Source snapshot from Powershell/openssh-portable:latestw_all

Author: bingbing8

.skipped-commit-ids

@@ -1,3 +1,7 @@
+# Commit IDs against the new CVS->GIT translation go here (and delete this line)
+
+Old upstream tree:
+
 321065a95a7ccebdd5fd08482a1e19afbf524e35	Update DH groups
 d4f699a421504df35254cf1c6f1a7c304fb907ca	Remove 1k bit groups
 aafe246655b53b52bc32c8a24002bc262f4230f7	Remove intermediate moduli

PROTOCOL.certkeys

@@ -100,9 +100,9 @@ DSA certificate
 
 ECDSA certificate
 
-    string    "[email protected]" |
-              "[email protected]" |
-              "[email protected]"
+    string    "ecdsa-sha2-nistp256-cert-[email protected]" |
+              "ecdsa-sha2-nistp384-cert-[email protected]" |
+              "ecdsa-sha2-nistp521-cert-[email protected]"
     string    nonce
     string    curve
     string    public_key
@@ -291,4 +291,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.12 2017/05/31 04:29:44 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $

appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.0.22.0.{build}
+version: 0.0.23.0.{build}
 image: Visual Studio 2015
 
 branches:

auth-passwd.c

@@ -41,6 +41,9 @@
 #include <sys/types.h>
 
 #include <pwd.h>
+#ifdef WINDOWS
+#include <logonuser.h>
+#endif
 #include <stdio.h>
 #include <string.h>
 #include <stdarg.h>
@@ -245,8 +248,8 @@ int sys_auth_passwd(Authctxt *authctxt, const char *password)
 		*tmp = L'\0';
 	}
 
-	if (LogonUserW(user_utf16, udom_utf16, pwd_utf16, LOGON32_LOGON_NETWORK_CLEARTEXT, 
-	    LOGON32_PROVIDER_DEFAULT, &token) == FALSE) {
+	if (LogonUserExExWHelper(user_utf16, udom_utf16, pwd_utf16, LOGON32_LOGON_NETWORK_CLEARTEXT,
+	    LOGON32_PROVIDER_DEFAULT, NULL, &token, NULL, NULL, NULL, NULL) == FALSE) {
 		if (GetLastError() == ERROR_PASSWORD_MUST_CHANGE) 
 			/* 
 			 * TODO - need to add support to force password change

bitmap.c

@@ -1,3 +1,4 @@
+/* $OpenBSD: bitmap.c,v 1.9 2017/10/20 01:56:39 djm Exp $ */
 /*
  * Copyright (c) 2015 Damien Miller <[email protected]>
  *

bitmap.h

@@ -1,3 +1,4 @@
+/* $OpenBSD: bitmap.h,v 1.2 2017/10/20 01:56:39 djm Exp $ */
 /*
  * Copyright (c) 2015 Damien Miller <[email protected]>
  *

channels.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.375 2017/09/24 13:45:34 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.376 2017/10/25 00:15:35 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -1668,19 +1668,6 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype)
 	free(local_ipaddr);
 }
 
-static void
-channel_set_reuseaddr(int fd)
-{
-	int on = 1;
-
-	/*
-	 * Set socket options.
-	 * Allow local port reuse in TIME_WAIT.
-	 */
-	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
-		error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
-}
-
 void
 channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)
 {
@@ -3370,7 +3357,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
 			continue;
 		}
 
-		channel_set_reuseaddr(sock);
+		set_reuseaddr(sock);
 		if (ai->ai_family == AF_INET6)
 			sock_set_v6only(sock);
 
@@ -4443,7 +4430,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
 			if (ai->ai_family == AF_INET6)
 				sock_set_v6only(sock);
 			if (x11_use_localhost)
-				channel_set_reuseaddr(sock);
+				set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 				debug2("%s: bind port %d: %.100s", __func__,
 				    port, strerror(errno));

cipher.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.107 2017/05/07 23:12:57 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.108 2017/11/03 02:22:41 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -449,8 +449,8 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc)
 int
 cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
 {
-	const struct sshcipher *c = cc->cipher;
 #ifdef WITH_OPENSSL
+	const struct sshcipher *c = cc->cipher;
  	int evplen;
 #endif
 
@@ -494,8 +494,8 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
 int
 cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
 {
-	const struct sshcipher *c = cc->cipher;
 #ifdef WITH_OPENSSL
+	const struct sshcipher *c = cc->cipher;
  	int evplen = 0;
 #endif
 

clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.305 2017/09/19 04:24:22 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.306 2017/10/23 05:08:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -1605,23 +1605,25 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
 	return c;
 }
 
-int
+char *
 client_request_tun_fwd(struct ssh *ssh, int tun_mode,
     int local_tun, int remote_tun)
 {
 	Channel *c;
 	int fd;
+	char *ifname = NULL;
 
 	if (tun_mode == SSH_TUNMODE_NO)
 		return 0;
 
 	debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
 
 	/* Open local tunnel device */
-	if ((fd = tun_open(local_tun, tun_mode)) == -1) {
+	if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) {
 		error("Tunnel device open failed.");
-		return -1;
+		return NULL;
 	}
+	debug("Tunnel forwarding using interface %s", ifname);
 
 	c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
@@ -1642,7 +1644,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
 	packet_put_int(remote_tun);
 	packet_send();
 
-	return 0;
+	return ifname;
 }
 
 /* XXXX move to generic input handler */

clientloop.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.34 2017/09/12 06:32:07 djm Exp $ */
+/* $OpenBSD: clientloop.h,v 1.35 2017/10/23 05:08:00 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <[email protected]>
@@ -46,7 +46,7 @@ int	 client_x11_get_proto(struct ssh *, const char *, const char *,
 void	 client_global_request_reply_fwd(int, u_int32_t, void *);
 void	 client_session2_setup(struct ssh *, int, int, int,
 	    const char *, struct termios *, int, Buffer *, char **);
-int	 client_request_tun_fwd(struct ssh *, int, int, int);
+char	 *client_request_tun_fwd(struct ssh *, int, int, int);
 void	 client_stop_mux(void);
 
 /* Escape filter for protocol 2 sessions */

configure.ac

@@ -427,6 +427,16 @@ AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
 #endif
 ])
 
+# net/route.h requires sys/socket.h and sys/types.h.
+# sys/sysctl.h also requires sys/param.h
+AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <sys/param.h>
+#include <sys/socket.h>
+])
+
 # lastlog.h requires sys/time.h to be included first on Solaris
 AC_CHECK_HEADERS([lastlog.h], [], [], [
 #ifdef HAVE_SYS_TIME_H
@@ -769,6 +779,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
 		    [Prepend the address family to IP tunnel traffic])
 	fi
+	AC_CHECK_HEADER([linux/if.h],
+	    AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
+		[Support routing domains using Linux VRF]))
 	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
 	    [], [#include <linux/types.h>])
 	AC_MSG_CHECKING([for seccomp architecture])