nt/inc/sys/stat.h (S_ISMPX): Define to zero, to accommodate changes
in lib/filemode.c that broke the MS-Windows build.
Suggested by Andy Moreton <andrewjmoreton@gmail.com>.
src/w32.c: Include sddl.h and sys/acl.h.
(SDDL_REVISION_1): Define if not already defined.
(g_b_init_get_security_descriptor_dacl)
(g_b_init_convert_sd_to_sddl, g_b_init_convert_sddl_to_sd)
(g_b_init_is_valid_security_descriptor)
(g_b_init_set_file_security): New static flags.
(globals_of_w32): Initialize them to zero.
(SetFileSecurity_Name): New string constant.
(SetFileSecurity_Proc, GetSecurityDescriptorDacl_Proc)
(ConvertStringSecurityDescriptorToSecurityDescriptor_Proc)
(ConvertSecurityDescriptorToStringSecurityDescriptor_Proc)
(IsValidSecurityDescriptor_Proc): New typedefs.
(get_file_security, get_security_descriptor_owner)
(get_security_descriptor_group): Set errno to ENOTSUP.
(set_file_security, get_security_descriptor_dacl)
(is_valid_security_descriptor, convert_sd_to_sddl)
(convert_sddl_to_sd, acl_valid, acl_to_text, acl_from_text)
(acl_free, acl_get_file, acl_set_file): New functions.
src/fileio.c (Fcopy_file) [WINDOWSNT]: Support copying ACLs.
nt/inc/sys/acl.h: New file.
nt/inc/ms-w32.h (ENOTSUP): Define if undefined.
nt/config.nt (HAVE_POSIX_ACL): Define.
doc/lispref/files.texi (File Attributes, Changing Files): Update to include
MS-Windows support for ACLs.
src/w32.h (_child_process): New members input_file and
pending_deletion.
(register_child): First argument is now pid_t.
(record_infile, record_pending_deletion): New prototypes.
src/w32proc.c (new_child): Initialize input_file and
pending_deletion members of the child.
(delete_child): Delete the child's temporary input file, if any,
that is pending deletion.
(register_child): First argument is now pid_t.
(record_infile, record_pending_deletion): New functions.
(reap_subprocess): Fix a typo in DebPrint string.
(sys_spawnve, sys_kill): Use pid_t for PID arguments.
src/fileio.c (internal_delete_file): Return an int again: non-zero
if delete-file succeeds, zero otherwise.
src/lisp.h (internal_delete_file): Adjust prototype.
src/callproc.c (Fcall_process): Don't overwrite infile with result
of DECODE_FILE.
[WINDOWSNT] If BUFFER is an integer, i.e. we are launching an
asynchronous subprocess, record the name of the input file name,
if any.
(delete_temp_file) [WINDOWSNT]: If internal_delete_file fails to
delete the file, record it as pending deletion when the subprocess
exits.
nt/inc/ms-w32.h (sys_unlink): Provide prototype.
src/w32.c (stat_worker): If w32_stat_get_owner_group is zero, do not
try to get accurate owner and group information from NT file
security APIs. This is to make most callers of 'stat' and
'lstat', which don't need that information, much faster.
src/dired.c (Ffile_attributes) [WINDOWSNT]: Set
w32_stat_get_owner_group to a non-zero value, to request accurate
owner and group information from 'lstat'.
nt/inc/sys/stat.h: Declare w32_stat_get_owner_group.
This is a backport from the trunk, consisting of:
2012-11-17 Eli Zaretskii <eliz@gnu.org>
* nt/inc/sys/wait.h: New file, with prototype of waitpid and
definitions of macros it needs.
* nt/inc/ms-w32.h (wait): Don't define, 'wait' is not used anymore.
(sys_wait): Remove prototype.
* nt/config.nt (HAVE_SYS_WAIT_H): Define to 1.
* src/w32proc.c (create_child): Don't clip the PID of the child
process to fit into an Emacs integer, as this is no longer a
restriction.
(waitpid): Rename from sys_wait. Emulate a Posix 'waitpid' by
reaping only the process specified by PID argument, if that is
positive. Use PID instead of dead_child to know which process to
reap. Wait for the child to die only if WNOHANG is not in
OPTIONS.
