[u/mdw/putty] / x11fwd.c

#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <time.h>

#include "putty.h"
#include "ssh.h"

#define GET_32BIT_LSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0]) | \
  ((unsigned long)(unsigned char)(cp)[1] << 8) | \
  ((unsigned long)(unsigned char)(cp)[2] << 16) | \
  ((unsigned long)(unsigned char)(cp)[3] << 24))

#define PUT_32BIT_LSB_FIRST(cp, value) ( \
  (cp)[0] = (value), \
  (cp)[1] = (value) >> 8, \
  (cp)[2] = (value) >> 16, \
  (cp)[3] = (value) >> 24 )

#define GET_16BIT_LSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0]) | \
  ((unsigned long)(unsigned char)(cp)[1] << 8))

#define PUT_16BIT_LSB_FIRST(cp, value) ( \
  (cp)[0] = (value), \
  (cp)[1] = (value) >> 8 )

#define GET_32BIT_MSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0] << 24) | \
  ((unsigned long)(unsigned char)(cp)[1] << 16) | \
  ((unsigned long)(unsigned char)(cp)[2] << 8) | \
  ((unsigned long)(unsigned char)(cp)[3]))

#define PUT_32BIT_MSB_FIRST(cp, value) ( \
  (cp)[0] = (value) >> 24, \
  (cp)[1] = (value) >> 16, \
  (cp)[2] = (value) >> 8, \
  (cp)[3] = (value) )

#define GET_16BIT_MSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0] << 8) | \
  ((unsigned long)(unsigned char)(cp)[1]))

#define PUT_16BIT_MSB_FIRST(cp, value) ( \
  (cp)[0] = (value) >> 8, \
  (cp)[1] = (value) )

#define GET_16BIT(endian, cp) \
  (endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))

#define PUT_16BIT(endian, cp, val) \
  (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))

const char *const x11_authnames[] = {
    "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1"
};

struct X11Auth {
    unsigned char fakedata[64], realdata[64];
    int fakeproto, realproto;
    int fakelen, reallen;
};

extern void platform_get_x11_auth(char *display, int *proto,
                                  unsigned char *data, int *datalen);

struct X11Private {
    const struct plug_function_table *fn;
    /* the above variable absolutely *must* be the first in this structure */
    unsigned char firstpkt[12];	       /* first X data packet */
    struct X11Auth *auth;
    char *auth_protocol;
    unsigned char *auth_data;
    int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
    int verified;
    int throttled, throttle_override;
    void *c;			       /* data used by ssh.c */
    Socket s;
};

void *x11_invent_auth(char *proto, int protomaxlen,
		     char *data, int datamaxlen)
{
    struct X11Auth *auth = smalloc(sizeof(struct X11Auth));
    char ourdata[64];
    int i;

    auth->fakeproto = X11_MIT;

    /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
    auth->fakelen = 16;
    for (i = 0; i < 16; i++)
	auth->fakedata[i] = random_byte();

    /* Now format for the recipient. */
    strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen);
    ourdata[0] = '\0';
    for (i = 0; i < auth->fakelen; i++)
	sprintf(ourdata + strlen(ourdata), "%02x", auth->fakedata[i]);
    strncpy(data, ourdata, datamaxlen);

    return auth;
}

/*
 * Fetch the real auth data for a given display string, and store
 * it in an X11Auth structure. Returns NULL on success, or an error
 * string.
 */
void x11_get_real_auth(void *authv, char *display)
{
    struct X11Auth *auth = (struct X11Auth *)authv;

    auth->realproto = X11_NO_AUTH;     /* in case next call does nothing */

    auth->reallen = sizeof(auth->realdata);
    platform_get_x11_auth(display, &auth->realproto,
                          auth->realdata, &auth->reallen);
}

static int x11_verify(struct X11Auth *auth,
		      char *proto, unsigned char *data, int dlen)
{
    if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
	return 0;		       /* wrong protocol attempted */
    if (auth->fakeproto == X11_MIT) {
        if (dlen != auth->fakelen)
            return 0;		       /* cookie was wrong length */
        if (memcmp(auth->fakedata, data, dlen) != 0)
            return 0;		       /* cookie was wrong cookie! */
    }
    /* implement other protocols here if ever required */
    return 1;
}

static int x11_closing(Plug plug, char *error_msg, int error_code,
		       int calling_back)
{
    struct X11Private *pr = (struct X11Private *) plug;

