Attachment #963 for bug #1090

Lines 270-275 Link Here

(-)t/openssh-4.2p1/debian/openssh-server.postinst (+1 lines)
270		270
271	#MaxStartups 10:30:60	271	#MaxStartups 10:30:60
272	#Banner /etc/issue.net	272	#Banner /etc/issue.net
		273	#MaxSessions 64
273		274
274	# Allow client to pass locale environment variables	275	# Allow client to pass locale environment variables
275	AcceptEnv LANG LC_*	276	AcceptEnv LANG LC_*

Lines 98-103 Link Here

(-)t/openssh-4.2p1/servconf.c (+9 lines)
98	options->use_dns = -1;	98	options->use_dns = -1;
99	options->client_alive_interval = -1;	99	options->client_alive_interval = -1;
100	options->client_alive_count_max = -1;	100	options->client_alive_count_max = -1;
		101	options->max_sessions = -1;
101	options->authorized_keys_file = NULL;	102	options->authorized_keys_file = NULL;
102	options->authorized_keys_file2 = NULL;	103	options->authorized_keys_file2 = NULL;
103	options->num_accept_env = 0;	104	options->num_accept_env = 0;
Lines 220-225 Link Here
220	options->client_alive_interval = 0;	221	options->client_alive_interval = 0;
221	if (options->client_alive_count_max == -1)	222	if (options->client_alive_count_max == -1)
222	options->client_alive_count_max = 3;	223	options->client_alive_count_max = 3;
		224	if (options->max_sessions == -1)
		225	options->max_sessions = 64;
223	if (options->authorized_keys_file2 == NULL) {	226	if (options->authorized_keys_file2 == NULL) {
224	/* authorized_keys_file2 falls back to authorized_keys_file */	227	/* authorized_keys_file2 falls back to authorized_keys_file */
225	if (options->authorized_keys_file != NULL)	228	if (options->authorized_keys_file != NULL)
Lines 272-277 Link Here
272	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	275	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
273	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,	276	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
274	sUsePrivilegeSeparation,	277	sUsePrivilegeSeparation,
		278	sMaxSessions,
275	sDeprecated, sUnsupported	279	sDeprecated, sUnsupported
276	} ServerOpCodes;	280	} ServerOpCodes;
277		281
Lines 373-378 Link Here
373	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },	377	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
374	{ "useprivilegeseparation", sUsePrivilegeSeparation},	378	{ "useprivilegeseparation", sUsePrivilegeSeparation},
375	{ "acceptenv", sAcceptEnv },	379	{ "acceptenv", sAcceptEnv },
		380	{ "maxsessions", sMaxSessions },
376	{ NULL, sBadOption }	381	{ NULL, sBadOption }
377	};	382	};
378		383
Lines 949-954 Link Here
949	intptr = &options->client_alive_count_max;	954	intptr = &options->client_alive_count_max;
950	goto parse_int;	955	goto parse_int;
951		956
		957	case sMaxSessions:
		958	intptr = &options->max_sessions;
		959	goto parse_int;
		960
952	case sAcceptEnv:	961	case sAcceptEnv:
953	while ((arg = strdelim(&cp)) && *arg != '\0') {	962	while ((arg = strdelim(&cp)) && *arg != '\0') {
954	if (strchr(arg, '=') != NULL)	963	if (strchr(arg, '=') != NULL)

Lines 133-138 Link Here

(-)t/openssh-4.2p1/servconf.h (+1 lines)
133		133
134	char authorized_keys_file; / File containing public keys */	134	char authorized_keys_file; / File containing public keys */
135	char *authorized_keys_file2;	135	char *authorized_keys_file2;
		136	int max_sessions; /* Maximum number of sessions */
136	int use_pam; /* Enable auth via PAM */	137	int use_pam; /* Enable auth via PAM */
137	} ServerOptions;	138	} ServerOptions;
138		139




const char *original_command = NULL;

/* data */
static Session	*sessions;
static int num_sessions;

