From 9ad0bff74be6f1925a79231711b846b5d1967fd5 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Mon, 12 Aug 2024 12:25:23 -0400
Subject: [PATCH 1/4] remove credscan from PR CI job (#741)

---
 .azdo/ci.yml | 37 -------------------------------------
 1 file changed, 37 deletions(-)

diff --git a/.azdo/ci.yml b/.azdo/ci.yml
index 517abf335..796b4868c 100644
--- a/.azdo/ci.yml
+++ b/.azdo/ci.yml
@@ -10,13 +10,6 @@ pr:
     include:
     - latestw_all
 
-resources:
-  repositories:
-  - repository: ComplianceRepo
-    type: github
-    endpoint: ComplianceGHRepo
-    name: PowerShell/compliance
-
 stages:
 - stage: Build
   displayName: Build Win32-OpenSSH
@@ -88,36 +81,6 @@ stages:
         Write-Host "##vso[artifact.upload containerfolder=$artifactName;artifactname=$artifactName;]$configFilePath"
       displayName: Upload Win32-OpenSSH build artifacts
 
-- stage: Compliance
-  displayName: Compliance
-  dependsOn: Build
-  jobs:
-  - job: ComplianceJob
-    pool:
-      vmImage: windows-latest
-    steps:
-    - checkout: self
-      clean: true
-    - checkout: ComplianceRepo
-      clean: true
-    - download: current
-      artifact: 'Win32-OpenSSH'
-    - template: ci-compliance.yml@ComplianceRepo
-      parameters:
-        # credscan
-        suppressionsFile: ''
-    # Documentation: https://eng.ms/docs/security-compliance-identity-and-management-scim/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/security-analysis-report-build-task
-    - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
-      continueOnError: true
-      displayName: 'Guardian Export'
-      inputs:
-        GdnExportVstsConsole: true
-        GdnExportSarifFile: true
-        GdnExportHtmlFile: true
-        GdnExportAllTools: false
-        GdnExportGdnToolCredScan: true
-        #this didn't do anything GdnExportCustomLogsFolder: '$(Build.ArtifactStagingDirectory)/Guardian'
-
 - stage: Test
   displayName: Test Win32-OpenSSH
   dependsOn: Build

From 03ae1035d1238480cb4d35a6c4f174afb0a1e2ab Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Tue, 20 Aug 2024 13:29:41 -0400
Subject: [PATCH 2/4] change comment to ifdef

---
 misc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/misc.c b/misc.c
index c6e0f8871..a87920c63 100644
--- a/misc.c
+++ b/misc.c
@@ -22,7 +22,9 @@
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
-//#include <sys/mman.h>
+#ifndef WINDOWS
+#include <sys/mman.h>
+#endif /* WINDOWS */
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>

From 59a553e67e76c453aa86a35ed1f291a62547f597 Mon Sep 17 00:00:00 2001
From: "Yusi (James) Zhang" <yzhangad@google.com>
Date: Thu, 22 Aug 2024 10:24:24 -0700
Subject: [PATCH 3/4] Missing */. (#742)

---
 contrib/win32/openssh/config.h.vs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs
index abb2229c2..4322af57f 100644
--- a/contrib/win32/openssh/config.h.vs
+++ b/contrib/win32/openssh/config.h.vs
@@ -349,7 +349,7 @@
 /* #undef HAVE_DEV_PTS_AND_PTC */
 
 /* Define to 1 if you have the <dirent.h> header file. */
-/* #undef HAVE_DIRENT_H
+/* #undef HAVE_DIRENT_H */
 
 /* Define to 1 if you have the `dirfd' function. */
 /* #undef HAVE_DIRFD */

From 56d415a029d61ad4c8285ac146e7a491283b0bb6 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Tue, 27 Aug 2024 16:49:50 -0400
Subject: [PATCH 4/4] fix group check for user (#744)

---
 contrib/win32/win32compat/win32_groupaccess.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/contrib/win32/win32compat/win32_groupaccess.c b/contrib/win32/win32compat/win32_groupaccess.c
index 4d2faa402..4e84bad4c 100644
--- a/contrib/win32/win32compat/win32_groupaccess.c
+++ b/contrib/win32/win32compat/win32_groupaccess.c
@@ -248,18 +248,17 @@ ga_init(const char *user, gid_t base)
 
 	if ((user_token = get_user_token(user_name, 0)) == NULL) {
 		/*
-		 * TODO - We need to fatal() all the times when we fail to generate the user token.
+		 * No fatal call here so experience when called by servconf parsing Match block
+		 * is consistent for an invalid user (does not find password, but is not fatal yet)
+		 * and a valid user without a token (ex: group policy forbidding login)
 		 */
-		if (get_custom_lsa_package()) {
-			error("%s, unable to resolve user %s", __func__, user_name);
-			return 0;
-		} else {
-			fatal("%s, unable to resolve user %s", __func__, user_name);
-		}
+		get_custom_lsa_package();
+		error("%s, unable to resolve user %s", __func__, user_name);
+		return 0;
 	}
 		
 	/* 
-	 * supposed to retun number of groups associated with user 
+	 * supposed to return number of groups associated with user 
 	 * since we do lazy group evaluation, returning 1 here
 	 */