fix

2017-09-14 15:05:15 +02:00 · 2017-09-14 14:57:56 +02:00 · 2017-06-04 01:06:16 +02:00 · 2017-06-04 01:02:11 +02:00 · 2017-05-24 18:55:15 +02:00 · 2017-05-24 18:54:50 +02:00
90 changed files with 541 additions and 153 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,6 +9,7 @@ aclocal.m4
 autom4te.cache
 certificate.pem
 compile
+config.cache
 config.guess
 config.h
 config.h.in
--- a/0
+++ b/0
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/0
+++ b/0
--- a/0
+++ b/0
--- a/INSTALL.Debian
+++ b/INSTALL.Debian
@ -41,7 +41,7 @@ you point your browser to the site.

 At the very least, you need a file called "certificate.pem" that includes
 both the private key and the public certificate in PEM (i.e. ASCII) format.
-Additionally, you should create files for each of the publically visible
+Additionally, you should create files for each of the publicly visible
 hostnames that your machine has. These are named "certificate-${FQDN}.pem".
 You probably also want "certificate-localhost.pem".

--- a/Makefile.am
+++ b/Makefile.am
@ -242,7 +242,8 @@ shellinaboxd.1: ${top_srcdir}/shellinabox/shellinaboxd.man.in                 \

 clean-local: clean-demo
 	-rm -rf shellinaboxd.1                                                \
-	        shellinaboxd.ps
+	        shellinaboxd.ps                                               \
+	        shellinaboxd.pdf
 	-rm -rf debian/shellinabox                                            \
 	        debian/shellinabox*.debhelper*                                \
 	        debian/shellinabox.substvars                                  \
@ -364,3 +365,9 @@ clean-demo:
 	           "(int)sizeof($${sym}Start);";                              \
 	 } >"$@"

+shellinaboxd.ps: shellinaboxd.1
+	groff -man -T ps $^ >$@
+
+shellinaboxd.pdf: shellinaboxd.ps
+	ps2pdf $^ $@
+
--- a/0
+++ b/0
--- a/0
+++ b/0
--- a/README.Fedora
+++ b/README.Fedora
--- a/README.md
+++ b/README.md
@ -6,16 +6,16 @@ shellinabox
 [![Join the chat at https://gitter.im/shellinabox/shellinabox](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/shellinabox/shellinabox?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)


-This is unofficial fork of project **Shell In A Box**. Fork was created because
-original project is not maintained anymore and we cannot contact original
+This is an unofficial fork of the project **Shell In A Box**. The fork was created because
+the original project was not maintained anymore and we cannot contact the original
 repository owners.

-Our aim is to continue with maintanince of shellinabox project. For list of
-recent changes please see [CHANGELOG.md](/CHANGELOG.md).
+Our aim is to continue with maintenance of the shellinabox project. For a list of
+recent changes, please see [CHANGELOG.md](/CHANGELOG.md).

-If you have any questions, issues or patches, please fell free to submit pull
-request or report an issue. You can also drop an email to original project
-[issue #261](https://code.google.com/p/shellinabox/issues/detail?id=261) discusion
+If you have any questions, issues, or patches, please feel free to submit a pull
+request or report an issue. You can also drop an email to the original project
+[issue #261](https://code.google.com/p/shellinabox/issues/detail?id=261) discussion
 from where this fork started.


@ -27,7 +27,7 @@ tools to a web based terminal emulator. This emulator is accessible to any
 JavaScript and CSS enabled web browser and does not require any additional
 browser plugins.

-![Shell In A Box preview](/misc/preview.png?raw=true)
+![Shell In A Box preview](/misc/preview.gif?raw=true)

 More information:

@ -42,34 +42,17 @@ Build
 For building **shellinabox** from source on Debian or RHEL based systems use commands
 listed below. This will create executable file `shellinaboxd` in project directory.

-1. Install dependencies
+1. Clone the autotools

   ```
-    apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf
-   ```
-   
-   or
-   
-   ```
-   yum install git openssl-devel pam-devel zlib-devel autoconf automake libtool
+    wget https://raw.githubusercontent.com/simono41/shellinabox/master/auto.sh
   ```

-2. Clone source files and move to project directory
+3. Run autotools 

   ```
-    git clone https://github.com/shellinabox/shellinabox.git && cd shellinabox
-   ```
-
-3. Run autotools in project directory
-
-   ```
-    autoreconf -i
-   ```
-
-4. Run configure and make in project directory
-
-   ```
-    ./configure && make
+    chmod +x auto.sh
+    ./auto.sh
   ```

 #### Debian package
@ -103,5 +86,19 @@ created from our sources. In new issue report please include following things:
 * Version of shellinabox
 * Steps to reproduce the problem

-Also feel free to post any questions or comments in [shellianbox chat room](https://gitter.im/shellinabox/shellinabox)
+Also feel free to post any questions or comments in [shellinabox chat room](https://gitter.im/shellinabox/shellinabox)
 on Gitter.
+
+
+Known Issues
+------------
+
+* The openssl package is required for HTTP/SSL support.
+  Shell-in-a-box may be used without SSL such that the login session
+  is not encrypted.  To enable automatic creation of self-signed
+  certificates or to use a generated certificate, install openssl.
+
+* On Debian Jessie, the default openssl package does not include the
+  utilities necessary for Shell-in-a-box to generate self-signed
+  certificates.  Upgrade openssl to install a version of the tools
+  that support certificate creation.
--- a/0
+++ b/0
--- a/auto.sh
+++ b/auto.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -ex
+
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+  echo "Als root Angemeldet"
+
+if [ -f /usr/bin/apt ]; then
+  apt update
+
+  apt install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf
+fi
+
+if [ -f /usr/bin/pacman ]; then
+  pacman -Sy git openssl autoconf automake make gcc
+fi
+
+cd /opt/
+
+git clone https://github.com/simono41/shellinabox.git
+
+cd shellinabox
+
+autoreconf -i
+
+./configure && make
+
+cp shellinabox.service /etc/systemd/system/
+
+systemctl daemon-reload
+
+systemctl enable shellinabox.service
+
+# adduser
+
+echo adduser webssh
+
+useradd webssh
+
+mkdir /home/webssh
+
+cp shellinabox_sshwrapper.sh /home/webssh/
+
+chmod 770 -R /home/webssh/
+
+chown -cR webssh:webssh /home/webssh/
+
+passwd webssh <<EOT
+webssh
+webssh
+EOT
+
+systemctl start shellinabox.service &
--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@ AC_PREREQ(2.57)

 dnl This is one of the locations where the authoritative version
 dnl  number is stored.  The other is in the debian/changelog.
-AC_INIT(shellinabox, 2.18, markus@shellinabox.com)
+AC_INIT(shellinabox, 2.20, markus@shellinabox.com)
 if test -e .git; then
 VCS_REVISION=" (revision `cd $srcdir && git log -1 --format=format:%h`)"
 else
@ -32,7 +32,7 @@ AC_SUBST(AR_FLAGS, [cr])

 dnl Check for header files that do not exist on all platforms
 AC_CHECK_HEADERS([libutil.h pthread.h pty.h strings.h syslog.h sys/prctl.h \
-                  sys/uio.h util.h utmp.h utmpx.h])
+                  sys/uio.h util.h])

 dnl Most systems require linking against libutil.so in order to get login_tty()
 AC_CHECK_FUNCS(login_tty, [],
@ -75,15 +75,6 @@ AC_TRY_LINK([#include <math.h>],
            [AC_DEFINE(HAVE_ISNAN, 1,
                       Define to 1 if you have support for isnan)])

-dnl Even if utmpx.h exists, not all systems have support for updwtmpx()
-AC_TRY_LINK([#include <utmp.h>],
-            [updwtmp(0, 0);],
-            [AC_DEFINE(HAVE_UPDWTMP, 1,
-                       Define to 1 if you have support for updwtmp)])
-AC_TRY_LINK([#include <utmpx.h>],
-            [updwtmpx(0, 0);],
-            [AC_DEFINE(HAVE_UPDWTMPX, 1,
-                       Define to 1 if you have support for updwtmpx)])

 dnl Check if the compiler supports aliasing of symbols
 AC_TRY_LINK([void x(void) { };
@ -147,6 +138,28 @@ AC_ARG_ENABLE(runtime-loading,
                            these libraries into the binary, thus making them a
                            hard dependency, then disable runtime-loading.])

