Add mode support in open() and onboard file perm related changes and tests (#145)

PowerShell/Win32-OpenSSH#710
PowerShell/Win32-OpenSSH#725
PowerShell/Win32-OpenSSH#729
PowerShell/Win32-OpenSSH#731
PowerShell/Win32-OpenSSH#732

Author: bingbing8

authfile.c

@@ -61,14 +61,6 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 
 	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
 		return SSH_ERR_SYSTEM_ERROR;
-#ifdef WINDOWS /* WINDOWS */
-	/*
-	Set the owner of the private key file to current user and only grant
-	current user the full control access
-	 */
-	if (set_secure_file_permission(filename, NULL) != 0)
-		return SSH_ERR_SYSTEM_ERROR;	
-#endif  /* WINDOWS */
 	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
 	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
 		oerrno = errno;

contrib/win32/openssh/OpenSSHBuildHelper.psm1

@@ -300,7 +300,7 @@ function Package-OpenSSH
     }
     $buildDir = Join-Path $repositoryRoot ("bin\" + $folderName + "\" + $Configuration)
     $payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe"
-    $payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe" 
+    $payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe", "ssh-keyscan.exe" 
     $payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1"
 
     $packageName = "OpenSSH-Win64"
@@ -503,7 +503,7 @@ function Install-OpenSSH
     & "$OpenSSHDir\ssh-keygen.exe" -A
 
     $keyFiles = Get-ChildItem "$OpenSSHDir\ssh_host_*_key*" | % {        
-        Add-PermissionToFileACL -FilePath $_.FullName -User "NT Service\sshd" -Perm "Read"
+        Adjust-HostKeyFileACL -FilePath $_.FullName
     }
 
 

contrib/win32/openssh/OpenSSHCommonUtils.psm1

@@ -30,48 +30,147 @@ function Get-RepositoryRoot
 
 <#
 .Synopsis
-    Sets the Secure File ACL. 
-    1. Removed all user acl except Administrators group, system, and current user
-    2. whether or not take the owner
+    Set owner of the file to by LOCALSYSTEM account
+    Set private host key be fully controlled by LOCALSYSTEM and Administrators
+    Set public host key be fully controlled by LOCALSYSTEM and Administrators, read access by everyone
 
 .Outputs
     N/A
 
 .Inputs
     FilePath - The path to the file
-    takeowner - if want to take the ownership
 #>
-function Cleanup-SecureFileACL 
+function Adjust-HostKeyFileACL
 {
-    [CmdletBinding()]
-    param([string]$FilePath, [System.Security.Principal.NTAccount] $Owner)
+        param (
+        [parameter(Mandatory=$true)]
+        [string]$FilePath
+    )
 
-    $myACL = Get-ACL $filePath
-    $myACL.SetAccessRuleProtection($True, $True)
-    Set-Acl -Path $filePath -AclObject $myACL
+    $myACL = Get-ACL $FilePath
+    $myACL.SetAccessRuleProtection($True, $FALSE)
+    Set-Acl -Path $FilePath -AclObject $myACL
 
