Source snapshot from Powershell/openssh-portable:latestw_all

Author: bingbing8

appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.0.12.0.{build}
+version: 0.0.13.0.{build}
 image: Visual Studio 2015
 
 branches:

auth.c

@@ -76,6 +76,7 @@
 #include "authfile.h"
 #include "ssherr.h"
 #include "compat.h"
+#include "sshfileperm.h"
 
 /* import */
 extern ServerOptions options;
@@ -489,10 +490,6 @@ int
 auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
     uid_t uid, char *err, size_t errlen)
 {
-#ifdef WINDOWS
-	error("auth_secure_path should not be called in Windows yet");
-	return -1;
-#else /* !WINDOWS */
 	char buf[PATH_MAX], homedir[PATH_MAX];
 	char *cp;
 	int comparehome = 0;
@@ -545,7 +542,6 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
 			break;
 	}
 	return 0;
-#endif  /* !WINDOWS */
 }
 
 /*
@@ -585,7 +581,12 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
                         strerror(errno));
                 return NULL;
         }
-        /* TODO check permissions  */
+	if (strict_modes && check_secure_file_permission(file, pw) != 0) {
+		fclose(f);
+		logit("Authentication refused.");
+		auth_debug_add("Ignored %s", file_type);
+		return NULL;
+	}
 #else  /* !WINDOWS */
 	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
 		if (log_missing || errno != ENOENT)

authfile.c

@@ -49,6 +49,7 @@
 #include "sshbuf.h"
 #include "ssherr.h"
 #include "krl.h"
+#include "sshfileperm.h"
 
 #define MAX_KEY_FILE_SIZE	(1024 * 1024)
 
@@ -60,6 +61,14 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 
 	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
 		return SSH_ERR_SYSTEM_ERROR;
+#ifdef WINDOWS /* WINDOWS */
+	/*
+	Set the owner of the private key file to current user and only grant
+	current user the full control access
+	 */
+	if (set_secure_file_permission(filename, NULL) != 0)
+		return SSH_ERR_SYSTEM_ERROR;	
+#endif  /* WINDOWS */
 	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
 	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
 		oerrno = errno;
@@ -193,19 +202,25 @@ sshkey_perm_ok(int fd, const char *filename)
 #ifdef HAVE_CYGWIN
 	if (check_ntsec(filename))
 #endif
-
-#ifndef WINDOWS /*TODO - implement permission checks on Windows*/
+		
+#ifdef WINDOWS  /*implement permission checks on Windows*/
+	if(check_secure_file_permission(filename, NULL) != 0) {
+		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
+		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+		error("Permissions for '%s' are too open.", filename);
+#else
 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("Permissions 0%3.3o for '%s' are too open.",
 		    (u_int)st.st_mode & 0777, filename);
+#endif /* !WINDOWS */
 		error("It is required that your private key files are NOT accessible by others.");
 		error("This private key will be ignored.");
 		return SSH_ERR_KEY_BAD_PERMISSIONS;
 	}
-#endif /* !WINDOWS */
 	return 0;
 }
 

contrib/win32/openssh/AppveyorHelper.psm1

@@ -173,7 +173,8 @@ function Publish-Artifact
     [System.Collections.ArrayList] $artifacts = [System.Collections.ArrayList]::new()   
 
     # Get the build.log file for each build configuration        
-    Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName)
+    Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName -Configuration Release -NativeHostArch x64)
+    Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName -Configuration Debug -NativeHostArch x86)
 
     if($Global:OpenSSHTestInfo)
     {

contrib/win32/openssh/OpenSSHBuildHelper.psm1

@@ -307,6 +307,12 @@ function Package-OpenSSH
     if ($NativeHostArch -eq 'x86') {
         $packageName = "OpenSSH-Win32"
     }
+    while((($service = Get-Service ssh-agent -ErrorAction Ignore) -ne $null) -and ($service.Status -ine 'Stopped'))
+    {        
+        Stop-Service ssh-agent -Force
+        #sleep to wait the servicelog file write        
+        Start-Sleep 5
+    }
 
