When browser tab/window is closed during active session, child process
stays alive forever (even if shellinaboxd is terminated).
This fix works only if shellinaboxd is started without root privileges.
Droping them at runtime doesn't help either. Issue is related to PAM
session management process.
If we start shellinaboxd with root priviliges this fix will not affect
anything.
* When session timeouts cleanup procedure is triggered. Procedure is executed
in launcher process, because this is parent of child (service) process.
There we execute checks, if we have correct child pid (stored in session) and
than we can terminate process.
* Added debug information about cleaning up child process
https://code.google.com/p/shellinabox/issues/detail?id=103https://code.google.com/p/shellinabox/issues/detail?id=203
Patch reference: e69132f3762bd57a328dfc40b645d670d651afe7
Patch message:
When connecting to shellinabox through an HTTP Proxy, we need to be careful
in holding the HTTP/S connection with unbound pending HTTP-POST as they would
occupy one thread in the outbound proxy.
We do need to make sure that:
- HTTP POST will graceful time-out from the client side, if no data is returned
by the server in 30s (gives the impression to the HTTP Proxy that the "page load"
is completed after tha time and then would release the thread)
- In case of connection errors, the browser doesn't retry with a short loop but
waits 1s before trying again. This prevent the browser freezing and the CPU looping.
Disable SSLv2, SSLv3, and compression; generate new DH or ECDH keys
during each handshake; always start a new session on server
renegotiation; set a strong cipher list.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
[ Patch from https://code.google.com/p/shellinabox/issues/detail?id=215 ]
* Added debug information when child process exits
- pid of child process (service)
- exit code (this should help for debuging issues related to "Session closed")
* Fixed status checking from waitpid() when child process exits
- before we were checking wrong variable (checks were allways true)
- now we use correct status variable
Project cleanup
* Updated .gitignore
* Autogenerated .js files were removed.
* Fixes for issues 39, 43, 166 and 172 were transferred from .js to .jspp files
o Use of runtime linkage emperils correctness of package. So, runtime
linking disabled in configuration.
o Workaround using environment variables to pass the names of the
shared libraries into the daemon is disabled.
o Auxiliary source file used to determine the current soname for
libssl is removed.
o Hurd doesn't support PATH_MAX, so we elide it from the forkPty
function. Code will work on non-hurd systems as well.
o In case ptsname_r isn't available, it is provided even when openpty
*is* available.
o Moved libssl from a dependency to being recommended.
o Added small program to support Recommended link generation.
o Fixed typo in lsb-base dependency.
o Added comment in the package description about the need for libssl.
o Fixed permissions on libhttp/ssl.c
o Added environment variables for specifying the ssl and crypto
libraries.
o According to the poster, the desired feature it supporting arbitrary
paths in the request URL s.t. proxying doesn't break SIAB.
o Rewrote poster's patch to void pointer arithmetic.
o Integrating comments from Markus.
o Patch for html5 drag-and-drop applied. From the poster,
Here is a quick proof-of-concept patch against the current SVN head
that adds support for dragging and dropping text into a shellinabox
session if the browser supports HTML5 drag-and-drop. It has only
been tested with shellinabox/demo/demo.html
o According to the poster,
Hello, here is a patch to fix the problem. The problem was that in
some places the author wrote "elem.style.className" while the
correct property is "elem.className", thus when the screen was
recreated (to fix some bug linked to print preview apparently), the
property wasn't saved correctly.
Changes applied.
o According to the poster, the desired feature it supporting arbitrary
paths in the request URL s.t. proxying doesn't break SIAB.
o Rewrote poster's patch to void pointer arithmetic. Use of rindex()
may prove hazardous to portability.
o From the poster:
i had the same problem on ubuntu 8.04 (hardy heron) 64 bits.
solved it by removing the option from the source code:
shellinabox/service.c (line 150)
//"-oVisualHostKey=no -oLogLevel=QUIET %%s@%s", host);
"-oLogLevel=QUIET %%s@%s", host);
o A compatible change was made.
o install target of rules used a hard link from the usr/share
directory to etc. This will be unreliable in many circumstances.
Linking changed to a copy.
o From a poster:
Just looking at this error a little more, the fix is easy for lion.
Change line 1664 to:
char cmsg_buf[CMSG_SPACE(sizeof(int))];
And you should be able to get it to compile.
o Made a compatible change even though the original code was valid.
Probably a compiler version issue.
o From the author:
I have a fix for the French and Swiss keyboard layout issues. There
was also a typo in the encoding of unicode characters that prevented
from typing the Euro sign. Attached is my patch.
o From the author:
Here is a simple patch that prompts the user to enter the text he'd
like to paste. It is not integrated to the OS clipboard because to be
honnest I've never seen any such hack work reliably among browsers,
but at least it's a quick way to transfer text.
It adds a menu entry in the context menu "Paste from browser"
o Revised debian/ control files.
o Pulling 2.10 source, changes made since then by Markus, as well as
patches by Jay Weisskopf (from GitHub).
o Setup to build from git repository as working directory using
git-buildpackage.
Auto-generated certificates are RSA, but the header does not indicate
this (e.g. BEGIN PRIVATE KEY). Since the type is not specified,
the certificate was not being parsed correctly, and attempts to
connect over HTTPS failed and caused web browser errors.
Fixes "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" in Chrome.
Fixes "ssl_error_no_cypher_overlap" in Firefox.
Completely discard hostnames containing invalid characters, instead of
merely replacing the invalid characters with uninitialized memory.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
