Merge branch 'latestw_all' into merge-9.8
This commit is contained in:
commit
9a0bf7d05d
|
@ -3,7 +3,6 @@
|
|||
<!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
|
||||
<ComponentGroup Id="Client" Directory="INSTALLFOLDER">
|
||||
<ComponentGroupRef Id="Shared" />
|
||||
<ComponentGroupRef Id="Manifest" />
|
||||
<Component>
|
||||
<File Name="ssh.exe" KeyPath="yes" />
|
||||
</Component>
|
||||
|
|
|
@ -38,11 +38,7 @@
|
|||
|
||||
<Directory Id="TARGETDIR" Name="SourceDir">
|
||||
<Directory Id="$(var.ProgramFilesFolder)" Name="Program Files">
|
||||
<Directory Id="INSTALLFOLDER" Name="OpenSSH" >
|
||||
<Directory Id="MANIFESTFOLDER" Name="_manifest" >
|
||||
<Directory Id="SPDXFOLDER" Name="spdx_2.2" />
|
||||
</Directory>
|
||||
</Directory>
|
||||
<Directory Id="INSTALLFOLDER" Name="OpenSSH" />
|
||||
</Directory>
|
||||
</Directory>
|
||||
</Product>
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
<!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
|
||||
<ComponentGroup Id="Server" Directory="INSTALLFOLDER">
|
||||
<ComponentGroupRef Id="Shared" />
|
||||
<ComponentGroupRef Id="Manifest" />
|
||||
<Component>
|
||||
<File Name="sftp-server.exe" KeyPath="yes" />
|
||||
</Component>
|
||||
|
|
|
@ -70,15 +70,6 @@
|
|||
</Component>
|
||||
</ComponentGroup>
|
||||
|
||||
<ComponentGroup Id="Manifest" Directory="SPDXFOLDER">
|
||||
<Component>
|
||||
<File Name="manifest.spdx.json" Source="_manifest\spdx_2.2\manifest.spdx.json" KeyPath="yes" />
|
||||
</Component>
|
||||
<Component>
|
||||
<File Name="manifest.spdx.json.sha256" Source="_manifest\spdx_2.2\manifest.spdx.json.sha256" KeyPath="yes" />
|
||||
</Component>
|
||||
</ComponentGroup>
|
||||
|
||||
<!-- Automatically add custom actions if referencing the Shared component group. -->
|
||||
<SetProperty Id="SetPrivilegesOnSshAgent" Value=""[SystemFolder]sc.exe" privs ssh-agent SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege" Sequence="execute" Before="SetPrivilegesOnSshAgent" />
|
||||
<CustomAction Id="SetPrivilegesOnSshAgent" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
# escape=`
|
||||
#0.3.6 (no powershell 6)
|
||||
FROM balu1202/openssh-dockerbuildimage-ltsc2019-new:latest
|
||||
|
||||
SHELL ["PowerShell.exe", "-command"]
|
||||
RUN Set-ExecutionPolicy Unrestricted
|
||||
|
||||
COPY ./OpenSSH-build.ps1 /OpenSSH-build.ps1
|
||||
|
||||
ENTRYPOINT ["powershell", "-executionpolicy", "unrestricted"]
|
|
@ -1,7 +1,7 @@
|
|||
[cmdletbinding()]
|
||||
# PowerShell Script to clone, build and package PowerShell from specified fork and branch
|
||||
param (
|
||||
[string] $repolocation = "$pwd\openssh-portable",
|
||||
[string] $repolocation = "$PSScriptRoot\..\..\..",
|
||||
[string] $destination = "$env:WORKSPACE",
|
||||
[ValidateSet('x86', 'x64', 'arm64', 'arm')]
|
||||
[String]$NativeHostArch = 'x64',
|
||||
|
|
|
@ -1728,7 +1728,6 @@
|
|||
#define _PATH_LS "dir"
|
||||
#define _PATH_DEVNULL "NUL"
|
||||
#define FORK_NOT_SUPPORTED
|
||||
#define HAVE_FREEZERO
|
||||
#define FILESYSTEM_NO_BACKSLASH
|
||||
#define HAVE_LOCALTIME_R
|
||||
#define HAVE_DECL_MEMMEM 0
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\bsd-waitpid.c" />
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\daemon.c" />
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\dirname.c" />
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\freezero.c" />
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\explicit_bzero.c" />
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\fake-rfc2553.c" />
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\fmt_scaled.c" />
|
||||
|
|
|
@ -75,6 +75,9 @@
|
|||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\dirname.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\freezero.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\explicit_bzero.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
|
|
Binary file not shown.
