X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/75105663bb397a7f141a9a1af50062b47825324b..6e7f5aeeca612c150acbeee265c44061c3beaa3d:/x11fwd.c

diff --git a/x11fwd.c b/x11fwd.c
index ac0ff04a..5ef53d49 100644
--- a/x11fwd.c
+++ b/x11fwd.c
@@ -1,17 +1,11 @@
-#include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>
+#include <time.h>
 
 #include "putty.h"
 #include "ssh.h"
 
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE 1
-#endif
-
 #define GET_32BIT_LSB_FIRST(cp) \
   (((unsigned long)(unsigned char)(cp)[0]) | \
   ((unsigned long)(unsigned char)(cp)[1] << 8) | \
@@ -58,10 +52,24 @@
 #define PUT_16BIT(endian, cp, val) \
   (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
 
+const char *const x11_authnames[] = {
+    "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1"
+};
+
+struct X11Auth {
+    unsigned char fakedata[64], realdata[64];
+    int fakeproto, realproto;
+    int fakelen, reallen;
+};
+
+extern void platform_get_x11_auth(char *display, int *proto,
+                                  unsigned char *data, int *datalen);
+
 struct X11Private {
-    struct plug_function_table *fn;
+    const struct plug_function_table *fn;
     /* the above variable absolutely *must* be the first in this structure */
     unsigned char firstpkt[12];	       /* first X data packet */
+    struct X11Auth *auth;
     char *auth_protocol;
     unsigned char *auth_data;
     int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
@@ -71,38 +79,58 @@ struct X11Private {
     Socket s;
 };
 
-void x11_close(Socket s);
-
-static unsigned char x11_authdata[64];
-static int x11_authdatalen;
-
-void x11_invent_auth(char *proto, int protomaxlen,
+void *x11_invent_auth(char *proto, int protomaxlen,
 		     char *data, int datamaxlen)
 {
+    struct X11Auth *auth = smalloc(sizeof(struct X11Auth));
     char ourdata[64];
     int i;
 
+    auth->fakeproto = X11_MIT;
+
     /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
-    x11_authdatalen = 16;
+    auth->fakelen = 16;
     for (i = 0; i < 16; i++)
-	x11_authdata[i] = random_byte();
+	auth->fakedata[i] = random_byte();
 
     /* Now format for the recipient. */
-    strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
+    strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen);
     ourdata[0] = '\0';
-    for (i = 0; i < x11_authdatalen; i++)
-	sprintf(ourdata + strlen(ourdata), "%02x", x11_authdata[i]);
+    for (i = 0; i < auth->fakelen; i++)
+	sprintf(ourdata + strlen(ourdata), "%02x", auth->fakedata[i]);
     strncpy(data, ourdata, datamaxlen);
+
+    return auth;
+}
+
+/*
+ * Fetch the real auth data for a given display string, and store
+ * it in an X11Auth structure. Returns NULL on success, or an error
+ * string.
+ */
+void x11_get_real_auth(void *authv, char *display)
+{
+    struct X11Auth *auth = (struct X11Auth *)authv;
+
+    auth->realproto = X11_NO_AUTH;     /* in case next call does nothing */
+
+    auth->reallen = sizeof(auth->realdata);
+    platform_get_x11_auth(display, &auth->realproto,
+                          auth->realdata, &auth->reallen);
 }
 
-static int x11_verify(char *proto, unsigned char *data, int dlen)
+static int x11_verify(struct X11Auth *auth,
+		      char *proto, unsigned char *data, int dlen)
 {
-    if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
+    if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
 	return 0;		       /* wrong protocol attempted */
-    if (dlen != x11_authdatalen)
-	return 0;		       /* cookie was wrong length */
-    if (memcmp(x11_authdata, data, dlen) != 0)
-	return 0;		       /* cookie was wrong cookie! */
+    if (auth->fakeproto == X11_MIT) {
+        if (dlen != auth->fakelen)
+            return 0;		       /* cookie was wrong length */
+        if (memcmp(auth->fakedata, data, dlen) != 0)
+            return 0;		       /* cookie was wrong cookie! */
+    }
+    /* implement other protocols here if ever required */
     return 1;
 }
 
@@ -141,14 +169,32 @@ static void x11_sent(Plug plug, int bufsize)
 }
 
 /*
+ * When setting up X forwarding, we should send the screen number
+ * from the specified local display. This function extracts it from
+ * the display string.
+ */
+int x11_get_screen_number(char *display)
+{
+    int n;
+
+    n = strcspn(display, ":");
+    if (!display[n])
+	return 0;
+    n = strcspn(display, ".");
+    if (!display[n])
+	return 0;
+    return atoi(display + n + 1);
+}
+
+/*
  * Called to set up the raw connection.
  * 
  * Returns an error message, or NULL on success.
  * also, fills the SocketsStructure
  */
-char *x11_init(Socket * s, char *display, void *c)
+char *x11_init(Socket * s, char *display, void *c, void *auth)
 {
-    static struct plug_function_table fn_table = {
+    static const struct plug_function_table fn_table = {
 	x11_closing,
 	x11_receive,
 	x11_sent,
@@ -172,31 +218,40 @@ char *x11_init(Socket * s, char *display, void *c)
 	displaynum = 0;		       /* sensible default */
     if (n > sizeof(host) - 1)
 	n = sizeof(host) - 1;
-    strncpy(host, display, n);
-    host[n] = '\0';
+    if (n > 0) {
+	strncpy(host, display, n);
+	host[n] = '\0';
+    } else {
+	/*
+	 * Local display numbers, particularly on Unix, often omit
+	 * the display part completely.
+	 */
+	strcpy(host, "localhost");
+    }
+
+    port = 6000 + displaynum;
 
