Fix failed tests - 1

contrib/win32/openssh/bash_tests_iterator.ps1

@@ -87,7 +87,7 @@ try
 		Set-ItemProperty -Path $registryPath -Name $dfltShell -Value $ShellPath -Force
 		$out = (Get-ItemProperty -Path $registryPath -Name $dfltShell -ErrorAction SilentlyContinue)
 		if ($out.$dfltShell -ne $ShellPath) {
-			Write-Output "Failed to set HKLM:\Software\OpenSSH\DefaultShell to $ShellPath"
+			Write-Error "Failed to set HKLM:\Software\OpenSSH\DefaultShell to $ShellPath"
 			exit
 		}
 
@@ -104,7 +104,14 @@ try
 
 	# Prepend shell path to User PATH in the registry so that SSHD authenticated child process can inherit it.
 	# We can probably delete the logic above to add it to the process PATH, but there is no need.
-	[System.Environment]::SetEnvironmentVariable('Path', $TEST_SHELL_DIR + ";" + $OriginalSystemPath, [System.EnvironmentVariableTarget]::Machine)
+	[System.Environment]::SetEnvironmentVariable('Path', $TEST_SHELL_DIR + ";" + $OpenSSHBinPath + ";" + $OriginalSystemPath, [System.EnvironmentVariableTarget]::Machine)
+
+	# set SSH askpass 
+	$TEST_SSH_ASKPASS = Join-Path $BashTestsPath "pesterTests\utilities\askpass_util\askpass_util.exe" 
+	if (!(Test-Path $TEST_SSH_ASKPASS)) {
+		Write-Error "SSHAskpass:$TEST_SSH_ASKPASS doesn't exist"
+		exit
+	}
 
 	$BashTestsPath = $BashTestsPath -replace "\\","/"
 	Push-location $BashTestsPath
@@ -142,6 +149,8 @@ try
 	$env:TEST_SSH_SCP = $OpenSSHBinPath_shell_fmt+"/scp.exe"
 	$env:BUILDDIR = $BUILDDIR
 	$env:TEST_WINDOWS_SSH = 1
+	$env:TEST_SSH_ASKPASS = $TEST_SSH_ASKPASS
+
 	$user = &"$env:windir\system32\whoami.exe"
 	if($user.Contains($env:COMPUTERNAME.ToLower())) {
 		# for local accounts, skip COMPUTERNAME

contrib/win32/openssh/ssh-pkcs11-helper.vcxproj

@@ -184,7 +184,7 @@
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -209,7 +209,7 @@
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -234,7 +234,7 @@
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -259,7 +259,7 @@
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -285,7 +285,7 @@
       <AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -315,7 +315,7 @@
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <WholeProgramOptimization>true</WholeProgramOptimization>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -345,7 +345,7 @@
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <WholeProgramOptimization>true</WholeProgramOptimization>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -375,7 +375,7 @@
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <WholeProgramOptimization>true</WholeProgramOptimization>
       <ControlFlowGuard>Guard</ControlFlowGuard>
-      <AdditionalOptions>/Gy %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalOptions>/Gy /ZH:SHA_256  %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>

misc.c

@@ -1140,6 +1140,21 @@ freeargs(arglist *args)
 	}
 }
 
+#ifdef WINDOWS
+void
+duplicateargs(arglist *dest, arglist *source)
+{
+	if (!source || !dest)
+		return;
+	
+	if (source->list != NULL) {
+		for (int i = 0; i < source->num; i++) {
+			addargs(dest, source->list[i]);
+		}
+	}
+}
+#endif
+
 /*
  * Expands tildes in the file name.  Returns data allocated by xmalloc.
  * Warning: this calls getpw*.

misc.h

@@ -123,6 +123,9 @@ void	 addargs(arglist *, char *, ...)
 void	 replacearg(arglist *, u_int, char *, ...)
 	    __attribute__((format(printf, 3, 4)));
 void	 freeargs(arglist *);
+#ifdef WINDOWS
+void	 duplicateargs(arglist *, arglist *);
+#endif
 
 int	 tun_open(int, int, char **);
 

regress/agent-restrict.sh

@@ -3,6 +3,12 @@
 
 tid="agent restrictions"
 
+if [ "$os" == "windows" ]; then
+	# Not yet implemented
+	echo "skipped, not applicable on windows OS"
+	exit 0
+fi
+
 SSH_AUTH_SOCK="$OBJ/agent.sock"
 export SSH_AUTH_SOCK
 rm -f $SSH_AUTH_SOCK $OBJ/agent.log $OBJ/host_[abcdex]* $OBJ/user_[abcdex]*

regress/exit-status-signal.sh

@@ -11,14 +11,21 @@ ssh_pid=$!
 n=20
 while [ ! -f $OBJ/remote_pid ] && [ $n -gt 0 ]; do
 	n=$(($n - 1))
+	echo "sleep for 1 sec"
 	sleep 1
 done
 
