[u/mdw/putty] / x11fwd.c

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

#include "putty.h"
#include "ssh.h"

#ifndef FALSE
#define FALSE 0
#endif
#ifndef TRUE
#define TRUE 1
#endif

#define GET_32BIT_LSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0]) | \
  ((unsigned long)(unsigned char)(cp)[1] << 8) | \
  ((unsigned long)(unsigned char)(cp)[2] << 16) | \
  ((unsigned long)(unsigned char)(cp)[3] << 24))

#define PUT_32BIT_LSB_FIRST(cp, value) ( \
  (cp)[0] = (value), \
  (cp)[1] = (value) >> 8, \
  (cp)[2] = (value) >> 16, \
  (cp)[3] = (value) >> 24 )

#define GET_16BIT_LSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0]) | \
  ((unsigned long)(unsigned char)(cp)[1] << 8))

#define PUT_16BIT_LSB_FIRST(cp, value) ( \
  (cp)[0] = (value), \
  (cp)[1] = (value) >> 8 )

#define GET_32BIT_MSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0] << 24) | \
  ((unsigned long)(unsigned char)(cp)[1] << 16) | \
  ((unsigned long)(unsigned char)(cp)[2] << 8) | \
  ((unsigned long)(unsigned char)(cp)[3]))

#define PUT_32BIT_MSB_FIRST(cp, value) ( \
  (cp)[0] = (value) >> 24, \
  (cp)[1] = (value) >> 16, \
  (cp)[2] = (value) >> 8, \
  (cp)[3] = (value) )

#define GET_16BIT_MSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0] << 8) | \
  ((unsigned long)(unsigned char)(cp)[1]))

#define PUT_16BIT_MSB_FIRST(cp, value) ( \
  (cp)[0] = (value) >> 8, \
  (cp)[1] = (value) )

#define GET_16BIT(endian, cp) \
  (endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))

#define PUT_16BIT(endian, cp, val) \
  (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))

extern void sshfwd_close(void *);
extern void sshfwd_write(void *, char *, int);

struct X11Private {
    struct plug_function_table *fn;
    /* the above variable absolutely *must* be the first in this structure */
    unsigned char firstpkt[12];	       /* first X data packet */
    char *auth_protocol;
    unsigned char *auth_data;
    int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
    int verified;
    void *c;			       /* data used by ssh.c */
    Socket s;
};

void x11_close(Socket s);

static unsigned char x11_authdata[64];
static int x11_authdatalen;

void x11_invent_auth(char *proto, int protomaxlen,
		     char *data, int datamaxlen)
{
    char ourdata[64];
    int i;

    /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
    x11_authdatalen = 16;
    for (i = 0; i < 16; i++)
	x11_authdata[i] = random_byte();

    /* Now format for the recipient. */
    strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
    ourdata[0] = '\0';
    for (i = 0; i < x11_authdatalen; i++)
	sprintf(ourdata + strlen(ourdata), "%02x", x11_authdata[i]);
    strncpy(data, ourdata, datamaxlen);
}

static int x11_verify(char *proto, unsigned char *data, int dlen)
{
    if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
	return 0;		       /* wrong protocol attempted */
    if (dlen != x11_authdatalen)
	return 0;		       /* cookie was wrong length */
    if (memcmp(x11_authdata, data, dlen) != 0)
	return 0;		       /* cookie was wrong cookie! */
    return 1;
}

static int x11_closing(Plug plug, char *error_msg, int error_code,
		       int calling_back)
{
    struct X11Private *pr = (struct X11Private *) plug;

    /*
     * We have no way to communicate down the forwarded connection,
     * so if an error occurred on the socket, we just ignore it
     * and treat it like a proper close.
     */
    sshfwd_close(pr->c);
    x11_close(pr->s);
    return 1;
}

static int x11_receive(Plug plug, int urgent, char *data, int len)
{
    struct X11Private *pr = (struct X11Private *) plug;

    sshfwd_write(pr->c, data, len);
    return 1;
}

/*
 * Called to set up the raw connection.
 * 
 * Returns an error message, or NULL on success.
 * also, fills the SocketsStructure
 */
char *x11_init(Socket * s, char *display, void *c)
{
    static struct plug_function_table fn_table = {
	x11_closing,
	x11_receive
    };

