Date: Fri, 5 Aug 2011 22:39:23 GMT From: Catalin Nicutar <cnicutar@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 197240 for review Message-ID: <201108052239.p75MdNDi053915@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@197240?ac=10 Change 197240 by cnicutar@cnicutar_cronos on 2011/08/05 22:38:23 Forward-port ssh and sshd UTO support to HEAD. Affected files ... .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/readconf.c#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/readconf.h#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/servconf.c#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/servconf.h#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh.1#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh.c#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh_config.5#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshconnect.c#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshd.c#2 edit .. //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshd_config.5#2 edit Differences ... ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/readconf.c#2 (text+ko) ==== @@ -138,7 +138,7 @@ oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, oKexAlgorithms, oIPQoS, - oVersionAddendum, + oVersionAddendum, oUserTimeout, oDeprecated, oUnsupported } OpCodes; @@ -227,6 +227,7 @@ { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "rekeylimit", oRekeyLimit }, { "connecttimeout", oConnectTimeout }, + { "usertimeout", oUserTimeout }, { "addressfamily", oAddressFamily }, { "serveraliveinterval", oServerAliveInterval }, { "serveralivecountmax", oServerAliveCountMax }, @@ -415,6 +416,10 @@ *intptr = value; break; + case oUserTimeout: + intptr = &options->user_timeout; + goto parse_time; + case oForwardAgent: intptr = &options->forward_agent; parse_flag: @@ -1132,6 +1137,7 @@ options->address_family = -1; options->connection_attempts = -1; options->connection_timeout = -1; + options->user_timeout = -1; options->number_of_password_prompts = -1; options->cipher = -1; options->ciphers = NULL; ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/readconf.h#2 (text+ko) ==== @@ -69,6 +69,7 @@ * giving up */ int connection_timeout; /* Max time (seconds) before * aborting connection attempt */ + int user_timeout; /* Timeout value (seconds) sent to server. */ int number_of_password_prompts; /* Max number of password * prompts. */ int cipher; /* Cipher to use. */ ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/servconf.c#2 (text+ko) ==== @@ -109,6 +109,7 @@ options->compression = -1; options->allow_tcp_forwarding = -1; options->allow_agent_forwarding = -1; + options->allow_user_timeout = -1; options->num_allow_users = 0; options->num_deny_users = 0; options->num_allow_groups = 0; @@ -326,7 +327,7 @@ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, + sUsePrivilegeSeparation, sAllowAgentForwarding, sAllowUserTimeout, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sKexAlgorithms, sIPQoS, @@ -422,6 +423,7 @@ { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, + { "allowusertimeout", sAllowUserTimeout, SSHCFG_ALL }, { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, @@ -1085,6 +1087,10 @@ case sAllowAgentForwarding: intptr = &options->allow_agent_forwarding; goto parse_flag; + + case sAllowUserTimeout: + intptr = &options->allow_user_timeout; + goto parse_flag; case sUsePrivilegeSeparation: intptr = &use_privsep; ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/servconf.h#2 (text+ko) ==== @@ -111,6 +111,7 @@ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; int allow_agent_forwarding; + int allow_user_timeout; /* Accept the client timeout if true. */ u_int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; u_int num_deny_users; ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh.1#2 (text+ko) ==== @@ -35,7 +35,7 @@ .\" .\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $ .\" $FreeBSD: src/crypto/openssh/ssh.1,v 1.44 2011/05/04 07:34:44 des Exp $ -.Dd November 18, 2010 +.Dd August 05, 2011 .Dt SSH 1 .Os .Sh NAME @@ -60,6 +60,7 @@ .Op Fl p Ar port .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport .Op Fl S Ar ctl_path +.Op Fl u Ar timeout .Op Fl W Ar host : Ns Ar port .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun .Oo Ar user Ns @ Oc Ns Ar hostname @@ -466,6 +467,7 @@ .It TunnelDevice .It UsePrivilegedPort .It User +.It UserTimeout .It UserKnownHostsFile .It VerifyHostKeyDNS .It VersionAddendum @@ -557,6 +559,14 @@ options force tty allocation, even if .Nm has no local tty. +.It Fl u Ar timeout +Sets the requested timeout (UTO) for the connection. +If the option is accepted by the server, the connection will be kept for +the specified time in the absence of network connectivity. +.Pp +This option can also be enabled using the UserTimeout directive as described +in +.Xr ssh_config 5 . .It Fl V Display the version number and exit. .It Fl v ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh.c#2 (text+ko) ==== @@ -70,6 +70,7 @@ #include <unistd.h> #include <netinet/in.h> +#include <netinet/tcp.h> #include <arpa/inet.h> #include <openssl/evp.h> @@ -200,7 +201,7 @@ " [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [-W host:port] [-w local_tun[:remote_tun]]\n" +" [-u timeout] [-W host:port] [-w local_tun[:remote_tun]]\n" " [user@]hostname [command]\n" ); exit(255); @@ -297,7 +298,7 @@ argv0 = av[0]; again: - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstu:vx" "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { switch (opt) { case '1': @@ -392,6 +393,11 @@ force_tty_flag = 1; tty_flag = 1; break; + case 'u': + options.user_timeout = convtime(optarg); + if (options.user_timeout == -1) + fatal("Invalid User Timeout value"); + break; case 'v': if (debug_flag == 0) { debug_flag = 1; @@ -905,6 +911,15 @@ } else { verbose("Authenticated to %s (via proxy).", host); } + + /* + * Attempt to send the option after authenticating. If the server + * didn't record it at SYN, it should now. + */ + if (options.user_timeout && setsockopt(packet_get_connection_in(), + IPPROTO_TCP, TCP_SNDUTO_TIMEOUT, &options.user_timeout, + sizeof(options.user_timeout))) + error("setsockopt TCP_SNDUTO_TIMEOUT: %.100s", strerror(errno)); /* We no longer need the private host keys. Clear them now. */ if (sensitive_data.nkeys != 0) { ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh_config.5#2 (text+ko) ==== @@ -35,7 +35,7 @@ .\" .\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $ .\" $FreeBSD: src/crypto/openssh/ssh_config.5,v 1.32 2011/05/04 07:34:44 des Exp $ -.Dd December 8, 2010 +.Dd July 19, 2011 .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1137,6 +1137,20 @@ This can be useful when a different user name is used on different machines. This saves the trouble of having to remember to give the user name on the command line. +.It Cm UserTimeout +Specifies the UserTimeout (TCP UTO) for this connection. +If the server accepts this option, the connection will be kept for the +specified time in the absence of network connectivity. +.Pp +Usually a server will only allow certain users to use this option, due to +the security risks involved. +.Pp +The values that can be specified are subject to +.Dv net.inet.tcp.uto.min_timeout +and +.Dv net.inet.tcp.uto.max_timeout . +.Pp +By default no timeout is used. .It Cm UserKnownHostsFile Specifies a file to use for the user host key database instead of ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshconnect.c#2 (text+ko) ==== @@ -25,6 +25,7 @@ #endif #include <netinet/in.h> +#include <netinet/tcp.h> #include <arpa/inet.h> #include <ctype.h> @@ -389,6 +390,17 @@ /* Any error is already output */ continue; + /* + * Attempt to set the UTO value before connecting. + * Some hosts might not accept it if we send it later. + */ + if (options.user_timeout > 0 && + setsockopt(sock, IPPROTO_TCP, TCP_SNDUTO_TIMEOUT, + &options.user_timeout, + sizeof(options.user_timeout)) < 0) + error("setsockopt TCP_SNDUTO_TIMEOUT: %.100s", + strerror(errno)); + if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, timeout_ms) >= 0) { /* Successful connection. */ ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshd.c#2 (text+ko) ==== @@ -59,6 +59,8 @@ #include "openbsd-compat/sys-queue.h" #include <sys/wait.h> +#include <netinet/tcp.h> + #include <errno.h> #include <fcntl.h> #include <netdb.h> @@ -2027,6 +2029,17 @@ startup_pipe = -1; } + /* + * After authentication it's safe to enable User Timeout. The + * connection will not be dropped for this period of time even if + * the client stays silent (doesn't ACK our data). + */ + if (options.allow_user_timeout && packet_connection_is_on_socket() && + setsockopt(sock_in, IPPROTO_TCP, TCP_RCVUTO_TIMEOUT, &on, + sizeof(on)) < 0) + error("setsockopt TCP_RCVUTO_TIMEOUT: %.100s", strerror(errno)); + + #ifdef SSH_AUDIT_EVENTS audit_event(SSH_AUTH_SUCCESS); #endif ==== //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshd_config.5#2 (text+ko) ==== @@ -35,7 +35,7 @@ .\" .\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ .\" $FreeBSD: src/crypto/openssh/sshd_config.5,v 1.38 2011/05/04 07:34:44 des Exp $ -.Dd December 8, 2010 +.Dd July 19, 2011 .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -152,6 +152,22 @@ in .Xr ssh_config 5 for more information on patterns. +.It Cm AllowUserTimeout +This directive specifies that the UserTimeout requested by the client will +be accepted after authentication. +When a UserTimeout is accepted TCP will not drop the connection for the +specified time even if the client remains silent (doesn't ACK data). +.Pp +The values that can be accepted are subject to the system-wide +.Dv net.inet.tcp.uto.min_timeout +and +.Dv net.inet.tcp.uto.max_timeout . +.Pp +A server should only allow trusted users to use this option, due to +the security risks involved. +.Pp +The default value is +.Dq no . .It Cm AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201108052239.p75MdNDi053915>