version 1.220, 2010/04/10 02:08:44 |
version 1.221, 2010/06/25 23:15:36 |
|
|
static Buffer stdin_buffer; /* Buffer for stdin data. */ |
static Buffer stdin_buffer; /* Buffer for stdin data. */ |
static Buffer stdout_buffer; /* Buffer for stdout data. */ |
static Buffer stdout_buffer; /* Buffer for stdout data. */ |
static Buffer stderr_buffer; /* Buffer for stderr data. */ |
static Buffer stderr_buffer; /* Buffer for stderr data. */ |
static u_int buffer_high;/* Soft max buffer size. */ |
static u_int buffer_high; /* Soft max buffer size. */ |
static int connection_in; /* Connection to server (input). */ |
static int connection_in; /* Connection to server (input). */ |
static int connection_out; /* Connection to server (output). */ |
static int connection_out; /* Connection to server (output). */ |
static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
static int session_closed = 0; /* In SSH2: login session closed. */ |
static int session_closed; /* In SSH2: login session closed. */ |
|
static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ |
|
|
static void client_init_dispatch(void); |
static void client_init_dispatch(void); |
int session_ident = -1; |
int session_ident = -1; |
|
|
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
void |
void |
client_x11_get_proto(const char *display, const char *xauth_path, |
client_x11_get_proto(const char *display, const char *xauth_path, |
u_int trusted, char **_proto, char **_data) |
u_int trusted, u_int timeout, char **_proto, char **_data) |
{ |
{ |
char cmd[1024]; |
char cmd[1024]; |
char line[512]; |
char line[512]; |
|
|
int got_data = 0, generated = 0, do_unlink = 0, i; |
int got_data = 0, generated = 0, do_unlink = 0, i; |
char *xauthdir, *xauthfile; |
char *xauthdir, *xauthfile; |
struct stat st; |
struct stat st; |
|
u_int now; |
|
|
xauthdir = xauthfile = NULL; |
xauthdir = xauthfile = NULL; |
*_proto = proto; |
*_proto = proto; |
|
|
xauthdir); |
xauthdir); |
snprintf(cmd, sizeof(cmd), |
snprintf(cmd, sizeof(cmd), |
"%s -f %s generate %s " SSH_X11_PROTO |
"%s -f %s generate %s " SSH_X11_PROTO |
" untrusted timeout 1200 2>" _PATH_DEVNULL, |
" untrusted timeout %u 2>" _PATH_DEVNULL, |
xauth_path, xauthfile, display); |
xauth_path, xauthfile, display, timeout); |
debug2("x11_get_proto: %s", cmd); |
debug2("x11_get_proto: %s", cmd); |
if (system(cmd) == 0) |
if (system(cmd) == 0) |
generated = 1; |
generated = 1; |
|
if (x11_refuse_time == 0) { |
|
now = time(NULL) + 1; |
|
if (UINT_MAX - timeout < now) |
|
x11_refuse_time = UINT_MAX; |
|
else |
|
x11_refuse_time = now + timeout; |
|
} |
} |
} |
} |
} |
|
|
|
|
error("Warning: ssh server tried X11 forwarding."); |
error("Warning: ssh server tried X11 forwarding."); |
error("Warning: this is probably a break-in attempt by a " |
error("Warning: this is probably a break-in attempt by a " |
"malicious server."); |
"malicious server."); |
|
return NULL; |
|
} |
|
if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { |
|
verbose("Rejected X11 connection after ForwardX11Timeout " |
|
"expired"); |
return NULL; |
return NULL; |
} |
} |
originator = packet_get_string(NULL); |
originator = packet_get_string(NULL); |