[openssh.git] / openbsd-compat / bsd-cygwin_util.c

/*
 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Created: Sat Sep 02 12:17:00 2000 cv
 *
 * This file contains functions for forcing opened file descriptors to
 * binary mode on Windows systems.
 */

#include "includes.h"

RCSID("$Id$");

#ifdef HAVE_CYGWIN

#include <fcntl.h>
#include <stdlib.h>
#include <sys/utsname.h>
#include <sys/vfs.h>
#include <windows.h>
#define is_winnt       (GetVersion() < 0x80000000)

#define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntsec_off(c)	((c) && strstr((c),"nontsec"))
#define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))

#if defined(open) && open == binary_open
# undef open
#endif
#if defined(pipe) && open == binary_pipe
# undef pipe
#endif

int 
binary_open(const char *filename, int flags, ...)
{
	va_list ap;
	mode_t mode;
	
	va_start(ap, flags);
	mode = va_arg(ap, mode_t);
	va_end(ap);
	return (open(filename, flags | O_BINARY, mode));
}

int 
binary_pipe(int fd[2])
{
	int ret = pipe(fd);

	if (!ret) {
		setmode(fd[0], O_BINARY);
		setmode(fd[1], O_BINARY);
	}
	return (ret);
}

#define HAS_CREATE_TOKEN 1
#define HAS_NTSEC_BY_DEFAULT 2
#define HAS_CREATE_TOKEN_WO_NTSEC 3

static int 
has_capability(int what)
{
	static int inited;
	static int has_create_token;
	static int has_ntsec_by_default;
	static int has_create_token_wo_ntsec;

	/* 
	 * has_capability() basically calls uname() and checks if
	 * specific capabilities of Cygwin can be evaluated from that.
	 * This simplifies the calling functions which only have to ask
	 * for a capability using has_capability() instead of having
	 * to figure that out by themselves.
	 */
	if (!inited) {
		struct utsname uts;
		char *c;
		
		if (!uname(&uts)) {
			int major_high = 0, major_low = 0, minor = 0;
			int api_major_version = 0, api_minor_version = 0;
			char *c;

			sscanf(uts.release, "%d.%d.%d", &major_high,
			    &major_low, &minor);
			if ((c = strchr(uts.release, '(')) != NULL) {
				sscanf(c + 1, "%d.%d", &api_major_version,
				    &api_minor_version);
			}
			if (major_high > 1 ||
			    (major_high == 1 && (major_low > 3 ||
			    (major_low == 3 && minor >= 2))))
				has_create_token = 1;
			if (api_major_version > 0 || api_minor_version >= 56)
				has_ntsec_by_default = 1;
			if (major_high > 1 ||
			    (major_high == 1 && major_low >= 5))
				has_create_token_wo_ntsec = 1;
			inited = 1;
		}
	}
	switch (what) {
	case HAS_CREATE_TOKEN:
		return (has_create_token);
	case HAS_NTSEC_BY_DEFAULT:
		return (has_ntsec_by_default);
	case HAS_CREATE_TOKEN_WO_NTSEC:
		return (has_create_token_wo_ntsec);
	}
	return (0);
}

int
check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
	/*
	* The only authentication which is able to change the user
	* context on NT systems is the password authentication. So
	* we deny all requsts for changing the user context if another
	* authentication method is used.
	*
	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
	* uses the undocumented NtCreateToken() call to create a user
	* token if the process has the appropriate privileges and if
	* CYGWIN ntsec setting is on.
	*/
	static int has_create_token = -1;

	if (pw == NULL)
		return 0;
	if (is_winnt) {
		if (has_create_token < 0) {
			char *cygwin = getenv("CYGWIN");

			has_create_token = 0;
			if (has_capability(HAS_CREATE_TOKEN) &&
			    (ntsec_on(cygwin) ||
			    (has_capability(HAS_NTSEC_BY_DEFAULT) &&
			     !ntsec_off(cygwin)) ||
			     has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
				has_create_token = 1;
		}
		if (has_create_token < 1 &&
		    !pwd_authenticated && geteuid() != pw->pw_uid)
			return (0);
	}
	return (1);
}

int
check_ntsec(const char *filename)
{
	char *cygwin;
	int allow_ntea = 0, allow_ntsec = 0;
	struct statfs fsstat;

