Mercurial > dropbear
annotate common-session.c @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
author | Fedor Brunner <fedor.brunner@azet.sk> |
---|---|
date | Fri, 23 Jan 2015 23:00:25 +0800 |
parents | 0bb16232e7c4 |
children | 73ea0dce9a57 363c0feca5d4 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "session.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "dbutil.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "packet.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "algo.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "dss.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "ssh.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
33 #include "dbrandom.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "kex.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "channel.h" |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
36 #include "runopts.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
38 static void checktimeouts(); |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
39 static long select_timeout(); |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
40 static int ident_readln(int fd, char* buf, int count); |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
41 static void read_session_identification(); |
26 | 42 |
24 | 43 struct sshsession ses; /* GLOBAL */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 /* need to know if the session struct has been initialised, this way isn't the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 * cleanest, but works OK */ |
24 | 47 int sessinitdone = 0; /* GLOBAL */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 /* this is set when we get SIGINT or SIGTERM, the handler is in main.c */ |
24 | 50 int exitflag = 0; /* GLOBAL */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 /* called only at the start of a session, set up initial state */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
537
diff
changeset
|
53 void common_session_init(int sock_in, int sock_out) { |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
54 time_t now; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
56 TRACE(("enter session_init")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
58 ses.sock_in = sock_in; |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
59 ses.sock_out = sock_out; |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
60 ses.maxfd = MAX(sock_in, sock_out); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
62 ses.socket_prio = DROPBEAR_PRIO_DEFAULT; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
63 /* Sets it to lowdelay */ |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
64 update_channel_prio(); |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
65 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
66 now = monotonic_now(); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
67 ses.last_packet_time_keepalive_recv = now; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
68 ses.last_packet_time_idle = now; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
69 ses.last_packet_time_any_sent = 0; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
70 ses.last_packet_time_keepalive_sent = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
72 if (pipe(ses.signal_pipe) < 0) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
73 dropbear_exit("Signal pipe failed"); |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
74 } |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
75 setnonblocking(ses.signal_pipe[0]); |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
76 setnonblocking(ses.signal_pipe[1]); |
537
7de2f22ea759
- Add the signal pipe to maxfd
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
77 |
7de2f22ea759
- Add the signal pipe to maxfd
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
78 ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[0]); |
7de2f22ea759
- Add the signal pipe to maxfd
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
79 ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[1]); |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
80 |
33 | 81 kexfirstinitialise(); /* initialise the kex state */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 |
448
9c61e7af0156
Rearrange the channel buffer sizes into three neat use-editable values in
Matt Johnston <matt@ucc.asn.au>
parents:
416
diff
changeset
|
83 ses.writepayload = buf_new(TRANS_MAX_PAYLOAD_LEN); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 ses.transseq = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 ses.readbuf = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 ses.payload = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 ses.recvseq = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 |
135
d663445c1533
Initialise the outgoing packet queue
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
90 initqueue(&ses.writequeue); |
d663445c1533
Initialise the outgoing packet queue
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
91 |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
92 ses.requirenext = SSH_MSG_KEXINIT; |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
93 ses.dataallowed = 1; /* we can send data until we actually |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
94 send the SSH_MSG_KEXINIT */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 ses.ignorenext = 0; |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
96 ses.lastpacket = 0; |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
97 ses.reply_queue_head = NULL; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
98 ses.reply_queue_tail = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 /* set all the algos to none */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 ses.newkeys = NULL; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
103 ses.keys->recv.algo_crypt = &dropbear_nocipher; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
104 ses.keys->trans.algo_crypt = &dropbear_nocipher; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
105 ses.keys->recv.crypt_mode = &dropbear_mode_none; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
106 ses.keys->trans.crypt_mode = &dropbear_mode_none; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
108 ses.keys->recv.algo_mac = &dropbear_nohash; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
109 ses.keys->trans.algo_mac = &dropbear_nohash; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
111 ses.keys->algo_kex = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 ses.keys->algo_hostkey = -1; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
113 ses.keys->recv.algo_comp = DROPBEAR_COMP_NONE; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
114 ses.keys->trans.algo_comp = DROPBEAR_COMP_NONE; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 #ifndef DISABLE_ZLIB |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
117 ses.keys->recv.zstream = NULL; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
531
diff
changeset
|
118 ses.keys->trans.zstream = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 /* key exchange buffers */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 ses.session_id = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 ses.kexhashbuf = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 ses.transkexinit = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 ses.dh_K = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 ses.remoteident = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 |
6
ab00ef513e97
Sorted out the first channel init issues.
