cygwin_internal(CW_CHECK_NTSEC, filename) patch
Jason Tishler
jason@tishler.net
Wed Apr 2 13:16:00 GMT 2003
The attached patch adds Corinna's OpenSSH check_ntsec() functionality to
Cygwin as cygwin_internal(CW_CHECK_NTSEC, filename). The third
attachment, check_ntsec.cc, can be used to test this functionality:
$ cygcheck -s | egrep 'FAT|NTFS'
a: fd FAT 1Mb 62% CP UN
c: hd NTFS 38146Mb 35% CP CS UN PA FC
...
$ check_ntsec a:/readdir.exe
0 = check_ntsec(a:/readdir.exe)
$ check_ntsec c:/boot.ini
1 = check_ntsec(c:/boot.ini)
Thanks,
Jason
--
PGP/GPG Key: http://www.tishler.net/jason/pubkey.asc or key servers
Fingerprint: 7A73 1405 7F2B E669 C19D 8784 1AFD E4CC ECF4 8EF6
-------------- next part --------------
Index: external.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/external.cc,v
retrieving revision 1.50
diff -u -p -r1.50 external.cc
--- external.cc 28 Mar 2003 14:21:40 -0000 1.50
+++ external.cc 2 Apr 2003 11:43:29 -0000
@@ -28,6 +28,17 @@ details. */
#include "wincap.h"
#include "heap.h"
#include "cygthread.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/utsname.h>
+#include <sys/vfs.h>
+
+#define is_winnt (GetVersion() < 0x80000000)
+#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
+#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
+#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
+#define HAS_CREATE_TOKEN 1
+#define HAS_NTSEC_BY_DEFAULT 2
static external_pinfo *
fillout_pinfo (pid_t pid, int winpid)
@@ -121,6 +132,99 @@ get_cygdrive_prefixes (char *user, char
return res;
}
+static int
+has_capability (int what)
+{
+ /* has_capability() basically calls uname() and checks if
+ specific capabilities of Cygwin can be evaluated from that.
+ This simplifies the calling functions which only have to ask
+ for a capability using has_capability() instead of having
+ to figure that out by themselves. */
+ static int inited;
+ static int has_create_token;
+ static int has_ntsec_by_default;
+
+ if (!inited)
+ {
+ struct utsname uts;
+
+ if (!uname (&uts))
+ {
+ int major_high = 0;
+ int major_low = 0;
+ int minor = 0;
+ int api_major_version = 0;
+ int api_minor_version = 0;
+ char *c;
+
+ sscanf (uts.release, "%d.%d.%d", &major_high, &major_low, &minor);
+ c = strchr (uts.release, '(');
+ if (c)
+ sscanf (c + 1, "%d.%d", &api_major_version, &api_minor_version);
+ if (major_high > 1 ||
+ (major_high == 1 && (major_low > 3 ||
+ (major_low == 3 && minor >= 2))))
+ has_create_token = 1;
+ if (api_major_version > 0 || api_minor_version >= 56)
+ has_ntsec_by_default = 1;
+ inited = 1;
+ }
+ }
+ switch (what)
+ {
+ case HAS_CREATE_TOKEN:
+ return has_create_token;
+ case HAS_NTSEC_BY_DEFAULT:
+ return has_ntsec_by_default;
+ }
+ return 0;
+}
+
+static int
+check_ntsec (const char *filename)
+{
+ char *cygwin;
+ int allow_ntea = 0;
+ int allow_ntsec = 0;
+ struct statfs fsstat;
+
+ /* Windows 95/98/ME don't support file system security at all. */
+ if (!is_winnt)
+ return 0;
+
+ /* Evaluate current CYGWIN settings. */
+ cygwin = getenv ("CYGWIN");
+ allow_ntea = ntea_on (cygwin);
+ allow_ntsec = ntsec_on (cygwin) ||
+ (has_capability (HAS_NTSEC_BY_DEFAULT) && !ntsec_off (cygwin));
+
+ /*
+ * `ntea' is an emulation of POSIX attributes. It doesn't support
+ * real file level security as ntsec on NTFS file systems does
+ * but it supports FAT filesystems. `ntea' is minimum requirement
+ * for security checks.
