I would strongly recommend submitting the sshbuf_{get,put,free}_passwd() part of this patch upstream.

👍

Fixed code style issues

Looks great to me.

Fixed commented issues.

Functionality looks good to me. Some minor style suggestions follow.

Created D17128 for OpenSSH-7.8p1.

In D17056#364904, @naito.yuichiro_gmail.com wrote:

I found one problem that sshd fails to reverse resolve hostname if server is set UseDNS yes .

I see that r338561 commit updates openssh to 7.8p1.
I'm going to update my patch for this version and create a new differential.

I found one problem that sshd fails to reverse resolve hostname if server is set UseDNS yes .

Looks great to me, thanks. Any other reviewers want to take a pass?

Fixed code style issues and log messages.
No functional change.

Looks great to me! All of my comments below are just style or message suggestions, nothing functional.

How do we coordinate with upstream on this?

Fixed commented issues.
If you try this code, please be aware that you need to update libprivatessh.so.
Because I fixed buffer.c to implement functions for operating struct passwd.
Buffer related functions are written in 'buffer.c'.

How do we coordinate with upstream on this?

Mostly looks good to me! I had a couple concerns and suggestions, see below. Thanks for the patch.

In D17056#363447, @naito.yuichiro_gmail.com wrote:

Hi Conrad.
Thanks for the advice. I regenerated patch file. It seems good differential.

regenerate patch by `diff -U9999```

Hi Conrad.
Thanks for the advice. I regenerated patch file. It seems good differential.

Hi Yuichiro NAITO,

fix RESCUE: include lib/libjail/jail.c in librescue if necessary

cap_jail.c: improve allocation and error handling in service command

cap_sysctl.c: resolve names to mibs when limits are set.

• rename cap_jail_get -> cap_jail and system.cap_jail_get -> system.cap_jail
• cap_jail:
  • fix copyright
  • add man page
• cap_jail.c:
  • style(9) changes
  • use dnvlist_* in service command
  • split nvlist -> iov function in two: nvl_to_iov_s is used by the service and makes sure there is space before memcpy
• jls.c: use caph_enter_casper
• cap_sysctl.c: style
• cap_sysclt.3: reference sysctl(3)

WOW! Thank you for working on that!

I removed to kernel changes and used libcasper to obtain sysctl and jail_get functionality needed for jls(1).

Please use libcasper(3) to obtain valid sysctl.

caph_cache_catpages(3) before cap_enter(2)

connectat/bindat description updated in rS333119

Had a quick skim, but LGTM.