Commit Graph

86 Commits

Author SHA1 Message Date
djm@openbsd.org
e3128b3862 upstream: convert mux.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
2019-01-20 09:02:36 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org
dba5025833 upstream: remove big ugly TODO comment from start of file. Some of
the mentioned tasks are obsolete and, of the remainder, most are already
captured in PROTOCOL.mux where they better belong

OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
2018-09-26 17:35:49 +10:00
djm@openbsd.org
9d883a1ce4 upstream: s/process_mux_master/mux_master_process/ in mux master
function names,

Gives better symmetry with the existing mux_client_*() names and makes
it more obvious when a message comes from the master vs client (they
are interleved in ControlMaster=auto mode).

no functional change beyond prefixing a could of log messages with
__func__ where they were previously lacking.

OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
2018-09-26 11:50:28 +10:00
djm@openbsd.org
1a66079c06 upstream: fix some memory leaks spotted by Coverity via Jakub Jelen
in bz#2366 feedback and ok dtucker@

OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
2018-07-31 13:13:26 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
markus@openbsd.org
f4608a7065 upstream: client: switch mux to sshbuf API; with & ok djm@
OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
2018-07-10 15:14:26 +10:00
markus@openbsd.org
cecee2d607 upstream: client: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-07-10 15:14:26 +10:00
djm@openbsd.org
7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
djm@openbsd.org
115063a664 upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).

This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.

feedback and ok markus@

OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
2018-06-07 04:27:20 +10:00
dtucker@openbsd.org
36945fa103 upstream commit
Use strsignal in debug message instead of casting for the
benefit of portable where sig_atomic_t might not be int.  "much nicer"
deraadt@

Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
2017-09-22 09:14:53 +10:00
dtucker@openbsd.org
a3839d8d2b upstream commit
Prevent type mismatch warning in debug on platforms where
sig_atomic_t != int.  ok djm@

Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
2017-09-19 14:26:43 +10:00
djm@openbsd.org
9f53229c2a upstream commit
Make remote channel ID a u_int

Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.

In practice everyone numbers their channels sequentially, so this has
never been a problem.

ok markus@

Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
2017-09-12 17:37:03 +10:00
djm@openbsd.org
dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org
5b2f34a74a upstream commit
return failure rather than fatal() for more cases during
mux negotiations. Causes the session to fall back to a non-mux connection if
they occur. bz#2707 ok dtucker@

Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
2017-06-10 16:40:11 +10:00
guenther@openbsd.org
4ba15462ca upstream commit
The POSIX APIs that that sockaddrs all ignore the s*_len
field in the incoming socket, so userspace doesn't need to set it unless it
has its own reasons for tracking the size along with the sockaddr.

ok phessler@ deraadt@ florian@

Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
2017-01-30 11:07:44 +11:00
dtucker@openbsd.org
0b9ee623d5 upstream commit
When tearing down ControlMaster connecctions, don't
pollute stderr when LogLevel=quiet.  Patch from Tim Kuijsten via tech@.

Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
2016-10-24 10:42:57 +11:00
markus@openbsd.org
8d05784785 upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client   and server on different machines. feedback
& ok djm@

Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-10-01 02:45:10 +10:00
dtucker@openbsd.org
67dca60fbb upstream commit
Improve error message for overlong ControlPath.  ok markus@
djm@

Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
2016-08-09 09:33:23 +10:00
dtucker@openbsd.org
8543ff3f50 upstream commit
Move the host and port used by ssh -W into the Options
 struct. This will make future changes a bit easier.  ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-06-08 11:39:31 +10:00
djm@openbsd.org
95687f5831 upstream commit
whitespace at EOL

Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
2016-04-01 23:57:14 +11:00
djm@openbsd.org
ed4ce82dbf upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
 forwarding when the X server disables the SECURITY extension; Reported by
 Thomas Hoger; ok deraadt@

Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
2016-01-14 10:06:01 +11:00
Damien Miller
4626cbaf78 Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
2016-01-08 14:29:12 +11:00
semarie@openbsd.org
d7d2bc9504 upstream commit
adjust pledge promises for ControlMaster: when using
 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.

problem found by halex@

ok halex@

Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
2016-01-07 20:13:31 +11:00
semarie@openbsd.org
b91926a976 upstream commit
pledges ssh client:   - mux client: which is used when
 ControlMaster is in use.     will end with "stdio proc tty" (proc is to
 permit sending SIGWINCH to mux master on window resize)

