Add options ClientAliveInterval and ClientAliveCountMax to sshd.

This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@

1 files changed, 36 insertions, 1 deletions

diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 0ba7199d47b..006f395885b 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.106 2001/04/11 13:56:13 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.107 2001/04/13 22:46:52 beck Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -1843,6 +1843,41 @@ channel_still_open()
 	return 0;
 }
 
+/* Returns the id of an open channel suitable for keepaliving */
+
+int
+channel_find_open()
+{
+	u_int i;
+	for (i = 0; i < channels_alloc; i++)
+		switch (channels[i].type) {
+		case SSH_CHANNEL_CLOSED:
+			continue;
+		case SSH_CHANNEL_LARVAL:
+		case SSH_CHANNEL_DYNAMIC:
+		case SSH_CHANNEL_AUTH_SOCKET:
+		case SSH_CHANNEL_CONNECTING: 	/* XXX ??? */
+		case SSH_CHANNEL_FREE:
+		case SSH_CHANNEL_X11_LISTENER:
+		case SSH_CHANNEL_PORT_LISTENER:
+		case SSH_CHANNEL_RPORT_LISTENER:
+		case SSH_CHANNEL_OPENING:
+		case SSH_CHANNEL_OPEN:
+		case SSH_CHANNEL_X11_OPEN:
+			return i;
+		case SSH_CHANNEL_INPUT_DRAINING:
+		case SSH_CHANNEL_OUTPUT_DRAINING:
+			if (!compat13)
+				fatal("cannot happen: OUT_DRAIN");
+			return i;
+		default:
+			fatal("channel_find_open: bad channel type %d", channels[i].type);
+			/* NOTREACHED */
+		}
+	return -1;
+}
+
+
 /*
  * Returns a message describing the currently open forwarded connections,
  * suitable for sending to the client.  The message contains crlf pairs for