ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-03-03 10:41:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix problem where auth timeout wasn't checked when waiting for ident

Browse Source
This commit is contained in:
Matt Johnston 2015-08-03 21:59:40 +08:00
parent 387ebccf36
commit ce59260ee9
4 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common-session.c
View File

@ -76,6 +76,7 @@ void common_session_init(int sock_in, int sock_out) {
update_channel_prio();
now = monotonic_now();
ses.connect_time = now;
ses.last_packet_time_keepalive_recv = now;
ses.last_packet_time_idle = now;
ses.last_packet_time_any_sent = 0;
@ -486,6 +487,11 @@ static void checktimeouts() {
time_t now;
now = monotonic_now();
if (IS_DROPBEAR_SERVER && ses.connect_time != 0
&& now - ses.connect_time >= AUTH_TIMEOUT) {
dropbear_close("Timeout before auth");
}
/* we can't rekey if we haven't done remote ident exchange yet */
if (ses.remoteident == NULL) {
return;

10
session.h
View File

@ -109,6 +109,11 @@ struct sshsession {
/* Is it a client or server? */
unsigned char isserver;
time_t connect_time; /* time the connection was established
(cleared after auth once we're not
respecting AUTH_TIMEOUT any more).
A monotonic time, not realworld */
int sock_in;
int sock_out;
@ -231,11 +236,6 @@ struct serversession {
/* The resolved remote address, used for lastlog etc */
char *remotehost;
time_t connect_time; /* time the connection was established
(cleared after auth once we're not
respecting AUTH_TIMEOUT any more).
A monotonic time, not realworld */
#ifdef USE_VFORK
pid_t server_pid;
#endif

3
svr-auth.c
View File

@ -392,7 +392,8 @@ void send_msg_userauth_success() {
/* authdone must be set after encrypt_packet() for
* delayed-zlib mode */
ses.authstate.authdone = 1;
svr_ses.connect_time = 0;
ses.connect_time = 0;
if (ses.authstate.pw_uid == 0) {
ses.allowprivport = 1;

12
svr-session.c
View File

@ -88,22 +88,12 @@ svr_session_cleanup(void) {
svr_ses.childpidsize = 0;
}
static void
svr_sessionloop() {
if (svr_ses.connect_time != 0
&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
dropbear_close("Timeout before auth");
}
}
void svr_session(int sock, int childpipe) {
char *host, *port;
size_t len;
common_session_init(sock, sock);
svr_ses.connect_time = monotonic_now();;
/* Initialise server specific parts of the session */
svr_ses.childpipe = childpipe;
#ifdef USE_VFORK
@ -146,7 +136,7 @@ void svr_session(int sock, int childpipe) {
/* Run the main for loop. NULL is for the dispatcher - only the client
* code makes use of it */
session_loop(svr_sessionloop);
session_loop(NULL);
/* Not reached */