Call LookupAccountSid after trying to get domain & user from passwd.
(get_group_sidlist): Obtain the domain and user by calling
extract_nt_dom_user instead of LookupAccountSid.
to get_supplementary_group_sidlist.
(create_token): Add pw argument and use it in call to get_group_sidlist.
* security.h: Add pw argument in declaration of create_token.
* syscalls.cc (seteuid32): Add pw argument in call to create_token.
Check uid for current user first and use SIDs from cygheap if so.
Set errno to EINVAL if user SID isn't retrievable. Just print user SID
as debug output.
Don't bail out if group SID isn't retrievable. Change debug output
appropriately.
(cygheap_user::env_logsrv): Verify env_domain is valid.
* environ.cc: Include child_info.h and keep spenvs[] sorted.
(environ_init): Check child_proc_info instead of myself->ppid_handle.
* environ.cc (spenv::retrieve): Add debugging statements.
* pinfo.cc (set_myself): Don't call strace.hello if already stracing.
* strace.cc (strace): Move NO_COPY keyword so that it will actually take
effect.
command-line setting.
* cygwin.din: Export sexec* functions as function which returns ENOSYS
(i.e., sexec* is deprecated).
* dtable.cc (dtable::vfork_child_dup): Ensure that impersonation is restored
even on failure.
* exec.cc: Throughout, remove references to sexec* and _spawnve.
* pinfo.h: Remove _spawnve declaration.
* spawn.cc: Rename _spawnve to spawnve and use throughout.
(spawn_guts): Eliminate hToken argument and processing of same. Just perform
special actions if impersonating.
(spawnve): Rename from _spawnve.
* security.cc (alloc_sd): Remove logsrv argument.
Remove two calls to lookup_name.
(set_security_attribute): Remove logsrv argument.
Remove logsrv argument in call to alloc_sd.
(set_nt_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_security_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_nt_attribute.
(set_file_attribute): Remove logsrv argument.
Remove logsrv argument in call to set_file_attribute.
* syscalls.cc (chown_worker): Remove logserver argument in
call to set_file_attribute.
(chmod): Ditto.
* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
* uinfo.cc (internal_getlogin): Replace calls to
lookup_name by call to LookupAccountName.
* security.h: Remove logsrv in declarations of set_file_attribute
and alloc_sd. Remove declaration of lookup_name.
(get_lsa_srv_inf): Suppressed.
(get_logon_server_and_user_domain): Suppressed.
(get_logon_server): Essentially new.
(get_user_groups): Add "domain" argument. Only lookup the
designated server and use "domain" in LookupAccountName.
(is_group_member): Simplify the arguments.
(get_user_local_groups): Simplify the arguments. Do only a
local lookup. Use "BUILTIN" and local domain in LookupAccountName.
(get_user_primary_group). Only lookup the designated server.
(get_group_sidlist): Remove logonserver argument. Do not lookup
any server for the SYSTEM account.
(create_token): Delete logonserver and call to get_logon_server.
Adjust arguments of get_group_sidlist, see above.
* security.h: Delete declaration of get_logon_server_and_user_domain
and add declaration of get_logon_server.
* uinfo.cc (internal_get_login): Call get_logon_server instead of
get_logon_server_and_user_domain.
* fhandler.h (fhandler_proc::fill_filebuf): Take a pinfo argument.
* fhandler_proc.cc (fhandler_proc::get_proc_fhandler): Simplify search for
given pid.
(fhandler_proc::readdir): Assume that pid exists if it shows up in the winpid
list.
* fhandler_process.cc (fhandler_process::open): Simplify search for given pid.
Call fill_filebuf with pinfo argument.
(fhandler_process::fill_filebuf): Pass pinfo here and assume that it exists.
* pinfo.h (pinfo::remember): Define differently if sigproc.h is not included.
* dll_init.cc (dll_list::detach): Don't run destructor on exit.
(LoadFuncEx2): Adapted from LoadFuncEx. Provides control of return value for
nonexistent function.
(NtQueryObject): Declare.
(IsDebuggerPresent): Declare via LoadFuncEx2 and always return true if not
available.
* debug.h (being_debugged): Just rely on IsDebuggerPresent return value.
* dtable.cc (handle_to_fn): New function.
(dtable::init_std_file_from_handle): Attempt to derive std handle's name via
handle_to_fn.
(dtable::build_fhandler_from_name): Fill in what we can in path_conv structure
when given a handle and path doesn't exist.
* fhandler.cc (fhandler_base::open): Don't set the file pointer here. Use
pc->exists () to determine if file exists rather than calling GetFileAttributes
again.
* fhandler.h (fhandler_base::exec_state_isknown): New method.
(fhandler_base::fstat_helper): Add extra arguments to declaration.
(fhandler_base::fstat_by_handle): Declare new method.
(fhandler_base::fstat_by_name): Declare new method.
* fhandler_disk_file (num_entries): Make __stdcall.
(fhandler_base::fstat_by_handle): Define new method.
(fhandler_base::fstat_by_name): Define new method.
(fhandler_base:fstat): Call fstat_by_{handle,name} as appropriate.
(fhandler_disk_file::fstat_helper): Accept extra arguments for filling out stat
structure. Move handle or name specific stuff to new methods above.
(fhandler_disk_file::open): Use real_path->exists rather than calling
GetFileAttributes again.
