X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/970f2b0214503bd5a4bec9454ebc47de8bdea161..51e9d3c00a3471f284e89ec1f59f38ca25f10c5f:/x11fwd.c diff --git a/x11fwd.c b/x11fwd.c index 31931752..13c6823e 100644 --- a/x11fwd.c +++ b/x11fwd.c @@ -1,3 +1,7 @@ +/* + * Platform-independent bits of X11 forwarding. + */ + #include #include #include @@ -5,46 +9,7 @@ #include "putty.h" #include "ssh.h" - -#define GET_32BIT_LSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0]) | \ - ((unsigned long)(unsigned char)(cp)[1] << 8) | \ - ((unsigned long)(unsigned char)(cp)[2] << 16) | \ - ((unsigned long)(unsigned char)(cp)[3] << 24)) - -#define PUT_32BIT_LSB_FIRST(cp, value) ( \ - (cp)[0] = (char)(value), \ - (cp)[1] = (char)((value) >> 8), \ - (cp)[2] = (char)((value) >> 16), \ - (cp)[3] = (char)((value) >> 24) ) - -#define GET_16BIT_LSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0]) | \ - ((unsigned long)(unsigned char)(cp)[1] << 8)) - -#define PUT_16BIT_LSB_FIRST(cp, value) ( \ - (cp)[0] = (char)(value), \ - (cp)[1] = (char)((value) >> 8) ) - -#define GET_32BIT_MSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0] << 24) | \ - ((unsigned long)(unsigned char)(cp)[1] << 16) | \ - ((unsigned long)(unsigned char)(cp)[2] << 8) | \ - ((unsigned long)(unsigned char)(cp)[3])) - -#define PUT_32BIT_MSB_FIRST(cp, value) ( \ - (cp)[0] = (char)((value) >> 24), \ - (cp)[1] = (char)((value) >> 16), \ - (cp)[2] = (char)((value) >> 8), \ - (cp)[3] = (char)(value) ) - -#define GET_16BIT_MSB_FIRST(cp) \ - (((unsigned long)(unsigned char)(cp)[0] << 8) | \ - ((unsigned long)(unsigned char)(cp)[1])) - -#define PUT_16BIT_MSB_FIRST(cp, value) ( \ - (cp)[0] = (char)((value) >> 8), \ - (cp)[1] = (char)(value) ) +#include "tree234.h" #define GET_16BIT(endian, cp) \ (endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp)) @@ -56,10 +21,16 @@ const char *const x11_authnames[] = { "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1" }; +struct XDMSeen { + unsigned int time; + unsigned char clientid[6]; +}; + struct X11Auth { unsigned char fakedata[64], realdata[64]; int fakeproto, realproto; int fakelen, reallen; + tree234 *xdmseen; }; struct X11Private { @@ -78,6 +49,14 @@ struct X11Private { Socket s; }; +static int xdmseen_cmp(void *a, void *b) +{ + struct XDMSeen *sa = a, *sb = b; + return sa->time > sb->time ? 1 : + sa->time < sb->time ? -1 : + memcmp(sa->clientid, sb->clientid, sizeof(sa->clientid)); +} + void *x11_invent_auth(char *proto, int protomaxlen, char *data, int datamaxlen, int proto_id) { @@ -92,6 +71,7 @@ void *x11_invent_auth(char *proto, int protomaxlen, auth->fakelen = 16; for (i = 0; i < 16; i++) auth->fakedata[i] = random_byte(); + auth->xdmseen = NULL; } else { assert(proto_id == X11_XDM); auth->fakeproto = X11_XDM; @@ -100,6 +80,7 @@ void *x11_invent_auth(char *proto, int protomaxlen, auth->fakelen = 16; for (i = 0; i < 16; i++) auth->fakedata[i] = (i == 8 ? 0 : random_byte()); + auth->xdmseen = newtree234(xdmseen_cmp); } /* Now format for the recipient. */ @@ -112,9 +93,16 @@ void *x11_invent_auth(char *proto, int protomaxlen, return auth; } -void x11_free_auth(void *auth) +void x11_free_auth(void *authv) { + struct X11Auth *auth = (struct X11Auth *)authv; + struct XDMSeen *seen; + if (auth->xdmseen != NULL) { + while ((seen = delpos234(auth->xdmseen, 0)) != NULL) + sfree(seen); + freetree234(auth->xdmseen); + } sfree(auth); } @@ -134,6 +122,8 @@ void x11_get_real_auth(void *authv, char *display) auth->realdata, &auth->reallen); } +#define XDM_MAXSKEW 20*60 /* 20 minute clock skew should be OK */ + static char *x11_verify(unsigned long peer_ip, int peer_port, struct X11Auth *auth, char *proto, unsigned char *data, int dlen) @@ -150,6 +140,7 @@ static char *x11_verify(unsigned long peer_ip, int peer_port, unsigned long t; time_t tim; int i; + struct XDMSeen *seen, *ret; if (dlen != 24) return "XDM-AUTHORIZATION-1 data was wrong length"; @@ -167,14 +158,37 @@ static char *x11_verify(unsigned long peer_ip, int peer_port, if (data[i] != 0) /* zero padding wrong */ return "XDM-AUTHORIZATION-1 data failed check"; tim = time(NULL); - if (abs(t - tim) > 20*60) /* 20 minute clock skew should be OK */ + if (abs(t - tim) > XDM_MAXSKEW) return "XDM-AUTHORIZATION-1 time stamp was too far out"; + seen = snew(struct XDMSeen); + seen->time = t; + memcpy(seen->clientid, data+8, 6); + assert(auth->xdmseen != NULL); + ret = add234(auth->xdmseen, seen); + if (ret != seen) { + sfree(seen); + return "XDM-AUTHORIZATION-1 data replayed"; + } + /* While we're here, purge entries too old to be replayed. */ + for (;;) { + seen = index234(auth->xdmseen, 0); + assert(seen != NULL); + if (t - seen->time <= XDM_MAXSKEW) + break; + sfree(delpos234(auth->xdmseen, 0)); + } } /* implement other protocols here if ever required */ return NULL; } -static int x11_closing(Plug plug, char *error_msg, int error_code, +static void x11_log(Plug p, int type, SockAddr addr, int port, + const char *error_msg, int error_code) +{ + /* We have no interface to the logging module here, so we drop these. */ +} + +static int x11_closing(Plug plug, const char *error_msg, int error_code, int calling_back) { struct X11Private *pr = (struct X11Private *) plug; @@ -226,16 +240,36 @@ int x11_get_screen_number(char *display) return atoi(display + n + 1); } +/* Find the right display, returns an allocated string */ +char *x11_display(const char *display) { + char *ret; + if(!display || !