summaryrefslogtreecommitdiffstats
path: root/mux.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: remove duplicate misc.h include ok dtucker@jsg@openbsd.org2024-10-141-2/+1
| | | | OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e
* upstream: Fix proxy multiplexing (-O proxy) bugdjm@openbsd.org2024-07-261-14/+14
| | | | | | | | | | | | | | If a mux started with ControlPersist then later has a forwarding added using mux proxy connection and the forwarding was used, then when the mux proxy session terminates, the mux master process will send a channel close to the server with a bad channel ID and crash the connection. This was caused by my stupidly reusing c->remote_id for mux channel associations when I should have just added another member to struct channel. ok markus@ OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2
* upstream: Include existing mux path in debug message.dtucker@openbsd.org2023-11-241-2/+2
| | | | OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16
* upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that causeddjm@openbsd.org2023-08-181-2/+4
| | | | | | | multiplexed sessions to ignore SIGINT under some circumstances. Reported by / feedback naddy@, ok dtucker@ OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
* upstream: Apply ConnectTimeout to multiplexing local socketdtucker@openbsd.org2023-08-041-13/+22
| | | | | | | | connections. If the multiplex socket exists but the connection times out, ssh will fall back to a direct connection the same way it would if the socket did not exist at all. ok djm@ OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4
* upstream: make ssh -f (fork after authentication) work properly indjm@openbsd.org2023-07-271-5/+11
| | | | | | | multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by Peter Chubb; ok dtucker@ OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac
* upstream: prepare for support for connecting to unix domain socketsdjm@openbsd.org2023-06-211-7/+22
| | | | | | | | using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from the u32 that's passed over the multiplexing socket; previously code would just cast, which is UB. OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-3/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: Add channel_force_close()djm@openbsd.org2023-01-061-3/+3
| | | | | | | | | | | | | | | This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: Make SetEnv directives first-match-wins in bothdjm@openbsd.org2022-06-031-4/+5
| | | | | | | | | | | sshd_config and sshd_config; previously if the same name was reused then the last would win (which is the opposite to how the config is supposed to work). While there, make the ssh_config parsing more like sshd_config. bz3438, ok dtucker OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
* upstream: mux.c: mark argument as const; from Martin Vahlensieckdjm@openbsd.org2022-05-051-2/+2
| | | | OpenBSD-Commit-ID: 69a1a93a55986c7c2ad9f733c093b46a47184341
* upstream: suppress "Connection to xxx closed" messages at LogLevel >=djm@openbsd.org2022-01-111-2/+2
| | | | | | error bz3378; ok dtucker@ OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-4/+3
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-3/+2
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
* upstream: allow ssh_config SetEnv to override $TERM, which is otherwisedjm@openbsd.org2021-06-041-5/+7
| | | | | | | | handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries. feedback and ok dtucker@ OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
* upstream: restore blocking status on stdio fds before closedjm@openbsd.org2021-05-191-17/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | ssh(1) needs to set file descriptors to non-blocking mode to operate but it was not restoring the original state on exit. This could cause problems with fds shared with other programs via the shell, e.g. > $ cat > test.sh << _EOF > #!/bin/sh > { > ssh -Fnone -oLogLevel=verbose ::1 hostname > cat /usr/share/dict/words > } | sleep 10 > _EOF > $ ./test.sh > Authenticated to ::1 ([::1]:22). > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds > Bytes per second: sent 44338.9, received 55197.4 > cat: stdout: Resource temporarily unavailable This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) abandons/closes them. This was reported as bz3280 and GHPR246; ok dtucker@ OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-5/+5
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: whitespace; no code changedjm@openbsd.org2020-10-291-3/+3
| | | | OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-286/+252
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-031-19/+7
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-7/+7
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org2020-05-011-1/+2
| | | | | | kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-11/+11
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-4/+4
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: convert mux.c to new packet APIdjm@openbsd.org2019-01-191-6/+13
