nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Added Pageant, a first-attempt PuTTY authentication agent

Browse Source 
[originally from svn r589]
This commit is contained in:
Simon Tatham 2000-09-14 15:02:50 +00:00
parent 48d82b94b4
commit c366174cc2
12 changed files with 1020 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Makefile
View File

@ -50,23 +50,28 @@ GOBJS2 = xlat.$(OBJ) sizetip.$(OBJ)
##-- objects putty puttytel plink
LOBJS1 = telnet.$(OBJ) raw.$(OBJ) ldisc.$(OBJ)
##-- objects putty plink
POBJS = ssh.$(OBJ) be_all.$(OBJ)
POBJS = be_all.$(OBJ)
##-- objects puttytel
TOBJS = be_nossh.$(OBJ)
##-- objects plink
PLOBJS = plink.$(OBJ) windlg.$(OBJ)
##-- objects pscp
SOBJS = scp.$(OBJ) windlg.$(OBJ) ssh.$(OBJ) be_none.$(OBJ)
SOBJS = scp.$(OBJ) windlg.$(OBJ) be_none.$(OBJ)
##-- objects putty puttytel pscp plink
MOBJS = misc.$(OBJ) version.$(OBJ)
##-- objects putty pscp plink
OBJS1 = sshcrc.$(OBJ) sshdes.$(OBJ) sshmd5.$(OBJ) sshrsa.$(OBJ) sshrand.$(OBJ)
OBJS2 = sshsha.$(OBJ) sshblowf.$(OBJ) noise.$(OBJ) sshdh.$(OBJ) sshdss.$(OBJ)
OBJS3 = sshbn.$(OBJ) sshpubk.$(OBJ)
OBJS3 = sshbn.$(OBJ) sshpubk.$(OBJ) ssh.$(OBJ) pageantc.$(OBJ)
##-- objects pageant
PAGE1 = pageant.$(OBJ) sshrsa.$(OBJ) sshpubk.$(OBJ) sshdes.$(OBJ) sshbn.$(OBJ)
PAGE2 = sshmd5.$(OBJ) version.$(OBJ) tree234.$(OBJ)
##-- resources putty
PRESRC = win_res.$(RES)
##-- resources puttytel
TRESRC = nosshres.$(RES)
##-- resources pageant
PAGERC = pageant.$(RES)
##-- resources pscp
SRESRC = scp.$(RES)
##-- resources plink
@ -76,16 +81,19 @@ LRESRC = plink.$(RES)
##-- gui-apps
# putty
# puttytel
# pageant
##-- console-apps
# pscp
# plink
##--
LIBS1 = advapi32.lib user32.lib gdi32.lib
LIBS2 = comctl32.lib comdlg32.lib
LIBS3 = shell32.lib
SOCK1 = wsock32.lib
SOCK2 = ws2_32.lib
all: putty.exe puttytel.exe pscp.exe plink.exe
all: putty.exe puttytel.exe pscp.exe plink.exe pageant.exe
putty.exe: $(GOBJS1) $(GOBJS2) $(LOBJS1) $(POBJS) $(MOBJS) $(OBJS1) $(OBJS2) $(OBJS3) $(PRESRC) putty.rsp
link $(LFLAGS) -out:putty.exe @putty.rsp
@ -93,6 +101,9 @@ putty.exe: $(GOBJS1) $(GOBJS2) $(LOBJS1) $(POBJS) $(MOBJS) $(OBJS1) $(OBJS2) $(O
puttytel.exe: $(GOBJS1) $(GOBJS2) $(LOBJS1) $(TOBJS) $(MOBJS) $(TRESRC) puttytel.rsp
link $(LFLAGS) -out:puttytel.exe @puttytel.rsp
pageant.exe: $(PAGE1) $(PAGE2) $(PAGERC) pageant.rsp
link $(LFLAGS) -out:pageant.exe @pageant.rsp
pscp.exe: $(SOBJS) $(MOBJS) $(OBJS1) $(OBJS2) $(OBJS3) $(SRESRC) pscp.rsp
link $(LFLAGS) -out:pscp.exe @pscp.rsp
@ -126,6 +137,15 @@ puttytel.rsp: makefile
echo $(LIBS2) >> puttytel.rsp
echo $(SOCK1) >> puttytel.rsp
pageant.rsp: makefile
echo /nologo /subsystem:windows > pageant.rsp
echo $(PAGE1) >> pageant.rsp
echo $(PAGE2) >> pageant.rsp
echo $(PAGERC) >> pageant.rsp
echo $(LIBS1) >> pageant.rsp
echo $(LIBS2) >> pageant.rsp
echo $(LIBS3) >> pageant.rsp
pscp.rsp: makefile
echo /nologo /subsystem:console > pscp.rsp
echo $(SOBJS) >> pscp.rsp
@ -181,6 +201,8 @@ be_all.$(OBJ): be_all.c
be_nossh.$(OBJ): be_nossh.c
be_none.$(OBJ): be_none.c
plink.$(OBJ): plink.c putty.h
pageant.$(OBJ): pageant.c ssh.h tree234.h
tree234.$(OBJ): tree234.c tree234.h
##--
# Hack to force version.obj to be rebuilt always
@ -207,6 +229,12 @@ scp.$(RES): scp.rc scp.ico
scp.$(RES):
rc $(FWHACK) $(RCFL) -r -DWIN32 -D_WIN32 -DWINVER=0x0400 scp.rc
##-- dependencies
pageant.$(RES): pageant.rc pageant.ico pageants.ico
##--
pageant.$(RES):
rc $(FWHACK) $(RCFL) -r -DWIN32 -D_WIN32 -DWINVER=0x0400 pageant.rc
clean:
del *.obj
del *.exe

