summaryrefslogtreecommitdiffstats
path: root/mux.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org2020-05-011-1/+2
| | | | | | kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-11/+11
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-4/+4
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: convert mux.c to new packet APIdjm@openbsd.org2019-01-191-6/+13
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: remove big ugly TODO comment from start of file. Some ofdjm@openbsd.org2018-09-261-14/+1
| | | | | | | the mentioned tasks are obsolete and, of the remainder, most are already captured in PROTOCOL.mux where they better belong OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
* upstream: s/process_mux_master/mux_master_process/ in mux masterdjm@openbsd.org2018-09-261-36/+38
| | | | | | | | | | | | | function names, Gives better symmetry with the existing mux_client_*() names and makes it more obvious when a message comes from the master vs client (they are interleved in ControlMaster=auto mode). no functional change beyond prefixing a could of log messages with __func__ where they were previously lacking. OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
* upstream: fix some memory leaks spotted by Coverity via Jakub Jelendjm@openbsd.org2018-07-311-1/+2
| | | | | | in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* upstream: client: switch mux to sshbuf API; with & ok djm@markus@openbsd.org2018-07-101-414/+507
| | | | OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
* upstream: client: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-101-3/+3
| | | | OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
* upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org2018-06-091-4/+6
| | | | | | | | | | | environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
* upstream: Add a PermitListen directive to control which server-sidedjm@openbsd.org2018-06-061-3/+3
| | | | | | | | | | | | addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
* upstream commitdtucker@openbsd.org2017-09-221-2/+2
| | | | | | | | Use strsignal in debug message instead of casting for the benefit of portable where sig_atomic_t might not be int. "much nicer" deraadt@ Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
* upstream commitdtucker@openbsd.org2017-09-191-2/+2
| | | | | | | Prevent type mismatch warning in debug on platforms where sig_atomic_t != int. ok djm@ Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
* upstream commitdjm@openbsd.org2017-09-121-7/+11
| | | | | | | | | | | | | | | Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
* upstream commitdjm@openbsd.org2017-09-121-84/+109
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitdjm@openbsd.org2017-06-101-10/+20
| | | | | | | | return failure rather than fatal() for more cases during mux negotiations. Causes the session to fall back to a non-mux connection if they occur. bz#2707 ok dtucker@ Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
* upstream commitguenther@openbsd.org2017-01-301-5/+2
| | | | | | | | | | The POSIX APIs that that sockaddrs all ignore the s*_len field in the incoming socket, so userspace doesn't need to set it unless it has its own reasons for tracking the size along with the sockaddr. ok phessler@ deraadt@ florian@ Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
* upstream commitdtucker@openbsd.org2016-10-241-3/+5
| | | | | | | When tearing down ControlMaster connecctions, don't pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
* upstream commitmarkus@openbsd.org2016-09-301-7/+62
| | | | | | | | | | | ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@ Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
* upstream commitdtucker@openbsd.org2016-08-091-2/+3
| | | | | | | Improve error message for overlong ControlPath. ok markus@ djm@ Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
* upstream commitdtucker@openbsd.org2016-06-081-6/+4
| | | | | | | Move the host and port used by ssh -W into the Options struct. This will make future changes a bit easier. ok djm@ Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
* upstream commitdjm@openbsd.org2016-04-011-2/+2
| | | | | | whitespace at EOL Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
* upstream commitdjm@openbsd.org2016-01-141-10/+12
| | | | | | | | eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@ Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
* Support Illumos/Solaris fine-grained privilegesDamien Miller2016-01-081-0/+2
| | | | | | | Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
* upstream commitsemarie@openbsd.org2016-01-071-7/+4
