Source snapshot from Powershell/openssh-portable:latestw_all

Author: manojampalam

appveyor.yml

@@ -16,6 +16,7 @@ build_script:
 
 after_build:
   - ps: |
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
       Install-OpenSSH
   - ps: Write-Verbose "Restart computer ..."
   - ps: Restart-Computer -Force
@@ -37,8 +38,10 @@ test_script:
 
 after_test:
   - ps: |
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
       Upload-OpenSSHTestResults
       
 on_finish:
   - ps: |
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
       Publish-Artifact

auth-pam.c

@@ -830,6 +830,8 @@ fake_password(const char *wire_password)
 		fatal("%s: password length too long: %zu", __func__, l);
 
 	ret = malloc(l + 1);
+	if (ret == NULL)
+		return NULL;
 	for (i = 0; i < l; i++)
 		ret[i] = junk[i % (sizeof(junk) - 1)];
 	ret[i] = '\0';

authfd.c

@@ -94,54 +94,6 @@ ssh_get_authentication_socket(int *fdp)
 	if (fdp != NULL)
 		*fdp = -1;
 
-#ifdef WINDOWS
-	/* Auth socket in Windows is a static-named pipe listener in ssh-agent */
-	{
-		HKEY agent_root = 0;
-		DWORD agent_pid = 0, tmp_size = 4, pipe_server_pid = 0xff;
-		DWORD connection_attempts = 0;
-		HANDLE h;
-		RegOpenKeyExW(HKEY_LOCAL_MACHINE, SSH_AGENT_REG_ROOT, 
-			0, KEY_QUERY_VALUE, &agent_root);
-		if (agent_root) {
-			RegQueryValueEx(agent_root, "ProcessId", 0, 
-				NULL, (LPBYTE)&agent_pid, &tmp_size);
-			RegCloseKey(agent_root);
-		}
-
-		do {
-			h = CreateFileW(SSH_AGENT_PIPE_NAME, GENERIC_READ | GENERIC_WRITE, 0,
-				NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); 
-			if (h != INVALID_HANDLE_VALUE || GetLastError() != ERROR_PIPE_BUSY || 
-			    ++connection_attempts > 10)
-				break;
-			Sleep(100);
-		} while(1);
-
-		if (h == INVALID_HANDLE_VALUE) {
-			debug("ssh_get_authentication_socket - CreateFileW failed error %d", 
-			    GetLastError());
-			return SSH_ERR_AGENT_NOT_PRESENT;
-		}
-
-		/*
-		 * ensure that connected server pid matches published pid. 
-		 * this provides service side auth and prevents mitm
-		 */
-		if (!GetNamedPipeServerProcessId(h, &pipe_server_pid) || 
-		    (agent_pid != pipe_server_pid)) {
-			debug("agent pid mismatch");
-			CloseHandle(h);
-			return SSH_ERR_AGENT_COMMUNICATION;
-		}
-
-		/* alloc fd for pipe handle */
-		if ((sock = w32_allocate_fd_for_handle(h, FALSE)) < 0) {
-			CloseHandle(h);
-			return SSH_ERR_SYSTEM_ERROR;
-		}
-	}
-#else  /* !WINDOWS */
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
 	if (!authsocket)
 		return SSH_ERR_AGENT_NOT_PRESENT;
@@ -161,7 +113,6 @@ ssh_get_authentication_socket(int *fdp)
 		errno = oerrno;
 		return SSH_ERR_SYSTEM_ERROR;
 	}
-#endif  /* !WINDOWS */
 
 	if (fdp != NULL)
 		*fdp = sock;

authfd.h

@@ -96,7 +96,5 @@ int	ssh_agent_sign(int sock, struct sshkey *key,
 #define SSH_AGENT_AUTHENTICATE			200
 #define PUBKEY_AUTH_REQUEST			"pubkey"
 #define PASSWD_AUTH_REQUEST			"password"
-#define SSH_AGENT_REG_ROOT			L"SOFTWARE\\SSH\\Agent"
-#define SSH_AGENT_PIPE_NAME			L"\\\\.\\pipe\\ssh-agent"
 
 #endif				/* AUTHFD_H */

channels.c

@@ -4375,6 +4375,33 @@ connect_local_xsocket(u_int dnr)
 	return connect_local_xsocket_path(buf);
 }
 