    /*
     * We have no way to communicate down the forwarded connection,
     * so if an error occurred on the socket, we just ignore it
     * and treat it like a proper close.
     */
    sshfwd_close(pr->c);
    x11_close(pr->s);
    return 1;
}

static int x11_receive(Plug plug, int urgent, char *data, int len)
{
    struct X11Private *pr = (struct X11Private *) plug;

    if (sshfwd_write(pr->c, data, len) > 0) {
	pr->throttled = 1;
	sk_set_frozen(pr->s, 1);
    }

    return 1;
}

static void x11_sent(Plug plug, int bufsize)
{
    struct X11Private *pr = (struct X11Private *) plug;

    sshfwd_unthrottle(pr->c, bufsize);
}

/*
 * When setting up X forwarding, we should send the screen number
 * from the specified local display. This function extracts it from
 * the display string.
 */
int x11_get_screen_number(char *display)
{
    int n;

    n = strcspn(display, ":");
    if (!display[n])
	return 0;
    n = strcspn(display, ".");
    if (!display[n])
	return 0;
    return atoi(display + n + 1);
}

/*
 * Called to set up the raw connection.
 * 
 * Returns an error message, or NULL on success.
 * also, fills the SocketsStructure
 */
char *x11_init(Socket * s, char *display, void *c, void *auth)
{
    static const struct plug_function_table fn_table = {
	x11_closing,
	x11_receive,
	x11_sent,
	NULL
    };

    SockAddr addr;
    int port;
    char *err, *dummy_realhost;
    char host[128];
    int n, displaynum;
    struct X11Private *pr;

    /*
     * Split up display name into host and display-number parts.
     */
    n = strcspn(display, ":");
    if (display[n])
	displaynum = atoi(display + n + 1);
    else
	displaynum = 0;		       /* sensible default */
    if (n > sizeof(host) - 1)
	n = sizeof(host) - 1;
    if (n > 0) {
	strncpy(host, display, n);
	host[n] = '\0';
    } else {
	/*
	 * Local display numbers, particularly on Unix, often omit
	 * the display part completely.
	 */
	strcpy(host, "localhost");
    }

    port = 6000 + displaynum;

    /*
     * Try to find host.
     */
    addr = name_lookup(host, port, &dummy_realhost);
    if ((err = sk_addr_error(addr)) != NULL)
	return err;

    /*
     * Open socket.
     */
    pr = (struct X11Private *) smalloc(sizeof(struct X11Private));
    pr->fn = &fn_table;
    pr->auth_protocol = NULL;
    pr->auth = (struct X11Auth *)auth;
    pr->verified = 0;
    pr->data_read = 0;
    pr->throttled = pr->throttle_override = 0;
    pr->c = c;

    pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr);
    if ((err = sk_socket_error(*s)) != NULL) {
	sfree(pr);
	return err;
    }

    sk_set_private_ptr(*s, pr);
    sk_addr_free(addr);
    return NULL;
}

void x11_close(Socket s)
{
    struct X11Private *pr;
    if (!s)
	return;
    pr = (struct X11Private *) sk_get_private_ptr(s);
    if (pr->auth_protocol) {
	sfree(pr->auth_protocol);
	sfree(pr->auth_data);
    }

    sfree(pr);

    sk_close(s);
}

void x11_unthrottle(Socket s)
{
    struct X11Private *pr;
    if (!s)
	return;
    pr = (struct X11Private *) sk_get_private_ptr(s);

    pr->throttled = 0;
    sk_set_frozen(s, pr->throttled || pr->throttle_override);
}

void x11_override_throttle(Socket s, int enable)
{
    struct X11Private *pr;
    if (!s)
	return;
    pr = (struct X11Private *) sk_get_private_ptr(s);

    pr->throttle_override = enable;
    sk_set_frozen(s, pr->throttled || pr->throttle_override);
}

/*
 * Called to send data down the raw connection.
 */
int x11_send(Socket s, char *data, int len)
{
    struct X11Private *pr = (struct X11Private *) sk_get_private_ptr(s);

    if (s == NULL)
	return 0;

