+20011219
+ - (stevesk) OpenBSD CVS sync X11 localhost display
+ - stevesk@cvs.openbsd.org 2001/11/29 14:10:51
+ [channels.h channels.c session.c]
+ sshd X11 fake server will now listen on localhost by default:
+ $ echo $DISPLAY
+ localhost:12.0
+ $ netstat -an|grep 6012
+ tcp 0 0 127.0.0.1.6012 *.* LISTEN
+ tcp6 0 0 ::1.6012 *.* LISTEN
+ sshd_config gatewayports=yes can be used to revert back to the old
+ behavior. will control this with another option later. ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
+ [includes.h session.c]
+ handle utsname.nodename case for FamilyLocal X authorization; ok markus@
+
20011207
- (bal) PCRE no longer required. Banished from the source along with
fake-regex.h
/*
* Creates an internet domain socket for listening for X11 connections.
- * Returns a suitable value for the DISPLAY variable, or NULL if an error
- * occurs.
+ * Returns a suitable display number for the DISPLAY variable, or -1 if
+ * an error occurs.
*/
-char *
-x11_create_display_inet(int screen_number, int x11_display_offset)
+int
+x11_create_display_inet(int x11_display_offset, int gateway_ports)
{
int display_number, sock;
u_short port;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
- char display[512];
- char hostname[MAXHOSTNAMELEN];
for (display_number = x11_display_offset;
display_number < MAX_DISPLAYS;
port = 6000 + display_number;
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
- hints.ai_flags = AI_PASSIVE; /* XXX loopback only ? */
+ hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
error("getaddrinfo: %.100s", gai_strerror(gaierr));
- return NULL;
+ return -1;
}
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
if (sock < 0) {
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
error("socket: %.100s", strerror(errno));
- return NULL;
+ return -1;
} else {
debug("x11_create_display_inet: Socket family %d not supported",
ai->ai_family);
}
if (display_number >= MAX_DISPLAYS) {
error("Failed to allocate internet-domain X11 display socket.");
- return NULL;
+ return -1;
}
/* Start listening for connections on the socket. */
for (n = 0; n < num_socks; n++) {
if (listen(sock, 5) < 0) {
error("listen: %.100s", strerror(errno));
close(sock);
- return NULL;
- }
- }
-
- /* Set up a suitable value for the DISPLAY variable. */
- if (gethostname(hostname, sizeof(hostname)) < 0)
- fatal("gethostname: %.100s", strerror(errno));
-
-#ifdef IPADDR_IN_DISPLAY
- /*
- * HPUX detects the local hostname in the DISPLAY variable and tries
- * to set up a shared memory connection to the server, which it
- * incorrectly supposes to be local.
- *
- * The workaround - as used in later $$H and other programs - is
- * is to set display to the host's IP address.
- */
- {
- struct hostent *he;
- struct in_addr my_addr;
-
- he = gethostbyname(hostname);
- if (he == NULL) {
- error("[X11-broken-fwd-hostname-workaround] Could not get "
- "IP address for hostname %s.", hostname);
-
- packet_send_debug("[X11-broken-fwd-hostname-workaround]"
- "Could not get IP address for hostname %s.", hostname);
-
- shutdown(sock, SHUT_RDWR);
- close(sock);
-
- return NULL;
+ return -1;
}
-
- memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
-
- /* Set DISPLAY to <ip address>:screen.display */
- snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
- display_number, screen_number);
}
-#else /* IPADDR_IN_DISPLAY */
- /* Just set DISPLAY to hostname:screen.display */
- snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
- display_number, screen_number);
-#endif /* IPADDR_IN_DISPLAY */
/* Allocate a channel for each socket. */
for (n = 0; n < num_socks; n++) {
0, xstrdup("X11 inet listener"), 1);
}
- /* Return a suitable value for the DISPLAY environment variable. */
- return xstrdup(display);
+ /* Return the display number for the DISPLAY environment variable. */
+ return display_number;
}
#ifndef X_UNIX_PATH
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: channels.h,v 1.52 2001/11/29 19:06:39 stevesk Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.53 2001/11/29 21:10:51 stevesk Exp $"); */
#ifndef CHANNEL_H
#define CHANNEL_H
/* x11 forwarding */
int x11_connect_display(void);
-char *x11_create_display_inet(int, int);
