| blob | 5bca2fcd0594b4171c0161383e45fbb98d96bf2f |
1 /*
2 * Support for SSH connection sharing, i.e. permitting one PuTTY to
3 * open its own channels over the SSH session being run by another.
4 */
6 /*
7 * Discussion and technical documentation
8 * ======================================
9 *
10 * The basic strategy for PuTTY's implementation of SSH connection
11 * sharing is to have a single 'upstream' PuTTY process, which manages
12 * the real SSH connection and all the cryptography, and then zero or
13 * more 'downstream' PuTTYs, which never talk to the real host but
14 * only talk to the upstream through local IPC (Unix-domain sockets or
15 * Windows named pipes).
16 *
17 * The downstreams communicate with the upstream using a protocol
18 * derived from SSH itself, which I'll document in detail below. In
19 * brief, though: the downstream->upstream protocol uses a trivial
20 * binary packet protocol (just length/type/data) to encapsulate
21 * unencrypted SSH messages, and downstreams talk to the upstream more
22 * or less as if it was an SSH server itself. (So downstreams can
23 * themselves open multiple SSH channels, for example, by sending
24 * multiple SSH2_MSG_CHANNEL_OPENs; they can send CHANNEL_REQUESTs of
25 * their choice within each channel, and they handle their own
26 * WINDOW_ADJUST messages.)
27 *
28 * The upstream would ideally handle these downstreams by just putting
29 * their messages into the queue for proper SSH-2 encapsulation and
30 * encryption and sending them straight on to the server. However,
31 * that's not quite feasible as written, because client-side channel
32 * IDs could easily conflict (between multiple downstreams, or between
33 * a downstream and the upstream). To protect against that, the
34 * upstream rewrites the client-side channel IDs in messages it passes
35 * on to the server, so that it's performing what you might describe
36 * as 'channel-number NAT'. Then the upstream remembers which of its
37 * own channel IDs are channels it's managing itself, and which are
38 * placeholders associated with a particular downstream, so that when
39 * replies come in from the server they can be sent on to the relevant
40 * downstream (after un-NATting the channel number, of course).
41 *
42 * Global requests from downstreams are only accepted if the upstream
43 * knows what to do about them; currently the only such requests are
44 * the ones having to do with remote-to-local port forwarding (in
45 * which, again, the upstream remembers that some of the forwardings
46 * it's asked the server to set up were on behalf of particular
47 * downstreams, and sends the incoming CHANNEL_OPENs to those
48 * downstreams when connections come in).
49 *
50 * Other fiddly pieces of this mechanism are X forwarding and
51 * (OpenSSH-style) agent forwarding. Both of these have a fundamental
52 * problem arising from the protocol design: that the CHANNEL_OPEN
53 * from the server introducing a forwarded connection does not carry
54 * any indication of which session channel gave rise to it; so if
55 * session channels from multiple downstreams enable those forwarding
56 * methods, it's hard for the upstream to know which downstream to
57 * send the resulting connections back to.
58 *
59 * For X forwarding, we can work around this in a really painful way
60 * by using the fake X11 authorisation data sent to the server as part
61 * of the forwarding setup: upstream ensures that every X forwarding
62 * request carries distinguishable fake auth data, and then when X
63 * connections come in it waits to see the auth data in the X11 setup
64 * message before it decides which downstream to pass the connection
65 * on to.
66 *
67 * For agent forwarding, that workaround is unavailable. As a result,
68 * this system (and, as far as I can think of, any other system too)
69 * has the fundamental constraint that it can only forward one SSH
70 * agent - it can't forward two agents to different session channels.
71 * So downstreams can request agent forwarding if they like, but if
72 * they do, they'll get whatever SSH agent is known to the upstream
73 * (if any) forwarded to their sessions.
74 *
75 * Downstream-to-upstream protocol
76 * -------------------------------
77 *
78 * Here I document in detail the protocol spoken between PuTTY
79 * downstreams and upstreams over local IPC. The IPC mechanism can
80 * vary between host platforms, but the protocol is the same.
