-#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
#include "putty.h"
#include "ssh.h"
#define PUT_16BIT(endian, cp, val) \
(endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
+const char *const x11_authnames[] = {
+ "", "MIT-MAGIC-COOKIE-1"
+};
+
struct X11Auth {
- unsigned char data[64];
- int len;
+ unsigned char fakedata[64], realdata[64];
+ int fakeproto, realproto;
+ int fakelen, reallen;
};
+extern void platform_get_x11_auth(char *display, int *proto,
+ unsigned char *data, int *datalen);
+
struct X11Private {
const struct plug_function_table *fn;
/* the above variable absolutely *must* be the first in this structure */
Socket s;
};
-void x11_close(Socket s);
-
void *x11_invent_auth(char *proto, int protomaxlen,
char *data, int datamaxlen)
{
char ourdata[64];
int i;
+ auth->fakeproto = X11_MIT;
+
/* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
- auth->len = 16;
+ auth->fakelen = 16;
for (i = 0; i < 16; i++)
- auth->data[i] = random_byte();
+ auth->fakedata[i] = random_byte();
/* Now format for the recipient. */
- strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
+ strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen);
ourdata[0] = '\0';
- for (i = 0; i < auth->len; i++)
- sprintf(ourdata + strlen(ourdata), "%02x", auth->data[i]);
+ for (i = 0; i < auth->fakelen; i++)
+ sprintf(ourdata + strlen(ourdata), "%02x", auth->fakedata[i]);
strncpy(data, ourdata, datamaxlen);
return auth;
}
+/*
+ * Fetch the real auth data for a given display string, and store
+ * it in an X11Auth structure. Returns NULL on success, or an error
+ * string.
+ */
+void x11_get_real_auth(void *authv, char *display)
+{
+ struct X11Auth *auth = (struct X11Auth *)authv;
+
+ auth->realproto = X11_NO_AUTH; /* in case next call does nothing */
+
+ auth->reallen = sizeof(auth->realdata);
+ platform_get_x11_auth(display, &auth->realproto,
+ auth->realdata, &auth->reallen);
+}
+
static int x11_verify(struct X11Auth *auth,
char *proto, unsigned char *data, int dlen)
{
- if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
+ if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
return 0; /* wrong protocol attempted */
- if (dlen != auth->len)
- return 0; /* cookie was wrong length */
- if (memcmp(auth->data, data, dlen) != 0)
- return 0; /* cookie was wrong cookie! */
+ if (auth->fakeproto == X11_MIT) {
+ if (dlen != auth->fakelen)
+ return 0; /* cookie was wrong length */
+ if (memcmp(auth->fakedata, data, dlen) != 0)
+ return 0; /* cookie was wrong cookie! */
+ }
+ /* implement other protocols here if ever required */
return 1;
}
}
/*
+ * When setting up X forwarding, we should send the screen number
+ * from the specified local display. This function extracts it from
+ * the display string.
+ */
+int x11_get_screen_number(char *display)
+{
+ int n;
+
+ n = strcspn(display, ":");
+ if (!display[n])
+ return 0;
+ n = strcspn(display, ".");
+ if (!display[n])
+ return 0;
+ return atoi(display + n + 1);
+}
+
+/*
* Called to set up the raw connection.
*
* Returns an error message, or NULL on success.
displaynum = 0; /* sensible default */
if (n > sizeof(host) - 1)
n = sizeof(host) - 1;
- strncpy(host, display, n);
- host[n] = '\0';
+ if (n > 0) {
+ strncpy(host, display, n);
+ host[n] = '\0';
+ } else {
+ /*
+ * Local display numbers, particularly on Unix, often omit
+ * the display part completely.
+ */
+ strcpy(host, "localhost");
+ }
+
+ port = 6000 + displaynum;
/*
* Try to find host.
*/
- addr = sk_namelookup(host, &dummy_realhost);
- if ((err = sk_addr_error(addr)))
+ addr = name_lookup(host, port, &dummy_realhost);
+ if ((err = sk_addr_error(addr)) != NULL)
return err;
- port = 6000 + displaynum;
-
/*
* Open socket.
*/
pr->c = c;
pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr);
- if ((err = sk_socket_error(*s))) {
+ if ((err = sk_socket_error(*s)) != NULL) {
sfree(pr);
return err;
}
pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
/* Leave room for a terminating zero, to make our lives easier. */
pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
- pr->auth_data = (char *) smalloc(pr->auth_dsize);
+ pr->auth_data = (unsigned char *) smalloc(pr->auth_dsize);
}
/*
PUT_16BIT(pr->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
memset(reply + 8, 0, msgsize);
memcpy(reply + 8, message, msglen);
- sshfwd_write(pr->c, reply, 8 + msgsize);
+ sshfwd_write(pr->c, (char *)reply, 8 + msgsize);
sshfwd_close(pr->c);
x11_close(s);
return 0;
/*
* Now we know we're going to accept the connection. Strip
- * the auth data. (TODO: if we ever work out how, we should
- * replace some real auth data in here.)
+ * the fake auth data, and optionally put real auth data in
+ * instead.
*/
- PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, 0); /* auth proto */
- PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, 0); /* auth data */
- sk_write(s, pr->firstpkt, 12);
+ {
+ char realauthdata[64];
+ int realauthlen = 0;
+ int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
+ static const char zeroes[4] = { 0,0,0,0 };
+
+ if (pr->auth->realproto == X11_MIT) {
+ assert(pr->auth->reallen <= lenof(realauthdata));
+ realauthlen = pr->auth->reallen;
+ memcpy(realauthdata, pr->auth->realdata, realauthlen);
+ }
+ /* implement other auth methods here if required */
+
+ PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
+ PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
+
+ sk_write(s, (char *)pr->firstpkt, 12);
+
+ if (authstrlen) {
+ sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
+ sk_write(s, zeroes, 3 & (-authstrlen));
+ }
+ if (realauthlen) {
+ sk_write(s, realauthdata, realauthlen);
+ sk_write(s, zeroes, 3 & (-realauthlen));
+ }
+ }
pr->verified = 1;
}
projects / u / mdw / putty / blobdiff