- djm@cvs.openbsd.org 2005/07/04 00:58:43

[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
author: Damien Miller <djm@mindrot.org> 2005-07-06 09:44:19 +1000
committer: Damien Miller <djm@mindrot.org> 2005-07-06 09:44:19 +1000
commit: 1339002e8b05d89b10767849d9ee9be55e460f4c (patch)
tree: 58e307b74579313f31732dfdf21f756d6a051ce9 /channels.c
parent: a7270309fc5e95b29c91d0190b13ef5a9b1df339 (diff)
1 files changed, 34 insertions, 27 deletions
diff --git a/channels.c b/channels.c
index b58902328..14ff166ae 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.218 2005/07/01 13:19:47 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.219 2005/07/04 00:58:42 djm Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -111,6 +111,9 @@ static int all_opens_permitted = 0;
 /* Maximum number of fake X11 displays to try. */
 #define MAX_DISPLAYS  1000
+/* Saved X11 local (client) display. */
+static char *x11_saved_display = NULL;
 /* Saved X11 authentication protocol name. */
 static char *x11_saved_proto = NULL;
@@ -2955,12 +2958,18 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
    const char *proto, const char *data)
 {
        u_int data_len = (u_int) strlen(data) / 2;
-        u_int i, value, len;
+        u_int i, value;
        char *new_data;
        int screen_number;
        const char *cp;
        u_int32_t rnd = 0;
+        if (x11_saved_display && strcmp(disp, x11_saved_display) != 0) {
+                error("x11_request_forwarding_with_spoofing: different "
+                    "$DISPLAY already forwarded");
+                return;
+        }
        cp = disp;
        if (disp)
                cp = strchr(disp, ':');
@@ -2971,33 +2980,31 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
        else
                screen_number = 0;
-        /* Save protocol name. */
+        if (x11_saved_proto == NULL) {
-        x11_saved_proto = xstrdup(proto);
+                /* Save protocol name. */
+                x11_saved_proto = xstrdup(proto);
-        /*
+                /*
-         * Extract real authentication data and generate fake data of the
+                 * Extract real authentication data and generate fake data 
-         * same length.
+                 * of the same length.
-         */
+                 */
-        x11_saved_data = xmalloc(data_len);
+                x11_saved_data = xmalloc(data_len);
-        x11_fake_data = xmalloc(data_len);
+                x11_fake_data = xmalloc(data_len);
-        for (i = 0; i < data_len; i++) {
+                for (i = 0; i < data_len; i++) {
-                if (sscanf(data + 2 * i, "%2x", &value) != 1)
+                        if (sscanf(data + 2 * i, "%2x", &value) != 1)
-                        fatal("x11_request_forwarding: bad authentication data: %.100s", data);
+                                fatal("x11_request_forwarding: bad "
-                if (i % 4 == 0)
+                                    "authentication data: %.100s", data);
-                        rnd = arc4random();
+                        if (i % 4 == 0)
-                x11_saved_data[i] = value;
+                                rnd = arc4random();
-                x11_fake_data[i] = rnd & 0xff;
+                        x11_saved_data[i] = value;
-                rnd >>= 8;
+                        x11_fake_data[i] = rnd & 0xff;
-        }
+                        rnd >>= 8;
-        x11_saved_data_len = data_len;
+                }
-        x11_fake_data_len = data_len;
+                x11_saved_data_len = data_len;
+                x11_fake_data_len = data_len;
+        }
        /* Convert the fake data into hex. */
-        len = 2 * data_len + 1;
+        new_data = tohex(x11_fake_data, data_len);
-        new_data = xmalloc(len);
-        for (i = 0; i < data_len; i++)
-                snprintf(new_data + 2 * i, len - 2 * i,
-                    "%02x", (u_char) x11_fake_data[i]);
        /* Send the request packet. */
        if (compat20) {
