source: filezilla/trunk/fuentes/src/putty/x11fwd.c @ 3185

Last change on this file since 3185 was 3185, checked in by jrpelegrina, 3 years ago

Update new version: 3.15.02

File size: 32.8 KB
Line 
1/*
2 * Platform-independent bits of X11 forwarding.
3 */
4
5#include <stdio.h>
6#include <stdlib.h>
7#include <assert.h>
8#include <time.h>
9
10#include "putty.h"
11#include "ssh.h"
12#include "tree234.h"
13
14#define GET_16BIT(endian, cp) \
15  (endian=='B' ? GET_16BIT_MSB_FIRST(cp) : GET_16BIT_LSB_FIRST(cp))
16
17#define PUT_16BIT(endian, cp, val) \
18  (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val))
19
20const char *const x11_authnames[] = {
21    "", "MIT-MAGIC-COOKIE-1", "XDM-AUTHORIZATION-1"
22};
23
24struct XDMSeen {
25    unsigned int time;
26    unsigned char clientid[6];
27};
28
29struct X11Connection {
30    const struct plug_function_table *fn;
31    /* the above variable absolutely *must* be the first in this structure */
32    unsigned char firstpkt[12];        /* first X data packet */
33    tree234 *authtree;
34    struct X11Display *disp;
35    char *auth_protocol;
36    unsigned char *auth_data;
37    int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize;
38    int verified;
39    int throttled, throttle_override;
40    int no_data_sent_to_x_client;
41    char *peer_addr;
42    int peer_port;
43    struct ssh_channel *c;        /* channel structure held by ssh.c */
44    Socket s;
45};
46
47static int xdmseen_cmp(void *a, void *b)
48{
49    struct XDMSeen *sa = a, *sb = b;
50    return sa->time > sb->time ? 1 :
51           sa->time < sb->time ? -1 :
52           memcmp(sa->clientid, sb->clientid, sizeof(sa->clientid));
53}
54
55/* Do-nothing "plug" implementation, used by x11_setup_display() when it
56 * creates a trial connection (and then immediately closes it).
57 * XXX: bit out of place here, could in principle live in a platform-
58 *      independent network.c or something */
59static void dummy_plug_log(Plug p, int type, SockAddr addr, int port,
60                           const char *error_msg, int error_code) { }
61static int dummy_plug_closing
62     (Plug p, const char *error_msg, int error_code, int calling_back)
63{ return 1; }
64static int dummy_plug_receive(Plug p, int urgent, char *data, int len)
65{ return 1; }
66static void dummy_plug_sent(Plug p, int bufsize) { }
67static int dummy_plug_accepting(Plug p, accept_fn_t constructor, accept_ctx_t ctx) { return 1; }
68static const struct plug_function_table dummy_plug = {
69    dummy_plug_log, dummy_plug_closing, dummy_plug_receive,
70    dummy_plug_sent, dummy_plug_accepting
71};
72
73struct X11FakeAuth *x11_invent_fake_auth(tree234 *authtree, int authtype)
74{
75    struct X11FakeAuth *auth = snew(struct X11FakeAuth);
76    int i;
77
78    /*
79     * This function has the job of inventing a set of X11 fake auth
80     * data, and adding it to 'authtree'. We must preserve the
81     * property that for any given actual authorisation attempt, _at
82     * most one_ thing in the tree can possibly match it.
83     *
84     * For MIT-MAGIC-COOKIE-1, that's not too difficult: the match
85     * criterion is simply that the entire cookie is correct, so we
86     * just have to make sure we don't make up two cookies the same.
87     * (Vanishingly unlikely, but we check anyway to be sure, and go
88     * round again inventing a new cookie if add234 tells us the one
89     * we thought of is already in use.)
90     *
91     * For XDM-AUTHORIZATION-1, it's a little more fiddly. The setup
92     * with XA1 is that half the cookie is used as a DES key with
93     * which to CBC-encrypt an assortment of stuff. Happily, the stuff
94     * encrypted _begins_ with the other half of the cookie, and the
95     * IV is always zero, which means that any valid XA1 authorisation
96     * attempt for a given cookie must begin with the same cipher
97     * block, consisting of the DES ECB encryption of the first half
98     * of the cookie using the second half as a key. So we compute
99     * that cipher block here and now, and use it as the sorting key
100     * for distinguishing XA1 entries in the tree.
