Separate binary path from cfg path and log path (#263)

Separate binary path from cfg path and log path, test update
This commit is contained in:
bagajjal 2018-01-19 15:12:43 -08:00 committed by Yanbing
parent 88defae8c1
commit c85ba2b8c3
19 changed files with 201 additions and 124 deletions

View File

@ -5,14 +5,14 @@ If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $
Import-Module $PSScriptRoot\OpenSSHUtils -Force
#check sshd config file
$sshdConfigPath = join-path $PSScriptRoot "sshd_config"
$sshdConfigPath = join-path $env:ProgramData\ssh "sshd_config"
if(Test-Path $sshdConfigPath -PathType Leaf)
{
Repair-SshdConfigPermission -FilePath $sshdConfigPath @psBoundParameters
}
else
{
Write-host "$FilePath does not exist" -ForegroundColor Yellow
Write-host "$sshdConfigPath does not exist" -ForegroundColor Yellow
}
#check host keys
@ -36,7 +36,7 @@ If you choose not to register the keys with ssh-agent, please grant sshd read ac
Write-Host " "
}#>
Get-ChildItem $PSScriptRoot\ssh_host_*_key -ErrorAction SilentlyContinue | % {
Get-ChildItem $env:ProgramData\ssh\ssh_host_*_key -ErrorAction SilentlyContinue | % {
Repair-SshdHostKeyPermission -FilePath $_.FullName @psBoundParameters
}

View File

@ -344,7 +344,7 @@ function Start-OpenSSHPackage
$buildDir = Join-Path $repositoryRoot ("bin\" + $folderName + "\" + $Configuration)
$payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe"
$payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe", "ssh-keyscan.exe"
$payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1"
$payload += "sshd_config_default", "install-sshd.ps1", "uninstall-sshd.ps1"
$payload +="FixHostFilePermissions.ps1", "FixUserFilePermissions.ps1", "OpenSSHUtils.psm1", "OpenSSHUtils.psd1"
$packageName = "OpenSSH-Win64"