     $packageDir = Join-Path $buildDir $packageName
     Remove-Item $packageDir -Recurse -Force -ErrorAction SilentlyContinue
@@ -320,23 +326,23 @@ function Package-OpenSSH
         if ((-not(Test-Path (Join-Path $buildDir $file)))) {
             Throw "Cannot find $file under $buildDir. Did you run Build-OpenSSH?"
         }
-        Copy-Item (Join-Path $buildDir $file) $packageDir
+        Copy-Item (Join-Path $buildDir $file) $packageDir -Force
         if ($file.EndsWith(".exe")) {
             $pdb = $file.Replace(".exe", ".pdb")
-            Copy-Item (Join-Path $buildDir $pdb) $symbolsDir
+            Copy-Item (Join-Path $buildDir $pdb) $symbolsDir -Force
         }
         if ($file.EndsWith(".dll")) {
             $pdb = $file.Replace(".dll", ".pdb")
-            Copy-Item (Join-Path $buildDir $pdb) $symbolsDir
+            Copy-Item (Join-Path $buildDir $pdb) $symbolsDir -Force
         }
     }
 
     if ($DestinationPath -ne "") {
-        if (Test-Path $DestinationPath) {
-            Remove-Item $DestinationPath\* -Force
+        if (Test-Path $DestinationPath) {            
+            Remove-Item $DestinationPath\* -Force -Recurse
         }
         else {
-            New-Item -ItemType Directory $DestinationPath | Out-Null
+            New-Item -ItemType Directory $DestinationPath -Force | Out-Null
         }
         Copy-Item -Path $packageDir\* -Destination $DestinationPath -Force -Recurse
     }
@@ -493,8 +499,12 @@ function Install-OpenSSH
     Package-OpenSSH -NativeHostArch $NativeHostArch -Configuration $Configuration -DestinationPath $OpenSSHDir
 
     Push-Location $OpenSSHDir 
-    & ( "$OpenSSHDir\install-sshd.ps1") 
-    .\ssh-keygen.exe -A
+    & "$OpenSSHDir\install-sshd.ps1"
+    & "$OpenSSHDir\ssh-keygen.exe" -A
+
+    $keyFiles = Get-ChildItem "$OpenSSHDir\ssh_host_*_key*" | % {        
+        Add-PermissionToFileACL -FilePath $_.FullName -User "NT Service\sshd" -Perm "Read"
+    }
 
 
     #machine will be reboot after Install-openssh anyway

contrib/win32/openssh/OpenSSHCommonUtils.psm1

@@ -28,4 +28,80 @@ function Get-RepositoryRoot
     throw new-object System.IO.DirectoryNotFoundException("Could not find the root of the GIT repository")
 }
 
-Export-ModuleMember -Function Get-RepositoryRoot
+<#
+.Synopsis
+    Sets the Secure File ACL. 
+    1. Removed all user acl except Administrators group, system, and current user
+    2. whether or not take the owner
+
+.Outputs
+    N/A
+
+.Inputs
+    FilePath - The path to the file
+    takeowner - if want to take the ownership
+#>
+function Cleanup-SecureFileACL 
+{
+    [CmdletBinding()]
+    param([string]$FilePath, [System.Security.Principal.NTAccount] $Owner)
+
+    $myACL = Get-ACL $filePath
+    $myACL.SetAccessRuleProtection($True, $True)
+    Set-Acl -Path $filePath -AclObject $myACL
+
+    $myACL = Get-ACL $filePath
+    if($owner -ne $null)
+    {        
+        $myACL.SetOwner($owner)
+    }
+    
+    if($myACL.Access) 
+    {        
+        $myACL.Access | % {
+            if (($_ -ne $null) -and ($_.IdentityReference.Value -ine "BUILTIN\Administrators") -and 
+            ($_.IdentityReference.Value -ine "NT AUTHORITY\SYSTEM") -and 
+            ($_.IdentityReference.Value -ine "$(whoami)"))
+            {
+                if(-not ($myACL.RemoveAccessRule($_)))
+                {
+                    throw "failed to remove access of $($_.IdentityReference.Value) rule in setup "
+                }
+            }
+        }
+    }
+
+    Set-Acl -Path $filePath -AclObject $myACL
+}
+
+<#
+.Synopsis
+    add a file permission to an account
+
+.Outputs
+    N/A
+
+.Inputs
+    FilePath - The path to the file    
+    User - account name
+    Perm - The permission to grant.
+#>
+function Add-PermissionToFileACL 
+{
+    [CmdletBinding()]
+    param(
+        [string]$FilePath,
+        [System.Security.Principal.NTAccount] $User,
+        [System.Security.AccessControl.FileSystemRights]$Perm
+    )    
+
+    $myACL = Get-ACL $filePath
+        
+    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ($User, $perm, "None", "None", "Allow") 
+    $myACL.AddAccessRule($objACE)    
+
+    Set-Acl -Path $filePath -AclObject $myACL
+}
+
+Export-ModuleMember -Function Get-RepositoryRoot, Add-PermissionToFileACL, Cleanup-SecureFileACL 