    /*
     * Read the first packet.
     */
    while (len > 0 && pr->data_read < 12)
	pr->firstpkt[pr->data_read++] = (unsigned char) (len--, *data++);
    if (pr->data_read < 12)
	return 0;

    /*
     * If we have not allocated the auth_protocol and auth_data
     * strings, do so now.
     */
    if (!pr->auth_protocol) {
	pr->auth_plen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 6);
	pr->auth_dlen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 8);
	pr->auth_psize = (pr->auth_plen + 3) & ~3;
	pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
	/* Leave room for a terminating zero, to make our lives easier. */
	pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
	pr->auth_data = (unsigned char *) smalloc(pr->auth_dsize);
    }

    /*
     * Read the auth_protocol and auth_data strings.
     */
    while (len > 0 && pr->data_read < 12 + pr->auth_psize)
	pr->auth_protocol[pr->data_read++ - 12] = (len--, *data++);
    while (len > 0 && pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
	pr->auth_data[pr->data_read++ - 12 -
		      pr->auth_psize] = (unsigned char) (len--, *data++);
    if (pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
	return 0;

    /*
     * If we haven't verified the authentication, do so now.
     */
    if (!pr->verified) {
	int ret;

	pr->auth_protocol[pr->auth_plen] = '\0';	/* ASCIZ */
	ret = x11_verify(pr->auth, pr->auth_protocol,
			 pr->auth_data, pr->auth_dlen);

	/*
	 * If authentication failed, construct and send an error
	 * packet, then terminate the connection.
	 */
	if (!ret) {
	    char message[] = "Authentication failed at PuTTY X11 proxy";
	    unsigned char reply[8 + sizeof(message) + 4];
	    int msglen = sizeof(message) - 1;	/* skip zero byte */
	    int msgsize = (msglen + 3) & ~3;
	    reply[0] = 0;	       /* failure */
	    reply[1] = msglen;	       /* length of reason string */
	    memcpy(reply + 2, pr->firstpkt + 2, 4);	/* major/minor proto vsn */
	    PUT_16BIT(pr->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
	    memset(reply + 8, 0, msgsize);
	    memcpy(reply + 8, message, msglen);
	    sshfwd_write(pr->c, (char *)reply, 8 + msgsize);
	    sshfwd_close(pr->c);
	    x11_close(s);
	    return 0;
	}

	/*
	 * Now we know we're going to accept the connection. Strip
	 * the fake auth data, and optionally put real auth data in
	 * instead.
	 */
        {
            char realauthdata[64];
            int realauthlen = 0;
            int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
	    unsigned long ip;
	    int port;
            static const char zeroes[4] = { 0,0,0,0 };

            if (pr->auth->realproto == X11_MIT) {
                assert(pr->auth->reallen <= lenof(realauthdata));
                realauthlen = pr->auth->reallen;
                memcpy(realauthdata, pr->auth->realdata, realauthlen);
            } else if (pr->auth->realproto == X11_XDM &&
		       pr->auth->reallen == 16 &&
		       sk_getxdmdata(s, &ip, &port)) {
		time_t t;
                realauthlen = 24;
		memset(realauthdata, 0, 24);
		memcpy(realauthdata, pr->auth->realdata, 8);
		PUT_32BIT_MSB_FIRST(realauthdata+8, ip);
		PUT_16BIT_MSB_FIRST(realauthdata+12, port);
		t = time(NULL);
		PUT_32BIT_MSB_FIRST(realauthdata+14, t);
		des_encrypt_xdmauth(pr->auth->realdata+9, realauthdata, 24);
	    }
            /* implement other auth methods here if required */

            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
        
            sk_write(s, (char *)pr->firstpkt, 12);

            if (authstrlen) {
                sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
                sk_write(s, zeroes, 3 & (-authstrlen));
            }
            if (realauthlen) {
                sk_write(s, realauthdata, realauthlen);
                sk_write(s, zeroes, 3 & (-realauthlen));
            }
        }
	pr->verified = 1;
    }