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
128 ses.chantypes = NULL; |
ab00ef513e97
Sorted out the first channel init issues.
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
129 |
21
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
130 ses.allowprivport = 0; |
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
131 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
132 TRACE(("leave session_init")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 |
26 | 135 void session_loop(void(*loophandler)()) { |
136 | |
137 fd_set readfd, writefd; | |
138 struct timeval timeout; | |
139 int val; | |
140 | |
141 /* main loop, select()s for all sockets in use */ | |
142 for(;;) { | |
143 | |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
144 timeout.tv_sec = select_timeout(); |
26 | 145 timeout.tv_usec = 0; |
146 FD_ZERO(&writefd); | |
147 FD_ZERO(&readfd); | |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
148 dropbear_assert(ses.payload == NULL); |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
149 |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
150 /* during initial setup we flush out the KEXINIT packet before |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
151 * attempting to read the remote version string, which might block */ |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
152 if (ses.sock_in != -1 && (ses.remoteident || isempty(&ses.writequeue))) { |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
153 FD_SET(ses.sock_in, &readfd); |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
154 } |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
155 if (ses.sock_out != -1 && !isempty(&ses.writequeue)) { |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
156 FD_SET(ses.sock_out, &writefd); |
26 | 157 } |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
158 |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
159 /* We get woken up when signal handlers write to this pipe. |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
160 SIGCHLD in svr-chansession is the only one currently. */ |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
161 FD_SET(ses.signal_pipe[0], &readfd); |
26 | 162 |
896
a1a97e98b0c1
Read (and enqueue) packets from interactive input even when
Matt Johnston <matt@ucc.asn.au>
parents:
891
diff
changeset
|
163 /* set up for channels which can be read/written */ |
a1a97e98b0c1
Read (and enqueue) packets from interactive input even when
Matt Johnston <matt@ucc.asn.au>
parents:
891
diff
changeset
|
164 setchannelfds(&readfd, &writefd); |
a1a97e98b0c1
Read (and enqueue) packets from interactive input even when
Matt Johnston <matt@ucc.asn.au>
parents:
891
diff
changeset
|
165 |
26 | 166 val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout); |
167 | |
168 if (exitflag) { | |
169 dropbear_exit("Terminated by signal"); | |
170 } | |
171 | |
373
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
172 if (val < 0 && errno != EINTR) { |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
173 dropbear_exit("Error in select"); |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
174 } |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
175 |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
176 if (val <= 0) { |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
177 /* If we were interrupted or the select timed out, we still |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
178 * want to iterate over channels etc for reading, to handle |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
179 * server processes exiting etc. |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
180 * We don't want to read/write FDs. */ |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
181 FD_ZERO(&writefd); |
70caa99bfe3a
Tidy up behaviour when select() is interrupted. We follow normal
Matt Johnston <matt@ucc.asn.au>
parents:
344
diff
changeset
|
182 FD_ZERO(&readfd); |
26 | 183 } |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
184 |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
185 /* We'll just empty out the pipe if required. We don't do |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
186 any thing with the data, since the pipe's purpose is purely to |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
187 wake up the select() above. */ |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
188 if (FD_ISSET(ses.signal_pipe[0], &readfd)) { |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
189 char x; |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
190 while (read(ses.signal_pipe[0], &x, 1) > 0) {} |
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
373
diff
changeset
|
191 } |
26 | 192 |
193 /* check for auth timeout, rekeying required etc */ | |
194 checktimeouts(); | |
195 | |
929
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
196 /* process session socket's incoming data */ |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
197 if (ses.sock_in != -1) { |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
198 if (FD_ISSET(ses.sock_in, &readfd)) { |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
199 if (!ses.remoteident) { |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
200 /* blocking read of the version string */ |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
201 read_session_identification(); |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
202 } else { |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
203 read_packet(); |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
204 } |
26 | 205 } |
206 | |
207 /* Process the decrypted packet. After this, the read buffer | |
208 * will be ready for a new packet */ | |
209 if (ses.payload != NULL) { | |
210 process_packet(); | |
211 } | |
212 } | |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
213 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
214 /* if required, flush out any queued reply packets that |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
215 were being held up during a KEX */ |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
216 maybe_flush_reply_queue(); |
26 | 217 |
218 /* process pipes etc for the channels, ses.dataallowed == 0 | |
219 * during rekeying ) */ | |
896
a1a97e98b0c1
Read (and enqueue) packets from interactive input even when
Matt Johnston <matt@ucc.asn.au>
parents:
891
diff
changeset
|
220 channelio(&readfd, &writefd); |
26 | 221 |
929
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
222 /* process session socket's outgoing data */ |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
223 if (ses.sock_out != -1) { |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
224 if (!isempty(&ses.writequeue)) { |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
225 write_packet(); |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
226 } |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
