Fixed Denyusers issue when logging in with ssh username@domain@serverip (https://github.com/PowerShell/Win32-OpenSSH/issues/511)
This commit is contained in:
parent
9906e0515d
commit
70784d5606
|
@ -54,6 +54,7 @@
|
|||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
#include "authfd.h"
|
||||
|
||||
extern Buffer loginmsg;
|
||||
extern ServerOptions options;
|
||||
|
@ -225,7 +226,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
|
||||
#elif defined(WINDOWS)
|
||||
/*
|
||||
* Authenticate on Windows - Pass creds to ssh-agent and retrieve token
|
||||
* Authenticate on Windows - Pass credentials to ssh-agent and retrieve token
|
||||
* upon succesful authentication
|
||||
*/
|
||||
extern int auth_sock;
|
||||
|
@ -239,17 +240,18 @@ int sys_auth_passwd(Authctxt *authctxt, const char *password)
|
|||
msg = sshbuf_new();
|
||||
if (!msg)
|
||||
return 0;
|
||||
if (sshbuf_put_u8(msg, 100) != 0 ||
|
||||
sshbuf_put_cstring(msg, "password") != 0 ||
|
||||
sshbuf_put_cstring(msg, authctxt->user) != 0 ||
|
||||
|
||||
if (sshbuf_put_u8(msg, SSH_AGENT_AUTHENTICATE) != 0 ||
|
||||
sshbuf_put_cstring(msg, PASSWD_AUTH_REQUEST) != 0 ||
|
||||
sshbuf_put_cstring(msg, authctxt->pw->pw_name) != 0 ||
|
||||
sshbuf_put_cstring(msg, authctxt->pw->pw_domain) != 0 ||
|
||||
sshbuf_put_cstring(msg, password) != 0 ||
|
||||
ssh_request_reply(auth_sock, msg, msg) != 0 ||
|
||||
sshbuf_get_u32(msg, &token) != 0) {
|
||||
debug("auth agent did not authorize client %s", authctxt->pw->pw_name);
|
||||
debug("auth agent did not authorize client %s", authctxt->user);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
if (blob)
|
||||
free(blob);
|
||||
if (msg)
|
||||
|
|
|
@ -68,6 +68,7 @@
|
|||
#include "ssherr.h"
|
||||
#include "channels.h" /* XXX for session.h */
|
||||
#include "session.h" /* XXX for child_set_env(); refactor? */
|
||||
#include "authfd.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
|
@ -190,20 +191,21 @@ userauth_pubkey(Authctxt *authctxt)
|
|||
msg = sshbuf_new();
|
||||
if (!msg)
|
||||
break;
|
||||
if ((r = sshbuf_put_u8(msg, 100)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "pubkey")) != 0 ||
|
||||
if ((r = sshbuf_put_u8(msg, SSH_AGENT_AUTHENTICATE)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, PUBKEY_AUTH_REQUEST)) != 0 ||
|
||||
(r = sshkey_to_blob(key, &blob, &blen)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, blob, blen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, authctxt->pw->pw_domain)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, sig, slen)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 ||
|
||||
(r = ssh_request_reply(auth_sock, msg, msg)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &token)) != 0) {
|
||||
debug("auth agent did not authorize client %s", authctxt->pw->pw_name);
|
||||
debug("auth agent did not authorize client %s", authctxt->user);
|
||||
break;
|
||||
}
|
||||
|
||||
debug3("auth agent authenticated %s", authctxt->pw->pw_name);
|
||||
debug3("auth agent authenticated %s", authctxt->user);
|
||||
break;
|
||||
|
||||
}
|
||||
|
|
8
authfd.h
8
authfd.h
|
@ -89,4 +89,12 @@ int ssh_agent_sign(int sock, struct sshkey *key,
|
|||
#define SSH_AGENT_RSA_SHA2_256 0x02
|
||||
#define SSH_AGENT_RSA_SHA2_512 0x04
|
||||
|
||||
/*
|
||||
* Following are used in Windows implementation
|
||||
* ssh-agent in Windows also serves user authentication
|
||||
*/
|
||||
#define SSH_AGENT_AUTHENTICATE 200
|
||||
#define PUBKEY_AUTH_REQUEST "pubkey"
|
||||
#define PASSWD_AUTH_REQUEST "password"
|
||||
|
||||
#endif /* AUTHFD_H */
|
||||
|
|
|
@ -13,8 +13,9 @@
|
|||
#include "sys\types.h"
|
||||
|
||||
struct passwd {
|
||||
char *pw_name; /* user's login name */
|
||||
char *pw_passwd; /* password? */
|
||||
char *pw_name; /* user's login name */
|
||||
char *pw_domain; /* user's domain name */
|
||||
char *pw_passwd; /* password? */
|
||||
char *pw_gecos; /* ??? */
|
||||
uid_t pw_uid; /* numerical user ID */
|
||||
gid_t pw_gid; /* numerical group ID */
|
||||
|
|
|
@ -47,193 +47,207 @@ static char* pw_shellpath = NULL;
|
|||
|
||||
int
|
||||
initialize_pw() {
|
||||
if (pw_shellpath == NULL) {
|
||||
if ((pw_shellpath = malloc(strlen(w32_programdir()) + strlen(SHELL_HOST) + 1)) == NULL)
|
||||
fatal("initialize_pw - out of memory");
|
||||
else {
|
||||
char* head = pw_shellpath;
|
||||
memcpy(head, w32_programdir(), strlen(w32_programdir()));
|
||||
head += strlen(w32_programdir());
|
||||
memcpy(head, SHELL_HOST, strlen(SHELL_HOST));
|
||||
head += strlen(SHELL_HOST);
|
||||
*head = '\0';
|
||||
}
|
||||
}
|
||||
if (pw.pw_shell != pw_shellpath) {
|
||||
memset(&pw, 0, sizeof(pw));
|
||||
pw.pw_shell = pw_shellpath;
|
||||
pw.pw_passwd = "\0";
|
||||
/* pw_uid = 0 for root on Unix and SSH code has specific restrictions for root
|
||||
* that are not applicable in Windows */
