tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-04-08 18:35:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: tyler.durden:v9.2.0.0
Branches Tags
tyler.durden:latestw_all
tyler.durden:sha1_cleanup
tyler.durden:bagajjal/upstream_tag_branch
tyler.durden:upstream_tag_branch
tyler.durden:V8_9_merge
tyler.durden:latestw
tyler.durden:v9.8.1.0
tyler.durden:v9.8.0.0
tyler.durden:v9.5.0.0
tyler.durden:v9.4.0.0
tyler.durden:v9.2.2.0
tyler.durden:v9.2.0.0
tyler.durden:v9.1.0.0
tyler.durden:V8.9.1.0
tyler.durden:v8.9.0.0
tyler.durden:v8.6.0.0
tyler.durden:v8.1.0.0
tyler.durden:v8.0.0.0
tyler.durden:v7.9.0.0
tyler.durden:v7.7.2.0
tyler.durden:v7.7.1.0
tyler.durden:v7.7.0.0
tyler.durden:v7.6.1.0
tyler.durden:v7.6.0.1
tyler.durden:v7.6.0.0
tyler.durden:v0.0.18.0
...
compare: tyler.durden:latestw_all
Branches Tags
tyler.durden:latestw_all
tyler.durden:sha1_cleanup
tyler.durden:bagajjal/upstream_tag_branch
tyler.durden:upstream_tag_branch
tyler.durden:V8_9_merge
tyler.durden:latestw
tyler.durden:v9.8.1.0
tyler.durden:v9.8.0.0
tyler.durden:v9.5.0.0
tyler.durden:v9.4.0.0
tyler.durden:v9.2.2.0
tyler.durden:v9.2.0.0
tyler.durden:v9.1.0.0
tyler.durden:V8.9.1.0
tyler.durden:v8.9.0.0
tyler.durden:v8.6.0.0
tyler.durden:v8.1.0.0
tyler.durden:v8.0.0.0
tyler.durden:v7.9.0.0
tyler.durden:v7.7.2.0
tyler.durden:v7.7.1.0
tyler.durden:v7.7.0.0
tyler.durden:v7.6.1.0
tyler.durden:v7.6.0.1
tyler.durden:v7.6.0.0
tyler.durden:v0.0.18.0

756 Commits
v9.2.0.0 ... latestw_al

Author SHA1 Message Date
Tess Gauthier
fdde2326f9
Fix static analysis warning (#779) 
* update function declaration and definition to match usage

* change _Outptr_ to _Out_
 2025-04-01 14:15:59 -04:00
Tess Gauthier
de4c0c7c59
fix warnings (#780) 2025-03-31 15:15:57 -04:00
LainOTN2
31f8d13ab6
Fix for Y2038 gettimeofday for Win32 builds (#738) 
* Fix for Y2038 gettimeofday for Win32 builds

* fixing spaces

* Fixing also the builtin gettimeofday
 2025-03-26 14:50:34 -04:00
Tess Gauthier
ae72d833fd
Crank version (#778) 
* bump libressl version

* bump openssh version
 2025-03-26 11:40:53 -04:00
Tess Gauthier
0096029101
fix non-interactive session regression with sshd-session (#775) 
* change sshd to sshd-session for process flag

* add pester test
 2025-03-13 15:28:04 -04:00
Tess Gauthier
a96b3fbae4
add publish test results step to CI with pester test fix (#772) 
* upload results from setup tests

* Update test results file path in CI

* Update ci.yml

* Update Setup.Tests.ps1

* Add systemDrive variable and update paths

* Update variable names in CI configuration

* Enable task failure on failed tests

* Comment out sshd service stop command to test CI

* uncomment part of pester test
 2025-02-24 16:57:30 -05:00
Tess Gauthier
8514f78233
change default keygen key type (#760) 
* change default keygen key type

* increase DEFAULT_BITS_ECDSA to 384

* change default key path to ECDSA
 2025-02-21 14:26:04 -05:00
Tess Gauthier
41734eb591
Update chroot symlink check (#765) 
* start sftp chroot symlink fix

* update symlink logic chroot check

* fix order
 2025-02-20 16:26:18 -05:00
Leonard Hecker
8fe096c7b7
Increase stdin chunksize from 16 to 1024 chars (#771) 2025-01-13 10:51:15 -05:00
Tess Gauthier
b36bc85f47
Update ssh folder permissions check in SSHD (#761) 
* remove check on progdata/ssh/log folder permissions

* add pester test

* modify permissions check to log event without failing startup

* modify perm check

* update test

* uncomment code

* modify pester test

* address review feedback

* address review feedback

* fix multi-line logging

* cleanup allocations

* address review feedback

* address additional review feedback

* store value in tmp var
 2025-01-10 10:47:23 -05:00
Tess Gauthier
7baad0a474
make env vars optional for default allow list path (#757) 
* make env vars optional for default allow list path

* add pkcs11 pester test

* use lowercasing within method
 2025-01-07 10:02:04 -05:00
Tess Gauthier
86bc0d7df9
remove sntrup761x25519-sha512 from supported kex list (#756) 2025-01-06 14:12:21 -05:00
Tess Gauthier
cdcc8d34d8
Fix tilde expand for Windows paths with backslashes (#768) 
* add backslash support for Windows paths

* add pester tests for tilde_expand

* fix typo
 2025-01-06 14:11:58 -05:00
Andrew
0c3137f621
Fix hang in syncio_close (#763) 2024-12-18 15:36:43 -05:00
Tess Gauthier
265df19787
Fix include paths (#770) 
* fix Include abs path on Windows

* add pester tests for Include directive

* fix tests

* fix typo
 2024-12-10 11:57:15 -05:00
Tess Gauthier
348084cc9a
Update sshd_config to latest defaults (#769) 2024-12-09 11:27:41 -05:00
Tess Gauthier
0dd6d2cd21
username logging fix (#762) 
* initial pass at including username from sftp

* initialize user to unknown

* update tests

* fix spacing

* fix test take 2
 2024-11-21 16:42:02 -05:00
manu0401
27f6cfa7b0
Add an environement variable to control stdio mode (#759) 
* Add an environement variable to control stdio mode

stdio descriptors (stdin, stdout and stderr) can be operated in various
modes by win32compat code. The behavior is set very early in
fd_table_initialize() by setting pio->type.

In https://github.com/PowerShell/Win32-OpenSSH/issues/1427 it was
chosen to set pio->type to NONSOCK_SYNC_FD to resolve an I/O hang
problem. Unfortunately this introduce problems for other ssh usage.

sshfs-wiun uses ssh and has at leas 6 open issues for the same
problem introduced by this NONSOCK_SYNC_FD change:
https://github.com/winfsp/sshfs-win/issues?q=is%3Aissue+cb+%3A87

The sshfs-win workaround it to use an older ssh.exe from cygwin, which
is bundled with sshfs-win. This program is unable to use ssh-agent,
which is quite frustrating. And if PATH is not set to use it, sshfs-win
cannot work.

This change introduce an OPENSSH_STDIO_MODE environment variable that
can be set to the following values: unknown, sock, nonsock, nonsock_sync.
It cause pio->type to be set to UNKNOWN_FD, SOCK_FD, NONSOCK_FD, and
NONSOCK_SYNC_FD respecitively. The default behavior when the variable
is not set is unchanged (which means NONSOCK_SYNC_FD).

Setting OPENSSH_STDIO_MODE="nonsock" lets sshfs-win work again with
openssh-portable ssh.exe. ssh-agent can be used, and this is good.

* Leave out  UNKNOWN_FD as the possible rtpes for stdio descriptors

An assert(pio->type != UNKNOWN_FD) in fd_table_set() causes that
case to fail early anyway.
 2024-11-19 16:14:43 -05:00
Tess Gauthier
796d297a66
fix open call for ssh-keygen (#764) 
* fix open call for ssh-keygen

* fix test

* fix formatting
 2024-11-18 16:55:49 -05:00
Mike Gilbert
a915f06c78
Set argv[argc] to NULL when calling main (#755) 
* Set argv[argc] to NULL when calling main

ISO C states that argv[argc] shall be a null pointer.

The OpenSSH codebase does not appear to rely on this currently, but
better to be safe in case something changes.

* Check for malloc failure in sshd wmain
 2024-10-14 17:43:35 -04:00
Tess Gauthier
d7e886b9f6
Update version.rc (#754) 2024-10-09 16:38:44 -04:00
Tess Gauthier
e1661bfcb4
add sshd-session to msi (#753) 2024-10-09 14:23:52 -04:00
Tess Gauthier
64f148cc3b
fix for msrc cases (#752) 2024-10-08 16:25:04 -04:00
Tess Gauthier
b4d7f739df
Fix banner (#751) 
* update banner

* update banner
 2024-09-26 17:51:06 -04:00
Tess Gauthier
414d8531ce
Update paths.targets (#749) 2024-09-25 13:05:04 -04:00
Tess Gauthier
14ecb9d70e
update openssh banner (#748) 2024-09-18 15:46:24 -04:00
Tess Gauthier
7033d00153
Merge pull request #737 from tgauth/merge-9.8 
Merge upstream 9.8
 2024-09-18 14:27:52 -04:00
Tess Gauthier
d8b0147df2
Merge pull request #746 from tgauth/update-dependencies 
Update dependency versions
 2024-09-17 13:12:13 -04:00
Tess Gauthier
f168dca436 remove DSA from pester tests 2024-09-16 11:37:57 -04:00
Tess Gauthier
0e69c3dd2b fix spacing 2024-09-16 11:24:27 -04:00
Tess Gauthier
10d03163e9 confirm failing tests are due to DSA deprecation 2024-09-16 11:18:06 -04:00
Tess Gauthier
718738b783 merge latestw_all 2024-09-13 16:34:42 -04:00
Tess Gauthier
4d7e9c189c address review feedback 2024-09-13 16:33:01 -04:00
Tess Gauthier
f0d05b5fec cleanup config declarations 2024-09-13 16:32:45 -04:00
Tess Gauthier
251eb8d522 using openbsd compat for arc4random 2024-09-13 15:54:07 -04:00
Tess Gauthier
dcdd707699 fix function definitions 2024-09-13 15:49:07 -04:00
Tess Gauthier
b240ddf209
bump libressl and libfido2 versions 2024-09-13 14:50:53 -04:00
Tess Gauthier
0eab6d5d68
Merge pull request #713 from tgauth/sync-with-upstream-2 
Sync with upstream 9.7
 2024-09-09 14:12:13 -04:00
Tess Gauthier
56d415a029
fix group check for user (#744) 2024-08-27 16:49:50 -04:00
Tess Gauthier
cc2dc243e0
Update ZLib version 2024-08-27 11:22:27 -04:00
Yusi (James) Zhang
59a553e67e
Missing */. (#742) 2024-08-22 13:24:24 -04:00
Tess Gauthier
03ae1035d1
change comment to ifdef 2024-08-20 13:29:41 -04:00
Tess Gauthier
9215a127ba fix bash test failures 2024-08-16 13:12:39 -04:00
Tess Gauthier
8e7aee937a fix inetd 2024-08-15 11:54:04 -04:00
Tess Gauthier
9ad0bff74b
remove credscan from PR CI job (#741) 2024-08-12 12:25:23 -04:00
Tess Gauthier
18f1991754 fix test-exec to find sshd-session on Windows 2024-08-09 15:12:21 -04:00
Tess Gauthier
78fa6b269a fix debug mode 2024-08-08 11:05:21 -04:00
Tess Gauthier
03aa1ed7f2 fix typo 2024-08-06 16:45:50 -04:00
Tess Gauthier
8584d34d60 separate wmain_sshd-session from wmain_sshd 2024-08-06 15:48:02 -04:00
Tess Gauthier
209dad58c7
add sshd-session to ci artifacts 2024-08-06 14:22:58 -04:00
Tess Gauthier
9787cad03a fix compilation error 2024-08-06 11:43:29 -04:00
Tess Gauthier
cfd259fcf1 fix merge conflict properly 2024-08-05 16:29:51 -04:00
Tess Gauthier
442c43da10 disable upstream workflows 2024-08-02 17:44:45 -04:00
Tess Gauthier
9a0bf7d05d
Merge branch 'latestw_all' into merge-9.8 2024-08-02 17:41:45 -04:00
Tess Gauthier
6384372160 merge the rest of the 9.8 changes from upstream 2024-08-02 17:22:58 -04:00
Tess Gauthier
d5d6a52338 fix win32 sshd and sshd-session 2024-08-02 14:21:01 -04:00
djm@openbsd.org
9c25d37697 upstream: missing files from previous 
OpenBSD-Commit-ID: 4b7be4434d8799f02365552b641a7a70a7ebeb2f
 2024-08-02 14:21:00 -04:00
Tess Gauthier
7906ad4cda continue merge - not compiling 2024-08-02 14:20:51 -04:00
Tess Gauthier
57149fe90d
revert Win32 change (#732) 2024-08-01 14:09:20 -04:00
Tess Gauthier
43c6e39474
remove getrnd() to sync with upstream (#735) 2024-08-01 14:04:37 -04:00
Tess Gauthier
429419ba38 start merge - not compiling 2024-07-24 10:25:43 -04:00
LexaPrime
e829ad267c
Fix _rs_init split in half during merge (#734) 2024-07-22 16:27:38 -04:00
djm@openbsd.org
c21fc9d953
upstream: correct keyword; from Yatao Su via GHPR509 
OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2
 2024-07-11 08:30:18 +10:00
Darren Tucker
b35a64dd7d
Cast to sockaddr * in systemd interface. 
Fixes build with musl libx.  bz#3707.
 2024-07-07 18:47:54 +10:00
Darren Tucker
34f7a962f9
Add 9.8 branch to ci-status page. 2024-07-04 20:12:26 +10:00
Samuel Thibault
20950a7c04
Fix detection of setres*id on GNU/Hurd 
Like Linux, proper _SOURCE macros need to be set to get declarations of
various standard functions, notably setres*id. Now that Debian is using
-Werror=implicit-function-declaration this is really required. While at
it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses
the same glibc.
 2024-07-03 19:25:07 +10:00
Damien Miller
6849957945
autogenerated files for release 2024-07-01 14:36:28 +10:00
Damien Miller
fa41f6592f
version numbers 2024-07-01 14:33:26 +10:00
djm@openbsd.org
bfebb8a513
upstream: openssh-9.8 
OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
 2024-07-01 14:32:51 +10:00
djm@openbsd.org
146c420d29
upstream: when sending ObscureKeystrokeTiming chaff packets, we 
can't rely on channel_did_enqueue to tell that there is data to send. This
flag indicates that the channels code enqueued a packet on _this_ ppoll()
iteration, not that data was enqueued in _any_ ppoll() iteration in the
timeslice. ok markus@

OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
 2024-07-01 14:32:45 +10:00
djm@openbsd.org
637e4dfea4
upstream: use "lcd" to change directory before "lls" rather then "cd", 
since the directory we're trying to list is local. Spotted by Corinna
Vinschen

OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
 2024-07-01 14:32:39 +10:00
djm@openbsd.org
c8cfe258ce
upstream: delete obsolete comment 
OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
 2024-06-28 09:07:27 +10:00
djm@openbsd.org
94b9d37100
upstream: retire unused API 
OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
 2024-06-28 08:37:11 +10:00
jmc@openbsd.org
268c3a7f57
upstream: ssl(8) no longer contains a HISTORY section; 
OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
 2024-06-28 08:36:16 +10:00
djm@openbsd.org
12b6cc09ce
upstream: move child process waitpid() loop out of SIGCHLD handler; 
ok deraadt

OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
 2024-06-28 08:36:15 +10:00
deraadt@openbsd.org
d6bcd13297
upstream: Instead of using possibly complex ssh_signal(), write all 
the parts of the grace_alarm_handler() using the exact things allowed by the
signal-safe rules.  This is a good rule of thumb: Handlers should be written
to either set a global volatile sig_atomic_t inspected from outside, and/or
directly perform only safe operations listed in our sigaction(2) manual page.
ok djm markus

OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
 2024-06-28 08:34:49 +10:00
deraadt@openbsd.org
b8793e2b08
upstream: save_errno wrappers inside two small signal handlers that 
perform system calls, for systems with libc that do perform libc sigtramps.
ok djm markus

OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
 2024-06-28 08:34:49 +10:00
jmc@openbsd.org
f23e9332c4
upstream: - uppercase start of sentence - correct sentence grammar 
ok djm

OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
 2024-06-28 08:34:48 +10:00
djm@openbsd.org
1839e3eb71
upstream: mention SshdSessionPath option 
OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
 2024-06-28 08:34:48 +10:00
Darren Tucker
603193e32a
Rerun upstream tests on .sh file changes too. 2024-06-20 18:45:14 +10:00
dtucker@openbsd.org
dbbf9337c1
upstream: Work around dbclient cipher/mac query bug. 
Unlike earlier versions, recent Dropbear (at least v2024.85) requires
a host arg when querying supported ciphers and macs via "-c/-m
help".  Earlier versions accept but do not require it, so always
provide it.  If these queries fail, skip the test with a warning.

OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
 2024-06-20 18:34:50 +10:00
dtucker@openbsd.org
8de2c8cebc
upstream: Remove dropbear key types not supported 
by current OpenSSH. Allows subsequent test runs to work if OpenSSH is
rebuilt w/out OpenSSL.

OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
 2024-06-20 18:34:35 +10:00
djm@openbsd.org
e9b6471c59
upstream: stricter check for overfull tables in penalty record path 
OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
 2024-06-20 10:19:10 +10:00
djm@openbsd.org
d9336d344e
upstream: put back reaping of preauth child process when writes 
from the monitor fail. Not sure how this got lost in the avalanche of
patches.

OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5
 2024-06-20 10:19:10 +10:00
naddy@openbsd.org
579d9adb70
upstream: remove one more mention of DSA 
OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca
 2024-06-20 10:19:09 +10:00
Darren Tucker
7089b5f843
Move -f to the place needed to restart sshd. 2024-06-19 23:09:05 +10:00
Darren Tucker
d5f83cfd85
Need to supply "-f" to restart sshd. 2024-06-19 21:04:01 +10:00
dtucker@openbsd.org
fad34b4ca2
upstream: Provide defaults for ciphers and macs 
if querying for them fails since on some versions of Dropbear (at least
v2024.85) "-m help" doesn't seem to work.  Enable all supported pubkey
algorithms in the server.

OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
 2024-06-19 20:36:57 +10:00
dtucker@openbsd.org
5521060e35
upstream: Use ed25519 keys for kex tests 
since that's supported by OpenSSH even when built without OpenSSL.
Only test diffie-hellman kex if OpenSSH is compiled with support for it.

OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
 2024-06-19 20:36:57 +10:00
dtucker@openbsd.org
dbd3b833f6
upstream: Rework dropbear key setup 
to always generate ed25519 keys, other types only if OpenSSH has support
for the corresponding key type.

OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
 2024-06-19 20:36:56 +10:00
Darren Tucker
d6218504e1
Restart sshd after installing it for testing. 
When installing an sshd built without OpenSSL the mismatch between
the running sshd and newly installed sshd-session will cause the
remainder of the test to fail.
 2024-06-19 20:36:54 +10:00
Darren Tucker
786a4465b6
Remove macos-11 runner. 
Github is retiring them soon.
 2024-06-19 20:36:53 +10:00
Damien Miller
df1c72a55e
PAMServiceName may appear in a Match block 2024-06-19 09:35:23 +10:00
dtucker@openbsd.org
de1c2e70e5
upstream: Re-enable ssh-dss tests 
... if ssh is compiled with DSA support

OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d
 2024-06-18 19:57:41 +10:00
anton@openbsd.org
dabc2c7cf3
upstream: Stop using DSA in dropbear interop tests. 
OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf
 2024-06-18 19:57:36 +10:00
Damien Miller
7614380127
missed a bit of DSA in the fuzzer 2024-06-18 12:29:45 +10:00
Damien Miller
3f9cc47da5
DSA support is disabled, so remove from fuzzers 2024-06-18 09:35:53 +10:00
Tess Gauthier
547baf4e29
Merge branch 'latestw_all' into sync-with-upstream-2 2024-06-17 15:00:49 -04:00
djm@openbsd.org
00eb95957d
upstream: disable the DSA signature algorithm by default; ok 
markus@

(yes, I know this expands to "the Digitial Signature Algorithm
signature algorithm)

OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
 2024-06-17 18:48:29 +10:00
djm@openbsd.org
5603befe11
upstream: promote connection-closed messages from verbose to info 
log level; they could be the only record of the connection terminating if the
client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@

OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c
 2024-06-17 18:31:39 +10:00
Damien Miller
b00331402f
propagate PAM crashes to PerSourcePenalties 
If the PAM subprocess crashes, exit with a crash status that will be
picked up by the sshd(8) listener process where it can be used by
PerSourcePenalties to block the client. This is similar handling to
the privsep preauth process.
 2024-06-17 17:02:18 +10:00
Damien Miller
1c207f456a
minix doesn't have loopback, so skip penalty tests 
pointed out by dtucker@
 2024-06-17 15:06:58 +10:00
djm@openbsd.org
48443d202e
upstream: same treatment for this test 
OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7
 2024-06-16 21:55:26 +10:00
djm@openbsd.org
45562a95ea
upstream: penalty test is still a bit racy 
OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824
 2024-06-16 18:18:43 +10:00
djm@openbsd.org
8d0f7eb147
upstream: crank up penalty timeouts so this should work on even the 
slowest of test builders

OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468
 2024-06-15 14:03:03 +10:00
jmc@openbsd.org
93c75471a1
upstream: sort -q in the options list; 
OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c
 2024-06-15 14:02:54 +10:00
djm@openbsd.org
dd7807bbe8
upstream: clarify KEXAlgorithms supported vs available. Inspired by 
bz3701 from Colin Watson.

OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7
 2024-06-14 15:02:51 +10:00
djm@openbsd.org
d172ad56df
upstream: ssh-keyscan -q man bits 
OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1
 2024-06-14 15:01:55 +10:00
Damien Miller
092e4ff9cc
skip penalty-expire test in valgrind test env 2024-06-14 14:46:55 +10:00
djm@openbsd.org
2866ad08a9
upstream: split the PerSourcePenalties test in two: one tests penalty 
enforcement but not penalty expiry, the other tests penalty expiry.

This lets us disable the expiry testing in certain CI test environments.

OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791
 2024-06-14 14:46:21 +10:00
Damien Miller
b2c64bc170
add a sshd_config PamServiceName option 
Allows selecting which PAM service name to use when UsePAM is
enabled. Defaults to "sshd" unless overridden at compile time
by defining SSHD_PAM_SERVICE.

bz2102, ok dtucker@
 2024-06-14 14:20:54 +10:00
djm@openbsd.org
9f032a4dd1
upstream: don't redirect stderr for ssh-keyscan we expect to succeed 
OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c
 2024-06-14 10:27:39 +10:00
djm@openbsd.org
1e84d0cf40
upstream: make host/banner comments go to stderr instead of stdout, 
so they are useful as comments without extra shell redirection and so they
don't clutter actual errors on stderr.

Add a -q flag to shut them up.

ok dtucker@

OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264
 2024-06-14 10:27:34 +10:00
naddy@openbsd.org
3e806d0118
upstream: separate keywords with comma 
OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5
 2024-06-14 10:27:33 +10:00
djm@openbsd.org
abfd1f7a3c
upstream: specify an algorithm for ssh-keyscan, otherwise it will make 
multiple attempts simultaneously and confuse the test

OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9
 2024-06-14 10:25:51 +10:00
Damien Miller
a8fbe2f7d0
sshd: don't use argv[0] as PAM service name 
sshd would implicitly use argv[0] as the PAM service name to
allow people to select different PAM service names by making
differently-named copies/links to the sshd binary.

Splitting sshd into sshd/sshd-session broke this, as the process
that starts PAM is always sshd-session and the user has no control
over this.

Hardcode "sshd" as the default PAM service name unless/until we
figure out a better way. Should unbreak OSX integration tests.
 2024-06-13 16:41:29 +10:00
Damien Miller
bf204bd05c
prepare for checking in autogenerated files 
We plan to check in automatically generated files (config.h.in, etc) on
release branches. These files are normally ignored by .gitignore, but
this shuffles the contents of this file to make it easy to un-ignore
them.
 2024-06-13 15:02:26 +10:00
Damien Miller
425f79a837
typo in comment 2024-06-13 14:41:33 +10:00
Damien Miller
afe10313c1
fix PTY allocation on Cygwin, broken by sshd split 
Cygwin doesn't support FD passing and so used to disable post-auth
privilege separation entirely because privsep requires PTY allocation
to happen in the privileged monitor process with the PTY file
descriptors being passed back to the unprivileged process.

This brings back a minimal version of the previous special treatment
for Cygwin (and any other platform that sets DISABLE_FD_PASSING):
privilege separation remains enabled, but PTY allocation happens in
the post-auth user process rather than the monitor.

This either requires PTY allocation to not need privilege to begin
with (this appears to be the case on Cygwin), or the post-auth
privsep process retain privilege (other platforms that set the
DISABLE_FD_PASSING option).

Keeping privileges here is bad, but the non-Cygwin systems that set
DISABLE_FD_PASSING are so deeply legacy that this is likely to be the
least of their problems.
 2024-06-13 14:35:25 +10:00
Damien Miller
f66d4df574
delay lookup of privsep user until config loaded 
sshd-session attempting to use options.kerberos_authentication to
decide whether it needed to lookup the privsep user before the
configuration was loaded. This caused it to get a placeholder value
that caused it always to try to lookup the privsep user, breaking at
least one test environment.
 2024-06-13 11:33:09 +10:00
Damien Miller
f1c42858b9
missing file for PerSourcePenalties regress test 2024-06-13 11:16:57 +10:00
djm@openbsd.org
4de80ff4e6
upstream: split PerSourcePenalties address tracking. Previously it 
used one shared table and overflow policy for IPv4 and IPv6 addresses, now it
will use separate tables and optionally different overflow policies.

This prevents misbehaviour from IPv6 addresses (which are vastly easier
to obtain many of) from affecting IPv4 connections and may allow for
stricter overflow policies.

ok deraadt@

OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9
 2024-06-13 08:36:41 +10:00
jmc@openbsd.org
06ab4c6931
upstream: do not mark up "(default: 20ms)"; 
OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4
 2024-06-13 08:36:40 +10:00
djm@openbsd.org
cfe243cd9f
upstream: reap preauth net child if it hangs up during privsep message 
send, not just message receive

OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0
 2024-06-11 12:55:20 +10:00
djm@openbsd.org
b0a711c00b
upstream: fix PIDFILE handling, broken for SUDO=doas in last commit 
here

OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625
 2024-06-11 12:02:37 +10:00
djm@openbsd.org
90fb801e2d
upstream: reap the pre-auth [net] child if it hangs up during privsep 
message sending, not just receiving

OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb
 2024-06-11 12:01:43 +10:00
djm@openbsd.org
ef878d5879
upstream: a little more RB_TREE paranoia 
OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156
 2024-06-11 11:26:53 +10:00
djm@openbsd.org
fc4e96b217
upstream: fix off-by-one comparison for PerSourcePenalty 
OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b
 2024-06-11 11:26:52 +10:00
djm@openbsd.org
82c836df4f
upstream: move tree init before possible early return 
OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df
 2024-06-11 11:26:52 +10:00
djm@openbsd.org
a2300f015c
upstream: update to mention that PerSourcePenalties default to 
being enabled and document the default values for each parameter.

OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034
 2024-06-11 11:26:51 +10:00
djm@openbsd.org
41987efd35
upstream: reap the [net] child if it hangs up while writing privsep 
message payloads, not just the message header

OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce
 2024-06-11 11:26:51 +10:00
djm@openbsd.org
6211aa085f
upstream: log waitpid() status for abnormal exits 
OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d
 2024-06-11 11:26:50 +10:00
djm@openbsd.org
a59634c7ad
upstream: correct error message 
OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed
 2024-06-11 11:26:50 +10:00
deraadt@openbsd.org
fa7d7a667f
upstream: avoid shadowing issues which some compilers won't accept 
ok djm

OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4
 2024-06-11 11:26:49 +10:00
jmc@openbsd.org
3ad4cd9eec
upstream: escape the final dot at eol in "e.g." to avoid double 
spacing;

OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9
 2024-06-11 11:26:49 +10:00
djm@openbsd.org
0e0c69761a
upstream: enable PerSourcePenalties by default. 
ok markus

NB. if you run a sshd that accepts connections from behind large NAT
blocks, proxies or anything else that aggregates many possible users
behind few IP addresses, then this change may cause legitimate traffic
to be denied.

Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
PerSourceNetBlockSize options in sshd_config(5) for how to tune your
sshd(8) for your specific circumstances.

OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce
 2024-06-07 06:26:15 +10:00
djm@openbsd.org
bd1f74741d
upstream: mention that PerSourcePenalties don't affect concurrent 
in-progress connections.

OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c
 2024-06-07 06:26:15 +10:00
djm@openbsd.org
9774b93857
upstream: regress test for PerSourcePenalties 
OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1
 2024-06-07 05:54:32 +10:00
djm@openbsd.org
b8ebd86cef
upstream: make sure logs are saved from sshd run via start_sshd 
OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a
 2024-06-07 05:54:15 +10:00
djm@openbsd.org
d7b2070bda
upstream: simplify 
OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c
 2024-06-07 05:54:14 +10:00
djm@openbsd.org
e6ea3d2245
upstream: prepare for PerSourcePenalties being enabled by default 
in future

OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7
 2024-06-07 05:52:59 +10:00
djm@openbsd.org
c0cb3b8c83
upstream: disable stderr redirection before closing fds 
OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a
 2024-06-07 05:52:50 +10:00
djm@openbsd.org
81c1099d22
upstream: Add a facility to sshd(8) to penalise particular 
problematic client behaviours, controlled by two new sshd_config(5) options:
PerSourcePenalties and PerSourcePenaltyExemptList.

When PerSourcePenalties are enabled, sshd(8) will monitor the exit
status of its child pre-auth session processes. Through the exit
status, it can observe situations where the session did not
authenticate as expected. These conditions include when the client
repeatedly attempted authentication unsucessfully (possibly indicating
an attack against one or more accounts, e.g. password guessing), or
when client behaviour caused sshd to crash (possibly indicating
attempts to exploit sshd).

When such a condition is observed, sshd will record a penalty of some
duration (e.g. 30 seconds) against the client's address. If this time
is above a minimum threshold specified by the PerSourcePenalties, then
connections from the client address will be refused (along with any
others in the same PerSourceNetBlockSize CIDR range).

Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.

We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.

PerSourcePenalties is off by default, but we expect to enable it
automatically in the near future.

much feedback markus@ and others, ok markus@

OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca
 2024-06-07 03:35:40 +10:00
Damien Miller
916b0b6174
whitespace 2024-06-07 03:31:02 +10:00
deraadt@openbsd.org
49b55e4418
upstream: enable -fret-clean on amd64, for libc libcrypto ld.so 
kernel, and all the ssh tools.  The dynamic objects are entirely ret-clean,
static binaries will contain a blend of cleaning and non-cleaning callers.

OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172
 2024-06-07 03:18:44 +10:00
Damien Miller
cc80d51d03
remove PRIVSEP macros for osx 2024-06-05 02:21:52 +10:00
djm@openbsd.org
8785491123
upstream: be really strict with fds reserved for communication with the 
separate sshd-session process - reserve them early and fatal if we can't
dup2(2) them later. The pre-split fallback to re-reading the configuration
files is not possible, so sshd-session absolutely requires the fd the
configuration is passed over to be in order.

ok deraadt@

OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065
 2024-06-01 17:05:09 +10:00
Damien Miller
f1c8918cb9
depend 2024-05-31 19:12:26 +10:00
Damien Miller
94b4866cb1
rename need_privsep to need_chroot 
privsep is mandatory, chroot is optional (disabled when running
sshd as non-root)
 2024-05-31 19:11:14 +10:00
Damien Miller
e68a95142e
remove remaining use_privsep mention 2024-05-31 19:05:34 +10:00
djm@openbsd.org
b21d271f65
upstream: warn when -r (deprecated option to disable re-exec) is 
passed

OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551
 2024-05-31 19:04:12 +10:00
djm@openbsd.org
a4b5bc246c
upstream: typos 
OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf
 2024-05-31 19:04:11 +10:00
djm@openbsd.org
8054b90698
upstream: don't need sys/queue.h here 
OpenBSD-Commit-ID: dd137396828171eb19e4911581812ca58de6c578
 2024-05-27 11:55:15 +10:00
naddy@openbsd.org
210d423973
upstream: remove references to SSH1 and DSA server keys 
OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2
 2024-05-27 11:55:03 +10:00
jsg@openbsd.org
f0b9261d7f
upstream: remove unused struct fwd_perm_list, no decl with complete 
type ok djm@

OpenBSD-Commit-ID: 416fb3970b7e73c76d2963c4f00cf96f2b2ee2fb
 2024-05-27 11:55:02 +10:00
naddy@openbsd.org
2477a98c3e
upstream: Do not pass -Werror twice when building with clang. 
OpenBSD-Commit-ID: 5f378c38ad8976d507786dc4db9283a879ec8cd0
 2024-05-27 11:55:01 +10:00
miod@openbsd.org
435844f567
upstream: Do not pass -Werror if building with gcc 3, for asn1.h 
and bio.h cause (admittedly bogus) warnings with gcc 3.

OpenBSD-Commit-ID: fb39324748824cb0387e9d67c41d1bef945c54ea
 2024-05-27 11:54:43 +10:00
djm@openbsd.org
fc5dc09283
upstream: this test has been broken since 2014, and has been 
testing the same key exchange algorithm repeatedly instead of testing all of
them. Spotted by nreilly AT blackberry.com in bz3692

Who broke the test? me.

OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2
 2024-05-22 14:21:50 +10:00
anton@openbsd.org
fd4816791b
upstream: Add missing kex-names.c source file required since the 
ssh split.

OpenBSD-Regress-ID: ca666223f828fc4b069cb9016bff1eb50faf9fbb
 2024-05-22 14:21:50 +10:00
naddy@openbsd.org
beccb7319c
upstream: remove duplicate copy of relink kit for sshd-session 
OpenBSD-Commit-ID: 6d2ded4cd91d4d727c2b26e099b91ea935bed504
 2024-05-22 14:21:38 +10:00
jsg@openbsd.org
dcd79fa141
upstream: remove prototypes with no matching function; ok djm@ 
OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693
 2024-05-22 14:21:13 +10:00
jsg@openbsd.org
6454a05e7c
upstream: remove externs for removed vars; ok djm@ 
OpenBSD-Commit-ID: f51ea791d45c15d4927eb4ae7d877ccc1e5a2aab
 2024-05-22 14:20:46 +10:00
deraadt@openbsd.org
f3e4db4601
upstream: -Werror was turned on (probably just for development), 
and this is a simple way to satisfy older gcc.

OpenBSD-Commit-ID: 7f698df54384b437ce33ab7405f0b86c87019e86
 2024-05-22 14:20:46 +10:00
Damien Miller
24a1f3e5ad
attempt at updating RPM specs for sshd-session 2024-05-17 14:50:43 +10:00
djm@openbsd.org
17b566eeb7
upstream: g/c unused variable 
OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010
 2024-05-17 14:42:49 +10:00
jsg@openbsd.org
01fb82eb2a
upstream: spelling; ok djm@ 
OpenBSD-Commit-ID: bdea29bb3ed2a5a7782999c4c663b219d2270483
 2024-05-17 14:42:49 +10:00
djm@openbsd.org
b88b690e99
upstream: allow overriding the sshd-session binary path 
OpenBSD-Regress-ID: 5058cd1c4b6ca1a15474e33546142931d9f964da
 2024-05-17 14:41:39 +10:00
anton@openbsd.org
a68f80f251
upstream: Since ssh-agent(1) is only readable by root by now, use 
ssh(1) while generating data in tests.

OpenBSD-Regress-ID: 24eb40de2e6b0ace185caaba35e2d470331ffe68
 2024-05-17 14:41:39 +10:00
djm@openbsd.org
92e5589031
upstream: fix incorrect debug option name introduce in previous 
commit

OpenBSD-Commit-ID: 66d69e22b1c072c694a7267c847f212284614ed3
 2024-05-17 14:41:38 +10:00
deraadt@openbsd.org
4ad72878af
upstream: construct and install a relink-kit for sshd-session ok 
djm

OpenBSD-Commit-ID: 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6
 2024-05-17 14:41:37 +10:00
Damien Miller
02e679a2cb
Makefile support for sshd-session 2024-05-17 14:41:37 +10:00
djm@openbsd.org
03e3de416e
upstream: Start the process of splitting sshd into separate 
binaries. This step splits sshd into a listener and a session binary. More
splits are planned.

After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.

This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.

feedback/ok markus@ deraadt@

NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.

OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
 2024-05-17 14:41:35 +10:00
djm@openbsd.org
c0416035c5
upstream: missing files from previous 
OpenBSD-Commit-ID: 4b7be4434d8799f02365552b641a7a70a7ebeb2f
 2024-05-17 14:41:35 +10:00
djm@openbsd.org
1c0d813579
upstream: simplify exit message handling, which was more complicated 
than it needed to be because of unexpunged ssh1 remnants. ok markus@

OpenBSD-Commit-ID: 8b0cd2c0dee75fb053718f442aa89510b684610b
 2024-05-10 18:41:01 +10:00
tobias@openbsd.org
cbbbf76aa6
upstream: remove SSH1 leftovers 
Authored with Space Meyer <git at the-space dot agency>

ok djm

OpenBSD-Commit-ID: 81db602e4cb407baae472689db1c222ed7b2afa3
 2024-05-08 14:57:48 +10:00
tobias@openbsd.org
bc5dcb8ab9
upstream: never close stdin 
The sanitise_stdfd call makes sure that standard file descriptors are
open (if they were closed, they are connected with /dev/null).

Do not close stdin in any case to prevent error messages when stdin is
read multiple times and to prevent later usage of fd 0 for connections,
e.g.

echo localhost | ssh-keyscan -f - -f -

While at it, make stdin-related error messages nicer.

Authored with Max Kunzelmann <maxdev at posteo dot de>

ok djm

OpenBSD-Commit-ID: 48e9b7938e2fa2f9bd47e6de6df66a31e0b375d3
 2024-05-08 14:57:47 +10:00
Damien Miller
6a42b70e56
sync getrrsetbyname.c with recent upstream changes 2024-05-08 09:43:59 +10:00
Andrew
661803c9ec
Allow SID strings in sshd_config (#724) 
* SIDs in sshd_config

* add #include <Sddl.h> to servconf.c

---------

Co-authored-by: Tess Gauthier <tessgauthier@microsoft.com>
 2024-05-07 16:15:28 -04:00
Tess Gauthier
afe9007141
remove HAVE_FREEZERO from preprocessor definitions (#730) 2024-05-07 11:52:20 -04:00
djm@openbsd.org
385ecb31e1
upstream: fix home-directory extension implementation, it always 
returned the current user's home directory contrary to the spec.

Patch from Jakub Jelen via GHPR477

OpenBSD-Commit-ID: 5afd775eab7f9cbe222d7fbae4c793de6c3b3d28
 2024-04-30 16:24:22 +10:00
djm@openbsd.org
14e2b16bc6
upstream: flush stdout after writing "sftp>" prompt when not using 
editline.

From Alpine Linux via GHPR480

OpenBSD-Commit-ID: 80bdc7ffe0358dc090eb9b93e6dedb2b087b24cd
 2024-04-30 16:17:20 +10:00
djm@openbsd.org
2e69a72405
upstream: stricter validation of messaging socket fd number; disallow 
usage of stderr. Based on GHPR492 by RealHurrison

OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8
 2024-04-30 15:53:26 +10:00
djm@openbsd.org
da757b022b
upstream: add missing reserved fields to key constraint protocol 
documentation.

from Wiktor Kwapisiewicz via GHPR487

OpenBSD-Commit-ID: 0dfb69998cfdb3fa00cbb0e7809e7d2f6126e3df
 2024-04-30 15:46:39 +10:00
Damien Miller
16d0b82fa0
depend 2024-04-30 12:39:34 +10:00
djm@openbsd.org
66aaa678db
upstream: correctly restore sigprocmask around ppoll() reported 
by Tõivo Leedjärv; ok deraadt@

OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686
 2024-04-30 12:23:10 +10:00
djm@openbsd.org
80fb0eb215
upstream: add explict check for server hostkey type against 
HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from
certificate keys to plain keys. ok markus@

OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a
 2024-04-30 12:22:35 +10:00
jsg@openbsd.org
5b28096d31
upstream: correct indentation; no functional change ok tb@ 
OpenBSD-Commit-ID: dd9702fd43de546bc6a3f4f025c74d6f3692a0d4
 2024-04-30 12:22:10 +10:00
semarie@openbsd.org
fd3cb8a827
upstream: set right mode on ssh-agent at boot-time 
which sthen@
ok deraadt@

OpenBSD-Commit-ID: 662b5056a2c6171563e1626f9c69f27862b5e7af
 2024-04-30 12:17:35 +10:00
deraadt@openbsd.org
54343a260e
upstream: Oops, incorrect hex conversion spotted by claudio. 
While here try to improve how it reads a bit better.  Surprising the
regression tests didn't spot this error, maybe it fails to roundtrip the
values.

OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e
 2024-04-30 12:16:54 +10:00
deraadt@openbsd.org
ec78c31409
upstream: for parse_ipqos(), use strtonum() instead of mostly 
idiomatic strtoul(), but wow it's so gross. ok djm

OpenBSD-Commit-ID: cec14a76af2eb7b225300c80fc0e21052be67b05
 2024-04-30 12:16:53 +10:00
deraadt@openbsd.org
8176e1a6c2
upstream: can shortcut by returning strtonum() value directly; ok 
djm

OpenBSD-Commit-ID: 7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e
 2024-04-30 12:16:52 +10:00
deraadt@openbsd.org
9f543d7022
upstream: rewrite convtime() to use a isdigit-scanner and 
strtonum() instead of strange strtoul can might be fooled by garage
characters. passes regress/usr.bin/ssh/unittests/misc ok djm

OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc
 2024-04-30 12:16:52 +10:00
claudio@openbsd.org
8673137f78
upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. 
OK deraadt@

OpenBSD-Commit-ID: 3d14433e39fd558f662d3b0431c4c555ef920481
 2024-04-30 12:16:51 +10:00
deraadt@openbsd.org
c7fec708f3
upstream: Replace non-idiomatic strtoul(, 16) to parse a region 
of 2-character hex sequences with a low-level replacement designed just for
the task. ok djm

OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85
 2024-04-30 12:16:51 +10:00
deraadt@openbsd.org
019a5f483b
upstream: Use strtonum() instead of severely non-idomatic 
strtoul() In particular this will now reject trailing garbage, ie.
'12garbage'. ok djm

OpenBSD-Commit-ID: c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501
 2024-04-30 12:16:50 +10:00
deraadt@openbsd.org
8231ca046f
upstream: also create a relink kit for ssh-agent, since it is a 
long-running setgid program carrying keys with some (not very powerful)
communication channels. solution for testing the binary from dtucker.
agreement from djm. Will add it into /etc/rc in a few days.

OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0
 2024-04-30 12:16:50 +10:00
deraadt@openbsd.org
bf7bf50bd6
upstream: new-style relink kit for sshd. The old scheme created 
a Makefile by concatenating two Makefiles and was incredibly fragile.  In the
new way a narrow-purposed install.sh script is created and shipped with the
objects. A recently commited /etc/rc script understands these files.

OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3
 2024-04-30 12:16:19 +10:00
Steve Lee
b89ee6aa37
fix how build script finds repo root (#729) 
Co-authored-by: Steve Lee (POWERSHELL HE/HIM) (from Dev Box) <slee@ntdev.microsoft.com>
 2024-04-29 11:43:53 -04:00
renmingshuai
00e6368892
Shell syntax fix (leftover from a sync). 
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
 2024-04-25 13:33:39 +10:00
Darren Tucker
2eded551ba
Merge flags for OpenSSL 3.x versions. 
OpenSSL has moved to 3.4 which we don't currently accept.  Based on
the OpenSSL versioning policy[0] it looks like all of the 3.x versions
should work with OpenSSH, so remove the distinction in configure and
accept all of them.

[0] https://openssl.org/policies/general/versioning-policy.html
 2024-04-25 13:20:19 +10:00
Darren Tucker
8673245918
Remove 9.6 branch from status page. 2024-04-25 13:19:03 +10:00
Darren Tucker
70d4304974
Update LibreSSL and OpenSSL versions tested. 
Update LibreSSL versions to current releases (3.8.4 & 3.9.1).
Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and
3.3 branches.
 2024-04-25 13:16:58 +10:00
Tess Gauthier
3af5ef810d
remove manifest files from msi (#726) 2024-04-22 14:27:03 -04:00
90
88351eca17
Fix missing header for systemd notification 2024-04-06 08:16:25 +11:00
Damien Miller
08f579231c
notify systemd on listen and reload 
Standalone implementation that does not depend on libsystemd.
With assistance from Luca Boccassi, and feedback/testing from Colin
Watson. bz2641
 2024-04-03 14:40:32 +11:00
Darren Tucker
43e7c1c07c
Port changes from selfhosted to upstream tests. 
Should get them working again.
 2024-03-31 22:26:45 +11:00
Darren Tucker
281ea25a44
Check if OpenSSL implementation supports DSA. 
If --enable/disable-dsa-keys is not specified, set based on what OpenSSL
supports.  If specified as enabled, but not supported by OpenSSL error
out.  ok djm@
 2024-03-30 18:22:09 +11:00
djm@openbsd.org
2d2c068de8
upstream: in OpenSSH private key format, correct type for subsequent 
private keys in blob. From Jakub Jelen via GHPR430

OpenBSD-Commit-ID: d17dbf47554de2d752061592f95b5d772baab50b
 2024-03-30 16:57:32 +11:00
Eero Häkkinen
c2c0bdd3e9
Expose SSH_AUTH_INFO_0 always to PAM auth modules. 
This changes SSH_AUTH_INFO_0 to be exposed to PAM auth modules also
when a password authentication method is in use and not only
when a keyboard-interactive authentication method is in use.
 2024-03-30 16:48:04 +11:00
Darren Tucker
02c5ad2312
Rearrange selfhosted VM scheduling. 
Instead of trying to infer the type of the self hosted tests in each of
the driver scripts (inconsistently...), set one of the following
variables to "true" in the workflow:

VM: tests run in a virtual machine.
EPHEMERAL: tests run on an ephemeral virtual machine.
PERSISTENT: tests run on a persistent virtual machine
REMOTE: tests run on a physical remote host.

EPHEMERAL VMs can have multiple instances of any given VM can exist
simultaneously and are run by a runner pool.  The other types have a
dedicated runner instance and can only run a single test at a time.

Other settings:
SSHFS: We need to sshfs mount over the repo so the workflow can collect
	build artifacts.  This also implies the tests must be run over ssh.
DEBUG_ACTIONS: enable "set -x" in scripts for debugging.
 2024-03-30 16:40:07 +11:00
Damien Miller
cd8a72707c
add new token-based signing key for dtucker@ 
Verified in person and via signature with old key.
Will remove old key in a bit.
 2024-03-30 16:05:59 +11:00
Alkaid
8d0e46c1dd
Fix OpenSSL ED25519 support detection 
Wrong function signature in configure.ac prevents openssh from enabling
the recently new support for ED25519 priv keys in PEM PKCS8 format.
 2024-03-30 15:36:18 +11:00
djm@openbsd.org
697359be9c
upstream: allow WAYLAND_DISPLAY to enable SSH_ASKPASS 
From dkg via GHPR479; ok dtucker@

OpenBSD-Commit-ID: 1ac1f9c45da44eabbae89375393c662349239257
 2024-03-30 15:35:03 +11:00
dtucker@openbsd.org
7844705b03
upstream: Use egrep instead of grep -E. 
Some plaforms don't have the latter so this makes things easier
in -portable.

OpenBSD-Regress-ID: ff82260eb0db1f11130200b25d820cf73753bbe3
 2024-03-29 22:01:20 +11:00
dtucker@openbsd.org
22b2b6c555
upstream: test -h is the POSIXly way of testing for a symlink. Reduces 
diff vs Portable.

