From 944505e199f53131053c217bed15a2dd9dedad36 Mon Sep 17 00:00:00 2001 From: Yanbing Wang Date: Thu, 15 Jun 2017 18:41:19 -0700 Subject: [PATCH] Source snapshot from Powershell/openssh-portable:latestw_all --- .gitignore | 3 +- .skipped-commit-ids | 1 + PROTOCOL | 6 +- PROTOCOL.agent | 585 +----------------- PROTOCOL.certkeys | 8 +- appveyor.yml | 2 +- auth-options.c | 5 +- auth-options.h | 4 +- auth-passwd.c | 1 + auth.c | 6 +- auth.h | 35 +- auth2-chall.c | 37 +- auth2-gss.c | 67 +- auth2-hostbased.c | 107 ++-- auth2-kbdint.c | 6 +- auth2-none.c | 14 +- auth2-passwd.c | 32 +- auth2-pubkey.c | 226 ++++--- auth2.c | 42 +- authfile.c | 58 +- bitmap.c | 6 +- channels.c | 86 +-- channels.h | 25 +- clientloop.c | 22 +- configure.ac | 8 +- .../win32/openssh/FixHostFilePermissions.ps1 | 42 +- .../win32/openssh/FixUserFilePermissions.ps1 | 14 +- contrib/win32/openssh/OpenSSHBuildHelper.psm1 | 87 ++- contrib/win32/openssh/OpenSSHTestHelper.psm1 | 44 +- contrib/win32/openssh/OpenSSHUtils.psd1 | 44 ++ contrib/win32/openssh/OpenSSHUtils.psm1 | 497 +++++++++------ contrib/win32/openssh/README.txt | 14 +- contrib/win32/openssh/config.h.vs | 19 +- contrib/win32/openssh/config.vcxproj | 44 +- contrib/win32/openssh/keygen.vcxproj | 28 +- contrib/win32/openssh/libssh.vcxproj | 8 +- contrib/win32/openssh/libssh.vcxproj.filters | 283 ++++++++- contrib/win32/openssh/openbsd_compat.vcxproj | 10 +- contrib/win32/openssh/paths.targets | 10 +- contrib/win32/openssh/scp.vcxproj | 28 +- contrib/win32/openssh/sftp-server.vcxproj | 24 +- contrib/win32/openssh/sftp.vcxproj | 28 +- contrib/win32/openssh/ssh-add-hostkey.ps1 | 96 +++ contrib/win32/openssh/ssh-add.vcxproj | 24 +- contrib/win32/openssh/ssh-agent.vcxproj | 32 +- contrib/win32/openssh/ssh-keyscan.vcxproj | 24 +- contrib/win32/openssh/ssh-shellhost.vcxproj | 16 +- contrib/win32/openssh/ssh.vcxproj | 24 +- contrib/win32/openssh/sshd.vcxproj | 24 +- contrib/win32/openssh/unittest-bitmap.vcxproj | 24 +- .../win32/openssh/unittest-hostkeys.vcxproj | 24 +- contrib/win32/openssh/unittest-kex.vcxproj | 24 +- contrib/win32/openssh/unittest-match.vcxproj | 24 +- contrib/win32/openssh/unittest-sshbuf.vcxproj | 24 +- contrib/win32/openssh/unittest-sshkey.vcxproj | 24 +- contrib/win32/openssh/unittest-utf8.vcxproj | 24 +- .../openssh/unittest-win32compat.vcxproj | 24 +- contrib/win32/openssh/version.rc | Bin 4066 -> 4066 bytes contrib/win32/openssh/win32iocompat.vcxproj | 10 +- contrib/win32/win32compat/Debug.h | 7 + contrib/win32/win32compat/ansiprsr.c | 2 - contrib/win32/win32compat/ansiprsr.h | 1 + contrib/win32/win32compat/console.c | 26 +- contrib/win32/win32compat/fileio.c | 48 +- contrib/win32/win32compat/inc/string.h | 5 +- contrib/win32/win32compat/inc/unistd.h | 5 +- contrib/win32/win32compat/misc.c | 321 ++++------ contrib/win32/win32compat/misc_internal.h | 5 +- contrib/win32/win32compat/pwd.c | 14 +- contrib/win32/win32compat/shell-host.c | 232 +++---- contrib/win32/win32compat/signal_sigalrm.c | 4 +- contrib/win32/win32compat/signal_sigchld.c | 6 +- contrib/win32/win32compat/socketio.c | 9 +- contrib/win32/win32compat/ssh-agent/agent.c | 150 ++++- contrib/win32/win32compat/ssh-agent/agent.h | 1 + .../win32compat/ssh-agent/authagent-request.c | 3 +- .../win32/win32compat/ssh-agent/connection.c | 104 ---- .../win32compat/ssh-agent/keyagent-request.c | 4 +- contrib/win32/win32compat/termio.c | 8 +- contrib/win32/win32compat/tncon.c | 1 - contrib/win32/win32compat/tnnet.c | 4 +- contrib/win32/win32compat/w32-sshfileperm.c | 4 +- contrib/win32/win32compat/w32fd.c | 48 +- contrib/win32/win32compat/w32fd.h | 4 +- contrib/win32/win32compat/w32log.c | 24 +- contrib/win32/win32compat/win32_dirent.c | 3 +- contrib/win32/win32compat/wmain_common.c | 15 +- dispatch.c | 18 +- dispatch.h | 14 +- groupaccess.c | 8 +- hostfile.c | 4 +- kex.c | 16 +- kex.h | 6 +- kexc25519c.c | 7 +- kexc25519s.c | 5 +- kexdhc.c | 7 +- kexdhs.c | 7 +- kexecdhc.c | 7 +- kexecdhs.c | 7 +- kexgexc.c | 12 +- kexgexs.c | 12 +- key.c | 177 +----- key.h | 36 +- krl.c | 4 +- misc.c | 4 +- monitor.c | 65 +- monitor_wrap.c | 22 +- monitor_wrap.h | 17 +- opacket.h | 2 + openbsd-compat/Makefile.in | 4 +- openbsd-compat/bsd-getpagesize.c | 23 + openbsd-compat/openbsd-compat.h | 8 + openbsd-compat/recallocarray.c | 88 +++ packet.c | 101 +-- packet.h | 7 +- readconf.c | 17 +- readconf.h | 3 +- .../pesterTests/Hostkey_fileperm.Tests.ps1 | 12 +- regress/proto-version.sh | 4 +- scp.c | 8 +- serverloop.c | 12 +- session.c | 92 ++- ssh-add.c | 4 +- ssh-keygen.c | 20 +- ssh-keyscan.c | 4 +- ssh-pkcs11-client.c | 6 +- ssh-pkcs11-helper.c | 14 +- ssh-pkcs11.c | 9 +- ssh.1 | 5 +- ssh.c | 48 +- ssh_config.5 | 17 +- sshbuf-getput-basic.c | 4 +- sshbuf.c | 17 +- sshconnect.c | 47 +- sshconnect.h | 12 +- sshconnect2.c | 109 ++-- sshd.c | 47 +- sshkey.c | 7 +- umac.c | 8 +- utf8.c | 4 +- xmalloc.c | 14 +- xmalloc.h | 3 +- 142 files changed, 2712 insertions(+), 2639 deletions(-) create mode 100644 contrib/win32/openssh/OpenSSHUtils.psd1 create mode 100644 contrib/win32/openssh/ssh-add-hostkey.ps1 create mode 100644 openbsd-compat/bsd-getpagesize.c create mode 100644 openbsd-compat/recallocarray.c diff --git a/.gitignore b/.gitignore index e2a63f31..84dfe163 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ openbsd-compat/regress/Makefile openssh.xml opensshd.init survey.sh +**/*.0 **/*.o **/*.out **/*.a @@ -33,7 +34,7 @@ sshd /contrib/win32/openssh/Win32/Debug/libssh/libssh.tlog /contrib/win32/openssh/Win32/Debug/libssh /config.h - +/contrib/win32/openssh/LibreSSLSDK ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 2e639902..f4c45722 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -16,3 +16,4 @@ f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead. 1e6b51ddf767cbad0a4e63eb08026c127e654308 integrity.sh reliability fe5b31f69a60d47171836911f144acff77810217 Makefile.inc bits 5781670c0578fe89663c9085ed3ba477cf7e7913 Delete sshconnect1.c +ea80f445e819719ccdcb237022cacfac990fdc5c Makefile.inc warning flags diff --git a/PROTOCOL b/PROTOCOL index 192da55b..4e9e8757 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -33,8 +33,8 @@ The method is documented in: https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt -1.3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com", - "ssh-dsa-cert-v00@openssh.com", +1.3. transport: New public key algorithms "ssh-rsa-cert-v01@openssh.com", + "ssh-dsa-cert-v01@openssh.com", "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ecdsa-sha2-nistp384-cert-v01@openssh.com" and "ecdsa-sha2-nistp521-cert-v01@openssh.com" @@ -454,4 +454,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $ +$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $ diff --git a/PROTOCOL.agent b/PROTOCOL.agent index 60d36f91..54cf2be4 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent @@ -1,582 +1,3 @@ -This describes the protocol used by OpenSSH's ssh-agent. - -OpenSSH's agent supports managing keys for the standard SSH protocol -2 as well as the legacy SSH protocol 1. Support for these key types -is almost completely disjoint - in all but a few cases, operations on -protocol 2 keys cannot see or affect protocol 1 keys and vice-versa. - -Protocol 1 and protocol 2 keys are separated because of the differing -cryptographic usage: protocol 1 private RSA keys are used to decrypt -challenges that were encrypted with the corresponding public key, -whereas protocol 2 RSA private keys are used to sign challenges with -a private key for verification with the corresponding public key. It -is considered unsound practice to use the same key for signing and -encryption. - -With a couple of exceptions, the protocol message names used in this -document indicate which type of key the message relates to. SSH_* -messages refer to protocol 1 keys only. SSH2_* messages refer to -protocol 2 keys. Furthermore, the names also indicate whether the -message is a request to the agent (*_AGENTC_*) or a reply from the -agent (*_AGENT_*). Section 3 below contains the mapping of the -protocol message names to their integer values. - -1. Data types - -Because of support for legacy SSH protocol 1 keys, OpenSSH's agent -protocol makes use of some data types not defined in RFC 4251. - -1.1 uint16 - -The "uint16" data type is a simple MSB-first 16 bit unsigned integer -encoded in two bytes. - -1.2 mpint1 - -The "mpint1" type represents an arbitrary precision integer (bignum). -Its format is as follows: - - uint16 bits - byte[(bits + 7) / 8] bignum - -"bignum" contains an unsigned arbitrary precision integer encoded as -eight bits per byte in big-endian (MSB first) format. - -Note the difference between the "mpint1" encoding and the "mpint" -encoding defined in RFC 4251. Also note that the length of the encoded -integer is specified in bits, not bytes and that the byte length of -the integer must be calculated by rounding up the number of bits to the -nearest eight. - -2. Protocol Messages - -All protocol messages are prefixed with their length in bytes, encoded -as a 32 bit unsigned integer. Specifically: - - uint32 message_length - byte[message_length] message - -The following message descriptions refer only to the content the -"message" field. - -2.1 Generic server responses - -The following generic messages may be sent by the server in response to -requests from the client. On success the agent may reply either with: - - byte SSH_AGENT_SUCCESS - -or a request-specific success message. - -On failure, the agent may reply with: - - byte SSH_AGENT_FAILURE - -SSH_AGENT_FAILURE messages are also sent in reply to unknown request -types. - -2.2 Adding keys to the agent - -Keys are added to the agent using the SSH_AGENTC_ADD_RSA_IDENTITY and -SSH2_AGENTC_ADD_IDENTITY requests for protocol 1 and protocol 2 keys -respectively. - -Two variants of these requests are SSH_AGENTC_ADD_RSA_ID_CONSTRAINED -and SSH2_AGENTC_ADD_ID_CONSTRAINED - these add keys with optional -"constraints" on their usage. - -OpenSSH may be built with support for keys hosted on a smartcard -or other hardware security module. These keys may be added -to the agent using the SSH_AGENTC_ADD_SMARTCARD_KEY and -SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED requests. - -2.2.1 Key constraints - -The OpenSSH agent supports some basic optional constraints on key usage. -At present there are two constraints defined. - -The first constraint limits the validity duration of a key. It is -encoded as: - - byte SSH_AGENT_CONSTRAIN_LIFETIME - uint32 seconds - -Where "seconds" contains the number of seconds that the key shall remain -valid measured from the moment that the agent receives it. After the -validity period has expired, OpenSSH's agent will erase these keys from -memory. - -The second constraint requires the agent to seek explicit user -confirmation before performing private key operations with the loaded -key. This constraint is encoded as: - - byte SSH_AGENT_CONSTRAIN_CONFIRM - -Zero or more constraints may be specified when adding a key with one -of the *_CONSTRAINED requests. Multiple constraints are appended -consecutively to the end of the request: - - byte constraint1_type - .... constraint1_data - byte constraint2_type - .... constraint2_data - .... - byte constraintN_type - .... constraintN_data - -Such a sequence of zero or more constraints will be referred to below -as "constraint[]". Agents may determine whether there are constraints -by checking whether additional data exists in the "add key" request -after the key data itself. OpenSSH will refuse to add a key if it -contains unknown constraints. - -2.2.2 Add protocol 1 key - -A client may add a protocol 1 key to an agent with the following -request: - - byte SSH_AGENTC_ADD_RSA_IDENTITY or - SSH_AGENTC_ADD_RSA_ID_CONSTRAINED - uint32 ignored - mpint1 rsa_n - mpint1 rsa_e - mpint1 rsa_d - mpint1 rsa_iqmp - mpint1 rsa_q - mpint1 rsa_p - string key_comment - constraint[] key_constraints - -Note that there is some redundancy in the key parameters; a key could be -fully specified using just rsa_q, rsa_p and rsa_e at the cost of extra -computation. - -"key_constraints" may only be present if the request type is -SSH_AGENTC_ADD_RSA_ID_CONSTRAINED. - -The agent will reply with a SSH_AGENT_SUCCESS if the key has been -successfully added or a SSH_AGENT_FAILURE if an error occurred. - -2.2.3 Add protocol 2 key - -The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA -keys may be added using the following request - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-dss" - mpint dsa_p - mpint dsa_q - mpint dsa_g - mpint dsa_public_key - mpint dsa_private_key - string key_comment - constraint[] key_constraints - -DSA certificates may be added with: - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-dss-cert-v00@openssh.com" - string certificate - mpint dsa_private_key - string key_comment - constraint[] key_constraints - -ECDSA keys may be added using the following request - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ecdsa-sha2-nistp256" | - "ecdsa-sha2-nistp384" | - "ecdsa-sha2-nistp521" - string ecdsa_curve_name - string ecdsa_public_key - mpint ecdsa_private - string key_comment - constraint[] key_constraints - -ECDSA certificates may be added with: - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | - "ecdsa-sha2-nistp384-cert-v01@openssh.com" | - "ecdsa-sha2-nistp521-cert-v01@openssh.com" - string certificate - mpint ecdsa_private_key - string key_comment - constraint[] key_constraints - -ED25519 keys may be added using the following request - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-ed25519" - string ed25519_public_key - string ed25519_private_key || ed25519_public_key - string key_comment - constraint[] key_constraints - -ED25519 certificates may be added with: - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-ed25519-cert-v01@openssh.com" - string certificate - string ed25519_public_key - string ed25519_private_key || ed25519_public_key - string key_comment - constraint[] key_constraints - -For both ssh-ed25519 and ssh-ed25519-cert-v01@openssh.com keys, the private -key has the public key appended (for historical reasons). - -RSA keys may be added with this request: - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-rsa" - mpint rsa_n - mpint rsa_e - mpint rsa_d - mpint rsa_iqmp - mpint rsa_p - mpint rsa_q - string key_comment - constraint[] key_constraints - -RSA certificates may be added with this request: - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-rsa-cert-v00@openssh.com" - string certificate - mpint rsa_d - mpint rsa_iqmp - mpint rsa_p - mpint rsa_q - string key_comment - constraint[] key_constraints - -Note that the 'rsa_p' and 'rsa_q' parameters are sent in the reverse -order to the protocol 1 add keys message. As with the corresponding -protocol 1 "add key" request, the private key is overspecified to avoid -redundant processing. - -For DSA, ECDSA and RSA key add requests, "key_constraints" may only be -present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. - -The agent will reply with a SSH_AGENT_SUCCESS if the key has been -successfully added or a SSH_AGENT_FAILURE if an error occurred. - -2.2.4 Loading keys from a smartcard - -The OpenSSH agent may have optional smartcard support built in to it. If -so, it supports an operation to load keys from a smartcard. Technically, -only the public components of the keys are loaded into the agent so -this operation really arranges for future private key operations to be -delegated to the smartcard. - - byte SSH_AGENTC_ADD_SMARTCARD_KEY or - SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED - string reader_id - string pin - constraint[] key_constraints - -"reader_id" is an identifier to a smartcard reader and "pin" -is a PIN or passphrase used to unlock the private key(s) on the -device. "key_constraints" may only be present if the request type is -SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED. - -This operation may load all SSH keys that are unlocked using the -"pin" on the specified reader. The type of key loaded (protocol 1 -or protocol 2) will be specified by the smartcard itself, it is not -client-specified. - -The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have -been successfully loaded or a SSH_AGENT_FAILURE if an error occurred. -The agent will also return SSH_AGENT_FAILURE if it does not support -smartcards. - -2.3 Removing multiple keys - -A client may request that an agent delete all protocol 1 keys using the -following request: - - byte SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES - -This message requests the deletion of all protocol 2 keys: - - byte SSH2_AGENTC_REMOVE_ALL_IDENTITIES - -On success, the agent will delete all keys of the requested type and -reply with a SSH_AGENT_SUCCESS message. If an error occurred, the agent -will reply with SSH_AGENT_FAILURE. - -Note that, to delete all keys (both protocol 1 and 2), a client -must send both a SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES and a -SSH2_AGENTC_REMOVE_ALL_IDENTITIES request. - -2.4 Removing specific keys - -2.4.1 Removing a protocol 1 key - -Removal of a protocol 1 key may be requested with the following message: - - byte SSH_AGENTC_REMOVE_RSA_IDENTITY - uint32 key_bits - mpint1 rsa_e - mpint1 rsa_n - -Note that key_bits is strictly redundant, as it may be inferred by the -length of rsa_n. - -The agent will delete any private key matching the specified public key -and return SSH_AGENT_SUCCESS. If no such key was found, the agent will -return SSH_AGENT_FAILURE. - -2.4.2 Removing a protocol 2 key - -Protocol 2 keys may be removed with the following request: - - byte SSH2_AGENTC_REMOVE_IDENTITY - string key_blob - -Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for any of the supported protocol 2 key types. - -The agent will delete any private key matching the specified public key -and return SSH_AGENT_SUCCESS. If no such key was found, the agent will -return SSH_AGENT_FAILURE. - -2.4.3 Removing keys loaded from a smartcard - -A client may request that a server remove one or more smartcard-hosted -keys using this message: - - byte SSH_AGENTC_REMOVE_SMARTCARD_KEY - string reader_id - string pin - -"reader_id" the an identifier to a smartcard reader and "pin" is a PIN -or passphrase used to unlock the private key(s) on the device. - -When this message is received, and if the agent supports -smartcard-hosted keys, it will delete all keys that are hosted on the -specified smartcard that may be accessed with the given "pin". - -The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have -been successfully removed or a SSH_AGENT_FAILURE if an error occurred. -The agent will also return SSH_AGENT_FAILURE if it does not support -smartcards. - -2.5 Requesting a list of known keys - -An agent may be requested to list which keys it holds. Different -requests exist for protocol 1 and protocol 2 keys. - -2.5.1 Requesting a list of protocol 1 keys - -To request a list of protocol 1 keys that are held in the agent, a -client may send the following message: - - byte SSH_AGENTC_REQUEST_RSA_IDENTITIES - -The agent will reply with the following message: - - byte SSH_AGENT_RSA_IDENTITIES_ANSWER - uint32 num_keys - -Followed by zero or more consecutive keys, encoded as: - - uint32 bits - mpint1 rsa_e - mpint1 rsa_n - string key_comment - -2.5.2 Requesting a list of protocol 2 keys - -A client may send the following message to request a list of -protocol 2 keys that are stored in the agent: - - byte SSH2_AGENTC_REQUEST_IDENTITIES - -The agent will reply with the following message header: - - byte SSH2_AGENT_IDENTITIES_ANSWER - uint32 num_keys - -Followed by zero or more consecutive keys, encoded as: - - string key_blob - string key_comment - -Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for any of the supported protocol 2 key types. - -2.6 Private key operations - -The purpose of the agent is to perform private key operations, such as -signing and encryption without requiring a passphrase to unlock the -key and without allowing the private key itself to be exposed. There -are separate requests for the protocol 1 and protocol 2 private key -operations. - -2.6.1 Protocol 1 private key challenge - -The private key operation used in version 1 of the SSH protocol is -decrypting a challenge that has been encrypted with a public key. -It may be requested using this message: - - byte SSH_AGENTC_RSA_CHALLENGE - uint32 ignored - mpint1 rsa_e - mpint1 rsa_n - mpint1 encrypted_challenge - byte[16] session_id - uint32 response_type /* must be 1 */ - -"rsa_e" and "rsa_n" are used to identify which private key to use. -"encrypted_challenge" is a challenge blob that has (presumably) -been encrypted with the public key and must be in the range -1 <= encrypted_challenge < 2^256. "session_id" is the SSH protocol 1 -session ID (computed from the server host key, the server semi-ephemeral -key and the session cookie). - -"ignored" and "response_type" exist for compatibility with legacy -implementations. "response_type" must be equal to 1; other response -types are not supported. - -On receiving this request, the server decrypts the "encrypted_challenge" -using the private key matching the supplied (rsa_e, rsa_n) values. For -the response derivation, the decrypted challenge is represented as an -unsigned, big-endian integer encoded in a 32 byte buffer (i.e. values -smaller than 2^248 will have leading 0 bytes). - -The response value is then calculated as: - - response = MD5(decrypted_challenge || session_id) - -and returned in the following message - - byte SSH_AGENT_RSA_RESPONSE - byte[16] response - -If the agent cannot find the key specified by the supplied (rsa_e, -rsa_n) then it will return SSH_AGENT_FAILURE. - -2.6.2 Protocol 2 private key signature request - -A client may use the following message to request signing of data using -a protocol 2 key: - - byte SSH2_AGENTC_SIGN_REQUEST - string key_blob - string data - uint32 flags - -Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for any of the supported protocol 2 key types. "flags" is -a bit-mask, but at present only one possible value is defined (see below -for its meaning): - - SSH_AGENT_OLD_SIGNATURE 1 - -Upon receiving this request, the agent will look up the private key that -corresponds to the public key contained in key_blob. It will use this -private key to sign the "data" and produce a signature blob using the -key type-specific method described in RFC 4253 section 6.6 "Public Key -Algorithms". - -An exception to this is for "ssh-dss" keys where the "flags" word -contains the value SSH_AGENT_OLD_SIGNATURE. In this case, a legacy -signature encoding is used in lieu of the standard one. In this case, -the DSA signature blob is encoded as: - - byte[40] signature - -The signature will be returned in the response message: - - byte SSH2_AGENT_SIGN_RESPONSE - string signature_blob - -If the agent cannot find the key specified by the supplied key_blob then -it will return SSH_AGENT_FAILURE. - -2.7 Locking or unlocking an agent - -The agent supports temporary locking with a passphrase to suspend -processing of sensitive operations until it has been unlocked with the -same passphrase. To lock an agent, a client send the following request: - - byte SSH_AGENTC_LOCK - string passphrase - -Upon receipt of this message and if the agent is not already locked, -it will suspend processing requests and return a SSH_AGENT_SUCCESS -reply. If the agent is already locked, it will return SSH_AGENT_FAILURE. - -While locked, the agent will refuse all requests except -SSH_AGENTC_UNLOCK, SSH_AGENTC_REQUEST_RSA_IDENTITIES and -SSH2_AGENTC_REQUEST_IDENTITIES. The "request identities" requests are -treated specially by a locked agent: it will always return an empty list -of keys. - -To unlock an agent, a client may request: - - byte SSH_AGENTC_UNLOCK - string passphrase - -If the passphrase matches and the agent is locked, then it will resume -processing all requests and return SSH_AGENT_SUCCESS. If the agent -is not locked or the passphrase does not match then it will return -SSH_AGENT_FAILURE. - -Locking and unlocking affects both protocol 1 and protocol 2 keys. - -3. Protocol message numbers - -3.1 Requests from client to agent for protocol 1 key operations - - SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 - SSH_AGENTC_RSA_CHALLENGE 3 - SSH_AGENTC_ADD_RSA_IDENTITY 7 - SSH_AGENTC_REMOVE_RSA_IDENTITY 8 - SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 - SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 - -3.2 Requests from client to agent for protocol 2 key operations - - SSH2_AGENTC_REQUEST_IDENTITIES 11 - SSH2_AGENTC_SIGN_REQUEST 13 - SSH2_AGENTC_ADD_IDENTITY 17 - SSH2_AGENTC_REMOVE_IDENTITY 18 - SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 - SSH2_AGENTC_ADD_ID_CONSTRAINED 25 - -3.3 Key-type independent requests from client to agent - - SSH_AGENTC_ADD_SMARTCARD_KEY 20 - SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 - SSH_AGENTC_LOCK 22 - SSH_AGENTC_UNLOCK 23 - SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 - -3.4 Generic replies from agent to client - - SSH_AGENT_FAILURE 5 - SSH_AGENT_SUCCESS 6 - -3.5 Replies from agent to client for protocol 1 key operations - - SSH_AGENT_RSA_IDENTITIES_ANSWER 2 - SSH_AGENT_RSA_RESPONSE 4 - -3.6 Replies from agent to client for protocol 2 key operations - - SSH2_AGENT_IDENTITIES_ANSWER 12 - SSH2_AGENT_SIGN_RESPONSE 14 - -3.7 Key constraint identifiers - - SSH_AGENT_CONSTRAIN_LIFETIME 1 - SSH_AGENT_CONSTRAIN_CONFIRM 2 - -$OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $ +This file used to contain a description of the SSH agent protocol +implemented by OpenSSH. It has since been superseded by +https://tools.ietf.org/html/draft-miller-ssh-agent-00 diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 734b606b..42aa8c2a 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -224,6 +224,9 @@ option-specific information (see below). All options are "critical", if an implementation does not recognise a option then the validating party should refuse to accept the certificate. +Custom options should append the originating author or organisation's +domain name to the option name, e.g. "my-option@example.com". + No critical options are defined for host certificates at present. The supported user certificate options and the contents and structure of their data fields are: @@ -255,6 +258,9 @@ as is the requirement that each name appear only once. If an implementation does not recognise an extension, then it should ignore it. +Custom options should append the originating author or organisation's +domain name to the option name, e.g. "my-option@example.com". + No extensions are defined for host certificates at present. The supported user certificate extensions and the contents and structure of their data fields are: @@ -285,4 +291,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.11 2017/05/16 16:54:05 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.12 2017/05/31 04:29:44 djm Exp $ diff --git a/appveyor.yml b/appveyor.yml index f83f4535..d18cc0a8 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 0.0.15.0.{build} +version: 0.0.16.0.{build} image: Visual Studio 2015 branches: diff --git a/auth-options.c b/auth-options.c index 57b49f7f..0a191dbb 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.72 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.73 2017/05/31 10:54:00 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -119,7 +119,8 @@ match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) * side effect: sets key option flags */ int -auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) +auth_parse_options(struct passwd *pw, char *opts, const char *file, + u_long linenum) { struct ssh *ssh = active_state; /* XXX */ const char *cp; diff --git a/auth-options.h b/auth-options.h index 52cbb42a..547f0163 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.22 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */ /* * Author: Tatu Ylonen @@ -33,7 +33,7 @@ extern int forced_tun_device; extern int key_is_cert_authority; extern char *authorized_principals; -int auth_parse_options(struct passwd *, char *, char *, u_long); +int auth_parse_options(struct passwd *, char *, const char *, u_long); void auth_clear_options(void); int auth_cert_options(struct sshkey *, struct passwd *, const char **); diff --git a/auth-passwd.c b/auth-passwd.c index 37cb2368..cfb829cc 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -237,6 +237,7 @@ int sys_auth_passwd(Authctxt *authctxt, const char *password) DWORD token = 0; extern int auth_sock; int r = 0; + int ssh_request_reply(int, struct sshbuf *, struct sshbuf *); msg = sshbuf_new(); if (!msg) diff --git a/auth.c b/auth.c index ad0c8018..9084958f 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.120 2017/05/17 01:24:17 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.121 2017/05/30 08:52:19 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -429,7 +429,7 @@ authorized_principals_file(struct passwd *pw) /* return ok if key exists in sysfile or userfile */ HostStatus -check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, +check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, const char *sysfile, const char *userfile) { char *user_hostfile; @@ -711,7 +711,7 @@ getpwnamallow(const char *user) /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ int -auth_key_is_revoked(Key *key) +auth_key_is_revoked(struct sshkey *key) { char *fp = NULL; int r; diff --git a/auth.h b/auth.h index 338a62da..67793546 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.89 2016/08/13 17:47:41 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.91 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -91,7 +91,7 @@ struct Authctxt { struct Authmethod { char *name; - int (*userauth)(Authctxt *authctxt); + int (*userauth)(struct ssh *); int *enabled; }; @@ -117,9 +117,10 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *); int auth_password(Authctxt *, const char *); -int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); -int user_key_allowed(struct passwd *, Key *, int); -void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) +int hostbased_key_allowed(struct passwd *, const char *, char *, + struct sshkey *); +int user_key_allowed(struct passwd *, struct sshkey *, int); +void pubkey_auth_info(Authctxt *, const struct sshkey *, const char *, ...) __attribute__((__format__ (printf, 3, 4))); void auth2_record_userkey(Authctxt *, struct sshkey *); int auth2_userkey_already_used(Authctxt *, struct sshkey *); @@ -154,7 +155,7 @@ void auth_info(Authctxt *authctxt, const char *, ...) __attribute__((__nonnull__ (2))); void auth_log(Authctxt *, int, int, const char *, const char *); void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); -void userauth_finish(Authctxt *, int, const char *, const char *); +void userauth_finish(struct ssh *, int, const char *, const char *); int auth_root_allowed(const char *); void userauth_send_banner(const char *); @@ -167,8 +168,8 @@ int auth2_method_allowed(Authctxt *, const char *, const char *); void privsep_challenge_enable(void); -int auth2_challenge(Authctxt *, char *); -void auth2_challenge_stop(Authctxt *); +int auth2_challenge(struct ssh *, char *); +void auth2_challenge_stop(struct ssh *); int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int bsdauth_respond(void *, u_int, char **); int skey_query(void *, char **, char **, u_int *, char ***, u_int **); @@ -182,22 +183,22 @@ char *authorized_principals_file(struct passwd *); FILE *auth_openkeyfile(const char *, struct passwd *, int); FILE *auth_openprincipals(const char *, struct passwd *, int); -int auth_key_is_revoked(Key *); +int auth_key_is_revoked(struct sshkey *); const char *auth_get_canonical_hostname(struct ssh *, int); HostStatus -check_key_in_hostfiles(struct passwd *, Key *, const char *, +check_key_in_hostfiles(struct passwd *, struct sshkey *, const char *, const char *, const char *); /* hostkey handling */ -Key *get_hostkey_by_index(int); -Key *get_hostkey_public_by_index(int, struct ssh *); -Key *get_hostkey_public_by_type(int, int, struct ssh *); -Key *get_hostkey_private_by_type(int, int, struct ssh *); -int get_hostkey_index(Key *, int, struct ssh *); -int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int); +struct sshkey *get_hostkey_by_index(int); +struct sshkey *get_hostkey_public_by_index(int, struct ssh *); +struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *); +struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *); +int get_hostkey_index(struct sshkey *, int, struct ssh *); +int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **, + size_t *, const u_char *, size_t, const char *, u_int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff --git a/auth2-chall.c b/auth2-chall.c index ead48031..11c8d31b 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -47,9 +47,9 @@ /* import */ extern ServerOptions options; -static int auth2_challenge_start(Authctxt *); +static int auth2_challenge_start(struct ssh *); static int send_userauth_info_request(Authctxt *); -static int input_userauth_info_response(int, u_int32_t, void *); +static int input_userauth_info_response(int, u_int32_t, struct ssh *); #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; @@ -195,8 +195,9 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) * wait for the response. */ int -auth2_challenge(Authctxt *authctxt, char *devs) +auth2_challenge(struct ssh *ssh, char *devs) { + Authctxt *authctxt = ssh->authctxt; debug("auth2_challenge: user=%s devs=%s", authctxt->user ? authctxt->user : "", devs ? devs : ""); @@ -205,15 +206,16 @@ auth2_challenge(Authctxt *authctxt, char *devs) return 0; if (authctxt->kbdintctxt == NULL) authctxt->kbdintctxt = kbdint_alloc(devs); - return auth2_challenge_start(authctxt); + return auth2_challenge_start(ssh); } /* unregister kbd-int callbacks and context */ void -auth2_challenge_stop(Authctxt *authctxt) +auth2_challenge_stop(struct ssh *ssh) { + Authctxt *authctxt = ssh->authctxt; /* unregister callback */ - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); if (authctxt->kbdintctxt != NULL) { kbdint_free(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; @@ -222,29 +224,30 @@ auth2_challenge_stop(Authctxt *authctxt) /* side effect: sets authctxt->postponed if a reply was sent*/ static int -auth2_challenge_start(Authctxt *authctxt) +auth2_challenge_start(struct ssh *ssh) { + Authctxt *authctxt = ssh->authctxt; KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt; debug2("auth2_challenge_start: devices %s", kbdintctxt->devices ? kbdintctxt->devices : ""); if (kbdint_next_device(authctxt, kbdintctxt) == 0) { - auth2_challenge_stop(authctxt); + auth2_challenge_stop(ssh); return 0; } debug("auth2_challenge_start: trying authentication method '%s'", kbdintctxt->device->name); if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) { - auth2_challenge_stop(authctxt); + auth2_challenge_stop(ssh); return 0; } if (send_userauth_info_request(authctxt) == 0) { - auth2_challenge_stop(authctxt); + auth2_challenge_stop(ssh); return 0; } - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response); authctxt->postponed = 1; @@ -285,9 +288,9 @@ send_userauth_info_request(Authctxt *authctxt) } static int -input_userauth_info_response(int type, u_int32_t seq, void *ctxt) +input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; KbdintAuthctxt *kbdintctxt; int authenticated = 0, res; u_int i, nresp; @@ -340,14 +343,14 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) devicename = kbdintctxt->device->name; if (!authctxt->postponed) { if (authenticated) { - auth2_challenge_stop(authctxt); + auth2_challenge_stop(ssh); } else { /* start next device */ /* may set authctxt->postponed */ - auth2_challenge_start(authctxt); + auth2_challenge_start(ssh); } } - userauth_finish(authctxt, authenticated, "keyboard-interactive", + userauth_finish(ssh, authenticated, "keyboard-interactive", devicename); return 0; } diff --git a/auth2-gss.c b/auth2-gss.c index 1ca83577..680d5e71 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.25 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -48,18 +48,19 @@ extern ServerOptions options; -static int input_gssapi_token(int type, u_int32_t plen, void *ctxt); -static int input_gssapi_mic(int type, u_int32_t plen, void *ctxt); -static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); -static int input_gssapi_errtok(int, u_int32_t, void *); +static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh); +static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); +static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh); +static int input_gssapi_errtok(int, u_int32_t, struct ssh *); /* * We only support those mechanisms that we know about (ie ones that we know * how to check local user kuserok and the like) */ static int -userauth_gssapi(Authctxt *authctxt) +userauth_gssapi(struct ssh *ssh) { + Authctxt *authctxt = ssh->authctxt; gss_OID_desc goid = {0, NULL}; Gssctxt *ctxt = NULL; int mechs; @@ -119,17 +120,17 @@ userauth_gssapi(Authctxt *authctxt) packet_send(); free(doid); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); authctxt->postponed = 1; return (0); } static int -input_gssapi_token(int type, u_int32_t plen, void *ctxt) +input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; @@ -157,8 +158,8 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) packet_send(); } authctxt->postponed = 0; - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - userauth_finish(authctxt, 0, "gssapi-with-mic", NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + userauth_finish(ssh, 0, "gssapi-with-mic", NULL); } else { if (send_tok.length != 0) { packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); @@ -166,12 +167,12 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) packet_send(); } if (maj_status == GSS_S_COMPLETE) { - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); if (flags & GSS_C_INTEG_FLAG) - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, &input_gssapi_mic); else - dispatch_set( + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, &input_gssapi_exchange_complete); } @@ -182,9 +183,9 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) } static int -input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) +input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; @@ -207,8 +208,8 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) free(recv_tok.value); /* We can't return anything to the client, even if we wanted to */ - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); /* The client will have already moved on to the next auth */ @@ -223,9 +224,9 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) */ static int -input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) +input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; int authenticated; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) @@ -241,18 +242,18 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); authctxt->postponed = 0; - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); - userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); + userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL); return 0; } static int -input_gssapi_mic(int type, u_int32_t plen, void *ctxt) +input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; int authenticated = 0; Buffer b; @@ -282,11 +283,11 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) free(mic.value); authctxt->postponed = 0; - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); - userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); + userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL); return 0; } diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 1b3c3b20..63fe9ae6 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.26 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.30 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -39,7 +39,7 @@ #include "misc.h" #include "servconf.h" #include "compat.