2 * Pageant client code.
\r
14 #define AGENT_COPYDATA_ID 0x804e50ba /* random goop */
\r
15 #define AGENT_MAX_MSGLEN 8192
\r
17 int agent_exists(void)
\r
20 hwnd = FindWindow("Pageant", "Pageant");
\r
28 * Unfortunately, this asynchronous agent request mechanism doesn't
\r
29 * appear to work terribly well. I'm going to comment it out for
\r
30 * the moment, and see if I can come up with a better one :-/
\r
32 #ifdef WINDOWS_ASYNC_AGENT
\r
34 struct agent_query_data {
\r
36 unsigned char *mapping;
\r
40 void (*callback)(void *, void *, int);
\r
44 DWORD WINAPI agent_query_thread(LPVOID param)
\r
46 struct agent_query_data *data = (struct agent_query_data *)param;
\r
50 id = SendMessage(data->hwnd, WM_COPYDATA, (WPARAM) NULL,
\r
51 (LPARAM) &data->cds);
\r
54 retlen = 4 + GET_32BIT(data->mapping);
\r
55 ret = snewn(retlen, unsigned char);
\r
57 memcpy(ret, data->mapping, retlen);
\r
62 UnmapViewOfFile(data->mapping);
\r
63 CloseHandle(data->handle);
\r
64 sfree(data->mapname);
\r
66 agent_schedule_callback(data->callback, data->callback_ctx, ret, retlen);
\r
74 * Dynamically load advapi32.dll for SID manipulation. In its absence,
\r
75 * we degrade gracefully.
\r
78 int advapi_initialised = FALSE;
\r
79 static HMODULE advapi;
\r
80 DECL_WINDOWS_FUNCTION(static, BOOL, OpenProcessToken,
\r
81 (HANDLE, DWORD, PHANDLE));
\r
82 DECL_WINDOWS_FUNCTION(static, BOOL, GetTokenInformation,
\r
83 (HANDLE, TOKEN_INFORMATION_CLASS,
\r
84 LPVOID, DWORD, PDWORD));
\r
85 DECL_WINDOWS_FUNCTION(static, BOOL, InitializeSecurityDescriptor,
\r
86 (PSECURITY_DESCRIPTOR, DWORD));
\r
87 DECL_WINDOWS_FUNCTION(static, BOOL, SetSecurityDescriptorOwner,
\r
88 (PSECURITY_DESCRIPTOR, PSID, BOOL));
\r
89 DECL_WINDOWS_FUNCTION(, DWORD, GetSecurityInfo,
\r
90 (HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
\r
91 PSID *, PSID *, PACL *, PACL *,
\r
92 PSECURITY_DESCRIPTOR *));
\r
93 int init_advapi(void)
\r
95 advapi = load_system32_dll("advapi32.dll");
\r
97 GET_WINDOWS_FUNCTION(advapi, GetSecurityInfo) &&
\r
98 GET_WINDOWS_FUNCTION(advapi, OpenProcessToken) &&
\r
99 GET_WINDOWS_FUNCTION(advapi, GetTokenInformation) &&
\r
100 GET_WINDOWS_FUNCTION(advapi, InitializeSecurityDescriptor) &&
\r
101 GET_WINDOWS_FUNCTION(advapi, SetSecurityDescriptorOwner);
\r
104 PSID get_user_sid(void)
\r
106 HANDLE proc = NULL, tok = NULL;
\r
107 TOKEN_USER *user = NULL;
\r
108 DWORD toklen, sidlen;
\r
109 PSID sid = NULL, ret = NULL;
\r
111 if ((proc = OpenProcess(MAXIMUM_ALLOWED, FALSE,
\r
112 GetCurrentProcessId())) == NULL)
\r
115 if (!p_OpenProcessToken(proc, TOKEN_QUERY, &tok))
\r
118 if (!p_GetTokenInformation(tok, TokenUser, NULL, 0, &toklen) &&
\r
119 GetLastError() != ERROR_INSUFFICIENT_BUFFER)
\r
122 if ((user = (TOKEN_USER *)LocalAlloc(LPTR, toklen)) == NULL)
\r
125 if (!p_GetTokenInformation(tok, TokenUser, user, toklen, &toklen))
\r
128 sidlen = GetLengthSid(user->User.Sid);
\r
130 sid = (PSID)smalloc(sidlen);
\r
132 if (!CopySid(sidlen, sid, user->User.Sid))
\r
135 /* Success. Move sid into the return value slot, and null it out
\r
