| blob | dac0824c9cbae20ea59a2bf8ae78f2b178415085 |
1 /*
2 * Support for SSH connection sharing, i.e. permitting one PuTTY to
3 * open its own channels over the SSH session being run by another.
4 */
6 /*
7 * Discussion and technical documentation
8 * ======================================
9 *
10 * The basic strategy for PuTTY's implementation of SSH connection
11 * sharing is to have a single 'upstream' PuTTY process, which manages
12 * the real SSH connection and all the cryptography, and then zero or
13 * more 'downstream' PuTTYs, which never talk to the real host but
14 * only talk to the upstream through local IPC (Unix-domain sockets or
15 * Windows named pipes).
16 *
17 * The downstreams communicate with the upstream using a protocol
18 * derived from SSH itself, which I'll document in detail below. In
19 * brief, though: the downstream->upstream protocol uses a trivial
20 * binary packet protocol (just length/type/data) to encapsulate
21 * unencrypted SSH messages, and downstreams talk to the upstream more
22 * or less as if it was an SSH server itself. (So downstreams can
23 * themselves open multiple SSH channels, for example, by sending
24 * multiple SSH2_MSG_CHANNEL_OPENs; they can send CHANNEL_REQUESTs of
25 * their choice within each channel, and they handle their own
26 * WINDOW_ADJUST messages.)
27 *
28 * The upstream would ideally handle these downstreams by just putting
29 * their messages into the queue for proper SSH-2 encapsulation and
30 * encryption and sending them straight on to the server. However,
31 * that's not quite feasible as written, because client-side channel
32 * IDs could easily conflict (between multiple downstreams, or between
33 * a downstream and the upstream). To protect against that, the
34 * upstream rewrites the client-side channel IDs in messages it passes
35 * on to the server, so that it's performing what you might describe
36 * as 'channel-number NAT'. Then the upstream remembers which of its
37 * own channel IDs are channels it's managing itself, and which are
38 * placeholders associated with a particular downstream, so that when
39 * replies come in from the server they can be sent on to the relevant
40 * downstream (after un-NATting the channel number, of course).
41 *
42 * Global requests from downstreams are only accepted if the upstream
43 * knows what to do about them; currently the only such requests are
44 * the ones having to do with remote-to-local port forwarding (in
45 * which, again, the upstream remembers that some of the forwardings
46 * it's asked the server to set up were on behalf of particular
47 * downstreams, and sends the incoming CHANNEL_OPENs to those
48 * downstreams when connections come in).
49 *
50 * Other fiddly pieces of this mechanism are X forwarding and
51 * (OpenSSH-style) agent forwarding. Both of these have a fundamental
52 * problem arising from the protocol design: that the CHANNEL_OPEN
53 * from the server introducing a forwarded connection does not carry
54 * any indication of which session channel gave rise to it; so if
55 * session channels from multiple downstreams enable those forwarding
56 * methods, it's hard for the upstream to know which downstream to
57 * send the resulting connections back to.
58 *
59 * For X forwarding, we can work around this in a really painful way
60 * by using the fake X11 authorisation data sent to the server as part
61 * of the forwarding setup: upstream ensures that every X forwarding
62 * request carries distinguishable fake auth data, and then when X
63 * connections come in it waits to see the auth data in the X11 setup
64 * message before it decides which downstream to pass the connection
65 * on to.
66 *
67 * For agent forwarding, that workaround is unavailable. As a result,
68 * this system (and, as far as I can think of, any other system too)
69 * has the fundamental constraint that it can only forward one SSH
70 * agent - it can't forward two agents to different session channels.
71 * So downstreams can request agent forwarding if they like, but if
72 * they do, they'll get whatever SSH agent is known to the upstream
73 * (if any) forwarded to their sessions.
74 *
75 * Downstream-to-upstream protocol
76 * -------------------------------
77 *
78 * Here I document in detail the protocol spoken between PuTTY
79 * downstreams and upstreams over local IPC. The IPC mechanism can
80 * vary between host platforms, but the protocol is the same.
