5-8 C4

2025-07-28 00:14:41 +02:00 · 2016-05-08 22:18:16 -07:00 · 2016-05-08 22:18:16 -07:00 · 9347e07039
commit 9347e07039
parent 2c7e659e37
9 changed files with 88 additions and 17 deletions
--- a/contrib/win32/openssh/Win32-OpenSSH.sln
+++ b/contrib/win32/openssh/Win32-OpenSSH.sln
@ -81,6 +81,7 @@ EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-agent", "ssh-agent.vcxproj", "{F6644EC5-D6B6-42A1-828C-75E2977470E0}"
 	ProjectSection(ProjectDependencies) = postProject
 		{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
+		{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
 		{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
 		{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
 		{8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0}
--- a/contrib/win32/openssh/ssh-agent.vcxproj
+++ b/contrib/win32/openssh/ssh-agent.vcxproj
@ -198,7 +198,6 @@
    <ClInclude Include="..\ssh-pubkey\ssh-pubkeydefs.h" />
    <ClInclude Include="..\win32compat\ssh-agent\agent-request.h" />
    <ClInclude Include="..\win32compat\ssh-agent\agent.h" />
-    <ClInclude Include="..\win32compat\ssh-agent\config.h" />
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="..\..\..\auth.c" />
@ -208,7 +207,7 @@
    <ClCompile Include="..\win32compat\ssh-agent\agent-main.c" />
    <ClCompile Include="..\win32compat\ssh-agent\agent.c" />
    <ClCompile Include="..\win32compat\ssh-agent\authagent-request.c" />
-    <ClCompile Include="..\win32compat\ssh-agent\config.c" />
+    <ClCompile Include="..\win32compat\ssh-agent\agentconfig.c" />
    <ClCompile Include="..\win32compat\ssh-agent\connection.c" />
    <ClCompile Include="..\win32compat\ssh-agent\keyagent-request.c" />
    <ClCompile Include="..\win32compat\ssh-agent\pubkeyagent-request.c" />
--- a/contrib/win32/win32compat/ssh-agent/agent-main.c
+++ b/contrib/win32/win32compat/ssh-agent/agent-main.c
@ -28,14 +28,15 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
+
 #include "agent.h"
-#include "config.h"
+

 int scm_start_servie(DWORD, LPWSTR*);

-SERVICE_TABLE_ENTRY diapatch_table[] =
+SERVICE_TABLE_ENTRYW dispatch_table[] =
 {
-	{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTION)scm_start_servie },
+	{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTIONW)scm_start_servie },
 	{ NULL, NULL }
 };
 static SERVICE_STATUS_HANDLE service_status_handle;
@ -93,7 +94,7 @@ int main(int argc, char **argv) {
 	
 	w32posix_initialize();
 	load_config();
-	if (!StartServiceCtrlDispatcher(diapatch_table))  {
+	if (!StartServiceCtrlDispatcherW(dispatch_table))  {
 		if (GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) {
 			if (argc == 1) {
 				/* console app - start in debug mode*/
@ -102,8 +103,10 @@ int main(int argc, char **argv) {
 				return agent_start(TRUE, FALSE, 0, 0);
 			}
 			else {
+				char* h = 0;
+				h += atoi(*(argv + 1));
 				log_init("ssh-agent", config_log_level(), 1, 0);
-				return agent_start(FALSE, TRUE, (HANDLE)atoi(*(argv+1)), atoi(*(argv+2)));
+				return agent_start(FALSE, TRUE, h, atoi(*(argv+2)));
 			}
 		}
 		else
@ -113,7 +116,7 @@ int main(int argc, char **argv) {
 }

 int scm_start_servie(DWORD num, LPWSTR* args) {
-	service_status_handle = RegisterServiceCtrlHandler(L"ssh-agent", service_handler);
+	service_status_handle = RegisterServiceCtrlHandlerW(L"ssh-agent", service_handler);
 	ZeroMemory(&service_status, sizeof(service_status));
 	service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
 	ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 300);
--- a/contrib/win32/win32compat/ssh-agent/agent-request.h
+++ b/contrib/win32/win32compat/ssh-agent/agent-request.h
@ -1,4 +1,3 @@
-#include <Windows.h>
 typedef unsigned char u_int8_t;
 typedef unsigned short u_int16_t;
 typedef unsigned int u_int32_t;
--- a/contrib/win32/win32compat/ssh-agent/agent.c
+++ b/contrib/win32/win32compat/ssh-agent/agent.c
@ -28,7 +28,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-#include "agent.h"s
+#include "agent.h"
 #define BUFSIZE 5 * 1024

 static HANDLE ioc_port = NULL;
@ -118,7 +118,7 @@ process_connection(HANDLE pipe, int type) {
 	con->type = type;
 	CreateIoCompletionPort(pipe, ioc_port, (ULONG_PTR)con, 0);
 	agent_connection_on_io(con, 0, &con->ol);
-	iocp_work(NULL);
+	return iocp_work(NULL);
 }

 static void 
@ -186,10 +186,10 @@ agent_listen_loop() {
 				/* todo - spawn a child to take care of this*/
 				wchar_t path[MAX_PATH], module_path[MAX_PATH];
 				PROCESS_INFORMATION pi;
-				STARTUPINFO si;
+				STARTUPINFOW si;

