tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (stevesk) OpenBSD CVS sync X11 localhost display 

- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
     [channels.h channels.c session.c]
     sshd X11 fake server will now listen on localhost by default:
     $ echo $DISPLAY
     localhost:12.0
     $ netstat -an|grep 6012
     tcp        0      0  127.0.0.1.6012         *.*                    LISTEN
     tcp6       0      0  ::1.6012               *.*                    LISTEN
     sshd_config gatewayports=yes can be used to revert back to the old
     behavior.  will control this with another option later.  ok markus@
   - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
     [includes.h session.c]
     handle utsname.nodename case for FamilyLocal X authorization; ok markus@
This commit is contained in:
Kevin Steves 2001-12-19 17:58:01 +00:00
parent 73f57be500
commit 366298c696
5 changed files with 108 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ChangeLog
View File

@ -1,3 +1,19 @@
20011219
- (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@
20011207 20011207
- (bal) PCRE no longer required. Banished from the source along with - (bal) PCRE no longer required. Banished from the source along with
fake-regex.h fake-regex.h
@ -7009,4 +7025,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1691 2001/12/07 17:28:34 mouring Exp $ $Id: ChangeLog,v 1.1692 2001/12/19 17:58:01 stevesk Exp $

67
channels.c
View File

@ -2400,19 +2400,17 @@ channel_connect_to(const char *host, u_short port)
/* /*
* Creates an internet domain socket for listening for X11 connections. * Creates an internet domain socket for listening for X11 connections.
* Returns a suitable value for the DISPLAY variable, or NULL if an error * Returns a suitable display number for the DISPLAY variable, or -1 if
* occurs. * an error occurs.
*/ */
char * int
x11_create_display_inet(int screen_number, int x11_display_offset) x11_create_display_inet(int x11_display_offset, int gateway_ports)
{ {
int display_number, sock; int display_number, sock;
u_short port; u_short port;
struct addrinfo hints, *ai, *aitop; struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV]; char strport[NI_MAXSERV];
int gaierr, n, num_socks = 0, socks[NUM_SOCKS]; int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
char display[512];
char hostname[MAXHOSTNAMELEN];
for (display_number = x11_display_offset; for (display_number = x11_display_offset;
display_number < MAX_DISPLAYS; display_number < MAX_DISPLAYS;
@ -2420,12 +2418,12 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
port = 6000 + display_number; port = 6000 + display_number;
memset(&hints, 0, sizeof(hints)); memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6; hints.ai_family = IPv4or6;
hints.ai_flags = AI_PASSIVE; /* XXX loopback only ? */ hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
hints.ai_socktype = SOCK_STREAM; hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port); snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) { if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
error("getaddrinfo: %.100s", gai_strerror(gaierr)); error("getaddrinfo: %.100s", gai_strerror(gaierr));
return NULL; return -1;
} }
for (ai = aitop; ai; ai = ai->ai_next) { for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@ -2434,7 +2432,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
if (sock < 0) { if (sock < 0) {
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
error("socket: %.100s", strerror(errno)); error("socket: %.100s", strerror(errno));
return NULL; return -1;
} else { } else {
debug("x11_create_display_inet: Socket family %d not supported", debug("x11_create_display_inet: Socket family %d not supported",
ai->ai_family); ai->ai_family);
@ -2468,7 +2466,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
} }
if (display_number >= MAX_DISPLAYS) { if (display_number >= MAX_DISPLAYS) {
error("Failed to allocate internet-domain X11 display socket."); error("Failed to allocate internet-domain X11 display socket.");
return NULL; return -1;
} }
/* Start listening for connections on the socket. */ /* Start listening for connections on the socket. */
for (n = 0; n < num_socks; n++) { for (n = 0; n < num_socks; n++) {
@ -2476,53 +2474,10 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
if (listen(sock, 5) < 0) { if (listen(sock, 5) < 0) {
error("listen: %.100s", strerror(errno)); error("listen: %.100s", strerror(errno));
close(sock); close(sock);
return NULL; return -1;
} }
} }
/* Set up a suitable value for the DISPLAY variable. */
if (gethostname(hostname, sizeof(hostname)) < 0)
fatal("gethostname: %.100s", strerror(errno));
#ifdef IPADDR_IN_DISPLAY
/*
* HPUX detects the local hostname in the DISPLAY variable and tries
* to set up a shared memory connection to the server, which it
* incorrectly supposes to be local.
*
* The workaround - as used in later $$H and other programs - is
* is to set display to the host's IP address.
*/
{
struct hostent *he;
struct in_addr my_addr;
he = gethostbyname(hostname);
if (he == NULL) {
error("[X11-broken-fwd-hostname-workaround] Could not get "
"IP address for hostname %s.", hostname);
packet_send_debug("[X11-broken-fwd-hostname-workaround]"
"Could not get IP address for hostname %s.", hostname);
shutdown(sock, SHUT_RDWR);
close(sock);
return NULL;
}
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
/* Set DISPLAY to <ip address>:screen.display */
snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
display_number, screen_number);
}
#else /* IPADDR_IN_DISPLAY */
/* Just set DISPLAY to hostname:screen.display */
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
display_number, screen_number);
#endif /* IPADDR_IN_DISPLAY */
/* Allocate a channel for each socket. */ /* Allocate a channel for each socket. */
for (n = 0; n < num_socks; n++) { for (n = 0; n < num_socks; n++) {
sock = socks[n]; sock = socks[n];
@ -2532,8 +2487,8 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
0, xstrdup("X11 inet listener"), 1); 0, xstrdup("X11 inet listener"), 1);
} }
/* Return a suitable value for the DISPLAY environment variable. */ /* Return the display number for the DISPLAY environment variable. */
return xstrdup(display); return display_number;
} }
#ifndef X_UNIX_PATH #ifndef X_UNIX_PATH

