diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 015a0a8..d75304e 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -93,21 +93,7 @@ extern u_int session_id2_len; static int userauth_pubkey(Authctxt *authctxt) -{ - #ifdef WIN32_FIXME - - int loginStat = 1; - - char currentUser[MAX_PATH] = {0}; - - DWORD currentUserSize = sizeof(currentUser); - - int targetIsCurrent = 0; - - int doOpenSSHVerify = 0; - - #endif - +{ Buffer b; Key *key = NULL; char *pkalg, *userstyle; @@ -203,9 +189,6 @@ userauth_pubkey(Authctxt *authctxt) /* test for correct signature */ authenticated = 0; - /* - * On pure win32 try to logon using lsa first. - */ #ifdef WIN32_FIXME { @@ -234,13 +217,18 @@ userauth_pubkey(Authctxt *authctxt) OPEN_EXISTING, // opens existing pipe FILE_FLAG_OVERLAPPED, // attributes NULL); // no template file - if (h == INVALID_HANDLE_VALUE) + if (h == INVALID_HANDLE_VALUE) { + debug("cannot connect to auth agent"); break; + } - if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) + if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) { + debug("auth agent pid mismatch"); break; + } - sock = w32_allocate_fd_for_handle(h, FALSE); + if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0) + break; msg = sshbuf_new(); if (!msg) break; @@ -251,8 +239,10 @@ userauth_pubkey(Authctxt *authctxt) (r = sshbuf_put_string(msg, sig, slen)) != 0 || (r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 || (r = ssh_request_reply(sock, msg, msg)) != 0 || - (r = sshbuf_get_u32(msg, &token)) != 0 ) + (r = sshbuf_get_u32(msg, &token)) != 0) { + debug("auth agent did not authorize client %s", authctxt->pw->pw_name); break; + } break; diff --git a/authfd.c b/authfd.c index e01f452..6bad964 100644 --- a/authfd.c +++ b/authfd.c @@ -95,35 +95,42 @@ ssh_get_authentication_socket(int *fdp) *fdp = -1; #ifdef WIN32_FIXME + { #define SSH_AGENT_ROOT "SOFTWARE\\SSH\\Agent" - HKEY agent_root = 0; - DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff; - RegOpenKeyEx(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, KEY_QUERY_VALUE, &agent_root); - if (agent_root) { - RegQueryValueEx(agent_root, "ProcessId", 0, NULL, &agent_pid, &tmp_size); - RegCloseKey(agent_root); - } - - HANDLE h = CreateFile( - "\\\\.\\pipe\\ssh-keyagent", // pipe name - GENERIC_READ | // read and write access - GENERIC_WRITE, - 0, // no sharing - NULL, // default security attributes - OPEN_EXISTING, // opens existing pipe - FILE_FLAG_OVERLAPPED, // attributes - NULL); // no template file - if (h == INVALID_HANDLE_VALUE) { - return SSH_ERR_AGENT_NOT_PRESENT; - } + HKEY agent_root = 0; + DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff; + HANDLE h; + RegOpenKeyEx(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, KEY_QUERY_VALUE, &agent_root); + if (agent_root) { + RegQueryValueEx(agent_root, "ProcessId", 0, NULL, &agent_pid, &tmp_size); + RegCloseKey(agent_root); + } - if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) { - return SSH_ERR_AGENT_COMMUNICATION; - + h = CreateFile( + "\\\\.\\pipe\\ssh-keyagent", // pipe name + GENERIC_READ | // read and write access + GENERIC_WRITE, + 0, // no sharing + NULL, // default security attributes + OPEN_EXISTING, // opens existing pipe + FILE_FLAG_OVERLAPPED, // attributes + NULL); // no template file + if (h == INVALID_HANDLE_VALUE) { + return SSH_ERR_AGENT_NOT_PRESENT; + } + + if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) { + debug("agent pid mismatch"); + CloseHandle(h); + return SSH_ERR_AGENT_COMMUNICATION; + + } + + if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0) { + CloseHandle(h); + return SSH_ERR_SYSTEM_ERROR; + } } - - sock = w32_allocate_fd_for_handle(h, FALSE); - #else authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); if (!authsocket) diff --git a/contrib/win32/win32compat/ssh-agent/pubkeyagent-request.c b/contrib/win32/win32compat/ssh-agent/pubkeyagent-request.c index acae41f..f56a94b 100644 --- a/contrib/win32/win32compat/ssh-agent/pubkeyagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/pubkeyagent-request.c @@ -42,21 +42,7 @@ process_add_request(struct sshbuf* request, struct sshbuf* response, struct agen int process_pubkeyagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) { - int r = 0; - const u_char *op; - size_t op_len; - - if ((r = sshbuf_get_string_direct(request, &op, &op_len)) != 0) - goto done; - - if (op_len > 10) { - r = EINVAL; - goto done; - } - - if ((op_len == 3) && (strncmp(op, PK_REQUEST_ADD, 3) == 0)) - r = 0; - + int r = -1; done: return r;