diff --git a/ChangeLog b/ChangeLog index 6a18e7193..577f5ecd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,10 @@ so please start testing it now. feedback dtucker@; ok markus@ + - djm@cvs.openbsd.org 2011/06/22 22:08:42 + [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] + hook up a channel confirm callback to warn the user then requested X11 + forwarding was refused by the server; ok markus@ 20110620 - OpenBSD CVS Sync diff --git a/channels.c b/channels.c index 6abe2d012..24d4a9f42 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -3562,7 +3562,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) */ void x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, - const char *proto, const char *data) + const char *proto, const char *data, int want_reply) { u_int data_len = (u_int) strlen(data) / 2; u_int i, value; @@ -3615,7 +3615,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, /* Send the request packet. */ if (compat20) { - channel_request_start(client_session_id, "x11-req", 0); + channel_request_start(client_session_id, "x11-req", want_reply); packet_put_char(0); /* XXX bool single connection */ } else { packet_start(SSH_CMSG_X11_REQUEST_FORWARDING); diff --git a/channels.h b/channels.h index 0680ed00e..e2941c85a 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */ /* * Author: Tatu Ylonen @@ -271,7 +271,7 @@ int x11_connect_display(void); int x11_create_display_inet(int, int, int, u_int *, int **); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, - const char *); + const char *, int); void deny_input_open(int, u_int32_t, void *); /* agent forwarding */ diff --git a/clientloop.c b/clientloop.c index 7b7349bd7..c19b01f19 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.235 2011/06/17 21:57:25 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -174,7 +174,6 @@ struct escape_filter_ctx { }; /* Context for channel confirmation replies */ -enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY }; struct channel_reply_ctx { const char *request_type; int id; @@ -801,7 +800,7 @@ client_abandon_status_confirm(Channel *c, void *ctx) xfree(ctx); } -static void +void client_expect_confirm(int id, const char *request, enum confirm_action action) { diff --git a/clientloop.h b/clientloop.h index ad588d14d..a259b5e14 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.27 2011/05/08 12:52:01 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.28 2011/06/22 22:08:42 djm Exp $ */ /* * Author: Tatu Ylonen @@ -56,6 +56,10 @@ int client_simple_escape_filter(Channel *, char *, int); typedef void global_confirm_cb(int, u_int32_t seq, void *); void client_register_global_confirm(global_confirm_cb *, void *); +/* Channel request confirmation callbacks */ +enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY }; +void client_expect_confirm(int, const char *, enum confirm_action); + /* Multiplexing protocol version */ #define SSHMUX_VER 4 diff --git a/mux.c b/mux.c index 101d7524b..add0e26b1 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.28 2011/05/08 12:52:01 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.29 2011/06/22 22:08:42 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -1214,8 +1214,10 @@ mux_session_confirm(int id, int success, void *arg) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, data); - /* XXX wait for reply */ + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); + /* XXX exit_on_forward_failure */ } if (cctx->want_agent_fwd && options.forward_agent) { diff --git a/ssh.c b/ssh.c index 900537581..97eb9c0d4 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.362 2011/06/03 00:54:38 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.363 2011/06/22 22:08:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1239,8 +1239,8 @@ ssh_session(void) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); - x11_request_forwarding_with_spoofing(0, display, proto, data); - + x11_request_forwarding_with_spoofing(0, display, proto, + data, 0); /* Read response from the server. */ type = packet_read(); if (type == SSH_SMSG_SUCCESS) { @@ -1338,9 +1338,11 @@ ssh_session2_setup(int id, int success, void *arg) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, data); + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); + /* XXX exit_on_forward_failure */ interactive = 1; - /* XXX wait for reply */ } check_agent_present();