summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/channels.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.reyk2009-10-281-7/+19
| | | | ok markus@
* Put the globals in packet.c into a struct and don't access it directlyandreas2009-05-251-2/+2
| | | | | from other files. No functional changes. ok markus@ djm@
* support remote port forwarding with a zero listen port (-R0:...) todjm2009-02-121-8/+44
| | | | | dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* oops! I committed the wrong version of the Channel->path diff,djm2009-01-221-3/+3
| | | | it was missing some tweaks suggested by stevesk@
* make Channel->path an allocated string, saving a few bytes here anddjm2009-01-221-13/+35
| | | | there and fixing bz#1380 in the process; ok markus@
* support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;djm2009-01-141-11/+39
| | | | "looks ok" markus@
* call channel destroy callbacks on receipt of open failure messages.djm2009-01-011-3/+3
| | | | | fixes client hangs when connecting to a server that has MaxSessions=0 set spotted by imorgan AT nas.nasa.gov; ok markus@
* channel_print_adm_permitted_opens() should deal with all the printingstevesk2008-12-091-2/+4
| | | | | for that config option. suggested by markus@; ok markus@ djm@ dtucker@
* s/remote_id/id/ to be more consistent with other code; ok djm@markus2008-12-021-6/+6
|
* for sshd -T print 'permitopen any' vs. 'permitopen' for case of nostevesk2008-11-111-1/+5
| | | | permitopen's; ok and input dtucker@
* fix some typos in log messages; ok djm@stevesk2008-11-011-4/+4
|
* this loop index should be automatic, not staticdjm2008-07-161-2/+2
|
* use struct sockaddr_storage instead of struct sockaddr for accept(2)djm2008-07-131-7/+7
| | | | address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
* unbreak; move clearing of cctx struct to before first usedjm2008-07-121-2/+2
| | | | reported by dkrause@
* missing bzero; from mickey; ok djm@markus2008-07-101-1/+2
|
* Rename the isatty argument to is_tty so we don't shadow isatty(3).dtucker2008-06-161-5/+5
| | | | ok markus@
* don't call isatty() on a pty master, instead pass a flag down todjm2008-06-151-15/+6
| | | | | | channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
* The multiplexing escape char handler commit last night introduced adjm2008-06-121-2/+7
| | | | small memory leak per session; plug it.
* Enable ~ escapes for multiplex slave sessions; give each channeldjm2008-06-121-2/+3
| | | | | | | | | | | | | its own escape state and hook the escape filters up to muxed channels. bz #1331 Mux slaves do not currently support the ~^Z and ~& escapes. NB. this change cranks the mux protocol version, so a new ssh mux client will not be able to connect to a running old ssh mux master. ok dtucker@
* Add extended test mode (-T) and connection parameters for test mode (-C).dtucker2008-06-101-1/+12
| | | | | | -T causes sshd to write its effective configuration to stdout and exit. -C causes any relevant Match rules to be applied before output. The combination allows tesing of the parser and config files. ok deraadt djm
* error-fd race: don't enable the error fd in the select bitmaskmarkus2008-05-091-2/+3
| | | | | | for channels with both in- and output closed, since the channel will go away before we call select(); report, lots of debugging help and ok djm@
* Try additional addresses when connecting to a port forward destinationdjm2008-05-091-57/+110
| | | | | | | | | whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-9/+64
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* avoid extra malloc/copy/free when receiving data over the net;markus2008-05-081-6/+3
| | | | ~10% speedup for localhost-scp; ok djm@
* avoid possible hijacking of x11-forwarded connections (back out 1.183)markus2008-04-021-4/+1
| | | | CVE-2008-1483; ok djm@
* When we added support for specified bind addresses for port forwards, wedjm2008-01-191-2/+2
| | | | | | | | | added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of this for -L port forwards that causes the client to listen on both v4 and v6 addresses when connected to a server with this quirk, despite having set 0.0.0.0 as a bind_address. report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
* Add a small helper function to consistently handle the EAI_SYSTEM errordtucker2007-12-271-6/+8
| | | | | code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
* Correct test for window updates every three packets; prevents sendingdtucker2007-06-251-2/+2
| | | | window updates for every single packet. ok markus@
* send 'window adjust' messages every tree packets and do not waitmarkus2007-06-111-2/+4
| | | | until 50% of the window is consumed. ok djm dtucker
* spacesstevesk2007-01-031-2/+2
|
* bz #1019: some ssh.com versions apparently can't cope with the remote portdjm2006-12-121-6/+13
| | | | | | forwarding bind_address being a hostname, so send them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@
* normalise some inconsistent (but harmless) NULL pointer checksdjm2006-08-291-4/+2
| | | | | spotted by the Stanford SATURN tool, via Isil Dillig; ok markus@ deraadt@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-6/+5
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* clean extra spacesstevesk2006-08-011-2/+2
|
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* more ARGSUSED (lint) for dispatch table-driven functions; ok djm@stevesk2006-07-211-1/+17
|
* Make PermitOpen take a list of permitted ports and act more like most otherdtucker2006-07-211-4/+4
| | | | | keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@
* Add PermitOpen directive to sshd_config which is equivalent to thedtucker2006-07-171-5/+45
| | | | | | | | | | | | | "permitopen" key option. Allows server admin to allow TCP port forwarding only two specific host/port pairs. Useful when combined with Match. If permitopen is used in both sshd_config and a key option, both must allow a given connection before it will be permitted. Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@.
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <netdb.h> out of includes.h; ok djm@stevesk2006-07-121-1/+2
|
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* add ExitOnForwardFailure: terminate the connection if ssh(1)markus2006-07-111-7/+10
| | | | | cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
* fix misparsing of SOCKS 5 packets that could result in a crash;djm2006-07-101-3/+6
| | | | reported by mk@ ok markus@
* move #include <arpa/inet.h> out of includes.h; old ok djm@stevesk2006-07-031-1/+5
|
* Fix condition where we could exit with a fatal error when an inputdjm2006-04-161-5/+3
| | | | | | | | | buffer became too large and the remote end had advertised a big window. The problem was a mismatch in the backoff math between the channels code and the buffer code, so make a buffer_check_alloc() function that the channels code can use to propsectivly check whether an incremental allocation will succeed. bz #1131, debugged with the assistance of cove AT wildpackets.com; ok dtucker@ deraadt@
* ARGSUSED for dispatch table-driven functionsdjm2006-03-301-1/+12
|
* do not accept unreasonable X ports numbers; ok djmderaadt2006-03-281-8/+8
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.