Attachment #1877 for bug #1785

Lines 254-260 Link Here

(-)clientloop.c (-3 / +3 lines)
254	#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"	254	#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
255	void	255	void
256	client_x11_get_proto(const char display, const char xauth_path,	256	client_x11_get_proto(const char display, const char xauth_path,
257	u_int trusted, char _proto, char _data)	257	u_int trusted, u_int timeout, char _proto, char _data)
258	{	258	{
259	char cmd[1024];	259	char cmd[1024];
260	char line[512];	260	char line[512];
Lines 299-306 Link Here
299	xauthdir);	299	xauthdir);
300	snprintf(cmd, sizeof(cmd),	300	snprintf(cmd, sizeof(cmd),
301	"%s -f %s generate %s " SSH_X11_PROTO	301	"%s -f %s generate %s " SSH_X11_PROTO
302	" untrusted timeout 1200 2>" _PATH_DEVNULL,	302	" untrusted timeout %u 2>" _PATH_DEVNULL,
303	xauth_path, xauthfile, display);	303	xauth_path, xauthfile, display, timeout);
304	debug2("x11_get_proto: %s", cmd);	304	debug2("x11_get_proto: %s", cmd);
305	if (system(cmd) == 0)	305	if (system(cmd) == 0)
306	generated = 1;	306	generated = 1;

Lines 39-45 Link Here

(-)clientloop.h (-1 / +1 lines)
39		39
40	/* Client side main loop for the interactive session. */	40	/* Client side main loop for the interactive session. */
41	int client_loop(int, int, int);	41	int client_loop(int, int, int);
42	void client_x11_get_proto(const char , const char , u_int,	42	void client_x11_get_proto(const char , const char , u_int, u_int,
43	char , char );	43	char , char );
44	void client_global_request_reply_fwd(int, u_int32_t, void *);	44	void client_global_request_reply_fwd(int, u_int32_t, void *);
45	void client_session2_setup(int, int, int, const char , struct termios ,	45	void client_session2_setup(int, int, int, const char , struct termios ,

Lines 1113-1119 Link Here

(-)mux.c (-1 / +1 lines)
1113	char proto, data;	1113	char proto, data;
1114	/* Get reasonable local authentication information. */	1114	/* Get reasonable local authentication information. */
1115	client_x11_get_proto(display, options.xauth_location,	1115	client_x11_get_proto(display, options.xauth_location,
1116	options.forward_x11_trusted, &proto, &data);	1116	options.forward_x11_trusted, options.forward_x11_timeout, &proto, &data);
1117	/* Request forwarding with authentication spoofing. */	1117	/* Request forwarding with authentication spoofing. */
1118	debug("Requesting X11 forwarding with authentication spoofing.");	1118	debug("Requesting X11 forwarding with authentication spoofing.");
1119	x11_request_forwarding_with_spoofing(id, display, proto, data);	1119	x11_request_forwarding_with_spoofing(id, display, proto, data);