(sys_select): Don't set dead_child.
* src/sysdep.c (wait_for_termination_1): Remove the WINDOWSNT portion,
as it is no longer needed.
* src/process.c (waitpid, WUNTRACED) [!WNOHANG]: Remove definitions,
no longer needed.
(record_child_status_change): Remove the setting of
record_at_most_one_child for the !WNOHANG case.
2012-11-03 Paul Eggert <eggert@cs.ucla.edu>
Fix a race condition that causes Emacs to mess up glib (Bug#8855).
This is a backport from the trunk.
The symptom is a diagnostic "GLib-WARNING **: In call to
g_spawn_sync(), exit status of a child process was requested but
SIGCHLD action was set to SIG_IGN and ECHILD was received by
waitpid(), so exit status can't be returned." The diagnostic
is partly wrong, as the SIGCHLD action is not set to SIG_IGN.
The real bug is a race condition between Emacs and glib: Emacs
does a waitpid (-1, ...) and reaps glib's subprocess by mistake,
so that glib can't find it. Work around the bug by invoking
waitpid only on subprocesses that Emacs itself creates.
* src/process.c (create_process, record_child_status_change):
Don't use special value -1 in pid field, as the caller now must
know the pid rather than having the callee infer it. The
inference was sometimes incorrect anyway, due to another race.
(create_process): Set new 'alive' member if child is created.
(process_status_retrieved): New function.
(record_child_status_change): Use it.
Accept negative 1st argument, which means to wait for the
processes that Emacs already knows about. Move special-case code
for DOS_NT (which lacks WNOHANG) here, from caller. Keep track of
processes that have already been waited for, by testing and
clearing new 'alive' member.
(CAN_HANDLE_MULTIPLE_CHILDREN): Remove, as record_child_status_change
now does this internally.
(handle_child_signal): Let record_child_status_change do all
the work, since we do not want to reap all exited child processes,
only the child processes that Emacs itself created.
* src/process.h (Lisp_Process): New boolean member 'alive'.
* admin/CPP-DEFINES (HAVE_CLOSEDIR, HAVE_DIRENT_H): Remove.
* admin/notes/copyright: Adjust to src/ndir.h -> nt/inc/dirent.h renaming.
* configure.ac: Do not check for dirent.h or closdir.
* nt/inc/dirent.h: Rename from ../src/ndir.h, with these changes:
(struct dirent): Rename from struct direct. All uses changed.
* nt/inc/sys/dir.h: Remove.
* src/dired.c: Assume HAVE_DIRENT_H.
(NAMLEN): Remove, replacing with ...
(dirent_namelen): New function. All uses changed. Use the GNU macro
_D_EXACT_NAMELEN if available, as it's faster than strlen.
(DIRENTRY): Remove, replacing all uses with 'struct dirent'.
(DIRENTRY_NONEMPTY): Remove. All callers now assume it's nonzero.
* src/makefile.w32-in (DIR_H): Remove. All uses replaced with
$(NT_INC)/dirent.h.
($(BLD)/w32.$(O)): Do not depend on $(SRC)/ndir.h.
* src/ndir.h: Rename to ../nt/inc/dirent.h.
* src/sysdep.h (closedir) [!HAVE_CLOSEDIR]: Remove.
Do not include <dirent.h>; no longer needed.
* src/w32.c: Include <dirent.h> rather than "ndir.h".
Fixes: debbugs:12958
* admin/CPP-DEFINES (O_RDONLY, O_RDWR, HAVE_FCNTL_H): Remove.
* admin/merge-gnulib (GNULIB_MODULES): Add fcntl-h.
* configure.ac: Do not check for fcntl.h.
* lib/gnulib.mk: Regenerate.
* lib-src/movemail.c, lib-src/update-game-score.c: Assume <fcntl.h> exists.
* nt/inc/sys/socket.h (O_NONBLOCK): Rename from O_NDELAY, since the
POSIX name for this flag is O_NONBLOCK. All uses changed.
