Age | Commit message (Collapse) | Author |
|
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
|
|
[channels.c channels.h clientloop.c ssh.1]
support cancellation of local/dynamic forwardings from ~C commandline;
ok & feedback djm@
|
|
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
hook up a channel confirm callback to warn the user then requested X11
forwarding was refused by the server; ok markus@
|
|
[clientloop.c]
setproctitle for a mux master that has been gracefully stopped;
bz#1911 from Bert.Wesarg AT googlemail.com
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
improve our behaviour when TTY allocation fails: if we are in
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
|
|
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
Add a RequestTTY ssh_config option to allow configuration-based
control over tty allocation (like -t/-T); ok markus@
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
allow graceful shutdown of multiplexing: request that a mux server
removes its listener socket and refuse future multiplexing requests;
ok markus@
|
|
[clientloop.c]
a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
now that we use atomicio(), convert them from while loops to if statements
add test and cast to compile cleanly with -Wsigned
|
|
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
|
|
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
|
|
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
|
|
[clientloop.c]
when exiting due to ServerAliveTimeout, mention the hostname that caused
it (useful with backgrounded controlmaster)
|
|
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
|
|
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
|
|
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
|
|
[clientloop.c ssh.c sshconnect.c sshconnect.h]
kill proxy command on fatal() (we already kill it on clean exit);
ok markus@
|
|
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
add a "ControlPersist" option that automatically starts a background
ssh(1) multiplex master when connecting. This connection can stay alive
indefinitely, or can be set to automatically close after a user-specified
duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
|
|
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
|
|
[clientloop.c]
bz#1698: kill channel when pty allocation requests fail. Fixed
stuck client if the server refuses pty allocation.
ok dtucker@ "think so" markus@
|
|
[clientloop.c]
protocol conformance fix: send language tag when disconnecting normally;
spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
|
|
[clientloop.c]
downgrade an error() to a debug() - this particular case can be hit in
normal operation for certain sequences of mux slave vs session closure
and is harmless
|
|
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
rewrite ssh(1) multiplexing code to a more sensible protocol.
The new multiplexing code uses channels for the listener and
accepted control sockets to make the mux master non-blocking, so
no stalls when processing messages from a slave.
avoid use of fatal() in mux master protocol parsing so an errant slave
process cannot take down a running master.
implement requesting of port-forwards over multiplexed sessions. Any
port forwards requested by the slave are added to those the master has
established.
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
document master/slave mux protocol so that other tools can use it to
control a running ssh(1). Note: there are no guarantees that this
protocol won't be incompatibly changed (though it is versioned).
feedback Salvador Fandino, dtucker@
channel changes ok markus@
|
|
[mux.c sshpty.h clientloop.c sshtty.c]
quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
usually don't actually have a tty to read/set; bz#1686 ok dtucker@
|
|
[clientloop.c]
fix incorrect exit status when multiplexing and channel ID 0 is recycled
bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
|
|
[clientloop.c]
client_loop() must detect if the session has been suspended and resumed,
and take appropriate action in that case.
From Martin Forssen, maf at appgate dot com
ok markus@
|
|
size a compile-time option and set it to 64k on Cygwin, since Corinna
reports that it makes a significant difference to performance. ok djm@
|
|
[clientloop.c]
only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@
ok deraadt@ markus@
|
|
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
Also, applied appropriate changes to Makefile.in
|
|
[kex.c kex.h]
Move the KEX_COOKIE_LEN define to kex.h
ok markus@
|
|
[canohost.h canohost.c]
Add clear_cached_addr(), needed for upcoming changes allowing the peer
address to change.
ok markus@
|
|
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
|
|
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
|
|
[clientloop.c]
fix typo in error message
|
|
[clientloop.c]
The ~C escape handler does not work correctly for multiplexed sessions -
it opens a commandline on the master session, instead of on the slave
that requested it. Disable it on slave sessions until such time as it
is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
ok markus@
|
|
[clientloop.c]
we have to use the recipient's channel number (RFC 4254) for
SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
otherwise we trigger 'Non-public channel' error messages on sshd
systems with clientkeepalive enabled; noticed by sturm; ok djm;
|
|
[clientloop.c ssh.1]
add dynamic forward escape command line; ok djm@
|
|
[clientloop.c readconf.c readconf.h ssh.c]
merge dynamic forward parsing into parse_forward(); 'i think this is OK' djm@
|
|
[clientloop.c sshd.c]
don't need to #include "monitor_fdpass.h"
|
|
[clientloop.c]
rename variable first_gc -> last_gc (since it is actually the last
in the list).
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
sync v1 and v2 traffic accounting; add it to sshd, too;
ok djm@, dtucker@
|
|
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
[sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
some platforms (HP nonstop) it is a distinct errno;
bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
|
|
[clientloop.c]
I was coalescing expected global request confirmation replies at
the wrong end of the queue - fix; prompted by markus@
|
|
takes 2 more args. with djm@
|
|
[clientloop.h channels.h clientloop.c channels.c mux.c]
The multiplexing escape char handler commit last night introduced a
small memory leak per session; plug it.
|
|
[clientloop.c]
thall shalt not code past the eightieth column
|
|
[clientloop.h ssh.c clientloop.c]
maintain an ordered queue of outstanding global requests that we
expect replies to, similar to the per-channel confirmation queue.
Use this queue to verify success or failure for remote forward
establishment in a race free way.
ok dtucker@
|
|
[clientloop.h mux.c channels.c clientloop.c channels.h]
Enable ~ escapes for multiplex slave sessions; give each channel
its own escape state and hook the escape filters up to muxed
channels. bz #1331
Mux slaves do not currently support the ~^Z and ~& escapes.
NB. this change cranks the mux protocol version, so a new ssh
mux client will not be able to connect to a running old ssh
mux master.
ok dtucker@
|
|
[clientloop.c]
unbreak tree by committing this bit that I missed from:
Fix sending tty modes when stdin is not a tty (bz#1199). Previously
we would send the modes corresponding to a zeroed struct termios,
whereas we should have been sending an empty list of modes.
Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
|
|
[channels.h clientloop.c nchan.c serverloop.c]
unbreak
ssh -2 localhost od /bin/ls | true
ignoring SIGPIPE by adding a new channel message (EOW) that signals
the peer that we're not interested in any data it might send.
fixes bz #85; discussion, debugging and ok djm@
|