Commit Graph

285 Commits

Author SHA1 Message Date
Darren Tucker 3980b63631 - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on
the pty master on Solaris, since it never succeeds and can hang if large
    amounts of data is sent to the slave (eg a copy-paste).  Based on a patch
    originally from Doke Scott, ok djm@
2009-08-28 11:02:37 +10:00
Darren Tucker f7288d77e4 - andreas@cvs.openbsd.org 2009/05/27 06:31:25
[canohost.h canohost.c]
     Add clear_cached_addr(), needed for upcoming changes allowing the peer
     address to change.
     ok markus@
2009-06-21 18:12:20 +10:00
Damien Miller 4bf648f776 - djm@cvs.openbsd.org 2009/02/12 03:00:56
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
     [readconf.h serverloop.c ssh.c]
     support remote port forwarding with a zero listen port (-R0:...) to
     dyamically allocate a listen port at runtime (this is actually
     specified in rfc4254); bz#1003 ok markus@
2009-02-14 16:28:21 +11:00
Damien Miller 9576ac4afc - djm@cvs.openbsd.org 2009/01/22 09:49:57
[channels.c]
     oops! I committed the wrong version of the Channel->path diff,
     it was missing some tweaks suggested by stevesk@
2009-01-28 16:30:33 +11:00
Damien Miller a1c1b6c86d - djm@cvs.openbsd.org 2009/01/22 09:46:01
[channels.c channels.h session.c]
     make Channel->path an allocated string, saving a few bytes here and
     there and fixing bz#1380 in the process; ok markus@
2009-01-28 16:29:49 +11:00
Damien Miller 1781f53d75 - djm@cvs.openbsd.org 2009/01/14 01:38:06
[channels.c]
     support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
     "looks ok" markus@
2009-01-28 16:24:41 +11:00
Damien Miller 7a60621d13 - djm@cvs.openbsd.org 2009/01/01 21:14:35
[channels.c]
     call channel destroy callbacks on receipt of open failure messages.
     fixes client hangs when connecting to a server that has MaxSessions=0
     set spotted by imorgan AT nas.nasa.gov; ok markus@
2009-01-28 16:22:34 +11:00
Damien Miller b53d8a1882 - stevesk@cvs.openbsd.org 2008/12/09 03:20:42
[channels.c servconf.c]
     channel_print_adm_permitted_opens() should deal with all the printing
     for that config option.  suggested by markus@; ok markus@ djm@
     dtucker@
2009-01-28 16:13:04 +11:00
Damien Miller 819dbb633a - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via
launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
   ok dtucker@
2009-01-21 16:46:26 +11:00
Damien Miller 16a73076b7 - markus@cvs.openbsd.org 2008/12/02 19:09:38
[channels.c]
     s/remote_id/id/ to be more consistent with other code; ok djm@
2008-12-08 09:55:25 +11:00
Darren Tucker 22662e880f - stevesk@cvs.openbsd.org 2008/11/11 03:55:11
[channels.c]
     for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
     permitopen's; ok and input dtucker@
2008-11-11 16:40:22 +11:00
Damien Miller a009433333 - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
[channels.c]
     fix some typos in log messages; ok djm@
2008-11-03 19:26:35 +11:00
Damien Miller 6ef17495e9 - djm@cvs.openbsd.org 2008/07/16 11:52:19
[channels.c]
     this loop index should be automatic, not static
2008-07-16 22:42:06 +10:00
Damien Miller 163886ff71 - djm@cvs.openbsd.org 2008/07/13 22:13:07
[channels.c]
     use struct sockaddr_storage instead of struct sockaddr for accept(2)
     address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
2008-07-14 11:28:58 +10:00
Damien Miller 2bcb866327 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/07/12 04:52:50
     [channels.c]
     unbreak; move clearing of cctx struct to before first use
     reported by dkrause@
2008-07-12 17:12:29 +10:00
Damien Miller dda5fffb84 - markus@cvs.openbsd.org 2008/07/10 18:05:58