     /*
      * Try to find host.
      */
-    addr = sk_namelookup(host, &dummy_realhost);
-    if ((err = sk_addr_error(addr)))
+    addr = name_lookup(host, port, &dummy_realhost);
+    if ((err = sk_addr_error(addr)) != NULL)
 	return err;
 
-    port = 6000 + displaynum;
-
     /*
      * Open socket.
      */
     pr = (struct X11Private *) smalloc(sizeof(struct X11Private));
     pr->fn = &fn_table;
     pr->auth_protocol = NULL;
+    pr->auth = (struct X11Auth *)auth;
     pr->verified = 0;
     pr->data_read = 0;
     pr->throttled = pr->throttle_override = 0;
     pr->c = c;
 
-    pr->s = *s = sk_new(addr, port, 0, 1, (Plug) pr);
-    if ((err = sk_socket_error(*s))) {
+    pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr);
+    if ((err = sk_socket_error(*s)) != NULL) {
 	sfree(pr);
 	return err;
     }
@@ -273,7 +328,7 @@ int x11_send(Socket s, char *data, int len)
 	pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
 	/* Leave room for a terminating zero, to make our lives easier. */
 	pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
-	pr->auth_data = (char *) smalloc(pr->auth_dsize);
+	pr->auth_data = (unsigned char *) smalloc(pr->auth_dsize);
     }
 
     /*
@@ -294,7 +349,8 @@ int x11_send(Socket s, char *data, int len)
 	int ret;
 
 	pr->auth_protocol[pr->auth_plen] = '\0';	/* ASCIZ */
-	ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen);
+	ret = x11_verify(pr->auth, pr->auth_protocol,
+			 pr->auth_data, pr->auth_dlen);
 
 	/*
 	 * If authentication failed, construct and send an error
@@ -311,7 +367,7 @@ int x11_send(Socket s, char *data, int len)
 	    PUT_16BIT(pr->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
 	    memset(reply + 8, 0, msgsize);
 	    memcpy(reply + 8, message, msglen);
-	    sshfwd_write(pr->c, reply, 8 + msgsize);
+	    sshfwd_write(pr->c, (char *)reply, 8 + msgsize);
 	    sshfwd_close(pr->c);
 	    x11_close(s);
 	    return 0;
@@ -319,12 +375,51 @@ int x11_send(Socket s, char *data, int len)
 
 	/*
 	 * Now we know we're going to accept the connection. Strip
-	 * the auth data. (TODO: if we ever work out how, we should
-	 * replace some real auth data in here.)
+	 * the fake auth data, and optionally put real auth data in
+	 * instead.
 	 */
-	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, 0);	/* auth proto */
-	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, 0);	/* auth data */
-	sk_write(s, pr->firstpkt, 12);
+        {
+            char realauthdata[64];
+            int realauthlen = 0;
+            int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
+	    unsigned long ip;
+	    int port;
+            static const char zeroes[4] = { 0,0,0,0 };
+
+            if (pr->auth->realproto == X11_MIT) {
+                assert(pr->auth->reallen <= lenof(realauthdata));
+                realauthlen = pr->auth->reallen;
+                memcpy(realauthdata, pr->auth->realdata, realauthlen);
+            } else if (pr->auth->realproto == X11_XDM &&
+		       pr->auth->reallen == 16 &&
+		       sk_getxdmdata(s, &ip, &port)) {
+		time_t t;
+                realauthlen = 24;
+		memset(realauthdata, 0, 24);
+		memcpy(realauthdata, pr->auth->realdata, 8);
+		PUT_32BIT_MSB_FIRST(realauthdata+8, ip);
+		PUT_16BIT_MSB_FIRST(realauthdata+12, port);
+		t = time(NULL);
+		PUT_32BIT_MSB_FIRST(realauthdata+14, t);
+		des_encrypt_xdmauth(pr->auth->realdata+9,
+				    (unsigned char *)realauthdata, 24);
+	    }
+            /* implement other auth methods here if required */
+
+            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
+            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
+        
+            sk_write(s, (char *)pr->firstpkt, 12);
+
+            if (authstrlen) {
+                sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
+                sk_write(s, zeroes, 3 & (-authstrlen));
+            }
+            if (realauthlen) {
+                sk_write(s, realauthdata, realauthlen);
+                sk_write(s, zeroes, 3 & (-realauthlen));
+            }
+        }
 	pr->verified = 1;
     }