with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting
FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
* security.cc (alloc_sd): Reformat expression. Strip EA permission
bits from owner_deny and group_deny computation.
and use FILE_ATTRIBUTE_DIRECTORY directly in call to NtCreateFile.
* posix_ipc.cc (ipc_mutex_init): Fix format string when creating IPC
object name.
(ipc_cond_init): Ditto.
* security.cc (alloc_sd): Add parentheses to fix setting initial
owner_allow value.
additional path_conv argument.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
R/O attribute when using ACLs.
(fhandler_disk_file::mkdir): Ditto. Set
security descriptor on remote dirs after creating the dir, same as in
fhandler_base::open.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto. for remote symlinks.
* security.cc (alloc_sd): Take additional path_conv argument.
Accommodate throughout. Drop setting FILE_WRITE_EA/FILE_READ_EA
flags unconditionally (was only necessary for "ntea"). Don't set
FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
Samba. Add comment to explain. Drop useless setting of
STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
to enforce read permissions on Samba.
(set_security_attribute): Take additional path_conv argument.
* security.h (set_security_attribute): Change prototype accordingly.
opened for reading the ACLs, fall back to faking them.
* sec_acl.cc (acl_worker): Handle non-existing files.
* security.cc (get_file_attribute): Return ILLEGAL_UID/ILLEGAL_GID
as owner/group for non-readable ACLs on file systems supporting them.
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.
* security.cc (alloc_sd): Set security descriptor control flag without
calling SetSecurityDescriptorControl function.
* wincap.h (wincapc::has_dacl_protect): Rename from
has_security_descriptor_control.
* wincap.cc: Ditto throughout.
* mmap.cc (mlock): Accommodate parameter change in call to
push_thread_privilege.
(munlock): Ditto.
* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
(NtAdjustPrivilegesToken): Declare.
* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
(privilege_luid): Take job of privilege_luid_by_name, using new
cygpriv.
(privilege_luid_by_name): Remove.
(privilege_name): Accommodate new cygpriv array.
(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
Accommodate changes to privilege_name.
(set_cygwin_privileges): Simplify. Don't try to set
SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
* security.cc (sys_privs): Reorder to match numerical privilege order.
Use real privilege values as defined in security.h.
(get_system_priv_list): Drop unused grp_list argument. Create
list of privileges according to new wincapc::max_sys_priv value.
(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
Make priv a local value instead of a pointer.
(create_token): Accommodate parameter change in call to
push_self_privilege.
(lsaauth): Ditto.
(check_access): Use privilege values directly instead of calling
privilege_luid.
* security.h: Define real privilege values.
(cygpriv_idx): Remove.
(privilege_luid): Change declaration.
(privilege_luid_by_name): Drop declaration.
(set_privilege): Change declaration.
(set_process_privilege): Drop definition.
(_push_thread_privilege): Accomodate new set_privilege parameters.
* wincap.h (wincapc::max_sys_priv): New element.
* wincap.cc: Implement above element throughout.
(wincap_2000sp4): New wincaps structure.
(wincap_xpsp1): Ditto.
(wincap_xpsp2): Ditto.
(wincapc::init): Use new wincaps.
(wincapc::max_sys_priv): New element.
Accommodate changge throughout Cygwin.
(cygheap_user::imp_token): Rename from token. Accommodate changge
throughout Cygwin.
(rcygheap_user::eimpersonate): Use primary token for impersonation.
* grp.cc (internal_getgroups): Use primary impersonation token when
impersonated.
* security.h (_push_thread_privilege): Use primary impersonation token
when impersonated.
user information on NT4.
* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
considerations.
(security_descriptor::realloc): Ditto.
(security_descriptor::free): Ditto.
* security.cc (get_reg_security): Reinstantiate.
(get_nt_object_security): Revert to using NtQuerySecurityObject.
* security.h (class security_descriptor): Drop type member.
Accommodate throughout.
(security_descriptor::size): Constify.
