1 /* 2 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * 24 * Created: Sat Sep 02 12:17:00 2000 cv 25 * 26 * This file contains functions for forcing opened file descriptors to 27 * binary mode on Windows systems. 28 */ 29 30 #include "includes.h" 31 32 #ifdef HAVE_CYGWIN 33 34 #if defined(open) && open == binary_open 35 # undef open 36 #endif 37 #if defined(pipe) && open == binary_pipe 38 # undef pipe 39 #endif 40 41 #include <sys/types.h> 42 #include <sys/stat.h> 43 #include <sys/utsname.h> 44 #include <sys/vfs.h> 45 46 #include <fcntl.h> 47 #include <stdlib.h> 48 #include <unistd.h> 49 #include <windows.h> 50 51 #include "xmalloc.h" 52 #define is_winnt (GetVersion() < 0x80000000) 53 54 #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) 55 #define ntsec_off(c) ((c) && strstr((c),"nontsec")) 56 #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) 57 58 int 59 binary_open(const char *filename, int flags, ...) 60 { 61 va_list ap; 62 mode_t mode; 63 64 va_start(ap, flags); 65 mode = va_arg(ap, mode_t); 66 va_end(ap); 67 return (open(filename, flags | O_BINARY, mode)); 68 } 69 70 int 71 binary_pipe(int fd[2]) 72 { 73 int ret = pipe(fd); 74 75 if (!ret) { 76 setmode(fd[0], O_BINARY); 77 setmode(fd[1], O_BINARY); 78 } 79 return (ret); 80 } 81 82 #define HAS_CREATE_TOKEN 1 83 #define HAS_NTSEC_BY_DEFAULT 2 84 #define HAS_CREATE_TOKEN_WO_NTSEC 3 85 86 static int 87 has_capability(int what) 88 { 89 static int inited; 90 static int has_create_token; 91 static int has_ntsec_by_default; 92 static int has_create_token_wo_ntsec; 93 94 /* 95 * has_capability() basically calls uname() and checks if 96 * specific capabilities of Cygwin can be evaluated from that. 97 * This simplifies the calling functions which only have to ask 98 * for a capability using has_capability() instead of having 99 * to figure that out by themselves. 100 */ 101 if (!inited) { 102 struct utsname uts; 103 104 if (!uname(&uts)) { 105 int major_high = 0, major_low = 0, minor = 0; 106 int api_major_version = 0, api_minor_version = 0; 107 char *c; 108 109 sscanf(uts.release, "%d.%d.%d", &major_high, 110 &major_low, &minor); 111 if ((c = strchr(uts.release, '(')) != NULL) { 112 sscanf(c + 1, "%d.%d", &api_major_version, 113 &api_minor_version); 114 } 115 if (major_high > 1 || 116 (major_high == 1 && (major_low > 3 || 117 (major_low == 3 && minor >= 2)))) 118 has_create_token = 1; 119 if (api_major_version > 0 || api_minor_version >= 56) 120 has_ntsec_by_default = 1; 121 if (major_high > 1 || 122 (major_high == 1 && major_low >= 5)) 123 has_create_token_wo_ntsec = 1; 124 inited = 1; 125 } 126 } 127 switch (what) { 128 case HAS_CREATE_TOKEN: 129 return (has_create_token); 130 case HAS_NTSEC_BY_DEFAULT: 131 return (has_ntsec_by_default); 132 case HAS_CREATE_TOKEN_WO_NTSEC: 133 return (has_create_token_wo_ntsec); 134 } 135 return (0); 136 } 137 138 int 139 check_nt_auth(int pwd_authenticated, struct passwd *pw) 140 { 141 /* 142 * The only authentication which is able to change the user 143 * context on NT systems is the password authentication. So 144 * we deny all requsts for changing the user context if another 145 * authentication method is used. 146 * 147 * This doesn't apply to Cygwin versions >= 1.3.2 anymore which 148 * uses the undocumented NtCreateToken() call to create a user 149 * token if the process has the appropriate privileges and if 150 * CYGWIN ntsec setting is on. 151 */ 152 static int has_create_token = -1; 153 154 if (pw == NULL) 155 return 0; 156 if (is_winnt) { 157 if (has_create_token < 0) { 158 char *cygwin = getenv("CYGWIN"); 159 160 has_create_token = 0; 161 if (has_capability(HAS_CREATE_TOKEN) && 162 (ntsec_on(cygwin) || 163 (has_capability(HAS_NTSEC_BY_DEFAULT) && 164 !ntsec_off(cygwin)) || 165 has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) 166 has_create_token = 1; 167 } 168 if (has_create_token < 1 && 169 !pwd_authenticated && geteuid() != pw->pw_uid) 170 return (0); 171 } 172 return (1); 173 } 174 175 int 176 check_ntsec(const char *filename) 177 { 178 return (pathconf(filename, _PC_POSIX_PERMISSIONS)); 179 } 180 181 void 182 register_9x_service(void) 183 { 184 HINSTANCE kerneldll; 185 DWORD (*RegisterServiceProcess)(DWORD, DWORD); 186 187 /* The service register mechanism in 9x/Me is pretty different from 188 * NT/2K/XP. In NT/2K/XP we're using a special service starter 189 * application to register and control sshd as service. This method 190 * doesn't play nicely with 9x/Me. For that reason we register here 191 * as service when running under 9x/Me. This function is only called 192 * by the child sshd when it's going to daemonize. 193 */ 194 if (is_winnt) 195 return; 196 if (!(kerneldll = LoadLibrary("KERNEL32.DLL"))) 197 return; 198 if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD)) 199 GetProcAddress(kerneldll, "RegisterServiceProcess"))) 200 return; 201 RegisterServiceProcess(0, 1); 202 } 203 204 #define NL(x) x, (sizeof (x) - 1) 205 #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) 206 207 static struct wenv { 208 const char *name; 209 size_t namelen; 210 } wenv_arr[] = { 211 { NL("ALLUSERSPROFILE=") }, 212 { NL("COMMONPROGRAMFILES=") }, 213 { NL("COMPUTERNAME=") }, 214 { NL("COMSPEC=") }, 215 { NL("CYGWIN=") }, 216 { NL("NUMBER_OF_PROCESSORS=") }, 217 { NL("OS=") }, 218 { NL("PATH=") }, 219 { NL("PATHEXT=") }, 220 { NL("PROCESSOR_ARCHITECTURE=") }, 221 { NL("PROCESSOR_IDENTIFIER=") }, 222 { NL("PROCESSOR_LEVEL=") }, 223 { NL("PROCESSOR_REVISION=") }, 224 { NL("PROGRAMFILES=") }, 225 { NL("SYSTEMDRIVE=") }, 226 { NL("SYSTEMROOT=") }, 227 { NL("TMP=") }, 228 { NL("TEMP=") }, 229 { NL("WINDIR=") } 230 }; 231 232 char ** 233 fetch_windows_environment(void) 234 { 235 char **e, **p; 236 unsigned int i, idx = 0; 237 238 p = xcalloc(WENV_SIZ + 1, sizeof(char *)); 239 for (e = environ; *e != NULL; ++e) { 240 for (i = 0; i < WENV_SIZ; ++i) { 241 if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) 242 p[idx++] = *e; 243 } 244 } 245 p[idx] = NULL; 246 return p; 247 } 248 249 void 250 free_windows_environment(char **p) 251 { 252 xfree(p); 253 } 254 255 #endif /* HAVE_CYGWIN */ 256