Commit graph

421 commits

Author SHA1 Message Date
Benji Wiebe
3ff0ad5768 Added --disable-utmp-logging option 2015-08-27 23:16:06 -05:00
Luka Krajger
6f30739e33 Merge pull request #338 from BenjiWiebe/master
Kill children with HUP instead of TERM at end of session
2015-08-27 23:49:37 +02:00
Benji Wiebe
7f5064efcd Reset sigaction for SIGHUP to default in child 2015-08-27 14:08:39 -05:00
Benji Wiebe
145abf1fcc Kill children with HUP instead of TERM at end of session 2015-08-27 13:26:42 -05:00
KLuka
48a65d6bcb Fixed handling of large HTTP requests
* Protection against large HTTP requests was fixed by adding some null
  pointer checks. Too large HTTP requests are now correctly handled by
  returning error code and closing connection.
2015-08-26 23:27:06 +02:00
KLuka
6c9f98bf34 Logging and debuging
* Added prefixes to all log messages. Prefix should describe source of
  message, like "config", "http", "ssl", "server", etc... This should
  give users more info to figure out what went wrong or what is going
  on. Prefixes also make automatic processing easier.
* Usage is not displayed by default when given command line options are
  incorrect. This way it is easier to notice actual error.
2015-08-23 19:25:36 +02:00
KLuka
d74e60b6a7 Added system logging for important errors
* Messages with "fatal" or "error" log level are now also passed to
  syslogd service with help of vsyslog() function.
* On systems that use syslog service, these messages will be available
  in default system log files like /var/log/syslog or /var/log/messages.
2015-08-21 18:08:11 +02:00
KLuka
dfd885c011 Raised version 2015-08-21 17:44:06 +02:00
Marc Singer
acba554b6b Package release commit. 2015-08-07 20:53:15 -07:00
Luka Krajger
02838e530f Merge pull request #332 from KLuka/ssl
SSL patches
2015-08-06 18:22:07 +02:00
KLuka
1f54ff5f71 Added prefix to SSL related debug messages 2015-08-06 18:11:32 +02:00
KLuka
eacb2fcb81 Disable secure client-initiated renegotiation
* In case that this SSL feature is abused it is possible to overload the
  server. Other web servers disable this feature by default, but users
  are able to change it with configuration. This is not possible with
  shellinabox as this feature is not needed.
* Solution was implemented similary as in Lighttpd web server.
2015-08-06 18:06:11 +02:00
KLuka
f0437832d3 Added support for Perfect Forward Secrecy (#331)
* Support for PFS is enabled with help of chiper suits that use ECDHE
  key exchange. OpenSSL added support for eliptic curve operations (EC)
  in version 0.9.8. Note that there are also some library distributions
  which don't support EC operations.
* Added precompiler guards for builds with OpenSSL older than 0.9.8 and
  builds with '--enable-runtime-loading' configure script option.
* Cleaned up some SSL related code.
2015-08-05 17:57:05 +02:00
KLuka
477818e088 Fixed broken visual bell style in default CSS 2015-07-27 20:08:47 +02:00
KLuka
7cc877cdd8 Clean up build and lintian warnings (#328)
* Added wrapper macros to suppress compiler warnings about unused return
  values of setres*id() functions. We don't need checks at that point
  as it does't affect our program.
* Added marco in configure.ac script to overwrite default AR_FLAGS,which
  were causing build warnings.
* Removed debian/watch file as is not needed anymore, because now this
  is native Debian package.
2015-07-27 19:57:19 +02:00
Marc Singer
8ac3a4efcf Release to guarantee upgrade. 2015-07-24 11:54:39 -07:00
Marc Singer
7794fa4f64 Merge remote-tracking branch 'refs/remotes/origin/master' 2015-07-24 09:44:50 -07:00
Marc Singer
001613b538 Changing to native package.
o Debian source type is 3.0 native.
o Properly builds package elements ready for release.
o Merging Alexandre's changelog entry with this one and retaining 2.15
  version number.
2015-07-24 09:23:27 -07:00
Marc Singer
655d0a3b0d Improving cleanliness.
o Some files in the demo/ directory were committed and should not have
  been.  These are removed.
o Cleaning includes removing demo/ directory transients.
o Debian rules explicitly perform demo/ cleanup so that source tarball
  is correct.
o Resolves #329
2015-07-24 09:23:27 -07:00
KLuka
9dcef5688f Added Github url in context menu "About..." popup 2015-07-24 16:08:05 +02:00
Luka Krajger
f8f937608c Merge pull request #325 from sroeder/master
Added @ character to the list of valid username characters.

