RE: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Hi list, Subject: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425 I haven't gotten any response to the patch. Since I can not find a maintainer in http://cgit.freedesktop.org/xorg/doc/xorg-docs/tree/MAINTAINERS I am pinging this list again. Stefan ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Hello xorg-devel,
[ please CC me in your replies ]
This is an updated version of Tilmann Bubeck's patch for #43425 fixing
remarks by Walter Harms.
This patch is needed in case you use the following setup
Client-VNC-XDMCP (localhost)-GDM
In the above scenario you won't be able to forward your Display using
X11:
ssh -X $OTHERHOST xterm
Warning: No xauth data; using fake authentication data for X11
forwarding.
Invalid MIT-MAGIC-COOKIE-1 keyxset: unable to open display
localhost:10.0
Invalid MIT-MAGIC-COOKIE-1 keyxterm Xt error: Can't open
display: localhost:10.0
Original log message:
xauth is currently unable to handle FamilyWild. This gives problems
with GDM receiving XDMCP request which used FamilyWild. More details
in the referenced freedesktop bugzilla entry.
The patch improves xauth to handle that Family:
* allow dump_entry to deal with that Family and output
such entries correctly.
* allow list $DISPLAY to match against an entry in
XAUTHORITY of type FamilyWild.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425
[ -- cut here -- ]
diff --git a/process.c b/process.c
index 283b4a1..49d1b13 100644
--- a/process.c
+++ b/process.c
@@ -462,7 +462,10 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList
**headp, AuthList **tailp)
return n;
}
-static Bool
+/**
+ * Parse the given displayname and build a corresponding AuthList.
+ */
+static Bool
get_displayname_auth(const char *displayname, AuthList **authl)
{
int family;
@@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno,
Xauth *auth, char *data)
fwrite (auth-address, sizeof (char), auth-address_length,
fp);
fprintf (fp, /unix);
break;
+ case FamilyWild:
+ fwrite (auth-address, sizeof (char), auth-address_length,
fp);
+ break;
case FamilyInternet:
#if defined(IPv6) defined(AF_INET6)
case FamilyInternet6:
@@ -1073,6 +1079,39 @@ match_auth_dpy(register Xauth *a, register Xauth
*b)
memcmp(a-number, b-number, a-number_length) == 0) ? 1 :
0);
}
+static int
+match_authwild_dpy(register Xauth *a, const char *displayname)
+{
+int family;
+char *host = NULL, *rest = NULL;
+int dpynum, scrnum;
+char dpynumbuf[40];/* want to hold largest
display num */
+
+if ( a-family != FamilyWild ) {
+ return False;
+}
+
+if (!parse_displayname (displayname,
+ family, host, dpynum, scrnum, rest)) {
+ if (host) free(host);
+ if (rest) free(rest);
+
+ return False;
+}
+
+dpynumbuf[0] = '\0';
+sprintf (dpynumbuf, %d, dpynum);
+
+if (a-address_length != strlen(host) || a-number_length !=
strlen(dpynumbuf))
+ return False;
+
+if (memcmp(a-address, host, a-address_length) == 0
+ memcmp(a-number, dpynumbuf, a-number_length) == 0)
+ return True;
+else
+ return False;
+}
+
/* return non-zero iff display and authorization type are the same */
static int
@@ -1236,13 +1275,22 @@ iterdpy (const char *inputfilename, int lineno,
int start,
/* l may be freed by remove_entry below. so save its
contents */
next = l-next;
tmp_auth = copyAuth(l-auth);
- for (proto = proto_head; proto; proto = proto-next) {
- if (match_auth_dpy (proto-auth, tmp_auth)) {
- matched = True;
- if (yfunc) {
- status = (*yfunc) (inputfilename, lineno,
- tmp_auth, data);
- if (status 0) break;
+
+ if ( match_authwild_dpy(tmp_auth, displayname) ) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ }
+ } else {
+ for (proto = proto_head; proto; proto = proto-next) {
+ if (match_auth_dpy (proto-auth, tmp_auth)) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ if (status 0) break;
+ }
}
}
}
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Hello xorg,
I sent you the mail below a few days ago with a patch for xauth. According
to http://www.x.org/wiki/Development/Documentation/SubmittingPatches I am
now pinging the list again. I do not know any maintainer to CC, so I only
wrote to this list.
