* Protection against large HTTP requests was fixed by adding some null
pointer checks. Too large HTTP requests are now correctly handled by
returning error code and closing connection.
* Added prefixes to all log messages. Prefix should describe source of
message, like "config", "http", "ssl", "server", etc... This should
give users more info to figure out what went wrong or what is going
on. Prefixes also make automatic processing easier.
* Usage is not displayed by default when given command line options are
incorrect. This way it is easier to notice actual error.
* Messages with "fatal" or "error" log level are now also passed to
syslogd service with help of vsyslog() function.
* On systems that use syslog service, these messages will be available
in default system log files like /var/log/syslog or /var/log/messages.
* In case that this SSL feature is abused it is possible to overload the
server. Other web servers disable this feature by default, but users
are able to change it with configuration. This is not possible with
shellinabox as this feature is not needed.
* Solution was implemented similary as in Lighttpd web server.
* Support for PFS is enabled with help of chiper suits that use ECDHE
key exchange. OpenSSL added support for eliptic curve operations (EC)
in version 0.9.8. Note that there are also some library distributions
which don't support EC operations.
* Added precompiler guards for builds with OpenSSL older than 0.9.8 and
builds with '--enable-runtime-loading' configure script option.
* Cleaned up some SSL related code.
* Added wrapper macros to suppress compiler warnings about unused return
values of setres*id() functions. We don't need checks at that point
as it does't affect our program.
* Added marco in configure.ac script to overwrite default AR_FLAGS,which
were causing build warnings.
* Removed debian/watch file as is not needed anymore, because now this
is native Debian package.
o Debian source type is 3.0 native.
o Properly builds package elements ready for release.
o Merging Alexandre's changelog entry with this one and retaining 2.15
version number.
o Some files in the demo/ directory were committed and should not have
been. These are removed.
o Cleaning includes removing demo/ directory transients.
o Debian rules explicitly perform demo/ cleanup so that source tarball
is correct.
o Resolves#329
Added @ character to the list of valid username characters.
* This allows login with "bad" username, even if shellinabox is configured to
run with SSH service. For LOGIN service this was always possible.
* Added "reconnect" and "onsessionchange" message types to use with
embedded terminal. Usage examples were added to misc/embedded.html
file.
* Improved code for unix domain socket functionality.
* Changed initialization of variables and handling of unix socket path.
* Added fixes for command line argument parsing, that I forgot in previous
commit.
* Improved user input checking and error handling for code from #320.
* Added some guards for unlinking socket file in server init and destroy
functions.
* Added peer name handling for AF_UNIX type connections in HTTP handling
code.
* Added basic support for message passing to or from embedded
shellinabox iframe. Now we can write to terminal, read the
terminal output and request session status from parent window.
* This functionality must be enabled with command line parameter
"--messages-origin ORIGIN". Value ORIGIN, which is compared with
message against received message origin, must be set to specific
url, or to "*" to allow messages from any origin.
* Changed detection for when terminal is embedded in another element.
Now we allow one pixel difference between calculated terminal width
and body width. This needs to be done because some browsers report
wrong width in offsetWidth property, when browser zoom is in use.
* Updated README
* Added more checks for return values and null pointers.
* Removed some dead code and unused variables.
* Fixed handling of calls to exec() family functions. If this functions
fail we need to cleanup resources.
* URL dependency was removed from session handling code. URL object
was only needed to get session key from client request. This was
moved somewhere else to achive better code reusability.
* Added URL parsing functionality that can be used without URL object.
* Changed "dim" cursor visibility from invisible to almost transparent
and in the same color as default background. This improves visibility
of cursor, if we are usign application (like vim for example) with
dark background and the "Black on White" user CSS is set.
* Changed handling of ANSI escape codes. Now we detect when to use
default colors and when to use explicit ANSI colors.
* Added new CSS classes "ansiDef" and "bgAnsiDef" for default terminal
foreground and background. Before we were using "ansi0" and "bgAnsi15"
for default bg/fg colors. This was causing problems, when "White on
Black" color theme modified their values. Now just this two classes
are changed when user changes his color theme.
* Changed ssh command log level from QUIET to FATAL. This will help
users with debugging in case of errors related to SSH service.
(See issues #112, #310)
* Added more information about SSH service in manual page. For SSH
service to work, sshd server needs to be running on local system
and must be configured to accept password authentication.
Real IP recognition over proxy
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
is used in LOGIN service with peer name as remote host identifier.
This was we are able to see real IP in login related log files
such as /var/log/auth.log, etc...
Example for failed logins over nginx as can be seen in `/var/log/auth.log` file:
```
May 17 20:17:20 luka-ubuntu login[9888]: FAILED LOGIN (1) on '/dev/pts/20' from '127.0.0.1, 192.168.1.100' FOR 'UNKNOWN', User not known to the underlying authentication module
May 17 20:17:25 luka-ubuntu login[9888]: FAILED LOGIN (2) on '/dev/pts/20' from '127.0.0.1, 192.168.1.100' FOR 'luka', Authentication failure
```
* Real IP, peer name and URL are also passed to launched service
as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
and SHELLINABOX_URL). This can be used by custom user service shell
scripts or programs.
```
SHELLINABOX_REALIP=192.168.1.100
SHELLINABOX_URL=http://192.168.1.150:81/
SHELLINABOX_PEERNAME=127.0.0.1
```
* Real IP can also be passed to custom user service as command line
parameter ${realip}.
See this example:
```
./shellinaboxd --service '/:luka:luka:/:/home/luka/test.sh --peer ${peer} --realip ${realip}'
```
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
is used in LOGIN service with peer name as remote host identifier.
This was we are able to see real IP in login related log files
such as /var/log/auth.log, etc...
* Real IP, peer name and URL are also passed to launched service
as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
and SHELLINABOX_URL). This can be used by custom user service shell
scripts or programs.
* Real IP can also be passed to custom user service as command line
parameter ${realip}.