View File

@ -13,6 +13,7 @@ $PubKeyUser = "sshtest_pubkeyuser"
$PasswdUser = "sshtest_passwduser"
$OpenSSHTestAccountsPassword = "P@ssw0rd_1"
$OpenSSHTestAccounts = $Script:SSOUser, $Script:PubKeyUser, $Script:PasswdUser
$OpenSSHConfigPath = Join-Path $env:ProgramData "ssh"
$Script:TestDataPath = "$env:SystemDrive\OpenSSHTests"
$Script:E2ETestResultsFile = Join-Path $TestDataPath $E2ETestResultsFileName
@ -162,25 +163,19 @@ WARNING: Following changes will be made to OpenSSH configuration
}
#Backup existing OpenSSH configuration
$backupConfigPath = Join-Path $script:OpenSSHBinPath sshd_config.ori
$backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori
if (-not (Test-Path $backupConfigPath -PathType Leaf)) {
Copy-Item (Join-Path $script:OpenSSHBinPath sshd_config) $backupConfigPath -Force
Copy-Item (Join-Path $OpenSSHConfigPath sshd_config) $backupConfigPath -Force
}
$targetsshdConfig = Join-Path $script:OpenSSHBinPath sshd_config
$targetsshdConfig = Join-Path $OpenSSHConfigPath sshd_config
# copy new sshd_config
if($Script:WindowsInBox -and (Test-Path $targetsshdConfig))
{
$currentUser = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN), $($env:USERNAME))
Add-PermissionToFileACL -FilePath $targetsshdConfig -User $currentUser -Perm "Read,Write"
}
Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) $targetsshdConfig -Force
Start-Service ssh-agent
#copy sshtest keys
Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force
Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*"| % {
Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $OpenSSHConfigPath -Force
Get-ChildItem "$($OpenSSHConfigPath)\sshtest*hostkey*"| % {
#workaround for the cariggage new line added by git before copy them
$filePath = "$($_.FullName)"
$con = (Get-Content $filePath | Out-String).Replace("`r`n","`n")
@ -191,8 +186,8 @@ WARNING: Following changes will be made to OpenSSH configuration
}
}
#copy ca pubkey to SSHD bin path
Copy-Item "$($Script:E2ETestDirectory)\sshtest_ca_userkeys.pub" $script:OpenSSHBinPath -Force
#copy ca pubkey to ssh config path
Copy-Item "$($Script:E2ETestDirectory)\sshtest_ca_userkeys.pub" $OpenSSHConfigPath -Force
#copy ca private key to test dir
$ca_priv_key = (Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_ca_userkeys)
@ -249,7 +244,6 @@ WARNING: Following changes will be made to OpenSSH configuration
$authorizedKeyPath = Join-Path $ssouserProfile .ssh\authorized_keys
$testPubKeyPath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519.pub
Copy-Item $testPubKeyPath $authorizedKeyPath -Force -ErrorAction SilentlyContinue
Repair-AuthorizedKeyPermission -FilePath $authorizedKeyPath -confirm:$false
copy-item (Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519) $Global:OpenSSHTestInfo["TestDataPath"]
$testPriKeypath = Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_userssokey_ed25519
@ -469,14 +463,14 @@ function Clear-OpenSSHTestEnvironment
Remove-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Auto -ErrorAction SilentlyContinue -Force | Out-Null
}
Remove-Item "$sshBinPath\sshtest*hostkey*" -Force -ErrorAction SilentlyContinue
Remove-Item "$sshBinPath\sshtest*ca_userkeys*" -Force -ErrorAction SilentlyContinue
Remove-Item "$OpenSSHConfigPath\sshtest*hostkey*" -Force -ErrorAction SilentlyContinue
Remove-Item "$OpenSSHConfigPath\sshtest*ca_userkeys*" -Force -ErrorAction SilentlyContinue
#Restore sshd_config
$backupConfigPath = Join-Path $sshBinPath sshd_config.ori
$backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori
if (Test-Path $backupConfigPath -PathType Leaf) {
Copy-Item $backupConfigPath (Join-Path $sshBinPath sshd_config) -Force -ErrorAction SilentlyContinue
Remove-Item (Join-Path $sshBinPath sshd_config.ori) -Force -ErrorAction SilentlyContinue
Copy-Item $backupConfigPath (Join-Path $OpenSSHConfigPath sshd_config) -Force -ErrorAction SilentlyContinue
Remove-Item (Join-Path $OpenSSHConfigPath sshd_config.ori) -Force -ErrorAction SilentlyContinue
Restart-Service sshd
}

View File

@ -1692,7 +1692,7 @@
#define HAVE_MBLEN 1
#define _PATH_PRIVSEP_CHROOT_DIR "."
#define SSHDIR "."
#define SSHDIR "__PROGRAMDATA__\\ssh"
#define _PATH_SFTP_SERVER "sftp-server.exe"
#define _PATH_SSH_PROGRAM "ssh.exe"
#define _PATH_LS "dir"

View File

@ -196,7 +196,7 @@
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -228,7 +228,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -260,7 +260,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -292,7 +292,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -328,7 +328,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -364,7 +364,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -400,7 +400,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>
@ -436,7 +436,7 @@ If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir
copy /Y "$(SolutionDir)uninstall-ssh*ps1" "$(OutDir)"
copy /Y "$(SolutionDir)OpenSSHUtils.ps*1" "$(OutDir)"
copy /Y "$(SolutionDir)Fix*FilePermissions.ps1" "$(OutDir)"
If NOT exist "$(OutDir)\sshd_config" (copy "$(SolutionDir)sshd_config" "$(OutDir)")</Command>
copy /Y "$(SolutionDir)sshd_config" "$(OutDir)sshd_config_default"</Command>
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
</PostBuildEvent>
</ItemDefinitionGroup>

