8 files changed, 127 insertions, 55 deletions

diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index 1917c95f5a..8269f89e40 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -19,9 +19,25 @@
 
 {"%VSN%",	
  [
+  {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
+  {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []},
+	     {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+	     {load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
   {<<".*">>, [{restart_application, ssh}]}
  ],
  [
+  {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
+  {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []},
+	     {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+	     {load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
   {<<".*">>, [{restart_application, ssh}]}
  ]
 }.
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index de6e8cc421..8a8d4bb89e 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -1,7 +1,7 @@
 %
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -73,8 +73,8 @@ connect(Host, Port, Options, Timeout) ->
 	{SocketOptions, SshOptions} ->
 	    {_, Transport, _} = TransportOpts =
 		proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
-	    Inet = proplists:get_value(inet, SshOptions, inet),
-	    try Transport:connect(Host, Port,  [ {active, false}, Inet | SocketOptions], Timeout) of
+	    ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity),
+	    try Transport:connect(Host, Port,  [ {active, false} | SocketOptions], ConnectionTimeout) of
 		{ok, Socket} ->
 		    Opts =  [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)],
 		    ssh_connection_handler:start_connection(client, Socket, Opts, Timeout);
@@ -255,8 +255,8 @@ do_start_daemon(Host, Port, Options, SocketOptions) ->
 
 handle_options(Opts) ->
     try handle_option(proplists:unfold(Opts), [], []) of
-	{_,_} = Options ->
-	    Options
+	{Inet, Ssh} ->
+	    {handle_ip(Inet), Ssh}
     catch
 	throw:Error ->
 	    Error
@@ -332,6 +332,8 @@ handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) ->
     handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
 handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) ->
     handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
+handle_option([{max_sessions, _} = Opt|Rest], SocketOptions, SshOptions) ->
+    handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
 handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) ->
     handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
 handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) ->
@@ -366,6 +368,8 @@ handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), leng
     end;
 handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity ->
     Opt;
+handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 ->
+    Opt;
 handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity ->
     Opt;
 handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false ->
@@ -388,7 +392,8 @@ handle_ssh_option({compression, Value} = Opt) when is_atom(Value) ->
     Opt;
 handle_ssh_option({exec, {Module, Function, _}} = Opt) when is_atom(Module), 
 							    is_atom(Function) ->
-
+    Opt;
+handle_ssh_option({exec, Function} = Opt) when is_function(Function) ->
     Opt;
 handle_ssh_option({auth_methods, Value} = Opt)  when is_list(Value) ->
     Opt;
@@ -428,13 +433,14 @@ handle_ssh_option(Opt) ->
     throw({error, {eoptions, Opt}}).
 
 handle_inet_option({active, _} = Opt) ->
-    throw({error, {{eoptions, Opt}, "Ssh has built in flow control, "
-		   "and activ is handled internaly user is not allowd"
+    throw({error, {{eoptions, Opt}, "SSH has built in flow control, "
+		   "and active is handled internally, user is not allowed"
 		   "to specify this option"}});
-handle_inet_option({inet, Value} = Opt) when (Value == inet) or (Value == inet6) ->
-    Opt;
+
+handle_inet_option({inet, Value}) when (Value == inet) or (Value == inet6) ->
+    Value;
 handle_inet_option({reuseaddr, _} = Opt) ->
-    throw({error, {{eoptions, Opt},"Is set internaly user is not allowd"
+    throw({error, {{eoptions, Opt},"Is set internally, user is not allowed"
 		   "to specify this option"}});
 %% Option verified by inet
 handle_inet_option(Opt) ->
@@ -455,3 +461,17 @@ handle_pref_algs([H|T], Acc) ->
 	_ ->
 	    false
     end.
+
+handle_ip(Inet) -> %% Default to ipv4
+    case lists:member(inet, Inet) of
+	true ->
+	    Inet;
+	false ->
+	    case lists:member(inet6, Inet) of
+		true -> 
+		    Inet;
+		false ->
+		    [inet | Inet]
+	    end
+    end.
+	
diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl
index e57b07cee8..7302196674 100644
--- a/lib/ssh/src/ssh_acceptor.erl
+++ b/lib/ssh/src/ssh_acceptor.erl
@@ -80,18 +80,36 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) ->
 				  ListenSocket, AcceptTimeout)
     end.
 
