- (stevesk) OpenBSD CVS sync X11 localhost display

- stevesk@cvs.openbsd.org 2001/11/29 14:10:51 [channels.h channels.c session.c] sshd X11 fake server will now listen on localhost by default: $ echo $DISPLAY localhost:12.0 $ netstat -an|grep 6012 tcp 0 0 127.0.0.1.6012 *.* LISTEN tcp6 0 0 ::1.6012 *.* LISTEN sshd_config gatewayports=yes can be used to revert back to the old behavior. will control this with another option later. ok markus@ - stevesk@cvs.openbsd.org 2001/12/19 08:43:11 [includes.h session.c] handle utsname.nodename case for FamilyLocal X authorization; ok markus@
author: Kevin Steves <stevesk@pobox.com> 2001-12-19 17:58:01 +0000
committer: Kevin Steves <stevesk@pobox.com> 2001-12-19 17:58:01 +0000
commit: 366298c696e8c5b27bd27d683ea7b8bf30564362 (patch)
tree: 0bc22c3d8df006b97799a6ff491fe15ed6da8cdd /session.c
parent: 73f57be5003c6c36d74c90a14156e2f88946ee6c (diff)
1 files changed, 77 insertions, 16 deletions
diff --git a/session.c b/session.c
index 1d7291e6f..cc3fb0448 100644
--- a/session.c
+++ b/session.c
@@ -108,8 +108,10 @@ struct Session {
        int     row, col, xpixel, ypixel;
        char    tty[TTYSZ];
        /* X11 */
+        int     display_number;
        char    *display;
        int     screen;
+        char    *auth_display[2];
        char    *auth_proto;
        char    *auth_data;
        int     single_connection;
@@ -1418,32 +1420,28 @@ do_child(Session *s, const char *command)
                                    _PATH_SSH_SYSTEM_RC);
                } else if (do_xauth && options.xauth_location != NULL) {
                        /* Add authority data to .Xauthority if appropriate. */
-                        char *screen = strchr(s->display, ':');
                        if (debug_flag) {
                                fprintf(stderr,
                                    "Running %.100s add "
                                    "%.100s %.100s %.100s\n",
-                                    options.xauth_location, s->display,
+                                    options.xauth_location, s->auth_display[0],
                                    s->auth_proto, s->auth_data);
-                                if (screen != NULL)
+                                if (s->auth_display[1])
                                        fprintf(stderr,
-                                            "Adding %.*s/unix%s %s %s\n",
+                                            "add %.100s %.100s %.100s\n",
-                                            (int)(screen - s->display),
+                                            s->auth_display[1],
-                                            s->display, screen,
                                            s->auth_proto, s->auth_data);
                        }
                        snprintf(cmd, sizeof cmd, "%s -q -",
                            options.xauth_location);
                        f = popen(cmd, "w");
                        if (f) {
-                                fprintf(f, "add %s %s %s\n", s->display,
+                                fprintf(f, "add %s %s %s\n",
-                                    s->auth_proto, s->auth_data);
+                                    s->auth_display[0], s->auth_proto,
-                                if (screen != NULL)
+                                    s->auth_data);
-                                        fprintf(f, "add %.*s/unix%s %s %s\n",
+                                if (s->auth_display[1])
-                                            (int)(screen - s->display),
+                                        fprintf(f, "add %s %s %s\n",
-                                            s->display, screen,
+                                            s->auth_display[1], s->auth_proto,
-                                            s->auth_proto,
                                            s->auth_data);
                                pclose(f);
                        } else {
@@ -1943,6 +1941,10 @@ session_close(Session *s)
                xfree(s->term);
        if (s->display)
                xfree(s->display);
+        if (s->auth_display[0])
+                xfree(s->auth_display[0]);
+        if (s->auth_display[1])
+                xfree(s->auth_display[1]);
        if (s->auth_data)
                xfree(s->auth_data);
        if (s->auth_proto)
@@ -2038,6 +2040,8 @@ int
 session_setup_x11fwd(Session *s)
 {
        struct stat st;
+        char display[512], auth_display[512];
+        char hostname[MAXHOSTNAMELEN];
        if (no_x11_forwarding_flag) {
                packet_send_debug("X11 forwarding disabled in user configuration file.");
@@ -2061,11 +2065,68 @@ session_setup_x11fwd(Session *s)
                debug("X11 display already set.");
                return 0;
        }
-        s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
+        s->display_number = x11_create_display_inet(options.x11_display_offset,
-        if (s->display == NULL) {
+            options.gateway_ports);
+        if (s->display_number == -1) {
                debug("x11_create_display_inet failed.");
                return 0;
        }
+        /* Set up a suitable value for the DISPLAY variable. */
+        if (gethostname(hostname, sizeof(hostname)) < 0)
+                fatal("gethostname: %.100s", strerror(errno));
+        /*
+         * auth_display must be used as the displayname when the
+         * authorization entry is added with xauth(1).  This will be
+         * different than the DISPLAY string for localhost displays.
