Commit Graph

154 Commits

Author SHA1 Message Date
Corinna Vinschen ddf9c4a744 * fhandler.cc (fhandler_base::open): Accomodate query_write_control
query_state.
	(fhandler_base::fchown): New method.
	* fhandler.h: Declare fchown method in fhandler_base,
	fhandler_disk_file and fhandler_virtual.
	(enum query_state): Add query_write_control.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Set query_state
	to query_write_control.  Only remove FILE_ATTRIBUTE_READONLY if not
	setting security descriptor.
	(fhandler_disk_file::fchown): New method.
	* fhandler_virtual.cc (fhandler_virtual::fchown): New method.
	* sec_acl.cc (setacl): Call write_sd with additional handle attribute.
	* security.cc (write_sd): Take handle argument.  Only request owner
	if getting SE_RESTORE_NAME privilege failed.  Only open file if
	NtSetSecurityObject failed or handle is NULL.
	(set_nt_attribute): Call write_sd with additional handle attribute.
	* security.h (write_sd): Declare with additional handle argument.
2004-04-14 13:40:07 +00:00
Corinna Vinschen 854c870051 * dir.cc (mkdir): Call set_file_attribute with additional handle
argument.
	* fhandler.cc (fhandler_base::fchmod): New method.
	* fhandler.h: Declare fchmod method in fhandler_base,
	fhandler_disk_file and fhandler_virtual.
	* fhandler_disk_file.cc (fhandler_disk_file::fchmod): New method.
	(fhandler_base::open_fs): Call set_file_attribute with additional
	handle argument.
	* fhandler_virtual.cc (fhandler_virtual::fchmod): New method.
	* path.cc (symlink_worker): Call set_file_attribute with additional
	handle argument.
	* security.cc (get_nt_object_security): New function.
	(get_nt_object_attribute): Call get_nt_object_security.
	(set_nt_attribute): Add handle argument.  Call get_nt_object_security
	first, read_sd only if that fails.
	(set_file_attribute): Add handle argument.
	* security.h (set_file_attribute): Declare with additional handle
	argument.
	* syscalls.cc (stat_suffixes): Move to beginning of file.
	(chown_worker): Call set_file_attribute with additional handle argument.
	(chmod): Reorganize to call fhandler's fchmod method eventually.
	(fchmod): Ditto.
2004-04-13 20:36:58 +00:00
Corinna Vinschen a9a5b2eab0 * fhandler.cc (fhandler_base::open): Set query access mode according
to query_open setting.
	(fhandler_base::fhandler_base): Initialize query_open.
	* fhandler.h (FH_QUERYOPEN): Drop.
	(enum query_state): Add.
	(class fhandler_base): Add query_open member.
	(fhandler_base::get_query_open): Redefine to use query_open.
	(fhandler_base::set_query_open): Ditto.
	* fhandler_disk_file.cc (fhandler_base::fstat_fs): Remove O_DIROPEN
	from open_flags since it's added in open_fs anyway.  Remove
	query_open_already.  Use new query_open settings.  Rearrange slightly.
	(fhandler_base::fstat_helper): Add get_io_handle as parameter to
	get_file_attribute.
	* security.cc (get_nt_object_attribute): Make returning an int.
	Return -1 on error, 0 otherwise.
	(get_file_attribute): Take an object handle as argument. Move down
	to allow calling get_nt_object_attribute in case a non-NULL handle
	is given.
	* security.h (get_file_attribute): Add handle to argument list.
	* syscalls.cc (chown_worker): Accomodate new definition of
	get_file_attribute.
2004-04-08 07:57:28 +00:00
Christopher Faylor cec4879206 * debug.h (console_printf): Define for non-debugging condition.
* cygtls.h (_threadinfo::lock): Remove wait argument.
(_threadinfo::interrupt_setup): Remove retaddr argument.
* exceptions.cc (_threadinfo::interrupt_setup): Ditto.
(_threadinfo::interrupt_now): Accommodate change to interrupt_setup argument.
(setup_handler): Ditto.  Always lock sig stack prior to determining interrupt
method.
* gendef (_sigfe): Correct thinko regarding cmpxchg.
(_sigbe): Ditto.
(_threadinfo::lock): Ditto.
(_threadinfo::pop): Eliminate left-over stack unlock.
* sigproc.cc (proc_subproc): Chnage debugging output to printed warning.
2004-02-09 04:04:24 +00:00
Corinna Vinschen d82c6f474d * security.h (SID): New macro.
(well_known_*_sid): Change type to cygpsid.
	(cygsid::init): Delete declaration.
	* sec_helper.cc (well_known_*_sid): Define using above SID macro.
	(cygsid::init): Delete.
	* dcrt0.cc (dll_crt0_0): Do not call cygsid::init.
	* security.cc (get_user_local_groups): Change the second argument type
	to cygpsid.
2004-02-05 17:23:19 +00:00
Christopher Faylor 2e008fb91f Change use of BOOL, TRUE, FALSE to bool, true, false, as appropriate,
throughout.
* tty.cc (tty::common_init): Remove call to SetKernelObjectSecurity and edit
some comments.
* cygheap.h (init_cygheap::ctty): Add new element.
* devices.in (device::parse): Remove special handling for /dev/tty.
* devices.cc: Regenerate.
* dtable.cc (build_fh_pc): Don't reset /dev/tty device.  Let the device opener
do that.
* fhandler_termios.cc (tty_min::set_ctty): Redefine to _pinfo class.
* fhandler_tty.cc (fhandler_tty_common::set_close_on_exec): Avoid setting
noninherit flag for ctty.
* tty.h: Move BOOLs to bools.
(tty_min::set_ctty): Redeclare to _pinfo class.
* pinfo.cc (_pinfo::set_ctty): Define new function based on tty_min::set_ctty.
Change first argument from tty number to tty_min class.
* pinfo.h (_pinfo::set_ctty): Declare.
* fhandler_console.cc (fhandler_console::get_tty_stuff): Reflect move of
set_ctty to _pinfo class.
* fhandler_tty.cc (fhandler_tty_slave::open): Treat FH_TTY specially.  Use
saved cygheap value if it exists.  Otherwise convert to real device and save on
first time open.
(fhandler_tty_common::dup): Potentially set controlling tty if duping a slave
tty.
* syscalls.cc (setsid): Close controlling tty in cygheap.
* tty.cc: Change some BOOLs to bools.
2003-12-07 22:37:12 +00:00
Corinna Vinschen 12069cf31b * dir.cc (mkdir): Use local security_descriptor. Call
set_security_attribute appropriately.
	* external.cc (cygwin_internal): Ditto.
	* fhandler.cc (fhandler_base::open): Ditto.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto.
	* path.cc (symlink_worker): Ditto.
	* sec_acl.cc (setacl): Ditto. Call read_sd appropriately.
	(getace): Ditto.
	* sec_helper.cc (security_descriptor::malloc): New method.
	(security_descriptor::realloc): New method.
	(security_descriptor::free): New method.
	* security.cc (read_sd): Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
	Allocate the security_descriptor buffer according to size returned by
	a call to GetFileSecurity. Return buffer size on success.
	(write_sd): Get security_descriptor as parameter instead of
	PSECURITY_DESCRIPTOR and a size.
	(get_nt_attribute): Use local security_descriptor.
	(get_nt_object_attribute): Ditto in case of type == SE_REGISTRY_KEY.
	Allocate security_descriptor buffer according to size returned by
	a call to RegGetKeySecurity.
	(alloc_sd): Make static. Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size. Drop unnecessary parameter check.
	(set_security_attribute): Get security_descriptor as parameter instead
	of PSECURITY_DESCRIPTOR and a size.
	(set_nt_attribute): Use local security_descriptor.
	(check_file_access): Ditto.
	* security.h: Add class security_descriptor.
	(read_sd): Change declaration to get security_descriptor as parameter
	instead of PSECURITY_DESCRIPTOR and a size.
	(write_sd): Ditto.
	(set_security_attribute): Ditto.
	(alloc_sd): Remove declaration.
	* thread.cc (semaphore::semaphore): Use local security_descriptor. Call
	set_security_attribute appropriately.
2003-11-26 13:23:27 +00:00
Corinna Vinschen 3db690789f * sec_acl.h (getace): Use FILE_*_BITS as permission mask.
* security.cc (get_attribute_from_acl): Ditto.
	* security.h (FILE_READ_BITS): Define to match also GENERIC bits.
	(FILE_WRITE_BITS): Ditto.
	(FILE_EXEC_BITS): Ditto.
2003-11-26 10:52:21 +00:00
Corinna Vinschen db30fe125f * security.h (cygpsid::debug_print): Avoid compiler warnings. 2003-10-26 10:58:11 +00:00
Pierre Humblet 6806a8b51f 2003-09-26 Pierre Humblet <pierre.humblet@ieee.org>
* uinfo.cc (cygheap_user::init): Make sure the current user appears
	in the default DACL. Rearrange to decrease the indentation levels.
	Initialize the effec_cygsid directly.
	(internal_getlogin): Do not reinitialize myself->gid. Open the process
	token with the required access.
	* cygheap.h (class cygheap_user): Delete members pid and saved_psid.
	Create members effec_cygsid and saved_cygsid.
	(cygheap_user::set_sid): Define inline.
	(cygheap_user::set_saved_sid): Ditto.
	(cygheap_user::sid): Modify.
	(cygheap_user::saved_sid): Modify.
	* cygheap.cc (cygheap_user::set_sid): Delete.
	(cygheap_user::set_saved_sid): Ditto.
	* sec_helper.cc (sec_acl): Set the correct acl size.
	* autoload.cc (FindFirstFreeAce): Add.
	* security.h: Define ACL_DEFAULT_SIZE.
2003-09-27 01:56:36 +00:00
Pierre Humblet c61ada9bd3 2003-09-15 Pierre Humblet <pierre.humblet@ieee.org>
* security.h (__sec_user): Add "access2" argument.
	(sec_acl): Add "original" and "access2" arguments.
	(sec_user): Add "sid2" and "access2" argument. Remove dependence on
	allow_ntsec.
	(sec_user_nih): Ditto.
	* sec_helper.cc (__sec_user): Add "has_security" test.
	Call sec_acl with new arguments, letting it handle original_sid.
	(sec_acl): Add "original" and "access2" arguments. Handle original_sid
	depending on flag but avoiding duplicates. Use "access2" for sid2.
	* pinfo.cc (pinfo::init): Use security attributes created by sec_user
	when creating the mapping.
	* security.cc (create_token): Adjust arguments in call to sec_acl.
	Call sec_user instead of __sec_user.
	* syscall.cc (seteuid32):  Adjust arguments in call to sec_acl. Remove
	now unnecessary test. Remove useless conversions to psid.
	* dcrt0.cc (dll_crt0_1): Call cygsid::init before pinfo_init.
2003-09-16 00:45:50 +00:00
Pierre Humblet 7119fc0d0b 2003-09-09 Pierre Humblet <pierre.humblet@ieee.org>
* shared_info.h: Include security.h.
	(open_shared): Add psa argument.
	(user_shared_initialize): New declaration.
	* security.h: Add _SECURITY_H guard.
	(sec_user): Use sec_none in the no ntsec case.
	* spawn.cc (spawn_guts): Remove call to load_registry_hive.
	* syscalls (seteuid32): If warranted, call load_registry_hive,
	user_shared_initialize and RegCloseKey(HKEY_CURRENT_USER).
	* shared.cc (user_shared_initialize): New.
	(open_shared): Add and use psa argument.
	(memory_init): Move mount table initialization to
	user_shared_initialize. Call it.
2003-09-10 02:12:26 +00:00
Christopher Faylor 3872e9a419 * Makefile.in: Remove cygserver stuff.
* acconfig.h: Add USE_CYGSERVER define.
* config.h.in: Regenerate.
* configure.in: Add --enable-server setting.
* configure: Regenerate.
* fhandler_tty.cc (fhandler_tty_slave::open): Conditionalize compilation of
cygserver stuff.
* fork.cc (fork_child): Ditto.
* shm.cc: Ditto.
* tty.cc (tty::common_init): Ditto.
* dcrt0.cc: Use bool rather than BOOL for CYGWIN environment variable
definitions.
* environ.cc: Ditto.
* ntea.cc: Ditto.
* security.cc: Ditto.
* security.h: Ditto.
* syscalls.cc (check_posix_perm): Remove externs that were already declared in
a header.
* winsup.h: Ditto.  Declare _MT_SAFE here.  Delete it someday since cygwin
should always be _MT_SAFE.
2003-07-02 03:16:00 +00:00
Christopher Faylor a113a3c540 whitespace cleanup 2003-03-09 20:31:07 +00:00
Corinna Vinschen cf762b08cf * dtable.cc (dtable::build_fhandler_from_name): Set some fhandler
data on sockets to evaluate AF_LOCAL sockets correctly.
	(dtable::build_fhandler): Set unit number on sockets.
	* fhandler.h (fhandler_socket): Add unit number.
	(fhandler_socket::get_unit): New method.
	* fhandler_socket.cc (fhandler_socket::fhandler_socket): Set unit
	number.
	(fhandler_socket::fstat): Reorganize to return more Linux-like
	values.
	* net.cc: include ctype.h.
	(fdsock): Set unit number when building fhandler.
	* path.cc (path_conv::check): Set device type to FH_SOCKET if file
	is a AF_UNIX socket.
	(get_devn): Evaluate unit for virtual socket devices.
	(win32_device_name): Set windows path for sockets to unix_path with
	just backslashes to keep the different names.
	* syscalls.cc (fstat64): Don't override st_ino, st_dev and st_rdev
	for sockets.
	(stat_worker): Ditto.

