Bugzilla – Attachment 979 Details for
Bug 1090
Increase MAX_SESSIONS?
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rework patch based on comments #2 and #3.
openssh-maxsessions.patch (text/plain), 6.94 KB, created by
Darren Tucker
on 2005-10-03 14:39:00 AEST
(
hide
)
Description:
rework patch based on comments #2 and #3.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-10-03 14:39:00 AEST
Size:
6.94 KB
patch
obsolete
>Index: servconf.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/servconf.c,v >retrieving revision 1.134 >diff -u -p -r1.134 servconf.c >--- servconf.c 12 Aug 2005 12:11:37 -0000 1.134 >+++ servconf.c 3 Oct 2005 03:41:30 -0000 >@@ -98,6 +98,7 @@ initialize_server_options(ServerOptions > options->use_dns = -1; > options->client_alive_interval = -1; > options->client_alive_count_max = -1; >+ options->max_sessions = -1; > options->authorized_keys_file = NULL; > options->authorized_keys_file2 = NULL; > options->num_accept_env = 0; >@@ -220,6 +221,8 @@ fill_default_server_options(ServerOption > options->client_alive_interval = 0; > if (options->client_alive_count_max == -1) > options->client_alive_count_max = 3; >+ if (options->max_sessions == -1) >+ options->max_sessions = 64; > if (options->authorized_keys_file2 == NULL) { > /* authorized_keys_file2 falls back to authorized_keys_file */ > if (options->authorized_keys_file != NULL) >@@ -272,6 +275,7 @@ typedef enum { > sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, > sGssAuthentication, sGssCleanupCreds, sAcceptEnv, > sUsePrivilegeSeparation, >+ sMaxSessions, > sDeprecated, sUnsupported > } ServerOpCodes; > >@@ -373,6 +377,7 @@ static struct { > { "authorizedkeysfile2", sAuthorizedKeysFile2 }, > { "useprivilegeseparation", sUsePrivilegeSeparation}, > { "acceptenv", sAcceptEnv }, >+ { "maxsessions", sMaxSessions }, > { NULL, sBadOption } > }; > >@@ -949,6 +954,10 @@ parse_flag: > intptr = &options->client_alive_count_max; > goto parse_int; > >+ case sMaxSessions: >+ intptr = &options->max_sessions; >+ goto parse_int; >+ > case sAcceptEnv: > while ((arg = strdelim(&cp)) && *arg != '\0') { > if (strchr(arg, '=') != NULL) >Index: servconf.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/servconf.h,v >retrieving revision 1.63 >diff -u -p -r1.63 servconf.h >--- servconf.h 19 Jan 2005 23:57:56 -0000 1.63 >+++ servconf.h 3 Oct 2005 03:41:30 -0000 >@@ -133,6 +133,7 @@ typedef struct { > > char *authorized_keys_file; /* File containing public keys */ > char *authorized_keys_file2; >+ int max_sessions; /* Maximum number of sessions */ > int use_pam; /* Enable auth via PAM */ > } ServerOptions; > >Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.306 >diff -u -p -r1.306 session.c >--- session.c 31 Aug 2005 16:59:49 -0000 1.306 >+++ session.c 3 Oct 2005 04:33:58 -0000 >@@ -104,8 +104,8 @@ extern Buffer loginmsg; > const char *original_command = NULL; > > /* data */ >-#define MAX_SESSIONS 10 >-Session sessions[MAX_SESSIONS]; >+static Session *sessions = NULL; >+static int num_sessions = 0; > > #ifdef HAVE_LOGIN_CAP > login_cap_t *lc; >@@ -1623,28 +1623,55 @@ Session * > session_new(void) > { > int i; >- static int did_init = 0; >- if (!did_init) { >+ Session *s = NULL, *n = NULL; >+ >+ if (sessions == NULL) { > debug("session_new: init"); >- for (i = 0; i < MAX_SESSIONS; i++) { >+ sessions = calloc(1, sizeof(sessions[0])); >+ if (sessions == NULL) { >+ error("session_new: can't allocate initial session: %s", >+ strerror(errno)); >+ return NULL; >+ } >+ num_sessions = 1; >+ for (i = 0; i < num_sessions; i++) { >+ /* XXX: unnecessary since calloc zeroes? */ > sessions[i].used = 0; > } >- did_init = 1; > } >- for (i = 0; i < MAX_SESSIONS; i++) { >- Session *s = &sessions[i]; >- if (! s->used) { >- memset(s, 0, sizeof(*s)); >- s->chanid = -1; >- s->ptyfd = -1; >- s->ttyfd = -1; >- s->used = 1; >- s->self = i; >- s->x11_chanids = NULL; >- debug("session_new: session %d", i); >- return s; >- } >+ for (i = 0; i < num_sessions; i++) { >+ s = &sessions[i]; >+ if (!s->used) >+ break; >+ } >+ /* if we reached the end of the array and are within limits, expand */ >+ if (num_sessions == i && num_sessions < INT_MAX && \ >+ (options.max_sessions == 0 || >+ num_sessions < options.max_sessions)) { >+ debug("session_new: realloc"); >+ n = realloc(sessions, (num_sessions + 1) * sizeof(*sessions)); >+ if (n == NULL) { >+ error("session_new: realloc sessions failed: %s", >+ strerror(errno)); >+ return NULL; >+ } >+ sessions = n; >+ num_sessions++; >+ s = &sessions[i]; >+ s->used = 0; >+ } >+ if (!s->used) { >+ memset(s, 0, sizeof(*s)); >+ s->chanid = -1; >+ s->ptyfd = -1; >+ s->ttyfd = -1; >+ s->used = 1; >+ s->self = i; >+ s->x11_chanids = NULL; >+ debug("session_new: session %d", i); >+ return s; > } >+ debug("session_new: no room"); > return NULL; > } > >@@ -1652,7 +1679,7 @@ static void > session_dump(void) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > debug("dump: used %d session %d %p channel %d pid %ld", > s->used, >@@ -1685,7 +1712,7 @@ Session * > session_by_tty(char *tty) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) { > debug("session_by_tty: session %d tty %s", i, tty); >@@ -1701,7 +1728,7 @@ static Session * > session_by_channel(int id) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->chanid == id) { > debug("session_by_channel: session %d channel %d", i, id); >@@ -1718,7 +1745,7 @@ session_by_x11_channel(int id) > { > int i, j; > >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > > if (s->x11_chanids == NULL || !s->used) >@@ -1741,7 +1768,7 @@ session_by_pid(pid_t pid) > { > int i; > debug("session_by_pid: pid %ld", (long)pid); >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->pid == pid) > return s; >@@ -2283,7 +2310,7 @@ void > session_destroy_all(void (*closefunc)(Session *)) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used) { > if (closefunc != NULL) >@@ -2302,7 +2329,7 @@ session_tty_list(void) > char *cp; > > buf[0] = '\0'; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->ttyfd != -1) { > >Index: sshd_config.5 >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd_config.5,v >retrieving revision 1.49 >diff -u -p -r1.49 sshd_config.5 >--- sshd_config.5 26 Jul 2005 11:54:57 -0000 1.49 >+++ sshd_config.5 3 Oct 2005 03:42:21 -0000 >@@ -439,6 +439,9 @@ connection. > Once the number of failures reaches half this value, > additional failures are logged. > The default is 6. >+.It Cm MaxSessions >+Defines the maximum number of sessions that a server will permit. >+The default is 64. > .It Cm MaxStartups > Specifies the maximum number of concurrent unauthenticated connections to the > .Nm sshd
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=979">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1090
:
963
|
979
|
1473
|
1483