- djm@cvs.openbsd.org 2005/06/08 11:25:09

     [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add ControlMaster=auto/autoask options to support opportunistic
     multiplexing; tested avsm@ and jakob@, ok markus@

diff --git a/ChangeLog b/ChangeLog
index c7664fadb7d055907a961a16feb87130de2d83c6..f776eed7c2764adcda6d8636271c1002aa72e6c6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@
      [ssh-keygen.1 ssh-keygen.c sshd.8]
      increase default rsa/dsa key length from 1024 to 2048 bits;
      ok markus@ deraadt@
      [ssh-keygen.1 ssh-keygen.c sshd.8]
      increase default rsa/dsa key length from 1024 to 2048 bits;
      ok markus@ deraadt@

+   - djm@cvs.openbsd.org 2005/06/08 11:25:09
+     [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
+     add ControlMaster=auto/autoask options to support opportunistic
+     multiplexing; tested avsm@ and jakob@, ok markus@

 
 20050609
  - (dtucker) [cipher.c openbsd-compat/Makefile.in
 
 20050609
  - (dtucker) [cipher.c openbsd-compat/Makefile.in

diff --git a/clientloop.c b/clientloop.c
index 1591215bdabfcf889e98d9ba701338d63c42aa02..ae4dce820a92a7e7b188db81d3d3415f71c90f22 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
  */
 
 #include "includes.h"

-RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.137 2005/06/08 11:25:09 djm Exp $");

 
 #include "ssh.h"
 #include "ssh1.h"
 
 #include "ssh.h"
 #include "ssh1.h"


@@ -616,13 +616,15 @@ client_process_control(fd_set * readset)
 
        switch (command) {
        case SSHMUX_COMMAND_OPEN:
 
        switch (command) {
        case SSHMUX_COMMAND_OPEN:

-               if (options.control_master == 2)
+               if (options.control_master == SSHCTL_MASTER_ASK ||
+                   options.control_master == SSHCTL_MASTER_AUTO_ASK)

                        allowed = ask_permission("Allow shared connection "
                            "to %s? ", host);
                /* continue below */
                break;
        case SSHMUX_COMMAND_TERMINATE:
                        allowed = ask_permission("Allow shared connection "
                            "to %s? ", host);
                /* continue below */
                break;
        case SSHMUX_COMMAND_TERMINATE:

-               if (options.control_master == 2)
+               if (options.control_master == SSHCTL_MASTER_ASK ||
+                   options.control_master == SSHCTL_MASTER_AUTO_ASK)

                        allowed = ask_permission("Terminate shared connection "
                            "to %s? ", host);
                if (allowed)
                        allowed = ask_permission("Terminate shared connection "
                            "to %s? ", host);
                if (allowed)

diff --git a/readconf.c b/readconf.c
index d41220807ad0df0d9d38b969a2d477cb9b36af59..5ec89e2f03d9af46b1732dfab97e68ae9afcf1e0 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
  */
 
 #include "includes.h"

-RCSID("$OpenBSD: readconf.c,v 1.140 2005/05/16 15:30:51 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.141 2005/06/08 11:25:09 djm Exp $");

 
 #include "ssh.h"
 #include "xmalloc.h"
 
 #include "ssh.h"
 #include "xmalloc.h"


@@ -796,7 +796,27 @@ parse_int:
 
        case oControlMaster:
                intptr = &options->control_master;
 
        case oControlMaster:
                intptr = &options->control_master;

-               goto parse_yesnoask;
+               arg = strdelim(&s);
+               if (!arg || *arg == '\0')
+                       fatal("%.200s line %d: Missing ControlMaster argument.",
+                           filename, linenum);
+               value = 0;      /* To avoid compiler warning... */
+               if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
+                       value = SSHCTL_MASTER_YES;
+               else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
+                       value = SSHCTL_MASTER_NO;
+               else if (strcmp(arg, "auto") == 0)
+                       value = SSHCTL_MASTER_AUTO;
+               else if (strcmp(arg, "ask") == 0)
+                       value = SSHCTL_MASTER_ASK;
+               else if (strcmp(arg, "autoask") == 0)
+                       value = SSHCTL_MASTER_AUTO_ASK;
+               else
+                       fatal("%.200s line %d: Bad ControlMaster argument.",
+                           filename, linenum);
+               if (*activep && *intptr == -1)
+                       *intptr = value;
+               break;

 
        case oHashKnownHosts:
                intptr = &options->hash_known_hosts;
 
        case oHashKnownHosts:
                intptr = &options->hash_known_hosts;

diff --git a/readconf.h b/readconf.h
index de4b4cb2787cfdaea148bd2a973459d9da68a858..2b9deb9db393cd9c427c74a88913b86a15aacdb7 100644 (file)
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $       */
+/*     $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $       */

 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>


@@ -116,6 +116,11 @@ typedef struct {
        int     hash_known_hosts;
 }       Options;
 
        int     hash_known_hosts;
 }       Options;
 

