Merged PR 19035: Merged Nickel into git_ps_latestw_all

Related work items: PowerShell#513, PowerShell#520, PowerShell#528, PowerShell#529, PowerShell#545

Author: Andrew Menagarishvili

GitCheckin.json

@@ -0,0 +1,26 @@
+{
+  "Branch": [
+    {
+      "collection": "microsoft",
+      "project": "OS",
+      "repo": "OS.2020",
+      "name": "official/rs_onecore_base2_has3",
+      "completePR":"False",
+      "pullRequestTitle":"OpenSSH new VPack version",
+      "workitem":31596001,
+      "CheckinFiles": 
+      [
+        {
+          "source": "openssh.man",
+          "path": "/onecore/admin/openssh/vpack",
+          "type": "File",
+        }
+      ]
+    }
+  ],
+  "Email": [
+    {
+      "sendTo": "[email protected];[email protected];[email protected];[email protected];[email protected];[email protected]"
+    }
+  ]
+}

auth2.c

@@ -58,6 +58,9 @@
 #endif
 #include "monitor_wrap.h"
 #include "digest.h"
+#ifdef WINDOWS
+#include "sshTelemetry.h"
+#endif
 
 /* import */
 extern ServerOptions options;
@@ -432,6 +435,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		methods = authmethods_get(authctxt);
 		debug3_f("failure partial=%d next methods=\"%s\"",
 		    partial, methods);
+#ifdef WINDOWS
+		send_auth_method_telemetry(methods);
+#endif
 		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
 		    (r = sshpkt_put_cstring(ssh, methods)) != 0 ||
 		    (r = sshpkt_put_u8(ssh, partial)) != 0 ||

contrib/win32/install/client.wxs

@@ -0,0 +1,29 @@
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Fragment>
+        <!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
+        <ComponentGroup Id="Client" Directory="INSTALLFOLDER">
+            <ComponentGroupRef Id="Shared" />
+            <Component>
+                <File Name="ssh.exe" KeyPath="yes" />
+                <File Name="ssh.pdb" />
+            </Component>
+            <Component>
+                <File Name="sftp.exe" KeyPath="yes" />
+                <File Name="sftp.pdb" />
+            </Component>
+            <Component>
+                <File Name="ssh-add.exe" KeyPath="yes" />
+                <File Name="ssh-add.pdb" />
+            </Component>
+            <Component>
+                <File Name="ssh-keyscan.exe" KeyPath="yes" />
+                <File Name="ssh-keyscan.pdb" />
+            </Component>
+            <Component Id="ClientPATH" Guid="F07FFA0C-B5CF-45A3-9013-A7420DDFD654">
+                <!-- Use same property condition as PowerShell. We can use a shared component GUID here because there should be only one installed on a system. -->
+                <Condition>ADD_PATH=1</Condition>
+                <Environment Id="ClientPATH" Name="PATH" Value="[INSTALLFOLDER]" Action="set" Part="first" System="yes" />
+            </Component>
+        </ComponentGroup>
+    </Fragment>
+</Wix>

contrib/win32/install/openssh.wixproj

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+    <PropertyGroup>
+        <Configuration Condition="'$(Configuration)' == ''">Debug</Configuration>
+        <Platform Condition="'$(Platform)' == ''">x64</Platform>
+        <ProductVersion>1.1.0</ProductVersion>
+        <OutputName>openssh</OutputName>
+        <OutputType>package</OutputType>
+        <OutputPath>bin\$(Platform)\$(Configuration)\</OutputPath>
+        <IntermediateOutputPath>obj\$(Platform)\$(Configuration)\</IntermediateOutputPath>
+        <DefineConstants>
+            $(DefineConstants);
+            ProductVersion=$(ProductVersion);
+        </DefineConstants>
+        <DefineSolutionProperties>false</DefineSolutionProperties>
+        <WixTargetsPath Condition="'$(WixTargetsPath)' == ''">$(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath>
+    </PropertyGroup>
+
+    <PropertyGroup Condition="'$(Configuration)' == 'Debug'">
+        <DefineConstants>
+            $(DefineConstants);
+            Debug;
+        </DefineConstants>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <BindInputPaths Include="..\..\..\bin\$(Platform)\$(Configuration)" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <Compile Include="product.wxs" />
+        <Compile Include="client.wxs" />
+        <Compile Include="server.wxs" />
+        <Compile Include="shared.wxs" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <WixExtension Include="WixFirewallExtension" />
+        <WixExtension Include="WixUIExtension" />
+        <WixExtension Include="WixUtilExtension" />
+    </ItemGroup>
+
+    <Import Project="$(WixTargetsPath)" />
+</Project>

