* Improved user input checking and error handling for code from #320.
* Added some guards for unlinking socket file in server init and destroy
functions.
* Added peer name handling for AF_UNIX type connections in HTTP handling
code.
* Added basic support for message passing to or from embedded
shellinabox iframe. Now we can write to terminal, read the
terminal output and request session status from parent window.
* This functionality must be enabled with command line parameter
"--messages-origin ORIGIN". Value ORIGIN, which is compared with
message against received message origin, must be set to specific
url, or to "*" to allow messages from any origin.
* Changed detection for when terminal is embedded in another element.
Now we allow one pixel difference between calculated terminal width
and body width. This needs to be done because some browsers report
wrong width in offsetWidth property, when browser zoom is in use.
* Updated README
* Added more checks for return values and null pointers.
* Removed some dead code and unused variables.
* Fixed handling of calls to exec() family functions. If this functions
fail we need to cleanup resources.
* URL dependency was removed from session handling code. URL object
was only needed to get session key from client request. This was
moved somewhere else to achive better code reusability.
* Added URL parsing functionality that can be used without URL object.
* Changed "dim" cursor visibility from invisible to almost transparent
and in the same color as default background. This improves visibility
of cursor, if we are usign application (like vim for example) with
dark background and the "Black on White" user CSS is set.
* Changed handling of ANSI escape codes. Now we detect when to use
default colors and when to use explicit ANSI colors.
* Added new CSS classes "ansiDef" and "bgAnsiDef" for default terminal
foreground and background. Before we were using "ansi0" and "bgAnsi15"
for default bg/fg colors. This was causing problems, when "White on
Black" color theme modified their values. Now just this two classes
are changed when user changes his color theme.
* Changed ssh command log level from QUIET to FATAL. This will help
users with debugging in case of errors related to SSH service.
(See issues #112, #310)
* Added more information about SSH service in manual page. For SSH
service to work, sshd server needs to be running on local system
and must be configured to accept password authentication.
Real IP recognition over proxy
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
is used in LOGIN service with peer name as remote host identifier.
This was we are able to see real IP in login related log files
such as /var/log/auth.log, etc...
Example for failed logins over nginx as can be seen in `/var/log/auth.log` file:
```
May 17 20:17:20 luka-ubuntu login[9888]: FAILED LOGIN (1) on '/dev/pts/20' from '127.0.0.1, 192.168.1.100' FOR 'UNKNOWN', User not known to the underlying authentication module
May 17 20:17:25 luka-ubuntu login[9888]: FAILED LOGIN (2) on '/dev/pts/20' from '127.0.0.1, 192.168.1.100' FOR 'luka', Authentication failure
```
* Real IP, peer name and URL are also passed to launched service
as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
and SHELLINABOX_URL). This can be used by custom user service shell
scripts or programs.
```
SHELLINABOX_REALIP=192.168.1.100
SHELLINABOX_URL=http://192.168.1.150:81/
SHELLINABOX_PEERNAME=127.0.0.1
```
* Real IP can also be passed to custom user service as command line
parameter ${realip}.
See this example:
```
./shellinaboxd --service '/:luka:luka:/:/home/luka/test.sh --peer ${peer} --realip ${realip}'
```
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
is used in LOGIN service with peer name as remote host identifier.
This was we are able to see real IP in login related log files
such as /var/log/auth.log, etc...
* Real IP, peer name and URL are also passed to launched service
as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
and SHELLINABOX_URL). This can be used by custom user service shell
scripts or programs.
* Real IP can also be passed to custom user service as command line
parameter ${realip}.
so much more simple to read, yet it yelds an identical .deb
For people building the package without debian tools,
the 4 *.css won't be installed in /usr/share/doc/shellinabox;
anymore, but those aren't _documentation_,
merely sample configuration files.
The stubby Changelog "Please see CHANGELOG.md" is replaced
by a symlink; that explains the size increase of 6kb;
but Debian package should by policy ship the upstream
CHANGELOG if avaible.
```
debdiff GOOD_shellinabox_2.15-1_armhf.deb shellinabox_2.15-1_armhf.deb
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
------------------------------------------------
Installed-Size: [-510-] {+516+}
```
building from tarball can be tested this way:
rsync -avix . /tmp/shellinabox --exclude-from=.gitignore --exclude=.git --delete --delete-excluded
(cd /tmp/shellinabox && autoreconf -i && ./configure && make && ./shellinaboxd --version)
* Now we use onload event to disable user CSS accoring to default
or user settings. Problem was that we were setting the 'disabled'
attribute on unloaded stylesheet. This should work in all moderen
browsers.
* Fixed initialization of user CSS settings from cookie. Now we the correct
values are being read. This could be possible fix for issue #138.
* Changed generation of CSS link elements to get rid of JS deprecated
warnings.
_SC_GETGR_R_SIZE_MAX was treated as a maximum buffer size while
it should only be a proposition for an initial size.
The buffer size is now increased dynamically if the initial size
is not sufficient.