added support for domain\user for key-based auth

2025-07-24 22:45:17 +02:00 · 2016-05-15 12:30:05 -07:00 · 2016-05-15 12:30:05 -07:00 · 5335d43fb6
commit 5335d43fb6
parent 2d6e648a8f
2 changed files with 32 additions and 2 deletions
--- a/contrib/win32/openssh/install-sshd.ps1
+++ b/contrib/win32/openssh/install-sshd.ps1
@ -4,6 +4,8 @@ $scriptdir = Split-Path $scriptpath
 $sshdpath = Join-Path $scriptdir "sshd.exe"
 $sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
 $ntrights = Join-Path $scriptdir "ntrights.exe -u `"NT SERVICE\SSHD`" +r SeAssignPrimaryTokenPrivilege"
 if (-not (Test-Path $sshdpath)) {
    throw "sshd.exe is not present in script path"
 }
@ -25,5 +27,6 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW
 New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Deamon" -StartupType Manual -DependsOn ssh-agent | Out-Null
 sc.exe config sshd obj= "NT SERVICE\SSHD"
 cmd.exe /c $ntrights
 Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"
--- a/contrib/win32/win32compat/ssh-agent/authagent-request.c
+++ b/contrib/win32/win32compat/ssh-agent/authagent-request.c
@ -50,9 +50,10 @@ InitLsaString(LSA_STRING *lsa_string, const char *str)
 	}
 }
 #define MAX_USER_LEN 256
 static HANDLE 
 generate_user_token(wchar_t* user) {
-	HANDLE lsa_handle = 0, token = 0;;
+	HANDLE lsa_handle = 0, token = 0;
 	LSA_OPERATIONAL_MODE mode;
 	ULONG auth_package_id;
 	NTSTATUS ret, subStatus;
@ -64,7 +65,33 @@ generate_user_token(wchar_t* user) {
 	LUID logonId;
 	QUOTA_LIMITS quotas;
 	DWORD cbProfile;
-	BOOL domain_user = (wcschr(user, L'@') != NULL)? TRUE : FALSE;
+	BOOL domain_user;
 	/* prep user name - TODO: implment an accurate check if user is domain account*/
 	if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) {
 		debug("user length is not supported");
 		goto done;
 	}
 	if (wcschr(user, L'\\') != NULL) {
 		wchar_t *un = NULL, *dn = NULL;
 		DWORD un_len = 0, dn_len = 0;
 		dn = user;
 		dn_len = wcschr(user, L'\\') - user;
 		un = wcschr(user, L'\\') + 1;
 		un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1;
 		if (dn_len == 0 || un_len == 0) {
 			debug("cannot get user token - bad user name");
 			goto done;
 		}
 		memcpy(user_copy, un, un_len * sizeof(wchar_t));
 		user_copy[un_len] = L'@';
 		memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t));
 		user_copy[dn_len + 1 + un_len] = L'\0';
 		user = user_copy;
 	}
 	domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE;
 	InitLsaString(&logon_process_name, "ssh-agent");
 	if (domain_user)