fix

o Especially important is the OpenSSL fix.

INSTALL.Debian

@@ -41,7 +41,7 @@ you point your browser to the site.
 
 At the very least, you need a file called "certificate.pem" that includes
 both the private key and the public certificate in PEM (i.e. ASCII) format.
-Additionally, you should create files for each of the publically visible
+Additionally, you should create files for each of the publicly visible
 hostnames that your machine has. These are named "certificate-${FQDN}.pem".
 You probably also want "certificate-localhost.pem".
 

Makefile.am

@@ -242,7 +242,8 @@ shellinaboxd.1: ${top_srcdir}/shellinabox/shellinaboxd.man.in                 \
 
 clean-local: clean-demo
 	-rm -rf shellinaboxd.1                                                \
-	        shellinaboxd.ps
+	        shellinaboxd.ps                                               \
+	        shellinaboxd.pdf
 	-rm -rf debian/shellinabox                                            \
 	        debian/shellinabox*.debhelper*                                \
 	        debian/shellinabox.substvars                                  \
@@ -364,3 +365,9 @@ clean-demo:
 	           "(int)sizeof($${sym}Start);";                              \
 	 } >"$@"
 
+shellinaboxd.ps: shellinaboxd.1
+	groff -man -T ps $^ >$@
+
+shellinaboxd.pdf: shellinaboxd.ps
+	ps2pdf $^ $@
+

README.md

@@ -6,16 +6,16 @@ shellinabox
 [![Join the chat at https://gitter.im/shellinabox/shellinabox](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/shellinabox/shellinabox?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
 
-This is unofficial fork of project **Shell In A Box**. Fork was created because
+This is an unofficial fork of the project **Shell In A Box**. The fork was created because
-original project is not maintained anymore and we cannot contact original
+the original project was not maintained anymore and we cannot contact the original
 repository owners.
 
-Our aim is to continue with maintanince of shellinabox project. For list of
+Our aim is to continue with maintenance of the shellinabox project. For a list of
-recent changes please see [CHANGELOG.md](/CHANGELOG.md).
+recent changes, please see [CHANGELOG.md](/CHANGELOG.md).
 
-If you have any questions, issues or patches, please fell free to submit pull
+If you have any questions, issues, or patches, please feel free to submit a pull
-request or report an issue. You can also drop an email to original project
+request or report an issue. You can also drop an email to the original project
-[issue #261](https://code.google.com/p/shellinabox/issues/detail?id=261) discusion
+[issue #261](https://code.google.com/p/shellinabox/issues/detail?id=261) discussion
 from where this fork started.
 
 
@@ -42,34 +42,17 @@ Build
 For building **shellinabox** from source on Debian or RHEL based systems use commands
 listed below. This will create executable file `shellinaboxd` in project directory.
 
-1. Install dependencies
+1. Clone the autotools
 
    ```
-    apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf
+    wget https://raw.githubusercontent.com/simono41/shellinabox/master/auto.sh
    ```
 
-   or
+3. Run autotools 
 
    ```
-   yum install git openssl-devel pam-devel zlib-devel autoconf automake libtool
+    chmod +x auto.sh
-   ```
+    ./auto.sh
-
-2. Clone source files and move to project directory
-
-   ```
-    git clone https://github.com/shellinabox/shellinabox.git && cd shellinabox
-   ```
-
-3. Run autotools in project directory
-
-   ```
-    autoreconf -i
-   ```
-
-4. Run configure and make in project directory
-
-   ```
-    ./configure && make
    ```
 
 #### Debian package
@@ -103,5 +86,19 @@ created from our sources. In new issue report please include following things:
 * Version of shellinabox
 * Steps to reproduce the problem
 
-Also feel free to post any questions or comments in [shellianbox chat room](https://gitter.im/shellinabox/shellinabox)
+Also feel free to post any questions or comments in [shellinabox chat room](https://gitter.im/shellinabox/shellinabox)
 on Gitter.
+
+
+Known Issues
+------------
+
+* The openssl package is required for HTTP/SSL support.
+  Shell-in-a-box may be used without SSL such that the login session
+  is not encrypted.  To enable automatic creation of self-signed
+  certificates or to use a generated certificate, install openssl.
+
+* On Debian Jessie, the default openssl package does not include the
+  utilities necessary for Shell-in-a-box to generate self-signed
+  certificates.  Upgrade openssl to install a version of the tools
+  that support certificate creation.