From Pierre Humblet:

	* autoload.cc (AccessCheck): Add.
	(DuplicateToken): Add.
	* security.h (check_file_access): Declare.
	* syscalls.cc (access): Convert path to Windows, check existence
	and readonly attribute. Call check_file_access instead of acl_access.
	* security.cc (check_file_access): Create.
	* sec_acl (acl_access): Delete.
2003-02-21 14:29:18 +00:00
Christopher Faylor 407b8df695 * include/cygwin/in.h (in_attr_t): Define new type.
* include/arpa/inet.h (inet_addr): Change return type to in_addr_t.
(inet_lnaof): Ditto.
(inet_netof): Ditto.
(inet_network): Ditto.
* include/cygwin/types.h: Move many *_t typedefs here.  Protect them with
ifdefs.
* fhandler_disk_file.cc (fhandler_disk_file::fstat): Change ntsec_atts to
mode_t.
* security.cc (get_attribute_from_acl): Accept mode_t attribute.
(get_nt_attribute): Ditto.
(get_file_attribute): Ditto.
(get_nt_object_attribute): Ditto.
(get_object_attribute): Ditto.
* security.h: Reflect above changes.
* syscalls.cc (chown_worker): Change attrib to mode_t.
2003-02-10 22:43:29 +00:00
Corinna Vinschen 565e80155b * security.h: Introduce names UNKNOWN_UID and UNKNOWN_GID and delete
declaration of is_grp_member.
	* uinfo.cc (internal_getlogin): Use UNKNOWN_GID.
	* passwd.cc (pwdgrp::read_passwd): Use UNKNOWN_UID.
	* grp.cc (pwdgrp::read_group): Change group name to provide better
	feedback.
	(getgrgid): Use gid16togid32.
	* sec_helper.cc (is_grp_member): Delete.
2003-02-06 14:01:54 +00:00
Corinna Vinschen 4a21c2d5c8 * security.h (class cygpsid): New class.
(class cygsid): Use cygpsid as base. Remove members psid, get_id,
	get_uid, get_gid, string, debug_printf and the == and != operators.
	(cygsidlist::clear_supp): Only do work if setgroups has been called.
	* sec_helper.cc: Define sid_auth NO_COPY.
	(cygpsid::operator==): New operator.
	(cygpsid::get_id): New function.
	(cygpsid::string): New function.
	(cygsid::string): Delete.
	(cygsid::get_id): Delete.
	* pwdgrp.h: Change arguments of internal_getpwsid,
	internal_getgrsid and internal_getgroups to cygpsid.
	* passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid.
	* grp.cc (internal_getgrsid): Ditto.
	(internal_getgroups): Ditto.
2003-02-04 14:58:04 +00:00
Corinna Vinschen 153e83c605 * security.h: Add third argument to set_process_privilege.
* autoload.cc: Add OpenThreadToken.
	* sec_helper.cc (set_process_privilege): Add and use use_thread
	argument.
	* security.cc (alloc_sd): Modify call to set_process_privilege.
	Remember the result in each process. If failed and file owner is not
	the user, fail.
2003-02-03 15:55:20 +00:00
Corinna Vinschen 85ecb9be00 2002-12-14 Corinna Vinschen <corinna@vinschen.de>
* dcrt0.cc (dll_crt0_1): Call well known SID initializer function.
	* security.h (cygsid::init): Declare new static method.
	* sec_helper.cc (cygsid::init): New method for initializing well
	known SIDs.

