[u/mdw/putty] / x11fwd.c

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

#include "putty.h"
#include "ssh.h"

#ifndef FALSE
#define FALSE 0
#endif
#ifndef TRUE
#define TRUE 1
#endif

#define GET_32BIT_LSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0]) | \
  ((unsigned long)(unsigned char)(cp)[1] << 8) | \
  ((unsigned long)(unsigned char)(cp)[2] << 16) | \
  ((unsigned long)(unsigned char)(cp)[3] << 24))

#define PUT_32BIT_LSB_FIRST(cp, value) ( \
  (cp)[0] = (value), \
  (cp)[1] = (value) >> 8, \
  (cp)[2] = (value) >> 16, \
  (cp)[3] = (value) >> 24 )

#define GET_16BIT_LSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0]) | \
  ((unsigned long)(unsigned char)(cp)[1] << 8))

#define PUT_16BIT_LSB_FIRST(cp, value) ( \
  (cp)[0] = (value), \
  (cp)[1] = (value) >> 8 )

#define GET_32BIT_MSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0] << 24) | \
  ((unsigned long)(unsigned char)(cp)[1] << 16) | \
  ((unsigned long)(unsigned char)(cp)[2] << 8) | \
  ((unsigned long)(unsigned char)(cp)[3]))

#define PUT_32BIT_MSB_FIRST(cp, value) ( \
  (cp)[0] = (value) >> 24, \
  (cp)[1] = (value) >> 16, \
  (cp)[2] = (value) >> 8, \
  (cp)[3] = (value) )

#define GET_16BIT_MSB_FIRST(cp) \
  (((unsigned long)(unsigned char)(cp)[0] << 8) | \
  ((unsigned long)(unsigned char)(cp)[1]))

#define PUT_16BIT_MSB_FIRST(cp, value) ( \
  (cp)[0] = (value) >> 8, \
  (cp)[1] = (value) )

#define GET_16BIT(endian, cp) \
  (endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))

#define PUT_16BIT(endian, cp, val) \
  (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))

extern void sshfwd_close(void *);
extern void sshfwd_write(void *, char *, int);

struct X11Private {
    unsigned char firstpkt[12];        /* first X data packet */
    char *auth_protocol;
    unsigned char *auth_data;
    int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
    int verified;
    void *c;                           /* data used by ssh.c */
};

void x11_close (Socket s);

static unsigned char x11_authdata[64];
static int x11_authdatalen;

void x11_invent_auth(char *proto, int protomaxlen,
                     char *data, int datamaxlen) {
    char ourdata[64];
    int i;

    /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
    x11_authdatalen = 16;
    for (i = 0; i < 16; i++)
        x11_authdata[i] = random_byte();

    /* Now format for the recipient. */
    strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
    ourdata[0] = '\0';
    for (i = 0; i < x11_authdatalen; i++)
        sprintf(ourdata+strlen(ourdata), "%02x", x11_authdata[i]);
    strncpy(data, ourdata, datamaxlen);
}

static int x11_verify(char *proto, unsigned char *data, int dlen) {
    if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
        return 0;                      /* wrong protocol attempted */
    if (dlen != x11_authdatalen)
        return 0;                      /* cookie was wrong length */
    if (memcmp(x11_authdata, data, dlen) != 0)
        return 0;                      /* cookie was wrong cookie! */
    return 1;
}

static int x11_receive (Socket s, int urgent, char *data, int len) {
    struct X11Private *pr = (struct X11Private *)sk_get_private_ptr(s);

    if (!len) {
	/* Connection has closed. */
        sshfwd_close(pr->c);
	x11_close(s);
        return 1;
    }
    sshfwd_write(pr->c, data, len);
    return 1;
}

/*
 * Called to set up the raw connection.
 * 
 * Returns an error message, or NULL on success.
 * also, fills the SocketsStructure
 *
 * Also places the canonical host name into `realhost'.
 */
char *x11_init (Socket *s, char *display, void *c, char **realhost) {
    SockAddr addr;
    int port;
    char *err;
    char host[128];
    int n, displaynum;
    struct X11Private *pr;

    /*
     * Split up display name into host and display-number parts.
     */
    n = strcspn(display, ":");
    if (display[n])
        displaynum = atoi(display+n+1);
    else
        displaynum = 0;                /* sensible default */
    if (n > sizeof(host)-1)
        n = sizeof(host)-1;
    strncpy(host, display, n);
    host[n] = '\0';

    /*
     * Try to find host.
     */
    addr = sk_namelookup(host, realhost);
    if ( (err = sk_addr_error(addr)) )
	return err;

    port = 6000 + displaynum;