auto.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -ex
+
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+  echo "Als root Angemeldet"
+
+if [ -f /usr/bin/apt ]; then
+  apt update
+
+  apt install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf
+fi
+
+if [ -f /usr/bin/pacman ]; then
+  pacman -Sy git openssl autoconf automake make gcc
+fi
+
+cd /opt/
+
+git clone https://github.com/simono41/shellinabox.git
+
+cd shellinabox
+
+autoreconf -i
+
+./configure && make
+
+cp shellinabox.service /etc/systemd/system/
+
+systemctl daemon-reload
+
+systemctl enable shellinabox.service
+
+# adduser
+
+echo adduser webssh
+
+useradd webssh
+
+mkdir /home/webssh
+
+cp shellinabox_sshwrapper.sh /home/webssh/
+
+chmod 770 -R /home/webssh/
+
+chown -cR webssh:webssh /home/webssh/
+
+passwd webssh <<EOT
+webssh
+webssh
+EOT
+
+systemctl start shellinabox.service &

configure.ac

@@ -2,7 +2,7 @@ AC_PREREQ(2.57)
 
 dnl This is one of the locations where the authoritative version
 dnl  number is stored.  The other is in the debian/changelog.
-AC_INIT(shellinabox, 2.19, markus@shellinabox.com)
+AC_INIT(shellinabox, 2.20, markus@shellinabox.com)
 if test -e .git; then
 VCS_REVISION=" (revision `cd $srcdir && git log -1 --format=format:%h`)"
 else
@@ -32,7 +32,7 @@ AC_SUBST(AR_FLAGS, [cr])
 
 dnl Check for header files that do not exist on all platforms
 AC_CHECK_HEADERS([libutil.h pthread.h pty.h strings.h syslog.h sys/prctl.h \
-                  sys/uio.h util.h utmp.h utmpx.h])
+                  sys/uio.h util.h])
 
 dnl Most systems require linking against libutil.so in order to get login_tty()
 AC_CHECK_FUNCS(login_tty, [],
@@ -75,15 +75,6 @@ AC_TRY_LINK([#include <math.h>],
             [AC_DEFINE(HAVE_ISNAN, 1,
                        Define to 1 if you have support for isnan)])
 
-dnl Even if utmpx.h exists, not all systems have support for updwtmpx()
-AC_TRY_LINK([#include <utmp.h>],
-            [updwtmp(0, 0);],
-            [AC_DEFINE(HAVE_UPDWTMP, 1,
-                       Define to 1 if you have support for updwtmp)])
-AC_TRY_LINK([#include <utmpx.h>],
-            [updwtmpx(0, 0);],
-            [AC_DEFINE(HAVE_UPDWTMPX, 1,
-                       Define to 1 if you have support for updwtmpx)])
 
 dnl Check if the compiler supports aliasing of symbols
 AC_TRY_LINK([void x(void) { };
@@ -147,6 +138,28 @@ AC_ARG_ENABLE(runtime-loading,
                             these libraries into the binary, thus making them a
                             hard dependency, then disable runtime-loading.])
 
+dnl This is feature is not suported in some standard C libs. So users can use
+dnl this switch to avoid compile and runtime problems. Note that utmp must
+dnl disabled on systems with musl libc.
+AC_ARG_ENABLE(utmp,
+              [  --disable-utmp            Disable support for login records. Note
+                                           that for systems with musl libc utmp must
+                                           be disabled.])
+
+if test "x$enable_utmp" != xno; then
+  AC_CHECK_HEADERS([utmp.h utmpx.h])
+
+  dnl Even if utmpx.h exists, not all systems have support for updwtmpx()
+  AC_TRY_LINK([#include <utmp.h>],
+              [updwtmp(0, 0);],
+              [AC_DEFINE(HAVE_UPDWTMP, 1,
+                         Define to 1 if you have support for updwtmp)])
+  AC_TRY_LINK([#include <utmpx.h>],
+              [updwtmpx(0, 0);],
+              [AC_DEFINE(HAVE_UPDWTMPX, 1,
+                         Define to 1 if you have support for updwtmpx)])
+fi
+
 dnl Only test for OpenSSL headers, if not explicitly disabled
 if test "x$enable_ssl" != xno; then
   AC_CHECK_HEADERS([openssl/bio.h openssl/err.h openssl/ssl.h])

debian/changelog

@@ -1,9 +1,31 @@
+shellinabox (2.20) unstable; urgency=medium
+
+  * Fixed issue #222, LOGIN service
+  * Fixed issue #360, ignore escape sequences to fix dir listing
+  * Fix for function key presses
+  * Adjusting scale on IE
+  * New option to disable peer check (#364)
+  * Add option for custom SSH port
+  * Support for APL characters
+  * PDF documentation
+  * Fix for BSD build
+  * New ready event support
+  * OpenSSL 1.1 fixes  (Closes: #828542)
+  * May build with MUSL library
+  * Documentation added that SSL support is optional and requires
+    installation of openssl on Debian. (Closes: #839067)
+  * Jessie requires explicit installation of openssl because the default
+    package does not include the necessary utilities to support creation
+    of certificates. (Closes: #839066)
+
+ -- Marc Singer <elf@debian.org>  Wed, 09 Nov 2016 09:52:24 -0800
+
 shellinabox (2.19) unstable; urgency=high
 
   * Added support for middle-click paste, #350.
   * Improved iOS support, #354.
   * New logic to enable soft keyboard icon, #119, #321, #354.
-  * Disable HTTPS fallback using the URL /plain.  Consequently disables
+  * Disable HTTP fallback using the URL /plain.  Consequently disables
     automatic upgrades from HTTP to HTTPS, #355. (CVE-2015-8400).
 
