summaryrefslogtreecommitdiff
path: root/channels.c
AgeCommit message (Collapse)Author
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-04-23 - markus@cvs.openbsd.org 2013/04/06 16:07:00Damien Miller
[channels.c sshd.c] handle ECONNABORTED for accept(); ok deraadt some time ago...
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:46:11Damien Miller
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] [sshd_config.5] make AllowTcpForwarding accept "local" and "remote" in addition to its current "yes"/"no" to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@
2012-04-23 - djm@cvs.openbsd.org 2012/04/23 08:18:17Damien Miller
[channels.c] fix function proto/source mismatch
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller
[channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
2011-10-02 - markus@cvs.openbsd.org 2011/09/23 07:45:05Darren Tucker
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h] unbreak remote portforwarding with dynamic allocated listen ports: 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
2011-10-02 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04Darren Tucker
[channels.c auth-options.c servconf.c channels.h sshd.8] Add wildcard support to PermitOpen, allowing things like "PermitOpen localhost:*". bz #1857, ok djm markus.
2011-09-22 - markus@cvs.openbsd.org 2011/09/10 22:26:34Damien Miller
[channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@
2011-09-22 - djm@cvs.openbsd.org 2011/09/09 22:46:44Damien Miller
[channels.c channels.h clientloop.h mux.c ssh.c] support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
2010-12-01 - djm@cvs.openbsd.org 2010/11/24 01:24:14Damien Miller
[channels.c] remove a debug() that pollutes stderr on client connecting to a server in debug mode (channel_close_fds is called transitively from the session code post-fork); bz#1719, ok dtucker
2010-08-05 - djm@cvs.openbsd.org 2010/08/05 13:08:42Damien Miller
[channels.c] Fix a trio of bugs in the local/remote window calculation for datagram data channels (i.e. TunnelForward): Calculate local_consumed correctly in channel_handle_wfd() by measuring the delta to buffer_len(c->output) from when we start to when we finish. The proximal problem here is that the output_filter we use in portable modified the length of the dequeued datagram (to futz with the headers for !OpenBSD). In channel_output_poll(), don't enqueue datagrams that won't fit in the peer's advertised packet size (highly unlikely to ever occur) or which won't fit in the peer's remaining window (more likely). In channel_input_data(), account for the 4-byte string header in datagram packets that we accept from the peer and enqueue in c->output. report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; "looks good" markus@
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 23:13:16Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 11:52:06Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
2010-06-26 - djm@cvs.openbsd.org 2010/06/25 07:20:04Damien Miller
[channels.c session.c] bz#1750: fix requirement for /dev/null inside ChrootDirectory for internal-sftp accidentally introduced in r1.253 by removing the code that opens and dup /dev/null to stderr and modifying the channels code to read stderr but discard it instead; ok markus@
2010-06-26 - djm@cvs.openbsd.org 2010/06/25 07:14:46Damien Miller
[channels.c mux.c readconf.c readconf.h ssh.h] bz#1327: remove hardcoded limit of 100 permitopen clauses and port forwards per direction; ok markus@ stevesk@
2010-05-21 - djm@cvs.openbsd.org 2010/05/14 23:29:23Damien Miller
[channels.c channels.h mux.c ssh.c] Pause the mux channel while waiting for reply from aynch callbacks. Prevents misordering of replies if new requests arrive while waiting. Extend channel open confirm callback to allow signalling failure conditions as well as success. Use this to 1) fix a memory leak, 2) start using the above pause mechanism and 3) delay sending a success/ failure message on mux slave session open until we receive a reply from the server. motivated by and with feedback from markus@
2010-03-26 - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721Damien Miller
ok dtucker@
2010-02-02 - djm@cvs.openbsd.org 2010/01/30 21:12:08Damien Miller
[channels.c] fake local addr:port when stdio fowarding as some servers (Tectia at least) validate that they are well-formed; reported by imorgan AT nas.nasa.gov ok dtucker
2010-01-26 - djm@cvs.openbsd.org 2010/01/26 01:28:35Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] rewrite ssh(1) multiplexing code to a more sensible protocol. The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
2010-01-12 - dtucker@cvs.openbsd.org 2010/01/11 01:39:46Darren Tucker
[ssh_config channels.c ssh.1 channels.h ssh.c] Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@
2010-01-10 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13Darren Tucker
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
2010-01-08 - markus@cvs.openbsd.org 2009/11/11 21:37:03Darren Tucker
