diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | clientloop.c | 8 | ||||
| -rw-r--r-- | readconf.c | 24 | ||||
| -rw-r--r-- | readconf.h | 7 | ||||
| -rw-r--r-- | ssh.c | 32 | ||||
| -rw-r--r-- | ssh_config.5 | 18 |
6 files changed, 79 insertions, 16 deletions
| @@ -11,6 +11,10 @@ | |||
| 11 | [ssh-keygen.1 ssh-keygen.c sshd.8] | 11 | [ssh-keygen.1 ssh-keygen.c sshd.8] |
| 12 | increase default rsa/dsa key length from 1024 to 2048 bits; | 12 | increase default rsa/dsa key length from 1024 to 2048 bits; |
| 13 | ok markus@ deraadt@ | 13 | ok markus@ deraadt@ |
| 14 | - djm@cvs.openbsd.org 2005/06/08 11:25:09 | ||
| 15 | [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] | ||
| 16 | add ControlMaster=auto/autoask options to support opportunistic | ||
| 17 | multiplexing; tested avsm@ and jakob@, ok markus@ | ||
| 14 | 18 | ||
| 15 | 20050609 | 19 | 20050609 |
| 16 | - (dtucker) [cipher.c openbsd-compat/Makefile.in | 20 | - (dtucker) [cipher.c openbsd-compat/Makefile.in |
| @@ -2706,4 +2710,4 @@ | |||
| 2706 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2710 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 2707 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2711 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 2708 | 2712 | ||
| 2709 | $Id: ChangeLog,v 1.3818 2005/06/16 03:19:06 djm Exp $ | 2713 | $Id: ChangeLog,v 1.3819 2005/06/16 03:19:41 djm Exp $ |
diff --git a/clientloop.c b/clientloop.c index 1591215bd..ae4dce820 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | */ | 59 | */ |
| 60 | 60 | ||
| 61 | #include "includes.h" | 61 | #include "includes.h" |
| 62 | RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.137 2005/06/08 11:25:09 djm Exp $"); |
| 63 | 63 | ||
| 64 | #include "ssh.h" | 64 | #include "ssh.h" |
| 65 | #include "ssh1.h" | 65 | #include "ssh1.h" |
| @@ -616,13 +616,15 @@ client_process_control(fd_set * readset) | |||
| 616 | 616 | ||
| 617 | switch (command) { | 617 | switch (command) { |
| 618 | case SSHMUX_COMMAND_OPEN: | 618 | case SSHMUX_COMMAND_OPEN: |
| 619 | if (options.control_master == 2) | 619 | if (options.control_master == SSHCTL_MASTER_ASK || |
| 620 | options.control_master == SSHCTL_MASTER_AUTO_ASK) | ||
| 620 | allowed = ask_permission("Allow shared connection " | 621 | allowed = ask_permission("Allow shared connection " |
| 621 | "to %s? ", host); | 622 | "to %s? ", host); |
| 622 | /* continue below */ | 623 | /* continue below */ |
| 623 | break; | 624 | break; |
| 624 | case SSHMUX_COMMAND_TERMINATE: | 625 | case SSHMUX_COMMAND_TERMINATE: |
| 625 | if (options.control_master == 2) | 626 | if (options.control_master == SSHCTL_MASTER_ASK || |
| 627 | options.control_master == SSHCTL_MASTER_AUTO_ASK) | ||
| 626 | allowed = ask_permission("Terminate shared connection " | 628 | allowed = ask_permission("Terminate shared connection " |
| 627 | "to %s? ", host); | 629 | "to %s? ", host); |
| 628 | if (allowed) | 630 | if (allowed) |
diff --git a/readconf.c b/readconf.c index d41220807..5ec89e2f0 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: readconf.c,v 1.140 2005/05/16 15:30:51 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.141 2005/06/08 11:25:09 djm Exp $"); |
| 16 | 16 | ||
| 17 | #include "ssh.h" | 17 | #include "ssh.h" |
| 18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
| @@ -796,7 +796,27 @@ parse_int: | |||
| 796 | 796 | ||
| 797 | case oControlMaster: | 797 | case oControlMaster: |
| 798 | intptr = &options->control_master; | 798 | intptr = &options->control_master; |
| 799 | goto parse_yesnoask; | 799 | arg = strdelim(&s); |
