X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/6e7f5aeeca612c150acbeee265c44061c3beaa3d..62ddb51e0424dd4bd1098b024f2427959aefc729:/x11fwd.c diff --git a/x11fwd.c b/x11fwd.c index 5ef53d49..139cb775 100644 --- a/x11fwd.c +++ b/x11fwd.c @@ -1,3 +1,7 @@ +/* + * Platform-independent bits of X11 forwarding. + */ + #include #include #include @@ -5,46 +9,7 @@ #include "putty.h" #include "ssh.h" - -#define GET_32BIT_LSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0]) | \ - ((unsigned long)(unsigned char)(cp)[1] << 8) | \ - ((unsigned long)(unsigned char)(cp)[2] << 16) | \ - ((unsigned long)(unsigned char)(cp)[3] << 24)) - -#define PUT_32BIT_LSB_FIRST(cp, value) ( \ - (cp)[0] = (value), \ - (cp)[1] = (value) >> 8, \ - (cp)[2] = (value) >> 16, \ - (cp)[3] = (value) >> 24 ) - -#define GET_16BIT_LSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0]) | \ - ((unsigned long)(unsigned char)(cp)[1] << 8)) - -#define PUT_16BIT_LSB_FIRST(cp, value) ( \ - (cp)[0] = (value), \ - (cp)[1] = (value) >> 8 ) - -#define GET_32BIT_MSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0] << 24) | \ - ((unsigned long)(unsigned char)(cp)[1] << 16) | \ - ((unsigned long)(unsigned char)(cp)[2] << 8) | \ - ((unsigned long)(unsigned char)(cp)[3])) - -#define PUT_32BIT_MSB_FIRST(cp, value) ( \ - (cp)[0] = (value) >> 24, \ - (cp)[1] = (value) >> 16, \ - (cp)[2] = (value) >> 8, \ - (cp)[3] = (value) ) - -#define GET_16BIT_MSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0] << 8) | \ - ((unsigned long)(unsigned char)(cp)[1])) - -#define PUT_16BIT_MSB_FIRST(cp, value) ( \ - (cp)[0] = (value) >> 8, \ - (cp)[1] = (value) ) +#include "tree234.h" #define GET_16BIT(endian, cp) \ (endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp)) @@ -56,15 +21,18 @@ const char *const x11_authnames[] = { "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1" }; +struct XDMSeen { + unsigned int time; + unsigned char clientid[6]; +}; + struct X11Auth { unsigned char fakedata[64], realdata[64]; int fakeproto, realproto; int fakelen, reallen; + tree234 *xdmseen; }; -extern void platform_get_x11_auth(char *display, int *proto, - unsigned char *data, int *datalen); - struct X11Private { const struct plug_function_table *fn; /* the above variable absolutely *must* be the first in this structure */ @@ -75,23 +43,45 @@ struct X11Private { int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize; int verified; int throttled, throttle_override; + unsigned long peer_ip; + int peer_port; void *c; /* data used by ssh.c */ Socket s; }; +static int xdmseen_cmp(void *a, void *b) +{ + struct XDMSeen *sa = a, *sb = b; + return sa->time > sb->time ? 1 : + sa->time < sb->time ? -1 : + memcmp(sa->clientid, sb->clientid, sizeof(sa->clientid)); +} + void *x11_invent_auth(char *proto, int protomaxlen, - char *data, int datamaxlen) + char *data, int datamaxlen, int proto_id) { - struct X11Auth *auth = smalloc(sizeof(struct X11Auth)); + struct X11Auth *auth = snew(struct X11Auth); char ourdata[64]; int i; - auth->fakeproto = X11_MIT; + if (proto_id == X11_MIT) { + auth->fakeproto = X11_MIT; - /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */ - auth->fakelen = 16; - for (i = 0; i < 16; i++) - auth->fakedata[i] = random_byte(); + /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */ + auth->fakelen = 16; + for (i = 0; i < 16; i++) + auth->fakedata[i] = random_byte(); + auth->xdmseen = NULL; + } else { + assert(proto_id == X11_XDM); + auth->fakeproto = X11_XDM; + + /* XDM-AUTHORIZATION-1. Cookie size is 16 bytes; byte 8 is zero. */ + auth->fakelen = 16; + for (i = 0; i < 16; i++) + auth->fakedata[i] = (i == 8 ? 