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "canohost.h" @@ -48,6 +48,7 @@ #endif #include "monitor_wrap.h" #include "pathnames.h" +#include "ssherr.h" #include "match.h" /* import */ @@ -56,54 +57,56 @@ extern u_char *session_id2; extern u_int session_id2_len; static int -userauth_hostbased(Authctxt *authctxt) +userauth_hostbased(struct ssh *ssh) { - Buffer b; - Key *key = NULL; + Authctxt *authctxt = ssh->authctxt; + struct sshbuf *b; + struct sshkey *key = NULL; char *pkalg, *cuser, *chost, *service; u_char *pkblob, *sig; - u_int alen, blen, slen; - int pktype; - int authenticated = 0; + size_t alen, blen, slen; + int r, pktype, authenticated = 0; if (!authctxt->valid) { - debug2("userauth_hostbased: disabled because of invalid user"); + debug2("%s: disabled because of invalid user", __func__); return 0; } - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - chost = packet_get_string(NULL); - cuser = packet_get_string(NULL); - sig = packet_get_string(&slen); + /* XXX use sshkey_froms() */ + if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || + (r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &sig, &slen)) != 0) + fatal("%s: packet parsing: %s", __func__, ssh_err(r)); - debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d", + debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__, cuser, chost, pkalg, slen); #ifdef DEBUG_PK debug("signature:"); - buffer_init(&b); - buffer_append(&b, sig, slen); - buffer_dump(&b); - buffer_free(&b); + sshbuf_dump_data(sig, siglen, stderr); #endif - pktype = key_type_from_name(pkalg); + pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ - logit("userauth_hostbased: unsupported " - "public key algorithm: %s", pkalg); + logit("%s: unsupported public key algorithm: %s", + __func__, pkalg); + goto done; + } + if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { + error("%s: key_from_blob: %s", __func__, ssh_err(r)); goto done; } - key = key_from_blob(pkblob, blen); if (key == NULL) { - error("userauth_hostbased: cannot decode key: %s", pkalg); + error("%s: cannot decode key: %s", __func__, pkalg); goto done; } if (key->type != pktype) { - error("userauth_hostbased: type mismatch for decoded key " - "(received %d, expected %d)", key->type, pktype); + error("%s: type mismatch for decoded key " + "(received %d, expected %d)", __func__, key->type, pktype); goto done; } - if (key_type_plain(key->type) == KEY_RSA && - (datafellows & SSH_BUG_RSASIGMD5) != 0) { + if (sshkey_type_plain(key->type) == KEY_RSA && + (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { error("Refusing RSA key because peer uses unsafe " "signature format"); goto done; @@ -115,21 +118,23 @@ userauth_hostbased(Authctxt *authctxt) goto done; } - service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : + service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; - buffer_init(&b); - buffer_put_string(&b, session_id2, session_id2_len); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, service); - buffer_put_cstring(&b, "hostbased"); - buffer_put_string(&b, pkalg, alen); - buffer_put_string(&b, pkblob, blen); - buffer_put_cstring(&b, chost); - buffer_put_cstring(&b, cuser); + if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || + (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, "hostbased")) != 0 || + (r = sshbuf_put_string(b, pkalg, alen)) != 0 || + (r = sshbuf_put_string(b, pkblob, blen)) != 0 || + (r = sshbuf_put_cstring(b, chost)) != 0 || + (r = sshbuf_put_cstring(b, cuser)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef DEBUG_PK - buffer_dump(&b); + sshbuf_dump(b, stderr); #endif pubkey_auth_info(authctxt, key, @@ -138,15 +143,15 @@ userauth_hostbased(Authctxt *authctxt) /* test for allowed key and correct signature */ authenticated = 0; if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && - PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) + PRIVSEP(sshkey_verify(key, sig, slen, + sshbuf_ptr(b), sshbuf_len(b), ssh->compat)) == 0) authenticated = 1; - buffer_free(&b); + sshbuf_free(b); done: - debug2("userauth_hostbased: authenticated %d", authenticated); + debug2("%s: authenticated %d", __func__, authenticated); if (key != NULL) - key_free(key); + sshkey_free(key); free(pkalg); free(pkblob); free(cuser); @@ -158,7 +163,7 @@ userauth_hostbased(Authctxt *authctxt) /* return 1 if given hostkey is allowed */ int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, - Key *key) + struct sshkey *key) { struct ssh *ssh = active_state; /* XXX */ const char *resolvedname, *ipaddr, *lookup, *reason; @@ -203,8 +208,8 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, } debug2("%s: access allowed by auth_rhosts2", __func__); - if (key_is_cert(key) && - key_cert_check_authority(key, 1, 0, lookup, &reason)) { + if (sshkey_is_cert(key) && + sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) { error("%s", reason); auth_debug_add("%s", reason); return 0; @@ -223,20 +228,20 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, } if (host_status == HOST_OK) { - if (key_is_cert(key)) { + if (sshkey_is_cert(key)) { if ((fp = sshkey_fingerprint(key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint fail", __func__); verbose("Accepted certificate ID \"%s\" signed by " "%s CA %s from %s@%s", key->cert->key_id, - key_type(key->cert->signature_key), fp, + sshkey_type(key->cert->signature_key), fp, cuser, lookup); } else { if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint fail", __func__); verbose("Accepted %s public key %s from %s@%s", - key_type(key), fp, cuser, lookup); + sshkey_type(key), fp, cuser, lookup); } free(fp); } diff --git a/auth2-kbdint.c b/auth2-kbdint.c index bf75c605..86aad8dd 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -43,7 +43,7 @@ extern ServerOptions options; static int -userauth_kbdint(Authctxt *authctxt) +userauth_kbdint(struct ssh *ssh) { int authenticated = 0; char *lang, *devs; @@ -55,7 +55,7 @@ userauth_kbdint(Authctxt *authctxt) debug("keyboard-interactive devs %s", devs); if (options.challenge_response_authentication) - authenticated = auth2_challenge(authctxt, devs); + authenticated = auth2_challenge(ssh, devs); free(devs); free(lang); diff --git a/auth2-none.c b/auth2-none.c index e71e2219..35d25fa6 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.20 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -37,7 +37,7 @@ #include "atomicio.h" #include "xmalloc.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "packet.h" @@ -47,6 +47,7 @@ #include "servconf.h" #include "compat.h" #include "ssh2.h" +#include "ssherr.h" #ifdef GSSAPI #include "ssh-gss.h" #endif @@ -59,12 +60,15 @@ extern ServerOptions options; static int none_enabled = 1; static int -userauth_none(Authctxt *authctxt) +userauth_none(struct ssh *ssh) { + int r; + none_enabled = 0; - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); if (options.permit_empty_passwd && options.password_authentication) - return (PRIVSEP(auth_password(authctxt, ""))); + return (PRIVSEP(auth_password(ssh->authctxt, ""))); return (0); } diff --git a/auth2-passwd.c b/auth2-passwd.c index b638e871..5f7ba324 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.14 2017/05/30 14:29:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,10 +30,10 @@ #include #include -#include "xmalloc.h" #include "packet.h" +#include "ssherr.h" #include "log.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "buffer.h" @@ -48,26 +48,22 @@ extern ServerOptions options; static int -userauth_passwd(Authctxt *authctxt) +userauth_passwd(struct ssh *ssh) { - char *password, *newpass; - int authenticated = 0; - int change; - u_int len, newlen; + char *password; + int authenticated = 0, r; + u_char change; + size_t len; - change = packet_get_char(); - password = packet_get_string(&len); - if (change) { - /* discard new password from packet */ - newpass = packet_get_string(&newlen); - explicit_bzero(newpass, newlen); - free(newpass); - } - packet_check_eom(); + if ((r = sshpkt_get_u8(ssh, &change)) != 0 || + (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 || + (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); if (change) logit("password change not supported"); - else if (PRIVSEP(auth_password(authctxt, password)) == 1) + else if (PRIVSEP(auth_password(ssh->authctxt, password)) == 1) authenticated = 1; explicit_bzero(password, len); free(password); diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 55de2055..084cbf0e 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.67 2017/05/31 10:54:00 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -52,7 +52,7 @@ #include "misc.h" #include "servconf.h" #include "compat.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "pathnames.h" @@ -76,42 +76,52 @@ extern u_char *session_id2; extern u_int session_id2_len; static int -userauth_pubkey(Authctxt *authctxt) +userauth_pubkey(struct ssh *ssh) { - Buffer b; - Key *key = NULL; - char *pkalg, *userstyle, *fp = NULL; - u_char *pkblob, *sig; - u_int alen, blen, slen; - int have_sig, pktype; + Authctxt *authctxt = ssh->authctxt; + struct sshbuf *b; + struct sshkey *key = NULL; + char *pkalg, *userstyle = NULL, *fp = NULL; + u_char *pkblob, *sig, have_sig; + size_t blen, slen; + int r, pktype; int authenticated = 0; if (!authctxt->valid) { debug2("%s: disabled because of invalid user", __func__); return 0; } - have_sig = packet_get_char(); - if (datafellows & SSH_BUG_PKAUTH) { + if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) + fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); + if (ssh->compat & SSH_BUG_PKAUTH) { debug2("%s: SSH_BUG_PKAUTH", __func__); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* no explicit pkalg given */ - pkblob = packet_get_string(&blen); - buffer_init(&b); - buffer_append(&b, pkblob, blen); /* so we have to extract the pkalg from the pkblob */ - pkalg = buffer_get_string(&b, &alen); - buffer_free(&b); + /* XXX use sshbuf_from() */ + if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || + (r = sshbuf_put(b, pkblob, blen)) != 0 || + (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0) + fatal("%s: failed: %s", __func__, ssh_err(r)); + sshbuf_free(b); } else { - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); + if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) + fatal("%s: sshpkt_get_cstring failed: %s", + __func__, ssh_err(r)); } - pktype = key_type_from_name(pkalg); + pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ logit("%s: unsupported public key algorithm: %s", __func__, pkalg); goto done; } - key = key_from_blob(pkblob, blen); + if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { + error("%s: could not parse key: %s", __func__, ssh_err(r)); + goto done; + } if (key == NULL) { error("%s: cannot decode key: %s", __func__, pkalg); goto done; @@ -121,15 +131,15 @@ userauth_pubkey(Authctxt *authctxt) "(received %d, expected %d)", __func__, key->type, pktype); goto done; } - if (key_type_plain(key->type) == KEY_RSA && - (datafellows & SSH_BUG_RSASIGMD5) != 0) { + if (sshkey_type_plain(key->type) == KEY_RSA && + (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { logit("Refusing RSA key because client uses unsafe " "signature scheme"); goto done; } fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); if (auth2_userkey_already_used(authctxt, key)) { - logit("refusing previously-used %s key", key_type(key)); + logit("refusing previously-used %s key", sshkey_type(key)); goto done; } if (match_pattern_list(sshkey_ssh_name(key), @@ -142,35 +152,48 @@ userauth_pubkey(Authctxt *authctxt) if (have_sig) { debug3("%s: have signature for %s %s", __func__, sshkey_type(key), fp); - sig = packet_get_string(&slen); - packet_check_eom(); - buffer_init(&b); - if (datafellows & SSH_OLD_SESSIONID) { - buffer_append(&b, session_id2, session_id2_len); + if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if (ssh->compat & SSH_OLD_SESSIONID) { + if ((r = sshbuf_put(b, session_id2, + session_id2_len)) != 0) + fatal("%s: sshbuf_put session id: %s", + __func__, ssh_err(r)); } else { - buffer_put_string(&b, session_id2, session_id2_len); + if ((r = sshbuf_put_string(b, session_id2, + session_id2_len)) != 0) + fatal("%s: sshbuf_put_string session id: %s", + __func__, ssh_err(r)); } /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); - buffer_put_cstring(&b, userstyle); - free(userstyle); - buffer_put_cstring(&b, - datafellows & SSH_BUG_PKSERVICE ? - "ssh-userauth" : - authctxt->service); - if (datafellows & SSH_BUG_PKAUTH) { - buffer_put_char(&b, have_sig); + if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshbuf_put_cstring(b, userstyle)) != 0 || + (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ? + "ssh-userauth" : authctxt->service)) != 0) + fatal("%s: build packet failed: %s", + __func__, ssh_err(r)); + if (ssh->compat & SSH_BUG_PKAUTH) { + if ((r = sshbuf_put_u8(b, have_sig)) != 0) + fatal("%s: build packet failed: %s", + __func__, ssh_err(r)); } else { - buffer_put_cstring(&b, "publickey"); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, pkalg); + if ((r = sshbuf_put_cstring(b, "publickey")) != 0 || + (r = sshbuf_put_u8(b, have_sig)) != 0 || + (r = sshbuf_put_cstring(b, pkalg) != 0)) + fatal("%s: build packet failed: %s", + __func__, ssh_err(r)); } - buffer_put_string(&b, pkblob, blen); + if ((r = sshbuf_put_string(b, pkblob, blen)) != 0) + fatal("%s: build packet failed: %s", + __func__, ssh_err(r)); #ifdef DEBUG_PK - buffer_dump(&b); + sshbuf_dump(b, stderr); #endif pubkey_auth_info(authctxt, key, NULL); @@ -186,6 +209,7 @@ userauth_pubkey(Authctxt *authctxt) DWORD token = 0; extern int auth_sock; int r = 0; + int ssh_request_reply(int , struct sshbuf *, struct sshbuf *); while (1) { msg = sshbuf_new(); @@ -197,7 +221,7 @@ userauth_pubkey(Authctxt *authctxt) (r = sshbuf_put_string(msg, blob, blen)) != 0 || (r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 || (r = sshbuf_put_string(msg, sig, slen)) != 0 || - (r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 || + (r = sshbuf_put_string(msg, sshbuf_ptr(b), sshbuf_len(b))) != 0 || (r = ssh_request_reply(auth_sock, msg, msg)) != 0 || (r = sshbuf_get_u32(msg, &token)) != 0) { debug("auth agent did not authorize client %s", authctxt->user); @@ -222,21 +246,22 @@ userauth_pubkey(Authctxt *authctxt) #else /* !WINDOWS */ if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) && - PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) { + PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), + sshbuf_len(b), ssh->compat)) == 0) { authenticated = 1; /* Record the successful key to prevent reuse */ auth2_record_userkey(authctxt, key); key = NULL; /* Don't free below */ } - buffer_free(&b); + sshbuf_free(b); free(sig); #endif /* !WINDOWS */ } else { debug("%s: test whether pkalg/pkblob are acceptable for %s %s", __func__, sshkey_type(key), fp); - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); /* XXX fake reply and always send PK_OK ? */ /* @@ -247,11 +272,13 @@ userauth_pubkey(Authctxt *authctxt) * issue? -markus */ if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) { - packet_start(SSH2_MSG_USERAUTH_PK_OK); - packet_put_string(pkalg, alen); - packet_put_string(pkblob, blen); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK)) + != 0 || + (r = sshpkt_put_cstring(ssh, pkalg)) != 0 || + (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + ssh_packet_write_wait(ssh); authctxt->postponed = 1; } } @@ -260,7 +287,8 @@ userauth_pubkey(Authctxt *authctxt) done: debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); if (key != NULL) - key_free(key); + sshkey_free(key); + free(userstyle); free(pkalg); free(pkblob); free(fp); @@ -268,7 +296,8 @@ userauth_pubkey(Authctxt *authctxt) } void -pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) +pubkey_auth_info(Authctxt *authctxt, const struct sshkey *key, + const char *fmt, ...) { char *fp, *extra; va_list ap; @@ -280,23 +309,23 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) i = vasprintf(&extra, fmt, ap); va_end(ap); if (i < 0 || extra == NULL) - fatal("%s: vasprintf failed", __func__); + fatal("%s: vasprintf failed", __func__); } - if (key_is_cert(key)) { + if (sshkey_is_cert(key)) { fp = sshkey_fingerprint(key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT); auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", - key_type(key), key->cert->key_id, + sshkey_type(key), key->cert->key_id, (unsigned long long)key->cert->serial, - key_type(key->cert->signature_key), + sshkey_type(key->cert->signature_key), fp == NULL ? "(null)" : fp, extra == NULL ? "" : ", ", extra == NULL ? "" : extra); free(fp); } else { fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); - auth_info(authctxt, "%s %s%s%s", key_type(key), + auth_info(authctxt, "%s %s%s%s", sshkey_type(key), fp == NULL ? "(null)" : fp, extra == NULL ? "" : ", ", extra == NULL ? "" : extra); free(fp); @@ -612,7 +641,7 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert) } static int -process_principals(FILE *f, char *file, struct passwd *pw, +process_principals(FILE *f, const char *file, struct passwd *pw, const struct sshkey_cert *cert) { char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; @@ -650,8 +679,7 @@ process_principals(FILE *f, char *file, struct passwd *pw, for (i = 0; i < cert->nprincipals; i++) { if (strcmp(cp, cert->principals[i]) == 0) { debug3("%s:%lu: matched principal \"%.100s\"", - file == NULL ? "(command)" : file, - linenum, cert->principals[i]); + file, linenum, cert->principals[i]); if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; @@ -782,7 +810,7 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) uid_swapped = 1; temporarily_use_uid(pw); - ok = process_principals(f, NULL, pw, cert); + ok = process_principals(f, "(command)", pw, cert); fclose(f); f = NULL; @@ -814,16 +842,13 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) * returns 1 if the key is allowed or 0 otherwise. */ static int -check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) +check_authkeys_file(FILE *f, char *file, struct sshkey *key, struct passwd *pw) { char line[SSH_MAX_PUBKEY_BYTES]; int found_key = 0; u_long linenum = 0; - Key *found; - - found_key = 0; + struct sshkey *found = NULL; - found = NULL; while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp, *key_options = NULL, *fp = NULL; const char *reason = NULL; @@ -832,8 +857,10 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) if (found_key) continue; if (found != NULL) - key_free(found); - found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); + sshkey_free(found); + found = sshkey_new(sshkey_is_cert(key) ? KEY_UNSPEC : key->type); + if (found == NULL) + goto done; auth_clear_options(); /* Skip leading whitespace, empty and comment lines. */ @@ -842,7 +869,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) if (!*cp || *cp == '\n' || *cp == '#') continue; - if (key_read(found, &cp) != 1) { + if (sshkey_read(found, &cp) != 0) { /* no key? check if there are options for this key */ int quoted = 0; debug2("user_key_allowed: check options: '%s'", cp); @@ -856,14 +883,14 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) /* Skip remaining whitespace. */ for (; *cp == ' ' || *cp == '\t'; cp++) ; - if (key_read(found, &cp) != 1) { + if (sshkey_read(found, &cp) != 0) { debug2("user_key_allowed: advance: '%s'", cp); /* still no key? advance to next line*/ continue; } } - if (key_is_cert(key)) { - if (!key_equal(found, key->cert->signature_key)) + if (sshkey_is_cert(key)) { + if (!sshkey_equal(found, key->cert->signature_key)) continue; if (auth_parse_options(pw, key_options, file, linenum) != 1) @@ -874,7 +901,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) continue; debug("matching CA found: file %s, line %lu, %s %s", - file, linenum, key_type(found), fp); + file, linenum, sshkey_type(found), fp); /* * If the user has specified a list of principals as * a key option, then prefer that list to matching @@ -891,7 +918,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) auth_debug_add("%s", reason); continue; } - if (key_cert_check_authority(key, 0, 0, + if (sshkey_cert_check_authority(key, 0, 0, authorized_principals == NULL ? pw->pw_name : NULL, &reason) != 0) goto fail_reason; @@ -900,11 +927,11 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) verbose("Accepted certificate ID \"%s\" (serial %llu) " "signed by %s CA %s via %s", key->cert->key_id, (unsigned long long)key->cert->serial, - key_type(found), fp, file); + sshkey_type(found), fp, file); free(fp); found_key = 1; break; - } else if (key_equal(found, key)) { + } else if (sshkey_equal(found, key)) { if (auth_parse_options(pw, key_options, file, linenum) != 1) continue; @@ -914,14 +941,15 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) continue; debug("matching key found: file %s, line %lu %s %s", - file, linenum, key_type(found), fp); + file, linenum, sshkey_type(found), fp); free(fp); found_key = 1; continue; } } + done: if (found != NULL) - key_free(found); + sshkey_free(found); if (!found_key) debug2("key not found"); return found_key; @@ -929,24 +957,24 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) /* Authenticate a certificate key against TrustedUserCAKeys */ static int -user_cert_trusted_ca(struct passwd *pw, Key *key) +user_cert_trusted_ca(struct passwd *pw, struct sshkey *key) { char *ca_fp, *principals_file = NULL; const char *reason; - int ret = 0, found_principal = 0, use_authorized_principals; + int r, ret = 0, found_principal = 0, use_authorized_principals; - if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) + if (!sshkey_is_cert(key) || options.trusted_user_ca_keys == NULL) return 0; if ((ca_fp = sshkey_fingerprint(key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) return 0; - if (sshkey_in_file(key->cert->signature_key, - options.trusted_user_ca_keys, 1, 0) != 0) { - debug2("%s: CA %s %s is not listed in %s", __func__, - key_type(key->cert->signature_key), ca_fp, - options.trusted_user_ca_keys); + if ((r = sshkey_in_file(key->cert->signature_key, + options.trusted_user_ca_keys, 1, 0)) != 0) { + debug2("%s: CA %s %s is not listed in %s: %s", __func__, + sshkey_type(key->cert->signature_key), ca_fp, + options.trusted_user_ca_keys, ssh_err(r)); goto out; } /* @@ -971,7 +999,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) auth_debug_add("%s", reason); goto out; } - if (key_cert_check_authority(key, 0, 1, + if (sshkey_cert_check_authority(key, 0, 1, use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) goto fail_reason; if (auth_cert_options(key, pw, &reason) != 0) @@ -980,7 +1008,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " "%s CA %s via %s", key->cert->key_id, (unsigned long long)key->cert->serial, - key_type(key->cert->signature_key), ca_fp, + sshkey_type(key->cert->signature_key), ca_fp, options.trusted_user_ca_keys); ret = 1; @@ -995,7 +1023,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) * returns 1 if the key is allowed or 0 otherwise. */ static int -user_key_allowed2(struct passwd *pw, Key *key, char *file) +user_key_allowed2(struct passwd *pw, struct sshkey *key, char *file) { FILE *f; int found_key = 0; @@ -1018,7 +1046,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) * returns 1 if the key is allowed or 0 otherwise. */ static int -user_key_command_allowed2(struct passwd *user_pw, Key *key) +user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key) { FILE *f = NULL; int r, ok, found_key = 0; @@ -1141,14 +1169,15 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) * Check whether key authenticates and authorises the user. */ int -user_key_allowed(struct passwd *pw, Key *key, int auth_attempt) +user_key_allowed(struct passwd *pw, struct sshkey *key, int auth_attempt) { u_int success, i; char *file; if (auth_key_is_revoked(key)) return 0; - if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) + if (sshkey_is_cert(key) && + auth_key_is_revoked(key->cert->signature_key)) return 0; success = user_cert_trusted_ca(pw, key); @@ -1180,9 +1209,10 @@ auth2_record_userkey(Authctxt *authctxt, struct sshkey *key) struct sshkey **tmp; if (authctxt->nprev_userkeys >= INT_MAX || - (tmp = reallocarray(authctxt->prev_userkeys, - authctxt->nprev_userkeys + 1, sizeof(*tmp))) == NULL) - fatal("%s: reallocarray failed", __func__); + (tmp = recallocarray(authctxt->prev_userkeys, + authctxt->nprev_userkeys, authctxt->nprev_userkeys + 1, + sizeof(*tmp))) == NULL) + fatal("%s: recallocarray failed", __func__); authctxt->prev_userkeys = tmp; authctxt->prev_userkeys[authctxt->nprev_userkeys] = key; authctxt->nprev_userkeys++; diff --git a/auth2.c b/auth2.c index 97dd2ef0..cb4c2fd5 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.142 2017/05/31 07:00:13 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -87,8 +87,8 @@ Authmethod *authmethods[] = { /* protocol */ -static int input_service_request(int, u_int32_t, void *); -static int input_userauth_request(int, u_int32_t, void *); +static int input_service_request(int, u_int32_t, struct ssh *); +static int input_userauth_request(int, u_int32_t, struct ssh *); /* helper */ static Authmethod *authmethod_lookup(Authctxt *, const char *); @@ -168,16 +168,19 @@ userauth_banner(void) void do_authentication2(Authctxt *authctxt) { - dispatch_init(&dispatch_protocol_error); - dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); - dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); + struct ssh *ssh = active_state; /* XXX */ + ssh->authctxt = authctxt; /* XXX move to caller */ + ssh_dispatch_init(ssh, &dispatch_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request); + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success); + ssh->authctxt = NULL; } /*ARGSUSED*/ static int -input_service_request(int type, u_int32_t seq, void *ctxt) +input_service_request(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; u_int len; int acceptit = 0; char *service = packet_get_cstring(&len); @@ -190,7 +193,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) if (!authctxt->success) { acceptit = 1; /* now we can handle user-auth requests */ - dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); } } /* XXX all other service requests are denied */ @@ -210,10 +213,9 @@ input_service_request(int type, u_int32_t seq, void *ctxt) /*ARGSUSED*/ static int -input_userauth_request(int type, u_int32_t seq, void *ctxt) +input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; @@ -267,12 +269,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) authctxt->user, authctxt->service, user, service); } /* reset state */ - auth2_challenge_stop(authctxt); + auth2_challenge_stop(ssh); #ifdef GSSAPI /* XXX move to auth2_gssapi_stop() */ - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); #endif authctxt->postponed = 0; @@ -282,9 +284,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) m = authmethod_lookup(authctxt, method); if (m != NULL && authctxt->failures < options.max_authtries) { debug2("input_userauth_request: try method %s", method); - authenticated = m->userauth(authctxt); + authenticated = m->userauth(ssh); } - userauth_finish(authctxt, authenticated, method, NULL); + userauth_finish(ssh, authenticated, method, NULL); free(service); free(user); @@ -293,10 +295,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } void -userauth_finish(Authctxt *authctxt, int authenticated, const char *method, +userauth_finish(struct ssh *ssh, int authenticated, const char *method, const char *submethod) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = ssh->authctxt; char *methods; int partial = 0; @@ -352,7 +354,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, if (authenticated == 1) { /* turn off userauth */ - dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); packet_start(SSH2_MSG_USERAUTH_SUCCESS); packet_send(); packet_write_wait(); diff --git a/authfile.c b/authfile.c index 807d2816..2f547571 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.124 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -101,25 +101,13 @@ sshkey_load_file(int fd, struct sshbuf *blob) u_char buf[1024]; size_t len; struct stat st; - int r, dontmax = 0; + int r; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) return SSH_ERR_INVALID_FORMAT; - /* - * Pre-allocate the buffer used for the key contents and clamp its - * maximum size. This ensures that key contents are never leaked via - * implicit realloc() in the sshbuf code. - */ - if ((st.st_mode & S_IFREG) == 0 || st.st_size <= 0) { - st.st_size = 64*1024; /* 64k ought to be enough for anybody. :) */ - dontmax = 1; - } - if ((r = sshbuf_allocate(blob, st.st_size)) != 0 || - (dontmax && (r = sshbuf_set_max_size(blob, st.st_size)) != 0)) - return r; for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) @@ -326,50 +314,48 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) return SSH_ERR_INVALID_FORMAT; } -/* load public key from ssh v1 private or any pubkey file */ +/* load public key from any pubkey file */ int sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) { struct sshkey *pub = NULL; - char file[PATH_MAX]; - int r, fd; + char *file = NULL; + int r; if (keyp != NULL) *keyp = NULL; if (commentp != NULL) *commentp = NULL; - /* XXX should load file once and attempt to parse each format */ - - if ((fd = open(filename, O_RDONLY)) < 0) - goto skip; - close(fd); - - /* try ssh2 public key */ if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { - if (keyp != NULL) + if (keyp != NULL) { *keyp = pub; - return 0; + pub = NULL; + } + r = 0; + goto out; } sshkey_free(pub); - - skip: /* try .pub suffix */ - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) + if (asprintf(&file, "%s.pub", filename) == -1) return SSH_ERR_ALLOC_FAIL; - r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ - if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && - (strlcat(file, ".pub", sizeof file) < sizeof(file)) && - (r = sshkey_try_load_public(pub, file, commentp)) == 0) { - if (keyp != NULL) + if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) { + if (keyp != NULL) { *keyp = pub; - return 0; + pub = NULL; + } + r = 0; } + out: + free(file); sshkey_free(pub); - return r; } diff --git a/bitmap.c b/bitmap.c index 3d7aa137..5089b040 100644 --- a/bitmap.c +++ b/bitmap.c @@ -87,10 +87,10 @@ reserve(struct bitmap *b, u_int n) return -1; /* invalid */ nlen = (n / BITMAP_BITS) + 1; if (b->len < nlen) { - if ((tmp = reallocarray(b->d, nlen, BITMAP_BYTES)) == NULL) + if ((tmp = recallocarray(b->d, b->len, + nlen, BITMAP_BYTES)) == NULL) return -1; b->d = tmp; - memset(b->d + b->len, 0, (nlen - b->len) * BITMAP_BYTES); b->len = nlen; } return 0; @@ -189,7 +189,7 @@ bitmap_from_string(struct bitmap *b, const void *p, size_t l) { int r; size_t i, offset, shift; - u_char *s = (u_char *)p; + const u_char *s = (const u_char *)p; if (l > BITMAP_MAX / 8) return -1; diff --git a/channels.c b/channels.c index b40ce53a..4b21c218 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.359 2017/04/30 23:28:41 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.365 2017/05/31 08:58:52 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -242,8 +242,6 @@ channel_lookup(int id) case SSH_CHANNEL_DYNAMIC: case SSH_CHANNEL_OPENING: case SSH_CHANNEL_OPEN: - case SSH_CHANNEL_INPUT_DRAINING: - case SSH_CHANNEL_OUTPUT_DRAINING: case SSH_CHANNEL_ABANDONED: case SSH_CHANNEL_MUX_PROXY: return (c); @@ -481,8 +479,6 @@ channel_free(Channel *c) debug3("channel %d: status: %s", c->self, s); free(s); - if (c->sock != -1) - shutdown(c->sock, SHUT_RDWR); channel_close_fds(c); buffer_free(&c->input); buffer_free(&c->output); @@ -614,9 +610,6 @@ channel_still_open(void) case SSH_CHANNEL_MUX_CLIENT: case SSH_CHANNEL_MUX_PROXY: return 1; - case SSH_CHANNEL_INPUT_DRAINING: - case SSH_CHANNEL_OUTPUT_DRAINING: - fatal("cannot happen: OUT_DRAIN"); default: fatal("%s: bad channel type %d", __func__, c->type); /* NOTREACHED */ @@ -657,9 +650,6 @@ channel_find_open(void) case SSH_CHANNEL_OPEN: case SSH_CHANNEL_X11_OPEN: return i; - case SSH_CHANNEL_INPUT_DRAINING: - case SSH_CHANNEL_OUTPUT_DRAINING: - fatal("cannot happen: OUT_DRAIN"); default: fatal("%s: bad channel type %d", __func__, c->type); /* NOTREACHED */ @@ -706,8 +696,6 @@ channel_open_message(void) case SSH_CHANNEL_DYNAMIC: case SSH_CHANNEL_OPEN: case SSH_CHANNEL_X11_OPEN: - case SSH_CHANNEL_INPUT_DRAINING: - case SSH_CHANNEL_OUTPUT_DRAINING: case SSH_CHANNEL_MUX_PROXY: case SSH_CHANNEL_MUX_CLIENT: snprintf(buf, sizeof buf, @@ -1085,9 +1073,11 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) buffer_get(&c->input, (char *)&s4_req.dest_addr, 4); have = buffer_len(&c->input); p = (char *)buffer_ptr(&c->input); - if (memchr(p, '\0', have) == NULL) - fatal("channel %d: decode socks4: user not nul terminated", + if (memchr(p, '\0', have) == NULL) { + error("channel %d: decode socks4: user not nul terminated", c->self); + return -1; + } len = strlen(p); debug2("channel %d: decode socks4: user %s/%d", c->self, p, len); len++; /* trailing '\0' */ @@ -1105,13 +1095,15 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) } else { /* SOCKS4A: two strings */ have = buffer_len(&c->input); p = (char *)buffer_ptr(&c->input); + if (memchr(p, '\0', have) == NULL) { + error("channel %d: decode socks4a: host not nul " + "terminated", c->self); + return -1; + } len = strlen(p); debug2("channel %d: decode socks4a: host %s/%d", c->self, p, len); len++; /* trailing '\0' */ - if (len > have) - fatal("channel %d: decode socks4a: len %d > have %d", - c->self, len, have); if (len > NI_MAXHOST) { error("channel %d: hostname \"%.100s\" too long", c->self, p); @@ -2406,9 +2398,8 @@ channel_proxy_downstream(Channel *downstream) * replaces local (proxy) channel ID with downstream channel ID. */ int -channel_proxy_upstream(Channel *c, int type, u_int32_t seq, void *ctxt) +channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = active_state; struct sshbuf *b = NULL; Channel *downstream; const u_char *cp = NULL; @@ -2488,7 +2479,7 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -channel_input_data(int type, u_int32_t seq, void *ctxt) +channel_input_data(int type, u_int32_t seq, struct ssh *ssh) { int id; const u_char *data; @@ -2500,7 +2491,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) c = channel_lookup(id); if (c == NULL) packet_disconnect("Received data for nonexistent channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; /* Ignore any data for non-open channels (might happen on close) */ @@ -2548,7 +2539,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -channel_input_extended_data(int type, u_int32_t seq, void *ctxt) +channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh) { int id; char *data; @@ -2561,7 +2552,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) if (c == NULL) packet_disconnect("Received extended_data for bad channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; if (c->type != SSH_CHANNEL_OPEN) { logit("channel %d: ext data for non open", id); @@ -2598,7 +2589,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -channel_input_ieof(int type, u_int32_t seq, void *ctxt) +channel_input_ieof(int type, u_int32_t seq, struct ssh *ssh) { int id; Channel *c; @@ -2608,7 +2599,7 @@ channel_input_ieof(int type, u_int32_t seq, void *ctxt) c = channel_lookup(id); if (c == NULL) packet_disconnect("Received ieof for nonexistent channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; chan_rcvd_ieof(c); @@ -2622,17 +2613,16 @@ channel_input_ieof(int type, u_int32_t seq, void *ctxt) return 0; } -/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ /* ARGSUSED */ int -channel_input_oclose(int type, u_int32_t seq, void *ctxt) +channel_input_oclose(int type, u_int32_t seq, struct ssh *ssh) { int id = packet_get_int(); Channel *c = channel_lookup(id); if (c == NULL) packet_disconnect("Received oclose for nonexistent channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; packet_check_eom(); chan_rcvd_oclose(c); @@ -2641,27 +2631,7 @@ channel_input_oclose(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) -{ - int id = packet_get_int(); - Channel *c = channel_lookup(id); - - if (c == NULL) - packet_disconnect("Received close confirmation for " - "out-of-range channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) - return 0; - packet_check_eom(); - if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED) - packet_disconnect("Received