mirror of
https://github.com/PowerShell/Win32-OpenSSH.git
synced 2025-07-03 04:04:47 +02:00
5-14 C5
This commit is contained in:
manojampalam
parent
ead199c2ff
commit
adf15dffb5
@ -125,7 +125,7 @@ process_connection(HANDLE pipe, int type) {
|
|||||||
fatal("failed to assign pipe to ioc_port");
|
fatal("failed to assign pipe to ioc_port");
|
||||||
|
|
||||||
agent_connection_on_io(con, 0, &con->ol);
|
agent_connection_on_io(con, 0, &con->ol);
|
||||||
return iocp_work(NULL);
|
iocp_work(NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@ -194,7 +194,7 @@ agent_listen_loop() {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
/* todo - spawn a child to take care of this*/
|
/* spawn a child to take care of this*/
|
||||||
wchar_t path[MAX_PATH], module_path[MAX_PATH];
|
wchar_t path[MAX_PATH], module_path[MAX_PATH];
|
||||||
PROCESS_INFORMATION pi;
|
PROCESS_INFORMATION pi;
|
||||||
STARTUPINFOW si;
|
STARTUPINFOW si;
|
||||||
@ -239,9 +239,11 @@ void agent_shutdown() {
|
|||||||
SetEvent(event_stop_agent);
|
SetEvent(event_stop_agent);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define REG_AGENT_SDDL L"D:P(A;; GR;;; AU)(A;; GA;;; SY)(A;; GA;;; BA)"
|
||||||
|
|
||||||
void
|
void
|
||||||
agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
||||||
int i, r;
|
int r;
|
||||||
HKEY agent_root = NULL;
|
HKEY agent_root = NULL;
|
||||||
DWORD process_id = GetCurrentProcessId();
|
DWORD process_id = GetCurrentProcessId();
|
||||||
|
|
||||||
@ -251,8 +253,14 @@ agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
|||||||
if ((ioc_port = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, (ULONG_PTR)NULL, 0)) == NULL)
|
if ((ioc_port = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, (ULONG_PTR)NULL, 0)) == NULL)
|
||||||
fatal("cannot create ioc port ERROR:%d", GetLastError());
|
fatal("cannot create ioc port ERROR:%d", GetLastError());
|
||||||
|
|
||||||
|
|
||||||
if (child == FALSE) {
|
if (child == FALSE) {
|
||||||
if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, 0, &agent_root, 0)) != ERROR_SUCCESS)
|
SECURITY_ATTRIBUTES sa;
|
||||||
|
memset(&sa, 0, sizeof(SECURITY_ATTRIBUTES));
|
||||||
|
sa.nLength = sizeof(sa);
|
||||||
|
if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(REG_AGENT_SDDL, SDDL_REVISION_1, &sa.lpSecurityDescriptor, &sa.nLength))
|
||||||
|
fatal("ConvertStringSecurityDescriptorToSecurityDescriptorW failed");
|
||||||
|
if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, &sa, &agent_root, 0)) != ERROR_SUCCESS)
|
||||||
fatal("cannot create agent root reg key, ERROR:%d", r);
|
fatal("cannot create agent root reg key, ERROR:%d", r);
|
||||||
if ((r = RegSetValueExW(agent_root, L"ProcessID", 0, REG_DWORD, (BYTE*)&process_id, 4)) != ERROR_SUCCESS)
|
if ((r = RegSetValueExW(agent_root, L"ProcessID", 0, REG_DWORD, (BYTE*)&process_id, 4)) != ERROR_SUCCESS)
|
||||||
fatal("cannot publish agent master process id ERROR:%d", r);
|
fatal("cannot publish agent master process id ERROR:%d", r);
|
||||||
@ -266,6 +274,5 @@ agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
|
|||||||
process_connection(pipe, type);
|
process_connection(pipe, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -138,10 +138,10 @@ done:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#define AUTH_REQUEST "keyauthenticate"
|
#define AUTH_REQUEST "keyauthenticate"
|
||||||
#define MAX_USER_NAME_LEN 255 + 255
|
#define MAX_USER_NAME_LEN 256
|
||||||
|
|
||||||
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||||
int r = 0;
|
int r = -1;
|
||||||
char *opn, *key_blob, *user, *sig, *blob;
|
char *opn, *key_blob, *user, *sig, *blob;
|
||||||
size_t opn_len, key_blob_len, user_len, sig_len, blob_len;
|
size_t opn_len, key_blob_len, user_len, sig_len, blob_len;
|
||||||
struct sshkey *key = NULL;
|
struct sshkey *key = NULL;
|
||||||
@ -151,36 +151,44 @@ int process_authagent_request(struct sshbuf* request, struct sshbuf* response, s
|
|||||||
ULONG client_pid;
|
ULONG client_pid;
|
||||||
|
|
||||||
user = NULL;
|
user = NULL;
|
||||||
if ((r = sshbuf_get_string_direct(request, &opn, &opn_len)) != 0 ||
|
if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0 ||
|
||||||
