diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2000-10-27 07:48:23 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-10-27 07:48:23 +0000 |
| commit | 251964d617c7b2d2473c729fb299d05fd345f17c (patch) | |
| tree | 14dde050ee0fc4dd98900d527f6d89f511bb102c | |
| parent | d52d9fb42002a754102b0b0abb5d9c8b454d226b (diff) | |
deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
| -rw-r--r-- | usr.bin/ssh/channels.c | 24 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 16 |
3 files changed, 37 insertions, 7 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 8d4da196ebc..81bd71598f1 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.71 2000/10/27 07:32:17 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -1991,6 +1991,28 @@ x11_input_open(int type, int plen, void *ctxt) } } +/* dummy protocol handler that denies SSH-1 requests (agent/x11) */ +void +deny_input_open(int type, int plen, void *ctxt) +{ + int rchan = packet_get_int(); + switch(type){ + case SSH_SMSG_AGENT_OPEN: + error("Warning: ssh server tried agent forwarding."); + break; + case SSH_SMSG_X11_OPEN: + error("Warning: ssh server tried X11 forwarding."); + break; + default: + error("deny_input_open: type %d plen %d", type, plen); + break; + } + error("Warning: this is probably a break in attempt by a malicious server."); + packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); + packet_put_int(rchan); + packet_send(); +} + /* * Requests forwarding of X11 connections, generates fake authentication * data, and enables authentication spoofing. diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index c4a9baac3fb..00526860c3f 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -32,7 +32,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: channels.h,v 1.21 2000/10/27 07:32:18 markus Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.22 2000/10/27 07:48:22 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -134,6 +134,8 @@ void channel_set_fds(int id, int rfd, int wfd, int efd, int extusage, int nonblock); +void deny_input_open(int type, int plen, void *ctxt); + void channel_input_channel_request(int type, int plen, void *ctxt); void channel_input_close(int type, int plen, void *ctxt); void channel_input_close_confirmation(int type, int plen, void *ctxt); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 7fe7bc1570a..bccb9be2f85 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.38 2000/10/27 07:32:18 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.38 2000/10/27 07:32:18 markus Exp $"); #include "buffer.h" #include "bufaux.h" + +/* import options */ +extern Options options; + /* Flag indicating that stdin should be redirected from /dev/null. */ extern int stdin_null_flag; @@ -790,7 +794,6 @@ simple_escape_filter(Channel *c, char *buf, int len) int client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) { - extern Options options; double start_time, total_time; int len; char buf[100]; @@ -1033,7 +1036,7 @@ client_input_channel_open(int type, int plen, void *ctxt) debug("client_input_channel_open: ctype %s rchan %d win %d max %d", ctype, rchan, rwindow, rmaxpack); - if (strcmp(ctype, "x11") == 0) { + if (strcmp(ctype, "x11") == 0 && options.forward_x11) { int sock; char *originator; int originator_port; @@ -1105,11 +1108,14 @@ client_init_dispatch_13() dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); - dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request); dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); - dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); + + dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? + &auth_input_open_request : &deny_input_open); + dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? + &x11_input_open : &deny_input_open); } void client_init_dispatch_15() |