101     */
102
103    if (authtype == X11_MIT) {
104        auth->proto = X11_MIT;
105
106        /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */
107        auth->datalen = 16;
108        auth->data = snewn(auth->datalen, unsigned char);
109        auth->xa1_firstblock = NULL;
110
111        while (1) {
112            for (i = 0; i < auth->datalen; i++)
113                auth->data[i] = random_byte();
114            if (add234(authtree, auth) == auth)
115                break;
116        }
117
118        auth->xdmseen = NULL;
119    } else {
120        assert(authtype == X11_XDM);
121        auth->proto = X11_XDM;
122
123        /* XDM-AUTHORIZATION-1. Cookie size is 16 bytes; byte 8 is zero. */
124        auth->datalen = 16;
125        auth->data = snewn(auth->datalen, unsigned char);
126        auth->xa1_firstblock = snewn(8, unsigned char);
127        memset(auth->xa1_firstblock, 0, 8);
128
129        while (1) {
130            for (i = 0; i < auth->datalen; i++)
131                auth->data[i] = (i == 8 ? 0 : random_byte());
132            memcpy(auth->xa1_firstblock, auth->data, 8);
133            des_encrypt_xdmauth(auth->data + 9, auth->xa1_firstblock, 8);
134            if (add234(authtree, auth) == auth)
135                break;
136        }
137
138        auth->xdmseen = newtree234(xdmseen_cmp);
139    }
140    auth->protoname = dupstr(x11_authnames[auth->proto]);
141    auth->datastring = snewn(auth->datalen * 2 + 1, char);
142    for (i = 0; i < auth->datalen; i++)
143        sprintf(auth->datastring + i*2, "%02x",
144                auth->data[i]);
145
146    auth->disp = NULL;
147    auth->share_cs = auth->share_chan = NULL;
148
149    return auth;
150}
151
152void x11_free_fake_auth(struct X11FakeAuth *auth)
153{
154    if (auth->data)
155        smemclr(auth->data, auth->datalen);
156    sfree(auth->data);
157    sfree(auth->protoname);
158    sfree(auth->datastring);
159    sfree(auth->xa1_firstblock);
160    if (auth->xdmseen != NULL) {
161        struct XDMSeen *seen;
162        while ((seen = delpos234(auth->xdmseen, 0)) != NULL)
163            sfree(seen);
164        freetree234(auth->xdmseen);
165    }
166    sfree(auth);
167}
168
169int x11_authcmp(void *av, void *bv)
170{
171    struct X11FakeAuth *a = (struct X11FakeAuth *)av;
172    struct X11FakeAuth *b = (struct X11FakeAuth *)bv;
173
174    if (a->proto < b->proto)
175        return -1;
176    else if (a->proto > b->proto)
177        return +1;
178
179    if (a->proto == X11_MIT) {
180        if (a->datalen < b->datalen)
181            return -1;
182        else if (a->datalen > b->datalen)
183            return +1;
184
185        return memcmp(a->data, b->data, a->datalen);
186    } else {
187        assert(a->proto == X11_XDM);
188
189        return memcmp(a->xa1_firstblock, b->xa1_firstblock, 8);
190    }
191}
192
193struct X11Display *x11_setup_display(const char *display, Conf *conf)
194{
195    struct X11Display *disp = snew(struct X11Display);
196    char *localcopy;
197
198    if (!display || !*display) {
199        localcopy = platform_get_x_display();
200        if (!localcopy || !*localcopy) {
201            sfree(localcopy);
202            localcopy = dupstr(":0");  /* plausible default for any platform */
203        }
204    } else
205        localcopy = dupstr(display);
206
207    /*
208     * Parse the display name.
209     *
210     * We expect this to have one of the following forms:
211     *
212     *  - the standard X format which looks like
213     *    [ [ protocol '/' ] host ] ':' displaynumber [ '.' screennumber ]
214     *    (X11 also permits a double colon to indicate DECnet, but
215     *    that's not our problem, thankfully!)
216     *
217     *  - only seen in the wild on MacOS (so far): a pathname to a
218     *    Unix-domain socket, which will typically and confusingly
219     *    end in ":0", and which I'm currently distinguishing from
220     *    the standard scheme by noting that it starts with '/'.
221     */
222    if (localcopy[0] == '/') {
223        disp->unixsocketpath = localcopy;
224        disp->unixdomain = TRUE;
225        disp->hostname = NULL;
226        disp->displaynum = -1;
227        disp->screennum = 0;
228        disp->addr = NULL;
229    } else {
230        char *colon, *dot, *slash;
231        char *protocol, *hostname;
232
233        colon = host_strrchr(localcopy, ':');
234        if (!colon) {
235            sfree(disp);
236            sfree(localcopy);
237            return NULL;               /* FIXME: report a specific error? */
238        }
239
240        *colon++ = '\0';
241        dot = strchr(colon, '.');
242        if (dot)
243            *dot++ = '\0';
244
245        disp->displaynum = atoi(colon);
246        if (dot)
247            disp->screennum = atoi(dot);
248        else
249            disp->screennum = 0;
250
251        protocol = NULL;
252        hostname = localcopy;
253        if (colon > localcopy) {
254            slash = strchr(localcopy, '/');
255            if (slash) {
256                *slash++ = '\0';
257                protocol = localcopy;
258                hostname = slash;
259            }
260        }
261
262        disp->hostname = *hostname ? dupstr(hostname) : NULL;
263
264        if (protocol)
265            disp->unixdomain = (!strcmp(protocol, "local") ||
266                                !strcmp(protocol, "unix"));
267        else if (!*hostname || !strcmp(hostname, "unix"))
268            disp->unixdomain = platform_uses_x11_unix_by_default;
269        else
270            disp->unixdomain = FALSE;
271
272        if (!disp->hostname && !disp->unixdomain)
273            disp->hostname = dupstr("localhost");
274
275        disp->unixsocketpath = NULL;
276        disp->addr = NULL;
277
278        sfree(localcopy);
279    }
280
281    /*
282     * Look up the display hostname, if we need to.
