Source snapshot from Powershell/openssh-portable:latestw_cwb

Author: manojampalam

README

@@ -1,4 +1,4 @@
-See https://www.openssh.com/releasenotes.html#7.3p1 for the release notes.
+See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes.
 
 Please read https://www.openssh.com/report.html for bug reporting
 instructions and note that we do not use Github for bug reporting or

appveyor.yml

@@ -1,10 +1,10 @@
-version: 0.0.4.0.{build}
+version: 0.0.6.0.{build}
 image: Visual Studio 2015
 
 branches:
   only:
-    - V_7_3w
-    - latestw_cwb
+    - latestw_all
+    - latestw_all_openssl
 
 init:
   - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))

auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.118 2016/11/08 22:04:34 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.119 2016/12/15 21:29:05 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -192,7 +192,7 @@ allowed_user(struct passwd * pw)
 
 	/* Return false if user is listed in DenyUsers */
 	if (options.num_deny_users > 0) {
-		for (i = 0; i < options.num_deny_users; i++)
+		for (i = 0; i < options.num_deny_users; i++) {
 			r = match_user(pw->pw_name, hostname, ipaddr,
 			    options.deny_users[i]);
 			if (r < 0) {
@@ -204,6 +204,7 @@ allowed_user(struct passwd * pw)
 				    pw->pw_name, hostname);
 				return 0;
 			}
+		}
 	}
 	/* Return false if AllowUsers isn't empty and user isn't listed there */
 	if (options.num_allow_users > 0) {
@@ -576,7 +577,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 	struct stat st;
 	int fd;
 	FILE *f;
-	
+
 #ifdef WINDOWS
         /* Windows POSIX adpater does not support fdopen() on open(file)*/
         if ((f = fopen(file, "r")) == NULL) {
@@ -616,6 +617,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 		return NULL;
 	}
 #endif  /* !WINDOWS */
+
 	return f;
 }
 

auth2-pubkey.c

@@ -245,10 +245,11 @@ userauth_pubkey(Authctxt *authctxt)
 		 * if a user is not allowed to login. is this an
 		 * issue? -markus
 		 */
-#ifndef WINDOWS
-		if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0)))  
-#endif  /* !WINDOWS */
+#ifdef WINDOWS /* key validation in done in agent for Windows */
 		{
+#else  /* !WINDOWS */
+		if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) {
+#endif  /* !WINDOWS */
 			packet_start(SSH2_MSG_USERAUTH_PK_OK);
 			packet_put_string(pkalg, alen);
 			packet_put_string(pkblob, blen);

channels.c

@@ -2049,6 +2049,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset)
 			c->notbefore = monotime() + 1;
 		return;
 	}
+
 #ifndef WINDOWS  /*TODO - implement user check for Windows*/
 	if (getpeereid(newsock, &euid, &egid) < 0) {
 		error("%s getpeereid failed: %s", __func__,

clientloop.c

@@ -1273,6 +1273,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
 				}
 				continue;
 #endif /* !WINDOWS */
+
 			case '?':
 				print_escape_help(berr, escape_char, compat20,
 				    (c && c->ctl_chan != -1),

contrib/redhat/openssh.spec

@@ -1,4 +1,4 @@
-%define ver 7.3p1
+%define ver 7.4p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID

contrib/suse/openssh.spec

@@ -13,7 +13,7 @@
 
 Summary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:		openssh
-Version:	7.3p1
+Version:	7.4p1
 URL:		https://www.openssh.com/
 Release:	1
 Source0:	openssh-%{version}.tar.gz

contrib/win32/openssh/build.psm1

@@ -3,6 +3,7 @@ Set-StrictMode -Version Latest
 [string] $script:platform = $env:PROCESSOR_ARCHITECTURE
 [string] $script:vcPath = $null
 [System.IO.DirectoryInfo] $script:OpenSSHRoot = $null
+[System.IO.DirectoryInfo] $script:gitRoot = $null
 [bool] $script:Verbose = $false
 [string] $script:BuildLogFile = $null
 
