summaryrefslogtreecommitdiffstats
path: root/channels.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: the GatewayPorts vs -R listen address selection logic isdjm@openbsd.org2020-01-251-2/+7
| | | | | | | still confusing people, so add another comment explaining the special handling of "localhost"; bz#3258 OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a
* wrap stdint.h include in HAVE_STDINT_HDamien Miller2019-10-091-1/+1
| | | | | | make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
* upstream: Remove some set but never used variables. ok daraadt@dtucker@openbsd.org2019-07-081-3/+2
| | | | OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-23/+23
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Typo and spelling fixes in comments and error messages.dtucker@openbsd.org2019-06-071-2/+2
| | | | | | Patch from knweiss at gmail.com via -portable. OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
* upstream: For PermitOpen violations add the remote host and port toflorian@openbsd.org2019-05-171-3/+21
| | | | | | | | | | | | | | be able to find out from where the request was comming. Add the same logging for PermitListen violations which where not logged at all. Pointed out by Robert Kisteleki (robert AT ripe.net) input markus OK deraadt OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
* upstream: Free channel objects on exit path. Patch from markus atdtucker@openbsd.org2019-05-081-4/+24
| | | | | | blueflash.cc, ok deraadt OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
* use same close logic for stderr as stdoutDamien Miller2019-02-081-3/+5
| | | | | | | | Avoids sending SIGPIPE to child processes after their parent exits if they attempt to write to stderr. Analysis and patch from JD Paul; patch reworked by Jakub Jelen and myself. bz#2071; ok dtucker@
* upstream: convert channels.c to new packet APIdjm@openbsd.org2019-01-191-30/+38
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: no need to allocate channels_pre/channels_post indjm@openbsd.org2018-12-071-6/+2
| | | | | | | channel_init_channels() as we do it anyway in channel_handler_init() that we call at the end of the function. Fix from Markus Schmidt via bz#2938 OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
* upstream: factor out channel status formatting fromdjm@openbsd.org2018-10-041-13/+24
| | | | | | channel_open_message() so we can use it in other debug messages OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
* upstream: include a little more information about the status anddjm@openbsd.org2018-10-041-3/+26
| | | | | | | disposition of channel's extended (stderr) fd; makes debugging some things a bit easier. No behaviour change. OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
* upstream: avoid expensive channel_open_message() calls; ok djm@markus@openbsd.org2018-07-311-4/+6
| | | | OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* upstream: fix NULL dereference in open_listen_match_tcpip()djm@openbsd.org2018-06-261-2/+2
| | | | OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9
* upstream: Add a PermitListen directive to control which server-sidedjm@openbsd.org2018-06-061-174/+303
| | | | | | | | | | | | addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
* upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org2018-04-101-4/+4
| | | | | | | after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
* upstream committb@openbsd.org2018-02-061-4/+9
| | | | | | | | | | The file descriptors for socket, stdin, stdout and stderr aren't necessarily distinct, so check if they are the same to avoid closing the same fd several times. ok djm OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
* upstream commitdjm@openbsd.org2018-01-231-30/+15
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdjm@openbsd.org2017-12-071-4/+9
| | | | | | include the addr:port in bind/listen failure messages OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
* upstream commitdjm@openbsd.org2017-10-251-16/+3
| | | | | | | | | Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
* upstream commitdjm@openbsd.org2017-09-241-2/+2
| | | | | | | | fix inverted test on channel open failure path that "upgraded" a transient failure into a fatal error; reported by sthen and also seen by benno@; ok sthen@ Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
* upstream commitdjm@openbsd.org2017-09-241-2/+2
| | | | | | | | write the correct buffer when tunnel forwarding; doesn't matter on OpenBSD (they are the same) but does matter on portable where we use an output filter to translate os-specific tun/tap headers Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
* upstream commitdjm@openbsd.org2017-09-241-7/+8