close confirmation for " - "non-closed channel %d (type %d).", id, c->type); - channel_free(c); - return 0; -} - -/* ARGSUSED */ -int -channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) +channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) { int id, remote_id; Channel *c; @@ -2672,7 +2642,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) if (c==NULL) packet_disconnect("Received open confirmation for " "unknown channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; if (c->type != SSH_CHANNEL_OPENING) packet_disconnect("Received open confirmation for " @@ -2713,7 +2683,7 @@ reason2txt(int reason) /* ARGSUSED */ int -channel_input_open_failure(int type, u_int32_t seq, void *ctxt) +channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh) { int id, reason; char *msg = NULL, *lang = NULL; @@ -2725,7 +2695,7 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) if (c==NULL) packet_disconnect("Received open failure for " "unknown channel %d.", id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; if (c->type != SSH_CHANNEL_OPENING) packet_disconnect("Received open failure for " @@ -2752,7 +2722,7 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) +channel_input_window_adjust(int type, u_int32_t seq, struct ssh *ssh) { Channel *c; int id; @@ -2766,7 +2736,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) logit("Received window adjust for non-open channel %d.", id); return 0; } - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; adjust = packet_get_int(); packet_check_eom(); @@ -2780,7 +2750,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) +channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh) { Channel *c; struct channel_confirm *cc; @@ -2796,7 +2766,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) logit("channel_input_status_confirm: %d: unknown", id); return 0; } - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; packet_check_eom(); if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) @@ -3224,7 +3194,7 @@ channel_cancel_lport_listener(struct Forward *fwd, int cport, struct ForwardOpti return channel_cancel_lport_listener_tcpip(fwd->listen_host, fwd->listen_port, cport, fwd_opts); } -/* protocol local port fwd, used by ssh (and sshd in v1) */ +/* protocol local port fwd, used by ssh */ int channel_setup_local_fwd_listener(struct Forward *fwd, struct ForwardOptions *fwd_opts) { diff --git a/channels.h b/channels.h index 4e9b77de..36e5363a 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.123 2017/04/30 23:28:41 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.126 2017/05/30 14:23:52 markus Exp $ */ /* * Author: Tatu Ylonen @@ -46,8 +46,6 @@ #define SSH_CHANNEL_CLOSED 5 /* waiting for close confirmation */ #define SSH_CHANNEL_AUTH_SOCKET 6 /* authentication socket */ #define SSH_CHANNEL_X11_OPEN 7 /* reading first X11 packet */ -#define SSH_CHANNEL_INPUT_DRAINING 8 /* sending remaining data to conn */ -#define SSH_CHANNEL_OUTPUT_DRAINING 9 /* sending remaining data to app */ #define SSH_CHANNEL_LARVAL 10 /* larval session */ #define SSH_CHANNEL_RPORT_LISTENER 11 /* Listening to a R-style port */ #define SSH_CHANNEL_CONNECTING 12 @@ -63,6 +61,7 @@ #define CHANNEL_CANCEL_PORT_STATIC -1 +struct ssh; struct Channel; typedef struct Channel Channel; @@ -234,19 +233,19 @@ void channel_send_window_changes(void); /* mux proxy support */ int channel_proxy_downstream(Channel *mc); -int channel_proxy_upstream(Channel *, int, u_int32_t, void *); +int channel_proxy_upstream(Channel *, int, u_int32_t, struct ssh *); /* protocol handler */ -int channel_input_close_confirmation(int, u_int32_t, void *); -int channel_input_data(int, u_int32_t, void *); -int channel_input_extended_data(int, u_int32_t, void *); -int channel_input_ieof(int, u_int32_t, void *); -int channel_input_oclose(int, u_int32_t, void *); -int channel_input_open_confirmation(int, u_int32_t, void *); -int channel_input_open_failure(int, u_int32_t, void *); -int channel_input_window_adjust(int, u_int32_t, void *); -int channel_input_status_confirm(int, u_int32_t, void *); +int channel_input_data(int, u_int32_t, struct ssh *); +int channel_input_extended_data(int, u_int32_t, struct ssh *); +int channel_input_ieof(int, u_int32_t, struct ssh *); +int channel_input_oclose(int, u_int32_t, struct ssh *); +int channel_input_open_confirmation(int, u_int32_t, struct ssh *); +int channel_input_open_failure(int, u_int32_t, struct ssh *); +int channel_input_port_open(int, u_int32_t, struct ssh *); +int channel_input_window_adjust(int, u_int32_t, struct ssh *); +int channel_input_status_confirm(int, u_int32_t, struct ssh *); /* file descriptor handling (read/write) */ diff --git a/clientloop.c b/clientloop.c index a9ec3924..284b08e6 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.296 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: clientloop.c,v 1.299 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -459,7 +459,7 @@ client_check_window_change(void) } static int -client_global_request_reply(int type, u_int32_t seq, void *ctxt) +client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh) { struct global_confirm *gc; @@ -1171,7 +1171,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, static void client_process_buffered_input_packets(void) { - dispatch_run(DISPATCH_NONBLOCK, &quit_pending, active_state); + ssh_dispatch_run_fatal(active_state, DISPATCH_NONBLOCK, &quit_pending); } /* scan buf[] for '~' before sending data to the peer */ @@ -1646,7 +1646,7 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) /* XXXX move to generic input handler */ static int -client_input_channel_open(int type, u_int32_t seq, void *ctxt) +client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = NULL; char *ctype; @@ -1702,7 +1702,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) } static int -client_input_channel_req(int type, u_int32_t seq, void *ctxt) +client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = NULL; int exitval, id, reply, success = 0; @@ -1710,7 +1710,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) id = packet_get_int(); c = channel_lookup(id); - if (channel_proxy_upstream(c, type, seq, ctxt)) + if (channel_proxy_upstream(c, type, seq, ssh)) return 0; rtype = packet_get_string(NULL); reply = packet_get_char(); @@ -1816,9 +1816,9 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) /* This line contained a key that not offered by the server */ debug3("%s: deprecated %s key at %s:%ld", __func__, sshkey_ssh_name(l->key), l->path, l->linenum); - if ((tmp = reallocarray(ctx->old_keys, ctx->nold + 1, + if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, sizeof(*ctx->old_keys))) == NULL) - fatal("%s: reallocarray failed nold = %zu", + fatal("%s: recallocarray failed nold = %zu", __func__, ctx->nold); ctx->old_keys = tmp; ctx->old_keys[ctx->nold++] = l->key; @@ -2050,9 +2050,9 @@ client_input_hostkeys(void) } } /* Key is good, record it */ - if ((tmp = reallocarray(ctx->keys, ctx->nkeys + 1, + if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, sizeof(*ctx->keys))) == NULL) - fatal("%s: reallocarray failed nkeys = %zu", + fatal("%s: recallocarray failed nkeys = %zu", __func__, ctx->nkeys); ctx->keys = tmp; ctx->keys[ctx->nkeys++] = key; @@ -2140,7 +2140,7 @@ client_input_hostkeys(void) } static int -client_input_global_request(int type, u_int32_t seq, void *ctxt) +client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) { char *rtype; int want_reply; diff --git a/configure.ac b/configure.ac index 5cfea38c..46f7d495 100644 --- a/configure.ac +++ b/configure.ac @@ -1678,6 +1678,7 @@ AC_CHECK_FUNCS([ \ getgrouplist \ getnameinfo \ getopt \ + getpagesize \ getpeereid \ getpeerucred \ getpgid \ @@ -1708,6 +1709,7 @@ AC_CHECK_FUNCS([ \ readpassphrase \ reallocarray \ recvmsg \ + recallocarray \ rresvport_af \ sendmsg \ setdtablesize \ @@ -3162,7 +3164,8 @@ AC_RUN_IFELSE( select_works_with_rlimit=yes], [AC_MSG_RESULT([no]) select_works_with_rlimit=no], - [AC_MSG_WARN([cross compiling: assuming yes])] + [AC_MSG_WARN([cross compiling: assuming yes]) + select_works_with_rlimit=yes] ) AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) @@ -3188,7 +3191,8 @@ AC_RUN_IFELSE( rlimit_nofile_zero_works=yes], [AC_MSG_RESULT([no]) rlimit_nofile_zero_works=no], - [AC_MSG_WARN([cross compiling: assuming yes])] + [AC_MSG_WARN([cross compiling: assuming yes]) + rlimit_nofile_zero_works=yes] ) AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) diff --git a/contrib/win32/openssh/FixHostFilePermissions.ps1 b/contrib/win32/openssh/FixHostFilePermissions.ps1 index b24e0db9..e15e16f2 100644 --- a/contrib/win32/openssh/FixHostFilePermissions.ps1 +++ b/contrib/win32/openssh/FixHostFilePermissions.ps1 @@ -1,11 +1,14 @@ -param ([switch]$Quiet) -Import-Module $PSScriptRoot\OpenSSHUtils.psm1 -Force -DisableNameChecking +[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] +param () +Set-StrictMode -Version 2.0 +If (!(Test-Path variable:PSScriptRoot)) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Definition} +Import-Module $PSScriptRoot\OpenSSHUtils -Force #check sshd config file $sshdConfigPath = join-path $PSScriptRoot "sshd_config" if(Test-Path $sshdConfigPath -PathType Leaf) { - Fix-HostSSHDConfigPermissions -FilePath $sshdConfigPath @psBoundParameters + Repair-SshdConfigPermission -FilePath $sshdConfigPath @psBoundParameters } else { @@ -13,16 +16,16 @@ else } #check host keys -<#$result = 'n' -if (-not $Quiet) { - Do - { - $input = Read-Host -Prompt "Did you register host private keys with ssh-agent? [Yes] Y; [No] N" - } until ($input -match "^(y(es)?|N(o)?)$") - $result = $Matches[0] -} +<# +$warning = @" +To keep the host private keys secure, it is recommended to register them with ssh-agent following +steps in link https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH. +If you choose not to register the keys with ssh-agent, please grant sshd read access to the private host keys after run this script. +"@ +$prompt = "Did you register host private keys with ssh-agent?" +$description = "Grant sshd read access to the private host keys" -if($result.ToLower().Startswith('n')) +if($pscmdlet.ShouldProcess($description, $prompt, $warning)) { $warning = @" To keep the host private keys secure, it is recommended to register them with ssh-agent following @@ -33,18 +36,23 @@ If you choose not to register the keys with ssh-agent, please grant sshd read ac Write-Host " " }#> -Get-ChildItem $PSScriptRoot\ssh_host_*_key -ErrorAction Ignore | % { - Fix-HostKeyPermissions -FilePath $_.FullName @psBoundParameters +Get-ChildItem $PSScriptRoot\ssh_host_*_key -ErrorAction SilentlyContinue | % { + Repair-SshdHostKeyPermission -FilePath $_.FullName @psBoundParameters } #check authorized_keys -Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" -ErrorAction Ignore | % { - $userProfilePath = Get-ItemPropertyValue $_.pspath -Name ProfileImagePath -ErrorAction Ignore +Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" -ErrorAction SilentlyContinue | % { + $properties = Get-ItemProperty $_.pspath -ErrorAction SilentlyContinue + $userProfilePath = "" + if($properties) + { + $userProfilePath = $properties.ProfileImagePath + } $filePath = Join-Path $userProfilePath .ssh\authorized_keys if(Test-Path $filePath -PathType Leaf) { - Fix-AuthorizedKeyPermissions -FilePath $filePath @psBoundParameters + Repair-AuthorizedKeyPermission -FilePath $filePath @psBoundParameters } } diff --git a/contrib/win32/openssh/FixUserFilePermissions.ps1 b/contrib/win32/openssh/FixUserFilePermissions.ps1 index 123c6b38..93e64680 100644 --- a/contrib/win32/openssh/FixUserFilePermissions.ps1 +++ b/contrib/win32/openssh/FixUserFilePermissions.ps1 @@ -1,13 +1,17 @@ -param ([switch]$Quiet) -Import-Module $PSScriptRoot\OpenSSHUtils.psm1 -Force -DisableNameChecking +[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] +param () +Set-StrictMode -Version 2.0 +If (!(Test-Path variable:PSScriptRoot)) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Definition} + +Import-Module $PSScriptRoot\OpenSSHUtils -Force if(Test-Path ~\.ssh\config -PathType Leaf) { - Fix-UserSSHConfigPermissions -FilePath ~\.ssh\config @psBoundParameters + Repair-UserSshConfigPermission -FilePath ~\.ssh\config @psBoundParameters } -Get-ChildItem ~\.ssh\* -Include "id_rsa","id_dsa" -ErrorAction Ignore | % { - Fix-UserKeyPermissions -FilePath $_.FullName @psBoundParameters +Get-ChildItem ~\.ssh\* -Include "id_rsa","id_dsa" -ErrorAction SilentlyContinue | % { + Repair-UserKeyPermission -FilePath $_.FullName @psBoundParameters } Write-Host " Done." diff --git a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 b/contrib/win32/openssh/OpenSSHBuildHelper.psm1 index 8f358c97..dca55219 100644 --- a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 +++ b/contrib/win32/openssh/OpenSSHBuildHelper.psm1 @@ -7,7 +7,8 @@ Import-Module $PSScriptRoot\OpenSSHCommonUtils.psm1 -force -DisableNameChecking [System.IO.DirectoryInfo] $script:gitRoot = $null [bool] $script:Verbose = $false [string] $script:BuildLogFile = $null - +[string] $script:libreSSLSDKStr = "LibreSSLSDK" +[string] $script:win32OpenSSHPath = $null <# Called by Write-BuildMsg to write to the build log, if it exists. #> @@ -245,34 +246,39 @@ function Start-OpenSSHBootstrap } function Clone-Win32OpenSSH -{ +{ [bool] $silent = -not $script:Verbose - $win32OpenSSHPath = join-path $script:gitRoot "Win32-OpenSSH" - if (-not (Test-Path -Path $win32OpenSSHPath -PathType Container)) + if (-not (Test-Path -Path $script:win32OpenSSHPath -PathType Container)) { Write-BuildMsg -AsInfo -Message "clone repo Win32-OpenSSH" -Silent:$silent Push-Location $gitRoot - git clone -q --recursive https://github.com/PowerShell/Win32-OpenSSH.git $win32OpenSSHPath + git clone -q --recursive https://github.com/PowerShell/Win32-OpenSSH.git $script:win32OpenSSHPath Pop-Location } + Write-BuildMsg -AsInfo -Message "pull latest from repo Win32-OpenSSH" -Silent:$silent - Push-Location $win32OpenSSHPath - git fetch -q origin - git checkout -qf L1-Prod + Push-Location $script:win32OpenSSHPath + git fetch -q origin + git checkout -qf L1-Prod Pop-Location } -function Copy-OpenSSLSDK -{ +function Delete-Win32OpenSSH +{ + Remove-Item -Path $script:win32OpenSSHPath -Recurse -Force -ErrorAction SilentlyContinue +} + +function Copy-LibreSSLSDK +{ [bool] $silent = -not $script:Verbose - $sourcePath = Join-Path $script:gitRoot "Win32-OpenSSH\contrib\win32\openssh\OpenSSLSDK" + $sourcePath = Join-Path $script:win32OpenSSHPath "contrib\win32\openssh\LibreSSLSDK" Write-BuildMsg -AsInfo -Message "copying $sourcePath" -Silent:$silent Copy-Item -Container -Path $sourcePath -Destination $PSScriptRoot -Recurse -Force -ErrorAction SilentlyContinue -ErrorVariable e if($e -ne $null) { - Write-BuildMsg -AsError -ErrorAction Stop -Message "Copy OpenSSL from $sourcePath failed " + Write-BuildMsg -AsError -ErrorAction Stop -Message "Copy LibreSSLSDK from $sourcePath to $PSScriptRoot failed" } } @@ -297,14 +303,16 @@ function Package-OpenSSH if($NativeHostArch -ieq 'x86') { $folderName = "Win32" - } + } + $buildDir = Join-Path $repositoryRoot ("bin\" + $folderName + "\" + $Configuration) $payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe" $payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe", "ssh-keyscan.exe" - $payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1", "FixHostFilePermissions.ps1", "FixUserFilePermissions.ps1", "OpenSSHUtils.psm1" + $payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1" + $payload +="FixHostFilePermissions.ps1", "FixUserFilePermissions.ps1", "OpenSSHUtils.psm1", "OpenSSHUtils.psd1", "ssh-add-hostkey.ps1" $packageName = "OpenSSH-Win64" - if ($NativeHostArch -eq 'x86') { + if ($NativeHostArch -ieq 'x86') { $packageName = "OpenSSH-Win32" } while((($service = Get-Service ssh-agent -ErrorAction Ignore) -ne $null) -and ($service.Status -ine 'Stopped')) @@ -337,6 +345,10 @@ function Package-OpenSSH } } + #copy libcrypto-41 dll + $libreSSLSDKPath = Join-Path $PSScriptRoot $script:libreSSLSDKStr + Copy-Item -Path $(Join-Path $libreSSLSDKPath "$NativeHostArch\libcrypto-41.dll") -Destination $packageDir -Force -ErrorAction Stop + if ($DestinationPath -ne "") { if (Test-Path $DestinationPath) { Remove-Item $DestinationPath\* -Force -Recurse -ErrorAction SilentlyContinue @@ -345,20 +357,24 @@ function Package-OpenSSH New-Item -ItemType Directory $DestinationPath -Force | Out-Null } Copy-Item -Path $packageDir\* -Destination $DestinationPath -Force -Recurse + Write-BuildMsg -AsInfo -Message "Copied payload to $DestinationPath" } else { Remove-Item ($packageDir + '.zip') -Force -ErrorAction SilentlyContinue Compress-Archive -Path $packageDir -DestinationPath ($packageDir + '.zip') + Write-BuildMsg -AsInfo -Message "Packaged Payload - '$packageDir'.zip" } Remove-Item $packageDir -Recurse -Force -ErrorAction SilentlyContinue if ($DestinationPath -ne "") { Copy-Item -Path $symbolsDir\* -Destination $DestinationPath -Force -Recurse + Write-BuildMsg -AsInfo -Message "Copied symbols to $DestinationPath" } else { Remove-Item ($symbolsDir + '.zip') -Force -ErrorAction SilentlyContinue Compress-Archive -Path $symbolsDir -DestinationPath ($symbolsDir + '.zip') + Write-BuildMsg -AsInfo -Message "Packaged Symbols - '$symbolsDir'.zip" } Remove-Item $symbolsDir -Recurse -Force -ErrorAction SilentlyContinue } @@ -383,7 +399,7 @@ function Build-OpenSSH # Get openssh-portable root $script:OpenSSHRoot = Get-Item -Path $repositoryRoot.FullName - $script:gitRoot = split-path $script:OpenSSHRoot + $script:gitRoot = split-path $script:OpenSSHRoot if($PSBoundParameters.ContainsKey("Verbose")) { @@ -401,10 +417,12 @@ function Build-OpenSSH Start-OpenSSHBootstrap - if (-not (Test-Path (Join-Path $PSScriptRoot OpenSSLSDK))) + $script:win32OpenSSHPath = join-path $script:gitRoot "Win32-OpenSSH" + if (-not (Test-Path (Join-Path $PSScriptRoot LibreSSLSDK))) { Clone-Win32OpenSSH - Copy-OpenSSLSDK + Copy-LibreSSLSDK + Delete-Win32OpenSSH } if ($NoOpenSSL) @@ -433,7 +451,7 @@ function Build-OpenSSH Write-BuildMsg -AsError -ErrorAction Stop -Message "Build failed for OpenSSH.`nExitCode: $error." } - Write-BuildMsg -AsInfo -Message "SSH build passed." -Silent:$silent + Write-BuildMsg -AsInfo -Message "SSH build successful." } function Get-BuildLogFile @@ -506,7 +524,6 @@ function Install-OpenSSH Adjust-HostKeyFileACL -FilePath $_.FullName } - #machine will be reboot after Install-openssh anyway $machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE') $newMachineEnvironmentPath = $machinePath @@ -523,7 +540,6 @@ function Install-OpenSSH Set-Service sshd -StartupType Automatic Set-Service ssh-agent -StartupType Automatic - Start-Service sshd Pop-Location Write-Log -Message "OpenSSH installed!" @@ -535,7 +551,6 @@ function Install-OpenSSH #> function UnInstall-OpenSSH { - [CmdletBinding()] param ( @@ -561,15 +576,29 @@ function UnInstall-OpenSSH $env:Path = $env:Path.Replace("$OpenSSHDir;", '') } - # Update machine environment path - # machine will be reboot after Uninstall-OpenSSH - if ($newMachineEnvironmentPath -ne $machinePath) + if(Test-Path -Path $OpenSSHDir) { - [Environment]::SetEnvironmentVariable('Path', $newMachineEnvironmentPath, 'MACHINE') - } + Push-Location $OpenSSHDir + &( "$OpenSSHDir\uninstall-sshd.ps1") - Pop-Location -} + $machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE') + $newMachineEnvironmentPath = $machinePath + if ($machinePath.ToLower().Contains($OpenSSHDir.ToLower())) + { + $newMachineEnvironmentPath.Replace("$OpenSSHDir;", '') + $env:Path = $env:Path.Replace("$OpenSSHDir;", '') + } + # Update machine environment path + # machine will be reboot after Uninstall-OpenSSH + if ($newMachineEnvironmentPath -ne $machinePath) + { + [Environment]::SetEnvironmentVariable('Path', $newMachineEnvironmentPath, 'MACHINE') + } + Pop-Location + + Remove-Item -Path $OpenSSHDir -Recurse -Force -ErrorAction SilentlyContinue + } +} Export-ModuleMember -Function Build-OpenSSH, Get-BuildLogFile, Install-OpenSSH, UnInstall-OpenSSH, Package-OpenSSH diff --git a/contrib/win32/openssh/OpenSSHTestHelper.psm1 b/contrib/win32/openssh/OpenSSHTestHelper.psm1 index 3c4f1646..40012037 100644 --- a/contrib/win32/openssh/OpenSSHTestHelper.psm1 +++ b/contrib/win32/openssh/OpenSSHTestHelper.psm1 @@ -158,6 +158,8 @@ WARNING: Following changes will be made to OpenSSH configuration # copy new sshd_config Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) (Join-Path $script:OpenSSHBinPath sshd_config) -Force + Start-Service ssh-agent + #copy sshtest keys Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*"| % { @@ -165,17 +167,11 @@ WARNING: Following changes will be made to OpenSSH configuration (Get-Content $_.FullName -Raw).Replace("`r`n","`n") | Set-Content $_.FullName -Force Adjust-HostKeyFileACL -FilePath $_.FullName if (-not ($_.Name.EndsWith(".pub"))) { - Add-PermissionToFileACL -FilePath $_.FullName -User "NT Service\sshd" -Perm "Read" + #register private key with agent + ssh-add-hostkey.ps1 $_.FullName } } - #register host keys with agent - <#Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*"| % { - if (-not ($_.Name.EndsWith(".pub"))) { - & "$env:ProgramData\chocolatey\lib\sysinternals\tools\psexec" -accepteula -nobanner -i -s -w $($script:OpenSSHBinPath) cmd.exe /c "ssh-add $_" - Add-PermissionToFileACL -FilePath $_.FullName -User "NT Service\sshd" -Perm "Read" - } - }#> Restart-Service sshd -Force #Backup existing known_hosts and replace with test version @@ -255,7 +251,6 @@ function Get-LocalUserProfile .SYNOPSIS This function installs the tools required by our tests 1) Pester for running the tests - 2) sysinternals required by the tests on windows. #> function Install-OpenSSHTestDependencies { @@ -275,11 +270,6 @@ function Install-OpenSSHTestDependencies Write-Log -Message "Installing Pester..." choco install Pester -y --force --limitoutput 2>&1 >> $Script:TestSetupLogFile } - - if ( -not (Test-Path "$env:ProgramData\chocolatey\lib\sysinternals\tools" ) ) { - Write-Log -Message "sysinternals not present. Installing sysinternals." - choco install sysinternals -y --force --limitoutput 2>&1 >> $Script:TestSetupLogFile - } } <# .Synopsis @@ -309,26 +299,30 @@ function Get-UserSID Cleanup-OpenSSHTestEnvironment #> function Cleanup-OpenSSHTestEnvironment -{ +{ + if($Global:OpenSSHTestInfo -eq $null) { + throw "OpenSSHTestInfo is not set. Did you run Setup-OpenSShTestEnvironment?" + } + + $sshBinPath = $Global:OpenSSHTestInfo["OpenSSHBinPath"] + # .exe - Windows specific. TODO - PAL - if (-not (Test-Path (Join-Path $script:OpenSSHBinPath ssh.exe) -PathType Leaf)) + if (-not (Test-Path (Join-Path $sshBinPath ssh.exe) -PathType Leaf)) { Throw "Cannot find OpenSSH binaries under $script:OpenSSHBinPath. " } - + #unregister test host keys from agent - Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*.pub"| % { - $cmd = "cmd /c `"$env:ProgramData\chocolatey\lib\sysinternals\tools\psexec -accepteula -nobanner -s -w $($script:OpenSSHBinPath) ssh-add -d $_ 2> tmp.txt`"" - iex $cmd + Get-ChildItem "$sshBinPath\sshtest*hostkey*.pub"| % { + ssh-add-hostkey.ps1 -Delete_key $_.FullName } - + Remove-Item $sshBinPath\sshtest*hostkey* -Force -ErrorAction SilentlyContinue #Restore sshd_config - $backupConfigPath = Join-Path $Script:OpenSSHBinPath sshd_config.ori + $backupConfigPath = Join-Path $sshBinPath sshd_config.ori if (Test-Path $backupConfigPath -PathType Leaf) { - Copy-Item $backupConfigPath (Join-Path $Script:OpenSSHBinPath sshd_config) -Force -ErrorAction SilentlyContinue - Remove-Item (Join-Path $Script:OpenSSHBinPath sshd_config.ori) -Force -ErrorAction SilentlyContinue - Remove-Item $Script:OpenSSHBinPath\sshtest*hostkey* -Force -ErrorAction SilentlyContinue + Copy-Item $backupConfigPath (Join-Path $sshBinPath sshd_config) -Force -ErrorAction SilentlyContinue + Remove-Item (Join-Path $sshBinPath sshd_config.ori) -Force -ErrorAction SilentlyContinue Restart-Service sshd } diff --git a/contrib/win32/openssh/OpenSSHUtils.psd1 b/contrib/win32/openssh/OpenSSHUtils.psd1 new file mode 100644 index 00000000..bc96eb18 --- /dev/null +++ b/contrib/win32/openssh/OpenSSHUtils.psd1 @@ -0,0 +1,44 @@ +# +# Module manifest for module 'OpenSSHUtils' +# +# Generated on: 6/9/2017 +# + +@{ + +# Script module or binary module file associated with this manifest +ModuleToProcess = 'OpenSSHUtils.psm1' + +# Version number of this module. +ModuleVersion = '1.0.0.1' + +# ID used to uniquely identify this module +GUID = '08285dee-3d08-476b-8948-1a7e2562c079' + +# Author of this module +Author = 'Yanbing Wang' + +# Company or vendor of this module +CompanyName = '' + +# Copyright statement for this module +Copyright = '' + +# Description of the functionality provided by this module +Description = 'Configure OpenSSH for Windows related security settings like file owner and permissions.' + +# Functions to export from this module +FunctionsToExport = '*' + +# Cmdlets to export from this module +CmdletsToExport = '*' + +# Variables to export from this module +VariablesToExport = '*' + +# Aliases to export from this module +AliasesToExport = '*' + +# Minimum version of the Windows PowerShell engine required by this module +PowerShellVersion = '2.0' +} diff --git a/contrib/win32/openssh/OpenSSHUtils.psm1 b/contrib/win32/openssh/OpenSSHUtils.psm1 index 5ffc1e13..8654fa5d 100644 --- a/contrib/win32/openssh/OpenSSHUtils.psm1 +++ b/contrib/win32/openssh/OpenSSHUtils.psm1 @@ -1,61 +1,117 @@ -$systemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM") +Set-StrictMode -Version 2.0 +$systemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM") $adminsAccount = New-Object System.Security.Principal.NTAccount("BUILTIN","Administrators") $currentUser = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN), $($env:USERNAME)) $everyone = New-Object System.Security.Principal.NTAccount("EveryOne") $sshdAccount = New-Object System.Security.Principal.NTAccount("NT SERVICE","sshd") +#Taken from P/Invoke.NET with minor adjustments. + $definition = @' +using System; +using System.Runtime.InteropServices; + +public class AdjPriv +{ + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, + ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); + [DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern IntPtr GetCurrentProcess(); + [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] + internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); + [DllImport("advapi32.dll", SetLastError = true)] + internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); + [StructLayout(LayoutKind.Sequential, Pack = 1)] + internal struct TokPriv1Luid + { + public int Count; + public long Luid; + public int Attr; + } + + internal const int SE_PRIVILEGE_ENABLED = 0x00000002; + internal const int SE_PRIVILEGE_DISABLED = 0x00000000; + internal const int TOKEN_QUERY = 0x00000008; + internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; + public static bool EnablePrivilege(string privilege, bool disable) + { + bool retVal; + TokPriv1Luid tp; + IntPtr hproc = GetCurrentProcess(); + IntPtr htok = IntPtr.Zero; + retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); + tp.Count = 1; + tp.Luid = 0; + if(disable) + { + tp.Attr = SE_PRIVILEGE_DISABLED; + } + else + { + tp.Attr = SE_PRIVILEGE_ENABLED; + } + retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); + retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); + return retVal; + } +} +'@ + +$type = Add-Type $definition -PassThru -ErrorAction SilentlyContinue + <# .Synopsis - Fix-HostSSHDConfigPermissions - fix the file owner and permissions of sshd_config + Repair-SshdConfigPermission + Repair the file owner and Permission of sshd_config #> -function Fix-HostSSHDConfigPermissions +function Repair-SshdConfigPermission { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] - [string]$FilePath, - [switch] $Quiet) + [string]$FilePath) - Fix-FilePermissions -Owners $systemAccount,$adminsAccount -ReadAccessNeeded $sshdAccount @psBoundParameters + Repair-FilePermission -Owners $systemAccount,$adminsAccount -ReadAccessNeeded $sshdAccount @psBoundParameters } <# .Synopsis - Fix-HostKeyPermissions - fix the file owner and permissions of host private and public key + Repair-SshdHostKeyPermission + Repair the file owner and Permission of host private and public key -FilePath: The path of the private host key #> -function Fix-HostKeyPermissions +function Repair-SshdHostKeyPermission { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] - [string]$FilePath, - [switch] $Quiet) - $parameters = $PSBoundParameters - if($parameters["FilePath"].EndsWith(".pub")) + [string]$FilePath) + + if($PSBoundParameters["FilePath"].EndsWith(".pub")) { - $parameters["FilePath"] = $parameters["FilePath"].Replace(".pub", "") + $PSBoundParameters["FilePath"] = $PSBoundParameters["FilePath"].Replace(".pub", "") } - Fix-FilePermissions -Owners $systemAccount,$adminsAccount -ReadAccessNeeded $sshdAccount @psBoundParameters + + Repair-FilePermission -Owners $systemAccount,$adminsAccount -ReadAccessNeeded $sshdAccount @psBoundParameters - $parameters["FilePath"] += ".pub" - Fix-FilePermissions -Owners $systemAccount,$adminsAccount -ReadAccessOK $everyone -ReadAccessNeeded $sshdAccount @parameters + $PSBoundParameters["FilePath"] += ".pub" + Repair-FilePermission -Owners $systemAccount,$adminsAccount -ReadAccessOK $everyone -ReadAccessNeeded $sshdAccount @psBoundParameters } <# .Synopsis - Fix-AuthorizedKeyPermissions - fix the file owner and permissions of authorized_keys + Repair-AuthorizedKeyPermission + Repair the file owner and Permission of authorized_keys #> -function Fix-AuthorizedKeyPermissions +function Repair-AuthorizedKeyPermission { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] - [string]$FilePath, - [switch] $Quiet) + [string]$FilePath) if(-not (Test-Path $FilePath -PathType Leaf)) { @@ -64,14 +120,27 @@ function Fix-AuthorizedKeyPermissions } $fullPath = (Resolve-Path $FilePath).Path $profileListPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" - $profileItem = Get-ChildItem $profileListPath -ErrorAction Ignore | ? { - $fullPath.ToLower().Contains((Get-ItemPropertyValue $_.PSPath -Name ProfileImagePath -ErrorAction Ignore).Tolower()) + $profileItem = Get-ChildItem $profileListPath -ErrorAction SilentlyContinue | ? { + $properties = Get-ItemProperty $_.pspath -ErrorAction SilentlyContinue + $userProfilePath = $null + if($properties) + { + $userProfilePath = $properties.ProfileImagePath + } + $fullPath -ieq "$userProfilePath\.ssh\authorized_keys" } if($profileItem) { $userSid = $profileItem.PSChildName $account = Get-UserAccount -UserSid $userSid - Fix-FilePermissions -Owners $account,$adminsAccount,$systemAccount -AnyAccessOK $account -ReadAccessNeeded $sshdAccount @psBoundParameters + if($account) + { + Repair-FilePermission -Owners $account,$adminsAccount,$systemAccount -AnyAccessOK $account -ReadAccessNeeded $sshdAccount @psBoundParameters + } + else + { + Write-host "Can't translate $userSid to an account. skip checking $fullPath..." -ForegroundColor Yellow + } } else { @@ -81,61 +150,62 @@ function Fix-AuthorizedKeyPermissions <# .Synopsis - Fix-UserKeyPermissions - fix the file owner and permissions of user config + Repair-UserKeyPermission + Repair the file owner and Permission of user config -FilePath: The path of the private user key + -User: The user associated with this ssh config #> -function Fix-UserKeyPermissions +function Repair-UserKeyPermission { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( - [parameter(Mandatory=$true)] + [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, - [switch] $Quiet) + [System.Security.Principal.NTAccount] $User = $currentUser) - $parameters = $PSBoundParameters - if($parameters["FilePath"].EndsWith(".pub")) + if($PSBoundParameters["FilePath"].EndsWith(".pub")) { - $parameters["FilePath"] = $parameters["FilePath"].Replace(".pub", "") + $PSBoundParameters["FilePath"] = $PSBoundParameters["FilePath"].Replace(".pub", "") } - Fix-FilePermissions -Owners $currentUser, $adminsAccount,$systemAccount -AnyAccessOK $currentUser @psBoundParameters + Repair-FilePermission -Owners $User, $adminsAccount,$systemAccount -AnyAccessOK $User @psBoundParameters - $parameters["FilePath"] += ".pub" - Fix-FilePermissions -Owners $currentUser, $adminsAccount,$systemAccount -AnyAccessOK $currentUser -ReadAccessOK $everyone @parameters + $PSBoundParameters["FilePath"] += ".pub" + Repair-FilePermission -Owners $User, $adminsAccount,$systemAccount -AnyAccessOK $User -ReadAccessOK $everyone @psBoundParameters } <# .Synopsis - Fix-UserSSHConfigPermissions - fix the file owner and permissions of user config + Repair-UserSSHConfigPermission + Repair the file owner and Permission of user config #> -function Fix-UserSSHConfigPermissions +function Repair-UserSshConfigPermission { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] - [string]$FilePath, - [switch] $Quiet) - Fix-FilePermissions -Owners $currentUser,$adminsAccount,$systemAccount -AnyAccessOK $currentUser @psBoundParameters + [string]$FilePath) + Repair-FilePermission -Owners $currentUser,$adminsAccount,$systemAccount -AnyAccessOK $currentUser @psBoundParameters } <# .Synopsis - Fix-FilePermissionInternal + Repair-FilePermissionInternal Only validate owner and ACEs of the file #> -function Fix-FilePermissions +function Repair-FilePermission { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( - [parameter(Mandatory=$true)] + [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [ValidateNotNull()] [System.Security.Principal.NTAccount[]] $Owners = $currentUser, [System.Security.Principal.NTAccount[]] $AnyAccessOK, [System.Security.Principal.NTAccount[]] $ReadAccessOK, - [System.Security.Principal.NTAccount[]] $ReadAccessNeeded, - [switch] $Quiet + [System.Security.Principal.NTAccount[]] $ReadAccessNeeded ) if(-not (Test-Path $FilePath -PathType Leaf)) @@ -145,65 +215,65 @@ function Fix-FilePermissions } Write-host " [*] $FilePath" - $return = Fix-FilePermissionInternal @PSBoundParameters + $return = Repair-FilePermissionInternal @PSBoundParameters if($return -contains $true) { #Write-host "Re-check the health of file $FilePath" - Fix-FilePermissionInternal @PSBoundParameters + Repair-FilePermissionInternal @PSBoundParameters } } <# .Synopsis - Fix-FilePermissionInternal + Repair-FilePermissionInternal #> -function Fix-FilePermissionInternal { +function Repair-FilePermissionInternal { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( - [parameter(Mandatory=$true)] + [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [ValidateNotNull()] [System.Security.Principal.NTAccount[]] $Owners = $currentUser, [System.Security.Principal.NTAccount[]] $AnyAccessOK, [System.Security.Principal.NTAccount[]] $ReadAccessOK, - [System.Security.Principal.NTAccount[]] $ReadAccessNeeded, - [switch] $Quiet + [System.Security.Principal.NTAccount[]] $ReadAccessNeeded ) $acl = Get-Acl $FilePath $needChange = $false $health = $true - if ($Quiet) - { - $result = 'Y' - } + $paras = @{} + $PSBoundParameters.GetEnumerator() | % { if((-not $_.key.Contains("Owners")) -and (-not $_.key.Contains("Access"))) { $paras.Add($_.key,$_.Value) } } - if(-not $Owners.Contains([System.Security.Principal.NTAccount]$($acl.Owner))) - { - if (-not $Quiet) { - $warning = "Current owner: '$($acl.Owner)'. '$($Owners[0])' should own $FilePath." - Do { - Write-Warning $warning - $input = Read-Host -Prompt "Shall I set the file owner? [Yes] Y; [No] N (default is `"Y`")" - if([string]::IsNullOrEmpty($input)) - { - $input = 'Y' - } - } until ($input -match "^(y(es)?|N(o)?)$") - $result = $Matches[0] - } - - if($result.ToLower().Startswith('y')) - { - $needChange = $true + $validOwner = $owners | ? { $_.equals([System.Security.Principal.NTAccount]$acl.owner)} + if($validOwner -eq $null) + { + $caption = "Current owner: '$($acl.Owner)'. '$($Owners[0])' should own '$FilePath'." + $prompt = "Shall I set the file owner?" + $description = "Set '$($Owners[0])' as owner of '$FilePath'." + if($pscmdlet.ShouldProcess($description, $prompt, $caption)) + { + Enable-Privilege SeRestorePrivilege | out-null $acl.SetOwner($Owners[0]) - Write-Host "'$($Owners[0])' now owns $FilePath. " -ForegroundColor Green + Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false + if($e) + { + Write-Warning "Set owner failed with error: $($e[0].ToString())." + } + else + { + Write-Host "'$($Owners[0])' now owns '$FilePath'. " -ForegroundColor Green + } } else { $health = $false - Write-Host "The owner is still set to '$($acl.Owner)'." -ForegroundColor Yellow + if(-not $PSBoundParameters.ContainsKey("WhatIf")) + { + Write-Host "The owner is still set to '$($acl.Owner)'." -ForegroundColor Yellow + } } } @@ -219,159 +289,179 @@ function Fix-FilePermissionInternal { #this is orginal list requested by the user, the account will be removed from the list if they already part of the dacl $realReadAccessNeeded = $ReadAccessNeeded + #'APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES'- can't translate fully qualified name. it is a win32 API bug. + #'ALL APPLICATION PACKAGES' exists only on Win2k12 and Win2k16 and 'ALL RESTRICTED APPLICATION PACKAGES' exists only in Win2k16 + $specialIdRefs = "ALL APPLICATION PACKAGES","ALL RESTRICTED APPLICATION PACKAGES" + foreach($a in $acl.Access) { - if(($realAnyAccessOKList -ne $null) -and $realAnyAccessOKList.Contains($a.IdentityReference)) + if($realAnyAccessOKList -and (($realAnyAccessOKList | ? { $_.equals($a.IdentityReference)}) -ne $null)) { #ignore those accounts listed in the AnyAccessOK list. } #If everyone is in the ReadAccessOK list, any user can have read access; # below block make sure they are granted Read access only - elseif($realReadAcessOKList -and (($realReadAcessOKList.Contains($everyone)) -or ` - ($realReadAcessOKList.Contains($a.IdentityReference)))) + elseif($realReadAcessOKList -and ((($realReadAcessOKList | ? { $_.Equals($everyone)}) -ne $null) -or ` + (($realReadAcessOKList | ? { $_.equals($a.IdentityReference)}) -ne $null))) { if($realReadAccessNeeded -and ($a.IdentityReference.Equals($everyone))) { - $realReadAccessNeeded.Clear() + $realReadAccessNeeded=@() } - elseif($realReadAccessNeeded -and $realReadAccessNeeded.Contains($a.IdentityReference)) + elseif($realReadAccessNeeded) { - $realReadAccessNeeded = $realReadAccessNeeded | ? { -not $_.Equals($a.IdentityReference) } + $realReadAccessNeeded = $realReadAccessNeeded | ? { -not $_.Equals($a.IdentityReference) } } if (-not ($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) -or ` (-not (([System.UInt32]$a.FileSystemRights.value__) -band (-bnot $ReadAccessPerm)))) { continue; - } - - $warning = "'$($a.IdentityReference)' has the following access to $($FilePath): '$($a.FileSystemRights)'." + } + if($a.IsInherited) { if($needChange) { - Set-Acl -Path $FilePath -AclObject $acl + Enable-Privilege SeRestorePrivilege | out-null + Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false + if($e) + { + Write-Warning "Repair permission failed with error: $($e[0].ToString())." + } } - - $message = @" -$warning -Need to remove inheritance to fix it. -"@ - - return Remove-RuleProtection -FilePath $FilePath -Message $message -Quiet:$Quiet - } - - if (-not $Quiet) { - Do { - Write-Warning $warning - $input = Read-Host -Prompt "Shall I make it Read only? [Yes] Y; [No] N (default is `"Y`")" - if([string]::IsNullOrEmpty($input)) - { - $input = 'Y' - } - - } until ($input -match "^(y(es)?