5-14 C5
This commit is contained in:
manojampalam
parent
ead199c2ff
commit
adf15dffb5
|
|
@ -125,7 +125,7 @@ process_connection(HANDLE pipe, int type) {
|
|||
fatal("failed to assign pipe to ioc_port");
|
||||
|
||||
agent_connection_on_io(con, 0, &con->ol);
|
||||
return iocp_work(NULL);
|
||||
iocp_work(NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -194,7 +194,7 @@ agent_listen_loop() {
|
|||
return;
|
||||
}
|
||||
else {
|
||||
/* todo - spawn a child to take care of this*/
|
||||
/* spawn a child to take care of this*/
|
||||
wchar_t path[MAX_PATH], module_path[MAX_PATH];
|
||||
PROCESS_INFORMATION pi;
|
||||
STARTUPINFOW si;
|
||||
|
|
@ -239,9 +239,11 @@ void agent_shutdown() {
|
|||
SetEvent(event_stop_agent);
|
||||
}
|
||||
|
||||
#define REG_AGENT_SDDL L"D:P(A;; GR;;; AU)(A;; GA;;; SY)(A;; GA;;; BA)"
|
||||
|
||||
void
|
||||
agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
||||
int i, r;
|
||||
int r;
|
||||
HKEY agent_root = NULL;
|
||||
DWORD process_id = GetCurrentProcessId();
|
||||
|
||||
|
|
@ -251,8 +253,14 @@ agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
|||
if ((ioc_port = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, (ULONG_PTR)NULL, 0)) == NULL)
|
||||
fatal("cannot create ioc port ERROR:%d", GetLastError());
|
||||
|
||||
|
||||
if (child == FALSE) {
|
||||
if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, 0, &agent_root, 0)) != ERROR_SUCCESS)
|
||||
SECURITY_ATTRIBUTES sa;
|
||||
memset(&sa, 0, sizeof(SECURITY_ATTRIBUTES));
|
||||
sa.nLength = sizeof(sa);
|
||||
if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(REG_AGENT_SDDL, SDDL_REVISION_1, &sa.lpSecurityDescriptor, &sa.nLength))
|
||||
fatal("ConvertStringSecurityDescriptorToSecurityDescriptorW failed");
|
||||
if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, &sa, &agent_root, 0)) != ERROR_SUCCESS)
|
||||
fatal("cannot create agent root reg key, ERROR:%d", r);
|
||||
if ((r = RegSetValueExW(agent_root, L"ProcessID", 0, REG_DWORD, (BYTE*)&process_id, 4)) != ERROR_SUCCESS)
|
||||
fatal("cannot publish agent master process id ERROR:%d", r);
|
||||
|
|
@ -266,6 +274,5 @@ agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
|||
process_connection(pipe, type);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -138,10 +138,10 @@ done:
|
|||
}
|
||||
|
||||
#define AUTH_REQUEST "keyauthenticate"
|
||||
#define MAX_USER_NAME_LEN 255 + 255
|
||||
#define MAX_USER_NAME_LEN 256
|
||||
|
||||
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||
int r = 0;
|
||||
int r = -1;
|
||||
char *opn, *key_blob, *user, *sig, *blob;
|
||||
size_t opn_len, key_blob_len, user_len, sig_len, blob_len;
|
||||
struct sshkey *key = NULL;
|
||||
|
|
@ -151,36 +151,44 @@ int process_authagent_request(struct sshbuf* request, struct sshbuf* response, s
|
|||
ULONG client_pid;
|
||||
|
||||
user = NULL;
|
||||
if ((r = sshbuf_get_string_direct(request, &opn, &opn_len)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(request, &key_blob, &key_blob_len)) != 0 ||
|
||||
(r = sshbuf_get_cstring(request, &user, &user_len)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(request, &sig, &sig_len)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(request, &blob, &blob_len)) != 0 ||
|
||||
(r = sshkey_from_blob(key_blob, key_blob_len, &key)) != 0)
|
||||
goto done;
|
||||
|
||||
if ((opn_len != strlen(AUTH_REQUEST)) || (memcmp(opn, AUTH_REQUEST, opn_len) != 0)) {
|
||||
r = EINVAL;
|
||||
if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0 ||
|
||||
sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &user, &user_len) != 0 ||
|
||||
sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
|
||||
sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
|
||||
sshkey_from_blob(key_blob, key_blob_len, &key) != 0 ||
|
||||
opn_len != strlen(AUTH_REQUEST) ||
|
||||
memcmp(opn, AUTH_REQUEST, opn_len) != 0) {
|
||||
debug("auth agent invalid request");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (0 == MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN)) {
|
||||
r = GetLastError();
|
||||
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) == 0 ||
|
||||
(token = generate_user_token(wuser)) == 0) {
|
||||
debug("unable to generate user token");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (key_verify(key, sig, sig_len, blob, blob_len) != 1 ||
|
||||
(token = generate_user_token(wuser)) == 0 ||
|
||||
SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
|
||||
pubkey_allowed(key, wuser, wuser_home) != 1 ||
|
||||
(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, dup_token) != 0) ) {
|
||||
r = EINVAL;
|
||||
if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
|
||||
pubkey_allowed(key, wuser, wuser_home) != 1) {
|
||||
debug("given public key is not mapped to user %ls", wuser);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (key_verify(key, sig, sig_len, blob, blob_len) != 1) {
|
||||
debug("signature verification failed");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, dup_token) != 0) ) {
|
||||
debug("failed to authorize user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
r = 0;
|
||||
done:
|
||||
if (user)
|
||||
free(user);
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@
|
|||
static int
|
||||
get_user_root(struct agent_connection* con, HKEY *root){
|
||||
int r = 0;
|
||||
*root = NULL;
|
||||
if (ImpersonateNamedPipeClient(con->connection) == FALSE)
|
||||
return -1;
|
||||
|
||||
|
|
@ -47,6 +48,8 @@ get_user_root(struct agent_connection* con, HKEY *root){
|
|||
else if (RegOpenCurrentUser(KEY_ALL_ACCESS, root) != ERROR_SUCCESS)
|
||||
r = -1;
|
||||
|
||||
if (*root == NULL)
|
||||
debug("cannot connect to user's registry root");
|
||||
RevertToSelf();
|
||||
return r;
|
||||
}
|
||||
|
|
@ -411,11 +414,10 @@ done:
|
|||
|
||||
|
||||
int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||
int r;
|
||||
u_char type;
|
||||
|
||||
if ((r = sshbuf_get_u8(request, &type)) != 0)
|
||||
return r;
|
||||
if (sshbuf_get_u8(request, &type) != 0)
|
||||
return -1;
|
||||
debug2("process key agent request type %d", type);
|
||||
|
||||
switch (type) {
|
||||
|
|
@ -431,6 +433,6 @@ int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, st
|
|||
return process_remove_all(request, response, con);
|
||||
default:
|
||||
debug("unknown key agent request %d", type);
|
||||
return EINVAL;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue