From 3965d200c72ffe6afde433591bc3b5d25794f005 Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Sat, 8 Apr 2017 09:27:15 -0700 Subject: [PATCH] Removed ssh-lsa.dll and setup reboot restriction (#108) https://github.com/PowerShell/Win32-OpenSSH/issues/657 --- appveyor.yml | 6 +- contrib/win32/openssh/AppveyorHelper.psm1 | 2 - contrib/win32/openssh/OpenSSHBuildHelper.psm1 | 119 ++---- contrib/win32/openssh/Win32-OpenSSH.sln | 14 - contrib/win32/openssh/install-sshlsa.ps1 | 10 - contrib/win32/openssh/ssh-lsa.def | 11 - contrib/win32/openssh/ssh-lsa.vcxproj | 191 ---------- contrib/win32/openssh/ssh-lsa.vcxproj.filters | 27 -- contrib/win32/openssh/uninstall-sshlsa.ps1 | 10 - contrib/win32/win32compat/console.c | 4 +- contrib/win32/win32compat/lsa/Ssh-lsa.c | 358 ------------------ contrib/win32/win32compat/lsastring.c | 152 -------- contrib/win32/win32compat/lsastring.h | 50 --- .../win32compat/ssh-agent/authagent-request.c | 21 +- 14 files changed, 61 insertions(+), 914 deletions(-) delete mode 100644 contrib/win32/openssh/install-sshlsa.ps1 delete mode 100644 contrib/win32/openssh/ssh-lsa.def delete mode 100644 contrib/win32/openssh/ssh-lsa.vcxproj delete mode 100644 contrib/win32/openssh/ssh-lsa.vcxproj.filters delete mode 100644 contrib/win32/openssh/uninstall-sshlsa.ps1 delete mode 100644 contrib/win32/win32compat/lsa/Ssh-lsa.c delete mode 100644 contrib/win32/win32compat/lsastring.c delete mode 100644 contrib/win32/win32compat/lsastring.h diff --git a/appveyor.yml b/appveyor.yml index a9a77d0ef..45ac7904e 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 0.0.10.0.{build} +version: 0.0.11.0.{build} image: Visual Studio 2015 branches: @@ -18,10 +18,6 @@ after_build: - ps: | Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking Install-OpenSSH - - ps: Write-Verbose "Restart computer ..." - - ps: Restart-Computer -Force - - ps: Start-Sleep -s 5 # Needs to be proceeded with -ps: as it's interpreted by AppVeyor - - ps: Write-Verbose "Restart computer completed!" before_test: - ps: | diff --git a/contrib/win32/openssh/AppveyorHelper.psm1 b/contrib/win32/openssh/AppveyorHelper.psm1 index f0f97c0fd..3157150e7 100644 --- a/contrib/win32/openssh/AppveyorHelper.psm1 +++ b/contrib/win32/openssh/AppveyorHelper.psm1 @@ -81,8 +81,6 @@ function Invoke-AppVeyorFull Set-OpenSSHTestParams Invoke-AppVeyorBuild Install-OpenSSH - Install-OpenSSHTestDependencies - Deploy-OpenSSHTests Setup-OpenSSHTestEnvironment Run-OpenSSHTests Publish-Artifact diff --git a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 b/contrib/win32/openssh/OpenSSHBuildHelper.psm1 index 21adf8834..345c7c7fe 100644 --- a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 +++ b/contrib/win32/openssh/OpenSSHBuildHelper.psm1 @@ -299,7 +299,10 @@ function Package-OpenSSH [string]$NativeHostArch = "x64", [ValidateSet('Debug', 'Release', '')] - [string]$Configuration = "Release" + [string]$Configuration = "Release", + + # Copy payload to DestinationPath instead of packaging + [string]$DestinationPath = "" ) [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot @@ -311,9 +314,8 @@ function Package-OpenSSH } $buildDir = Join-Path $repositoryRoot ("bin\" + $folderName + "\" + $Configuration) $payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe" - $payload += "sftp-server.exe", "scp.exe", "ssh-lsa.dll", "ssh-shellhost.exe", "ssh-keygen.exe" + $payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe" $payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1" - $payload += "install-sshlsa.ps1", "uninstall-sshlsa.ps1" $packageName = "OpenSSH-Win64" if ($NativeHostArch -eq 'x86') { @@ -343,12 +345,29 @@ function Package-OpenSSH } } - Remove-Item ($packageDir + '.zip') -Force -ErrorAction SilentlyContinue - Compress-Archive -Path $packageDir -DestinationPath ($packageDir + '.zip') + if ($DestinationPath -ne "") { + if (Test-Path $DestinationPath) { + Remove-Item $DestinationPath\* -Force + } + else { + New-Item -ItemType Directory $DestinationPath | Out-Null + } + Copy-Item -Path $packageDir\* -Destination $DestinationPath -Force -Recurse + } + else { + Remove-Item ($packageDir + '.zip') -Force -ErrorAction SilentlyContinue + Compress-Archive -Path $packageDir -DestinationPath ($packageDir + '.zip') + } Remove-Item $packageDir -Recurse -Force -ErrorAction SilentlyContinue - Remove-Item ($symbolsDir + '.zip') -Force -ErrorAction SilentlyContinue - Compress-Archive -Path $symbolsDir -DestinationPath ($symbolsDir + '.zip') + + if ($DestinationPath -ne "") { + Copy-Item -Path $symbolsDir\* -Destination $DestinationPath -Force -Recurse + } + else { + Remove-Item ($symbolsDir + '.zip') -Force -ErrorAction SilentlyContinue + Compress-Archive -Path $symbolsDir -DestinationPath ($symbolsDir + '.zip') + } Remove-Item $symbolsDir -Recurse -Force -ErrorAction SilentlyContinue } @@ -434,75 +453,6 @@ function Get-SolutionFile return Join-Path -Path $root -ChildPath "contrib\win32\openssh\Win32-OpenSSH.sln" } -<# - .Synopsis - Deploy all required files to build a package and create zip file. -#> -function Deploy-Win32OpenSSHBinaries -{ - [CmdletBinding()] - param - ( - [ValidateSet('Debug', 'Release', '')] - [string]$Configuration = "", - [ValidateSet('x86', 'x64', '')] - [string]$NativeHostArch = "", - [string]$OpenSSHDir = "$env:SystemDrive\OpenSSH" - ) - - if (-not (Test-Path -Path $OpenSSHDir -PathType Container)) - { - $null = New-Item -Path $OpenSSHDir -ItemType Directory -Force -ErrorAction Stop - } - - [string] $platform = $env:PROCESSOR_ARCHITECTURE - if(-not [String]::IsNullOrEmpty($NativeHostArch)) - { - $folderName = $NativeHostArch - if($NativeHostArch -ieq 'x86') - { - $folderName = "Win32" - } - } - else - { - if($platform -ieq "AMD64") - { - $folderName = "x64" - } - else - { - $folderName = "Win32" - } - } - - if([String]::IsNullOrEmpty($Configuration)) - { - if( $folderName -ieq "Win32" ) - { - $RealConfiguration = "Debug" - } - else - { - $RealConfiguration = "Release" - } - } - else - { - $RealConfiguration = $Configuration - } - - [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot - - $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "bin\$folderName\$RealConfiguration" - if((Get-Service ssh-agent -ErrorAction Ignore) -ne $null) { - Stop-Service ssh-agent -Force - } - Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.exe,*.dll -Exclude *unittest*.* -Force -ErrorAction Stop - $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "contrib\win32\openssh" - Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.ps1,sshd_config -Exclude AnalyzeCodeDiff.ps1 -Force -ErrorAction Stop -} - <# .Synopsis Deploy all required files to a location and install the binaries @@ -521,12 +471,25 @@ function Install-OpenSSH [string]$OpenSSHDir = "$env:SystemDrive\OpenSSH" ) - Deploy-Win32OpenSSHBinaries @PSBoundParameters + if ($Configuration -eq "") + { + $Configuration = 'Release' + } + + if ($NativeHostArch -eq "") + { + $NativeHostArch = 'x64' + if ($env:PROCESSOR_ARCHITECTURE -eq 'x86') { + $NativeHostArch = 'x86' + } + } + + Package-OpenSSH -NativeHostArch $NativeHostArch -Configuration $Configuration -DestinationPath $OpenSSHDir Push-Location $OpenSSHDir & ( "$OpenSSHDir\install-sshd.ps1") .