(security_descriptor::copy): Ditto.
impersonation token, which collides with Vista UAC.
* cygheap.h (deimpersonate): revert to self instead of impersonating
hProcImpToken.
(reimpersonate): Only impersonate if setuid.
* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
(dll_crt0_1): Set privileges on hProcToken.
* fork.cc (frok::child): Set privileges on hProcToken. Close handle to
hProcImpToken.
* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
* security.cc (check_access): Create hProcImpToken on demand here.
* security.h (set_process_privilege): Set privileges on hProcToken.
(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
(pop_thread_privilege): If not setuid'ed, revert to self.
* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
Close handle to hProcImpToken.
* uinfo.cc (internal_getlogin): Ditto.
* winsup.h (clear_procimptoken): New inline function.
* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
* security.cc (create_token): Drop grps_buf. Use alloca instead.
Only add the MIC SID to the TOKEN_GROUPS list for the NtCreateToken
call. If the subauthentication token exists, use its MIC SID.
Set SID Attributes for the MIC SID to 0.
(well_known_this_org_sid): New well known sid.
(SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Define.
(mandatory_medium_integrity_sid): New well known sid.
(mandatory_high_integrity_sid): Ditto.
(mandatory_system_integrity_sid): Ditto.
(cygsid::get_sid): Use local SID_IDENTIFIER_AUTHORITY. Allow all
authorities fitting in a UCHAR.
* security.cc (get_token_group_sidlist): Always add the local
group to the token. Add comment. Add "This Organization" group
if available in incoming group list.
(get_server_groups): Only add world and authenticated users groups
if not already in list.
(create_token): Add matching mandatory integrity SID to group list
on systems supporting Mandatory Integrity Control.
* security.h (well_known_this_org_sid): Define.
(mandatory_medium_integrity_sid): Define.
(mandatory_high_integrity_sid): Define.
(mandatory_system_integrity_sid): Define.
* wincap.h: Define has_mandatory_integrity_control throughout.
* wincap.cc: Ditto.
* sec_helper.cc (security_descriptor::malloc): Use own free method.
Set type.
(security_descriptor::realloc): Handle the case that psd has been
allocated using LocalAlloc. Set type.
(security_descriptor::free): Ditto.
* security.cc (get_nt_attribute): Remove.
(get_reg_security): Remove.
(get_nt_object_security): Use GetSecurityInfo which handles all
securable objects.
(get_nt_object_attribute): Remove.
(get_object_attribute): Call get_nt_object_security instead of
get_nt_object_attribute.
(get_file_attribute): Ditto.
(check_registry_access): Call get_nt_object_security instead of
get_reg_security.
* security.h (cygpsid::operator PSID): Make method const, not the
result.
(class security_descriptor): Add type member. Accomodate throughout.
(security_descriptor::copy): New method.
(security_descriptor::operator PSECURITY_DESCRIPTOR *): New operator.
for registry keys/values if ntsec is on.
* security.cc (check_access): New static function derived from
check_file_access, but object type agnostic.
(check_file_access): Only do file specific stuff. Call check_access.
(check_registry_access): New access check function for registry keys/
values.
* security.h (check_registry_access): Declare.
(Wow64RevertWow64FsRedirection): Define.
* security.cc (cygsuba_installed): New shared variable to store result
of cygsuba.dll installation test.
(subauth): Check if cygsuba.dll has been installed and registered
before issuing the (sub)authentication.
* include/cygwin/version.h: Bump DLL version to 1.7.0.
2006-07-25 Corinna Vinschen <corinna@vinschen.de>
* select.h: Remove.
* fhandler_socket.cc: Don't include select.h.
* select.cc: Ditto.
2006-07-25 Corinna Vinschen <corinna@vinschen.de>
* cygtls.h: Drop socket related includes.
(struct _local_storage): Remove exitsock and exitsock_sin. Add
select_sockevt.
* cygtls.cc: Accomodate above change throughout.