OpenBSD-Regress-ID: 6f31cd6e231e3b8c5c2ca0307573ccb7484bff7d
 2024-03-29 21:43:24 +11:00
Darren Tucker
edcff77f82
Fix name of OpenBSD upstream CI jobs. 2024-03-26 18:58:58 +11:00
Darren Tucker
861b084429
Resync with upstream: ${} around DATAFILE. 2024-03-26 18:55:33 +11:00
djm@openbsd.org
63f248c769
upstream: optional debugging 
OpenBSD-Regress-ID: b4852bf97ac8fb2e3530f2d5f999edd66058d7bc
 2024-03-26 18:54:38 +11:00
dtucker@openbsd.org
16e2ebe06a
upstream: Verify string returned from local shell command. 
OpenBSD-Regress-ID: 5039bde24d33d809aebfa8d3ad7fe9053224e6f8
 2024-03-26 18:54:38 +11:00
dtucker@openbsd.org
b326f7a1f3
upstream: Improve shell portability: grep -q is not portable so 
redirect stdout, and use printf instead of relying on echo to do \n
substitution.  Reduces diff vs Portable.

Also resync somewhat with upstream.

OpenBSD-Regress-ID: 9ae876a8ec4c4725f1e9820a0667360ee2398337
 2024-03-26 18:54:14 +11:00
dtucker@openbsd.org
dbf2e319f0
upstream: Save error code from SSH for use inside case statement, 
from portable. In some shells, "case" will reset the value of $?, so save it
first.

OpenBSD-Regress-ID: da32e5be19299cb4f0f7de7f29c11257a62d6949
 2024-03-26 18:47:22 +11:00
dtucker@openbsd.org
d2c8c4fa7d
upstream: Increase timeout. Resyncs with portable where some of 
the test VMs are slow enough for this to matter.

OpenBSD-Regress-ID: 6a83a693602eb0312f06a4ad2cd6f40d99d24b26
 2024-03-26 18:46:58 +11:00
dtucker@openbsd.org
83621b6351
upstream: In PuTTY interop test, don't assume the PuTTY major 
version is 0. Patch from cjwatson at debian.org via bz#3671.

OpenBSD-Regress-ID: 835ed03c1b04ad46be82e674495521f11b840191
 2024-03-26 18:46:29 +11:00
Darren Tucker
8a421b9277
Really mkdir /usr/local/etc in CI tests. 2024-03-26 18:38:14 +11:00
Darren Tucker
2946ed522c
Better short name for OpenBSD upstream CI jobs too. 2024-03-26 17:19:09 +11:00
Darren Tucker
18dbe8eff6
Ensure /usr/local/etc exists before using in tests. 2024-03-26 17:13:52 +11:00
Darren Tucker
5fc1085128
Be more specific about when to rerun workflows. 2024-03-26 16:50:46 +11:00
Darren Tucker
5516923e8a
Add short names for test jobs on github CI. 2024-03-26 16:39:50 +11:00
Darren Tucker
dc37d2d247
If we're using xpg4's id, remember to pass args. 2024-03-26 16:26:14 +11:00
dtucker@openbsd.org
fe16948793
upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: ad3d1486d105b008c93e952d158e5af4d9d4c531
 2024-03-26 13:03:00 +11:00
job@openbsd.org
151146f03b
upstream: Clarify how literal IPv6 addresses can be used in -J mode 
OK djm@

OpenBSD-Commit-ID: 524ddae97746b3563ad4a887dfd0a6e6ba114c50
 2024-03-26 13:02:27 +11:00
Darren Tucker
0d5bdc87a6
Add Mac OS X 14 test targets. 2024-03-25 16:14:21 +11:00
Darren Tucker
2d7964a03e
Move xpg4 'id' handling into test-exec.sh. 
Handle replacement of 'id' the same way as we do other Portable specific
replacements in test-exec.sh.  This brings percent.sh back into sync
with upstream.
 2024-03-25 14:05:40 +11:00
Darren Tucker
75d1d49ed1
Update branches shown on ci-status to 9.7 and 9.6. 2024-03-25 10:38:03 +11:00
Darren Tucker
f9193f03db
Improve detection of -fzero-call-used-regs=used. 
Should better detect problems with gcc 13 on m68k.  bz#3673 from Colin
Watson via bz#3673 and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110934

Signed-off-by: Darren Tucker <dtucker@dtucker.net>
 2024-03-25 10:12:58 +11:00
Tess Gauthier
607df771b2
Delete contrib/win32/openssh/DockerFile (#722) 2024-03-18 13:58:04 -04:00
Tess Gauthier
0d44bc9b49 fix merge conflict 2024-03-11 11:46:39 -04:00
Damien Miller
86bdd3853f
version number in README 2024-03-11 16:20:49 +11:00
Damien Miller
282721418e
crank RPM spec versions 2024-03-11 16:20:08 +11:00
djm@openbsd.org
3876a3bbd2
upstream: openssh-9.7 
OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc
 2024-03-11 16:19:44 +11:00
Darren Tucker
8fc109cc61
Test against current OpenSSL and LibreSSL releases. 
Add LibreSSL 3.9.0, bump older branches to their respective current
releases.
 2024-03-11 12:59:26 +11:00
Damien Miller
26b09b45fe
quote regexes used to test for algorithm support 
Fixes test failures on Solaris 8 reported by Tom G. Christensen
 2024-03-10 16:24:57 +11:00
djm@openbsd.org
a6a740a494
upstream: avoid logging in signal handler by converting mainloop to 
ppoll() bz3670, reported by Ben Hamilton; ok dtucker@

OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f
 2024-03-09 16:13:57 +11:00
djm@openbsd.org
cd82f7526e
upstream: skip more whitespace, fixes find-principals on 
allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz

OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298
 2024-03-09 09:17:22 +11:00
dtucker@openbsd.org
2f9d2af5cb
upstream: Invoke ProxyCommand that uses stderr redirection via 
$TEST_SHELL. Fixes test when run by a user whose login shell is tcsh.
Found by vinschen at redhat.com.

OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a
 2024-03-08 23:12:10 +11:00
Darren Tucker
9b3f0beb40
Prefer openssl binary from --with-ssl-dir directory. 
Use openssl in the directory specified by --with-ssl-dir as long
as it's functional.  Reported by The Doctor.
 2024-03-07 19:25:17 +11:00
djm@openbsd.org
c47e1c9c79
upstream: fix memory leak in mux proxy mode when requesting forwarding. 
found by RASU JSC, reported by Maks Mishin in GHPR#467

OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860
 2024-03-06 14:03:28 +11:00
djm@openbsd.org
242742827f
upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 
OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923
 2024-03-06 11:33:18 +11:00
Damien Miller
d52b650921
disable RSA tests when algorithm is not supported 
Unbreaks "make test" when compiled --without-openssl.

Similar treatment to how we do DSA and ECDSA.
 2024-03-06 11:31:36 +11:00
Damien Miller
668d270a6c
add a --without-retpoline configure option 
discussed with deraadt and dtucker a while ago
 2024-03-06 10:33:20 +11:00
Tess Gauthier
ed376e945e fix merge conflict 2024-03-04 12:13:33 -05:00
djm@openbsd.org
3deb501f86
upstream: fix leak of CanonicalizePermittedCNAMEs on error path; 
spotted by Coverity (CID 438039)

OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af
 2024-03-04 15:19:29 +11:00
djm@openbsd.org
65a44a8a4f
upstream: Separate parsing of string array options from applying them 
to the active configuration. This fixes the config parser from erroneously
rejecting cases like:

AuthenticationMethods password
Match User ivy
 AuthenticationMethods any

bz3657 ok markus@

OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491
 2024-03-04 14:46:46 +11:00
Darren Tucker
6886e1b1f5
Add nbsd10 test target. 2024-02-22 17:59:35 +11:00
Damien Miller
d86bf8a3f6
more descriptive configure test name 2024-02-22 12:06:10 +11:00
djm@openbsd.org
9ee335aacc
upstream: explain arguments of internal-sftp GHPR#454 from Niklas 
Hambüchen
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3
 2024-02-21 17:18:02 +11:00
djm@openbsd.org
d1164cb100
upstream: clarify permissions requirements for ChrootDirectory Part 
of GHPR#454 from Niklas Hambüchen
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: d37bc8786317a11649c62ff5e2936441186ef7a0
 2024-02-21 17:18:01 +11:00
djm@openbsd.org
d410e17d18
upstream: .Cm for a keyword. Part of GHPR#454 from Niklas Hambüchen 
OpenBSD-Commit-ID: d59c52559f926fa82859035d79749fbb4a3ce18a
 2024-02-21 17:18:01 +11:00
djm@openbsd.org
ab73f9678e
upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462 
from Tobias Manske

OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908
 2024-02-21 17:01:37 +11:00
djm@openbsd.org
9844aa2521
upstream: fix proxy multiplexing mode, broken when keystroke timing 
obfuscation was added. GHPR#463 from montag451

OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677
 2024-02-21 16:58:02 +11:00
Tess Gauthier
c02b47e35d Merge remote-tracking branch 'upstream-openssh-portable/master' into sync-with-upstream-2 2024-02-20 11:50:49 -05:00
djm@openbsd.org
ee6d932acb
upstream: don't append a gratuitous space to the end of subsystem 
arguments; bz3667

OpenBSD-Commit-ID: e11023aeb3f30b77a674e37b8292c862926d5dc6
 2024-02-20 15:10:55 +11:00
dtucker@openbsd.org
e27f032aa8
upstream: Always define puttysetup function. 
OpenBSD-Regress-ID: b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0
 2024-02-19 20:35:31 +11:00
dtucker@openbsd.org
84046f9991
upstream: Exapnd PuTTY test coverage. 
Expand the set of ciphers, MACs and KEX methods in the PuTTY interop
tests.

OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57
 2024-02-19 18:49:00 +11:00
dtucker@openbsd.org
bbf541ee2a
upstream: Factor out PuTTY setup. 
Factor out PuTTY and call only when needed.

This allows us to avoid PuTTY key setup when it's not needed, which
speeds up the overall test run by a couple of percent.

OpenBSD-Regress-ID: c25eaccc3c91bc874400f7c85ce40e9032358c1c
 2024-02-19 18:48:26 +11:00
naddy@openbsd.org
d31c21c57f
upstream: clean sshd random relinking kit; ok miod@ 
OpenBSD-Commit-ID: 509bb19bb9762a4b3b589af98bac2e730541b6d4
 2024-02-19 18:41:19 +11:00
djm@openbsd.org
4dbc5a363f
upstream: whitespace 
OpenBSD-Commit-ID: b24680bc755b621ea801ff8edf6f0f02b68edae1
 2024-02-19 18:40:09 +11:00
Darren Tucker
efde85dda2
Improve error message for OpenSSL header check. 
bz#3668, ok djm@
 2024-02-19 17:29:31 +11:00
Tess Gauthier
915c6e367c Merge remote-tracking branch 'upstream-openssh-portable/master' into sync-with-upstream-2 2024-02-12 18:28:02 -05:00
Marc-André Moreau
5622b51825
fix freezero duplicate symbol (#718) 
Co-authored-by: Marc-André Moreau <mamoreau@devolutions.net>
 2024-02-12 18:26:32 -05:00
Marc-André Moreau
727d4dbac0
fix resource.h file encoding (#716) 
Co-authored-by: Marc-André Moreau <mamoreau@devolutions.net>
 2024-02-12 18:18:08 -05:00
Darren Tucker
cbbdf868bc
Interop test against PuTTY snapshot and releases. 2024-02-07 23:10:34 +11:00
Darren Tucker
91898bf786
Put privsep dir on OS X on /usr/local. 
On some runners we can't create /var/empty, so put it some place we can
write.  Should fix test breakage on Max OS X 11.
 2024-02-06 16:37:07 +11:00
Darren Tucker
be5ed8ebed
Add --disable-fd-passing option. 
.. and enable for the minix3 test VM.  This will cause it to more reliably
skip tests that need FD passing and should fix the current test breakage.
 2024-02-06 11:22:20 +11:00
Darren Tucker
0f6a8a0d0a
Use "skip" function instead doing it ourselves. 2024-02-06 11:18:44 +11:00
tgauth@bu.edu
e4dbee4f11 Merge remote-tracking branch 'upstream-openssh-portable/master' into sync-with-upstream-2 2024-02-05 12:12:38 -05:00
Damien Miller
3ad669f81a
ignore some vim droppings 2024-02-01 14:01:18 +11:00
djm@openbsd.org
c283f29d23
upstream: whitespace 
OpenBSD-Commit-ID: bf9e4a1049562ee4322684fbdce07142f04fdbb7
 2024-02-01 13:42:45 +11:00
tgauth@bu.edu
9015aa2eca add WITH_DSA flag to compilation options 2024-01-22 14:16:56 -05:00
tgauth@bu.edu
afd613528f skip bash tests that use multiplexing on Windows with explicit if 2024-01-22 13:07:57 -05:00
tgauth@bu.edu
0c166db115 Merge remote-tracking branch 'upstream-pwsh-openssh-portable/latestw_all' into sync-with-upstream-2 2024-01-22 13:07:05 -05:00
Tess Gauthier
6ad8fc3b05
Merge pull request #712 from tgauth/sync-with-upstream 
Sync with upstream 9.6
 2024-01-22 12:40:26 -05:00
tgauth@bu.edu
83b59226a4 Merge remote-tracking branch 'upstrem-bsd/master' into sync-with-upstream-2 2024-01-22 11:09:08 -05:00
Damien Miller
0d96b1506b
skip tests that use multiplexing on Windows 
Some tests here use multiplexing, skip these if DISABLE_FD_PASSING
is set. Should unbreak tests on Windows.
 2024-01-16 14:40:18 +11:00
djm@openbsd.org
50080fa42f
upstream: don't disable RSA test when DSA is disabled; bug introduced 
in last commit

OpenBSD-Regress-ID: 8780a7250bf742b33010e9336359a1c516f2d7b5
 2024-01-11 15:56:37 +11:00
djm@openbsd.org
415c94ce17
upstream: make DSA testing optional, defaulting to on 
ok markus

OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a
 2024-01-11 15:55:19 +11:00
djm@openbsd.org
f9311e8921
upstream: ensure key_fd is filled when DSA is disabled; spotted by 
tb@

OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7
 2024-01-11 15:46:22 +11:00
djm@openbsd.org
4e838120a7
upstream: make DSA key support compile-time optional, defaulting to 
on

ok markus@

OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d
 2024-01-11 15:46:22 +11:00
jmc@openbsd.org
afcc9028bf
upstream: fix incorrect capitalisation; 
OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984
 2024-01-11 14:20:29 +11:00
djm@openbsd.org
9707c8170c
upstream: extend ChannelTimeout regression test to exercise multiplexed 
connections and the new "global" timeout type. ok dtucker@

OpenBSD-Regress-ID: f10d19f697024e9941acad7c2057f73d6eacb8a2
 2024-01-10 09:25:04 +11:00
djm@openbsd.org
b31b12d28d
upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8) 
that watches all open channels and will close all open channels if there is
no traffic on any of them for the specified interval. This is in addition to
the existing per-channel timeouts added a few releases ago.

This supports use-cases like having a session + x11 forwarding channel
open where one may be idle for an extended period but the other is
actively used. The global timeout would allow closing both channels when
both have been idle for too long.

ok dtucker@

OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3
 2024-01-10 09:24:53 +11:00
djm@openbsd.org
602f4beeed
upstream: adapt ssh_api.c code for kex-strict 
from markus@ ok me

OpenBSD-Commit-ID: 4d9f256852af2a5b882b12cae9447f8f00f933ac
 2024-01-10 09:24:06 +11:00
tgauth@bu.edu
9142077e39 fix merge conflicts 2024-01-08 16:05:29 -05:00
tgauth@bu.edu
b39454951f fix failing bash test 2024-01-08 16:00:54 -05:00
Damien Miller
42ba34aba8
nite that recent OSX tun/tap is unsupported 2024-01-08 16:26:37 +11:00
Sevan Janiyan
690bc125f9
README.platform: update tuntap url 2024-01-08 16:24:43 +11:00
Rose
6b8be2ccd7
Fix compilation error in ssh-pcks11-client.c 
Compilation fails becaus of an undefined reference to helper_by_ec,
because we forgot the preprocessor conditional that excludes that function
from being called in unsupported configurations.
 2024-01-08 16:23:19 +11:00
djm@openbsd.org
219c813415
upstream: Remove outdated note from PROTOCOL.mux 
Port forward close by control master is already implemented
by `mux_master_process_close_fwd` in `mux.c`

GHPR442 from bigb4ng

OpenBSD-Commit-ID: ad0734fe5916d2dc7dd02b588906cea4df0482fb
 2024-01-08 16:12:17 +11:00
djm@openbsd.org
4c3cf36263
upstream: fix missing field in users-groups-by-id@openssh.com reply 
documentation

GHPR441 from TJ Saunders

OpenBSD-Commit-ID: ff5733ff6ef4cd24e0758ebeed557aa91184c674
 2024-01-08 16:06:29 +11:00
djm@openbsd.org
f64cede2a3
upstream: make kex-strict section more explicit about its intent: 
banning all messages not strictly required in KEX

OpenBSD-Commit-ID: fc33a2d7f3b7013a7fb7500bdbaa8254ebc88116
 2024-01-08 16:06:28 +11:00
Damien Miller
698fe6fd61
update fuzzer example makefile to clang16 2024-01-08 14:46:19 +11:00
Damien Miller
fc332cb2d6
unbreak fuzzers - missing pkcs11_make_cert() 
provide stub for use in fuzzer harness
 2024-01-08 14:45:49 +11:00
Damien Miller
9ea0a4524a
unbreak fuzzers for clang16 
getopt() needs a throw() attribute to compile, so supply one when compiling
things with C++
 2024-01-08 14:45:14 +11:00
djm@openbsd.org
a72833d007
upstream: remove ext-info-* in the kex.c code, not in callers; 
with/ok markus@

OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799
 2024-01-08 13:26:43 +11:00
djm@openbsd.org
86f9e96d9b
upstream: fix typo; spotted by Albert Chin 
OpenBSD-Commit-ID: 77140b520a43375b886e535eb8bd842a268f9368
 2024-01-08 13:26:42 +11:00
dtucker@openbsd.org
f0cbd26ec9
upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee
 2024-01-08 13:26:29 +11:00
jsg@openbsd.org
64ddf77653
upstream: spelling; ok markus@ 
OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b
 2024-01-08 13:25:21 +11:00
jmc@openbsd.org
503fbe9ea2
upstream: sort -C, and add to usage(); ok djm 
OpenBSD-Commit-ID: 80141b2a5d60c8593e3c65ca3c53c431262c812f
 2024-01-08 13:25:20 +11:00
djm@openbsd.org
5413b1c7ff
upstream: correct section numbers; from Ed Maste 
OpenBSD-Commit-ID: e289576ee5651528404cb2fb68945556052cf83f
 2024-01-08 13:25:20 +11:00
djm@openbsd.org
430ef86464
upstream: match flag type (s/int/u_int) 
OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a
 2024-01-08 13:25:19 +11:00
Damien Miller
1036d77b34
better detection of broken -fzero-call-used-regs 
gcc 13.2.0 on ppc64le refuses to compile some function, including
cipher.c:compression_alg_list() with an error:

> sorry, unimplemented: argument ‘used’ is not supportedcw
> for ‘-fzero-call-used-regs’ on this target

This extends the autoconf will-it-work test with a similarly-
structured function that seems to catch this.

Spotted/tested by Colin Watson; bz3645
 2023-12-22 17:56:26 +11:00
Tess Gauthier
e98172c2eb update ssh-add where imaginary i GNU syntax is used 2023-12-19 20:46:01 -05:00
Tess Gauthier
aeb3bbe81d resolve merge conflict 2023-12-19 20:33:17 -05:00
Tess Gauthier
59aba65cf2
add double-quotes around service paths for SSHD and SSH-Agent (#710) 2023-12-18 12:04:57 -05:00
Tess Gauthier
e7010dc405
cherry-pick of kex-strict extension from upstream (#709) 2023-12-18 12:04:18 -05:00
Damien Miller
8241b9c052
crank versions 2023-12-19 01:59:50 +11:00
Damien Miller
2f2c65cb5f
depend 2023-12-19 01:59:06 +11:00
djm@openbsd.org
e48cdee8e1
upstream: regress test for agent PKCS#11-backed certificates 
OpenBSD-Regress-ID: 38f681777cb944a8cc3bf9d0ad62959a16764df9
 2023-12-19 01:57:37 +11:00
djm@openbsd.org
2f512f862d
upstream: regress test for constrained PKCS#11 keys 
OpenBSD-Regress-ID: b2f26ae95d609d12257b43aef7cd7714c82618ff
 2023-12-19 01:57:16 +11:00
djm@openbsd.org
cdddd66412
upstream: openssh-9.6 
OpenBSD-Commit-ID: 21759837cf0e0092d9a2079f8fb562071c11016b
 2023-12-19 01:53:47 +11:00
djm@openbsd.org
6d51feab15
upstream: ssh-agent: record failed session-bind attempts 
Record failed attempts to session-bind a connection and refuse signing
operations on that connection henceforth.

Prevents a future situation where we add a new hostkey type that is not
recognised by an older ssh-agent, that consequently causes session-bind
to fail (this situation is only likely to arise when people mix ssh(1)
and ssh-agent(1) of different versions on the same host). Previously,
after such a failure the agent socket would be considered unbound and
not subject to restriction.

Spotted by Jann Horn

OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e
 2023-12-19 01:53:40 +11:00
djm@openbsd.org
7ef3787c84
upstream: ban user/hostnames with most shell metacharacters 
This makes ssh(1) refuse user or host names provided on the
commandline that contain most shell metacharacters.

Some programs that invoke ssh(1) using untrusted data do not filter
metacharacters in arguments they supply. This could create
interactions with user-specified ProxyCommand and other directives
that allow shell injection attacks to occur.

It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
but getting this stuff right can be tricky, so this should prevent
most obvious ways of creating risky situations. It however is not
and cannot be perfect: ssh(1) has no practical way of interpreting
what shell quoting rules are in use and how they interact with the
user's specified ProxyCommand.

To allow configurations that use strange user or hostnames to
continue to work, this strictness is applied only to names coming
from the commandline. Names specified using User or Hostname
directives in ssh_config(5) are not affected.

feedback/ok millert@ markus@ dtucker@ deraadt@

OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
 2023-12-19 01:53:40 +11:00
djm@openbsd.org
0cb50eefdd
upstream: stricter handling of channel window limits 
This makes ssh/sshd more strict in handling non-compliant peers that
send more data than the advertised channel window allows. Previously
the additional data would be silently discarded. This change will
cause ssh/sshd to terminate the connection if the channel window is
exceeded by more than a small grace allowance.

ok markus@

OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037
 2023-12-19 01:52:55 +11:00
djm@openbsd.org
4448a2938a
upstream: Make it possible to load certs from PKCS#11 tokens 
Adds a protocol extension to allow grafting certificates supplied by
ssh-add to keys loaded from PKCS#11 tokens in the agent.

feedback/ok markus@

OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f
 2023-12-19 01:52:55 +11:00
djm@openbsd.org
881d9c6af9
upstream: apply destination constraints to all p11 keys 
Previously applied only to the first key returned from each token.

ok markus@

OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d
 2023-12-19 01:51:46 +11:00
djm@openbsd.org
a7ed931cae
upstream: add "ext-info-in-auth@openssh.com" extension 
This adds another transport protocol extension to allow a sshd to send
SSH2_MSG_EXT_INFO during user authentication, after the server has
learned the username that is being logged in to.

This lets sshd to update the acceptable signature algoritms for public
key authentication, and allows these to be varied via sshd_config(5)
"Match" directives, which are evaluated after the server learns the
username being authenticated.

Full details in the PROTOCOL file

OpenBSD-Commit-ID: 1de7da7f2b6c32a46043d75fcd49b0cbb7db7779
 2023-12-19 01:51:46 +11:00
djm@openbsd.org
1edb00c58f
upstream: implement "strict key exchange" in ssh and sshd 
This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

Full details of the extension are in the PROTOCOL file.

with markus@

OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
 2023-12-19 01:51:11 +11:00
Damien Miller
59d691b886
better detection of broken -fzero-call-used-regs 
Use OSSH_CHECK_CFLAG_LINK() for detection of these flags and extend
test program to exercise varargs, which seems to catch more stuff.

ok dtucker@
 2023-12-18 14:49:11 +11:00
Tess Gauthier
58150f0983
add codeql suppression justification for restart (#708) 2023-12-13 11:27:41 -05:00
djm@openbsd.org
aa7b217085
upstream: when invoking KnownHostsCommand to determine the order of 
host key algorithms to request, ensure that the hostname passed to the
command is decorated with the port number for ports other than 22.

This matches the behaviour of KnownHostsCommand when invoked to look
up the actual host key.

bz3643, ok dtucker@

OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1
 2023-12-13 14:33:50 +11:00
markus@openbsd.org
4086bd6652
upstream: prevent leak in sshsig_match_principals; ok djm@ 
OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae
 2023-12-13 14:33:50 +11:00
Tess Gauthier
c1e15ab968
Crank versions (#707) 
* bump-dependency-versions

* Update version.rc
 2023-12-12 11:11:35 -05:00
Tess Gauthier
2745347ae0
Merge pull request #703 from tgauth/merge-9.5 
Merge 9.5
 2023-12-07 14:41:39 -05:00
Tess Gauthier
9f9fd0d09d
add check for pipes to do_upload (#704) 
* add check for pipes to do_upload

* add parentheses

* add pester tests to sftp

* use pester 3.4 assertions

* add debug

* temp build in debug

* temp build in debug

* revert building CI in debug

* remove pester test for changes; will test manually
 2023-12-07 14:37:36 -05:00
Tess Gauthier
4cd3519fbf
Add telemetry event (#702) 
* test sending new event from sshd after kex exchange

* rename telemetry event for clarity

* add comments

* remove else since if block has fatal call

* rename method for additional clarity
 2023-12-07 14:35:34 -05:00
djm@openbsd.org
19d3ee2f3a
upstream: short circuit debug log processing early if we're not going 
to log anything. From Kobe Housen

OpenBSD-Commit-ID: 2bcddd695872a1bef137cfff7823044dcded90ea
 2023-12-07 08:09:11 +11:00
tgauth@bu.edu
e10443e229 remove debug statements from pester tests 2023-12-01 15:49:33 -05:00
Andrew
4ee8dc6498
Removed sha1-based MACs from default config (#706) 2023-11-30 18:08:35 -08:00
tgauth@bu.edu
a6248c1e5b add SCP symlink coverage to Pester Tests in place of Bash tests 2023-11-30 16:50:01 -05:00
tgauth@bu.edu
42e182fd4a fix scp.sh test failures 2023-11-30 15:27:59 -05:00
tgauth@bu.edu
476d7f5a26 add comments to bash test changes 2023-11-29 16:54:45 -05:00
tgauth@bu.edu
702f528bb7 add SCP sym link tests to Windows pester tests 2023-11-29 14:15:23 -05:00
tgauth@bu.edu
00ef5b4d9c remove sym link part of scp bash tests on Windows 2023-11-29 11:41:35 -05:00
Darren Tucker
947affad48
Add tests for OpenSSL 3.2.0 and 3.2 stable branch. 2023-11-27 09:37:28 +11:00
Darren Tucker
747dce3620
Use non-zero arg in compiler test program. 
Now that we're running the test program, passing zero to the test function
can cause divide-by-zero exceptions which might show up in logs.
 2023-11-25 09:03:38 +11:00
dtucker@openbsd.org
3d44a5c565
upstream: Plug mem leak of msg when processing a quit message. 
Coverity CID#427852, ok djm@

OpenBSD-Commit-ID: bf85362addbe2134c3d8c4b80f16601fbff823b7
 2023-11-24 12:01:34 +11:00
dtucker@openbsd.org
1d7f9b6e29
upstream: Include existing mux path in debug message. 
OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16
 2023-11-24 12:01:31 +11:00
Darren Tucker
f29934066b
Add an Ubuntu 22.04 test VM. 
This is the same version as Github's runners so most of the testing on
it is over there, but having a local VM makes debugging much easier.
 2023-11-23 19:41:27 +11:00
Darren Tucker
a93284a780
Add gcc-12 -Werror test on Ubuntu 22.04. 
Explictly specify gcc-11 on Ubuntu 22.04 (it's the system compiler).
 2023-11-23 19:36:22 +11:00
Darren Tucker
670f5a647e
Check return value from write to prevent warning. 
... and since we're testing for flags with -Werror, this caused
configure to mis-detect compiler flags.
 2023-11-23 19:34:57 +11:00
Darren Tucker
cea007d691
Run compiler test program when compiling natively. 
ok djm@
 2023-11-23 14:40:51 +11:00
Darren Tucker
ee0d305828
Factor out compiler test program into a macro. 
ok djm@
 2023-11-23 14:40:48 +11:00
Darren Tucker
de304c7631
Add fbsd14 VM to test pool. 2023-11-22 08:55:36 +11:00
Darren Tucker
99a2df5e19
Expand -fzero-call-used-regs test to cover gcc 11. 
It turns out that gcc also has some problems with -fzero-call-used-regs,
at least v11 on mips.  Previously the test in OSSH_CHECK_CFLAG_COMPILE
was sufficient to catch it with "=all", but not sufficient for "=used".
Expand the testcase and include it in the other tests for good measure.
See bz#3629.  ok djm@.
 2023-11-21 16:24:17 +11:00
Darren Tucker
ff220d4010
Stop using -fzero-call-used-regs=all 
... since it seems to be problematic with several different versions of
clang.  Only use -fzero-call-used-regs=used which is less
problematic, except with Apple's clang where we don't use it at all.
bz#3629, ok djm@
 2023-11-21 14:04:34 +11:00
Darren Tucker
2a19e02f36
Allow for vendor prefix on clang version numbers. 
Correctly detects the version of OpenBSD's native clang, as well as
Apple's.  Spotted tb@, ok djm@.
 2023-11-21 14:02:18 +11:00
djm@openbsd.org
c52db01148
upstream: set errno=EAFNOSUPPORT when filtering addresses that don't 
match AddressFamily; yields slightly better error message if no address
matches. bz#3526

OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6
 2023-11-20 13:51:15 +11:00
djm@openbsd.org
26f3f3bbc6
upstream: when connecting via socket (the default case), filter 
addresses by AddressFamily if one was specified. Fixes the case where, if
CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok
dtucker

OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439
 2023-11-16 10:05:32 +11:00
djm@openbsd.org
050c335c8d
upstream: when deciding whether to enable keystroke timing 
obfuscation, only consider enabling it when a channel with a tty is open.

Avoids turning on the obfucation when X11 forwarding only is in use,
which slows it right down. Reported by Roger Marsh

OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1
 2023-11-16 09:53:42 +11:00
tobhe@openbsd.org
676377ce67
upstream: Make sure sftp_get_limits() only returns 0 if 'limits' 
was initialized. This fixes a potential uninitialized use of 'limits' in
sftp_init() if sftp_get_limits() returned early because of an unexpected
message type.

ok djm@

OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c
 2023-11-16 09:53:42 +11:00
Darren Tucker
64e0600f23
Test current releases of LibreSSL and OpenSSL. 
Retire some of the older releases.
 2023-11-13 20:03:31 +11:00
tgauth@bu.edu
0c1b7a7d26 rename path_append to sftp_path_append within WINDOWS ifdef 2023-11-01 10:03:52 -04:00
dtucker@openbsd.org
c8ed7cc545
upstream: Specify ssh binary to use 
... instead of relying on installed one.  Fixes test failures in -portable
when running tests prior to installation.

OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685
 2023-11-01 13:55:45 +11:00
Darren Tucker
e9fc2c4812
Put long-running test targets on hipri runners. 
Some of the selfhosted test targets take a long time to run for various
reasons, so label them for "libvirt-hipri" runners so that they can
start immediately.  This should reduce the time to complete all tests.
 2023-11-01 13:11:31 +11:00
djm@openbsd.org
7ddf27668f
upstream: add some tests of forced commands overriding Subsystem 
directives

OpenBSD-Regress-ID: eb48610282f6371672bdf2a8b5d2aa33cfbd322b
 2023-11-01 11:39:55 +11:00
dtucker@openbsd.org
fb06f9b5a0
upstream: Don't try to use sudo inside sshd log wrapper. 
We still need to check if we're using sudo since we don't want to chown
unecessarily, as on some platforms this causes an error which pollutes
stderr. We also don't want to unnecessarily invoke sudo, since it's
running in the context of the proxycommand, on *other* platforms it
may not be able to authenticate, and if we're using SUDO then it should
already be privileged.

OpenBSD-Regress-ID: 70d58df7503db699de579a9479300e5f3735f4ee
 2023-10-31 15:35:53 +11:00
dtucker@openbsd.org
fc3cc33e88
upstream: Only try to chmod logfile if we have sudo. If we don't have 
sudo then we won't need to chmod.

OpenBSD-Regress-ID: dbad2f5ece839658ef8af3376cb1fb1cabe2e324
 2023-10-31 14:01:25 +11:00
djm@openbsd.org
3a506598fd
upstream: move PKCS#11 setup code to test-exec.sh so it can be reused 
elsewhere

OpenBSD-Regress-ID: 1d29e6be40f994419795d9e660a8d07f538f0acb
 2023-10-31 10:04:32 +11:00
tgauth@bu.edu
e6fa11e07e openssh-9.5p1 
-----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
 AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
 CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
 hhNTEyAAAAeAAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASQAA
 ACEA7WcEKKcqxpjfRRhVOznHOSsf6SlAWbpkBYA01cN3nl0AAAAgIlhw5EaLbGdhj9DaVi
 Mtgw72SsEKJdOA52IQKECVmAQAAAAEDw==
 -----END SSH SIGNATURE-----

resolve merge conflicts; scp and sftp fail to compile
 2023-10-30 17:06:35 -04:00
djm@openbsd.org
f82fa227a5
upstream: tidy and refactor PKCS#11 setup code 
Replace the use of a perl script to delete the controlling TTY with a
SSH_ASKPASS script to directly load the PIN.

Move PKCS#11 setup code to functions in anticipation of it being used
elsewhere in additional tests.

Reduce stdout spam

OpenBSD-Regress-ID: 07705c31de30bab9601a95daf1ee6bef821dd262
 2023-10-31 04:36:27 +11:00
Darren Tucker
3cf698c6d4
Add obsd74 test VM and retire obsd69 and obsd70. 2023-10-30 21:35:03 +11:00
Darren Tucker
3e21d58a09
Add OpenSSL 3.3.0 as a known dev version. 2023-10-30 18:34:12 +11:00
Darren Tucker
917ba181c2
Restore nopasswd sudo rule on Mac OS X. 
This seems to be missing from some (but not all) github runners, so
restore it if it seems to be missing.
 2023-10-30 16:13:04 +11:00
Darren Tucker
c5698abad6
Don't exit early when setting up on Mac OS X. 
We probably need some of the other bits in there (specifically, setting
the perms on the home directory) so make it less of a special snowflake.
 2023-10-30 13:54:00 +11:00
dtucker@openbsd.org
1d6a878ceb
upstream: Only try to chown logfiles that exist to prevent spurious 
errors.

OpenBSD-Regress-ID: f1b20a476734e885078c481f1324c9ea03af991e
 2023-10-29 17:33:18 +11:00
anton@openbsd.org
e612376427
upstream: make use of bsd.regress.mk in extra and interop targets; ok 
dtucker@

OpenBSD-Regress-ID: 7ea21b5f6fc4506165093b2123d88d20ff13a4f0
 2023-10-29 17:32:47 +11:00
dtucker@openbsd.org
ea00391739
upstream: Skip conch interop tests when not enabled instead of fatal. 
OpenBSD-Regress-ID: b0abf81c24ac6c21f367233663228ba16fa96a46
 2023-10-27 00:02:26 +11:00
dtucker@openbsd.org
d220b9ed54
upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: 95f5dd6107e8902b87dc5b005ef2b53f1ff378b8
 2023-10-26 23:46:03 +11:00
anton@openbsd.org
a611e4db40
upstream: ssh conch interop tests requires a controlling terminal; 
ok dtucker@

OpenBSD-Regress-ID: cbf2701bc347c2f19d907f113779c666f1ecae4a
 2023-10-26 23:44:53 +11:00
anton@openbsd.org
da951b5e08
upstream: Use private key that is allowed by sshd defaults in conch 
interop tests.

ok dtucker@

OpenBSD-Regress-ID: 3b7f65c8f409c328bcd4b704f60cb3d31746f045
 2023-10-26 23:34:29 +11:00
Darren Tucker
1ca166dbb3
Install Dropbear for interop testing. 2023-10-20 20:43:00 +11:00
Darren Tucker
f993bb5835
Resync PuTTY and Conch path handling with upstream. 
Now that configure finds these for us we can remove these -portable
specific changes.
 2023-10-20 20:39:03 +11:00
Darren Tucker
ff85becd5f
Have configure find PuTTY and Conch binaries. 
This will let us remove some -portable specific changes from
test-exec.sh.
 2023-10-20 20:35:46 +11:00
dtucker@openbsd.org
c54a50359b
upstream: Allow overriding the locations of the Dropbear binaries 
similar to what we do for the PuTTY ones.

OpenBSD-Regress-ID: 7de0e00518fb0c8fdc5f243b7f82f523c936049c
 2023-10-20 20:28:20 +11:00
dtucker@openbsd.org
fbaa707d45
upstream: Add interop test with Dropbear. 
Right now this is only dbclient not the Dropbear server since it won't
currently run as a ProxyCommand.

OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496
 2023-10-20 18:35:32 +11:00
Tess Gauthier
cb23f0d9c0
revert enabling sdl check compiler option for debug builds (#700) 2023-10-16 09:57:03 -04:00
Tess Gauthier
0ffb0ceb64
remove redundant WINDOWS preprocessor definitions (#697) 2023-10-16 09:56:42 -04:00
Fabio Pedretti
c2003d0dbd
Update openssl-devel dependency in RPM spec. 
Since openssh 9.4p1, openssl >= 1.1.1 is required, so
build with --without-openssl elsewhere.
According to https://repology.org/project/openssl/versions
openssl 1.1.1 is available on fedora >= 29 and rhel >= 8.
Successfully build tested, installed and run on rhel 6
 2023-10-16 21:40:01 +11:00
Fabio Pedretti
064e09cd63
Remove reference of dropped sshd.pam.old file 
The file was removed in openssh 8.8
 2023-10-16 20:14:04 +11:00
dtucker@openbsd.org
62db354b69
upstream: Move declaration of "len" into the block where it's used. 
This lets us compile Portable with -Werror with when OpenSSL doesn't have
Ed25519 support.

OpenBSD-Commit-ID: e02e4b4af351946562a7caee905da60eff16ba29
 2023-10-16 20:13:41 +11:00
Damien Miller
6eee8c972d
run t-extra regress tests 
This exposes the t-extra regress tests (including agent-pkcs11.sh) as
a new extra-tests target in the top level Makefile and runs them by
default. ok dtucker@
 2023-10-13 15:15:05 +11:00
Darren Tucker
637624dbba
Don't use make -j2. 
While we have 2 cores available on github runners, not using it means
that the most recent log message is the actual failure, rather than
having to search back through the log for it.
 2023-10-12 22:01:23 +11:00
Darren Tucker
971e0cfcfd
Correct arg order for ED255519 AC_LINK_IFELSE test. 2023-10-12 16:23:05 +11:00
djm@openbsd.org
c616e64688
upstream: typos and extra debug trace calls 
OpenBSD-Regress-ID: 98a2a6b9333743274359e3c0f0e65cf919a591d1
 2023-10-12 14:52:46 +11:00
djm@openbsd.org
c49a3fbf10
upstream: ensure logs are owned by correct user; feedback/ok 
dtucker@

OpenBSD-Regress-ID: c3297af8f07717f1d400a5d34529962f1a76b5a3
 2023-10-12 14:52:45 +11:00
djm@openbsd.org
5ec0ed79ac
upstream: 64 %-expansion keys ought to be enough for anybody; ok 
dtucker (we just hit the previous limit in some cases)

OpenBSD-Commit-ID: 84070f8001ec22ff5d669f836b62f206e08c5787
 2023-10-12 14:37:52 +11:00
djm@openbsd.org
f59a94e22e
upstream: don't dereference NULL pointer when hashing jumphost 
OpenBSD-Commit-ID: 251c0263e1759a921341c7efe7f1d4c73e1c70f4
 2023-10-12 13:58:19 +11:00
Damien Miller
281c79168e
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT 
If the system support PRIV_XPOLICY and one is set, then don't
modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
 2023-10-12 13:20:01 +11:00
djm@openbsd.org
98fc34df83
upstream: add %j token that expands to the configured ProxyJump 
hostname (or the empty string if this option is not being used). bz3610, ok
dtucker

OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
 2023-10-12 13:19:41 +11:00
djm@openbsd.org
7f3180be8a
upstream: release GSS OIDs only at end of authentication; bz2982, 
ok dtucker@

OpenBSD-Commit-ID: 0daa41e0525ae63cae4483519ecaa37ac485d94c
 2023-10-12 13:19:41 +11:00
djm@openbsd.org
a612b93de5
upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending 
and use ppoll() to unmask them in the mainloop. Avoids race condition between
signaling ssh to exit and polling. bz3531; ok dtucker

OpenBSD-Commit-ID: 5c14e1aabcddedb95cdf972283d9c0d5083229e7
 2023-10-12 13:19:40 +11:00
djm@openbsd.org
531b27a006
upstream: sync usage() with ssh.1; spotted by kn@ 
OpenBSD-Commit-ID: 191a85639477dcb5fa1616d270d93b7c8d5c1dfd
 2023-10-12 13:19:40 +11:00
djm@openbsd.org
64f7ca881b
upstream: ssh -Q does not make sense with other command-line options, 
so give it its own line in the manpage

OpenBSD-Commit-ID: 00a747f0655c12122bbb77c2796be0013c105361
 2023-10-12 10:15:47 +11:00
djm@openbsd.org
a752a6c0e1
upstream: add ChannelTimeout support to the client, mirroring the 
same option in the server. ok markus@

OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02
 2023-10-12 10:00:13 +11:00
djm@openbsd.org
76e91e7238
upstream: add support for reading ED25519 private keys in PEM PKCS8 
format; ok markus@ tb@

OpenBSD-Commit-ID: 01b85c91757e6b057e9b23b8a23f96415c3c7174
 2023-10-12 09:59:44 +11:00
Tess Gauthier
f72324ffa1
disable adding pkcs11 providers to ssh-agent remotely unless overridden by cli arg (#699) 2023-10-11 16:39:05 -04:00
djm@openbsd.org
fc77c8e352
upstream: mention "none" is a valid argument to IdentityFile; bz3080 
OpenBSD-Commit-ID: 1b4fb590ef731099349a7d468b77f02b240ac926
 2023-10-11 17:41:52 +11:00
djm@openbsd.org
c97520d23d
upstream: in olde rcp/scp protocol mode, when rejecting a path from the 
server as not matching the glob that the client sent, log (at debug level)
the received pathname as well as the list of possible expected paths expanded
from the glob. bz2966

OpenBSD-Commit-ID: 0bd8db8a595334ca86bca8f36e23fc0395315765
 2023-10-11 16:44:40 +11:00
djm@openbsd.org
208c2b7198
upstream: s/%.100s/%s/ in SSH- banner construction as there's no 
reason to limit its size: the version string bring included is a compile time
constant going into an allocated banner string.

OpenBSD-Commit-ID: 0ef73304b9bf3e534c60900cd84ab699f859ebcd
 2023-10-11 15:57:09 +11:00
tb@openbsd.org
0354790826
upstream: Garbage collect cipher_get_keyiv_len() 
This is a compat20 leftover, unused since 2017.

ok djm

OpenBSD-Commit-ID: 91fa5497c9dc6883064624ac27813a567883fdce
 2023-10-11 15:57:08 +11:00
djm@openbsd.org
8d29ee4115
upstream: Reserve a range of "local extension" message numbers that 
OpenSSH promises not to use (comment change only)

OpenBSD-Commit-ID: e61795b453d4892d2c99ce1039112c4a00250e03
 2023-10-10 14:58:55 +11:00
djm@openbsd.org
90b0d73d63
upstream: typo in error message 
OpenBSD-Regress-ID: 6a8edf0dc39941298e3780b147b10c0a600b4fee
 2023-10-06 14:33:37 +11:00
djm@openbsd.org
e84517f515
upstream: Perform the softhsm2 setup as discrete steps rather than 
as a long shell pipeline. Makes it easier to figure out what has happened
when it breaks.

OpenBSD-Regress-ID: b3f1292115fed65765d0a95414df16e27772d81c
 2023-10-06 14:31:20 +11:00
claudio@openbsd.org
cb54becff4
upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to 
overload the value here anymore. OK tb@ bluhm@

OpenBSD-Regress-ID: f063330f1bebbcd373100afccebc91a965b14496
 2023-10-06 14:31:13 +11:00
jmc@openbsd.org
f01f5137ce
upstream: spelling fix; 
OpenBSD-Commit-ID: 493f95121567e5ab0d9dd1150f873b5535ca0195
 2023-10-06 14:30:35 +11:00
Tess Gauthier
effdb65e40
Enable sdl check (#695) 
* enable sdl checks during compilation

* fix sdl errors in Windows code

* fix sdl errors in common code without ifdefs, for now
 2023-10-04 13:11:53 -04:00
Tess Gauthier
39bf3d4fce
Enable /CETCOMPAT in x86, x64 Linker Additional Options (#696) 
* enable spectre mitigation in vcxproj

* add linker compat option and sdl compile checks where applicable

* add linker switch to x64 and x86 arch
 2023-10-04 12:59:38 -04:00
Damien Miller
80a2f64b8c
crank version numbers 2023-10-04 15:34:10 +11:00
djm@openbsd.org
f65f187b10
upstream: openssh-9.5 
OpenBSD-Commit-ID: 5e0af680480bd3b6f5560cf840ad032d48fd6b16
 2023-10-04 15:33:36 +11:00
djm@openbsd.org
ffe27e54a4
upstream: add some cautionary text about % token expansion and 
shell metacharacters; based on report from vinci AT protonmail.ch

OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
 2023-10-04 15:33:27 +11:00
djm@openbsd.org
60ec3d54fd
upstream: fix link to agent draft; spotted by Jann Horn 
OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b
 2023-10-04 15:30:19 +11:00
Damien Miller
12e2d4b13f
use portable provider allowlist path in manpage 
spotted by Jann Horn
 2023-10-04 10:54:04 +11:00
Tess Gauthier
4e5f11a82c
enable spectre mitigation in vcxproj (#694) 2023-10-02 15:16:33 -04:00
deraadt@openbsd.org
6c2c6ffde7
upstream: typo; from Jim Spath 
OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e
 2023-10-01 10:57:54 +11:00
Tess Gauthier
96f8702f79
Crank versions (#693) 
* Update version.rc

* Update libressl version in paths.targets
 2023-09-28 16:39:39 -04:00
Sam Hocevar
1ab66dd3d4
Fix unreasonably small DefaultShellCommandOption size limit (#683) 2023-09-28 14:34:08 -04:00
s911415
1146f366ed
fix session id2 datetype missmatch (#679) 
* fix session id2 datetype missmatch

* update session_id2_len definition with WINDOWS identifier
 2023-09-28 13:17:26 -04:00
Tess Gauthier
24449c64b7
Merge pull request #684 from tgauth/merge-9.4 
Merge 9.4
 2023-09-27 15:33:29 -04:00
djm@openbsd.org
b6b49130a0
upstream: rename remote_glob() -> sftp_glob() to match other API 
OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229
 2023-09-11 09:14:02 +10:00
djm@openbsd.org
21b79af6c8
upstream: typo in comment 
OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18
 2023-09-11 09:13:42 +10:00
Darren Tucker
41232d2553
Use zero-call-used-regs=used with Apple compilers. 
Apple's versions of clang have version numbers that do not match the
corresponding upstream clang versions.  Unfortunately, they do still
have the clang-15 zero-call-used-regs=all bug, so for now use the value
that doesn't result in segfaults.  We could allowlist future versions
that are known to work.  bz#3584 (and probably also our github CI
failures).
 2023-09-10 15:45:38 +10:00
djm@openbsd.org
90ccc5918e
upstream: randomise keystroke obfuscation intervals and average 
interval rate. ok dtucker@

OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382
 2023-09-10 13:27:40 +10:00
djm@openbsd.org
bd1b9e52f5
upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer here 
is char**, so harmless); spotted in CID 416964

OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002
 2023-09-08 16:35:40 +10:00
djm@openbsd.org
c4f9664829
upstream: regress test recursive remote-remote directories copies where 
the directory contains a symlink to another directory.

also remove errant `set -x` that snuck in at some point

OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f
 2023-09-08 16:12:05 +10:00
djm@openbsd.org
5e1dfe5014
upstream: fix recursive remote-remote copies of directories that 
contain symlinks to other directories (similar to bz3611)

OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f
 2023-09-08 16:11:58 +10:00
djm@openbsd.org
7c0ce2bf98
upstream: regress test for recursive copies of directories containing 
symlinks to other directories. bz3611, ok dtucker@

OpenBSD-Regress-ID: eaa4c29cc5cddff4e72a16bcce14aeb1ecfc94b9
 2023-09-08 15:59:21 +10:00
djm@openbsd.org
2de990142a
upstream: the sftp code was one of my first contributions to 
OpenSSH and it shows - the function names are terrible.