    /*
     * After initialisation, just copy data simply.
     */

    return sk_write(s, data, len);
}
Commit	Line	Data
9c964e85	1	#include <stdio.h>
9c964e85	2	#include <stdlib.h>
e0e7dff8	3	#include <assert.h>
2f92b717	4	#include <time.h>
9c964e85	5
	6	#include "putty.h"
	7	#include "ssh.h"
	8
9c964e85	9	#define GET_32BIT_LSB_FIRST(cp) \
	10	(((unsigned long)(unsigned char)(cp)[0]) \| \
	11	((unsigned long)(unsigned char)(cp)[1] << 8) \| \
	12	((unsigned long)(unsigned char)(cp)[2] << 16) \| \
	13	((unsigned long)(unsigned char)(cp)[3] << 24))
	14
	15	#define PUT_32BIT_LSB_FIRST(cp, value) ( \
	16	(cp)[0] = (value), \
	17	(cp)[1] = (value) >> 8, \
	18	(cp)[2] = (value) >> 16, \
	19	(cp)[3] = (value) >> 24 )
	20
	21	#define GET_16BIT_LSB_FIRST(cp) \
	22	(((unsigned long)(unsigned char)(cp)[0]) \| \
	23	((unsigned long)(unsigned char)(cp)[1] << 8))
	24
	25	#define PUT_16BIT_LSB_FIRST(cp, value) ( \
	26	(cp)[0] = (value), \
	27	(cp)[1] = (value) >> 8 )
	28
	29	#define GET_32BIT_MSB_FIRST(cp) \
	30	(((unsigned long)(unsigned char)(cp)[0] << 24) \| \
	31	((unsigned long)(unsigned char)(cp)[1] << 16) \| \
	32	((unsigned long)(unsigned char)(cp)[2] << 8) \| \
	33	((unsigned long)(unsigned char)(cp)[3]))
	34
	35	#define PUT_32BIT_MSB_FIRST(cp, value) ( \
	36	(cp)[0] = (value) >> 24, \
	37	(cp)[1] = (value) >> 16, \
	38	(cp)[2] = (value) >> 8, \
	39	(cp)[3] = (value) )
	40
	41	#define GET_16BIT_MSB_FIRST(cp) \
	42	(((unsigned long)(unsigned char)(cp)[0] << 8) \| \
	43	((unsigned long)(unsigned char)(cp)[1]))
	44
	45	#define PUT_16BIT_MSB_FIRST(cp, value) ( \
	46	(cp)[0] = (value) >> 8, \
	47	(cp)[1] = (value) )
	48
	49	#define GET_16BIT(endian, cp) \
	50	(endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))
	51
	52	#define PUT_16BIT(endian, cp, val) \
	53	(endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
	54
e0e7dff8	55	const char *const x11_authnames[] = {
2f92b717	56	"", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1"
e0e7dff8	57	};
e0e7dff8	58
302121de	59	struct X11Auth {
e0e7dff8	60	unsigned char fakedata[64], realdata[64];
	61	int fakeproto, realproto;
	62	int fakelen, reallen;
302121de	63	};
302121de	64
e0e7dff8	65	extern void platform_get_x11_auth(char display, int proto,
	66	unsigned char data, int datalen);
	67
9c964e85	68	struct X11Private {
302121de	69	const struct plug_function_table *fn;
7e78000d	70	/* the above variable absolutely must be the first in this structure */
32874aea	71	unsigned char firstpkt[12]; /* first X data packet */
302121de	72	struct X11Auth *auth;
9c964e85	73	char *auth_protocol;
	74	unsigned char *auth_data;
	75	int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
	76	int verified;
5471d09a	77	int throttled, throttle_override;
32874aea	78	void c; / data used by ssh.c */
7e78000d	79	Socket s;
9c964e85	80	};
9c964e85	81
302121de	82	void x11_invent_auth(char proto, int protomaxlen,
32874aea	83	char *data, int datamaxlen)
32874aea	84	{
302121de	85	struct X11Auth *auth = smalloc(sizeof(struct X11Auth));
9c964e85	86	char ourdata[64];
	87	int i;
	88
e0e7dff8	89	auth->fakeproto = X11_MIT;
e0e7dff8	90
9c964e85	91	/* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
e0e7dff8	92	auth->fakelen = 16;
9c964e85	93	for (i = 0; i < 16; i++)
e0e7dff8	94	auth->fakedata[i] = random_byte();
9c964e85	95
9c964e85	96	/* Now format for the recipient. */
e0e7dff8	97	strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen);
9c964e85	98	ourdata[0] = '\0';