  -- Marc Singer <elf@debian.org>  Sat, 05 Dec 2015 10:24:12 -0800

debian/control

@@ -16,5 +16,7 @@ Suggests: openssl
 Description: publish command line shell through AJAX interface
  Shellinabox can export arbitrary command line programs to any JavaScript
  enabled web browser. By default, it prompts for username and password
- and then exports a SSL/TLS encrypted login shell. Shellinabox provides
+ and then exports a login shell. Shellinabox provides a VT100
- a VT100 compatible terminal emulator that runs within any modern browser.
+ compatible terminal emulator that runs within any modern
+ browser. Support for HTTPS protocol (SSL/TLS encryption) is optional
+ and requires installation of openssl.

libhttp/httpconnection.c

@@ -430,7 +430,7 @@ void destroyHttpConnection(struct HttpConnection *http) {
             http->peerName ? http->peerName : "???", http->peerPort);
     }
     httpShutdown(http, http->closed ? SHUT_WR : SHUT_RDWR);
-    dcheck(!close(http->fd));
+    dcheck(!close(http->fd) || errno != EBADF);
     free(http->peerName);
     free(http->url);
     free(http->method);

libhttp/ssl.c

@@ -100,6 +100,7 @@ BIO_METHOD *  (*BIO_f_buffer)(void);
 void          (*BIO_free_all)(BIO *);
 BIO *         (*BIO_new)(BIO_METHOD *);
 BIO *         (*BIO_new_socket)(int, int);
+BIO *         (*BIO_next)(BIO *);
 BIO *         (*BIO_pop)(BIO *);
 BIO *         (*BIO_push)(BIO *, BIO *);
 #if defined(HAVE_OPENSSL_EC)
@@ -280,6 +281,7 @@ static void loadSSL(void) {
     { { &BIO_free_all },                "BIO_free_all" },
     { { &BIO_new },                     "BIO_new" },
     { { &BIO_new_socket },              "BIO_new_socket" },
+    { { &BIO_next },                    "BIO_next" },
     { { &BIO_pop },                     "BIO_pop" },
     { { &BIO_push },                    "BIO_push" },
     { { &ERR_clear_error },             "ERR_clear_error" },
@@ -1013,6 +1015,14 @@ int sslPromoteToSSL(struct SSLSupport *ssl, SSL **sslHndl, int fd,
 #endif
 }
 
+BIO *sslGetNextBIO(BIO *b) {
+#if OPENSSL_VERSION_NUMBER <= 0x10100000L
+  return b->next_bio;
+#else
+  return BIO_next(b);
+#endif
+}
+
 void sslFreeHndl(SSL **sslHndl) {
 #if defined(HAVE_OPENSSL)
   if (*sslHndl) {
@@ -1020,24 +1030,23 @@ void sslFreeHndl(SSL **sslHndl) {
     // BIOs. This is particularly a problem if an SSL connection has two
     // different BIOs for the read and the write end, with one being a stacked
     // derivative of the other. Unfortunately, this is exactly the scenario
-    // that we set up.
+    // that we set up with call to "BIO_push(readBIO, writeBIO)" in function
+    // "sslPromoteToSSL()".
     // As a work-around, we un-stack the BIOs prior to freeing the SSL
     // connection.
+    debug("[ssl] Freeing SSL handle.");
     ERR_clear_error();
     BIO *writeBIO, *readBIO;
     check(writeBIO    = SSL_get_wbio(*sslHndl));
     check(readBIO     = SSL_get_rbio(*sslHndl));
     if (writeBIO != readBIO) {
-      if (readBIO->next_bio == writeBIO) {
+      if (sslGetNextBIO(readBIO) == writeBIO) {
-        // OK, that's exactly the bug we are looking for. We know how to
+        // OK, that's exactly the bug we are looking for. We know that
-        // fix it.
+        // writeBIO needs to be removed from readBIO chain.
+        debug("[ssl] Removing stacked write BIO!");
         check(BIO_pop(readBIO) == writeBIO);
-        check(readBIO->references == 1);
+        check(!sslGetNextBIO(readBIO));
-        check(writeBIO->references == 1);
+      } else if (sslGetNextBIO(readBIO) == sslGetNextBIO(writeBIO)) {
-        check(!readBIO->next_bio);
-        check(!writeBIO->prev_bio);
-      } else if (readBIO->next_bio == writeBIO->next_bio &&
-                 writeBIO->next_bio->prev_bio == writeBIO) {
         // Things get even more confused, if the SSL handshake is aborted
         // prematurely.
         // OpenSSL appears to internally stack a BIO onto the read end that
@@ -1046,15 +1055,13 @@ void sslFreeHndl(SSL **sslHndl) {
         // reading and one for writing). In this case, not only is the
         // reference count wrong, but the chain of next_bio/prev_bio pairs
         // is corrupted, too.
+        warn("[ssl] Removing stacked socket BIO!");
         BIO *sockBIO;
         check(sockBIO = BIO_pop(readBIO));
         check(sockBIO == BIO_pop(writeBIO));
-        check(readBIO->references == 1);
+        check(!sslGetNextBIO(readBIO));
-        check(writeBIO->references == 1);
+        check(!sslGetNextBIO(writeBIO));
-        check(sockBIO->references == 1);
+        check(!sslGetNextBIO(sockBIO));
-        check(!readBIO->next_bio);
-        check(!writeBIO->next_bio);
-        check(!sockBIO->prev_bio);
         BIO_free_all(sockBIO);
       } else {
         // We do not know, how to fix this situation. Something must have