|
@ -1512,15 +1512,6 @@ w32_ctime(const time_t* sourceTime)
|
|||
return ctime_s(destTime, 26, sourceTime) == 0 ? destTime : NULL;
|
||||
}
|
||||
|
||||
void
|
||||
freezero(void *ptr, size_t sz)
|
||||
{
|
||||
if (ptr == NULL)
|
||||
return;
|
||||
explicit_bzero(ptr, sz);
|
||||
free(ptr);
|
||||
}
|
||||
|
||||
int
|
||||
setenv(const char *name, const char *value, int rewrite)
|
||||
{
|
||||
|
|
|
@ -190,6 +190,29 @@ check_group_membership(const char* group)
|
|||
{
|
||||
PSID sid = NULL;
|
||||
BOOL is_member = 0;
|
||||
char* utf8_group_name = NULL;
|
||||
|
||||
// it can be a SID string; if it is - use localized name for that SID
|
||||
wchar_t* group_utf16 = utf8_to_utf16(group);
|
||||
if (ConvertStringSidToSidW(group_utf16, &sid) != 0) {
|
||||
WCHAR group_name[UNLEN + 1];
|
||||
DWORD group_name_length = UNLEN + 1;
|
||||
WCHAR domain_name[DNLEN + 1] = L"";
|
||||
DWORD domain_name_size = DNLEN + 1;
|
||||
SID_NAME_USE account_type = 0;
|
||||
if (LookupAccountSidW(NULL, sid, group_name, &group_name_length,
|
||||
domain_name, &domain_name_size, &account_type) != 0) {
|
||||
utf8_group_name = utf16_to_utf8(group_name);
|
||||
debug3_f("'%s' is translated to '%s'", group, utf8_group_name);
|
||||
group = utf8_group_name;
|
||||
} else {
|
||||
debug3_f("LookupAccountSid failed for '%s'", group);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
debug3_f("'%s' not recognized as SID", group);
|
||||
}
|
||||
|
||||
if ((sid = get_sid(group)) == NULL) {
|
||||
error("unable to resolve group %s", group);
|
||||
|
@ -202,6 +225,10 @@ check_group_membership(const char* group)
|
|||
cleanup:
|
||||
if (sid)
|
||||
free(sid);
|
||||
if (group_utf16)
|
||||
free(group_utf16);
|
||||
if (utf8_group_name)
|
||||
free(utf8_group_name);
|
||||
return is_member? 1: 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -97,44 +97,6 @@ _rs_init(u_char *buf, size_t n)
|
|||
{
|
||||
if (n < KEYSZ + IVSZ)
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef WITH_OPENSSL
|
||||
#ifdef WINDOWS
|
||||
#include <Wincrypt.h>
|
||||
static void
|
||||
getrnd(u_char *s, size_t len) {
|
||||
HCRYPTPROV hProvider;
|
||||
if (CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT) == FALSE ||
|
||||
CryptGenRandom(hProvider, len, s) == FALSE ||
|
||||
CryptReleaseContext(hProvider, 0) == FALSE)
|
||||
fatal("%s Crypto error: %d", __func__, GetLastError());
|
||||
}
|
||||
|
||||
#else /* !WINDOWS */
|
||||
# ifndef SSH_RANDOM_DEV
|
||||
# define SSH_RANDOM_DEV "/dev/urandom"
|
||||
# endif /* SSH_RANDOM_DEV */
|
||||
static void
|
||||
getrnd(u_char *s, size_t len)
|
||||
{
|
||||
int fd, save_errno;
|
||||
ssize_t r;
|
||||
size_t o = 0;
|
||||
|
||||
#ifdef HAVE_GETRANDOM
|
||||
if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
|
||||
return;
|
||||
#endif /* HAVE_GETRANDOM */
|
||||
|
||||
if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) {
|
||||
save_errno = errno;
|
||||
/* Try egd/prngd before giving up. */
|
||||
if (seed_from_prngd(s, len) == 0)
|
||||
return;
|
||||
fatal("Couldn't open %s: %s", SSH_RANDOM_DEV,
|
||||
strerror(save_errno));
|
||||
|
||||
if (rs == NULL) {
|
||||
if (_rs_allocate(&rs, &rsx) == -1)
|
||||
|
@ -144,8 +106,6 @@ getrnd(u_char *s, size_t len)
|
|||
chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8);
|
||||
chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
|
||||
}
|
||||
#endif /* !WINDOWS */
|
||||
#endif /* WITH_OPENSSL */
|
||||
|
||||
static void
|
||||
_rs_stir(void)
|
||||
|
@ -290,4 +250,4 @@ arc4random_buf(void *_buf, size_t n)
|
|||
}
|
||||
explicit_bzero(&r, sizeof(r));
|
||||
}
|
||||
#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
|
||||
#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
|
||||
|
|
|
@ -27,10 +27,6 @@ timingsafe_bcmp(const void *b1, const void *b2, size_t n)
