5 files changed, 52 insertions, 37 deletions
diff --git a/ChangeLog b/ChangeLog
index ce08540bc..250ab58af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
   - markus@cvs.openbsd.org  2001/01/29 09:55:37
     [channels.c channels.h clientloop.c serverloop.c]
     fix select overflow; ok deraadt@ and stevesk@
+   - markus@cvs.openbsd.org  2001/01/29 12:42:35
+     [canohost.c canohost.h channels.c clientloop.c]
+     add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
 20000129
 - (stevesk) sftp-server.c: use %lld vs. %qd
diff --git a/canohost.c b/canohost.c
index 9fa33c260..f3a659328 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.19 2001/01/29 19:42:33 markus Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -188,46 +188,55 @@ get_canonical_hostname()
 }
 /*
- * Returns the IP-address of the remote host as a string.  The returned
+ * Returns the remote IP-address of socket as a string.  The returned
- * string must not be freed.
+ * string must be freed.
 */
-const char *
+char *
-get_remote_ipaddr()
+get_peer_ipaddr(int socket)
 {
-        static char *canonical_host_ip = NULL;
        struct sockaddr_storage from;
        socklen_t fromlen;
-        int socket;
        char ntop[NI_MAXHOST];
-        /* Check whether we have chached the name. */
-        if (canonical_host_ip != NULL)
-                return canonical_host_ip;
-        /* If not a socket, return UNKNOWN. */
-        if (!packet_connection_is_on_socket()) {
-                canonical_host_ip = xstrdup("UNKNOWN");
-                return canonical_host_ip;
-        }
-        /* Get client socket. */
-        socket = packet_get_connection_in();
        /* Get IP address of client. */
        fromlen = sizeof(from);
        memset(&from, 0, sizeof(from));
        if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
-                debug("getpeername failed: %.100s", strerror(errno));
+                debug("get_peer_ipaddr: getpeername failed: %.100s", strerror(errno));
-                fatal_cleanup();
+                return NULL;
        }
        /* Get the IP address in ascii. */
        if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
-             NULL, 0, NI_NUMERICHOST) != 0)
+             NULL, 0, NI_NUMERICHOST) != 0) {
-                fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
+                error("get_peer_ipaddr: getnameinfo NI_NUMERICHOST failed");
+                return NULL;
+        }
+        return xstrdup(ntop);
+}
-        canonical_host_ip = xstrdup(ntop);
+/*
+ * Returns the IP-address of the remote host as a string.  The returned
+ * string must not be freed.
+ */
-        /* Return ip address string. */
+const char *
+get_remote_ipaddr()
+{
+        static char *canonical_host_ip = NULL;
+        /* Check whether we have cached the ipaddr. */
+        if (canonical_host_ip == NULL) {
+                if (packet_connection_is_on_socket()) {
+                        canonical_host_ip =
+                            get_peer_ipaddr(packet_get_connection_in());
+                        if (canonical_host_ip == NULL)
+                                fatal_cleanup();
+                } else {
+                        /* If not on socket, return UNKNOWN. */
+                        canonical_host_ip = xstrdup("UNKNOWN");
+                }
+        }
        return canonical_host_ip;
 }
diff --git a/canohost.h b/canohost.h
index ba04c59f5..982ec5949 100644
--- a/canohost.h
+++ b/canohost.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: canohost.h,v 1.2 2001/01/29 01:58:15 niklas Exp $     */
+/*      $OpenBSD: canohost.h,v 1.3 2001/01/29 19:42:35 markus Exp $     */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -25,12 +25,13 @@ char   *get_remote_hostname(int socket);
 const char *get_canonical_hostname(void);
 /*
- * Returns the remote IP address as an ascii string.  The value need not be
+ * Returns the IP-address of the remote host as a string.  The returned
- * freed by the caller.
+ * string must not be freed.
 */
 const char *get_remote_ipaddr(void);
-/* Returns the port number of the peer of the socket. */
+/* Returns the ipaddr/port number of the peer of the socket. */
+char *  get_peer_ipaddr(int socket);
 int     get_peer_port(int sock);
 /* Returns the port number of the remote/local host. */
diff --git a/channels.c b/channels.c
index 6aafc3dc3..82a2db05e 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.84 2001/01/29 16:55:36 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.85 2001/01/29 19:42:35 markus Exp $");
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -546,7 +546,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
        struct sockaddr addr;
        int newsock, newch;
        socklen_t addrlen;
-        char buf[16384], *remote_hostname;
+        char buf[16384], *remote_ipaddr;
        int remote_port;
        if (FD_ISSET(c->sock, readset)) {
@@ -557,10 +557,10 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
                        error("accept: %.100s", strerror(errno));
                        return;
                }
-                remote_hostname = get_remote_hostname(newsock);
+                remote_ipaddr = get_peer_ipaddr(newsock);
                remote_port = get_peer_port(newsock);
                snprintf(buf, sizeof buf, "X11 connection from %.200s port %d",
-                    remote_hostname, remote_port);
+                    remote_ipaddr, remote_port);
                newch = channel_new("x11",
                    SSH_CHANNEL_OPENING, newsock, newsock, -1,
@@ -572,8 +572,8 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
                        packet_put_int(newch);
                        packet_put_int(c->local_window_max);
                        packet_put_int(c->local_maxpacket);
-                        /* originator host and port */
+                        /* originator ipaddr and port */
-                        packet_put_cstring(remote_hostname);
+                        packet_put_cstring(remote_ipaddr);
                        if (datafellows & SSH_BUG_X11FWD) {
                                debug("ssh2 x11 bug compat mode");
                        } else {
@@ -587,7 +587,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
                                packet_put_string(buf, strlen(buf));
                        packet_send();
                }
-                xfree(remote_hostname);
+                xfree(remote_ipaddr);
        }
 }
diff --git a/clientloop.c b/clientloop.c
index 49a943a73..721c27905 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.46 2001/01/29 16:55:36 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.47 2001/01/29 19:42:35 markus Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -1069,6 +1069,8 @@ client_request_x11(const char *request_type, int rchan)
        }
        packet_done();
        /* XXX check permission */
+        debug("client_request_x11: request from %s %d", originator,
+            originator_port);
        sock = x11_connect_display();
        if (sock >= 0) {
                newch = channel_new("x11",