* security.cc (get_attribute_from_acl): Don't spill Everyone permissions
into group permissions if owner SID == group SID.
(alloc_sd): Add parenthesis for clarity.
Corinna Vinschen [Sat, 28 Feb 2015 12:12:34 +0000 (12:12 +0000)]
* uinfo.cc (pwdgrp::add_line): Return NULL if parsing a line failed.
(pwdgrp::add_account_post_fetch): Check return value from add_line and
return NULL if add_line returns NULL.
Corinna Vinschen [Fri, 27 Feb 2015 12:59:09 +0000 (12:59 +0000)]
* sec_acl.cc (setacl): Fix bug which leads to ACE duplication in
case owner SID == group SID.
(getacl): Reverse order of SID test against group or owner sid to
prefer owner attributes over group attributes. Disable setting group
permissions equivalent to owner permissions if owner == group. Add
comment to explain why. Fix indentation.
* security.cc (get_attribute_from_acl): Change type of local variables
containing permission to mode_t. Apply deny mask to group if group SID
== owner SID to avoid Everyone permissions to spill over into group
permissions. Disable setting group permissions equivalent to owner
permissions if owner == group. Add comment to explain why.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Allow user SID as
group account if user is a "Microsoft Account". Explain why. Drop
workaround enforcing primary group "Users" for "Microsoft Accounts".
Corinna Vinschen [Thu, 26 Feb 2015 17:27:59 +0000 (17:27 +0000)]
* ldap.cc (cyg_ldap::wait): Call cygwait with cw_infinite timeout value
and with cw_sig_restart instead of cw_sig_eintr. Drop useless
_my_tls.call_signal_handler call. Return EIO if cygwait failed.
Corinna Vinschen [Thu, 26 Feb 2015 17:00:11 +0000 (17:00 +0000)]
* posix_ipc.cc (ipc_mutex_lock): Add bool parameter to influence if
cygwait should be in EINTR or in restart mode. Call signal handler
if in EINTR mode.
(mq_getattr): Call ipc_mutex_lock in restart mode.
(mq_setattr): Ditto.
(mq_notify): Ditto.
(_mq_send): Call ipc_mutex_lock in EINTR mode.
(_mq_receive): Ditto.
Corinna Vinschen [Wed, 25 Feb 2015 11:38:48 +0000 (11:38 +0000)]
* security.cc (alloc_sd): Add temporary workaround which disallows
any secondary user to have more permissions than the primary group
in calls to chmod. Add comment to explain why.
Corinna Vinschen [Tue, 24 Feb 2015 20:52:57 +0000 (20:52 +0000)]
* ldap.h: Remove index macros.
(class cyg_ldap): Remove members srch_msg and srch_entry.
(cyg_ldap::get_string_attribute): Remove private method taking index
argument.
(cyg_ldap::get_num_attribute): Ditto. Add method taking attribute name.
(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
(cyg_ldap::get_unix_uid): Ditto.
(cyg_ldap::get_unix_gid): Ditto.
* ldap.cc: Throughout, use msg and entry in place of srch_msg and
srch_entry.
(std_user_attr): Add sAMAccountName and objectSid.
(group_attr): Ditto.
(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
(cyg_ldap::get_string_attribute): Move earlier in file.
(cyg_ldap::get_num_attribute): Ditto.
(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
Use group_attr or user_attr rather than sid_attr to fetch all desired
attributes for an account right away.
(cyg_ldap::next_account): Store found SID in last_fetched_sid to
skip calls to fetch_ad_account from fetch_account_from_windows.
(cyg_ldap::get_string_attribute): Remove method taking index argument.
(cyg_ldap::get_num_attribute): Ditto.
* pwdgrp.h (class pg_ent): Fix formatting. Add member dom.
* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
in dom. Construct fetch_acc_t argument from LDAP attributes and
call fetch_account_from_windows with that.
* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
FULL_acc_arg. Change throughout.
(struct fetch_acc_t): Rename from fetch_full_grp_t. Change throughout.
(struct fetch_user_arg_t): Rename full_grp to full_acc. Change
throughout.
Corinna Vinschen [Tue, 24 Feb 2015 11:05:02 +0000 (11:05 +0000)]
* fhandler.h (class fhandler_base): Add was_nonblocking status flag.
* fhandler.cc (fhandler_base::set_flags): Set was_nonblocking if the
O_NONBLOCK flag has been specified.
(fhandler_base_overlapped::close): Check for was_nonblocking instead
of for is_nonblocking. Explain why.