libhttp/ssl.h

@@ -82,6 +82,7 @@ extern BIO_METHOD *(*x_BIO_f_buffer)(void);
 extern void    (*x_BIO_free_all)(BIO *);
 extern BIO    *(*x_BIO_new)(BIO_METHOD *);
 extern BIO    *(*x_BIO_new_socket)(int, int);
+extern BIO    *(*x_BIO_next)(BIO *);
 extern BIO    *(*x_BIO_pop)(BIO *);
 extern BIO    *(*x_BIO_push)(BIO *, BIO *);
 #if defined(HAVE_OPENSSL_EC)
@@ -131,6 +132,7 @@ extern void   *(*x_SSL_COMP_get_compression_methods)(void);
 #define BIO_free_all                 x_BIO_free_all
 #define BIO_new                      x_BIO_new
 #define BIO_new_socket               x_BIO_new_socket
+#define BIO_next                     x_BIO_next
 #define BIO_pop                      x_BIO_pop
 #define BIO_push                     x_BIO_push
 #define EC_KEY_free                  x_EC_KEY_free

logging/logging.c

@@ -100,7 +100,11 @@ void error(const char *fmt, ...) {
   va_start(ap, fmt);
   debugMsg(MSG_ERROR, fmt, ap);
 #ifdef HAVE_SYSLOG_H
-  vsyslog(LOG_ERR, fmt, ap);
+  va_list apSyslog;
+  va_copy(apSyslog, ap);
+  va_start(apSyslog, fmt);
+  vsyslog(LOG_ERR, fmt, apSyslog);
+  va_end(apSyslog);
 #endif
   va_end(ap);
 }
@@ -117,7 +121,11 @@ void fatal(const char *fmt, ...) {
   va_start(ap, fmt);
   debugMsg(MSG_QUIET, fmt, ap);
 #ifdef HAVE_SYSLOG_H
-  vsyslog(LOG_CRIT, fmt, ap);
+  va_list apSyslog;
+  va_copy(apSyslog, ap);
+  va_start(apSyslog, fmt);
+  vsyslog(LOG_CRIT, fmt, apSyslog);
+  va_end(apSyslog);
   syslog(LOG_CRIT, "[server] Aborting...");
 #endif
   va_end(ap);

misc/embedded.html

@@ -14,7 +14,7 @@
 
 	For communication with Shell In A Box we need to set '-m' (messages-origin)
 	command line option with appropriate messages origin. Origin should be set to
-	URL of parent (this) window. If origin is set to '*' Shell In A Box won't checki
+	URL of parent (this) window. If origin is set to '*' Shell In A Box won't check
 	origin on received messages. This is usually unsafe option.
 
 	Command line example:
@@ -25,7 +25,7 @@
 	# Client Side
 	#
 
-	Shell In A Box accepts messages formated as JSON strings with 'type' and 'data'
+	Shell In A Box accepts messages formatted as JSON strings with 'type' and 'data'
 	fields. Messages with same format can be passed back to parent (this) window.
 