    SockAddr addr;
    int port;
    char *err, *dummy_realhost;
    char host[128];
    int n, displaynum;
    struct X11Private *pr;

    /*
     * Split up display name into host and display-number parts.
     */
    n = strcspn(display, ":");
    if (display[n])
	displaynum = atoi(display + n + 1);
    else
	displaynum = 0;		       /* sensible default */
    if (n > sizeof(host) - 1)
	n = sizeof(host) - 1;
    strncpy(host, display, n);
    host[n] = '\0';

    /*
     * Try to find host.
     */
    addr = sk_namelookup(host, &dummy_realhost);
    if ((err = sk_addr_error(addr)))
	return err;

    port = 6000 + displaynum;

    /*
     * Open socket.
     */
    pr = (struct X11Private *) smalloc(sizeof(struct X11Private));
    pr->fn = &fn_table;
    pr->auth_protocol = NULL;
    pr->verified = 0;
    pr->data_read = 0;
    pr->c = c;

    pr->s = *s = sk_new(addr, port, 0, 1, (Plug) pr);
    if ((err = sk_socket_error(*s))) {
	sfree(pr);
	return err;
    }

    sk_set_private_ptr(*s, pr);
    sk_addr_free(addr);
    return NULL;
}

void x11_close(Socket s)
{
    struct X11Private *pr;
    if (!s)
	return;
    pr = (struct X11Private *) sk_get_private_ptr(s);
    if (pr->auth_protocol) {
	sfree(pr->auth_protocol);
	sfree(pr->auth_data);
    }

    sfree(pr);

    sk_close(s);
}

/*
 * Called to send data down the raw connection.
 */
void x11_send(Socket s, char *data, int len)
{
    struct X11Private *pr = (struct X11Private *) sk_get_private_ptr(s);

    if (s == NULL)
	return;

    /*
     * Read the first packet.
     */
    while (len > 0 && pr->data_read < 12)
	pr->firstpkt[pr->data_read++] = (unsigned char) (len--, *data++);
    if (pr->data_read < 12)
	return;

    /*
     * If we have not allocated the auth_protocol and auth_data
     * strings, do so now.
     */
    if (!pr->auth_protocol) {
	pr->auth_plen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 6);
	pr->auth_dlen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 8);
	pr->auth_psize = (pr->auth_plen + 3) & ~3;
	pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
	/* Leave room for a terminating zero, to make our lives easier. */
	pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
	pr->auth_data = (char *) smalloc(pr->auth_dsize);
    }

    /*
     * Read the auth_protocol and auth_data strings.
     */
    while (len > 0 && pr->data_read < 12 + pr->auth_psize)
	pr->auth_protocol[pr->data_read++ - 12] = (len--, *data++);
    while (len > 0 && pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
	pr->auth_data[pr->data_read++ - 12 -
		      pr->auth_psize] = (unsigned char) (len--, *data++);
    if (pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
	return;

    /*
     * If we haven't verified the authentication, do so now.
     */
    if (!pr->verified) {
	int ret;

	pr->auth_protocol[pr->auth_plen] = '\0';	/* ASCIZ */
	ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen);

	/*
	 * If authentication failed, construct and send an error
	 * packet, then terminate the connection.
	 */
	if (!ret) {
	    char message[] = "Authentication failed at PuTTY X11 proxy";
	    unsigned char reply[8 + sizeof(message) + 4];
	    int msglen = sizeof(message) - 1;	/* skip zero byte */
	    int msgsize = (msglen + 3) & ~3;
	    reply[0] = 0;	       /* failure */
	    reply[1] = msglen;	       /* length of reason string */
	    memcpy(reply + 2, pr->firstpkt + 2, 4);	/* major/minor proto vsn */
	    PUT_16BIT(pr->firstpkt[0], reply + 6, msglen >> 2);	/* data len */
	    memset(reply + 8, 0, msgsize);
	    memcpy(reply + 8, message, msglen);
	    sshfwd_write(pr->c, reply, 8 + msgsize);
	    sshfwd_close(pr->c);
	    x11_close(s);
	    return;
	}

