aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ssh/doc/src/notes.xml17
-rw-r--r--lib/ssh/doc/src/ssh.xml9
-rw-r--r--lib/ssh/src/ssh.erl4
-rw-r--r--lib/ssh/src/ssh_connection.erl27
-rw-r--r--lib/ssh/test/ssh_connection_SUITE.erl75
5 files changed, 125 insertions, 7 deletions
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 368bb0f552..0c0c947f65 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -30,6 +30,23 @@
<file>notes.xml</file>
</header>
+<section><title>Ssh 4.1.1</title>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ A new option <c>max_channels</c> limits the number of
+ channels with active server-side subsystems that are
+ accepted.</p>
+ <p>
+ Own Id: OTP-13036</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
<section><title>Ssh 4.1</title>
<section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index b938da091c..2b190c98b6 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -507,6 +507,15 @@ kex is implicit but public_key is set explicitly.</p>
</p>
</item>
+ <tag><c><![CDATA[{max_channels, pos_integer()}]]></c></tag>
+ <item>
+ <p>The maximum number of channels with active remote subsystem that are accepted for
+ each connection to this daemon</p>
+ <p>By default, this option is not set. This means that the number is not limited.
+ </p>
+ </item>
+
+
<tag><c><![CDATA[{parallel_login, boolean()}]]></c></tag>
<item>
<p>If set to false (the default value), only one login is handled at a time.
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 15591fb4a7..b6ee29efbb 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -385,6 +385,8 @@ handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) ->
handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
handle_option([{max_sessions, _} = Opt|Rest], SocketOptions, SshOptions) ->
handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
+handle_option([{max_channels, _} = Opt|Rest], SocketOptions, SshOptions) ->
+ handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) ->
handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);
handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) ->
@@ -443,6 +445,8 @@ handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value
Opt;
handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 ->
Opt;
+handle_ssh_option({max_channels, Value} = Opt) when is_integer(Value), Value>0 ->
+ Opt;
handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity ->
Opt;
handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false ->
diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index 64d2113125..266c64fd4f 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -935,14 +935,27 @@ encode_ip(Addr) when is_list(Addr) ->
end
end.
-start_channel(Cb, Id, Args, SubSysSup) ->
- start_channel(Cb, Id, Args, SubSysSup, undefined).
+start_channel(Cb, Id, Args, SubSysSup, Opts) ->
+ start_channel(Cb, Id, Args, SubSysSup, undefined, Opts).
-start_channel(Cb, Id, Args, SubSysSup, Exec) ->
+start_channel(Cb, Id, Args, SubSysSup, Exec, Opts) ->
ChildSpec = child_spec(Cb, Id, Args, Exec),
ChannelSup = ssh_subsystem_sup:channel_supervisor(SubSysSup),
+ assert_limit_num_channels_not_exceeded(ChannelSup, Opts),
ssh_channel_sup:start_child(ChannelSup, ChildSpec).
+assert_limit_num_channels_not_exceeded(ChannelSup, Opts) ->
+ MaxNumChannels = proplists:get_value(max_channels, Opts, infinity),
+ NumChannels = length([x || {_,_,worker,[ssh_channel]} <-
+ supervisor:which_children(ChannelSup)]),
+ if
+ %% Note that NumChannels is BEFORE starting a new one
+ NumChannels < MaxNumChannels ->
+ ok;
+ true ->
+ throw(max_num_channels_exceeded)
+ end.
+
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
@@ -998,9 +1011,11 @@ child_spec(Callback, Id, Args, Exec) ->
start_cli(#connection{cli_spec = no_cli}, _) ->
{error, cli_disabled};
-start_cli(#connection{cli_spec = {CbModule, Args}, exec = Exec,
+start_cli(#connection{options = Options,
+ cli_spec = {CbModule, Args},
+ exec = Exec,
sub_system_supervisor = SubSysSup}, ChannelId) ->
- start_channel(CbModule, ChannelId, Args, SubSysSup, Exec).