-    $myACL = Get-ACL $filePath
-    if($owner -ne $null)
+    $systemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM")
+    $adminAccount = New-Object System.Security.Principal.NTAccount("BUILTIN","Administrators")
+    $everyoneAccount = New-Object System.Security.Principal.NTAccount("EveryOne")
+    $myACL = Get-ACL $FilePath
+
+    $myACL.SetOwner($systemAccount)
+
+    if($myACL.Access) 
     {        
-        $myACL.SetOwner($owner)
+        $myACL.Access | % {
+            if(-not ($myACL.RemoveAccessRule($_)))
+            {
+                throw "failed to remove access of $($_.IdentityReference.Value) rule in setup "
+            }
+        }
+    }    
+
+    $adminACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ($adminAccount, "FullControl", "None", "None", "Allow") 
+    $myACL.AddAccessRule($adminACE)
+
+    $systemACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ($systemAccount, "FullControl", "None", "None", "Allow")
+    $myACL.AddAccessRule($systemACE)
+
+    if($FilePath.EndsWith(".pub"))
+    {
+        $everyoneAce = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ("Everyone", "Read", "None", "None", "Allow")
+        $myACL.AddAccessRule($everyoneAce)
     }
-    
+    else
+    {
+        #this only is needed when the private host keys are not registered with agent
+        $sshdAce = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ("NT service\sshd", "Read", "None", "None", "Allow")
+        $myACL.AddAccessRule($sshdAce)
+    }
+    Set-Acl -Path $FilePath -AclObject $myACL
+}
+
+<#
+.Synopsis
+    Set owner of the user key file
+    Set ACL to have private user key be fully controlled by LOCALSYSTEM and Administrators, Read, write access by owner
+    Set public user key be fully controlled by LOCALSYSTEM and Administrators, Read, write access by owner, read access by everyone
+
+.Outputs
+    N/A
+
+.Inputs
+    FilePath - The path to the file
+    Owner - owner of the file
+    OwnerPerms - the permissions grant to the owner
+#>
+function Adjust-UserKeyFileACL
+{
+    param (
+    [parameter(Mandatory=$true)]
+    [string]$FilePath,
+    [System.Security.Principal.NTAccount] $Owner = $null,
+    [System.Security.AccessControl.FileSystemRights[]] $OwnerPerms = $null
+    )
+
+    $myACL = Get-ACL $FilePath
+    $myACL.SetAccessRuleProtection($True, $FALSE)
+    Set-Acl -Path $FilePath -AclObject $myACL
+
+    $systemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM")
+    $adminAccount = New-Object System.Security.Principal.NTAccount("BUILTIN","Administrators")
+    $everyoneAccount = New-Object System.Security.Principal.NTAccount("EveryOne")
+    $myACL = Get-ACL $FilePath
+
+    $actualOwner = $null
+    if($Owner -eq $null)
+    {
+        $actualOwner = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN), $($env:USERNAME))
+    }
+    else
+    {
+        $actualOwner = $Owner
+    }
+
+    $myACL.SetOwner($actualOwner)
+
     if($myACL.Access) 
     {        
         $myACL.Access | % {
-            if (($_ -ne $null) -and ($_.IdentityReference.Value -ine "BUILTIN\Administrators") -and 
-            ($_.IdentityReference.Value -ine "NT AUTHORITY\SYSTEM") -and 
-            ($_.IdentityReference.Value -ine "$(whoami)"))
+            if(-not ($myACL.RemoveAccessRule($_)))
             {
-                if(-not ($myACL.RemoveAccessRule($_)))
-                {
-                    throw "failed to remove access of $($_.IdentityReference.Value) rule in setup "
-                }
+                throw "failed to remove access of $($_.IdentityReference.Value) rule in setup "
             }
         }
+    }    
+
+    $adminACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ($adminAccount, "FullControl", "None", "None", "Allow") 
+    $myACL.AddAccessRule($adminACE)
+
+    $systemACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ($systemAccount, "FullControl", "None", "None", "Allow")
+    $myACL.AddAccessRule($systemACE)
+
+    if($OwnerPerms)
+    {
+        $OwnerPerms | % { 
+            $ownerACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+                ($actualOwner, $_, "None", "None", "Allow")
+            $myACL.AddAccessRule($ownerACE)
+        }
     }
 
-    Set-Acl -Path $filePath -AclObject $myACL
+    if($FilePath.EndsWith(".pub"))
+    {
+        $everyoneAce = New-Object System.Security.AccessControl.FileSystemAccessRule `
+        ("Everyone", "Read", "None", "None", "Allow")
+        $myACL.AddAccessRule($everyoneAce)
+    }
+    
+    Set-Acl -Path $FilePath -AclObject $myACL
 }
 
 <#
@@ -88,20 +187,27 @@ function Cleanup-SecureFileACL
 #>
 function Add-PermissionToFileACL 
 {
-    [CmdletBinding()]
-    param(
+        param (
+        [parameter(Mandatory=$true)]
         [string]$FilePath,
+        [parameter(Mandatory=$true)]
         [System.Security.Principal.NTAccount] $User,
-        [System.Security.AccessControl.FileSystemRights]$Perm
+        [parameter(Mandatory=$true)]
+        [System.Security.AccessControl.FileSystemRights[]]$Perms
     )    
 