  - client loop: several levels of pledging depending of your used options

ok deraadt@

Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
2015-12-04 15:14:59 +11:00
djm@openbsd.org
b1d38a3cc6 upstream commit
fix some signed/unsigned integer type mismatches in
 format strings; reported by Nicholas Lemonias

Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16 10:54:08 +11:00
djm@openbsd.org
45b0eb752c upstream commit
fix free() of uninitialised pointer reported by Mateusz
 Kocielski; ok markus@

Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
2015-08-20 13:07:41 +10:00
djm@openbsd.org
ca430d4d9c upstream commit
remove failed remote forwards established by muliplexing
 from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
 dtucker@
2015-05-10 11:54:25 +10:00
djm@openbsd.org
8312cfb8ad upstream commit
reduce stderr spam when using ssh -S /path/mux -O forward
 -R 0:... ok dtucker@
2015-05-10 11:54:20 +10:00
deraadt@openbsd.org
657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
deraadt@openbsd.org
087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org
46ac2ed467 upstream commit
fix passing of wildcard forward bind addresses when
 connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
 ok dtucker@
2014-12-22 19:06:27 +11:00
Damien Miller
357610d159 - djm@cvs.openbsd.org 2014/07/17 07:22:19
[mux.c ssh.c]
     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
     previously we were always returning 0. bz#2255 reported by Brendan
     Germain; ok dtucker
2014-07-18 15:04:10 +10:00
Damien Miller
f42f7684ec - djm@cvs.openbsd.org 2014/07/17 00:10:18
[mux.c]
     preserve errno across syscall
2014-07-18 15:03:27 +10:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
633de33b19 - djm@cvs.openbsd.org 2014/04/28 03:09:18
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
     [ssh-keygen.c]
     buffer_get_string_ptr's return should be const to remind
     callers that futzing with it will futz with the actual buffer
     contents
2014-05-15 13:48:26 +10:00
Damien Miller
ce98654674 - djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
Darren Tucker
746e9067bd - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
[mux.c]
     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
     ok djm
2013-06-06 08:20:13 +10:00
Darren Tucker
ea8342c248 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
[clientloop.h clientloop.c mux.c]
     No need for the mux cleanup callback to be visible so restore it to static
     and call it through the detach_user function pointer.  ok djm@
2013-06-06 08:11:40 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
bc02f163f6 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
[mux.c]
     typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
Damien Miller
172859cff7 - djm@cvs.openbsd.org 2013/04/05 00:58:51
[mux.c]
     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
     (in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
Damien Miller
b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
2013-02-23 09:12:23 +11:00
Damien Miller
73298f420e - djm@cvs.openbsd.org 2013/01/02 00:32:07
[clientloop.c mux.c]
     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
     bz#2055 reported by mathieu.lacage AT gmail.com
2013-01-09 15:55:50 +11:00
Darren Tucker
66cb0e0733 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
[clientloop.c clientloop.h mux.c]
     Force a clean shutdown of ControlMaster client sessions when the ~. escape
     sequence is used.  This means that ~. should now work in mux clients even
     if the server is no longer responding.  Found by tedu, ok djm.
2012-09-06 21:19:05 +10:00
Damien Miller
ab523b0246 - djm@cvs.openbsd.org 2012/07/06 01:37:21
[mux.c]
     fix memory leak of passed-in environment variables and connection
     context when new session message is malformed; bz#2003 from Bert.Wesarg
     AT googlemail.com
2012-07-06 13:44:43 +10:00
Damien Miller
2e7decfcc0 - djm@cvs.openbsd.org 2012/06/01 01:01:22
[mux.c]
     fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
     AT googlemail.com
2012-06-20 21:52:00 +10:00
Damien Miller
ac58ce86e6 - djm@cvs.openbsd.org 2012/01/07 21:11:36
[mux.c]
     fix double-free in new session handler
     NB. Id sync only
2012-06-20 21:50:47 +10:00
Damien Miller
140df63e1f - djm@cvs.openbsd.org 2011/12/04 23:16:12
[mux.c]
     revert:

     > revision 1.32
     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     > ok dtucker@

     it interacts badly with ControlPersist
2012-06-20 21:46:57 +10:00
Damien Miller
efc6fc995d - djm@cvs.openbsd.org 2011/12/02 00:41:56
[mux.c]
     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     ok dtucker@
2012-06-20 21:44:56 +10:00