1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
/*
* Windows implementation of SSH connection-sharing IPC setup.
*/
#include <stdio.h>
#include <assert.h>
#if !defined NO_SECURITY
#define DEFINE_PLUG_METHOD_MACROS
#include "tree234.h"
#include "putty.h"
#include "network.h"
#include "proxy.h"
#include "ssh.h"
#include "winsecur.h"
#define CONNSHARE_PIPE_PREFIX "\\\\.\\pipe\\putty-connshare"
#define CONNSHARE_MUTEX_PREFIX "Local\\putty-connshare-mutex"
static char *obfuscate_name(const char *realname)
{
/*
* Windows's named pipes all live in the same namespace, so one
* user can see what pipes another user has open. This is an
* undesirable privacy leak and in particular permits one user to
* know what username@host another user is SSHing to, so we
* protect that information by using CryptProtectMemory (which
* uses a key built in to each user's account).
*/
char *cryptdata;
int cryptlen;
SHA256_State sha;
unsigned char lenbuf[4];
unsigned char digest[32];
char retbuf[65];
int i;
cryptlen = strlen(realname) + 1;
cryptlen += CRYPTPROTECTMEMORY_BLOCK_SIZE - 1;
cryptlen /= CRYPTPROTECTMEMORY_BLOCK_SIZE;
cryptlen *= CRYPTPROTECTMEMORY_BLOCK_SIZE;
cryptdata = snewn(cryptlen, char);
memset(cryptdata, 0, cryptlen);
strcpy(cryptdata, realname);
/*
* CRYPTPROTECTMEMORY_CROSS_PROCESS causes CryptProtectMemory to
* use the same key in all processes with this user id, meaning
* that the next PuTTY process calling this function with the same
* input will get the same data.
*
* (Contrast with CryptProtectData, which invents a new session
* key every time since its API permits returning more data than
* was input, so calling _that_ and hashing the output would not
* be stable.)
*
* We don't worry too much if this doesn't work for some reason.
* Omitting this step still has _some_ privacy value (in that
* another user can test-hash things to confirm guesses as to
* where you might be connecting to, but cannot invert SHA-256 in
* the absence of any plausible guess). So we don't abort if we
* can't call CryptProtectMemory at all, or if it fails.
*/
if (got_crypt())
p_CryptProtectMemory(cryptdata, cryptlen,
CRYPTPROTECTMEMORY_CROSS_PROCESS);
/*
* We don't want to give away the length of the hostname either,
* so having got it back out of CryptProtectMemory we now hash it.
*/
SHA256_Init(&sha);
PUT_32BIT_MSB_FIRST(lenbuf, cryptlen);
SHA256_Bytes(&sha, lenbuf, 4);
SHA256_Bytes(&sha, cryptdata, cryptlen);
SHA256_Final(&sha, digest);
sfree(cryptdata);
/*
* Finally, make printable.
*/
for (i = 0; i < 32; i++) {
sprintf(retbuf + 2*i, "%02x", digest[i]);
/* the last of those will also write the trailing NUL */
}
return dupstr(retbuf);
}
static char *make_name(const char *prefix, const char *name)
{
char *username, *retname;
username = get_username();
retname = dupprintf("%s.%s.%s", prefix, username, name);
sfree(username);
return retname;
}
Socket new_named_pipe_client(const char *pipename, Plug plug);
Socket new_named_pipe_listener(const char *pipename, Plug plug);
int platform_ssh_share(const char *pi_name, Conf *conf,
Plug downplug, Plug upplug, Socket *sock,
char **logtext, char **ds_err, char **us_err,
int can_upstream, int can_downstream)
{
char *name, *mutexname, *pipename;
HANDLE mutex;
Socket retsock;
PSECURITY_DESCRIPTOR psd;
PACL acl;
/*
* Transform the platform-independent version of the connection
* identifier into the obfuscated version we'll use for our
* Windows named pipe and mutex. A side effect of doing this is
* that it also eliminates any characters illegal in Windows pipe
* names.
*/
name = obfuscate_name(pi_name);
if (!name) {
*logtext = dupprintf("Unable to call CryptProtectMemory: %s",
win_strerror(GetLastError()));
return SHARE_NONE;
}
/*
* Make a mutex name out of the connection identifier, and lock it
* while we decide whether to be upstream or downstream.
*/
{
SECURITY_ATTRIBUTES sa;
mutexname = make_name(CONNSHARE_MUTEX_PREFIX, name);
if (!make_private_security_descriptor(MUTEX_ALL_ACCESS,
&psd, &acl, logtext)) {
sfree(mutexname);
return SHARE_NONE;
}
memset(&sa, 0, sizeof(sa));
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = psd;
sa.bInheritHandle = FALSE;
mutex = CreateMutex(&sa, FALSE, mutexname);
if (!mutex) {
*logtext = dupprintf("CreateMutex(\"%s\") failed: %s",
mutexname, win_strerror(GetLastError()));
sfree(mutexname);
LocalFree(psd);
LocalFree(acl);
return SHARE_NONE;
}
sfree(mutexname);
LocalFree(psd);
LocalFree(acl);
WaitForSingleObject(mutex, INFINITE);
}
pipename = make_name(CONNSHARE_PIPE_PREFIX, name);
*logtext = NULL;
if (can_downstream) {
retsock = new_named_pipe_client(pipename, downplug);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = pipename;
*sock = retsock;
sfree(name);
ReleaseMutex(mutex);
CloseHandle(mutex);
return SHARE_DOWNSTREAM;
}
sfree(*ds_err);
*ds_err = dupprintf("%s: %s", pipename, sk_socket_error(retsock));
sk_close(retsock);
}
if (can_upstream) {
retsock = new_named_pipe_listener(pipename, upplug);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = pipename;
*sock = retsock;
sfree(name);
ReleaseMutex(mutex);
CloseHandle(mutex);
return SHARE_UPSTREAM;
}
sfree(*us_err);
*us_err = dupprintf("%s: %s", pipename, sk_socket_error(retsock));
sk_close(retsock);
}
/* One of the above clauses ought to have happened. */
assert(*logtext || *ds_err || *us_err);
sfree(pipename);
sfree(name);
ReleaseMutex(mutex);
CloseHandle(mutex);
return SHARE_NONE;
}
void platform_ssh_share_cleanup(const char *name)
{
}
#else /* !defined NO_SECURITY */
#include "noshare.c"
#endif /* !defined NO_SECURITY */
|