- int ret;
-
- pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */
- ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen);
-
- /*
- * If authentication failed, construct and send an error
- * packet, then terminate the connection.
- */
- if (!ret) {
- char message[] = "Authentication failed at PuTTY X11 proxy";
- unsigned char reply[8 + sizeof(message) + 4];
- int msglen = sizeof(message)-1; /* skip zero byte */
- int msgsize = (msglen+3) &~ 3;
- reply[0] = 0; /* failure */
- reply[1] = msglen; /* length of reason string */
- memcpy(reply+2, pr->firstpkt+2, 4); /* major/minor proto vsn */
- PUT_16BIT(pr->firstpkt[0], reply+6, msglen >> 2); /* data len */
- memset(reply+8, 0, msgsize);
- memcpy(reply+8, message, msglen);
- sshfwd_write(pr->c, reply, 8+msgsize);
- sshfwd_close(pr->c);
- x11_close(s);
- return;
+ char *err;
+
+ pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */
+ err = x11_verify(pr->peer_ip, pr->peer_port,
+ pr->auth, pr->auth_protocol,
+ pr->auth_data, pr->auth_dlen);
+
+ /*
+ * If authentication failed, construct and send an error
+ * packet, then terminate the connection.
+ */
+ if (err) {
+ char *message;
+ int msglen, msgsize;
+ unsigned char *reply;
+
+ message = dupprintf("PuTTY X11 proxy: %s", err);
+ msglen = strlen(message);
+ reply = snewn(8 + msglen+1 + 4, unsigned char); /* include zero */
+ msgsize = (msglen + 3) & ~3;
+ reply[0] = 0; /* failure */
+ reply[1] = msglen; /* length of reason string */
+ memcpy(reply + 2, pr->firstpkt + 2, 4); /* major/minor proto vsn */
+ PUT_16BIT(pr->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
+ memset(reply + 8, 0, msgsize);
+ memcpy(reply + 8, message, msglen);
+ sshfwd_write(pr->c, (char *)reply, 8 + msgsize);
+ sshfwd_close(pr->c);
+ x11_close(s);
+ sfree(reply);
+ sfree(message);
+ return 0;
+ }
+
+ /*
+ * Now we know we're going to accept the connection. Strip
+ * the fake auth data, and optionally put real auth data in
+ * instead.
+ */
+ {
+ char realauthdata[64];
+ int realauthlen = 0;
+ int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
+ int buflen = 0; /* initialise to placate optimiser */
+ static const char zeroes[4] = { 0,0,0,0 };
+ void *buf;
+
+ if (pr->auth->realproto == X11_MIT) {
+ assert(pr->auth->reallen <= lenof(realauthdata));
+ realauthlen = pr->auth->reallen;
+ memcpy(realauthdata, pr->auth->realdata, realauthlen);
+ } else if (pr->auth->realproto == X11_XDM &&
+ pr->auth->reallen == 16 &&
+ ((buf = sk_getxdmdata(s, &buflen))!=0)) {
+ time_t t;
+ realauthlen = (buflen+12+7) & ~7;
+ assert(realauthlen <= lenof(realauthdata));
+ memset(realauthdata, 0, realauthlen);
+ memcpy(realauthdata, pr->auth->realdata, 8);
+ memcpy(realauthdata+8, buf, buflen);
+ t = time(NULL);
+ PUT_32BIT_MSB_FIRST(realauthdata+8+buflen, t);
+ des_encrypt_xdmauth(pr->auth->realdata+9,
+ (unsigned char *)realauthdata,
+ realauthlen);
+ sfree(buf);
+ }
+ /* implement other auth methods here if required */
+
+ PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
+ PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
+
+ sk_write(s, (char *)pr->firstpkt, 12);
+
+ if (authstrlen) {
+ sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
+ sk_write(s, zeroes, 3 & (-authstrlen));
+ }
+ if (realauthlen) {
+ sk_write(s, realauthdata, realauthlen);
+ sk_write(s, zeroes, 3 & (-realauthlen));
+ }