package awa-mirage

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

SSH module given a flow

Parameters

module F : Mirage_flow.S
module T : Mirage_time.S

Signature

type error = [
  1. | `Msg of string
  2. | `Read of F.error
  3. | `Write of F.write_error
]

possible errors: incoming alert, processing failure, or a problem in the underlying flow.

type write_error = [
  1. | `Closed
  2. | error
]

The type for write errors.

we provide the FLOW interface

include Mirage_flow.S with type error := error and type write_error := write_error
val pp_error : error Fmt.t

pp_error is the pretty-printer for errors.

val pp_write_error : write_error Fmt.t

pp_write_error is the pretty-printer for write errors.

type flow

The type for flows. A flow represents the state of a single reliable stream that is connected to an endpoint.

read flow blocks until some data is available and returns a fresh buffer containing it.

The returned buffer will be of a size convenient to the flow implementation, but will always have at least 1 byte.

When read returns `Eof or an error, close (or shutdown) should be called on the flow by the client. Once read returned `Eof or an error, no subsequent read call will be successful.

val write : flow -> Cstruct.t -> (unit, write_error) result Lwt.t

write flow buffer writes a buffer to the flow. There is no indication when the buffer has actually been sent and, therefore, it must not be reused. The contents may be transmitted in separate packets, depending on the underlying transport. The result Ok () indicates success, Error `Closed indicates that the connection is now closed and therefore the data could not be written. Other errors are possible.

The promise is resolved when the buffer has been accepted by the implementation (if a partial write occured, write will wait until the remainder of the buffer has been accepted by the implementation).

If write returns an error, close (or shutdown) should be called on the flow by the client. Once write returned an error, no subsequent write or writev call will be successful.

val writev : flow -> Cstruct.t list -> (unit, write_error) result Lwt.t

writev flow buffers writes a sequence of buffers to the flow. There is no indication when the buffers have actually been sent and, therefore, they must not be reused. The result Ok () indicates success, Error `Closed indicates that the connection is now closed and therefore the data could not be written. Other errors are possible.

The promise is resolved when the buffers have been accepted by the implementation (if a partial write occured, writev will wait until all buffers have been accepted by the implementation).

If writev returns an error, close (or shutdown) should be called on the flow by the client. Once writev returned an error, no subsequent writev or write call will be successful.

val shutdown : flow -> [ `read | `write | `read_write ] -> unit Lwt.t

shutdown flow mode shuts down the flow for the specific mode: A flow which is shutdown `read (or `read_write) will never be read again (subsequent calls will return `Eof); a flow which is shutdown `write (or `read_write) flushes all pending writes and signals the remote endpoint there won't be any future write or writev calls (subsequent calls will return `Closed). E.g. in TCP, the signalling is done by sending a segment with the FIN flag.

If this flow is layered upon another flow' (e.g. TLS over TCP), and the internal state after shutdown is `Closed, close on the underlying flow' is executed.

val close : flow -> unit Lwt.t

close flow terminates the flow and frees all associated data. Any subsequent read or write will return an error. A subsequent close will not do anything (esp. not raising an exception), but it may log an error.

If this flow is layered upon another flow' (e.g. TLS over TCP), close on the underlying flow' is executed.

val client_of_flow : ?authenticator:Awa.Keys.authenticator -> user:string -> [ `Pubkey of Awa.Hostkey.priv | `Password of string ] -> Awa.Ssh.channel_request -> F.flow -> (flow, error) result Lwt.t

client_of_flow ~authenticator ~user key channel_request flow upgrades the existing connection to SSH, mutually authenticates, opens a channel and sends the channel request.

type t
type request =
  1. | Pty_req of {
    1. width : int32;
    2. height : int32;
    3. max_width : int32;
    4. max_height : int32;
    5. term : string;
    }
  2. | Pty_set of {
    1. width : int32;
    2. height : int32;
    3. max_width : int32;
    4. max_height : int32;
    }
  3. | Set_env of {
    1. key : string;
    2. value : string;
    }
  4. | Channel of {
    1. cmd : string;
    2. ic : unit -> Cstruct.t Mirage_flow.or_eof Lwt.t;
    3. oc : Cstruct.t -> unit Lwt.t;
    4. ec : Cstruct.t -> unit Lwt.t;
    }
  5. | Shell of {
    1. ic : unit -> Cstruct.t Mirage_flow.or_eof Lwt.t;
    2. oc : Cstruct.t -> unit Lwt.t;
    3. ec : Cstruct.t -> unit Lwt.t;
    }
type exec_callback = request -> unit Lwt.t
val spawn_server : ?stop:Lwt_switch.t -> Awa.Server.t -> Awa.Ssh.message list -> F.flow -> exec_callback -> t Lwt.t

spawn_server ?stop server msgs flow callback launches an internal SSH channels handler which can be stopped by stop. This SSH channels handler will call callback for every new channels requested by the client. msgs are the SSH hello given by Awa.Server.make which returns also a Awa.Server.t required here.

A basic usage of spawn_server is:

let ssh_channel_handler _cmd _ic _oc _ec =
  Lwt.return_unit

let tcp_handler flow =
  let server, msgs = Awa.Server.make private_key db in
  SSH.spawn_server server msgs flow ssh_handler >>= fun _t ->
  close flow

NOTE: Even if the ssh_channel_handler is fulfilled, spawn_server continues to handle SSH channels. Only stop can really stop the internal SSH channels handler.

OCaml

Innovation. Community. Security.