81 *
82 * The protocol commences with a version exchange which is exactly
83 * like the SSH-2 one, in that each side sends a single line of text
84 * of the form
85 *
86 * <protocol>-<version>-<softwareversion> [comments] \r\n
87 *
88 * The only difference is that in real SSH-2, <protocol> is the string
89 * "SSH", whereas in this protocol the string is
90 * "SSHCONNECTION@putty.projects.tartarus.org".
91 *
92 * (The SSH RFCs allow many protocol-level identifier namespaces to be
93 * extended by implementors without central standardisation as long as
94 * they suffix "@" and a domain name they control to their new ids.
95 * RFC 4253 does not define this particular name to be changeable at
96 * all, but I like to think this is obviously how it would have done
97 * so if the working group had foreseen the need :-)
98 *
99 * Thereafter, all data exchanged consists of a sequence of binary
100 * packets concatenated end-to-end, each of which is of the form
101 *
102 * uint32 length of packet, N
103 * byte[N] N bytes of packet data
104 *
105 * and, since these are SSH-2 messages, the first data byte is taken
106 * to be the packet type code.
107 *
108 * These messages are interpreted as those of an SSH connection, after
109 * userauth completes, and without any repeat key exchange.
110 * Specifically, any message from the SSH Connection Protocol is
111 * permitted, and also SSH_MSG_IGNORE, SSH_MSG_DEBUG,
112 * SSH_MSG_DISCONNECT and SSH_MSG_UNIMPLEMENTED from the SSH Transport
113 * Protocol.
114 *
115 * This protocol imposes a few additional requirements, over and above
116 * those of the standard SSH Connection Protocol:
117 *
118 * Message sizes are not permitted to exceed 0x4010 (16400) bytes,
119 * including their length header.
120 *
121 * When the server (i.e. really the PuTTY upstream) sends
122 * SSH_MSG_CHANNEL_OPEN with channel type "x11", and the client
123 * (downstream) responds with SSH_MSG_CHANNEL_OPEN_CONFIRMATION, that
124 * confirmation message MUST include an initial window size of at
125 * least 256. (Rationale: this is a bit of a fudge which makes it
126 * easier, by eliminating the possibility of nasty edge cases, for an
127 * upstream to arrange not to pass the CHANNEL_OPEN on to downstream
128 * until after it's seen the X11 auth data to decide which downstream
129 * it needs to go to.)
130 */
132 #include <stdio.h>
133 #include <stdlib.h>
134 #include <assert.h>
135 #include <limits.h>
136 #include <errno.h>
144 /* the above variable absolutely *must* be the first in this structure */
152 };
158 /* the above variable absolutely *must* be the first in this structure */
172 /*
173 * Assorted state we have to remember about this downstream, so
174 * that we can clean it up appropriately when the downstream goes
175 * away.
176 */
178 /* Channels which don't have a downstream id, i.e. we've passed a
179 * CHANNEL_OPEN down from the server but not had an
180 * OPEN_CONFIRMATION or OPEN_FAILURE back. If downstream goes
181 * away, we respond to all of these with OPEN_FAILURE. */
184 /* Channels which do have a downstream id. We need to index these
185 * by both server id and upstream id, so we can find a channel
186 * when handling either an upward or a downward message referring
187 * to it. */
191 /* Another class of channel which doesn't have a downstream id.
192 * The difference between these and halfchannels is that xchannels
193 * do have an *upstream* id, because upstream has already accepted
194 * the channel request from the server. This arises in the case of
195 * X forwarding, where we have to accept the request and read the
196 * X authorisation data before we know whether the channel needs
197 * to be forwarded to a downstream. */
201 /* Remote port forwarding requests in force. */
204 /* Global requests we've sent on to the server, pending replies. */
206 };
210 };
212 /* States of a share_channel. */
214 OPEN,
215 SENT_CLOSE,
216 RCVD_CLOSE,
217 /* Downstream has sent CHANNEL_OPEN but server hasn't replied yet.
