5-14 C5

manojampalam · manojampalam · commit adf15dffb534 · 2016-05-14T22:31:06.000-07:00
diff --git a/contrib/win32/win32compat/ssh-agent/agent.c b/contrib/win32/win32compat/ssh-agent/agent.c
@@ -125,7 +125,7 @@ process_connection(HANDLE pipe, int type) {
 		fatal("failed to assign pipe to ioc_port");
 
 	agent_connection_on_io(con, 0, &con->ol);
-	return iocp_work(NULL);
+	iocp_work(NULL);
 }
 
 static void 
@@ -194,7 +194,7 @@ agent_listen_loop() {
 				return;
 			}
 			else {
-				/* todo - spawn a child to take care of this*/
+				/* spawn a child to take care of this*/
 				wchar_t path[MAX_PATH], module_path[MAX_PATH];
 				PROCESS_INFORMATION pi;
 				STARTUPINFOW si;
@@ -239,9 +239,11 @@ void agent_shutdown() {
 	SetEvent(event_stop_agent);
 }
 
+#define REG_AGENT_SDDL L"D:P(A;; GR;;; AU)(A;; GA;;; SY)(A;; GA;;; BA)"
+
 void
 agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
-	int i, r;
+	int r;
 	HKEY agent_root = NULL;
 	DWORD process_id = GetCurrentProcessId();
 
@@ -251,8 +253,14 @@ agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
 	if ((ioc_port = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, (ULONG_PTR)NULL, 0)) == NULL)
 		fatal("cannot create ioc port ERROR:%d", GetLastError());
 
+
 	if (child == FALSE) {
-		if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, 0, &agent_root, 0)) != ERROR_SUCCESS)
+		SECURITY_ATTRIBUTES sa;
+		memset(&sa, 0, sizeof(SECURITY_ATTRIBUTES));
+		sa.nLength = sizeof(sa);
+		if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(REG_AGENT_SDDL, SDDL_REVISION_1, &sa.lpSecurityDescriptor, &sa.nLength))
+			fatal("ConvertStringSecurityDescriptorToSecurityDescriptorW failed");
+		if ((r = RegCreateKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_ROOT, 0, 0, 0, KEY_WRITE, &sa, &agent_root, 0)) != ERROR_SUCCESS)
 			fatal("cannot create agent root reg key, ERROR:%d", r);
 		if ((r = RegSetValueExW(agent_root, L"ProcessID", 0, REG_DWORD, (BYTE*)&process_id, 4)) != ERROR_SUCCESS)
 			fatal("cannot publish agent master process id ERROR:%d", r);
@@ -266,6 +274,5 @@ agent_start(BOOL dbg_mode, BOOL child, HANDLE pipe, enum agent_type type) {
 		process_connection(pipe, type);
 	}
 	
-	return 0;
 }
 
diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c
@@ -138,10 +138,10 @@ generate_user_token(wchar_t* user) {
 }
 
 #define AUTH_REQUEST "keyauthenticate"
-#define MAX_USER_NAME_LEN 255 + 255
+#define MAX_USER_NAME_LEN 256
 
 int process_authagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
-	int r = 0;
+	int r = -1;
 	char *opn, *key_blob, *user, *sig, *blob;
 	size_t opn_len, key_blob_len, user_len, sig_len, blob_len;
 	struct sshkey *key = NULL;
@@ -151,36 +151,44 @@ int process_authagent_request(struct sshbuf* request, struct sshbuf* response, s
 	ULONG client_pid;
 
