Minor fixes to agent updates

manojampalam · manojampalam · commit 6b7d17dd279e · 2016-09-21T13:49:57.000-07:00
diff --git a/auth-passwd.c b/auth-passwd.c
@@ -155,23 +155,23 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
 #ifdef HAVE_LOGIN_CAP
 	if (authctxt->valid) {
 		pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
-			TWO_WEEKS);
+		    TWO_WEEKS);
 		acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
-			TWO_WEEKS);
+		    TWO_WEEKS);
 	}
 #endif
 	if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
 		daysleft = pwtimeleft / DAY + 1;
 		snprintf(buf, sizeof(buf),
-			"Your password will expire in %lld day%s.\n",
-			daysleft, daysleft == 1 ? "" : "s");
+		    "Your password will expire in %lld day%s.\n",
+		    daysleft, daysleft == 1 ? "" : "s");
 		buffer_append(&loginmsg, buf, strlen(buf));
 	}
 	if (actimeleft != 0 && actimeleft < acwarntime) {
 		daysleft = actimeleft / DAY + 1;
 		snprintf(buf, sizeof(buf),
-			"Your account will expire in %lld day%s.\n",
-			daysleft, daysleft == 1 ? "" : "s");
+		    "Your account will expire in %lld day%s.\n",
+		    daysleft, daysleft == 1 ? "" : "s");
 		buffer_append(&loginmsg, buf, strlen(buf));
 	}
 }
@@ -184,16 +184,15 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 	static int expire_checked = 0;
 
 	as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
-		(char *)password);
+	    (char *)password);
 	if (as == NULL)
 		return (0);
 	if (auth_getstate(as) & AUTH_PWEXPIRED) {
 		auth_close(as);
 		disable_forwarding();
 		authctxt->force_pwchange = 1;
 		return (1);
-	}
-	else {
+	} else {
 		if (!expire_checked) {
 			expire_checked = 1;
 			warn_expiry(authctxt, as);
@@ -258,13 +257,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 
 	/* Encrypt the candidate password using the proper salt. */
 	encrypted_password = xcrypt(password,
-		(pw_password[0] && pw_password[1]) ? pw_password : "xx");
+	    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
 
 	/*
 	 * Authentication is accepted if the encrypted passwords
 	 * are identical.
 	 */
 	return encrypted_password != NULL &&
-		strcmp(encrypted_password, pw_password) == 0;
+	    strcmp(encrypted_password, pw_password) == 0;
 }
 #endif
diff --git a/contrib/win32/win32compat/pwd.c b/contrib/win32/win32compat/pwd.c
@@ -165,7 +165,7 @@ char *GetHomeDirFromToken(char *userName, HANDLE token)
 		RegCloseKey(reg_key);
 
         { /* retrieve and set env variables. */
-                /* TODO - Get away with fixed limits and dynamically allocated required memory*/
+                /* TODO - Get away with fixed limits and dynamically allocate required memory, cleanup this logic*/
 #define MAX_VALUE_LEN  1000
 #define MAX_DATA_LEN   2000
 #define MAX_EXPANDED_DATA_LEN 5000
@@ -176,7 +176,8 @@ char *GetHomeDirFromToken(char *userName, HANDLE token)
                 int i;
                 LONG ret;
                 
-                ImpersonateLoggedOnUser(token);
+                if (ImpersonateLoggedOnUser(token) == FALSE)
+                        debug("Failed to impersonate user token, %d", GetLastError());
                 SET_USER_ENV(FOLDERID_LocalAppData, L"LOCALAPPDATA");
                 SET_USER_ENV(FOLDERID_Profile, L"USERPROFILE");
                 SET_USER_ENV(FOLDERID_RoamingAppData, L"APPDATA");
diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c
@@ -201,7 +201,7 @@ generate_user_token(wchar_t* user) {
 	    &token,
 	    &quotas,
 	    &subStatus) != STATUS_SUCCESS) {
-	    debug("LsaLogonUser failed");
+	    debug("LsaLogonUser failed %d", ret);
 		goto done;
 	}
 
@@ -256,12 +256,16 @@ int process_passwordauth_request(struct sshbuf* request, struct sshbuf* response
 		*tmp = L'\0';
 	}
 
-	if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE ||
-		(FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
-		((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
-		(FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
-		(sshbuf_put_u32(response, dup_token) != 0)) {
-		debug("failed to authenticate user");
+        if (LogonUserW(userW, domW, pwdW, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
+                debug("failed to logon user");
+                goto done;
+        }
+                
+	if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
+	    ((client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
+	    (FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
+	    (sshbuf_put_u32(response, dup_token) != 0)) {
+	        debug("failed to duplicate user token");
 		goto done;
 	}
 
diff --git a/contrib/win32/win32compat/ssh-agent/connection.c b/contrib/win32/win32compat/ssh-agent/connection.c
@@ -167,6 +167,7 @@ get_con_client_type(HANDLE pipe) {
 	return r;
 }
 
+/* TODO - move this to common header*/
 #define SSH_AGENT_AUTHENTICATE			100
 
 static int

Original file line number	Diff line number	Diff line change
`@@ -167,6 +167,7 @@ get_con_client_type(HANDLE pipe) {`
`167`	`167`	`return r;`
`168`	`168`	`}`
`169`	`169`
	`170`	`+/* TODO - move this to common header*/`
`170`	`171`	`#define SSH_AGENT_AUTHENTICATE 100`
`171`	`172`
`172`	`173`	`static int`