4
channels.h
View File

@ -32,7 +32,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
/* RCSID("$OpenBSD: channels.h,v 1.52 2001/11/29 19:06:39 stevesk Exp $"); */ /* RCSID("$OpenBSD: channels.h,v 1.53 2001/11/29 21:10:51 stevesk Exp $"); */
#ifndef CHANNEL_H #ifndef CHANNEL_H
#define CHANNEL_H #define CHANNEL_H
@ -197,7 +197,7 @@ channel_request_forwarding(const char *, u_short, const char *, u_short, int,
/* x11 forwarding */ /* x11 forwarding */
int x11_connect_display(void); int x11_connect_display(void);
char *x11_create_display_inet(int, int); int x11_create_display_inet(int, int);
void x11_input_open(int, int, void *); void x11_input_open(int, int, void *);
void x11_request_forwarding(void); void x11_request_forwarding(void);
void x11_request_forwarding_with_spoofing(int, const char *, const char *); void x11_request_forwarding_with_spoofing(int, const char *, const char *);

1
includes.h
View File

@ -28,6 +28,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/utsname.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <arpa/inet.h> #include <arpa/inet.h>

93
session.c
View File

@ -108,8 +108,10 @@ struct Session {
int row, col, xpixel, ypixel; int row, col, xpixel, ypixel;
char tty[TTYSZ]; char tty[TTYSZ];
/* X11 */ /* X11 */
int display_number;
char *display; char *display;
int screen; int screen;
char *auth_display[2];
char *auth_proto; char *auth_proto;
char *auth_data; char *auth_data;
int single_connection; int single_connection;
@ -1418,32 +1420,28 @@ do_child(Session *s, const char *command)
_PATH_SSH_SYSTEM_RC); _PATH_SSH_SYSTEM_RC);
} else if (do_xauth && options.xauth_location != NULL) { } else if (do_xauth && options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */ /* Add authority data to .Xauthority if appropriate. */
char *screen = strchr(s->display, ':');
if (debug_flag) { if (debug_flag) {
fprintf(stderr, fprintf(stderr,
"Running %.100s add " "Running %.100s add "
"%.100s %.100s %.100s\n", "%.100s %.100s %.100s\n",
options.xauth_location, s->display, options.xauth_location, s->auth_display[0],
s->auth_proto, s->auth_data); s->auth_proto, s->auth_data);
if (screen != NULL) if (s->auth_display[1])
fprintf(stderr, fprintf(stderr,
"Adding %.*s/unix%s %s %s\n", "add %.100s %.100s %.100s\n",
(int)(screen - s->display), s->auth_display[1],
s->display, screen,
s->auth_proto, s->auth_data); s->auth_proto, s->auth_data);
} }
snprintf(cmd, sizeof cmd, "%s -q -", snprintf(cmd, sizeof cmd, "%s -q -",
options.xauth_location); options.xauth_location);
f = popen(cmd, "w"); f = popen(cmd, "w");
if (f) { if (f) {
fprintf(f, "add %s %s %s\n", s->display, fprintf(f, "add %s %s %s\n",
s->auth_proto, s->auth_data); s->auth_display[0], s->auth_proto,
if (screen != NULL) s->auth_data);
fprintf(f, "add %.*s/unix%s %s %s\n", if (s->auth_display[1])
(int)(screen - s->display), fprintf(f, "add %s %s %s\n",
s->display, screen, s->auth_display[1], s->auth_proto,
s->auth_proto,
s->auth_data); s->auth_data);
pclose(f); pclose(f);