0 : random_byte()); + auth->xdmseen = newtree234(xdmseen_cmp); + } /* Now format for the recipient. */ strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen); @@ -103,6 +93,19 @@ void *x11_invent_auth(char *proto, int protomaxlen, return auth; } +void x11_free_auth(void *authv) +{ + struct X11Auth *auth = (struct X11Auth *)authv; + struct XDMSeen *seen; + + if (auth->xdmseen != NULL) { + while ((seen = delpos234(auth->xdmseen, 0)) != NULL) + sfree(seen); + freetree234(auth->xdmseen); + } + sfree(auth); +} + /* * Fetch the real auth data for a given display string, and store * it in an X11Auth structure. Returns NULL on success, or an error @@ -119,22 +122,73 @@ void x11_get_real_auth(void *authv, char *display) auth->realdata, &auth->reallen); } -static int x11_verify(struct X11Auth *auth, - char *proto, unsigned char *data, int dlen) +#define XDM_MAXSKEW 20*60 /* 20 minute clock skew should be OK */ + +static char *x11_verify(unsigned long peer_ip, int peer_port, + struct X11Auth *auth, char *proto, + unsigned char *data, int dlen) { if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0) - return 0; /* wrong protocol attempted */ + return "wrong authentication protocol attempted"; if (auth->fakeproto == X11_MIT) { if (dlen != auth->fakelen) - return 0; /* cookie was wrong length */ + return "MIT-MAGIC-COOKIE-1 data was wrong length"; if (memcmp(auth->fakedata, data, dlen) != 0) - return 0; /* cookie was wrong cookie! */ + return "MIT-MAGIC-COOKIE-1 data did not match"; + } + if (auth->fakeproto == X11_XDM) { + unsigned long t; + time_t tim; + int i; + struct XDMSeen *seen, *ret; + + if (dlen != 24) + return "XDM-AUTHORIZATION-1 data was wrong length"; + if (peer_port == -1) + return "cannot do XDM-AUTHORIZATION-1 without remote address data"; + des_decrypt_xdmauth(auth->fakedata+9, data, 24); + if (memcmp(auth->fakedata, data, 8) != 0) + return "XDM-AUTHORIZATION-1 data failed check"; /* cookie wrong */ + if (GET_32BIT_MSB_FIRST(data+8) != peer_ip) + return "XDM-AUTHORIZATION-1 data failed check"; /* IP wrong */ + if ((int)GET_16BIT_MSB_FIRST(data+12) != peer_port) + return "XDM-AUTHORIZATION-1 data failed check"; /* port wrong */ + t = GET_32BIT_MSB_FIRST(data+14); + for (i = 18; i < 24; i++) + if (data[i] != 0) /* zero padding wrong */ + return "XDM-AUTHORIZATION-1 data failed check"; + tim = time(NULL); + if (abs(t - tim) > XDM_MAXSKEW) + return "XDM-AUTHORIZATION-1 time stamp was too far out"; + seen = snew(struct XDMSeen); + seen->time = t; + memcpy(seen->clientid, data+8, 6); + assert(auth->xdmseen != NULL); + ret = add234(auth->xdmseen, seen); + if (ret != seen) { + sfree(seen); + return "XDM-AUTHORIZATION-1 data replayed"; + } + /* While we're here, purge entries too old to be replayed. */ + for (;;) { + seen = index234(auth->xdmseen, 0); + assert(seen != NULL); + if (t - seen->time <= XDM_MAXSKEW) + break; + sfree(delpos234(auth->xdmseen, 0)); + } } /* implement other protocols here if ever required */ - return 1; + return NULL; +} + +static void x11_log(Plug p, int type, SockAddr addr, int port, + const char *error_msg, int error_code) +{ + /* We have no interface to the logging module here, so we drop these. */ } -static int x11_closing(Plug plug, char *error_msg, int error_code, +static int x11_closing(Plug plug, const char *error_msg, int error_code, int calling_back) { struct X11Private *pr = (struct X11Private *) plug; @@ -186,15 +240,36 @@ int x11_get_screen_number(char *display) return atoi(display + n + 1); } +/* Find the right display, returns an allocated string */ +char *x11_display(const char *display) { + char *ret; + if(!display || !