summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/serverloop.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-2/+2
| | | | ok djm markus
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-191-3/+3
|
* move dispatch to struct ssh; ok djm@markus2015-01-191-9/+16
|
* update packet.c & isolate, introduce struct sshmarkus2015-01-191-6/+5
| | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-22/+83
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* bz#1818 - don't send channel success/failre replies on channels thatdjm2014-04-291-2/+2
| | | | | have sent a close already; analysis and patch from Simon Tatham; ok markus@
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-2/+2
|
* Cast client_alive_interval to u_int64_t before assinging todtucker2013-12-191-2/+3
| | | | | max_time_milliseconds to avoid potential integer overflow in the timeout. bz#2170, patch from Loganaden Velvindron, ok djm@
* fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@djm2013-07-121-2/+3
|
* bye, bye xfree(); ok markus@djm2013-05-171-18/+14
|
* Fix some "unused result" warnings found via clang and -portable. ok markus@dtucker2013-05-161-2/+2
|
* Add RekeyLimit to sshd with the same syntax as the client allowing rekeyingdtucker2013-05-161-4/+10
| | | | based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.
* Cast signal to int for logging. A no-op on openbsd (they're always ints)dtucker2012-12-071-3/+3
| | | | but will prevent warnings in portable. ok djm@
* make AllowTcpForwarding accept "local" and "remote" in addition to itsdjm2012-12-021-6/+13
| | | | | current "yes"/"no" to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@
* initialise accept() backoff timer to avoid EINVAL from select(2) indjm2012-06-201-2/+2
| | | | rekeying
* don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for adjm2012-04-111-4/+10
| | | | while; ok deraadt@ markus@
* use FD_CLOEXEC consistently; patch from zion AT x96.orgdjm2011-05-151-3/+3
|
* Keep track of number of bytes read and written. Needed for upcomingandreas2009-05-281-2/+6
| | | | | changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
* Put the globals in packet.c into a struct and don't access it directlyandreas2009-05-251-3/+3
| | | | | from other files. No functional changes. ok markus@ djm@
* tighten check for -R0:... forwarding: only allow dynamic allocation ifdjm2009-02-121-1/+2
| | | | want_reply is set in the packet
* support remote port forwarding with a zero listen port (-R0:...) todjm2009-02-121-4/+8
| | | | | dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* make a2port() return -1 when it encounters an invalid port numberdjm2009-01-221-2/+2
| | | | | | | | | | | rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
* backout 1.149, since it's not necessary and openssh clients sendmarkus2008-12-021-3/+3
| | | | broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
* only pass channel requests on session channels through to the sessiondjm2008-06-301-2/+3
| | | | channel handler, avoiding spurious log messages; ok! markus@
* Add a no-more-sessions@openssh.com global request extension that thedjm2008-06-101-1/+11
| | | | | | | | | | | | client sends when it knows that it will never request another session (i.e. when session multiplexing is disabled). This allows a server to disallow further session requests and terminate the session. Why would a non-multiplexing client ever issue additional session requests? It could have been attacked with something like SSH'jack: http://www.storm.net.nz/projects/7 feedback & ok markus
* unbreakmarkus2008-05-091-2/+5
| | | | | | | ssh -2 localhost od /bin/ls | true ignoring SIGPIPE by adding a new channel message (EOW) that signals the peer that we're not interested in any data it might send. fixes bz #85; discussion, debugging and ok djm@
* Try additional addresses when connecting to a port forward destinationdjm2008-05-091-11/+8
| | | | | | | | | whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-2/+4
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* Allow all SSH2 packet types, including UNIMPLEMENTED to reset thedtucker2008-02-221-4/+3
| | | | keepalive timer (bz #1307). ok markus@
* Revert the change for bz #1307 as it causes connection aborts if an IGNOREdtucker2008-01-231-3/+1
| | | | | packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
* Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset thedtucker2007-12-281-1/+3
| | | | | | ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
* exit instead of doing a blocking tcp send if we detect a client/server timeout,markus2006-10-111-3/+5
| | | | since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+6
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* missed some needed #include <unistd.h> when KERBEROS5=no; issue fromstevesk2006-07-201-1/+2
| | | | massimo@cedoc.mo.it
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+2
|
* move #include <netinet/in.h> out of includes.h; ok deraadt@stevesk2006-07-051-1/+4
|
* spacingderaadt2006-03-251-3/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* spacingderaadt2006-03-201-0/+1
|
* sprinkle u_int throughout pty subsystem, ok markusderaadt2006-03-201-4/+4
|
* ARGSUSED for signal handlersderaadt2006-03-191-1/+3
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* memory leaks detected by Coverity via elad AT netbsd.org;djm2006-03-191-1/+2
| | | | ok deraadt@ dtucker@
* move a debug() outside of a signal handler; ok markus@ a little while backdjm2006-03-041-2/+2
|
* move #include <signal.h> out of includes.h; ok markus@stevesk2006-02-201-1/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.