(fhandler_base::set_nonblocking): Set was_nonblocking if noblocking
mode gets enabled.
Corinna Vinschen [Mon, 23 Feb 2015 20:51:12 +0000 (20:51 +0000)]
* autoload.cc (LsaLookupSids): Import.
* cygserver_pwdgrp.h: Include userinfo.h. Drop workaround defining
fetch_user_arg_type_t locally.
* grp.cc (internal_getgrsid_cachedonly): New function.
(internal_getgrfull): Ditto.
(internal_getgroups): Rearrange function. Center around fetching all
cached group info first, calling LsaLookupSids on all so far non-cached
groups second. Pass all available info to new internal_getgrfull call.
* pwdgrp.h: Include userinfo.h. Move definitions of
fetch_user_arg_type_t and fetch_user_arg_t there.
(pwdgrp::add_group_from_windows): Declare with getting full group info.
Called from internal_getgrfull.
* uinfo.cc (pwdgrp::add_group_from_windows): Define.
(pwdgrp::fetch_account_from_line): Add default case.
(pwdgrp::fetch_account_from_file): Ditto.
(pwdgrp::fetch_account_from_windows): Handle FULL_grp_arg.
(client_request_pwdgrp::client_request_pwdgrp): Add default case.
* userinfo.h: New header.
(enum fetch_user_arg_type_t): Add FULL_grp_arg.
(struct fetch_full_grp_t): New datatype.
Corinna Vinschen [Mon, 23 Feb 2015 13:56:01 +0000 (13:56 +0000)]
* cygwait.h (enum cw_wait_mask): Add cw_sig_restart. Add comments
to explain the meaning of the possible values.
* cygwait.cc (is_cw_sig_restart): Define.
(is_cw_sig_handle): Check for cw_sig_restart as well.
(cygwait): Restart always if cw_sig_restart is set.
* thread.cc (pthread::join): Call cygwait with cw_sig_restart flag
to avoid having to handle signals at all.
Jon TURNEY [Fri, 20 Feb 2015 12:13:59 +0000 (12:13 +0000)]
2015-02-19 Jon TURNEY <jon.turney@dronecode.org.uk>
* include/cygwin/stdlib.h (initstate, random, setstate, srandom):
Check if __XSI_VISIBLE is set by sys/cdefs.h, rather than testing
for _XOPEN_SOURCE directly, to work correctly when _GNU_SOURCE is
set.
Corinna Vinschen [Tue, 17 Feb 2015 21:08:01 +0000 (21:08 +0000)]
* ldap.h (class cyg_ldap): Rename rootdse to def_context. Change
throughout.
* ldap.cc (cyg_ldap::open): Fix debug output.
(cyg_ldap::fetch_ad_account): Rename rdse to base. Restrict LDAP
query to users and groups only.
(cyg_ldap::enumerate_ad_accounts): Rearrange filter expression for
user accounts.
(SYSTEM_CONTAINER): New macro.
(cyg_ldap::fetch_posix_offset_for_domain): Set base in LDAP search
to the "System" container in the default naming context to restrict
the search scope.
(cyg_ldap::fetch_unix_sid_from_ad): Add objectCategory=Person to
search filter for users.
Corinna Vinschen [Mon, 16 Feb 2015 11:49:33 +0000 (11:49 +0000)]
* spawn.cc (find_exec): Extend preceeding comment to explain more
detailed what's going on in this function. Overwrite potential symlink
target with original path.
Corinna Vinschen [Mon, 16 Feb 2015 10:23:01 +0000 (10:23 +0000)]
* setup-files.xml (setup-files): Drop hint to set HOME in Windows
environment.
* setup-env.xml (setup-env-ov): Discourage setting HOME in the Windows
environment.
Corinna Vinschen [Sun, 15 Feb 2015 08:59:55 +0000 (08:59 +0000)]
* path.h (path_conv): Make path_flags private. Rename known_suffix to
suffix and make private. Rename normalized_path to posix_path and
make privtae. Accommodate name changes throughout in path_conv
methods.
(path_conv::known_suffix): New method. Use throughout instead of
accessing suffix directly.
(path_conv::get_win32): Constify.
(path_conv::get_posix): New method to read posix_path. Use throughout
instead of accessing normalized_path directly.
(path_conv::set_posix): Rename from set_normalized_path. Accommodate
name change throughout.
* spawn.cc (find_exec): Return POSIX path, not Win32 path.
Corinna Vinschen [Thu, 12 Feb 2015 16:55:38 +0000 (16:55 +0000)]
* cygheap.h (cygheap_pwdgrp::get_home): Add dnsdomain parameter to
declaration in ldap-related method.