| | | | | | | fix tunnel forwarding problem introduced in refactor; reported by stsp@ ok markus@ Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
* upstream commitmarkus@openbsd.org2017-09-221-85/+289
| | | | | | | | | | | | | | | | | Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
* upstream commitmillert@openbsd.org2017-09-221-2/+2
| | | | | | | Use explicit_bzero() instead of bzero() before free() to prevent the compiler from optimizing away the bzero() call. OK djm@ Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
* upstream commitdjm@openbsd.org2017-09-121-3/+3
| | | | | | unused variable Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
* upstream commitdjm@openbsd.org2017-09-121-1/+2
| | | | | | fix tun/tap forwarding case in previous Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
* upstream commitdjm@openbsd.org2017-09-121-10/+30
| | | | | | | | | | | | | | | Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
* upstream commitdjm@openbsd.org2017-09-121-1363/+1648
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitdjm@openbsd.org2017-09-041-9/+9
| | | | | | | pass packet state down to some of the channels function (more to come...); ok markus@ Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
* upstream commitderaadt@openbsd.org2017-06-011-3/+1
| | | | | | | These shutdown() SHUT_RDWR are not needed before close() ok djm markus claudio Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
* upstream commitdjm@openbsd.org2017-05-311-6/+10
| | | | | | | fix possible OOB strlen() in SOCKS4A hostname parsing; ok markus@ Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
* upstream commitmarkus@openbsd.org2017-05-311-19/+18
| | | | | | protocol handlers all get struct ssh passed; ok djm@ Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
* upstream commitmarkus@openbsd.org2017-05-311-2/+2
| | | | | | remove ssh1 references; ok djm@ Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
* upstream commitmarkus@openbsd.org2017-05-271-11/+1
| | | | | | remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
* upstream commitmarkus@openbsd.org2017-05-271-22/+1
| | | | | | | remove channel_input_close_confirmation (ssh1 only); ok djm@ Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
* upstream commitdjm@openbsd.org2017-05-011-162/+1
| | | | | | | | obliterate ssh1.h and some dead code that used it ok markus@ Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
* upstream commitdjm@openbsd.org2017-05-011-393/+130
| | | | | | | | remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
* If OSX is using launchd, remove screen no.Darren Tucker2017-03-101-7/+41
| | | | | Check for socket with and without screen number. From Apple and Jakob Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
* upstream commitdtucker@openbsd.org2017-02-031-7/+26
| | | | | | | Return true reason for port forwarding failures where feasible rather than always "administratively prohibited". bz#2674, ok djm@ Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
* upstream commitdtucker@openbsd.org2016-10-181-40/+1
| | | | | | | Remove channel_input_port_forward_request(); the only caller was the recently-removed SSH1 server code so it's now dead code. ok markus@ Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
* upstream commitdjm@openbsd.org2016-09-301-3/+9
| | | | | | | fix some -Wpointer-sign warnings in the new mux proxy; ok markus@ Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
* upstream commitmarkus@openbsd.org2016-09-301-12/+380
| | | | | | | | | | | ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@ Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
* upstream commitnatano@openbsd.org2016-09-211-11/+7
| | | | | | | | | | Replace two more arc4random() loops with arc4random_buf(). tweaks and ok dtucker ok deraadt Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
* upstream commitderaadt@openbsd.org2016-09-121-11/+10
| | | | | | | | Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
* upstream commitdtucker@openbsd.org2016-07-221-2/+6
| | | | | | | | Allow wildcard for PermitOpen hosts as well as ports. bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok markus@ Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
* upstream commitdjm@openbsd.org2016-03-071-3/+3
| | | | | | | | | | refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
* upstream commitnaddy@openbsd.org2016-02-081-7/+7
| | | | | | | | Only check errno if read() has returned an error. EOF is not an error. This fixes a problem where the mux master would sporadically fail to notice that the client had exited. ok mikeb@ djm@ Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53