diff options
| author | Erlang/OTP <[email protected]> | 2014-05-27 13:42:18 +0200 | 
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2014-05-27 13:42:18 +0200 | 
| commit | 12df8e06cc9792971c46f5992de9bbe0eaac6192 (patch) | |
| tree | dcb0813c302d7fa9d472acda70502d41823b4404 /lib/ssh | |
| parent | aa00b0090da89ca7442a5ff837e49a450638ce6a (diff) | |
| parent | b21d30d84e1790107aaa8cc7b39eb1095dea1fca (diff) | |
| download | otp-12df8e06cc9792971c46f5992de9bbe0eaac6192.tar.gz otp-12df8e06cc9792971c46f5992de9bbe0eaac6192.tar.bz2 otp-12df8e06cc9792971c46f5992de9bbe0eaac6192.zip | |
Merge branch 'hans/ssh/patch-17.0.2' into maint-17
* hans/ssh/patch-17.0.2:
  ssh: Prepare for release
  ssh: Use correct timeout value for the connection timeout
  ssh: Add max_session parameter to ssh:daemon
Diffstat (limited to 'lib/ssh')
| -rw-r--r-- | lib/ssh/doc/src/ssh.xml | 21 | ||||
| -rw-r--r-- | lib/ssh/src/ssh.appup.src | 4 | ||||
| -rw-r--r-- | lib/ssh/src/ssh.erl | 9 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_acceptor.erl | 47 | ||||
| -rw-r--r-- | lib/ssh/test/ssh_basic_SUITE.erl | 138 | ||||
| -rw-r--r-- | lib/ssh/vsn.mk | 2 | 
6 files changed, 201 insertions, 20 deletions
| diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 7fbd70c87e..5a141ced3c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -307,18 +307,31 @@  	  <tag><c><![CDATA[{negotiation_timeout, integer()}]]></c></tag>  	  <item> -	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes. +	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes. If the client fails to login within this time, the connection is closed. +	    </p> +	  </item> + +	  <tag><c><![CDATA[{max_sessions, pos_integer()}]]></c></tag> +	  <item> +	    <p>The maximum number of simultaneous sessions that are accepted at any time for this daemon.  This includes sessions that are being authorized.  So if set to <c>N</c>, and <c>N</c> clients have connected but not started the login process, the <c>N+1</c> connection attempt will be aborted.  If <c>N</c> connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out. +	    </p> +	    <p>The counter is per listening port, so if two daemons are started, one with <c>{max_sessions,N}</c> and the other with <c>{max_sessions,M}</c> there will be in total <c>N+M</c> connections accepted for the whole ssh application. +	    </p> +	    <p>Note that if <c>parallel_login</c> is <c>false</c>, only one client at a time may be in the authentication phase. +	    </p> +	    <p>As default, the option is not set. This means that the number is not limited.  	    </p>  	  </item>  	  <tag><c><![CDATA[{parallel_login, boolean()}]]></c></tag>  	  <item> -	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited logins will be allowed simultanously. Note that this affects only the connections with authentication in progress, not the already authenticated connections. +	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited number of login attempts will be allowed simultanously. +	    </p> +	    <p>If the <c>max_sessions</c> option is set to <c>N</c> and <c>parallel_login</c> is set to <c>true</c>, the max number of simultaneous login attempts at any time is limited to <c>N-K</c> where <c>K</c> is the number of authenticated connections present at this daemon.  	    </p>  	    <warning> -	      <p>Do not enable parallel_logins without protecting the server by other means like a firewall. If set to true, there is no protection against dos attacs.</p> +	      <p>Do not enable <c>parallel_logins</c> without protecting the server by other means, for example the <c>max_sessions</c> option or a firewall configuration. If set to <c>true</c>, there is no protection against DOS attacks.</p>  	    </warning> -  	  </item>  	  <tag><c><![CDATA[{key_cb, atom()}]]></c></tag> diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 1917c95f5a..42eb2167e0 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,9 +19,13 @@  {"%VSN%",	   [ +  {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, +	     {load_module, ssh_acceptor, soft_purge, soft_purge, []}]},    {<<".*">>, [{restart_application, ssh}]}   ],   [ +  {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, +	     {load_module, ssh_acceptor, soft_purge, soft_purge, []}]},    {<<".*">>, [{restart_application, ssh}]}   ]  }. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index de6e8cc421..240de69eff 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -1,7 +1,7 @@  %  %% %CopyrightBegin%  %% -%% Copyright Ericsson AB 2004-2013. All Rights Reserved. +%% Copyright Ericsson AB 2004-2014. All Rights Reserved.  %%  %% The contents of this file are subject to the Erlang Public License,  %% Version 1.1, (the "License"); you may not use this file except in @@ -73,8 +73,9 @@ connect(Host, Port, Options, Timeout) ->  	{SocketOptions, SshOptions} ->  	    {_, Transport, _} = TransportOpts =  		proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), +	    ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity),  	    Inet = proplists:get_value(inet, SshOptions, inet), -	    try Transport:connect(Host, Port,  [ {active, false}, Inet | SocketOptions], Timeout) of +	    try Transport:connect(Host, Port,  [ {active, false}, Inet | SocketOptions], ConnectionTimeout) of  		{ok, Socket} ->  		    Opts =  [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)],  		    ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); @@ -332,6 +333,8 @@ handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) ->      handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);  handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) ->      handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{max_sessions, _} = Opt|Rest], SocketOptions, SshOptions) -> +    handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);  handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) ->      handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);  handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> @@ -366,6 +369,8 @@ handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), leng      end;  handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity ->      Opt; +handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> +    Opt;  handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity ->      Opt;  handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false -> diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index e57b07cee8..7302196674 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -80,18 +80,36 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) ->  				  ListenSocket, AcceptTimeout)      end. -handle_connection(_Callback, Address, Port, Options, Socket) -> +handle_connection(Callback, Address, Port, Options, Socket) ->      SystemSup = ssh_system_sup:system_supervisor(Address, Port), -    {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), -    ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), -    Timeout = proplists:get_value(negotiation_timeout,  -				  proplists:get_value(ssh_opts, Options, []), -				  2*60*1000), -    ssh_connection_handler:start_connection(server, Socket, -					    [{supervisors, [{system_sup, SystemSup}, -							    {subsystem_sup, SubSysSup}, -							    {connection_sup, ConnectionSup}]} -					     | Options], Timeout). +    SSHopts = proplists:get_value(ssh_opts, Options, []), +    MaxSessions = proplists:get_value(max_sessions,SSHopts,infinity), +    case number_of_connections(SystemSup) < MaxSessions of +	true -> +	    {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), +	    ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), +	    Timeout = proplists:get_value(negotiation_timeout, SSHopts, 2*60*1000), +	    ssh_connection_handler:start_connection(server, Socket, +						    [{supervisors, [{system_sup, SystemSup}, +								    {subsystem_sup, SubSysSup}, +								    {connection_sup, ConnectionSup}]} +						     | Options], Timeout); +	false -> +	    Callback:close(Socket), +	    IPstr = if is_tuple(Address) -> inet:ntoa(Address); +		     true -> Address +		  end, +	    Str = try io_lib:format('~s:~p',[IPstr,Port]) +		  catch _:_ -> "port "++integer_to_list(Port) +		  end, +	    error_logger:info_report("Ssh login attempt to "++Str++" denied due to option " +				     "max_sessions limits to "++ io_lib:write(MaxSessions) ++ +				     " sessions." +				     ), +	    {error,max_sessions} +    end. + +  handle_error(timeout) ->      ok; @@ -117,3 +135,10 @@ handle_error(Reason) ->      String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])),      error_logger:error_report(String),      exit({accept_failed, String}).     + + +number_of_connections(SystemSup) -> +    length([X ||  +	       {R,X,supervisor,[ssh_subsystem_sup]} <- supervisor:which_children(SystemSup), +	       is_reference(R) +	  ]). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index d2e52379fa..8217e643c1 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -47,21 +47,28 @@ all() ->       daemon_already_started,       server_password_option,       server_userpassword_option, -     double_close]. +     double_close, +     ssh_connect_timeout, +     ssh_connect_arg4_timeout, +     {group, hardening_tests} +    ].  groups() ->       [{dsa_key, [], basic_tests()},       {rsa_key, [], basic_tests()},       {dsa_pass_key, [], [pass_phrase]},       {rsa_pass_key, [], [pass_phrase]}, -     {internal_error, [], [internal_error]} +     {internal_error, [], [internal_error]}, +     {hardening_tests, [], [max_sessions]}      ]. +  basic_tests() ->      [send, close, peername_sockname,       exec, exec_compressed, shell, cli, known_hosts,        idle_time, rekey, openssh_zlib_basic_test]. +  %%--------------------------------------------------------------------  init_per_suite(Config) ->      case catch crypto:start() of @@ -74,6 +81,8 @@ end_per_suite(_Config) ->      ssh:stop(),      crypto:stop().  %%-------------------------------------------------------------------- +init_per_group(hardening_tests, Config) -> +    init_per_group(dsa_key, Config);  init_per_group(dsa_key, Config) ->      DataDir = ?config(data_dir, Config),      PrivDir = ?config(priv_dir, Config), @@ -103,6 +112,8 @@ init_per_group(internal_error, Config) ->  init_per_group(_, Config) ->      Config. +end_per_group(hardening_tests, Config) -> +    end_per_group(dsa_key, Config);  end_per_group(dsa_key, Config) ->      PrivDir = ?config(priv_dir, Config),      ssh_test_lib:clean_dsa(PrivDir), @@ -620,6 +631,86 @@ double_close(Config) when is_list(Config) ->      ok = ssh:close(CM).  %%-------------------------------------------------------------------- +ssh_connect_timeout() -> +    [{doc, "Test connect_timeout option in ssh:connect/4"}]. +ssh_connect_timeout(_Config) -> +    ConnTimeout = 2000, +    {error,{faked_transport,connect,TimeoutToTransport}} =  +	ssh:connect("localhost", 12345,  +		    [{transport,{tcp,?MODULE,tcp_closed}}, +		     {connect_timeout,ConnTimeout}], +		    1000), +    case TimeoutToTransport of +	ConnTimeout -> ok; +	Other ->  +	    ct:log("connect_timeout is ~p but transport received ~p",[ConnTimeout,Other]), +	    {fail,"ssh:connect/4 wrong connect_timeout received in transport"} +    end. +     +%% Help for the test above +connect(_Host, _Port, _Opts, Timeout) -> +    {error, {faked_transport,connect,Timeout}}. + + +%%-------------------------------------------------------------------- +ssh_connect_arg4_timeout() -> +    [{doc, "Test fourth argument in ssh:connect/4"}]. +ssh_connect_arg4_timeout(_Config) -> +    Timeout = 1000, +    Parent = self(), +    %% start the server +    Server = spawn(fun() -> +			   {ok,Sl} = gen_tcp:listen(0,[]), +			   {ok,{_,Port}} = inet:sockname(Sl), +			   Parent ! {port,self(),Port}, +			   Rsa = gen_tcp:accept(Sl), +			   ct:log("Server gen_tcp:accept got ~p",[Rsa]), +			   receive after 2*Timeout -> ok end %% let client timeout first +		   end), + +    %% Get listening port +    Port = receive +	       {port,Server,ServerPort} -> ServerPort +	   end, + +    %% try to connect with a timeout, but "supervise" it +    Client = spawn(fun() -> +			   T0 = now(), +			   Rc = ssh:connect("localhost",Port,[],Timeout), +			   ct:log("Client ssh:connect got ~p",[Rc]), +			   Parent ! {done,self(),Rc,T0} +		   end), + +    %% Wait for client reaction on the connection try: +    receive +	{done, Client, {error,_E}, T0} -> +	    Msp = ms_passed(T0, now()), +	    exit(Server,hasta_la_vista___baby), +	    Low = 0.9*Timeout, +	    High =  1.1*Timeout, +	    ct:log("Timeout limits: ~p--~p, timeout was ~p, expected ~p",[Low,High,Msp,Timeout]), +	    if +		Low<Msp, Msp<High -> ok; +		true -> {fail, "timeout not within limits"} +	    end; +	{done, Client, {ok,_Ref}, _T0} -> +	    {fail,"ssh-connected ???"} +    after +	5000 -> +	    exit(Server,hasta_la_vista___baby), +	    exit(Client,hasta_la_vista___baby), +	    {fail, "Didn't timeout"} +    end. + + +%% Help function +%% N2-N1 +ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> +    {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), +					       calendar:now_to_local_time(N2)), +    1000 * (Min*60 + Sec + (M2-M1)/1000000). + +%%--------------------------------------------------------------------  openssh_zlib_basic_test() ->      [{doc, "Test basic connection with openssh_zlib"}]. @@ -639,6 +730,49 @@ openssh_zlib_basic_test(Config) ->      ssh:stop_daemon(Pid).  %%-------------------------------------------------------------------- + +max_sessions(Config) -> +    SystemDir = filename:join(?config(priv_dir, Config), system), +    UserDir = ?config(priv_dir, Config), +    MaxSessions = 2, +    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, +					     {user_dir, UserDir}, +					     {user_passwords, [{"carni", "meat"}]}, +					     {parallel_login, true}, +					     {max_sessions, MaxSessions} +					    ]), + +    Connect = fun() -> +		      R=ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, +							  {user_dir, UserDir}, +							  {user_interaction, false}, +							  {user, "carni"}, +							  {password, "meat"} +							 ]), +		      ct:log("Connection ~p up",[R]) +	      end, + +    try [Connect() || _ <- lists:seq(1,MaxSessions)] +    of +	_ -> +	    ct:pal("Expect Info Report:",[]), +	    try Connect() +	    of +		_ConnectionRef -> +		    ssh:stop_daemon(Pid), +		    {fail,"Too many connections accepted"} +	    catch +		error:{badmatch,{error,"Connection closed"}} -> +		    ssh:stop_daemon(Pid), +		    ok +	    end +    catch +	error:{badmatch,{error,"Connection closed"}} -> +	    ssh:stop_daemon(Pid), +	    {fail,"Too few connections accepted"} +    end. + +%%--------------------------------------------------------------------  %% Internal functions ------------------------------------------------  %%-------------------------------------------------------------------- diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 9ffc59dbaf..40ed27d8f5 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@  #-*-makefile-*-   ; force emacs to enter makefile-mode -SSH_VSN = 3.0.1 +SSH_VSN = 3.0.2  APP_VSN    = "ssh-$(SSH_VSN)" | 