contrib/win32/install/product.wxs

@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+
+<?ifndef ProductVersion?>
+<?error ProductVersion must be defined?>
+<?endif?>
+
+<!-- Currently support x86, x64 builds. Assumes only previews are built as MSIs. -->
+<?if $(var.Platform) = "x64"?>
+<?define ProgramFilesFolder = "ProgramFiles64Folder"?>
+<?define UpgradeCode = "9E9D0D93-E70D-4424-ADBD-AD3B226A226D"?>
+<?elseif $(var.Platform) = "x86"?>
+<?define ProgramFilesFolder = "ProgramFilesFolder"?>
+<?define UpgradeCode = "2A1799F1-5B26-4DDC-A0C7-03F75C4C08D2"?>
+<?else?>
+<?error Platform $(var.Platform) is not supported?>
+<?endif?>
+
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Product Id="*" Name="OpenSSH" Version="$(var.ProductVersion)" Language="1033" Manufacturer="Microsoft Corporation" UpgradeCode="$(var.UpgradeCode)">
+        <Package Compressed="yes" InstallerVersion="200" InstallScope="perMachine"/>
+        <MediaTemplate EmbedCab="yes" />
+
+        <MajorUpgrade Schedule="afterInstallInitialize" DowngradeErrorMessage="A newer version of !(bind.property.ProductName) is already installed." />
+        <Condition Message="OpenSSH is supported only on Windows 7 and newer."><![CDATA[VersionNT >= 601]]></Condition>
+
+        <Feature Id="Client" AllowAdvertise="no">
+            <ComponentGroupRef Id="Client" />
+        </Feature>
+        <Feature Id="Server" AllowAdvertise="no">
+            <ComponentGroupRef Id="Server" />
+        </Feature>
+
+        <Directory Id="TARGETDIR" Name="SourceDir">
+            <Directory Id="$(var.ProgramFilesFolder)" Name="Program Files">
+                <Directory Id="INSTALLFOLDER" Name="OpenSSH" />
+            </Directory>
+        </Directory>
+    </Product>
+</Wix>

contrib/win32/install/server.wxs

@@ -0,0 +1,70 @@
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:firewall="http://schemas.microsoft.com/wix/FirewallExtension" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
+    <Fragment>
+        <!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
+        <ComponentGroup Id="Server" Directory="INSTALLFOLDER">
+            <ComponentGroupRef Id="Shared" />
+            <Component>
+                <File Name="sftp-server.exe" KeyPath="yes" />
+                <File Name="sftp-server.pdb" />
+            </Component>
+            <Component>
+                <File Name="ssh-shellhost.exe" KeyPath="yes" />
+                <File Name="ssh-shellhost.pdb" />
+            </Component>
+            <Component>
+                <File Id="sshd.exe" Name="sshd.exe" KeyPath="yes" />
+                <File Name="sshd.pdb" />
+                <RegistryKey Root="HKLM" Key="SOFTWARE\OpenSSH" ForceCreateOnInstall="yes">
+                    <PermissionEx Sddl="O:BAG:SYD:P(A;OICI;KR;;;AU)(A;OICI;KA;;;SY)(A;OICI;KA;;;BA)" />
+                    <!-- ssh-agent-associated key should only be created if the Server feature is installed. -->
+                    <RegistryKey Key="agent" ForceCreateOnInstall="yes">
+                        <PermissionEx Sddl="O:BAG:SYD:P(A;OICI;KA;;;SY)(A;OICI;KA;;;BA)" />
+                    </RegistryKey>
+                </RegistryKey>
+                <ServiceInstall
+                    Name="sshd"
+                    DisplayName="OpenSSH SSH Server"
+                    Description="OpenSSH is a connectivity tool for remote login that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks."
+                    Start="auto"
+                    Type="ownProcess"
+                    Interactive="no"
+                    ErrorControl="critical"
+                    Vital="yes">
+                    <util:ServiceConfig
+                        ResetPeriodInDays="1"
+                        FirstFailureActionType="restart"
+                        SecondFailureActionType="restart"
+                        ThirdFailureActionType="restart"
+                        />
+                </ServiceInstall>
+                <ServiceControl
+                    Id="ControlSshd"
+                    Name="sshd"
+                    Start="install"
+                    Stop="both"
+                    Remove="uninstall" />
+                <firewall:FirewallException
+                    Id="sshd_allow"
+                    Name="OpenSSH SSH Server Preview (sshd)"
+                    Description="Inbound rule for OpenSSH SSH Server (sshd)"
+                    Program="[#sshd.exe]"
+                    Protocol="tcp"
+                    Port="22"
+                    Scope="any"
+                    />
+            </Component>
+            <Component>
+                <File Name="sshd_config_default">
+                    <PermissionEx Sddl="O:BAG:SYD:PAI(A;;FA;;;SY)(A;;FA;;;BA)" />
+                </File>
+            </Component>
+        </ComponentGroup>
+
+        <!-- Automatically add custom actions if referencing the Server component group. -->
+        <SetProperty Id="SetPrivilegesOnSshd" Value="&quot;[SystemFolder]sc.exe&quot; privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege" Sequence="execute" Before="SetPrivilegesOnSshd" />
+        <CustomAction Id="SetPrivilegesOnSshd" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
+        <InstallExecuteSequence>
+            <Custom Action="SetPrivilegesOnSshd" After="InstallServices"><![CDATA[&Server = 3]]></Custom>
+        </InstallExecuteSequence>
+    </Fragment>
+</Wix>