+         */
+        s->auth_display[1] = NULL;
+        if (!options.gateway_ports) {
+                struct utsname uts;
+                snprintf(display, sizeof display, "localhost:%d.%d",
+                    s->display_number, s->screen);
+                snprintf(auth_display, sizeof auth_display, "%.400s/unix:%d.%d",
+                    hostname, s->display_number, s->screen);
+                s->display = xstrdup(display);
+                s->auth_display[0] = xstrdup(auth_display);
+                /*
+                 * Xlib may use gethostbyname() or uname() hostname to
+                 * look up authorization data for FamilyLocal; see:
+                 * xc/lib/xtrans/Xtrans.c:TRANS(GetHostname)
+                 * We just add authorization entries with both
+                 * hostname and nodename if they are different.
+                 */
+                if (uname(&uts) == -1)
+                        fatal("uname: %.100s", strerror(errno));
+                if (strcmp(hostname, uts.nodename) != 0) {
+                        snprintf(auth_display, sizeof auth_display,
+                            "%.400s/unix:%d.%d", uts.nodename,
+                            s->display_number, s->screen);
+                        s->auth_display[1] = xstrdup(auth_display);
+                }
+        } else {
+#ifdef IPADDR_IN_DISPLAY
+                struct hostent *he;
+                struct in_addr my_addr;
+                he = gethostbyname(hostname);
+                if (he == NULL) {
+                        error("Can't get IP address for X11 DISPLAY.");
+                        packet_send_debug("Can't get IP address for X11 DISPLAY.");
+                        return 0;
+                }
+                memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
+                snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
+                    s->display_number, s->screen);
+#else
+                snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
+                    s->display_number, s->screen);
+#endif
+                s->display = xstrdup(display);
+                s->auth_display[0] = xstrdup(display);
+        }
        return 1;
 }
author	Kevin Steves <stevesk@pobox.com>	2001-12-19 17:58:01 +0000
committer	Kevin Steves <stevesk@pobox.com>	2001-12-19 17:58:01 +0000
commit	366298c696e8c5b27bd27d683ea7b8bf30564362 (patch)
tree	0bc22c3d8df006b97799a6ff491fe15ed6da8cdd /session.c
parent	73f57be5003c6c36d74c90a14156e2f88946ee6c (diff)

diff --git a/session.c b/session.c index 1d7291e6f..cc3fb0448 100644 --- a/session.c +++ b/session.c
@@ -108,8 +108,10 @@ struct Session {
108	int row, col, xpixel, ypixel;	108	int row, col, xpixel, ypixel;
109	char tty[TTYSZ];	109	char tty[TTYSZ];
110	/* X11 */	110	/* X11 */
		111	int display_number;
111	char *display;	112	char *display;
112	int screen;	113	int screen;
		114	char *auth_display[2];
113	char *auth_proto;	115	char *auth_proto;
114	char *auth_data;	116	char *auth_data;
115	int single_connection;	117	int single_connection;
@@ -1418,32 +1420,28 @@ do_child(Session s, const char command)
1418	_PATH_SSH_SYSTEM_RC);	1420	_PATH_SSH_SYSTEM_RC);
1419	} else if (do_xauth && options.xauth_location != NULL) {	1421	} else if (do_xauth && options.xauth_location != NULL) {
1420	/* Add authority data to .Xauthority if appropriate. */	1422	/* Add authority data to .Xauthority if appropriate. */
1421	char *screen = strchr(s->display, ':');
1422
1423	if (debug_flag) {	1423	if (debug_flag) {
1424	fprintf(stderr,	1424	fprintf(stderr,
1425	"Running %.100s add "	1425	"Running %.100s add "
1426	"%.100s %.100s %.100s\n",	1426	"%.100s %.100s %.100s\n",
1427	options.xauth_location, s->display,	1427	options.xauth_location, s->auth_display[0],
1428	s->auth_proto, s->auth_data);	1428	s->auth_proto, s->auth_data);
1429	if (screen != NULL)	1429	if (s->auth_display[1])
1430	fprintf(stderr,	1430	fprintf(stderr,
1431	"Adding %.*s/unix%s %s %s\n",	1431	"add %.100s %.100s %.100s\n",
1432	(int)(screen - s->display),	1432	s->auth_display[1],
1433	s->display, screen,
1434	s->auth_proto, s->auth_data);	1433	s->auth_proto, s->auth_data);
1435	}	1434	}
1436	snprintf(cmd, sizeof cmd, "%s -q -",	1435	snprintf(cmd, sizeof cmd, "%s -q -",
1437	options.xauth_location);	1436	options.xauth_location);