 	Message example:
@@ -59,6 +59,9 @@
 
 	Following types of messages can be received from shellinabox:
 
+	* ready
+		signals that shellinabox is ready to send and receive messages
+
 	* output
 		data field contains terminal output
 
@@ -140,10 +143,6 @@
 		var output  = document.getElementById("output");
 		var session = document.getElementById("session");
 
-		// Add url to our iframe. We do this, only that variable 'url' can be used
-		// throughout the whole code where needed.
-		iframe.src = url;
-
 		document.getElementById("execute").addEventListener("click", function() {
 			// Send input to shellinabox
 			var message = JSON.stringify({
@@ -209,6 +208,15 @@
 			// Handle response according to response type
 			var decoded = JSON.parse(message.data);
 			switch (decoded.type) {
+			case "ready":
+				// Shellinabox is ready to communicate and we will enable console output
+				// by default.
+				var message = JSON.stringify({
+					type : 'output',
+					data : 'enable'
+				});
+				iframe.contentWindow.postMessage(message, url);
+				break;
 			case "output" :
 				// Append new output
 				output.innerHTML = output.innerHTML + decoded.data;
@@ -220,6 +228,9 @@
 			}
 		}, false);
 
+		// Add url to our iframe after the event listener is installed.
+		iframe.src = url;
+
 	</script>
 
 </body>

sgit

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -ex
+
+if [[ "--help" == "${1}" ]]; then
+echo "bash ./sgit user.email commit"
+fi
+
+if [[ -z "${2}" ]]; then
+echo "Bitte email und commit angeben!!!"
+exit 1
+fi
+
+git config --global user.email "${1}"
+git config --global user.name "${1}"
+git status
+git pull
+git add --all
+git commit --all -m "${2}"
+git show
+git push
+git status

shellinabox.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=shellinabox
+
+[Service]
+Type=oneshot
+ExecStart=/opt/shellinabox/shellinaboxd -t --service=/:webssh:webssh:HOME:'/home/webssh/shellinabox_sshwrapper.sh'
+
+[Install]
+WantedBy=multi-user.target

shellinabox/launcher.c

@@ -63,6 +63,7 @@
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/ttydefaults.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/utsname.h>

shellinabox/service.c

@@ -121,18 +121,29 @@ void initService(struct Service *service, const char *arg) {
     service->group                          = NULL;
     check(service->cwd                      = strdup("/"));
     char *host;
+    char *sshPort;
     check(host                              = strdup("localhost"));
+    check(sshPort                           = strdup("22"));
+
     if ((ptr                                = strchr(arg, ':')) != NULL) {
-      check(ptr                             = strdup(ptr + 1));
+      ptr                                   = ptr + 1;
-      char *end;
-      if ((end                              = strchr(ptr, ':')) != NULL) {
-        *end                                = '\000';
-      }
       if (*ptr) {
-        free(host);
+        char *tmp                           = strchr(ptr, ':');
-        host                                = ptr;
+        if (tmp == NULL) {
-      } else {
+          // If the second ":" is not found, keep as host whatever is after first ":".
-        free(ptr);
+          free(host);
+          check(host                        = strdup(ptr));
+        } else {
+          // If we find a second ":", keep as a host whatever is in between first ":"
+          // and second ":" and as sshPort whatever is after second ":".
+          int size                          = (tmp - ptr + 1);
+          free(host);
+          free(sshPort);
+          check(host                        = malloc(size));
+          memset(host, 0, size);
+          memcpy(host, ptr, size - 1);
+          check(sshPort                     = strdup(tmp + 1));
+        }
       }
     }
 
@@ -148,6 +159,15 @@ void initService(struct Service *service, const char *arg) {
       }
     }
 
+    // Don't allow manipulation of the SSH command line through "creative" use
+    // of the port.
+    for (char *h = sshPort; *h; h++) {
+      char ch                               = *h;
+      if (!(ch >= '0' && ch <= '9')) {
+        fatal("[config] Invalid port \"%s\" in service definition!", sshPort);
+      }
+    }
+
     service->cmdline                        = stringPrintf(NULL,
       "ssh -a -e none -i /dev/null -x -oChallengeResponseAuthentication=no "
           "-oCheckHostIP=no -oClearAllForwardings=yes -oCompression=no "
@@ -162,8 +182,9 @@ void initService(struct Service *service, const char *arg) {
 //          feature, we cannot be sure that it is available on the
 //          target server.  Removing it for the sake of Centos.
 //          "-oVisualHostKey=no"
-          " -oLogLevel=FATAL %%s@%s", host);
+          " -oLogLevel=FATAL -p%s %%s@%s",sshPort,  host);
     free(host);
+    free(sshPort);
   } else {
     service->useLogin                       = 0;
 

shellinabox/session.c

@@ -116,9 +116,11 @@ void initSession(struct Session *session, const char *sessionKey,
   session->http           = NULL;
   session->done           = 0;
   session->pty            = -1;
+  session->ptyFirstRead   = 1;
   session->width          = 0;
   session->height         = 0;
   session->buffered       = NULL;
+  session->useLogin       = 0;
   session->len            = 0;
   session->pid            = 0;
   session->cleanup        = 0;

shellinabox/session.h

@@ -58,9 +58,11 @@ struct Session {
   HttpConnection   *http;
   int              done;
   int              pty;
+  int              ptyFirstRead;
   int              width;
   int              height;
   char             *buffered;
+  int              useLogin;
   int              len;
   pid_t            pid;
   int              cleanup;

shellinabox/shell_in_a_box.jspp

@@ -406,6 +406,9 @@ ShellInABox.prototype.messageInit = function() {
     }
   }
 
+  // After message mechanisms are in place "ready" message is sent to parent
+  // window.
+  parent.postMessage(JSON.stringify({type : 'ready', data : ''}), '*');
 };
 