|N(o)?)$") - $result = $Matches[0] + + return Remove-RuleProtection @paras } + $caption = "'$($a.IdentityReference)' has the following access to '$FilePath': '$($a.FileSystemRights)'." + $prompt = "Shall I make it Read only?" + $description = "Set'$($a.IdentityReference)' Read access only to '$FilePath'. " - if($result.ToLower().Startswith('y')) - { + if($pscmdlet.ShouldProcess($description, $prompt, $caption)) + { $needChange = $true - $sshAce = New-Object System.Security.AccessControl.FileSystemAccessRule ` - ($a.IdentityReference, "Read", "None", "None", "Allow") - $acl.SetAccessRule($sshAce) - Write-Host "'$($a.IdentityReference)' now has Read access to $FilePath. " -ForegroundColor Green + $idRefShortValue = ($a.IdentityReference.Value).split('\')[-1] + if ($specialIdRefs -icontains $idRefShortValue ) + { + $ruleIdentity = Get-UserSID -User (New-Object Security.Principal.NTAccount $idRefShortValue) + if($ruleIdentity) + { + $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` + ($ruleIdentity, "Read", "None", "None", "Allow") + } + else + { + Write-Warning "Can't translate '$idRefShortValue'. " + continue + } + } + else + { + $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` + ($a.IdentityReference, "Read", "None", "None", "Allow") + } + $acl.SetAccessRule($ace) + Write-Host "'$($a.IdentityReference)' now has Read access to '$FilePath'. " -ForegroundColor Green } else { $health = $false - Write-Host "'$($a.IdentityReference)' still has these access to $($FilePath): '$($a.FileSystemRights)'." -ForegroundColor Yellow + if(-not $PSBoundParameters.ContainsKey("WhatIf")) + { + Write-Host "'$($a.IdentityReference)' still has these access to '$FilePath': '$($a.FileSystemRights)'." -ForegroundColor Yellow + } } - } + } #other than AnyAccessOK and ReadAccessOK list, if any other account is allowed, they should be removed from the dacl elseif($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) - { - - $warning = "'$($a.IdentityReference)' should not have access to '$FilePath'. " + { + $caption = "'$($a.IdentityReference)' should not have access to '$FilePath'." if($a.IsInherited) { if($needChange) { - Set-Acl -Path $FilePath -AclObject $acl - } - $message = @" -$warning -Need to remove inheritance to fix it. -"@ - return Remove-RuleProtection -FilePath $FilePath -Message $message -Quiet:$Quiet - } - if (-not $Quiet) { - Do { - Write-Warning $warning - $input = Read-Host -Prompt "Shall I remove this access? [Yes] Y; [No] N (default is `"Y`")" - if([string]::IsNullOrEmpty($input)) + Enable-Privilege SeRestorePrivilege | out-null + Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false + if($e) { - $input = 'Y' - } - } until ($input -match "^(y(es)?|N(o)?)$") - $result = $Matches[0] + Write-Warning "Repair permission failed with error: $($e[0].ToString())." + } + } + return Remove-RuleProtection @paras } - - if($result.ToLower().Startswith('y')) - { + + $prompt = "Shall I remove this access?" + $description = "Remove access rule of '$($a.IdentityReference)' from '$FilePath'." + + if($pscmdlet.ShouldProcess($description, $prompt, "$caption.")) + { $needChange = $true - if(-not ($acl.RemoveAccessRule($a))) + $ace = $a + $idRefShortValue = ($a.IdentityReference.Value).split('\')[-1] + if ($specialIdRefs -icontains $idRefShortValue) + { + $ruleIdentity = Get-UserSID -User (New-Object Security.Principal.NTAccount $idRefShortValue) + if($ruleIdentity) + { + $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` + ($ruleIdentity, $a.FileSystemRights, $a.InheritanceFlags, $a.PropagationFlags, $a.AccessControlType) + } + else + { + Write-Warning "Can't translate '$idRefShortValue'. " + continue + } + } + + if(-not ($acl.RemoveAccessRule($ace))) { - throw "failed to remove access of $($a.IdentityReference) rule to file $FilePath" + Write-Warning "Failed to remove access of '$($a.IdentityReference)' from '$FilePath'." } else { - Write-Host "'$($a.IdentityReference)' has no more access to $FilePath." -ForegroundColor Green + Write-Host "'$($a.IdentityReference)' has no more access to '$FilePath'." -ForegroundColor Green } } else { $health = $false - Write-Host "'$($a.IdentityReference)' still has access to $FilePath." -ForegroundColor Yellow + if(-not $PSBoundParameters.ContainsKey("WhatIf")) + { + Write-Host "'$($a.IdentityReference)' still has access to '$FilePath'." -ForegroundColor Yellow + } } - } + } } #This is the real account list we need to add read access to the file if($realReadAccessNeeded) { $realReadAccessNeeded | % { - if([string]::IsNullOrEmpty((Get-UserSID -User $_))) + if((Get-UserSID -User $_) -eq $null) { - Write-Warning "'$_' needs Read access to $FilePath', but it does not exit on the machine." + Write-Warning "'$_' needs Read access to '$FilePath', but it can't be translated on the machine." } else { - if (-not $Quiet) { - $warning = "'$_' needs Read access to $FilePath'." - Do { - Write-Warning $warning - $input = Read-Host -Prompt "Shall I make the above change? [Yes] Y; [No] N (default is `"Y`")" - if([string]::IsNullOrEmpty($input)) - { - $input = 'Y' - } - } until ($input -match "^(y(es)?|N(o)?)$") - $result = $Matches[0] - } - - if($result.ToLower().Startswith('y')) - { + $caption = "'$_' needs Read access to '$FilePath'." + $prompt = "Shall I make the above change?" + $description = "Set '$_' Read only access to '$FilePath'. " + + if($pscmdlet.ShouldProcess($description, $prompt, $caption)) + { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($_, "Read", "None", "None", "Allow") $acl.AddAccessRule($ace) - Write-Host "'$_' now has Read access to $FilePath. " -ForegroundColor Green + Write-Host "'$_' now has Read access to '$FilePath'." -ForegroundColor Green } else { $health = $false - Write-Host "'$_' does not have Read access to $FilePath." -ForegroundColor Yellow + if(-not $PSBoundParameters.ContainsKey("WhatIf")) + { + Write-Host "'$_' does not have Read access to '$FilePath'." -ForegroundColor Yellow + } } } } @@ -379,15 +469,20 @@ Need to remove inheritance to fix it. if($needChange) { - Set-Acl -Path $FilePath -AclObject $acl + Enable-Privilege SeRestorePrivilege | out-null + Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false + if($e) + { + Write-Warning "Repair permission failed with error: $($e[0].ToString())." + } } if($health) { if ($needChange) { - Write-Host " fixed permissions" -ForegroundColor Yellow + Write-Host " Repaired permissions" -ForegroundColor Yellow } - else + else { Write-Host " looks good" -ForegroundColor Green } @@ -401,36 +496,32 @@ Need to remove inheritance to fix it. #> function Remove-RuleProtection { + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] - [string]$FilePath, - [string]$Message, - [switch] $Quiet + [string]$FilePath ) - if (-not $Quiet) { - Do - { - Write-Warning $Message - $input = Read-Host -Prompt "Shall I remove the inheritace? [Yes] Y; [No] N (default is `"Y`")" - if([string]::IsNullOrEmpty($input)) - { - $input = 'Y' - } - } until ($input -match "^(y(es)?|N(o)?)$") - $result = $Matches[0] - } + $message = "Need to remove the inheritance before repair the rules." + $prompt = "Shall I remove the inheritace?" + $description = "Remove inheritance of '$FilePath'." - if($result.ToLower().Startswith('y')) - { - $acl = Get-ACL $FilePath + if($pscmdlet.ShouldProcess($description, $prompt, $message)) + { + $acl = Get-acl -Path $FilePath $acl.SetAccessRuleProtection($True, $True) - Set-Acl -Path $FilePath -AclObject $acl - Write-Host "inheritance is removed from $FilePath. " -ForegroundColor Green + Enable-Privilege SeRestorePrivilege | out-null + Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false + if($e) + { + Write-Warning "Remove-RuleProtection failed with error: $($e[0].ToString())." + } + + Write-Host "Inheritance is removed from '$FilePath'." -ForegroundColor Green return $true } - else + elseif(-not $PSBoundParameters.ContainsKey("WhatIf")) { - Write-Host "inheritance is not removed from $FilePath. Skip Checking FilePath." -ForegroundColor Yellow + Write-Host "inheritance is not removed from '$FilePath'. Skip Checking FilePath." -ForegroundColor Yellow return $false } } @@ -463,12 +554,34 @@ function Get-UserSID param ([System.Security.Principal.NTAccount]$User) try { - $strSID = $User.Translate([System.Security.Principal.SecurityIdentifier]) - $strSID.Value + $User.Translate([System.Security.Principal.SecurityIdentifier]) } catch { } } +function Enable-Privilege { + param( + #The privilege to adjust. This set is taken from + #http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx + [ValidateSet( + "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", + "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", + "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", + "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", + "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", + "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege", + "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", + "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", + "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", + "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", + "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")] + $Privilege, + # Switch to disable the privilege, rather than enable it. + [Switch] $Disable + ) + + $type[0]::EnablePrivilege($Privilege, $Disable) +} -Export-ModuleMember -Function Fix-HostSSHDConfigPermissions, Fix-HostKeyPermissions, Fix-AuthorizedKeyPermissions, Fix-UserKeyPermissions, Fix-UserSSHConfigPermissions +Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission diff --git a/contrib/win32/openssh/README.txt b/contrib/win32/openssh/README.txt index 97ebd10a..14b40d4d 100644 --- a/contrib/win32/openssh/README.txt +++ b/contrib/win32/openssh/README.txt @@ -7,16 +7,6 @@ The custom paths are: OpenSSH-Src-Path = The directory path of the OpenSSH root source directory (with trailing slash) OpenSSH-Bin-Path = The directory path of the location to which binaries are placed. This is the output of the binary projects OpenSSH-Lib-Path = The directory path of the location to which libraries are placed. This is the output of the libary projects -OpenSSL-Win32-Release-Path = The directory path of OpenSSL statically linked compiled for Win32-Release. This path is used for - include and library paths and for Win32-Release. -OpenSSL-Win32-Debug-Path = The directory path of OpenSSL statically linked compiled for Win32-Debug. This path is used for - include and library paths and for Win32-Debug. -OpenSSL-x64-Release-Path = The directory path of OpenSSL statically linked compiled for x64-Release. This path is used for - include and library paths and for x64-Release. -OpenSSL-x64-Debug-Path = The directory path of OpenSSL statically linked compiled for x64-Debug. This path is used for - include and library paths and for x64-Debug. - - - -The Release/Debug OpenSSL directories output is the standard 'install' output of OpenSSL compiled under Visual Studio 2015 using static c-runtimes. +LibreSSL-x86-Path = The directory path of LibreSSL statically compiled for x86 platform. +LibreSSL-x64-Path = The directory path of LibreSSL statically compiled for x64 platform. diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs index bb5030ec..e049e332 100644 --- a/contrib/win32/openssh/config.h.vs +++ b/contrib/win32/openssh/config.h.vs @@ -189,9 +189,11 @@ /* Define to 1 if you have the `arc4random' function. */ /* #undef HAVE_ARC4RANDOM */ +#define HAVE_ARC4RANDOM 1 /* Define to 1 if you have the `arc4random_buf' function. */ /* #undef HAVE_ARC4RANDOM_BUF */ +#define HAVE_ARC4RANDOM_BUF 1 /* Define to 1 if you have the `arc4random_uniform' function. */ /* #undef HAVE_ARC4RANDOM_UNIFORM */ @@ -1579,20 +1581,8 @@ /* type to use in place of socklen_t if not defined */ /* #undef socklen_t */ #define WIN32_LEAN_AND_MEAN 1 -#define _CRT_SECURE_NO_DEPRECATE 1 -#define _CRT_NONSTDC_NO_DEPRECATE 1 #define WINDOWS 1 -/* Define if you must implement a startup_needs function for your platform */ -#define HAVE_STARTUP_NEEDS 1 - -/* Define if your platform uses Winsock instead of BSD sockets (yeah, there are a lot of platforms like this :) */ -#define HAVE_WINSOCK 1 - -#ifndef WIN32 -#define snprintf _snprintf -#endif - #define BROKEN_READV_COMPARISON /* Override detection of some headers and functions on MinGW */ @@ -1693,10 +1683,7 @@ #define __attribute__(A) -// define building with MS Visual Studio Compiler and runtime and not with MingW/gcc compiler -#define WIN32_VS 1 - -/* disable inclusion of compatability defitnitions in CRT headers */ +/* disable inclusion of compatability definitions in CRT headers */ #define __STDC__ 1 #define umac128_new umac_new diff --git a/contrib/win32/openssh/config.vcxproj b/contrib/win32/openssh/config.vcxproj index 8b824562..67e91879 100644 --- a/contrib/win32/openssh/config.vcxproj +++ b/contrib/win32/openssh/config.vcxproj @@ -102,14 +102,14 @@ Disabled _WIN32_WINNT=0x501;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug Console true - bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h' @@ -120,10 +120,11 @@ copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir) copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir) -copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir) +copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir) copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir) +copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir) If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) - Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, and sshd_config (if not already present) to build directory + Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory @@ -134,14 +135,14 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))Disabled _WIN32_WINNT=0x501;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug Console true - bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h' @@ -152,10 +153,11 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir) copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir) -copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir) +copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir) copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir) +copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir) If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) - Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, and sshd_config (if not already present) to build directory + Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory @@ -168,7 +170,7 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))true _WIN32_WINNT=0x501;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -176,8 +178,8 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))No true true - bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h' @@ -188,10 +190,11 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir) copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir) -copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir) +copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir) copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir) +copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir) If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) - Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, and sshd_config (if not already present) to build directory + Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory @@ -204,7 +207,7 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))true _WIN32_WINNT=0x501;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\includes;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -212,8 +215,8 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))No true true - bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h' @@ -224,10 +227,11 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir) copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir) -copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir) +copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir) copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir) +copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir) If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir)) - Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, and sshd_config (if not already present) to build directory + Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory diff --git a/contrib/win32/openssh/keygen.vcxproj b/contrib/win32/openssh/keygen.vcxproj index ac196225..b4544ec3 100644 --- a/contrib/win32/openssh/keygen.vcxproj +++ b/contrib/win32/openssh/keygen.vcxproj @@ -1,4 +1,4 @@ - + @@ -103,15 +103,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - posix_compat.lib;bcrypt.lib;Netapi32.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -123,15 +123,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - posix_compat.lib;bcrypt.lib;Netapi32.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -145,7 +145,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -153,8 +153,8 @@ true true true - posix_compat.lib;bcrypt.lib;Netapi32.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -169,7 +169,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -177,8 +177,8 @@ true true true - posix_compat.lib;bcrypt.lib;Netapi32.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -194,4 +194,4 @@ - + \ No newline at end of file diff --git a/contrib/win32/openssh/libssh.vcxproj b/contrib/win32/openssh/libssh.vcxproj index 10192175..795c49b1 100644 --- a/contrib/win32/openssh/libssh.vcxproj +++ b/contrib/win32/openssh/libssh.vcxproj @@ -97,7 +97,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) false MultiThreadedDebug CompileAsC @@ -115,7 +115,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) false MultiThreadedDebug CompileAsC @@ -135,7 +135,7 @@ true _WIN32_WINNT=0x600;WIN32;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -154,7 +154,7 @@ true _WIN32_WINNT=0x600;WIN32;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true diff --git a/contrib/win32/openssh/libssh.vcxproj.filters b/contrib/win32/openssh/libssh.vcxproj.filters index d5dd5dd5..61748127 100644 --- a/contrib/win32/openssh/libssh.vcxproj.filters +++ b/contrib/win32/openssh/libssh.vcxproj.filters @@ -86,7 +86,286 @@ - - + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + \ No newline at end of file diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj b/contrib/win32/openssh/openbsd_compat.vcxproj index 198ae3dc..314042f1 100644 --- a/contrib/win32/openssh/openbsd_compat.vcxproj +++ b/contrib/win32/openssh/openbsd_compat.vcxproj @@ -30,6 +30,7 @@ + @@ -62,6 +63,7 @@ + @@ -195,7 +197,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase @@ -211,7 +213,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase @@ -229,7 +231,7 @@ true _LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x600;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) MultiThreaded @@ -248,7 +250,7 @@ true _LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x600;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories) MultiThreaded true diff --git a/contrib/win32/openssh/paths.targets b/contrib/win32/openssh/paths.targets index 5aa3d002..978d0e90 100644 --- a/contrib/win32/openssh/paths.targets +++ b/contrib/win32/openssh/paths.targets @@ -4,11 +4,9 @@ $(SolutionDir)..\..\..\ $(SolutionDir)..\..\..\bin\ $(SolutionDir)lib\ - $(SolutionDir)\OpenSSLSDK\1.0.2d - $(SolutionDir)\OpenSSLSDK\1.0.2d\Win32\Release\ - $(SolutionDir)\OpenSSLSDK\1.0.2d\Win32\Debug\ - $(SolutionDir)\OpenSSLSDK\1.0.2d\x64\Release\ - $(SolutionDir)\OpenSSLSDK\1.0.2d\x64\Debug\ - + $(SolutionDir)\LibreSSLSDK\ + $(SolutionDir)\LibreSSLSDK\x86\ + $(SolutionDir)\LibreSSLSDK\x64\ + \ No newline at end of file diff --git a/contrib/win32/openssh/scp.vcxproj b/contrib/win32/openssh/scp.vcxproj index 1a473315..c82f2452 100644 --- a/contrib/win32/openssh/scp.vcxproj +++ b/contrib/win32/openssh/scp.vcxproj @@ -1,4 +1,4 @@ - + @@ -111,14 +111,14 @@ Disabled _WIN32_WINNT=0x501;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -130,14 +130,14 @@ Disabled _WIN32_WINNT=0x501;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -151,7 +151,7 @@ true _WIN32_WINNT=0x501;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -159,8 +159,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -175,7 +175,7 @@ true _WIN32_WINNT=0x501;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -183,8 +183,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -192,4 +192,4 @@ - + \ No newline at end of file diff --git a/contrib/win32/openssh/sftp-server.vcxproj b/contrib/win32/openssh/sftp-server.vcxproj index d08af445..19262e86 100644 --- a/contrib/win32/openssh/sftp-server.vcxproj +++ b/contrib/win32/openssh/sftp-server.vcxproj @@ -112,15 +112,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -132,15 +132,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -154,7 +154,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -162,8 +162,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -178,7 +178,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -186,8 +186,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup true diff --git a/contrib/win32/openssh/sftp.vcxproj b/contrib/win32/openssh/sftp.vcxproj index c7ffb6da..99414a63 100644 --- a/contrib/win32/openssh/sftp.vcxproj +++ b/contrib/win32/openssh/sftp.vcxproj @@ -1,4 +1,4 @@ - + @@ -115,15 +115,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -135,15 +135,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -157,7 +157,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -165,8 +165,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -181,7 +181,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -189,8 +189,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -198,4 +198,4 @@ - + \ No newline at end of file diff --git a/contrib/win32/openssh/ssh-add-hostkey.ps1 b/contrib/win32/openssh/ssh-add-hostkey.ps1 new file mode 100644 index 00000000..ab03f274 --- /dev/null +++ b/contrib/win32/openssh/ssh-add-hostkey.ps1 @@ -0,0 +1,96 @@ +<# + Author: manoj.ampalam@microsoft.com + + Description: ssh-add.exe like Powershell utility to do host key management. + Input parameter mimic ssh-add.exe cmdline arguments. + + Host keys on Windows need to be registered as SYSTEM (i.e ssh-add.exe would + need to run as SYSTEM while talking to ssh-agent). This typically requires + an external utility like psexec. + + This script tries to use the Task scheduler option: + - registers a task scheduler task to run ssh-add.exe operation as SYSTEM + - actual output of ssh-add.exe is written to file (both stdout and stderr) + - Dumps the file contents to console + +#> + +# see https://linux.die.net/man/1/ssh-add for what the arguments mean +[CmdletBinding(DefaultParameterSetName='Add_key')] +Param( + [Parameter(ParameterSetName="List_fingerprints")] + [switch]$List_fingerprints, #ssh-add -l + [Parameter(ParameterSetName="List_pubkeys")] + [switch]$List_pubkeys, #ssh-add -L + [Parameter(ParameterSetName="Delete_key")] + [switch]$Delete_key, #ssh-add -d + [Parameter(ParameterSetName="Delete_all")] + [switch]$Delete_all, #ssh-add -D + [Parameter(Mandatory, Position=0, ParameterSetName="Delete_key")] + [Parameter(Mandatory, Position=0, ParameterSetName="Add_key")] + [ValidateNotNullOrEmpty()] + [string]$key +) + +$ssh_add_cmd = get-command ssh-add.exe -ErrorAction Ignore +if($ssh_add_cmd -eq $null) +{ + Throw "Cannot find ssh-add.exe." +} + +#create ssh-add cmdlinet +$ssh_add_cmd_str = $ssh_add_cmd.Path +if ($List_fingerprints) { $ssh_add_cmd_str += " -l" } +elseif ($List_pubkeys) { $ssh_add_cmd_str += " -L" } +elseif ($Delete_key) { $ssh_add_cmd_str += " -d $key" } +elseif ($Delete_all) { $ssh_add_cmd_str += " -D" } +else +{ + if ( ($key.Length -gt 0) -and (-not($key.Contains("host"))) ) { + Do { + $input = Read-Host -Prompt "Are you sure the provided key is a host key? [Yes] Y; [No] N (default is `"Y`")" + if([string]::IsNullOrEmpty($input)) + { + $input = 'Y' + } + } until ($input -match "^(y(es)?|N(o)?)$") + $result = $Matches[0] + if (-not($result.ToLower().Startswith('y'))) { exit } + } + $ssh_add_cmd_str += " $key" +} + +#globals +$taskfolder = "\OpenSSHUtils\hostkey_tasks\" +$taskname = "hostkey_task" +$ssh_add_output = Join-Path (pwd).Path "ssh-add-hostkey-tmp.txt" +$task_argument = "/c `"$ssh_add_cmd_str > $ssh_add_output 2>&1 `"" + +#create TaskScheduler task +$ac = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $task_argument -WorkingDirectory (pwd).path +$task = Register-ScheduledTask -TaskName $taskname -User System -Action $ac -TaskPath $taskfolder -Force + +#run the task +if (Test-Path $ssh_add_output) {Remove-Item $ssh_add_output -Force} +Start-ScheduledTask -TaskPath $taskfolder -TaskName $taskname + +#if still running, wait a little while for task to complete +$num = 0 +while ((Get-ScheduledTask -TaskName $taskname -TaskPath $taskfolder).State -eq "Running") +{ + sleep 1 + $num++ + if($num -gt 20) { break } +} +if (-not(Test-Path $ssh_add_output)) {throw "cannot find task output file. Something went WRONG!!! "} + +#dump output to console +Get-Content $ssh_add_output + +#cleanup task and output file +Remove-Item $ssh_add_output -Force +Unregister-ScheduledTask -TaskPath $taskfolder -TaskName $taskname -Confirm:$false + + + + diff --git a/contrib/win32/openssh/ssh-add.vcxproj b/contrib/win32/openssh/ssh-add.vcxproj index 8ed9e906..0d5c01c3 100644 --- a/contrib/win32/openssh/ssh-add.vcxproj +++ b/contrib/win32/openssh/ssh-add.vcxproj @@ -113,15 +113,15 @@ Disabled _WIN32_WINNT=0x501;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - posix_compat.lib;Netapi32.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -133,15 +133,15 @@ Disabled _WIN32_WINNT=0x501;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - posix_compat.lib;Netapi32.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x501;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - posix_compat.lib;Netapi32.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -179,7 +179,7 @@ true _WIN32_WINNT=0x501;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -187,8 +187,8 @@ true true true - posix_compat.lib;Netapi32.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) wmainCRTStartup true diff --git a/contrib/win32/openssh/ssh-agent.vcxproj b/contrib/win32/openssh/ssh-agent.vcxproj index cc29c3ad..6bb7e464 100644 --- a/contrib/win32/openssh/ssh-agent.vcxproj +++ b/contrib/win32/openssh/ssh-agent.vcxproj @@ -104,9 +104,9 @@ NotUsing Level1 Disabled - _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;Crypt32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;Userenv.lib;Crypt32.lib;%(AdditionalDependencies) targetos.manifest @@ -127,9 +127,9 @@ NotUsing Level1 Disabled - _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey CompileAsC MultiThreadedDebug ProgramDatabase @@ -137,8 +137,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;Crypt32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;Userenv.lib;Crypt32.lib;%(AdditionalDependencies) targetos.manifest @@ -151,9 +151,9 @@ MaxSpeed true true - _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey MultiThreaded @@ -161,8 +161,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;Crypt32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;Userenv.lib;Crypt32.lib;%(AdditionalDependencies) true @@ -176,9 +176,9 @@ MaxSpeed true true - _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey MultiThreaded true @@ -187,8 +187,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;Crypt32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;Userenv.lib;Crypt32.lib;%(AdditionalDependencies) true diff --git a/contrib/win32/openssh/ssh-keyscan.vcxproj b/contrib/win32/openssh/ssh-keyscan.vcxproj index dcdff7fb..430e6456 100644 --- a/contrib/win32/openssh/ssh-keyscan.vcxproj +++ b/contrib/win32/openssh/ssh-keyscan.vcxproj @@ -102,15 +102,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -124,15 +124,15 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) wmainCRTStartup @@ -148,7 +148,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -156,8 +156,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) wmainCRTStartup true @@ -174,7 +174,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded false @@ -183,8 +183,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) wmainCRTStartup true diff --git a/contrib/win32/openssh/ssh-shellhost.vcxproj b/contrib/win32/openssh/ssh-shellhost.vcxproj index dbcec368..25c1d0bb 100644 --- a/contrib/win32/openssh/ssh-shellhost.vcxproj +++ b/contrib/win32/openssh/ssh-shellhost.vcxproj @@ -104,7 +104,7 @@ Level1 Disabled - _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) false @@ -115,7 +115,7 @@ Console true openbsd_compat.lib;kernel32.lib;user32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) @@ -124,7 +124,7 @@ Level3 Disabled - _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) false @@ -135,7 +135,7 @@ Console true openbsd_compat.lib;kernel32.lib;user32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) @@ -146,7 +146,7 @@ MaxSpeed true true - _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false @@ -158,7 +158,7 @@ true true openbsd_compat.lib;kernel32.lib;user32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) true @@ -170,7 +170,7 @@ MaxSpeed true true - _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false @@ -183,7 +183,7 @@ true openbsd_compat.lib;kernel32.lib;user32.lib;%(AdditionalDependencies) true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) diff --git a/contrib/win32/openssh/ssh.vcxproj b/contrib/win32/openssh/ssh.vcxproj index c6d08333..144130f4 100644 --- a/contrib/win32/openssh/ssh.vcxproj +++ b/contrib/win32/openssh/ssh.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -130,7 +130,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -138,8 +138,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup true @@ -181,7 +181,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -190,8 +190,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup true diff --git a/contrib/win32/openssh/sshd.vcxproj b/contrib/win32/openssh/sshd.vcxproj index 20138100..20614082 100644 --- a/contrib/win32/openssh/sshd.vcxproj +++ b/contrib/win32/openssh/sshd.vcxproj @@ -103,15 +103,15 @@ Disabled _WIN32_WINNT=0x600;WIN32_ZLIB_NO;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) MultiplyDefinedSymbolOnly wmainCRTStartup @@ -127,15 +127,15 @@ Disabled _WIN32_WINNT=0x600;WIN32_ZLIB_NO;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreadedDebug ProgramDatabase Console true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) MultiplyDefinedSymbolOnly wmainCRTStartup @@ -153,7 +153,7 @@ true _WIN32_WINNT=0x600;WIN32_ZLIB_NO;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -161,8 +161,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) MultiplyDefinedSymbolOnly wmainCRTStartup true @@ -181,7 +181,7 @@ true _WIN32_WINNT=0x600;WIN32_ZLIB_NO;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded false @@ -190,8 +190,8 @@ true true true - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) MultiplyDefinedSymbolOnly wmainCRTStartup true diff --git a/contrib/win32/openssh/unittest-bitmap.vcxproj b/contrib/win32/openssh/unittest-bitmap.vcxproj index 0eb327c5..b6d4f6b1 100644 --- a/contrib/win32/openssh/unittest-bitmap.vcxproj +++ b/contrib/win32/openssh/unittest-bitmap.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -130,7 +130,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -138,8 +138,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -180,7 +180,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -189,8 +189,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-hostkeys.vcxproj b/contrib/win32/openssh/unittest-hostkeys.vcxproj index bea0a5ef..870afc5f 100644 --- a/contrib/win32/openssh/unittest-hostkeys.vcxproj +++ b/contrib/win32/openssh/unittest-hostkeys.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -133,7 +133,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -141,8 +141,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -161,7 +161,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -169,8 +169,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -189,7 +189,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -198,8 +198,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-kex.vcxproj b/contrib/win32/openssh/unittest-kex.vcxproj index fa3ef685..a8e3dc07 100644 --- a/contrib/win32/openssh/unittest-kex.vcxproj +++ b/contrib/win32/openssh/unittest-kex.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -130,7 +130,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -138,8 +138,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -180,7 +180,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -189,8 +189,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-match.vcxproj b/contrib/win32/openssh/unittest-match.vcxproj index e0588ee7..f0a9103a 100644 --- a/contrib/win32/openssh/unittest-match.vcxproj +++ b/contrib/win32/openssh/unittest-match.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -130,7 +130,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -138,8 +138,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -180,7 +180,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -189,8 +189,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-sshbuf.vcxproj b/contrib/win32/openssh/unittest-sshbuf.vcxproj index 636637c4..fd28ec07 100644 --- a/contrib/win32/openssh/unittest-sshbuf.vcxproj +++ b/contrib/win32/openssh/unittest-sshbuf.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -130,7 +130,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -138,8 +138,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -180,7 +180,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -189,8 +189,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-sshkey.vcxproj b/contrib/win32/openssh/unittest-sshkey.vcxproj index 09271046..1f26481b 100644 --- a/contrib/win32/openssh/unittest-sshkey.vcxproj +++ b/contrib/win32/openssh/unittest-sshkey.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -133,7 +133,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -141,8 +141,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -161,7 +161,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -169,8 +169,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -189,7 +189,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -198,8 +198,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-utf8.vcxproj b/contrib/win32/openssh/unittest-utf8.vcxproj index d6cb3b27..88f41575 100644 --- a/contrib/win32/openssh/unittest-utf8.vcxproj +++ b/contrib/win32/openssh/unittest-utf8.vcxproj @@ -106,7 +106,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -115,8 +115,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -130,7 +130,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -138,8 +138,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -155,7 +155,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -163,8 +163,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -180,7 +180,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -189,8 +189,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libcrypto-41.