tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-28 08:24:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

5-12 C5

Browse Source
This commit is contained in:
manojampalam 2016-05-12 19:34:40 -07:00
parent 1451db2450
commit 6075c980ae
19 changed files with 0 additions and 4214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
contrib/win32/win32compat/lsa/Base64.cpp
View File

@ -1,205 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "Base64.h"
//
// Decode base64 string. Input string MUST be '0' byte terminated.
//
// src - input, zero-terminated string (IN)
// dest - output, decoded string (OUT)
// destSize - size if dest buffer in bytes (IN)
//
// RETURNS: Number of bytes written to dest or -1 if error.
//
Int DecodeBase64(Char const *src, Char *dest, size_t destSize)
{
DBG_ENTRY("DecodeBase64");
Int len = 0;
Int exitCode = 1;
Char encoded[4] = {0};
Char decoded[4] = {0};
Char &encX = encoded[0];
Char &encY = encoded[1];
Char &encZ = encoded[2];
Char &encW = encoded[3];
Char &x = decoded[0];
Char &y = decoded[1];
Char &z = decoded[2];
Char &w = decoded[3];
//
// i indexes source buffer.
// j indexes destination buffer.
//
Unsigned Int i = 0;
Unsigned Int j = 0;
Int goOn = 1;
//
// Skip white spaces at the buffer's begin.
//
while (isspace(src[i]))
{
i++;
}
//
// Decode string by 4 bytes packages {x,y,z,w}
//
while (goOn && src[i])
{
//
// Read next 4 non white characters from source buffer.
//
for (int k = 0; k < 4; k++)
{
//
// Unexepcted end of string?
//
FAIL(src[i] == 0);
//
// Find one byte in Base64 alphabet.
//
encoded[k] = src[i];
decoded[k] = RevBase64[(Int) (src[i])];
FAIL(decoded[k] == WRONG);
//
// If any character in {x,y,z,w} is PAD64
// this is signal to end.
//
if (encoded[k] == PAD64)
{
goOn = 0;
}
//
// Goto next not white character.
//
i++;
while (isspace(src[i]))
{
i++;
}
}
//
// Translate {x,y,z,w} |-> {x',y',z'}.
//
FAIL((j + 3) > destSize);
dest[j] = (x << 2) | (y >> 4);
dest[j + 1] = (y << 4) | ((z >> 2) & 0xf);
dest[j + 2] = ((z << 6) & 192) | (w & 63);
j += 3;
};
len = j;
//
// Do any bytes remain in string? String must be terminated
// by zero byte.
FAIL(src[i] != 0);
//
// Fail if last packet is {PAD64, ?, ?, ?} or {?, PAD64, ?, ?}.
// PAD64 characters can be only at 2 last positions.
//
FAIL(encX == PAD64);
FAIL(encY == PAD64);
//
// Decrese output length if pre-last character is PAD64.
//
if (encZ == PAD64)
{
//
// {?, ?, PAD64, ?} is incorrect package.
//
FAIL(encW != PAD64);
len--;
}
//
// Decrese once more if last character is PAD64.
//
if (encW == PAD64)
{
len--;
}
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Cannot decode base64 string.\n");
len = -1;
}
DBG_LEAVE("DecodeBase64");
return len;
}

96
contrib/win32/win32compat/lsa/Base64.h
View File

@ -1,96 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef Base64_H
#define Base64_H
#undef STRING
#include "Win64Fix.h"
#include <cstdio>
#include <ctype.h>
#include <cstring>
#include "Types.h"
#include "Debug.h"
//
// Base64 alphabet.
//
static const Char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
#define PAD64 '='
#define WRONG -1
//
// Reverse Base64 alphabet.
//
static const Char RevBase64[] =
{
//
// 0 1 2 3 4 5 6 7 8 9
//
0x0, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 000-009
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 010-019
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 020-029
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 030-039
WRONG, WRONG, WRONG, 0x3e, WRONG, WRONG, WRONG, 0x3f, 0x34, 0x35, // 040-049
0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, WRONG, WRONG, // 050-059
WRONG, PAD64, WRONG, WRONG, WRONG, 0x00, 0x01, 0x02, 0x03, 0x04, // 060-069
0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, // 070-079
0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, // 080-089
0x19, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, 0x1a, 0x1b, 0x1c, // 090-099
0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, // 100-109
0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, // 110-119
0x31, 0x32, 0x33, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 120-129
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 130-139
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 140-149
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 150-159
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 160-169
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 170-179
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 180-189
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 190-199
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 200-209
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 210-219
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 220-229
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 230-239
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, WRONG, // 240-249
WRONG, WRONG, WRONG, WRONG, WRONG, WRONG // 250-255
};
Int DecodeBase64(Char const *src, Char *dest, size_t targsize);
#endif

476
contrib/win32/win32compat/lsa/Debug.cpp
View File

@ -1,476 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "Debug.h"
//
// All code below is for debug version only.
//
#ifdef DEBUG
#include <cstdio>
#include <winnt.h>
#include <Lmcons.h>
#include <Lm.h>
#include <stdlib.h>
#include <ntsecapi.h>
#include <AccCtrl.h>
#include <Aclapi.h>
static Int DbgDeep = 0;
static Int DbgTreeMode = 1;
static Char DbgLogFile[MAX_PATH] = "C:\\tmp\\ssh-lsa.log";
//
// Initialize directory path, where debug log will be created.
//
void DbgInit(Char *unused)
{
Char processId[32];
//
// FIXME. Log are moved to standard temp dir due to bug realeted
// with paths longer than 55 chars in authentication packages list
// in registry key.
//
//
// Put current process ID as logfile extension.
//
sprintf(processId, "%u", (Unsigned Int) GetCurrentProcessId());
strcat(DbgLogFile, ".");
strcat(DbgLogFile, processId);
DBG_MSG("Log iniciated propertly.\n");
DBG_MSG("[Build " __DATE__ " " __TIME__ "]\n");
}
//
// Debug message for function entry.
//
void DbgEntry(const Char *funcName)
{
DbgMsg("-> %s()...\n", funcName);
DbgDeep += 3;
}
//
// Debug message for function leave.
//
void DbgLeave(const Char *funcName)
{
DbgDeep -= 3;
DbgMsg("<- %s()...\n", funcName);
}
//
// Write DbgDeep spaces for tree mode messages.
//
void DbgSpaces()
{
if (DbgTreeMode)
{
for (int i = 0; i < DbgDeep; i++)
{
DBG_MSG_NOLN(" ");
}
}
}
//
// Dump memory block to file.
//
void DbgDumpToFile(const Char *fname, void *ptr, Int size)
{
DbgMsg("-> DbgDumpToFile(%s)...\n", fname);
FILE *f = fopen(fname, "wb+");
fwrite(ptr, size, 1, f);
fclose(f);
}
//
// Print debug message.
//
void DbgMsg(const Char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
FILE *f = fopen(DbgLogFile, "at+");
if (f == NULL)
{
return;
}
SYSTEMTIME st;
Char msg[4096];
Char timeStr[256];
Char timeMsg[4096];
GetLocalTime(&st);
snprintf(timeStr, sizeof(timeStr), "%02d:%02d:%02d %03d",
st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
if (DbgTreeMode)
{
for (int i = 0; i < DbgDeep; i++)
{
strncat(timeStr, " ", sizeof(timeStr));
}
}
vsnprintf(msg, sizeof(msg), fmt, ap);
snprintf(timeMsg, sizeof(timeMsg), "[%d][%d] %s %s", (Int) GetCurrentProcessId(),
(Int) GetCurrentThreadId(), timeStr, msg);
fprintf(f, timeMsg);
/*
vfprintf(f, fmt, ap);
fprintf(f, "\n");
*/
fclose(f);
va_end(ap);
}
//
// Print debug message without extra new line character.
//
void DbgMsgNoLn(const Char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
FILE *f = fopen(DbgLogFile, "at+");
if (f == NULL)
{
return;
}
vfprintf(f, fmt, ap);
fclose(f);
va_end(ap);
}
//
// Print SID number to debug log.
//
void DbgPrintSid(const Char *pre, PSID pSid, const Char *post)
{
if (IsValidSid(pSid))
{
DWORD len = GetLengthSid(pSid);
BYTE *buf = (BYTE *) pSid;
DWORD i;
DbgSpaces();
DBG_MSG_NOLN("%s{", pre);
for (i = 0; i < len; i++)
{
DBG_MSG_NOLN("%x, ", buf[i]);
}
DBG_MSG_NOLN("}%s", post);
}
else
{
DBG_MSG_NOLN("%s{INCORRECT_SID}%s", pre, post);
}
}
//
// Print LUID number to debug log.
//
void DbgPrintLuid(const Char *pre, LUID luid, const Char *post)
{
DbgSpaces();
DBG_MSG_NOLN("%s{%x, %x}%s", pre, luid.LowPart, luid.HighPart, post);
}
//
// Print Token source to debug log.
//
void DbgPrintSource(const Char *pre, PTOKEN_SOURCE source, const Char *post)
{
DbgSpaces();
DBG_MSG_NOLN(pre);
for (int i = 0; i < 8; i++)
{
DBG_MSG_NOLN("%c", source -> SourceName[i]);
}
DBG_MSG_NOLN("{%x, %x}", source -> SourceIdentifier.LowPart,
source -> SourceIdentifier.HighPart);
DBG_MSG_NOLN(post);
}
//
// Print debug info about access token.
//
// token - handle to token (IN)
//
void DbgPrintToken(HANDLE token)
{
DBG_ENTRY("DbgPrintToken");
PTOKEN_USER pUserToken = NULL;
PTOKEN_GROUPS pGroupsToken = NULL;
PTOKEN_PRIVILEGES pPrivilegesToken = NULL;
PTOKEN_OWNER pOwnerToken = NULL;
PTOKEN_PRIMARY_GROUP pPrimaryGroupToken = NULL;
PTOKEN_SOURCE pSourceToken = NULL;
PTOKEN_DEFAULT_DACL pDaclToken = NULL;
DWORD cbSize = 0;
DWORD i = 0;
//
// Retrieve TOKEN_USER from token.
//
DBG_MSG("Retrieving TOKEN_USER...\n");
GetTokenInformation(token, TokenUser, NULL, 0, &cbSize);
pUserToken = (PTOKEN_USER) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenUser,
pUserToken, cbSize, &cbSize) == FALSE);
//
// Retrieve TOKEN_GROUP from token.
//
DBG_MSG("Retrieving TOKEN_GROUP...\n");
GetTokenInformation(token, TokenGroups, NULL, 0, &cbSize);
pGroupsToken = (PTOKEN_GROUPS) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenGroups,
pGroupsToken, cbSize, &cbSize) == FALSE);
//
// Retrieve TOKEN_PRIVILEGES from token.
//
DBG_MSG("Retrieving TOKEN_PRIVILEGES...\n");
GetTokenInformation(token, TokenPrivileges, NULL, 0, &cbSize);
pPrivilegesToken = (PTOKEN_PRIVILEGES) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenPrivileges,
pPrivilegesToken, cbSize, &cbSize) == FALSE);
//
// Retrieve TOKEN_OWNER from token.
//
DBG_MSG("Retrieving TOKEN_OWNER...\n");
GetTokenInformation(token, TokenOwner, NULL, 0, &cbSize);
pOwnerToken = (PTOKEN_OWNER) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenOwner,
pOwnerToken, cbSize, &cbSize) == FALSE);
//
// Retrieve TOKEN_PRIMARY GROUP from token.
//
DBG_MSG("Retrieving TOKEN_PRIMARY_GROUP...\n");
GetTokenInformation(token, TokenPrimaryGroup, NULL, 0, &cbSize);
pPrimaryGroupToken = (PTOKEN_PRIMARY_GROUP) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenPrimaryGroup,
pPrimaryGroupToken, cbSize, &cbSize) == FALSE);
//
// Retrieve TOKEN_DEFAULT_DACL from token.
//
DBG_MSG("Retrieving TOKEN_DEFAULT_DACL...\n");
GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &cbSize);
pDaclToken = (PTOKEN_DEFAULT_DACL) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenDefaultDacl,
pDaclToken, cbSize, &cbSize) == FALSE);
//
// Retrieve TOKEN_SOURCE from token.
//
DBG_MSG("Retrieving TOKEN_SOURCE...\n");
GetTokenInformation(token, TokenSource, NULL, 0, &cbSize);
pSourceToken = (PTOKEN_SOURCE) LocalAlloc(LPTR, cbSize);
FAIL(GetTokenInformation(token, TokenSource,
pSourceToken, cbSize, &cbSize) == FALSE);
//
// Print user SID
//
DbgPrintSid("UserSID = ", pUserToken -> User.Sid, "\n\n");
//
// Print TOKEN_GROUP list.
//
DBG_MSG("TOKEN_GROUP, SID list:\n");
for (i = 0; i < pGroupsToken -> GroupCount; i++)
{
DbgPrintSid(" ", pGroupsToken -> Groups[i].Sid, ", ");
DBG_MSG_NOLN(", %x\n\n", pGroupsToken -> Groups[i].Attributes);
}
//
// Print TOKEN_PRIVILEGES.
//
DBG_MSG("TOKEN_PRIVILEGES, LUID list:\n");
for (i = 0; i < pPrivilegesToken -> PrivilegeCount; i++)
{
DbgPrintLuid(" ", pPrivilegesToken -> Privileges[i].Luid, "");
DBG_MSG_NOLN(", %x\n\n", pPrivilegesToken -> Privileges[i].Attributes);
}
//
// Print Owner SID.
//
DbgPrintSid("OwnerSID = ", pOwnerToken -> Owner, "\n\n");
//
// Print Primary group SID.
//
DbgPrintSid("PrimaryGroupSID = ",
pPrimaryGroupToken -> PrimaryGroup, "\n\n");
//
// Print does any DEFAULT_DACL exists.
//
if (pDaclToken == NULL)
{
DBG_MSG("TOKEN_DEFAULT_DACL is NULL.\n");
}
else
{
DBG_MSG("TOKEN_DEFAULT_DACL is NOT NULL.\n");
}
//
// Print TOKEN_SOURCE.
//
DbgPrintSource("TOLEN_SOURCE = ", pSourceToken, "\n\n");
fail:
//
// Clean up.
//
LocalFree(pUserToken);
LocalFree(pGroupsToken);
LocalFree(pPrivilegesToken);
LocalFree(pOwnerToken);
LocalFree(pPrimaryGroupToken);
LocalFree(pDaclToken);
LocalFree(pSourceToken);
DBG_LEAVE("DbgPrintToken");
}
#endif