227 } |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
228 |
9d40ed1da686
Experiment of always writing data if available. Might waste a writev() with
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
229 |
26 | 230 if (loophandler) { |
231 loophandler(); | |
232 } | |
233 | |
234 } /* for(;;) */ | |
235 | |
236 /* Not reached */ | |
237 } | |
238 | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 /* clean up a session on exit */ |
733
70811267715c
Run the cleanup handler also when we close due to TCP connection being closed
Matt Johnston <matt@ucc.asn.au>
parents:
726
diff
changeset
|
240 void session_cleanup() { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
242 TRACE(("enter session_cleanup")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 /* we can't cleanup if we don't know the session state */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 if (!sessinitdone) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
246 TRACE(("leave session_cleanup: !sessinitdone")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 return; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 } |
733
70811267715c
Run the cleanup handler also when we close due to TCP connection being closed
Matt Johnston <matt@ucc.asn.au>
parents:
726
diff
changeset
|
249 |
70811267715c
Run the cleanup handler also when we close due to TCP connection being closed
Matt Johnston <matt@ucc.asn.au>
parents:
726
diff
changeset
|
250 if (ses.extra_session_cleanup) { |
70811267715c
Run the cleanup handler also when we close due to TCP connection being closed
Matt Johnston <matt@ucc.asn.au>
parents:
726
diff
changeset
|
251 ses.extra_session_cleanup(); |
70811267715c
Run the cleanup handler also when we close due to TCP connection being closed
Matt Johnston <matt@ucc.asn.au>
parents:
726
diff
changeset
|
252 } |
891
e78f5ce6e7bb
cleanup before clearing keys
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
253 |
e78f5ce6e7bb
cleanup before clearing keys
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
254 chancleanup(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 |
891
e78f5ce6e7bb
cleanup before clearing keys
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
256 /* Cleaning up keys must happen after other cleanup |
e78f5ce6e7bb
cleanup before clearing keys
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
257 functions which might queue packets */ |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
258 if (ses.session_id) { |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
259 buf_burn(ses.session_id); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
260 buf_free(ses.session_id); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
261 ses.session_id = NULL; |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
262 } |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
263 if (ses.hash) { |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
264 buf_burn(ses.hash); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
265 buf_free(ses.hash); |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
266 ses.hash = NULL; |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
267 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 m_burn(ses.keys, sizeof(struct key_context)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
269 m_free(ses.keys); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
270 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
271 TRACE(("leave session_cleanup")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
274 void send_session_identification() { |
751
685d05f1cc5c
Just put the version string on the queue, don't use atomicio
Matt Johnston <matt@ucc.asn.au>
parents:
733
diff
changeset
|
275 buffer *writebuf = buf_new(strlen(LOCAL_IDENT "\r\n") + 1); |
685d05f1cc5c
Just put the version string on the queue, don't use atomicio
Matt Johnston <matt@ucc.asn.au>
parents:
733
diff
changeset
|
276 buf_putbytes(writebuf, LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n")); |
857 | 277 buf_putbyte(writebuf, 0x0); /* packet type */ |
751
685d05f1cc5c
Just put the version string on the queue, don't use atomicio
Matt Johnston <matt@ucc.asn.au>
parents:
733
diff
changeset
|
278 buf_setpos(writebuf, 0); |
685d05f1cc5c
Just put the version string on the queue, don't use atomicio
Matt Johnston <matt@ucc.asn.au>
parents:
733
diff
changeset
|
279 enqueue(&ses.writequeue, writebuf); |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
280 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
281 |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
705
diff
changeset
|
282 static void read_session_identification() { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 /* max length of 255 chars */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
284 char linebuf[256]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
285 int len = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 char done = 0; |
103
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
287 int i; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
288 /* If they send more than 50 lines, something is wrong */ |
275
7f9adaf85fca
Exit with a message if the ssh protocol version is incompatible
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
289 for (i = 0; i < 50; i++) { |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
290 len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf)); |
103
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
291 |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
292 if (len < 0 && errno != EINTR) { |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
293 /* It failed */ |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
294 break; |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
295 } |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
296 |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
297 if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) { |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
298 /* start of line matches */ |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
299 done = 1; |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
300 break; |
8aeac62a968f
Allow leading lines before the ident banner when connecting
Matt Johnston <matt@ucc.asn.au>
parents:
41
diff
changeset
|
301 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
303 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
304 if (!done) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
305 TRACE(("err: %s for '%s'\n", strerror(errno), linebuf)) |
344
bf29e6659fb9
Just use the normal "remote closed" handler when reading ident stings
Matt Johnston <matt@ucc.asn.au>
parents:
275
diff
changeset
|
306 ses.remoteclosed(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
