mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Support reconfiguration of key exchange in mid-session. The fiddly
bit is working out when to reschedule the next rekey for when the timeout or data limit changes; sometimes it will be _right now_ because we're already over the new limit. Still to do: the Kex panel should not appear in mid-session if we are using SSHv1. [originally from svn r5031]
This commit is contained in:
parent
81df0d4253
commit
d77102a8d5
8
config.c
8
config.c
@ -1576,9 +1576,11 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
HELPCTX(ssh_ciphers),
|
HELPCTX(ssh_ciphers),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,ssh2_des_cbc)));
|
I(offsetof(Config,ssh2_des_cbc)));
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The Connection/SSH/Kex panel.
|
* The Connection/SSH/Kex panel. (Owing to repeat key
|
||||||
|
* exchange, this is all meaningful in mid-session.)
|
||||||
*/
|
*/
|
||||||
ctrl_settitle(b, "Connection/SSH/Kex",
|
ctrl_settitle(b, "Connection/SSH/Kex",
|
||||||
"Options controlling SSH key exchange");
|
"Options controlling SSH key exchange");
|
||||||
@ -1593,8 +1595,6 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
|
s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
|
||||||
"Options controlling key re-exchange");
|
"Options controlling key re-exchange");
|
||||||
|
|
||||||
/* FIXME: these could usefully be configured mid-session in SSH-2.
|
|
||||||
* (So could cipher/compression/kex, now we have rekey.) */
|
|
||||||
ctrl_editbox(s, "Max minutes before rekey (0 for no limit)", 't', 20,
|
ctrl_editbox(s, "Max minutes before rekey (0 for no limit)", 't', 20,
|
||||||
HELPCTX(ssh_kex_repeat),
|
HELPCTX(ssh_kex_repeat),
|
||||||
dlg_stdeditbox_handler,
|
dlg_stdeditbox_handler,
|
||||||
@ -1608,6 +1608,8 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
ctrl_text(s, "(Use 1M for 1 megabyte, 1G for 1 gigabyte etc)",
|
ctrl_text(s, "(Use 1M for 1 megabyte, 1G for 1 gigabyte etc)",
|
||||||
HELPCTX(ssh_kex_repeat));
|
HELPCTX(ssh_kex_repeat));
|
||||||
|
|
||||||
|
if (!midsession) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The Connection/SSH/Auth panel.
|
* The Connection/SSH/Auth panel.
|
||||||
*/
|
*/
|
||||||
|
34
ssh.c
34
ssh.c
@ -746,7 +746,7 @@ struct ssh_tag {
|
|||||||
unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
|
unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
|
||||||
unsigned long max_data_size;
|
unsigned long max_data_size;
|
||||||
int kex_in_progress;
|
int kex_in_progress;
|
||||||
long next_rekey;
|
long next_rekey, last_rekey;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define logevent(s) logevent(ssh->frontend, s)
|
#define logevent(s) logevent(ssh->frontend, s)
|
||||||
@ -5211,6 +5211,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
|
|||||||
* Key exchange is over. Schedule a timer for our next rekey.
|
* Key exchange is over. Schedule a timer for our next rekey.
|
||||||
*/
|
*/
|
||||||
ssh->kex_in_progress = FALSE;
|
ssh->kex_in_progress = FALSE;
|
||||||
|
ssh->last_rekey = GETTICKCOUNT();
|
||||||
if (ssh->cfg.ssh_rekey_time != 0)
|
if (ssh->cfg.ssh_rekey_time != 0)
|
||||||
ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
|
ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
|
||||||
ssh2_timer, ssh);
|
ssh2_timer, ssh);
|
||||||
@ -7213,7 +7214,7 @@ static void ssh2_timer(void *ctx, long now)
|
|||||||
{
|
{
|
||||||
Ssh ssh = (Ssh)ctx;
|
Ssh ssh = (Ssh)ctx;
|
||||||
|
|
||||||
if (!ssh->kex_in_progress &&
|
if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
|
||||||
now - ssh->next_rekey >= 0) {
|
now - ssh->next_rekey >= 0) {
|
||||||
do_ssh2_transport(ssh, "Initiating key re-exchange (timeout)",
|
do_ssh2_transport(ssh, "Initiating key re-exchange (timeout)",
|
||||||
-1, NULL);
|
-1, NULL);
|
||||||
@ -7459,8 +7460,37 @@ static void ssh_free(void *handle)
|
|||||||
static void ssh_reconfig(void *handle, Config *cfg)
|
static void ssh_reconfig(void *handle, Config *cfg)
|
||||||
{
|
{
|
||||||
Ssh ssh = (Ssh) handle;
|
Ssh ssh = (Ssh) handle;
|
||||||
|
char *rekeying = NULL;
|
||||||
|
unsigned long old_max_data_size;
|
||||||
|
|
||||||
pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
|
pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
|
||||||
ssh_setup_portfwd(ssh, cfg);
|
ssh_setup_portfwd(ssh, cfg);
|
||||||
|
|
||||||
|
if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time &&
|
||||||
|
cfg->ssh_rekey_time != 0) {
|
||||||
|
long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC;
|
||||||
|
long now = GETTICKCOUNT();
|
||||||
|
|
||||||
|
if (new_next - now < 0) {
|
||||||
|
rekeying = "Initiating key re-exchange (timeout shortened)";
|
||||||
|
} else {
|
||||||
|
ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
old_max_data_size = ssh->max_data_size;
|
||||||
|
ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data);
|
||||||
|
if (old_max_data_size != ssh->max_data_size &&
|
||||||
|
ssh->max_data_size != 0) {
|
||||||
|
if (ssh->outgoing_data_size > ssh->max_data_size ||
|
||||||
|
ssh->incoming_data_size > ssh->max_data_size)
|
||||||
|
rekeying = "Initiating key re-exchange (data limit lowered)";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rekeying && !ssh->kex_in_progress) {
|
||||||
|
do_ssh2_transport(ssh, rekeying, -1, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
ssh->cfg = *cfg; /* STRUCTURE COPY */
|
ssh->cfg = *cfg; /* STRUCTURE COPY */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user