diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | channels.c | 6 | ||||
| -rw-r--r-- | servconf.c | 12 | ||||
| -rw-r--r-- | servconf.h | 3 | ||||
| -rw-r--r-- | session.c | 6 | ||||
| -rw-r--r-- | sshd.8 | 27 | ||||
| -rw-r--r-- | sshd_config | 3 |
7 files changed, 50 insertions, 12 deletions
| @@ -22,6 +22,9 @@ | |||
| 22 | revert code to add x11 localhost display authorization entry for | 22 | revert code to add x11 localhost display authorization entry for |
| 23 | hostname/unix:d and uts.nodename/unix:d if nodename was different than | 23 | hostname/unix:d and uts.nodename/unix:d if nodename was different than |
| 24 | hostname. just add entry for unix:d instead. ok markus@ | 24 | hostname. just add entry for unix:d instead. ok markus@ |
| 25 | - stevesk@cvs.openbsd.org 2002/01/27 14:57:46 | ||
| 26 | [channels.c servconf.c servconf.h session.c sshd.8 sshd_config] | ||
| 27 | add X11UseLocalhost; ok markus@ | ||
| 25 | 28 | ||
| 26 | 20020130 | 29 | 20020130 |
| 27 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ | 30 | - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ |
| @@ -7424,4 +7427,4 @@ | |||
| 7424 | - Wrote replacements for strlcpy and mkdtemp | 7427 | - Wrote replacements for strlcpy and mkdtemp |
| 7425 | - Released 1.0pre1 | 7428 | - Released 1.0pre1 |
| 7426 | 7429 | ||
| 7427 | $Id: ChangeLog,v 1.1804 2002/02/05 01:11:02 djm Exp $ | 7430 | $Id: ChangeLog,v 1.1805 2002/02/05 01:11:34 djm Exp $ |
diff --git a/channels.c b/channels.c index 2436e0873..f015a049e 100644 --- a/channels.c +++ b/channels.c | |||
| @@ -39,7 +39,7 @@ | |||
| 39 | */ | 39 | */ |
| 40 | 40 | ||
| 41 | #include "includes.h" | 41 | #include "includes.h" |
| 42 | RCSID("$OpenBSD: channels.c,v 1.162 2002/01/24 21:09:25 stevesk Exp $"); | 42 | RCSID("$OpenBSD: channels.c,v 1.163 2002/01/27 14:57:46 stevesk Exp $"); |
| 43 | 43 | ||
| 44 | #include "ssh.h" | 44 | #include "ssh.h" |
| 45 | #include "ssh1.h" | 45 | #include "ssh1.h" |
| @@ -2379,7 +2379,7 @@ channel_connect_to(const char *host, u_short port) | |||
| 2379 | * an error occurs. | 2379 | * an error occurs. |
| 2380 | */ | 2380 | */ |
| 2381 | int | 2381 | int |
| 2382 | x11_create_display_inet(int x11_display_offset, int gateway_ports, | 2382 | x11_create_display_inet(int x11_display_offset, int x11_use_localhost, |
| 2383 | int single_connection) | 2383 | int single_connection) |
| 2384 | { | 2384 | { |
| 2385 | Channel *nc = NULL; | 2385 | Channel *nc = NULL; |
| @@ -2395,7 +2395,7 @@ x11_create_display_inet(int x11_display_offset, int gateway_ports, | |||
| 2395 | port = 6000 + display_number; | 2395 | port = 6000 + display_number; |
| 2396 | memset(&hints, 0, sizeof(hints)); | 2396 | memset(&hints, 0, sizeof(hints)); |
| 2397 | hints.ai_family = IPv4or6; | 2397 | hints.ai_family = IPv4or6; |
| 2398 | hints.ai_flags = gateway_ports ? AI_PASSIVE : 0; | 2398 | hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE; |
| 2399 | hints.ai_socktype = SOCK_STREAM; | 2399 | hints.ai_socktype = SOCK_STREAM; |
| 2400 | snprintf(strport, sizeof strport, "%d", port); | 2400 | snprintf(strport, sizeof strport, "%d", port); |
| 2401 | if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) { | 2401 | if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) { |
diff --git a/servconf.c b/servconf.c index 0cb744a1d..e33d65a5e 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.98 2002/01/22 02:52:41 stevesk Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.99 2002/01/27 14:57:46 stevesk Exp $"); |
| 14 | 14 | ||
| 15 | #if defined(KRB4) || defined(KRB5) | 15 | #if defined(KRB4) || defined(KRB5) |
| 16 | #include <krb.h> | 16 | #include <krb.h> |
| @@ -63,6 +63,7 @@ initialize_server_options(ServerOptions *options) | |||
| 63 | options->print_lastlog = -1; | 63 | options->print_lastlog = -1; |
| 64 | options->x11_forwarding = -1; | 64 | options->x11_forwarding = -1; |
| 65 | options->x11_display_offset = -1; | 65 | options->x11_display_offset = -1; |
| 66 | options->x11_use_localhost = -1; | ||
| 66 | options->xauth_location = NULL; | 67 | options->xauth_location = NULL; |
| 67 | options->strict_modes = -1; | 68 | options->strict_modes = -1; |
