Fix problem where auth timeout wasn't checked when waiting for ident

ce59260e · Matt Johnston · 387ebccf · ce59260e · ce59260e · ce59260e
Commit ce59260e authored 10 years ago by Matt Johnston
--- a/common-session.c
+++ b/common-session.c
@@ -76,6 +76,7 @@ void common_session_init(int sock_in, int sock_out) {
 	update_channel_prio();
 	now = monotonic_now();
+	ses.connect_time = now;
 	ses.last_packet_time_keepalive_recv = now;
 	ses.last_packet_time_idle = now;
 	ses.last_packet_time_any_sent = 0;
@@ -486,6 +487,11 @@ static void checktimeouts() {
 	time_t now;
 	now = monotonic_now();
+	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
+		&& now - ses.connect_time >= AUTH_TIMEOUT) {
+			dropbear_close("Timeout before auth");
+	}
 	/* we can't rekey if we haven't done remote ident exchange yet */
 	if (ses.remoteident == NULL) {
 		return;

--- a/session.h
+++ b/session.h
@@ -109,6 +109,11 @@ struct sshsession {
 	/* Is it a client or server? */
 	unsigned char isserver;
+	time_t connect_time; /* time the connection was established
+							(cleared after auth once we're not
+							respecting AUTH_TIMEOUT any more).
+							A monotonic time, not realworld */
 	int sock_in;
 	int sock_out;
@@ -231,11 +236,6 @@ struct serversession {
 	/* The resolved remote address, used for lastlog etc */
 	char *remotehost;
-	time_t connect_time; /* time the connection was established
-							(cleared after auth once we're not
-							respecting AUTH_TIMEOUT any more).
-							A monotonic time, not realworld */
 #ifdef USE_VFORK
 	pid_t server_pid;
 #endif

--- a/svr-auth.c
+++ b/svr-auth.c
@@ -392,7 +392,8 @@ void send_msg_userauth_success() {
 	/* authdone must be set after encrypt_packet() for 
 	 * delayed-zlib mode */
 	ses.authstate.authdone = 1;
-	svr_ses.connect_time = 0;
+	ses.connect_time = 0;
 	if (ses.authstate.pw_uid == 0) {
 		ses.allowprivport = 1;

--- a/svr-session.c
+++ b/svr-session.c
@@ -88,22 +88,12 @@ svr_session_cleanup(void) {
 	svr_ses.childpidsize = 0;
 }
-static void
-svr_sessionloop() {
-	if (svr_ses.connect_time != 0 
-		&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
-		dropbear_close("Timeout before auth");
-	}
-}
 void svr_session(int sock, int childpipe) {
 	char *host, *port;
 	size_t len;
 	common_session_init(sock, sock);
-	svr_ses.connect_time = monotonic_now();;
 	/* Initialise server specific parts of the session */
 	svr_ses.childpipe = childpipe;
 #ifdef USE_VFORK
@@ -146,7 +136,7 @@ void svr_session(int sock, int childpipe) {
 	/* Run the main for loop. NULL is for the dispatcher - only the client
 	 * code makes use of it */
-	session_loop(svr_sessionloop);
+	session_loop(NULL);
 	/* Not reached */