tyler.durden
/
Win32-OpenSSH
mirror of https://github.com/PowerShell/Win32-OpenSSH.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

5-10 C1

This commit is contained in:
Manoj Ampalam 2016-05-10 15:38:01 -07:00
parent 9347e07039
commit 351f141a6b
2 changed files with 130 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
contrib/win32/win32compat/ssh-agent/authagent-request.c
View File

@ -29,74 +29,143 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#define WIN32_NO_STATUS
#include <Windows.h> #include <Windows.h>
#undef WIN32_NO_STATUS
#include <Ntsecapi.h> #include <Ntsecapi.h>
//#include <ntstatus.h> #include <ntstatus.h>
#include "agent.h" #include "agent.h"
#include "agent-request.h" #include "agent-request.h"
static void
InitLsaString(LSA_STRING *lsa_string, const char *str)
{
if (str == NULL)
memset(lsa_string, 0, sizeof(LSA_STRING));
else {
lsa_string->Buffer = str;
lsa_string->Length = strlen(str);
lsa_string->MaximumLength = lsa_string->Length + 1;
}
}
static HANDLE
generate_user_token(wchar_t* user) {
HANDLE lsa_handle = 0, token = 0;;
LSA_OPERATIONAL_MODE mode;
ULONG auth_package_id;
NTSTATUS ret, subStatus;
KERB_S4U_LOGON *s4u_logon = NULL;
size_t logon_info_size;
LSA_STRING logon_process_name, auth_package_name, originName;
TOKEN_SOURCE sourceContext;
PKERB_INTERACTIVE_PROFILE pProfile = NULL;
LUID logonId;
QUOTA_LIMITS quotas;
DWORD cbProfile;
InitLsaString(&logon_process_name, "ssh-agent");
InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
//InitLsaString(&auth_package_name, "Negotiate");
InitLsaString(&originName, "sshd");
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
goto done;
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
goto done;
logon_info_size = sizeof(KERB_S4U_LOGON);
logon_info_size += (wcslen(user) * 2 + 2);
s4u_logon = malloc(logon_info_size);
if (s4u_logon == NULL)
goto done;
s4u_logon->MessageType = KerbS4ULogon;
s4u_logon->Flags = 0;
s4u_logon->ClientUpn.Length = wcslen(user) * 2;
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
memcpy(s4u_logon->ClientUpn.Buffer, user, s4u_logon->ClientUpn.Length + 2);
s4u_logon->ClientRealm.Length = 0;
s4u_logon->ClientRealm.MaximumLength = 0;
s4u_logon->ClientRealm.Buffer = 0;
memcpy(sourceContext.SourceName,".Jobs ", sizeof(sourceContext.SourceName));
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
goto done;
if (ret = LsaLogonUser(lsa_handle,
&originName,
Network,
auth_package_id,
s4u_logon,
logon_info_size,
NULL,
&sourceContext,
(PVOID*)&pProfile,
&cbProfile,
&logonId,
&token,
&quotas,
&subStatus) != STATUS_SUCCESS)
goto done;
done:
if (lsa_handle)
LsaDeregisterLogonProcess(lsa_handle);
if (s4u_logon)
free(s4u_logon);
if (pProfile)
LsaFreeReturnBuffer(pProfile);
return token;
}
#define AUTH_REQUEST "keyauthenticate"
#define MAX_USER_NAME_LEN 255 + 255
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) { int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
while (1) int r = 0;
{ char* opn, key_blob, user, sig, blob;
HANDLE lsa_handle; size_t opn_len, key_blob_len, user_len, sig_len, blob_len;
PLSA_OPERATIONAL_MODE mode; struct sshkey *key = NULL;
ULONG auth_package_id; HANDLE token = NULL, dup_token = NULL;
NTSTATUS ret; wchar_t wuser[MAX_USER_NAME_LEN];
KERB_S4U_LOGON *s4u_logon; PWSTR wuser_home = NULL;
size_t logon_info_size;
LSA_STRING logon_process_name, auth_package_name, originName;
InitLsaString(&logon_process_name, "ssh-agent");
//InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
InitLsaString(&auth_package_name, "Negotiate");
InitLsaString(&originName, "sshd");
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
break;
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS) user = NULL;
break; if ((r = sshbuf_get_string_direct(request, &opn, &opn_len)) != 0 ||
#define USER_NAME L"user@domain" (r = sshbuf_get_string_direct(request, &key_blob, &key_blob_len)) != 0 ||
logon_info_size = sizeof(KERB_S4U_LOGON); (r = sshbuf_get_cstring(request, &user, &user_len)) != 0 ||
logon_info_size += (wcslen(USER_NAME) * 2 + 2); (r = sshbuf_get_string_direct(request, &sig, &sig_len)) != 0 ||
s4u_logon = malloc(logon_info_size); (r = sshbuf_get_string_direct(request, &blob, &blob_len)) != 0 ||
s4u_logon->MessageType = KerbS4ULogon; (r = sshkey_from_blob(key_blob, key_blob_len, &key)) != 0)
s4u_logon->Flags = 0; goto done;
s4u_logon->ClientUpn.Length = wcslen(USER_NAME) * 2;
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
memcpy(s4u_logon->ClientUpn.Buffer, USER_NAME, s4u_logon->ClientUpn.Length + 2);
s4u_logon->ClientRealm.Length = 0;
s4u_logon->ClientRealm.MaximumLength = 0;
s4u_logon->ClientRealm.Buffer = 0;
TOKEN_SOURCE sourceContext; if ((opn_len != strlen(AUTH_REQUEST)) || (memcmp(opn, AUTH_REQUEST, opn_len) != 0)) {
RtlCopyMemory( r = EINVAL;
sourceContext.SourceName, goto done;
".Jobs ",
sizeof(sourceContext.SourceName)
);
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
break;
PKERB_INTERACTIVE_PROFILE pProfile = NULL;
LUID logonId;
QUOTA_LIMITS quotas;
NTSTATUS subStatus;
DWORD cbProfile;
HANDLE hToken = INVALID_HANDLE_VALUE;
if (ret = LsaLogonUser(lsa_handle, &originName, Network, auth_package_id, s4u_logon, logon_info_size, NULL, &sourceContext,
(PVOID*)&pProfile,
&cbProfile,
&logonId,
&hToken,
&quotas,
&subStatus) != STATUS_SUCCESS)
break;
CloseHandle(hToken);
LsaDeregisterLogonProcess(lsa_handle);
break;
} }
return -1;
if (0 == MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) {
r = GetLastError();
goto done;
}
if ((token = generate_user_token(wuser)) == 0) {
r = EINVAL;
goto done;
}
done:
if (user)
free(user);
if (key)
sshkey_free(key);
if (token)
CloseHandle(token);
if (wuser_home)
CoTaskMemFree(wuser_home);
return r;
} }

5
contrib/win32/win32compat/ssh-agent/keyagent-request.c
View File

@ -73,9 +73,6 @@ convert_blob(struct agent_connection* con, const char *blob, DWORD blen, char **
} }
} }
*eblob = malloc(out.cbData); *eblob = malloc(out.cbData);
if (*eblob == NULL) { if (*eblob == NULL) {
r = ERROR_OUTOFMEMORY; r = ERROR_OUTOFMEMORY;
@ -133,7 +130,7 @@ process_add_identity(struct sshbuf* request, struct sshbuf* response, struct age
done: done:
/* TODO if r failed the delete reg entries*/ /* TODO if r failed, delete reg entries*/
r1 = sshbuf_put_u8(response, (r==0) ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); r1 = sshbuf_put_u8(response, (r==0) ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);