Commit ce59260e authored by Matt Johnston's avatar Matt Johnston
Browse files

Fix problem where auth timeout wasn't checked when waiting for ident

parent 387ebccf
......@@ -76,6 +76,7 @@ void common_session_init(int sock_in, int sock_out) {
update_channel_prio();
now = monotonic_now();
ses.connect_time = now;
ses.last_packet_time_keepalive_recv = now;
ses.last_packet_time_idle = now;
ses.last_packet_time_any_sent = 0;
......@@ -486,6 +487,11 @@ static void checktimeouts() {
time_t now;
now = monotonic_now();
if (IS_DROPBEAR_SERVER && ses.connect_time != 0
&& now - ses.connect_time >= AUTH_TIMEOUT) {
dropbear_close("Timeout before auth");
}
/* we can't rekey if we haven't done remote ident exchange yet */
if (ses.remoteident == NULL) {
return;
......
......@@ -109,6 +109,11 @@ struct sshsession {
/* Is it a client or server? */
unsigned char isserver;
time_t connect_time; /* time the connection was established
(cleared after auth once we're not
respecting AUTH_TIMEOUT any more).
A monotonic time, not realworld */
int sock_in;
int sock_out;
......@@ -231,11 +236,6 @@ struct serversession {
/* The resolved remote address, used for lastlog etc */
char *remotehost;
time_t connect_time; /* time the connection was established
(cleared after auth once we're not
respecting AUTH_TIMEOUT any more).
A monotonic time, not realworld */
#ifdef USE_VFORK
pid_t server_pid;
#endif
......
......@@ -392,7 +392,8 @@ void send_msg_userauth_success() {
/* authdone must be set after encrypt_packet() for
* delayed-zlib mode */
ses.authstate.authdone = 1;
svr_ses.connect_time = 0;
ses.connect_time = 0;
if (ses.authstate.pw_uid == 0) {
ses.allowprivport = 1;
......
......@@ -88,22 +88,12 @@ svr_session_cleanup(void) {
svr_ses.childpidsize = 0;
}
static void
svr_sessionloop() {
if (svr_ses.connect_time != 0
&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
dropbear_close("Timeout before auth");
}
}
void svr_session(int sock, int childpipe) {
char *host, *port;
size_t len;
common_session_init(sock, sock);
svr_ses.connect_time = monotonic_now();;
/* Initialise server specific parts of the session */
svr_ses.childpipe = childpipe;
#ifdef USE_VFORK
......@@ -146,7 +136,7 @@ void svr_session(int sock, int childpipe) {
/* Run the main for loop. NULL is for the dispatcher - only the client
* code makes use of it */
session_loop(svr_sessionloop);
session_loop(NULL);
/* Not reached */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment