| blob | 82ca2f79c72b51c9bd647ca4ee6e24ca0370aa82 |
1 /*
2 * Support for SSH connection sharing, i.e. permitting one PuTTY to
3 * open its own channels over the SSH session being run by another.
4 */
6 /*
7 * Discussion and technical documentation
8 * ======================================
9 *
10 * The basic strategy for PuTTY's implementation of SSH connection
11 * sharing is to have a single 'upstream' PuTTY process, which manages
12 * the real SSH connection and all the cryptography, and then zero or
13 * more 'downstream' PuTTYs, which never talk to the real host but
14 * only talk to the upstream through local IPC (Unix-domain sockets or
15 * Windows named pipes).
16 *
17 * The downstreams communicate with the upstream using a protocol
18 * derived from SSH itself, which I'll document in detail below. In
19 * brief, though: the downstream->upstream protocol uses a trivial
20 * binary packet protocol (just length/type/data) to encapsulate
21 * unencrypted SSH messages, and downstreams talk to the upstream more
22 * or less as if it was an SSH server itself. (So downstreams can
23 * themselves open multiple SSH channels, for example, by sending
24 * multiple SSH2_MSG_CHANNEL_OPENs; they can send CHANNEL_REQUESTs of
25 * their choice within each channel, and they handle their own
26 * WINDOW_ADJUST messages.)
27 *
28 * The upstream would ideally handle these downstreams by just putting
29 * their messages into the queue for proper SSH-2 encapsulation and
30 * encryption and sending them straight on to the server. However,
31 * that's not quite feasible as written, because client-side channel
32 * IDs could easily conflict (between multiple downstreams, or between
33 * a downstream and the upstream). To protect against that, the
34 * upstream rewrites the client-side channel IDs in messages it passes
35 * on to the server, so that it's performing what you might describe
36 * as 'channel-number NAT'. Then the upstream remembers which of its
37 * own channel IDs are channels it's managing itself, and which are
38 * placeholders associated with a particular downstream, so that when
39 * replies come in from the server they can be sent on to the relevant
40 * downstream (after un-NATting the channel number, of course).
41 *
42 * Global requests from downstreams are only accepted if the upstream
43 * knows what to do about them; currently the only such requests are
44 * the ones having to do with remote-to-local port forwarding (in
45 * which, again, the upstream remembers that some of the forwardings
46 * it's asked the server to set up were on behalf of particular
47 * downstreams, and sends the incoming CHANNEL_OPENs to those
48 * downstreams when connections come in).
49 *
50 * Other fiddly pieces of this mechanism are X forwarding and
51 * (OpenSSH-style) agent forwarding. Both of these have a fundamental
52 * problem arising from the protocol design: that the CHANNEL_OPEN
53 * from the server introducing a forwarded connection does not carry
54 * any indication of which session channel gave rise to it; so if
55 * session channels from multiple downstreams enable those forwarding
56 * methods, it's hard for the upstream to know which downstream to
57 * send the resulting connections back to.
58 *
59 * For X forwarding, we can work around this in a really painful way
60 * by using the fake X11 authorisation data sent to the server as part
61 * of the forwarding setup: upstream ensures that every X forwarding
62 * request carries distinguishable fake auth data, and then when X
63 * connections come in it waits to see the auth data in the X11 setup
64 * message before it decides which downstream to pass the connection
65 * on to.
66 *
67 * For agent forwarding, that workaround is unavailable. As a result,
68 * this system (and, as far as I can think of, any other system too)
69 * has the fundamental constraint that it can only forward one SSH
70 * agent - it can't forward two agents to different session channels.
71 * So downstreams can request agent forwarding if they like, but if
72 * they do, they'll get whatever SSH agent is known to the upstream
73 * (if any) forwarded to their sessions.
74 *
75 * Downstream-to-upstream protocol
76 * -------------------------------
77 *
78 * Here I document in detail the protocol spoken between PuTTY
79 * downstreams and upstreams over local IPC. The IPC mechanism can
80 * vary between host platforms, but the protocol is the same.