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/unittest-win32compat.vcxproj b/contrib/win32/openssh/unittest-win32compat.vcxproj index 6a66f94c..390afa7c 100644 --- a/contrib/win32/openssh/unittest-win32compat.vcxproj +++ b/contrib/win32/openssh/unittest-win32compat.vcxproj @@ -119,7 +119,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -128,8 +128,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -143,7 +143,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_UNICODE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -151,8 +151,8 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -168,7 +168,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -176,8 +176,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup @@ -193,7 +193,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -202,8 +202,8 @@ true true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) - Netapi32.lib;posix_compat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories) + posix_compat.lib;libssh.lib;openbsd_compat.lib;libcrypto-41.lib;Ws2_32.lib;Netapi32.lib;Secur32.lib;%(AdditionalDependencies) wmainCRTStartup diff --git a/contrib/win32/openssh/version.rc b/contrib/win32/openssh/version.rc index dbb7b504aa2d135df599b074e264c520a1861c52..7b37b2b4fdf0ef25f78455361d0b669a948831e5 100644 GIT binary patch delta 44 ucmaDP|44qr6b?qS$x}Iu8O=7IDisabled - USE_MSCNG;_WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + USE_MSCNG;_WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) true EnableFastChecks MultiThreadedDebug @@ -105,11 +105,11 @@ Disabled - USE_MSCNG;_WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + USE_MSCNG;_WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebug NotUsing - Level1 + Level3 ProgramDatabase false @@ -118,7 +118,7 @@ - _LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;USE_MSCNG;_WIN32_WINNT=0x600;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) + _LIB;USE_MSCNG;_WIN32_WINNT=0x600;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) MultiThreaded NotUsing Level1 @@ -130,7 +130,7 @@ - _LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;USE_MSCNG;_WIN32_WINNT=0x600;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) + _LIB;USE_MSCNG;_WIN32_WINNT=0x600;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) MultiThreaded NotUsing Level1 diff --git a/contrib/win32/win32compat/Debug.h b/contrib/win32/win32compat/Debug.h index fd470313..a9902308 100644 --- a/contrib/win32/win32compat/Debug.h +++ b/contrib/win32/win32compat/Debug.h @@ -1,5 +1,12 @@ #pragma once +void fatal(const char *, ...); +void error(const char *, ...); +void verbose(const char *, ...); +void debug(const char *, ...); +void debug2(const char *, ...); +void debug3(const char *, ...); + /* Enable the following for verbose logging */ #if (0) #define debug4 debug2 diff --git a/contrib/win32/win32compat/ansiprsr.c b/contrib/win32/win32compat/ansiprsr.c index e5344e8c..68457495 100644 --- a/contrib/win32/win32compat/ansiprsr.c +++ b/contrib/win32/win32compat/ansiprsr.c @@ -166,8 +166,6 @@ unsigned char* ParseBuffer(unsigned char* pszBuffer, unsigned char* pszBufferEnd, unsigned char **respbuf, size_t *resplen) { int currentX; - int currentY; - int bufLen, cmpLen, i; if (!fcompletion) { if (pszBuffer < pszBufferEnd - 1) { diff --git a/contrib/win32/win32compat/ansiprsr.h b/contrib/win32/win32compat/ansiprsr.h index 4993ffa4..a35a107b 100644 --- a/contrib/win32/win32compat/ansiprsr.h +++ b/contrib/win32/win32compat/ansiprsr.h @@ -41,6 +41,7 @@ unsigned char * ParseBuffer(unsigned char* pszBuffer, unsigned char* pszBufferEnd, unsigned char **respbuf, size_t *resplen); unsigned char * GetNextChar(unsigned char * pszBuffer, unsigned char *pszBufferEnd); unsigned char * ParseANSI(unsigned char * pszBuffer, unsigned char * pszBufferEnd, unsigned char **respbuf, size_t *resplen); +void GoToNextLine(); #define true TRUE #define false FALSE diff --git a/contrib/win32/win32compat/console.c b/contrib/win32/win32compat/console.c index 411942e7..fdd51d2a 100644 --- a/contrib/win32/win32compat/console.c +++ b/contrib/win32/win32compat/console.c @@ -35,8 +35,11 @@ #include #include #include +#include +#include "debug.h" #include "console.h" +#include "ansiprsr.h" HANDLE hOutputConsole = NULL; DWORD dwSavedAttributes = 0; @@ -72,16 +75,12 @@ char *consoleTitle = "OpenSSH SSH client"; int ConEnterRawMode(DWORD OutputHandle, BOOL fSmartInit) { - OSVERSIONINFO os; DWORD dwAttributes = 0; DWORD dwRet = 0; BOOL bRet = FALSE; CONSOLE_SCREEN_BUFFER_INFO csbi; static bool bFirstConInit = true; - os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - GetVersionEx(&os); - hOutputConsole = GetStdHandle(OutputHandle); if (hOutputConsole == INVALID_HANDLE_VALUE) { dwRet = GetLastError(); @@ -117,8 +116,13 @@ ConEnterRawMode(DWORD OutputHandle, BOOL fSmartInit) dwAttributes |= (DWORD)ENABLE_VIRTUAL_TERMINAL_PROCESSING; - if (NULL != getenv("SSH_TERM_CONHOST_PARSER")) - isConHostParserEnabled = atoi(getenv("SSH_TERM_CONHOST_PARSER")); + char *envValue = NULL; + _dupenv_s(&envValue, NULL, "SSH_TERM_CONHOST_PARSER"); + + if (NULL != envValue) { + isConHostParserEnabled = atoi(envValue); + free(envValue); + } /* We use our custom ANSI parser when * a) User sets the environment variable "SSH_TERM_CONHOST_PARSER" to 0 @@ -1077,6 +1081,7 @@ ConMoveVisibleWindow(int offset) CONSOLE_SCREEN_BUFFER_INFO consoleInfo; SMALL_RECT visibleWindowRect; + memset(&visibleWindowRect, 0, sizeof(SMALL_RECT)); if (GetConsoleScreenBufferInfo(hOutputConsole, &consoleInfo)) { /* Check if applying the offset results in console buffer overflow. * if yes, then scrolldown the console buffer. @@ -1087,6 +1092,10 @@ ConMoveVisibleWindow(int offset) if (GetConsoleScreenBufferInfo(hOutputConsole, &consoleInfo)) memcpy(&visibleWindowRect, &consoleInfo.srWindow, sizeof(visibleWindowRect)); + else { + error("GetConsoleScreenBufferInfo failed with %d", GetLastError()); + return; + } } else { memcpy(&visibleWindowRect, &consoleInfo.srWindow, sizeof(visibleWindowRect)); visibleWindowRect.Top += offset; @@ -1329,6 +1338,9 @@ ConSaveScreenHandle(SCREEN_HANDLE hScreen) if (pScreenRec == NULL) { pScreenRec = (PSCREEN_RECORD)malloc(sizeof(SCREEN_RECORD)); + if (pScreenRec == NULL) + fatal("out of memory"); + pScreenRec->pScreenBuf = NULL; } @@ -1583,10 +1595,12 @@ get_console_handle(FILE *stream, DWORD * mode) if (file_num == -1) { return INVALID_HANDLE_VALUE; } + lHandle = _get_osfhandle(file_num); if (lHandle == -1 && errno == EBADF) { return INVALID_HANDLE_VALUE; } + type = GetFileType((HANDLE)lHandle); if (type == FILE_TYPE_CHAR && file_num >= 0 && file_num <= 2) { if (file_num == 0) diff --git a/contrib/win32/win32compat/fileio.c b/contrib/win32/win32compat/fileio.c index 6245dba9..de9fbe87 100644 --- a/contrib/win32/win32compat/fileio.c +++ b/contrib/win32/win32compat/fileio.c @@ -116,7 +116,7 @@ fileio_connect(struct w32_io* pio, char* name) wchar_t* name_w = NULL; wchar_t pipe_name[PATH_MAX]; HANDLE h = INVALID_HANDLE_VALUE; - int ret = 0; + int ret = 0, r; if (pio->handle != 0 && pio->handle != INVALID_HANDLE_VALUE) { debug3("fileio_connect called in unexpected state, pio = %p", pio); @@ -129,17 +129,27 @@ fileio_connect(struct w32_io* pio, char* name) errno = ENOMEM; return -1; } - _snwprintf(pipe_name, PATH_MAX, L"\\\\.\\pipe\\%ls", name_w); - h = CreateFileW(pipe_name, GENERIC_READ | GENERIC_WRITE, 0, - NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); + r = _snwprintf_s(pipe_name, PATH_MAX, PATH_MAX, L"\\\\.\\pipe\\%ls", name_w); + if (r < 0 || r >= PATH_MAX) { + debug3("cannot create pipe name with %s", name); + errno = EOTHER; + return -1; + } + + + do { + h = CreateFileW(pipe_name, GENERIC_READ | GENERIC_WRITE, 0, + NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED | SECURITY_SQOS_PRESENT | SECURITY_IDENTIFICATION, NULL); + + if (h != INVALID_HANDLE_VALUE) + break; + if (GetLastError() != ERROR_PIPE_BUSY) + break; - /* TODO - support nonblocking connect */ - /* wait until we have a server pipe instance to connect */ - while (h == INVALID_HANDLE_VALUE && GetLastError() == ERROR_PIPE_BUSY) { debug4("waiting for agent connection, retrying after 1 sec"); if ((ret = wait_for_any_event(NULL, 0, 1000) != 0) != 0) goto cleanup; - } + } while(1); if (h == INVALID_HANDLE_VALUE) { debug3("unable to connect to pipe %ls, error: %d", name_w, GetLastError()); @@ -157,7 +167,7 @@ fileio_connect(struct w32_io* pio, char* name) } pio->handle = h; - h = NULL; + h = INVALID_HANDLE_VALUE; cleanup: if (name_w) @@ -333,7 +343,8 @@ createFile_flags_setup(int flags, u_short mode, struct createFile_flags* cf_flag switch (rwflags) { case O_RDONLY: cf_flags->dwDesiredAccess = GENERIC_READ; - cf_flags->dwShareMode = FILE_SHARE_READ; + /* refer to https://msdn.microsoft.com/en-us/library/windows/desktop/aa363874(v=vs.85).aspx */ + cf_flags->dwShareMode = FILE_SHARE_READ | FILE_SHARE_WRITE; break; case O_WRONLY: cf_flags->dwDesiredAccess = GENERIC_WRITE; @@ -355,7 +366,7 @@ createFile_flags_setup(int flags, u_short mode, struct createFile_flags* cf_flag if (c_s_flags & O_APPEND) cf_flags->dwDesiredAccess = FILE_APPEND_DATA; - cf_flags->dwFlagsAndAttributes = FILE_FLAG_OVERLAPPED | SECURITY_IMPERSONATION | FILE_FLAG_BACKUP_SEMANTICS; + cf_flags->dwFlagsAndAttributes = FILE_FLAG_OVERLAPPED | FILE_FLAG_BACKUP_SEMANTICS; /*map mode*/ if ((pwd = getpwuid(0)) == NULL) @@ -526,11 +537,12 @@ fileio_ReadFileEx(struct w32_io* pio, unsigned int bytes_requested) /* read() implementation */ int -fileio_read(struct w32_io* pio, void *dst, unsigned int max) +fileio_read(struct w32_io* pio, void *dst, size_t max_bytes) { int bytes_copied; debug5("read - io:%p remaining:%d", pio, pio->read_details.remaining); + /* if read is pending */ if (pio->read_details.pending) { if (w32_io_is_blocking(pio)) { @@ -550,7 +562,7 @@ fileio_read(struct w32_io* pio, void *dst, unsigned int max) if (-1 == syncio_initiate_read(pio)) return -1; } else { - if (-1 == fileio_ReadFileEx(pio, max)) { + if (-1 == fileio_ReadFileEx(pio, (int)max_bytes)) { if ((FILETYPE(pio) == FILE_TYPE_PIPE) && (errno == ERROR_BROKEN_PIPE)) { /* write end of the pipe closed */ @@ -600,7 +612,7 @@ fileio_read(struct w32_io* pio, void *dst, unsigned int max) return -1; } - bytes_copied = min(max, pio->read_details.remaining); + bytes_copied = min((DWORD)max_bytes, pio->read_details.remaining); memcpy(dst, pio->read_details.buf + pio->read_details.completed, bytes_copied); pio->read_details.remaining -= bytes_copied; pio->read_details.completed += bytes_copied; @@ -633,7 +645,7 @@ WriteCompletionRoutine(_In_ DWORD dwErrorCode, /* write() implementation */ int -fileio_write(struct w32_io* pio, const void *buf, unsigned int max) +fileio_write(struct w32_io* pio, const void *buf, size_t max_bytes) { int bytes_copied; DWORD pipe_flags = 0, pipe_instances = 0; @@ -673,7 +685,7 @@ fileio_write(struct w32_io* pio, const void *buf, unsigned int max) pio->write_details.buf_size = WRITE_BUFFER_SIZE; } - bytes_copied = min(max, pio->write_details.buf_size); + bytes_copied = min((int)max_bytes, pio->write_details.buf_size); memcpy(pio->write_details.buf, buf, bytes_copied); if (pio->type == NONSOCK_SYNC_FD || FILETYPE(pio) == FILE_TYPE_CHAR) { @@ -756,7 +768,7 @@ fileio_stat(const char *path, struct _stat64 *buf) } if ((wpath = utf8_to_utf16(path)) == NULL) { - errno = errno_from_Win32LastError(); + errno = ENOMEM; debug3("utf8_to_utf16 failed for file:%s error:%d", path, GetLastError()); return -1; } @@ -767,7 +779,7 @@ fileio_stat(const char *path, struct _stat64 *buf) goto cleanup; } - len = wcslen(wpath); + len = (int)wcslen(wpath); buf->st_ino = 0; /* Has no meaning in the FAT, HPFS, or NTFS file systems*/ buf->st_gid = 0; /* UNIX - specific; has no meaning on windows */ diff --git a/contrib/win32/win32compat/inc/string.h b/contrib/win32/win32compat/inc/string.h index 4141b746..21dd92fb 100644 --- a/contrib/win32/win32compat/inc/string.h +++ b/contrib/win32/win32compat/inc/string.h @@ -7,4 +7,7 @@ #define strncasecmp _strnicmp char *w32_strerror(int); #define strerror w32_strerror -#define strdup _strdup \ No newline at end of file +#define strdup _strdup +#define ERROR_MSG_MAXLEN 94 /* https://msdn.microsoft.com/en-us/library/51sah927.aspx */ + +static char errorBuf[ERROR_MSG_MAXLEN]; \ No newline at end of file diff --git a/contrib/win32/win32compat/inc/unistd.h b/contrib/win32/win32compat/inc/unistd.h index 493cafeb..688caae9 100644 --- a/contrib/win32/win32compat/inc/unistd.h +++ b/contrib/win32/win32compat/inc/unistd.h @@ -4,6 +4,7 @@ * POSIX header and needed function definitions */ #pragma once +#include #include "sys\types.h" #include "fcntl.h" @@ -21,7 +22,7 @@ int w32_pipe(int *pfds); int w32_read(int fd, void *dst, size_t max); #define write w32_write -int w32_write(int fd, const void *buf, unsigned int max); +int w32_write(int fd, const void *buf, size_t max); #define writev w32_writev int w32_writev(int fd, const struct iovec *iov, int iovcnt); @@ -78,7 +79,7 @@ int daemon(int nochdir, int noclose); char *crypt(const char *key, const char *salt); int link(const char *oldpath, const char *newpath); int readlink(const char *path, char *link, int linklen); -int spawn_child(char*, char**, int, int, int, DWORD); +int spawn_child(char*, char**, int, int, int, unsigned long); /* * readpassphrase.h definitions diff --git a/contrib/win32/win32compat/misc.c b/contrib/win32/win32compat/misc.c index 1a1639b3..f016eaaa 100644 --- a/contrib/win32/win32compat/misc.c +++ b/contrib/win32/win32compat/misc.c @@ -32,6 +32,7 @@ #include #include #include +#include #include "inc\unistd.h" #include "inc\sys\stat.h" @@ -46,6 +47,8 @@ #include "inc\utf.h" #include "signal_internal.h" #include "debug.h" +#include "w32fd.h" +#include "inc\string.h" static char* s_programdir = NULL; @@ -266,22 +269,24 @@ w32_fopen_utf8(const char *path, const char *mode) return NULL; } - f = _wfopen(wpath, wmode); - if (f) { - /* BOM adjustments for file streams*/ - if (mode[0] == 'w' && fseek(f, 0, SEEK_SET) != EBADF) { - /* write UTF-8 BOM - should we ?*/ - /*if (fwrite(utf8_bom, sizeof(utf8_bom), 1, f) != 1) { - fclose(f); - return NULL; - }*/ - - } else if (mode[0] == 'r' && fseek(f, 0, SEEK_SET) != EBADF) { - /* read out UTF-8 BOM if present*/ - if (fread(first3_bytes, 3, 1, f) != 1 || - memcmp(first3_bytes, utf8_bom, 3) != 0) { - fseek(f, 0, SEEK_SET); - } + if ((_wfopen_s(&f, wpath, wmode) != 0) || (f == NULL)) { + debug3("Failed to open file:%s error:%d", path, errno); + return NULL; + } + + /* BOM adjustments for file streams*/ + if (mode[0] == 'w' && fseek(f, 0, SEEK_SET) != EBADF) { + /* write UTF-8 BOM - should we ?*/ + /*if (fwrite(utf8_bom, sizeof(utf8_bom), 1, f) != 1) { + fclose(f); + return NULL; + }*/ + + } else if (mode[0] == 'r' && fseek(f, 0, SEEK_SET) != EBADF) { + /* read out UTF-8 BOM if present*/ + if (fread(first3_bytes, 3, 1, f) != 1 || + memcmp(first3_bytes, utf8_bom, 3) != 0) { + fseek(f, 0, SEEK_SET); } } @@ -334,7 +339,7 @@ char* if((actual_read + strlen(str_tmp)) >= n) break; memcpy(cp, str_tmp, strlen(str_tmp)); - actual_read += strlen(str_tmp); + actual_read += (int)strlen(str_tmp); cp += strlen(str_tmp); } while ((actual_read < n - 1) && *str_tmp != '\n'); @@ -386,10 +391,15 @@ w32_setvbuf(FILE *stream, char *buffer, int mode, size_t size) { char * w32_programdir() { + wchar_t* wpgmptr; + if (s_programdir != NULL) return s_programdir; - if ((s_programdir = utf16_to_utf8(_wpgmptr)) == NULL) + if (_get_wpgmptr(&wpgmptr) != 0) + return NULL; + + if ((s_programdir = utf16_to_utf8(wpgmptr)) == NULL) return NULL; /* null terminate after directory path */ @@ -440,6 +450,7 @@ w32_ioctl(int d, int request, ...) } } +/* p should be at least 12 bytes long*/ void strmode(mode_t mode, char *p) { @@ -468,76 +479,13 @@ strmode(mode_t mode, char *p) } /* The below code is commented as the group, other is not applicable on the windows. - * This will be properly fixed in next releases. * As of now we are keeping "*" for everything. + * TODO - figure out if there is a better option */ - const char *permissions = "********* "; - strncpy(p, permissions, strlen(permissions) + 1); - p = p + strlen(p); - /* //usr - if (mode & S_IRUSR) - *p++ = 'r'; - else - *p++ = '-'; - if (mode & S_IWUSR) - *p++ = 'w'; - else - *p++ = '-'; - switch (mode & (S_IXUSR)) { - case 0: - *p++ = '-'; - break; - case S_IXUSR: - *p++ = 'x'; - break; - //case S_ISUID: - // *p++ = 'S'; - // break; - //case S_IXUSR | S_ISUID: - // *p++ = 's'; - // break; - } - // group - if (mode & S_IRGRP) - *p++ = 'r'; - else - *p++ = '-'; - if (mode & S_IWGRP) - *p++ = 'w'; - else - *p++ = '-'; - switch (mode & (S_IXGRP)) { - case 0: - *p++ = '-'; - break; - case S_IXGRP: - *p++ = 'x'; - break; - //case S_ISGID: - // *p++ = 'S'; - // break; - //case S_IXGRP | S_ISGID: - // *p++ = 's'; - // break; - } - // other - if (mode & S_IROTH) - *p++ = 'r'; - else - *p++ = '-'; - if (mode & S_IWOTH) - *p++ = 'w'; - else - *p++ = '-'; - switch (mode & (S_IXOTH)) { - case 0: - *p++ = '-'; - break; - case S_IXOTH: - *p++ = 'x'; - break; - } - *p++ = ' '; // will be a '+' if ACL's implemented */ + const char *permissions = "********* "; + for(int i = 0; i < strlen(permissions); i++) + *p++ = permissions[i]; + *p = '\0'; } @@ -587,11 +535,10 @@ static BOOL is_root_or_empty(wchar_t * path) { wchar_t * path_start; - BOOL has_drive_letter_and_colon; int len; if (!path) return FALSE; - len = wcslen(path); + len = (int)wcslen(path); if((len > 1) && __ascii_iswalpha(path[0]) && path[1] == L':') path_start = path + 2; else @@ -713,7 +660,7 @@ w32_rename(const char *old_name, const char *new_name) } /* - * To be consistent with linux rename(), + * To be consistent with POSIX rename(), * 1) if the new_name is file, then delete it so that _wrename will succeed. * 2) if the new_name is directory and it is empty then delete it so that _wrename will succeed. */ @@ -793,11 +740,21 @@ w32_getcwd(char *buffer, int maxlen) wchar_t wdirname[PATH_MAX]; char* putf8 = NULL; - _wgetcwd(&wdirname[0], PATH_MAX); + if (_wgetcwd(wdirname, PATH_MAX) == NULL) + return NULL; + + if ((putf8 = utf16_to_utf8(wdirname)) == NULL) { + errno = ENOMEM; + return NULL; + } - if ((putf8 = utf16_to_utf8(&wdirname[0])) == NULL) - fatal("failed to convert input arguments"); - strcpy(buffer, putf8); + if (strlen(putf8) >= maxlen) { + errno = ERANGE; + free(putf8); + return NULL; + } + + strcpy_s(buffer, maxlen, putf8); free(putf8); return buffer; @@ -806,6 +763,7 @@ w32_getcwd(char *buffer, int maxlen) int w32_mkdir(const char *path_utf8, unsigned short mode) { + int curmask; wchar_t *path_utf16 = utf8_to_utf16(sanitized_path(path_utf8)); if (path_utf16 == NULL) { errno = ENOMEM; @@ -817,8 +775,9 @@ w32_mkdir(const char *path_utf8, unsigned short mode) return -1; } - mode_t curmask = _umask(0); - _umask(curmask); + errno_t error = _umask_s(0, &curmask); + if(!error) + _umask_s(curmask, &curmask); returnStatus = _wchmod(path_utf16, mode & ~curmask & (_S_IREAD | _S_IWRITE)); free(path_utf16); @@ -882,11 +841,17 @@ realpath(const char *path, char resolved[PATH_MAX]) if (!path || !resolved) return NULL; char tempPath[PATH_MAX]; + size_t path_len = strlen(path); + + if (path_len > PATH_MAX - 1) { + errno = EINVAL; + return NULL; + } - if ((path[0] == '/') && path[1] && (path[2] == ':')) - strncpy(resolved, path + 1, PATH_MAX); /* skip the first '/' */ + if ((path_len >= 2) && (path[0] == '/') && path[1] && (path[2] == ':')) + strncpy_s(resolved, PATH_MAX, path + 1, path_len); /* skip the first '/' */ else - strncpy(resolved, path, PATH_MAX); + strncpy_s(resolved, PATH_MAX, path, path_len + 1); if ((resolved[0]) && (resolved[1] == ':') && (resolved[2] == '\0')) { /* make "x:" as "x:\\" */ resolved[2] = '\\'; @@ -899,7 +864,8 @@ realpath(const char *path, char resolved[PATH_MAX]) convertToForwardslash(tempPath); resolved[0] = '/'; /* will be our first slash in /x:/users/test1 format */ - strncpy(resolved + 1, tempPath, PATH_MAX - 1); + if (strncpy_s(resolved+1, PATH_MAX - 1, tempPath, sizeof(tempPath) - 1) != 0) + return NULL; return resolved; } @@ -913,7 +879,7 @@ sanitized_path(const char *path) if (path[0] == '/' && path[1]) { if (path[2] == ':') { if (path[3] == '\0') { /* make "/x:" as "x:\\" */ - strncpy(newPath, path + 1, strlen(path) - 1); + strncpy_s(newPath, sizeof(PATH_MAX), path + 1, strlen(path) - 1); newPath[2] = '\\'; newPath[3] = '\0'; @@ -926,70 +892,6 @@ sanitized_path(const char *path) return (char *)path; } - -BOOL -ResolveLink(wchar_t * tLink, wchar_t *ret, DWORD * plen, DWORD Flags) -{ - HANDLE fileHandle; - BYTE reparseBuffer[MAX_REPARSE_SIZE]; - PBYTE reparseData; - PREPARSE_GUID_DATA_BUFFER reparseInfo = (PREPARSE_GUID_DATA_BUFFER)reparseBuffer; - PREPARSE_DATA_BUFFER msReparseInfo = (PREPARSE_DATA_BUFFER)reparseBuffer; - DWORD returnedLength; - - if (Flags & FILE_ATTRIBUTE_DIRECTORY) { - fileHandle = CreateFileW(tLink, 0, - FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, - OPEN_EXISTING, - FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, 0); - - } else { - /* Open the file */ - fileHandle = CreateFileW(tLink, 0, - FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, - OPEN_EXISTING, - FILE_FLAG_OPEN_REPARSE_POINT, 0); - } - - if (fileHandle == INVALID_HANDLE_VALUE) { - swprintf_s(ret, *plen, L"%ls", tLink); - return TRUE; - } - - if (GetFileAttributesW(tLink) & FILE_ATTRIBUTE_REPARSE_POINT) { - if (DeviceIoControl(fileHandle, FSCTL_GET_REPARSE_POINT, - NULL, 0, reparseInfo, sizeof(reparseBuffer), - &returnedLength, NULL)) { - if (IsReparseTagMicrosoft(reparseInfo->ReparseTag)) { - switch (reparseInfo->ReparseTag) { - case 0x80000000 | IO_REPARSE_TAG_SYMBOLIC_LINK: - case IO_REPARSE_TAG_MOUNT_POINT: - if (*plen >= msReparseInfo->MountPointReparseBuffer.SubstituteNameLength) { - reparseData = (PBYTE)&msReparseInfo->SymbolicLinkReparseBuffer.PathBuffer; - WCHAR temp[1024]; - wcsncpy_s(temp, 1024, - (PWCHAR)(reparseData + msReparseInfo->MountPointReparseBuffer.SubstituteNameOffset), - (size_t)msReparseInfo->MountPointReparseBuffer.SubstituteNameLength); - temp[msReparseInfo->MountPointReparseBuffer.SubstituteNameLength] = 0; - swprintf_s(ret, *plen, L"%ls", &temp[4]); - } else { - swprintf_s(ret, *plen, L"%ls", tLink); - return FALSE; - } - - break; - default: - break; - } - } - } - } else - swprintf_s(ret, *plen, L"%ls", tLink); - - CloseHandle(fileHandle); - return TRUE; -} - int statvfs(const char *path, struct statvfs *buf) { @@ -1042,60 +944,67 @@ w32_strerror(int errnum) { if (errnum >= EADDRINUSE && errnum <= EWOULDBLOCK) return _sys_errlist_ext[errnum - EADDRINUSE]; - return strerror(errnum); + + strerror_s(errorBuf, ERROR_MSG_MAXLEN, errnum); + return errorBuf; } -/* - * Temporary implementation of readpassphrase. - * TODO - this needs to be reimplemented as per - * https://linux.die.net/man/3/readpassphrase - */ -char * -readpassphrase(const char *prompt, char *out, size_t out_len, int flags) { - char *askpass = NULL; - char *ret = NULL; - DWORD mode; - size_t len = 0; - int retr = 0; +char * +readpassphrase(const char *prompt, char *outBuf, size_t outBufLen, int flags) { + int current_index = 0; + char ch; + wchar_t* wtmp = NULL; + + if (outBufLen == 0) { + errno = EINVAL; + return NULL; + } - /* prompt user */ - wchar_t* wtmp = utf8_to_utf16(prompt); + while (_kbhit()) _getch(); + + wtmp = utf8_to_utf16(prompt); if (wtmp == NULL) fatal("unable to alloc memory"); + _cputws(wtmp); free(wtmp); - len = retr = 0; - - while (_kbhit()) - _getch(); - - while (len < out_len) { - out[len] = (unsigned char)_getch(); - - if (out[len] == '\r') { - if (_kbhit()) /* read linefeed if its there */ - _getch(); + while (current_index < outBufLen - 1) { + ch = _getch(); + + if (ch == '\r') { + if (_kbhit()) _getch(); /* read linefeed if its there */ break; - } - else if (out[len] == '\n') { + } else if (ch == '\n') { break; - } - else if (out[len] == '\b') { /* backspace */ - if (len > 0) - len--; /* overwrite last character */ - } - else if (out[len] == '\003') { - /* exit on Ctrl+C */ + } else if (ch == '\b') { /* backspace */ + if (current_index > 0) { + if (flags & RPP_ECHO_ON) + printf("%c \b", ch); + + current_index--; /* overwrite last character */ + } + } else if (ch == '\003') { /* exit on Ctrl+C */ fatal(""); - } - else { - len++; /* keep reading in the loop */ + } else { + if (flags & RPP_SEVENBIT) + ch &= 0x7f; + + if (isalpha((unsigned char)ch)) { + if(flags & RPP_FORCELOWER) + ch = tolower((unsigned char)ch); + if(flags & RPP_FORCEUPPER) + ch = toupper((unsigned char)ch); + } + + outBuf[current_index++] = ch; + if(flags & RPP_ECHO_ON) + printf("%c", ch); } } - out[len] = '\0'; /* get rid of the cr/lf */ - _cputs("\n"); /*show a newline as we do not echo password or the line */ + outBuf[current_index] = '\0'; + _cputs("\n"); - return out; -} \ No newline at end of file + return outBuf; +} diff --git a/contrib/win32/win32compat/misc_internal.h b/contrib/win32/win32compat/misc_internal.h index a3389248..abf818ab 100644 --- a/contrib/win32/win32compat/misc_internal.h +++ b/contrib/win32/win32compat/misc_internal.h @@ -26,5 +26,8 @@ void convertToBackslash(char *str); void convertToBackslashW(wchar_t *str); void convertToForwardslash(char *str); +#define errno_from_Win32LastError() errno_from_Win32Error(GetLastError()) +int errno_from_Win32Error(int); void unix_time_to_file_time(ULONG, LPFILETIME); -void file_time_unix_time(const LPFILETIME, time_t *); +void file_time_to_unix_time(const LPFILETIME, time_t *); +int file_attr_to_st_mode(wchar_t * path, DWORD attributes); \ No newline at end of file diff --git a/contrib/win32/win32compat/pwd.c b/contrib/win32/win32compat/pwd.c index c3f913c3..1740be96 100644 --- a/contrib/win32/win32compat/pwd.c +++ b/contrib/win32/win32compat/pwd.c @@ -155,9 +155,13 @@ get_passwd(const char *user_utf8, LPWSTR user_sid) /* if one of below fails, set profile path to Windows directory */ if (swprintf(reg_path, PATH_MAX, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\%ls", user_sid) == PATH_MAX || - RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, STANDARD_RIGHTS_READ | KEY_QUERY_VALUE | KEY_WOW64_64KEY, ®_key) != 0 || - RegQueryValueExW(reg_key, L"ProfileImagePath", 0, NULL, (LPBYTE)profile_home, &tmp_len) != 0) - GetWindowsDirectoryW(profile_home, PATH_MAX); + RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, STANDARD_RIGHTS_READ | KEY_QUERY_VALUE | KEY_WOW64_64KEY, ®_key) != 0 || + RegQueryValueExW(reg_key, L"ProfileImagePath", 0, NULL, (LPBYTE)profile_home, &tmp_len) != 0) + if (GetWindowsDirectoryW(profile_home, PATH_MAX) == 0) { + debug3("GetWindowsDirectoryW failed with %d", GetLastError()); + errno = EOTHER; + goto done; + } if ((uname_utf8 = utf16_to_utf8(uname_utf16)) == NULL || (udom_utf16 && (udom_utf8 = utf16_to_utf8(udom_utf16)) == NULL) || @@ -167,9 +171,9 @@ get_passwd(const char *user_utf8, LPWSTR user_sid) goto done; } - uname_upn_len = strlen(uname_utf8) + 1; + uname_upn_len = (DWORD) strlen(uname_utf8) + 1; if (udom_utf8) - uname_upn_len += strlen(udom_utf8) + 1; + uname_upn_len += (DWORD)strlen(udom_utf8) + 1; if ((uname_upn = malloc(uname_upn_len)) == NULL) { errno = ENOMEM; diff --git a/contrib/win32/win32compat/shell-host.c b/contrib/win32/win32compat/shell-host.c index 6160c56b..f50443ff 100644 --- a/contrib/win32/win32compat/shell-host.c +++ b/contrib/win32/win32compat/shell-host.c @@ -86,52 +86,55 @@ typedef struct consoleEvent { } consoleEvent; struct key_translation { - char incoming[6]; + wchar_t in[6]; int vk; - char outgoing; + wchar_t out; + int in_key_len; } key_translation; +/* All the substrings (Ex- "\x1b") should be in the end, otherwise ProcessIncomingKeys() will not work as expected */ struct key_translation keys[] = { - { "\x1b", VK_ESCAPE, '\x1b' }, - { "\r", VK_RETURN, '\r' }, - { "\b", VK_BACK, '\b' }, - { "\x7f", VK_BACK, '\b' }, - { "\t", VK_TAB, '\t' }, - { "\x1b[A", VK_UP, 0 }, - { "\x1b[B", VK_DOWN, 0 }, - { "\x1b[C", VK_RIGHT, 0 }, - { "\x1b[D", VK_LEFT, 0 }, - { "\x1b[1~", VK_HOME, 0 }, - { "\x1b[2~", VK_INSERT, 0 }, - { "\x1b[3~", VK_DELETE, 0 }, - { "\x1b[4~", VK_END, 0 }, - { "\x1b[5~", VK_PRIOR, 0 }, - { "\x1b[6~", VK_NEXT, 0 }, - { "\x1b[11~", VK_F1, 0 }, - { "\x1b[12~", VK_F2, 0 }, - { "\x1b[13~", VK_F3, 0 }, - { "\x1b[14~", VK_F4, 0 }, - { "\x1b[15~", VK_F5, 0 }, - { "\x1b[17~", VK_F6, 0 }, - { "\x1b[18~", VK_F7, 0 }, - { "\x1b[19~", VK_F8, 0 }, - { "\x1b[20~", VK_F9, 0 }, - { "\x1b[21~", VK_F10, 0 }, - { "\x1b[23~", VK_F11, 0 }, - { "\x1b[24~", VK_F12, 0 } + { L"\r", VK_RETURN, L'\r' , 0}, + { L"\b", VK_BACK, L'\b' , 0}, + { L"\x7f", VK_BACK, L'\b' , 0}, + { L"\t", VK_TAB, L'\t' , 0}, + { L"\x1b[A", VK_UP, 0 , 0}, + { L"\x1b[B", VK_DOWN, 0 , 0}, + { L"\x1b[C", VK_RIGHT, 0 , 0}, + { L"\x1b[D", VK_LEFT, 0 , 0}, + { L"\x1b[1~", VK_HOME, 0 , 0}, + { L"\x1b[2~", VK_INSERT, 0 , 0}, + { L"\x1b[3~", VK_DELETE, 0 , 0}, + { L"\x1b[4~", VK_END, 0 , 0}, + { L"\x1b[5~", VK_PRIOR, 0 , 0}, + { L"\x1b[6~", VK_NEXT, 0 , 0}, + { L"\x1b[11~", VK_F1, 0 , 0}, + { L"\x1b[12~", VK_F2, 0 , 0}, + { L"\x1b[13~", VK_F3, 0 , 0}, + { L"\x1b[14~", VK_F4, 0 , 0}, + { L"\x1b[15~", VK_F5, 0 , 0}, + { L"\x1b[17~", VK_F6, 0 , 0}, + { L"\x1b[18~", VK_F7, 0 , 0}, + { L"\x1b[19~", VK_F8, 0 , 0}, + { L"\x1b[20~", VK_F9, 0 , 0}, + { L"\x1b[21~", VK_F10, 0 , 0}, + { L"\x1b[23~", VK_F11, 0 , 0}, + { L"\x1b[24~", VK_F12, 0 , 0}, + { L"\x1b", VK_ESCAPE, L'\x1b' , 0} }; static SHORT lastX = 0; static SHORT lastY = 0; - +SHORT currentLine = 0; consoleEvent* head = NULL; consoleEvent* tail = NULL; BOOL bRet = FALSE; BOOL bNoScrollRegion = FALSE; BOOL bStartup = TRUE; -BOOL bAnsi = FALSE; BOOL bHookEvents = FALSE; +BOOL bFullScreen = FALSE; +BOOL bUseAnsiEmulation = TRUE; HANDLE child_out = INVALID_HANDLE_VALUE; HANDLE child_in = INVALID_HANDLE_VALUE; @@ -140,32 +143,25 @@ HANDLE pipe_in = INVALID_HANDLE_VALUE; HANDLE pipe_out = INVALID_HANDLE_VALUE; HANDLE pipe_err = INVALID_HANDLE_VALUE; HANDLE child = INVALID_HANDLE_VALUE; -DWORD child_exit_code = 0; HANDLE hConsoleBuffer = INVALID_HANDLE_VALUE; - HANDLE monitor_thread = INVALID_HANDLE_VALUE; HANDLE io_thread = INVALID_HANDLE_VALUE; HANDLE ux_thread = INVALID_HANDLE_VALUE; +DWORD child_exit_code = 0; DWORD hostProcessId = 0; DWORD hostThreadId = 0; DWORD childProcessId = 0; DWORD dwStatus = 0; -DWORD currentLine = 0; +DWORD in_cmd_len = 0; DWORD lastLineLength = 0; UINT cp = 0; - UINT ViewPortY = 0; UINT lastViewPortY = 0; - -BOOL bFullScreen = FALSE; -BOOL bUseAnsiEmulation = TRUE; - UINT savedViewPortY = 0; UINT savedLastViewPortY = 0; -DWORD in_cmd_len = 0; char in_cmd[MAX_CMD_LEN]; CRITICAL_SECTION criticalSection; @@ -200,7 +196,7 @@ ConSRWidth() * This function will handle the console keystrokes. */ void -SendKeyStroke(HANDLE hInput, int keyStroke, char character) +SendKeyStroke(HANDLE hInput, int keyStroke, wchar_t character) { DWORD wr = 0; INPUT_RECORD ir; @@ -211,32 +207,48 @@ SendKeyStroke(HANDLE hInput, int keyStroke, char character) ir.Event.KeyEvent.wVirtualKeyCode = keyStroke; ir.Event.KeyEvent.wVirtualScanCode = 0; ir.Event.KeyEvent.dwControlKeyState = 0; - ir.Event.KeyEvent.uChar.UnicodeChar = 0; - ir.Event.KeyEvent.uChar.AsciiChar = character; + ir.Event.KeyEvent.uChar.UnicodeChar = character; - WriteConsoleInputA(hInput, &ir, 1, &wr); + WriteConsoleInputW(hInput, &ir, 1, &wr); ir.Event.KeyEvent.bKeyDown = FALSE; - WriteConsoleInputA(hInput, &ir, 1, &wr); + WriteConsoleInputW(hInput, &ir, 1, &wr); +} + +void +initialize_keylen() +{ + for(int i = 0; i < ARRAYSIZE(keys); i++) + keys[i].in_key_len = (int) wcslen(keys[i].in); } void ProcessIncomingKeys(char * ansikey) { - int keylen = (int)strlen(ansikey); - - if (!keylen) - return; + wchar_t *buf = utf8_to_utf16(ansikey); + + if (!buf) { + printf("\nFailed to deserialize the client data, error:%d\n", GetLastError()); + exit(255); + } - for (int nKey=0; nKey < ARRAYSIZE(keys); nKey++) { - if (strcmp(ansikey, keys[nKey].incoming) == 0) { - SendKeyStroke(child_in, keys[nKey].vk, keys[nKey].outgoing); - return; + loop: + while (buf && (wcslen(buf) > 0)) { + for (int j = 0; j < ARRAYSIZE(keys); j++) { + if ( (wcslen(buf) >= keys[j].in_key_len) && (wcsncmp(buf, keys[j].in, keys[j].in_key_len) == 0) ) { + SendKeyStroke(child_in, keys[j].vk, keys[j].out); + buf += keys[j].in_key_len; + goto loop; + } } - } - for (int i=0; i < keylen; i++) - SendKeyStroke(child_in, 0, ansikey[i]); + if (*buf == L'\x3') /*Ctrl+C - Raise Ctrl+C*/ + GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0); + else + SendKeyStroke(child_in, 0, *buf); + + buf++; + } } /* @@ -403,25 +415,26 @@ SendCharacter(HANDLE hInput, WORD attributes, wchar_t character) 1 * ((attributes & BACKGROUND_RED) != 0); StringCbPrintfExA(Next, SizeLeft, &Next, &SizeLeft, 0, ";%u", Color); - - StringCbPrintfExA(Next, SizeLeft, &Next, &SizeLeft, 0, "m", Color); + + StringCbPrintfExA(Next, SizeLeft, &Next, &SizeLeft, 0, ";%c", 'm'); if (bUseAnsiEmulation && attributes != pattributes) WriteFile(hInput, formatted_output, (DWORD)(Next - formatted_output), &wr, NULL); /* East asian languages have 2 bytes for each character, only use the first */ if (!(attributes & COMMON_LVB_TRAILING_BYTE)) { + char str[10]; int nSize = WideCharToMultiByte(CP_UTF8, 0, &character, 1, - Next, - 10, + (LPSTR)str, + sizeof(str), NULL, NULL); if (nSize > 0) - WriteFile(hInput, Next, nSize, &wr, NULL); + WriteFile(hInput, str, nSize, &wr, NULL); } pattributes = attributes; @@ -461,8 +474,8 @@ SizeWindow(HANDLE hInput) matchingFont.dwFontSize.X = 0; matchingFont.dwFontSize.Y = 16; matchingFont.FontFamily = FF_DONTCARE; - matchingFont.FontWeight = FW_NORMAL; - wcscpy(matchingFont.FaceName, L"Consolas"); + matchingFont.FontWeight = FW_NORMAL; + wcscpy_s(matchingFont.FaceName, LF_FACESIZE, L"Consolas"); bSuccess = __SetCurrentConsoleFontEx(child_out, FALSE, &matchingFont); @@ -481,8 +494,8 @@ SizeWindow(HANDLE hInput) inputSi.dwYCountChars = 25; } - srWindowRect.Right = (SHORT)(min(inputSi.dwXCountChars, (DWORD)coordScreen.X) - 1); - srWindowRect.Bottom = (SHORT)(min(inputSi.dwYCountChars, (DWORD)coordScreen.Y) - 1); + srWindowRect.Right = min((SHORT)inputSi.dwXCountChars, coordScreen.X) - 1; + srWindowRect.Bottom = min((SHORT)inputSi.dwYCountChars, coordScreen.Y) - 1; srWindowRect.Left = srWindowRect.Top = (SHORT)0; /* Define the new console buffer size to be the maximum possible */ @@ -638,8 +651,8 @@ ProcessEvent(void *p) return dwError; } - if ((DWORD)readRect.Top > currentLine) - for (DWORD n = currentLine; n < (DWORD)readRect.Top; n++) + if (readRect.Top > currentLine) + for (SHORT n = currentLine; n < readRect.Top; n++) SendLF(pipe_out); /* Set cursor location based on the reported location from the message */ @@ -681,6 +694,8 @@ ProcessEvent(void *p) int pBufferSize = coordBufSize.X * coordBufSize.Y; /* Send the one character. Note that a CR doesn't end up here */ CHAR_INFO *pBuffer = (PCHAR_INFO)malloc(sizeof(CHAR_INFO) * pBufferSize); + if (!pBuffer) + return ERROR_INSUFFICIENT_BUFFER; /* Copy the block from the screen buffer to the temp. buffer */ if (!ReadConsoleOutput(child_out, pBuffer, coordBufSize, coordBufCoord, &readRect)) { @@ -741,19 +756,6 @@ ProcessEvent(void *p) DWORD WINAPI ProcessEventQueue(LPVOID p) { - if (child_in != INVALID_HANDLE_VALUE && child_in != NULL && - child_out != INVALID_HANDLE_VALUE && child_out != NULL) { - DWORD dwInputMode; - DWORD dwOutputMode; - - if (GetConsoleMode(child_in, &dwInputMode) && GetConsoleMode(child_out, &dwOutputMode)) - if (((dwOutputMode & ENABLE_VIRTUAL_TERMINAL_PROCESSING) == ENABLE_VIRTUAL_TERMINAL_PROCESSING) && - ((dwInputMode & ENABLE_VIRTUAL_TERMINAL_INPUT) == ENABLE_VIRTUAL_TERMINAL_INPUT)) - bAnsi = TRUE; - else - bAnsi = FALSE; - } - while (1) { while (head) { EnterCriticalSection(&criticalSection); @@ -777,7 +779,6 @@ ProcessEventQueue(LPVOID p) if (child_in != INVALID_HANDLE_VALUE && child_in != NULL && child_out != INVALID_HANDLE_VALUE && child_out != NULL) { - ZeroMemory(&consoleInfo, sizeof(consoleInfo)); consoleInfo.cbSize = sizeof(consoleInfo); @@ -854,32 +855,18 @@ DWORD WINAPI ProcessPipes(LPVOID p) { BOOL ret; - DWORD dwStatus; + DWORD dwStatus; char buf[128]; /* process data from pipe_in and route appropriately */ - while (1) { - DWORD rd = 0; + while (1) { ZeroMemory(buf, sizeof(buf)); + int rd = 0; - GOTO_CLEANUP_ON_FALSE(ReadFile(pipe_in, buf, sizeof(buf)-1, &rd, NULL)); /* read bufsize-1 */ + GOTO_CLEANUP_ON_FALSE(ReadFile(pipe_in, buf, sizeof(buf) - 1, &rd, NULL)); /* read bufsize-1 */ bStartup = FALSE; - for (DWORD i=0; i < rd; i++) { - if (buf[i] == 0) - break; - - if (buf[i] == 3) { /*Ctrl+C - Raise Ctrl+C*/ - GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0); - continue; - } - - if (bAnsi) { - SendKeyStroke(child_in, 0, buf[i]); - } else { - ProcessIncomingKeys(buf); - break; - } - } + if(rd > 0) + ProcessIncomingKeys(buf); } cleanup: @@ -957,13 +944,18 @@ start_with_pty(wchar_t *command) { STARTUPINFO si; PROCESS_INFORMATION pi; - wchar_t cmd[MAX_CMD_LEN]; + wchar_t *cmd = (wchar_t *)malloc(sizeof(wchar_t) * MAX_CMD_LEN); SECURITY_ATTRIBUTES sa; BOOL ret; DWORD dwStatus; HANDLE hEventHook = NULL; HMODULE hm_kernel32 = NULL, hm_user32 = NULL; + if(cmd == NULL) { + printf("ssh-shellhost is out of memory"); + exit(255); + } + if ((hm_kernel32 = LoadLibraryW(L"kernel32.dll")) == NULL || (hm_user32 = LoadLibraryW(L"user32.dll")) == NULL || (__SetCurrentConsoleFontEx = (__t_SetCurrentConsoleFontEx)GetProcAddress(hm_kernel32, "SetCurrentConsoleFontEx")) == NULL || @@ -996,6 +988,12 @@ start_with_pty(wchar_t *command) hostThreadId = GetCurrentThreadId(); hostProcessId = GetCurrentProcessId(); InitializeCriticalSection(&criticalSection); + + /* + * Ignore the static code analysis warning C6387 + * as per msdn, third argument can be NULL when we specify WINEVENT_OUTOFCONTEXT + */ +#pragma warning(suppress: 6387) hEventHook = __SetWinEventHook(EVENT_CONSOLE_CARET, EVENT_CONSOLE_END_APPLICATION, NULL, ConsoleEventProc, 0, 0, WINEVENT_OUTOFCONTEXT); memset(&si, 0, sizeof(STARTUPINFO)); @@ -1037,6 +1035,8 @@ start_with_pty(wchar_t *command) /* disable Ctrl+C hander in this process*/ SetConsoleCtrlHandler(NULL, TRUE); + + initialize_keylen(); io_thread = CreateThread(NULL, 0, ProcessPipes, NULL, 0, NULL); if (IS_INVALID_HANDLE(io_thread)) @@ -1051,6 +1051,7 @@ start_with_pty(wchar_t *command) dwStatus = GetLastError(); if (child != INVALID_HANDLE_VALUE) TerminateProcess(child, 0); + if (!IS_INVALID_HANDLE(monitor_thread)) { WaitForSingleObject(monitor_thread, INFINITE); CloseHandle(monitor_thread); @@ -1063,15 +1064,22 @@ start_with_pty(wchar_t *command) TerminateThread(io_thread, 0); CloseHandle(io_thread); } + if (hEventHook) __UnhookWinEvent(hEventHook); + FreeConsole(); + if (child != INVALID_HANDLE_VALUE) { CloseHandle(pi.hProcess); CloseHandle(pi.hThread); } + FreeQueueEvent(); DeleteCriticalSection(&criticalSection); + + if(cmd != NULL) + free(cmd); return child_exit_code; } @@ -1093,13 +1101,18 @@ start_withno_pty(wchar_t *command) { STARTUPINFO si; PROCESS_INFORMATION pi; - wchar_t cmd[MAX_CMD_LEN]; + wchar_t *cmd = (wchar_t *) malloc(sizeof(wchar_t) * MAX_CMD_LEN); SECURITY_ATTRIBUTES sa; BOOL ret, process_input = FALSE, run_under_cmd = FALSE; size_t command_len; char buf[128]; DWORD rd = 0, wr = 0, i = 0; + if (cmd == NULL) { + printf("ssh-shellhost is out of memory"); + exit(255); + } + pipe_in = GetStdHandle(STD_INPUT_HANDLE); pipe_out = GetStdHandle(STD_OUTPUT_HANDLE); pipe_err = GetStdHandle(STD_ERROR_HANDLE); @@ -1262,6 +1275,7 @@ start_withno_pty(wchar_t *command) } } cleanup: + /* close child's stdin first */ if(!IS_INVALID_HANDLE(child_pipe_write)) CloseHandle(child_pipe_write); @@ -1347,7 +1361,7 @@ static void setup_session_user_vars() to_apply = data_expanded; } - if (wcsicmp(name, L"PATH") == 0) { + if (_wcsicmp(name, L"PATH") == 0) { if ((required = GetEnvironmentVariableW(L"PATH", NULL, 0)) != 0) { /* "required" includes null term */ path_value = xmalloc((wcslen(to_apply) + 1 + required) * 2); @@ -1379,16 +1393,6 @@ wmain(int ac, wchar_t **av) { int pty_requested = 0; wchar_t *cmd = NULL, *cmd_b64 = NULL; - { - /* create job to hold all child processes */ - HANDLE job = CreateJobObject(NULL, NULL); - JOBOBJECT_EXTENDED_LIMIT_INFORMATION job_info; - memset(&job_info, 0, sizeof(JOBOBJECT_EXTENDED_LIMIT_INFORMATION)); - job_info.