81 *
82 * The protocol commences with a version exchange which is exactly
83 * like the SSH-2 one, in that each side sends a single line of text
84 * of the form
85 *
86 * <protocol>-<version>-<softwareversion> [comments] \r\n
87 *
88 * The only difference is that in real SSH-2, <protocol> is the string
89 * "SSH", whereas in this protocol the string is
90 * "SSHCONNECTION@putty.projects.tartarus.org".
91 *
92 * (The SSH RFCs allow many protocol-level identifier namespaces to be
93 * extended by implementors without central standardisation as long as
94 * they suffix "@" and a domain name they control to their new ids.
95 * RFC 4253 does not define this particular name to be changeable at
96 * all, but I like to think this is obviously how it would have done
97 * so if the working group had foreseen the need :-)
98 *
99 * Thereafter, all data exchanged consists of a sequence of binary
100 * packets concatenated end-to-end, each of which is of the form
101 *
102 * uint32 length of packet, N
103 * byte[N] N bytes of packet data
104 *
105 * and, since these are SSH-2 messages, the first data byte is taken
106 * to be the packet type code.
107 *
108 * These messages are interpreted as those of an SSH connection, after
109 * userauth completes, and without any repeat key exchange.
110 * Specifically, any message from the SSH Connection Protocol is
111 * permitted, and also SSH_MSG_IGNORE, SSH_MSG_DEBUG,
112 * SSH_MSG_DISCONNECT and SSH_MSG_UNIMPLEMENTED from the SSH Transport
113 * Protocol.
114 *
115 * This protocol imposes a few additional requirements, over and above
116 * those of the standard SSH Connection Protocol:
117 *
118 * Message sizes are not permitted to exceed 0x4010 (16400) bytes,
119 * including their length header.
120 *
121 * When the server (i.e. really the PuTTY upstream) sends
122 * SSH_MSG_CHANNEL_OPEN with channel type "x11", and the client
123 * (downstream) responds with SSH_MSG_CHANNEL_OPEN_CONFIRMATION, that
124 * confirmation message MUST include an initial window size of at
125 * least 256. (Rationale: this is a bit of a fudge which makes it
126 * easier, by eliminating the possibility of nasty edge cases, for an
127 * upstream to arrange not to pass the CHANNEL_OPEN on to downstream
128 * until after it's seen the X11 auth data to decide which downstream
129 * it needs to go to.)
130 */
132 #include <stdio.h>
133 #include <stdlib.h>
134 #include <assert.h>
135 #include <limits.h>
143 /* the above variable absolutely *must* be the first in this structure */
151 };
157 /* the above variable absolutely *must* be the first in this structure */
171 /*
172 * Assorted state we have to remember about this downstream, so
173 * that we can clean it up appropriately when the downstream goes
174 * away.
175 */
177 /* Channels which don't have a downstream id, i.e. we've passed a
178 * CHANNEL_OPEN down from the server but not had an
179 * OPEN_CONFIRMATION or OPEN_FAILURE back. If downstream goes
180 * away, we respond to all of these with OPEN_FAILURE. */
183 /* Channels which do have a downstream id. We need to index these
184 * by both server id and upstream id, so we can find a channel
185 * when handling either an upward or a downward message referring
186 * to it. */
190 /* Another class of channel which doesn't have a downstream id.
191 * The difference between these and halfchannels is that xchannels
192 * do have an *upstream* id, because upstream has already accepted
193 * the channel request from the server. This arises in the case of
194 * X forwarding, where we have to accept the request and read the
195 * X authorisation data before we know whether the channel needs
196 * to be forwarded to a downstream. */
200 /* Remote port forwarding requests in force. */
203 /* Global requests we've sent on to the server, pending replies. */
205 };
209 };
211 /* States of a share_channel. */
213 OPEN,
214 SENT_CLOSE,
215 RCVD_CLOSE,
216 /* Downstream has sent CHANNEL_OPEN but server hasn't replied yet.
