diff options
-rw-r--r-- | common-session.c | 6 | ||||
-rw-r--r-- | session.h | 10 | ||||
-rw-r--r-- | svr-auth.c | 3 | ||||
-rw-r--r-- | svr-session.c | 12 |
4 files changed, 14 insertions, 17 deletions
diff --git a/common-session.c b/common-session.c index 8ec7516..f2ccdf7 100644 --- a/common-session.c +++ b/common-session.c @@ -76,6 +76,7 @@ void common_session_init(int sock_in, int sock_out) { update_channel_prio(); now = monotonic_now(); + ses.connect_time = now; ses.last_packet_time_keepalive_recv = now; ses.last_packet_time_idle = now; ses.last_packet_time_any_sent = 0; @@ -486,6 +487,11 @@ static void checktimeouts() { time_t now; now = monotonic_now(); + if (IS_DROPBEAR_SERVER && ses.connect_time != 0 + && now - ses.connect_time >= AUTH_TIMEOUT) { + dropbear_close("Timeout before auth"); + } + /* we can't rekey if we haven't done remote ident exchange yet */ if (ses.remoteident == NULL) { return; @@ -109,6 +109,11 @@ struct sshsession { /* Is it a client or server? */ unsigned char isserver; + time_t connect_time; /* time the connection was established + (cleared after auth once we're not + respecting AUTH_TIMEOUT any more). + A monotonic time, not realworld */ + int sock_in; int sock_out; @@ -231,11 +236,6 @@ struct serversession { /* The resolved remote address, used for lastlog etc */ char *remotehost; - time_t connect_time; /* time the connection was established - (cleared after auth once we're not - respecting AUTH_TIMEOUT any more). - A monotonic time, not realworld */ - #ifdef USE_VFORK pid_t server_pid; #endif @@ -392,7 +392,8 @@ void send_msg_userauth_success() { /* authdone must be set after encrypt_packet() for * delayed-zlib mode */ ses.authstate.authdone = 1; - svr_ses.connect_time = 0; + ses.connect_time = 0; + if (ses.authstate.pw_uid == 0) { ses.allowprivport = 1; diff --git a/svr-session.c b/svr-session.c index d638d59..ea9ca7e 100644 --- a/svr-session.c +++ b/svr-session.c @@ -88,22 +88,12 @@ svr_session_cleanup(void) { svr_ses.childpidsize = 0; } -static void -svr_sessionloop() { - if (svr_ses.connect_time != 0 - && monotonic_now() - svr_ses.connect_time >= AUTH_TIMEOUT) { - dropbear_close("Timeout before auth"); - } -} - void svr_session(int sock, int childpipe) { char *host, *port; size_t len; common_session_init(sock, sock); - svr_ses.connect_time = monotonic_now();; - /* Initialise server specific parts of the session */ svr_ses.childpipe = childpipe; #ifdef USE_VFORK @@ -146,7 +136,7 @@ void svr_session(int sock, int childpipe) { /* Run the main for loop. NULL is for the dispatcher - only the client * code makes use of it */ - session_loop(svr_sessionloop); + session_loop(NULL); /* Not reached */ |