From beb95c70207ee00310c40d9d667793bbb088d531 Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 21 Sep 2018 12:46:22 +0000 Subject: [PATCH] Allow ssh_config ForwardX11Timeout=0 to disable the timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ --- usr.bin/ssh/clientloop.c | 43 ++++++++++++++++++++++++++-------------- usr.bin/ssh/ssh_config.5 | 6 +++++- 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 8794874b0d5..9399d431472 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -271,7 +271,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, const char *xauth_path, u_int trusted, u_int timeout, char **_proto, char **_data) { - char cmd[1024], line[512], xdisplay[512]; + char *cmd, line[512], xdisplay[512]; char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; static char proto[512], data[512]; FILE *f; @@ -335,19 +335,30 @@ client_x11_get_proto(struct ssh *ssh, const char *display, return -1; } - if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) - x11_timeout_real = UINT_MAX; - else - x11_timeout_real = timeout + X11_TIMEOUT_SLACK; - if ((r = snprintf(cmd, sizeof(cmd), - "%s -f %s generate %s " SSH_X11_PROTO - " untrusted timeout %u 2>" _PATH_DEVNULL, - xauth_path, xauthfile, display, - x11_timeout_real)) < 0 || - (size_t)r >= sizeof(cmd)) - fatal("%s: cmd too long", __func__); + if (timeout == 0) { + /* auth doesn't time out */ + xasprintf(&cmd, "%s -f %s generate %s %s " + "untrusted 2>%s", + xauth_path, xauthfile, display, + SSH_X11_PROTO, _PATH_DEVNULL); + } else { + /* Add some slack to requested expiry */ + if (timeout < UINT_MAX - X11_TIMEOUT_SLACK) + x11_timeout_real = timeout + + X11_TIMEOUT_SLACK; + else { + /* Don't overflow on long timeouts */ + x11_timeout_real = UINT_MAX; + } + xasprintf(&cmd, "%s -f %s generate %s %s " + "untrusted timeout %u 2>%s", + xauth_path, xauthfile, display, + SSH_X11_PROTO, x11_timeout_real, + _PATH_DEVNULL); + } debug2("%s: %s", __func__, cmd); - if (x11_refuse_time == 0) { + + if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; if (UINT_MAX - timeout < now) x11_refuse_time = UINT_MAX; @@ -358,6 +369,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, } if (system(cmd) == 0) generated = 1; + free(cmd); } /* @@ -366,7 +378,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, * above. */ if (trusted || generated) { - snprintf(cmd, sizeof(cmd), + xasprintf(&cmd, "%s %s%s list %s 2>" _PATH_DEVNULL, xauth_path, generated ? "-f " : "" , @@ -379,6 +391,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, got_data = 1; if (f) pclose(f); + free(cmd); } } diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 1bf183449f6..a6b41eb6cb6 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.284 2018/09/21 03:11:36 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $ .Dd $Mdocdate: September 21 2018 $ .Dt SSH_CONFIG 5 .Os @@ -686,6 +686,10 @@ section of X11 connections received by .Xr ssh 1 after this time will be refused. +Setting +.Cm ForwardX11Timeout +to zero will disable the timeout and permit X11 forwarding for the life +of the connection. The default is to disable untrusted X11 forwarding after twenty minutes has elapsed. .It Cm ForwardX11Trusted -- 2.20.1