+echo "killing ssh_pid:$ssh_pid"
 kill $ssh_pid
+echo "waiting for ssh_pid:$ssh_pid"
 wait $ssh_pid
 exit_code=$?
+echo "exit_code:$exit_code"
 
 if [ $exit_code -eq 0 ]; then
 	fail "ssh client should fail on signal"
 fi
 
+if [ "$os" == "windows" ]; then
+	powershell.exe /c "stop-process -name sleep" >/dev/null 2>&1
+fi

regress/hostkey-agent.sh

@@ -6,16 +6,19 @@ tid="hostkey agent"
 rm -f $OBJ/agent-key.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig $OBJ/agent-ca*
 
 trace "start agent"
+
+if [ "$os" == "windows" ]; then
+	# Windows ssh-agent doesn't support "-s" option so we need to set SSH_AUTH_SOCK env here.
+	SSH_AUTH_SOCK="\\\\\\.\\pipe\\openssh-ssh-agent"
+	powershell.exe -c "net start ssh-agent"
+	powershell.exe -c "Get-Process -Name ssh*"
+	${SSHADD} -D
+else
 	eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
 	r=$?
 	[ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r"
-
-grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
-if [ "$os" == "windows" ]; then
-	# Windows ssh-agent doesn't support "-s" option so we need to set SSH_AUTH_SOCK env here.
-	SSH_AUTH_SOCK="\\\\.\\pipe\\openssh-ssh-agent"
-	${SSHADD} -D
 fi
+grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
 echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig
 
 trace "make CA key"
@@ -54,12 +57,15 @@ for k in $SSH_KEYTYPES ; do
 	fi
 done
 
-SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com'`
+SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com' | maybe_filter_sk`
 
 # Prepare sshd_proxy for certificates.
 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
 HOSTKEYALGS=""
 for k in $SSH_CERTTYPES ; do
+	if [ "$os" == "windows" ]; then
+		k=${k/$'\r'/} # Remove CR (carriage return)
+	fi
 	test -z "$HOSTKEYALGS" || HOSTKEYALGS="${HOSTKEYALGS},"
 	HOSTKEYALGS="${HOSTKEYALGS}${k}"
 done
@@ -87,10 +93,12 @@ for k in $SSH_CERTTYPES ; do
 	fi
 done
 
+trace "kill agent"
 if [ "$os" == "windows" ]; then
 	#keys added through ssh-add are stored in windows registry so delete them.
 	${SSHADD} -D
-fi
+	powershell.exe -c "net stop ssh-agent"
-trace "kill agent"
+else
 	${SSHAGENT} -k > /dev/null
+fi
 

regress/keygen-convert.sh

@@ -28,7 +28,7 @@ for t in ${SSH_KEYTYPES}; do
 		${SSHKEYGEN} -q -e -f $OBJ/$t-key.pub >$OBJ/$t-key-rfc.pub || \
 		    fail "$t public to rfc4716 public"
 
-		cmp $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \
+		diff --strip-trailing-cr $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \
 		    fail "$t rfc4716 exports differ between public and private"
 
 		trace "import $t rfc4716 public"
@@ -36,7 +36,7 @@ for t in ${SSH_KEYTYPES}; do
 		    fail "$t import rfc4716 public"
 
 		cut -f1,2 -d " " $OBJ/$t-key.pub >$OBJ/$t-key-nocomment.pub
-		cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \
+		diff --strip-trailing-cr $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \
 		    fail "$t imported differs from original"
 	fi
 
@@ -45,9 +45,16 @@ for t in ${SSH_KEYTYPES}; do
 	    fail "$t set passphrase failed"
 
 	trace "export $t to public with passphrase"
+	
+	if [ "$os" == "windows" ]; then
+		SSH_ASKPASS=$TEST_SSH_ASKPASS SSH_ASKPASS_REQUIRE=force ASKPASS_PASSWORD="hunter2" \
+			${SSHKEYGEN} -y -f $OBJ/$t-key >$OBJ/$t-key-nocomment.pub	
+	else
 		SSH_ASKPASS=$OBJ/askpass SSH_ASKPASS_REQUIRE=force \
 			${SSHKEYGEN} -y -f $OBJ/$t-key >$OBJ/$t-key-nocomment.pub
-	cmp $OBJ/$t-key.pub $OBJ/$t-key-nocomment.pub || \
+	fi
+
+	diff --strip-trailing-cr $OBJ/$t-key.pub $OBJ/$t-key-nocomment.pub || \
 	    fail "$t exported pubkey differs from generated"
 