*display) { + /* try to find platform-specific local display */ + if((ret = platform_get_x_display())==0) + /* plausible default for all platforms */ + ret = dupstr(":0"); + } else + ret = dupstr(display); + if(ret[0] == ':') { + /* no transport specified, use whatever we think is best */ + char *s = dupcat(platform_x11_best_transport, ret, (char *)0); + sfree(ret); + return s; + } else + return ret; +} + /* * Called to set up the raw connection. * * Returns an error message, or NULL on success. * also, fills the SocketsStructure */ -char *x11_init(Socket * s, char *display, void *c, void *auth, - const char *peeraddr, int peerport, const Config *cfg) +const char *x11_init(Socket * s, char *display, void *c, void *auth, + const char *peeraddr, int peerport, const Config *cfg) { static const struct plug_function_table fn_table = { + x11_log, x11_closing, x11_receive, x11_sent, @@ -244,41 +278,47 @@ char *x11_init(Socket * s, char *display, void *c, void *auth, SockAddr addr; int port; - char *err, *dummy_realhost; + const char *err; + char *dummy_realhost; char host[128]; int n, displaynum; struct X11Private *pr; + /* default display */ + display = x11_display(display); /* * Split up display name into host and display-number parts. */ n = strcspn(display, ":"); + assert(n != 0); /* x11_display() promises this */ if (display[n]) displaynum = atoi(display + n + 1); else displaynum = 0; /* sensible default */ if (n > sizeof(host) - 1) n = sizeof(host) - 1; - if (n > 0) { - strncpy(host, display, n); - host[n] = '\0'; + strncpy(host, display, n); + host[n] = '\0'; + sfree(display); + + if(!strcmp(host, "unix")) { + /* use AF_UNIX sockets (doesn't make sense on all platforms) */ + addr = platform_get_x11_unix_address(displaynum, + &dummy_realhost); + port = 0; /* to show we are not confused */ } else { + port = 6000 + displaynum; + /* - * Local display numbers, particularly on Unix, often omit - * the display part completely. + * Try to find host. */ - strcpy(host, "localhost"); + addr = name_lookup(host, port, &dummy_realhost, cfg, ADDRTYPE_UNSPEC); + if ((err = sk_addr_error(addr)) != NULL) { + sk_addr_free(addr); + return err; + } } - port = 6000 + displaynum; - - /* - * Try to find host. - */ - addr = name_lookup(host, port, &dummy_realhost, cfg); - if ((err = sk_addr_error(addr)) != NULL) - return err; - /* * Open socket. */ @@ -292,7 +332,7 @@ char *x11_init(Socket * s, char *display, void *c, void *auth, pr->c = c; pr->s = *s = new_connection(addr, dummy_realhost, port, - 0, 1, 0, (Plug) pr, cfg); + 0, 1, 0, 0, (Plug) pr, cfg); if ((err = sk_socket_error(*s)) != NULL) { sfree(pr); return err; @@ -314,7 +354,6 @@ char *x11_init(Socket * s, char *display, void *c, void *auth, } sk_set_private_ptr(*s, pr); - sk_addr_free(addr); return NULL; } @@ -446,9 +485,9 @@ int x11_send(Socket s, char *data, int len) char realauthdata[64]; int realauthlen = 0; int authstrlen = strlen(x11_authnames[pr->auth->realproto]); - unsigned long ip; - int port; + int buflen; static const char zeroes[4] = { 0,0,0,0 }; + void *buf; if (pr->auth->realproto == X11_MIT) { assert(pr->auth->reallen <= lenof(realauthdata)); @@ -456,17 +495,19 @@ int x11_send(Socket s, char *data, int len) memcpy(realauthdata, pr->auth->realdata, realauthlen); } else if (pr->auth->realproto == X11_XDM && pr->auth->reallen == 16 && - sk_getxdmdata(s, &ip, &port)) { + ((buf = sk_getxdmdata(s, &buflen))!=0)) { time_t t; - realauthlen = 24; - memset(realauthdata, 0, 24); + realauthlen = (buflen+12+7) & ~7; + assert(realauthlen <= lenof(realauthdata)); + memset(realauthdata, 0, realauthlen); memcpy(realauthdata, pr->auth->realdata, 8); - PUT_32BIT_MSB_FIRST(realauthdata+8, ip); - PUT_16BIT_MSB_FIRST(realauthdata+12, port); + memcpy(realauthdata+8, buf, buflen); t = time(NULL); - PUT_32BIT_MSB_FIRST(realauthdata+14, t); + PUT_32BIT_MSB_FIRST(realauthdata+8+buflen, t); des_encrypt_xdmauth(pr->auth->realdata+9, - (unsigned char *)realauthdata, 24); + (unsigned char *)realauthdata, + realauthlen); + sfree(buf); } /* implement other auth methods here if required */