Commit Graph

76 Commits

Author SHA1 Message Date
dtucker@openbsd.org 36945fa103 upstream commit
Use strsignal in debug message instead of casting for the
benefit of portable where sig_atomic_t might not be int.  "much nicer"
deraadt@

Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
2017-09-22 09:14:53 +10:00
dtucker@openbsd.org a3839d8d2b upstream commit
Prevent type mismatch warning in debug on platforms where
sig_atomic_t != int.  ok djm@

Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
2017-09-19 14:26:43 +10:00
djm@openbsd.org 9f53229c2a upstream commit
Make remote channel ID a u_int

Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.

In practice everyone numbers their channels sequentially, so this has
never been a problem.

ok markus@

Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
2017-09-12 17:37:03 +10:00
djm@openbsd.org dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org 5b2f34a74a upstream commit
return failure rather than fatal() for more cases during
mux negotiations. Causes the session to fall back to a non-mux connection if
they occur. bz#2707 ok dtucker@

Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
2017-06-10 16:40:11 +10:00
guenther@openbsd.org 4ba15462ca upstream commit
The POSIX APIs that that sockaddrs all ignore the s*_len
field in the incoming socket, so userspace doesn't need to set it unless it
has its own reasons for tracking the size along with the sockaddr.

ok phessler@ deraadt@ florian@

Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
2017-01-30 11:07:44 +11:00
dtucker@openbsd.org 0b9ee623d5 upstream commit
When tearing down ControlMaster connecctions, don't
pollute stderr when LogLevel=quiet.  Patch from Tim Kuijsten via tech@.

Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
2016-10-24 10:42:57 +11:00
markus@openbsd.org 8d05784785 upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client   and server on different machines. feedback
& ok djm@

Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-10-01 02:45:10 +10:00
dtucker@openbsd.org 67dca60fbb upstream commit
Improve error message for overlong ControlPath.  ok markus@
djm@

Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
2016-08-09 09:33:23 +10:00
dtucker@openbsd.org 8543ff3f50 upstream commit
Move the host and port used by ssh -W into the Options
 struct. This will make future changes a bit easier.  ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-06-08 11:39:31 +10:00
djm@openbsd.org 95687f5831 upstream commit
whitespace at EOL

Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
2016-04-01 23:57:14 +11:00
djm@openbsd.org ed4ce82dbf upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
 forwarding when the X server disables the SECURITY extension; Reported by
 Thomas Hoger; ok deraadt@

Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
2016-01-14 10:06:01 +11:00
Damien Miller 4626cbaf78 Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
2016-01-08 14:29:12 +11:00
semarie@openbsd.org d7d2bc9504 upstream commit
adjust pledge promises for ControlMaster: when using
 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.

problem found by halex@

ok halex@

Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
2016-01-07 20:13:31 +11:00
semarie@openbsd.org b91926a976 upstream commit
pledges ssh client:   - mux client: which is used when
 ControlMaster is in use.     will end with "stdio proc tty" (proc is to
 permit sending SIGWINCH to mux master on window resize)

  - client loop: several levels of pledging depending of your used options

ok deraadt@

Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
2015-12-04 15:14:59 +11:00
djm@openbsd.org b1d38a3cc6 upstream commit
fix some signed/unsigned integer type mismatches in
 format strings; reported by Nicholas Lemonias

Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16 10:54:08 +11:00
djm@openbsd.org 45b0eb752c upstream commit
fix free() of uninitialised pointer reported by Mateusz
 Kocielski; ok markus@

Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
2015-08-20 13:07:41 +10:00
djm@openbsd.org ca430d4d9c upstream commit
remove failed remote forwards established by muliplexing
 from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
 dtucker@
2015-05-10 11:54:25 +10:00
djm@openbsd.org 8312cfb8ad upstream commit
reduce stderr spam when using ssh -S /path/mux -O forward
 -R 0:... ok dtucker@
2015-05-10 11:54:20 +10:00
deraadt@openbsd.org 657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
deraadt@openbsd.org 087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org 46ac2ed467 upstream commit
fix passing of wildcard forward bind addresses when
 connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
 ok dtucker@
2014-12-22 19:06:27 +11:00
Damien Miller 357610d159 - djm@cvs.openbsd.org 2014/07/17 07:22:19
[mux.c ssh.c]
     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
     previously we were always returning 0. bz#2255 reported by Brendan
     Germain; ok dtucker
2014-07-18 15:04:10 +10:00
Damien Miller f42f7684ec - djm@cvs.openbsd.org 2014/07/17 00:10:18
[mux.c]
     preserve errno across syscall
2014-07-18 15:03:27 +10:00
Damien Miller 7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller 633de33b19 - djm@cvs.openbsd.org 2014/04/28 03:09:18
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
     [ssh-keygen.c]
     buffer_get_string_ptr's return should be const to remind
     callers that futzing with it will futz with the actual buffer
     contents
2014-05-15 13:48:26 +10:00
Damien Miller ce98654674 - djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
Darren Tucker 746e9067bd - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
[mux.c]
     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
     ok djm
2013-06-06 08:20:13 +10:00
Darren Tucker ea8342c248 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
[clientloop.h clientloop.c mux.c]
     No need for the mux cleanup callback to be visible so restore it to static
     and call it through the detach_user function pointer.  ok djm@
2013-06-06 08:11:40 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller bc02f163f6 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
[mux.c]
     typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
Damien Miller 172859cff7 - djm@cvs.openbsd.org 2013/04/05 00:58:51
[mux.c]
     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
     (in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
Damien Miller b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
2013-02-23 09:12:23 +11:00
Damien Miller 73298f420e - djm@cvs.openbsd.org 2013/01/02 00:32:07
[clientloop.c mux.c]
     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
     bz#2055 reported by mathieu.lacage AT gmail.com
2013-01-09 15:55:50 +11:00
Darren Tucker 66cb0e0733 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
[clientloop.c clientloop.h mux.c]
     Force a clean shutdown of ControlMaster client sessions when the ~. escape
     sequence is used.  This means that ~. should now work in mux clients even
     if the server is no longer responding.  Found by tedu, ok djm.
2012-09-06 21:19:05 +10:00
Damien Miller ab523b0246 - djm@cvs.openbsd.org 2012/07/06 01:37:21
[mux.c]
     fix memory leak of passed-in environment variables and connection
     context when new session message is malformed; bz#2003 from Bert.Wesarg
     AT googlemail.com
2012-07-06 13:44:43 +10:00
Damien Miller 2e7decfcc0 - djm@cvs.openbsd.org 2012/06/01 01:01:22
[mux.c]
     fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
     AT googlemail.com
2012-06-20 21:52:00 +10:00
Damien Miller ac58ce86e6 - djm@cvs.openbsd.org 2012/01/07 21:11:36
[mux.c]
     fix double-free in new session handler
     NB. Id sync only
2012-06-20 21:50:47 +10:00
Damien Miller 140df63e1f - djm@cvs.openbsd.org 2011/12/04 23:16:12
[mux.c]
     revert:

