| Age | Commit message (Collapse) | Author |
|---|
|
places that use them (authn and session code). After this, no state is
cached in canohost.c
feedback and ok markus@
|
|
This fixes a problem where the mux master would sporadically fail to
notice that the client had exited.
ok mikeb@ djm@
|
|
strings; reported by Nicholas Lemonias
|
|
ForwardX11Timeout expires; reported by Jann Horn
|
|
overflow. Reported by Georg Wicherski, ok markus@
|
|
for datagram channels. Reported by Georg Wicherski, ok markus@
|
|
(we have a path, not a host name). Based on a diff from Jared Yanovich.
OK djm@
|
|
Fixes post-auth crash with permitopen=none. bz#2355, ok djm@
|
|
ok djm
|
|
obsolete SIZE_T_MAX. OK miod@ beck@
|
|
ok djm markus
|
|
|
|
from portable
|
|
|
|
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
|
|
|
|
GatewayPorts=no; allows client to choose address family;
bz#2222 ok markus@
|
|
with gerhard@, ok djm@
|
|
callers that futzing with it will futz with the actual buffer
contents
|
|
spotted by Ben Hawkes; ok markus@
|
|
bz#2200, debian#738692 via Colin Watson; ok dtucker@
|
|
ok djm dtucker
|
|
listen ports. In the s->c message to open the channel we were sending
zero (the magic number to request a dynamic port) instead of the actual
listen port. The client therefore had no way of discriminating between
them.
Diagnosis and fix by ronf AT timeheart.net
|
|
|
|
listen address has been overridden by the server's GatewayPorts;
ok dtucker@
|
|
struct in_addr in a reply; simpler just use use buffer_put_int();
from portable; spotted by and ok dtucker@
|
|
|
|
disconnected via the ~. escape sequence. Channels in this state will
be able to close if the server responds, but do not count as active channels.
This means that if you ~. all of the mux clients when using ControlPersist
on a broken network, the backgrounded mux master will exit when the
Control Persist time expires rather than hanging around indefinitely.
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
|
|
keepalives and rekeying will work properly over clock steps. Suggested by
markus@, "looks good" djm@.
|
|
|
|
|
|
current "yes"/"no" to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@
|
|
|
|
while; ok deraadt@ markus@
|
|
(bz #1949). ok djm@
|
|
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
|
|
localhost:*". bz #1857, ok djm markus.
|
|
ok & feedback djm@
|
|
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
|
|
forwarding was refused by the server; ok markus@
|
|
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
|
|
data channels (i.e. TunnelForward):
Calculate local_consumed correctly in channel_handle_wfd() by measuring
the delta to buffer_len(c->output) from when we start to when we finish.
The proximal problem here is that the output_filter we use in portable
modified the length of the dequeued datagram (to futz with the headers
for !OpenBSD).
In channel_output_poll(), don't enqueue datagrams that won't fit in the
peer's advertised packet size (highly unlikely to ever occur) or which
won't fit in the peer's remaining window (more likely).
In channel_input_data(), account for the 4-byte string header in
datagram packets that we accept from the peer and enqueue in c->output.
report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
"looks good" markus@
|
|
|
|
timing information by short-circuiting like memcmp() and use it for
some of the more sensitive comparisons (though nothing high-value was
readily attackable anyway); "looks ok" markus@
|
|
internal-sftp accidentally introduced in r1.253 by removing the code
that opens and dup /dev/null to stderr and modifying the channels code
to read stderr but discard it instead; ok markus@
|
|
forwards per direction; ok markus@ stevesk@
|
|
Prevents misordering of replies if new requests arrive while waiting.
Extend channel open confirm callback to allow signalling failure
conditions as well as success. Use this to 1) fix a memory leak, 2)
start using the above pause mechanism and 3) delay sending a success/
failure message on mux slave session open until we receive a reply from
the server.
motivated by and with feedback from markus@
|
|
least) validate that they are well-formed;
reported by imorgan AT nas.nasa.gov
ok dtucker
|
|
The new multiplexing code uses channels for the listener and
accepted control sockets to make the mux master non-blocking, so
no stalls when processing messages from a slave.
avoid use of fatal() in mux master protocol parsing so an errant slave
process cannot take down a running master.
implement requesting of port-forwards over multiplexed sessions. Any
port forwards requested by the slave are added to those the master has
established.
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
document master/slave mux protocol so that other tools can use it to
control a running ssh(1). Note: there are no guarantees that this
protocol won't be incompatibly changed (though it is versioned).
feedback Salvador Fandino, dtucker@
channel changes ok markus@
|
|
port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate servers.
bz #1618, man page help from jmc@, ok markus@
|