283     */
284    if (!disp->unixdomain) {
285        const char *err;
286
287        disp->port = 6000 + disp->displaynum;
288        disp->addr = name_lookup(disp->hostname, disp->port,
289                                 &disp->realhost, conf, ADDRTYPE_UNSPEC,
290                                 NULL, NULL);
291   
292        if ((err = sk_addr_error(disp->addr)) != NULL) {
293            sk_addr_free(disp->addr);
294            sfree(disp->hostname);
295            sfree(disp->unixsocketpath);
296            sfree(disp);
297            return NULL;               /* FIXME: report an error */
298        }
299    }
300
301    /*
302     * Try upgrading an IP-style localhost display to a Unix-socket
303     * display (as the standard X connection libraries do).
304     */
305    if (!disp->unixdomain && sk_address_is_local(disp->addr)) {
306        SockAddr ux = platform_get_x11_unix_address(NULL, disp->displaynum);
307        const char *err = sk_addr_error(ux);
308        if (!err) {
309            /* Create trial connection to see if there is a useful Unix-domain
310             * socket */
311            const struct plug_function_table *dummy = &dummy_plug;
312            Socket s = sk_new(sk_addr_dup(ux), 0, 0, 0, 0, 0, (Plug)&dummy);
313            err = sk_socket_error(s);
314            sk_close(s);
315        }
316        if (err) {
317            sk_addr_free(ux);
318        } else {
319            sk_addr_free(disp->addr);
320            disp->unixdomain = TRUE;
321            disp->addr = ux;
322            /* Fill in the rest in a moment */
323        }
324    }
325
326    if (disp->unixdomain) {
327        if (!disp->addr)
328            disp->addr = platform_get_x11_unix_address(disp->unixsocketpath,
329                                                       disp->displaynum);
330        if (disp->unixsocketpath)
331            disp->realhost = dupstr(disp->unixsocketpath);
332        else
333            disp->realhost = dupprintf("unix:%d", disp->displaynum);
334        disp->port = 0;
335    }
336
337    /*
338     * Fetch the local authorisation details.
339     */
340    disp->localauthproto = X11_NO_AUTH;
341    disp->localauthdata = NULL;
342    disp->localauthdatalen = 0;
343    platform_get_x11_auth(disp, conf);
344
345    return disp;
346}
347
348void x11_free_display(struct X11Display *disp)
349{
350    sfree(disp->hostname);
351    sfree(disp->unixsocketpath);
352    if (disp->localauthdata)
353        smemclr(disp->localauthdata, disp->localauthdatalen);
354    sfree(disp->localauthdata);
355    sk_addr_free(disp->addr);
356    sfree(disp);
357}
358
359#define XDM_MAXSKEW 20*60      /* 20 minute clock skew should be OK */
360
361static const char *x11_verify(unsigned long peer_ip, int peer_port,
362                              tree234 *authtree, char *proto,
363                              unsigned char *data, int dlen,
364                              struct X11FakeAuth **auth_ret)
365{
366    struct X11FakeAuth match_dummy;    /* for passing to find234 */
367    struct X11FakeAuth *auth;
368
369    /*
370     * First, do a lookup in our tree to find the only authorisation
371     * record that _might_ match.
372     */
373    if (!strcmp(proto, x11_authnames[X11_MIT])) {
374        /*
375         * Just look up the whole cookie that was presented to us,
376         * which x11_authcmp will compare against the cookies we
377         * currently believe in.
378         */
379        match_dummy.proto = X11_MIT;
380        match_dummy.datalen = dlen;
381        match_dummy.data = data;
382    } else if (!strcmp(proto, x11_authnames[X11_XDM])) {
383        /*
384         * Look up the first cipher block, against the stored first
385         * cipher blocks for the XDM-AUTHORIZATION-1 cookies we
386         * currently know. (See comment in x11_invent_fake_auth.)
387         */
388        match_dummy.proto = X11_XDM;
389        match_dummy.xa1_firstblock = data;
390    } else {
391        return "Unsupported authorisation protocol";
392    }
393
394    if ((auth = find234(authtree, &match_dummy, 0)) == NULL)
395        return "Authorisation not recognised";
396
397    /*
398     * If we're using MIT-MAGIC-COOKIE-1, that was all we needed. If
399     * we're doing XDM-AUTHORIZATION-1, though, we have to check the
400     * rest of the auth data.
