Corinna Vinschen 2e8abfc1c5 * sec_helper.cc (lookup_name): Suppress.
* security.cc (alloc_sd): Remove logsrv argument.
	Remove two calls to lookup_name.
	(set_security_attribute): Remove logsrv argument.
	Remove logsrv argument in call to alloc_sd.
	(set_nt_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_security_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_nt_attribute.
	(set_file_attribute): Remove logsrv argument.
	Remove logsrv argument in call to set_file_attribute.
	* syscalls.cc (chown_worker): Remove logserver argument in
	call to set_file_attribute.
	(chmod): Ditto.
	* shm.cc (shmget): Remove logsrv argument in call to alloc_sd.
	* uinfo.cc (internal_getlogin): Replace calls to
	lookup_name by call to LookupAccountName.
	* security.h: Remove logsrv in declarations of set_file_attribute
	and alloc_sd. Remove declaration of lookup_name.
2002-06-06 11:17:51 +00:00

559 lines
15 KiB
C++

/* shm.cc: Single unix specification IPC interface for Cygwin
Copyright 2001, 2002 Red Hat, Inc.
Originally written by Robert Collins <robert.collins@hotmail.com>
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
details. */
#include "winsup.h"
#include <sys/stat.h>
#include <errno.h>
#include "cygerrno.h"
#include <unistd.h>
#include "security.h"
#include "fhandler.h"
#include "path.h"
#include "dtable.h"
#include "cygheap.h"
#include <stdio.h>
#include "thread.h"
#include <sys/shm.h>
#include "cygserver_shm.h"
// FIXME IS THIS CORRECT
/* Implementation notes: We use two shared memory regions per key:
* One for the control structure, and one for the shared memory.
* While this has a higher overhead tham a single shared area,
* It allows more flexability. As the entire code is transparent to the user
* We can merge these in the future should it be needed.
*/
extern "C" size_t
getsystemallocgranularity ()
{
SYSTEM_INFO sysinfo;
static size_t buffer_offset = 0;
if (buffer_offset)
return buffer_offset;
GetSystemInfo (&sysinfo);
buffer_offset = sysinfo.dwAllocationGranularity;
return buffer_offset;
}
client_request_shm::client_request_shm (int ntype, int nshm_id):
client_request (CYGSERVER_REQUEST_SHM_GET, sizeof (parameters))
{
buffer = (char *) &parameters;
parameters.in.shm_id = nshm_id;
parameters.in.type = SHM_REATTACH;
parameters.in.pid = GetCurrentProcessId ();
}
client_request_shm::client_request_shm (int ntype, int nshm_id, pid_t npid):
client_request (CYGSERVER_REQUEST_SHM_GET, sizeof (parameters))
{
buffer = (char *) &parameters;
parameters.in.shm_id = nshm_id;
parameters.in.type = ntype;
parameters.in.pid = npid;
}
client_request_shm::client_request_shm (key_t nkey, size_t nsize,
int nshmflg,
char psdbuf[4096],
pid_t npid):
client_request (CYGSERVER_REQUEST_SHM_GET, sizeof (parameters))
{
buffer = (char *) &parameters;
parameters.in.key = nkey;
parameters.in.size = nsize;
parameters.in.shmflg = nshmflg;
parameters.in.type = SHM_CREATE;
parameters.in.pid = npid;
memcpy (parameters.in.sd_buf, psdbuf, 4096);
}
static shmnode *shm_head = NULL;
static shmnode *
build_inprocess_shmds (HANDLE hfilemap, HANDLE hattachmap, key_t key,
int shm_id)
{
HANDLE filemap = hfilemap;
void *mapptr = MapViewOfFile (filemap, FILE_MAP_WRITE, 0, 0, 0);
if (!mapptr)
{
CloseHandle (hfilemap);
CloseHandle (hattachmap);
//FIXME: close filemap and free the mutex
/* we couldn't access the mapped area with the requested permissions */
set_errno (EACCES);
return NULL;
}
/* Now get the user data */
HANDLE attachmap = hattachmap;
shmid_ds *shmtemp = new shmid_ds;
if (!shmtemp)
{
system_printf ("failed to malloc shm node\n");
set_errno (ENOMEM);
UnmapViewOfFile (mapptr);
CloseHandle (filemap);
CloseHandle (attachmap);
/* exit mutex */
return NULL;
}
/* get the system node data */
*shmtemp = *(shmid_ds *) mapptr;
/* process local data */
shmnode *tempnode = new shmnode;
tempnode->filemap = filemap;
tempnode->attachmap = attachmap;
shmtemp->mapptr = mapptr;
/* no need for InterlockedExchange here, we're serialised by the global mutex */
tempnode->shmds = shmtemp;
tempnode->shm_id = shm_id;
tempnode->key = key;
tempnode->next = shm_head;
tempnode->attachhead = NULL;
shm_head = tempnode;
/* FIXME: leave the system wide shm mutex */
return tempnode;
}
static void
delete_inprocess_shmds (shmnode **nodeptr)
{
shmnode *node = *nodeptr;
// remove from the list
if (node == shm_head)
shm_head = shm_head->next;
else
{
shmnode *tempnode = shm_head;
while (tempnode && tempnode->next != node)
tempnode = tempnode->next;
if (tempnode)
tempnode->next = node->next;
// else log the unexpected !