contrib/win32/openssh/OpenSSHTestHelper.psm1

@@ -108,6 +108,10 @@ function Setup-OpenSSHTestEnvironment
     }
 
     $Global:OpenSSHTestInfo.Add("OpenSSHBinPath", $script:OpenSSHBinPath)
+    if (-not ($env:Path.ToLower().Contains($script:OpenSSHBinPath.ToLower())))
+    {
+        $env:Path = "$($script:OpenSSHBinPath);$($env:path)"
+    }
 
     $warning = @"
 WARNING: Following changes will be made to OpenSSH configuration
@@ -125,15 +129,12 @@ WARNING: Following changes will be made to OpenSSH configuration
     if (-not $Quiet) {
         Write-Warning $warning
         $continue = Read-Host -Prompt "Do you want to continue with the above changes? [Yes] Y; [No] N (default is `"Y`")"
-        if( ($continue -eq "") -or ($continue -ieq "Y") -or ($continue -ieq "Yes") )
-        {            
-        }
-        elseif( ($continue -ieq "N") -or ($continue -ieq "No") )
+        if( ($continue -ieq "N") -or ($continue -ieq "No") )
         {
             Write-Host "User decided not to make the changes."
             return
         }
-        else
+        elseif(($continue -ne "") -and ($continue -ine "Y") -and ($continue -ine "Yes"))        
         {
             Throw "User entered invalid option ($continue). Exit now."
         }
@@ -152,9 +153,21 @@ WARNING: Following changes will be made to OpenSSH configuration
         Copy-Item (Join-Path $script:OpenSSHBinPath sshd_config) $backupConfigPath -Force
     }
 
-    # copy new sshd_config    
-    Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) (Join-Path $script:OpenSSHBinPath sshd_config) -Force    
-    Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force    
+    # copy new sshd_config
+    Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) (Join-Path $script:OpenSSHBinPath sshd_config) -Force
+    
+    #workaround for the cariggage new line added by git before copy them
+    Get-ChildItem "$($Script:E2ETestDirectory)\sshtest_*key*" | % {
+        (Get-Content $_.FullName -Raw).Replace("`r`n","`n") | Set-Content $_.FullName -Force
+    }
+
+    #copy sshtest keys
+    Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force
+    $owner = New-Object System.Security.Principal.NTAccount($env:USERDOMAIN, $env:USERNAME)
+    Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*" -Exclude *.pub | % {
+        Cleanup-SecureFileACL -FilePath $_.FullName -Owner $owner
+        Add-PermissionToFileACL -FilePath $_.FullName -User "NT Service\sshd" -Perm "Read"
+    }
     Restart-Service sshd -Force
 
     #Backup existing known_hosts and replace with test version
@@ -174,45 +187,50 @@ WARNING: Following changes will be made to OpenSSH configuration
     #TODO - this is Windows specific. Need to be in PAL
     foreach ($user in $OpenSSHTestAccounts)
     {
-        try 
+        try
         {
             $objUser = New-Object System.Security.Principal.NTAccount($user)
             $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
         }
         catch
-        {    
+        {
             #only add the local user when it does not exists on the machine        
             net user $user $Script:OpenSSHTestAccountsPassword /ADD 2>&1 >> $Script:TestSetupLogFile
-        }
+        }        
     }
 
