summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/channels.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Pause the mux channel while waiting for reply from aynch callbacks.djm2010-05-141-3/+5
| | | | | | | | | | | | Prevents misordering of replies if new requests arrive while waiting. Extend channel open confirm callback to allow signalling failure conditions as well as success. Use this to 1) fix a memory leak, 2) start using the above pause mechanism and 3) delay sending a success/ failure message on mux slave session open until we receive a reply from the server. motivated by and with feedback from markus@
* rewrite ssh(1) multiplexing code to a more sensible protocol.djm2010-01-261-4/+14
| | | | | | | | | | | | | | | | | | | | | | The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
* Add a 'netcat mode' (ssh -W). This connects stdio on the client to a singledtucker2010-01-111-1/+2
| | | | | | port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@
* Remove RoutingDomain from ssh since it's now not needed. It can be replaceddtucker2010-01-091-2/+1
| | | | | | | | | | | | | with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* fix race condition in x11/agent channel allocation: don't read aftermarkus2009-11-111-2/+6
| | | | | | the end of the select read/write fdset and make sure a reused FD is not touched before the pre-handlers are called. with and ok djm@
* Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.reyk2009-10-281-1/+2
| | | | ok markus@
* support remote port forwarding with a zero listen port (-R0:...) todjm2009-02-121-2/+2
| | | | | dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* make Channel->path an allocated string, saving a few bytes here anddjm2009-01-221-4/+2
| | | | there and fixing bz#1380 in the process; ok markus@
* don't call isatty() on a pty master, instead pass a flag down todjm2008-06-151-2/+2
| | | | | | channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
* The multiplexing escape char handler commit last night introduced adjm2008-06-121-2/+4
| | | | small memory leak per session; plug it.
* Enable ~ escapes for multiplex slave sessions; give each channeldjm2008-06-121-2/+3
| | | | | | | | | | | | | its own escape state and hook the escape filters up to muxed channels. bz #1331 Mux slaves do not currently support the ~^Z and ~& escapes. NB. this change cranks the mux protocol version, so a new ssh mux client will not be able to connect to a running old ssh mux master. ok dtucker@
* Add extended test mode (-T) and connection parameters for test mode (-C).dtucker2008-06-101-1/+2
| | | | | | -T causes sshd to write its effective configuration to stdout and exit. -C causes any relevant Match rules to be applied before output. The combination allows tesing of the parser and config files. ok deraadt djm
* unbreakmarkus2008-05-091-1/+2
| | | | | | | ssh -2 localhost od /bin/ls | true ignoring SIGPIPE by adding a new channel message (EOW) that signals the peer that we're not interested in any data it might send. fixes bz #85; discussion, debugging and ok djm@
* Try additional addresses when connecting to a port forward destinationdjm2008-05-091-5/+16
| | | | | | | | | whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-5/+21
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* increase default channel windows; ok djmmarkus2007-06-111-3/+3
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-3/+1
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* Make PermitOpen take a list of permitted ports and act more like most otherdtucker2006-07-211-2/+2
| | | | | keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@
* Add PermitOpen directive to sshd_config which is equivalent to thedtucker2006-07-171-1/+3
| | | | | | | | | | | | | "permitopen" key option. Allows server admin to allow TCP port forwarding only two specific host/port pairs. Useful when combined with Match. If permitopen is used in both sshd_config and a key option, both must allow a given connection before it will be permitted. Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@.
* add ExitOnForwardFailure: terminate the connection if ssh(1)markus2006-07-111-3/+3
| | | | | cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
* standardise spacing in $OpenBSD$ tags; requested by deraadt@djm2006-03-251-1/+1
|
* add channel output filter interface.reyk2005-12-301-4/+8
| | | | ok djm@, suggested by markus@
* make sure protocol messages for internal channels are ignored.markus2005-12-121-1/+2
| | | | allow adjust messages for non-open channels; with and ok djm@
* Add support for tun(4) forwarding over OpenSSH, based on an idea andreyk2005-12-061-1/+3
| | | | | | | | | | | | initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
* fix regression I introduced in 4.2: X11 forwardings initiated afterdjm2005-10-101-3/+4
| | | | | a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
* Fix a number of X11 forwarding channel leaks:djm2005-07-171-2/+2
| | | | | | | | 1. Refuse multiple X11 forwarding requests on the same session 2. Clean up all listeners after a single_connection X11 forward, not just the one that made the single connection 3. Destroy X11 listeners when the session owning them goes away testing and ok dtucker@
* race when efd gets closed while there is still buffered data:markus2005-07-081-2/+2
| | | | | | | | change CHANNEL_EFD_OUTPUT_ACTIVE() 1) c->efd must always be valid AND 2a) no EOF has been seen OR 2b) there is buffered data report, initial fix and testing Chuck Cranor
* move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd easierdjm2005-06-161-2/+3
| | | | later; ok deraadt@
* bz#413: allow optional specification of bind address for port forwardings.djm2005-03-011-4/+6
| | | | | | | | Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
* fix some window size change bugs for multiplexed connections: windows sizesdjm2004-10-291-1/+2
| | | | | | were not being updated if they had changed after ~^Z suspends and SIGWINCH was not being processed unless the first connection had requested a tty; ok markus
* some signed/unsigned int comparison cleanups; markus@ okavsm2004-08-111-2/+2
|
* implement session multiplexing in the client (the server has supported thisdjm2004-06-131-2/+5
| | | | since 2.0); ok markus@
* bz #756: add support for the cancel-tcpip-forward request for the server anddjm2004-05-211-1/+3
| | | | | the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; ok markus@
* move client only agent code to clientloop.cmarkus2003-09-231-2/+1
|
* move channel counter to u_intmarkus2002-06-241-8/+8
|
* display, screen, row, col, xpixel, ypixel are u_int; markus okderaadt2002-06-231-2/+2
|
* move creation of agent socket to session.c; no need for uidswappingmarkus2002-06-101-4/+1
| | | | in channel.c.
* CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, toomarkus2002-03-261-2/+2
|
* don't send stderr data after EOF, accept this from older known (broken)markus2002-03-251-1/+13
| | | | sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179
* $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; addstevesk2002-03-041-1/+2
| | | | | missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
* increase the SSH v2 window size to 4 packets. comsumes a littlemarkus2002-02-141-8/+8
| | | | bit more memory for slow receivers but increases througput.
* merge channel_request() into channel_request_start()markus2002-02-051-2/+1
|
* generic callbacks are not really used, remove andmarkus2002-02-031-5/+3
| | | | | add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION ok djm@
* remove unused channel_input_channel_requestmarkus2002-02-031-2/+1
|
* wrapper for channel_setup_fwd_listenermarkus2002-01-161-5/+3
|
* (c) 2002markus2002-01-141-2/+2
|
* remove function pointers for events, remove chan_init*; ok provos@markus2002-01-141-12/+8
|
* add chan_set_[io]state(), order states, state is now an u_int,markus2002-01-131-11/+11
| | | | simplifies debugging messages; ok provos@
* remove plen from the dispatch fn. it's no longer used.markus2001-12-281-15/+15
|
* Conformance fix: we should send failing packet sequence number whendjm2001-12-201-15/+15
| | | | | responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.