This commit is contained in:
manojampalam 2016-05-14 18:34:54 -07:00
parent 5ed50c217d
commit 03c8d962d7
3 changed files with 21 additions and 4 deletions

View File

@ -211,6 +211,8 @@
<ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\connection.c" />
<ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\keyagent-request.c" />
<ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ssh-agent\pubkeyagent-request.c" />
<ClCompile Include="..\..\..\auth-options.c" />
<ClCompile Include="..\..\..\auth2-pubkey.c" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">

View File

@ -50,7 +50,6 @@ static int use_privsep = -1;
Buffer cfg;
ServerOptions options;
struct passwd *privsep_pw = NULL;
char *forced_command = NULL;
static char *config_file_name = _PATH_SERVER_CONFIG_FILE;
int auth2_methods_valid(const char * c, int i) {
@ -107,4 +106,18 @@ int load_config() {
int config_log_level() {
return options.log_level;
}
int pubkey_allowed(struct sshkey* pubkey, wchar_t* wuser, wchar_t* wuser_home) {
struct passwd pw;
char user[256], user_home[MAX_PATH];
memset(&pw, 0, sizeof(pw));
if (WideCharToMultiByte(CP_UTF8, 0, wuser, -1, user, 256, NULL, NULL) == 0)
return 0;
/* BUG - pw structure is assumed to be filled with unicode strings by expand_authorized_keys()*/
//WideCharToMultiByte(CP_UTF8, 0, wuser_home, -1, user_home, MAX_PATH, NULL, NULL);
pw.pw_dir = wuser_home;
pw.pw_name = user;
return user_key_allowed(&pw, pubkey, 1);
}

View File

@ -29,11 +29,11 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define WIN32_NO_STATUS
#define UMDF_USING_NTSTATUS
#include <Windows.h>
#undef WIN32_NO_STATUS
#include <Ntsecapi.h>
#include <ntstatus.h>
#include <Shlobj.h>
#include "agent.h"
#include "agent-request.h"
#include "key.h"
@ -170,7 +170,9 @@ int process_authagent_request(struct sshbuf* request, struct sshbuf* response, s
}
if (key_verify(key, sig, sig_len, blob, blob_len) != 1 ||
(token = generate_user_token(wuser)) == 0 ||
(token = generate_user_token(wuser)) == 0 ||
SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
pubkey_allowed(key, wuser, wuser_home) != 1 ||
(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||