401     */
402    if (auth->proto == X11_XDM) {
403        unsigned long t;
404        time_t tim;
405        int i;
406        struct XDMSeen *seen, *ret;
407
408        if (dlen != 24)
409            return "XDM-AUTHORIZATION-1 data was wrong length";
410        if (peer_port == -1)
411            return "cannot do XDM-AUTHORIZATION-1 without remote address data";
412        des_decrypt_xdmauth(auth->data+9, data, 24);
413        if (memcmp(auth->data, data, 8) != 0)
414            return "XDM-AUTHORIZATION-1 data failed check"; /* cookie wrong */
415        if (GET_32BIT_MSB_FIRST(data+8) != peer_ip)
416            return "XDM-AUTHORIZATION-1 data failed check";   /* IP wrong */
417        if ((int)GET_16BIT_MSB_FIRST(data+12) != peer_port)
418            return "XDM-AUTHORIZATION-1 data failed check";   /* port wrong */
419        t = GET_32BIT_MSB_FIRST(data+14);
420        for (i = 18; i < 24; i++)
421            if (data[i] != 0)          /* zero padding wrong */
422                return "XDM-AUTHORIZATION-1 data failed check";
423        tim = time(NULL);
424        if (((unsigned long)t - (unsigned long)tim
425             + XDM_MAXSKEW) > 2*XDM_MAXSKEW)
426            return "XDM-AUTHORIZATION-1 time stamp was too far out";
427        seen = snew(struct XDMSeen);
428        seen->time = t;
429        memcpy(seen->clientid, data+8, 6);
430        assert(auth->xdmseen != NULL);
431        ret = add234(auth->xdmseen, seen);
432        if (ret != seen) {
433            sfree(seen);
434            return "XDM-AUTHORIZATION-1 data replayed";
435        }
436        /* While we're here, purge entries too old to be replayed. */
437        for (;;) {
438            seen = index234(auth->xdmseen, 0);
439            assert(seen != NULL);
440            if (t - seen->time <= XDM_MAXSKEW)
441                break;
442            sfree(delpos234(auth->xdmseen, 0));
443        }
444    }
445    /* implement other protocols here if ever required */
446
447    *auth_ret = auth;
448    return NULL;
449}
450
451void x11_get_auth_from_authfile(struct X11Display *disp,
452                                const char *authfilename)
453{
454    FILE *authfp;
455    char *buf, *ptr, *str[4];
456    int len[4];
457    int family, protocol;
458    int ideal_match = FALSE;
459    char *ourhostname;
460
461    /*
462     * Normally we should look for precisely the details specified in
463     * `disp'. However, there's an oddity when the display is local:
464     * displays like "localhost:0" usually have their details stored
465     * in a Unix-domain-socket record (even if there isn't actually a
466     * real Unix-domain socket available, as with OpenSSH's proxy X11
467     * server).
468     *
469     * This is apparently a fudge to get round the meaninglessness of
470     * "localhost" in a shared-home-directory context -- xauth entries
471     * for Unix-domain sockets already disambiguate this by storing
472     * the *local* hostname in the conveniently-blank hostname field,
473     * but IP "localhost" records couldn't do this. So, typically, an
474     * IP "localhost" entry in the auth database isn't present and if
475     * it were it would be ignored.
476     *
477     * However, we don't entirely trust that (say) Windows X servers
478     * won't rely on a straight "localhost" entry, bad idea though
479     * that is; so if we can't find a Unix-domain-socket entry we'll
480     * fall back to an IP-based entry if we can find one.
481     */
482    int localhost = !disp->unixdomain && sk_address_is_local(disp->addr);
483
484    authfp = fopen(authfilename, "rb");
485    if (!authfp)
486        return;
487
488    ourhostname = get_hostname();
489
490    /* Records in .Xauthority contain four strings of up to 64K each */
491    buf = snewn(65537 * 4, char);
492
493    while (!ideal_match) {
494        int c, i, j, match = FALSE;
495       
496#define GET do { c = fgetc(authfp); if (c == EOF) goto done; c = (unsigned char)c; } while (0)
497        /* Expect a big-endian 2-byte number giving address family */
498        GET; family = c;
499        GET; family = (family << 8) | c;
500        /* Then expect four strings, each composed of a big-endian 2-byte
501         * length field followed by that many bytes of data */
502        ptr = buf;
503        for (i = 0; i < 4; i++) {
504            GET; len[i] = c;
505            GET; len[i] = (len[i] << 8) | c;
506            str[i] = ptr;
507            for (j = 0; j < len[i]; j++) {
508                GET; *ptr++ = c;
509            }
510            *ptr++ = '\0';
511        }
512#undef GET
513
514        /*
515         * Now we have a full X authority record in memory. See
516         * whether it matches the display we're trying to
517         * authenticate to.
518         *
519         * The details we've just read should be interpreted as
520         * follows:
521         *
522         *  - 'family' is the network address family used to
523         *    connect to the display. 0 means IPv4; 6 means IPv6;
524         *    256 means Unix-domain sockets.
