Bugzilla – Attachment 963 Details for
Bug 1090
Increase MAX_SESSIONS?
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch to add MaxSessions config parameter
openssh-max.diff (text/plain), 6.26 KB, created by
LaMont Jones
on 2005-09-24 01:05:46 AEST
(
hide
)
Description:
proposed patch to add MaxSessions config parameter
Filename:
MIME Type:
Creator:
LaMont Jones
Created:
2005-09-24 01:05:46 AEST
Size:
6.26 KB
patch
obsolete
>diff -ur t/openssh-4.2p1/debian/openssh-server.postinst openssh-4.2p1/debian/openssh-server.postinst >--- t/openssh-4.2p1/debian/openssh-server.postinst 2005-09-23 05:58:22.000000000 -0600 >+++ openssh-4.2p1/debian/openssh-server.postinst 2005-09-23 06:05:07.000000000 -0600 >@@ -270,6 +270,7 @@ > > #MaxStartups 10:30:60 > #Banner /etc/issue.net >+#MaxSessions 64 > > # Allow client to pass locale environment variables > AcceptEnv LANG LC_* >diff -ur t/openssh-4.2p1/servconf.c openssh-4.2p1/servconf.c >--- t/openssh-4.2p1/servconf.c 2005-08-12 06:11:37.000000000 -0600 >+++ openssh-4.2p1/servconf.c 2005-09-23 06:09:11.000000000 -0600 >@@ -98,6 +98,7 @@ > options->use_dns = -1; > options->client_alive_interval = -1; > options->client_alive_count_max = -1; >+ options->max_sessions = -1; > options->authorized_keys_file = NULL; > options->authorized_keys_file2 = NULL; > options->num_accept_env = 0; >@@ -220,6 +221,8 @@ > options->client_alive_interval = 0; > if (options->client_alive_count_max == -1) > options->client_alive_count_max = 3; >+ if (options->max_sessions == -1) >+ options->max_sessions = 64; > if (options->authorized_keys_file2 == NULL) { > /* authorized_keys_file2 falls back to authorized_keys_file */ > if (options->authorized_keys_file != NULL) >@@ -272,6 +275,7 @@ > sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, > sGssAuthentication, sGssCleanupCreds, sAcceptEnv, > sUsePrivilegeSeparation, >+ sMaxSessions, > sDeprecated, sUnsupported > } ServerOpCodes; > >@@ -373,6 +377,7 @@ > { "authorizedkeysfile2", sAuthorizedKeysFile2 }, > { "useprivilegeseparation", sUsePrivilegeSeparation}, > { "acceptenv", sAcceptEnv }, >+ { "maxsessions", sMaxSessions }, > { NULL, sBadOption } > }; > >@@ -949,6 +954,10 @@ > intptr = &options->client_alive_count_max; > goto parse_int; > >+ case sMaxSessions: >+ intptr = &options->max_sessions; >+ goto parse_int; >+ > case sAcceptEnv: > while ((arg = strdelim(&cp)) && *arg != '\0') { > if (strchr(arg, '=') != NULL) >diff -ur t/openssh-4.2p1/servconf.h openssh-4.2p1/servconf.h >--- t/openssh-4.2p1/servconf.h 2005-01-19 16:57:56.000000000 -0700 >+++ openssh-4.2p1/servconf.h 2005-09-23 05:57:02.000000000 -0600 >@@ -133,6 +133,7 @@ > > char *authorized_keys_file; /* File containing public keys */ > char *authorized_keys_file2; >+ int max_sessions; /* Maximum number of sessions */ > int use_pam; /* Enable auth via PAM */ > } ServerOptions; > >diff -ur t/openssh-4.2p1/session.c openssh-4.2p1/session.c >--- t/openssh-4.2p1/session.c 2005-09-23 05:58:22.000000000 -0600 >+++ openssh-4.2p1/session.c 2005-09-23 07:03:50.000000000 -0600 >@@ -106,8 +106,8 @@ > const char *original_command = NULL; > > /* data */ >-#define MAX_SESSIONS 10 >-Session sessions[MAX_SESSIONS]; >+static Session *sessions; >+static int num_sessions; > > #ifdef