int
check_ntsec(const char *filename)
{
char *cygwin;
int allow_ntea = 0, allow_ntsec = 0;
struct statfs fsstat;
/* Windows 95/98/ME don't support file system security at all. */
if (!is_winnt)
return (0);
/* Evaluate current CYGWIN settings. */
cygwin = getenv("CYGWIN");
allow_ntea = ntea_on(cygwin);
allow_ntsec = ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
/*
* `ntea' is an emulation of POSIX attributes. It doesn't support
* real file level security as ntsec on NTFS file systems does
* but it supports FAT filesystems. `ntea' is minimum requirement
* for security checks.
*/
if (allow_ntea)
return (1);
/*
* Retrieve file system flags. In Cygwin, file system flags are
* copied to f_type which has no meaning in Win32 itself.
*/
if (statfs(filename, &fsstat))
return (1);
/*
* Only file systems supporting ACLs are able to set permissions.
* `ntsec' is the setting in Cygwin which switches using of NTFS
* ACLs to support POSIX permissions on files.
*/
if (fsstat.f_type & FS_PERSISTENT_ACLS)
return (allow_ntsec);
return (0);
}
int check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
/*
* The only authentication which is able to change the user
* context on NT systems is the password authentication. So
* we deny all requsts for changing the user context if another
* authentication method is used.
*
* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
* uses the undocumented NtCreateToken() call to create a user
* token if the process has the appropriate privileges and if
* CYGWIN ntsec setting is on.
*/
static int has_create_token = -1;
if (pw == NULL)
return 0;
if (is_winnt) {
if (has_create_token < 0) {
struct utsname uts;
int major_high = 0, major_low = 0, minor = 0;
char *cygwin = getenv("CYGWIN");
has_create_token = 0;
if (ntsec_on(cygwin) && !uname(&uts)) {
sscanf(uts.release, "%d.%d.%d",
&major_high, &major_low, &minor);
if (major_high > 1 ||
(major_high == 1 && (major_low > 3 ||
(major_low == 3 && minor >= 2))))
has_create_token = 1;
}
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != pw->pw_uid)
return 0;
}
return 1;
}
int
check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
/*
* The only authentication which is able to change the user
* context on NT systems is the password authentication. So
* we deny all requsts for changing the user context if another
* authentication method is used.
*
* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
* uses the undocumented NtCreateToken() call to create a user
* token if the process has the appropriate privileges and if
* CYGWIN ntsec setting is on.
*/
static int has_create_token = -1;
if (pw == NULL)
return 0;
if (is_winnt) {
if (has_create_token < 0) {
char *cygwin = getenv("CYGWIN");
has_create_token = 0;
if (has_capability(HAS_CREATE_TOKEN) &&
(ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin)) ||
has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
has_create_token = 1;
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != pw->pw_uid)
return (0);
}
return (1);
}
