diff options
Diffstat (limited to 'openbsd-compat/bsd-cygwin_util.c')
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 36f13e3f0..87f36c0cb 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -15,16 +15,20 @@ | |||
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | 17 | ||
18 | RCSID("$Id: bsd-cygwin_util.c,v 1.4 2001/04/13 14:28:42 djm Exp $"); | 18 | RCSID("$Id: bsd-cygwin_util.c,v 1.5 2001/07/18 16:19:49 mouring Exp $"); |
19 | 19 | ||
20 | #ifdef HAVE_CYGWIN | 20 | #ifdef HAVE_CYGWIN |
21 | 21 | ||
22 | #include <fcntl.h> | 22 | #include <fcntl.h> |
23 | #include <stdlib.h> | 23 | #include <stdlib.h> |
24 | #include <sys/utsname.h> | ||
24 | #include <sys/vfs.h> | 25 | #include <sys/vfs.h> |
25 | #include <windows.h> | 26 | #include <windows.h> |
26 | #define is_winnt (GetVersion() < 0x80000000) | 27 | #define is_winnt (GetVersion() < 0x80000000) |
27 | 28 | ||
29 | #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) | ||
30 | #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) | ||
31 | |||
28 | #if defined(open) && open == binary_open | 32 | #if defined(open) && open == binary_open |
29 | # undef open | 33 | # undef open |
30 | #endif | 34 | #endif |
@@ -61,12 +65,34 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) | |||
61 | * context on NT systems is the password authentication. So | 65 | * context on NT systems is the password authentication. So |
62 | * we deny all requsts for changing the user context if another | 66 | * we deny all requsts for changing the user context if another |
63 | * authentication method is used. | 67 | * authentication method is used. |
64 | * This may change in future when a special openssh | 68 | * |
65 | * subauthentication package is available. | 69 | * This doesn't apply to Cygwin versions >= 1.3.2 anymore which |
70 | * uses the undocumented NtCreateToken() call to create a user | ||
71 | * token if the process has the appropriate privileges and if | ||
72 | * CYGWIN ntsec setting is on. | ||
66 | */ | 73 | */ |
67 | if (is_winnt && !pwd_authenticated && geteuid() != uid) | 74 | static int has_create_token = -1; |
68 | return 0; | 75 | |
69 | 76 | if (is_winnt) { | |
77 | if (has_create_token < 0) { | ||
78 | struct utsname uts; | ||
79 | int major_high = 0, major_low = 0, minor = 0; | ||
80 | char *cygwin = getenv("CYGWIN"); | ||
81 | |||
82 | has_create_token = 0; | ||
83 | if (ntsec_on(cygwin) && !uname(&uts)) { | ||
84 | sscanf(uts.release, "%d.%d.%d", | ||
85 | &major_high, &major_low, &minor); | ||
86 | if (major_high > 1 || | ||
87 | (major_high == 1 && (major_low > 3 || | ||
88 | (major_low == 3 && minor >= 2)))) | ||
89 | has_create_token = 1; | ||
90 | } | ||
91 | } | ||
92 | if (has_create_token < 1 && | ||
93 | !pwd_authenticated && geteuid() != uid) | ||
94 | return 0; | ||
95 | } | ||
70 | return 1; | 96 | return 1; |
71 | } | 97 | } |
72 | 98 | ||
@@ -82,12 +108,9 @@ int check_ntsec(const char *filename) | |||
82 | return 0; | 108 | return 0; |
83 | 109 | ||
84 | /* Evaluate current CYGWIN settings. */ | 110 | /* Evaluate current CYGWIN settings. */ |
85 | if ((cygwin = getenv("CYGWIN")) != NULL) { | 111 | cygwin = getenv("CYGWIN"); |
86 | if (strstr(cygwin, "ntea") && !strstr(cygwin, "nontea")) | 112 | allow_ntea = ntea_on(cygwin); |
87 | allow_ntea = 1; | 113 | allow_ntsec = ntsec_on(cygwin); |
88 | if (strstr(cygwin, "ntsec") && !strstr(cygwin, "nontsec")) | ||
89 | allow_ntsec = 1; | ||
90 | } | ||
91 | 114 | ||
92 | /* | 115 | /* |
93 | * `ntea' is an emulation of POSIX attributes. It doesn't support | 116 | * `ntea' is an emulation of POSIX attributes. It doesn't support |