*display) { + /* try to find platform-specific local display */ + if((ret = platform_get_x_display())==0 || !*ret) + /* plausible default for all platforms */ + ret = dupstr(":0"); + } else + ret = dupstr(display); + if(ret[0] == ':') { + /* no transport specified, use whatever we think is best */ + char *s = dupcat(platform_x11_best_transport, ret, (char *)0); + sfree(ret); + return s; + } else + return ret; +} + /* * Called to set up the raw connection. * * Returns an error message, or NULL on success. * also, fills the SocketsStructure */ -char *x11_init(Socket * s, char *display, void *c, void *auth) +const char *x11_init(Socket * s, char *display, void *c, void *auth, + const char *peeraddr, int peerport, const Config *cfg) { static const struct plug_function_table fn_table = { + x11_log, x11_closing, x11_receive, x11_sent, @@ -203,45 +278,51 @@ char *x11_init(Socket * s, char *display, void *c, void *auth) SockAddr addr; int port; - char *err, *dummy_realhost; + const char *err; + char *dummy_realhost; char host[128]; int n, displaynum; struct X11Private *pr; + /* default display */ + display = x11_display(display); /* * Split up display name into host and display-number parts. */ n = strcspn(display, ":"); + assert(n != 0); /* x11_display() promises this */ if (display[n]) displaynum = atoi(display + n + 1); else displaynum = 0; /* sensible default */ if (n > sizeof(host) - 1) n = sizeof(host) - 1; - if (n > 0) { - strncpy(host, display, n); - host[n] = '\0'; + strncpy(host, display, n); + host[n] = '\0'; + sfree(display); + + if(!strcmp(host, "unix")) { + /* use AF_UNIX sockets (doesn't make sense on all platforms) */ + addr = platform_get_x11_unix_address(displaynum, + &dummy_realhost); + port = 0; /* to show we are not confused */ } else { + port = 6000 + displaynum; + /* - * Local display numbers, particularly on Unix, often omit - * the display part completely. + * Try to find host. */ - strcpy(host, "localhost"); + addr = name_lookup(host, port, &dummy_realhost, cfg, ADDRTYPE_UNSPEC); + if ((err = sk_addr_error(addr)) != NULL) { + sk_addr_free(addr); + return err; + } } - port = 6000 + displaynum; - - /* - * Try to find host. - */ - addr = name_lookup(host, port, &dummy_realhost); - if ((err = sk_addr_error(addr)) != NULL) - return err; - /* * Open socket. */ - pr = (struct X11Private *) smalloc(sizeof(struct X11Private)); + pr = snew(struct X11Private); pr->fn = &fn_table; pr->auth_protocol = NULL; pr->auth = (struct X11Auth *)auth; @@ -250,14 +331,29 @@ char *x11_init(Socket * s, char *display, void *c, void *auth) pr->throttled = pr->throttle_override = 0; pr->c = c; - pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr); + pr->s = *s = new_connection(addr, dummy_realhost, port, + 0, 1, 0, 0, (Plug) pr, cfg); if ((err = sk_socket_error(*s)) != NULL) { sfree(pr); return err; } + /* + * See if we can make sense of the peer address we were given. + */ + { + int i[4]; + if (peeraddr && + 4 == sscanf(peeraddr, "%d.%d.%d.