+ start_channel(CbModule, ChannelId, Args, SubSysSup, Exec, Options).
start_subsytem(BinName, #connection{options = Options,
sub_system_supervisor = SubSysSup},
@@ -1008,7 +1023,7 @@ start_subsytem(BinName, #connection{options = Options,
Name = binary_to_list(BinName),
case check_subsystem(Name, Options) of
{Callback, Opts} when is_atom(Callback), Callback =/= none ->
- start_channel(Callback, ChannelId, Opts, SubSysSup);
+ start_channel(Callback, ChannelId, Opts, SubSysSup, Options);
{Other, _} when Other =/= none ->
{error, legacy_option_not_supported}
end.
diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl
index dc7476f761..f0fdf5c0cc 100644
--- a/lib/ssh/test/ssh_connection_SUITE.erl
+++ b/lib/ssh/test/ssh_connection_SUITE.erl
@@ -48,7 +48,8 @@ all() ->
gracefull_invalid_long_start,
gracefull_invalid_long_start_no_nl,
stop_listener,
- start_subsystem_on_closed_channel
+ start_subsystem_on_closed_channel,
+ max_channels_option
].
groups() ->
[{openssh, [], payload() ++ ptty()}].
@@ -640,6 +641,78 @@ start_subsystem_on_closed_channel(Config) ->
ssh:stop_daemon(Pid).
%%--------------------------------------------------------------------
+max_channels_option() ->
+ [{doc, "Test max_channels option"}].
+
+max_channels_option(Config) when is_list(Config) ->
+ PrivDir = ?config(priv_dir, Config),
+ UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+ file:make_dir(UserDir),
+ SysDir = ?config(data_dir, Config),
+ {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+ {user_dir, UserDir},
+ {password, "morot"},
+ {max_channels, 3},
+ {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]}
+ ]),
+
+ ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+ {user, "foo"},
+ {password, "morot"},
+ {user_interaction, true},
+ {user_dir, UserDir}]),
+
+ {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
+ {ok, ChannelId1} = ssh_connection:session_channel(ConnectionRef, infinity),
+ {ok, ChannelId2} = ssh_connection:session_channel(ConnectionRef, infinity),
+ {ok, ChannelId3} = ssh_connection:session_channel(ConnectionRef, infinity),
+ {ok, ChannelId4} = ssh_connection:session_channel(ConnectionRef, infinity),
+ {ok, ChannelId5} = ssh_connection:session_channel(ConnectionRef, infinity),
+ {ok, _ChannelId6} = ssh_connection:session_channel(ConnectionRef, infinity),
+
+ %%%---- shell
+ ok = ssh_connection:shell(ConnectionRef,ChannelId0),
+ receive
+ {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"Eshell",_/binary>>}} ->
+ ok
+ after 5000 ->
+ ct:fail("CLI Timeout")
+ end,
+
+ %%%---- subsystem "echo_n"
+ success = ssh_connection:subsystem(ConnectionRef, ChannelId1, "echo_n", infinity),
+
+ %%%---- exec #1
+ success = ssh_connection:exec(ConnectionRef, ChannelId2, "testing1.\n", infinity),
+ receive
+ {ssh_cm, ConnectionRef, {data, ChannelId2, 0, <<"testing1",_/binary>>}} ->
+ ok
+ after 5000 ->
+ ct:fail("Exec #1 Timeout")
+ end,
+
+ %%%---- ptty
+ success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId3, []),
+
+ %%%---- exec #2
+ failure = ssh_connection:exec(ConnectionRef, ChannelId4, "testing2.\n", infinity),
+
+ %%%---- close the shell
+ ok = ssh_connection:send(ConnectionRef, ChannelId0, "exit().\n", 5000),
+
+ %%%---- exec #3
+ success = ssh_connection:exec(ConnectionRef, ChannelId5, "testing3.\n", infinity),
+ receive
+ {ssh_cm, ConnectionRef, {data, ChannelId5, 0, <<"testing3",_/binary>>}} ->
+ ok
+ after 5000 ->
+ ct:fail("Exec #3 Timeout")
+ end,
+
+ ssh:close(ConnectionRef),
+ ssh:stop_daemon(Pid).
+
+%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------
big_cat_rx(ConnectionRef, ChannelId) ->