revert code to add x11 localhost display authorization entry for
hostname/unix:d and uts.nodename/unix:d if nodename was different than
hostname. just add entry for unix:d instead. ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
+ [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
+ add X11UseLocalhost; ok markus@
20020130
- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.162 2002/01/24 21:09:25 stevesk Exp $");
+RCSID("$OpenBSD: channels.c,v 1.163 2002/01/27 14:57:46 stevesk Exp $");
#include "ssh.h"
#include "ssh1.h"
* an error occurs.
*/
int
-x11_create_display_inet(int x11_display_offset, int gateway_ports,
+x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
int single_connection)
{
Channel *nc = NULL;
port = 6000 + display_number;
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
- hints.ai_flags = gateway_ports ? AI_PASSIVE : 0;
+ hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.98 2002/01/22 02:52:41 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.99 2002/01/27 14:57:46 stevesk Exp $");
#if defined(KRB4) || defined(KRB5)
#include <krb.h>
options->print_lastlog = -1;
options->x11_forwarding = -1;
options->x11_display_offset = -1;
+ options->x11_use_localhost = -1;
options->xauth_location = NULL;
options->strict_modes = -1;
options->keepalives = -1;
options->x11_forwarding = 0;
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
+ if (options->x11_use_localhost == -1)
+ options->x11_use_localhost = 1;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
if (options->strict_modes == -1)
sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
- sX11Forwarding, sX11DisplayOffset,
+ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
sStrictModes, sEmptyPasswd, sKeepAlives,
sUseLogin, sAllowTcpForwarding,
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
{ "x11forwarding", sX11Forwarding },
{ "x11displayoffset", sX11DisplayOffset },
+ { "x11uselocalhost", sX11UseLocalhost },
{ "xauthlocation", sXAuthLocation },
{ "strictmodes", sStrictModes },
{ "permitemptypasswords", sEmptyPasswd },
intptr = &options->x11_display_offset;
goto parse_int;
+ case sX11UseLocalhost:
+ intptr = &options->x11_use_localhost;
+ goto parse_flag;
+
case sXAuthLocation:
charptr = &options->xauth_location;
goto parse_filename;
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: servconf.h,v 1.51 2001/12/19 07:18:56 deraadt Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.52 2002/01/27 14:57:46 stevesk Exp $"); */
#ifndef SERVCONF_H
#define SERVCONF_H
int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */
int x11_display_offset; /* What DISPLAY number to start
* searching at */
+ int x11_use_localhost; /* If true, use localhost for fake X11 server. */
char *xauth_location; /* Location of xauth program */
int strict_modes; /* If true, require string home dir modes. */
int keepalives; /* If true, set SO_KEEPALIVE. */
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.118 2002/01/26 16:44:22 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.119 2002/01/27 14:57:46 stevesk Exp $");
#include "ssh.h"
#include "ssh1.h"
return 0;
}
s->display_number = x11_create_display_inet(options.x11_display_offset,
- options.gateway_ports, s->single_connection);
+ options.x11_use_localhost, s->single_connection);
if (s->display_number == -1) {
debug("x11_create_display_inet failed.");
return 0;
* authorization entry is added with xauth(1). This will be
* different than the DISPLAY string for localhost displays.
*/
- if (!options.gateway_ports) {
+ if (options.x11_use_localhost) {
snprintf(display, sizeof display, "localhost:%d.%d",
s->display_number, s->screen);
snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.163 2002/01/18 20:46:34 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.164 2002/01/27 14:57:46 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
X11 forwarding is automatically disabled if
.Cm UseLogin
is enabled.
+.It Cm X11UseLocalhost
+Specifies whether
+.Nm
+should bind the X11 forwarding server to the loopback address or to
+the wildcard address. By default,
+.Nm
+binds the forwarding server to the loopback address and sets the
+hostname part of the
+.Ev DISPLAY
+environment variable to
+.Dq localhost .
+This prevents remote hosts from connecting to the fake display.
+However, some older X11 clients may not function with this
+configuration.
+.Cm X11UseLocalhost
+may be set to
+.Dq no
+to specify that the forwarding server should be bound to the wildcard
+address.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
.It Cm XAuthLocation
Specifies the location of the
.Xr xauth 1
-# $OpenBSD: sshd_config,v 1.44 2002/01/16 17:40:23 stevesk Exp $
+# $OpenBSD: sshd_config,v 1.45 2002/01/27 14:57:46 stevesk Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
#X11Forwarding no
#X11DisplayOffset 10
+#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
andersk / openssh.git / commitdiff
