nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-08 08:58:00 +00:00
Code Issues Projects Releases Wiki Activity

sshproxy: share the caller's LogPolicy.

Browse Source 
Now new_connection() takes an optional LogPolicy * argument, and
passes it on to the SshProxy setup. This means that SshProxy's
implementation of the LogPolicy trait can answer queries like
askappend() and logging_error() by passing them on to the same
LogPolicy used by the main backend.

Not all callers of new_connection have a LogPolicy, so we still have
to fall back to the previous conservative default behaviour if
SshProxy doesn't have a LogPolicy it can ask.

The main backend implementations didn't _quite_ have access to a
LogPolicy already, but they do have a LogContext, which has a
LogPolicy vtable pointer inside it; so I've added a query function
log_get_policy() which allows them to extract that pointer to pass to
new_connection.

This is the first step of fixing the non-interactivity limitations of
SshProxy. But it's also the easiest step: the next ones will be more
involved.
This commit is contained in:
Simon Tatham 2021-09-13 17:17:20 +01:00
parent a4b8ff911b
commit a08f953bd6
16 changed files with 90 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
logging.c
View File

@ -81,6 +81,11 @@ void logflush(LogContext *ctx)
fflush(ctx->lgfp);
}
LogPolicy *log_get_policy(LogContext *ctx)
{
return ctx->lp;
}
static void logfopen_callback(void *vctx, int mode)
{
LogContext *ctx = (LogContext *)vctx;

20
network.h
View File

@ -110,13 +110,22 @@ struct PlugVtable {
*/
};
/* proxy indirection layer */
/* NB, control of 'addr' is passed via new_connection, which takes
* responsibility for freeing it */
/* Proxy indirection layer.
*
* Calling new_connection transfers ownership of 'addr': the proxy
* layer is now responsible for freeing it, and the caller shouldn't
* assume it exists any more.
*
* You can optionally pass a LogPolicy to this function, which will be
* passed on in turn to proxy types that can use one (e.g. SSH jump
* host proxy). If you don't have one, all proxy types are required to
* be able to manage without (and will just degrade their logging
* control).
*/
Socket *new_connection(SockAddr *addr, const char *hostname,
int port, bool privport,
bool oobinline, bool nodelay, bool keepalive,
Plug *plug, Conf *conf);
Plug *plug, Conf *conf, LogPolicy *lp);
Socket *new_listener(const char *srcaddr, int port, Plug *plug,
bool local_host_only, Conf *conf, int addressfamily);
SockAddr *name_lookup(const char *host, int port, char **canonicalname,
@ -134,7 +143,8 @@ Socket *platform_new_connection(SockAddr *addr, const char *hostname,
Socket *sshproxy_new_connection(SockAddr *addr, const char *hostname,
int port, bool privport,
bool oobinline, bool nodelay, bool keepalive,
Plug *plug, Conf *conf);
Plug *plug, Conf *conf,
LogPolicy *clientlp);
/* socket functions */

2
noproxy.c
View File

@ -20,7 +20,7 @@ SockAddr *name_lookup(const char *host, int port, char **canonicalname,
Socket *new_connection(SockAddr *addr, const char *hostname,
int port, bool privport,
bool oobinline, bool nodelay, bool keepalive,
Plug *plug, Conf *conf)
Plug *plug, Conf *conf, LogPolicy *lp)
{
return sk_new(addr, port, privport, oobinline, nodelay, keepalive, plug);
}

3
nosshproxy.c
View File

@ -10,7 +10,8 @@ const bool ssh_proxy_supported = false;
Socket *sshproxy_new_connection(SockAddr *addr, const char *hostname,
int port, bool privport,
bool oobinline, bool nodelay, bool keepalive,
Plug *plug, Conf *conf)
Plug *plug, Conf *conf,
LogPolicy *clientlp)
{
return NULL;
}

3
otherbackends/raw.c
View File

@ -167,7 +167,8 @@ static char *raw_init(const BackendVtable *vt, Seat *seat,
* Open socket.
*/
raw->s = new_connection(addr, *realhost, port, false, true, nodelay,
keepalive, &raw->plug, conf);
keepalive, &raw->plug, conf,
log_get_policy(logctx));
if ((err = sk_socket_error(raw->s)) != NULL)
return dupstr(err);

3
otherbackends/rlogin.c
View File

@ -204,7 +204,8 @@ static char *rlogin_init(const BackendVtable *vt, Seat *seat,
* Open socket.
*/
rlogin->s = new_connection(addr, *realhost, port, true, false,
nodelay, keepalive, &rlogin->plug, conf);
nodelay, keepalive, &rlogin->plug, conf,
log_get_policy(logctx));
if ((err = sk_socket_error(rlogin->s)) != NULL)
return dupstr(err);

3
otherbackends/supdup.c
View File

@ -712,7 +712,8 @@ static char *supdup_init(const BackendVtable *x, Seat *seat,
* Open socket.
*/
supdup->s = new_connection(addr, *realhost, port, false, true,
nodelay, keepalive, &supdup->plug, supdup->conf);
nodelay, keepalive, &supdup->plug, supdup->conf,
log_get_policy(logctx));
if ((err = sk_socket_error(supdup->s)) != NULL)
return dupstr(err);

