ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix auth timeout regression

Browse Source
This commit is contained in:
Matt Johnston 2014-07-09 22:02:22 +08:00
parent c884e5000e
commit f1826ea389
4 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common-session.c
View File

@ -60,7 +60,6 @@ void common_session_init(int sock_in, int sock_out) {
ses.maxfd = MAX(sock_in, sock_out); ses.maxfd = MAX(sock_in, sock_out);
now = monotonic_now(); now = monotonic_now();
ses.connect_time = now;
ses.last_packet_time_keepalive_recv = now; ses.last_packet_time_keepalive_recv = now;
ses.last_packet_time_idle = now; ses.last_packet_time_idle = now;
ses.last_packet_time_any_sent = 0; ses.last_packet_time_any_sent = 0;
@ -415,10 +414,6 @@ static void checktimeouts() {
time_t now; time_t now;
now = monotonic_now(); now = monotonic_now();
if (now - ses.connect_time >= AUTH_TIMEOUT) {
dropbear_close("Timeout before auth");
}
/* we can't rekey if we haven't done remote ident exchange yet */ /* we can't rekey if we haven't done remote ident exchange yet */
if (ses.remoteident == NULL) { if (ses.remoteident == NULL) {
return; return;

10
session.h
View File

@ -104,11 +104,6 @@ struct sshsession {
/* Is it a client or server? */ /* Is it a client or server? */
unsigned char isserver; unsigned char isserver;
time_t connect_time; /* time the connection was established
(cleared after auth once we're not
respecting AUTH_TIMEOUT any more).
A monotonic time, not realworld */
int sock_in; int sock_in;
int sock_out; int sock_out;
@ -221,6 +216,11 @@ struct serversession {
/* The resolved remote address, used for lastlog etc */ /* The resolved remote address, used for lastlog etc */
char *remotehost; char *remotehost;
time_t connect_time; /* time the connection was established
(cleared after auth once we're not
respecting AUTH_TIMEOUT any more).
A monotonic time, not realworld */
#ifdef USE_VFORK #ifdef USE_VFORK
pid_t server_pid; pid_t server_pid;
#endif #endif

3
svr-auth.c
View File

@ -392,8 +392,7 @@ void send_msg_userauth_success() {
/* authdone must be set after encrypt_packet() for /* authdone must be set after encrypt_packet() for
* delayed-zlib mode */ * delayed-zlib mode */
ses.authstate.authdone = 1; ses.authstate.authdone = 1;
ses.connect_time = 0; svr_ses.connect_time = 0;
if (ses.authstate.pw_uid == 0) { if (ses.authstate.pw_uid == 0) {
ses.allowprivport = 1; ses.allowprivport = 1;

12
svr-session.c
View File

@ -80,12 +80,22 @@ svr_session_cleanup(void)
svr_pubkey_options_cleanup(); svr_pubkey_options_cleanup();
} }
static void
svr_sessionloop() {
if (svr_ses.connect_time != 0
&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
dropbear_close("Timeout before auth");
}
}
void svr_session(int sock, int childpipe) { void svr_session(int sock, int childpipe) {
char *host, *port; char *host, *port;
size_t len; size_t len;
common_session_init(sock, sock); common_session_init(sock, sock);
svr_ses.connect_time = monotonic_now();;
/* Initialise server specific parts of the session */ /* Initialise server specific parts of the session */
svr_ses.childpipe = childpipe; svr_ses.childpipe = childpipe;
#ifdef USE_VFORK #ifdef USE_VFORK
@ -126,7 +136,7 @@ void svr_session(int sock, int childpipe) {
/* Run the main for loop. NULL is for the dispatcher - only the client /* Run the main for loop. NULL is for the dispatcher - only the client
* code makes use of it */ * code makes use of it */
session_loop(NULL); session_loop(svr_sessionloop);
/* Not reached */ /* Not reached */