Rename do_blah() to sftp_blah() to make them less so.

Completely mechanical except for sftp_stat() and sftp_lstat() which
change from returning a pointer to a static variable (error-prone) to
taking a pointer to a caller-provided receiver.

OpenBSD-Commit-ID: eb54d6a72d0bbba4d623e2175cf5cc4c75dc2ba4
 2023-09-08 15:59:08 +10:00
djm@openbsd.org
249d8bd047
upstream: fix scp in SFTP mode recursive upload and download of 
directories that contain symlinks to other directories. In scp mode, the
links would be followed, but in SFTP mode they were not. bz3611, ok dtucker@

OpenBSD-Commit-ID: 9760fda668eaa94a992250d7670dfbc62a45197c
 2023-09-08 15:58:24 +10:00
tgauth@bu.edu
ffd23297ae add comments 2023-09-07 16:59:04 -04:00
Tess Gauthier
ae0f346a7a
fix typo 2023-09-07 14:11:27 -04:00
Tess Gauthier
33f1ab9391
Update codeql.yml (#687) 2023-09-07 10:29:46 -04:00
djm@openbsd.org
0e1f4401c4
upstream: regression test for override of subsystem in match blocks 
OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
 2023-09-07 09:58:04 +10:00
djm@openbsd.org
8a1450c620
upstream: allow override of Sybsystem directives in sshd Match 
blocks

OpenBSD-Commit-ID: 3911d18a826a2d2fe7e4519075cf3e57af439722
 2023-09-07 09:54:47 +10:00
djm@openbsd.org
6e52826e2a
upstream: allocate the subsystems array as necessary and remove the 
fixed limit of subsystems. Saves a few kb of memory in the server and makes
it more like the other options.

OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f
 2023-09-07 09:54:01 +10:00
djm@openbsd.org
e19069c9fa
upstream: preserve quoting of Subsystem commands and arguments. 
This may change behaviour of exotic configurations, but the most common
subsystem configuration (sftp-server) is unlikely to be affected.

OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf
 2023-09-07 09:54:01 +10:00
djm@openbsd.org
52dfe3c72d
upstream: downgrade duplicate Subsystem directives from being a 
fatal error to being a debug message to match behaviour with just about all
other directives.

OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce
 2023-09-07 09:54:00 +10:00
djm@openbsd.org
1ee0a16e07
upstream: handle cr+lf (instead of just cr) in sshsig signature 
files

OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f
 2023-09-07 09:54:00 +10:00
job@openbsd.org
e1c284d60a
upstream: Generate Ed25519 keys when invoked without arguments 
Ed25519 public keys are very convenient due to their small size.
OpenSSH has supported Ed25519 since version 6.5 (January 2014).

OK djm@ markus@ sthen@ deraadt@

OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f
 2023-09-07 09:53:59 +10:00
Tess Gauthier
f87f0c57a2
add check for program data folder permissions during sshd service startup (#686) 2023-09-05 12:59:28 -04:00
djm@openbsd.org
694150ad92
upstream: trigger keystroke timing obfucation only if the channels 
layer enqueud some data in the last poll() cycle; this avoids triggering the
obfuscatior for non-channels data like ClientAlive probes and also fixes a
related problem were the obfucations would be triggered on fully quiescent
connections.

Based on / tested by naddy@

OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
 2023-09-04 10:09:54 +10:00
djm@openbsd.org
b5fd97896b
upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..." 
debug messages when keystroke timing obfuscation was never started; spotted
by naddy@

OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31
 2023-09-04 10:09:53 +10:00
djm@openbsd.org
ccf7d913db
upstream: make channel_output_poll() return a flag indicating 
whether channel data was enqueued. Will be used to improve keystroke timing
obfuscation. Problem spotted by / tested by naddy@

OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
 2023-09-04 10:09:53 +10:00
djm@openbsd.org
43254b326a
upstream: set interactive mode for ControlPersist sessions if they 
originally requested a tty; enables keystroke timing obfuscation for most
ControlPersist sessions. Spotted by naddy@

OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
 2023-09-04 10:09:52 +10:00
tgauth@bu.edu
7023264b09 Merge branch 'latestw_all' into merge-9.4 2023-08-31 14:22:13 -04:00
Tess Gauthier
3645eaa30e
Build tools version updates (#677) 
* bump platform toolset to v143

* add updated proj files for testing

* add _CRT_DECLARE_NONSTDC_NAMES=0 to projects with posix functions

* revert onecore changes

* fix typo

* use latest sdk in build script

* update build toolset in config proj

* update build script to use latest toolsets

* update paths.targets

* update to win11 sdk in paths.targets

* make build script more robust with VSwhere

* change validity check from count check to null-check

* remove static keyword from auth_debug declaration

* change to ifndef for diff checking

* update string compare

* change msbuild tool search from manual check instead of using vswhere

* update wixproj to work with wix install on new build image

* update 2022 build image and zlib version
 2023-08-31 14:19:37 -04:00
tgauth@bu.edu
c769798653 remove dependencies files used for testing 2023-08-31 13:00:59 -04:00
Darren Tucker
ff3eda68ce
Set LLONG_MAX for C89 test. 
If we don't have LLONG_MAX, configure will figure out that it can get it
by setting -std=gnu99, at which point we won't be testing C89 any more.
To avoid this, feed it in via CFLAGS.
 2023-08-31 23:02:35 +10:00
Tess Gauthier
f7996c7a5c fix stderr tests on Windows 2023-08-29 10:14:40 -04:00
Tess Gauthier
b2ec0cdd33 fix additional tests in keygen-sshfp.sh on Windows 2023-08-29 10:13:43 -04:00
djm@openbsd.org
f98031773d
upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@ 
OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7
 2023-08-29 15:01:47 +10:00
djm@openbsd.org
cfa66857db
upstream: descriptive text shouldn't be under .Cm 
OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b
 2023-08-29 15:01:46 +10:00
Tess Gauthier
a6229b9e7b fix hostkey tests 2023-08-28 14:51:40 -04:00
djm@openbsd.org
01dbf3d466
upstream: limit artificial login delay to a reasonable maximum (5s) 
and don't delay at all for the "none" authentication mechanism. Patch by
Dmitry Belyavskiy in bz3602 with polish/ok dtucker@

OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515
 2023-08-28 19:50:04 +10:00
jmc@openbsd.org
528da5b9d7
upstream: add spacing for punctuation when macro args; 
OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db
 2023-08-28 19:50:03 +10:00
djm@openbsd.org
3867361ca6
upstream: explicit long long type in timing calculations (doesn't 
matter, since the range is pre-clamped)

OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de
 2023-08-28 14:07:56 +10:00
djm@openbsd.org
7603ba7126
upstream: Add keystroke timing obfuscation to the client. 
This attempts to hide inter-keystroke timings by sending interactive
traffic at fixed intervals (default: every 20ms) when there is only a
small amount of data being sent. It also sends fake "chaff" keystrokes
for a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword/

feedback/ok markus@

OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
 2023-08-28 13:34:10 +10:00
djm@openbsd.org
dce6d80d2e
upstream: Introduce a transport-level ping facility 
This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG
to implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping@openssh.com"
ext-info message with a string version number of "0".

ok markus@

OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f
 2023-08-28 13:34:01 +10:00
tobhe@openbsd.org
d2d247938b
upstream: Log errors in kex_exchange_identification() with level 
verbose instead of error to reduce preauth log spam. All of those get logged
with a more generic error message by sshpkt_fatal().

feedback from sthen@
ok djm@

OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
 2023-08-28 13:34:00 +10:00
djm@openbsd.org
9d7193a835
upstream: correct math for ClientAliveInterval that caused the 
probes to be sent less frequently than configured; from Dawid Majchrzak

OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038
 2023-08-28 13:34:00 +10:00
Darren Tucker
3c6ab63b38
Include Portable version in sshd version string. 
bz#3608, ok djm@
 2023-08-25 14:48:02 +10:00
Tess Gauthier
22615453ef temp add x86 zlib built with vs 2022 for CI test 2023-08-23 15:17:17 -04:00
Tess Gauthier
1b8783c18e Merge branch 'merge-9.4' of https://github.com/tgauth/openssh-portable into merge-9.4 2023-08-23 15:03:24 -04:00
Tess Gauthier
4d42e70320 temporarily add zlib built with vs2022 build tools for CI 2023-08-23 14:53:01 -04:00
Tess Gauthier
23090c69ca
Update ci.yml to new build image 2023-08-23 14:32:09 -04:00
Tess Gauthier
6c59360e66 temporarily add dependencies built with VS2022 build tools for CI 2023-08-23 14:12:09 -04:00
Tess Gauthier
f2cd96282f add Windows preprocessor definitions around posix and pkcs11 changes 2023-08-23 14:10:25 -04:00
Tess Gauthier
a1999590a8 fix parsing command-line args and add Windows #ifdef to prevent in future 2023-08-23 13:24:36 -04:00
Tess Gauthier
0db6f3e486 resolve merge conflicts 2023-08-21 16:35:13 -04:00
Darren Tucker
17fa6cd10a
obsd-arm64 host is real hardware... 
so put in the correct config location.
 2023-08-21 19:47:58 +10:00
Darren Tucker
598ca75c85
Add OpenBSD ARM64 test host. 2023-08-21 19:17:27 +10:00
Darren Tucker
1acac79bfb
Add test for zlib development branch. 2023-08-21 19:17:18 +10:00
djm@openbsd.org
84efebf352
upstream: want stdlib.h for free(3) 
OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29
 2023-08-21 14:38:38 +10:00
Darren Tucker
e99a02ec18
Fix zlib version check for 1.3 and future version. 
bz#3604.
 2023-08-19 07:41:24 +10:00
Darren Tucker
cb4ed12ffc
Fix zlib version check for 1.3 and future version. 
bz#3604.
 2023-08-19 07:39:08 +10:00
Tess Gauthier
ad45b5c9a1
fix func declaration (#682) 2023-08-18 13:31:56 -04:00
Darren Tucker
25b75e21f1
Add 9.4 branch to CI status page. 2023-08-18 12:50:32 +10:00
djm@openbsd.org
f3e39c4700
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused 
multiplexed sessions to ignore SIGINT under some circumstances. Reported by /
feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
 2023-08-18 12:04:05 +10:00
djm@openbsd.org
803e22eabd
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused 
multiplexed sessions to ignore SIGINT under some circumstances. Reported by /
feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
 2023-08-18 12:02:41 +10:00
djm@openbsd.org
e706bca324
upstream: defence-in-depth MaxAuthTries check in monitor; ok markus 
OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21
 2023-08-18 11:44:41 +10:00
djm@openbsd.org
d1ab7eb904
upstream: add message number of SSH2_MSG_NEWCOMPRESS defined in RFC8308 
OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028
 2023-08-15 10:12:26 +10:00
Darren Tucker
c8e79e4872
Add obsd72 and obsd73 test targets. 2023-08-13 15:02:08 +10:00
Darren Tucker
fa8da52934
Add obsd72 and obsd73 test targets. 2023-08-13 15:01:27 +10:00
djm@openbsd.org
f9f1800667
upstream: better debug logging of sessions' exit status 
OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0
 2023-08-11 09:12:59 +10:00
naddy@openbsd.org
a8c57bcb07
upstream: drop a wayward comma, ok jmc@ 
OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6
 2023-08-11 09:10:21 +10:00
Damien Miller
e962f9b318
depend 2023-08-10 20:17:07 +10:00
Damien Miller
0fcb60bf83
update versions in RPM specs 2023-08-10 20:17:06 +10:00
Damien Miller
d0cee42984
update version in README 2023-08-10 20:17:06 +10:00
djm@openbsd.org
78b4dc6684
upstream: openssh-9.4 
OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
 2023-08-10 20:17:05 +10:00
Darren Tucker
58ca4f0aa8
Only include unistd.h once. 2023-08-10 11:30:24 +10:00
Damien Miller
daa5b2d869
depend 2023-08-10 11:10:22 +10:00
Damien Miller
41bfb63f51
update versions in RPM specs 2023-08-10 11:05:42 +10:00
Damien Miller
e598b92b1e
update version in README 2023-08-10 11:05:14 +10:00
djm@openbsd.org
e797e5ffa7
upstream: openssh-9.4 
OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
 2023-08-10 11:04:25 +10:00
Damien Miller
3961ed02dc
wrap poll.h include in HAVE_POLL_H 2023-08-10 09:08:49 +10:00
dtucker@openbsd.org
e535fbe2af
upstream: Apply ConnectTimeout to multiplexing local socket 
connections.  If the multiplex socket exists but the connection times out,
ssh will fall back to a direct connection the same way it would if the socket
did not exist at all.  ok djm@

OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4
 2023-08-04 17:50:35 +10:00
Darren Tucker
9d92e7b248
Fix RNG seeding for OpenSSL w/out self seeding. 
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
 2023-08-03 20:29:08 +10:00
djm@openbsd.org
f70010d9b0
upstream: CheckHostIP has defaulted to 'no' for a while; make the 
commented- out config option match. From Ed Maste

OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9
 2023-08-03 09:09:02 +10:00
dtucker@openbsd.org
c88a8788f9
upstream: remove unnecessary if statement. 
github PR#422 from eyalasulin999, ok djm@

OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55
 2023-08-01 18:54:30 +10:00
jmc@openbsd.org
77b8b865cd
upstream: %C is a callable macro in mdoc(7) 
so, as we do for %D, escape it;

OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9
 2023-08-01 18:54:13 +10:00
djm@openbsd.org
e0f91aa9c2
upstream: don't need to start a command here; use ssh -N instead. 
Fixes failure on cygwin spotted by Darren

OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb
 2023-07-30 11:41:45 +10:00
djm@openbsd.org
f446a44f30
upstream: add LTESTS_FROM variable to allow skipping of tests up to 
a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh
test and subsequent ones. ok dtucker@

OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3
 2023-07-30 11:41:44 +10:00
djm@openbsd.org
8eb8899d61
upstream: test ChrootDirectory in Match block 
OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1
 2023-07-30 11:18:09 +10:00
djm@openbsd.org
e43f43d3f1
upstream: better error messages 
OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a
 2023-07-30 11:17:43 +10:00
djm@openbsd.org
6958f00acf
upstream: don't incorrectly truncate logged strings retrieved from 
PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus

OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9
 2023-07-28 08:31:01 +10:00
djm@openbsd.org
d1ffde6b55
upstream: make sshd_config AuthorizedPrincipalsCommand and 
AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection
address/port 4-tuple) as expansion sequences; ok markus

OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565
 2023-07-28 08:29:21 +10:00
djm@openbsd.org
999a2886ca
upstream: increase default KDF work-factor for OpenSSH format 
private keys from 16 to 24; { feedback ok } x { deraadt markus }

OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec
 2023-07-28 08:29:20 +10:00
Darren Tucker
0fa803a1dd
Prefer OpenSSL's SHA256 in sk-dummy.so 
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
built without OpenSSL.  In many cases, however, including both libc's
and OpenSSL's headers together caused conflicting definitions.

We tried working around this (on OpenSSL <1.1 you could define
OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
varying levels of success.  Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
and including most OpenSSL headers would bring sha.h in, even if it
wasn't used directly this was a constant hassle.

Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
all.  ok djm@
 2023-07-27 10:30:12 +10:00
Darren Tucker
36cdb5dbf5
Retire dfly58 test VM. Add dfly64. 2023-07-27 10:30:12 +10:00
djm@openbsd.org
2d34205dab
upstream: make ssh -f (fork after authentication) work properly in 
multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by
Peter Chubb; ok dtucker@

OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac
 2023-07-27 09:11:22 +10:00
naddy@openbsd.org
076aeda86a
upstream: man page typos; ok jmc@ 
OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0
 2023-07-27 09:11:21 +10:00
jmc@openbsd.org
135e7d5fe3
upstream: tweak the allow-remote-pkcs11 text; 
OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a
 2023-07-27 09:11:21 +10:00
Darren Tucker
5f83342b61
Handle a couple more OpenSSL no-ecc cases. 
ok djm@
 2023-07-25 13:00:22 +10:00
Damien Miller
edc2ef4e41
depend 2023-07-20 12:53:44 +10:00
Damien Miller
51fda734e0
Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client 2023-07-20 12:53:21 +10:00
djm@openbsd.org
099cdf59ce
upstream: Separate ssh-pkcs11-helpers for each p11 module 
Make ssh-pkcs11-client start an independent helper for each provider,
providing better isolation between modules and reliability if a single
module misbehaves.

This also implements reference counting of PKCS#11-hosted keys,
allowing ssh-pkcs11-helper subprocesses to be automatically reaped
when no remaining keys reference them. This fixes some bugs we have
that make PKCS11 keys unusable after they have been deleted, e.g.
https://bugzilla.mindrot.org/show_bug.cgi?id=3125

ok markus@

OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e
 2023-07-20 00:31:11 +10:00
djm@openbsd.org
29ef8a0486
upstream: Ensure FIDO/PKCS11 libraries contain expected symbols 
This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.

Feedback deraadt; ok markus

OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe
 2023-07-20 00:21:31 +10:00
djm@openbsd.org
1f2731f5d7
upstream: Disallow remote addition of FIDO/PKCS11 provider 
libraries to ssh-agent by default.

The old behaviour of allowing remote clients from loading providers
can be restored using `ssh-agent -O allow-remote-pkcs11`.

Detection of local/remote clients requires a ssh(1) that supports
the `session-bind@openssh.com` extension. Forwarding access to a
ssh-agent socket using non-OpenSSH tools may circumvent this control.

ok markus@

OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c
 2023-07-20 00:18:27 +10:00
djm@openbsd.org
892506b136
upstream: terminate process if requested to load a PKCS#11 provider 
that isn't a PKCS#11 provider; from / ok markus@

OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
 2023-07-20 00:18:26 +10:00
Damien Miller
f3f56df8ec
agent_fuzz doesn't want stdint.h conditionalised 2023-07-19 12:07:18 +10:00
Damien Miller
750911fd31
conditionalise stdint.h inclusion on HAVE_STDINT_H 
fixes build on AIX5 at least
 2023-07-18 15:41:12 +10:00
Damien Miller
ff047504fa
conditionalise match localnetwork on ifaddrs.h 
Fixes build breakage on platforms that lack getifaddrs()
 2023-07-18 15:30:45 +10:00
djm@openbsd.org
b87b03282e
upstream: missing match localnetwork negation check 
OpenBSD-Commit-ID: 9a08ed8dae27d3f38cf280f1b28d4e0ff41a737a
 2023-07-17 16:23:03 +10:00
jmc@openbsd.org
6d6e185ba2
upstream: - add -P to usage() - sync the arg name to -J in usage() 
with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width

OpenBSD-Commit-ID: 5235dd7aa42e5bf90ae54579d519f92fc107036e
 2023-07-17 16:23:03 +10:00
jmc@openbsd.org
f1a9898283
upstream: -P before -p in SYNOPSIS; 
OpenBSD-Commit-ID: 535f5257c779e26c6a662a038d241b017f8cab7c
 2023-07-17 16:23:02 +10:00
jsg@openbsd.org
eef4d7e873
upstream: configuation -> configuration 
OpenBSD-Commit-ID: 4776ced33b780f1db0b2902faec99312f26a726b
 2023-07-17 16:23:02 +10:00
djm@openbsd.org
dc1dbe94cf
upstream: move other RCSIDs to before their respective license blocks 
too no code change

OpenBSD-Commit-ID: ef5bf46b57726e4260a63b032b0b5ac3b4fe9cd4
 2023-07-17 15:33:51 +10:00
djm@openbsd.org
ebe1104468
upstream: Move RCSID to before license block and away from #includes, 
where it caused merge conflict in -portable for each commit :(

OpenBSD-Commit-ID: 756ebac963df3245258b962e88150ebab9d5fc20
 2023-07-17 15:24:14 +10:00
djm@openbsd.org
05c08e5f62
upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a 
valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed
to fall back to text revocation lists in some cases; fixes t-cert-hostkey.

OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1
 2023-07-17 15:22:36 +10:00
Damien Miller
c6fad2c3d1
avoid AF_LINK on platforms that don't define it 2023-07-17 14:56:14 +10:00
djm@openbsd.org
919bc3d3b7
upstream: Add support for configuration tags to ssh(1). 
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.

ok markus

OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3
 2023-07-17 14:53:53 +10:00
djm@openbsd.org
3071d85a47
upstream: add a "match localnetwork" predicate. 
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).

ok markus@

OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139
 2023-07-17 14:53:53 +10:00
djm@openbsd.org
beec17bb31
upstream: remove vestigal support for KRL signatures 
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.

Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.

ok markus@

OpenBSD-Commit-ID: 517437bab3d8180f695c775410c052340e038804
 2023-07-17 14:52:35 +10:00
djm@openbsd.org
449566f64c
upstream: Support for KRL extensions. 
This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.

ok markus

OpenBSD-Commit-ID: ae2fcde9a22a9ba7f765bd4f36b3f5901d8c3fa7
 2023-07-17 14:52:20 +10:00
dtucker@openbsd.org
18ea857770
upstream: Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build. 
OpenBSD-Commit-ID: e7c31034a5434f2ead3579b13a7892960651e6b0
 2023-07-17 14:52:03 +10:00
Darren Tucker
20b768fcd1
Fix typo in declaration of nmesg. 2023-07-14 17:07:32 +10:00
Damien Miller
4b94d09542
portable-specific int overflow defence-in-depth 
These too are unreachable, but we want the code to be safe regardless of
context. Reported by Yair Mizrahi @ JFrog
 2023-07-14 15:34:47 +10:00
djm@openbsd.org
2ee48adb9f
upstream: add defence-in-depth checks for some unreachable integer 
overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@

OpenBSD-Commit-ID: 52af085f4e7ef9f9d8423d8c1840a6a88bda90bd
 2023-07-14 15:33:30 +10:00
djm@openbsd.org
4b43bc358a
upstream: misplaced debug message 
OpenBSD-Commit-ID: d0f12af0a5067a756aa707bc39a83fa6f58bf7e5
 2023-07-14 15:33:29 +10:00
Damien Miller
8c7203bcee
replace deprecate selinux matchpathcon function 
This function is apparently deprecated. Documentation on what is the
supposed replacement is is non-existent, so this follows the approach
glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59

ok dtucker@
 2023-07-12 11:41:19 +10:00
dtucker@openbsd.org
7e8800f5d7
upstream: minleft and maxsign are u_int so cast appropriately. Prompted 
by github PR#410, ok deraadt.

OpenBSD-Commit-ID: 0514cd51db3ec60239966622a0d3495b15406ddd
 2023-07-07 08:30:58 +10:00
dlg@openbsd.org
94842bfe9b
upstream: add support for unix domain sockets to ssh -W 
ok djm@ dtucker@

OpenBSD-Commit-ID: 3e6d47567b895c7c28855c7bd614e106c987a6d8
 2023-07-07 08:20:25 +10:00
David Seifert
a95fc5eed0
gss-serv.c: MAXHOSTNAMELEN -> HOST_NAME_MAX 
`MAXHOSTNAMELEN` is not defined in POSIX, which breaks on musl:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/gethostname.html

Bug: https://bugs.gentoo.org/834044
 2023-07-05 17:54:15 +10:00
Darren Tucker
8a6cd08850
Update runner OS version for hardenedmalloc test. 
Hardenedmalloc dropped support for "legacy glibc" versions in their
64dad0a69 so use a newer Ubuntu version for the runner for that test.
 2023-06-23 09:49:02 +10:00
Damien Miller
cfca6f17e6
handle sysconf(SC_OPEN_MAX) returning > INT_MAX; 
bz3581; ok dtucker
 2023-06-22 15:04:03 +10:00
djm@openbsd.org
c1c2ca1365
upstream: better validate CASignatureAlgorithms in ssh_config and 
sshd_config.

Previously this directive would accept certificate algorithm names, but
these were unusable in practice as OpenSSH does not support CA chains.

part of bz3577; ok dtucker@

OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912
 2023-06-21 15:13:56 +10:00
djm@openbsd.org
4e73cd0f4a
upstream: make ssh -Q CASignatureAlgorithms only list signature 
algorithms that are valid for CA signing. Previous behaviour was to list all
signing algorithms, including certificate algorithms (OpenSSH certificates do
not support CA chains). part of bz3577; ok dtucker@

OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
 2023-06-21 15:13:55 +10:00
djm@openbsd.org
a69062f169
upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker 
bz3581

OpenBSD-Commit-ID: 31cf59c041becc0e5ccb0a77106f812c4cd1cd74
 2023-06-21 15:13:54 +10:00
djm@openbsd.org
8d33f2aa6b
upstream: prepare for support for connecting to unix domain sockets 
using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from
the u32 that's passed over the multiplexing socket; previously code would
just cast, which is UB.

OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384
 2023-06-21 15:13:30 +10:00
djm@openbsd.org
b4ac435b4e
upstream: reset comment=NULL for each key in do_fingerprint(); 
fixes "no comment" not showing on when running `ssh-keygen -l` on multiple
keys where one has a comment and other following keys do not. Patch from
Markus Kuhn via GHPR407, bz3580

OpenBSD-Commit-ID: 3cce84456fdcd67dc6b84e369f92c6686d111d9b
 2023-06-20 10:07:06 +10:00
millert@openbsd.org
b53a809a54
upstream: Store timeouts as int, not u_int as they are limited to 
INT_MAX. Fixes sign compare warnings systems with 32-bit time_t due to type
promotion.  OK djm@

OpenBSD-Commit-ID: 48081e9ad35705c5f1705711704a4c2ff94e87b7
 2023-06-20 10:07:06 +10:00
Philip Hands
2709809fd6
fixup! if -s & -p specified, mention 'sftp -P' on 
success

SSH-Copy-ID-Upstream: 32686e7c65b4fa2846e474d3315102dfa0f043b0
 2023-05-25 18:24:58 +10:00
Darren Tucker
204e0bf051
Make ssh-copy-id(1) consistent with OpenSSH. 
This makes the ssh-copy-id man page more consistent with the rest of the
OpenSSH man pages:
- new sentence, new line
- no sentences >80
- N.B. -> NB
- zap unused .Pp
- zap trailing whitespace

Report from Debian via mindrot bz#3331, diff from jmc at openbsd.org.

SSH-Copy-ID-Upstream: d8974cfb6242316460ed22a1ccc662800a50c5d3
 2023-05-25 18:24:55 +10:00
Philip Hands
9de79df66d
if -s & -p specified, mention 'sftp -P' on success 
This was inspired by this:
 https://github.com/openssh/openssh-portable/pull/321
but I thought that it was better to not do the sed patching.

BTW the reason one can get away with using $SSH_OPTS throughout, despite
the lowercase -p in there, even if sftp is in use, is that the sftp call
is using the already-established ssh master connection, so the port was
passed to the earlier ssh.

SSH-Copy-ID-Upstream: 1c124d9bfafdbe28a00b683367ebf5750ce12eb2
 2023-05-25 18:24:53 +10:00
Philip Hands
801cda54c0
drop whitespace 
SSH-Copy-ID-Upstream: e604fae1cdee35c18055d35dcec530cf12ef00ad
 2023-05-25 18:24:50 +10:00
Philip Hands
288482f536
make -x also apply to the target script 
SSH-Copy-ID-Upstream: 3c4214704f427bd0654adf9b0fc079253db21cf4
 2023-05-25 18:24:47 +10:00
Philip Hands
b79e7b88ed
add -t option to specify the target path 
Allow the default target path (.ssh/authorized_files) to be over-riden

This was inspired by this MR from Panagiotis Cheilaris <philaris@cs.ntua.gr>

 https://gitlab.com/phil_hands/ssh-copy-id/-/merge_requests/8

SSH-Copy-ID-Upstream: a942a0e076874adb6d8b2f0fb76d6c7918190fcd
 2023-05-25 18:24:45 +10:00
Carlos Rodríguez Gili
914f4ad138
Fix test error for /bin/sh on Solaris 10 and older 
On Solaris 10 and older targets /bin/sh is not POSIX-compliant.
Test -z `...` fails with error 'sh: test: argument expected'.
Using quotes around backticks fixes this and doesn't break
POSIX compatibility.

SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065
 2023-05-25 18:24:42 +10:00
Jakub Jelen
bd382dca31
Remove outdated comment 
The commit b068122 removed the code dropping the trailing colon, but the comment stayed leaving the code confusing for future readers

SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6
 2023-05-25 18:24:39 +10:00
Darren Tucker
bdcaf79390
Special case OpenWrt instead of Dropbear. 
OpenWrt overrides the location of authorized_keys for root.  Currently we
assume that all Dropbear installations behave this way, which is not the
case.  Check for OpenWrt and root user before using that location instead
of assuming that for all Dropbear servers.  Prompted by Github PR#250.

SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d
 2023-05-25 18:24:37 +10:00
Philip Hands
cf84498f67
ssh-copy-id: add -x option (for debugging) 
This option causes the ssh-copy-id to run with set -x

SSH-Copy-ID-Upstream: a0ee367ea8c0a29c8b4515245e408d2d349e7844
 2023-05-25 18:24:32 +10:00
Philip Hands
b4a1efdcb8
update copyright notices 
SSH-Copy-ID-Upstream: c284ed33b361814ea48ff68cbd01ca525b2bf117
 2023-05-25 18:24:25 +10:00
djm@openbsd.org
fcd78e31cd
upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand 
appears previously in configuration. Reported by John Meyers in bz3574 ok
dtucker@

OpenBSD-Commit-ID: 1c92e4517284386703936e1d3abaa36cfacf1951
 2023-05-25 09:42:00 +10:00
Tess Gauthier
ce2fd04c3b update wixproj to work with wix install on new build image 2023-05-12 14:09:30 -04:00
Tess Gauthier
3687fcd2f2 change msbuild tool search from manual check instead of using vswhere 2023-05-11 17:22:19 -04:00
Tess Gauthier
2812433868 update string compare 2023-05-10 10:06:11 -04:00
dtucker@openbsd.org
5ec5504f1d
upstream: Remove unused prototypes for ssh1 RSA functions. 
From lengyijun via github PR#396.

OpenBSD-Commit-ID: 379a5afa8b7a0f3cba0c8a9bcceb4e5e33a5c1ef
 2023-05-10 20:40:48 +10:00
Tess Gauthier
004246b07f change to ifndef for diff checking 2023-05-09 15:50:16 -04:00
Tess Gauthier
6c60b64f04 remove static keyword from auth_debug declaration 2023-05-09 15:47:06 -04:00
Tess Gauthier
6d4b212261 merge latestw_all 2023-05-09 15:25:26 -04:00
Tess Gauthier
1aa53ff3b2 change validity check from count check to null-check 2023-05-09 14:35:46 -04:00
Tess Gauthier
d803aaf38f make build script more robust with VSwhere 2023-05-09 14:14:41 -04:00
Tess Gauthier
e6bde298ba update to win11 sdk in paths.targets 2023-05-09 14:14:15 -04:00
Darren Tucker
fbf362b389
main(void) to prevent unused variable warning. 2023-05-09 19:26:56 +10:00
Darren Tucker
baf854c8bb
Remove warning pragma since clang doesn't like it. 2023-05-09 19:25:45 +10:00
Darren Tucker
5fbb7a1349
Suppress warning for snprintf truncation test. 2023-05-09 17:13:33 +10:00
Darren Tucker
47742c513e
Update OpenSSL compat test for 3.x. 2023-05-09 17:12:50 +10:00
Dmitry Igrishin
41e1711194
Fix openbsd-compat/arc4random.c (#676) 
Add trailing curly brace to _rs_init() definition.
 2023-05-08 12:17:05 -04:00
Darren Tucker
86ad25d455
Add macos13 PAM test target. 2023-05-08 20:23:08 +10:00
Darren Tucker
77cca2c4b1
Skip agent-peereid test on macos13. 
sudo -S nobody doesn't work on the github runners (probably a
permission issue) so skip that test.
 2023-05-08 20:14:46 +10:00
Darren Tucker
b356b8e916
Include config.guess in debug output. 2023-05-08 20:14:28 +10:00
Darren Tucker
b7afd8a4ec
Handle OpenSSL >=3 ABI compatibility. 
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
 2023-05-08 20:12:59 +10:00
dtucker@openbsd.org
0e9e2663eb
upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: 3d5f811cfcaed8cc4a97e1db49ac61bdf118113c
 2023-05-01 19:13:18 +10:00
Darren Tucker
d9687f4968
Add macos-13 test target. 
Also flatten OS list for clarity.
 2023-05-01 18:04:35 +10:00
djm@openbsd.org
aacfd67674
upstream: adjust ftruncate() logic to handle servers that reorder 
requests.

sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.

Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@

prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778

OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b
 2023-05-01 08:56:04 +10:00
djm@openbsd.org
c8eb394175
upstream: Check for ProxyJump=none in CanonicalizeHostname logic. 
Previously ssh would incorrectly refuse to canonicalise the hostname
if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes

bz3567; ok dtucker

OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
 2023-04-26 14:38:21 +10:00
Tess Gauthier
6c6465c6ae update paths.targets 2023-04-18 11:51:05 -04:00
Tess Gauthier
162666d44a update build script to use latest toolsets 2023-04-18 11:48:27 -04:00
jsg@openbsd.org
ac383f3a5c
upstream: remove duplicate signal.h include 
OpenBSD-Commit-ID: 30c0a34d74d91ddd0e6992525da70d3293392f70
 2023-04-17 09:21:14 +10:00
jsg@openbsd.org
740dafa20f
upstream: fix double words ok dtucker@ 
OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489
 2023-04-17 09:21:13 +10:00
Tess Gauthier
01f950cf97
Update versions (#673) 
* bump dependency versions

* bump version to 9.2.2.0
 2023-04-12 11:01:52 -04:00
Darren Tucker
6452f89577
Test against LibreSSL 3.7.2. 2023-04-11 16:49:19 +10:00
Chris Greene
33a141fb2f
Complete pending write operations before canceling io. (#628) 
* Complete pending write operations before canceling io.

* Removed comment, question has been addressed in mr.

* include useful comment from  vthiebaut10

---------

Co-authored-by: Christopher Greene <christopher.greene@thetradedesk.com>
 2023-04-06 08:59:07 -07:00
Damien Miller
2138f6be59
remove unused upper-case const strings in fmtfp 
no float format that uses upper-case is supported nor are hex floats.
ok dtucker
 2023-04-06 14:33:10 +10:00
djm@openbsd.org
484c5e6168
upstream: simplify sshsig_find_principals() similar to what happened to 
sshsig_check_allowed_keys() in r1.31, removing some dead code

OpenBSD-Commit-ID: a493e628d4d6c08f878c276d998f4313ba61702d
 2023-04-06 13:57:28 +10:00
djm@openbsd.org
3a7b110fbc
upstream: remove redundant ssh!=NULL check; we'd already 
dereferenced it

OpenBSD-Commit-ID: 852bf12591ec5a9fb12dcbde9b1fd3945ad0df3c
 2023-04-06 13:27:17 +10:00
djm@openbsd.org
2519110659
upstream: match_user() shouldn't be called with user==NULL unless 
host and ipaddr are also NULL

OpenBSD-Commit-ID: fa3518346c21483e9e01a2e4b9436ae501daf8ea
 2023-04-06 13:27:16 +10:00
djm@openbsd.org
3b9ceaad7a
upstream: don't care about glob() return value here. 
OpenBSD-Commit-ID: 85bb82fea90478a482e9f65a1bec0aa24227fd66
 2023-04-06 13:27:16 +10:00
Dan Drown
59d91246b4
support SSH2_AGENTC_ADD_ID_CONSTRAINED for sk-provider@openssh.com (#612) 
* support SSH2_AGENTC_ADD_ID_CONSTRAINED by treating it as SSH2_AGENTC_ADD_IDENTITY

This ignores the requested constraints:
- SSH_AGENT_CONSTRAIN_LIFETIME
- SSH_AGENT_CONSTRAIN_CONFIRM
- SSH_AGENT_CONSTRAIN_MAXSIGN
- SSH_AGENT_CONSTRAIN_EXTENSION

SSH2_AGENTC_ADD_ID_CONSTRAINED is needed to support add U2F/Fido2 ssh keys to the agent from WSL ssh-add and KeePassXC
ref PowerShell/Win32-OpenSSH#1961

* update buffer pointer to after comment string

sshbuf_peek_string_direct doesn't update request offset pointer

* parse agent constraint messages

returns SSH_AGENT_FAILURE on unsupported constraint types, such as:
* SSH_AGENT_CONSTRAIN_LIFETIME
* SSH_AGENT_CONSTRAIN_CONFIRM
* SSH_AGENT_CONSTRAIN_MAXSIGN

returns SSH_AGENT_FAILURE on unsupported constrain extensions, such as:
"restrict-destination-v00@openssh.com"

accepts and ignores constrain extension "sk-provider@openssh.com"

* reject non-internal skproviders & log
 2023-04-05 16:28:10 -04:00
Tess Gauthier
6ad4313d6f update build toolset in config proj 2023-04-04 16:20:47 -04:00
Tess Gauthier
ada0f40a07 use latest sdk in build script 2023-04-04 15:48:27 -04:00
Tess Gauthier
1e901dd60e fix typo 2023-04-04 11:38:06 -04:00
Tess Gauthier
0057ddc5db revert onecore changes 2023-04-04 11:31:03 -04:00
Tess Gauthier
8a86086e86 add _CRT_DECLARE_NONSTDC_NAMES=0 to projects with posix functions 2023-04-04 11:18:39 -04:00
dtucker@openbsd.org
09d8da0849
upstream: Move up null check and simplify process_escapes. 
Based on Coverity CID 291863 which points out we check the channel
pointer for NULLness after dereferencing it.  Move this to the start
of the function, and while there simplify initialization of efc a bit.
ok djm@

OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
 2023-04-03 18:35:04 +10:00
Damien Miller
b36b162be5
need va_end() after va_copy(); ok dtucker 
spotted by Coverity
 2023-04-03 10:01:01 +10:00
dtucker@openbsd.org
f703757234
upstream: Explicitly ignore return from waitpid here too. 
OpenBSD-Commit-ID: eef2403df083c61028969fc679ee370373eacacb
 2023-03-31 17:01:01 +11:00
dtucker@openbsd.org
6b73aa2903
upstream: Explictly ignore return codes 
where we don't check them.

OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740
 2023-03-31 16:17:46 +11:00
dtucker@openbsd.org
6f0308a3e7
upstream: Return immediately from get_sock_port 
if sock <0 so we don't call getsockname on a negative FD.  From Coverity
CID 291840, ok djm@

OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618
 2023-03-31 16:17:22 +11:00
djm@openbsd.org
1c1124dc90
upstream: don't leak arg2 on parse_pubkey_algos error path; ok 
dtucker@

OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75
 2023-03-31 15:32:37 +11:00
djm@openbsd.org
8ba2d4764b
upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker 
OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4
 2023-03-31 15:32:37 +11:00
djm@openbsd.org
1883841fc1
upstream: don't print key if printing hostname failed; with/ok 
dtucker@

OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3
 2023-03-31 15:32:36 +11:00
djm@openbsd.org
c6011129ca
upstream: remove redundant test 
OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
 2023-03-31 15:06:20 +11:00
djm@openbsd.org
4fb29eeafb
upstream: don't attempt to decode a ridiculous number of 
attributes; harmless because of bounds elsewhere, but better to be explicit

OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
 2023-03-31 15:06:20 +11:00
djm@openbsd.org
fc437c154e
upstream: remove unused variable; prompted by Coverity CID 291879 
OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40
 2023-03-31 15:06:19 +11:00
dtucker@openbsd.org
0eb8131e4a
upstream: Check fd against >=0 instead of >0 in error path. The 
dup could in theory return fd 0 although currently it doesn't in practice.
From Dmitry Belyavskiy vi github PR#238.

OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
 2023-03-31 15:06:19 +11:00
dtucker@openbsd.org
7174ba6f8a
upstream: Ignore return value from muxclient(). It normally loops 
without returning, but it if returns on failure we immediately exit.
Coverity CID 405050.

OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295
 2023-03-31 15:06:18 +11:00
Damien Miller
a4c1c2513e
don't call connect() on negative socket 
Coverity CID 405037
 2023-03-31 14:17:22 +11:00
djm@openbsd.org
34ee842cdd
upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file 
is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted
by Coverity; with/ok dtucker@

OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650
 2023-03-30 14:09:51 +11:00
dtucker@openbsd.org
f108e77a9d
upstream: Remove dead code from inside if block. 
The only way the if statement can be true is if both dup()s fail, and
in that case the tmp2 can never be set. Coverity CID 291805, ok djm@

OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
 2023-03-30 14:09:37 +11:00
Darren Tucker
05b8e88ebe
child_set_eng: verify both env pointer and count. 
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
 2023-03-30 14:08:35 +11:00
Tess Gauthier
0b1285526e add updated proj files for testing 2023-03-29 12:47:58 -04:00
dtucker@openbsd.org
28f1b8ef9b
upstream: Ignore return from sshpkt_disconnect 
since we set our own return value for the function.  Coverity CID 291797,
ok djm@

OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04
 2023-03-29 12:33:32 +11:00
dtucker@openbsd.org
c3da05d959
upstream: Plug potential mem leak in process_put. 
It allocates abs_dst inside a loop but only frees it on exit, so free
inside the loop if necessary.  Coverity CID 291837, ok djm@

OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3
 2023-03-29 12:22:33 +11:00
djm@openbsd.org
13ae327eae
upstream: fix memory leak; Coverity CID 291848 
with/ok dtucker@

OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8
 2023-03-29 12:22:23 +11:00
dtucker@openbsd.org
9ffa76e128
upstream: Plug more mem leaks in sftp by making 
make_absolute_pwd_glob work in the same way as make_absolute: you
pass it a dynamically allocated string and it either returns it, or
frees it and allocates a new one. Patch from emaste at freebsd.org and
https://reviews.freebsd.org/D37253 ok djm@

OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc
 2023-03-28 19:03:54 +11:00
dtucker@openbsd.org
82b2b83269
upstream: Remove compat code for OpenSSL < 1.1.* 
since -portable no longer supports them.

OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff
 2023-03-28 19:03:29 +11:00
dtucker@openbsd.org
b500afcf00
upstream: Remove compat code for OpenSSL 1.0.* 
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
 2023-03-28 19:03:10 +11:00
Darren Tucker
727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL. 
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
 2023-03-28 19:03:03 +11:00
Darren Tucker
46db8e14b7
Remove HEADER_SHA_H from previous... 
since it causes more problems than it solves.
 2023-03-28 12:44:03 +11:00
Darren Tucker
72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H. 
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
 2023-03-28 10:35:18 +11:00
Darren Tucker
99668f2e6e
Configure with --target instead of deprecated form. 2023-03-28 09:50:06 +11:00
Darren Tucker
f751d9306c
Pass rpath when building 64bit Solaris. 2023-03-27 22:18:49 +11:00
Darren Tucker
a64b935cd4
Explicitly disable OpenSSL on AIX test VM. 2023-03-27 22:18:46 +11:00
dtucker@openbsd.org
7ebc6f060f
upstream: Add RevokedHostKeys to percent expansion test. 
OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff
 2023-03-27 15:04:36 +11:00
dtucker@openbsd.org
f1a17de150
upstream: Add tilde and environment variable expansion to 
RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
 2023-03-27 15:03:53 +11:00
djm@openbsd.org
009eb4cb48
upstream: fix test: getnameinfo returns a non-zero value on error, not 
(neccessarily) -1. From GHPR#384

OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25
 2023-03-27 14:31:57 +11:00
djm@openbsd.org
4f0a676486
upstream: scp: when copying local->remote, check that source file 
exists before opening SFTP connection to the server. Based on GHPR#370 ok
dtucker, markus

OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb
 2023-03-27 14:28:00 +11:00
Darren Tucker
154d8baf63
Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
Darren Tucker
fbd3811ddb
Explicitly disable security key test on aix51 VM. 
We don't know how to build the shared objects required for the security
key tests so skip them.
 2023-03-27 11:08:00 +11:00
Darren Tucker
4922ac3be8
Split libcrypto and other config flags. 
This should allow the automatic OpenSSL version selection in the tests
to work better.
 2023-03-26 14:49:43 +11:00
Darren Tucker
4a948b1469
Specify test target if we build without OpenSSL. 
When we decide we can't use the versions of OpenSSL available, also
restrict the tests we run to avoid the ones that need OpenSSL.
 2023-03-26 14:39:45 +11:00
Darren Tucker
b308c636f5
Find suitable OpenSSL version. 
Check the installed OpenSSL versions for a suitable one, and if there
isn't (and we don't have a specific version configured) then build
without OpenSSL.
 2023-03-26 14:22:53 +11:00
Damien Miller
021ea5c286
Github testing support for BoringSSL 2023-03-24 15:39:48 +11:00
Damien Miller
9a97cd1064
BoringSSL doesn't support EC_POINT_point2bn() 
so don't invoke it in unittest
 2023-03-24 15:39:48 +11:00
Damien Miller
cc5969c033
another ERR_load_CRYPTO_strings() vestige 2023-03-24 15:39:47 +11:00
Damien Miller
4974293899
don't use obsolete ERR_load_CRYPTO_strings() 
OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings()
 2023-03-24 15:26:27 +11:00
Damien Miller
3c527d55f9
Allow building with BoringSSL 2023-03-24 15:26:26 +11:00
Damien Miller
b7e27cfd7f
put back SSLeay_version compat in configure test 
Needed to detect old versions and give good "your version is bad"
messages at configure time; spotted by dtucker@
 2023-03-24 15:26:26 +11:00
Damien Miller
7280401bdd
remove support for old libcrypto 
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
 2023-03-24 13:56:25 +11:00
Tess Gauthier
b06f2907e3 bump platform toolset to v143 2023-03-21 12:13:10 -04:00
Tess Gauthier
cdee73645a
add codeql suppression and explanation (#670) 2023-03-20 13:59:39 -04:00
Darren Tucker
abda22fb48
Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. 2023-03-19 15:36:13 +11:00
Tess Gauthier
51d658e8da
change server firewall settings to private profile only (#669) 2023-03-16 13:29:40 -04:00
Darren Tucker
610ac1cb07
Show 9.3 branch instead of 9.2. 2023-03-16 21:38:04 +11:00
Damien Miller
cb30fbdbee
depend 2023-03-16 08:28:19 +11:00
Damien Miller
1dba63eb10
crank version 2023-03-16 08:27:54 +11:00
djm@openbsd.org
ba7532d0da
upstream: openssh-9.3 
OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848
 2023-03-16 08:21:56 +11:00
Tess Gauthier
e4b56ece19
revert motw entirely for scp and sftp (#668) 
* revert motw entirely for scp and sftp

* revert scp
 2023-03-15 13:33:53 -04:00
dtucker@openbsd.org
6fd4daafb9
upstream: Free KRL ptr in addition to its contents. 
From Coverity CID 291841, ok djm@

OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6
 2023-03-14 18:35:50 +11:00
dtucker@openbsd.org
1d270bd303
upstream: Check pointer for NULL before deref. 
None of the existing callers seem to do that, but it's worth checking.
From Coverity CID 291834, ok djm@

OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4
 2023-03-14 18:35:31 +11:00
dtucker@openbsd.org
d95af508e7
upstream: Limit number of entries in SSH2_MSG_EXT_INFO 
request. This is already constrained by the maximum SSH packet size but this
makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@

OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09
 2023-03-12 22:02:18 +11:00
dtucker@openbsd.org
8f287ba60d
upstream: calloc can return NULL but xcalloc can't. 
From Coverity CID 291881, ok djm@

OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b
 2023-03-12 22:01:57 +11:00
dtucker@openbsd.org
83a56a49fd
upstream: Explicitly ignore return from fcntl 
(... FD_CLOEXEC) here too.  Coverity CID 291853.

OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5
 2023-03-12 22:01:44 +11:00
Damien Miller
0fda9d704d
bounds checking for getrrsetbyname() replacement; 
Spotted by Coverity in CID 405033; ok millert@
 2023-03-10 15:59:46 +11:00
dtucker@openbsd.org
89b8df518f
upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. 
OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac
 2023-03-10 15:42:37 +11:00
Darren Tucker
bf4dae0ad1
Add prototypes for mkstemp replacements. 
Should prevent warnings due to our wrapper function.
 2023-03-10 14:46:57 +11:00
dtucker@openbsd.org
4e04d68d6a
upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since 
there's not much we can do anyway.  From Coverity CID 291857, ok djm@

OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729
 2023-03-10 14:46:25 +11:00
djm@openbsd.org
d6d38fd77c
upstream: Like sshd_config, some ssh_config options are not 
first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for
this file

OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e
 2023-03-10 14:02:39 +11:00
dtucker@openbsd.org
7187d3f86b
upstream: Remove no-op (int) > INT_MAX checks 
since they can never be true. From Coverity CID 405031, ok djm@

OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84
 2023-03-10 13:45:00 +11:00
Darren Tucker
77adde4305
Wrap mkstemp calls with umask set/restore. 
glibc versions 2.06 and earlier did not set a umask on files created by
mkstemp created the world-writable.  Wrap mkstemp to set and restore
the umask.  From Coverity (CIDs 291826 291886 291891), ok djm@
 2023-03-10 13:27:29 +11:00
jcs@openbsd.org
633d3dc2a1
upstream: modify parentheses in conditionals to make it clearer what is 
being assigned and what is being checked

ok djm dtucker

OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
 2023-03-10 10:40:02 +11:00
dtucker@openbsd.org
733030840c
upstream: Re-split the merge of the reorder-hostkeys test. 
In the kex_proposal_populate_entries change I merged the the check for
reordering hostkeys with the actual reordering, but kex_assemble_names
mutates options.hostkeyalgorithms which renders the check ineffective.
Put the check back where it was.  Spotted and tested by jsg@, ok djm@

OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de
 2023-03-09 18:32:48 +11:00
djm@openbsd.org
54ac4ab2b5
upstream: include destination constraints for smartcard keys too. 
Spotted by Luci Stanescu; ok deraadt@ markus@

OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
 2023-03-09 18:32:48 +11:00
Darren Tucker
bfd1ad01d9
Limit the number of PAM environment variables. 
xcalloc has its own limits, but these are specific to PAM.  From
Coverity CID 405198, ok djm@
 2023-03-09 18:32:48 +11:00
Darren Tucker
a231414970
Limit the number of PAM environment variables. 
From Coverity CID 405194, tweaks and ok djm@
 2023-03-09 18:32:48 +11:00
dtucker@openbsd.org
36c6c3eff5
upstream: Plug mem leak. Coverity CID 405196, ok djm@ 
OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2
 2023-03-08 17:31:07 +11:00
tb@openbsd.org
dfb9b736e1
upstream: ssh-pkcs11: synchronize error messages with errors 
A handful of error messages contained incorrect function names or
otherwise inaccurate descriptions. Fix them to match reality.

input/ok djm

OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411
 2023-03-08 17:26:57 +11:00
guenther@openbsd.org
51875897b8
upstream: Delete obsolete /* ARGSUSED */ lint comments. 
ok miod@ millert@

OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
 2023-03-08 17:26:53 +11:00
Darren Tucker
a76085bda8
Extra brackets to prevent warning. 2023-03-08 17:26:51 +11:00
djm@openbsd.org
147ae57d4d
upstream: use RSA/SHA256 when testing usability of private key in 
agent; with/ok dtucker

OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56
 2023-03-08 11:06:57 +11:00
djm@openbsd.org
27fd251bc9
upstream: use RSA/SHA256 when testing usability of private key; 
based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker

OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba
 2023-03-08 11:06:57 +11:00
djm@openbsd.org
eee9f3fc3d
upstream: refactor to be more readable top to bottom. Prompted by 
Coverity CID 405048 which was a false-positive fd leak; ok dtucker@

OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00
 2023-03-08 11:06:56 +11:00
Darren Tucker
42a06b29a4
Add header changes missed in previous. 2023-03-07 18:34:41 +11:00
dtucker@openbsd.org
4710077096
upstream: Fix mem leak in environment setup. 
From jjelen at redhat.com via bz#2687, ok djm@

OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353
 2023-03-07 17:32:03 +11:00
dtucker@openbsd.org
03acc50d0c
upstream: Unit test for kex_proposal_populate_entries. 
OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006
 2023-03-07 17:31:57 +11:00
djm@openbsd.org
3f9231c2e1
upstream: fix memory leak in process_read() path; Spotted by James 
Robinson in GHPR363; ok markus@

OpenBSD-Commit-ID: cdc2d98e6478b7e7f3a36976845adae3820429d8
 2023-03-07 16:38:40 +11:00
djm@openbsd.org
c5e6e89083
upstream: correct size for array argument when changing 
UMAC_OUTPUT_LEN Coverity CID 291845; ok dtucker@

OpenBSD-Commit-ID: 2eb017d10705bb623d4418691f961c930eafaec0
 2023-03-07 16:38:39 +11:00
Danny Maertens
29ad502773
Merge pull request #666 from kemaruya/latestw_all 
It is a workaround to address the #2027 issue.
 2023-03-06 11:21:30 -08:00
dtucker@openbsd.org
9641753e0f
upstream: Refactor creation of KEX proposal. 
This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs.  Remove unused compat functions.
With & ok djm@.

OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
 2023-03-06 23:31:52 +11:00
dtucker@openbsd.org
aa59d6a489
upstream: Fix mem and FILE leaks in moduli screening. 
If multiple -Ocheckpoint= options are passed, the earlier ones would
be overwritten and leaked.  If we use an input file that wasn't stdin,
close that.  From Coverity CIDs 291884 and 291894.

OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b
 2023-03-05 20:33:29 +11:00
dtucker@openbsd.org
23b8cb4176
upstream: Plug mem leak in moduli checkpoint option parsing. 
From Coverity CID 291894.

OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4
 2023-03-05 19:33:39 +11:00
dtucker@openbsd.org
fc7f8f2188
upstream: Remove unused compat.h includes. 
We've previously removed a lot of the really old compatibility code,
and with it went the need to include compat.h in most of the files that
have it.

OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
 2023-03-05 19:27:31 +11:00
dtucker@openbsd.org
6c165c3624
upstream: Use time_t for x11 timeout. 
Use time_t instead of u_int for remaining x11 timeout checks for 64bit
time_t safety.  From Coverity CIDs 405197 and 405028, ok djm@

OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972
 2023-03-04 14:43:21 +11:00
dtucker@openbsd.org
4a3918f51b
upstream: Ensure ms_remain is always initialized 
similar to what we do in ssh_packet_write_wait.  bz#2687, from jjelen
at redhat.com.

OpenBSD-Commit-ID: a50e0541cf823f8d1c72f71ccde925d3dbe6dfac
 2023-03-04 14:43:10 +11:00
dtucker@openbsd.org
e44846a448
upstream: Check for non-NULL before string 
comparison. From jjelen at redhat.com via bz#2687.

OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f
 2023-03-04 14:42:56 +11:00
djm@openbsd.org
1842d523fa
upstream: guard against getsockname(-1, ...) from Coverity CID 
291832

OpenBSD-Commit-ID: e58d5227327917d189229b7f0b37d2780f360d5f
 2023-03-03 16:12:05 +11:00
djm@openbsd.org
78571a5fe9
upstream: some options are not first-match-wins. Mention that there 
are exceptions at the start of the manpage and label some of them in the
option description.

OpenBSD-Commit-ID: 3b74728446fa6fc8742769eeb8c3674e233e84c4
 2023-03-03 16:12:04 +11:00
djm@openbsd.org
d1c1b3272e
upstream: actually print "channeltimeout none" in config dump mode; 
spotted via Coverity CID 405022

OpenBSD-Commit-ID: b074b52bf138b75f08264e8da15880b29c7a630f
 2023-03-03 16:12:04 +11:00
Darren Tucker
8bf61e9561
Add Coverity badges. 2023-03-03 14:50:03 +11:00
dtucker@openbsd.org
93291bd723
upstream: Check return values of dup2. Spotted by Coverity, ok djm@ 
OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b
 2023-03-03 14:49:14 +11:00
dtucker@openbsd.org
e37261dff3
upstream: Use time_t for x11_refuse_time timeout. We need 
SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available.
Fixes a Coverity warning for 64bit time_t safety, ok djm@

OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d
 2023-03-03 14:16:42 +11:00
dtucker@openbsd.org
32755a98c2
upstream: Check return value from fctnl and warn on failure. 
Spotted by Coverity, ok djm@

OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab
 2023-03-03 14:14:12 +11:00
dtucker@openbsd.org
5fc60e8246
upstream: Remove SUDO in proxy command wrapper. Anything that needs 
sudo is already run by it, and it breaks if root isn't in sudoers.

OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9
 2023-03-02 22:33:12 +11:00
dtucker@openbsd.org
0d514659b2
upstream: Fix breakage on dhgex test. 
This was due to the sshd logs being written to the wrong log file.
While there, make save_debug_logs less verbose, write the name of the
tarball to regress.log and use $SUDO to remove the old symlinks (which
shouldn't be needed, but won't hurt).  Initial problem spotted by anton@.

OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b
 2023-03-02 19:32:21 +11:00
dtucker@openbsd.org
860201201d
upstream: Quote grep and log message better. 
OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4
 2023-03-02 19:32:18 +11:00
dtucker@openbsd.org
03a03c6002
upstream: Always call fclose on checkpoints. 
In the case of an fprintf failure we would not call fclose which would
leak the FILE pointer.  While we're there, try to clean up the temp file
on failure.  Spotted by Coverity, ok djm@

OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef
 2023-03-02 18:24:51 +11:00
dtucker@openbsd.org
13fe8f9785
upstream: Remove old log symlinks 
before creating new ones. In -portable some platforms don't like
overwriting existing symlinks.

OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f
 2023-03-02 17:43:00 +11:00
Darren Tucker
131fcbcaff
Adjust test jobs for new log directory. 2023-03-01 23:23:02 +11:00
dtucker@openbsd.org
a6f4ac8a2b
upstream: Rework logging for the regression tests. 
Previously we would log to ssh.log and sshd.log, but that is insufficient
for tests that have more than one concurent ssh/sshd.

Instead, we'll log to separate datestamped files in a $OBJ/log/ and
leave a symlink at the previous location pointing at the most recent
instance with an entry in regress.log showing which files were created
at each point.  This should be sufficient to reconstruct what happened
even for tests that use multiple instances of each program.  If the test
fails, tar up all of the logs for later analysis.

This will let us also capture the output from some of the other tools
which was previously sent to /dev/null although most of those will be
in future commits.

OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24
 2023-03-01 22:02:47 +11:00
Kenichi Maruyama
f01eb59dc4 Update win32-utf8.c 
Reflects mgkuhn's comment.
 2023-03-01 14:07:51 +09:00
dtucker@openbsd.org
8ead62ed5e
upstream: fatal out if allocating banner string fails to avoid 
potential null deref later in sscanf.  Spotted by Coverity, ok deraadt@

OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5
 2023-03-01 09:01:14 +11:00
Kenichi Maruyama
fb388657c8 Update win32-utf8.c 
I implemented a workaround for the #2027 issue.
 2023-02-28 18:51:09 +09:00
dtucker@openbsd.org
44ca56ba0b
upstream: Explicitly ignore return from fchmod 
similar to other calls to prevent warning.

OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a
 2023-02-28 20:02:29 +11:00
dtucker@openbsd.org
803392933a
upstream: Plug mem leak on globbed ls error path. 
Spotted by Coverity, ok deraadt@

OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c
 2023-02-28 19:51:21 +11:00
Darren Tucker
aa33b4d396
Cast time_t's in debug output to long long. 
Should fix Coverity warning about truncation of 64bit time_t.
 2023-02-27 21:04:22 +11:00
Darren Tucker
b0fd60a9de
Do shadow expiry calcs using "long long". 
Coverity flags these as potentially not 64bit time_t safe so use
long long for the calculations and debug output.  ok djm@
 2023-02-27 17:28:59 +11:00
Damien Miller
01dbeb3084
avoid clash between for getopt's struct option 
Since we don't use getopt_long() nothing outside the getopt()
implementation itself uses this structure, so move it into the
source to remove it from visibility and clashes with libc's

ok dtucker@
 2023-02-27 17:10:12 +11:00
Darren Tucker
eb88d07c43
Revert explicit chmods on private keys. 
This should no longer be needed on Cygwin test runners due to previous
commit.
 2023-02-25 14:45:41 +11:00
Darren Tucker
52b75db610
Remove extended ACLs from working dirs. 
This should allow umask to work as expected and prevent tests from
failing due to excessive permissions on private keys.
 2023-02-25 14:43:28 +11:00
Darren Tucker
0c5d4c843d
Explicitly set permissions on user and host keys. 
On cygwin, the umask might not be sufficient.  Should fix tests on
Github runners.
 2023-02-24 13:44:13 +11:00
djm@openbsd.org
6c9fc9d7a9
upstream: fix progressmeter corruption on wide displays; bz3534 
feedback/ok dtucker@

OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3
 2023-02-22 15:06:44 +11:00
dtucker@openbsd.org
fe0bd3cde9
upstream: fseek to end of known_hosts before writing to it. 
POSIX and ANSI C require that applications call fseek or similar between
read and writing to a RW file.  OpenBSD doesn't enforce this, but some
(System V derived) platforms need this to prevent it from writing a
spurious extra byte (in this case, a newline).  ok djm@ deraadt@

OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137
 2023-02-21 18:28:26 +11:00
Darren Tucker
357fb8ae14
Also run unit tests on AIX VMs. 
In the past these tests took too long, but these days it only adds
about 5 min to the run.
 2023-02-21 17:51:09 +11:00
Darren Tucker
17781aaa51
Wrap stdint.h inside ifdef. 2023-02-21 17:49:22 +11:00
Mayank Sharma
ef798bad38
Add includes to ptimeout test. 
Fixes test failures on AIX due to type mismatches.
 2023-02-20 23:24:15 +11:00
Darren Tucker
ab69dda05d
Always use the openssl binary configure tells us. 
This fixes tests on platforms that do not have the openssl tool
installed at all.
 2023-02-20 20:01:29 +11:00
dtucker@openbsd.org
2a7e344990
upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code 
to set this was removed in OpenSSH 7.7 when support for SSH implementations
dating back to before RFC standardization were removed.  "burn it all" djm@

OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
 2023-02-17 15:43:57 +11:00
dtucker@openbsd.org
0833ccf2c8
upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This 
was previously set for OpenSSH 2.3 (released in 2000) but this check was
removed in OpenSSH 7.7 (2018).  ok djm@ deraadt@

OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af
 2023-02-17 15:43:54 +11:00
Damien Miller
c81c2bea6e
whitespace fixes 2023-02-17 10:12:40 +11:00
Damien Miller
500f90b39d
whitespace at EOL 2023-02-17 10:02:08 +11:00
dtucker@openbsd.org
6835015240
upstream: Remove SSH_BUG_PASSWORDPAD compat bit 
since it's no longer used. ok markus@

OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b
 2023-02-16 21:33:00 +11:00
dtucker@openbsd.org
537cccd804
upstream: Remove SSH_BUG_IGNOREMSG compat flag 
since it's only applicable to SSH1 and thus no longer used.  ok markus@
"kill it with fire" djm@

OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab
 2023-02-16 21:12:07 +11:00
jmc@openbsd.org
285cf6cd4b
upstream: space between macro and punctuation; sort usage(); 
OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c
 2023-02-16 21:11:38 +11:00
jmc@openbsd.org
d39a96f70f
upstream: space between macro and punctuation; 
OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e
 2023-02-16 21:11:35 +11:00
jmc@openbsd.org
16e82bf53f
upstream: sort SYNOPSIS; 
OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e
 2023-02-16 21:11:32 +11:00
Darren Tucker
d9685121ff
Improve seccomp compat on older systems. 
Check if flags to mmap and madvise are defined before using them.
Should fix problems building on older Linux systems that don't have
these.  bz#3537, with & ok djm@.
 2023-02-11 12:32:19 +11:00
djm@openbsd.org
6180b0fa4f
upstream: test -Ohashalg=... and that the default output contains both 
specified hash algorithms; prompted by dtucker@

OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51
 2023-02-10 16:13:06 +11:00
djm@openbsd.org
d651f5c9fe
upstream: let ssh-keygen and ssh-keyscan accept 
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@

OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
 2023-02-10 16:12:42 +11:00
djm@openbsd.org
18938d11a9
upstream: add a sshd -G option that parses and prints the 
effective configuration without attempting to load private keys and perform
other checks. This allows usage of the option before keys have been
generated.

bz3460 feedback/ok dtucker@

OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29
 2023-02-10 16:12:42 +11:00
djm@openbsd.org
df7d3dbf71
upstream: make ssh -Q CASignatureAlgorithms work as the manpage says 
it should bz3532

OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc
 2023-02-10 15:44:19 +11:00
Darren Tucker
d3b8d4198b
Add CentOS 7 test targets. 2023-02-10 14:26:44 +11:00
dtucker@openbsd.org
22efb01e35
upstream: Test adding terminating newline to known_hosts. 
OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365
 2023-02-09 21:08:33 +11:00
dtucker@openbsd.org
caec6da1a5
upstream: ssh-agent doesn't actually take -v, 
so the recently-added ones will result in the test not cleaning up
after itself.  Patch from cjwatson at debian.org vi bz#3536.

OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a
 2023-02-09 21:08:16 +11:00
dtucker@openbsd.org
3c379c9a84
upstream: Ensure that there is a terminating newline when adding a new 
entry to known_hosts.  bz#3529, with git+openssh at limpsquid.nl, ok deraadt@
markus@

OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0
 2023-02-09 21:07:59 +11:00
Darren Tucker
95b6bbd255
Replace 9.1 with 9.2 on CI status page. 2023-02-07 08:46:06 +11:00
Damien Miller
195313dfe1
harden Linux seccomp sandbox 
Linux mmap(2) and madvise(2) syscalls support quite a number of funky
flags that we don't expect that sshd/libc will ever need. We can
exclude this kernel attack surface by filtering the mmap(2) flags
and the madvise(2) advice arguments.

Similarly, the sandboxed process in sshd is a single-threaded program
that does not use shared memory for synchronisation or communication.
Therefore, there should be no reason for the advanced priority
inheritance futex(2) operations to be necessary. These can also be
excluded.

Motivated by Jann Horn pointing out that there have been kernel bugs
in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and
CVE-2022-42703.

Feedback Jann Horn, ok dtucker@
 2023-02-06 13:26:42 +11:00
340 changed files with 60490 additions and 7841 deletions
Show Stats Expand all files Collapse all files

52
.azdo/ci.yml
View File

@ -10,13 +10,6 @@ pr:
include:
- latestw_all
resources:
repositories:
- repository: ComplianceRepo
type: github
endpoint: ComplianceGHRepo
name: PowerShell/compliance
stages:
- stage: Build
displayName: Build Win32-OpenSSH
@ -26,7 +19,7 @@ stages:
pool:
name: PS-PowerShell-x64
demands:
- ImageOverride -equals PSMMS2019-OpenSSH-Secure
- ImageOverride -equals PSMMS2022-OpenSSH-Secure
steps:
- powershell: |
@ -88,36 +81,6 @@ stages:
Write-Host "##vso[artifact.upload containerfolder=$artifactName;artifactname=$artifactName;]$configFilePath"
displayName: Upload Win32-OpenSSH build artifacts
- stage: Compliance
displayName: Compliance
dependsOn: Build
jobs:
- job: ComplianceJob
pool:
vmImage: windows-latest
steps:
- checkout: self
clean: true
- checkout: ComplianceRepo
clean: true
- download: current
artifact: 'Win32-OpenSSH'
- template: ci-compliance.yml@ComplianceRepo
parameters:
# credscan
suppressionsFile: ''
# Documentation: https://eng.ms/docs/security-compliance-identity-and-management-scim/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/security-analysis-report-build-task
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@2
continueOnError: true
displayName: 'Guardian Export'
inputs:
GdnExportVstsConsole: true
GdnExportSarifFile: true
GdnExportHtmlFile: true
GdnExportAllTools: false
GdnExportGdnToolCredScan: true
#this didn't do anything GdnExportCustomLogsFolder: '$(Build.ArtifactStagingDirectory)/Guardian'
- stage: Test
displayName: Test Win32-OpenSSH
dependsOn: Build
@ -126,6 +89,8 @@ stages:
pool:
vmImage: windows-latest
displayName: Win32-OpenSSH On Windows
variables:
testFilesDrivePath: '**'
steps:
- powershell: |
$powerShellPath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'powershell'
@ -201,6 +166,17 @@ stages:
Invoke-OpenSSHTests -OpenSSHBinPath "$env:SystemDrive/OpenSSH"
displayName: Run tests
- pwsh: |
Write-Host "##vso[task.setvariable variable=testFilesDrivePath;]$env:SystemDrive"
displayName: Set variable
- task: PublishTestResults@2
inputs:
testResultsFormat: 'NUnit'
testResultsFiles: '$(testFilesDrivePath)/OpenSSHTests/*.xml'
failTaskOnFailedTests: true
condition: always()
- pwsh: |
Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force
#

2
.azdo/codeql.yml
View File

@ -18,7 +18,7 @@ stages:
pool:
name: PS-PowerShell-x64
demands:
- ImageOverride -equals PSMMS2019-OpenSSH-Secure
- ImageOverride -equals PSMMS2022-OpenSSH-Secure
variables:
Codeql.Enabled: true
Codeql.Cadence: 23 # hours

63
.depend
View File

@ -16,21 +16,22 @@ auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h xmalloc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
auth.o: authfile.h monitor_wrap.h compat.h channels.h
auth.o: authfile.h monitor_wrap.h channels.h
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h
auth2-hostbased.o: monitor_wrap.h pathnames.h match.h
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
auth2-methods.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h xmalloc.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h compat.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h
auth2.o: digest.h
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h
auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h digest.h kex.h
auth2.o: mac.h crypto_api.h
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h log.h ssherr.h atomicio.h misc.h
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h
@ -44,11 +45,11 @@ cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@ -60,8 +61,9 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp
hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
kex-names.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kex.h mac.h crypto_api.h log.h ssherr.h match.h digest.h misc.h xmalloc.h
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
kex.o: match.h misc.h monitor.h sshbuf.h digest.h
kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
@ -82,20 +84,21 @@ monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h monitor_wrap.h srclimit.h
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h
platform-listen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
readconf.o: uidswap.h myproposal.h digest.h
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h uidswap.h
readconf.o: myproposal.h digest.h
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@ -107,12 +110,12 @@ sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compa
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h
servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h
servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
session.o: hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
@ -123,9 +126,9 @@ sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbs
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h
sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h servconf.h openbsd-compat/sys-queue.h match.h
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@ -133,8 +136,8 @@ ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbs
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h
ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h
ssh-keyscan.o: dispatch.h log.h ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
@ -146,7 +149,7 @@ ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
ssh_api.o: authfile.h dh.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@ -154,11 +157,13 @@ sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
sshconnect.o: authfd.h kex.h mac.h crypto_api.h
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h match.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
sshd-session.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
sshd-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h
sshd.o: audit.h loginrec.h authfd.h msg.h version.h sk-api.h addr.h srclimit.h
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshpty.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h digest.h sshkey.h authfile.h pathnames.h canohost.h hostfile.h auth.h auth-pam.h
ssherr.o: ssherr.h
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h

2
.git_allowed_signers
View File

@ -1,4 +1,6 @@
dtucker@dtucker.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG
dtucker@dtucker.net sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDV81zWQ1+XVfWH5z4L4klDQ/z/6l2GLphfSTX/Rmq6kL5H8mkfzUlryxLlkN8cD9srtVJBAmwJWfJBNsCo958YAAAAEc3NoOg==
djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg==
djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg==
djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg==

26
.git_allowed_signers.asc
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg
YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/
H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe
GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP
NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38
BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob
hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y
v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi
BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR
RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv
nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB
u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o=
=kgnS
iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmYHnZ8ACgkQKj9BTnNg
YLquuQ/6A8E6P2jcgn3wmbbCTXP7kmxoh3nmw/e6PC8CEua1512oT3GHOKVD5cGK
cgYRObpWvjOjg7L1HRABftq7a9M2zfsGnY/WNe3/fbetfkyY8hG8c31vA1ePIOt2
AjBLCWFblH0CtyH/MssoQ19JCLtXK/GmekB1Q0JzyOog7w/0r3CKuUnZ0juCYR1R
4FBePl5l3nFSZEcFEdptGlNGeuolS5XBCqB9Y91TCzkVkH5eXUUW+shgjNhWCEhT
pZvkxfhsmOEnwNofyPdgKVfDBVkHmvuC67EU395mJVN4c2NZ8pOztb9hOt3xr980
q44I4kT2NpaApCx1dWIGhMy/37LJ8heI0W1B+ofTA5n34/RU8UXH3SCkj2AK6Ao5
H2u8vbmuWKUCiECmrw35EeKGmtuK/bWJzx3KBP7fx5J9S3mWUgT4W4xlWNN9RWoU
sSvH1ppie5ARINVaAWl5k44fk60ahTf80DbQBIOZBmQn7myZZka+yGcQbAiZZ1Gc
0l8+Nf5Ao1ckmuyY5o8FyWdsyDeK3+MqjPn5Rr1CqbKCn2VnqrVWbI33Eyu8c96U
bxVgU5H1BDhNjJC8UrT3LFPvJMO8p3a0IJ3eHydjk2jVOhOdBZmA0yoqUTrhPpXq
ymIHESjDJR8TDe4TCfb46o9oEC3cdbDwgnzPqdg0n+0uIsJLYiU=
=gl+l
-----END PGP SIGNATURE-----

11
.github/ci-status.md vendored
View File

@ -4,7 +4,12 @@ master :
[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master)
[![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
9.1 :
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_1)
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_1)
9.8 :
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8)
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8)
9.7 :
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7)
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7)

96
.github/configs vendored
View File

@ -30,6 +30,13 @@ case "$config" in
default|sol64)
;;
c89)
# If we don't have LLONG_MAX, configure will figure out that it can
# get it by setting -std=gnu99, at which point we won't be testing
# C89 any more. To avoid this, feed it in via CFLAGS.
llong_max=`gcc -E -dM - </dev/null | \
awk '$2=="__LONG_LONG_MAX__"{print $3}'`
CPPFLAGS="-DLLONG_MAX=${llong_max}"
CC="gcc"
CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
CONFIGFLAGS="--without-zlib"
@ -81,7 +88,8 @@ case "$config" in
CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer"
LDFLAGS="-fsanitize=memory"
CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path='$SANLOGS'/msan.log\"'
CONFIGFLAGS="--without-openssl --without-zlib --without-shadow"
CONFIGFLAGS="--without-zlib --without-shadow"
LIBCRYPTOFLAGS="--without-openssl"
TEST_TARGET="t-exec"
;;
*-sanitize-undefined)
@ -100,9 +108,19 @@ case "$config" in
SKIP_LTESTS=sftp-chroot
;;
gcc-11-Werror)
CC="gcc"
CC="gcc-11"
# -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled
CFLAGS="-Wall -Wextra -O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter"
# -Wunused-result ignores (void) so is not useful. See
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
CFLAGS="-O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter -Wno-unused-result"
CONFIGFLAGS="--with-pam --with-Werror"
;;
gcc-12-Werror)
CC="gcc-12"
# -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled
# -Wunused-result ignores (void) so is not useful. See
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
CFLAGS="-O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter -Wno-unused-result"
CONFIGFLAGS="--with-pam --with-Werror"
;;
clang*|gcc*)
@ -139,9 +157,18 @@ case "$config" in
CONFIGFLAGS="--with-pam"
SSHD_CONFOPTS="UsePam yes"
;;
boringssl)
CONFIGFLAGS="--disable-pkcs11"
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/boringssl --with-rpath=-Wl,-rpath,"
;;
libressl-*)
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
;;
putty-*)
CONFIGFLAGS="--with-plink=/usr/local/bin/plink --with-puttygen=/usr/local/bin/puttygen"
# We don't need to rerun the regular tests, just the interop ones.
TEST_TARGET=interop-tests
;;
openssl-*)
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
# OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec
@ -181,6 +208,7 @@ case "$config" in
# and hostbased (since valgrind won't let ssh exec keysign).
# Slow ones are run separately to increase parallelism.
SKIP_LTESTS="agent-timeout connection-timeout hostbased"
SKIP_LTESTS="$SKIP_LTESTS penalty-expire"
SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}"
;;
valgrind-2)
@ -200,6 +228,10 @@ case "$config" in
;;
esac
;;
zlib-develop)
INSTALL_ZLIB=develop
CONFIGFLAGS="--with-zlib=/opt/zlib --with-rpath=-Wl,-rpath,"
;;
*)
echo "Unknown configuration $config"
exit 1
@ -209,19 +241,21 @@ esac
# The Solaris 64bit targets are special since they need a non-flag arg.
case "$config" in
sol64*)
CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
CONFIGFLAGS="--target=x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64 --with-rpath=-Wl,-rpath,"
;;
esac
case "${TARGET_HOST}" in
aix*)
CONFIGFLAGS="--disable-security-key"
LIBCRYPTOFLAGS="--without-openssl"
# These are slow real or virtual machines so skip the slowest tests
# (which tend to be thw ones that transfer lots of data) so that the
# test run does not time out.
# The agent-restrict test fails due to some quoting issue when run
# with sh or ksh so specify bash for now.
TEST_TARGET="t-exec TEST_SHELL=bash"
TEST_TARGET="t-exec unit TEST_SHELL=bash"
SKIP_LTESTS="rekey sftp"
;;
debian-riscv64)
@ -240,20 +274,23 @@ case "${TARGET_HOST}" in
SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
;;
minix3)
LIBCRYPTOFLAGS="--without-openssl --disable-security-key"
CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
# Unix domain sockets don't work quite like we expect, so also
# disable FD passing (and thus multiplexing).
CONFIGFLAGS="${CONFIGFLAGS} --disable-fd-passing"
LIBCRYPTOFLAGS="--without-openssl"
# Minix does not have a loopback interface so we have to skip any
# test that relies on one.
# Also, Minix seems to be very limited in the number of select()
# calls that can be operating concurrently, so prune additional tests for that.
T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse
connect connect-uri exit-status forwarding hostkey-agent
key-options keyscan knownhosts-command login-timeout
connect connect-uri dynamic-forward exit-status forwarding
forward-control
hostkey-agent key-options keyscan knownhosts-command login-timeout
reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds
sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data
transfer"
# Unix domain sockets don't work quite like we expect, so also skip any tests
# that use multiplexing.
T="$T connection-timeout dynamic-forward forward-control multiplex"
transfer penalty penalty-expire"
SKIP_LTESTS="$(echo $T)"
TEST_TARGET=t-exec
SUDO=""
@ -264,7 +301,8 @@ case "${TARGET_HOST}" in
CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key"
;;
openwrt-*)
CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib"
CONFIGFLAGS="${CONFIGFLAGS} --without-zlib"
LIBCRYPTOFLAGS="--without-openssl"
TEST_TARGET="t-exec"
;;
sol10|sol11)
@ -278,7 +316,8 @@ case "${TARGET_HOST}" in
;;
esac
case "`./config.guess`" in
host=`./config.guess`
case "$host" in
*cygwin)
SUDO=""
# Don't run compat tests on cygwin as they don't currently compile.
@ -289,17 +328,38 @@ case "`./config.guess`" in
# modern versions don't ship with libcrypto.
LIBCRYPTOFLAGS="--without-openssl"
TEST_TARGET=t-exec
# On some OS X runners we can't write to /var/empty.
CONFIGFLAGS="${CONFIGFLAGS} --with-privsep-path=/usr/local/empty"
case "$host" in
*-darwin22.*)
# sudo -S nobody doesn't work on macos 13 for some reason.
SKIP_LTESTS="agent-getpeereid" ;;
esac
;;
esac
# If we have a local openssl/libressl, use that.
# Unless specifically configured, search for a suitable version of OpenSSL,
# otherwise build without it.
if [ -z "${LIBCRYPTOFLAGS}" ]; then
LIBCRYPTOFLAGS="--without-openssl"
# last-match
for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
for i in /usr /usr/local /usr/local/ssl /usr/local/opt/openssl; do
ver="none"
if [ -x ${i}/bin/openssl ]; then
LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
ver="$(${i}/bin/openssl version)"
fi
case "$ver" in
none) ;;
"OpenSSL 0."*|"OpenSSL 1.0."*|"OpenSSL 1.1.0"*) ;;
"LibreSSL 2."*|"LibreSSL 3.0."*) ;;
*) LIBCRYPTOFLAGS="--with-ssl-dir=${i}" ;;
esac
done
if [ "${LIBCRYPTOFLAGS}" = "--without-openssl" ]; then
TEST_TARGET="t-exec"
fi
fi
CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"

3
.github/run_test.sh vendored
View File

@ -9,6 +9,7 @@ set -ex
# If we want to test hostbased auth, set up the host for it.
if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then
sshconf=/usr/local/etc
$SUDO mkdir -p "${sshconf}"
hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null
echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null
$SUDO mkdir -p $sshconf
@ -21,7 +22,7 @@ if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then
fi
output_failed_logs() {
for i in regress/failed*; do
for i in regress/failed*.log; do
if [ -f "$i" ]; then
echo -------------------------------------------------------------------------
echo LOGFILE $i

110
.github/setup_ci.sh vendored
View File

@ -4,20 +4,21 @@ PACKAGES=""
. .github/configs $@
case "`./config.guess`" in
host=`./config.guess`
echo "config.guess: $host"
case "$host" in
*cygwin)
PACKAGER=setup
echo Setting CYGWIN sustem environment variable.
echo Setting CYGWIN system environment variable.
setx CYGWIN "binmode"
chmod -R go-rw /cygdrive/d/a
umask 077
echo Removing extended ACLs so umask works as expected.
setfacl -b . regress
PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
;;
*-darwin*)
PACKAGER=brew
brew install automake
exit 0
PACKAGES="automake"
;;
*)
PACKAGER=apt
@ -28,20 +29,30 @@ TARGETS=$@
INSTALL_FIDO_PPA="no"
export DEBIAN_FRONTEND=noninteractive
#echo "Setting up for '$TARGETS'"
set -ex
set -e
if [ -x "`which lsb_release 2>&1`" ]; then
lsb_release -a
fi
# Ubuntu 22.04 defaults to private home dirs which prevent the
# agent-getpeerid test from running ssh-add as nobody. See
# https://github.com/actions/runner-images/issues/6106
if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
echo ~ is not executable by nobody, adding perms.
chmod go+x ~
if [ ! -z "$SUDO" ]; then
# Ubuntu 22.04 defaults to private home dirs which prevent the
# agent-getpeerid test from running ssh-add as nobody. See
# https://github.com/actions/runner-images/issues/6106
if ! "$SUDO" -u nobody test -x ~; then
echo ~ is not executable by nobody, adding perms.
chmod go+x ~
fi
# Some of the Mac OS X runners don't have a nopasswd sudo rule. Regular
# sudo still works, but sudo -u doesn't. Restore the sudo rule.
if ! "$SUDO" grep -E 'runner.*NOPASSWD' /etc/passwd >/dev/null; then
echo "Restoring runner nopasswd rule to sudoers."
echo 'runner ALL=(ALL) NOPASSWD: ALL' |$SUDO tee -a /etc/sudoers
fi
if ! "$SUDO" -u nobody -S test -x ~ </dev/null; then
echo "Still can't sudo to nobody."
exit 1
fi
fi
if [ "${TARGETS}" = "kitchensink" ]; then
@ -55,6 +66,7 @@ for flag in $CONFIGFLAGS; do
esac
done
echo "Setting up for '$TARGETS'"
for TARGET in $TARGETS; do
case $TARGET in
default|without-openssl|without-zlib|c89)
@ -85,7 +97,9 @@ for TARGET in $TARGETS; do
esac
;;
*pam)
PACKAGES="$PACKAGES libpam0g-dev"
case "$PACKAGER" in
apt) PACKAGES="$PACKAGES libpam0g-dev" ;;
esac
;;
sk)
INSTALL_FIDO_PPA="yes"
@ -114,7 +128,7 @@ for TARGET in $TARGETS; do
1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
esac
PACKAGES="${PACKAGES} putty-tools"
PACKAGES="${PACKAGES} putty-tools dropbear-bin"
;;
libressl-*)
INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
@ -122,11 +136,21 @@ for TARGET in $TARGETS; do
master) ;;
*) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
esac
PACKAGES="${PACKAGES} putty-tools"
PACKAGES="${PACKAGES} putty-tools dropbear-bin"
;;
boringssl)
INSTALL_BORINGSSL=1
PACKAGES="${PACKAGES} cmake ninja-build"
;;
putty-*)
INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-)
PACKAGES="${PACKAGES} cmake"
;;
valgrind*)
PACKAGES="$PACKAGES valgrind"
;;
zlib-*)
;;
*) echo "Invalid option '${TARGET}'"
exit 1
;;
@ -148,6 +172,13 @@ while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
PACKAGES=""
fi
;;
brew)
if [ ! -z "PACKAGES" ]; then
if brew install $PACKAGES; then
PACKAGES=""
fi
fi
;;
setup)
if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then
PACKAGES=""
@ -168,7 +199,7 @@ if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
(cd ${HOME} &&
git clone https://github.com/GrapheneOS/hardened_malloc.git &&
cd ${HOME}/hardened_malloc &&
make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/)
make && sudo cp out/libhardened_malloc.so /usr/lib/)
fi
if [ ! -z "${INSTALL_OPENSSL}" ]; then
@ -189,13 +220,50 @@ if [ ! -z "${INSTALL_LIBRESSL}" ]; then
git checkout ${INSTALL_LIBRESSL} &&
sh update.sh && sh autogen.sh &&
./configure --prefix=/opt/libressl &&
make -j2 && sudo make install)
make && sudo make install)
else
LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
(cd ${HOME} &&
wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
cd libressl-${INSTALL_LIBRESSL} &&
./configure --prefix=/opt/libressl && make -j2 && sudo make install)
./configure --prefix=/opt/libressl && make && sudo make install)
fi
fi
if [ ! -z "${INSTALL_BORINGSSL}" ]; then
(cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl &&
cd ${HOME}/boringssl && mkdir build && cd build &&
cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja &&
mkdir -p /opt/boringssl/lib &&
cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib &&
cp -r ${HOME}/boringssl/include /opt/boringssl)
fi
if [ ! -z "${INSTALL_ZLIB}" ]; then
(cd ${HOME} && git clone https://github.com/madler/zlib.git &&
cd ${HOME}/zlib && ./configure && make &&
sudo make install prefix=/opt/zlib)
fi
if [ ! -z "${INSTALL_PUTTY}" ]; then
ver="${INSTALL_PUTTY}"
case "${INSTALL_PUTTY}" in
snapshot)
tarball=putty.tar.gz
(cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball})
;;
*)
tarball=putty-${ver}.tar.gz
(cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball})
;;
esac
(cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-*
if [ -f CMakeLists.txt ]; then
cmake . && cmake --build . && sudo cmake --build . --target install
else
./configure && make && sudo make install
fi
)
/usr/local/bin/plink -V
fi

69
.github/workflows/c-cpp.yml vendored
View File

@ -1,16 +1,28 @@
name: C/C++ CI
on:
workflow_dispatch:
workflow_dispatch: # disable for win32-openssh fork
# push:
# paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ]
# pull_request:
# paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ]
jobs:
ci:
name: "${{ matrix.target }} ${{ matrix.config }}"
if: github.repository != 'openssh/openssh-portable-selfhosted'
strategy:
fail-fast: false
matrix:
# First we test all OSes in the default configuration.
target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022]
target:
- ubuntu-20.04
- ubuntu-22.04
- macos-12
- macos-13
- macos-14
- windows-2019
- windows-2022
config: [default]
# Then we include any extra configs we want to test for specific VMs.
# Valgrind slows things down quite a bit, so start them first.
@ -37,38 +49,51 @@ jobs:
- { target: ubuntu-20.04, config: gcc-7 }
- { target: ubuntu-20.04, config: gcc-8 }
- { target: ubuntu-20.04, config: gcc-10 }
- { target: ubuntu-20.04, config: gcc-11-Werror }
- { target: ubuntu-22.04, config: gcc-11-Werror }
- { target: ubuntu-22.04, config: gcc-12-Werror }
- { target: ubuntu-20.04, config: pam }
- { target: ubuntu-20.04, config: kitchensink }
- { target: ubuntu-20.04, config: hardenedmalloc }
- { target: ubuntu-22.04, config: hardenedmalloc }
- { target: ubuntu-20.04, config: tcmalloc }
- { target: ubuntu-20.04, config: musl }
- { target: ubuntu-latest, config: boringssl }
- { target: ubuntu-latest, config: libressl-master }
- { target: ubuntu-latest, config: libressl-2.2.9 }
- { target: ubuntu-latest, config: libressl-2.8.3 }
- { target: ubuntu-latest, config: libressl-3.0.2 }
- { target: ubuntu-latest, config: libressl-3.2.6 }
- { target: ubuntu-latest, config: libressl-3.3.6 }
- { target: ubuntu-latest, config: libressl-3.4.3 }
- { target: ubuntu-latest, config: libressl-3.5.3 }
- { target: ubuntu-latest, config: libressl-3.6.1 }
- { target: ubuntu-latest, config: libressl-3.7.0 }
- { target: ubuntu-latest, config: libressl-3.7.2 }
- { target: ubuntu-latest, config: libressl-3.8.4 }
- { target: ubuntu-latest, config: libressl-3.9.1 }
- { target: ubuntu-latest, config: openssl-master }
- { target: ubuntu-latest, config: openssl-noec }
- { target: ubuntu-latest, config: openssl-1.0.1 }
- { target: ubuntu-latest, config: openssl-1.0.1u }
- { target: ubuntu-latest, config: openssl-1.0.2u }
- { target: ubuntu-latest, config: openssl-1.1.0h }
- { target: ubuntu-latest, config: openssl-1.1.1 }
- { target: ubuntu-latest, config: openssl-1.1.1k }
- { target: ubuntu-latest, config: openssl-1.1.1n }
- { target: ubuntu-latest, config: openssl-1.1.1q }
- { target: ubuntu-latest, config: openssl-1.1.1s }
- { target: ubuntu-latest, config: openssl-1.1.1t }
- { target: ubuntu-latest, config: openssl-1.1.1w }
- { target: ubuntu-latest, config: openssl-3.0.0 }
- { target: ubuntu-latest, config: openssl-3.0.5 }
- { target: ubuntu-latest, config: openssl-3.0.7 }
- { target: ubuntu-latest, config: openssl-3.0.13 }
- { target: ubuntu-latest, config: openssl-3.1.0 }
- { target: ubuntu-latest, config: openssl-3.1.5 }
- { target: ubuntu-latest, config: openssl-3.2.1 }
- { target: ubuntu-latest, config: openssl-3.3.0 }
- { target: ubuntu-latest, config: openssl-1.1.1_stable }
- { target: ubuntu-latest, config: openssl-3.0 } # stable branch
- { target: ubuntu-latest, config: openssl-3.1 } # stable branch
- { target: ubuntu-latest, config: openssl-3.2 } # stable branch
- { target: ubuntu-latest, config: openssl-3.3 } # stable branch
- { target: ubuntu-latest, config: putty-0.71 }
- { target: ubuntu-latest, config: putty-0.72 }
- { target: ubuntu-latest, config: putty-0.73 }
- { target: ubuntu-latest, config: putty-0.74 }
- { target: ubuntu-latest, config: putty-0.75 }
- { target: ubuntu-latest, config: putty-0.76 }
- { target: ubuntu-latest, config: putty-0.77 }
- { target: ubuntu-latest, config: putty-0.78 }
- { target: ubuntu-latest, config: putty-0.79 }
- { target: ubuntu-latest, config: putty-0.80 }
- { target: ubuntu-latest, config: putty-snapshot }
- { target: ubuntu-latest, config: zlib-develop }
- { target: ubuntu-22.04, config: pam }
- { target: ubuntu-22.04, config: krb5 }
- { target: ubuntu-22.04, config: heimdal }
@ -77,8 +102,9 @@ jobs:
- { target: ubuntu-22.04, config: selinux }
- { target: ubuntu-22.04, config: kitchensink }
- { target: ubuntu-22.04, config: without-openssl }
- { target: macos-11, config: pam }
- { target: macos-12, config: pam }
- { target: macos-13, config: pam }
- { target: macos-14, config: pam }
runs-on: ${{ matrix.target }}
steps:
- name: set cygwin git params
@ -102,7 +128,7 @@ jobs:
- name: make clean
run: make clean
- name: make
run: make -j2
run: make
- name: make tests
run: sh ./.github/run_test.sh ${{ matrix.config }}
env:
@ -120,3 +146,4 @@ jobs:
regress/valgrind-out/
regress/asan.log.*
regress/msan.log.*
regress/log/*

6
.github/workflows/cifuzz.yml vendored
View File

@ -1,6 +1,10 @@
name: CIFuzz
on:
workflow_dispatch:
workflow_dispatch: # disable for win32-openssh fork
# push:
# paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ]
# pull_request:
# paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ]
jobs:
Fuzzing:

89
.github/workflows/selfhosted.yml vendored
View File

@ -1,17 +1,27 @@
name: C/C++ CI self-hosted
on:
workflow_dispatch:
workflow_dispatch: # disable for win32-openssh fork
# push:
# paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ]
jobs:
selfhosted:
name: "${{ matrix.target }} ${{ matrix.config }}"
if: github.repository == 'openssh/openssh-portable-selfhosted'
runs-on: ${{ matrix.host }}
timeout-minutes: 600
env:
DEBUG_ACTIONS: false
HOST: ${{ matrix.host }}
TARGET_HOST: ${{ matrix.target }}
TARGET_CONFIG: ${{ matrix.config }}
TARGET_DOMAIN: ${{ startsWith(matrix.host, 'libvirt') && format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }}
EPHEMERAL: ${{ startsWith(matrix.host, 'libvirt') }}
PERSISTENT: ${{ startsWith(matrix.host, 'persist') }}
REMOTE: ${{ startsWith(matrix.host, 'remote') }}
VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }}
SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }}
strategy:
fail-fast: false
# We use a matrix in two parts: firstly all of the VMs are tested with the
@ -20,15 +30,17 @@ jobs:
matrix:
target:
- alpine
- centos7
- debian-i386
- dfly30
- dfly48
- dfly58
- dfly60
- dfly62
- dfly64
- fbsd10
- fbsd12
- fbsd13
- fbsd14
- minix3
- nbsd3
- nbsd4
@ -36,20 +48,28 @@ jobs:
- nbsd9
- obsd51
- obsd67
- obsd69
- obsd70
- obsd72
- obsd73
- obsd74
- obsdsnap
- obsdsnap-i386
- openindiana
- sol10
- sol11
- ubuntu-2204
config:
- default
host:
- libvirt
include:
# Long-running/slow tests have access to high priority runners.
- { target: aix51, config: default, host: libvirt-hipri }
- { target: openindiana, config: pam, host: libvirt-hipri }
- { target: sol10, config: default, host: libvirt-hipri }
- { target: sol10, config: pam, host: libvirt-hipri }
- { target: sol11, config: default, host: libvirt-hipri }
- { target: sol11, config: pam-krb5, host: libvirt-hipri }
- { target: sol11, config: sol64, host: libvirt-hipri }
# Then we include extra libvirt test configs.
- { target: aix51, config: default, host: libvirt }
- { target: centos7, config: pam, host: libvirt }
- { target: debian-i386, config: pam, host: libvirt }
- { target: dfly30, config: without-openssl, host: libvirt}
- { target: dfly48, config: pam ,host: libvirt }
@ -59,39 +79,50 @@ jobs:
- { target: fbsd10, config: pam, host: libvirt }
- { target: fbsd12, config: pam, host: libvirt }
- { target: fbsd13, config: pam, host: libvirt }
- { target: fbsd14, config: pam, host: libvirt }
- { target: nbsd8, config: pam, host: libvirt }
- { target: nbsd9, config: pam, host: libvirt }
- { target: openindiana, config: pam, host: libvirt }
- { target: sol10, config: pam, host: libvirt }
- { target: sol11, config: pam-krb5, host: libvirt }
- { target: sol11, config: sol64, host: libvirt }
- { target: nbsd10, config: pam, host: libvirt }
# ARM64 VMs
- { target: obsd-arm64, config: default, host: libvirt-arm64 }
# VMs with persistent disks that have their own runner.
- { target: win10, config: default, host: win10 }
- { target: win10, config: cygwin-release, host: win10 }
# Physical hosts, with either native runners or remote via ssh.
- { target: win10, config: default, host: persist-win10 }
- { target: win10, config: cygwin-release, host: persist-win10 }
# Physical hosts with native runners.
- { target: ARM, config: default, host: ARM }
- { target: ARM64, config: default, host: ARM64 }
- { target: ARM64, config: pam, host: ARM64 }
- { target: debian-riscv64, config: default, host: debian-riscv64 }
- { target: openwrt-mips, config: default, host: openwrt-mips }
- { target: openwrt-mipsel, config: default, host: openwrt-mipsel }
# Physical hosts with remote runners.
- { target: debian-riscv64, config: default, host: remote-debian-riscv64 }
- { target: openwrt-mips, config: default, host: remote-openwrt-mips }
- { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel }
steps:
- name: shutdown VM if running
run: vmshutdown
- name: unmount stale workspace
if: env.SSHFS == 'true'
run: fusermount -u ${GITHUB_WORKSPACE} || true
working-directory: ${{ runner.temp }}
- name: shutdown VM if running
if: env.VM == 'true'
run: vmshutdown
- uses: actions/checkout@main
- name: autoreconf
run: autoreconf
- name: startup VM
if: env.VM == 'true'
run: vmstartup
working-directory: ${{ runner.temp }}
- name: copy and mount workspace
if: env.SSHFS == 'true'
run: sshfs_mount
working-directory: ${{ runner.temp }}
- name: configure
run: vmrun ./.github/configure.sh ${{ matrix.config }}
- name: save config
uses: actions/upload-artifact@main
with:
name: ${{ matrix.target }}-${{ matrix.config }}-config
path: config.h
# - name: save config
# uses: actions/upload-artifact@main
# with:
# name: ${{ matrix.target }}-${{ matrix.config }}-config
# path: config.h
- name: make clean
run: vmrun make clean
- name: make
@ -108,8 +139,12 @@ jobs:
config.h
config.log
regress/*.log
regress/log/*
regress/valgrind-out/
- name: shutdown VM
if: always()
run: vmshutdown
- name: unmount workspace
if: always() && env.SSHFS == 'true'
run: fusermount -u ${GITHUB_WORKSPACE} || true
working-directory: ${{ runner.temp }}
- name: shutdown VM
if: always() && env.VM == 'true'
run: vmshutdown

24
.github/workflows/upstream.yml vendored
View File

@ -1,24 +1,32 @@
name: Upstream self-hosted
on:
push:
branches: [ master ]
paths: [ '**.c', '**.h', '.github/**' ]
workflow_dispatch: # disable for win32-openssh fork
# push:
# branches: [ master ]
# paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ]
jobs:
selfhosted:
name: "upstream ${{ matrix.target }} ${{ matrix.config }}"
if: github.repository == 'openssh/openssh-portable-selfhosted'
runs-on: 'libvirt'
env:
DEBUG_ACTIONS: true
EPHEMERAL: true
HOST: 'libvirt'
TARGET_HOST: ${{ matrix.target }}
TARGET_CONFIG: ${{ matrix.config }}
TARGET_DOMAIN: ${{ format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }}
strategy:
fail-fast: false
matrix:
target: [ obsdsnap, obsdsnap-i386 ]
config: [ default, without-openssl, ubsan ]
steps:
- name: unmount stale workspace
run: fusermount -u ${GITHUB_WORKSPACE} || true
working-directory: ${{ runner.temp }}
- name: shutdown VM if running
run: vmshutdown
working-directory: ${{ runner.temp }}
@ -26,6 +34,9 @@ jobs:
- name: startup VM
run: vmstartup
working-directory: ${{ runner.temp }}
- name: copy and mount workspace
run: sshfs_mount
working-directory: ${{ runner.temp }}
- name: update source
run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
- name: make clean
@ -33,7 +44,7 @@ jobs:
- name: make
run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
- name: make install
run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart"
- name: make tests`
run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
env:
@ -46,6 +57,11 @@ jobs:
name: ${{ matrix.target }}-${{ matrix.config }}-logs
path: |
/usr/obj/regress/usr.bin/ssh/obj/*.log
/usr/obj/regress/usr.bin/ssh/obj/log/*
- name: unmount workspace
if: always()
run: fusermount -u ${GITHUB_WORKSPACE} || true
working-directory: ${{ runner.temp }}
- name: shutdown VM
if: always()
run: vmshutdown

6
.gitignore vendored
View File

@ -2,23 +2,21 @@
Makefile
buildpkg.sh
config.h
config.h.in
config.h.in~
config.log
config.status
configure
aclocal.m4
openbsd-compat/Makefile
openbsd-compat/regress/Makefile
openssh.xml
opensshd.init
survey.sh
**/*.0
**/*.o
**/*.lo
**/*.so
**/*.out
**/*.a
**/*.un~
**/.*.swp
autom4te.cache/
scp
sftp

10
.skipped-commit-ids
View File

@ -1,3 +1,4 @@
509bb19bb9762a4b3b589af98bac2e730541b6d4 clean sshd random relinking kit
5317f294d63a876bfc861e19773b1575f96f027d remove libssh from makefiles
a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes
f2c9feb26963615c4fece921906cf72e248b61ee more Makefile
@ -27,6 +28,15 @@ cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile
f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update
1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes
e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks
5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update
ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes
2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit
866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes
8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 sshd-session relink kit
6d2ded4cd91d4d727c2b26e099b91ea935bed504 relink kit
fb39324748824cb0387e9d67c41d1bef945c54ea Makefile change
5f378c38ad8976d507786dc4db9283a879ec8cd0 Makefile change
112aacedd3b61cc5c34b1fa6d9fb759214179172 Makefile change
Old upstream tree:

8666
ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

8
INSTALL
View File

@ -21,12 +21,8 @@ https://zlib.net/
libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
is supported but severely restricts the available ciphers and algorithms.
- LibreSSL (https://www.libressl.org/)
- OpenSSL (https://www.openssl.org) with any of the following versions:
- 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
1.1.0g can't be used.
- LibreSSL (https://www.libressl.org/) 3.1.0 or greater
- OpenSSL (https://www.openssl.org) 1.1.1 or greater
LibreSSL/OpenSSL should be compiled as a position-independent library
(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"

44
Makefile.in
View File

@ -24,6 +24,7 @@ SSH_PROGRAM=@bindir@/ssh
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSHD_SESSION=$(libexecdir)/sshd-session
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
@ -37,6 +38,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
-D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
-D_PATH_SSHD_SESSION=\"$(SSHD_SESSION)\" \
-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
-D_PATH_SSH_SK_HELPER=\"$(SSH_SK_HELPER)\" \
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
@ -69,7 +71,7 @@ MKDIR_P=@MKDIR_P@
.SUFFIXES: .lo
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
XMSS_OBJS=\
ssh-xmss.o \
@ -107,7 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \
ssh-ed25519.o digest-openssl.o digest-libc.o \
hmac.o ed25519.o hash.o \
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kex.o kex-names.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexgexc.o kexgexs.o \
kexsntrup761x25519.o sntrup761.o kexgen.o \
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
@ -118,17 +120,23 @@ SKOBJS= ssh-sk-client.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect2.o mux.o $(SKOBJS)
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
SSHDOBJS=sshd.o \
platform-listen.o \
servconf.o sshpty.o srclimit.o groupaccess.o auth2-methods.o \
dns.o fatal.o compat.o utf8.o authfd.o canohost.o \
$(SKOBJS)
SSHD_SESSION_OBJS=sshd-session.o auth-rhosts.o auth-passwd.o \
audit.o audit-bsm.o audit-linux.o platform.o \
sshpty.o sshlogin.o servconf.o serverloop.o \
auth.o auth2.o auth-options.o session.o \
auth.o auth2.o auth2-methods.o auth-options.o session.o \
auth2-chall.o groupaccess.o \
auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-pubkeyfile.o \
monitor.o monitor_wrap.o auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o \
srclimit.o sftp-server.o sftp-common.o \
sftp-server.o sftp-common.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o uidswap.o $(SKOBJS)
@ -207,7 +215,10 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(CHANNELLIBS)
sshd-session$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHD_SESSION_OBJS)
$(LD) -o $@ $(SSHD_SESSION_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -399,6 +410,7 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd-session$(EXEEXT) $(DESTDIR)$(SSHD_SESSION)$(EXEEXT)
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
@ -517,6 +529,10 @@ regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
regress/timestamp$(EXEEXT): $(srcdir)/regress/timestamp.c $(REGRESSLIBS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/timestamp.c \
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@ -691,6 +707,7 @@ regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
regress-binaries: regress-prep $(LIBCOMPAT) \
regress/modpipe$(EXEEXT) \
regress/timestamp$(EXEEXT) \
regress/setuid-allowed$(EXEEXT) \
regress/netcat$(EXEEXT) \
regress/check-perm$(EXEEXT) \
@ -710,7 +727,7 @@ regress-unit-binaries: regress-prep $(REGRESSLIBS) \
regress/unittests/sshsig/test_sshsig$(EXEEXT) \
regress/unittests/utf8/test_utf8$(EXEEXT)
tests: file-tests t-exec interop-tests unit
tests: file-tests t-exec interop-tests extra-tests unit
echo all tests passed
unit: regress-unit-binaries
@ -721,7 +738,7 @@ unit: regress-unit-binaries
OBJ="$(BUILDDIR)/regress" \
$@ && echo $@ tests passed
interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
interop-tests t-exec file-tests extra-tests: regress-prep regress-binaries $(TARGETS)
cd $(srcdir)/regress || exit $$?; \
EGREP='@EGREP@' \
OPENSSL_BIN='@OPENSSL_BIN@' \
@ -736,6 +753,7 @@ interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
TEST_SSH_SCP="$(BUILDDIR)/scp" \
TEST_SSH_SSH="$(BUILDDIR)/ssh" \
TEST_SSH_SSHD="$(BUILDDIR)/sshd" \
TEST_SSH_SSHD_SESSION="$(BUILDDIR)/sshd-session" \
TEST_SSH_SSHAGENT="$(BUILDDIR)/ssh-agent" \
TEST_SSH_SSHADD="$(BUILDDIR)/ssh-add" \
TEST_SSH_SSHKEYGEN="$(BUILDDIR)/ssh-keygen" \
@ -746,9 +764,13 @@ interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
TEST_SSH_SK_HELPER="$(BUILDDIR)/ssh-sk-helper" \
TEST_SSH_SFTPSERVER="$(BUILDDIR)/sftp-server" \
TEST_SSH_MODULI_FILE="$(abs_top_srcdir)/moduli" \
TEST_SSH_PLINK="plink" \
TEST_SSH_PUTTYGEN="puttygen" \
TEST_SSH_CONCH="conch" \
TEST_SSH_PLINK="@PLINK@" \
TEST_SSH_PUTTYGEN="@PUTTYGEN@" \
TEST_SSH_CONCH="@CONCH@" \
TEST_SSH_DROPBEAR="@DROPBEAR@" \
TEST_SSH_DROPBEARKEY="@DROPBEARKEY@" \
TEST_SSH_DROPBEARCONVERT="@DROPBEARCONVERT@" \
TEST_SSH_DBCLIENT="@DBCLIENT@" \
TEST_SSH_IPV6="@TEST_SSH_IPV6@" \
TEST_SSH_UTF8="@TEST_SSH_UTF8@" \
TEST_SHELL="$(TEST_SHELL)" \

82
PROTOCOL
View File

@ -104,6 +104,85 @@ http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.o
This is identical to curve25519-sha256 as later published in RFC8731.
1.9 transport: ping facility
OpenSSH implements a transport level ping message SSH2_MSG_PING
and a corresponding SSH2_MSG_PONG reply.
#define SSH2_MSG_PING 192
#define SSH2_MSG_PONG 193
The ping message is simply:
byte SSH_MSG_PING
string data
The reply copies the data (which may be the empty string) from the
ping:
byte SSH_MSG_PONG
string data
Replies are sent in order. They are sent immediately except when rekeying
is in progress, in which case they are queued until rekeying completes.
The server advertises support for these messages using the
SSH2_MSG_EXT_INFO mechanism (RFC8308), with the following message:
string "ping@openssh.com"
string "0" (version)
The ping/reply message is implemented at the transport layer rather
than as a named global or channel request to allow pings with very
short packet lengths, which would not be possible with other
approaches.
1.10 transport: strict key exchange extension
OpenSSH supports a number of transport-layer hardening measures under
a "strict KEX" feature. This feature is signalled similarly to the
RFC8308 ext-info feature: by including a additional algorithm in the
initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
if they are present in subsequent SSH2_MSG_KEXINIT packets.
When an endpoint that supports this extension observes this algorithm
name in a peer's KEXINIT packet, it MUST make the following changes to
the protocol:
a) During initial KEX, terminate the connection if out-of-sequence
packet or any message that is not strictly required by KEX is
received. This includes terminating the connection if the first
packet received is not SSH2_MSG_KEXINIT. Unexpected packets for
the purpose of strict KEX include messages that are otherwise
valid at any time during the connection such as SSH2_MSG_DEBUG,
SSH2_MSG_IGNORE or SSH2_MSG_UNIMPLEMENTED.
b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
packet sequence number to zero. This behaviour persists for the
duration of the connection (i.e. not just the first
SSH2_MSG_NEWKEYS).
1.11 transport: SSH2_MSG_EXT_INFO during user authentication
This protocol extension allows the SSH2_MSG_EXT_INFO to be sent
during user authentication. RFC8308 does allow a second
SSH2_MSG_EXT_INFO notification, but it may only be sent at the end
of user authentication and this is too late to signal per-user
server signature algorithms.
Support for receiving the SSH2_MSG_EXT_INFO message during user
authentication is signalled by the client including a
"ext-info-in-auth@openssh.com" key via its initial SSH2_MSG_EXT_INFO
set after the SSH2_MSG_NEWKEYS message.
A server that supports this extension MAY send a second
SSH2_MSG_EXT_INFO message any time after the client's first
SSH2_MSG_USERAUTH_REQUEST, regardless of whether it succeed or fails.
The client SHOULD be prepared to update the server-sig-algs that
it received during an earlier SSH2_MSG_EXT_INFO with the later one.
2. Connection protocol changes
2.1. connection: Channel write close extension "eow@openssh.com"
@ -657,6 +736,7 @@ identifiers:
The server will reply with a SSH_FXP_EXTENDED_REPLY:
byte SSH_FXP_EXTENDED_REPLY
uint32 id
string usernames
string groupnames
@ -712,4 +792,4 @@ master instance and later clients.
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
$OpenBSD: PROTOCOL,v 1.48 2022/11/07 01:53:01 dtucker Exp $
$OpenBSD: PROTOCOL,v 1.55 2024/01/08 05:05:15 djm Exp $

40
PROTOCOL.agent
View File

@ -1,5 +1,5 @@
The SSH agent protocol is described in
https://tools.ietf.org/html/draft-miller-ssh-agent-04
https://tools.ietf.org/html/draft-miller-ssh-agent
This file documents OpenSSH's extensions to the agent protocol.
@ -31,7 +31,7 @@ should be bound for user authentication or forwarding.
When an agent received this message, it will verify the signature and
check the consistency of its contents, including refusing to accept
a duplicate session identifier, or any attempt to bind a connection
previously bound for authentication. It will then then record the
previously bound for authentication. It will then record the
binding for the life of the connection for use later in testing per-key
destination constraints.
@ -49,10 +49,13 @@ Where a constraint consists of:
string from_username (must be empty)
string from_hostname
string reserved
keyspec[] from_hostkeys
string to_username
string to_hostname
string reserved
keyspec[] to_hostkeys
string reserved
And a keyspec consists of:
@ -81,4 +84,35 @@ the constraint is:
This option is only valid for XMSS keys.
$OpenBSD: PROTOCOL.agent,v 1.18 2022/09/21 22:26:50 dtucker Exp $
3. associated-certs-v00@openssh.com key constraint extension
The key constraint extension allows certificates to be associated
with private keys as they are loaded from a PKCS#11 token.
byte SSH_AGENT_CONSTRAIN_EXTENSION (0xff)
string associated-certs-v00@openssh.com
bool certs_only
string certsblob
Where "certsblob" consists of one or more certificates encoded as public
key blobs:
string[] certificates
This extension is only valid for SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED
requests. When an agent receives this extension, it will attempt to match
each certificate in the request with a corresponding private key loaded
from the requested PKCS#11 token. When a matching key is found, the
agent will graft the certificate contents to the token-hosted private key
and store the result for subsequent use by regular agent operations.
If the "certs_only" flag is set, then this extension will cause ONLY
the resultant certificates to be loaded to the agent. The default
behaviour is to load the PKCS#11-hosted private key as well as the
resultant certificate.
A SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS
if any key (plain private or certificate) was successfully loaded, or
SSH_AGENT_FAILURE if no key was loaded.
$OpenBSD: PROTOCOL.agent,v 1.23 2024/04/30 05:45:56 djm Exp $

4
PROTOCOL.key
View File

@ -40,7 +40,7 @@ of the cipher block size.
byte[] privatekey2
string comment2
...
string privatekeyN
byte[] privatekeyN
string commentN
byte 1
byte 2
@ -68,4 +68,4 @@ For unencrypted keys the cipher "none" and the KDF "none"
are used with empty passphrases. The options if the KDF "none"
are the empty string.
$OpenBSD: PROTOCOL.key,v 1.3 2022/07/01 04:45:50 djm Exp $
$OpenBSD: PROTOCOL.key,v 1.4 2024/03/30 05:56:22 djm Exp $

55
PROTOCOL.krl
View File

@ -37,6 +37,7 @@ The available section types are:
#define KRL_SECTION_FINGERPRINT_SHA1 3
#define KRL_SECTION_SIGNATURE 4
#define KRL_SECTION_FINGERPRINT_SHA256 5
#define KRL_SECTION_EXTENSION 255
2. Certificate section
@ -64,6 +65,7 @@ The certificate section types are:
#define KRL_SECTION_CERT_SERIAL_RANGE 0x21
#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22
#define KRL_SECTION_CERT_KEY_ID 0x23
#define KRL_SECTION_CERT_EXTENSION 0x39
2.1 Certificate serial list section
@ -114,6 +116,29 @@ associated with a particular identity, e.g. a host or a user.
This section must contain at least one "key_id". This section may appear
multiple times.
2.5. Certificate Extension subsections
This subsection type provides a generic extension mechanism to the
certificates KRL section that may be used to provide optional or critical
data.
Extensions are stored in subsections of type
KRL_SECTION_CERT_EXTENSION with the following contents:
string extension_name
boolean is_critical
string extension_contents.
Where "extension_name" describes the type of extension. It is
recommended that user extensions follow "cert-name@domain.org" naming.
The "is_critical" indicates whether this extension is mandatory or
optional. If true, then any unsupported extension encountered should
result in KRL parsing failure. If false, then it may be safely be
ignored.
The "extension_contents" contains the body of the extension.
3. Explicit key sections
These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys
@ -144,7 +169,33 @@ as a big-endian integer.
This section may appear multiple times.
5. KRL signature sections
5. Extension sections
This section type provides a generic extension mechanism to the KRL
format that may be used to provide optional or critical data.
Extensions are recorded in sections of type KRL_SECTION_EXTENSION
with the following contents:
string extension_name
boolean is_critical
string extension_contents.
Where "extension_name" describes the type of extension. It is
recommended that user extensions follow "name@domain.org" naming.
The "is_critical" indicates whether this extension is mandatory or
optional. If true, then any unsupported extension encountered should
result in KRL parsing failure. If false, then it may be safely be
ignored.
The "extension_contents" contains the body of the extension.
6. KRL signature sections
Note: KRL signatures are not supported by OpenSSH. OpenSSH >= 9.4 will
refuse to load KRLs that contain signatures. We recommend the use
of SSHSIG (`ssh-keygen -Y sign ...`) style signatures for KRLs instead.
The KRL_SECTION_SIGNATURE section serves a different purpose to the
preceding ones: to provide cryptographic authentication of a KRL that
@ -168,4 +219,4 @@ Implementations that retrieve KRLs over untrusted channels must verify
signatures. Signature sections are optional for KRLs distributed by
trusted means.
$OpenBSD: PROTOCOL.krl,v 1.5 2018/09/12 01:21:34 djm Exp $
$OpenBSD: PROTOCOL.krl,v 1.7 2023/07/17 04:01:10 djm Exp $

4
PROTOCOL.mux
View File

@ -188,8 +188,6 @@ For dynamically allocated listen port the server replies with
7. Requesting closure of port forwards
Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
A client may request the master to close a port forward:
uint32 MUX_C_CLOSE_FWD
@ -295,4 +293,4 @@ XXX session inspection via master
XXX signals via mux request
XXX list active connections via mux
$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $
$OpenBSD: PROTOCOL.mux,v 1.14 2024/01/08 05:11:18 djm Exp $

3
README
View File

@ -1,4 +1,5 @@
See https://www.openssh.com/releasenotes.html#9.2p1 for the release notes.
See https://www.openssh.com/releasenotes.html#9.8p1 for the release
notes.
Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or

1
README.md
View File

@ -2,6 +2,7 @@
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.

9
README.platform
View File

@ -53,11 +53,12 @@ Darwin does not provide a tun(4) driver required for OpenSSH-based
virtual private networks. The BSD manpage still exists, but the driver
has been removed in recent releases of Darwin and MacOS X.
Nevertheless, tunnel support is known to work with Darwin 8 and
MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode
using a third party driver. More information is available at:
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
Tunnel support is known to work with Darwin 8 and MacOS X 10.4 in
Point-to-Point (Layer 3) and Ethernet (Layer 2) mode using a third
party driver. More information is available at:
https://tuntaposx.sourceforge.net
Recent Darwin/MacOS X versions are likely unsupported.
Linux
-----

15
aclocal.m4 vendored Normal file
View File

@ -0,0 +1,15 @@
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_include([m4/openssh.m4])

14
addr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: addr.c,v 1.6 2022/10/28 02:29:34 djm Exp $ */
/* $OpenBSD: addr.c,v 1.8 2024/04/02 09:29:31 deraadt Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@ -27,6 +27,7 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <limits.h>
#include "addr.h"
@ -443,7 +444,7 @@ addr_ntop(const struct xaddr *n, char *p, size_t len)
if (p == NULL || len == 0)
return -1;
if (getnameinfo(_SA(&ss), slen, p, len, NULL, 0,
NI_NUMERICHOST) == -1)
NI_NUMERICHOST) != 0)
return -1;
return 0;
@ -457,8 +458,9 @@ int
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
{
struct xaddr tmp;
long unsigned int masklen = 999;
char addrbuf[64], *mp, *cp;
u_int masklen = 999;
char addrbuf[64], *mp;
const char *errstr;
/* Don't modify argument */
if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
@ -467,8 +469,8 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
if ((mp = strchr(addrbuf, '/')) != NULL) {
*mp = '\0';
mp++;
masklen = strtoul(mp, &cp, 10); // CodeQL [SM02313]: strtoul will initialize cp
if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128)
masklen = (u_int)strtonum(mp, 0, INT_MAX, &errstr);
if (errstr)
return -1;
}

29
auth-options.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.98 2022/02/08 08:59:12 dtucker Exp $ */
/* $OpenBSD: auth-options.c,v 1.101 2023/07/14 07:44:21 dtucker Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
*
@ -24,6 +24,9 @@
#include <pwd.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
#include <stdarg.h>
#include <ctype.h>
#include <limits.h>
@ -48,10 +51,11 @@ dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
*dstp = NULL;
*ndstp = 0;
if (nsrc == 0)
return 0;
if ((dst = calloc(nsrc, sizeof(*src))) == NULL)
if (nsrc >= SIZE_MAX / sizeof(*src) ||
(dst = calloc(nsrc, sizeof(*src))) == NULL)
return -1;
for (i = 0; i < nsrc; i++) {
if ((dst[i] = strdup(src[i])) == NULL) {
@ -703,7 +707,7 @@ serialise_array(struct sshbuf *m, char **a, size_t n)
{
struct sshbuf *b;
size_t i;
int r;
int r = SSH_ERR_INTERNAL_ERROR;
if (n > INT_MAX)
return SSH_ERR_INTERNAL_ERROR;
@ -712,18 +716,17 @@ serialise_array(struct sshbuf *m, char **a, size_t n)
return SSH_ERR_ALLOC_FAIL;
}
for (i = 0; i < n; i++) {
if ((r = sshbuf_put_cstring(b, a[i])) != 0) {
sshbuf_free(b);
return r;
}
if ((r = sshbuf_put_cstring(b, a[i])) != 0)
goto out;
}
if ((r = sshbuf_put_u32(m, n)) != 0 ||
(r = sshbuf_put_stringb(m, b)) != 0) {
sshbuf_free(b);
return r;
}
(r = sshbuf_put_stringb(m, b)) != 0)
goto out;
/* success */
return 0;
r = 0;
out:
sshbuf_free(b);
return r;
}
static int

73
auth-pam.c
View File

@ -67,11 +67,6 @@
#include <pam/pam_appl.h>
#endif
#if !defined(SSHD_PAM_SERVICE)
extern char *__progname;
# define SSHD_PAM_SERVICE __progname
#endif
/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
#ifdef PAM_SUN_CODEBASE
# define sshpam_const /* Solaris, HP-UX, SunOS */
@ -105,6 +100,7 @@ extern char *__progname;
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "srclimit.h"
extern ServerOptions options;
extern struct sshbuf *loginmsg;
@ -171,13 +167,13 @@ sshpam_sigchld_handler(int sig)
return;
}
}
if (WIFSIGNALED(sshpam_thread_status) &&
WTERMSIG(sshpam_thread_status) == SIGTERM)
return; /* terminated by pthread_cancel */
if (!WIFEXITED(sshpam_thread_status))
sigdie("PAM: authentication thread exited unexpectedly");
if (WEXITSTATUS(sshpam_thread_status) != 0)
sigdie("PAM: authentication thread exited uncleanly");
if (sshpam_thread_status == -1)
return;
if (WIFSIGNALED(sshpam_thread_status)) {
if (signal_is_crash(WTERMSIG(sshpam_thread_status)))
_exit(EXIT_CHILD_CRASH);
} else if (!WIFEXITED(sshpam_thread_status))
_exit(EXIT_CHILD_CRASH);
}
/* ARGSUSED */
@ -351,11 +347,12 @@ import_environments(struct sshbuf *b)
/* Import environment from subprocess */
if ((r = sshbuf_get_u32(b, &num_env)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (num_env > 1024)
fatal("%s: received %u environment variables, expected <= 1024",
__func__, num_env);
if (num_env > 1024) {
fatal_f("received %u environment variables, expected <= 1024",
num_env);
}
sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
debug3("PAM: num env strings %d", num_env);
debug3("PAM: num env strings %u", num_env);
for(i = 0; i < num_env; i++) {
if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -365,7 +362,11 @@ import_environments(struct sshbuf *b)
/* Import PAM environment from subprocess */
if ((r = sshbuf_get_u32(b, &num_env)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug("PAM: num PAM env strings %d", num_env);
if (num_env > 1024) {
fatal_f("received %u PAM env variables, expected <= 1024",
num_env);
}
debug("PAM: num PAM env strings %u", num_env);
for (i = 0; i < num_env; i++) {
if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -663,7 +664,7 @@ static struct pam_conv store_conv = { sshpam_store_conv, NULL };
void
sshpam_cleanup(void)
{
if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
if (sshpam_handle == NULL || !mm_is_monitor())
return;
debug("PAM: cleanup");
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
@ -689,6 +690,8 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
const char **ptr_pam_user = &pam_user;
int r;
if (options.pam_service_name == NULL)
fatal_f("internal error: NULL PAM service name");
#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
/* Protect buggy PAM implementations from excessively long usernames */
if (strlen(user) >= PAM_MAX_RESP_SIZE)
@ -700,7 +703,8 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
fatal("%s: called initially with no "
"packet context", __func__);
}
} if (sshpam_handle != NULL) {
}
if (sshpam_handle != NULL) {
/* We already have a PAM context; check if the user matches */
sshpam_err = pam_get_item(sshpam_handle,
PAM_USER, (sshpam_const void **)ptr_pam_user);
@ -709,9 +713,10 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
}
debug("PAM: initializing for \"%s\"", user);
sshpam_err =
pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
debug("PAM: initializing for \"%s\" with service \"%s\"", user,
options.pam_service_name);
sshpam_err = pam_start(options.pam_service_name, user,
&store_conv, &sshpam_handle);
sshpam_authctxt = authctxt;
if (sshpam_err != PAM_SUCCESS) {
@ -843,7 +848,7 @@ sshpam_query(void *ctx, char **name, char **info,
size_t plen;
u_char type;
char *msg;
size_t len, mlen;
size_t len, mlen, nmesg = 0;
int r;
debug3("PAM: %s entering", __func__);
@ -856,6 +861,8 @@ sshpam_query(void *ctx, char **name, char **info,
plen = 0;
*echo_on = xmalloc(sizeof(u_int));
while (ssh_msg_recv(ctxt->pam_psock, buffer) == 0) {
if (++nmesg > PAM_MAX_NUM_MSG)
fatal_f("too many query messages");
if ((r = sshbuf_get_u8(buffer, &type)) != 0 ||
(r = sshbuf_get_cstring(buffer, &msg, &mlen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
@ -1094,20 +1101,15 @@ do_pam_account(void)
}
void
do_pam_setcred(int init)
do_pam_setcred(void)
{
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&store_conv);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
if (init) {
debug("PAM: establishing credentials");
sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
} else {
debug("PAM: reinitializing credentials");
sshpam_err = pam_setcred(sshpam_handle, PAM_REINITIALIZE_CRED);
}
debug("PAM: establishing credentials");
sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
if (sshpam_err == PAM_SUCCESS) {
sshpam_cred_established = 1;
return;
@ -1120,6 +1122,7 @@ do_pam_setcred(int init)
pam_strerror(sshpam_handle, sshpam_err));
}
#if 0
static int
sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
struct pam_response **resp, void *data)
@ -1175,6 +1178,7 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
}
static struct pam_conv tty_conv = { sshpam_tty_conv, NULL };
#endif
/*
* XXX this should be done in the authentication phase, but ssh1 doesn't
@ -1183,8 +1187,8 @@ static struct pam_conv tty_conv = { sshpam_tty_conv, NULL };
void
do_pam_chauthtok(void)
{
if (use_privsep)
fatal("Password expired (unable to change with privsep)");
fatal("Password expired");
#if 0
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&tty_conv);
if (sshpam_err != PAM_SUCCESS)
@ -1195,6 +1199,7 @@ do_pam_chauthtok(void)
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: pam_chauthtok(): %s",
pam_strerror(sshpam_handle, sshpam_err));
#endif
}
void
@ -1368,6 +1373,8 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
pam_strerror(sshpam_handle, sshpam_err));
expose_authinfo(__func__);
sshpam_err = pam_authenticate(sshpam_handle, flags);
sshpam_password = NULL;
free(fake);

2
auth-pam.h
View File

@ -31,7 +31,7 @@ void start_pam(struct ssh *);
void finish_pam(void);
u_int do_pam_account(void);
void do_pam_session(struct ssh *);
void do_pam_setcred(int );
void do_pam_setcred(void);
void do_pam_chauthtok(void);
int do_pam_putenv(char *, char *);
char ** fetch_pam_environment(void);

3
auth-rhosts.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-rhosts.c,v 1.57 2022/12/09 00:17:40 dtucker Exp $ */
/* $OpenBSD: auth-rhosts.c,v 1.58 2024/05/17 00:30:23 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -46,7 +46,6 @@
/* import */
extern ServerOptions options;
extern int use_privsep;
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or

14
auth-shadow.c
View File

@ -56,13 +56,13 @@ int
auth_shadow_acctexpired(struct spwd *spw)
{
time_t today;
int daysleft;
long long daysleft;
int r;
today = time(NULL) / DAY;
daysleft = spw->sp_expire - today;
debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
(int)spw->sp_expire, daysleft);
debug3("%s: today %lld sp_expire %lld days left %lld", __func__,
(long long)today, (long long)spw->sp_expire, daysleft);
if (spw->sp_expire == -1) {
debug3("account expiration disabled");
@ -70,9 +70,9 @@ auth_shadow_acctexpired(struct spwd *spw)
logit("Account %.100s has expired", spw->sp_namp);
return 1;
} else if (daysleft <= spw->sp_warn) {
debug3("account will expire in %d days", daysleft);
debug3("account will expire in %lld days", daysleft);
if ((r = sshbuf_putf(loginmsg,
"Your account will expire in %d day%s.\n", daysleft,
"Your account will expire in %lld day%s.\n", daysleft,
daysleft == 1 ? "" : "s")) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
@ -98,8 +98,8 @@ auth_shadow_pwexpired(Authctxt *ctxt)
}
today = time(NULL) / DAY;
debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
(int)spw->sp_lstchg, (int)spw->sp_max);
debug3_f("today %lld sp_lstchg %lld sp_max %lld", (long long)today,
(long long)spw->sp_lstchg, (long long)spw->sp_max);
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
if (iscomsec()) {

120
auth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.159 2022/12/09 00:17:40 dtucker Exp $ */
/* $OpenBSD: auth.c,v 1.161 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -74,7 +74,6 @@
#include "authfile.h"
#include "monitor_wrap.h"
#include "ssherr.h"
#include "compat.h"
#include "channels.h"
#ifdef WINDOWS
@ -86,13 +85,19 @@
/* import */
extern ServerOptions options;
extern struct include_list includes;
extern int use_privsep;
extern struct sshbuf *loginmsg;
extern struct passwd *privsep_pw;
extern struct sshauthopt *auth_opts;
/* Debugging messages */
static struct sshbuf *auth_debug;
#ifndef WINDOWS
static struct sshbuf *auth_debug;
#else
/* removing static declaration due to access
violation thrown when compiling with platform
toolsets newer than v140 (VS2017 or above) */
struct sshbuf *auth_debug;
#endif
/*
* Check if the user is allowed to log in via ssh. If user is listed
@ -279,7 +284,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
const char *authmsg;
char *extra = NULL;
if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
if (!mm_is_monitor() && !authctxt->postponed)
return;
/* Raise logging level */
@ -488,11 +493,11 @@ getpwnamallow(struct ssh *ssh, const char *user)
struct connection_info *ci;
u_int i;
ci = get_connection_info(ssh, 1, options.use_dns);
ci = server_get_connection_info(ssh, 1, options.use_dns);
#ifdef WINDOWS
/* getpwname - normalizes the incoming user and makes it lowercase
/* it must be duped as the server matching routines may use getpwnam() and
* and free the name being assigned to the connection info structure
* and free the name being assigned to the connection info structure
*/
pw = getpwnam(user);
ci->user = pw? xstrdup(pw->pw_name): user;
@ -504,7 +509,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
log_verbose_reset();
for (i = 0; i < options.num_log_verbose; i++)
log_verbose_add(options.log_verbose[i]);
process_permitopen(ssh, &options);
server_process_permitopen(ssh);
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
aix_setauthdb(user);
@ -663,97 +668,6 @@ fakepw(void)
return (&fake);
}
/*
* Returns the remote DNS hostname as a string. The returned string must not
* be freed. NB. this will usually trigger a DNS query the first time it is
* called.
* This function does additional checks on the hostname to mitigate some
* attacks on based on conflation of hostnames and IP addresses.
*/
static char *
remote_hostname(struct ssh *ssh)
{
struct sockaddr_storage from;
socklen_t fromlen;
struct addrinfo hints, *ai, *aitop;
char name[NI_MAXHOST], ntop2[NI_MAXHOST];
const char *ntop = ssh_remote_ipaddr(ssh);
/* Get IP address of client. */
fromlen = sizeof(from);
memset(&from, 0, sizeof(from));
if (getpeername(ssh_packet_get_connection_in(ssh),
(struct sockaddr *)&from, &fromlen) == -1) {
debug("getpeername failed: %.100s", strerror(errno));
return xstrdup(ntop);
}
ipv64_normalise_mapped(&from, &fromlen);
if (from.ss_family == AF_INET6)
fromlen = sizeof(struct sockaddr_in6);
debug3("Trying to reverse map address %.100s.", ntop);
/* Map the IP address to a host name. */
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
NULL, 0, NI_NAMEREQD) != 0) {
/* Host name not found. Use ip address. */
return xstrdup(ntop);
}
/*
* if reverse lookup result looks like a numeric hostname,
* someone is trying to trick us by PTR record like following:
* 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
*/
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
name, ntop);
freeaddrinfo(ai);
return xstrdup(ntop);
}
/* Names are stored in lowercase. */
lowercase(name);
/*
* Map it back to an IP address and check that the given
* address actually is an address of this host. This is
* necessary because anyone with access to a name server can
* define arbitrary names for an IP address. Mapping from
* name to IP address can be trusted better (but can still be
* fooled if the intruder has access to the name server of
* the domain).
*/
memset(&hints, 0, sizeof(hints));
hints.ai_family = from.ss_family;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed.", name, ntop);
return xstrdup(ntop);
}
/* Look for the address from the list of addresses. */
for (ai = aitop; ai; ai = ai->ai_next) {
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
(strcmp(ntop, ntop2) == 0))
break;
}
freeaddrinfo(aitop);
/* If we reached the end of the list, the address was not there. */
if (ai == NULL) {
/* Address not found for the host name. */
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address.", ntop, name);
return xstrdup(ntop);
}
return xstrdup(name);
}
/*
* Return the canonical name of the host in the other side of the current
* connection. The host name is cached, so it is efficient to call this
@ -767,12 +681,10 @@ auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
if (!use_dns)
return ssh_remote_ipaddr(ssh);
else if (dnsname != NULL)
if (dnsname != NULL)
return dnsname;
else {
dnsname = remote_hostname(ssh);
return dnsname;
}
dnsname = ssh_remote_hostname(ssh);
return dnsname;
}
/* These functions link key/cert options to the auth framework */

15
auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.106 2022/06/15 16:08:25 djm Exp $ */
/* $OpenBSD: auth.h,v 1.108 2024/05/17 06:42:04 jsg Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -108,11 +108,15 @@ struct Authctxt {
* the client.
*/
struct authmethod_cfg {
const char *name;
const char *synonym;
int *enabled;
};
struct Authmethod {
char *name;
char *synonym;
struct authmethod_cfg *cfg;
int (*userauth)(struct ssh *, const char *);
int *enabled;
};
/*
@ -155,8 +159,6 @@ void auth2_record_info(Authctxt *authctxt, const char *, ...)
void auth2_update_session_info(Authctxt *, const char *, const char *);
#ifdef KRB5
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
int auth_krb5_password(Authctxt *authctxt, const char *password);
void krb5_cleanup_proc(Authctxt *authctxt);
#endif /* KRB5 */
@ -215,7 +217,6 @@ int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
u_char **, size_t *, const u_char *, size_t, const char *);
/* Key / cert options linkage to auth layer */
const struct sshauthopt *auth_options(struct ssh *);
int auth_activate_options(struct ssh *, struct sshauthopt *);
void auth_restrict_session(struct ssh *);
void auth_log_authopts(const char *, const struct sshauthopt *, int);

51
auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.33 2021/12/19 22:12:07 djm Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.36 2024/05/17 04:42:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -48,7 +48,10 @@
#include "ssh-gss.h"
#include "monitor_wrap.h"
#define SSH_GSSAPI_MAX_MECHS 2048
extern ServerOptions options;
extern struct authmethod_cfg methodcfg_gssapi;
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
@ -75,7 +78,11 @@ userauth_gssapi(struct ssh *ssh, const char *method)
fatal_fr(r, "parse packet");
if (mechs == 0) {
debug("Mechanism negotiation is not supported");
logit_f("mechanism negotiation is not supported");
return (0);
} else if (mechs > SSH_GSSAPI_MAX_MECHS) {
logit_f("too many mechanisms requested %u > %u", mechs,
SSH_GSSAPI_MAX_MECHS);
return (0);
}
@ -94,7 +101,7 @@ userauth_gssapi(struct ssh *ssh, const char *method)
goid.length = len - 2;
ssh_gssapi_test_oid_supported(&ms, &goid, &present);
} else {
logit("Badly formed OID received");
logit_f("badly formed OID received");
}
} while (mechs > 0 && !present);
@ -110,7 +117,7 @@ userauth_gssapi(struct ssh *ssh, const char *method)
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
if (GSS_ERROR(mm_ssh_gssapi_server_ctx(&ctxt, &goid))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
free(doid);
@ -147,7 +154,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
size_t len;
int r;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
@ -157,8 +164,8 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
recv_tok.value = p;
recv_tok.length = len;
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, &flags));
maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, &flags);
free(p);
@ -211,7 +218,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
u_char *p;
size_t len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
@ -222,8 +229,8 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
recv_tok.length = len;
/* Push the error token into GSSAPI to see what it says */
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL);
free(recv_tok.value);
@ -248,9 +255,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
{
Authctxt *authctxt = ssh->authctxt;
int r, authenticated;
const char *displayname;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
/*
@ -261,11 +267,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
if ((r = sshpkt_get_end(ssh)) != 0)
fatal_fr(r, "parse packet");
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
if ((!use_privsep || mm_is_monitor()) &&
(displayname = ssh_gssapi_displayname()) != NULL)
auth2_record_info(authctxt, "%s", displayname);
authenticated = mm_ssh_gssapi_userok(authctxt->user);
authctxt->postponed = 0;
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@ -284,11 +286,10 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
int r, authenticated = 0;
struct sshbuf *b;
gss_buffer_desc mic, gssbuf;
const char *displayname;
u_char *p;
size_t len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
if (authctxt == NULL)
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
@ -306,18 +307,14 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
fatal_f("sshbuf_mutable_ptr failed");
gssbuf.length = sshbuf_len(b);
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
if (!GSS_ERROR(mm_ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))
authenticated = mm_ssh_gssapi_userok(authctxt->user);
else
logit("GSSAPI MIC check failed");
sshbuf_free(b);
free(mic.value);
if ((!use_privsep || mm_is_monitor()) &&
(displayname = ssh_gssapi_displayname()) != NULL)
auth2_record_info(authctxt, "%s", displayname);
authctxt->postponed = 0;
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
@ -328,10 +325,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
}
Authmethod method_gssapi = {
"gssapi-with-mic",
NULL,
&methodcfg_gssapi,
userauth_gssapi,
&options.gss_authentication
};
#endif /* GSSAPI */

22
auth2-hostbased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.50 2022/09/17 10:34:29 djm Exp $ */
/* $OpenBSD: auth2-hostbased.c,v 1.53 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -40,7 +40,6 @@
#include "log.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
@ -55,6 +54,7 @@
/* import */
extern ServerOptions options;
extern struct authmethod_cfg methodcfg_hostbased;
static int
userauth_hostbased(struct ssh *ssh, const char *method)
@ -101,12 +101,6 @@ userauth_hostbased(struct ssh *ssh, const char *method)
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (sshkey_type_plain(key->type) == KEY_RSA &&
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
error("Refusing RSA key because peer uses unsafe "
"signature format");
goto done;
}
if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
logit_f("signature algorithm %s not in "
"HostbasedAcceptedAlgorithms", pkalg);
@ -152,10 +146,10 @@ userauth_hostbased(struct ssh *ssh, const char *method)
/* test for allowed key and correct signature */
authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
chost, key)) &&
PRIVSEP(sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0)
if (mm_hostbased_key_allowed(ssh, authctxt->pw, cuser,
chost, key) &&
mm_sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL) == 0)
authenticated = 1;
auth2_record_key(authctxt, authenticated, key);
@ -259,8 +253,6 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
}
Authmethod method_hostbased = {
"hostbased",
NULL,
&methodcfg_hostbased,
userauth_hostbased,
&options.hostbased_authentication
};

7
auth2-kbdint.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-kbdint.c,v 1.14 2021/12/19 22:12:07 djm Exp $ */
/* $OpenBSD: auth2-kbdint.c,v 1.15 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -42,6 +42,7 @@
/* import */
extern ServerOptions options;
extern struct authmethod_cfg methodcfg_kbdint;
static int
userauth_kbdint(struct ssh *ssh, const char *method)
@ -65,8 +66,6 @@ userauth_kbdint(struct ssh *ssh, const char *method)
}
Authmethod method_kbdint = {
"keyboard-interactive",
NULL,
&methodcfg_kbdint,
userauth_kbdint,
&options.kbd_interactive_authentication
};

134
auth2-methods.c Normal file
View File

@ -0,0 +1,134 @@
/*
* Copyright (c) 2012,2023 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include "log.h"
#include "misc.h"
#include "servconf.h"
#include "xmalloc.h"
#include "hostfile.h"
#include "auth.h"
extern ServerOptions options;
/*
* Configuration of enabled authentication methods. Separate from the rest of
* auth2-*.c because we want to query it during server configuration validity
* checking in the sshd listener process without pulling all the auth code in
* too.
*/
/* "none" is allowed only one time and it is cleared by userauth_none() later */
int none_enabled = 1;
struct authmethod_cfg methodcfg_none = {
"none",
NULL,
&none_enabled
};
struct authmethod_cfg methodcfg_pubkey = {
"publickey",
"publickey-hostbound-v00@openssh.com",
&options.pubkey_authentication
};
#ifdef GSSAPI
struct authmethod_cfg methodcfg_gssapi = {
"gssapi-with-mic",
NULL,
&options.gss_authentication
};
#endif
struct authmethod_cfg methodcfg_passwd = {
"password",
NULL,
&options.password_authentication
};
struct authmethod_cfg methodcfg_kbdint = {
"keyboard-interactive",
NULL,
&options.kbd_interactive_authentication
};
struct authmethod_cfg methodcfg_hostbased = {
"hostbased",
NULL,
&options.hostbased_authentication
};
static struct authmethod_cfg *authmethod_cfgs[] = {
&methodcfg_none,
&methodcfg_pubkey,
#ifdef GSSAPI
&methodcfg_gssapi,
#endif
&methodcfg_passwd,
&methodcfg_kbdint,
&methodcfg_hostbased,
NULL
};
/*
* Check a comma-separated list of methods for validity. If need_enable is
* non-zero, then also require that the methods are enabled.
* Returns 0 on success or -1 if the methods list is invalid.
*/
int
auth2_methods_valid(const char *_methods, int need_enable)
{
char *methods, *omethods, *method, *p;
u_int i, found;
int ret = -1;
const struct authmethod_cfg *cfg;
if (*_methods == '\0') {
error("empty authentication method list");
return -1;
}
omethods = methods = xstrdup(_methods);
while ((method = strsep(&methods, ",")) != NULL) {
for (found = i = 0; !found && authmethod_cfgs[i] != NULL; i++) {
cfg = authmethod_cfgs[i];
if ((p = strchr(method, ':')) != NULL)
*p = '\0';
if (strcmp(method, cfg->name) != 0)
continue;
if (need_enable) {
if (cfg->enabled == NULL ||
*(cfg->enabled) == 0) {
error("Disabled method \"%s\" in "
"AuthenticationMethods list \"%s\"",
method, _methods);
goto out;
}
}
found = 1;
break;
}
if (!found) {
error("Unknown authentication method \"%s\" in list",
method);
goto out;
}
}
ret = 0;
out:
free(omethods);
return ret;
}

