Cygwin/X: Always use an authorization cookie for internal clients
Don't conditionalize use of an authorization cookie for internal client threads on XCSECURITY, always use one (this avoids certain problems with XDMCP setups where the XDMCP host removes localhost from the access list etc.) Conditionalize the use of a XCSECURITY authorization descriptor on XCSECURITY Consolidate the various places where the authorization cookie is set for internal threads into a new function, winSetAuthorization() Use authorization cookie for multiwindow WM X message thread as well Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
This commit is contained in:
Jon TURNEY
parent
72f81f4e44
commit
0866322b57
|
|
@ -1022,11 +1022,9 @@ InitOutput (ScreenInfo *screenInfo, int argc, char *argv[])
|
|||
|
||||
#if defined(XWIN_CLIPBOARD) || defined(XWIN_MULTIWINDOW)
|
||||
|
||||
#if defined(XCSECURITY)
|
||||
/* Generate a cookie used by internal clients for authorization */
|
||||
if (g_fXdmcpEnabled || g_fAuthEnabled)
|
||||
winGenerateAuthorization ();
|
||||
#endif
|
||||
|
||||
/* Perform some one time initialization */
|
||||
if (1 == serverGeneration)
|
||||
|
|
|
|||
|
|
@ -766,10 +766,9 @@ winAllocateCmapPrivates (ColormapPtr pCmap);
|
|||
*/
|
||||
|
||||
#if defined(XWIN_CLIPBOARD) || defined(XWIN_MULTIWINDOW)
|
||||
# if defined(XCSECURITY)
|
||||
Bool
|
||||
winGenerateAuthorization (void);
|
||||
# endif
|
||||
void winSetAuthorization(void);
|
||||
#endif
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
#ifdef HAVE_XWIN_CONFIG_H
|
||||
#include <xwin-config.h>
|
||||
#endif
|
||||
#if defined(XCSECURITY)
|
||||
/*
|
||||
*Copyright (C) 2003-2004 Harold L Hunt II All Rights Reserved.
|
||||
*
|
||||
|
|
@ -32,12 +28,14 @@
|
|||
* Authors: Harold L Hunt II
|
||||
*/
|
||||
|
||||
#ifdef HAVE_XWIN_CONFIG_H
|
||||
#include <xwin-config.h>
|
||||
#endif
|
||||
|
||||
#include "win.h"
|
||||
|
||||
/* Includes for authorization */
|
||||
#include <X11/Xauth.h>
|
||||
#include "securitysrv.h"
|
||||
#include <X11/extensions/securstr.h>
|
||||
|
||||
|
||||
/*
|
||||
|
|
@ -48,13 +46,76 @@
|
|||
|
||||
|
||||
/*
|
||||
* Globals
|
||||
* Locals
|
||||
*/
|
||||
|
||||
XID g_authId = 0;
|
||||
unsigned int g_uiAuthDataLen = 0;
|
||||
char *g_pAuthData = NULL;
|
||||
static XID g_authId = 0;
|
||||
static unsigned int g_uiAuthDataLen = 0;
|
||||
static char *g_pAuthData = NULL;
|
||||
|
||||
/*
|
||||
* Code to generate a MIT-MAGIC-COOKIE-1, copied from under XCSECURITY
|
||||
*/
|
||||
|
||||
#ifndef XCSECURITY
|
||||
static
|
||||
void
|
||||
GenerateRandomData (int len, char *buf)
|
||||
{
|
||||
int fd;
|
||||
|
||||
fd = open("/dev/urandom", O_RDONLY);
|
||||
read(fd, buf, len);
|
||||
close(fd);
|
||||
}
|
||||
|
||||
|
||||
static char cookie[16]; /* 128 bits */
|
||||
|
||||
XID
|
||||
static MitGenerateCookie (
|
||||
unsigned data_length,
|
||||
char *data,
|
||||
XID id,
|
||||
unsigned *data_length_return,
|
||||
char **data_return)
|
||||
{
|
||||
int i = 0;
|
||||
int status;
|
||||
|
||||
while (data_length--)
|
||||
{
|
||||
cookie[i++] += *data++;
|
||||
if (i >= sizeof (cookie)) i = 0;
|
||||
}
|
||||
GenerateRandomData(sizeof (cookie), cookie);
|
||||
status = MitAddCookie(sizeof (cookie), cookie, id);
|
||||
if (!status)
|
||||
{
|
||||
id = -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
*data_return = cookie;
|
||||
*data_length_return = sizeof (cookie);
|
||||
}
|
||||
return id;
|
||||
}
|
||||
|
||||
static
|
||||
XID
|
||||
GenerateAuthorization(
|
||||
unsigned name_length,
|
||||
char *name,
|
||||
unsigned data_length,
|
||||
char *data,
|
||||
unsigned *data_length_return,
|
||||
char **data_return)
|
||||
{
|
||||
return MitGenerateCookie(data_length, data,
|
||||
FakeClientID(0), data_length_return, data_return);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Generate authorization cookie for internal server clients