2002-12-14  Pierre Humblet  <pierre.humblet@ieee.org>

	* security.h: Declare well_known_creator_group_sid.
	* sec_helper.cc: Define and initialize well_known_creator_group_sid.
2002-12-14 17:23:42 +00:00
Corinna Vinschen d6ffc07588 2002-12-10 Pierre Humblet <pierre.humblet@ieee.org>
* pwdgrp.h (pwdgrp_check::pwdgrp_state): Replace by
	pwdgrp_check::isinitializing ().
	(pwdgrp_check::isinitializing): Create.
	* passwd.cc (grab_int): Change type to unsigned, use strtoul and
	set the pointer content to 0 if the field is invalid.
	(parse_pwd): Move validity test after getting pw_gid.
	(read_etc_passwd): Replace "passwd_state <= " by
	passwd_state::isinitializing ().
	(internal_getpwuid): Ditto.
	(internal_getpwnam): Ditto.
	(getpwent): Ditto.
	(getpass): Ditto.
	* grp.cc (parse_grp): Use strtoul for gr_gid and verify the validity.
	(read_etc_group): Replace "group_state <= " by
	group_state::isinitializing ().
	(internal_getgrgid): Ditto.
	(getgrent32): Ditto.
	(internal_getgrent): Ditto.

2002-12-10  Pierre Humblet <pierre.humblet@ieee.org>

	* security.h: Move declarations of internal_getgrent,
	internal_getpwsid and internal_getgrsid to pwdgrp.h.
	* pwdgrp.h: Declare internal_getpwsid, internal_getpwnam,
	internal_getpwuid, internal_getgrsid, internal_getgrgid,
	internal_getgrnam, internal_getgrent and internal_getgroups.
	Delete "emulated" from enum pwdgrp_state.
	(pwdgrp_check::isuninitialized): Create.
	(pwdgrp_check::pwdgrp_state): Change state to initializing
	rather than to uninitialized.
	(pwdgrp_read::gets): Remove trailing CRs.
	* passwd.cc (grab_string): Don't look for NLs.
	(grab_int): Ditto.
	(parse_pwd): Don't look for CRs. Return 0 if entry is too short.
	(search_for): Delete.
	(read_etc_passwd): Simplify tests to actually read the file.
	Set state to loaded before making internal_getpwXX calls.
	Replace search_for calls by equivalent internal_pwgetXX calls.
	(internal_getpwsid): Use passwd_state.isuninitialized to decide
	to call read_etc_passwd.
	(internal_getpwuid): Create.
	(internal_getpwnam): Create.
	(getpwuid32): Simply call internal_getpwuid.
	(getpwuid_r32): Call internal_getpwuid.
	(getpwnam): Simply call internal_getpwnam.
	(getpwnam_r): Call internal_getpwnam.
	* grp.cc (parse_grp): Don't look for CRs. Adjust blank space.
	(add_grp_line): Adjust blank space.
	(class group_lock): Ditto.
	(read_etc_group): Simplify tests to actually read the file.
	Set state to loaded before making internal_getgrXX calls.
	Replace getgrXX calls by equivalent internal calls.
	(internal_getgrsid): Use group_state.isuninitialized to decide
	to call read_etc_group.
	(internal_getgrgid): Create.
	(internal_getgrnam): Create.
	(getgroups32): Simply call internal_getgrgid.
	(getgrnam32): Simply call internal_getgrnam.
	(internal_getgrent): Call group_state.isuninitialized.
	(internal_getgroups): Create from the former getgroups32, using
	two of the four arguments. Set gid to myself->gid and username
	to cygheap->user.name ().
	(getgroups32): Simply call internal_getgroup.
	(getgroups): Call internal_getgroup instead of getgroups32.
	(setgroups32): Call internal versions of get{pw,gr}XX.
	* sec_helper.cc: Include pwdgrp.h.
	(is_grp_member): Call internal versions of get{pw,gr}XX.
	* security.cc: Include pwdgrp.h.
	(alloc_sd): Call internal versions of get{pw,gr}XX.
	* syscalls.cc: Include pwdgrp.h.
	(seteuid32): Call internal versions of get{pw,gr}XX.
	(setegid32): Ditto.
	* uinfo.cc: Include pwdgrp.h.
	(internal_getlogin): Call internal versions of get{pw,gr}XX.
	(cygheap_user::ontherange): Ditto.
	* sec_acl.cc: Include pwdgrp.h.
	(setacl): Call internal versions of get{pw,gr}XX.
	(acl_access): Ditto and simplify logic.
	(aclfromtext): Ditto.
2002-12-10 12:43:49 +00:00
Corinna Vinschen 647b92a7d4 * security.h: Declare internal_getpwsid and internal_getgrsid.
Undeclare internal_getpwent.  Define DEFAULT_UID_NT.  Change
	DEFAULT_GID.
	* passwd.cc (internal_getpwsid): New function.
	(internal_getpwent): Suppress.
	(read_etc_passwd): Make static.  Rewrite the code for the completion
	line.  Set curr_lines to 0.
	(parse_pwd): Change type to static int.  Return 0 for short lines.
	(add_pwd_line): Pay attention to the value of parse_pwd.
	(search_for): Do not look for nor return the DEFAULT_UID.
	* grp.cc (read_etc_group): Make static.  Free gr_mem and set
	curr_lines to 0.  Always call add_pwd_line.  Rewrite the code for the
	completion line.
	(internal_getgrsid): New function.
	(parse_grp): If grp.gr_mem is empty, set it to &null_ptr.
	Never NULL gr_passwd.
	(getgrgid32): Only return the default if ntsec is off and the gid is
	ILLEGAL_GID.
	* sec_helper.cc (cygsid::get_id): Use getpwsid and getgrsid.
	(cygsid_getfrompw): Clean up last line.
	(cygsid_getfromgr): Ditto.
	(is_grp_member): Use getpwuid32 and getgrgid32.
	* uinfo.cc (internal_getlogin): Set DEFAULT_GID at start.
	Use getpwsid. Move the read of /etc/group after the second access
	to /etc/passwd.  Change some debug_printf.
2002-11-20 17:10:05 +00:00
Corinna Vinschen 7a11fe607e * syscalls.cc (chmod): Simplify conditional.
* sec_helper (cygsid::getfromstr): Reorganize to remove
	calls to strcpy and strtok_r.
	(cygsid::getfromgr): Change type to __uid32_t instead of int.
	Keep only the allow_ntsec branch. Never call LookupAccountSid
	which calls PDCs, simply return -1 in case of failure.
	Use cygsid == instead of calling EqualSid and remove test
	for NULL psid.
	* security.h: Declare cygsid::getfromgr as __uid32_t.
2002-11-12 15:51:11 +00:00
Corinna Vinschen 5a8746b732 * grp.cc (initgroups): Call groups::clear_supp to free the
supplementary group sids that may have been set by setgroups.
	* security.cc (cygsidlist::free_sids): Also zero the class members.
	* security.h (groups::clear_supp): New.
	Rename cygsidlist_unknown to cygsidlist_empty.
2002-09-11 10:37:11 +00:00
Corinna Vinschen 5519d54352 * security.cc: Change some formatting.
* include/cygwin/version.h: Bump API minor version.