525         *
526         *  - str[0] is the network address itself. For IPv4 and
527         *    IPv6, this is a string of binary data of the
528         *    appropriate length (respectively 4 and 16 bytes)
529         *    representing the address in big-endian format, e.g.
530         *    7F 00 00 01 means IPv4 localhost. For Unix-domain
531         *    sockets, this is the host name of the machine on
532         *    which the Unix-domain display resides (so that an
533         *    .Xauthority file on a shared file system can contain
534         *    authority entries for Unix-domain displays on
535         *    several machines without them clashing).
536         *
537         *  - str[1] is the display number. I've no idea why
538         *    .Xauthority stores this as a string when it has a
539         *    perfectly good integer format, but there we go.
540         *
541         *  - str[2] is the authorisation method, encoded as its
542         *    canonical string name (i.e. "MIT-MAGIC-COOKIE-1",
543         *    "XDM-AUTHORIZATION-1" or something we don't
544         *    recognise).
545         *
546         *  - str[3] is the actual authorisation data, stored in
547         *    binary form.
548         */
549
550        if (disp->displaynum < 0 || disp->displaynum != atoi(str[1]))
551            continue;                  /* not the one */
552
553        for (protocol = 1; protocol < lenof(x11_authnames); protocol++)
554            if (!strcmp(str[2], x11_authnames[protocol]))
555                break;
556        if (protocol == lenof(x11_authnames))
557            continue;  /* don't recognise this protocol, look for another */
558
559        switch (family) {
560          case 0:   /* IPv4 */
561            if (!disp->unixdomain &&
562                sk_addrtype(disp->addr) == ADDRTYPE_IPV4) {
563                char buf[4];
564                sk_addrcopy(disp->addr, buf);
565                if (len[0] == 4 && !memcmp(str[0], buf, 4)) {
566                    match = TRUE;
567                    /* If this is a "localhost" entry, note it down
568                     * but carry on looking for a Unix-domain entry. */
569                    ideal_match = !localhost;
570                }
571            }
572            break;
573          case 6:   /* IPv6 */
574            if (!disp->unixdomain &&
575                sk_addrtype(disp->addr) == ADDRTYPE_IPV6) {
576                char buf[16];
577                sk_addrcopy(disp->addr, buf);
578                if (len[0] == 16 && !memcmp(str[0], buf, 16)) {
579                    match = TRUE;
580                    ideal_match = !localhost;
581                }
582            }
583            break;
584          case 256: /* Unix-domain / localhost */
585            if ((disp->unixdomain || localhost)
586                && ourhostname && !strcmp(ourhostname, str[0]))
587                /* A matching Unix-domain socket is always the best
588                 * match. */
589                match = ideal_match = TRUE;
590            break;
591        }
592
593        if (match) {
594            /* Current best guess -- may be overridden if !ideal_match */
595            disp->localauthproto = protocol;
596            sfree(disp->localauthdata); /* free previous guess, if any */
597            disp->localauthdata = snewn(len[3], unsigned char);
598            memcpy(disp->localauthdata, str[3], len[3]);
599            disp->localauthdatalen = len[3];
600        }
601    }
602
603    done:
604    fclose(authfp);
605    smemclr(buf, 65537 * 4);
606    sfree(buf);
607    sfree(ourhostname);
608}
609
610static void x11_log(Plug p, int type, SockAddr addr, int port,
611                    const char *error_msg, int error_code)
612{
613    /* We have no interface to the logging module here, so we drop these. */
614}
615
616static void x11_send_init_error(struct X11Connection *conn,
617                                const char *err_message);
618
619static int x11_closing(Plug plug, const char *error_msg, int error_code,
620                       int calling_back)
621{
622    struct X11Connection *xconn = (struct X11Connection *) plug;
623
624    if (error_msg) {
625        /*
626         * Socket error. If we're still at the connection setup stage,
627         * construct an X11 error packet passing on the problem.
628         */
629        if (xconn->no_data_sent_to_x_client) {
630            char *err_message = dupprintf("unable to connect to forwarded "
631                                          "X server: %s", error_msg);
632            x11_send_init_error(xconn, err_message);
633            sfree(err_message);
634        }
635
636        /*
637         * Whether we did that or not, now we slam the connection
638         * shut.
639         */
640        sshfwd_unclean_close(xconn->c, error_msg);
641    } else {
642        /*
643         * Ordinary EOF received on socket. Send an EOF on the SSH
644         * channel.
645         */
646        if (xconn->c)
647            sshfwd_write_eof(xconn->c);
648    }
649
650    return 1;
651}
652
653static int x11_receive(Plug plug, int urgent, char *data, int len)
654{
655    struct X11Connection *xconn = (struct X11Connection *) plug;
656
657    if (sshfwd_write(xconn->c, data, len) > 0) {
658        xconn->throttled = 1;
659        xconn->no_data_sent_to_x_client = FALSE;
660        sk_set_frozen(xconn->s, 1);
661    }
662
663    return 1;
664}
665
666static void x11_sent(Plug plug, int bufsize)
667{
668    struct X11Connection *xconn = (struct X11Connection *) plug;
669
670    sshfwd_unthrottle(xconn->c, bufsize);
671}
672
673/*
674 * When setting up X forwarding, we should send the screen number
675 * from the specified local display. This function extracts it from
676 * the display string.
