Merge branch 'latestw_all' into sync-with-upstream-2

contrib/win32/install/client.wxs

@@ -3,7 +3,6 @@
         <!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
         <ComponentGroup Id="Client" Directory="INSTALLFOLDER">
             <ComponentGroupRef Id="Shared" />
-            <ComponentGroupRef Id="Manifest" />
             <Component>
                 <File Name="ssh.exe" KeyPath="yes" />
             </Component>

contrib/win32/install/product.wxs

@@ -38,11 +38,7 @@
 
         <Directory Id="TARGETDIR" Name="SourceDir">
             <Directory Id="$(var.ProgramFilesFolder)" Name="Program Files">
-                <Directory Id="INSTALLFOLDER" Name="OpenSSH" >
-                    <Directory Id="MANIFESTFOLDER" Name="_manifest" >
-                        <Directory Id="SPDXFOLDER" Name="spdx_2.2" />
-                    </Directory>
-                </Directory>
+                <Directory Id="INSTALLFOLDER" Name="OpenSSH" />
             </Directory>
         </Directory>
     </Product>

contrib/win32/install/server.wxs

@@ -3,7 +3,6 @@
         <!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
         <ComponentGroup Id="Server" Directory="INSTALLFOLDER">
             <ComponentGroupRef Id="Shared" />
-            <ComponentGroupRef Id="Manifest" />
             <Component>
                 <File Name="sftp-server.exe" KeyPath="yes" />
             </Component>

contrib/win32/install/shared.wxs

@@ -70,15 +70,6 @@
             </Component>
         </ComponentGroup>
 
-        <ComponentGroup Id="Manifest" Directory="SPDXFOLDER">
-             <Component>
-                <File Name="manifest.spdx.json" Source="_manifest\spdx_2.2\manifest.spdx.json" KeyPath="yes" />
-            </Component>
-            <Component>
-                <File Name="manifest.spdx.json.sha256" Source="_manifest\spdx_2.2\manifest.spdx.json.sha256" KeyPath="yes" />
-            </Component>
-        </ComponentGroup>
-
         <!-- Automatically add custom actions if referencing the Shared component group. -->
         <SetProperty Id="SetPrivilegesOnSshAgent" Value="&quot;[SystemFolder]sc.exe&quot; privs ssh-agent SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege" Sequence="execute" Before="SetPrivilegesOnSshAgent" />
         <CustomAction Id="SetPrivilegesOnSshAgent" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />

contrib/win32/openssh/DockerFile

@@ -1,10 +0,0 @@
-# escape=`
-#0.3.6 (no powershell 6)
-FROM balu1202/openssh-dockerbuildimage-ltsc2019-new:latest
-
-SHELL ["PowerShell.exe", "-command"]
-RUN Set-ExecutionPolicy Unrestricted
-
-COPY ./OpenSSH-build.ps1 /OpenSSH-build.ps1
-
-ENTRYPOINT ["powershell", "-executionpolicy", "unrestricted"]

contrib/win32/openssh/OpenSSH-build.ps1

@@ -1,7 +1,7 @@
 [cmdletbinding()]
 # PowerShell Script to clone, build and package PowerShell from specified fork and branch
 param (    
-    [string] $repolocation = "$pwd\openssh-portable",
+    [string] $repolocation = "$PSScriptRoot\..\..\..",
     [string] $destination = "$env:WORKSPACE",
     [ValidateSet('x86', 'x64', 'arm64', 'arm')]
     [String]$NativeHostArch = 'x64',        

contrib/win32/openssh/config.h.vs

@@ -1727,7 +1727,6 @@
 #define _PATH_LS			"dir"
 #define _PATH_DEVNULL "NUL"
 #define FORK_NOT_SUPPORTED
-#define HAVE_FREEZERO
 #define FILESYSTEM_NO_BACKSLASH
 #define HAVE_LOCALTIME_R
 #define HAVE_DECL_MEMMEM 0

contrib/win32/openssh/openbsd_compat.vcxproj

@@ -58,6 +58,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\bsd-waitpid.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\daemon.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\dirname.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\freezero.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\explicit_bzero.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\fake-rfc2553.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\fmt_scaled.c" />

contrib/win32/openssh/openbsd_compat.vcxproj.filters

@@ -75,6 +75,9 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\dirname.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\freezero.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\explicit_bzero.c">
       <Filter>Source Files</Filter>
     </ClCompile>

contrib/win32/win32compat/misc.c

@@ -1512,15 +1512,6 @@ w32_ctime(const time_t* sourceTime)
 	return ctime_s(destTime, 26, sourceTime) == 0 ? destTime : NULL;
 }
 