@@ -268,6 +269,34 @@ function Start-SSHBootstrap
     }
 }
 
+function Clone-Win32OpenSSH
+{	
+    $win32OpenSSHPath = join-path $script:gitRoot "Win32-OpenSSH"
+    if (-not (Test-Path -Path $win32OpenSSHPath -PathType Container))
+    {
+        Write-BuildMsg -AsInfo -Message "clone repo Win32-OpenSSH"
+        Push-Location $gitRoot
+        git clone -q --recursive https://github.com/PowerShell/Win32-OpenSSH.git $win32OpenSSHPath
+        Pop-Location
+    }
+    Write-BuildMsg -AsInfo -Message "pull latest from repo Win32-OpenSSH"
+    Push-Location $win32OpenSSHPath
+	git fetch -q origin
+    git checkout -qf L1-Prod        
+    Pop-Location
+}
+
+function Copy-OpenSSLSDK
+{
+    $sourcePath  = Join-Path $script:gitRoot "Win32-OpenSSH\contrib\win32\openssh\OpenSSLSDK"
+    Write-BuildMsg -AsInfo -Message "copying $sourcePath"
+    Copy-Item -Container -Path $sourcePath -Destination $PSScriptRoot -Recurse -Force -ErrorAction SilentlyContinue -ErrorVariable e
+    if($e -ne $null)
+    {
+        Write-BuildMsg -AsError -ErrorAction Stop -Message "Copy OpenSSL from $sourcePath failed "
+    }
+}
+
 function Start-SSHBuild
 {
     [CmdletBinding(SupportsShouldProcess=$false)]    
@@ -286,6 +315,8 @@ function Start-SSHBuild
 
     # Get openssh-portable root    
     $script:OpenSSHRoot = Get-Item -Path $repositoryRoot.FullName
+	$script:gitRoot = split-path $script:OpenSSHRoot
+
 
     if($PSBoundParameters.ContainsKey("Verbose"))
     {
@@ -302,6 +333,9 @@ function Start-SSHBuild
     Write-BuildMsg -AsInfo -Message "Build Log: $($script:BuildLogFile)"
 
     Start-SSHBootstrap
+
+    Clone-Win32OpenSSH
+    Copy-OpenSSLSDK
     $msbuildCmd = "msbuild.exe"
     $solutionFile = Get-SolutionFile -root $repositoryRoot.FullName
     $cmdMsg = @("${solutionFile}", "/p:Platform=${NativeHostArch}", "/p:Configuration=${Configuration}", "/fl", "/flp:LogFile=${script:BuildLogFile}`;Append`;Verbosity=diagnostic")
@@ -380,4 +414,4 @@ function Get-RepositoryRoot
     throw new-object System.IO.DirectoryNotFoundException("Could not find the root of the GIT repository")
 }
 
-Export-ModuleMember -Function Start-SSHBuild, Get-RepositoryRoot, Get-BuildLogFile
+Export-ModuleMember -Function Start-SSHBuild, Get-RepositoryRoot, Get-BuildLogFile, Clone-Win32OpenSSH, Copy-OpenSSLSDK

contrib/win32/openssh/config.h.vs

@@ -876,7 +876,7 @@
 /* #undef HAVE_SET_ID */
 
 /* Define to 1 if you have the `SHA256_Update' function. */
-#define HAVE_SHA256_UPDATE 1
+/* #undef HAVE_SHA256_UPDATE */
 
 /* Define to 1 if you have the <sha2.h> header file. */
 /* #undef HAVE_SHA2_H */

contrib/win32/openssh/install-sshd.ps1

@@ -1,11 +1,15 @@
-$scriptpath = $MyInvocation.MyCommand.Path
+# @manojampalam - authored initial script
+# @friism - Fixed issue with invalid SDDL on Set-Acl
+
+$scriptpath = $MyInvocation.MyCommand.Path
 $scriptdir = Split-Path $scriptpath
 
 $sshdpath = Join-Path $scriptdir "sshd.exe"
 $sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
 $logsdir = Join-Path $scriptdir "logs"
 
-$ntrights = "ntrights.exe -u `"NT SERVICE\SSHD`" +r SeAssignPrimaryTokenPrivilege"
+$account = "NT SERVICE\SSHD"
+$ntrights = "ntrights.exe -u `"{0}`" +r SeAssignPrimaryTokenPrivilege" -f $account
 
 if (-not (Test-Path $sshdpath)) {
     throw "sshd.exe is not present in script path"
@@ -27,17 +31,17 @@ New-Service -Name ssh-agent -BinaryPathName $sshagentpath -Description "SSH Agen
 cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)'
 
 New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Deamon" -StartupType Manual -DependsOn ssh-agent | Out-Null
-sc.exe config sshd obj= "NT SERVICE\SSHD"
+sc.exe config sshd obj= $account
 
