From f272793f5a9a415b4e8900c62b3872667bbd1364 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 16 Jun 2005 03:38:37 +0000 Subject: move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd easier later; ok deraadt@ --- usr.bin/ssh/channels.c | 10 ++-- usr.bin/ssh/channels.h | 5 +- usr.bin/ssh/clientloop.c | 105 ++++++++++++++++++++++++++++++++++++++- usr.bin/ssh/clientloop.h | 4 +- usr.bin/ssh/ssh.c | 126 ++++++----------------------------------------- 5 files changed, 129 insertions(+), 121 deletions(-) diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index b387cddc731..dcc161d1147 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.215 2005/06/16 03:38:36 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2918,7 +2918,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) * This should be called in the client only. */ void -x11_request_forwarding_with_spoofing(int client_session_id, +x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, const char *proto, const char *data) { u_int data_len = (u_int) strlen(data) / 2; @@ -2928,9 +2928,9 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *cp; u_int32_t rnd = 0; - cp = getenv("DISPLAY"); - if (cp) - cp = strchr(cp, ':'); + cp = disp; + if (disp) + cp = strchr(disp, ':'); if (cp) cp = strchr(cp, '.'); if (cp) diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index fed481f3997..071d6833906 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.76 2005/03/01 10:09:52 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.77 2005/06/16 03:38:36 djm Exp $ */ /* * Author: Tatu Ylonen @@ -215,7 +215,8 @@ int channel_cancel_rport_listener(const char *, u_short); int x11_connect_display(void); int x11_create_display_inet(int, int, int, u_int *); void x11_input_open(int, u_int32_t, void *); -void x11_request_forwarding_with_spoofing(int, const char *, const char *); +void x11_request_forwarding_with_spoofing(int, const char *, const char *, + const char *); void deny_input_open(int, u_int32_t, void *); /* agent forwarding */ diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index ae4dce820a9..ee36cc9e52c 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.137 2005/06/08 11:25:09 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -208,6 +208,109 @@ get_current_time(void) return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; } +#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" +void +client_x11_get_proto(const char *display, const char *xauth_path, + u_int trusted, char **_proto, char **_data) +{ + char cmd[1024]; + char line[512]; + char xdisplay[512]; + static char proto[512], data[512]; + FILE *f; + int got_data = 0, generated = 0, do_unlink = 0, i; + char *xauthdir, *xauthfile; + struct stat st; + + xauthdir = xauthfile = NULL; + *_proto = proto; + *_data = data; + proto[0] = data[0] = '\0'; + + if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { + debug("No xauth program."); + } else { + if (display == NULL) { + debug("x11_get_proto: DISPLAY not set"); + return; + } + /* + * Handle FamilyLocal case where $DISPLAY does + * not match an authorization entry. For this we + * just try "xauth list unix:displaynum.screennum". + * XXX: "localhost" match to determine FamilyLocal + * is not perfect. + */ + if (strncmp(display, "localhost:", 10) == 0) { + snprintf(xdisplay, sizeof(xdisplay), "unix:%s", + display + 10); + display = xdisplay; + } + if (trusted == 0) { + xauthdir = xmalloc(MAXPATHLEN); + xauthfile = xmalloc(MAXPATHLEN); + strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); + if (mkdtemp(xauthdir) != NULL) { + do_unlink = 1; + snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", + xauthdir); + snprintf(cmd, sizeof(cmd), + "%s -f %s generate %s " SSH_X11_PROTO + " untrusted timeout 1200 2>" _PATH_DEVNULL, + xauth_path, xauthfile, display); + debug2("x11_get_proto: %s", cmd); + if (system(cmd) == 0) + generated = 1; + } + } + snprintf(cmd, sizeof(cmd), + "%s %s%s list %s . 2>" _PATH_DEVNULL, + xauth_path, + generated ? "-f " : "" , + generated ? xauthfile : "", + display); + debug2("x11_get_proto: %s", cmd); + f = popen(cmd, "r"); + if (f && fgets(line, sizeof(line), f) && + sscanf(line, "%*s %511s %511s", proto, data) == 2) + got_data = 1; + if (f) + pclose(f); + } + + if (do_unlink) { + unlink(xauthfile); + rmdir(xauthdir); + } + if (xauthdir) + xfree(xauthdir); + if (xauthfile) + xfree(xauthfile); + + /* + * If we didn't get authentication data, just make up some + * data. The forwarding code will check the validity of the + * response anyway, and substitute this data. The X11 + * server, however, will ignore this fake data and use + * whatever authentication mechanisms it was using otherwise + * for the local connection. + */ + if (!got_data) { + u_int32_t rnd = 0; + + logit("Warning: No xauth data; " + "using fake authentication data for X11 forwarding."); + strlcpy(proto, SSH_X11_PROTO, sizeof proto); + for (i = 0; i < 16; i++) { + if (i % 4 == 0) + rnd = arc4random(); + snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", + rnd & 0xff); + rnd >>= 8; + } + } +} + /* * This is called when the interactive is entered. This