I would be glad if this patch gets included.
Also feel free to contact me, if anything has to be changed.
Kind regards,
Till
On Thu, 01 Dec 2011 17:44:02 +0100, Dr. Tilmann Bubeck
t.bub...@reinform.de wrote:
From: Dr. Tilmann Bubeck t.bub...@reinform.de
xauth is currently unable to handle FamilyWild. This gives problems
with GDM receiving XDMCP request which used FamilyWild. More details
in the referenced freedesktop bugzilla entry.
The patch improves xauth to handle that Family:
* allow dump_entry to deal with that Family and output
such entries correctly.
* allow list $DISPLAY to match against an entry in
XAUTHORITY of type FamilyWild.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425
Signed-off-by: Dr. Tilmann Bubeck t.bub...@reinform.de
---
process.c | 55 ---
1 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/process.c b/process.c
index 283b4a1..651bea0 100644
--- a/process.c
+++ b/process.c
@@ -462,6 +462,9 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList
**headp, AuthList **tailp)
return n;
}
+/**
+ * Parse the given displayname and build a corresponding AuthList.
+ */
static Bool
get_displayname_auth(const char *displayname, AuthList **authl)
{
@@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno,
Xauth *auth, char *data)
fwrite (auth-address, sizeof (char), auth-address_length, fp);
fprintf (fp, /unix);
break;
+ case FamilyWild:
+ fwrite (auth-address, sizeof (char), auth-address_length, fp);
+ break;
case FamilyInternet:
#if defined(IPv6) defined(AF_INET6)
case FamilyInternet6:
@@ -1073,6 +1079,32 @@ match_auth_dpy(register Xauth *a, register Xauth
*b)
memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0);
}
+static int
+match_authwild_dpy(register Xauth *a, const char *displayname)
+{
+int family;
+char *host = NULL, *rest = NULL;
+int dpynum, scrnum;
+char dpynumbuf[40];/* want to hold largest display
num */
+
+if ( a-family != FamilyWild ) {
+ return False;
+}
+
+if (!parse_displayname (displayname,
+ family, host, dpynum, scrnum, rest)) {
+ return False;
+}
+
+dpynumbuf[0] = '\0';
+sprintf (dpynumbuf, %d, dpynum);
+
+return ((a-address_length == strlen(host)
+a-number_length == strlen(dpynumbuf)
+memcmp(a-address, host, a-address_length) == 0
+memcmp(a-number, dpynumbuf, a-number_length) == 0) ? 1 : 0);
+}
+
/* return non-zero iff display and authorization type are the same */
static int
@@ -1236,13 +1268,22 @@ iterdpy (const char *inputfilename, int lineno,
int start,
/* l may be freed by remove_entry below. so save its contents */
next = l-next;
tmp_auth = copyAuth(l-auth);
- for (proto = proto_head; proto; proto = proto-next) {
- if (match_auth_dpy (proto-auth, tmp_auth)) {
- matched = True;
- if (yfunc) {
- status = (*yfunc) (inputfilename, lineno,
- tmp_auth, data);
- if (status 0) break;
+
+ if ( match_authwild_dpy(tmp_auth, displayname) ) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ }
+ } else {
+ for (proto = proto_head; proto; proto = proto-next) {
+ if (match_auth_dpy (proto-auth, tmp_auth)) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ if (status 0) break;
+ }
}
}
}
--
Mit freundlichen Gruessen,
Tilmann Bubeck
+---+-+
| | dr. tilmann bubeck reinform medien- und |
| | informationstechnologie AG |
| rein | fon : +49 (711) 7 82 76-52 loeffelstr. 40 |
| form | fax : +49 (711) 7 82 76-46 70597 stuttgart / germany |
|AG | cell.: +49 (172) 8 84 29 72 fon: +49 (711) 75 86 56-10 |
| | email: t.bub...@reinform.de http://www.reinform.de |
| +-+
|
Re: [PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
Am 19.12.2011 10:23, schrieb Dr. Tilmann Bubeck:
Hello xorg,
I sent you the mail below a few days ago with a patch for xauth.
