tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for AuthorizedKeysCommand and AuthorizedPrincipalsCommand to run as System (#479)

This commit is contained in:
Brian Katyl 2021-03-26 18:12:55 -06:00 committed by GitHub
parent 9a60244ef6
commit 6e76ad9e1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
auth.c
View File

@ -77,6 +77,10 @@
#include "compat.h" #include "compat.h"
#include "channels.h" #include "channels.h"
#include "sshfileperm.h" #include "sshfileperm.h"
#ifdef WINDOWS
#include <Windows.h>
#include "misc_internal.h"
#endif // WINDOWS
/* import */ /* import */
extern ServerOptions options; extern ServerOptions options;
@ -958,8 +962,21 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
if (posix_spawn_file_actions_init(&actions) != 0 || if (posix_spawn_file_actions_init(&actions) != 0 ||
posix_spawn_file_actions_adddup2(&actions, p[1], STDOUT_FILENO) != 0) posix_spawn_file_actions_adddup2(&actions, p[1], STDOUT_FILENO) != 0)
fatal("posix_spawn initialization failed"); fatal("posix_spawn initialization failed");
else if (__posix_spawn_asuser((pid_t*)&pid, av[0], &actions, NULL, av, NULL, pw->pw_name) != 0) else {
fatal("posix_spawn: %s", strerror(errno)); /* If the user's SID is the System SID and sshd is running as system,
* launch as a child process.
*/
if (IsWellKnownSid(get_sid(pw->pw_name), WinLocalSystemSid) && am_system()) {
debug("starting subprocess using posix_spawnp");
if (posix_spawnp((pid_t*)&pid, av[0], &actions, NULL, av, NULL) != 0)
fatal("posix_spawnp: %s", strerror(errno));
}
else {
debug("starting subprocess as user using __posix_spawn_asuser");
if (__posix_spawn_asuser((pid_t*)&pid, av[0], &actions, NULL, av, NULL, pw->pw_name) != 0)
fatal("posix_spawn_user: %s", strerror(errno));
}
}
posix_spawn_file_actions_destroy(&actions); posix_spawn_file_actions_destroy(&actions);
} }

9
contrib/win32/win32compat/w32fd.c
View File

@ -1074,11 +1074,14 @@ spawn_child_internal(const char* cmd, char *const argv[], HANDLE in, HANDLE out,
wchar_t * t = cmdline_utf16; wchar_t * t = cmdline_utf16;
do { do {
debug3("spawning %ls", t); if (as_user) {
if (as_user) debug3("spawning %ls as user", t);
b = CreateProcessAsUserW(as_user, NULL, t, NULL, NULL, TRUE, flags, NULL, NULL, &si, &pi); b = CreateProcessAsUserW(as_user, NULL, t, NULL, NULL, TRUE, flags, NULL, NULL, &si, &pi);
else }
else {
debug3("spawning %ls as subprocess", t);
b = CreateProcessW(NULL, t, NULL, NULL, TRUE, flags, NULL, NULL, &si, &pi); b = CreateProcessW(NULL, t, NULL, NULL, TRUE, flags, NULL, NULL, &si, &pi);
}
if(b || GetLastError() != ERROR_FILE_NOT_FOUND || (argv != NULL && *argv != NULL) || cmd[0] == '\"') if(b || GetLastError() != ERROR_FILE_NOT_FOUND || (argv != NULL && *argv != NULL) || cmd[0] == '\"')
break; break;
t++; t++;