View File

@ -8,7 +8,8 @@ $scriptdir = Split-Path $scriptpath
$sshdpath = Join-Path $scriptdir "sshd.exe"
$sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
$logsdir = Join-Path $scriptdir "logs"
$sshdir = Join-Path $env:ProgramData "\ssh"
$logsdir = Join-Path $sshdir "logs"
if (-not (Test-Path $sshdpath)) {
throw "sshd.exe is not present in script path"
@ -31,6 +32,20 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW
New-Service -Name sshd -BinaryPathName `"$sshdpath`" -Description "SSH Daemon" -StartupType Manual | Out-Null
#create the ssh config folder and set its permissions
if(-not (test-path $sshdir -PathType Container))
{
$null = New-Item $sshdir -ItemType Directory -Force -ErrorAction Stop
}
$acl = Get-Acl -Path $sshdir
# following SDDL implies
# - owner - built in Administrators
# - disabled inheritance
# - Full access to System
# - Full access to built in Administrators
$acl.SetSecurityDescriptorSddlForm("O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)")
Set-Acl -Path $sshdir -AclObject $acl
# create logs folder and set its permissions
if(-not (test-path $logsdir -PathType Container))
{
@ -45,4 +60,12 @@ $acl = Get-Acl -Path $logsdir
$acl.SetSecurityDescriptorSddlForm("O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)")
Set-Acl -Path $logsdir -AclObject $acl
#copy sshd_config_default to $sshdir\sshd_config
$sshdconfigpath = Join-Path $sshdir "sshd_config"
$sshddefaultconfigpath = Join-Path $scriptdir "sshd_config_default"
if(-not (test-path $sshdconfigpath -PathType Leaf))
{
$null = Copy-Item $sshddefaultconfigpath -Destination $sshdconfigpath -ErrorAction Stop
}
Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"

View File

@ -20,3 +20,5 @@ FILE* w32_fdopen(int fd, const char *mode);
int w32_rename(const char *old_name, const char *new_name);
#define rename w32_rename
int is_absolute_path(char *);

