Age | Commit message (Collapse) | Author |
|
* hans/ssh/unknown_msgfun/OTP-12813:
ssh: Option unexpectedfun for ssh:daemon and ssh:connect
|
|
* hans/ssh/no_erlint_func/OTP-11697:
ssh: Replace erlint/1 in ssh_message.erl and ssh_auth.erl
|
|
This option has a fun as value. The fun will be called when an
unexpected message arrives. The fun returns either 'skip' or 'report'
to guide the connection_handler what to do.
One usage is to filter out messages that are not wanted in the error
logger as info reports. An example of such a message is the 'etimedout'
tcp error message that will be received if a connection has keep_alive
and the peer is restarted.
|
|
|
|
|
|
|
|
In the old times there was no binary notation which handled this particulary case, but now we can write big-signed-integer-unit:8 directly in binaries.
The undocumented internal function ssh_bits:erlint/1 is removed.
|
|
* ia/ssh/name-spaces/OTP-12675:
ssh: Correct Makefile
ssh: Add profile option
|
|
* hans/ssh/check_dirs/OTP-12788:
ssh: Check that user_dir and system_dir exists and are readable
|
|
|
|
|
|
The ssh application does not have any external include files
|
|
To enable the ssh daemon to run in a virtualized environment, where
there can be more that one server that has the same ip-address
and port, we add a new option profile. The profile name will be
used in concatenation with ip-address and port to identify the
ssh daemon instance.
The name profile was chosen as there is a similar concept in the HTTP client
in inets where profile names can be used to instantiate client configurations.
Also the same type of option has been added to the HTTP server in inets.
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/test/httpd_SUITE.erl
lib/inets/vsn.mk
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
This is to prevent some dos-attac scenarios. The limit is hard-coded.
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
The 'compression' option was used in the test cases. The new option 'preferred_algorithms' is
much more powerful and can be used as a replacement.
|
|
This option enables the user to define which algorithms that
are to be used as well as their precedences in the negotiation
between server and client.
|
|
This option is set internaly but there is no reason to set it when calling a function.
|
|
In RFC 4253, sections 7.1 & 9 describe rekeying with
special attention to the protocol messages that may be
received and may not be sent during rekeying.
This patch fixes a number of problems during rekeying
caused by data & requests received from the network, and/or data & requests sent by the user.
|
|
When in the connected state, an received KEXINIT
message MUST be responded to with KEXINIT. After that,
the client may continue with KEXDH_INIT (or similar).
See the first paragraph on RFC 4253 sec. 9.
|
|
Conflicts:
OTP_VERSION
lib/ssh/doc/src/ssh.xml
lib/ssh/vsn.mk
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
Option height was misspelled in the code. Fix code but recognize
the mispellt option for backwards compatible reasons.
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
OTP-12708
|
|
The port stats are not accumulated so that once rekey_limit bytes
(by default, 1GB) have been transmitted the connection will be
rekeyed every minute, not after the next 1GB.
|
|
This patch fixes a bug that causes an SFTP connection to always fail
when {timeout, Timeout} option is used with
ssh_sftp:start_channel. The bug is that the version negotiation timer
is not cancelled upon reception of SSH_FXP_VERSION.
|
|
Conflicts:
OTP_VERSION
|
|
For limiting Banner Grabbing attempts.
|
|
* ia/ssh/channel-gracefull-shutdown/OTP-12648:
ssh: Shutdown sftp channel gracefully
|
|
If ssh_connection:subsystem/4 fails we do not want to crash but rather
terminate gracefully.
|
|
Conflicts:
OTP_VERSION
|
|
|
|
|
|
A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping.
The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump.
|
|
|
|
The ssh acceptor process listens for connections and
spawns a process to handle each new connection that it accepts.
