if RUBY_VERSION < "1.9" require 'dl/import' require 'dl/struct' elsif RUBY_VERSION < "2.1" require 'dl/import' require 'dl/types' require 'dl' else require 'fiddle' require 'fiddle/types' require 'fiddle/import' # For now map DL to Fiddler versus updating all the code below module DL CPtr ||= Fiddle::Pointer if RUBY_PLATFORM != "java" RUBY_FREE ||= Fiddle::RUBY_FREE end end end require 'net/ssh/errors' module Net module SSH module Authentication # This module encapsulates the implementation of a socket factory that # uses the PuTTY "pageant" utility to obtain information about SSH # identities. # # This code is a slightly modified version of the original implementation # by Guillaume Marçais (guillaume.marcais@free.fr). It is used and # relicensed by permission. module Pageant # From Putty pageant.c AGENT_MAX_MSGLEN = 8192 AGENT_COPYDATA_ID = 0x804e50ba # The definition of the Windows methods and data structures used in # communicating with the pageant process. module Win # rubocop:disable Metrics/ModuleLength # Compatibility on initialization if RUBY_VERSION < "1.9" extend DL::Importable dlload 'user32.dll' dlload 'kernel32.dll' dlload 'advapi32.dll' SIZEOF_DWORD = DL.sizeof('L') elsif RUBY_VERSION < "2.1" extend DL::Importer dlload 'user32.dll','kernel32.dll', 'advapi32.dll' include DL::Win32Types SIZEOF_DWORD = DL::SIZEOF_LONG else extend Fiddle::Importer dlload 'user32.dll','kernel32.dll', 'advapi32.dll' include Fiddle::Win32Types SIZEOF_DWORD = Fiddle::SIZEOF_LONG end if RUBY_ENGINE == "jruby" typealias("HANDLE", "void *") # From winnt.h typealias("PHANDLE", "void *") # From winnt.h typealias("ULONG_PTR", "unsigned long*") end typealias("LPCTSTR", "char *") # From winnt.h typealias("LPVOID", "void *") # From winnt.h typealias("LPCVOID", "const void *") # From windef.h typealias("LRESULT", "long") # From windef.h typealias("WPARAM", "unsigned int *") # From windef.h typealias("LPARAM", "long *") # From windef.h typealias("PDWORD_PTR", "long *") # From basetsd.h typealias("USHORT", "unsigned short") # From windef.h # From winbase.h, winnt.h INVALID_HANDLE_VALUE = -1 NULL = nil PAGE_READWRITE = 0x0004 FILE_MAP_WRITE = 2 WM_COPYDATA = 74 SMTO_NORMAL = 0 # From winuser.h SUFFIX = if RUBY_ENGINE == "jruby" "A" else "" end # args: lpClassName, lpWindowName extern "HWND FindWindow#{SUFFIX}(LPCTSTR, LPCTSTR)" # args: none extern 'DWORD GetCurrentThreadId()' # args: hFile, (ignored), flProtect, dwMaximumSizeHigh, # dwMaximumSizeLow, lpName extern "HANDLE CreateFileMapping#{SUFFIX}(HANDLE, void *, DWORD, " + "DWORD, DWORD, LPCTSTR)" # args: hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, # dwfileOffsetLow, dwNumberOfBytesToMap extern 'LPVOID MapViewOfFile(HANDLE, DWORD, DWORD, DWORD, DWORD)' # args: lpBaseAddress extern 'BOOL UnmapViewOfFile(LPCVOID)' # args: hObject extern 'BOOL CloseHandle(HANDLE)' # args: hWnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult extern "LRESULT SendMessageTimeout#{SUFFIX}(HWND, UINT, WPARAM, LPARAM, " + "UINT, UINT, PDWORD_PTR)" # args: none extern 'DWORD GetLastError()' # args: none extern 'HANDLE GetCurrentProcess()' # args: hProcessHandle, dwDesiredAccess, (out) phNewTokenHandle extern 'BOOL OpenProcessToken(HANDLE, DWORD, PHANDLE)' # args: hTokenHandle, uTokenInformationClass, # (out) lpTokenInformation, dwTokenInformationLength # (out) pdwInfoReturnLength extern 'BOOL GetTokenInformation(HANDLE, UINT, LPVOID, DWORD, ' + 'PDWORD)' # args: (out) lpSecurityDescriptor, dwRevisionLevel extern 'BOOL InitializeSecurityDescriptor(LPVOID, DWORD)' # args: (out) lpSecurityDescriptor, lpOwnerSid, bOwnerDefaulted extern 'BOOL SetSecurityDescriptorOwner(LPVOID, LPVOID, BOOL)' # args: pSecurityDescriptor extern 'BOOL IsValidSecurityDescriptor(LPVOID)' # Constants needed for security attribute retrieval. # Specifies the access mask corresponding to the desired access # rights. TOKEN_QUERY = 0x8 # The value of TOKEN_USER from the TOKEN_INFORMATION_CLASS enum. TOKEN_USER_INFORMATION_CLASS = 1 # The initial