* nt/inc/unistd.h (O_RDWR, O_NOCTTY): New macros. Like AT_FDCWD etc.
these really should be moved to a replacement <fcntl.h> if and
when that gets implemented. In the meantime, include <fcntl.h>
to make sure we don't override its definitions.
* src/callproc.c (relocate_fd): Assume F_DUPFD.
* src/emacs.c, src/term.c (O_RDWR): Remove.
* src/keyboard.c (tty_read_avail_input): Use O_NONBLOCK rather than
O_NDELAY, since O_NONBLOCK is the standard name for this flag.
* src/nsterm.m: Assume <fcntl.h> exists.
* src/process.c (NON_BLOCKING_CONNECT, allocate_pty, create_process)
(create_pty, Fmake_network_process, server_accept_connection)
(wait_reading_process_output, init_process_emacs):
Assume O_NONBLOCK.
(wait_reading_process_output): Put in a special case for WINDOWSNT
to mimick the older behavior where it had O_NDELAY but not O_NONBLOCK.
It's not clear this is needed, but it's a more-conservative change.
(create_process): Assume FD_CLOEXEC.
(create_process, create_pty): Assume O_NOCTTY.
* src/sysdep.c (init_sys_modes, reset_sys_modes): Assume F_SETFL.
(reset_sys_modes): Use O_NONBLOCK rather than O_NDELAY.
Omit if not DOS_NT, since F_GETFL is not defined there.
(serial_open): Assume O_NONBLOCK and O_NOCTTY.
* src/term.c: Include <fcntl.h>, for flags like O_NOCTTY.
(O_NOCTTY): Remove.
(init_tty): Assume O_IGNORE_CTTY is defined to 0 on platforms that
lack it, since gnulib guarantees this.
* src/w32.c (fcntl): Test for O_NONBLOCK rather than O_NDELAY.
Fixes: debbugs:12881
nt/inc/sys/wait.h: New file, with prototype of waitpid and
definitions of macros it needs.
nt/inc/ms-w32.h (wait): Don't define, 'wait' is not used anymore.
(sys_wait): Remove prototype.
nt/config.nt (HAVE_SYS_WAIT_H): Define to 1.
src/w32proc.c (create_child): Don't clip the PID of the child
process to fit into an Emacs integer, as this is no longer a
restriction.
(waitpid): Rename from sys_wait. Emulate a Posix 'waitpid' by
reaping only the process specified by PID argument, if that is
positive. Use PID instead of dead_child to know which process to
reap. Wait for the child to die only if WNOHANG is not in
OPTIONS.
(sys_select): Don't set dead_child.
src/sysdep.c (wait_for_termination_1): Remove the WINDOWSNT portion,
as it is no longer needed.
src/process.c (waitpid, WUNTRACED) [!WNOHANG]: Remove definitions,
no longer needed.
(record_child_status_change): Remove the setting of
record_at_most_one_child for the !WNOHANG case.
nt/zipdist.bat (ZIP_CHECK): Remove unused label. When invoking 7z
to check if it's installed, redirect standard output and standard
error to the null device.
(ZIP_DIST): Don't build the "barebin" distribution.
nt/inc/unistd.h (faccessat): Add prototype.
(AT_FDCWD, AT_EACCESS, AT_SYMLINK_NOFOLLOW): New macros; the first
2 moved from ms-w32.h.
nt/inc/ms-w32.h (AT_FDCWD, AT_EACCESS, faccessat): Remove macros.
src/w32.c (faccessat): Rename from sys_faccessat. (No need to use a
different name, as the MS runtime does not have such a function,
and probably never will.) All callers changed. Ignore DIRFD
value if PATH is an absolute file name, to match Posix spec
better. If AT_SYMLINK_NOFOLLOW is set in FLAGS, don't resolve
symlinks.
Fixes: debbugs:12632
This fixes a bug that has been present in Emacs since its creation.
It was reported by Chris Torek in 1983 even before GNU Emacs existed,
which must set some sort of record. (Torek's bug report was against
a predecessor of GNU Emacs, but GNU Emacs happened to have the
same common flaw.) See Torek's Usenet posting
"setuid/setgid programs & Emacs" Article-I.D.: sri-arpa.858
Posted: Fri Apr 8 14:18:56 1983.