* fhandler.h (class fhandler_socket): Make wsock_evt public.
* fhandler_socket.cc (fhandler_socket::fhandler_socket): Accomodate
reordering members.
(fhandler_socket::evaluate_events): Drop FD_CONNECT event as soon as
it gets read once. Never remove FD_WRITE event here.
(fhandler_socket::wait_for_events): Wait 50 ms instead of INFINITE for
socket events.
(fhandler_socket::accept): Fix conditional. Set wsock_events members
of accepted socket to useful start values.
(fhandler_socket::recv_internal): Always drop FD_READ/FD_OOB events from
wsock_events after the call to WSARecvFrom.
(fhandler_socket::send_internal): Drop FD_WRITE event from wsock_events
if the call to WSASendTo fails with WSAEWOULDBLOCK. Fix return value
condition.
* select.cc (struct socketinf): Change to accomodate using socket event
handling.
(peek_socket): Use event handling for peeking socket.
(thread_socket): Ditto.
(start_thread_socket): Ditto.
(socket_cleanup): Same here.
* tlsoffsets.h: Regenerate.
2006-07-20 Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (class fhandler_socket): Rearrange slightly to keep
event handling methods and members together. Drop owner status flag.
Split wait method. Rename event handling methods for readability.
* fhandler_socket.cc (struct wsa_event): Add owner field.
(LOCK_EVENTS): New macro.
(UNLOCK_EVENTS): Ditto.
(fhandler_socket::init_events): rename from prepare.
(fhandler_socket::evaluate_events): First half of former wait method.
Do everything but wait. Allow specifiying whether or not events from
event_mask should be erased from wsock_events->events. Simplify
OOB handling. Allow sending SIGURG to any process (group).
(fhandler_socket::wait_for_events): Second half of former wait method.
Call evaluate_events and wait in a loop if socket is blocking.
(fhandler_socket::release_events): Rename from release.
(fhandler_socket::connect): Accomodate above name changes.
(fhandler_socket::accept): Ditto.
(fhandler_socket::recv_internal): Ditto.
(fhandler_socket::send_internal): Ditto.
(fhandler_socket::close): Ditto.
(fhandler_socket::fcntl): Always set owner to given input value on
F_SETOWN. Handle F_GETOWN.
* net.cc (fdsock): Accomodate above name changes.
2006-07-20 Corinna Vinschen <corinna@vinschen.de>
* fhandler_socket.cc (fhandler_socket::wait): Set Winsock errno to
WSAEWOULDBLOCK instead of WSAEINPROGRESS.
2006-07-18 Brian Ford <Brian.Ford@FlightSafety.com>
Corinna Vinschen <corinna@vinschen.de>
* winsup.h (mmap_region_status): New enum.
(mmap_is_attached_or_noreserve_page): Adjust prototype and rename
as below.
* mmap.cc (mmap_is_attached_or_noreserve_page): Rename
mmap_is_attached_or_noreserve. Add region length parameter.
Return enum above.
* exceptions.cc (_cygtls::handle_exceptions): Accomodate above.
* fhandler.cc (fhandler_base::raw_read): Call above for NOACCESS
errors and retry on success to allow reads into untouched
MAP_NORESERVE buffers.
2006-07-18 Corinna Vinschen <corinna@vinschen.de>
* cygwin.din (posix_openpt): Export.
* tty.cc (posix_openpt): New function.
* include/cygwin/stdlib.h (posix_openpt): Declare.
* include/cygwin/version.h: Bump API minor number.
2006-07-14 Corinna Vinschen <corinna@vinschen.de>
* security.cc (get_token_group_sidlist): Always add the interactive
group to the token. Add comment. Create logon_id group SID by
copying it from incoming group list.
(create_token): Add subauth_token parameter. Use information in
subauth_token if present. Tweak SourceIdentifier if subauth_token
is present for debugging purposes.
* security.h (create_token): Add subauth_token parameter in declaration.
