+static char *x11_verify(unsigned long peer_ip, int peer_port,
+ struct X11Auth *auth, char *proto,
+ unsigned char *data, int dlen)
+{
+ if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
+ return "wrong authentication protocol attempted";
+ if (auth->fakeproto == X11_MIT) {
+ if (dlen != auth->fakelen)
+ return "MIT-MAGIC-COOKIE-1 data was wrong length";
+ if (memcmp(auth->fakedata, data, dlen) != 0)
+ return "MIT-MAGIC-COOKIE-1 data did not match";
+ }
+ if (auth->fakeproto == X11_XDM) {
+ unsigned long t;
+ time_t tim;
+ int i;
+
+ if (dlen != 24)
+ return "XDM-AUTHORIZATION-1 data was wrong length";
+ if (peer_port == -1)
+ return "cannot do XDM-AUTHORIZATION-1 without remote address data";
+ des_decrypt_xdmauth(auth->fakedata+9, data, 24);
+ if (memcmp(auth->fakedata, data, 8) != 0)
+ return "XDM-AUTHORIZATION-1 data failed check"; /* cookie wrong */
+ if (GET_32BIT_MSB_FIRST(data+8) != peer_ip)
+ return "XDM-AUTHORIZATION-1 data failed check"; /* IP wrong */
+ if ((int)GET_16BIT_MSB_FIRST(data+12) != peer_port)
+ return "XDM-AUTHORIZATION-1 data failed check"; /* port wrong */
+ t = GET_32BIT_MSB_FIRST(data+14);
+ for (i = 18; i < 24; i++)
+ if (data[i] != 0) /* zero padding wrong */
+ return "XDM-AUTHORIZATION-1 data failed check";
+ tim = time(NULL);
+ if (abs(t - tim) > 20*60) /* 20 minute clock skew should be OK */
+ return "XDM-AUTHORIZATION-1 time stamp was too far out";
+ }
+ /* implement other protocols here if ever required */
+ return NULL;
+}
+
+static void x11_log(Plug p, int type, SockAddr addr, int port,
+ const char *error_msg, int error_code)
+{
+ /* We have no interface to the logging module here, so we drop these. */
+}
+
+static int x11_closing(Plug plug, const char *error_msg, int error_code,