2 * PLink - a command-line (stdin/stdout) variant of PuTTY.
13 #define PUTTY_DO_GLOBALS /* actually _define_ globals */
18 #define MAX_STDIN_BACKLOG 4096
20 void fatalbox(char *p, ...)
23 fprintf(stderr, "FATAL ERROR: ");
25 vfprintf(stderr, p, ap);
31 void connection_fatal(char *p, ...)
34 fprintf(stderr, "FATAL ERROR: ");
36 vfprintf(stderr, p, ap);
43 static char *password = NULL;
45 void logevent(char *string)
49 void verify_ssh_host_key(char *host, int port, char *keytype,
50 char *keystr, char *fingerprint)
56 static const char absentmsg[] =
57 "The server's host key is not cached in the registry. You\n"
58 "have no guarantee that the server is the computer you\n"
60 "The server's key fingerprint is:\n"
62 "If you trust this host, enter \"y\" to add the key to\n"
63 "PuTTY's cache and carry on connecting.\n"
64 "If you want to carry on connecting just once, without\n"
65 "adding the key to the cache, enter \"n\".\n"
66 "If you do not trust this host, press Return to abandon the\n"
68 "Store key in cache? (y/n) ";
70 static const char wrongmsg[] =
71 "WARNING - POTENTIAL SECURITY BREACH!\n"
72 "The server's host key does not match the one PuTTY has\n"
73 "cached in the registry. This means that either the\n"
74 "server administrator has changed the host key, or you\n"
75 "have actually connected to another computer pretending\n"
77 "The new key fingerprint is:\n"
79 "If you were expecting this change and trust the new key,\n"
80 "enter \"y\" to update PuTTY's cache and continue connecting.\n"
81 "If you want to carry on connecting but without updating\n"
82 "the cache, enter \"n\".\n"
83 "If you want to abandon the connection completely, press\n"
84 "Return to cancel. Pressing Return is the ONLY guaranteed\n"
86 "Update cached key? (y/n, Return cancels connection) ";
88 static const char abandoned[] = "Connection abandoned.\n";
93 * Verify the key against the registry.
95 ret = verify_host_key(host, port, keytype, keystr);
97 if (ret == 0) /* success - key matched OK */
100 if (ret == 2) { /* key was different */
101 fprintf(stderr, wrongmsg, fingerprint);
104 if (ret == 1) { /* key was absent */
105 fprintf(stderr, absentmsg, fingerprint);
109 hin = GetStdHandle(STD_INPUT_HANDLE);
110 GetConsoleMode(hin, &savemode);
111 SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
112 ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
113 ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
114 SetConsoleMode(hin, savemode);
116 if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
117 if (line[0] == 'y' || line[0] == 'Y')
118 store_host_key(host, port, keytype, keystr);
120 fprintf(stderr, abandoned);
126 * Ask whether the selected cipher is acceptable (since it was
127 * below the configured 'warn' threshold).
128 * cs: 0 = both ways, 1 = client->server, 2 = server->client
130 void askcipher(char *ciphername, int cs)
135 static const char msg[] =
136 "The first %scipher supported by the server is\n"
137 "%s, which is below the configured warning threshold.\n"
138 "Continue with connection? (y/n) ";
139 static const char abandoned[] = "Connection abandoned.\n";
145 (cs == 1) ? "client-to-server " :
150 hin = GetStdHandle(STD_INPUT_HANDLE);
151 GetConsoleMode(hin, &savemode);
152 SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
153 ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
154 ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
155 SetConsoleMode(hin, savemode);
157 if (line[0] == 'y' || line[0] == 'Y') {
160 fprintf(stderr, abandoned);
166 * Ask whether to wipe a session log file before writing to it.