revision level assigned to the security descriptor. REVISION = 1 # Structs for security attribute functions. # Holds the retrieved user access token. TOKEN_USER = struct ['void * SID', 'DWORD ATTRIBUTES'] # Contains the security descriptor, this gets passed to the # function that constructs the shared memory map. SECURITY_ATTRIBUTES = struct ['DWORD nLength', 'LPVOID lpSecurityDescriptor', 'BOOL bInheritHandle'] # The security descriptor holds security information. SECURITY_DESCRIPTOR = struct ['UCHAR Revision', 'UCHAR Sbz1', 'USHORT Control', 'LPVOID Owner', 'LPVOID Group', 'LPVOID Sacl', 'LPVOID Dacl'] # The COPYDATASTRUCT is used to send WM_COPYDATA messages COPYDATASTRUCT = if RUBY_ENGINE == "jruby" struct ['ULONG_PTR dwData', 'DWORD cbData', 'LPVOID lpData'] else struct ['uintptr_t dwData', 'DWORD cbData', 'LPVOID lpData'] end # Compatibility for security attribute retrieval. if RUBY_VERSION < "1.9" # Alias functions to > 1.9 capitalization %w[findWindow getCurrentProcess initializeSecurityDescriptor setSecurityDescriptorOwner isValidSecurityDescriptor openProcessToken getTokenInformation getLastError getCurrentThreadId createFileMapping mapViewOfFile sendMessageTimeout unmapViewOfFile closeHandle].each do |name| new_name = name[0].chr.upcase + name[1..name.length] alias_method new_name, name module_function new_name end def self.malloc_ptr(size) return DL.malloc(size) end def self.get_ptr(data) return data.to_ptr end def self.set_ptr_data(ptr, data) ptr[0] = data end elsif RUBY_ENGINE == "jruby" %w[FindWindow CreateFileMapping SendMessageTimeout].each do |name| alias_method name, name + "A" module_function name end # :nodoc: module LibC extend FFI::Library ffi_lib FFI::Library::LIBC attach_function :malloc, [:size_t], :pointer attach_function :free, [:pointer], :void end def self.malloc_ptr(size) Fiddle::Pointer.new(LibC.malloc(size), size, LibC.method(:free)) end def self.get_ptr(ptr) return data.address end def self.set_ptr_data(ptr, data) ptr.write_string_length(data, data.size) end else def self.malloc_ptr(size) return DL::CPtr.malloc(size, DL::RUBY_FREE) end def self.get_ptr(data) return DL::CPtr.to_ptr data end def self.set_ptr_data(ptr, data) DL::CPtr.new(ptr)[0,data.size] = data end end def self.get_security_attributes_for_user user = get_current_user psd_information = malloc_ptr(Win::SECURITY_DESCRIPTOR.size) raise_error_if_zero( Win.InitializeSecurityDescriptor(psd_information, Win::REVISION) ) raise_error_if_zero( Win.SetSecurityDescriptorOwner(psd_information, get_sid_ptr(user), 0) ) raise_error_if_zero( Win.IsValidSecurityDescriptor(psd_information) ) sa = Win::SECURITY_ATTRIBUTES.new(to_struct_ptr(malloc_ptr(Win::SECURITY_ATTRIBUTES.size))) sa.nLength = Win::SECURITY_ATTRIBUTES.size sa.lpSecurityDescriptor = psd_information.to_i sa.bInheritHandle = 1 return sa end if RUBY_ENGINE == "jruby" def self.ptr_to_s(ptr, size) ret = ptr.to_s(size) ret << "\x00" while ret.size < size ret end def self.ptr_to_handle(phandle) phandle.ptr end def self.ptr_to_dword(ptr) first = ptr.ptr.to_i second = ptr_to_s(ptr,Win::SIZEOF_DWORD).unpack('L')[0] raise "Error" unless first == second first end def self.to_token_user(ptoken_information) TOKEN_USER.new(ptoken_information.to_ptr) end def self.to_struct_ptr(ptr) ptr.to_ptr end def self.get_sid(user) ptr_to_s(user.to_ptr.ptr,Win::SIZEOF_DWORD).unpack('L')[0] end def self.get_sid_ptr(user) user.to_ptr.ptr end else def self.get_sid(user) user.SID end def self.ptr_to_handle(phandle) phandle.ptr.to_i end def self.to_struct_ptr(ptr) ptr end def self.ptr_to_dword(ptr) ptr.to_s(Win::SIZEOF_DWORD).unpack('L')[0] end def self.to_token_user(ptoken_information) TOKEN_USER.new(ptoken_information) end def self.get_sid_ptr(user) user.SID end end def self.get_current_user token_handle = open_process_token(Win.GetCurrentProcess, Win::TOKEN_QUERY) token_user = get_token_information(token_handle, Win::TOKEN_USER_INFORMATION_CLASS) return token_user end def self.open_process_token(process_handle, desired_access) ptoken_handle = malloc_ptr(Win::SIZEOF_DWORD) raise_error_if_zero( Win.OpenProcessToken(process_handle, desired_access, ptoken_handle) ) token_handle = ptr_to_handle(ptoken_handle) return token_handle end def self.get_token_information(token_handle, token_information_class) # Hold the size of the information to be returned preturn_length = malloc_ptr(Win::SIZEOF_DWORD) # Going to throw an INSUFFICIENT_BUFFER_ERROR, but that is ok # here. This is retrieving the size of the information to be # returned. Win.GetTokenInformation(token_handle, token_information_class, Win::NULL, 0, preturn_length) ptoken_information = malloc_ptr(ptr_to_dword(preturn_length)) # This call is going to write the requested information to # the memory location referenced by token_information. raise_error_if_zero( Win.GetTokenInformation(token_handle, token_information_class, ptoken_information, ptoken_information.size, preturn_length) ) return to_token_user(ptoken_information) end def self.raise_error_if_zero(result) if result == 0 raise "Windows error: #{Win.GetLastError}" end end # Get a null-terminated string given a string. def self.get_cstr(str) return str + "\000" end end # This is the pseudo-socket implementation that mimics the interface of # a socket, translating each request into a Windows messaging call to # the pageant daemon. This allows pageant support to be implemented # simply by replacing the socket factory used by the Agent class. class Socket private_class_method :new # The factory method for creating a new Socket instance. def self.open new end # Create a new instance that communicates with the running pageant # instance. If no such instance is running, this will cause an error. def initialize @win = Win.FindWindow("Pageant", "Pageant") if @win.to_i == 0 raise Net::SSH::Exception, "pageant process not running" end @input_buffer = Net::SSH::Buffer.new @output_buffer = Net::SSH::Buffer.new end # Forwards the data to #send_query, ignoring any arguments after # the first. def send(data, *args) @input_buffer.append(data) ret = data.length while true return ret if @input_buffer.length < 4 msg_length = @input_buffer.read_long + 4 @input_buffer.reset! return ret if @input_buffer.length < msg_length msg = @input_buffer.read!(msg_length) @output_buffer.append(send_query(msg)) end end # Reads +n+ bytes from the cached result of the last query. If +n+ # is +nil+, returns all remaining data from the last query. def read(n = nil) @output_buffer.read(n) end def close; end # Packages the given query string and sends it to the pageant # process via the Windows messaging subsystem. The result is # cached, to be returned piece-wise when #read is called. def send_query(query) res = nil filemap = 0 ptr = nil id = Win.malloc_ptr(Win::SIZEOF_DWORD) mapname = "PageantRequest%08x" % Win.GetCurrentThreadId() security_attributes = Win.get_ptr Win.get_security_attributes_for_user filemap = Win.CreateFileMapping(Win::INVALID_HANDLE_VALUE, security_attributes, Win::PAGE_READWRITE, 0, AGENT_MAX_MSGLEN, mapname) if filemap == 0 || filemap == Win::INVALID_HANDLE_VALUE raise Net::SSH::Exception, "Creation of file mapping failed with error: #{Win.GetLastError}" end ptr = Win.MapViewOfFile(filemap, Win::FILE_MAP_WRITE, 0, 0, 0) if ptr.nil? || ptr.null? raise Net::SSH::Exception, "Mapping of file failed" end Win.set_ptr_data(ptr, query) # using struct to achieve proper alignment and field size on 64-bit platform cds = Win::COPYDATASTRUCT.new(Win.malloc_ptr(Win::COPYDATASTRUCT.size)) cds.dwData = AGENT_COPYDATA_ID cds.cbData = mapname.size + 1 cds.lpData = Win.get_cstr(mapname) succ = Win.SendMessageTimeout(@win, Win::WM_COPYDATA, Win::NULL, cds.to_ptr, Win::SMTO_NORMAL, 5000, id) if succ > 0 retlen = 4 + ptr.to_s(4).unpack("N")[0] res = ptr.to_s(retlen) else raise Net::SSH::Exception, "Message failed with error: #{Win.GetLastError}" end return res ensure Win.UnmapViewOfFile(ptr) unless ptr.nil? || ptr.null? Win.CloseHandle(filemap) if filemap != 0 end end end end end end