Commit Graph

386 Commits

Author SHA1 Message Date
Damien Miller
03e92dd27d use same close logic for stderr as stdout
Avoids sending SIGPIPE to child processes after their parent exits
if they attempt to write to stderr.

Analysis and patch from JD Paul; patch reworked by Jakub Jelen and
myself. bz#2071; ok dtucker@
2019-02-08 14:50:36 +11:00
djm@openbsd.org
8cc7a679d2 upstream: convert channels.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
2019-01-20 09:02:37 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org
285310b897 upstream: no need to allocate channels_pre/channels_post in
channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938

OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
2018-12-07 13:58:49 +11:00
djm@openbsd.org
6f1aabb128 upstream: factor out channel status formatting from
channel_open_message() so we can use it in other debug messages

OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
2018-10-04 17:50:22 +10:00
djm@openbsd.org
f1dd179e12 upstream: include a little more information about the status and
disposition of channel's extended (stderr) fd; makes debugging some things a
bit easier. No behaviour change.

OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
2018-10-04 10:44:49 +10:00
markus@openbsd.org
5d14019ba2 upstream: avoid expensive channel_open_message() calls; ok djm@
OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9
2018-07-31 12:20:13 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
djm@openbsd.org
90e51d6727 upstream: fix NULL dereference in open_listen_match_tcpip()
OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9
2018-06-26 08:30:43 +10:00
djm@openbsd.org
115063a664 upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).

This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.

feedback and ok markus@

OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
2018-06-07 04:27:20 +10:00
djm@openbsd.org
001aa55484 upstream: lots of typos in comments/docs. Patch from Karsten Weiss
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)

OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10 10:17:15 +10:00
tb@openbsd.org
5069320be9 upstream commit
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.

ok djm

OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
2018-02-07 07:50:46 +11:00
djm@openbsd.org
14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
djm@openbsd.org
927f8514ce upstream commit
include the addr:port in bind/listen failure messages

OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
2017-12-07 11:46:35 +11:00
djm@openbsd.org
acf559e1cf upstream commit
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.

ListenAddress 0.0.0.0 rdomain 4

Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25 12:26:06 +11:00
djm@openbsd.org
218e6f98df upstream commit
fix inverted test on channel open failure path that
"upgraded" a transient failure into a fatal error; reported by sthen and also
seen by benno@; ok sthen@

Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
2017-09-24 23:46:12 +10:00
djm@openbsd.org
c704f641f7 upstream commit
write the correct buffer when tunnel forwarding; doesn't
matter on OpenBSD (they are the same) but does matter on portable where we
use an output filter to translate os-specific tun/tap headers

Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
2017-09-24 19:51:01 +10:00
djm@openbsd.org
55486f5cef upstream commit
fix tunnel forwarding problem introduced in refactor;
reported by stsp@ ok markus@

Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
2017-09-24 14:08:36 +10:00
markus@openbsd.org
609d7a66ce upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.

The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.

help and ok djm@

Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
2017-09-22 09:14:53 +10:00
millert@openbsd.org
3e8d185af3 upstream commit
Use explicit_bzero() instead of bzero() before free() to
prevent the compiler from optimizing away the bzero() call.  OK djm@

Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
2017-09-22 09:14:53 +10:00
djm@openbsd.org
4ec0bb9f9a upstream commit
unused variable

Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
2017-09-12 17:57:11 +10:00
djm@openbsd.org
9145a73ce2 upstream commit
fix tun/tap forwarding case in previous

Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
2017-09-12 17:37:03 +10:00
djm@openbsd.org
9f53229c2a upstream commit
Make remote channel ID a u_int

Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.

In practice everyone numbers their channels sequentially, so this has
never been a problem.

ok markus@

Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
2017-09-12 17:37:03 +10:00
djm@openbsd.org
dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org
71e5a536ec upstream commit
pass packet state down to some of the channels function
(more to come...); ok markus@

Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
2017-09-04 09:38:57 +10:00
deraadt@openbsd.org
dc5dc45662 upstream commit
These shutdown() SHUT_RDWR are not needed before close()
ok djm markus claudio

Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
2017-06-01 14:54:46 +10:00
djm@openbsd.org
c04e979503 upstream commit
fix possible OOB strlen() in SOCKS4A hostname parsing;
ok markus@

Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
2017-05-31 10:51:09 +10:00
markus@openbsd.org
2ae666a8fc upstream commit
protocol handlers all get struct ssh passed; ok djm@

Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
2017-05-31 10:50:05 +10:00
markus@openbsd.org
c221219b1f upstream commit
remove ssh1 references; ok djm@

Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
2017-05-31 10:46:44 +10:00
markus@openbsd.org
6cf711752c upstream commit
remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@

Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
2017-05-27 15:35:52 +10:00
markus@openbsd.org
364f0d5ede upstream commit
remove channel_input_close_confirmation (ssh1 only); ok
djm@

Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
2017-05-27 15:35:52 +10:00
djm@openbsd.org
930e8d2827 upstream commit
obliterate ssh1.h and some dead code that used it

ok markus@

Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
2017-05-01 10:05:06 +10:00
djm@openbsd.org
97f4d3083b upstream commit
remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01 09:42:37 +10:00
Darren Tucker
da39b09d43 If OSX is using launchd, remove screen no.
Check for socket with and without screen number.  From Apple and Jakob
Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
2017-03-10 13:22:32 +11:00
dtucker@openbsd.org
858252fb1d upstream commit
Return true reason for port forwarding failures where
feasible rather than always "administratively prohibited".  bz#2674, ok djm@

Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
2017-02-03 14:23:24 +11:00
dtucker@openbsd.org
246aa842a4 upstream commit
Remove channel_input_port_forward_request(); the only caller
was the recently-removed SSH1 server code so it's now dead code.  ok markus@

Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
2016-10-19 07:16:01 +11:00
djm@openbsd.org
2f78a2a698 upstream commit
fix some -Wpointer-sign warnings in the new mux proxy; ok
markus@

Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
2016-10-01 07:07:58 +10:00
markus@openbsd.org
8d05784785 upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client   and server on different machines. feedback
& ok djm@

Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-10-01 02:45:10 +10:00
natano@openbsd.org
492710894a upstream commit
Replace two more arc4random() loops with
arc4random_buf().

tweaks and ok dtucker
ok deraadt

Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
2016-09-21 11:03:55 +10:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
dtucker@openbsd.org
d7eabc86fa upstream commit
Allow wildcard for PermitOpen hosts as well as ports.
bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com.  ok
markus@

Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
2016-07-22 13:36:40 +10:00
djm@openbsd.org
95767262ca upstream commit
refactor canohost.c: move functions that cache results closer
 to the places that use them (authn and session code). After this, no state is
 cached in canohost.c

feedback and ok markus@

Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2016-03-08 06:20:35 +11:00
naddy@openbsd.org
603ba41179 upstream commit
Only check errno if read() has returned an error.  EOF is
 not an error. This fixes a problem where the mux master would sporadically
 fail to notice that the client had exited. ok mikeb@ djm@

Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53
2016-02-08 21:58:31 +11:00
djm@openbsd.org
b1d38a3cc6 upstream commit
fix some signed/unsigned integer type mismatches in
 format strings; reported by Nicholas Lemonias

Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16 10:54:08 +11:00
djm@openbsd.org
1bf477d3cd upstream commit
better refuse ForwardX11Trusted=no connections attempted
 after ForwardX11Timeout expires; reported by Jann Horn

Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
2015-07-01 12:29:43 +10:00
djm@openbsd.org
629df770db upstream commit
fatal() when a remote window update causes the window
 value to overflow. Reported by Georg Wicherski, ok markus@

Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
2015-06-30 16:12:20 +10:00
djm@openbsd.org
f715afebe7 upstream commit
Fix math error in remote window calculations that causes
 eventual stalls for datagram channels. Reported by Georg Wicherski, ok
 markus@

Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
2015-06-30 16:12:20 +10:00
millert@openbsd.org
ec04dc4a55 upstream commit
For "ssh -L 12345:/tmp/sock" don't fail with "No forward host
 name." (we have a path, not a host name).  Based on a diff from Jared
 Yanovich. OK djm@

Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
2015-06-07 13:09:58 +10:00
dtucker@openbsd.org
297060f42d upstream commit
Use xcalloc for permitted_adm_opens instead of xmalloc to
 ensure it's zeroed. Fixes post-auth crash with permitopen=none.  bz#2355, ok
 djm@
2015-05-08 13:32:59 +10:00
deraadt@openbsd.org
657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00