* syscalls.cc (seteuid32): Call subauth first. Call create_token
regardless. Use subauth token in call to create_token if subauth
succeeded.
2006-07-13 Corinna Vinschen <corinna@vinschen.de>
* include/netinet/in.h: Update copyright.
2006-07-13 Corinna Vinschen <corinna@vinschen.de>
* fhandler_socket.cc (fhandler_socket::wait): Rework function so that
WaitForMultipleObjects is really only called when necessary.
2006-07-12 Corinna Vinschen <corinna@vinschen.de>
* include/netdb.h: Declare rcmd, rcmd_af, rexec, rresvport,
rresvport_af, iruserok, iruserok_sa, ruserok.
2006-07-12 Corinna Vinschen <corinna@vinschen.de>
* Makefile.in (DLL_OFILES): Drop iruserok.o. Add rcmd.o.
* autoload.cc (rcmd): Drop definition.
* cygwin.din: Export bindresvport, bindresvport_sa, iruserok_sa,
rcmd_af, rresvport_af.
* net.cc (cygwin_rcmd): Remove.
(last_used_bindresvport): Rename from last_used_rrecvport.
(cygwin_bindresvport_sa): New function implementing bindresvport_sa.
(cygwin_bindresvport): New function implementing bindresvport.
(cygwin_rresvport): Remove.
* include/cygwin/version.h: Bump API minor number.
* include/netinet/in.h: Declare bindresvport and bindresvport_sa.
* libc/iruserok.c: Remove file.
* libc/rcmd.cc: New file implementing rcmd, rcmd_af, rresvport,
rresvport_af, iruserok_sa, iruserok and ruserok.
2006-07-12 Corinna Vinschen <corinna@vinschen.de>
* fhandler_socket.cc (fhandler_socket::getsockname): Return valid
result for unbound sockets.
2006-07-11 Corinna Vinschen <corinna@vinschen.de>
* fhandler_socket.cc (fhandler_socket::fixup_after_fork): Handle
wsock_mtx and wsock_evt on fork, thus handling close_on_exec correctly.
(fhandler_socket::fixup_after_exec): Drop misguided attempt to handle
close_on_exec here.
(fhandler_socket::dup): Call fixup_after_fork with NULL parent.
Add comment.
(fhandler_socket::set_close_on_exec): Handle wsock_mtx and wsock_evt.
2006-07-10 Corinna Vinschen <corinna@vinschen.de>
* fhandler.h (class fhandler_socket): Add wsock_mtx, wsock_evt
and wsock_events members. Remove closed status flag, add listener
status flag. Accomodate new implementation of socket event handling
methods. Declare recv* and send* functions ssize_t as the POSIX
equivalents.
(fhandler_socket::recv_internal): Declare.
(fhandler_socket::send_internal): Ditto.
* fhandler_socket.cc (EVENT_MASK): Define mask of selected events.
(fhandler_socket::fhandler_socket): Initialize new members.
(fhandler_socket::af_local_setblocking): Don't actually set the
socket to blocking mode. Keep sane event selection.
(fhandler_socket::af_local_unsetblocking): Don't actually set the
socket to previous blocking setting, just remember it.
(struct wsa_event): New structure to keep event data per shared
socket.
(NUM_SOCKS): Define number of shared sockets concurrently handled by
all active Cygwin processes.
(wsa_events): New shared datastructure keeping all wsa_event records.
(socket_serial_number): New shared variable to identify shared sockets.
(wsa_slot_mtx): Global mutex to serialize wsa_events access.
(search_wsa_event_slot): New static function to select a new wsa_event
slot for a new socket.
(fhandler_socket::prepare): Rewrite. Prepare event selection
per new socket.
(fhandler_socket::wait): Rewrite. Wait for socket events in thread
safe and multiple process safe.
(fhandler_socket::release): Rewrite. Close per-socket descriptor
mutex handle and event handle.
(fhandler_socket::dup): Duplicate wsock_mtx and wsock_evt. Fix
copy-paste error in debug output.