	/* Windows 95/98/ME don't support file system security at all. */
	if (!is_winnt)
		return (0);

	/* Evaluate current CYGWIN settings. */
	cygwin = getenv("CYGWIN");
	allow_ntea = ntea_on(cygwin);
	allow_ntsec = ntsec_on(cygwin) ||
	    (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));

	/*
	 * `ntea' is an emulation of POSIX attributes. It doesn't support
	 * real file level security as ntsec on NTFS file systems does
	 * but it supports FAT filesystems. `ntea' is minimum requirement
	 * for security checks.
	 */
	if (allow_ntea)
		return (1);

	/*
	 * Retrieve file system flags. In Cygwin, file system flags are
	 * copied to f_type which has no meaning in Win32 itself.
	 */
	if (statfs(filename, &fsstat))
		return (1);

	/*
	 * Only file systems supporting ACLs are able to set permissions.
	 * `ntsec' is the setting in Cygwin which switches using of NTFS
	 * ACLs to support POSIX permissions on files.
	 */
	if (fsstat.f_type & FS_PERSISTENT_ACLS)
		return (allow_ntsec);

	return (0);
}

void
register_9x_service(void)
{
        HINSTANCE kerneldll;
        DWORD (*RegisterServiceProcess)(DWORD, DWORD);

	/* The service register mechanism in 9x/Me is pretty different from
	 * NT/2K/XP.  In NT/2K/XP we're using a special service starter
	 * application to register and control sshd as service.  This method
	 * doesn't play nicely with 9x/Me.  For that reason we register here
	 * as service when running under 9x/Me.  This function is only called
	 * by the child sshd when it's going to daemonize.
	 */
	if (is_winnt)
		return;
	if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
		return;
	if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
		GetProcAddress(kerneldll, "RegisterServiceProcess")))
		return;
	RegisterServiceProcess(0, 1);
}