140
contrib/win32/win32compat/lsa/Debug.h
View File

@ -1,140 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef Debug_H
#define Debug_H
#undef STRING
#include <windows.h>
#include "Types.h"
//
// #define DEBUG flag to enable compilation of debug code.
//
#define DEBUG
//
// Macros for errors catching.
//
#define FAIL(CONDITION) if(CONDITION) goto fail
#define FAILEX(X, ...) if(X) {DBG_MSG(__VA_ARGS__); goto fail;}
#define NTFAIL(NTFUNC) if((ntStat = (NTFUNC))) goto fail
//
// Macros and functions for debug messages.
//
#ifdef DEBUG
#define DBG_INIT(PATH) DbgInit(PATH)
#define DBG_ENTRY(FUNC_NAME) DbgEntry(FUNC_NAME)
#define DBG_ENTER(FUNC_NAME) DbgEntry(FUNC_NAME)
#define DBG_LEAVE(FUNC_NAME) DbgLeave(FUNC_NAME)
#ifndef __VS_BUILD__
#define DBG_MSG(FMT, ARGS...) DbgMsg(FMT, ## ARGS)
#define DBG_MSG_NOLN(FMT, ARGS...) DbgMsgNoLn(FMT, ## ARGS)
#else
#define DBG_MSG(FMT, ...) DbgMsg(FMT, __VA_ARGS__)
#define DBG_MSG_NOLN(FMT, ...) DbgMsgNoLn(FMT, __VA_ARGS__)
#endif
#define DBG_DUMP_TO_FILE(fname, ptr, size) //DbgDumpToFile(fname, ptr, size)
#define DBG_PRINT_TOKEN(token) DbgPrintToken(token)
#define DBG_SET_TREE_MODE(state) DbgTreeMode = state
void DbgInit(Char *unused);
void DbgEntry(const Char *funcName);
void DbgLeave(const Char *funcName);
void DbgMsg(const Char *fmt, ...);
void DbgMsgNoLn(const Char *fmt, ...);
void DbgPrintToken(HANDLE token);
void DbgPrintSid(const Char *pre, PSID pSid, const Char *post);
void DbgPrintLuid(const Char *pre, LUID luid, const Char *post);
void DbgDumpToFile(const Char *fname, void *ptr, Int size);
#else
//
// When no debug, we define only "ghost function" macros.
//
#define DBG_INIT(PATH)
#define DBG_ENTRY(FUNC_NAME)
#define DBG_ENTER(FUNC_NAME)
#define DBG_LEAVE(FUNC_NAME)
#define DBG_MSG(FMT, ARGS...)
#define DBG_MSG_NOLN(FMT, ARGS...)
#define DBG_DUMP_TO_FILE(fname, ptr, size)
#define DBG_PRINT_TOKEN(token)
#define DBG_SET_TREE_MODE(state)
#define DbgPrintToken(token)
#define DbgPrintSid(pre, pSid, post)
#define DbgPrintLuid(pre, luid, post)
#define DbgDumpToFile(fname, ptr, size)
#endif
#endif