	/*
	 * Now we know we're going to accept the connection. Strip
	 * the auth data. (TODO: if we ever work out how, we should
	 * replace some real auth data in here.)
	 */
	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, 0);	/* auth proto */
	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, 0);	/* auth data */
	sk_write(s, pr->firstpkt, 12);
	pr->verified = 1;
    }

    /*
     * After initialisation, just copy data simply.
     */

    sk_write(s, data, len);
}
Commit	Line	Data
9c964e85	1	#include <windows.h>
	2	#include <stdio.h>
	3	#include <stdlib.h>
	4
	5	#include "putty.h"
	6	#include "ssh.h"
	7
	8	#ifndef FALSE
	9	#define FALSE 0
	10	#endif
	11	#ifndef TRUE
	12	#define TRUE 1
	13	#endif
	14
	15	#define GET_32BIT_LSB_FIRST(cp) \
	16	(((unsigned long)(unsigned char)(cp)[0]) \| \
	17	((unsigned long)(unsigned char)(cp)[1] << 8) \| \
	18	((unsigned long)(unsigned char)(cp)[2] << 16) \| \
	19	((unsigned long)(unsigned char)(cp)[3] << 24))
	20
	21	#define PUT_32BIT_LSB_FIRST(cp, value) ( \
	22	(cp)[0] = (value), \
	23	(cp)[1] = (value) >> 8, \
	24	(cp)[2] = (value) >> 16, \
	25	(cp)[3] = (value) >> 24 )
	26
	27	#define GET_16BIT_LSB_FIRST(cp) \
	28	(((unsigned long)(unsigned char)(cp)[0]) \| \
	29	((unsigned long)(unsigned char)(cp)[1] << 8))
	30
	31	#define PUT_16BIT_LSB_FIRST(cp, value) ( \
	32	(cp)[0] = (value), \
	33	(cp)[1] = (value) >> 8 )
	34
	35	#define GET_32BIT_MSB_FIRST(cp) \
	36	(((unsigned long)(unsigned char)(cp)[0] << 24) \| \
	37	((unsigned long)(unsigned char)(cp)[1] << 16) \| \
	38	((unsigned long)(unsigned char)(cp)[2] << 8) \| \
	39	((unsigned long)(unsigned char)(cp)[3]))
	40
	41	#define PUT_32BIT_MSB_FIRST(cp, value) ( \
	42	(cp)[0] = (value) >> 24, \
	43	(cp)[1] = (value) >> 16, \
	44	(cp)[2] = (value) >> 8, \
	45	(cp)[3] = (value) )
	46
	47	#define GET_16BIT_MSB_FIRST(cp) \
	48	(((unsigned long)(unsigned char)(cp)[0] << 8) \| \
	49	((unsigned long)(unsigned char)(cp)[1]))
	50
	51	#define PUT_16BIT_MSB_FIRST(cp, value) ( \
	52	(cp)[0] = (value) >> 8, \
	53	(cp)[1] = (value) )
	54
	55	#define GET_16BIT(endian, cp) \
	56	(endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))
	57
	58	#define PUT_16BIT(endian, cp, val) \
	59	(endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
	60
	61	extern void sshfwd_close(void *);
	62	extern void sshfwd_write(void , char , int);
	63
	64	struct X11Private {
7e78000d	65	struct plug_function_table *fn;
7e78000d	66	/* the above variable absolutely must be the first in this structure */
32874aea	67	unsigned char firstpkt[12]; /* first X data packet */
9c964e85	68	char *auth_protocol;
	69	unsigned char *auth_data;
	70	int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
	71	int verified;
32874aea	72	void c; / data used by ssh.c */
7e78000d	73	Socket s;
9c964e85	74	};
9c964e85	75
32874aea	76	void x11_close(Socket s);
9c964e85	77
	78	static unsigned char x11_authdata[64];
	79	static int x11_authdatalen;
	80
	81	void x11_invent_auth(char *proto, int protomaxlen,
32874aea	82	char *data, int datamaxlen)
32874aea	83	{
9c964e85	84	char ourdata[64];
	85	int i;
	86
	87	/* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
	88	x11_authdatalen = 16;
	89	for (i = 0; i < 16; i++)
32874aea	90	x11_authdata[i] = random_byte();
9c964e85	91
	92	/* Now format for the recipient. */
	93	strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
	94	ourdata[0] = '\0';
	95	for (i = 0; i < x11_authdatalen; i++)
32874aea	96	sprintf(ourdata + strlen(ourdata), "%02x", x11_authdata[i]);
9c964e85	97	strncpy(data, ourdata, datamaxlen);
	98	}
	99
32874aea	100	static int x11_verify(char proto, unsigned char data, int dlen)
32874aea	101	{
9c964e85	102	if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
32874aea	103	return 0; /* wrong protocol attempted */
9c964e85	104	if (dlen != x11_authdatalen)
32874aea	105	return 0; /* cookie was wrong length */
9c964e85	106	if (memcmp(x11_authdata, data, dlen) != 0)
32874aea	107	return 0; /* cookie was wrong cookie! */
9c964e85	108	return 1;
	109	}
	110
32874aea	111	static int x11_closing(Plug plug, char *error_msg, int error_code,
	112	int calling_back)
	113	{
7e78000d	114	struct X11Private pr = (struct X11Private ) plug;
	115
	116	/*
	117	* We have no way to communicate down the forwarded connection,
	118	* so if an error occurred on the socket, we just ignore it
	119	* and treat it like a proper close.
	120	*/
	121	sshfwd_close(pr->c);
	122	x11_close(pr->s);
	123	return 1;
	124	}
	125
32874aea	126	static int x11_receive(Plug plug, int urgent, char *data, int len)
32874aea	127	{
7e78000d	128	struct X11Private pr = (struct X11Private ) plug;
9c964e85	129
9c964e85	130	sshfwd_write(pr->c, data, len);
	131	return 1;
	132	}
	133
	134	/*
	135	* Called to set up the raw connection.
	136	*
	137	* Returns an error message, or NULL on success.
	138	* also, fills the SocketsStructure
9c964e85	139	*/
32874aea	140	char x11_init(Socket s, char display, void c)
32874aea	141	{
7e78000d	142	static struct plug_function_table fn_table = {
	143	x11_closing,
	144	x11_receive
	145	};
	146
9c964e85	147	SockAddr addr;
9c964e85	148	int port;
0c6c9a70	149	char err, dummy_realhost;
9c964e85	150	char host[128];
	151	int n, displaynum;
	152	struct X11Private *pr;
	153
	154	/*
	155	* Split up display name into host and display-number parts.
	156	*/
	157	n = strcspn(display, ":");
	158	if (display[n])
32874aea	159	displaynum = atoi(display + n + 1);
9c964e85	160	else
32874aea	161	displaynum = 0; /* sensible default */
	162	if (n > sizeof(host) - 1)
	163	n = sizeof(host) - 1;
9c964e85	164	strncpy(host, display, n);
	165	host[n] = '\0';
	166
	167	/*
	168	* Try to find host.
	169	*/
0c6c9a70	170	addr = sk_namelookup(host, &dummy_realhost);
32874aea	171	if ((err = sk_addr_error(addr)))
9c964e85	172	return err;
	173
	174	port = 6000 + displaynum;
	175
	176	/*
	177	* Open socket.
	178	*/
32874aea	179	pr = (struct X11Private *) smalloc(sizeof(struct X11Private));
7e78000d	180	pr->fn = &fn_table;
9c964e85	181	pr->auth_protocol = NULL;
	182	pr->verified = 0;
	183	pr->data_read = 0;
	184	pr->c = c;
	185
7e78000d	186	pr->s = *s = sk_new(addr, port, 0, 1, (Plug) pr);
32874aea	187	if ((err = sk_socket_error(*s))) {
32874aea	188	sfree(pr);
7e78000d	189	return err;
	190	}
	191
9c964e85	192	sk_set_private_ptr(*s, pr);
	193	sk_addr_free(addr);
	194	return NULL;
	195	}
	196
32874aea	197	void x11_close(Socket s)
	198	{
	199	struct X11Private *pr;
d74d141c	200	if (!s)
	201	return;
	202	pr = (struct X11Private *) sk_get_private_ptr(s);
9c964e85	203	if (pr->auth_protocol) {
32874aea	204	sfree(pr->auth_protocol);
