Commit graph

308 commits

Author SHA1 Message Date
KLuka
91f6eabe49 Issue #103, #203: Child process termination (partial fix)
When browser tab/window is closed during active session, child process
stays alive forever (even if shellinaboxd is terminated).

This fix works only if shellinaboxd is started without root privileges.
Droping them at runtime doesn't help either. Issue is related to PAM
session management process.

If we start shellinaboxd with root priviliges this fix will not affect
anything.

* When session timeouts cleanup procedure is triggered. Procedure is executed
in launcher process, because this is parent of child (service) process.
There we execute checks, if we have correct child pid (stored in session) and
than we can terminate process.
* Added debug information about cleaning up child process

https://code.google.com/p/shellinabox/issues/detail?id=103
https://code.google.com/p/shellinabox/issues/detail?id=203
2015-03-06 16:39:02 +01:00
Luka Krajger
68b5a487b4 Merge pull request #285 from KLuka/master
SSL patches, HTTP timeout patch
2015-03-05 18:36:58 +01:00
KLuka
97521bbfeb Issue #275: gracefully manage HTTP time-outs and connection problems
Patch reference: e69132f3762bd57a328dfc40b645d670d651afe7
Patch message:

When connecting to shellinabox through an HTTP Proxy, we need to be careful
in holding the HTTP/S connection with unbound pending HTTP-POST as they would
occupy one thread in the outbound proxy.

We do need to make sure that:
- HTTP POST will graceful time-out from the client side, if no data is returned
  by the server in 30s (gives the impression to the HTTP Proxy that the "page load"
  is completed after tha time and then would release the thread)
- In case of connection errors, the browser doesn't retry with a short loop but
  waits 1s before trying again. This prevent the browser freezing and the CPU looping.
2015-03-05 18:34:21 +01:00
Jonathan G Rennison
490781d998 Add dynamic linking for functions required by SSL v2/3 disabling patch. 2015-03-05 18:02:09 +01:00
Anders Kaseorg
b06b1f15ac Set SSL options for increased security
Disable SSLv2, SSLv3, and compression; generate new DH or ECDH keys
during each handshake; always start a new session on server
renegotiation; set a strong cipher list.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

[ Patch from https://code.google.com/p/shellinabox/issues/detail?id=215 ]
2015-03-05 18:00:16 +01:00
KLuka
4f0b949081 IE 11 - This page can’t be displayed (Issue #262)
Now we are able to identify IE11 as MSIE browser and disable
compresion.

Patch taken from issue comments.

https://code.google.com/p/shellinabox/issues/detail?id=262
2015-03-05 17:26:47 +01:00
KLuka
bd3f0bd9fd Debug info and minor fix on child process exit (service exit)
* Added debug information when child process exits
	- pid of child process (service)
	- exit code (this should help for debuging issues related to "Session closed")

* Fixed status checking from waitpid() when child process exits
	- before we were checking wrong variable (checks were allways true)
	- now we use correct status variable
2015-03-05 17:23:24 +01:00
KLuka
7e0374b783 Issue #180: Ever growing console occurs in iPad
Patch taken from comments.

More info: https://code.google.com/p/shellinabox/issues/detail?id=180
Refernece: 7ba55246327ad9934ed5d082a12b6cc73f381511
2015-03-05 17:17:41 +01:00
KLuka
8e68059b50 Issue #202: "-_" keys don't not work in FF > 15
Added new keycodes for Firefox

More info: https://code.google.com/p/shellinabox/issues/detail?id=202
Refernece: 49b538590ea57da76a0af895a23c521c9a4538be
2015-03-05 17:10:55 +01:00
Ezra Buehler
821ee789c4 No longer set HTTP Content-Length 2015-03-05 16:27:35 +01:00
KLuka
33813cd46d Issue #245: Blank screen in Chrome 31.0.1650.57
Applied patch and fixed some formating.

Patch: https://code.google.com/p/shellinabox/issues/detail?id=245#c5
2015-03-05 16:15:12 +01:00
KLuka
618999f3cc Issue #114: popup warning on tab/window close
JS `window.onbeforeunload` handler was added, and it will be
trigger if session is active.

