summaryrefslogtreecommitdiff
path: root/channels.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org2018-04-101-4/+4
| | | | | | | after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
* upstream committb@openbsd.org2018-02-071-4/+9
| | | | | | | | | | The file descriptors for socket, stdin, stdout and stderr aren't necessarily distinct, so check if they are the same to avoid closing the same fd several times. ok djm OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
* upstream commitdjm@openbsd.org2018-01-231-30/+15
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdjm@openbsd.org2017-12-071-4/+9
| | | | | | include the addr:port in bind/listen failure messages OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
* upstream commitdjm@openbsd.org2017-10-251-16/+3
| | | | | | | | | Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
* upstream commitdjm@openbsd.org2017-09-241-2/+2
| | | | | | | | fix inverted test on channel open failure path that "upgraded" a transient failure into a fatal error; reported by sthen and also seen by benno@; ok sthen@ Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
* upstream commitdjm@openbsd.org2017-09-241-2/+2
| | | | | | | | write the correct buffer when tunnel forwarding; doesn't matter on OpenBSD (they are the same) but does matter on portable where we use an output filter to translate os-specific tun/tap headers Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
* upstream commitdjm@openbsd.org2017-09-241-7/+8
| | | | | | | fix tunnel forwarding problem introduced in refactor; reported by stsp@ ok markus@ Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
* upstream commitmarkus@openbsd.org2017-09-221-85/+289
| | | | | | | | | | | | | | | | | Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
* upstream commitmillert@openbsd.org2017-09-221-2/+2
| | | | | | | Use explicit_bzero() instead of bzero() before free() to prevent the compiler from optimizing away the bzero() call. OK djm@ Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
* upstream commitdjm@openbsd.org2017-09-121-3/+3
| | | | | | unused variable Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
* upstream commitdjm@openbsd.org2017-09-121-1/+2
| | | | | | fix tun/tap forwarding case in previous Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
* upstream commitdjm@openbsd.org2017-09-121-10/+30
| | | | | | | | | | | | | | | Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
* upstream commitdjm@openbsd.org2017-09-121-1363/+1648
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitdjm@openbsd.org2017-09-041-9/+9
| | | | | | | pass packet state down to some of the channels function (more to come...); ok markus@ Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
* upstream commitderaadt@openbsd.org2017-06-011-3/+1
| | | | | | | These shutdown() SHUT_RDWR are not needed before close() ok djm markus claudio Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
* upstream commitdjm@openbsd.org2017-05-311-6/+10
| | | | | | | fix possible OOB strlen() in SOCKS4A hostname parsing; ok markus@ Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
* upstream commitmarkus@openbsd.org2017-05-311-19/+18
| | | | | | protocol handlers all get struct ssh passed; ok djm@ Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
* upstream commitmarkus@openbsd.org2017-05-311-2/+2
| | | | | | remove ssh1 references; ok djm@ Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
* upstream commitmarkus@openbsd.org2017-05-271-11/+1
| | | | | | remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
* upstream commitmarkus@openbsd.org2017-05-271-22/+1
| | | | | | | remove channel_input_close_confirmation (ssh1 only); ok djm@ Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
* upstream commitdjm@openbsd.org2017-05-011-162/+1
| | | | | | | | obliterate ssh1.h and some dead code that used it ok markus@ Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
* upstream commitdjm@openbsd.org2017-05-011-393/+130
| | | | | | | | remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
* If OSX is using launchd, remove screen no.Darren Tucker2017-03-101-7/+41
| | | | | Check for socket with and without screen number. From Apple and Jakob Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
* upstream commitdtucker@openbsd.org2017-02-031-7/+26
| | | | | | | Return true reason for port forwarding failures where feasible rather than always "administratively prohibited". bz#2674, ok djm@ Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