|
||||
pw.pw_uid = 1;
|
||||
}
|
||||
return 0;
|
||||
if (pw_shellpath == NULL) {
|
||||
if ((pw_shellpath = malloc(strlen(w32_programdir()) + strlen(SHELL_HOST) + 1)) == NULL)
|
||||
fatal("initialize_pw - out of memory");
|
||||
else {
|
||||
char* head = pw_shellpath;
|
||||
memcpy(head, w32_programdir(), strlen(w32_programdir()));
|
||||
head += strlen(w32_programdir());
|
||||
memcpy(head, SHELL_HOST, strlen(SHELL_HOST));
|
||||
head += strlen(SHELL_HOST);
|
||||
*head = '\0';
|
||||
}
|
||||
}
|
||||
if (pw.pw_shell != pw_shellpath) {
|
||||
memset(&pw, 0, sizeof(pw));
|
||||
pw.pw_shell = pw_shellpath;
|
||||
pw.pw_passwd = "\0";
|
||||
/* pw_uid = 0 for root on Unix and SSH code has specific restrictions for root
|
||||
* that are not applicable in Windows */
|
||||
pw.pw_uid = 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
reset_pw() {
|
||||
initialize_pw();
|
||||
if (pw.pw_name)
|
||||
free(pw.pw_name);
|
||||
if (pw.pw_dir)
|
||||
free(pw.pw_dir);
|
||||
initialize_pw();
|
||||
if (pw.pw_name)
|
||||
free(pw.pw_name);
|
||||
if (pw.pw_dir)
|
||||
free(pw.pw_dir);
|
||||
}
|
||||
|
||||
static struct passwd*
|
||||
get_passwd(const char *user_utf8, LPWSTR user_sid) {
|
||||
struct passwd *ret = NULL;
|
||||
wchar_t *user_utf16 = NULL, *uname_utf16, *udom_utf16, *tmp;
|
||||
char *uname_utf8 = NULL, *pw_home_utf8 = NULL, *user_sid_utf8;
|
||||
LPBYTE user_info = NULL;
|
||||
LPWSTR user_sid_local = NULL;
|
||||
wchar_t reg_path[PATH_MAX], profile_home[PATH_MAX];
|
||||
HKEY reg_key = 0;
|
||||
int tmp_len = PATH_MAX;
|
||||
PDOMAIN_CONTROLLER_INFOW pdc = NULL;
|
||||
struct passwd *ret = NULL;
|
||||
wchar_t *user_utf16 = NULL, *uname_utf16, *udom_utf16, *tmp;
|
||||
char *uname_utf8 = NULL, *udom_utf8 = NULL, *pw_home_utf8 = NULL, *user_sid_utf8 = NULL;
|
||||
LPBYTE user_info = NULL;
|
||||
LPWSTR user_sid_local = NULL;
|
||||
wchar_t reg_path[PATH_MAX], profile_home[PATH_MAX];
|
||||
HKEY reg_key = 0;
|
||||
int tmp_len = PATH_MAX;
|
||||
PDOMAIN_CONTROLLER_INFOW pdc = NULL;
|
||||
|
||||
errno = 0;
|
||||
errno = 0;
|
||||
|
||||
reset_pw();
|
||||
reset_pw();
|
||||
|
||||
if ((user_utf16 = utf8_to_utf16(user_utf8) ) == NULL) {
|
||||
errno = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
if ((user_utf16 = utf8_to_utf16(user_utf8) ) == NULL) {
|
||||
errno = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/*find domain part if any*/
|
||||
if ((tmp = wcschr(user_utf16, L'\\')) != NULL) {
|
||||
udom_utf16 = user_utf16;
|
||||
uname_utf16 = tmp + 1;
|
||||
*tmp = L'\0';
|
||||
/*find domain part if any*/
|
||||
if ((tmp = wcschr(user_utf16, L'\\')) != NULL) {
|
||||
udom_utf16 = user_utf16;
|
||||
uname_utf16 = tmp + 1;
|
||||
*tmp = L'\0';
|
||||
|
||||
}
|
||||
else if ((tmp = wcschr(user_utf16, L'@')) != NULL) {
|
||||
udom_utf16 = tmp + 1;
|
||||
uname_utf16 = user_utf16;
|
||||
*tmp = L'\0';
|
||||
}
|
||||
else {
|
||||
uname_utf16 = user_utf16;
|
||||
udom_utf16 = NULL;
|
||||
}
|
||||
} else if ((tmp = wcschr(user_utf16, L'@')) != NULL) {
|
||||
udom_utf16 = tmp + 1;
|
||||
uname_utf16 = user_utf16;
|
||||
*tmp = L'\0';
|
||||
} else {
|
||||
uname_utf16 = user_utf16;
|
||||
udom_utf16 = NULL;
|
||||
}
|
||||
|
||||
if (user_sid == NULL) {
|
||||
NET_API_STATUS status;
|
||||
if ((status = NetUserGetInfo(udom_utf16, uname_utf16, 23, &user_info)) != NERR_Success) {
|
||||
debug("NetUserGetInfo() failed with error: %d \n", status);
|
||||
if (user_sid == NULL) {
|
||||
NET_API_STATUS status;
|
||||
if ((status = NetUserGetInfo(udom_utf16, uname_utf16, 23, &user_info)) != NERR_Success) {
|
||||
debug("NetUserGetInfo() failed with error: %d \n", status);
|
||||
|
||||
DWORD dsStatus;
|
||||
if ((dsStatus = DsGetDcNameW(NULL, udom_utf16, NULL, NULL, DS_DIRECTORY_SERVICE_PREFERRED, &pdc)) == ERROR_SUCCESS) {
|
||||
if ((status = NetUserGetInfo(pdc->DomainControllerName, uname_utf16, 23, &user_info)) != NERR_Success) {
|
||||
debug("NetUserGetInfo() with domainController failed with error: %d \n", status);
|
||||
/* We reach here only for domain users.
|
||||
* If we didn't get the domain name from the end-user then we treat it as error and return.
|
||||
*/
|
||||
if (udom_utf16 == NULL) {
|
||||
errno = ENOENT;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (ConvertSidToStringSidW(((LPUSER_INFO_23)user_info)->usri23_user_sid, &user_sid_local) == FALSE) {
|
||||
error("ConvertSidToStringSidW() failed with error: %d\n", GetLastError());
|
||||
DWORD dsStatus;
|
||||
if ((dsStatus = DsGetDcNameW(NULL, udom_utf16, NULL, NULL, DS_DIRECTORY_SERVICE_PREFERRED, &pdc)) == ERROR_SUCCESS) {
|
||||
if ((status = NetUserGetInfo(pdc->DomainControllerName, uname_utf16, 23, &user_info)) != NERR_Success) {
|
||||
debug("NetUserGetInfo() with domainController failed with error: %d \n", status);
|
||||
|
||||
errno = ENOMEM; //??
