Support authentication for IPv6 connections

[free-sw/xcb/libxcb] / src / xcb_auth.c

diff --git a/src/xcb_auth.c b/src/xcb_auth.c
index fb1d0d3..586d3aa 100644 (file)
--- a/src/xcb_auth.c
+++ b/src/xcb_auth.c
@@ -37,12 +37,12 @@
 #include "xcb.h"
 #include "xcbint.h"
 
-#ifdef HAS_AUTH_XA1
-#include "xcb_des.h"
+#ifdef HASXDMAUTH
+#include <X11/Xdmcp.h>
 #endif
 
 enum auth_protos {
-#ifdef HAS_AUTH_XA1
+#ifdef HASXDMAUTH
     AUTH_XA1,
 #endif
     AUTH_MC1,
@@ -50,75 +50,12 @@ enum auth_protos {
 };
 
 static char *authnames[N_AUTH_PROTOS] = {
-#ifdef HAS_AUTH_XA1
+#ifdef HASXDMAUTH
     "XDM-AUTHORIZATION-1",
 #endif
     "MIT-MAGIC-COOKIE-1",
 };
 
-#ifdef HAS_AUTH_XA1
-
-static int next_nonce(void)
-{
-    static int nonce = 0;
-    static pthread_mutex_t nonce_mutex = PTHREAD_MUTEX_INITIALIZER;
-    int ret;
-    pthread_mutex_lock(&nonce_mutex);
-    ret = nonce++;
-    pthread_mutex_unlock(&nonce_mutex);
-    return ret;
-}
-
-/*
- * This code and the code it calls is taken from libXdmcp,
- * specifically from Wrap.c, Wrap.h, and Wraphelp.c.  The US
- * has changed, thank goodness, and it should be OK to bury
- * DES code in an open source product without a maze of
- * twisty wrapper functions stored offshore.  Or maybe
- * not. --Bart Massey 2003/11/5
- */
-
-static void
-Wrap (
-    des_cblock         input,
-    des_cblock          key,
-    des_cblock          output,
-    int                        bytes)
-{
-    int                        i, j;
-    int                        len;
-    des_cblock          tmp;
-    des_cblock          expand_key;
-    des_key_schedule   schedule;
-
-    XCBDESKeyToOddParity (key, expand_key);
-    XCBDESKeySchedule (expand_key, schedule);
-    for (j = 0; j < bytes; j += 8)
-    {
-       len = 8;
-       if (bytes - j < len)
-           len = bytes - j;
-       /* block chaining */
-       for (i = 0; i < len; i++)
-       {
-           if (j == 0)
-               tmp[i] = input[i];
-           else
-               tmp[i] = input[j + i] ^ output[j - 8 + i];
-       }
-       for (; i < 8; i++)
-       {
-           if (j == 0)
-               tmp[i] = 0;
-           else
-               tmp[i] = 0 ^ output[j - 8 + i];
-       }
-       XCBDESEncrypt (tmp, (output + j), schedule, 1);
-    }
-}
-
-#endif
-
 static size_t memdup(char **dst, void *src, size_t len)
 {
     if(len)
@@ -140,11 +77,19 @@ static int authname_match(enum auth_protos kind, char *name, int namelen)
     return 1;
 }
 
+static void *_xcb_memrchr(const void *s, int c, size_t n)
+{
+    for(s = (char *) s + n - 1; n--; s = (char *) s - 1)
+        if(*(char *)s == (char)c)
+            return (void *) s;
+    return 0;
+}
+
 static Xauth *get_authptr(struct sockaddr *sockname, unsigned int socknamelen)
 {
     char *addr = 0;
     int addrlen = 0;
-    unsigned short family;
+    unsigned short family, port = 0;
     char hostnamebuf[256];   /* big enough for max hostname */
     char dispbuf[40];   /* big enough to hold more than 2^64 base 10 */
     char *display;
@@ -152,34 +97,47 @@ static Xauth *get_authptr(struct sockaddr *sockname, unsigned int socknamelen)
     int i;
 
