summaryrefslogtreecommitdiffstats
path: root/channels.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - djm@cvs.openbsd.org 2013/12/19 01:04:36Damien Miller2013-12-291-4/+7
| | | | | | | | | | | [channels.c] bz#2147: fix multiple remote forwardings with dynamically assigned listen ports. In the s->c message to open the channel we were sending zero (the magic number to request a dynamic port) instead of the actual listen port. The client therefore had no way of discriminating between them. Diagnosis and fix by ronf AT timeheart.net
* - djm@cvs.openbsd.org 2013/11/08 00:39:15Damien Miller2013-11-081-2/+2
| | | | | | | [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] [sftp-client.c sftp-glob.c] use calloc for all structure allocations; from markus@
* - djm@cvs.openbsd.org 2013/09/19 01:24:46Darren Tucker2013-10-101-2/+14
| | | | | | | [channels.c] bz#1297 - tell the client (via packet_send_debug) when their preferred listen address has been overridden by the server's GatewayPorts; ok dtucker@
* - djm@cvs.openbsd.org 2013/09/13 06:54:34Damien Miller2013-09-141-3/+2
| | | | | | | [channels.c] avoid unaligned access in code that reused a buffer to send a struct in_addr in a reply; simpler just use use buffer_put_int(); from portable; spotted by and ok dtucker@
* - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-Damien Miller2013-08-011-0/+3
| | | | | | | blocking connecting socket will clear any stored errno that might otherwise have been retrievable via getsockopt(). A hack to limit writes to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap it in an #ifdef. Diagnosis and patch from Ivo Raisr.
* - djm@cvs.openbsd.org 2013/07/12 00:19:59Damien Miller2013-07-181-3/+4
| | | | | | [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
* - dtucker@cvs.openbsd.org 2013/06/07 15:37:52Damien Miller2013-06-101-2/+6
| | | | | | | | | | | [channels.c channels.h clientloop.c] Add an "ABANDONED" channel state and use for mux sessions that are disconnected via the ~. escape sequence. Channels in this state will be able to close if the server responds, but do not count as active channels. This means that if you ~. all of the mux clients when using ControlPersist on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@.
* - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker2013-06-011-6/+6
| | | | | | | | [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-58/+40
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - markus@cvs.openbsd.org 2013/04/06 16:07:00Damien Miller2013-04-231-4/+10
| | | | | [channels.c sshd.c] handle ECONNABORTED for accept(); ok deraadt some time ago...
* - djm@cvs.openbsd.org 2012/12/02 20:46:11Damien Miller2012-12-021-7/+5
| | | | | | | | [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] [sshd_config.5] make AllowTcpForwarding accept "local" and "remote" in addition to its current "yes"/"no" to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@
* - djm@cvs.openbsd.org 2012/04/23 08:18:17Damien Miller2012-04-231-2/+2
| | | | | [channels.c] fix function proto/source mismatch
* - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller2012-04-221-8/+44
| | | | | | [channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
* - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller2012-04-221-2/+15
| | | | | | [channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
* - markus@cvs.openbsd.org 2011/09/23 07:45:05Darren Tucker2011-10-021-8/+43
| | | | | | | | | | | [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h] unbreak remote portforwarding with dynamic allocated listen ports: 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
* - dtucker@cvs.openbsd.org 2011/09/23 00:22:04Darren Tucker2011-10-021-4/+29
| | | | | | [channels.c auth-options.c servconf.c channels.h sshd.8] Add wildcard support to PermitOpen, allowing things like "PermitOpen localhost:*". bz #1857, ok djm markus.