        * cygheap.h (class cygheap_user): Add member groups.
        * security.h (class cygsidlist): Add members type and maxcount,
        methods position, addfromgr, alloc_sids and free_sids and
        operator+= (const PSID psid). Modify contains () to call
        position () and optimize add () to use maxcount.
        (class user_groups): Create.
        Update declarations of verify_token and create_token.
        * security.cc (cygsidlist::alloc_sids): New.
        (cygsidlist::free_sids): New.
        (get_token_group_sidlist): Create from get_group_sidlist.
        (get_initgroups_sidlist): Create from get_group_sidlist.
        (get_group_sidlist): Suppress.
        (get_setgroups_sidlist): Create.
        (verify_token): Modify arguments. Add setgroups case.
        (create_token): Modify arguments. Call get_initgroups_sidlist and
        get_setgroups_sidlist as needed. Set SE_GROUP_LOGON_ID from auth_pos
        outside of the loop. Rename the various group sid lists consistently.
        * syscalls.cc (seteuid32): Modify to use cygheap->user.groups.
        (setegid32): Call cygheap->user.groups.update_pgrp.
        * grp.cc (setgroups): Create.
        (setgroups32): Create.
        * uinfo.cc (internal_getlogin): Initialize and update user.groups.pgsid.
        * cygwin.din: Add setgroups and setgroups32.
2002-07-29 12:51:52 +00:00
Corinna Vinschen 654bad37a6 * security.h (DONT_INHERIT): Eliminate definition.
(INHERIT_ALL): Ditto.
	(INHERIT_ONLY): Ditto.
	* sec_acl.cc: Use appropriate defines from accctrl.h instead of the
	above throughout.
	* security.cc: Ditto.
2002-07-02 08:11:15 +00:00
Christopher Faylor 74fcdaec20 * autoload.cc (GetSecurityInfo): Define new autoload function.
(RegQueryInfoKeyA): Ditto.
* fhandler.h (fhandler_virtual::fill_filebuf): Change return type to bool.
(fhandler_proc::fill_filebuf): Ditto.
(fhandler_registry::fill_filebuf): Ditto.
(fhandler_process::fill_filebuf): Ditto.
(fhandler_registry::value_name): Add new member.
(fhandler_registry::close): Add new method.
(fhandler_process::p): Remove member.
* fhandler_proc.cc (fhandler_proc::open): Add set_nohandle after calling
superclass method.  Check return value of fill_filebuf.
(fhandler_proc::fill_filebuf): Change return type to bool.  Add return
statement.
* fhandler_process.cc (fhandler_process::open): Add set_nohandle after calling
superclass method.  Remove references to p.  Check return value of
fill_filebuf.
(fhandler_process::fill_filebuf): Change return type to bool.  Don't use
dereference operator on p.  Add return statement.
(fhandler_process::format_process_stat): Fix typo.
* fhandler_registry.cc: Add static open_key declaration.
(fhandler_registry::exists): Assume path is already normalised.  Try opening
the path as a key in its own right first, before reverting to enumerating
subkeys and values of the parent key.
(fhandler_registry::fstat): Add additional code to return more relevant
information about the registry key/value.
(fhandler_registry::readdir): Explicitly set desired access when opening
registry key.  Remove output of buf from debug_printf format string.
(fhandler_registry::open): Use set_io_handle to store registry key handle.  Set
value_name member.  Move code to read a value from the registry to
fill_filebuf.  Add call to fill_filebuf.
(fhandler_registry::close): New method.
(fhandler_registry::fill_filebuf): Change return type to bool.  Add code to
read a value from registry.
(fhandler_registry::open_key): Make function static.  Use KEY_READ as desired
access unless this is the last path component.  Check the return value of
RegOpenKeyEx for an error instead of hKey.
* fhandler_virtual.cc (fhandler_virtual::lseek): Check the return value of
fill_filebuf.
(fhandler_virtual::open): Remove call to set_nohandle.
(fhandler_virtual::fill_filebuf): Change return type to bool.  Add return
statement.
* security.cc (get_nt_object_attribute): New function.
(get_object_attribute): New function.
* security.h (get_object_attribute): New function declaration.
2002-07-02 01:36:15 +00:00
Christopher Faylor de0557f7a3 * security.cc (get_group_sidlist): Add pw argument and use pw->pw_name in call
to get_supplementary_group_sidlist.
(create_token): Add pw argument and use it in call to get_group_sidlist.
* security.h: Add pw argument in declaration of create_token.
* syscalls.cc (seteuid32): Add pw argument in call to create_token.
2002-06-24 13:01:50 +00:00
Corinna Vinschen 2e8abfc1c5 * sec_helper.cc (lookup_name): Suppress.
* security.cc (alloc_sd): Remove logsrv argument.
	Remove two calls to lookup_name.
	(set_security_attribute): Remove logsrv argument.
	Remove logsrv argument in call to alloc_sd.
	(set_nt_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_security_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_nt_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_file_attribute.
	* syscalls.cc (chown_worker): Remove logserver argument in
	call to set_file_attribute.
	(chmod): Ditto.
	* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
	* uinfo.cc (internal_getlogin): Replace calls to
	lookup_name by call to LookupAccountName.
	* security.h: Remove logsrv in declarations of set_file_attribute
	and alloc_sd. Remove declaration of lookup_name.
2002-06-06 11:17:51 +00:00
Corinna Vinschen 1eb934b7c5 * security.cc (lsa2wchar): Suppressed.
(get_lsa_srv_inf): Suppressed.
	(get_logon_server_and_user_domain): Suppressed.
	(get_logon_server): Essentially new.
	(get_user_groups): Add "domain" argument. Only lookup the
	designated server and use "domain" in LookupAccountName.
	(is_group_member): Simplify the arguments.
	(get_user_local_groups): Simplify the arguments. Do only a
	local lookup. Use "BUILTIN" and local domain in LookupAccountName.
	(get_user_primary_group). Only lookup the designated server.
	(get_group_sidlist): Remove logonserver argument. Do not lookup
	any server for the SYSTEM account.
	(create_token): Delete logonserver and call to get_logon_server.
	Adjust arguments of get_group_sidlist, see above.
	* security.h: Delete declaration of get_logon_server_and_user_domain
	and add declaration of get_logon_server.
	* uinfo.cc (internal_get_login): Call get_logon_server instead of
	get_logon_server_and_user_domain.
2002-06-03 17:04:03 +00:00
Corinna Vinschen a8d7ae61e7 Change internal uid datatype from __uid16_t to __uid32_t
throughout.
	* cygwin.din: Export new symbols getpwuid32, getpwuid_r32, getuid32,
	geteuid32, setuid32, seteuid32.
	* passwd.cc (getpwuid32): New function.
	(getpwuid_r32): Ditto.
	* syscalls.cc (seteuid32): Ditto.
	(setuid32): Ditto.
	* uinfo.cc (getuid32): Ditto.
	(geteuid32): Ditto.
	* winsup.h (uid16touid32): New macro, correclt casting from __uid16_t
	to __uid32_t.
	(gid16togid32): Ditto fir gids.
	(getuid32): Declare.
	(geteuid32): Ditto.
	(getpwuid32): Ditto.
	* include/sys/cygwin.h (struct external_pinfo): Add members uid32 and
	gid32.
2002-05-29 15:04:29 +00:00
Corinna Vinschen 5719640581 Change internal gid datatype from __gid16_t to __gid32_t
throughout.
	* cygwin.din: Export new symbols chown32, fchown32, getegid32,
	getgid32, getgrgid32, getgrnam32, getgroups32, initgroups32, lchown32,
	setgid32, setegid32, getgrent32.
	* grp.cc (grp32togrp16): New static function.
	(getgrgid32): New function.
	(getgrnam32): Ditto.
	(getgrent32): Ditto.
	(getgroups32): Change name of internal function from getgroups.
	(getgroups32): New function.
	(initgroups32): Ditto.
	* syscalls.cc (chown32): Ditto.
	(lchown32): Ditto.
	(fchown32): Ditto.
	(setegid32): Ditto.
	(setgid32): Ditto.
	* uinfo.cc (getgid32): Ditto.
	(getegid32): Ditto.
	* include/cygwin/grp.h: Remove declaration of getgrgid() and getgrnam().
	Declare getgrgid32() and getgrnam32() instead.  Declare getgid32().
2002-05-28 14:10:55 +00:00
Corinna Vinschen ebbdc7034b * syscalls.cc (seteuid): Set default dacl in process token.
Replace in-line code by call to verify_token().
	(setegid): Reverse change from 2002-01-21. Add call to
	RevertToSelf and set primary group in impersonation token.
	* security.cc (create_token): Store pgrpsid in token security
	descriptor, except if it already appears in my_grps.
	Use sec_acl() in place of get_dacl().
	(verify_token): Create from code in seteuid(), with tighter checks.
	(get_dacl) Deleted.
	(get_group_sidlist): Add argument to indicate if pgrpsid is already
	in the groups.
	* security.h: Define verify_token().
	* autoload.cc: Load GetKernelObjectSecurity().
2002-05-16 09:30:48 +00:00
Corinna Vinschen 043bc3e1ee * shared.cc (__sec_user): Split into sec_acl() and call orig_sid().
(sec_acl): Create from part of __sec_user(), except creator/owner.
	* security.h: Define sec_acl() and MAX_DACL_LEN.
2002-05-13 12:10:49 +00:00
Robert Collins f449bfef40 2002-02-28 Robert Collins <rbtcollins@hotmail.com>
* Merged cygwin_daemon into head minus the new shm and ipc exports.

