add motw to scp and sftp

contrib/win32/win32compat/misc.c

@@ -61,6 +61,7 @@
 #include "inc\string.h"
 #include "inc\time.h"
 #include "..\..\..\atomicio.h"
+#include "urlmon.h"
 
 #include <wchar.h>
 
@@ -136,6 +137,9 @@ int chroot_path_len = 0;
 /* UTF-16 version of the above */
 wchar_t* chroot_pathw = NULL;
 
+/* motw zone_id initialized to invalid value */
+DWORD motw_zone_id = 5;
+
 int
 usleep(unsigned int useconds)
 {
@@ -2136,7 +2140,18 @@ add_mark_of_web(const char* filename)
 	sprintf_s(fileStreamPath, fileStreamPathLen, "%s:Zone.Identifier", filename);
 
 	// ZoneId=3 indicates the file comes from the Internet Zone
-	const char zoneIdentifier[] = "[ZoneTransfer]\nZoneId=3";
+	// const char zoneIdentifier[] = "[ZoneTransfer]\nZoneId=3";
+	char* zoneIdentifierStr = NULL;
+	size_t zoneIndentifierLen = strlen("[ZoneTransfer]\nZoneId=") + 1 + 1;
+
+	zoneIdentifierStr = malloc(zoneIndentifierLen * sizeof(char));
+
+	if (zoneIdentifierStr == NULL) {
+		return -1;
+	}
+
+	sprintf_s(zoneIdentifierStr, zoneIndentifierLen, "[ZoneTransfer]\nZoneId=%d", motw_zone_id);
+
 	int ofd, status = 0;
 
 	// create zone identifer file stream and then write the Mark of the Web to it
@@ -2145,9 +2160,9 @@ add_mark_of_web(const char* filename)
 		goto cleanup;
 	}
 
-	size_t zoneIndentifierLen = strlen(zoneIdentifier);
+	// size_t zoneIndentifierLen = strlen(zoneIdentifier);
 
-	if (atomicio(vwrite, ofd, zoneIdentifier, zoneIndentifierLen) != zoneIndentifierLen) {
+	if (atomicio(vwrite, ofd, zoneIdentifierStr, zoneIndentifierLen) != zoneIndentifierLen) {
 		status = -1;
 	}
 
@@ -2160,3 +2175,42 @@ add_mark_of_web(const char* filename)
 	return status;
 }
 
+void get_zone_identifier(const char* hostname) {
+	static const CLSID CLSID_ISM =
+	{ 0x7B8A2D94, 0x0AC9, 0x11D1,
+	{ 0x89, 0x6C, 0x00, 0xC0, 0x4F, 0xB6, 0xBF, 0xC4 } };
+	static const IID IID_IISM =
+	{ 0x79EAC9EE, 0xBAF9, 0x11CE,
+	{ 0x8C, 0x82, 0x00, 0xAA, 0x00, 0x4B, 0xA9, 0x0B } };
+	IInternetSecurityManager* IISM;
+	CoInitialize(NULL);
+	HRESULT hr = CoCreateInstance(&CLSID_ISM, NULL,
+		CLSCTX_ALL, &IID_IISM, (void**)&IISM);
+	if (SUCCEEDED(hr) || hr == RPC_E_CHANGED_MODE)
+	{
+		wchar_t* hostname_w = utf8_to_utf16(hostname);
+		size_t inputStrLen = wcslen(hostname_w) + wcslen(L"ftp://") + 2;
+		wchar_t* inputStr = malloc(inputStrLen * sizeof(wchar_t));
+		if (inputStr == NULL) {
+			return;
+		}
+		swprintf_s(inputStr, inputStrLen, L"ftp://%s", hostname_w);
+		hr = IISM->lpVtbl->MapUrlToZone(IISM, inputStr, &motw_zone_id, 0);
+		if (hr == S_OK) {
+			if (motw_zone_id < 5) {
+				debug("valid zone identifier value: %d", motw_zone_id);
+			}
+			else {
+				debug("invalid zone identifier value, will not use");
+				motw_zone_id = 5;
+			}
+		}
+		else {
+			motw_zone_id = 5;
+			debug("MapUrlToZone failed");
+		}
+	}
+	else {
+		debug("failed to co-create instance");
+	}
+}

contrib/win32/win32compat/misc_internal.h

@@ -49,6 +49,9 @@ extern char* chroot_path;
 extern int chroot_path_len;
 extern wchar_t* chroot_pathw;
 