|
|||
int ret = 0;
|
||||
|
||||
for (; n > 0; n--) {
|
||||
#ifdef WINDOWS
|
||||
if (*p1 == '\r' && *(p1 + 1) == '\n' && *p2 == '\n')
|
||||
p1++;
|
||||
#endif // WINDOWS
|
||||
ret |= *p1++ ^ *p2++;
|
||||
}
|
||||
|
||||
|
|
71
servconf.c
71
servconf.c
|
@ -11,6 +11,10 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#ifdef WINDOWS
|
||||
#include <LM.h>
|
||||
#include <Sddl.h>
|
||||
#endif // WINDOWS
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
@ -1802,6 +1806,34 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||
parse_allowdenyusers:
|
||||
/* XXX appends to list; doesn't respect first-match-wins */
|
||||
while ((arg = argv_next(&ac, &av)) != NULL) {
|
||||
#ifdef WINDOWS
|
||||
// it can be a SID string; if it is - use localized name for that SID
|
||||
PSID Sid = NULL;
|
||||
char* utf8_user_name = NULL;
|
||||
wchar_t* arg_utf16 = utf8_to_utf16(arg);
|
||||
if (ConvertStringSidToSidW(arg_utf16, &Sid) != 0) {
|
||||
WCHAR user_name[UNLEN + 1];
|
||||
DWORD user_name_length = UNLEN + 1;
|
||||
WCHAR domain_name[DNLEN + 1] = L"";
|
||||
DWORD domain_name_size = DNLEN + 1;
|
||||
SID_NAME_USE account_type = 0;
|
||||
if (LookupAccountSidW(NULL, Sid, user_name, &user_name_length,
|
||||
domain_name, &domain_name_size, &account_type) != 0) {
|
||||
utf8_user_name = utf16_to_utf8(user_name);
|
||||
debug3_f("'%s' is translated to '%s'", arg, utf8_user_name);
|
||||
arg = utf8_user_name;
|
||||
} else {
|
||||
debug3_f("LookupAccountSid failed for '%s'", arg);
|
||||
}
|
||||
|
||||
if (Sid)
|
||||
LocalFree(Sid);
|
||||
}
|
||||
else
|
||||
{
|
||||
debug3_f("'%s' not recognized as SID", arg);
|
||||
}
|
||||
#endif // WINDOWS
|
||||
if (*arg == '\0' ||
|
||||
match_user(NULL, NULL, NULL, arg) == -1)
|
||||
fatal("%s line %d: invalid %s pattern: \"%s\"",
|
||||
|
@ -1811,6 +1843,12 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||
continue;
|
||||
opt_array_append(filename, linenum, keyword,
|
||||
chararrayptr, uintptr, arg);
|
||||
#ifdef WINDOWS
|
||||
if (utf8_user_name)
|
||||
free(utf8_user_name);
|
||||
if (arg_utf16)
|
||||
free(arg_utf16);
|
||||
#endif // WINDOWS
|
||||
}
|
||||
if (!found) {
|
||||
fatal("%s line %d: no %s specified",
|
||||
|
@ -1833,10 +1871,43 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||
fatal("%s line %d: empty %s pattern",
|
||||
filename, linenum, keyword);
|
||||
found = 1;
|
||||
// it can be a SID string; if it is - use localized name for that SID
|
||||
PSID Sid = NULL;
|
||||
char* utf8_group_name = NULL;
|
||||
wchar_t* arg_utf16 = utf8_to_utf16(arg);
|
||||
if (ConvertStringSidToSidW(arg_utf16, &Sid) != 0) {
|
||||
WCHAR group_name[UNLEN + 1];
|
||||
DWORD group_name_length = UNLEN + 1;
|
||||
WCHAR domain_name[DNLEN + 1] = L"";
|
||||
DWORD domain_name_size = DNLEN + 1;
|
||||
SID_NAME_USE account_type = 0;
|
||||
if (LookupAccountSidW(NULL, Sid, group_name, &group_name_length,
|
||||
domain_name, &domain_name_size, &account_type) != 0) {
|
||||
utf8_group_name = utf16_to_utf8(group_name);
|
||||
debug3_f("'%s' is translated to '%s'", arg, utf8_group_name);
|
||||
arg = utf8_group_name;
|
||||
} else {
|
||||
debug3_f("LookupAccountSid failed for '%s'", arg);
|
||||
}
|
||||
|
||||
if (Sid)
|
||||
LocalFree(Sid);
|
||||
}
|
||||
else
|
||||
{
|
||||
debug3_f("'%s' not recognized as SID", arg);
|
||||
}
|
||||
#endif // WINDOWS
|
||||
if (!*activep)
|
||||
continue;
|
||||
opt_array_append(filename, linenum, keyword,
|
||||
chararrayptr, uintptr, arg);
|
||||
#ifdef WINDOWS
|
||||
if (utf8_group_name)
|
||||
free(utf8_group_name);
|
||||
if (arg_utf16)
|
||||
free(arg_utf16);
|
||||
#endif // WINDOWS
|
||||
}
|
||||
if (!found) {
|
||||
fatal("%s line %d: no %s specified",
|
||||
|
|
Loading…
Reference in New Issue