disabled broken fdopen and routed usage in code to Win CRTs _fdopen, also logging in Network mode, to get elevated tokens for admin

2025-07-25 15:04:54 +02:00 · 2016-03-17 19:36:09 -07:00 · 2016-03-17 19:36:09 -07:00 · dec395bbfe
commit dec395bbfe
parent 3760840856
4 changed files with 20 additions and 33 deletions
--- a/auth-passwd.c
+++ b/auth-passwd.c
@ -335,39 +335,11 @@ int sys_auth_passwd(Authctxt *authctxt, const char *password)

    return 0;
  }
-
-  /*
-   * First, try logon in INTERACTIVE mode.
-   */
  
  worked = LogonUserW(user_UTF16, domain_UTF16, password_UTF16,
-                         LOGON32_LOGON_INTERACTIVE, 
+	  LOGON32_LOGON_NETWORK,
                             LOGON32_PROVIDER_DEFAULT, &hToken);
                             
-  /*
-   * If no success, try NETWORK mode.
-   */
-   
-  if (!worked)
-  {
-    HANDLE weakToken = INVALID_HANDLE_VALUE;
-    
-    debug3("Netork login attemp [%s][%ls]...", 
-               username, domain_UTF16);
-    
-    worked = LogonUserW(user_UTF16, domain_UTF16, password_UTF16,
-                           LOGON32_LOGON_NETWORK,
-                               LOGON32_PROVIDER_DEFAULT, &weakToken);
-
-    if (worked)
-    {
-      debug("Duplicating token...");
-  
-      debug3(DuplicateTokenEx(weakToken, MAXIMUM_ALLOWED,
-                                  NULL, SecurityImpersonation,
-                                      TokenPrimary, &hToken) == 0);
-    }                                  
-  }
  
  free(user_UTF16);
  free(password_UTF16);
--- a/auth.c
+++ b/auth.c
@ -647,8 +647,8 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 	int fd;
 	FILE *f;
 	
-#if(0)def WIN32_FIXME
-    if ((fd = WSHELPwopen(file, O_RDONLY|O_NONBLOCK)) == -1) {
+#ifdef WIN32_FIXME
+    if ((fd = _wopen(file, O_RDONLY|O_NONBLOCK)) == -1) {
 #else
 	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
 #endif
@ -658,6 +658,13 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 		return NULL;
 	}

+#ifdef WIN32_FIXME
+	if ((f = _fdopen(fd, "r")) == NULL) {
+		_close(fd);
+		return NULL;
+	}
+
+#else
 	if (fstat(fd, &st) < 0) {
 		close(fd);
 		return NULL;
@ -668,13 +675,13 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 		close(fd);
 		return NULL;
 	}
-#ifndef WIN32_FIXME
 	unset_nonblock(fd);
-#endif
+
 	if ((f = fdopen(fd, "r")) == NULL) {
 		close(fd);
 		return NULL;
 	}
+#endif
 	if (strict_modes &&
 	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
 		fclose(f);
--- a/contrib/win32/win32compat/fileio.c
+++ b/contrib/win32/win32compat/fileio.c
@ -556,6 +556,10 @@ fileio_fdopen(struct w32_io* pio, const char *mode) {
 	int fd_flags = 0;
 	debug2("fdopen - io:%p", pio);

+	/* logic below doesn't work with overlapped file HANDLES */
+	errno = ENOTSUP;
+	return NULL;
+
 	if (mode[1] == '\0') {
 		switch (*mode) {
 		case 'r':
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -58,6 +58,10 @@
 #include "krl.h"
 #include "digest.h"

+#ifdef	WIN32_FIXME
+#define open(a,b,...) _open((a), (b), __VA_ARGS__)
+#define fdopen(a,b) _fdopen((a), (b))
+#endif

 #ifdef WITH_OPENSSL
 # define DEFAULT_KEY_TYPE_NAME "rsa"