- Removed debug statements that were interfering with APC wakeup due to the way that logging works in atomicio6().
- Filled in a missing parameter in a debug statement.
- Reworked resolved_path() into resolved_path_utf16() that combined utf16 conversion and path conditioning into a single function. This eliminated the previously non-threadsafe resolved_path() function.
- Adjusted functions to use resolved_path_utf16().
- Collapsed copy_file() function that was only used once.
- Corrected compilation errors when debug4() and debug5() are enabled.
fileio_open previously treated all O_CREAT flags as CREATE_* flags in
CreateFile; CREATE_* always truncates files but O_CREAT only truncates
files when O_TRUNC is also set on POSIX platforms. This becomes
noticeable under SFTP sessions where remote files are opened with
O_APPEND: the file is instead truncated as in O_CREAT | O_TRUNC.
https://github.com/PowerShell/Win32-OpenSSH/issues/1078
Fixes following issues:
- gettimeofday : Incorrect converting 100ns intervals (from GetSystemTimeAsFileTime) to timeval.
(us % RATE_DIFF) means number of microseconds but it may be great than 10**6
- nanosleep : SetWaitableTimer works with 100ns intervals but get nanoseconnds (only part of timespec) Missed CloseHandle call in WaitForSingleObject error case.
https://github.com/PowerShell/Win32-OpenSSH/issues/1094
- Added implementation of symlink() using native CreateSymbolicLink() function.
- Added unit tests for symlink behavior in readlink(), lstat, stat(), and symlink().
- Reworked readlink() to be more inline with POSIX readlink() behavior.
- Reworked symlink handling in stat/lstat due to revised readlink().
- Added additional error handling to readlink().
- Added symlink() Implementation - Memory Leak Fix
- Modified fileio_readlink() to properly free a temporary buffer it creates.
https://github.com/PowerShell/Win32-OpenSSH/issues/1096https://github.com/PowerShell/Win32-OpenSSH/issues/191
- Updated wait_for_multiple_objects_enhanced() to handle a no-event request while alterable.
- Simplified wait_for_any_event() to by taking advantage of no-event alterable request in wait_for_multiple_objects_enhanced().
- Updated wait_for_any_event() to use MAX_CHILDREN limit instead of MAXIMUM_WAIT_OBJECTS limit.
- Removed unnecessary ZeroMemory() call.
- Created distinct definition MAXIMUM_WAIT_OBJECTS_ENHANCED
and modified functions to use it.
- Upped w32_select() event limit.
- Modified wait_for_multiple_objects_enhanced() to allow for 0 millisecond wait.
- Added wait_for_multiple_objects_enhanced() function that can logically handle wait-any on many children (system resources permitting).
- Added unit tests for wait_for_multiple_objects_enhanced().
- Incorporated use of wait_for_multiple_objects_enhanced() into main signal handler.
- Upped max child processes to 500.
Regression: Service is unable to start if "ssh" programdata directory is missing.
Reason: This is due to refactored changes around w32_programdir() that moved its initialization to within win32_posix_initialize. sshd_main() is relying on this call even before the POSIX layer gets initialized.
Fix: Reverted the refactoring changes and added comments to consolidate these changes later. Also removed directory creation logic in install-sshd.ps1 that masked this issue before.
PowerShell/Win32-OpenSSH#1065
Fix: In recent sshd architectural changes, post authentication changes that process user specific changes were missing in authenticated sshd worker. Added missing call.
PowerShell/Win32-OpenSSH#1052
Fix: getpwd* functions will now strip off domain of any local user account.
Issue: All SSHD unauthenticated workers are currently running as "sshd". Any compromised worker can snoop into the process space of one other worker, steal authentication payload and elevate itself.
Fix: Added logic to spawn the unauthenticated workers under the context of run time unique security identities that will provide complete isolation between these worker processes.
PowerShell/Win32-OpenSSH#1032
Issue: Ssh-shellhost.exe creates a job object and ties all its child processes to its lifetime. It does not allow the child processes to break away from this job. This restriction is unnecessary.
Fix: Modified job object to allow child processes to break away if they need to.
* add date in the log file in MM/DD/YYYY format
* changed date format in log file to bigendian ISO 8601 (YYYY-MM-DD) (#256)
The "madendian" MM/DD/YYYY format is not used outside the United States
(and rather irritating elsewhere)
OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
Changes to installation scripts and tests to accomodate new architectural changes
PowerShell/Win32-OpenSSH#929
Issue: ReadThread prematurely returns on read io error. This results in APC never getting set and hence the corresponding fd is never set on select resulting the hang seen in issue 929.
Also removed the static instances storing sync io status, since there could be multiple sync fds operating at the same time. Moved the sync io status to w32_io object itself.
