diff options
author | Toni Spets <toni.spets@iki.fi> | 2018-12-25 22:28:02 +0300 |
---|---|---|
committer | Jonathan White <support@dmapps.us> | 2018-12-25 22:28:02 +0300 |
commit | c34b0069ff3461138823fd275d6ef52d2ef88132 (patch) | |
tree | 7927bc7a5405889a921e0c818c82c04ae061ce21 /src/core | |
parent | 5488f1bfc336219bed677e67a63954c3959ecace (diff) |
SSH Agent: Add support for OpenSSH for Windows (#1994)
* Fixed missing includes in Bootstrap.cpp
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/Bootstrap.cpp | 46 | ||||
-rw-r--r-- | src/core/Tools.cpp | 17 |
2 files changed, 45 insertions, 18 deletions
diff --git a/src/core/Bootstrap.cpp b/src/core/Bootstrap.cpp index 2d8213b27..cfef7db7b 100644 --- a/src/core/Bootstrap.cpp +++ b/src/core/Bootstrap.cpp @@ -16,6 +16,7 @@ */ #include "Bootstrap.h" +#include "config-keepassx.h" #include "core/Config.h" #include "core/Translator.h" #include "gui/MessageBox.h" @@ -26,6 +27,21 @@ #undef MessageBox #endif +#if defined(HAVE_RLIMIT_CORE) +#include <sys/resource.h> +#endif + +#if defined(HAVE_PR_SET_DUMPABLE) +#include <sys/prctl.h> +#endif + +#ifdef HAVE_PT_DENY_ATTACH +// clang-format off +#include <sys/types.h> +#include <sys/ptrace.h> +// clang-format on +#endif + namespace Bootstrap { /** @@ -140,6 +156,8 @@ namespace Bootstrap HANDLE hToken = nullptr; PTOKEN_USER pTokenUser = nullptr; DWORD cbBufferSize = 0; + PSID pLocalSystemSid = nullptr; + DWORD pLocalSystemSidSize = SECURITY_MAX_SID_SIZE; // Access control list PACL pACL = nullptr; @@ -166,8 +184,19 @@ namespace Bootstrap goto Cleanup; } + // Retrieve LocalSystem account SID + pLocalSystemSid = static_cast<PSID>(HeapAlloc(GetProcessHeap(), 0, pLocalSystemSidSize)); + if (pLocalSystemSid == nullptr) { + goto Cleanup; + } + + if (!CreateWellKnownSid(WinLocalSystemSid, nullptr, pLocalSystemSid, &pLocalSystemSidSize)) { + goto Cleanup; + } + // Calculate the amount of memory that must be allocated for the DACL - cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid); + cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pLocalSystemSid); // Create and initialize an ACL pACL = static_cast<PACL>(HeapAlloc(GetProcessHeap(), 0, cbACL)); @@ -189,6 +218,18 @@ namespace Bootstrap goto Cleanup; } +#ifdef WITH_XC_SSHAGENT + // OpenSSH for Windows ssh-agent service is running as LocalSystem + if (!AddAccessAllowedAce( + pACL, + ACL_REVISION, + PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, // just enough for ssh-agent + pLocalSystemSid // known LocalSystem sid + )) { + goto Cleanup; + } +#endif + // Set discretionary access control list bSuccess = ERROR_SUCCESS == SetSecurityInfo(GetCurrentProcess(), // object handle @@ -205,6 +246,9 @@ namespace Bootstrap if (pACL != nullptr) { HeapFree(GetProcessHeap(), 0, pACL); } + if (pLocalSystemSid != nullptr) { + HeapFree(GetProcessHeap(), 0, pLocalSystemSid); + } if (pTokenUser != nullptr) { HeapFree(GetProcessHeap(), 0, pTokenUser); } diff --git a/src/core/Tools.cpp b/src/core/Tools.cpp index 67a8c5f42..495ce9ed8 100644 --- a/src/core/Tools.cpp +++ b/src/core/Tools.cpp @@ -39,23 +39,6 @@ #include <time.h> // for nanosleep() #endif -#include "config-keepassx.h" - -#if defined(HAVE_RLIMIT_CORE) -#include <sys/resource.h> -#endif - -#if defined(HAVE_PR_SET_DUMPABLE) -#include <sys/prctl.h> -#endif - -#ifdef HAVE_PT_DENY_ATTACH -// clang-format off -#include <sys/types.h> -#include <sys/ptrace.h> -// clang-format on -#endif - namespace Tools { QString humanReadableFileSize(qint64 bytes, quint32 precision) |