Lines 111-117 Link Here

(-)readconf.c (-1 / +9 lines)
111	typedef enum {	111	typedef enum {
112	oBadOption,	112	oBadOption,
113	oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,	113	oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
114	oExitOnForwardFailure,	114	oForwardX11Timeout, oExitOnForwardFailure,
115	oPasswordAuthentication, oRSAAuthentication,	115	oPasswordAuthentication, oRSAAuthentication,
116	oChallengeResponseAuthentication, oXAuthLocation,	116	oChallengeResponseAuthentication, oXAuthLocation,
117	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	117	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
Lines 143-148 Link Here
143	{ "forwardagent", oForwardAgent },	143	{ "forwardagent", oForwardAgent },
144	{ "forwardx11", oForwardX11 },	144	{ "forwardx11", oForwardX11 },
145	{ "forwardx11trusted", oForwardX11Trusted },	145	{ "forwardx11trusted", oForwardX11Trusted },
		146	{ "forwardx11timeout", oForwardX11Timeout },
146	{ "exitonforwardfailure", oExitOnForwardFailure },	147	{ "exitonforwardfailure", oExitOnForwardFailure },
147	{ "xauthlocation", oXAuthLocation },	148	{ "xauthlocation", oXAuthLocation },
148	{ "gatewayports", oGatewayPorts },	149	{ "gatewayports", oGatewayPorts },
Lines 404-409 Link Here
404	case oForwardX11Trusted:	405	case oForwardX11Trusted:
405	intptr = &options->forward_x11_trusted;	406	intptr = &options->forward_x11_trusted;
406	goto parse_flag;	407	goto parse_flag;
		408
		409	case oForwardX11Timeout:
		410	intptr = &options->forward_x11_timeout;
		411	goto parse_time;
407		412
408	case oGatewayPorts:	413	case oGatewayPorts:
409	intptr = &options->gateway_ports;	414	intptr = &options->gateway_ports;
Lines 1008-1013 Link Here
1008	options->forward_agent = -1;	1013	options->forward_agent = -1;
1009	options->forward_x11 = -1;	1014	options->forward_x11 = -1;
1010	options->forward_x11_trusted = -1;	1015	options->forward_x11_trusted = -1;
		1016	options->forward_x11_timeout = -1;
1011	options->exit_on_forward_failure = -1;	1017	options->exit_on_forward_failure = -1;
1012	options->xauth_location = NULL;	1018	options->xauth_location = NULL;
1013	options->gateway_ports = -1;	1019	options->gateway_ports = -1;
Lines 1092-1097 Link Here
1092	options->forward_x11 = 0;	1098	options->forward_x11 = 0;
1093	if (options->forward_x11_trusted == -1)	1099	if (options->forward_x11_trusted == -1)
1094	options->forward_x11_trusted = 0;	1100	options->forward_x11_trusted = 0;
		1101	if (options->forward_x11_timeout == -1)
		1102	options->forward_x11_timeout = 1200;
1095	if (options->exit_on_forward_failure == -1)	1103	if (options->exit_on_forward_failure == -1)
1096	options->exit_on_forward_failure = 0;	1104	options->exit_on_forward_failure = 0;
1097	if (options->xauth_location == NULL)	1105	if (options->xauth_location == NULL)

Lines 32-37 Link Here

(-)readconf.h (+1 lines)
32	typedef struct {	32	typedef struct {
33	int forward_agent; /* Forward authentication agent. */	33	int forward_agent; /* Forward authentication agent. */
34	int forward_x11; /* Forward X11 display. */	34	int forward_x11; /* Forward X11 display. */
		35	int forward_x11_timeout; /* Expiration for Cookies */
35	int forward_x11_trusted; /* Trust Forward X11 display. */	36	int forward_x11_trusted; /* Trust Forward X11 display. */
36	int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */	37	int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */
37	char xauth_location; / Location for xauth program */	38	char xauth_location; / Location for xauth program */

Lines 1096-1102 Link Here

(-)ssh.c (-2 / +5 lines)
1096	char proto, data;	1096	char proto, data;
1097	/* Get reasonable local authentication information. */	1097	/* Get reasonable local authentication information. */
1098	client_x11_get_proto(display, options.xauth_location,	1098	client_x11_get_proto(display, options.xauth_location,
1099	options.forward_x11_trusted, &proto, &data);	1099	options.forward_x11_trusted,
		1100	options.forward_x11_timeout,
		1101	&proto, &data);
1100	/* Request forwarding with authentication spoofing. */	1102	/* Request forwarding with authentication spoofing. */
1101	debug("Requesting X11 forwarding with authentication "	1103	debug("Requesting X11 forwarding with authentication "
1102	"spoofing.");	1104	"spoofing.");
Lines 1192-1198 Link Here
1192	char proto, data;	1194	char proto, data;
1193	/* Get reasonable local authentication information. */	1195	/* Get reasonable local authentication information. */
1194	client_x11_get_proto(display, options.xauth_location,	1196	client_x11_get_proto(display, options.xauth_location,
1195	options.forward_x11_trusted, &proto, &data);	1197	options.forward_x11_trusted,
		1198	options.forward_x11_timeout, &proto, &data);
1196	/* Request forwarding with authentication spoofing. */	1199	/* Request forwarding with authentication spoofing. */
1197	debug("Requesting X11 forwarding with authentication "	1200	debug("Requesting X11 forwarding with authentication "
1198	"spoofing.");	1201	"spoofing.");

Lines 432-437 Link Here

(-)ssh_config.5 (+4 lines)
432	if the	432	if the
433	.Cm ForwardX11Trusted	433	.Cm ForwardX11Trusted
434	option is also enabled.	434	option is also enabled.
		435	.It Cm ForwardX11Timeout
		436	The timeout (in seconds) used for untrusted X11 authentication data. The
		437	default is 1200 seconds. Long timeouts may be used to workaround broken X ACLs
		438	from making untrusted connections fallback to trusted after expiration.
435	.It Cm ForwardX11Trusted	439	.It Cm ForwardX11Trusted
436	If this option is set to	440	If this option is set to
437	.Dq yes ,	441	.Dq yes ,

Return to bug 1785