checks if there is * an EOF coming on stdin. We must check this explicitly, as select() does diff --git a/usr.bin/ssh/clientloop.h b/usr.bin/ssh/clientloop.h index b23c111cbd6..71c61b5d2a6 100644 --- a/usr.bin/ssh/clientloop.h +++ b/usr.bin/ssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.13 2005/06/16 03:38:36 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,6 +37,8 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); +void client_x11_get_proto(const char *, const char *, u_int, + char **, char **); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index a6e7e75778b..4c34123f2de 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.242 2005/06/08 11:25:09 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.243 2005/06/16 03:38:36 djm Exp $"); #include #include @@ -739,110 +739,6 @@ again: return exit_status; } -#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" - -static void -x11_get_proto(char **_proto, char **_data) -{ - char cmd[1024]; - char line[512]; - char xdisplay[512]; - static char proto[512], data[512]; - FILE *f; - int got_data = 0, generated = 0, do_unlink = 0, i; - char *display, *xauthdir, *xauthfile; - struct stat st; - - xauthdir = xauthfile = NULL; - *_proto = proto; - *_data = data; - proto[0] = data[0] = '\0'; - - if (!options.xauth_location || - (stat(options.xauth_location, &st) == -1)) { - debug("No xauth program."); - } else { - if ((display = getenv("DISPLAY")) == NULL) { - debug("x11_get_proto: DISPLAY not set"); - return; - } - /* - * Handle FamilyLocal case where $DISPLAY does - * not match an authorization entry. For this we - * just try "xauth list unix:displaynum.screennum". - * XXX: "localhost" match to determine FamilyLocal - * is not perfect. - */ - if (strncmp(display, "localhost:", 10) == 0) { - snprintf(xdisplay, sizeof(xdisplay), "unix:%s", - display + 10); - display = xdisplay; - } - if (options.forward_x11_trusted == 0) { - xauthdir = xmalloc(MAXPATHLEN); - xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); - if (mkdtemp(xauthdir) != NULL) { - do_unlink = 1; - snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", - xauthdir); - snprintf(cmd, sizeof(cmd), - "%s -f %s generate %s " SSH_X11_PROTO - " untrusted timeout 1200 2>" _PATH_DEVNULL, - options.xauth_location, xauthfile, display); - debug2("x11_get_proto: %s", cmd); - if (system(cmd) == 0) - generated = 1; - } - } - snprintf(cmd, sizeof(cmd), - "%s %s%s list %s . 2>" _PATH_DEVNULL, - options.xauth_location, - generated ? "-f " : "" , - generated ? xauthfile : "", - display); - debug2("x11_get_proto: %s", cmd); - f = popen(cmd, "r"); - if (f && fgets(line, sizeof(line), f) && - sscanf(line, "%*s %511s %511s", proto, data) == 2) - got_data = 1; - if (f) - pclose(f); - } - - if (do_unlink) { - unlink(xauthfile); - rmdir(xauthdir); - } - if (xauthdir) - xfree(xauthdir); - if (xauthfile) - xfree(xauthfile); - - /* - * If we didn't get authentication data, just make up some - * data. The forwarding code will check the validity of the - * response anyway, and substitute this data. The X11 - * server, however, will ignore this fake data and use - * whatever authentication mechanisms it was using otherwise - * for the local connection. - */ - if (!got_data) { - u_int32_t rnd = 0; - - logit("Warning: No xauth data; " - "using fake authentication data for X11 forwarding."); - strlcpy(proto, SSH_X11_PROTO, sizeof proto); - for (i = 0; i < 16; i++) { - if (i % 4 == 0) - rnd = arc4random(); - snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", - rnd & 0xff); - rnd >>= 8; - } - } -} - static void ssh_init_forwarding(void) { @@ -905,6 +801,7 @@ ssh_session(void) int have_tty = 0; struct winsize ws; char *cp; + const char *display; /* Enable compression if requested. */ if (options.compression) { @@ -966,13 +863,15 @@ ssh_session(void) packet_disconnect("Protocol error waiting for pty request response."); } /* Request X11 forwarding if enabled and DISPLAY is set. */ - if (options.forward_x11 && getenv("DISPLAY") != NULL) { + display = getenv("DISPLAY"); + if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ - x11_get_proto(&proto, &data); + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, &proto, &data); /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication spoofing."); - x11_request_forwarding_with_spoofing(0, proto, data); + x11_request_forwarding_with_spoofing(0, display, proto, data); /* Read response from the server. */ type = packet_read(); @@ -1113,15 +1012,18 @@ static void ssh_session2_setup(int id, void *arg) { extern char **environ; - + const char *display; int interactive = tty_flag; - if (options.forward_x11 && getenv("DISPLAY") != NULL) { + + display = getenv("DISPLAY"); + if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ - x11_get_proto(&proto, &data); + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, &proto, &data); /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication spoofing."); - x11_request_forwarding_with_spoofing(id, proto, data); + x11_request_forwarding_with_spoofing(id, display, proto, data); interactive = 1; /* XXX wait for reply */ } -- cgit v1.2.3