View File

@ -241,7 +241,7 @@ dlsym(HMODULE handle, const char *symbol)
* only r, w, a are supported for now
*/
FILE *
w32_fopen_utf8(const char *path, const char *mode)
w32_fopen_utf8(const char *input_path, const char *mode)
{
wchar_t wpath[PATH_MAX], wmode[5];
FILE* f;
@ -249,18 +249,21 @@ w32_fopen_utf8(const char *path, const char *mode)
char first3_bytes[3];
int status = 1;
errno_t r = 0;
char *path = NULL;
if (mode[1] != '\0') {
errno = ENOTSUP;
return NULL;
}
if(NULL == path) {
if(NULL == input_path) {
errno = EINVAL;
debug3("fopen - ERROR:%d", errno);
return NULL;
}
path = resolved_path(input_path);
/* if opening null device, point to Windows equivalent */
if (0 == strncmp(path, NULL_DEVICE, strlen(NULL_DEVICE)+1)) {
if ((r = wcsncpy_s(wpath, PATH_MAX, L"NUL", 3)) != 0) {
@ -518,7 +521,7 @@ int
w32_chmod(const char *pathname, mode_t mode)
{
int ret;
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(sanitized_path(pathname));
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(resolved_path(pathname));
if (resolvedPathName_utf16 == NULL) {
errno = ENOMEM;
return -1;
@ -646,7 +649,7 @@ w32_utimes(const char *filename, struct timeval *tvp)
{
int ret;
FILETIME acttime, modtime;
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(sanitized_path(filename));
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(resolved_path(filename));
if (resolvedPathName_utf16 == NULL) {
errno = ENOMEM;
return -1;
@ -680,8 +683,14 @@ link(const char *oldpath, const char *newpath)
int
w32_rename(const char *old_name, const char *new_name)
{
wchar_t *resolvedOldPathName_utf16 = utf8_to_utf16(sanitized_path(old_name));
wchar_t *resolvedNewPathName_utf16 = utf8_to_utf16(sanitized_path(new_name));
char old_name_resolved[PATH_MAX] = {0, };
char new_name_resolved[PATH_MAX] = {0, };
strcpy_s(old_name_resolved, _countof(old_name_resolved), resolved_path(old_name));
strcpy_s(new_name_resolved, _countof(new_name_resolved), resolved_path(new_name));
wchar_t *resolvedOldPathName_utf16 = utf8_to_utf16(old_name_resolved);
wchar_t *resolvedNewPathName_utf16 = utf8_to_utf16(new_name_resolved);
if (NULL == resolvedOldPathName_utf16 || NULL == resolvedNewPathName_utf16) {
errno = ENOMEM;
@ -694,17 +703,17 @@ w32_rename(const char *old_name, const char *new_name)
* 2) if the new_name is directory and it is empty then delete it so that _wrename will succeed.
*/
struct _stat64 st;
if (fileio_stat(sanitized_path(new_name), &st) != -1) {
if (fileio_stat(resolved_path(new_name_resolved), &st) != -1) {
if (((st.st_mode & _S_IFMT) == _S_IFREG))
w32_unlink(new_name);
w32_unlink(new_name_resolved);
else {
DIR *dirp = opendir(new_name);
DIR *dirp = opendir(new_name_resolved);
if (NULL != dirp) {
struct dirent *dp = readdir(dirp);
closedir(dirp);
if (dp == NULL)
w32_rmdir(new_name);
w32_rmdir(new_name_resolved);
}
}
}
@ -719,7 +728,7 @@ w32_rename(const char *old_name, const char *new_name)
int
w32_unlink(const char *path)
{
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(sanitized_path(path));
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(resolved_path(path));
if (NULL == resolvedPathName_utf16) {
errno = ENOMEM;
return -1;
@ -734,7 +743,7 @@ w32_unlink(const char *path)
int
w32_rmdir(const char *path)
{
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(sanitized_path(path));
wchar_t *resolvedPathName_utf16 = utf8_to_utf16(resolved_path(path));
if (NULL == resolvedPathName_utf16) {
errno = ENOMEM;
return -1;
@ -794,7 +803,7 @@ int
w32_mkdir(const char *path_utf8, unsigned short mode)
{
int curmask;
wchar_t *path_utf16 = utf8_to_utf16(sanitized_path(path_utf8));
wchar_t *path_utf16 = utf8_to_utf16(resolved_path(path_utf8));
if (path_utf16 == NULL) {
