aboutsummaryrefslogtreecommitdiff
path: root/doc/nx-X11_vs_XOrg69_patches/auth.c.NX.patch
diff options
context:
space:
mode:
Diffstat (limited to 'doc/nx-X11_vs_XOrg69_patches/auth.c.NX.patch')
-rw-r--r--doc/nx-X11_vs_XOrg69_patches/auth.c.NX.patch271
1 files changed, 271 insertions, 0 deletions
diff --git a/doc/nx-X11_vs_XOrg69_patches/auth.c.NX.patch b/doc/nx-X11_vs_XOrg69_patches/auth.c.NX.patch
new file mode 100644
index 000000000..d7549c487
--- /dev/null
+++ b/doc/nx-X11_vs_XOrg69_patches/auth.c.NX.patch
@@ -0,0 +1,271 @@
+--- ./nx-X11/programs/Xserver/os/auth.c.X.original 2015-02-13 14:03:44.788440645 +0100
++++ ./nx-X11/programs/Xserver/os/auth.c 2015-02-10 19:13:13.452699065 +0100
+@@ -28,6 +28,23 @@
+ */
+ /* $XFree86: auth.c,v 1.13 2003/04/27 21:31:08 herrb Exp $ */
+
++/**************************************************************************/
++/* */
++/* Copyright (c) 2001, 2011 NoMachine, http://www.nomachine.com/. */
++/* */
++/* NX-X11, NX protocol compression and NX extensions to this software */
++/* are copyright of NoMachine. Redistribution and use of the present */
++/* software is allowed according to terms specified in the file LICENSE */
++/* which comes in the source distribution. */
++/* */
++/* Check http://www.nomachine.com/licensing.html for applicability. */
++/* */
++/* NX and NoMachine are trademarks of Medialogic S.p.A. */
++/* */
++/* All rights reserved. */
++/* */
++/**************************************************************************/
++
+ /*
+ * authorization hooks for the server
+ * Author: Keith Packard, MIT X Consortium
+@@ -129,7 +146,24 @@
+ void
+ InitAuthorization (char *file_name)
+ {
++#ifdef __sun
++ char * envBuffer;
++#endif
+ authorization_file = file_name;
++#ifdef NX_TRANS_AUTH
++#ifdef NX_TRANS_TEST
++ fprintf(stderr, "InitAuthorization: Going to propagate auth file '%s' to the environment.\n",
++ authorization_file);
++#endif
++#ifdef __sun
++ envBuffer = malloc(15+strlen(authorization_file));
++ sprintf(envBuffer,"NX_XAUTHORITY=%s",authorization_file);
++ putenv(envBuffer);
++#else
++ setenv("NX_XAUTHORITY", authorization_file, 1);
++#endif
++#endif
++
+ }
+
+ static int
+@@ -144,6 +178,68 @@
+ if (!authorization_file)
+ return 0;
+
++#ifdef NX_TRANS_AUTH
++
++ /*
++ * We think that the way LoadAuthorization() is working is wrong.
++ * It doesn't reset the list of stored authorizations before reading
++ * the new cookies. Our take is that if a new auth file is to be
++ * read, the only cookies that are to be accepted are those that are
++ * in the new file, not those in the file -plus- those that have
++ * been in the file in the past. Furthermore, if the list can't be
++ * read or it is empty, it should assume that it ignores which co-
++ * okies are valid and thus it should disable any access. Your mile-
++ * age can vary. A less draconian approach could be to leave the old
++ * cookies if the file can't be read and remove them only if the
++ * file is empty.
++ *
++ * Adding the cookies without removing the old values for the same
++ * protocol has an important implication. If an user shares the co-
++ * okie with somebody and later wants to revoke the access to the
++ * display, changing the cookie will not work. This is especially
++ * important with NX. For security reasons, after reconnecting the
++ * session to a different display, it is advisable to generate a
++ * new set of cookies, but doing that it is useless with the current
++ * code, as the old cookies are going to be still accepted. On the
++ * same topic, consider that once an user has got access to the X
++ * server, he/she can freely enable host authentication from any
++ * host, so the safe behaviour should be to reset the host based
++ * authenthication at least at reconnection, and keep as valid only
++ * the cookies that are actually in the file. This behaviour would
++ * surely break many applications, among them a SSH connection run
++ * inside a NX session, as ssh -X reads the cookie for the display
++ * only at session startup and does not read the cookies again
++ * when the auth file is changed.
++ *
++ * Another bug (or feature, depending on how you want to consider
++ * it) is that if the authority file contains entries for different
++ * displays (as it is the norm when the authority file is the default
++ * .Xauthority in the user's home), the server will match -any- of
++ * the cookies, even cookies that are not for its own display. This
++ * means that you have be careful when passing an authority file to
++ * nxagent or Xnest and maybe keep separate files for letting nxagent
++ * find the cookie to be used to connect to the remote display and
++ * for letting it find what cookies to accept. If the file is the
++ * same, clients will be able to connect to nxagent with both the
++ * cookies.
