X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/68a49acbf3f96fbbbc385620655dcb577e62c328..2f92b7170f74a58d1e33d7913e154f9f47852683:/x11fwd.c

diff --git a/x11fwd.c b/x11fwd.c
index c6e36378..56b6eae2 100644
--- a/x11fwd.c
+++ b/x11fwd.c
@@ -1,5 +1,7 @@
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>
+#include <time.h>
 
 #include "putty.h"
 #include "ssh.h"
@@ -50,11 +52,19 @@
 #define PUT_16BIT(endian, cp, val) \
   (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
 
+const char *const x11_authnames[] = {
+    "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1"
+};
+
 struct X11Auth {
-    unsigned char data[64];
-    int len;
+    unsigned char fakedata[64], realdata[64];
+    int fakeproto, realproto;
+    int fakelen, reallen;
 };
 
+extern void platform_get_x11_auth(char *display, int *proto,
+                                  unsigned char *data, int *datalen);
+
 struct X11Private {
     const struct plug_function_table *fn;
     /* the above variable absolutely *must* be the first in this structure */
@@ -69,8 +79,6 @@ struct X11Private {
     Socket s;
 };
 
-void x11_close(Socket s);
-
 void *x11_invent_auth(char *proto, int protomaxlen,
 		     char *data, int datamaxlen)
 {
@@ -78,30 +86,51 @@ void *x11_invent_auth(char *proto, int protomaxlen,
     char ourdata[64];
     int i;
 
+    auth->fakeproto = X11_MIT;
+
     /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
-    auth->len = 16;
+    auth->fakelen = 16;
     for (i = 0; i < 16; i++)
-	auth->data[i] = random_byte();
+	auth->fakedata[i] = random_byte();
 
     /* Now format for the recipient. */
-    strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen);
+    strncpy(proto, x11_authnames[auth->fakeproto], protomaxlen);
     ourdata[0] = '\0';
-    for (i = 0; i < auth->len; i++)
-	sprintf(ourdata + strlen(ourdata), "%02x", auth->data[i]);
+    for (i = 0; i < auth->fakelen; i++)
+	sprintf(ourdata + strlen(ourdata), "%02x", auth->fakedata[i]);
     strncpy(data, ourdata, datamaxlen);
 
     return auth;
 }
 
+/*
+ * Fetch the real auth data for a given display string, and store
+ * it in an X11Auth structure. Returns NULL on success, or an error
+ * string.
+ */
+void x11_get_real_auth(void *authv, char *display)
+{
+    struct X11Auth *auth = (struct X11Auth *)authv;
+
+    auth->realproto = X11_NO_AUTH;     /* in case next call does nothing */
+
+    auth->reallen = sizeof(auth->realdata);
+    platform_get_x11_auth(display, &auth->realproto,
+                          auth->realdata, &auth->reallen);
+}
+
 static int x11_verify(struct X11Auth *auth,
 		      char *proto, unsigned char *data, int dlen)
 {
-    if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0)
+    if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
 	return 0;		       /* wrong protocol attempted */
-    if (dlen != auth->len)
-	return 0;		       /* cookie was wrong length */
-    if (memcmp(auth->data, data, dlen) != 0)
-	return 0;		       /* cookie was wrong cookie! */
+    if (auth->fakeproto == X11_MIT) {
+        if (dlen != auth->fakelen)
+            return 0;		       /* cookie was wrong length */
+        if (memcmp(auth->fakedata, data, dlen) != 0)
+            return 0;		       /* cookie was wrong cookie! */
+    }
+    /* implement other protocols here if ever required */
     return 1;
 }
 
@@ -140,6 +169,24 @@ static void x11_sent(Plug plug, int bufsize)
 }
 
 /*
+ * When setting up X forwarding, we should send the screen number
+ * from the specified local display. This function extracts it from
+ * the display string.
+ */
+int x11_get_screen_number(char *display)
+{
+    int n;
+
+    n = strcspn(display, ":");
+    if (!display[n])
+	return 0;
+    n = strcspn(display, ".");
+    if (!display[n])
+	return 0;
+    return atoi(display + n + 1);
+}
+
+/*
  * Called to set up the raw connection.
  * 
  * Returns an error message, or NULL on success.
@@ -171,18 +218,26 @@ char *x11_init(Socket * s, char *display, void *c, void *auth)
 	displaynum = 0;		       /* sensible default */
     if (n > sizeof(host) - 1)
 	n = sizeof(host) - 1;
-    strncpy(host, display, n);
-    host[n] = '\0';
+    if (n > 0) {
+	strncpy(host, display, n);
+	host[n] = '\0';
+    } else {
+	/*
+	 * Local display numbers, particularly on Unix, often omit
+	 * the display part completely.
+	 */
+	strcpy(host, "localhost");
+    }
+
+    port = 6000 + displaynum;
 
