summaryrefslogtreecommitdiff
path: root/channels.h
Commit message (Collapse)AuthorAgeFilesLines
* upstream commitmarkus@openbsd.org2015-01-201-14/+14
| | | | move dispatch to struct ssh; ok djm@
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-12/+16
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - markus@cvs.openbsd.org 2014/06/27 16:41:56Damien Miller2014-07-021-2/+3
| | | | | | [channels.c channels.h clientloop.c ssh.c] fix remote fwding with same listen port but different listen address with gerhard@, ok djm@
* - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-Damien Miller2013-08-011-0/+2
| | | | | | | blocking connecting socket will clear any stored errno that might otherwise have been retrievable via getsockopt(). A hack to limit writes to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap it in an #ifdef. Diagnosis and patch from Ivo Raisr.
* - dtucker@cvs.openbsd.org 2013/06/07 15:37:52Damien Miller2013-06-101-2/+3
| | | | | | | | | | | [channels.c channels.h clientloop.c] Add an "ABANDONED" channel state and use for mux sessions that are disconnected via the ~. escape sequence. Channels in this state will be able to close if the server responds, but do not count as active channels. This means that if you ~. all of the mux clients when using ControlPersist on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@.
* - dtucker@cvs.openbsd.org 2013/06/02 21:01:51Darren Tucker2013-06-061-2/+2
| | | | | [channels.h] typo in comment
* - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller2012-04-221-2/+4
| | | | | | [channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
* - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller2012-04-221-1/+2
| | | | | | [channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
* - markus@cvs.openbsd.org 2011/09/23 07:45:05Darren Tucker2011-10-021-1/+2
| | | | | | | | | | | [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h] unbreak remote portforwarding with dynamic allocated listen ports: 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
* - dtucker@cvs.openbsd.org 2011/09/23 00:22:04Darren Tucker2011-10-021-1/+2
| | | | | | [channels.c auth-options.c servconf.c channels.h sshd.8] Add wildcard support to PermitOpen, allowing things like "PermitOpen localhost:*". bz #1857, ok djm markus.
* - markus@cvs.openbsd.org 2011/09/10 22:26:34Damien Miller2011-09-221-2/+4
| | | | | | [channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@
* - djm@cvs.openbsd.org 2011/09/09 22:46:44Damien Miller2011-09-221-2/+4
| | | | | | | [channels.c channels.h clientloop.h mux.c ssh.c] support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@
* - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller2011-06-231-2/+2
| | | | | | [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
* - djm@cvs.openbsd.org 2010/05/14 23:29:23Damien Miller2010-05-211-3/+5
| | | | | | | | | | | | | | [channels.c channels.h mux.c ssh.c] Pause the mux channel while waiting for reply from aynch callbacks. Prevents misordering of replies if new requests arrive while waiting. Extend channel open confirm callback to allow signalling failure conditions as well as success. Use this to 1) fix a memory leak, 2) start using the above pause mechanism and 3) delay sending a success/ failure message on mux slave session open until we receive a reply from the server. motivated by and with feedback from markus@
* - djm@cvs.openbsd.org 2010/01/26 01:28:35Damien Miller2010-01-261-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] rewrite ssh(1) multiplexing code to a more sensible protocol. The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
* - dtucker@cvs.openbsd.org 2010/01/11 01:39:46Darren Tucker2010-01-121-1/+2
| | | | | | | | [ssh_config channels.c ssh.1 channels.h ssh.c] Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@
* - dtucker@cvs.openbsd.org 2010/01/09 23:04:13Darren Tucker2010-01-101-2/+1
| | | | | | | | | | | | | | | [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* - markus@cvs.openbsd.org 2009/11/11 21:37:03Darren Tucker2010-01-081-2/+6
| | | | | | | | [channels.c channels.h] fix race condition in x11/agent channel allocation: don't read after the end of the select read/write fdset and make sure a reused FD is not touched before the pre-handlers are called. with and ok djm@
* - reyk@cvs.openbsd.org 2009/10/28 16:38:18Darren Tucker2010-01-081-1/+2
| | | | | | | | [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
* - djm@cvs.openbsd.org 2009/02/12 03:00:56Damien Miller2009-02-141-2/+2
| | | | | | | | [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] [readconf.h serverloop.c ssh.c] support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* - djm@cvs.openbsd.org 2009/01/22 09:46:01Damien Miller2009-01-281-4/+2
| | | | | | [channels.c channels.h session.c] make Channel->path an allocated string, saving a few bytes here and there and fixing bz#1380 in the process; ok markus@
* - djm@cvs.openbsd.org 2008/06/15 20:06:26Damien Miller2008-06-161-2/+2
| | | | | | | | [channels.c channels.h session.c] don't call isatty() on a pty master, instead pass a flag down to channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
* - djm@cvs.openbsd.org 2008/06/12 15:19:17Darren Tucker2008-06-131-2/+4
| | | | | | [clientloop.h channels.h clientloop.c channels.c mux.c] The multiplexing escape char handler commit last night introduced a small memory leak per session; plug it.
