Attachment 963 Details for Bug 1090 – proposed patch to add MaxSessions config parameter

[patch] proposed patch to add MaxSessions config parameter

openssh-max.diff (text/plain), 6.26 KB, created by LaMont Jones on 2005-09-24 01:05:46 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: LaMont Jones

Created: 2005-09-24 01:05:46 AEST

Size: 6.26 KB

patch

obsolete

>diff -ur t/openssh-4.2p1/debian/openssh-server.postinst openssh-4.2p1/debian/openssh-server.postinst
>--- t/openssh-4.2p1/debian/openssh-server.postinst	2005-09-23 05:58:22.000000000 -0600
>+++ openssh-4.2p1/debian/openssh-server.postinst	2005-09-23 06:05:07.000000000 -0600
>@@ -270,6 +270,7 @@
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
>+#MaxSessions 64
> 
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
>diff -ur t/openssh-4.2p1/servconf.c openssh-4.2p1/servconf.c
>--- t/openssh-4.2p1/servconf.c	2005-08-12 06:11:37.000000000 -0600
>+++ openssh-4.2p1/servconf.c	2005-09-23 06:09:11.000000000 -0600
>@@ -98,6 +98,7 @@
> 	options->use_dns = -1;
> 	options->client_alive_interval = -1;
> 	options->client_alive_count_max = -1;
>+	options->max_sessions = -1;
> 	options->authorized_keys_file = NULL;
> 	options->authorized_keys_file2 = NULL;
> 	options->num_accept_env = 0;
>@@ -220,6 +221,8 @@
> 		options->client_alive_interval = 0;
> 	if (options->client_alive_count_max == -1)
> 		options->client_alive_count_max = 3;
>+	if (options->max_sessions == -1)
>+		options->max_sessions = 64;
> 	if (options->authorized_keys_file2 == NULL) {
> 		/* authorized_keys_file2 falls back to authorized_keys_file */
> 		if (options->authorized_keys_file != NULL)
>@@ -272,6 +275,7 @@
> 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
> 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
> 	sUsePrivilegeSeparation,
>+	sMaxSessions,
> 	sDeprecated, sUnsupported
> } ServerOpCodes;
> 
>@@ -373,6 +377,7 @@
> 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
> 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
> 	{ "acceptenv", sAcceptEnv },
>+	{ "maxsessions", sMaxSessions },
> 	{ NULL, sBadOption }
> };
> 
>@@ -949,6 +954,10 @@
> 		intptr = &options->client_alive_count_max;
> 		goto parse_int;
> 
>+	case sMaxSessions:
>+		intptr = &options->max_sessions;
>+		goto parse_int;
>+
> 	case sAcceptEnv:
> 		while ((arg = strdelim(&cp)) && *arg != '\0') {
> 			if (strchr(arg, '=') != NULL)
>diff -ur t/openssh-4.2p1/servconf.h openssh-4.2p1/servconf.h
>--- t/openssh-4.2p1/servconf.h	2005-01-19 16:57:56.000000000 -0700
>+++ openssh-4.2p1/servconf.h	2005-09-23 05:57:02.000000000 -0600
>@@ -133,6 +133,7 @@
> 
> 	char   *authorized_keys_file;	/* File containing public keys */
> 	char   *authorized_keys_file2;
>+	int	max_sessions;		/* Maximum number of sessions */
> 	int	use_pam;		/* Enable auth via PAM */
> }       ServerOptions;
> 
>diff -ur t/openssh-4.2p1/session.c openssh-4.2p1/session.c
>--- t/openssh-4.2p1/session.c	2005-09-23 05:58:22.000000000 -0600
>+++ openssh-4.2p1/session.c	2005-09-23 07:03:50.000000000 -0600
>@@ -106,8 +106,8 @@
> const char *original_command = NULL;
> 
> /* data */
>-#define MAX_SESSIONS 10
>-Session	sessions[MAX_SESSIONS];
>+static Session	*sessions;
>+static int num_sessions;
> 
> #ifdef HAVE_LOGIN_CAP
> login_cap_t *lc;
>@@ -1627,28 +1627,43 @@
> session_new(void)
> {
> 	int i;
>-	static int did_init = 0;
