Attachment #2843 for bug #2580

Lines 148-155 static int all_opens_permitted = 0; Link Here

(-)a/channels.c (-10 / +16 lines)
148		148
149	/* -- X11 forwarding */	149	/* -- X11 forwarding */
150		150
151	/* Maximum number of fake X11 displays to try. */	151	/* Minimum port number for X11 forwarding */
152	#define MAX_DISPLAYS 1000	152	#define X11_PORT_MIN 6000
153		153
154	/* Saved X11 local (client) display. */	154	/* Saved X11 local (client) display. */
155	static char *x11_saved_display = NULL;	155	static char *x11_saved_display = NULL;
Lines 3890-3896 channel_send_window_changes(void) Link Here
3890	*/	3890	*/
3891	int	3891	int
3892	x11_create_display_inet(int x11_display_offset, int x11_use_localhost,	3892	x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
3893	int single_connection, u_int display_numberp, int *chanids)	3893	int x11_max_displays, int single_connection, u_int *display_numberp,
		3894	int **chanids)
3894	{	3895	{
3895	Channel *nc = NULL;	3896	Channel *nc = NULL;
3896	int display_number, sock;	3897	int display_number, sock;
Lines 3902-3911 x11_create_display_inet(int x11_display_offset, int x11_use_localhost, Link Here
3902	if (chanids == NULL)	3903	if (chanids == NULL)
3903	return -1;	3904	return -1;
3904		3905
		3906	/* Try to bind ports starting at 6000+X11DisplayOffset */
		3907	x11_max_displays = x11_max_displays + x11_display_offset;
		3908
3905	for (display_number = x11_display_offset;	3909	for (display_number = x11_display_offset;
3906	display_number < MAX_DISPLAYS;	3910	display_number < x11_max_displays;
3907	display_number++) {	3911	display_number++) {
3908	port = 6000 + display_number;	3912	port = X11_PORT_MIN + display_number;
		3913	if (port < X11_PORT_MIN) /* overflow */
		3914	break;
3909	memset(&hints, 0, sizeof(hints));	3915	memset(&hints, 0, sizeof(hints));
3910	hints.ai_family = IPv4or6;	3916	hints.ai_family = IPv4or6;
3911	hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;	3917	hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
Lines 3957-3963 x11_create_display_inet(int x11_display_offset, int x11_use_localhost, Link Here
3957	if (num_socks > 0)	3963	if (num_socks > 0)
3958	break;	3964	break;
3959	}	3965	}
3960	if (display_number >= MAX_DISPLAYS) {	3966	if (display_number >= x11_max_displays \|\| port < X11_PORT_MIN ) {
3961	error("Failed to allocate internet-domain X11 display socket.");	3967	error("Failed to allocate internet-domain X11 display socket.");
3962	return -1;	3968	return -1;
3963	}	3969	}
Lines 4090-4096 x11_connect_display(void) Link Here
4090	memset(&hints, 0, sizeof(hints));	4096	memset(&hints, 0, sizeof(hints));
4091	hints.ai_family = IPv4or6;	4097	hints.ai_family = IPv4or6;
4092	hints.ai_socktype = SOCK_STREAM;	4098	hints.ai_socktype = SOCK_STREAM;
4093	snprintf(strport, sizeof strport, "%u", 6000 + display_number);	4099	snprintf(strport, sizeof strport, "%u", X11_PORT_MIN + display_number);
4094	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {	4100	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
4095	error("%.100s: unknown host. (%s)", buf,	4101	error("%.100s: unknown host. (%s)", buf,
4096	ssh_gai_strerror(gaierr));	4102	ssh_gai_strerror(gaierr));
Lines 4106-4112 x11_connect_display(void) Link Here
4106	/* Connect it to the display. */	4112	/* Connect it to the display. */
4107	if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {	4113	if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
4108	debug2("connect %.100s port %u: %.100s", buf,	4114	debug2("connect %.100s port %u: %.100s", buf,
4109	6000 + display_number, strerror(errno));	4115	X11_PORT_MIN + display_number, strerror(errno));
4110	close(sock);	4116	close(sock);
4111	continue;	4117	continue;
4112	}	4118	}
Lines 4115-4122 x11_connect_display(void) Link Here
4115	}	4121	}
4116	freeaddrinfo(aitop);	4122	freeaddrinfo(aitop);
4117	if (!ai) {	4123	if (!ai) {
4118	error("connect %.100s port %u: %.100s", buf, 6000 + display_number,	4124	error("connect %.100s port %u: %.100s", buf,
4119	strerror(errno));	4125	X11_PORT_MIN + display_number, strerror(errno));
4120	return -1;	4126	return -1;
4121	}	4127	}
4122	set_nodelay(sock);	4128	set_nodelay(sock);