610
pageant.c Normal file
View File

@ -0,0 +1,610 @@
/*
* Pageant: the PuTTY Authentication Agent.
*/
#include <windows.h>
#include <stdio.h> /* FIXME */
#include "putty.h" /* FIXME */
#include "ssh.h"
#include "tree234.h"
#define IDI_MAINICON 200
#define IDI_TRAYICON 201
#define WM_XUSER (WM_USER + 0x2000)
#define WM_SYSTRAY (WM_XUSER + 6)
#define WM_SYSTRAY2 (WM_XUSER + 7)
#define WM_CLOSEMEM (WM_XUSER + 10)
#define IDM_CLOSE 0x0010
#define IDM_VIEWKEYS 0x0020
#define APPNAME "Pageant"
#define MAILSLOTNAME "\\\\.\\mailslot\\pageant_listener"
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
#define SSH_AGENTC_RSA_CHALLENGE 3
#define SSH_AGENT_RSA_RESPONSE 4
#define SSH_AGENT_FAILURE 5
#define SSH_AGENT_SUCCESS 6
#define SSH_AGENTC_ADD_RSA_IDENTITY 7
#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8
HINSTANCE instance;
HWND hwnd;
HWND keylist;
HMENU systray_menu;
tree234 *rsakeys;
/*
* We need this to link with the RSA code, because rsaencrypt()
* pads its data with random bytes. Since we only use rsadecrypt(),
* which is deterministic, this should never be called.
*
* If it _is_ called, there is a _serious_ problem, because it
* won't generate true random numbers. So we must scream, panic,
* and exit immediately if that should happen.
*/
int random_byte(void) {
MessageBox(hwnd, "Internal Error", APPNAME, MB_OK | MB_ICONERROR);
exit(0);
}
/*
* This function is needed to link with the DES code. We need not
* have it do anything at all.
*/
void logevent(char *msg) {
}
#define GET_32BIT(cp) \
(((unsigned long)(unsigned char)(cp)[0] << 24) | \
((unsigned long)(unsigned char)(cp)[1] << 16) | \
((unsigned long)(unsigned char)(cp)[2] << 8) | \
((unsigned long)(unsigned char)(cp)[3]))
#define PUT_32BIT(cp, value) { \
(cp)[0] = (unsigned char)((value) >> 24); \
(cp)[1] = (unsigned char)((value) >> 16); \
(cp)[2] = (unsigned char)((value) >> 8); \
(cp)[3] = (unsigned char)(value); }
#define PASSPHRASE_MAXLEN 512
/*
* Dialog-box function for the passphrase box.
*/
static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
WPARAM wParam, LPARAM lParam) {
static char *passphrase;
switch (msg) {
case WM_INITDIALOG:
passphrase = (char *)lParam;
*passphrase = 0;
return 0;
case WM_COMMAND:
switch (LOWORD(wParam)) {
case IDOK:
if (*passphrase)
EndDialog (hwnd, 1);
else
MessageBeep (0);
return 0;
case IDCANCEL:
EndDialog (hwnd, 0);
return 0;
case 102: /* edit box */
if (HIWORD(wParam) == EN_CHANGE) {
GetDlgItemText (hwnd, 102, passphrase, PASSPHRASE_MAXLEN-1);
passphrase[PASSPHRASE_MAXLEN-1] = '\0';
}
return 0;
}
return 0;
case WM_CLOSE:
EndDialog (hwnd, 0);
return 0;
}
return 0;
}
/*
* This function loads a key from a file and adds it.
*/
void add_keyfile(char *filename) {
char passphrase[PASSPHRASE_MAXLEN];
struct RSAKey *key;
int needs_pass;
int ret;
int attempts;
needs_pass = rsakey_encrypted(filename);
attempts = 0;
key = malloc(sizeof(*key));
do {
if (needs_pass) {
int dlgret;
dlgret = DialogBoxParam(instance, MAKEINTRESOURCE(210),
NULL, PassphraseProc,
(LPARAM)passphrase);
if (!dlgret) {
free(key);
return; /* operation cancelled */
}
} else
*passphrase = '\0';
ret = loadrsakey(filename, key, passphrase);
attempts++;
} while (ret == -1);
if (ret == 0) {
MessageBox(NULL, "Couldn't load public key.", APPNAME,
MB_OK | MB_ICONERROR);
free(key);
return;
}
if (add234(rsakeys, key) != key)
free(key); /* already present, don't waste RAM */
}
/*
* This is the main agent function that answers messages.
*/
void answer_msg(void *in, int inlen, void **out, int *outlen) {
unsigned char *ret;
unsigned char *p = in;
int type;
*out = NULL; /* default `no go' response */
/*
* Basic sanity checks. len >= 5, and len[0:4] holds len-4.
*/
if (inlen < 5 || GET_32BIT(p) != (unsigned long)(inlen-4))
return;
/*
* Get the message type.
*/
type = p[4];
p += 5;
switch (type) {
case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
/*
* Reply with SSH_AGENT_RSA_IDENTITIES_ANSWER.
*/
{
enum234 e;
struct RSAKey *key;
int len, nkeys;
/*
* Count up the number and length of keys we hold.
*/
len = nkeys = 0;
for (key = first234(rsakeys, &e); key; key = next234(&e)) {
nkeys++;
len += 4; /* length field */
len += ssh1_bignum_length(key->exponent);
len += ssh1_bignum_length(key->modulus);
len += 4 + strlen(key->comment);
}
/*
* Packet header is the obvious five bytes, plus four
* bytes for the key count.
*/
len += 5 + 4;
if ((ret = malloc(len)) != NULL) {
PUT_32BIT(ret, len-4);
