Attachment 931 Details for Bug 1016 – Enable X11 and agent forwarding for multiplexed connections

[patch] Enable X11 and agent forwarding for multiplexed connections

mux_x11_agent_fwd.diff (text/plain), 7.37 KB, created by Damien Miller on 2005-06-21 12:51:23 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2005-06-21 12:51:23 AEST

Size: 7.37 KB

patch

obsolete

>
>Index: clientloop.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
>retrieving revision 1.139
>diff -u -p -r1.139 clientloop.c
>--- clientloop.c	17 Jun 2005 02:44:32 -0000	1.139
>+++ clientloop.c	21 Jun 2005 02:37:22 -0000
>@@ -140,6 +140,8 @@ int	session_ident = -1;
> struct confirm_ctx {
> 	int want_tty;
> 	int want_subsys;
>+	int want_x_fwd;
>+	int want_agent_fwd;
> 	Buffer cmd;
> 	char *term;
> 	struct termios tio;
>@@ -631,6 +633,7 @@ static void
> client_extra_session2_setup(int id, void *arg)
> {
> 	struct confirm_ctx *cctx = arg;
>+	const char *display;
> 	Channel *c;
> 	int i;
> 
>@@ -639,6 +642,24 @@ client_extra_session2_setup(int id, void
> 	if ((c = channel_lookup(id)) == NULL)
> 		fatal("%s: no channel for id %d", __func__, id);
> 
>+	display = getenv("DISPLAY");	
>+	if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
>+		char *proto, *data;
>+		/* Get reasonable local authentication information. */
>+		client_x11_get_proto(display, options.xauth_location,
>+		    options.forward_x11_trusted, &proto, &data);
>+		/* Request forwarding with authentication spoofing. */
>+		debug("Requesting X11 forwarding with authentication spoofing.");
>+		x11_request_forwarding_with_spoofing(id, display, proto, data);
>+		/* XXX wait for reply */
>+	}
>+
>+	if (cctx->want_agent_fwd && options.forward_agent) {
>+		debug("Requesting authentication agent forwarding.");
>+		channel_request_start(id, "auth-agent-req@openssh.com", 0);
>+		packet_send();
>+	}
>+
> 	client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
> 	    cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
> 	    client_subsystem_reply);
>@@ -704,7 +725,7 @@ client_process_control(fd_set * readset)
> 		buffer_free(&m);
> 		return;
> 	}
>-	if ((ver = buffer_get_char(&m)) != 1) {
>+	if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
> 		error("%s: wrong client version %d", __func__, ver);
> 		buffer_free(&m);
> 		close(client_fd);
>@@ -738,7 +759,7 @@ client_process_control(fd_set * readset)
> 		buffer_clear(&m);
> 		buffer_put_int(&m, allowed);
> 		buffer_put_int(&m, getpid());
>-		if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
>+		if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
> 			error("%s: client msg_send failed", __func__);
> 			close(client_fd);
> 			buffer_free(&m);
>@@ -758,7 +779,7 @@ client_process_control(fd_set * readset)
> 	buffer_clear(&m);
> 	buffer_put_int(&m, allowed);
> 	buffer_put_int(&m, getpid());
>-	if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
>+	if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
> 		error("%s: client msg_send failed", __func__);
> 		close(client_fd);
> 		buffer_free(&m);
>@@ -779,7 +800,7 @@ client_process_control(fd_set * readset)
> 		buffer_free(&m);
> 		return;
> 	}
>-	if ((ver = buffer_get_char(&m)) != 1) {
>+	if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
> 		error("%s: wrong client version %d", __func__, ver);
> 		buffer_free(&m);
> 		close(client_fd);
>@@ -790,6 +811,8 @@ client_process_control(fd_set * readset)
> 	memset(cctx, 0, sizeof(*cctx));
> 	cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
> 	cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
>+	cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
>+	cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
> 	cctx->term = buffer_get_string(&m, &len);
> 
> 	cmd = buffer_get_string(&m, &len);
>@@ -823,7 +846,7 @@ client_process_control(fd_set * readset)
> 
> 	/* This roundtrip is just for synchronisation of ttymodes */
> 	buffer_clear(&m);
>-	if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