 	rm -f $OBJ/$t-key $OBJ/$t-key.pub $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub \

regress/keygen-sshfp.sh

@@ -5,23 +5,23 @@ tid="keygen-sshfp"
 
 trace "keygen fingerprints"
 fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \
-    awk '$5=="1"{print $6}'`
+    awk '$5=="1"{print $6}' | sed 's/\r$//'`
 if [ "$fp" != "8a8647a7567e202ce317e62606c799c53d4c121f" ]; then
 	fail "keygen fingerprint sha1"
 fi
 fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \
-    awk '$5=="2"{print $6}'`
+    awk '$5=="2"{print $6}' | sed 's/\r$//'`
 if [ "$fp" != \
     "54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" ]; then
 	fail "keygen fingerprint sha256"
 fi
 
 if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then
-	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'`
+	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}' | sed 's/\r$//'`
 	if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then
 		fail "keygen fingerprint sha1"
 	fi
-	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}'`
+	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}' | sed 's/\r$//'`
 	if [ "$fp" != \
 	    "e30d6b9eb7a4de495324e4d5870b8220577993ea6af417e8e4a4f1c5bf01a9b6" ]; then
 		fail "keygen fingerprint sha256"

regress/knownhosts-command.sh

@@ -42,6 +42,10 @@ _EOF
 chmod a+x $OBJ/knownhosts_command
 ${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with bad exit"
 
+# replace "redmond/<username>" to "redmond\<username>"
+expected_username="${LOGNAME////\\}"
+echo "expected_username: $expected_username"
+
 for keytype in ${SSH_HOSTKEY_TYPES} ; do
 	algs=$keytype
 	test "x$keytype" = "xssh-dss" && continue
@@ -51,7 +55,7 @@ for keytype in ${SSH_HOSTKEY_TYPES} ; do
 #!/bin/sh
 die() { echo "\$@" 1>&2 ; exit 1; }
 test "x\$1" = "x$keytype" || die "wrong keytype \$1 (expected $keytype)"
-test "x\$3" = "x$LOGNAME" || die "wrong username \$3 (expected $LOGNAME)"
+test "x\$3" = "x$expected_username" || die "wrong username \$3 (expected $expected_username)"
 grep -- "\$1.*\$2" $OBJ/known_hosts
 _EOF
 	${SSH} -F $OBJ/ssh_proxy -oHostKeyAlgorithms=$algs x true ||

regress/pesterTests/AuthorizedKeysCommand.Tests.ps1

@@ -42,7 +42,7 @@ Describe "E2E scenarios for AuthorizedKeysCommand" -Tags "CI" {
             #override authorizedkeysfile location to an unknown location, so AuthorizedKeysCommand gets executed
             $kcOutFile = Join-Path $testDir "$tC.$tI.kcout.txt"
             Remove-Item -Force $kcOutFile -ErrorAction SilentlyContinue
-            $sshdArgs = "-d -f $sshdconfig  -E $logFile -o `"AuthorizedKeysFile .fake/authorized_keys`""
+            $sshdArgs = "-ddd -f $sshdconfig  -E $logFile -o `"AuthorizedKeysFile .fake/authorized_keys`""
             $sshdArgs += " -o `"AuthorizedKeysCommand=$env:windir\system32\cmd.exe /c echo ssh-ed25519 %k & whoami > $kcOutFile`""
             $sshdArgs += " -o `"AuthorizedKeysCommandUser=$ssouser`""
             $sshdArgs += " -o PasswordAuthentication=no"

regress/pesterTests/SSHDConfig.tests.ps1

@@ -169,7 +169,7 @@ Match User matchuser
 #>
      Context "Tests of AllowGroups, AllowUsers, DenyUsers, DenyGroups" {
         BeforeAll {            
-            $password = "Bull_dog1"
+            $password = "Bull_dog123456"
 
             $allowUser1 = "allowuser1"
             $allowUser2 = "allowuser2"

regress/sshcfgparse.sh

@@ -171,8 +171,14 @@ Host *
     TunnelDevice 1:2
 EOD
 f=`${SSH} -GF $OBJ/ssh_config.0 -oipqos=cs1 host | awk '/^ipqos /{print$2}'`
+if [ "$os" == "windows" ]; then
+	f=${f/$'\r'/} # remove CR (carriage return)
+fi
 expect_result_present "$f" "cs1"
 f=`${SSH} -GF $OBJ/ssh_config.0 -otunneldevice=3:4 host | awk '/^tunneldevice /{print$2}'`
+if [ "$os" == "windows" ]; then
+	f=${f/$'\r'/} # remove CR (carriage return)
+fi
 expect_result_present "$f" "3:4"
 