ret[4] = SSH_AGENT_RSA_IDENTITIES_ANSWER;
PUT_32BIT(ret+5, nkeys);
p = ret + 5 + 4;
for (key = first234(rsakeys, &e); key; key = next234(&e)) {
PUT_32BIT(p, ssh1_bignum_bitcount(key->modulus));
p += 4;
p += ssh1_write_bignum(p, key->exponent);
p += ssh1_write_bignum(p, key->modulus);
PUT_32BIT(p, strlen(key->comment));
memcpy(p+4, key->comment, strlen(key->comment));
p += 4 + strlen(key->comment);
}
}
}
break;
case SSH_AGENTC_RSA_CHALLENGE:
/*
* Reply with either SSH_AGENT_RSA_RESPONSE or
* SSH_AGENT_FAILURE, depending on whether we have that key
* or not.
*/
{
struct RSAKey reqkey, *key;
Bignum challenge, response;
unsigned char response_source[48], response_md5[16];
struct MD5Context md5c;
int i, len;
p += 4;
p += ssh1_read_bignum(p, &reqkey.exponent);
p += ssh1_read_bignum(p, &reqkey.modulus);
p += ssh1_read_bignum(p, &challenge);
memcpy(response_source+32, p, 16); p += 16;
if (GET_32BIT(p) != 1 ||
(key = find234(rsakeys, &reqkey, NULL)) == NULL) {
freebn(reqkey.exponent);
freebn(reqkey.modulus);
freebn(challenge);
goto failure;
}
response = rsadecrypt(challenge, key);
for (i = 0; i < 32; i++)
response_source[i] = bignum_byte(response, 31-i);
MD5Init(&md5c);
MD5Update(&md5c, response_source, 48);
MD5Final(response_md5, &md5c);
memset(response_source, 0, 48); /* burn the evidence */
freebn(response); /* and that evidence */
freebn(challenge); /* yes, and that evidence */
freebn(reqkey.exponent); /* and free some memory ... */
freebn(reqkey.modulus); /* ... while we're at it. */
/*
* Packet is the obvious five byte header, plus sixteen
* bytes of MD5.
*/
len = 5 + 16;
if ((ret = malloc(len)) != NULL) {
PUT_32BIT(ret, len-4);
ret[4] = SSH_AGENT_RSA_RESPONSE;
memcpy(ret+5, response_md5, 16);
}
}
break;
#if 0 /* FIXME: implement these */
case SSH_AGENTC_ADD_RSA_IDENTITY:
/*
* Add to the list and return SSH_AGENT_SUCCESS, or
* SSH_AGENT_FAILURE if the key was malformed.
*/
break;
case SSH_AGENTC_REMOVE_RSA_IDENTITY:
/*
* Remove from the list and return SSH_AGENT_SUCCESS, or
* perhaps SSH_AGENT_FAILURE if it wasn't in the list to
* start with.
*/
break;
#endif
default:
failure:
/*
* Unrecognised message. Return SSH_AGENT_FAILURE.
*/
if ((ret = malloc(5)) != NULL) {
PUT_32BIT(ret, 1);
ret[4] = SSH_AGENT_FAILURE;
}
break;
}
if (ret) {
*out = ret;
*outlen = 4 + GET_32BIT(ret);
}
}
/*
* Key comparison function for the 2-3-4 tree of RSA keys.
*/
int cmpkeys(void *av, void *bv) {
struct RSAKey *a = (struct RSAKey *)av;
struct RSAKey *b = (struct RSAKey *)bv;
Bignum am, bm;
int alen, blen;
am = a->modulus;
bm = b->modulus;
/*
* Compare by length of moduli.
*/
alen = ssh1_bignum_bitcount(am);
blen = ssh1_bignum_bitcount(bm);
if (alen > blen) return +1; else if (alen < blen) return -1;
/*
* Now compare by moduli themselves.
*/
alen = (alen + 7) / 8; /* byte count */
while (alen-- > 0) {
int abyte, bbyte;
abyte = bignum_byte(am, alen);
bbyte = bignum_byte(bm, alen);
if (abyte > bbyte) return +1; else if (abyte < bbyte) return -1;
}
/*
* Give up.
*/
return 0;
}
static void error(char *s) {
MessageBox(hwnd, s, APPNAME, MB_OK | MB_ICONERROR);
}
/*
* Dialog-box function for the key list box.
*/
static int CALLBACK KeyListProc(HWND hwnd, UINT msg,
WPARAM wParam, LPARAM lParam) {
enum234 e;
struct RSAKey *key;
OPENFILENAME of;
char filename[FILENAME_MAX];
switch (msg) {
case WM_INITDIALOG:
for (key = first234(rsakeys, &e); key; key = next234(&e)) {
SendDlgItemMessage (hwnd, 100, LB_ADDSTRING,
0, (LPARAM) key->comment);
}
return 0;
case WM_COMMAND:
switch (LOWORD(wParam)) {
case IDOK:
case IDCANCEL:
keylist = NULL;
DestroyWindow(hwnd);
return 0;
case 101: /* add key */
if (HIWORD(wParam) == BN_CLICKED ||
HIWORD(wParam) == BN_DOUBLECLICKED) {
memset(&of, 0, sizeof(of));
#ifdef OPENFILENAME_SIZE_VERSION_400
of.lStructSize = OPENFILENAME_SIZE_VERSION_400;
#else
of.lStructSize = sizeof(of);
#endif
of.hwndOwner = hwnd;
of.lpstrFilter = "All Files\0*\0\0\0";
of.lpstrCustomFilter = NULL;
of.nFilterIndex = 1;
of.lpstrFile = filename; *filename = '\0';
of.nMaxFile = sizeof(filename);
of.lpstrFileTitle = NULL;
of.lpstrInitialDir = NULL;
of.lpstrTitle = "Select Public Key File";
of.Flags = 0;
if (GetOpenFileName(&of)) {
add_keyfile(filename);
}
SendDlgItemMessage(hwnd, 100, LB_RESETCONTENT, 0, 0);
for (key = first234(rsakeys, &e); key; key = next234(&e)) {
SendDlgItemMessage (hwnd, 100, LB_ADDSTRING,
0, (LPARAM) key->comment);
}
SendDlgItemMessage (hwnd, 100, LB_SETCURSEL, (WPARAM) -1, 0);
