| version 1.273, 2015/05/04 06:10:48 |
version 1.274, 2015/07/01 02:26:31 |
|
|
| static int connection_out; /* Connection to server (output). */ |
static int connection_out; /* Connection to server (output). */ |
| static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
static int need_rekeying; /* Set to non-zero if rekeying is requested. */ |
| static int session_closed; /* In SSH2: login session closed. */ |
static int session_closed; /* In SSH2: login session closed. */ |
| static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ |
static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ |
| |
|
| static void client_init_dispatch(void); |
static void client_init_dispatch(void); |
| int session_ident = -1; |
int session_ident = -1; |
|
|
| return 1; |
return 1; |
| } |
} |
| |
|
| #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
| |
#define X11_TIMEOUT_SLACK 60 |
| void |
void |
| client_x11_get_proto(const char *display, const char *xauth_path, |
client_x11_get_proto(const char *display, const char *xauth_path, |
| u_int trusted, u_int timeout, char **_proto, char **_data) |
u_int trusted, u_int timeout, char **_proto, char **_data) |
|
|
| int got_data = 0, generated = 0, do_unlink = 0, i; |
int got_data = 0, generated = 0, do_unlink = 0, i; |
| char *xauthdir, *xauthfile; |
char *xauthdir, *xauthfile; |
| struct stat st; |
struct stat st; |
| u_int now; |
u_int now, x11_timeout_real; |
| |
|
| xauthdir = xauthfile = NULL; |
xauthdir = xauthfile = NULL; |
| *_proto = proto; |
*_proto = proto; |
|
|
| xauthdir = xmalloc(PATH_MAX); |
xauthdir = xmalloc(PATH_MAX); |
| xauthfile = xmalloc(PATH_MAX); |
xauthfile = xmalloc(PATH_MAX); |
| mktemp_proto(xauthdir, PATH_MAX); |
mktemp_proto(xauthdir, PATH_MAX); |
| |
/* |
| |
* The authentication cookie should briefly outlive |
| |
* ssh's willingness to forward X11 connections to |
| |
* avoid nasty fail-open behaviour in the X server. |
| |
*/ |
| |
if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) |
| |
x11_timeout_real = UINT_MAX; |
| |
else |
| |
x11_timeout_real = timeout + X11_TIMEOUT_SLACK; |
| if (mkdtemp(xauthdir) != NULL) { |
if (mkdtemp(xauthdir) != NULL) { |
| do_unlink = 1; |
do_unlink = 1; |
| snprintf(xauthfile, PATH_MAX, "%s/xauthfile", |
snprintf(xauthfile, PATH_MAX, "%s/xauthfile", |
|
|
| snprintf(cmd, sizeof(cmd), |
snprintf(cmd, sizeof(cmd), |
| "%s -f %s generate %s " SSH_X11_PROTO |
"%s -f %s generate %s " SSH_X11_PROTO |
| " untrusted timeout %u 2>" _PATH_DEVNULL, |
" untrusted timeout %u 2>" _PATH_DEVNULL, |
| xauth_path, xauthfile, display, timeout); |
xauth_path, xauthfile, display, |
| |
x11_timeout_real); |
| debug2("x11_get_proto: %s", cmd); |
debug2("x11_get_proto: %s", cmd); |
| if (system(cmd) == 0) |
|
| generated = 1; |
|
| if (x11_refuse_time == 0) { |
if (x11_refuse_time == 0) { |
| now = monotime() + 1; |
now = monotime() + 1; |
| if (UINT_MAX - timeout < now) |
if (UINT_MAX - timeout < now) |
| x11_refuse_time = UINT_MAX; |
x11_refuse_time = UINT_MAX; |
| else |
else |
| x11_refuse_time = now + timeout; |
x11_refuse_time = now + timeout; |
| |
channel_set_x11_refuse_time( |
| |
x11_refuse_time); |
| } |
} |
| |
if (system(cmd) == 0) |
| |
generated = 1; |
| } |
} |
| } |
} |
| |
|
|
|
| "malicious server."); |
"malicious server."); |
| return NULL; |
return NULL; |
| } |
} |
| if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { |
if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { |
| verbose("Rejected X11 connection after ForwardX11Timeout " |
verbose("Rejected X11 connection after ForwardX11Timeout " |
| "expired"); |
"expired"); |
| return NULL; |
return NULL; |
![[BACK]](/icons/back.gif){kind=icon}
Return to clientloop.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh