diff --git a/auth-passwd.c b/auth-passwd.c index d95f1184a..1cd69cf09 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -232,33 +232,31 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) extern int auth_sock; int sys_auth_passwd(Authctxt *authctxt, const char *password) { - u_char *blob = NULL; size_t blen = 0; DWORD token = 0; struct sshbuf *msg = NULL; + int r; msg = sshbuf_new(); if (!msg) - return 0; + fatal("%s: out of memory", __func__); if (sshbuf_put_u8(msg, SSH_AGENT_AUTHENTICATE) != 0 || - sshbuf_put_cstring(msg, PASSWD_AUTH_REQUEST) != 0 || - sshbuf_put_cstring(msg, authctxt->pw->pw_name) != 0 || - sshbuf_put_cstring(msg, authctxt->pw->pw_domain) != 0 || - sshbuf_put_cstring(msg, password) != 0 || - ssh_request_reply(auth_sock, msg, msg) != 0 || - sshbuf_get_u32(msg, &token) != 0) { + sshbuf_put_cstring(msg, PASSWD_AUTH_REQUEST) != 0 || + sshbuf_put_cstring(msg, authctxt->pw->pw_name) != 0 || + sshbuf_put_cstring(msg, authctxt->pw->pw_domain) != 0 || + sshbuf_put_cstring(msg, password) != 0 || + ssh_request_reply(auth_sock, msg, msg) != 0 || + sshbuf_get_u32(msg, &token) != 0) { debug("auth agent did not authorize client %s", authctxt->user); - return 0; + r = 0; + goto done; } - - if (blob) - free(blob); + authctxt->methoddata = (void*)(INT_PTR)token; + r = 1; +done: if (msg) sshbuf_free(msg); - - authctxt->methoddata = (void*)(INT_PTR)token; - - return 1; + return r; } #endif /* WINDOWS */ diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 361279872..b3f91fc4f 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -190,17 +190,17 @@ userauth_pubkey(Authctxt *authctxt) while (1) { msg = sshbuf_new(); if (!msg) - break; + fatal("%s: out of memory", __func__); if ((r = sshbuf_put_u8(msg, SSH_AGENT_AUTHENTICATE)) != 0 || - (r = sshbuf_put_cstring(msg, PUBKEY_AUTH_REQUEST)) != 0 || - (r = sshkey_to_blob(key, &blob, &blen)) != 0 || - (r = sshbuf_put_string(msg, blob, blen)) != 0 || - (r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 || - (r = sshbuf_put_cstring(msg, authctxt->pw->pw_domain)) != 0 || - (r = sshbuf_put_string(msg, sig, slen)) != 0 || - (r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 || - (r = ssh_request_reply(auth_sock, msg, msg)) != 0 || - (r = sshbuf_get_u32(msg, &token)) != 0) { + (r = sshbuf_put_cstring(msg, PUBKEY_AUTH_REQUEST)) != 0 || + (r = sshkey_to_blob(key, &blob, &blen)) != 0 || + (r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 || + (r = sshbuf_put_cstring(msg, authctxt->pw->pw_domain)) != 0 || + (r = sshbuf_put_string(msg, sig, slen)) != 0 || + (r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 || + (r = ssh_request_reply(auth_sock, msg, msg)) != 0 || + (r = sshbuf_get_u32(msg, &token)) != 0) { debug("auth agent did not authorize client %s", authctxt->user); break; } diff --git a/authfd.c b/authfd.c index 6d275454a..63614c941 100644 --- a/authfd.c +++ b/authfd.c @@ -97,35 +97,39 @@ ssh_get_authentication_socket(int *fdp) #ifdef WINDOWS /* Auth socket in Windows is a static-named pipe listener in ssh-agent */ { -#define SSH_AGENT_REG_ROOT L"SOFTWARE\\SSH\\Agent" -#define SSH_AGENT_PIPE_NAME L"\\\\.\\pipe\\ssh-agent" HKEY agent_root = 0; DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff; + DWORD connection_attempts = 0; HANDLE h; - RegOpenKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_REG_ROOT, 0, KEY_QUERY_VALUE, &agent_root); + RegOpenKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_REG_ROOT, + 0, KEY_QUERY_VALUE, &agent_root); if (agent_root) { - RegQueryValueEx(agent_root, "ProcessId", 0, NULL, (LPBYTE)&agent_pid, &tmp_size); + RegQueryValueEx(agent_root, "ProcessId", 0, + NULL, (LPBYTE)&agent_pid, &tmp_size); RegCloseKey(agent_root); } do { h = CreateFileW(SSH_AGENT_PIPE_NAME, GENERIC_READ | GENERIC_WRITE, 0, - NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); - if (h != INVALID_HANDLE_VALUE || GetLastError() != ERROR_PIPE_BUSY) + NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); + if (h != INVALID_HANDLE_VALUE || GetLastError() != ERROR_PIPE_BUSY || + ++connection_attempts > 10) break; Sleep(100); } while(1); if (h == INVALID_HANDLE_VALUE) { - debug("ssh_get_authentication_socket - CreateFileW failed error %d", GetLastError()); + debug("ssh_get_authentication_socket - CreateFileW failed error %d", + GetLastError()); return SSH_ERR_AGENT_NOT_PRESENT; } /* - * ensure that connected server pid matches published pid. this provides service side - * auth and prevents mitm + * ensure that connected server pid matches published pid. + * this provides service side auth and prevents mitm */ - if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) { + if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || + (agent_pid != pipe_server_pid)) { debug("agent pid mismatch"); CloseHandle(h); return SSH_ERR_AGENT_COMMUNICATION; diff --git a/authfd.h b/authfd.h index 38cffaf0e..468147915 100644 --- a/authfd.h +++ b/authfd.h @@ -96,5 +96,7 @@ int ssh_agent_sign(int sock, struct sshkey *key, #define SSH_AGENT_AUTHENTICATE 200 #define PUBKEY_AUTH_REQUEST "pubkey" #define PASSWD_AUTH_REQUEST "password" +#define SSH_AGENT_REG_ROOT L"SOFTWARE\\SSH\\Agent" +#define SSH_AGENT_PIPE_NAME L"\\\\.\\pipe\\ssh-agent" #endif /* AUTHFD_H */ diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs index edcd5610a..c6b3b86c0 100644 --- a/contrib/win32/openssh/config.h.vs +++ b/contrib/win32/openssh/config.h.vs @@ -1678,14 +1678,12 @@ #define __func__ __FUNCTION__ #endif +/* Windows specific macro added to workaround mysignal implementaion in bsd-misc.c */ +#define HAVE_MYSIGNAL 1 + #define PATH_MAX MAX_PATH -//#define IN_LOOPBACKNET INADDR_LOOPBACK - #define S_IFIFO 0x1000 -//#define SHUT_RDWR 2 -//#define SHUT_WR 1 -//#define SHUT_RD 0 #define HAVE_EXPLICIT_BZERO diff --git a/contrib/win32/win32compat/inc/signal.h b/contrib/win32/win32compat/inc/signal.h index 3b98fa389..5eeba7799 100644 --- a/contrib/win32/win32compat/inc/signal.h +++ b/contrib/win32/win32compat/inc/signal.h @@ -52,8 +52,10 @@ typedef int sigset_t; #define W32_SIG_IGN ((sighandler_t)1) sighandler_t w32_signal(int signum, sighandler_t handler); -#define signal(a,b) w32_signal((a), (b)) -#define mysignal(a,b) w32_signal((a), (b)) +//#define signal(a,b) w32_signal((a), (b)) +//#define mysignal(a,b) w32_signal((a), (b)) +sighandler_t mysignal(int signum, sighandler_t handler); + int w32_raise(int sig); #define raise(a) w32_raise(a) diff --git a/contrib/win32/win32compat/signal.c b/contrib/win32/win32compat/signal.c index e4fd581a2..04ff903c2 100644 --- a/contrib/win32/win32compat/signal.c +++ b/contrib/win32/win32compat/signal.c @@ -119,6 +119,11 @@ sw_init_signal_handler_table() memset(sig_handlers, 0, sizeof(sig_handlers)); } +sighandler_t +mysignal(int signum, sighandler_t handler) { + return w32_signal(signum, handler); +} + sighandler_t w32_signal(int signum, sighandler_t handler) { diff --git a/misc.c b/misc.c index 2ef0220b2..0f6ed69ec 100644 --- a/misc.c +++ b/misc.c @@ -226,12 +226,13 @@ pwcopy(struct passwd *pw) copy->pw_dir = xstrdup(pw->pw_dir); copy->pw_shell = xstrdup(pw->pw_shell); #ifdef WINDOWS + /* copy additionaly pw entries for Windows */ if (pw->pw_domain != NULL) copy->pw_domain = xstrdup(pw->pw_domain); else copy->pw_domain = NULL; copy->pw_sid = xstrdup(pw->pw_sid); -#endif // WINDOWS +#endif /* WINDOWS */ return copy; } @@ -447,7 +448,7 @@ colon(char *cp) #ifdef WINDOWS /* * Account for Windows file names in the form x: or /x: - * Note: This may conflict with potential single charecter targets + * Note: This may conflict with potential single character targets */ if ((*cp != '\0' && cp[1] == ':') || (cp[0] == '/' && cp[1] != '\0' && cp[2] == ':')) diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index 128f9b6e7..47237dea3 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -83,10 +83,11 @@ _rs_init(u_char *buf, size_t n) static void getrnd(u_char *s, size_t len) { HCRYPTPROV hProvider; - if (CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT) == FALSE || - CryptGenRandom(hProvider, len, s) == FALSE || - CryptReleaseContext(hProvider, 0) == FALSE) - DebugBreak(); + if (CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT) == FALSE || + CryptGenRandom(hProvider, len, s) == FALSE || + CryptReleaseContext(hProvider, 0) == FALSE) + fatal("%s Crypto error: %d", __func__, GetLastError()); } #else /* !WINDOWS */ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index c03ac6869..6285ff4cc 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -211,7 +211,11 @@ tcsendbreak(int fd, int duration) } #endif /* HAVE_TCSENDBREAK */ -#ifdef HAVE_SIGACTION /* Moved out of function definition */ +/* + * This is not a BSD routine. Why is this here? + * Macro added to override this implementation for Windows + */ +#ifndef HAVE_MYSIGNAL mysig_t mysignal(int sig, mysig_t act) { diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 77029fa6b..6f08b09fa 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -95,12 +95,10 @@ int unsetenv(const char *); #endif /* wrapper for signal interface */ -#ifdef HAVE_SIGACTION typedef void (*mysig_t)(int); mysig_t mysignal(int sig, mysig_t act); #define signal(a,b) mysignal(a,b) -#endif #ifndef HAVE_ISBLANK int isblank(int); diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c index cd88a4233..c32121a03 100644 --- a/regress/unittests/utf8/tests.c +++ b/regress/unittests/utf8/tests.c @@ -64,9 +64,8 @@ tests(void) TEST_DONE(); return; #endif - - TEST_START("utf8_setlocale"); - loc = setlocale(LC_CTYPE, "en_US.UTF-8"); + TEST_START("utf8_setlocale"); + loc = setlocale(LC_CTYPE, "en_US.UTF-8"); ASSERT_PTR_NE(loc, NULL); TEST_DONE(); diff --git a/sshd.c b/sshd.c index cfb591270..364ac9e48 100644 --- a/sshd.c +++ b/sshd.c @@ -1087,7 +1087,8 @@ server_listen(void) #ifdef WINDOWS /* disable inheritance on listener socket */ if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) != 0) { - error("F_SETFD FD_CLOEXEC on listener socket %d failed with %d", listen_sock, errno); + error("F_SETFD FD_CLOEXEC on socket %d error %d", + listen_sock, errno); close(listen_sock); continue; } @@ -1297,19 +1298,25 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) */ { char* path_utf8 = utf16_to_utf8(GetCommandLineW()); - char fd_handle[30]; /* large enough to hold pointer value in hex */ + /* large enough to hold pointer value in hex */ + char fd_handle[30]; if (path_utf8 == NULL) fatal("Failed to alloc memory"); - if (snprintf(fd_handle, sizeof(fd_handle), "%p", w32_fd_to_handle(*newsock)) == -1 + if (snprintf(fd_handle, sizeof(fd_handle), "%p", + w32_fd_to_handle(*newsock)) == -1 || SetEnvironmentVariable("SSHD_REMSOC", fd_handle) == FALSE - || snprintf(fd_handle, sizeof(fd_handle), "%p", w32_fd_to_handle(startup_p[1])) == -1 + || snprintf(fd_handle, sizeof(fd_handle), "%p", + w32_fd_to_handle(startup_p[1])) == -1 || SetEnvironmentVariable("SSHD_STARTUPSOC", fd_handle) == FALSE || fcntl(startup_p[0], F_SETFD, FD_CLOEXEC) == -1) { - error("unable to set the right environment for child, closing connection "); + error("unable to set environment for child"); close(*newsock); - /* close child end of startup pipe. parent end will automatically be cleaned up on next iteration*/ + /* + * close child end of startup pipe. parent end will + * automatically be cleaned up on next iteration + */ close(startup_p[1]); continue; } diff --git a/sshpty.c b/sshpty.c index 3d6e2b118..150223c25 100644 --- a/sshpty.c +++ b/sshpty.c @@ -55,45 +55,46 @@ #ifdef WINDOWS /* - * Windows versions of pty_*. Some of them are NO-OPs and should go away when - * pty logic is refactored and abstracted out + * Windows versions of pty_*. Some of them are NO-OPs and should go + * away when pty logic is refactored and abstracted out * */ int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { - /* - * Simple console screen implementation in Win32 to give a Unix like pty for interactive sessions - */ - *ttyfd = 0; - *ptyfd = 0; - strlcpy(namebuf, "console", namebuflen); - return 1; + /* + * Simple console screen implementation in Win32 to give a + * Unix like pty for interactive sessions + */ + *ttyfd = 0; + *ptyfd = 0; + strlcpy(namebuf, "console", namebuflen); + return 1; } void pty_release(const char *tty) { - /* NO-OP */ + /* NO-OP */ } void pty_make_controlling_tty(int *ttyfd, const char *tty) { - /* NO-OP */ + /* NO-OP */ } void pty_change_window_size(int ptyfd, u_int row, u_int col, - u_int xpixel, u_int ypixel) { - COORD coord; - coord.X = col; - coord.Y = 9999; - SetConsoleScreenBufferSize(GetStdHandle(STD_OUTPUT_HANDLE), coord); + u_int xpixel, u_int ypixel) { + COORD coord; + coord.X = col; + coord.Y = 9999; + SetConsoleScreenBufferSize(GetStdHandle(STD_OUTPUT_HANDLE), coord); } void pty_setowner(struct passwd *pw, const char *tty) { - /* NO-OP */ + /* NO-OP */ } void diff --git a/sshtty.c b/sshtty.c index b971bbc54..aca8899cd 100644 --- a/sshtty.c +++ b/sshtty.c @@ -57,7 +57,10 @@ int ConUnInit(void); struct termios term_settings; -/* TODO - clean this up for Windows, ConInit should return previous terminal settings that need to be stored in term_settings*/ +/* + * TODO - clean this up for Windows, ConInit should return previous terminal + * settings that need to be stored in term_settings + */ struct termios * get_saved_tio(void) {