| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
|
| |
|
|
|
|
|
|
|
| |
with PC_KEEP_HANDLE flag.
* path.h (path_conv::operator =): Duplicate UNICODE path as well.
* security.cc (check_file_access): Use path_conv handle if available.
* syscalls.cc (access): Create fhandler with PC_KEEP_HANDLE flag set.
(euidaccess): Ditto.
(faccessat): Ditto.
|
| | |
|
| | |
|
| |
|
|
| |
security descriptor of HKEY_PERFORMANCE_DATA.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(EqualSid): Remove.
(CopySid): Remove.
(AddAccessAllowedAce): Remove.
(AddAccessDeniedAce): Remove.
(MakeSelfRelativeSD): Remove.
* flock.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* sec_acl.cc: Ditto.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
* security.h: Ditto.
(RtlEqualSid): Declare. Explain why.
(RtlCopySid): Ditto.
|
| |
|
|
|
|
|
|
| |
(PrivilegeCheck): Remove.
(OpenThreadToken): Remove.
* fhandler_tty.cc: Replace above functions throughout with their
ntdll.dll equivalent.
* security.cc: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(SetSecurityDescriptorGroup): Remove.
(SetSecurityDescriptorOwner): Remove.
* pinfo.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* sec_acl.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
* sec_helper.cc (__sec_user): Remove old comment.
|
| |
|
|
|
|
|
|
|
|
| |
(GetSecurityDescriptorGroup): Remove.
(GetSecurityDescriptorOwner): Remove.
* sec_acl.cc: Replace above functions throughout with their ntdll.dll
equivalent. Remove redundant debug output.
* sec_auth.cc: Ditto.
* security.cc: Ditto.
* uinfo.cc: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(AddAce): Remove.
(FindFirstFreeAce): Remove.
(GetAce): Remove.
(InitializeSecurityDescriptor): Remove.
(OpenProcessToken): Remove.
* dcrt0.cc: Replace above functions throughout with their ntdll.dll
equivalent.
* fhandler_tty.cc: Ditto.
* flock.cc: Ditto.
* pinfo.cc: Ditto. Drop unnecessary error handling.
* sec_acl.cc: Ditto.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(EqualPrefixSid): Remove.
(GetLengthSid): Remove.
(GetSidSubAuthority): Remove.
(GetSidSubAuthorityCount): Remove.
(GetSidIdentifierAuthority): Remove.
* fhandler_disk_file.cc: Remove above functions throughout with their
ntdll.dll equivalent.
* sec_auth.cc: Ditto.
* sec_helper.cc: Ditto.
* security.cc: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ntdll.h (RtlConvertToAutoInheritSecurityObject): Declare.
(RtlDeleteSecurityObject): Declare.
(RtlGetControlSecurityDescriptor): Declare.
(RtlLengthSecurityDescriptor): Declare.
* security.cc (file_mapping): New global variable.
(get_file_sd): Rewrite. Clean up code. Get rid of GetSecurityInfo
call.
(alloc_sd): Call RtlSetControlSecurityDescriptor to set
SE_DACL_PROTECTED flag.
(check_file_access): Remove mapping. Use file_mapping instead.
(check_registry_access): Rename mapping to reg_mapping.
* wincap.cc: Througout, drop use_get_sec_info_on_dirs,
* wincap.h (struct wincaps): Drop use_get_sec_info_on_dirs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* autoload.cc (DnsQuery_A): Fatal if not available.
(DnsRecordListFree): Ditto.
(DsGetDcNameW): Ditto.
(NetGetAnyDCName): Remove.
(NetGetDCName): Remove.
(EnumProcessModules): Fatal if not available.
(GetModuleFileNameExW): Ditto.
(GetModuleInformation): Ditto.
(GetProcessMemoryInfo): Ditto.
(QueryWorkingSet): Ditto.
(LsaRegisterLogonProcess): Ditto.
* fenv.cc (_feinitialise): Drop supports_sse condition.
* fhandler_disk_file.cc (path_conv::isgood_inode): Fix comment.