+dnl This is feature is not suported in some standard C libs. So users can use
+dnl this switch to avoid compile and runtime problems. Note that utmp must
+dnl disabled on systems with musl libc.
+AC_ARG_ENABLE(utmp,
+              [  --disable-utmp            Disable support for login records. Note
+                                           that for systems with musl libc utmp must
+                                           be disabled.])
+
+if test "x$enable_utmp" != xno; then
+  AC_CHECK_HEADERS([utmp.h utmpx.h])
+
+  dnl Even if utmpx.h exists, not all systems have support for updwtmpx()
+  AC_TRY_LINK([#include <utmp.h>],
+              [updwtmp(0, 0);],
+              [AC_DEFINE(HAVE_UPDWTMP, 1,
+                         Define to 1 if you have support for updwtmp)])
+  AC_TRY_LINK([#include <utmpx.h>],
+              [updwtmpx(0, 0);],
+              [AC_DEFINE(HAVE_UPDWTMPX, 1,
+                         Define to 1 if you have support for updwtmpx)])
+fi
+
 dnl Only test for OpenSSL headers, if not explicitly disabled
 if test "x$enable_ssl" != xno; then
  AC_CHECK_HEADERS([openssl/bio.h openssl/err.h openssl/ssl.h])
--- a/contrib/README-siab.rb
+++ b/contrib/README-siab.rb
--- a/contrib/siab.rb
+++ b/contrib/siab.rb
--- a/debian/README.available
+++ b/debian/README.available
--- a/debian/README.enabled
+++ b/debian/README.enabled
--- a/debian/README.source
+++ b/debian/README.source
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,50 @@
+shellinabox (2.20) unstable; urgency=medium
+
+  * Fixed issue #222, LOGIN service
+  * Fixed issue #360, ignore escape sequences to fix dir listing
+  * Fix for function key presses
+  * Adjusting scale on IE
+  * New option to disable peer check (#364)
+  * Add option for custom SSH port
+  * Support for APL characters
+  * PDF documentation
+  * Fix for BSD build
+  * New ready event support
+  * OpenSSL 1.1 fixes  (Closes: #828542)
+  * May build with MUSL library
+  * Documentation added that SSL support is optional and requires
+    installation of openssl on Debian. (Closes: #839067)
+  * Jessie requires explicit installation of openssl because the default
+    package does not include the necessary utilities to support creation
+    of certificates. (Closes: #839066)
+
+ -- Marc Singer <elf@debian.org>  Wed, 09 Nov 2016 09:52:24 -0800
+
+shellinabox (2.19) unstable; urgency=high
+
+  * Added support for middle-click paste, #350.
+  * Improved iOS support, #354.
+  * New logic to enable soft keyboard icon, #119, #321, #354.
+  * Disable HTTP fallback using the URL /plain.  Consequently disables
+    automatic upgrades from HTTP to HTTPS, #355. (CVE-2015-8400).
+
+ -- Marc Singer <elf@debian.org>  Sat, 05 Dec 2015 10:24:12 -0800
+
+shellinabox (2.18) unstable; urgency=low
+
+  * Fixed reverse vide rendering, #341.
+  * Using stdout for version information, #344.
+  * Added CGI session key in HTTP response.
+  * Child process cleanup, #103.
+  * Merged #340.
+  * Autoconf updates.
+  * Disabled utmp logging.
+  * Merge #338, killing children with HUP.
+  * Fixed handling of large HTTP requests.
+  * Enhanced logging clarity with prefix.
+
+ -- Marc Singer <elf@debian.org>  Sat, 10 Oct 2015 10:53:38 -0700
+
 shellinabox (2.17) unstable; urgency=medium

  * Generally, SSL updates.
--- a/debian/compat
+++ b/debian/compat
--- a/debian/control
+++ b/debian/control
@ -16,5 +16,7 @@ Suggests: openssl
 Description: publish command line shell through AJAX interface
 Shellinabox can export arbitrary command line programs to any JavaScript
 enabled web browser. By default, it prompts for username and password
- and then exports a SSL/TLS encrypted login shell. Shellinabox provides
- a VT100 compatible terminal emulator that runs within any modern browser.
+ and then exports a login shell. Shellinabox provides a VT100
+ compatible terminal emulator that runs within any modern
+ browser. Support for HTTPS protocol (SSL/TLS encryption) is optional
+ and requires installation of openssl.
--- a/debian/copyright
+++ b/debian/copyright
--- a/debian/docs
+++ b/debian/docs
--- a/debian/shellinabox.default
+++ b/debian/shellinabox.default
--- a/debian/shellinabox.dirs
+++ b/debian/shellinabox.dirs
--- a/debian/shellinabox.examples
+++ b/debian/shellinabox.examples
--- a/debian/shellinabox.lintian-overrides
+++ b/debian/shellinabox.lintian-overrides
--- a/debian/shellinabox.preinst
+++ b/debian/shellinabox.preinst
--- a/debian/shellinabox.prerm
+++ b/debian/shellinabox.prerm
--- a/debian/source/format
+++ b/debian/source/format
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
--- a/debian/source/options
+++ b/debian/source/options
--- a/demo/demo.html
+++ b/demo/demo.html
--- a/demo/demo.jspp
+++ b/demo/demo.jspp
--- a/demo/demo.xml
+++ b/demo/demo.xml
--- a/demo/keyboard.html
+++ b/demo/keyboard.html
--- a/etc-pam.d-shellinabox-example
+++ b/etc-pam.d-shellinabox-example
--- a/libhttp/hashmap.c
+++ b/libhttp/hashmap.c
--- a/libhttp/hashmap.h
+++ b/libhttp/hashmap.h
--- a/libhttp/http.h
+++ b/libhttp/http.h
@ -102,7 +102,7 @@ short serverConnectionSetEvents(Server *server, ServerConnection *connection,
 void serverExitLoop(Server *server, int exitAll);
 void serverLoop(Server *server);
 int  serverSupportsSSL();
-void serverEnableSSL(Server *server, int flag);
+void serverSetupSSL(Server *server, int enable, int force);
 void serverSetCertificate(Server *server, const char *filename,
                          int autoGenerateMissing);
 void serverSetCertificateFd(Server *server, int fd);
--- a/libhttp/httpconnection.c
+++ b/libhttp/httpconnection.c
@ -430,7 +430,7 @@ void destroyHttpConnection(struct HttpConnection *http) {
            http->peerName ? http->peerName : "???", http->peerPort);
    }
    httpShutdown(http, http->closed ? SHUT_WR : SHUT_RDWR);
-    dcheck(!close(http->fd));
+    dcheck(!close(http->fd) || errno != EBADF);
    free(http->peerName);
    free(http->url);
    free(http->method);
@ -1480,6 +1480,13 @@ int httpHandleConnection(struct ServerConnection *connection, void *http_,
          *events                   |= POLLIN;
          continue;
        }
+      } else {
+        if (http->ssl && http->ssl->enabled && http->ssl->force) {
+          debug("[http] Non-SSL connections not allowed!");
+          httpCloseRead(http);
+          bytes                      = 0;
+          eof                        = 1;
+        }
      }
    }

--- a/libhttp/httpconnection.h
+++ b/libhttp/httpconnection.h
--- a/libhttp/libhttp.sym
+++ b/libhttp/libhttp.sym
--- a/libhttp/server.c
+++ b/libhttp/server.c
@ -670,11 +670,12 @@ void serverLoop(struct Server *server) {
  server->looping                         = loopDepth - 1;
 }

-void serverEnableSSL(struct Server *server, int flag) {
-  if (flag) {
+void serverSetupSSL(struct Server *server, int enable, int force) {
+  if (enable) {
    check(serverSupportsSSL());
  }
-  sslEnable(&server->ssl, flag);
+  sslEnable(&server->ssl, enable);
+  sslForce(&server->ssl, force);
 }

 void serverSetCertificate(struct Server *server, const char *filename,
--- a/libhttp/server.h
+++ b/libhttp/server.h
@ -118,7 +118,7 @@ short serverConnectionSetEvents(struct Server *server,
                                short events);
 void serverExitLoop(struct Server *server, int exitAll);
 void serverLoop(struct Server *server);
-void serverEnableSSL(struct Server *server, int flag);
+void serverSetupSSL(struct Server *server, int enable, int force);
 void serverSetCertificate(struct Server *server, const char *filename,
                          int autoGenerateMissing);
 void serverSetCertificateFd(struct Server *server, int fd);
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@ -100,6 +100,7 @@ BIO_METHOD *  (*BIO_f_buffer)(void);
 void          (*BIO_free_all)(BIO *);
 BIO *         (*BIO_new)(BIO_METHOD *);
 BIO *         (*BIO_new_socket)(int, int);
+BIO *         (*BIO_next)(BIO *);
 BIO *         (*BIO_pop)(BIO *);
 BIO *         (*BIO_push)(BIO *, BIO *);
 #if defined(HAVE_OPENSSL_EC)
@ -167,6 +168,7 @@ struct SSLSupport *newSSL(void) {

 void initSSL(struct SSLSupport *ssl) {
  ssl->enabled               = serverSupportsSSL();
+  ssl->force                 = 0;
  ssl->sslContext            = NULL;
  ssl->sniCertificatePattern = NULL;
  ssl->generateMissing       = 0;
@ -279,6 +281,7 @@ static void loadSSL(void) {
    { { &BIO_free_all },                "BIO_free_all" },
    { { &BIO_new },                     "BIO_new" },
    { { &BIO_new_socket },              "BIO_new_socket" },
+    { { &BIO_next },                    "BIO_next" },
    { { &BIO_pop },                     "BIO_pop" },
    { { &BIO_push },                    "BIO_push" },
    { { &ERR_clear_error },             "ERR_clear_error" },
@ -410,7 +413,7 @@ static void sslGenerateCertificate(const char *certificate,
    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
      warn("[ssl] Failed to generate self-signed certificate \"%s\"!", certificate);
    } else {
-      info("[ssl] Certificate succesfully generated.");
+      info("[ssl] Certificate successfully generated.");
    }
  }
 }
@ -674,7 +677,7 @@ static SSL_CTX *sslMakeContext(void) {