+#ifdef __APPLE__
+static int
+is_path_to_xsocket(const char *display, char *path, size_t pathlen)
+{
+	struct stat sbuf;
+
+	if (strlcpy(path, display, pathlen) >= pathlen) {
+		error("%s: display path too long", __func__);
+		return 0;
+	}
+	if (display[0] != '/')
+		return 0;
+	if (stat(path, &sbuf) == 0) {
+		return 1;
+	} else {
+		char *dot = strrchr(path, '.');
+		if (dot != NULL) {
+			*dot = '\0';
+			if (stat(path, &sbuf) == 0) {
+				return 1;
+			}
+		}
+	}
+	return 0;
+}
+#endif
+
 int
 x11_connect_display(void)
 {
@@ -4396,15 +4423,22 @@ x11_connect_display(void)
 	 * connection to the real X server.
 	 */
 
-	/* Check if the display is from launchd. */
 #ifdef __APPLE__
-	if (strncmp(display, "/tmp/launch", 11) == 0) {
-		sock = connect_local_xsocket_path(display);
-		if (sock < 0)
-			return -1;
+	/* Check if display is a path to a socket (as set by launchd). */
+	{
+		char path[PATH_MAX];
 
-		/* OK, we now have a connection to the display. */
-		return sock;
+		if (is_path_to_xsocket(display, path, sizeof(path))) {
+			debug("x11_connect_display: $DISPLAY is launchd");
+
+			/* Create a socket. */
+			sock = connect_local_xsocket_path(path);
+			if (sock < 0)
+				return -1;
+
+			/* OK, we now have a connection to the display. */
+			return sock;
+		}
 	}
 #endif
 	/*

clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.290 2017/01/29 21:35:23 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -2394,6 +2394,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
 	hostkeys_update_ctx_free(ctx);
 }
 
+/*
+ * Returns non-zero if the key is accepted by HostkeyAlgorithms.
+ * Made slightly less trivial by the multiple RSA signature algorithm names.
+ */
+static int
+key_accepted_by_hostkeyalgs(const struct sshkey *key)
+{
+	const char *ktype = sshkey_ssh_name(key);
+	const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
+	    options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
+
+	if (key == NULL || key->type == KEY_UNSPEC)
+		return 0;
+	if (key->type == KEY_RSA &&
+	    (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
+	    match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
+		return 1;
+	return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
+}
+
 /*
  * Handle [email protected] global request to inform the client of all
  * the server's hostkeys. The keys are checked against the user's
@@ -2440,10 +2460,7 @@ client_input_hostkeys(void)
 		    sshkey_type(key), fp);
 		free(fp);
 
-		/* Check that the key is accepted in HostkeyAlgorithms */
-		if (match_pattern_list(sshkey_ssh_name(key),
-		    options.hostkeyalgorithms ? options.hostkeyalgorithms :
-		    KEX_DEFAULT_PK_ALG, 0) != 1) {
+		if (!key_accepted_by_hostkeyalgs(key)) {
 			debug3("%s: %s key not permitted by HostkeyAlgorithms",
 			    __func__, sshkey_ssh_name(key));
 			continue;

contrib/win32/openssh/appveyor.psm1

@@ -497,16 +497,16 @@ function Deploy-OpenSSHTests
     else
     {
         $RealConfiguration = $Configuration
-    }
-    
+    }    
 