}
return 0;
case 102: /* remove key */
if (HIWORD(wParam) == BN_CLICKED ||
HIWORD(wParam) == BN_DOUBLECLICKED) {
int n = SendDlgItemMessage (hwnd, 100, LB_GETCURSEL, 0, 0);
if (n == LB_ERR || n == 0) {
MessageBeep(0);
break;
}
for (key = first234(rsakeys, &e); key; key = next234(&e))
if (n-- == 0)
break;
del234(rsakeys, key);
freersakey(key); free(key);
SendDlgItemMessage(hwnd, 100, LB_RESETCONTENT, 0, 0);
for (key = first234(rsakeys, &e); key; key = next234(&e)) {
SendDlgItemMessage (hwnd, 100, LB_ADDSTRING,
0, (LPARAM) key->comment);
}
SendDlgItemMessage (hwnd, 100, LB_SETCURSEL, (WPARAM) -1, 0);
}
return 0;
}
return 0;
case WM_CLOSE:
keylist = NULL;
DestroyWindow(hwnd);
return 0;
}
return 0;
}
static LRESULT CALLBACK WndProc (HWND hwnd, UINT message,
WPARAM wParam, LPARAM lParam) {
int ret;
static int menuinprogress;
switch (message) {
case WM_SYSTRAY:
if (lParam == WM_RBUTTONUP) {
POINT cursorpos;
GetCursorPos(&cursorpos);
PostMessage(hwnd, WM_SYSTRAY2, cursorpos.x, cursorpos.y);
}
break;
case WM_SYSTRAY2:
if (!menuinprogress) {
menuinprogress = 1;
SetForegroundWindow(hwnd);
ret = TrackPopupMenu(systray_menu,
TPM_RIGHTALIGN | TPM_BOTTOMALIGN |
TPM_RIGHTBUTTON,
wParam, lParam, 0, hwnd, NULL);
menuinprogress = 0;
}
break;
case WM_COMMAND:
case WM_SYSCOMMAND:
switch (wParam & ~0xF) { /* low 4 bits reserved to Windows */
case IDM_CLOSE:
SendMessage(hwnd, WM_CLOSE, 0, 0);
break;
case IDM_VIEWKEYS:
if (!keylist) {
keylist = CreateDialog (instance, MAKEINTRESOURCE(211),
NULL, KeyListProc);
ShowWindow (keylist, SW_SHOWNORMAL);
}
break;
}
break;
case WM_DESTROY:
PostQuitMessage (0);
return 0;
case WM_COPYDATA:
{
COPYDATASTRUCT *cds;
void *in, *out, *ret;
int inlen, outlen;
HANDLE filemap;
char mapname[64];
int id;
cds = (COPYDATASTRUCT *)lParam;
/*
* FIXME: use dwData somehow.
*/
in = cds->lpData;
inlen = cds->cbData;
answer_msg(in, inlen, &out, &outlen);
if (out) {
id = 0;
do {
sprintf(mapname, "PageantReply%08x", ++id);
filemap = CreateFileMapping(INVALID_HANDLE_VALUE,
NULL, PAGE_READWRITE,
0, outlen+sizeof(int),
mapname);
} while (filemap == INVALID_HANDLE_VALUE);
ret = MapViewOfFile(filemap, FILE_MAP_WRITE, 0, 0,
outlen+sizeof(int));
if (ret) {
*((int *)ret) = outlen;
memcpy(((int *)ret)+1, out, outlen);
UnmapViewOfFile(ret);
return id;
}
} else
return 0; /* invalid request */
}
break;
case WM_CLOSEMEM:
/*
* FIXME!
*/
break;
}
return DefWindowProc (hwnd, message, wParam, lParam);
}
int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show) {
WNDCLASS wndclass;
HANDLE mailslot;
MSG msg;
instance = inst;
if (!prev) {
wndclass.style = 0;
wndclass.lpfnWndProc = WndProc;
wndclass.cbClsExtra = 0;
wndclass.cbWndExtra = 0;
wndclass.hInstance = inst;
wndclass.hIcon = LoadIcon (inst,
MAKEINTRESOURCE(IDI_MAINICON));
wndclass.hCursor = LoadCursor (NULL, IDC_IBEAM);
wndclass.hbrBackground = GetStockObject (BLACK_BRUSH);
wndclass.lpszMenuName = NULL;
wndclass.lpszClassName = APPNAME;
RegisterClass (&wndclass);
}
hwnd = keylist = NULL;
hwnd = CreateWindow (APPNAME, APPNAME,
WS_OVERLAPPEDWINDOW | WS_VSCROLL,
CW_USEDEFAULT, CW_USEDEFAULT,
100, 100, NULL, NULL, inst, NULL);
/* Set up a system tray icon */
{
BOOL res;
NOTIFYICONDATA tnid;
HICON hicon;
#ifdef NIM_SETVERSION
tnid.uVersion = 0;
res = Shell_NotifyIcon(NIM_SETVERSION, &tnid);
#endif
tnid.cbSize = sizeof(NOTIFYICONDATA);
tnid.hWnd = hwnd;
tnid.uID = 1; /* unique within this systray use */
tnid.uFlags = NIF_MESSAGE | NIF_ICON | NIF_TIP;
tnid.uCallbackMessage = WM_SYSTRAY;
tnid.hIcon = hicon = LoadIcon (instance, MAKEINTRESOURCE(201));
strcpy(tnid.szTip, "Pageant (PuTTY authentication agent)");
res = Shell_NotifyIcon(NIM_ADD, &tnid);
if (hicon)
DestroyIcon(hicon);
systray_menu = CreatePopupMenu();
AppendMenu (systray_menu, MF_ENABLED, IDM_VIEWKEYS, "View Keys");
AppendMenu (systray_menu, MF_ENABLED, IDM_CLOSE, "Terminate");
}
ShowWindow (hwnd, SW_HIDE);
/*
* Create the mailslot.
*/
{
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
mailslot = CreateMailslot(MAILSLOTNAME, 0, 0, &sa);
}
/*
* Initialise storage for RSA keys.
*/
rsakeys = newtree234(cmpkeys);
while (GetMessage(&msg, NULL, 0, 0) == 1) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
/* Clean up the system tray icon */
{
NOTIFYICONDATA tnid;
tnid.cbSize = sizeof(NOTIFYICONDATA);
tnid.hWnd = hwnd;
tnid.uID = 1;
Shell_NotifyIcon(NIM_DELETE, &tnid);
DestroyMenu(systray_menu);
}
exit(msg.wParam);
}