 ShellInABox.prototype.messageReceive = function (message) {

shellinabox/shellinaboxd.c

@@ -63,7 +63,7 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/un.h>
-
+#include <time.h>
 #include <unistd.h>
 
 #ifdef HAVE_SYS_PRCTL_H
@@ -110,6 +110,7 @@ static int            portMax;
 static int            localhostOnly     = 0;
 static int            noBeep            = 0;
 static int            numericHosts      = 0;
+static int            peerCheckEnabled  = 1;
 static int            enableSSL         = 1;
 static int            enableSSLMenu     = 1;
 static int            forceSSL          = 1; // TODO enable http fallback with commandline option
@@ -291,6 +292,13 @@ static void sessionDone(void *arg) {
   completePendingRequest(session, "", 0, INT_MAX);
 }
 
+static void delaySession(void) {
+  struct timespec ts;
+  ts.tv_sec              = 0;
+  ts.tv_nsec             = 200 * 1000; // Delay for 0.2 ms
+  nanosleep(&ts, NULL);
+}
+
 static int handleSession(struct ServerConnection *connection, void *arg,
                          short *events, short revents) {
   struct Session *session       = (struct Session *)arg;
@@ -310,7 +318,7 @@ static int handleSession(struct ServerConnection *connection, void *arg,
   int timedOut                  = serverGetTimeout(connection) < 0;
   if (bytes || timedOut) {
     if (!session->http && timedOut) {
-      debug("[server] Timeout. Closing session!");
+      debug("[server] Timeout. Closing session %s!", session->sessionKey);
       session->cleanup = 1;
       return 0;
     }
@@ -324,8 +332,26 @@ static int handleSession(struct ServerConnection *connection, void *arg,
       *events                   = 0;
     }
     serverSetTimeout(connection, AJAX_TIMEOUT);
+    session->ptyFirstRead       = 0;
     return 1;
   } else {
+    if (revents & POLLHUP) {
+      if (session->useLogin && session->ptyFirstRead) {
+        // Workaround for random "Session closed" issues related to /bin/login
+        // closing and reopening our pty during initialization. This happens only
+        // on some systems like Fedora for example.
+        // Here we allow that our pty is closed by ignoring POLLHUP on first read.
+        // Delay is also needed so that login process has some time to reopen pty.
+        // Note that the issue may occur anyway but with workaround we reduce the
+        // chances.
+        debug("[server] POLLHUP received on login PTY first read!");
+        session->ptyFirstRead   = 0;
+        delaySession();
+        return 1;
+      }
+      debug("[server] POLLHUP received on PTY! Closing session %s!",
+            session->sessionKey);
+    }
     return 0;
   }
 }
@@ -368,7 +394,7 @@ static int dataHandler(HttpConnection *http, struct Service *service,
   }
 
