Attachment #297 for bug #207




	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
	oDeprecated
} OpCodes;


	{ "verifyhostkeydns", oVerifyHostKeyDNS },
	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
	{ "rekeylimit", oRekeyLimit },
	{ "connecttimeout", oConnectTimeout },
	{ NULL, oBadOption }
};


		/* don't panic, but count bad options */
		return -1;
		/* NOTREACHED */
	case oConnectTimeout:
		intptr = &options->connection_timeout;
/* parse_time: */
		arg = strdelim(&s);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing time value.",
			    filename, linenum);
		if ((value = convtime(arg)) == -1)
			fatal("%s line %d: invalid time value.",
			    filename, linenum);
		if (*intptr == -1)
			*intptr = value;
		break;

	case oForwardAgent:
		intptr = &options->forward_agent;
parse_flag:

	options->compression_level = -1;
	options->port = -1;
	options->connection_attempts = -1;
	options->connection_timeout = -1;
	options->number_of_password_prompts = -1;
	options->cipher = -1;
	options->ciphers = NULL;

Lines 60-65 Link Here

(-)readconf.h (+2 lines)
60	int port; /* Port to connect. */	60	int port; /* Port to connect. */
61	int connection_attempts; /* Max attempts (seconds) before	61	int connection_attempts; /* Max attempts (seconds) before
62	* giving up */	62	* giving up */
		63	int connection_timeout; /* Max time (seconds) before
		64	* aborting connection attempt */
63	int number_of_password_prompts; /* Max number of password	65	int number_of_password_prompts; /* Max number of password
64	* prompts. */	66	* prompts. */
65	int cipher; /* Cipher to use. */	67	int cipher; /* Cipher to use. */

Lines 599-605 Link Here

(-)ssh.c (-1 / +1 lines)
599	/* Open a connection to the remote host. */	599	/* Open a connection to the remote host. */
600		600
601	if (ssh_connect(host, &hostaddr, options.port, IPv4or6,	601	if (ssh_connect(host, &hostaddr, options.port, IPv4or6,
602	options.connection_attempts,	602	options.connection_attempts, options.connection_timeout,
603	original_effective_uid == 0 && options.use_privileged_port,	603	original_effective_uid == 0 && options.use_privileged_port,
604	options.proxy_command) != 0)	604	options.proxy_command) != 0)
605	exit(1);	605	exit(1);

Lines 25-30 Link Here

(-)ssh_config (+1 lines)
25	# HostbasedAuthentication no	25	# HostbasedAuthentication no
26	# BatchMode no	26	# BatchMode no
27	# CheckHostIP yes	27	# CheckHostIP yes
		28	# ConnectTimeout 0
28	# StrictHostKeyChecking ask	29	# StrictHostKeyChecking ask
29	# IdentityFile ~/.ssh/identity	30	# IdentityFile ~/.ssh/identity
30	# IdentityFile ~/.ssh/id_rsa	31	# IdentityFile ~/.ssh/id_rsa

Lines 227-232 Link Here

(-)ssh_config.5 (+5 lines)
227	The argument must be an integer.	227	The argument must be an integer.
228	This may be useful in scripts if the connection sometimes fails.	228	This may be useful in scripts if the connection sometimes fails.
229	The default is 1.	229	The default is 1.
		230	.It Cm ConnectTimeout
		231	Specifies the timeout (in seconds) used when connecting to the ssh
		232	server, instead of using the default system TCP timeout. This value is
		233	used only when the target is down or really unreachable, not when it
		234	refuses the connection.
230	.It Cm DynamicForward	235	.It Cm DynamicForward
231	Specifies that a TCP/IP port on the local machine be forwarded	236	Specifies that a TCP/IP port on the local machine be forwarded
232	over the secure channel, and the application	237	over the secure channel, and the application




