X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/f28e6b7c8e6113bdc2e1e2b956d088b9c92c67dd..7764212442411b88d673506cae98a271c0bba402:/x11fwd.c

diff --git a/x11fwd.c b/x11fwd.c
index decb2596..52cfd8fe 100644
--- a/x11fwd.c
+++ b/x11fwd.c
@@ -1,5 +1,7 @@
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>
+#include <time.h>
 
 #include "putty.h"
 #include "ssh.h"
@@ -50,9 +52,14 @@
 #define PUT_16BIT(endian, cp, val) \
   (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
 
+const char *const x11_authnames[] = {
+    "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1"
+};
+
 struct X11Auth {
-    unsigned char data[64];
-    int len;
+    unsigned char fakedata[64], realdata[64];
+    int fakeproto, realproto;
+    int fakelen, reallen;
 };
 
 struct X11Private {
@@ -69,8 +76,6 @@ struct X11Private {
     Socket s;
 };
 
-void x11_close(Socket s);
-
 void *x11_invent_auth(char *proto, int protomaxlen,
 		     char *data, int datamaxlen)
 {
@@ -78,30 +83,51 @@ void *x11_invent_auth(char *proto, int protomaxlen,
     char ourdata[64];
     int i;
 
+    auth->fakeproto = X11_MIT;
+
     /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
-    auth->len = 16;
+    auth->fakelen = 16;
     for (i = 0; i < 16; i++)
-	auth->data[i] = random_byte();
+	auth->fakedata[i] = random_byte();
 
     /* Now format for the recipient. */
-    strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
+    strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen);
     ourdata[0] = '\0';
-    for (i = 0; i < auth->len; i++)
-	sprintf(ourdata + strlen(ourdata), "%02x", auth->data[i]);
+    for (i = 0; i < auth->fakelen; i++)
+	sprintf(ourdata + strlen(ourdata), "%02x", auth->fakedata[i]);
     strncpy(data, ourdata, datamaxlen);
 
     return auth;
 }
 
+/*
+ * Fetch the real auth data for a given display string, and store
+ * it in an X11Auth structure. Returns NULL on success, or an error
+ * string.
+ */
+void x11_get_real_auth(void *authv, char *display)
+{
+    struct X11Auth *auth = (struct X11Auth *)authv;
+
+    auth->realproto = X11_NO_AUTH;     /* in case next call does nothing */
+
+    auth->reallen = sizeof(auth->realdata);
+    platform_get_x11_auth(display, &auth->realproto,
+                          auth->realdata, &auth->reallen);
+}
+
 static int x11_verify(struct X11Auth *auth,
 		      char *proto, unsigned char *data, int dlen)
 {
-    if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
+    if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
 	return 0;		       /* wrong protocol attempted */
-    if (dlen != auth->len)
-	return 0;		       /* cookie was wrong length */
-    if (memcmp(auth->data, data, dlen) != 0)
-	return 0;		       /* cookie was wrong cookie! */
+    if (auth->fakeproto == X11_MIT) {
+        if (dlen != auth->fakelen)
+            return 0;		       /* cookie was wrong length */
+        if (memcmp(auth->fakedata, data, dlen) != 0)
+            return 0;		       /* cookie was wrong cookie! */
+    }
+    /* implement other protocols here if ever required */
     return 1;
 }
 
@@ -200,15 +226,15 @@ char *x11_init(Socket * s, char *display, void *c, void *auth)
 	strcpy(host, "localhost");
     }
 
+    port = 6000 + displaynum;
+
     /*
      * Try to find host.
      */
     addr = name_lookup(host, port, &dummy_realhost);
-    if ((err = sk_addr_error(addr)))
+    if ((err = sk_addr_error(addr)) != NULL)
 	return err;
 
-    port = 6000 + displaynum;
-
     /*
      * Open socket.
      */
@@ -222,7 +248,7 @@ char *x11_init(Socket * s, char *display, void *c, void *auth)
     pr->c = c;
 
     pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr);
-    if ((err = sk_socket_error(*s))) {
+    if ((err = sk_socket_error(*s)) != NULL) {
 	sfree(pr);
 	return err;
     }
@@ -346,12 +372,51 @@ int x11_send(Socket s, char *data, int len)
 
 	/*
 	 * Now we know we're going to accept the connection. Strip
-	 * the auth data. (TODO: if we ever work out how, we should
-	 * replace some real auth data in here.)
+	 * the fake auth data, and optionally put real auth data in
+	 * instead.
 	 */
-	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, 0);	/* auth proto */
-	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, 0);	/* auth data */
-	sk_write(s, (char *)pr->firstpkt, 12);
+        {
+            char realauthdata[64];
+            int realauthlen = 0;
+            int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
+	    unsigned long ip;
+	    int port;
+            static const char zeroes[4] = { 0,0,0,0 };
+
+            if (pr->auth->realproto == X11_MIT) {
+                assert(pr->auth->reallen <= lenof(realauthdata));
+                realauthlen = pr->auth->reallen;
+                memcpy(realauthdata, pr->auth->realdata, realauthlen);
+            } else if (pr->auth->realproto == X11_XDM &&
+		       pr->auth->reallen == 16 &&
+		       sk_getxdmdata(s, &ip, &port)) {
+		time_t t;
+                realauthlen = 24;
+		memset(realauthdata, 0, 24);
+		memcpy(realauthdata, pr->auth->realdata, 8);
+		PUT_32BIT_MSB_FIRST(realauthdata+8, ip);
+		PUT_16BIT_MSB_FIRST(realauthdata+12, port);
+		t = time(NULL);
+		PUT_32BIT_MSB_FIRST(realauthdata+14, t);
+		des_encrypt_xdmauth(pr->auth->realdata+9,
+				    (unsigned char *)realauthdata, 24);
+	    }
+            /* implement other auth methods here if required */
+
+            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
+            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
+        
+            sk_write(s, (char *)pr->firstpkt, 12);
+
+            if (authstrlen) {
+                sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
+                sk_write(s, zeroes, 3 & (-authstrlen));
+            }
+            if (realauthlen) {
+                sk_write(s, realauthdata, realauthlen);
+                sk_write(s, zeroes, 3 & (-realauthlen));
+            }
+        }
 	pr->verified = 1;
     }