summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-06-02 07:46:16 +1000
committerDarren Tucker <dtucker@zip.com.au>2013-06-02 07:46:16 +1000
commitb759c9c2efebe7b416ab81093ca8eb17836b6933 (patch)
tree41ad0279844ea8f149ab2c1015fa140061b390ac
parent55119253c64808b0d3b2ab5d2bc67ee9dac3430b (diff)
- dtucker@cvs.openbsd.org 2013/06/01 13:15:52
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--channels.c12
-rw-r--r--clientloop.c14
-rw-r--r--misc.c13
-rw-r--r--misc.h3
-rw-r--r--packet.c10
-rw-r--r--progressmeter.c6
-rw-r--r--sandbox-systrace.c3
-rw-r--r--ssh-agent.c12
9 files changed, 49 insertions, 30 deletions
diff --git a/ChangeLog b/ChangeLog
index 5689f03d4..891db12a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,12 @@
38 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10 38 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
39 [ssh-agent.c] 39 [ssh-agent.c]
40 Use time_t where appropriate. ok djm 40 Use time_t where appropriate. ok djm
41 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
42 [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
43 channels.c sandbox-systrace.c]
44 Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
45 keepalives and rekeying will work properly over clock steps. Suggested by
46 markus@, "looks good" djm@.
41 47
4220130529 4820130529
43 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null 49 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
diff --git a/channels.c b/channels.c
index 6031394cc..d50a4a298 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.321 2013/05/17 00:13:13 djm Exp $ */ 1/* $OpenBSD: channels.c,v 1.322 2013/06/01 13:15:51 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1335,7 +1335,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
1335 errno != ECONNABORTED) 1335 errno != ECONNABORTED)
1336 error("accept: %.100s", strerror(errno)); 1336 error("accept: %.100s", strerror(errno));
1337 if (errno == EMFILE || errno == ENFILE) 1337 if (errno == EMFILE || errno == ENFILE)
1338 c->notbefore = time(NULL) + 1; 1338 c->notbefore = monotime() + 1;
1339 return; 1339 return;
1340 } 1340 }
1341 set_nodelay(newsock); 1341 set_nodelay(newsock);
@@ -1482,7 +1482,7 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
1482 errno != ECONNABORTED) 1482 errno != ECONNABORTED)
1483 error("accept: %.100s", strerror(errno)); 1483 error("accept: %.100s", strerror(errno));
1484 if (errno == EMFILE || errno == ENFILE) 1484 if (errno == EMFILE || errno == ENFILE)
1485 c->notbefore = time(NULL) + 1; 1485 c->notbefore = monotime() + 1;
1486 return; 1486 return;
1487 } 1487 }
1488 set_nodelay(newsock); 1488 set_nodelay(newsock);
@@ -1518,7 +1518,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
1518 error("accept from auth socket: %.100s", 1518 error("accept from auth socket: %.100s",
1519 strerror(errno)); 1519 strerror(errno));
1520 if (errno == EMFILE || errno == ENFILE) 1520 if (errno == EMFILE || errno == ENFILE)
1521 c->notbefore = time(NULL) + 1; 1521 c->notbefore = monotime() + 1;
1522 return; 1522 return;
1523 } 1523 }
1524 nc = channel_new("accepted auth socket", 1524 nc = channel_new("accepted auth socket",
@@ -1922,7 +1922,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset)
1922 &addrlen)) == -1) { 1922 &addrlen)) == -1) {
1923 error("%s accept: %s", __func__, strerror(errno)); 1923 error("%s accept: %s", __func__, strerror(errno));
1924 if (errno == EMFILE || errno == ENFILE) 1924 if (errno == EMFILE || errno == ENFILE)
1925 c->notbefore = time(NULL) + 1; 1925 c->notbefore = monotime() + 1;
1926 return; 1926 return;
1927 } 1927 }
1928 1928
@@ -2085,7 +2085,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset,
2085 channel_handler_init(); 2085 channel_handler_init();
2086 did_init = 1; 2086 did_init = 1;
2087 } 2087 }
