diff --git a/contrib/win32/openssh/ssh-agent.vcxproj b/contrib/win32/openssh/ssh-agent.vcxproj
index efc9863..a007239 100644
--- a/contrib/win32/openssh/ssh-agent.vcxproj
+++ b/contrib/win32/openssh/ssh-agent.vcxproj
@@ -211,6 +211,8 @@
+
+
diff --git a/contrib/win32/win32compat/ssh-agent/agentconfig.c b/contrib/win32/win32compat/ssh-agent/agentconfig.c
index fa80062..253a5d7 100644
--- a/contrib/win32/win32compat/ssh-agent/agentconfig.c
+++ b/contrib/win32/win32compat/ssh-agent/agentconfig.c
@@ -50,7 +50,6 @@ static int use_privsep = -1;
Buffer cfg;
ServerOptions options;
struct passwd *privsep_pw = NULL;
-char *forced_command = NULL;
static char *config_file_name = _PATH_SERVER_CONFIG_FILE;
int auth2_methods_valid(const char * c, int i) {
@@ -107,4 +106,18 @@ int load_config() {
int config_log_level() {
return options.log_level;
+}
+
+int pubkey_allowed(struct sshkey* pubkey, wchar_t* wuser, wchar_t* wuser_home) {
+ struct passwd pw;
+ char user[256], user_home[MAX_PATH];
+ memset(&pw, 0, sizeof(pw));
+
+ if (WideCharToMultiByte(CP_UTF8, 0, wuser, -1, user, 256, NULL, NULL) == 0)
+ return 0;
+ /* BUG - pw structure is assumed to be filled with unicode strings by expand_authorized_keys()*/
+ //WideCharToMultiByte(CP_UTF8, 0, wuser_home, -1, user_home, MAX_PATH, NULL, NULL);
+ pw.pw_dir = wuser_home;
+ pw.pw_name = user;
+ return user_key_allowed(&pw, pubkey, 1);
}
\ No newline at end of file
diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c
index c2ed041..dead692 100644
--- a/contrib/win32/win32compat/ssh-agent/authagent-request.c
+++ b/contrib/win32/win32compat/ssh-agent/authagent-request.c
@@ -29,11 +29,11 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#define WIN32_NO_STATUS
+#define UMDF_USING_NTSTATUS
#include
-#undef WIN32_NO_STATUS
#include
#include
+#include
#include "agent.h"
#include "agent-request.h"
#include "key.h"
@@ -170,7 +170,9 @@ int process_authagent_request(struct sshbuf* request, struct sshbuf* response, s
}
if (key_verify(key, sig, sig_len, blob, blob_len) != 1 ||
- (token = generate_user_token(wuser)) == 0 ||
+ (token = generate_user_token(wuser)) == 0 ||
+ SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
+ pubkey_allowed(key, wuser, wuser_home) != 1 ||
(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||