825
contrib/win32/win32compat/lsa/DeskRight.cpp
View File

@ -1,825 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "DeskRight.h"
/*
* Retrieve SID from access token.
*
* hToken - access token (IN)
* psid - user's SID (OUT)
*
* RETURNS: TRUE if OK.
*/
BOOL ObtainSid(HANDLE hToken, PSID *psid)
{
DBG_ENTER("ObtainSid");
BOOL bSuccess = FALSE;
DWORD dwIndex;
DWORD dwLength = 0;
TOKEN_INFORMATION_CLASS tic = TokenGroups;
PTOKEN_GROUPS ptg = NULL;
/*
* determine the size of the buffer
*/
if (!GetTokenInformation(hToken, tic, (LPVOID) ptg, 0, &dwLength))
{
FAIL(GetLastError() != ERROR_INSUFFICIENT_BUFFER);
ptg = (PTOKEN_GROUPS) HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, dwLength);
FAIL(ptg == NULL);
}
/*
* obtain the groups the access token belongs to
*/
FAIL(GetTokenInformation(hToken, tic, (LPVOID) ptg,
dwLength, &dwLength) == FALSE);
/*
* determine which group is the logon sid
*/
for (dwIndex = 0; dwIndex < ptg -> GroupCount; dwIndex++)
{
if ((ptg -> Groups[dwIndex].Attributes & SE_GROUP_LOGON_ID) == SE_GROUP_LOGON_ID)
{
/*
* determine the length of the sid
*/
dwLength = GetLengthSid(ptg -> Groups[dwIndex].Sid);
/*
* allocate a buffer for the logon sid
*/
*psid = (PSID) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength);
FAIL(*psid == NULL);
/*
* obtain a copy of the logon sid
*/
FAIL(CopySid(dwLength, *psid, ptg -> Groups[dwIndex].Sid) == FALSE);
/*
* Break out of the loop because the logon sid has been
* found.
*/
break;
}
}
/*
* Indicate success.
*/
bSuccess = TRUE;
fail:
/*
* Free the buffer for the token group.
*/
if (ptg != NULL)
{
HeapFree(GetProcessHeap(), 0, (LPVOID)ptg);
}
DBG_LEAVE("ObtainSid");
return bSuccess;
}
/*
* Gives or removes user rights to use given WinStation object.
*
* WARNING. This rights is given only for login session, i.e,
* acount's properties are not be changed.
*
* hwinsta - handle to WindowsStation object (IN)
* psid - pointer to user's SID (IN)
* mode - 1 for add, 0 for remove right (IN)
*
* RETURNS: TRUE if OK.
*/
BOOL ModifyTheAceWindowStation(HWINSTA hwinsta, PSID psid, int mode)
{
DBG_ENTER("ModifyTheAceWindowStation");
ACCESS_ALLOWED_ACE *pace = NULL;
ACL_SIZE_INFORMATION aclSizeInfo;
BOOL bDaclExist;
BOOL bDaclPresent;
BOOL bSuccess = FALSE;
DWORD dwNewAclSize;
DWORD dwSidSize = 0;
DWORD dwSdSizeNeeded;
PACL pacl;
PACL pNewAcl = NULL;
PSECURITY_DESCRIPTOR psd = NULL;
PSECURITY_DESCRIPTOR psdNew = NULL;
ACCESS_ALLOWED_ACE *pTempAce;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
unsigned int i;
/*
* is input SID valid?
*/
DBG_MSG("Testing is SID valid...");
FAIL(psid == NULL);
FAIL(IsValidSid(psid) == FALSE);
/*
* obtain the dacl for the windowstation
*/
DBG_MSG("GetUserObjectSecurity()...");
if (!GetUserObjectSecurity(hwinsta, &si, psd, dwSidSize, &dwSdSizeNeeded))
{
FAIL(GetLastError() != ERROR_INSUFFICIENT_BUFFER);
psd = (PSECURITY_DESCRIPTOR) HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
dwSdSizeNeeded);
FAIL(psd == NULL);
psdNew = (PSECURITY_DESCRIPTOR) HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
dwSdSizeNeeded);
FAIL(psdNew == NULL);
dwSidSize = dwSdSizeNeeded;
FAIL(GetUserObjectSecurity(hwinsta, &si, psd,
dwSidSize, &dwSdSizeNeeded) == FALSE);
}
/*
* Create a new dacl.
*/
DBG_MSG("InitializeSecurityDescriptor()...");
FAIL(InitializeSecurityDescriptor(psdNew, SECURITY_DESCRIPTOR_REVISION) == FALSE);
/*
* get dacl from the security descriptor.
*/
DBG_MSG("GetSecurityDescriptorDacl()...");
FAIL(GetSecurityDescriptorDacl(psd, &bDaclPresent, &pacl, &bDaclExist) == FALSE);
/*
* Initialize.
*/
ZeroMemory(&aclSizeInfo, sizeof(ACL_SIZE_INFORMATION));
aclSizeInfo.AclBytesInUse = sizeof(ACL);
/*
* Call only if the dacl is not NULL.
*/
if (pacl != NULL)
{
/*
* Get the file ACL size info.
*/
DBG_MSG("GetAclInformation()...");
FAIL(GetAclInformation(pacl, (LPVOID) &aclSizeInfo,
sizeof(ACL_SIZE_INFORMATION),
AclSizeInformation) == FALSE);
}
/*
* Compute the size of the new acl.
*/
DBG_MSG("Calculating dwNewAclSize...");
dwNewAclSize = aclSizeInfo.AclBytesInUse;
if (mode == ADD_RIGHT)
{
dwNewAclSize = dwNewAclSize + (2 * GetLengthSid(psid))
+ (2 * sizeof(ACCESS_ALLOWED_ACE))
- (2 * sizeof(DWORD));
}
else
{
dwNewAclSize = dwNewAclSize + (2 * GetLengthSid(psid))
- (2 * sizeof(ACCESS_ALLOWED_ACE))
+ (2 * sizeof(DWORD));
}
DBG_MSG("dwNewAclSize = %d", dwNewAclSize);
/*
* Allocate memory for the new acl.
*/
DBG_MSG("HeapAlloc()...");
pNewAcl = (PACL) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwNewAclSize);
FAIL(pNewAcl == NULL);
/*
* Initialize the new dacl.
*/
DBG_MSG("InitializeAcl()...");
FAIL(InitializeAcl(pNewAcl, dwNewAclSize, ACL_REVISION) == FALSE);
/*
* If DACL is present, copy it to a new DACL.
*/
if (bDaclPresent)
{
/*
* Copy the ACEs from old to new ACL.
*/
if (aclSizeInfo.AceCount)
{
DBG_MSG("aclSizeInfo.AceCount = %d", aclSizeInfo.AceCount);
for (i = 0; i < aclSizeInfo.AceCount; i++)
{
/*
* Get next ACE from old ACL.
*/
FAIL(GetAce(pacl, i, (void **) &pTempAce) == FALSE);
/*
* Add the ACE to the new ACL.
*
* We copy all original list for RIGHT_ADD mode and
* skip ACE with given input SID in RIGHT_REMOVE mode.
*/
if (mode == ADD_RIGHT || EqualSid(psid, &pTempAce -> SidStart) == 0)
{
FAIL(AddAce(pNewAcl, ACL_REVISION, MAXDWORD, pTempAce,
((PACE_HEADER) pTempAce) -> AceSize) == FALSE);
}
}
}
}
if (mode == ADD_RIGHT)
{
/*
* Add the first ACE to the windowstation.
*/
pace = (ACCESS_ALLOWED_ACE *) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psid) - sizeof(DWORD));
FAIL(pace == NULL);
pace -> Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
pace -> Header.AceFlags = CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE;
pace -> Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psid) - sizeof(DWORD);
pace -> Mask = GENERIC_ACCESS;
DBG_MSG("CopySid()...");
FAIL(CopySid(GetLengthSid(psid), &pace -> SidStart, psid) == FALSE);
DBG_MSG("AddAce()...");
FAIL(AddAce(pNewAcl, ACL_REVISION, MAXDWORD,
(LPVOID)pace, pace -> Header.AceSize) == FALSE);
/*
* Add the second ACE to the windowstation.
*/
pace -> Header.AceFlags = NO_PROPAGATE_INHERIT_ACE;
pace -> Mask = WINSTA_ALL;
DBG_MSG("AddAce()...");
FAIL(AddAce(pNewAcl, ACL_REVISION, MAXDWORD,
(LPVOID) pace, pace -> Header.AceSize) == FALSE);
}
/*
* Set new dacl for the security descriptor.
*/
DBG_MSG("SetSecurityDescriptorDacl()...");
FAIL(SetSecurityDescriptorDacl(psdNew, TRUE, pNewAcl, FALSE) == FALSE);
/*
* Set the new security descriptor for the windowstation.
*/
DBG_MSG("SetUserObjectSecurity()...");
FAIL(SetUserObjectSecurity(hwinsta, &si, psdNew) == FALSE);
/*
* Indicate success.
*/
bSuccess = TRUE;
fail:
/*
* Free the allocated buffers.
*/
if (pace != NULL)
{
HeapFree(GetProcessHeap(), 0, (LPVOID)pace);
}