e0e7dff8	99	for (i = 0; i < auth->fakelen; i++)
e0e7dff8	100	sprintf(ourdata + strlen(ourdata), "%02x", auth->fakedata[i]);
9c964e85	101	strncpy(data, ourdata, datamaxlen);
302121de	102
302121de	103	return auth;
9c964e85	104	}
9c964e85	105
e0e7dff8	106	/*
	107	* Fetch the real auth data for a given display string, and store
	108	* it in an X11Auth structure. Returns NULL on success, or an error
	109	* string.
	110	*/
	111	void x11_get_real_auth(void authv, char display)
	112	{
	113	struct X11Auth auth = (struct X11Auth )authv;
	114
	115	auth->realproto = X11_NO_AUTH; /* in case next call does nothing */
	116
	117	auth->reallen = sizeof(auth->realdata);
	118	platform_get_x11_auth(display, &auth->realproto,
	119	auth->realdata, &auth->reallen);
	120	}
	121
302121de	122	static int x11_verify(struct X11Auth *auth,
302121de	123	char proto, unsigned char data, int dlen)
32874aea	124	{
e0e7dff8	125	if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
32874aea	126	return 0; /* wrong protocol attempted */
e0e7dff8	127	if (auth->fakeproto == X11_MIT) {
	128	if (dlen != auth->fakelen)
	129	return 0; /* cookie was wrong length */
	130	if (memcmp(auth->fakedata, data, dlen) != 0)
	131	return 0; /* cookie was wrong cookie! */
	132	}
	133	/* implement other protocols here if ever required */
9c964e85	134	return 1;
	135	}
	136
32874aea	137	static int x11_closing(Plug plug, char *error_msg, int error_code,
	138	int calling_back)
	139	{
7e78000d	140	struct X11Private pr = (struct X11Private ) plug;
	141
	142	/*
	143	* We have no way to communicate down the forwarded connection,
	144	* so if an error occurred on the socket, we just ignore it
	145	* and treat it like a proper close.
	146	*/
	147	sshfwd_close(pr->c);
	148	x11_close(pr->s);
	149	return 1;
	150	}
	151
32874aea	152	static int x11_receive(Plug plug, int urgent, char *data, int len)
32874aea	153	{
7e78000d	154	struct X11Private pr = (struct X11Private ) plug;
9c964e85	155
5471d09a	156	if (sshfwd_write(pr->c, data, len) > 0) {
	157	pr->throttled = 1;
	158	sk_set_frozen(pr->s, 1);
	159	}
	160
9c964e85	161	return 1;
	162	}
	163
5471d09a	164	static void x11_sent(Plug plug, int bufsize)
	165	{
	166	struct X11Private pr = (struct X11Private ) plug;
	167
	168	sshfwd_unthrottle(pr->c, bufsize);
	169	}
	170
9c964e85	171	/*
421d6835	172	* When setting up X forwarding, we should send the screen number
	173	* from the specified local display. This function extracts it from
	174	* the display string.
	175	*/
	176	int x11_get_screen_number(char *display)
	177	{
	178	int n;
	179
	180	n = strcspn(display, ":");
	181	if (!display[n])
	182	return 0;
	183	n = strcspn(display, ".");
	184	if (!display[n])
	185	return 0;
	186	return atoi(display + n + 1);
	187	}
	188
	189	/*
9c964e85	190	* Called to set up the raw connection.
	191	*
	192	* Returns an error message, or NULL on success.
	193	* also, fills the SocketsStructure
9c964e85	194	*/
302121de	195	char x11_init(Socket s, char display, void c, void *auth)
32874aea	196	{
302121de	197	static const struct plug_function_table fn_table = {
7e78000d	198	x11_closing,
5471d09a	199	x11_receive,
	200	x11_sent,
	201	NULL
7e78000d	202	};
7e78000d	203
9c964e85	204	SockAddr addr;
9c964e85	205	int port;
0c6c9a70	206	char err, dummy_realhost;
9c964e85	207	char host[128];
	208	int n, displaynum;
	209	struct X11Private *pr;
	210
	211	/*
	212	* Split up display name into host and display-number parts.
	213	*/
	214	n = strcspn(display, ":");
	215	if (display[n])