	return sock;
}

int
timeout_connect(int sockfd, const struct sockaddr *serv_addr,
    socklen_t addrlen, int timeout)
{
	fd_set *fdset;
	struct timeval tv;
	socklen_t optlen;
	int fdsetsz, optval, rc;

	if (timeout <= 0)
		return connect(sockfd, serv_addr, addrlen);

	if (fcntl(sockfd, F_SETFL, O_NONBLOCK) < 0)
		return -1;

	rc = connect(sockfd, serv_addr, addrlen);
	if (rc == 0)
		return 0;
	if (errno != EINPROGRESS)
		return -1;

	fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);
	fdset = (fd_set *)xmalloc(fdsetsz);

	memset(fdset, '\0', fdsetsz);
	FD_SET(sockfd, fdset);
	tv.tv_sec = timeout;
	tv.tv_usec = 0;

	for(;;) {
		rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
		if (rc != -1 || errno != EINTR)
			break;
	}

	switch(rc) {
	case 0:
		/* Timed out */
		errno = ETIMEDOUT;
		return -1;
	case -1:
		/* Select error */
	    	debug("select: %s", strerror(errno));
		return -1;
	case 1:
		/* Completed or failed */
		optval = 0;
		optlen = sizeof(optval);
		if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, 
		    &optlen) == -1)
		    	debug("getsockopt: %s", strerror(errno));
			return -1;
		if (optval != 0) {
			errno = optval;
			return -1;
		}
		break;
	default:
		/* Should not occur */
		fatal("Bogus return (%d) from select()", rc);
	}

	return 0;
}

/*
 * Opens a TCP/IP connection to the remote server on the given host.
 * The address of the remote host will be returned in hostaddr.

 */
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
    u_short port, int family, int connection_attempts, int connection_timeout,
    int needpriv, const char *proxy_command)
{
	int gaierr;

				/* Any error is already output */
				continue;

			if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
			    connection_timeout) >= 0) {
				/* Successful connection. */
				memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
				break;

Lines 35-41 Link Here

(-)sshconnect.h (-1 / +1 lines)
35		35
36	int	36	int
37	ssh_connect(const char , struct sockaddr_storage , u_short, int, int,	37	ssh_connect(const char , struct sockaddr_storage , u_short, int, int,
38	int, const char *);	38	int, int, const char *);
39		39
40	void	40	void
41	ssh_login(Sensitive , const char , struct sockaddr , struct passwd );	41	ssh_login(Sensitive , const char , struct sockaddr , struct passwd );

Return to bug 207

Lines 106-112 Link Here

(-)readconf.c (-1 / +17 lines)
106	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,	106	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
107	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,	107	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
108	oClearAllForwardings, oNoHostAuthenticationForLocalhost,	108	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
109	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,	109	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
110	oDeprecated	110	oDeprecated
111	} OpCodes;	111	} OpCodes;
112		112
Lines 176-181 Link Here
176	{ "verifyhostkeydns", oVerifyHostKeyDNS },	176	{ "verifyhostkeydns", oVerifyHostKeyDNS },
177	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },	177	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
178	{ "rekeylimit", oRekeyLimit },	178	{ "rekeylimit", oRekeyLimit },
		179	{ "connecttimeout", oConnectTimeout },
179	{ NULL, oBadOption }	180	{ NULL, oBadOption }
180	};	181	};
181		182
Lines 290-295 Link Here
290	/* don't panic, but count bad options */	291	/* don't panic, but count bad options */
291	return -1;	292	return -1;
292	/* NOTREACHED */	293	/* NOTREACHED */
		294	case oConnectTimeout:
		295	intptr = &options->connection_timeout;
		296	/* parse_time: */
		297	arg = strdelim(&s);
		298	if (!arg \|\| *arg == '\0')
		299	fatal("%s line %d: missing time value.",
		300	filename, linenum);
		301	if ((value = convtime(arg)) == -1)
		302	fatal("%s line %d: invalid time value.",
		303	filename, linenum);
		304	if (*intptr == -1)
		305	*intptr = value;
		306	break;
		307
293	case oForwardAgent:	308	case oForwardAgent:
294	intptr = &options->forward_agent;	309	intptr = &options->forward_agent;
295	parse_flag:	310	parse_flag:
Lines 784-789 Link Here
784	options->compression_level = -1;	799	options->compression_level = -1;
785	options->port = -1;	800	options->port = -1;
786	options->connection_attempts = -1;	801	options->connection_attempts = -1;
		802	options->connection_timeout = -1;
787	options->number_of_password_prompts = -1;	803	options->number_of_password_prompts = -1;
788	options->cipher = -1;	804	options->cipher = -1;
789	options->ciphers = NULL;	805	options->ciphers = NULL;