+#define SSHCTL_MASTER_NO       0
+#define SSHCTL_MASTER_YES      1
+#define SSHCTL_MASTER_AUTO     2
+#define SSHCTL_MASTER_ASK      3
+#define SSHCTL_MASTER_AUTO_ASK 4

 
 void     initialize_options(Options *);
 void     fill_default_options(Options *);
 
 void     initialize_options(Options *);
 void     fill_default_options(Options *);

diff --git a/ssh.c b/ssh.c
index 0871d06de1609dfe63a1ae7cf5e894843ea44a2a..a27c457254ce49bdb77e556968e8c387f9108ff0 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
  */
 
 #include "includes.h"

-RCSID("$OpenBSD: ssh.c,v 1.241 2005/06/06 11:20:36 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.242 2005/06/08 11:25:09 djm Exp $");

 
 #include <openssl/evp.h>
 #include <openssl/err.h>
 
 #include <openssl/evp.h>
 #include <openssl/err.h>


@@ -386,8 +386,10 @@ again:
                        }
                        break;
                case 'M':
                        }
                        break;
                case 'M':

-                       options.control_master =
-                           (options.control_master >= 1) ? 2 : 1;
+                       if (options.control_master == SSHCTL_MASTER_YES)
+                               options.control_master = SSHCTL_MASTER_ASK;
+                       else
+                               options.control_master = SSHCTL_MASTER_YES;

                        break;
                case 'p':
                        options.port = a2port(optarg);
                        break;
                case 'p':
                        options.port = a2port(optarg);


@@ -618,11 +620,8 @@ again:
        }
        if (mux_command != 0 && options.control_path == NULL)
                fatal("No ControlPath specified for \"-O\" command");
        }
        if (mux_command != 0 && options.control_path == NULL)
                fatal("No ControlPath specified for \"-O\" command");

-       if (options.control_path != NULL && options.control_master == 0) {
-               if (mux_command == 0)
-                       mux_command = SSHMUX_COMMAND_OPEN;
+       if (options.control_path != NULL)

                control_client(options.control_path);
                control_client(options.control_path);

-       }

 
        /* Open a connection to the remote host. */
        if (ssh_connect(host, &hostaddr, options.port,
 
        /* Open a connection to the remote host. */
        if (ssh_connect(host, &hostaddr, options.port,


@@ -1086,9 +1085,12 @@ ssh_control_listener(void)
        mode_t old_umask;
        int addr_len;
 
        mode_t old_umask;
        int addr_len;
 

-       if (options.control_path == NULL || options.control_master <= 0)
+       if (options.control_path == NULL ||
+           options.control_master == SSHCTL_MASTER_NO)

                return;
 
                return;
 

+       debug("setting up multiplex master socket");
+

        memset(&addr, '\0', sizeof(addr));
        addr.sun_family = AF_UNIX;
        addr_len = offsetof(struct sockaddr_un, sun_path) +
        memset(&addr, '\0', sizeof(addr));
        addr.sun_family = AF_UNIX;
        addr_len = offsetof(struct sockaddr_un, sun_path) +


@@ -1299,6 +1301,20 @@ control_client(const char *path)
        extern char **environ;
        u_int  flags;
 
        extern char **environ;
        u_int  flags;
 

+       if (mux_command == 0)
+               mux_command = SSHMUX_COMMAND_OPEN;
+
+       switch (options.control_master) {
+       case SSHCTL_MASTER_AUTO:
+       case SSHCTL_MASTER_AUTO_ASK:
+               debug("auto-mux: Trying existing master");
+               /* FALLTHROUGH */
+       case SSHCTL_MASTER_NO:
+               break;
+       default:
+               return;
+       }
+

        memset(&addr, '\0', sizeof(addr));
        addr.sun_family = AF_UNIX;
        addr_len = offsetof(struct sockaddr_un, sun_path) +
        memset(&addr, '\0', sizeof(addr));
        addr.sun_family = AF_UNIX;
        addr_len = offsetof(struct sockaddr_un, sun_path) +

diff --git a/ssh_config.5 b/ssh_config.5
index 2afc3c093916b7c9d18b0953f7ac8c0da824b7a3..a04ffc288f0f90f71fb5febcc97f734434abc4fd 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"

-.\" $OpenBSD: ssh_config.5,v 1.55 2005/06/06 11:20:36 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.56 2005/06/08 11:25:09 djm Exp $

 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os


@@ -278,6 +278,17 @@ If the
 can not be opened,
 .Nm ssh
 will continue without connecting to a master instance.
 can not be opened,
 .Nm ssh
 will continue without connecting to a master instance.

+.Pp
+Two additional options allow for opportunistic multiplexing: try to use a
+master connection but fall back to creating a new one if one does not already
+exist.
+These options are:
+.Dq auto
+and
+.Dq autoask .
+The latter requires confirmation like the
+.Dq ask
+option.

 .It Cm ControlPath
 Specify the path to the control socket used for connection sharing as described
 in the
 .It Cm ControlPath
 Specify the path to the control socket used for connection sharing as described
 in the


@@ -290,6 +301,11 @@ will be substituted by the target host name,
 the port and
 .Ql %r
 by the remote login username.
 the port and
 .Ql %r
 by the remote login username.

+It is recommended that any
+.Cm ControlPath
+used for opportunistic connection sharing include
+all three of these escape sequences.
+This ensures that shared connections are uniquely identified.

 .It Cm DynamicForward
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
 .It Cm DynamicForward
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application