This makes ssh/sshd more strict in handling non-compliant peers that
send more data than the advertised channel window allows. Previously
the additional data would be silently discarded. This change will
cause ssh/sshd to terminate the connection if the channel window is
exceeded by more than a small grace allowance.
ok markus@
OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037
obfuscation, only consider enabling it when a channel with a tty is open.
Avoids turning on the obfucation when X11 forwarding only is in use,
which slows it right down. Reported by Roger Marsh
OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1
whether channel data was enqueued. Will be used to improve keystroke timing
obfuscation. Problem spotted by / tested by naddy@
OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
INT_MAX. Fixes sign compare warnings systems with 32-bit time_t due to type
promotion. OK djm@
OpenBSD-Commit-ID: 48081e9ad35705c5f1705711704a4c2ff94e87b7
Use time_t instead of u_int for remaining x11 timeout checks for 64bit
time_t safety. From Coverity CIDs 405197 and 405028, ok djm@
OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
comment accordingly. As remote_name is not modified, it can be const as
well. From Martin Vahlensieck
OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a
OPEN during SSH transport rekeying. The most visible benefit is that it
should make ~-escapes work in the client (e.g. to exit) if the connection
happened to have stalled during a rekey event. Based work by and ok dtucker@
OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
avoids plausible spin during rekeying if channel io_want flags are reused
across cycles. ok markus@ deraadt@
OpenBSD-Commit-ID: 91034f855b7c73cd2591657c49ac30f10322b967
data in the channel buffer. Introduce more exact packing of channel fds into
the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@
OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10
buffer rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok
markus@
OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe (a precursor to the mainloop poll(2) conversion).
Spotted by John in bz3383
select() to poll() by moving FD_SET construction out of channel handlers into
separate functions. ok markus
OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.
> $ cat > test.sh << _EOF
> #!/bin/sh
> {
> ssh -Fnone -oLogLevel=verbose ::1 hostname
> cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable
This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.
This was reported as bz3280 and GHPR246; ok dtucker@
OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
when peer advertises a large window but is slow to consume the data we send
(e.g. because of a slow network)
reported by Pierre-Yves David
fix with & ok markus@
OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels
should not have this structure freed.
OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
still confusing people, so add another comment explaining the special
handling of "localhost"; bz#3258
OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a
djm@openbsd.org
dlg@openbsd.org
millert@openbsd.org
Damien Miller
dtucker@openbsd.org
mbuhl@openbsd.org
markus@openbsd.org
Darren Tucker
jsg@openbsd.org