Reference: 6693512fde244cbb7f10e0033d4b4e5ec1b20e32
2015-03-05 15:46:13 +01:00
Luka Krajger
1dd54b224b Merge pull request #284 from KLuka/master
Some fixes
2015-03-05 15:32:24 +01:00
Luka Krajger
79574d8ac4 Merge pull request #283 from KLuka/cleanup
Project cleanup

* Updated .gitignore
* Autogenerated .js files were removed.
* Fixes for issues 39, 43, 166 and 172 were transferred from .js to .jspp files
2015-03-04 16:17:29 +01:00
KLuka
6336e9f376 Issues 39, 43, 166 and 172 commits applied to .jspp files
Autogenerated .js files with fixes were removed. Patches were taken
from commits:

* 7d396c8273
* b7dac10ec1
* ea179e89f7
* b74ddd066b
2015-03-04 17:01:06 +01:00
KLuka
7b7a844175 Updated .gitignore 2015-03-04 15:37:47 +01:00
KLuka
7859ad6868 Updated .gitignore and removed autogenerated .js files 2015-03-04 15:28:32 +01:00
Marc Singer
ea1937a55c Fixing errors reported by piuparts.
o Revised debian/rules dh_install.
o Revised postrm and prerm.
2012-04-21 10:30:44 -07:00
Marc Singer
9619327ddb Debian build now defaults to direct link with shared libraries.
o Use of runtime linkage emperils correctness of package.  So, runtime
  linking disabled in configuration.
o Workaround using environment variables to pass the names of the
  shared libraries into the daemon is disabled.
o Auxiliary source file used to determine the current soname for
  libssl is removed.
2012-04-10 15:28:53 -07:00
Marc Singer
4bac6f8b05 Removing PATH_MAX reference.
o Hurd doesn't support PATH_MAX, so we elide it from the forkPty
  function.  Code will work on non-hurd systems as well.
o In case ptsname_r isn't available, it is provided even when openpty
  *is* available.
2012-04-09 18:40:02 -07:00
Marc Singer
675af06a44 Typo in web address.
o Fixes debian #668130.
2012-04-09 10:34:18 -07:00
Marc Singer
7ecd468128 Revision to dependencies.
o Moved libssl from a dependency to being recommended.
o Added small program to support Recommended link generation.
o Fixed typo in lsb-base dependency.
o Added comment in the package description about the need for libssl.
o Fixed permissions on libhttp/ssl.c
o Added environment variables for specifying the ssl and crypto
  libraries.
2012-04-07 16:09:38 -07:00
Marc Singer
f1e59996b6 Fixups before release.
o Revised changelog.
o Revised control.
o Removed unnecessary README.
2012-04-05 20:58:51 -07:00
Marc Singer
f4a9e54dda Fixing Valgrind discovered issues.
o Clearing buffer sent via sendmsg.
2012-04-05 20:20:02 -07:00
Marc Singer
7d396c8273 Issue 172: autocorrect/autocapitalize can cause problems on mobile devices
o Applied patch from poster.
2012-04-05 11:51:00 -07:00
Marc Singer
52feb7abac Issue 167: Accept connections in subfolders
o According to the poster, the desired feature it supporting arbitrary
  paths in the request URL s.t. proxying doesn't break SIAB.
o Rewrote poster's patch to void pointer arithmetic.
o Integrating comments from Markus.
2012-04-04 13:54:11 -07:00
Marc Singer
55ca3e827c Revert "Issue 167: Accept connections in subfolders"
This reverts commit 1139b09b62.

o Revert this commit in order to revise it.
2012-04-04 13:53:14 -07:00
Marc Singer
33a92e9c93 Issue 39: Clipboard not integrated with client operating system
o Patch for html5 drag-and-drop applied.  From the poster,

  Here is a quick proof-of-concept patch against the current SVN head
  that adds support for dragging and dropping text into a shellinabox
  session if the browser supports HTML5 drag-and-drop. It has only
  been tested with shellinabox/demo/demo.html
2012-03-31 18:59:38 -07:00
Marc Singer
da7c1b5ec1 Cleanup of debian control file before 2.11. 2012-03-31 17:08:27 -07:00
Marc Singer
b7dac10ec1 Issue 166: Color goes away
o According to the poster,

  Hello, here is a patch to fix the problem. The problem was that in
  some places the author wrote "elem.style.className" while the
  correct property is "elem.className", thus when the screen was
  recreated (to fix some bug linked to print preview apparently), the
  property wasn't saved correctly.

