X11 display issues

Andy Polyakov appro at fy.chalmers.se
Thu Feb 22 02:03:18 EST 2001


Hi,

This also has been discussed in SSHSCI's SSH context. All SSH versions
(both SSHSCI and OpenSSH) derive value for DISPLAY variable from
`uname -n`. The problem is that the returned value is not necessarily
resolvable to a valid IP number which in turn might cause a failure.
To make it fool-proof I suggest to set DISPLAY to the interface's
address the user has reached the system in question through. Yes, one
can argue that it might "break" 'xauth add hostname/unix:10.0 ...'
thing... Well, but let's wonder what's the meaning for 'xauth add
hostname/unix:10.0 ...'... And the answer is "it's meaningless"! It's
redundant as ssh server never listens for X11 connections on UNIX socket.
Therefore a patch (relative to OpenSSH 2.5.1p1) is suggested.

Cheers. Andy.

*** channels.c.orig	Fri Feb 16 16:56:31 2001
--- channels.c	Wed Feb 21 11:49:06 2001
***************
*** 1909,1915 ****
  char *
  x11_create_display_inet(int screen_number, int x11_display_offset)
  {
! 	int display_number, sock;
  	u_short port;
  	struct addrinfo hints, *ai, *aitop;
  	char strport[NI_MAXSERV];
--- 1909,1915 ----
  char *
  x11_create_display_inet(int screen_number, int x11_display_offset)
  {
! 	int display_number, sock=-1;
  	u_short port;
  	struct addrinfo hints, *ai, *aitop;
  	char strport[NI_MAXSERV];
***************
*** 1987,1992 ****
--- 1987,1997 ----
  	}
  
  	/* Set up a suitable value for the DISPLAY variable. */
+ #if 0
+ 	/*
+ 	 * well, gethostname doesn't necessarily resolve to an address
+ 	 * so I do something completely different. <appro at fy.chalmers.se>
+ 	 */
  	if (gethostname(hostname, sizeof(hostname)) < 0)
  		fatal("gethostname: %.100s", strerror(errno));
  
***************
*** 2029,2034 ****
--- 2034,2070 ----
  		 display_number, screen_number);
  #endif /* IPADDR_IN_DISPLAY */
  
+ #else
+ 	/* and now something completely different:-) <appro at fy.chalmers.se> */
+ 	{
+ 		struct sockaddr_in me;
+ 		socklen_t melen = sizeof(me);
+ 		struct hostent *he;
+ 
+ 		if (getsockname(packet_get_connection_in(),
+ 			(struct sockaddr *)&me, &melen) != 0
+ 		    || me.sin_family != AF_INET) {
+ 			error("[X11-broken-fwd] Unable to getsockname or unsupported protocol family");
+ 			packet_send_debug("[X11-broken-fwd] Unable to getsockname or unsupported protocol family");
+ 
+ 			shutdown(sock, SHUT_RDWR);
+ 			close(sock);
+ 
+ 			return NULL;
+ 		}
+ 
+ #ifndef IPADDR_IN_DISPLAY
+ 		if ((he = gethostbyaddr ((void *)&me.sin_addr,
+ 			sizeof(me.sin_addr),AF_INET)) != NULL)
+ 			snprintf (display, sizeof(display),"%.400s:%d.%d",
+ 				he->h_name, display_number, screen_number);
+ 		else
+ #endif
+ 			snprintf(display, sizeof(display), "%.50s:%d.%d",
+ 				inet_ntoa(me.sin_addr), display_number, screen_number);
+ 	}
+ #endif
+ 
  	/* Allocate a channel for each socket. */
  	for (n = 0; n < num_socks; n++) {
  		sock = socks[n];
*** session.c.orig	Sun Feb 18 20:13:34 2001
--- session.c	Wed Feb 21 11:39:06 2001
***************
*** 1361,1366 ****
--- 1361,1369 ----
  					    "Running %.100s add %.100s %.100s %.100s\n",
  					    options.xauth_location, display,
  					    auth_proto, auth_data);
+ #if 0
+ /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket.
+  *						<appro at fy.chalmers.se> */
  #ifndef HAVE_CYGWIN /* Unix sockets are not supported */
  					if (screen != NULL)
  						fprintf(stderr,
***************
*** 1368,1373 ****
--- 1371,1377 ----
  						    (int)(screen-display), display,
  						    screen, auth_proto, auth_data);
  #endif
+ #endif
  				}
  				snprintf(cmd, sizeof cmd, "%s -q -",
  				    options.xauth_location);
***************
*** 1375,1380 ****
--- 1379,1387 ----
  				if (f) {
  					fprintf(f, "add %s %s %s\n", display,
  					    auth_proto, auth_data);
+ #if 0
+ /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket.
+  *						<appro at fy.chalmers.se> */
  #ifndef HAVE_CYGWIN /* Unix sockets are not supported */
  					if (screen != NULL)
  						fprintf(f, "add %.*s/unix%s %s %s\n",
***************
*** 1381,1386 ****
--- 1388,1394 ----
  						    (int)(screen-display), display,
  						    screen, auth_proto, auth_data);
  #endif
+ #endif
  					pclose(f);
  				} else {
  					fprintf(stderr, "Could not run %s\n",





More information about the openssh-unix-dev mailing list