13
auth2-none.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */
/* $OpenBSD: auth2-none.c,v 1.26 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -44,7 +44,6 @@
#include "log.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
#include "ssh2.h"
#include "ssherr.h"
#ifdef GSSAPI
@ -54,9 +53,9 @@
/* import */
extern ServerOptions options;
extern struct authmethod_cfg methodcfg_none;
/* "none" is allowed only one time */
static int none_enabled = 1;
extern int none_enabled;
static int
userauth_none(struct ssh *ssh, const char *method)
@ -67,13 +66,11 @@ userauth_none(struct ssh *ssh, const char *method)
if ((r = sshpkt_get_end(ssh)) != 0)
fatal_fr(r, "parse packet");
if (options.permit_empty_passwd && options.password_authentication)
return (PRIVSEP(auth_password(ssh, "")));
return mm_auth_password(ssh, "");
return (0);
}
Authmethod method_none = {
"none",
NULL,
&methodcfg_none,
userauth_none,
&none_enabled
};

9
auth2-passwd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-passwd.c,v 1.21 2022/05/27 04:29:40 dtucker Exp $ */
/* $OpenBSD: auth2-passwd.c,v 1.22 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -47,6 +47,7 @@
/* import */
extern ServerOptions options;
extern struct authmethod_cfg methodcfg_passwd;
static int
userauth_passwd(struct ssh *ssh, const char *method)
@ -66,15 +67,13 @@ userauth_passwd(struct ssh *ssh, const char *method)
if (change)
logit("password change not supported");
else if (PRIVSEP(auth_password(ssh, password)) == 1) // CodeQL [SM01714] false positive: password is null terminated
else if (mm_auth_password(ssh, password) == 1)
authenticated = 1;
freezero(password, len);
return authenticated;
}
Authmethod method_passwd = {
"password",
NULL,
&methodcfg_passwd,
userauth_passwd,
&options.password_authentication
};

54
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.117 2022/09/17 10:34:29 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.120 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -72,6 +72,7 @@
/* import */
extern ServerOptions options;
extern struct authmethod_cfg methodcfg_pubkey;
static char *
format_key(const struct sshkey *key)
@ -153,12 +154,6 @@ userauth_pubkey(struct ssh *ssh, const char *method)
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (sshkey_type_plain(key->type) == KEY_RSA &&
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
logit("Refusing RSA key because client uses unsafe "
"signature scheme");
goto done;
}
if (auth2_key_already_used(authctxt, key)) {
logit("refusing previously-used %s key", sshkey_type(key));
goto done;
@ -225,11 +220,11 @@ userauth_pubkey(struct ssh *ssh, const char *method)
#endif
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
PRIVSEP(sshkey_verify(key, sig, slen,
if (mm_user_key_allowed(ssh, pw, key, 1, &authopts) &&
mm_sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b),
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
ssh->compat, &sig_details)) == 0) {
ssh->compat, &sig_details) == 0) {
authenticated = 1;
}
if (authenticated == 1 && sig_details != NULL) {
@ -287,7 +282,7 @@ userauth_pubkey(struct ssh *ssh, const char *method)
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {
if (mm_user_key_allowed(ssh, pw, key, 0, NULL)) {
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))
!= 0 ||
(r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||
@ -346,8 +341,8 @@ match_principals_file(struct passwd *pw, char *file,
* returns 1 if the principal is allowed or 0 otherwise.
*/
static int
match_principals_command(struct passwd *user_pw,
const struct sshkey *key, struct sshauthopt **authoptsp)
match_principals_command(struct passwd *user_pw, const struct sshkey *key,
const char *conn_id, const char *rdomain, struct sshauthopt **authoptsp)
{
struct passwd *runas_pw = NULL;
const struct sshkey_cert *cert = key->cert;
@ -422,6 +417,8 @@ match_principals_command(struct passwd *user_pw,
(unsigned long long)user_pw->pw_uid);
for (i = 1; i < ac; i++) {
tmp = percent_expand(av[i],
"C", conn_id,
"D", rdomain,
"U", uidstr,
"u", user_pw->pw_name,
"h", user_pw->pw_dir,
@ -483,7 +480,7 @@ match_principals_command(struct passwd *user_pw,
static int
user_cert_trusted_ca(struct passwd *pw, struct sshkey *key,
const char *remote_ip, const char *remote_host,
struct sshauthopt **authoptsp)
const char *conn_id, const char *rdomain, struct sshauthopt **authoptsp)
{
char *ca_fp, *principals_file = NULL;
const char *reason;
@ -520,7 +517,7 @@ user_cert_trusted_ca(struct passwd *pw, struct sshkey *key,
}
/* Try querying command if specified */
if (!found_principal && match_principals_command(pw, key,
&principals_opts))
conn_id, rdomain, &principals_opts))
found_principal = 1;
/* If principals file or command is specified, then require a match */
use_authorized_principals = principals_file != NULL ||
@ -619,7 +616,7 @@ user_key_allowed2(struct passwd *pw, struct sshkey *key,
static int
user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key,
const char *remote_ip, const char *remote_host,
struct sshauthopt **authoptsp)
const char *conn_id, const char *rdomain, struct sshauthopt **authoptsp)
{
struct passwd *runas_pw = NULL;
FILE *f = NULL;
@ -681,6 +678,8 @@ user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key,
(unsigned long long)user_pw->pw_uid);
for (i = 1; i < ac; i++) {
tmp = percent_expand(av[i],
"C", conn_id,
"D", rdomain,
"U", uidstr,
"u", user_pw->pw_name,
"h", user_pw->pw_dir,
@ -755,11 +754,9 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
int auth_attempt, struct sshauthopt **authoptsp)
{
u_int success = 0, i;
char *file;
char *file, *conn_id;
struct sshauthopt *opts = NULL;
const char *remote_ip = ssh_remote_ipaddr(ssh);
const char *remote_host = auth_get_canonical_hostname(ssh,
options.use_dns);
const char *rdomain, *remote_ip, *remote_host;
if (authoptsp != NULL)
*authoptsp = NULL;
@ -770,6 +767,14 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
auth_key_is_revoked(key->cert->signature_key))
return 0;
if ((rdomain = ssh_packet_rdomain_in(ssh)) == NULL)
rdomain = "";
remote_ip = ssh_remote_ipaddr(ssh);
remote_host = auth_get_canonical_hostname(ssh, options.use_dns);
xasprintf(&conn_id, "%s %d %s %d",
ssh_local_ipaddr(ssh), ssh_local_port(ssh),
remote_ip, ssh_remote_port(ssh));
for (i = 0; !success && i < options.num_authkeys_files; i++) {
if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
continue;
@ -787,18 +792,19 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
goto out;
if ((success = user_cert_trusted_ca(pw, key, remote_ip, remote_host,
&opts)) != 0)
conn_id, rdomain, &opts)) != 0)
goto out;
sshauthopt_free(opts);
opts = NULL;
if ((success = user_key_command_allowed2(pw, key, remote_ip,
remote_host, &opts)) != 0)
remote_host, conn_id, rdomain, &opts)) != 0)
goto out;
sshauthopt_free(opts);
opts = NULL;
out:
free(conn_id);
if (success && authoptsp != NULL) {
*authoptsp = opts;
opts = NULL;
@ -808,8 +814,6 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
}
Authmethod method_pubkey = {
"publickey",
"publickey-hostbound-v00@openssh.com",
&methodcfg_pubkey,
userauth_pubkey,
&options.pubkey_authentication
};

3
auth2-pubkeyfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkeyfile.c,v 1.3 2022/07/01 03:52:57 djm Exp $ */
/* $OpenBSD: auth2-pubkeyfile.c,v 1.4 2023/03/05 05:34:09 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -42,7 +42,6 @@
#include "ssh.h"
#include "log.h"
#include "misc.h"
#include "compat.h"
#include "sshkey.h"
#include "digest.h"
#include "hostfile.h"

109
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.169 2024/05/17 00:30:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -46,7 +46,6 @@
#include "sshbuf.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
@ -58,6 +57,7 @@
#endif
#include "monitor_wrap.h"
#include "digest.h"
#include "kex.h"
#ifdef WINDOWS
#include "sshTelemetry.h"
#endif
@ -159,7 +159,7 @@ userauth_banner(struct ssh *ssh)
if (options.banner == NULL)
return;
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
if ((banner = mm_auth2_read_banner()) == NULL)
goto done;
userauth_send_banner(ssh, banner);
@ -176,12 +176,13 @@ do_authentication2(struct ssh *ssh)
Authctxt *authctxt = ssh->authctxt;
ssh_dispatch_init(ssh, &dispatch_protocol_error);
if (ssh->kex->ext_info_c)
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success);
ssh->authctxt = NULL;
}
/*ARGSUSED*/
static int
input_service_request(int type, u_int32_t seq, struct ssh *ssh)
{
@ -216,6 +217,7 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
debug("bad service request %s", service);
ssh_packet_disconnect(ssh, "bad service request %s", service);
}
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &dispatch_protocol_error);
r = 0;
out:
free(service);
@ -223,6 +225,7 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
}
#define MIN_FAIL_DELAY_SECONDS 0.005
#define MAX_FAIL_DELAY_SECONDS 5.0
static double
user_specific_delay(const char *user)
{
@ -248,6 +251,12 @@ ensure_minimum_time_since(double start, double seconds)
struct timespec ts;
double elapsed = monotime_double() - start, req = seconds, remain;
if (elapsed > MAX_FAIL_DELAY_SECONDS) {
debug3_f("elapsed %0.3lfms exceeded the max delay "
"requested %0.3lfms)", elapsed*1000, req*1000);
return;
}
/* if we've already passed the requested time, scale up */
while ((remain = seconds - elapsed) < 0.0)
seconds *= 2;
@ -259,7 +268,6 @@ ensure_minimum_time_since(double start, double seconds)
nanosleep(&ts, NULL);
}
/*ARGSUSED*/
static int
input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
{
@ -286,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
auth_maxtries_exceeded(ssh);
if (authctxt->attempt++ == 0) {
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
authctxt->pw = mm_getpwnamallow(ssh, user);
authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
@ -296,22 +304,22 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
/* Invalid user, fake password information */
authctxt->pw = fakepw();
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
mm_audit_event(ssh, SSH_INVALID_USER);
#endif
}
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(ssh));
mm_start_pam(ssh);
#endif
ssh_packet_set_log_preamble(ssh, "%suser %s",
authctxt->valid ? "authenticating " : "invalid ", user);
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
setproctitle("%s [net]", authctxt->valid ? user : "unknown");
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep)
mm_inform_authserv(service, style);
mm_inform_authserv(service, style);
userauth_banner(ssh);
if ((r = kex_server_update_ext_info(ssh)) != 0)
fatal_fr(r, "kex_server_update_ext_info failed");
if (auth2_setup_methods_lists(authctxt) != 0)
ssh_packet_disconnect(ssh,
"no authentication methods enabled");
@ -340,7 +348,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(ssh, method);
}
if (!authctxt->authenticated)
if (!authctxt->authenticated && strcmp(method, "none") != 0)
ensure_minimum_time_since(tstart,
user_specific_delay(authctxt->user));
userauth_finish(ssh, authenticated, method, NULL);
@ -372,7 +380,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
/* prefer primary authmethod name to possible synonym */
if ((m = authmethod_byname(method)) == NULL)
fatal("INTERNAL ERROR: bad method %s", method);
method = m->name;
method = m->cfg->name;
}
/* Special handling for root */
@ -380,7 +388,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
!auth_root_allowed(ssh, method)) {
authenticated = 0;
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
mm_audit_event(ssh, SSH_LOGIN_ROOT_DENIED);
#endif
}
@ -403,7 +411,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
#ifdef USE_PAM
if (options.use_pam && authenticated) {
int r, success = PRIVSEP(do_pam_account());
int r, success = mm_do_pam_account();
/* If PAM returned a message, send it to the user. */
if (sshbuf_len(loginmsg) > 0) {
@ -441,7 +449,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
mm_audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES);
#endif
auth_maxtries_exceeded(ssh);
}
@ -496,16 +504,16 @@ authmethods_get(Authctxt *authctxt)
if ((b = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
for (i = 0; authmethods[i] != NULL; i++) {
if (strcmp(authmethods[i]->name, "none") == 0)
if (strcmp(authmethods[i]->cfg->name, "none") == 0)
continue;
if (authmethods[i]->enabled == NULL ||
*(authmethods[i]->enabled) == 0)
if (authmethods[i]->cfg->enabled == NULL ||
*(authmethods[i]->cfg->enabled) == 0)
continue;
if (!auth2_method_allowed(authctxt, authmethods[i]->name,
if (!auth2_method_allowed(authctxt, authmethods[i]->cfg->name,
NULL))
continue;
if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
authmethods[i]->name)) != 0)
authmethods[i]->cfg->name)) != 0)
fatal_fr(r, "buffer error");
}
if ((list = sshbuf_dup_string(b)) == NULL)
@ -522,9 +530,9 @@ authmethod_byname(const char *name)
if (name == NULL)
fatal_f("NULL authentication method name");
for (i = 0; authmethods[i] != NULL; i++) {
if (strcmp(name, authmethods[i]->name) == 0 ||
(authmethods[i]->synonym != NULL &&
strcmp(name, authmethods[i]->synonym) == 0))
if (strcmp(name, authmethods[i]->cfg->name) == 0 ||
(authmethods[i]->cfg->synonym != NULL &&
strcmp(name, authmethods[i]->cfg->synonym) == 0))
return authmethods[i];
}
debug_f("unrecognized authentication method name: %s", name);
@ -539,11 +547,11 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
if ((method = authmethod_byname(name)) == NULL)
return NULL;
if (method->enabled == NULL || *(method->enabled) == 0) {
if (method->cfg->enabled == NULL || *(method->cfg->enabled) == 0) {
debug3_f("method %s not enabled", name);
return NULL;
}
if (!auth2_method_allowed(authctxt, method->name, NULL)) {
if (!auth2_method_allowed(authctxt, method->cfg->name, NULL)) {
debug3_f("method %s not allowed "
"by AuthenticationMethods", name);
return NULL;
@ -551,53 +559,6 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
return method;
}
/*
* Check a comma-separated list of methods for validity. Is need_enable is
* non-zero, then also require that the methods are enabled.
* Returns 0 on success or -1 if the methods list is invalid.
*/
int
auth2_methods_valid(const char *_methods, int need_enable)
{
char *methods, *omethods, *method, *p;
u_int i, found;
int ret = -1;
if (*_methods == '\0') {
error("empty authentication method list");
return -1;
}
omethods = methods = xstrdup(_methods);
while ((method = strsep(&methods, ",")) != NULL) {
for (found = i = 0; !found && authmethods[i] != NULL; i++) {
if ((p = strchr(method, ':')) != NULL)
*p = '\0';
if (strcmp(method, authmethods[i]->name) != 0)
continue;
if (need_enable) {
if (authmethods[i]->enabled == NULL ||
*(authmethods[i]->enabled) == 0) {
error("Disabled method \"%s\" in "
"AuthenticationMethods list \"%s\"",
method, _methods);
goto out;
}
}
found = 1;
break;
}
if (!found) {
error("Unknown authentication method \"%s\" in list",
method);
goto out;
}
}
ret = 0;
out:
free(omethods);
return ret;
}
/*
* Prune the AuthenticationMethods supplied in the configuration, removing
* any methods lists that include disabled methods. Note that this might

45
authfd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.130 2022/04/27 11:08:55 dtucker Exp $ */
/* $OpenBSD: authfd.c,v 1.134 2023/12/18 14:46:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -55,7 +55,6 @@
#include "sshkey.h"
#include "authfd.h"
#include "cipher.h"
#include "compat.h"
#include "log.h"
#include "atomicio.h"
#include "misc.h"
@ -491,8 +490,8 @@ encode_dest_constraint(struct sshbuf *m, const struct dest_constraint *dc)
if ((b = sshbuf_new()) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((r = encode_dest_constraint_hop(b, &dc->from) != 0) ||
(r = encode_dest_constraint_hop(b, &dc->to) != 0) ||
if ((r = encode_dest_constraint_hop(b, &dc->from)) != 0 ||
(r = encode_dest_constraint_hop(b, &dc->to)) != 0 ||
(r = sshbuf_put_string(b, NULL, 0)) != 0) /* reserved */
goto out;
if ((r = sshbuf_put_stringb(m, b)) != 0)
@ -505,9 +504,10 @@ encode_dest_constraint(struct sshbuf *m, const struct dest_constraint *dc)
}
static int
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
const char *provider, struct dest_constraint **dest_constraints,
size_t ndest_constraints)
encode_constraints(struct sshbuf *m, u_int life, u_int confirm,
u_int maxsign, const char *provider,
struct dest_constraint **dest_constraints, size_t ndest_constraints,
int cert_only, struct sshkey **certs, size_t ncerts)
{
int r;
struct sshbuf *b = NULL;
@ -551,6 +551,27 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
"restrict-destination-v00@openssh.com")) != 0 ||
(r = sshbuf_put_stringb(m, b)) != 0)
goto out;
sshbuf_free(b);
b = NULL;
}
if (ncerts != 0) {
if ((b = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
for (i = 0; i < ncerts; i++) {
if ((r = sshkey_puts(certs[i], b)) != 0)
goto out;
}
if ((r = sshbuf_put_u8(m,
SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 ||
(r = sshbuf_put_cstring(m,
"associated-certs-v00@openssh.com")) != 0 ||
(r = sshbuf_put_u8(m, cert_only != 0)) != 0 ||
(r = sshbuf_put_stringb(m, b)) != 0)
goto out;
sshbuf_free(b);
b = NULL;
}
r = 0;
out:
@ -608,7 +629,7 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
}
if (constrained &&
(r = encode_constraints(msg, life, confirm, maxsign,
provider, dest_constraints, ndest_constraints)) != 0)
provider, dest_constraints, ndest_constraints, 0, NULL, 0)) != 0)
goto out;
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
goto out;
@ -663,10 +684,11 @@ ssh_remove_identity(int sock, const struct sshkey *key)
int
ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
u_int life, u_int confirm,
struct dest_constraint **dest_constraints, size_t ndest_constraints)
struct dest_constraint **dest_constraints, size_t ndest_constraints,
int cert_only, struct sshkey **certs, size_t ncerts)
{
struct sshbuf *msg;
int r, constrained = (life || confirm);
int r, constrained = (life || confirm || dest_constraints || certs);
u_char type;
if (add) {
@ -684,7 +706,8 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
goto out;
if (constrained &&
(r = encode_constraints(msg, life, confirm, 0, NULL,
dest_constraints, ndest_constraints)) != 0)
dest_constraints, ndest_constraints,
cert_only, certs, ncerts)) != 0)
goto out;
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
goto out;

5
authfd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.51 2021/12/19 22:10:24 djm Exp $ */
/* $OpenBSD: authfd.h,v 1.52 2023/12/18 14:46:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -56,7 +56,8 @@ int ssh_remove_identity(int sock, const struct sshkey *key);
int ssh_update_card(int sock, int add, const char *reader_id,
const char *pin, u_int life, u_int confirm,
struct dest_constraint **dest_constraints,
size_t ndest_constraints);
size_t ndest_constraints,
int cert_only, struct sshkey **certs, size_t ncerts);
int ssh_remove_all_identities(int sock, int version);
int ssh_agent_sign(int sock, const struct sshkey *key,

12
authfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.c,v 1.143 2022/06/21 14:52:13 tobhe Exp $ */
/* $OpenBSD: authfile.c,v 1.144 2023/03/14 07:26:25 dtucker Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
@ -225,6 +225,8 @@ sshkey_try_load_public(struct sshkey **kp, const char *filename,
int r;
struct sshkey *k = NULL;
if (kp == NULL)
return SSH_ERR_INVALID_ARGUMENT;
*kp = NULL;
if (commentp != NULL)
*commentp = NULL;
@ -513,11 +515,19 @@ sshkey_save_public(const struct sshkey *key, const char *path,
if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
return SSH_ERR_SYSTEM_ERROR;
#ifdef WINDOWS
/* Windows POSIX adapter does not support fdopen() on open(file)
but still want file created with same owner as upstream */
close(fd);
if ((f = fopen(path, "w")) == NULL)
return SSH_ERR_SYSTEM_ERROR;
#else /* WINDOWS */
if ((f = fdopen(fd, "w")) == NULL) {
r = SSH_ERR_SYSTEM_ERROR;
close(fd);
goto fail;
}
#endif /* WINDOWS */
if ((r = sshkey_write(key, f)) != 0)
goto fail;
fprintf(f, " %s\n", comment);

7
canohost.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */
/* $OpenBSD: canohost.c,v 1.77 2023/03/31 04:42:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -72,6 +72,9 @@ get_socket_address(int sock, int remote, int flags)
char ntop[NI_MAXHOST];
int r;
if (sock < 0)
return NULL;
/* Get IP address of client. */
addrlen = sizeof(addr);
memset(&addr, 0, sizeof(addr));
@ -160,6 +163,8 @@ get_sock_port(int sock, int local)
char strport[NI_MAXSERV];
int r;
if (sock < 0)
return -1;
/* Get IP address of client. */
fromlen = sizeof(from);
memset(&from, 0, sizeof(from));

3
chacha.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: chacha.c,v 1.2 2023/07/17 05:26:38 djm Exp $ */
/*
chacha-merged.c version 20080118
D. J. Bernstein
@ -8,8 +9,6 @@ Public domain.
#include "chacha.h"
/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
typedef unsigned char u8;
typedef unsigned int u32;

223
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.427 2023/01/18 02:00:10 djm Exp $ */
/* $OpenBSD: channels.c,v 1.438 2024/05/17 00:30:23 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -93,13 +93,6 @@
/* -- agent forwarding */
#define NUM_SOCKS 10
/* -- tcp forwarding */
/* special-case port number meaning allow any port */
#define FWD_PERMIT_ANY_PORT 0
/* special-case wildcard meaning allow any host */
#define FWD_PERMIT_ANY_HOST "*"
/* -- X11 forwarding */
/* Maximum number of fake X11 displays to try. */
#define MAX_DISPLAYS 1000
@ -154,7 +147,7 @@ struct permission_set {
/* Used to record timeouts per channel type */
struct ssh_channel_timeout {
char *type_pattern;
u_int timeout_secs;
int timeout_secs;
};
/* Master structure for channels state */
@ -198,7 +191,7 @@ struct ssh_channels {
u_int x11_saved_data_len;
/* Deadline after which all X11 connections are refused */
u_int x11_refuse_time;
time_t x11_refuse_time;
/*
* Fake X11 authentication data. This is what the server will be
@ -214,6 +207,9 @@ struct ssh_channels {
/* Channel timeouts by type */
struct ssh_channel_timeout *timeouts;
size_t ntimeouts;
/* Global timeout for all OPEN channels */
int global_deadline;
time_t lastused;
};
/* helper */
@ -312,11 +308,16 @@ channel_lookup(struct ssh *ssh, int id)
*/
void
channel_add_timeout(struct ssh *ssh, const char *type_pattern,
u_int timeout_secs)
int timeout_secs)
{
struct ssh_channels *sc = ssh->chanctxt;
debug2_f("channel type \"%s\" timeout %u seconds",
if (strcmp(type_pattern, "global") == 0) {
debug2_f("global channel timeout %d seconds", timeout_secs);
sc->global_deadline = timeout_secs;
return;
}
debug2_f("channel type \"%s\" timeout %d seconds",
type_pattern, timeout_secs);
sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts,
sc->ntimeouts + 1, sizeof(*sc->timeouts));
@ -340,7 +341,7 @@ channel_clear_timeouts(struct ssh *ssh)
sc->ntimeouts = 0;
}
static u_int
static int
lookup_timeout(struct ssh *ssh, const char *type)
{
struct ssh_channels *sc = ssh->chanctxt;
@ -376,6 +377,38 @@ channel_set_xtype(struct ssh *ssh, int id, const char *xctype)
c->inactive_deadline);
}
/*
* update "last used" time on a channel.
* NB. nothing else should update lastused except to clear it.
*/
static void
channel_set_used_time(struct ssh *ssh, Channel *c)
{
ssh->chanctxt->lastused = monotime();
if (c != NULL)
c->lastused = ssh->chanctxt->lastused;
}
/*
* Get the time at which a channel is due to time out for inactivity.
* Returns 0 if the channel is not due to time out ever.
*/
static time_t
channel_get_expiry(struct ssh *ssh, Channel *c)
{
struct ssh_channels *sc = ssh->chanctxt;
time_t expiry = 0, channel_expiry;
if (sc->lastused != 0 && sc->global_deadline != 0)
expiry = sc->lastused + sc->global_deadline;
if (c->lastused != 0 && c->inactive_deadline != 0) {
channel_expiry = c->lastused + c->inactive_deadline;
if (expiry == 0 || channel_expiry < expiry)
expiry = channel_expiry;
}
return expiry;
}
/*
* Register filedescriptors for a channel, used when allocating a channel or
* when the channel consumer/producer is ready, e.g. shell exec'd
@ -387,11 +420,11 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
int val;
if (rfd != -1)
fcntl(rfd, F_SETFD, FD_CLOEXEC);
(void)fcntl(rfd, F_SETFD, FD_CLOEXEC);
if (wfd != -1 && wfd != rfd)
fcntl(wfd, F_SETFD, FD_CLOEXEC);
(void)fcntl(wfd, F_SETFD, FD_CLOEXEC);
if (efd != -1 && efd != rfd && efd != wfd)
fcntl(efd, F_SETFD, FD_CLOEXEC);
(void)fcntl(efd, F_SETFD, FD_CLOEXEC);
c->rfd = rfd;
c->wfd = wfd;
@ -441,6 +474,8 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
if (efd != -1)
set_nonblock(efd);
}
/* channel might be entering a larval state, so reset global timeout */
channel_set_used_time(ssh, NULL);
}
/*
@ -898,6 +933,23 @@ channel_still_open(struct ssh *ssh)
return 0;
}
/* Returns true if a channel with a TTY is open. */
int
channel_tty_open(struct ssh *ssh)
{
u_int i;
Channel *c;
for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
c = ssh->chanctxt->channels[i];
if (c == NULL || c->type != SSH_CHANNEL_OPEN)
continue;
if (c->client_tty)
return 1;
}
return 0;
}
/* Returns the id of an open channel suitable for keepaliving */
int
channel_find_open(struct ssh *ssh)
@ -1180,7 +1232,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd,
channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty);
c->type = SSH_CHANNEL_OPEN;
c->lastused = monotime();
channel_set_used_time(ssh, c);
c->local_window = c->local_window_max = window_max;
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
@ -1258,7 +1310,7 @@ x11_open_helper(struct ssh *ssh, struct sshbuf *b)
/* Is this being called after the refusal deadline? */
if (sc->x11_refuse_time != 0 &&
(u_int)monotime() >= sc->x11_refuse_time) {
monotime() >= sc->x11_refuse_time) {
verbose("Rejected X11 connection after ForwardX11Timeout "
"expired");
return -1;
@ -1352,7 +1404,7 @@ channel_pre_x11_open(struct ssh *ssh, Channel *c)
if (ret == 1) {
c->type = SSH_CHANNEL_OPEN;
c->lastused = monotime();
channel_set_used_time(ssh, c);
channel_pre_open(ssh, c);
} else if (ret == -1) {
logit("X11 connection rejected because of wrong "
@ -1639,7 +1691,7 @@ channel_decode_socks5(Channel *c, struct sshbuf *input, struct sshbuf *output)
Channel *
channel_connect_stdio_fwd(struct ssh *ssh,
const char *host_to_connect, u_short port_to_connect,
const char *host_to_connect, int port_to_connect,
int in, int out, int nonblock)
{
Channel *c;
@ -1656,7 +1708,8 @@ channel_connect_stdio_fwd(struct ssh *ssh,
c->force_drain = 1;
channel_register_fds(ssh, c, in, out, -1, 0, 1, 0);
port_open_helper(ssh, c, "direct-tcpip");
port_open_helper(ssh, c, port_to_connect == PORT_STREAMLOCAL ?
"direct-streamlocal@openssh.com" : "direct-tcpip");
return c;
}
@ -1888,7 +1941,7 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype)
}
void
channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)
channel_set_x11_refuse_time(struct ssh *ssh, time_t refuse_time)
{
ssh->chanctxt->x11_refuse_time = refuse_time;
}
@ -1995,16 +2048,19 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
fatal_f("channel %d: no remote id", c->self);
/* for rdynamic the OPEN_CONFIRMATION has been sent already */
isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
err = errno;
error("getsockopt SO_ERROR failed");
}
if (err == 0) {
/* Non-blocking connection completed */
debug("channel %d: connected to %s port %d",
c->self, c->connect_ctx.host, c->connect_ctx.port);
channel_connect_ctx_free(&c->connect_ctx);
c->type = SSH_CHANNEL_OPEN;
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (isopen) {
/* no message necessary */
} else {
@ -2017,16 +2073,17 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
(r = sshpkt_send(ssh)) != 0)
fatal_fr(r, "channel %i open confirm", c->self);
}
} else {
debug("channel %d: connection failed: %s",
c->self, strerror(err));
/* Try next address, if any */
if ((sock = connect_next(&c->connect_ctx)) > 0) {
close(c->sock);
c->sock = c->rfd = c->wfd = sock;
return;
}
/* Exhausted all addresses */
return;
}
if (err == EINTR || err == EAGAIN || err == EINPROGRESS)
return;
/* Non-blocking connection failed */
debug("channel %d: connection failed: %s", c->self, strerror(err));
/* Try next address, if any */
if ((sock = connect_next(&c->connect_ctx)) == -1) {
/* Exhausted all addresses for this destination */
error("connect_to %.100s port %d: failed.",
c->connect_ctx.host, c->connect_ctx.port);
channel_connect_ctx_free(&c->connect_ctx);
@ -2045,6 +2102,10 @@ channel_post_connecting(struct ssh *ssh, Channel *c)
chan_mark_dead(ssh, c);
}
}
/* New non-blocking connection in progress */
close(c->sock);
c->sock = c->rfd = c->wfd = sock;
}
static int
@ -2091,7 +2152,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c)
goto rfail;
}
if (nr != 0)
c->lastused = monotime();
channel_set_used_time(ssh, c);
return 1;
}
@ -2117,7 +2178,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c)
}
return -1;
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (c->input_filter != NULL) {
if (c->input_filter(ssh, c, buf, len) == -1) {
debug2("channel %d: filter stops", c->self);
@ -2198,7 +2259,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c)
}
return -1;
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
#ifndef BROKEN_TCGETATTR_ICANON
if (c->isatty && dlen >= 1 && buf[0] != '\r') {
if (tcgetattr(c->wfd, &tio) == 0 &&
@ -2247,7 +2308,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c)
if ((r = sshbuf_consume(c->extended, len)) != 0)
fatal_fr(r, "channel %i: consume", c->self);
c->local_consumed += len;
c->lastused = monotime();
channel_set_used_time(ssh, c);
}
return 1;
}
@ -2274,7 +2335,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c)
channel_close_fd(ssh, c, &c->efd);
return 1;
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
if (c->extended_usage == CHAN_EXTENDED_IGNORE)
debug3("channel %d: discard efd", c->self);
else if ((r = sshbuf_put(c->extended, buf, len)) != 0)
@ -2564,10 +2625,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout)
continue;
}
if (ftab[c->type] != NULL) {
if (table == CHAN_PRE &&
c->type == SSH_CHANNEL_OPEN &&
c->inactive_deadline != 0 && c->lastused != 0 &&
now >= c->lastused + c->inactive_deadline) {
if (table == CHAN_PRE && c->type == SSH_CHANNEL_OPEN &&
channel_get_expiry(ssh, c) != 0 &&
now >= channel_get_expiry(ssh, c)) {
/* channel closed for inactivity */
verbose("channel %d: closing after %u seconds "
"of inactivity", c->self,
@ -2579,10 +2639,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout)
/* inactivity timeouts must interrupt poll() */
if (timeout != NULL &&
c->type == SSH_CHANNEL_OPEN &&
c->lastused != 0 &&
c->inactive_deadline != 0) {
channel_get_expiry(ssh, c) != 0) {
ptimeout_deadline_monotime(timeout,
c->lastused + c->inactive_deadline);
channel_get_expiry(ssh, c));
}
} else if (timeout != NULL) {
/*
@ -2890,8 +2949,9 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd)
/*
* Enqueue data for channels with open or draining c->input.
* Returns non-zero if a packet was enqueued.
*/
static void
static int
channel_output_poll_input_open(struct ssh *ssh, Channel *c)
{
size_t len, plen;
@ -2914,7 +2974,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
else
chan_ibuf_empty(ssh, c);
}
return;
return 0;
}
if (!c->have_remote_id)
@ -2931,7 +2991,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
*/
if (plen > c->remote_window || plen > c->remote_maxpacket) {
debug("channel %d: datagram too big", c->self);
return;
return 0;
}
/* Enqueue it */
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 ||
@ -2940,7 +3000,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
(r = sshpkt_send(ssh)) != 0)
fatal_fr(r, "channel %i: send datagram", c->self);
c->remote_window -= plen;
return;
return 1;
}
/* Enqueue packet for buffered data. */
@ -2949,7 +3009,7 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
if (len > c->remote_maxpacket)
len = c->remote_maxpacket;
if (len == 0)
return;
return 0;
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 ||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
(r = sshpkt_put_string(ssh, sshbuf_ptr(c->input), len)) != 0 ||
@ -2958,19 +3018,21 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c)
if ((r = sshbuf_consume(c->input, len)) != 0)
fatal_fr(r, "channel %i: consume", c->self);
c->remote_window -= len;
return 1;
}
/*
* Enqueue data for channels with open c->extended in read mode.
* Returns non-zero if a packet was enqueued.
*/
static void
static int
channel_output_poll_extended_read(struct ssh *ssh, Channel *c)
{
size_t len;
int r;
if ((len = sshbuf_len(c->extended)) == 0)
return;
return 0;
debug2("channel %d: rwin %u elen %zu euse %d", c->self,
c->remote_window, sshbuf_len(c->extended), c->extended_usage);
@ -2979,7 +3041,7 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c)
if (len > c->remote_maxpacket)
len = c->remote_maxpacket;
if (len == 0)
return;
return 0;
if (!c->have_remote_id)
fatal_f("channel %d: no remote id", c->self);
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA)) != 0 ||
@ -2992,15 +3054,20 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c)
fatal_fr(r, "channel %i: consume", c->self);
c->remote_window -= len;
debug2("channel %d: sent ext data %zu", c->self, len);
return 1;
}
/* If there is data to send to the connection, enqueue some of it now. */
void
/*
* If there is data to send to the connection, enqueue some of it now.
* Returns non-zero if data was enqueued.
*/
int
channel_output_poll(struct ssh *ssh)
{
struct ssh_channels *sc = ssh->chanctxt;
Channel *c;
u_int i;
int ret = 0;
for (i = 0; i < sc->channels_alloc; i++) {
c = sc->channels[i];
@ -3023,12 +3090,13 @@ channel_output_poll(struct ssh *ssh)
/* Get the amount of buffered data for this channel. */
if (c->istate == CHAN_INPUT_OPEN ||
c->istate == CHAN_INPUT_WAIT_DRAIN)
channel_output_poll_input_open(ssh, c);
ret |= channel_output_poll_input_open(ssh, c);
/* Send extended data, i.e. stderr */
if (!(c->flags & CHAN_EOF_SENT) &&
c->extended_usage == CHAN_EXTENDED_READ)
channel_output_poll_extended_read(ssh, c);
ret |= channel_output_poll_extended_read(ssh, c);
}
return ret;
}
/* -- mux proxy support */
@ -3179,9 +3247,8 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream)
goto out;
}
/* Record that connection to this host/port is permitted. */
permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>", -1,
listen_host, NULL, (int)listen_port, downstream);
listen_host = NULL;
permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>",
-1, listen_host, NULL, (int)listen_port, downstream);
break;
case SSH2_MSG_CHANNEL_CLOSE:
if (have < 4)
@ -3381,11 +3448,20 @@ channel_input_data(int type, u_int32_t seq, struct ssh *ssh)
return 0;
}
if (win_len > c->local_window) {
logit("channel %d: rcvd too much data %zu, win %u",
c->self, win_len, c->local_window);
return 0;
c->local_window_exceeded += win_len - c->local_window;
logit("channel %d: rcvd too much data %zu, win %u/%u "
"(excess %u)", c->self, win_len, c->local_window,
c->local_window_max, c->local_window_exceeded);
c->local_window = 0;
/* Allow 10% grace before bringing the hammer down */
if (c->local_window_exceeded > (c->local_window_max / 10)) {
ssh_packet_disconnect(ssh, "channel %d: peer ignored "
"channel window", c->self);
}
} else {
c->local_window -= win_len;
c->local_window_exceeded = 0;
}
c->local_window -= win_len;
if (c->datagram) {
if ((r = sshbuf_put_string(c->output, data, data_len)) != 0)
@ -3523,7 +3599,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh)
c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx);
debug2_f("channel %d: callback done", c->self);
}
c->lastused = monotime();
channel_set_used_time(ssh, c);
debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
c->remote_window, c->remote_maxpacket);
return 0;
@ -4505,19 +4581,6 @@ channel_update_permission(struct ssh *ssh, int idx, int newport)
}
}
/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */
int
permitopen_port(const char *p)
{
int port;
if (strcmp(p, "*") == 0)
return FWD_PERMIT_ANY_PORT;
if ((port = a2port(p)) > 0)
return port;
return -1;
}
/* Try to start non-blocking connect to next host in cctx list */
static int
connect_next(struct channel_connect *cctx)
@ -5046,8 +5109,10 @@ connect_local_xsocket_path(const char *pathname)
struct sockaddr_un addr;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock == -1)
if (sock == -1) {
error("socket: %.100s", strerror(errno));
return -1;
}
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);

16
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.148 2023/01/18 02:00:10 djm Exp $ */
/* $OpenBSD: channels.h,v 1.156 2024/05/23 23:47:16 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -85,7 +85,6 @@
struct ssh;
struct Channel;
typedef struct Channel Channel;
struct fwd_perm_list;
typedef void channel_open_fn(struct ssh *, int, int, void *);
typedef void channel_callback_fn(struct ssh *, int, int, void *);
@ -170,6 +169,7 @@ struct Channel {
u_int remote_window;
u_int remote_maxpacket;
u_int local_window;
u_int local_window_exceeded;
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
@ -210,7 +210,7 @@ struct Channel {
/* Last traffic seen for OPEN channels */
time_t lastused;
/* Inactivity timeout deadline in seconds (0 = no timeout) */
u_int inactive_deadline;
int inactive_deadline;
};
#define CHAN_EXTENDED_IGNORE 0
@ -308,7 +308,7 @@ int channel_close_fd(struct ssh *, Channel *, int *);
void channel_send_window_changes(struct ssh *);
/* channel inactivity timeouts */
void channel_add_timeout(struct ssh *, const char *, u_int);
void channel_add_timeout(struct ssh *, const char *, int);
void channel_clear_timeouts(struct ssh *);
/* mux proxy support */
@ -324,7 +324,6 @@ int channel_input_ieof(int, u_int32_t, struct ssh *);
int channel_input_oclose(int, u_int32_t, struct ssh *);
int channel_input_open_confirmation(int, u_int32_t, struct ssh *);
int channel_input_open_failure(int, u_int32_t, struct ssh *);
int channel_input_port_open(int, u_int32_t, struct ssh *);
int channel_input_window_adjust(int, u_int32_t, struct ssh *);
int channel_input_status_confirm(int, u_int32_t, struct ssh *);
@ -335,11 +334,12 @@ struct timespec;
void channel_prepare_poll(struct ssh *, struct pollfd **,
u_int *, u_int *, u_int, struct timespec *);
void channel_after_poll(struct ssh *, struct pollfd *, u_int);
void channel_output_poll(struct ssh *);
int channel_output_poll(struct ssh *);
int channel_not_very_much_buffered_data(struct ssh *);
void channel_close_all(struct ssh *);
int channel_still_open(struct ssh *);
int channel_tty_open(struct ssh *);
const char *channel_format_extended_usage(const Channel *);
char *channel_open_message(struct ssh *);
int channel_find_open(struct ssh *);
@ -357,7 +357,7 @@ Channel *channel_connect_to_port(struct ssh *, const char *, u_short,
char *, char *, int *, const char **);
Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *);
Channel *channel_connect_stdio_fwd(struct ssh *, const char*,
u_short, int, int, int);
int, int, int, int);
Channel *channel_connect_by_listen_address(struct ssh *, const char *,
u_short, char *, char *);
Channel *channel_connect_by_listen_path(struct ssh *, const char *,
@ -375,7 +375,7 @@ int permitopen_port(const char *);
/* x11 forwarding */
void channel_set_x11_refuse_time(struct ssh *, u_int);
void channel_set_x11_refuse_time(struct ssh *, time_t);
int x11_connect_display(struct ssh *);
int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
void x11_request_forwarding_with_spoofing(struct ssh *, int,

2
cipher-aes.c
View File

@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
static int
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
LIBCRYPTO_EVP_INL_TYPE len)
size_t len)
{
struct ssh_rijndael_ctx *c;
u_char buf[RIJNDAEL_BLOCKSIZE];

3
cipher-chachapoly-libcrypto.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: cipher-chachapoly-libcrypto.c,v 1.2 2023/07/17 05:26:38 djm Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
*
@ -14,8 +15,6 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $OpenBSD: cipher-chachapoly-libcrypto.c,v 1.1 2020/04/03 04:32:21 djm Exp $ */
#include "includes.h"
#ifdef WITH_OPENSSL
#include "openbsd-compat/openssl-compat.h"

3
cipher-chachapoly.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: cipher-chachapoly.c,v 1.10 2023/07/17 05:26:38 djm Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
*
@ -14,8 +15,6 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $OpenBSD: cipher-chachapoly.c,v 1.9 2020/04/03 04:27:03 djm Exp $ */
#include "includes.h"
#ifdef WITH_OPENSSL
#include "openbsd-compat/openssl-compat.h"

25
cipher.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.c,v 1.119 2021/04/03 06:18:40 djm Exp $ */
/* $OpenBSD: cipher.c,v 1.121 2024/05/17 02:39:11 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -372,7 +372,7 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv))
return SSH_ERR_LIBCRYPTO_ERROR;
/* set tag on decyption */
/* set tag on decryption */
if (!cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, (u_char *)src + aadlen + len))
@ -434,27 +434,6 @@ cipher_free(struct sshcipher_ctx *cc)
freezero(cc, sizeof(*cc));
}
/*
* Exports an IV from the sshcipher_ctx required to export the key
* state back from the unprivileged child to the privileged parent
* process.
*/
int
cipher_get_keyiv_len(const struct sshcipher_ctx *cc)
{
const struct sshcipher *c = cc->cipher;
if ((c->flags & CFLAG_CHACHAPOLY) != 0)
return 0;
else if ((c->flags & CFLAG_AESCTR) != 0)
return sizeof(cc->ac_ctx.ctr);
#ifdef WITH_OPENSSL
return EVP_CIPHER_CTX_iv_length(cc->evp);
#else
return 0;
#endif
}
int
cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
{

3
cipher.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
/* $OpenBSD: cipher.h,v 1.56 2023/10/10 06:49:54 tb Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -73,6 +73,5 @@ u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *);
int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, size_t);
int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *, size_t);
int cipher_get_keyiv_len(const struct sshcipher_ctx *);
#endif /* CIPHER_H */

