Mercurial > illumos > illumos-gate

changeset 4668:1dcee326c8bc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PSARC/2007/034 ssh/sshd resync with OpenSSH 6268400 resync ServerAlive functionality
author jp161948
date Mon, 16 Jul 2007 11:49:21 -0700
parents 2cb417b1d90c
children 2f90c21ad058
files usr/src/cmd/ssh/include/clientloop.h usr/src/cmd/ssh/include/readconf.h usr/src/cmd/ssh/libssh/common/readconf.c usr/src/cmd/ssh/ssh/clientloop.c usr/src/cmd/ssh/ssh/ssh.c
diffstat 5 files changed, 61 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/ssh/include/clientloop.h	Mon Jul 16 10:30:27 2007 -0700
+++ b/usr/src/cmd/ssh/include/clientloop.h	Mon Jul 16 11:49:21 2007 -0700
@@ -47,7 +47,7 @@
 
 /* Client side main loop for the interactive session. */
 int	 client_loop(int, int, int);
-void	 client_global_request_reply(int type, u_int32_t seq, void *ctxt);
+void	 client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt);
 
 #ifdef __cplusplus
 }
--- a/usr/src/cmd/ssh/include/readconf.h	Mon Jul 16 10:30:27 2007 -0700
+++ b/usr/src/cmd/ssh/include/readconf.h	Mon Jul 16 11:49:21 2007 -0700
@@ -125,6 +125,8 @@
 	Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
 	int	clear_forwardings;
 	int	no_host_authentication_for_localhost;
+	int	server_alive_interval;
+	int	server_alive_count_max;
 }       Options;
 
 
--- a/usr/src/cmd/ssh/libssh/common/readconf.c	Mon Jul 16 10:30:27 2007 -0700
+++ b/usr/src/cmd/ssh/libssh/common/readconf.c	Mon Jul 16 11:49:21 2007 -0700
@@ -127,6 +127,7 @@
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
 	oFallBackToRsh, oUseRsh, oConnectTimeout,
+	oServerAliveInterval, oServerAliveCountMax,
 	oDeprecated
 } OpCodes;
 
@@ -213,6 +214,8 @@
 	{ "clearallforwardings", oClearAllForwardings },
 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
 	{ "connecttimeout", oConnectTimeout },
+	{ "serveraliveinterval", oServerAliveInterval },
+	{ "serveralivecountmax", oServerAliveCountMax },
 	{ NULL, oBadOption }
 };
 
@@ -739,6 +742,14 @@
 			*intptr = value;
 		break;
 
+	case oServerAliveInterval:
+		intptr = &options->server_alive_interval;
+		goto parse_time;
+
+	case oServerAliveCountMax:
+		intptr = &options->server_alive_count_max;
+		goto parse_int;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -875,6 +886,8 @@
 	options->no_host_authentication_for_localhost = - 1;
 	options->fallback_to_rsh = -1;
 	options->use_rsh = -1;
+	options->server_alive_interval = -1;
+	options->server_alive_count_max = -1;
 }
 
 /*
@@ -1005,6 +1018,10 @@
 		options->fallback_to_rsh = 0;
 	if (options->use_rsh == - 1)
 		options->use_rsh = 0;
+	if (options->server_alive_interval == -1)
+		options->server_alive_interval = 0;
+	if (options->server_alive_count_max == -1)
+		options->server_alive_count_max = 3;
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */
--- a/usr/src/cmd/ssh/ssh/clientloop.c	Mon Jul 16 10:30:27 2007 -0700
+++ b/usr/src/cmd/ssh/ssh/clientloop.c	Mon Jul 16 11:49:21 2007 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 /*
@@ -125,11 +125,12 @@
 static Buffer stdout_buffer;	/* Buffer for stdout data. */
 static Buffer stderr_buffer;	/* Buffer for stderr data. */
 static u_long stdin_bytes, stdout_bytes, stderr_bytes;
-static u_int buffer_high;/* Soft max buffer size. */
+static u_int buffer_high;	/* Soft max buffer size. */
 static int connection_in;	/* Connection to server (input). */
 static int connection_out;	/* Connection to server (output). */
 static int need_rekeying;	/* Set to non-zero if rekeying is requested. */
 static int session_closed = 0;	/* In SSH2: login session closed. */
+static int server_alive_timeouts = 0; /* Number of outstanding alive packets. */
 
 static void client_init_dispatch(void);
 int	session_ident = -1;
@@ -318,6 +319,26 @@
 	}
 }
 
+static void
+client_global_request_reply(int type, u_int32_t seq, void *ctxt)
+{
+	server_alive_timeouts = 0;
+	client_global_request_reply_fwd(type, seq, ctxt);
+}
+
+static void
+server_alive_check(void)
+{
+	if (++server_alive_timeouts > options.server_alive_count_max) {
+		log("Timeout, server not responding.");
+		fatal_cleanup();
+	}
+	packet_start(SSH2_MSG_GLOBAL_REQUEST);
+	packet_put_cstring("keepalive@openssh.com");
+	packet_put_char(1);     /* boolean: want reply */
+	packet_send();
+}
+
 /*
  * Waits until the client can do something (some data becomes available on
  * one of the file descriptors).
@@ -327,6 +348,9 @@
 client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
     int *maxfdp, int *nallocp, int rekeying)
 {
+	struct timeval tv, *tvp;
+	int ret;
+
 	/* Add any selections by the channel mechanism. */
 	channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
 
@@ -368,13 +392,18 @@
 	/*
 	 * Wait for something to happen.  This will suspend the process until
 	 * some selected descriptor can be read, written, or has some other
-	 * event pending. Note: if you want to implement SSH_MSG_IGNORE
-	 * messages to fool traffic analysis, this might be the place to do
-	 * it: just have a random timeout for the select, and send a random
-	 * SSH_MSG_IGNORE packet when the timeout expires.
+	 * event pending.
 	 */
 
-	if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) {
+	if (options.server_alive_interval == 0 || !compat20)
+		tvp = NULL;
+	else {
+		tv.tv_sec = options.server_alive_interval;
+		tv.tv_usec = 0;
+		tvp = &tv;
+	}
+	ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
+	if (ret < 0) {
 		char buf[100];
 
 		/*
@@ -391,7 +420,8 @@
 		snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
 		buffer_append(&stderr_buffer, buf, strlen(buf));
 		quit_pending = 1;
-	}
+	} else if (ret == 0)
+		server_alive_check();
 }
 
 static void
--- a/usr/src/cmd/ssh/ssh/ssh.c	Mon Jul 16 10:30:27 2007 -0700
+++ b/usr/src/cmd/ssh/ssh/ssh.c	Mon Jul 16 11:49:21 2007 -0700
@@ -39,7 +39,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -1049,16 +1049,13 @@
 }
 
 void
-client_global_request_reply(int type, u_int32_t seq, void *ctxt)
+client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
 {
 	int i;
 
 	i = client_global_request_id++;
-	if (i >= options.num_remote_forwards) {
-		debug("client_global_request_reply: too many replies %d > %d",
-		    i, options.num_remote_forwards);
+	if (i >= options.num_remote_forwards)
 		return;
-	}
 	debug("remote forward %s for: listen %d, connect %s:%d",
 	    type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
 	    options.remote_forwards[i].port,