* Session key is returned in first HTTP response if CGI mode is used.
Header filed is named 'X-ShellInABox-Session'. This can be used by
some special applications that need unique token.
* Added signal handling in PAM session process. Now SIGHUP signals are
forward to child process, which is the actual service. Launcher process
uses this type of signals to terminate service on http connection
timeout.
* Protection against large HTTP requests was fixed by adding some null
pointer checks. Too large HTTP requests are now correctly handled by
returning error code and closing connection.
* Added prefixes to all log messages. Prefix should describe source of
message, like "config", "http", "ssl", "server", etc... This should
give users more info to figure out what went wrong or what is going
on. Prefixes also make automatic processing easier.
* Usage is not displayed by default when given command line options are
incorrect. This way it is easier to notice actual error.
* Messages with "fatal" or "error" log level are now also passed to
syslogd service with help of vsyslog() function.
* On systems that use syslog service, these messages will be available
in default system log files like /var/log/syslog or /var/log/messages.
* In case that this SSL feature is abused it is possible to overload the
server. Other web servers disable this feature by default, but users
are able to change it with configuration. This is not possible with
shellinabox as this feature is not needed.
* Solution was implemented similary as in Lighttpd web server.
* Support for PFS is enabled with help of chiper suits that use ECDHE
key exchange. OpenSSL added support for eliptic curve operations (EC)
in version 0.9.8. Note that there are also some library distributions
which don't support EC operations.
* Added precompiler guards for builds with OpenSSL older than 0.9.8 and
builds with '--enable-runtime-loading' configure script option.
* Cleaned up some SSL related code.
* Added wrapper macros to suppress compiler warnings about unused return
values of setres*id() functions. We don't need checks at that point
as it does't affect our program.
* Added marco in configure.ac script to overwrite default AR_FLAGS,which
were causing build warnings.
* Removed debian/watch file as is not needed anymore, because now this
is native Debian package.
o Debian source type is 3.0 native.
o Properly builds package elements ready for release.
o Merging Alexandre's changelog entry with this one and retaining 2.15
version number.
o Some files in the demo/ directory were committed and should not have
been. These are removed.
o Cleaning includes removing demo/ directory transients.
o Debian rules explicitly perform demo/ cleanup so that source tarball
is correct.
o Resolves#329
Added @ character to the list of valid username characters.
* This allows login with "bad" username, even if shellinabox is configured to
run with SSH service. For LOGIN service this was always possible.
* Added "reconnect" and "onsessionchange" message types to use with
embedded terminal. Usage examples were added to misc/embedded.html
file.
* Improved code for unix domain socket functionality.
* Changed initialization of variables and handling of unix socket path.
* Added fixes for command line argument parsing, that I forgot in previous
commit.
* Improved user input checking and error handling for code from #320.
* Added some guards for unlinking socket file in server init and destroy
functions.
* Added peer name handling for AF_UNIX type connections in HTTP handling
code.
* Added basic support for message passing to or from embedded
shellinabox iframe. Now we can write to terminal, read the
terminal output and request session status from parent window.
* This functionality must be enabled with command line parameter
"--messages-origin ORIGIN". Value ORIGIN, which is compared with
message against received message origin, must be set to specific
url, or to "*" to allow messages from any origin.
* Changed detection for when terminal is embedded in another element.
Now we allow one pixel difference between calculated terminal width
and body width. This needs to be done because some browsers report
wrong width in offsetWidth property, when browser zoom is in use.
* Updated README
* Added more checks for return values and null pointers.
* Removed some dead code and unused variables.
* Fixed handling of calls to exec() family functions. If this functions
fail we need to cleanup resources.
* URL dependency was removed from session handling code. URL object
was only needed to get session key from client request. This was
moved somewhere else to achive better code reusability.
* Added URL parsing functionality that can be used without URL object.