136 * to stop the cleanup code freeing it. */
\r
155 int agent_query(void *in, int inlen, void **out, int *outlen,
\r
156 void (*callback)(void *, void *, int), void *callback_ctx)
\r
161 unsigned char *p, *ret;
\r
163 COPYDATASTRUCT cds;
\r
164 SECURITY_ATTRIBUTES sa, *psa;
\r
165 PSECURITY_DESCRIPTOR psd = NULL;
\r
166 PSID usersid = NULL;
\r
171 hwnd = FindWindow("Pageant", "Pageant");
\r
173 return 1; /* *out == NULL, so failure */
\r
174 mapname = dupprintf("PageantRequest%08x", (unsigned)GetCurrentThreadId());
\r
177 #ifndef NO_SECURITY
\r
178 if (advapi_initialised || init_advapi()) {
\r
180 * Make the file mapping we create for communication with
\r
181 * Pageant owned by the user SID rather than the default. This
\r
182 * should make communication between processes with slightly
\r
183 * different contexts more reliable: in particular, command
\r
184 * prompts launched as administrator should still be able to
\r
185 * run PSFTPs which refer back to the owning user's
\r
186 * unprivileged Pageant.
\r
188 usersid = get_user_sid();
\r
191 psd = (PSECURITY_DESCRIPTOR)
\r
192 LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
\r
194 if (p_InitializeSecurityDescriptor
\r
195 (psd, SECURITY_DESCRIPTOR_REVISION) &&
\r
196 p_SetSecurityDescriptorOwner(psd, usersid, FALSE)) {
\r
197 sa.nLength = sizeof(sa);
\r
198 sa.bInheritHandle = TRUE;
\r
199 sa.lpSecurityDescriptor = psd;
\r
208 #endif /* NO_SECURITY */
\r
210 filemap = CreateFileMapping(INVALID_HANDLE_VALUE, psa, PAGE_READWRITE,
\r
211 0, AGENT_MAX_MSGLEN, mapname);
\r
212 if (filemap == NULL || filemap == INVALID_HANDLE_VALUE) {
\r
214 return 1; /* *out == NULL, so failure */
\r
216 p = MapViewOfFile(filemap, FILE_MAP_WRITE, 0, 0, 0);
\r
217 memcpy(p, in, inlen);
\r
218 cds.dwData = AGENT_COPYDATA_ID;
\r
219 cds.cbData = 1 + strlen(mapname);
\r
220 cds.lpData = mapname;
\r
221 #ifdef WINDOWS_ASYNC_AGENT
\r
222 if (callback != NULL && !(flags & FLAG_SYNCAGENT)) {
\r
224 * We need an asynchronous Pageant request. Since I know of
\r
225 * no way to stop SendMessage from blocking the thread it's
\r
226 * called in, I see no option but to start a fresh thread.
\r
227 * When we're done we'll PostMessage the result back to our
\r
228 * main window, so that the callback is done in the primary
\r
229 * thread to avoid concurrency.
\r
231 struct agent_query_data *data = snew(struct agent_query_data);
\r
234 data->handle = filemap;
\r
235 data->mapname = mapname;
\r
236 data->callback = callback;
\r
237 data->callback_ctx = callback_ctx;
\r
238 data->cds = cds; /* structure copy */
\r
240 if (CreateThread(NULL, 0, agent_query_thread, data, 0, &threadid))
\r
248 * The user either passed a null callback (indicating that the
\r
249 * query is required to be synchronous) or CreateThread failed.
\r
250 * Either way, we need a synchronous request.
\r
252 id = SendMessage(hwnd, WM_COPYDATA, (WPARAM) NULL, (LPARAM) &cds);
\r
254 retlen = 4 + GET_32BIT(p);
\r
255 ret = snewn(retlen, unsigned char);
\r
257 memcpy(ret, p, retlen);
\r
262 UnmapViewOfFile(p);
\r
263 CloseHandle(filemap);
\r