167 * Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
169 int askappend(char *filename)
174 static const char msgtemplate[] =
175 "The session log file \"%.*s\" already exists.\n"
176 "You can overwrite it with a new session log,\n"
177 "append your session log to the end of it,\n"
178 "or disable session logging for this session.\n"
179 "Enter \"y\" to wipe the file, \"n\" to append to it,\n"
180 "or just press Return to disable logging.\n"
181 "Wipe the log file? (y/n, Return cancels logging) ";
185 fprintf(stderr, msgtemplate, FILENAME_MAX, filename);
188 hin = GetStdHandle(STD_INPUT_HANDLE);
189 GetConsoleMode(hin, &savemode);
190 SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
191 ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
192 ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
193 SetConsoleMode(hin, savemode);
195 if (line[0] == 'y' || line[0] == 'Y')
197 else if (line[0] == 'n' || line[0] == 'N')
204 * Warn about the obsolescent key file format.
206 void old_keyfile_warning(void)
208 static const char message[] =
209 "You are loading an SSH 2 private key which has an\n"
210 "old version of the file format. This means your key\n"
211 "file is not fully tamperproof. Future versions of\n"
212 "PuTTY may stop supporting this private key format,\n"
213 "so we recommend you convert your key to the new\n"
216 "Once the key is loaded into PuTTYgen, you can perform\n"
217 "this conversion simply by saving it again.\n";
219 fputs(message, stderr);
222 HANDLE inhandle, outhandle, errhandle;
223 DWORD orig_console_mode;
227 int term_ldisc(int mode)
231 void ldisc_update(int echo, int edit)
233 /* Update stdin read mode to reflect changes in line discipline. */
236 mode = ENABLE_PROCESSED_INPUT;
238 mode = mode | ENABLE_ECHO_INPUT;
240 mode = mode & ~ENABLE_ECHO_INPUT;
242 mode = mode | ENABLE_LINE_INPUT;
244 mode = mode & ~ENABLE_LINE_INPUT;
245 SetConsoleMode(inhandle, mode);
248 static int get_line(const char *prompt, char *str, int maxlen, int is_pw)
251 DWORD savemode, newmode, i;
253 if (is_pw && password) {
254 static int tried_once = 0;
259 strncpy(str, password, maxlen);
260 str[maxlen - 1] = '\0';
266 hin = GetStdHandle(STD_INPUT_HANDLE);
267 hout = GetStdHandle(STD_OUTPUT_HANDLE);
268 if (hin == INVALID_HANDLE_VALUE || hout == INVALID_HANDLE_VALUE) {
269 fprintf(stderr, "Cannot get standard input/output handles");
273 GetConsoleMode(hin, &savemode);
274 newmode = savemode | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT;
276 newmode &= ~ENABLE_ECHO_INPUT;
278 newmode |= ENABLE_ECHO_INPUT;
279 SetConsoleMode(hin, newmode);
281 WriteFile(hout, prompt, strlen(prompt), &i, NULL);
282 ReadFile(hin, str, maxlen - 1, &i, NULL);
284 SetConsoleMode(hin, savemode);
286 if ((int) i > maxlen)
293 WriteFile(hout, "\r\n", 2, &i, NULL);
301 HANDLE event, eventback;
304 static DWORD WINAPI stdin_read_thread(void *param)
306 struct input_data *idata = (struct input_data *) param;
309 inhandle = GetStdHandle(STD_INPUT_HANDLE);
311 while (ReadFile(inhandle, idata->buffer, sizeof(idata->buffer),
312 &idata->len, NULL) && idata->len > 0) {
313 SetEvent(idata->event);
314 WaitForSingleObject(idata->eventback, INFINITE);
318 SetEvent(idata->event);
324 DWORD len, lenwritten;
328 HANDLE event, eventback;
332 static DWORD WINAPI stdout_write_thread(void *param)
334 struct output_data *odata = (struct output_data *) param;
335 HANDLE outhandle, errhandle;
337 outhandle = GetStdHandle(STD_OUTPUT_HANDLE);
338 errhandle = GetStdHandle(STD_ERROR_HANDLE);
341 WaitForSingleObject(odata->eventback, INFINITE);
345 WriteFile(odata->is_stderr ? errhandle : outhandle,
346 odata->buffer, odata->len, &odata->lenwritten, NULL);
347 SetEvent(odata->event);
353 bufchain stdout_data, stderr_data;
354 struct output_data odata, edata;
356 void try_output(int is_stderr)
358 struct output_data *data = (is_stderr ? &edata : &odata);
363 bufchain_prefix(is_stderr ? &stderr_data : &stdout_data,
364 &senddata, &sendlen);
365 data->buffer = senddata;
367 SetEvent(data->eventback);
372 int from_backend(int is_stderr, char *data, int len)
374 HANDLE h = (is_stderr ? errhandle : outhandle);
378 bufchain_add(&stderr_data, data, len);
381 bufchain_add(&stdout_data, data, len);
385 osize = bufchain_size(&stdout_data);
386 esize = bufchain_size(&stderr_data);
388 return osize + esize;
392 * Short description of parameters.
