Bugzilla – Attachment 3618 Details for
Bug 3484
RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed implementation using new "-t <sesion_timeout>" option to sftp-server
0001-sftp-implement-session-timeout-to-automatically-clos.patch (text/plain), 3.01 KB, created by
Renaud Métrich
on 2022-10-20 20:27:22 AEDT
(
hide
)
Description:
Proposed implementation using new "-t <sesion_timeout>" option to sftp-server
Filename:
MIME Type:
Creator:
Renaud Métrich
Created:
2022-10-20 20:27:22 AEDT
Size:
3.01 KB
patch
obsolete
>From 89900f5f566f687d07bdf0a347b6edf8c632100a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com> >Date: Thu, 20 Oct 2022 11:24:46 +0200 >Subject: [PATCH] sftp: implement session timeout to automatically close idle > connections >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Signed-off-by: Renaud Métrich <rmetrich@redhat.com> >--- > sftp-server.8 | 4 ++++ > sftp-server.c | 19 ++++++++++++++++--- > 2 files changed, 20 insertions(+), 3 deletions(-) > >diff --git a/sftp-server.8 b/sftp-server.8 >index 5311bf92..27767a63 100644 >--- a/sftp-server.8 >+++ b/sftp-server.8 >@@ -38,6 +38,7 @@ > .Op Fl P Ar denied_requests > .Op Fl p Ar allowed_requests > .Op Fl u Ar umask >+.Op Fl t Ar session_timeout > .Ek > .Nm > .Fl Q Ar protocol_feature >@@ -138,6 +139,9 @@ Sets an explicit > .Xr umask 2 > to be applied to newly-created files and directories, instead of the > user's default mask. >+.It Fl t Ar session_timeout >+Sets a timeout for idle connections in seconds. Specify 0 to disable the >+timeout. > .El > .Pp > On some systems, >diff --git a/sftp-server.c b/sftp-server.c >index 25f95348..8eff5c29 100644 >--- a/sftp-server.c >+++ b/sftp-server.c >@@ -1892,7 +1892,7 @@ sftp_server_usage(void) > fprintf(stderr, > "usage: %s [-ehR] [-d start_directory] [-f log_facility] " > "[-l log_level]\n\t[-P denied_requests] " >- "[-p allowed_requests] [-u umask]\n" >+ "[-p allowed_requests] [-u umask] [-t session_timeout]\n" > " %s -Q protocol_feature\n", > __progname, __progname); > exit(1); >@@ -1906,6 +1906,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; > char *cp, *homedir = NULL, uidstr[32], buf[4*4096]; > long mask; >+ long timeout = -1; > > extern char *optarg; > extern char *__progname; >@@ -1916,7 +1917,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > pw = pwcopy(user_pw); > > while (!skipargs && (ch = getopt(argc, argv, >- "d:f:l:P:p:Q:u:cehR")) != -1) { >+ "d:f:l:P:p:Q:u:cehRt:")) != -1) { > switch (ch) { > case 'Q': > if (strcasecmp(optarg, "requests") != 0) { >@@ -1978,6 +1979,15 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > fatal("Invalid umask \"%s\"", optarg); > (void)umask((mode_t)mask); > break; >+ case 't': >+ timeout = strtol(optarg, &cp, 10); >+ if (*cp != '\0' || timeout < 0 || timeout > INT_MAX / 1000) >+ fatal("Invalid timeout \"%s\"", optarg); >+ if (timeout == 0) >+ timeout = -1; >+ else >+ timeout *= 1000; >+ break; > case 'h': > default: > sftp_server_usage(); >@@ -2057,11 +2067,14 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > pfd[1].events = POLLOUT; > } > >- if (poll(pfd, 2, -1) == -1) { >+ if ((r = poll(pfd, 2, (int)timeout)) == -1) { > if (errno == EINTR) > continue; > error("poll: %s", strerror(errno)); > sftp_server_cleanup_exit(2); >+ } else if (r == 0) { >+ logit("session timed out"); >+ sftp_server_cleanup_exit(0); > } > > /* copy stdin to iqueue */ >-- >2.37.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3618">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3484
: 3618