217 * If downstream goes away when a channel is in this state, we
218 * must wait for the server's response before starting to send
219 * CLOSE. Channels in this state are also not held in
220 * channels_by_server, because their server_id field is
221 * meaningless. */
222 UNACKNOWLEDGED
223 };
229 /*
230 * Some channels (specifically, channels on which downstream has
231 * sent "x11-req") have the additional function of storing a set
232 * of downstream X authorisation data and a handle to an upstream
233 * fake set.
234 */
240 };
246 };
253 };
258 /*
259 * xchannels come in two flavours: live and dead. Live ones are
260 * waiting for an OPEN_CONFIRMATION or OPEN_FAILURE from
261 * downstream; dead ones have had an OPEN_FAILURE, so they only
262 * exist as a means of letting us conveniently respond to further
263 * channel messages from the server until such time as the server
264 * sends us CHANNEL_CLOSE.
265 */
268 /*
269 * When we receive OPEN_CONFIRMATION, we will need to send a
270 * WINDOW_ADJUST to the server to synchronise the windows. For
271 * this purpose we need to know what window we have so far offered
272 * the server. We record this as exactly the value in the
273 * OPEN_CONFIRMATION that upstream sent us, adjusted by the amount
274 * by which the two X greetings differed in length.
275 */
278 /*
279 * Linked list of SSH messages from the server relating to this
280 * channel, which we queue up until downstream sends us an
281 * OPEN_CONFIRMATION and we can belatedly send them all on.
282 */
284 };
287 GLOBREQ_TCPIP_FORWARD,
288 GLOBREQ_CANCEL_TCPIP_FORWARD
289 };
296 };
299 {
309 else
311 }
313 static unsigned share_find_unused_id
315 {
320 /*
321 * Find the lowest unused downstream ID greater or equal to
322 * 'first'.
323 *
324 * Begin by seeing if 'first' itself is available. If it is, we'll
325 * just return it; if it's already in the tree, we'll find the
326 * tree index where it appears and use that for the next stage.
327 */
328 {
335 }
337 /*
338 * Now binary-search using the counted B-tree, to find the largest
339 * ID which is in a contiguous sequence from the beginning of that
340 * range.
341 */
349 else
351 }
353 /*
354 * Now low is the tree index of the largest ID in the initial
355 * sequence. So the return value is one more than low's id, and we
356 * know low's id is given by the formula in the binary search loop
357 * above.
358 *
359 * (If an SSH connection went on for _enormously_ long, we might
360 * reach a point where all ids from 'first' to UINT_MAX were in
361 * use. In that situation the formula below would wrap round by
362 * one and return zero, which is conveniently the right way to
363 * signal 'no id available' from this function.)
364 */
366 {
370 }
372 }
375 {
383 else
385 }
388 {
396 else
398 }
401 {
409 else
411 }
414 {
422 else
424 }
427 {
435 else
437 }
440 {
451 else
453 }
456 {
461 }
463 }
466 {
477 /* All channels live in 'channels_by_us' but only some in
478 * 'channels_by_server', so we use the former to find the list of
479 * ones to free */
486 /* But every xchannel is in both trees, so it doesn't matter which
487 * we use to free them. */
503 }
506 }
509 {
518 }
523 }
527 }
531 {
535 /* Duplicate?! */
540 }
541 }
545 {
549 }
553 {
556 }
561 {
576 }
582 }
583 }
585 }
590 {
595 }
599 {
603 }
607 {
611 }
615 {
623 }
628 {
637 }
642 }
644 }
648 {
652 }
656 {
660 }
664 {
668 }
673 {
679 /* Duplicate?! */
682 }
684 }
688 {
695 }
699 {
702 }
707 {
712 /*
713 * Special case which we take care of at a low level, so as to
714 * be sure to apply it in all cases. On rare occasions we
715 * might find that we have a channel for which the
716 * downstream's maximum packet size exceeds the max packet
717 * size we presented to the server on its behalf. (This can
718 * occur in X11 forwarding, where we have to send _our_
719 * CHANNEL_OPEN_CONFIRMATION before we discover which if any
720 * downstream the channel is destined for, so if that
721 * downstream turns out to present a smaller max packet size
722 * then we're in this situation.)
