Merge branch 'L1-Prod' into console-updates-integration

Author: manojampalam

.gitignore

@@ -278,3 +278,4 @@ d2utmpa*
 configure
 contrib/win32/openssh/Win32-OpenSSH.VC.opendb
 *.opendb
+*.db

auth-passwd.c

@@ -41,13 +41,13 @@
 #include "xmalloc.h"
 #endif
 
-/*
- * We support only client side kerberos on Windows.
- */
+ /*
+  * We support only client side kerberos on Windows.
+  */
 
 #ifdef WIN32_FIXME
-  #undef GSSAPI
-  #undef KRB5
+#undef GSSAPI
+#undef KRB5
 #endif
 
 #include <sys/types.h>
@@ -202,183 +202,43 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 }
 
 #elif defined(WIN32_FIXME)
+extern int auth_sock;
 int sys_auth_passwd(Authctxt *authctxt, const char *password)
 {
-  /* 
-   * Authenticate on Windows 
-   */
-   
-  struct passwd *pw = authctxt -> pw;
-
-  HANDLE hToken = INVALID_HANDLE_VALUE;
-  
-  BOOL worked = FALSE;
-  
-  LPWSTR user_UTF16     = NULL;
-  LPWSTR password_UTF16 = NULL;
-  LPWSTR domain_UTF16   = NULL;
-
-  int buffer_size = 0;
-  
-  /*
-   * Identify domain or local login.
-   */
-
-  char *username = authctxt->user;
-
-  char *domainslash = strchr(authctxt->user, '\\');
-  if (domainslash) {
-	  // domain\username format
-	  char *domainname = authctxt->user;
-	  *domainslash = '\0';
-	  username = ++domainslash; // username is past the domain \ is the username
-
- 	  // Convert domainname from UTF-8 to UTF-16
-	  buffer_size = MultiByteToWideChar(CP_UTF8, 0, domainname, -1, NULL, 0);
-
-	  if (buffer_size > 0)
-	  {
-		  domain_UTF16 = xmalloc(4 * buffer_size);
-	  }
-	  else
-	  {
-		  return 0;
-	  }
-
-	  if (0 == MultiByteToWideChar(CP_UTF8, 0, domainname,
-		  -1, domain_UTF16, buffer_size))
-	  {
-		  free(domain_UTF16);
-
-		  return 0;
-	  }
-  }
-  else if (domainslash = strchr(authctxt->user, '@')) {
-	  // username@domain format
-	  username = authctxt->user;
-	  *domainslash = '\0';
-	  char *domainname = ++domainslash; // domainname is past the user@
-
-								// Convert domainname from UTF-8 to UTF-16
-	  buffer_size = MultiByteToWideChar(CP_UTF8, 0, domainname, -1, NULL, 0);
-
-	  if (buffer_size > 0)
-	  {
-		  domain_UTF16 = xmalloc(4 * buffer_size);
-	  }
-	  else
-	  {
-		  return 0;
-	  }
-
-	  if (0 == MultiByteToWideChar(CP_UTF8, 0, domainname,
-		  -1, domain_UTF16, buffer_size))
-	  {
-		  free(domain_UTF16);
-
-		  return 0;
-	  }
-  }
-  else {
-	  domain_UTF16 = strchr(authctxt->user, '@') ? NULL : L".";
-  }
-  
-  authctxt -> methoddata = hToken;
- 
-  if (domain_UTF16 == NULL)
-  {
-    debug3("Using domain logon...");
-  }
-  
-  /*
-   * Convert username from UTF-8 to UTF-16
-   */
- 
-  buffer_size = MultiByteToWideChar(CP_UTF8, 0, username, -1, NULL, 0);
-
-  if (buffer_size > 0)
-  {
-    user_UTF16 = xmalloc(4 * buffer_size);
-  }
-  else
-  {
-    return 0;
-  }
-  
-  if (0 == MultiByteToWideChar(CP_UTF8, 0, username,
-                                   -1, user_UTF16, buffer_size))
-  {
-    free(user_UTF16);
-
-    return 0;
-  }
-
-  /*
-   * Convert password from UTF-8 to UTF-16
-   */
-  
-  buffer_size = MultiByteToWideChar(CP_UTF8, 0, password, -1, NULL, 0);
-
-  if (buffer_size > 0)
-  {
-    password_UTF16 = xmalloc(4 * buffer_size);
-  }
-  else
-  {
-    return 0;
-  }
-  
-  if (0 == MultiByteToWideChar(CP_UTF8, 0, password, -1, 
-                                   password_UTF16 , buffer_size))
-  {
-    free(password_UTF16 );
-
-    return 0;
-  }
-  
-  worked = LogonUserW(user_UTF16, domain_UTF16, password_UTF16,
-	  LOGON32_LOGON_NETWORK,
-                             LOGON32_PROVIDER_DEFAULT, &hToken);
-                             
-  
-  free(user_UTF16);
-  free(password_UTF16);
-  if (domainslash) free(domain_UTF16);
-  
-  /*
-   * If login still fails, go out.
-   */
-   
-  if (!worked || hToken == INVALID_HANDLE_VALUE)
-  {
-    return 0;
-  }
-
-  /*
-   * Make sure this can be inherited for when 
-   * we start shells or commands.
-   */
-  
-  worked = SetHandleInformation(hToken, HANDLE_FLAG_INHERIT, HANDLE_FLAG_INHERIT);
-  
-  if (!worked)
-  {
-    CloseHandle(hToken);
-    
-    hToken = INVALID_HANDLE_VALUE;
-    
-    authctxt -> methoddata = hToken;
-
-    return 0;
-  }
-
-  /*
-   * Save the handle (or invalid handle) as method-specific data.
-   */
-   
-  authctxt -> methoddata = hToken;
-
-  return 1;
+	/*
+	 * Authenticate on Windows
+	 */
+
+	{
+		u_char *blob = NULL;
+		size_t blen = 0;
+		DWORD token = 0;
+		struct sshbuf *msg = NULL;
+
+		msg = sshbuf_new();
+		if (!msg)
+			return 0;
+		if (sshbuf_put_u8(msg, 100) != 0 ||
+			sshbuf_put_cstring(msg, "password") != 0 ||
+			sshbuf_put_cstring(msg, authctxt->user) != 0 ||
+			sshbuf_put_cstring(msg, password) != 0 ||
+			ssh_request_reply(auth_sock, msg, msg) != 0 ||
+			sshbuf_get_u32(msg, &token) != 0) {
+			debug("auth agent did not authorize client %s", authctxt->pw->pw_name);
+			return 0;
+		}
+
+
+		if (blob)
+			free(blob);
+		if (msg)
+			sshbuf_free(msg);
+
+		authctxt->methoddata = token;
+		
+	}
+
+	return 1;
 }
 
