diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2016-09-30 09:19:13 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-10-01 02:45:10 +1000 |
| commit | 8d0578478586e283e751ca51e7b0690631da139a (patch) | |
| tree | 3621da2b97213f8ff0b434f5fd239dfd4f50d83d /clientloop.c | |
| parent | b7689155f3f5c4999846c07a852b1c7a43b09cec (diff) | |
upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client and server on different machines. feedback
& ok djm@
Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/clientloop.c b/clientloop.c index 58e712241..4289a4081 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.288 2016/09/17 18:00:27 tedu Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1883,11 +1883,14 @@ client_input_agent_open(int type, u_int32_t seq, void *ctxt) | |||
| 1883 | } | 1883 | } |
| 1884 | 1884 | ||
| 1885 | static Channel * | 1885 | static Channel * |
| 1886 | client_request_forwarded_tcpip(const char *request_type, int rchan) | 1886 | client_request_forwarded_tcpip(const char *request_type, int rchan, |
| 1887 | u_int rwindow, u_int rmaxpack) | ||
| 1887 | { | 1888 | { |
| 1888 | Channel *c = NULL; | 1889 | Channel *c = NULL; |
| 1890 | struct sshbuf *b = NULL; | ||
| 1889 | char *listen_address, *originator_address; | 1891 | char *listen_address, *originator_address; |
| 1890 | u_short listen_port, originator_port; | 1892 | u_short listen_port, originator_port; |
| 1893 | int r; | ||
| 1891 | 1894 | ||
| 1892 | /* Get rest of the packet */ | 1895 | /* Get rest of the packet */ |
| 1893 | listen_address = packet_get_string(NULL); | 1896 | listen_address = packet_get_string(NULL); |
| @@ -1902,6 +1905,31 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) | |||
| 1902 | c = channel_connect_by_listen_address(listen_address, listen_port, | 1905 | c = channel_connect_by_listen_address(listen_address, listen_port, |
| 1903 | "forwarded-tcpip", originator_address); | 1906 | "forwarded-tcpip", originator_address); |
| 1904 | 1907 | ||
| 1908 | if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { | ||
| 1909 | if ((b = sshbuf_new()) == NULL) { | ||
| 1910 | error("%s: alloc reply", __func__); | ||
| 1911 | goto out; | ||
| 1912 | } | ||
| 1913 | /* reconstruct and send to muxclient */ | ||
| 1914 | if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */ | ||
| 1915 | (r = sshbuf_put_u8(b, SSH2_MSG_CHANNEL_OPEN)) != 0 || | ||
| 1916 | (r = sshbuf_put_cstring(b, request_type)) != 0 || | ||
| 1917 | (r = sshbuf_put_u32(b, rchan)) != 0 || | ||
| 1918 | (r = sshbuf_put_u32(b, rwindow)) != 0 || | ||
| 1919 | (r = sshbuf_put_u32(b, rmaxpack)) != 0 || | ||
| 1920 | (r = sshbuf_put_cstring(b, listen_address)) != 0 || | ||
| 1921 | (r = sshbuf_put_u32(b, listen_port)) != 0 || | ||
| 1922 | (r = sshbuf_put_cstring(b, originator_address)) != 0 || | ||
| 1923 | (r = sshbuf_put_u32(b, originator_port)) != 0 || | ||
| 1924 | (r = sshbuf_put_stringb(&c->output, b)) != 0) { | ||
| 1925 | error("%s: compose for muxclient %s", __func__, | ||
| 1926 | ssh_err(r)); | ||
| 1927 | goto out; | ||
| 1928 | } | ||
| 1929 | } | ||
| 1930 | |||
| 1931 | out: | ||
| 1932 | sshbuf_free(b); | ||
| 1905 | free(originator_address); | 1933 | free(originator_address); |
| 1906 | free(listen_address); | 1934 | free(listen_address); |
| 1907 | return c; | 1935 | return c; |
| @@ -2057,7 +2085,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
| 2057 | ctype, rchan, rwindow, rmaxpack); | 2085 | ctype, rchan, rwindow, rmaxpack); |
| 2058 | 2086 | ||
| 2059 | if (strcmp(ctype, "forwarded-tcpip") == 0) { | 2087 | if (strcmp(ctype, "forwarded-tcpip") == 0) { |
| 2060 | c = client_request_forwarded_tcpip(ctype, rchan); | 2088 | c = client_request_forwarded_tcpip(ctype, rchan, rwindow, |
| 2089 | rmaxpack); | ||
| 2061 | } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { | 2090 | } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { |
| 2062 | c = client_request_forwarded_streamlocal(ctype, rchan); | 2091 | c = client_request_forwarded_streamlocal(ctype, rchan); |
| 2063 | } else if (strcmp(ctype, "x11") == 0) { | 2092 | } else if (strcmp(ctype, "x11") == 0) { |
| @@ -2065,8 +2094,9 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
| 2065 | } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { | 2094 | } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { |
| 2066 | c = client_request_agent(ctype, rchan); | 2095 | c = client_request_agent(ctype, rchan); |
| 2067 | } | 2096 | } |
| 2068 | /* XXX duplicate : */ | 2097 | if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { |
| 2069 | if (c != NULL) { | 2098 | debug3("proxied to downstream: %s", ctype); |
| 2099 | } else if (c != NULL) { | ||
| 2070 | debug("confirm %s", ctype); | 2100 | debug("confirm %s", ctype); |
| 2071 | c->remote_id = rchan; | 2101 | c->remote_id = rchan; |
| 2072 | c->remote_window = rwindow; | 2102 | c->remote_window = rwindow; |
| @@ -2102,6 +2132,9 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
| 2102 | char *rtype; | 2132 | char *rtype; |
| 2103 | 2133 | ||
| 2104 | id = packet_get_int(); | 2134 | id = packet_get_int(); |
| 2135 | c = channel_lookup(id); | ||
| 2136 | if (channel_proxy_upstream(c, type, seq, ctxt)) | ||
| 2137 | return 0; | ||
| 2105 | rtype = packet_get_string(NULL); | 2138 | rtype = packet_get_string(NULL); |
| 2106 | reply = packet_get_char(); | 2139 | reply = packet_get_char(); |
| 2107 | 2140 | ||
| @@ -2110,7 +2143,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
| 2110 | 2143 | ||
| 2111 | if (id == -1) { | 2144 | if (id == -1) { |
| 2112 | error("client_input_channel_req: request for channel -1"); | 2145 | error("client_input_channel_req: request for channel -1"); |
| 2113 | } else if ((c = channel_lookup(id)) == NULL) { | 2146 | } else if (c == NULL) { |
| 2114 | error("client_input_channel_req: channel %d: " | 2147 | error("client_input_channel_req: channel %d: " |
| 2115 | "unknown channel", id); | 2148 | "unknown channel", id); |
| 2116 | } else if (strcmp(rtype, "eow@openssh.com") == 0) { | 2149 | } else if (strcmp(rtype, "eow@openssh.com") == 0) { |