723 *
724 * If that happens, we just chop up the packet into pieces and
725 * send them as separate CHANNEL_DATA packets.
726 */
749 /*
750 * Just do the obvious thing.
751 */
758 }
759 }
762 {
768 /*
769 * Any half-open channels, i.e. those for which we'd received
770 * CHANNEL_OPEN from the server but not passed back a response
771 * from downstream, should be responded to with OPEN_FAILURE.
772 */
787 SSH2_MSG_CHANNEL_OPEN_FAILURE,
792 }
794 /*
795 * Any actually open channels should have a CHANNEL_CLOSE sent for
796 * them, unless we've already done so. We won't be able to
797 * actually clean them up until CHANNEL_CLOSE comes back from the
798 * server, though (unless the server happens to have sent a CLOSE
799 * already).
800 *
801 * Another annoying exception is UNACKNOWLEDGED channels, i.e.
802 * we've _sent_ a CHANNEL_OPEN to the server but not received an
803 * OPEN_CONFIRMATION or OPEN_FAILURE. We must wait for a reply
804 * before closing the channel, because until we see that reply we
805 * won't have the server's channel id to put in the close message.
806 */
815 SSH2_MSG_CHANNEL_CLOSE,
821 /* In this case, we _can_ clear up the channel now. */
825 }
826 }
827 }
829 /*
830 * Any remote port forwardings we're managing on behalf of this
831 * downstream should be cancelled. Again, we must defer those for
832 * which we haven't yet seen REQUEST_SUCCESS/FAILURE.
833 *
834 * We take a fire-and-forget approach during cleanup, not
835 * bothering to set want_reply.
836 */
857 SSH2_MSG_GLOBAL_REQUEST,
864 }
865 }
870 /*
871 * Now we're _really_ done, so we can get rid of cs completely.
872 */
876 }
877 }
880 {
886 }
890 {
908 }
912 {
918 }
922 {
938 }
941 {
945 else
947 }
950 {
954 else
956 }
958 /*
959 * Append a message to the end of an xchannel's queue, with the length
960 * and type code filled in and the data block allocated but
961 * uninitialised.
962 */
965 {
969 /*
970 * Be a little tricksy here by allocating a single memory block
971 * containing both the 'struct share_xchannel_message' and the
972 * actual data. Simplifies freeing it later.
973 */
980 /*
981 * Queue it in the xchannel.
982 */
985 else
991 }
995 {
996 /*
997 * Handle queued incoming messages from the server destined for an
998 * xchannel which is dead (i.e. downstream sent OPEN_FAILURE).
999 */
1006 /*
1007 * A CHANNEL_REQUEST is responded to by sending
1008 * CHANNEL_FAILURE, if it has want_reply set.
1009 */
1015 ssh_send_packet_from_downstream
1018 }
1020 /*
1021 * On CHANNEL_CLOSE we can discard the channel completely.
1022 */
1024 }
1027 }
1032 }
1033 }
1039 {
1042 /*
1043 * Send all the queued messages downstream.
1044 */
1055 }
1057 /*
1058 * Send a WINDOW_ADJUST back upstream, to synchronise the window
1059 * size downstream thinks it's presented with the one we've
1060 * actually presented.
1061 */
1065 SSH2_MSG_CHANNEL_WINDOW_ADJUST,
1068 }
1072 {
1073 /*
1074 * If downstream refuses to open our X channel at all for some
1075 * reason, we must respond by sending an emergency CLOSE upstream.