307 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 /* linebuf is already null terminated */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
309 ses.remoteident = m_malloc(len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
310 memcpy(ses.remoteident, linebuf, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
311 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
312 |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
313 /* Shall assume that 2.x will be backwards compatible. */ |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
314 if (strncmp(ses.remoteident, "SSH-2.", 6) != 0 |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
315 && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) { |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
316 dropbear_exit("Incompatible remote version '%s'", ses.remoteident); |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
317 } |
275
7f9adaf85fca
Exit with a message if the ssh protocol version is incompatible
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
318 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
319 TRACE(("remoteident: %s", ses.remoteident)) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
321 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
322 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
323 /* returns the length including null-terminating zero on success, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
324 * or -1 on failure */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
325 static int ident_readln(int fd, char* buf, int count) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
327 char in; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 int pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
329 int num = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
330 fd_set fds; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
331 struct timeval timeout; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
332 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
333 TRACE(("enter ident_readln")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
334 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
335 if (count < 1) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
339 FD_ZERO(&fds); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
341 /* select since it's a non-blocking fd */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 /* leave space to null-terminate */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 while (pos < count-1) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
346 FD_SET(fd, &fds); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
348 timeout.tv_sec = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
349 timeout.tv_usec = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
350 if (select(fd+1, &fds, NULL, NULL, &timeout) < 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
351 if (errno == EINTR) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
352 continue; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
353 } |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
354 TRACE(("leave ident_readln: select error")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
355 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
356 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
357 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
358 checktimeouts(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
359 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
360 /* Have to go one byte at a time, since we don't want to read past |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
361 * the end, and have to somehow shove bytes back into the normal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 * packet reader */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
363 if (FD_ISSET(fd, &fds)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
364 num = read(fd, &in, 1); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
365 /* a "\n" is a newline, "\r" we want to read in and keep going |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
366 * so that it won't be read as part of the next line */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
367 if (num < 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
368 /* error */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
369 if (errno == EINTR) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
370 continue; /* not a real error */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
371 } |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
372 TRACE(("leave ident_readln: read error")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
373 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
374 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
375 if (num == 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
376 /* EOF */ |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
377 TRACE(("leave ident_readln: EOF")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
378 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
379 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
380 if (in == '\n') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
381 /* end of ident string */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
382 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
384 /* we don't want to include '\r's */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 if (in != '\r') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
386 buf[pos] = in; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 pos++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
388 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
389 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
390 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
392 buf[pos] = '\0'; |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
393 TRACE(("leave ident_readln: return %d", pos+1)) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
394 return pos+1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
397 void ignore_recv_response() { |
968
f7f6c15b0ec3
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses
Matt Johnston <matt@ucc.asn.au>
parents:
941
diff
changeset
|
398 // Do nothing |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
399 TRACE(("Ignored msg_request_response")) |
968
f7f6c15b0ec3
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses
Matt Johnston <matt@ucc.asn.au>
parents:
941
diff
changeset
|
400 } |
f7f6c15b0ec3
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses
Matt Johnston <matt@ucc.asn.au>
parents:
941
diff
changeset
|
401 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
402 static void send_msg_keepalive() { |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
403 CHECKCLEARTOWRITE(); |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