394 static void usage(void)
396 printf("PuTTY Link: command-line connection utility\n");
398 printf("Usage: plink [options] [user@]host [command]\n");
399 printf(" (\"host\" can also be a PuTTY saved session name)\n");
400 printf("Options:\n");
401 printf(" -v show verbose messages\n");
402 printf(" -ssh force use of ssh protocol\n");
403 printf(" -P port connect to specified port\n");
404 printf(" -pw passw login with specified password\n");
405 printf(" -m file read remote command(s) from file\n");
406 printf(" -L listen-port:host:port Forward local port to "
408 printf(" -R listen-port:host:port Forward remote port to"
413 char *do_select(SOCKET skt, int startup)
417 events = (FD_CONNECT | FD_READ | FD_WRITE |
418 FD_OOB | FD_CLOSE | FD_ACCEPT);
422 if (WSAEventSelect(skt, netevent, events) == SOCKET_ERROR) {
423 switch (WSAGetLastError()) {
425 return "Network is down";
427 return "WSAAsyncSelect(): unknown error";
433 int main(int argc, char **argv)
437 WSAEVENT stdinevent, stdoutevent, stderrevent;
439 DWORD in_threadid, out_threadid, err_threadid;
440 struct input_data idata;
447 char extra_portfwd[sizeof(cfg.portfwd)];
449 ssh_get_line = get_line;
452 skcount = sksize = 0;
454 * Initialise port and protocol to sensible defaults. (These
455 * will be overridden by more or less anything.)
457 default_protocol = PROT_SSH;
462 * Process the command line.
464 do_defaults(NULL, &cfg);
465 default_protocol = cfg.protocol;
466 default_port = cfg.port;
469 * Override the default protocol if PLINK_PROTOCOL is set.
471 char *p = getenv("PLINK_PROTOCOL");
474 for (i = 0; backends[i].backend != NULL; i++) {
475 if (!strcmp(backends[i].name, p)) {
476 default_protocol = cfg.protocol = backends[i].protocol;
477 default_port = cfg.port =
478 backends[i].backend->default_port;
487 if (!strcmp(p, "-ssh")) {
488 default_protocol = cfg.protocol = PROT_SSH;
489 default_port = cfg.port = 22;
490 } else if (!strcmp(p, "-telnet")) {
491 default_protocol = cfg.protocol = PROT_TELNET;
492 default_port = cfg.port = 23;
493 } else if (!strcmp(p, "-rlogin")) {
494 default_protocol = cfg.protocol = PROT_RLOGIN;
495 default_port = cfg.port = 513;
496 } else if (!strcmp(p, "-raw")) {
497 default_protocol = cfg.protocol = PROT_RAW;
498 } else if (!strcmp(p, "-v")) {
499 flags |= FLAG_VERBOSE;
500 } else if (!strcmp(p, "-log")) {
501 logfile = "putty.log";
502 } else if (!strcmp(p, "-pw") && argc > 1) {
503 --argc, password = *++argv;
504 } else if (!strcmp(p, "-l") && argc > 1) {
506 --argc, username = *++argv;
507 strncpy(cfg.username, username, sizeof(cfg.username));
508 cfg.username[sizeof(cfg.username) - 1] = '\0';
509 } else if ((!strcmp(p, "-L") || !strcmp(p, "-R")) && argc > 1) {
512 --argc, fwd = *++argv;
514 /* if multiple forwards, find end of list */
515 if (ptr[0]=='R' || ptr[0]=='L') {
516 for (i = 0; i < sizeof(extra_portfwd) - 2; i++)
517 if (ptr[i]=='\000' && ptr[i+1]=='\000')
519 ptr = ptr + i + 1; /* point to next forward slot */
521 ptr[0] = p[1]; /* insert a 'L' or 'R' at the start */
522 strncpy(ptr+1, fwd, sizeof(extra_portfwd) - i);
523 q = strchr(ptr, ':');
