[PATCH xserver] os: Treat ssh as a non-local client (v3)

Tue Jan 12 11:40:14 PST 2016

> From: =?UTF-8?Q?Michel_D=c3=a4nzer?= <michel at daenzer.net>
> 
> On 17.12.2015 16:41, Michel Dänzer wrote:
> > From: Adam Jackson <ajax at redhat.com>
> > 
> > By the time we get to ComputeLocalClient, we've already done
> > NextAvailableClient → ReserveClientIds → DetermineClientCmd (assuming
> > we're built with #define CLIENTIDS), so we can look up the name of the
> > client process and refuse to treat ssh's X forwarding as if it were
> > local.
> > 
> > v2: (Michel Dänzer)
> >     * Only match "ssh" itself, not other executable names starting with
> >       that prefix.
> >     * Ignore executable path for the match.
> > v3: (Michel Dänzer)
> >     * Use GetClientCmdName (Mark Kettenis)
> >     * Perform check on Windows as well, but only ignore path on Cygwin
> >       (Martin Peres, Emil Velikov, Jon Turney)
> > 
> > Signed-off-by: Adam Jackson <ajax at redhat.com>
> > Signed-off-by: Michel Dänzer <michel.daenzer at amd.com>
> 
> Martin, Mark, Jon, any other objections? If not, can we get a Reviewed-by?

Must admit I'm not really thrilled by the diff.  SoI'll abstain.

> > ---
> >  os/access.c | 38 +++++++++++++++++++++++++++++++++++---
> >  1 file changed, 35 insertions(+), 3 deletions(-)
> > 
> > diff --git a/os/access.c b/os/access.c
> > index 10a48c3..3ea2e21 100644
> > --- a/os/access.c
> > +++ b/os/access.c
> > @@ -173,6 +173,10 @@ SOFTWARE.
> >  
> >  #endif                          /* WIN32 */
> >  
> > +#if !defined(WIN32) || defined(__CYGWIN__)
> > +#include <libgen.h>
> > +#endif
> > +
> >  #define X_INCLUDE_NETDB_H
> >  #include <X11/Xos_r.h>
> >  
> > @@ -1081,9 +1085,8 @@ ResetHosts(const char *display)
> >      }
> >  }
> >  
> > -/* Is client on the local host */
> > -Bool
> > -ComputeLocalClient(ClientPtr client)
> > +static Bool
> > +xtransLocalClient(ClientPtr client)
> >  {
> >      int alen, family, notused;
> >      Xtransaddr *from = NULL;
> > @@ -1116,6 +1119,35 @@ ComputeLocalClient(ClientPtr client)
> >      return FALSE;
> >  }
> >  
> > +/* Is client on the local host */
> > +Bool
> > +ComputeLocalClient(ClientPtr client)
> > +{
> > +    const char *cmdname = GetClientCmdName(client);
> > +
> > +    if (!xtransLocalClient(client))
> > +        return FALSE;
> > +
> > +    /* If the executable name is "ssh", assume that this client connection
> > +     * is forwarded from another host via SSH
> > +     */
> > +    if (cmdname) {
> > +        Bool ret;
> > +
> > +#if !defined(WIN32) || defined(__CYGWIN__)
> > +        char *cmd = strdup(cmdname);
> > +        ret = strcmp(basename(cmd), "ssh") != 0;
> > +        free(cmd);
> > +#else
> > +        ret = strcmp(cmdname, "ssh") != 0;
> > +#endif
> > +
> > +        return ret;
> > +    }
> > +
> > +    return TRUE;
> > +}
> > +
> >  /*
> >   * Return the uid and all gids of a connected local client
> >   * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds
> > 
> 
> 
> -- 
> Earthling Michel Dänzer               |               http://www.amd.com
> Libre software enthusiast             |             Mesa and X developer
> 