if (pNewAcl != NULL)
{
HeapFree(GetProcessHeap(), 0, (LPVOID)pNewAcl);
}
if (psd != NULL)
{
HeapFree(GetProcessHeap(), 0, (LPVOID)psd);
}
if (psdNew != NULL)
{
HeapFree(GetProcessHeap(), 0, (LPVOID)psdNew);
}
return bSuccess;
}
/*
* Gives ore removes user right to use given desktop.
*
* WARNING. This right is given only for login session, i.e,
* account's properties are not be changed.
*
* hdesk - handle to desktop (IN)
* psid - pointer to user's SID (IN)
* mode - 1 for add, 0 for remove (IN)
*
* RETURNS: TRUE if OK.
*/
BOOL ModifyTheAceDesktop(HDESK hdesk, PSID psid, int mode)
{
DBG_ENTER("ModifyTheAceDesktop");
ACL_SIZE_INFORMATION aclSizeInfo;
BOOL bDaclExist = FALSE;
BOOL bDaclPresent = FALSE;
BOOL bSuccess = FALSE;
DWORD dwNewAclSize = 0;
DWORD dwSidSize = 0;
DWORD dwSdSizeNeeded = 0;
PACL pacl = NULL;
PACL pNewAcl = NULL;
PSECURITY_DESCRIPTOR psd = NULL;
PSECURITY_DESCRIPTOR psdNew = NULL;
HANDLE procHeap = NULL;
ACCESS_ALLOWED_ACE *pTempAce;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
unsigned int i;
/*
* is input SID valid?
*/
DBG_MSG("Testing is SID valid...");
FAIL(psid == NULL);
FAIL(IsValidSid(psid) == FALSE);
/*
* Obtain process heap.
*/
procHeap = GetProcessHeap();
/*
* Obtain the security descriptor for the desktop object.
*/
DBG_MSG("GetUserObjectSecurity()...");
if (!GetUserObjectSecurity(hdesk, &si, psd,
dwSidSize, &dwSdSizeNeeded))
{
FAIL(GetLastError() != ERROR_INSUFFICIENT_BUFFER);
psd = (PSECURITY_DESCRIPTOR) HeapAlloc(procHeap,
HEAP_ZERO_MEMORY,
dwSdSizeNeeded);
FAIL(psd == NULL);
psdNew = (PSECURITY_DESCRIPTOR)HeapAlloc(procHeap,
HEAP_ZERO_MEMORY,
dwSdSizeNeeded);
FAIL(psdNew == NULL);
dwSidSize = dwSdSizeNeeded;
FAIL(GetUserObjectSecurity(hdesk, &si, psd, dwSidSize,
&dwSdSizeNeeded) == FALSE);
}
/*
* create a new security descriptor.
*/
DBG_MSG("InitializeSecurityDescriptor()...");
FAIL(InitializeSecurityDescriptor(psdNew,
SECURITY_DESCRIPTOR_REVISION) == FALSE);
/*
* obtain the dacl from the security descriptor.
*/
DBG_MSG("GetSecurityDescriptorDacl()...");
FAIL(GetSecurityDescriptorDacl(psd, &bDaclPresent,
&pacl, &bDaclExist) == FALSE);
/*
* Initialize.
*/
ZeroMemory(&aclSizeInfo, sizeof(ACL_SIZE_INFORMATION));
aclSizeInfo.AclBytesInUse = sizeof(ACL);
/*
* Call only if NULL dacl.
*/
if (pacl != NULL)
{
/*
* determine the size of the ACL info.
*/
DBG_MSG("GetAclInformation()..");
FAIL(GetAclInformation(pacl, (LPVOID)&aclSizeInfo,
sizeof(ACL_SIZE_INFORMATION),
AclSizeInformation) == FALSE);
}
/*
* Compute the size of the new acl.
*/
dwNewAclSize = aclSizeInfo.AclBytesInUse;
if (mode == ADD_RIGHT)
{
dwNewAclSize = dwNewAclSize + sizeof(ACCESS_ALLOWED_ACE)
+ GetLengthSid(psid) - sizeof(DWORD);
}
else
{
dwNewAclSize = dwNewAclSize - sizeof(ACCESS_ALLOWED_ACE)
- GetLengthSid(psid) + sizeof(DWORD);
}
/*
* Allocate buffer for the new acl.
*/
pNewAcl = (PACL) HeapAlloc(procHeap,
HEAP_ZERO_MEMORY, dwNewAclSize);
FAIL(pNewAcl == NULL);
/*
* Initialize the new acl.
*/
DBG_MSG("InitializeAcl()..");
FAIL(InitializeAcl(pNewAcl, dwNewAclSize, ACL_REVISION) == FALSE);
/*
* If DACL is present, copy it to a new DACL.
*/
if (bDaclPresent)
{
/*
* Copy the ACEs to our new ACL.
*/
if (aclSizeInfo.AceCount)
{
for (i = 0; i < aclSizeInfo.AceCount; i++)
{
/*
* Get next ACE from old ACL.
*/
FAIL(GetAce(pacl, i, (void **) &pTempAce) == FALSE);
/*
* Add the ACE to the new ACL.
*
* We copy all original list for RIGHT_ADD mode and
* skip ACE with given input SID in RIGHT_REMOVE mode.
*/
if (mode == ADD_RIGHT || EqualSid(psid, &pTempAce -> SidStart) == 0)
{
FAIL(AddAce(pNewAcl, ACL_REVISION, MAXDWORD, pTempAce,
((PACE_HEADER) pTempAce) -> AceSize) == FALSE);
}
}
}
}
if (mode == ADD_RIGHT)
{
/*
* Add one additional ace to the dacl.
*/
DBG_MSG("AccessAllowedAce()...");
FAIL(AddAccessAllowedAce(pNewAcl, ACL_REVISION,
DESKTOP_ALL, psid) == FALSE);
}
/*
* Set new dacl to the new security descriptor.
*/
DBG_MSG("AddSecurityDescriptiorDacl()..");
FAIL(SetSecurityDescriptorDacl(psdNew, TRUE, pNewAcl, FALSE) == FALSE);
/*
* Set the new security descriptor for the desktop object.
*/
DBG_MSG("SetUserObjectSecurity()..");
FAIL(SetUserObjectSecurity(hdesk, &si, psdNew) == FALSE);
/*
* Indicate success.
*/
bSuccess = TRUE;
fail:
/*
* Free buffers.
*/
DBG_MSG("Freeing buffers...");
if (pNewAcl != NULL)
{
HeapFree(procHeap, 0, (LPVOID) pNewAcl);
}
if (psd != NULL)
{
HeapFree(procHeap, 0, (LPVOID) psd);
}
if (psdNew != NULL)
{
HeapFree(procHeap, 0, (LPVOID) psdNew);
}
DBG_LEAVE("AddTheAceDesktop");
return bSuccess;
}
void RemoveSid(PSID *psid)
{
HeapFree(GetProcessHeap(), 0, (LPVOID) *psid);
}
/*
* Gives user rights to use 'WinStation0' and 'default' desktop.
*
* psid - pointer to SID for acount SID (IN)
* mode - 1 for add, 0 for remove (IN)
*
* RETURNS: 0 if OK.
*/
int ModifyRightsToDesktopBySid(PSID psid, int mode)
{
DBG_ENTER("ModifyRightsToDesktopBySid");
HDESK hdesk = NULL;
HWINSTA hwinsta = NULL;
int exitCode = -1;
/*
* obtain a handle to the interactive windowstation.
*/
DBG_MSG("OpenWindowStation()...");
hwinsta = OpenWindowStation((PCHAR) "winsta0", FALSE, READ_CONTROL | WRITE_DAC);
FAIL(hwinsta == NULL);
DBG_MSG("GetProcessWindowStation()...");
/*
* Set the windowstation to winsta0 so that you obtain the
* correct default desktop.
*/
DBG_MSG("SetProcessWindowStation()...");
FAIL(!SetProcessWindowStation(hwinsta));
/*
* Obtain a handle to the "default" desktop.
*/
DBG_MSG("OpenDesktop()...");
hdesk = OpenDesktop((PCHAR) "default", 0, FALSE, READ_CONTROL | WRITE_DAC |
DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS);
FAIL(hdesk == NULL);
/*
* Add the user to interactive windowstation.
*/
DBG_MSG("ModifyTheAceWindowStation()...");
FAIL(!ModifyTheAceWindowStation(hwinsta, psid, mode));
/*
* Add user to "default" desktop.
*/
DBG_MSG("AddTheAceDesktop()...");
FAIL(!ModifyTheAceDesktop(hdesk, psid, mode));
exitCode = 0;
fail:
/*
* Close the handles to the interactive windowstation and desktop.
*/
DBG_MSG("CloseWindowStation()...");
if (hwinsta)
{
CloseWindowStation(hwinsta);
}
DBG_MSG("CloseDesktop()...");
if (hdesk)
{
CloseDesktop(hdesk);
}
DBG_LEAVE("ModifyRightsToDesktopBySid");
return exitCode;
}
/*
* Gives or removes user rights to use 'WinStation0' and 'default' desktop.
*
* hToken - logged user's token (IN)
* mode - 1 for add, 0 for remove (IN)
*
* RETURNS: 0 if OK.
*/
int ModifyRightsToDesktop(HANDLE hToken, int mode)
{
DBG_ENTER("ModifyRightsToDesktop");
PSID psid = NULL;
int exitCode = -1;
/*
* Obtain the logon sid of the user fester.
*/
DBG_MSG("ObtainSid()...");
FAIL(!ObtainSid(hToken, &psid));
FAIL(ModifyRightsToDesktopBySid(psid, mode));
if (psid)
{
RemoveSid(&psid);
}
exitCode = 0;
fail:
DBG_LEAVE("ModifyRightsToDesktop");
return exitCode;
}

