summaryrefslogtreecommitdiff
path: root/openbsd-compat/bsd-cygwin_util.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-24 21:39:36 +0000
committerColin Watson <cjwatson@debian.org>2010-01-24 21:39:36 +0000
commit964476f91b66c475d5b8fa1e8b28d39a97a1b56e (patch)
treed12ff16d94cffc5d84dba0193eaaa616967c9c2c /openbsd-compat/bsd-cygwin_util.c
parentcadac134eda6ed97478afdc528a68dd33f31dbc5 (diff)
parent1e4cfeee6c17b02af09418c5afe4a4d71aaaf0c8 (diff)
import openssh-5.3p1-gsskex-all-20100124.patch
Diffstat (limited to 'openbsd-compat/bsd-cygwin_util.c')
-rw-r--r--openbsd-compat/bsd-cygwin_util.c124
1 files changed, 0 insertions, 124 deletions
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 38be7e350..e90c1597f 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -39,9 +39,6 @@
39#endif 39#endif
40 40
41#include <sys/types.h> 41#include <sys/types.h>
42#include <sys/stat.h>
43#include <sys/utsname.h>
44#include <sys/vfs.h>
45 42
46#include <fcntl.h> 43#include <fcntl.h>
47#include <stdlib.h> 44#include <stdlib.h>
@@ -49,11 +46,6 @@
49#include <windows.h> 46#include <windows.h>
50 47
51#include "xmalloc.h" 48#include "xmalloc.h"
52#define is_winnt (GetVersion() < 0x80000000)
53
54#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
55#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
56#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
57 49
58int 50int
59binary_open(const char *filename, int flags, ...) 51binary_open(const char *filename, int flags, ...)
@@ -79,128 +71,12 @@ binary_pipe(int fd[2])
79 return (ret); 71 return (ret);
80} 72}
81 73
82#define HAS_CREATE_TOKEN 1
83#define HAS_NTSEC_BY_DEFAULT 2
84#define HAS_CREATE_TOKEN_WO_NTSEC 3
85
86static int
87has_capability(int what)
88{
89 static int inited;
90 static int has_create_token;
91 static int has_ntsec_by_default;
92 static int has_create_token_wo_ntsec;
93
94 /*
95 * has_capability() basically calls uname() and checks if
96 * specific capabilities of Cygwin can be evaluated from that.
97 * This simplifies the calling functions which only have to ask
98 * for a capability using has_capability() instead of having
99 * to figure that out by themselves.
100 */
101 if (!inited) {
102 struct utsname uts;
103
104 if (!uname(&uts)) {
105 int major_high = 0, major_low = 0, minor = 0;
106 int api_major_version = 0, api_minor_version = 0;
107 char *c;
108
109 sscanf(uts.release, "%d.%d.%d", &major_high,
110 &major_low, &minor);
111 if ((c = strchr(uts.release, '(')) != NULL) {
112 sscanf(c + 1, "%d.%d", &api_major_version,
113 &api_minor_version);
114 }
115 if (major_high > 1 ||
116 (major_high == 1 && (major_low > 3 ||
117 (major_low == 3 && minor >= 2))))
118 has_create_token = 1;
119 if (api_major_version > 0 || api_minor_version >= 56)
120 has_ntsec_by_default = 1;
121 if (major_high > 1 ||
122 (major_high == 1 && major_low >= 5))
123 has_create_token_wo_ntsec = 1;
124 inited = 1;
125 }
126 }
127 switch (what) {
128 case HAS_CREATE_TOKEN:
129 return (has_create_token);
130 case HAS_NTSEC_BY_DEFAULT:
131 return (has_ntsec_by_default);
132 case HAS_CREATE_TOKEN_WO_NTSEC:
133 return (has_create_token_wo_ntsec);
134 }
135 return (0);
136}
137
138int
139check_nt_auth(int pwd_authenticated, struct passwd *pw)
140{
141 /*
142 * The only authentication which is able to change the user
143 * context on NT systems is the password authentication. So
144 * we deny all requsts for changing the user context if another
145 * authentication method is used.
146 *
147 * This doesn't apply to Cygwin versions >= 1.3.2 anymore which
148 * uses the undocumented NtCreateToken() call to create a user
149 * token if the process has the appropriate privileges and if
150 * CYGWIN ntsec setting is on.
151 */
152 static int has_create_token = -1;
153
154 if (pw == NULL)
155 return 0;
156 if (is_winnt) {
157 if (has_create_token < 0) {
158 char *cygwin = getenv("CYGWIN");
159
160 has_create_token = 0;
161 if (has_capability(HAS_CREATE_TOKEN) &&
162 (ntsec_on(cygwin) ||
163 (has_capability(HAS_NTSEC_BY_DEFAULT) &&
164 !ntsec_off(cygwin)) ||
165 has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
166 has_create_token = 1;
167 }
168 if (has_create_token < 1 &&
169 !pwd_authenticated && geteuid() != pw->pw_uid)
170 return (0);
171 }
172 return (1);
173}
174
175int 74int
176check_ntsec(const char *filename) 75check_ntsec(const char *filename)
177{ 76{
178 return (pathconf(filename, _PC_POSIX_PERMISSIONS)); 77 return (pathconf(filename, _PC_POSIX_PERMISSIONS));
179} 78}
180 79
181void
182register_9x_service(void)
183{
184 HINSTANCE kerneldll;
185 DWORD (*RegisterServiceProcess)(DWORD, DWORD);
186
187 /* The service register mechanism in 9x/Me is pretty different from
188 * NT/2K/XP. In NT/2K/XP we're using a special service starter
189 * application to register and control sshd as service. This method
190 * doesn't play nicely with 9x/Me. For that reason we register here
191 * as service when running under 9x/Me. This function is only called
192 * by the child sshd when it's going to daemonize.
193 */
194 if (is_winnt)
195 return;
196 if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
197 return;
198 if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
199 GetProcAddress(kerneldll, "RegisterServiceProcess")))
200 return;
201 RegisterServiceProcess(0, 1);
202}
203
204#define NL(x) x, (sizeof (x) - 1) 80#define NL(x) x, (sizeof (x) - 1)
205#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) 81#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
206 82