(fhandler_base::fstat_by_name): Drop has_fileid_dirinfo condition.
(fhandler_disk_file::opendir): Ditto.
* fhandler_netdrive.cc (fhandler_netdrive::readdir): Fix comment.
* fhandler_proc.cc (format_proc_partitions): Drop NT4-only code.
* fhandler_process.cc (get_process_state): Ditto.
* kernel32.cc (GetWindowsDirectoryW): Remove.
(GetWindowsDirectoryA): Remove.
* miscfuncs.cc (nice_to_winprio): Drop NT4-only code.
* mount.cc (fs_info::update): Fix comments.
* net.cc (get_2k_ifs): Drop NT4-only code.
* sec_auth.cc (get_logon_server): Ditto.
(lsaauth): Drop NT4-specific error handling.
* security.cc (alloc_sd): Set SE_DACL_PROTECTED unconditionally.
* select.cc (select_stuff::wait): Always use MWMO_INPUTAVAILABLE.
(peek_windows): Drop NT4-only condition in call to PeekMessage.
* syscalls.cc (gethostid): Remove NT4-only workaround.
* wincap.cc: Througout, drop has_dacl_protect,
has_broken_if_oper_status, has_process_io_counters,
has_terminal_services, has_extended_priority_class, has_guid_volumes,
has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse from
wincaps.
(wincap_nt4sp4): Remove.
(wincap_minimal): Set to wincap_2000.
(wincapc::init): Rely on availability of OSVERSIONINFOEX structure.
Treat error from GetVersionEx as fatal. Treat NT4 as fatal.
* wincap.h (struct wincaps): Drop has_dacl_protect,
has_broken_if_oper_status, has_process_io_counters,
has_terminal_services, has_extended_priority_class, has_guid_volumes,
has_fileid_dirinfo, has_mwmo_inputavailable and supports_sse flags
and methods.
* winlean.h (GetWindowsDirectoryW) Define as GetSystemWindowsDirectoryW.
(GetWindowsDirectoryA): Define as GetSystemWindowsDirectoryA.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
filesystem supporting ACLs, create the file with WRITE_DAC access.
Explain why.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Ditto for
directories.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for sockets.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Always call GetSecurityInfo for directories
on XP and Server 2003. Improve comment to explain why.
(set_file_attribute): Explicitely cast mode_t value to bool in call to
get_file_sd.
* wincap.h (wincaps::use_get_sec_info_on_dirs): New element.
* wincap.cc: Implement above element throughout.
|
| |
|
|
| |
duplication now. Add more comments for clarity.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* fhandler_disk_file.cc (fhandler_disk_file::facl): Handle ENOSYS and
point to the explanation.
* ntdll.h (STATUS_NOT_IMPLEMENTED): Define.
* path.cc (symlink_info::check): Handle the inability of NT4 to use
FileNetworkOpenInformation on share root dirs in either direction.
* path.h (slash_unc_prefix_p): Remove unused declaration.
* security.cc (get_info_from_sd): Handle ENOSYS from get_file_sd.
Explain when this happens.
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of ACL_DEFAULT_SIZE.
* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
* security.h (ACL_DEFAULT_SIZE): Drop definition.
(ACL_MAXIMUM_SIZE): Define.
(SD_MAXIMUM_SIZE): Define.
* security.cc (get_file_sd): Allocate security_decscriptor with size
SD_MAXIMUM_SIZE.
(alloc_sd): Use TLS buffer to allow maximum ACL size.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
GetSecurityInfo only if justcreated is true, NtQuerySecurityObject
otherwise. Add comment to explain why. Don't waste time to call
NtQuerySecurityObject twice, just allocate big enough area.
(get_file_attribute): Call get_file_sd with justcreated set to false.
(set_file_attribute): Call get_file_sd with justcreated depending on
S_JUSTCREATED pseudo file attribute.
(check_file_access): Call get_file_sd with justcreated set to false.
* sec_acl.cc (setacl): Ditto.
(getacl): Ditto.
* security.h: Convert many functions to regparm functions.
(get_file_sd): Declare with extra bool parameter.
|
| |
|
|
|
| |
instead of a constant value.
