Fixed GSSAPI authentication.

gssapi32.dll from MIT Kerberos as well as from Heimdal both load further DLLs from their installation directories. [SGT: I polished the original patch a bit, in particular replacing manual memory allocation with dup_mb_to_wc. This required a Recipe change to link miscucs.c and winucs.c into more of the tools.]
2025-05-28 23:34:49 -05:00 · 2017-04-03 21:30:18 +02:00 · 2017-04-03 21:30:18 +02:00 · 802b4edf4d
commit 802b4edf4d
parent d2653e79ab
4 changed files with 70 additions and 8 deletions
--- a/6
+++ b/6
@ -235,8 +235,8 @@ TERMINAL = terminal wcwidth ldiscucs logging tree234 minibidi
         + config dialog conf

 # GUI front end and terminal emulator (putty, puttytel).
-GUITERM  = TERMINAL window windlg winctrls sizetip winucs winprint
-         + winutils wincfg sercfg winhelp winjump miscucs
+GUITERM  = TERMINAL window windlg winctrls sizetip winprint winutils
+	 + wincfg sercfg winhelp winjump

 # Same thing on Unix.
 UXTERM   = TERMINAL uxcfg sercfg uxucs uxprint timing callback miscucs
@ -262,7 +262,7 @@ SFTP     = sftp int64 logging
 # Pageant or PuTTYgen).
 MISC     = timing callback misc version settings tree234 proxy conf be_misc
 WINMISC  = MISC winstore winnet winhandl cmdline windefs winmisc winproxy
-         + wintime winhsock errsock winsecur
+         + wintime winhsock errsock winsecur winucs miscucs
 UXMISC   = MISC uxstore uxsel uxnet uxpeer cmdline uxmisc uxproxy time

 # import.c and dependencies, for PuTTYgen-like utilities that have to
--- a/windows/wingss.c
+++ b/windows/wingss.c
@ -49,6 +49,9 @@ DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 		      MakeSignature,
 		      (PCtxtHandle, ULONG, PSecBufferDesc, ULONG));
+DECL_WINDOWS_FUNCTION(static, DLL_DIRECTORY_COOKIE,
+                      AddDllDirectory,
+                      (PCWSTR));

 typedef struct winSsh_gss_ctx {
    unsigned long maj_stat;
@ -72,6 +75,11 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
    HKEY regkey;
    struct ssh_gss_liblist *list = snew(struct ssh_gss_liblist);
    char *path;
+    static HMODULE kernel32_module;
+    if (!kernel32_module) {
+        kernel32_module = load_system32_dll("kernel32.dll");
+    }
+    GET_WINDOWS_FUNCTION(kernel32_module, AddDllDirectory);

    list->libraries = snewn(3, struct ssh_gss_library);
    list->nlibraries = 0;
@ -93,8 +101,20 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
 	    ret = RegQueryValueEx(regkey, "InstallDir", NULL,
 				  &type, (LPBYTE)buffer, &size);
 	    if (ret == ERROR_SUCCESS && type == REG_SZ) {
-		strcat(buffer, "\\bin\\gssapi32.dll");
-		module = LoadLibrary(buffer);
+                strcat (buffer, "\\bin");
+                if(p_AddDllDirectory) {
+                    /* Add MIT Kerberos' path to the DLL search path,
+                     * it loads its own DLLs further down the road */
+                    wchar_t *dllPath =
+                        dup_mb_to_wc(DEFAULT_CODEPAGE, 0, buffer);
+                    p_AddDllDirectory(dllPath);
+                    sfree(dllPath);
+                }
+                strcat (buffer, "\\gssapi32.dll");
+                module = LoadLibraryEx (buffer, NULL,
+                                        LOAD_LIBRARY_SEARCH_SYSTEM32 |
+                                        LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR |
+                                        LOAD_LIBRARY_SEARCH_USER_DIRS);
 	    }
 	    sfree(buffer);
 	}
@ -152,7 +172,32 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
    module = NULL;
    path = conf_get_filename(conf, CONF_ssh_gss_custom)->path;
    if (*path) {
-	module = LoadLibrary(path);
+        if(p_AddDllDirectory) {
+            /* Add the custom directory as well in case it chainloads
+             * some other DLLs (e.g a non-installed MIT Kerberos
+             * instance) */
+            int pathlen = strlen(path);
+
+            while (pathlen > 0 && path[pathlen-1] != ':' &&
+                   path[pathlen-1] != '\\')
+                pathlen--;
+
+            if (pathlen > 0 && path[pathlen-1] != '\\')
+                pathlen--;
+
+            if (pathlen > 0) {
+                char *dirpath = dupprintf("%.*s", pathlen, path);
+                wchar_t *dllPath = dup_mb_to_wc(DEFAULT_CODEPAGE, 0, dirpath);
+                p_AddDllDirectory(dllPath);
+                sfree(dllPath);
+                sfree(dirpath);
+            }
+        }
+
+        module = LoadLibraryEx(path, NULL,
+                               LOAD_LIBRARY_SEARCH_SYSTEM32 |
+                               LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR |
+                               LOAD_LIBRARY_SEARCH_USER_DIRS);
    }
    if (module) {
 	struct ssh_gss_library *lib =
--- a/windows/winmisc.c
+++ b/windows/winmisc.c
@ -176,8 +176,10 @@ void dll_hijacking_protection(void)
    }

    if (p_SetDefaultDllDirectories) {
-        /* LOAD_LIBRARY_SEARCH_SYSTEM32 only */
-        p_SetDefaultDllDirectories(0x800);
+        /* LOAD_LIBRARY_SEARCH_SYSTEM32 and explicitly specified
+         * directories only */
+        p_SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32 |
+                                   LOAD_LIBRARY_SEARCH_USER_DIRS);
    }
 }

--- a/windows/winstuff.h
+++ b/windows/winstuff.h
@ -512,6 +512,21 @@ const char *win_strerror(int error);
 void restrict_process_acl(void);
 GLOBAL int restricted_acl;

+/* A few pieces of up-to-date Windows API definition needed for older
+ * compilers. */
+#ifndef LOAD_LIBRARY_SEARCH_SYSTEM32
+#define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800
+#endif
+#ifndef LOAD_LIBRARY_SEARCH_USER_DIRS
+#define LOAD_LIBRARY_SEARCH_USER_DIRS 0x00000400
+#endif
+#ifndef LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR
+#define LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR 0x00000100
+#endif
+#if _MSC_VER < 1400
+typedef PVOID DLL_DIRECTORY_COOKIE;
+#endif
+
 /*
 * Exports from sizetip.c.
 */