3
otherbackends/telnet.c
View File

@ -739,7 +739,8 @@ static char *telnet_init(const BackendVtable *vt, Seat *seat,
* Open socket.
*/
telnet->s = new_connection(addr, *realhost, port, false, true, nodelay,
keepalive, &telnet->plug, telnet->conf);
keepalive, &telnet->plug, telnet->conf,
log_get_policy(logctx));
if ((err = sk_socket_error(telnet->s)) != NULL)
return dupstr(err);

4
proxy.c
View File

@ -395,7 +395,7 @@ static const PlugVtable ProxySocket_plugvt = {
Socket *new_connection(SockAddr *addr, const char *hostname,
int port, bool privport,
bool oobinline, bool nodelay, bool keepalive,
Plug *plug, Conf *conf)
Plug *plug, Conf *conf, LogPolicy *lp)
{
int type = conf_get_int(conf, CONF_proxy_type);
@ -411,7 +411,7 @@ Socket *new_connection(SockAddr *addr, const char *hostname,
if (type == PROXY_SSH &&
(sret = sshproxy_new_connection(addr, hostname, port, privport,
oobinline, nodelay, keepalive,
plug, conf)) != NULL)
plug, conf, lp)) != NULL)
return sret;
if ((sret = platform_new_connection(addr, hostname, port, privport,

1
putty.h
View File

@ -1962,6 +1962,7 @@ void logfopen(LogContext *logctx);
void logfclose(LogContext *logctx);
void logtraffic(LogContext *logctx, unsigned char c, int logmode);
void logflush(LogContext *logctx);
LogPolicy *log_get_policy(LogContext *logctx);
void logevent(LogContext *logctx, const char *event);
void logeventf(LogContext *logctx, const char *fmt, ...) PRINTF_LIKE(2, 3);
void logeventvf(LogContext *logctx, const char *fmt, va_list ap);

3
ssh/portfwd.c
View File

@ -1160,7 +1160,8 @@ char *portfwdmgr_connect(PortFwdManager *mgr, Channel **chan_ret,
pf->socks_state = SOCKS_NONE;
pf->s = new_connection(addr, dummy_realhost, port,
false, true, false, false, &pf->plug, mgr->conf);
false, true, false, false, &pf->plug, mgr->conf,
NULL);
sfree(dummy_realhost);
if ((err = sk_socket_error(pf->s)) != NULL) {
char *err_ret = dupstr(err);

3
ssh/ssh.c
View File

@ -789,7 +789,8 @@ static char *connect_to_host(
ssh->s = new_connection(addr, *realhost, port,
false, true, nodelay, keepalive,
&ssh->plug, ssh->conf);
&ssh->plug, ssh->conf,
log_get_policy(ssh->logctx));
if ((err = sk_socket_error(ssh->s)) != NULL) {
ssh->s = NULL;
seat_notify_remote_exit(ssh->seat);

2
ssh/x11fwd.c
View File

@ -564,7 +564,7 @@ static size_t x11_send(
xconn->s = new_connection(sk_addr_dup(xconn->disp->addr),
xconn->disp->realhost, xconn->disp->port,
false, true, false, false, &xconn->plug,
sshfwd_get_conf(xconn->c));
sshfwd_get_conf(xconn->c), NULL);
if ((err = sk_socket_error(xconn->s)) != NULL) {
char *err_message = dupprintf("unable to connect to"
" forwarded X server: %s", err);

