summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/channels.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* highly polished whitespace, mostly fixing spaces-for-tab and baddjm2021-04-031-4/+4
| | | | indentation on continuation lines. Prompted by GHPR#185
* ssh: add PermitRemoteOpen for remote dynamic forwarding with SOCKSmarkus2021-02-151-1/+20
| | | | ok djm@, dtucker@
* remove global variable used to stash compat flags and use thedjm2021-01-271-5/+5
| | | | purpose-built ssh->compat variable instead; feedback/ok markus@
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-274/+189
| | | | appending ssh_err(r) manually; ok markus@
* cap channel input buffer size at 16MB; avoids high memory use whendjm2020-09-201-1/+4
| | | | | | | | | peer advertises a large window but is slow to consume the data we send (e.g. because of a slow network) reported by Pierre-Yves David fix with & ok markus@
* put back the mux_ctx memleak fix, but only for channels of typedjm2020-07-031-1/+5
| | | | | SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels should not have this structure freed.
* revert r1.399 - the lifetime of c->mux_ctx is more complex; simply freeingdjm2020-07-031-3/+1
| | | | it here causes other problems
* fix memory leak of mux_ctx; patch from Sergiy Lozovsky via bz3189djm2020-07-031-1/+3
| | | | ok dtucker
* We've standardized on memset over bzero, replace a couple that had slippeddtucker2020-04-251-2/+2
| | | | in. ok deraadt markus djm.
* fix uninitialized pointers for forward_cancel; ok djmmarkus2020-03-061-3/+3
|
* change explicit_bzero();free() to freezero()jsg2020-02-261-7/+4
| | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
* the GatewayPorts vs -R listen address selection logic is stilldjm2020-01-251-2/+7
| | | | | confusing people, so add another comment explaining the special handling of "localhost"; bz#3258
* Remove some set but never used variables. ok daraadt@dtucker2019-07-071-3/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-23/+23
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Typo and spelling fixes in comments and error messages. Patch fromdtucker2019-06-071-2/+2
| | | | knweiss at gmail.com via -portable.
* For PermitOpen violations add the remote host and port toflorian2019-05-101-3/+21
| | | | | | | | | | | | be able to find out from where the request was comming. Add the same logging for PermitListen violations which where not logged at all. Pointed out by Robert Kisteleki (robert AT ripe.net) input markus OK deraadt
* Free channel objects on exit path. Patch from markus at blueflash.cc,dtucker2019-05-031-4/+24
| | | | ok deraadt
* convert channels.c to new packet APIdjm2019-01-191-30/+38
| | | | with & ok markus@
* begin landing remaining refactoring of packet parsing API, starteddjm2019-01-191-1/+4
| | | | | | | | | | | almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
* no need to allocate channels_pre/channels_post in channel_init_channels()djm2018-12-071-6/+2
| | | | | as we do it anyway in channel_handler_init() that we call at the end of the function. Fix from Markus Schmidt via bz#2938
* factor out channel status formatting from channel_open_message() sodjm2018-10-041-13/+24
| | | | we can use it in other debug messages
* include a little more information about the status and disposition ofdjm2018-10-041-3/+26
| | | | | channel's extended (stderr) fd; makes debugging some things a bit easier. No behaviour change.
* avoid expensive channel_open_message() calls; ok djm@markus2018-07-271-4/+6
|
* remove legacy key emulation layer; ok djm@markus2018-07-111-2/+2
|
* fix NULL dereference in open_listen_match_tcpip()djm2018-06-251-2/+2
|
* Add a PermitListen directive to control which server-side addressesdjm2018-06-061-174/+303
| | | | | | | | | may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@
* lots of typos in comments/docs. Patch from Karsten Weiss after checkingdjm2018-04-101-4/+4
| | | | with codespell tool (https://github.com/lucasdemarchi/codespell)
* The file descriptors for socket, stdin, stdout and stderr aren'ttb2018-02-051-4/+9
| | | | | | | necessarily distinct, so check if they are the same to avoid closing the same fd several times. ok djm
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-30/+15
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* include the addr:port in bind/listen failure messagesdjm2017-12-051-4/+7
|
* Add optional rdomain qualifier to sshd_config's ListenAddress optiondjm2017-10-251-16/+3
| | | | | | to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4
* fix inverted test on channel open failure path that "upgraded" adjm2017-09-241-2/+2
| | | | | transient failure into a fatal error; reported by sthen and also seen by benno@; ok sthen@
* write the correct buffer when tunnel forwarding; doesn't matterdjm2017-09-241-2/+2
| | | | | on OpenBSD (they are the same) but does matter on portable where we use an output filter to translate os-specific tun/tap headers
* fix tunnel forwarding problem introduced in refactor; reported bydjm2017-09-231-7/+8
| | | | stsp@ ok markus@
* Add 'reverse' dynamic forwarding which combines dynamic forwardingmarkus2017-09-211-85/+289
| | | | | | | | | | | | | | (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@
* Use explicit_bzero() instead of bzero() before free() to preventmillert2017-09-191-2/+2
| | | | the compiler from optimizing away the bzero() call. OK djm@
* unused variabledjm2017-09-121-3/+3
|
* fix tun/tap forwarding case in previousdjm2017-09-121-1/+2
|
* Make remote channel ID a u_intdjm2017-09-121-10/+30
| | | | | | | | | | | Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@
* refactor channels.cdjm2017-09-121-1352/+1633
| | | | | | | | | | | | | | | | | | Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
* pass packet state down to some of the channels function (moredjm2017-08-301-9/+9
| | | | to come...); ok markus@
* These shutdown() SHUT_RDWR are not needed before close()deraadt2017-05-311-3/+1
| | | | ok djm markus claudio
* fix possible OOB strlen() in SOCKS4A hostname parsing; ok markus@djm2017-05-311-6/+10
|
* protocol handlers all get struct ssh passed; ok djm@markus2017-05-301-19/+18
|
* remove ssh1 references; ok djm@markus2017-05-301-2/+2
|
* remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@markus2017-05-261-11/+1
|
* remove channel_input_close_confirmation (ssh1 only); ok djm@markus2017-05-261-22/+1
|
* obliterate ssh1.h and some dead code that used itdjm2017-04-301-162/+1
| | | | ok markus@
* remove compat20/compat13/compat15 variablesdjm2017-04-301-392/+129
| | | | ok markus@
* Return true reason for port forwarding failures where feasible ratherdtucker2017-02-011-7/+26
| | | | than always "administratively prohibited". bz#2674, ok djm@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.