tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support SSH certificates (#213) 

support certificate authentication
This commit is contained in:
Manoj Ampalam 2017-10-02 12:39:12 -07:00 committed by Yanbing
parent e649e8f926
commit a348597468
4 changed files with 32 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
contrib/win32/win32compat/ssh-agent/agent-main.c
View File

@ -32,6 +32,8 @@
#include "agent.h" #include "agent.h"
#include "..\misc_internal.h" #include "..\misc_internal.h"
#include "..\Debug.h"
#include <wchar.h>
#pragma warning(push, 3) #pragma warning(push, 3)
@ -90,16 +92,33 @@ BOOL WINAPI
ctrl_c_handler(_In_ DWORD dwCtrlType) ctrl_c_handler(_In_ DWORD dwCtrlType)
{ {
/* for any Ctrl type, shutdown agent*/ /* for any Ctrl type, shutdown agent*/
debug3("Ctrl+C received"); debug4("Ctrl+C received");
agent_shutdown(); agent_shutdown();
return TRUE; return TRUE;
} }
/*set current working directory to module path*/
static void
fix_cwd()
{
wchar_t path[PATH_MAX] = { 0 };
int i, lastSlashPos = 0;
GetModuleFileNameW(NULL, path, PATH_MAX);
for (i = 0; path[i]; i++) {
if (path[i] == L'/' || path[i] == L'\\')
lastSlashPos = i;
}
path[lastSlashPos] = 0;
_wchdir(path);
}
int int
wmain(int argc, wchar_t **argv) wmain(int argc, wchar_t **argv)
{ {
_set_invalid_parameter_handler(invalid_parameter_handler); _set_invalid_parameter_handler(invalid_parameter_handler);
w32posix_initialize(); w32posix_initialize();
fix_cwd();
/* this exits() on failure*/ /* this exits() on failure*/
load_config(); load_config();
if (!StartServiceCtrlDispatcherW(dispatch_table)) { if (!StartServiceCtrlDispatcherW(dispatch_table)) {

45
contrib/win32/win32compat/ssh-agent/agentconfig.c
View File

@ -53,7 +53,6 @@
Buffer cfg; Buffer cfg;
ServerOptions options; ServerOptions options;
struct passwd *privsep_pw = NULL; struct passwd *privsep_pw = NULL;
static char *config_file_name = _PATH_SERVER_CONFIG_FILE;
int auth_sock = -1; int auth_sock = -1;
int int
@ -96,49 +95,11 @@ kexgex_server(struct ssh * sh) {
return -1; return -1;
} }
static int
GetCurrentModulePath(wchar_t *path, int pathSize)
{
if (GetModuleFileNameW(NULL, path, pathSize)) {
int i;
int lastSlashPos = 0;
for (i = 0; path[i]; i++) {
if (path[i] == L'/' || path[i] == L'\\')
lastSlashPos = i;
}
path[lastSlashPos] = 0;
return 0;
}
return -1;
}
int int
load_config() { load_config() {
wchar_t basePath[PATH_MAX] = { 0 }; char *config_file_name = "sshd_config";
wchar_t path[PATH_MAX] = { 0 };
wchar_t* config_file = L"/sshd_config";
errno_t r = 0; errno_t r = 0;
if (GetCurrentModulePath(basePath, PATH_MAX) == -1)
return -1;
if (wcsnlen_s(basePath, PATH_MAX) + wcslen(config_file) + 1 > PATH_MAX)
fatal("unexpected config file path length");
if(( r = wcsncpy_s(path, PATH_MAX, basePath, wcsnlen_s(basePath, PATH_MAX))) != 0) {
debug3("memcpy_s failed with error: %d.", r);
return -1;
}
if (( r = wcsncat_s(path, PATH_MAX, L"/sshd_config", PATH_MAX - wcsnlen_s(basePath, PATH_MAX))) != 0) {
debug3("wcscat_s failed with error: %d.", r);
return -1;
}
if ((config_file_name = utf16_to_utf8(path)) == NULL)
return -1;
buffer_init(&cfg); buffer_init(&cfg);
initialize_server_options(&options); initialize_server_options(&options);
load_server_config(config_file_name, &cfg); load_server_config(config_file_name, &cfg);
@ -154,10 +115,10 @@ config_log_level() {
} }
int int
pubkey_allowed(struct sshkey* pubkey, HANDLE user_token) { pubkey_allowed(struct sshkey* pubkey, char* user_utf8) {
struct passwd *pw; struct passwd *pw;
if ((pw = w32_getpwtoken(user_token)) == NULL) if ((pw = w32_getpwnam(user_utf8)) == NULL)
return 0; return 0;
return user_key_allowed(pw, pubkey, 1); return user_key_allowed(pw, pubkey, 1);

4
contrib/win32/win32compat/ssh-agent/authagent-request.c
View File

@ -43,7 +43,7 @@
#pragma warning(push, 3) #pragma warning(push, 3)
int pubkey_allowed(struct sshkey* pubkey, HANDLE user_token); int pubkey_allowed(struct sshkey* pubkey, char* user_utf8);
static void static void
InitLsaString(LSA_STRING *lsa_string, const char *str) InitLsaString(LSA_STRING *lsa_string, const char *str)
@ -287,7 +287,7 @@ int process_pubkeyauth_request(struct sshbuf* request, struct sshbuf* response,
} }
if (pubkey_allowed(key, token) != 1) { if (pubkey_allowed(key, user) != 1) {
debug("unable to verify public key for user %ls (profile:%ls)", user_utf16, wuser_home); debug("unable to verify public key for user %ls (profile:%ls)", user_utf16, wuser_home);
goto done; goto done;
} }

7
ssh-keygen.c
View File

@ -1788,8 +1788,15 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
fatal("Could not open \"%s\" for writing: %s", out, fatal("Could not open \"%s\" for writing: %s", out,
strerror(errno)); strerror(errno));
#ifdef WINDOWS
/* Windows POSIX adpater does not support fdopen() on open(file)*/
close(fd);
if ((f = fopen(out, "w")) == NULL)
fatal("fopen %s failed: %s", identity_file, strerror(errno));
#else /* !WINDOWS */
if ((f = fdopen(fd, "w")) == NULL) if ((f = fdopen(fd, "w")) == NULL)
fatal("%s: fdopen: %s", __func__, strerror(errno)); fatal("%s: fdopen: %s", __func__, strerror(errno));
#endif /* !WINDOWS */
if ((r = sshkey_write(public, f)) != 0) if ((r = sshkey_write(public, f)) != 0)
fatal("Could not write certified key to %s: %s", fatal("Could not write certified key to %s: %s",
out, ssh_err(r)); out, ssh_err(r));