32874aea	205	sfree(pr->auth_data);
9c964e85	206	}
	207
	208	sfree(pr);
	209
	210	sk_close(s);
	211	}
	212
	213	/*
	214	* Called to send data down the raw connection.
	215	*/
32874aea	216	void x11_send(Socket s, char *data, int len)
	217	{
	218	struct X11Private pr = (struct X11Private ) sk_get_private_ptr(s);
9c964e85	219
	220	if (s == NULL)
	221	return;
	222
	223	/*
	224	* Read the first packet.
	225	*/
	226	while (len > 0 && pr->data_read < 12)
32874aea	227	pr->firstpkt[pr->data_read++] = (unsigned char) (len--, *data++);
9c964e85	228	if (pr->data_read < 12)
32874aea	229	return;
9c964e85	230
	231	/*
	232	* If we have not allocated the auth_protocol and auth_data
	233	* strings, do so now.
	234	*/
	235	if (!pr->auth_protocol) {
32874aea	236	pr->auth_plen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 6);
	237	pr->auth_dlen = GET_16BIT(pr->firstpkt[0], pr->firstpkt + 8);
	238	pr->auth_psize = (pr->auth_plen + 3) & ~3;
	239	pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
	240	/* Leave room for a terminating zero, to make our lives easier. */
	241	pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
	242	pr->auth_data = (char *) smalloc(pr->auth_dsize);
9c964e85	243	}
	244
	245	/*
	246	* Read the auth_protocol and auth_data strings.
	247	*/
	248	while (len > 0 && pr->data_read < 12 + pr->auth_psize)
32874aea	249	pr->auth_protocol[pr->data_read++ - 12] = (len--, *data++);
9c964e85	250	while (len > 0 && pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
32874aea	251	pr->auth_data[pr->data_read++ - 12 -
32874aea	252	pr->auth_psize] = (unsigned char) (len--, *data++);
9c964e85	253	if (pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
32874aea	254	return;
9c964e85	255
	256	/*
	257	* If we haven't verified the authentication, do so now.
	258	*/
	259	if (!pr->verified) {
32874aea	260	int ret;
	261
	262	pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */
	263	ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen);
	264
	265	/*
	266	* If authentication failed, construct and send an error
	267	* packet, then terminate the connection.
	268	*/
	269	if (!ret) {
	270	char message[] = "Authentication failed at PuTTY X11 proxy";
	271	unsigned char reply[8 + sizeof(message) + 4];
	272	int msglen = sizeof(message) - 1; /* skip zero byte */
	273	int msgsize = (msglen + 3) & ~3;
	274	reply[0] = 0; /* failure */
	275	reply[1] = msglen; /* length of reason string */
	276	memcpy(reply + 2, pr->firstpkt + 2, 4); /* major/minor proto vsn */
	277	PUT_16BIT(pr->firstpkt[0], reply + 6, msglen >> 2); /* data len */
	278	memset(reply + 8, 0, msgsize);
	279	memcpy(reply + 8, message, msglen);
	280	sshfwd_write(pr->c, reply, 8 + msgsize);
	281	sshfwd_close(pr->c);
	282	x11_close(s);
	283	return;
	284	}
	285
	286	/*
	287	* Now we know we're going to accept the connection. Strip
	288	* the auth data. (TODO: if we ever work out how, we should
	289	* replace some real auth data in here.)
	290	*/
	291	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, 0); /* auth proto */
	292	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, 0); /* auth data */
	293	sk_write(s, pr->firstpkt, 12);
	294	pr->verified = 1;
9c964e85	295	}
	296
	297	/*
	298	* After initialisation, just copy data simply.
	299	*/
	300
	301	sk_write(s, data, len);
	302	}