Hi,
This also has been discussed in SSHSCI's SSH context. All SSH versions
(both SSHSCI and OpenSSH) derive value for DISPLAY variable from
`uname -n`. The problem is that the returned value is not necessarily
resolvable to a valid IP number which in turn might cause a failure.
To make it fool-proof I suggest to set DISPLAY to the interface's
address the user has reached the system in question through. Yes, one
can argue that it might "break" 'xauth add hostname/unix:10.0
...'
thing... Well, but let's wonder what's the meaning for 'xauth add
hostname/unix:10.0 ...'... And the answer is "it's
meaningless"! It's
redundant as ssh server never listens for X11 connections on UNIX socket.
Therefore a patch (relative to OpenSSH 2.5.1p1) is suggested.
Cheers. Andy.
*** channels.c.orig Fri Feb 16 16:56:31 2001
--- channels.c Wed Feb 21 11:49:06 2001
***************
*** 1909,1915 ****
char *
x11_create_display_inet(int screen_number, int x11_display_offset)
{
! int display_number, sock;
u_short port;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
--- 1909,1915 ----
char *
x11_create_display_inet(int screen_number, int x11_display_offset)
{
! int display_number, sock=-1;
u_short port;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
***************
*** 1987,1992 ****
--- 1987,1997 ----
}
/* Set up a suitable value for the DISPLAY variable. */
+ #if 0
+ /*
+ * well, gethostname doesn't necessarily resolve to an address
+ * so I do something completely different. <appro at fy.chalmers.se>
+ */
if (gethostname(hostname, sizeof(hostname)) < 0)
fatal("gethostname: %.100s", strerror(errno));
***************
*** 2029,2034 ****
--- 2034,2070 ----
display_number, screen_number);
#endif /* IPADDR_IN_DISPLAY */
+ #else
+ /* and now something completely different:-) <appro at fy.chalmers.se>
*/
+ {
+ struct sockaddr_in me;
+ socklen_t melen = sizeof(me);
+ struct hostent *he;
+
+ if (getsockname(packet_get_connection_in(),
+ (struct sockaddr *)&me, &melen) != 0
+ || me.sin_family != AF_INET) {
+ error("[X11-broken-fwd] Unable to getsockname or unsupported protocol
family");
+ packet_send_debug("[X11-broken-fwd] Unable to getsockname or
unsupported protocol family");
+
+ shutdown(sock, SHUT_RDWR);
+ close(sock);
+
+ return NULL;
+ }
+
+ #ifndef IPADDR_IN_DISPLAY
+ if ((he = gethostbyaddr ((void *)&me.sin_addr,
+ sizeof(me.sin_addr),AF_INET)) != NULL)
+ snprintf (display, sizeof(display),"%.400s:%d.%d",
+ he->h_name, display_number, screen_number);
+ else
+ #endif
+ snprintf(display, sizeof(display), "%.50s:%d.%d",
+ inet_ntoa(me.sin_addr), display_number, screen_number);
+ }
+ #endif
+
/* Allocate a channel for each socket. */
for (n = 0; n < num_socks; n++) {
sock = socks[n];
*** session.c.orig Sun Feb 18 20:13:34 2001
--- session.c Wed Feb 21 11:39:06 2001
***************
*** 1361,1366 ****
--- 1361,1369 ----
"Running %.100s add %.100s %.100s %.100s\n",
options.xauth_location, display,
auth_proto, auth_data);
+ #if 0
+ /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket.
+ * <appro at fy.chalmers.se> */
#ifndef HAVE_CYGWIN /* Unix sockets are not supported */
if (screen != NULL)
fprintf(stderr,
***************
*** 1368,1373 ****
--- 1371,1377 ----
(int)(screen-display), display,
screen, auth_proto, auth_data);
#endif
+ #endif
}
snprintf(cmd, sizeof cmd, "%s -q -",
options.xauth_location);
***************
*** 1375,1380 ****
--- 1379,1387 ----
if (f) {
fprintf(f, "add %s %s %s\n", display,
auth_proto, auth_data);
+ #if 0
+ /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket.
+ * <appro at fy.chalmers.se> */
#ifndef HAVE_CYGWIN /* Unix sockets are not supported */
if (screen != NULL)
fprintf(f, "add %.*s/unix%s %s %s\n",
***************
*** 1381,1386 ****
--- 1388,1394 ----
(int)(screen-display), display,
screen, auth_proto, auth_data);
#endif
+ #endif
pclose(f);
} else {
fprintf(stderr, "Could not run %s\n",