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; - if (!SetInformationJobObject(job, JobObjectExtendedLimitInformation, &job_info, sizeof(job_info))) - return -1; - CloseHandle(job); - } if ((ac == 1) || (ac == 2 && wcscmp(av[1], L"-nopty"))) { pty_requested = 1; diff --git a/contrib/win32/win32compat/signal_sigalrm.c b/contrib/win32/win32compat/signal_sigalrm.c index 77ca7a15..c3a1836e 100644 --- a/contrib/win32/win32compat/signal_sigalrm.c +++ b/contrib/win32/win32compat/signal_sigalrm.c @@ -71,8 +71,8 @@ w32_alarm(unsigned int sec) /* if timer was already ative, return when it was due */ if (timer_info.ticks_at_start) { sec_passed = (GetTickCount64() - timer_info.ticks_at_start) / 1000; - if (sec_passed < timer_info.run_time_sec) - ret = timer_info.run_time_sec - sec_passed; + if (sec_passed < (ULONGLONG)timer_info.run_time_sec) + ret = (int) (timer_info.run_time_sec - sec_passed); } timer_info.ticks_at_start = GetTickCount64(); timer_info.run_time_sec = sec; diff --git a/contrib/win32/win32compat/signal_sigchld.c b/contrib/win32/win32compat/signal_sigchld.c index c9fadc98..3351311f 100644 --- a/contrib/win32/win32compat/signal_sigchld.c +++ b/contrib/win32/win32compat/signal_sigchld.c @@ -31,6 +31,7 @@ #include "signal_internal.h" #include "inc\sys\wait.h" #include "debug.h" +#include "inc\signal.h" struct _children children; @@ -135,7 +136,7 @@ w32_kill(int pid, int sig) /* for child processes - only SIGTERM supported*/ child_index = -1; - for (i = 0; i < children.num_children; i++) + for (i = 0; i < (int)children.num_children; i++) if (children.process_id[i] == pid) { child_index = i; break; @@ -187,9 +188,10 @@ waitpid(int pid, int *status, int options) return -1; } + process = children.handles[index]; + /* wait if process is still alive */ if (index < children.num_children - children.num_zombies) { - process = children.handles[index]; ret = WaitForSingleObject(process, INFINITE); if (ret != WAIT_OBJECT_0) DebugBreak();//fatal diff --git a/contrib/win32/win32compat/socketio.c b/contrib/win32/win32compat/socketio.c index 969d0621..7920c405 100644 --- a/contrib/win32/win32compat/socketio.c +++ b/contrib/win32/win32compat/socketio.c @@ -950,12 +950,13 @@ socketio_on_select(struct w32_io* pio, BOOL rd) int w32_gethostname(char *name_utf8, size_t len) { - wchar_t name_utf16[256]; char* tmp_name_utf8 = NULL; if (IsWindows8OrGreater()) { /* TODO - GetHostNameW not present in Win7, do GetProcAddr on Win8+*/ - /* if (GetHostNameW(name_utf16, 256) == SOCKET_ERROR) { + /* + wchar_t name_utf16[256]; + if (GetHostNameW(name_utf16, 256) == SOCKET_ERROR) { errno = errno_from_WSALastError(); return -1; } @@ -969,9 +970,9 @@ w32_gethostname(char *name_utf8, size_t len) memcpy(name_utf8, tmp_name_utf8, strlen(tmp_name_utf8) + 1); free(tmp_name_utf8); return 0; */ - return gethostname(name_utf8, len); + return gethostname(name_utf8, (int)len); } else - return gethostname(name_utf8, len); + return gethostname(name_utf8, (int)len); } void diff --git a/contrib/win32/win32compat/ssh-agent/agent.c b/contrib/win32/win32compat/ssh-agent/agent.c index 5bc99252..d1042d4f 100644 --- a/contrib/win32/win32compat/ssh-agent/agent.c +++ b/contrib/win32/win32compat/ssh-agent/agent.c @@ -172,6 +172,8 @@ agent_cleanup_connection(struct agent_connection* con) UnloadUserProfile(con->auth_token, con->hProfile); if (con->auth_token) CloseHandle(con->auth_token); + if (con->client_impersonation_token) + CloseHandle(con->client_impersonation_token); free(con); CloseHandle(ioc_port); ioc_port = NULL; @@ -189,14 +191,19 @@ agent_start(BOOL dbg_mode) int r; HKEY agent_root = NULL; DWORD process_id = GetCurrentProcessId(); + wchar_t* sddl_str; verbose("%s pid:%d, dbg:%d", __FUNCTION__, process_id, dbg_mode); debug_mode = dbg_mode; memset(&sa, 0, sizeof(SECURITY_ATTRIBUTES)); sa.nLength = sizeof(sa); - /* allow access to Authenticated users and Network Service */ - if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(L"D:P(A;;GA;;;AU)(A;;GA;;;NS)", SDDL_REVISION_1, + /* + * SDDL - GA to System and Builtin/Admins and restricted access to Authenticated users + * 0x12019b - FILE_GENERIC_READ/WRITE minus FILE_CREATE_PIPE_INSTANCE + */ + sddl_str = L"D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"; + if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl_str, SDDL_REVISION_1, &sa.lpSecurityDescriptor, &sa.nLength)) fatal("cannot convert sddl ERROR:%d", GetLastError()); if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, &sa, &agent_root, 0)) != ERROR_SUCCESS) @@ -212,6 +219,141 @@ agent_start(BOOL dbg_mode) agent_listen_loop(); } +static char* +con_type_to_string(struct agent_connection* con) +{ + switch (con->client_type) { + case UNKNOWN: + return "unknown"; + case NONADMIN_USER: + return "restricted user"; + case ADMIN_USER: + return "administrator"; + case SSHD_SERVICE: + return "sshd service"; + case SYSTEM: + return "system"; + case SERVICE: + return "service"; + default: + return "unexpected"; + } +} + +static int +get_con_client_info(struct agent_connection* con) +{ + int r = -1; + char sid[SECURITY_MAX_SID_SIZE]; + wchar_t *sshd_act = L"NT SERVICE\\SSHD", *ref_dom = NULL; + ULONG client_pid; + DWORD reg_dom_len = 0, info_len = 0, sid_size; + DWORD sshd_sid_len = 0; + PSID sshd_sid = NULL; + SID_NAME_USE nuse; + HANDLE client_primary_token = NULL, client_impersonation_token = NULL, client_proc_handle = NULL; + TOKEN_USER* info = NULL; + BOOL isMember = FALSE; + + if (GetNamedPipeClientProcessId(con->pipe_handle, &client_pid) == FALSE || + (client_proc_handle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, client_pid)) == NULL || + OpenProcessToken(client_proc_handle, TOKEN_QUERY | TOKEN_DUPLICATE, &client_primary_token) == FALSE || + DuplicateToken(client_primary_token, SecurityImpersonation, &client_impersonation_token) == FALSE) { + error("cannot retrieve client impersonatin token"); + goto done; + } + + if (GetTokenInformation(client_primary_token, TokenUser, NULL, 0, &info_len) == TRUE || + (info = (TOKEN_USER*)malloc(info_len)) == NULL || + GetTokenInformation(client_primary_token, TokenUser, info, info_len, &info_len) == FALSE) + goto done; + + /* check if its localsystem */ + if (IsWellKnownSid(info->User.Sid, WinLocalSystemSid)) { + con->client_type = SYSTEM; + r = 0; + goto done; + } + + /* check if its SSHD service */ + { + /* Does NT Service/SSHD exist */ + LookupAccountNameW(NULL, sshd_act, NULL, &sshd_sid_len, NULL, ®_dom_len, &nuse); + + if (GetLastError() == ERROR_NONE_MAPPED) + debug3("Cannot look up SSHD account, its likely not installed"); + else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + error("LookupAccountNameW on SSHD account failed with %d", GetLastError()); + goto done; + } + else { + if ((sshd_sid = malloc(sshd_sid_len)) == NULL || + (ref_dom = (wchar_t*)malloc(reg_dom_len * 2)) == NULL || + LookupAccountNameW(NULL, sshd_act, sshd_sid, &sshd_sid_len, ref_dom, ®_dom_len, &nuse) == FALSE) + goto done; + + if (EqualSid(info->User.Sid, sshd_sid)) { + con->client_type = SSHD_SERVICE; + r = 0; + goto done; + } + if (CheckTokenMembership(client_impersonation_token, sshd_sid, &isMember) == FALSE) + goto done; + if (isMember) { + con->client_type = SSHD_SERVICE; + r = 0; + goto done; + } + } + } + + /* check if its LS or NS */ + if (IsWellKnownSid(info->User.Sid, WinNetworkServiceSid) || + IsWellKnownSid(info->User.Sid, WinLocalServiceSid)) { + con->client_type = SERVICE; + r = 0; + goto done; + } + + /* check if its admin */ + { + sid_size = SECURITY_MAX_SID_SIZE; + if (CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, sid, &sid_size) == FALSE) + goto done; + if (CheckTokenMembership(client_impersonation_token, sid, &isMember) == FALSE) + goto done; + if (isMember) { + con->client_type = ADMIN_USER; + r = 0; + goto done; + } + } + + /* none of above */ + con->client_type = NONADMIN_USER; + r = 0; +done: + debug("client type: %s", con_type_to_string(con)); + + if (sshd_sid) + free(sshd_sid); + if (ref_dom) + free(ref_dom); + if (info) + free(info); + if (client_proc_handle) + CloseHandle(client_proc_handle); + if (client_primary_token) + CloseHandle(client_primary_token); + + if (r == 0) + con->client_impersonation_token = client_impersonation_token; + else if (client_impersonation_token) + CloseHandle(client_impersonation_token); + + return r; +} + void agent_process_connection(HANDLE pipe) { @@ -229,6 +371,10 @@ agent_process_connection(HANDLE pipe) if (CreateIoCompletionPort(pipe, ioc_port, (ULONG_PTR)con, 0) != ioc_port) fatal("failed to assign pipe to ioc_port"); + /* get client details */ + if (get_con_client_info(con) == -1) + fatal("failed to retrieve client details"); + agent_connection_on_io(con, 0, &con->ol); iocp_work(NULL); } diff --git a/contrib/win32/win32compat/ssh-agent/agent.h b/contrib/win32/win32compat/ssh-agent/agent.h index d6e403a5..ea2da0a3 100644 --- a/contrib/win32/win32compat/ssh-agent/agent.h +++ b/contrib/win32/win32compat/ssh-agent/agent.h @@ -14,6 +14,7 @@ struct agent_connection { OVERLAPPED ol; HANDLE pipe_handle; + HANDLE client_impersonation_token; struct { DWORD num_bytes; DWORD transferred; diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c index 878a89b3..32603b9c 100644 --- a/contrib/win32/win32compat/ssh-agent/authagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/authagent-request.c @@ -42,8 +42,7 @@ #pragma warning(push, 3) -int -pubkey_allowed(struct sshkey*, HANDLE); +int pubkey_allowed(struct sshkey* pubkey, HANDLE user_token); static void InitLsaString(LSA_STRING *lsa_string, const char *str) diff --git a/contrib/win32/win32compat/ssh-agent/connection.c b/contrib/win32/win32compat/ssh-agent/connection.c index 48e12020..d6ae7c23 100644 --- a/contrib/win32/win32compat/ssh-agent/connection.c +++ b/contrib/win32/win32compat/ssh-agent/connection.c @@ -136,105 +136,6 @@ con_type_to_string(struct agent_connection* con) { } } -static int -get_con_client_type(struct agent_connection* con) -{ - int r = -1; - char sid[SECURITY_MAX_SID_SIZE]; - wchar_t *sshd_act = L"NT SERVICE\\SSHD", *ref_dom = NULL; - DWORD reg_dom_len = 0, info_len = 0, sid_size; - DWORD sshd_sid_len = 0; - PSID sshd_sid = NULL; - SID_NAME_USE nuse; - HANDLE token; - TOKEN_USER* info = NULL; - BOOL isMember = FALSE; - - if (ImpersonateNamedPipeClient(con->pipe_handle) == FALSE) - return -1; - - if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &token) == FALSE || - GetTokenInformation(token, TokenUser, NULL, 0, &info_len) == TRUE || - (info = (TOKEN_USER*)malloc(info_len)) == NULL || - GetTokenInformation(token, TokenUser, info, info_len, &info_len) == FALSE) - goto done; - - /* check if its localsystem */ - if (IsWellKnownSid(info->User.Sid, WinLocalSystemSid)) { - con->client_type = SYSTEM; - r = 0; - goto done; - } - - /* check if its SSHD service */ - { - /* Does NT Service/SSHD exist */ - LookupAccountNameW(NULL, sshd_act, NULL, &sshd_sid_len, NULL, ®_dom_len, &nuse); - - if (GetLastError() == ERROR_NONE_MAPPED) - debug3("Cannot look up SSHD account, its likely not installed"); - else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { - error("LookupAccountNameW on SSHD account failed with %d", GetLastError()); - goto done; - } else { - if ((sshd_sid = malloc(sshd_sid_len)) == NULL || - (ref_dom = (wchar_t*)malloc(reg_dom_len * 2)) == NULL || - LookupAccountNameW(NULL, sshd_act, sshd_sid, &sshd_sid_len, ref_dom, ®_dom_len, &nuse) == FALSE) - goto done; - - if (EqualSid(info->User.Sid, sshd_sid)) { - con->client_type = SSHD_SERVICE; - r = 0; - goto done; - } - if (CheckTokenMembership(token, sshd_sid, &isMember) == FALSE) - goto done; - if (isMember) { - con->client_type = SSHD_SERVICE; - r = 0; - goto done; - } - } - } - - /* check if its LS or NS */ - if (IsWellKnownSid(info->User.Sid, WinNetworkServiceSid) || - IsWellKnownSid(info->User.Sid, WinLocalServiceSid)) { - con->client_type = SERVICE; - r = 0; - goto done; - } - - /* check if its admin */ - { - sid_size = SECURITY_MAX_SID_SIZE; - if (CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, sid, &sid_size) == FALSE) - goto done; - if (CheckTokenMembership(token, sid, &isMember) == FALSE) - goto done; - if (isMember) { - con->client_type = ADMIN_USER; - r = 0; - goto done; - } - } - - /* none of above */ - con->client_type = NONADMIN_USER; - r = 0; -done: - debug("client type: %s", con_type_to_string(con)); - - if (sshd_sid) - free(sshd_sid); - if (ref_dom) - free(ref_dom); - if (info) - free(info); - RevertToSelf(); - return r; -} - static int process_request(struct agent_connection* con) { @@ -242,11 +143,6 @@ process_request(struct agent_connection* con) struct sshbuf *request = NULL, *response = NULL; u_char type; - if (con->client_type == UNKNOWN && get_con_client_type(con) == -1) { - debug("unable to get client process type"); - goto done; - } - request = sshbuf_from(con->io_buf.buf, con->io_buf.num_bytes); response = sshbuf_new(); if ((request == NULL) || (response == NULL)) diff --git a/contrib/win32/win32compat/ssh-agent/keyagent-request.c b/contrib/win32/win32compat/ssh-agent/keyagent-request.c index 95b53217..affcbc9e 100644 --- a/contrib/win32/win32compat/ssh-agent/keyagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/keyagent-request.c @@ -51,7 +51,7 @@ get_user_root(struct agent_connection* con, HKEY *root) *root = HKEY_LOCAL_MACHINE; if (con->client_type <= ADMIN_USER) { - if (ImpersonateNamedPipeClient(con->pipe_handle) == FALSE) + if (ImpersonateLoggedOnUser(con->client_impersonation_token) == FALSE) return -1; *root = NULL; /* @@ -74,7 +74,7 @@ convert_blob(struct agent_connection* con, const char *blob, DWORD blen, char ** DATA_BLOB in, out; if (con->client_type <= ADMIN_USER) - if (ImpersonateNamedPipeClient(con->pipe_handle) == FALSE) + if (ImpersonateLoggedOnUser(con->client_impersonation_token) == FALSE) return -1; in.cbData = blen; diff --git a/contrib/win32/win32compat/termio.c b/contrib/win32/win32compat/termio.c index 945e227b..786c0fed 100644 --- a/contrib/win32/win32compat/termio.c +++ b/contrib/win32/win32compat/termio.c @@ -45,6 +45,7 @@ #include "inc\utf.h" #include "debug.h" #include "tnnet.h" +#include "misc_internal.h" #define TERM_IO_BUF_SIZE 2048 @@ -123,7 +124,7 @@ syncio_initiate_read(struct w32_io* pio) read_thread = CreateThread(NULL, 0, ReadThread, pio, 0, NULL); if (read_thread == NULL) { - errno = errno_from_Win32Error(GetLastError()); + errno = errno_from_Win32LastError(); debug3("TermRead initiate - ERROR CreateThread %d, io:%p", GetLastError(), pio); return -1; } @@ -164,7 +165,7 @@ WriteThread(_In_ LPVOID lpParameter) pio->write_details.buf[write_status.to_transfer] = '\0'; if (0 == in_raw_mode) { wchar_t* t = utf8_to_utf16(pio->write_details.buf); - WriteConsoleW(WINHANDLE(pio), t, wcslen(t), 0, 0); + WriteConsoleW(WINHANDLE(pio), t, (DWORD)wcslen(t), 0, 0); free(t); } else { processBuffer(WINHANDLE(pio), pio->write_details.buf, write_status.to_transfer, &respbuf, &resplen); @@ -200,7 +201,7 @@ syncio_initiate_write(struct w32_io* pio, DWORD num_bytes) write_status.to_transfer = num_bytes; write_thread = CreateThread(NULL, 0, WriteThread, pio, 0, NULL); if (write_thread == NULL) { - errno = errno_from_Win32Error(GetLastError()); + errno = errno_from_Win32LastError(); debug3("TermWrite initiate - ERROR CreateThread %d, io:%p", GetLastError(), pio); return -1; } @@ -215,7 +216,6 @@ int syncio_close(struct w32_io* pio) { debug4("syncio_close - pio:%p", pio); - HANDLE h; CancelIoEx(WINHANDLE(pio), NULL); /* If io is pending, let worker threads exit. */ diff --git a/contrib/win32/win32compat/tncon.c b/contrib/win32/win32compat/tncon.c index 503816ec..6d171c8b 100644 --- a/contrib/win32/win32compat/tncon.c +++ b/contrib/win32/win32compat/tncon.c @@ -110,7 +110,6 @@ ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) DWORD dwInput = 0; DWORD dwControlKeyState = 0; DWORD rc = 0; - unsigned char szResponse[50]; unsigned char octets[20]; char aChar = 0; INPUT_RECORD InputRecord; diff --git a/contrib/win32/win32compat/tnnet.c b/contrib/win32/win32compat/tnnet.c index 310546e6..39b0fc8b 100644 --- a/contrib/win32/win32compat/tnnet.c +++ b/contrib/win32/win32compat/tnnet.c @@ -36,6 +36,7 @@ #include #include "ansiprsr.h" #include "inc\utf.h" +#include "console.h" #define dwBuffer 4096 @@ -50,7 +51,6 @@ extern BOOL isAnsiParsingRequired; void processBuffer(HANDLE handle, char *buf, size_t len, unsigned char **respbuf, size_t *resplen) { - unsigned char szBuffer[dwBuffer + 8]; unsigned char* pszNewHead = NULL; unsigned char* pszHead = NULL; unsigned char* pszTail = NULL; @@ -62,7 +62,7 @@ processBuffer(HANDLE handle, char *buf, size_t len, unsigned char **respbuf, siz /* Console has the capability to parse so pass the raw buffer to console directly */ ConRestoreViewRect(); /* Restore the visible window, otherwise WriteConsoleW() gets messy */ wchar_t* t = utf8_to_utf16(buf); - WriteConsoleW(handle, t, wcslen(t), 0, 0); + WriteConsoleW(handle, t, (DWORD)wcslen(t), 0, 0); free(t); ConSaveViewRect(); return; diff --git a/contrib/win32/win32compat/w32-sshfileperm.c b/contrib/win32/win32compat/w32-sshfileperm.c index 97fa2d00..44d3f3cc 100644 --- a/contrib/win32/win32compat/w32-sshfileperm.c +++ b/contrib/win32/win32compat/w32-sshfileperm.c @@ -1,9 +1,6 @@ /* * Author: Yanbing Wang * -* Copyright (c) 2009, 2011 NoMachine -* All rights reserved -* * Support file permission check on Win32 based operating systems. * * Redistribution and use in source and binary forms, with or without @@ -179,3 +176,4 @@ is_sshd_account(PSID user_sid) { wmemcpy(full_name + domain_name_length + 1, user_name, wcslen(user_name)+1); return (wcsicmp(full_name, SSHD_ACCOUNT) == 0); } + diff --git a/contrib/win32/win32compat/w32fd.c b/contrib/win32/win32compat/w32fd.c index 7d3c0ed7..3cea3a42 100644 --- a/contrib/win32/win32compat/w32fd.c +++ b/contrib/win32/win32compat/w32fd.c @@ -76,22 +76,46 @@ fd_table_initialize() memset(&w32_io_stdin, 0, sizeof(w32_io_stdin)); w32_io_stdin.std_handle = STD_INPUT_HANDLE; w32_io_stdin.type = NONSOCK_SYNC_FD; - if (getenv(SSH_ASYNC_STDIN) && strcmp(getenv(SSH_ASYNC_STDIN), "1") == 0) - w32_io_stdin.type = NONSOCK_FD; + + char *envValue = NULL; + _dupenv_s(&envValue, NULL, SSH_ASYNC_STDIN); + if (NULL != envValue) { + if(strcmp(envValue, "1") == 0) + w32_io_stdin.type = NONSOCK_FD; + + free(envValue); + } + _putenv_s(SSH_ASYNC_STDIN, ""); fd_table_set(&w32_io_stdin, STDIN_FILENO); memset(&w32_io_stdout, 0, sizeof(w32_io_stdout)); w32_io_stdout.std_handle = STD_OUTPUT_HANDLE; w32_io_stdout.type = NONSOCK_SYNC_FD; - if (getenv(SSH_ASYNC_STDOUT) && strcmp(getenv(SSH_ASYNC_STDOUT), "1") == 0) - w32_io_stdout.type = NONSOCK_FD; + + envValue = NULL; + _dupenv_s(&envValue, NULL, SSH_ASYNC_STDOUT); + if (NULL != envValue) { + if(strcmp(envValue, "1") == 0) + w32_io_stdout.type = NONSOCK_FD; + + free(envValue); + } + _putenv_s(SSH_ASYNC_STDOUT, ""); fd_table_set(&w32_io_stdout, STDOUT_FILENO); memset(&w32_io_stderr, 0, sizeof(w32_io_stderr)); w32_io_stderr.std_handle = STD_ERROR_HANDLE; w32_io_stderr.type = NONSOCK_SYNC_FD; - if (getenv(SSH_ASYNC_STDERR) && strcmp(getenv(SSH_ASYNC_STDERR), "1") == 0) - w32_io_stderr.type = NONSOCK_FD; + + envValue = NULL; + _dupenv_s(&envValue, NULL, SSH_ASYNC_STDERR); + if (NULL != envValue) { + if(strcmp(envValue, "1") == 0) + w32_io_stderr.type = NONSOCK_FD; + + free(envValue); + } + _putenv_s(SSH_ASYNC_STDERR, ""); fd_table_set(&w32_io_stderr, STDERR_FILENO); return 0; @@ -426,7 +450,7 @@ w32_read(int fd, void *dst, size_t max) } int -w32_write(int fd, const void *buf, unsigned int max) +w32_write(int fd, const void *buf, size_t max) { CHECK_FD(fd); @@ -899,14 +923,14 @@ w32_fsync(int fd) * this decoration is done only when additional arguments are passed in argv */ int -spawn_child(char* cmd, char** argv, int in, int out, int err, DWORD flags) +spawn_child(char* cmd, char** argv, int in, int out, int err, unsigned long flags) { PROCESS_INFORMATION pi; STARTUPINFOW si; BOOL b; char *cmdline, *t, **t1; DWORD cmdline_len = 0; - wchar_t * cmdline_utf16; + wchar_t * cmdline_utf16 = NULL; int add_module_path = 0, ret = -1; /* should module path be added */ @@ -923,14 +947,14 @@ spawn_child(char* cmd, char** argv, int in, int out, int err, DWORD flags) /* compute total cmdline len*/ if (add_module_path) - cmdline_len += strlen(w32_programdir()) + 1 + strlen(cmd) + 1 + 2; + cmdline_len += (DWORD)strlen(w32_programdir()) + 1 + (DWORD)strlen(cmd) + 1 + 2; else - cmdline_len += strlen(cmd) + 1 + 2; + cmdline_len += (DWORD)strlen(cmd) + 1 + 2; if (argv) { t1 = argv; while (*t1) - cmdline_len += strlen(*t1++) + 1 + 2; + cmdline_len += (DWORD)strlen(*t1++) + 1 + 2; } if ((cmdline = malloc(cmdline_len)) == NULL) { diff --git a/contrib/win32/win32compat/w32fd.h b/contrib/win32/win32compat/w32fd.h index a21d92fa..da77fa24 100644 --- a/contrib/win32/win32compat/w32fd.h +++ b/contrib/win32/win32compat/w32fd.h @@ -145,8 +145,8 @@ int fileio_pipe(struct w32_io* pio[2]); struct w32_io* fileio_afunix_socket(); int fileio_connect(struct w32_io*, char*); struct w32_io* fileio_open(const char *pathname, int flags, u_short mode); -int fileio_read(struct w32_io* pio, void *dst, unsigned int max); -int fileio_write(struct w32_io* pio, const void *buf, unsigned int max); +int fileio_read(struct w32_io* pio, void *dst, size_t max); +int fileio_write(struct w32_io* pio, const void *buf, size_t max); int fileio_fstat(struct w32_io* pio, struct _stat64 *buf); int fileio_stat(const char *path, struct _stat64 *buf); long fileio_lseek(struct w32_io* pio, long offset, int origin); diff --git a/contrib/win32/win32compat/w32log.c b/contrib/win32/win32compat/w32log.c index 327b366c..3483bea2 100644 --- a/contrib/win32/win32compat/w32log.c +++ b/contrib/win32/win32compat/w32log.c @@ -30,6 +30,7 @@ #include #include #include +#include #include "inc/sys/stat.h" #include "inc\syslog.h" @@ -38,9 +39,15 @@ #define MSGBUFSIZ 1024 static int logfd = -1; +/* + * open a log file using the name of executable under logs folder + * Ex. if called from c:\windows\system32\openssh\sshd.exe + * logfile - c:\windows\system32\openssh\logs\sshd.log + */ void openlog(char *ident, unsigned int option, int facility) { + wchar_t *logs_dir = L"\\logs\\"; if (logfd != -1 || ident == NULL) return; @@ -50,6 +57,9 @@ openlog(char *ident, unsigned int option, int facility) path[PATH_MAX - 1] = '\0'; + if (wcsnlen(path, MAX_PATH) > MAX_PATH - wcslen(logs_dir) ) + return; + /* split path root and module */ { wchar_t* tail = path + wcslen(path), *p; @@ -58,14 +68,15 @@ openlog(char *ident, unsigned int option, int facility) memcpy(log_file, path, (tail - path) * sizeof(wchar_t)); p = log_file + (tail - path); - memcpy(p, L"\\logs\\", 12); + memcpy(p, logs_dir, wcslen(logs_dir) * sizeof(wchar_t)); p += 6; memcpy(p, tail + 1, (wcslen(tail + 1) - 3) * sizeof(wchar_t)); p += wcslen(tail + 1) - 3; memcpy(p, L"log\0", 8); } - - logfd = _wopen(log_file, O_WRONLY | O_CREAT | O_APPEND, S_IREAD | S_IWRITE); + + errno_t err = _wsopen_s(&logfd, log_file, O_WRONLY | O_CREAT | O_APPEND, SH_DENYNO, S_IREAD | S_IWRITE); + if (logfd != -1) SetHandleInformation((HANDLE)_get_osfhandle(logfd), HANDLE_FLAG_INHERIT, 0); } @@ -81,13 +92,16 @@ syslog(int priority, const char *format, const char *formatBuffer) { char msgbufTimestamp[MSGBUFSIZ]; SYSTEMTIME st; + int r; if (logfd == -1) return; GetLocalTime(&st); - snprintf(msgbufTimestamp, sizeof msgbufTimestamp, "%d %02d:%02d:%02d %03d %s\n", + r = snprintf(msgbufTimestamp, sizeof(msgbufTimestamp), "%d %02d:%02d:%02d:%03d %s\n", GetCurrentProcessId(), st.wHour, st.wMinute, st.wSecond, st.wMilliseconds, formatBuffer); - _write(logfd, msgbufTimestamp, strlen(msgbufTimestamp)); + msgbufTimestamp[sizeof(msgbufTimestamp) - 1] = '\0'; + if (r > 0 && r < sizeof(msgbufTimestamp)) + _write(logfd, msgbufTimestamp, (unsigned int)strlen(msgbufTimestamp)); } \ No newline at end of file diff --git a/contrib/win32/win32compat/win32_dirent.c b/contrib/win32/win32compat/win32_dirent.c index 5fc286fa..c6488f02 100644 --- a/contrib/win32/win32compat/win32_dirent.c +++ b/contrib/win32/win32compat/win32_dirent.c @@ -100,7 +100,6 @@ opendir(const char *name) DIR *pdir; wchar_t searchstr[PATH_MAX]; wchar_t* wname = NULL; - int needed; size_t len; /* Detect root dir */ @@ -250,7 +249,7 @@ readdir(void *avp) return NULL; } - strncpy(pdirentry.d_name, tmp, sizeof(pdirentry.d_name)); + strncpy_s(pdirentry.d_name, PATH_MAX, tmp, strlen(tmp) + 1); free(tmp); pdirentry.d_ino = 1; /* a fictious one like UNIX to say it is nonzero */ diff --git a/contrib/win32/win32compat/wmain_common.c b/contrib/win32/win32compat/wmain_common.c index fb6ca8f1..585442dd 100644 --- a/contrib/win32/win32compat/wmain_common.c +++ b/contrib/win32/win32compat/wmain_common.c @@ -39,14 +39,15 @@ main(int, char **); int wmain(int argc, wchar_t **wargv) { - char** argv = NULL; - int i,r; + char** argv = NULL; + int i,r; - if (argc) { - if ((argv = malloc(argc * sizeof(char*))) == NULL) - fatal("out of memory"); - for (i = 0; i < argc; i++) - argv[i] = utf16_to_utf8(wargv[i]); + if (argc) { + if ((argv = malloc(argc * sizeof(char*))) == NULL) + fatal("out of memory"); + for (i = 0; i < argc; i++) + if ((argv[i] = utf16_to_utf8(wargv[i])) == NULL) + fatal("out of memory"); } if (getenv("SSH_AUTH_SOCK") == NULL) diff --git a/dispatch.c b/dispatch.c index 7ef9a38c..0b3ea614 100644 --- a/dispatch.c +++ b/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.29 2017/04/30 23:28:42 djm Exp $ */ +/* $OpenBSD: dispatch.c,v 1.31 2017/05/31 07:00:13 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -38,9 +38,8 @@ #include "ssherr.h" int -dispatch_protocol_error(int type, u_int32_t seq, void *ctx) +dispatch_protocol_error(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ int r; logit("dispatch_protocol_error: type %d seq %u", type, seq); @@ -53,7 +52,7 @@ dispatch_protocol_error(int type, u_int32_t seq, void *ctx) } int -dispatch_protocol_ignore(int type, u_int32_t seq, void *ssh) +dispatch_protocol_ignore(int type, u_int32_t seq, struct ssh *ssh) { logit("dispatch_protocol_ignore: type %d seq %u", type, seq); return 0; @@ -86,8 +85,7 @@ ssh_dispatch_set(struct ssh *ssh, int type, dispatch_fn *fn) } int -ssh_dispatch_run(struct ssh *ssh, int mode, volatile sig_atomic_t *done, - void *ctxt) +ssh_dispatch_run(struct ssh *ssh, int mode, volatile sig_atomic_t *done) { int r; u_char type; @@ -112,8 +110,7 @@ ssh_dispatch_run(struct ssh *ssh, int mode, volatile sig_atomic_t *done, ssh->dispatch_skip_packets--; continue; } - /* XXX 'ssh' will replace 'ctxt' later */ - r = (*ssh->dispatch[type])(type, seqnr, ctxt); + r = (*ssh->dispatch[type])(type, seqnr, ssh); if (r != 0) return r; } else { @@ -129,11 +126,10 @@ ssh_dispatch_run(struct ssh *ssh, int mode, volatile sig_atomic_t *done, } void -ssh_dispatch_run_fatal(struct ssh *ssh, int mode, volatile sig_atomic_t *done, - void *ctxt) +ssh_dispatch_run_fatal(struct ssh *ssh, int mode, volatile sig_atomic_t *done) { int r; - if ((r = ssh_dispatch_run(ssh, mode, done, ctxt)) != 0) + if ((r = ssh_dispatch_run(ssh, mode, done)) != 0) sshpkt_fatal(ssh, __func__, r); } diff --git a/dispatch.h b/dispatch.h index cd51dbc0..17a6f3db 100644 --- a/dispatch.h +++ b/dispatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.h,v 1.12 2015/01/19 20:07:45 markus Exp $ */ +/* $OpenBSD: dispatch.h,v 1.14 2017/05/31 07:00:13 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -36,15 +36,15 @@ enum { struct ssh; -typedef int dispatch_fn(int, u_int32_t, void *); +typedef int dispatch_fn(int, u_int32_t, struct ssh *); -int dispatch_protocol_error(int, u_int32_t, void *); -int dispatch_protocol_ignore(int, u_int32_t, void *); +int dispatch_protocol_error(int, u_int32_t, struct ssh *); +int dispatch_protocol_ignore(int, u_int32_t, struct ssh *); void ssh_dispatch_init(struct ssh *, dispatch_fn *); void ssh_dispatch_set(struct ssh *, int, dispatch_fn *); void ssh_dispatch_range(struct ssh *, u_int, u_int, dispatch_fn *); -int ssh_dispatch_run(struct ssh *, int, volatile sig_atomic_t *, void *); -void ssh_dispatch_run_fatal(struct ssh *, int, volatile sig_atomic_t *, void *); +int ssh_dispatch_run(struct ssh *, int, volatile sig_atomic_t *); +void ssh_dispatch_run_fatal(struct ssh *, int, volatile sig_atomic_t *); #define dispatch_init(dflt) \ ssh_dispatch_init(active_state, (dflt)) @@ -52,7 +52,5 @@ void ssh_dispatch_run_fatal(struct ssh *, int, volatile sig_atomic_t *, void *); ssh_dispatch_range(active_state, (from), (to), (fn)) #define dispatch_set(type, fn) \ ssh_dispatch_set(active_state, (type), (fn)) -#define dispatch_run(mode, done, ctxt) \ - ssh_dispatch_run_fatal(active_state, (mode), (done), (ctxt)) #endif diff --git a/groupaccess.c b/groupaccess.c index 71ea9dfa..1f6180c7 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -35,6 +35,7 @@ #include #ifdef WINDOWS #include +#include #endif #include "xmalloc.h" @@ -53,6 +54,7 @@ int ga_init(const char *user, gid_t base) { #ifdef WINDOWS +#pragma warning(push, 3) LPLOCALGROUP_USERS_INFO_0 local_groups_info = NULL, tmp_groups_info; wchar_t *user_utf16 = NULL, *full_name_utf16 = NULL, *udom_utf16 = NULL, *tmp; char *group_utf8 = NULL; @@ -68,7 +70,7 @@ ga_init(const char *user, gid_t base) goto done; } - full_name_len = wcslen(user_utf16) + 1; + full_name_len = (DWORD)wcslen(user_utf16) + 1; if ((full_name_utf16 = malloc(full_name_len * sizeof(wchar_t))) == NULL) { errno = ENOMEM; goto done; @@ -77,7 +79,7 @@ ga_init(const char *user, gid_t base) if ((tmp = wcschr(user_utf16, L'@')) != NULL) { udom_utf16 = tmp + 1; *tmp = L'\0'; - index = wcslen(udom_utf16) + 1; + index = (DWORD)wcslen(udom_utf16) + 1; wmemcpy(full_name_utf16, udom_utf16, index); full_name_utf16[wcslen(udom_utf16)] = L'\\'; } @@ -127,6 +129,8 @@ ga_init(const char *user, gid_t base) if (local_groups_info != NULL) NetApiBufferFree(local_groups_info); +#pragma warning(pop) + #else /* !WINDOWS */ gid_t *groups_bygid; int i, j; diff --git a/hostfile.c b/hostfile.c index 4b5483fb..6a485d1f 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -251,7 +251,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx) l->marker == MRK_NONE ? "" : (l->marker == MRK_CA ? "ca " : "revoked "), sshkey_type(l->key), l->path, l->linenum); - if ((tmp = reallocarray(hostkeys->entries, + if ((tmp = recallocarray(hostkeys->entries, hostkeys->num_entries, hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL) return SSH_ERR_ALLOC_FAIL; hostkeys->entries = tmp; diff --git a/kex.c b/kex.c index 9a40759c..cf44fbc0 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.132 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.133 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -56,7 +56,7 @@ /* prototype */ static int kex_choose_conf(struct ssh *); -static int kex_input_newkeys(int, u_int32_t, void *); +static int kex_input_newkeys(int, u_int32_t, struct ssh *); static const char *proposal_names[PROPOSAL_MAX] = { "KEX algorithms", @@ -315,9 +315,8 @@ kex_prop_free(char **proposal) /* ARGSUSED */ static int -kex_protocol_error(int type, u_int32_t seq, void *ctxt) +kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ int r; error("kex protocol error: type %d seq %u", type, seq); @@ -375,9 +374,8 @@ kex_send_newkeys(struct ssh *ssh) } int -kex_input_ext_info(int type, u_int32_t seq, void *ctxt) +kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; u_int32_t i, ninfo; char *name, *val, *found; @@ -414,9 +412,8 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt) } static int -kex_input_newkeys(int type, u_int32_t seq, void *ctxt) +kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; int r; @@ -467,9 +464,8 @@ kex_send_kexinit(struct ssh *ssh) /* ARGSUSED */ int -kex_input_kexinit(int type, u_int32_t seq, void *ctxt) +kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; const u_char *ptr; u_int i; diff --git a/kex.h b/kex.h index 13b22351..01bb3986 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.82 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: kex.h,v 1.83 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -181,8 +181,8 @@ int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); void kex_prop_free(char **); int kex_send_kexinit(struct ssh *); -int kex_input_kexinit(int, u_int32_t, void *); -int kex_input_ext_info(int, u_int32_t, void *); +int kex_input_kexinit(int, u_int32_t, struct ssh *); +int kex_input_ext_info(int, u_int32_t, struct ssh *); int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); int kex_send_newkeys(struct ssh *); diff --git a/kexc25519c.c b/kexc25519c.c index b7ef65dc..e488013e 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.7 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.8 2017/05/31 04:17:12 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -44,7 +44,7 @@ #include "ssherr.h" static int -input_kex_c25519_reply(int type, u_int32_t seq, void *ctxt); +input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh); int kexc25519_client(struct ssh *ssh) @@ -69,9 +69,8 @@ kexc25519_client(struct ssh *ssh) } static int -input_kex_c25519_reply(int type, u_int32_t seq, void *ctxt) +input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; struct sshkey *server_host_key = NULL; struct sshbuf *shared_secret = NULL; diff --git a/kexc25519s.c b/kexc25519s.c index 4e77622b..0a008d44 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -41,7 +41,7 @@ #include "sshbuf.h" #include "ssherr.h" -static int input_kex_c25519_init(int, u_int32_t, void *); +static int input_kex_c25519_init(int, u_int32_t, struct ssh *); int kexc25519_server(struct ssh *ssh) @@ -52,9 +52,8 @@ kexc25519_server(struct ssh *ssh) } static int -input_kex_c25519_init(int type, u_int32_t seq, void *ctxt) +input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; struct sshkey *server_host_private, *server_host_public; struct sshbuf *shared_secret = NULL; diff --git a/kexdhc.c b/kexdhc.c index ad3975f0..9864ee2e 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.20 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -49,7 +49,7 @@ #include "ssherr.h" #include "sshbuf.h" -static int input_kex_dh(int, u_int32_t, void *); +static int input_kex_dh(int, u_int32_t, struct ssh *); int kexdh_client(struct ssh *ssh) @@ -100,9 +100,8 @@ kexdh_client(struct ssh *ssh) } static int -input_kex_dh(int type, u_int32_t seq, void *ctxt) +input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; struct sshkey *server_host_key = NULL; diff --git a/kexdhs.c b/kexdhs.c index 108f6642..81ce56d7 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.25 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -49,7 +49,7 @@ #include "ssherr.h" #include "sshbuf.h" -static int input_kex_dh_init(int, u_int32_t, void *); +static int input_kex_dh_init(int, u_int32_t, struct ssh *); int kexdh_server(struct ssh *ssh) @@ -91,9 +91,8 @@ kexdh_server(struct ssh *ssh) } int -input_kex_dh_init(int type, u_int32_t seq, void *ctxt) +input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; struct sshkey *server_host_public, *server_host_private; diff --git a/kexecdhc.c b/kexecdhc.c index 90220ce8..d8a8b660 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.10 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.11 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -49,7 +49,7 @@ #include "ssherr.h" #include "sshbuf.h" -static int input_kex_ecdh_reply(int, u_int32_t, void *); +static int input_kex_ecdh_reply(int, u_int32_t, struct ssh *); int kexecdh_client(struct ssh *ssh) @@ -95,9 +95,8 @@ kexecdh_client(struct ssh *ssh) } static int -input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) +input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; const EC_GROUP *group; EC_POINT *server_public = NULL; diff --git a/kexecdhs.c b/kexecdhs.c index ccdbf70b..dc24a3af 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.15 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.16 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -47,7 +47,7 @@ #include "ssherr.h" #include "sshbuf.h" -static int input_kex_ecdh_init(int, u_int32_t, void *); +static int input_kex_ecdh_init(int, u_int32_t, struct ssh *); int kexecdh_server(struct ssh *ssh) @@ -58,9 +58,8 @@ kexecdh_server(struct ssh *ssh) } static int -input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) +input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; EC_POINT *client_public; EC_KEY *server_key = NULL; diff --git a/kexgexc.c b/kexgexc.c index b881c4e9..cd112875 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.24 2017/05/16 16:56:15 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.25 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -51,8 +51,8 @@ #include "sshbuf.h" #include "misc.h" -static int input_kex_dh_gex_group(int, u_int32_t, void *); -static int input_kex_dh_gex_reply(int, u_int32_t, void *); +static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); +static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); int kexgex_client(struct ssh *ssh) @@ -89,9 +89,8 @@ kexgex_client(struct ssh *ssh) } static int -input_kex_dh_gex_group(int type, u_int32_t seq, void *ctxt) +input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; BIGNUM *p = NULL, *g = NULL; int r, bits; @@ -143,9 +142,8 @@ input_kex_dh_gex_group(int type, u_int32_t seq, void *ctxt) } static int -input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) +input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; struct sshkey *server_host_key = NULL; diff --git a/kexgexs.c b/kexgexs.c index 44960359..c5dd0057 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.30 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.31 2017/05/30 14:23:52 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -54,8 +54,8 @@ #include "sshbuf.h" #include "misc.h" -static int input_kex_dh_gex_request(int, u_int32_t, void *); -static int input_kex_dh_gex_init(int, u_int32_t, void *); +static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *); +static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *); int kexgex_server(struct ssh *ssh) @@ -67,9 +67,8 @@ kexgex_server(struct ssh *ssh) } static int -input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) +input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; int r; u_int min = 0, max = 0, nbits = 0; @@ -120,9 +119,8 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) } static int -input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) +input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) { - struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; struct sshkey *server_host_public, *server_host_private; diff --git a/key.c b/key.c index 93f4ccb2..6e338c49 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */ +/* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */ /* * placed in the public domain */ @@ -20,68 +20,6 @@ #include "log.h" #include "authfile.h" -void -key_add_private(Key *k) -{ - int r; - - if ((r = sshkey_add_private(k)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -Key * -key_new_private(int type) -{ - Key *ret = NULL; - - if ((ret = sshkey_new_private(type)) == NULL) - fatal("%s: failed", __func__); - return ret; -} - -int -key_read(Key *ret, char **cpp) -{ - return sshkey_read(ret, cpp) == 0 ? 