#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;

session_new(void)
{
	int i;
	Session *s;
	if (!num_sessions) {
		debug("session_new: init");
		num_sessions=1;
		sessions=calloc(num_sessions,sizeof(sessions[0]));
		for (i = 0; i < num_sessions; i++) {
			sessions[i].used = 0;
		}
		did_init = 1;
	}
	for (i = 0; i < num_sessions; i++) {
		s = &sessions[i];
		if (! s->used)
			break;
	}
	if (s->used && \
	    (!options.max_sessions || num_sessions < options.max_sessions)) {
		/* only grow it one entry, to honor MaxSessions. */
		debug("session_new: realloc");
		Session *n=realloc(sessions,++num_sessions*sizeof(Session));
		if (!n)
		    return NULL;
		sessions=n;
		s=sessions+num_sessions-1;
		s->used=0;
	}
	if (!s->used) {
		memset(s, 0, sizeof(*s));
		s->chanid = -1;
		s->ptyfd = -1;
		s->ttyfd = -1;
		s->used = 1;
		s->self = i;
		s->x11_chanids = NULL;
		debug("session_new: session %d", i);
		return s;
	}
	debug("session_new: no room");
	return NULL;
}


session_dump(void)
{
	int i;
	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];
		debug("dump: used %d session %d %p channel %d pid %ld",
		    s->used,

session_by_tty(char *tty)
{
	int i;
	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
			debug("session_by_tty: session %d tty %s", i, tty);

session_by_channel(int id)
{
	int i;
	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->chanid == id) {
			debug("session_by_channel: session %d channel %d", i, id);

{
	int i, j;

	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];

		if (s->x11_chanids == NULL || !s->used)

{
	int i;
	debug("session_by_pid: pid %ld", (long)pid);
	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->pid == pid)
			return s;

session_destroy_all(void (*closefunc)(Session *))
{
	int i;
	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used) {
			if (closefunc != NULL)

	char *cp;

	buf[0] = '\0';
	for (i = 0; i < num_sessions; i++) {
		Session *s = &sessions[i];
		if (s->used && s->ttyfd != -1) {


Lines 439-444 Link Here

(-)t/openssh-4.2p1/sshd_config.5 (+3 lines)
439	Once the number of failures reaches half this value,	439	Once the number of failures reaches half this value,
440	additional failures are logged.	440	additional failures are logged.
441	The default is 6.	441	The default is 6.
		442	.It Cm MaxSession
		443	Defines the maximum number of sessions that a server will permit.
		444	The default is 64.
442	.It Cm MaxStartups	445	.It Cm MaxStartups
443	Specifies the maximum number of concurrent unauthenticated connections to the	446	Specifies the maximum number of concurrent unauthenticated connections to the
444	.Nm sshd	447	.Nm sshd