2002-02-28  Robert Collins  <rbtcollins@hotmail.com>

	* fhandler_tty.cc (fhandler_tty_slave::open): More debugging.
	(fhandler_tty_slave::read): Fix printf type for the handle.
	* tty.cc (tty::common_init): Add a FIXME for security.

2002-01-29  Robert Collins  <rbtcollins@hotmail.com>

	* Makefile.in (OBJS): Remove duplicate localtime.o.

2002-01-17  Robert Collins  <rbtcollins@hotmail.com>

	* cygserver.cc (check_and_dup_handle): Consolidate the two variants for
	simplicity.
	Add Some basic debug output.
	(client_request_attach_tty::serve): Use the new debug_printf for clarity.
	Mark the duplicated handles as inheritable - fixup_after_fork() doesn't reopen
	tty's.

2002-01-16  Robert Collins  <rbtcollins@hotmail.com>

	* cygserver.cc (transport): Correct scope.
	(client_request_attach_tty::serve): Add more debug information.
	Fix erroneous use of transport instead of conn.
	* cygserver_transport_pipes.cc (transport_layer_pipes::close): More debug.
	(transport_layer_pipes::read): Ditto.
	(transport_layer_pipes::write): Ditto.
	(transport_layer_pipes::impersonate_client): Ditto.

Mon Oct  8  7:41:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* cygserver.cc (server_request::process): Rename client_request_shm_get to
	client_request_shm.
	* cygserver_process.cc (process_cache::add): Rename to add_task.
	Use process_cleanup instead of process_request.
	(process_cache::remove_process): New method.
	(process::process): Initialize new members.
	(process::~process): New member.
	(process::cleanup): New method.
	(process::add_cleanup_routine): New method.
	(process_request::process): Rename to process_cleanup.
	Call the process object's cleanup method and then delete it.
	(process_process_param::request_loop): Remove the signalling process.
	* cygserver_shm.cc: Globally rename client_request_shm_get to client_request_shm.
	(client_request_shm_get::serve): Handle attach request counting.
	* cygserver_shm.h: Globally rename client_request_shm_get to client_request_shm.
	(class shm_cleanup): New class.
	* shm.cc: Globally rename client_request_shm_get to client_request_shm.
	(client_request_shm::client_request_shm): New constructor for attach requests.
	(shmat): Use it.
	* include/cygwin/cygserver_process.h (class process_request): Rename to
	process_cleanup.
	(class cleanup_routine): New class.
	(class process): New members and methods to allow calling back when the process
	terminates.

Thu Oct  4 14:12:00 2001  Robert Collins <rbtcollins@hotmail.com>
	* cygserver.cc (request_loop): Make static.
	(main): Use new cache constructor syntax.
	Start cache worker threads.
	Cleanup the cache at shutdown.
	* cygserver_process.cc: Run indent.
	(process_cache::process_cache): Add a trigger to use when adding a process.
	(process_cache::process): Move process_entry to process.
	Insert at the end of the list.
	Trigger the request loop when new process's inserted.
	(process_cache::process_requests): Do it.
	(process_cache::add): New method.
	(process_cache::handle_snapshot): New method.
	(process::process): Merge in the process_entry fields.
	(process::handle): Make a stub function.
	(process::exit_code): New method.
	(process_request::process): New method.
	(process_process_param::request_loop): New method.
	* cygserver_shm.cc: New header dependency - threaded_queue.h.
	* threaded_queue.cc (threaded_queue::cleanup): Clearer messages.
	(queue_process_param::stop): Short spinlock on interruptible threads.
	* threaded_queue.h (class threaded_queue): New constructor.
	* include/cygwin/cygserver_process.h (process_request): New class.
	(process_entry): Remove.
	(process): Merge in process_entry.
	(process_cache): Inherit from threaded_queue.

Tue Oct  2 23:24:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* cygserver.cc (class server_process_param): Use new constructor syntax.
	* cygserver_process.cc (process_cache::~process_cache): New function.
	* threaded_queue.cc: Define condition debug_printf.
	Run indent.
	(threaded_queue::cleanup): Move queue_process_param guts to a method.
	(threaded_queue::process_requests): Ditto.
	(queue_process_param::queue_process_param): New method.
	(queue_process_param::~queue_process_param): Ditto.
	(queue_process_param::start): Ditto.
	(queue_process_param::stop): Ditto.
	* threaded_queue.h (class queue_process_param): Add support for
	interruptible request loops.
	* cygwin/include/cygwin/cygserver_process.h (class process_cache): Add
	destructor.

Tue Oct  2 23:24:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* cygserver_client.cc: New flag allow_daemon to disable the daemon completely.
	(cygserver_request): Check it.
	(cygserver_init): Ditto.
	* environ.cc (parse_thing): Add (no)daemon option.

Tue Oct  2 23:00:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* shm.cc: Update to handle include changes from HEAD.

Tue Oct  2 16:06:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* Makefile.in: Remove cygserver_shm.o from cygwin1.dll.
	Rename cygserver_shm_outside.o to cygserver_shm.o.
	* cygserver.cc (server_request::process): Use the new client_request
	constructor.
	* cygserver_client.cc: Remove the #ifdef's stubs for the server method
	within cygwin.
	(client_request_attach_tty::client_request_attach_tty): Use the new
	client_request constructor.
	(client_request_shutdown::client_request_shutdown): Ditto.
	(client_request::client_request): Ditto.
	* cygserver_shm.cc (client_request_shm_get::serve): Remove the
	#ifdef'd stub for in-cygwin builds.
	(client_request_shm_get::client_request_shm_get): Use the new
	client_request constructor, and remove the in-cygwin variants.
	* cygserver_shm.h (class client_request_shm_get): #ifndef test the
	serve method - it's only used in cygserver.
	* shm.cc (client_request_shm_get::client_request_shm_get): New function.
	* include/cygwin/cygserver.h (request_header): New constructor.
	(class client_request): Use it.
	New constructor accepting the header size.
	#ifndef test the server method - it's only used within cygserver.
	(client_request_get_version): #ifdef test the server method.
	(client_request_shutdown): Ditto.
	(client_request_attach_tty): Ditto.

Tue Oct  2  9:57:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* Makefile.in: add threaded_queue.o to cygserver.exe.
	* cygserver.cc: Include threaded_queue.h
	(class server_request): Inherit from queue_request.
	(class server_process_param): Inherit from queue_process_param.
	(class server_request_queue): Inherit from threaded_queue.
	(request_loop): Adjust for new types.
	(server_request_queue::process_requests): Remove guts to
	threaded_queue::process_requests.
	(server_request::server_request): Adjust for new types.
	(worker_function): Delete.
	(server_request_queue::create_workers): Delete.
	(server_request_queue::cleanup): Delete.
	(server_request_queue::add): Move guts to threaded_queue::add.
	* threaded_queue.cc: New file.
	* threaded_queue.h: New file.