1 : -1; -} - -int -key_write(const Key *key, FILE *f) -{ - return sshkey_write(key, f) == 0 ? 1 : 0; -} - -Key * -key_generate(int type, u_int bits) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_generate(type, bits, &ret)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return ret; -} - -void -key_cert_copy(const Key *from_key, Key *to_key) -{ - int r; - - if ((r = sshkey_cert_copy(from_key, to_key)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -Key * -key_from_private(const Key *k) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_from_private(k, &ret)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return ret; -} - static void fatal_on_fatal_errors(int r, const char *func, int extra_fatal) { @@ -183,19 +121,6 @@ key_demote(const Key *k) return ret; } -int -key_to_certified(Key *k) -{ - int r; - - if ((r = sshkey_to_certified(k)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - return 0; -} - int key_drop_cert(Key *k) { @@ -209,19 +134,6 @@ key_drop_cert(Key *k) return 0; } -int -key_certify(Key *k, Key *ca) -{ - int r; - - if ((r = sshkey_certify(k, ca, NULL)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - return 0; -} - int key_cert_check_authority(const Key *k, int want_host, int require_principal, const char *name, const char **reason) @@ -237,88 +149,8 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal, return 0; } -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) -int -key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) -{ - int r; - - if ((r = sshkey_ec_validate_public(group, public)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - return 0; -} - -int -key_ec_validate_private(const EC_KEY *key) -{ - int r; - - if ((r = sshkey_ec_validate_private(key)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - return 0; -} -#endif /* WITH_OPENSSL */ - -void -key_private_serialize(const Key *key, struct sshbuf *b) -{ - int r; - - if ((r = sshkey_private_serialize(key, b)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} - -Key * -key_private_deserialize(struct sshbuf *blob) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_private_deserialize(blob, &ret)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; -} - /* authfile.c */ -int -key_save_private(Key *key, const char *filename, const char *passphrase, - const char *comment, int force_new_format, const char *new_format_cipher, - int new_format_rounds) -{ - int r; - - if ((r = sshkey_save_private(key, filename, passphrase, comment, - force_new_format, new_format_cipher, new_format_rounds)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - error("%s: %s", __func__, ssh_err(r)); - return 0; - } - return 1; -} - -int -key_load_file(int fd, const char *filename, struct sshbuf *blob) -{ - int r; - - if ((r = sshkey_load_file(fd, blob)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - error("%s: %s", __func__, ssh_err(r)); - return 0; - } - return 1; -} - Key * key_load_cert(const char *filename) { @@ -417,10 +249,3 @@ key_load_private_type(int type, const char *filename, const char *passphrase, } return ret; } - -int -key_perm_ok(int fd, const char *filename) -{ - return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0; -} - diff --git a/key.h b/key.h index 2e501a9f..a14f3703 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: key.h,v 1.51 2017/05/30 14:16:41 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -35,51 +35,24 @@ typedef struct sshkey Key; #define fp_rep sshkey_fp_rep #ifndef SSH_KEY_NO_DEFINE -#define key_new sshkey_new #define key_free sshkey_free #define key_equal_public sshkey_equal_public #define key_equal sshkey_equal #define key_type sshkey_type -#define key_cert_type sshkey_cert_type #define key_ssh_name sshkey_ssh_name #define key_ssh_name_plain sshkey_ssh_name_plain #define key_type_from_name sshkey_type_from_name -#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name -#define key_type_is_cert sshkey_type_is_cert -#define key_size sshkey_size -#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid -#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid #define key_is_cert sshkey_is_cert #define key_type_plain sshkey_type_plain -#define key_curve_name_to_nid sshkey_curve_name_to_nid -#define key_curve_nid_to_bits sshkey_curve_nid_to_bits -#define key_curve_nid_to_name sshkey_curve_nid_to_name -#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg -#define key_dump_ec_point sshkey_dump_ec_point -#define key_dump_ec_key sshkey_dump_ec_key #endif -void key_add_private(Key *); -Key *key_new_private(int); void key_free(Key *); Key *key_demote(const Key *); -int key_write(const Key *, FILE *); -int key_read(Key *, char **); -Key *key_generate(int, u_int); -Key *key_from_private(const Key *); -int key_to_certified(Key *); int key_drop_cert(Key *); -int key_certify(Key *, Key *); -void key_cert_copy(const Key *, Key *); int key_cert_check_authority(const Key *, int, int, const char *, const char **); -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) -int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); -int key_ec_validate_private(const EC_KEY *); -#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ - Key *key_from_blob(const u_char *, u_int); int key_to_blob(const Key *, u_char **, u_int *); @@ -87,18 +60,11 @@ int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int, const char *); int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -void key_private_serialize(const Key *, struct sshbuf *); -Key *key_private_deserialize(struct sshbuf *); - /* authfile.c */ -int key_save_private(Key *, const char *, const char *, const char *, - int, const char *, int); -int key_load_file(int, const char *, struct sshbuf *); Key *key_load_cert(const char *); Key *key_load_public(const char *, char **); Key *key_load_private(const char *, const char *, char **); Key *key_load_private_cert(int, const char *, const char *, int *); Key *key_load_private_type(int, const char *, const char *, char **, int *); -int key_perm_ok(int, const char *); #endif diff --git a/krl.c b/krl.c index 3f28178b..086fc20e 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */ +/* $OpenBSD: krl.c,v 1.40 2017/05/31 09:15:42 deraadt Exp $ */ #include "includes.h" @@ -1026,7 +1026,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, } } /* Record keys used to sign the KRL */ - tmp_ca_used = reallocarray(ca_used, nca_used + 1, + tmp_ca_used = recallocarray(ca_used, nca_used, nca_used + 1, sizeof(*ca_used)); if (tmp_ca_used == NULL) { r = SSH_ERR_ALLOC_FAIL; diff --git a/misc.c b/misc.c index 70bf5173..83da0011 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.110 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -554,7 +554,7 @@ addargs(arglist *args, char *fmt, ...) } else if (args->num+2 >= nalloc) nalloc *= 2; - args->list = xreallocarray(args->list, nalloc, sizeof(char *)); + args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); args->nalloc = nalloc; args->list[args->num++] = cp; args->list[args->num] = NULL; diff --git a/monitor.c b/monitor.c index 96d22b7e..8897f6a8 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.171 2017/05/31 10:04:29 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1119,7 +1119,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) int mm_answer_keyallowed(int sock, Buffer *m) { - Key *key; + struct sshkey *key; char *cuser, *chost; u_char *blob; u_int bloblen, pubkey_auth_attempt; @@ -1330,25 +1330,25 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, } int -mm_answer_keyverify(int sock, Buffer *m) +mm_answer_keyverify(int sock, struct sshbuf *m) { - Key *key; + struct sshkey *key; u_char *signature, *data, *blob; - u_int signaturelen, datalen, bloblen; - int verified = 0; - int valid_data = 0; + size_t signaturelen, datalen, bloblen; + int r, ret, valid_data = 0, encoded_ret; - blob = buffer_get_string(m, &bloblen); - signature = buffer_get_string(m, &signaturelen); - data = buffer_get_string(m, &datalen); + if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || + (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || + (r = sshbuf_get_string(m, &data, &datalen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (hostbased_cuser == NULL || hostbased_chost == NULL || !monitor_allowed_key(blob, bloblen)) fatal("%s: bad key, not previously allowed", __func__); - key = key_from_blob(blob, bloblen); - if (key == NULL) - fatal("%s: bad public key blob", __func__); + /* XXX use sshkey_froms here; need to change key_blob, etc. */ + if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0) + fatal("%s: bad public key blob: %s", __func__, ssh_err(r)); switch (key_blobtype) { case MM_USERKEY: @@ -1365,15 +1365,16 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); - verified = key_verify(key, signature, signaturelen, data, datalen); + ret = sshkey_verify(key, signature, signaturelen, data, datalen, + active_state->compat); debug3("%s: key %p signature %s", - __func__, key, (verified == 1) ? "verified" : "unverified"); + __func__, key, (ret == 0) ? "verified" : "unverified"); /* If auth was successful then record key to ensure it isn't reused */ - if (verified == 1 && key_blobtype == MM_USERKEY) + if (ret == 0 && key_blobtype == MM_USERKEY) auth2_record_userkey(authctxt, key); else - key_free(key); + sshkey_free(key); free(blob); free(signature); @@ -1383,11 +1384,15 @@ mm_answer_keyverify(int sock, Buffer *m) monitor_reset_key_state(); - buffer_clear(m); - buffer_put_int(m, verified); + sshbuf_reset(m); + + /* encode ret != 0 as positive integer, since we're sending u32 */ + encoded_ret = (ret != 0); + if ((r = sshbuf_put_u32(m, encoded_ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified == 1); + return ret == 0; } static void @@ -1578,6 +1583,17 @@ mm_answer_audit_command(int socket, Buffer *m) } #endif /* SSH_AUDIT_EVENTS */ +void +monitor_clear_keystate(struct monitor *pmonitor) +{ + struct ssh *ssh = active_state; /* XXX */ + + ssh_clear_newkeys(ssh, MODE_IN); + ssh_clear_newkeys(ssh, MODE_OUT); + sshbuf_free(child_state); + child_state = NULL; +} + void monitor_apply_keystate(struct monitor *pmonitor) { @@ -1639,9 +1655,18 @@ static void monitor_openfds(struct monitor *mon, int do_logfds) { int pair[2]; +#ifdef SO_ZEROIZE + int on = 1; +#endif if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair: %s", __func__, strerror(errno)); +#ifdef SO_ZEROIZE + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); + if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); +#endif FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); mon->m_recvfd = pair[0]; diff --git a/monitor_wrap.c b/monitor_wrap.c index f2eec5a7..25f3e967 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.90 2017/05/17 01:24:17 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.92 2017/05/30 14:10:53 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -216,7 +216,7 @@ mm_choose_dh(int min, int nbits, int max) #endif int -mm_key_sign(Key *key, u_char **sigp, u_int *lenp, +mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen, const char *hostkey_alg) { struct kex *kex = *pmonitor->m_pkex; @@ -375,7 +375,8 @@ mm_auth_password(Authctxt *authctxt, char *password) } int -mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) +mm_user_key_allowed(struct passwd *pw, struct sshkey *key, + int pubkey_auth_attempt) { return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, pubkey_auth_attempt)); @@ -383,14 +384,14 @@ mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) int mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, - Key *key) + struct sshkey *key) { return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); } int mm_key_allowed(enum mm_keytype type, const char *user, const char *host, - Key *key, int pubkey_auth_attempt) + struct sshkey *key, int pubkey_auth_attempt) { Buffer m; u_char *blob; @@ -435,12 +436,13 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, */ int -mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) +mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, + const u_char *data, size_t datalen, u_int compat) { Buffer m; u_char *blob; u_int len; - int verified = 0; + u_int encoded_ret = 0; debug3("%s entering", __func__); @@ -459,11 +461,13 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); - verified = buffer_get_int(&m); + encoded_ret = buffer_get_int(&m); buffer_free(&m); - return (verified); + if (encoded_ret != 0) + return SSH_ERR_SIGNATURE_INVALID; + return 0; } void diff --git a/monitor_wrap.h b/monitor_wrap.h index db5902f5..9e032d20 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.32 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.35 2017/05/31 08:09:45 markus Exp $ */ /* * Copyright 2002 Niels Provos @@ -34,22 +34,24 @@ extern int use_privsep; enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; struct monitor; -struct mm_master; struct Authctxt; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); -int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); +int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int, + const char *); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); -int mm_key_allowed(enum mm_keytype, const char *, const char *, Key *, int); -int mm_user_key_allowed(struct passwd *, Key *, int); +int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, + int); +int mm_user_key_allowed(struct passwd *, struct sshkey *, int); int mm_hostbased_key_allowed(struct passwd *, const char *, - const char *, Key *); -int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); + const char *, struct sshkey *); +int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, + const u_char *, size_t, u_int); #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); @@ -83,6 +85,7 @@ void mm_session_pty_cleanup2(struct Session *); struct newkeys *mm_newkeys_from_blob(u_char *, int); int mm_newkeys_to_blob(int, u_char **, u_int *); +void monitor_clear_keystate(struct monitor *); void monitor_apply_keystate(struct monitor *); void mm_get_keystate(struct monitor *); void mm_send_keystate(struct monitor*); diff --git a/opacket.h b/opacket.h index 46d31f80..c49d0c04 100644 --- a/opacket.h +++ b/opacket.h @@ -149,5 +149,7 @@ void packet_disconnect(const char *, ...) ssh_packet_set_mux(active_state) #define packet_get_mux() \ ssh_packet_get_mux(active_state) +#define packet_clear_keys() \ + ssh_packet_clear_keys(active_state) #endif /* _OPACKET_H */ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index d51eacf6..b5088c47 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -16,9 +16,9 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o +OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o diff --git a/openbsd-compat/bsd-getpagesize.c b/openbsd-compat/bsd-getpagesize.c new file mode 100644 index 00000000..9daddfbd --- /dev/null +++ b/openbsd-compat/bsd-getpagesize.c @@ -0,0 +1,23 @@ +/* Placed in the public domain */ + +#ifndef HAVE_GETPAGESIZE + +#include +#include + +int +getpagesize(void) +{ +#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + long r = sysconf(_SC_PAGESIZE); + if (r > 0 && r < INT_MAX) + return (int)r; +#endif + /* + * This is at the lower end of common values and appropriate for + * our current use of getpagesize() in recallocarray(). + */ + return 4096; +} + +#endif /* HAVE_GETPAGESIZE */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 2beb3001..58ab0859 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -60,6 +60,10 @@ int bindresvport_sa(int sd, struct sockaddr *sa); void closefrom(int); #endif +#ifndef HAVE_GETPAGESIZE +int getpagesize(void); +#endif + #ifndef HAVE_GETCWD char *getcwd(char *pt, size_t size); #endif @@ -68,6 +72,10 @@ char *getcwd(char *pt, size_t size); void *reallocarray(void *, size_t, size_t); #endif +#ifndef HAVE_RECALLOCARRAY +void *recallocarray(void *, size_t, size_t, size_t); +#endif + #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) /* * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the diff --git a/openbsd-compat/recallocarray.c b/openbsd-compat/recallocarray.c new file mode 100644 index 00000000..c281f75e --- /dev/null +++ b/openbsd-compat/recallocarray.c @@ -0,0 +1,88 @@ +/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */ +/* + * Copyright (c) 2008, 2017 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */ + +#include "includes.h" +#ifndef HAVE_RECALLOCARRAY + +#include +#include +#include +#include +#include + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) +{ + size_t oldsize, newsize; + void *newptr; + + if (ptr == NULL) + return calloc(newnmemb, size); + + if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + newnmemb > 0 && SIZE_MAX / newnmemb < size) { + errno = ENOMEM; + return NULL; + } + newsize = newnmemb * size; + + if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { + errno = EINVAL; + return NULL; + } + oldsize = oldnmemb * size; + + /* + * Don't bother too much if we're shrinking just a bit, + * we do not shrink for series of small steps, oh well. + */ + if (newsize <= oldsize) { + size_t d = oldsize - newsize; + + if (d < oldsize / 2 && d < (size_t)getpagesize()) { + memset((char *)ptr + newsize, 0, d); + return ptr; + } + } + + newptr = malloc(newsize); + if (newptr == NULL) + return NULL; + + if (newsize > oldsize) { + memcpy(newptr, ptr, oldsize); + memset((char *)newptr + oldsize, 0, newsize - oldsize); + } else + memcpy(newptr, ptr, newsize); + + explicit_bzero(ptr, oldsize); + free(ptr); + + return newptr; +} +/* DEF_WEAK(recallocarray); */ + +#endif /* HAVE_RECALLOCARRAY */ diff --git a/packet.c b/packet.c index 46dcc5b5..7c748688 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.256 2017/05/08 06:03:39 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.260 2017/06/06 09:12:17 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -559,8 +559,8 @@ ssh_local_port(struct ssh *ssh) /* Closes the connection and clears and frees internal data structures. */ -void -ssh_packet_close(struct ssh *ssh) +static void +ssh_packet_close_internal(struct ssh *ssh, int do_close) { struct session_state *state = ssh->state; u_int mode; @@ -568,20 +568,25 @@ ssh_packet_close(struct ssh *ssh) if (!state->initialized) return; state->initialized = 0; - if (state->connection_in == state->connection_out) { - shutdown(state->connection_out, SHUT_RDWR); - close(state->connection_out); - } else { - close(state->connection_in); - close(state->connection_out); + if (do_close) { + if (state->connection_in == state->connection_out) { + close(state->connection_out); + } else { + close(state->connection_in); + close(state->connection_out); + } } sshbuf_free(state->input); sshbuf_free(state->output); sshbuf_free(state->outgoing_packet); sshbuf_free(state->incoming_packet); - for (mode = 0; mode < MODE_MAX; mode++) - kex_free_newkeys(state->newkeys[mode]); - if (state->compression_buffer) { + for (mode = 0; mode < MODE_MAX; mode++) { + kex_free_newkeys(state->newkeys[mode]); /* current keys */ + state->newkeys[mode] = NULL; + ssh_clear_newkeys(ssh, mode); /* next keys */ + } + /* comression state is in shared mem, so we can only release it once */ + if (do_close && state->compression_buffer) { sshbuf_free(state->compression_buffer); if (state->compression_out_started) { z_streamp stream = &state->compression_out_stream; @@ -595,7 +600,7 @@ ssh_packet_close(struct ssh *ssh) deflateEnd(stream); } if (state->compression_in_started) { - z_streamp stream = &state->compression_out_stream; + z_streamp stream = &state->compression_in_stream; debug("compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, @@ -609,10 +614,24 @@ ssh_packet_close(struct ssh *ssh) cipher_free(state->send_context); cipher_free(state->receive_context); state->send_context = state->receive_context = NULL; - free(ssh->remote_ipaddr); - ssh->remote_ipaddr = NULL; - free(ssh->state); - ssh->state = NULL; + if (do_close) { + free(ssh->remote_ipaddr); + ssh->remote_ipaddr = NULL; + free(ssh->state); + ssh->state = NULL; + } +} + +void +ssh_packet_close(struct ssh *ssh) +{ + ssh_packet_close_internal(ssh, 1); +} + +void +ssh_packet_clear_keys(struct ssh *ssh) +{ + ssh_packet_close_internal(ssh, 0); } /* Sets remote side protocol flags. */ @@ -791,6 +810,15 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) /* NOTREACHED */ } +void +ssh_clear_newkeys(struct ssh *ssh, int mode) +{ + if (ssh->kex && ssh->kex->newkeys[mode]) { + kex_free_newkeys(ssh->kex->newkeys[mode]); + ssh->kex->newkeys[mode] = NULL; + } +} + int ssh_set_newkeys(struct ssh *ssh, int mode) { @@ -801,45 +829,33 @@ ssh_set_newkeys(struct ssh *ssh, int mode) struct sshcipher_ctx **ccp; struct packet_state *ps; u_int64_t *max_blocks; - const char *wmsg, *dir; + const char *wmsg; int r, crypt_type; debug2("set_newkeys: mode %d", mode); if (mode == MODE_OUT) { - dir = "output"; ccp = &state->send_context; crypt_type = CIPHER_ENCRYPT; ps = &state->p_send; max_blocks = &state->max_blocks_out; } else { - dir = "input"; ccp = &state->receive_context; crypt_type = CIPHER_DECRYPT; ps = &state->p_read; max_blocks = &state->max_blocks_in; } if (state->newkeys[mode] != NULL) { - debug("%s: rekeying after %llu %s blocks" - " (%llu bytes total)", __func__, - (unsigned long long)ps->blocks, dir, - (unsigned long long)ps->bytes); + debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " + "output %llu bytes %llu blocks", + (unsigned long long)state->p_read.bytes, + (unsigned long long)state->p_read.blocks, + (unsigned long long)state->p_send.bytes, + (unsigned long long)state->p_send.blocks); cipher_free(*ccp); *ccp = NULL; - enc = &state->newkeys[mode]->enc; - mac = &state->newkeys[mode]->mac; - comp = &state->newkeys[mode]->comp; - mac_clear(mac); - explicit_bzero(enc->iv, enc->iv_len); - explicit_bzero(enc->key, enc->key_len); - explicit_bzero(mac->key, mac->key_len); - free(enc->name); - free(enc->iv); - free(enc->key); - free(mac->name); - free(mac->key); - free(comp->name); - free(state->newkeys[mode]); + kex_free_newkeys(state->newkeys[mode]); + state->newkeys[mode] = NULL; } /* note that both bytes and the seqnr are not reset */ ps->packets = ps->blocks = 0; @@ -1784,15 +1800,20 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) switch (r) { case SSH_ERR_CONN_CLOSED: + ssh_packet_clear_keys(ssh); logdie("Connection closed by %s", remote_id); case SSH_ERR_CONN_TIMEOUT: + ssh_packet_clear_keys(ssh); logdie("Connection %s %s timed out", ssh->state->server_side ? "from" : "to", remote_id); case SSH_ERR_DISCONNECTED: + ssh_packet_clear_keys(ssh); logdie("Disconnected from %s", remote_id); case SSH_ERR_SYSTEM_ERROR: - if (errno == ECONNRESET) + if (errno == ECONNRESET) { + ssh_packet_clear_keys(ssh); logdie("Connection reset by %s", remote_id); + } /* FALLTHROUGH */ case SSH_ERR_NO_CIPHER_ALG_MATCH: case SSH_ERR_NO_MAC_ALG_MATCH: @@ -1800,12 +1821,14 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) case SSH_ERR_NO_KEX_ALG_MATCH: case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { + ssh_packet_clear_keys(ssh); logdie("Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice); } /* FALLTHROUGH */ default: + ssh_packet_clear_keys(ssh); logdie("%s%sConnection %s %s: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", ssh->state->server_side ? "from" : "to", diff --git a/packet.h b/packet.h index b82f45a7..6ce6dd56 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.79 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: packet.h,v 1.81 2017/05/31 08:09:45 markus Exp $ */ /* * Author: Tatu Ylonen @@ -77,6 +77,9 @@ struct ssh { TAILQ_HEAD(, key_entry) private_keys; TAILQ_HEAD(, key_entry) public_keys; + /* Client/Server authentication context */ + void *authctxt; + /* APP data */ void *app_data; }; @@ -94,6 +97,8 @@ int ssh_packet_get_connection_in(struct ssh *); int ssh_packet_get_connection_out(struct ssh *); void ssh_packet_close(struct ssh *); void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); +void ssh_packet_clear_keys(struct ssh *); +void ssh_clear_newkeys(struct ssh *, int); int ssh_packet_is_rekeying(struct ssh *); void ssh_packet_set_protocol_flags(struct ssh *, u_int); diff --git a/readconf.c b/readconf.c index 4baee2ee..6375602c 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.275 2017/04/30 23:18:22 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.277 2017/05/30 18:58:37 bluhm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -164,7 +164,8 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, - oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, + oTunnel, oTunnelDevice, + oLocalCommand, oPermitLocalCommand, oRemoteCommand, oVisualHostKey, oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, @@ -285,6 +286,7 @@ static struct { { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, + { "remotecommand", oRemoteCommand }, { "visualhostkey", oVisualHostKey }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, @@ -439,8 +441,8 @@ add_identity_file(Options *options, const char *dir, const char *filename, if (dir == NULL) /* no dir, filename is absolute */ path = xstrdup(filename); - else - (void)xasprintf(&path, "%.100s%.100s", dir, filename); + else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX) + fatal("Identity file path %s too long", path); /* Avoid registering duplicates */ for (i = 0; i < options->num_identity_files; i++) { @@ -1446,6 +1448,10 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, intptr = &options->permit_local_command; goto parse_flag; + case oRemoteCommand: + charptr = &options->remote_command; + goto parse_command; + case oVisualHostKey: intptr = &options->visual_host_key; goto parse_flag; @@ -1845,6 +1851,7 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; + options->remote_command = NULL; options->add_keys_to_agent = -1; options->identity_agent = NULL; options->visual_host_key = -1; @@ -2049,6 +2056,7 @@ fill_default_options(Options * options) } \ } while(0) CLEAR_ON_NONE(options->local_command); + CLEAR_ON_NONE(options->remote_command); CLEAR_ON_NONE(options->proxy_command); CLEAR_ON_NONE(options->control_path); CLEAR_ON_NONE(options->revoked_host_keys); @@ -2526,6 +2534,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); dump_cfg_string(oLocalCommand, o->local_command); + dump_cfg_string(oRemoteCommand, o->remote_command); dump_cfg_string(oLogLevel, log_level_name(o->log_level)); dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); #ifdef ENABLE_PKCS11 diff --git a/readconf.h b/readconf.h index f47f5340..94dd427f 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.121 2017/04/30 23:18:22 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.122 2017/05/30 18:58:37 bluhm Exp $ */ /* * Author: Tatu Ylonen @@ -134,6 +134,7 @@ typedef struct { char *local_command; int permit_local_command; + char *remote_command; int visual_host_key; int request_tty; diff --git a/regress/pesterTests/Hostkey_fileperm.Tests.ps1 b/regress/pesterTests/Hostkey_fileperm.Tests.ps1 index 04b77450..365bb20c 100644 --- a/regress/pesterTests/Hostkey_fileperm.Tests.ps1 +++ b/regress/pesterTests/Hostkey_fileperm.Tests.ps1 @@ -69,7 +69,7 @@ Describe "Tests for host keys file permission" -Tags "CI" { #Run Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-h $hostKeyFilePath", "-E $logPath") -NoNewWindow - Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 1; Stop-Process $_; Start-sleep 1 } } + Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 2; Stop-Process $_; Start-sleep 1 } } #validate file content does not contain unprotected info. $logPath | Should Not Contain "UNPROTECTED PRIVATE KEY FILE!" @@ -86,7 +86,7 @@ Describe "Tests for host keys file permission" -Tags "CI" { #Run Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-h $hostKeyFilePath", "-E $logPath") -NoNewWindow - Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 1; Stop-Process $_; Start-sleep 2 } } + Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 2; Stop-Process $_; Start-sleep 1 } } #validate file content does not contain unprotected info. $logPath | Should Not Contain "UNPROTECTED PRIVATE KEY FILE!" @@ -101,7 +101,7 @@ Describe "Tests for host keys file permission" -Tags "CI" { #Run Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-h $hostKeyFilePath", "-E $logPath") -NoNewWindow - Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 1; Stop-Process $_; Start-sleep 1 } } + Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 2; Stop-Process $_; Start-sleep 1 } } #validate file content does not contain unprotected info. @@ -119,7 +119,7 @@ Describe "Tests for host keys file permission" -Tags "CI" { #Run Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-h $hostKeyFilePath", "-E $logPath") -NoNewWindow - Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 1; Stop-Process $_; Start-sleep 1 } } + Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 2; Stop-Process $_; Start-sleep 1 } } #validate file content contains unprotected info. $logPath | Should Contain "key_load_private: bad permissions" @@ -137,7 +137,7 @@ Describe "Tests for host keys file permission" -Tags "CI" { #Run Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-h $hostKeyFilePath", "-E $logPath") -NoNewWindow - Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 1; Stop-Process $_; Start-sleep 1 } } + Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 2; Stop-Process $_; Start-sleep 1 } } #validate file content contains unprotected info. $logPath | Should Contain "key_load_private: bad permissions" @@ -152,7 +152,7 @@ Describe "Tests for host keys file permission" -Tags "CI" { #Run Start-Process -FilePath sshd.exe -WorkingDirectory $($OpenSSHTestInfo['OpenSSHBinPath']) -ArgumentList @("-d", "-p $port", "-h $hostKeyFilePath", "-E $logPath") -NoNewWindow - Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 1; Stop-Process $_; Start-sleep 1 } } + Get-Process -Name sshd | % { if($_.SI -ne 0) { Start-sleep 2; Stop-Process $_; Start-sleep 1 } } #validate file content contains unprotected info. $logPath | Should Contain "key_load_public: Permission denied" diff --git a/regress/proto-version.sh b/regress/proto-version.sh index 5faeb758..1f33b1f0 100644 --- a/regress/proto-version.sh +++ b/regress/proto-version.sh @@ -1,4 +1,4 @@ -# $OpenBSD: proto-version.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: proto-version.sh,v 1.7 2017/06/07 01:48:15 djm Exp $ # Placed in the Public Domain. tid="sshd version with different protocol combinations" @@ -6,7 +6,7 @@ tid="sshd version with different protocol combinations" # we just start sshd in inetd mode and check the banner check_version () { - expect=$2 + expect=$1 banner=`printf '' | ${SSHD} -i -f ${OBJ}/sshd_proxy` case ${banner} in SSH-1.99-*) diff --git a/scp.c b/scp.c index 158cacee..7f72ef3c 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.191 2017/05/02 08:06:33 jmc Exp $ */ +/* $OpenBSD: scp.c,v 1.192 2017/05/31 09:15:42 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1475,11 +1475,7 @@ allocbuf(BUF *bp, int fd, int blksize) #endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ if (bp->cnt >= size) return (bp); - if (bp->buf == NULL) - bp->buf = xmalloc(size); - else - bp->buf = xreallocarray(bp->buf, 1, size); - memset(bp->buf, 0, size); + bp->buf = xrecallocarray(bp->buf, bp->cnt, size, 1); bp->cnt = size; return (bp); } diff --git a/serverloop.c b/serverloop.c index 2976f559..b5eb3440 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.193 2017/05/31 07:00:13 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -323,7 +323,7 @@ process_output(fd_set *writeset, int connection_out) static void process_buffered_input_packets(void) { - dispatch_run(DISPATCH_NONBLOCK, NULL, active_state); + ssh_dispatch_run_fatal(active_state, DISPATCH_NONBLOCK, NULL); } static void @@ -417,7 +417,7 @@ server_loop2(Authctxt *authctxt) } static int -server_input_keep_alive(int type, u_int32_t seq, void *ctxt) +server_input_keep_alive(int type, u_int32_t seq, struct ssh *ssh) { debug("Got %d/%u for keepalive", type, seq); /* @@ -579,7 +579,7 @@ server_request_session(void) } static int -server_input_channel_open(int type, u_int32_t seq, void *ctxt) +server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) { Channel *c = NULL; char *ctype; @@ -703,7 +703,7 @@ server_input_hostkeys_prove(struct sshbuf **respp) } static int -server_input_global_request(int type, u_int32_t seq, void *ctxt) +server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) { char *rtype; int want_reply; @@ -810,7 +810,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) } static int -server_input_channel_req(int type, u_int32_t seq, void *ctxt) +server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) { Channel *c; int id, reply, success = 0; diff --git a/session.c b/session.c index 0e830ef2..67720e79 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.286 2016/11/30 03:00:05 djm Exp $ */ +/* $OpenBSD: session.c,v 1.288 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -367,11 +367,18 @@ int register_child(void* child, unsigned long pid); int do_exec_windows(Session *s, const char *command, int pty) { int pipein[2], pipeout[2], pipeerr[2], r; - char *exec_command = NULL, *progdir = w32_programdir(); + char *exec_command = NULL, *progdir = w32_programdir(), *cmd = NULL, *shell_host = NULL, *command_b64 = NULL; wchar_t *exec_command_w = NULL, *pw_dir_w; + const char *sftp_exe = "sftp-server.exe", *argp = NULL; + size_t command_b64_len = 0; + PROCESS_INFORMATION pi; + STARTUPINFOW si; + BOOL create_process_ret_val; + HANDLE hToken = INVALID_HANDLE_VALUE; + extern int debug_flag; if (s->is_subsystem >= SUBSYSTEM_INT_SFTP_ERROR) { - error("sub system not supported, exiting"); + error("This service allows sftp connections only.\n"); fflush(NULL); exit(1); } @@ -383,7 +390,6 @@ int do_exec_windows(Session *s, const char *command, int pty) { if ((pw_dir_w = utf8_to_utf16(s->pw->pw_dir)) == NULL) fatal("%s: out of memory", __func__); - set_nonblock(pipein[0]); set_nonblock(pipein[1]); set_nonblock(pipeout[0]); @@ -407,12 +413,39 @@ int do_exec_windows(Session *s, const char *command, int pty) { if (command[1] == ':') /* absolute */ exec_command = xstrdup(command); else {/*relative*/ - exec_command = malloc(strlen(progdir) + 1 + strlen(command)); + const int command_len = strlen(progdir) + 1 + strlen(command) + (strlen(sftp_exe) - strlen(INTERNAL_SFTP_NAME)); + exec_command = malloc(command_len); if (exec_command == NULL) fatal("%s, out of memory", __func__); - memcpy(exec_command, progdir, strlen(progdir)); - exec_command[strlen(progdir)] = '\\'; - memcpy(exec_command + strlen(progdir) + 1, command, strlen(command) + 1); + + cmd = exec_command; + memcpy(cmd, progdir, strlen(progdir)); + cmd += strlen(progdir); + *cmd++ = '\\'; + + /* In windows, INTERNAL_SFTP is supported via sftp-server.exe. + * This is a deviation from the UNIX implementation that hosts sftp-server within sshd. + * If sftp-server were to be hosted within sshd for Windows, following would be needed + * - Impersonate client user + * - call sftp-server-main + * + * SSHD service account would need impersonate privilege to impersonate client user, + * thereby needing elevation of SSHD account privileges + * Apart from slight performance gain (by hosting sftp in process), there isn't a clear + * gain with this option over using and spawning sftp-server.exe. + * Hence going with the later option. + */ + if(IS_INTERNAL_SFTP(command)) { + memcpy(cmd, sftp_exe, strlen(sftp_exe) + 1); + cmd += strlen(sftp_exe); + + // copy the arguments (if any). + if(strlen(command) > strlen(INTERNAL_SFTP_NAME)) { + argp = (char*)command + strlen(INTERNAL_SFTP_NAME); + memcpy(cmd, argp, strlen(argp)+1); + } + } else + memcpy(cmd, command, strlen(command) + 1); } } else { /* @@ -420,9 +453,7 @@ int do_exec_windows(Session *s, const char *command, int pty) { * command is base64 encoded to preserve original special charecters like '"' * else they will get lost in CreateProcess translation */ - char *shell_host = pty ? "ssh-shellhost.exe " : "ssh-shellhost.exe -nopty ", *c; - char *command_b64 = NULL; - size_t command_b64_len = 0; + shell_host = pty ? "ssh-shellhost.exe " : "ssh-shellhost.exe -nopty "; if (command) { /* accomodate bas64 encoding bloat and null terminator */ command_b64_len = ((strlen(command) + 2) / 3) * 4 + 1; @@ -433,27 +464,21 @@ int do_exec_windows(Session *s, const char *command, int pty) { exec_command = malloc(strlen(progdir) + 1 + strlen(shell_host) + (command_b64 ? strlen(command_b64): 0) + 1); if (exec_command == NULL) fatal("%s, out of memory", __func__); - c = exec_command; - memcpy(c, progdir, strlen(progdir)); - c += strlen(progdir); - *c++ = '\\'; - memcpy(c, shell_host, strlen(shell_host)); - c += strlen(shell_host); + cmd = exec_command; + memcpy(cmd, progdir, strlen(progdir)); + cmd += strlen(progdir); + *cmd++ = '\\'; + memcpy(cmd, shell_host, strlen(shell_host)); + cmd += strlen(shell_host); if (command_b64) { - memcpy(c, command_b64, strlen(command_b64)); - c += strlen(command_b64); + memcpy(cmd, command_b64, strlen(command_b64)); + cmd += strlen(command_b64); } - *c = '\0'; + *cmd = '\0'; } /* start the process */ { - PROCESS_INFORMATION pi; - STARTUPINFOW si; - BOOL b; - HANDLE hToken = INVALID_HANDLE_VALUE; - extern int debug_flag; - memset(&si, 0, sizeof(STARTUPINFO)); si.cb = sizeof(STARTUPINFO); si.dwXSize = 5; @@ -478,11 +503,11 @@ int do_exec_windows(Session *s, const char *command, int pty) { /* in debug mode launch using sshd.exe user context */ if (debug_flag) - b = CreateProcessW(NULL, exec_command_w, NULL, NULL, TRUE, + create_process_ret_val = CreateProcessW(NULL, exec_command_w, NULL, NULL, TRUE, DETACHED_PROCESS, NULL, pw_dir_w, &si, &pi); else /* launch as client user context */ - b = CreateProcessAsUserW(hToken, NULL, exec_command_w, NULL, NULL, TRUE, + create_process_ret_val = CreateProcessAsUserW(hToken, NULL, exec_command_w, NULL, NULL, TRUE, DETACHED_PROCESS , NULL, pw_dir_w, &si, &pi); @@ -490,7 +515,7 @@ int do_exec_windows(Session *s, const char *command, int pty) { _putenv_s("SSH_ASYNC_STDOUT", ""); _putenv_s("SSH_ASYNC_STDERR", ""); - if (!b) + if (!create_process_ret_val) fatal("ERROR. Cannot create process (%u).