32874aea	216	displaynum = atoi(display + n + 1);
9c964e85	217	else
32874aea	218	displaynum = 0; /* sensible default */
	219	if (n > sizeof(host) - 1)
	220	n = sizeof(host) - 1;
ecc0ba5b	221	if (n > 0) {
	222	strncpy(host, display, n);
	223	host[n] = '\0';
	224	} else {
	225	/*
	226	* Local display numbers, particularly on Unix, often omit
	227	* the display part completely.
	228	*/
	229	strcpy(host, "localhost");
	230	}
9c964e85	231
9f2f8ea0	232	port = 6000 + displaynum;
9f2f8ea0	233
9c964e85	234	/*
	235	* Try to find host.
	236	*/
b7a189f3	237	addr = name_lookup(host, port, &dummy_realhost);
6518ea7b	238	if ((err = sk_addr_error(addr)) != NULL)
9c964e85	239	return err;
9c964e85	240
9c964e85	241	/*
	242	* Open socket.
	243	*/
32874aea	244	pr = (struct X11Private *) smalloc(sizeof(struct X11Private));
7e78000d	245	pr->fn = &fn_table;
9c964e85	246	pr->auth_protocol = NULL;
302121de	247	pr->auth = (struct X11Auth *)auth;
9c964e85	248	pr->verified = 0;
9c964e85	249	pr->data_read = 0;
5471d09a	250	pr->throttled = pr->throttle_override = 0;
9c964e85	251	pr->c = c;
9c964e85	252
8eebd221	253	pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr);
6518ea7b	254	if ((err = sk_socket_error(*s)) != NULL) {
32874aea	255	sfree(pr);
7e78000d	256	return err;
	257	}
	258
9c964e85	259	sk_set_private_ptr(*s, pr);
	260	sk_addr_free(addr);
	261	return NULL;
	262	}
	263
32874aea	264	void x11_close(Socket s)
	265	{
	266	struct X11Private *pr;
d74d141c	267	if (!s)
	268	return;
	269	pr = (struct X11Private *) sk_get_private_ptr(s);
9c964e85	270	if (pr->auth_protocol) {
32874aea	271	sfree(pr->auth_protocol);
32874aea	272	sfree(pr->auth_data);
9c964e85	273	}
	274
	275	sfree(pr);
	276
	277	sk_close(s);
	278	}
	279
5471d09a	280	void x11_unthrottle(Socket s)
	281	{
	282	struct X11Private *pr;
	283	if (!s)
	284	return;
	285	pr = (struct X11Private *) sk_get_private_ptr(s);
	286
	287	pr->throttled = 0;
	288	sk_set_frozen(s, pr->throttled \|\| pr->throttle_override);
	289	}
	290
	291	void x11_override_throttle(Socket s, int enable)
	292	{
	293	struct X11Private *pr;
	294	if (!s)
	295	return;
	296	pr = (struct X11Private *) sk_get_private_ptr(s);
	297
	298	pr->throttle_override = enable;
	299	sk_set_frozen(s, pr->throttled \|\| pr->throttle_override);
	300	}
	301
9c964e85	302	/*
	303	* Called to send data down the raw connection.
	304	*/
5471d09a	305	int x11_send(Socket s, char *data, int len)
32874aea	306	{
32874aea	307	struct X11Private pr = (struct X11Private ) sk_get_private_ptr(s);
9c964e85	308
9c964e85	309	if (s == NULL)
5471d09a	310	return 0;
9c964e85	311
	312	/*
	313	* Read the first packet.
	314	*/
	315	while (len > 0 && pr->data_read < 12)
32874aea	316	pr->firstpkt[pr->data_read++] = (unsigned char) (len--, *data++);
9c964e85	317	if (pr->data_read < 12)
5471d09a	318	return 0;
9c964e85	319
	320	/*
	321	* If we have not allocated the auth_protocol and auth_data
	322	* strings, do so now.
	323	*/
	324	if (!pr->auth_protocol) {
32874aea	325	pr->auth_plen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 6);
	326	pr->auth_dlen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 8);
	327	pr->auth_psize = (pr->auth_plen + 3) & ~3;
	328	pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
	329	/* Leave room for a terminating zero, to make our lives easier. */
	330	pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
f28e6b7c	331	pr->auth_data = (unsigned char *) smalloc(pr->auth_dsize);
9c964e85	332	}
	333
	334	/*