} else { } else {
@ -1943,6 +1941,10 @@ session_close(Session *s)
xfree(s->term); xfree(s->term);
if (s->display) if (s->display)
xfree(s->display); xfree(s->display);
if (s->auth_display[0])
xfree(s->auth_display[0]);
if (s->auth_display[1])
xfree(s->auth_display[1]);
if (s->auth_data) if (s->auth_data)
xfree(s->auth_data); xfree(s->auth_data);
if (s->auth_proto) if (s->auth_proto)
@ -2038,6 +2040,8 @@ int
session_setup_x11fwd(Session *s) session_setup_x11fwd(Session *s)
{ {
struct stat st; struct stat st;
char display[512], auth_display[512];
char hostname[MAXHOSTNAMELEN];
if (no_x11_forwarding_flag) { if (no_x11_forwarding_flag) {
packet_send_debug("X11 forwarding disabled in user configuration file."); packet_send_debug("X11 forwarding disabled in user configuration file.");
@ -2061,11 +2065,68 @@ session_setup_x11fwd(Session *s)
debug("X11 display already set."); debug("X11 display already set.");
return 0; return 0;
} }
s->display = x11_create_display_inet(s->screen, options.x11_display_offset); s->display_number = x11_create_display_inet(options.x11_display_offset,
if (s->display == NULL) { options.gateway_ports);
if (s->display_number == -1) {
debug("x11_create_display_inet failed."); debug("x11_create_display_inet failed.");
return 0; return 0;
} }
/* Set up a suitable value for the DISPLAY variable. */
if (gethostname(hostname, sizeof(hostname)) < 0)
fatal("gethostname: %.100s", strerror(errno));
/*
* auth_display must be used as the displayname when the
* authorization entry is added with xauth(1). This will be
* different than the DISPLAY string for localhost displays.
*/
s->auth_display[1] = NULL;
if (!options.gateway_ports) {
struct utsname uts;
snprintf(display, sizeof display, "localhost:%d.%d",
s->display_number, s->screen);
snprintf(auth_display, sizeof auth_display, "%.400s/unix:%d.%d",
hostname, s->display_number, s->screen);
s->display = xstrdup(display);
s->auth_display[0] = xstrdup(auth_display);
/*
* Xlib may use gethostbyname() or uname() hostname to
* look up authorization data for FamilyLocal; see:
* xc/lib/xtrans/Xtrans.c:TRANS(GetHostname)
* We just add authorization entries with both
* hostname and nodename if they are different.
*/
if (uname(&uts) == -1)
fatal("uname: %.100s", strerror(errno));
if (strcmp(hostname, uts.nodename) != 0) {
snprintf(auth_display, sizeof auth_display,
"%.400s/unix:%d.%d", uts.nodename,
s->display_number, s->screen);
s->auth_display[1] = xstrdup(auth_display);
}
} else {
#ifdef IPADDR_IN_DISPLAY
struct hostent *he;
struct in_addr my_addr;
he = gethostbyname(hostname);
if (he == NULL) {
error("Can't get IP address for X11 DISPLAY.");
packet_send_debug("Can't get IP address for X11 DISPLAY.");
return 0;
}
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
s->display_number, s->screen);
#else
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
s->display_number, s->screen);
#endif
s->display = xstrdup(display);
s->auth_display[0] = xstrdup(display);
}
return 1; return 1;
} }