diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 43 |
1 files changed, 40 insertions, 3 deletions
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: sshd.c,v 1.123 2000/07/18 01:25:01 djm Exp $"); | 17 | RCSID("$OpenBSD: sshd.c,v 1.125 2000/08/17 20:06:34 markus Exp $"); |
18 | 18 | ||
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
20 | #include "rsa.h" | 20 | #include "rsa.h" |
@@ -139,6 +139,9 @@ unsigned char session_id[16]; | |||
139 | unsigned char *session_id2 = NULL; | 139 | unsigned char *session_id2 = NULL; |
140 | int session_id2_len = 0; | 140 | int session_id2_len = 0; |
141 | 141 | ||
142 | /* record remote hostname or ip */ | ||
143 | unsigned int utmp_len = MAXHOSTNAMELEN; | ||
144 | |||
142 | /* Prototypes for various functions defined later in this file. */ | 145 | /* Prototypes for various functions defined later in this file. */ |
143 | void do_ssh1_kex(); | 146 | void do_ssh1_kex(); |
144 | void do_ssh2_kex(); | 147 | void do_ssh2_kex(); |
@@ -400,6 +403,35 @@ destroy_sensitive_data(void) | |||
400 | key_free(sensitive_data.dsa_host_key); | 403 | key_free(sensitive_data.dsa_host_key); |
401 | } | 404 | } |
402 | 405 | ||
406 | /* | ||
407 | * returns 1 if connection should be dropped, 0 otherwise. | ||
408 | * dropping starts at connection #max_startups_begin with a probability | ||
409 | * of (max_startups_rate/100). the probability increases linearly until | ||
410 | * all connections are dropped for startups > max_startups | ||
411 | */ | ||
412 | int | ||
413 | drop_connection(int startups) | ||
414 | { | ||
415 | double p, r; | ||
416 | |||
417 | if (startups < options.max_startups_begin) | ||
418 | return 0; | ||
419 | if (startups >= options.max_startups) | ||
420 | return 1; | ||
421 | if (options.max_startups_rate == 100) | ||
422 | return 1; | ||
423 | |||
424 | p = 100 - options.max_startups_rate; | ||
425 | p *= startups - options.max_startups_begin; | ||
426 | p /= (double) (options.max_startups - options.max_startups_begin); | ||
427 | p += options.max_startups_rate; | ||
428 | p /= 100.0; | ||
429 | r = arc4random() / (double) UINT_MAX; | ||
430 | |||
431 | debug("drop_connection: p %g, r %g", p, r); | ||
432 | return (r < p) ? 1 : 0; | ||
433 | } | ||
434 | |||
403 | int *startup_pipes = NULL; /* options.max_startup sized array of fd ints */ | 435 | int *startup_pipes = NULL; /* options.max_startup sized array of fd ints */ |
404 | int startup_pipe; /* in child */ | 436 | int startup_pipe; /* in child */ |
405 | 437 | ||
@@ -441,7 +473,7 @@ main(int ac, char **av) | |||
441 | initialize_server_options(&options); | 473 | initialize_server_options(&options); |
442 | 474 | ||
443 | /* Parse command-line arguments. */ | 475 | /* Parse command-line arguments. */ |
444 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:diqQ46")) != EOF) { | 476 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:diqQ46")) != EOF) { |
445 | switch (opt) { | 477 | switch (opt) { |
446 | case '4': | 478 | case '4': |
447 | IPv4or6 = AF_INET; | 479 | IPv4or6 = AF_INET; |
@@ -488,6 +520,9 @@ main(int ac, char **av) | |||
488 | /* only makes sense with inetd_flag, i.e. no listen() */ | 520 | /* only makes sense with inetd_flag, i.e. no listen() */ |
489 | inetd_flag = 1; | 521 | inetd_flag = 1; |
490 | break; | 522 | break; |
523 | case 'u': | ||
524 | utmp_len = atoi(optarg); | ||
525 | break; | ||
491 | case '?': | 526 | case '?': |
492 | default: | 527 | default: |
493 | fprintf(stderr, "sshd version %s\n", SSH_VERSION); | 528 | fprintf(stderr, "sshd version %s\n", SSH_VERSION); |
@@ -503,6 +538,7 @@ main(int ac, char **av) | |||
503 | fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); | 538 | fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); |
504 | fprintf(stderr, " -h file File from which to read host key (default: %s)\n", | 539 | fprintf(stderr, " -h file File from which to read host key (default: %s)\n", |
505 | HOST_KEY_FILE); | 540 | HOST_KEY_FILE); |
541 | fprintf(stderr, " -u len Maximum hostname length for utmp recording\n"); | ||
506 | fprintf(stderr, " -4 Use IPv4 only\n"); | 542 | fprintf(stderr, " -4 Use IPv4 only\n"); |
507 | fprintf(stderr, " -6 Use IPv6 only\n"); | 543 | fprintf(stderr, " -6 Use IPv6 only\n"); |
508 | exit(1); | 544 | exit(1); |
@@ -823,7 +859,8 @@ main(int ac, char **av) | |||
823 | error("newsock del O_NONBLOCK: %s", strerror(errno)); | 859 | error("newsock del O_NONBLOCK: %s", strerror(errno)); |
824 | continue; | 860 | continue; |
825 | } | 861 | } |
826 | if (startups >= options.max_startups) { | 862 | if (drop_connection(startups) == 1) { |
863 | debug("drop connection #%d", startups); | ||
827 | close(newsock); | 864 | close(newsock); |
828 | continue; | 865 | continue; |
829 | } | 866 | } |