[gssapi-openssh.git] / openssh / openbsd-compat / bsd-cygwin_util.c

/*
 * cygwin_util.c
 *
 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Created: Sat Sep 02 12:17:00 2000 cv
 *
 * This file contains functions for forcing opened file descriptors to
 * binary mode on Windows systems.
 */

#include "includes.h"

RCSID("$Id$");

#ifdef HAVE_CYGWIN

#include <fcntl.h>
#include <stdlib.h>
#include <sys/utsname.h>
#include <sys/vfs.h>
#include <windows.h>
#define is_winnt       (GetVersion() < 0x80000000)

#define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))

#if defined(open) && open == binary_open
# undef open
#endif
#if defined(pipe) && open == binary_pipe
# undef pipe
#endif

int binary_open(const char *filename, int flags, ...)
{
	va_list ap;
	mode_t mode;
	
	va_start(ap, flags);
	mode = va_arg(ap, mode_t);
	va_end(ap);
	return open(filename, flags | O_BINARY, mode);
}

int binary_pipe(int fd[2])
{
	int ret = pipe(fd);

	if (!ret) {
		setmode (fd[0], O_BINARY);
		setmode (fd[1], O_BINARY);
	}
	return ret;
}

int check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
	/*
	* The only authentication which is able to change the user
	* context on NT systems is the password authentication. So
	* we deny all requsts for changing the user context if another
	* authentication method is used.
	*
	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
	* uses the undocumented NtCreateToken() call to create a user
	* token if the process has the appropriate privileges and if
	* CYGWIN ntsec setting is on.
	*/
	static int has_create_token = -1;

	if (pw == NULL)
		return 0;
	if (is_winnt) {
		if (has_create_token < 0) {
			struct utsname uts;
		        int major_high = 0, major_low = 0, minor = 0;
			char *cygwin = getenv("CYGWIN");

			has_create_token = 0;
			if (ntsec_on(cygwin) && !uname(&uts)) {
				sscanf(uts.release, "%d.%d.%d",
				       &major_high, &major_low, &minor);
				if (major_high > 1 ||
				    (major_high == 1 && (major_low > 3 ||
				     (major_low == 3 && minor >= 2))))
					has_create_token = 1;
			}
		}
		if (has_create_token < 1 &&
		    !pwd_authenticated && geteuid() != pw->pw_uid)
			return 0;
	}
	return 1;
}

int check_ntsec(const char *filename)
{
	char *cygwin;
	int allow_ntea = 0;
	int allow_ntsec = 0;
	struct statfs fsstat;

	/* Windows 95/98/ME don't support file system security at all. */
	if (!is_winnt)
		return 0;

	/* Evaluate current CYGWIN settings. */
	cygwin = getenv("CYGWIN");
	allow_ntea = ntea_on(cygwin);
	allow_ntsec = ntsec_on(cygwin);

	/*
	 * `ntea' is an emulation of POSIX attributes. It doesn't support
	 * real file level security as ntsec on NTFS file systems does
	 * but it supports FAT filesystems. `ntea' is minimum requirement
	 * for security checks.
	 */
	if (allow_ntea)
		return 1;

	/*
	 * Retrieve file system flags. In Cygwin, file system flags are
	 * copied to f_type which has no meaning in Win32 itself.
	 */
	if (statfs(filename, &fsstat))
		return 1;

	/*
	 * Only file systems supporting ACLs are able to set permissions.
	 * `ntsec' is the setting in Cygwin which switches using of NTFS
	 * ACLs to support POSIX permissions on files.
	 */
	if (fsstat.f_type & FS_PERSISTENT_ACLS)
		return allow_ntsec;

	return 0;
}

void register_9x_service(void)
{
        HINSTANCE kerneldll;
        DWORD (*RegisterServiceProcess)(DWORD, DWORD);

	/* The service register mechanism in 9x/Me is pretty different from
	 * NT/2K/XP.  In NT/2K/XP we're using a special service starter
	 * application to register and control sshd as service.  This method
	 * doesn't play nicely with 9x/Me.  For that reason we register here
	 * as service when running under 9x/Me.  This function is only called
	 * by the child sshd when it's going to daemonize.
	 */
	if (is_winnt)
		return;
	if (! (kerneldll = LoadLibrary("KERNEL32.DLL")))
		return;
	if (! (RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
			  GetProcAddress(kerneldll, "RegisterServiceProcess")))
		return;
	RegisterServiceProcess(0, 1);
}