-				si.cb = sizeof(STARTUPINFO);
-				memset(&si, 0, sizeof(STARTUPINFO));
+				si.cb = sizeof(STARTUPINFOW);
+				memset(&si, 0, sizeof(STARTUPINFOW));
 				GetModuleFileNameW(NULL, module_path, MAX_PATH);
 				swprintf_s(path, MAX_PATH, L"%s %d %d", module_path, con, listeners[r - 1].type);
 				if (CreateProcessW(NULL, path, NULL, NULL, TRUE,
--- a/contrib/win32/win32compat/ssh-agent/agent.h
+++ b/contrib/win32/win32compat/ssh-agent/agent.h
@ -39,4 +39,7 @@ void agent_connection_disconnect(struct agent_connection*);

 int agent_start(BOOL, BOOL, HANDLE, enum agent_type);
 void agent_shutdown();
-void agent_cleanup_connection(struct agent_connection*);
+void agent_cleanup_connection(struct agent_connection*);
+
+int load_config();
+int config_log_level();
--- a/contrib/win32/win32compat/ssh-agent/agentconfig.c
+++ b/contrib/win32/win32compat/ssh-agent/agentconfig.c
@ -44,6 +44,7 @@
 #include "auth.h"
 #include "myproposal.h"
 #include "digest.h"
+#include "agent.h"

 static int use_privsep = -1;
 Buffer cfg;
--- a/contrib/win32/win32compat/ssh-agent/authagent-request.c
+++ b/contrib/win32/win32compat/ssh-agent/authagent-request.c
@ -29,9 +29,74 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

+#include <Windows.h>
+#include <Ntsecapi.h>
+//#include <ntstatus.h>
 #include "agent.h"
 #include "agent-request.h"

+
 int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
+	while (1)
+	{
+		HANDLE lsa_handle;
+		PLSA_OPERATIONAL_MODE mode;
+		ULONG auth_package_id;
+		NTSTATUS ret;
+		KERB_S4U_LOGON *s4u_logon;
+		size_t logon_info_size;
+		LSA_STRING logon_process_name, auth_package_name, originName;
+		InitLsaString(&logon_process_name, "ssh-agent");
+		//InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
+		InitLsaString(&auth_package_name, "Negotiate");
+		InitLsaString(&originName, "sshd");
+		if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
+			break;
+
+		if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
+			break;
+#define USER_NAME L"user@domain"
+		logon_info_size = sizeof(KERB_S4U_LOGON);
+		logon_info_size += (wcslen(USER_NAME) * 2 + 2);
+		s4u_logon = malloc(logon_info_size);
+		s4u_logon->MessageType = KerbS4ULogon;
+		s4u_logon->Flags = 0;
+		s4u_logon->ClientUpn.Length = wcslen(USER_NAME) * 2;
+		s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
+		s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
+		memcpy(s4u_logon->ClientUpn.Buffer, USER_NAME, s4u_logon->ClientUpn.Length + 2);
+		s4u_logon->ClientRealm.Length = 0;
+		s4u_logon->ClientRealm.MaximumLength = 0;
+		s4u_logon->ClientRealm.Buffer = 0;
+
+		TOKEN_SOURCE sourceContext;
+		RtlCopyMemory(
+			sourceContext.SourceName,
+			".Jobs   ",
+			sizeof(sourceContext.SourceName)
+			);
+
+		if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
+			break;
+
+		PKERB_INTERACTIVE_PROFILE pProfile = NULL;
+		LUID            logonId;
+		QUOTA_LIMITS    quotas;
+		NTSTATUS        subStatus;
+		DWORD           cbProfile;
+		HANDLE          hToken = INVALID_HANDLE_VALUE;
+		if (ret = LsaLogonUser(lsa_handle, &originName, Network, auth_package_id, s4u_logon, logon_info_size, NULL, &sourceContext,
+			(PVOID*)&pProfile,
+			&cbProfile,
+			&logonId,
+			&hToken,
+			&quotas,
+			&subStatus) != STATUS_SUCCESS)
+			break;
+
+		CloseHandle(hToken);
+		LsaDeregisterLogonProcess(lsa_handle);
+		break;
+	}
 	return -1;
 }
--- a/contrib/win32/win32compat/ssh-agent/keyagent-request.c
+++ b/contrib/win32/win32compat/ssh-agent/keyagent-request.c
@ -49,14 +49,14 @@ get_user_root(struct agent_connection* con, HKEY *root){
 }

 static int
-convert_blob(struct agent_connection* con, char *blob, DWORD blen, char **eblob, DWORD *eblen, int encrypt) {
+convert_blob(struct agent_connection* con, const char *blob, DWORD blen, char **eblob, DWORD *eblen, int encrypt) {
 	int r = 0;
 	DATA_BLOB in, out;
 	if (ImpersonateNamedPipeClient(con->connection) == FALSE)
 		return ERROR_INTERNAL_ERROR;

 	in.cbData = blen;
-	in.pbData = blob;
+	in.pbData = (char*)blob;
 	out.cbData = 0;
 	out.pbData = NULL;