     > revision 1.32
     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     > ok dtucker@

     it interacts badly with ControlPersist
2012-06-20 21:46:57 +10:00
Damien Miller efc6fc995d - djm@cvs.openbsd.org 2011/12/02 00:41:56
[mux.c]
     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     ok dtucker@
2012-06-20 21:44:56 +10:00
Damien Miller 2ec0342ed4 - djm@cvs.openbsd.org 2012/01/07 21:11:36
[mux.c]
     fix double-free in new session handler
2012-02-11 08:16:28 +11:00
Damien Miller 913ddff40d - djm@cvs.openbsd.org 2011/12/04 23:16:12
[mux.c]
     revert:
     > revision 1.32
     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     > ok dtucker@
     it interacts badly with ControlPersist
2011-12-19 10:52:21 +11:00
Damien Miller 5360dff2a0 - djm@cvs.openbsd.org 2011/12/02 00:41:56
[mux.c]
     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     ok dtucker@
2011-12-19 10:51:11 +11:00
Darren Tucker 68afb8c5f2 - markus@cvs.openbsd.org 2011/09/23 07:45:05
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
     unbreak remote portforwarding with dynamic allocated listen ports:
     1) send the actual listen port in the open message (instead of 0).
        this allows multiple forwardings with a dynamic listen port
     2) update the matching permit-open entry, so we can identify where
        to connect to
     report: den at skbkontur.ru and P. Szczygielski
     feedback and ok djm@
2011-10-02 18:59:03 +11:00
Damien Miller f6dff7cd2f - djm@cvs.openbsd.org 2011/09/09 22:46:44
[channels.c channels.h clientloop.h mux.c ssh.c]
     support for cancelling local and remote port forwards via the multiplex
     socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
     the cancellation of the specified forwardings; ok markus@
2011-09-22 21:38:52 +10:00
Damien Miller 6d7b4377dd - djm@cvs.openbsd.org 2011/06/22 22:08:42
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
     hook up a channel confirm callback to warn the user then requested X11
     forwarding was refused by the server; ok markus@
2011-06-23 08:31:57 +10:00
Damien Miller 555f3b856f - djm@cvs.openbsd.org 2011/05/08 12:52:01
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
     improve our behaviour when TTY allocation fails: if we are in
     RequestTTY=auto mode (the default), then do not treat at TTY
     allocation error as fatal but rather just restore the local TTY
     to cooked mode and continue. This is more graceful on devices that
     never allocate TTYs.

     If RequestTTY is set to "yes" or "force", then failure to allocate
     a TTY is fatal.

     ok markus@
2011-05-15 08:48:05 +10:00
Damien Miller 21771e22d3 - djm@cvs.openbsd.org 2011/05/06 21:34:32
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
     Add a RequestTTY ssh_config option to allow configuration-based
     control over tty allocation (like -t/-T); ok markus@
2011-05-15 08:45:50 +10:00
Damien Miller 60432d8cf2 - djm@cvs.openbsd.org 2011/05/05 05:12:08
[mux.c]
     gracefully fall back when ControlPath is too large for a
     sockaddr_un. ok markus@ as part of a larger diff
2011-05-15 08:34:46 +10:00
Damien Miller 6c3eec7ab2 - djm@cvs.openbsd.org 2011/04/17 22:42:42
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
     allow graceful shutdown of multiplexing: request that a mux server
     removes its listener socket and refuse future multiplexing requests;
     ok markus@
2011-05-05 14:16:22 +10:00