contrib/win32/install/shared.wxs

@@ -0,0 +1,66 @@
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
+    <Fragment>
+        <!-- KeyPath is necessary for multi-file components to identify the key file - preferrably versioned. -->
+        <ComponentGroup Id="Shared" Directory="INSTALLFOLDER">
+            <Component>
+                <File Name="libcrypto.dll" KeyPath="yes" />
+                <File Name="libcrypto.pdb" />
+            </Component>
+            <Component>
+                <File Name="moduli">
+                    <PermissionEx Sddl="D:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;WD)" />
+                </File>
+            </Component>
+            <Component>
+                <File Name="scp.exe" KeyPath="yes" />
+                <File Name="scp.pdb" />
+            </Component>
+            <Component>
+                <File Name="ssh-keygen.exe" KeyPath="yes" />
+                <File Name="ssh-keygen.pdb" />
+            </Component>
+
+            <!-- ssh-agent is useful in both client and server scenarios. -->
+            <Component>
+                <File Name="openssh-events.man">
+                    <util:EventManifest ResourceFile="[#ssh_agent.exe]" />
+                </File>
+            </Component>
+            <Component>
+                <!-- Define the File/@Id to reference in util:EventManifest/@ResourceFile above. -->
+                <File Id="ssh_agent.exe" Name="ssh-agent.exe" KeyPath="yes" />
+                <File Name="ssh-agent.pdb" />
+                <ServiceInstall
+                    Name="ssh-agent"
+                    DisplayName="OpenSSH Authentication Agent"
+                    Description="Agent to hold private keys used for public key authentication."
+                    Start="auto"
+                    Type="ownProcess"
+                    Interactive="no"
+                    ErrorControl="critical"
+                    Vital="yes">
+                    <util:ServiceConfig
+                        ResetPeriodInDays="1"
+                        FirstFailureActionType="restart"
+                        SecondFailureActionType="restart"
+                        ThirdFailureActionType="restart"
+                        />
+                    <PermissionEx Sddl="D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)" />
+                </ServiceInstall>
+                <ServiceControl
+                    Id="ControlSshAgent"
+                    Name="ssh-agent"
+                    Start="install"
+                    Stop="both"
+                    Remove="uninstall" />
+            </Component>
+        </ComponentGroup>
+
+        <!-- Automatically add custom actions if referencing the Shared component group. -->
+        <SetProperty Id="SetPrivilegesOnSshAgent" Value="&quot;[SystemFolder]sc.exe&quot; privs ssh-agent SeImpersonatePrivilege" Sequence="execute" Before="SetPrivilegesOnSshAgent" />
+        <CustomAction Id="SetPrivilegesOnSshAgent" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
+        <InstallExecuteSequence>
+            <Custom Action="SetPrivilegesOnSshAgent" After="InstallServices"><![CDATA[&Server = 3]]></Custom>
+        </InstallExecuteSequence>
+    </Fragment>
+</Wix>

contrib/win32/openssh/CredScanSuppress.json

@@ -8,6 +8,26 @@
       {
         "file": "\\contrib\\win32\\openssh\\OpenSSHTestHelper.psm1",
         "_justification": "password for testing purpose"
+      },
+      {
+        "file": "\\regress\\pesterTests\\PlatformAbstractLayer.psm1",
+        "_justification": "password for testing purpose"
+      },
+      {
+        "file": "auth.c",
+        "_justification": "upstream code uses fake password"
+      },
+      {
+        "file": "\\regress\\pesterTests\\data\\sshtest_hostkey_dsa",
+        "_justification": "ssh key for testing purpose"
+      },
+      {
+        "file": "\\regress\\pesterTests\\data\\sshtest_hostkey_ecdsa",
+        "_justification": "ssh key for testing purpose"
+      },
+      {
+        "file": "\\regress\\pesterTests\\data\\sshtest_hostkey_rsa",
+        "_justification": "ssh key for testing purpose"
       }
      ]  
 }