-    #setup single sign on for ssouser
-    #TODO - this is Windows specific. Need to be in PAL
-    $ssousersid = Get-UserSID -User sshtest_ssouser
-    $ssouserProfileRegistry = Join-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" $ssousersid
-    if (-not (Test-Path $ssouserProfileRegistry) ) {        
-        #create profile
-        if (-not($env:DISPLAY)) { $env:DISPLAY = 1 }
-        $env:SSH_ASKPASS="$($env:ComSpec) /c echo $($OpenSSHTestAccountsPassword)"
-        cmd /c "ssh -p 47002 sshtest_ssouser@localhost echo %userprofile% > profile.txt"
-        if ($env:DISPLAY -eq 1) { Remove-Item env:\DISPLAY }
-        remove-item "env:SSH_ASKPASS" -ErrorAction SilentlyContinue
-    }
-    $ssouserProfile = (Get-ItemProperty -Path $ssouserProfileRegistry -Name 'ProfileImagePath').ProfileImagePath
+    #setup single sign on for ssouser    
+    $ssouserProfile = Get-LocalUserProfile -User $SSOUser
+    $Global:OpenSSHTestInfo.Add("SSOUserProfile", $ssouserProfile)
+    $Global:OpenSSHTestInfo.Add("PubKeyUserProfile", (Get-LocalUserProfile -User $PubKeyUser))        
+
     New-Item -ItemType Directory -Path (Join-Path $ssouserProfile .ssh) -Force -ErrorAction SilentlyContinue  | out-null
     $authorizedKeyPath = Join-Path $ssouserProfile .ssh\authorized_keys
-    $testPubKeyPath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519.pub
-    #workaround for the cariggage new line added by git
-    (Get-Content $testPubKeyPath -Raw).Replace("`r`n","`n") | Set-Content $testPubKeyPath -Force
+    $testPubKeyPath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519.pub    
     Copy-Item $testPubKeyPath $authorizedKeyPath -Force -ErrorAction SilentlyContinue
-    $acl = get-acl $authorizedKeyPath
-    $ar = New-Object  System.Security.AccessControl.FileSystemAccessRule("NT Service\sshd", "Read", "Allow")
-    $acl.SetAccessRule($ar)
-    Set-Acl  $authorizedKeyPath $acl
+    Add-PermissionToFileACL -FilePath $authorizedKeyPath -User "NT Service\sshd" -Perm "Read"
     $testPriKeypath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519
-    (Get-Content $testPriKeypath -Raw).Replace("`r`n","`n") | Set-Content $testPriKeypath -Force
+    Cleanup-SecureFileACL -FilePath $testPriKeypath -owner $owner
     cmd /c "ssh-add $testPriKeypath 2>&1 >> $Script:TestSetupLogFile"
 }
+#TODO - this is Windows specific. Need to be in PAL
+function Get-LocalUserProfile
+{
+    param([string]$User)
+    $sid = Get-UserSID -User $User
+    $userProfileRegistry = Join-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" $sid
+    if (-not (Test-Path $userProfileRegistry) ) {        
+        #create profile
+        if (-not($env:DISPLAY)) { $env:DISPLAY = 1 }
+        $env:SSH_ASKPASS="$($env:ComSpec) /c echo $($OpenSSHTestAccountsPassword)"
+        $ret = ssh -p 47002 "$User@localhost" echo %userprofile%
+        if ($env:DISPLAY -eq 1) { Remove-Item env:\DISPLAY }
+        remove-item "env:SSH_ASKPASS" -ErrorAction SilentlyContinue
+    }   
+    
+    (Get-ItemProperty -Path $userProfileRegistry -Name 'ProfileImagePath').ProfileImagePath    
+}
+
 
 <#
       .SYNOPSIS