 #elif !defined(CUSTOM_SYS_AUTH_PASSWD)

auth2-pubkey.c

@@ -86,6 +86,7 @@ extern u_int session_id2_len;
 #ifdef WIN32_FIXME
 
   extern char HomeDirLsaW[MAX_PATH];
+  extern int auth_sock;
 
 #endif
 
@@ -192,52 +193,24 @@ userauth_pubkey(Authctxt *authctxt)
 #ifdef WIN32_FIXME
 		{
 #define SSH_AGENT_ROOT "SOFTWARE\\SSH\\Agent"
-			HKEY agent_root = 0;
-			DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff;
-			int sock = -1, r;
+			int r;
 			u_char *blob = NULL;
 			size_t blen = 0;
 			DWORD token = 0;
-			HANDLE h = INVALID_HANDLE_VALUE;
 			struct sshbuf *msg = NULL;
 
 			while (1) {
-				RegOpenKeyEx(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, KEY_QUERY_VALUE, &agent_root);
-				if (agent_root)
-					RegQueryValueEx(agent_root, "ProcessId", 0, NULL, &agent_pid, &tmp_size);
-					
-
-				h = CreateFile(
-					"\\\\.\\pipe\\ssh-authagent",   // pipe name 
-					GENERIC_READ |  // read and write access 
-					GENERIC_WRITE,
-					0,              // no sharing 
-					NULL,           // default security attributes
-					OPEN_EXISTING,  // opens existing pipe 
-					FILE_FLAG_OVERLAPPED,              // attributes 
-					NULL);          // no template file 
-				if (h == INVALID_HANDLE_VALUE) {
-					debug("cannot connect to auth agent");
-					break;
-				}
-
-				if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) {
-					debug("auth agent pid mismatch");
-					break;
-				}
-
-				if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0)
-					break;
 				msg = sshbuf_new();
 				if (!msg)
 					break;
-				if ((r = sshbuf_put_cstring(msg, "keyauthenticate")) != 0 ||
+				if ((r = sshbuf_put_u8(msg, 100)) != 0 ||
+					(r = sshbuf_put_cstring(msg, "pubkey")) != 0 ||
 					(r = sshkey_to_blob(key, &blob, &blen)) != 0 ||
 					(r = sshbuf_put_string(msg, blob, blen)) != 0 ||
 					(r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 ||
 					(r = sshbuf_put_string(msg, sig, slen)) != 0 ||
 					(r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 ||
-					(r = ssh_request_reply(sock, msg, msg)) != 0 ||
+					(r = ssh_request_reply(auth_sock, msg, msg)) != 0 ||
 					(r = sshbuf_get_u32(msg, &token)) != 0) {
 					debug("auth agent did not authorize client %s", authctxt->pw->pw_name);
 					break;
@@ -246,12 +219,8 @@ userauth_pubkey(Authctxt *authctxt)
 				break;
 
 			}
-			if (agent_root)
-				RegCloseKey(agent_root);
 			if (blob)
 				free(blob);
-			if (sock != -1)
-				close(sock);
 			if (msg)
 				sshbuf_free(msg);
 

authfd.c

@@ -107,7 +107,7 @@ ssh_get_authentication_socket(int *fdp)
 		}
 
 		h = CreateFile(
-			"\\\\.\\pipe\\ssh-keyagent",   // pipe name 
+			"\\\\.\\pipe\\ssh-agent",   // pipe name 
 			GENERIC_READ |  // read and write access 
 			GENERIC_WRITE,
 			0,              // no sharing 

contrib/win32/openssh/scp.vcxproj

@@ -22,6 +22,9 @@
   <ItemGroup>
     <ClCompile Include="$(OpenSSH-Src-Path)scp.c" />
   </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="version.rc" />
+  </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{29B98ADF-1285-49CE-BF6C-AA92C5D2FB24}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>