summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/clientloop.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead ofdjm2010-11-131-1/+4
| | | | | | hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
* kill proxy command on fatal() (we already kill it on clean exit);djm2010-10-061-1/+2
| | | | ok markus@
* add a "ControlPersist" option that automatically starts a backgrounddjm2010-07-191-4/+59
| | | | | | | | ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but further hacked on by wmertens AT cisco.com, apb AT cequrux.com, martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
* Add X11ForwardTimeout option to specify timeout for untrusted X11djm2010-06-251-6/+20
| | | | | | | | | | | authentication cookies to avoid fallback in X11 code to fully-trusted implicit authentication using SO_PEERCRED described at: http://lists.x.org/archives/xorg-devel/2010-May/008636.html After the X11ForwardTimeout has expired the client will now refuse incoming X11 channel opens. based on patch from Tavis Ormandy; "nice" markus@
* bz#1698: kill channel when pty allocation requests fail. Fixeddjm2010-04-101-2/+2
| | | | | stuck client if the server refuses pty allocation. ok dtucker@ "think so" markus@
* protocol conformance fix: send language tag when disconnecting normally;djm2010-03-131-1/+2
| | | | spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
* downgrade an error() to a debug() - this particular case can be hit indjm2010-01-281-3/+4
| | | | | normal operation for certain sequences of mux slave vs session closure and is harmless
* rewrite ssh(1) multiplexing code to a more sensible protocol.djm2010-01-261-23/+12
| | | | | | | | | | | | | | | | | | | | | | The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
* quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since wedjm2010-01-091-10/+13
| | | | usually don't actually have a tty to read/set; bz#1686 ok dtucker@
* fix incorrect exit status when multiplexing and channel ID 0 is recycleddjm2009-11-171-6/+8
| | | | bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
* client_loop() must detect if the session has been suspended and resumed,andreas2009-10-241-1/+11
| | | | | | and take appropriate action in that case. From Martin Forssen, maf at appgate dot com ok markus@
* only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@stevesk2009-07-051-6/+8
| | | | ok deraadt@ markus@
* Keep track of number of bytes read and written. Needed for upcomingandreas2009-05-281-4/+5
| | | | | changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
* Send SSH2_MSG_DISCONNECT when the client disconnects. From a largerandreas2009-05-271-1/+7
| | | | | change from Martin Forssen, maf at appgate dot com. ok markus@
* Put the globals in packet.c into a struct and don't access it directlyandreas2009-05-251-3/+3
| | | | | from other files. No functional changes. ok markus@ djm@
* support remote port forwarding with a zero listen port (-R0:...) todjm2009-02-121-2/+2
| | | | | dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* make a2port() return -1 when it encounters an invalid port numberdjm2009-01-221-5/+5
| | | | | | | | | | | rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
* fix typo in error messagestevesk2008-12-091-2/+2
|
* The ~C escape handler does not work correctly for multiplexed sessions -djm2008-12-091-4/+4
| | | | | | | it opens a commandline on the master session, instead of on the slave that requested it. Disable it on slave sessions until such time as it is fixed; bz#1543 report from Adrian Bridgett via Colin Watson ok markus@
* we have to use the recipient's channel number (RFC 4254) formarkus2008-12-021-2/+2
| | | | | | SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, otherwise we trigger 'Non-public channel' error messages on sshd systems with clientkeepalive enabled; noticed by sturm; ok djm;
* add dynamic forward escape command line; ok djm@stevesk2008-11-051-9/+16
|
* merge dynamic forward parsing into parse_forward(); 'i think this is OK' djm@stevesk2008-11-011-2/+2
|
* don't need to #include "monitor_fdpass.h"stevesk2008-10-301-2/+1
|
* rename variable first_gc -> last_gc (since it is actually the lastdjm2008-07-161-7/+7
| | | | in the list).
* sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@markus2008-07-101-16/+8
|
* I was coalescing expected global request confirmation replies at thedjm2008-06-121-2/+2
| | | | wrong end of the queue - fix; prompted by markus@
* The multiplexing escape char handler commit last night introduced adjm2008-06-121-1/+9
| | | | small memory leak per session; plug it.