BIN
pageant.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

31
pageant.rc Normal file
View File

@ -0,0 +1,31 @@
/* Some compilers, like Borland, don't have winresrc.h */
#ifndef NO_WINRESRC_H
#include <winresrc.h>
#endif
200 ICON "pageant.ico"
201 ICON "pageants.ico"
210 DIALOG DISCARDABLE 0, 0, 140, 60
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Pageant: Enter Passphrase"
FONT 8, "MS Sans Serif"
BEGIN
CTEXT "Enter passphrase for key", 100, 10, 6, 120, 8
CTEXT "", 101, 10, 16, 120, 8
EDITTEXT 102, 10, 26, 120, 12, ES_PASSWORD
DEFPUSHBUTTON "O&K", IDOK, 20, 42, 40, 14
PUSHBUTTON "&Cancel", IDCANCEL, 80, 42, 40, 14
END
211 DIALOG DISCARDABLE 0, 0, 300, 200
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Pageant Key List"
FONT 8, "MS Sans Serif"
BEGIN
LISTBOX 100, 10, 10, 280, 155,
LBS_HASSTRINGS | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "&Add Key", 101, 60, 162, 60, 14
PUSHBUTTON "&Remove Key", 102, 180, 162, 60, 14
DEFPUSHBUTTON "&Close", IDOK, 240, 182, 50, 14
END