677 */
678int x11_get_screen_number(char *display)
679{
680    int n;
681
682    n = host_strcspn(display, ":");
683    if (!display[n])
684        return 0;
685    n = strcspn(display, ".");
686    if (!display[n])
687        return 0;
688    return atoi(display + n + 1);
689}
690
691/*
692 * Called to set up the X11Connection structure, though this does not
693 * yet connect to an actual server.
694 */
695struct X11Connection *x11_init(tree234 *authtree, void *c,
696                               const char *peeraddr, int peerport)
697{
698    static const struct plug_function_table fn_table = {
699        x11_log,
700        x11_closing,
701        x11_receive,
702        x11_sent,
703        NULL
704    };
705
706    struct X11Connection *xconn;
707
708    /*
709     * Open socket.
710     */
711    xconn = snew(struct X11Connection);
712    xconn->fn = &fn_table;
713    xconn->auth_protocol = NULL;
714    xconn->authtree = authtree;
715    xconn->verified = 0;
716    xconn->data_read = 0;
717    xconn->throttled = xconn->throttle_override = 0;
718    xconn->no_data_sent_to_x_client = TRUE;
719    xconn->c = c;
720
721    /*
722     * We don't actually open a local socket to the X server just yet,
723     * because we don't know which one it is. Instead, we'll wait
724     * until we see the incoming authentication data, which may tell
725     * us what display to connect to, or whether we have to divert
726     * this X forwarding channel to a connection-sharing downstream
727     * rather than handling it ourself.
728     */
729    xconn->disp = NULL;
730    xconn->s = NULL;
731
732    /*
733     * Stash the peer address we were given in its original text form.
734     */
735    xconn->peer_addr = peeraddr ? dupstr(peeraddr) : NULL;
736    xconn->peer_port = peerport;
737
738    return xconn;
739}
740
741void x11_close(struct X11Connection *xconn)
742{
743    if (!xconn)
744        return;
745
746    if (xconn->auth_protocol) {
747        sfree(xconn->auth_protocol);
748        sfree(xconn->auth_data);
749    }
750
751    if (xconn->s)
752        sk_close(xconn->s);
753
754    sfree(xconn->peer_addr);
755    sfree(xconn);
756}
757
758void x11_unthrottle(struct X11Connection *xconn)
759{
760    if (!xconn)
761        return;
762
763    xconn->throttled = 0;
764    if (xconn->s)
765        sk_set_frozen(xconn->s, xconn->throttled || xconn->throttle_override);
766}
767
768void x11_override_throttle(struct X11Connection *xconn, int enable)
769{
770    if (!xconn)
771        return;
772
773    xconn->throttle_override = enable;
774    if (xconn->s)
775        sk_set_frozen(xconn->s, xconn->throttled || xconn->throttle_override);
776}
777
778static void x11_send_init_error(struct X11Connection *xconn,
779                                const char *err_message)
780{
781    char *full_message;
782    int msglen, msgsize;
783    unsigned char *reply;
784
785    full_message = dupprintf("%s X11 proxy: %s\n", appname, err_message);
786
787    msglen = strlen(full_message);
788    reply = snewn(8 + msglen+1 + 4, unsigned char); /* include zero */
789    msgsize = (msglen + 3) & ~3;
790    reply[0] = 0;              /* failure */
791    reply[1] = msglen;         /* length of reason string */
792    memcpy(reply + 2, xconn->firstpkt + 2, 4);  /* major/minor proto vsn */
793    PUT_16BIT(xconn->firstpkt[0], reply + 6, msgsize >> 2);/* data len */
794    memset(reply + 8, 0, msgsize);
795    memcpy(reply + 8, full_message, msglen);
796    sshfwd_write(xconn->c, (char *)reply, 8 + msgsize);
797    sshfwd_write_eof(xconn->c);
798    xconn->no_data_sent_to_x_client = FALSE;
799    sfree(reply);
800    sfree(full_message);
801}
802
803static int x11_parse_ip(const char *addr_string, unsigned long *ip)
804{
805
806    /*
807     * See if we can make sense of this string as an IPv4 address, for
808     * XDM-AUTHORIZATION-1 purposes.
809     */
810    int i[4];
811    if (addr_string &&
812        4 == sscanf(addr_string, "%d.%d.%d.%d", i+0, i+1, i+2, i+3)) {
813        *ip = (i[0] << 24) | (i[1] << 16) | (i[2] << 8) | i[3];
814        return TRUE;
815    } else {
816        return FALSE;
817    }
818}
819
820/*
821 * Called to send data down the raw connection.
822 */
823int x11_send(struct X11Connection *xconn, char *data, int len)
824{
825    if (!xconn)
826        return 0;
827
828    /*
829     * Read the first packet.
