mirror of
https://github.com/PowerShell/Win32-OpenSSH.git
synced 2025-07-22 13:34:43 +02:00
5-8 C4
This commit is contained in:
parent
2c7e659e37
commit
9347e07039
@ -81,6 +81,7 @@ EndProject
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-agent", "ssh-agent.vcxproj", "{F6644EC5-D6B6-42A1-828C-75E2977470E0}"
|
||||
ProjectSection(ProjectDependencies) = postProject
|
||||
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
|
||||
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
|
||||
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
|
||||
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
|
||||
{8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0}
|
||||
|
@ -198,7 +198,6 @@
|
||||
<ClInclude Include="..\ssh-pubkey\ssh-pubkeydefs.h" />
|
||||
<ClInclude Include="..\win32compat\ssh-agent\agent-request.h" />
|
||||
<ClInclude Include="..\win32compat\ssh-agent\agent.h" />
|
||||
<ClInclude Include="..\win32compat\ssh-agent\config.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\..\..\auth.c" />
|
||||
@ -208,7 +207,7 @@
|
||||
<ClCompile Include="..\win32compat\ssh-agent\agent-main.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\agent.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\authagent-request.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\config.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\agentconfig.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\connection.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\keyagent-request.c" />
|
||||
<ClCompile Include="..\win32compat\ssh-agent\pubkeyagent-request.c" />
|
||||
|
@ -28,14 +28,15 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "agent.h"
|
||||
#include "config.h"
|
||||
|
||||
|
||||
int scm_start_servie(DWORD, LPWSTR*);
|
||||
|
||||
SERVICE_TABLE_ENTRY diapatch_table[] =
|
||||
SERVICE_TABLE_ENTRYW dispatch_table[] =
|
||||
{
|
||||
{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTION)scm_start_servie },
|
||||
{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTIONW)scm_start_servie },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
static SERVICE_STATUS_HANDLE service_status_handle;
|
||||
@ -93,7 +94,7 @@ int main(int argc, char **argv) {
|
||||
|
||||
w32posix_initialize();
|
||||
load_config();
|
||||
if (!StartServiceCtrlDispatcher(diapatch_table)) {
|
||||
if (!StartServiceCtrlDispatcherW(dispatch_table)) {
|
||||
if (GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) {
|
||||
if (argc == 1) {
|
||||
/* console app - start in debug mode*/
|
||||
@ -102,8 +103,10 @@ int main(int argc, char **argv) {
|
||||
return agent_start(TRUE, FALSE, 0, 0);
|
||||
}
|
||||
else {
|
||||
char* h = 0;
|
||||
h += atoi(*(argv + 1));
|
||||
log_init("ssh-agent", config_log_level(), 1, 0);
|
||||
return agent_start(FALSE, TRUE, (HANDLE)atoi(*(argv+1)), atoi(*(argv+2)));
|
||||
return agent_start(FALSE, TRUE, h, atoi(*(argv+2)));
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -113,7 +116,7 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
int scm_start_servie(DWORD num, LPWSTR* args) {
|
||||
service_status_handle = RegisterServiceCtrlHandler(L"ssh-agent", service_handler);
|
||||
service_status_handle = RegisterServiceCtrlHandlerW(L"ssh-agent", service_handler);
|
||||
ZeroMemory(&service_status, sizeof(service_status));
|
||||
service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
|
||||
ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 300);
|
||||
|
@ -1,4 +1,3 @@
|
||||
#include <Windows.h>
|
||||
typedef unsigned char u_int8_t;
|
||||
typedef unsigned short u_int16_t;
|
||||
typedef unsigned int u_int32_t;
|
||||
|
@ -28,7 +28,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "agent.h"s
|
||||
#include "agent.h"
|
||||
#define BUFSIZE 5 * 1024
|
||||
|
||||
static HANDLE ioc_port = NULL;
|
||||
@ -118,7 +118,7 @@ process_connection(HANDLE pipe, int type) {
|
||||
con->type = type;
|
||||
CreateIoCompletionPort(pipe, ioc_port, (ULONG_PTR)con, 0);
|
||||
agent_connection_on_io(con, 0, &con->ol);
|
||||
iocp_work(NULL);
|
||||
return iocp_work(NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -186,10 +186,10 @@ agent_listen_loop() {
|
||||
/* todo - spawn a child to take care of this*/