-handle_connection(_Callback, Address, Port, Options, Socket) ->
+handle_connection(Callback, Address, Port, Options, Socket) ->
     SystemSup = ssh_system_sup:system_supervisor(Address, Port),
-    {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options),
-    ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup),
-    Timeout = proplists:get_value(negotiation_timeout, 
-				  proplists:get_value(ssh_opts, Options, []),
-				  2*60*1000),
-    ssh_connection_handler:start_connection(server, Socket,
-					    [{supervisors, [{system_sup, SystemSup},
-							    {subsystem_sup, SubSysSup},
-							    {connection_sup, ConnectionSup}]}
-					     | Options], Timeout).
+    SSHopts = proplists:get_value(ssh_opts, Options, []),
+    MaxSessions = proplists:get_value(max_sessions,SSHopts,infinity),
+    case number_of_connections(SystemSup) < MaxSessions of
+	true ->
+	    {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options),
+	    ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup),
+	    Timeout = proplists:get_value(negotiation_timeout, SSHopts, 2*60*1000),
+	    ssh_connection_handler:start_connection(server, Socket,
+						    [{supervisors, [{system_sup, SystemSup},
+								    {subsystem_sup, SubSysSup},
+								    {connection_sup, ConnectionSup}]}
+						     | Options], Timeout);
+	false ->
+	    Callback:close(Socket),
+	    IPstr = if is_tuple(Address) -> inet:ntoa(Address);
+		     true -> Address
+		  end,
+	    Str = try io_lib:format('~s:~p',[IPstr,Port])
+		  catch _:_ -> "port "++integer_to_list(Port)
+		  end,
+	    error_logger:info_report("Ssh login attempt to "++Str++" denied due to option "
+				     "max_sessions limits to "++ io_lib:write(MaxSessions) ++
+				     " sessions."
+				     ),
+	    {error,max_sessions}
+    end.
+
+
 handle_error(timeout) ->
     ok;
 
@@ -117,3 +135,10 @@ handle_error(Reason) ->
     String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])),
     error_logger:error_report(String),
     exit({accept_failed, String}).    
+
+
+number_of_connections(SystemSup) ->
+    length([X || 
+	       {R,X,supervisor,[ssh_subsystem_sup]} <- supervisor:which_children(SystemSup),
+	       is_reference(R)
+	  ]).
diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl
index 77453e8fd7..18841e3d2d 100644
--- a/lib/ssh/src/ssh_cli.erl
+++ b/lib/ssh/src/ssh_cli.erl
@@ -457,17 +457,17 @@ bin_to_list(I) when is_integer(I) ->
 
 start_shell(ConnectionHandler, State) ->
     Shell = State#state.shell,
-    ConnectionInfo = ssh_connection_handler:info(ConnectionHandler,
+    ConnectionInfo = ssh_connection_handler:connection_info(ConnectionHandler,
 						  [peer, user]),
     ShellFun = case is_function(Shell) of
 		   true ->
-		       {ok, User} = 
+		       User = 
 			   proplists:get_value(user, ConnectionInfo),
 		       case erlang:fun_info(Shell, arity) of
 			   {arity, 1} ->
 			       fun() -> Shell(User) end;
 			   {arity, 2} ->
-			       [{_, PeerAddr}] =
+			       {_, PeerAddr} =
 				   proplists:get_value(peer, ConnectionInfo),
 			       fun() -> Shell(User, PeerAddr) end;
 			   _ ->
@@ -485,9 +485,9 @@ start_shell(_ConnectionHandler, Cmd, #state{exec={M, F, A}} = State) ->
     State#state{group = Group, buf = empty_buf()};
 start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function(Shell) ->
 
