This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: cygwin_internal(CW_CHECK_NTSEC, filename) patch

From: Christopher Faylor <cgf at redhat dot com>
To: cygwin-patches at cygwin dot com
Date: Wed, 2 Apr 2003 10:42:58 -0500
Subject: Re: cygwin_internal(CW_CHECK_NTSEC, filename) patch
References: <20030402131626.GA1888@tishler.net>
Reply-to: cygwin-patches at cygwin dot com

On Wed, Apr 02, 2003 at 08:16:26AM -0500, Jason Tishler wrote:
>The attached patch adds Corinna's OpenSSH check_ntsec() functionality to
>Cygwin as cygwin_internal(CW_CHECK_NTSEC, filename).  The third
>attachment, check_ntsec.cc, can be used to test this functionality:
>
>    $ cygcheck -s | egrep 'FAT|NTFS'
>    a:  fd  FAT        1Mb  62% CP    UN           
>    c:  hd  NTFS   38146Mb  35% CP CS UN PA FC
>    ...
>
>    $ check_ntsec a:/readdir.exe 
>    0 = check_ntsec(a:/readdir.exe)
>
>    $ check_ntsec c:/boot.ini 
>    1 = check_ntsec(c:/boot.ini)
>
>Thanks,
>Jason

I don't get it.  Why are you essentially duplicating all of the checking that already
happens with the wincap stuff?