* thall shalt not code past the eightieth columndjm2008-06-121-36/+70
|
* maintain an ordered queue of outstanding global requests that wedjm2008-06-121-2/+47
| | | | | | | | | expect replies to, similar to the per-channel confirmation queue. Use this queue to verify success or failure for remote forward establishment in a race free way. ok dtucker@
* Enable ~ escapes for multiplex slave sessions; give each channeldjm2008-06-121-37/+117
| | | | | | | | | | | | | its own escape state and hook the escape filters up to muxed channels. bz #1331 Mux slaves do not currently support the ~^Z and ~& escapes. NB. this change cranks the mux protocol version, so a new ssh mux client will not be able to connect to a running old ssh mux master. ok dtucker@
* unbreak tree by committing this bit that I missed from:djm2008-05-191-4/+4
| | | | | | | Fix sending tty modes when stdin is not a tty (bz#1199). Previously we would send the modes corresponding to a zeroed struct termios, whereas we should have been sending an empty list of modes. Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
* unbreakmarkus2008-05-091-1/+4
| | | | | | | ssh -2 localhost od /bin/ls | true ignoring SIGPIPE by adding a new channel message (EOW) that signals the peer that we're not interested in any data it might send. fixes bz #85; discussion, debugging and ok djm@
* tidy up session multiplexing code, moving it into its own file anddjm2008-05-091-297/+11
| | | | | | | making the function names more consistent - making ssh.c and clientloop.c a fair bit more readable. ok markus@
* Try additional addresses when connecting to a port forward destinationdjm2008-05-091-14/+7
| | | | | | | | | whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
* Use new channel status confirmation callback system to properly dealdjm2008-05-081-33/+73
| | | | | | | | | | | | | | with "important" channel requests that fail, in particular command exec, shell and subsystem requests. Previously we would optimistically assume that the requests would always succeed, which could cause hangs if they did not (e.g. when the server runs out of fds) or were unimplemented by the server (bz #1384) Also, properly report failing multiplex channel requests via the mux client stderr (subject to LogLevel in the mux master) - better than silently failing. most bits ok markus@ (as part of a larger diff)
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-3/+7
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* Allow all SSH2 packet types, including UNIMPLEMENTED to reset thedtucker2008-02-221-4/+3
| | | | keepalive timer (bz #1307). ok markus@
* Revert the change for bz #1307 as it causes connection aborts if an IGNOREdtucker2008-01-231-9/+1
| | | | | packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
* fd leak on session multiplexing error path. Report and patch fromdjm2008-01-191-1/+2
| | | | gregory_shively AT fanniemae.com
* Use the correct packet maximum sizes for remote port and agent forwarding.dtucker2007-12-281-3/+3
| | | | | Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent. bz #1360, ok djm@.
* Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset thedtucker2007-12-281-1/+9
| | | | | | ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
* fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;djm2007-11-031-1/+8
| | | | ok dtucker@
* make file descriptor passing code return an error rather than call fatal()djm2007-09-041-5/+18
| | | | | when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@
* do NOT fall back to the trused x11 cookie if generation of an untrustedmarkus2007-08-151-14/+24
| | | | cookie fails; from security-alert at sun.com; ok dtucker
* bz#1232: ensure that any specified LocalCommand is executed after thedjm2007-08-071-1/+39
| | | | | | tunnel device is opened. Also, make failures to open a tunnel device fatal when ExitOnForwardFailure is active. Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
* remove some bogus *p tests from charles longeautedu2007-03-201-5/+4
| | | | ok deraadt millert
* set maximum packet and window sizes the same for multiplexed clientsdjm2007-02-201-4/+10
| | | | as normal connections; ok markus@
* spacesstevesk2007-01-211-2/+2
|
* exit instead of doing a blocking tcp send if we detect a client/server timeout,markus2006-10-111-3/+5
| | | | since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-6/+5
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.