Minor fixes to agent updates

auth-passwd.c

@@ -155,23 +155,23 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
 #ifdef HAVE_LOGIN_CAP
 	if (authctxt->valid) {
 		pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
-			TWO_WEEKS);
+		    TWO_WEEKS);
 		acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
-			TWO_WEEKS);
+		    TWO_WEEKS);
 	}
 #endif
 	if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
 		daysleft = pwtimeleft / DAY + 1;
 		snprintf(buf, sizeof(buf),
-			"Your password will expire in %lld day%s.\n",
+		    "Your password will expire in %lld day%s.\n",
-			daysleft, daysleft == 1 ? "" : "s");
+		    daysleft, daysleft == 1 ? "" : "s");
 		buffer_append(&loginmsg, buf, strlen(buf));
 	}
 	if (actimeleft != 0 && actimeleft < acwarntime) {
 		daysleft = actimeleft / DAY + 1;
 		snprintf(buf, sizeof(buf),
-			"Your account will expire in %lld day%s.\n",
+		    "Your account will expire in %lld day%s.\n",
-			daysleft, daysleft == 1 ? "" : "s");
+		    daysleft, daysleft == 1 ? "" : "s");
 		buffer_append(&loginmsg, buf, strlen(buf));
 	}
 }
@@ -184,7 +184,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 	static int expire_checked = 0;
 
 	as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
-		(char *)password);
+	    (char *)password);
 	if (as == NULL)
 		return (0);
 	if (auth_getstate(as) & AUTH_PWEXPIRED) {
@@ -192,8 +192,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 		disable_forwarding();
 		authctxt->force_pwchange = 1;
 		return (1);
-	}
+	} else {
-	else {
 		if (!expire_checked) {
 			expire_checked = 1;
 			warn_expiry(authctxt, as);
@@ -258,13 +257,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 
 	/* Encrypt the candidate password using the proper salt. */
 	encrypted_password = xcrypt(password,
-		(pw_password[0] && pw_password[1]) ? pw_password : "xx");
+	    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
 
 	/*
 	 * Authentication is accepted if the encrypted passwords
 	 * are identical.
 	 */
 	return encrypted_password != NULL &&
-		strcmp(encrypted_password, pw_password) == 0;
+	    strcmp(encrypted_password, pw_password) == 0;
 }
 #endif

contrib/win32/win32compat/pwd.c

@@ -165,7 +165,7 @@ char *GetHomeDirFromToken(char *userName, HANDLE token)
 		RegCloseKey(reg_key);
 
         { /* retrieve and set env variables. */
-                /* TODO - Get away with fixed limits and dynamically allocated required memory*/
+                /* TODO - Get away with fixed limits and dynamically allocate required memory, cleanup this logic*/
 #define MAX_VALUE_LEN  1000
 #define MAX_DATA_LEN   2000
 #define MAX_EXPANDED_DATA_LEN 5000
@@ -176,7 +176,8 @@ char *GetHomeDirFromToken(char *userName, HANDLE token)
                 int i;
                 LONG ret;
                 
-                ImpersonateLoggedOnUser(token);
+                if (ImpersonateLoggedOnUser(token) == FALSE)
+                        debug("Failed to impersonate user token, %d", GetLastError());
                 SET_USER_ENV(FOLDERID_LocalAppData, L"LOCALAPPDATA");
                 SET_USER_ENV(FOLDERID_Profile, L"USERPROFILE");
                 SET_USER_ENV(FOLDERID_RoamingAppData, L"APPDATA");

contrib/win32/win32compat/ssh-agent/authagent-request.c

@@ -201,7 +201,7 @@ generate_user_token(wchar_t* user) {
 	    &token,
 	    &quotas,
 	    &subStatus) != STATUS_SUCCESS) {
-	    debug("LsaLogonUser failed");
+	    debug("LsaLogonUser failed %d", ret);
 		goto done;
 	}
 
@@ -256,12 +256,16 @@ int process_passwordauth_request(struct sshbuf* request, struct sshbuf* response
 		*tmp = L'\0';
 	}
 
-	if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE ||
+        if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
-		(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
+                debug("failed to logon user");
-		((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
+                goto done;
-		(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
+        }
-		(sshbuf_put_u32(response, dup_token) != 0)) {
+                
-		debug("failed to authenticate user");
+	if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
+	    ((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
+	    (FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
+	    (sshbuf_put_u32(response, dup_token) != 0)) {
+	        debug("failed to duplicate user token");
 		goto done;
 	}
 

contrib/win32/win32compat/ssh-agent/connection.c

@@ -167,6 +167,7 @@ done:
 	return r;
 }
 
+/* TODO - move this to common header*/
 #define SSH_AGENT_AUTHENTICATE			100
 
 static int