author	Damien Miller <djm@mindrot.org>	2005-07-06 09:44:19 +1000
committer	Damien Miller <djm@mindrot.org>	2005-07-06 09:44:19 +1000
commit	1339002e8b05d89b10767849d9ee9be55e460f4c (patch)
tree	58e307b74579313f31732dfdf21f756d6a051ce9 /channels.c
parent	a7270309fc5e95b29c91d0190b13ef5a9b1df339 (diff)

diff --git a/channels.c b/channels.c index b58902328..14ff166ae 100644 --- a/channels.c +++ b/channels.c
@@ -39,7 +39,7 @@
39	*/	39	*/
40		40
41	#include "includes.h"	41	#include "includes.h"
42	RCSID("$OpenBSD: channels.c,v 1.218 2005/07/01 13:19:47 markus Exp $");	42	RCSID("$OpenBSD: channels.c,v 1.219 2005/07/04 00:58:42 djm Exp $");
43		43
44	#include "ssh.h"	44	#include "ssh.h"
45	#include "ssh1.h"	45	#include "ssh1.h"
@@ -111,6 +111,9 @@ static int all_opens_permitted = 0;
111	/* Maximum number of fake X11 displays to try. */	111	/* Maximum number of fake X11 displays to try. */
112	#define MAX_DISPLAYS 1000	112	#define MAX_DISPLAYS 1000
113		113
		114	/* Saved X11 local (client) display. */
		115	static char *x11_saved_display = NULL;
		116
114	/* Saved X11 authentication protocol name. */	117	/* Saved X11 authentication protocol name. */
115	static char *x11_saved_proto = NULL;	118	static char *x11_saved_proto = NULL;
116		119
@@ -2955,12 +2958,18 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
2955	const char proto, const char data)	2958	const char proto, const char data)
2956	{	2959	{
2957	u_int data_len = (u_int) strlen(data) / 2;	2960	u_int data_len = (u_int) strlen(data) / 2;
2958	u_int i, value, len;	2961	u_int i, value;
2959	char *new_data;	2962	char *new_data;
2960	int screen_number;	2963	int screen_number;
2961	const char *cp;	2964	const char *cp;
2962	u_int32_t rnd = 0;	2965	u_int32_t rnd = 0;
2963		2966
		2967	if (x11_saved_display && strcmp(disp, x11_saved_display) != 0) {
		2968	error("x11_request_forwarding_with_spoofing: different "
		2969	"$DISPLAY already forwarded");
		2970	return;
		2971	}
		2972
2964	cp = disp;	2973	cp = disp;
2965	if (disp)	2974	if (disp)
2966	cp = strchr(disp, ':');	2975	cp = strchr(disp, ':');
@@ -2971,33 +2980,31 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
2971	else	2980	else
2972	screen_number = 0;	2981	screen_number = 0;
2973		2982
2974	/* Save protocol name. */	2983	if (x11_saved_proto == NULL) {
2975	x11_saved_proto = xstrdup(proto);	2984	/* Save protocol name. */
2976		2985	x11_saved_proto = xstrdup(proto);
2977	/*	2986	/*
2978	* Extract real authentication data and generate fake data of the	2987	* Extract real authentication data and generate fake data
2979	* same length.	2988	* of the same length.
2980	*/	2989	*/
2981	x11_saved_data = xmalloc(data_len);	2990	x11_saved_data = xmalloc(data_len);
2982	x11_fake_data = xmalloc(data_len);	2991	x11_fake_data = xmalloc(data_len);
2983	for (i = 0; i < data_len; i++) {	2992	for (i = 0; i < data_len; i++) {
2984	if (sscanf(data + 2 * i, "%2x", &value) != 1)	2993	if (sscanf(data + 2 * i, "%2x", &value) != 1)
2985	fatal("x11_request_forwarding: bad authentication data: %.100s", data);	2994	fatal("x11_request_forwarding: bad "
2986	if (i % 4 == 0)	2995	"authentication data: %.100s", data);
2987	rnd = arc4random();	2996	if (i % 4 == 0)
2988	x11_saved_data[i] = value;	2997	rnd = arc4random();
2989	x11_fake_data[i] = rnd & 0xff;	2998	x11_saved_data[i] = value;
2990	rnd >>= 8;	2999	x11_fake_data[i] = rnd & 0xff;
2991	}	3000	rnd >>= 8;
2992	x11_saved_data_len = data_len;	3001	}
2993	x11_fake_data_len = data_len;	3002	x11_saved_data_len = data_len;
		3003	x11_fake_data_len = data_len;
		3004	}
2994		3005
2995	/* Convert the fake data into hex. */	3006	/* Convert the fake data into hex. */
2996	len = 2 * data_len + 1;	3007	new_data = tohex(x11_fake_data, data_len);
2997	new_data = xmalloc(len);
2998	for (i = 0; i < data_len; i++)
2999	snprintf(new_data + 2 * i, len - 2 * i,
3000	"%02x", (u_char) x11_fake_data[i]);
3001		3008
3002	/* Send the request packet. */	3009	/* Send the request packet. */
3003	if (compat20) {	3010	if (compat20) {