  SSL_CTX_set_info_callback(context, sslInfoCallback);

-  debug("[ssl] Server context succesfully initialized...");
+  debug("[ssl] Server context successfully initialized...");
  return context;
 }
 #endif
@ -894,6 +897,12 @@ int sslEnable(struct SSLSupport *ssl, int enabled) {
  return old;
 }

+int sslForce(struct SSLSupport *ssl, int force) {
+  int old      = ssl->force;
+  ssl->force   = force;
+  return old;
+}
+
 void sslBlockSigPipe(void) {
  sigset_t set;
  sigemptyset(&set);
@ -1006,6 +1015,14 @@ int sslPromoteToSSL(struct SSLSupport *ssl, SSL **sslHndl, int fd,
 #endif
 }

+BIO *sslGetNextBIO(BIO *b) {
+#if OPENSSL_VERSION_NUMBER <= 0x10100000L
+  return b->next_bio;
+#else
+  return BIO_next(b);
+#endif
+}
+
 void sslFreeHndl(SSL **sslHndl) {
 #if defined(HAVE_OPENSSL)
  if (*sslHndl) {
@ -1013,24 +1030,23 @@ void sslFreeHndl(SSL **sslHndl) {
    // BIOs. This is particularly a problem if an SSL connection has two
    // different BIOs for the read and the write end, with one being a stacked
    // derivative of the other. Unfortunately, this is exactly the scenario
-    // that we set up.
+    // that we set up with call to "BIO_push(readBIO, writeBIO)" in function
+    // "sslPromoteToSSL()".
    // As a work-around, we un-stack the BIOs prior to freeing the SSL
    // connection.
+    debug("[ssl] Freeing SSL handle.");
    ERR_clear_error();
    BIO *writeBIO, *readBIO;
    check(writeBIO    = SSL_get_wbio(*sslHndl));
    check(readBIO     = SSL_get_rbio(*sslHndl));
    if (writeBIO != readBIO) {
-      if (readBIO->next_bio == writeBIO) {
-        // OK, that's exactly the bug we are looking for. We know how to
-        // fix it.
+      if (sslGetNextBIO(readBIO) == writeBIO) {
+        // OK, that's exactly the bug we are looking for. We know that
+        // writeBIO needs to be removed from readBIO chain.
+        debug("[ssl] Removing stacked write BIO!");
        check(BIO_pop(readBIO) == writeBIO);
-        check(readBIO->references == 1);
-        check(writeBIO->references == 1);
-        check(!readBIO->next_bio);
-        check(!writeBIO->prev_bio);
-      } else if (readBIO->next_bio == writeBIO->next_bio &&
-                 writeBIO->next_bio->prev_bio == writeBIO) {
+        check(!sslGetNextBIO(readBIO));
+      } else if (sslGetNextBIO(readBIO) == sslGetNextBIO(writeBIO)) {
        // Things get even more confused, if the SSL handshake is aborted
        // prematurely.
        // OpenSSL appears to internally stack a BIO onto the read end that
@ -1039,15 +1055,13 @@ void sslFreeHndl(SSL **sslHndl) {
        // reading and one for writing). In this case, not only is the
        // reference count wrong, but the chain of next_bio/prev_bio pairs
        // is corrupted, too.
+        warn("[ssl] Removing stacked socket BIO!");
        BIO *sockBIO;
        check(sockBIO = BIO_pop(readBIO));
        check(sockBIO == BIO_pop(writeBIO));
-        check(readBIO->references == 1);
-        check(writeBIO->references == 1);
-        check(sockBIO->references == 1);
-        check(!readBIO->next_bio);
-        check(!writeBIO->next_bio);
-        check(!sockBIO->prev_bio);
+        check(!sslGetNextBIO(readBIO));
+        check(!sslGetNextBIO(writeBIO));
+        check(!sslGetNextBIO(sockBIO));
        BIO_free_all(sockBIO);
      } else {
        // We do not know, how to fix this situation. Something must have
--- a/libhttp/ssl.h
+++ b/libhttp/ssl.h
@ -82,6 +82,7 @@ extern BIO_METHOD *(*x_BIO_f_buffer)(void);
 extern void    (*x_BIO_free_all)(BIO *);
 extern BIO    *(*x_BIO_new)(BIO_METHOD *);
 extern BIO    *(*x_BIO_new_socket)(int, int);
+extern BIO    *(*x_BIO_next)(BIO *);
 extern BIO    *(*x_BIO_pop)(BIO *);
 extern BIO    *(*x_BIO_push)(BIO *, BIO *);
 #if defined(HAVE_OPENSSL_EC)
@ -131,6 +132,7 @@ extern void   *(*x_SSL_COMP_get_compression_methods)(void);
 #define BIO_free_all                 x_BIO_free_all
 #define BIO_new                      x_BIO_new
 #define BIO_new_socket               x_BIO_new_socket
+#define BIO_next                     x_BIO_next
 #define BIO_pop                      x_BIO_pop
 #define BIO_push                     x_BIO_push
 #define EC_KEY_free                  x_EC_KEY_free
@ -198,6 +200,7 @@ extern void   *(*x_SSL_COMP_get_compression_methods)(void);

 struct SSLSupport {
  int         enabled;
+  int         force;
  SSL_CTX     *sslContext;
  char        *sniCertificatePattern;
  int         generateMissing;
@ -214,6 +217,7 @@ void sslSetCertificate(struct SSLSupport *ssl, const char *filename,
                       int autoGenerateMissing);
 void sslSetCertificateFd(struct SSLSupport *ssl, int fd);
 int  sslEnable(struct SSLSupport *ssl, int enabled);
+int  sslForce(struct SSLSupport *ssl, int force);
 void sslBlockSigPipe();
 int  sslUnblockSigPipe();
 int  sslPromoteToSSL(struct SSLSupport *ssl, SSL **sslHndl, int fd,
--- a/libhttp/trie.c
+++ b/libhttp/trie.c
--- a/libhttp/trie.h
+++ b/libhttp/trie.h
--- a/libhttp/url.c
+++ b/libhttp/url.c
--- a/libhttp/url.h
+++ b/libhttp/url.h
--- a/logging/logging.c
+++ b/logging/logging.c
@ -100,7 +100,11 @@ void error(const char *fmt, ...) {
  va_start(ap, fmt);
  debugMsg(MSG_ERROR, fmt, ap);
 #ifdef HAVE_SYSLOG_H
-  vsyslog(LOG_ERR, fmt, ap);
+  va_list apSyslog;
+  va_copy(apSyslog, ap);
+  va_start(apSyslog, fmt);
+  vsyslog(LOG_ERR, fmt, apSyslog);
+  va_end(apSyslog);
 #endif
  va_end(ap);
 }
@ -117,7 +121,11 @@ void fatal(const char *fmt, ...) {
  va_start(ap, fmt);
  debugMsg(MSG_QUIET, fmt, ap);
 #ifdef HAVE_SYSLOG_H
-  vsyslog(LOG_CRIT, fmt, ap);
+  va_list apSyslog;
+  va_copy(apSyslog, ap);
+  va_start(apSyslog, fmt);
+  vsyslog(LOG_CRIT, fmt, apSyslog);
+  va_end(apSyslog);
  syslog(LOG_CRIT, "[server] Aborting...");
 #endif
  va_end(ap);
--- a/logging/logging.h
+++ b/logging/logging.h
--- a/m4/.gitignore
+++ b/m4/.gitignore
--- a/misc/embedded.html
+++ b/misc/embedded.html
@ -14,7 +14,7 @@

 	For communication with Shell In A Box we need to set '-m' (messages-origin)
 	command line option with appropriate messages origin. Origin should be set to
-	URL of parent (this) window. If origin is set to '*' Shell In A Box won't checki
+	URL of parent (this) window. If origin is set to '*' Shell In A Box won't check
 	origin on received messages. This is usually unsafe option.