Lines 214-219 Link Here

(-)sshconnect.c (-2 / +68 lines)
214	return sock;	214	return sock;
215	}	215	}
216		216
		217	int
		218	timeout_connect(int sockfd, const struct sockaddr *serv_addr,
		219	socklen_t addrlen, int timeout)
		220	{
		221	fd_set *fdset;
		222	struct timeval tv;
		223	socklen_t optlen;
		224	int fdsetsz, optval, rc;
		225
		226	if (timeout <= 0)
		227	return connect(sockfd, serv_addr, addrlen);
		228
		229	if (fcntl(sockfd, F_SETFL, O_NONBLOCK) < 0)
		230	return -1;
		231
		232	rc = connect(sockfd, serv_addr, addrlen);
		233	if (rc == 0)
		234	return 0;
		235	if (errno != EINPROGRESS)
		236	return -1;
		237
		238	fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);
		239	fdset = (fd_set *)xmalloc(fdsetsz);
		240
		241	memset(fdset, '\0', fdsetsz);
		242	FD_SET(sockfd, fdset);
		243	tv.tv_sec = timeout;
		244	tv.tv_usec = 0;
		245
		246	for(;;) {
		247	rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
		248	if (rc != -1 \|\| errno != EINTR)
		249	break;
		250	}
		251
		252	switch(rc) {
		253	case 0:
		254	/* Timed out */
		255	errno = ETIMEDOUT;
		256	return -1;
		257	case -1:
		258	/* Select error */
		259	debug("select: %s", strerror(errno));
		260	return -1;
		261	case 1:
		262	/* Completed or failed */
		263	optval = 0;
		264	optlen = sizeof(optval);
		265	if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval,
		266	&optlen) == -1)
		267	debug("getsockopt: %s", strerror(errno));
		268	return -1;
		269	if (optval != 0) {
		270	errno = optval;
		271	return -1;
		272	}
		273	break;
		274	default:
		275	/* Should not occur */
		276	fatal("Bogus return (%d) from select()", rc);
		277	}
		278
		279	return 0;
		280	}
281
217	/*	282	/*
218	* Opens a TCP/IP connection to the remote server on the given host.	283	* Opens a TCP/IP connection to the remote server on the given host.
219	* The address of the remote host will be returned in hostaddr.	284	* The address of the remote host will be returned in hostaddr.
Lines 233-239 Link Here
233	*/	298	*/
234	int	299	int
235	ssh_connect(const char host, struct sockaddr_storage hostaddr,	300	ssh_connect(const char host, struct sockaddr_storage hostaddr,
236	u_short port, int family, int connection_attempts,	301	u_short port, int family, int connection_attempts, int connection_timeout,
237	int needpriv, const char *proxy_command)	302	int needpriv, const char *proxy_command)
238	{	303	{
239	int gaierr;	304	int gaierr;
Lines 302-308 Link Here
302	/* Any error is already output */	367	/* Any error is already output */
303	continue;	368	continue;
304		369
305	if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {	370	if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
		371	connection_timeout) >= 0) {
306	/* Successful connection. */	372	/* Successful connection. */
307	memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);	373	memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
308	break;	374	break;