     family = FamilyLocal; /* 256 */
-    switch (sockname->sa_family) {
+    switch(sockname->sa_family)
+    {
+    case AF_INET6:
+        addr = (char *) &((struct sockaddr_in6 *)sockname)->sin6_addr;
+        addrlen = sizeof(((struct sockaddr_in6 *)sockname)->sin6_addr);
+        port = ((struct sockaddr_in6 *)sockname)->sin6_port;
+        if(!IN6_IS_ADDR_V4MAPPED(addr))
+        {
+            if(!IN6_IS_ADDR_LOOPBACK(addr))
+                family = XCB_FAMILY_INTERNET_6;
+            break;
+        }
+        addr += 12;
+        /* if v4-mapped, fall through. */
     case AF_INET:
-       /*block*/ {
-             struct sockaddr_in *si = (struct sockaddr_in *) sockname;
-            assert(sizeof(*si) == socknamelen);
-            addr = (char *) &si->sin_addr;
-            addrlen = 4;
-            if (ntohl(si->sin_addr.s_addr) != 0x7f000001)
-                family = FamilyInternet; /* 0 */
-            snprintf(dispbuf, sizeof(dispbuf), "%d", ntohs(si->sin_port) - X_TCP_PORT);
-            display = dispbuf;
+        if(!addr)
+        {
+            addr = (char *) &((struct sockaddr_in *)sockname)->sin_addr;
+            port = ((struct sockaddr_in *)sockname)->sin_port;
         }
-       break;
+        addrlen = sizeof(((struct sockaddr_in *)sockname)->sin_addr);
+        if(*(in_addr_t *) addr != htonl(INADDR_LOOPBACK))
+            family = XCB_FAMILY_INTERNET;
+        break;
     case AF_UNIX:
-       /*block*/ { 
-           struct sockaddr_un *su = (struct sockaddr_un *) sockname;
-           char *sockbuf = (char *) sockname;
-           assert(sizeof(*su) >= socknamelen);
-           sockbuf[socknamelen] = 0;   /* null-terminate path */
-           display = strrchr(su->sun_path, 'X');
-           if (display == 0)
-               return 0;   /* sockname is mangled somehow */
-           display++;
-       }
-       break;
+        display = _xcb_memrchr(((struct sockaddr_un *) sockname)->sun_path, 'X',
+                               socknamelen);
+        if(!display)
+            return 0;   /* sockname is mangled somehow */
+        display++;
+        break;
     default:
         return 0;   /* cannot authenticate this family */
     }
+
+    if(port)
+    {
+        snprintf(dispbuf, sizeof(dispbuf), "%hu", ntohs(port) - X_TCP_PORT);
+        display = dispbuf;
+    }
+
     if (family == FamilyLocal) {
         if (gethostname(hostnamebuf, sizeof(hostnamebuf)) == -1)
             return 0;   /* do not know own hostname */
@@ -195,14 +153,25 @@ static Xauth *get_authptr(struct sockaddr *sockname, unsigned int socknamelen)
                                  N_AUTH_PROTOS, authnames, authnamelens);
 }
 
-#ifdef HAS_AUTH_XA1
+#ifdef HASXDMAUTH
+static int next_nonce(void)
+{
+    static int nonce = 0;
+    static pthread_mutex_t nonce_mutex = PTHREAD_MUTEX_INITIALIZER;
+    int ret;
+    pthread_mutex_lock(&nonce_mutex);
+    ret = nonce++;
+    pthread_mutex_unlock(&nonce_mutex);
+    return ret;
+}
+
 static void do_append(char *buf, int *idxp, void *val, size_t valsize) {
     memcpy(buf + *idxp, val, valsize);
     *idxp += valsize;
 }
 #endif
      
-static int compute_auth(XCBAuthInfo *info, Xauth *authptr, struct sockaddr *sockname)
+static int compute_auth(xcb_auth_info_t *info, Xauth *authptr, struct sockaddr *sockname)
 {
     if (authname_match(AUTH_MC1, authptr->name, authptr->name_length)) {
         info->datalen = memdup(&info->data, authptr->data, authptr->data_length);
@@ -210,8 +179,8 @@ static int compute_auth(XCBAuthInfo *info, Xauth *authptr, struct sockaddr *sock
             return 0;
         return 1;
     }
-#ifdef HAS_AUTH_XA1
-#define APPEND(buf,idx,val) do_append((buf),&(idx),(val),sizeof(val))
+#ifdef HASXDMAUTH
+#define APPEND(buf,idx,val) do_append((buf),&(idx),&(val),sizeof(val))
     if (authname_match(AUTH_XA1, authptr->name, authptr->name_length)) {
        int j;
 
@@ -251,7 +220,7 @@ static int compute_auth(XCBAuthInfo *info, Xauth *authptr, struct sockaddr *sock
        while (j < 192 / 8)
            info->data[j++] = 0;
        info->datalen = j;
-       Wrap (info->data, authptr->data + 8, info->data, info->datalen);
+       XdmcpWrap ((unsigned char *) info->data, (unsigned char *) authptr->data + 8, (unsigned char *) info->data, info->datalen);
        return 1;
     }
 #undef APPEND
@@ -260,7 +229,7 @@ static int compute_auth(XCBAuthInfo *info, Xauth *authptr, struct sockaddr *sock
     return 0;   /* Unknown authorization type */
 }
 
-int XCBGetAuthInfo(int fd, XCBAuthInfo *info)
+int _xcb_get_auth_info(int fd, xcb_auth_info_t *info)
 {
     /* code adapted from Xlib/ConnDis.c, xtrans/Xtranssocket.c,
        xtrans/Xtransutils.c */