Skip to content

Commit

Permalink
added support for domain\user for key-based auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@manojampalam
manojampalam committed May 15, 2016
1 parent 2d6e648 commit 5335d43
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 2 deletions.
3 changes: 3 additions & 0 deletions contrib/win32/openssh/install-sshd.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ $scriptdir = Split-Path $scriptpath
$sshdpath = Join-Path $scriptdir "sshd.exe"
$sshagentpath = Join-Path $scriptdir "ssh-agent.exe"

$ntrights = Join-Path $scriptdir "ntrights.exe -u `"NT SERVICE\SSHD`" +r SeAssignPrimaryTokenPrivilege"

if (-not (Test-Path $sshdpath)) {
throw "sshd.exe is not present in script path"
}
Expand All @@ -25,5 +27,6 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW

New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Deamon" -StartupType Manual -DependsOn ssh-agent | Out-Null
sc.exe config sshd obj= "NT SERVICE\SSHD"
cmd.exe /c $ntrights
Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"

31 changes: 29 additions & 2 deletions contrib/win32/win32compat/ssh-agent/authagent-request.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,10 @@ InitLsaString(LSA_STRING *lsa_string, const char *str)
}
}

#define MAX_USER_LEN 256
static HANDLE
generate_user_token(wchar_t* user) {
HANDLE lsa_handle = 0, token = 0;;
HANDLE lsa_handle = 0, token = 0;
LSA_OPERATIONAL_MODE mode;
ULONG auth_package_id;
NTSTATUS ret, subStatus;
Expand All @@ -64,7 +65,33 @@ generate_user_token(wchar_t* user) {
LUID logonId;
QUOTA_LIMITS quotas;
DWORD cbProfile;
BOOL domain_user = (wcschr(user, L'@') != NULL)? TRUE : FALSE;
BOOL domain_user;

/* prep user name - TODO: implment an accurate check if user is domain account*/
if (wcsnlen(user, MAX_USER_LEN) == MAX_USER_LEN) {
debug("user length is not supported");
goto done;
}

if (wcschr(user, L'\\') != NULL) {
wchar_t *un = NULL, *dn = NULL;
DWORD un_len = 0, dn_len = 0;
dn = user;
dn_len = wcschr(user, L'\\') - user;
un = wcschr(user, L'\\') + 1;
un_len = wcsnlen(user, MAX_USER_LEN) - dn_len - 1;
if (dn_len == 0 || un_len == 0) {
debug("cannot get user token - bad user name");
goto done;
}
memcpy(user_copy, un, un_len * sizeof(wchar_t));
user_copy[un_len] = L'@';
memcpy(user_copy + un_len + 1, dn, dn_len * sizeof(wchar_t));
user_copy[dn_len + 1 + un_len] = L'\0';
user = user_copy;
}

domain_user = (wcschr(user, L'@') != NULL) ? TRUE : FALSE;

InitLsaString(&logon_process_name, "ssh-agent");
if (domain_user)
Expand Down

0 comments on commit 5335d43

Please sign in to comment.