2088 now = time(NULL); 2088 now = monotime();
2089 if (unpause_secs != NULL) 2089 if (unpause_secs != NULL)
2090 *unpause_secs = 0; 2090 *unpause_secs = 0;
2091 for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { 2091 for (i = 0, oalloc = channels_alloc; i < oalloc; i++) {
diff --git a/clientloop.c b/clientloop.c
index 22138560b..4b071eb91 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.250 2013/05/17 00:13:13 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.251 2013/06/01 13:15:51 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -273,7 +273,7 @@ set_control_persist_exit_time(void)
273 control_persist_exit_time = 0; 273 control_persist_exit_time = 0;
274 } else if (control_persist_exit_time <= 0) { 274 } else if (control_persist_exit_time <= 0) {
275 /* a client connection has recently closed */ 275 /* a client connection has recently closed */
276 control_persist_exit_time = time(NULL) + 276 control_persist_exit_time = monotime() +
277 (time_t)options.control_persist_timeout; 277 (time_t)options.control_persist_timeout;
278 debug2("%s: schedule exit in %d seconds", __func__, 278 debug2("%s: schedule exit in %d seconds", __func__,
279 options.control_persist_timeout); 279 options.control_persist_timeout);
@@ -356,7 +356,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
356 if (system(cmd) == 0) 356 if (system(cmd) == 0)
357 generated = 1; 357 generated = 1;
358 if (x11_refuse_time == 0) { 358 if (x11_refuse_time == 0) {
359 now = time(NULL) + 1; 359 now = monotime() + 1;
360 if (UINT_MAX - timeout < now) 360 if (UINT_MAX - timeout < now)
361 x11_refuse_time = UINT_MAX; 361 x11_refuse_time = UINT_MAX;
362 else 362 else
@@ -581,7 +581,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
581{ 581{
582 struct timeval tv, *tvp; 582 struct timeval tv, *tvp;
583 int timeout_secs; 583 int timeout_secs;
584 time_t minwait_secs = 0, server_alive_time = 0, now = time(NULL); 584 time_t minwait_secs = 0, server_alive_time = 0, now = monotime();
585 int ret; 585 int ret;
586 586
587 /* Add any selections by the channel mechanism. */ 587 /* Add any selections by the channel mechanism. */
@@ -676,7 +676,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
676 * Timeout. Could have been either keepalive or rekeying. 676 * Timeout. Could have been either keepalive or rekeying.
677 * Keepalive we check here, rekeying is checked in clientloop. 677 * Keepalive we check here, rekeying is checked in clientloop.
678 */ 678 */
679 if (server_alive_time != 0 && server_alive_time <= time(NULL)) 679 if (server_alive_time != 0 && server_alive_time <= monotime())
680 server_alive_check(); 680 server_alive_check();
681 } 681 }
682 682
@@ -1650,7 +1650,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1650 * connections, then quit. 1650 * connections, then quit.
1651 */ 1651 */
1652 if (control_persist_exit_time > 0) { 1652 if (control_persist_exit_time > 0) {
1653 if (time(NULL) >= control_persist_exit_time) { 1653 if (monotime() >= control_persist_exit_time) {
1654 debug("ControlPersist timeout expired"); 1654 debug("ControlPersist timeout expired");
1655 break; 1655 break;
1656 } 1656 }
@@ -1868,7 +1868,7 @@ client_request_x11(const char *request_type, int rchan)
1868 "malicious server."); 1868 "malicious server.");
1869 return NULL; 1869 return NULL;
1870 } 1870 }
1871 if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { 1871 if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
1872 verbose("Rejected X11 connection after ForwardX11Timeout " 1872 verbose("Rejected X11 connection after ForwardX11Timeout "
1873 "expired"); 1873 "expired");
1874 return NULL; 1874 return NULL;
diff --git a/misc.c b/misc.c
index 4aa5fdc8b..cd45e9ecc 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */ 1/* $OpenBSD: misc.c,v 1.90 2013/06/01 13:15:52 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -854,6 +854,17 @@ ms_to_timeval(struct timeval *tv, int ms)
