RE: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Hi list, Subject: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425 I haven't gotten any response to the patch. Since I can not find a maintainer in http://cgit.freedesktop.org/xorg/doc/xorg-docs/tree/MAINTAINERS I am pinging this list again. Stefan ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Hello xorg-devel, [ please CC me in your replies ] This is an updated version of Tilmann Bubeck's patch for #43425 fixing remarks by Walter Harms. This patch is needed in case you use the following setup Client-VNC-XDMCP (localhost)-GDM In the above scenario you won't be able to forward your Display using X11: ssh -X $OTHERHOST xterm Warning: No xauth data; using fake authentication data for X11 forwarding. Invalid MIT-MAGIC-COOKIE-1 keyxset: unable to open display localhost:10.0 Invalid MIT-MAGIC-COOKIE-1 keyxterm Xt error: Can't open display: localhost:10.0 Original log message: xauth is currently unable to handle FamilyWild. This gives problems with GDM receiving XDMCP request which used FamilyWild. More details in the referenced freedesktop bugzilla entry. The patch improves xauth to handle that Family: * allow dump_entry to deal with that Family and output such entries correctly. * allow list $DISPLAY to match against an entry in XAUTHORITY of type FamilyWild. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425 [ -- cut here -- ] diff --git a/process.c b/process.c index 283b4a1..49d1b13 100644 --- a/process.c +++ b/process.c @@ -462,7 +462,10 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList **headp, AuthList **tailp) return n; } -static Bool +/** + * Parse the given displayname and build a corresponding AuthList. + */ +static Bool get_displayname_auth(const char *displayname, AuthList **authl) { int family; @@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno, Xauth *auth, char *data) fwrite (auth-address, sizeof (char), auth-address_length, fp); fprintf (fp, /unix); break; + case FamilyWild: + fwrite (auth-address, sizeof (char), auth-address_length, fp); + break; case FamilyInternet: #if defined(IPv6) defined(AF_INET6) case FamilyInternet6: @@ -1073,6 +1079,39 @@ match_auth_dpy(register Xauth *a, register Xauth *b) memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0); } +static int +match_authwild_dpy(register Xauth *a, const char *displayname) +{ +int family; +char *host = NULL, *rest = NULL; +int dpynum, scrnum; +char dpynumbuf[40];/* want to hold largest display num */ + +if ( a-family != FamilyWild ) { + return False; +} + +if (!parse_displayname (displayname, + family, host, dpynum, scrnum, rest)) { + if (host) free(host); + if (rest) free(rest); + + return False; +} + +dpynumbuf[0] = '\0'; +sprintf (dpynumbuf, %d, dpynum); + +if (a-address_length != strlen(host) || a-number_length != strlen(dpynumbuf)) + return False; + +if (memcmp(a-address, host, a-address_length) == 0 + memcmp(a-number, dpynumbuf, a-number_length) == 0) + return True; +else + return False; +} + /* return non-zero iff display and authorization type are the same */ static int @@ -1236,13 +1275,22 @@ iterdpy (const char *inputfilename, int lineno, int start, /* l may be freed by remove_entry below. so save its contents */ next = l-next; tmp_auth = copyAuth(l-auth); - for (proto = proto_head; proto; proto = proto-next) { - if (match_auth_dpy (proto-auth, tmp_auth)) { - matched = True; - if (yfunc) { - status = (*yfunc) (inputfilename, lineno, - tmp_auth, data); - if (status 0) break; + + if ( match_authwild_dpy(tmp_auth, displayname) ) { + matched = True; + if (yfunc) { + status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); + } + } else { + for (proto = proto_head; proto; proto = proto-next) { + if (match_auth_dpy (proto-auth, tmp_auth)) { + matched = True; + if (yfunc) { + status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); + if (status 0) break; + } } } } ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Hello xorg, I sent you the mail below a few days ago with a patch for xauth. According to http://www.x.org/wiki/Development/Documentation/SubmittingPatches I am now pinging the list again. I do not know any maintainer to CC, so I only wrote to this list. I would be glad if this patch gets included. Also feel free to contact me, if anything has to be changed. Kind regards, Till On Thu, 01 Dec 2011 17:44:02 +0100, Dr. Tilmann Bubeck t.bub...@reinform.de wrote: From: Dr. Tilmann Bubeck t.bub...@reinform.de xauth is currently unable to handle FamilyWild. This gives problems with GDM receiving XDMCP request which used FamilyWild. More details in the referenced freedesktop bugzilla entry. The patch improves xauth to handle that Family: * allow dump_entry to deal with that Family and output such entries correctly. * allow list $DISPLAY to match against an entry in XAUTHORITY of type FamilyWild. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425 Signed-off-by: Dr. Tilmann Bubeck t.bub...