81 *
82 * The protocol commences with a version exchange which is exactly
83 * like the SSH-2 one, in that each side sends a single line of text
84 * of the form
85 *
86 * <protocol>-<version>-<softwareversion> [comments] \r\n
87 *
88 * The only difference is that in real SSH-2, <protocol> is the string
89 * "SSH", whereas in this protocol the string is
90 * "SSHCONNECTION@putty.projects.tartarus.org".
91 *
92 * (The SSH RFCs allow many protocol-level identifier namespaces to be
93 * extended by implementors without central standardisation as long as
94 * they suffix "@" and a domain name they control to their new ids.
95 * RFC 4253 does not define this particular name to be changeable at
96 * all, but I like to think this is obviously how it would have done
97 * so if the working group had foreseen the need :-)
98 *
99 * Thereafter, all data exchanged consists of a sequence of binary
100 * packets concatenated end-to-end, each of which is of the form
101 *
102 * uint32 length of packet, N
103 * byte[N] N bytes of packet data
104 *
105 * and, since these are SSH-2 messages, the first data byte is taken
106 * to be the packet type code.
107 *
108 * These messages are interpreted as those of an SSH connection, after
109 * userauth completes, and without any repeat key exchange.
110 * Specifically, any message from the SSH Connection Protocol is
111 * permitted, and also SSH_MSG_IGNORE, SSH_MSG_DEBUG,
112 * SSH_MSG_DISCONNECT and SSH_MSG_UNIMPLEMENTED from the SSH Transport
113 * Protocol.
114 *
115 * This protocol imposes a few additional requirements, over and above
116 * those of the standard SSH Connection Protocol:
117 *
118 * Message sizes are not permitted to exceed 0x4010 (16400) bytes,
119 * including their length header.
120 *
121 * When the server (i.e. really the PuTTY upstream) sends
122 * SSH_MSG_CHANNEL_OPEN with channel type "x11", and the client
123 * (downstream) responds with SSH_MSG_CHANNEL_OPEN_CONFIRMATION, that
124 * confirmation message MUST include an initial window size of at
125 * least 256. (Rationale: this is a bit of a fudge which makes it
126 * easier, by eliminating the possibility of nasty edge cases, for an
127 * upstream to arrange not to pass the CHANNEL_OPEN on to downstream
128 * until after it's seen the X11 auth data to decide which downstream
129 * it needs to go to.)
130 */
132 #include <stdio.h>
133 #include <stdlib.h>
134 #include <assert.h>
135 #include <limits.h>
136 #include <errno.h>
144 /* the above variable absolutely *must* be the first in this structure */
152 };
158 /* the above variable absolutely *must* be the first in this structure */
172 /*
173 * Assorted state we have to remember about this downstream, so
174 * that we can clean it up appropriately when the downstream goes
175 * away.
176 */
178 /* Channels which don't have a downstream id, i.e. we've passed a
179 * CHANNEL_OPEN down from the server but not had an
180 * OPEN_CONFIRMATION or OPEN_FAILURE back. If downstream goes
181 * away, we respond to all of these with OPEN_FAILURE. */
184 /* Channels which do have a downstream id. We need to index these
185 * by both server id and upstream id, so we can find a channel
186 * when handling either an upward or a downward message referring
187 * to it. */
191 /* Another class of channel which doesn't have a downstream id.
192 * The difference between these and halfchannels is that xchannels
193 * do have an *upstream* id, because upstream has already accepted
194 * the channel request from the server. This arises in the case of
195 * X forwarding, where we have to accept the request and read the
196 * X authorisation data before we know whether the channel needs
197 * to be forwarded to a downstream. */
201 /* Remote port forwarding requests in force. */
204 /* Global requests we've sent on to the server, pending replies. */
206 };
210 };
212 /* States of a share_channel. */
214 OPEN,
215 SENT_CLOSE,
216 RCVD_CLOSE,
217 /* Downstream has sent CHANNEL_OPEN but server hasn't replied yet.
218 * If downstream goes away when a channel is in this state, we
219 * must wait for the server's response before starting to send
220 * CLOSE. Channels in this state are also not held in
221 * channels_by_server, because their server_id field is
222 * meaningless. */
223 UNACKNOWLEDGED
224 };
230 /*
231 * Some channels (specifically, channels on which downstream has
232 * sent "x11-req") have the additional function of storing a set
233 * of downstream X authorisation data and a handle to an upstream
234 * fake set.
235 */
241 };
247 };
254 };
259 /*
260 * xchannels come in two flavours: live and dead. Live ones are
261 * waiting for an OPEN_CONFIRMATION or OPEN_FAILURE from
262 * downstream; dead ones have had an OPEN_FAILURE, so they only
263 * exist as a means of letting us conveniently respond to further
264 * channel messages from the server until such time as the server
265 * sends us CHANNEL_CLOSE.
266 */
269 /*
270 * When we receive OPEN_CONFIRMATION, we will need to send a
271 * WINDOW_ADJUST to the server to synchronise the windows. For
272 * this purpose we need to know what window we have so far offered
273 * the server. We record this as exactly the value in the
274 * OPEN_CONFIRMATION that upstream sent us, adjusted by the amount
275 * by which the two X greetings differed in length.
276 */
279 /*
280 * Linked list of SSH messages from the server relating to this
281 * channel, which we queue up until downstream sends us an
282 * OPEN_CONFIRMATION and we can belatedly send them all on.
283 */
285 };
288 GLOBREQ_TCPIP_FORWARD,
289 GLOBREQ_CANCEL_TCPIP_FORWARD
290 };
297 };
300 {
310 else
312 }
314 static unsigned share_find_unused_id
316 {
321 /*
322 * Find the lowest unused downstream ID greater or equal to
323 * 'first'.
324 *
325 * Begin by seeing if 'first' itself is available. If it is, we'll
326 * just return it; if it's already in the tree, we'll find the
327 * tree index where it appears and use that for the next stage.
328 */
329 {
336 }
338 /*
339 * Now binary-search using the counted B-tree, to find the largest
340 * ID which is in a contiguous sequence from the beginning of that
341 * range.
342 */
350 else
352 }
354 /*
355 * Now low is the tree index of the largest ID in the initial
356 * sequence. So the return value is one more than low's id, and we
357 * know low's id is given by the formula in the binary search loop
358 * above.
359 *
360 * (If an SSH connection went on for _enormously_ long, we might
361 * reach a point where all ids from 'first' to UINT_MAX were in
362 * use. In that situation the formula below would wrap round by
363 * one and return zero, which is conveniently the right way to
364 * signal 'no id available' from this function.)
365 */
367 {
371 }
373 }
376 {
384 else
386 }
389 {
397 else
399 }
402 {
410 else
412 }
415 {
423 else
425 }
428 {
436 else
438 }
441 {
452 else
454 }
457 {
462 }
464 }
467 {
478 /* All channels live in 'channels_by_us' but only some in
479 * 'channels_by_server', so we use the former to find the list of
480 * ones to free */
487 /* But every xchannel is in both trees, so it doesn't matter which
488 * we use to free them. */
504 }
510 }
513 {
522 }
527 }
531 }
535 {
539 /* Duplicate?! */
544 }
545 }
549 {
553 }
557 {
560 }
565 {
580 }
586 }
587 }
589 }
594 {
599 }
603 {
607 }
611 {
615 }
619 {
627 }
632 {
641 }
646 }
648 }
652 {
656 }
660 {
664 }
668 {
672 }
677 {
683 /* Duplicate?! */
686 }
688 }
692 {
699 }
703 {
706 }
711 {
716 /*
717 * Special case which we take care of at a low level, so as to
718 * be sure to apply it in all cases. On rare occasions we
719 * might find that we have a channel for which the
720 * downstream's maximum packet size exceeds the max packet
721 * size we presented to the server on its behalf. (This can
722 * occur in X11 forwarding, where we have to send _our_
723 * CHANNEL_OPEN_CONFIRMATION before we discover which if any
724 * downstream the channel is destined for, so if that
725 * downstream turns out to present a smaller max packet size
726 * then we're in this situation.)
727 *
728 * If that happens, we just chop up the packet into pieces and
729 * send them as separate CHANNEL_DATA packets.
730 */
753 /*
754 * Just do the obvious thing.
755 */
762 }
763 }
766 {
772 /*
773 * Any half-open channels, i.e. those for which we'd received
774 * CHANNEL_OPEN from the server but not passed back a response
775 * from downstream, should be responded to with OPEN_FAILURE.
776 */
791 SSH2_MSG_CHANNEL_OPEN_FAILURE,
796 }
798 /*
799 * Any actually open channels should have a CHANNEL_CLOSE sent for
800 * them, unless we've already done so. We won't be able to
801 * actually clean them up until CHANNEL_CLOSE comes back from the
802 * server, though (unless the server happens to have sent a CLOSE
803 * already).
804 *
805 * Another annoying exception is UNACKNOWLEDGED channels, i.e.
806 * we've _sent_ a CHANNEL_OPEN to the server but not received an
807 * OPEN_CONFIRMATION or OPEN_FAILURE. We must wait for a reply
808 * before closing the channel, because until we see that reply we
809 * won't have the server's channel id to put in the close message.
810 */
819 SSH2_MSG_CHANNEL_CLOSE,
825 /* In this case, we _can_ clear up the channel now. */
829 }
830 }
831 }
833 /*
834 * Any remote port forwardings we're managing on behalf of this
835 * downstream should be cancelled. Again, we must defer those for
836 * which we haven't yet seen REQUEST_SUCCESS/FAILURE.
837 *
838 * We take a fire-and-forget approach during cleanup, not
839 * bothering to set want_reply.
840 */
861 SSH2_MSG_GLOBAL_REQUEST,
868 }
869 }
874 /*
875 * Now we're _really_ done, so we can get rid of cs completely.
876 */
880 }
881 }
884 {
890 }
894 {
912 }
916 {
920 #ifdef BROKEN_PIPE_ERROR_CODE
921 /*
922 * Most of the time, we log what went wrong when a downstream
923 * disappears with a socket error. One exception, though, is
924 * receiving EPIPE when we haven't received a protocol version
925 * string from the downstream, because that can happen as a result
926 * of plink -shareexists (opening the connection and instantly
927 * closing it again without bothering to read our version string).
928 * So that one case is not treated as a log-worthy error.
929 */
932 else
933 #endif
936 }
938 }
942 {
958 }
961 {
965 else
967 }
970 {
974 else
976 }
978 /*
979 * Append a message to the end of an xchannel's queue, with the length
980 * and type code filled in and the data block allocated but
981 * uninitialised.
982 */
985 {
989 /*
990 * Be a little tricksy here by allocating a single memory block
991 * containing both the 'struct share_xchannel_message' and the
992 * actual data. Simplifies freeing it later.
993 */
1000 /*
1001 * Queue it in the xchannel.
1002 */
1005 else
1011 }
1015 {
1016 /*
1017 * Handle queued incoming messages from the server destined for an
1018 * xchannel which is dead (i.e. downstream sent OPEN_FAILURE).
1019 */
1026 /*
1027 * A CHANNEL_REQUEST is responded to by sending
1028 * CHANNEL_FAILURE, if it has want_reply set.
1029 */
1035 ssh_send_packet_from_downstream
1038 }
1040 /*
1041 * On CHANNEL_CLOSE we can discard the channel completely.
1042 */
1044 }
1047 }
1052 }
1053 }
1059 {
1062 /*
1063 * Send all the queued messages downstream.
1064 */
1075 }
1077 /*
1078 * Send a WINDOW_ADJUST back upstream, to synchronise the window
1079 * size downstream thinks it's presented with the one we've
1080 * actually presented.
1081 */
1085 SSH2_MSG_CHANNEL_WINDOW_ADJUST,
1088 }
1092 {
1093 /*
1094 * If downstream refuses to open our X channel at all for some
1095 * reason, we must respond by sending an emergency CLOSE upstream.
1096 */
1099 ssh_send_packet_from_downstream
1103 /*
1104 * Now mark the xchannel as dead, and respond to anything sent on
1105 * it until we see CLOSE for it in turn.
1106 */
1109 }
1118 {
1128 /*
1129 * Create an xchannel containing data we've already received from
1130 * the X client, and preload it with a CHANNEL_DATA message
1131 * containing our own made-up authorisation greeting and any
1132 * additional data sent from the server so far.
1133 */
1141 /* leave the channel id field unfilled - we don't know the
1142 * downstream id yet, of course */
1150 /*
1151 * Send on a CHANNEL_OPEN to downstream.
1152 */
1166 /*
1167 * If this was a once-only X forwarding, clean it up now.
1168 */
1177 }
1178 }
1182 {
1199 }
1203 }
1204 }
1207 }
1214 /* Retry cleaning up this connection, in case that reply
1215 * was the last thing we were waiting for. */
1217 }
1240 /*
1241 * All these messages have the recipient channel id as the
1242 * first uint32 field in the packet. Substitute the downstream
1243 * channel id for our one and pass the packet downstream.
1244 */
1248 /*
1249 * The normal case: this id refers to an open channel.
1250 */
1254 /*
1255 * Update the channel state, for messages that need it.
1256 */
1260 OPEN);
1262 /* Retry cleaning up this connection, so that we
1263 * can send an immediate CLOSE on this channel for
1264 * which we now know the server id. */
1266 }
1267 }
1277 /* Retry cleaning up this connection, in case this
1278 * channel closure was the last thing we were
1279 * waiting for. */
1281 }
1284 }
1285 }
1288 /*
1289 * The unusual case: this id refers to an xchannel. Add it
1290 * to the xchannel's queue.
1291 */
1297 /* If the xchannel is dead, then also respond to it (which
1298 * may involve deleting the channel). */
1301 }
1307 }
1308 }
1313 {
1326 /*
1327 * This message stops here: if downstream is disconnecting
1328 * from us, that doesn't mean we want to disconnect from the
1329 * SSH server. Close the downstream connection and start
1330 * cleanup.
1331 */
1336 /*
1337 * The only global requests we understand are "tcpip-forward"
1338 * and "cancel-tcpip-forward". Since those require us to
1339 * maintain state, we must assume that other global requests
1340 * will probably require that too, and so we don't forward on
1341 * any request we don't understand.
1342 */
1347 }
1355 /*
1356 * Pick the packet apart to find the want_reply field and
1357 * the host/port we're going to ask to listen on.
1358 */
1363 }
1371 }
1377 /*
1378 * See if we can allocate space in ssh.c's tree of remote
1379 * port forwardings. If we can't, it's because another
1380 * client sharing this connection has already allocated
1381 * the identical port forwarding, so we take it on
1382 * ourselves to manufacture a failure packet and send it
1383 * back to downstream.
1384 */
1390 }
1392 /*
1393 * We've managed to make space for this forwarding
1394 * locally. Pass the request on to the SSH server, but
1395 * set want_reply even if it wasn't originally set, so
1396 * that we know whether this forwarding needs to be
1397 * cleaned up if downstream goes away.
1398 */
1401 ssh_send_packet_from_downstream
1412 else
1417 }
1418 }
1428 /*
1429 * Pick the packet apart to find the want_reply field and
1430 * the host/port we're going to ask to listen on.
1431 */
1436 }
1444 }
1450 /*
1451 * Look up the existing forwarding with these details.
1452 */
1458 }
1460 /*
1461 * Pass the cancel request on to the SSH server, but
1462 * set want_reply even if it wasn't originally set, so
1463 * that _we_ know whether the forwarding has been
1464 * deleted even if downstream doesn't want to know.
1465 */
1468 ssh_send_packet_from_downstream
1472 }
1476 /*
1477 * Request we don't understand. Manufacture a failure
1478 * message if an answer was required.
1479 */
1488 }
1492 }
1496 /* Sender channel id comes after the channel type string */
1501 }
1516 }
1522 /* This server id may refer to either a halfchannel or an xchannel. */
1530 err = dupprintf("CHANNEL_OPEN_CONFIRMATION packet cited unknown channel %u", (unsigned)server_id);
1532 }
1546 err = dupprintf("Initial window size for x11 channel must be at least 256 (got %u)", downstream_window);
1548 }
1551 }
1559 }
1562 /* This server id may refer to either a halfchannel or an xchannel. */
1573 }
1589 /*
1590 * Agent forwarding requests from downstream are treated
1591 * specially. Because OpenSSHD doesn't let us enable agent
1592 * forwarding independently per session channel, and in
1593 * particular because the OpenSSH-defined agent forwarding
1594 * protocol does not mark agent-channel requests with the
1595 * id of the session channel they originate from, the only
1596 * way we can implement agent forwarding in a
1597 * connection-shared PuTTY is to forward the _upstream_
1598 * agent. Hence, we unilaterally deny agent forwarding
1599 * requests from downstreams if we aren't prepared to
1600 * forward an agent ourselves.
1601 *
1602 * (If we are, then we dutifully pass agent forwarding
1603 * requests upstream. OpenSSHD has the curious behaviour
1604 * that all but the first such request will be rejected,
1605 * but all session channels opened after the first request
1606 * get agent forwarding enabled whether they ask for it or
1607 * not; but that's not our concern, since other SSH
1608 * servers supporting the same piece of protocol might in
1609 * principle at least manage to enable agent forwarding on
1610 * precisely the channels that requested it, even if the
1611 * subsequent CHANNEL_OPENs still can't be associated with
1612 * a parent session channel.)
1613 */
1632 }
1634 }
1636 /*
1637 * Another thing we treat specially is X11 forwarding
1638 * requests. For these, we have to make up another set of
1639 * X11 auth data, and enter it into our SSH connection's
1640 * list of possible X11 authorisation credentials so that
1641 * when we see an X11 channel open request we can know
1642 * whether it's one to handle locally or one to pass on to
1643 * a downstream, and if the latter, which one.
1644 */
1661 }
1663 /*
1664 * Pick apart the whole message to find the downstream
1665 * auth details.
1666 */
1667 /* we have already seen: 4 bytes channel id, 4+7 request name */
1671 }
1685 }
1689 /* Reject due to not understanding downstream's
1690 * requested authorisation method. */
1697 }
1708 /*
1709 * Now construct a replacement X forwarding request,
1710 * containing our own auth data, and send that to the
1711 * server.
1712 */
1726 datalen);
1729 SSH2_MSG_CHANNEL_REQUEST,
1734 }
1737 }
1751 }
1752 }
1753 }
1760 /*
1761 * Any other packet type is unexpected. In particular, we
1762 * never pass GLOBAL_REQUESTs downstream, so we never expect
1763 * to see SSH2_MSG_REQUEST_{SUCCESS,FAILURE}.
1764 */
1765 confused:
1770 }
1771 }
1773 /*
1774 * Coroutine macros similar to, but simplified from, those in ssh.c.
1775 */
1776 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
1777 #define crFinishV } *crLine = 0; return; }
1778 #define crGetChar(c) do \
1779 { \
1780 while (len == 0) { \
1781 *crLine =__LINE__; return; case __LINE__:; \
1782 } \
1783 len--; \
1784 (c) = (unsigned char)*data++; \
1785 } while (0)
1788 {
1796 /*
1797 * First read the version string from downstream.
1798 */
1809 }
1811 }
1813 /*
1814 * Now parse the version string to make sure it's at least vaguely
1815 * sensible, and log it.
1816 */
1824 }
1832 /*
1833 * Loop round reading packets.
1834 */
1840 }
1849 }
1853 }
1857 }
1859 dead:;
1860 crFinishV;
1861 }
1864 {
1865 /* struct ssh_sharing_connstate *cs = (struct ssh_sharing_connstate *)plug; */
1867 /*
1868 * We do nothing here, because we expect that there won't be a
1869 * need to throttle and unthrottle the connection to a downstream.
1870 * It should automatically throttle itself: if the SSH server
1871 * sends huge amounts of data on all channels then it'll run out
1872 * of window until our downstream sends it back some
1873 * WINDOW_ADJUSTs.
1874 */
1875 }
1879 {
1886 }
1889 {
1896 }
1899 {
1902 }
1905 {
1906 /*
1907 * Indication from ssh.c that we are now ready to begin serving
1908 * any downstreams that have already connected to us.
1909 */
1914 /*
1915 * Trim the server's version string down to just the software
1916 * version component, removing "SSH-2.0-" or whatever at the
1917 * front.
1918 */
1922 server_verstring++;
1923 }
1931 }
1932 }
1936 {
1939 share_closing,
1940 share_receive,
1941 share_sent,
1942 NULL /* no accepting function, because we've already done it */
1943 };
1949 /*
1950 * A new downstream has connected to us.
1951 */
1960 }
1969 }
1995 }
1997 /* Per-application overrides for what roles we can take (e.g. pscp
1998 * will never be an upstream) */
2002 /*
2003 * Decide on the string used to identify the connection point between
2004 * upstream and downstream (be it a Windows named pipe or a
2005 * Unix-domain socket or whatever else).
2006 *
2007 * I wondered about making this a SHA hash of all sorts of pieces of
2008 * the PuTTY configuration - essentially everything PuTTY uses to know
2009 * where and how to make a connection, including all the proxy details
2010 * (or rather, all the _relevant_ ones - only including settings that
2011 * other settings didn't prevent from having any effect), plus the
2012 * username. However, I think it's better to keep it really simple:
2013 * the connection point identifier is derived from the hostname and
2014 * port used to index the host-key cache (not necessarily where we
2015 * _physically_ connected to, in cases involving proxies or
2016 * CONF_loghost), plus the username if one is specified.
2017 *
2018 * The per-platform code will quite likely hash or obfuscate this name
2019 * in turn, for privacy from other users; failing that, it might
2020 * transform it to avoid dangerous filename characters and so on. But
2021 * that doesn't matter to us: for us, the point is that two session
2022 * configurations which return the same string from this function will
2023 * be treated as potentially shareable with each other.
2024 */
2026 {
2033 else
2038 else
2040 }
2044 }
2054 {
2056 nullplug_socket_log,
2057 nullplug_closing,
2058 nullplug_receive,
2059 nullplug_sent,
2060 NULL
2061 };
2068 Socket sock;
2091 }
2092 }
2094 /*
2095 * Init function for connection sharing. We either open a listening
2096 * socket and become an upstream, or connect to an existing one and
2097 * become a downstream, or do neither. We are responsible for deciding
2098 * which of these to do (including checking the Conf to see if
2099 * connection sharing is even enabled in the first place). If we
2100 * become a downstream, we return the Socket with which we connected
2101 * to the upstream; otherwise (whether or not we have established an
2102 * upstream) we return NULL.
2103 */
2106 {
2109 share_listen_closing,
2112 share_listen_accepting
2113 };
2118 Socket sock;
2132 /*
2133 * Create a data structure for the listening plug if we turn out
2134 * to be an upstream.
2135 */
2140 /*
2141 * Now hand off to a per-platform routine that either connects to
2142 * an existing upstream (using 'ssh' as the plug), establishes our
2143 * own upstream (using 'sharestate' as the plug), or forks off a
2144 * separate upstream and then connects to that. It will return a
2145 * code telling us which kind of socket it put in 'sock'.
2146 */
2158 /*
2159 * We aren't sharing our connection at all (e.g. something
2160 * went wrong setting the socket up). Free the upstream
2161 * structure and return NULL.
2162 */
2170 /*
2171 * We are downstream, so free sharestate which it turns out we
2172 * don't need after all, and return the downstream socket as a
2173 * replacement for an ordinary SSH connection.
2174 */
2181 /*
2182 * We are upstream. Set up sharestate properly and pass a copy
2183 * to the caller; return NULL, to tell ssh.c that it has to
2184 * make an ordinary connection after all.
2185 */
2194 }
2197 }