 	Command line example:
@ -25,7 +25,7 @@
 	# Client Side
 	#

-	Shell In A Box accepts messages formated as JSON strings with 'type' and 'data'
+	Shell In A Box accepts messages formatted as JSON strings with 'type' and 'data'
 	fields. Messages with same format can be passed back to parent (this) window.

 	Message example:
@ -59,6 +59,9 @@

 	Following types of messages can be received from shellinabox:

+	* ready
+		signals that shellinabox is ready to send and receive messages
+
 	* output
 		data field contains terminal output

@ -140,10 +143,6 @@
 		var output  = document.getElementById("output");
 		var session = document.getElementById("session");

-		// Add url to our iframe. We do this, only that variable 'url' can be used
-		// throughout the whole code where needed.
-		iframe.src = url;
-
 		document.getElementById("execute").addEventListener("click", function() {
 			// Send input to shellinabox
 			var message = JSON.stringify({
@ -209,6 +208,15 @@
 			// Handle response according to response type
 			var decoded = JSON.parse(message.data);
 			switch (decoded.type) {
+			case "ready":
+				// Shellinabox is ready to communicate and we will enable console output
+				// by default.
+				var message = JSON.stringify({
+					type : 'output',
+					data : 'enable'
+				});
+				iframe.contentWindow.postMessage(message, url);
+				break;
 			case "output" :
 				// Append new output
 				output.innerHTML = output.innerHTML + decoded.data;
@ -220,6 +228,9 @@
 			}
 		}, false);

+		// Add url to our iframe after the event listener is installed.
+		iframe.src = url;
+
 	</script>

 </body>
--- a/misc/preview.gif
+++ b/misc/preview.gif
--- a/misc/preview.png
+++ b/misc/preview.png
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -ex
+
+if [[ "--help" == "${1}" ]]; then
+echo "bash ./sgit user.email commit"
+fi
+
+if [[ -z "${2}" ]]; then
+echo "Bitte email und commit angeben!!!"
+exit 1
+fi
+
+git config --global user.email "${1}"
+git config --global user.name "${1}"
+git status
+git pull
+git add --all
+git commit --all -m "${2}"
+git show
+git push
+git status
--- a/shellinabox.service
+++ b/shellinabox.service
@ -0,0 +1,9 @@
+[Unit]
+Description=shellinabox
+
+[Service]
+Type=oneshot
+ExecStart=/opt/shellinabox/shellinaboxd -t --service=/:webssh:webssh:HOME:'/home/webssh/shellinabox_sshwrapper.sh'
+
+[Install]
+WantedBy=multi-user.target
--- a/shellinabox/beep.wav
+++ b/shellinabox/beep.wav
--- a/shellinabox/black-on-white.css
+++ b/shellinabox/black-on-white.css
@ -0,0 +1,16 @@
+#vt100 .ansiDefR {
+  color:            #ffffff;
+}
+
+#vt100 .bgAnsiDefR {
+  background-color: #000000;
+}
+
+#vt100 #scrollable.inverted .ansiDefR {
+  color:            #000000;
+}
+
+#vt100 #scrollable.inverted .bgAnsiDefR {
+  background-color: #ffffff;
+}
+
--- a/shellinabox/cgi_root.html
+++ b/shellinabox/cgi_root.html
--- a/shellinabox/color.css
+++ b/shellinabox/color.css
@ -2,6 +2,7 @@

 /* SYSTEM colors */
 #vt100 .ansiDef   {                            }
+#vt100 .ansiDefR  {                            }

 #vt100 .ansi0     { color:            #000000; }
 #vt100 .ansi1     { color:            #cd0000; }
@ -264,6 +265,7 @@

 /* SYSTEM colors */
 #vt100 .bgAnsiDef {                            }
+#vt100 .bgAnsiDefR {                            }

 #vt100 .bgAnsi0   { background-color: #000000; }
 #vt100 .bgAnsi1   { background-color: #cd0000; }
--- a/shellinabox/enabled.gif
+++ b/shellinabox/enabled.gif
--- a/shellinabox/externalfile.c
+++ b/shellinabox/externalfile.c
--- a/shellinabox/externalfile.h
+++ b/shellinabox/externalfile.h
--- a/shellinabox/favicon.ico
+++ b/shellinabox/favicon.ico
--- a/shellinabox/keyboard-layout.html
+++ b/shellinabox/keyboard-layout.html
--- a/shellinabox/keyboard.png
+++ b/shellinabox/keyboard.png
--- a/shellinabox/launcher.c
+++ b/shellinabox/launcher.c
@ -63,6 +63,7 @@
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/ttydefaults.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/utsname.h>
--- a/shellinabox/launcher.h
+++ b/shellinabox/launcher.h
--- a/shellinabox/monochrome.css
+++ b/shellinabox/monochrome.css
--- a/shellinabox/print-styles.css
+++ b/shellinabox/print-styles.css
--- a/shellinabox/privileges.c
+++ b/shellinabox/privileges.c
--- a/shellinabox/privileges.h
+++ b/shellinabox/privileges.h
--- a/shellinabox/root_page.html
+++ b/shellinabox/root_page.html
--- a/shellinabox/service.c
+++ b/shellinabox/service.c
@ -121,18 +121,29 @@ void initService(struct Service *service, const char *arg) {
    service->group                          = NULL;
    check(service->cwd                      = strdup("/"));
    char *host;
+    char *sshPort;
    check(host                              = strdup("localhost"));
+    check(sshPort                           = strdup("22"));
+
    if ((ptr                                = strchr(arg, ':')) != NULL) {
-      check(ptr                             = strdup(ptr + 1));
-      char *end;
-      if ((end                              = strchr(ptr, ':')) != NULL) {
-        *end                                = '\000';
-      }
+      ptr                                   = ptr + 1;
      if (*ptr) {
-        free(host);
-        host                                = ptr;
-      } else {
-        free(ptr);
+        char *tmp                           = strchr(ptr, ':');
+        if (tmp == NULL) {
+          // If the second ":" is not found, keep as host whatever is after first ":".
+          free(host);
+          check(host                        = strdup(ptr));
+        } else {
+          // If we find a second ":", keep as a host whatever is in between first ":"
+          // and second ":" and as sshPort whatever is after second ":".
+          int size                          = (tmp - ptr + 1);
+          free(host);
+          free(sshPort);
+          check(host                        = malloc(size));
+          memset(host, 0, size);
+          memcpy(host, ptr, size - 1);
+          check(sshPort                     = strdup(tmp + 1));
+        }
      }
    }

@ -148,6 +159,15 @@ void initService(struct Service *service, const char *arg) {
      }
    }

+    // Don't allow manipulation of the SSH command line through "creative" use
+    // of the port.
+    for (char *h = sshPort; *h; h++) {
+      char ch                               = *h;
+      if (!(ch >= '0' && ch <= '9')) {
+        fatal("[config] Invalid port \"%s\" in service definition!", sshPort);
+      }
+    }
+
    service->cmdline                        = stringPrintf(NULL,
      "ssh -a -e none -i /dev/null -x -oChallengeResponseAuthentication=no "
          "-oCheckHostIP=no -oClearAllForwardings=yes -oCompression=no "
@ -162,8 +182,9 @@ void initService(struct Service *service, const char *arg) {
 //          feature, we cannot be sure that it is available on the
 //          target server.  Removing it for the sake of Centos.
 //          "-oVisualHostKey=no"
-          " -oLogLevel=FATAL %%s@%s", host);
+          " -oLogLevel=FATAL -p%s %%s@%s",sshPort,  host);
    free(host);
+    free(sshPort);
  } else {
    service->useLogin                       = 0;

--- a/shellinabox/service.h
+++ b/shellinabox/service.h
--- a/shellinabox/session.c
+++ b/shellinabox/session.c
@ -116,9 +116,11 @@ void initSession(struct Session *session, const char *sessionKey,
  session->http           = NULL;
  session->done           = 0;
  session->pty            = -1;
+  session->ptyFirstRead   = 1;
  session->width          = 0;
  session->height         = 0;
  session->buffered       = NULL;
+  session->useLogin       = 0;
  session->len            = 0;
  session->pid            = 0;
  session->cleanup        = 0;
--- a/shellinabox/session.h
+++ b/shellinabox/session.h
@ -58,9 +58,11 @@ struct Session {
  HttpConnection   *http;
  int              done;
  int              pty;
+  int              ptyFirstRead;
  int              width;
  int              height;
  char             *buffered;
+  int              useLogin;
  int              len;
  pid_t            pid;
  int              cleanup;
--- a/shellinabox/shell_in_a_box.jspp
+++ b/shellinabox/shell_in_a_box.jspp
@ -406,6 +406,9 @@ ShellInABox.prototype.messageInit = function() {
    }
  }

