Attachment #1473 for bug #1090

Lines 112-117 Link Here

(-)openssh-4.7p1.orig/servconf.c (-1 / +9 lines)
112	options->max_startups_rate = -1;	112	options->max_startups_rate = -1;
113	options->max_startups = -1;	113	options->max_startups = -1;
114	options->max_authtries = -1;	114	options->max_authtries = -1;
		115	options->max_sessions = -1;
115	options->banner = NULL;	116	options->banner = NULL;
116	options->use_dns = -1;	117	options->use_dns = -1;
117	options->client_alive_interval = -1;	118	options->client_alive_interval = -1;
Lines 232-237 Link Here
232	options->max_startups_begin = options->max_startups;	233	options->max_startups_begin = options->max_startups;
233	if (options->max_authtries == -1)	234	if (options->max_authtries == -1)
234	options->max_authtries = DEFAULT_AUTH_FAIL_MAX;	235	options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
		236	if (options->max_sessions == -1)
		237	options->max_sessions = DEFAULT_SESSIONS_MAX;
235	if (options->use_dns == -1)	238	if (options->use_dns == -1)
236	options->use_dns = 1;	239	options->use_dns = 1;
237	if (options->client_alive_interval == -1)	240	if (options->client_alive_interval == -1)
Lines 286-292 Link Here
286	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	289	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
287	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,	290	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
288	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,	291	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
289	sMaxStartups, sMaxAuthTries,	292	sMaxStartups, sMaxAuthTries, sMaxSessions,
290	sBanner, sUseDNS, sHostbasedAuthentication,	293	sBanner, sUseDNS, sHostbasedAuthentication,
291	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,	294	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
292	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	295	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
Lines 389-394 Link Here
389	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },	392	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
390	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },	393	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
391	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },	394	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
		395	{ "maxsessions", sMaxSessions, SSHCFG_GLOBAL },
392	{ "banner", sBanner, SSHCFG_ALL },	396	{ "banner", sBanner, SSHCFG_ALL },
393	{ "usedns", sUseDNS, SSHCFG_GLOBAL },	397	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
394	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },	398	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
Lines 1142-1147 Link Here
1142	intptr = &options->max_authtries;	1146	intptr = &options->max_authtries;
1143	goto parse_int;	1147	goto parse_int;
1144		1148
		1149	case sMaxSessions:
		1150	intptr = &options->max_sessions;
		1151	goto parse_int;
		1152
1145	case sBanner:	1153	case sBanner:
1146	charptr = &options->banner;	1154	charptr = &options->banner;
1147	goto parse_filename;	1155	goto parse_filename;

Lines 35-40 Link Here

(-)openssh-4.7p1.orig/servconf.h (+2 lines)
35	#define PERMIT_YES 3	35	#define PERMIT_YES 3
36		36
37	#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */	37	#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
		38	#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
38		39
39	typedef struct {	40	typedef struct {
40	u_int num_ports;	41	u_int num_ports;
Lines 119-124 Link Here
119	int max_startups_rate;	120	int max_startups_rate;
120	int max_startups;	121	int max_startups;
121	int max_authtries;	122	int max_authtries;
		123	int max_sessions;
122	char banner; / SSH-2 banner message */	124	char banner; / SSH-2 banner message */
123	int use_dns;	125	int use_dns;
124	int client_alive_interval; /*	126	int client_alive_interval; /*




const char *original_command = NULL;

/* data */
static Session	*sessions = NULL;
Session	sessions[MAX_SESSIONS];

#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;

session_new(void)
{
	int i;
	if (sessions == NULL) {
		debug("session_new: init %d sessions", options.max_sessions);
		sessions = xcalloc(options.max_sessions, sizeof(Session));
		for (i = 0; i < MAX_SESSIONS; i++) {
			sessions[i].used = 0;
		}
		did_init = 1;
	}
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		if (! s->used) {
			memset(s, 0, sizeof(*s));

session_dump(void)
{
	int i;
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		debug("dump: used %d session %d %p channel %d pid %ld",
		    s->used,

session_by_tty(char *tty)
{
	int i;
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
			debug("session_by_tty: session %d tty %s", i, tty);

session_by_channel(int id)
{
	int i;
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->chanid == id) {
			debug("session_by_channel: session %d channel %d", i, id);

{
	int i, j;

	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];

		if (s->x11_chanids == NULL || !s->used)

{
	int i;
	debug("session_by_pid: pid %ld", (long)pid);
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->pid == pid)
			return s;

session_destroy_all(void (*closefunc)(Session *))
{
	int i;
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used) {
			if (closefunc != NULL)

	char *cp;

	buf[0] = '\0';
	for (i = 0; i < options.max_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->ttyfd != -1) {


Lines 41-46 Link Here

(-)openssh-4.7p1.orig/sshd_config (+1 lines)
41	#PermitRootLogin yes	41	#PermitRootLogin yes
42	#StrictModes yes	42	#StrictModes yes
43	#MaxAuthTries 6	43	#MaxAuthTries 6
		44	#MaxSessions 10
44		45
45	#RSAAuthentication yes	46	#RSAAuthentication yes
46	#PubkeyAuthentication yes	47	#PubkeyAuthentication yes

Lines 535-540 Link Here

(-)openssh-4.7p1.orig/sshd_config.5 (+3 lines)
535	Once the number of failures reaches half this value,	535	Once the number of failures reaches half this value,
536	additional failures are logged.	536	additional failures are logged.
537	The default is 6.	537	The default is 6.
		538	.It Cm MaxSessions
		539	Specifies the maximum number of open sessions permitted per network connection.
		540	The default is 10.
538	.It Cm MaxStartups	541	.It Cm MaxStartups
539	Specifies the maximum number of concurrent unauthenticated connections to the	542	Specifies the maximum number of concurrent unauthenticated connections to the
540	SSH daemon.	543	SSH daemon.

