diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
| commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
| tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /nchan.c | |
| parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
| parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) | |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'nchan.c')
| -rw-r--r-- | nchan.c | 21 |
1 files changed, 15 insertions, 6 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: nchan.c,v 1.62 2008/11/07 18:50:18 stevesk Exp $ */ | 1 | /* $OpenBSD: nchan.c,v 1.63 2010/01/26 01:28:35 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -161,7 +161,7 @@ chan_ibuf_empty(Channel *c) | |||
| 161 | switch (c->istate) { | 161 | switch (c->istate) { |
| 162 | case CHAN_INPUT_WAIT_DRAIN: | 162 | case CHAN_INPUT_WAIT_DRAIN: |
| 163 | if (compat20) { | 163 | if (compat20) { |
| 164 | if (!(c->flags & CHAN_CLOSE_SENT)) | 164 | if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL))) |
| 165 | chan_send_eof2(c); | 165 | chan_send_eof2(c); |
| 166 | chan_set_istate(c, CHAN_INPUT_CLOSED); | 166 | chan_set_istate(c, CHAN_INPUT_CLOSED); |
| 167 | } else { | 167 | } else { |
| @@ -278,9 +278,12 @@ static void | |||
| 278 | chan_rcvd_close2(Channel *c) | 278 | chan_rcvd_close2(Channel *c) |
| 279 | { | 279 | { |
| 280 | debug2("channel %d: rcvd close", c->self); | 280 | debug2("channel %d: rcvd close", c->self); |
| 281 | if (c->flags & CHAN_CLOSE_RCVD) | 281 | if (!(c->flags & CHAN_LOCAL)) { |
| 282 | error("channel %d: protocol error: close rcvd twice", c->self); | 282 | if (c->flags & CHAN_CLOSE_RCVD) |
| 283 | c->flags |= CHAN_CLOSE_RCVD; | 283 | error("channel %d: protocol error: close rcvd twice", |
| 284 | c->self); | ||
| 285 | c->flags |= CHAN_CLOSE_RCVD; | ||
| 286 | } | ||
| 284 | if (c->type == SSH_CHANNEL_LARVAL) { | 287 | if (c->type == SSH_CHANNEL_LARVAL) { |
| 285 | /* tear down larval channels immediately */ | 288 | /* tear down larval channels immediately */ |
| 286 | chan_set_ostate(c, CHAN_OUTPUT_CLOSED); | 289 | chan_set_ostate(c, CHAN_OUTPUT_CLOSED); |
| @@ -302,11 +305,13 @@ chan_rcvd_close2(Channel *c) | |||
| 302 | chan_set_istate(c, CHAN_INPUT_CLOSED); | 305 | chan_set_istate(c, CHAN_INPUT_CLOSED); |
| 303 | break; | 306 | break; |
| 304 | case CHAN_INPUT_WAIT_DRAIN: | 307 | case CHAN_INPUT_WAIT_DRAIN: |
| 305 | chan_send_eof2(c); | 308 | if (!(c->flags & CHAN_LOCAL)) |
| 309 | chan_send_eof2(c); | ||
| 306 | chan_set_istate(c, CHAN_INPUT_CLOSED); | 310 | chan_set_istate(c, CHAN_INPUT_CLOSED); |
| 307 | break; | 311 | break; |
| 308 | } | 312 | } |
| 309 | } | 313 | } |
| 314 | |||
| 310 | void | 315 | void |
| 311 | chan_rcvd_eow(Channel *c) | 316 | chan_rcvd_eow(Channel *c) |
| 312 | { | 317 | { |
| @@ -454,6 +459,10 @@ chan_is_dead(Channel *c, int do_send) | |||
| 454 | c->self, c->efd, buffer_len(&c->extended)); | 459 | c->self, c->efd, buffer_len(&c->extended)); |
| 455 | return 0; | 460 | return 0; |
| 456 | } | 461 | } |
| 462 | if (c->flags & CHAN_LOCAL) { | ||
| 463 | debug2("channel %d: is dead (local)", c->self); | ||
| 464 | return 1; | ||
| 465 | } | ||
| 457 | if (!(c->flags & CHAN_CLOSE_SENT)) { | 466 | if (!(c->flags & CHAN_CLOSE_SENT)) { |
| 458 | if (do_send) { | 467 | if (do_send) { |
| 459 | chan_send_close2(c); | 468 | chan_send_close2(c); |