|
||||
wchar_t path[MAX_PATH], module_path[MAX_PATH];
|
||||
PROCESS_INFORMATION pi;
|
||||
STARTUPINFO si;
|
||||
STARTUPINFOW si;
|
||||
|
||||
si.cb = sizeof(STARTUPINFO);
|
||||
memset(&si, 0, sizeof(STARTUPINFO));
|
||||
si.cb = sizeof(STARTUPINFOW);
|
||||
memset(&si, 0, sizeof(STARTUPINFOW));
|
||||
GetModuleFileNameW(NULL, module_path, MAX_PATH);
|
||||
swprintf_s(path, MAX_PATH, L"%s %d %d", module_path, con, listeners[r - 1].type);
|
||||
if (CreateProcessW(NULL, path, NULL, NULL, TRUE,
|
||||
|
@ -39,4 +39,7 @@ void agent_connection_disconnect(struct agent_connection*);
|
||||
|
||||
int agent_start(BOOL, BOOL, HANDLE, enum agent_type);
|
||||
void agent_shutdown();
|
||||
void agent_cleanup_connection(struct agent_connection*);
|
||||
void agent_cleanup_connection(struct agent_connection*);
|
||||
|
||||
int load_config();
|
||||
int config_log_level();
|
@ -44,6 +44,7 @@
|
||||
#include "auth.h"
|
||||
#include "myproposal.h"
|
||||
#include "digest.h"
|
||||
#include "agent.h"
|
||||
|
||||
static int use_privsep = -1;
|
||||
Buffer cfg;
|
@ -29,9 +29,74 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <Windows.h>
|
||||
#include <Ntsecapi.h>
|
||||
//#include <ntstatus.h>
|
||||
#include "agent.h"
|
||||
#include "agent-request.h"
|
||||
|
||||
|
||||
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||
while (1)
|
||||
{
|
||||
HANDLE lsa_handle;
|
||||
PLSA_OPERATIONAL_MODE mode;
|
||||
ULONG auth_package_id;
|
||||
NTSTATUS ret;
|
||||
KERB_S4U_LOGON *s4u_logon;
|
||||
size_t logon_info_size;
|
||||
LSA_STRING logon_process_name, auth_package_name, originName;
|
||||
InitLsaString(&logon_process_name, "ssh-agent");
|
||||
//InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
|
||||
InitLsaString(&auth_package_name, "Negotiate");
|
||||
InitLsaString(&originName, "sshd");
|
||||
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
|
||||
break;
|
||||
|
||||
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
|
||||
break;
|
||||
#define USER_NAME L"user@domain"
|
||||
logon_info_size = sizeof(KERB_S4U_LOGON);
|
||||
logon_info_size += (wcslen(USER_NAME) * 2 + 2);
|
||||
s4u_logon = malloc(logon_info_size);
|
||||
s4u_logon->MessageType = KerbS4ULogon;
|
||||
s4u_logon->Flags = 0;
|
||||
s4u_logon->ClientUpn.Length = wcslen(USER_NAME) * 2;
|
||||
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
|
||||
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
|
||||
memcpy(s4u_logon->ClientUpn.Buffer, USER_NAME, s4u_logon->ClientUpn.Length + 2);
|
||||
s4u_logon->ClientRealm.Length = 0;
|
||||
s4u_logon->ClientRealm.MaximumLength = 0;
|
||||
s4u_logon->ClientRealm.Buffer = 0;
|
||||
|
||||
TOKEN_SOURCE sourceContext;
|
||||
RtlCopyMemory(
|
||||
sourceContext.SourceName,
|
||||
".Jobs ",
|
||||
sizeof(sourceContext.SourceName)
|
||||
);
|
||||
|
||||
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
|
||||
break;
|
||||
|
||||
PKERB_INTERACTIVE_PROFILE pProfile = NULL;
|
||||
LUID logonId;
|
||||
QUOTA_LIMITS quotas;
|
||||
NTSTATUS subStatus;
|
||||
DWORD cbProfile;
|
||||
HANDLE hToken = INVALID_HANDLE_VALUE;
|
||||
if (ret = LsaLogonUser(lsa_handle, &originName, Network, auth_package_id, s4u_logon, logon_info_size, NULL, &sourceContext,
|
||||
(PVOID*)&pProfile,
|
||||
&cbProfile,
|
||||
&logonId,
|
||||
&hToken,
|
||||
"as,
|
||||
&subStatus) != STATUS_SUCCESS)
|
||||
break;
|
||||
|
||||
CloseHandle(hToken);
|
||||
LsaDeregisterLogonProcess(lsa_handle);
|
||||
break;
|
||||
}
|
||||
return -1;
|
||||
}
|
@ -49,14 +49,14 @@ get_user_root(struct agent_connection* con, HKEY *root){
|
||||
}
|
||||
|
||||
static int
|
||||
convert_blob(struct agent_connection* con, char *blob, DWORD blen, char **eblob, DWORD *eblen, int encrypt) {
|
||||
convert_blob(struct agent_connection* con, const char *blob, DWORD blen, char **eblob, DWORD *eblen, int encrypt) {
|
||||
int r = 0;
|
||||
DATA_BLOB in, out;
|
||||
if (ImpersonateNamedPipeClient(con->connection) == FALSE)
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
|
||||
in.cbData = blen;
|
||||
in.pbData = blob;
|
||||
in.pbData = (char*)blob;
|
||||
out.cbData = 0;
|
||||
out.pbData = NULL;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user