524 if (q) *q = '\t'; /* replace first : with \t */
525 ptr[strlen(ptr)+1] = '\000'; /* append two '\000' */
526 extra_portfwd[sizeof(extra_portfwd) - 1] = '\0';
527 } else if (!strcmp(p, "-m") && argc > 1) {
528 char *filename, *command;
533 --argc, filename = *++argv;
535 cmdlen = cmdsize = 0;
537 fp = fopen(filename, "r");
539 fprintf(stderr, "plink: unable to open command "
540 "file \"%s\"\n", filename);
548 if (cmdlen >= cmdsize) {
549 cmdsize = cmdlen + 512;
550 command = srealloc(command, cmdsize);
552 command[cmdlen++] = d;
554 cfg.remote_cmd_ptr = command;
555 cfg.remote_cmd_ptr2 = NULL;
556 cfg.nopty = TRUE; /* command => no terminal */
557 } else if (!strcmp(p, "-P") && argc > 1) {
558 --argc, portnumber = atoi(*++argv);
564 * If the hostname starts with "telnet:", set the
565 * protocol to Telnet and process the string as a
568 if (!strncmp(q, "telnet:", 7)) {
572 if (q[0] == '/' && q[1] == '/')
574 cfg.protocol = PROT_TELNET;
576 while (*p && *p != ':' && *p != '/')
585 strncpy(cfg.host, q, sizeof(cfg.host) - 1);
586 cfg.host[sizeof(cfg.host) - 1] = '\0';
590 * Before we process the [user@]host string, we
591 * first check for the presence of a protocol
592 * prefix (a protocol name followed by ",").
597 for (i = 0; backends[i].backend != NULL; i++) {
598 j = strlen(backends[i].name);
600 !memcmp(backends[i].name, p, j)) {
601 default_protocol = cfg.protocol =
602 backends[i].protocol;
604 backends[i].backend->default_port;
612 * Three cases. Either (a) there's a nonzero
613 * length string followed by an @, in which
614 * case that's user and the remainder is host.
615 * Or (b) there's only one string, not counting
616 * a potential initial @, and it exists in the
617 * saved-sessions database. Or (c) only one
618 * string and it _doesn't_ exist in the
623 p++, r = NULL; /* discount initial @ */
629 do_defaults(p, &cfg2);
630 if (cfg2.host[0] == '\0') {
631 /* No settings for this host; use defaults */
632 strncpy(cfg.host, p, sizeof(cfg.host) - 1);
633 cfg.host[sizeof(cfg.host) - 1] = '\0';
634 cfg.port = default_port;
637 cfg.remote_cmd_ptr = cfg.remote_cmd;
641 strncpy(cfg.username, p, sizeof(cfg.username) - 1);
642 cfg.username[sizeof(cfg.username) - 1] = '\0';
643 strncpy(cfg.host, r, sizeof(cfg.host) - 1);
644 cfg.host[sizeof(cfg.host) - 1] = '\0';
645 cfg.port = default_port;
649 int len = sizeof(cfg.remote_cmd) - 1;
650 char *cp = cfg.remote_cmd;
661 strncpy(cp, *++argv, len);
667 cfg.nopty = TRUE; /* command => no terminal */
668 break; /* done with cmdline */
678 * Trim leading whitespace off the hostname if it's there.
681 int space = strspn(cfg.host, " \t");
682 memmove(cfg.host, cfg.host+space, 1+strlen(cfg.host)-space);
685 /* See if host is of the form user@host */
686 if (cfg.host[0] != '\0') {
687 char *atsign = strchr(cfg.host, '@');
688 /* Make sure we're not overflowing the user field */
690 if (atsign - cfg.host < sizeof cfg.username) {
691 strncpy(cfg.username, cfg.host, atsign - cfg.host);
692 cfg.username[atsign - cfg.host] = '\0';
694 memmove(cfg.host, atsign + 1, 1 + strlen(atsign + 1));
699 * Trim a colon suffix off the hostname if it's there.