#endif /* HAVE_CYGWIN */
Commit	Line	Data
3c62e7eb	1	/*
4e51cc76	2	* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
3c62e7eb	12	*
4e51cc76	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3c62e7eb	23	*
	24	* Created: Sat Sep 02 12:17:00 2000 cv
	25	*
	26	* This file contains functions for forcing opened file descriptors to
	27	* binary mode on Windows systems.
	28	*/
	29
0b202697	30	#include "includes.h"
	31
	32	RCSID("$Id$");
3c62e7eb	33
3c62e7eb	34	#ifdef HAVE_CYGWIN
2f125ca1	35
3c62e7eb	36	#include <fcntl.h>
9cd45ea4	37	#include <stdlib.h>
31fb6aaf	38	#include <sys/utsname.h>
9cd45ea4	39	#include <sys/vfs.h>
	40	#include <windows.h>
	41	#define is_winnt (GetVersion() < 0x80000000)
3c62e7eb	42
31fb6aaf	43	#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
f00addc9	44	#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
31fb6aaf	45	#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
31fb6aaf	46
58e7f038	47	#if defined(open) && open == binary_open
	48	# undef open
	49	#endif
	50	#if defined(pipe) && open == binary_pipe
	51	# undef pipe
	52	#endif
	53
9901cb37	54	int
9901cb37	55	binary_open(const char *filename, int flags, ...)
3c62e7eb	56	{
58e7f038	57	va_list ap;
	58	mode_t mode;
	59
	60	va_start(ap, flags);
	61	mode = va_arg(ap, mode_t);
	62	va_end(ap);
9901cb37	63	return (open(filename, flags \| O_BINARY, mode));
3c62e7eb	64	}
3c62e7eb	65
9901cb37	66	int
9901cb37	67	binary_pipe(int fd[2])
3c62e7eb	68	{
2f125ca1	69	int ret = pipe(fd);
	70
	71	if (!ret) {
9901cb37	72	setmode(fd[0], O_BINARY);
9901cb37	73	setmode(fd[1], O_BINARY);
2f125ca1	74	}
9901cb37	75	return (ret);
9cd45ea4	76	}
9cd45ea4	77
f00addc9	78	#define HAS_CREATE_TOKEN 1
f00addc9	79	#define HAS_NTSEC_BY_DEFAULT 2
917ee1d2	80	#define HAS_CREATE_TOKEN_WO_NTSEC 3
f00addc9	81
9901cb37	82	static int
9901cb37	83	has_capability(int what)
f00addc9	84	{
f00addc9	85	static int inited;
	86	static int has_create_token;
	87	static int has_ntsec_by_default;
917ee1d2	88	static int has_create_token_wo_ntsec;
f00addc9	89
9901cb37	90	/*
	91	* has_capability() basically calls uname() and checks if
	92	* specific capabilities of Cygwin can be evaluated from that.
	93	* This simplifies the calling functions which only have to ask
	94	* for a capability using has_capability() instead of having
	95	* to figure that out by themselves.
	96	*/
f00addc9	97	if (!inited) {
	98	struct utsname uts;
	99	char *c;
	100
	101	if (!uname(&uts)) {
9901cb37	102	int major_high = 0, major_low = 0, minor = 0;
9901cb37	103	int api_major_version = 0, api_minor_version = 0;
f00addc9	104	char *c;
	105
	106	sscanf(uts.release, "%d.%d.%d", &major_high,
9901cb37	107	&major_low, &minor);
9901cb37	108	if ((c = strchr(uts.release, '(')) != NULL) {
f00addc9	109	sscanf(c + 1, "%d.%d", &api_major_version,
9901cb37	110	&api_minor_version);
9901cb37	111	}
f00addc9	112	if (major_high > 1 \|\|
f00addc9	113	(major_high == 1 && (major_low > 3 \|\|
9901cb37	114	(major_low == 3 && minor >= 2))))
f00addc9	115	has_create_token = 1;
	116	if (api_major_version > 0 \|\| api_minor_version >= 56)
	117	has_ntsec_by_default = 1;
917ee1d2	118	if (major_high > 1 \|\|
	119	(major_high == 1 && major_low >= 5))
	120	has_create_token_wo_ntsec = 1;
f00addc9	121	inited = 1;
	122	}
	123	}
	124	switch (what) {
	125	case HAS_CREATE_TOKEN:
9901cb37	126	return (has_create_token);
f00addc9	127	case HAS_NTSEC_BY_DEFAULT:
9901cb37	128	return (has_ntsec_by_default);
917ee1d2	129	case HAS_CREATE_TOKEN_WO_NTSEC:
917ee1d2	130	return (has_create_token_wo_ntsec);
f00addc9	131	}
9901cb37	132	return (0);
f00addc9	133	}
f00addc9	134
9901cb37	135	int
9901cb37	136	check_nt_auth(int pwd_authenticated, struct passwd *pw)
9cd45ea4	137	{
