* URL dependency was removed from session handling code. URL object
was only needed to get session key from client request. This was
moved somewhere else to achive better code reusability.
* Added URL parsing functionality that can be used without URL object.
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
is used in LOGIN service with peer name as remote host identifier.
This was we are able to see real IP in login related log files
such as /var/log/auth.log, etc...
* Real IP, peer name and URL are also passed to launched service
as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
and SHELLINABOX_URL). This can be used by custom user service shell
scripts or programs.
* Real IP can also be passed to custom user service as command line
parameter ${realip}.
Commit b06b1f15ac broke the configure option
"--disable-ssl" as the function sslMakeContext() was not enclosed in an
"#if defined(HAVE_OPENSSL)" statement.
Instead of making the browser sniffing more complicated, it's probably
better to use code that works for all current browsers. As such, this
swaps to use gzip compression encoding instead of deflate and drops the
IE browser sniffing code. This means shellinabox works in IE11 and
should work in every version of IE since IE7. From this commit, IE6 is
no longer supported. Thanks @lfourquaux.
Disable SSLv2, SSLv3, and compression; generate new DH or ECDH keys
during each handshake; always start a new session on server
renegotiation; set a strong cipher list.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
[ Patch from https://code.google.com/p/shellinabox/issues/detail?id=215 ]
o Use of runtime linkage emperils correctness of package. So, runtime
linking disabled in configuration.
o Workaround using environment variables to pass the names of the
shared libraries into the daemon is disabled.
o Auxiliary source file used to determine the current soname for
libssl is removed.
o Moved libssl from a dependency to being recommended.
o Added small program to support Recommended link generation.
o Fixed typo in lsb-base dependency.
o Added comment in the package description about the need for libssl.
o Fixed permissions on libhttp/ssl.c
o Added environment variables for specifying the ssl and crypto
libraries.
Auto-generated certificates are RSA, but the header does not indicate
this (e.g. BEGIN PRIVATE KEY). Since the type is not specified,
the certificate was not being parsed correctly, and attempts to
connect over HTTPS failed and caused web browser errors.
Fixes "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" in Chrome.
Fixes "ssl_error_no_cypher_overlap" in Firefox.
Completely discard hostnames containing invalid characters, instead of
merely replacing the invalid characters with uninitialized memory.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
was not really interested in them. This could result in inefficient I/O
behavior and most noticably it broke the ability to interrupt long running
output with CTRL-C.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@238 0da03de8-d603-11dd-86c2-0f8696b7b6f9
systems with an implementation of poll() that isn't completely POSIX
compliant. We now fall back on calling select() instead. That's not our
first choice, but it is presumably the best that MacOS X can do.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@236 0da03de8-d603-11dd-86c2-0f8696b7b6f9
processed buffers. I believe, this could only be triggered by clients that
enabled HTTP pipelining. That might explain why we haven't seen bug reports
any earlier.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@216 0da03de8-d603-11dd-86c2-0f8696b7b6f9
Fixed some compiler warnings when compiling with -Wextra
Thanks to Jan Jaeger's excellent bug report, made some changes
that should make it easier to build ShellInABox for OpenWRT.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@202 0da03de8-d603-11dd-86c2-0f8696b7b6f9
problems dealing with "inherit" styles. This prevented proper switching
between color and monochrome.
Implemented a work-around.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@172 0da03de8-d603-11dd-86c2-0f8696b7b6f9
to manipulate headers more easily. We now add "Connection: close" in more cases
where we force a closing of the connection.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@171 0da03de8-d603-11dd-86c2-0f8696b7b6f9
Some more tweaks for IE6 support. Overall, IE6 is still pretty
broken. Not sure if we can do much about this.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@166 0da03de8-d603-11dd-86c2-0f8696b7b6f9
work reliably on some platforms. So, avoid doing so on anything other
than Linux/i386. For all other platforms, assume that the code is not
linked against libpthread. For ShellInABox, this is always the correct
assumption. But if the code gets embedded into other projects, this
might have to be changed.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@141 0da03de8-d603-11dd-86c2-0f8696b7b6f9
management, if we don't have the privileges to do so, anyway)
- Make ssl.h compile again, even if OpenSSL is not found at compile time.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@115 0da03de8-d603-11dd-86c2-0f8696b7b6f9
- A couple of changes to avoid false error messages in valgrind.
- Fixed a bug that could potentially lead to a double-free()
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@114 0da03de8-d603-11dd-86c2-0f8696b7b6f9
OpenSSL and PAM libraries to be optionally linked as regular shared libraries
instead of being searched for and loaded at run-time.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@65 0da03de8-d603-11dd-86c2-0f8696b7b6f9
provide our own conversation function, if PAM misc is not available. We
rely on login_tty to set up the terminal for us. And we avoid a few other
API uses that turned out to be Linux specific extensions.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@63 0da03de8-d603-11dd-86c2-0f8696b7b6f9
ill-advised choice, as this particular compiler options has a tendency to
generate a lot of false positives.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@62 0da03de8-d603-11dd-86c2-0f8696b7b6f9
