7 files changed, 28 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 6a18e7193..577f5ecd2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,10 @@
     so please start testing it now.
     
     feedback dtucker@; ok markus@
+   - djm@cvs.openbsd.org 2011/06/22 22:08:42
+     [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
+     hook up a channel confirm callback to warn the user then requested X11
+     forwarding was refused by the server; ok markus@
 20110620
 - OpenBSD CVS Sync
diff --git a/channels.c b/channels.c
index 6abe2d012..24d4a9f42 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3562,7 +3562,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
 */
 void
 x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
-    const char *proto, const char *data)
+    const char *proto, const char *data, int want_reply)
 {
        u_int data_len = (u_int) strlen(data) / 2;
        u_int i, value;
@@ -3615,7 +3615,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
        /* Send the request packet. */
        if (compat20) {
-                channel_request_start(client_session_id, "x11-req", 0);
+                channel_request_start(client_session_id, "x11-req", want_reply);
                packet_put_char(0);     /* XXX bool single connection */
        } else {
                packet_start(SSH_CMSG_X11_REQUEST_FORWARDING);
diff --git a/channels.h b/channels.h
index 0680ed00e..e2941c85a 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -271,7 +271,7 @@ int	 x11_connect_display(void);
 int      x11_create_display_inet(int, int, int, u_int *, int **);
 void     x11_input_open(int, u_int32_t, void *);
 void     x11_request_forwarding_with_spoofing(int, const char *, const char *,
-             const char *);
+             const char *, int);
 void     deny_input_open(int, u_int32_t, void *);
 /* agent forwarding */
diff --git a/clientloop.c b/clientloop.c
index 7b7349bd7..c19b01f19 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.235 2011/06/17 21:57:25 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -174,7 +174,6 @@ struct escape_filter_ctx {
 };
 /* Context for channel confirmation replies */
-enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY };
 struct channel_reply_ctx {
        const char *request_type;
        int id;
@@ -801,7 +800,7 @@ client_abandon_status_confirm(Channel *c, void *ctx)
        xfree(ctx);
 }
-static void
+void
 client_expect_confirm(int id, const char *request,
    enum confirm_action action)
 {
diff --git a/clientloop.h b/clientloop.h
index ad588d14d..a259b5e14 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.27 2011/05/08 12:52:01 djm Exp $ */
+/* $OpenBSD: clientloop.h,v 1.28 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -56,6 +56,10 @@ int	 client_simple_escape_filter(Channel *, char *, int);
 typedef void global_confirm_cb(int, u_int32_t seq, void *);
 void     client_register_global_confirm(global_confirm_cb *, void *);
+/* Channel request confirmation callbacks */
+enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY };
+void client_expect_confirm(int, const char *, enum confirm_action);
 /* Multiplexing protocol version */
 #define SSHMUX_VER                      4
diff --git a/mux.c b/mux.c
index 101d7524b..add0e26b1 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.28 2011/05/08 12:52:01 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.29 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
 *
@@ -1214,8 +1214,10 @@ mux_session_confirm(int id, int success, void *arg)
                /* Request forwarding with authentication spoofing. */
                debug("Requesting X11 forwarding with authentication "
                    "spoofing.");
-                x11_request_forwarding_with_spoofing(id, display, proto, data);
+                x11_request_forwarding_with_spoofing(id, display, proto,
-                /* XXX wait for reply */
+                    data, 1);
+                client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
+                /* XXX exit_on_forward_failure */
        }
        if (cctx->want_agent_fwd && options.forward_agent) {
diff --git a/ssh.c b/ssh.c
index 900537581..97eb9c0d4 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.362 2011/06/03 00:54:38 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.363 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1239,8 +1239,8 @@ ssh_session(void)
                /* Request forwarding with authentication spoofing. */
                debug("Requesting X11 forwarding with authentication "
                    "spoofing.");
-                x11_request_forwarding_with_spoofing(0, display, proto, data);
+                x11_request_forwarding_with_spoofing(0, display, proto,
+                    data, 0);
                /* Read response from the server. */
                type = packet_read();
                if (type == SSH_SMSG_SUCCESS) {
@@ -1338,9 +1338,11 @@ ssh_session2_setup(int id, int success, void *arg)
                /* Request forwarding with authentication spoofing. */
                debug("Requesting X11 forwarding with authentication "
                    "spoofing.");
-                x11_request_forwarding_with_spoofing(id, display, proto, data);
+                x11_request_forwarding_with_spoofing(id, display, proto,
+                    data, 1);
+                client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
+                /* XXX exit_on_forward_failure */
                interactive = 1;
-                /* XXX wait for reply */
        }
        check_agent_present();

