[REPOST PATCH xauth] Look for FamilyLocal if inet or inet6 address is loopback

Jeremy Huddleston Sequoia jeremyhu at gmail.com
Sun Sep 29 08:29:48 PDT 2013


You had incorrect casting in the IN6_IS_ADDR_* macros.  Does Linux (or whatever platform you tested on) cast the arguments to those macros for you (thus correcting / undoing the casting that you provided)?  That seems quite dangerous.

I initially reverted this but then noticed it was a trivial error and pushed a commit with the fixed cast.

--Jeremy

On Aug 14, 2013, at 8:08, Egbert Eich <eich at freedesktop.org> wrote:

> libxcb uses FamilyLocal authorization if the host name or IP in the
> display string is from the loopback device. This patch adds the same
> behavior to xauth.
> This fixes a long standing problem that for ssh tunneled connections
> a display variable of the form: localhost:<N>.<M> leads to correct
> authorization when an X client is started but "xauth list $DISPLAY"
> returns nothing.
> 
> Signed-off-by: Egbert Eich <eich at freedesktop.org>
> ---
> gethost.c | 40 +++++++++++++++++++++++++++++++++++-----
> 1 file changed, 35 insertions(+), 5 deletions(-)
> 
> diff --git a/gethost.c b/gethost.c
> index 10f6078..83fa95b 100644
> --- a/gethost.c
> +++ b/gethost.c
> @@ -224,16 +224,36 @@ struct addrlist *get_address_info (
> 	for (ai = firstai; ai != NULL; ai = ai->ai_next) {
> 	    struct addrlist *duplicate;
> 
> +            len = 0;
> 	    if (ai->ai_family == AF_INET) {
> 		struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
> 		src = &(sin->sin_addr);
> -		len = sizeof(sin->sin_addr);
> -		family = FamilyInternet;
> +                if (*(in_addr_t *) src == htonl(INADDR_LOOPBACK)) {
> +                    family = FamilyLocal;
> +                    if (get_local_hostname (buf, sizeof buf)) {
> +                        src = buf;
> +                        len = strlen (buf);
> +                    } else
> +                        src = NULL;
> +                } else {
> +                    len = sizeof(sin->sin_addr);
> +                    family = FamilyInternet;
> +                }
> 	    } else if (ai->ai_family == AF_INET6) {
> 		struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr;
> 		src = &(sin6->sin6_addr);
> -		len = sizeof(sin6->sin6_addr);
> -		family = FamilyInternet6;
> +                if (IN6_IS_ADDR_V4MAPPED((struct sockaddr_in6 *)src)
> +                    || IN6_IS_ADDR_LOOPBACK((struct sockaddr_in6 *)src)) {
> +                    family = FamilyLocal;
> +                    if (get_local_hostname (buf, sizeof buf)) {
> +                        src = buf;
> +                        len = strlen (buf);
> +                    } else
> +                        src = NULL;
> +                } else {
> +                    len = sizeof(sin6->sin6_addr);
> +                    family = FamilyInternet6;
> +                }
> 	    }
> 
> 	    for(duplicate = retval; duplicate != NULL; duplicate = duplicate->next) {
> @@ -272,7 +292,17 @@ struct addrlist *get_address_info (
> #else
> 	if (!get_inet_address (host, &hostinetaddr)) return NULL;
> 	src = (char *) &hostinetaddr;
> -	len = 4; /* sizeof inaddr.sin_addr, would fail on Cray */
> +        if (*(in_addr_t *) src == htonl(INADDR_LOOPBACK)) {
> +            family = FamilyLocal;
> +            if (get_local_hostname (buf, sizeof buf)) {
> +                src = buf;
> +                len = strlen (buf);
> +            } else {
> +                len = 0;
> +                src = NULL;
> +            }
> +        } else
> +            len = 4; /* sizeof inaddr.sin_addr, would fail on Cray */
> 	break;
> #endif /* IPv6 */
> #else
> -- 
> 1.8.1.4
> 
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4136 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20130929/6e14cb88/attachment.bin>


More information about the xorg-devel mailing list