81
sshproxy.c
View File

@ -16,15 +16,15 @@ const bool ssh_proxy_supported = true;
/*
* TODO for future work:
*
* At present, this use of SSH as a proxy is 100% noninteractive. In
* our implementations of the Seat and LogPolicy traits, every method
* that involves interactively prompting the user is implemented by
* pretending the user gave a safe default answer. So the effect is
* very much as if you'd used 'plink -batch' as a proxy subprocess -
* password prompts are cancelled and any dubious host key or crypto
* primitive is unconditionally rejected - except that it all happens
* in-process, making it mildly more convenient to set up, perhaps a
* hair faster, and you get all the Event Log data in one place.
* At present, this use of SSH as a proxy is mostly noninteractive. In
* our implementations of the Seat trait, every method that involves
* interactively prompting the user is implemented by pretending the
* user gave a safe default answer. So the effect is very much as if
* you'd used 'plink -batch' as a proxy subprocess - password prompts
* are cancelled and any dubious host key or crypto primitive is
* unconditionally rejected - except that it all happens in-process,
* making it mildly more convenient to set up, perhaps a hair faster,
* and you get all the Event Log data in one place.
*
* But the biggest benefit of in-process SSH proxying would be that
* the interactive prompts from the sub-SSH can be passed through to
@ -32,24 +32,21 @@ const bool ssh_proxy_supported = true;
* both require password authentication, you should be able to type
* both password in sequence into the PuTTY terminal window; if you're
* running a session of this kind for the first time, you should be
* able to confirm both host keys one after another; if you need to
* store SSH packet logs from both SSH connections, you should be able
* to respond in turn to two askappend() prompts if necessary. And in
* the current state of the code, none of that is yet implemented.
* able to confirm both host keys one after another. In the current
* state of the code, none of that is yet implemented: we're borrowing
* the client LogPolicy for things like askappend(), but not the Seat,
* which is where all the really important stuff lives.
*
* To fix that, we'd have to start by arranging for this proxy
* implementation to get hold of the 'real' (outer) Seat and LogPolicy
* objects, which probably means that they'd have to be passed to
* new_connection. Then, each method in this file that receives an
* implementation to get hold of the 'real' (outer) Seat object, which
* means passing it to new_connection as we're already doing with
* LogPolicy. Then, each method in this file that receives an
* interactive prompt request would handle it by passing it on to the
* outer Seat or LogPolicy, with some kind of tweak that would allow
* client Seat if present, with some kind of tweak that would allow
* the end user to see clearly that the prompt had come from the proxy
* SSH connection rather than the primary one.
*
* One problem here is that not all uses of new_connection _have_ a
* Seat or a LogPolicy available. So we'd also have to check if those
* pointers are NULL, and if so, fall back to the existing behaviour
* of behaving as if in batch mode.
* SSH connection rather than the primary one. If no client Seat was
* present, we'd have no choice but to fall back to the existing
* behaviour of behaving as if in batch mode.
*/
typedef struct SshProxy {
@ -57,6 +54,7 @@ typedef struct SshProxy {
Conf *conf;
LogContext *logctx;
Backend *backend;
LogPolicy *clientlp;
ProxyStderrBuf psb;
Plug *plug;
@ -171,10 +169,17 @@ static int sshproxy_askappend(LogPolicy *lp, Filename *filename,
void (*callback)(void *ctx, int result),
void *ctx)
{
SshProxy *sp = container_of(lp, SshProxy, logpolicy);
/*
* TODO: if we had access to the outer LogPolicy, we could pass on
* this request to the end user. (But we'd still have to have this
* code as a fallback in case there isn't a LogPolicy available.)
* If we have access to the outer LogPolicy, pass on this request
* to the end user.
*/
if (sp->clientlp)
return lp_askappend(sp->clientlp, filename, callback, ctx);
/*
* Otherwise, fall back to the safe noninteractive assumption.
*/
char *msg = dupprintf("Log file \"%s\" already exists; logging cancelled",
filename_to_str(filename));
@ -185,12 +190,20 @@ static int sshproxy_askappend(LogPolicy *lp, Filename *filename,
static void sshproxy_logging_error(LogPolicy *lp, const char *event)
{
SshProxy *sp = container_of(lp, SshProxy, logpolicy);
/*
* TODO: if we had access to the outer LogPolicy, we could pass on
* this request to _its_ logging_error method, where it would be
* more prominent than just dumping it in the outer SSH
* connection's Event Log. (But we'd still have to have this code
* as a fallback in case there isn't a LogPolicy available.)
* If we have access to the outer LogPolicy, pass on this request
* to it.
*/
if (sp->clientlp) {
lp_logging_error(sp->clientlp, event);
return;
}
/*
* Otherwise, the best we can do is to put it in the outer SSH
* connection's Event Log.
*/
char *msg = dupprintf("Logging error: %s", event);
sshproxy_eventlog(lp, msg);
@ -459,13 +472,13 @@ static const SeatVtable SshProxy_seat_vt = {
.verbose = nullseat_verbose_no,
.interactive = nullseat_interactive_no,
.get_cursor_position = nullseat_get_cursor_position,
};
Socket *sshproxy_new_connection(SockAddr *addr, const char *hostname,
int port, bool privport,
bool oobinline, bool nodelay, bool keepalive,
Plug *plug, Conf *clientconf)
Plug *plug, Conf *clientconf,
LogPolicy *clientlp)
{
SshProxy *sp = snew(SshProxy);
memset(sp, 0, sizeof(*sp));
@ -575,5 +588,7 @@ Socket *sshproxy_new_connection(SockAddr *addr, const char *hostname,
sfree(realhost);
sp->clientlp = clientlp;
return &sp->sock;
}

3
unix/pageant.c
View File

@ -1189,7 +1189,8 @@ void run_agent(FILE *logfp, const char *symlink_path)
conn->plug.vt = &X11Connection_plugvt;
s = new_connection(sk_addr_dup(disp->addr),
disp->realhost, disp->port,
false, true, false, false, &conn->plug, conf);
false, true, false, false, &conn->plug, conf,
NULL);
if ((err = sk_socket_error(s)) != NULL) {
fprintf(stderr, "pageant: unable to connect to X server: %s", err);
exit(1);

2
unix/sharing.c
View File

@ -297,7 +297,7 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
if (can_downstream) {
retsock = new_connection(unix_sock_addr(sockname),
"", 0, false, true, false, false,
downplug, conf);
downplug, conf, NULL);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = sockname;