%d", i+0, i+1, i+2, i+3)) { + pr->peer_ip = (i[0] << 24) | (i[1] << 16) | (i[2] << 8) | i[3]; + pr->peer_port = peerport; + } else { + pr->peer_ip = 0; + pr->peer_port = -1; + } + } + sk_set_private_ptr(*s, pr); - sk_addr_free(addr); return NULL; } @@ -304,10 +400,10 @@ void x11_override_throttle(Socket s, int enable) */ int x11_send(Socket s, char *data, int len) { - struct X11Private *pr = (struct X11Private *) sk_get_private_ptr(s); - - if (s == NULL) + struct X11Private *pr; + if (!s) return 0; + pr = (struct X11Private *) sk_get_private_ptr(s); /* * Read the first packet. @@ -327,8 +423,8 @@ int x11_send(Socket s, char *data, int len) pr->auth_psize = (pr->auth_plen + 3) & ~3; pr->auth_dsize = (pr->auth_dlen + 3) & ~3; /* Leave room for a terminating zero, to make our lives easier. */ - pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1); - pr->auth_data = (unsigned char *) smalloc(pr->auth_dsize); + pr->auth_protocol = snewn(pr->auth_psize + 1, char); + pr->auth_data = snewn(pr->auth_dsize, unsigned char); } /* @@ -346,21 +442,26 @@ int x11_send(Socket s, char *data, int len) * If we haven't verified the authentication, do so now. */ if (!pr->verified) { - int ret; + char *err; pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */ - ret = x11_verify(pr->auth, pr->auth_protocol, + err = x11_verify(pr->peer_ip, pr->peer_port, + pr->auth, pr->auth_protocol, pr->auth_data, pr->auth_dlen); /* * If authentication failed, construct and send an error * packet, then terminate the connection. */ - if (!ret) { - char message[] = "Authentication failed at PuTTY X11 proxy"; - unsigned char reply[8 + sizeof(message) + 4]; - int msglen = sizeof(message) - 1; /* skip zero byte */ - int msgsize = (msglen + 3) & ~3; + if (err) { + char *message; + int msglen, msgsize; + unsigned char *reply; + + message = dupprintf("PuTTY X11 proxy: %s", err); + msglen = strlen(message); + reply = snewn(8 + msglen+1 + 4, unsigned char); /* include zero */ + msgsize = (msglen + 3) & ~3; reply[0] = 0; /* failure */ reply[1] = msglen; /* length of reason string */ memcpy(reply + 2, pr->firstpkt + 2, 4); /* major/minor proto vsn */ @@ -370,6 +471,8 @@ int x11_send(Socket s, char *data, int len) sshfwd_write(pr->c, (char *)reply, 8 + msgsize); sshfwd_close(pr->c); x11_close(s); + sfree(reply); + sfree(message); return 0; } @@ -382,9 +485,9 @@ int x11_send(Socket s, char *data, int len) char realauthdata[64]; int realauthlen = 0; int authstrlen = strlen(x11_authnames[pr->auth->realproto]); - unsigned long ip; - int port; + int buflen = 0; /* initialise to placate optimiser */ static const char zeroes[4] = { 0,0,0,0 }; + void *buf; if (pr->auth->realproto == X11_MIT) { assert(pr->auth->reallen <= lenof(realauthdata)); @@ -392,17 +495,19 @@ int x11_send(Socket s, char *data, int len) memcpy(realauthdata, pr->auth->realdata, realauthlen); } else if (pr->auth->realproto == X11_XDM && pr->auth->reallen == 16 && - sk_getxdmdata(s, &ip, &port)) { + ((buf = sk_getxdmdata(s, &buflen))!=0)) { time_t t; - realauthlen = 24; - memset(realauthdata, 0, 24); + realauthlen = (buflen+12+7) & ~7; + assert(realauthlen <= lenof(realauthdata)); + memset(realauthdata, 0, realauthlen); memcpy(realauthdata, pr->auth->realdata, 8); - PUT_32BIT_MSB_FIRST(realauthdata+8, ip); - PUT_16BIT_MSB_FIRST(realauthdata+12, port); + memcpy(realauthdata+8, buf, buflen); t = time(NULL); - PUT_32BIT_MSB_FIRST(realauthdata+14, t); + PUT_32BIT_MSB_FIRST(realauthdata+8+buflen, t); des_encrypt_xdmauth(pr->auth->realdata+9, - (unsigned char *)realauthdata, 24); + (unsigned char *)realauthdata, + realauthlen); + sfree(buf); } /* implement other auth methods here if required */