* - djm@cvs.openbsd.org 2008/06/12 03:40:52Darren Tucker2008-06-131-2/+3
| | | | | | | | | | | | [clientloop.h mux.c channels.c clientloop.c channels.h] Enable ~ escapes for multiplex slave sessions; give each channel its own escape state and hook the escape filters up to muxed channels. bz #1331 Mux slaves do not currently support the ~^Z and ~& escapes. NB. this change cranks the mux protocol version, so a new ssh mux client will not be able to connect to a running old ssh mux master. ok dtucker@
* - dtucker@cvs.openbsd.org 2008/06/10 04:50:25Darren Tucker2008-06-101-1/+2
| | | | | | | | [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] Add extended test mode (-T) and connection parameters for test mode (-C). -T causes sshd to write its effective configuration to stdout and exit. -C causes any relevant Match rules to be applied before output. The combination allows tesing of the parser and config files. ok deraadt djm
* - markus@cvs.openbsd.org 2008/05/09 16:21:13Damien Miller2008-05-191-1/+2
| | | | | | | | | [channels.h clientloop.c nchan.c serverloop.c] unbreak ssh -2 localhost od /bin/ls | true ignoring SIGPIPE by adding a new channel message (EOW) that signals the peer that we're not interested in any data it might send. fixes bz #85; discussion, debugging and ok djm@
* - djm@cvs.openbsd.org 2008/05/09 04:55:56Damien Miller2008-05-191-5/+16
| | | | | | | | | | | [channels.c channels.h clientloop.c serverloop.c] Try additional addresses when connecting to a port forward destination whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
* - djm@cvs.openbsd.org 2008/05/08 12:02:23Damien Miller2008-05-191-5/+21
| | | | | | | | | | | | | | | [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] [ssh.c sshd.c] Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* - markus@cvs.openbsd.org 2007/06/11 09:14:00Darren Tucker2007-06-121-3/+3
| | | | | [channels.h] increase default channel windows; ok djm
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - dtucker@cvs.openbsd.org 2006/07/21 12:43:36Damien Miller2006-07-241-2/+2
| | | | | | | [channels.c channels.h servconf.c servconf.h sshd_config.5] Make PermitOpen take a list of permitted ports and act more like most other keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@
* - dtucker@cvs.openbsd.org 2006/07/17 12:06:00Damien Miller2006-07-241-1/+3
| | | | | | | | | | | | | [channels.c channels.h servconf.c sshd_config.5] Add PermitOpen directive to sshd_config which is equivalent to the "permitopen" key option. Allows server admin to allow TCP port forwarding only two specific host/port pairs. Useful when combined with Match. If permitopen is used in both sshd_config and a key option, both must allow a given connection before it will be permitted. Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@.