Changes applied.
2012-03-31 16:28:16 -07:00
Marc Singer
1139b09b62 Issue 167: Accept connections in subfolders
o According to the poster, the desired feature it supporting arbitrary
  paths in the request URL s.t. proxying doesn't break SIAB.
o Rewrote poster's patch to void pointer arithmetic.  Use of rindex()
  may prove hazardous to portability.
2012-03-31 16:17:09 -07:00
Marc Singer
38fcacd6c7 Issue 134: How to add arguments?
o Confusion about quoting mitigated with documentation.
2012-03-31 15:44:15 -07:00
Marc Singer
18300eddc9 Issue 116: A shellinthebox runner / configuration file
o Added contib/siab.rb and README from user.
2012-03-31 15:29:18 -07:00
Marc Singer
6b2adb28d2 Issue 93: openssl required install-time
o The root cause is in the control file.  libssl will not appear as a
  dependency of the package.
2012-03-31 14:58:40 -07:00
Marc Singer
0abfde6d61 Issue 50: SSH service not working on Centos/RHEL
o From the poster:

  i had the same problem on ubuntu 8.04 (hardy heron) 64 bits.
  solved it by removing the option from the source code:
  shellinabox/service.c (line 150)
          //"-oVisualHostKey=no -oLogLevel=QUIET %%s@%s", host);
          "-oLogLevel=QUIET %%s@%s", host);

o A compatible change was made.
2012-03-31 12:47:49 -07:00
Marc Singer
12010660b1 Issue 49: Debian packageing uses cross-directory hardlinks
o install target of rules used a hard link from the usr/share
  directory to etc.  This will be unreliable in many circumstances.
  Linking changed to a copy.
2012-03-31 12:42:40 -07:00
Marc Singer
03a5435584 Issue 47: Does not build on Mac OSX
o From a poster:

  Just looking at this error a little more, the fix is easy for lion.
  Change line 1664 to:

      char cmsg_buf[CMSG_SPACE(sizeof(int))];

  And you should be able to get it to compile.

o Made a compatible change even though the original code was valid.
  Probably a compiler version issue.
2012-03-31 12:32:15 -07:00
Marc Singer
ea179e89f7 Issue 43: 2.10 version introduces a keyboard layout problem
o From the author:

  I have a fix for the French and Swiss keyboard layout issues.  There
  was also a typo in the encoding of unicode characters that prevented
  from typing the Euro sign.  Attached is my patch.
2012-03-31 12:18:53 -07:00
Marc Singer
b74ddd066b Issue 39: clipboard not integrated with client operating system.
o From the author:

  Here is a simple patch that prompts the user to enter the text he'd
  like to paste.  It is not integrated to the OS clipboard because to be
  honnest I've never seen any such hack work reliably among browsers,
  but at least it's a quick way to transfer text.

  It adds a menu entry in the context menu "Paste from browser"
2012-03-31 12:10:41 -07:00
Marc Singer
91bb3f76cf Some policy driven changes.
o Fixed install rule.
2012-03-30 13:12:22 -07:00
Marc Singer
f3a7a73c79 Updated debian/ for dh7.
o Revised debian/ control files.
o Pulling 2.10 source, changes made since then by Markus, as well as
  patches by Jay Weisskopf (from GitHub).
o Setup to build from git repository as working directory using
  git-buildpackage.
2012-03-30 13:12:22 -07:00
Jay Weisskopf
9cff326327 Use 2048-bit RSA keys for auto-generated certificates.
Security researchers have recommended moving away from 1024-bit
keys for a few years now.
2012-03-30 13:12:22 -07:00
Jay Weisskopf
85c3a03aec Assume a private key is RSA if the header does not specify a type.
Auto-generated certificates are RSA, but the header does not indicate
this (e.g. BEGIN PRIVATE KEY). Since the type is not specified,
the certificate was not being parsed correctly, and attempts to
connect over HTTPS failed and caused web browser errors.

Fixes "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" in Chrome.
Fixes "ssl_error_no_cypher_overlap" in Firefox.
2012-03-30 13:12:22 -07:00
Anders Kaseorg
e20a7d2536 sslGenerateCertificate: Don't use the shell
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2012-03-30 13:12:22 -07:00
Anders Kaseorg
3115eb4995 sslSNICallback: Properly disallow invalid characters
Completely discard hostnames containing invalid characters, instead of
merely replacing the invalid characters with uninitialized memory.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2012-03-30 13:12:22 -07:00
Anders Kaseorg
db4137c890 Fix miscellaneous strncat buffer overflows
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2012-03-30 13:12:22 -07:00
Jay Weisskopf
2280b802c7 Fixed an error in the init script's status function. 2012-03-30 13:12:21 -07:00
Jay Weisskopf
8630c134a8 Check for null pointers from gethostbyname_r() to prevent seg faults. 2012-03-30 13:12:21 -07:00
Jay Weisskopf
53d34911a1 Removed "Lucida Console" font because bold is wider than normal. 2012-03-30 13:12:21 -07:00
Jay Weisskopf
65449410e7 Bold and underline SGR attributes now utilize CSS. 2012-03-30 13:12:21 -07:00