Commit Graph

70 Commits

Author SHA1 Message Date
dtucker@openbsd.org 0b9ee623d5 upstream commit
When tearing down ControlMaster connecctions, don't
pollute stderr when LogLevel=quiet.  Patch from Tim Kuijsten via tech@.

Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
2016-10-24 10:42:57 +11:00
markus@openbsd.org 8d05784785 upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client   and server on different machines. feedback
& ok djm@

Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-10-01 02:45:10 +10:00
dtucker@openbsd.org 67dca60fbb upstream commit
Improve error message for overlong ControlPath.  ok markus@
djm@

Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
2016-08-09 09:33:23 +10:00
dtucker@openbsd.org 8543ff3f50 upstream commit
Move the host and port used by ssh -W into the Options
 struct. This will make future changes a bit easier.  ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-06-08 11:39:31 +10:00
djm@openbsd.org 95687f5831 upstream commit
whitespace at EOL

Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
2016-04-01 23:57:14 +11:00
djm@openbsd.org ed4ce82dbf upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
 forwarding when the X server disables the SECURITY extension; Reported by
 Thomas Hoger; ok deraadt@

Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
2016-01-14 10:06:01 +11:00
Damien Miller 4626cbaf78 Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
2016-01-08 14:29:12 +11:00
semarie@openbsd.org d7d2bc9504 upstream commit
adjust pledge promises for ControlMaster: when using
 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.

problem found by halex@

ok halex@

Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
2016-01-07 20:13:31 +11:00
semarie@openbsd.org b91926a976 upstream commit
pledges ssh client:   - mux client: which is used when
 ControlMaster is in use.     will end with "stdio proc tty" (proc is to
 permit sending SIGWINCH to mux master on window resize)

  - client loop: several levels of pledging depending of your used options

ok deraadt@

Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
2015-12-04 15:14:59 +11:00
djm@openbsd.org b1d38a3cc6 upstream commit
fix some signed/unsigned integer type mismatches in
 format strings; reported by Nicholas Lemonias

Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16 10:54:08 +11:00
djm@openbsd.org 45b0eb752c upstream commit
fix free() of uninitialised pointer reported by Mateusz
 Kocielski; ok markus@

Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
2015-08-20 13:07:41 +10:00
djm@openbsd.org ca430d4d9c upstream commit
remove failed remote forwards established by muliplexing
 from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
 dtucker@
2015-05-10 11:54:25 +10:00
djm@openbsd.org 8312cfb8ad upstream commit
reduce stderr spam when using ssh -S /path/mux -O forward
 -R 0:... ok dtucker@
2015-05-10 11:54:20 +10:00
deraadt@openbsd.org 657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
deraadt@openbsd.org 087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org 46ac2ed467 upstream commit
fix passing of wildcard forward bind addresses when
 connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
 ok dtucker@
2014-12-22 19:06:27 +11:00
Damien Miller 357610d159 - djm@cvs.openbsd.org 2014/07/17 07:22:19
[mux.c ssh.c]
     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
     previously we were always returning 0. bz#2255 reported by Brendan
     Germain; ok dtucker
2014-07-18 15:04:10 +10:00
Damien Miller f42f7684ec - djm@cvs.openbsd.org 2014/07/17 00:10:18
[mux.c]
     preserve errno across syscall
2014-07-18 15:03:27 +10:00
Damien Miller 7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller 633de33b19 - djm@cvs.openbsd.org 2014/04/28 03:09:18
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
     [ssh-keygen.c]
     buffer_get_string_ptr's return should be const to remind
     callers that futzing with it will futz with the actual buffer
     contents
2014-05-15 13:48:26 +10:00
Damien Miller ce98654674 - djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
Darren Tucker 746e9067bd - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
[mux.c]
     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
     ok djm
2013-06-06 08:20:13 +10:00
Darren Tucker ea8342c248 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
[clientloop.h clientloop.c mux.c]
     No need for the mux cleanup callback to be visible so restore it to static
     and call it through the detach_user function pointer.  ok djm@
2013-06-06 08:11:40 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller bc02f163f6 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
[mux.c]
     typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
Damien Miller 172859cff7 - djm@cvs.openbsd.org 2013/04/05 00:58:51
[mux.c]
     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
     (in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
Damien Miller b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
2013-02-23 09:12:23 +11:00
Damien Miller 73298f420e - djm@cvs.openbsd.org 2013/01/02 00:32:07
[clientloop.c mux.c]
     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
     bz#2055 reported by mathieu.lacage AT gmail.com
2013-01-09 15:55:50 +11:00
Darren Tucker 66cb0e0733 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
[clientloop.c clientloop.h mux.c]
     Force a clean shutdown of ControlMaster client sessions when the ~. escape
     sequence is used.  This means that ~. should now work in mux clients even
     if the server is no longer responding.  Found by tedu, ok djm.
2012-09-06 21:19:05 +10:00
Damien Miller ab523b0246 - djm@cvs.openbsd.org 2012/07/06 01:37:21
[mux.c]
     fix memory leak of passed-in environment variables and connection
     context when new session message is malformed; bz#2003 from Bert.Wesarg
     AT googlemail.com
2012-07-06 13:44:43 +10:00
Damien Miller 2e7decfcc0 - djm@cvs.openbsd.org 2012/06/01 01:01:22
[mux.c]
     fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
     AT googlemail.com
2012-06-20 21:52:00 +10:00
Damien Miller ac58ce86e6 - djm@cvs.openbsd.org 2012/01/07 21:11:36
[mux.c]
     fix double-free in new session handler
     NB. Id sync only
2012-06-20 21:50:47 +10:00
Damien Miller 140df63e1f - djm@cvs.openbsd.org 2011/12/04 23:16:12
[mux.c]
     revert:

     > revision 1.32
     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     > ok dtucker@

     it interacts badly with ControlPersist
2012-06-20 21:46:57 +10:00
Damien Miller efc6fc995d - djm@cvs.openbsd.org 2011/12/02 00:41:56
[mux.c]
     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     ok dtucker@
2012-06-20 21:44:56 +10:00
Damien Miller 2ec0342ed4 - djm@cvs.openbsd.org 2012/01/07 21:11:36
[mux.c]
     fix double-free in new session handler
2012-02-11 08:16:28 +11:00
Damien Miller 913ddff40d - djm@cvs.openbsd.org 2011/12/04 23:16:12
[mux.c]
     revert:
     > revision 1.32
     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     > ok dtucker@
     it interacts badly with ControlPersist
2011-12-19 10:52:21 +11:00
Damien Miller 5360dff2a0 - djm@cvs.openbsd.org 2011/12/02 00:41:56
[mux.c]
     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     ok dtucker@
2011-12-19 10:51:11 +11:00
Darren Tucker 68afb8c5f2 - markus@cvs.openbsd.org 2011/09/23 07:45:05
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
     unbreak remote portforwarding with dynamic allocated listen ports:
     1) send the actual listen port in the open message (instead of 0).
        this allows multiple forwardings with a dynamic listen port
     2) update the matching permit-open entry, so we can identify where
        to connect to
     report: den at skbkontur.ru and P. Szczygielski
     feedback and ok djm@
2011-10-02 18:59:03 +11:00
Damien Miller f6dff7cd2f - djm@cvs.openbsd.org 2011/09/09 22:46:44
[channels.c channels.h clientloop.h mux.c ssh.c]
     support for cancelling local and remote port forwards via the multiplex
     socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
     the cancellation of the specified forwardings; ok markus@
2011-09-22 21:38:52 +10:00
Damien Miller 6d7b4377dd - djm@cvs.openbsd.org 2011/06/22 22:08:42
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
     hook up a channel confirm callback to warn the user then requested X11
     forwarding was refused by the server; ok markus@
2011-06-23 08:31:57 +10:00
Damien Miller 555f3b856f - djm@cvs.openbsd.org 2011/05/08 12:52:01
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
     improve our behaviour when TTY allocation fails: if we are in
     RequestTTY=auto mode (the default), then do not treat at TTY
     allocation error as fatal but rather just restore the local TTY
     to cooked mode and continue. This is more graceful on devices that
     never allocate TTYs.

     If RequestTTY is set to "yes" or "force", then failure to allocate
     a TTY is fatal.

     ok markus@
2011-05-15 08:48:05 +10:00
Damien Miller 21771e22d3 - djm@cvs.openbsd.org 2011/05/06 21:34:32
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
     Add a RequestTTY ssh_config option to allow configuration-based
     control over tty allocation (like -t/-T); ok markus@
2011-05-15 08:45:50 +10:00
Damien Miller 60432d8cf2 - djm@cvs.openbsd.org 2011/05/05 05:12:08
[mux.c]
     gracefully fall back when ControlPath is too large for a
     sockaddr_un. ok markus@ as part of a larger diff
2011-05-15 08:34:46 +10:00
Damien Miller 6c3eec7ab2 - djm@cvs.openbsd.org 2011/04/17 22:42:42
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
     allow graceful shutdown of multiplexing: request that a mux server
     removes its listener socket and refuse future multiplexing requests;
     ok markus@
2011-05-05 14:16:22 +10:00
Damien Miller 445c9a507d - djm@cvs.openbsd.org 2011/01/13 21:54:53
[mux.c]
     correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:29 +11:00
Damien Miller 68512c0341 - OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2010/10/12 02:22:24
     [mux.c]
     Typo in confirmation message.  bz#1827, patch from imorgan at nas nasa gov
2010-10-21 15:21:11 +11:00
Damien Miller 603134e077 - djm@cvs.openbsd.org 2010/09/20 07:19:27
[mux.c]
     "atomically" create the listening mux socket by binding it on a temorary
     name and then linking it into position after listen() has succeeded.
     this allows the mux clients to determine that the server socket is
     either ready or stale without races. stale server sockets are now
     automatically removed
     ok deraadt
2010-09-24 22:07:55 +10:00
Damien Miller 1ab6a51f9b - djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@
2010-06-26 10:02:24 +10:00
Damien Miller 232cfb1b1d - djm@cvs.openbsd.org 2010/06/25 07:14:46
[channels.c mux.c readconf.c readconf.h ssh.h]
     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
     forwards per direction; ok markus@ stevesk@
2010-06-26 09:50:30 +10:00
Damien Miller c094d1e481 - djm@cvs.openbsd.org 2010/06/17 07:07:30
[mux.c]
     Correct sizing of object to be allocated by calloc(), replacing
     sizeof(state) with sizeof(*state). This worked by accident since
     the struct contained a single int at present, but could have broken
     in the future. patch from hyc AT symas.com
2010-06-26 09:36:34 +10:00