Bugzilla – Attachment 931 Details for
Bug 1016
ssh caching doesn't forward X11 connections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Enable X11 and agent forwarding for multiplexed connections
mux_x11_agent_fwd.diff (text/plain), 7.37 KB, created by
Damien Miller
on 2005-06-21 12:51:23 AEST
(
hide
)
Description:
Enable X11 and agent forwarding for multiplexed connections
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-06-21 12:51:23 AEST
Size:
7.37 KB
patch
obsolete
> >Index: clientloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v >retrieving revision 1.139 >diff -u -p -r1.139 clientloop.c >--- clientloop.c 17 Jun 2005 02:44:32 -0000 1.139 >+++ clientloop.c 21 Jun 2005 02:37:22 -0000 >@@ -140,6 +140,8 @@ int session_ident = -1; > struct confirm_ctx { > int want_tty; > int want_subsys; >+ int want_x_fwd; >+ int want_agent_fwd; > Buffer cmd; > char *term; > struct termios tio; >@@ -631,6 +633,7 @@ static void > client_extra_session2_setup(int id, void *arg) > { > struct confirm_ctx *cctx = arg; >+ const char *display; > Channel *c; > int i; > >@@ -639,6 +642,24 @@ client_extra_session2_setup(int id, void > if ((c = channel_lookup(id)) == NULL) > fatal("%s: no channel for id %d", __func__, id); > >+ display = getenv("DISPLAY"); >+ if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { >+ char *proto, *data; >+ /* Get reasonable local authentication information. */ >+ client_x11_get_proto(display, options.xauth_location, >+ options.forward_x11_trusted, &proto, &data); >+ /* Request forwarding with authentication spoofing. */ >+ debug("Requesting X11 forwarding with authentication spoofing."); >+ x11_request_forwarding_with_spoofing(id, display, proto, data); >+ /* XXX wait for reply */ >+ } >+ >+ if (cctx->want_agent_fwd && options.forward_agent) { >+ debug("Requesting authentication agent forwarding."); >+ channel_request_start(id, "auth-agent-req@openssh.com", 0); >+ packet_send(); >+ } >+ > client_session2_setup(id, cctx->want_tty, cctx->want_subsys, > cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, > client_subsystem_reply); >@@ -704,7 +725,7 @@ client_process_control(fd_set * readset) > buffer_free(&m); > return; > } >- if ((ver = buffer_get_char(&m)) != 1) { >+ if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { > error("%s: wrong client version %d", __func__, ver); > buffer_free(&m); > close(client_fd); >@@ -738,7 +759,7 @@ client_process_control(fd_set * readset) > buffer_clear(&m); > buffer_put_int(&m, allowed); > buffer_put_int(&m, getpid()); >- if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { >+ if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { > error("%s: client msg_send failed", __func__); > close(client_fd); > buffer_free(&m); >@@ -758,7 +779,7 @@ client_process_control(fd_set * readset) > buffer_clear(&m); > buffer_put_int(&m, allowed); > buffer_put_int(&m, getpid()); >- if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { >+ if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { > error("%s: client msg_send failed", __func__); > close(client_fd); > buffer_free(&m); >@@ -779,7 +800,7 @@ client_process_control(fd_set * readset) > buffer_free(&m); > return; > } >- if ((ver = buffer_get_char(&m)) != 1) { >+ if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { > error("%s: wrong client version %d", __func__, ver); > buffer_free(&m); > close(client_fd); >@@ -790,6 +811,8 @@ client_process_control(fd_set * readset) > memset(cctx, 0, sizeof(*cctx)); > cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; > cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; >+ cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; >+ cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0; > cctx->term = buffer_get_string(&m, &len); > > cmd = buffer_get_string(&m, &len); >@@ -823,7 +846,7 @@ client_process_control(fd_set * readset) > > /* This roundtrip is just for synchronisation of ttymodes */ > buffer_clear(&m); >- if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { >+ if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { > error("%s: client msg_send failed", __func__); > close(client_fd); > close(new_fd[0]); >Index: clientloop.