701 cfg.host[strcspn(cfg.host, ":")] = '\0';
703 if (!*cfg.remote_cmd_ptr)
704 flags |= FLAG_INTERACTIVE;
707 * Select protocol. This is farmed out into a table in a
708 * separate file to enable an ssh-free variant.
713 for (i = 0; backends[i].backend != NULL; i++)
714 if (backends[i].protocol == cfg.protocol) {
715 back = backends[i].backend;
720 "Internal fault: Unsupported protocol found\n");
726 * Add extra port forwardings (accumulated on command line) to
734 while (cfg.portfwd[i])
735 i += strlen(cfg.portfwd+i) + 1;
737 if (strlen(p)+2 > sizeof(cfg.portfwd)-i) {
738 fprintf(stderr, "Internal fault: not enough space for all"
739 " port forwardings\n");
742 strncpy(cfg.portfwd+i, p, sizeof(cfg.portfwd)-i-1);
743 i += strlen(cfg.portfwd+i) + 1;
744 cfg.portfwd[i] = '\0';
752 if (portnumber != -1)
753 cfg.port = portnumber;
756 * Initialise WinSock.
758 winsock_ver = MAKEWORD(2, 0);
759 if (WSAStartup(winsock_ver, &wsadata)) {
760 MessageBox(NULL, "Unable to initialise WinSock", "WinSock Error",
761 MB_OK | MB_ICONEXCLAMATION);
764 if (LOBYTE(wsadata.wVersion) != 2 || HIBYTE(wsadata.wVersion) != 0) {
765 MessageBox(NULL, "WinSock version is incompatible with 2.0",
766 "WinSock Error", MB_OK | MB_ICONEXCLAMATION);
773 * Start up the connection.
775 netevent = CreateEvent(NULL, FALSE, FALSE, NULL);
779 /* nodelay is only useful if stdin is a character device (console) */
780 int nodelay = cfg.tcp_nodelay &&
781 (GetFileType(GetStdHandle(STD_INPUT_HANDLE)) == FILE_TYPE_CHAR);
783 error = back->init(cfg.host, cfg.port, &realhost, nodelay);
785 fprintf(stderr, "Unable to open connection:\n%s", error);
792 stdinevent = CreateEvent(NULL, FALSE, FALSE, NULL);
793 stdoutevent = CreateEvent(NULL, FALSE, FALSE, NULL);
794 stderrevent = CreateEvent(NULL, FALSE, FALSE, NULL);
796 inhandle = GetStdHandle(STD_INPUT_HANDLE);
797 outhandle = GetStdHandle(STD_OUTPUT_HANDLE);
798 errhandle = GetStdHandle(STD_ERROR_HANDLE);
799 GetConsoleMode(inhandle, &orig_console_mode);
800 SetConsoleMode(inhandle, ENABLE_PROCESSED_INPUT);
803 * Turn off ECHO and LINE input modes. We don't care if this
804 * call fails, because we know we aren't necessarily running in
807 handles[0] = netevent;
808 handles[1] = stdinevent;
809 handles[2] = stdoutevent;
810 handles[3] = stderrevent;
814 * Create spare threads to write to stdout and stderr, so we
815 * can arrange asynchronous writes.
817 odata.event = stdoutevent;
818 odata.eventback = CreateEvent(NULL, FALSE, FALSE, NULL);
820 odata.busy = odata.done = 0;
821 if (!CreateThread(NULL, 0, stdout_write_thread,
822 &odata, 0, &out_threadid)) {
823 fprintf(stderr, "Unable to create output thread\n");
826 edata.event = stderrevent;
827 edata.eventback = CreateEvent(NULL, FALSE, FALSE, NULL);
829 edata.busy = edata.done = 0;
830 if (!CreateThread(NULL, 0, stdout_write_thread,
831 &edata, 0, &err_threadid)) {
832 fprintf(stderr, "Unable to create error output thread\n");
839 if (!sending && back->sendok()) {
841 * Create a separate thread to read from stdin. This is
842 * a total pain, but I can't find another way to do it:
844 * - an overlapped ReadFile or ReadFileEx just doesn't
845 * happen; we get failure from ReadFileEx, and
846 * ReadFile blocks despite being given an OVERLAPPED
847 * structure. Perhaps we can't do overlapped reads
848 * on consoles. WHY THE HELL NOT?
