Bugzilla – Attachment 2981 Details for
Bug 2718
SFTP idle timeout
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
sftp idle timeout
0001-SFTP-idle-timeout.patch (text/plain), 4.03 KB, created by
Tomas Kuthan
on 2017-05-22 22:50:28 AEST
(
hide
)
Description:
sftp idle timeout
Filename:
MIME Type:
Creator:
Tomas Kuthan
Created:
2017-05-22 22:50:28 AEST
Size:
4.03 KB
patch
obsolete
>From 6c4758e3e97c040773fb6eee38118f85f7582c7e Mon Sep 17 00:00:00 2001 >From: Tomas Kuthan <tkuthan@gmail.com> >Date: Fri, 19 May 2017 10:25:18 +0200 >Subject: [PATCH 1/2] SFTP idle timeout > >Implements new sftp-server option '-t idle_timeout'. When there is no >user activity for idle_timeout seconds, sftp session is forcibly closed >by the server. By default there is no time limit. >--- > sftp-server.8 | 6 ++++++ > sftp-server.c | 35 +++++++++++++++++++++++++++++++++-- > 2 files changed, 39 insertions(+), 2 deletions(-) > >diff --git a/sftp-server.8 b/sftp-server.8 >index c117398..a3f22de 100644 >--- a/sftp-server.8 >+++ b/sftp-server.8 >@@ -37,6 +37,7 @@ > .Op Fl l Ar log_level > .Op Fl P Ar blacklisted_requests > .Op Fl p Ar whitelisted_requests >+.Op Fl t Ar idle_timeout > .Op Fl u Ar umask > .Ek > .Nm >@@ -133,6 +134,11 @@ Places this instance of > into a read-only mode. > Attempts to open files for writing, as well as other operations that change > the state of the filesystem, will be denied. >+.It Fl t Ar idle_timeout >+Sets idle timeout for sftp sessions. When there is no client request for >+.Pa idle_timeout >+seconds, the session is forcibly closed by the server. >+The default value 0 means no time limit. > .It Fl u Ar umask > Sets an explicit > .Xr umask 2 >diff --git a/sftp-server.c b/sftp-server.c >index df0fb50..6d7e355 100644 >--- a/sftp-server.c >+++ b/sftp-server.c >@@ -39,6 +39,7 @@ > #include <time.h> > #include <unistd.h> > #include <stdarg.h> >+#include <signal.h> > > #include "xmalloc.h" > #include "sshbuf.h" >@@ -83,6 +84,9 @@ struct Stat { > Attrib attrib; > }; > >+/* sftp idle timeout */ >+static volatile sig_atomic_t g_timed_out = 0; >+ > /* Packet handlers */ > static void process_open(u_int32_t id); > static void process_close(u_int32_t id); >@@ -1490,17 +1494,24 @@ sftp_server_usage(void) > fprintf(stderr, > "usage: %s [-ehR] [-d start_directory] [-f log_facility] " > "[-l log_level]\n\t[-P blacklisted_requests] " >- "[-p whitelisted_requests] [-u umask]\n" >+ "[-p whitelisted_requests] [-t idle_timeout] [-u umask]\n" > " %s -Q protocol_feature\n", > __progname, __progname); > exit(1); > } > >+static void >+sftp_alarm_handler(int sig) >+{ >+ g_timed_out = 1; >+} >+ > int > sftp_server_main(int argc, char **argv, struct passwd *user_pw) > { > fd_set *rset, *wset; > int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0; >+ int timeout = 0; > ssize_t len, olen, set_size; > SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; > char *cp, *homedir = NULL, buf[4*4096]; >@@ -1516,7 +1527,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > pw = pwcopy(user_pw); > > while (!skipargs && (ch = getopt(argc, argv, >- "d:f:l:P:p:Q:u:cehR")) != -1) { >+ "d:f:l:P:p:Q:u:t:cehR")) != -1) { > switch (ch) { > case 'Q': > if (strcasecmp(optarg, "requests") != 0) { >@@ -1576,6 +1587,15 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > fatal("Invalid umask \"%s\"", optarg); > (void)umask((mode_t)mask); > break; >+ case 't': >+ timeout = atoi(optarg); >+ if (timeout <= 0) { >+ /* -t0 is redundant, though technically valid */ >+ error("Invalid timeout: \"%s\". Ignored.", >+ optarg); >+ timeout = 0; >+ } >+ break; > case 'h': > default: > sftp_server_usage(); >@@ -1639,6 +1659,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > } > > set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); >+ signal(SIGALRM, sftp_alarm_handler); > for (;;) { > memset(rset, 0, set_size); > memset(wset, 0, set_size); >@@ -1660,13 +1681,23 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > if (olen > 0) > FD_SET(out, wset); > >+ if (timeout > 0) >+ alarm(timeout); >+ > if (select(max+1, rset, wset, NULL, NULL) < 0) { >+ if (g_timed_out){ >+ debug("SFTP idle timeout, closing session."); >+ sftp_server_cleanup_exit(3); >+ } > if (errno == EINTR) > continue; > error("select: %s", strerror(errno)); > sftp_server_cleanup_exit(2); > } > >+ if (timeout > 0) >+ alarm(0); >+ > /* copy stdin to iqueue */ > if (FD_ISSET(in, rset)) { > len = read(in, buf, sizeof buf); >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2718
: 2981