Mercurial > dropbear
comparison x11fwd.c @ 4:fe6bca95afa7
Makefile.in contains updated files required
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 01 Jun 2004 02:46:09 +0000 |
| parents | |
| children | 7f77962de998 |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 4:fe6bca95afa7 |
|---|---|
| 1 /* | |
| 2 * Dropbear - a SSH2 server | |
| 3 * | |
| 4 * Copyright (c) 2002,2003 Matt Johnston | |
| 5 * All rights reserved. | |
| 6 * | |
| 7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
| 8 * of this software and associated documentation files (the "Software"), to deal | |
| 9 * in the Software without restriction, including without limitation the rights | |
| 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| 11 * copies of the Software, and to permit persons to whom the Software is | |
| 12 * furnished to do so, subject to the following conditions: | |
| 13 * | |
| 14 * The above copyright notice and this permission notice shall be included in | |
| 15 * all copies or substantial portions of the Software. | |
| 16 * | |
| 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| 23 * SOFTWARE. */ | |
| 24 | |
| 25 #include "includes.h" | |
| 26 | |
| 27 #ifndef DISABLE_X11FWD | |
| 28 #include "x11fwd.h" | |
| 29 #include "session.h" | |
| 30 #include "ssh.h" | |
| 31 #include "dbutil.h" | |
| 32 #include "chansession.h" | |
| 33 #include "channel.h" | |
| 34 #include "packet.h" | |
| 35 #include "buffer.h" | |
| 36 | |
| 37 #define X11BASEPORT 6000 | |
| 38 #define X11BINDBASE 6010 | |
| 39 | |
| 40 static int bindport(int fd); | |
| 41 static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr); | |
| 42 | |
| 43 /* called as a request for a session channel, sets up listening X11 */ | |
| 44 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | |
| 45 int x11req(struct ChanSess * chansess) { | |
| 46 | |
| 47 /* we already have an x11 connection */ | |
| 48 if (chansess->x11fd != -1) { | |
| 49 return DROPBEAR_FAILURE; | |
| 50 } | |
| 51 | |
| 52 chansess->x11singleconn = buf_getbyte(ses.payload); | |
| 53 chansess->x11authprot = buf_getstring(ses.payload, NULL); | |
| 54 chansess->x11authcookie = buf_getstring(ses.payload, NULL); | |
| 55 chansess->x11screennum = buf_getint(ses.payload); | |
| 56 | |
| 57 /* create listening socket */ | |
| 58 chansess->x11fd = socket(PF_INET, SOCK_STREAM, 0); | |
| 59 if (chansess->x11fd < 0) { | |
| 60 goto fail; | |
| 61 } | |
| 62 | |
| 63 /* allocate port and bind */ | |
| 64 chansess->x11port = bindport(chansess->x11fd); | |
| 65 if (chansess->x11port < 0) { | |
| 66 goto fail; | |
| 67 } | |
| 68 | |
| 69 /* listen */ | |
| 70 if (listen(chansess->x11fd, 20) < 0) { | |
| 71 goto fail; | |
| 72 } | |
| 73 | |
| 74 /* set non-blocking */ | |
| 75 if (fcntl(chansess->x11fd, F_SETFL, O_NONBLOCK) < 0) { | |
| 76 goto fail; | |
| 77 } | |
| 78 | |
| 79 /* channel.c's channel fd code will handle the socket now */ | |
| 80 | |
| 81 /* set the maxfd so that select() loop will notice it */ | |
| 82 ses.maxfd = MAX(ses.maxfd, chansess->x11fd); | |
| 83 | |
| 84 return DROPBEAR_SUCCESS; | |
| 85 | |
| 86 fail: | |
| 87 /* cleanup */ | |
| 88 x11cleanup(chansess); | |
| 89 | |
| 90 return DROPBEAR_FAILURE; | |
| 91 } | |
| 92 | |
| 93 /* accepts a new X11 socket */ | |
| 94 /* returns DROPBEAR_FAILURE or DROPBEAR_SUCCESS */ | |
| 95 int x11accept(struct ChanSess * chansess) { | |
| 96 | |
| 97 int fd; | |
| 98 struct sockaddr_in addr; | |
| 99 int len; | |
| 100 | |
| 101 len = sizeof(addr); | |
| 102 | |
| 103 fd = accept(chansess->x11fd, (struct sockaddr*)&addr, &len); | |
| 104 if (fd < 0) { | |
| 105 return DROPBEAR_FAILURE; | |
| 106 } | |
| 107 | |