167
pageantc.c Normal file
View File

@ -0,0 +1,167 @@
/*
* Pageant client code.
*/
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#ifdef TESTMODE
#define debug(x) (printf x)
#else
#define debug(x)
#endif
int agent_exists(void) {
HWND hwnd;
hwnd = FindWindow("Pageant", "Pageant");
if (!hwnd)
return FALSE;
else
return TRUE;
}
void agent_query(void *in, int inlen, void **out, int *outlen) {
#if 0
#define MAILSLOTNAME "\\\\.\\mailslot\\pageant_listener"
SECURITY_ATTRIBUTES sa;
HANDLE my_mailslot, agent_mailslot;
char name[64];
char *p;
DWORD msglen, byteswritten, bytesread, inid;
*out = NULL;
*outlen = 0;
agent_mailslot = CreateFile(MAILSLOTNAME, GENERIC_WRITE,
FILE_SHARE_READ, (LPSECURITY_ATTRIBUTES)NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
(HANDLE)NULL);
debug(("opened %s: %p\n", MAILSLOTNAME, agent_mailslot));
if (agent_mailslot == INVALID_HANDLE_VALUE)
return;
inid = GetCurrentThreadId();
inid--;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
do {
sprintf(name, "\\\\.\\mailslot\\pclient_request_%08x", ++inid);
/*
* Five-minute timeout.
*/
my_mailslot = CreateMailslot(name, 0, 0, &sa);
debug(("mailslot %s: %p\n", name, my_mailslot));
} while (my_mailslot == INVALID_HANDLE_VALUE);
Sleep(3000);
msglen = strlen(name) + 1 + inlen;
p = malloc(msglen);
if (!p) {
CloseHandle(my_mailslot);
CloseHandle(agent_mailslot);
return;
}
strcpy(p, name);
memcpy(p+strlen(p)+1, in, inlen);
debug(("ooh\n"));
if (WriteFile(agent_mailslot, p, msglen, &byteswritten, NULL) == 0) {
debug(("eek!\n"));
free(p);
CloseHandle(my_mailslot);
CloseHandle(agent_mailslot);
return;
}
debug(("aah\n"));
free(p);
CloseHandle(agent_mailslot);
WaitForSingleObject(my_mailslot, 3000000);
debug(("waited\n"));
if (!GetMailslotInfo(my_mailslot, NULL, &msglen, NULL, NULL)) {
CloseHandle(my_mailslot);
return;
}
if (msglen == MAILSLOT_NO_MESSAGE) {
debug(("no message\n"));
CloseHandle(my_mailslot);
return;
}
debug(("msglen=%d\n", msglen));
p = malloc(msglen);
if (!p) {
CloseHandle(my_mailslot);
return;
}
if (ReadFile(my_mailslot, p, msglen, &bytesread, NULL) == 0 &&
bytesread == msglen) {
*out = p;
*outlen = msglen;
}
CloseHandle(my_mailslot);
#endif
HWND hwnd;
char mapname[64];
HANDLE filemap;
void *p, *ret;
int id, retlen;
COPYDATASTRUCT cds;
*out = NULL;
*outlen = 0;
hwnd = FindWindow("Pageant", "Pageant");
debug(("hwnd is %p\n", hwnd));
if (!hwnd)
return;
cds.dwData = 0; /* FIXME */
cds.cbData = inlen;
cds.lpData = in;
id = SendMessage(hwnd, WM_COPYDATA, (WPARAM)NULL, (LPARAM)&cds);
debug(("return is %d\n", id));
if (id > 0) {
sprintf(mapname, "PageantReply%08x", id);
filemap = OpenFileMapping(FILE_MAP_READ, FALSE, mapname);
debug(("name is `%s', filemap is %p\n", mapname, filemap));
debug(("error is %d\n", GetLastError()));
if (filemap != NULL && filemap != INVALID_HANDLE_VALUE) {
p = MapViewOfFile(filemap, FILE_MAP_READ, 0, 0, 0);
debug(("p is %p\n", p));
if (p) {
retlen = *(int *)p;
debug(("len is %d\n", retlen));
ret = malloc(retlen);
if (ret) {
memcpy(ret, ((int *)p) + 1, retlen);
*out = ret;
*outlen = retlen;
}
UnmapViewOfFile(p);
}
CloseHandle(filemap);
}
/* FIXME: tell agent to close its handle too */
}
}
#ifdef TESTMODE
int main(void) {
void *msg;
int len;
int i;
agent_query("\0\0\0\1\1", 5, &msg, &len);
debug(("%d:", len));
for (i = 0; i < len; i++)
debug((" %02x", ((unsigned char *)msg)[i]));
debug(("\n"));
return 0;
}
#endif

