mirror of
https://github.com/PowerShell/Win32-OpenSSH.git
synced 2025-07-24 06:25:35 +02:00
5-8 C4
This commit is contained in:
parent
2c7e659e37
commit
9347e07039
@ -81,6 +81,7 @@ EndProject
|
|||||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-agent", "ssh-agent.vcxproj", "{F6644EC5-D6B6-42A1-828C-75E2977470E0}"
|
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-agent", "ssh-agent.vcxproj", "{F6644EC5-D6B6-42A1-828C-75E2977470E0}"
|
||||||
ProjectSection(ProjectDependencies) = postProject
|
ProjectSection(ProjectDependencies) = postProject
|
||||||
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
|
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
|
||||||
|
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
|
||||||
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
|
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
|
||||||
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
|
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
|
||||||
{8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0}
|
{8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0}
|
||||||
|
@ -198,7 +198,6 @@
|
|||||||
<ClInclude Include="..\ssh-pubkey\ssh-pubkeydefs.h" />
|
<ClInclude Include="..\ssh-pubkey\ssh-pubkeydefs.h" />
|
||||||
<ClInclude Include="..\win32compat\ssh-agent\agent-request.h" />
|
<ClInclude Include="..\win32compat\ssh-agent\agent-request.h" />
|
||||||
<ClInclude Include="..\win32compat\ssh-agent\agent.h" />
|
<ClInclude Include="..\win32compat\ssh-agent\agent.h" />
|
||||||
<ClInclude Include="..\win32compat\ssh-agent\config.h" />
|
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClCompile Include="..\..\..\auth.c" />
|
<ClCompile Include="..\..\..\auth.c" />
|
||||||
@ -208,7 +207,7 @@
|
|||||||
<ClCompile Include="..\win32compat\ssh-agent\agent-main.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\agent-main.c" />
|
||||||
<ClCompile Include="..\win32compat\ssh-agent\agent.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\agent.c" />
|
||||||
<ClCompile Include="..\win32compat\ssh-agent\authagent-request.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\authagent-request.c" />
|
||||||
<ClCompile Include="..\win32compat\ssh-agent\config.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\agentconfig.c" />
|
||||||
<ClCompile Include="..\win32compat\ssh-agent\connection.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\connection.c" />
|
||||||
<ClCompile Include="..\win32compat\ssh-agent\keyagent-request.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\keyagent-request.c" />
|
||||||
<ClCompile Include="..\win32compat\ssh-agent\pubkeyagent-request.c" />
|
<ClCompile Include="..\win32compat\ssh-agent\pubkeyagent-request.c" />
|
||||||
|
@ -28,14 +28,15 @@
|
|||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "agent.h"
|
#include "agent.h"
|
||||||
#include "config.h"
|
|
||||||
|
|
||||||
int scm_start_servie(DWORD, LPWSTR*);
|
int scm_start_servie(DWORD, LPWSTR*);
|
||||||
|
|
||||||
SERVICE_TABLE_ENTRY diapatch_table[] =
|
SERVICE_TABLE_ENTRYW dispatch_table[] =
|
||||||
{
|
{
|
||||||
{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTION)scm_start_servie },
|
{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTIONW)scm_start_servie },
|
||||||
{ NULL, NULL }
|
{ NULL, NULL }
|
||||||
};
|
};
|
||||||
static SERVICE_STATUS_HANDLE service_status_handle;
|
static SERVICE_STATUS_HANDLE service_status_handle;
|
||||||
@ -93,7 +94,7 @@ int main(int argc, char **argv) {
|
|||||||
|
|
||||||
w32posix_initialize();
|
w32posix_initialize();
|
||||||
load_config();
|
load_config();
|
||||||
if (!StartServiceCtrlDispatcher(diapatch_table)) {
|
if (!StartServiceCtrlDispatcherW(dispatch_table)) {
|
||||||
if (GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) {
|
if (GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) {