* security.cc (alloc_sd): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fhandler.h (fhandler_tty_slave::fch_open_handles): Declare private.
(fhandler_tty_slave::fch_close_handles): Ditto.
(fhandler_tty_slave::cygserver_attach_tty): Drop declaration.
(fhandler_tty_slave::fstat): Declare public.
(fhandler_tty_slave::fchmod): Declare public.
(fhandler_tty_slave::fchown): Declare public.
(class fhandler_pty_master): Add master_ctl handle.
(fhandler_pty_master::pty_master_thread): Declare public.
* fhandler_termios.cc (fhandler_termios::tcinit): If the process
is started from a non-Cygwin process, make it tty process group
leader.
* fhandler_tty.cc: Throughout accommodate additional security related
arguments in calls to functions creating or opening objects.
(close_maybe): Move to start of file to reuse it
in other methods.
(struct pipe_request): Define.
(struct pipe_reply): Define.
(fhandler_tty_slave::open): Throughout, try to open synchronization
objects with MAXIMUM_ALLOWED permissions. Drop call to cygserver.
Try to duplicate pipe handles via master_ctl pipe if duplicating
directly doesn't work.
(fhandler_tty_slave::cygserver_attach_tty): Remove.
(fhandler_tty_slave::init): Close unused incoming pipe handle.
(fhandler_pty_master::close): Send exit message to master control
thread and close master_ctl handle.
(fhandler_pty_master::pty_master_thread): New method, implementing the
master control thread.
(pty_master_thread): Static helper to start master control thread.
(fhandler_pty_master::setup): Simplify creating pipe inheritance.
Make sure we're the one creating the input_available_event. Add
comment to explain why. Create master_ctl pipe and start master
control thread. Close master_ctl handle in case of error.
* security.cc (alloc_sd): Add code to handle tty objects. Add comments
to explain what exactly is required.
(get_object_sd): New function.
(get_object_attribute): New function.
(create_object_sd_from_attribute): New function.
(set_object_sd): New function.
(set_object_attribute): New function.
(set_file_attribute): Change attribute type to mode_t.
* security.h (set_file_attribute): Change attribute type to mode_t.
(get_object_sd): Declare.
(get_object_attribute): Declare.
(create_object_sd_from_attribute): Declare.
(set_object_sd): Declare.
(set_object_attribute): Declare.
* tty.cc (tty::slave_alive): Implement directly instead of via alive.
(tty::exists): Open mutex handle with READ_CONTROL access.
(tty::alive): Remove.
(tty::open_output_mutex): Convert to inline method.
(tty::open_input_mutex): Ditto.
(tty::open_mutex): Take additional ACCESS_MASK parameter for the
mutex open access mask.
(tty::open_inuse): New method.
(tty::create_inuse): Take PSECURITY_ATTRIBUTES parameter. Drop fmt
name parameter. Always create TTY_SLAVE_ALIVE event.
(tty::get_event): Take additional PSECURITY_ATTRIBUTES parameter for
CreateEvent.
* tty.h (class tty): Change declarations according to aforementioned
changes.
(tty::open_output_mutex): Implement as inline method.
(tty::open_input_mutex): Ditto.
|
| |
|
|
|
| |
* security.cc (check_access): Use user.imp_token if appropriate.
Set errno and return if DuplicateTokenEx fails .
|
| |
|
|
|
|
|
| |
flag. Remove INHERITED_ACE flag from all inherited ACEs. Add comment.
Fix ace_off counter in unrelated ACE loop.
* wincap.cc: Re-add has_dacl_protect throughout.
* wincap.h: Ditto.
|
| |
|
|
| |
entries for directories.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LocalFree instead of ::free.
* sec_acl.cc: Throughout replace old ACE flag definitions with current
definitions as used in MSDN man pages.
* security.cc: Ditto.
* fhandler.cc (fhandler_base::open): Make sure file has really been
just created before fixing file permissions. Add S_JUSTCREATED
attribute to set_file_attribute call.
* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
with default security descriptor and fix descriptor afterwards.
