ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Idle timeout patch from Farrell Aultman. Needs testing, unsure if server

Browse Source 
code works

--HG--
extra : convert_revision : ff66e05ae040561110af70114bf83f11ed528f05
This commit is contained in:
Matt Johnston 2008-11-07 14:11:06 +00:00
parent e80f8e8c09
commit adc4d0194f
10 changed files with 59 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -16,7 +16,7 @@
to end up at host3 via the other two, using SSH TCP forwarding. It's a bit to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
like onion-routing. All connections are established from the local machine. like onion-routing. All connections are established from the local machine.
The comma-separated syntax can also be used for scp/rsync, eg The comma-separated syntax can also be used for scp/rsync, eg
scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump . rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/
to bounce through a few hosts. to bounce through a few hosts.
- Allow restrictions on authorized_keys logins such as restricting commands - Allow restrictions on authorized_keys logins such as restricting commands

13
cli-runopts.c
View File

@ -75,6 +75,7 @@ static void printhelp() {
#endif #endif
"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
"-K <keepalive> (0 is never, default %d)\n" "-K <keepalive> (0 is never, default %d)\n"
"-I <idle_timeout> (0 is never, default %d)\n"
#ifdef ENABLE_CLI_NETCAT #ifdef ENABLE_CLI_NETCAT
"-B <endhost:endport> Netcat-alike forwarding\n" "-B <endhost:endport> Netcat-alike forwarding\n"
#endif #endif
@ -85,7 +86,7 @@ static void printhelp() {
"-v verbose (compiled with DEBUG_TRACE)\n" "-v verbose (compiled with DEBUG_TRACE)\n"
#endif #endif
,DROPBEAR_VERSION, cli_opts.progname, ,DROPBEAR_VERSION, cli_opts.progname,
DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE); DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
} }
@ -110,6 +111,7 @@ void cli_getopts(int argc, char ** argv) {
char* recv_window_arg = NULL; char* recv_window_arg = NULL;
char* keepalive_arg = NULL; char* keepalive_arg = NULL;
char* idle_timeout_arg = NULL;
/* see printhelp() for options */ /* see printhelp() for options */
cli_opts.progname = argv[0]; cli_opts.progname = argv[0];
@ -261,6 +263,9 @@ void cli_getopts(int argc, char ** argv) {
case 'K': case 'K':
next = &keepalive_arg; next = &keepalive_arg;
break; break;
case 'I':
next = &idle_timeout_arg;
break;
#ifdef DEBUG_TRACE #ifdef DEBUG_TRACE
case 'v': case 'v':
debug_trace = 1; debug_trace = 1;
@ -369,6 +374,12 @@ void cli_getopts(int argc, char ** argv) {
} }
} }
if (idle_timeout_arg) {
if (m_str_to_uint(idle_timeout_arg, &opts.idle_timeout_secs) == DROPBEAR_FAILURE) {
dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
}
}
#ifdef ENABLE_CLI_NETCAT #ifdef ENABLE_CLI_NETCAT
if (cli_opts.cmd && cli_opts.netcat_host) { if (cli_opts.cmd && cli_opts.netcat_host) {
dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd); dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd);

2
common-channel.c
View File

@ -691,7 +691,7 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
dropbear_exit("received data after eof"); dropbear_exit("received data after eof");
} }
if (fd < 0) { if (fd < 0) {
/* If we have encountered failed write, the far side might still /* If we have encountered failed write, the far side might still
* be sending data without having yet received our close notification. * be sending data without having yet received our close notification.
* We just drop the data. */ * We just drop the data. */

