diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | channels.c | 6 | ||||
| -rw-r--r-- | channels.h | 4 | ||||
| -rw-r--r-- | clientloop.c | 5 | ||||
| -rw-r--r-- | clientloop.h | 6 | ||||
| -rw-r--r-- | mux.c | 8 | ||||
| -rw-r--r-- | ssh.c | 12 |
7 files changed, 28 insertions, 17 deletions
| @@ -23,6 +23,10 @@ | |||
| 23 | so please start testing it now. | 23 | so please start testing it now. |
| 24 | 24 | ||
| 25 | feedback dtucker@; ok markus@ | 25 | feedback dtucker@; ok markus@ |
| 26 | - djm@cvs.openbsd.org 2011/06/22 22:08:42 | ||
| 27 | [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] | ||
| 28 | hook up a channel confirm callback to warn the user then requested X11 | ||
| 29 | forwarding was refused by the server; ok markus@ | ||
| 26 | 30 | ||
| 27 | 20110620 | 31 | 20110620 |
| 28 | - OpenBSD CVS Sync | 32 | - OpenBSD CVS Sync |
diff --git a/channels.c b/channels.c index 6abe2d012..24d4a9f42 100644 --- a/channels.c +++ b/channels.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -3562,7 +3562,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) | |||
| 3562 | */ | 3562 | */ |
| 3563 | void | 3563 | void |
| 3564 | x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, | 3564 | x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, |
| 3565 | const char *proto, const char *data) | 3565 | const char *proto, const char *data, int want_reply) |
| 3566 | { | 3566 | { |
| 3567 | u_int data_len = (u_int) strlen(data) / 2; | 3567 | u_int data_len = (u_int) strlen(data) / 2; |
| 3568 | u_int i, value; | 3568 | u_int i, value; |
| @@ -3615,7 +3615,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, | |||
| 3615 | 3615 | ||
| 3616 | /* Send the request packet. */ | 3616 | /* Send the request packet. */ |
| 3617 | if (compat20) { | 3617 | if (compat20) { |
| 3618 | channel_request_start(client_session_id, "x11-req", 0); | 3618 | channel_request_start(client_session_id, "x11-req", want_reply); |
| 3619 | packet_put_char(0); /* XXX bool single connection */ | 3619 | packet_put_char(0); /* XXX bool single connection */ |
| 3620 | } else { | 3620 | } else { |
| 3621 | packet_start(SSH_CMSG_X11_REQUEST_FORWARDING); | 3621 | packet_start(SSH_CMSG_X11_REQUEST_FORWARDING); |
diff --git a/channels.h b/channels.h index 0680ed00e..e2941c85a 100644 --- a/channels.h +++ b/channels.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -271,7 +271,7 @@ int x11_connect_display(void); | |||
| 271 | int x11_create_display_inet(int, int, int, u_int *, int **); | 271 | int x11_create_display_inet(int, int, int, u_int *, int **); |
| 272 | void x11_input_open(int, u_int32_t, void *); | 272 | void x11_input_open(int, u_int32_t, void *); |
| 273 | void x11_request_forwarding_with_spoofing(int, const char *, const char *, | 273 | void x11_request_forwarding_with_spoofing(int, const char *, const char *, |
| 274 | const char *); | 274 | const char *, int); |
| 275 | void deny_input_open(int, u_int32_t, void *); | 275 | void deny_input_open(int, u_int32_t, void *); |
| 276 | 276 | ||
| 277 | /* agent forwarding */ | 277 | /* agent forwarding */ |
diff --git a/clientloop.c b/clientloop.c index 7b7349bd7..c19b01f19 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.235 2011/06/17 21:57:25 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -174,7 +174,6 @@ struct escape_filter_ctx { | |||
| 174 | }; | 174 | }; |
| 175 | 175 | ||
| 176 | /* Context for channel confirmation replies */ | 176 | /* Context for channel confirmation replies */ |
| 177 | enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY }; | ||
| 178 | struct channel_reply_ctx { | 177 | struct channel_reply_ctx { |
| 179 | const char *request_type; | 178 | const char *request_type; |
| 180 | int id; | 179 | int id; |
| @@ -801,7 +800,7 @@ client_abandon_status_confirm(Channel *c, void *ctx) | |||
| 801 | xfree(ctx); | 800 | xfree(ctx); |
| 802 | } | 801 | } |
| 803 | 802 | ||
| 804 | static void | 803 | void |
| 805 | client_expect_confirm(int id, const char *request, | 804 | client_expect_confirm(int id, const char *request, |