|
||||
|
|
@ -78,15 +139,15 @@ winGenerateAuthorization ()
|
|||
ErrorF ("winGenerateAuthorization - GenerateAuthorization failed\n");
|
||||
goto auth_bailout;
|
||||
}
|
||||
#if 0
|
||||
|
||||
else
|
||||
{
|
||||
ErrorF ("winGenerateAuthorization - GenerateAuthorization success!\n"
|
||||
winDebug("winGenerateAuthorization - GenerateAuthorization success!\n"
|
||||
"AuthDataLen: %d AuthData: %s\n",
|
||||
g_uiAuthDataLen, g_pAuthData);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef XCSECURITY
|
||||
/* Allocate structure for additional auth information */
|
||||
pAuth = (SecurityAuthorizationPtr)
|
||||
xalloc (sizeof (SecurityAuthorizationRec));
|
||||
|
|
@ -119,7 +180,8 @@ winGenerateAuthorization ()
|
|||
|
||||
/* Don't free the auth data, since it is still used internally */
|
||||
pAuth = NULL;
|
||||
|
||||
#endif
|
||||
|
||||
return TRUE;
|
||||
|
||||
auth_bailout:
|
||||
|
|
@ -128,4 +190,13 @@ winGenerateAuthorization ()
|
|||
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Use our generated cookie for authentication */
|
||||
void
|
||||
winSetAuthorization(void)
|
||||
{
|
||||
XSetAuthorization (AUTH_NAME,
|
||||
strlen (AUTH_NAME),
|
||||
g_pAuthData,
|
||||
g_uiAuthDataLen);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,27 +38,15 @@
|
|||
#ifdef __CYGWIN__
|
||||
#include <errno.h>
|
||||
#endif
|
||||
#include "X11/Xauth.h"
|
||||
#include "misc.h"
|
||||
|
||||
|
||||
/*
|
||||
* Constants
|
||||
*/
|
||||
|
||||
#define AUTH_NAME "MIT-MAGIC-COOKIE-1"
|
||||
|
||||
|
||||
/*
|
||||
* References to external symbols
|
||||
*/
|
||||
|
||||
extern Bool g_fUnicodeClipboard;
|
||||
extern unsigned long serverGeneration;
|
||||
#if defined(XCSECURITY)
|
||||
extern unsigned int g_uiAuthDataLen;
|
||||
extern char *g_pAuthData;
|
||||
#endif
|
||||
extern Bool g_fClipboardStarted;
|
||||
extern HWND g_hwndClipboard;
|
||||
extern void *g_pClipboardDisplay;
|
||||
|
|
@ -154,13 +142,8 @@ winClipboardProc (void *pvNotUsed)
|
|||
pthread_exit (NULL);
|
||||
}
|
||||
|
||||
#if defined(XCSECURITY)
|
||||
/* Use our generated cookie for authentication */
|
||||
XSetAuthorization (AUTH_NAME,
|
||||
strlen (AUTH_NAME),
|
||||
g_pAuthData,
|
||||
g_uiAuthDataLen);
|
||||
#endif
|
||||
winSetAuthorization();
|
||||
|
||||
/* Set error handler */
|
||||
XSetErrorHandler (winClipboardErrorHandler);
|
||||
|
|
|
|||
|
|
@ -90,8 +90,6 @@ extern void winUpdateRgnMultiWindow(WindowPtr pWin);
|
|||
#endif
|
||||
#define WIN_JMP_OKAY 0
|
||||
#define WIN_JMP_ERROR_IO 2
|
||||
#define AUTH_NAME "MIT-MAGIC-COOKIE-1"
|
||||
|
||||
|
||||
/*
|
||||
* Local structures
|
||||
|
|
@ -140,11 +138,6 @@ typedef struct _XMsgProcArgRec {
|
|||
|
||||
extern char *display;
|
||||
extern void ErrorF (const char* /*f*/, ...);
|
||||
#if defined(XCSECURITY)
|
||||
extern unsigned int g_uiAuthDataLen;
|
||||
extern char *g_pAuthData;
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Prototypes for local functions
|
||||
|
|
@ -948,6 +941,9 @@ winMultiWindowXMsgProc (void *pArg)
|
|||
|
||||
/* Print the display connection string */
|
||||
ErrorF ("winMultiWindowXMsgProc - DISPLAY=%s\n", pszDisplay);
|
||||
|
||||
/* Use our generated cookie for authentication */
|
||||
winSetAuthorization();
|
||||
|
||||
/* Initialize retry count */
|
||||
iRetries = 0;
|
||||
|
|
@ -1323,14 +1319,9 @@ winInitMultiWindowWM (WMInfoPtr pWMInfo, WMProcArgPtr pProcArg)
|
|||
/* Print the display connection string */
|
||||
ErrorF ("winInitMultiWindowWM - DISPLAY=%s\n", pszDisplay);
|
||||
|
||||
#if defined(XCSECURITY)
|
||||
/* Use our generated cookie for authentication */
|
||||
XSetAuthorization (AUTH_NAME,
|
||||
strlen (AUTH_NAME),
|
||||
g_pAuthData,
|
||||
g_uiAuthDataLen);
|
||||
#endif
|
||||
|
||||
winSetAuthorization();
|
||||
|
||||
/* Open the X display */
|
||||
do
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user