tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for AuthorizedKeysCommand and AuthorizedPrincipalsCommand to run as System (#479)

This commit is contained in:
Brian Katyl 2021-03-26 18:12:55 -06:00 committed by GitHub
parent 9a60244ef6
commit 6e76ad9e1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
auth.c
View File

@ -77,6 +77,10 @@
#include "compat.h"
#include "channels.h"
#include "sshfileperm.h"
#ifdef WINDOWS
#include <Windows.h>
#include "misc_internal.h"
#endif // WINDOWS
/* import */
extern ServerOptions options;
@ -958,8 +962,21 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
if (posix_spawn_file_actions_init(&actions) != 0 ||
posix_spawn_file_actions_adddup2(&actions, p[1], STDOUT_FILENO) != 0)
fatal("posix_spawn initialization failed");
else if (__posix_spawn_asuser((pid_t*)&pid, av[0], &actions, NULL, av, NULL, pw->pw_name) != 0)
fatal("posix_spawn: %s", strerror(errno));
else {
/* If the user's SID is the System SID and sshd is running as system,
* launch as a child process.
*/
if (IsWellKnownSid(get_sid(pw->pw_name), WinLocalSystemSid) && am_system()) {
debug("starting subprocess using posix_spawnp");
if (posix_spawnp((pid_t*)&pid, av[0], &actions, NULL, av, NULL) != 0)
fatal("posix_spawnp: %s", strerror(errno));
}
else {
debug("starting subprocess as user using __posix_spawn_asuser");
if (__posix_spawn_asuser((pid_t*)&pid, av[0], &actions, NULL, av, NULL, pw->pw_name) != 0)
fatal("posix_spawn_user: %s", strerror(errno));
}
}
posix_spawn_file_actions_destroy(&actions);
}

9
contrib/win32/win32compat/w32fd.c
View File

@ -1074,11 +1074,14 @@ spawn_child_internal(const char* cmd, char *const argv[], HANDLE in, HANDLE out,
wchar_t * t = cmdline_utf16;
do {
debug3("spawning %ls", t);
if (as_user)
if (as_user) {
debug3("spawning %ls as user", t);
b = CreateProcessAsUserW(as_user, NULL, t, NULL, NULL, TRUE, flags, NULL, NULL, &si, &pi);
else
}
else {
debug3("spawning %ls as subprocess", t);
b = CreateProcessW(NULL, t, NULL, NULL, TRUE, flags, NULL, NULL, &si, &pi);
}
if(b || GetLastError() != ERROR_FILE_NOT_FOUND || (argv != NULL && *argv != NULL) || cmd[0] == '\"')
break;
t++;