-    ConnectionInfo = ssh_connection_handler:info(ConnectionHandler,
+    ConnectionInfo = ssh_connection_handler:connection_info(ConnectionHandler,
 						 [peer, user]),
-    {ok, User} = 
+    User = 
 	proplists:get_value(user, ConnectionInfo),
     ShellFun = 
 	case erlang:fun_info(Shell, arity) of
@@ -496,7 +496,7 @@ start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function
 	    {arity, 2} ->
 		fun() -> Shell(Cmd, User) end;
 	    {arity, 3} ->
-		[{_, PeerAddr}] =
+		{_, PeerAddr} =
 		    proplists:get_value(peer, ConnectionInfo),
 		fun() -> Shell(Cmd, User, PeerAddr) end;
 	    _ ->
diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index b377614949..33849f4527 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -782,9 +782,8 @@ handle_cli_msg(#connection{channel_cache = Cache} = Connection,
 	    erlang:monitor(process, Pid),
 	    Channel = Channel0#channel{user = Pid},
 	    ssh_channel:cache_update(Cache, Channel),
-	    Reply = {connection_reply,
-		     channel_success_msg(RemoteId)},
-	    {{replies, [{channel_data, Pid, Reply0}, Reply]}, Connection};
+	    {Reply, Connection1} = reply_msg(Channel, Connection, Reply0),
+ 	    {{replies, [Reply]}, Connection1};
 	_Other ->
 	    Reply = {connection_reply,
 		     channel_failure_msg(RemoteId)},
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 322da50f21..86804c4436 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -104,21 +104,11 @@ start_connection(client = Role, Socket, Options, Timeout) ->
 
 start_connection(server = Role, Socket, Options, Timeout) ->
     try
-	Sups = proplists:get_value(supervisors, Options),
-	ConnectionSup = proplists:get_value(connection_sup, Sups),
-	Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])],
-	{ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]),
-	{_, Callback, _} =  proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
-	socket_control(Socket, Pid, Callback),
-	case proplists:get_value(parallel_login, Opts, false) of
+	case proplists:get_value(parallel_login, Options, false) of
 	    true ->
-		spawn(fun() -> 
-			      Ref = erlang:monitor(process, Pid),
-			      handshake(Pid, Ref, Timeout) 
-		      end);
+		spawn(fun() -> start_server_connection(Role, Socket, Options, Timeout) end);
 	    false ->
-		Ref = erlang:monitor(process, Pid),
-		handshake(Pid, Ref, Timeout)
+		start_server_connection(Role, Socket, Options, Timeout)
 	end
     catch
 	exit:{noproc, _} ->
@@ -127,6 +117,18 @@ start_connection(server = Role, Socket, Options, Timeout) ->
 	    {error, Error}
     end.
 
+
+start_server_connection(server = Role, Socket, Options, Timeout) ->
+    Sups = proplists:get_value(supervisors, Options),
+    ConnectionSup = proplists:get_value(connection_sup, Sups),
+    Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])],
+    {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]),
+    {_, Callback, _} =  proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
+    socket_control(Socket, Pid, Callback),
+    Ref = erlang:monitor(process, Pid),
+    handshake(Pid, Ref, Timeout).
+
+
 start_link(Role, Socket, Options) ->
     {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}.
 
