#include "xcb.h"
#include "xcbint.h"
-#ifdef HAS_AUTH_XA1
-#include "xcb_des.h"
+#ifdef HASXDMAUTH
+#include <X11/Xdmcp.h>
#endif
enum auth_protos {
-#ifdef HAS_AUTH_XA1
+#ifdef HASXDMAUTH
AUTH_XA1,
#endif
AUTH_MC1,
};
static char *authnames[N_AUTH_PROTOS] = {
-#ifdef HAS_AUTH_XA1
+#ifdef HASXDMAUTH
"XDM-AUTHORIZATION-1",
#endif
"MIT-MAGIC-COOKIE-1",
};
-#ifdef HAS_AUTH_XA1
-
-static int next_nonce(void)
-{
- static int nonce = 0;
- static pthread_mutex_t nonce_mutex = PTHREAD_MUTEX_INITIALIZER;
- int ret;
- pthread_mutex_lock(&nonce_mutex);
- ret = nonce++;
- pthread_mutex_unlock(&nonce_mutex);
- return ret;
-}
-
-/*
- * This code and the code it calls is taken from libXdmcp,
- * specifically from Wrap.c, Wrap.h, and Wraphelp.c. The US
- * has changed, thank goodness, and it should be OK to bury
- * DES code in an open source product without a maze of
- * twisty wrapper functions stored offshore. Or maybe
- * not. --Bart Massey 2003/11/5
- */
-
-static void
-Wrap (
- des_cblock input,
- des_cblock key,
- des_cblock output,
- int bytes)
-{
- int i, j;
- int len;
- des_cblock tmp;
- des_cblock expand_key;
- des_key_schedule schedule;
-
- XCBDESKeyToOddParity (key, expand_key);
- XCBDESKeySchedule (expand_key, schedule);
- for (j = 0; j < bytes; j += 8)
- {
- len = 8;
- if (bytes - j < len)
- len = bytes - j;
- /* block chaining */
- for (i = 0; i < len; i++)
- {
- if (j == 0)
- tmp[i] = input[i];
- else
- tmp[i] = input[j + i] ^ output[j - 8 + i];
- }
- for (; i < 8; i++)
- {
- if (j == 0)
- tmp[i] = 0;
- else
- tmp[i] = 0 ^ output[j - 8 + i];
- }
- XCBDESEncrypt (tmp, (output + j), schedule, 1);
- }
-}
-
-#endif
-
static size_t memdup(char **dst, void *src, size_t len)
{
if(len)
return 1;
}
-static Xauth *get_authptr(struct sockaddr *sockname, unsigned int socknamelen)
+#define SIN6_ADDR(s) (&((struct sockaddr_in6 *)s)->sin6_addr)
+
+static Xauth *get_authptr(struct sockaddr *sockname, unsigned int socknamelen,
+ int display)
{
char *addr = 0;
int addrlen = 0;
unsigned short family;
char hostnamebuf[256]; /* big enough for max hostname */
char dispbuf[40]; /* big enough to hold more than 2^64 base 10 */
- char *display;
int authnamelens[N_AUTH_PROTOS];
int i;
family = FamilyLocal; /* 256 */
- switch (sockname->sa_family) {
- case AF_INET:
- /*block*/ {
- struct sockaddr_in *si = (struct sockaddr_in *) sockname;
- assert(sizeof(*si) == socknamelen);
- addr = (char *) &si->sin_addr;
- addrlen = 4;
- if (ntohl(si->sin_addr.s_addr) != 0x7f000001)
- family = FamilyInternet; /* 0 */
- snprintf(dispbuf, sizeof(dispbuf), "%d", ntohs(si->sin_port) - X_TCP_PORT);
- display = dispbuf;
+ switch(sockname->sa_family)
+ {
+#ifdef AF_INET6
+ case AF_INET6:
+ addr = (char *) SIN6_ADDR(sockname);
+ addrlen = sizeof(*SIN6_ADDR(sockname));
+ if(!IN6_IS_ADDR_V4MAPPED(SIN6_ADDR(sockname)))
+ {
+ if(!IN6_IS_ADDR_LOOPBACK(SIN6_ADDR(sockname)))
+ family = XCB_FAMILY_INTERNET_6;
+ break;
}
- break;
+ addr += 12;
+ /* if v4-mapped, fall through. */
+#endif
+ case AF_INET:
+ if(!addr)
+ addr = (char *) &((struct sockaddr_in *)sockname)->sin_addr;
+ addrlen = sizeof(((struct sockaddr_in *)sockname)->sin_addr);
+ if(*(in_addr_t *) addr != htonl(INADDR_LOOPBACK))
+ family = XCB_FAMILY_INTERNET;
+ break;
case AF_UNIX:
- /*block*/ {
- struct sockaddr_un *su = (struct sockaddr_un *) sockname;
- char *sockbuf = (char *) sockname;
- assert(sizeof(*su) >= socknamelen);
- sockbuf[socknamelen] = 0; /* null-terminate path */
- display = strrchr(su->sun_path, 'X');
- if (display == 0)
- return 0; /* sockname is mangled somehow */
- display++;
- }
- break;
+ break;
default:
return 0; /* cannot authenticate this family */
