[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Implement "no-more-session@xxxxxxxxxxx" in the server


Hi,

I was reviewing the chacha20 patchset and then a user asked for supporting the 
global request "no-more-session@xxxxxxxxxxx".

    On receipt of such a message, the server will refuse to open future
    channels of type "session" and instead immediately abort the connection.

So I've implemented it. However I don't have the time to test it right now.


I'm posting it here, if someone is interested in it. OpenSSH is normally 
sending it.

Review much appreciated!


Thanks,


	Andreas
From 0189ab3e6549b902791b95f5e15b5c9e481e3f7c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
Date: Tue, 12 Jun 2018 21:45:15 +0200
Subject: [PATCH 1/3] include: Use hex values for flags

This is easier to understand.

Signed-off-by: Andreas Schneider <asn@xxxxxxxxxxxxxx>
---
 include/libssh/session.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/libssh/session.h b/include/libssh/session.h
index 1a069017..de5fb7c7 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -64,10 +64,10 @@ enum ssh_pending_call_e {
 };
 
 /* libssh calls may block an undefined amount of time */
-#define SSH_SESSION_FLAG_BLOCKING 1
+#define SSH_SESSION_FLAG_BLOCKING 0x0001
 
 /* Client successfully authenticated */
-#define SSH_SESSION_FLAG_AUTHENTICATED 2
+#define SSH_SESSION_FLAG_AUTHENTICATED 0x0002
 
 /* codes to use with ssh_handle_packets*() */
 /* Infinite timeout */
-- 
2.17.1


From 65d09da5f8b9a175a9845f594938efdeaf5f6646 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
Date: Tue, 12 Jun 2018 21:45:51 +0200
Subject: [PATCH 2/3] include: Add SSH_SESSION_FLAG_NO_MORE flag

Signed-off-by: Andreas Schneider <asn@xxxxxxxxxxxxxx>
---
 include/libssh/session.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/libssh/session.h b/include/libssh/session.h
index de5fb7c7..8cedc6cf 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -69,6 +69,9 @@ enum ssh_pending_call_e {
 /* Client successfully authenticated */
 #define SSH_SESSION_FLAG_AUTHENTICATED 0x0002
 
+/* Do not accept new session chanels (no-more-sessions@xxxxxxxxxxx) */
+#define SSH_SESSION_FLAG_NO_MORE_SESSIONS 0x0004
+
 /* codes to use with ssh_handle_packets*() */
 /* Infinite timeout */
 #define SSH_TIMEOUT_INFINITE -1
-- 
2.17.1


From 8e423738905bf458d60245da713dd41205bd134d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
Date: Tue, 12 Jun 2018 21:53:03 +0200
Subject: [PATCH 3/3] messages: Handle "no-more-sessions@xxxxxxxxxxx" global
 request

On receipt of such a message, the server will refuse to open future
channels of type "session" and instead immediately abort the connection.

Signed-off-by: Andreas Schneider <asn@xxxxxxxxxxxxxx>
---
 include/libssh/libssh.h |  3 ++-
 src/messages.c          | 23 ++++++++++++++++++++---
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 03241493..dbf73657 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -209,7 +209,8 @@ enum ssh_global_requests_e {
 	SSH_GLOBAL_REQUEST_UNKNOWN=0,
 	SSH_GLOBAL_REQUEST_TCPIP_FORWARD,
 	SSH_GLOBAL_REQUEST_CANCEL_TCPIP_FORWARD,
-	SSH_GLOBAL_REQUEST_KEEPALIVE
+	SSH_GLOBAL_REQUEST_KEEPALIVE,
+	SSH_GLOBAL_REQUEST_NO_MORE_SESSIONS
 };
 
 enum ssh_publickey_state_e {
diff --git a/src/messages.c b/src/messages.c
index af885314..a88d94f2 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -1077,9 +1077,15 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
   }
   
   if (strcmp(type_c,"session") == 0) {
-    msg->channel_request_open.type = SSH_CHANNEL_SESSION;
-    SAFE_FREE(type_c);
-    goto end;
+      if (session->flags & SSH_SESSION_FLAG_NO_MORE_SESSIONS) {
+          ssh_set_error(session, SSH_FATAL, "No more sessions allowed!");
+          session->session_state = SSH_SESSION_STATE_ERROR;
+          goto error;
+      }
+
+      msg->channel_request_open.type = SSH_CHANNEL_SESSION;
+      SAFE_FREE(type_c);
+      goto end;
   }
 
   if (strcmp(type_c,"direct-tcpip") == 0) {
@@ -1452,6 +1458,17 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){
         } else {
             ssh_message_global_request_reply_success(msg, 0);
         }
+    } else if (strcmp(request, "no-more-sessions@xxxxxxxxxxx") == 0) {
+        msg->global_request.type = SSH_GLOBAL_REQUEST_NO_MORE_SESSIONS;
+        msg->global_request.want_reply = want_reply;
+
+        SSH_LOG(SSH_LOG_PROTOCOL, "Received no-more-sessions@xxxxxxxxxxx %d", want_reply);
+
+        if (want_reply) {
+            ssh_message_global_request_reply_success(msg, 0);
+        }
+
+        session->flags |= SSH_SESSION_FLAG_NO_MORE_SESSIONS;
     } else {
         SSH_LOG(SSH_LOG_PROTOCOL, "UNKNOWN SSH_MSG_GLOBAL_REQUEST %s %d", request, want_reply);
         rc = SSH_PACKET_NOT_USED;
-- 
2.17.1


Archive administrator: postmaster@lists.cynapses.org