According to
http://www.x.org/wiki/Development/Documentation/SubmittingPatches I am
now pinging the list again. I do not know any maintainer to CC, so I
only wrote to this list.
I would be glad if this patch gets included.
Also feel free to contact me, if anything has to be changed.
Kind regards,
Till
On Thu, 01 Dec 2011 17:44:02 +0100, Dr. Tilmann Bubeck
t.bub...@reinform.de wrote:
From: Dr. Tilmann Bubeck t.bub...@reinform.de
xauth is currently unable to handle FamilyWild. This gives problems
with GDM receiving XDMCP request which used FamilyWild. More details
in the referenced freedesktop bugzilla entry.
The patch improves xauth to handle that Family:
* allow dump_entry to deal with that Family and output
such entries correctly.
* allow list $DISPLAY to match against an entry in
XAUTHORITY of type FamilyWild.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425
Signed-off-by: Dr. Tilmann Bubeck t.bub...@reinform.de
---
process.c | 55 ---
1 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/process.c b/process.c
index 283b4a1..651bea0 100644
--- a/process.c
+++ b/process.c
@@ -462,6 +462,9 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList
**headp, AuthList **tailp)
return n;
}
+/**
+ * Parse the given displayname and build a corresponding AuthList.
+ */
static Bool
get_displayname_auth(const char *displayname, AuthList **authl)
{
@@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno,
Xauth *auth, char *data)
fwrite (auth-address, sizeof (char), auth-address_length, fp);
fprintf (fp, /unix);
break;
+case FamilyWild:
+fwrite (auth-address, sizeof (char), auth-address_length, fp);
+break;
case FamilyInternet:
#if defined(IPv6) defined(AF_INET6)
case FamilyInternet6:
@@ -1073,6 +1079,32 @@ match_auth_dpy(register Xauth *a, register
Xauth *b)
memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0);
}
+static int
+match_authwild_dpy(register Xauth *a, const char *displayname)
+{
+int family;
+char *host = NULL, *rest = NULL;
+int dpynum, scrnum;
+char dpynumbuf[40];/* want to hold largest display
num */
+
+if ( a-family != FamilyWild ) {
+return False;
+}
+
+if (!parse_displayname (displayname,
+family, host, dpynum, scrnum, rest)) {
+return False;
+}
i do not know parse_displayname() but i guess it will allocate
memory for host and rest. I do not see a free()
memory leak ?
+
+dpynumbuf[0] = '\0';
+sprintf (dpynumbuf, %d, dpynum);
+
+return ((a-address_length == strlen(host)
+ a-number_length == strlen(dpynumbuf)
+ memcmp(a-address, host, a-address_length) == 0
+ memcmp(a-number, dpynumbuf, a-number_length) == 0) ? 1 : 0);
+}
+
i have a problem with these memcp() block.
could you entangle it a bit to improve readability ?
like
if ( a-address_length != strlen(host) || a-number_length ==
strlen(dpynumbuf) )
return False;
if ( memcmp(a-address, host, a-address_length) == 0
memcmp(a-number, dpynumbuf, a-number_length) == 0) )
return True;
else
return False;
hope that helps,
re,
wh
/* return non-zero iff display and authorization type are the same */
static int
@@ -1236,13 +1268,22 @@ iterdpy (const char *inputfilename, int
lineno, int start,
/* l may be freed by remove_entry below. so save its contents */
next = l-next;
tmp_auth = copyAuth(l-auth);
-for (proto = proto_head; proto; proto = proto-next) {
-if (match_auth_dpy (proto-auth, tmp_auth)) {
-matched = True;
-if (yfunc) {
-status = (*yfunc) (inputfilename, lineno,
- tmp_auth, data);
-if (status 0) break;
+
+if ( match_authwild_dpy(tmp_auth, displayname) ) {
+matched = True;
+if (yfunc) {
+status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+}
+} else {
+for (proto = proto_head; proto; proto = proto-next) {
+if (match_auth_dpy (proto-auth, tmp_auth)) {
+matched = True;
+if (yfunc) {
+status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+if (status 0) break;
+}
}
}
}
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] xauth: improve to handle FamilyWild necessary for GDM/XDMCP/SSH. #43425
From: Dr. Tilmann Bubeck t.bub...@reinform.de
xauth is currently unable to handle FamilyWild. This gives problems
with GDM receiving XDMCP request which used FamilyWild. More details
in the referenced freedesktop bugzilla entry.