218 * If downstream goes away when a channel is in this state, we
219 * must wait for the server's response before starting to send
220 * CLOSE. Channels in this state are also not held in
221 * channels_by_server, because their server_id field is
222 * meaningless. */
223 UNACKNOWLEDGED
224 };
230 /*
231 * Some channels (specifically, channels on which downstream has
232 * sent "x11-req") have the additional function of storing a set
233 * of downstream X authorisation data and a handle to an upstream
234 * fake set.
235 */
241 };
247 };
254 };
259 /*
260 * xchannels come in two flavours: live and dead. Live ones are
261 * waiting for an OPEN_CONFIRMATION or OPEN_FAILURE from
262 * downstream; dead ones have had an OPEN_FAILURE, so they only
263 * exist as a means of letting us conveniently respond to further
264 * channel messages from the server until such time as the server
265 * sends us CHANNEL_CLOSE.
266 */
269 /*
270 * When we receive OPEN_CONFIRMATION, we will need to send a
271 * WINDOW_ADJUST to the server to synchronise the windows. For
272 * this purpose we need to know what window we have so far offered
273 * the server. We record this as exactly the value in the
274 * OPEN_CONFIRMATION that upstream sent us, adjusted by the amount
275 * by which the two X greetings differed in length.
276 */
279 /*
280 * Linked list of SSH messages from the server relating to this
281 * channel, which we queue up until downstream sends us an
282 * OPEN_CONFIRMATION and we can belatedly send them all on.
283 */
285 };
288 GLOBREQ_TCPIP_FORWARD,
289 GLOBREQ_CANCEL_TCPIP_FORWARD
290 };
297 };
300 {
310 else
312 }
314 static unsigned share_find_unused_id
316 {
321 /*
322 * Find the lowest unused downstream ID greater or equal to
323 * 'first'.
324 *
325 * Begin by seeing if 'first' itself is available. If it is, we'll
326 * just return it; if it's already in the tree, we'll find the
327 * tree index where it appears and use that for the next stage.
328 */
329 {
336 }
338 /*
339 * Now binary-search using the counted B-tree, to find the largest
340 * ID which is in a contiguous sequence from the beginning of that
341 * range.
342 */
350 else
352 }
354 /*
355 * Now low is the tree index of the largest ID in the initial
356 * sequence. So the return value is one more than low's id, and we
357 * know low's id is given by the formula in the binary search loop
358 * above.
359 *
360 * (If an SSH connection went on for _enormously_ long, we might
361 * reach a point where all ids from 'first' to UINT_MAX were in
362 * use. In that situation the formula below would wrap round by
363 * one and return zero, which is conveniently the right way to
364 * signal 'no id available' from this function.)
365 */
367 {
371 }
373 }
376 {
384 else
386 }
389 {
397 else
399 }
402 {
410 else
412 }
415 {
423 else
425 }
428 {
436 else
438 }
441 {
452 else
454 }
457 {
462 }
464 }
467 {
478 /* All channels live in 'channels_by_us' but only some in
479 * 'channels_by_server', so we use the former to find the list of
480 * ones to free */
487 /* But every xchannel is in both trees, so it doesn't matter which
488 * we use to free them. */
504 }
510 }
513 {
522 }
527 }
531 }
535 {
539 /* Duplicate?! */
544 }
545 }
549 {
553 }
557 {
560 }
565 {
580 }
586 }
587 }
589 }
594 {
599 }
603 {
607 }
611 {
615 }
619 {
627 }
632 {
641 }
646 }
648 }
652 {
656 }
660 {
664 }
668 {
672 }
677 {
683 /* Duplicate?! */
686 }
688 }
692 {
699 }
703 {
706 }
711 {
716 /*
717 * Special case which we take care of at a low level, so as to
718 * be sure to apply it in all cases. On rare occasions we
719 * might find that we have a channel for which the
720 * downstream's maximum packet size exceeds the max packet
721 * size we presented to the server on its behalf. (This can
722 * occur in X11 forwarding, where we have to send _our_
723 * CHANNEL_OPEN_CONFIRMATION before we discover which if any
724 * downstream the channel is destined for, so if that
725 * downstream turns out to present a smaller max packet size
726 * then we're in this situation.)
