diff --git a/auth2-pubkey.c b/auth2-pubkey.c index d8d9d5d..3eb2f6d 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -104,12 +104,8 @@ userauth_pubkey(Authctxt *authctxt) int targetIsCurrent = 0; - # ifdef USE_NTCREATETOKEN - int doOpenSSHVerify = 1; - # else int doOpenSSHVerify = 0; - # endif - + #endif Buffer b; diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs index e10b769..d32cbe0 100644 --- a/contrib/win32/openssh/config.h.vs +++ b/contrib/win32/openssh/config.h.vs @@ -1581,7 +1581,6 @@ #define _CRT_SECURE_NO_DEPRECATE 1 #define _CRT_NONSTDC_NO_DEPRECATE 1 #define WIN32_FIXME 1 -#undef USE_NTCREATETOKEN /* Define if you must implement a startup_needs function for your platform */ #define HAVE_STARTUP_NEEDS 1 diff --git a/contrib/win32/win32compat/homedirhelp.c b/contrib/win32/win32compat/homedirhelp.c index 4f8e071..204839a 100644 --- a/contrib/win32/win32compat/homedirhelp.c +++ b/contrib/win32/win32compat/homedirhelp.c @@ -120,86 +120,9 @@ wchar_t *gethomedir_w(char *pUserName, char *pDomainName) * and get homedir using this token. */ - #ifdef USE_NTCREATETOKEN - - token = CreateUserTokenW(pUserName_w, pDomainName_w, L"sshd"); - - if (token == NULL) - { - debug("gethomedir: create token failed"); - return NULL; - } - - debug2("setting up profile info..."); - - /* - * Become the user - */ - - memset(&profileInfo, 0, sizeof(profileInfo)); - - profileInfo.dwSize = sizeof(profileInfo); - profileInfo.lpUserName = pUserName_w; - profileInfo.lpServerName = pDomainName_w; - - debug2("LoadUserProfile()..."); - - if (!LoadUserProfile(token, &profileInfo)) - { - DWORD dwLast = GetLastError(); - - debug("gethomedir: load profile failed [%d]", dwLast); - - return NULL; - } - - /* - * Get user's home directory - */ - - //if (!SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, token, 0, szPath))) - - debug2("SGGetFolderPath()..."); - - if (!SUCCEEDED(SHGetFolderPathW(NULL, CSIDL_PROFILE, token, 0, szPathW))) - { - debug("gethomedir: get folder failed"); - - /* - * Become self again. - */ - - UnloadUserProfile(token, profileInfo.hProfile); - - RevertToSelf(); - - CloseHandle(token); - - return NULL; - } - - debug3("gethomedir: szPathW [%ls]", szPathW); - - /* - * Become self again. - */ - - UnloadUserProfile(token, profileInfo.hProfile); - - RevertToSelf(); - - CloseHandle(token); - - debug2("<- gethomedir()..."); - - return _wcsdup(szPathW); - - #else - return NULL; - #endif } /* diff --git a/contrib/win32/win32compat/pwd.c b/contrib/win32/win32compat/pwd.c index fe5aaeb..d0e4eb7 100644 --- a/contrib/win32/win32compat/pwd.c +++ b/contrib/win32/win32compat/pwd.c @@ -444,21 +444,6 @@ user_from_uid(uid_t uid, int nouser) return (cp->name); } -#ifdef USE_NTCREATETOKEN - -/* - * Simple helper to avoid having to include win32auth.h. - */ - -PWD_USER_TOKEN PwdCreateUserToken(const char *pUserName, - const char *pDomainName, - const char *pSourceName) -{ - return (PWD_USER_TOKEN) CreateUserToken(pUserName, pDomainName, pSourceName); -} - -#endif - /* TODO - this is moved from realpath.c in openbsdcompat. Review and finalize its position*/ #include diff --git a/contrib/win32/win32compat/win32auth.c b/contrib/win32/win32compat/win32auth.c index eb14776..ee9b92d 100644 --- a/contrib/win32/win32compat/win32auth.c +++ b/contrib/win32/win32compat/win32auth.c @@ -500,296 +500,4 @@ fail: return exitCode; } -#ifdef USE_NTCREATETOKEN -/* - * Creates new user's access token using NtCreateToken() function. - * - * userName - user name