diff --git a/winsup/cygwin/environ.cc b/winsup/cygwin/environ.cc index 6ba1469f4..9248e8396 100644 --- a/winsup/cygwin/environ.cc +++ b/winsup/cygwin/environ.cc @@ -83,21 +83,8 @@ set_winsymlinks (const char *buf) allow_winsymlinks = WSYM_lnk; /* Make sure to try native symlinks only on systems supporting them. */ else if (ascii_strncasematch (buf, "native", 6)) - { - if (wincap.max_sys_priv () < SE_CREATE_SYMBOLIC_LINK_PRIVILEGE) - { - if (!user_shared->warned_nonativesyms) - { - small_printf ("\"winsymlinks:%s\" option detected in CYGWIN environment variable.\n" - "Native symlinks are not supported on Windows versions prior to\n" - "Windows Vista/Server 2008. This option will be ignored.\n", buf); - user_shared->warned_nonativesyms = 1; - } - } - else - allow_winsymlinks = ascii_strcasematch (buf + 6, "strict") - ? WSYM_nativestrict : WSYM_native; - } + allow_winsymlinks = ascii_strcasematch (buf + 6, "strict") + ? WSYM_nativestrict : WSYM_native; } /* The structure below is used to set up an array which is used to diff --git a/winsup/cygwin/path.cc b/winsup/cygwin/path.cc index eb4fc08ec..4ca8e0872 100644 --- a/winsup/cygwin/path.cc +++ b/winsup/cygwin/path.cc @@ -1759,15 +1759,7 @@ symlink_worker (const char *oldpath, const char *newpath, bool isdevice) wsym_type = WSYM_lnk; /* AFS only supports native symlinks. */ else if (win32_newpath.fs_is_afs ()) - { - /* Bail out if OS doesn't support native symlinks. */ - if (wincap.max_sys_priv () < SE_CREATE_SYMBOLIC_LINK_PRIVILEGE) - { - set_errno (EPERM); - __leave; - } - wsym_type = WSYM_nativestrict; - } + wsym_type = WSYM_nativestrict; /* Don't try native symlinks on FSes not supporting reparse points. */ else if ((wsym_type == WSYM_native || wsym_type == WSYM_nativestrict) && !(win32_newpath.fs_flags () & FILE_SUPPORTS_REPARSE_POINTS)) diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index e8d1d9138..a3fbece40 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -598,67 +598,74 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid, tmp_list += groups.pgsid; } -static ULONG sys_privs[] = { - SE_CREATE_TOKEN_PRIVILEGE, - SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, - SE_LOCK_MEMORY_PRIVILEGE, - SE_INCREASE_QUOTA_PRIVILEGE, - SE_TCB_PRIVILEGE, - SE_SECURITY_PRIVILEGE, - SE_TAKE_OWNERSHIP_PRIVILEGE, - SE_LOAD_DRIVER_PRIVILEGE, - SE_SYSTEM_PROFILE_PRIVILEGE, /* Vista ONLY */ - SE_SYSTEMTIME_PRIVILEGE, - SE_PROF_SINGLE_PROCESS_PRIVILEGE, - SE_INC_BASE_PRIORITY_PRIVILEGE, - SE_CREATE_PAGEFILE_PRIVILEGE, - SE_CREATE_PERMANENT_PRIVILEGE, - SE_BACKUP_PRIVILEGE, - SE_RESTORE_PRIVILEGE, - SE_SHUTDOWN_PRIVILEGE, - SE_DEBUG_PRIVILEGE, - SE_AUDIT_PRIVILEGE, - SE_SYSTEM_ENVIRONMENT_PRIVILEGE, - SE_CHANGE_NOTIFY_PRIVILEGE, - SE_UNDOCK_PRIVILEGE, - SE_MANAGE_VOLUME_PRIVILEGE, - SE_IMPERSONATE_PRIVILEGE, - SE_CREATE_GLOBAL_PRIVILEGE, - SE_INCREASE_WORKING_SET_PRIVILEGE, - SE_TIME_ZONE_PRIVILEGE, - SE_CREATE_SYMBOLIC_LINK_PRIVILEGE -}; - -#define SYSTEM_PRIVILEGES_COUNT (sizeof sys_privs / sizeof *sys_privs) - -static PTOKEN_PRIVILEGES -get_system_priv_list (size_t &size) +/* Fixed size TOKEN_PRIVILEGES list to reflect privileges given to the + SYSTEM account by default. */ +const struct { - ULONG max_idx = 0; - while (max_idx < SYSTEM_PRIVILEGES_COUNT - && sys_privs[max_idx] != wincap.max_sys_priv ()) - ++max_idx; - if (max_idx >= SYSTEM_PRIVILEGES_COUNT) - api_fatal ("Coding error: wincap privilege %u doesn't exist in sys_privs", - wincap.max_sys_priv ()); - size = sizeof (ULONG) + (max_idx + 1) * sizeof (LUID_AND_ATTRIBUTES); - PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (size); - if (!privs) - { - debug_printf ("malloc (system_privs) failed."); - return NULL; - } - privs->PrivilegeCount = 0; - for (ULONG i = 0; i <= max_idx; ++i) - { - privs->Privileges[privs->PrivilegeCount].Luid.HighPart = 0L; - privs->Privileges[privs->PrivilegeCount].Luid.LowPart = sys_privs[i]; - privs->Privileges[privs->PrivilegeCount].Attributes = - SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT; - ++privs->PrivilegeCount; - } - return