changeset 1139:43a8ea69b24c

Fix problem where auth timeout wasn't checked when waiting for ident
author Matt Johnston <matt@ucc.asn.au>
date Mon, 03 Aug 2015 21:59:40 +0800
parents cc3916a7afd9
children f6d3a16ecc71
files common-session.c session.h svr-auth.c svr-session.c
diffstat 4 files changed, 14 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/common-session.c	Mon Aug 03 21:17:23 2015 +0800
+++ b/common-session.c	Mon Aug 03 21:59:40 2015 +0800
@@ -76,6 +76,7 @@
 	update_channel_prio();
 
 	now = monotonic_now();
+	ses.connect_time = now;
 	ses.last_packet_time_keepalive_recv = now;
 	ses.last_packet_time_idle = now;
 	ses.last_packet_time_any_sent = 0;
@@ -486,6 +487,11 @@
 	time_t now;
 	now = monotonic_now();
 	
+	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
+		&& now - ses.connect_time >= AUTH_TIMEOUT) {
+			dropbear_close("Timeout before auth");
+	}
+
 	/* we can't rekey if we haven't done remote ident exchange yet */
 	if (ses.remoteident == NULL) {
 		return;
--- a/session.h	Mon Aug 03 21:17:23 2015 +0800
+++ b/session.h	Mon Aug 03 21:59:40 2015 +0800
@@ -109,6 +109,11 @@
 	/* Is it a client or server? */
 	unsigned char isserver;
 
+	time_t connect_time; /* time the connection was established
+							(cleared after auth once we're not
+							respecting AUTH_TIMEOUT any more).
+							A monotonic time, not realworld */
+
 	int sock_in;
 	int sock_out;
 
@@ -231,11 +236,6 @@
 	/* The resolved remote address, used for lastlog etc */
 	char *remotehost;
 
-	time_t connect_time; /* time the connection was established
-							(cleared after auth once we're not
-							respecting AUTH_TIMEOUT any more).
-							A monotonic time, not realworld */
-
 #ifdef USE_VFORK
 	pid_t server_pid;
 #endif
--- a/svr-auth.c	Mon Aug 03 21:17:23 2015 +0800
+++ b/svr-auth.c	Mon Aug 03 21:59:40 2015 +0800
@@ -392,7 +392,8 @@
 	/* authdone must be set after encrypt_packet() for 
 	 * delayed-zlib mode */
 	ses.authstate.authdone = 1;
-	svr_ses.connect_time = 0;
+	ses.connect_time = 0;
+
 
 	if (ses.authstate.pw_uid == 0) {
 		ses.allowprivport = 1;
--- a/svr-session.c	Mon Aug 03 21:17:23 2015 +0800
+++ b/svr-session.c	Mon Aug 03 21:59:40 2015 +0800
@@ -88,22 +88,12 @@
 	svr_ses.childpidsize = 0;
 }
 
-static void
-svr_sessionloop() {
-	if (svr_ses.connect_time != 0 
-		&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
-		dropbear_close("Timeout before auth");
-	}
-}
-
 void svr_session(int sock, int childpipe) {
 	char *host, *port;
 	size_t len;
 
 	common_session_init(sock, sock);
 
-	svr_ses.connect_time = monotonic_now();;
-
 	/* Initialise server specific parts of the session */
 	svr_ses.childpipe = childpipe;
 #ifdef USE_VFORK
@@ -146,7 +136,7 @@
 
 	/* Run the main for loop. NULL is for the dispatcher - only the client
 	 * code makes use of it */
-	session_loop(svr_sessionloop);
+	session_loop(NULL);
 
 	/* Not reached */