     /*
      * Try to find host.
      */
-    addr = sk_namelookup(host, &dummy_realhost);
-    if ((err = sk_addr_error(addr)))
+    addr = name_lookup(host, port, &dummy_realhost);
+    if ((err = sk_addr_error(addr)) != NULL)
 	return err;
 
-    port = 6000 + displaynum;
-
     /*
      * Open socket.
      */
@@ -196,7 +251,7 @@ char *x11_init(Socket * s, char *display, void *c, void *auth)
     pr->c = c;
 
     pr->s = *s = new_connection(addr, dummy_realhost, port, 0, 1, 0, (Plug) pr);
-    if ((err = sk_socket_error(*s))) {
+    if ((err = sk_socket_error(*s)) != NULL) {
 	sfree(pr);
 	return err;
     }
@@ -273,7 +328,7 @@ int x11_send(Socket s, char *data, int len)
 	pr->auth_dsize = (pr->auth_dlen + 3) & ~3;
 	/* Leave room for a terminating zero, to make our lives easier. */
 	pr->auth_protocol = (char *) smalloc(pr->auth_psize + 1);
-	pr->auth_data = (char *) smalloc(pr->auth_dsize);
+	pr->auth_data = (unsigned char *) smalloc(pr->auth_dsize);
     }
 
     /*
@@ -312,7 +367,7 @@ int x11_send(Socket s, char *data, int len)
 	    PUT_16BIT(pr->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
 	    memset(reply + 8, 0, msgsize);
 	    memcpy(reply + 8, message, msglen);
-	    sshfwd_write(pr->c, reply, 8 + msgsize);
+	    sshfwd_write(pr->c, (char *)reply, 8 + msgsize);
 	    sshfwd_close(pr->c);
 	    x11_close(s);
 	    return 0;
@@ -320,12 +375,50 @@ int x11_send(Socket s, char *data, int len)
 
 	/*
 	 * Now we know we're going to accept the connection. Strip
-	 * the auth data. (TODO: if we ever work out how, we should
-	 * replace some real auth data in here.)
+	 * the fake auth data, and optionally put real auth data in
+	 * instead.
 	 */
-	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, 0);	/* auth proto */
-	PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, 0);	/* auth data */
-	sk_write(s, pr->firstpkt, 12);
+        {
+            char realauthdata[64];
+            int realauthlen = 0;
+            int authstrlen = strlen(x11_authnames[pr->auth->realproto]);
+	    unsigned long ip;
+	    int port;
+            static const char zeroes[4] = { 0,0,0,0 };
+
+            if (pr->auth->realproto == X11_MIT) {
+                assert(pr->auth->reallen <= lenof(realauthdata));
+                realauthlen = pr->auth->reallen;
+                memcpy(realauthdata, pr->auth->realdata, realauthlen);
+            } else if (pr->auth->realproto == X11_XDM &&
+		       pr->auth->reallen == 16 &&
+		       sk_getxdmdata(s, &ip, &port)) {
+		time_t t;
+                realauthlen = 24;
+		memset(realauthdata, 0, 24);
+		memcpy(realauthdata, pr->auth->realdata, 8);
+		PUT_32BIT_MSB_FIRST(realauthdata+8, ip);
+		PUT_16BIT_MSB_FIRST(realauthdata+12, port);
+		t = time(NULL);
+		PUT_32BIT_MSB_FIRST(realauthdata+14, t);
+		des_encrypt_xdmauth(pr->auth->realdata+9, realauthdata, 24);
+	    }
+            /* implement other auth methods here if required */
+
+            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 6, authstrlen);
+            PUT_16BIT(pr->firstpkt[0], pr->firstpkt + 8, realauthlen);
+        
+            sk_write(s, (char *)pr->firstpkt, 12);
+
+            if (authstrlen) {
+                sk_write(s, x11_authnames[pr->auth->realproto], authstrlen);
+                sk_write(s, zeroes, 3 & (-authstrlen));
+            }
+            if (realauthlen) {
+                sk_write(s, realauthdata, realauthlen);
+                sk_write(s, zeroes, 3 & (-realauthlen));
+            }
+        }
 	pr->verified = 1;
     }