22
common-session.c
View File

@ -63,6 +63,7 @@ void common_session_init(int sock_in, int sock_out, char* remotehost) {
ses.maxfd = MAX(sock_in, sock_out); ses.maxfd = MAX(sock_in, sock_out);
ses.connect_time = 0; ses.connect_time = 0;
ses.last_trx_packet_time = 0;
ses.last_packet_time = 0; ses.last_packet_time = 0;
if (pipe(ses.signal_pipe) < 0) { if (pipe(ses.signal_pipe) < 0) {
@ -258,7 +259,7 @@ void session_identification() {
ses.remoteclosed(); ses.remoteclosed();
} }
/* If they send more than 50 lines, something is wrong */ /* If they send more than 50 lines, something is wrong */
for (i = 0; i < 50; i++) { for (i = 0; i < 50; i++) {
len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf)); len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf));
@ -283,11 +284,11 @@ void session_identification() {
memcpy(ses.remoteident, linebuf, len); memcpy(ses.remoteident, linebuf, len);
} }
/* Shall assume that 2.x will be backwards compatible. */ /* Shall assume that 2.x will be backwards compatible. */
if (strncmp(ses.remoteident, "SSH-2.", 6) != 0 if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
&& strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) { && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
dropbear_exit("Incompatible remote version '%s'", ses.remoteident); dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
} }
TRACE(("remoteident: %s", ses.remoteident)) TRACE(("remoteident: %s", ses.remoteident))
@ -399,9 +400,14 @@ static void checktimeouts() {
} }
if (opts.keepalive_secs > 0 if (opts.keepalive_secs > 0
&& now - ses.last_packet_time >= opts.keepalive_secs) { && now - ses.last_trx_packet_time >= opts.keepalive_secs) {
send_msg_ignore(); send_msg_ignore();
} }
if (opts.idle_timeout_secs > 0 && ses.last_packet_time > 0
&& now - ses.last_packet_time >= opts.idle_timeout_secs) {
dropbear_close("Idle timeout");
}
} }
static long select_timeout() { static long select_timeout() {
@ -414,6 +420,8 @@ static long select_timeout() {
ret = MIN(AUTH_TIMEOUT, ret); ret = MIN(AUTH_TIMEOUT, ret);
if (opts.keepalive_secs > 0) if (opts.keepalive_secs > 0)
ret = MIN(opts.keepalive_secs, ret); ret = MIN(opts.keepalive_secs, ret);
if (opts.idle_timeout_secs > 0)
ret = MIN(opts.idle_timeout_secs, ret);
return ret; return ret;
} }

8
options.h
View File

@ -149,9 +149,9 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
* but there's an interface via a PAM module - don't bother using it otherwise. * but there's an interface via a PAM module - don't bother using it otherwise.
* You can't enable both PASSWORD and PAM. */ * You can't enable both PASSWORD and PAM. */
#define ENABLE_SVR_PASSWORD_AUTH /*#define ENABLE_SVR_PASSWORD_AUTH*/
/* PAM requires ./configure --enable-pam */ /* PAM requires ./configure --enable-pam */
/*#define ENABLE_SVR_PAM_AUTH*/ #define ENABLE_SVR_PAM_AUTH
#define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_SVR_PUBKEY_AUTH
/* Wether to ake public key options in authorized_keys file into account */ /* Wether to ake public key options in authorized_keys file into account */
@ -258,6 +258,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
be overridden at runtime with -K. 0 disables keepalives */ be overridden at runtime with -K. 0 disables keepalives */
#define DEFAULT_KEEPALIVE 0 #define DEFAULT_KEEPALIVE 0
/* Ensure that data is received within IDLE_TIMEOUT seconds. This can
be overridden at runtime with -I. 0 disables idle timeouts */
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */ /* The default path. This will often get replaced by the shell */
#define DEFAULT_PATH "/usr/bin:/bin" #define DEFAULT_PATH "/usr/bin:/bin"

1
packet.c
View File

@ -72,6 +72,7 @@ void write_packet() {
} }
} }
ses.last_trx_packet_time = time(NULL);
ses.last_packet_time = time(NULL); ses.last_packet_time = time(NULL);
if (written == 0) { if (written == 0) {

1
process-packet.c
View File

@ -70,6 +70,7 @@ void process_packet() {
dropbear_close("Disconnect received"); dropbear_close("Disconnect received");
} }
ses.last_packet_time = time(NULL);
/* This applies for KEX, where the spec says the next packet MUST be /* This applies for KEX, where the spec says the next packet MUST be
* NEWKEYS */ * NEWKEYS */

