[REPOST PATCH xauth] Look for FamilyLocal if inet or inet6 address is loopback
Jeremy Huddleston Sequoia
jeremyhu at gmail.com
Sun Sep 29 08:29:48 PDT 2013
You had incorrect casting in the IN6_IS_ADDR_* macros. Does Linux (or whatever platform you tested on) cast the arguments to those macros for you (thus correcting / undoing the casting that you provided)? That seems quite dangerous.
I initially reverted this but then noticed it was a trivial error and pushed a commit with the fixed cast.
--Jeremy
On Aug 14, 2013, at 8:08, Egbert Eich <eich at freedesktop.org> wrote:
> libxcb uses FamilyLocal authorization if the host name or IP in the
> display string is from the loopback device. This patch adds the same
> behavior to xauth.
> This fixes a long standing problem that for ssh tunneled connections
> a display variable of the form: localhost:<N>.<M> leads to correct
> authorization when an X client is started but "xauth list $DISPLAY"
> returns nothing.
>
> Signed-off-by: Egbert Eich <eich at freedesktop.org>
> ---
> gethost.c | 40 +++++++++++++++++++++++++++++++++++-----
> 1 file changed, 35 insertions(+), 5 deletions(-)
>
> diff --git a/gethost.c b/gethost.c
> index 10f6078..83fa95b 100644
> --- a/gethost.c
> +++ b/gethost.c
> @@ -224,16 +224,36 @@ struct addrlist *get_address_info (
> for (ai = firstai; ai != NULL; ai = ai->ai_next) {
> struct addrlist *duplicate;
>
> + len = 0;
> if (ai->ai_family == AF_INET) {
> struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
> src = &(sin->sin_addr);
> - len = sizeof(sin->sin_addr);
> - family = FamilyInternet;
> + if (*(in_addr_t *) src == htonl(INADDR_LOOPBACK)) {
> + family = FamilyLocal;
> + if (get_local_hostname (buf, sizeof buf)) {
> + src = buf;
> + len = strlen (buf);
> + } else
> + src = NULL;
> + } else {
> + len = sizeof(sin->sin_addr);
> + family = FamilyInternet;
> + }
> } else if (ai->ai_family == AF_INET6) {
> struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr;
> src = &(sin6->sin6_addr);
> - len = sizeof(sin6->sin6_addr);
> - family = FamilyInternet6;
> + if (IN6_IS_ADDR_V4MAPPED((struct sockaddr_in6 *)src)
> + || IN6_IS_ADDR_LOOPBACK((struct sockaddr_in6 *)src)) {
> + family = FamilyLocal;
> + if (get_local_hostname (buf, sizeof buf)) {
> + src = buf;
> + len = strlen (buf);
> + } else
> + src = NULL;
> + } else {
> + len = sizeof(sin6->sin6_addr);
> + family = FamilyInternet6;
> + }
> }
>
> for(duplicate = retval; duplicate != NULL; duplicate = duplicate->next) {
> @@ -272,7 +292,17 @@ struct addrlist *get_address_info (
> #else
> if (!get_inet_address (host, &hostinetaddr)) return NULL;
> src = (char *) &hostinetaddr;
> - len = 4; /* sizeof inaddr.sin_addr, would fail on Cray */
> + if (*(in_addr_t *) src == htonl(INADDR_LOOPBACK)) {
> + family = FamilyLocal;
> + if (get_local_hostname (buf, sizeof buf)) {
> + src = buf;
> + len = strlen (buf);
> + } else {
> + len = 0;
> + src = NULL;
> + }
> + } else
> + len = 4; /* sizeof inaddr.sin_addr, would fail on Cray */
> break;
> #endif /* IPv6 */
> #else
> --
> 1.8.1.4
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4136 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20130929/6e14cb88/attachment.bin>
More information about the xorg-devel
mailing list