63
contrib/win32/win32compat/lsa/DeskRight.h
View File

@ -1,63 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef DeskRight_H
#define DeskRight_H
#include "Debug.h"
#include <windows.h>
#define ADD_RIGHT 1
#define REMOVE_RIGHT 0
#define WINSTA_ALL (WINSTA_ACCESSCLIPBOARD | WINSTA_ACCESSGLOBALATOMS | \
WINSTA_CREATEDESKTOP | WINSTA_ENUMDESKTOPS | \
WINSTA_ENUMERATE | WINSTA_EXITWINDOWS | \
WINSTA_READATTRIBUTES | WINSTA_READSCREEN | \
WINSTA_WRITEATTRIBUTES | DELETE | \
READ_CONTROL | WRITE_DAC | \
WRITE_OWNER)
#define DESKTOP_ALL (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | \
DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | \
DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | \
DESKTOP_WRITEOBJECTS | DELETE | \
READ_CONTROL | WRITE_DAC | \
WRITE_OWNER)
#define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL)
int ModifyRightsToDesktop(HANDLE hToken, int mode);
int ModifyRightsToDesktopBySid(PSID psid, int mode);
#endif

687
contrib/win32/win32compat/lsa/Key.cpp
View File

@ -1,687 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef __VS_BUILD__
#include <Windows.h>
#include <LsaLookup.h>
#include <Ntsecapi.h>
#endif
#include "Key.h"
#ifdef __VS_BUILD__
#ifdef __cplusplus
extern "C" {
#endif
#endif // __VS_BUILD__
extern LSA_SECPKG_FUNCTION_TABLE LsaApi;
#ifdef __VS_BUILD__
#ifdef __cplusplus
}
#endif
#endif
#ifdef DYNAMIC_OPENSSL
extern SSLFuncList DynSSL;
#endif
//
// Decode base64 key, readed from 'authorized_keys' file.
//
// key - decoded key (OUT)
// p - pointer to buffer, where encoded key stored (IN)
//
// RETURNS: 0 if OK.
//
Int DecodeBase64Key(Key *&key, Char *p)
{
DBG_ENTRY("DecodeBase64Key");
Int exitCode = 1;
Char encoded[MAX_KEYLINE_SIZE + 1] = {0};
Char pkBlob[MAX_KEY_BLOB] = {0};
Int len = 0;
//
// Check args.
//
DBG_MSG("Checking args...\n");
FAIL(p == NULL);
FAIL(p[0] == '\0');
//
// Skip key type in text form.
//
DBG_MSG("Skipping plain text key type...\n");
p = strchr(p, ' ');
FAIL(p == NULL);
p++;
//
// decode key blob.
//
len = strlen(p);
strncpy(encoded, p, len);
encoded[len] = 0;
//
// Put zero byte at the first white char after key data started.
//
p = encoded;
SkipWhite(p);
GotoWhite(p);
p[0] = '\0';
//
// Decode base64 key blob.
//
DBG_MSG("Decoding base64 key blob...\n");
len = DecodeBase64(encoded, pkBlob, MAX_KEY_BLOB);
FAIL(len < 0);
//
// Try to create new key using decoded key blob.
//
DBG_MSG("Creating key from blob...\n");
FAIL(KeyFromBlob(key, (BYTE *) pkBlob, len));
//DBG_DUMP_TO_FILE("c:/tmp/pkBlob.dat", pkBlob, MAX_KEY_BLOB);
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Cannot decode auth-key from buffer.\n");
}
DBG_LEAVE("DecodeBase64Key");
return exitCode;
}
//
// Compares two key.
//
// key1 - first key to compare (IN)
// key2 - second key to compare (IN)
//
// RETURNS: 0 if keys are equals.
//
Int KeyCompare(const Key *key1, const Key *key2)
{
DBG_ENTRY("KeyCompare");
Int exitCode = 1;
FAIL(key1 == NULL);
FAIL(key2 == NULL);
FAIL(key1 -> type != key2 -> type);
switch (key1 -> type)
{
case KEY_RSA1:
case KEY_RSA:
{
FAIL(key1 -> rsa == NULL);
FAIL(key2 -> rsa == NULL);
FAIL(OPENSSL(BN_cmp(key1 -> rsa -> e, key2 -> rsa -> e)) != 0);
FAIL(OPENSSL(BN_cmp(key1 -> rsa -> n, key2 -> rsa -> n)) != 0);
break;
}
case KEY_DSA:
{
FAIL(key1 -> dsa == NULL);
FAIL(key2 -> dsa == NULL);
FAIL(OPENSSL(BN_cmp(key1 -> dsa -> p, key2 -> dsa -> p)) != 0);
FAIL(OPENSSL(BN_cmp(key1 -> dsa -> q, key2 -> dsa -> q)) != 0);
FAIL(OPENSSL(BN_cmp(key1 -> dsa -> g, key2 -> dsa -> g)) != 0);
FAIL(OPENSSL(BN_cmp(key1 -> dsa -> pub_key, key2 -> dsa -> pub_key)) != 0);
break;
}
default:
{
DBG_MSG("KeyCompare : Unknown key type.\n");
FAIL(1);
}
}
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("KeyCompare : NOT equal.\n");
}
else
{
DBG_MSG("KeyCompare : OK.\n");
}
DBG_LEAVE("KeyCompare");
return exitCode;
}
//
// Search for given key in given file.
//
// fname - file name, where to search (IN)
// patterKey - key pattern, what to search (IN)
//
// RETURNS: 0 if key founded.
//
Int FindKeyInFile(const wchar_t *fname, Key *patternKey)
{
DBG_ENTRY("FindKeyInFile");
Int exitCode = 1;
Char line[MAX_KEYLINE_SIZE];
Int notFound = 1;
FILE *f = NULL;
//
// Open file with keys.
//
DBG_MSG("Opening [%ls] file...\n", fname);
FAIL(fname == NULL);
f = _wfopen(fname, L"rt");
FAIL(f == NULL);
//
// Search for key in file. Key are stored in lines.
//
DBG_MSG("Searching for line with given key...\n");
while(notFound && fgets(line, MAX_KEYLINE_SIZE, f))
{
Char *p = line;
Key *readedKey = NULL;
Int decodeError = 1;
SkipWhite(p);
switch(p[0])
{
//
// # means key is commented.
// 0 and \n means empty line.
//
case '\0':
case '\n':
case '#':
{
DBG_MSG("Skipping empty or commented line...\n");
break;
}
//
// Try to decode key from line.
//
default:
{
decodeError = DecodeBase64Key(readedKey, p);
//
// If reading key fails, try to skip options before key.
//
if (decodeError)
{
DBG_MSG("Trying to skip options block before key...\n");
Int quoted = 0;
for (; *p && (quoted || (*p != ' ' && *p != '\t')); p++)
{
if (*p == '\\' && p[1] == '"')
{
p++;
}
else if (*p == '"')
{
quoted = !quoted;
}
}
//
// Try to read again, after potentially options block skipped.
//
SkipWhite(p);
decodeError = DecodeBase64Key(readedKey, p);
}
//
// If key readed and decoded try to match with pattern key.
//
if (decodeError == 0)
{
notFound = KeyCompare(readedKey, patternKey);
FreeKey(readedKey);
}
}
}
}
exitCode = notFound;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Pattern key not found.\n");
}
if (f)
{
fclose(f);
}
DBG_LEAVE("FindKeyInFile");
return exitCode;
}
//
// Translate key type name to number.
//
// name - type name (IN)
//
// RETURNS: type number corresponding to given name.
//
Int KeyTypeFromName(const Char *name)
{
if (StringCompare(name, "rsa1") == 0)
{
return KEY_RSA1;
}
if (StringCompare(name, "rsa") == 0)
{
return KEY_RSA;
}
if (StringCompare(name, "dsa") == 0)
{
return KEY_DSA;
}
if (StringCompare(name, "ssh-rsa") == 0)
{
return KEY_RSA;
}
if (StringCompare(name, "ssh-dss") == 0)
{
return KEY_DSA;
}
return KEY_UNSPEC;
}
//
// Allocate new Key struct and BigNum fields for specific Key type.
//
// key - pointer to new allocated key (OUT)
// type - key type (RSA/DSA) (IN)
//
// RETURNS: 0 if OK.
//
Int AllocKey(Key *&key, Int type)
{
DBG_ENTRY("AllocKey");
Int exitCode = 1;
//
// Allocate new key struct.
//
DBG_MSG("Allocating Key struct...\n");
key = (Key *) LsaApi.AllocateLsaHeap(sizeof(Key));
FAIL(key == NULL);
ZeroMemory(key, sizeof(Key));
key -> type = type;
key -> dsa = NULL;
key -> rsa = NULL;
switch (key -> type)
{
//
// Allocate new RSA key.
//
case KEY_RSA1:
case KEY_RSA:
{
//
// Allocate new RSA struct.
//
DBG_MSG("Allocating new RSA key...\n");
key -> rsa = OPENSSL(RSA_new());
FAIL(key -> rsa == NULL);
//
// Allcoate new BigNumber fields for RSA key.
//
DBG_MSG("Allocating BigNum fields in RSA...\n");
key -> rsa -> n = OPENSSL(BN_new());
key -> rsa -> e = OPENSSL(BN_new());
FAIL(key -> rsa -> e == NULL);
FAIL(key -> rsa -> n == NULL);
break;
}
//
// Allocate new DSA key.
//
case KEY_DSA:
{
//
// Allocate new DSA struct.
//
DBG_MSG("Allocating new DSA key...\n");
key -> dsa = OPENSSL(DSA_new());
FAIL(key -> dsa == NULL);
//
// Allcoate new BigNumber fields for DSA key.
//
DBG_MSG("Allocating BigNum fields in DSA...\n");
key -> dsa -> p = OPENSSL(BN_new());
key -> dsa -> q = OPENSSL(BN_new());
key -> dsa -> g = OPENSSL(BN_new());
key -> dsa -> pub_key = OPENSSL(BN_new());
FAIL(key -> dsa -> p == NULL);
FAIL(key -> dsa -> q == NULL);
FAIL(key -> dsa -> g == NULL);
FAIL(key -> dsa -> pub_key == NULL);
break;
}
default:
{
DBG_MSG("ERROR. Key type not recognised (%u).\n", type);
FAIL(1);
}
}
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Cannot create new key.\n");
}
DBG_LEAVE("AllocKey");
return exitCode;
}
//
// Free Key struct.
//
// key - key to free (IN)
//
void FreeKey(Key *key)
{
DBG_ENTRY("FreeKey");
if (key)
{
switch (key -> type)
{
case KEY_RSA1:
case KEY_RSA:
{
if (key -> rsa != NULL)
{
OPENSSL(RSA_free(key -> rsa));
key -> rsa = NULL;
break;
}
}
case KEY_DSA:
{
if (key -> dsa != NULL)
{
OPENSSL(DSA_free(key -> dsa));
key -> dsa = NULL;
break;
}
}
}
LsaApi.FreeLsaHeap(key);
}
DBG_LEAVE("FreeKey");
}
//
// Allocate and initialize new Key from pkBlob buffer.
//
// key - new, created key (OUT)
// blob - public key blob buffer (IN)
// blen - size of blob buffer in bytes (IN)
//
// RETURNS: 0 if OK.
//
Int KeyFromBlob(Key *&key, Unsigned Char *blob, Unsigned Int blen)
{
DBG_ENTRY("KeyFromBlob");
//DBG_DUMP_TO_FILE("c:/tmp/pkBlob.dat", blob, blen);
Int exitCode = 1;
Int type = 0;
Char *ktype = NULL;
Unsigned Int bytesInBlob = blen;
Unsigned Int cbSize = 0;
key = NULL;
//
// Retrieve key type from blob.
//
DBG_MSG("Retrieving key type from blob...\n");
FAIL(PopString(&ktype, cbSize, blob, bytesInBlob));
FAIL(ktype == NULL);
//
// Convert type name to Int.
//
type = KeyTypeFromName(ktype);
//
// Retrieve Key body from blob.
//
switch (type)
{
case KEY_RSA:
{
DBG_MSG("Allocating new RSA key...\n");
FAIL(AllocKey(key, type));
DBG_MSG("Retrieving RSA {e, n} big numbers...\n");
FAIL(PopBigNum(key -> rsa -> e, blob, bytesInBlob));
FAIL(PopBigNum(key -> rsa -> n, blob, bytesInBlob));
break;
}
case KEY_DSA:
{
DBG_MSG("Allocating new DSA key...\n");
FAIL(AllocKey(key, type));
DBG_MSG("Retrieving DSA {p, q, g, pub_key}, big numbers...\n");
FAIL(PopBigNum(key -> dsa -> p, blob, bytesInBlob));
FAIL(PopBigNum(key -> dsa -> q, blob, bytesInBlob));
FAIL(PopBigNum(key -> dsa -> g, blob, bytesInBlob));
FAIL(PopBigNum(key -> dsa -> pub_key, blob, bytesInBlob));
break;
}
default:
{
FAIL(1);
}
}
//
// Does any bytes remain in blob buffer?
//
DBG_MSG("%u bytes remaining in key blob.\n", bytesInBlob);
FAIL(bytesInBlob != 0);
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Cannot create key from blob.\n");
FreeKey(key);
}
LsaApi.FreeLsaHeap(ktype);
DBG_LEAVE("KeyFromBlob");
return exitCode;
}

94
contrib/win32/win32compat/lsa/Key.h
View File

@ -1,94 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef Key_H
#define Key_H
#undef STRING
#include "Win64Fix.h"
#include <openssl/crypto.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <cstring>
#include <cstdio>
#include <windows.h>
#include <NTSecPkg.h>
#include "Types.h"
#include "String.h"
#include "Base64.h"
#include "Utils.h"
#include "PopBinary.h"
#include "Debug.h"
#include "SSLFix.h"
#define MAX_KEYLINE_SIZE 8192
#define MAX_KEY_BLOB (2 * MAX_KEYLINE_SIZE)
enum types
{
KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_UNSPEC
};
struct Key
{
Int type;
Int flags;
RSA *rsa;
DSA *dsa;
};
Int AllocKey(Key *&key, Int type);
void FreeKey(Key *key);
Int KeyFromBlob(Key *&key, BYTE *blob, Unsigned Int blen);
Int FindKeyInFile(const wchar_t *fname, Key *patternKey);
#endif