830     */
831    while (len > 0 && xconn->data_read < 12)
832        xconn->firstpkt[xconn->data_read++] = (unsigned char) (len--, *data++);
833    if (xconn->data_read < 12)
834        return 0;
835
836    /*
837     * If we have not allocated the auth_protocol and auth_data
838     * strings, do so now.
839     */
840    if (!xconn->auth_protocol) {
841        xconn->auth_plen = GET_16BIT(xconn->firstpkt[0], xconn->firstpkt + 6);
842        xconn->auth_dlen = GET_16BIT(xconn->firstpkt[0], xconn->firstpkt + 8);
843        xconn->auth_psize = (xconn->auth_plen + 3) & ~3;
844        xconn->auth_dsize = (xconn->auth_dlen + 3) & ~3;
845        /* Leave room for a terminating zero, to make our lives easier. */
846        xconn->auth_protocol = snewn(xconn->auth_psize + 1, char);
847        xconn->auth_data = snewn(xconn->auth_dsize, unsigned char);
848    }
849
850    /*
851     * Read the auth_protocol and auth_data strings.
852     */
853    while (len > 0 &&
854           xconn->data_read < 12 + xconn->auth_psize)
855        xconn->auth_protocol[xconn->data_read++ - 12] = (len--, *data++);
856    while (len > 0 &&
857           xconn->data_read < 12 + xconn->auth_psize + xconn->auth_dsize)
858        xconn->auth_data[xconn->data_read++ - 12 -
859                      xconn->auth_psize] = (unsigned char) (len--, *data++);
860    if (xconn->data_read < 12 + xconn->auth_psize + xconn->auth_dsize)
861        return 0;
862
863    /*
864     * If we haven't verified the authorisation, do so now.
865     */
866    if (!xconn->verified) {
867        const char *err;
868        struct X11FakeAuth *auth_matched = NULL;
869        unsigned long peer_ip;
870        int peer_port;
871        int protomajor, protominor;
872        void *greeting;
873        int greeting_len;
874        unsigned char *socketdata;
875        int socketdatalen;
876        char new_peer_addr[32];
877        int new_peer_port;
878
879        protomajor = GET_16BIT(xconn->firstpkt[0], xconn->firstpkt + 2);
880        protominor = GET_16BIT(xconn->firstpkt[0], xconn->firstpkt + 4);
881
882        assert(!xconn->s);
883
884        xconn->auth_protocol[xconn->auth_plen] = '\0';  /* ASCIZ */
885
886        peer_ip = 0;                   /* placate optimiser */
887        if (x11_parse_ip(xconn->peer_addr, &peer_ip))
888            peer_port = xconn->peer_port;
889        else
890            peer_port = -1; /* signal no peer address data available */
891
892        err = x11_verify(peer_ip, peer_port,
893                         xconn->authtree, xconn->auth_protocol,
894                         xconn->auth_data, xconn->auth_dlen, &auth_matched);
895        if (err) {
896            x11_send_init_error(xconn, err);
897            return 0;
898        }
899        assert(auth_matched);
900
901        /*
902         * If this auth points to a connection-sharing downstream
903         * rather than an X display we know how to connect to
904         * directly, pass it off to the sharing module now.
905         */
906        if (auth_matched->share_cs) {
907            sshfwd_x11_sharing_handover(xconn->c, auth_matched->share_cs,
908                                        auth_matched->share_chan,
909                                        xconn->peer_addr, xconn->peer_port,
910                                        xconn->firstpkt[0],
911                                        protomajor, protominor, data, len);
912            return 0;
913        }
914
915        /*
916         * Now we know we're going to accept the connection, and what
917         * X display to connect to. Actually connect to it.
918         */
919        sshfwd_x11_is_local(xconn->c);
920        xconn->disp = auth_matched->disp;
921        xconn->s = new_connection(sk_addr_dup(xconn->disp->addr),
922                                  xconn->disp->realhost, xconn->disp->port, 
923                                  0, 1, 0, 0, (Plug) xconn,
924                                  sshfwd_get_conf(xconn->c));
925        if ((err = sk_socket_error(xconn->s)) != NULL) {
926            char *err_message = dupprintf("unable to connect to"
927                                          " forwarded X server: %s", err);
928            x11_send_init_error(xconn, err_message);
929            sfree(err_message);
930            return 0;
931        }
932
933        /*
934         * Write a new connection header containing our replacement
935         * auth data.
936         */
937
938        socketdata = sk_getxdmdata(xconn->s, &socketdatalen);
939        if (socketdata && socketdatalen==6) {
940            sprintf(new_peer_addr, "%d.%d.%d.%d", socketdata[0],
941                    socketdata[1], socketdata[2], socketdata[3]);
942            new_peer_port = GET_16BIT_MSB_FIRST(socketdata + 4);
943        } else {
944            strcpy(new_peer_addr, "0.0.0.0");
945            new_peer_port = 0;
946        }
947
948        greeting = x11_make_greeting(xconn->firstpkt[0],
949                                     protomajor, protominor,
950                                     xconn->disp->localauthproto,
951                                     xconn->disp->localauthdata,
952                                     xconn->disp->localauthdatalen,
953                                     new_peer_addr, new_peer_port,
954                                     &greeting_len);
955       
956        sk_write(xconn->s, greeting, greeting_len);
957
958        smemclr(greeting, greeting_len);
959        sfree(greeting);
960
961        /*
962         * Now we're done.