errno = ENOMEM;
return -1;
@ -816,16 +825,16 @@ w32_mkdir(const char *path_utf8, unsigned short mode)
}
int
w32_stat(const char *path, struct w32_stat *buf)
w32_stat(const char *input_path, struct w32_stat *buf)
{
return fileio_stat(sanitized_path(path), (struct _stat64*)buf);
return fileio_stat(resolved_path(input_path), (struct _stat64*)buf);
}
/* if file is symbolic link, copy its link into "link" */
int
readlink(const char *path, char *link, int linklen)
{
if(strcpy_s(link, linklen, sanitized_path(path)))
if(strcpy_s(link, linklen, resolved_path(path)))
return -1;
return 0;
}
@ -909,31 +918,44 @@ realpath(const char *path, char resolved[PATH_MAX])
return resolved;
}
/* This function is not thread safe.
* TODO - It uses static memory. Is this a good design?
*/
char*
sanitized_path(const char *path)
resolved_path(const char *input_path)
{
if(!path) return NULL;
static char resolved_path[PATH_MAX] = {0,};
static char newPath[PATH_MAX] = { '\0', };
errno_t r = 0;
if (path[0] == '/' && path[1]) {
if (path[2] == ':') {
if (path[3] == '\0') { /* make "/x:" as "x:\\" */
if((r = strncpy_s(newPath, sizeof(newPath), path + 1, strlen(path) - 1)) != 0 ) {
debug3("memcpy_s failed with error: %d.", r);
return NULL;
}
newPath[2] = '\\';
newPath[3] = '\0';
if (!input_path) return NULL;
return newPath;
/* If filename contains __PROGRAMDATA__ then expand it to %programData% and return the resolved path */
if ((strlen(input_path) >= strlen(PROGRAM_DATA)) && (memcmp(input_path, PROGRAM_DATA, strlen(PROGRAM_DATA)) == 0)) {
resolved_path[0] = '\0';
strcat_s(resolved_path, _countof(resolved_path), get_program_data_path());
strcat_s(resolved_path, _countof(resolved_path), &input_path[strlen(PROGRAM_DATA)]);
return resolved_path; /* return here as its doesn't start with "/" */
}
strcpy_s(resolved_path, _countof(resolved_path), input_path);
if (resolved_path[0] == '/' && resolved_path[1]) {
if (resolved_path[2] == ':') {
if (resolved_path[3] == '\0') {
/* make "/x:" as "x:\\" */
resolved_path[0] = resolved_path[1];
resolved_path[1] = resolved_path[2];
resolved_path[2] = '\\';
resolved_path[3] = '\0';
return resolved_path;
} else
return (char *)(path + 1); /* skip the first "/" */
return (char *)(resolved_path + 1); /* skip the first "/" */
}
}
return (char *)path;
return (char *)resolved_path;
}
int
@ -944,7 +966,7 @@ statvfs(const char *path, struct statvfs *buf)
DWORD freeClusters;
DWORD totalClusters;
wchar_t* path_utf16 = utf8_to_utf16(sanitized_path(path));
wchar_t* path_utf16 = utf8_to_utf16(resolved_path(path));
if (path_utf16 && (GetDiskFreeSpaceW(path_utf16, &sectorsPerCluster, &bytesPerSector,
&freeClusters, &totalClusters) == TRUE)) {
debug5("path : [%s]", path);
@ -1413,3 +1435,34 @@ cleanup:
LocalFree(pSD);
return ret;
}
char*
get_program_data_path()
{
if (ssh_cfg_dir_path) return ssh_cfg_dir_path;
wchar_t ssh_cfg_dir_path_w[PATH_MAX] = {0, };
int return_val = ExpandEnvironmentStringsW(L"%programData%", ssh_cfg_dir_path_w, PATH_MAX);
if (return_val > PATH_MAX)
fatal("%s, buffer too small to expand:%s", __func__, "%programData%");
else if (!return_val)
fatal("%s, failed to expand:%s error:%s", __func__, "%programData%", GetLastError());
ssh_cfg_dir_path = utf16_to_utf8(ssh_cfg_dir_path_w);
if(!ssh_cfg_dir_path)
fatal("%s utf16_to_utf8 failed", __func__);
return ssh_cfg_dir_path;
}
/* Windows absolute paths - \abc, /abc, c:\abc, c:/abc, __PROGRAMDATA__\openssh\sshd_config */
int
is_absolute_path(char *path)
{
int retVal = 0;
if (*path == '/' || *path == '\\' || (*path != '\0' && path[1] == ':') ||
((strlen(path) >= strlen(PROGRAM_DATA)) && (memcmp(path, PROGRAM_DATA, strlen(PROGRAM_DATA)) == 0)))
retVal = 1;
return retVal;
}

