Independent Submission Jeffrey Altman Internet-Draft Peter Runestig
Columbia University
draft-altman-telnet-fwdx-02.txt March 31 2000
Telnet Forwarding of X Window System Session Data
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference mate-
rial or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
0. Abstract
This Internet-Draft describes a mechanism via which X Window System
client applications to which a telnet session has been established may
have their communications with the X Windows Server forwarded via the
Telnet communications channel. This is desireable when the Telnet
session is established through a Firewall or Network Address Translator
which does not allow arbitrary connections to be created from the host
machine to the client machine; or when the Telnet session is using an
authenticated and encrypted channel and that same security is desired
for the X Window System session data. X Window System client are
authorized by the tunnel using X Display access control data.
1. Command Names and Codes
FORWARD_X 49 (assigned by IANA)
Sub-option Commands
FWDX_SCREEN 0
FWDX_OPEN 1
FWDX_CLOSE 2
FWDX_DATA 3
FWDX_OPTIONS 4
FWDX_OPT_DATA 5
FWDX_XOFF 6
FWDX_XON 7
Sub-option Options
FWDX_OPT_NONE 0
FWDX_OPT_NONE_MASK 0
2. Command Meanings
IAC WILL FORWARD_X
The server side of the connection sends this command to indicate
that it is willing to send and receive X Window System session data
via the telnet connection. The client must not send this command.
IAC DO FORWARD_X
The client side of the connection sends this command to indicate
that it is willing to send and receive X Window System session data
via the telnet connection. The server must not send this command.
IAC WONT FORWARD_X
The server side of the connection sends this command to indicate
that it is not willing or able to send and receive X Window System
session data via the telnet connection. If the client receives
IAC DO FORWARD_X it must respond with IAC WONT FORWARD_X.
IAC DONT FORWARD_X
The client side of the connection sends this command to indicate
that it is not willing or able to send and receive X Window System
session data via the telnet connection. If the server receives
IAC WILL FORWARD_X it must respond with IAC DONT FORWARD_X.
IAC SB FORWARD_X FWDX_SCREEN <screen> IAC SE
The client side of the connection sends this command to the server
to indicate to the server the screen (or monitor) number being used
by the local X Window System server. <screen> is a single octet with
legal values of 0 to 255. The screen number is to be used by the
server when constructing the DISPLAY environment variable to be used
on the host.
The server side of the connection must not send this command.
IAC SB FORWARD_X FWDX_OPEN <channel> IAC SE
The server side of the connection sends this command to the client
to indicate that a new X Window System session is being started and that
a new channel should be allocated. <channel> is two octets in network
byte order.
The client side of the connection must not send this command.
IAC SB FORWARD_X FWDX_CLOSE <channel> IAC SE
Either side of the connection sends this command to indicate to the
other that the channel has been terminated and that the associated
resources should be freed. <channel> is two octets in network byte
order.
IAC SB FORWARD_X FWDX_DATA <channel> <data> IAC SE
Either side of the connections sends this command to the other to
forward X Window System session data across the Telnet connection.
<channel> is two octets in network byte order. <data> is an arbitrary
length stream of bytes. All occurances of 0xFF in the data stream must
be doubled to avoid confusion with telnet commands.
IAC SB FORWARD_X FWDX_OPTIONS <bitmask-bytes> IAC SE
The server sends this command to the client to specify the list of
options which are supported by the server. The client responds with
this command to indicate the subset of the specified options that
are to be used. The client must respond with the same number of bytes
as are provided by the server. If no options are supported by the
server, then a single zero byte is to be sent. The eight bit of each
byte must be zero.
IAC SB FORWARD_X FWDX_OPT_DATA <option> <option-data> IAC SE
This command is used to communicate data specific to an option
negotiated by the client and server. The command may be sent
in either direction. <option> is a byte containing the option
number (not the option mask). The format of the <option-data>
is specific to the option and cannot be specified in this
document.