1076 */
1079 ssh_send_packet_from_downstream
1083 /*
1084 * Now mark the xchannel as dead, and respond to anything sent on
1085 * it until we see CLOSE for it in turn.
1086 */
1089 }
1098 {
1108 /*
1109 * Create an xchannel containing data we've already received from
1110 * the X client, and preload it with a CHANNEL_DATA message
1111 * containing our own made-up authorisation greeting and any
1112 * additional data sent from the server so far.
1113 */
1121 /* leave the channel id field unfilled - we don't know the
1122 * downstream id yet, of course */
1130 /*
1131 * Send on a CHANNEL_OPEN to downstream.
1132 */
1146 /*
1147 * If this was a once-only X forwarding, clean it up now.
1148 */
1157 }
1158 }
1162 {
1179 }
1183 }
1184 }
1187 }
1194 /* Retry cleaning up this connection, in case that reply
1195 * was the last thing we were waiting for. */
1197 }
1220 /*
1221 * All these messages have the recipient channel id as the
1222 * first uint32 field in the packet. Substitute the downstream
1223 * channel id for our one and pass the packet downstream.
1224 */
1228 /*
1229 * The normal case: this id refers to an open channel.
1230 */
1234 /*
1235 * Update the channel state, for messages that need it.
1236 */
1240 OPEN);
1242 /* Retry cleaning up this connection, so that we
1243 * can send an immediate CLOSE on this channel for
1244 * which we now know the server id. */
1246 }
1247 }
1257 /* Retry cleaning up this connection, in case this
1258 * channel closure was the last thing we were
1259 * waiting for. */
1261 }
1264 }
1265 }
1268 /*
1269 * The unusual case: this id refers to an xchannel. Add it
1270 * to the xchannel's queue.
1271 */
1277 /* If the xchannel is dead, then also respond to it (which
1278 * may involve deleting the channel). */
1281 }
1287 }
1288 }
1293 {
1306 /*
1307 * This message stops here: if downstream is disconnecting
1308 * from us, that doesn't mean we want to disconnect from the
1309 * SSH server. Close the downstream connection and start
1310 * cleanup.
1311 */
1316 /*
1317 * The only global requests we understand are "tcpip-forward"
1318 * and "cancel-tcpip-forward". Since those require us to
1319 * maintain state, we must assume that other global requests
1320 * will probably require that too, and so we don't forward on
1321 * any request we don't understand.
1322 */
1327 }
1335 /*
1336 * Pick the packet apart to find the want_reply field and
1337 * the host/port we're going to ask to listen on.
1338 */
1343 }
1351 }
1357 /*
1358 * See if we can allocate space in ssh.c's tree of remote
1359 * port forwardings. If we can't, it's because another
1360 * client sharing this connection has already allocated
1361 * the identical port forwarding, so we take it on
1362 * ourselves to manufacture a failure packet and send it
1363 * back to downstream.
1364 */
1370 }
1372 /*
1373 * We've managed to make space for this forwarding
1374 * locally. Pass the request on to the SSH server, but
1375 * set want_reply even if it wasn't originally set, so
1376 * that we know whether this forwarding needs to be
1377 * cleaned up if downstream goes away.
1378 */
1381 ssh_send_packet_from_downstream
1392 else
1397 }
1398 }
1408 /*
1409 * Pick the packet apart to find the want_reply field and
1410 * the host/port we're going to ask to listen on.
1411 */
1416 }
1424 }
1430 /*
1431 * Look up the existing forwarding with these details.
1432 */
1438 }
1440 /*
1441 * Pass the cancel request on to the SSH server, but
1442 * set want_reply even if it wasn't originally set, so
1443 * that _we_ know whether the forwarding has been
1444 * deleted even if downstream doesn't want to know.
1445 */
1448 ssh_send_packet_from_downstream
1452 }
1456 /*
1457 * Request we don't understand. Manufacture a failure
1458 * message if an answer was required.