}
+
+ snprintf(dispbuf, sizeof(dispbuf), "%d", display);
+
if (family == FamilyLocal) {
if (gethostname(hostnamebuf, sizeof(hostnamebuf)) == -1)
return 0; /* do not know own hostname */
authnamelens[i] = strlen(authnames[i]);
return XauGetBestAuthByAddr (family,
(unsigned short) addrlen, addr,
- (unsigned short) strlen(display), display,
+ (unsigned short) strlen(dispbuf), dispbuf,
N_AUTH_PROTOS, authnames, authnamelens);
}
-#ifdef HAS_AUTH_XA1
+#ifdef HASXDMAUTH
+static int next_nonce(void)
+{
+ static int nonce = 0;
+ static pthread_mutex_t nonce_mutex = PTHREAD_MUTEX_INITIALIZER;
+ int ret;
+ pthread_mutex_lock(&nonce_mutex);
+ ret = nonce++;
+ pthread_mutex_unlock(&nonce_mutex);
+ return ret;
+}
+
static void do_append(char *buf, int *idxp, void *val, size_t valsize) {
memcpy(buf + *idxp, val, valsize);
*idxp += valsize;
}
#endif
-static int compute_auth(XCBAuthInfo *info, Xauth *authptr, struct sockaddr *sockname)
+static int compute_auth(xcb_auth_info_t *info, Xauth *authptr, struct sockaddr *sockname)
{
if (authname_match(AUTH_MC1, authptr->name, authptr->name_length)) {
info->datalen = memdup(&info->data, authptr->data, authptr->data_length);
return 0;
return 1;
}
-#ifdef HAS_AUTH_XA1
-#define APPEND(buf,idx,val) do_append((buf),&(idx),(val),sizeof(val))
+#ifdef HASXDMAUTH
+#define APPEND(buf,idx,val) do_append((buf),&(idx),&(val),sizeof(val))
if (authname_match(AUTH_XA1, authptr->name, authptr->name_length)) {
int j;
APPEND(info->data, j, si->sin_port);
}
break;
+#ifdef AF_INET6
+ case AF_INET6:
+ /*block*/ {
+ struct sockaddr_in6 *si6 = (struct sockaddr_in6 *) sockname;
+ if(IN6_IS_ADDR_V4MAPPED(SIN6_ADDR(sockname)))
+ {
+ APPEND(info->data, j, si6->sin6_addr.s6_addr[12]);
+ APPEND(info->data, j, si6->sin6_port);
+ }
+ else
+ {
+ /* XDM-AUTHORIZATION-1 does not handle IPv6 correctly. Do the
+ same thing Xlib does: use all zeroes for the 4-byte address
+ and 2-byte port number. */
+ uint32_t fakeaddr = 0;
+ uint16_t fakeport = 0;
+ APPEND(info->data, j, fakeaddr);
+ APPEND(info->data, j, fakeport);
+ }
+ }
+ break;
+#endif
case AF_UNIX:
/*block*/ {
- long fakeaddr = htonl(0xffffffff - next_nonce());
- short fakeport = htons(getpid());
+ uint32_t fakeaddr = htonl(0xffffffff - next_nonce());
+ uint16_t fakeport = htons(getpid());
APPEND(info->data, j, fakeaddr);
APPEND(info->data, j, fakeport);
}
return 0; /* do not know how to build this */
}
{
- long now;
- time(&now);
- now = htonl(now);
+ uint32_t now = htonl(time(0));
APPEND(info->data, j, now);
}
assert(j <= 192 / 8);
while (j < 192 / 8)
info->data[j++] = 0;
info->datalen = j;
- Wrap (info->data, authptr->data + 8, info->data, info->datalen);
+ XdmcpWrap ((unsigned char *) info->data, (unsigned char *) authptr->data + 8, (unsigned char *) info->data, info->datalen);
return 1;
}
#undef APPEND
return 0; /* Unknown authorization type */
}
-int XCBGetAuthInfo(int fd, XCBAuthInfo *info)
+int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display)
{
/* code adapted from Xlib/ConnDis.c, xtrans/Xtranssocket.c,
xtrans/Xtransutils.c */
Xauth *authptr = 0;
int ret = 1;
- /* ensure info has reasonable contents */
- /* XXX This should be removed, but Jamey depends on it
- somehow but can't remember how. Principle: don't touch
- someone else's data if you're borken. */
- info->namelen = info->datalen = 0;
- info->name = info->data = 0;
-
if (getpeername(fd, sockname, &socknamelen) == -1)
return 0; /* can only authenticate sockets */
- authptr = get_authptr(sockname, socknamelen);
+ authptr = get_authptr(sockname, socknamelen, display);
if (authptr == 0)
return 0; /* cannot find good auth data */