|
||||||
if (argc == 1) {
|
if (argc == 1) {
|
||||||
/* console app - start in debug mode*/
|
/* console app - start in debug mode*/
|
||||||
@ -102,8 +103,10 @@ int main(int argc, char **argv) {
|
|||||||
return agent_start(TRUE, FALSE, 0, 0);
|
return agent_start(TRUE, FALSE, 0, 0);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
char* h = 0;
|
||||||
|
h += atoi(*(argv + 1));
|
||||||
log_init("ssh-agent", config_log_level(), 1, 0);
|
log_init("ssh-agent", config_log_level(), 1, 0);
|
||||||
return agent_start(FALSE, TRUE, (HANDLE)atoi(*(argv+1)), atoi(*(argv+2)));
|
return agent_start(FALSE, TRUE, h, atoi(*(argv+2)));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -113,7 +116,7 @@ int main(int argc, char **argv) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int scm_start_servie(DWORD num, LPWSTR* args) {
|
int scm_start_servie(DWORD num, LPWSTR* args) {
|
||||||
service_status_handle = RegisterServiceCtrlHandler(L"ssh-agent", service_handler);
|
service_status_handle = RegisterServiceCtrlHandlerW(L"ssh-agent", service_handler);
|
||||||
ZeroMemory(&service_status, sizeof(service_status));
|
ZeroMemory(&service_status, sizeof(service_status));
|
||||||
service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
|
service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
|
||||||
ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 300);
|
ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 300);
|
||||||
|
@ -1,4 +1,3 @@
|
|||||||
#include <Windows.h>
|
|
||||||
typedef unsigned char u_int8_t;
|
typedef unsigned char u_int8_t;
|
||||||
typedef unsigned short u_int16_t;
|
typedef unsigned short u_int16_t;
|
||||||
typedef unsigned int u_int32_t;
|
typedef unsigned int u_int32_t;
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
#include "agent.h"s
|
#include "agent.h"
|
||||||
#define BUFSIZE 5 * 1024
|
#define BUFSIZE 5 * 1024
|
||||||
|
|
||||||
static HANDLE ioc_port = NULL;
|
static HANDLE ioc_port = NULL;
|
||||||
@ -118,7 +118,7 @@ process_connection(HANDLE pipe, int type) {
|
|||||||
con->type = type;
|
con->type = type;
|
||||||
CreateIoCompletionPort(pipe, ioc_port, (ULONG_PTR)con, 0);
|
CreateIoCompletionPort(pipe, ioc_port, (ULONG_PTR)con, 0);
|
||||||
agent_connection_on_io(con, 0, &con->ol);
|
agent_connection_on_io(con, 0, &con->ol);
|
||||||
iocp_work(NULL);
|
return iocp_work(NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@ -186,10 +186,10 @@ agent_listen_loop() {
|
|||||||
/* todo - spawn a child to take care of this*/
|
/* todo - spawn a child to take care of this*/
|
||||||
wchar_t path[MAX_PATH], module_path[MAX_PATH];
|
wchar_t path[MAX_PATH], module_path[MAX_PATH];
|
||||||
PROCESS_INFORMATION pi;
|
PROCESS_INFORMATION pi;
|
||||||
STARTUPINFO si;
|
STARTUPINFOW si;
|
||||||
|
|
||||||
si.cb = sizeof(STARTUPINFO);
|
si.cb = sizeof(STARTUPINFOW);
|
||||||
memset(&si, 0, sizeof(STARTUPINFO));
|
memset(&si, 0, sizeof(STARTUPINFOW));
|
||||||
GetModuleFileNameW(NULL, module_path, MAX_PATH);
|
GetModuleFileNameW(NULL, module_path, MAX_PATH);
|
||||||
swprintf_s(path, MAX_PATH, L"%s %d %d", module_path, con, listeners[r - 1].type);
|
swprintf_s(path, MAX_PATH, L"%s %d %d", module_path, con, listeners[r - 1].type);
|
||||||
if (CreateProcessW(NULL, path, NULL, NULL, TRUE,
|
if (CreateProcessW(NULL, path, NULL, NULL, TRUE,
|
||||||
|
@ -39,4 +39,7 @@ void agent_connection_disconnect(struct agent_connection*);
|
|||||||
|
|
||||||
int agent_start(BOOL, BOOL, HANDLE, enum agent_type);
|
int agent_start(BOOL, BOOL, HANDLE, enum agent_type);
|
||||||
void agent_shutdown();
|
void agent_shutdown();
|
||||||
void agent_cleanup_connection(struct agent_connection*);
|
void agent_cleanup_connection(struct agent_connection*);
|
||||||
|
|
||||||
|
int load_config();
|
||||||
|
int config_log_level();
|
@ -44,6 +44,7 @@
|