-void
-freezero(void *ptr, size_t sz)
-{
-	if (ptr == NULL)
-		return;
-	explicit_bzero(ptr, sz);
-	free(ptr);
-}
-
 int 
 setenv(const char *name, const char *value, int rewrite)
 {

contrib/win32/win32compat/win32_groupaccess.c

@@ -190,6 +190,29 @@ check_group_membership(const char* group)
 {
 	PSID sid = NULL;
 	BOOL is_member = 0;
+	char* utf8_group_name = NULL;
+	
+	// it can be a SID string; if it is - use localized name for that SID
+	wchar_t* group_utf16 = utf8_to_utf16(group);
+	if (ConvertStringSidToSidW(group_utf16, &sid) != 0) {
+		WCHAR group_name[UNLEN + 1];
+		DWORD group_name_length = UNLEN + 1;
+		WCHAR domain_name[DNLEN + 1] = L"";
+		DWORD domain_name_size = DNLEN + 1;
+		SID_NAME_USE account_type = 0;
+		if (LookupAccountSidW(NULL, sid, group_name, &group_name_length,
+			domain_name, &domain_name_size, &account_type) != 0) {
+			utf8_group_name = utf16_to_utf8(group_name);
+			debug3_f("'%s' is translated to '%s'", group, utf8_group_name);
+			group = utf8_group_name;
+		} else {
+			debug3_f("LookupAccountSid failed for '%s'", group);
+		}
+	}
+	else
+	{
+		debug3_f("'%s' not recognized as SID", group);
+	}
 	
 	if ((sid = get_sid(group)) == NULL) {
 		error("unable to resolve group %s", group);
@@ -202,6 +225,10 @@ check_group_membership(const char* group)
 cleanup:
 	if (sid)
 		free(sid);
+	if (group_utf16)
+		free(group_utf16);
+	if (utf8_group_name)
+		free(utf8_group_name);
 	return is_member? 1: 0;
 }
 

servconf.c

@@ -11,6 +11,10 @@
  */
 
 #include "includes.h"
+#ifdef WINDOWS
+#include <LM.h>
+#include <Sddl.h>
+#endif // WINDOWS
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -1835,6 +1839,34 @@ process_server_config_line_depth(ServerOptions *options, char *line,
  parse_allowdenyusers:
 		/* XXX appends to list; doesn't respect first-match-wins */
 		while ((arg = argv_next(&ac, &av)) != NULL) {
+#ifdef WINDOWS
+			// it can be a SID string; if it is - use localized name for that SID
+			PSID Sid = NULL;
+			char* utf8_user_name = NULL;
+			wchar_t* arg_utf16 = utf8_to_utf16(arg);
+			if (ConvertStringSidToSidW(arg_utf16, &Sid) != 0) {
+				WCHAR user_name[UNLEN + 1];
+				DWORD user_name_length = UNLEN + 1;
+				WCHAR domain_name[DNLEN + 1] = L"";
+				DWORD domain_name_size = DNLEN + 1;
+				SID_NAME_USE account_type = 0;
+				if (LookupAccountSidW(NULL, Sid, user_name, &user_name_length,
+					domain_name, &domain_name_size, &account_type) != 0) {
+					utf8_user_name = utf16_to_utf8(user_name);
+					debug3_f("'%s' is translated to '%s'", arg, utf8_user_name);
+					arg = utf8_user_name;
+				} else {
+					debug3_f("LookupAccountSid failed for '%s'", arg);
+				}
+
+				if (Sid)
+					LocalFree(Sid);
+			}
+			else
+			{
+				debug3_f("'%s' not recognized as SID", arg);
+			}
+#endif // WINDOWS
 			if (*arg == '\0' ||
 			    match_user(NULL, NULL, NULL, arg) == -1)
 				fatal("%s line %d: invalid %s pattern: \"%s\"",
@@ -1844,6 +1876,12 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 				continue;
 			opt_array_append(filename, linenum, keyword,
 			    chararrayptr, uintptr, arg);
+#ifdef WINDOWS
+			if (utf8_user_name)
+				free(utf8_user_name);
+			if (arg_utf16)
+				free(arg_utf16);
+#endif // WINDOWS
 		}
 		if (!found) {
 			fatal("%s line %d: no %s specified",
@@ -1866,10 +1904,44 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 				fatal("%s line %d: empty %s pattern",
 				    filename, linenum, keyword);
 			found = 1;
+#ifdef WINDOWS
+			// it can be a SID string; if it is - use localized name for that SID
+			PSID Sid = NULL;
+			char* utf8_group_name = NULL;
+			wchar_t* arg_utf16 = utf8_to_utf16(arg);
+			if (ConvertStringSidToSidW(arg_utf16, &Sid) != 0) {
+				WCHAR group_name[UNLEN + 1];
+				DWORD group_name_length = UNLEN + 1;
+				WCHAR domain_name[DNLEN + 1] = L"";
+				DWORD domain_name_size = DNLEN + 1;
+				SID_NAME_USE account_type = 0;
+				if (LookupAccountSidW(NULL, Sid, group_name, &group_name_length,
+					domain_name, &domain_name_size, &account_type) != 0) {
+					utf8_group_name = utf16_to_utf8(group_name);
+					debug3_f("'%s' is translated to '%s'", arg, utf8_group_name);
+					arg = utf8_group_name;
+				} else {
+					debug3_f("LookupAccountSid failed for '%s'", arg);
+				}
+
+				if (Sid)
+					LocalFree(Sid);
+			}
+			else
+			{
+				debug3_f("'%s' not recognized as SID", arg);
+			}
+#endif // WINDOWS
 			if (!*activep)
 				continue;
 			opt_array_append(filename, linenum, keyword,
 			    chararrayptr, uintptr, arg);
+#ifdef WINDOWS
+			if (utf8_group_name)
+				free(utf8_group_name);
+			if (arg_utf16)
+				free(arg_utf16);
+#endif // WINDOWS
 		}
 		if (!found) {
 			fatal("%s line %d: no %s specified",