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: remove big ugly TODO comment from start of file. Some ofdjm@openbsd.org2018-09-261-14/+1
| | | | | | | the mentioned tasks are obsolete and, of the remainder, most are already captured in PROTOCOL.mux where they better belong OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
* upstream: s/process_mux_master/mux_master_process/ in mux masterdjm@openbsd.org2018-09-261-36/+38
| | | | | | | | | | | | | function names, Gives better symmetry with the existing mux_client_*() names and makes it more obvious when a message comes from the master vs client (they are interleved in ControlMaster=auto mode). no functional change beyond prefixing a could of log messages with __func__ where they were previously lacking. OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
* upstream: fix some memory leaks spotted by Coverity via Jakub Jelendjm@openbsd.org2018-07-311-1/+2
| | | | | | in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* upstream: client: switch mux to sshbuf API; with & ok djm@markus@openbsd.org2018-07-101-414/+507
| | | | OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
* upstream: client: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-101-3/+3
| | | | OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
* upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org2018-06-091-4/+6
| | | | | | | | | | | environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
* upstream: Add a PermitListen directive to control which server-sidedjm@openbsd.org2018-06-061-3/+3
| | | | | | | | | | | | addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
* upstream commitdtucker@openbsd.org2017-09-221-2/+2
| | | | | | | | Use strsignal in debug message instead of casting for the benefit of portable where sig_atomic_t might not be int. "much nicer" deraadt@ Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
* upstream commitdtucker@openbsd.org2017-09-191-2/+2
| | | | | | | Prevent type mismatch warning in debug on platforms where sig_atomic_t != int. ok djm@ Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
* upstream commitdjm@openbsd.org2017-09-121-7/+11
| | | | | | | | | | | | | | | Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
* upstream commitdjm@openbsd.org2017-09-121-84/+109
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitdjm@openbsd.org2017-06-101-10/+20
| | | | | | | | return failure rather than fatal() for more cases during mux negotiations. Causes the session to fall back to a non-mux connection if they occur. bz#2707 ok dtucker@ Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
* upstream commitguenther@openbsd.org2017-01-301-5/+2
| | | | | | | | | | The POSIX APIs that that sockaddrs all ignore the s*_len field in the incoming socket, so userspace doesn't need to set it unless it has its own reasons for tracking the size along with the sockaddr. ok phessler@ deraadt@ florian@ Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
* upstream commitdtucker@openbsd.org2016-10-241-3/+5
| | | | | | | When tearing down ControlMaster connecctions, don't pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
* upstream commitmarkus@openbsd.org2016-09-301-7/+62
| | | | | | | | | | | ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@ Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
* upstream commitdtucker@openbsd.org2016-08-091-2/+3
| | | | | | | Improve error message for overlong ControlPath. ok markus@ djm@ Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
* upstream commitdtucker@openbsd.org2016-06-081-6/+4
| | | | | | | Move the host and port used by ssh -W into the Options struct. This will make future changes a bit easier. ok djm@ Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
* upstream commitdjm@openbsd.org2016-04-011-2/+2
| | | | | | whitespace at EOL Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
* upstream commitdjm@openbsd.org2016-01-141-10/+12
| | | | | | | | eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@ Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
* Support Illumos/Solaris fine-grained privilegesDamien Miller2016-01-081-0/+2
| | | | | | | Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
* upstream commitsemarie@openbsd.org2016-01-071-7/+4
| | | | | | | | | | | adjust pledge promises for ControlMaster: when using "ask" or "autoask", the process will use ssh-askpass for asking confirmation. problem found by halex@ ok halex@ Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
* upstream commitsemarie@openbsd.org2015-12-041-1/+10
| | | | | | | | | | | | pledges ssh client: - mux client: which is used when ControlMaster is in use. will end with "stdio proc tty" (proc is to permit sending SIGWINCH to mux master on window resize) - client loop: several levels of pledging depending of your used options ok deraadt@ Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
* upstream commitdjm@openbsd.org2015-10-161-3/+3
| | | | | | | fix some signed/unsigned integer type mismatches in format strings; reported by Nicholas Lemonias Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 16:41:26 +0100