   // Sanity check
-  if (!sessionIsNew && strcmp(session->peerName, httpGetPeerName(http))) {
+  if (!sessionIsNew && peerCheckEnabled && strcmp(session->peerName, httpGetPeerName(http))) {
     error("[server] Peername changed from %s to %s",
           session->peerName, httpGetPeerName(http));
     httpSendReply(http, 400, "Bad Request", NO_MSG);
@@ -402,6 +428,7 @@ static int dataHandler(HttpConnection *http, struct Service *service,
       goto bad_new_session;
     }
     session->http         = http;
+    session->useLogin     = service->useLogin;
     if (launchChild(service->id, session,
                     rootURL && *rootURL ? rootURL : urlGetURL(url)) < 0) {
       abandonSession(session);
@@ -782,7 +809,7 @@ static void usage(void) {
           "  -f, --static-file=URL:FILE  serve static file from URL path\n"
           "  -g, --group=GID             switch to this group (default: %s)\n"
           "  -h, --help                  print this message\n"
-          "      --linkify=[none|normal|agressive] default is \"normal\"\n"
+          "      --linkify=[none|normal|aggressive] default is \"normal\"\n"
           "      --localhost-only        only listen on 127.0.0.1\n"
           "      --no-beep               suppress all audio output\n"
           "  -n, --numeric               do not resolve hostnames\n"
@@ -798,6 +825,7 @@ static void usage(void) {
           "      --user-css=STYLES       defines user-selectable CSS options\n"
           "  -v, --verbose               enable logging messages\n"
           "      --version               prints version information\n"
+          "      --disable-peer-check    disable peer check on a session\n"
           "\n"
           "Debug, quiet, and verbose are mutually exclusive.\n"
           "\n"
@@ -869,6 +897,7 @@ static void parseArgs(int argc, char * const argv[]) {
   int hasSSL               = serverSupportsSSL();
   if (!hasSSL) {
     enableSSL              = 0;
+    forceSSL               = 0;
   }
   int demonize             = 0;
   int cgi                  = 0;
@@ -907,6 +936,7 @@ static void parseArgs(int argc, char * const argv[]) {
       { "user-css",             1, 0,  0  },
       { "verbose",              0, 0, 'v' },
       { "version",              0, 0,  0  },
+      { "disable-peer-check",   0, 0,  0  },
       { 0,                  0, 0,  0  } };
     int idx                = -1;
     int c                  = getopt_long(argc, argv, optstring, options, &idx);
@@ -1126,6 +1156,7 @@ static void parseArgs(int argc, char * const argv[]) {
         warn("[config] Ignoring disable-ssl option, as SSL support is unavailable.");
       }
       enableSSL            = 0;
+      forceSSL             = 0;
     } else if (!idx--) {
       // Disable SSL Menu
       if (!hasSSL) {
@@ -1215,6 +1246,9 @@ static void parseArgs(int argc, char * const argv[]) {
       // Version
       printf("ShellInABox version " VERSION VCS_REVISION "\n");
       exit(0);
+    } else if (!idx--) {
+      // disable-peer-check
+      peerCheckEnabled = 0;
     }
   }
   if (optind != argc) {

shellinabox/shellinaboxd.man.in

@@ -282,7 +282,7 @@ Display a brief usage message showing the valid command line parameters.
 .TP
 \fB--linkify\fP=[\fBnone\fP|\fBnormal\fP|\fBaggressive\fP]
 the daemon attempts to recognize URLs in the terminal output and makes them
-clickable. This is not neccessarily a fool-proof process and both false
+clickable. This is not necessarily a fool-proof process and both false
 negatives and false positives are possible. By default, only URLs starting
 with a well known protocol of
 .BR http:// ,\  https:// ,\  ftp:// ,\ or\  mailto:

shellinabox/vt100.jspp

@@ -83,6 +83,7 @@
 #define EStitle        17
 #define ESss2          18
 #define ESss3          19
+#define ESVTEtitle     20
 
 #define ATTR_DEFAULT   0x60F0
 #define ATTR_REVERSE   0x0100
@@ -1603,7 +1604,10 @@ VT100.prototype.updateWidth = function() {
       this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
     }
   } else {
-    this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
+    if ("ActiveXObject" in window)
+      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale*0.95);
+    else
+      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
   }
 
   return this.terminalWidth;
@@ -2840,7 +2844,7 @@ VT100.prototype.handleKey = function(event) {
       ch                              = part1                                 +
                                        ((event.shiftKey             ? 1 : 0)  +
                                         (event.altKey|event.metaKey ? 2 : 0)  +
-                                        (event.ctrlKey              ? 4 : 0)) +
+                                        (event.ctrlKey              ? 4 : 0) + 1) +
                                         part2;
     } else if (ch.length == 1 && (event.altKey || event.metaKey)
                && !this.disableAlt) {
@@ -2910,9 +2914,9 @@ VT100.prototype.fixEvent = function(event) {
   // Some browsers fail to translate keys, if both shift and alt/meta is
   // pressed at the same time. We try to translate those cases, but that
   // only works for US keyboard layouts.
+  var u                   = undefined;
+  var s                   = undefined;
   if (event.shiftKey) {
-    var u                   = undefined;
-    var s                   = undefined;
     switch (this.lastNormalKeyDownEvent.keyCode) {
     case  39: /* ' -> " */ u = 39; s =  34; break;
     case  44: /* , -> < */ u = 44; s =  60; break;
@@ -2953,17 +2957,23 @@ VT100.prototype.fixEvent = function(event) {
     case 222: /* ' -> " */ u = 39; s =  34; break;
     default:                                break;
     }
-    if (s && (event.charCode == u || event.charCode == 0)) {
+  } else {
-      var fake              = [ ];
+    var c = this.lastNormalKeyDownEvent.keyCode;
-      fake.charCode         = s;
+    if (c >= 65 && c <= 90) {
-      fake.keyCode          = event.keyCode;
+      u = c;
-      fake.ctrlKey          = event.ctrlKey;
+      s = u | 32;
-      fake.shiftKey         = event.shiftKey;
-      fake.altKey           = event.altKey;
-      fake.metaKey          = event.metaKey;
-      return fake;
     }
   }
+  if (s && (event.charCode == u || event.charCode == 0)) {
+    var fake              = [ ];
+    fake.charCode         = s;
+    fake.keyCode          = event.keyCode;
+    fake.ctrlKey          = event.ctrlKey;
+    fake.shiftKey         = event.shiftKey;
+    fake.altKey           = event.altKey;
+    fake.metaKey          = event.metaKey;
+    return fake;
+  }
   return event;
 };
 
