added support for domain\user for key-based auth

This commit is contained in:
manojampalam 2016-05-15 12:30:05 -07:00
parent 2d6e648a8f
commit 5335d43fb6
2 changed files with 32 additions and 2 deletions

View File

@ -4,6 +4,8 @@ $scriptdir = Split-Path $scriptpath
$sshdpath = Join-Path $scriptdir "sshd.exe"
$sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
$ntrights = Join-Path $scriptdir "ntrights.exe -u `"NT SERVICE\SSHD`" +r SeAssignPrimaryTokenPrivilege"
if (-not (Test-Path $sshdpath)) {
throw "sshd.exe is not present in script path"
}
@ -25,5 +27,6 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW
New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Deamon" -StartupType Manual -DependsOn ssh-agent | Out-Null
sc.exe config sshd obj= "NT SERVICE\SSHD"
cmd.exe /c $ntrights
Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"

View File

@ -50,9 +50,10 @@ InitLsaString(LSA_STRING *lsa_string, const char *str)
}
}
#define MAX_USER_LEN 256
static HANDLE
generate_user_token(wchar_t* user) {
HANDLE lsa_handle = 0, token = 0;;
HANDLE lsa_handle = 0, token = 0;
LSA_OPERATIONAL_MODE mode;
ULONG auth_package_id;
NTSTATUS ret, subStatus;
@ -64,7 +65,33 @@ generate_user_token(wchar_t* user) {
LUID logonId;
QUOTA_LIMITS quotas;
DWORD cbProfile;
BOOL domain_user = (wcschr(user, L'@') != NULL)? TRUE : FALSE;
BOOL domain_user;
/* prep user name - TODO: implment an accurate check if user is domain account*/
if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) {
debug("user length is not supported");
goto done;
}
if (wcschr(user, L'\\') != NULL) {
wchar_t *un = NULL, *dn = NULL;
DWORD un_len = 0, dn_len = 0;
dn = user;
dn_len = wcschr(user, L'\\') - user;
un = wcschr(user, L'\\') + 1;
un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1;
if (dn_len == 0 || un_len == 0) {
debug("cannot get user token - bad user name");
goto done;
}
memcpy(user_copy, un, un_len * sizeof(wchar_t));
user_copy[un_len] = L'@';
memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t));
user_copy[dn_len + 1 + un_len] = L'\0';
user = user_copy;
}
domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE;
InitLsaString(&logon_process_name, "ssh-agent");
if (domain_user)