404 time_t old_time_idle = ses.last_packet_time_idle; |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
405 |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
406 struct Channel *chan = get_any_ready_channel(); |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
407 |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
408 if (chan) { |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
409 /* Channel requests are preferable, more implementations |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
410 handle them than SSH_MSG_GLOBAL_REQUEST */ |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
411 TRACE(("keepalive channel request %d", chan->index)) |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
412 start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING); |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
413 } else { |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
414 TRACE(("keepalive global request")) |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
415 /* Some peers will reply with SSH_MSG_REQUEST_FAILURE, |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
416 some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */ |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
417 buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
418 buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING, |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
419 strlen(DROPBEAR_KEEPALIVE_STRING)); |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
420 } |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
421 buf_putbyte(ses.writepayload, 1); /* want_reply */ |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
422 encrypt_packet(); |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
423 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
424 ses.last_packet_time_keepalive_sent = monotonic_now(); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
425 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
426 /* keepalives shouldn't update idle timeout, reset it back */ |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
427 ses.last_packet_time_idle = old_time_idle; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
428 } |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
429 |
26 | 430 /* Check all timeouts which are required. Currently these are the time for |
431 * user authentication, and the automatic rekeying. */ | |
432 static void checktimeouts() { | |
433 | |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
434 time_t now; |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
927
diff
changeset
|
435 now = monotonic_now(); |
26 | 436 |
437 /* we can't rekey if we haven't done remote ident exchange yet */ | |
438 if (ses.remoteident == NULL) { | |
439 return; | |
440 } | |
441 | |
442 if (!ses.kexstate.sentkexinit | |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
443 && (now - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
444 || ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
135
diff
changeset
|
445 TRACE(("rekeying after timeout or max data reached")) |
26 | 446 send_msg_kexinit(); |
447 } | |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
448 |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
449 if (opts.keepalive_secs > 0 && ses.authstate.authdone) { |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
450 /* Avoid sending keepalives prior to auth - those are |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
451 not valid pre-auth packet types */ |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
968
diff
changeset
|
452 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
453 /* Send keepalives if we've been idle */ |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
454 if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) { |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
455 send_msg_keepalive(); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
456 } |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
457 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
458 /* Also send an explicit keepalive message to trigger a response |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
459 if the remote end hasn't sent us anything */ |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
460 if (now - ses.last_packet_time_keepalive_recv >= opts.keepalive_secs |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
461 && now - ses.last_packet_time_keepalive_sent >= opts.keepalive_secs) { |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
462 send_msg_keepalive(); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
463 } |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
464 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
465 if (now - ses.last_packet_time_keepalive_recv |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
466 >= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) { |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
467 dropbear_exit("Keepalive timeout"); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
468 } |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
469 } |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
470 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
471 if (opts.idle_timeout_secs > 0 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
929
diff
changeset
|
472 && now - ses.last_packet_time_idle >= opts.idle_timeout_secs) { |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
473 dropbear_close("Idle timeout"); |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
474 } |
26 | 475 } |
476 | |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
477 static long select_timeout() { |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
478 /* determine the minimum timeout that might be required, so |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
479 as to avoid waking when unneccessary */ |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
480 long ret = LONG_MAX; |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
481 if (KEX_REKEY_TIMEOUT > 0) |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
482 ret = MIN(KEX_REKEY_TIMEOUT, ret); |
926
b8208506322e
Use AUTH_TIMEOUT only before authdone != 1.
Yousong Zhou <yszhou4tech@gmail.com>
parents:
896
diff
changeset
|
483 /* AUTH_TIMEOUT is only relevant before authdone */ |
927 | 484 if (ses.authstate.authdone != 1 && AUTH_TIMEOUT > 0) |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
485 ret = MIN(AUTH_TIMEOUT, ret); |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
486 if (opts.keepalive_secs > 0) |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
487 ret = MIN(opts.keepalive_secs, ret); |
926
b8208506322e
Use AUTH_TIMEOUT only before authdone != 1.
Yousong Zhou <yszhou4tech@gmail.com>
parents:
896
diff
changeset
|
488 if (opts.idle_timeout_secs > 0) |
b8208506322e
Use AUTH_TIMEOUT only before authdone != 1.