1438	f = popen(cmd, "w");	1437	f = popen(cmd, "w");
1439	if (f) {	1438	if (f) {
1440	fprintf(f, "add %s %s %s\n", s->display,	1439	fprintf(f, "add %s %s %s\n",
1441	s->auth_proto, s->auth_data);	1440	s->auth_display[0], s->auth_proto,
1442	if (screen != NULL)	1441	s->auth_data);
1443	fprintf(f, "add %.*s/unix%s %s %s\n",	1442	if (s->auth_display[1])
1444	(int)(screen - s->display),	1443	fprintf(f, "add %s %s %s\n",
1445	s->display, screen,	1444	s->auth_display[1], s->auth_proto,
1446	s->auth_proto,
1447	s->auth_data);	1445	s->auth_data);
1448	pclose(f);	1446	pclose(f);
1449	} else {	1447	} else {
@@ -1943,6 +1941,10 @@ session_close(Session *s)
1943	xfree(s->term);	1941	xfree(s->term);
1944	if (s->display)	1942	if (s->display)
1945	xfree(s->display);	1943	xfree(s->display);
		1944	if (s->auth_display[0])
		1945	xfree(s->auth_display[0]);
		1946	if (s->auth_display[1])
		1947	xfree(s->auth_display[1]);
1946	if (s->auth_data)	1948	if (s->auth_data)
1947	xfree(s->auth_data);	1949	xfree(s->auth_data);
1948	if (s->auth_proto)	1950	if (s->auth_proto)
@@ -2038,6 +2040,8 @@ int
2038	session_setup_x11fwd(Session *s)	2040	session_setup_x11fwd(Session *s)
2039	{	2041	{
2040	struct stat st;	2042	struct stat st;
		2043	char display[512], auth_display[512];
		2044	char hostname[MAXHOSTNAMELEN];
2041		2045
2042	if (no_x11_forwarding_flag) {	2046	if (no_x11_forwarding_flag) {
2043	packet_send_debug("X11 forwarding disabled in user configuration file.");	2047	packet_send_debug("X11 forwarding disabled in user configuration file.");
@@ -2061,11 +2065,68 @@ session_setup_x11fwd(Session *s)
2061	debug("X11 display already set.");	2065	debug("X11 display already set.");
2062	return 0;	2066	return 0;
2063	}	2067	}
2064	s->display = x11_create_display_inet(s->screen, options.x11_display_offset);	2068	s->display_number = x11_create_display_inet(options.x11_display_offset,
2065	if (s->display == NULL) {	2069	options.gateway_ports);
		2070	if (s->display_number == -1) {
2066	debug("x11_create_display_inet failed.");	2071	debug("x11_create_display_inet failed.");
2067	return 0;	2072	return 0;
2068	}	2073	}
		2074
		2075	/* Set up a suitable value for the DISPLAY variable. */
		2076	if (gethostname(hostname, sizeof(hostname)) < 0)
		2077	fatal("gethostname: %.100s", strerror(errno));
		2078	/*
		2079	* auth_display must be used as the displayname when the
		2080	* authorization entry is added with xauth(1). This will be
		2081	* different than the DISPLAY string for localhost displays.
		2082	*/
		2083	s->auth_display[1] = NULL;
		2084	if (!options.gateway_ports) {
		2085	struct utsname uts;
		2086
		2087	snprintf(display, sizeof display, "localhost:%d.%d",
		2088	s->display_number, s->screen);
		2089	snprintf(auth_display, sizeof auth_display, "%.400s/unix:%d.%d",
		2090	hostname, s->display_number, s->screen);
		2091	s->display = xstrdup(display);
		2092	s->auth_display[0] = xstrdup(auth_display);
		2093	/*
		2094	* Xlib may use gethostbyname() or uname() hostname to
		2095	* look up authorization data for FamilyLocal; see:
		2096	* xc/lib/xtrans/Xtrans.c:TRANS(GetHostname)
		2097	* We just add authorization entries with both
		2098	* hostname and nodename if they are different.
		2099	*/
		2100	if (uname(&uts) == -1)
		2101	fatal("uname: %.100s", strerror(errno));
		2102	if (strcmp(hostname, uts.nodename) != 0) {
		2103	snprintf(auth_display, sizeof auth_display,
		2104	"%.400s/unix:%d.%d", uts.nodename,
		2105	s->display_number, s->screen);
		2106	s->auth_display[1] = xstrdup(auth_display);
		2107	}
		2108	} else {
		2109	#ifdef IPADDR_IN_DISPLAY
		2110	struct hostent *he;
		2111	struct in_addr my_addr;
		2112
		2113	he = gethostbyname(hostname);
		2114	if (he == NULL) {
		2115	error("Can't get IP address for X11 DISPLAY.");
		2116	packet_send_debug("Can't get IP address for X11 DISPLAY.");
		2117	return 0;
		2118	}
		2119	memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
		2120	snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
		2121	s->display_number, s->screen);
		2122	#else
		2123	snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
		2124	s->display_number, s->screen);
		2125	#endif
		2126	s->display = xstrdup(display);
		2127	s->auth_display[0] = xstrdup(display);
		2128	}
		2129
2069	return 1;	2130	return 1;
2070	}	2131	}
2071		2132