* This allows login with "bad" username, even if shellinabox is configured to
  run with SSH service. For LOGIN service this was always possible.
2015-07-21 18:43:27 +02:00
Scott Roeder
34bbeab314 Added @ character to the list of valid username characters. 2015-07-21 12:27:24 +04:00
KLuka
b4de69ed5c Fixed option --service for running custom scripts
* Full path of command is passed to function execvp(), when we launch
  user defined service. This was broken since commit b3309b2.
2015-07-17 13:43:01 +02:00
KLuka
458cd7aa8f Minor improvments
* Added "reconnect" and "onsessionchange" message types to use with
  embedded terminal. Usage examples were added to misc/embedded.html
  file.
* Improved code for unix domain socket functionality.
2015-07-09 21:51:43 +02:00
KLuka
bdca920abc Another update for unix domain sockets support
* Changed initialization of variables and handling of unix socket path.
* Added fixes for command line argument parsing, that I forgot in previous
  commit.
2015-07-07 10:48:14 +02:00
KLuka
c6186530bb Minor fixes for unix domain sockets
* Improved user input checking and error handling for code from #320.
* Added some guards for unlinking socket file in server init and destroy
  functions.
* Added peer name handling for AF_UNIX type connections in HTTP handling
  code.
2015-07-06 22:02:54 +02:00
Luka Krajger
c7b41ad4ce Merge pull request #320 from rkd77/unixdomain
Unix domain sockets support.
2015-07-06 21:14:22 +02:00
Witold Filipczyk
4d8ec30100 Unix domain sockets support.
The socket is not removed on shutdown, but the rest seems to work.
2015-07-01 13:06:04 +02:00
Luka Krajger
8f38e7873b Merge pull request #317 from KLuka/messages
Message passing to embedded shellinabox

* Added ability to pass messages to or from shellinabox embedded iframe.
* Added example file.
2015-06-19 09:22:18 +02:00
KLuka
fb4ebaf01f Improved message passing info and examples 2015-06-17 18:11:59 +02:00
KLuka
4f32ae3f2f Message passing examples for embedded shellinabox
* Added misc/embedded.html file with more info and actual examples
  on message passing to or from embedded shellinabox frame.
2015-06-16 22:30:02 +02:00
KLuka
1676f1a887 Message passing support for embedded shellinabox
* Added basic support for message passing to or from embedded
  shellinabox iframe. Now we can write to terminal, read the
  terminal output and request session status from parent window.
* This functionality must be enabled with command line parameter
  "--messages-origin ORIGIN". Value ORIGIN, which is compared with
  message against received message origin, must be set to specific
  url, or to "*" to allow messages from any origin.
2015-06-16 18:54:39 +02:00
KLuka
bcac95b9fa Issue #63, #315: only one line is displayed
* Changed detection for when terminal is embedded in another element.
  Now we allow one pixel difference between calculated terminal width
  and body width. This needs to be done because some browsers report
  wrong width in offsetWidth property, when browser zoom is in use.
* Updated README
2015-06-12 15:53:57 +02:00
Luka Krajger
14d44513ff Merge pull request #316 from gitter-badger/gitter-badge
Add a Gitter chat badge to README.md
2015-06-11 13:06:12 +02:00
The Gitter Badger
8029a2d9dd Added Gitter badge 2015-06-11 10:57:38 +00:00
Luka Krajger
4f9c682860 Updated README 2015-06-06 15:06:47 +02:00
KLuka
b3309b23d8 Fixes for some defects found by Coverity
* Added more checks for return values and null pointers.
* Removed some dead code and unused variables.
* Fixed handling of calls to exec() family functions. If this functions
  fail we need to cleanup resources.
2015-05-31 13:04:00 +02:00
Luka Krajger
21c8d8e0b7 Merge pull request #314 from a-detiste/master
debian: preserve user options on upgrade
2015-05-28 19:39:24 +02:00
Alexandre Detiste
4ccab0aa0d debian: also work correclty when _all_ options have been disabled
make #DEBHELPER# future-proof (now a no-op)
2015-05-27 17:14:50 +02:00
Alexandre Detiste
f77c7d06a5 debian: preserve user options on upgrade 2015-05-27 15:00:49 +02:00
KLuka
6402688084 Improved code session and URL handling
* URL dependency was removed from session handling code. URL object
  was only needed to get session key from client request. This was
  moved somewhere else to achive better code reusability.
* Added URL parsing functionality that can be used without URL object.
2015-05-26 22:37:32 +02:00
Luka Krajger
fad30cd57c Merge pull request #311 from KLuka/colors
Solution for issue #255, manuals update
2015-05-23 10:40:43 +02:00
KLuka
8923598a6d Improved terminal cursor style
* Changed "dim" cursor visibility from invisible to almost transparent
  and in the same color as default background. This improves visibility
  of cursor, if we are usign application (like vim for example) with
  dark background and the "Black on White" user CSS is set.
2015-05-23 10:38:08 +02:00
KLuka
9bb3b787ae Updated manuals for SSH service 2015-05-21 09:51:59 +02:00
KLuka
0a2ba7c052 Issue #255: Fixed "White on Black" color theme
* Changed handling of ANSI escape codes. Now we detect when to use
  default colors and when to use explicit ANSI colors.
* Added new CSS classes "ansiDef" and "bgAnsiDef" for default terminal
  foreground and background. Before we were using "ansi0" and "bgAnsi15"
  for default bg/fg colors. This was causing problems, when "White on
  Black" color theme modified their values. Now just this two classes
  are changed when user changes his color theme.
2015-05-20 16:50:32 +02:00
KLuka
e6a6857cb1 SSH service debugging and addtional information
* Changed ssh command log level from QUIET to FATAL. This will help
  users with debugging in case of errors related to SSH service.
  (See issues #112, #310)
* Added more information about SSH service in manual page. For SSH
  service to work, sshd server needs to be running on local system
  and must be configured to accept password authentication.
2015-05-19 21:39:11 +02:00
Luka Krajger
ce25d2f2b1 Merge pull request #309 from KLuka/realip
Real IP recognition over proxy