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/clientloop.h,v >retrieving revision 1.13 >diff -u -p -r1.13 clientloop.h >--- clientloop.h 16 Jun 2005 03:38:36 -0000 1.13 >+++ clientloop.h 21 Jun 2005 02:37:22 -0000 >@@ -43,6 +43,9 @@ void client_global_request_reply_fwd(in > void client_session2_setup(int, int, int, const char *, struct termios *, > int, Buffer *, char **, dispatch_fn *); > >+/* Multiplexing protocol version */ >+#define SSHMUX_VER 1 >+ > /* Multiplexing control protocol flags */ > #define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ > #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ >@@ -50,3 +53,5 @@ void client_session2_setup(int, int, in > > #define SSHMUX_FLAG_TTY (1) /* Request tty on open */ > #define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ >+#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */ >+#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */ >Index: ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.245 >diff -u -p -r1.245 ssh.c >--- ssh.c 18 Jun 2005 04:30:36 -0000 1.245 >+++ ssh.c 21 Jun 2005 02:37:22 -0000 >@@ -1251,28 +1251,31 @@ control_client(const char *path) > close(fd); > } > >- if ((term = getenv("TERM")) == NULL) >- term = ""; >+ term = getenv("TERM"); > > flags = 0; > if (tty_flag) > flags |= SSHMUX_FLAG_TTY; > if (subsystem_flag) > flags |= SSHMUX_FLAG_SUBSYS; >+ if (options.forward_x11) >+ flags |= SSHMUX_FLAG_X11_FWD; >+ if (options.forward_agent) >+ flags |= SSHMUX_FLAG_AGENT_FWD; > > buffer_init(&m); > > /* Send our command to server */ > buffer_put_int(&m, mux_command); > buffer_put_int(&m, flags); >- if (ssh_msg_send(sock, /* version */1, &m) == -1) >+ if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) > fatal("%s: msg_send", __func__); > buffer_clear(&m); > > /* Get authorisation status and PID of controlee */ > if (ssh_msg_recv(sock, &m) == -1) > fatal("%s: msg_recv", __func__); >- if (buffer_get_char(&m) != 1) >+ if (buffer_get_char(&m) != SSHMUX_VER) > fatal("%s: wrong version", __func__); > if (buffer_get_int(&m) != 1) > fatal("Connection to master denied"); >@@ -1296,7 +1299,7 @@ control_client(const char *path) > } > > /* SSHMUX_COMMAND_OPEN */ >- buffer_put_cstring(&m, term); >+ buffer_put_cstring(&m, term ? term : ""); > buffer_append(&command, "\0", 1); > buffer_put_cstring(&m, buffer_ptr(&command)); > >@@ -1318,7 +1321,7 @@ control_client(const char *path) > } > } > >- if (ssh_msg_send(sock, /* version */1, &m) == -1) >+ if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) > fatal("%s: msg_send", __func__); > > mm_send_fd(sock, STDIN_FILENO); >@@ -1329,7 +1332,7 @@ control_client(const char *path) > buffer_clear(&m); > if (ssh_msg_recv(sock, &m) == -1) > fatal("%s: msg_recv", __func__); >- if (buffer_get_char(&m) != 1) >+ if (buffer_get_char(&m) != SSHMUX_VER) > fatal("%s: wrong version", __func__); > buffer_free(&m); > >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.57 >diff -u -p -r1.57 ssh_config.5 >--- ssh_config.5 18 Jun 2005 04:30:36 -0000 1.57 >+++ ssh_config.5 21 Jun 2005 02:37:23 -0000 >@@ -279,6 +279,12 @@ can not be opened, > .Nm ssh > will continue without connecting to a master instance. > .Pp >+X11 and >+.Xr ssh-agent 4 >+forwarding is supported over these multiplexed connections, however the >+display and agent fowarded will be the one belonging to the master >+connection. I.e. it is not possible to forward multiple displays or agents. >+.Pp > Two additional options allow for opportunistic multiplexing: try to use a > master connection but fall back to creating a new one if one does not already > exist.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1016
: 931