++ */
++
++#ifdef NX_TRANS_AUTH_RESET
++
++ #ifdef NX_TRANS_TEST
++ fprintf(stderr, "LoadAuthorization: Resetting authorization info.\n");
++ #endif
++
++ for (i = 0; i < NUM_AUTHORIZATION; i++) {
++ if (protocols[i].Reset) {
++ (*protocols[i].Reset) ();
++ }
++ }
++
++#endif
++
++#endif /* #ifdef NX_TRANS_AUTH */
++
+ f = Fopen (authorization_file, "r");
+ if (!f)
+ return -1;
+@@ -154,6 +250,14 @@
+ memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
+ protocols[i].Add)
+ {
++#ifdef NX_TRANS_AUTH
++
++ #ifdef NX_TRANS_TEST
++ fprintf(stderr, "LoadAuthorization: Adding new record from file [%s].\n",
++ authorization_file);
++ #endif
++
++#endif
+ ++count;
+ (*protocols[i].Add) (auth->data_length, auth->data,
+ FakeClientID(0));
+@@ -162,7 +266,46 @@
+ XauDisposeAuth (auth);
+ }
+
++#ifdef NX_TRANS_AUTH
++
++ if (count == 0)
++ {
++ fprintf(stderr, "Warning: No authorization record could be read from file '%s'.\n",
++ authorization_file);
++
++ fprintf(stderr, "Warning: Please, create a valid authorization cookie using the command\n"
++ "Warning: 'xauth -f %s add <display> MIT-MAGIC-COOKIE-1 <cookie>'.\n",
++ authorization_file);
++ }
++
++#endif
++
++#ifdef NX_TRANS_AUTH
++ if (Fclose (f) != 0)
++ {
++ /*
++ * If the Fclose() fails, for example because of a signal,
++ * it's advisable to return the number of protocols read,
++ * if any, or otherwise the server would believe that no
++ * cookie is valid and eventually fall back to host based
++ * authentication. Note anyway that the new code in Check-
++ * Authorization() doesn't care the return value and gives
++ * a chance to the function to check the file at the next
++ * connection.
++ */
++
++ if (count > 0)
++ {
++ return count;
++ }
++ else
++ {
++ return -1;
++ }
++ }
++#else
+ Fclose (f);
++#endif
+ return count;
+ }
+
+@@ -194,7 +337,10 @@
+ int i;
+ struct stat buf;
+ static time_t lastmod = 0;
++
++ #ifndef NX_TRANS_AUTH
+ static Bool loaded = FALSE;
++ #endif
+
+ if (!authorization_file || stat(authorization_file, &buf))
+ {
+@@ -225,7 +371,67 @@
+ * entries for this server), and reloading it later fails, don't
+ * change anything. (loadauth == -1 && loaded)
+ */
+-
++
++#ifdef NX_TRANS_AUTH
++
++ /*
++ * The implementation of CheckAuthorization() was changed. The way
++ * the auth file was handled previously was questionable and could
++ * open the way to a vast array of security problems. There might be
++ * ways for an attacker to prevent the server from reading the file
++ * and it was enough for the server to fail reading the file once
++ * (because of a not blocked signal, for example) to leave the dis-
++ * play open to all the users running a session on the same terminal
++ * server.
++ *
++ * In NX we want to have only two cases: either we have to check an
++ * authorization file or we don't. In the first case we need to do our
++ * best to read the file at any new client access and never fall back
++ * to host based authentication. Falling back to local host access has
++ * no way back, as it will always take precedence over the auth cookie
++ * (unless the user explicitly disables, one by one, all the rules
++ * allowing local access, if and only if he/she becomes aware of the
++ * problem). In the second case we assume that user doesn't care secu-
++ * rity and so allow unrestricted access from the local machine.
++ */
++
++ #ifdef NX_TRANS_TEST
++ fprintf(stderr, "CheckAuthorization: Going to set authorization with loadauth [%d].\n",
++ loadauth);
++ #endif
++
++ if (authorization_file)
++ {
++ #ifdef NX_TRANS_TEST
++ fprintf(stderr, "CheckAuthorization: Disabling local host access.\n");
++ #endif
++
++ DisableLocalHost();
++ }
++ else
++ {
++ /*
++ * Enable host-based authentication only if
++ * the authorization file was not specified
++ * either on the command line or in the env-
++ * ironment.
++ */
++
++ #ifdef NX_TRANS_TEST
++ fprintf(stderr, "CheckAuthorization: Enabling local host access.\n");
++ #endif
++
++ EnableLocalHost();
++ }
++
++ /*
++ * Avoid the 'unused variable' warning.
++ */
++
++ loadauth = loadauth;
++
++#else /* #ifdef NX_TRANS_AUTH */
++
+ if (loadauth > 0)
+ {
+ DisableLocalHost(); /* got at least one */
+@@ -233,6 +439,8 @@
+ }
+ else if (loadauth == 0 || !loaded)
+ EnableLocalHost ();
++
++#endif /* #ifdef NX_TRANS_AUTH */
+ }
+ if (name_length) {
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 16:52:37 +0000