(cygheap_pwdgrp::get_shell): Ditto.
(cygheap_pwdgrp::get_gecos): Ditto.
* ldap.cc (cyg_ldap::open): Use NO_ERROR instead of 0.
(cyg_ldap::close): Reset last_fetched_sid.
(cyg_ldap::fetch_ad_account): Return immediately if sid is the same as
last_fetched_sid. Open LDAP connection from here. Move initialization
of rdse after open call. Set last_fetched_sid if LDAP call was
successful.
* ldap.h (class cyg_ldap): Add member last_fetched_sid.
(cyg_ldap::cyg_ldap): Initialize last_fetched_sid.
(cyg_ldap::is_open): New inline method.
* uinfo.cc (cygheap_pwdgrp::init): Drop initialization of db_home,
db_shell and db_gecos with "cygwin desc", thus only using the fallback
by default.
(fetch_windows_home): Add parameter dnsdomain. Call
cyg_ldap::fetch_ad_account if required.
(fetch_from_path): Add parameter dnsdomain. Call fetch_windows_home
accordingly.
(cygheap_pwdgrp::get_home): Accomodate call to fetch_windows_home.
Add dnsdomain parameter in ldap-related method. Call
cyg_ldap::fetch_ad_account if required.
(cygheap_pwdgrp::get_shell): Ditto.
(cygheap_pwdgrp::get_gecos): Ditto.
(pwdgrp::fetch_account_from_windows): Drop cyg_ldap::open call prior to
cyg_ldap::fetch_ad_account call. Set is_current_user to true if we're
handling the current user account. Make sure to perform the LDAP calls
only for users, and only if required.
Corinna Vinschen [Wed, 11 Feb 2015 13:15:59 +0000 (13:15 +0000)]
* dlfcn.cc (check_path_access): Drop FE_NATIVE from find_exec call.
(gfpod_helper): Drop equality sign from environment variable name
in call to check_path_access.
* exec.cc (execlp): Drop equality sign from environment variable name
in call to find_exec.
(execvp): Ditto.
(execvpe): Ditto.
* path.h (enum fe_types): Drop FE_NATIVE.
(find_exec): Rename third paramter in declaration from search. Drop
equality sign from default value.
* spawn.cc (perhaps_suffix): Add PC_POSIX to path_conv::check call.
(find_exec): Simplify function. Iterate over POSIX pathlist rather
than Windows pathlist. Drop handling of FE_NATIVE flag. Always fill
posix path of incoming path_conv buf, unless FE_NNF flag is given.
(av::setup): Drop equality sign from environment variable name
in call to find_exec. Call unshift with normalized_path.
* winf.cc (av::unshift): Drop conv parameter and code converting
Windows to POSIX path.
* winf.h (av::unshift): Accommodate prototype.
* regtool.cc (longopts): Add --force option.
(opts): Add -f option.
(restore_flags): New variable.
(usage): Clarify working of save action. Add restore action. Add
description for -f/--force option.
(set_privilege): Drop function. The Cygwin DLL is doing that anyway.
(cmd_save): Drop call to set_privilege.
(cmd_restore): New function.
(main): Handle -f/--force option.
* Throughout, replace http with https as far as cygwin.com and
sourceware.org URLs are concerned.
* Throughout, simplify ulink expressions if the visible text is the
URL anyway.
* faq-programming.xml (faq.programming.dll-relocatable): Remove.
* faq-setup.xml (faq.setup.name-with-space): Change for 1.7.34.
(faq.setup.home): Ditto.
* faq-using.xml (faq.using.printing): Clarify old links and availability
of a2ps and file.
(faq.using.xemacs): Drop outdated version info and pointers to native
XEmacs.
(faq.using.ntemacs): Remove.
* faq-what.xml (faq.what.what): Rephrase to reflect reality.
(faq.what.supported): Ditto.
(faq.what.who): Rephrase slightly.
* legal.xml: Bump copyright.
* setup-net.xml (internet-setup): Fix references to setup executables.
Corinna Vinschen [Wed, 28 Jan 2015 11:43:06 +0000 (11:43 +0000)]
* Makefile.in (VERSION_OFILES): New variable containing object files
with version information. Use throughout.
(clean): Drop winver_stamp.
(version.cc winver.o): Drop empty rule.
(winver_stamp): Convert to rule targeting version.cc and winver.o
directly. Drop touching winver_stamp. Fix typo.
git://sourceware.org / newlib-cygwin.git / log