Source snapshot from Powershell/openssh-portable:latestw_all

appveyor.yml

@@ -1,40 +1,39 @@
-version: 0.0.16.0.{build}
+version: 0.0.17.0.{build}
 image: Visual Studio 2015
 
 branches:
   only:
     - latestw_all
-    - latestw_all_openssl
 
 init:
   - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
 
 build_script:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1
       Invoke-AppVeyorBuild
 
 after_build:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1
       Install-OpenSSH
 
 before_test:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
-      Setup-OpenSSHTestEnvironment -Quiet
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1
+      Set-OpenSSHTestEnvironment -Confirm:$false
 
 test_script:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
-      Run-OpenSSHTests
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1
+      Invoke-OpenSSHTests
 
 after_test:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
-      Upload-OpenSSHTestResults
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1
+      Publish-OpenSSHTestResults
       
 on_finish:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1
       Publish-Artifact

auth-passwd.c

@@ -226,38 +226,45 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 
 #elif defined(WINDOWS)
 /*
-* Authenticate on Windows - Pass credentials to ssh-agent and retrieve token
-* upon successful authentication
-* TODO - password is sent in plain text over IPC. Consider implications. 
+* Authenticate on Windows - Call LogonUser and retrieve user token
 */
 int sys_auth_passwd(Authctxt *authctxt, const char *password)
 {
-	struct sshbuf *msg = NULL;
-	size_t blen = 0;
-	DWORD token = 0;
-	extern int auth_sock;
+	wchar_t *user_utf16 = NULL, *udom_utf16 = NULL, *pwd_utf16 = NULL, *tmp;
+	HANDLE token = NULL;
 	int r = 0;
-	int ssh_request_reply(int, struct sshbuf *, struct sshbuf *);
 
-	msg = sshbuf_new();
-	if (!msg)
-		fatal("%s: out of memory", __func__);
+	if ((user_utf16 = utf8_to_utf16(authctxt->pw->pw_name)) == NULL ||
+	    (pwd_utf16 = utf8_to_utf16(password)) == NULL) {
+		fatal("out of memory");
+		goto done;
+	}
 
-	if (sshbuf_put_u8(msg, SSH_AGENT_AUTHENTICATE) != 0 ||
-	    sshbuf_put_cstring(msg, PASSWD_AUTH_REQUEST) != 0 ||
-	    sshbuf_put_cstring(msg, authctxt->pw->pw_name) != 0 ||
-	    sshbuf_put_cstring(msg, password) != 0 ||
-	    ssh_request_reply(auth_sock, msg, msg) != 0 ||
-	    sshbuf_get_u32(msg, &token) != 0) {
-		debug("auth agent did not authorize client %s", authctxt->user);
-		r = 0;
+	if ((tmp = wcschr(user_utf16, L'@')) != NULL) {
+		udom_utf16 = tmp + 1;
+		*tmp = L'\0';
+	}
+
+	if (LogonUserW(user_utf16, udom_utf16, pwd_utf16, LOGON32_LOGON_NETWORK_CLEARTEXT, 
+	    LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
+		if (GetLastError() == ERROR_PASSWORD_MUST_CHANGE) 
+			/* 
+			 * TODO - need to add support to force password change
+			 * by sending back SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
+			 */
+			error("password for user %s has expired", authctxt->pw->pw_name);
+		else
+			debug("failed to logon user: %ls domain: %ls error:%d", user_utf16, udom_utf16, GetLastError());
 		goto done;
 	}
-	authctxt->methoddata = (void*)(INT_PTR)token;
+
+	authctxt->auth_token = (void*)(INT_PTR)token;
 	r = 1;
 done:
-	if (msg)
-		sshbuf_free(msg);
+	if (user_utf16)
+		free(user_utf16);
+	if (pwd_utf16)
+		SecureZeroMemory(pwd_utf16, sizeof(wchar_t) * wcslen(pwd_utf16));
 	return r;
 }
 #endif   /* WINDOWS */

auth.c

@@ -405,6 +405,13 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 	file = percent_expand(filename, "h", pw->pw_dir,
 	    "u", pw->pw_name, (char *)NULL);
 