727 *
728 * If that happens, we just chop up the packet into pieces and
729 * send them as separate CHANNEL_DATA packets.
730 */
753 /*
754 * Just do the obvious thing.
755 */
762 }
763 }
766 {
772 /*
773 * Any half-open channels, i.e. those for which we'd received
774 * CHANNEL_OPEN from the server but not passed back a response
775 * from downstream, should be responded to with OPEN_FAILURE.
776 */
791 SSH2_MSG_CHANNEL_OPEN_FAILURE,
796 }
798 /*
799 * Any actually open channels should have a CHANNEL_CLOSE sent for
800 * them, unless we've already done so. We won't be able to
801 * actually clean them up until CHANNEL_CLOSE comes back from the
802 * server, though (unless the server happens to have sent a CLOSE
803 * already).
804 *
805 * Another annoying exception is UNACKNOWLEDGED channels, i.e.
806 * we've _sent_ a CHANNEL_OPEN to the server but not received an
807 * OPEN_CONFIRMATION or OPEN_FAILURE. We must wait for a reply
808 * before closing the channel, because until we see that reply we
809 * won't have the server's channel id to put in the close message.
810 */
819 SSH2_MSG_CHANNEL_CLOSE,
825 /* In this case, we _can_ clear up the channel now. */
829 }
830 }
831 }
833 /*
834 * Any remote port forwardings we're managing on behalf of this
835 * downstream should be cancelled. Again, we must defer those for
836 * which we haven't yet seen REQUEST_SUCCESS/FAILURE.
837 *
838 * We take a fire-and-forget approach during cleanup, not
839 * bothering to set want_reply.
840 */
861 SSH2_MSG_GLOBAL_REQUEST,
868 }
869 }
874 /*
875 * Now we're _really_ done, so we can get rid of cs completely.
876 */
880 }
881 }
884 {
890 }
894 {
912 }
916 {
920 #ifdef BROKEN_PIPE_ERROR_CODE
921 /*
922 * Most of the time, we log what went wrong when a downstream
923 * disappears with a socket error. One exception, though, is
924 * receiving EPIPE when we haven't received a protocol version
925 * string from the downstream, because that can happen as a result
926 * of plink -shareexists (opening the connection and instantly
927 * closing it again without bothering to read our version string).
928 * So that one case is not treated as a log-worthy error.
929 */
932 else
933 #endif
936 }
939 }
943 {
959 }
962 {
966 else
968 }
971 {
975 else
977 }
979 /*
980 * Append a message to the end of an xchannel's queue, with the length
981 * and type code filled in and the data block allocated but
982 * uninitialised.
983 */
986 {
990 /*
991 * Be a little tricksy here by allocating a single memory block
992 * containing both the 'struct share_xchannel_message' and the
993 * actual data. Simplifies freeing it later.
994 */
1001 /*
1002 * Queue it in the xchannel.
1003 */
1006 else
1012 }
1016 {
1017 /*
1018 * Handle queued incoming messages from the server destined for an
1019 * xchannel which is dead (i.e. downstream sent OPEN_FAILURE).
1020 */
1027 /*
1028 * A CHANNEL_REQUEST is responded to by sending
1029 * CHANNEL_FAILURE, if it has want_reply set.
1030 */
1036 ssh_send_packet_from_downstream
1039 }
1041 /*
1042 * On CHANNEL_CLOSE we can discard the channel completely.
1043 */
1045 }
1048 }
1053 }
1054 }
1060 {
1063 /*
1064 * Send all the queued messages downstream.
1065 */
1076 }
1078 /*
1079 * Send a WINDOW_ADJUST back upstream, to synchronise the window
1080 * size downstream thinks it's presented with the one we've
1081 * actually presented.
1082 */
1086 SSH2_MSG_CHANNEL_WINDOW_ADJUST,
1089 }
1093 {
1094 /*
1095 * If downstream refuses to open our X channel at all for some
1096 * reason, we must respond by sending an emergency CLOSE upstream.