1
runopts.h
View File

@ -38,6 +38,7 @@ typedef struct runopts {
#endif #endif
unsigned int recv_window; unsigned int recv_window;
unsigned int keepalive_secs; unsigned int keepalive_secs;
unsigned int idle_timeout_secs;
} runopts; } runopts;

8
session.h
View File

@ -148,12 +148,16 @@ struct sshsession {
unsigned char lastpacket; /* What the last received packet type was */ unsigned char lastpacket; /* What the last received packet type was */
int signal_pipe[2]; /* stores endpoints of a self-pipe used for int signal_pipe[2]; /* stores endpoints of a self-pipe used for
race-free signal handling */ race-free signal handling */
time_t last_packet_time; /* time of the last packet transmission, for time_t last_trx_packet_time; /* time of the last packet transmission, for
keepalive purposes */ keepalive purposes */
time_t last_packet_time; /* time of the last packet transmission or receive, for
idle timeout purposes */
/* KEX/encryption related */ /* KEX/encryption related */
struct KEXState kexstate; struct KEXState kexstate;
struct key_context *keys; struct key_context *keys;

18
svr-runopts.c
View File

@ -82,6 +82,7 @@ static void printhelp(const char * progname) {
#endif #endif
"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
"-K <keepalive> (0 is never, default %d)\n" "-K <keepalive> (0 is never, default %d)\n"
"-I <idle_timeout> (0 is never, default %d)\n"
#ifdef DEBUG_TRACE #ifdef DEBUG_TRACE
"-v verbose (compiled with DEBUG_TRACE)\n" "-v verbose (compiled with DEBUG_TRACE)\n"
#endif #endif
@ -93,7 +94,7 @@ static void printhelp(const char * progname) {
RSA_PRIV_FILENAME, RSA_PRIV_FILENAME,
#endif #endif
DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE); DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
} }
void svr_getopts(int argc, char ** argv) { void svr_getopts(int argc, char ** argv) {
@ -103,6 +104,7 @@ void svr_getopts(int argc, char ** argv) {
int nextisport = 0; int nextisport = 0;
char* recv_window_arg = NULL; char* recv_window_arg = NULL;
char* keepalive_arg = NULL; char* keepalive_arg = NULL;
char* idle_timeout_arg = NULL;
/* see printhelp() for options */ /* see printhelp() for options */
svr_opts.rsakeyfile = NULL; svr_opts.rsakeyfile = NULL;
@ -134,7 +136,8 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.usingsyslog = 1; svr_opts.usingsyslog = 1;
#endif #endif
opts.recv_window = DEFAULT_RECV_WINDOW; opts.recv_window = DEFAULT_RECV_WINDOW;
opts.keepalive_secs = DEFAULT_KEEPALIVE; opts.keepalive_secs = DEFAULT_KEEPALIVE;
opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
#ifdef ENABLE_SVR_REMOTETCPFWD #ifdef ENABLE_SVR_REMOTETCPFWD
opts.listen_fwd_all = 0; opts.listen_fwd_all = 0;
@ -218,6 +221,9 @@ void svr_getopts(int argc, char ** argv) {
case 'K': case 'K':
next = &keepalive_arg; next = &keepalive_arg;
break; break;
case 'I':
next = &idle_timeout_arg;
break;
#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
case 's': case 's':
svr_opts.noauthpass = 1; svr_opts.noauthpass = 1;
@ -253,7 +259,7 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS); svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS);
svr_opts.portcount = 1; svr_opts.portcount = 1;
} }
if (svr_opts.dsskeyfile == NULL) { if (svr_opts.dsskeyfile == NULL) {
svr_opts.dsskeyfile = DSS_PRIV_FILENAME; svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
} }
@ -294,6 +300,12 @@ void svr_getopts(int argc, char ** argv) {
dropbear_exit("Bad keepalive '%s'", keepalive_arg); dropbear_exit("Bad keepalive '%s'", keepalive_arg);
} }
} }
if (idle_timeout_arg) {
if (m_str_to_uint(idle_timeout_arg, &opts.idle_timeout_secs) == DROPBEAR_FAILURE) {
dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
}
}
} }
static void addportandaddress(char* spec) { static void addportandaddress(char* spec) {