string (IN) - * domainName - domain name (IN) (UNUSED) - * sourceName - ?? (IN) - * - * RETURNS: Handle to created token or INVALID_HANDLE_VALUE if fails. - */ - -HANDLE CreateUserToken(const char *userName, - const char *domainName, const char *sourceName) -{ - debug2("-> CreateUserToken()..."); - - HMODULE hNtDll = NULL; - - NtCreateTokenPtr NtCreateToken = NULL; - - HANDLE token = INVALID_HANDLE_VALUE; - - /* - * These are compounds of user's access token structure. - * The goal is setup these strutures and combine them - * into one access token using NtCreateToken() WINAPI function. - */ - - LUID authId = SYSTEM_LUID; - - TOKEN_USER userToken; - - PTOKEN_GROUPS groupsToken = NULL; - - PTOKEN_PRIVILEGES pPrivToken = NULL; - - TOKEN_OWNER ownerToken; - - TOKEN_PRIMARY_GROUP primaryGroupToken; - - TOKEN_SOURCE sourceToken; - - PTOKEN_DEFAULT_DACL pDaclToken = NULL; - - LARGE_INTEGER expirationTime = {0xFFFFFFFF, 0x7FFFFFFF}; - - OBJECT_ATTRIBUTES oa; - - /* - * Temporary variables - */ - - SECURITY_QUALITY_OF_SERVICE sqos = - { - sizeof(sqos), - SecurityAnonymous, - SECURITY_STATIC_TRACKING, - FALSE - }; - - int i; - - size_t size = 0; - - wchar_t *userNameW = NULL; - - DWORD cbSize; - - HANDLE hProcToken = NULL; - - /* - * Variables to handle error codes. - */ - - int exitCode = 1; - int ntStat = 0; - - /* - * Make wide char version of user's name. - */ - - size = (strlen(userName) + 1) * sizeof(wchar_t); - - userNameW = (wchar_t *) LocalAlloc(LPTR, size);; - - swprintf(userNameW, L"%hs", userName); - - /* - * Give needed privilege to current running process - */ - - debug("Enabling privilege to current running process..."); - - EnablePrivilege("SeTcbPrivilege", 1); - EnablePrivilege("SeChangeNotifyPrivilege", 1); - EnablePrivilege("SeIncreaseQuotaPrivilege", 1); - EnablePrivilege("SeAssignPrimaryTokenPrivilege", 1); - EnablePrivilege("SeCreateTokenPrivilege", 1); - - /* - * Create TOKEN_USER part - */ - - debug("Setting up TOKEN_USER..."); - - FAIL(GetSidW(&userToken.User.Sid, userNameW)); - - userToken.User.Attributes = 0; - - /* - * Create TOKEN_OWNER part. We assume Owner = User. - */ - - debug("Setting up TOKEN_OWNER..."); - - FAIL(GetSidW(&ownerToken.Owner, userNameW)); - - /* - * Create TOKEN_SOURCE part - */ - - debug("Setting up TOKEN_SOURCE..."); - - FAIL(AllocateLocallyUniqueId(&sourceToken.SourceIdentifier) == FALSE); - - size = min(strlen(sourceName), 8); - - memcpy(sourceToken.SourceName, "********", 8); - memcpy(sourceToken.SourceName, sourceName, size); - - /* - * Create TOKEN_GROUPS part - */ - - debug("Setting up TOKEN_GROUPS..."); - - FAIL(SetupTokenGroups(&groupsToken, userNameW)); - - /* - * Create TOKEN_PRIVILEGES part - */ - - debug("Setting up TOKEN_PRIVILEGES..."); - - FAIL(SetupTokenPrivileges(&pPrivToken, userToken.User.Sid)); - - /* - * Create TOKEN_PRIMARY_GROUP part - */ - - debug("Setting up TOKEN_PRIMARY GROUP..."); - - primaryGroupToken.PrimaryGroup = EveryoneSID(); - - /* - * Setup object attributes - */ - - memset(&oa, 0, sizeof(oa)); - - oa.Length = sizeof(oa); - - oa.SecurityQualityOfService = &sqos; - - /* - * Setup TOKEN_DEFAULT_DACL part. - */ - - debug("Setting up TOKEN_DEFAULT_DACL..."); - - debug("Opening current process's token..."); - - FAIL(OpenProcessToken(GetCurrentProcess(), - TOKEN_QUERY | TOKEN_QUERY_SOURCE, - &hProcToken) == FALSE); - - debug("Retrieving TOKEN_DEFAULT_DACL..."); - - GetTokenInformation(hProcToken, TokenDefaultDacl, NULL, 0, &cbSize); - - pDaclToken = LocalAlloc(LPTR, cbSize); - - FAIL(GetTokenInformation(hProcToken, TokenDefaultDacl, - pDaclToken, cbSize, &cbSize) == FALSE); - - /* - * Print debug info about parts - */ - - //PrintPartsInfo(&token, TOKEN_ALL_ACCESS, &oa, - // TokenPrimary, &authId, &expirationTime, - // &userToken, groupsToken, pPrivToken, - // &ownerToken, &primaryGroupToken, - // pDaclToken, &sourceToken); - - /* - * Retrieve address of NtCreateToken() function. - */ - - debug("Retrieving NtCreateToken() address..."); - - hNtDll = GetModuleHandle("ntdll.dll"); - - FAIL(hNtDll == NULL); - - NtCreateToken = (NtCreateTokenPtr) GetProcAddress(hNtDll, "NtCreateToken"); - - FAIL(NtCreateToken == NULL); - - /* - * Create new user acces token from parts setted up above. - */ - - debug("Creating token from parts..."); - - ntStat = NtCreateToken(&token, TOKEN_ALL_ACCESS, &oa, - TokenPrimary, &authId, &expirationTime, - &userToken, groupsToken, pPrivToken, - &ownerToken, &primaryGroupToken, - pDaclToken, &sourceToken); - FAIL(ntStat); - - /* - * Add rights to use 'default' desktop and WinStation0. - */ - - if (AddRightsToDesktopBySid(userToken.User.Sid)) - { - debug("WARNING. Cannot add rights to 'winsta0\\default'!"); - } - - exitCode = 0; - -fail: - - /* - * Free allocated memory - */ - - debug2("Freeing groupsToken..."); - - if (groupsToken) - { - /* - * We don't need to test were SIDs allocated correctly, - * becouse FreeSid() do it. - */ - - for (i = 0; i < groupsToken -> GroupCount; i++) - { - FreeSid(groupsToken -> Groups[i].Sid); - } - - LocalFree(groupsToken); - } - - debug2("Freeing local buffers..."); - - LocalFree(userNameW); - LocalFree(pDaclToken); - LocalFree(pPrivToken); - - debug2("Freeing SIDs..."); - - FreeSid(userToken.User.Sid); - FreeSid(ownerToken.Owner); - FreeSid(primaryGroupToken.PrimaryGroup); - - debug2("Closing hProcToken..."); - - CloseHandle(hProcToken); - - debug2("Closing hNtDll..."); - - CloseHandle(hNtDll); - - /* - * Something was wrong. - */ - - if (exitCode) - { - debug("ERROR. Cannot create user's acces token. (err = %u, ntStat = %x)", - GetLastError(), ntStat); - } - - debug2("<- CreateUserToken()..."); - - return token; -} - -#endif diff --git a/contrib/win32/win32compat/win32auth.h b/contrib/win32/win32compat/win32auth.h index a537528..ee72e8c 100644 --- a/contrib/win32/win32compat/win32auth.h +++ b/contrib/win32/win32compat/win32auth.h @@ -76,21 +76,6 @@ typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; #define NTSYSAPI DECLSPEC_IMPORT #endif -// -// Prototype for undocumented NtCreateToken() function from 'ntdll.dll' -// -#ifdef USE_NTCREATETOKEN -typedef NTSYSAPI NTSTATUS - (NTAPI *NtCreateTokenPtr) (PHANDLE, ACCESS_MASK, - POBJECT_ATTRIBUTES, - TOKEN_TYPE, PLUID, PLARGE_INTEGER, - PTOKEN_USER, PTOKEN_GROUPS, - PTOKEN_PRIVILEGES, PTOKEN_OWNER, - PTOKEN_PRIMARY_GROUP, - PTOKEN_DEFAULT_DACL, - PTOKEN_SOURCE); -#endif /* USE_NTCREATETOKEN */ - HANDLE CreateUserToken(const char *pUserName, const char *pDomainName, const char *pSourceName); diff --git a/session.c b/session.c index ab1784c..bcdc669 100644 --- a/session.c +++ b/session.c @@ -714,21 +714,6 @@ do_exec_no_pty(Session *s, const char *command) ModifyRightsToDesktop(hToken, 1); } - #ifdef USE_NTCREATETOKEN - - /* - * Next try to get an NtCreateToken token if enabled. - */ - - else - { - debug("Using token from NtCreateToken()..."); - - hToken = (HANDLE) PwdCreateUserToken(s -> authctxt -> user, NULL, "sshd"); - } - - #endif - /* * Next try pass-auth token. */