 # cleanup

regress/sshsig.sh

@@ -85,7 +85,7 @@ for t in $SIGNKEYS; do
 		< $DATA | cut -d' ' -f1-2 > ${OBJ}/${keybase}-fromsig.pub || \
 		fail "failed signature for $t key w/ print-pubkey"
 	cut -d' ' -f1-2 ${OBJ}/${keybase}.pub > ${OBJ}/${keybase}-strip.pub
-	diff -r ${OBJ}/${keybase}-strip.pub ${OBJ}/${keybase}-fromsig.pub || \
+	diff --strip-trailing-cr -r ${OBJ}/${keybase}-strip.pub ${OBJ}/${keybase}-fromsig.pub || \
 		fail "print-pubkey differs from signature key"
 
 	# Invalid option

regress/test-exec.sh

@@ -3,13 +3,6 @@
 
 #SUDO=sudo
 
-if [ "x$TEST_WINDOWS_SSH" != "x" ]; then
-	os="windows"
-	USER=$TEST_SSH_USER
-	USER_DOMAIN=$TEST_SSH_USER_DOMAIN
-	LOGNAME=$USER
-fi
-
 if [ ! -x "$TEST_SSH_ELAPSED_TIMES" ]; then
 	STARTTIME=`date '+%s'`
 fi
@@ -47,7 +40,12 @@ fi
 unset SSH_AUTH_SOCK
 
 # Portable-specific settings.
-
+if [ "x$TEST_WINDOWS_SSH" != "x" ]; then
+	os="windows"
+	USER=$TEST_SSH_USER
+	USER_DOMAIN=$TEST_SSH_USER_DOMAIN
+	LOGNAME=$USER
+else
 	if [ -x /usr/ucb/whoami ]; then
 		USER=`/usr/ucb/whoami`
 	elif whoami >/dev/null 2>&1; then
@@ -75,6 +73,7 @@ CYGWIN*)
 		os=cygwin
 		;;
 	esac
+fi
 
 # If configure tells us to use a different egrep, create a wrapper function
 # to call it.  This means we don't need to change all the tests that depend
@@ -528,6 +527,7 @@ cat << EOF > $OBJ/sshd_config
 	PidFile			$PIDFILE
 	AuthorizedKeysFile	$OBJ/authorized_keys_%u
 	LogLevel		DEBUG3
+	SyslogFacility LOCAL0
 	AcceptEnv		_XXX_TEST_*
 	AcceptEnv		_XXX_TEST
 	Subsystem	sftp	$SFTPSERVER

scp.c

@@ -354,18 +354,25 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
 
 	/* Fork a child to execute the command on the remote host using ssh. */
 #ifdef FORK_NOT_SUPPORTED
-	replacearg(&args, 0, "%s", ssh_program);		
+	// We shouldn't change the "args"
+	arglist args_dup;
+	memset(&args_dup, '\0', sizeof(remote_remote_args));
+	duplicateargs(&args_dup, &args);
+
+	replacearg(&args_dup, 0, "%s", program);		
 	if (port != -1) {
-		addargs(&args, "-p");
+		addargs(&args_dup, "-p");
-		addargs(&args, "%d", port);
+		addargs(&args_dup, "%d", port);
 	}
 	if (remuser != NULL) {
-		addargs(&args, "-l");
+		addargs(&args_dup, "-l");
-		addargs(&args, "%s", remuser);
+		addargs(&args_dup, "%s", remuser);
 	}
-	addargs(&args, "--");
+	if (subsystem)
-	addargs(&args, "%s", host);
+		addargs(&args_dup, "-s");
-	addargs(&args, "%s", cmd);
+	addargs(&args_dup, "--");
+	addargs(&args_dup, "%s", host);
+	addargs(&args_dup, "%s", cmd);
 