* upstream commitdtucker@openbsd.org2016-10-191-40/+1
| | | | | | | Remove channel_input_port_forward_request(); the only caller was the recently-removed SSH1 server code so it's now dead code. ok markus@ Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
* upstream commitdjm@openbsd.org2016-10-011-3/+9
| | | | | | | fix some -Wpointer-sign warnings in the new mux proxy; ok markus@ Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
* upstream commitmarkus@openbsd.org2016-10-011-12/+380
| | | | | | | | | | | ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@ Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
* upstream commitnatano@openbsd.org2016-09-211-11/+7
| | | | | | | | | | Replace two more arc4random() loops with arc4random_buf(). tweaks and ok dtucker ok deraadt Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
* upstream commitderaadt@openbsd.org2016-09-121-11/+10
| | | | | | | | Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
* upstream commitdtucker@openbsd.org2016-07-221-2/+6
| | | | | | | | Allow wildcard for PermitOpen hosts as well as ports. bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok markus@ Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
* upstream commitdjm@openbsd.org2016-03-081-3/+3
| | | | | | | | | | refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
* upstream commitnaddy@openbsd.org2016-02-081-7/+7
| | | | | | | | Only check errno if read() has returned an error. EOF is not an error. This fixes a problem where the mux master would sporadically fail to notice that the client had exited. ok mikeb@ djm@ Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53
* upstream commitdjm@openbsd.org2015-10-161-2/+2
| | | | | | | fix some signed/unsigned integer type mismatches in format strings; reported by Nicholas Lemonias Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
* upstream commitdjm@openbsd.org2015-07-011-1/+17
| | | | | | | better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires; reported by Jann Horn Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
* upstream commitdjm@openbsd.org2015-06-301-3/+6
| | | | | | | fatal() when a remote window update causes the window value to overflow. Reported by Georg Wicherski, ok markus@ Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
* upstream commitdjm@openbsd.org2015-06-301-2/+2
| | | | | | | | Fix math error in remote window calculations that causes eventual stalls for datagram channels. Reported by Georg Wicherski, ok markus@ Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
* upstream commitmillert@openbsd.org2015-06-071-10/+14
| | | | | | | | For "ssh -L 12345:/tmp/sock" don't fail with "No forward host name." (we have a path, not a host name). Based on a diff from Jared Yanovich. OK djm@ Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
* upstream commitdtucker@openbsd.org2015-05-081-2/+2
| | | | | | Use xcalloc for permitted_adm_opens instead of xmalloc to ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok djm@
* upstream commitderaadt@openbsd.org2015-04-291-7/+7
| | | | | rename xrealloc() to xreallocarray() since it follows that form. ok djm
* Wrap stdint.h includes in ifdefs.Darren Tucker2015-02-231-0/+2
|
* upstream commitmillert@openbsd.org2015-02-091-3/+3
| | | | | SIZE_MAX is standard, we should be using it in preference to the obsolete SIZE_T_MAX. OK miod@ beck@
* upstream commitderaadt@openbsd.org2015-01-261-2/+3
| | | | | Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
* upstream commitmarkus@openbsd.org2015-01-201-26/+37
| | | | move dispatch to struct ssh; ok djm@
* upstream commitdjm@openbsd.org2014-12-111-1/+2
| | | | | explicitly include sys/param.h in files that use the howmany() macro; from portable
* upstream commitdjm@openbsd.org2014-10-131-5/+5
| | | | fix a few -Wpointer-sign warnings from clang
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-117/+483
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - djm@cvs.openbsd.org 2014/07/05 23:11:48Damien Miller2014-07-061-1/+4
| | | | | [channels.c] fix remote-forward cancel regression; ok markus@
* - djm@cvs.openbsd.org 2014/07/03 22:33:41Damien Miller2014-07-041-3/+15
| | | | | | | [channels.c] allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family; bz#2222 ok markus@
* - markus@cvs.openbsd.org 2014/06/27 16:41:56Damien Miller2014-07-021-26/+70
| | | | | | [channels.c channels.h clientloop.c ssh.c] fix remote fwding with same listen port but different listen address with gerhard@, ok djm@