# HG changeset patch # User Matt Johnston # Date 1404914542 -28800 # Node ID e9dfb6d15193cee96bcf6635e748de262987b63b # Parent a0819ecfee0b774bb599125bef964d6c00c0a50e Fix auth timeout regression diff -r a0819ecfee0b -r e9dfb6d15193 common-session.c --- a/common-session.c Wed Jul 09 00:15:20 2014 +0800 +++ b/common-session.c Wed Jul 09 22:02:22 2014 +0800 @@ -60,7 +60,6 @@ ses.maxfd = MAX(sock_in, sock_out); now = monotonic_now(); - ses.connect_time = now; ses.last_packet_time_keepalive_recv = now; ses.last_packet_time_idle = now; ses.last_packet_time_any_sent = 0; @@ -415,10 +414,6 @@ time_t now; now = monotonic_now(); - if (now - ses.connect_time >= AUTH_TIMEOUT) { - dropbear_close("Timeout before auth"); - } - /* we can't rekey if we haven't done remote ident exchange yet */ if (ses.remoteident == NULL) { return; diff -r a0819ecfee0b -r e9dfb6d15193 session.h --- a/session.h Wed Jul 09 00:15:20 2014 +0800 +++ b/session.h Wed Jul 09 22:02:22 2014 +0800 @@ -104,11 +104,6 @@ /* Is it a client or server? */ unsigned char isserver; - time_t connect_time; /* time the connection was established - (cleared after auth once we're not - respecting AUTH_TIMEOUT any more). - A monotonic time, not realworld */ - int sock_in; int sock_out; @@ -221,6 +216,11 @@ /* The resolved remote address, used for lastlog etc */ char *remotehost; + time_t connect_time; /* time the connection was established + (cleared after auth once we're not + respecting AUTH_TIMEOUT any more). + A monotonic time, not realworld */ + #ifdef USE_VFORK pid_t server_pid; #endif diff -r a0819ecfee0b -r e9dfb6d15193 svr-auth.c --- a/svr-auth.c Wed Jul 09 00:15:20 2014 +0800 +++ b/svr-auth.c Wed Jul 09 22:02:22 2014 +0800 @@ -392,8 +392,7 @@ /* authdone must be set after encrypt_packet() for * delayed-zlib mode */ ses.authstate.authdone = 1; - ses.connect_time = 0; - + svr_ses.connect_time = 0; if (ses.authstate.pw_uid == 0) { ses.allowprivport = 1; diff -r a0819ecfee0b -r e9dfb6d15193 svr-session.c --- a/svr-session.c Wed Jul 09 00:15:20 2014 +0800 +++ b/svr-session.c Wed Jul 09 22:02:22 2014 +0800 @@ -80,12 +80,22 @@ svr_pubkey_options_cleanup(); } +static void +svr_sessionloop() { + if (svr_ses.connect_time != 0 + && monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) { + dropbear_close("Timeout before auth"); + } +} + void svr_session(int sock, int childpipe) { char *host, *port; size_t len; common_session_init(sock, sock); + svr_ses.connect_time = monotonic_now();; + /* Initialise server specific parts of the session */ svr_ses.childpipe = childpipe; #ifdef USE_VFORK @@ -126,7 +136,7 @@ /* Run the main for loop. NULL is for the dispatcher - only the client * code makes use of it */ - session_loop(NULL); + session_loop(svr_sessionloop); /* Not reached */