Meanwhile I came across https://bugs.freedesktop.org/show_bug.cgi?id=43425
where Tilmann proposes a fix for exactly the same problem. The solutions differ to some extent so let me try to explain what the differences are and why I chose to solve it the way shown below. On Wed, Aug 14, 2013 at 10:11:06PM +0200, Egbert Eich wrote: > > Xlib (xcb) uses XauGetBestAuthByAddr() when looking for an > authorization. 'xauth [n]list $DISPLAY' used a slightly > stricter algorithm which doesn't find a possible authorization > for cases where either the family is set to FamilyWild or > address the address length is 0. > > Signed-off-by: Egbert Eich <[email protected]> > --- > v2: Tried to make condition more readable as suggested > by walter harms <[email protected]>. > > process.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/process.c b/process.c > index a9466a7..7ae5f21 100644 > --- a/process.c > +++ b/process.c > @@ -1064,11 +1064,15 @@ eq_auth(Xauth *a, Xauth *b) > static int > match_auth_dpy(register Xauth *a, register Xauth *b) > { > - return ((a->family == b->family && > - a->address_length == b->address_length && > - a->number_length == b->number_length && > - memcmp(a->address, b->address, a->address_length) == 0 && > - memcmp(a->number, b->number, a->number_length) == 0) ? 1 : 0); > + if (a->family != FamilyWild && b->family != FamilyWild && > + (a->family != b->family || a->address_length != b->address_length || > + memcmp(a->address, b->address, a->address_length) != 0)) > + return 0; > + if (a->number_length != 0 && b->number_length != 0 && > + (a->number_length != b->number_length || > + memcmp(a->number, b->number, a->number_length) != 0)) > + return 0; > + return 1; > } Both Tilmann's patch in https://bugs.freedesktop.org/attachment.cgi?id=65284 and mine address the missing handling of FamilyWild in xauth. When a FamilyWild entry is found Tilman's patch also takes the the address length and address into account while in the above patch this data is ignored if one of the entries to compare belongs to FamilyWild. Tilman's patch introduces a special handling for FamilyWild in iterdpy() when match_auth_dpy() fails while the above fix directly adds this handling to match_auth_dpy(). The modification of match_auth_dpy() also affects match_auth() which calls this function. I've now looked for indicators if the address should be ignored when a FamilyWild is encountered. 1. 'man Xsecurity' states: ... A special connection family (FamilyWild, value 65535) causes an entry to match every display, allowing the entry to be used for all connections. ... 2. Looking at XauGetAuthByAddr() and XauGetBestAuthByAddr() in libXau, the address field gets ignored when one of the two entries to compare is FamilyWild. In fact the patch makes the comparisons in match_auth_dpy() and match_auth() very much identical to those in XauGetAuthByAddr() and XauGetBestAuthByAddr() The goal I tried to achieve in my patch was to make the behavior of xauth identical to the behavior of X clients looking for the closest matching authentication entry in the credentials file. X clients use XauGetBestAuthByAddr() (thru xcb) to find this entry. Cheers, Egbert. _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