+  // After message mechanisms are in place "ready" message is sent to parent
+  // window.
+  parent.postMessage(JSON.stringify({type : 'ready', data : ''}), '*');
 };

 ShellInABox.prototype.messageReceive = function (message) {
--- a/shellinabox/shellinaboxd.c
+++ b/shellinabox/shellinaboxd.c
@ -63,7 +63,7 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/un.h>
-
+#include <time.h>
 #include <unistd.h>

 #ifdef HAVE_SYS_PRCTL_H
@ -110,8 +110,10 @@ static int            portMax;
 static int            localhostOnly     = 0;
 static int            noBeep            = 0;
 static int            numericHosts      = 0;
+static int            peerCheckEnabled  = 1;
 static int            enableSSL         = 1;
 static int            enableSSLMenu     = 1;
+static int            forceSSL          = 1; // TODO enable http fallback with commandline option
 int                   enableUtmpLogging = 1;
 static char           *messagesOrigin   = NULL;
 static int            linkifyURLs       = 1;
@ -290,6 +292,13 @@ static void sessionDone(void *arg) {
  completePendingRequest(session, "", 0, INT_MAX);
 }

+static void delaySession(void) {
+  struct timespec ts;
+  ts.tv_sec              = 0;
+  ts.tv_nsec             = 200 * 1000; // Delay for 0.2 ms
+  nanosleep(&ts, NULL);
+}
+
 static int handleSession(struct ServerConnection *connection, void *arg,
                         short *events, short revents) {
  struct Session *session       = (struct Session *)arg;
@ -309,7 +318,7 @@ static int handleSession(struct ServerConnection *connection, void *arg,
  int timedOut                  = serverGetTimeout(connection) < 0;
  if (bytes || timedOut) {
    if (!session->http && timedOut) {
-      debug("[server] Timeout. Closing session!");
+      debug("[server] Timeout. Closing session %s!", session->sessionKey);
      session->cleanup = 1;
      return 0;
    }
@ -323,8 +332,26 @@ static int handleSession(struct ServerConnection *connection, void *arg,
      *events                   = 0;
    }
    serverSetTimeout(connection, AJAX_TIMEOUT);
+    session->ptyFirstRead       = 0;
    return 1;
  } else {
+    if (revents & POLLHUP) {
+      if (session->useLogin && session->ptyFirstRead) {
+        // Workaround for random "Session closed" issues related to /bin/login
+        // closing and reopening our pty during initialization. This happens only
+        // on some systems like Fedora for example.
+        // Here we allow that our pty is closed by ignoring POLLHUP on first read.
+        // Delay is also needed so that login process has some time to reopen pty.
+        // Note that the issue may occur anyway but with workaround we reduce the
+        // chances.
+        debug("[server] POLLHUP received on login PTY first read!");
+        session->ptyFirstRead   = 0;
+        delaySession();
+        return 1;
+      }
+      debug("[server] POLLHUP received on PTY! Closing session %s!",
+            session->sessionKey);
+    }
    return 0;
  }
 }
@ -367,7 +394,7 @@ static int dataHandler(HttpConnection *http, struct Service *service,
  }

  // Sanity check
-  if (!sessionIsNew && strcmp(session->peerName, httpGetPeerName(http))) {
+  if (!sessionIsNew && peerCheckEnabled && strcmp(session->peerName, httpGetPeerName(http))) {
    error("[server] Peername changed from %s to %s",
          session->peerName, httpGetPeerName(http));
    httpSendReply(http, 400, "Bad Request", NO_MSG);
@ -401,6 +428,7 @@ static int dataHandler(HttpConnection *http, struct Service *service,
      goto bad_new_session;
    }
    session->http         = http;
+    session->useLogin     = service->useLogin;
    if (launchChild(service->id, session,
                    rootURL && *rootURL ? rootURL : urlGetURL(url)) < 0) {
      abandonSession(session);
@ -768,7 +796,7 @@ static void usage(void) {
  const char *user  = getUserName(r_uid);
  const char *group = getGroupName(r_gid);

-  message("Usage: shellinaboxd [OPTIONS]...\n"
+  printf("Usage: shellinaboxd [OPTIONS]...\n"
          "Starts an HTTP server that serves terminal emulators to AJAX "
          "enabled browsers.\n"
          "\n"
@ -781,7 +809,7 @@ static void usage(void) {
          "  -f, --static-file=URL:FILE  serve static file from URL path\n"
          "  -g, --group=GID             switch to this group (default: %s)\n"
          "  -h, --help                  print this message\n"
-          "      --linkify=[none|normal|agressive] default is \"normal\"\n"
+          "      --linkify=[none|normal|aggressive] default is \"normal\"\n"
          "      --localhost-only        only listen on 127.0.0.1\n"
          "      --no-beep               suppress all audio output\n"
          "  -n, --numeric               do not resolve hostnames\n"
@ -797,6 +825,7 @@ static void usage(void) {
          "      --user-css=STYLES       defines user-selectable CSS options\n"
          "  -v, --verbose               enable logging messages\n"
          "      --version               prints version information\n"
+          "      --disable-peer-check    disable peer check on a session\n"
          "\n"
          "Debug, quiet, and verbose are mutually exclusive.\n"
          "\n"
@ -835,7 +864,8 @@ static void usage(void) {
          "\n"
          "OPTIONs that make up a GROUP are mutually exclusive. But "
          "individual GROUPs are\n"
-          "independent of each other.\n",
+          "independent of each other.\n"
+          "\n",
          !serverSupportsSSL() ? "" :
          "  -c, --cert=CERTDIR          set certificate dir "
          "(default: $PWD)\n"
@ -867,6 +897,7 @@ static void parseArgs(int argc, char * const argv[]) {
  int hasSSL               = serverSupportsSSL();
  if (!hasSSL) {
    enableSSL              = 0;
+    forceSSL               = 0;
  }
  int demonize             = 0;
  int cgi                  = 0;
@ -905,6 +936,7 @@ static void parseArgs(int argc, char * const argv[]) {
      { "user-css",             1, 0,  0  },
      { "verbose",              0, 0, 'v' },
      { "version",              0, 0,  0  },
+      { "disable-peer-check",   0, 0,  0  },
      { 0,                  0, 0,  0  } };
    int idx                = -1;
    int c                  = getopt_long(argc, argv, optstring, options, &idx);
@ -1124,6 +1156,7 @@ static void parseArgs(int argc, char * const argv[]) {
        warn("[config] Ignoring disable-ssl option, as SSL support is unavailable.");
      }
      enableSSL            = 0;
+      forceSSL             = 0;
    } else if (!idx--) {
      // Disable SSL Menu
      if (!hasSSL) {
@ -1211,18 +1244,22 @@ static void parseArgs(int argc, char * const argv[]) {
      logSetLogLevel(verbosity);
    } else if (!idx--) {
      // Version
-      message("ShellInABox version " VERSION VCS_REVISION);
+      printf("ShellInABox version " VERSION VCS_REVISION "\n");
      exit(0);
+    } else if (!idx--) {
+      // disable-peer-check
+      peerCheckEnabled = 0;
    }
  }
  if (optind != argc) {
-    usage();
    fatal("[config] Failed to parse command line!");
  }
  char *buf                = NULL;
  check(argc >= 1);
+
+  info("[server] Version " VERSION VCS_REVISION);
  for (int i = 0; i < argc; i++) {
-    buf                    = stringPrintf(buf, " %s", argv[i]);
+    buf                    = stringPrintf(buf, "%s ", argv[i]);
  }
  info("[server] Command line: %s", buf);
  free(buf);
@ -1300,7 +1337,8 @@ static void removeLimits() {
 }

 static void setUpSSL(Server *server) {
-  serverEnableSSL(server, enableSSL);
+
+  serverSetupSSL(server, enableSSL, forceSSL);

  // Enable SSL support (if available)
  if (enableSSL) {
@ -1372,8 +1410,9 @@ int main(int argc, char * const argv[]) {
    check(port    = serverGetListeningPort(server));
    printf("X-ShellInABox-Port: %d\r\n"
           "X-ShellInABox-Pid: %d\r\n"
+           "X-ShellInABox-Session: %s\r\n"
           "Content-type: text/html; charset=utf-8\r\n\r\n",
-           port, getpid());
+           port, getpid(), cgiSessionKey);
    UNUSED(cgiRootSize);
    printfUnchecked(cgiRootStart, port, cgiSessionKey);
    fflush(stdout);
--- a/shellinabox/shellinaboxd.man.in
+++ b/shellinabox/shellinaboxd.man.in
@ -282,7 +282,7 @@ Display a brief usage message showing the valid command line parameters.
 .TP
 \fB--linkify\fP=[\fBnone\fP|\fBnormal\fP|\fBaggressive\fP]
 the daemon attempts to recognize URLs in the terminal output and makes them
-clickable. This is not neccessarily a fool-proof process and both false
+clickable. This is not necessarily a fool-proof process and both false
 negatives and false positives are possible. By default, only URLs starting
 with a well known protocol of
 .BR http:// ,\  https:// ,\  ftp:// ,\ or\  mailto:
--- a/shellinabox/styles.css
+++ b/shellinabox/styles.css
@ -243,9 +243,12 @@
 [else DEFINES_COLORS]
 /* SYSTEM colors */
 #vt100 .ansiDef   { color:            #000000; }
+#vt100 .ansiDefR  { color:            #ffffff; }

