[PATCH V2 xauth] Make matching algorithm mimic XauGet*AuthByAddr
Egbert Eich
eich at freedesktop.org
Thu Sep 19 05:08:07 PDT 2013
Meanwhile I came across
https://bugs.freedesktop.org/show_bug.cgi?id=43425
where Tilmann proposes a fix for exactly the same problem.
The solutions differ to some extent so let me try to explain
what the differences are and why I chose to solve it the way
shown below.
On Wed, Aug 14, 2013 at 10:11:06PM +0200, Egbert Eich wrote:
>
> Xlib (xcb) uses XauGetBestAuthByAddr() when looking for an
> authorization. 'xauth [n]list $DISPLAY' used a slightly
> stricter algorithm which doesn't find a possible authorization
> for cases where either the family is set to FamilyWild or
> address the address length is 0.
>
> Signed-off-by: Egbert Eich <eich at freedesktop.org>
> ---
> v2: Tried to make condition more readable as suggested
> by walter harms <wharms at bfs.de>.
>
> process.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/process.c b/process.c
> index a9466a7..7ae5f21 100644
> --- a/process.c
> +++ b/process.c
> @@ -1064,11 +1064,15 @@ eq_auth(Xauth *a, Xauth *b)
> static int
> match_auth_dpy(register Xauth *a, register Xauth *b)
> {
> - return ((a->family == b->family &&
> - a->address_length == b->address_length &&
> - a->number_length == b->number_length &&
> - memcmp(a->address, b->address, a->address_length) == 0 &&
> - memcmp(a->number, b->number, a->number_length) == 0) ? 1 : 0);
> + if (a->family != FamilyWild && b->family != FamilyWild &&
> + (a->family != b->family || a->address_length != b->address_length ||
> + memcmp(a->address, b->address, a->address_length) != 0))
> + return 0;
> + if (a->number_length != 0 && b->number_length != 0 &&
> + (a->number_length != b->number_length ||
> + memcmp(a->number, b->number, a->number_length) != 0))
> + return 0;
> + return 1;
> }
Both Tilmann's patch in
https://bugs.freedesktop.org/attachment.cgi?id=65284
and mine address the missing handling of FamilyWild in xauth.
When a FamilyWild entry is found Tilman's patch also takes the the
address length and address into account while in the above patch
this data is ignored if one of the entries to compare belongs to
FamilyWild.
Tilman's patch introduces a special handling for FamilyWild in
iterdpy() when match_auth_dpy() fails while the above fix directly
adds this handling to match_auth_dpy().
The modification of match_auth_dpy() also affects match_auth() which
calls this function.
I've now looked for indicators if the address should be ignored when
a FamilyWild is encountered.
1. 'man Xsecurity' states:
... A special connection family (FamilyWild, value 65535) causes an
entry to match every display, allowing the entry to be used for
all connections. ...
2. Looking at XauGetAuthByAddr() and XauGetBestAuthByAddr() in libXau,
the address field gets ignored when one of the two entries to compare
is FamilyWild.
In fact the patch makes the comparisons in match_auth_dpy() and match_auth()
very much identical to those in XauGetAuthByAddr() and XauGetBestAuthByAddr()
The goal I tried to achieve in my patch was to make the behavior of xauth
identical to the behavior of X clients looking for the closest matching
authentication entry in the credentials file. X clients use XauGetBestAuthByAddr()
(thru xcb) to find this entry.
Cheers,
Egbert.
More information about the xorg-devel
mailing list