cgf

>Index: external.cc
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/external.cc,v
>retrieving revision 1.50
>diff -u -p -r1.50 external.cc
>--- external.cc	28 Mar 2003 14:21:40 -0000	1.50
>+++ external.cc	2 Apr 2003 11:43:29 -0000
>@@ -28,6 +28,17 @@ details. */
> #include "wincap.h"
> #include "heap.h"
> #include "cygthread.h"
>+#include <stdio.h>
>+#include <stdlib.h>
>+#include <sys/utsname.h>
>+#include <sys/vfs.h>
>+
>+#define is_winnt	(GetVersion() < 0x80000000)
>+#define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
>+#define ntsec_off(c)	((c) && strstr((c),"nontsec"))
>+#define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
>+#define HAS_CREATE_TOKEN 1
>+#define HAS_NTSEC_BY_DEFAULT 2
> 
> static external_pinfo *
> fillout_pinfo (pid_t pid, int winpid)
>@@ -121,6 +132,99 @@ get_cygdrive_prefixes (char *user, char 
>   return res;
> }
> 
>+static int
>+has_capability (int what)
>+{
>+  /* has_capability() basically calls uname() and checks if
>+     specific capabilities of Cygwin can be evaluated from that.
>+     This simplifies the calling functions which only have to ask
>+     for a capability using has_capability() instead of having
>+     to figure that out by themselves. */
>+  static int inited;
>+  static int has_create_token;
>+  static int has_ntsec_by_default;
>+
>+  if (!inited)
>+    {
>+      struct utsname uts;
>+
>+      if (!uname (&uts))
>+	{
>+	  int major_high = 0;
>+	  int major_low = 0;
>+	  int minor = 0;
>+	  int api_major_version = 0;
>+	  int api_minor_version = 0;
>+	  char *c;
>+
>+	  sscanf (uts.release, "%d.%d.%d", &major_high, &major_low, &minor);
>+	  c = strchr (uts.release, '(');
>+	  if (c)
>+	    sscanf (c + 1, "%d.%d", &api_major_version, &api_minor_version);
>+	  if (major_high > 1 ||
>+	      (major_high == 1 && (major_low > 3 ||
>+				   (major_low == 3 && minor >= 2))))
>+	    has_create_token = 1;
>+	  if (api_major_version > 0 || api_minor_version >= 56)
>+	    has_ntsec_by_default = 1;
>+	  inited = 1;
>+	}
>+    }
>+  switch (what)
>+    {
>+    case HAS_CREATE_TOKEN:
>+      return has_create_token;
>+    case HAS_NTSEC_BY_DEFAULT:
>+      return has_ntsec_by_default;
>+    }
>+  return 0;
>+}
>+
>+static int
>+check_ntsec (const char *filename)
>+{
>+  char *cygwin;
>+  int allow_ntea = 0;
>+  int allow_ntsec = 0;
>+  struct statfs fsstat;
>+
>+  /* Windows 95/98/ME don't support file system security at all. */
>+  if (!is_winnt)
>+    return 0;
>+
>+  /* Evaluate current CYGWIN settings. */
>+  cygwin = getenv ("CYGWIN");
>+  allow_ntea = ntea_on (cygwin);
>+  allow_ntsec = ntsec_on (cygwin) ||
>+    (has_capability (HAS_NTSEC_BY_DEFAULT) && !ntsec_off (cygwin));
>+
>+  /*
>+   * `ntea' is an emulation of POSIX attributes. It doesn't support
>+   * real file level security as ntsec on NTFS file systems does
>+   * but it supports FAT filesystems. `ntea' is minimum requirement
>+   * for security checks.
>+   */
>+  if (allow_ntea)
>+    return 1;
>+
>+  /*
>+   * Retrieve file system flags. In Cygwin, file system flags are
>+   * copied to f_type which has no meaning in Win32 itself.
>+   */
>+  if (statfs (filename, &fsstat))
>+    return 1;
>+
>+  /*
>+   * Only file systems supporting ACLs are able to set permissions.
>+   * `ntsec' is the setting in Cygwin which switches using of NTFS
>+   * ACLs to support POSIX permissions on files.
>+   */
>+  if (fsstat.f_type & FS_PERSISTENT_ACLS)
>+    return allow_ntsec;
>+
>+  return 0;
>+}
>+
> extern "C" unsigned long
> cygwin_internal (cygwin_getinfo_types t, ...)
> {
>@@ -246,6 +350,11 @@ cygwin_internal (cygwin_getinfo_types t,
> 	  pid_t pid = va_arg (arg, pid_t);
> 	  pinfo p (pid);
> 	  return (DWORD) p->cmdline (n);
>+	}
>+      case CW_CHECK_NTSEC:
>+	{
>+	  char *filename = va_arg (arg, char *);
>+	  return check_ntsec (filename);
> 	}
>       default:
> 	return (DWORD) -1;
>Index: include/cygwin/version.h
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/include/cygwin/version.h,v
>retrieving revision 1.112
>diff -u -p -r1.112 version.h
>--- include/cygwin/version.h	19 Mar 2003 20:13:57 -0000	1.112
>+++ include/cygwin/version.h	2 Apr 2003 11:43:29 -0000
>@@ -197,12 +197,13 @@ details. */
> 		  fgetpos64 fopen64 freopen64 fseeko64 fsetpos64 ftello64
> 		  _open64 _lseek64 _fstat64 _stat64 mknod32
>        80: Export pthread_rwlock stuff
>+       81: CW_CHECK_NTSEC addition to external.cc
>      */
> 
>      /* Note that we forgot to bump the api for ualarm, strtoll, strtoull */
> 
> #define CYGWIN_VERSION_API_MAJOR 0
>-#define CYGWIN_VERSION_API_MINOR 80
>+#define CYGWIN_VERSION_API_MINOR 81
> 
>      /* There is also a compatibity version number associated with the
> 	shared memory regions.  It is incremented when incompatible
>Index: include/sys/cygwin.h
>===================================================================
>RCS file: /cvs/src/src/winsup/cygwin/include/sys/cygwin.h,v
>retrieving revision 1.42
>diff -u -p -r1.42 cygwin.h
>--- include/sys/cygwin.h	28 Mar 2003 14:21:40 -0000	1.42
>+++ include/sys/cygwin.h	2 Apr 2003 11:43:29 -0000
>@@ -71,7 +71,8 @@ typedef enum
>     CW_STRACE_ACTIVE,
>     CW_CYGWIN_PID_TO_WINPID,
>     CW_EXTRACT_DOMAIN_AND_USER,
>-    CW_CMDLINE
>+    CW_CMDLINE,
>+    CW_CHECK_NTSEC
>   } cygwin_getinfo_types;
> 
> #define CW_NEXTPID	0x80000000	/* or with pid to get next one */

>2003-04-02  Jason Tishler <jason at tishler dot net>
>	    Corinna Vinschen  <corinna at vinschen dot de>
>
>	* external.cc (is_winnt): New define.
>	(ntsec_on): New macro.
>	(ntsec_off): Ditto.
>	(ntea_on): Ditto.
>	(HAS_CREATE_TOKEN): New define.
>	(HAS_NTSEC_BY_DEFAULT): Ditto.
>	(has_capability): New function.
>	(check_ntsec): Ditto.
>	(cygwin_internal): Add CW_CHECK_NTSEC handling to call check_ntsec()
>	from applications.
>	* include/cygwin/version.h: Bump API minor number.
>	* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_CHECK_NTSEC.

>#include <stdio.h>
>#include <sys/cygwin.h>
>
>int
>main(int argc, char* argv[])
>{
>  const char* filename = argv[1];
>  unsigned long status = cygwin_internal(CW_CHECK_NTSEC, filename);
>  printf("%lu = check_ntsec(%s)\n", status, filename);
>  return 0;
>}

Follow-Ups:
- Re: cygwin_internal(CW_CHECK_NTSEC, filename) patch
  - From: Jason Tishler

References:
- cygwin_internal(CW_CHECK_NTSEC, filename) patch
  - From: Jason Tishler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]