* .bzrignore: Add lib/fcntl.h.
* configure.ac (euidaccess): Remove check; gnulib does this for us now.
(gl_FCNTL_O_FLAGS): Define a dummy version.
* lib/at-func.c, lib/euidaccess.c, lib/faccessat.c, lib/fcntl.in.h:
* lib/getgroups.c, lib/group-member.c, lib/root-uid.h:
* lib/xalloc-oversized.h, m4/euidaccess.m4, m4/faccessat.m4:
* m4/fcntl_h.m4, m4/getgroups.m4, m4/group-member.m4:
New files, from gnulib.
* lib/gnulib.mk, m4/gnulib-comp.m4: Regenerate.
* admin/merge-gnulib (GNULIB_MODULES): Add faccessat.
(GNULIB_TOOL_FLAGS): Avoid at-internal, fchdir, malloc-posix,
openat-die, openat-h, save-cwd. Do not avoid fcntl-h.
Omit gnulib's m4/fcntl-o.m4.
* nt/inc/ms-w32.h (AT_FDCWD, AT_EACCESS): New symbols.
(access): Remove.
(faccessat): New macro.
* src/Makefile.in (LIB_EACCESS): New macro.
(LIBES): Use it.
* src/callproc.c (init_callproc):
* src/charset.c (init_charset):
* src/fileio.c (check_existing, check_executable, check_writable)
(Ffile_readable_p):
* src/lread.c (openp, load_path_check):
* src/process.c (allocate_pty):
* src/xrdb.c (file_p):
Use effective UID when checking permissions, not real UID.
* src/callproc.c (init_callproc):
* src/charset.c (init_charset):
* src/lread.c (load_path_check, init_lread):
Test whether directories are accessible, not merely whether they exist.
* src/conf_post.h (GNULIB_SUPPORT_ONLY_AT_FDCWD): New macro.
* src/fileio.c (check_existing, check_executable, check_writable)
(Ffile_readable_p):
Use symbolic names instead of integers for the flags, as they're
portable now.
(check_writable): New arg AMODE. All uses changed.
Set errno on failure.
(Ffile_readable_p): Use faccessat, not stat + open + close.
(Ffile_writable_p): No need to call check_existing + check_writable.
Just call check_writable and then look at errno. This saves a syscall.
dir should never be nil; replace an unnecessary runtime check
with an eassert. When checking the parent directory of a nonexistent
file, check that the directory is searchable as well as writable, as
we can't create files in unsearchable directories.
(file_directory_p): New function, which uses 'stat' on most platforms
but faccessat with D_OK (for efficiency) if WINDOWSNT.
(Ffile_directory_p, Fset_file_times): Use it.
(file_accessible_directory_p): New function, which uses a single
syscall for efficiency.
(Ffile_accessible_directory_p): Use it.
* src/xrdb.c (file_p): Use file_directory_p.
* src/lisp.h (file_directory_p, file_accessible_directory_p): New decls.
* src/lread.c (openp): When opening a file, use fstat rather than
stat, as that avoids a permissions race. When not opening a file,
use file_directory_p rather than stat.
(dir_warning): First arg is now a usage string, not a format.
Use errno. All uses changed.
* src/nsterm.m (ns_term_init): Remove unnecessary call to file-readable
that merely introduced a race.
* src/process.c, src/sysdep.c, src/term.c: All uses of '#ifdef O_NONBLOCK'
changed to '#if O_NONBLOCK', to accommodate gnulib O_* style,
and similarly for the other O_* flags.
* src/w32.c (sys_faccessat): Rename from sys_access and switch to
faccessat's API. All uses changed.
* src/xrdb.c: Do not include <sys/stat.h>; no longer needed.
(magic_db): Rename from magic_file_p.
(magic_db, search_magic_path): Return an XrmDatabase rather than a
char *, so that we don't have to test for file existence
separately from opening the file for reading. This removes a race
fixes a permission-checking problem, and simplifies the code.
All uses changed.
(file_p): Remove; no longer needed.
Fixes: debbugs:12632