>-	if (!did_init) {
>+	Session *s;
>+	if (!num_sessions) {
> 		debug("session_new: init");
>-		for (i = 0; i < MAX_SESSIONS; i++) {
>+		num_sessions=1;
>+		sessions=calloc(num_sessions,sizeof(sessions[0]));
>+		for (i = 0; i < num_sessions; i++) {
> 			sessions[i].used = 0;
> 		}
>-		did_init = 1;
> 	}
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>-		Session *s = &sessions[i];
>-		if (! s->used) {
>-			memset(s, 0, sizeof(*s));
>-			s->chanid = -1;
>-			s->ptyfd = -1;
>-			s->ttyfd = -1;
>-			s->used = 1;
>-			s->self = i;
>-			s->x11_chanids = NULL;
>-			debug("session_new: session %d", i);
>-			return s;
>-		}
>+	for (i = 0; i < num_sessions; i++) {
>+		s = &sessions[i];
>+		if (! s->used)
>+			break;
>+	}
>+	if (s->used && \
>+	    (!options.max_sessions || num_sessions < options.max_sessions)) {
>+		/* only grow it one entry, to honor MaxSessions. */
>+		debug("session_new: realloc");
>+		Session *n=realloc(sessions,++num_sessions*sizeof(Session));
>+		if (!n)
>+		    return NULL;
>+		sessions=n;
>+		s=sessions+num_sessions-1;
>+		s->used=0;
>+	}
>+	if (!s->used) {
>+		memset(s, 0, sizeof(*s));
>+		s->chanid = -1;
>+		s->ptyfd = -1;
>+		s->ttyfd = -1;
>+		s->used = 1;
>+		s->self = i;
>+		s->x11_chanids = NULL;
>+		debug("session_new: session %d", i);
>+		return s;
> 	}
>+	debug("session_new: no room");
> 	return NULL;
> }
> 
>@@ -1656,7 +1671,7 @@
> session_dump(void)
> {
> 	int i;
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 		debug("dump: used %d session %d %p channel %d pid %ld",
> 		    s->used,
>@@ -1689,7 +1704,7 @@
> session_by_tty(char *tty)
> {
> 	int i;
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 		if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
> 			debug("session_by_tty: session %d tty %s", i, tty);
>@@ -1705,7 +1720,7 @@
> session_by_channel(int id)
> {
> 	int i;
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 		if (s->used && s->chanid == id) {
> 			debug("session_by_channel: session %d channel %d", i, id);
>@@ -1722,7 +1737,7 @@
> {
> 	int i, j;
> 
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 
> 		if (s->x11_chanids == NULL || !s->used)
>@@ -1745,7 +1760,7 @@
> {
> 	int i;
> 	debug("session_by_pid: pid %ld", (long)pid);
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 		if (s->used && s->pid == pid)
> 			return s;
>@@ -2287,7 +2302,7 @@
> session_destroy_all(void (*closefunc)(Session *))
> {
> 	int i;
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 		if (s->used) {
> 			if (closefunc != NULL)
>@@ -2306,7 +2321,7 @@
> 	char *cp;
> 
> 	buf[0] = '\0';
>-	for (i = 0; i < MAX_SESSIONS; i++) {
>+	for (i = 0; i < num_sessions; i++) {
> 		Session *s = &sessions[i];
> 		if (s->used && s->ttyfd != -1) {
> 
>diff -ur t/openssh-4.2p1/sshd_config.5 openssh-4.2p1/sshd_config.5
>--- t/openssh-4.2p1/sshd_config.5	2005-07-26 05:54:57.000000000 -0600
>+++ openssh-4.2p1/sshd_config.5	2005-09-23 06:09:42.000000000 -0600
>@@ -439,6 +439,9 @@
> Once the number of failures reaches half this value,
> additional failures are logged.
> The default is 6.
>+.It Cm MaxSession
>+Defines the maximum number of sessions that a server will permit.
>+The default is 64.
> .It Cm MaxStartups
> Specifies the maximum number of concurrent unauthenticated connections to the
> .Nm sshd

Actions: View | Diff

Attachments on bug 1090: 963 | 979 | 1473 | 1483