}
// release the shared data view
UnmapViewOfFile (node->shmds);
CloseHandle (node->filemap);
CloseHandle (node->attachmap);
// free the memory
delete node;
nodeptr = NULL;
}
int __stdcall
fixup_shms_after_fork ()
{
shmnode *tempnode = shm_head;
while (tempnode)
{
void *newshmds =
MapViewOfFile (tempnode->filemap, FILE_MAP_WRITE, 0, 0, 0);
if (!newshmds)
{
/* don't worry about handle cleanup, we're dying! */
system_printf ("failed to reattach to shm control file view %x\n",
tempnode);
return 1;
}
tempnode->shmds = (class shmid_ds *) newshmds;
tempnode->shmds->mapptr = newshmds;
_shmattach *attachnode = tempnode->attachhead;
while (attachnode)
{
void *newdata = MapViewOfFileEx (tempnode->attachmap,
(attachnode->shmflg & SHM_RDONLY) ?
FILE_MAP_READ : FILE_MAP_WRITE, 0,
0, 0, attachnode->data);
if (newdata != attachnode->data)
{
/* don't worry about handle cleanup, we're dying! */
system_printf ("failed to reattach to mapped file view %x\n",
attachnode->data);
return 1;
}
attachnode = attachnode->next;
}
tempnode = tempnode->next;
}
return 0;
}
/* this is ugly. Yes, I know that.
* FIXME: abstract the lookup functionality,
* So that it can be an array, list, whatever without us being worried
*/
/* FIXME: after fork, every memory area needs to have the attach count
* incremented. This should be done in the server?
*/
/* FIXME: tell the daemon when we attach, so at process close it can clean up
* the attach count
*/
extern "C" void *
shmat (int shmid, const void *shmaddr, int shmflg)
{
shmnode *tempnode = shm_head;
while (tempnode && tempnode->shm_id != shmid)
tempnode = tempnode->next;
if (!tempnode)
{
/* couldn't find a currently open shm control area for the key - probably because
* shmget hasn't been called.
* Allocate a new control block - this has to be handled by the daemon */
client_request_shm *req =
new client_request_shm (SHM_REATTACH, shmid, GetCurrentProcessId ());
int rc;
if ((rc = cygserver_request (req)))
{
delete req;
set_errno (ENOSYS); /* daemon communication failed */
return (void *) -1;
}
if (req->header.error_code) /* shm_get failed in the daemon */
{
set_errno (req->header.error_code);
delete req;
return (void *) -1;
}
/* we've got the id, now we open the memory area ourselves.
* This tests security automagically
* FIXME: make this a method of shmnode ?