(fhandler_socket::connect): Accomodate new event handling.
(fhandler_socket::listen): Set listener flag on successful listen.
(fhandler_socket::accept): Accomodate new event handling.
(fhandler_socket::recv_internal): New inline method centralizing
common recv code.
(fhandler_socket::recvfrom): Call recv_internal now.
(fhandler_socket::recvmsg): Ditto. Streamline copying from iovec
to WSABUF.
(fhandler_socket::send_internal): New inline method centralizing
common send code.
(fhandler_socket::sendto): Call send_internal now.
(fhandler_socket::sendmsg): Ditto. Streamline copying from iovec
to WSABUF.
(fhandler_socket::close): Call release now.
(fhandler_socket::ioctl): Never actually switch to blocking mode.
Just keep track of the setting.
* net.cc (fdsock): Call prepare now.
(cygwin_connect): Revert again to event driven technique.
(cygwin_accept): Ditto.
* poll.cc (poll): Don't call recvfrom on a listening socket.
Remove special case for failing recvfrom.
* include/sys/socket.h: Declare recv* and send* functions ssize_t as
requested by POSIX.
2006-07-07 Corinna Vinschen <corinna@vinschen.de>
* net.cc (cygwin_inet_ntop): Fix data type of forth parameter.
2006-07-06 Corinna Vinschen <corinna@vinschen.de>
* include/cygwin/in6.h (struct in6_addr): Fix typo.
2006-07-06 Corinna Vinschen <corinna@vinschen.de>
* cygwin.din: Export in6addr_any, in6addr_loopback, freeaddrinfo,
gai_strerror, getaddrinfo, getnameinfo.
* fhandler_socket.cc: Include cygwin/in6.h.
(get_inet_addr): Accomodate AF_INET6 usage.
(fhandler_socket::connect): Ditto.
(fhandler_socket::listen): Ditto.
(fhandler_socket::sendto): Ditto.
* net.cc: Include cygwin/in6.h.
(in6addr_any): Define.
(in6addr_loopback): Define.
(cygwin_socket): Accomodate AF_INET6 usage.
(socketpair): Bind socketpairs only to loopback for security.
(inet_pton4): New static function.
(inet_pton6): Ditto.
(cygwin_inet_pton): New AF_INET6 aware inet_pton implementation.
(inet_ntop4): New static function.
(inet_ntop6): Ditto.
(cygwin_inet_ntop): New AF_INET6 aware inet_ntop implementation.
(ga_aistruct): New static function.
(ga_clone): Ditto.
(ga_echeck): Ditto.
(ga_nsearch): Ditto.
(ga_port): Ditto.
(ga_serv): Ditto.
(ga_unix): Ditto.
(gn_ipv46): Ditto.
(ipv4_freeaddrinfo): Ditto.
(ipv4_getaddrinfo): Ditto.
(ipv4_getnameinfo): Ditto.
(gai_errmap_t): New structure holding error code - error string mapping.
(cygwin_gai_strerror): New function implementing gai_strerror.
(w32_to_gai_err): New static function.
(get_ipv6_funcs): Ditto.
(load_ipv6_funcs): Ditto.
(cygwin_freeaddrinfo): New function implementing freeaddrinfo.
(cygwin_getaddrinfo): New function implementing getaddrinfo.
(cygwin_getnameinfo): New function implementing getnameinfo.
* include/netdb.h: Include stdint.h and cygwin/socket.h. Define
data types and macros used by getaddrinfo and friends. Declare
freeaddrinfo, gai_strerror, getaddrinfo and getnameinfo.
* include/cygwin/in.h: Add IPv6 related IPPROTOs. Remove definition
of struct sockaddr_in6. Include cygwin/in6.h instead.
* include/cygwin/in6.h: New header file defining IPv6 releated
data types and macros.
* include/cygwin/socket.h: Enable AF_INET6 and PF_INET6. Add
IPv6 related socket options.