 Push-Location
 cd $scriptdir
 cmd.exe /c $ntrights
 Pop-Location
 
 mkdir $logsdir > $null
-$sddl = "O:SYG:DUD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x12019f;;;S-1-5-80-3847866527-469524349-687026318-516638107-1125189541)"
+$rights = [System.Security.AccessControl.FileSystemRights]"Read, Write"
+$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, $rights, "ContainerInherit,ObjectInherit", "None", "Allow")
 $acl = Get-Acl -Path $logsdir
-$acl.SetSecurityDescriptorSddlForm($sddl)
+$Acl.SetAccessRule($accessRule)
 Set-Acl -Path $logsdir -AclObject $acl
 Write-Host -ForegroundColor Green "sshd and ssh-agent services successfully installed"
-

contrib/win32/openssh/libssh.vcxproj

@@ -194,7 +194,7 @@
       <ExcludedFromBuild Condition="$(UseOpenSSL)==false">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="$(OpenSSH-Src-Path)digest-libc.c">
-      <ExcludedFromBuild Condition="$(UseOpenSSL)==false">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="$(UseOpenSSL)==true">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="$(OpenSSH-Src-Path)dispatch.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)dns.c" />
@@ -285,7 +285,9 @@
     <ClCompile Include="$(OpenSSH-Src-Path)sandbox-pledge.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)utf8.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)contrib\win32\win32compat\ttymodes_windows.c" />
-    <ClCompile Include="..\..\..\digest-openssl.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)digest-openssl.c">
+      <ExcludedFromBuild Condition="$(UseOpenSSL)==false">true</ExcludedFromBuild>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)crypto-wrap.h" />

contrib/win32/openssh/version.rc

@@ -155,11 +155,11 @@
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\win32_dirent.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\no-ops.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\win32_zlib.c" />
-    <ClCompile Include="..\win32compat\ansiprsr.c" />
-    <ClCompile Include="..\win32compat\conio.c" />
-    <ClCompile Include="..\win32compat\console.c" />
-    <ClCompile Include="..\win32compat\tncon.c" />
-    <ClCompile Include="..\win32compat\tnnet.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\ansiprsr.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\conio.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\console.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\tncon.c" />
+    <ClCompile Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\tnnet.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\w32fd.h" />
@@ -198,6 +198,7 @@
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\inc\termios.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\inc\dirent.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\inc\pwd.h" />
+    <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\misc_internal.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

contrib/win32/openssh/win32iocompat.vcxproj

@@ -117,6 +117,7 @@
       <Filter>inc</Filter>
     </ClInclude>
     <ClInclude Include="$(OpenSSH-Src-Path)\contrib\win32\win32compat\inc\pwd.h" />
+    <ClInclude Include="..\win32compat\misc_internal.h" />
   </ItemGroup>
   <ItemGroup>
     <Filter Include="inc">

contrib/win32/openssh/win32iocompat.vcxproj.filters

@@ -199,9 +199,14 @@ createFile_flags_setup(int flags, int mode, struct createFile_flags* cf_flags) {
 		return -1;
 	}
 
+	cf_flags->dwShareMode = 0;
+
 	switch (rwflags) {
 	case O_RDONLY:
 		cf_flags->dwDesiredAccess = GENERIC_READ;
+		/*todo: need to review to make sure all flags are correct*/
+		if (flags & O_NONBLOCK)
+			cf_flags->dwShareMode = FILE_SHARE_READ;			
 		break;
 	case O_WRONLY:
 		cf_flags->dwDesiredAccess = GENERIC_WRITE;
@@ -211,8 +216,6 @@ createFile_flags_setup(int flags, int mode, struct createFile_flags* cf_flags) {
 		break;
 	}
 
-	cf_flags->dwShareMode = 0;
-
 	cf_flags->securityAttributes.lpSecurityDescriptor = NULL;
 	cf_flags->securityAttributes.bInheritHandle = TRUE;
 	cf_flags->securityAttributes.nLength = 0;
@@ -230,7 +233,7 @@ createFile_flags_setup(int flags, int mode, struct createFile_flags* cf_flags) {
 	if (c_s_flags & O_APPEND)
 		cf_flags->dwDesiredAccess = FILE_APPEND_DATA;
 
-	cf_flags->dwFlagsAndAttributes = FILE_FLAG_OVERLAPPED | SECURITY_IMPERSONATION;
+	cf_flags->dwFlagsAndAttributes = FILE_FLAG_OVERLAPPED | SECURITY_IMPERSONATION | FILE_FLAG_BACKUP_SEMANTICS;
 
 	/*TODO - map mode */
 

contrib/win32/win32compat/fileio.c

@@ -159,3 +159,6 @@ explicit_bzero(void *b, size_t len);
 #define fopen w32_fopen_utf8
 #define popen _popen
 #define pclose _pclose
+
+void convertToBackslash(char *str);
+void convertToForwardslash(char *str);