854 tv->tv_usec = (ms % 1000) * 1000; 854 tv->tv_usec = (ms % 1000) * 1000;
855} 855}
856 856
857time_t
858monotime(void)
859{
860 struct timespec ts;
861
862 if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0)
863 fatal("clock_gettime: %s", strerror(errno));
864
865 return (ts.tv_sec);
866}
867
857void 868void
858bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) 869bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
859{ 870{
diff --git a/misc.h b/misc.h
index f3142a95e..fceb30655 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */ 1/* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -35,6 +35,7 @@ char *tohex(const void *, size_t);
35void sanitise_stdfd(void); 35void sanitise_stdfd(void);
36void ms_subtract_diff(struct timeval *, int *); 36void ms_subtract_diff(struct timeval *, int *);
37void ms_to_timeval(struct timeval *, int); 37void ms_to_timeval(struct timeval *, int);
38time_t monotime(void);
38void sock_set_v6only(int); 39void sock_set_v6only(int);
39 40
40struct passwd *pwcopy(struct passwd *); 41struct passwd *pwcopy(struct passwd *);
diff --git a/packet.c b/packet.c
index 84ebd81d5..b25395d4b 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.186 2013/05/17 00:13:13 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.187 2013/06/01 13:15:52 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1015,7 +1015,7 @@ packet_send2(void)
1015 /* after a NEWKEYS message we can send the complete queue */ 1015 /* after a NEWKEYS message we can send the complete queue */
1016 if (type == SSH2_MSG_NEWKEYS) { 1016 if (type == SSH2_MSG_NEWKEYS) {
1017 active_state->rekeying = 0; 1017 active_state->rekeying = 0;
1018 active_state->rekey_time = time(NULL); 1018 active_state->rekey_time = monotime();
1019 while ((p = TAILQ_FIRST(&active_state->outgoing))) { 1019 while ((p = TAILQ_FIRST(&active_state->outgoing))) {
1020 type = p->type; 1020 type = p->type;
1021 debug("dequeue packet: %u", type); 1021 debug("dequeue packet: %u", type);
@@ -1942,7 +1942,7 @@ packet_need_rekeying(void)
1942 (active_state->max_blocks_in && 1942 (active_state->max_blocks_in &&
1943 (active_state->p_read.blocks > active_state->max_blocks_in)) || 1943 (active_state->p_read.blocks > active_state->max_blocks_in)) ||
1944 (active_state->rekey_interval != 0 && active_state->rekey_time + 1944 (active_state->rekey_interval != 0 && active_state->rekey_time +
1945 active_state->rekey_interval <= time(NULL)); 1945 active_state->rekey_interval <= monotime());
1946} 1946}
1947 1947
1948void 1948void
@@ -1956,7 +1956,7 @@ packet_set_rekey_limits(u_int32_t bytes, time_t seconds)
1956 * We set the time here so that in post-auth privsep slave we count 1956 * We set the time here so that in post-auth privsep slave we count
1957 * from the completion of the authentication. 1957 * from the completion of the authentication.
1958 */ 1958 */
1959 active_state->rekey_time = time(NULL); 1959 active_state->rekey_time = monotime();
1960} 1960}
1961 1961
1962time_t 1962time_t
@@ -1965,7 +1965,7 @@ packet_get_rekey_timeout(void)
1965 time_t seconds; 1965 time_t seconds;
1966 1966
1967 seconds = active_state->rekey_time + active_state->rekey_interval - 1967 seconds = active_state->rekey_time + active_state->rekey_interval -
1968 time(NULL); 1968 monotime();
1969 return (seconds <= 0 ? 1 : seconds); 1969 return (seconds <= 0 ? 1 : seconds);
1970} 1970}
1971 1971
diff --git a/progressmeter.c b/progressmeter.c
index 0f95222d2..0e570e41a 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: progressmeter.c,v 1.38 2013/06/01 13:15:52 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2003 Nils Nordman. All rights reserved. 3 * Copyright (c) 2003 Nils Nordman. All rights reserved.
