Instead of making the browser sniffing more complicated, it's probably
better to use code that works for all current browsers. As such, this
swaps to use gzip compression encoding instead of deflate and drops the
IE browser sniffing code. This means shellinabox works in IE11 and
should work in every version of IE since IE7. From this commit, IE6 is
no longer supported. Thanks @lfourquaux.
type="textfield" is invalid, however most browsers seem to default to
type="text" so this must have been overlooked.
This patch was modified to fit in our fork by @KLuka.
Keyboard icon was not visible on dark background. This fixes icon to work well
on light and dark background. Image was fixed by @Grimthorr.
Copy of icon was removed from demo directory.
Posts from issue #118 tells us that at signs in JavaScript comments could produce
some troubles in IE browsers.
This related to something called "contional compilation" in JS ...
When browser tab/window is closed during active session, child process
stays alive forever (even if shellinaboxd is terminated).
This fix works only if shellinaboxd is started without root privileges.
Droping them at runtime doesn't help either. Issue is related to PAM
session management process.
If we start shellinaboxd with root priviliges this fix will not affect
anything.
* When session timeouts cleanup procedure is triggered. Procedure is executed
in launcher process, because this is parent of child (service) process.
There we execute checks, if we have correct child pid (stored in session) and
than we can terminate process.
* Added debug information about cleaning up child process
https://code.google.com/p/shellinabox/issues/detail?id=103https://code.google.com/p/shellinabox/issues/detail?id=203
Patch reference: e69132f3762bd57a328dfc40b645d670d651afe7
Patch message:
When connecting to shellinabox through an HTTP Proxy, we need to be careful
in holding the HTTP/S connection with unbound pending HTTP-POST as they would
occupy one thread in the outbound proxy.
We do need to make sure that:
- HTTP POST will graceful time-out from the client side, if no data is returned
by the server in 30s (gives the impression to the HTTP Proxy that the "page load"
is completed after tha time and then would release the thread)
- In case of connection errors, the browser doesn't retry with a short loop but
waits 1s before trying again. This prevent the browser freezing and the CPU looping.
Disable SSLv2, SSLv3, and compression; generate new DH or ECDH keys
during each handshake; always start a new session on server
renegotiation; set a strong cipher list.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
[ Patch from https://code.google.com/p/shellinabox/issues/detail?id=215 ]
* Added debug information when child process exits
- pid of child process (service)
- exit code (this should help for debuging issues related to "Session closed")
* Fixed status checking from waitpid() when child process exits
- before we were checking wrong variable (checks were allways true)
- now we use correct status variable
Project cleanup
* Updated .gitignore
* Autogenerated .js files were removed.
* Fixes for issues 39, 43, 166 and 172 were transferred from .js to .jspp files
o Use of runtime linkage emperils correctness of package. So, runtime
linking disabled in configuration.
o Workaround using environment variables to pass the names of the
shared libraries into the daemon is disabled.
o Auxiliary source file used to determine the current soname for
libssl is removed.
o Hurd doesn't support PATH_MAX, so we elide it from the forkPty
function. Code will work on non-hurd systems as well.
o In case ptsname_r isn't available, it is provided even when openpty
*is* available.
o Moved libssl from a dependency to being recommended.
o Added small program to support Recommended link generation.
o Fixed typo in lsb-base dependency.
o Added comment in the package description about the need for libssl.
o Fixed permissions on libhttp/ssl.c
o Added environment variables for specifying the ssl and crypto
libraries.
o According to the poster, the desired feature it supporting arbitrary
paths in the request URL s.t. proxying doesn't break SIAB.
o Rewrote poster's patch to void pointer arithmetic.
o Integrating comments from Markus.