* include/cygwin/version.h: Bump API minor number.
2006-07-06 Corinna Vinschen <corinna@vinschen.de>
* autoload.cc (DsGetDcNameA): Define.
(NetGetAnyDCName): Define.
* security.cc: Include dsgetdc.h.
(DsGetDcNameA): Declare.
(DS_FORCE_REDISCOVERY): Define.
(get_logon_server): Add bool parameter to control rediscovery of DC.
Use DsGetDcNameA function if supported, NetGetDCName/NetGetAnyDCName
otherwise.
(get_server_groups): Rediscover DC if get_user_groups fails and
try again.
(get_reg_security): Use correct error code macro when testing
RegGetKeySecurity return value.
* security.h (get_logon_server): Remove default vaue from wserver
parameter. Add rediscovery parameter.
* uinfo.cc (cygheap_user::env_logsrv): Accomodate rediscovery parameter
in call to get_logon_server.
(NtSetEaFile): Define.
* fhandler.cc (fhandler_base::open): Use appropriate open flags
in query case when allow_ntea is set.
* ntdll.h (struct _FILE_GET_EA_INFORMATION): Define.
(struct _FILE_FULL_EA_INFORMATION): Define.
(NtQueryEaFile): Declare.
(NtSetEaFile): Declare.
* ntea.cc (read_ea): Rename from NTReadEA and rewrite using
NtQueryEaFile.
(write_ea): Rename from NTWriteEA and rewrite using NtSetEaFile.
* path.cc (get_symlink_ea): Make static. Add handle parameter to
accomodate new read_ea call.
(set_symlink_ea): Make static. Add handle parameter to accomodate new
write_ea call.
(symlink_worker): Call set_symlink_ea while file is still open.
(symlink_info::check): Call get_symlink_ea after file has been opened.
* security.cc (get_file_attribute): Accomodate new read_ea call.
(set_file_attribute): Accomodate new write_ea call.
* security.h (read_ea): Change declaration accordingly.
(write_ea): Ditto.
sys_wcstombs.
* fhandler_disk_file.cc (fhandler_disk_file::readdir): Call sys_wcstombs
instead of just wcstombs to accomodate OEM codepages.
* miscfuncs.cc (sys_wcstombs): Split len argument in source and target
length. Always 0-terminate result in target string.
* security.cc (lsa2wchar): Remove unused function.
(lsa2str): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Accomodate new argument order in call to
sys_wcstombs.
(get_user_groups): Ditto.
(get_user_local_groups): Ditto.
(get_priv_list): Call sys_wcstombs directly instead of lsa2str.
* uinfo.cc (cygheap_user::ontherange): Accomodate new argument order
in call to sys_wcstombs.
* winsup.h (sys_wcstombs): Change prototype to match new argument order.
(get_setgroups_sidlist): Avoid duplicate groups in group list.
(create_token): Remove special_pgrp local variable. Accomodate
change to get_initgroups_sidlist call.
allocate dynamically.
(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
* sec_acl.cc (setacl): Allocate acl dynamically.
* sec_helper.cc (sec_acl): Add test for alignment of acl when
DEBUGGING is defined.
(__sec_user): Same for sa_buf.
* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
and allocate dynamically.
(alloc_sd): Allocate acl dynamically.
security.h (sec_user_nih): Change first parameter to
SECURITY_ATTRIBUTES *.
(sec_user): Ditto.
* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
allocate dynamically.
* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
dynamically.
* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
and allocate dynamically.
* winbase.h (ilockincr): Mark first argument of inline assembly as
earlyclobber.
(ilockdecr): Ditto.
(get_server_groups): Declare new function.
* security.cc (is_group_member): Simplify.
(get_server_groups): New function.
(get_initgroups_sidlist): Call get_server_groups.
(verify_token): Allow token when supplementary sids are not in
/etc/group but are in the token.
Streamline the code.
* grp.cc (initgroups32): New implementation.
(getgroups32): Handle case where the supplementary groups are set.