Yousong Zhou <yszhou4tech@gmail.com>
parents:
896
diff
changeset
|
489 ret = MIN(opts.idle_timeout_secs, ret); |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
490 return ret; |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
491 } |
482
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
492 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
493 const char* get_user_shell() { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
494 /* an empty shell should be interpreted as "/bin/sh" */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
495 if (ses.authstate.pw_shell[0] == '\0') { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
496 return "/bin/sh"; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
497 } else { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
498 return ses.authstate.pw_shell; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
499 } |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
500 } |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
501 void fill_passwd(const char* username) { |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
502 struct passwd *pw = NULL; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
503 if (ses.authstate.pw_name) |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
504 m_free(ses.authstate.pw_name); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
505 if (ses.authstate.pw_dir) |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
506 m_free(ses.authstate.pw_dir); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
507 if (ses.authstate.pw_shell) |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
508 m_free(ses.authstate.pw_shell); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
509 if (ses.authstate.pw_passwd) |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
510 m_free(ses.authstate.pw_passwd); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
511 |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
512 pw = getpwnam(username); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
513 if (!pw) { |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
514 return; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
515 } |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
516 ses.authstate.pw_uid = pw->pw_uid; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
517 ses.authstate.pw_gid = pw->pw_gid; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
518 ses.authstate.pw_name = m_strdup(pw->pw_name); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
519 ses.authstate.pw_dir = m_strdup(pw->pw_dir); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
520 ses.authstate.pw_shell = m_strdup(pw->pw_shell); |
676
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
521 { |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
522 char *passwd_crypt = pw->pw_passwd; |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
523 #ifdef HAVE_SHADOW_H |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
524 /* get the shadow password if possible */ |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
525 struct spwd *spasswd = getspnam(ses.authstate.pw_name); |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
526 if (spasswd && spasswd->sp_pwdp) { |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
527 passwd_crypt = spasswd->sp_pwdp; |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
528 } |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
529 #endif |
705
2e573f39b88e
Android returns NULL for pw_crypt, set it to something else
Matt Johnston <matt@ucc.asn.au>
parents:
676
diff
changeset
|
530 if (!passwd_crypt) { |
2e573f39b88e
Android returns NULL for pw_crypt, set it to something else
Matt Johnston <matt@ucc.asn.au>
parents:
676
diff
changeset
|
531 /* android supposedly returns NULL */ |
2e573f39b88e
Android returns NULL for pw_crypt, set it to something else
Matt Johnston <matt@ucc.asn.au>
parents:
676
diff
changeset
|
532 passwd_crypt = "!!"; |
2e573f39b88e
Android returns NULL for pw_crypt, set it to something else
Matt Johnston <matt@ucc.asn.au>
parents:
676
diff
changeset
|
533 } |
676
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
534 ses.authstate.pw_passwd = m_strdup(passwd_crypt); |
0edf08895a33
Return immediate success for blank passwords if allowed
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
535 } |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
536 } |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
537 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
538 /* Called when channels are modified */ |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
539 void update_channel_prio() { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
540 enum dropbear_prio new_prio; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
541 int any = 0; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
542 unsigned int i; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
543 |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
544 TRACE(("update_channel_prio")) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
545 |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
546 new_prio = DROPBEAR_PRIO_BULK; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
547 for (i = 0; i < ses.chansize; i++) { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
548 struct Channel *channel = ses.channels[i]; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
549 if (!channel || channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
550 if (channel && channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
551 TRACE(("update_channel_prio: early %d", channel->index)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
552 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
553 continue; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
554 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
555 any = 1; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
556 if (channel->prio == DROPBEAR_CHANNEL_PRIO_INTERACTIVE) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
557 { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
558 TRACE(("update_channel_prio: lowdelay %d", channel->index)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
559 new_prio = DROPBEAR_PRIO_LOWDELAY; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
560 break; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
561 } else if (channel->prio == DROPBEAR_CHANNEL_PRIO_UNKNOWABLE |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
562 && new_prio == DROPBEAR_PRIO_BULK) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
563 { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
564 TRACE(("update_channel_prio: unknowable %d", channel->index)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
565 new_prio = DROPBEAR_PRIO_DEFAULT; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
566 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
567 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
568 |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
569 if (any == 0) { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
570 /* lowdelay during setup */ |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
571 TRACE(("update_channel_prio: not any")) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
572 new_prio = DROPBEAR_PRIO_LOWDELAY; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
573 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
574 |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
575 if (new_prio != ses.socket_prio) { |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
576 TRACE(("Dropbear priority transitioning %4.4s -> %4.4s", (char*)&ses.socket_prio, (char*)&new_prio)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
577 set_sock_priority(ses.sock_out, new_prio); |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
578 ses.socket_prio = new_prio; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
579 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
580 } |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
581 |