diff options
author | markus@openbsd.org <markus@openbsd.org> | 2016-09-30 09:19:13 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-10-01 02:45:10 +1000 |
commit | 8d0578478586e283e751ca51e7b0690631da139a (patch) | |
tree | 3621da2b97213f8ff0b434f5fd239dfd4f50d83d /ssh.c | |
parent | b7689155f3f5c4999846c07a852b1c7a43b09cec (diff) |
upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client and server on different machines. feedback
& ok djm@
Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 27 |
1 files changed, 18 insertions, 9 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.446 2016/09/12 23:31:27 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.447 2016/09/30 09:19:13 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -213,10 +213,6 @@ static int ssh_session2(void); | |||
213 | static void load_public_identity_files(void); | 213 | static void load_public_identity_files(void); |
214 | static void main_sigchld_handler(int); | 214 | static void main_sigchld_handler(int); |
215 | 215 | ||
216 | /* from muxclient.c */ | ||
217 | void muxclient(const char *); | ||
218 | void muxserver_listen(void); | ||
219 | |||
220 | /* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ | 216 | /* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ |
221 | static void | 217 | static void |
222 | tilde_expand_paths(char **paths, u_int num_paths) | 218 | tilde_expand_paths(char **paths, u_int num_paths) |
@@ -668,6 +664,8 @@ main(int ac, char **av) | |||
668 | muxclient_command = SSHMUX_COMMAND_STOP; | 664 | muxclient_command = SSHMUX_COMMAND_STOP; |
669 | else if (strcmp(optarg, "cancel") == 0) | 665 | else if (strcmp(optarg, "cancel") == 0) |
670 | muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; | 666 | muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; |
667 | else if (strcmp(optarg, "proxy") == 0) | ||
668 | muxclient_command = SSHMUX_COMMAND_PROXY; | ||
671 | else | 669 | else |
672 | fatal("Invalid multiplex command."); | 670 | fatal("Invalid multiplex command."); |
673 | break; | 671 | break; |
@@ -1162,7 +1160,8 @@ main(int ac, char **av) | |||
1162 | tty_flag = options.request_tty != REQUEST_TTY_NO; | 1160 | tty_flag = options.request_tty != REQUEST_TTY_NO; |
1163 | 1161 | ||
1164 | /* Force no tty */ | 1162 | /* Force no tty */ |
1165 | if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) | 1163 | if (options.request_tty == REQUEST_TTY_NO || |
1164 | (muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY)) | ||
1166 | tty_flag = 0; | 1165 | tty_flag = 0; |
1167 | /* Do not allocate a tty if stdin is not a tty. */ | 1166 | /* Do not allocate a tty if stdin is not a tty. */ |
1168 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 1167 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
@@ -1239,8 +1238,16 @@ main(int ac, char **av) | |||
1239 | 1238 | ||
1240 | if (muxclient_command != 0 && options.control_path == NULL) | 1239 | if (muxclient_command != 0 && options.control_path == NULL) |
1241 | fatal("No ControlPath specified for \"-O\" command"); | 1240 | fatal("No ControlPath specified for \"-O\" command"); |
1242 | if (options.control_path != NULL) | 1241 | if (options.control_path != NULL) { |
1243 | muxclient(options.control_path); | 1242 | int sock; |
1243 | if ((sock = muxclient(options.control_path)) >= 0) { | ||
1244 | packet_set_connection(sock, sock); | ||
1245 | ssh = active_state; /* XXX */ | ||
1246 | enable_compat20(); /* XXX */ | ||
1247 | packet_set_mux(); | ||
1248 | goto skip_connect; | ||
1249 | } | ||
1250 | } | ||
1244 | 1251 | ||
1245 | /* | 1252 | /* |
1246 | * If hostname canonicalisation was not enabled, then we may not | 1253 | * If hostname canonicalisation was not enabled, then we may not |
@@ -1443,6 +1450,7 @@ main(int ac, char **av) | |||
1443 | options.certificate_files[i] = NULL; | 1450 | options.certificate_files[i] = NULL; |
1444 | } | 1451 | } |
1445 | 1452 | ||
1453 | skip_connect: | ||
1446 | exit_status = compat20 ? ssh_session2() : ssh_session(); | 1454 | exit_status = compat20 ? ssh_session2() : ssh_session(); |
1447 | packet_close(); | 1455 | packet_close(); |
1448 | 1456 | ||
@@ -1953,7 +1961,8 @@ ssh_session2(void) | |||
1953 | ssh_init_forwarding(); | 1961 | ssh_init_forwarding(); |
1954 | 1962 | ||
1955 | /* Start listening for multiplex clients */ | 1963 | /* Start listening for multiplex clients */ |
1956 | muxserver_listen(); | 1964 | if (!packet_get_mux()) |
1965 | muxserver_listen(); | ||
1957 | 1966 | ||
1958 | /* | 1967 | /* |
1959 | * If we are in control persist mode and have a working mux listen | 1968 | * If we are in control persist mode and have a working mux listen |