    /*
     * Open socket.
     */
    *s = sk_new(addr, port, 0, x11_receive);
    if ( (err = sk_socket_error(*s)) )
	return err;

    pr = (struct X11Private *)smalloc(sizeof(struct X11Private));
    pr->auth_protocol = NULL;
    pr->verified = 0;
    pr->data_read = 0;
    pr->c = c;

    sk_set_private_ptr(*s, pr);
    sk_addr_free(addr);
    return NULL;
}

void x11_close (Socket s) {
    struct X11Private *pr = (struct X11Private *)sk_get_private_ptr(s);

    if (pr->auth_protocol) {
        sfree(pr->auth_protocol);
        sfree(pr->auth_data);
    }

    sfree(pr);

    sk_close(s);
}

/*
 * Called to send data down the raw connection.
 */
void x11_send (Socket s, char *data, int len) {
    struct X11Private *pr = (struct X11Private *)sk_get_private_ptr(s);

    if (s == NULL)
	return;

    /*
     * Read the first packet.
     */
    while (len > 0 && pr->data_read < 12)
        pr->firstpkt[pr->data_read++] = (unsigned char)(len--, *data++);
    if (pr->data_read < 12)
        return;

    /*
     * If we have not allocated the auth_protocol and auth_data
     * strings, do so now.
     */
    if (!pr->auth_protocol) {
        pr->auth_plen = GET_16BIT(pr->firstpkt[0], pr->firstpkt+6);
        pr->auth_dlen = GET_16BIT(pr->firstpkt[0], pr->firstpkt+8);
        pr->auth_psize = (pr->auth_plen + 3) &~ 3;
        pr->auth_dsize = (pr->auth_dlen + 3) &~ 3;
        /* Leave room for a terminating zero, to make our lives easier. */
        pr->auth_protocol = (char *)smalloc(pr->auth_psize+1);
        pr->auth_data = (char *)smalloc(pr->auth_dsize);
    }

    /*
     * Read the auth_protocol and auth_data strings.
     */
    while (len > 0 && pr->data_read < 12 + pr->auth_psize)
        pr->auth_protocol[pr->data_read++ - 12] = (len--, *data++);
    while (len > 0 && pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
        pr->auth_data[pr->data_read++ - 12 -
                      pr->auth_psize] = (unsigned char)(len--, *data++);
    if (pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
        return;

    /*
     * If we haven't verified the authentication, do so now.
     */
    if (!pr->verified) {
        int ret;

        pr->auth_protocol[pr->auth_plen] = '\0';   /* ASCIZ */
        ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen);

        /*
         * If authentication failed, construct and send an error
         * packet, then terminate the connection.
         */
        if (!ret) {
            char message[] = "Authentication failed at PuTTY X11 proxy";
            unsigned char reply[8 + sizeof(message) + 4];
            int msglen = sizeof(message)-1;   /* skip zero byte */
            int msgsize = (msglen+3) &~ 3;
            reply[0] = 0;              /* failure */
            reply[1] = msglen;         /* length of reason string */
            memcpy(reply+2, pr->firstpkt+2, 4);   /* major/minor proto vsn */
            PUT_16BIT(pr->firstpkt[0], reply+6, msglen >> 2);   /* data len */
            memset(reply+8, 0, msgsize);
            memcpy(reply+8, message, msglen);
            sshfwd_write(pr->c, reply, 8+msgsize);
            sshfwd_close(pr->c);
            x11_close(s);
            return;
        }

        /*
         * Now we know we're going to accept the connection. Strip
         * the auth data. (TODO: if we ever work out how, we should
         * replace some real auth data in here.)
         */
        PUT_16BIT(pr->firstpkt[0], pr->firstpkt+6, 0);   /* auth proto */ 
        PUT_16BIT(pr->firstpkt[0], pr->firstpkt+8, 0);   /* auth data */
        sk_write(s, pr->firstpkt, 12);
        pr->verified = 1;
    }