IAC SB FORWARD_X FWDX_XOFF <channel> IAC SE
This command is sent by the telnet server to the telnet client
when the specified channel is no longer writeable. When the
client receives this command is must immediately stop reading
data from the X Server.
IAC SB FORWARD_X FWDX_XON <channel> IAC SE
This command is sent by the telnet server to the telnet client
when the specified channel becomes writeable. This command
must only be sent if a FWDX_XOFF command has previously be
been sent without a matching FWDX_ON command.
3. Option Meanings
FWDX_OPT_NONE 0
FWDX_OPT_NONE_MASK 0
No options are supported by the server or client.
4. Default Specification
The default specification for this option is
WONT FORWARD_X
DONT FORWARD_X
meaning there will not be any forwarding of X Window System session data.
5. Motivation
Firewalls and Network Address Translators sometimes make it impossible for
X Window System clients to connect to the local X Window System server. In
these situations it is necessary to have a method to forward (or tunnel)
the data along a connection which is already established.
When Telnet Authentication and Encryption or Telnet over TLS are in use it
is desireable to afford the same level of protection to the X Window System
session data that is afforded to the Telnet session data.
This option provides a mechanism for using the Telnet connection as a
tunnel which then applies its own level of security to the X Window System
sessions.
6. Implementation Rules
WILL and DO are negotiated only at the beginning of the Telnet session to
obtain and grant permission for future FORWARD_X sub-negotiations. After
WILL and DO are exchanged the client must send a FWDX_SCREEN negotiation
so the server may establish the appropriate DISPLAY environment variable.
After receipt of FWDX_SCREEN the server will define a DISPLAY variable on
the host which shall cause all future X Window System sessions created
within that Telnet session to be redirected to the Telnet server. This
DISPLAY variable must point to a socket or other mechanism via which the
Telnet Server will be able to listen for new X Window System sessions.
The Telnet Server will also create a temporary .Xauthority file containing
entries for each of the X Authority types (MIT-MAGIC-COOKIE-1,
XDM-AUTHORIZATION-1, SUN-DES-1, MIT-KERBEROS-5) that it will accept for
X Windows System client authorization.
Whenever the server accepts a new X Window System session it allocates a
new channel and sends a FWDX_OPEN negotiation to the client. The client
allocates any necessary resources for the support of the channel and opens
a local connection to the X Window System Server specified by the local
environment.
The client will then open the X Windows System display on its local system
using the local X Authority data for authorization (if it is available.)
If the client is unable to open the display, it sends a FWDX_CLOSE to the
server.
The server when receiving the initial message from X Windows System client
will parse it for byte order and any specified X Authority data. If no
X Authority data is provided or if the X Authority data is invalid, an
X Authority error message will be sent to the X Windows System client and
the connection will be closed. A FWDX_CLOSE message will be sent to the
client.
If authorization is provided, the server will (using the designated byte
ordering for this session) replace the initial X Authority data from the
X Windows System client with null data and forward the data to the client.
From this point forward all data read by the server from the X Window
System clients or from the X Windows Server by the client are forwarded to
the peer via the use of a FWDX_DATA negotiation.
When the X Window System client closes the connection the server will send a
FWDX_CLOSE negotiation to the client. If the X Window System Server closes
the connection the client with send a FWDX_CLOSE to the server.
The Telnet server should not allocate X Window System display number 0 but
instead should leave it available for the local X Window System server on
the same machine.
The Telnet client should not negotiation FORWARD_X if it does not have a
local X Window System server available.
FORWARD_X takes precedence over Telnet X-Display Location and the DISPLAY
variable transmitted via Telnet Environment. If FORWARD_X has been
negotiated prior to the receipt of other display information, this
subsequent information must be ignored.
FORWARD_X must not be negotiated over an insecure connection. If Telnet
AUTH and ENCRYPT or START_TLS are not in use, FORWARD_X must be refused
by both the client and server.
Any Telnet server implementing FORWARD_X must implement at least one
of the X display access control (XAUTH) methods. A failure to implement
access control on the server creates a serious security vulnerability
openning the X Windows Server on the client's machine to attack.