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
error("DsGetDcNameW() failed with error: %d \n", dsStatus);
|
||||
errno = ENOMEM; //??
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
if (ConvertSidToStringSidW(((LPUSER_INFO_23)user_info)->usri23_user_sid, &user_sid_local) == FALSE) {
|
||||
error("NetUserGetInfo() Succeded but ConvertSidToStringSidW() failed with error: %d\n", GetLastError());
|
||||
errno = ENOMEM; //??
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
if (ConvertSidToStringSidW(((LPUSER_INFO_23)user_info)->usri23_user_sid, &user_sid_local) == FALSE) {
|
||||
error("ConvertSidToStringSidW() failed with error: %d\n", GetLastError());
|
||||
|
||||
user_sid = user_sid_local;
|
||||
}
|
||||
errno = ENOENT;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
error("DsGetDcNameW() failed with error: %d \n", dsStatus);
|
||||
errno = ENOENT;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (ConvertSidToStringSidW(((LPUSER_INFO_23)user_info)->usri23_user_sid, &user_sid_local) == FALSE) {
|
||||
debug("NetUserGetInfo() Succeded but ConvertSidToStringSidW() failed with error: %d\n", GetLastError());
|
||||
errno = ENOENT;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
if (swprintf(reg_path, PATH_MAX, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\%ls", user_sid) == PATH_MAX ||
|
||||
RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, STANDARD_RIGHTS_READ | KEY_QUERY_VALUE | KEY_WOW64_64KEY, ®_key) != 0 ||
|
||||
RegQueryValueExW(reg_key, L"ProfileImagePath", 0, NULL, (LPBYTE)profile_home, &tmp_len) != 0)
|
||||
GetWindowsDirectoryW(profile_home, PATH_MAX);
|
||||
user_sid = user_sid_local;
|
||||
}
|
||||
|
||||
if ((uname_utf8 = _strdup(user_utf8)) == NULL ||
|
||||
(pw_home_utf8 = utf16_to_utf8(profile_home)) == NULL ||
|
||||
(user_sid_utf8 = utf16_to_utf8(user_sid)) == NULL) {
|
||||
errno = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
|
||||
pw.pw_name = uname_utf8;
|
||||
uname_utf8 = NULL;
|
||||
pw.pw_dir = pw_home_utf8;
|
||||
pw_home_utf8 = NULL;
|
||||
pw.pw_sid = user_sid_utf8;
|
||||
/* if one of below fails, set profile path to Windows directory */
|
||||
if (swprintf(reg_path, PATH_MAX, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\%ls", user_sid) == PATH_MAX ||
|
||||
RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, STANDARD_RIGHTS_READ | KEY_QUERY_VALUE | KEY_WOW64_64KEY, ®_key) != 0 ||
|
||||
RegQueryValueExW(reg_key, L"ProfileImagePath", 0, NULL, (LPBYTE)profile_home, &tmp_len) != 0)
|
||||
GetWindowsDirectoryW(profile_home, PATH_MAX);
|
||||
|
||||
if ((uname_utf8 = utf16_to_utf8(uname_utf16)) == NULL ||
|
||||
(udom_utf16 && (udom_utf8 = utf16_to_utf8(udom_utf16)) == NULL) ||
|
||||
(pw_home_utf8 = utf16_to_utf8(profile_home)) == NULL ||
|
||||
(user_sid_utf8 = utf16_to_utf8(user_sid)) == NULL) {
|
||||
errno = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
|
||||
pw.pw_name = uname_utf8;
|
||||
uname_utf8 = NULL;
|
||||
pw.pw_domain = udom_utf8;
|
||||
udom_utf8 = NULL;
|
||||
pw.pw_dir = pw_home_utf8;
|
||||
pw_home_utf8 = NULL;
|
||||
pw.pw_sid = user_sid_utf8;
|
||||
user_sid_utf8 = NULL;
|
||||
ret = &pw;
|
||||
ret = &pw;
|
||||
|
||||
done:
|
||||
if (user_utf16)
|
||||
free(user_utf16);
|
||||
if (uname_utf8)
|
||||
free(uname_utf8);
|
||||
if (pw_home_utf8)
|
||||
free(pw_home_utf8);
|
||||
if (user_info)
|
||||
NetApiBufferFree(user_info);
|
||||
if (user_sid_local)
|
||||
LocalFree(user_sid_local);
|
||||
if (reg_key)
|
||||
RegCloseKey(reg_key);
|
||||
if (pdc)
|
||||
NetApiBufferFree(pdc);
|
||||
if (user_utf16)
|
||||
free(user_utf16);
|
||||
if (uname_utf8)
|
||||
free(uname_utf8);
|
||||
if (udom_utf8)
|
||||
free(udom_utf8);
|
||||
if (pw_home_utf8)
|
||||
free(pw_home_utf8);
|
||||
if (user_sid_utf8)
|
||||
free(user_sid_utf8);
|
||||
return ret;
|
||||
if (user_info)
|
||||
NetApiBufferFree(user_info);
|
||||
if (user_sid_local)
|
||||
LocalFree(user_sid_local);
|
||||
if (reg_key)
|
||||
RegCloseKey(reg_key);
|
||||
if (pdc)
|
||||
NetApiBufferFree(pdc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct passwd*
|
||||
w32_getpwnam(const char *user_utf8) {
|
||||
return get_passwd(user_utf8, NULL);
|
||||
w32_getpwnam(const char *user_utf8) {
|
||||
return get_passwd(user_utf8, NULL);
|
||||
}
|
||||
|
||||
struct passwd*
|
||||
w32_getpwuid(uid_t uid) {
|
||||
wchar_t* wuser = NULL;
|
||||
char* user_utf8 = NULL;
|
||||
ULONG needed = 0;
|
||||
struct passwd *ret = NULL;
|
||||
HANDLE token = 0;
|
||||
DWORD info_len = 0;
|
||||
TOKEN_USER* info = NULL;
|
||||
LPWSTR user_sid = NULL;
|
||||
w32_getpwuid(uid_t uid) {
|
||||
wchar_t* wuser = NULL;
|
||||
char* user_utf8 = NULL;
|
||||
ULONG needed = 0;