+/* motw zone_id */
+extern DWORD motw_zone_id;
+
 /* removes first '/' for Windows paths that are unix styled. Ex: /c:/ab.cd */
 wchar_t * resolved_path_utf16(const char *);
 char* resolved_path_utf8(const char *);
@@ -84,3 +87,4 @@ BOOL is_bash_test_env();
 int bash_to_win_path(const char *in, char *out, const size_t out_len);
 void debug_assert_internal();
 int add_mark_of_web(const char* filename);
+void get_zone_identifier(const char* hostname);

scp.c

@@ -1141,6 +1141,9 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
 		    reminp, remoutp, pidp) < 0)
 			return NULL;
 	}
+#ifdef WINDOWS
+	get_zone_identifier(host);
+#endif // WINDOWS
 	return do_init(*reminp, *remoutp, 32768, 64, limit_kbps);
 }
 
@@ -1439,6 +1442,9 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct)
 			continue;
 		}
 		/* SCP */
+#ifdef WINDOWS
+		get_zone_identifier(host);
+#endif // WINDOWS
 		xasprintf(&bp, "%s -f %s%s",
 		    cmd, *src == '-' ? "-- " : "", src);
 		if (do_cmd(ssh_program, host, suser, sport, 0, bp,
@@ -2077,9 +2083,17 @@ sink(int argc, char **argv, const char *src)
 		omode = mode;
 		mode |= S_IWUSR;
 #ifdef WINDOWS
-		if (add_mark_of_web(np) == -1) {
-			run_err("%s: failed to add mark of the web\n", np);
-			exit(1);
+		if (motw_zone_id == 5) {
+			if (verbose_mode)
+				note_err("%s: will not add mark of the web due to push \
+					from local to remote scenario, or MapUrlToZone API failure\n", np);
+		}
+		else {
+			if (add_mark_of_web(np) == -1) {
+				if (verbose_mode) {
+					note_err("%s: add_mark_of_web failed\n", np);
+				}
+			}
 		}
 
 		// In windows, we would like to inherit the parent folder permissions by setting mode to USHRT_MAX.

sftp-client.c

@@ -1728,12 +1728,8 @@ do_download(struct sftp_conn *conn, const char *remote_path,
 	}
 	close(local_fd);
 #ifdef WINDOWS
-	if (add_mark_of_web(local_path) == -1) {
-		// (resume_flag ? 0 : O_TRUNC) on line 1355 requires us 
-		// to add the mark of the web after transferring the file. 
-		// if MOTW fails, we need to remove the file before exiting
-		remove(local_path);
-		fatal_f("%s: failed to add mark of the web", local_path);
+	if (motw_zone_id == 5 || add_mark_of_web(local_path) == -1) {
+		debug("%s: failed to add mark of the web", local_path);
 	}
 #endif // WINDOWS
 	sshbuf_free(msg);

sftp-server.c

@@ -869,14 +869,14 @@ process_write(u_int32_t id)
 #ifdef WINDOWS
 	char* filepath = resolved_path_utf8(handle_to_name(handle));
 	if (filepath == NULL) {
-		fatal_f("cannot convert handle %d to utf8 filepath for mark of the web", handle);
+		debug("cannot convert handle %d to utf8 filepath for mark of the web", handle);
 	}
-	if (add_mark_of_web(filepath) == -1) {
-		debug("add_mark_of_web to %s failed", filepath);
+	else {
+		if (motw_zone_id == 5 || add_mark_of_web(filepath) == -1) {
+			debug("add_mark_of_web to %s failed", filepath);
+		}
 		free(filepath);
-		fatal_f("failed to add mark of the web");
 	}
-	free(filepath);
 #endif // WINDOWS
 
 	debug("request %u: write \"%s\" (handle %d) off %llu len %zu",
@@ -1913,6 +1913,10 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 	logit("session opened for local user %s from [%s]",
 	    pw->pw_name, client_addr);
 
+#ifdef WINDOWS
+	get_zone_identifier(client_addr);
+#endif // WINDOWS
+
 	in = STDIN_FILENO;
 	out = STDOUT_FILENO;
 

sftp.c

@@ -2637,6 +2637,9 @@ main(int argc, char **argv)
 	freeargs(&args);
 
 	conn = do_init(in, out, copy_buffer_len, num_requests, limit_kbps);
+#ifdef WINDOWS
+	get_zone_identifier(host);
+#endif //WINDOWS
 	if (conn == NULL)
 		fatal("Couldn't initialise connection to server");