diff --git a/ChangeLog b/ChangeLog index 6a18e7193..577f5ecd2 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -23,6 +23,10 @@
23	so please start testing it now.	23	so please start testing it now.
24		24
25	feedback dtucker@; ok markus@	25	feedback dtucker@; ok markus@
		26	- djm@cvs.openbsd.org 2011/06/22 22:08:42
		27	[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
		28	hook up a channel confirm callback to warn the user then requested X11
		29	forwarding was refused by the server; ok markus@
26		30
27	20110620	31	20110620
28	- OpenBSD CVS Sync	32	- OpenBSD CVS Sync


diff --git a/channels.c b/channels.c index 6abe2d012..24d4a9f42 100644 --- a/channels.c +++ b/channels.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */	1	/* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3562,7 +3562,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
3562	*/	3562	*/
3563	void	3563	void
3564	x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,	3564	x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
3565	const char proto, const char data)	3565	const char proto, const char data, int want_reply)
3566	{	3566	{
3567	u_int data_len = (u_int) strlen(data) / 2;	3567	u_int data_len = (u_int) strlen(data) / 2;
3568	u_int i, value;	3568	u_int i, value;
@@ -3615,7 +3615,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
3615		3615
3616	/* Send the request packet. */	3616	/* Send the request packet. */
3617	if (compat20) {	3617	if (compat20) {
3618	channel_request_start(client_session_id, "x11-req", 0);	3618	channel_request_start(client_session_id, "x11-req", want_reply);
3619	packet_put_char(0); /* XXX bool single connection */	3619	packet_put_char(0); /* XXX bool single connection */
3620	} else {	3620	} else {
3621	packet_start(SSH_CMSG_X11_REQUEST_FORWARDING);	3621	packet_start(SSH_CMSG_X11_REQUEST_FORWARDING);


diff --git a/channels.h b/channels.h index 0680ed00e..e2941c85a 100644 --- a/channels.h +++ b/channels.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */	1	/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -271,7 +271,7 @@ int x11_connect_display(void);
271	int x11_create_display_inet(int, int, int, u_int , int *);	271	int x11_create_display_inet(int, int, int, u_int , int *);
272	void x11_input_open(int, u_int32_t, void *);	272	void x11_input_open(int, u_int32_t, void *);
273	void x11_request_forwarding_with_spoofing(int, const char , const char ,	273	void x11_request_forwarding_with_spoofing(int, const char , const char ,
274	const char *);	274	const char *, int);
275	void deny_input_open(int, u_int32_t, void *);	275	void deny_input_open(int, u_int32_t, void *);
276		276
277	/* agent forwarding */	277	/* agent forwarding */


diff --git a/clientloop.c b/clientloop.c index 7b7349bd7..c19b01f19 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.c,v 1.235 2011/06/17 21:57:25 djm Exp $ */	1	/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -174,7 +174,6 @@ struct escape_filter_ctx {
174	};	174	};
175		175
176	/* Context for channel confirmation replies */	176	/* Context for channel confirmation replies */
177	enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY };
178	struct channel_reply_ctx {	177	struct channel_reply_ctx {
179	const char *request_type;	178	const char *request_type;
180	int id;	179	int id;
@@ -801,7 +800,7 @@ client_abandon_status_confirm(Channel c, void ctx)
801	xfree(ctx);	800	xfree(ctx);
802	}	801	}
803		802
804	static void	803	void
805	client_expect_confirm(int id, const char *request,	804	client_expect_confirm(int id, const char *request,
806	enum confirm_action action)	805	enum confirm_action action)
807	{	806	{


