bsd-cygwin_util.c revision 146998
1/* 2 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * 24 * Created: Sat Sep 02 12:17:00 2000 cv 25 * 26 * This file contains functions for forcing opened file descriptors to 27 * binary mode on Windows systems. 28 */ 29 30#include "includes.h" 31 32RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); 33 34#ifdef HAVE_CYGWIN 35 36#include <fcntl.h> 37#include <stdlib.h> 38#include <sys/utsname.h> 39#include <sys/vfs.h> 40#include <windows.h> 41#include "xmalloc.h" 42#define is_winnt (GetVersion() < 0x80000000) 43 44#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) 45#define ntsec_off(c) ((c) && strstr((c),"nontsec")) 46#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) 47 48#if defined(open) && open == binary_open 49# undef open 50#endif 51#if defined(pipe) && open == binary_pipe 52# undef pipe 53#endif 54 55int 56binary_open(const char *filename, int flags, ...) 57{ 58 va_list ap; 59 mode_t mode; 60 61 va_start(ap, flags); 62 mode = va_arg(ap, mode_t); 63 va_end(ap); 64 return (open(filename, flags | O_BINARY, mode)); 65} 66 67int 68binary_pipe(int fd[2]) 69{ 70 int ret = pipe(fd); 71 72 if (!ret) { 73 setmode(fd[0], O_BINARY); 74 setmode(fd[1], O_BINARY); 75 } 76 return (ret); 77} 78 79#define HAS_CREATE_TOKEN 1 80#define HAS_NTSEC_BY_DEFAULT 2 81#define HAS_CREATE_TOKEN_WO_NTSEC 3 82 83static int 84has_capability(int what) 85{ 86 static int inited; 87 static int has_create_token; 88 static int has_ntsec_by_default; 89 static int has_create_token_wo_ntsec; 90 91 /* 92 * has_capability() basically calls uname() and checks if 93 * specific capabilities of Cygwin can be evaluated from that. 94 * This simplifies the calling functions which only have to ask 95 * for a capability using has_capability() instead of having 96 * to figure that out by themselves. 97 */ 98 if (!inited) { 99 struct utsname uts; 100 101 if (!uname(&uts)) { 102 int major_high = 0, major_low = 0, minor = 0; 103 int api_major_version = 0, api_minor_version = 0; 104 char *c; 105 106 sscanf(uts.release, "%d.%d.%d", &major_high, 107 &major_low, &minor); 108 if ((c = strchr(uts.release, '(')) != NULL) { 109 sscanf(c + 1, "%d.%d", &api_major_version, 110 &api_minor_version); 111 } 112 if (major_high > 1 || 113 (major_high == 1 && (major_low > 3 || 114 (major_low == 3 && minor >= 2)))) 115 has_create_token = 1; 116 if (api_major_version > 0 || api_minor_version >= 56) 117 has_ntsec_by_default = 1; 118 if (major_high > 1 || 119 (major_high == 1 && major_low >= 5)) 120 has_create_token_wo_ntsec = 1; 121 inited = 1; 122 } 123 } 124 switch (what) { 125 case HAS_CREATE_TOKEN: 126 return (has_create_token); 127 case HAS_NTSEC_BY_DEFAULT: 128 return (has_ntsec_by_default); 129 case HAS_CREATE_TOKEN_WO_NTSEC: 130 return (has_create_token_wo_ntsec); 131 } 132 return (0); 133} 134 135int 136check_nt_auth(int pwd_authenticated, struct passwd *pw) 137{ 138 /* 139 * The only authentication which is able to change the user 140 * context on NT systems is the password authentication. So 141 * we deny all requsts for changing the user context if another 142 * authentication method is used. 143 * 144 * This doesn't apply to Cygwin versions >= 1.3.2 anymore which 145 * uses the undocumented NtCreateToken() call to create a user 146 * token if the process has the appropriate privileges and if 147 * CYGWIN ntsec setting is on. 148 */ 149 static int has_create_token = -1; 150 151 if (pw == NULL) 152 return 0; 153 if (is_winnt) { 154 if (has_create_token < 0) { 155 char *cygwin = getenv("CYGWIN"); 156 157 has_create_token = 0; 158 if (has_capability(HAS_CREATE_TOKEN) && 159 (ntsec_on(cygwin) || 160 (has_capability(HAS_NTSEC_BY_DEFAULT) && 161 !ntsec_off(cygwin)) || 162 has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) 163 has_create_token = 1; 164 } 165 if (has_create_token < 1 && 166 !pwd_authenticated && geteuid() != pw->pw_uid) 167 return (0); 168 } 169 return (1); 170} 171 172int 173check_ntsec(const char *filename) 174{ 175 char *cygwin; 176 int allow_ntea = 0, allow_ntsec = 0; 177 struct statfs fsstat; 178 179 /* Windows 95/98/ME don't support file system security at all. */ 180 if (!is_winnt) 181 return (0); 182 183 /* Evaluate current CYGWIN settings. */ 184 cygwin = getenv("CYGWIN"); 185 allow_ntea = ntea_on(cygwin); 186 allow_ntsec = ntsec_on(cygwin) || 187 (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin)); 188 189 /* 190 * `ntea' is an emulation of POSIX attributes. It doesn't support 191 * real file level security as ntsec on NTFS file systems does 192 * but it supports FAT filesystems. `ntea' is minimum requirement 193 * for security checks. 194 */ 195 if (allow_ntea) 196 return (1); 197 198 /* 199 * Retrieve file system flags. In Cygwin, file system flags are 200 * copied to f_type which has no meaning in Win32 itself. 201 */ 202 if (statfs(filename, &fsstat)) 203 return (1); 204 205 /* 206 * Only file systems supporting ACLs are able to set permissions. 207 * `ntsec' is the setting in Cygwin which switches using of NTFS 208 * ACLs to support POSIX permissions on files. 209 */ 210 if (fsstat.f_type & FS_PERSISTENT_ACLS) 211 return (allow_ntsec); 212 213 return (0); 214} 215 216void 217register_9x_service(void) 218{ 219 HINSTANCE kerneldll; 220 DWORD (*RegisterServiceProcess)(DWORD, DWORD); 221 222 /* The service register mechanism in 9x/Me is pretty different from 223 * NT/2K/XP. In NT/2K/XP we're using a special service starter 224 * application to register and control sshd as service. This method 225 * doesn't play nicely with 9x/Me. For that reason we register here 226 * as service when running under 9x/Me. This function is only called 227 * by the child sshd when it's going to daemonize. 228 */ 229 if (is_winnt) 230 return; 231 if (!(kerneldll = LoadLibrary("KERNEL32.DLL"))) 232 return; 233 if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD)) 234 GetProcAddress(kerneldll, "RegisterServiceProcess"))) 235 return; 236 RegisterServiceProcess(0, 1); 237} 238 239#define NL(x) x, (sizeof (x) - 1) 240#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) 241 242static struct wenv { 243 const char *name; 244 size_t namelen; 245} wenv_arr[] = { 246 { NL("ALLUSERSPROFILE=") }, 247 { NL("COMMONPROGRAMFILES=") }, 248 { NL("COMPUTERNAME=") }, 249 { NL("COMSPEC=") }, 250 { NL("NUMBER_OF_PROCESSORS=") }, 251 { NL("OS=") }, 252 { NL("PATH=") }, 253 { NL("PATHEXT=") }, 254 { NL("PROCESSOR_ARCHITECTURE=") }, 255 { NL("PROCESSOR_IDENTIFIER=") }, 256 { NL("PROCESSOR_LEVEL=") }, 257 { NL("PROCESSOR_REVISION=") }, 258 { NL("PROGRAMFILES=") }, 259 { NL("SYSTEMDRIVE=") }, 260 { NL("SYSTEMROOT=") }, 261 { NL("TMP=") }, 262 { NL("TEMP=") }, 263 { NL("WINDIR=") }, 264}; 265 266char ** 267fetch_windows_environment(void) 268{ 269 char **e, **p; 270 int i, idx = 0; 271 272 p = xmalloc(WENV_SIZ * sizeof(char *)); 273 for (e = environ; *e != NULL; ++e) { 274 for (i = 0; i < WENV_SIZ; ++i) { 275 if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) 276 p[idx++] = *e; 277 } 278 } 279 p[idx] = NULL; 280 return p; 281} 282 283void 284free_windows_environment(char **p) 285{ 286 xfree(p); 287} 288 289#endif /* HAVE_CYGWIN */ 290