    /*
     * After initialisation, just copy data simply.
     */

    sk_write(s, data, len);
}
Commit	Line	Data
9c964e85	1	#include <windows.h>
	2	#include <stdio.h>
	3	#include <stdlib.h>
	4
	5	#include "putty.h"
	6	#include "ssh.h"
	7
	8	#ifndef FALSE
	9	#define FALSE 0
	10	#endif
	11	#ifndef TRUE
	12	#define TRUE 1
	13	#endif
	14
	15	#define GET_32BIT_LSB_FIRST(cp) \
	16	(((unsigned long)(unsigned char)(cp)[0]) \| \
	17	((unsigned long)(unsigned char)(cp)[1] << 8) \| \
	18	((unsigned long)(unsigned char)(cp)[2] << 16) \| \
	19	((unsigned long)(unsigned char)(cp)[3] << 24))
	20
	21	#define PUT_32BIT_LSB_FIRST(cp, value) ( \
	22	(cp)[0] = (value), \
	23	(cp)[1] = (value) >> 8, \
	24	(cp)[2] = (value) >> 16, \
	25	(cp)[3] = (value) >> 24 )
	26
	27	#define GET_16BIT_LSB_FIRST(cp) \
	28	(((unsigned long)(unsigned char)(cp)[0]) \| \
	29	((unsigned long)(unsigned char)(cp)[1] << 8))
	30
	31	#define PUT_16BIT_LSB_FIRST(cp, value) ( \
	32	(cp)[0] = (value), \
	33	(cp)[1] = (value) >> 8 )
	34
	35	#define GET_32BIT_MSB_FIRST(cp) \
	36	(((unsigned long)(unsigned char)(cp)[0] << 24) \| \
	37	((unsigned long)(unsigned char)(cp)[1] << 16) \| \
	38	((unsigned long)(unsigned char)(cp)[2] << 8) \| \
	39	((unsigned long)(unsigned char)(cp)[3]))
	40
	41	#define PUT_32BIT_MSB_FIRST(cp, value) ( \
	42	(cp)[0] = (value) >> 24, \
	43	(cp)[1] = (value) >> 16, \
	44	(cp)[2] = (value) >> 8, \
	45	(cp)[3] = (value) )
	46
	47	#define GET_16BIT_MSB_FIRST(cp) \
	48	(((unsigned long)(unsigned char)(cp)[0] << 8) \| \
	49	((unsigned long)(unsigned char)(cp)[1]))
	50
	51	#define PUT_16BIT_MSB_FIRST(cp, value) ( \
	52	(cp)[0] = (value) >> 8, \
	53	(cp)[1] = (value) )
	54
	55	#define GET_16BIT(endian, cp) \
	56	(endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))
	57
	58	#define PUT_16BIT(endian, cp, val) \
	59	(endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
	60
	61	extern void sshfwd_close(void *);
	62	extern void sshfwd_write(void , char , int);
	63
	64	struct X11Private {
65	unsigned char firstpkt[12]; /* first X data packet */
66	char *auth_protocol;
67	unsigned char *auth_data;
68	int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
69	int verified;
70	void c; / data used by ssh.c */
71	};
72
73	void x11_close (Socket s);
74
75	static unsigned char x11_authdata[64];
76	static int x11_authdatalen;
77
78	void x11_invent_auth(char *proto, int protomaxlen,
79	char *data, int datamaxlen) {
80	char ourdata[64];
81	int i;
82
83	/* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
84	x11_authdatalen = 16;
85	for (i = 0; i < 16; i++)
86	x11_authdata[i] = random_byte();
87
88	/* Now format for the recipient. */
89	strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
90	ourdata[0] = '\0';
91	for (i = 0; i < x11_authdatalen; i++)
92	sprintf(ourdata+strlen(ourdata), "%02x", x11_authdata[i]);
93	strncpy(data, ourdata, datamaxlen);
94	}
95
96	static int x11_verify(char proto, unsigned char data, int dlen) {
97	if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
98	return 0; /* wrong protocol attempted */
99	if (dlen != x11_authdatalen)
100	return 0; /* cookie was wrong length */
101	if (memcmp(x11_authdata, data, dlen) != 0)
102	return 0; /* cookie was wrong cookie! */
103	return 1;
104	}
105
106	static int x11_receive (Socket s, int urgent, char *data, int len) {
107	struct X11Private pr = (struct X11Private )sk_get_private_ptr(s);
108
109	if (!len) {
110	/* Connection has closed. */
111	sshfwd_close(pr->c);
112	x11_close(s);
113	return 1;
114	}
115	sshfwd_write(pr->c, data, len);
116	return 1;
117	}
118
119	/*
120	* Called to set up the raw connection.
121	*
122	* Returns an error message, or NULL on success.
123	* also, fills the SocketsStructure
124	*
125	* Also places the canonical host name into `realhost'.
126	*/
127	char x11_init (Socket s, char display, void c, char **realhost) {
128	SockAddr addr;
129	int port;
130	char *err;
131	char host[128];
132	int n, displaynum;
133	struct X11Private *pr;
134
135	/*