|
||||
struct passwd *ret = NULL;
|
||||
HANDLE token = 0;
|
||||
DWORD info_len = 0;
|
||||
TOKEN_USER* info = NULL;
|
||||
LPWSTR user_sid = NULL;
|
||||
|
||||
errno = 0;
|
||||
|
||||
if (GetUserNameExW(NameSamCompatible, NULL, &needed) != 0 ||
|
||||
(wuser = malloc(needed * sizeof(wchar_t))) == NULL ||
|
||||
GetUserNameExW(NameSamCompatible, wuser, &needed) == 0 ||
|
||||
(user_utf8 = utf16_to_utf8(wuser)) == NULL ||
|
||||
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token) == FALSE ||
|
||||
GetTokenInformation(token, TokenUser, NULL, 0, &info_len) == TRUE ||
|
||||
(info = (TOKEN_USER*)malloc(info_len)) == NULL ||
|
||||
GetTokenInformation(token, TokenUser, info, info_len, &info_len) == FALSE ||
|
||||
ConvertSidToStringSidW(info->User.Sid, &user_sid) == FALSE){
|
||||
errno = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
ret = get_passwd(user_utf8, user_sid);
|
||||
errno = 0;
|
||||
|
||||
if (GetUserNameExW(NameSamCompatible, NULL, &needed) != 0 ||
|
||||
(wuser = malloc(needed * sizeof(wchar_t))) == NULL ||
|
||||
GetUserNameExW(NameSamCompatible, wuser, &needed) == 0 ||
|
||||
(user_utf8 = utf16_to_utf8(wuser)) == NULL ||
|
||||
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token) == FALSE ||
|
||||
GetTokenInformation(token, TokenUser, NULL, 0, &info_len) == TRUE ||
|
||||
(info = (TOKEN_USER*)malloc(info_len)) == NULL ||
|
||||
GetTokenInformation(token, TokenUser, info, info_len, &info_len) == FALSE ||
|
||||
ConvertSidToStringSidW(info->User.Sid, &user_sid) == FALSE) {
|
||||
errno = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
ret = get_passwd(user_utf8, user_sid);
|
||||
|
||||
done:
|
||||
if (wuser)
|
||||
free(wuser);
|
||||
if (user_utf8)
|
||||
free(user_utf8);
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
if (info)
|
||||
free(info);
|
||||
if (user_sid)
|
||||
LocalFree(user_sid);
|
||||
return ret;
|
||||
if (wuser)
|
||||
free(wuser);
|
||||
if (user_utf8)
|
||||
free(user_utf8);
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
if (info)
|
||||
free(info);
|
||||
if (user_sid)
|
||||
LocalFree(user_sid);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -39,351 +39,314 @@
|
|||
#include "agent-request.h"
|
||||
#include "key.h"
|
||||
|
||||
static void
|
||||
static void
|
||||
InitLsaString(LSA_STRING *lsa_string, const char *str)
|
||||
{
|
||||
if (str == NULL)
|
||||
memset(lsa_string, 0, sizeof(LSA_STRING));
|
||||
else {
|
||||
lsa_string->Buffer = (char *)str;
|
||||
lsa_string->Length = strlen(str);
|
||||
lsa_string->MaximumLength = lsa_string->Length + 1;
|
||||
}
|
||||
if (str == NULL)
|
||||
memset(lsa_string, 0, sizeof(LSA_STRING));
|
||||
else {
|
||||
lsa_string->Buffer = (char *)str;
|
||||
lsa_string->Length = strlen(str);
|
||||
lsa_string->MaximumLength = lsa_string->Length + 1;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
EnablePrivilege(const char *privName, int enabled)
|
||||
{
|
||||
TOKEN_PRIVILEGES tp;
|
||||
HANDLE hProcToken = NULL;
|
||||
LUID luid;
|
||||
TOKEN_PRIVILEGES tp;
|
||||
HANDLE hProcToken = NULL;
|
||||
LUID luid;
|
||||
|
||||
int exitCode = 1;
|
||||
int exitCode = 1;
|
||||
|
||||
if (LookupPrivilegeValueA(NULL, privName, &luid) == FALSE ||
|
||||
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcToken) == FALSE)
|
||||
goto done;
|
||||
if (LookupPrivilegeValueA(NULL, privName, &luid) == FALSE ||
|
||||
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcToken) == FALSE)
|
||||
goto done;
|
||||
|
||||
tp.PrivilegeCount = 1;
|
||||
tp.Privileges[0].Luid = luid;
|
||||
tp.Privileges[0].Attributes = enabled ? SE_PRIVILEGE_ENABLED : 0;
|
||||
tp.PrivilegeCount = 1;
|
||||
tp.Privileges[0].Luid = luid;
|
||||
tp.Privileges[0].Attributes = enabled ? SE_PRIVILEGE_ENABLED : 0;
|
||||
|
||||
AdjustTokenPrivileges(hProcToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
|
||||
AdjustTokenPrivileges(hProcToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
|
||||
|
||||
done:
|
||||
if (hProcToken)
|
||||
CloseHandle(hProcToken);
|
||||
|
||||
return;
|
||||
if (hProcToken)
|
||||
CloseHandle(hProcToken);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
LoadProfile(struct agent_connection* con, wchar_t* user, wchar_t* domain) {
|
||||
PROFILEINFOW profileInfo;
|
||||
profileInfo.dwFlags = PI_NOUI;
|
||||
profileInfo.lpProfilePath = NULL;
|
||||
profileInfo.lpUserName = user;
|
||||
profileInfo.lpDefaultPath = NULL;
|
||||
profileInfo.lpServerName = domain;
|
||||
profileInfo.lpPolicyPath = NULL;
|
||||
profileInfo.hProfile = NULL;
|
||||
profileInfo.dwSize = sizeof(profileInfo);
|
||||
EnablePrivilege("SeBackupPrivilege", 1);
|
||||
EnablePrivilege("SeRestorePrivilege", 1);
