5-14 C4

2025-07-21 04:54:48 +02:00 · 2016-05-14 20:57:36 -07:00 · 2016-05-14 20:57:36 -07:00 · ead199c2ff
commit ead199c2ff
parent 03c8d962d7
3 changed files with 46 additions and 63 deletions
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@ -93,21 +93,7 @@ extern u_int session_id2_len;

 static int
 userauth_pubkey(Authctxt *authctxt)
-{
-  #ifdef WIN32_FIXME
-  
-  int loginStat = 1;
-
-  char currentUser[MAX_PATH] = {0};
-  
-  DWORD currentUserSize = sizeof(currentUser);
-  
-  int targetIsCurrent = 0;
-
-  int doOpenSSHVerify = 0;
-  
-  #endif
-  
+{  
 	Buffer b;
 	Key *key = NULL;
 	char *pkalg, *userstyle;
@ -203,9 +189,6 @@ userauth_pubkey(Authctxt *authctxt)

 		/* test for correct signature */
 		authenticated = 0;
-   /*
-     * On pure win32 try to logon using lsa first.
-     */

 #ifdef WIN32_FIXME
 		{
@ -234,13 +217,18 @@ userauth_pubkey(Authctxt *authctxt)
 					OPEN_EXISTING,  // opens existing pipe 
 					FILE_FLAG_OVERLAPPED,              // attributes 
 					NULL);          // no template file 
-				if (h == INVALID_HANDLE_VALUE) 
+				if (h == INVALID_HANDLE_VALUE) {
+					debug("cannot connect to auth agent");
 					break;
+				}

-				if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) 
+				if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) {
+					debug("auth agent pid mismatch");
 					break;
+				}

-				sock = w32_allocate_fd_for_handle(h, FALSE);
+				if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0)
+					break;
 				msg = sshbuf_new();
 				if (!msg)
 					break;
@ -251,8 +239,10 @@ userauth_pubkey(Authctxt *authctxt)
 					(r = sshbuf_put_string(msg, sig, slen)) != 0 ||
 					(r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 ||
 					(r = ssh_request_reply(sock, msg, msg)) != 0 ||
-					(r = sshbuf_get_u32(msg, &token)) != 0 )
+					(r = sshbuf_get_u32(msg, &token)) != 0) {
+					debug("auth agent did not authorize client %s", authctxt->pw->pw_name);
 					break;
+				}

 				break;
 				
--- a/authfd.c
+++ b/authfd.c
@ -95,35 +95,42 @@ ssh_get_authentication_socket(int *fdp)
 		*fdp = -1;

 #ifdef WIN32_FIXME
+	{
 #define SSH_AGENT_ROOT "SOFTWARE\\SSH\\Agent"
-	HKEY agent_root = 0;
-	DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff;
-	RegOpenKeyEx(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, KEY_QUERY_VALUE, &agent_root);
-	if (agent_root) {
-		RegQueryValueEx(agent_root, "ProcessId", 0, NULL, &agent_pid, &tmp_size);
-		RegCloseKey(agent_root);
-	}
-	
-	HANDLE h = CreateFile(
-		"\\\\.\\pipe\\ssh-keyagent",   // pipe name 
-		GENERIC_READ |  // read and write access 
-		GENERIC_WRITE,
-		0,              // no sharing 
-		NULL,           // default security attributes
-		OPEN_EXISTING,  // opens existing pipe 
-		FILE_FLAG_OVERLAPPED,              // attributes 
-		NULL);          // no template file 
-	if (h == INVALID_HANDLE_VALUE) {
-		return SSH_ERR_AGENT_NOT_PRESENT;
-	}
+		HKEY agent_root = 0;
+		DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff;
+		HANDLE h;
+		RegOpenKeyEx(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, KEY_QUERY_VALUE, &agent_root);
+		if (agent_root) {
+			RegQueryValueEx(agent_root, "ProcessId", 0, NULL, &agent_pid, &tmp_size);
+			RegCloseKey(agent_root);
+		}

-	if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) {
-		return SSH_ERR_AGENT_COMMUNICATION;
-	
+		h = CreateFile(
+			"\\\\.\\pipe\\ssh-keyagent",   // pipe name 
+			GENERIC_READ |  // read and write access 
+			GENERIC_WRITE,
+			0,              // no sharing 
+			NULL,           // default security attributes
+			OPEN_EXISTING,  // opens existing pipe 
+			FILE_FLAG_OVERLAPPED,              // attributes 
+			NULL);          // no template file 
+		if (h == INVALID_HANDLE_VALUE) {
+			return SSH_ERR_AGENT_NOT_PRESENT;
+		}
+
+		if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) {
+			debug("agent pid mismatch");
+			CloseHandle(h);
+			return SSH_ERR_AGENT_COMMUNICATION;
+
+		}
+
+		if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0) {
+			CloseHandle(h);
+			return SSH_ERR_SYSTEM_ERROR;
+		}
 	}
-
-	sock = w32_allocate_fd_for_handle(h, FALSE);
-
 #else
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
 	if (!authsocket)
--- a/contrib/win32/win32compat/ssh-agent/pubkeyagent-request.c
+++ b/contrib/win32/win32compat/ssh-agent/pubkeyagent-request.c
@ -42,21 +42,7 @@ process_add_request(struct sshbuf* request, struct sshbuf* response, struct agen


 int process_pubkeyagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
-	int r = 0;
-	const u_char *op;
-	size_t op_len;
-	
-	if ((r = sshbuf_get_string_direct(request, &op, &op_len)) != 0)
-		goto done;
-
-	if (op_len > 10) {
-		r = EINVAL;
-		goto done;
-	}
-
-	if ((op_len == 3) && (strncmp(op, PK_REQUEST_ADD, 3) == 0))
-		r = 0;
-	
+	int r = -1;

 done:
 	return r;