	335	* Read the auth_protocol and auth_data strings.
	336	*/
	337	while (len > 0 && pr->data_read < 12 + pr->auth_psize)
32874aea	338	pr->auth_protocol[pr->data_read++ - 12] = (len--, *data++);
9c964e85	339	while (len > 0 && pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
32874aea	340	pr->auth_data[pr->data_read++ - 12 -
32874aea	341	pr->auth_psize] = (unsigned char) (len--, *data++);
9c964e85	342	if (pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
5471d09a	343	return 0;
9c964e85	344
	345	/*
	346	* If we haven't verified the authentication, do so now.
	347	*/
	348	if (!pr->verified) {
32874aea	349	int ret;
	350
	351	pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */
302121de	352	ret = x11_verify(pr->auth, pr->auth_protocol,
302121de	353	pr->auth_data, pr->auth_dlen);
32874aea	354
	355	/*
	356	* If authentication failed, construct and send an error
	357	* packet, then terminate the connection.
	358	*/
	359	if (!ret) {
	360	char message[] = "Authentication failed at PuTTY X11 proxy";
	361	unsigned char reply[8 + sizeof(message) + 4];
	362	int msglen = sizeof(message) - 1; /* skip zero byte */
	363	int msgsize = (msglen + 3) & ~3;
	364	reply[0] = 0; /* failure */
	365	reply[1] = msglen; /* length of reason string */
	366	memcpy(reply + 2, pr->firstpkt + 2, 4); /* major/minor proto vsn */
75105663	367	PUT_16BIT(pr->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
32874aea	368	memset(reply + 8, 0, msgsize);
32874aea	369	memcpy(reply + 8, message, msglen);
f28e6b7c	370	sshfwd_write(pr->c, (char *)reply, 8 + msgsize);
32874aea	371	sshfwd_close(pr->c);
32874aea	372	x11_close(s);
5471d09a	373	return 0;
32874aea	374	}
	375
	376	/*
	377	* Now we know we're going to accept the connection. Strip
e0e7dff8	378	* the fake auth data, and optionally put real auth data in
e0e7dff8	379	* instead.
32874aea	380	*/
e0e7dff8	381	{
	382	char realauthdata[64];
	383	int realauthlen = 0;
	384	int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
2f92b717	385	unsigned long ip;
2f92b717	386	int port;
e0e7dff8	387	static const char zeroes[4] = { 0,0,0,0 };
	388
	389	if (pr->auth->realproto == X11_MIT) {
	390	assert(pr->auth->reallen <= lenof(realauthdata));
	391	realauthlen = pr->auth->reallen;
	392	memcpy(realauthdata, pr->auth->realdata, realauthlen);
2f92b717	393	} else if (pr->auth->realproto == X11_XDM &&
	394	pr->auth->reallen == 16 &&
	395	sk_getxdmdata(s, &ip, &port)) {
	396	time_t t;
	397	realauthlen = 24;
	398	memset(realauthdata, 0, 24);
	399	memcpy(realauthdata, pr->auth->realdata, 8);
	400	PUT_32BIT_MSB_FIRST(realauthdata+8, ip);
	401	PUT_16BIT_MSB_FIRST(realauthdata+12, port);
	402	t = time(NULL);
	403	PUT_32BIT_MSB_FIRST(realauthdata+14, t);
	404	des_encrypt_xdmauth(pr->auth->realdata+9, realauthdata, 24);
	405	}
e0e7dff8	406	/* implement other auth methods here if required */
	407
	408	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
	409	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
	410
	411	sk_write(s, (char *)pr->firstpkt, 12);
	412
	413	if (authstrlen) {
	414	sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
	415	sk_write(s, zeroes, 3 & (-authstrlen));
	416	}
	417	if (realauthlen) {
	418	sk_write(s, realauthdata, realauthlen);
	419	sk_write(s, zeroes, 3 & (-realauthlen));
	420	}
	421	}
32874aea	422	pr->verified = 1;
9c964e85	423	}
	424
	425	/*
	426	* After initialisation, just copy data simply.
	427	*/
	428
5471d09a	429	return sk_write(s, data, len);
9c964e85	430	}