@@ -3048,10 +3058,8 @@ VT100.prototype.keyDown = function(event) {
     } else {
       fake.charCode             = 0;
       fake.keyCode              = event.keyCode;
-      if (!alphNumKey && event.shiftKey) {
-        fake                    = this.fixEvent(fake);
-      }
     }
+    fake                        = this.fixEvent(fake);
 
     this.handleKey(fake);
     this.lastNormalKeyDownEvent = undefined;
@@ -3166,9 +3174,9 @@ VT100.prototype.keyUp = function(event) {
       } else {
         fake.charCode             = 0;
         fake.keyCode              = event.keyCode;
-        if (!alphNumKey && (event.ctrlKey || event.altKey || event.metaKey)) {
+      }
-          fake                    = this.fixEvent(fake);
+      if (event.ctrlKey || event.altKey || event.metaKey) {
-        }
+        fake                      = this.fixEvent(fake);
       }
       this.lastNormalKeyDownEvent = undefined;
       this.handleKey(fake);
@@ -3900,7 +3908,7 @@ VT100.prototype.csim = function() {
     case 27: this.attr &= ~ ATTR_REVERSE;                              break;
     case 38:
       if (this.npar >= (i+2) && this.par[i+1] == 5) {
-        // Foreground color for extended color mode (256 colors). Escape code is formated
+        // Foreground color for extended color mode (256 colors). Escape code is formatted
         // as: ESC 38; 5; 0-255. Last parameter is color code in range [0-255]. This is
         // not VT100 standard.
         this.attrFg     = (this.par[i+2] >= 0 && this.par[i+2] <= 255) ? this.par[i+2] : false;
@@ -3916,7 +3924,7 @@ VT100.prototype.csim = function() {
       break;
     case 48:
       if (this.npar >= (i+2) && this.par[i+1] == 5) {
-        // Background color for extended color mode (256 colors). Escape code is formated
+        // Background color for extended color mode (256 colors). Escape code is formatted
         // as: ESC 48; 5; 0-255. Last parameter is color code in range [0-255]. This is
         // not VT100 standard.
         this.attrBg     = (this.par[i+2] >= 0 && this.par[i+2] <= 255) ? this.par[i+2] : false;
@@ -4046,6 +4054,8 @@ VT100.prototype.doControl = function(ch) {
 /*0*/ case 0x30:
 /*1*/ case 0x31:
 /*2*/ case 0x32: this.isEsc   = EStitle; this.titleString = '';         break;
+/*6*/ case 0x36: this.isEsc   = ESVTEtitle;                             break;
+/*7*/ case 0x37: this.isEsc   = ESVTEtitle;                             break;
 /*P*/ case 0x50: this.npar    = 0; this.par = [ 0, 0, 0, 0, 0, 0, 0 ];
                  this.isEsc   = ESpalette;                              break;
 /*R*/ case 0x52: // Palette support is not implemented
@@ -4273,6 +4283,13 @@ VT100.prototype.doControl = function(ch) {
       this.lastCharacter      = String.fromCharCode(ch);
       lineBuf                += this.lastCharacter;
       this.isEsc              = ESnormal;                               break;
+    case ESVTEtitle:
+      // Ignores VTE escape sequences for current directory (OSC6) and current
+      // file (OSC7).
+      if (ch == 0x07 || ch == 0x5C) {
+        this.isEsc            = ESnormal;
+      }
+      break;
     default:
       this.isEsc              = ESnormal;                               break;
     }

shellinabox_sshwrapper.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+set -ex
+# 
+read -p "SSH remote host (hostname or ip address) [localhost] : " host;
+[[ -z "${host}" ]] && host=localhost;
+#
+read -p "If a puplic_key authentification?: [y/N] : " puplic;
+#
+read -p "SSH remote port [22] : " port;
+[[ -z "${port}" ]] && port=22;
+#
+read -p "SSH remote username [pi] : " username;
+[[ -z "${username}" ]] && username=pi;
+#
+if [ "$puplic" == "y" ];
+  then
+    read -p "How is your public_key?: " key;
+    echo $key > ~/.ssh/id_rsa.pub;
+
+    rm ~/.ssh/id_rsa;
+    echo "Enter your private id here and press the enter key for a new line !!!";
+    id=null
+    while [ "$id" != "" ];
+      do
+      read -p "How is your id_rsa key?: " id;
+      echo $id >> ~/.ssh/id_rsa;
+    done
+    exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $username@$host;
+  else
+    exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $username@$host;
+fi