(r = sshbuf_get_string_direct(request, &key_blob, &key_blob_len)) != 0 ||
|
sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
|
||||||
(r = sshbuf_get_cstring(request, &user, &user_len)) != 0 ||
|
sshbuf_get_cstring(request, &user, &user_len) != 0 ||
|
||||||
(r = sshbuf_get_string_direct(request, &sig, &sig_len)) != 0 ||
|
sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
|
||||||
(r = sshbuf_get_string_direct(request, &blob, &blob_len)) != 0 ||
|
sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
|
||||||
(r = sshkey_from_blob(key_blob, key_blob_len, &key)) != 0)
|
sshkey_from_blob(key_blob, key_blob_len, &key) != 0 ||
|
||||||
goto done;
|
opn_len != strlen(AUTH_REQUEST) ||
|
||||||
|
memcmp(opn, AUTH_REQUEST, opn_len) != 0) {
|
||||||
if ((opn_len != strlen(AUTH_REQUEST)) || (memcmp(opn, AUTH_REQUEST, opn_len) != 0)) {
|
debug("auth agent invalid request");
|
||||||
r = EINVAL;
|
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (0 == MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN)) {
|
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) == 0 ||
|
||||||
r = GetLastError();
|
(token = generate_user_token(wuser)) == 0) {
|
||||||
|
debug("unable to generate user token");
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (key_verify(key, sig, sig_len, blob, blob_len) != 1 ||
|
if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
|
||||||
(token = generate_user_token(wuser)) == 0 ||
|
pubkey_allowed(key, wuser, wuser_home) != 1) {
|
||||||
SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
|
debug("given public key is not mapped to user %ls", wuser);
|
||||||
pubkey_allowed(key, wuser, wuser_home) != 1 ||
|
goto done;
|
||||||
(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
}
|
||||||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
|
||||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
if (key_verify(key, sig, sig_len, blob, blob_len) != 1) {
|
||||||
(sshbuf_put_u32(response, dup_token) != 0) ) {
|
debug("signature verification failed");
|
||||||
r = EINVAL;
|
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||||
|
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||||
|
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||||
|
(sshbuf_put_u32(response, dup_token) != 0) ) {
|
||||||
|
debug("failed to authorize user");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
r = 0;
|
||||||
done:
|
done:
|
||||||
if (user)
|
if (user)
|
||||||
free(user);
|
free(user);
|
||||||
|
|||||||
@ -39,6 +39,7 @@
|
|||||||
static int
|
static int
|
||||||
get_user_root(struct agent_connection* con, HKEY *root){
|
get_user_root(struct agent_connection* con, HKEY *root){
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
*root = NULL;
|
||||||
if (ImpersonateNamedPipeClient(con->connection) == FALSE)
|
if (ImpersonateNamedPipeClient(con->connection) == FALSE)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -47,6 +48,8 @@ get_user_root(struct agent_connection* con, HKEY *root){
|
|||||||
else if (RegOpenCurrentUser(KEY_ALL_ACCESS, root) != ERROR_SUCCESS)
|
else if (RegOpenCurrentUser(KEY_ALL_ACCESS, root) != ERROR_SUCCESS)
|
||||||
r = -1;
|
r = -1;
|
||||||
|
|
||||||
|
if (*root == NULL)
|
||||||
|
debug("cannot connect to user's registry root");
|
||||||
RevertToSelf();
|
RevertToSelf();
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@ -411,11 +414,10 @@ done:
|
|||||||
|
|
||||||
|
|
||||||
int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||||
int r;
|
|
||||||
u_char type;
|
u_char type;
|
||||||
|
|
||||||
if ((r = sshbuf_get_u8(request, &type)) != 0)
|
if (sshbuf_get_u8(request, &type) != 0)
|
||||||
return r;
|
return -1;
|
||||||
debug2("process key agent request type %d", type);
|
debug2("process key agent request type %d", type);
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
@ -431,6 +433,6 @@ int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, st
|
|||||||
return process_remove_all(request, response, con);
|
return process_remove_all(request, response, con);
|
||||||
default:
|
default:
|
||||||
debug("unknown key agent request %d", type);
|
debug("unknown key agent request %d", type);
|
||||||
return EINVAL;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user