* cygserver.h (CYGWIN_SERVER_VERSION_API): Bump.
(request_code_t): Define CYGSERVER_REQUEST_SETPWD request type.
* cygserver_msg.h (client_request_msg::retval): Use default value of -1
for retval if msglen is 0.
* cygserver_sem.h (client_request_sem::retval): Ditto.
* cygserver_shm.h (client_request_shm::retval): Ditto.
* cygserver_setpwd.h: New file.
* external.cc (cygwin_internal): Implement new CW_SET_PRIV_KEY type.
* sec_auth.cc (open_local_policy): Make externally available.
Get ACCESS_MASK as argument.
(create_token): Accommodate change to open_local_policy.
(lsaauth): Ditto.
(lsaprivkeyauth): New function fetching token by retrieving
password stored in Cygwin or Interix LSA private data area and
calling LogonUser with it.
* security.h (lsaprivkeyauth): Declare.
(open_local_policy): Declare.
* setlsapwd.cc: New file implementing setting LSA private data password
using LsaStorePrivateData or by calling cygserver if available.
* syscalls.cc (seteuid32): Add workaround to get the original token
when switching back to the original privileged user, even if
setgroups group list is still active. Add long comment to explain why.
Call lsaprivkeyauth first, only if that fails call lsaauth or
create_token.
* include/cygwin/version.h: Bump API minor number.
* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_SET_PRIV_KEY.
* dtable.cc (handle_to_fn): Ditto.
* fhandler_console.cc (fhandler_console::read): Ditto.
(fhandler_console::scroll_screen): Ditto.
(dev_console::set_color): Ditto.
* fhandler_dsp.cc (fhandler_dev_dsp::write): Ditto.
(fhandler_dev_dsp::read): Ditto.
* fhandler_tape.cc (mtinfo_drive::get_status): Ditto.
* hookapi.cc (find_first_notloaded_dll): Ditto.
* mmap.cc (msync): Ditto.
* pipe.cc (pipesync::pipesync): Ditto.
* sec_acl.cc (getace): Ditto.
* sec_auth.cc (create_token): Ditto.
(lsaauth): Ditto.
* select.cc (peek_pipe): Ditto.
* spawn.cc (av::fixup): Ditto.
* syscalls.cc (popen): Ditto.
* tty.cc (tty::init_session): Ditto.
* uinfo.cc (pwdgrp::load): Ditto.
* fhandler.cc (fhandler_base::setup_overlapped): Ditto.
(fhandler_base::wait_overlapped): Rename second use of res variable to wres or
errors are not returned correctly.
* dcrt0.cc: Remove obsolete variable.
* dll_init.cc (release_upto): Fix typo involving incorrect use of '|'.
* fhandler_disk_file.cc (fhandler_base::fstat_by_handle): Avoid a compiler
warning regarding coercing type-punned variables.
(fhandler_base::fstat_by_name): Ditto. fhandler_fifo.cc
(fhandler_fifo::open_nonserver): Fix = vs. == typo.
(fhandler_fifo::wait): Add all conditions to switch statement to avoid a
compiler warning.
* fhandler_process.cc: Avoid unneeded initialization of variables to zero.
(fhandler_socket::listen): Add braces around initializer.
* flock.cc (inode_t::get_all_locks_list): Reorganize to avoid a compiler
warning. Fix problem with EWOULDBLOCK error return.
* path.cc (GUID_shortcut): Use braces around struct initializer.
(cygwin_conv_path): Reorganize to avoid a compiler warning.
* random.cc (dummy): Mark variable as volatile to avoid a "used uninitialized"
warning.
* libc/getopt.c: Mark some variables as dllexport although gcc doesn't seem to
do the right thing with them.
* libc/minires-os-if.c (get_registry_dns_items): Coerce some function arguments
to avoid a compiler warning.
MAX_DOMAIN_NAME_LEN throughout.
* cyglsa.h (CYG_LSA_MAGIC): New value.
(cyglsa_t): Define username and domain as WCHAR arrays.
* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
appropriate.
(extract_nt_dom_user): Prefer resolving by SID before resolving by
domain\name pair.
(cygwin_logon_user): Don't print cleartext password in debug output.
Change comment.
(get_user_groups): Revert calls to LookupAccountNameW to use NULL
server instead of explicit server name, according to MSDN.
(get_user_local_groups): Ditto.
(get_server_groups): Fetch domain and user name from usersid per
LookupAccountSidW instead of calling extract_nt_dom_user.
(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
instead of calling extract_nt_dom_user.
* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
(privilege_luid): Convert first parameter to PWCHAR.
(privilege_name): Return wchar_t pointer.
(set_privileges): Accommodate debug output.
* security.h (privilege_luid): Change prototype accordingly.
(enum _SECPKG_NAME_TYPE): Define.
(struct _SECPKG_CALL_INFO): Define.
(struct _LSA_SECPKG_FUNCS): Extend to full size. Define unused
functions lazily.
(cygprf_t): Define.
* sec_auth.cc (lsaauth): Use actual primary group if no admins group.
Add (disabled) code to fetch token from profil data.
* dcrt0.cc (child_info_spawn::handle_spawn): Drop artificial
supplementary group list from calling setgroups in parent.
* grp.cc (internal_getgroups): Drop 9x-only code. Reformat.
* sec_auth.cc (get_logon_server): Do everything in WCHAR only.
(get_user_groups): Ditto. Use wlogonserver in LookupAccountNameW
calls, too.
(is_group_member): Get logon server as first argument and use in call
to NetLocalGroupGetMembers.
(get_user_local_groups): Get logon server as first argument and use in
calls to NetLocalGroupEnum and LookupAccountNameW. Revamp to work
more correctly in domain environments.
(get_server_groups): Accommodate aforementioned changed function calls.
* security.h (get_logon_server): Change prototype accordingly.
* uinfo.cc (cygheap_user::env_logsrv): Accommodate changed
get_logon_server call.
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.
Corinna Vinschen
Christopher Faylor