|
||||
if (LoadUserProfileW(con->auth_token, &profileInfo) == FALSE)
|
||||
debug("Loading user (%ls,%ls) profile failed ERROR: %d", user, domain, GetLastError());
|
||||
else
|
||||
con->hProfile = profileInfo.hProfile;
|
||||
EnablePrivilege("SeBackupPrivilege", 0);
|
||||
EnablePrivilege("SeRestorePrivilege", 0);
|
||||
PROFILEINFOW profileInfo;
|
||||
profileInfo.dwFlags = PI_NOUI;
|
||||
profileInfo.lpProfilePath = NULL;
|
||||
profileInfo.lpUserName = user;
|
||||
profileInfo.lpDefaultPath = NULL;
|
||||
profileInfo.lpServerName = domain;
|
||||
profileInfo.lpPolicyPath = NULL;
|
||||
profileInfo.hProfile = NULL;
|
||||
profileInfo.dwSize = sizeof(profileInfo);
|
||||
EnablePrivilege("SeBackupPrivilege", 1);
|
||||
EnablePrivilege("SeRestorePrivilege", 1);
|
||||
if (LoadUserProfileW(con->auth_token, &profileInfo) == FALSE)
|
||||
debug("Loading user (%ls,%ls) profile failed ERROR: %d", user, domain, GetLastError());
|
||||
else
|
||||
con->hProfile = profileInfo.hProfile;
|
||||
EnablePrivilege("SeBackupPrivilege", 0);
|
||||
EnablePrivilege("SeRestorePrivilege", 0);
|
||||
}
|
||||
|
||||
#define MAX_USER_LEN 256
|
||||
static HANDLE
|
||||
generate_user_token(wchar_t* user) {
|
||||
HANDLE lsa_handle = 0, token = 0;
|
||||
LSA_OPERATIONAL_MODE mode;
|
||||
ULONG auth_package_id;
|
||||
NTSTATUS ret, subStatus;
|
||||
void * logon_info = NULL;
|
||||
size_t logon_info_size;
|
||||
LSA_STRING logon_process_name, auth_package_name, originName;
|
||||
TOKEN_SOURCE sourceContext;
|
||||
PKERB_INTERACTIVE_PROFILE pProfile = NULL;
|
||||
LUID logonId;
|
||||
QUOTA_LIMITS quotas;
|
||||
DWORD cbProfile;
|
||||
BOOL domain_user;
|
||||
wchar_t user_copy[MAX_USER_LEN];
|
||||
|
||||
/* prep user name - TODO: implment an accurate check if user is domain account*/
|
||||
if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) {
|
||||
debug("user length is not supported");
|
||||
goto done;
|
||||
}
|
||||
#define MAX_USER_LEN 64
|
||||
/* https://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability(v=ws.10).aspx */
|
||||
#define MAX_FQDN_LEN 64
|
||||
#define MAX_PW_LEN 64
|
||||
|
||||
if (wcschr(user, L'\\') != NULL) {
|
||||
wchar_t *un = NULL, *dn = NULL;
|
||||
DWORD un_len = 0, dn_len = 0;
|
||||
dn = user;
|
||||
dn_len = wcschr(user, L'\\') - user;
|
||||
un = wcschr(user, L'\\') + 1;
|
||||
un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1;
|
||||
if (dn_len == 0 || un_len == 0) {
|
||||
debug("cannot get user token - bad user name");
|
||||
goto done;
|
||||
}
|
||||
memcpy(user_copy, un, un_len * sizeof(wchar_t));
|
||||
user_copy[un_len] = L'@';
|
||||
memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t));
|
||||
user_copy[dn_len + 1 + un_len] = L'\0';
|
||||
user = user_copy;
|
||||
}
|
||||
|
||||
domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE;
|
||||
static HANDLE
|
||||
generate_user_token(wchar_t* user, wchar_t* domain) {
|
||||
HANDLE lsa_handle = 0, token = 0;
|
||||
LSA_OPERATIONAL_MODE mode;
|
||||
ULONG auth_package_id;
|
||||
NTSTATUS ret, subStatus;
|
||||
void * logon_info = NULL;
|
||||
size_t logon_info_size;
|
||||
LSA_STRING logon_process_name, auth_package_name, originName;
|
||||
TOKEN_SOURCE sourceContext;
|
||||
PKERB_INTERACTIVE_PROFILE pProfile = NULL;
|
||||
LUID logonId;
|
||||
QUOTA_LIMITS quotas;
|
||||
DWORD cbProfile;
|
||||
BOOL domain_user;
|
||||
|
||||
InitLsaString(&logon_process_name, "ssh-agent");
|
||||
if (domain_user)
|
||||
InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
|
||||
else
|
||||
InitLsaString(&auth_package_name, "SSH-LSA");
|
||||
domain_user = (*domain != L'\0') ? TRUE : FALSE;
|
||||
|
||||
InitLsaString(&originName, "sshd");
|
||||
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
|
||||
goto done;
|
||||
InitLsaString(&logon_process_name, "ssh-agent");
|
||||
if (domain_user)
|
||||
InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
|
||||
else
|
||||
InitLsaString(&auth_package_name, "SSH-LSA");
|
||||
|
||||
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
|
||||
goto done;
|
||||
InitLsaString(&originName, "sshd");
|
||||
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
|
||||
goto done;
|
||||
|
||||
if (domain_user) {
|
||||
KERB_S4U_LOGON *s4u_logon;
|
||||
logon_info_size = sizeof(KERB_S4U_LOGON);
|
||||
logon_info_size += (wcslen(user) * 2 + 2);
|
||||
logon_info = malloc(logon_info_size);
|
||||
if (logon_info == NULL)
|
||||
goto done;
|
||||
s4u_logon = (KERB_S4U_LOGON*)logon_info;
|
||||
s4u_logon->MessageType = KerbS4ULogon;
|
||||
s4u_logon->Flags = 0;
|
||||
s4u_logon->ClientUpn.Length = wcslen(user) * 2;
|
||||
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
|
||||
