added support for domain\user for key-based auth

manojampalam · manojampalam · commit 5335d43fb6ca · 2016-05-15T12:30:05.000-07:00
diff --git a/contrib/win32/openssh/install-sshd.ps1 b/contrib/win32/openssh/install-sshd.ps1
@@ -4,6 +4,8 @@ $scriptdir = Split-Path $scriptpath
 $sshdpath = Join-Path $scriptdir "sshd.exe"
 $sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
 
+$ntrights = Join-Path $scriptdir "ntrights.exe -u `"NT SERVICE\SSHD`" +r SeAssignPrimaryTokenPrivilege"
+
 if (-not (Test-Path $sshdpath)) {
     throw "sshd.exe is not present in script path"
 }
@@ -25,5 +27,6 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW
 
 New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Deamon" -StartupType Manual -DependsOn ssh-agent | Out-Null
 sc.exe config sshd obj= "NT SERVICE\SSHD"
+cmd.exe /c $ntrights
 Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"
 
diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c
@@ -50,9 +50,10 @@ InitLsaString(LSA_STRING *lsa_string, const char *str)
 	}
 }
 
+#define MAX_USER_LEN 256
 static HANDLE 
 generate_user_token(wchar_t* user) {
-	HANDLE lsa_handle = 0, token = 0;;
+	HANDLE lsa_handle = 0, token = 0;
 	LSA_OPERATIONAL_MODE mode;
 	ULONG auth_package_id;
 	NTSTATUS ret, subStatus;
@@ -64,7 +65,33 @@ generate_user_token(wchar_t* user) {
 	LUID logonId;
 	QUOTA_LIMITS quotas;
 	DWORD cbProfile;
-	BOOL domain_user = (wcschr(user, L'@') != NULL)? TRUE : FALSE;
+	BOOL domain_user;
+	
+	/* prep user name - TODO: implment an accurate check if user is domain account*/
+	if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) {
+		debug("user length is not supported");
+		goto done;
+	}
+
+	if (wcschr(user, L'\\') != NULL) {
+		wchar_t *un = NULL, *dn = NULL;
+		DWORD un_len = 0, dn_len = 0;
+		dn = user;
+		dn_len = wcschr(user, L'\\') - user;
+		un = wcschr(user, L'\\') + 1;
+		un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1;
+		if (dn_len == 0 || un_len == 0) {
+			debug("cannot get user token - bad user name");
+			goto done;
+		}
+		memcpy(user_copy, un, un_len * sizeof(wchar_t));
+		user_copy[un_len] = L'@';
+		memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t));
+		user_copy[dn_len + 1 + un_len] = L'\0';
+		user = user_copy;
+	}
+	
+	domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE;
 
 	InitLsaString(&logon_process_name, "ssh-agent");
 	if (domain_user)
