xref: /freebsd/crypto/openssh/openbsd-compat/bsd-cygwin_util.c (revision 6b3455a7665208c366849f0b2b3bc916fb97516e) 
1 /*
2  * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23  *
24  * Created: Sat Sep 02 12:17:00 2000 cv
25  *
26  * This file contains functions for forcing opened file descriptors to
27  * binary mode on Windows systems.
28  */
29 
30 #include "includes.h"
31 
32 RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $");
33 
34 #ifdef HAVE_CYGWIN
35 
36 #include <fcntl.h>
37 #include <stdlib.h>
38 #include <sys/utsname.h>
39 #include <sys/vfs.h>
40 #include <windows.h>
41 #define is_winnt       (GetVersion() < 0x80000000)
42 
43 #define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
44 #define ntsec_off(c)	((c) && strstr((c),"nontsec"))
45 #define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
46 
47 #if defined(open) && open == binary_open
48 # undef open
49 #endif
50 #if defined(pipe) && open == binary_pipe
51 # undef pipe
52 #endif
53 
54 int
55 binary_open(const char *filename, int flags, ...)
56 {
57 	va_list ap;
58 	mode_t mode;
59 
60 	va_start(ap, flags);
61 	mode = va_arg(ap, mode_t);
62 	va_end(ap);
63 	return (open(filename, flags | O_BINARY, mode));
64 }
65 
66 int
67 binary_pipe(int fd[2])
68 {
69 	int ret = pipe(fd);
70 
71 	if (!ret) {
72 		setmode(fd[0], O_BINARY);
73 		setmode(fd[1], O_BINARY);
74 	}
75 	return (ret);
76 }
77 
78 #define HAS_CREATE_TOKEN 1
79 #define HAS_NTSEC_BY_DEFAULT 2
80 #define HAS_CREATE_TOKEN_WO_NTSEC 3
81 
82 static int
83 has_capability(int what)
84 {
85 	static int inited;
86 	static int has_create_token;
87 	static int has_ntsec_by_default;
88 	static int has_create_token_wo_ntsec;
89 
90 	/*
91 	 * has_capability() basically calls uname() and checks if
92 	 * specific capabilities of Cygwin can be evaluated from that.
93 	 * This simplifies the calling functions which only have to ask
94 	 * for a capability using has_capability() instead of having
95 	 * to figure that out by themselves.
96 	 */
97 	if (!inited) {
98 		struct utsname uts;
99 		char *c;
100 
101 		if (!uname(&uts)) {
102 			int major_high = 0, major_low = 0, minor = 0;
103 			int api_major_version = 0, api_minor_version = 0;
104 			char *c;
105 
106 			sscanf(uts.release, "%d.%d.%d", &major_high,
107 			    &major_low, &minor);
108 			if ((c = strchr(uts.release, '(')) != NULL) {
109 				sscanf(c + 1, "%d.%d", &api_major_version,
110 				    &api_minor_version);
111 			}
112 			if (major_high > 1 ||
113 			    (major_high == 1 && (major_low > 3 ||
114 			    (major_low == 3 && minor >= 2))))
115 				has_create_token = 1;
116 			if (api_major_version > 0 || api_minor_version >= 56)
117 				has_ntsec_by_default = 1;
118 			if (major_high > 1 ||
119 			    (major_high == 1 && major_low >= 5))
120 				has_create_token_wo_ntsec = 1;
121 			inited = 1;
122 		}
123 	}
124 	switch (what) {
125 	case HAS_CREATE_TOKEN:
126 		return (has_create_token);
127 	case HAS_NTSEC_BY_DEFAULT:
128 		return (has_ntsec_by_default);
129 	case HAS_CREATE_TOKEN_WO_NTSEC:
130 		return (has_create_token_wo_ntsec);
131 	}
132 	return (0);
133 }
134 
135 int
136 check_nt_auth(int pwd_authenticated, struct passwd *pw)
137 {
138 	/*
139 	* The only authentication which is able to change the user
140 	* context on NT systems is the password authentication. So
141 	* we deny all requsts for changing the user context if another
142 	* authentication method is used.
143 	*
144 	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
145 	* uses the undocumented NtCreateToken() call to create a user
146 	* token if the process has the appropriate privileges and if
147 	* CYGWIN ntsec setting is on.
148 	*/
149 	static int has_create_token = -1;
150 
151 	if (pw == NULL)
152 		return 0;
153 	if (is_winnt) {
154 		if (has_create_token < 0) {
155 			char *cygwin = getenv("CYGWIN");
156 
157 			has_create_token = 0;
158 			if (has_capability(HAS_CREATE_TOKEN) &&
159 			    (ntsec_on(cygwin) ||
160 			    (has_capability(HAS_NTSEC_BY_DEFAULT) &&
161 			     !ntsec_off(cygwin)) ||
162 			     has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
163 				has_create_token = 1;
164 		}
165 		if (has_create_token < 1 &&
166 		    !pwd_authenticated && geteuid() != pw->pw_uid)
167 			return (0);
168 	}
169 	return (1);
170 }
171 
172 int
173 check_ntsec(const char *filename)
174 {
175 	char *cygwin;
176 	int allow_ntea = 0, allow_ntsec = 0;
177 	struct statfs fsstat;
178 
179 	/* Windows 95/98/ME don't support file system security at all. */
180 	if (!is_winnt)
181 		return (0);
182 
183 	/* Evaluate current CYGWIN settings. */
184 	cygwin = getenv("CYGWIN");
185 	allow_ntea = ntea_on(cygwin);
186 	allow_ntsec = ntsec_on(cygwin) ||
187 	    (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
188 
189 	/*
190 	 * `ntea' is an emulation of POSIX attributes. It doesn't support
191 	 * real file level security as ntsec on NTFS file systems does
192 	 * but it supports FAT filesystems. `ntea' is minimum requirement
193 	 * for security checks.
194 	 */
195 	if (allow_ntea)
196 		return (1);
197 
198 	/*
199 	 * Retrieve file system flags. In Cygwin, file system flags are
200 	 * copied to f_type which has no meaning in Win32 itself.
201 	 */
202 	if (statfs(filename, &fsstat))
203 		return (1);
204 
205 	/*
206 	 * Only file systems supporting ACLs are able to set permissions.
207 	 * `ntsec' is the setting in Cygwin which switches using of NTFS
208 	 * ACLs to support POSIX permissions on files.
209 	 */
210 	if (fsstat.f_type & FS_PERSISTENT_ACLS)
211 		return (allow_ntsec);
212 
213 	return (0);
214 }
215 
216 void
217 register_9x_service(void)
218 {
219         HINSTANCE kerneldll;
220         DWORD (*RegisterServiceProcess)(DWORD, DWORD);
221 
222 	/* The service register mechanism in 9x/Me is pretty different from
223 	 * NT/2K/XP.  In NT/2K/XP we're using a special service starter
224 	 * application to register and control sshd as service.  This method
225 	 * doesn't play nicely with 9x/Me.  For that reason we register here
226 	 * as service when running under 9x/Me.  This function is only called
227 	 * by the child sshd when it's going to daemonize.
228 	 */
229 	if (is_winnt)
230 		return;
231 	if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
232 		return;
233 	if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
234 		GetProcAddress(kerneldll, "RegisterServiceProcess")))
235 		return;
236 	RegisterServiceProcess(0, 1);
237 }
238 
239 #endif /* HAVE_CYGWIN */
240