[channels.c]
     missing bzero; from mickey; ok djm@
2008-07-11 17:35:37 +10:00
Damien Miller d8968adb5f - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
   [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
   some platforms (HP nonstop) it is a distinct errno;
   bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 23:10:49 +10:00
Darren Tucker 1a48aecfbc - (dtucker) [channels.c] isatty -> is_tty here too. 2008-06-16 23:35:56 +10:00
Darren Tucker ed3cdc0a7c - dtucker@cvs.openbsd.org 2008/06/16 13:22:53
[session.c channels.c]
     Rename the isatty argument to is_tty so we don't shadow
     isatty(3).  ok markus@
2008-06-16 23:29:18 +10:00
Damien Miller d310d51bad - djm@cvs.openbsd.org 2008/06/15 20:06:26
[channels.c channels.h session.c]
     don't call isatty() on a pty master, instead pass a flag down to
     channel_set_fds() indicating that te fds refer to a tty. Fixes a
     hang on exit on Solaris (bz#1463) in portable but is actually
     a generic bug; ok dtucker deraadt markus
2008-06-16 07:59:23 +10:00
Darren Tucker 84c56f536c - djm@cvs.openbsd.org 2008/06/12 15:19:17
[clientloop.h channels.h clientloop.c channels.c mux.c]
     The multiplexing escape char handler commit last night introduced a
     small memory leak per session; plug it.
2008-06-13 04:55:46 +10:00
Darren Tucker 2fb66caca2 - djm@cvs.openbsd.org 2008/06/12 03:40:52
[clientloop.h mux.c channels.c clientloop.c channels.h]
     Enable ~ escapes for multiplex slave sessions; give each channel
     its own escape state and hook the escape filters up to muxed
     channels. bz #1331
     Mux slaves do not currently support the ~^Z and ~& escapes.
     NB. this change cranks the mux protocol version, so a new ssh
     mux client will not be able to connect to a running old ssh
     mux master.
     ok dtucker@
2008-06-13 04:49:33 +10:00
Damien Miller 4401e45be6 - (djm) [channels.c configure.ac]
Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
   bz#1464; ok dtucker
2008-06-12 06:05:12 +10:00
Darren Tucker e7140f20cb - dtucker@cvs.openbsd.org 2008/06/10 04:50:25
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
     Add extended test mode (-T) and connection parameters for test mode (-C).
     -T causes sshd to write its effective configuration to stdout and exit.
     -C causes any relevant Match rules to be applied before output.  The
     combination allows tesing of the parser and config files.  ok deraadt djm
2008-06-10 23:01:51 +10:00
Damien Miller d654dd27b5 - markus@cvs.openbsd.org 2008/05/09 16:17:51
[channels.c]
     error-fd race: don't enable the error fd in the select bitmask
     for channels with both in- and output closed, since the channel
     will go away before we call select();
     report, lots of debugging help and ok djm@
2008-05-19 16:05:41 +10:00
Damien Miller bd74025c7b - djm@cvs.openbsd.org 2008/05/09 04:55:56
[channels.c channels.h clientloop.c serverloop.c]
     Try additional addresses when connecting to a port forward destination
     whose DNS name resolves to more than one address. The previous behaviour
     was to try the first address and give up.

     Reported by stig AT venaas.com in bz#343

     great feedback and ok markus@
2008-05-19 15:37:09 +10:00
Damien Miller b84886ba3e - djm@cvs.openbsd.org 2008/05/08 12:02:23
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
     [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
     [ssh.c sshd.c]
     Implement a channel success/failure status confirmation callback
     mechanism. Each channel maintains a queue of callbacks, which will
     be drained in order (RFC4253 guarantees confirm messages are not
     reordered within an channel).