305
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.387 2023/01/06 02:39:59 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.408 2024/07/01 04:31:17 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -118,6 +118,9 @@
/* Permitted RSA signature algorithms for UpdateHostkeys proofs */
#define HOSTKEY_PROOF_RSA_ALGS "rsa-sha2-512,rsa-sha2-256"
/* Uncertainty (in percent) of keystroke timing intervals */
#define SSH_KEYSTROKE_TIMING_FUZZ 10
/* import options */
extern Options options;
@ -153,12 +156,11 @@ static time_t control_persist_exit_time = 0;
volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
static int last_was_cr; /* Last character was a newline. */
static int exit_status; /* Used to store the command exit status. */
static struct sshbuf *stderr_buffer; /* Used for final exit message. */
static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
static int need_rekeying; /* Set to non-zero if rekeying is requested. */
static int session_closed; /* In SSH2: login session closed. */
static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */
static time_t x11_refuse_time; /* If >0, refuse x11 opens after this time. */
static time_t server_alive_time; /* Time to do server_alive_check */
static int hostkeys_update_complete;
static int session_setup_complete;
@ -191,23 +193,24 @@ TAILQ_HEAD(global_confirms, global_confirm);
static struct global_confirms global_confirms =
TAILQ_HEAD_INITIALIZER(global_confirms);
void ssh_process_session2_setup(int, int, int, struct sshbuf *);
static void quit_message(const char *fmt, ...)
__attribute__((__format__ (printf, 1, 2)));
static void
quit_message(const char *fmt, ...)
{
char *msg;
char *msg, *fmt2;
va_list args;
int r;
xasprintf(&fmt2, "%s\r\n", fmt);
va_start(args, fmt);
xvasprintf(&msg, fmt, args);
xvasprintf(&msg, fmt2, args);
va_end(args);
if ((r = sshbuf_putf(stderr_buffer, "%s\r\n", msg)) != 0)
fatal_fr(r, "sshbuf_putf");
(void)atomicio(vwrite, STDERR_FILENO, msg, strlen(msg));
free(msg);
free(fmt2);
quit_pending = 1;
}
@ -215,7 +218,6 @@ quit_message(const char *fmt, ...)
* Signal handler for the window change signal (SIGWINCH). This just sets a
* flag indicating that the window has changed.
*/
/*ARGSUSED */
static void
window_change_handler(int sig)
{
@ -226,7 +228,6 @@ window_change_handler(int sig)
* Signal handler for signals that cause the program to terminate. These
* signals must be trapped to restore terminal modes.
*/
/*ARGSUSED */
static void
signal_handler(int sig)
{
@ -380,8 +381,8 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
if (timeout != 0 && x11_refuse_time == 0) {
now = monotime() + 1;
if (UINT_MAX - timeout < now)
x11_refuse_time = UINT_MAX;
if (SSH_TIME_T_MAX - timeout < now)
x11_refuse_time = SSH_TIME_T_MAX;
else
x11_refuse_time = now + timeout;
channel_set_x11_refuse_time(ssh,
@ -517,17 +518,182 @@ server_alive_check(struct ssh *ssh)
schedule_server_alive_check();
}
/* Try to send a dummy keystroke */
static int
send_chaff(struct ssh *ssh)
{
int r;
if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0)
return 0;
/* XXX probabilistically send chaff? */
/*
* a SSH2_MSG_CHANNEL_DATA payload is 9 bytes:
* 4 bytes channel ID + 4 bytes string length + 1 byte string data
* simulate that here.
*/
if ((r = sshpkt_start(ssh, SSH2_MSG_PING)) != 0 ||
(r = sshpkt_put_cstring(ssh, "PING!")) != 0 ||
(r = sshpkt_send(ssh)) != 0)
fatal_fr(r, "send packet");
return 1;
}
/* Sets the next interval to send a keystroke or chaff packet */
static void
set_next_interval(const struct timespec *now, struct timespec *next_interval,
u_int interval_ms, int starting)
{
struct timespec tmp;
long long interval_ns, fuzz_ns;
static long long rate_fuzz;
interval_ns = interval_ms * (1000LL * 1000);
fuzz_ns = (interval_ns * SSH_KEYSTROKE_TIMING_FUZZ) / 100;
/* Center fuzz around requested interval */
if (fuzz_ns > INT_MAX)
fuzz_ns = INT_MAX;
if (fuzz_ns > interval_ns) {
/* Shouldn't happen */
fatal_f("internal error: fuzz %u%% %lldns > interval %lldns",
SSH_KEYSTROKE_TIMING_FUZZ, fuzz_ns, interval_ns);
}
/*
* Randomise the keystroke/chaff intervals in two ways:
* 1. Each interval has some random jitter applied to make the
* interval-to-interval time unpredictable.
* 2. The overall interval rate is also randomly perturbed for each
* chaffing session to make the average rate unpredictable.
*/
if (starting)
rate_fuzz = arc4random_uniform(fuzz_ns);
interval_ns -= fuzz_ns;
interval_ns += arc4random_uniform(fuzz_ns) + rate_fuzz;
tmp.tv_sec = interval_ns / (1000 * 1000 * 1000);
tmp.tv_nsec = interval_ns % (1000 * 1000 * 1000);
timespecadd(now, &tmp, next_interval);
}
/*
* Performs keystroke timing obfuscation. Returns non-zero if the
* output fd should be polled.
*/
static int
obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
int channel_did_enqueue)
{
static int active;
static struct timespec next_interval, chaff_until;
struct timespec now, tmp;
int just_started = 0, had_keystroke = 0;
static unsigned long long nchaff;
char *stop_reason = NULL;
long long n;
monotime_ts(&now);
if (options.obscure_keystroke_timing_interval <= 0)
return 1; /* disabled in config */
if (!channel_tty_open(ssh) || quit_pending) {
/* Stop if no channels left of we're waiting for one to close */
stop_reason = "no active channels";
} else if (ssh_packet_is_rekeying(ssh)) {
/* Stop if we're rekeying */
stop_reason = "rekeying started";
} else if (!ssh_packet_interactive_data_to_write(ssh) &&
ssh_packet_have_data_to_write(ssh)) {
/* Stop if the output buffer has more than a few keystrokes */
stop_reason = "output buffer filling";
} else if (active && channel_did_enqueue &&
ssh_packet_have_data_to_write(ssh)) {
/* Still in active mode and have a keystroke queued. */
had_keystroke = 1;
} else if (active) {
if (timespeccmp(&now, &chaff_until, >=)) {
/* Stop if there have been no keystrokes for a while */
stop_reason = "chaff time expired";
} else if (timespeccmp(&now, &next_interval, >=) &&
!ssh_packet_have_data_to_write(ssh)) {
/* If due to send but have no data, then send chaff */
if (send_chaff(ssh))
nchaff++;
}
}
if (stop_reason != NULL) {
if (active) {
debug3_f("stopping: %s (%llu chaff packets sent)",
stop_reason, nchaff);
active = 0;
}
return 1;
}
/*
* If we're in interactive mode, and only have a small amount
* of outbound data, then we assume that the user is typing
* interactively. In this case, start quantising outbound packets to
* fixed time intervals to hide inter-keystroke timing.
*/
if (!active && ssh_packet_interactive_data_to_write(ssh) &&
channel_did_enqueue && ssh_packet_have_data_to_write(ssh)) {
debug3_f("starting: interval ~%dms",
options.obscure_keystroke_timing_interval);
just_started = had_keystroke = active = 1;
nchaff = 0;
set_next_interval(&now, &next_interval,
options.obscure_keystroke_timing_interval, 1);
}
/* Don't hold off if obfuscation inactive */
if (!active)
return 1;
if (had_keystroke) {
/*
* Arrange to send chaff packets for a random interval after
* the last keystroke was sent.
*/
ms_to_timespec(&tmp, SSH_KEYSTROKE_CHAFF_MIN_MS +
arc4random_uniform(SSH_KEYSTROKE_CHAFF_RNG_MS));
timespecadd(&now, &tmp, &chaff_until);
}
ptimeout_deadline_monotime_tsp(timeout, &next_interval);
if (just_started)
return 1;
/* Don't arm output fd for poll until the timing interval has elapsed */
if (timespeccmp(&now, &next_interval, <))
return 0;
/* Calculate number of intervals missed since the last check */
n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000;
n += now.tv_nsec - next_interval.tv_nsec;
n /= options.obscure_keystroke_timing_interval * 1000LL * 1000;
n = (n < 0) ? 1 : n + 1;
/* Advance to the next interval */
set_next_interval(&now, &next_interval,
options.obscure_keystroke_timing_interval * n, 0);
return 1;
}
/*
* Waits until the client can do something (some data becomes available on
* one of the file descriptors).
*/
static void
client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp,
u_int *npfd_allocp, u_int *npfd_activep, int rekeying,
int *conn_in_readyp, int *conn_out_readyp)
u_int *npfd_allocp, u_int *npfd_activep, int channel_did_enqueue,
sigset_t *sigsetp, int *conn_in_readyp, int *conn_out_readyp)
{
struct timespec timeout;
int ret;
int ret, oready;
u_int p;
*conn_in_readyp = *conn_out_readyp = 0;
@ -547,11 +713,14 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp,
return;
}
oready = obfuscate_keystroke_timing(ssh, &timeout, channel_did_enqueue);
/* Monitor server connection on reserved pollfd entries */
(*pfdp)[0].fd = connection_in;
(*pfdp)[0].events = POLLIN;
(*pfdp)[1].fd = connection_out;
(*pfdp)[1].events = ssh_packet_have_data_to_write(ssh) ? POLLOUT : 0;
(*pfdp)[1].events = (oready && ssh_packet_have_data_to_write(ssh)) ?
POLLOUT : 0;
/*
* Wait for something to happen. This will suspend the process until
@ -563,12 +732,12 @@ client_wait_until_can_do_something(struct ssh *ssh, struct pollfd **pfdp,
ptimeout_deadline_monotime(&timeout, control_persist_exit_time);
if (options.server_alive_interval > 0)
ptimeout_deadline_monotime(&timeout, server_alive_time);
if (options.rekey_interval > 0 && !rekeying) {
if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) {
ptimeout_deadline_sec(&timeout,
ssh_packet_get_rekey_timeout(ssh));
}
ret = poll(*pfdp, *npfd_activep, ptimeout_get_ms(&timeout));
ret = ppoll(*pfdp, *npfd_activep, ptimeout_get_tsp(&timeout), sigsetp);
if (ret == -1) {
/*
@ -1015,14 +1184,12 @@ process_escapes(struct ssh *ssh, Channel *c,
u_int i;
u_char ch;
char *s;
struct escape_filter_ctx *efc = c->filter_ctx == NULL ?
NULL : (struct escape_filter_ctx *)c->filter_ctx;
struct escape_filter_ctx *efc;
if (c->filter_ctx == NULL)
if (c == NULL || c->filter_ctx == NULL || len <= 0)
return 0;
if (len <= 0)
return (0);
efc = (struct escape_filter_ctx *)c->filter_ctx;
for (i = 0; i < (u_int)len; i++) {
/* Get one character at a time. */
@ -1119,7 +1286,7 @@ process_escapes(struct ssh *ssh, Channel *c,
continue;
case '&':
if (c && c->ctl_chan != -1)
if (c->ctl_chan != -1)
goto noescape;
/*
* Detach the program (continue to serve
@ -1287,9 +1454,10 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
struct pollfd *pfd = NULL;
u_int npfd_alloc = 0, npfd_active = 0;
double start_time, total_time;
int r, len;
int channel_did_enqueue = 0, r;
u_int64_t ibytes, obytes;
int conn_in_ready, conn_out_ready;
sigset_t bsigset, osigset;
debug("Entering interactive session.");
session_ident = ssh2_chan_id;
@ -1338,10 +1506,6 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
quit_pending = 0;
/* Initialize buffer. */
if ((stderr_buffer = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
client_init_dispatch(ssh);
/*
@ -1375,8 +1539,16 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
schedule_server_alive_check();
if (sigemptyset(&bsigset) == -1 ||
sigaddset(&bsigset, SIGHUP) == -1 ||
sigaddset(&bsigset, SIGINT) == -1 ||
sigaddset(&bsigset, SIGQUIT) == -1 ||
sigaddset(&bsigset, SIGTERM) == -1)
error_f("bsigset setup: %s", strerror(errno));
/* Main loop of the client for the interactive session mode. */
while (!quit_pending) {
channel_did_enqueue = 0;
/* Process buffered packets sent by the server. */
client_process_buffered_input_packets(ssh);
@ -1398,24 +1570,27 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
* enqueue them for sending to the server.
*/
if (ssh_packet_not_very_much_data_to_write(ssh))
channel_output_poll(ssh);
channel_did_enqueue = channel_output_poll(ssh);
/*
* Check if the window size has changed, and buffer a
* message about it to the server if so.
*/
client_check_window_change(ssh);
if (quit_pending)
break;
}
/*
* Wait until we have something to do (something becomes
* available on one of the descriptors).
*/
if (sigprocmask(SIG_BLOCK, &bsigset, &osigset) == -1)
error_f("bsigset sigprocmask: %s", strerror(errno));
if (quit_pending)
break;
client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc,
&npfd_active, ssh_packet_is_rekeying(ssh),
&npfd_active, channel_did_enqueue, &osigset,
&conn_in_ready, &conn_out_ready);
if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1)
error_f("osigset sigprocmask: %s", strerror(errno));
if (quit_pending)
break;
@ -1461,6 +1636,14 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
/* Terminate the session. */
/*
* In interactive mode (with pseudo tty) display a message indicating
* that the connection has been closed.
*/
if (have_pty && options.log_level >= SYSLOG_LEVEL_INFO)
quit_message("Connection to %s closed.", host);
/* Stop watching for window change. */
ssh_signal(SIGWINCH, SIG_DFL);
@ -1493,27 +1676,6 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
cleanup_exit(255);
}
/*
* In interactive mode (with pseudo tty) display a message indicating
* that the connection has been closed.
*/
if (have_pty && options.log_level >= SYSLOG_LEVEL_INFO)
quit_message("Connection to %s closed.", host);
/* Output any buffered data for stderr. */
if (sshbuf_len(stderr_buffer) > 0) {
len = atomicio(vwrite, fileno(stderr),
(u_char *)sshbuf_ptr(stderr_buffer),
sshbuf_len(stderr_buffer));
if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer))
error("Write failed flushing stderr buffer.");
else if ((r = sshbuf_consume(stderr_buffer, len)) != 0)
fatal_fr(r, "sshbuf_consume");
}
/* Clear and free any buffers. */
sshbuf_free(stderr_buffer);
/* Report bytes transferred, and transfer rates. */
total_time = monotime_double() - start_time;
ssh_packet_get_bytes(ssh, &ibytes, &obytes);
@ -1625,7 +1787,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
"malicious server.");
return NULL;
}
if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
verbose("Rejected X11 connection after ForwardX11Timeout "
"expired");
return NULL;
@ -1642,7 +1804,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
sock = x11_connect_display(ssh);
if (sock < 0)
return NULL;
c = channel_new(ssh, "x11",
c = channel_new(ssh, "x11-connection",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
c->force_drain = 1;
@ -1677,7 +1839,7 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
else
debug2_fr(r, "ssh_agent_bind_hostkey");
c = channel_new(ssh, "authentication agent connection",
c = channel_new(ssh, "agent-connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
"authentication agent connection", 1);
@ -1705,7 +1867,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
}
debug("Tunnel forwarding using interface %s", ifname);
c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
c = channel_new(ssh, "tun-connection", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
@ -2120,7 +2282,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
free(response);
response = read_passphrase("Accept updated hostkeys? "
"(yes/no): ", RP_ECHO);
if (strcasecmp(response, "yes") == 0)
if (response != NULL && strcasecmp(response, "yes") == 0)
break;
else if (quit_pending || response == NULL ||
strcasecmp(response, "no") == 0) {
@ -2270,25 +2432,6 @@ client_global_hostkeys_prove_confirm(struct ssh *ssh, int type,
client_repledge();
}
/*
* Returns non-zero if the key is accepted by HostkeyAlgorithms.
* Made slightly less trivial by the multiple RSA signature algorithm names.
*/
static int
key_accepted_by_hostkeyalgs(const struct sshkey *key)
{
const char *ktype = sshkey_ssh_name(key);
const char *hostkeyalgs = options.hostkeyalgorithms;
if (key == NULL || key->type == KEY_UNSPEC)
return 0;
if (key->type == KEY_RSA &&
(match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
return 1;
return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
}
/*
* Handle hostkeys-00@openssh.com global request to inform the client of all
* the server's hostkeys. The keys are checked against the user's
@ -2333,7 +2476,7 @@ client_input_hostkeys(struct ssh *ssh)
debug3_f("received %s key %s", sshkey_type(key), fp); // CodeQL [SM02311]: debug3_f can accept NULL value for fp
free(fp);
if (!key_accepted_by_hostkeyalgs(key)) {
if (!hostkey_accepted_by_hostkeyalgs(key)) {
debug3_f("%s key not permitted by "
"HostkeyAlgorithms", sshkey_ssh_name(key));
continue;

3
clientloop.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.37 2020/04/03 02:40:32 djm Exp $ */
/* $OpenBSD: clientloop.h,v 1.38 2024/05/17 06:42:04 jsg Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -43,7 +43,6 @@ struct ssh;
int client_loop(struct ssh *, int, int, int);
int client_x11_get_proto(struct ssh *, const char *, const char *,
u_int, u_int, char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(struct ssh *, int, int, int,
const char *, struct termios *, int, struct sshbuf *, char **);
char *client_request_tun_fwd(struct ssh *, int, int, int,

53
compat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.121 2023/02/02 12:10:05 djm Exp $ */
/* $OpenBSD: compat.c,v 1.126 2023/03/06 12:14:48 dtucker Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -36,7 +36,6 @@
#include "compat.h"
#include "log.h"
#include "match.h"
#include "kex.h"
/* determine bug flags from SSH protocol banner */
void
@ -77,26 +76,8 @@ compat_banner(struct ssh *ssh, const char *version)
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
{ "1.2.18*,"
"1.2.19*,"
"1.2.20*,"
"1.2.21*,"
"1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */
SSH_BUG_IGNOREMSG },
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE|
SSH_BUG_HOSTKEYS },
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
"OSU_1.0*,"
"OSU_1.1*,"
"OSU_1.2*,"
"OSU_1.3*,"
"OSU_1.4*,"
"OSU_1.5alpha1*,"
"OSU_1.5alpha2*,"
"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
{ "*SSH_Version_Mapper*",
SSH_BUG_SCANNER },
{ "PuTTY_Local:*," /* dev versions < Sep 2014 */
@ -158,37 +139,7 @@ compat_banner(struct ssh *ssh, const char *version)
/* Always returns pointer to allocated memory, caller must free. */
char *
compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
{
if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
return xstrdup(cipher_prop);
debug2_f("original cipher proposal: %s", cipher_prop);
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
fatal("match_filter_denylist failed");
debug2_f("compat cipher proposal: %s", cipher_prop);
if (*cipher_prop == '\0')
fatal("No supported ciphers found");
return cipher_prop;
}
/* Always returns pointer to allocated memory, caller must free. */
char *
compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
{
if (!(ssh->compat & SSH_BUG_RSASIGMD5))
return xstrdup(pkalg_prop);
debug2_f("original public key proposal: %s", pkalg_prop);
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
fatal("match_filter_denylist failed");
debug2_f("compat public key proposal: %s", pkalg_prop);
if (*pkalg_prop == '\0')
fatal("No supported PK algorithms found");
return pkalg_prop;
}
/* Always returns pointer to allocated memory, caller must free. */
char *
compat_kex_proposal(struct ssh *ssh, char *p)
compat_kex_proposal(struct ssh *ssh, const char *p)
{
char *cp = NULL, *cp2 = NULL;

14
compat.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.h,v 1.57 2021/06/06 03:40:39 djm Exp $ */
/* $OpenBSD: compat.h,v 1.62 2023/03/06 12:14:48 dtucker Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@ -35,12 +35,12 @@
/* #define unused 0x00000020 */
#define SSH_BUG_DEBUG 0x00000040
/* #define unused 0x00000080 */
#define SSH_BUG_IGNOREMSG 0x00000100
/* #define unused 0x00000100 */
/* #define unused 0x00000200 */
#define SSH_BUG_PASSWORDPAD 0x00000400
/* #define unused 0x00000400 */
#define SSH_BUG_SCANNER 0x00000800
#define SSH_BUG_BIGENDIANAES 0x00001000
#define SSH_BUG_RSASIGMD5 0x00002000
/* #define unused 0x00001000 */
/* #define unused 0x00002000 */
#define SSH_OLD_DHGEX 0x00004000
#define SSH_BUG_NOREKEY 0x00008000
/* #define unused 0x00010000 */
@ -61,7 +61,5 @@
struct ssh;
void compat_banner(struct ssh *, const char *);
char *compat_cipher_proposal(struct ssh *, char *);
char *compat_pkalg_proposal(struct ssh *, char *);
char *compat_kex_proposal(struct ssh *, char *);
char *compat_kex_proposal(struct ssh *, const char *);
#endif

2051
config.h.in Normal file
View File

File diff suppressed because it is too large Load Diff

27691
configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

241
configure.ac
View File

@ -149,6 +149,7 @@ fi
use_stack_protector=1
use_toolchain_hardening=1
use_retpoline=1
AC_ARG_WITH([stackprotect],
[ --without-stackprotect Don't use compiler's stack protection], [
if test "x$withval" = "xno"; then
@ -159,6 +160,11 @@ AC_ARG_WITH([hardening],
if test "x$withval" = "xno"; then
use_toolchain_hardening=0
fi ])
AC_ARG_WITH([retpoline],
[ --without-retpoline Enable retpoline spectre mitigation], [
if test "x$withval" = "xno"; then
use_retpoline=0
fi ])
# We use -Werror for the tests only so that we catch warnings like "this is
# on by default" for things like -fPIE.
@ -187,7 +193,14 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
AC_MSG_RESULT([$GCC_VER])
AC_MSG_CHECKING([clang version])
CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'`
ver="`$CC -v 2>&1`"
if echo "$ver" | grep "Apple" >/dev/null; then
CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \
$SED 's/.*clang version //g' | $AWK '{print $1}'`
else
CLANG_VER=`echo "$ver" | grep 'clang version' | \
$SED 's/.*clang version //g' | $AWK '{print $1}'`
fi
AC_MSG_RESULT([$CLANG_VER])
OSSH_CHECK_CFLAG_COMPILE([-pipe])
@ -209,8 +222,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
if test "x$use_toolchain_hardening" = "x1"; then
OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
@ -224,12 +235,19 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
# clang 15 seems to have a bug in -fzero-call-used-regs=all. See
# https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
# https://github.com/llvm/llvm-project/issues/59242
# clang 17 has a different bug that causes an ICE when using this
# flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629)
case "$CLANG_VER" in
15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;;
*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;;
apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
17*) ;;
*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
esac
OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
fi
if test "x$use_retpoline" = "x1"; then
OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
fi
AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
saved_CFLAGS="$CFLAGS"
@ -897,6 +915,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
AC_DEFINE([USE_BTMP])
AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload])
inet6_default_4in6=yes
case `uname -r` in
1.*|2.0.*)
@ -1329,6 +1348,13 @@ EOD
AC_DEFINE([BROKEN_SETVBUF], [1],
[LynxOS has broken setvbuf() implementation])
;;
*-*-gnu*)
dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries.
dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
dnl _GNU_SOURCE is needed for setres*id prototypes.
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
;;
esac
AC_MSG_CHECKING([compiler and flags for sanity])
@ -1464,7 +1490,7 @@ else
[[
int a=0, b=0, c=0, d=0, n, v;
n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
if (n != 3 && n != 4)
if (n < 1)
exit(1);
v = a*1000000 + b*10000 + c*100 + d;
fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
@ -2057,6 +2083,16 @@ AC_ARG_WITH([security-key-builtin],
[ enable_sk_internal=$withval ]
)
enable_dsa=
AC_ARG_ENABLE([dsa-keys],
[ --enable-dsa-keys enable DSA key support [no]],
[
if test "x$enableval" != "xno" ; then
enable_dsa=1
fi
]
)
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
@ -2713,7 +2749,15 @@ AC_ARG_WITH([ssl-dir],
else
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
dnl Ensure specified openssl binary works, eg it can
dnl find its runtime libraries, before trying to use.
if test -x "${withval}/bin/openssl" && \
"${withval}/bin/openssl" version >/dev/null 2>&1; then
openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}"
elif test -x "${withval}/apps/openssl" && \
"${withval}/apps/openssl" version >/dev/null 2>&1; then
openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}"
fi
fi
]
)
@ -2780,8 +2824,8 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_RESULT([$ssl_header_ver])
],
[
AC_MSG_RESULT([not found])
AC_MSG_ERROR([OpenSSL version header not found.])
AC_MSG_RESULT([failed])
AC_MSG_ERROR([OpenSSL version test program failed.])
],
[
AC_MSG_WARN([cross compiling: not checking])
@ -2802,55 +2846,59 @@ if test "x$openssl" = "xyes" ; then
#include <openssl/crypto.h>
#define DATA "conftest.ssllibver"
]], [[
FILE *fd;
int rc;
fd = fopen(DATA,"w");
if(fd == NULL)
FILE *f;
/* We need these legacy bits to warn for old libcrypto */
#ifndef OPENSSL_VERSION
# define OPENSSL_VERSION SSLEAY_VERSION
#endif
#ifndef HAVE_OPENSSL_VERSION
# define OpenSSL_version SSLeay_version
#endif
#ifndef HAVE_OPENSSL_VERSION_NUM
# define OpenSSL_version_num SSLeay
#endif
if ((f = fopen(DATA, "w")) == NULL)
exit(1);
#ifndef OPENSSL_VERSION
# define OPENSSL_VERSION SSLEAY_VERSION
#endif
#ifndef HAVE_OPENSSL_VERSION
# define OpenSSL_version SSLeay_version
#endif
#ifndef HAVE_OPENSSL_VERSION_NUM
# define OpenSSL_version_num SSLeay
#endif
if ((rc = fprintf(fd, "%08lx (%s)\n",
if (fprintf(f, "%08lx (%s)",
(unsigned long)OpenSSL_version_num(),
OpenSSL_version(OPENSSL_VERSION))) < 0)
OpenSSL_version(OPENSSL_VERSION)) < 0)
exit(1);
#ifdef LIBRESSL_VERSION_NUMBER
if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
exit(1);
#endif
if (fputc('\n', f) == EOF || fclose(f) == EOF)
exit(1);
exit(0);
]])],
[
ssl_library_ver=`cat conftest.ssllibver`
sslver=`cat conftest.ssllibver`
ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
# Check version is supported.
case "$ssl_library_ver" in
10000*|0*)
AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
;;
100*) ;; # 1.0.x
101000[[0123456]]*)
# https://github.com/openssl/openssl/pull/4613
AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
case "$sslver" in
100*|10100*) # 1.0.x, 1.1.0x
AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
;;
101*) ;; # 1.1.x
200*) ;; # LibreSSL
300*)
# OpenSSL 3; we use the 1.1x API
CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
200*) # LibreSSL
lver=`echo "$sslver" | sed 's/.*libressl-//'`
case "$lver" in
2*|300*) # 2.x, 3.0.0
AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
;;
*) ;; # Assume all other versions are good.
esac
;;
301*|302*)
# OpenSSL development branch; request 1.1x API
30*)
# OpenSSL 3; we use the 1.1x API
# https://openssl.org/policies/general/versioning-policy.html
CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
;;
*)
AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
;;
esac
AC_MSG_RESULT([$ssl_library_ver])
AC_MSG_RESULT([$ssl_showver])
],
[
AC_MSG_RESULT([not found])
@ -2863,7 +2911,7 @@ if test "x$openssl" = "xyes" ; then
case "$host" in
x86_64-*)
case "$ssl_library_ver" in
case "$sslver" in
3000004*)
AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
;;
@ -2879,9 +2927,6 @@ if test "x$openssl" = "xyes" ; then
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
]], [[
#ifndef HAVE_OPENSSL_VERSION_NUM
# define OpenSSL_version_num SSLeay
#endif
exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
]])],
[
@ -2955,44 +3000,13 @@ if test "x$openssl" = "xyes" ; then
)
)
# LibreSSL/OpenSSL 1.1x API
# LibreSSL/OpenSSL API differences
AC_CHECK_FUNCS([ \
OPENSSL_init_crypto \
DH_get0_key \
DH_get0_pqg \
DH_set0_key \
DH_set_length \
DH_set0_pqg \
DSA_get0_key \
DSA_get0_pqg \
DSA_set0_key \
DSA_set0_pqg \
DSA_SIG_get0 \
DSA_SIG_set0 \
ECDSA_SIG_get0 \
ECDSA_SIG_set0 \
EVP_CIPHER_CTX_iv \
EVP_CIPHER_CTX_iv_noconst \
EVP_CIPHER_CTX_get_iv \
EVP_CIPHER_CTX_get_updated_iv \
EVP_CIPHER_CTX_set_iv \
RSA_get0_crt_params \
RSA_get0_factors \
RSA_get0_key \
RSA_set0_crt_params \
RSA_set0_factors \
RSA_set0_key \
RSA_meth_free \
RSA_meth_dup \
RSA_meth_set1_name \
RSA_meth_get_finish \
RSA_meth_set_priv_enc \
RSA_meth_set_priv_dec \
RSA_meth_set_finish \
EVP_PKEY_get0_RSA \
EVP_MD_CTX_new \
EVP_MD_CTX_free \
EVP_chacha20 \
])
if test "x$openssl_engine" = "xyes" ; then
@ -3011,7 +3025,7 @@ if test "x$openssl" = "xyes" ; then
fi
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[
#include <stdlib.h>
@ -3050,8 +3064,8 @@ if test "x$openssl" = "xyes" ; then
]
)
# Check for SHA256, SHA384 and SHA512 support in OpenSSL
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
# Check for various EVP support in OpenSSL
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
# Check complete ECC support in OpenSSL
AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
@ -3161,6 +3175,50 @@ if test "x$openssl" = "xyes" ; then
ecdsa-sha2-nistp521 \
ecdsa-sha2-nistp521-cert-v01@openssh.com"
fi
# Check libcrypto ED25519 support
AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key])
AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key])
AC_MSG_CHECKING([whether OpenSSL has ED25519 support])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[
#include <string.h>
#include <openssl/evp.h>
]], [[
unsigned char buf[64];
memset(buf, 0, sizeof(buf));
exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL,
buf, sizeof(buf)) == NULL);
]])],
[
AC_MSG_RESULT([yes])
AC_DEFINE([OPENSSL_HAS_ED25519], [1],
[libcrypto has ed25519 support])
],
[
AC_MSG_RESULT([no])
]
)
openssl_dsa=no
if test ! -z "$enable_dsa" ; then
AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
[ openssl_dsa=yes ],
[ #include <openssl/opensslconf.h> ]
)
],
[ #include <openssl/opensslconf.h> ]
)
AC_MSG_CHECKING([whether to enable DSA key support])
if test "x$openssl_dsa" = "xno"; then
AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
else
AC_MSG_RESULT([yes])
AC_DEFINE([WITH_DSA], [1],
[DSA keys explicitly enabled])
fi
fi
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
@ -5286,6 +5344,16 @@ AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
[Specify location of ssh.pid])
AC_SUBST([piddir])
AC_ARG_ENABLE([fd-passing],
[ --disable-fd-passing disable file descriptor passsing [no]],
[
if test "x$enableval" = "xno" ; then
AC_DEFINE([DISABLE_FD_PASSING])
fi
]
)
dnl allow user to disable some login recording features
AC_ARG_ENABLE([lastlog],
[ --disable-lastlog disable use of lastlog even if detected [no]],
@ -5573,6 +5641,15 @@ AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
# Binaries for interop tests.
AC_PATH_PROG([PLINK], [plink])
AC_PATH_PROG([PUTTYGEN], [puttygen])
AC_PATH_PROG([CONCH], [conch])
AC_PATH_PROG([DROPBEAR], [dropbear])
AC_PATH_PROG([DBCLIENT], [dbclient])
AC_PATH_PROG([DROPBEARKEY], [dropbearkey])
AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert])
CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"

35
contrib/redhat/openssh.spec
View File

@ -1,4 +1,4 @@
%global ver 9.2p1
%global ver 9.8p1
%global rel 1%{?dist}
# OpenSSH privilege separation requires a user & group ID
@ -31,10 +31,13 @@
%global build6x 1
%endif
%if 0%{?fedora} >= 26
%global compat_openssl 1
%else
%global compat_openssl 0
%global without_openssl 0
# build without openssl where 1.1.1 is not available
%if 0%{?fedora} <= 28
%global without_openssl 1
%endif
%if 0%{?rhel} <= 7
%global without_openssl 1
%endif
# Do we want kerberos5 support (1=yes 0=no)
@ -96,11 +99,8 @@ PreReq: initscripts >= 5.00
Requires: initscripts >= 5.20
%endif
BuildRequires: perl
%if %{compat_openssl}
BuildRequires: compat-openssl10-devel
%else
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: openssl-devel < 1.1
%if ! %{without_openssl}
BuildRequires: openssl-devel >= 1.1.1
%endif
BuildRequires: /bin/login
%if ! %{build6x}
@ -214,6 +214,9 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
--mandir=%{_mandir} \
--with-mantype=man \
--disable-strip \
%if %{without_openssl}
--without-openssl \
%endif
%if %{scard}
--with-smartcard \
%endif
@ -272,11 +275,7 @@ make install DESTDIR=$RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
%if %{build6x}
install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
%else
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
%endif
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
%if ! %{no_x11_askpass}
@ -394,6 +393,7 @@ fi
%defattr(-,root,root)
%dir %attr(0111,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-session
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
@ -423,6 +423,11 @@ fi
%endif
%changelog
* Mon Oct 16 2023 Fabio Pedretti <pedretti.fabio@gmail.com>
- Remove reference of dropped sshd.pam.old file
- Update openssl-devel dependency to require >= 1.1.1
- Build with --without-openssl elsewhere
* Thu Oct 28 2021 Damien Miller <djm@mindrot.org>
- Remove remaining traces of --with-md5-passwords

75
contrib/ssh-copy-id
View File

@ -1,6 +1,7 @@
#!/bin/sh
# Copyright (c) 1999-2020 Philip Hands <phil@hands.com>
# Copyright (c) 1999-2023 Philip Hands <phil@hands.com>
# 2021 Carlos Rodríguez Gili <carlos.rodriguez-gili@upc.edu>
# 2020 Matthias Blümel <blaimi@blaimi.de>
# 2017 Sebastien Boyron <seb@boyron.eu>
# 2013 Martin Kletzander <mkletzan@redhat.com>
@ -63,13 +64,15 @@ fi
# shellcheck disable=SC2010
DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
SSH="ssh -a -x"
TARGET_PATH=".ssh/authorized_keys"
umask 0177
usage () {
printf 'Usage: %s [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
printf 'Usage: %s [-h|-?|-f|-n|-s|-x] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [-t target_path] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
printf '\t-n: dry run -- no keys are actually copied\n' >&2
printf '\t-s: use sftp -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp\n' >&2
printf '\t-x: debug -- enables -x in this shell, for debugging\n' >&2
printf '\t-h|-?: print this help\n' >&2
exit 1
}
@ -112,7 +115,7 @@ if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then
GET_ID="ssh-add -L"
fi
while getopts "i:o:p:F:fnsh?" OPT
while getopts "i:o:p:F:t:fnsxh?" OPT
do
case "$OPT" in
i)
@ -123,8 +126,8 @@ do
SEEN_OPT_I="yes"
use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}"
;;
o|p|F)
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }-$OPT '$(quote "${OPTARG}")'"
o|F)
OPTS_oF="${OPTS_oF:+$OPTS_oF }-$OPT '$(quote "${OPTARG}")'"
;;
f)
FORCED=1
@ -132,14 +135,24 @@ do
n)
DRY_RUN=1
;;
p)
SSH_PORT=${OPTARG}
;;
s)
SFTP=sftp
;;
t)
TARGET_PATH="${OPTARG}"
;;
x)
SET_X="set -x;"
set -x
;;
h|\?)
usage
;;
esac
done
done
#shift all args to keep only USER_HOST
shift $((OPTIND-1))
@ -151,10 +164,10 @@ if [ $# != 1 ] ; then
usage
fi
# drop trailing colon
USER_HOST="$*"
# tack the hostname onto SSH_OPTS
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
OPTS_USER_HOST="${OPTS_oF:+$OPTS_oF }'$(quote "$USER_HOST")'"
SSH_OPTS="${SSH_PORT:+-p $SSH_PORT }$OPTS_USER_HOST"
# and populate "$@" for later use (only way to get proper quoting of options)
eval set -- "$SSH_OPTS"
@ -234,12 +247,8 @@ populate_new_ids() {
}
# installkey_sh [target_path]
# produce a one-liner to add the keys to remote authorized_keys file
# optionally takes an alternative path for authorized_keys
# produce a one-liner to add the keys to remote $TARGET_PATH
installkeys_sh() {
AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
# In setting INSTALLKEYS_SH:
# the tr puts it all on one line (to placate tcsh)
# (hence the excessive use of semi-colons (;) )
@ -248,15 +257,21 @@ installkeys_sh() {
# the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
# the cat adds the keys we're getting via STDIN
# and if available restorecon is used to restore the SELinux context
# OpenWrt has a special case for root only.
INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
$SET_X
cd;
umask 077;
mkdir -p "${AUTH_KEY_DIR}" &&
{ [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] ||
echo >> "${AUTH_KEY_FILE}" || exit 1; } &&
cat >> "${AUTH_KEY_FILE}" || exit 1;
AUTH_KEY_FILE="${TARGET_PATH}";
[ -f /etc/openwrt_release ] && [ "\$LOGNAME" = "root" ] &&
AUTH_KEY_FILE=/etc/dropbear/authorized_keys;
AUTH_KEY_DIR=\`dirname "\${AUTH_KEY_FILE}"\`;
mkdir -p "\${AUTH_KEY_DIR}" &&
{ [ -z "\`tail -1c "\${AUTH_KEY_FILE}" 2>/dev/null\`" ] ||
echo >> "\${AUTH_KEY_FILE}" || exit 1; } &&
cat >> "\${AUTH_KEY_FILE}" || exit 1;
if type restorecon >/dev/null 2>&1; then
restorecon -F "${AUTH_KEY_DIR}" "${AUTH_KEY_FILE}";
restorecon -F "\${AUTH_KEY_DIR}" "\${AUTH_KEY_FILE}";
fi
EOF
)
@ -267,6 +282,8 @@ installkeys_sh() {
#shellcheck disable=SC2120 # the 'eval set' confuses this
installkeys_via_sftp() {
AUTH_KEY_FILE=${TARGET_PATH}
AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
# repopulate "$@" inside this function
eval set -- "$SSH_OPTS"
@ -278,17 +295,17 @@ installkeys_via_sftp() {
#shellcheck disable=SC2064
trap "$L_CLEANUP" EXIT TERM INT QUIT
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
-get .ssh/authorized_keys $L_KEYS
-get "$AUTH_KEY_FILE" "$L_KEYS"
EOF
# add a newline or create file if it's missing, same like above
[ -z "$(tail -1c "$L_KEYS" 2>/dev/null)" ] || echo >> "$L_KEYS"
# append the keys being piped in here
cat >> "$L_KEYS"
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
-mkdir .ssh
chmod 700 .ssh
put $L_KEYS .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
-mkdir "$AUTH_KEY_DIR"
chmod 700 "$AUTH_KEY_DIR"
put $L_KEYS "$AUTH_KEY_FILE"
chmod 600 "$AUTH_KEY_FILE"
EOF
#shellcheck disable=SC2064
eval "$L_CLEANUP" && trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
@ -332,15 +349,8 @@ case "$REMOTE_VERSION" in
exit 1
fi
;;
dropbear*)
populate_new_ids 0
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
$SSH "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \
|| exit 1
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
;;
*)
# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
# Assuming that the remote host treats $TARGET_PATH as one might expect
populate_new_ids 0
if ! [ "$DRY_RUN" ] ; then
printf '%s\n' "$NEW_IDS" | \
@ -364,11 +374,12 @@ if [ "$DRY_RUN" ] ; then
=-=-=-=-=-=-=-=
EOF
else
[ -z "$SFTP" ] || PORT_OPT=P
cat <<-EOF
Number of key(s) added: $ADDED
Now try logging into the machine, with: "${SFTP:-ssh} $SSH_OPTS"
Now try logging into the machine, with: "${SFTP:-ssh}${SSH_PORT:+ -${PORT_OPT:-p} $SSH_PORT} ${OPTS_USER_HOST}"
and check to make sure that only the key(s) you wanted were added.
EOF

79
contrib/ssh-copy-id.1
View File

@ -1,5 +1,5 @@
.ig \" -*- nroff -*-
Copyright (c) 1999-2020 hands.com Ltd. <http://hands.com/>
Copyright (c) 1999-2023 hands.com Ltd. <http://hands.com/>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
@ -32,9 +32,11 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.Op Fl f
.Op Fl n
.Op Fl s
.Op Fl x
.Op Fl i Op Ar identity_file
.Op Fl p Ar port
.Op Fl o Ar ssh_option
.Op Fl t Ar target_path
.Op Ar user Ns @ Ns
.Ar hostname
.Nm
@ -46,17 +48,20 @@ is a script that uses
.Xr ssh 1
to log into a remote machine (presumably using a login password,
so password authentication should be enabled, unless you've done some
clever use of multiple identities). It assembles a list of one or more
fingerprints (as described below) and tries to log in with each key, to
see if any of them are already installed (of course, if you are not using
clever use of multiple identities).
It assembles a list of one or more fingerprints (as described below)
and tries to log in with each key,
to see if any of them are already installed (of course, if you are not using
.Xr ssh-agent 1
this may result in you being repeatedly prompted for pass-phrases).
It then assembles a list of those that failed to log in, and using ssh,
enables logins with those keys on the remote server. By default it adds
the keys by appending them to the remote user's
It then assembles a list of those that failed to log in and, using
.Xr ssh 1 ,
enables logins with those keys on the remote server.
By default it adds the keys by appending them to the remote user's
.Pa ~/.ssh/authorized_keys
(creating the file, and directory, if necessary). It is also capable
of detecting if the remote system is a NetScreen, and using its
(creating the file, and directory, if necessary).
It is also capable of detecting if the remote system is a NetScreen,
and using its
.Ql set ssh pka-dsa key ...
command instead.
.Pp
@ -71,7 +76,8 @@ or in the
.Ic default_ID_file ) .
If the filename does not end in
.Pa .pub
this is added. If the filename is omitted, the
this is added.
If the filename is omitted, the
.Ic default_ID_file
is used.
.Pp
@ -80,37 +86,51 @@ comment one prefers and/or extra options applied, by ensuring that the
key file has these set as preferred before the copy is attempted.
.It Fl f
Forced mode: doesn't check if the keys are present on the remote server.
This means that it does not need the private key. Of course, this can result
in more than one copy of the key being installed on the remote system.
This means that it does not need the private key.
Of course, this can result in more than one copy of the key being installed
on the remote system.
.It Fl n
do a dry-run. Instead of installing keys on the remote system simply
do a dry-run.
Instead of installing keys on the remote system simply
prints the key(s) that would have been installed.
.It Fl s
SFTP mode: usually the public keys are installed by executing commands on the remote side.
SFTP mode: usually the public keys are installed
by executing commands on the remote side.
With this option the user's
.Pa ~/.ssh/authorized_keys
file will be downloaded, modified locally and uploaded with sftp.
This option is useful if the server has restrictions on commands which can be used on the remote side.
.It Fl h , Fl ?
Print Usage summary
This option is useful if the server has restrictions
on commands which can be used on the remote side.
.It Fl t Ar target_path
the path on the target system where the keys should be added
(defaults to ".ssh/authorized_keys")
.It Fl p Ar port , Fl o Ar ssh_option
These two options are simply passed through untouched, along with their
argument, to allow one to set the port or other
.Xr ssh 1
options, respectively.
.Pp
Rather than specifying these as command line options, it is often better to use (per-host) settings in
Rather than specifying these as command line options,
it is often better to use (per-host) settings in
.Xr ssh 1 Ns 's
configuration file:
.Xr ssh_config 5 .
.It Fl x
This option is for debugging the
.Nm
script itself.
It sets the shell's -x flag, so that you can see the commands being run.
.It Fl h , Fl ?
Print Usage summary
.El
.Pp
Default behaviour without
.Fl i ,
is to check if
.Ql ssh-add -L
provides any output, and if so those keys are used. Note that this results in
the comment on the key being the filename that was given to
provides any output, and if so those keys are used.
Note that this results in the comment on the key
being the filename that was given to
.Xr ssh-add 1
when the key was loaded into your
.Xr ssh-agent 1
@ -131,16 +151,16 @@ so if you create a key that is not the one you want
.Nm
to use, just use
.Xr touch 1
on your preferred key's
on your preferred key's
.Pa .pub
file to reinstate it as the most recent.
.Pp
.Sh EXAMPLES
If you have already installed keys from one system on a lot of remote
hosts, and you then create a new key, on a new client machine, say,
it can be difficult to keep track of which systems on which you've
installed the new key. One way of dealing with this is to load both
the new key and old key(s) into your
installed the new key.
One way of dealing with this is to load both the new key and old key(s)
into your
.Xr ssh-agent 1 .
Load the new key first, without the
.Fl c
@ -162,7 +182,9 @@ asked for confirmation, which is your cue to log back out and run
.Pp
.D1 user@newclient$ ssh-copy-id -i someserver
.Pp
The reason you might want to specify the -i option in this case is to
The reason you might want to specify the
.Fl i
option in this case is to
ensure that the comment on the installed key is the one from the
.Pa .pub
file, rather than just the filename that was loaded into your agent.
@ -180,15 +202,16 @@ option, you might consider using this whenever using agent forwarding
to avoid your key being hijacked, but it is much better to instead use
.Xr ssh 1 Ns 's
.Ar ProxyCommand
and
and
.Fl W
option,
to bounce through remote servers while always doing direct end-to-end
authentication. This way the middle hop(s) don't get access to your
authentication.
This way the middle hop(s) don't get access to your
.Xr ssh-agent 1 .
A web search for
.Ql ssh proxycommand nc
should prove enlightening (N.B. the modern approach is to use the
should prove enlightening (NB the modern approach is to use the
.Fl W
option, rather than
.Xr nc 1 ) .

