diff --git a/contrib/win32/win32compat/ssh-agent/agent.c b/contrib/win32/win32compat/ssh-agent/agent.c index cc18320cb..a97d9d3f7 100644 --- a/contrib/win32/win32compat/ssh-agent/agent.c +++ b/contrib/win32/win32compat/ssh-agent/agent.c @@ -227,8 +227,6 @@ con_type_to_string(struct agent_connection* con) return "restricted user"; case ADMIN_USER: return "administrator"; - case SSHD_SERVICE: - return "sshd service"; case SYSTEM: return "system"; case SERVICE: @@ -243,7 +241,6 @@ get_con_client_info(struct agent_connection* con) { int r = -1; char sid[SECURITY_MAX_SID_SIZE]; - wchar_t *sshd_act = L"NT SERVICE\\SSHD", *ref_dom = NULL; ULONG client_pid; DWORD reg_dom_len = 0, info_len = 0, sid_size; DWORD sshd_sid_len = 0; @@ -273,38 +270,6 @@ get_con_client_info(struct agent_connection* con) goto done; } - /* check if its SSHD service */ - { - /* Does NT Service/SSHD exist */ - LookupAccountNameW(NULL, sshd_act, NULL, &sshd_sid_len, NULL, ®_dom_len, &nuse); - - if (GetLastError() == ERROR_NONE_MAPPED) - debug3("Cannot look up SSHD account, its likely not installed"); - else if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { - error("LookupAccountNameW on SSHD account failed with %d", GetLastError()); - goto done; - } - else { - if ((sshd_sid = malloc(sshd_sid_len)) == NULL || - (ref_dom = (wchar_t*)malloc(reg_dom_len * 2)) == NULL || - LookupAccountNameW(NULL, sshd_act, sshd_sid, &sshd_sid_len, ref_dom, ®_dom_len, &nuse) == FALSE) - goto done; - - if (EqualSid(info->User.Sid, sshd_sid)) { - con->client_type = SSHD_SERVICE; - r = 0; - goto done; - } - if (CheckTokenMembership(client_impersonation_token, sshd_sid, &isMember) == FALSE) - goto done; - if (isMember) { - con->client_type = SSHD_SERVICE; - r = 0; - goto done; - } - } - } - /* check if its LS or NS */ if (IsWellKnownSid(info->User.Sid, WinNetworkServiceSid) || IsWellKnownSid(info->User.Sid, WinLocalServiceSid)) { @@ -335,8 +300,6 @@ done: if (sshd_sid) free(sshd_sid); - if (ref_dom) - free(ref_dom); if (info) free(info); if (client_primary_token) diff --git a/contrib/win32/win32compat/ssh-agent/agent.h b/contrib/win32/win32compat/ssh-agent/agent.h index d8943c680..2fb5e8236 100644 --- a/contrib/win32/win32compat/ssh-agent/agent.h +++ b/contrib/win32/win32compat/ssh-agent/agent.h @@ -33,7 +33,6 @@ struct agent_connection { UNKNOWN = 0, NONADMIN_USER, /* client is running as a nonadmin user */ ADMIN_USER, /* client is running as admin */ - SSHD_SERVICE, /* client is sshd service */ SYSTEM, /* client is running as System */ SERVICE, /* client is running as LS or NS */ } client_type; diff --git a/contrib/win32/win32compat/ssh-agent/keyagent-request.c b/contrib/win32/win32compat/ssh-agent/keyagent-request.c index 8f27e0a48..7a3428762 100644 --- a/contrib/win32/win32compat/ssh-agent/keyagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/keyagent-request.c @@ -204,7 +204,7 @@ static int sign_blob(const struct sshkey *pubkey, u_char ** sig, size_t *siglen, HKEY reg = 0, sub = 0, user_root = 0; int r = 0, success = 0; struct sshkey* prikey = NULL; - char *thumbprint = NULL, *regdata = NULL; + char *thumbprint = NULL, *regdata = NULL, *algo = NULL; DWORD regdatalen = 0, keyblob_len = 0; struct sshbuf* tmpbuf = NULL; char *keyblob = NULL; @@ -225,8 +225,13 @@ static int sign_blob(const struct sshkey *pubkey, u_char ** sig, size_t *siglen, (tmpbuf = sshbuf_from(keyblob, keyblob_len)) == NULL) goto done; + if (flags & SSH_AGENT_RSA_SHA2_256) + algo = "rsa-sha2-256"; + else if (flags & SSH_AGENT_RSA_SHA2_512) + algo = "rsa-sha2-512"; + if (sshkey_private_deserialize(tmpbuf, &prikey) != 0 || - sshkey_sign(prikey, sig, siglen, blob, blen, NULL, 0) != 0) { + sshkey_sign(prikey, sig, siglen, blob, blen, algo, 0) != 0) { debug("cannot sign using retrieved key"); goto done; } @@ -272,9 +277,7 @@ process_sign_request(struct sshbuf* request, struct sshbuf* response, struct age goto done; } - /* TODO - flags?*/ - - if (sign_blob(key, &signature, &slen, data, dlen, 0, con) != 0) + if (sign_blob(key, &signature, &slen, data, dlen, flags, con) != 0) goto done; success = 1;