Merging agent end points to a single one

Author: manojampalam

auth2-pubkey.c

@@ -86,6 +86,7 @@ extern u_int session_id2_len;
 #ifdef WIN32_FIXME
 
   extern char HomeDirLsaW[MAX_PATH];
+  extern int auth_sock;
 
 #endif
 
@@ -192,52 +193,24 @@ userauth_pubkey(Authctxt *authctxt)
 #ifdef WIN32_FIXME
 		{
 #define SSH_AGENT_ROOT "SOFTWARE\\SSH\\Agent"
-			HKEY agent_root = 0;
-			DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff;
-			int sock = -1, r;
+			int r;
 			u_char *blob = NULL;
 			size_t blen = 0;
 			DWORD token = 0;
-			HANDLE h = INVALID_HANDLE_VALUE;
 			struct sshbuf *msg = NULL;
 
 			while (1) {
-				RegOpenKeyEx(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, KEY_QUERY_VALUE, &agent_root);
-				if (agent_root)
-					RegQueryValueEx(agent_root, "ProcessId", 0, NULL, &agent_pid, &tmp_size);
-					
-
-				h = CreateFile(
-					"\\\\.\\pipe\\ssh-authagent",   // pipe name 
-					GENERIC_READ |  // read and write access 
-					GENERIC_WRITE,
-					0,              // no sharing 
-					NULL,           // default security attributes
-					OPEN_EXISTING,  // opens existing pipe 
-					FILE_FLAG_OVERLAPPED,              // attributes 
-					NULL);          // no template file 
-				if (h == INVALID_HANDLE_VALUE) {
-					debug("cannot connect to auth agent");
-					break;
-				}
-
-				if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || (agent_pid != pipe_server_pid)) {
-					debug("auth agent pid mismatch");
-					break;
-				}
-
-				if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0)
-					break;
 				msg = sshbuf_new();
 				if (!msg)
 					break;
-				if ((r = sshbuf_put_cstring(msg, "keyauthenticate")) != 0 ||
+				if ((r = sshbuf_put_u8(msg, 100)) != 0 ||
+					(r = sshbuf_put_cstring(msg, "pubkey")) != 0 ||
 					(r = sshkey_to_blob(key, &blob, &blen)) != 0 ||
 					(r = sshbuf_put_string(msg, blob, blen)) != 0 ||
 					(r = sshbuf_put_cstring(msg, authctxt->pw->pw_name)) != 0 ||
 					(r = sshbuf_put_string(msg, sig, slen)) != 0 ||
 					(r = sshbuf_put_string(msg, buffer_ptr(&b), buffer_len(&b))) != 0 ||
-					(r = ssh_request_reply(sock, msg, msg)) != 0 ||
+					(r = ssh_request_reply(auth_sock, msg, msg)) != 0 ||
 					(r = sshbuf_get_u32(msg, &token)) != 0) {
 					debug("auth agent did not authorize client %s", authctxt->pw->pw_name);
 					break;
@@ -246,12 +219,8 @@ userauth_pubkey(Authctxt *authctxt)
 				break;
 
 			}
-			if (agent_root)
-				RegCloseKey(agent_root);
 			if (blob)
 				free(blob);
-			if (sock != -1)
-				close(sock);
 			if (msg)
 				sshbuf_free(msg);
 

contrib/win32/win32compat/ssh-agent/agent-main.c

@@ -32,11 +32,11 @@
 #include "agent.h"
 
 
-int scm_start_servie(DWORD, LPWSTR*);
+int scm_start_service(DWORD, LPWSTR*);
 
 SERVICE_TABLE_ENTRYW dispatch_table[] =
 {
-	{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTIONW)scm_start_servie },
+	{ L"ssh-agent", (LPSERVICE_MAIN_FUNCTIONW)scm_start_service },
 	{ NULL, NULL }
 };
 static SERVICE_STATUS_HANDLE service_status_handle;
@@ -141,7 +141,7 @@ int main(int argc, char **argv) {
 	return 0;
 }
 
-int scm_start_servie(DWORD num, LPWSTR* args) {
+int scm_start_service(DWORD num, LPWSTR* args) {
 	service_status_handle = RegisterServiceCtrlHandlerW(L"ssh-agent", service_handler);
 	ZeroMemory(&service_status, sizeof(service_status));
 	service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;

contrib/win32/win32compat/ssh-agent/agentconfig.c

@@ -51,6 +51,7 @@ Buffer cfg;
 ServerOptions options;
 struct passwd *privsep_pw = NULL;
 static char *config_file_name = _PATH_SERVER_CONFIG_FILE;
+int auth_sock = -1;
 
 int	 auth2_methods_valid(const char * c, int i) {
 	return 1;

contrib/win32/win32compat/ssh-agent/authagent-request.c

@@ -167,29 +167,26 @@ generate_user_token(wchar_t* user) {
 	return token;
 }
 
-#define AUTH_REQUEST "keyauthenticate"
+#define AUTH_REQUEST "pubkey"
 #define MAX_USER_NAME_LEN 256
 