| 800 | if (!arg || *arg == '\0') | ||
| 801 | fatal("%.200s line %d: Missing ControlMaster argument.", | ||
| 802 | filename, linenum); | ||
| 803 | value = 0; /* To avoid compiler warning... */ | ||
| 804 | if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) | ||
| 805 | value = SSHCTL_MASTER_YES; | ||
| 806 | else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) | ||
| 807 | value = SSHCTL_MASTER_NO; | ||
| 808 | else if (strcmp(arg, "auto") == 0) | ||
| 809 | value = SSHCTL_MASTER_AUTO; | ||
| 810 | else if (strcmp(arg, "ask") == 0) | ||
| 811 | value = SSHCTL_MASTER_ASK; | ||
| 812 | else if (strcmp(arg, "autoask") == 0) | ||
| 813 | value = SSHCTL_MASTER_AUTO_ASK; | ||
| 814 | else | ||
| 815 | fatal("%.200s line %d: Bad ControlMaster argument.", | ||
| 816 | filename, linenum); | ||
| 817 | if (*activep && *intptr == -1) | ||
| 818 | *intptr = value; | ||
| 819 | break; | ||
| 800 | 820 | ||
| 801 | case oHashKnownHosts: | 821 | case oHashKnownHosts: |
| 802 | intptr = &options->hash_known_hosts; | 822 | intptr = &options->hash_known_hosts; |
diff --git a/readconf.h b/readconf.h index de4b4cb27..2b9deb9db 100644 --- a/readconf.h +++ b/readconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -116,6 +116,11 @@ typedef struct { | |||
| 116 | int hash_known_hosts; | 116 | int hash_known_hosts; |
| 117 | } Options; | 117 | } Options; |
| 118 | 118 | ||
| 119 | #define SSHCTL_MASTER_NO 0 | ||
| 120 | #define SSHCTL_MASTER_YES 1 | ||
| 121 | #define SSHCTL_MASTER_AUTO 2 | ||
| 122 | #define SSHCTL_MASTER_ASK 3 | ||
| 123 | #define SSHCTL_MASTER_AUTO_ASK 4 | ||
| 119 | 124 | ||
| 120 | void initialize_options(Options *); | 125 | void initialize_options(Options *); |
| 121 | void fill_default_options(Options *); | 126 | void fill_default_options(Options *); |
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: ssh.c,v 1.241 2005/06/06 11:20:36 djm Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.242 2005/06/08 11:25:09 djm Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
| 46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
| @@ -386,8 +386,10 @@ again: | |||
| 386 | } | 386 | } |
| 387 | break; | 387 | break; |
| 388 | case 'M': | 388 | case 'M': |
| 389 | options.control_master = | 389 | if (options.control_master == SSHCTL_MASTER_YES) |
| 390 | (options.control_master >= 1) ? 2 : 1; | 390 | options.control_master = SSHCTL_MASTER_ASK; |
| 391 | else | ||
| 392 | options.control_master = SSHCTL_MASTER_YES; | ||
| 391 | break; | 393 | break; |
| 392 | case 'p': | 394 | case 'p': |
| 393 | options.port = a2port(optarg); | 395 | options.port = a2port(optarg); |
| @@ -618,11 +620,8 @@ again: | |||
| 618 | } | 620 | } |
| 619 | if (mux_command != 0 && options.control_path == NULL) | 621 | if (mux_command != 0 && options.control_path == NULL) |
| 620 | fatal("No ControlPath specified for \"-O\" command"); | 622 | fatal("No ControlPath specified for \"-O\" command"); |
| 621 | if (options.control_path != NULL && options.control_master == 0) { | 623 | if (options.control_path != NULL) |
| 622 | if (mux_command == 0) | ||
| 623 | mux_command = SSHMUX_COMMAND_OPEN; | ||
| 624 | control_client(options.control_path); | 624 | control_client(options.control_path); |
| 625 | } | ||
| 626 | 625 | ||
| 627 | /* Open a connection to the remote host. */ | 626 | /* Open a connection to the remote host. */ |
| 628 | if (ssh_connect(host, &hostaddr, options.port, | 627 | if (ssh_connect(host, &hostaddr, options.port, |
| @@ -1086,9 +1085,12 @@ ssh_control_listener(void) | |||
| 1086 | mode_t old_umask; | 1085 | mode_t old_umask; |