| 68 | options->keepalives = -1; | 69 | options->keepalives = -1; |
| @@ -159,6 +160,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 159 | options->x11_forwarding = 0; | 160 | options->x11_forwarding = 0; |
| 160 | if (options->x11_display_offset == -1) | 161 | if (options->x11_display_offset == -1) |
| 161 | options->x11_display_offset = 10; | 162 | options->x11_display_offset = 10; |
| 163 | if (options->x11_use_localhost == -1) | ||
| 164 | options->x11_use_localhost = 1; | ||
| 162 | if (options->xauth_location == NULL) | 165 | if (options->xauth_location == NULL) |
| 163 | options->xauth_location = _PATH_XAUTH; | 166 | options->xauth_location = _PATH_XAUTH; |
| 164 | if (options->strict_modes == -1) | 167 | if (options->strict_modes == -1) |
| @@ -255,7 +258,7 @@ typedef enum { | |||
| 255 | sChallengeResponseAuthentication, | 258 | sChallengeResponseAuthentication, |
| 256 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, | 259 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
| 257 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 260 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 258 | sX11Forwarding, sX11DisplayOffset, | 261 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| 259 | sStrictModes, sEmptyPasswd, sKeepAlives, | 262 | sStrictModes, sEmptyPasswd, sKeepAlives, |
| 260 | sUseLogin, sAllowTcpForwarding, | 263 | sUseLogin, sAllowTcpForwarding, |
| 261 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 264 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| @@ -315,6 +318,7 @@ static struct { | |||
| 315 | { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, | 318 | { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, |
| 316 | { "x11forwarding", sX11Forwarding }, | 319 | { "x11forwarding", sX11Forwarding }, |
| 317 | { "x11displayoffset", sX11DisplayOffset }, | 320 | { "x11displayoffset", sX11DisplayOffset }, |
| 321 | { "x11uselocalhost", sX11UseLocalhost }, | ||
| 318 | { "xauthlocation", sXAuthLocation }, | 322 | { "xauthlocation", sXAuthLocation }, |
| 319 | { "strictmodes", sStrictModes }, | 323 | { "strictmodes", sStrictModes }, |
| 320 | { "permitemptypasswords", sEmptyPasswd }, | 324 | { "permitemptypasswords", sEmptyPasswd }, |
| @@ -655,6 +659,10 @@ parse_flag: | |||
| 655 | intptr = &options->x11_display_offset; | 659 | intptr = &options->x11_display_offset; |
| 656 | goto parse_int; | 660 | goto parse_int; |
| 657 | 661 | ||
| 662 | case sX11UseLocalhost: | ||
| 663 | intptr = &options->x11_use_localhost; | ||
| 664 | goto parse_flag; | ||
| 665 | |||
| 658 | case sXAuthLocation: | 666 | case sXAuthLocation: |
| 659 | charptr = &options->xauth_location; | 667 | charptr = &options->xauth_location; |
| 660 | goto parse_filename; | 668 | goto parse_filename; |
diff --git a/servconf.h b/servconf.h index 943c7ef56..463a16dad 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -11,7 +11,7 @@ | |||
| 11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | /* RCSID("$OpenBSD: servconf.h,v 1.51 2001/12/19 07:18:56 deraadt Exp $"); */ | 14 | /* RCSID("$OpenBSD: servconf.h,v 1.52 2002/01/27 14:57:46 stevesk Exp $"); */ |
| 15 | 15 | ||
| 16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
| 17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
| @@ -55,6 +55,7 @@ typedef struct { | |||
| 55 | int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ | 55 | int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ |
| 56 | int x11_display_offset; /* What DISPLAY number to start | 56 | int x11_display_offset; /* What DISPLAY number to start |
| 57 | * searching at */ | 57 | * searching at */ |
| 58 | int x11_use_localhost; /* If true, use localhost for fake X11 server. */ | ||
| 58 | char *xauth_location; /* Location of xauth program */ | 59 | char *xauth_location; /* Location of xauth program */ |
| 59 | int strict_modes; /* If true, require string home dir modes. */ | 60 | int strict_modes; /* If true, require string home dir modes. */ |
| 60 | int keepalives; /* If true, set SO_KEEPALIVE. */ | 61 | int keepalives; /* If true, set SO_KEEPALIVE. */ |
| @@ -33,7 +33,7 @@ | |||
| 33 | */ | 33 | */ |