\ssh-keygen.exe -A - & ( "$OpenSSHDir\install-sshlsa.ps1") + #machine will be reboot after Install-openssh anyway $machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE') diff --git a/contrib/win32/openssh/Win32-OpenSSH.sln b/contrib/win32/openssh/Win32-OpenSSH.sln index f808422cb..e70453bf6 100644 --- a/contrib/win32/openssh/Win32-OpenSSH.sln +++ b/contrib/win32/openssh/Win32-OpenSSH.sln @@ -55,11 +55,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sshd", "sshd.vcxproj", "{F5 EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "config", "config.vcxproj", "{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-lsa", "ssh-lsa.vcxproj", "{02FB3D98-6516-42C6-9762-98811A99960F}" - ProjectSection(ProjectDependencies) = postProject - {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "posix_compat", "win32iocompat.vcxproj", "{0D02F0F0-013B-4EE3-906D-86517F3822C0}" ProjectSection(ProjectDependencies) = postProject {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} @@ -226,14 +221,6 @@ Global {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}.Release|x64.Build.0 = Release|x64 {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}.Release|x86.ActiveCfg = Release|Win32 {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}.Release|x86.Build.0 = Release|Win32 - {02FB3D98-6516-42C6-9762-98811A99960F}.Debug|x64.ActiveCfg = Debug|x64 - {02FB3D98-6516-42C6-9762-98811A99960F}.Debug|x64.Build.0 = Debug|x64 - {02FB3D98-6516-42C6-9762-98811A99960F}.Debug|x86.ActiveCfg = Debug|Win32 - {02FB3D98-6516-42C6-9762-98811A99960F}.Debug|x86.Build.0 = Debug|Win32 - {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x64.ActiveCfg = Release|x64 - {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x64.Build.0 = Release|x64 - {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x86.ActiveCfg = Release|Win32 - {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x86.Build.0 = Release|Win32 {0D02F0F0-013B-4EE3-906D-86517F3822C0}.Debug|x64.ActiveCfg = Debug|x64 {0D02F0F0-013B-4EE3-906D-86517F3822C0}.Debug|x64.Build.0 = Debug|x64 {0D02F0F0-013B-4EE3-906D-86517F3822C0}.Debug|x86.ActiveCfg = Debug|Win32 @@ -343,7 +330,6 @@ Global {6657614F-7821-4D55-96EF-7C3C4B551880} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} {F58FF6BA-098B-4DB9-9609-A030DFB4D03F} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} - {02FB3D98-6516-42C6-9762-98811A99960F} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} {C0AE8A30-E4FA-49CE-A2B5-0C072C77EC64} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} {F6644EC5-D6B6-42A1-828C-75E2977470E0} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E} diff --git a/contrib/win32/openssh/install-sshlsa.ps1 b/contrib/win32/openssh/install-sshlsa.ps1 deleted file mode 100644 index 76a4087a9..000000000 --- a/contrib/win32/openssh/install-sshlsa.ps1 +++ /dev/null @@ -1,10 +0,0 @@ -Copy-Item -Path $PSScriptRoot\ssh-lsa.dll -Destination "$env:windir\system32" -$subkey = 'SYSTEM\CurrentControlSet\Control\Lsa' -$value = 'Authentication Packages' -$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 0) -$key = $reg.OpenSubKey($subkey, $true) -$arr = $key.GetValue($value) -if ($arr -notcontains 'ssh-lsa') { - $arr += 'ssh-lsa' - $key.SetValue($value, [string[]]$arr, 'MultiString') -} diff --git a/contrib/win32/openssh/ssh-lsa.def b/contrib/win32/openssh/ssh-lsa.def deleted file mode 100644 index b77cde063..000000000 --- a/contrib/win32/openssh/ssh-lsa.def +++ /dev/null @@ -1,11 +0,0 @@ -; ssh-lsa.def : Declares the module parameters. - -LIBRARY "ssh-lsa.DLL" - -EXPORTS - LsaApInitializePackage @1 - LsaApLogonUser @2 - LsaApLogonTerminated @3 - LsaApCallPackagePassthrough @4 - LsaApCallPackageUntrusted @5 - LsaApCallPackage @6 \ No newline at end of file diff --git a/contrib/win32/openssh/ssh-lsa.vcxproj b/contrib/win32/openssh/ssh-lsa.vcxproj deleted file mode 100644 index 899782a93..000000000 --- a/contrib/win32/openssh/ssh-lsa.vcxproj +++ /dev/null @@ -1,191 +0,0 @@ - - - - - - Debug - Win32 - - - Release - Win32 - - - Debug - x64 - - - Release - x64 - - - - - - - - - - {02FB3D98-6516-42C6-9762-98811A99960F} - Win32Proj - ssh-lsa - 8.1 - ssh-lsa - - - - DynamicLibrary - true - v140 - MultiByte - - - DynamicLibrary - false - v140 - true - MultiByte - - - DynamicLibrary - true - v140 - MultiByte - - - DynamicLibrary - false - v140 - true - MultiByte - - - - - - - - - - - - - - - - - - - - - true - $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ - $(Platform)\$(Configuration)\$(TargetName)\ - - - true - $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ - $(Platform)\$(Configuration)\$(TargetName)\ - - - false - $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ - $(Platform)\$(Configuration)\$(TargetName)\ - - - false - $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ - $(Platform)\$(Configuration)\$(TargetName)\ - - - - - - Level3 - Disabled - _WIN32_WINNT=0x600;__VS_BUILD__=1;__VS_BUILD__WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) - true - $(OpenSSL-Win32-Debug-Path)include;%(AdditionalIncludeDirectories) - MultiThreadedDebug - ProgramDatabase - - - Console - true - advapi32.lib - $(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - ssh-lsa.def - - - - - - - Level3 - Disabled - _WIN32_WINNT=0x600;__VS_BUILD__=1;__VS_BUILD__WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) - true - $(OpenSSL-x64-Debug-Path)include;%(AdditionalIncludeDirectories) - MultiThreadedDebug - ProgramDatabase - - - Console - true - advapi32.lib - $(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - ssh-lsa.def - - - - - Level3 - - - MaxSpeed - true - true - _WIN32_WINNT=0x600;__VS_BUILD__=1;__VS_BUILD___LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - $(OpenSSL-Win32-Release-Path)include;%(AdditionalIncludeDirectories) - MultiThreaded - - - Console - true - true - true - advapi32.lib - $(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - ssh-lsa.def - true - - - - - Level3 - - - MaxSpeed - true - true - _WIN32_WINNT=0x600;__VS_BUILD__=1;__VS_BUILD___LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - $(OpenSSL-x64-Release-Path)include;%(AdditionalIncludeDirectories) - MultiThreaded - - - Console - true - true - true - advapi32.lib - $(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - ssh-lsa.def - true - - - - - - \ No newline at end of file diff --git a/contrib/win32/openssh/ssh-lsa.vcxproj.filters b/contrib/win32/openssh/ssh-lsa.vcxproj.filters deleted file mode 100644 index 44c766469..000000000 --- a/contrib/win32/openssh/ssh-lsa.vcxproj.filters +++ /dev/null @@ -1,27 +0,0 @@ - - - - - {6CB7C14F-01AD-4B45-B64B-7CA809717A41} - cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx - - - {E208189E-89FC-415D-B803-9FE16836833A} - h;hh;hpp;hxx;hm;inl;inc;xsd - - - {A4657585-A2AC-4675-8657-EE71F3E97A4D} - rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms - - - - - Source Files - - - - - Resource Files - - - \ No newline at end of file diff --git a/contrib/win32/openssh/uninstall-sshlsa.ps1 b/contrib/win32/openssh/uninstall-sshlsa.ps1 deleted file mode 100644 index c99390ca8..000000000 --- a/contrib/win32/openssh/uninstall-sshlsa.ps1 +++ /dev/null @@ -1,10 +0,0 @@ -$subkey = 'SYSTEM\CurrentControlSet\Control\Lsa' -$value = 'Authentication Packages' -$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 0) -$key = $reg.OpenSubKey($subkey, $true) -$arr = $key.GetValue($value) -if ($arr -contains 'ssh-lsa') { - $tempArryList = New-Object System.Collections.Arraylist(,$arr) - $tempArryList.Remove('ssh-lsa') - $key.SetValue($value, [string[]]$tempArryList, 'MultiString') -} diff --git a/contrib/win32/win32compat/console.c b/contrib/win32/win32compat/console.c index 11650126c..04c04ffee 100644 --- a/contrib/win32/win32compat/console.c +++ b/contrib/win32/win32compat/console.c @@ -1581,11 +1581,11 @@ get_console_handle(FILE *stream, DWORD * mode) file_num = (_fileno)(stream); if (file_num == -1) { - return -1; + return INVALID_HANDLE_VALUE; } lHandle = _get_osfhandle(file_num); if (lHandle == -1 && errno == EBADF) { - return -1; + return INVALID_HANDLE_VALUE; } type = GetFileType((HANDLE)lHandle); if (type == FILE_TYPE_CHAR && file_num >= 0 && file_num <= 2) { diff --git a/contrib/win32/win32compat/lsa/Ssh-lsa.c b/contrib/win32/win32compat/lsa/Ssh-lsa.c deleted file mode 100644 index 103fdc259..000000000 --- a/contrib/win32/win32compat/lsa/Ssh-lsa.c +++ /dev/null @@ -1,358 +0,0 @@ -/* - * Author: NoMachine - * Copyright (c) 2009, 2013 NoMachine - * All rights reserved - * - * Author: Manoj Ampalam - * Simplified code to just perform local user logon - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS intERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#define WINVER 0x501 - -#define UMDF_USING_NTSTATUS -#include -#define SECURITY_WIN32 -#include -#include -#include -#include -#include -#include "..\misc_internal.h" - -#define Unsigned unsigned -#define Char char -#define Int int -#define Long long -#define Not(value) ((value) == 0) -#define PKG_NAME "SSH-LSA" -#define PKG_NAME_SIZE sizeof(PKG_NAME) -#define MAX_ACCOUNT_NAME_SIZE (256 * 2) -#define VERSION "4.0.346" - - -typedef VOID(WINAPI *RtlInitUnicodeStringPtr) -(PUNICODE_STRING, PCWSTR SourceString); -#define FAIL(CONDITION) if(CONDITION) goto fail - -#define NTFAIL(NTFUNC) if((ntStat = (NTFUNC))) goto fail - -RtlInitUnicodeStringPtr RtlInitUnicodeString = NULL; -HMODULE NtDll = NULL; -LSA_SECPKG_FUNCTION_TABLE LsaApi; - -NTSTATUS LsaAllocUnicodeString(PUNICODE_STRING *lsaStr, USHORT maxLen) -{ - NTSTATUS ntStat = STATUS_NO_MEMORY; - FAIL(lsaStr == NULL); - *lsaStr = (PUNICODE_STRING)LsaApi.AllocateLsaHeap(sizeof(UNICODE_STRING)); - FAIL((*lsaStr) == NULL); - (*lsaStr)->Buffer = (WCHAR *)LsaApi.AllocateLsaHeap(sizeof(maxLen)); - (*lsaStr)->Length = 0; - (*lsaStr)->MaximumLength = maxLen; - FAIL((*lsaStr)->Buffer == NULL); - - ntStat = 0; -fail: - - if (ntStat) { - if (lsaStr && (*lsaStr)) { - LsaApi.FreeLsaHeap((*lsaStr)->Buffer); - LsaApi.FreeLsaHeap((*lsaStr)); - } - } - - return ntStat; -} - -void LsaFreeUnicodeString(PUNICODE_STRING lsaStr) -{ - if (lsaStr) { - if (lsaStr->Buffer) - LsaApi.FreeLsaHeap(lsaStr->Buffer); - LsaApi.FreeLsaHeap(lsaStr); - } -} - -NTSTATUS FillUnicodeString(UNICODE_STRING *lsaStr, const Char *str) -{ - NTSTATUS ntStat = STATUS_NO_MEMORY; - size_t cbSize = 0; - FAIL(lsaStr == NULL); - FAIL(lsaStr->Buffer == NULL); - FAIL(str == NULL); - cbSize = strlen(str); - FAIL(cbSize >= lsaStr->MaximumLength); - _swprintf(lsaStr->Buffer, L"%hs", str); - lsaStr->Length = (USHORT)(cbSize * 2); - lsaStr->Buffer[cbSize * 2] = 0x0000; - ntStat = STATUS_SUCCESS; - -fail: - return ntStat; -} - - -NTSTATUS NTAPI LsaApCallPackagePassthrough(PLSA_CLIENT_REQUEST request, - PVOID submitBuf, - PVOID clientBufBase, - ULONG submitBufSize, - PVOID *outBuf, - PULONG outBufSize, - PNTSTATUS status) { - return STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS NTAPI LsaApCallPackageUntrusted(PLSA_CLIENT_REQUEST request, - PVOID submitBuf, - PVOID clientBufBase, - ULONG submitBufSize, - PVOID *outBuf, - PULONG outBufSize, - PNTSTATUS status) { - return STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS NTAPI LsaApCallPackage(PLSA_CLIENT_REQUEST request, PVOID submitBuf, - PVOID clientBufBase, ULONG submitBufSize, - PVOID *outBuf, PULONG outBufSize, - PNTSTATUS status) { - return STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS NTAPI LsaApInitializePackage(ULONG pkgId, - PLSA_SECPKG_FUNCTION_TABLE func, - PLSA_STRING