626
contrib/win32/win32compat/lsa/KeyAuth.cpp
View File

@ -1,626 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "KeyAuth.h"
#ifdef __VS_BUILD__
#ifdef __cplusplus
extern "C" {
#endif
#endif // __VS_BUILD__
extern LSA_SECPKG_FUNCTION_TABLE LsaApi;
#ifdef __VS_BUILD__
#ifdef __cplusplus
}
#endif
#endif
#ifdef DYNAMIC_OPENSSL
extern SSLFuncList DynSSL;
#endif
//
// Perform DSA Key verification.
//
// key - DSA key to verification (IN)
// sign - signature (IN)
// signSize - size of sign in bytes (IN)
// data - ??
// dataSize - size of data int bytes (IN)
// dataFellows - ?? This is copy of global variable from sshd (IN)
//
// RETURNS: 0 if OK.
//
Int VerifyDsaKey(const Key *key, Unsigned Char *sign,
Unsigned Int signSize, const Unsigned Char *data,
Unsigned Int dataSize, Int dataFellows)
{
DBG_ENTRY("VerifyDsaKey");
Int exitCode = 1;
DSA_SIG *sig = NULL;
const EVP_MD *evp_md = OPENSSL(EVP_sha1());
EVP_MD_CTX md;
Unsigned Char digest[EVP_MAX_MD_SIZE];
Unsigned Char *sigblob = NULL;
Char *ktype = NULL;
Unsigned Int len = 0;
Unsigned Int dlen = 0;
Unsigned Int cbSize = 0;
Unsigned Int bytesInSign = signSize;
//
// Are args correct?
//
DBG_MSG("Checking args...\n");
FAIL(key == NULL);
FAIL(key -> type != KEY_DSA);
FAIL(key -> dsa == NULL);
//
// fetch signature
//
if (dataFellows & SSH_BUG_SIGBLOB)
{
sigblob = (Unsigned Char *) LsaApi.AllocateLsaHeap(signSize);
memcpy(sigblob, sign, signSize);
len = signSize;
}
else
{
//
// Is signature type 'ssh-dss' ?
//
DBG_MSG("Checking signature type...\n");
FAIL(PopString(&ktype, cbSize, sign, bytesInSign));
FAIL(ktype == NULL);
FAIL(StringCompare("ssh-dss", ktype) != 0);
//
// Retrieve signature blob.
//
DBG_MSG("Retrieving signature blob from buffer...\n");
FAIL(PopString((Char **) &sigblob, len, sign, bytesInSign));
//
// Does any data still remain in signature bufer?
//
DBG_MSG("Checking does any data still remain"
" in signature buffer [%u]...\n", bytesInSign);
FAIL(bytesInSign != 0);
}
//
// Is signature blob is correct?
//
DBG_MSG("Checking signature blob size "
"[len = %u, SIGBLOB_LEN = %u]...\n", len, SIGBLOB_LEN);
FAIL(len != SIGBLOB_LEN);
//
// parse signature
//
DBG_MSG("DSA_SIG_new()...\n");
sig = OPENSSL(DSA_SIG_new());
FAIL (sig == NULL);
DBG_MSG("BN_new()...\n");
sig -> r = OPENSSL(BN_new());
FAIL(sig -> r == NULL);
DBG_MSG("BN_new()...\n");
sig -> s = OPENSSL(BN_new());
FAIL(sig -> s == NULL);
//
//
//
DBG_MSG("BN_bin2bn()...\n");
FAIL(OPENSSL(BN_bin2bn(sigblob, INTBLOB_LEN, sig -> r) == NULL));
FAIL(OPENSSL(BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig -> s) == NULL));
//
// sha1 the data.
//
OPENSSL(EVP_DigestInit(&md, evp_md));
OPENSSL(EVP_DigestUpdate(&md, data, dataSize));
OPENSSL(EVP_DigestFinal(&md, digest, &dlen));
//
//
//
DBG_MSG("DSA_do_verify()...\n");
FAIL(OPENSSL(DSA_do_verify(digest, dlen, sig, key -> dsa) != 1));
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. VerifyDsaKey() failed.\n");
}
//
// Clean up.
//
ZeroMemory(digest, sizeof(digest));
ZeroMemory(sigblob, len);
if (sig)
{
OPENSSL(DSA_SIG_free(sig));
}
LsaApi.FreeLsaHeap(sigblob);
LsaApi.FreeLsaHeap(ktype);
DBG_LEAVE("VerifyDsaKey");
return exitCode;
}
//
// Decrypt given signature by given RSA key and compare result with given
// hash. It is the last step in Rsa verification.
//
// type - NID type for key (sha1/md5) (IN)
// hash - hash for comparing (IN)
// hashSize - size of hash buffer in bytes (IN)
// sigBuf - signature to decrypt (IN)
// sigSize - size of sigBuf in bytes (IN)
// rsa - RSA key struct (IN).
//
// RETURNS: 0 if OK.
//
Int DoRsaVerify(Int type, Unsigned Char *hash, Unsigned Int hashSize,
Unsigned Char *sigBuf, Unsigned Int sigSize, RSA *rsa)
{
DBG_ENTRY("DoRsaVerify");
Int exitCode = 1;
Unsigned Int rsaSize = 0;
Unsigned Int oidlen = 0;
Unsigned Int hlen = 0;
Int len = 0;
const Unsigned Char *oid = NULL;
Unsigned Char *decrypted = NULL;
switch (type)
{
//
// For SHA1 algorithm.
//
case NID_sha1:
{
oid = id_sha1;
oidlen = sizeof(id_sha1);
hlen = 20;
break;
}
//
// For MD5 algorithm.
//
case NID_md5:
{
oid = id_md5;
oidlen = sizeof(id_md5);
hlen = 16;
break;
}
default:
{
DBG_MSG("ERROR. Unknown NID (%u).\n", type);
FAIL(1);
}
}
//
// Does given hash length match to algorithm (sha1/md5) ?
//
DBG_MSG("Checking hash length...\n");
FAIL(hashSize != hlen);
//
// Does given signature length match to Key type?
//
DBG_MSG("Checking signature length...\n");
rsaSize = OPENSSL(RSA_size(rsa));
FAIL(sigSize == 0);
FAIL(sigSize > rsaSize);
//
// Allocate memory for decrypted data.
//
DBG_MSG("Allocating buffer for decrypted data...\n");
decrypted = (Unsigned Char *) LsaApi.AllocateLsaHeap(rsaSize);
FAIL(decrypted == NULL);
//
// Decrypt signature using given RSA key.
//
DBG_MSG("RSA_public_decrypt...\n");
len = OPENSSL(RSA_public_decrypt(sigSize, sigBuf, decrypted, rsa, RSA_PKCS1_PADDING));
FAIL(len < 0);
FAIL(UnsignedCast(len) != (hlen + oidlen));
//
// Compare oids.
//
DBG_MSG("Comparing oids...\n");
FAIL(memcmp(decrypted, oid, oidlen) != 0);
//
// Compare hashes.
//
DBG_MSG("Comparing hashes...\n");
FAIL(memcmp(decrypted + oidlen, hash, hlen) != 0);
exitCode = 0;
fail:
LsaApi.FreeLsaHeap(decrypted);
DBG_LEAVE("DoRsaVerify");
return exitCode;
}
//
// Perform RSA key verification.
//
// key - RSA key to verification (IN)
// sign - signature (IN)
// signSize - size of sign in bytes (IN)
// data - ??
// dataSize - size of data int bytes (IN)
// dataFellows - ?? This is copy of global variable from sshd (IN)
//
// RETURNS: 0 if OK.
//
Int VerifyRsaKey(const Key *key, Unsigned Char *sign, Int signSize,
Unsigned Char *data, Int dataSize, Int dataFellows)
{
DBG_ENTRY("VerifyRsaKey");
Int exitCode = 1;
const EVP_MD *evp_md;
EVP_MD_CTX md;
Char *ktype = NULL;
Unsigned Char digest[EVP_MAX_MD_SIZE];
Unsigned Char *sigblob = NULL;
Unsigned Char *sigblobOld = NULL;
Unsigned Int len = 0;
Unsigned Int dlen = 0;
Unsigned Int modlen = 0;
Unsigned Int nid = 0;
Unsigned Int cbSize = 0;
Unsigned Int bytesInSign = signSize;
//
// Are args correct?
//
DBG_MSG("Checking args...\n");
FAIL(key == NULL);
FAIL(key -> type != KEY_RSA);
FAIL(key -> rsa == NULL);
//
// Check is RSA modulus size not too small.
//
DBG_MSG("Checking RSA.n length...\n");
FAIL(OPENSSL(BN_num_bits(key -> rsa -> n) < SSH_RSA_MINIMUM_MODULUS_SIZE));
//
// Retrievie and check is signature type correct.
//
DBG_MSG("Checking signature type...\n");
//DBG_DUMP_TO_FILE("c:/tmp/sign.dat", sign, bytesInSign);
FAIL(PopString(&ktype, cbSize, sign, bytesInSign));
FAIL(StringCompare("ssh-rsa", ktype) != 0);
//
// Check signature size.
//
DBG_MSG("Checking signature size...\n");
FAIL(PopString((Char **) &sigblob, len, sign, bytesInSign));
FAIL(bytesInSign != 0);
//
// RSA_verify expects a signature of RSA_size.
//
DBG_MSG("Checking signature blob size....\n");
modlen = OPENSSL(RSA_size(key -> rsa));
FAIL(len > modlen);
//
// Adds zeros at begin of signature blob
// to makes RSA_size(key) == Size(SignatureBlob).
//
if (len < modlen)
{
Unsigned Int diff = modlen - len;
DBG_MSG("Adding %u zeros to signature (modlen = %u, len = %u)",
diff, modlen, len);
//
// Reallocate sigblob.
//
DBG_MSG("Reallocating sigblob buffer..."
"[oldSize = %u, newSize = %u]\n", len, modlen);
sigblobOld = sigblob;
sigblob = (Unsigned Char *) LsaApi.AllocateLsaHeap(modlen);
FAIL(sigblob == NULL);
memcpy(sigblob + diff, sigblobOld, len);
memset(sigblob, 0, diff);
len = modlen;
}
//
// ??
//
nid = (dataFellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
DBG_MSG("EVP_get_digestbynid(%u)...\n", nid);
DBG_MSG("OBJ_nid2sn(nid) = %s\n", OPENSSL(OBJ_nid2sn(nid)));
evp_md = OPENSSL(EVP_get_digestbyname(OPENSSL(OBJ_nid2sn(nid))));
DBG_MSG("digest = %p\n", evp_md);
FAIL(evp_md == NULL);
//
// ??
//
OPENSSL(EVP_DigestInit(&md, evp_md));
OPENSSL(EVP_DigestUpdate(&md, data, dataSize));
OPENSSL(EVP_DigestFinal(&md, digest, &dlen));
FAIL(DoRsaVerify(nid, digest, dlen, sigblob, len, key -> rsa));
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. VerifyRsaKey() failed.\n");
}
ZeroMemory(digest, sizeof(digest));
ZeroMemory(sigblob, len);
LsaApi.FreeLsaHeap(ktype);
LsaApi.FreeLsaHeap(sigblob);
LsaApi.FreeLsaHeap(sigblobOld);
DBG_LEAVE("VerifyRsaKey");
return exitCode;
}
//
// Perform RSA or DSA Key verification.
//
// key - key to verification (IN)
// sign - signature (IN)
// signSize - size of sign in bytes (IN)
// data - ??
// dataSize - size of data in bytes (IN)
// dataFellows - ?? This is copy of global variable from sshd (IN)
//
// RETURNS: 0 if OK.
//
Int VerifyKey(const Key *key, Unsigned Char *sign, Int signSize,
Unsigned Char *data, Int dataSize, Int dataFellows)
{
DBG_ENTRY("VerifyKey");
Int exitCode = 1;
//
// Check args.
//
DBG_MSG("Checking args...\n");
FAIL(sign == NULL);
FAIL(data == NULL);
FAIL(key == NULL);
FAIL(signSize == 0);
//
// For debug only.
//
//DBG_DUMP_TO_FILE("c:/tmp/sign.dat", sign, signSize);
//
// Verify RSA or DSA key.
//
switch (key -> type)
{
case KEY_DSA:
{
DBG_MSG("DSA Key detected...\n");
FAIL(VerifyDsaKey(key, sign, signSize, data, dataSize, dataFellows));
break;
}
case KEY_RSA:
{
DBG_MSG("RSA Key detected...\n");
FAIL(VerifyRsaKey(key, sign, signSize, data, dataSize, dataFellows));
break;
}
default:
{
DBG_MSG("ERROR. Key type not recognised.\n");
FAIL(1);
}
}
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Key authorization failed.\n");
}
DBG_LEAVE("VerifyKey");
return exitCode;
}