-int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
+int process_pubkeyauth_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
 	int r = -1;
-	char *opn, *key_blob, *user, *sig, *blob;
-	size_t opn_len, key_blob_len, user_len, sig_len, blob_len;
+	char *key_blob, *user, *sig, *blob;
+	size_t key_blob_len, user_len, sig_len, blob_len;
 	struct sshkey *key = NULL;
 	HANDLE token = NULL, dup_token = NULL, client_proc = NULL;
 	wchar_t wuser[MAX_USER_NAME_LEN];
 	PWSTR wuser_home = NULL;
 	ULONG client_pid;
 
 	user = NULL;
-	if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0 ||
-	    sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
+	if (sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
 	    sshbuf_get_cstring(request, &user, &user_len) != 0 ||
 	    sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
 	    sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
-	    sshkey_from_blob(key_blob, key_blob_len, &key) != 0 ||
-	    opn_len != strlen(AUTH_REQUEST) ||
-	    memcmp(opn, AUTH_REQUEST, opn_len) != 0) {
-		debug("auth agent invalid request");
+	    sshkey_from_blob(key_blob, key_blob_len, &key) != 0) {
+		debug("invalid pubkey auth request");
 		goto done;
 	}
 
@@ -231,4 +228,21 @@ int process_authagent_request(struct sshbuf* request, struct sshbuf* response, s
 	if (client_proc)
 		CloseHandle(client_proc);
 	return r;
+}
+
+int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
+	char *opn;
+	size_t opn_len;
+	if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0) {
+		debug("invalid auth request");
+		return -1;
+	}
+
+	if (opn_len == strlen(AUTH_REQUEST) && memcmp(opn, AUTH_REQUEST, opn_len) == 0)
+		return process_pubkeyauth_request(request, response, con);
+	else {
+		debug("unknown auth request: %s", opn);
+		return -1;
+	}
+		
 }

contrib/win32/win32compat/ssh-agent/connection.c

@@ -46,7 +46,7 @@ void agent_connection_on_error(struct agent_connection* con, DWORD error) {
 void agent_connection_on_io(struct agent_connection* con, DWORD bytes, OVERLAPPED* ol) {
 
 	/* process error */
-	debug("connection io %p #bytes:%d state:%d", con, bytes, con->state);
+	debug3("connection io %p #bytes:%d state:%d", con, bytes, con->state);
 	if ((bytes == 0) && (GetOverlappedResult(con->connection, ol, &bytes, FALSE) == FALSE))
 		ABORT_CONNECTION_RETURN(con);
 
@@ -155,7 +155,7 @@ get_con_client_type(HANDLE pipe) {
 	else
 		r = OTHER;
 
-	debug("client type: %d", r);
+	debug2("client type: %d", r);
 done:
 	if (sshd_sid)
 		free(sshd_sid);
@@ -167,6 +167,7 @@ get_con_client_type(HANDLE pipe) {
 	return r;
 }
 
+#define SSH_AGENT_AUTHENTICATE			100
 
 static int
 process_request(struct agent_connection* con) {
@@ -188,24 +189,31 @@ process_request(struct agent_connection* con) {
 
 		if (sshbuf_get_u8(request, &type) != 0)
 			return -1;
-		debug2("process key agent request type %d", type);
+		debug("process agent request type %d", type);
 
 		switch (type) {
 		case SSH2_AGENTC_ADD_IDENTITY:
-			return process_add_identity(request, response, con);
+			r =  process_add_identity(request, response, con);
+			break;
 		case SSH2_AGENTC_REQUEST_IDENTITIES:
-			return process_request_identities(request, response, con);
+			r = process_request_identities(request, response, con);
+			break;
 		case SSH2_AGENTC_SIGN_REQUEST:
-			return process_sign_request(request, response, con);
+			r = process_sign_request(request, response, con);
+			break;
 		case SSH2_AGENTC_REMOVE_IDENTITY:
-			return process_remove_key(request, response, con);
+			r = process_remove_key(request, response, con);
+			break;
 		case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
-			return process_remove_all(request, response, con);
-		case 100:
-			return process_authagent_request(request, response, con);
+			r = process_remove_all(request, response, con);
+			break;
+		case SSH_AGENT_AUTHENTICATE:
+			r = process_authagent_request(request, response, con);
+			break;
 		default:
 			debug("unknown agent request %d", type);
-			return -1;
+			r = -1;
+			break;
 		}
 	}