Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x11 forwarding #9897

Merged
merged 31 commits into from
Feb 4, 2022
Merged
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
6f2dbdc
Add X11 forwarding flag to tsh ssh; Implement basic X11 forwarding cl…
Joerger Nov 9, 2021
47cb206
Implement x11 server.
Joerger Nov 11, 2021
29d64e1
Implement xauth with trusted and untrusted mode; move x11 code to ssh…
Joerger Dec 9, 2021
5b0f5c5
Update x11 forwarding flags and add openssh options.
Joerger Dec 10, 2021
31c3b72
Clean up implementation and add proper comments; reuse new x11 helpers
Joerger Dec 16, 2021
e371a6e
Add x11 server options; handle x11 request failures gracefully; Fix f…
Joerger Dec 16, 2021
9ab5194
Fix x11 forwarding for XQuartz and MobaXTerm.
Joerger Dec 21, 2021
a62ff3d
Update comment for ServerConfig.UseLocalhost.
Joerger Jan 10, 2022
eb766c7
Refactor xauth command logic to make the command run more customizable;
Joerger Jan 11, 2022
c765c11
Update xserver unix listner owner in re-exec block.
Joerger Jan 12, 2022
df9d5e0
Add x11rdy pipe to signal parent process when x11 is set up.
Joerger Jan 19, 2022
26a4e68
Update non-graceful restart TODO comment.
Joerger Jan 20, 2022
fc88b02
Clean up.
Joerger Jan 20, 2022
4dc4f33
Resolve PR comments and apply suggestions;
Joerger Jan 24, 2022
93ff2cb
Fix ForwardX11Timeout functionality;
Joerger Jan 29, 2022
e01d0b3
Add x11-untrusted-timeout flag.
Joerger Jan 29, 2022
1c12e95
Update UX to match updated RFD.
Joerger Jan 31, 2022
07453b7
Fix re-exec chown syscall; Fix sshserver test.
Joerger Jan 31, 2022
dba63c8
Handle X Server listener limit exceeded error.
Joerger Jan 31, 2022
564ae1b
Remove todo.
Joerger Jan 31, 2022
a1a7678
Cleanup.
Joerger Feb 1, 2022
6146215
Fix linter and fileconf tests.
Joerger Feb 2, 2022
8e97f18
Check for EADDRINUSE when opening XServer unix socket.
Joerger Feb 2, 2022
32a6eb3
Address comments.
Joerger Feb 3, 2022
ed31f03
Fix CI error.
Joerger Feb 3, 2022
c028a5f
Make suggested changes.
Joerger Feb 3, 2022
2a53fa2
Continue session when forwarded x11 request denied; Print log to user…
Joerger Feb 4, 2022
2fcafb8
Add debug log.
Joerger Feb 4, 2022
23cf2e0
Add xauth tests; Disable xauth tests unless requested.
Joerger Feb 4, 2022
39be324
Add todo for x11 test improvments.
Joerger Feb 4, 2022
3fcd4a8
Merge branch 'master' into joerger/x11-forwarding
Joerger Feb 4, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Remove todo.
  • Loading branch information
Joerger committed Feb 4, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
commit 564ae1b11121f6689febd9c574dd032a10726a0f
38 changes: 20 additions & 18 deletions lib/srv/ctx.go
Original file line number Diff line number Diff line change
@@ -612,37 +612,26 @@ func (c *ServerContext) GetX11Config() *X11Config {

// OpenXServerListener opens a new XServer unix listener.
func (c *ServerContext) OpenXServerListener(x11Req x11.ForwardRequestPayload, displayOffset, maxDisplays int) error {
c.mu.Lock()
defer c.mu.Unlock()

if c.x11Config != nil {
return trace.AlreadyExists("X11 forwarding is already set up for this session")
}

l, display, err := x11.OpenNewXServerListener(displayOffset, maxDisplays, x11Req.ScreenNumber)
if err != nil {
return trace.Wrap(err)
}

// TODO (Joerger): During a non-graceful shutdown, such as SIGTERM, the Teleport
// process is terminated immediately. Any deferred close statements, such as these
// closers, are not run and we rely on the process to clean up any remaining resources.
//
// However, unlike tcp sockets, unix sockets are not fully cleaned up without an explicit
// all to Close(). The underlying file descriptor will be removed and the socket won't be
// listening, but the bound socket name ("/tmp/.X11-unix/X10" in this case), is not
// cleaned up. Any future calls to net.Listen("/tmp/.X11-unix/X10") will fail unless
// the file is manually removed or the device is restarted.
c.closers = append(c.closers, l)
c.x11Config = &X11Config{
err = c.setX11Config(&X11Config{
XServerUnixSocket: l.Addr().String(),
XAuthEntry: &x11.XAuthEntry{
Display: display,
Proto: x11Req.AuthProtocol,
Cookie: x11Req.AuthCookie,
},
})
if err != nil {
l.Close()
return trace.Wrap(err)
}

c.AddCloser(l)

// Prepare X11 channel request payload
originHost, originPort, err := net.SplitHostPort(c.ServerConn.LocalAddr().String())
if err != nil {
@@ -713,6 +702,19 @@ func (c *ServerContext) OpenXServerListener(x11Req x11.ForwardRequestPayload, di
return nil
}

// setX11Config sets X11 config for the session, or returns an error if already set.
func (c *ServerContext) setX11Config(cfg *X11Config) error {
c.mu.Lock()
defer c.mu.Unlock()

if c.x11Config != nil {
return trace.AlreadyExists("X11 forwarding is already set up for this session")
}

c.x11Config = cfg
return nil
}

// x11Ready returns whether the X11 unix listener is ready to accept connections.
func (c *ServerContext) x11Ready() (bool, error) {
// Wait for child process to send signal (1 byte)