     [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot
     #copy all pester tests
     $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "regress\pesterTests"
     Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHTestDir -Include *.ps1,*.psm1, sshd_config -Force -ErrorAction Stop
     #copy all unit tests.
-    $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "bin\$folderName\$RealConfiguration"
-    Copy-Item -Path "$sourceDir\unittest-*" -Destination $OpenSSHTestDir -Force -ErrorAction Stop
+    $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "bin\$folderName\$RealConfiguration"    
+    Copy-Item -Path "$sourceDir\*" -Destination "$OpenSSHTestDir\" -Container -Include unittest-* -Recurse -Force -ErrorAction Stop
+    
     #restart the service to use the test copy of sshd_config
     Restart-Service sshd
 }
@@ -668,14 +668,18 @@ function Run-OpenSSHUnitTest
     {
         Remove-Item -Path $unitTestOutputFile -Force -ErrorAction SilentlyContinue
     }
-
-    $unitTestFiles = Get-ChildItem -Path "$testRoot\unittest*.exe" -Exclude unittest-kex.exe,unittest-hostkeys.exe
+    $testFolders = Get-ChildItem unittest-*.exe -Recurse -Exclude unittest-sshkey.exe,unittest-kex.exe |
+                 ForEach-Object{ Split-Path $_.FullName} |
+                 Sort-Object -Unique
     $testfailed = $false
-    if ($unitTestFiles -ne $null)
-    {        
-        $unitTestFiles | % {
-            Write-Output "Running OpenSSH unit $($_.FullName)..."
-            & $_.FullName >> $unitTestOutputFile
+    if ($testFolders -ne $null)
+    {
+        $testFolders | % {
+            Push-Location $_
+            $unittestFile = "$(Split-Path $_ -Leaf).exe"
+            Write-Output "Running OpenSSH unit $unittestFile ..."
+            & .\$unittestFile >> $unitTestOutputFile
+            
             $errorCode = $LASTEXITCODE
             if ($errorCode -ne 0)
             {
@@ -685,6 +689,7 @@ function Run-OpenSSHUnitTest
                 Write-BuildMessage -Message $errorMessage -Category Error
                 Set-BuildVariable TestPassed False
             }
+            Pop-Location
         }
         if(-not $testfailed)
         {
@@ -747,7 +752,7 @@ function Upload-OpenSSHTestResults
 
     if($env:TestPassed -ieq 'True')
     {
-        Write-BuildMessage -Message "The checkin validation success!"
+        Write-BuildMessage -Message "The checkin validation success!" -Category Information
     }
     else
     {

contrib/win32/openssh/config.h.vs

@@ -1080,7 +1080,7 @@
 #define HAVE_SYS_TYPES_H 1
 
 /* Define to 1 if you have the <sys/un.h> header file. */
-/* #undef HAVE_SYS_UN_H */
+#define HAVE_SYS_UN_H 1
 
 /* Define to 1 if you have the `tcgetpgrp' function. */
 /* #undef HAVE_TCGETPGRP */
@@ -1641,7 +1641,6 @@
 #undef HAVE_SYS_CDEFS_H
 #undef HAVE_SYS_SYSMACROS_H
 #undef HAVE_SYS_MMAN_H
-#undef HAVE_SYS_UN_H
 #define _STRUCT_WINSIZE 1
 
 #define HAVE_TCGETPGRP 1

contrib/win32/openssh/config.vcxproj

@@ -115,7 +115,7 @@
       <Command>powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h'</Command>
     </PreBuildEvent>
     <PreBuildEvent>
-      <Message>Setup config.h in openssh source path for visual studio</Message>
+      <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -139,7 +139,7 @@
       <Command>powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h'</Command>
     </PreBuildEvent>
     <PreBuildEvent>
-      <Message>Setup config.h in openssh source path for visual studio</Message>
+      <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -167,7 +167,7 @@
       <Command>powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h'</Command>
     </PreBuildEvent>
     <PreBuildEvent>
-      <Message>Setup config.h in openssh source path for visual studio</Message>
+      <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -195,7 +195,7 @@
       <Command>powershell.exe -Executionpolicy Bypass "$(SolutionDir)config.ps1" -Config_h_vs '$(SolutionDir)config.h.vs' -Config_h '$(OpenSSH-Src-Path)config.h' -VCIncludePath '$(VC_IncludePath)' -OutCRTHeader '$(OpenSSH-Src-Path)contrib\win32\win32compat\inc\crtheaders.h'</Command>
     </PreBuildEvent>
     <PreBuildEvent>
-      <Message>Setup config.h in openssh source path for visual studio</Message>
+      <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
   </ItemDefinitionGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

contrib/win32/openssh/keygen.vcxproj

@@ -157,7 +157,6 @@
       <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
       <FullProgramDatabaseFile>true</FullProgramDatabaseFile>
-      <StripPrivateSymbols>No</StripPrivateSymbols>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -182,7 +181,6 @@
       <AdditionalLibraryDirectories>$(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
       <EntryPointSymbol>wmainCRTStartup</EntryPointSymbol>
       <FullProgramDatabaseFile>true</FullProgramDatabaseFile>
-      <StripPrivateSymbols>No</StripPrivateSymbols>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>