int check_ntsec(const char *filename) { char *cygwin; int allow_ntea = 0, allow_ntsec = 0; struct statfs fsstat; /* Windows 95/98/ME don't support file system security at all. */ if (!is_winnt) return (0); /* Evaluate current CYGWIN settings. */ cygwin = getenv("CYGWIN"); allow_ntea = ntea_on(cygwin); allow_ntsec = ntsec_on(cygwin) || (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin)); /* * `ntea' is an emulation of POSIX attributes. It doesn't support * real file level security as ntsec on NTFS file systems does * but it supports FAT filesystems. `ntea' is minimum requirement * for security checks. */ if (allow_ntea) return (1); /* * Retrieve file system flags. In Cygwin, file system flags are * copied to f_type which has no meaning in Win32 itself. */ if (statfs(filename, &fsstat)) return (1); /* * Only file systems supporting ACLs are able to set permissions. * `ntsec' is the setting in Cygwin which switches using of NTFS * ACLs to support POSIX permissions on files. */ if (fsstat.f_type & FS_PERSISTENT_ACLS) return (allow_ntsec); return (0); }
int check_nt_auth(int pwd_authenticated, struct passwd *pw) { /* * The only authentication which is able to change the user * context on NT systems is the password authentication. So * we deny all requsts for changing the user context if another * authentication method is used. * * This doesn't apply to Cygwin versions >= 1.3.2 anymore which * uses the undocumented NtCreateToken() call to create a user * token if the process has the appropriate privileges and if * CYGWIN ntsec setting is on. */ static int has_create_token = -1; if (pw == NULL) return 0; if (is_winnt) { if (has_create_token < 0) { struct utsname uts; int major_high = 0, major_low = 0, minor = 0; char *cygwin = getenv("CYGWIN"); has_create_token = 0; if (ntsec_on(cygwin) && !uname(&uts)) { sscanf(uts.release, "%d.%d.%d", &major_high, &major_low, &minor); if (major_high > 1 || (major_high == 1 && (major_low > 3 || (major_low == 3 && minor >= 2)))) has_create_token = 1; } } if (has_create_token < 1 && !pwd_authenticated && geteuid() != pw->pw_uid) return 0; } return 1; }
int check_nt_auth(int pwd_authenticated, struct passwd *pw) { /* * The only authentication which is able to change the user * context on NT systems is the password authentication. So * we deny all requsts for changing the user context if another * authentication method is used. * * This doesn't apply to Cygwin versions >= 1.3.2 anymore which * uses the undocumented NtCreateToken() call to create a user * token if the process has the appropriate privileges and if * CYGWIN ntsec setting is on. */ static int has_create_token = -1; if (pw == NULL) return 0; if (is_winnt) { if (has_create_token < 0) { char *cygwin = getenv("CYGWIN"); has_create_token = 0; if (has_capability(HAS_CREATE_TOKEN) && (ntsec_on(cygwin) || (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin)) || has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) has_create_token = 1; } if (has_create_token < 1 && !pwd_authenticated && geteuid() != pw->pw_uid) return (0); } return (1); }