| 34 | 34 | ||
| 35 | #include "includes.h" | 35 | #include "includes.h" |
| 36 | RCSID("$OpenBSD: session.c,v 1.118 2002/01/26 16:44:22 stevesk Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.119 2002/01/27 14:57:46 stevesk Exp $"); |
| 37 | 37 | ||
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
| @@ -2021,7 +2021,7 @@ session_setup_x11fwd(Session *s) | |||
| 2021 | return 0; | 2021 | return 0; |
| 2022 | } | 2022 | } |
| 2023 | s->display_number = x11_create_display_inet(options.x11_display_offset, | 2023 | s->display_number = x11_create_display_inet(options.x11_display_offset, |
| 2024 | options.gateway_ports, s->single_connection); | 2024 | options.x11_use_localhost, s->single_connection); |
| 2025 | if (s->display_number == -1) { | 2025 | if (s->display_number == -1) { |
| 2026 | debug("x11_create_display_inet failed."); | 2026 | debug("x11_create_display_inet failed."); |
| 2027 | return 0; | 2027 | return 0; |
| @@ -2035,7 +2035,7 @@ session_setup_x11fwd(Session *s) | |||
| 2035 | * authorization entry is added with xauth(1). This will be | 2035 | * authorization entry is added with xauth(1). This will be |
| 2036 | * different than the DISPLAY string for localhost displays. | 2036 | * different than the DISPLAY string for localhost displays. |
| 2037 | */ | 2037 | */ |
| 2038 | if (!options.gateway_ports) { | 2038 | if (options.x11_use_localhost) { |
| 2039 | snprintf(display, sizeof display, "localhost:%d.%d", | 2039 | snprintf(display, sizeof display, "localhost:%d.%d", |
| 2040 | s->display_number, s->screen); | 2040 | s->display_number, s->screen); |
| 2041 | snprintf(auth_display, sizeof auth_display, "unix:%d.%d", | 2041 | snprintf(auth_display, sizeof auth_display, "unix:%d.%d", |
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd.8,v 1.163 2002/01/18 20:46:34 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.164 2002/01/27 14:57:46 stevesk Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
| 40 | .Os | 40 | .Os |
| @@ -858,6 +858,31 @@ way, as users can always install their own forwarders. | |||
| 858 | X11 forwarding is automatically disabled if | 858 | X11 forwarding is automatically disabled if |
| 859 | .Cm UseLogin | 859 | .Cm UseLogin |
| 860 | is enabled. | 860 | is enabled. |
| 861 | .It Cm X11UseLocalhost | ||
| 862 | Specifies whether | ||
| 863 | .Nm | ||
| 864 | should bind the X11 forwarding server to the loopback address or to | ||
| 865 | the wildcard address. By default, | ||
| 866 | .Nm | ||
| 867 | binds the forwarding server to the loopback address and sets the | ||
| 868 | hostname part of the | ||
| 869 | .Ev DISPLAY | ||
| 870 | environment variable to | ||
| 871 | .Dq localhost . | ||
| 872 | This prevents remote hosts from connecting to the fake display. | ||
| 873 | However, some older X11 clients may not function with this | ||
| 874 | configuration. | ||
| 875 | .Cm X11UseLocalhost | ||
| 876 | may be set to | ||
| 877 | .Dq no | ||
| 878 | to specify that the forwarding server should be bound to the wildcard | ||
| 879 | address. | ||
| 880 | The argument must be | ||
| 881 | .Dq yes | ||
| 882 | or | ||
| 883 | .Dq no . | ||
| 884 | The default is | ||
| 885 | .Dq yes . | ||
| 861 | .It Cm XAuthLocation | 886 | .It Cm XAuthLocation |
| 862 | Specifies the location of the | 887 | Specifies the location of the |
| 863 | .Xr xauth 1 | 888 | .Xr xauth 1 |
diff --git a/sshd_config b/sshd_config index 3502ab6ac..d1e8c6b4d 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.44 2002/01/16 17:40:23 stevesk Exp $ | 1 | # $OpenBSD: sshd_config,v 1.45 2002/01/27 14:57:46 stevesk Exp $ |
| 2 | 2 | ||
| 3 | # This is the sshd server system-wide configuration file. See sshd(8) | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
| 4 | # for more information. | 4 | # for more information. |
| @@ -77,6 +77,7 @@ | |||
| 77 | 77 | ||
| 78 | #X11Forwarding no | 78 | #X11Forwarding no |
| 79 | #X11DisplayOffset 10 | 79 | #X11DisplayOffset 10 |
| 80 | #X11UseLocalhost yes | ||
| 80 | #PrintMotd yes | 81 | #PrintMotd yes |
| 81 | #PrintLastLog yes | 82 | #PrintLastLog yes |
| 82 | #KeepAlive yes | 83 | #KeepAlive yes |