-    $myACL = Get-ACL $filePath
+    $myACL = Get-ACL $FilePath
 
-    $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
-        ($User, $perm, "None", "None", "Allow") 
-    $myACL.AddAccessRule($objACE)    
+    if($Perms)
+    {
+        $Perms | % { 
+            $userACE = New-Object System.Security.AccessControl.FileSystemAccessRule `
+                ($User, $_, "None", "None", "Allow")
+            $myACL.AddAccessRule($userACE)
+        }
+    }    
 
-    Set-Acl -Path $filePath -AclObject $myACL
+    Set-Acl -Path $FilePath -AclObject $myACL
 }
 
-Export-ModuleMember -Function Get-RepositoryRoot, Add-PermissionToFileACL, Cleanup-SecureFileACL 
+Export-ModuleMember -Function Get-RepositoryRoot, Add-PermissionToFileACL, Adjust-HostKeyFileACL, Adjust-UserKeyFileACL

contrib/win32/openssh/OpenSSHTestHelper.psm1

@@ -1,5 +1,5 @@
 $ErrorActionPreference = 'Stop'
-Import-Module $PSScriptRoot\OpenSSHCommonUtils.psm1 -DisableNameChecking
+Import-Module $PSScriptRoot\OpenSSHCommonUtils.psm1 -DisableNameChecking -Force
 
 [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot
 # test environment parameters initialized with defaults
@@ -158,17 +158,12 @@ WARNING: Following changes will be made to OpenSSH configuration
     # copy new sshd_config
     Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) (Join-Path $script:OpenSSHBinPath sshd_config) -Force
 
-    #workaround for the cariggage new line added by git before copy them
-    Get-ChildItem "$($Script:E2ETestDirectory)\sshtest_*key*" | % {
-        (Get-Content $_.FullName -Raw).Replace("`r`n","`n") | Set-Content $_.FullName -Force
-    }
-
     #copy sshtest keys
-    Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force
-    $owner = New-Object System.Security.Principal.NTAccount($env:USERDOMAIN, $env:USERNAME)
-    Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*" -Exclude *.pub | % {
-        Cleanup-SecureFileACL -FilePath $_.FullName -Owner $owner
-        Add-PermissionToFileACL -FilePath $_.FullName -User "NT Service\sshd" -Perm "Read"
+    Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force    
+    Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*"| % {
+        #workaround for the cariggage new line added by git before copy them
+        (Get-Content $_.FullName -Raw).Replace("`r`n","`n") | Set-Content $_.FullName -Force
+        Adjust-HostKeyFileACL -FilePath $_.FullName
     }
     Restart-Service sshd -Force
 
@@ -190,6 +185,7 @@ WARNING: Following changes will be made to OpenSSH configuration
         Copy-Item $sshConfigFilePath (Join-Path $dotSshDirectoryPath config.ori) -Force
     }
     Copy-Item (Join-Path $Script:E2ETestDirectory ssh_config) $sshConfigFilePath -Force
+    Adjust-UserKeyFileACL -FilePath $sshConfigFilePath -OwnerPerms "Read,Write"
 
     # create test accounts
     #TODO - this is Windows specific. Need to be in PAL
@@ -216,9 +212,12 @@ WARNING: Following changes will be made to OpenSSH configuration
     $authorizedKeyPath = Join-Path $ssouserProfile .ssh\authorized_keys
     $testPubKeyPath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519.pub    
     Copy-Item $testPubKeyPath $authorizedKeyPath -Force -ErrorAction SilentlyContinue
+    $owner = New-Object System.Security.Principal.NTAccount($SSOUser)
+    Adjust-UserKeyFileACL -FilePath $authorizedKeyPath -Owner $owner -OwnerPerms "Read","Write"
     Add-PermissionToFileACL -FilePath $authorizedKeyPath -User "NT Service\sshd" -Perm "Read"
     $testPriKeypath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519
-    Cleanup-SecureFileACL -FilePath $testPriKeypath -owner $owner
+    (Get-Content $testPriKeypath -Raw).Replace("`r`n","`n") | Set-Content $testPriKeypath -Force
+    Adjust-UserKeyFileACL -FilePath $testPriKeypath -OwnerPerms "Read, Write"
     cmd /c "ssh-add $testPriKeypath 2>&1 >> $Script:TestSetupLogFile"
     Backup-OpenSSHTestInfo
 }