1097 */
1100 ssh_send_packet_from_downstream
1104 /*
1105 * Now mark the xchannel as dead, and respond to anything sent on
1106 * it until we see CLOSE for it in turn.
1107 */
1110 }
1119 {
1129 /*
1130 * Create an xchannel containing data we've already received from
1131 * the X client, and preload it with a CHANNEL_DATA message
1132 * containing our own made-up authorisation greeting and any
1133 * additional data sent from the server so far.
1134 */
1142 /* leave the channel id field unfilled - we don't know the
1143 * downstream id yet, of course */
1151 /*
1152 * Send on a CHANNEL_OPEN to downstream.
1153 */
1167 /*
1168 * If this was a once-only X forwarding, clean it up now.
1169 */
1178 }
1179 }
1183 {
1200 }
1204 }
1205 }
1208 }
1215 /* Retry cleaning up this connection, in case that reply
1216 * was the last thing we were waiting for. */
1218 }
1241 /*
1242 * All these messages have the recipient channel id as the
1243 * first uint32 field in the packet. Substitute the downstream
1244 * channel id for our one and pass the packet downstream.
1245 */
1249 /*
1250 * The normal case: this id refers to an open channel.
1251 */
1255 /*
1256 * Update the channel state, for messages that need it.
1257 */
1261 OPEN);
1263 /* Retry cleaning up this connection, so that we
1264 * can send an immediate CLOSE on this channel for
1265 * which we now know the server id. */
1267 }
1268 }
1278 /* Retry cleaning up this connection, in case this
1279 * channel closure was the last thing we were
1280 * waiting for. */
1282 }
1285 }
1286 }
1289 /*
1290 * The unusual case: this id refers to an xchannel. Add it
1291 * to the xchannel's queue.
1292 */
1298 /* If the xchannel is dead, then also respond to it (which
1299 * may involve deleting the channel). */
1302 }
1308 }
1309 }
1314 {
1327 /*
1328 * This message stops here: if downstream is disconnecting
1329 * from us, that doesn't mean we want to disconnect from the
1330 * SSH server. Close the downstream connection and start
1331 * cleanup.
1332 */
1337 /*
1338 * The only global requests we understand are "tcpip-forward"
1339 * and "cancel-tcpip-forward". Since those require us to
1340 * maintain state, we must assume that other global requests
1341 * will probably require that too, and so we don't forward on
1342 * any request we don't understand.
1343 */
1348 }
1356 /*
1357 * Pick the packet apart to find the want_reply field and
1358 * the host/port we're going to ask to listen on.
1359 */
1364 }
1372 }
1378 /*
1379 * See if we can allocate space in ssh.c's tree of remote
1380 * port forwardings. If we can't, it's because another
1381 * client sharing this connection has already allocated
1382 * the identical port forwarding, so we take it on
1383 * ourselves to manufacture a failure packet and send it
1384 * back to downstream.
1385 */
1391 }
1393 /*
1394 * We've managed to make space for this forwarding
1395 * locally. Pass the request on to the SSH server, but
1396 * set want_reply even if it wasn't originally set, so
1397 * that we know whether this forwarding needs to be
1398 * cleaned up if downstream goes away.
1399 */
1402 ssh_send_packet_from_downstream
1413 else
1418 }
1419 }
1429 /*
1430 * Pick the packet apart to find the want_reply field and
1431 * the host/port we're going to ask to listen on.
1432 */
1437 }
1445 }
1451 /*
1452 * Look up the existing forwarding with these details.
1453 */
1459 }
1461 /*
1462 * Pass the cancel request on to the SSH server, but
1463 * set want_reply even if it wasn't originally set, so
1464 * that _we_ know whether the forwarding has been
1465 * deleted even if downstream doesn't want to know.
1466 */
1469 ssh_send_packet_from_downstream
1473 }
1477 /*
1478 * Request we don't understand. Manufacture a failure
1479 * message if an answer was required.