[channels.c channels.h] fix race condition in x11/agent channel allocation: don't read after the end of the select read/write fdset and make sure a reused FD is not touched before the pre-handlers are called. with and ok djm@
2010-01-08 - dtucker@cvs.openbsd.org 2009/11/10 04:30:45Darren Tucker
[sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
2010-01-08 - reyk@cvs.openbsd.org 2009/10/28 16:38:18Darren Tucker
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
2009-11-18 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() toDamien Miller
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() report and fix from jan.kratochvil AT redhat.com
2009-08-28 - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call onDarren Tucker
the pty master on Solaris, since it never succeeds and can hang if large amounts of data is sent to the slave (eg a copy-paste). Based on a patch originally from Doke Scott, ok djm@
2009-06-21 - andreas@cvs.openbsd.org 2009/05/27 06:31:25Darren Tucker
[canohost.h canohost.c] Add clear_cached_addr(), needed for upcoming changes allowing the peer address to change. ok markus@
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:00:56Damien Miller
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] [readconf.h serverloop.c ssh.c] support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 09:49:57Damien Miller
[channels.c] oops! I committed the wrong version of the Channel->path diff, it was missing some tweaks suggested by stevesk@
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 09:46:01Damien Miller
[channels.c channels.h session.c] make Channel->path an allocated string, saving a few bytes here and there and fixing bz#1380 in the process; ok markus@
2009-01-28 - djm@cvs.openbsd.org 2009/01/14 01:38:06Damien Miller
[channels.c] support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482; "looks ok" markus@
2009-01-28 - djm@cvs.openbsd.org 2009/01/01 21:14:35Damien Miller
[channels.c] call channel destroy callbacks on receipt of open failure messages. fixes client hangs when connecting to a server that has MaxSessions=0 set spotted by imorgan AT nas.nasa.gov; ok markus@
2009-01-28 - stevesk@cvs.openbsd.org 2008/12/09 03:20:42Damien Miller
[channels.c servconf.c] channel_print_adm_permitted_opens() should deal with all the printing for that config option. suggested by markus@; ok markus@ djm@ dtucker@
2009-01-21 - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding viaDamien Miller
launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked; ok dtucker@
2008-12-08 - markus@cvs.openbsd.org 2008/12/02 19:09:38Damien Miller
[channels.c] s/remote_id/id/ to be more consistent with other code; ok djm@
2008-11-11 - stevesk@cvs.openbsd.org 2008/11/11 03:55:11Darren Tucker
[channels.c] for sshd -T print 'permitopen any' vs. 'permitopen' for case of no permitopen's; ok and input dtucker@
2008-11-03 - stevesk@cvs.openbsd.org 2008/11/01 06:43:33Damien Miller
[channels.c] fix some typos in log messages; ok djm@
2008-07-16 - djm@cvs.openbsd.org 2008/07/16 11:52:19Damien Miller
[channels.c] this loop index should be automatic, not static
2008-07-14 - djm@cvs.openbsd.org 2008/07/13 22:13:07Damien Miller
[channels.c] use struct sockaddr_storage instead of struct sockaddr for accept(2) address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
2008-07-12 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2008/07/12 04:52:50 [channels.c] unbreak; move clearing of cctx struct to before first use reported by dkrause@
2008-07-11 - markus@cvs.openbsd.org 2008/07/10 18:05:58Damien Miller
[channels.c] missing bzero; from mickey; ok djm@
2008-07-04 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]Damien Miller
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on some platforms (HP nonstop) it is a distinct errno; bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-06-16 - (dtucker) [channels.c] isatty -> is_tty here too.Darren Tucker
2008-06-16 - dtucker@cvs.openbsd.org 2008/06/16 13:22:53Darren Tucker
[session.c channels.c] Rename the isatty argument to is_tty so we don't shadow isatty(3). ok markus@
2008-06-16 - djm@cvs.openbsd.org 2008/06/15 20:06:26Damien Miller
[channels.c channels.h session.c] don't call isatty() on a pty master, instead pass a flag down to channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
2008-06-13 - djm@cvs.openbsd.org 2008/06/12 15:19:17Darren Tucker
[clientloop.h channels.h clientloop.c channels.c mux.c] The multiplexing escape char handler commit last night introduced a small memory leak per session; plug it.
2008-06-13 - djm@cvs.openbsd.org 2008/06/12 03:40:52Darren Tucker
[clientloop.h mux.c channels.c clientloop.c channels.h] Enable ~ escapes for multiplex slave sessions; give each channel its own escape state and hook the escape filters up to muxed channels. bz #1331 Mux slaves do not currently support the ~^Z and ~& escapes. NB. this change cranks the mux protocol version, so a new ssh mux client will not be able to connect to a running old ssh mux master. ok dtucker@