security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-19 20:37:57 +02:00
Code Activity

Initial experiment for NamedPipe on Windows.

Browse Source 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-07-27 13:12:02 +09:00
parent 1735b5ffa8
commit f057a71e7f
1 changed files with 97 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
agent/gpg-agent.c
View File

@ -140,6 +140,7 @@ enum cmd_and_opt_values
oSSHSupport, oSSHSupport,
oSSHFingerprintDigest, oSSHFingerprintDigest,
oPuttySupport, oPuttySupport,
oWin32OpenSSHSupport,
oDisableScdaemon, oDisableScdaemon,
oDisableCheckOwnSocket, oDisableCheckOwnSocket,
oS2KCount, oS2KCount,
@ -227,6 +228,13 @@ static gpgrt_opt_t opts[] = {
/* */ N_("enable putty support") /* */ N_("enable putty support")
#else #else
/* */ "@" /* */ "@"
#endif
),
ARGPARSE_s_n (oWin32OpenSSHSupport, "enable-win32-openssh-support",
#ifdef HAVE_W32_SYSTEM
/* */ N_("enable Win32-OpenSSH support")
#else
/* */ "@"
#endif #endif
), ),
ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"), ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),
@ -357,6 +365,9 @@ static int putty_support;
value. Putty currently (0.62) uses 8k, thus 16k should be enough value. Putty currently (0.62) uses 8k, thus 16k should be enough
for the foreseeable future. */ for the foreseeable future. */
#define PUTTY_IPC_MAXLEN 16384 #define PUTTY_IPC_MAXLEN 16384
/* Flag indicating that support for Win32-OpenSSH has been enabled. */
static int win32_openssh_support;
#endif /*HAVE_W32_SYSTEM*/ #endif /*HAVE_W32_SYSTEM*/
/* The list of open file descriptors at startup. Note that this list /* The list of open file descriptors at startup. Note that this list
@ -1289,6 +1300,12 @@ main (int argc, char **argv)
# endif # endif
break; break;
case oWin32OpenSSHSupport:
# ifdef HAVE_W32_SYSTEM
win32_openssh_support = 1;
# endif
break;
case oExtraSocket: case oExtraSocket:
opt.extra_socket = 1; /* (1 = points into argv) */ opt.extra_socket = 1; /* (1 = points into argv) */
socket_name_extra = pargs.r.ret_str; socket_name_extra = pargs.r.ret_str;
@ -2745,6 +2762,75 @@ putty_message_thread (void *arg)
log_info ("putty message loop thread stopped\n"); log_info ("putty message loop thread stopped\n");
return NULL; return NULL;
} }
/* FIXME: it would be good to be specified by an option. */
#define AGENT_PIPE_NAME "\\\\.\\pipe\\openssh-ssh-agent"
/* FIXME: Don't know exact semantics, but copied from Win32-Openssh */
#define SDDL_STR "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"
/* The thread handling Win32-OpenSSH requests through NamedPipe. */
static void *
win32_openssh_thread (void *arg)
{
HANDLE pipe;
SECURITY_ATTRIBUTES sa;
const char *;
(void)arg;
if (opt.verbose)
log_info ("Win32-OpenSSH thread started\n");
memset(&sa, 0, sizeof (SECURITY_ATTRIBUTES));
sa.nLength = sizeof (sa);
if (!ConvertStringSecurityDescriptorToSecurityDescriptorA (SDDL_STR, SDDL_REVISION_1,
&sa.lpSecurityDescriptor, &sa.nLength))
{
log_error ("cannot convert sddl: %d\n", GetLastError ());
return NULL;
}
sa.bInheritHandle = FALSE;
while (1)
{
/* The message loop runs as thread independent from our nPth system.
This also means that we need to make sure that we switch back to
our system before calling any no-windows function. */
npth_unprotect ();
pipe = CreateNamedPipeW (AGENT_PIPE_NAME,
PIPE_ACCESS_DUPLEX, // | FILE_FLAG_OVERLAPPED
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
BUFSIZE, BUFSIZE, 0, &sa);
if (pipe == INVALID_HANDLE_VALUE)
{
log_error ("cannot create pipe: %d\n", GetLastError());
break;
}
if (ConnectNamedPipe (pipe, NULL) != FALSE)
{
CloseHandle (pipe);
npth_protect ();
log_error ("ConnectNamedPipe returned TRUE unexpectedly\n");
return NULL;
}
/* FIXME: Here, handle the requests from ssh client */
CloseHandle (pipe);
}
/* Back to nPth. */
npth_protect ();
if (opt.verbose)
log_info ("Win32-OpenSSH thread stopped\n");
return NULL;
}
#endif /*HAVE_W32_SYSTEM*/ #endif /*HAVE_W32_SYSTEM*/
@ -2941,6 +3027,17 @@ handle_connections (gnupg_fd_t listen_fd,
log_error ("error spawning putty message loop: %s\n", strerror (ret)); log_error ("error spawning putty message loop: %s\n", strerror (ret));
} }
} }
if (win32_openssh_support)
{
npth_t thread;
ret = npth_create (&thread, &tattr, win32_openssh_thread, NULL);
if (ret)
{
log_error ("error spawning Win32-OpenSSH loop: %s\n", strerror (ret));
}
}
#endif /*HAVE_W32_SYSTEM*/ #endif /*HAVE_W32_SYSTEM*/
/* Set a flag to tell call-scd.c that it may enable event /* Set a flag to tell call-scd.c that it may enable event