diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-21 12:46:22 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-21 22:49:27 +1000 |
commit | b5e412a8993ad17b9e1141c78408df15d3d987e1 (patch) | |
tree | 3dc7a5be35019f5afac2d4fa1587a9befd3e7d9b | |
parent | cb24d9fcc901429d77211f274031653476864ec6 (diff) |
upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
-rw-r--r-- | clientloop.c | 43 | ||||
-rw-r--r-- | ssh_config.5 | 6 |
2 files changed, 33 insertions, 16 deletions
diff --git a/clientloop.c b/clientloop.c index ad35cb7ba..8d312cdaa 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -279,7 +279,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, | |||
279 | const char *xauth_path, u_int trusted, u_int timeout, | 279 | const char *xauth_path, u_int trusted, u_int timeout, |
280 | char **_proto, char **_data) | 280 | char **_proto, char **_data) |
281 | { | 281 | { |
282 | char cmd[1024], line[512], xdisplay[512]; | 282 | char *cmd, line[512], xdisplay[512]; |
283 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; | 283 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; |
284 | static char proto[512], data[512]; | 284 | static char proto[512], data[512]; |
285 | FILE *f; | 285 | FILE *f; |
@@ -343,19 +343,30 @@ client_x11_get_proto(struct ssh *ssh, const char *display, | |||
343 | return -1; | 343 | return -1; |
344 | } | 344 | } |
345 | 345 | ||
346 | if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) | 346 | if (timeout == 0) { |
347 | x11_timeout_real = UINT_MAX; | 347 | /* auth doesn't time out */ |
348 | else | 348 | xasprintf(&cmd, "%s -f %s generate %s %s " |
349 | x11_timeout_real = timeout + X11_TIMEOUT_SLACK; | 349 | "untrusted 2>%s", |
350 | if ((r = snprintf(cmd, sizeof(cmd), | 350 | xauth_path, xauthfile, display, |
351 | "%s -f %s generate %s " SSH_X11_PROTO | 351 | SSH_X11_PROTO, _PATH_DEVNULL); |
352 | " untrusted timeout %u 2>" _PATH_DEVNULL, | 352 | } else { |
353 | xauth_path, xauthfile, display, | 353 | /* Add some slack to requested expiry */ |
354 | x11_timeout_real)) < 0 || | 354 | if (timeout < UINT_MAX - X11_TIMEOUT_SLACK) |
355 | (size_t)r >= sizeof(cmd)) | 355 | x11_timeout_real = timeout + |
356 | fatal("%s: cmd too long", __func__); | 356 | X11_TIMEOUT_SLACK; |
357 | else { | ||
358 | /* Don't overflow on long timeouts */ | ||
359 | x11_timeout_real = UINT_MAX; | ||
360 | } | ||
361 | xasprintf(&cmd, "%s -f %s generate %s %s " | ||
362 | "untrusted timeout %u 2>%s", | ||
363 | xauth_path, xauthfile, display, | ||
364 | SSH_X11_PROTO, x11_timeout_real, | ||
365 | _PATH_DEVNULL); | ||
366 | } | ||
357 | debug2("%s: %s", __func__, cmd); | 367 | debug2("%s: %s", __func__, cmd); |
358 | if (x11_refuse_time == 0) { | 368 | |
369 | if (timeout != 0 && x11_refuse_time == 0) { | ||
359 | now = monotime() + 1; | 370 | now = monotime() + 1; |
360 | if (UINT_MAX - timeout < now) | 371 | if (UINT_MAX - timeout < now) |
361 | x11_refuse_time = UINT_MAX; | 372 | x11_refuse_time = UINT_MAX; |
@@ -366,6 +377,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, | |||
366 | } | 377 | } |
367 | if (system(cmd) == 0) | 378 | if (system(cmd) == 0) |
368 | generated = 1; | 379 | generated = 1; |
380 | free(cmd); | ||
369 | } | 381 | } |
370 | 382 | ||
371 | /* | 383 | /* |
@@ -374,7 +386,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, | |||
374 | * above. | 386 | * above. |
375 | */ | 387 | */ |
376 | if (trusted || generated) { | 388 | if (trusted || generated) { |
377 | snprintf(cmd, sizeof(cmd), | 389 | xasprintf(&cmd, |
378 | "%s %s%s list %s 2>" _PATH_DEVNULL, | 390 | "%s %s%s list %s 2>" _PATH_DEVNULL, |
379 | xauth_path, | 391 | xauth_path, |
380 | generated ? "-f " : "" , | 392 | generated ? "-f " : "" , |
@@ -387,6 +399,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, | |||
387 | got_data = 1; | 399 | got_data = 1; |
388 | if (f) | 400 | if (f) |
389 | pclose(f); | 401 | pclose(f); |
402 | free(cmd); | ||
390 | } | 403 | } |
391 | } | 404 | } |
392 | 405 | ||
diff --git a/ssh_config.5 b/ssh_config.5 index 2df1165f1..27136dbd6 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.284 2018/09/21 03:11:36 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $ |
37 | .Dd $Mdocdate: September 21 2018 $ | 37 | .Dd $Mdocdate: September 21 2018 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -686,6 +686,10 @@ section of | |||
686 | X11 connections received by | 686 | X11 connections received by |
687 | .Xr ssh 1 | 687 | .Xr ssh 1 |
688 | after this time will be refused. | 688 | after this time will be refused. |
689 | Setting | ||
690 | .Cm ForwardX11Timeout | ||
691 | to zero will disable the timeout and permit X11 forwarding for the life | ||
692 | of the connection. | ||
689 | The default is to disable untrusted X11 forwarding after twenty minutes has | 693 | The default is to disable untrusted X11 forwarding after twenty minutes has |
690 | elapsed. | 694 | elapsed. |
691 | .It Cm ForwardX11Trusted | 695 | .It Cm ForwardX11Trusted |