126
contrib/win32/win32compat/lsa/KeyAuth.h
View File

@ -1,126 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef KeyAuth_H
#define KeyAuth_H
#undef STRING
#ifdef __VS_BUILD__
#define UMDF_USING_NTSTATUS
#include <Windows.h>
#include <LsaLookup.h>
#include <Ntsecapi.h>
#endif
#include "Win64Fix.h"
#include <openssl/crypto.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <cstring>
#include <cstdio>
#include <windows.h>
#include <NTSecPkg.h>
#include "Types.h"
#include "String.h"
#include "PopBinary.h"
#include "Base64.h"
#include "Utils.h"
#include "Key.h"
#include "Debug.h"
#include "SSLFix.h"
#define SSH_BUG_SIGBLOB 0x00000001
#define SSH_BUG_RSASIGMD5 0x00002000
#define INTBLOB_LEN 20
#define SIGBLOB_LEN (2*INTBLOB_LEN)
//
// Minimum modulus size (n) for RSA keys.
//
#define SSH_RSA_MINIMUM_MODULUS_SIZE 768
static const Unsigned Char id_sha1[] =
{
0x30, 0x21, // type Sequence, length 0x21 (33)
0x30, 0x09, // type Sequence, length 0x09
0x06, 0x05, // type OID, length 0x05
0x2b, 0x0e, 0x03, 0x02, 0x1a, // id-sha1 OID
0x05, 0x00, // NULL
0x04, 0x14 // Octet string, length 0x14 (20),
// followed by sha1 hash
};
//
// id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
// rsadsi(113549) digestAlgorithm(2) 5 }
//
static const Unsigned Char id_md5[] =
{
0x30, 0x20, // type Sequence, length 0x20 (32)
0x30, 0x0c, // type Sequence, length 0x09
0x06, 0x08, // type OID, length 0x05
0x2a, 0x86, 0x48, 0x86, // id-md5
0xF7, 0x0D, 0x02, 0x05,
0x05, 0x00, // NULL
0x04, 0x10 // Octet string, length 0x10 (16),
// followed by md5 hash
};
Int VerifyKey(const Key *key, BYTE *sign, Int signSize,
BYTE *data, Int dataSize, Int dataFellows);
#endif

55
contrib/win32/win32compat/lsa/LsaString.h
View File

@ -1,55 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef LsaString_H
#define LsaString_H
#undef STRING
#include <windows.h>
#define SECURITY_WIN32
#include <security.h>
#include <Ntsecapi.h>
#include <NTSecPkg.h>
#include <ntstatus.h>
#include "Types.h"
#define FAIL(CONDITION) if(CONDITION) goto fail
#define NTFAIL(NTFUNC) if((ntStat = (NTFUNC))) goto fail
NTSTATUS LsaAllocUnicodeString(UNICODE_STRING **lsaStr, DWORD maxLen);
NTSTATUS FillUnicodeString(UNICODE_STRING *lsaStr, const Char *str);
void LsaFreeUnicodeString(UNICODE_STRING *lsaStr);
#endif

90
contrib/win32/win32compat/lsa/Makefile.mingw32
View File

@ -1,90 +0,0 @@
#/*
# * Author: NoMachine <developers@nomachine.com>
# *
# * Copyright (c) 2009, 2013 NoMachine
# * All rights reserved
# *
# * Support functions and system calls' replacements needed to let the
# * software run on Win32 based operating systems.
# *
# * Redistribution and use in source and binary forms, with or without
# * modification, are permitted provided that the following conditions
# * are met:
# *
# * 1. Redistributions of source code must retain the above copyright
# * notice, this list of conditions and the following disclaimer.
# * 2. Redistributions in binary form must reproduce the above copyright
# * notice, this list of conditions and the following disclaimer in the
# * documentation and/or other materials provided with the distribution.
# *
# * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# */
#
# Library name.
#
LIBRARY = ssh-lsa
#
# Sources list.
#
CXXSRC = Ssh-lsa.cpp LsaString.cpp Debug.cpp KeyAuth.cpp PopBinary.cpp \
Base64.cpp Utils.cpp Key.cpp DeskRight.cpp
#
# If You use Cygwin insead of pure MinGW tools, You need to ensure, that
# propertly OpenSSL libs are used (i.e. compiled with MinGW target).
#
LIBS = -L$(LIBSSL_PATH) -static -lstdc++ -lUserenv -lshlwapi -lssl -lcrypto \
-lws2_32 -lgdi32
CXXOBJ = $(CXXSRC:.cpp=.o)
#
# Compilation flags.
#
CXX = g++
CXXFLAGS = -g -O3 -march=i686 -fstrength-reduce -fno-rtti \
-fno-exceptions -Wall -Wpointer-arith -Werror -Wl,--kill-at \
-I$(LIBSSL_PATH)/include
#
# Make library by linking objects.
#
$(LIBRARY).dll: $(CXXOBJ)
$(CXX) -shared $(CXXFLAGS) $(CXXOBJ) -o $@ $(LIBS)
#
# Make objects from sources.
#
.SUFFIXES: .cpp.c
.cpp.o:
$(CXX) -c $(CXXFLAGS) $<
#
# Clean.
#
clean:
rm -f *.o
rm -f *.dll
rm -f *.a
.PHONY: clean

92
contrib/win32/win32compat/lsa/Makefile.mingw64
View File

@ -1,92 +0,0 @@
#/*
# * Author: NoMachine <developers@nomachine.com>
# *
# * Copyright (c) 2009, 2013 NoMachine
# * All rights reserved
# *
# * Support functions and system calls' replacements needed to let the
# * software run on Win32 based operating systems.
# *
# * Redistribution and use in source and binary forms, with or without
# * modification, are permitted provided that the following conditions
# * are met:
# *
# * 1. Redistributions of source code must retain the above copyright
# * notice, this list of conditions and the following disclaimer.
# * 2. Redistributions in binary form must reproduce the above copyright
# * notice, this list of conditions and the following disclaimer in the
# * documentation and/or other materials provided with the distribution.
# *
# * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
# * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# */
#
# Library name.
#
LIBRARY = ssh-lsa
#
# Sources list.
#
CXXSRC = Ssh-lsa.cpp LsaString.cpp Debug.cpp KeyAuth.cpp PopBinary.cpp \
Base64.cpp Utils.cpp Key.cpp DeskRight.cpp
#
# If You use Cygwin insead of pure MinGW tools, You need to ensure, that
# propertly OpenSSL libs are used (i.e. compiled for MinGW64 target).
#
LIBS = -L$(LIBSSL_PATH) -static -lstdc++ -lUserenv -lshlwapi -lssl \
-lcrypto -lws2_32 -lgdi32
CXXOBJ = $(CXXSRC:.cpp=.o)
#
# Compilation flags.
#
CXX = x86_64-w64-mingw32-g++
CXXDEFINES =
CXXFLAGS = -g -O3 -fstrength-reduce -fno-rtti -fno-exceptions \
-Wall -Wpointer-arith -Werror -Wl,--kill-at \
-I$(LIBSSL_PATH)/include
#
# Make library by linking objects.
#
$(LIBRARY).dll: $(CXXOBJ)
$(CXX) -shared $(CXXFLAGS) $(CXXOBJ) -o $@ $(LIBS)
#
# Make objects from sources.
#
.SUFFIXES: .cpp.c
.cpp.o:
$(CXX) -c $(CXXFLAGS) $(CXXDEFINES) $<
#
# Clean.
#
clean:
rm -f *.o
rm -f *.dll
rm -f *.a
.PHONY: clean

