New public API: dssh_auth_set_banner(sess, message, language)
queues a banner to be sent before the next auth response.
Callbacks can set new banners dynamically. NULL message cancels.
Empty message rejected with DSSH_ERROR_INVALID per RFC 4252 s5.4.
Banners flushed in send_auth_success and send_auth_failure,
and at the top of the auth loop (for the initial pre-auth banner).
Pending banner freed on session cleanup.
Example server enhancements:
- Welcome banner before auth
- Sarcastic per-callback banners showing username/password/key info
- 75% random auth rejection with 16 quips
- publickey auth support with same rejection odds
- Debug, unimplemented, and global request callbacks registered
- Banner logging via set_banner() helper
- All session callbacks now wired up
- Move channel flag pre-checks (open/eof_sent/close_received) into
dssh_conn_send_data() and dssh_conn_send_extended_data() under buf_mtx,
fixing data races in write paths (items 58, 59)
- Change dssh_session_start() double-start guard from demux_running to
conn_initialized; clear flag in dssh_session_stop() (item 68)
- Add DSSH_AUTH_DISCONNECT callback return value so server auth callbacks
can reject and disconnect clients (item 70)
- Replace all cnd_signal(poll_cnd) with cnd_broadcast to wake all waiters
when multiple threads poll the same channel (item 73)
Item 53: split bytes_since_rekey into tx/rx halves; make tx counters
atomic (atomic_uint_fast32_t / atomic_uint_fast64_t) so rekey_needed()
reads them lock-free from the recv thread without acquiring tx_mtx
(which send_packet holds across I/O). rx counters remain non-atomic
under rx_mtx.
Item 57: make all 10 *_selected pointer fields _Atomic in dssh_transport_state_s so algorithm query functions perform implicit
atomic loads, eliminating UB during rekey.
Item 60: dssh_key_algo_set_ctx() now refuses with DSSH_ERROR_TOOLATE
after first dssh_session_init() (same gconf.used gate as registration).
Items 61, 32: documented dssh_dh_gex_set_provider() and callback
setters as must-call-before-start with thrd_create happens-before
guarantee explanation.
Item 62/79: dssh_session_close() and dssh_channel_close() freed the
channel while the demux thread held buf_mtx, causing use-after-free.
Added atomic_bool closing to channel struct; close functions set it
before unregistering, then acquire/release buf_mtx to synchronize. demux_dispatch() checks closing after each unlock-relock window
(window-change callback, send CHANNEL_FAILURE) and bails out.
Added test_close_during_wc_cb regression test (8 CTest variants).
Item 89: Removed 14 DSSH_PRIVATE functions with no library callers
(test-only): parse/serialize for byte, boolean, uint64, string, mpint,
namelist (ssh-arch.c) and msgqueue_peek_size (ssh-chan.c). Cleaned up declarations in ssh-arch.h and ssh-chan.h, removed dead test cases.
Item 16: _Static_assert on next field offset for all 6 algorithm
structs (dssh_kex_s, dssh_key_algo_s, dssh_enc_s, dssh_mac_s,
dssh_comp_s, dssh_language_s) and test_algo_node. FREE_LIST macro
now takes a type parameter and uses typed ->next access instead of
memcpy cast.
Item 18: six identical dssh_transport_register_*() functions replaced
with DEFINE_REGISTER(func_name, param_type, head, tail, entries)
macro (~140 lines -> ~25 lines).