Add S_JUSTCREATED flag to set_file_attribute call.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto for symlinks.
* security.cc (get_file_sd): Call GetSecurityInfo rather than
NtQuerySecurityObject. Explain why. Change error handling accordingly.
(alloc_sd): Skip non-inherited, non-standard entries in ACL if
S_JUSTCREATED attribute is set. Explain why. Minor format fixes.
* security.h (S_JUSTCREATED): New define.
(security_descriptor::operator=): New operator.
|
| |
|
|
|
|
|
|
| |
security descriptor and fix descriptor afterwards. Change comment to
explain why.
* security.cc (alloc_sd): Drop setting the SE_DACL_PROTECTED flag.
* wincap.cc: Remove has_dacl_protect throughout.
* wincap.h: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
| |
* fhandler.h (fhandler_base::fhaccess): Add parameter.
* security.h (check_file_access, check_registry_access): Likewise.
* security.cc (check_file_access, check_registry_access)
(check_access): Implement new parameter.
* fhandler.cc (fhandler_base::fhaccess): Likewise.
(device_access_denied): Update caller.
* syscalls.cc (access, faccessat): Update callers.
* spawn.cc (find_exec, fixup): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
| |
call to NtOpenFile.
* exceptions.cc (open_stackdumpfile): Ditto in call to NtCreateFile.
* fhandler.cc (fhandler_base::open): Ditto. Simplify setting
create_options.
* mount.cc (fs_info::update): Recognize offline storage.
(fillout_mntent): Report UDF and offline storage.
* mount.h (class fs_info): Add is_csc_cache status flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
error when changing the user account on a standalone Samba server.
Explain why.
* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
(well_known_samba_unix_user_fake_sid): Define.
* security.cc (set_file_sd): Take additional parameter if ownership
should be changed. Restrict requested permissions accordingly.
(set_file_attribute): Accommodate additional parameter to set_file_sd.
* security.h (well_known_samba_unix_user_fake_sid): Declare.
(set_file_sd): Align declaration to above change.
|
| |
|
|
| |
for directories.
|
| |
|
|
|
|
|
| |
with alloc_sd. Strip FILE_READ_ATTRIBUTES fromn setting
FILE_GENERIC_EXECUTE permissions same as in alloc_sd.
* security.cc (alloc_sd): Reformat expression. Strip EA permission
bits from owner_deny and group_deny computation.
|
| |
|
|
|
|
|
|
|
| |
and use FILE_ATTRIBUTE_DIRECTORY directly in call to NtCreateFile.
* posix_ipc.cc (ipc_mutex_init): Fix format string when creating IPC
object name.
(ipc_cond_init): Ditto.
* security.cc (alloc_sd): Add parentheses to fix setting initial
owner_allow value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
additional path_conv argument.
* fhandler.cc (fhandler_base::open): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Never set DOS
R/O attribute when using ACLs.
(fhandler_disk_file::mkdir): Ditto. Set
security descriptor on remote dirs after creating the dir, same as in
fhandler_base::open.
* fhandler_socket.cc (fhandler_socket::bind): Ditto for remote AF_LOCAL
socket files.
* path.cc (symlink_worker): Ditto. for remote symlinks.
* security.cc (alloc_sd): Take additional path_conv argument.
Accommodate throughout. Drop setting FILE_WRITE_EA/FILE_READ_EA
flags unconditionally (was only necessary for "ntea"). Don't set
FILE_READ_ATTRIBUTES and FILE_WRITE_ATTRIBUTES unconditionally on
Samba. Add comment to explain. Drop useless setting of
STANDARD_RIGHTS_WRITE, it's in FILE_GENERIC_WRITE anyway.
Remove FILE_READ_ATTRIBUTES bit from FILE_GENERIC_EXECUTE so as not
to enforce read permissions on Samba.
(set_security_attribute): Take additional path_conv argument.
* security.h (set_security_attribute): Change prototype accordingly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* environ.cc (set_ntsec): Remove.
(set_smbntsec): Remove.
(known): Remove ntsec and smbntsec options.
* external.cc (check_ntsec): Return true if no filename is given.