 	user = NULL;
-	if ((r = sshbuf_get_string_direct(request, &opn, &opn_len)) != 0 ||
-	    (r = sshbuf_get_string_direct(request, &key_blob, &key_blob_len)) != 0 ||
-	    (r = sshbuf_get_cstring(request, &user, &user_len)) != 0 ||
-	    (r = sshbuf_get_string_direct(request, &sig, &sig_len)) != 0 ||
-	    (r = sshbuf_get_string_direct(request, &blob, &blob_len)) != 0 ||
-	    (r = sshkey_from_blob(key_blob, key_blob_len, &key)) != 0)
+	if (sshbuf_get_string_direct(request, &opn, &opn_len) != 0 ||
+	    sshbuf_get_string_direct(request, &key_blob, &key_blob_len) != 0 ||
+	    sshbuf_get_cstring(request, &user, &user_len) != 0 ||
+	    sshbuf_get_string_direct(request, &sig, &sig_len) != 0 ||
+	    sshbuf_get_string_direct(request, &blob, &blob_len) != 0 ||
+	    sshkey_from_blob(key_blob, key_blob_len, &key) != 0 ||
+	    opn_len != strlen(AUTH_REQUEST) ||
+	    memcmp(opn, AUTH_REQUEST, opn_len) != 0) {
+		debug("auth agent invalid request");
 		goto done;
+	}
 
-	if ((opn_len != strlen(AUTH_REQUEST)) || (memcmp(opn, AUTH_REQUEST, opn_len) != 0)) {
-		r = EINVAL;
+	if (MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN) == 0 ||
+	    (token = generate_user_token(wuser)) == 0) {
+		debug("unable to generate user token");
 		goto done;
 	}
 
-	if (0 == MultiByteToWideChar(CP_UTF8, 0, user, user_len + 1, wuser, MAX_USER_NAME_LEN)) {
-		r = GetLastError();
+	if (SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
+		pubkey_allowed(key, wuser, wuser_home) != 1) {
+		debug("given public key is not mapped to user %ls", wuser);
 		goto done;
 	}
 
-	if (key_verify(key, sig, sig_len, blob, blob_len) != 1 ||
-	    (token = generate_user_token(wuser)) == 0 ||
-	    SHGetKnownFolderPath(&FOLDERID_Profile, 0, token, &wuser_home) != S_OK ||
-	    pubkey_allowed(key, wuser, wuser_home) != 1 ||
-	    (FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
+	if (key_verify(key, sig, sig_len, blob, blob_len) != 1) {
+		debug("signature verification failed");
+		goto done;
+	}
+	
+	if ((FALSE == GetNamedPipeClientProcessId(con->connection, &client_pid)) ||
 	    ( (client_proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, client_pid)) == NULL) ||
 	    (FALSE == DuplicateHandle(GetCurrentProcess(), token, client_proc, &dup_token, TOKEN_QUERY | TOKEN_IMPERSONATE, FALSE, DUPLICATE_SAME_ACCESS)) ||
 	    (sshbuf_put_u32(response, dup_token) != 0) ) {
-		r = EINVAL;
+		debug("failed to authorize user");
 		goto done;
 	}
 	
+	r = 0;
 done:
 	if (user)
 		free(user);
diff --git a/contrib/win32/win32compat/ssh-agent/keyagent-request.c b/contrib/win32/win32compat/ssh-agent/keyagent-request.c
@@ -39,6 +39,7 @@
 static int
 get_user_root(struct agent_connection* con, HKEY *root){
 	int r = 0;
+	*root = NULL;
 	if (ImpersonateNamedPipeClient(con->connection) == FALSE)
 		return -1;
 	
@@ -47,6 +48,8 @@ get_user_root(struct agent_connection* con, HKEY *root){
 	else if (RegOpenCurrentUser(KEY_ALL_ACCESS, root) != ERROR_SUCCESS)
 		r = -1;
 
+	if (*root == NULL)
+		debug("cannot connect to user's registry root");
 	RevertToSelf();
 	return r;
 }
@@ -411,11 +414,10 @@ process_request_identities(struct sshbuf* request, struct sshbuf* response, stru
 
 
 int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, struct agent_connection* con) {
-	int r;
 	u_char type;
 
-	if ((r = sshbuf_get_u8(request, &type)) != 0)
-		return r;
+	if (sshbuf_get_u8(request, &type) != 0)
+		return -1;
 	debug2("process key agent request type %d", type);
 
 	switch (type) {
@@ -431,6 +433,6 @@ int process_keyagent_request(struct sshbuf* request, struct sshbuf* response, st
 		return process_remove_all(request, response, con);
 	default:
 		debug("unknown key agent request %d", type);
-		return EINVAL;		
+		return -1;		
 	}
 }
