From bd483e76909905f28d1604125f70c7cf8271f66e Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 30 Apr 2000 10:00:53 +1000
Subject:  - More OpenBSD updates:    [session.c]    - don't call
 chan_write_failed() if we are not writing    [auth-rsa.c auth1.c authfd.c
 hostfile.c ssh-agent.c]    - keysize warnings error() -> log()

---
 ssh.c | 102 ++++++++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 59 insertions(+), 43 deletions(-)

(limited to 'ssh.c')

diff --git a/ssh.c b/ssh.c
index bdf6180c..cffd5667 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.27 2000/04/29 13:57:12 damien Exp $");
+RCSID("$Id: ssh.c,v 1.28 2000/04/30 00:00:54 damien Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -664,6 +664,45 @@ main(int ac, char **av)
 	return exit_status;
 }
 
+void
+x11_get_proto(char *proto, int proto_len, char *data, int data_len)
+{
+	char line[512];
+	FILE *f;
+	int got_data = 0, i;
+
+#ifdef XAUTH_PATH
+	/* Try to get Xauthority information for the display. */
+	snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null",
+		 XAUTH_PATH, getenv("DISPLAY"));
+	f = popen(line, "r");
+	if (f && fgets(line, sizeof(line), f) &&
+	    sscanf(line, "%*s %s %s", proto, data) == 2)
+		got_data = 1;
+	if (f)
+		pclose(f);
+#endif /* XAUTH_PATH */
+	/*
+	 * If we didn't get authentication data, just make up some
+	 * data.  The forwarding code will check the validity of the
+	 * response anyway, and substitute this data.  The X11
+	 * server, however, will ignore this fake data and use
+	 * whatever authentication mechanisms it was using otherwise
+	 * for the local connection.
+	 */
+	if (!got_data) {
+		u_int32_t rand = 0;
+
+		strlcpy(proto, "MIT-MAGIC-COOKIE-1", proto_len);
+		for (i = 0; i < 16; i++) {
+			if (i % 4 == 0)
+				rand = arc4random();
+			snprintf(data + 2 * i, data_len - 2 * i, "%02x", rand & 0xff);
+			rand >>= 8;
+		}
+	}
+}
+
 int
 ssh_session(void)
 {
@@ -737,56 +776,22 @@ ssh_session(void)
 	}
 	/* Request X11 forwarding if enabled and DISPLAY is set. */
 	if (options.forward_x11 && getenv("DISPLAY") != NULL) {
-		char line[512], proto[512], data[512];
-		FILE *f;
-		int forwarded = 0, got_data = 0, i;
-
-#ifdef XAUTH_PATH
-		/* Try to get Xauthority information for the display. */
-		snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null",
-			 XAUTH_PATH, getenv("DISPLAY"));
-		f = popen(line, "r");
-		if (f && fgets(line, sizeof(line), f) &&
-		    sscanf(line, "%*s %s %s", proto, data) == 2)
-			got_data = 1;
-		if (f)
-			pclose(f);
-#endif /* XAUTH_PATH */
-		/*
-		 * If we didn't get authentication data, just make up some
-		 * data.  The forwarding code will check the validity of the
-		 * response anyway, and substitute this data.  The X11
-		 * server, however, will ignore this fake data and use
-		 * whatever authentication mechanisms it was using otherwise
-		 * for the local connection.
-		 */
-		if (!got_data) {
-			u_int32_t rand = 0;
-
-			strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
-			for (i = 0; i < 16; i++) {
-				if (i % 4 == 0)
-					rand = arc4random();
-				snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff);
-				rand >>= 8;
-			}
-		}
-		/*
-		 * Got local authentication reasonable information. Request
-		 * forwarding with authentication spoofing.
-		 */
+		char proto[512], data[512];
+		/* Get reasonable local authentication information. */
+		x11_get_proto(proto, sizeof proto, data, sizeof data);
+		/* Request forwarding with authentication spoofing. */
 		debug("Requesting X11 forwarding with authentication spoofing.");
-		x11_request_forwarding_with_spoofing(proto, data);
+		x11_request_forwarding_with_spoofing(0, proto, data);
 
 		/* Read response from the server. */
 		type = packet_read(&plen);
 		if (type == SSH_SMSG_SUCCESS) {
-			forwarded = 1;
 			interactive = 1;
-		} else if (type == SSH_SMSG_FAILURE)
+		} else if (type == SSH_SMSG_FAILURE) {
 			log("Warning: Remote host denied X11 forwarding.");
-		else
+		} else {
 			packet_disconnect("Protocol error waiting for X11 forwarding");
+		}
 	}
 	/* Tell the packet module whether this is an interactive session. */
 	packet_set_interactive(interactive, options.keepalives);
@@ -909,6 +914,17 @@ client_init(int id, void *arg)
 		packet_send();
 		/* XXX wait for reply */
 	}
+	if (options.forward_x11 &&
+	    getenv("DISPLAY") != NULL) {
+		char proto[512], data[512];
+		/* Get reasonable local authentication information. */
+		x11_get_proto(proto, sizeof proto, data, sizeof data);
+		/* Request forwarding with authentication spoofing. */
+		debug("Requesting X11 forwarding with authentication spoofing.");
+		x11_request_forwarding_with_spoofing(id, proto, data);
+		/* XXX wait for reply */
+	}
+
 	len = buffer_len(&command);
 	if (len > 0) {
 		if (len > 900)
-- 
cgit v1.2.1