+#ifdef WINDOWS
+	/* Return if the path is absolute. If not, prepend the '%h\\' */
+	if ((strlen(file) > 1) && (file[1] == ':'))
+		return (file);
+
+	i = snprintf(ret, sizeof(ret), "%s\\%s", pw->pw_dir, file);
+#else
 	/*
 	 * Ensure that filename starts anchored. If not, be backward
 	 * compatible and prepend the '%h/'
@@ -413,6 +420,8 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 		return (file);
 
 	i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
+#endif // WINDOWS
+
 	if (i < 0 || (size_t)i >= sizeof(ret))
 		fatal("expand_authorized_keys: path too long");
 	free(file);

auth.h

@@ -78,7 +78,9 @@ struct Authctxt {
 #endif
 	Buffer		*loginmsg;
 	void		*methoddata;
-
+#ifdef WINDOWS
+	void		*auth_token;
+#endif
 	struct sshkey	**prev_userkeys;
 	u_int		 nprev_userkeys;
 };

auth2-pubkey.c

@@ -200,62 +200,21 @@ userauth_pubkey(struct ssh *ssh)
 		/* test for correct signature */
 		authenticated = 0;
 
-#ifdef WINDOWS
-		/* Pass key challenge material to ssh-agent to retrieve token upon successful authentication */
-		{
-			struct sshbuf *msg = NULL; 
-			u_char *blob = NULL;
-			size_t blen = 0;
-			DWORD token = 0;
-			extern int auth_sock;
-			int r = 0;
-			int ssh_request_reply(int , struct sshbuf *, struct sshbuf *);
-
-			while (1) {
-				msg = sshbuf_new();
-				if (!msg)
-					fatal("%s: out of memory", __func__);
-				if ((r = sshbuf_put_u8(msg, SSH_AGENT_AUTHENTICATE)) != 0 ||
-				    (r = sshbuf_put_cstring(msg, PUBKEY_AUTH_REQUEST)) != 0 ||
-				    (r = sshkey_to_blob(key, &blob, &blen)) != 0 ||
-				    (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
-				    (r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 ||
-				    (r = sshbuf_put_string(msg, sig, slen)) != 0 ||
-				    (r = sshbuf_put_string(msg, sshbuf_ptr(b), sshbuf_len(b))) != 0 ||
-				    (r = ssh_request_reply(auth_sock, msg, msg)) != 0 ||
-				    (r = sshbuf_get_u32(msg, &token)) != 0) {
-					debug("auth agent did not authorize client %s", authctxt->user);
-					break;
-				}
-
-				debug3("auth agent authenticated %s", authctxt->user);
-				break;
-
-			}
-			if (blob)
-				free(blob);
-			if (msg)
-				sshbuf_free(msg);
-
-			if (token) {
-				authenticated = 1;                              
-				authctxt->methoddata = (void*)(INT_PTR)token;
-			}
-
-		}
-
-#else  /* !WINDOWS */
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
+#ifdef WINDOWS
+		    (authctxt->auth_token = mm_auth_pubkey(authctxt->pw->pw_name, 
+		    key, sig, slen, b)) != NULL) {
+#else
 		    PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
 		    sshbuf_len(b), ssh->compat)) == 0) {
+#endif
 			authenticated = 1;
 			/* Record the successful key to prevent reuse */
 			auth2_record_userkey(authctxt, key);
 			key = NULL; /* Don't free below */
 		}
 		sshbuf_free(b);
 		free(sig);
-#endif  /* !WINDOWS */
 
 	} else {
 		debug("%s: test whether pkalg/pkblob are acceptable for %s %s",

authfd.h

@@ -43,6 +43,7 @@ int	ssh_agent_sign(int sock, struct sshkey *key,
 	    const u_char *data, size_t datalen, const char *alg, u_int compat);
 
 /* Messages for the authentication agent connection. */
+/* Message Id 0 is reserved */
 #define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
 #define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
 #define SSH_AGENTC_RSA_CHALLENGE		3
@@ -88,12 +89,4 @@ int	ssh_agent_sign(int sock, struct sshkey *key,
 #define	SSH_AGENT_RSA_SHA2_256			0x02
 #define	SSH_AGENT_RSA_SHA2_512			0x04
 
-/* 
-* Following are used in Windows implementation
-* ssh-agent in Windows also serves user authentication
-*/
-#define SSH_AGENT_AUTHENTICATE			200
-#define PUBKEY_AUTH_REQUEST			"pubkey"
-#define PASSWD_AUTH_REQUEST			"password"
-
 #endif				/* AUTHFD_H */