>+	if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
> 		error("%s: client msg_send failed", __func__);
> 		close(client_fd);
> 		close(new_fd[0]);
>Index: clientloop.h
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/clientloop.h,v
>retrieving revision 1.13
>diff -u -p -r1.13 clientloop.h
>--- clientloop.h	16 Jun 2005 03:38:36 -0000	1.13
>+++ clientloop.h	21 Jun 2005 02:37:22 -0000
>@@ -43,6 +43,9 @@ void	 client_global_request_reply_fwd(in
> void	 client_session2_setup(int, int, int, const char *, struct termios *,
> 	    int, Buffer *, char **, dispatch_fn *);
> 
>+/* Multiplexing protocol version */
>+#define SSHMUX_VER			1
>+
> /* Multiplexing control protocol flags */
> #define SSHMUX_COMMAND_OPEN		1	/* Open new connection */
> #define SSHMUX_COMMAND_ALIVE_CHECK	2	/* Check master is alive */
>@@ -50,3 +53,5 @@ void	 client_session2_setup(int, int, in
> 
> #define SSHMUX_FLAG_TTY			(1)	/* Request tty on open */
> #define SSHMUX_FLAG_SUBSYS		(1<<1)	/* Subsystem request on open */
>+#define SSHMUX_FLAG_X11_FWD		(1<<2)	/* Request X11 forwarding */
>+#define SSHMUX_FLAG_AGENT_FWD		(1<<3)	/* Request agent forwarding */
>Index: ssh.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
>retrieving revision 1.245
>diff -u -p -r1.245 ssh.c
>--- ssh.c	18 Jun 2005 04:30:36 -0000	1.245
>+++ ssh.c	21 Jun 2005 02:37:22 -0000
>@@ -1251,28 +1251,31 @@ control_client(const char *path)
>  			close(fd);
>  	}
>   
>-	if ((term = getenv("TERM")) == NULL)
>-		term = "";
>+	term = getenv("TERM");
> 
> 	flags = 0;
> 	if (tty_flag)
> 		flags |= SSHMUX_FLAG_TTY;
> 	if (subsystem_flag)
> 		flags |= SSHMUX_FLAG_SUBSYS;
>+	if (options.forward_x11)
>+		flags |= SSHMUX_FLAG_X11_FWD;
>+	if (options.forward_agent)
>+		flags |= SSHMUX_FLAG_AGENT_FWD;
> 
> 	buffer_init(&m);
> 
> 	/* Send our command to server */
> 	buffer_put_int(&m, mux_command);
> 	buffer_put_int(&m, flags);
>-	if (ssh_msg_send(sock, /* version */1, &m) == -1)
>+	if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
> 		fatal("%s: msg_send", __func__);
> 	buffer_clear(&m);
> 
> 	/* Get authorisation status and PID of controlee */
> 	if (ssh_msg_recv(sock, &m) == -1)
> 		fatal("%s: msg_recv", __func__);
>-	if (buffer_get_char(&m) != 1)
>+	if (buffer_get_char(&m) != SSHMUX_VER)
> 		fatal("%s: wrong version", __func__);
> 	if (buffer_get_int(&m) != 1)
> 		fatal("Connection to master denied");
>@@ -1296,7 +1299,7 @@ control_client(const char *path)
> 	}
> 
> 	/* SSHMUX_COMMAND_OPEN */
>-	buffer_put_cstring(&m, term);
>+	buffer_put_cstring(&m, term ? term : "");
> 	buffer_append(&command, "\0", 1);
> 	buffer_put_cstring(&m, buffer_ptr(&command));
> 
>@@ -1318,7 +1321,7 @@ control_client(const char *path)
> 			}
> 	}
> 
>-	if (ssh_msg_send(sock, /* version */1, &m) == -1)
>+	if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
> 		fatal("%s: msg_send", __func__);
> 
> 	mm_send_fd(sock, STDIN_FILENO);
>@@ -1329,7 +1332,7 @@ control_client(const char *path)
> 	buffer_clear(&m);
> 	if (ssh_msg_recv(sock, &m) == -1)
> 		fatal("%s: msg_recv", __func__);
>-	if (buffer_get_char(&m) != 1)
>+	if (buffer_get_char(&m) != SSHMUX_VER)
> 		fatal("%s: wrong version", __func__);
> 	buffer_free(&m);
> 
>Index: ssh_config.5
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
>retrieving revision 1.57
>diff -u -p -r1.57 ssh_config.5
>--- ssh_config.5	18 Jun 2005 04:30:36 -0000	1.57
>+++ ssh_config.5	21 Jun 2005 02:37:23 -0000
>@@ -279,6 +279,12 @@ can not be opened,
> .Nm ssh
> will continue without connecting to a master instance.
> .Pp
>+X11 and
>+.Xr ssh-agent 4
>+forwarding is supported over these multiplexed connections, however the
>+display and agent fowarded will be the one belonging to the master
>+connection. I.e. it is not possible to forward multiple displays or agents.
>+.Pp
> Two additional options allow for opportunistic multiplexing: try to use a
> master connection but fall back to creating a new one if one does not already
> exist.

Actions: View | Diff

Attachments on bug 1016: 931