Added askpass utility to support change around SSH_ASKPASS logic. Since prompt is now passed as a commandline parameter to SSH_ASKPASS, "cmd /c echo" based logic no longer works for automated passing of password.
Prior logic was using a common variable to encapsulate both these types and doing a runtime check based on GetTokenInformation call to determine the actual underlying type. These two types are not guaranteed to have different values and any conflict could result in a random crash that would be nearly impossible to debug.
Updated gss_release_cred() to test if passed structure is actually a logon token and, if so, release the data properly.
Addresses PowerShell/Win32-OpenSSH#1405
- Set up dedicated test endpoint instead of tweaking main service configuration.
- Got rid of redundant custom test configuration files.
- Cleaned up pester tests directory. Moved test filed to dedicated directory
- Revised TestDaemon start/stop routines to use "netstat" for host process identification. This gets rid of slight flakiness in previous approach.
- Updated check_secure_file_permission() to perform a reverse lookups on the trustee SID within the file security descriptor to account for multiple SIDs that actually point to the same user.
- Updated permissions message to display the resolved SID to help with end user debugging.
Addresses: PowerShell/Win32-OpenSSH#1342
- Enable use of PKCS11 library files by adjusting central configuration file.
- Modified dlsym() to return a void pointer instead of an int which is consistent with POSIX. The previous return type caused an issue with 32-bit builds with PKCS11 enabled.
https://github.com/PowerShell/Win32-OpenSSH/issues/1330
Issue: open(dev/nul) returns a handle is passes isatty() test (i.e its being treated as a terminal handle by OS). This handle seems to work fine for as a console handle for console APIs, except when NUL is explicitly redirected.
This works
ssh -n target hostname
but this hangs due to a deadlock from writing a log entry on a console API failure
ssh -n target hostname < NUL
Fix: Ignore console API failures when the handle is being reported as invalid.
dlerror() is supposed to return a char *, but currently returns a
DWORD. Reimplement it using the Win32 FormatMessage function.
Correctly handle UTF-8 filenames in the Win32 implementation of dlopen()
- Updated Win32 error translation table to translate ERROR_INVALID_FUNCTION as EOPNOTSUPP which in turn allows the SFTP rename capability to failover to rename() when link()/unlink() combination does not work due to the volume not supporting it.
- Addressed file security descriptor with no defined DACL.
PowerShell/Win32-OpenSSH#1357
Seteuid now creates user token using S4U. We don't create a token
from scratch anymore, so we don't need the "Create a process token"
privilege. The service can run under SYSTEM again...
...unless Cygwin is running on Windows Vista or Windows 7 in the
WOW64 32 bit emulation layer. It turns out that WOW64 on these systems
didn't implement MsV1_0 S4U Logon so we still need the fallback
to NtCreateToken for these systems.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Changes from #353 enabled closing of previously duplicated Console handles - this is causing TTY rendering issues in ssh.exe.
Added a workaround for now to skip closing Console handles.
Added an implementation of GSSAPI interface to support Kerberos SSPI within OpenSSH. This is only a partial definition of the full GSSAPI specification since OpenSSH only requires a subset of the overall GSSAPI functionality.
PowerShell/Win32-OpenSSH#1263
Issue: ssh-agent is using default sign algorithm, without considering related flags in request
Fix: parse flags and consider sign algorithm input
PowerShell/Win32-OpenSSH#1234
Issue: ssh-agent has old logic to lookup sshd account
Fix: remove this redundant logic
Issue: Earlier change missed "return" calls that will end up ignoring singleton logic and re-running console handle generation logic multiple times, leaking previously created handles in the process.
Fix: Add the missing "return" calls
Bryan Berns
bugale
sasdf
bagajjal
Ed Schaller
Manoj Ampalam
Manoj Ampalam
Damien Miller
Sorin Adrian Savu
Chris Spencer
Darren Tucker
Corinna Vinschen
Yan Tesis
Yanbing