because the user password is expired as it breaks password change dialog.
regression in openssh-7.7 reported by Daniel Wagner
OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
download and fsync). These should return -1 on error, not a sftp status code.
patch from Petr Cerny in bz#2871
OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09
the error path instead of trying to read from the socket on the way out,
which resets errno and causes the true error to be misreported. ok djm@
OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a
* Updates To Address OneCore Linking
- Modified generate_s4u_user_token() and sys_auth_passwd() to dynamically load TranslateNameW() to avoid OneCore static library linking.
- Modified getusergroups() to avoid Lsa* calls that are not present in OneCore libraries.
* Updates To Address OneCore Linking - Revisions
- Corrected failure detection logic when TranslateNameW() cannot be located.
* Alternate Thread Creation API To Avoid Memory Leaks
- Switched from CreateThread() to _beginthreadex() and ExitThread() to _endthreadex() in order to avoid potential leaks when linking with static CRT library.
- Addressed a variety of warnings that were being detected with static code analysis.
* Addressed Type Cast Warning
- Added explicit cast to the output of _beginthreadex() to avoid a compiler warning.
* Indentation Fix
Added support to run sshd as non-system. In this mode, sshd can authenticate only the user that sshd is running as, and only via public key authentication.
PowerShell/Win32-OpenSSH#1153
Changes include:
- Removing sid from pwd structure to comply with Unix structure
- Integrating default shell logic within pwd
- pwd placeholder to allow logins using usernames not associated with Windows account (possible via custom LSA authentication)
- Moving all nonPTY logic from shellhost to session.c.
- ssh-shellhost is now exclusively for implementing PTY
- Spawning all session processes from within a shell
- Validation checks in safely_chroot
and that users should specify an explicit Tunnel directive if they don't want
this. bz#2365.
OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d
- Added chroot implementation that simply stores the path in internal state and sets an environment variable
- Spawned processes pickup chroot from environment variable
- Core change in realpath and resolved_path_utf16 now take into account chroot path.
- Unit tests
- Other miscellaneous changes to account for chroot enabled logic in core code
PowerShell/Win32-OpenSSH#190PowerShell/Win32-OpenSSH#292
Skip the pty tests if the platform lacks openpty(3) and has to chown(2)
the pty device explicitly. This typically requires root permissions that
this test lacks.
bz#2856 ok dtucker@
fd rlimit and stop accepting new connections when it is exceeded (with some
grace). Accept is resumed when enough connections are closed.
bz#2576. feedback deraadt; ok dtucker@
OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea
failing. The sftp program terminated with the wrong exit code as sftp called
fatal() instad of exit(0). So when the sigchld handler waits for the child,
remember that it was found. Then don't expect that main() can wait again. OK
dtucker@
OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266
Modified getusergroups() to use s4u tokens to discover nested groups and return them in NetBiosName\GroupName format.
Modified get_passwd() to internally normalize names to NetBiosName\SamAccountName format and changed functions that use it to translate to UPN where necessary.
Removed unnecessary support functions used by previous version of getusergroups().
Various refactoring and function consolidation / simplification.
Addressed several buffer over-read issues.
PowerShell/Win32-OpenSSH#553
This ensures it picks up the definition of DEF_WEAK, the lack of which
can cause compile errors in some cases (eg modern AIX). From
michael at felt.demon.nl.
Reworked resolved_path() into resolved_path_utf16() that combined utf16 conversion and path conditioning into a single function. This eliminated the previously non-threadsafe resolved_path() function that used a static buffer. Changed some functions to use unicode to eliminate use of previous resolve_path function.
Adjusted functions to use resolved_path_utf16().
Collapsed copy_file() function that was only used once.
Corrected compilation errors when debug4() and debug5() are enabled.
Removed debug statements that were interfering with APC wakeup due to the way that logging works in atomicio6().
Filled in a missing parameter in a debug statement.
Changed test helper so test name is displayed when running release build.
Corrected permissions check for whether to run symbolic links in test cases.
Removed TEST_RESOURCES() in unit tests calls due to inconsistent ability to sample handles in Windows 8.1 / Server 2012 R2.
1. Fix issue install-sshd.ps1 failed on Nano
2. Update settings of services in install-sshd.ps1 to match windows inbox
3. added setup tests and update the test helper scripts to run setup tests before changing configurations on the machine
4. added uninstallation tests
establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms). Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.
OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
1. Add support to take key files with windows new line ending (PowerShell/Win32-OpenSSH#1130)
2. add test cases for CRLF
3. Update test helper script to catch the exitcode of unittest and report the failure
4. Enable uni test unittest-sshkey and unittest-sshkey
5. Disable resource check for signal tests due to some API issue to follow.
6. Remove workaround for windows new line ending in test scripts
7. Add test validation for ACL of registry entries when perform ssh-add