diff --git a/clientloop.h b/clientloop.h index ad588d14d..a259b5e14 100644 --- a/clientloop.h +++ b/clientloop.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.h,v 1.27 2011/05/08 12:52:01 djm Exp $ */	1	/* $OpenBSD: clientloop.h,v 1.28 2011/06/22 22:08:42 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -56,6 +56,10 @@ int client_simple_escape_filter(Channel , char , int);
56	typedef void global_confirm_cb(int, u_int32_t seq, void *);	56	typedef void global_confirm_cb(int, u_int32_t seq, void *);
57	void client_register_global_confirm(global_confirm_cb , void );	57	void client_register_global_confirm(global_confirm_cb , void );
58		58
		59	/* Channel request confirmation callbacks */
		60	enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY };
		61	void client_expect_confirm(int, const char *, enum confirm_action);
		62
59	/* Multiplexing protocol version */	63	/* Multiplexing protocol version */
60	#define SSHMUX_VER 4	64	#define SSHMUX_VER 4
61		65


diff --git a/mux.c b/mux.c index 101d7524b..add0e26b1 100644 --- a/mux.c +++ b/mux.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mux.c,v 1.28 2011/05/08 12:52:01 djm Exp $ */	1	/* $OpenBSD: mux.c,v 1.29 2011/06/22 22:08:42 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>	3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4	*	4	*
@@ -1214,8 +1214,10 @@ mux_session_confirm(int id, int success, void *arg)
1214	/* Request forwarding with authentication spoofing. */	1214	/* Request forwarding with authentication spoofing. */
1215	debug("Requesting X11 forwarding with authentication "	1215	debug("Requesting X11 forwarding with authentication "
1216	"spoofing.");	1216	"spoofing.");
1217	x11_request_forwarding_with_spoofing(id, display, proto, data);	1217	x11_request_forwarding_with_spoofing(id, display, proto,
1218	/* XXX wait for reply */	1218	data, 1);
		1219	client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
		1220	/* XXX exit_on_forward_failure */
1219	}	1221	}
1220		1222
1221	if (cctx->want_agent_fwd && options.forward_agent) {	1223	if (cctx->want_agent_fwd && options.forward_agent) {


diff --git a/ssh.c b/ssh.c index 900537581..97eb9c0d4 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.c,v 1.362 2011/06/03 00:54:38 djm Exp $ */	1	/* $OpenBSD: ssh.c,v 1.363 2011/06/22 22:08:42 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1239,8 +1239,8 @@ ssh_session(void)
1239	/* Request forwarding with authentication spoofing. */	1239	/* Request forwarding with authentication spoofing. */
1240	debug("Requesting X11 forwarding with authentication "	1240	debug("Requesting X11 forwarding with authentication "
1241	"spoofing.");	1241	"spoofing.");
1242	x11_request_forwarding_with_spoofing(0, display, proto, data);	1242	x11_request_forwarding_with_spoofing(0, display, proto,
1243		1243	data, 0);
1244	/* Read response from the server. */	1244	/* Read response from the server. */
1245	type = packet_read();	1245	type = packet_read();
1246	if (type == SSH_SMSG_SUCCESS) {	1246	if (type == SSH_SMSG_SUCCESS) {
@@ -1338,9 +1338,11 @@ ssh_session2_setup(int id, int success, void *arg)
1338	/* Request forwarding with authentication spoofing. */	1338	/* Request forwarding with authentication spoofing. */
1339	debug("Requesting X11 forwarding with authentication "	1339	debug("Requesting X11 forwarding with authentication "
1340	"spoofing.");	1340	"spoofing.");
1341	x11_request_forwarding_with_spoofing(id, display, proto, data);	1341	x11_request_forwarding_with_spoofing(id, display, proto,
		1342	data, 1);
		1343	client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
		1344	/* XXX exit_on_forward_failure */
1342	interactive = 1;	1345	interactive = 1;
1343	/* XXX wait for reply */
1344	}	1346	}
1345		1347
1346	check_agent_present();	1348	check_agent_present();