Return to bug 1090

Lines 129-136 Link Here

(-)openssh-4.7p1.orig/session.c (-17 / +12 lines)
129	const char *original_command = NULL;	129	const char *original_command = NULL;
130		130
131	/* data */	131	/* data */
132	#define MAX_SESSIONS 10	132	static Session *sessions = NULL;
133	Session sessions[MAX_SESSIONS];
134		133
135	#ifdef HAVE_LOGIN_CAP	134	#ifdef HAVE_LOGIN_CAP
136	login_cap_t *lc;	135	login_cap_t *lc;
Lines 1656-1670 Link Here
1656	session_new(void)	1655	session_new(void)
1657	{	1656	{
1658	int i;	1657	int i;
1659	static int did_init = 0;	1658	if (sessions == NULL) {
1660	if (!did_init) {	1659	debug("session_new: init %d sessions", options.max_sessions);
1661	debug("session_new: init");	1660	sessions = xcalloc(options.max_sessions, sizeof(Session));
1662	for (i = 0; i < MAX_SESSIONS; i++) {
1663	sessions[i].used = 0;
1664	}
1665	did_init = 1;
1666	}	1661	}
1667	for (i = 0; i < MAX_SESSIONS; i++) {	1662	for (i = 0; i < options.max_sessions; i++) {
1668	Session *s = &sessions[i];	1663	Session *s = &sessions[i];
1669	if (! s->used) {	1664	if (! s->used) {
1670	memset(s, 0, sizeof(*s));	1665	memset(s, 0, sizeof(*s));
Lines 1685-1691 Link Here
1685	session_dump(void)	1680	session_dump(void)
1686	{	1681	{
1687	int i;	1682	int i;
1688	for (i = 0; i < MAX_SESSIONS; i++) {	1683	for (i = 0; i < options.max_sessions; i++) {
1689	Session *s = &sessions[i];	1684	Session *s = &sessions[i];
1690	debug("dump: used %d session %d %p channel %d pid %ld",	1685	debug("dump: used %d session %d %p channel %d pid %ld",
1691	s->used,	1686	s->used,
Lines 1718-1724 Link Here
1718	session_by_tty(char *tty)	1713	session_by_tty(char *tty)
1719	{	1714	{
1720	int i;	1715	int i;
1721	for (i = 0; i < MAX_SESSIONS; i++) {	1716	for (i = 0; i < options.max_sessions; i++) {
1722	Session *s = &sessions[i];	1717	Session *s = &sessions[i];
1723	if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {	1718	if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
1724	debug("session_by_tty: session %d tty %s", i, tty);	1719	debug("session_by_tty: session %d tty %s", i, tty);
Lines 1734-1740 Link Here
1734	session_by_channel(int id)	1729	session_by_channel(int id)
1735	{	1730	{
1736	int i;	1731	int i;
1737	for (i = 0; i < MAX_SESSIONS; i++) {	1732	for (i = 0; i < options.max_sessions; i++) {
1738	Session *s = &sessions[i];	1733	Session *s = &sessions[i];
1739	if (s->used && s->chanid == id) {	1734	if (s->used && s->chanid == id) {
1740	debug("session_by_channel: session %d channel %d", i, id);	1735	debug("session_by_channel: session %d channel %d", i, id);
Lines 1751-1757 Link Here
1751	{	1746	{
1752	int i, j;	1747	int i, j;
1753		1748
1754	for (i = 0; i < MAX_SESSIONS; i++) {	1749	for (i = 0; i < options.max_sessions; i++) {
1755	Session *s = &sessions[i];	1750	Session *s = &sessions[i];
1756		1751
1757	if (s->x11_chanids == NULL \|\| !s->used)	1752	if (s->x11_chanids == NULL \|\| !s->used)
Lines 1774-1780 Link Here
1774	{	1769	{
1775	int i;	1770	int i;
1776	debug("session_by_pid: pid %ld", (long)pid);	1771	debug("session_by_pid: pid %ld", (long)pid);
1777	for (i = 0; i < MAX_SESSIONS; i++) {	1772	for (i = 0; i < options.max_sessions; i++) {
1778	Session *s = &sessions[i];	1773	Session *s = &sessions[i];
1779	if (s->used && s->pid == pid)	1774	if (s->used && s->pid == pid)
1780	return s;	1775	return s;
Lines 2327-2333 Link Here
2327	session_destroy_all(void (closefunc)(Session ))	2322	session_destroy_all(void (closefunc)(Session ))
2328	{	2323	{
2329	int i;	2324	int i;
2330	for (i = 0; i < MAX_SESSIONS; i++) {	2325	for (i = 0; i < options.max_sessions; i++) {
2331	Session *s = &sessions[i];	2326	Session *s = &sessions[i];
2332	if (s->used) {	2327	if (s->used) {
2333	if (closefunc != NULL)	2328	if (closefunc != NULL)
Lines 2346-2352 Link Here
2346	char *cp;	2341	char *cp;
2347		2342
2348	buf[0] = '\0';	2343	buf[0] = '\0';
2349	for (i = 0; i < MAX_SESSIONS; i++) {	2344	for (i = 0; i < options.max_sessions; i++) {
2350	Session *s = &sessions[i];	2345	Session *s = &sessions[i];
2351	if (s->used && s->ttyfd != -1) {	2346	if (s->used && s->ttyfd != -1) {
2352		2347