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
|
||||
memcpy(s4u_logon->ClientUpn.Buffer, user, s4u_logon->ClientUpn.Length + 2);
|
||||
s4u_logon->ClientRealm.Length = 0;
|
||||
s4u_logon->ClientRealm.MaximumLength = 0;
|
||||
s4u_logon->ClientRealm.Buffer = 0;
|
||||
}
|
||||
else {
|
||||
logon_info_size = (wcslen(user) + 1)*sizeof(wchar_t);
|
||||
logon_info = malloc(logon_info_size);
|
||||
if (logon_info == NULL)
|
||||
goto done;
|
||||
memcpy(logon_info, user, logon_info_size);
|
||||
}
|
||||
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
|
||||
goto done;
|
||||
|
||||
memcpy(sourceContext.SourceName,"sshagent", sizeof(sourceContext.SourceName));
|
||||
if (domain_user) {
|
||||
KERB_S4U_LOGON *s4u_logon;
|
||||
wchar_t user_cpn[MAX_USER_LEN + 1 + MAX_FQDN_LEN + 1];
|
||||
memcpy(user_cpn, user, wcslen(user) * 2);
|
||||
user_cpn[wcslen(user)] = L'@';
|
||||
memcpy(user_cpn + wcslen(user) + 1, domain, wcslen(domain) * 2 + 2);
|
||||
logon_info_size = sizeof(KERB_S4U_LOGON);
|
||||
logon_info_size += (wcslen(user_cpn) * 2 + 2);
|
||||
logon_info = malloc(logon_info_size);
|
||||
if (logon_info == NULL)
|
||||
goto done;
|
||||
s4u_logon = (KERB_S4U_LOGON*)logon_info;
|
||||
s4u_logon->MessageType = KerbS4ULogon;
|
||||
s4u_logon->Flags = 0;
|
||||
s4u_logon->ClientUpn.Length = wcslen(user_cpn) * 2;
|
||||
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
|
||||
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
|
||||
memcpy(s4u_logon->ClientUpn.Buffer, user_cpn, s4u_logon->ClientUpn.Length + 2);
|
||||
s4u_logon->ClientRealm.Length = 0;
|
||||
s4u_logon->ClientRealm.MaximumLength = 0;
|
||||
s4u_logon->ClientRealm.Buffer = 0;
|
||||
} else {
|
||||
logon_info_size = (wcslen(user) + 1)*sizeof(wchar_t);
|
||||
logon_info = malloc(logon_info_size);
|
||||
if (logon_info == NULL)
|
||||
goto done;
|
||||
memcpy(logon_info, user, logon_info_size);
|
||||
}
|
||||
|
||||
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
|
||||
goto done;
|
||||
memcpy(sourceContext.SourceName,"sshagent", sizeof(sourceContext.SourceName));
|
||||
|
||||
if (ret = LsaLogonUser(lsa_handle,
|
||||
&originName,
|
||||
Network,
|
||||
auth_package_id,
|
||||
logon_info,
|
||||
logon_info_size,
|
||||
NULL,
|
||||
&sourceContext,
|
||||
(PVOID*)&pProfile,
|
||||
&cbProfile,
|
||||
&logonId,
|
||||
&token,
|
||||
"as,
|
||||
&subStatus) != STATUS_SUCCESS) {
|
||||
debug("LsaLogonUser failed %d", ret);
|
||||
goto done;
|
||||
}
|
||||
debug3("LsaLogonUser succeeded");
|
||||
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
|
||||
goto done;
|
||||
|
||||
if (ret = LsaLogonUser(lsa_handle,
|
||||
&originName,
|
||||
Network,
|
||||
auth_package_id,
|
||||
logon_info,
|
||||
logon_info_size,
|
||||
NULL,
|
||||
&sourceContext,
|
||||
(PVOID*)&pProfile,
|
||||
&cbProfile,
|
||||
&logonId,
|
||||
&token,
|
||||
"as,
|
||||
&subStatus) != STATUS_SUCCESS) {
|
||||
debug("LsaLogonUser failed %d", ret);
|
||||
goto done;
|
||||
}
|
||||
debug3("LsaLogonUser succeeded");
|
||||
done:
|
||||
if (lsa_handle)
|
||||
LsaDeregisterLogonProcess(lsa_handle);
|
||||
if (logon_info)
|
||||
free(logon_info);
|
||||
if (pProfile)
|
||||
LsaFreeReturnBuffer(pProfile);
|
||||
if (lsa_handle)
|
||||
LsaDeregisterLogonProcess(lsa_handle);
|
||||
if (logon_info)
|
||||
free(logon_info);
|
||||
if (pProfile)
|
||||
LsaFreeReturnBuffer(pProfile);
|
||||
|
||||
return token;
|
||||
return token;
|
||||
}
|
||||
|
||||
#define PUBKEY_AUTH_REQUEST "pubkey"
|
||||
#define PASSWD_AUTH_REQUEST "password"
|
||||
#define MAX_USER_NAME_LEN 256
|
||||
#define MAX_PW_LEN 128
|
||||
|
||||
/* TODO - SecureZeroMemory password */
|
||||
int process_passwordauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||
char *user = NULL, *pwd = NULL;
|
||||
wchar_t userW_buf[MAX_USER_NAME_LEN], pwdW_buf[MAX_PW_LEN];
|
||||
wchar_t *userW = userW_buf, *domW = NULL, *pwdW = pwdW_buf, *tmp;
|
||||
size_t user_len = 0, pwd_len = 0, dom_len = 0;
|
||||
int r = -1;
|
||||
HANDLE token = 0, dup_token, client_proc = 0;
|
||||
ULONG client_pid;
|
||||
char *user = NULL, *domain = NULL, *pwd = NULL;
|
||||
wchar_t userW_buf[MAX_USER_LEN], domainW_buf[MAX_FQDN_LEN], pwdW_buf[MAX_PW_LEN];
|
||||
wchar_t *userW = userW_buf, *domW = domainW_buf, *pwdW = pwdW_buf, *tmp;
|
||||
size_t user_len = 0, domain_len = 0, pwd_len = 0, dom_len = 0;
|
||||
int r = -1;
|
||||
HANDLE token = 0, dup_token, client_proc = 0;
|
||||
ULONG client_pid;
|
||||
|
||||
if (sshbuf_get_cstring(request, &user, &user_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &pwd, &pwd_len) != 0 ||
|
||||
user_len == 0 ||
|
||||
pwd_len == 0 ){
|
||||
debug("bad password auth request");
|
||||