BIN
pageants.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 318 B

6
putty.h
View File

@ -354,6 +354,12 @@ int crypto_startup();
void crypto_wrapup();
#endif
/*
* Exports from pageantc.c
*/
void agent_query(void *in, int inlen, void **out, int *outlen);
int agent_exists(void);
/*
* A debug system.
*/

122
ssh.c
View File

@ -51,6 +51,15 @@
#define SSH1_AUTH_TIS 5
#define SSH1_AUTH_CCARD 16
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
#define SSH_AGENTC_RSA_CHALLENGE 3
#define SSH_AGENT_RSA_RESPONSE 4
#define SSH_AGENT_FAILURE 5
#define SSH_AGENT_SUCCESS 6
#define SSH_AGENTC_ADD_RSA_IDENTITY 7
#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8
#define SSH2_MSG_DISCONNECT 1
#define SSH2_MSG_IGNORE 2
#define SSH2_MSG_UNIMPLEMENTED 3
@ -522,7 +531,6 @@ static void send_packet(int pkttype, ...)
unsigned long argint;
int pktlen, argtype, arglen;
Bignum bn;
int i;
pktlen = 0;
va_start(args, pkttype);
@ -548,10 +556,7 @@ static void send_packet(int pkttype, ...)
break;
case PKT_BIGNUM:
bn = va_arg(args, Bignum);
i = 16 * bn[0] - 1;
while ( i > 0 && (bn[i/16+1] >> (i%16)) == 0 )
i--;
pktlen += 2 + (i+7)/8;
pktlen += ssh1_bignum_length(bn);
break;
default:
assert(0);
@ -590,18 +595,7 @@ static void send_packet(int pkttype, ...)
break;
case PKT_BIGNUM:
bn = va_arg(args, Bignum);
i = 16 * bn[0] - 1;
while ( i > 0 && (bn[i/16+1] >> (i%16)) == 0 )
i--;
*p++ = (i >> 8) & 0xFF;
*p++ = i & 0xFF;
i = (i + 7) / 8;
while (i-- > 0) {
if (i % 2)
*p++ = bn[i/2+1] >> 8;
else
*p++ = bn[i/2+1] & 0xFF;
}
p += ssh1_write_bignum(p, bn);
break;
}
}
@ -1139,7 +1133,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
static char username[100];
static int pos = 0;
static char c;
if (!(flags & FLAG_CONNECTION) && !*cfg.username) {
if ((flags & FLAG_CONNECTION) && !*cfg.username) {
c_write("login as: ", 10);
while (pos >= 0) {
crWaitUntil(!ispkt);
@ -1208,6 +1202,98 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
* authentication.
*/
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
if (agent_exists()) {
/*
* Attempt RSA authentication using Pageant.
*/
static unsigned char request[5], *response, *p;
static int responselen;
static int i, nkeys;
static int authed = FALSE;
void *r;
logevent("Pageant is running. Requesting keys.");
/* Request the keys held by the agent. */
PUT_32BIT(request, 1);
request[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
agent_query(request, 5, &r, &responselen);
response = (unsigned char *)r;
if (response) {
p = response + 5;
nkeys = GET_32BIT(p); p += 4;
{ char buf[64]; sprintf(buf, "Pageant has %d keys", nkeys);
logevent(buf); }
for (i = 0; i < nkeys; i++) {
static struct RSAKey key;
static Bignum challenge;
{ char buf[64]; sprintf(buf, "Trying Pageant key #%d", i);
logevent(buf); }
p += 4;
p += ssh1_read_bignum(p, &key.exponent);
p += ssh1_read_bignum(p, &key.modulus);
send_packet(SSH1_CMSG_AUTH_RSA,
PKT_BIGNUM, key.modulus, PKT_END);
crWaitUntil(ispkt);
if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
logevent("Key refused");
continue;
}
logevent("Received RSA challenge");
ssh1_read_bignum(pktin.body, &challenge);
{
char *agentreq, *q, *ret;
int len, retlen;
len = 1 + 4; /* message type, bit count */
len += ssh1_bignum_length(key.exponent);
len += ssh1_bignum_length(key.modulus);
len += ssh1_bignum_length(challenge);
len += 16; /* session id */
len += 4; /* response format */
agentreq = malloc(4 + len);
PUT_32BIT(agentreq, len);
q = agentreq + 4;
*q++ = SSH_AGENTC_RSA_CHALLENGE;
PUT_32BIT(q, ssh1_bignum_bitcount(key.modulus));
q += 4;
q += ssh1_write_bignum(q, key.exponent);
q += ssh1_write_bignum(q, key.modulus);
q += ssh1_write_bignum(q, challenge);
memcpy(q, session_id, 16); q += 16;
PUT_32BIT(q, 1); /* response format */
agent_query(agentreq, len+4, &ret, &retlen);
free(agentreq);
if (ret) {
if (ret[4] == SSH_AGENT_RSA_RESPONSE) {
logevent("Sending Pageant's response");
send_packet(SSH1_CMSG_AUTH_RSA_RESPONSE,
PKT_DATA, ret+5, 16, PKT_END);
free(ret);
crWaitUntil(ispkt);
if (pktin.type == SSH1_SMSG_SUCCESS) {
logevent("Pageant's response accepted");
authed = TRUE;
} else
logevent("Pageant's response not accepted");
} else {
logevent("Pageant failed to answer challenge");
free(ret);
}
} else {
logevent("No reply received from Pageant");
}
}
freebn(key.exponent);
freebn(key.modulus);
freebn(challenge);
if (authed)
break;
}
}
if (authed)
break;
}
if (*cfg.keyfile && !tried_publickey)
pwpkt_type = SSH1_CMSG_AUTH_RSA;

