Suspended File permissions logic, cranked version.

appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.0.13.0.{build}
+version: 0.0.14.0.{build}
 image: Visual Studio 2015
 
 branches:

contrib/win32/openssh/OpenSSHTestHelper.psm1

@@ -412,7 +412,7 @@ function Run-OpenSSHE2ETest
    # Discover all CI tests and run them.
     Push-Location $Script:E2ETestDirectory
     Write-Log -Message "Running OpenSSH E2E tests..."    
-    $testFolders = Get-ChildItem *.tests.ps1 -Recurse -Exclude SSHDConfig.tests.ps1, SSH.Tests.ps1 | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique
+    $testFolders = Get-ChildItem *.tests.ps1 -Recurse | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique
     Invoke-Pester $testFolders -OutputFormat NUnitXml -OutputFile $Script:E2ETestResultsFile -Tag 'CI'
     Pop-Location
 }

contrib/win32/win32compat/w32-sshfileperm.c

@@ -55,8 +55,9 @@
 */
 int
 check_secure_file_permission(const char *name, struct passwd * pw)
-{	
-	PSECURITY_DESCRIPTOR pSD = NULL;
+{
+	return 0;
+	/*PSECURITY_DESCRIPTOR pSD = NULL;
 	wchar_t * name_utf16 = NULL;
 	PSID owner_sid = NULL, user_sid = NULL;
 	PACL dacl = NULL;
@@ -79,10 +80,10 @@ check_secure_file_permission(const char *name, struct passwd * pw)
 	if ((name_utf16 = utf8_to_utf16(name)) == NULL) {
 		errno = ENOMEM;
 		goto cleanup;
-	}
+	}*/
 
 	/*Get the owner sid of the file.*/
-	if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
+	/*if ((error_code = GetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
 		OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
 		&owner_sid, NULL, &dacl, NULL, &pSD)) != ERROR_SUCCESS) {
 		debug3("failed to retrieve the owner sid and dacl of file %s with error code: %d", name, error_code);
@@ -102,14 +103,14 @@ check_secure_file_permission(const char *name, struct passwd * pw)
 		debug3("Bad owner on %s", name);
 		ret = -1;
 		goto cleanup;
-	}
+	}*/
 	/*
 	iterate all aces of the file to find out if there is voilation of the following rules:
 		1. no others than administrators group, system account, and current user, owner accounts have write permission on the file
 		2. sshd account can only have read permission
 		3. this user and file owner should at least have read permission 
 	*/
-	for (DWORD i = 0; i < dacl->AceCount; i++) {
+	/*for (DWORD i = 0; i < dacl->AceCount; i++) {
 		PVOID current_ace = NULL;
 		PACE_HEADER current_aceHeader = NULL;
 		PSID current_trustee_sid = NULL;
@@ -152,10 +153,10 @@ check_secure_file_permission(const char *name, struct passwd * pw)
 			// Not interested ACE
 			continue;
 		}
-		}
+		}*/
 
 		/*no need to check administrators group, owner account, user account and system account*/
-		if (IsWellKnownSid(current_trustee_sid, WinBuiltinAdministratorsSid) ||
+		/*if (IsWellKnownSid(current_trustee_sid, WinBuiltinAdministratorsSid) ||
 			IsWellKnownSid(current_trustee_sid, WinLocalSystemSid) ||
 			EqualSid(current_trustee_sid, owner_sid) ||
 			EqualSid(current_trustee_sid, user_sid) ||
@@ -188,7 +189,7 @@ check_secure_file_permission(const char *name, struct passwd * pw)
 		FreeSid(user_sid);
 	if(name_utf16)
 		free(name_utf16);
-	return ret;
+	return ret;*/
 }
 
 static BOOL
@@ -267,7 +268,8 @@ is_admin_account(PSID user_sid)
 int
 set_secure_file_permission(const char *name, struct passwd * pw)
 {
-	PSECURITY_DESCRIPTOR pSD = NULL;
+	return 0;
+	/*PSECURITY_DESCRIPTOR pSD = NULL;
 	PSID owner_sid = NULL;
 	PACL dacl = NULL;
 	wchar_t *name_utf16 = NULL, *sid_utf16 = NULL, sddl[256];
@@ -327,10 +329,10 @@ set_secure_file_permission(const char *name, struct passwd * pw)
 		errno = ENOMEM;
 		ret = -1;
 		goto cleanup;
-	}
+	}*/
 
 	/*Set the owner sid and acl of the file.*/
-	if ((error_code = SetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
+	/*if ((error_code = SetNamedSecurityInfoW(name_utf16, SE_FILE_OBJECT,
 		OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
 		owner_sid, NULL, dacl, NULL)) != ERROR_SUCCESS) {
 		debug3("failed to set the owner sid and dacl of file %s with error code: %d", name, error_code);
@@ -348,5 +350,5 @@ set_secure_file_permission(const char *name, struct passwd * pw)
 	if (owner_sid)
 		FreeSid(owner_sid);	
 	
-	return ret;
+	return ret;*/
 }

regress/pesterTests/Authorized_keys_fileperm.Tests.ps1

@@ -1,5 +1,5 @@
 Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
-Describe "Tests for authorized_keys file permission" -Tags "CI" {
+Describe "Tests for authorized_keys file permission" -Tags "Scenario" {
     BeforeAll {    
         if($OpenSSHTestInfo -eq $null)
         {

regress/pesterTests/Cfginclude.Tests.ps1

@@ -1,4 +1,4 @@
-Describe "Tests for ssh config" -Tags "CI" {
+Describe "Tests for ssh config" -Tags "Scenario" {
     BeforeAll {
         if($OpenSSHTestInfo -eq $null)
         {

regress/pesterTests/Hostkey_fileperm.Tests.ps1

@@ -1,5 +1,5 @@
 Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
-Describe "Tests for host keys file permission" -Tags "CI" {
+Describe "Tests for host keys file permission" -Tags "Scenario" {
     BeforeAll {
         if($OpenSSHTestInfo -eq $null)
         {

regress/pesterTests/KeyUtils.Tests.ps1

@@ -2,7 +2,7 @@
 $tI = 0
 $suite = "keyutils"
 
-Describe "E2E scenarios for ssh key management" -Tags "CI" {
+Describe "E2E scenarios for ssh key management" -Tags "Scenario" {
     BeforeAll {    
         if($OpenSSHTestInfo -eq $null)
         {

regress/pesterTests/Userkey_fileperm.Tests.ps1

@@ -1,5 +1,5 @@
 Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
-Describe "Tests for user Key file permission" -Tags "CI" {
+Describe "Tests for user Key file permission" -Tags "Scenario" {
     BeforeAll {    
         if($OpenSSHTestInfo -eq $null)
         {