*/
tempnode =
build_inprocess_shmds (req->parameters.out.filemap,
req->parameters.out.attachmap,
req->parameters.out.key,
req->parameters.out.shm_id);
delete req;
if (!tempnode)
return (void *) -1;
}
// class shmid_ds *shm = tempnode->shmds;
if (shmaddr)
{
//FIXME: requested base address ?! (Don't forget to fix the fixup_after_fork too)
set_errno (EINVAL);
return (void *) -1;
}
void *rv = MapViewOfFile (tempnode->attachmap,
(shmflg & SHM_RDONLY) ? FILE_MAP_READ :
FILE_MAP_WRITE, 0, 0, 0);
if (!rv)
{
//FIXME: translate GetLastError()
set_errno (EACCES);
return (void *) -1;
}
/* tell the daemon we have attached */
client_request_shm *req =
new client_request_shm (SHM_ATTACH, shmid);
int rc;
if ((rc = cygserver_request (req)))
{
debug_printf ("failed to tell deaemon that we have attached\n");
}
delete req;
_shmattach *attachnode = new _shmattach;
attachnode->data = rv;
attachnode->shmflg = shmflg;
attachnode->next =
(_shmattach *) InterlockedExchangePointer (&tempnode->attachhead,
attachnode);
return rv;
}
/* FIXME: tell the daemon when we detach so it doesn't cleanup incorrectly.
*/
extern "C" int
shmdt (const void *shmaddr)
{
/* this should be "rare" so a hefty search is ok. If this is common, then we
* should alter the data structs to allow more optimisation
*/
shmnode *tempnode = shm_head;
_shmattach *attachnode;
while (tempnode)
{
// FIXME: Race potential
attachnode = tempnode->attachhead;
while (attachnode && attachnode->data != shmaddr)
attachnode = attachnode->next;
if (attachnode)
break;
tempnode = tempnode->next;
}
if (!tempnode)
{
// dt cannot be called by an app that hasn't alreadu at'd
set_errno (EINVAL);
return -1;
}
UnmapViewOfFile (attachnode->data);
/* tell the daemon we have attached */
client_request_shm *req =
new client_request_shm (SHM_DETACH, tempnode->shm_id);
int rc;
if ((rc = cygserver_request (req)))
{
debug_printf ("failed to tell deaemon that we have detached\n");
}
delete req;
return 0;
}
//FIXME: who is allowed to perform STAT?
extern "C" int
shmctl (int shmid, int cmd, struct shmid_ds *buf)
{
shmnode *tempnode = shm_head;
while (tempnode && tempnode->shm_id != shmid)
tempnode = tempnode->next;
if (!tempnode)
{
/* couldn't find a currently open shm control area for the key - probably because
* shmget hasn't been called.
* Allocate a new control block - this has to be handled by the daemon */
client_request_shm *req =
new client_request_shm (SHM_REATTACH, shmid, GetCurrentProcessId ());
int rc;
if ((rc = cygserver_request (req)))
{
delete req;
set_errno (ENOSYS); /* daemon communication failed */
return -1;
}
if (req->header.error_code) /* shm_get failed in the daemon */
{
set_errno (req->header.error_code);
delete req;
return -1;
}
/* we've got the id, now we open the memory area ourselves.
* This tests security automagically
* FIXME: make this a method of shmnode ?
*/
tempnode =
build_inprocess_shmds (req->parameters.out.filemap,
req->parameters.out.attachmap,
req->parameters.out.key,
req->parameters.out.shm_id);
delete req;
if (!tempnode)
return -1;
}
switch (cmd)
{
case IPC_STAT:
buf->shm_perm = tempnode->shmds->shm_perm;
buf->shm_segsz = tempnode->shmds->shm_segsz;
buf->shm_lpid = tempnode->shmds->shm_lpid;
buf->shm_cpid = tempnode->shmds->shm_cpid;
buf->shm_nattch = tempnode->shmds->shm_nattch;
buf->shm_atime = tempnode->shmds->shm_atime;
buf->shm_dtime = tempnode->shmds->shm_dtime;
buf->shm_ctime = tempnode->shmds->shm_ctime;
break;
case IPC_RMID:
{
/* TODO: check permissions. Or possibly, the daemon gets to be the only
* one with write access to the memory area?
*/
if (tempnode->shmds->shm_nattch)
system_printf
("call to shmctl with cmd= IPC_RMID when memory area still has"
" attachees\n");
/* how does this work?
* we mark the ds area as "deleted", and the at and get calls all fail from now on
* on, when nattch becomes 0, the mapped data area is destroyed.
* and each process, as they touch this area detaches. eventually only the
* daemon has an attach. The daemon gets asked to detach immediately.