@reinform.de --- process.c | 55 --- 1 files changed, 48 insertions(+), 7 deletions(-) diff --git a/process.c b/process.c index 283b4a1..651bea0 100644 --- a/process.c +++ b/process.c @@ -462,6 +462,9 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList **headp, AuthList **tailp) return n; } +/** + * Parse the given displayname and build a corresponding AuthList. + */ static Bool get_displayname_auth(const char *displayname, AuthList **authl) { @@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno, Xauth *auth, char *data) fwrite (auth-address, sizeof (char), auth-address_length, fp); fprintf (fp, /unix); break; + case FamilyWild: + fwrite (auth-address, sizeof (char), auth-address_length, fp); + break; case FamilyInternet: #if defined(IPv6) defined(AF_INET6) case FamilyInternet6: @@ -1073,6 +1079,32 @@ match_auth_dpy(register Xauth *a, register Xauth *b) memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0); } +static int +match_authwild_dpy(register Xauth *a, const char *displayname) +{ +int family; +char *host = NULL, *rest = NULL; +int dpynum, scrnum; +char dpynumbuf[40];/* want to hold largest display num */ + +if ( a-family != FamilyWild ) { + return False; +} + +if (!parse_displayname (displayname, + family, host, dpynum, scrnum, rest)) { + return False; +} + +dpynumbuf[0] = '\0'; +sprintf (dpynumbuf, %d, dpynum); + +return ((a-address_length == strlen(host) +a-number_length == strlen(dpynumbuf) +memcmp(a-address, host, a-address_length) == 0 +memcmp(a-number, dpynumbuf, a-number_length) == 0) ? 1 : 0); +} + /* return non-zero iff display and authorization type are the same */ static int @@ -1236,13 +1268,22 @@ iterdpy (const char *inputfilename, int lineno, int start, /* l may be freed by remove_entry below. so save its contents */ next = l-next; tmp_auth = copyAuth(l-auth); - for (proto = proto_head; proto; proto = proto-next) { - if (match_auth_dpy (proto-auth, tmp_auth)) { - matched = True; - if (yfunc) { - status = (*yfunc) (inputfilename, lineno, - tmp_auth, data); - if (status 0) break; + + if ( match_authwild_dpy(tmp_auth, displayname) ) { + matched = True; + if (yfunc) { + status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); + } + } else { + for (proto = proto_head; proto; proto = proto-next) { + if (match_auth_dpy (proto-auth, tmp_auth)) { + matched = True; + if (yfunc) { + status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); + if (status 0) break; + } } } } -- Mit freundlichen Gruessen, Tilmann Bubeck +---+-+ | | dr. tilmann bubeck reinform medien- und | | | informationstechnologie AG | | rein | fon : +49 (711) 7 82 76-52 loeffelstr. 40 | | form | fax : +49 (711) 7 82 76-46 70597 stuttgart / germany | |AG | cell.: +49 (172) 8 84 29 72 fon: +49 (711) 75 86 56-10 | | | email: t.bub...@reinform.de http://www.reinform.de | | +-+ |
Re: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Am 19.12.2011 10:23, schrieb Dr. Tilmann Bubeck: Hello xorg, I sent you the mail below a few days ago with a patch for xauth. According to http://www.x.org/wiki/Development/Documentation/SubmittingPatches I am now pinging the list again. I do not know any maintainer to CC, so I only wrote to this list. I would be glad if this patch gets included. Also feel free to contact me, if anything has to be changed. Kind regards, Till On Thu, 01 Dec 2011 17:44:02 +0100, Dr. Tilmann Bubeck t.bub...@reinform.de wrote: From: Dr. Tilmann Bubeck t.bub...@reinform.de xauth is currently unable to handle FamilyWild. This gives problems with GDM receiving XDMCP request which used FamilyWild. More details in the referenced freedesktop bugzilla entry. The patch improves xauth to handle that Family: * allow dump_entry to deal with that Family and output such entries correctly. * allow list $DISPLAY to match against an entry in XAUTHORITY of type FamilyWild. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425 Signed-off-by: Dr. Tilmann Bubeck t.bub...@reinform.de --- process.c | 55 --- 1 files changed, 48 insertions(+), 7 deletions(-) diff --git a/process.c b/process.c index 283b4a1..651bea0 100644 --- a/process.c +++ b/process.c @@ -462,6 +462,9 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList **headp, AuthList **tailp) return n; } +/** + * Parse the given displayname and build a corresponding AuthList. + */ static Bool get_displayname_auth(const char *displayname, AuthList **authl) { @@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno, Xauth *auth, char *data) fwrite (auth-address, sizeof (char), auth-address_length, fp); fprintf (fp, /unix); break; +case FamilyWild: +fwrite (auth-address, sizeof (char), auth-address_length, fp); +break; case FamilyInternet: #if defined(IPv6) defined(AF_INET6) case FamilyInternet6: @@ -1073,6 +1079,32 @@ match_auth_dpy(register Xauth *a, register Xauth *b) memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0); } +static int +match_authwild_dpy(register Xauth *a, const char *displayname) +{ +int family; +char *host = NULL, *rest = NULL; +int dpynum, scrnum; +char dpynumbuf[40];/* want to hold largest display num */ + +if ( a-family != FamilyWild ) { +return False; +} + +if (!parse_displayname (displayname, +family, host, dpynum, scrnum, rest)) { +return False; +} i do not know parse_displayname() but i guess it will allocate memory for host and rest. I do not see a free() memory leak ? + +dpynumbuf[0] = '\0'; +sprintf (dpynumbuf, %d, dpynum); + +return ((a-address_length == strlen(host) + a-number_length == strlen(dpynumbuf) + memcmp(a-address, host, a-address_length) == 0 + memcmp(a-number, dpynumbuf, a-number_length) == 0) ? 