View File

@ -15,28 +15,28 @@
#define IS_INVALID_HANDLE(h) ( ((NULL == h) || (INVALID_HANDLE_VALUE == h)) ? 1 : 0 )
#define IS_VALID_HANDLE(h) (!IS_INVALID_HANDLE(h))
#define PROGRAM_DATA "__PROGRAMDATA__"
#define errno_from_Win32LastError() errno_from_Win32Error(GetLastError())
static char *machine_domain_name;
static char *ssh_cfg_dir_path = NULL;
/* removes first '/' for Windows paths that are unix styled. Ex: /c:/ab.cd */
char * sanitized_path(const char *);
char * resolved_path(const char *);
void w32posix_initialize();
void w32posix_done();
char* w32_programdir();
void convertToBackslash(char *str);
void convertToBackslashW(wchar_t *str);
void convertToForwardslash(char *str);
#define errno_from_Win32LastError() errno_from_Win32Error(GetLastError())
int errno_from_Win32Error(int);
void unix_time_to_file_time(ULONG, LPFILETIME);
void file_time_to_unix_time(const LPFILETIME, time_t *);
int file_attr_to_st_mode(wchar_t * path, DWORD attributes);
void invalid_parameter_handler(const wchar_t *, const wchar_t *, const wchar_t *, unsigned int, uintptr_t);
static char *machine_domain_name;
void to_lower_case(char *s);
int get_machine_domain_name(wchar_t *domain, int size);
char* get_program_data_path();
HANDLE get_user_token(char* user);
int load_user_profile(HANDLE user_token, char* user);

View File

@ -423,7 +423,7 @@ socketio_recv(struct w32_io* pio, void *buf, size_t len, int flags)
}
}
if (0 != socketio_WSARecv(pio, &completed, len))
if (0 != socketio_WSARecv(pio, &completed, (int)len))
return -1;
if (completed) {

View File

@ -34,6 +34,8 @@
#include "inc\pwd.h"
#include "sshfileperm.h"
#include "debug.h"
#include "misc_internal.h"
#include "config.h"
/*
* The function is to check if current user is secure to access to the file.
@ -44,10 +46,10 @@
* Returns 0 on success and -1 on failure
*/
int
check_secure_file_permission(const char *name, struct passwd * pw)
check_secure_file_permission(const char *input_path, struct passwd * pw)
{
PSECURITY_DESCRIPTOR pSD = NULL;
wchar_t * name_utf16 = NULL;
wchar_t * path_utf16 = NULL;
PSID owner_sid = NULL, user_sid = NULL;
PACL dacl = NULL;
DWORD error_code = ERROR_SUCCESS;
@ -55,6 +57,7 @@ check_secure_file_permission(const char *name, struct passwd * pw)
struct passwd * pwd = pw;
char *bad_user = NULL;
int ret = 0;
char *path = NULL;
if (pwd == NULL)
if ((pwd = getpwuid(0)) == NULL)
@ -66,17 +69,19 @@ check_secure_file_permission(const char *name, struct passwd * pw)
ret = -1;
goto cleanup;
}
if ((name_utf16 = utf8_to_utf16(name)) == NULL) {
path = resolved_path(input_path);
if ((path_utf16 = utf8_to_utf16(path)) == NULL) {
ret = -1;
errno = ENOMEM;
goto cleanup;
}
/*Get the owner sid of the file.*/
if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
if ((error_code = GetNamedSecurityInfoW(path_utf16, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
&owner_sid, NULL, &dacl, NULL, &pSD)) != ERROR_SUCCESS) {
debug3("failed to retrieve the owner sid and dacl of file %s with error code: %d", name, error_code);
debug3("failed to retrieve the owner sid and dacl of file %s with error code: %d", path, error_code);
errno = EOTHER;
ret = -1;
goto cleanup;
@ -89,7 +94,7 @@ check_secure_file_permission(const char *name, struct passwd * pw)
if (!IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) &&
!IsWellKnownSid(owner_sid, WinLocalSystemSid) &&
!EqualSid(owner_sid, user_sid)) {
debug3("Bad owner on %s", name);
debug3("Bad owner on %s", path);
ret = -1;
goto cleanup;
}
@ -131,7 +136,7 @@ check_secure_file_permission(const char *name, struct passwd * pw)
debug3("ConvertSidToSidString failed with %d. ", GetLastError());
break;
}
debug3("Bad permissions. Try removing permissions for user: %s on file %s.", bad_user, name);
debug3("Bad permissions. Try removing permissions for user: %s on file %s.", bad_user, path);
break;
}
}
@ -142,8 +147,8 @@ cleanup:
LocalFree(pSD);
if (user_sid)
LocalFree(user_sid);
if(name_utf16)
free(name_utf16);
if(path_utf16)
free(path_utf16);
return ret;
}