Mon Oct  1 12:38:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* cygserver.cc (client_request::serve): New function.
	* cygserver_process.cc: Inlude <pthread.h> for pthread_once.
	(process_cache::process_cache): Initialise a crtiical section for write access.
	(process_cache::process): Use the critical section. Also add missing entries to
	the cache.
	(do_process_init): New function to initalise class process static variables.
	(process::process): Ensure that the process access critical section is
	initialised.
	(process::handle): Close the handle of old process's when they have terminated
	and we are returning the handle for a process with the same pid.
	* cygserver_shm.cc: Run indent.
	Include cygserver_process.h to allow process cache functionality.
	(client_request_shm_get::serve): New parameter for process cache support.
	Use the process cache, not OpenProcess to get a handle to the originating process.
	Fix a handle leak with token_handle.
	* cygserver_shm.h (class client_request_shm_get): Update ::serve for process
	cache support.
	* cygserver_transport_pipes.cc: Redefine debug_printf to be conditional on DEBUG.
	* include/cygwin/cygserver.h: Do not implement client_request::serve in the
	header.
	* include/cygwin/cygserver_process.h (class process_cache): Add a write access
	critical section to prevent races when requests from a  multithreaded
	application arrive.

Sun Sep 30 23:41:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* Makefile.in: Add cygserver_process.o to cygserver.exe.
	* cygserver.cc: Include signal.h and cygwin_version.h.
	Define debug_printf as a macro.
	Define DEBUG to a value.
	(client_request_attach_tty::serve): Add beginning of process cache support.
	Change from #ifdef DEBUG to work with new DEBUG style.
	(client_request_get_version::serve): Add beginning of process cache support.
	(class server_request): New prototype for support of process cache.
	(class queue_process_param): New class to allow request loop threading.
	(class server_request_queue): Add beginning of process cache support.
	Allow request loop threading.
	(request_loop): Thread function for request loops.
	(server_request_queue::process_requests): Initiator for threaded request loops.
	(client_request_shutdown::serve): Add beginning of process cache support.
	(server_request::server_request): Ditto.
	(server_request::process): Use debug_printf. Add beginning of process cache
	support.
	(server_request_queue::cleanup): Kill off any request loop threads.
	(server_request_queue::add): Add beginning of process cache support.
	(handle_signal): Trigger a shutdown.
	(main): Print out some useful info at startup - version, date time.
	Add process cache support.
	Spawn a separate thread for the transport request loop, thus allowing concurrent
	support for multiple transports.
	* cygserver_client.cc (client_request_get_version::serve): Add process cache
	support.
	(client_request_attach_tty::serve): Add process cache support.
	(client_request_shutdown::serve): Add process cache support.
	* cygsserver_process.cc: New file with the process cache support.
	* cygserver_shm.cc: Redefine debug_printf to allow conditional output.
	* cygwin.din: Export shmdt().
	* shm.cc: Run indent.
	Update FIXME's.
	(shmdt): New function.
	* include/cygwin/cygserver.h (class client_request): Add process cache support.
	(class client_request_get_version): Ditto.
	(class client_request_shutdown): Ditto.
	(class client_request_attach_tty): Ditto.
	* include/cygwin/cygserver_process.h: New header for process cache support.

Sun Sep 30  8:52:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* include/cygwin/cygserver_transport.h: Add copyright header.
	* include/cygwin/cygserver_transport_pipes.h: Ditto.
	* include/cygwin/cygserver_transport_sockets.h: Ditto.

Sat Sep 29 20:40:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* Makefile.in: Add cygserver_transport_sockets.o to DLL_OFILES.
	Add cygserver_transport_sockets_outside.o to cygserver.exe.
	* cygserver.cc: Include new include files.
	* cygserver_client.cc: Ditto.
	* cygserver_shm.h: No need to include <sys/socket.h> now.
	* cygerver_transport.cc: Include new include files.
	(transport_layer_base::transport_layer_base): Strip back to a stub.
	(transport_layer_base::listen): Ditto.
	(transport_layer_base::accept): Ditto.
	(transport_layer_base::close): Ditto.
	(transport_layer_base::read): Ditto.
	(transport_layer_base::write): Ditto.
	(transport_layer_base::connect): Ditto.
	* cygserver_transport_pipes.cc: Include new header
	"cygwin/cygserver_transport_pipes.h".
	* cygserver_transport_sockets.cc: New file.
	* dcrt0.cc: No need to include <sys/socket.h> now.
	* fhandler_tty.cc: Ditto.
	* tty.cc: Ditto.
	* include/cygwin/cygserver_transport.h: Strip the base class to a stub.
	Remove the cygserver_transport_pipes class.
	* include/cygwin/cygserver_transport_pipes.h: New file.
	* include/cygwin/cygserver_transport_sockets.h: New file.

Tue Sep 25 16:22:00 2001  Robert Collins <rbtcollins@hotmail.com>

	* autoload.cc: Add dynamic load statement for 'ImpersonateNamedPipeClient'.
	* Makefile.in: Add new object files, and build instructions for cygserver.exe.
	* cygwin.din: Export ftok, shmat, shmctl and shmget.
	* dcrt0.cc: Additional includes for cygserver support.
	(dll_crt0_1): Initialise the cygserver client.
	* fhandler.h (fhandler_tty): New method cygserver_attach_tty.
	* fhandler_tty.cc: Additional includes for cygserver support.
	(fhandler_tty_slave::open): Attempt to use the cygserver when obtaining
	handles from the parent process. On failure or 9x use the current method.
	(fhandler_tty_slave::cygserver_attach_tty): New function.
	* fork.cc (fork_child): Fixup shm memory mapped areas.
	* pinfo.h: Declare fixup_shms_after_fork().
	* security.h: Declare alloc_sd().
	* tty.cc: Additonal includes to support cygserver.
	(tty::common_init): Don't allow others to open us if the cygserver is running.
	* winsup.h: Declare cygserver_running.
	* cygserver.cc: New file.
	* cygserver_client.cc: New file.
	* cygserver_shm.cc: New file.
	* cygserver_shm.h: New file.
	* cygserver_transport.cc: New file.
	* cygserver_transport_pipes.cc: New file.
	* ipc.cc: New file.
	* shm.cc: New file.
	* include/cygwin/cygserver.h: New file.
	* include/cygwin/cygserver_transport.h: New file.
	* include/sys/ipc.h: New file.
	* include/sys/shm.h: New file.