 #vt100 #scrollable.inverted .ansiDef
                  { color:            #ffffff; }
+#vt100 #scrollable.inverted .ansiDefR
+                  { color:            #000000; }

 #vt100 .ansi0     { color:            #000000; }
 #vt100 .ansi1     { color:            #cd0000; }
@ -508,9 +511,13 @@

 /* SYSTEM colors */
 #vt100 .bgAnsiDef { background-color: #ffffff; }
+#vt100 .bgAnsiDefR
+                  { background-color: #000000; }

 #vt100 #scrollable.inverted .bgAnsiDef
                  { background-color: #000000; }
+#vt100 #scrollable.inverted .bgAnsiDefR
+                  { background-color: #ffffff; }

 #vt100 .bgAnsi0   { background-color: #000000; }
 #vt100 .bgAnsi1   { background-color: #cd0000; }
--- a/shellinabox/usercss.c
+++ b/shellinabox/usercss.c
--- a/shellinabox/usercss.h
+++ b/shellinabox/usercss.h
--- a/shellinabox/vt100.jspp
+++ b/shellinabox/vt100.jspp
@ -83,6 +83,7 @@
 #define EStitle        17
 #define ESss2          18
 #define ESss3          19
+#define ESVTEtitle     20

 #define ATTR_DEFAULT   0x60F0
 #define ATTR_REVERSE   0x0100
@ -297,6 +298,12 @@ VT100.prototype.getUserSettings = function() {
    this.disableAlt         = true;
  }

+  // Enable soft keyboard icon on some clients by default.
+  if (navigator.userAgent.match(/iPad|iPhone|iPod/i) != null ||
+      navigator.userAgent.match(/PlayStation Vita|Kindle/i) != null) {
+    this.softKeyboard       = true;
+  }
+
  if (this.visualBell) {
    this.signature          = Math.floor(16807*this.signature + 1) %
                                         ((1 << 31) - 1);
@ -1198,8 +1205,8 @@ VT100.prototype.resizer = function() {
                                     document.documentElement.clientHeight ||
                                     document.body.clientHeight))-1;

-  // Prevent ever growing consoles on iPad.
-  if (navigator.userAgent.match(/iPad/i) != null) {
+  // Prevent ever growing console on some iOS clients.
+  if (navigator.userAgent.match(/iPad|iPhone|iPod/i) != null) {
    height                    -= 1;
  }

@ -1429,6 +1436,25 @@ VT100.prototype.mouseEvent = function(event, type) {
    return this.cancelEvent(event);
  }

+  // Simulate middle click pasting from inside of current window. Note that
+  // pasting content from other programs will not work in this way, since we
+  // don't have access to native clipboard.
+  if ((event.which || event.button) == 2 && selection.length) {
+    if (type == MOUSE_UP) {
+      // Use timeout to prevent double paste on Chrome/Linux.
+      setTimeout(function (vt100) {
+        return function() {
+          vt100.keysPressed(selection);
+          vt100.input.focus();
+        }
+      }(this), 10);
+    }
+    if (type == MOUSE_DOWN) {
+      // Prevent middle click scroll on Windows systems.
+      return this.cancelEvent(event);
+    }
+  }
+
  if (this.mouseReporting) {
    try {
      event.shiftKey         = false;
@ -1578,7 +1604,10 @@ VT100.prototype.updateWidth = function() {
      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
    }
  } else {
-    this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
+    if ("ActiveXObject" in window)
+      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale*0.95);
+    else
+      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
  }

  return this.terminalWidth;
@ -2815,7 +2844,7 @@ VT100.prototype.handleKey = function(event) {
      ch                              = part1                                 +
                                       ((event.shiftKey             ? 1 : 0)  +
                                        (event.altKey|event.metaKey ? 2 : 0)  +
-                                        (event.ctrlKey              ? 4 : 0)) +
+                                        (event.ctrlKey              ? 4 : 0) + 1) +
                                        part2;
    } else if (ch.length == 1 && (event.altKey || event.metaKey)
               && !this.disableAlt) {
@ -2885,9 +2914,9 @@ VT100.prototype.fixEvent = function(event) {
  // Some browsers fail to translate keys, if both shift and alt/meta is
  // pressed at the same time. We try to translate those cases, but that
  // only works for US keyboard layouts.
+  var u                   = undefined;
+  var s                   = undefined;
  if (event.shiftKey) {
-    var u                   = undefined;
-    var s                   = undefined;
    switch (this.lastNormalKeyDownEvent.keyCode) {
    case  39: /* ' -> " */ u = 39; s =  34; break;
    case  44: /* , -> < */ u = 44; s =  60; break;
@ -2928,17 +2957,23 @@ VT100.prototype.fixEvent = function(event) {
    case 222: /* ' -> " */ u = 39; s =  34; break;
    default:                                break;
    }
-    if (s && (event.charCode == u || event.charCode == 0)) {
-      var fake              = [ ];
-      fake.charCode         = s;
-      fake.keyCode          = event.keyCode;
-      fake.ctrlKey          = event.ctrlKey;
-      fake.shiftKey         = event.shiftKey;
-      fake.altKey           = event.altKey;
-      fake.metaKey          = event.metaKey;
-      return fake;
+  } else {
+    var c = this.lastNormalKeyDownEvent.keyCode;
+    if (c >= 65 && c <= 90) {
+      u = c;
+      s = u | 32;
    }
  }
+  if (s && (event.charCode == u || event.charCode == 0)) {
+    var fake              = [ ];
+    fake.charCode         = s;
+    fake.keyCode          = event.keyCode;
+    fake.ctrlKey          = event.ctrlKey;
+    fake.shiftKey         = event.shiftKey;
+    fake.altKey           = event.altKey;
+    fake.metaKey          = event.metaKey;
+    return fake;
+  }
  return event;
 };

@ -3023,10 +3058,8 @@ VT100.prototype.keyDown = function(event) {
    } else {
      fake.charCode             = 0;
      fake.keyCode              = event.keyCode;
-      if (!alphNumKey && event.shiftKey) {
-        fake                    = this.fixEvent(fake);
-      }
    }
+    fake                        = this.fixEvent(fake);

    this.handleKey(fake);
    this.lastNormalKeyDownEvent = undefined;
@ -3141,9 +3174,9 @@ VT100.prototype.keyUp = function(event) {
      } else {
        fake.charCode             = 0;
        fake.keyCode              = event.keyCode;
-        if (!alphNumKey && (event.ctrlKey || event.altKey || event.metaKey)) {
-          fake                    = this.fixEvent(fake);
-        }
+      }
+      if (event.ctrlKey || event.altKey || event.metaKey) {
+        fake                      = this.fixEvent(fake);
      }
      this.lastNormalKeyDownEvent = undefined;
      this.handleKey(fake);
@ -3351,44 +3384,50 @@ VT100.prototype.respondSecondaryDA = function() {


 VT100.prototype.updateStyle = function() {
-  this.style   = '';
+  var fg          = '';
+  var bg          = '';
+  this.style      = '';
+
  if (this.attr & ATTR_UNDERLINE) {
-    this.style = 'text-decoration: underline;';
-  }
-  var bg       = (this.attr >> 4) & 0xF;
-  var fg       =  this.attr       & 0xF;
-  if (this.attr & ATTR_REVERSE) {
-    var tmp    = bg;
-    bg         = fg;
-    fg         = tmp;
-  }
-  if ((this.attr & (ATTR_REVERSE | ATTR_DIM)) == ATTR_DIM) {
-    fg         = 8; // Dark grey
-  } else if (this.attr & ATTR_BRIGHT) {
-    fg        |= 8;
-    this.style = 'font-weight: bold;';
+    this.style   += 'text-decoration: underline;';
  }
  if (this.attr & ATTR_BLINK) {
-    this.style = 'text-decoration: blink;';
+    this.style   += 'text-decoration: blink;';
  }