215
contrib/win32/win32compat/lsa/PopBinary.cpp
View File

@ -1,215 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "PopBinary.h"
#ifdef __VS_BUILD__
#ifdef __cplusplus
extern "C" {
#endif
#endif // __VS_BUILD__
extern LSA_SECPKG_FUNCTION_TABLE LsaApi;
#ifdef __VS_BUILD__
#ifdef __cplusplus
}
#endif
#endif
#ifdef DYNAMIC_OPENSSL
extern SSLFuncList DynSSL;
#endif
//
// Pop big endian (!) DWORD value from given buffer.
// WARNING. Function increses buf pointer if success.
//
// val - loaded DWORD value (OUT)
// buf - pointer to buffer's begin (IN/OUT)
// bytesToEnd - how many bytes remains in buffer (IN/OUT)
//
// RETURNS: 0 if OK.
//
Int PopDword(Unsigned Int &val, BYTE *&buf, Unsigned Int &bytesToEnd)
{
DBG_MSG("-> PopDword()...");
BYTE *valInBytes = (BYTE *) (&val);
if (bytesToEnd < 4)
{
DBG_MSG("ERROR. Cannot load DWORD. Unexpected buffer's end.\n");
return 1;
}
valInBytes[0] = buf[3];
valInBytes[1] = buf[2];
valInBytes[2] = buf[1];
valInBytes[3] = buf[0];
buf += 4;
bytesToEnd -= 4;
return 0;
}
//
// Allocate and pop ASCII string from given buffer. First DWORD in
// buffer must be a big endian length of string (without length field).
//
// WARNING. Function increses buf pointer if success.
//
// str - new allocated and loaded from buffer ASCIIZ string (OUT)
// val - string length without '0' in bytes (OUT)
// buf - pointer to buffer's begin (IN/OUT)
// bytesToEnd - how many bytes remains in buffer (IN/OUT)
//
// RETURNS: 0 if OK.
//
Int PopString(Char **str, Unsigned Int &len,
BYTE *&buf, Unsigned Int &bytesToEnd)
{
DBG_MSG("-> PopString()...");
Int exitCode = 1;
FAIL(str == NULL);
//
// Load string length from buffer.
//
FAIL(PopDword(len, buf, bytesToEnd));
//
// Allocate buffer for new string.
//
*str = (Char *) LsaApi.AllocateLsaHeap(len + 1);
FAIL(*str == NULL);
//
// Load 'len' bytes from buffer. It is body of string.
//
DBG_MSG("LoadString : Checking buffer length"
" [bytesToEnd = %u, len = %u]...\n", bytesToEnd, len);
FAIL(bytesToEnd < len);
memcpy(*str, buf, len);
(*str)[len] = 0;
//
// Increse buffer pointer by len.
//
buf += len;
bytesToEnd -= len;
exitCode = 0;
fail:
if (exitCode)
{
DBG_MSG("ERROR. Cannot load string from buffer.\n");
LsaApi.FreeLsaHeap(*str);
}
return exitCode;
}
//
// Pop raw BIGNUM data from given buffer and initialize given BIGNUM
// struct with it.
//
// WARNING. Function increses buf pointer if success.
//
// bigNum - existing bigNum struct to initialize (OUT)
// buf - pointer to buffer's begin (IN/OUT)
// bytesToEnd - how many bytes remains in buffer (IN/OUT)
//
// RETURNS: 0 if OK.
//
Int PopBigNum(BIGNUM *bigNum, BYTE *&buf, Unsigned Int &bytesToEnd)
{
DBG_MSG("-> PopBigNum()...");
Unsigned Int len = 0;
Unsigned Char *rawBigNum = NULL;
Int exitCode = 1;
FAIL(bigNum == NULL);
//
// Retrieve raw BIGNUM body from buffer.
//
FAIL(PopString((Char **) &rawBigNum, len, buf, bytesToEnd));
FAIL(len > 8 * 1024);
FAIL((len != 0) && (rawBigNum[0] & 0x80));
//
// Convert raw bigNumBlob buffer to BIGNUM struct.
//
FAIL(OPENSSL(BN_bin2bn(rawBigNum, len, bigNum) == NULL));
exitCode = 0;
fail:
//
// Clean up.
//
if (exitCode)
{
DBG_MSG("ERROR. Cannot load BIGNUM from buffer.\n");
}
LsaApi.FreeLsaHeap(rawBigNum);
return exitCode;
}

68
contrib/win32/win32compat/lsa/PopBinary.h
View File

@ -1,68 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef PopBinary_H
#define PopBinary_H
#undef STRING
#ifdef __VS_BUILD__
#define UMDF_USING_NTSTATUS
#include <Windows.h>
#include <LsaLookup.h>
#include <Ntsecapi.h>
#endif
#include "Win64Fix.h"
#include <openssl/bn.h>
#include <windows.h>
#include <NTSecPkg.h>
#include "Debug.h"
#include "Types.h"
#include "SSLFix.h"
//
// These functions pop up variety binary data from given buffer.
//
Int PopDword(Unsigned Int &val, BYTE *&buf, Unsigned Int &bytesToEnd);
Int PopString(Char **str, Unsigned Int &len,
BYTE *&buf, Unsigned Int &bytesToEnd);
Int PopBigNum(BIGNUM *bigNum, BYTE *&buf, Unsigned Int &bytesToEnd);
#endif

170
contrib/win32/win32compat/lsa/SSLFix.h
View File

@ -1,170 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef SSLFix_H
#define SSLFix_H
#undef STRING
//
// This code is needed for 'on the fly' load of OpenSSL DLLs.
//
//#define DYNAMIC_OPENSSL
#undef DYNAMIC_OPENSSL
#include <openssl/crypto.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/err.h>
//
// Code only for dynamic loaded OpenSSL libs (DLLs).
//
#ifdef DYNAMIC_OPENSSL
#define OPENSSL(x) DynSSL.x
typedef int (*SSL_library_init_Ptr)(void);
typedef void (*OpenSSL_add_all_digests_Ptr)(void);
typedef const EVP_MD* (*EVP_sha1_Ptr)(void);
typedef void (*DSA_SIG_free_Ptr)(DSA_SIG *);
typedef DSA_SIG *(*DSA_SIG_new_Ptr)(void);
typedef BIGNUM *(*BN_new_Ptr)(void);
typedef BIGNUM *(*BN_bin2bn_Ptr)(const unsigned char *, int,BIGNUM *);
typedef int (*EVP_DigestInit_Ptr)(EVP_MD_CTX *, const EVP_MD *);
typedef int (*EVP_DigestFinal_Ptr)(EVP_MD_CTX *, unsigned char *, unsigned int *);
typedef int (*EVP_DigestUpdate_Ptr)(EVP_MD_CTX *, const void *, size_t);
typedef int (*EVP_Digest_Ptr)(const void *, size_t, unsigned char *,
unsigned int *, const EVP_MD *, ENGINE *);
typedef int (*DSA_do_verify_Ptr)(const unsigned char *, int, DSA_SIG *, DSA *);
typedef int (*RSA_size_Ptr)(const RSA *);
typedef int (*RSA_public_decrypt_Ptr)(int, const unsigned char *,
unsigned char *, RSA *, int);
typedef int (*BN_num_bits_Ptr)(const BIGNUM *);
typedef const char *(*OBJ_nid2sn_Ptr)(int);
typedef const EVP_MD *(*EVP_get_digestbyname_Ptr)(const char *);
typedef int (*BN_cmp_Ptr)(const BIGNUM *, const BIGNUM *);
typedef RSA *(*RSA_new_Ptr)(void);
typedef DSA *(*DSA_new_Ptr)(void);
typedef void (*RSA_free_Ptr)(RSA *);
typedef void (*DSA_free_Ptr)(DSA *);
//
// Struct with pointers to OpenSSL function exported by DLLs.
//
struct SSLFuncList
{
SSL_library_init_Ptr SSL_library_init;
OpenSSL_add_all_digests_Ptr OpenSSL_add_all_digests;
EVP_sha1_Ptr EVP_sha1;
DSA_SIG_free_Ptr DSA_SIG_free;
DSA_SIG_new_Ptr DSA_SIG_new;
BN_new_Ptr BN_new;
BN_bin2bn_Ptr BN_bin2bn;
EVP_DigestInit_Ptr EVP_DigestInit;
EVP_DigestFinal_Ptr EVP_DigestFinal;
EVP_DigestUpdate_Ptr EVP_DigestUpdate;
EVP_Digest_Ptr EVP_Digest;
DSA_do_verify_Ptr DSA_do_verify;
RSA_size_Ptr RSA_size;
RSA_public_decrypt_Ptr RSA_public_decrypt;
BN_num_bits_Ptr BN_num_bits;
OBJ_nid2sn_Ptr OBJ_nid2sn;
EVP_get_digestbyname_Ptr EVP_get_digestbyname;
BN_cmp_Ptr BN_cmp;
RSA_new_Ptr RSA_new;
DSA_new_Ptr DSA_new;
RSA_free_Ptr RSA_free;
DSA_free_Ptr DSA_free;
};
//
// We use static linked function here.
//
#else
#define OPENSSL(x) x
#endif
#endif

65
contrib/win32/win32compat/lsa/Utils.cpp
View File

@ -1,65 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "Win64Fix.h"
#include "Utils.h"
using namespace std;
//
// Skip white characters in buffer.
//
void SkipWhite(Char *&p)
{
if (p)
{
while (*p == ' ' || *p == '\t')
{
p++;
}
}
}
//
// Go to first white space in buffer.
//
void GotoWhite(Char *&p)
{
if (p)
{
while(*p != '\0' && *p != ' ' && *p != '\t')
{
p++;
}
}
}

75
contrib/win32/win32compat/lsa/Utils.h
View File

@ -1,75 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef Utils_H
#define Utils_H
#undef STRING
#undef WINVER
#define WINVER 0x0501
#include "Types.h"
#include "Debug.h"
#include <cstdlib>
#include <sddl.h>
#include <Aclapi.h>
#include <iostream>
void SkipWhite(Char *&p);
void GotoWhite(Char *&p);
Int CreatePipeEx(HANDLE pipe[2], SECURITY_ATTRIBUTES *sa, Int bufSize,
DWORD readMode, DWORD writeMode, Int timeout);
Int SetObjectRights(const Char *objName, const Char *rights, Int inherit);
Int SetUpSecurityAttributes(SECURITY_ATTRIBUTES *sa, Char *clientUser);
Int EnvironmentCat(Char *env, Int envSize,
const Char *lvalue, const Char *rvalueCat);
Int EnvironmentSet(Char *env, Int envSize,
const Char *lvalue, const Char *rvalueCat);
void FreeSecurityAttributes(SECURITY_ATTRIBUTES *sa);
Int CheckForAdmin(HANDLE process);
const Char *EnvironmentGet(Char *env, const Char *lvalue);
Int EnvironmentAsciiFromUnicode(Char *ascii, Int asciiSize, wchar_t *unicode);
Int GetVarFromNodeCfg(Char *rvalue, Int rvalueSize,
const Char *lvalue, const Char *user);
#endif

46
contrib/win32/win32compat/lsa/Win64Fix.h
View File

@ -1,46 +0,0 @@
/*
* Author: NoMachine <developers@nomachine.com>
*
* Copyright (c) 2009, 2013 NoMachine
* All rights reserved
*
* Support functions and system calls' replacements needed to let the
* software run on Win32 based operating systems.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef Win64Fix_H
#define Win64Fix_H
#undef STRING
#include <windows.h>
#define SECURITY_WIN32
#include <security.h>
//#include <guiddef.h>
#endif