Mercurial > dropbear

changeset 940:e9dfb6d15193

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix auth timeout regression
author Matt Johnston <matt@ucc.asn.au>
date Wed, 09 Jul 2014 22:02:22 +0800
parents a0819ecfee0b
children 5daedffd0769
files common-session.c session.h svr-auth.c svr-session.c
diffstat 4 files changed, 17 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/common-session.c	Wed Jul 09 00:15:20 2014 +0800
+++ b/common-session.c	Wed Jul 09 22:02:22 2014 +0800
@@ -60,7 +60,6 @@
 	ses.maxfd = MAX(sock_in, sock_out);
 
 	now = monotonic_now();
-	ses.connect_time = now;
 	ses.last_packet_time_keepalive_recv = now;
 	ses.last_packet_time_idle = now;
 	ses.last_packet_time_any_sent = 0;
@@ -415,10 +414,6 @@
 	time_t now;
 	now = monotonic_now();
 	
-	if (now - ses.connect_time >= AUTH_TIMEOUT) {
-			dropbear_close("Timeout before auth");
-	}
-
 	/* we can't rekey if we haven't done remote ident exchange yet */
 	if (ses.remoteident == NULL) {
 		return;
--- a/session.h	Wed Jul 09 00:15:20 2014 +0800
+++ b/session.h	Wed Jul 09 22:02:22 2014 +0800
@@ -104,11 +104,6 @@
 	/* Is it a client or server? */
 	unsigned char isserver;
 
-	time_t connect_time; /* time the connection was established
-							(cleared after auth once we're not
-							respecting AUTH_TIMEOUT any more).
-							A monotonic time, not realworld */
-
 	int sock_in;
 	int sock_out;
 
@@ -221,6 +216,11 @@
 	/* The resolved remote address, used for lastlog etc */
 	char *remotehost;
 
+	time_t connect_time; /* time the connection was established
+							(cleared after auth once we're not
+							respecting AUTH_TIMEOUT any more).
+							A monotonic time, not realworld */
+
 #ifdef USE_VFORK
 	pid_t server_pid;
 #endif
--- a/svr-auth.c	Wed Jul 09 00:15:20 2014 +0800
+++ b/svr-auth.c	Wed Jul 09 22:02:22 2014 +0800
@@ -392,8 +392,7 @@
 	/* authdone must be set after encrypt_packet() for 
 	 * delayed-zlib mode */
 	ses.authstate.authdone = 1;
-	ses.connect_time = 0;
-
+	svr_ses.connect_time = 0;
 
 	if (ses.authstate.pw_uid == 0) {
 		ses.allowprivport = 1;
--- a/svr-session.c	Wed Jul 09 00:15:20 2014 +0800
+++ b/svr-session.c	Wed Jul 09 22:02:22 2014 +0800
@@ -80,12 +80,22 @@
 	svr_pubkey_options_cleanup();
 }
 
+static void
+svr_sessionloop() {
+	if (svr_ses.connect_time != 0 
+		&& monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) {
+		dropbear_close("Timeout before auth");
+	}
+}
+
 void svr_session(int sock, int childpipe) {
 	char *host, *port;
 	size_t len;
 
 	common_session_init(sock, sock);
 
+	svr_ses.connect_time = monotonic_now();;
+
 	/* Initialise server specific parts of the session */
 	svr_ses.childpipe = childpipe;
 #ifdef USE_VFORK
@@ -126,7 +136,7 @@
 
 	/* Run the main for loop. NULL is for the dispatcher - only the client
 	 * code makes use of it */
-	session_loop(NULL);
+	session_loop(svr_sessionloop);
 
 	/* Not reached */