+int x11_create_display_inet(int, int);
void x11_input_open(int, int, void *);
void x11_request_forwarding(void);
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
#include <sys/ioctl.h>
#include <sys/wait.h>
#include <sys/resource.h>
+#include <sys/utsname.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* X11 */
+ int display_number;
char *display;
int screen;
+ char *auth_display[2];
char *auth_proto;
char *auth_data;
int single_connection;
_PATH_SSH_SYSTEM_RC);
} else if (do_xauth && options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
- char *screen = strchr(s->display, ':');
-
if (debug_flag) {
fprintf(stderr,
"Running %.100s add "
"%.100s %.100s %.100s\n",
- options.xauth_location, s->display,
+ options.xauth_location, s->auth_display[0],
s->auth_proto, s->auth_data);
- if (screen != NULL)
+ if (s->auth_display[1])
fprintf(stderr,
- "Adding %.*s/unix%s %s %s\n",
- (int)(screen - s->display),
- s->display, screen,
+ "add %.100s %.100s %.100s\n",
+ s->auth_display[1],
s->auth_proto, s->auth_data);
}
snprintf(cmd, sizeof cmd, "%s -q -",
options.xauth_location);
f = popen(cmd, "w");
if (f) {
- fprintf(f, "add %s %s %s\n", s->display,
- s->auth_proto, s->auth_data);
- if (screen != NULL)
- fprintf(f, "add %.*s/unix%s %s %s\n",
- (int)(screen - s->display),
- s->display, screen,
- s->auth_proto,
+ fprintf(f, "add %s %s %s\n",
+ s->auth_display[0], s->auth_proto,
+ s->auth_data);
+ if (s->auth_display[1])
+ fprintf(f, "add %s %s %s\n",
+ s->auth_display[1], s->auth_proto,
s->auth_data);
pclose(f);
} else {
xfree(s->term);
if (s->display)
xfree(s->display);
+ if (s->auth_display[0])
+ xfree(s->auth_display[0]);
+ if (s->auth_display[1])
+ xfree(s->auth_display[1]);
if (s->auth_data)
xfree(s->auth_data);
if (s->auth_proto)
session_setup_x11fwd(Session *s)
{
struct stat st;
+ char display[512], auth_display[512];
+ char hostname[MAXHOSTNAMELEN];
if (no_x11_forwarding_flag) {
packet_send_debug("X11 forwarding disabled in user configuration file.");
debug("X11 display already set.");
return 0;
}
- s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
- if (s->display == NULL) {
+ s->display_number = x11_create_display_inet(options.x11_display_offset,
+ options.gateway_ports);
+ if (s->display_number == -1) {
debug("x11_create_display_inet failed.");
return 0;
}
+
+ /* Set up a suitable value for the DISPLAY variable. */
+ if (gethostname(hostname, sizeof(hostname)) < 0)
+ fatal("gethostname: %.100s", strerror(errno));
+ /*
+ * auth_display must be used as the displayname when the
+ * authorization entry is added with xauth(1). This will be
+ * different than the DISPLAY string for localhost displays.
+ */
+ s->auth_display[1] = NULL;
+ if (!options.gateway_ports) {
+ struct utsname uts;
+
+ snprintf(display, sizeof display, "localhost:%d.%d",
+ s->display_number, s->screen);
+ snprintf(auth_display, sizeof auth_display, "%.400s/unix:%d.%d",
+ hostname, s->display_number, s->screen);
+ s->display = xstrdup(display);
+ s->auth_display[0] = xstrdup(auth_display);
+ /*
+ * Xlib may use gethostbyname() or uname() hostname to
+ * look up authorization data for FamilyLocal; see:
+ * xc/lib/xtrans/Xtrans.c:TRANS(GetHostname)
+ * We just add authorization entries with both
+ * hostname and nodename if they are different.
+ */
+ if (uname(&uts) == -1)
+ fatal("uname: %.100s", strerror(errno));
+ if (strcmp(hostname, uts.nodename) != 0) {
+ snprintf(auth_display, sizeof auth_display,
+ "%.400s/unix:%d.%d", uts.nodename,
+ s->display_number, s->screen);
+ s->auth_display[1] = xstrdup(auth_display);
+ }
+ } else {
+#ifdef IPADDR_IN_DISPLAY
+ struct hostent *he;
+ struct in_addr my_addr;
+
+ he = gethostbyname(hostname);
+ if (he == NULL) {
+ error("Can't get IP address for X11 DISPLAY.");
+ packet_send_debug("Can't get IP address for X11 DISPLAY.");
+ return 0;
+ }
+ memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
+ snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
+ s->display_number, s->screen);
+#else
+ snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
+ s->display_number, s->screen);
+#endif
+ s->display = xstrdup(display);
+ s->auth_display[0] = xstrdup(display);
+ }
+
return 1;
}
andersk / openssh.git / commitdiff