* mount.cc (oopts): Add "acl" and "noacl" options. Set MOUNT_NOACL
flag accordingly.
(fillout_mntent): Handle MOUNT_NOACL flag.
* path.h (enum path_types): Add PATH_NOACL.
* security.cc (allow_ntsec): Remove.
(allow_smbntsec): Remove.
* security.h (allow_ntsec): Drop declaration.
(allow_smbntsec): Drop declaration.
* include/sys/mount.h (MOUNT_NOACL): Define.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dcrt0.cc (signal_shift_subtract): Eliminate ancient backwards compatibility.
(check_sanity_and_sync): Ditto.
* winsup.h (SIGTOMASK): Ditto. Just use constant in signal calculation.
* include/cygwin/version: Remove backwards signal mask compatibility define.
* path.cc (symlink_info::check_sysfile): Cosmetic change.
* registry.cc (get_registry_hive_path): Remove unneeded variable.
* exceptions.cc (handle_sigsuspend): Eliminate thread signal mask and use
either main sigmask or current thread sigmask.
(set_process_mask): Ditto.
(sighold): Ditto.
(sigrelse): Ditto.
(sigset): Ditto.
(set_process_mask_delta): Ditto.
(_cygtls::call_signal_handler): Ditto.
* fhandler_process.cc (format_process_status): Ditto.
* fhandler_termios.cc (fhandler_termios::bg_check): Ditto.
* pinfo.h (class pinfo): Ditto.
* select.cc (pselect): Ditto.
* signal.cc (sigprocmask): Ditto.
(abort): Ditto.
(sigpause): Ditto.
(sigsend): Ditto.
(wait_sig): Ditto.
* thread.h (pthread::parent_tls): New member.
* thread.cc (pthread::pthread): Record parent_tls here.
(pthread::thread_init_wrapper): Initialize sigmask from parent thread.
|
| |
|
|
| |
too.
|
| |
|
|
|
|
| |
* sec_acl.cc (getacl): Convert debug output to print native NT path.
* security.cc (set_file_attribute): Ditto.
* syscalls.cc (try_to_bin): Ditto and fix buggy debug statement.
|
| |
|
|
|
|
|
| |
opened for reading the ACLs, fall back to faking them.
* sec_acl.cc (acl_worker): Handle non-existing files.
* security.cc (get_file_attribute): Return ILLEGAL_UID/ILLEGAL_GID
as owner/group for non-readable ACLs on file systems supporting them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of access control functions throughout.
* fhandler_disk_file.cc: Ditto.
* fhandler_registry.cc: Ditto.
* sec_acl.cc: Drop unnecessary includes.
(setacl): Take path_conv instead of file name as parameter.
Accommodate interface changes of access control functions.
(getacl): Ditto.
* sec_auth.cc: New file, taking over all authentication related
functions from security.cc.
* sec_helper.cc: Drop unnecessary includes.
* security.cc: Ditto. Move all authentication related functions to
sec_auth.cc.
(ALL_SECURITY_INFORMATION): New define. Use throughout.
(set_file_sd): New function, replacing read_sd and the file related
part of get_nt_object_security.
(get_reg_sd): Rename from get_reg_security. Drop type parameter.
(get_reg_attribute): New function, replacing the registry related part
of get_nt_object_security.
(get_file_attribute): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(set_file_attribute): Ditto plus new set_file_sd. Drop unnecessary
implementation without uid/gid parameters.
(check_file_access): Take path_conv instead of file name as parameter.
Use new get_file_sd call.
(check_registry_access): Use new get_reg_sd call.
* security.h: Accommodate above interface changes.
|
| |
|
|
|
| |
(set_file_attribute): Do it yourself instead of calling
set_nt_attribute.
|
| |
|
|
|
|
|
|
| |
* security.cc (alloc_sd): Set security descriptor control flag without
calling SetSecurityDescriptorControl function.
* wincap.h (wincapc::has_dacl_protect): Rename from
has_security_descriptor_control.
* wincap.cc: Ditto throughout.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mmap.cc (mlock): Accommodate parameter change in call to
push_thread_privilege.