* - markus@cvs.openbsd.org 2011/09/10 22:26:34Damien Miller2011-09-221-3/+11
| | | | | | [channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@
* - djm@cvs.openbsd.org 2011/09/09 22:46:44Damien Miller2011-09-221-55/+109
| | | | | | | [channels.c channels.h clientloop.h mux.c ssh.c] support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@
* - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller2011-06-231-3/+3
| | | | | | [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
* - djm@cvs.openbsd.org 2010/11/24 01:24:14Damien Miller2010-12-011-4/+1
| | | | | | | [channels.c] remove a debug() that pollutes stderr on client connecting to a server in debug mode (channel_close_fds is called transitively from the session code post-fork); bz#1719, ok dtucker
* - djm@cvs.openbsd.org 2010/08/05 13:08:42Damien Miller2010-08-051-15/+26
| | | | | | | | | | | | | | | | | | | | | | [channels.c] Fix a trio of bugs in the local/remote window calculation for datagram data channels (i.e. TunnelForward): Calculate local_consumed correctly in channel_handle_wfd() by measuring the delta to buffer_len(c->output) from when we start to when we finish. The proximal problem here is that the output_filter we use in portable modified the length of the dequeued datagram (to futz with the headers for !OpenBSD). In channel_output_poll(), don't enqueue datagrams that won't fit in the peer's advertised packet size (highly unlikely to ever occur) or which won't fit in the peer's remaining window (more likely). In channel_input_data(), account for the 4-byte string header in datagram packets that we accept from the peer and enqueue in c->output. report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; "looks good" markus@
* - djm@cvs.openbsd.org 2010/07/13 23:13:16Damien Miller2010-07-161-2/+2
| | | | | | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
* - djm@cvs.openbsd.org 2010/07/13 11:52:06Damien Miller2010-07-161-2/+2
| | | | | | | | | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
* - djm@cvs.openbsd.org 2010/06/25 07:20:04Damien Miller2010-06-261-5/+12
| | | | | | | | [channels.c session.c] bz#1750: fix requirement for /dev/null inside ChrootDirectory for internal-sftp accidentally introduced in r1.253 by removing the code that opens and dup /dev/null to stderr and modifying the channels code to read stderr but discard it instead; ok markus@
* - djm@cvs.openbsd.org 2010/06/25 07:14:46Damien Miller2010-06-261-11/+18
| | | | | | [channels.c mux.c readconf.c readconf.h ssh.h] bz#1327: remove hardcoded limit of 100 permitopen clauses and port forwards per direction; ok markus@ stevesk@
* - djm@cvs.openbsd.org 2010/05/14 23:29:23Damien Miller2010-05-211-5/+11
| | | | | | | | | | | | | | [channels.c channels.h mux.c ssh.c] Pause the mux channel while waiting for reply from aynch callbacks. Prevents misordering of replies if new requests arrive while waiting. Extend channel open confirm callback to allow signalling failure conditions as well as success. Use this to 1) fix a memory leak, 2) start using the above pause mechanism and 3) delay sending a success/ failure message on mux slave session open until we receive a reply from the server. motivated by and with feedback from markus@
* - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721Damien Miller2010-03-261-1/+5
| | | | ok dtucker@
* - djm@cvs.openbsd.org 2010/01/30 21:12:08Damien Miller2010-02-021-1/+8
| | | | | | | | [channels.c] fake local addr:port when stdio fowarding as some servers (Tectia at least) validate that they are well-formed; reported by imorgan AT nas.nasa.gov ok dtucker
* - djm@cvs.openbsd.org 2010/01/26 01:28:35Damien Miller2010-01-261-50/+164
| | | | | | | | | | | | | | | | | | | | | | | | | [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] rewrite ssh(1) multiplexing code to a more sensible protocol. The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
* - dtucker@cvs.openbsd.org 2010/01/11 01:39:46Darren Tucker2010-01-121-1/+30
| | | | | | | | [ssh_config channels.c ssh.1 channels.h ssh.c] Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@