Lines 286-292 int permitopen_port(const char *); Link Here

(-)a/channels.h (-1 / +1 lines)
286		286
287	void channel_set_x11_refuse_time(u_int);	287	void channel_set_x11_refuse_time(u_int);
288	int x11_connect_display(void);	288	int x11_connect_display(void);
289	int x11_create_display_inet(int, int, int, u_int , int *);	289	int x11_create_display_inet(int, int, int, int, u_int , int *);
290	int x11_input_open(int, u_int32_t, void *);	290	int x11_input_open(int, u_int32_t, void *);
291	void x11_request_forwarding_with_spoofing(int, const char , const char ,	291	void x11_request_forwarding_with_spoofing(int, const char , const char ,
292	const char *, int);	292	const char *, int);

Lines 96-101 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +11 lines)
96	options->print_lastlog = -1;	96	options->print_lastlog = -1;
97	options->x11_forwarding = -1;	97	options->x11_forwarding = -1;
98	options->x11_display_offset = -1;	98	options->x11_display_offset = -1;
		99	options->x11_max_displays = -1;
99	options->x11_use_localhost = -1;	100	options->x11_use_localhost = -1;
100	options->permit_tty = -1;	101	options->permit_tty = -1;
101	options->permit_user_rc = -1;	102	options->permit_user_rc = -1;
Lines 251-256 fill_default_server_options(ServerOptions *options) Link Here
251	options->x11_forwarding = 0;	252	options->x11_forwarding = 0;
252	if (options->x11_display_offset == -1)	253	if (options->x11_display_offset == -1)
253	options->x11_display_offset = 10;	254	options->x11_display_offset = 10;
		255	if (options->x11_max_displays == -1)
		256	options->x11_max_displays = DEFAULT_MAX_DISPLAYS;
254	if (options->x11_use_localhost == -1)	257	if (options->x11_use_localhost == -1)
255	options->x11_use_localhost = 1;	258	options->x11_use_localhost = 1;
256	if (options->xauth_location == NULL)	259	if (options->xauth_location == NULL)
Lines 415-421 typedef enum { Link Here
415	sPasswordAuthentication, sKbdInteractiveAuthentication,	418	sPasswordAuthentication, sKbdInteractiveAuthentication,
416	sListenAddress, sAddressFamily,	419	sListenAddress, sAddressFamily,
417	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	420	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
418	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	421	sX11Forwarding, sX11DisplayOffset, sX11MaxDisplays, sX11UseLocalhost,
419	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,	422	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
420	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,	423	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
421	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	424	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Lines 523-528 static struct { Link Here
523	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },	526	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
524	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },	527	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
525	{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },	528	{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
		529	{ "x11maxdisplays", sX11MaxDisplays, SSHCFG_ALL },
526	{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },	530	{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
527	{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },	531	{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
528	{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },	532	{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
Lines 1287-1292 process_server_config_line(ServerOptions options, char line, Link Here
1287	intptr = &options->x11_display_offset;	1291	intptr = &options->x11_display_offset;
1288	goto parse_int;	1292	goto parse_int;
1289		1293
		1294	case sX11MaxDisplays:
		1295	intptr = &options->x11_max_displays;
		1296	goto parse_int;
		1297
1290	case sX11UseLocalhost:	1298	case sX11UseLocalhost:
1291	intptr = &options->x11_use_localhost;	1299	intptr = &options->x11_use_localhost;
1292	goto parse_flag;	1300	goto parse_flag;
Lines 2021-2026 copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth) Link Here
2021	M_CP_INTOPT(fwd_opts.gateway_ports);	2029	M_CP_INTOPT(fwd_opts.gateway_ports);
2022	M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);	2030	M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2023	M_CP_INTOPT(x11_display_offset);	2031	M_CP_INTOPT(x11_display_offset);
		2032	M_CP_INTOPT(x11_max_displays);
2024	M_CP_INTOPT(x11_forwarding);	2033	M_CP_INTOPT(x11_forwarding);
2025	M_CP_INTOPT(x11_use_localhost);	2034	M_CP_INTOPT(x11_use_localhost);
2026	M_CP_INTOPT(permit_tty);	2035	M_CP_INTOPT(permit_tty);
Lines 2279-2284 dump_config(ServerOptions *o) Link Here
2279	dump_cfg_int(sLoginGraceTime, o->login_grace_time);	2288	dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2280	dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);	2289	dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
2281	dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);	2290	dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
		2291	dump_cfg_int(sX11MaxDisplays, o->x11_max_displays);
2282	dump_cfg_int(sMaxAuthTries, o->max_authtries);	2292	dump_cfg_int(sMaxAuthTries, o->max_authtries);
2283	dump_cfg_int(sMaxSessions, o->max_sessions);	2293	dump_cfg_int(sMaxSessions, o->max_sessions);
2284	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);	2294	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);

