On certain machines, virtual tokens were not getting generated due to lack of required privileges. Fixed it by assigning them before doing LogonUserExExW. Consolidated runtime dll loading logic.
PowerShell/Win32-OpenSSH#1162
* Updates To Address OneCore Linking
- Modified generate_s4u_user_token() and sys_auth_passwd() to dynamically load TranslateNameW() to avoid OneCore static library linking.
- Modified getusergroups() to avoid Lsa* calls that are not present in OneCore libraries.
* Updates To Address OneCore Linking - Revisions
- Corrected failure detection logic when TranslateNameW() cannot be located.
* Alternate Thread Creation API To Avoid Memory Leaks
- Switched from CreateThread() to _beginthreadex() and ExitThread() to _endthreadex() in order to avoid potential leaks when linking with static CRT library.
- Addressed a variety of warnings that were being detected with static code analysis.
* Addressed Type Cast Warning
- Added explicit cast to the output of _beginthreadex() to avoid a compiler warning.
* Indentation Fix
Added support to run sshd as non-system. In this mode, sshd can authenticate only the user that sshd is running as, and only via public key authentication.
PowerShell/Win32-OpenSSH#1153
Changes include:
- Removing sid from pwd structure to comply with Unix structure
- Integrating default shell logic within pwd
- pwd placeholder to allow logins using usernames not associated with Windows account (possible via custom LSA authentication)
- Moving all nonPTY logic from shellhost to session.c.
- ssh-shellhost is now exclusively for implementing PTY
- Spawning all session processes from within a shell
- Validation checks in safely_chroot
- Added chroot implementation that simply stores the path in internal state and sets an environment variable
- Spawned processes pickup chroot from environment variable
- Core change in realpath and resolved_path_utf16 now take into account chroot path.
- Unit tests
- Other miscellaneous changes to account for chroot enabled logic in core code
PowerShell/Win32-OpenSSH#190PowerShell/Win32-OpenSSH#292
Modified getusergroups() to use s4u tokens to discover nested groups and return them in NetBiosName\GroupName format.
Modified get_passwd() to internally normalize names to NetBiosName\SamAccountName format and changed functions that use it to translate to UPN where necessary.
Removed unnecessary support functions used by previous version of getusergroups().
Various refactoring and function consolidation / simplification.
Addressed several buffer over-read issues.
PowerShell/Win32-OpenSSH#553
Reworked resolved_path() into resolved_path_utf16() that combined utf16 conversion and path conditioning into a single function. This eliminated the previously non-threadsafe resolved_path() function that used a static buffer. Changed some functions to use unicode to eliminate use of previous resolve_path function.
Adjusted functions to use resolved_path_utf16().
Collapsed copy_file() function that was only used once.
Corrected compilation errors when debug4() and debug5() are enabled.
Removed debug statements that were interfering with APC wakeup due to the way that logging works in atomicio6().
Filled in a missing parameter in a debug statement.
Changed test helper so test name is displayed when running release build.
Corrected permissions check for whether to run symbolic links in test cases.
Removed TEST_RESOURCES() in unit tests calls due to inconsistent ability to sample handles in Windows 8.1 / Server 2012 R2.
1. Fix issue install-sshd.ps1 failed on Nano
2. Update settings of services in install-sshd.ps1 to match windows inbox
3. added setup tests and update the test helper scripts to run setup tests before changing configurations on the machine
4. added uninstallation tests
1. Add support to take key files with windows new line ending (PowerShell/Win32-OpenSSH#1130)
2. add test cases for CRLF
3. Update test helper script to catch the exitcode of unittest and report the failure
4. Enable uni test unittest-sshkey and unittest-sshkey
5. Disable resource check for signal tests due to some API issue to follow.
6. Remove workaround for windows new line ending in test scripts
7. Add test validation for ACL of registry entries when perform ssh-add
- Removed debug statements that were interfering with APC wakeup due to the way that logging works in atomicio6().
- Filled in a missing parameter in a debug statement.
- Reworked resolved_path() into resolved_path_utf16() that combined utf16 conversion and path conditioning into a single function. This eliminated the previously non-threadsafe resolved_path() function.
- Adjusted functions to use resolved_path_utf16().
- Collapsed copy_file() function that was only used once.
- Corrected compilation errors when debug4() and debug5() are enabled.
fileio_open previously treated all O_CREAT flags as CREATE_* flags in
CreateFile; CREATE_* always truncates files but O_CREAT only truncates
files when O_TRUNC is also set on POSIX platforms. This becomes
noticeable under SFTP sessions where remote files are opened with
O_APPEND: the file is instead truncated as in O_CREAT | O_TRUNC.
https://github.com/PowerShell/Win32-OpenSSH/issues/1078
Fixes following issues:
- gettimeofday : Incorrect converting 100ns intervals (from GetSystemTimeAsFileTime) to timeval.
(us % RATE_DIFF) means number of microseconds but it may be great than 10**6
- nanosleep : SetWaitableTimer works with 100ns intervals but get nanoseconnds (only part of timespec) Missed CloseHandle call in WaitForSingleObject error case.
https://github.com/PowerShell/Win32-OpenSSH/issues/1094
On at least some revisions of AIX, strndup returns unterminated strings
under some conditions, apparently because strnlen returns incorrect
values in those cases. Disable both on AIX and use the replacements
from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
- Added implementation of symlink() using native CreateSymbolicLink() function.
- Added unit tests for symlink behavior in readlink(), lstat, stat(), and symlink().
- Reworked readlink() to be more inline with POSIX readlink() behavior.
- Reworked symlink handling in stat/lstat due to revised readlink().
- Added additional error handling to readlink().
- Added symlink() Implementation - Memory Leak Fix
- Modified fileio_readlink() to properly free a temporary buffer it creates.
struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50. Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
modified: openbsd-compat/port-aix.c
modified: openbsd-compat/port-uw.c
propogate changes to auth-passwd.c in commit
7c85685760 to other providers
of sys_auth_passwd()
OpenBSD they are both non-blocking, but on many other -portable platforms it
blocks, stalling tests.
OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc
Manoj Ampalam
Bryan Berns
Yanbing
Dominic Watley
Manoj Ampalam
Daniel Sweet
revngnr
Darren Tucker
bagajjal
markus@openbsd.org
Damien Miller
Tim Rice
dtucker@openbsd.org