-  // Default colors
-  if (this.attr & ATTR_DEF_FG) {
-    fg         = 'Def';
-  }
-  if (this.attr & ATTR_DEF_BG) {
-    bg         = 'Def';
-  }
-
-  // Extended color mode support (256 colors).
+  // Forground color
  if (this.attrFg) {
-    fg         = this.attrFg;
-  }
-  if (this.attrBg) {
-    bg         = this.attrBg;
+    // 256 color mode
+    fg            = this.attrFg
+  } else if (this.attr & ATTR_DEF_FG) {
+    fg            = 'Def';
+  } else {
+    fg            = this.attr & 0xF;
+    if (this.attr & ATTR_BRIGHT) {
+      fg         |= 8;
+      this.style += 'font-weight: bold;';
+    }
  }

-  this.color   = 'ansi' + fg + ' bgAnsi' + bg;
+  // Background color
+  if (this.attrBg) {
+    // 256 color mode
+    bg            = this.attrBg
+  } else if (this.attr & ATTR_DEF_BG) {
+    bg            = 'Def';
+  } else {
+    bg            = (this.attr >> 4) & 0xF;
+  }
+
+  // Reverse colors
+  if (this.attr & ATTR_REVERSE) {
+    var tmpFg     = fg;
+    var tmpBg     = bg;
+    fg            = (tmpBg == 'Def') ? 'DefR' : tmpBg;
+    bg            = (tmpFg == 'Def') ? 'DefR' : tmpFg;
+  }
+
+  this.color      = 'ansi' + fg + ' bgAnsi' + bg;
 };

 VT100.prototype.setAttrColors = function(attr) {
@ -3869,7 +3908,7 @@ VT100.prototype.csim = function() {
    case 27: this.attr &= ~ ATTR_REVERSE;                              break;
    case 38:
      if (this.npar >= (i+2) && this.par[i+1] == 5) {
-        // Foreground color for extended color mode (256 colors). Escape code is formated
+        // Foreground color for extended color mode (256 colors). Escape code is formatted
        // as: ESC 38; 5; 0-255. Last parameter is color code in range [0-255]. This is
        // not VT100 standard.
        this.attrFg     = (this.par[i+2] >= 0 && this.par[i+2] <= 255) ? this.par[i+2] : false;
@ -3885,7 +3924,7 @@ VT100.prototype.csim = function() {
      break;
    case 48:
      if (this.npar >= (i+2) && this.par[i+1] == 5) {
-        // Background color for extended color mode (256 colors). Escape code is formated
+        // Background color for extended color mode (256 colors). Escape code is formatted
        // as: ESC 48; 5; 0-255. Last parameter is color code in range [0-255]. This is
        // not VT100 standard.
        this.attrBg     = (this.par[i+2] >= 0 && this.par[i+2] <= 255) ? this.par[i+2] : false;
@ -4015,6 +4054,8 @@ VT100.prototype.doControl = function(ch) {
 /*0*/ case 0x30:
 /*1*/ case 0x31:
 /*2*/ case 0x32: this.isEsc   = EStitle; this.titleString = '';         break;
+/*6*/ case 0x36: this.isEsc   = ESVTEtitle;                             break;
+/*7*/ case 0x37: this.isEsc   = ESVTEtitle;                             break;
 /*P*/ case 0x50: this.npar    = 0; this.par = [ 0, 0, 0, 0, 0, 0, 0 ];
                 this.isEsc   = ESpalette;                              break;
 /*R*/ case 0x52: // Palette support is not implemented
@ -4242,6 +4283,13 @@ VT100.prototype.doControl = function(ch) {
      this.lastCharacter      = String.fromCharCode(ch);
      lineBuf                += this.lastCharacter;
      this.isEsc              = ESnormal;                               break;
+    case ESVTEtitle:
+      // Ignores VTE escape sequences for current directory (OSC6) and current
+      // file (OSC7).
+      if (ch == 0x07 || ch == 0x5C) {
+        this.isEsc            = ESnormal;
+      }
+      break;
    default:
      this.isEsc              = ESnormal;                               break;
    }
--- a/shellinabox/white-on-black.css
+++ b/shellinabox/white-on-black.css
@ -24,14 +24,30 @@
  color:            #ffffff;
 }

+#vt100 .ansiDefR {
+  color:            #000000;
+}
+
 #vt100 .bgAnsiDef {
  background-color: #000000;
 }

+#vt100 .bgAnsiDefR {
+  background-color: #ffffff;
+}
+
 #vt100 #scrollable.inverted .ansiDef {
  color:            #000000;
 }

