* support SSH2_AGENTC_ADD_ID_CONSTRAINED by treating it as SSH2_AGENTC_ADD_IDENTITY
This ignores the requested constraints:
- SSH_AGENT_CONSTRAIN_LIFETIME
- SSH_AGENT_CONSTRAIN_CONFIRM
- SSH_AGENT_CONSTRAIN_MAXSIGN
- SSH_AGENT_CONSTRAIN_EXTENSION
SSH2_AGENTC_ADD_ID_CONSTRAINED is needed to support add U2F/Fido2 ssh keys to the agent from WSL ssh-add and KeePassXC
ref PowerShell/Win32-OpenSSH#1961
* update buffer pointer to after comment string
sshbuf_peek_string_direct doesn't update request offset pointer
* parse agent constraint messages
returns SSH_AGENT_FAILURE on unsupported constraint types, such as:
* SSH_AGENT_CONSTRAIN_LIFETIME
* SSH_AGENT_CONSTRAIN_CONFIRM
* SSH_AGENT_CONSTRAIN_MAXSIGN
returns SSH_AGENT_FAILURE on unsupported constrain extensions, such as:
"restrict-destination-v00@openssh.com"
accepts and ignores constrain extension "sk-provider@openssh.com"
* reject non-internal skproviders & log
PowerShell/Win32-OpenSSH#1263
Issue: ssh-agent is using default sign algorithm, without considering related flags in request
Fix: parse flags and consider sign algorithm input
PowerShell/Win32-OpenSSH#1234
Issue: ssh-agent has old logic to lookup sshd account
Fix: remove this redundant logic
- Removed #ifdef WINDOWS blocks in base code where the feature support can be conveyed by a failed POSIX API call
- Refactored password authentication code
- Other misc changes - Removed DebugBreak on Release Builds
OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
Changes to installation scripts and tests to accomodate new architectural changes
Issue is within msv1_0.dll (NTLM SSP provider). Working around by doing a fake login that populates internal state within msv1_0.dll so further S4U logons work as expected.
PowerShell/Win32-OpenSSH#727
client now connect to ssh-agent at Identification level, preventing rogue processes hosting "ssh-agent" pipes from impersonating and elevating to client context.
Since ssh-agent now cannot do ImpersonateNamedpipeClient, retrieve the client impersonation token explicitly and rely on ImpersonateLoggedonUser instead.
1. Add file permission check when load or add ssh_config, authorized_keys, private keys, host keys,.
2. set the owner and ACE for create secure file, ex, private key in ssh-keygen.exe
3. Update script OpenSSHTestHelper.psm1 to be able to run Install-OpenSSH if the sshd is running on the machine.
4. add OpenSSHBinPath to path.
5. change indents in agentconfig.c
6. update test script to represent the changes
7. Add tests for:
* authorized_keys and ssh-keygen testing
* host keys file perm testing
* user private key file perm testing
* ssh-add test
* user ssh_config
#576 - fix the EVENT_CONSOLE_CARET issue.. Wrongly read the X, Y coordinates
#575 - when backspace key is pressed then screen is not refreshed correctly
#574 - when delete key is pressed then screen is not refreshed correctly (the last character is repeated in the end)
#573 - while using up/down arrows, screen is not refreshed correctly (there are some left over characters of bigger command)
#572 - clear screen is not clearing the whole console
#571 - Move the cursor to top of visible window so that nothing will be erased on the console.
#570 - code cleanup for console related logic
#569 - wrong implementation of TIOCGWINSZ. This is causing lot of issues when windows open ssh client is connecting to linux ssh server.
#568 - Scrolling issue when the cursor is at the last line of the visible window.
#567 - Logic to pass the raw buffer to console is wrong.
https://github.com/PowerShell/Win32-OpenSSH/issues/479https://github.com/PowerShell/Win32-OpenSSH/issues/476https://github.com/PowerShell/Win32-OpenSSH/issues/474https://github.com/PowerShell/Win32-OpenSSH/issues/467
bug #479 - "ls c:" is not working
sanitized_path() is modified to handle the edge case "\x:"
2.bug #476 - "cd c:" is not working
If "c:" is passed to _fullpath() then it is returning existing path but not "c:", so if we append "\" to "c:" then it is working fine.
3.bug #474 - code cleanup MAX_PATH
Using PATH_MAX variable instead of MAX_PATH
In dirent.h, used PATH_MAX instead of hardcoding 256 characters
In readdir(), changed the pdirentry to be a static variable. Before this, we are leaking the memory.
4.bug #467 - SFTP rename failed if the newpath already exists.
The _wrename throws error if the newpath exists.
To make it consistent with the linux behavrior,
a) if the newpath is a file and if it exists then delete it so that _wrename will succeed.
b) if the newpath is a directory and if it is empty then delete it so that _wrename will succeed.