(munlock): Ditto.
* ntdll.h (STATUS_NOT_ALL_ASSIGNED): Define.
(NtAdjustPrivilegesToken): Declare.
* sec_helper.cc (cygpriv): Reorder to match numerical privilege order.
(privilege_luid): Take job of privilege_luid_by_name, using new
cygpriv.
(privilege_luid_by_name): Remove.
(privilege_name): Accommodate new cygpriv array.
(set_privilege): Call NtAdjustPrivilegesToken to avoid using advapi32.
Accommodate changes to privilege_name.
(set_cygwin_privileges): Simplify. Don't try to set
SE_CREATE_GLOBAL_PRIVILEGE on systems not supporting it.
* security.cc (sys_privs): Reorder to match numerical privilege order.
Use real privilege values as defined in security.h.
(get_system_priv_list): Drop unused grp_list argument. Create
list of privileges according to new wincapc::max_sys_priv value.
(get_priv_list): Call privilege_luid instead of privilege_luid_by_name.
Make priv a local value instead of a pointer.
(create_token): Accommodate parameter change in call to
push_self_privilege.
(lsaauth): Ditto.
(check_access): Use privilege values directly instead of calling
privilege_luid.
* security.h: Define real privilege values.
(cygpriv_idx): Remove.
(privilege_luid): Change declaration.
(privilege_luid_by_name): Drop declaration.
(set_privilege): Change declaration.
(set_process_privilege): Drop definition.
(_push_thread_privilege): Accomodate new set_privilege parameters.
* wincap.h (wincapc::max_sys_priv): New element.
* wincap.cc: Implement above element throughout.
(wincap_2000sp4): New wincaps structure.
(wincap_xpsp1): Ditto.
(wincap_xpsp2): Ditto.
(wincapc::init): Use new wincaps.
(wincapc::max_sys_priv): New element.
|
| |
|
|
|
| |
* security.cc (check_registry_access): Set errno to EROFS when checking
for W_OK.
|
| |
|
|
|
|
|
|
|
|
|
| |
Accommodate changge throughout Cygwin.
(cygheap_user::imp_token): Rename from token. Accommodate changge
throughout Cygwin.
(rcygheap_user::eimpersonate): Use primary token for impersonation.
* grp.cc (internal_getgroups): Use primary impersonation token when
impersonated.
* security.h (_push_thread_privilege): Use primary impersonation token
when impersonated.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* environ.cc (set_ntea): Delete.
(parse_thing): Delete "ntea" setting.
* fhandler.cc (fhandler_base::open): Remove allow_ntea considerations.
(check_posix_perm): Ditto.
* fhandler_disk_file.cc (fhandler_disk_file::fchmod): Ditto.
(fhandler_base::open_fs): Ditto.
(fhandler_disk_file::mkdir): Ditto.
* path.cc (symlink_worker): Ditto.
* security.cc (get_file_attribute): Ditto.
(set_file_attribute): Ditto.
* security.h: Remove allow_ntea declaration.
|
| |
|
|
|
|
|
|
|
| |
* environ.cc (environ_init): Drop setting allow_ntsec here.
* grp.cc (initgroups32): Drop usage of label "out".
* security.cc (allow_ntsec): Set to true by default.
* syscalls.cc (seteuid32): Remove label success_9x.
* wincap.cc: Remove has_security throughout.
* wincap.h: Ditto.
|
| |
|
|
|
|
| |
* pinfo.cc (commune_process): Use default argument to lock_process.
* sigproc.cc: Update copyright.
* select.cc: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
user information on NT4.
* sec_helper.cc (security_descriptor::malloc): Drop LocalAlloc
considerations.
(security_descriptor::realloc): Ditto.
(security_descriptor::free): Ditto.
* security.cc (get_reg_security): Reinstantiate.
(get_nt_object_security): Revert to using NtQuerySecurityObject.
* security.h (class security_descriptor): Drop type member.
Accommodate throughout.
(security_descriptor::size): Constify.
(security_descriptor::copy): Ditto.
|
