[PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Volkel, Stefan (EXT-Other - DE/Ulm)
stefan.volkel.ext at nsn.com
Tue Aug 14 05:38:48 PDT 2012
Hello xorg-devel,
[ please CC me in your replies ]
This is an updated version of Tilmann Bubeck's patch for #43425 fixing
remarks by Walter Harms.
This patch is needed in case you use the following setup
Client->VNC->XDMCP (localhost)->GDM
In the above scenario you won't be able to forward your Display using
X11:
ssh -X $OTHERHOST xterm
Warning: No xauth data; using fake authentication data for X11
forwarding.
Invalid MIT-MAGIC-COOKIE-1 keyxset: unable to open display
"localhost:10.0"
Invalid MIT-MAGIC-COOKIE-1 keyxterm Xt error: Can't open
display: localhost:10.0
Original log message:
xauth is currently unable to handle FamilyWild. This gives problems
with GDM receiving XDMCP request which used FamilyWild. More details
in the referenced freedesktop bugzilla entry.
The patch improves xauth to handle that Family:
* allow "dump_entry" to deal with that Family and output
such entries correctly.
* allow "list $DISPLAY" to match against an entry in
XAUTHORITY of type FamilyWild.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425
[ ------ cut here ------ ]
diff --git a/process.c b/process.c
index 283b4a1..49d1b13 100644
--- a/process.c
+++ b/process.c
@@ -462,7 +462,10 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList
**headp, AuthList **tailp)
return n;
}
-static Bool
+/**
+ * Parse the given displayname and build a corresponding AuthList.
+ */
+static Bool
get_displayname_auth(const char *displayname, AuthList **authl)
{
int family;
@@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno,
Xauth *auth, char *data)
fwrite (auth->address, sizeof (char), auth->address_length,
fp);
fprintf (fp, "/unix");
break;
+ case FamilyWild:
+ fwrite (auth->address, sizeof (char), auth->address_length,
fp);
+ break;
case FamilyInternet:
#if defined(IPv6) && defined(AF_INET6)
case FamilyInternet6:
@@ -1073,6 +1079,39 @@ match_auth_dpy(register Xauth *a, register Xauth
*b)
memcmp(a->number, b->number, a->number_length) == 0) ? 1 :
0);
}
+static int
+match_authwild_dpy(register Xauth *a, const char *displayname)
+{
+ int family;
+ char *host = NULL, *rest = NULL;
+ int dpynum, scrnum;
+ char dpynumbuf[40]; /* want to hold largest
display num */
+
+ if ( a->family != FamilyWild ) {
+ return False;
+ }
+
+ if (!parse_displayname (displayname,
+ &family, &host, &dpynum, &scrnum, &rest)) {
+ if (host) free(host);
+ if (rest) free(rest);
+
+ return False;
+ }
+
+ dpynumbuf[0] = '\0';
+ sprintf (dpynumbuf, "%d", dpynum);
+
+ if (a->address_length != strlen(host) || a->number_length !=
strlen(dpynumbuf))
+ return False;
+
+ if (memcmp(a->address, host, a->address_length) == 0 &&
+ memcmp(a->number, dpynumbuf, a->number_length) == 0)
+ return True;
+ else
+ return False;
+}
+
/* return non-zero iff display and authorization type are the same */
static int
@@ -1236,13 +1275,22 @@ iterdpy (const char *inputfilename, int lineno,
int start,
/* l may be freed by remove_entry below. so save its
contents */
next = l->next;
tmp_auth = copyAuth(l->auth);
- for (proto = proto_head; proto; proto = proto->next) {
- if (match_auth_dpy (proto->auth, tmp_auth)) {
- matched = True;
- if (yfunc) {
- status = (*yfunc) (inputfilename, lineno,
- tmp_auth, data);
- if (status < 0) break;
+
+ if ( match_authwild_dpy(tmp_auth, displayname) ) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ }
+ } else {
+ for (proto = proto_head; proto; proto = proto->next) {
+ if (match_auth_dpy (proto->auth, tmp_auth)) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ if (status < 0) break;
+ }
}
}
}
More information about the xorg-devel
mailing list