#endif /* HAVE_CYGWIN */
Commit	Line	Data
3c0ef626	1	/*
3c0ef626	2	* cygwin_util.c
3c0ef626	3	*
700318f3	4	* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
3c0ef626	14	*
700318f3	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3c0ef626	25	*
	26	* Created: Sat Sep 02 12:17:00 2000 cv
	27	*
	28	* This file contains functions for forcing opened file descriptors to
	29	* binary mode on Windows systems.
	30	*/
	31
	32	#include "includes.h"
	33
	34	RCSID("$Id$");
	35
	36	#ifdef HAVE_CYGWIN
	37
	38	#include <fcntl.h>
	39	#include <stdlib.h>
	40	#include <sys/utsname.h>
	41	#include <sys/vfs.h>
	42	#include <windows.h>
	43	#define is_winnt (GetVersion() < 0x80000000)
	44
	45	#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
	46	#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
	47
	48	#if defined(open) && open == binary_open
	49	# undef open
	50	#endif
	51	#if defined(pipe) && open == binary_pipe
	52	# undef pipe
	53	#endif
	54
	55	int binary_open(const char *filename, int flags, ...)
	56	{
	57	va_list ap;
	58	mode_t mode;
	59
	60	va_start(ap, flags);
	61	mode = va_arg(ap, mode_t);
	62	va_end(ap);
	63	return open(filename, flags \| O_BINARY, mode);
	64	}
	65
	66	int binary_pipe(int fd[2])
	67	{
	68	int ret = pipe(fd);
	69
	70	if (!ret) {
	71	setmode (fd[0], O_BINARY);
	72	setmode (fd[1], O_BINARY);
	73	}
	74	return ret;
	75	}
	76
e9a17296	77	int check_nt_auth(int pwd_authenticated, struct passwd *pw)
3c0ef626	78	{
	79	/*
	80	* The only authentication which is able to change the user
	81	* context on NT systems is the password authentication. So
	82	* we deny all requsts for changing the user context if another
	83	* authentication method is used.
	84	*
	85	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
	86	* uses the undocumented NtCreateToken() call to create a user
	87	* token if the process has the appropriate privileges and if
	88	* CYGWIN ntsec setting is on.
	89	*/
	90	static int has_create_token = -1;
	91
e9a17296	92	if (pw == NULL)
e9a17296	93	return 0;
3c0ef626	94	if (is_winnt) {
	95	if (has_create_token < 0) {
	96	struct utsname uts;
	97	int major_high = 0, major_low = 0, minor = 0;
	98	char *cygwin = getenv("CYGWIN");
	99
	100	has_create_token = 0;
	101	if (ntsec_on(cygwin) && !uname(&uts)) {
	102	sscanf(uts.release, "%d.%d.%d",
	103	&major_high, &major_low, &minor);
	104	if (major_high > 1 \|\|
	105	(major_high == 1 && (major_low > 3 \|\|
	106	(major_low == 3 && minor >= 2))))
	107	has_create_token = 1;
	108	}
	109	}
	110	if (has_create_token < 1 &&
e9a17296	111	!pwd_authenticated && geteuid() != pw->pw_uid)
3c0ef626	112	return 0;
	113	}
	114	return 1;
	115	}
	116
	117	int check_ntsec(const char *filename)
	118	{
	119	char *cygwin;
	120	int allow_ntea = 0;
	121	int allow_ntsec = 0;
	122	struct statfs fsstat;
	123
	124	/* Windows 95/98/ME don't support file system security at all. */
	125	if (!is_winnt)
	126	return 0;
	127
	128	/* Evaluate current CYGWIN settings. */
	129	cygwin = getenv("CYGWIN");
	130	allow_ntea = ntea_on(cygwin);
	131	allow_ntsec = ntsec_on(cygwin);
	132
	133	/*
	134	* `ntea' is an emulation of POSIX attributes. It doesn't support
	135	* real file level security as ntsec on NTFS file systems does
	136	* but it supports FAT filesystems. `ntea' is minimum requirement
	137	* for security checks.
	138	*/
	139	if (allow_ntea)
	140	return 1;
	141
	142	/*
	143	* Retrieve file system flags. In Cygwin, file system flags are
	144	* copied to f_type which has no meaning in Win32 itself.
	145	*/
	146	if (statfs(filename, &fsstat))
	147	return 1;
	148
	149	/*
	150	* Only file systems supporting ACLs are able to set permissions.
	151	* `ntsec' is the setting in Cygwin which switches using of NTFS
	152	* ACLs to support POSIX permissions on files.
	153	*/
	154	if (fsstat.f_type & FS_PERSISTENT_ACLS)
	155	return allow_ntsec;
	156
	157	return 0;
	158	}
	159
e9a17296	160	void register_9x_service(void)
	161	{
	162	HINSTANCE kerneldll;
	163	DWORD (*RegisterServiceProcess)(DWORD, DWORD);
	164
	165	/* The service register mechanism in 9x/Me is pretty different from
	166	* NT/2K/XP. In NT/2K/XP we're using a special service starter
	167	* application to register and control sshd as service. This method
	168	* doesn't play nicely with 9x/Me. For that reason we register here
	169	* as service when running under 9x/Me. This function is only called
	170	* by the child sshd when it's going to daemonize.
	171	*/
	172	if (is_winnt)
	173	return;
	174	if (! (kerneldll = LoadLibrary("KERNEL32.DLL")))
	175	return;
	176	if (! (RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
	177	GetProcAddress(kerneldll, "RegisterServiceProcess")))
	178	return;
	179	RegisterServiceProcess(0, 1);
	180	}
	181
3c0ef626	182	#endif /* HAVE_CYGWIN */