* ntdll.h (FILE_NAME_INFORMATION): Define new structure.
(OBJECT_INFORMATION_CLASS): Partially define new enum.
(OBJECT_NAME_INFORMATION): Define new structure.
(NtQueryInformationFile): New declaration.
(NtQueryObject): New declaration.
* path.cc (path_conv::fillin): Define new method.
* path.h (path_conv::fillin): Declare new method.
(path_conv::drive_thpe): Rename from 'get_drive_type'.
(path_conv::volser): Declare new method.
(path_conv::volname): Declare new method.
(path_conv::root_dir): Declare new method.
* syscalls.cc (fstat64): Send real path_conv to fstat as second argument.
where appropriate, throughout. Remove unneeded exceptions.h, where
appropriate, throughout. Remove unneeded perprocess.h, where appropriate,
throughout.
INVALID_HANDLE_VALUE instead of NULL.
(get_logon_server_and_user_domain): Test for INVALID_HANDLE_VALUE
instead of NULL.
(create_token): Both of the above.
Replace in-line code by call to verify_token().
(setegid): Reverse change from 2002-01-21. Add call to
RevertToSelf and set primary group in impersonation token.
* security.cc (create_token): Store pgrpsid in token security
descriptor, except if it already appears in my_grps.
Use sec_acl() in place of get_dacl().
(verify_token): Create from code in seteuid(), with tighter checks.
(get_dacl) Deleted.
(get_group_sidlist): Add argument to indicate if pgrpsid is already
in the groups.
* security.h: Define verify_token().
* autoload.cc: Load GetKernelObjectSecurity().
(NetServerEnum): Remove symbol.
* security.cc (get_lsa_srv_inf): Call NetGetDCName() instead of
NetServerEnum() since it's faster. Don't call it at all if machine
is not a domain member.
inheritance/permission.
* spawn.cc (spawn_guts): Ditto.
* security.cc (create_token): Initialize token so that it is not tested for
bogus value later. Use sec_user to control process/thread creation.
* security.h (__sec_user): Rename declaration from sec_user.
(sec_user_nih): Declare here as inline function wrapper for __sec_user.
(sec_user): Ditto.
* sigproc.cc (czombies): Allocate a character array for zombies to avoid
constructor overhead
(extremely hackish, I know).
(cpchildren): Ditto.
(pchildren): New define.
(zombies): Ditto.
(getsem): Use sec_user_nih to control semaphore inheritance/permission.
(get_group_sidlist): Call get_supplementary_group_sidlist() to
retrieve list of supplementary groups SIDs from /etc/group and
add them to the user's group list.
* fhandler.h (fhandler_dev_raw::get_unit): New method.
(fhandler_dev_tape::norewind): Eliminate.
(fhandler_dev_tape::is_rewind_device): New method.
* fhandler_raw.cc (fhandler_dev_raw::open): Open new
fixed device name devices using NT internal method.
Keep calling fhandler_base::open() for old mount table
device mapping compatibility devices.
(fhandler_dev_raw::fstat): Eliminate. Settings are done
by fhandler_base::fstat() already.
* fhandler_tape.cc: Remove `norewind' usage throughout.
* ntdll.h: Define FILE_SYNCHRONOUS_IO_NONALERT.
Define struct _IO_STATUS_BLOCK.
Declare NtOpenFile().
* path.cc (get_raw_device_number): Add new approach for
using fixed device names.
(win32_device_name): Ditto.
(get_device_number): Ditto. Require POSIX path to begin
with "/dev/".
(mount_info::conv_to_win32_path): Call win32_device_name()
instead of get_device_number() after evaluating mount points
to allow changing the win32 destination path again.
* security.cc (str2buf2uni): Remove `static' to be able to
call function from fhandler_dev_raw::open().
* wincap.cc: Set flag has_raw_devices appropriately.
* wincap.h: Add flag has_raw_devices.
a failure.
* times.cc (utimes): On NTFS with ntsec ON, change the file's
security descriptor temporarily to acquire write access if
opening the file failed.
* dcrt0.cc (set_os_type): Set 'iswinnt' appropriately.
* cygheap.cc (init_cheap): Revert to using VirtualAlloc for allocating cygheap.
(cygheap_setup_for_child_cleanup): New function. Standard function to call
after calling CreateProcess to cleanup cygheap info passed to child.
(cygheap_fixup_in_child): Copy cygheap from shared memory into allocated space
under Windows 9x or if can't relocate shared space under NT.
* cygheap.h: Declare new function.
* spawn.cc (spawn_guts): Use cygheap_fixup_in_child.
* fork.cc (fork_parent): Ditto.
* winsup.h: Declare iswinnt.
fhandler.h.
* fhandler.h (fhandler_base::get_inheritance): New method.
* fhandler_socket.cc (fhandler_socket::create_secret_event): Use proper
close-on-exec inheritance when creating.
(fhandler_socket::check_peer_secret_event): Create handle as non-inheritable.
* sec_acl.cc (setacl): Never set DELETE permission. Set
FILE_DELETE_CHILD only on readable and executable directories.
* sec_helper.cc: Add constructor for `well_known_null_sid'.
* security.cc (get_nt_attribute): Set S_ISVTX for directories if
FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
(alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
only on readable and executable directories.
Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
* security.h: Add extern declaration for `well_known_null_sid'.