diff options
author | Damien Miller <djm@mindrot.org> | 2008-05-19 15:34:50 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-05-19 15:34:50 +1000 |
commit | 7207f64a23a49a719aad3083c068f50e5034ccb8 (patch) | |
tree | 7ce6e49ae0713fad145ea9feb0181ec4d250ed75 /session.h | |
parent | 9417831eced03242e283e30286ac06ca2ce6d83e (diff) | |
download | openssh-git-7207f64a23a49a719aad3083c068f50e5034ccb8.tar.gz |
- djm@cvs.openbsd.org 2008/05/08 12:21:16
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
[sshd_config sshd_config.5]
Make the maximum number of sessions run-time controllable via
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
Diffstat (limited to 'session.h')
-rw-r--r-- | session.h | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -31,6 +31,7 @@ typedef struct Session Session; struct Session { int used; int self; + int next_unused; struct passwd *pw; Authctxt *authctxt; pid_t pid; @@ -65,6 +66,7 @@ void do_authenticated(Authctxt *); void do_cleanup(Authctxt *); int session_open(Authctxt *, int); +void session_unused(int); int session_input_channel_req(Channel *, const char *); void session_close_by_pid(pid_t, int); void session_close_by_channel(int, void *); |