View File

@ -442,7 +442,7 @@ w32_open(const char *pathname, int flags, ... /* arg */)
va_end(valist);
}
pio = fileio_open(sanitized_path(pathname), flags, mode);
pio = fileio_open(resolved_path(pathname), flags, mode);
if (pio == NULL)
return -1;

View File

@ -35,46 +35,48 @@
#include "inc\syslog.h"
#include "misc_internal.h"
#include "inc\utf.h"
#define MSGBUFSIZ 1024
static int logfd = -1;
/*
* open a log file using the name of executable under logs folder
* Ex. if called from c:\windows\system32\openssh\sshd.exe
* logfile - c:\windows\system32\openssh\logs\sshd.log
* log file location will be - "%programData%\\openssh\\logs\\<module_name>.log"
*/
void
openlog(char *ident, unsigned int option, int facility)
{
wchar_t *logs_dir = L"\\logs\\";
if (logfd != -1 || ident == NULL)
return;
wchar_t path[PATH_MAX] = { 0 }, log_file[PATH_MAX + 12] = { 0 };
errno_t r = 0;
if (GetModuleFileNameW(NULL, path, PATH_MAX) == 0)
wchar_t *logs_dir = L"\\logs\\";
wchar_t module_path[PATH_MAX] = { 0 }, log_file[PATH_MAX + 12] = { 0 };
if (GetModuleFileNameW(NULL, module_path, PATH_MAX) == 0)
return;
path[PATH_MAX - 1] = L'\0';
if (wcsnlen(path, MAX_PATH) > MAX_PATH - wcslen(logs_dir))
if (wcsnlen(module_path, MAX_PATH) > MAX_PATH - wcslen(logs_dir))
return;
/* split path root and module */
{
wchar_t* tail = path + wcsnlen(path, MAX_PATH);
while (tail > path && *tail != L'\\' && *tail != L'/')
wchar_t* tail = module_path + wcsnlen(module_path, MAX_PATH);
while (tail > module_path && *tail != L'\\' && *tail != L'/')
tail--;
if (((r = wcsncat_s(log_file, PATH_MAX + 12, path, tail - path)) != 0 ) ||
(r = wcsncat_s(log_file, PATH_MAX + 12, logs_dir, 6) != 0 )||
(r = wcsncat_s(log_file, PATH_MAX + 12, tail + 1, wcslen(tail + 1) - 3) != 0 ) ||
(r = wcsncat_s(log_file, PATH_MAX + 12, L"log", 3) != 0 ))
char ssh_cfg_path[PATH_MAX] = {0 ,};
strcat_s(ssh_cfg_path, _countof(ssh_cfg_path), get_program_data_path()); /* "%programData%" */
strcat_s(ssh_cfg_path, _countof(ssh_cfg_path), "\\ssh"); /* "%programData%\\ssh" */
wchar_t* ssh_root_path_w = utf8_to_utf16(ssh_cfg_path); /* "%programData%\\ssh" */
if ((wcsncat_s(log_file, PATH_MAX + 12, ssh_root_path_w, wcslen(ssh_root_path_w)) != 0) ||
(wcsncat_s(log_file, PATH_MAX + 12, logs_dir, 6) != 0) ||
(wcsncat_s(log_file, PATH_MAX + 12, tail + 1, wcslen(tail + 1) - 3) != 0 ) ||
(wcsncat_s(log_file, PATH_MAX + 12, L"log", 3) != 0))
return;
}
errno_t err = _wsopen_s(&logfd, log_file, O_WRONLY | O_CREAT | O_APPEND, SH_DENYNO, S_IREAD | S_IWRITE);
if (logfd != -1)