FORWARD_X is designed as an extensible protocol with the intention of
adding support for the caching and compression of X Windows System
messages. FORWARD_X options are negotiated using the FWDX_OPTIONS
messages. Each option is to be given its own bit value. As many bytes
of bit mask data as are needed to represent the options may be allocated
with one restriction: the 8th bit of each byte may not be assigned.
The Telnet server must be able to handle a suspended X client. When an
X Client is suspended it will not read data from its data input. In this
situation the data path from the Telnet server to the X client will
eventually become blocked. The Telnet Server must ensure that no data
is lost and that all other Forward X channels as well as normal telnet
session processing continue. The FWDX_XOFF and FWDX_XON commands provide
the ability for the telnet server to implement flow control for each
channel on an individual basis.
7. Example
Initial negotiations
S: IAC WILL FORWARD_X
C: IAC DO FORWARD_X
Server and client have agreed to negotiate FORWARD_X
S: IAC SB FORWARD_X FWDX_OPTIONS 00 IAC SE
C: IAC SB FORWARD_X FWDX_OPTIONS 00 IAC SE
Server and client agree that no Forward X options are to be used.
C: IAC SB FORWARD_X FWDX_SCREEN 00 IAC SE
Server established a listen socket on port 6001 (display 1) and puts an
DISPLAY=<ip-address>:<display>.<screen> (i.e. 127.0.0.1:1.0) variable into
the local environment.
The server receives a connection from an X Window System client and allocates
channel 0:
S: IAC SB FORWARD_X FWDX_OPEN 00 00 IAC SE
Client creates connection to local X Window System server.
Server receives data to send from X Window System client to X Window System server.
S: IAC SB FORWARD_X FWDX_DATA 00 00 <data> IAC SE
X Window System server replies:
C: IAC SB FORWARD_X FWDX_DATA 00 00 <data> IAC SE
X Window System client closes the connection:
S: IAC SB FORWARD_X FWDX_CLOSE 00 00 IAC SE
8. Security Considerations
Although FORWARD_X is independent of Telnet Authentication and Encryption, and
Telnet over TLS, the use of FORWARD_X without the use of Telnet Authentication
and Encryption or Telnet over TLS (or other integrity protection) creates a
security hole. Therefore, FORWARD_X MUST NOT be negotiated if neither
Telnet over TLS nor Telnet Encryption are successfully negotiated and in
use.
9. IANA Considerations
IANA is the responsible for assigning all FORWARD_X option numbers. These
numbers are to be assigned sequentially.
FORWARD_X options have valid values of 1 to 255 so that they can be
represented in a single byte in the FWDX_OPT_DATA message. Each option
is assigned both an option value and a bitmask for use in the FWDX_OPTIONS
negotiation.
As there are no options defined as the present time an example of the
mechanism is provided. Assume we define options ONE, FIVE and EIGHT.
FWDX_OPT_ONE 1
FWDX_OPT_ONE_MASK 1 /* Byte 1 of FWDX_OPTIONS */
FWDX_OPT_FIVE 5
FWDX_OPT_FIVE_MASK 16 /* Byte 1 of FWDX_OPTIONS */
FWDX_OPT_EIGHT 8
FWDX_OPT_EIGHT_MASK 1 /* Byte 2 of FWDX_OPTIONS */
10. References
X Windows System X Protocol documentation
ftp://ftp.x.org/pub/R6.4/xc/doc/hardcopy/XProtocol/proto.PS.gz
Authors' Addresses
Jeffrey Altman
Columbia University
Watson Hall Room 716
612 West 115th Street
New York NY 10025
Phone: +1 (212) 854-1344
EMail: jaltman@columbia.edu
Peter Runestig
Orsangesvagen 83
821 50 Bollnas
Sweden
Phone: +46-278-35777
EMail: peter@runestig.com
Mailing List: telnet-wg@bsdi.com
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org