[PATCH xserver] os: Treat ssh as a non-local client (v2)

Michel Dänzer michel at daenzer.net
Thu Dec 10 18:28:51 PST 2015


From: Adam Jackson <ajax at redhat.com>

By the time we get to ComputeLocalClient, we've already done
NextAvailableClient → ReserveClientIds → DetermineClientCmd (assuming
we're built with #define CLIENTIDS), so we can look up the name of the
client process and refuse to treat ssh's X forwarding as if it were
local.

v2: (Michel Dänzer)
    * Only match "ssh" itself, not other executable names starting with
      that prefix.
    * Ignore executable path for the match.

Signed-off-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Michel Dänzer <michel.daenzer at amd.com>
---
 os/access.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/os/access.c b/os/access.c
index 10a48c3..6ff6977 100644
--- a/os/access.c
+++ b/os/access.c
@@ -101,6 +101,7 @@ SOFTWARE.
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <ctype.h>
+#include <libgen.h>
 
 #ifndef NO_LOCAL_CLIENT_CRED
 #include <pwd.h>
@@ -1081,9 +1082,8 @@ ResetHosts(const char *display)
     }
 }
 
-/* Is client on the local host */
-Bool
-ComputeLocalClient(ClientPtr client)
+static Bool
+xtransLocalClient(ClientPtr client)
 {
     int alen, family, notused;
     Xtransaddr *from = NULL;
@@ -1116,6 +1116,27 @@ ComputeLocalClient(ClientPtr client)
     return FALSE;
 }
 
+/* Is client on the local host */
+Bool
+ComputeLocalClient(ClientPtr client)
+{
+    if (!xtransLocalClient(client))
+        return FALSE;
+
+#ifndef WIN32
+    /* If the executable name is "ssh", consider this client not local */
+    if (client->clientIds->cmdname) {
+        char *cmdname = strdup(client->clientIds->cmdname);
+        Bool ret = strcmp(basename(cmdname), "ssh") != 0;
+
+        free(cmdname);
+        return ret;
+    }
+#endif
+
+    return TRUE;
+}
+
 /*
  * Return the uid and all gids of a connected local client
  * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds
-- 
2.6.2



More information about the xorg-devel mailing list