The patch improves xauth to handle that Family:
* allow dump_entry to deal with that Family and output
such entries correctly.
* allow list $DISPLAY to match against an entry in
XAUTHORITY of type FamilyWild.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=43425
Signed-off-by: Dr. Tilmann Bubeck t.bub...@reinform.de
---
process.c | 55 ---
1 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/process.c b/process.c
index 283b4a1..651bea0 100644
--- a/process.c
+++ b/process.c
@@ -462,6 +462,9 @@ read_auth_entries(FILE *fp, Bool numeric, AuthList **headp,
AuthList **tailp)
return n;
}
+/**
+ * Parse the given displayname and build a corresponding AuthList.
+ */
static Bool
get_displayname_auth(const char *displayname, AuthList **authl)
{
@@ -991,6 +994,9 @@ dump_entry(const char *inputfilename, int lineno, Xauth
*auth, char *data)
fwrite (auth-address, sizeof (char), auth-address_length, fp);
fprintf (fp, /unix);
break;
+ case FamilyWild:
+ fwrite (auth-address, sizeof (char), auth-address_length, fp);
+ break;
case FamilyInternet:
#if defined(IPv6) defined(AF_INET6)
case FamilyInternet6:
@@ -1073,6 +1079,32 @@ match_auth_dpy(register Xauth *a, register Xauth *b)
memcmp(a-number, b-number, a-number_length) == 0) ? 1 : 0);
}
+static int
+match_authwild_dpy(register Xauth *a, const char *displayname)
+{
+int family;
+char *host = NULL, *rest = NULL;
+int dpynum, scrnum;
+char dpynumbuf[40];/* want to hold largest display
num */
+
+if ( a-family != FamilyWild ) {
+ return False;
+}
+
+if (!parse_displayname (displayname,
+ family, host, dpynum, scrnum, rest)) {
+ return False;
+}
+
+dpynumbuf[0] = '\0';
+sprintf (dpynumbuf, %d, dpynum);
+
+return ((a-address_length == strlen(host)
+a-number_length == strlen(dpynumbuf)
+memcmp(a-address, host, a-address_length) == 0
+memcmp(a-number, dpynumbuf, a-number_length) == 0) ? 1 : 0);
+}
+
/* return non-zero iff display and authorization type are the same */
static int
@@ -1236,13 +1268,22 @@ iterdpy (const char *inputfilename, int lineno, int
start,
/* l may be freed by remove_entry below. so save its contents */
next = l-next;
tmp_auth = copyAuth(l-auth);
- for (proto = proto_head; proto; proto = proto-next) {
- if (match_auth_dpy (proto-auth, tmp_auth)) {
- matched = True;
- if (yfunc) {
- status = (*yfunc) (inputfilename, lineno,
- tmp_auth, data);
- if (status 0) break;
+
+ if ( match_authwild_dpy(tmp_auth, displayname) ) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ }
+ } else {
+ for (proto = proto_head; proto; proto = proto-next) {
+ if (match_auth_dpy (proto-auth, tmp_auth)) {
+ matched = True;
+ if (yfunc) {
+ status = (*yfunc) (inputfilename, lineno,
+ tmp_auth, data);
+ if (status 0) break;
+ }
}
}
}
--
1.7.7.3
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