@@ -1482,8 +1484,7 @@ ssh_channel_info([ _ | Rest], Channel, Acc) ->
 
 log_error(Reason) ->
     Report = io_lib:format("Erlang ssh connection handler failed with reason: "
-			   "~p ~n, Stacktace: ~p ~n"
-			   "please report this to [email protected] \n",
+			   "~p ~n, Stacktrace: ~p ~n",
 			   [Reason,  erlang:get_stacktrace()]),
     error_logger:error_report(Report),
     "Internal error".
diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl
index 832b144db9..35336bce8b 100644
--- a/lib/ssh/src/ssh_io.erl
+++ b/lib/ssh/src/ssh_io.erl
@@ -81,6 +81,8 @@ format(Fmt, Args) ->
 
 trim(Line) when is_list(Line) ->
     lists:reverse(trim1(lists:reverse(trim1(Line))));
+trim(Line) when is_binary(Line) ->
+    trim(unicode:characters_to_list(Line));
 trim(Other) -> Other.
 
 trim1([$\s|Cs]) -> trim(Cs);
diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl
index 8d6c77c0ed..76b57cb995 100644
--- a/lib/ssh/src/ssh_message.erl
+++ b/lib/ssh/src/ssh_message.erl
@@ -255,7 +255,7 @@ encode(#ssh_msg_ignore{data = Data}) ->
     ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]);
 
 encode(#ssh_msg_unimplemented{sequence = Seq}) ->
-    ssh_bits:encode([?SSH_MSG_IGNORE, Seq], [byte, uint32]);
+    ssh_bits:encode([?SSH_MSG_UNIMPLEMENTED, Seq], [byte, uint32]);
 
 encode(#ssh_msg_debug{always_display = Bool,
 		      message = Msg,
@@ -391,13 +391,6 @@ decode(<<?BYTE(?SSH_MSG_USERAUTH_INFO_REQUEST), ?UINT32(Len0), Name:Len0/binary,
        data = Data};
 
 %%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST:
-decode(<<?BYTE(?SSH_MSG_USERAUTH_PK_OK), ?UINT32(Len), Alg:Len/binary, KeyBlob/binary>>) ->
-    #ssh_msg_userauth_pk_ok{
-       algorithm_name = Alg,
-       key_blob = KeyBlob
-      };
-
-%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST:
 decode(<<?BYTE(?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ), ?UINT32(Len0), Prompt:Len0/binary,
 	 ?UINT32(Len1), Lang:Len1/binary>>) ->
     #ssh_msg_userauth_passwd_changereq{
@@ -405,6 +398,13 @@ decode(<<?BYTE(?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ), ?UINT32(Len0), Prompt:Len0/b
        languge = Lang
       };
 
+%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST:
+decode(<<?BYTE(?SSH_MSG_USERAUTH_PK_OK), ?UINT32(Len), Alg:Len/binary, KeyBlob/binary>>) ->
+    #ssh_msg_userauth_pk_ok{
+       algorithm_name = Alg,
+       key_blob = KeyBlob
+      };
+
 decode(<<?BYTE(?SSH_MSG_USERAUTH_INFO_RESPONSE), ?UINT32(Num), Data/binary>>) ->
     #ssh_msg_userauth_info_response{
        num_responses = Num,
@@ -461,10 +461,19 @@ decode(<<?BYTE(?SSH_MSG_DISCONNECT), ?UINT32(Code),
        language = Lang
       };
 
+%% Accept bad disconnects from ancient openssh clients that doesn't send language tag.  Use english as a work-around.
+decode(<<?BYTE(?SSH_MSG_DISCONNECT), ?UINT32(Code),
+       ?UINT32(Len0), Desc:Len0/binary>>) ->
+    #ssh_msg_disconnect{
+       code = Code,
+       description = unicode:characters_to_list(Desc),
+       language = <<"en">>
+      };
+
 decode(<<?SSH_MSG_NEWKEYS>>) ->
     #ssh_msg_newkeys{};
 
-decode(<<?BYTE(?SSH_MSG_IGNORE), Data/binary>>) ->
+decode(<<?BYTE(?SSH_MSG_IGNORE), ?UINT32(Len), Data:Len/binary>>) ->
     #ssh_msg_ignore{data = Data};
 
 decode(<<?BYTE(?SSH_MSG_UNIMPLEMENTED), ?UINT32(Seq)>>) ->