| 806 | enum confirm_action action) | 805 | enum confirm_action action) |
| 807 | { | 806 | { |
diff --git a/clientloop.h b/clientloop.h index ad588d14d..a259b5e14 100644 --- a/clientloop.h +++ b/clientloop.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.h,v 1.27 2011/05/08 12:52:01 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.h,v 1.28 2011/06/22 22:08:42 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -56,6 +56,10 @@ int client_simple_escape_filter(Channel *, char *, int); | |||
| 56 | typedef void global_confirm_cb(int, u_int32_t seq, void *); | 56 | typedef void global_confirm_cb(int, u_int32_t seq, void *); |
| 57 | void client_register_global_confirm(global_confirm_cb *, void *); | 57 | void client_register_global_confirm(global_confirm_cb *, void *); |
| 58 | 58 | ||
| 59 | /* Channel request confirmation callbacks */ | ||
| 60 | enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY }; | ||
| 61 | void client_expect_confirm(int, const char *, enum confirm_action); | ||
| 62 | |||
| 59 | /* Multiplexing protocol version */ | 63 | /* Multiplexing protocol version */ |
| 60 | #define SSHMUX_VER 4 | 64 | #define SSHMUX_VER 4 |
| 61 | 65 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mux.c,v 1.28 2011/05/08 12:52:01 djm Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.29 2011/06/22 22:08:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
| 4 | * | 4 | * |
| @@ -1214,8 +1214,10 @@ mux_session_confirm(int id, int success, void *arg) | |||
| 1214 | /* Request forwarding with authentication spoofing. */ | 1214 | /* Request forwarding with authentication spoofing. */ |
| 1215 | debug("Requesting X11 forwarding with authentication " | 1215 | debug("Requesting X11 forwarding with authentication " |
| 1216 | "spoofing."); | 1216 | "spoofing."); |
| 1217 | x11_request_forwarding_with_spoofing(id, display, proto, data); | 1217 | x11_request_forwarding_with_spoofing(id, display, proto, |
| 1218 | /* XXX wait for reply */ | 1218 | data, 1); |
| 1219 | client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); | ||
| 1220 | /* XXX exit_on_forward_failure */ | ||
| 1219 | } | 1221 | } |
| 1220 | 1222 | ||
| 1221 | if (cctx->want_agent_fwd && options.forward_agent) { | 1223 | if (cctx->want_agent_fwd && options.forward_agent) { |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.362 2011/06/03 00:54:38 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.363 2011/06/22 22:08:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1239,8 +1239,8 @@ ssh_session(void) | |||
| 1239 | /* Request forwarding with authentication spoofing. */ | 1239 | /* Request forwarding with authentication spoofing. */ |
| 1240 | debug("Requesting X11 forwarding with authentication " | 1240 | debug("Requesting X11 forwarding with authentication " |
| 1241 | "spoofing."); | 1241 | "spoofing."); |
| 1242 | x11_request_forwarding_with_spoofing(0, display, proto, data); | 1242 | x11_request_forwarding_with_spoofing(0, display, proto, |
| 1243 | 1243 | data, 0); | |
| 1244 | /* Read response from the server. */ | 1244 | /* Read response from the server. */ |
| 1245 | type = packet_read(); | 1245 | type = packet_read(); |
| 1246 | if (type == SSH_SMSG_SUCCESS) { | 1246 | if (type == SSH_SMSG_SUCCESS) { |
| @@ -1338,9 +1338,11 @@ ssh_session2_setup(int id, int success, void *arg) | |||
| 1338 | /* Request forwarding with authentication spoofing. */ | 1338 | /* Request forwarding with authentication spoofing. */ |
| 1339 | debug("Requesting X11 forwarding with authentication " | 1339 | debug("Requesting X11 forwarding with authentication " |
| 1340 | "spoofing."); | 1340 | "spoofing."); |
| 1341 | x11_request_forwarding_with_spoofing(id, display, proto, data); | 1341 | x11_request_forwarding_with_spoofing(id, display, proto, |
| 1342 | data, 1); | ||
| 1343 | client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); | ||
| 1344 | /* XXX exit_on_forward_failure */ | ||
| 1342 | interactive = 1; | 1345 | interactive = 1; |
| 1343 | /* XXX wait for reply */ | ||
| 1344 | } | 1346 | } |
| 1345 | 1347 | ||
| 1346 | check_agent_present(); | 1348 | check_agent_present(); |