     Also includes a abandonment callback to clean up if a channel is
     closed without sending confirmation messages. This probably
     shouldn't happen in compliant implementations, but it could be
     abused to leak memory.
     ok markus@ (as part of a larger diff)
2008-05-19 15:05:07 +10:00
Damien Miller db255cad05 - markus@cvs.openbsd.org 2008/05/08 06:59:01
[bufaux.c buffer.h channels.c packet.c packet.h]
     avoid extra malloc/copy/free when receiving data over the net;
     ~10% speedup for localhost-scp; ok djm@
2008-05-19 14:59:37 +10:00
Damien Miller 5f5cd746f3 - markus@cvs.openbsd.org 2008/04/02 15:36:51
[channels.c]
     avoid possible hijacking of x11-forwarded connections (back out 1.183)
     CVE-2008-1483; ok djm@
2008-04-03 08:43:57 +11:00
Damien Miller 3de49f8951 - djm@cvs.openbsd.org 2008/01/19 23:02:40
[channels.c]
     When we added support for specified bind addresses for port forwards, we
     added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
     this for -L port forwards that causes the client to listen on both v4
     and v6 addresses when connected to a server with this quirk, despite
     having set 0.0.0.0 as a bind_address.
     report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
2008-02-10 22:25:24 +11:00
Darren Tucker 4abde771b7 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
     sshd.c]
     Add a small helper function to consistently handle the EAI_SYSTEM error
     code of getaddrinfo.  Prompted by vgiffin at apple com via bz #1417.
     ok markus@ stevesk@
2007-12-29 02:43:51 +11:00
Darren Tucker ae09cb8a71 - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
[channels.c]
     Correct test for window updates every three packets; prevents sending
     window updates for every single packet.  ok markus@
2007-06-25 19:04:46 +10:00
Damien Miller 3191a8e8ba - markus@cvs.openbsd.org 2007/06/11 08:04:44
[channels.c]
     send 'window adjust' messages every tree packets and do not wait
     until 50% of the window is consumed.  ok djm dtucker
2007-06-11 18:33:15 +10:00
Damien Miller 835284b74c - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
fix; tested by dtucker@ and jochen.kirn AT gmail.com
2007-06-11 13:03:16 +10:00
Damien Miller e42bd24b22 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
when closing a tty session when a background process still holds tty
   fds open. Great detective work and patch by Marc Aurele La France,
   slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
Damien Miller 80163907ed - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
[auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
     spaces
2007-01-05 16:30:16 +11:00
Damien Miller 1ec462658e - djm@cvs.openbsd.org 2006/12/12 03:58:42
[channels.c compat.c compat.h]
     bz #1019: some ssh.com versions apparently can't cope with the
     remote port forwarding bind_address being a hostname, so send
     them an address for cases where they are not explicitly
     specified (wildcard or localhost bind).  reported by daveroth AT
     acm.org; ok dtucker@ deraadt@
2007-01-05 16:26:45 +11:00
Damien Miller d5fe0baa73 - djm@cvs.openbsd.org 2006/08/29 10:40:19
[channels.c session.c]
     normalise some inconsistent (but harmless) NULL pointer checks
     spotted by the Stanford SATURN tool, via Isil Dillig;
     ok markus@ deraadt@
2006-08-30 11:07:39 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller 4dec5d75da - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
[authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
     clean extra spaces
2006-08-05 11:38:40 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller 9aec91948d - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
     move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller 8473dd85fe - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
[channels.c]
     more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
2006-07-24 14:08:32 +10:00
Damien Miller a765cf4b66 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
[channels.c channels.h servconf.c servconf.h sshd_config.5]
     Make PermitOpen take a list of permitted ports and act more like most
     other keywords (ie the first match is the effective setting). This
     also makes it easier to override a previously set PermitOpen. ok djm@
2006-07-24 14:08:13 +10:00
Damien Miller 9b439df18a - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
[channels.c channels.h servconf.c sshd_config.5]
     Add PermitOpen directive to sshd_config which is equivalent to the
     "permitopen" key option.  Allows server admin to allow TCP port
     forwarding only two specific host/port pairs.  Useful when combined
     with Match.
     If permitopen is used in both sshd_config and a key option, both
     must allow a given connection before it will be permitted.
     Note that users can still use external forwarders such as netcat,
     so to be those must be controlled too for the limits to be effective.
     Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 14:04:00 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00