1480 */
1489 }
1493 }
1497 /* Sender channel id comes after the channel type string */
1502 }
1517 }
1523 /* This server id may refer to either a halfchannel or an xchannel. */
1531 err = dupprintf("CHANNEL_OPEN_CONFIRMATION packet cited unknown channel %u", (unsigned)server_id);
1533 }
1547 err = dupprintf("Initial window size for x11 channel must be at least 256 (got %u)", downstream_window);
1549 }
1552 }
1560 }
1563 /* This server id may refer to either a halfchannel or an xchannel. */
1574 }
1590 /*
1591 * Agent forwarding requests from downstream are treated
1592 * specially. Because OpenSSHD doesn't let us enable agent
1593 * forwarding independently per session channel, and in
1594 * particular because the OpenSSH-defined agent forwarding
1595 * protocol does not mark agent-channel requests with the
1596 * id of the session channel they originate from, the only
1597 * way we can implement agent forwarding in a
1598 * connection-shared PuTTY is to forward the _upstream_
1599 * agent. Hence, we unilaterally deny agent forwarding
1600 * requests from downstreams if we aren't prepared to
1601 * forward an agent ourselves.
1602 *
1603 * (If we are, then we dutifully pass agent forwarding
1604 * requests upstream. OpenSSHD has the curious behaviour
1605 * that all but the first such request will be rejected,
1606 * but all session channels opened after the first request
1607 * get agent forwarding enabled whether they ask for it or
1608 * not; but that's not our concern, since other SSH
1609 * servers supporting the same piece of protocol might in
1610 * principle at least manage to enable agent forwarding on
1611 * precisely the channels that requested it, even if the
1612 * subsequent CHANNEL_OPENs still can't be associated with
1613 * a parent session channel.)
1614 */
1633 }
1635 }
1637 /*
1638 * Another thing we treat specially is X11 forwarding
1639 * requests. For these, we have to make up another set of
1640 * X11 auth data, and enter it into our SSH connection's
1641 * list of possible X11 authorisation credentials so that
1642 * when we see an X11 channel open request we can know
1643 * whether it's one to handle locally or one to pass on to
1644 * a downstream, and if the latter, which one.
1645 */
1662 }
1664 /*
1665 * Pick apart the whole message to find the downstream
1666 * auth details.
1667 */
1668 /* we have already seen: 4 bytes channel id, 4+7 request name */
1672 }
1686 }
1690 /* Reject due to not understanding downstream's
1691 * requested authorisation method. */
1698 }
1709 /*
1710 * Now construct a replacement X forwarding request,
1711 * containing our own auth data, and send that to the
1712 * server.
1713 */
1727 datalen);
1730 SSH2_MSG_CHANNEL_REQUEST,
1735 }
1738 }
1752 }
1753 }
1754 }
1761 /*
1762 * Any other packet type is unexpected. In particular, we
1763 * never pass GLOBAL_REQUESTs downstream, so we never expect
1764 * to see SSH2_MSG_REQUEST_{SUCCESS,FAILURE}.
1765 */
1766 confused:
1771 }
1772 }
1774 /*
1775 * Coroutine macros similar to, but simplified from, those in ssh.c.
1776 */
1777 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
1778 #define crFinish(z) } *crLine = 0; return (z); }
1779 #define crGetChar(c) do \
1780 { \
1781 while (len == 0) { \
1782 *crLine =__LINE__; return 1; case __LINE__:; \
1783 } \
1784 len--; \
1785 (c) = (unsigned char)*data++; \
1786 } while (0)
1789 {
1797 /*
1798 * First read the version string from downstream.
1799 */
1810 }
1812 }
1814 /*
1815 * Now parse the version string to make sure it's at least vaguely
1816 * sensible, and log it.
1817 */
1825 }
1833 /*
1834 * Loop round reading packets.
1835 */
1841 }
1850 }
1854 }
1858 }
1860 dead:;
1862 }
1865 {
1866 /* struct ssh_sharing_connstate *cs = (struct ssh_sharing_connstate *)plug; */
1868 /*
1869 * We do nothing here, because we expect that there won't be a
1870 * need to throttle and unthrottle the connection to a downstream.