1459 */
1468 }
1472 }
1476 /* Sender channel id comes after the channel type string */
1481 }
1496 }
1502 /* This server id may refer to either a halfchannel or an xchannel. */
1510 err = dupprintf("CHANNEL_OPEN_CONFIRMATION packet cited unknown channel %u", (unsigned)server_id);
1512 }
1526 err = dupprintf("Initial window size for x11 channel must be at least 256 (got %u)", downstream_window);
1528 }
1531 }
1539 }
1542 /* This server id may refer to either a halfchannel or an xchannel. */
1553 }
1569 /*
1570 * Agent forwarding requests from downstream are treated
1571 * specially. Because OpenSSHD doesn't let us enable agent
1572 * forwarding independently per session channel, and in
1573 * particular because the OpenSSH-defined agent forwarding
1574 * protocol does not mark agent-channel requests with the
1575 * id of the session channel they originate from, the only
1576 * way we can implement agent forwarding in a
1577 * connection-shared PuTTY is to forward the _upstream_
1578 * agent. Hence, we unilaterally deny agent forwarding
1579 * requests from downstreams if we aren't prepared to
1580 * forward an agent ourselves.
1581 *
1582 * (If we are, then we dutifully pass agent forwarding
1583 * requests upstream. OpenSSHD has the curious behaviour
1584 * that all but the first such request will be rejected,
1585 * but all session channels opened after the first request
1586 * get agent forwarding enabled whether they ask for it or
1587 * not; but that's not our concern, since other SSH
1588 * servers supporting the same piece of protocol might in
1589 * principle at least manage to enable agent forwarding on
1590 * precisely the channels that requested it, even if the
1591 * subsequent CHANNEL_OPENs still can't be associated with
1592 * a parent session channel.)
1593 */
1612 }
1614 }
1616 /*
1617 * Another thing we treat specially is X11 forwarding
1618 * requests. For these, we have to make up another set of
1619 * X11 auth data, and enter it into our SSH connection's
1620 * list of possible X11 authorisation credentials so that
1621 * when we see an X11 channel open request we can know
1622 * whether it's one to handle locally or one to pass on to
1623 * a downstream, and if the latter, which one.
1624 */
1641 }
1643 /*
1644 * Pick apart the whole message to find the downstream
1645 * auth details.
1646 */
1647 /* we have already seen: 4 bytes channel id, 4+7 request name */
1651 }
1665 }
1669 /* Reject due to not understanding downstream's
1670 * requested authorisation method. */
1677 }
1688 /*
1689 * Now construct a replacement X forwarding request,
1690 * containing our own auth data, and send that to the
1691 * server.
1692 */
1706 datalen);
1709 SSH2_MSG_CHANNEL_REQUEST,
1714 }
1717 }
1731 }
1732 }
1733 }
1740 /*
1741 * Any other packet type is unexpected. In particular, we
1742 * never pass GLOBAL_REQUESTs downstream, so we never expect
1743 * to see SSH2_MSG_REQUEST_{SUCCESS,FAILURE}.
1744 */
1745 confused:
1750 }
1751 }
1753 /*
1754 * Coroutine macros similar to, but simplified from, those in ssh.c.
1755 */
1756 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
1757 #define crFinish(z) } *crLine = 0; return (z); }
1758 #define crGetChar(c) do \
1759 { \
1760 while (len == 0) { \
1761 *crLine =__LINE__; return 1; case __LINE__:; \
1762 } \
1763 len--; \
1764 (c) = (unsigned char)*data++; \
1765 } while (0)
1768 {
1776 /*
1777 * First read the version string from downstream.
1778 */
1789 }
1791 }
1793 /*
1794 * Now parse the version string to make sure it's at least vaguely
1795 * sensible, and log it.
1796 */
1804 }
1811 /*
1812 * Loop round reading packets.
