Use time_t instead of u_int for remaining x11 timeout checks for 64bit
time_t safety. From Coverity CIDs 405197 and 405028, ok djm@
OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
comment accordingly. As remote_name is not modified, it can be const as
well. From Martin Vahlensieck
OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a
OPEN during SSH transport rekeying. The most visible benefit is that it
should make ~-escapes work in the client (e.g. to exit) if the connection
happened to have stalled during a rekey event. Based work by and ok dtucker@
OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
avoids plausible spin during rekeying if channel io_want flags are reused
across cycles. ok markus@ deraadt@
OpenBSD-Commit-ID: 91034f855b7c73cd2591657c49ac30f10322b967
data in the channel buffer. Introduce more exact packing of channel fds into
the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@
OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10
buffer rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok
markus@
OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe (a precursor to the mainloop poll(2) conversion).
Spotted by John in bz3383
select() to poll() by moving FD_SET construction out of channel handlers into
separate functions. ok markus
OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
when peer advertises a large window but is slow to consume the data we send
(e.g. because of a slow network)
reported by Pierre-Yves David
fix with & ok markus@
OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels
should not have this structure freed.
OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
still confusing people, so add another comment explaining the special
handling of "localhost"; bz#3258
OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
be able to find out from where the request was comming.
Add the same logging for PermitListen violations which where not
logged at all.
Pointed out by Robert Kisteleki (robert AT ripe.net)
input markus
OK deraadt
OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
Avoids sending SIGPIPE to child processes after their parent exits
if they attempt to write to stderr.
Analysis and patch from JD Paul; patch reworked by Jakub Jelen and
myself. bz#2071; ok dtucker@
dtucker@openbsd.org
djm@openbsd.org
mbuhl@openbsd.org
Damien Miller
markus@openbsd.org
Darren Tucker
jsg@openbsd.org
deraadt@openbsd.org
florian@openbsd.org