* - dtucker@cvs.openbsd.org 2010/01/09 23:04:13Darren Tucker2010-01-101-19/+7
| | | | | | | | | | | | | | | [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* - markus@cvs.openbsd.org 2009/11/11 21:37:03Darren Tucker2010-01-081-15/+11
| | | | | | | | [channels.c channels.h] fix race condition in x11/agent channel allocation: don't read after the end of the select read/write fdset and make sure a reused FD is not touched before the pre-handlers are called. with and ok djm@
* - dtucker@cvs.openbsd.org 2009/11/10 04:30:45Darren Tucker2010-01-081-2/+8
| | | | | | [sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
* - reyk@cvs.openbsd.org 2009/10/28 16:38:18Darren Tucker2010-01-081-7/+19
| | | | | | | | [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
* - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() toDamien Miller2009-11-181-7/+4
| | | | | | set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() report and fix from jan.kratochvil AT redhat.com
* - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call onDarren Tucker2009-08-281-0/+2
| | | | | | the pty master on Solaris, since it never succeeds and can hang if large amounts of data is sent to the slave (eg a copy-paste). Based on a patch originally from Doke Scott, ok djm@
* - andreas@cvs.openbsd.org 2009/05/27 06:31:25Darren Tucker2009-06-211-2/+2
| | | | | | | [canohost.h canohost.c] Add clear_cached_addr(), needed for upcoming changes allowing the peer address to change. ok markus@
* - djm@cvs.openbsd.org 2009/02/12 03:00:56Damien Miller2009-02-141-8/+44
| | | | | | | | [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] [readconf.h serverloop.c ssh.c] support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* - djm@cvs.openbsd.org 2009/01/22 09:49:57Damien Miller2009-01-281-3/+3
| | | | | | [channels.c] oops! I committed the wrong version of the Channel->path diff, it was missing some tweaks suggested by stevesk@
* - djm@cvs.openbsd.org 2009/01/22 09:46:01Damien Miller2009-01-281-13/+35
| | | | | | [channels.c channels.h session.c] make Channel->path an allocated string, saving a few bytes here and there and fixing bz#1380 in the process; ok markus@
* - djm@cvs.openbsd.org 2009/01/14 01:38:06Damien Miller2009-01-281-11/+39
| | | | | | [channels.c] support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482; "looks ok" markus@
* - djm@cvs.openbsd.org 2009/01/01 21:14:35Damien Miller2009-01-281-3/+3
| | | | | | | [channels.c] call channel destroy callbacks on receipt of open failure messages. fixes client hangs when connecting to a server that has MaxSessions=0 set spotted by imorgan AT nas.nasa.gov; ok markus@
* - stevesk@cvs.openbsd.org 2008/12/09 03:20:42Damien Miller2009-01-281-2/+4
| | | | | | | [channels.c servconf.c] channel_print_adm_permitted_opens() should deal with all the printing for that config option. suggested by markus@; ok markus@ djm@ dtucker@
* - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding viaDamien Miller2009-01-211-2/+21
| | | | | launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked; ok dtucker@
* - markus@cvs.openbsd.org 2008/12/02 19:09:38Damien Miller2008-12-071-6/+6
| | | | | [channels.c] s/remote_id/id/ to be more consistent with other code; ok djm@
* - stevesk@cvs.openbsd.org 2008/11/11 03:55:11Darren Tucker2008-11-111-1/+5
| | | | | | [channels.c] for sshd -T print 'permitopen any' vs. 'permitopen' for case of no permitopen's; ok and input dtucker@
* - stevesk@cvs.openbsd.org 2008/11/01 06:43:33Damien Miller2008-11-031-4/+4
| | | | | [channels.c] fix some typos in log messages; ok djm@
* - djm@cvs.openbsd.org 2008/07/16 11:52:19Damien Miller2008-07-161-2/+2
| | | | | [channels.c] this loop index should be automatic, not static
* - djm@cvs.openbsd.org 2008/07/13 22:13:07Damien Miller2008-07-141-7/+7
| | | | | | [channels.c] use struct sockaddr_storage instead of struct sockaddr for accept(2) address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
* - (djm) OpenBSD CVS SyncDamien Miller2008-07-121-2/+2
| | | | | | | - djm@cvs.openbsd.org 2008/07/12 04:52:50 [channels.c] unbreak; move clearing of cctx struct to before first use reported by dkrause@