1813 */
1819 }
1828 }
1832 }
1836 }
1838 dead:;
1840 }
1843 {
1844 /* struct ssh_sharing_connstate *cs = (struct ssh_sharing_connstate *)plug; */
1846 /*
1847 * We do nothing here, because we expect that there won't be a
1848 * need to throttle and unthrottle the connection to a downstream.
1849 * It should automatically throttle itself: if the SSH server
1850 * sends huge amounts of data on all channels then it'll run out
1851 * of window until our downstream sends it back some
1852 * WINDOW_ADJUSTs.
1853 */
1854 }
1858 {
1866 }
1869 {
1876 }
1879 {
1882 }
1885 {
1886 /*
1887 * Indication from ssh.c that we are now ready to begin serving
1888 * any downstreams that have already connected to us.
1889 */
1894 /*
1895 * Trim the server's version string down to just the software
1896 * version component, removing "SSH-2.0-" or whatever at the
1897 * front.
1898 */
1902 server_verstring++;
1903 }
1911 }
1912 }
1916 {
1919 share_closing,
1920 share_receive,
1921 share_sent,
1922 NULL /* no accepting function, because we've already done it */
1923 };
1928 /*
1929 * A new downstream has connected to us.
1930 */
1939 }
1948 }
1972 }
1974 /* Per-application overrides for what roles we can take (e.g. pscp
1975 * will never be an upstream) */
1979 /*
1980 * Init function for connection sharing. We either open a listening
1981 * socket and become an upstream, or connect to an existing one and
1982 * become a downstream, or do neither. We are responsible for deciding
1983 * which of these to do (including checking the Conf to see if
1984 * connection sharing is even enabled in the first place). If we
1985 * become a downstream, we return the Socket with which we connected
1986 * to the upstream; otherwise (whether or not we have established an
1987 * upstream) we return NULL.
1988 */
1991 {
1994 share_listen_closing,
1997 share_listen_accepting
1998 };
2003 Socket sock;
2015 /*
2016 * Decide on the string used to identify the connection point
2017 * between upstream and downstream (be it a Windows named pipe or
2018 * a Unix-domain socket or whatever else).
2019 *
2020 * I wondered about making this a SHA hash of all sorts of pieces
2021 * of the PuTTY configuration - essentially everything PuTTY uses
2022 * to know where and how to make a connection, including all the
2023 * proxy details (or rather, all the _relevant_ ones - only
2024 * including settings that other settings didn't prevent from
2025 * having any effect), plus the username. However, I think it's
2026 * better to keep it really simple: the connection point
2027 * identifier is derived from the hostname and port used to index
2028 * the host-key cache (not necessarily where we _physically_
2029 * connected to, in cases involving proxies or CONF_loghost), plus
2030 * the username if one is specified.
2031 */
2032 {
2038 else
2043 else
2045 }
2049 /*
2050 * The platform-specific code may transform this further in
2051 * order to conform to local namespace conventions (e.g. not
2052 * using slashes in filenames), but that's its job and not
2053 * ours.
2054 */
2055 }
2057 /*
2058 * Create a data structure for the listening plug if we turn out
2059 * to be an upstream.
2060 */
2065 /*
2066 * Now hand off to a per-platform routine that either connects to
2067 * an existing upstream (using 'ssh' as the plug), establishes our
2068 * own upstream (using 'sharestate' as the plug), or forks off a
2069 * separate upstream and then connects to that. It will return a
2070 * code telling us which kind of socket it put in 'sock'.
2071 */
2083 /*
2084 * We aren't sharing our connection at all (e.g. something
2085 * went wrong setting the socket up). Free the upstream
2086 * structure and return NULL.
2087 */
2095 /*
2096 * We are downstream, so free sharestate which it turns out we
2097 * don't need after all, and return the downstream socket as a
2098 * replacement for an ordinary SSH connection.
2099 */
2106 /*
2107 * We are upstream. Set up sharestate properly and pass a copy
2108 * to the caller; return NULL, to tell ssh.c that it has to
2109 * make an ordinary connection after all.
2110 */
2119 }
2122 }