[clientloop.c]
when muxmaster is run with -N, make it shut down gracefully when a client
sends it "-O stop" rather than hanging around (bz#1985). ok djm@
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
(note: previous commit with this description was a mistake on my part while
pulling changes from OpenBSD)
[clientloop.c log.c ssh.1 log.h]
Add ~v and ~V escape sequences to raise and lower the logging level
respectively. Man page help from jmc, ok deraadt jmc
[clientloop.c clientloop.h mux.c]
Force a clean shutdown of ControlMaster client sessions when the ~. escape
sequence is used. This means that ~. should now work in mux clients even
if the server is no longer responding. Found by tedu, ok djm.
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
hook up a channel confirm callback to warn the user then requested X11
forwarding was refused by the server; ok markus@
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
improve our behaviour when TTY allocation fails: if we are in
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
Add a RequestTTY ssh_config option to allow configuration-based
control over tty allocation (like -t/-T); ok markus@
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
allow graceful shutdown of multiplexing: request that a mux server
removes its listener socket and refuse future multiplexing requests;
ok markus@
[clientloop.c]
a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
now that we use atomicio(), convert them from while loops to if statements
add test and cast to compile cleanly with -Wsigned
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
add a "ControlPersist" option that automatically starts a background
ssh(1) multiplex master when connecting. This connection can stay alive
indefinitely, or can be set to automatically close after a user-specified
duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
[clientloop.c]
bz#1698: kill channel when pty allocation requests fail. Fixed
stuck client if the server refuses pty allocation.
ok dtucker@ "think so" markus@
[clientloop.c]
downgrade an error() to a debug() - this particular case can be hit in
normal operation for certain sequences of mux slave vs session closure
and is harmless
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
rewrite ssh(1) multiplexing code to a more sensible protocol.
The new multiplexing code uses channels for the listener and
accepted control sockets to make the mux master non-blocking, so
no stalls when processing messages from a slave.
avoid use of fatal() in mux master protocol parsing so an errant slave
process cannot take down a running master.
implement requesting of port-forwards over multiplexed sessions. Any
port forwards requested by the slave are added to those the master has
established.
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
document master/slave mux protocol so that other tools can use it to
control a running ssh(1). Note: there are no guarantees that this
protocol won't be incompatibly changed (though it is versioned).
feedback Salvador Fandino, dtucker@
channel changes ok markus@
[mux.c sshpty.h clientloop.c sshtty.c]
quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
usually don't actually have a tty to read/set; bz#1686 ok dtucker@
[clientloop.c]
client_loop() must detect if the session has been suspended and resumed,
and take appropriate action in that case.
From Martin Forssen, maf at appgate dot com
ok markus@
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
Also, applied appropriate changes to Makefile.in
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
[clientloop.c]
The ~C escape handler does not work correctly for multiplexed sessions -
it opens a commandline on the master session, instead of on the slave
that requested it. Disable it on slave sessions until such time as it
is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
ok markus@
[clientloop.c]
we have to use the recipient's channel number (RFC 4254) for
SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
otherwise we trigger 'Non-public channel' error messages on sshd
systems with clientkeepalive enabled; noticed by sturm; ok djm;