Lines 50-55 Link Here

(-)a/servconf.h (+2 lines)
50		50
51	#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */	51	#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
52	#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */	52	#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
		53	#define DEFAULT_MAX_DISPLAYS 1000 /* Maximum number of fake X11 displays to try. */
53		54
54	/* Magic name for internal sftp-server */	55	/* Magic name for internal sftp-server */
55	#define INTERNAL_SFTP_NAME "internal-sftp"	56	#define INTERNAL_SFTP_NAME "internal-sftp"
Lines 82-87 typedef struct { Link Here
82	int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */	83	int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */
83	int x11_display_offset; /* What DISPLAY number to start	84	int x11_display_offset; /* What DISPLAY number to start
84	* searching at */	85	* searching at */
		86	int x11_max_displays; /* Number of displays to search */
85	int x11_use_localhost; /* If true, use localhost for fake X11 server. */	87	int x11_use_localhost; /* If true, use localhost for fake X11 server. */
86	char xauth_location; / Location of xauth program */	88	char xauth_location; / Location of xauth program */
87	int permit_tty; /* If false, deny pty allocation */	89	int permit_tty; /* If false, deny pty allocation */

Lines 2702-2709 session_setup_x11fwd(Session *s) Link Here

(-)a/session.c (-2 / +3 lines)
2702	return 0;	2702	return 0;
2703	}	2703	}
2704	if (x11_create_display_inet(options.x11_display_offset,	2704	if (x11_create_display_inet(options.x11_display_offset,
2705	options.x11_use_localhost, s->single_connection,	2705	options.x11_use_localhost, options.x11_max_displays,
2706	&s->display_number, &s->x11_chanids) == -1) {	2706	s->single_connection, &s->display_number,
		2707	&s->x11_chanids) == -1) {
2707	debug("x11_create_display_inet failed.");	2708	debug("x11_create_display_inet failed.");
2708	return 0;	2709	return 0;
2709	}	2710	}

Lines 1133-1138 Available keywords are Link Here

(-)a/sshd_config.5 (+7 lines)
1133	.Cm StreamLocalBindUnlink ,	1133	.Cm StreamLocalBindUnlink ,
1134	.Cm TrustedUserCAKeys ,	1134	.Cm TrustedUserCAKeys ,
1135	.Cm X11DisplayOffset ,	1135	.Cm X11DisplayOffset ,
		1136	.Cm X11MaxDisplays ,
1136	.Cm X11Forwarding	1137	.Cm X11Forwarding
1137	and	1138	and
1138	.Cm X11UseLocalHost .	1139	.Cm X11UseLocalHost .
Lines 1626-1631 Specifies the first display number available for Link Here
1626	X11 forwarding.	1627	X11 forwarding.
1627	This prevents sshd from interfering with real X11 servers.	1628	This prevents sshd from interfering with real X11 servers.
1628	The default is 10.	1629	The default is 10.
		1630	.It Cm X11MaxDisplays
		1631	Specifies the maximum number of displays available for
		1632	.Xr sshd 8 Ns 's
		1633	X11 forwarding.
		1634	This prevents sshd from exhausting local ports.
		1635	The default is 1000.
1629	.It Cm X11Forwarding	1636	.It Cm X11Forwarding
1630	Specifies whether X11 forwarding is permitted.	1637	Specifies whether X11 forwarding is permitted.
1631	The argument must be	1638	The argument must be

Return to bug 2580