The ownership of the accepted socket will be transfered to the new process
that will handle the incomming messages. Before the ownership is
transfered the socket should be in {active, false} or the acceptor
process may receive data aimed for the connection. As the accept socket
inherits the listen options we set {active, false} there.
|
|
A queue is the behaviour that we want, so this makes the code
easier to understand and more effective.
|
|
The error report was assumed to only happen if our code was wrongly
implemented "internal error". However it would also occur when
bad input was recived from the peer, and could hence cause extensive
logging on DoS attacks.
|
|
|
|
Conflicts:
lib/ssh/test/ssh_basic_SUITE.erl
|
|
* rickard/time_api/OTP-11997: (22 commits)
Update primary bootstrap
inets: Suppress deprecated warning on erlang:now/0
inets: Cleanup of multiple copies of functions Add inets_lib with common functions used by multiple modules
inets: Update comments
Suppress deprecated warning on erlang:now/0
Use new time API and be back-compatible in inets Remove unused functions and removed redundant test
asn1 test SUITE: Eliminate use of now/0
Disable deprecated warning on erlang:now/0 in diameter_lib
Use new time API and be back-compatible in ssh
Replace all calls to now/0 in CT with new time API functions
test_server: Replace usage of erlang:now() with usage of new API
Replace usage of erlang:now() with usage of new API
Replace usage of erlang:now() with usage of new API
Replace usage of erlang:now() with usage of new API
Replace usage of erlang:now() with usage of new API
otp_SUITE: Warn for calls to erlang:now/0
Replace usage of erlang:now() with usage of new API
Multiple timer wheels
Erlang based BIF timer implementation for scalability
Implement ethread events with timeout
...
Conflicts:
bootstrap/bin/start.boot
bootstrap/bin/start_clean.boot
bootstrap/lib/compiler/ebin/beam_asm.beam
bootstrap/lib/compiler/ebin/compile.beam
bootstrap/lib/kernel/ebin/auth.beam
bootstrap/lib/kernel/ebin/dist_util.beam
bootstrap/lib/kernel/ebin/global.beam
bootstrap/lib/kernel/ebin/hipe_unified_loader.beam
bootstrap/lib/kernel/ebin/inet_db.beam
bootstrap/lib/kernel/ebin/inet_dns.beam
bootstrap/lib/kernel/ebin/inet_res.beam
bootstrap/lib/kernel/ebin/os.beam
bootstrap/lib/kernel/ebin/pg2.beam
bootstrap/lib/stdlib/ebin/dets.beam
bootstrap/lib/stdlib/ebin/dets_utils.beam
bootstrap/lib/stdlib/ebin/erl_tar.beam
bootstrap/lib/stdlib/ebin/escript.beam
bootstrap/lib/stdlib/ebin/file_sorter.beam
bootstrap/lib/stdlib/ebin/otp_internal.beam
bootstrap/lib/stdlib/ebin/qlc.beam
bootstrap/lib/stdlib/ebin/random.beam
bootstrap/lib/stdlib/ebin/supervisor.beam
bootstrap/lib/stdlib/ebin/timer.beam
erts/aclocal.m4
erts/emulator/beam/bif.c
erts/emulator/beam/erl_bif_info.c
erts/emulator/beam/erl_db_hash.c
erts/emulator/beam/erl_init.c
erts/emulator/beam/erl_process.h
erts/emulator/beam/erl_thr_progress.c
erts/emulator/beam/utils.c
erts/emulator/sys/unix/sys.c
erts/preloaded/ebin/erlang.beam
erts/preloaded/ebin/erts_internal.beam
erts/preloaded/ebin/init.beam
erts/preloaded/src/erts_internal.erl
lib/common_test/test/ct_hooks_SUITE_data/cth/tests/empty_cth.erl
lib/diameter/src/base/diameter_lib.erl
lib/kernel/src/os.erl
lib/ssh/test/ssh_basic_SUITE.erl
system/doc/efficiency_guide/advanced.xml
|
|
Conflicts:
lib/ssh/test/ssh_basic_SUITE.erl
|
|
This reverts commit af972aaf14a5f53510e692f48f672f7e6805ee6d.
Conflicts:
lib/ssh/test/ssh_basic_SUITE.erl
|