* Recogniton of HTTP header field 'X-Real-IP' was added. Value
  is used in LOGIN service with peer name as remote host identifier.
  This was we are able to see real IP in login related log files
  such as /var/log/auth.log, etc...

  Example for failed logins over nginx as can be seen in `/var/log/auth.log` file:
  ```
  May 17 20:17:20 luka-ubuntu login[9888]: FAILED LOGIN (1) on '/dev/pts/20' from '127.0.0.1, 192.168.1.100' FOR 'UNKNOWN', User not known to the underlying authentication module
  May 17 20:17:25 luka-ubuntu login[9888]: FAILED LOGIN (2) on '/dev/pts/20' from '127.0.0.1, 192.168.1.100' FOR 'luka', Authentication failure
  ```


* Real IP, peer name and URL are also passed to launched  service
  as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
  and SHELLINABOX_URL). This can be used by custom user service shell
  scripts or programs.

  ```
  SHELLINABOX_REALIP=192.168.1.100
  SHELLINABOX_URL=http://192.168.1.150:81/
  SHELLINABOX_PEERNAME=127.0.0.1
  ```

* Real IP can also be passed to custom user service as command line
  parameter ${realip}.

  See this example:
  ```
  ./shellinaboxd --service  '/:luka:luka:/:/home/luka/test.sh --peer ${peer} --realip ${realip}'
  ```
2015-05-19 09:54:09 +02:00
KLuka
17dd88e804 Real IP recognition over proxy (man, help)
* Manual page and output of --help parameter were updated according
  to changes in previous commit.
2015-05-18 16:28:14 +02:00
KLuka
883b7aa7f0 Real IP recognition over proxy (partial fix #54)
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
  is used in LOGIN service with peer name as remote host identifier.
  This was we are able to see real IP in login related log files
  such as /var/log/auth.log, etc...
* Real IP, peer name and URL are also passed to launched  service
  as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
  and SHELLINABOX_URL). This can be used by custom user service shell
  scripts or programs.
* Real IP can also be passed to custom user service as command line
  parameter ${realip}.
2015-05-17 20:05:15 +02:00
Luka Krajger
89d4a87c53 Merge pull request #308 from a-detiste/master
clean up debian/rules
2015-05-16 18:14:18 +02:00