by retrieving
	password stored in Cygwin or Interix LSA private data area and
	calling LogonUser with it.
	* security.h (lsaprivkeyauth): Declare.
	(open_local_policy): Declare.
	* setlsapwd.cc: New file implementing setting LSA private data password
	using LsaStorePrivateData or by calling cygserver if available.
	* syscalls.cc (seteuid32): Add workaround to get the original token
	when switching back to the original privileged user, even if
	setgroups group list is still active.  Add long comment to explain why.
	Call lsaprivkeyauth first, only if that fails call lsaauth or
	create_token.
	* include/cygwin/version.h: Bump API minor number.
	* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_SET_PRIV_KEY.
2008-11-26 10:18:10 +00:00
Corinna Vinschen 88797e5979 * external.cc (cygwin_internal): Call set_security_attribute with
additional path_conv argument.
	* fhandler.cc (fhandler_base::open): Ditto.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
	R/O attribute when using ACLs.
	(fhandler_disk_file::mkdir): Ditto.  Set
	security descriptor on remote dirs after creating the dir, same as in
	fhandler_base::open.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto. for remote symlinks.
	* security.cc (alloc_sd): Take additional path_conv argument.
	Accommodate throughout.  Drop setting FILE_WRITE_EA/FILE_READ_EA
	flags unconditionally (was only necessary for "ntea"). Don't set
	FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
	Samba.  Add comment to explain.  Drop useless setting of
	STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
	Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
	to enforce read permissions on Samba.
	(set_security_attribute): Take additional path_conv argument.
	* security.h (set_security_attribute): Change prototype accordingly.
2008-08-14 14:05:04 +00:00
Corinna Vinschen b54881352d * sec_auth.cc (extract_nt_dom_user): Return domain and user name as
WCHAR.
	(cygwin_logon_user): Accommodate above change.  Convert password to
	WCHAR and call LogonUserW.
	* external.cc (cygwin_internal): Accommodate above change.
	* security.h (extract_nt_dom_user): Change prototype accordingly.
2008-07-30 12:10:20 +00:00