8
ssh.h
View File

@ -36,6 +36,7 @@ struct RSAKey {
Bignum exponent;
Bignum private_exponent;
#endif
char *comment;
};
int makekey(unsigned char *data, struct RSAKey *result,
@ -47,6 +48,7 @@ void rsasign(unsigned char *data, int length, struct RSAKey *key);
void rsasanitise(struct RSAKey *key);
int rsastr_len(struct RSAKey *key);
void rsastr_fmt(char *str, struct RSAKey *key);
void freersakey(struct RSAKey *key);
typedef unsigned int word32;
typedef unsigned int uint32;
@ -145,6 +147,10 @@ void modmul(Bignum a, Bignum b, Bignum mod, Bignum result);
void decbn(Bignum n);
extern Bignum Zero, One;
int ssh1_read_bignum(unsigned char *data, Bignum *result);
int ssh1_bignum_bitcount(Bignum bn);
int ssh1_bignum_length(Bignum bn);
int bignum_byte(Bignum bn, int i);
int ssh1_write_bignum(void *data, Bignum bn);
Bignum dh_create_e(void);
Bignum dh_find_K(Bignum f);
@ -153,4 +159,4 @@ int loadrsakey(char *filename, struct RSAKey *key, char *passphrase);
int rsakey_encrypted(char *filename);
void des3_decrypt_pubkey(unsigned char *key,
unsigned char *blk, int len);
unsigned char *blk, int len);

47
sshbn.c
View File

@ -340,3 +340,50 @@ int ssh1_read_bignum(unsigned char *data, Bignum *result) {
return p - data;
}
/*
* Return the bit count of a bignum, for ssh1 encoding.
*/
int ssh1_bignum_bitcount(Bignum bn) {
int bitcount = bn[0] * 16 - 1;
while (bitcount >= 0 && (bn[bitcount/16+1] >> (bitcount % 16)) == 0)
bitcount--;
return bitcount + 1;
}
/*
* Return the byte length of a bignum when ssh1 encoded.
*/
int ssh1_bignum_length(Bignum bn) {
return 2 + (ssh1_bignum_bitcount(bn)+7)/8;
}
/*
* Return a byte from a bignum; 0 is least significant, etc.
*/
int bignum_byte(Bignum bn, int i) {
if (i >= 2*bn[0])
return 0; /* beyond the end */
else if (i & 1)
return (bn[i/2+1] >> 8) & 0xFF;
else
return (bn[i/2+1] ) & 0xFF;
}
/*
* Write a ssh1-format bignum into a buffer. It is assumed the
* buffer is big enough. Returns the number of bytes used.
*/
int ssh1_write_bignum(void *data, Bignum bn) {
unsigned char *p = data;
int len = ssh1_bignum_length(bn);
int i;
int bitc = ssh1_bignum_bitcount(bn);
*p++ = (bitc >> 8) & 0xFF;
*p++ = (bitc ) & 0xFF;
for (i = len-2; i-- ;)
*p++ = bignum_byte(bn, i);
return len;
}

14
sshpubk.c
View File

@ -67,10 +67,14 @@ int loadrsakey(char *filename, struct RSAKey *key, char *passphrase) {
/* Next, the comment field. */
j = GET_32BIT(buf+i);
if (len-i < 4+j) goto end; i += 4+j;
/*
* FIXME: might need to use this string.
*/
i += 4;
if (len-i < j) goto end;
key->comment = malloc(j+1);
if (key->comment) {
memcpy(key->comment, buf+i, j);
key->comment[j] = '\0';
}
i += j;
/*
* Decrypt remainder of buffer.
@ -80,7 +84,7 @@ int loadrsakey(char *filename, struct RSAKey *key, char *passphrase) {
MD5Update(&md5c, passphrase, strlen(passphrase));
MD5Final(keybuf, &md5c);
des3_decrypt_pubkey(keybuf, buf+i, (len-i+7)&~7);
memset(keybuf, 0, sizeof(buf)); /* burn the evidence */
memset(keybuf, 0, sizeof(keybuf)); /* burn the evidence */
}
/*

7
sshrsa.c
View File

@ -156,6 +156,13 @@ void rsastr_fmt(char *str, struct RSAKey *key) {
str[len] = '\0';
}
void freersakey(struct RSAKey *key) {
if (key->modulus) freebn(key->modulus);
if (key->exponent) freebn(key->exponent);
if (key->private_exponent) freebn(key->private_exponent);
if (key->comment) free(key->comment);
}
#ifdef TESTMODE
#ifndef NODDY