Return to bug 1090

Lines 106-113 Link Here

(-)t/openssh-4.2p1/session.c (-26 / +41 lines)
106	const char *original_command = NULL;	106	const char *original_command = NULL;
107		107
108	/* data */	108	/* data */
109	#define MAX_SESSIONS 10	109	static Session *sessions;
110	Session sessions[MAX_SESSIONS];	110	static int num_sessions;
111		111
112	#ifdef HAVE_LOGIN_CAP	112	#ifdef HAVE_LOGIN_CAP
113	login_cap_t *lc;	113	login_cap_t *lc;
Lines 1627-1654 Link Here
1627	session_new(void)	1627	session_new(void)
1628	{	1628	{
1629	int i;	1629	int i;
1630	static int did_init = 0;	1630	Session *s;
1631	if (!did_init) {	1631	if (!num_sessions) {
1632	debug("session_new: init");	1632	debug("session_new: init");
1633	for (i = 0; i < MAX_SESSIONS; i++) {	1633	num_sessions=1;
		1634	sessions=calloc(num_sessions,sizeof(sessions[0]));
		1635	for (i = 0; i < num_sessions; i++) {
1634	sessions[i].used = 0;	1636	sessions[i].used = 0;
1635	}	1637	}
1636	did_init = 1;
1637	}	1638	}
1638	for (i = 0; i < MAX_SESSIONS; i++) {	1639	for (i = 0; i < num_sessions; i++) {
1639	Session *s = &sessions[i];	1640	s = &sessions[i];
1640	if (! s->used) {	1641	if (! s->used)
1641	memset(s, 0, sizeof(*s));	1642	break;
1642	s->chanid = -1;	1643	}
1643	s->ptyfd = -1;	1644	if (s->used && \
1644	s->ttyfd = -1;	1645	(!options.max_sessions \|\| num_sessions < options.max_sessions)) {
1645	s->used = 1;	1646	/* only grow it one entry, to honor MaxSessions. */
1646	s->self = i;	1647	debug("session_new: realloc");
1647	s->x11_chanids = NULL;	1648	Session n=realloc(sessions,++num_sessionssizeof(Session));
1648	debug("session_new: session %d", i);	1649	if (!n)
1649	return s;	1650	return NULL;
1650	}	1651	sessions=n;
		1652	s=sessions+num_sessions-1;
		1653	s->used=0;
		1654	}
		1655	if (!s->used) {
		1656	memset(s, 0, sizeof(*s));
		1657	s->chanid = -1;
		1658	s->ptyfd = -1;
		1659	s->ttyfd = -1;
		1660	s->used = 1;
		1661	s->self = i;
		1662	s->x11_chanids = NULL;
		1663	debug("session_new: session %d", i);
		1664	return s;
1651	}	1665	}
		1666	debug("session_new: no room");
1652	return NULL;	1667	return NULL;
1653	}	1668	}
1654		1669
Lines 1656-1662 Link Here
1656	session_dump(void)	1671	session_dump(void)
1657	{	1672	{
1658	int i;	1673	int i;
1659	for (i = 0; i < MAX_SESSIONS; i++) {	1674	for (i = 0; i < num_sessions; i++) {
1660	Session *s = &sessions[i];	1675	Session *s = &sessions[i];
1661	debug("dump: used %d session %d %p channel %d pid %ld",	1676	debug("dump: used %d session %d %p channel %d pid %ld",
1662	s->used,	1677	s->used,
Lines 1689-1695 Link Here
1689	session_by_tty(char *tty)	1704	session_by_tty(char *tty)
1690	{	1705	{
1691	int i;	1706	int i;
1692	for (i = 0; i < MAX_SESSIONS; i++) {	1707	for (i = 0; i < num_sessions; i++) {
1693	Session *s = &sessions[i];	1708	Session *s = &sessions[i];
1694	if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {	1709	if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
1695	debug("session_by_tty: session %d tty %s", i, tty);	1710	debug("session_by_tty: session %d tty %s", i, tty);
Lines 1705-1711 Link Here
1705	session_by_channel(int id)	1720	session_by_channel(int id)
1706	{	1721	{
1707	int i;	1722	int i;
1708	for (i = 0; i < MAX_SESSIONS; i++) {	1723	for (i = 0; i < num_sessions; i++) {
1709	Session *s = &sessions[i];	1724	Session *s = &sessions[i];
1710	if (s->used && s->chanid == id) {	1725	if (s->used && s->chanid == id) {
1711	debug("session_by_channel: session %d channel %d", i, id);	1726	debug("session_by_channel: session %d channel %d", i, id);
Lines 1722-1728 Link Here
1722	{	1737	{
1723	int i, j;	1738	int i, j;
1724		1739
1725	for (i = 0; i < MAX_SESSIONS; i++) {	1740	for (i = 0; i < num_sessions; i++) {
1726	Session *s = &sessions[i];	1741	Session *s = &sessions[i];
1727		1742
1728	if (s->x11_chanids == NULL \|\| !s->used)	1743	if (s->x11_chanids == NULL \|\| !s->used)
Lines 1745-1751 Link Here
1745	{	1760	{
1746	int i;	1761	int i;
1747	debug("session_by_pid: pid %ld", (long)pid);	1762	debug("session_by_pid: pid %ld", (long)pid);
1748	for (i = 0; i < MAX_SESSIONS; i++) {	1763	for (i = 0; i < num_sessions; i++) {
1749	Session *s = &sessions[i];	1764	Session *s = &sessions[i];
1750	if (s->used && s->pid == pid)	1765	if (s->used && s->pid == pid)
1751	return s;	1766	return s;
Lines 2287-2293 Link Here
2287	session_destroy_all(void (closefunc)(Session ))	2302	session_destroy_all(void (closefunc)(Session ))
2288	{	2303	{
2289	int i;	2304	int i;
2290	for (i = 0; i < MAX_SESSIONS; i++) {	2305	for (i = 0; i < num_sessions; i++) {
2291	Session *s = &sessions[i];	2306	Session *s = &sessions[i];
2292	if (s->used) {	2307	if (s->used) {
2293	if (closefunc != NULL)	2308	if (closefunc != NULL)
Lines 2306-2312 Link Here
2306	char *cp;	2321	char *cp;
2307		2322
2308	buf[0] = '\0';	2323	buf[0] = '\0';
2309	for (i = 0; i < MAX_SESSIONS; i++) {	2324	for (i = 0; i < num_sessions; i++) {
2310	Session *s = &sessions[i];	2325	Session *s = &sessions[i];
2311	if (s->used && s->ttyfd != -1) {	2326	if (s->used && s->ttyfd != -1) {
2312		2327