2002-02-28  Robert Collins  <rbtcollins@hotmail.com>

	* thread.cc (semaphore::TryWait): Set errno as required by posix 1003.1.
	(__sem_wait): Ditto.
	(__sem_trywait): Ditto.
2002-02-28 14:30:38 +00:00
Christopher Faylor cecb74ae47 * fork.cc (fork_parent): Use sec_user_nih to control process/thread
inheritance/permission.
* spawn.cc (spawn_guts): Ditto.
* security.cc (create_token): Initialize token so that it is not tested for
bogus value later.  Use sec_user to control process/thread creation.
* security.h (__sec_user): Rename declaration from sec_user.
(sec_user_nih): Declare here as inline function wrapper for __sec_user.
(sec_user): Ditto.
* sigproc.cc (czombies): Allocate a character array for zombies to avoid
constructor overhead
(extremely hackish, I know).
(cpchildren): Ditto.
(pchildren): New define.
(zombies): Ditto.
(getsem): Use sec_user_nih to control semaphore inheritance/permission.
2002-02-19 05:58:44 +00:00
Corinna Vinschen b31c68c447 * child_info.h, cygheap.h, fhandler_clipboard.cc, fhandler_dsp.cc,
fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
	fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
	pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
	security.h, thread.h, uinfo.cc, include/cygwin/acl.h: Fix copyright.
2002-02-10 13:50:13 +00:00
Corinna Vinschen de4e0d3001 * (child_info.h, cygheap.h, dcrt0.cc, dir.cc, fhandler.cc, fhandler.h,
fhandler_clipboard.cc, fhandler_disk_file.cc, fhandler_dsp.cc,
	fhandler_floppy.cc, fhandler_mem.cc, fhandler_random.cc,
	fhandler_tape.cc, fhandler_zero.cc, grp.cc, mmap.cc, passwd.cc,
	pinfo.cc, pinfo.h, pipe.cc, sec_acl.cc, sec_helper.cc, security.cc,
	security.h, spawn.cc, syscalls.cc, thread.h, uinfo.cc, winsup.h):
	Change usage of uid_t to __uid16_t, gid_t to __gid16_t and
	off_t to __off32_t throughout.  Use INVALID_UID, INVALID_GID and
	INVALID_SEEK instead casting -1 to the appropriate type.
	* winsup.h: Define INVALID_UID, INVALID_GID and INVALID_SEEK.
	* include/cygwin/acl.h: Define internal __aclent16_t and __aclent32_t
	types.  Don't declare acl functions when compiling Cygwin.
	* include/cygwin/grp.h: Declare getgrgid() and getgrnam() with
	correct types for internal usage.
2002-02-10 13:38:51 +00:00
Christopher Faylor 243a041bd0 * dll_init.h (class dll_list): Reorder functions to avoid compiler "can't
inline" warnings.
* security.h (class cygsid): Ditto.
* sigproc.cc (get_proc_lock): Ditto.
* sigproc.h (class sigframe): Ditto.
* sync.h (class muto): Ditto.
* fhandler.h (fhandler_base::get_guard): Actually MAKE virtual as previously
indicated.
* pipe.cc (make_pipe): Remove extraneous set_errno.
* syscalls.cc (_open): Ditto.
* select.cc (peek_pipe): Need to check that there is still something to read
from the pipe after acquiring the mutex since another process/thread could have
eaten the input before we got to acquiring the lock.  (Thanks to Nick Duffek
for this inspiration.)
2001-11-03 03:32:27 +00:00
Christopher Faylor 1ff9f4b937 * cygheap.h (init_cygheap): Move heap pointers here.
* include/sys/cygwin.h (perprocess): Remove heap pointers.
* dcrt0.cc (__cygwin_user_data): Reflect obsolete perprocess stuff.
(_dll_crt0): Don't initialize heap pointers.
(cygwin_dll_init): Ditto.
(release_upto): Use heap pointers from cygheap.
* heap.h: Ditto.
* fork.cc (fork_parent): Ditto.  Don't set heap pointers in ch.
(fork_child): Remove obsolete sigproc_fixup_after_fork.
* shared.cc (memory_init): Reorganize so that cygheap initialization is called
prior to regular heap since regular heap uses cygheap now.
* sigproc.cc (proc_subproc): Eliminate zombies allocation.
(sigproc_init): Move zombies alloation here.  Don't free up array on fork, just
reuse it.
(sigproc_fixup_after_fork): Eliminate.
* sigproc.h: Ditto.
* include/cygwin/version.h: Reflect change to perprocess structure.
2001-09-07 21:32:07 +00:00
Corinna Vinschen 86fb039324 * dir.cc (mkdir): Set security attributes correctly for
CreateDirectoryA () call if ntsec is on. Don't call
        set_file_attributes () then.
        * fhandler.cc (fhandler_base::open): Ditto for CreateFileA () call.
        * path.cc (symlink): Ditto.
        * security.cc (set_security_attribute): New function.
        * security.h: Add declaration for `allow_ntea' and
        `set_security_attribute'.
2001-08-07 15:09:54 +00:00
Corinna Vinschen 3a157c0d0d Change well_known_admin_sid to well_known_admins_sid throughout.
* sec_acl.cc (setacl): Never set DELETE permission. Set
        FILE_DELETE_CHILD only on readable and executable directories.
        * sec_helper.cc: Add constructor for `well_known_null_sid'.
        * security.cc (get_nt_attribute): Set S_ISVTX for directories if
        FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
        Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
        (alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
        only on readable and executable directories.
        Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
        * security.h: Add extern declaration for `well_known_null_sid'.
2001-07-15 22:40:07 +00:00
Christopher Faylor 462f4effb1 * mmap.cc: Clean up *ResourceLock calls throughout.
* thread.cc (pthread_cond::TimedWait): Check for WAIT_TIMEOUT as well as
WAIT_ABANDONED.
(__pthread_cond_timedwait): Calculate a relative wait from the abstime
parameter.
2001-06-26 14:47:48 +00:00
Egor Duda 149da470f3 * security.h (NTWriteEA): Change prototype.
* ntea.cc (NTReadEA): Don't check for global ntea setting, now
it's caller responsibility.
(NTWriteEA): Ditto.
* security.cc (get_file_attribute): Read attribute from EA only
if 'ntea' is enabled.
(set_file_attribute): Ditto.
* path.h: (class path_conv): Add members to store file system
information.
(path_conv::get_drive_type): New function.
* syscalls.cc (stat_worker): Use it.
* path.cc (path_conv::update_fs_info): New functions.
(path_conv::check): Get file system information from device where
file resides. On NTFS, try to read symlink contents from EA.
(get_symlink_ea): New function.
(set_symlink_ea): Ditto.
(symlink): Store symlink in extended attribute, if possible.
2001-06-05 10:45:52 +00:00
Corinna Vinschen b2939a814c * sec_helper.cc (cygsid::getfrompw): Change parameter to `const'.
(cygsid::getfromgr): Ditto.
        * security.cc: Use `sys_mbstowcs' and `sys_wcstombs' throughout.
        (extract_nt_dom_user): Try to get user and domain from SID in
        pw->pw_gecos first.
        * security.h (class cygsid): Change parameter of getfrompw() and
        getfromgr() to `const'.
        * uinfo.cc (internal_getlogin): Change order for evaluating user
        information in winNT case. Drop usage of NetWkstaUserGetInfo().
2001-05-29 20:43:40 +00:00
Corinna Vinschen 1fcc912f13 * autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
        `LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
        `NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
        `NtCreateToken'.
        * ntdll.h: Add declaration for `NtCreateToken'.
        * sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
        `well_known_network_sid', `well_known_batch_sid',
        `well_known_interactive_sid', `well_known_service_sid' and
        `well_known_authenticated_users_sid'.
        (cygsid::string): Define as const method.
        (cygsid::get_sid): Set psid to NO_SID on error.
        (cygsid::getfromstr): Ditto.
        (cygsid::getfrompw): Simplify.
        (cygsid::getfromgr): Check for gr == NULL.
        (legal_sid_type): Move to security.h.
        (set_process_privilege): Return -1 on error, otherwise 0 or 1 related
        to previous privilege setting.
        * security.cc (extract_nt_dom_user): Remove `static'.
        (lsa2wchar): New function.
        (open_local_policy): Ditto.
        (close_local_policy): Ditto.
        (get_lsa_srv_inf): Ditto.
        (get_logon_server): Ditto.
        (get_logon_server_and_user_domain): Ditto.
        (get_user_groups): Ditto.
        (is_group_member): Ditto.
        (get_user_local_groups): Ditto.
        (sid_in_token_groups): Ditto.
        (get_user_primary_group): Ditto.
        (get_group_sidlist): Ditto.
        (get_system_priv_list): Ditto.
        (get_priv_list): Ditto.
        (get_dacl): Ditto.
        (create_token): Ditto.
        (subauth): Return immediately if SE_TCB_NAME can't be assigned.
        Change all return statements in case of error to jumps to `out'
        label. Add `out' label to support cleanup.
        * security.h: Add extern declarations for `well_known_local_sid',
        `well_known_dialup_sid', `well_known_network_sid',
        `well_known_batch_sid', `well_known_interactive_sid',
        `well_known_service_sid' and `well_known_authenticated_users_sid'.
        Add extern declarations for functions `create_token',
        `extract_nt_dom_user' and `get_logon_server_and_user_domain'.
        (class cygsid): Add method `assign'. Change operator= to call new
        `assign' method. Add `debug_print' method.
        (class cygsidlist): New class.
        (legal_sid_type): Moved from sec_helper.cc to here.
        * spawn.cc (spawn_guts) Revert reversion of previous patch.
        Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
        again.
        * syscalls.cc (seteuid): Rearranged. Call `create_token' now when
        needed. Call `subauth' if `create_token' fails. Try setting token
        owner and primary group only if token was not explicitely created
        by `create_token'.
        * uinfo.cc (internal_getlogin): Try harder to generate correct user
        information. Especially don't trust return value of `GetUserName'.
2001-05-20 08:10:47 +00:00
Corinna Vinschen 2b0a111fcf * fork.cc (fork): Eliminate superfluous call to getuid().
* security.h: New define `NO_SID'. Remove declarations of functions
        moved to methods into class cygsid.
        (class cygsid): Declare new methods `getfromstr', `get_sid',
        `getfrompw', `getfromgr', `get_rid', `get_uid', `get_gid', `string'
        and new constructors and operators =, == and !=.
        Declare new global cygsids `well_known_XXX_sid' substituting the
        corresponding `get_XXX_sid' functions. Remove declarations of
        these functions.
        * sec_helper.cc (well_known_admin_sid): New global variable.
        (well_known_system_sid): Ditto
        (well_known_creator_owner_sid): Ditto
        (well_known_world_sid): Ditto
        (cygsid::string): New method, substituting `convert_sid_to_string_sid'.
        (cygsid::get_sid): New method, substituting `get_sid'.
        (cygsid::getfromstr): New method, substituting
        `convert_string_sid_to_sid'.
        (cygsid::getfrompw): New method, substituting `get_pw_sid'.
        (cygsid::getfromgr): New method, substituting `get_gr_sid'.
        (cygsid::get_id): New method, substituting `get_id_from_sid'.
        (get_admin_sid): Eliminated.
        (get_system_sid): Ditto.
        (get_creator_owner_sid): Ditto.
        (get_world_sid): Ditto.
        * grp.cc: Use new cygsid methods and well known sids throughout.
        * registry.cc: Ditto.
        * sec_acl.cc: Ditto.
        * security.cc: Ditto.
        * shared.cc: Ditto.
        * syscalls.cc (seteuid): Ditto. Eliminate redundant conditional.
        * uinfo.cc (internal_getlogin): Ditto.
        * spawn.cc (spawn_guts) Revert previous patch.
2001-05-15 19:23:31 +00:00
Corinna Vinschen 57ff940dd4 * autoload.cc: Add LoadDLLinitfunc for secur32.dll.
Add LoadDLLfuncEx statements for AllocateLocallyUniqueId@4,
        DuplicateTokenEx@24, LsaNtStatusToWinError@4,
        LsaDeregisterLogonProcess@4, LsaFreeReturnBuffer@4,
        LsaLogonUser@56, LsaLookupAuthenticationPackage@12,
        LsaRegisterLogonProcess@12,
        * environ.cc: Add extern declaration for `subauth_id'.
        (subauth_id_init): New function for setting `subauth_id'.
        (struct parse_thing): Add entry for `subauth_id'.
        * fork.cc (fork_parent): Call `RevertToSelf' and
        `ImpersonateLoggedOnUser' instead of `seteuid'.
        * security.cc: Define global variable `subauth_id'.
        (extract_nt_dom_user): New function.
        (cygwin_logon_user): Call `extract_nt_dom_user' now.
        (str2lsa): New static function.
        (str2buf2lsa): Ditto.
        (str2buf2uni): Ditto.
        (subauth): Ditto.
        * security.h: Add prototype for `subauth'.
        * spawn.cc (spawn_guts): Use cygheap->user.token only if impersonated.
        Use `cygsid' type. Remove impersonation before allowing access to
        workstation/desktop to everyone. Call `RevertToSelf' and
        `ImpersonateLoggedOnUser' instead of `seteuid'.
        * syscalls.cc (seteuid): Rearranged to allow using subauthentication
        to retrieve user tokens when needed.
2001-04-30 21:19:42 +00:00
Corinna Vinschen 17db110558 * grp.cc: Eliminate MAX_DOMAIN_NAME define.
(read_etc_group): Substitute MAX_DOMAIN_NAME by
        INTERNET_MAX_HOST_NAME_LENGTH.
        * passwd.cc (parse_pwd): Don't force pw_name to be lower case.
        * sec_helper.cc: Substitute MAX_USER_NAME by UNLEN,
        MAX_COMPUTERNAME_LENGTH by INTERNET_MAX_HOST_NAME_LENGTH throughout.
        (lookup_name): Slight cleanup.
        * security.cc (alloc_sd): Substitute MAX_USER_NAME by UNLEN.
        * security.h: Define DEFAULT_UID as DOMAIN_USER_RID_ADMIN and
        DEFAULT_GID as DOMAIN_ALIAS_RID_ADMINS.
        * shared.cc (memory_init): Substitute MAX_USER_NAME by UNLEN.
        * thread.h: Ditto.
        * uinfo.cc (internal_getlogin): Substitute MAX_USER_NAME by UNLEN.
        Substitute MAX_COMPUTERNAME_LENGTH and MAX_HOST_NAME by
        INTERNET_MAX_HOST_NAME_LENGTH.
        * winsup.h: Include lmcons.h. Eliminate MAX_USER_NAME and
        MAX_HOST_NAME. Move DEFAULT_UID and DEFAULT_GID to security.h.
2001-04-30 18:21:48 +00:00
Corinna Vinschen d551169a9f * autoload.cc: Add LoadDLLfunc statements for SetTokenInformation@16.
* cygheap.cc: Include security.h.
        * grp.cc (internal_getgrent): New function.
        (getgroups): Rearranged using `internal_getgrent' and the new
        `cygsid' class.
        * passwd.cc (internal_getpwent): New function.
        * sec_acl.cc: Use new `cygsid' class throughout.
        (acl_access): Use `internal_getgrent' instead of `getgrent'.
        * sec_helper.cc: Use new `cygsid' class throughout.
        (get_id_from_sid): Use `internal_getgrent' instead of `getgrent'.
        Use `internal_getpwent' instead of `getpwent'.
        * security.cc: Use new `cygsid' class throughout.
        * security.h: Move `MAX_SID_LEN' from winsup.h to here.
        Add extern declarations for `internal_getgrent' and `internal_getpwent'.
        (class cygsid): New class.
        * shared.cc (sec_user): Use new `cygsid' class.
        * syscalls.cc (seteuid): Try to set owner to user and primary group to
        current group in impersonation token before performing impersonation.
        (setegid): Try to set primary group in process token to the new group
        if ntsec is on.
        * uinfo.cc (internal_getlogin): Use new `cygsid' class.
        Try to set owner to user and primary group to current group in process
        token if the process has been started from a non cygwin process.
        (uinfo_init): Set primary group only if the process has been started
        from a non cygwin process.
        * winsup.h: Move define for `MAX_SID_LEN' to security.h.
2001-04-25 09:43:25 +00:00
Corinna Vinschen 3c8e92d9fc * security.cc (set_process_privileges): Swap out.
* sec_helper.cc (set_process_privilege): Rename from
        `set_process_privileges'. Takes the privilege to enable or disable
        as parameter now.
        * security.h: Add prototype for `set_process_privileges'.
2001-04-20 20:36:13 +00:00
Corinna Vinschen c0d1968a18 * Makefile.in: Add object files `sec_helper.cc' and `sec_acl.cc'.
* security.cc: Swap out several functions.
        * sec_acl.cc: New file. Move Sun compatibel ACL functions from
        `security.cc' to here.
        * sec_helper.cc: New file. Move security helper functions from
        `security.cc' to here.
        * security.h: Changed to accomodate the above changes.

        * grp.cc: Replace `group_in_memory_p' by `group_state'.
        Eliminate group_sem throughout.
        (enum grp_state): New enumeration type.
        (read_etc_group): Make race safe.
        * security.cc: Eliminate group_sem throughout.
2001-04-20 13:02:32 +00:00
Corinna Vinschen 5827f4d98a * environ.cc (struct parse_thing): Add entry for new CYGWIN option
`smbntsec'.
        * path.cc (path_conv::check): Check path for being a remote path.
        If so and `allow_smbntsec' is set to FALSE, set has_acls to FALSE.
        * security.cc: Add global definition for `allow_smbntsec'.
        * security.h: Add extern declaration for `allow_smbntsec'.
        * fhandler.cc (fhandler_disk_file::open): Eliminate extern declaration
        of `allow_ntsec'.
        * syscalls.cc: Ditto.
2000-12-19 19:52:57 +00:00
Christopher Faylor f0338f545d Break out more header info into separate files. Use appropriate header files
throughout.
* shared.h: Remove.
* cygwin_version.h: New file.
* delqueue.h: New file.
* environ.h: New file.
* host_dependent.h: New file.
* perprocess.h: New file.
* registry.h: New file.
* security.h: New file.
2000-09-08 02:56:55 +00:00