From df9a548ef36f92b9b7e425eb85a6196d27a0c860 Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Thu, 24 Mar 2016 15:08:52 -0700 Subject: [PATCH] Remove additional token references and calls to ModifyReghtsToDesktop from session --- auth.h | 6 ----- auth2-pubkey.c | 5 ++-- session.c | 63 -------------------------------------------------- 3 files changed, 2 insertions(+), 72 deletions(-) diff --git a/auth.h b/auth.h index fa9a069..c65b747 100644 --- a/auth.h +++ b/auth.h @@ -87,12 +87,6 @@ struct Authctxt { struct sshkey **prev_userkeys; u_int nprev_userkeys; - #ifdef WIN32_FIXME - - HANDLE hTokenLsa_; - HANDLE currentToken_; - - #endif }; /* * Every authentication method has to handle authentication requests for diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 3eb2f6d..a1694ca 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -209,7 +209,6 @@ userauth_pubkey(Authctxt *authctxt) #ifdef WIN32_FIXME - authctxt -> hTokenLsa_ = NULL; authctxt -> methoddata = NULL; /* @@ -232,7 +231,7 @@ userauth_pubkey(Authctxt *authctxt) } else { - loginStat = LsaLogon(&authctxt -> hTokenLsa_, HomeDirLsaW, + loginStat = LsaLogon(&authctxt->methoddata, HomeDirLsaW, authctxt -> user, pkblob, blen, sig, slen, buffer_ptr(&b), buffer_len(&b), datafellows); @@ -246,7 +245,7 @@ userauth_pubkey(Authctxt *authctxt) * And user authorized OK. */ - if (authctxt -> hTokenLsa_) + if (authctxt->methoddata) { doOpenSSHVerify = 0; diff --git a/session.c b/session.c index bcdc669..e470018 100644 --- a/session.c +++ b/session.c @@ -701,43 +701,10 @@ do_exec_no_pty(Session *s, const char *command) * token using CreateUserToken for non-password auth mechanisms. */ - /* - * Try LSA token first. - */ - - if (s -> authctxt -> hTokenLsa_) - { - debug("Using token from lsa..."); - - hToken = s -> authctxt -> hTokenLsa_; - - ModifyRightsToDesktop(hToken, 1); - } - - /* - * Next try pass-auth token. - */ - else - { - debug("Using token from LogonUser()..."); - hToken = s -> authctxt -> methoddata; - /* - * Clear this value out because we're going to release - * the token in this function - */ - - s -> authctxt -> methoddata = INVALID_HANDLE_VALUE; - ModifyRightsToDesktop(hToken, 1); - } - - /* - * Set display if needed - */ - if (s -> display) { SetEnvironmentVariable("DISPLAY", s -> display); @@ -749,23 +716,7 @@ do_exec_no_pty(Session *s, const char *command) if (1) // (s -> pw -> pw_dir == NULL || s -> pw -> pw_dir[0] == '\0') { - /* - * If there is homedir from LSA use it. - */ - - //if (HomeDirLsaW[0] != '\0') - //{ - //s -> pw -> pw_dir = HomeDirLsaW; - //} - - /* - * If not get homedir from token. - */ - - //else - //{ s -> pw -> pw_dir = GetHomeDirFromToken(s -> pw -> pw_name, hToken); - //} } /* @@ -895,10 +846,6 @@ do_exec_no_pty(Session *s, const char *command) * to clean up DACL of Winsta0. */ - //CloseHandle(hToken); - - s -> authctxt -> currentToken_ = hToken; - /* * Log the process handle (fake it as the pid) for termination lookups */ @@ -2964,7 +2911,6 @@ session_pty_cleanup2(Session *s) CloseHandle(s -> pid); - ModifyRightsToDesktop(s -> authctxt -> currentToken_, 0); } #endif @@ -3391,15 +3337,6 @@ do_cleanup(Authctxt *authctxt) static int called = 0; debug("do_cleanup"); - #ifdef WIN32_FIXME - - if (authctxt) - { - ModifyRightsToDesktop(authctxt -> currentToken_, 0); - } - - #endif - /* no cleanup if we're in the child for login shell */ if (is_child)