privs; -} + DWORD PrivilegeCount; + LUID_AND_ATTRIBUTES Privileges[28]; +} sys_privs = +{ + 28, + { + { { SE_CREATE_TOKEN_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_LOCK_MEMORY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_INCREASE_QUOTA_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_TCB_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SECURITY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_TAKE_OWNERSHIP_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_LOAD_DRIVER_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SYSTEM_PROFILE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SYSTEMTIME_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_INC_BASE_PRIORITY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_PAGEFILE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_PERMANENT_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_BACKUP_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_RESTORE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SHUTDOWN_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_DEBUG_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_AUDIT_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CHANGE_NOTIFY_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_UNDOCK_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_MANAGE_VOLUME_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_IMPERSONATE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_GLOBAL_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_INCREASE_WORKING_SET_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_TIME_ZONE_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, + { { SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0 }, + SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT } + } +}; static PTOKEN_PRIVILEGES get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list, @@ -672,7 +679,7 @@ get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list, { if (mandatory_integrity_sid) *mandatory_integrity_sid = mandatory_system_integrity_sid; - return get_system_priv_list (size); + return (PTOKEN_PRIVILEGES) &sys_privs; } if (mandatory_integrity_sid) diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc index 2b8336dfb..cb52aad6f 100644 --- a/winsup/cygwin/wincap.cc +++ b/winsup/cygwin/wincap.cc @@ -19,82 +19,87 @@ details. */ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = { def_guard_pages:1, - max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, - is_server:false, - needs_count_in_si_lpres2:true, - has_gaa_largeaddress_bug:true, - has_broken_alloc_console:false, - has_console_logon_sid:false, - has_precise_system_time:false, - has_microsoft_accounts:false, - has_processor_groups:false, - has_broken_prefetchvm:false, - has_new_pebteb_region:false, - has_broken_whoami:true, + { + is_server:false, + needs_count_in_si_lpres2:true, + has_gaa_largeaddress_bug:true, + has_broken_alloc_console:false, + has_console_logon_sid:false, + has_precise_system_time:false, + has_microsoft_accounts:false, + has_processor_groups:false, + has_broken_prefetchvm:false, + has_new_pebteb_region:false, + has_broken_whoami:true, + }, }; wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = { def_guard_pages:1, - max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, - is_server:false, - needs_count_in_si_lpres2:false, - has_gaa_largeaddress_bug:true, - has_broken_alloc_console:true, - has_console_logon_sid:true, - has_precise_system_time:false, - has_microsoft_accounts:false, - has_processor_groups:true, - has_broken_prefetchvm:false, - has_new_pebteb_region:false, - has_broken_whoami:true, + { + is_server:false, + needs_count_in_si_lpres2:false, + has_gaa_largeaddress_bug:true, + has_broken_alloc_console:true, + has_console_logon_sid:true, + has_precise_system_time:false, + has_microsoft_accounts:false, + has_processor_groups:true, + has_broken_prefetchvm:false, + has_new_pebteb_region:false, + has_broken_whoami:true, + }, }; wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = { def_guard_pages:2, - max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, - is_server:false, - needs_count_in_si_lpres2:false, - has_gaa_largeaddress_bug:false, - has_broken_alloc_console:true, - has_console_logon_sid:true, - has_precise_system_time:true, - has_microsoft_accounts:true, - has_processor_groups:true, - has_broken_prefetchvm:false, - has_new_pebteb_region:false, - has_broken_whoami:false, + { + is_server:false, + needs_count_in_si_lpres2:false, + has_gaa_largeaddress_bug:false, + has_broken_alloc_console:true, + has_console_logon_sid:true, + has_precise_system_time:true, + has_microsoft_accounts:true, + has_processor_groups:true, + has_broken_prefetchvm:false, + has_new_pebteb_region:false, + has_broken_whoami:false, + }, }; wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = { def_guard_pages:2, - max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, - is_server:false, - needs_count_in_si_lpres2:false, - has_gaa_largeaddress_bug:false, - has_broken_alloc_console:true, - has_console_logon_sid:true, - has_precise_system_time:true, - has_microsoft_accounts:true, - has_processor_groups:true, - has_broken_prefetchvm:true, - has_new_pebteb_region:false, - has_broken_whoami:false, + { + is_server:false, + needs_count_in_si_lpres2:false, + has_gaa_largeaddress_bug:false, + has_broken_alloc_console:true, + has_console_logon_sid:true, + has_precise_system_time:true, + has_microsoft_accounts:true, + has_processor_groups:true, + has_broken_prefetchvm:true, + has_new_pebteb_region:false, + has_broken_whoami:false, + }, }; wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) = { def_guard_pages:2, - max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, - is_server:false, - needs_count_in_si_lpres2:false, - has_gaa_largeaddress_bug:false, - has_broken_alloc_console:true, - has_console_logon_sid:true, - has_precise_system_time:true, - has_microsoft_accounts:true, - has_processor_groups:true, - has_broken_prefetchvm:false, - has_new_pebteb_region:true, - has_broken_whoami:false, + { + is_server:false, + needs_count_in_si_lpres2:false, + has_gaa_largeaddress_bug:false, + has_broken_alloc_console:true, + has_console_logon_sid:true, + has_precise_system_time:true, + has_microsoft_accounts:true, + has_processor_groups:true, + has_broken_prefetchvm:false, + has_new_pebteb_region:true, + has_broken_whoami:false, + }, }; wincapc wincap __attribute__((section (".cygwin_dll_common"), shared)); diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h index 14837f7e0..e32674fd1 100644 --- a/winsup/cygwin/wincap.h +++ b/winsup/cygwin/wincap.h @@ -11,19 +11,22 @@ details. */ struct wincaps { - DWORD def_guard_pages; - DWORD max_sys_priv; - unsigned is_server : 1; - unsigned needs_count_in_si_lpres2 : 1; - unsigned has_gaa_largeaddress_bug : 1; - unsigned has_broken_alloc_console : 1; - unsigned has_console_logon_sid : 1; - unsigned has_precise_system_time : 1; - unsigned has_microsoft_accounts : 1; - unsigned has_processor_groups : 1; - unsigned has_broken_prefetchvm : 1; - unsigned has_new_pebteb_region : 1; - unsigned has_broken_whoami : 1; + DWORD def_guard_pages; + /* The bitfields must be 8 byte aligned on x86_64, otherwise the bitfield + ops generated by gcc are off by 4 bytes. */ + struct __attribute__ ((aligned (8))) { + unsigned is_server : 1; + unsigned needs_count_in_si_lpres2 : 1; + unsigned has_gaa_largeaddress_bug : 1; + unsigned has_broken_alloc_console : 1; + unsigned has_console_logon_sid : 1; + unsigned has_precise_system_time : 1; + unsigned has_microsoft_accounts : 1; + unsigned has_processor_groups : 1; + unsigned has_broken_prefetchvm : 1; + unsigned has_new_pebteb_region : 1; + unsigned has_broken_whoami : 1; + }; }; class wincapc @@ -53,7 +56,6 @@ public: { return ((wincaps *) this->caps)->def_guard_pages * page_size (); } - DWORD IMPLEMENT (max_sys_priv) bool IMPLEMENT (is_server) bool IMPLEMENT (needs_count_in_si_lpres2) bool IMPLEMENT (has_gaa_largeaddress_bug)