1871 * It should automatically throttle itself: if the SSH server
1872 * sends huge amounts of data on all channels then it'll run out
1873 * of window until our downstream sends it back some
1874 * WINDOW_ADJUSTs.
1875 */
1876 }
1880 {
1888 }
1891 {
1898 }
1901 {
1904 }
1907 {
1908 /*
1909 * Indication from ssh.c that we are now ready to begin serving
1910 * any downstreams that have already connected to us.
1911 */
1916 /*
1917 * Trim the server's version string down to just the software
1918 * version component, removing "SSH-2.0-" or whatever at the
1919 * front.
1920 */
1924 server_verstring++;
1925 }
1933 }
1934 }
1938 {
1941 share_closing,
1942 share_receive,
1943 share_sent,
1944 NULL /* no accepting function, because we've already done it */
1945 };
1951 /*
1952 * A new downstream has connected to us.
1953 */
1962 }
1971 }
1997 }
1999 /* Per-application overrides for what roles we can take (e.g. pscp
2000 * will never be an upstream) */
2004 /*
2005 * Decide on the string used to identify the connection point between
2006 * upstream and downstream (be it a Windows named pipe or a
2007 * Unix-domain socket or whatever else).
2008 *
2009 * I wondered about making this a SHA hash of all sorts of pieces of
2010 * the PuTTY configuration - essentially everything PuTTY uses to know
2011 * where and how to make a connection, including all the proxy details
2012 * (or rather, all the _relevant_ ones - only including settings that
2013 * other settings didn't prevent from having any effect), plus the
2014 * username. However, I think it's better to keep it really simple:
2015 * the connection point identifier is derived from the hostname and
2016 * port used to index the host-key cache (not necessarily where we
2017 * _physically_ connected to, in cases involving proxies or
2018 * CONF_loghost), plus the username if one is specified.
2019 *
2020 * The per-platform code will quite likely hash or obfuscate this name
2021 * in turn, for privacy from other users; failing that, it might
2022 * transform it to avoid dangerous filename characters and so on. But
2023 * that doesn't matter to us: for us, the point is that two session
2024 * configurations which return the same string from this function will
2025 * be treated as potentially shareable with each other.
2026 */
2028 {
2035 else
2040 else
2042 }
2046 }
2057 {
2059 nullplug_socket_log,
2060 nullplug_closing,
2061 nullplug_receive,
2062 nullplug_sent,
2063 NULL
2064 };
2071 Socket sock;
2094 }
2095 }
2097 /*
2098 * Init function for connection sharing. We either open a listening
2099 * socket and become an upstream, or connect to an existing one and
2100 * become a downstream, or do neither. We are responsible for deciding
2101 * which of these to do (including checking the Conf to see if
2102 * connection sharing is even enabled in the first place). If we
2103 * become a downstream, we return the Socket with which we connected
2104 * to the upstream; otherwise (whether or not we have established an
2105 * upstream) we return NULL.
2106 */
2109 {
2112 share_listen_closing,
2115 share_listen_accepting
2116 };
2121 Socket sock;
2135 /*
2136 * Create a data structure for the listening plug if we turn out
2137 * to be an upstream.
2138 */
2143 /*
2144 * Now hand off to a per-platform routine that either connects to
2145 * an existing upstream (using 'ssh' as the plug), establishes our
2146 * own upstream (using 'sharestate' as the plug), or forks off a
2147 * separate upstream and then connects to that. It will return a
2148 * code telling us which kind of socket it put in 'sock'.
2149 */
2161 /*
2162 * We aren't sharing our connection at all (e.g. something
2163 * went wrong setting the socket up). Free the upstream
2164 * structure and return NULL.
2165 */
2173 /*
2174 * We are downstream, so free sharestate which it turns out we
2175 * don't need after all, and return the downstream socket as a
2176 * replacement for an ordinary SSH connection.
2177 */
2184 /*
2185 * We are upstream. Set up sharestate properly and pass a copy
2186 * to the caller; return NULL, to tell ssh.c that it has to
2187 * make an ordinary connection after all.
2188 */
2197 }
2200 }