850 * - WaitForMultipleObjects(netevent, console) doesn't
851 * work, because it signals the console when
852 * _anything_ happens, including mouse motions and
853 * other things that don't cause data to be readable
854 * - so we're back to ReadFile blocking.
856 idata.event = stdinevent;
857 idata.eventback = CreateEvent(NULL, FALSE, FALSE, NULL);
858 if (!CreateThread(NULL, 0, stdin_read_thread,
859 &idata, 0, &in_threadid)) {
860 fprintf(stderr, "Unable to create input thread\n");
866 n = WaitForMultipleObjects(4, handles, FALSE, INFINITE);
868 WSANETWORKEVENTS things;
870 extern SOCKET first_socket(int *), next_socket(int *);
871 extern int select_result(WPARAM, LPARAM);
875 * We must not call select_result() for any socket
876 * until we have finished enumerating within the tree.
877 * This is because select_result() may close the socket
878 * and modify the tree.
880 /* Count the active sockets. */
882 for (socket = first_socket(&socketstate);
883 socket != INVALID_SOCKET;
884 socket = next_socket(&socketstate)) i++;
886 /* Expand the buffer if necessary. */
889 sklist = srealloc(sklist, sksize * sizeof(*sklist));
892 /* Retrieve the sockets into sklist. */
894 for (socket = first_socket(&socketstate);
895 socket != INVALID_SOCKET;
896 socket = next_socket(&socketstate)) {
897 sklist[skcount++] = socket;
900 /* Now we're done enumerating; go through the list. */
901 for (i = 0; i < skcount; i++) {
904 wp = (WPARAM) socket;
905 if (!WSAEnumNetworkEvents(socket, NULL, &things)) {
906 noise_ultralight(socket);
907 noise_ultralight(things.lNetworkEvents);
908 if (things.lNetworkEvents & FD_CONNECT)
909 connopen &= select_result(wp, (LPARAM) FD_CONNECT);
910 if (things.lNetworkEvents & FD_READ)
911 connopen &= select_result(wp, (LPARAM) FD_READ);
912 if (things.lNetworkEvents & FD_CLOSE)
913 connopen &= select_result(wp, (LPARAM) FD_CLOSE);
914 if (things.lNetworkEvents & FD_OOB)
915 connopen &= select_result(wp, (LPARAM) FD_OOB);
916 if (things.lNetworkEvents & FD_WRITE)
917 connopen &= select_result(wp, (LPARAM) FD_WRITE);
918 if (things.lNetworkEvents & FD_ACCEPT)
919 connopen &= select_result(wp, (LPARAM) FD_ACCEPT);
925 noise_ultralight(idata.len);
926 if (connopen && back->socket() != NULL) {
928 back->send(idata.buffer, idata.len);
930 back->special(TS_EOF);
935 if (!odata.writeret) {
936 fprintf(stderr, "Unable to write to standard output\n");
939 bufchain_consume(&stdout_data, odata.lenwritten);
940 if (bufchain_size(&stdout_data) > 0)
942 if (connopen && back->socket() != NULL) {
943 back->unthrottle(bufchain_size(&stdout_data) +
944 bufchain_size(&stderr_data));
948 if (!edata.writeret) {
949 fprintf(stderr, "Unable to write to standard output\n");
952 bufchain_consume(&stderr_data, edata.lenwritten);
953 if (bufchain_size(&stderr_data) > 0)
955 if (connopen && back->socket() != NULL) {
956 back->unthrottle(bufchain_size(&stdout_data) +
957 bufchain_size(&stderr_data));
960 if (!reading && back->sendbuffer() < MAX_STDIN_BACKLOG) {
961 SetEvent(idata.eventback);
964 if ((!connopen || back->socket() == NULL) &&
965 bufchain_size(&stdout_data) == 0 &&
966 bufchain_size(&stderr_data) == 0)
967 break; /* we closed the connection */