* - markus@cvs.openbsd.org 2006/07/11 18:50:48Darren Tucker2006-07-121-3/+3
| | | | | | | | [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c channels.h readconf.c] add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
* - djm@cvs.openbsd.org 2006/03/25 22:22:43Damien Miller2006-03-261-1/+1
| | | | | | | | | | | | | | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
* - reyk@cvs.openbsd.org 2005/12/30 15:56:37Damien Miller2005-12-311-4/+8
| | | | | | [channels.c channels.h clientloop.c] add channel output filter interface. ok djm@, suggested by markus@
* - markus@cvs.openbsd.org 2005/12/12 13:46:18Damien Miller2005-12-131-1/+2
| | | | | | [channels.c channels.h session.c] make sure protocol messages for internal channels are ignored. allow adjust messages for non-open channels; with and ok djm@
* - reyk@cvs.openbsd.org 2005/12/06 22:38:28Damien Miller2005-12-131-1/+3
| | | | | | | | | | | | | | | | | [auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
* - djm@cvs.openbsd.org 2005/10/10 10:23:08Damien Miller2005-11-051-3/+4
| | | | | | | [channels.c channels.h clientloop.c serverloop.c session.c] fix regression I introduced in 4.2: X11 forwardings initiated after a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
* - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of lineDamien Miller2005-07-171-2/+2
| | | | | | | | | | | - djm@cvs.openbsd.org 2005/07/17 06:49:04 [channels.c channels.h session.c session.h] Fix a number of X11 forwarding channel leaks: 1. Refuse multiple X11 forwarding requests on the same session 2. Clean up all listeners after a single_connection X11 forward, not just the one that made the single connection 3. Destroy X11 listeners when the session owning them goes away testing and ok dtucker@
* - markus@cvs.openbsd.org 2005/07/08 09:41:33Darren Tucker2005-07-141-2/+2
| | | | | | | | | | [channels.h] race when efd gets closed while there is still buffered data: change CHANNEL_EFD_OUTPUT_ACTIVE() 1) c->efd must always be valid AND 2a) no EOF has been seen OR 2b) there is buffered data report, initial fix and testing Chuck Cranor
* - (djm) OpenBSD CVS SyncDamien Miller2005-06-171-2/+3
| | | | | | | - djm@cvs.openbsd.org 2005/06/16 03:38:36 [channels.c channels.h clientloop.c clientloop.h ssh.c] move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd easier later; ok deraadt@
* - djm@cvs.openbsd.org 2005/03/01 10:09:52Damien Miller2005-03-011-4/+6
| | | | | | | | | | [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
* - djm@cvs.openbsd.org 2004/10/29 21:47:15Darren Tucker2004-11-051-1/+2
| | | | | | | | [channels.c channels.h clientloop.c] fix some window size change bugs for multiplexed connections: windows sizes were not being updated if they had changed after ~^Z suspends and SIGWINCH was not being processed unless the first connection had requested a tty; ok markus
* - avsm@cvs.openbsd.org 2004/08/11 21:43:05Darren Tucker2004-08-131-2/+2
| | | | | [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] some signed/unsigned int comparison cleanups; markus@ ok
* - djm@cvs.openbsd.org 2004/06/13 15:03:02Damien Miller2004-06-151-2/+5
| | | | | | | [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] implement session multiplexing in the client (the server has supported this since 2.0); ok markus@
* - djm@cvs.openbsd.org 2004/05/21 11:33:11Darren Tucker2004-05-241-1/+3
| | | | | | | [channels.c channels.h clientloop.c serverloop.c ssh.1] bz #756: add support for the cancel-tcpip-forward request for the server and the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; ok markus@
* - markus@cvs.openbsd.org 2003/09/23 20:41:11Darren Tucker2003-10-021-2/+1
| | | | | [channels.c channels.h clientloop.c] move client only agent code to clientloop.c
* - (bal) AIX tty data limiting patch fix by leigh@solinno.co.ukBen Lindstrom2002-07-221-0/+1
|
* - markus@cvs.openbsd.org 2002/06/24 14:33:27Ben Lindstrom2002-06-251-8/+8
| | | | | [channels.c channels.h clientloop.c serverloop.c] move channel counter to u_int
* - deraadt@cvs.openbsd.org 2002/06/23 21:06:41Ben Lindstrom2002-06-231-2/+2
| | | | | | | [channels.c channels.h session.c session.h] display, screen, row, col, xpixel, ypixel are u_int; markus ok - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col, xpixel are u_int.