- Added wait_for_multiple_objects_enhanced() function that can logically handle wait-any on many children (system resources permitting).
- Added unit tests for wait_for_multiple_objects_enhanced().
- Incorporated use of wait_for_multiple_objects_enhanced() into main signal handler.
- Upped max child processes to 500.
1. Expand wildcard for input parameters
2. add scp tests with wildcard
3. for debug mode, need to enable the log to local log file.
4. update the path to log file
Regression: Service is unable to start if "ssh" programdata directory is missing.
Reason: This is due to refactored changes around w32_programdir() that moved its initialization to within win32_posix_initialize. sshd_main() is relying on this call even before the POSIX layer gets initialized.
Fix: Reverted the refactoring changes and added comments to consolidate these changes later. Also removed directory creation logic in install-sshd.ps1 that masked this issue before.
* Test Fixes on downlevel machines
1. Test fix to run on win7 and win8
2. Add -onecore parameter to start-opensshpackage in build helper script
3. Add copying of libcrypto.dll and libcrypto.pdb
4. Update the build number on appveyor.yml
* add NoOpenSSL and OneCore parameter for packaging
* update the log option so it can print out the build console log
* update script to use vs2017 if it exists
* update path to copy libcrypto.dll
PowerShell/Win32-OpenSSH#1065
Fix: In recent sshd architectural changes, post authentication changes that process user specific changes were missing in authenticated sshd worker. Added missing call.
PowerShell/Win32-OpenSSH#1052
Fix: getpwd* functions will now strip off domain of any local user account.
Updated file version info:
FileVersionRaw : 7.6.0.0
ProductVersionRaw : 7.6.0.0
ProductName : OpenSSH for Windows
ProductVersion : OpenSSH_7.6p1 for Windows
Updated softwareversion - this would show up in protocol identification string and when doing ssh -V
OpenSSH_for_Windows_7.6
Issue: All SSHD unauthenticated workers are currently running as "sshd". Any compromised worker can snoop into the process space of one other worker, steal authentication payload and elevate itself.
Fix: Added logic to spawn the unauthenticated workers under the context of run time unique security identities that will provide complete isolation between these worker processes.
1. Move Start-SSHD-TestDaemon and Stop-SSHD-TestDaemon to commonUtils.psm1
2. Fix the timing issue when trying to read the log while it is still locked by the process.
3, Start the service to create the config fold if it is not there.
4. Skip authorizedkey and sshdconfig tests on win7 since the task scheduler cmdlets are not available on win7.
5. rename variables
PowerShell/Win32-OpenSSH#1032
Issue: Ssh-shellhost.exe creates a job object and ties all its child processes to its lifetime. It does not allow the child processes to break away from this job. This restriction is unnecessary.
Fix: Modified job object to allow child processes to break away if they need to.
* add date in the log file in MM/DD/YYYY format
* changed date format in log file to bigendian ISO 8601 (YYYY-MM-DD) (#256)
The "madendian" MM/DD/YYYY format is not used outside the United States
(and rather irritating elsewhere)
OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
Changes to installation scripts and tests to accomodate new architectural changes
downgrade a couple more request parsing errors from
process-fatal to just returning failure, making them consistent with the
others that were already like that.
OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
fix regression in 7.6: failure to parse a signature request
message shouldn't be fatal to the process, just the request. Reported by Ron
Frederick
OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
fix problem in configuration parsing when in config dump mode
(sshd -T) without providing a full connection specification (sshd -T -C ...)
spotted by bluhm@
OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
Bryan Berns
Yanbing
Manoj Ampalam
bagajjal
David Julitz
Karl Itnic
Manoj Ampalam
djm@openbsd.org@openbsd.org