1 : 0); +} + i have a problem with these memcp() block. could you entangle it a bit to improve readability ? like if ( a-address_length != strlen(host) || a-number_length == strlen(dpynumbuf) ) return False; if ( memcmp(a-address, host, a-address_length) == 0 memcmp(a-number, dpynumbuf, a-number_length) == 0) ) return True; else return False; hope that helps, re, wh /* return non-zero iff display and authorization type are the same */ static int @@ -1236,13 +1268,22 @@ iterdpy (const char *inputfilename, int lineno, int start, /* l may be freed by remove_entry below. so save its contents */ next = l-next; tmp_auth = copyAuth(l-auth); -for (proto = proto_head; proto; proto = proto-next) { -if (match_auth_dpy (proto-auth, tmp_auth)) { -matched = True; -if (yfunc) { -status = (*yfunc) (inputfilename, lineno, - tmp_auth, data); -if (status 0) break; + +if ( match_authwild_dpy(tmp_auth, displayname) ) { +matched = True; +if (yfunc) { +status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); +} +} else { +for (proto = proto_head; proto; proto = proto-next) { +if (match_auth_dpy (proto-auth, tmp_auth)) { +matched = True; +if (yfunc) { +status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); +if (status 0) break; +} } } } ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
From: Dr. Tilmann Bubeck t.bub...@reinform.de xauth is currently unable to handle FamilyWild. This gives problems with GDM receiving XDMCP request which used FamilyWild. More details in the referenced freedesktop bugzilla entry. The patch improves xauth to handle that Family: * allow dump_entry to deal with that Family and output such entries correctly. * allow list $DISPLAY to match against an entry in XAUTHORITY of type FamilyWild. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425 Signed-off-by: Dr. Tilmann Bubeck t.bub...@reinform.de --- process.c | 55 --- 1 files changed, 48 insertions(+), 7 deletions(-) diff --git a/process.c b/process.c index 283b4a1..651bea0 100644 --- a/process.c +++ b/process.c @@ -462,6 +462,9 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList **headp, AuthList **tailp) return n; } +/** + * Parse the given displayname and build a corresponding AuthList. + */ static Bool get_displayname_auth(const char *displayname, AuthList **authl) { @@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno, Xauth *auth, char *data) fwrite (auth-address, sizeof (char), auth-address_length, fp); fprintf (fp, /unix); break; + case FamilyWild: + fwrite (auth-address, sizeof (char), auth-address_length, fp); + break; case FamilyInternet: #if defined(IPv6) defined(AF_INET6) case FamilyInternet6: @@ -1073,6 +1079,32 @@ match_auth_dpy(register Xauth *a, register Xauth *b) memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0); } +static int +match_authwild_dpy(register Xauth *a, const char *displayname) +{ +int family; +char *host = NULL, *rest = NULL; +int dpynum, scrnum; +char dpynumbuf[40];/* want to hold largest display num */ + +if ( a-family != FamilyWild ) { + return False; +} + +if (!parse_displayname (displayname, + family, host, dpynum, scrnum, rest)) { + return False; +} + +dpynumbuf[0] = '\0'; +sprintf (dpynumbuf, %d, dpynum); + +return ((a-address_length == strlen(host) +a-number_length == strlen(dpynumbuf) +memcmp(a-address, host, a-address_length) == 0 +memcmp(a-number, dpynumbuf, a-number_length) == 0) ? 1 : 0); +} + /* return non-zero iff display and authorization type are the same */ static int @@ -1236,13 +1268,22 @@ iterdpy (const char *inputfilename, int lineno, int start, /* l may be freed by remove_entry below. so save its contents */ next = l-next; tmp_auth = copyAuth(l-auth); - for (proto = proto_head; proto; proto = proto-next) { - if (match_auth_dpy (proto-auth, tmp_auth)) { - matched = True; - if (yfunc) { - status = (*yfunc) (inputfilename, lineno, - tmp_auth, data); - if (status 0) break; + + if ( match_authwild_dpy(tmp_auth, displayname) ) { + matched = True; + if (yfunc) { + status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); + } + } else { + for (proto = proto_head; proto; proto = proto-next) { + if (match_auth_dpy (proto-auth, tmp_auth)) { + matched = True; + if (yfunc) { + status = (*yfunc) (inputfilename, lineno, + tmp_auth, data); + if (status 0) break; + } } } } -- 1.7.7.3 ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel