From c34b0069ff3461138823fd275d6ef52d2ef88132 Mon Sep 17 00:00:00 2001
From: Toni Spets <toni.spets@iki.fi>
Date: Tue, 25 Dec 2018 21:28:02 +0200
Subject: SSH Agent: Add support for OpenSSH for Windows (#1994)

* Fixed missing includes in Bootstrap.cpp
---
 src/core/Bootstrap.cpp | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

(limited to 'src/core/Bootstrap.cpp')

diff --git a/src/core/Bootstrap.cpp b/src/core/Bootstrap.cpp
index 2d8213b27..cfef7db7b 100644
--- a/src/core/Bootstrap.cpp
+++ b/src/core/Bootstrap.cpp
@@ -16,6 +16,7 @@
  */
 
 #include "Bootstrap.h"
+#include "config-keepassx.h"
 #include "core/Config.h"
 #include "core/Translator.h"
 #include "gui/MessageBox.h"
@@ -26,6 +27,21 @@
 #undef MessageBox
 #endif
 
+#if defined(HAVE_RLIMIT_CORE)
+#include <sys/resource.h>
+#endif
+
+#if defined(HAVE_PR_SET_DUMPABLE)
+#include <sys/prctl.h>
+#endif
+
+#ifdef HAVE_PT_DENY_ATTACH
+// clang-format off
+#include <sys/types.h>
+#include <sys/ptrace.h>
+// clang-format on
+#endif
+
 namespace Bootstrap
 {
     /**
@@ -140,6 +156,8 @@ namespace Bootstrap
         HANDLE hToken = nullptr;
         PTOKEN_USER pTokenUser = nullptr;
         DWORD cbBufferSize = 0;
+        PSID pLocalSystemSid = nullptr;
+        DWORD pLocalSystemSidSize = SECURITY_MAX_SID_SIZE;
 
         // Access control list
         PACL pACL = nullptr;
@@ -166,8 +184,19 @@ namespace Bootstrap
             goto Cleanup;
         }
 
+        // Retrieve LocalSystem account SID
+        pLocalSystemSid = static_cast<PSID>(HeapAlloc(GetProcessHeap(), 0, pLocalSystemSidSize));
+        if (pLocalSystemSid == nullptr) {
+            goto Cleanup;
+        }
+
+        if (!CreateWellKnownSid(WinLocalSystemSid, nullptr, pLocalSystemSid, &pLocalSystemSidSize)) {
+            goto Cleanup;
+        }
+
         // Calculate the amount of memory that must be allocated for the DACL
-        cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid);
+        cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid)
+                + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pLocalSystemSid);
 
         // Create and initialize an ACL
         pACL = static_cast<PACL>(HeapAlloc(GetProcessHeap(), 0, cbACL));
@@ -189,6 +218,18 @@ namespace Bootstrap
             goto Cleanup;
         }
 
+#ifdef WITH_XC_SSHAGENT
+        // OpenSSH for Windows ssh-agent service is running as LocalSystem
+        if (!AddAccessAllowedAce(
+                pACL,
+                ACL_REVISION,
+                PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, // just enough for ssh-agent
+                pLocalSystemSid // known LocalSystem sid
+                )) {
+            goto Cleanup;
+        }
+#endif
+
         // Set discretionary access control list
         bSuccess = ERROR_SUCCESS
                    == SetSecurityInfo(GetCurrentProcess(), // object handle
@@ -205,6 +246,9 @@ namespace Bootstrap
         if (pACL != nullptr) {
             HeapFree(GetProcessHeap(), 0, pACL);
         }
+        if (pLocalSystemSid != nullptr) {
+            HeapFree(GetProcessHeap(), 0, pLocalSystemSid);
+        }
         if (pTokenUser != nullptr) {
             HeapFree(GetProcessHeap(), 0, pTokenUser);
         }
-- 
cgit v1.2.3