\n", GetLastError()); CloseHandle(pi.hThread); @@ -1740,6 +1765,7 @@ do_child(Session *s, const char *command) /* remove hostkey from the child's memory */ destroy_sensitive_data(); + packet_clear_keys(); /* Force a password change */ if (s->authctxt->force_pwchange) { @@ -1965,8 +1991,8 @@ session_new(void) return NULL; debug2("%s: allocate (allocated %d max %d)", __func__, sessions_nalloc, options.max_sessions); - tmp = xreallocarray(sessions, sessions_nalloc + 1, - sizeof(*sessions)); + tmp = xrecallocarray(sessions, sessions_nalloc, + sessions_nalloc + 1, sizeof(*sessions)); if (tmp == NULL) { error("%s: cannot allocate %d sessions", __func__, sessions_nalloc + 1); @@ -2290,8 +2316,8 @@ session_env_req(Session *s) for (i = 0; i < options.num_accept_env; i++) { if (match_pattern(name, options.accept_env[i])) { debug2("Setting env %d: %s=%s", s->num_env, name, val); - s->env = xreallocarray(s->env, s->num_env + 1, - sizeof(*s->env)); + s->env = xrecallocarray(s->env, s->num_env, + s->num_env + 1, sizeof(*s->env)); s->env[s->num_env].name = name; s->env[s->num_env].val = val; s->num_env++; diff --git a/ssh-add.c b/ssh-add.c index a1e0d464..438c1c25 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -306,7 +306,7 @@ add_file(int agent_fd, const char *filename, int key_only) goto out; } if ((r = sshkey_cert_copy(cert, private)) != 0) { - error("%s: key_cert_copy: %s", __func__, ssh_err(r)); + error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r)); sshkey_free(cert); goto out; } diff --git a/ssh-keygen.c b/ssh-keygen.c index 74fa6370..d73f5ecc 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -493,7 +493,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) return NULL; } if ((key = sshkey_new_private(ktype)) == NULL) - fatal("key_new_private failed"); + fatal("sshkey_new_private failed"); free(type); switch (key->type) { @@ -775,7 +775,7 @@ do_print_public(struct passwd *pw) fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file); if ((r = sshkey_write(prv, stdout)) != 0) - error("key_write failed: %s", ssh_err(r)); + error("sshkey_write failed: %s", ssh_err(r)); sshkey_free(prv); fprintf(stdout, "\n"); exit(0); @@ -1024,7 +1024,7 @@ do_gen_all_hostkeys(struct passwd *pw) bits = 0; type_bits_valid(type, NULL, &bits); if ((r = sshkey_generate(type, bits, &private)) != 0) { - error("key_generate failed: %s", ssh_err(r)); + error("sshkey_generate failed: %s", ssh_err(r)); first = 0; continue; } @@ -1492,7 +1492,7 @@ do_change_comment(struct passwd *pw) explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); if ((r = sshkey_from_private(private, &public)) != 0) - fatal("key_from_private failed: %s", ssh_err(r)); + fatal("sshkey_from_private failed: %s", ssh_err(r)); sshkey_free(private); strlcat(identity_file, ".pub", sizeof(identity_file)); @@ -1680,7 +1680,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) OPTIONS_EXTENSIONS); if ((r = sshkey_from_private(ca, &public->cert->signature_key)) != 0) - fatal("key_from_private (ca key): %s", ssh_err(r)); + fatal("sshkey_from_private (ca key): %s", ssh_err(r)); if ((r = sshkey_certify(public, ca, key_type_name)) != 0) fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); @@ -1998,7 +1998,7 @@ do_show_cert(struct passwd *pw) if (*cp == '#' || *cp == '\0') continue; if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("key_new"); + fatal("sshkey_new"); if ((r = sshkey_read(key, &cp)) != 0) { error("%s:%lu: invalid key: %s", path, lnum, ssh_err(r)); @@ -2144,7 +2144,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, */ } if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("key_new"); + fatal("sshkey_new"); if ((r = sshkey_read(key, &cp)) != 0) fatal("%s:%lu: invalid key: %s", path, lnum, ssh_err(r)); @@ -2685,9 +2685,9 @@ main(int argc, char **argv) printf("Generating public/private %s key pair.\n", key_type_name); if ((r = sshkey_generate(type, bits, &private)) != 0) - fatal("key_generate failed"); + fatal("sshkey_generate failed"); if ((r = sshkey_from_private(private, &public)) != 0) - fatal("key_from_private failed: %s\n", ssh_err(r)); + fatal("sshkey_from_private failed: %s\n", ssh_err(r)); if (!have_identity) ask_filename(pw, "Enter file in which to save the key"); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index d320e4ee..0c863e47 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.113 2017/04/30 23:28:42 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.114 2017/05/31 07:00:13 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -276,7 +276,7 @@ keygrab_ssh2(con *c) * do the key-exchange until an error occurs or until * the key_print_wrapper() callback sets c_done. */ - ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done, c->c_ssh); + ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done); } static void diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index fac0167e..a79c8721 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.6 2015/12/11 00:20:04 mmcc Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.7 2017/05/30 08:52:19 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -106,7 +106,7 @@ static int pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) { - Key key; + struct sshkey key; /* XXX */ u_char *blob, *signature = NULL; u_int blen, slen = 0; int ret = -1; @@ -186,7 +186,7 @@ pkcs11_start_helper(void) int pkcs11_add_provider(char *name, char *pin, Key ***keysp) { - Key *k; + struct sshkey *k; int i, nkeys; u_char *blob; u_int blen; diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 53f41c55..fd3039c1 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.13 2017/05/30 08:52:19 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -42,7 +42,7 @@ /* borrows code from sftp-server and ssh-agent */ struct pkcs11_keyinfo { - Key *key; + struct sshkey *key; char *providername; TAILQ_ENTRY(pkcs11_keyinfo) next; }; @@ -60,7 +60,7 @@ Buffer iqueue; Buffer oqueue; static void -add_key(Key *k, char *name) +add_key(struct sshkey *k, char *name) { struct pkcs11_keyinfo *ki; @@ -87,8 +87,8 @@ del_keys_by_name(char *name) } /* lookup matching 'private' key */ -static Key * -lookup_key(Key *k) +static struct sshkey * +lookup_key(struct sshkey *k) { struct pkcs11_keyinfo *ki; @@ -114,7 +114,7 @@ static void process_add(void) { char *name, *pin; - Key **keys; + struct sshkey **keys; int i, nkeys; u_char *blob; u_int blen; @@ -170,7 +170,7 @@ process_sign(void) u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; int ok = -1; - Key *key, *found; + struct sshkey *key, *found; Buffer msg; blob = get_string(&blen); diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index aaf712d9..b37491c5 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.23 2016/10/28 03:33:52 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.25 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -537,7 +537,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, } if (rsa && rsa->n && rsa->e && pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - key = sshkey_new(KEY_UNSPEC); + if ((key = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("sshkey_new failed"); key->rsa = rsa; key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; @@ -545,8 +546,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, sshkey_free(key); } else { /* expand key array and add key */ - *keysp = xreallocarray(*keysp, *nkeys + 1, - sizeof(struct sshkey *)); + *keysp = xrecallocarray(*keysp, *nkeys, + *nkeys + 1, sizeof(struct sshkey *)); (*keysp)[*nkeys] = key; *nkeys = *nkeys + 1; debug("have %d keys", *nkeys); diff --git a/ssh.1 b/ssh.1 index 10633d92..47cd0211 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.381 2017/05/05 10:41:58 naddy Exp $ -.Dd $Mdocdate: May 5 2017 $ +.\" $OpenBSD: ssh.1,v 1.382 2017/05/30 18:58:37 bluhm Exp $ +.Dd $Mdocdate: May 30 2017 $ .Dt SSH 1 .Os .Sh NAME @@ -518,6 +518,7 @@ For full details of the options listed below, and their possible values, see .It PubkeyAcceptedKeyTypes .It PubkeyAuthentication .It RekeyLimit +.It RemoteCommand .It RemoteForward .It RequestTTY .It SendEnv diff --git a/ssh.c b/ssh.c index 3713be1d..8bb7e909 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.459 2017/05/02 08:06:33 jmc Exp $ */ +/* $OpenBSD: ssh.c,v 1.461 2017/05/30 18:58:37 bluhm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -973,12 +973,6 @@ main(int ac, char **av) } } - /* Cannot fork to background if no command. */ - if (fork_after_authentication_flag && buffer_len(&command) == 0 && - !no_shell_flag) - fatal("Cannot fork into background without a command " - "to execute."); - /* * Initialize "log" output. Since we are the client all output * goes to stderr unless otherwise specified by -y or -E. @@ -1133,6 +1127,15 @@ main(int ac, char **av) options.use_privileged_port = 0; #endif + if (buffer_len(&command) != 0 && options.remote_command != NULL) + fatal("Cannot execute command-line and remote command."); + + /* Cannot fork to background if no command. */ + if (fork_after_authentication_flag && buffer_len(&command) == 0 && + options.remote_command == NULL && !no_shell_flag) + fatal("Cannot fork into background without a command " + "to execute."); + /* reinit */ log_init(argv0, options.log_level, options.log_facility, !use_syslog); @@ -1141,7 +1144,7 @@ main(int ac, char **av) tty_flag = 1; /* Allocate a tty by default if no command specified. */ - if (buffer_len(&command) == 0) + if (buffer_len(&command) == 0 && options.remote_command == NULL) tty_flag = options.request_tty != REQUEST_TTY_NO; /* Force no tty */ @@ -1197,6 +1200,27 @@ main(int ac, char **av) free(cp); } + if (options.remote_command != NULL) { + debug3("expanding RemoteCommand: %s", options.remote_command); + cp = options.remote_command; + options.remote_command = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); + debug3("expanded RemoteCommand: %s", options.remote_command); + free(cp); + buffer_append(&command, options.remote_command, + strlen(options.remote_command)); + + } + if (options.control_path != NULL) { cp = tilde_expand_filename(options.control_path, original_real_uid); @@ -1278,7 +1302,7 @@ main(int ac, char **av) if (options.hostbased_authentication) { sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, - sizeof(Key)); + sizeof(struct sshkey)); /* XXX */ for (i = 0; i < sensitive_data.nkeys; i++) sensitive_data.keys[i] = NULL; @@ -1858,16 +1882,16 @@ load_public_identity_files(void) { char *filename, *cp, thishost[NI_MAXHOST]; char *pwdir = NULL, *pwname = NULL; - Key *public; + struct sshkey *public; struct passwd *pw; int i; u_int n_ids, n_certs; char *identity_files[SSH_MAX_IDENTITY_FILES]; - Key *identity_keys[SSH_MAX_IDENTITY_FILES]; + struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; #ifdef ENABLE_PKCS11 - Key **keys; + struct sshkey **keys; int nkeys; #endif /* PKCS11 */ diff --git a/ssh_config.5 b/ssh_config.5 index db37b92c..4277f9ea 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $ -.Dd $Mdocdate: May 7 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.250 2017/05/30 19:38:17 jmc Exp $ +.Dd $Mdocdate: May 30 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1287,6 +1287,16 @@ is .Cm default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. +.It Cm RemoteCommand +Specifies a command to execute on the remote machine after successfully +connecting to the server. +The command string extends to the end of the line, and is executed with +the user's shell. +Arguments to +.Cm RemoteCommand +accept the tokens described in the +.Sx TOKENS +section. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. @@ -1702,6 +1712,9 @@ accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. .Pp .Cm ProxyCommand accepts the tokens %%, %h, %p, and %r. +.Pp +.Cm RemoteCommand +accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/config diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 74c49be7..50648258 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.6 2016/06/16 11:00:17 dtucker Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.7 2017/06/01 04:51:58 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -365,7 +365,7 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) int sshbuf_put_cstring(struct sshbuf *buf, const char *v) { - return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v)); + return sshbuf_put_string(buf, v, v == NULL ? 0 : strlen(v)); } int diff --git a/sshbuf.c b/sshbuf.c index cbf7ed4a..de783a36 100644 --- a/sshbuf.c +++ b/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.8 2016/11/25 23:22:04 djm Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.11 2017/06/01 06:58:25 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -193,15 +193,16 @@ sshbuf_reset(struct sshbuf *buf) buf->off = buf->size; return; } - if (sshbuf_check_sanity(buf) == 0) - explicit_bzero(buf->d, buf->alloc); + (void) sshbuf_check_sanity(buf); buf->off = buf->size = 0; if (buf->alloc != SSHBUF_SIZE_INIT) { - if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) { + if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT, + 1)) != NULL) { buf->cd = buf->d = d; buf->alloc = SSHBUF_SIZE_INIT; } } + explicit_bzero(buf->d, SSHBUF_SIZE_INIT); } size_t @@ -253,9 +254,8 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) rlen = ROUNDUP(buf->size, SSHBUF_SIZE_INC); if (rlen > max_size) rlen = max_size; - explicit_bzero(buf->d + buf->size, buf->alloc - buf->size); SSHBUF_DBG(("new alloc = %zu", rlen)); - if ((dp = realloc(buf->d, rlen)) == NULL) + if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) return SSH_ERR_ALLOC_FAIL; buf->cd = buf->d = dp; buf->alloc = rlen; @@ -344,7 +344,7 @@ sshbuf_allocate(struct sshbuf *buf, size_t len) if (rlen > buf->max_size) rlen = buf->alloc + need; SSHBUF_DBG(("adjusted rlen %zu", rlen)); - if ((dp = realloc(buf->d, rlen)) == NULL) { + if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) { SSHBUF_DBG(("realloc fail")); return SSH_ERR_ALLOC_FAIL; } @@ -391,6 +391,9 @@ sshbuf_consume(struct sshbuf *buf, size_t len) if (len > sshbuf_len(buf)) return SSH_ERR_MESSAGE_INCOMPLETE; buf->off += len; + /* deal with empty buffer */ + if (buf->off == buf->size) + buf->off = buf->size = 0; SSHBUF_TELL("done"); return 0; } diff --git a/sshconnect.c b/sshconnect.c index 8da712f0..11c848a5 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.278 2017/05/01 02:27:11 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.280 2017/05/30 14:13:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -67,7 +67,7 @@ char *client_version_string = NULL; char *server_version_string = NULL; -Key *previous_host_key = NULL; +struct sshkey *previous_host_key = NULL; static int matching_host_key_dns = 0; @@ -79,8 +79,8 @@ extern char *__progname; extern uid_t original_real_uid; extern uid_t original_effective_uid; -static int show_other_keys(struct hostkeys *, Key *); -static void warn_changed_key(Key *); +static int show_other_keys(struct hostkeys *, struct sshkey *); +static void warn_changed_key(struct sshkey *); /* Expand a proxy command */ static char * @@ -687,7 +687,7 @@ confirm(const char *prompt) } static int -check_host_cert(const char *host, const Key *host_key) +check_host_cert(const char *host, const struct sshkey *host_key) { const char *reason; @@ -785,13 +785,13 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, #define ROQUIET 2 static int check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, - Key *host_key, int readonly, + struct sshkey *host_key, int readonly, char **user_hostfiles, u_int num_user_hostfiles, char **system_hostfiles, u_int num_system_hostfiles) { HostStatus host_status; HostStatus ip_status; - Key *raw_key = NULL; + struct sshkey *raw_key = NULL; char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; char msg[1024]; @@ -799,7 +799,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, const struct hostkey_entry *host_found, *ip_found; int len, cancelled_forwarding = 0; int local = sockaddr_is_local(hostaddr); - int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; + int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; int hostkey_trusted = 0; /* Known or explicitly accepted by user */ struct hostkeys *host_hostkeys, *ip_hostkeys; u_int i; @@ -850,8 +850,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, retry: /* Reload these as they may have changed on cert->key downgrade */ - want_cert = key_is_cert(host_key); - type = key_type(host_key); + want_cert = sshkey_is_cert(host_key); + type = sshkey_type(host_key); /* * Check if the host key is present in the user's list of known @@ -871,7 +871,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, if (host_status == HOST_CHANGED && (ip_status != HOST_CHANGED || (ip_found != NULL && - !key_equal(ip_found->key, host_found->key)))) + !sshkey_equal(ip_found->key, host_found->key)))) host_ip_differ = 1; } else ip_status = host_status; @@ -1068,7 +1068,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", user_hostfiles[0]); - error("Offending %s key in %s:%lu", key_type(host_found->key), + error("Offending %s key in %s:%lu", + sshkey_type(host_found->key), host_found->file, host_found->line); /* @@ -1197,14 +1198,16 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, * search normally. */ debug("No matching CA found. Retry with plain key"); - raw_key = key_from_private(host_key); - if (key_drop_cert(raw_key) != 0) - fatal("Couldn't drop certificate"); + if ((r = sshkey_from_private(host_key, &raw_key)) != 0) + fatal("%s: sshkey_from_private: %s", + __func__, ssh_err(r)); + if ((r = sshkey_drop_cert(raw_key)) != 0) + fatal("Couldn't drop certificate: %s", ssh_err(r)); host_key = raw_key; goto retry; } if (raw_key != NULL) - key_free(raw_key); + sshkey_free(raw_key); free(ip); free(host); if (host_hostkeys != NULL) @@ -1216,7 +1219,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, /* returns 0 if key verifies or -1 if key does NOT verify */ int -verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) +verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) { u_int i; int r = -1, flags = 0; @@ -1320,8 +1323,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) free(fp); free(cafp); if (r == 0 && host_key != NULL) { - key_free(previous_host_key); - previous_host_key = key_from_private(host_key); + sshkey_free(previous_host_key); + r = sshkey_from_private(host_key, &previous_host_key); } return r; @@ -1382,7 +1385,7 @@ ssh_put_password(char *password) /* print all known host keys for a given host, but skip keys of given type */ static int -show_other_keys(struct hostkeys *hostkeys, Key *key) +show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) { int type[] = { KEY_RSA, @@ -1422,7 +1425,7 @@ show_other_keys(struct hostkeys *hostkeys, Key *key) } static void -warn_changed_key(Key *host_key) +warn_changed_key(struct sshkey *host_key) { char *fp; @@ -1490,7 +1493,7 @@ ssh_local_cmd(const char *args) } void -maybe_add_key_to_agent(char *authfile, Key *private, char *comment, +maybe_add_key_to_agent(char *authfile, struct sshkey *private, char *comment, char *passphrase) { int auth_sock = -1, r; diff --git a/sshconnect.h b/sshconnect.h index cf1851a9..f4e73f7b 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.29 2015/11/15 22:26:49 jcs Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.30 2017/05/30 08:52:19 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,9 +26,9 @@ typedef struct Sensitive Sensitive; struct Sensitive { - Key **keys; - int nkeys; - int external_keysign; + struct sshkey **keys; + int nkeys; + int external_keysign; }; struct addrinfo; @@ -41,7 +41,7 @@ void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, void ssh_exchange_identification(int); -int verify_host_key(char *, struct sockaddr *, Key *); +int verify_host_key(char *, struct sockaddr *, struct sshkey *); void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, char **, char **); @@ -55,7 +55,7 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *); void ssh_put_password(char *); int ssh_local_cmd(const char *); -void maybe_add_key_to_agent(char *, Key *, char *, char *); +void maybe_add_key_to_agent(char *, struct sshkey *, char *, char *); /* * Macros to raise/lower permissions. diff --git a/sshconnect2.c b/sshconnect2.c index 819485b5..ad4f3daf 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.258 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.263 2017/05/31 07:00:13 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -93,7 +93,7 @@ char *xxx_host; struct sockaddr *xxx_hostaddr; static int -verify_host_key_callback(Key *hostkey, struct ssh *ssh) +verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) { if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) fatal("Host key verification failed."); @@ -222,7 +222,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; - dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); + ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = @@ -292,16 +292,16 @@ struct cauthmethod { int *batch_flag; /* flag in option struct that disables method */ }; -int input_userauth_service_accept(int, u_int32_t, void *); -int input_userauth_ext_info(int, u_int32_t, void *); -int input_userauth_success(int, u_int32_t, void *); -int input_userauth_success_unexpected(int, u_int32_t, void *); -int input_userauth_failure(int, u_int32_t, void *); -int input_userauth_banner(int, u_int32_t, void *); -int input_userauth_error(int, u_int32_t, void *); -int input_userauth_info_req(int, u_int32_t, void *); -int input_userauth_pk_ok(int, u_int32_t, void *); -int input_userauth_passwd_changereq(int, u_int32_t, void *); +int input_userauth_service_accept(int, u_int32_t, struct ssh *); +int input_userauth_ext_info(int, u_int32_t, struct ssh *); +int input_userauth_success(int, u_int32_t, struct ssh *); +int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); +int input_userauth_failure(int, u_int32_t, struct ssh *); +int input_userauth_banner(int, u_int32_t, struct ssh *); +int input_userauth_error(int, u_int32_t, struct ssh *); +int input_userauth_info_req(int, u_int32_t, struct ssh *); +int input_userauth_pk_ok(int, u_int32_t, struct ssh *); +int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); int userauth_none(Authctxt *); int userauth_pubkey(Authctxt *); @@ -311,11 +311,11 @@ int userauth_hostbased(Authctxt *); #ifdef GSSAPI int userauth_gssapi(Authctxt *authctxt); -int input_gssapi_response(int type, u_int32_t, void *); -int input_gssapi_token(int type, u_int32_t, void *); -int input_gssapi_hash(int type, u_int32_t, void *); -int input_gssapi_error(int, u_int32_t, void *); -int input_gssapi_errtok(int, u_int32_t, void *); +int input_gssapi_response(int type, u_int32_t, struct ssh *); +int input_gssapi_token(int type, u_int32_t, struct ssh *); +int input_gssapi_hash(int type, u_int32_t, struct ssh *); +int input_gssapi_error(int, u_int32_t, struct ssh *); +int input_gssapi_errtok(int, u_int32_t, struct ssh *); #endif void userauth(Authctxt *, char *); @@ -324,7 +324,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); static void pubkey_reset(Authctxt *); -static Key *load_identity_file(Identity *); +static struct sshkey *load_identity_file(Identity *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -402,10 +402,12 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, (r = sshpkt_send(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); + ssh->authctxt = &authctxt; ssh_dispatch_init(ssh, &input_userauth_error); ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); - ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ + ssh->authctxt = NULL; pubkey_cleanup(&authctxt); ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); @@ -417,10 +419,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, /* ARGSUSED */ int -input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) +input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; - struct ssh *ssh = active_state; + Authctxt *authctxt = ssh->authctxt; int r; if (ssh_packet_remaining(ssh) > 0) { @@ -451,9 +452,9 @@ input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) /* ARGSUSED */ int -input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) +input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) { - return kex_input_ext_info(type, seqnr, active_state); + return kex_input_ext_info(type, seqnr, ssh); } void @@ -493,7 +494,7 @@ userauth(Authctxt *authctxt, char *authlist) /* ARGSUSED */ int -input_userauth_error(int type, u_int32_t seq, void *ctxt) +input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) { fatal("input_userauth_error: bad message during authentication: " "type %d", type); @@ -502,7 +503,7 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -input_userauth_banner(int type, u_int32_t seq, void *ctxt) +input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) { char *msg, *lang; u_int len; @@ -519,9 +520,9 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -input_userauth_success(int type, u_int32_t seq, void *ctxt) +input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; if (authctxt == NULL) fatal("input_userauth_success: no authentication context"); @@ -536,9 +537,9 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) } int -input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) +input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; if (authctxt == NULL) fatal("%s: no authentication context", __func__); @@ -550,9 +551,9 @@ input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -input_userauth_failure(int type, u_int32_t seq, void *ctxt) +input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; char *authlist = NULL; int partial; @@ -576,10 +577,10 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) /* ARGSUSED */ int -input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) +input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; - Key *key = NULL; + Authctxt *authctxt = ssh->authctxt; + struct sshkey *key = NULL; Identity *id = NULL; Buffer b; int pktype, sent = 0; @@ -707,9 +708,9 @@ userauth_gssapi(Authctxt *authctxt) } static OM_uint32 -process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) +process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt = authctxt->methoddata; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; @@ -762,9 +763,9 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) /* ARGSUSED */ int -input_gssapi_response(int type, u_int32_t plen, void *ctxt) +input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; int oidlen; char *oidv; @@ -792,7 +793,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) free(oidv); - if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { + if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ debug("Trying to start again"); userauth(authctxt, NULL); @@ -803,9 +804,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) /* ARGSUSED */ int -input_gssapi_token(int type, u_int32_t plen, void *ctxt) +input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; gss_buffer_desc recv_tok; OM_uint32 status; u_int slen; @@ -818,7 +819,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) packet_check_eom(); - status = process_gssapi_token(ctxt, &recv_tok); + status = process_gssapi_token(ssh, &recv_tok); free(recv_tok.value); @@ -832,9 +833,9 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) /* ARGSUSED */ int -input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) +input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; @@ -863,7 +864,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) /* ARGSUSED */ int -input_gssapi_error(int type, u_int32_t plen, void *ctxt) +input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) { char *msg; char *lang; @@ -934,9 +935,9 @@ userauth_passwd(Authctxt *authctxt) */ /* ARGSUSED */ int -input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) +input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; char *info, *lang, *password = NULL, *retype = NULL; char prompt[150]; const char *host; @@ -1020,7 +1021,7 @@ static int identity_sign(struct identity *id, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { - Key *prv; + struct sshkey *prv; int ret; /* the agent supports this key */ @@ -1230,10 +1231,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) return 1; } -static Key * +static struct sshkey * load_identity_file(Identity *id) { - Key *private = NULL; + struct sshkey *private = NULL; char prompt[300], *passphrase, *comment; int r, perm_ok = 0, quit = 0, i; struct stat st; @@ -1564,9 +1565,9 @@ userauth_kbdint(Authctxt *authctxt) * parse INFO_REQUEST, prompt user and send INFO_RESPONSE */ int -input_userauth_info_req(int type, u_int32_t seq, void *ctxt) +input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) { - Authctxt *authctxt = ctxt; + Authctxt *authctxt = ssh->authctxt; char *name, *inst, *lang, *prompt, *response; u_int num_prompts, i; int echo = 0; diff --git a/sshd.c b/sshd.c index 1248d961..552f12ed 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -200,10 +200,10 @@ int have_agent = 0; * not very useful. Currently, memory locking is not implemented. */ struct { - Key **host_keys; /* all private host keys */ - Key **host_pubkeys; /* all public host keys */ - Key **host_certificates; /* all public host certificates */ - int have_ssh2_key; + struct sshkey **host_keys; /* all private host keys */ + struct sshkey **host_pubkeys; /* all public host keys */ + struct sshkey **host_certificates; /* all public host certificates */ + int have_ssh2_key; } sensitive_data; /* This is set to true when a signal is received. */ @@ -504,7 +504,7 @@ destroy_sensitive_data(void) void demote_sensitive_data(void) { - Key *tmp; + struct sshkey *tmp; int i; for (i = 0; i < options.num_host_key_files; i++) { @@ -690,6 +690,7 @@ privsep_postauth(Authctxt *authctxt) else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); buffer_clear(&loginmsg); + monitor_clear_keystate(pmonitor); monitor_child_postauth(pmonitor); /* NEVERREACHED */ @@ -729,7 +730,7 @@ list_hostkey_types(void) const char *p; char *ret; int i; - Key *key; + struct sshkey *key; buffer_init(&b); for (i = 0; i < options.num_host_key_files; i++) { @@ -785,11 +786,11 @@ list_hostkey_types(void) return ret; } -static Key * +static struct sshkey * get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) { int i; - Key *key; + struct sshkey *key; for (i = 0; i < options.num_host_key_files; i++) { switch (type) { @@ -813,19 +814,19 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) return NULL; } -Key * +struct sshkey * get_hostkey_public_by_type(int type, int nid, struct ssh *ssh) { return get_hostkey_by_type(type, nid, 0, ssh); } -Key * +struct sshkey * get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) { return get_hostkey_by_type(type, nid, 1, ssh); } -Key * +struct sshkey * get_hostkey_by_index(int ind) { if (ind < 0 || ind >= options.num_host_key_files) @@ -833,7 +834,7 @@ get_hostkey_by_index(int ind) return (sensitive_data.host_keys[ind]); } -Key * +struct sshkey * get_hostkey_public_by_index(int ind, struct ssh *ssh) { if (ind < 0 || ind >= options.num_host_key_files) @@ -842,7 +843,7 @@ get_hostkey_public_by_index(int ind, struct ssh *ssh) } int -get_hostkey_index(Key *key, int compare, struct ssh *ssh) +get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) { int i; @@ -1450,8 +1451,8 @@ main(int ac, char **av) u_int n; u_int64_t ibytes, obytes; mode_t new_umask; - Key *key; - Key *pubkey; + struct sshkey *key; + struct sshkey *pubkey; int keytype; Authctxt *authctxt; struct connection_info *connection_info = get_connection_info(0, 0); @@ -1750,9 +1751,9 @@ main(int ac, char **av) /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, - sizeof(Key *)); + sizeof(struct sshkey *)); sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, - sizeof(Key *)); + sizeof(struct sshkey *)); if (options.host_key_agent) { if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) @@ -1818,7 +1819,7 @@ main(int ac, char **av) * indices to the public keys that they relate to. */ sensitive_data.host_certificates = xcalloc(options.num_host_key_files, - sizeof(Key *)); + sizeof(struct sshkey *)); for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_certificates[i] = NULL; @@ -2154,6 +2155,7 @@ main(int ac, char **av) */ if (use_privsep) { mm_send_keystate(pmonitor); + packet_clear_keys(); exit(0); } @@ -2231,8 +2233,9 @@ main(int ac, char **av) } int -sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, - const u_char *data, size_t dlen, const char *alg, u_int flag) +sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, + u_char **signature, size_t *slen, const u_char *data, size_t dlen, + const char *alg, u_int flag) { int r; u_int xxx_slen, xxx_dlen = dlen; @@ -2312,7 +2315,7 @@ do_ssh2_kex(void) kex->host_key_index=&get_hostkey_index; kex->sign = sshd_hostkey_sign; - dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); + ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); session_id2 = kex->session_id; session_id2_len = kex->session_id_len; diff --git a/sshkey.c b/sshkey.c index f9518bd7..9a3f0be5 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.50 2017/05/08 06:11:06 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.51 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1764,8 +1764,9 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) goto out; } oprincipals = key->cert->principals; - key->cert->principals = reallocarray(key->cert->principals, - key->cert->nprincipals + 1, sizeof(*key->cert->principals)); + key->cert->principals = recallocarray(key->cert->principals, + key->cert->nprincipals, key->cert->nprincipals + 1, + sizeof(*key->cert->principals)); if (key->cert->principals == NULL) { free(principal); key->cert->principals = oprincipals; diff --git a/umac.c b/umac.c index 6eb55b26..9f2187c9 100644 --- a/umac.c +++ b/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ +/* $OpenBSD: umac.c,v 1.12 2017/05/31 08:09:45 markus Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -203,6 +203,8 @@ static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) aes_encryption(in_buf, out_buf, key); memcpy(dst_buf,out_buf,nbytes); } + explicit_bzero(in_buf, sizeof(in_buf)); + explicit_bzero(out_buf, sizeof(out_buf)); } /* The final UHASH result is XOR'd with the output of a pseudorandom @@ -227,6 +229,7 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) /* Initialize pdf and cache */ memset(pc->nonce, 0, sizeof(pc->nonce)); aes_encryption(pc->nonce, pc->cache, pc->prf_key); + explicit_bzero(buf, sizeof(buf)); } static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) @@ -991,6 +994,7 @@ static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); endian_convert_if_le(ahc->ip_trans, sizeof(UINT32), STREAMS * sizeof(UINT32)); + explicit_bzero(buf, sizeof(buf)); } /* ---------------------------------------------------------------------- */ @@ -1200,6 +1204,7 @@ int umac_delete(struct umac_ctx *ctx) if (ctx) { if (ALLOC_BOUNDARY) ctx = (struct umac_ctx *)ctx->free_ptr; + explicit_bzero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY); free(ctx); } return (1); @@ -1227,6 +1232,7 @@ struct umac_ctx *umac_new(const u_char key[]) aes_key_setup(key, prf_key); pdf_init(&ctx->pdf, prf_key); uhash_init(&ctx->hash, prf_key); + explicit_bzero(prf_key, sizeof(prf_key)); } return (ctx); diff --git a/utf8.c b/utf8.c index da577813..bc131385 100644 --- a/utf8.c +++ b/utf8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utf8.c,v 1.6 2017/04/17 14:31:23 schwarze Exp $ */ +/* $OpenBSD: utf8.c,v 1.7 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze * @@ -76,7 +76,7 @@ grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need) tsz = *sz + 128; if (tsz > maxsz) tsz = maxsz; - if ((tp = realloc(*dst, tsz)) == NULL) + if ((tp = recallocarray(*dst, *sz, tsz, 1)) == NULL) return -1; *dp = tp + (*dp - *dst); *dst = tp; diff --git a/xmalloc.c b/xmalloc.c index b5832367..5cc0310a 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.34 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -77,6 +77,18 @@ xreallocarray(void *ptr, size_t nmemb, size_t size) return new_ptr; } +void * +xrecallocarray(void *ptr, size_t onmemb, size_t nmemb, size_t size) +{ + void *new_ptr; + + new_ptr = recallocarray(ptr, onmemb, nmemb, size); + if (new_ptr == NULL) + fatal("xrecallocarray: out of memory (%zu elements of %zu bytes)", + nmemb, size); + return new_ptr; +} + char * xstrdup(const char *str) { diff --git a/xmalloc.h b/xmalloc.h index e4992893..cf38ddfa 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.17 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -20,6 +20,7 @@ void ssh_malloc_init(void); void *xmalloc(size_t); void *xcalloc(size_t, size_t); void *xreallocarray(void *, size_t, size_t); +void *xrecallocarray(void *, size_t, size_t, size_t); char *xstrdup(const char *); int xasprintf(char **, const char *, ...) __attribute__((__format__ (printf, 2, 3)))