Added askpass utility to support change around SSH_ASKPASS logic. Since prompt is now passed as a commandline parameter to SSH_ASKPASS, "cmd /c echo" based logic no longer works for automated passing of password.
Issue: The msg parameter provided to the ssh_askpass function is not forwarded to the command specified by SSH_ASKPASS. This parameter specifies a prompt that should be forwarded as a command line argument to the SSH_ASKPASS-specified command. The logic is correct in the fork-based version but not the posix_spawn-based version of the code.
Fix: Change posix_spawn arguments to include prompt message
Prior logic was using a common variable to encapsulate both these types and doing a runtime check based on GetTokenInformation call to determine the actual underlying type. These two types are not guaranteed to have different values and any conflict could result in a random crash that would be nearly impossible to debug.
Updated gss_release_cred() to test if passed structure is actually a logon token and, if so, release the data properly.
Addresses PowerShell/Win32-OpenSSH#1405
- Set up dedicated test endpoint instead of tweaking main service configuration.
- Got rid of redundant custom test configuration files.
- Cleaned up pester tests directory. Moved test filed to dedicated directory
- Revised TestDaemon start/stop routines to use "netstat" for host process identification. This gets rid of slight flakiness in previous approach.
- Updated check_secure_file_permission() to perform a reverse lookups on the trustee SID within the file security descriptor to account for multiple SIDs that actually point to the same user.
- Updated permissions message to display the resolved SID to help with end user debugging.
Addresses: PowerShell/Win32-OpenSSH#1342
- Enable use of PKCS11 library files by adjusting central configuration file.
- Modified dlsym() to return a void pointer instead of an int which is consistent with POSIX. The previous return type caused an issue with 32-bit builds with PKCS11 enabled.
https://github.com/PowerShell/Win32-OpenSSH/issues/1330
Issue: open(dev/nul) returns a handle is passes isatty() test (i.e its being treated as a terminal handle by OS). This handle seems to work fine for as a console handle for console APIs, except when NUL is explicitly redirected.
This works
ssh -n target hostname
but this hangs due to a deadlock from writing a log entry on a console API failure
ssh -n target hostname < NUL
Fix: Ignore console API failures when the handle is being reported as invalid.
dlerror() is supposed to return a char *, but currently returns a
DWORD. Reimplement it using the Win32 FormatMessage function.
Correctly handle UTF-8 filenames in the Win32 implementation of dlopen()
Some platforms such as HP-UX do not have pam_putenv. Currently the
calls are ifdef'ed out, but a new one was recently added. Remove the
ifdefs and add a no-op implementation. bz#3008, ok djm.
Check if STREAMS modules are already installed on pty before installing
since when compiling with XPG>=4 they will likely be installed already.
Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998,
patch from djm@
A number of contrib/* files refer to the existing README so let's leave
it in place for release and add the new markdown version in parallel.
I'll get rid of README after release.
Include basic build instructions and comments on commonly-used build-
time flags, links to the manual pages and other resources.
Now in Markdown format for better viewing on github, etc.
that could cause connection to close incorrectly; Report and patch from Jakub
Jelen in bz#2757; ok dtucker@ markus@
OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
any" in a Match block overrides a more restrictive global default.
Spotted by jmc@, ok markus@
OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
the estimates from NIST Special Publication 800-57, 3k bits provides security
equivalent to 128 bits which is the smallest symmetric cipher we enable by
default. ok markus@ deraadt@
OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
- Updated Win32 error translation table to translate ERROR_INVALID_FUNCTION as EOPNOTSUPP which in turn allows the SFTP rename capability to failover to rename() when link()/unlink() combination does not work due to the volume not supporting it.
- Addressed file security descriptor with no defined DACL.
PowerShell/Win32-OpenSSH#1357
Seteuid now creates user token using S4U. We don't create a token
from scratch anymore, so we don't need the "Create a process token"
privilege. The service can run under SYSTEM again...
...unless Cygwin is running on Windows Vista or Windows 7 in the
WOW64 32 bit emulation layer. It turns out that WOW64 on these systems
didn't implement MsV1_0 S4U Logon so we still need the fallback
to NtCreateToken for these systems.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Manoj Ampalam
Bryan Berns
denmor86
Manoj Ampalam
bugale
Chris Spencer
djm@openbsd.org
Darren Tucker
Damien Miller
Tim Rice
Jakub Jelen
Corinna Vinschen
dtucker@openbsd.org
jmc@openbsd.org
markus@openbsd.org