 	{
 		posix_spawn_file_actions_t actions;
@@ -375,12 +382,13 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
 		    posix_spawn_file_actions_adddup2(&actions, pin[0], STDIN_FILENO) != 0 ||
 		    posix_spawn_file_actions_adddup2(&actions, pout[1], STDOUT_FILENO) != 0 )
 			fatal("posix_spawn initialization failed");
-		else if (posix_spawn(&do_cmd_pid, args.list[0], &actions, NULL, args.list, NULL) != 0) 
+		else if (posix_spawn(&do_cmd_pid, args_dup.list[0], &actions, NULL, args_dup.list, NULL) != 0) 
 			fatal("posix_spawn: %s", strerror(errno));
 			
 			posix_spawn_file_actions_destroy(&actions);
 	}
 
+	freeargs(&args_dup);
 #else
 	*pid = fork();
 	if (*pid == 0) {
@@ -449,18 +457,25 @@ do_cmd2(char *host, char *remuser, int port, char *cmd,
 	/* Fork a child to execute the command on the remote host using ssh. */
 #ifdef FORK_NOT_SUPPORTED
 	/* generate command line and spawn_child */
-	replacearg(&args, 0, "%s", ssh_program);	
+	
+	// We shouldn't change the "args"
+	arglist args_dup;
+	memset(&args_dup, '\0', sizeof(remote_remote_args));
+	duplicateargs(&args_dup, &args);
+
+	replacearg(&args_dup, 0, "%s", ssh_program);	
 	if (port != -1) {
-		addargs(&args, "-p");
+		addargs(&args_dup, "-p");
-		addargs(&args, "%d", port);
+		addargs(&args_dup, "%d", port);
 	}
 	if (remuser != NULL) {
-		addargs(&args, "-l");
+		addargs(&args_dup, "-l");
-		addargs(&args, "%s", remuser);
+		addargs(&args_dup, "%s", remuser);
 	}
-	addargs(&args, "--");
+	addargs(&args_dup, "-oBatchMode=yes");
-	addargs(&args, "%s", host);
+	addargs(&args_dup, "--");
-	addargs(&args, "%s", cmd);
+	addargs(&args_dup, "%s", host);
+	addargs(&args_dup, "%s", cmd);
 
 	{
 		posix_spawn_file_actions_t actions;
@@ -470,11 +485,13 @@ do_cmd2(char *host, char *remuser, int port, char *cmd,
 		    posix_spawn_file_actions_adddup2(&actions, fdin, STDIN_FILENO) != 0 ||
 		    posix_spawn_file_actions_adddup2(&actions, fdout, STDOUT_FILENO) != 0 ) 
 			fatal("posix_spawn initialization failed");
-		else if (posix_spawn(&pid, args.list[0], &actions, NULL, args.list, NULL) != 0) 
+		else if (posix_spawn(&pid, args_dup.list[0], &actions, NULL, args_dup.list, NULL) != 0) 
 			fatal("posix_spawn: %s", strerror(errno));
 
 		posix_spawn_file_actions_destroy(&actions);
 	}
+
+	freeargs(&args_dup);
 #else 
 	pid = fork();
 	if (pid == 0) {

servconf.c

@@ -2321,7 +2321,11 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 		charptr = &options->authorized_keys_command;
  parse_command:
 		len = strspn(str, WHITESPACE);
+#ifdef WINDOWS
+		if (!path_absolute(str + len) && strcasecmp(str + len, "none") != 0) {
+#else
 		if (str[len] != '/' && strcasecmp(str + len, "none") != 0) {
+#endif
 			fatal("%.200s line %d: %s must be an absolute path",
 			    filename, linenum, keyword);
 		}

session.c

@@ -1192,9 +1192,12 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
 
 	if (debug_flag) {
 		/* dump the environment */
-		fprintf(stderr, "Environment:\n");
+		debug3("Environment:\n");
-		for (i = 0; env[i]; i++)
+		fprintf(stderr, "Environment:");
+		for (i = 0; env[i]; i++) {
 			fprintf(stderr, "  %.200s\n", env[i]);
+			debug3("  %.200s", env[i]);
+		}
 	}
 	return env;
 }

ssh-keygen.c

@@ -3088,6 +3088,7 @@ sk_suffix(const char *application, const uint8_t *user, size_t userlen)
 
 	/* Append user-id, escaping non-UTF-8 characters */
 	slen = userlen - i;
+#ifndef WINDOWS
 	if (asmprintf(&cp, INT_MAX, NULL, "%.*s", (int)slen, user) == -1)
 		fatal_f("asmprintf failed");
 	/* Don't emit a user-id that contains path or control characters */
@@ -3096,6 +3097,9 @@ sk_suffix(const char *application, const uint8_t *user, size_t userlen)
 		free(cp);
 		cp = tohex(user, slen);
 	}
+#else
+	cp = tohex(user, slen);
+#endif
 	xextendf(&ret, "_", "%s", cp);
 	free(cp);
 	return ret;

sshd.c

@@ -1721,7 +1721,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 				startup_pipe = -1;
 				pid = getpid();
 				if (rexec_flag) {
+#ifndef WINDOWS
 					send_rexec_state(config_s[0], cfg);
+#endif
 					close(config_s[0]);
 				}
 				free(pfd);