*/
//waiting for the daemon to handle terminating process's
client_request_shm *req =
new client_request_shm (SHM_DEL, shmid, GetCurrentProcessId ());
int rc;
if ((rc = cygserver_request (req)))
{
delete req;
set_errno (ENOSYS); /* daemon communication failed */
return -1;
}
if (req->header.error_code) /* shm_del failed in the daemon */
{
set_errno (req->header.error_code);
delete req;
return -1;
}
/* the daemon has deleted it's references */
/* now for us */
// FIXME: create a destructor
delete_inprocess_shmds (&tempnode);
}
break;
case IPC_SET:
default:
set_errno (EINVAL);
return -1;
}
return 0;
}
/* FIXME: evaluate getuid32() and getgid32() against the requested mode. Then
* choose PAGE_READWRITE | PAGE_READONLY and FILE_MAP_WRITE | FILE_MAP_READ
* appropriately
*/
/* FIXME: shmid should be a verifyable object
*/
/* FIXME: on NT we should check everything against the SD. On 95 we just emulate.
*/
extern "C" int
shmget (key_t key, size_t size, int shmflg)
{
DWORD sd_size = 4096;
char sd_buf[4096];
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) sd_buf;
/* create a sd for our open requests based on shmflag & 0x01ff */
InitializeSecurityDescriptor (psd,
SECURITY_DESCRIPTOR_REVISION);
psd = alloc_sd (getuid32 (), getgid32 (),
shmflg & 0x01ff, psd, &sd_size);
if (key == (key_t) - 1)
{
set_errno (ENOENT);
return -1;
}
/* FIXME: enter the checking for existing keys mutex. This mutex _must_ be system wide
* to prevent races on shmget.
*/
/* walk the list of currently open keys and return the id if found
*/
shmnode *tempnode = shm_head;
while (tempnode)
{
if (tempnode->key == key && key != IPC_PRIVATE)
{
// FIXME: free the mutex
if (size && tempnode->shmds->shm_segsz < size)
{
set_errno (EINVAL);
return -1;
}
if ((shmflg & IPC_CREAT) && (shmflg & IPC_EXCL))
{
set_errno (EEXIST);
// FIXME: free the mutex
return -1;
}
// FIXME: do we need to other tests of the requested mode with the
// tempnode->shmid mode ? testcase on unix needed.
// FIXME do we need a security test? We are only examining the keys we already have open.
// FIXME: what are the sec implications for fork () if we don't check here?
return tempnode->shm_id;
}
tempnode = tempnode->next;
}
/* couldn't find a currently open shm control area for the key.
* Allocate a new control block - this has to be handled by the daemon */
client_request_shm *req =
new client_request_shm (key, size, shmflg, sd_buf,
GetCurrentProcessId ());
int rc;
if ((rc = cygserver_request (req)))
{
delete req;
set_errno (ENOSYS); /* daemon communication failed */
return -1;
}
if (req->header.error_code) /* shm_get failed in the daemon */
{
set_errno (req->header.error_code);
delete req;
return -1;
}
/* we've got the id, now we open the memory area ourselves.
* This tests security automagically
* FIXME: make this a method of shmnode ?
*/
shmnode *shmtemp = build_inprocess_shmds (req->parameters.out.filemap,
req->parameters.out.attachmap,
key,
req->parameters.out.shm_id);
delete req;
if (shmtemp)
return shmtemp->shm_id;
return -1;
#if 0
/* fill out the node data */
shmtemp->shm_perm.cuid = getuid32 ();
shmtemp->shm_perm.uid = shmtemp->shm_perm.cuid;
shmtemp->shm_perm.cgid = getgid32 ();
shmtemp->shm_perm.gid = shmtemp->shm_perm.cgid;
shmtemp->shm_perm.mode = shmflg & 0x01ff;
shmtemp->shm_lpid = 0;
shmtemp->shm_nattch = 0;
shmtemp->shm_atime = 0;
shmtemp->shm_dtime = 0;
shmtemp->shm_ctime = time (NULL);
shmtemp->shm_segsz = size;
*(shmid_ds *) mapptr = *shmtemp;
shmtemp->filemap = filemap;
shmtemp->attachmap = attachmap;
shmtemp->mapptr = mapptr;
#endif
}