4 * 4 *
@@ -131,7 +131,7 @@ refresh_progress_meter(void)
131 131
132 transferred = *counter - cur_pos; 132 transferred = *counter - cur_pos;
133 cur_pos = *counter; 133 cur_pos = *counter;
134 now = time(NULL); 134 now = monotime();
135 bytes_left = end_pos - cur_pos; 135 bytes_left = end_pos - cur_pos;
136 136
137 if (bytes_left > 0) 137 if (bytes_left > 0)
@@ -249,7 +249,7 @@ update_progress_meter(int ignore)
249void 249void
250start_progress_meter(char *f, off_t filesize, off_t *ctr) 250start_progress_meter(char *f, off_t filesize, off_t *ctr)
251{ 251{
252 start = last_update = time(NULL); 252 start = last_update = monotime();
253 file = f; 253 file = f;
254 end_pos = filesize; 254 end_pos = filesize;
255 cur_pos = 0; 255 cur_pos = 0;
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 2d16a627f..cc0db46c4 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */ 1/* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -57,6 +57,7 @@ static const struct sandbox_policy preauth_policy[] = {
57 { SYS_exit, SYSTR_POLICY_PERMIT }, 57 { SYS_exit, SYSTR_POLICY_PERMIT },
58 { SYS_getpid, SYSTR_POLICY_PERMIT }, 58 { SYS_getpid, SYSTR_POLICY_PERMIT },
59 { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, 59 { SYS_gettimeofday, SYSTR_POLICY_PERMIT },
60 { SYS_clock_gettime, SYSTR_POLICY_PERMIT },
60 { SYS_madvise, SYSTR_POLICY_PERMIT }, 61 { SYS_madvise, SYSTR_POLICY_PERMIT },
61 { SYS_mmap, SYSTR_POLICY_PERMIT }, 62 { SYS_mmap, SYSTR_POLICY_PERMIT },
62 { SYS_mprotect, SYSTR_POLICY_PERMIT }, 63 { SYS_mprotect, SYSTR_POLICY_PERMIT },
diff --git a/ssh-agent.c b/ssh-agent.c
index 0fd9e0bb7..f5e5873ad 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.174 2013/05/31 12:28:10 dtucker Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.175 2013/06/01 13:15:52 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -431,7 +431,7 @@ process_remove_all_identities(SocketEntry *e, int version)
431static time_t 431static time_t
432reaper(void) 432reaper(void)
433{ 433{
434 time_t deadline = 0, now = time(NULL); 434 time_t deadline = 0, now = monotime();
435 Identity *id, *nxt; 435 Identity *id, *nxt;
436 int version; 436 int version;
437 Idtab *tab; 437 Idtab *tab;
@@ -618,7 +618,7 @@ process_add_identity(SocketEntry *e, int version)
618 while (buffer_len(&e->request)) { 618 while (buffer_len(&e->request)) {
619 switch ((type = buffer_get_char(&e->request))) { 619 switch ((type = buffer_get_char(&e->request))) {
620 case SSH_AGENT_CONSTRAIN_LIFETIME: 620 case SSH_AGENT_CONSTRAIN_LIFETIME:
621 death = time(NULL) + buffer_get_int(&e->request); 621 death = monotime() + buffer_get_int(&e->request);
622 break; 622 break;
623 case SSH_AGENT_CONSTRAIN_CONFIRM: 623 case SSH_AGENT_CONSTRAIN_CONFIRM:
624 confirm = 1; 624 confirm = 1;
@@ -633,7 +633,7 @@ process_add_identity(SocketEntry *e, int version)
633 } 633 }
634 success = 1; 634 success = 1;
635 if (lifetime && !death) 635 if (lifetime && !death)
636 death = time(NULL) + lifetime; 636 death = monotime() + lifetime;
637 if ((id = lookup_identity(k, version)) == NULL) { 637 if ((id = lookup_identity(k, version)) == NULL) {
638 id = xcalloc(1, sizeof(Identity)); 638 id = xcalloc(1, sizeof(Identity));
639 id->key = k; 639 id->key = k;
@@ -712,7 +712,7 @@ process_add_smartcard_key(SocketEntry *e)
712 while (buffer_len(&e->request)) { 712 while (buffer_len(&e->request)) {
713 switch ((type = buffer_get_char(&e->request))) { 713 switch ((type = buffer_get_char(&e->request))) {
714 case SSH_AGENT_CONSTRAIN_LIFETIME: 714 case SSH_AGENT_CONSTRAIN_LIFETIME:
715 death = time(NULL) + buffer_get_int(&e->request); 715 death = monotime() + buffer_get_int(&e->request);
716 break; 716 break;
717 case SSH_AGENT_CONSTRAIN_CONFIRM: 717 case SSH_AGENT_CONSTRAIN_CONFIRM:
718 confirm = 1; 718 confirm = 1;
@@ -724,7 +724,7 @@ process_add_smartcard_key(SocketEntry *e)
724 } 724 }
725 } 725 }
726 if (lifetime && !death) 726 if (lifetime && !death)
727 death = time(NULL) + lifetime; 727 death = monotime() + lifetime;
728 728
729 count = pkcs11_add_provider(provider, pin, &keys); 729 count = pkcs11_add_provider(provider, pin, &keys);
730 for (i = 0; i < count; i++) { 730 for (i = 0; i < count; i++) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 23:37:07 +0000