Initial experiment for NamedPipe on Windows.

Signed-off-by: NIIBE Yutaka <[email protected]>
author: NIIBE Yutaka <[email protected]> 2022-07-27 04:12:02 +0000
committer: NIIBE Yutaka <[email protected]> 2022-07-27 04:12:02 +0000
commit: f057a71e7fbb98b2bc42c6e3738ae0c886bf13b6 (patch)
tree: 81562a264d517630f039c07612749336c354cad8
parent: doc: Minor typo fix (diff)
download: gnupg-f057a71e7fbb98b2bc42c6e3738ae0c886bf13b6.tar.gz
gnupg-f057a71e7fbb98b2bc42c6e3738ae0c886bf13b6.zip
1 files changed, 97 insertions, 0 deletions
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 7194e020a..5f7431edd 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -140,6 +140,7 @@ enum cmd_and_opt_values
   oSSHSupport,
   oSSHFingerprintDigest,
   oPuttySupport,
+  oWin32OpenSSHSupport,
   oDisableScdaemon,
   oDisableCheckOwnSocket,
   oS2KCount,
@@ -229,6 +230,13 @@ static gpgrt_opt_t opts[] = {
                 /* */           "@"
 #endif
                 ),
+  ARGPARSE_s_n (oWin32OpenSSHSupport, "enable-win32-openssh-support",
+#ifdef HAVE_W32_SYSTEM
+                /* */           N_("enable Win32-OpenSSH support")
+#else
+                /* */           "@"
+#endif
+                ),
   ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),
   ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
   ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
@@ -357,6 +365,9 @@ static int putty_support;
    value.  Putty currently (0.62) uses 8k, thus 16k should be enough
    for the foreseeable future.  */
 #define PUTTY_IPC_MAXLEN 16384
+
+/* Flag indicating that support for Win32-OpenSSH has been enabled.  */
+static int win32_openssh_support;
 #endif /*HAVE_W32_SYSTEM*/
 
 /* The list of open file descriptors at startup.  Note that this list
@@ -1289,6 +1300,12 @@ main (int argc, char **argv)
 #        endif
           break;
 
+        case oWin32OpenSSHSupport:
+#        ifdef HAVE_W32_SYSTEM
+          win32_openssh_support = 1;
+#        endif
+          break;
+
         case oExtraSocket:
           opt.extra_socket = 1;  /* (1 = points into argv)  */
           socket_name_extra = pargs.r.ret_str;
@@ -2745,6 +2762,75 @@ putty_message_thread (void *arg)
     log_info ("putty message loop thread stopped\n");
   return NULL;
 }
+
+/* FIXME: it would be good to be specified by an option.  */
+#define AGENT_PIPE_NAME "\\\\.\\pipe\\openssh-ssh-agent"
+/* FIXME: Don't know exact semantics, but copied from Win32-Openssh */
+#define SDDL_STR "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"
+
+/* The thread handling Win32-OpenSSH requests through NamedPipe.  */
+static void *
+win32_openssh_thread (void *arg)
+{
+  HANDLE pipe;
+  SECURITY_ATTRIBUTES sa;
+  const char *;
+
+  (void)arg;
+
+  if (opt.verbose)
+    log_info ("Win32-OpenSSH thread started\n");
+
+  memset(&sa, 0, sizeof (SECURITY_ATTRIBUTES));
+  sa.nLength = sizeof (sa);
+  if (!ConvertStringSecurityDescriptorToSecurityDescriptorA (SDDL_STR, SDDL_REVISION_1,
+                                                             &sa.lpSecurityDescriptor, &sa.nLength))
+    {
+      log_error ("cannot convert sddl: %d\n", GetLastError ());
+      return NULL;
+    }
+
+  sa.bInheritHandle = FALSE;
+
+  while (1)
+    {
+      /* The message loop runs as thread independent from our nPth system.
+         This also means that we need to make sure that we switch back to
+         our system before calling any no-windows function.  */
+      npth_unprotect ();
+
+      pipe = CreateNamedPipeW (AGENT_PIPE_NAME,
+                               PIPE_ACCESS_DUPLEX, // | FILE_FLAG_OVERLAPPED
+                               PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
+                               PIPE_UNLIMITED_INSTANCES,
+                               BUFSIZE, BUFSIZE, 0, &sa);
+
+      if (pipe == INVALID_HANDLE_VALUE)
+        {
+          log_error ("cannot create pipe: %d\n", GetLastError());
+          break;
+        }
+
+      if (ConnectNamedPipe (pipe, NULL) != FALSE)
+        {
+          CloseHandle (pipe);
+          npth_protect ();
+          log_error ("ConnectNamedPipe returned TRUE unexpectedly\n");
+          return NULL;
+        }
+
+      /* FIXME: Here, handle the requests from ssh client */
+
+      CloseHandle (pipe);
+    }
+
+  /* Back to nPth.  */
+  npth_protect ();
+
+  if (opt.verbose)
+    log_info ("Win32-OpenSSH thread stopped\n");
+  return NULL;
+}
 #endif /*HAVE_W32_SYSTEM*/
 
 
@@ -2941,6 +3027,17 @@ handle_connections (gnupg_fd_t listen_fd,
           log_error ("error spawning putty message loop: %s\n", strerror (ret));
         }
     }
+
+  if (win32_openssh_support)
+    {
+      npth_t thread;
+
+      ret = npth_create (&thread, &tattr, win32_openssh_thread, NULL);
+      if (ret)
+        {
+          log_error ("error spawning Win32-OpenSSH loop: %s\n", strerror (ret));
+        }
+    }
 #endif /*HAVE_W32_SYSTEM*/
 
   /* Set a flag to tell call-scd.c that it may enable event
author	NIIBE Yutaka <[email protected]>	2022-07-27 04:12:02 +0000
committer	NIIBE Yutaka <[email protected]>	2022-07-27 04:12:02 +0000
commit	f057a71e7fbb98b2bc42c6e3738ae0c886bf13b6 (patch)
tree	81562a264d517630f039c07612749336c354cad8
parent	doc: Minor typo fix (diff)
download	gnupg-f057a71e7fbb98b2bc42c6e3738ae0c886bf13b6.tar.gz gnupg-f057a71e7fbb98b2bc42c6e3738ae0c886bf13b6.zip