| 108 /* if single-connection we close it up */ | |
| 109 if (chansess->x11singleconn) { | |
| 110 x11cleanup(chansess); | |
| 111 } | |
| 112 | |
| 113 return send_msg_channel_open_x11(fd, &addr); | |
| 114 } | |
| 115 | |
| 116 /* This is called after switching to the user, and sets up the xauth | |
| 117 * and environment variables. */ | |
| 118 void x11setauth(struct ChanSess *chansess) { | |
| 119 | |
| 120 char display[20]; /* space for "localhost:12345.123" */ | |
| 121 FILE * authprog; | |
| 122 int val; | |
| 123 | |
| 124 if (chansess->x11fd == -1) { | |
| 125 return; | |
| 126 } | |
| 127 | |
| 128 /* create the DISPLAY string */ | |
| 129 val = snprintf(display, sizeof(display), "localhost:%d.%d", | |
| 130 chansess->x11port - X11BASEPORT, chansess->x11screennum); | |
| 131 if (val < 0 || val >= (int)sizeof(display)) { | |
| 132 /* string was truncated */ | |
| 133 return; | |
| 134 } | |
| 135 | |
| 136 addnewvar("DISPLAY", display); | |
| 137 | |
| 138 /* create the xauth string */ | |
| 139 val = snprintf(display, sizeof(display), "unix:%d.%d", | |
| 140 chansess->x11port - X11BASEPORT, chansess->x11screennum); | |
| 141 if (val < 0 || val >= (int)sizeof(display)) { | |
| 142 /* string was truncated */ | |
| 143 return; | |
| 144 } | |
| 145 | |
| 146 /* popen is a nice function - code is strongly based on OpenSSH's */ | |
| 147 authprog = popen(XAUTH_COMMAND, "w"); | |
| 148 if (authprog) { | |
| 149 fprintf(authprog, "add %s %s %s\n", | |
| 150 display, chansess->x11authprot, chansess->x11authcookie); | |
| 151 pclose(authprog); | |
| 152 } else { | |
| 153 fprintf(stderr, "Failed to run %s\n", XAUTH_COMMAND); | |
| 154 } | |
| 155 } | |
| 156 | |
| 157 void x11cleanup(struct ChanSess * chansess) { | |
| 158 | |
| 159 if (chansess->x11fd == -1) { | |
| 160 return; | |
| 161 } | |
| 162 | |
| 163 m_free(chansess->x11authprot); | |
| 164 m_free(chansess->x11authcookie); | |
| 165 close(chansess->x11fd); | |
| 166 chansess->x11fd = -1; | |
| 167 } | |
| 168 | |
| 169 static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr) { | |
| 170 | |
| 171 char* ipstring; | |
| 172 | |
| 173 if (send_msg_channel_open_init(fd, CHANNEL_ID_X11, "x11") | |
| 174 == DROPBEAR_SUCCESS) { | |
| 175 ipstring = inet_ntoa(addr->sin_addr); | |
| 176 buf_putstring(ses.writepayload, ipstring, strlen(ipstring)); | |
| 177 buf_putint(ses.writepayload, addr->sin_port); | |
| 178 | |
| 179 encrypt_packet(); | |
| 180 return DROPBEAR_SUCCESS; | |
| 181 } else { | |
| 182 return DROPBEAR_FAILURE; | |
| 183 } | |
| 184 | |
| 185 } | |
| 186 | |
| 187 /* returns the port bound to, or -1 on failure. | |
| 188 * Will attempt to bind to a port X11BINDBASE (6010 usually) or upwards */ | |
| 189 static int bindport(int fd) { | |
| 190 | |
| 191 struct sockaddr_in addr; | |
| 192 uint16_t port; | |
| 193 | |
| 194 memset((void*)&addr, 0x0, sizeof(addr)); | |
| 195 addr.sin_family = AF_INET; | |
| 196 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); | |
| 197 | |
| 198 /* if we can't find one in 2000 ports free, something's wrong */ | |
| 199 for (port = X11BINDBASE; port < X11BINDBASE + 2000; port++) { | |
| 200 addr.sin_port = htons(port); | |
| 201 if (bind(fd, (struct sockaddr*)&addr, | |
| 202 sizeof(struct sockaddr_in)) == 0) { | |
| 203 /* success */ | |
| 204 return port; | |
| 205 } | |
| 206 if (errno == EADDRINUSE) { | |
| 207 /* try the next port */ | |
| 208 continue; | |
| 209 } | |
| 210 /* otherwise it was an error we don't know about */ | |
| 211 dropbear_log(LOG_DEBUG, "failed to bind x11 socket"); | |
| 212 break; | |
| 213 } | |
| 214 return -1; | |
| 215 } | |
| 216 #endif /* DROPBEAR_X11FWD */ |