963         */
964        xconn->verified = 1;
965    }
966
967    /*
968     * After initialisation, just copy data simply.
969     */
970
971    return sk_write(xconn->s, data, len);
972}
973
974void x11_send_eof(struct X11Connection *xconn)
975{
976    if (xconn->s) {
977        sk_write_eof(xconn->s);
978    } else {
979        /*
980         * If EOF is received from the X client before we've got to
981         * the point of actually connecting to an X server, then we
982         * should send an EOF back to the client so that the
983         * forwarded channel will be terminated.
984         */
985        if (xconn->c)
986            sshfwd_write_eof(xconn->c);
987    }
988}
989
990/*
991 * Utility functions used by connection sharing to convert textual
992 * representations of an X11 auth protocol name + hex cookie into our
993 * usual integer protocol id and binary auth data.
994 */
995int x11_identify_auth_proto(const char *protoname)
996{
997    int protocol;
998
999    for (protocol = 1; protocol < lenof(x11_authnames); protocol++)
1000        if (!strcmp(protoname, x11_authnames[protocol]))
1001            return protocol;
1002    return -1;
1003}
1004
1005void *x11_dehexify(const char *hex, int *outlen)
1006{
1007    int len, i;
1008    unsigned char *ret;
1009
1010    len = strlen(hex) / 2;
1011    ret = snewn(len, unsigned char);
1012
1013    for (i = 0; i < len; i++) {
1014        char bytestr[3];
1015        unsigned val = 0;
1016        bytestr[0] = hex[2*i];
1017        bytestr[1] = hex[2*i+1];
1018        bytestr[2] = '\0';
1019        sscanf(bytestr, "%x", &val);
1020        ret[i] = val;
1021    }
1022
1023    *outlen = len;
1024    return ret;
1025}
1026
1027/*
1028 * Construct an X11 greeting packet, including making up the right
1029 * authorisation data.
1030 */
1031void *x11_make_greeting(int endian, int protomajor, int protominor,
1032                        int auth_proto, const void *auth_data, int auth_len,
1033                        const char *peer_addr, int peer_port,
1034                        int *outlen)
1035{
1036    unsigned char *greeting;
1037    unsigned char realauthdata[64];
1038    const char *authname;
1039    const unsigned char *authdata;
1040    int authnamelen, authnamelen_pad;
1041    int authdatalen, authdatalen_pad;
1042    int greeting_len;
1043
1044    authname = x11_authnames[auth_proto];
1045    authnamelen = strlen(authname);
1046    authnamelen_pad = (authnamelen + 3) & ~3;
1047
1048    if (auth_proto == X11_MIT) {
1049        authdata = auth_data;
1050        authdatalen = auth_len;
1051    } else if (auth_proto == X11_XDM && auth_len == 16) {
1052        time_t t;
1053        unsigned long peer_ip = 0;
1054
1055        x11_parse_ip(peer_addr, &peer_ip);
1056
1057        authdata = realauthdata;
1058        authdatalen = 24;
1059        memset(realauthdata, 0, authdatalen);
1060        memcpy(realauthdata, auth_data, 8);
1061        PUT_32BIT_MSB_FIRST(realauthdata+8, peer_ip);
1062        PUT_16BIT_MSB_FIRST(realauthdata+12, peer_port);
1063        t = time(NULL);
1064        PUT_32BIT_MSB_FIRST(realauthdata+14, t);
1065
1066        des_encrypt_xdmauth((const unsigned char *)auth_data + 9,
1067                            realauthdata, authdatalen);
1068    } else {
1069        authdata = realauthdata;
1070        authdatalen = 0;
1071    }
1072
1073    authdatalen_pad = (authdatalen + 3) & ~3;
1074    greeting_len = 12 + authnamelen_pad + authdatalen_pad;
1075
1076    greeting = snewn(greeting_len, unsigned char);
1077    memset(greeting, 0, greeting_len);
1078    greeting[0] = endian;
1079    PUT_16BIT(endian, greeting+2, protomajor);
1080    PUT_16BIT(endian, greeting+4, protominor);
1081    PUT_16BIT(endian, greeting+6, authnamelen);
1082    PUT_16BIT(endian, greeting+8, authdatalen);
1083    memcpy(greeting+12, authname, authnamelen);
1084    memcpy(greeting+12+authnamelen_pad, authdata, authdatalen);
1085
1086    smemclr(realauthdata, sizeof(realauthdata));
1087
1088    *outlen = greeting_len;
1089    return greeting;
1090}
Note: See TracBrowser for help on using the repository browser.