| | | | | | | | | | | adjust pledge promises for ControlMaster: when using "ask" or "autoask", the process will use ssh-askpass for asking confirmation. problem found by halex@ ok halex@ Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
* upstream commitsemarie@openbsd.org2015-12-041-1/+10
| | | | | | | | | | | | pledges ssh client: - mux client: which is used when ControlMaster is in use. will end with "stdio proc tty" (proc is to permit sending SIGWINCH to mux master on window resize) - client loop: several levels of pledging depending of your used options ok deraadt@ Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
* upstream commitdjm@openbsd.org2015-10-161-3/+3
| | | | | | | fix some signed/unsigned integer type mismatches in format strings; reported by Nicholas Lemonias Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
* upstream commitdjm@openbsd.org2015-08-201-1/+5
| | | | | | | fix free() of uninitialised pointer reported by Mateusz Kocielski; ok markus@ Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
* upstream commitdjm@openbsd.org2015-05-101-2/+15
| | | | | | remove failed remote forwards established by muliplexing from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok dtucker@
* upstream commitdjm@openbsd.org2015-05-101-3/+3
| | | | | reduce stderr spam when using ssh -S /path/mux -O forward -R 0:... ok dtucker@
* upstream commitderaadt@openbsd.org2015-04-291-2/+2
| | | | | rename xrealloc() to xreallocarray() since it follows that form. ok djm
* upstream commitderaadt@openbsd.org2015-01-261-2/+1
| | | | | Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
* upstream commitdjm@openbsd.org2014-12-221-2/+3
| | | | | | fix passing of wildcard forward bind addresses when connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; ok dtucker@
* - djm@cvs.openbsd.org 2014/07/17 07:22:19Damien Miller2014-07-181-7/+59
| | | | | | | [mux.c ssh.c] reflect stdio-forward ("ssh -W host:port ...") failures in exit status. previously we were always returning 0. bz#2255 reported by Brendan Germain; ok dtucker
* - djm@cvs.openbsd.org 2014/07/17 00:10:18Damien Miller2014-07-181-2/+4
| | | | | [mux.c] preserve errno across syscall
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-86/+117
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - djm@cvs.openbsd.org 2014/04/28 03:09:18Damien Miller2014-05-151-3/+3
| | | | | | | | [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] [ssh-keygen.c] buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
* - djm@cvs.openbsd.org 2013/07/12 00:19:59Damien Miller2013-07-181-6/+13
| | | | | | [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
* - dtucker@cvs.openbsd.org 2013/06/05 02:07:29Darren Tucker2013-06-061-2/+6
| | | | | | [mux.c] fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, ok djm
* - dtucker@cvs.openbsd.org 2013/06/02 23:36:29Darren Tucker2013-06-061-2/+2
| | | | | | [clientloop.h clientloop.c mux.c] No need for the mux cleanup callback to be visible so restore it to static and call it through the detach_user function pointer. ok djm@
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-70/+52
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - dtucker@cvs.openbsd.org 2013/04/22 01:17:18Damien Miller2013-04-231-2/+2
| | | | | [mux.c] typo in debug output: evitval->exitval
* - djm@cvs.openbsd.org 2013/04/05 00:58:51Damien Miller2013-04-231-2/+3
| | | | | | [mux.c] cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too (in addition to ones already in OPEN); bz#2079, ok dtucker@
* - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] PreferDamien Miller2013-02-221-4/+0
| | | | | bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. ok tim
* - djm@cvs.openbsd.org 2013/01/02 00:32:07Damien Miller2013-01-091-3/+3
| | | | | | [clientloop.c mux.c] channel_setup_local_fwd_listener() returns 0 on failure, not -ve bz#2055 reported by mathieu.lacage AT gmail.com
* - dtucker@cvs.openbsd.org 2012/08/17 00:45:45Darren Tucker2012-09-061-2/+2
| | | | | | | [clientloop.c clientloop.h mux.c] Force a clean shutdown of ControlMaster client sessions when the ~. escape sequence is used. This means that ~. should now work in mux clients even if the server is no longer responding. Found by tedu, ok djm.
* - djm@cvs.openbsd.org 2012/07/06 01:37:21Damien Miller2012-07-061-3/+9
| | | | | | | [mux.c] fix memory leak of passed-in environment variables and connection context when new session message is malformed; bz#2003 from Bert.Wesarg AT googlemail.com
* - djm@cvs.openbsd.org 2012/06/01 01:01:22Damien Miller2012-06-201-2/+2
| | | | | | [mux.c] fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg AT googlemail.com