HAVE_LOGIN_CAP > login_cap_t *lc; >@@ -1627,28 +1627,43 @@ > session_new(void) > { > int i; >- static int did_init = 0; >- if (!did_init) { >+ Session *s; >+ if (!num_sessions) { > debug("session_new: init"); >- for (i = 0; i < MAX_SESSIONS; i++) { >+ num_sessions=1; >+ sessions=calloc(num_sessions,sizeof(sessions[0])); >+ for (i = 0; i < num_sessions; i++) { > sessions[i].used = 0; > } >- did_init = 1; > } >- for (i = 0; i < MAX_SESSIONS; i++) { >- Session *s = &sessions[i]; >- if (! s->used) { >- memset(s, 0, sizeof(*s)); >- s->chanid = -1; >- s->ptyfd = -1; >- s->ttyfd = -1; >- s->used = 1; >- s->self = i; >- s->x11_chanids = NULL; >- debug("session_new: session %d", i); >- return s; >- } >+ for (i = 0; i < num_sessions; i++) { >+ s = &sessions[i]; >+ if (! s->used) >+ break; >+ } >+ if (s->used && \ >+ (!options.max_sessions || num_sessions < options.max_sessions)) { >+ /* only grow it one entry, to honor MaxSessions. */ >+ debug("session_new: realloc"); >+ Session *n=realloc(sessions,++num_sessions*sizeof(Session)); >+ if (!n) >+ return NULL; >+ sessions=n; >+ s=sessions+num_sessions-1; >+ s->used=0; >+ } >+ if (!s->used) { >+ memset(s, 0, sizeof(*s)); >+ s->chanid = -1; >+ s->ptyfd = -1; >+ s->ttyfd = -1; >+ s->used = 1; >+ s->self = i; >+ s->x11_chanids = NULL; >+ debug("session_new: session %d", i); >+ return s; > } >+ debug("session_new: no room"); > return NULL; > } > >@@ -1656,7 +1671,7 @@ > session_dump(void) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > debug("dump: used %d session %d %p channel %d pid %ld", > s->used, >@@ -1689,7 +1704,7 @@ > session_by_tty(char *tty) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) { > debug("session_by_tty: session %d tty %s", i, tty); >@@ -1705,7 +1720,7 @@ > session_by_channel(int id) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->chanid == id) { > debug("session_by_channel: session %d channel %d", i, id); >@@ -1722,7 +1737,7 @@ > { > int i, j; > >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > > if (s->x11_chanids == NULL || !s->used) >@@ -1745,7 +1760,7 @@ > { > int i; > debug("session_by_pid: pid %ld", (long)pid); >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->pid == pid) > return s; >@@ -2287,7 +2302,7 @@ > session_destroy_all(void (*closefunc)(Session *)) > { > int i; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used) { > if (closefunc != NULL) >@@ -2306,7 +2321,7 @@ > char *cp; > > buf[0] = '\0'; >- for (i = 0; i < MAX_SESSIONS; i++) { >+ for (i = 0; i < num_sessions; i++) { > Session *s = &sessions[i]; > if (s->used && s->ttyfd != -1) { > >diff -ur t/openssh-4.2p1/sshd_config.5 openssh-4.2p1/sshd_config.5 >--- t/openssh-4.2p1/sshd_config.5 2005-07-26 05:54:57.000000000 -0600 >+++ openssh-4.2p1/sshd_config.5 2005-09-23 06:09:42.000000000 -0600 >@@ -439,6 +439,9 @@ > Once the number of failures reaches half this value, > additional failures are logged. > The default is 6. >+.It Cm MaxSession >+Defines the maximum number of sessions that a server will permit. >+The default is 64. > .It Cm MaxStartups > Specifies the maximum number of concurrent unauthenticated connections to the > .Nm sshd
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1090
:
963
|
979
|
1473
|
1483