Mercurial > dropbear

changeset 1139:43a8ea69b24c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix problem where auth timeout wasn't checked when waiting for ident
author Matt Johnston <matt@ucc.asn.au>
date Mon, 03 Aug 2015 21:59:40 +0800
parents cc3916a7afd9
children f6d3a16ecc71
files common-session.c session.h svr-auth.c svr-session.c
diffstat 4 files changed, 14 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/common-session.c	Mon Aug 03 21:17:23 2015 +0800
+++ b/common-session.c	Mon Aug 03 21:59:40 2015 +0800
@@ -76,6 +76,7 @@
 	update_channel_prio();
 
 	now = monotonic_now();
+	ses.connect_time = now;
 	ses.last_packet_time_keepalive_recv = now;
 	ses.last_packet_time_idle = now;
 	ses.last_packet_time_any_sent = 0;
@@ -486,6 +487,11 @@
 	time_t now;
 	now = monotonic_now();
 	
+	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
+		&& now - ses.connect_time >= AUTH_TIMEOUT) {
+			dropbear_close("Timeout before auth");
+	}
+
 	/* we can't rekey if we haven't done remote ident exchange yet */
 	if (ses.remoteident == NULL) {
 		return;
--- a/session.h	Mon Aug 03 21:17:23 2015 +0800
+++ b/session.h	Mon Aug 03 21:59:40 2015 +0800
@@ -109,6 +109,11 @@
 	/* Is it a client or server? */
 	unsigned char isserver;
 
+	time_t connect_time; /* time the connection was established
+							(cleared after auth once we're not
+							respecting AUTH_TIMEOUT any more).
+							A monotonic time, not realworld */
+
 	int sock_in;
 	int sock_out;
 
@@ -231,11 +236,6 @@
 	/* The resolved remote address, used for lastlog etc */
 	char *remotehost;
 
-	time_t connect_time; /* time the connection was established
-							(cleared after auth once we're not
-							respecting AUTH_TIMEOUT any more).
-							A monotonic time, not realworld */
-
 #ifdef USE_VFORK
 	pid_t server_pid;
 #endif
--- a/svr-auth.c	Mon Aug 03 21:17:23 2015 +0800
+++ b/svr-auth.c	Mon Aug 03 21:59:40 2015 +0800
@@ -392,7 +392,8 @@
 	/* authdone must be set after encrypt_packet() for 
 	 * delayed-zlib mode */
 	ses.authstate.authdone = 1;
-	svr_ses.connect_time = 0;
+	ses.connect_time = 0;
+
 
 	if (ses.authstate.pw_uid == 0) {
 		ses.allowprivport = 1;
--- a/svr-session.c	Mon Aug 03 21:17:23 2015 +0800
+++ b/svr-session.c	Mon Aug 03 21:59:40 2015 +0800
@@ -88,22 +88,12 @@
 	svr_ses.childpidsize = 0;
 }
 
-static void
-svr_sessionloop() {
-	if (svr_ses.connect_time != 0 
-		&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
-		dropbear_close("Timeout before auth");
-	}
-}
-
 void svr_session(int sock, int childpipe) {
 	char *host, *port;
 	size_t len;
 
 	common_session_init(sock, sock);
 
-	svr_ses.connect_time = monotonic_now();;
-
 	/* Initialise server specific parts of the session */
 	svr_ses.childpipe = childpipe;
 #ifdef USE_VFORK
@@ -146,7 +136,7 @@
 
 	/* Run the main for loop. NULL is for the dispatcher - only the client
 	 * code makes use of it */
-	session_loop(svr_sessionloop);
+	session_loop(NULL);
 
 	/* Not reached */