View File

@ -108,7 +108,7 @@ opendir(const char *name)
if (name && strcmp(name, "/") == 0)
return openrootdir(name);
if ((wname = utf8_to_utf16(sanitized_path(name))) == NULL) {
if ((wname = utf8_to_utf16(resolved_path(name))) == NULL) {
errno = ENOMEM;
return NULL;
}

View File

@ -108,7 +108,7 @@ prereq_setup()
RPC_CWSTR rpc_str;
USER_INFO_1 ui;
NET_API_STATUS nStatus;
STARTUPINFO si;
STARTUPINFOW si;
PROCESS_INFORMATION pi;
wchar_t cmdline[MAX_PATH];
@ -135,7 +135,7 @@ prereq_setup()
/* create host keys if they dont already exist */
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
si.cb = sizeof(STARTUPINFOW);
ZeroMemory(&pi, sizeof(pi));
memcpy(cmdline, SSH_HOSTKEY_GEN_CMDLINE, wcslen(SSH_HOSTKEY_GEN_CMDLINE) * 2 + 2);
if (CreateProcessW(NULL, cmdline, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi)) {

View File

@ -21,10 +21,10 @@ Port 47002
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey sshtest_hostkey_rsa
HostKey sshtest_hostkey_dsa
HostKey sshtest_hostkey_ecdsa
HostKey sshtest_hostkey_ed25519
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_rsa
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_dsa
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ecdsa
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ed25519
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
@ -126,4 +126,4 @@ PubkeyAcceptedKeyTypes ssh-ed25519*
#AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin
#DenyGroups denygroup1 denygr*p2 deny?rou?3
#AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm*
TrustedUserCAKeys sshtest_ca_userkeys.pub
TrustedUserCAKeys __PROGRAMDATA__\ssh\sshtest_ca_userkeys.pub

View File

@ -11,10 +11,10 @@ Port 47003
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey sshtest_hostkey_rsa
HostKey sshtest_hostkey_dsa
HostKey sshtest_hostkey_ecdsa
HostKey sshtest_hostkey_ed25519
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_rsa
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_dsa
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ecdsa
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ed25519
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h

View File

@ -67,9 +67,9 @@ test_sanitizedpath()
char *win32prgdir = w32_programdir();
ASSERT_PTR_NE(win32prgdir, NULL);
ASSERT_PTR_EQ(sanitized_path(NULL), NULL);
ASSERT_PTR_EQ(resolved_path(NULL), NULL);
char *ret = sanitized_path(win32prgdir);
char *ret = resolved_path(win32prgdir);
retValue = strcmp(win32prgdir, ret);
ASSERT_INT_EQ(retValue, 0);
@ -79,14 +79,14 @@ test_sanitizedpath()
strncpy(tmp_path+1, win32prgdir, win32prgdir_len);
tmp_path[win32prgdir_len+1] = '\0';
ret = sanitized_path(tmp_path);
ret = resolved_path(tmp_path);
retValue = strcmp(win32prgdir, ret);
ASSERT_INT_EQ(retValue, 0);
char *s1 = malloc(4), *s2 = malloc(4);
s1[0] = '/', s1[1] = win32prgdir[0], s1[2] = ':', s1[3] = '\0';
s2[0] = win32prgdir[0], s2[1] = ':', s2[2] = '\\', s2[3] = '\0';
ret = sanitized_path(s1);
ret = resolved_path(s1);
retValue = strcmp(ret, s2);
ASSERT_INT_EQ(retValue, 0);

View File

@ -661,9 +661,7 @@ derelativise_path(const char *path)
return xstrdup("none");
expanded = tilde_expand_filename(path, getuid());
#ifdef WINDOWS
/* Windows absolute paths - \abc, /abc, c:\abc, c:/abc*/
if (*expanded == '/' || *expanded == '\\' ||
(*expanded != '\0' && expanded[1] == ':'))
if (is_absolute_path(expanded))
#else /* !WINDOWS */
if (*expanded == '/')
#endif /* !WINDOWS */