+ */
+ if (allow_ntea)
+ return 1;
+
+ /*
+ * Retrieve file system flags. In Cygwin, file system flags are
+ * copied to f_type which has no meaning in Win32 itself.
+ */
+ if (statfs (filename, &fsstat))
+ return 1;
+
+ /*
+ * Only file systems supporting ACLs are able to set permissions.
+ * `ntsec' is the setting in Cygwin which switches using of NTFS
+ * ACLs to support POSIX permissions on files.
+ */
+ if (fsstat.f_type & FS_PERSISTENT_ACLS)
+ return allow_ntsec;
+
+ return 0;
+}
+
extern "C" unsigned long
cygwin_internal (cygwin_getinfo_types t, ...)
{
@@ -246,6 +350,11 @@ cygwin_internal (cygwin_getinfo_types t,
pid_t pid = va_arg (arg, pid_t);
pinfo p (pid);
return (DWORD) p->cmdline (n);
+ }
+ case CW_CHECK_NTSEC:
+ {
+ char *filename = va_arg (arg, char *);
+ return check_ntsec (filename);
}
default:
return (DWORD) -1;
Index: include/cygwin/version.h
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/include/cygwin/version.h,v
retrieving revision 1.112
diff -u -p -r1.112 version.h
--- include/cygwin/version.h 19 Mar 2003 20:13:57 -0000 1.112
+++ include/cygwin/version.h 2 Apr 2003 11:43:29 -0000
@@ -197,12 +197,13 @@ details. */
fgetpos64 fopen64 freopen64 fseeko64 fsetpos64 ftello64
_open64 _lseek64 _fstat64 _stat64 mknod32
80: Export pthread_rwlock stuff
+ 81: CW_CHECK_NTSEC addition to external.cc
*/
/* Note that we forgot to bump the api for ualarm, strtoll, strtoull */
#define CYGWIN_VERSION_API_MAJOR 0
-#define CYGWIN_VERSION_API_MINOR 80
+#define CYGWIN_VERSION_API_MINOR 81
/* There is also a compatibity version number associated with the
shared memory regions. It is incremented when incompatible
Index: include/sys/cygwin.h
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/include/sys/cygwin.h,v
retrieving revision 1.42
diff -u -p -r1.42 cygwin.h
--- include/sys/cygwin.h 28 Mar 2003 14:21:40 -0000 1.42
+++ include/sys/cygwin.h 2 Apr 2003 11:43:29 -0000
@@ -71,7 +71,8 @@ typedef enum
CW_STRACE_ACTIVE,
CW_CYGWIN_PID_TO_WINPID,
CW_EXTRACT_DOMAIN_AND_USER,
- CW_CMDLINE
+ CW_CMDLINE,
+ CW_CHECK_NTSEC
} cygwin_getinfo_types;
#define CW_NEXTPID 0x80000000 /* or with pid to get next one */
-------------- next part --------------
2003-04-02 Jason Tishler <jason@tishler.net>
Corinna Vinschen <corinna@vinschen.de>
* external.cc (is_winnt): New define.
(ntsec_on): New macro.
(ntsec_off): Ditto.
(ntea_on): Ditto.
(HAS_CREATE_TOKEN): New define.
(HAS_NTSEC_BY_DEFAULT): Ditto.
(has_capability): New function.
(check_ntsec): Ditto.
(cygwin_internal): Add CW_CHECK_NTSEC handling to call check_ntsec()
from applications.
* include/cygwin/version.h: Bump API minor number.
* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_CHECK_NTSEC.
-------------- next part --------------
#include <stdio.h>
#include <sys/cygwin.h>
int
main(int argc, char* argv[])
{
const char* filename = argv[1];
unsigned long status = cygwin_internal(CW_CHECK_NTSEC, filename);
printf("%lu = check_ntsec(%s)\n", status, filename);
return 0;
}
More information about the Cygwin-patches
mailing list