blob: f45a4dc66c568823e79f9ff6d63a1cfee490eb5a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/**************************************************************************/
/* */
/* Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com) */
/* Copyright (c) 2008-2017 Oleksandr Shneyder <o.shneyder@phoca-gmbh.de> */
/* Copyright (c) 2014-2022 Ulrich Sibiller <uli42@gmx.de> */
/* Copyright (c) 2014-2019 Mihai Moldovan <ionic@ionic.de> */
/* Copyright (c) 2011-2022 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>*/
/* Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com) */
/* */
/* NXCOMP, NX protocol compression and NX extensions to this software */
/* are copyright of the aforementioned persons and companies. */
/* */
/* Redistribution and use of the present software is allowed according */
/* to terms specified in the file LICENSE.nxcomp which comes in the */
/* source distribution. */
/* */
/* All rights reserved. */
/* */
/* NOTE: This software has received contributions from various other */
/* contributors, only the core maintainers and supporters are listed as */
/* copyright holders. Please contact us, if you feel you should be listed */
/* as copyright holder, as well. */
/* */
/**************************************************************************/
#ifndef Auth_H
#define Auth_H
#include "Timestamp.h"
//
// Handle the forwarding of authorization credentials
// to the X server by replacing the fake cookie with
// the real cookie as it is read from the auth file.
// At the moment only the MIT-MAGIC-COOKIE-1 cookies
// are recognized. The implementation is based on the
// corresponding code found in the SSH client.
//
class Auth
{
public:
//
// Must be created by passing the fake cookie that
// will be forwarded by the remote end and with the
// real X display that is going to be used for the
// session.
//
Auth(char *display, char *cookie);
~Auth();
int isValid()
{
return (isTimestamp(last_) == 1 && fakeCookie_ != NULL &&
*fakeCookie_ != '\0' && realCookie_ != NULL &&
*realCookie_ != '\0' && fakeData_ != NULL &&
realData_ != NULL && dataSize_ != 0);
}
int isFake() const
{
return generatedCookie_;
}
//
// Method called in the channel class to find if the
// provided cookie matches the fake one. If the data
// matches, the fake cookie is replaced with the real
// one.
//
int checkCookie(unsigned char *buffer);
protected:
//
// Update the real cookie for the display. If called
// a further time, check if the auth file is changed
// and get the new cookie.
//
int updateCookie();
//
// Find out which authorization file is to be used
// and query the cookie for the current display.
//
int getCookie();
//
// Extract the binary data from the cookies so that
// data can be directly compared at the time it is
// taken from the X request.
//
int validateCookie();
//
// Generate a fake random cookie and copy it to the
// provided string.
//
void generateCookie(char *cookie);
private:
char *display_;
char *file_;
T_timestamp last_;
char *fakeCookie_;
char *realCookie_;
char *fakeData_;
char *realData_;
int dataSize_;
int generatedCookie_;
};
#endif /* Auth_H */
|