136	* Split up display name into host and display-number parts.
137	*/
138	n = strcspn(display, ":");
139	if (display[n])
140	displaynum = atoi(display+n+1);
141	else
142	displaynum = 0; /* sensible default */
143	if (n > sizeof(host)-1)
144	n = sizeof(host)-1;
145	strncpy(host, display, n);
146	host[n] = '\0';
147
148	/*
149	* Try to find host.
150	*/
151	addr = sk_namelookup(host, realhost);
152	if ( (err = sk_addr_error(addr)) )
153	return err;
154
155	port = 6000 + displaynum;
156
157	/*
158	* Open socket.
159	*/
160	*s = sk_new(addr, port, 0, x11_receive);
161	if ( (err = sk_socket_error(*s)) )
162	return err;
163
164	pr = (struct X11Private *)smalloc(sizeof(struct X11Private));
165	pr->auth_protocol = NULL;
166	pr->verified = 0;
167	pr->data_read = 0;
168	pr->c = c;
169
170	sk_set_private_ptr(*s, pr);
171	sk_addr_free(addr);
172	return NULL;
173	}
174
175	void x11_close (Socket s) {
176	struct X11Private pr = (struct X11Private )sk_get_private_ptr(s);
177
178	if (pr->auth_protocol) {
179	sfree(pr->auth_protocol);
180	sfree(pr->auth_data);
181	}
182
183	sfree(pr);
184
185	sk_close(s);
186	}
187
188	/*
189	* Called to send data down the raw connection.
190	*/
191	void x11_send (Socket s, char *data, int len) {
192	struct X11Private pr = (struct X11Private )sk_get_private_ptr(s);
193
194	if (s == NULL)
195	return;
196
197	/*
198	* Read the first packet.
199	*/
200	while (len > 0 && pr->data_read < 12)
201	pr->firstpkt[pr->data_read++] = (unsigned char)(len--, *data++);
202	if (pr->data_read < 12)
203	return;
204
205	/*
206	* If we have not allocated the auth_protocol and auth_data
207	* strings, do so now.
208	*/
209	if (!pr->auth_protocol) {
210	pr->auth_plen = GET_16BIT(pr->firstpkt[0], pr->firstpkt+6);
211	pr->auth_dlen = GET_16BIT(pr->firstpkt[0], pr->firstpkt+8);
212	pr->auth_psize = (pr->auth_plen + 3) &~ 3;
213	pr->auth_dsize = (pr->auth_dlen + 3) &~ 3;
214	/* Leave room for a terminating zero, to make our lives easier. */
215	pr->auth_protocol = (char *)smalloc(pr->auth_psize+1);
216	pr->auth_data = (char *)smalloc(pr->auth_dsize);
217	}
218
219	/*
220	* Read the auth_protocol and auth_data strings.
221	*/
222	while (len > 0 && pr->data_read < 12 + pr->auth_psize)
223	pr->auth_protocol[pr->data_read++ - 12] = (len--, *data++);
224	while (len > 0 && pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
225	pr->auth_data[pr->data_read++ - 12 -
226	pr->auth_psize] = (unsigned char)(len--, *data++);
227	if (pr->data_read < 12 + pr->auth_psize + pr->auth_dsize)
228	return;
229
230	/*
231	* If we haven't verified the authentication, do so now.
232	*/
233	if (!pr->verified) {
234	int ret;
235
236	pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */
237	ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen);
238
239	/*
240	* If authentication failed, construct and send an error
241	* packet, then terminate the connection.
242	*/
243	if (!ret) {
244	char message[] = "Authentication failed at PuTTY X11 proxy";
245	unsigned char reply[8 + sizeof(message) + 4];
246	int msglen = sizeof(message)-1; /* skip zero byte */
247	int msgsize = (msglen+3) &~ 3;
248	reply[0] = 0; /* failure */
249	reply[1] = msglen; /* length of reason string */
250	memcpy(reply+2, pr->firstpkt+2, 4); /* major/minor proto vsn */
251	PUT_16BIT(pr->firstpkt[0], reply+6, msglen >> 2); /* data len */
252	memset(reply+8, 0, msgsize);
253	memcpy(reply+8, message, msglen);
254	sshfwd_write(pr->c, reply, 8+msgsize);
255	sshfwd_close(pr->c);
256	x11_close(s);
257	return;
258	}
259
260	/*
261	* Now we know we're going to accept the connection. Strip
262	* the auth data. (TODO: if we ever work out how, we should
263	* replace some real auth data in here.)
264	*/
265	PUT_16BIT(pr->firstpkt[0], pr->firstpkt+6, 0); /* auth proto */
266	PUT_16BIT(pr->firstpkt[0], pr->firstpkt+8, 0); /* auth data */
267	sk_write(s, pr->firstpkt, 12);
268	pr->verified = 1;
269	}
270
271	/*
272	* After initialisation, just copy data simply.
273	*/
274
275	sk_write(s, data, len);
276	}