9cd45ea4	138	/*
2f125ca1	139	* The only authentication which is able to change the user
	140	* context on NT systems is the password authentication. So
	141	* we deny all requsts for changing the user context if another
	142	* authentication method is used.
31fb6aaf	143	*
	144	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
	145	* uses the undocumented NtCreateToken() call to create a user
	146	* token if the process has the appropriate privileges and if
	147	* CYGWIN ntsec setting is on.
2f125ca1	148	*/
31fb6aaf	149	static int has_create_token = -1;
31fb6aaf	150
e9571a2c	151	if (pw == NULL)
e9571a2c	152	return 0;
31fb6aaf	153	if (is_winnt) {
31fb6aaf	154	if (has_create_token < 0) {
31fb6aaf	155	char *cygwin = getenv("CYGWIN");
	156
	157	has_create_token = 0;
f00addc9	158	if (has_capability(HAS_CREATE_TOKEN) &&
f00addc9	159	(ntsec_on(cygwin) \|\|
9901cb37	160	(has_capability(HAS_NTSEC_BY_DEFAULT) &&
917ee1d2	161	!ntsec_off(cygwin)) \|\|
917ee1d2	162	has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
f00addc9	163	has_create_token = 1;
31fb6aaf	164	}
31fb6aaf	165	if (has_create_token < 1 &&
e9571a2c	166	!pwd_authenticated && geteuid() != pw->pw_uid)
9901cb37	167	return (0);
31fb6aaf	168	}
9901cb37	169	return (1);
9cd45ea4	170	}
9cd45ea4	171
9901cb37	172	int
9901cb37	173	check_ntsec(const char *filename)
9cd45ea4	174	{
9cd45ea4	175	char *cygwin;
9901cb37	176	int allow_ntea = 0, allow_ntsec = 0;
9cd45ea4	177	struct statfs fsstat;
	178
	179	/* Windows 95/98/ME don't support file system security at all. */
	180	if (!is_winnt)
9901cb37	181	return (0);
9cd45ea4	182
9cd45ea4	183	/* Evaluate current CYGWIN settings. */
31fb6aaf	184	cygwin = getenv("CYGWIN");
31fb6aaf	185	allow_ntea = ntea_on(cygwin);
f00addc9	186	allow_ntsec = ntsec_on(cygwin) \|\|
9901cb37	187	(has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
9cd45ea4	188
	189	/*
	190	* `ntea' is an emulation of POSIX attributes. It doesn't support
	191	* real file level security as ntsec on NTFS file systems does
	192	* but it supports FAT filesystems. `ntea' is minimum requirement
	193	* for security checks.
	194	*/
	195	if (allow_ntea)
9901cb37	196	return (1);
9cd45ea4	197
	198	/*
	199	* Retrieve file system flags. In Cygwin, file system flags are
	200	* copied to f_type which has no meaning in Win32 itself.
	201	*/
	202	if (statfs(filename, &fsstat))
9901cb37	203	return (1);
9cd45ea4	204
	205	/*
	206	* Only file systems supporting ACLs are able to set permissions.
	207	* `ntsec' is the setting in Cygwin which switches using of NTFS
	208	* ACLs to support POSIX permissions on files.
	209	*/
	210	if (fsstat.f_type & FS_PERSISTENT_ACLS)
9901cb37	211	return (allow_ntsec);
9cd45ea4	212
9901cb37	213	return (0);
3c62e7eb	214	}
2f125ca1	215
9901cb37	216	void
9901cb37	217	register_9x_service(void)
ffb8d130	218	{
	219	HINSTANCE kerneldll;
	220	DWORD (*RegisterServiceProcess)(DWORD, DWORD);
	221
	222	/* The service register mechanism in 9x/Me is pretty different from
	223	* NT/2K/XP. In NT/2K/XP we're using a special service starter
	224	* application to register and control sshd as service. This method
	225	* doesn't play nicely with 9x/Me. For that reason we register here
	226	* as service when running under 9x/Me. This function is only called
	227	* by the child sshd when it's going to daemonize.
	228	*/
	229	if (is_winnt)
	230	return;
9901cb37	231	if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
ffb8d130	232	return;
9901cb37	233	if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
9901cb37	234	GetProcAddress(kerneldll, "RegisterServiceProcess")))
ffb8d130	235	return;
	236	RegisterServiceProcess(0, 1);
	237	}
	238
2f125ca1	239	#endif /* HAVE_CYGWIN */