Age | Commit message (Collapse) | Author |
|
environment variables for the remote session (subject to the server accepting
them)
refactor SendEnv to remove the arbitrary limit of variable names.
ok markus@
OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
|
|
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
|
|
Use strsignal in debug message instead of casting for the
benefit of portable where sig_atomic_t might not be int. "much nicer"
deraadt@
Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
|
|
Prevent type mismatch warning in debug on platforms where
sig_atomic_t != int. ok djm@
Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
|
|
Make remote channel ID a u_int
Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.
In practice everyone numbers their channels sequentially, so this has
never been a problem.
ok markus@
Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
|
|
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
|
|
return failure rather than fatal() for more cases during
mux negotiations. Causes the session to fall back to a non-mux connection if
they occur. bz#2707 ok dtucker@
Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
|
|
The POSIX APIs that that sockaddrs all ignore the s*_len
field in the incoming socket, so userspace doesn't need to set it unless it
has its own reasons for tracking the size along with the sockaddr.
ok phessler@ deraadt@ florian@
Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
|
|
When tearing down ControlMaster connecctions, don't
pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@.
Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
|
|
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client and server on different machines. feedback
& ok djm@
Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
|
|
Improve error message for overlong ControlPath. ok markus@
djm@
Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
|
|
Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@
Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
|
|
whitespace at EOL
Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
|
|
eliminate fallback from untrusted X11 forwarding to trusted
forwarding when the X server disables the SECURITY extension; Reported by
Thomas Hoger; ok deraadt@
Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
|
|
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
|
|
adjust pledge promises for ControlMaster: when using
"ask" or "autoask", the process will use ssh-askpass for asking confirmation.
problem found by halex@
ok halex@
Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
|
|
pledges ssh client: - mux client: which is used when
ControlMaster is in use. will end with "stdio proc tty" (proc is to
permit sending SIGWINCH to mux master on window resize)
- client loop: several levels of pledging depending of your used options
ok deraadt@
Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
|
|
fix some signed/unsigned integer type mismatches in
format strings; reported by Nicholas Lemonias
Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
|
|
fix free() of uninitialised pointer reported by Mateusz
Kocielski; ok markus@
Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
|
|
remove failed remote forwards established by muliplexing
from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
dtucker@
|
|
reduce stderr spam when using ssh -S /path/mux -O forward
-R 0:... ok dtucker@
|
|
rename xrealloc() to xreallocarray() since it follows
that form. ok djm
|
|
Reduce use of <sys/param.h> and transition to <limits.h>
throughout. ok djm markus
|
|
fix passing of wildcard forward bind addresses when
connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
ok dtucker@
|
|
[mux.c ssh.c]
reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
previously we were always returning 0. bz#2255 reported by Brendan
Germain; ok dtucker
|
|
[mux.c]
preserve errno across syscall
|
|
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
[clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
[readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
[ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
[sshd_config.5 sshlogin.c]
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
|
|
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
[ssh-keygen.c]
buffer_get_string_ptr's return should be const to remind
callers that futzing with it will futz with the actual buffer
contents
|
|
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
|
|
[mux.c]
fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
ok djm
|
|
[clientloop.h clientloop.c mux.c]
No need for the mux cleanup callback to be visible so restore it to static
and call it through the detach_user function pointer. ok djm@
|
|
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
|
|
[mux.c]
typo in debug output: evitval->exitval
|
|
[mux.c]
cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
(in addition to ones already in OPEN); bz#2079, ok dtucker@
|
|
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
|
|
[clientloop.c mux.c]
channel_setup_local_fwd_listener() returns 0 on failure, not -ve
bz#2055 reported by mathieu.lacage AT gmail.com
|
|
[clientloop.c clientloop.h mux.c]
Force a clean shutdown of ControlMaster client sessions when the ~. escape
sequence is used. This means that ~. should now work in mux clients even
if the server is no longer responding. Found by tedu, ok djm.
|
|
[mux.c]
fix memory leak of passed-in environment variables and connection
context when new session message is malformed; bz#2003 from Bert.Wesarg
AT googlemail.com
|
|
[mux.c]
fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
AT googlemail.com
|
|
[mux.c]
fix double-free in new session handler
NB. Id sync only
|
|
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
|
|
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
|
|
[mux.c]
fix double-free in new session handler
|
|
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
|
|
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
|
|
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h]
unbreak remote portforwarding with dynamic allocated listen ports:
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
|
|
[channels.c channels.h clientloop.h mux.c ssh.c]
support for cancelling local and remote port forwards via the multiplex
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
|
|
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
hook up a channel confirm callback to warn the user then requested X11
forwarding was refused by the server; ok markus@
|
|
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
improve our behaviour when TTY allocation fails: if we are in
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
|
|
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
Add a RequestTTY ssh_config option to allow configuration-based
control over tty allocation (like -t/-T); ok markus@
|