Mercurial > illumos > illumos-gate
changeset 4668:1dcee326c8bc
PSARC/2007/034 ssh/sshd resync with OpenSSH
6268400 resync ServerAlive functionality
author | jp161948 |
---|---|
date | Mon, 16 Jul 2007 11:49:21 -0700 |
parents | 2cb417b1d90c |
children | 2f90c21ad058 |
files | usr/src/cmd/ssh/include/clientloop.h usr/src/cmd/ssh/include/readconf.h usr/src/cmd/ssh/libssh/common/readconf.c usr/src/cmd/ssh/ssh/clientloop.c usr/src/cmd/ssh/ssh/ssh.c |
diffstat | 5 files changed, 61 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/ssh/include/clientloop.h Mon Jul 16 10:30:27 2007 -0700 +++ b/usr/src/cmd/ssh/include/clientloop.h Mon Jul 16 11:49:21 2007 -0700 @@ -47,7 +47,7 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); -void client_global_request_reply(int type, u_int32_t seq, void *ctxt); +void client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt); #ifdef __cplusplus }
--- a/usr/src/cmd/ssh/include/readconf.h Mon Jul 16 10:30:27 2007 -0700 +++ b/usr/src/cmd/ssh/include/readconf.h Mon Jul 16 11:49:21 2007 -0700 @@ -125,6 +125,8 @@ Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; int clear_forwardings; int no_host_authentication_for_localhost; + int server_alive_interval; + int server_alive_count_max; } Options;
--- a/usr/src/cmd/ssh/libssh/common/readconf.c Mon Jul 16 10:30:27 2007 -0700 +++ b/usr/src/cmd/ssh/libssh/common/readconf.c Mon Jul 16 11:49:21 2007 -0700 @@ -127,6 +127,7 @@ oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, oFallBackToRsh, oUseRsh, oConnectTimeout, + oServerAliveInterval, oServerAliveCountMax, oDeprecated } OpCodes; @@ -213,6 +214,8 @@ { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "connecttimeout", oConnectTimeout }, + { "serveraliveinterval", oServerAliveInterval }, + { "serveralivecountmax", oServerAliveCountMax }, { NULL, oBadOption } }; @@ -739,6 +742,14 @@ *intptr = value; break; + case oServerAliveInterval: + intptr = &options->server_alive_interval; + goto parse_time; + + case oServerAliveCountMax: + intptr = &options->server_alive_count_max; + goto parse_int; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -875,6 +886,8 @@ options->no_host_authentication_for_localhost = - 1; options->fallback_to_rsh = -1; options->use_rsh = -1; + options->server_alive_interval = -1; + options->server_alive_count_max = -1; } /* @@ -1005,6 +1018,10 @@ options->fallback_to_rsh = 0; if (options->use_rsh == - 1) options->use_rsh = 0; + if (options->server_alive_interval == -1) + options->server_alive_interval = 0; + if (options->server_alive_count_max == -1) + options->server_alive_count_max = 3; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */
--- a/usr/src/cmd/ssh/ssh/clientloop.c Mon Jul 16 10:30:27 2007 -0700 +++ b/usr/src/cmd/ssh/ssh/clientloop.c Mon Jul 16 11:49:21 2007 -0700 @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* @@ -125,11 +125,12 @@ static Buffer stdout_buffer; /* Buffer for stdout data. */ static Buffer stderr_buffer; /* Buffer for stderr data. */ static u_long stdin_bytes, stdout_bytes, stderr_bytes; -static u_int buffer_high;/* Soft max buffer size. */ +static u_int buffer_high; /* Soft max buffer size. */ static int connection_in; /* Connection to server (input). */ static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed = 0; /* In SSH2: login session closed. */ +static int server_alive_timeouts = 0; /* Number of outstanding alive packets. */ static void client_init_dispatch(void); int session_ident = -1; @@ -318,6 +319,26 @@ } } +static void +client_global_request_reply(int type, u_int32_t seq, void *ctxt) +{ + server_alive_timeouts = 0; + client_global_request_reply_fwd(type, seq, ctxt); +} + +static void +server_alive_check(void) +{ + if (++server_alive_timeouts > options.server_alive_count_max) { + log("Timeout, server not responding."); + fatal_cleanup(); + } + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("keepalive@openssh.com"); + packet_put_char(1); /* boolean: want reply */ + packet_send(); +} + /* * Waits until the client can do something (some data becomes available on * one of the file descriptors). @@ -327,6 +348,9 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int *nallocp, int rekeying) { + struct timeval tv, *tvp; + int ret; + /* Add any selections by the channel mechanism. */ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); @@ -368,13 +392,18 @@ /* * Wait for something to happen. This will suspend the process until * some selected descriptor can be read, written, or has some other - * event pending. Note: if you want to implement SSH_MSG_IGNORE - * messages to fool traffic analysis, this might be the place to do - * it: just have a random timeout for the select, and send a random - * SSH_MSG_IGNORE packet when the timeout expires. + * event pending. */ - if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) { + if (options.server_alive_interval == 0 || !compat20) + tvp = NULL; + else { + tv.tv_sec = options.server_alive_interval; + tv.tv_usec = 0; + tvp = &tv; + } + ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); + if (ret < 0) { char buf[100]; /* @@ -391,7 +420,8 @@ snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); buffer_append(&stderr_buffer, buf, strlen(buf)); quit_pending = 1; - } + } else if (ret == 0) + server_alive_check(); } static void
--- a/usr/src/cmd/ssh/ssh/ssh.c Mon Jul 16 10:30:27 2007 -0700 +++ b/usr/src/cmd/ssh/ssh/ssh.c Mon Jul 16 11:49:21 2007 -0700 @@ -39,7 +39,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1049,16 +1049,13 @@ } void -client_global_request_reply(int type, u_int32_t seq, void *ctxt) +client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) { int i; i = client_global_request_id++; - if (i >= options.num_remote_forwards) { - debug("client_global_request_reply: too many replies %d > %d", - i, options.num_remote_forwards); + if (i >= options.num_remote_forwards) return; - } debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", options.remote_forwards[i].port,