+#vt100 #scrollable.inverted .ansiDefR {
+  color:            #ffffff;
+}
+
 #vt100 #scrollable.inverted .bgAnsiDef {
  background-color: #ffffff;
 }
+
+#vt100 #scrollable.inverted .bgAnsiDefR {
+  background-color: #000000;
+}
--- a/shellinabox_sshwrapper.sh
+++ b/shellinabox_sshwrapper.sh
@ -0,0 +1,32 @@
+#!/bin/bash
+#
+set -ex
+# 
+read -p "SSH remote host (hostname or ip address) [localhost] : " host;
+[[ -z "${host}" ]] && host=localhost;
+#
+read -p "If a puplic_key authentification?: [y/N] : " puplic;
+#
+read -p "SSH remote port [22] : " port;
+[[ -z "${port}" ]] && port=22;
+#
+read -p "SSH remote username [pi] : " username;
+[[ -z "${username}" ]] && username=pi;
+#
+if [ "$puplic" == "y" ];
+  then
+    read -p "How is your public_key?: " key;
+    echo $key > ~/.ssh/id_rsa.pub;
+
+    rm ~/.ssh/id_rsa;
+    echo "Enter your private id here and press the enter key for a new line !!!";
+    id=null
+    while [ "$id" != "" ];
+      do
+      read -p "How is your id_rsa key?: " id;
+      echo $id >> ~/.ssh/id_rsa;
+    done
+    exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $username@$host;
+  else
+    exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $username@$host;
+fi
Author	SHA1	Message	Date
simono41	82caba2f37	fix	2017-09-14 15:05:15 +02:00
simono41	e73021f2f3	fix	2017-09-14 14:57:56 +02:00
Your Name	6b5862fba1	fix	2017-06-04 01:06:16 +02:00
Your Name	50fba1b2f1	fix	2017-06-04 01:02:11 +02:00
Your Name	15de28e37b	Merge branch 'master' of https://github.com/simono41/shellinabox	2017-05-24 18:55:15 +02:00
Your Name	d3a93f8081	fix	2017-05-24 18:54:50 +02:00
Your Name	39b42fb6e4	fix	2017-05-24 11:12:16 +00:00
Simon Rieger	1510811a68	bugfix	2017-01-19 16:02:54 +01:00
Simon Rieger	e7ba13e13d	Update shellinabox.service	2017-01-14 11:15:16 +01:00
Simon Rieger	0edee2c12c	Update README.md	2017-01-14 11:14:28 +01:00
Simon Rieger	ae78622a58	Update README.md	2017-01-14 11:06:07 +01:00
Simon Rieger	81695461b4	fixing	2017-01-14 11:02:37 +01:00
Simon Rieger	5c5c01ed10	Update auto.sh	2017-01-11 14:18:53 +01:00
Simon Rieger	08d6a40b85	webssh	2017-01-11 13:45:10 +01:00
Simon Rieger	456303fce5	auto script	2017-01-11 13:44:13 +01:00
Marc Singer	5c7fb5cde2	New release with bug fixes. o Especially important is the OpenSSL fix.	2016-11-09 11:40:33 -08:00
Luka Krajger	05b2d3630c	Issue #361 : enable builds with MUSL libc * Added configure option "--disable-utmp" which must be used when building with MUSL libc. This option disables login records which are stubed out in MUSL anyway. * Added missing include "sys/ttydefaults.h".	2016-10-11 13:22:52 +02:00
Luka Krajger	d0d8c58882	Issue #384 : compatibility with OpenSSL 1.1.0 * Direct usage of BIO struct members is removed for new versions of OpenSSL. * Workaround for double BIO free in SSL_free() was updated to work with new and old OpenSSL versions. * Note that this patch only fixes compatibilty when building with configure option "--disable-runtime-loading" (like it is done for Debia package.).	2016-10-08 16:10:53 +02:00
Luka Krajger	d4bd77ca45	Added "ready" event for iframe message passing * When shellinabox is ready it sends "ready" message to parent window. * Example file was updated with new use case.	2016-09-26 13:16:18 +02:00
Luka Krajger	8e28bb4c2a	Merge pull request #391 from tomtor/freebsd Fix a debug check on FreeBSD and probably Linux for HTTP connection termination.	2016-09-26 12:37:44 +02:00
Tom Vijlbrief	f408467088	Fix a debug check on FreeBSD and probably Linux On FreeBSD 12.0 I get within a minute: Check failed at libhttp/httpconnection.c:433 in destroyHttpConnection(): !close(http->fd) See also: https://github.com/shellinabox/shellinabox/issues/389 I assume that close() fails with ECONNRESET and that we should just check for errno != EBADF, which should also be OK for Linux and other systems, which might return EIO in some conditions. Linux close(2) manual page: EBADF fd isn't a valid open file descriptor. EINTR The close() call was interrupted by a signal; see signal(7). EIO An I/O error occurred. FreeBSD close(2) manual page: [EBADF] The fd argument is not an active descriptor. [EINTR] An interrupt was received. [ENOSPC] The underlying object did not fit, cached data was lost. [ECONNRESET] The underlying object was a stream socket that was shut down by the peer before all pending data was delivered. In case of any error except EBADF, the supplied file descriptor is deallocated and therefore is no longer valid.	2016-09-11 12:31:47 +02:00
Luka Krajger	e6c25e84bc	Issue #381 : Fixed segfaults at logging * This patch correctly handles varargs being used two times in the same function.	2016-06-06 16:11:11 +02:00
Luka Krajger	cbac76e579	Merge pull request #380 from blakemcbride/master Spelling and grammar corrections to README.md	2016-05-29 07:37:11 -04:00
Blake McBride	6e475e9686	Spelling and grammar corrections to README.md	2016-05-28 18:59:45 -05:00
KLuka	af162e282a	Added shellinaboxd.pdf make target	2016-05-24 19:27:06 +02:00
Luka Krajger	78bed3070b	Merge pull request #374 from blakemcbride/master Changes to support APL characters (unicode)	2016-05-19 10:46:19 -04:00
Blake McBride	863a8d91c7	Changes to support APL characters	2016-05-13 19:15:15 -05:00
KLuka	628d41f32c	Added checks and fixes code style	2016-05-06 11:21:14 +02:00
Luka Krajger	e05c6d8178	Merge pull request #372 from StefanAlexandruBogdan/master free the sshPort to prevent memory leak and indent newly added code to preserve code styling	2016-05-05 16:18:05 -04:00
Alexandru Bogdan Stefan	fb262fb521	free the sshPort to prevent memory leak	2016-05-05 15:31:30 +03:00
Alexandru Bogdan Stefan	1558412cee	Ident variable assignments to respect coding style	2016-05-05 15:28:55 +03:00
Luka Krajger	0f1e9ba31c	Merge pull request #370 from StefanAlexandruBogdan/master Add support for using ShellInABox with a custom port in SSH service.	2016-05-04 06:30:26 -04:00
Alexandru Bogdan Stefan	d34d5db9d9	Add support for using ShellInABox with a custom SSH port	2016-04-21 19:14:50 +03:00
Luka Krajger	048cecd2e7	Merge pull request #367 from a-detiste/master typos	2016-03-09 13:36:54 -05:00
Alexandre Detiste	c8b6a3eddb	typos	2016-03-09 19:30:26 +01:00
Luka Krajger	25425bad31	Merge pull request #366 from schoonc/fixtypo fixes typo: ESVTETitle -> ESVTEtitle Fixes the patch for #360.	2016-03-09 12:19:26 -05:00
Сорокин Александр	30e293d602	fixes typo: ESVTETitle -> ESVTEtitle	2016-03-09 19:26:25 +03:00
Luka Krajger	ee57908b49	Merge pull request #363 from tomtor/IE adjust scale on IE On IE 11 the computed width (nr of columns) is too large.	2016-03-01 03:22:11 -05:00
Luka Krajger	b778806356	Merge pull request #365 from mvanholsteijn/disable-peer-check Disable peer check (issue #364)	2016-02-26 06:45:06 -05:00
Mark van Holsteijn	8fd68e147c	add option --disable-peer-check to usage help text	2016-02-26 00:24:33 +01:00
Mark van Holsteijn	2034ae1ee5	option to disable the peer check when running behind AWS ELB	2016-02-26 00:01:09 +01:00
Tom Vijlbrief	490cfa0344	adjust scale on IE	2016-02-25 14:47:16 +01:00
Luka Krajger	f17bc266f8	Merge pull request #362 from druzus/master 2016-02-23 23:18 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) Edit and function keys pressed with CTRL, ALT or SHIFT modifiers generated wrong key sequences.	2016-02-24 07:04:21 -05:00
Przemysław Czerpak	790d578cc2	2016-02-23 23:18 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * shellinabox/vt100.jspp ! fixed key modifiers encoding. They should be calculated as bitfield for SHIFT = 1 ALT = 2 CTRL = 4 and then incremented by 1. ref: http://www.xfree86.org/4.7.0/ctlseqs.html#PC-Style%20Function%20Keys http://invisible-island.net/xterm/ctlseqs/ctlseqs.html#h2-PC-Style-Function-Keys	2016-02-23 23:18:12 +01:00
KLuka	0c8c295c1a	Issue #360 : ignore VTE OSC6 and OSC7 escape sequences * This patch ignores VTE OSC6 and OSC6 escape sequences, so that the current directory/file are not displayed in front of the shell prompt.	2016-01-23 16:17:17 +01:00
KLuka	141e641238	Raised version from 2.19 to 2.20	2016-01-23 16:03:32 +01:00
Luka Krajger	2c93404bd0	Merge pull request #357 from KLuka/issue-222 Issue #222: LOGIN service (can't reopen tty)	2016-01-04 10:56:18 -05:00
KLuka	4911d0d39c	Issue #222 : LOGIN service (can't reopen tty) * Workaround for random "Session closed" issues related to /bin/login closing and reopening our pty during initialization. This happens only on some systems like Fedora for example. Now we allow that our pty is closed by ignoring POLLHUP on first read. Delay is also needed so that login process has some time to reopen pty. * Note that the issue may occur anyway but with this workaround we reduce the chances.	2015-12-28 15:24:49 +01:00
Luka Krajger	d8ef7dad3c	Merge pull request #356 from triska/master fix typo: HTTPS --> HTTP	2015-12-11 09:28:34 +01:00
Markus Triska	dd9f1f01d1	fix typo: HTTPS --> HTTP	2015-12-10 20:03:44 +01:00
Marc Singer	1a8010f2c9	Changelog update before release.	2015-12-05 10:31:36 -08:00
KLuka	8a68194da2	Updated version to 2.19	2015-12-04 18:17:22 +01:00
KLuka	e026df75b0	Fixed spelling errors reported by lintian	2015-12-04 18:14:51 +01:00
KLuka	4aa0eb97e4	Disable HTTP fallback via "/plain" URL (CVE-2015-8400) * Disabled all methods of HTTP fallback when HTTPS is enabled. This is enforced on server side so that even modified client code (JS) can not redirect client from HTTPS to HTTP, like it was possible before (issue #355). * Current solution unfortunately also disables automatic upgrade from HTTP to HTTPS (when available), since all non-SSL connections are droped immediately.	2015-12-03 17:47:26 +01:00
KLuka	aaa00551bf	Issue #119 , #312 , #354 : Soft keyboard icon * Added logic that enables soft keyboard icon by default on some clients like Kindle, PS Vita, iPad, ...	2015-11-17 19:43:22 +01:00
KLuka	106bc0aa85	Issue #354 : iOS client compatibility * Added more iOS clients that should use workaround to prevent ever groving console.	2015-11-17 19:36:10 +01:00
KLuka	f67073d33e	Issue #350 : Support for middle click paste * Added limited support for middle click pasting. For most browsers and operating systems middle click pasting works only for concent selected in current shellinabox window.	2015-10-20 20:40:20 +02:00
Marc Singer	c87588613a	Update version for release.	2015-10-10 10:54:36 -07:00
KLuka	e30c33d323	Issue #347 : Added dummy release in Debian changelog * This is needed so that manualy built Debian packages will contain latest version.	2015-09-17 10:39:43 +02:00
KLuka	973f1527bd	Updated preview image in README	2015-09-06 21:32:13 +02:00
KLuka	cde2e92378	Issue #341 : Fixed reverse video rendering * Added new CSS class for handling reverse video with default terminal colors. For colors given with value 0-255 background and foreground values are just switched. * New CSS classes were also added to Black On White and White On Black color themes.	2015-09-03 19:01:48 +02:00
KLuka	7dd9d4300c	Minor improvements * Use stdout for usage and version information. Patch taken from issue #344. * Removed automatic usage display when command line parsing fails. * Added version information in debug output.	2015-09-03 19:00:16 +02:00
KLuka	b58542eb99	Added CGI session key in HTTP response header * Session key is returned in first HTTP response if CGI mode is used. Header filed is named 'X-ShellInABox-Session'. This can be used by some special applications that need unique token.	2015-09-03 18:04:15 +02:00
KLuka	8d3c5cdc3d	Raised version to 2.19	2015-09-01 13:13:13 -04:00
Benji Wiebe	09e790bb27	Added config.cache to gitignore	2015-09-01 13:06:21 -04:00