|||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "myproposal.h"
|
#include "myproposal.h"
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
|
#include "agent.h"
|
||||||
|
|
||||||
static int use_privsep = -1;
|
static int use_privsep = -1;
|
||||||
Buffer cfg;
|
Buffer cfg;
|
@ -29,9 +29,74 @@
|
|||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <Windows.h>
|
||||||
|
#include <Ntsecapi.h>
|
||||||
|
//#include <ntstatus.h>
|
||||||
#include "agent.h"
|
#include "agent.h"
|
||||||
#include "agent-request.h"
|
#include "agent-request.h"
|
||||||
|
|
||||||
|
|
||||||
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||||
|
while (1)
|
||||||
|
{
|
||||||
|
HANDLE lsa_handle;
|
||||||
|
PLSA_OPERATIONAL_MODE mode;
|
||||||
|
ULONG auth_package_id;
|
||||||
|
NTSTATUS ret;
|
||||||
|
KERB_S4U_LOGON *s4u_logon;
|
||||||
|
size_t logon_info_size;
|
||||||
|
LSA_STRING logon_process_name, auth_package_name, originName;
|
||||||
|
InitLsaString(&logon_process_name, "ssh-agent");
|
||||||
|
//InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
|
||||||
|
InitLsaString(&auth_package_name, "Negotiate");
|
||||||
|
InitLsaString(&originName, "sshd");
|
||||||
|
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
|
||||||
|
break;
|
||||||
|
#define USER_NAME L"user@domain"
|
||||||
|
logon_info_size = sizeof(KERB_S4U_LOGON);
|
||||||
|
logon_info_size += (wcslen(USER_NAME) * 2 + 2);
|
||||||
|
s4u_logon = malloc(logon_info_size);
|
||||||
|
s4u_logon->MessageType = KerbS4ULogon;
|
||||||
|
s4u_logon->Flags = 0;
|
||||||
|
s4u_logon->ClientUpn.Length = wcslen(USER_NAME) * 2;
|
||||||
|
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
|
||||||
|
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
|
||||||
|
memcpy(s4u_logon->ClientUpn.Buffer, USER_NAME, s4u_logon->ClientUpn.Length + 2);
|
||||||
|
s4u_logon->ClientRealm.Length = 0;
|
||||||
|
s4u_logon->ClientRealm.MaximumLength = 0;
|
||||||
|
s4u_logon->ClientRealm.Buffer = 0;
|
||||||
|
|
||||||
|
TOKEN_SOURCE sourceContext;
|
||||||
|
RtlCopyMemory(
|
||||||
|
sourceContext.SourceName,
|
||||||
|
".Jobs ",
|
||||||
|
sizeof(sourceContext.SourceName)
|
||||||
|
);
|
||||||
|
|
||||||
|
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
|
||||||
|
break;
|
||||||
|
|
||||||
|
PKERB_INTERACTIVE_PROFILE pProfile = NULL;
|
||||||
|
LUID logonId;
|
||||||
|
QUOTA_LIMITS quotas;
|
||||||
|
NTSTATUS subStatus;
|
||||||
|
DWORD cbProfile;
|
||||||
|
HANDLE hToken = INVALID_HANDLE_VALUE;
|
||||||
|
if (ret = LsaLogonUser(lsa_handle, &originName, Network, auth_package_id, s4u_logon, logon_info_size, NULL, &sourceContext,
|
||||||
|
(PVOID*)&pProfile,
|
||||||
|
&cbProfile,
|
||||||
|
&logonId,
|
||||||
|
&hToken,
|
||||||
|
"as,
|
||||||
|
&subStatus) != STATUS_SUCCESS)
|
||||||
|
break;
|
||||||
|
|
||||||
|
CloseHandle(hToken);
|
||||||
|
LsaDeregisterLogonProcess(lsa_handle);
|
||||||
|
break;
|
||||||
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
@ -49,14 +49,14 @@ get_user_root(struct agent_connection* con, HKEY *root){
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
convert_blob(struct agent_connection* con, char *blob, DWORD blen, char **eblob, DWORD *eblen, int encrypt) {
|
convert_blob(struct agent_connection* con, const char *blob, DWORD blen, char **eblob, DWORD *eblen, int encrypt) {
|
||||||
int r = 0;
|
int r = 0;
|
||||||
DATA_BLOB in, out;
|
DATA_BLOB in, out;
|
||||||
if (ImpersonateNamedPipeClient(con->connection) == FALSE)
|
if (ImpersonateNamedPipeClient(con->connection) == FALSE)
|
||||||
return ERROR_INTERNAL_ERROR;
|
return ERROR_INTERNAL_ERROR;
|
||||||
|
|
||||||
in.cbData = blen;
|
in.cbData = blen;
|
||||||
in.pbData = blob;
|
in.pbData = (char*)blob;
|
||||||
out.cbData = 0;
|
out.cbData = 0;
|
||||||
out.pbData = NULL;
|
out.pbData = NULL;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user