database, - PLSA_STRING confident, - PLSA_STRING *pkgName) -{ - memcpy(&LsaApi, func, sizeof(LsaApi)); - - *pkgName = (PLSA_STRING)LsaApi.AllocateLsaHeap(sizeof(LSA_STRING)); - (*pkgName)->Buffer = (PCHAR)LsaApi.AllocateLsaHeap(PKG_NAME_SIZE); - - /* fill buffer with package name */ - memcpy((*pkgName)->Buffer, PKG_NAME, PKG_NAME_SIZE); - (*pkgName)->Length = PKG_NAME_SIZE - 1; - (*pkgName)->MaximumLength = PKG_NAME_SIZE; - - return STATUS_SUCCESS; -} - -int LsaCopySid(PSID *dst, PSID src) -{ - int exitCode = 1; - DWORD size = 0; - - FAIL(IsValidSid(src) == FALSE); - size = GetLengthSid(src); - *dst = LsaApi.AllocateLsaHeap(size); - memcpy(*dst, src, size); - exitCode = 0; -fail: - return exitCode; -} - -int LsaAllocTokenInfo(PLSA_TOKEN_INFORMATION_V1 *info, HANDLE token) -{ - - int exitCode = 1; - DWORD cbSize = 0; - DWORD i = 0; - - PTOKEN_USER pUserToken = NULL; - PTOKEN_GROUPS pGroupsToken = NULL; - PTOKEN_OWNER pOwnerToken = NULL; - PTOKEN_PRIMARY_GROUP pPrimaryGroupToken = NULL; - PLSA_TOKEN_INFORMATION_V1 tokenInfo; - - *info = (PLSA_TOKEN_INFORMATION_V1) - LsaApi.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1)); - - FAIL(*info == NULL); - tokenInfo = *info; - GetTokenInformation(token, TokenUser, NULL, 0, &cbSize); - pUserToken = (PTOKEN_USER)LocalAlloc(LPTR, cbSize); - FAIL(GetTokenInformation(token, TokenUser, - pUserToken, cbSize, &cbSize) == FALSE); - tokenInfo->User.User.Attributes = pUserToken->User.Attributes; - FAIL(LsaCopySid(&tokenInfo->User.User.Sid, pUserToken->User.Sid)); - - GetTokenInformation(token, TokenGroups, NULL, 0, &cbSize); - pGroupsToken = (PTOKEN_GROUPS)LocalAlloc(LPTR, cbSize); - FAIL(GetTokenInformation(token, TokenGroups, - pGroupsToken, cbSize, &cbSize) == FALSE); - cbSize = pGroupsToken->GroupCount * sizeof(SID_AND_ATTRIBUTES) + sizeof(DWORD); - tokenInfo->Groups = (PTOKEN_GROUPS)LsaApi.AllocateLsaHeap(cbSize); - tokenInfo->Groups->GroupCount = pGroupsToken->GroupCount; - - for (i = 0; i < pGroupsToken->GroupCount; i++) - { - FAIL(LsaCopySid(&tokenInfo->Groups->Groups[i].Sid, - pGroupsToken->Groups[i].Sid)); - - tokenInfo->Groups->Groups[i].Attributes = pGroupsToken->Groups[i].Attributes; - } - - GetTokenInformation(token, TokenPrivileges, NULL, 0, &cbSize); - tokenInfo->Privileges = (PTOKEN_PRIVILEGES)LsaApi.AllocateLsaHeap(cbSize); - FAIL(GetTokenInformation(token, TokenPrivileges, - tokenInfo->Privileges, cbSize, &cbSize) == FALSE); - GetTokenInformation(token, TokenOwner, NULL, 0, &cbSize); - pOwnerToken = (PTOKEN_OWNER)LocalAlloc(LPTR, cbSize); - FAIL(GetTokenInformation(token, TokenOwner, - pOwnerToken, cbSize, &cbSize) == FALSE); - FAIL(LsaCopySid(&tokenInfo->Owner.Owner, pOwnerToken->Owner)); - - GetTokenInformation(token, TokenPrimaryGroup, NULL, 0, &cbSize); - pPrimaryGroupToken = (PTOKEN_PRIMARY_GROUP)LocalAlloc(LPTR, cbSize); - FAIL(GetTokenInformation(token, TokenPrimaryGroup, - pPrimaryGroupToken, cbSize, &cbSize) == FALSE); - FAIL(LsaCopySid(&tokenInfo->PrimaryGroup.PrimaryGroup, - pPrimaryGroupToken->PrimaryGroup)); - - tokenInfo->DefaultDacl.DefaultDacl = NULL; - tokenInfo->ExpirationTime.HighPart = 0x7fffffff; - tokenInfo->ExpirationTime.LowPart = 0xffffffff; - exitCode = 0; - -fail: - LsaApi.FreeLsaHeap(pUserToken); - LsaApi.FreeLsaHeap(pGroupsToken); - LsaApi.FreeLsaHeap(pOwnerToken); - LsaApi.FreeLsaHeap(pPrimaryGroupToken); - - return exitCode; -} - - -NTSTATUS NTAPI -LsaApLogonUser(PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logonType, - PVOID authData, PVOID clientAuthData, ULONG authDataSize, - PVOID *profile, PULONG profileSize, PLUID logonId, - PNTSTATUS subStat, - PLSA_TOKEN_INFORMATION_TYPE tokenInfoType, - PVOID *tokenInfo, - PLSA_UNICODE_STRING *accountName, - PLSA_UNICODE_STRING *authority) -{ - - NTSTATUS ntStat = STATUS_LOGON_FAILURE; - int exitCode = 1; - wchar_t *inUserName = NULL; - WCHAR samUserBuf[MAX_ACCOUNT_NAME_SIZE + 1]; - SECURITY_STRING samUser; - UNICODE_STRING *flatName = NULL; - UCHAR *userAuth = NULL; - ULONG userAuthSize; - wchar_t homeDir[PATH_MAX]; - TOKEN_SOURCE tokenSource; - - HANDLE token = NULL; - HANDLE clientToken = NULL; - SECPKG_CLIENT_INFO clientInfo; - inUserName = (wchar_t *)authData; - - NTFAIL(LsaApi.GetClientInfo(&clientInfo)); - FAIL(Not(clientInfo.HasTcbPrivilege)); - NTFAIL(LsaAllocUnicodeString(authority, MAX_ACCOUNT_NAME_SIZE)); - NTFAIL(LsaAllocUnicodeString(accountName, MAX_ACCOUNT_NAME_SIZE)); - NTFAIL(LsaAllocUnicodeString(&flatName, MAX_ACCOUNT_NAME_SIZE)); - - lstrcpyW(samUserBuf, inUserName); - samUserBuf[MAX_ACCOUNT_NAME_SIZE] = 0x00; - RtlInitUnicodeString((PUNICODE_STRING)&samUser, samUserBuf); - NTFAIL(LsaApi.GetAuthDataForUser(&samUser, SecNameFlat, NULL, - &userAuth, &userAuthSize, flatName)); - - memcpy(tokenSource.SourceName, "_sshlsa_", 8); - AllocateLocallyUniqueId(&tokenSource.SourceIdentifier); - NTFAIL(LsaApi.ConvertAuthDataToToken(userAuth, userAuthSize, - SecurityDelegation, - &tokenSource, Network, - *authority, &token, logonId, - *accountName, subStat)); - - NTFAIL(LsaApi.AllocateClientBuffer(request, PATH_MAX * sizeof(wchar_t), profile)); - *profileSize = PATH_MAX; - NTFAIL(LsaApi.CopyToClientBuffer(request, PATH_MAX * sizeof(wchar_t), - *profile, homeDir)); - - PLSA_TOKEN_INFORMATION_V1 outTokenInfo; - FAIL(LsaAllocTokenInfo(&outTokenInfo, token)); - *tokenInfoType = LsaTokenInformationV1; - *tokenInfo = outTokenInfo; - - NTFAIL(LsaApi.DuplicateHandle(token, &clientToken)); - ntStat = STATUS_SUCCESS; - exitCode = 0; - -fail: - if (exitCode) - { - ntStat = STATUS_LOGON_FAILURE; - CloseHandle(clientToken); - LsaApi.DeleteLogonSession(logonId); - *profileSize = 0; - } - - CloseHandle(token); - LsaFreeUnicodeString(flatName); - return ntStat; -} - - -VOID NTAPI LsaApLogonTerminated(PLUID logonId) -{ -} - -BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpRes) -{ - BOOL exitCode = FALSE; - - switch (dwReason) - { - case DLL_PROCESS_ATTACH: - { - NtDll = GetModuleHandle("ntdll.dll"); - - FAIL(NtDll == NULL); - RtlInitUnicodeString = (RtlInitUnicodeStringPtr) - GetProcAddress(NtDll, "RtlInitUnicodeString"); - FAIL(RtlInitUnicodeString == NULL); - break; - } - - case DLL_PROCESS_DETACH: - FreeModule(NtDll); - } - - exitCode = TRUE; - -fail: - - if (exitCode == FALSE) - FreeModule(NtDll); - - return exitCode; -} diff --git a/contrib/win32/win32compat/lsastring.c b/contrib/win32/win32compat/lsastring.c deleted file mode 100644 index 7543b5454..000000000 --- a/contrib/win32/win32compat/lsastring.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "LsaString.h" - -/* - * Allocate UNICODE_STRING's buffer and initializes it with - * given string. - * - * lsaStr - UNICODE_STRING to initialize (IN/OUT) - * wstr - string, which will be copied to lsaStr (IN) - * - * RETURNS: 0 if OK. - */ - -int InitUnicodeString(UNICODE_STRING *lsaStr, const wchar_t *wstr) -{ - int exitCode = 1; - - int size = (wstr) ? wcslen(wstr) * 2 : 0; - - lsaStr -> Length = size; - lsaStr -> MaximumLength = size + 2; - lsaStr -> Buffer = (wchar_t *) malloc(size + 2); - - FAIL(lsaStr -> Buffer == NULL); - - memcpy(lsaStr -> Buffer, wstr, size); - - lsaStr -> Buffer[size / 2] = 0; - - exitCode = 0; - -fail: - - if (exitCode) - { - printf("ERROR. Cannot initialize UNICODE_STRING..."); - } - - return exitCode; -} - - -/* - * Allocate LSA_STRING's buffer and initializes it with - * given string. - * - * lsaStr - LSA_STRING to initialize (IN/OUT) - * str - string, which will be copied to lsaStr (IN) - * - * RETURNS: 0 if OK. - */ - -int InitLsaString(LSA_STRING *lsaStr, const char *str) -{ - int exitCode = 1; - - int len = (str) ? strlen(str) : 0; - - lsaStr -> Length = len; - lsaStr -> MaximumLength = len + 1; - lsaStr -> Buffer = (char *) malloc(len + 1); - - FAIL(lsaStr -> Buffer == NULL); - - memcpy(lsaStr -> Buffer, str, len); - - lsaStr -> Buffer[len] = 0; - - exitCode = 0; - -fail: - - if (exitCode) - { - printf("ERROR. Cannot initialize LSA_STRING..."); - } - - return exitCode; -} - - -/* - * Clear LSA_STRING's buffer. - * - * lsaStr - LSA_STRING to clear (IN/OUT) - */ - -void ClearLsaString(LSA_STRING *lsaStr) -{ - if (lsaStr) - { - if (lsaStr -> Buffer) - { - free(lsaStr -> Buffer); - - lsaStr -> Buffer = NULL; - } - lsaStr -> MaximumLength = 0; - lsaStr -> Length = 0; - } -} - -/* - * Clear UNICODE_STRING's buffer. - * - * lsaStr - UNICODE_STRING to clear (IN/OUT) - */ - -void ClearUnicodeString(UNICODE_STRING *lsaStr) -{ - if (lsaStr) - { - if (lsaStr -> Buffer) - { - free(lsaStr -> Buffer); - - lsaStr -> Buffer = NULL; - } - lsaStr -> MaximumLength = 0; - lsaStr -> Length = 0; - } -} diff --git a/contrib/win32/win32compat/lsastring.h b/contrib/win32/win32compat/lsastring.h deleted file mode 100644 index 5f7a7fc5a..000000000 --- a/contrib/win32/win32compat/lsastring.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef LsaString_H -#define LsaString_H - - -#include -#include -#include - -#include "Debug.h" - -int InitUnicodeString(UNICODE_STRING *lsaStr, const wchar_t *wstr); - -void ClearUnicodeString(UNICODE_STRING *lsaStr); - -int InitLsaString(LSA_STRING *lsaStr, const char *str); - -void ClearLsaString(LSA_STRING *lsaStr); - -#endif diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c index 0fd765eb6..5f0259c94 100644 --- a/contrib/win32/win32compat/ssh-agent/authagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/authagent-request.c @@ -127,7 +127,7 @@ generate_user_token(wchar_t* user_cpn) { if (domain_user) InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A); else - InitLsaString(&auth_package_name, "SSH-LSA"); + InitLsaString(&auth_package_name, MSV1_0_PACKAGE_NAME); InitLsaString(&originName, "sshd"); if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS) @@ -154,11 +154,24 @@ generate_user_token(wchar_t* user_cpn) { s4u_logon->ClientRealm.MaximumLength = 0; s4u_logon->ClientRealm.Buffer = 0; } else { - logon_info_size = (wcslen(user_cpn) + 1)*sizeof(wchar_t); + MSV1_0_S4U_LOGON *s4u_logon; + logon_info_size = sizeof(MSV1_0_S4U_LOGON); + /* additional buffer size = size of user_cpn + size of "." and their null terminators */ + logon_info_size += (wcslen(user_cpn) * 2 + 2) + 4; logon_info = malloc(logon_info_size); if (logon_info == NULL) goto done; - memcpy(logon_info, user_cpn, logon_info_size); + s4u_logon = (MSV1_0_S4U_LOGON*)logon_info; + s4u_logon->MessageType = MsV1_0S4ULogon; + s4u_logon->Flags = 0; + s4u_logon->UserPrincipalName.Length = wcslen(user_cpn) * 2; + s4u_logon->UserPrincipalName.MaximumLength = s4u_logon->UserPrincipalName.Length; + s4u_logon->UserPrincipalName.Buffer = (WCHAR*)(s4u_logon + 1); + memcpy(s4u_logon->UserPrincipalName.Buffer, user_cpn, s4u_logon->UserPrincipalName.Length + 2); + s4u_logon->DomainName.Length = 2; + s4u_logon->DomainName.MaximumLength = 2; + s4u_logon->DomainName.Buffer = ((WCHAR*)s4u_logon->UserPrincipalName.Buffer) + wcslen(user_cpn) + 1; + memcpy(s4u_logon->DomainName.Buffer, L".", 4); } memcpy(sourceContext.SourceName,"sshagent", sizeof(sourceContext.SourceName)); @@ -180,7 +193,7 @@ generate_user_token(wchar_t* user_cpn) { &token, "as, &subStatus) != STATUS_SUCCESS) { - debug("LsaLogonUser failed %d", ret); + debug("LsaLogonUser failed NTSTATUS: %d", ret); goto done; } debug3("LsaLogonUser succeeded");