| 1087 | int addr_len; | 1086 | int addr_len; |
| 1088 | 1087 | ||
| 1089 | if (options.control_path == NULL || options.control_master <= 0) | 1088 | if (options.control_path == NULL || |
| 1089 | options.control_master == SSHCTL_MASTER_NO) | ||
| 1090 | return; | 1090 | return; |
| 1091 | 1091 | ||
| 1092 | debug("setting up multiplex master socket"); | ||
| 1093 | |||
| 1092 | memset(&addr, '\0', sizeof(addr)); | 1094 | memset(&addr, '\0', sizeof(addr)); |
| 1093 | addr.sun_family = AF_UNIX; | 1095 | addr.sun_family = AF_UNIX; |
| 1094 | addr_len = offsetof(struct sockaddr_un, sun_path) + | 1096 | addr_len = offsetof(struct sockaddr_un, sun_path) + |
| @@ -1299,6 +1301,20 @@ control_client(const char *path) | |||
| 1299 | extern char **environ; | 1301 | extern char **environ; |
| 1300 | u_int flags; | 1302 | u_int flags; |
| 1301 | 1303 | ||
| 1304 | if (mux_command == 0) | ||
| 1305 | mux_command = SSHMUX_COMMAND_OPEN; | ||
| 1306 | |||
| 1307 | switch (options.control_master) { | ||
| 1308 | case SSHCTL_MASTER_AUTO: | ||
| 1309 | case SSHCTL_MASTER_AUTO_ASK: | ||
| 1310 | debug("auto-mux: Trying existing master"); | ||
| 1311 | /* FALLTHROUGH */ | ||
| 1312 | case SSHCTL_MASTER_NO: | ||
| 1313 | break; | ||
| 1314 | default: | ||
| 1315 | return; | ||
| 1316 | } | ||
| 1317 | |||
| 1302 | memset(&addr, '\0', sizeof(addr)); | 1318 | memset(&addr, '\0', sizeof(addr)); |
| 1303 | addr.sun_family = AF_UNIX; | 1319 | addr.sun_family = AF_UNIX; |
| 1304 | addr_len = offsetof(struct sockaddr_un, sun_path) + | 1320 | addr_len = offsetof(struct sockaddr_un, sun_path) + |
diff --git a/ssh_config.5 b/ssh_config.5 index 2afc3c093..a04ffc288 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh_config.5,v 1.55 2005/06/06 11:20:36 djm Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.56 2005/06/08 11:25:09 djm Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -278,6 +278,17 @@ If the | |||
| 278 | can not be opened, | 278 | can not be opened, |
| 279 | .Nm ssh | 279 | .Nm ssh |
| 280 | will continue without connecting to a master instance. | 280 | will continue without connecting to a master instance. |
| 281 | .Pp | ||
| 282 | Two additional options allow for opportunistic multiplexing: try to use a | ||
| 283 | master connection but fall back to creating a new one if one does not already | ||
| 284 | exist. | ||
| 285 | These options are: | ||
| 286 | .Dq auto | ||
| 287 | and | ||
| 288 | .Dq autoask . | ||
| 289 | The latter requires confirmation like the | ||
| 290 | .Dq ask | ||
| 291 | option. | ||
| 281 | .It Cm ControlPath | 292 | .It Cm ControlPath |
| 282 | Specify the path to the control socket used for connection sharing as described | 293 | Specify the path to the control socket used for connection sharing as described |
| 283 | in the | 294 | in the |
| @@ -290,6 +301,11 @@ will be substituted by the target host name, | |||
| 290 | the port and | 301 | the port and |
| 291 | .Ql %r | 302 | .Ql %r |
| 292 | by the remote login username. | 303 | by the remote login username. |
| 304 | It is recommended that any | ||
| 305 | .Cm ControlPath | ||
| 306 | used for opportunistic connection sharing include | ||
| 307 | all three of these escape sequences. | ||
| 308 | This ensures that shared connections are uniquely identified. | ||
| 293 | .It Cm DynamicForward | 309 | .It Cm DynamicForward |
| 294 | Specifies that a TCP/IP port on the local machine be forwarded | 310 | Specifies that a TCP/IP port on the local machine be forwarded |
| 295 | over the secure channel, and the application | 311 | over the secure channel, and the application |