3
contrib/suse/openssh.spec
View File

@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 9.2p1
Version: 9.8p1
URL: https://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
@ -211,6 +211,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %dir %{_libdir}/ssh
%attr(0755,root,root) %{_libdir}/ssh/sftp-server
%attr(0755,root,root) %{_libdir}/ssh/sshd-session
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libdir}/ssh/ssh-sk-helper

1
contrib/win32/install/client.wxs
View File

@ -3,7 +3,6 @@
<!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
<ComponentGroup Id="Client" Directory="INSTALLFOLDER">
<ComponentGroupRef Id="Shared" />
<ComponentGroupRef Id="Manifest" />
<Component>
<File Name="ssh.exe" KeyPath="yes" />
</Component>

13
contrib/win32/install/openssh.wixproj
View File

@ -14,8 +14,11 @@
ProductVersion=$(ProductVersion);
</DefineConstants>
<DefineSolutionProperties>false</DefineSolutionProperties>
<!-- This is sufficient for x86 and x64 but gets overwritten below for ARM64 -->
<WixTargetsPath Condition="'$(WixTargetsPath)' == ''">$(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath>
<!-- Assumes WixToolPath is an input provided at runtime -->
<!-- If building x86/x64 MSI and have Wix 3.11 installed, can also try the below line instead -->
<!-- WixTargetsPath Condition="'$(WixTargetsPath)' == ''">$(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath -->
<WixTargetsPath>$(WixToolPath)Wix.targets</WixTargetsPath>
<WixTasksPath>$(WixToolPath)wixtasks.dll</WixTasksPath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)' == 'Debug'">
@ -25,12 +28,6 @@
</DefineConstants>
</PropertyGroup>
<PropertyGroup Condition="'$(Platform)' == 'ARM64'">
<!-- Assumes WixToolPath input is provided at runtime -->
<WixTargetsPath>$(WixToolPath)Wix.targets</WixTargetsPath>
<WixTasksPath>$(WixToolPath)wixtasks.dll</WixTasksPath>
</PropertyGroup>
<ItemGroup>
<BindInputPaths Include="..\..\..\bin\$(Platform)\$(Configuration)" />
</ItemGroup>

6
contrib/win32/install/product.wxs
View File

@ -38,11 +38,7 @@
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="$(var.ProgramFilesFolder)" Name="Program Files">
<Directory Id="INSTALLFOLDER" Name="OpenSSH" >
<Directory Id="MANIFESTFOLDER" Name="_manifest" >
<Directory Id="SPDXFOLDER" Name="spdx_2.2" />
</Directory>
</Directory>
<Directory Id="INSTALLFOLDER" Name="OpenSSH" />
</Directory>
</Directory>
</Product>

5
contrib/win32/install/server.wxs
View File

@ -3,13 +3,15 @@
<!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
<ComponentGroup Id="Server" Directory="INSTALLFOLDER">
<ComponentGroupRef Id="Shared" />
<ComponentGroupRef Id="Manifest" />
<Component>
<File Name="sftp-server.exe" KeyPath="yes" />
</Component>
<Component>
<File Name="ssh-shellhost.exe" KeyPath="yes" />
</Component>
<Component>
<File Name="sshd-session.exe" KeyPath="yes" />
</Component>
<Component>
<File Id="sshd.exe" Name="sshd.exe" KeyPath="yes" />
<RegistryKey Root="HKLM" Key="SOFTWARE\OpenSSH" ForceCreateOnInstall="yes">
@ -49,6 +51,7 @@
Protocol="tcp"
Port="22"
Scope="any"
Profile="private"
/>
</Component>
<Component>

9
contrib/win32/install/shared.wxs
View File

@ -70,15 +70,6 @@
</Component>
</ComponentGroup>
<ComponentGroup Id="Manifest" Directory="SPDXFOLDER">
<Component>
<File Name="manifest.spdx.json" Source="_manifest\spdx_2.2\manifest.spdx.json" KeyPath="yes" />
</Component>
<Component>
<File Name="manifest.spdx.json.sha256" Source="_manifest\spdx_2.2\manifest.spdx.json.sha256" KeyPath="yes" />
</Component>
</ComponentGroup>
<!-- Automatically add custom actions if referencing the Shared component group. -->
<SetProperty Id="SetPrivilegesOnSshAgent" Value="&quot;[SystemFolder]sc.exe&quot; privs ssh-agent SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege" Sequence="execute" Before="SetPrivilegesOnSshAgent" />
<CustomAction Id="SetPrivilegesOnSshAgent" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />

10
contrib/win32/openssh/DockerFile
View File

@ -1,10 +0,0 @@
# escape=`
#0.3.6 (no powershell 6)
FROM balu1202/openssh-dockerbuildimage-ltsc2019-new:latest
SHELL ["PowerShell.exe", "-command"]
RUN Set-ExecutionPolicy Unrestricted
COPY ./OpenSSH-build.ps1 /OpenSSH-build.ps1
ENTRYPOINT ["powershell", "-executionpolicy", "unrestricted"]

2
contrib/win32/openssh/OpenSSH-build.ps1
View File

@ -1,7 +1,7 @@
[cmdletbinding()]
# PowerShell Script to clone, build and package PowerShell from specified fork and branch
param (
[string] $repolocation = "$pwd\openssh-portable",
[string] $repolocation = "$PSScriptRoot\..\..\..",
[string] $destination = "$env:WORKSPACE",
[ValidateSet('x86', 'x64', 'arm64', 'arm')]
[String]$NativeHostArch = 'x64',

394
contrib/win32/openssh/OpenSSHBuildHelper.psm1
View File

@ -144,43 +144,14 @@ function Start-OpenSSHBootstrap
param(
[ValidateSet('x86', 'x64', 'arm64', 'arm')]
[string]$NativeHostArch = "x64",
[switch]$OneCore)
[bool] $silent = -not $script:Verbose
Write-BuildMsg -AsInfo -Message "Checking tools and dependencies" -Silent:$silent
$Win10SDKVerChoco = "10.1.17763.1"
$machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE')
$newMachineEnvironmentPath = $machinePath
# Install chocolatey
$chocolateyPath = "$env:AllUsersProfile\chocolatey\bin"
if(Get-Command choco -ErrorAction SilentlyContinue)
{
Write-BuildMsg -AsVerbose -Message "Chocolatey is already installed. Skipping installation." -Silent:$silent
}
else
{
Write-BuildMsg -AsInfo -Message "Chocolatey not present. Installing chocolatey." -Silent:$silent
Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) 2>&1 >> $script:BuildLogFile
}
if (-not ($machinePath.ToLower().Contains($chocolateyPath.ToLower())))
{
Write-BuildMsg -AsVerbose -Message "Adding $chocolateyPath to Path environment variable" -Silent:$silent
$newMachineEnvironmentPath = "$chocolateyPath;$newMachineEnvironmentPath"
if(-not ($env:Path.ToLower().Contains($chocolateyPath.ToLower())))
{
$env:Path = "$chocolateyPath;$env:Path"
}
}
else
{
Write-BuildMsg -AsVerbose -Message "$chocolateyPath already present in Path environment variable" -Silent:$silent
}
# Add git\cmd to the path
$machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE')
$newMachineEnvironmentPath = $machinePath
$gitCmdPath = "$env:ProgramFiles\git\cmd"
if (-not ($machinePath.ToLower().Contains($gitCmdPath.ToLower())))
{
@ -196,10 +167,6 @@ function Start-OpenSSHBootstrap
Write-BuildMsg -AsVerbose -Message "$gitCmdPath already present in Path environment variable" -Silent:$silent
}
$VS2019Path = Get-VS2019BuildToolPath
$VS2017Path = Get-VS2017BuildToolPath
$VS2015Path = Get-VS2015BuildToolPath
# Update machine environment path
if ($newMachineEnvironmentPath -ne $machinePath)
{
@ -207,12 +174,12 @@ function Start-OpenSSHBootstrap
}
$sdkVersion = Get-Windows10SDKVersion
if ($null -eq $sdkVersion)
{
Get-Chocolatey
$packageName = "windows-sdk-10.1"
Write-BuildMsg -AsInfo -Message "$packageName not present. Installing $packageName ..."
choco install $packageName --version=$Win10SDKVerChoco -y --force --limitoutput --execution-timeout 120 2>&1 >> $script:BuildLogFile
choco install $packageName -y --force --limitoutput --execution-timeout 120 2>&1 >> $script:BuildLogFile
# check that sdk was properly installed
$sdkVersion = Get-Windows10SDKVersion
if($null -eq $sdkVersion)
@ -221,121 +188,98 @@ function Start-OpenSSHBootstrap
}
}
# Using the Win 10 SDK, the x86/x64 builds with VS2015 need vctargetspath to be set.
# For clarity, we set vctargetspath for the arm32/arm64 builds, as well, but it is not required.
if (($NativeHostArch -eq 'x86') -or ($NativeHostArch -eq 'x64'))
{
$env:vctargetspath = "${env:ProgramFiles(x86)}\MSBuild\Microsoft.Cpp\v4.0\v140"
if (-not (Test-Path $env:vctargetspath))
{
Write-BuildMsg -AsInfo -Message "installing visualcpp-build-tools"
choco install visualcpp-build-tools --version 14.0.25420.1 -y --force --limitoutput --execution-timeout 120 2>&1 >> $script:BuildLogFile
# check that build-tools were properly installed
if(-not (Test-Path $env:vctargetspath))
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "visualcpp-build-tools installation failed with error code $LASTEXITCODE."
}
}
$VisualStudioPath = Get-VisualStudioPath -NativeHostArch $NativeHostArch
Write-Host $VisualStudioPath
if ($null -ne $VisualStudioPath) {
$MSBuildPath = Get-MSBuildPath -VSInstallPath $VisualStudioPath
}
else
{
# msbuildtools have a different path for visual studio versions older than 2017
# for visual studio versions newer than 2017, logic needs to be expanded to update the year in the path accordingly
if ($VS2019Path -or $VS2017Path)
{
$VSPathYear = "2017"
if ($VS2019Path)
{
$VSPathYear = "2019"
}
$env:vctargetspath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\${VSPathYear}\BuildTools\Common7\IDE\VC\VCTargets"
}
else {
$MSBuildPath = Get-VS2015BuildToolPath
}
# check for corresponding build tools in the following VS order: 2019, 2017, 2015
# environment variable is set upon install up until VS2015 but not for newer versions
if ($VS2019Path)
if ($MSBuildPath | Select-String "2022")
{
$env:vctargetspath = Join-Path $VisualStudioPath "MSBuild\Microsoft\VC\v170\"
if ($null -eq $env:VS170COMNTOOLS)
{
$env:VS170COMNTOOLS = Get-BuildToolPath -VSInstallPath $VisualStudioPath -version "2022"
}
elseif (-not (Test-Path $env:VS170COMNTOOLS))
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "$env:VS170COMNTOOLS build tools path is invalid"
}
$VSBuildToolsPath = Get-Item(Join-Path $VisualStudioPath 'vc/auxiliary/build')
}
elseif ($MSBuildPath | Select-String "2019")
{
$env:vctargetspath = Join-Path $VisualStudioPath "Common7\IDE\VC\VCTargets"
Write-BuildMsg -AsVerbose -Message "Setting vctargetspath env var to ${env:vctargetspath}"
if ($null -eq $env:VS160COMNTOOLS)
{
$env:VS160COMNTOOLS = Get-BuildToolPath -VSInstallPath $VS2019Path -version "2019"
$env:VS160COMNTOOLS = Get-BuildToolPath -VSInstallPath $VisualStudioPath -version "2019"
}
elseif (-not (Test-Path $env:VS160COMNTOOLS))
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "$env:VS160COMNTOOLS build tools path is invalid"
}
$VSBuildToolsPath = Get-Item(Join-Path -Path $env:VS160COMNTOOLS -ChildPath '../../vc/auxiliary/build')
$VSBuildToolsPath = Get-Item(Join-Path $VisualStudioPath 'vc/auxiliary/build')
}
elseif ($VS2017Path)
elseif ($MSBuildPath | Select-String "2017")
{
$env:vctargetspath = Join-Path $VisualStudioPath "Common7\IDE\VC\VCTargets"
if ($null -eq $env:VS150COMNTOOLS)
{
$env:VS150COMNTOOLS = Get-BuildToolPath -VSInstallPath $VS2017Path -version "2017"
$env:VS150COMNTOOLS = Get-BuildToolPath -VSInstallPath $VisualStudioPath -version "2017"
}
elseif (-not (Test-Path $env:VS150COMNTOOLS))
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "$env:VS150COMNTOOLS build tools path is invalid"
}
$VSBuildToolsPath = Get-Item(Join-Path -Path $env:VS150COMNTOOLS -ChildPath '../../vc/auxiliary/build')
$VSBuildToolsPath = Get-Item(Join-Path $VisualStudioPath 'vc/auxiliary/build')
}
elseif (!$VS2015Path -or ($null -eq $env:VS140COMNTOOLS)) {
$packageName = "vcbuildtools"
Write-BuildMsg -AsInfo -Message "$packageName not present. Installing $packageName ..."
choco install $packageName -ia "/InstallSelectableItems VisualCppBuildTools_ATLMFC_SDK;VisualCppBuildTools_NETFX_SDK" -y --force --limitoutput --execution-timeout 120 2>&1 >> $script:BuildLogFile
$errorCode = $LASTEXITCODE
if ($errorCode -eq 3010)
{
Write-Host "The recent package changes indicate a reboot is necessary. please reboot the machine, open a new powershell window and call Start-SSHBuild or Start-OpenSSHBootstrap again." -ForegroundColor Black -BackgroundColor Yellow
Do {
$input = Read-Host -Prompt "Reboot the machine? [Yes] Y; [No] N (default is `"Y`")"
if([string]::IsNullOrEmpty($input))
{
$input = 'Y'
}
} until ($input -match "^(y(es)?|N(o)?)$")
[string]$ret = $Matches[0]
if ($ret.ToLower().Startswith('y'))
{
Write-BuildMsg -AsWarning -Message "restarting machine ..."
Restart-Computer -Force
exit
}
else
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "User choose not to restart the machine to apply the changes."
}
}
elseif($errorCode -ne 0)
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "$packageName installation failed with error code $errorCode."
}
$VSBuildToolsPath = Get-Item(Join-Path -Path $env:VS140COMNTOOLS -ChildPath '../../vc')
}
else
else
{
if($NativeHostArch.ToLower().Startswith('arm'))
{
#TODO: Install VS2019 or VS2017 build tools
Write-BuildMsg -AsError -ErrorAction Stop -Message "The required msbuild 15.0, or greater, is not installed on the machine."
}
$VSBuildToolsPath = Get-Item(Join-Path -Path $env:VS140COMNTOOLS -ChildPath '../../vc')
Write-BuildMsg -AsVerbose -Message 'VC++ 2015 Build Tools already present.'
}
if($NativeHostArch.ToLower().Startswith('arm') -and !$VS2019Path -and !$VS2017Path)
{
#TODO: Install VS2019 or VS2017 build tools
Write-BuildMsg -AsError -ErrorAction Stop -Message "The required msbuild 15.0 is not installed on the machine."
}
if($OneCore -or ($NativeHostArch.ToLower().Startswith('arm')))
{
$win10sdk = Get-Windows10SDKVersion
if($null -eq $win10sdk)
{
$packageName = "windows-sdk-10.1"
if (!$MSBuildPath -or ($null -eq $env:VS140COMNTOOLS)) {
Get-Chocolatey
$packageName = "vcbuildtools"
Write-BuildMsg -AsInfo -Message "$packageName not present. Installing $packageName ..."
choco install $packageName --version=$Win10SDKVerChoco --force --limitoutput --execution-timeout 120 2>&1 >> $script:BuildLogFile
$win10sdk = Get-Windows10SDKVersion
if($null -eq $win10sdk)
choco install $packageName -ia "/InstallSelectableItems VisualCppBuildTools_ATLMFC_SDK;VisualCppBuildTools_NETFX_SDK" -y --force --limitoutput --execution-timeout 120 2>&1 >> $script:BuildLogFile
$errorCode = $LASTEXITCODE
if ($errorCode -eq 3010)
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "$packageName installation failed with error code $LASTEXITCODE."
Write-Host "The recent package changes indicate a reboot is necessary. please reboot the machine, open a new powershell window and call Start-SSHBuild or Start-OpenSSHBootstrap again." -ForegroundColor Black -BackgroundColor Yellow
Do {
$input = Read-Host -Prompt "Reboot the machine? [Yes] Y; [No] N (default is `"Y`")"
if([string]::IsNullOrEmpty($input))
{
$input = 'Y'
}
} until ($input -match "^(y(es)?|N(o)?)$")
[string]$ret = $Matches[0]
if ($ret -like 'y*')
{
Write-BuildMsg -AsWarning -Message "restarting machine ..."
Restart-Computer -Force
exit
}
else
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "User choose not to restart the machine to apply the changes."
}
}
elseif($errorCode -ne 0)
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "$packageName installation failed with error code $errorCode."
}
$VSBuildToolsPath = Get-Item(Join-Path -Path $env:VS140COMNTOOLS -ChildPath '../../vc')
}
}
@ -373,7 +317,7 @@ function Start-OpenSSHPackage
}
$buildDir = Join-Path $repositoryRoot ("bin\" + $folderName + "\" + $Configuration)
$payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe"
$payload = "sshd.exe", "sshd-session.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe"
$payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe", "ssh-keyscan.exe", "ssh-sk-helper.exe", "ssh-pkcs11-helper.exe"
$payload += "sshd_config_default", "install-sshd.ps1", "uninstall-sshd.ps1"
$payload += "FixHostFilePermissions.ps1", "FixUserFilePermissions.ps1", "OpenSSHUtils.psm1", "OpenSSHUtils.psd1"
@ -580,11 +524,12 @@ function Start-OpenSSHBuild
(Get-Content $f).Replace('#define OPENSSL_HAS_NISTP521 1','') | Set-Content $f
}
$win10SDKVer = Get-Windows10SDKVersion
[XML]$xml = Get-Content $PathTargets
$xml.Project.PropertyGroup.WindowsSDKVersion = $win10SDKVer.ToString()
if($NativeHostArch.ToLower().Startswith('arm'))
{
$win10SDKVer = Get-Windows10SDKVersion
[XML]$xml = Get-Content $PathTargets
$xml.Project.PropertyGroup.WindowsSDKVersion = $win10SDKVer.ToString()
$arch = $NativeHostArch.ToUpper()
$nodeName = "WindowsSDKDesktop$($arch)Support"
$node = $xml.Project.PropertyGroup.ChildNodes | where {$_.Name -eq $nodeName}
@ -598,14 +543,14 @@ function Start-OpenSSHBuild
{
$node.InnerText = "true"
}
$xml.Save($PathTargets)
}
$xml.Save($PathTargets)
if($OneCore)
{
$win10SDKVer = Get-Windows10SDKVersion
[XML]$xml = Get-Content $PathTargets
$xml.Project.PropertyGroup.WindowsSDKVersion = $win10SDKVer.ToString()
$xml.Project.PropertyGroup.WindowsSDKVersion = $win10SDKVer
$xml.Project.PropertyGroup.AdditionalDependentLibs = 'onecore.lib;shlwapi.lib'
$xml.Project.PropertyGroup.MinimalCoreWin = 'true'
@ -625,22 +570,14 @@ function Start-OpenSSHBuild
$cmdMsg += "/noconlog"
}
if ($msbuildCmd = Get-VS2019BuildToolPath)
{
Write-BuildMsg -AsInfo -Message "Using MSBuild path: $msbuildCmd"
$VisualStudioPath = Get-VisualStudioPath -NativeHostArch $NativeHostArch
if ($null -ne $VisualStudioPath) {
$msbuildCmd = Get-MSBuildPath -VSInstallPath $VisualStudioPath
}
elseif ($msbuildCmd = Get-VS2017BuildToolPath)
{
Write-BuildMsg -AsInfo -Message "Using MSBuild path: $msbuildCmd"
}
elseif ($msbuildCmd = Get-VS2015BuildToolPath)
{
Write-BuildMsg -AsInfo -Message "Using MSBuild path: $msbuildCmd"
}
else
{
Write-BuildMsg -AsError -ErrorAction Stop -Message "MSBuild not found"
else {
$msbuildCmd = Get-VS2015BuildToolPath
}
Write-BuildMsg -AsInfo -Message "Using MSBuild path: $msbuildCmd"
Write-BuildMsg -AsInfo -Message "Starting Open SSH build; Build Log: $($script:BuildLogFile)."
Write-BuildMsg -AsInfo -Message "$msbuildCmd $cmdMsg"
@ -656,40 +593,6 @@ function Start-OpenSSHBuild
Write-BuildMsg -AsInfo -Message "SSH build successful."
}
function Get-VS2019BuildToolPath
{
# TODO: Should use vswhere: https://github.com/microsoft/vswhere/wiki/Find-MSBuild
$searchPath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2019\*\MSBuild\Current\Bin"
if($env:PROCESSOR_ARCHITECTURE -ieq "AMD64")
{
$searchPath += "\amd64"
}
$toolAvailable = @()
$toolAvailable += Get-ChildItem -path $searchPath\* -Filter "MSBuild.exe" -ErrorAction SilentlyContinue
if($toolAvailable.count -eq 0)
{
return $null
}
return $toolAvailable[0].FullName
}
function Get-VS2017BuildToolPath
{
# TODO: Should use vswhere: https://github.com/microsoft/vswhere/wiki/Find-MSBuild
$searchPath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\2017\*\MSBuild\15.0\Bin"
if($env:PROCESSOR_ARCHITECTURE -ieq "AMD64")
{
$searchPath += "\amd64"
}
$toolAvailable = @()
$toolAvailable += Get-ChildItem -path $searchPath\* -Filter "MSBuild.exe" -ErrorAction SilentlyContinue
if($toolAvailable.count -eq 0)
{
return $null
}
return $toolAvailable[0].FullName
}
function Get-VS2015BuildToolPath
{
$searchPath = "${env:ProgramFiles(x86)}\MSBuild\14.0\Bin"
@ -698,8 +601,63 @@ function Get-VS2015BuildToolPath
$searchPath += "\amd64"
}
$toolAvailable = @()
$toolAvailable += Get-ChildItem -path $searchPath\* -Filter "MSBuild.exe" -ErrorAction SilentlyContinue
if($toolAvailable.count -eq 0)
$toolAvailable = Get-ChildItem -path $searchPath\* -Filter "MSBuild.exe" -ErrorAction SilentlyContinue
if($null -eq $toolAvailable)
{
return $null
}
return $toolAvailable[0].FullName
}
function Get-VisualStudioPath {
param(
[Parameter(Mandatory = $true)]
[ValidateSet('x86', 'x64', 'arm64', 'arm')]
[string]$NativeHostArch
)
$vsWherePath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
if (Test-Path $vsWherePath) {
$requiredVCtools = 'Microsoft.VisualStudio.Component.VC.Tools.x86.x64'
if ($NativeHostArch -eq 'arm') {
$requiredVCtools = 'Microsoft.VisualStudio.Component.VC.Tools.ARM'
}
elseif ($NativeHostArch -eq 'arm64') {
$requiredVCtools = 'Microsoft.VisualStudio.Component.VC.Tools.ARM64'
}
write-host "$vsWherePath -products * -requires $requiredVCtools -property installationPath"
$VSPaths = (& $vsWherePath -products * -requires $requiredVCtools -property installationPath)
# for some reason, VSWhere does not seem to find MSBuild so check manually
if ($null -ne $VSPaths) {
foreach ($VSPath in $VSPaths) {
if (Get-MSBuildPath -VSInstallPath $VSPath) {
return $VSPath
}
}
# if none of the VS installs have MSBuild, then build cannot proceed
Write-BuildMsg -AsError -ErrorAction Stop -Message "Visual Studio with required components not found, please ensure Microsoft.VisualStudio.Workload.MSBuildTools are installed"
}
else {
Write-BuildMsg -AsError -ErrorAction Stop -Message "Visual Studio with required components not found, please ensure $requiredVCtools are installed"
}
}
else {
Write-BuildMsg -AsWarning -Message "VSWhere not found - please install VS 2017 Update 2, or newer, defaulting to Visual Studio 2015"
return $null
}
}
function Get-MSBuildPath {
param(
[Parameter(Mandatory = $true)]
[string]$VSInstallPath
)
$searchPath = "MSBuild\**\Bin\"
if($env:PROCESSOR_ARCHITECTURE -ieq "AMD64")
{
$searchPath += "\amd64"
}
$fullSearchPath = Join-Path $VSInstallPath $searchPath
$toolAvailable = Get-ChildItem -path $fullSearchPath\* -Filter "MSBuild.exe" -ErrorAction SilentlyContinue
if($null -eq $toolAvailable)
{
return $null
}
@ -708,15 +666,15 @@ function Get-VS2015BuildToolPath
function Get-BuildToolPath
{
param
(
[Parameter(Mandatory = $true)]
param (
[string]$VSInstallPath,
[string]$version)
[string]$version
)
$buildToolsPath = Get-Item(Join-Path -Path $VSInstallPath -ChildPath '../../../../../Common7/Tools/') | % {$_.FullName}
$buildToolsPath = Get-Item(Join-Path $VSInstallPath 'Common7/Tools/') | % {$_.FullName}
if (-not (Test-Path $buildToolsPath))
{
Get-Chocolatey
# assumes package name follows this format, as 2019 and 2017 both do
$packageName = "visualstudio" + $version + "-workload-vctools"
Write-BuildMsg -AsInfo -Message "$packageName not present. Installing $packageName ..."
@ -732,16 +690,23 @@ function Get-BuildToolPath
function Get-Windows10SDKVersion
{
#Temporary fix - Onecore builds are failing with latest windows 10 SDK (10.0.18362.0)
$requiredSDKVersion = [version]"10.0.17763.0"
## Search for latest windows sdk available on the machine
$windowsSDKPath = Join-Path ${env:ProgramFiles(x86)} "Windows Kits\10\bin\$requiredSDKVersion\x86\register_app.vbs"
if (test-path $windowsSDKPath) {
return $requiredSDKVersion
}
else {
return $null
}
## Search for latest windows sdk available on the machine
$windowsSDKPath = Join-Path ${env:ProgramFiles(x86)} "Windows Kits\10\Lib"
$minSDKVersion = [version]"10.0.17763.0"
$versionsAvailable = @()
$versionsAvailable = Get-ChildItem $windowsSDKPath | ? {$_.Name.StartsWith("10.")} | % {$version = [version]$_.Name; if(($version.CompareTo($minSDKVersion) -ge 0)) {$version.ToString()}}
if($null -eq $versionsAvailable)
{
return $null
}
$versionsAvailable = $versionsAvailable | Sort-Object -Descending
foreach ($version in $versionsAvailable) {
$windowsSDKPath = Join-Path ${env:ProgramFiles(x86)} "Windows Kits\10\bin\$version\x86\register_app.vbs"
if (test-path $windowsSDKPath) {
return $version
}
}
return $null
}
function Get-BuildLogFile
@ -782,6 +747,41 @@ function Get-SolutionFile
}
}
function Get-Chocolatey {
# Install chocolatey
$chocolateyPath = "$env:AllUsersProfile\chocolatey\bin"
if(Get-Command choco -ErrorAction SilentlyContinue)
{
Write-BuildMsg -AsVerbose -Message "Chocolatey is already installed. Skipping installation." -Silent:$silent
}
else
{
Write-BuildMsg -AsInfo -Message "Chocolatey not present. Installing chocolatey." -Silent:$silent
Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) 2>&1 >> $script:BuildLogFile
}
$machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE')
$newMachineEnvironmentPath = $machinePath
if (-not ($machinePath.ToLower().Contains($chocolateyPath.ToLower())))
{
Write-BuildMsg -AsVerbose -Message "Adding $chocolateyPath to Path environment variable" -Silent:$silent
$newMachineEnvironmentPath = "$chocolateyPath;$newMachineEnvironmentPath"
if(-not ($env:Path.ToLower().Contains($chocolateyPath.ToLower())))
{
$env:Path = "$chocolateyPath;$env:Path"
}
}
else
{
Write-BuildMsg -AsVerbose -Message "$chocolateyPath already present in Path environment variable" -Silent:$silent
}
# Update machine environment path
if ($newMachineEnvironmentPath -ne $machinePath)
{
[Environment]::SetEnvironmentVariable('Path', $newMachineEnvironmentPath, 'MACHINE')
}
}
Export-ModuleMember -Function Start-OpenSSHBuild, Get-BuildLogFile, Start-OpenSSHPackage, Copy-OpenSSHUnitTests

65
contrib/win32/openssh/Win32-OpenSSH.sln
View File

@ -1,13 +1,13 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.27027.1
# Visual Studio Version 17
VisualStudioVersion = 17.10.35027.167
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh", "ssh.vcxproj", "{74E69D5E-A1EF-46EA-9173-19A412774104}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libssh", "libssh.vcxproj", "{05E1115F-8529-46D0-AAAF-52A404CE79A7}"
@ -23,33 +23,33 @@ EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-keygen", "keygen.vcxproj", "{47496135-131B-41D6-BF2B-EE7144873DD0}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sftp", "sftp.vcxproj", "{BBEFF9D7-0BC3-41D1-908B-8052158B5052}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sftp-server", "sftp-server.vcxproj", "{6657614F-7821-4D55-96EF-7C3C4B551880}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sshd", "sshd.vcxproj", "{F58FF6BA-098B-4DB9-9609-A030DFB4D03F}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "config", "config.vcxproj", "{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}"
@ -68,72 +68,72 @@ EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-agent", "ssh-agent.vcxproj", "{F6644EC5-D6B6-42A1-828C-75E2977470E0}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-add", "ssh-add.vcxproj", "{029797FF-C986-43DE-95CD-2E771E86AEBC}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "scp", "scp.vcxproj", "{29B98ADF-1285-49CE-BF6C-AA92C5D2FB24}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-bitmap", "unittest-bitmap.vcxproj", "{D901596E-76C7-4608-9CFA-2B42A9FD7250}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-kex", "unittest-kex.vcxproj", "{8EC56B06-5A9A-4D6D-804D-037FE26FD43E}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-sshbuf", "unittest-sshbuf.vcxproj", "{CD9740CE-C96E-49B3-823F-012E09D17806}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-win32compat", "unittest-win32compat.vcxproj", "{BF295BA9-4BF8-43F8-8CBF-FAE84815466C}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-hostkeys", "unittest-hostkeys.vcxproj", "{890C6129-286F-4CD8-8252-FB8D3B4E6E1B}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-sshkey", "unittest-sshkey.vcxproj", "{FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "core", "core", "{17322AAF-808F-4646-AD37-5B0EDDCB8F3E}"
@ -143,41 +143,49 @@ EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-match", "unittest-match.vcxproj", "{484A8CDE-B949-4BDA-B447-74685C8E032F}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-misc", "unittest-misc.vcxproj", "{0B527504-2AF5-4E6E-A84F-10BADFAEDA88}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-keyscan", "ssh-keyscan.vcxproj", "{7D0A75FC-F366-4B60-B72F-B37C3EA07CCA}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-sk-helper", "ssh-sk-helper.vcxproj", "{7D0A75FC-F366-4B60-B72F-B37C3EA07CCB}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-pkcs11-helper", "ssh-pkcs11-helper.vcxproj", "{21D772C3-0EB0-47B7-A93C-FF624675A58D}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sshd-session", "sshd-session.vcxproj", "{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}"
ProjectSection(ProjectDependencies) = postProject
{05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7}
{0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0}
{8F9D3B74-8D33-448E-9762-26E8DCC6B2F4} = {8F9D3B74-8D33-448E-9762-26E8DCC6B2F4}
{DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174}
EndProjectSection
EndProject
Global
@ -576,6 +584,22 @@ Global
{21D772C3-0EB0-47B7-A93C-FF624675A58D}.Release|x64.Build.0 = Release|x64
{21D772C3-0EB0-47B7-A93C-FF624675A58D}.Release|x86.ActiveCfg = Release|Win32
{21D772C3-0EB0-47B7-A93C-FF624675A58D}.Release|x86.Build.0 = Release|Win32
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM.ActiveCfg = Debug|ARM
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM.Build.0 = Debug|ARM
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM64.ActiveCfg = Debug|ARM64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|ARM64.Build.0 = Debug|ARM64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x64.ActiveCfg = Debug|x64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x64.Build.0 = Debug|x64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x86.ActiveCfg = Debug|Win32
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Debug|x86.Build.0 = Debug|Win32
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM.ActiveCfg = Release|ARM
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM.Build.0 = Release|ARM
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM64.ActiveCfg = Release|ARM64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|ARM64.Build.0 = Release|ARM64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x64.ActiveCfg = Release|x64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x64.Build.0 = Release|x64
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x86.ActiveCfg = Release|Win32
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@ -605,6 +629,7 @@ Global
{7D0A75FC-F366-4B60-B72F-B37C3EA07CCA} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
{7D0A75FC-F366-4B60-B72F-B37C3EA07CCB} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
{21D772C3-0EB0-47B7-A93C-FF624675A58D} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
{86D5F580-EFB0-4BEA-96B7-7181F9BC6171} = {17322AAF-808F-4646-AD37-5B0EDDCB8F3E}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {0AC224E8-C215-4270-954A-A2ACEE06DE58}

15
contrib/win32/openssh/config.h.vs
View File

@ -102,7 +102,7 @@
/* Define if your platform needs to skip post auth
file descriptor passing */
/* #undef DISABLE_FD_PASSING */
#define DISABLE_FD_PASSING
/* Define if you don't want to use lastlog */
/* #undef DISABLE_LASTLOG */
@ -207,13 +207,13 @@
/* #undef HAVE_ADDR_V6_IN_UTMPX */
/* Define to 1 if you have the `arc4random' function. */
#define HAVE_ARC4RANDOM 1
/* #undef HAVE_ARC4RANDOM */
/* Define to 1 if you have the `arc4random_buf' function. */
#define HAVE_ARC4RANDOM_BUF 1
/* #undef HAVE_ARC4RANDOM_BUF */
/* Define to 1 if you have the `arc4random_uniform' function. */
#define HAVE_ARC4RANDOM_UNIFORM 1
/* #undef HAVE_ARC4RANDOM_UNIFORM */
/* Define to 1 if you have the `asprintf' function. */
/* #undef HAVE_ASPRINTF */
@ -349,7 +349,7 @@
/* #undef HAVE_DEV_PTS_AND_PTC */
/* Define to 1 if you have the <dirent.h> header file. */
/* #undef HAVE_DIRENT_H
/* #undef HAVE_DIRENT_H */
/* Define to 1 if you have the `dirfd' function. */
/* #undef HAVE_DIRFD */
@ -1698,7 +1698,7 @@
#define HAVE_BZERO 1
#define PATH_MAX 32768
#define S_IFIFO 0x1000
#define S_IFIFO 0x1000
#define HAVE_EXPLICIT_BZERO
#define HAVE_MBTOWC 1
#define HAVE_LLABS 1
@ -1713,7 +1713,7 @@
#define __STDC__ 1
#define umac128_new umac_new
#define umac128_update umac_update
#define umac128_update umac_update
#define umac_final umac128_final
#define umac_delete umac128_delete
@ -1727,7 +1727,6 @@
#define _PATH_LS "dir"
#define _PATH_DEVNULL "NUL"
#define FORK_NOT_SUPPORTED
#define HAVE_FREEZERO
#define FILESYSTEM_NO_BACKSLASH
#define HAVE_LOCALTIME_R
#define HAVE_DECL_MEMMEM 0

16
contrib/win32/openssh/config.vcxproj
View File

@ -49,52 +49,52 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Utility</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Utility</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Utility</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>

4
contrib/win32/openssh/install-sshd.ps1
View File

@ -129,12 +129,12 @@ if ($PSVersiontable.PSVersion -le '7.2.9') {
}
$agentDesc = "Agent to hold private keys used for public key authentication."
New-Service -Name ssh-agent -DisplayName "OpenSSH Authentication Agent" -BinaryPathName "$sshagentpath" -Description $agentDesc -StartupType Manual | Out-Null
New-Service -Name ssh-agent -DisplayName "OpenSSH Authentication Agent" -BinaryPathName "`"$sshagentpath`"" -Description $agentDesc -StartupType Manual | Out-Null
sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"
sc.exe privs ssh-agent SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege
$sshdDesc = "SSH protocol based service to provide secure encrypted communications between two untrusted hosts over an insecure network."
New-Service -Name sshd -DisplayName "OpenSSH SSH Server" -BinaryPathName "$sshdpath" -Description $sshdDesc -StartupType Manual | Out-Null
New-Service -Name sshd -DisplayName "OpenSSH SSH Server" -BinaryPathName "`"$sshdpath`"" -Description $sshdDesc -StartupType Manual | Out-Null
sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege
Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"

40
contrib/win32/openssh/keygen.vcxproj
View File

@ -46,54 +46,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -193,7 +201,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -219,7 +227,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -286,7 +294,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
@ -301,7 +309,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -316,7 +324,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
@ -331,7 +339,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -346,7 +354,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
@ -376,7 +384,7 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>

25
contrib/win32/openssh/libssh.vcxproj
View File

@ -45,54 +45,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -442,6 +450,7 @@
<ClCompile Include="$(OpenSSH-Src-Path)ssh-sk.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sshbuf-io.c" />
<ClCompile Include="..\..\..\cipher-chachapoly-libcrypto.c" />
<ClCompile Include="..\..\..\kex-names.c" />
<ClCompile Include="..\win32compat\spawn-ext.c" />
</ItemGroup>
<ItemGroup>

8
contrib/win32/openssh/libssh.vcxproj.filters
View File

@ -22,8 +22,6 @@
<ClCompile Include="$(OpenSSH-Src-Path)ed25519.c" />
<ClCompile Include="$(OpenSSH-Src-Path)entropy.c" />
<ClCompile Include="$(OpenSSH-Src-Path)fatal.c" />
<ClCompile Include="$(OpenSSH-Src-Path)fe25519.c" />
<ClCompile Include="$(OpenSSH-Src-Path)ge25519.c" />
<ClCompile Include="$(OpenSSH-Src-Path)gss-genr.c" />
<ClCompile Include="$(OpenSSH-Src-Path)hash.c" />
<ClCompile Include="$(OpenSSH-Src-Path)hmac.c" />
@ -42,7 +40,6 @@
<ClCompile Include="$(OpenSSH-Src-Path)nchan.c" />
<ClCompile Include="$(OpenSSH-Src-Path)packet.c" />
<ClCompile Include="$(OpenSSH-Src-Path)poly1305.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sc25519.c" />
<ClCompile Include="$(OpenSSH-Src-Path)smult_curve25519_ref.c" />
<ClCompile Include="$(OpenSSH-Src-Path)ssh-dss.c" />
<ClCompile Include="$(OpenSSH-Src-Path)ssh-ecdsa.c" />
@ -70,7 +67,6 @@
<ClCompile Include="$(OpenSSH-Src-Path)progressmeter.c" />
<ClCompile Include="$(OpenSSH-Src-Path)readpass.c" />
<ClCompile Include="$(OpenSSH-Src-Path)rijndael.c" />
<ClCompile Include="$(OpenSSH-Src-Path)verify.c" />
<ClCompile Include="$(OpenSSH-Src-Path)xmalloc.c" />
<ClCompile Include="$(OpenSSH-Src-Path)kexgexs.c" />
<ClCompile Include="$(OpenSSH-Src-Path)platform-misc.c" />
@ -84,6 +80,7 @@
<ClCompile Include="$(OpenSSH-Src-Path)sshbuf-io.c" />
<ClCompile Include="..\win32compat\spawn-ext.c" />
<ClCompile Include="..\..\..\cipher-chachapoly-libcrypto.c" />
<ClCompile Include="..\..\..\kex-names.c" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="$(OpenSSH-Src-Path)addrmatch.c">
@ -119,9 +116,6 @@
<ClCompile Include="$(OpenSSH-Src-Path)cipher-chachapoly.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)cipher-ctr.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)cipher.c">
<Filter>Source Files</Filter>
</ClCompile>

45
contrib/win32/openssh/openbsd_compat.vcxproj
View File

@ -58,6 +58,7 @@
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\bsd-waitpid.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\daemon.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\dirname.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\freezero.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\explicit_bzero.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\fake-rfc2553.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\fmt_scaled.c" />
@ -102,7 +103,10 @@
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\glob.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strcasestr.c" />
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strndup.c" />
<ClCompile Include="..\..\..\openbsd-compat\arc4random_uniform.c" />
<ClCompile Include="..\..\..\openbsd-compat\bsd-getentropy.c" />
<ClCompile Include="..\..\..\openbsd-compat\bsd-pselect.c" />
<ClCompile Include="..\..\..\openbsd-compat\bsd-timegm.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\base64.h" />
@ -136,6 +140,7 @@
<ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sys-queue.h" />
<ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sys-tree.h" />
<ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\vis.h" />
<ClInclude Include="..\..\..\openbsd-compat\arc4random_win.h" />
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{DD483F7D-C553-4740-BC1A-903805AD0174}</ProjectGuid>
@ -147,54 +152,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -271,7 +284,7 @@
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
@ -289,7 +302,7 @@
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
@ -307,7 +320,7 @@
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
@ -328,7 +341,7 @@
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
@ -351,7 +364,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@ -372,7 +385,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@ -394,7 +407,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@ -419,7 +432,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_WIN32_WINNT=0x601;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)openbsd-compat;$(OpenSSH-Src-Path)libkrb;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>

17
contrib/win32/openssh/openbsd_compat.vcxproj.filters
View File

@ -75,6 +75,9 @@
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\dirname.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\freezero.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\explicit_bzero.c">
<Filter>Source Files</Filter>
</ClCompile>
@ -216,6 +219,15 @@
<ClCompile Include="..\..\..\openbsd-compat\bsd-pselect.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\openbsd-compat\bsd-timegm.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\openbsd-compat\arc4random_uniform.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\openbsd-compat\bsd-getentropy.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\base64.h">
@ -311,5 +323,8 @@
<ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\vis.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\..\..\openbsd-compat\arc4random_win.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>
</Project>

12
contrib/win32/openssh/paths.targets
View File

@ -4,11 +4,11 @@
<OpenSSH-Src-Path>$(SolutionDir)..\..\..\</OpenSSH-Src-Path>
<OpenSSH-Bin-Path>$(SolutionDir)..\..\..\bin\</OpenSSH-Bin-Path>
<OpenSSH-Lib-Path>$(SolutionDir)lib\</OpenSSH-Lib-Path>
<LibreSSLVersion>3.6.1.0</LibreSSLVersion>
<ZLibVersion>1.2.13</ZLibVersion>
<fido2Version>1.12.0</fido2Version>
<!--libcbor version is not used in the bulid; it is needed for pipeline compliance tasks-->
<libcborVersion>0.8.0</libcborVersion>
<LibreSSLVersion>4.0.0.0</LibreSSLVersion>
<ZLibVersion>1.3.1</ZLibVersion>
<fido2Version>1.15.0</fido2Version>
<!--libcbor version is not used in the build; it is needed for pipeline compliance tasks-->
<libcborVersion>0.11.0</libcborVersion>
<LibreSSL-Path>$(SolutionDir)\LibreSSL\sdk\</LibreSSL-Path>
<LibreSSL-x86-Path>$(SolutionDir)\LibreSSL\bin\desktop\x86\</LibreSSL-x86-Path>
<LibreSSL-x64-Path>$(SolutionDir)\LibreSSL\bin\desktop\x64\</LibreSSL-x64-Path>
@ -26,7 +26,7 @@
<ZLib-arm-Path>$(SolutionDir)\ZLib\bin\arm\</ZLib-arm-Path>
<UseOpenSSL>true</UseOpenSSL>
<SSLLib>libcrypto.lib;</SSLLib>
<WindowsSDKVersion>10.0.17763.0</WindowsSDKVersion>
<WindowsSDKVersion>10.0.22621.0</WindowsSDKVersion>
<AdditionalDependentLibs>bcrypt.lib;Userenv.lib;Crypt32.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;Netapi32.lib;Rpcrt4.lib;ntdll.lib</AdditionalDependentLibs>
<MinimalCoreWin>false</MinimalCoreWin>
</PropertyGroup>

BIN
contrib/win32/openssh/resource.h
View File

Binary file not shown.

72
contrib/win32/openssh/scp.vcxproj
View File

@ -58,54 +58,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -191,13 +199,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -205,7 +213,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -217,13 +225,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -231,7 +239,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -243,13 +251,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -269,13 +277,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -297,12 +305,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -313,7 +321,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -327,12 +335,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -343,7 +351,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -357,12 +365,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -387,12 +395,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

72
contrib/win32/openssh/sftp-server.vcxproj
View File

@ -55,54 +55,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -188,13 +196,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -202,7 +210,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -214,13 +222,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -228,7 +236,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -240,13 +248,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -266,13 +274,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -294,12 +302,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -310,7 +318,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -324,12 +332,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -340,7 +348,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -354,12 +362,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -384,12 +392,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

72
contrib/win32/openssh/sftp.vcxproj
View File

@ -59,54 +59,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -192,13 +200,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -206,7 +214,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -218,13 +226,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -232,7 +240,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -244,13 +252,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -270,13 +278,13 @@
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -298,12 +306,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -314,7 +322,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -328,12 +336,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -344,7 +352,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -358,12 +366,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -388,12 +396,12 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

56
contrib/win32/openssh/ssh-add.vcxproj
View File

@ -58,54 +58,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -197,7 +205,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -205,7 +213,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -223,7 +231,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -231,7 +239,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -249,7 +257,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -275,7 +283,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -298,11 +306,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -313,7 +321,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -328,11 +336,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -343,7 +351,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -358,11 +366,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -388,11 +396,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

56
contrib/win32/openssh/ssh-agent.vcxproj
View File

@ -46,54 +46,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -194,14 +202,14 @@
<ExceptionHandling>Sync</ExceptionHandling>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -219,14 +227,14 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -244,7 +252,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -269,7 +277,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -290,11 +298,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -304,7 +312,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -318,12 +326,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -333,7 +341,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -347,12 +355,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -376,12 +384,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories);$(OpenSSH-Src-Path)contrib\win32\ssh-pubkey</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

56
contrib/win32/openssh/ssh-keyscan.vcxproj
View File

@ -46,54 +46,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -184,7 +192,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -192,7 +200,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -209,7 +217,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -217,7 +225,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -234,7 +242,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -259,7 +267,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -281,11 +289,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -296,7 +304,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -310,12 +318,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -326,7 +334,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -340,12 +348,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -370,12 +378,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

56
contrib/win32/openssh/ssh-pkcs11-helper.vcxproj
View File

@ -46,54 +46,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -184,7 +192,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -192,7 +200,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;setupapi.lib;hid.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -209,7 +217,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -217,7 +225,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;setupapi.lib;hid.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -234,7 +242,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -259,7 +267,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -281,11 +289,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -296,7 +304,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -310,12 +318,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -326,7 +334,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -340,12 +348,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -370,12 +378,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

56
contrib/win32/openssh/ssh-shellhost.vcxproj
View File

@ -53,54 +53,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -185,14 +193,14 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>openbsd_compat.lib;$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -211,14 +219,14 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>openbsd_compat.lib;$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -237,7 +245,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -263,7 +271,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -285,12 +293,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>
</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -300,7 +308,7 @@
<AdditionalDependencies>openbsd_compat.lib;$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -315,12 +323,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>
</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -330,7 +338,7 @@
<AdditionalDependencies>openbsd_compat.lib;$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -345,12 +353,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>
</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -375,12 +383,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>
</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

58
contrib/win32/openssh/ssh-sk-helper.vcxproj
View File

@ -46,54 +46,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -184,7 +192,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -192,7 +200,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;fido2.lib;cbor.lib;setupapi.lib;hid.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);$(fido2-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -209,7 +217,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -217,7 +225,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;fido2.lib;cbor.lib;setupapi.lib;hid.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);$(fido2-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -234,7 +242,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -259,7 +267,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -281,11 +289,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -296,7 +304,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);$(fido2-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -310,12 +318,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -326,7 +334,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);$(fido2-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -340,12 +348,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -370,12 +378,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -406,4 +414,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

56
contrib/win32/openssh/ssh.vcxproj
View File

@ -46,54 +46,62 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -194,7 +202,7 @@
<ExceptionHandling>Sync</ExceptionHandling>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -202,7 +210,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -220,7 +228,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -228,7 +236,7 @@
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -246,7 +254,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -272,7 +280,7 @@
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -294,11 +302,11 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -309,7 +317,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -323,12 +331,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -339,7 +347,7 @@
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
@ -353,12 +361,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -383,12 +391,12 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_WIN32_WINNT=0x601;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 /Qspectre %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

14
contrib/win32/openssh/sshTelemetry.c
View File

@ -119,6 +119,19 @@ void send_encryption_telemetry(const char* direction,
TraceLoggingUnregister(g_hProvider1);
}
void send_kex_exch_exit_code_telemetry(const int exit_code)
{
TraceLoggingRegister(g_hProvider1);
TraceLoggingWrite(
g_hProvider1,
"KexExchExitCodeSSHD",
TelemetryPrivacyDataTag(PDT_ProductAndServiceUsage),
TraceLoggingKeyword(MICROSOFT_KEYWORD_MEASURES),
TraceLoggingInt16(exit_code, "KexExchExitCodeSSHD")
);
TraceLoggingUnregister(g_hProvider1);
}
void send_pubkey_telemetry(const char* pubKeyStatus)
{
TraceLoggingRegister(g_hProvider1);
@ -205,4 +218,3 @@ void send_ssh_version_telemetry(const char* ssh_version,
);
TraceLoggingUnregister(g_hProvider1);
}

3
contrib/win32/openssh/sshTelemetry.h
View File

@ -12,6 +12,9 @@ void send_encryption_telemetry(const char* direction,
const char* comp, const char* host_key,
const char** cproposal, const char** sproposal);
// sends exit code of kex_exchange_identification(), utilized only in sshd
void send_kex_exch_exit_code_telemetry(const int exit_code);
// sends status if using key-based auth
void send_pubkey_telemetry(const char* pubKeyStatus);

484
contrib/win32/openssh/sshd-session.vcxproj Normal file
View File

@ -0,0 +1,484 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="paths.targets" />
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|ARM">
<Configuration>Debug</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|ARM64">
<Configuration>Debug</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM">
<Configuration>Release</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{86D5F580-EFB0-4BEA-96B7-7181F9BC6171}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>keygen</RootNamespace>
<WindowsTargetPlatformVersion>$(WindowsSDKVersion)</WindowsTargetPlatformVersion>
<ProjectName>sshd-session</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<SpectreMitigation>Spectre</SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\</OutDir>
<IntDir>$(Platform)\$(Configuration)\$(TargetName)\</IntDir>
<IncludePath>$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath);</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm64-Path);$(ZLib-arm64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level1</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>false</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm-Path);$(ZLib-arm-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /ignore:4098 %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level1</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x86-Path);$(ZLib-x86-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level1</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-x64-Path);$(ZLib-x64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 /CETCOMPAT %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<ClCompile>
<WarningLevel>Level1</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm64-Path);$(ZLib-arm64-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
<ClCompile>
<WarningLevel>Level1</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>_CRT_DECLARE_NONSTDC_NAMES=0;_WIN32_WINNT=0x601;;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir);$(LibreSSL-Path)include;$(ZLib-Path);$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<WholeProgramOptimization>true</WholeProgramOptimization>
<ControlFlowGuard>Guard</ControlFlowGuard>
<AdditionalOptions>/Gy /ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>posix_compat.lib;libssh.lib;openbsd_compat.lib;zlib.lib;$(SSLLib)$(AdditionalDependentLibs);%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(LibreSSL-arm-Path);$(ZLib-arm-Path);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<ForceFileOutput>MultiplyDefinedSymbolOnly</ForceFileOutput>
<EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<ShowProgress>NotSet</ShowProgress>
<AdditionalOptions>/debug /debugtype:cv,fixup /opt:ref /opt:icf /incremental:no /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
</Link>
<Manifest>
<AdditionalManifestFiles>targetos.manifest</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="$(OpenSSH-Src-Path)audit-bsm.c" />
<ClCompile Include="$(OpenSSH-Src-Path)audit-linux.c" />
<ClCompile Include="$(OpenSSH-Src-Path)audit.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-bsdauth.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-krb5.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-options.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-pam.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-passwd.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-hostbased.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-kbdint.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-none.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-passwd.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2-pubkey.c" />
<ClCompile Include="$(OpenSSH-Src-Path)auth2.c" />
<ClCompile Include="$(OpenSSH-Src-Path)gss-serv-krb5.c" />
<ClCompile Include="$(OpenSSH-Src-Path)gss-serv.c" />
<ClCompile Include="$(OpenSSH-Src-Path)loginrec.c" />
<ClCompile Include="$(OpenSSH-Src-Path)monitor.c" />
<ClCompile Include="$(OpenSSH-Src-Path)monitor_wrap.c" />
<ClCompile Include="$(OpenSSH-Src-Path)platform.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-capsicum.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-darwin.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-null.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-rlimit.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-seccomp-filter.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-systrace.c" />
<ClCompile Include="$(OpenSSH-Src-Path)servconf.c" />
<ClCompile Include="$(OpenSSH-Src-Path)serverloop.c" />
<ClCompile Include="$(OpenSSH-Src-Path)session.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sshd-session.c" />
<ClCompile Include="$(OpenSSH-Src-Path)sshlogin.c" />
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c" />
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c" />
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c" />
<ClCompile Include="..\..\..\auth2-methods.c" />
<ClCompile Include="..\..\..\auth2-pubkeyfile.c" />
<ClCompile Include="..\..\..\misc.c" />
<ClCompile Include="..\..\..\srclimit.c" />
<ClCompile Include="..\..\..\ssh-sk-client.c" />
<ClCompile Include="..\..\..\sshkey.c" />
<ClCompile Include="..\win32compat\win32-utf8.c" />
<ClCompile Include="..\win32compat\wmain_sshd-session.c" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="version.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

171
contrib/win32/openssh/sshd-session.vcxproj.filters Normal file
View File

@ -0,0 +1,171 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="$(OpenSSH-Src-Path)audit-bsm.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)audit-linux.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)audit.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-bsdauth.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-krb5.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-options.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-pam.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-passwd.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-rhosts.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-shadow.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth-sia.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-chall.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-gss.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-hostbased.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-kbdint.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-none.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-passwd.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2-pubkey.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)auth2.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)gss-serv-krb5.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)gss-serv.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)loginrec.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)monitor.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)monitor_wrap.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)platform.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-capsicum.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-darwin.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-null.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-rlimit.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-seccomp-filter.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sandbox-systrace.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)servconf.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)serverloop.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)session.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sftp-common.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sshd-session.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)sshlogin.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_sshpty.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\win32_groupaccess.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\w32-doexec.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\win32compat\win32-utf8.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\srclimit.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\ssh-sk-client.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\auth2-pubkeyfile.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\misc.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\sshkey.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\..\auth2-methods.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\win32compat\wmain_sshd-session.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="version.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>

Some files were not shown because too many files have changed in this diff Show More