goto done;
|
||||
}
|
||||
if (sshbuf_get_cstring(request, &user, &user_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &domain, &domain_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &pwd, &pwd_len) != 0 ||
|
||||
user_len == 0 ||
|
||||
pwd_len == 0 ||
|
||||
user_len > MAX_USER_LEN ||
|
||||
domain_len > MAX_FQDN_LEN ||
|
||||
pwd_len > MAX_PW_LEN) {
|
||||
debug("bad password auth request");
|
||||
goto done;
|
||||
}
|
||||
|
||||
userW[0] = L'\0';
|
||||
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, userW, MAX_USER_NAME_LEN) == 0 ||
|
||||
MultiByteToWideChar(CP_UTF8, 0, pwd, pwd_len + 1, pwdW, MAX_PW_LEN) == 0) {
|
||||
debug("unable to convert user (%s) or password to UTF-16", user);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((tmp = wcschr(userW, L'\\')) != NULL) {
|
||||
domW = userW;
|
||||
userW = tmp + 1;
|
||||
*tmp = L'\0';
|
||||
userW[0] = L'\0';
|
||||
domW[0] = L'\0';
|
||||
if ((MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, userW, MAX_USER_LEN) == 0) ||
|
||||
(domain_len != 0 && MultiByteToWideChar(CP_UTF8, 0, domain, domain_len + 1, domW, MAX_FQDN_LEN) == 0) ||
|
||||
(MultiByteToWideChar(CP_UTF8, 0, pwd, pwd_len + 1, pwdW, MAX_PW_LEN) == 0)) {
|
||||
debug("unable to convert user (%s) or password to UTF-16", user);
|
||||
goto done;
|
||||
}
|
||||
|
||||
}
|
||||
else if ((tmp = wcschr(userW, L'@')) != NULL) {
|
||||
domW = tmp + 1;
|
||||
*tmp = L'\0';
|
||||
}
|
||||
if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
|
||||
debug("failed to logon user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
|
||||
debug("failed to logon user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, (int)(intptr_t)dup_token) != 0)) {
|
||||
debug("failed to duplicate user token");
|
||||
goto done;
|
||||
}
|
||||
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, (int)(intptr_t)dup_token) != 0)) {
|
||||
debug("failed to duplicate user token");
|
||||
goto done;
|
||||
}
|
||||
|
||||
con->auth_token = token;
|
||||
LoadProfile(con, userW, domW);
|
||||
r = 0;
|
||||
con->auth_token = token;
|
||||
LoadProfile(con, userW, domW);
|
||||
r = 0;
|
||||
done:
|
||||
/* TODO Fix this hacky protocol*/
|
||||
if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0))
|
||||
r = 0;
|
||||
|
||||
if (user)
|
||||
free(user);
|
||||
if (pwd)
|
||||
free(pwd);
|
||||
if (client_proc)
|
||||
CloseHandle(client_proc);
|
||||
/* TODO Fix this hacky protocol*/
|
||||
if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0))
|
||||
r = 0;
|
||||
|
||||
return r;
|
||||
if (user)
|
||||
free(user);
|
||||
if (pwd)
|
||||
free(pwd);
|
||||
if (client_proc)
|
||||
CloseHandle(client_proc);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
int process_pubkeyauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||
int r = -1;
|
||||
char *key_blob, *user, *sig, *blob;
|
||||
size_t key_blob_len, user_len, sig_len, blob_len;
|
||||
struct sshkey *key = NULL;
|
||||
HANDLE token = NULL, dup_token = NULL, client_proc = NULL;
|
||||
wchar_t wuser[MAX_USER_NAME_LEN];
|
||||
PWSTR wuser_home = NULL;
|
||||
ULONG client_pid;
|
||||
int r = -1;
|
||||
char *key_blob, *user, *domain, *usernameWithDomain, *sig, *blob;
|
||||
size_t key_blob_len, user_len, domain_len, sig_len, blob_len;
|
||||
struct sshkey *key = NULL;
|
||||
HANDLE token = NULL, dup_token = NULL, client_proc = NULL;
|
||||
wchar_t wuser[MAX_USER_LEN], wdomain[MAX_FQDN_LEN];
|
||||
PWSTR wuser_home = NULL;
|
||||
ULONG client_pid;
|
||||
|
||||
user = NULL;
|
||||
if (sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &user, &user_len) != 0 ||
|
||||
sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
|
||||
sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
|
||||
sshkey_from_blob(key_blob, key_blob_len, &key) != 0) {
|
||||
debug("invalid pubkey auth request");
|
||||
goto done;
|
||||
}
|
||||
user = NULL;
|
||||
domain = NULL;
|
||||
if (sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &user, &user_len) != 0 ||
|
||||
sshbuf_get_cstring(request, &domain, &domain_len) != 0 ||
|
||||
user_len > MAX_USER_LEN ||
|
||||
domain_len > MAX_FQDN_LEN ||
|
||||
sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
|
||||
sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
|
||||
sshkey_from_blob(key_blob, key_blob_len, &key) != 0) {
|
||||
debug("invalid pubkey auth request");
|
||||
goto done;
|
||||
}
|
||||
|
||||
wuser[0] = L'\0';
|
||||
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) == 0 ||
|
||||
(token = generate_user_token(wuser)) == 0) {
|
||||
debug("unable to generate token for user %ls", wuser);
|
||||
goto done;
|
||||
}
|
||||
wuser[0] = L'\0';
|
||||
wdomain[0] = L'\0';
|
||||
if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_LEN) == 0 ||
|
||||
(domain_len != 0 && MultiByteToWideChar(CP_UTF8, 0, domain, domain_len + 1, wdomain, MAX_FQDN_LEN) == 0) ||
|
||||
(token = generate_user_token(wuser, wdomain)) == 0) {
|
||||
debug("unable to generate token for user %ls", wuser);
|
||||
goto done;
|
||||
}
|
||||
|
||||
con->auth_token = token;
|
||||
con->auth_token = token;
|
||||
|
||||
if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
|
||||
pubkey_allowed(key, wuser, wuser_home) != 1) {
|
||||
debug("unable to verify public key for user %ls (profile:%ls)", wuser, wuser_home);
|
||||
goto done;
|
||||
}
|
||||
if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
|
||||
pubkey_allowed(key, wuser, wuser_home) != 1) {
|
||||
debug("unable to verify public key for user %ls (profile:%ls)", wuser, wuser_home);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (key_verify(key, sig, sig_len, blob, blob_len) != 1) {
|
||||
debug("signature verification failed");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, (int)(intptr_t)dup_token) != 0) ) {
|
||||
debug("failed to authorize user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
{
|
||||
wchar_t *tmp, *userW, *domW;
|
||||
userW = wuser;
|
||||
domW = NULL;
|
||||
if ((tmp = wcschr(userW, L'\\')) != NULL) {
|
||||
domW = userW;
|
||||
userW = tmp + 1;
|
||||
*tmp = L'\0';
|
||||
if (key_verify(key, sig, sig_len, blob, blob_len) != 1) {
|
||||
debug("signature verification failed");
|
||||
goto done;
|
||||
}
|
||||
|
||||
}
|
||||
else if ((tmp = wcschr(userW, L'@')) != NULL) {
|
||||
domW = tmp + 1;
|
||||
*tmp = L'\0';
|
||||
}
|
||||
LoadProfile(con, userW, domW);
|
||||
}
|
||||
if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
|
||||
( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
|
||||
(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
|
||||
(sshbuf_put_u32(response, (int)(intptr_t)dup_token) != 0)) {
|
||||
debug("failed to authorize user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
r = 0;
|
||||
LoadProfile(con, wuser, wdomain);
|
||||
|
||||
r = 0;
|
||||
done:
|
||||
/* TODO Fix this hacky protocol*/
|
||||
if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0))
|
||||
r = 0;
|
||||
/* TODO Fix this hacky protocol*/
|
||||
if ((r == -1) && (sshbuf_put_u8(response, SSH_AGENT_FAILURE) == 0))
|
||||
r = 0;
|
||||
|
||||
if (user)
|
||||
free(user);
|
||||
if (key)
|
||||
sshkey_free(key);
|
||||
if (wuser_home)
|
||||
CoTaskMemFree(wuser_home);
|
||||
if (client_proc)
|
||||
CloseHandle(client_proc);
|
||||
return r;
|
||||
if (user)
|
||||
free(user);
|
||||
if (key)
|
||||
sshkey_free(key);
|
||||
if (wuser_home)
|
||||
CoTaskMemFree(wuser_home);
|
||||
if (client_proc)
|
||||
CloseHandle(client_proc);
|
||||
return r;
|
||||
}
|
||||
|
||||
int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
|
||||
char *opn;
|
||||
size_t opn_len;
|
||||
if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0) {
|
||||
debug("invalid auth request");
|
||||
return -1;
|
||||
}
|
||||
char *opn;
|
||||
size_t opn_len;
|
||||
if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0) {
|
||||
debug("invalid auth request");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (opn_len == strlen(PUBKEY_AUTH_REQUEST) && memcmp(opn, PUBKEY_AUTH_REQUEST, opn_len) == 0)
|
||||
return process_pubkeyauth_request(request, response, con);
|
||||
else if (opn_len == strlen(PASSWD_AUTH_REQUEST) && memcmp(opn, PASSWD_AUTH_REQUEST, opn_len) == 0)
|
||||
return process_passwordauth_request(request, response, con);
|
||||
else {
|
||||
debug("unknown auth request: %s", opn);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (memcmp(opn, PUBKEY_AUTH_REQUEST, opn_len) == 0)
|
||||
return process_pubkeyauth_request(request, response, con);
|
||||
else if (memcmp(opn, PASSWD_AUTH_REQUEST, opn_len) == 0)
|
||||
return process_passwordauth_request(request, response, con);
|
||||
else {
|
||||
debug("unknown auth request: %s", opn);
|
||||
return -1;
|
||||
}
|
||||
}
|
|
@ -167,9 +167,6 @@ done:
|
|||
return r;
|
||||
}
|
||||
|
||||
/* TODO - move this to common header*/
|
||||
#define SSH_AGENT_AUTHENTICATE 100
|
||||
|
||||
static int
|
||||
process_request(struct agent_connection* con) {
|
||||
int r = -1;
|
||||
|
@ -179,7 +176,7 @@ process_request(struct agent_connection* con) {
|
|||
if ((con->client_process = get_con_client_type(con->connection)) == -1)
|
||||
goto done;
|
||||
|
||||
|
||||
//Sleep(30 * 1000);
|
||||
request = sshbuf_from(con->io_buf.buf, con->io_buf.num_bytes);
|
||||
response = sshbuf_new();
|
||||
if ((request == NULL) || (response == NULL))
|
||||
|
|
Loading…
Reference in New Issue