diff options
Diffstat (limited to 'libX11/src/ConnDis.c')
-rw-r--r-- | libX11/src/ConnDis.c | 2505 |
1 files changed, 1251 insertions, 1254 deletions
diff --git a/libX11/src/ConnDis.c b/libX11/src/ConnDis.c index 7fa7998e8..4eb94f34d 100644 --- a/libX11/src/ConnDis.c +++ b/libX11/src/ConnDis.c @@ -1,1254 +1,1251 @@ -/* - -Copyright 1989, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ - -/* - * This file contains operating system dependencies. - */ - -#define NEED_EVENTS - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <X11/Xlibint.h> -#include <X11/Xtrans/Xtrans.h> -#include <X11/Xauth.h> -#ifdef HASXDMAUTH -#include <X11/Xdmcp.h> -#endif -#include <stdio.h> -#include <ctype.h> -#include <unistd.h> - -#if !defined(WIN32) -#ifndef Lynx -#include <sys/socket.h> -#else -#include <socket.h> -#endif -#else -#include <X11/Xwindows.h> -#endif - -#ifndef X_CONNECTION_RETRIES /* number retries on ECONNREFUSED */ -#define X_CONNECTION_RETRIES 5 -#endif - -#include "Xintconn.h" - -/* prototypes */ -static void GetAuthorization( - XtransConnInfo trans_conn, - int family, - char *saddr, - int saddrlen, - int idisplay, - char **auth_namep, - int *auth_namelenp, - char **auth_datap, - int *auth_datalenp); - -/* functions */ -static char *copystring (const char *src, int len) -{ - char *dst = Xmalloc (len + 1); - - if (dst) { - strncpy (dst, src, len); - dst[len] = '\0'; - } - - return dst; -} - -#define Xstrdup(s) copystring(s, strlen(s)) - -#ifdef TCPCONN -# define TCP_TRANS "tcp" -#endif -#ifdef UNIXCONN -# define UNIX_TRANS "unix" -#endif -#if defined(LOCALCONN) || defined(OS2PIPECONN) -# define LOCAL_TRANS "local" -#endif - -/* - * Attempts to connect to server, given display name. Returns file descriptor - * (network socket) or -1 if connection fails. Display names may be of the - * following format: - * - * [protocol/] [hostname] : [:] displaynumber [.screennumber] - * - * A string with exactly two colons seperating hostname from the display - * indicates a DECnet style name. Colons in the hostname may occur if an - * IPv6 numeric address is used as the hostname. An IPv6 numeric address - * may also end in a double colon, so three colons in a row indicates an - * IPv6 address ending in :: followed by :display. To make it easier for - * people to read, an IPv6 numeric address hostname may be surrounded by - * [ ] in a similar fashion to the IPv6 numeric address URL syntax defined - * by IETF RFC 2732. - * - * If no hostname and no protocol is specified, the string is interpreted - * as the most efficient local connection to a server on the same machine. - * This is usually: - * - * o shared memory - * o local stream - * o UNIX domain socket - * o TCP to local host - * - * This function will eventually call the X Transport Interface functions - * which expects the hostname in the format: - * - * [protocol/] [hostname] : [:] displaynumber - * - */ -XtransConnInfo -_X11TransConnectDisplay ( - char *display_name, - char **fullnamep, /* RETURN */ - int *dpynump, /* RETURN */ - int *screenp, /* RETURN */ - char **auth_namep, /* RETURN */ - int *auth_namelenp, /* RETURN */ - char **auth_datap, /* RETURN */ - int *auth_datalenp) /* RETURN */ -{ - int family; - int saddrlen; - Xtransaddr *saddr; - char *lastp, *lastc, *p; /* char pointers */ - char *pprotocol = NULL; /* start of protocol name */ - char *phostname = NULL; /* start of host of display */ - char *pdpynum = NULL; /* start of dpynum of display */ - char *pscrnum = NULL; /* start of screen of display */ - Bool dnet = False; /* if true, then DECnet format */ - int idisplay = 0; /* required display number */ - int iscreen = 0; /* optional screen number */ - /* int (*connfunc)(); */ /* method to create connection */ - int len, hostlen; /* length tmp variable */ - int retry; /* retry counter */ - char addrbuf[128]; /* final address passed to - X Transport Interface */ - char* address = addrbuf; - XtransConnInfo trans_conn = NULL; /* transport connection object */ - int connect_stat; -#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN) - Bool reset_hostname = False; /* Reset hostname? */ - char *original_hostname = NULL; - int local_transport_index = -1; - const char *local_transport[] = { LOCAL_TRANSPORT_LIST, NULL }; -#endif - - p = display_name; - - saddrlen = 0; /* set so that we can clear later */ - saddr = NULL; - - /* - * Step 0, find the protocol. This is delimited by the optional - * slash ('/'). - */ - for (lastp = p; *p && *p != ':' && *p != '/'; p++) ; - if (!*p) return NULL; /* must have a colon */ - - if (p != lastp && *p != ':') { /* protocol given? */ - pprotocol = copystring (lastp, p - lastp); - if (!pprotocol) goto bad; /* no memory */ - p++; /* skip the '/' */ - } else - p = display_name; /* reset the pointer in - case no protocol was given */ - - /* - * Step 1, find the hostname. This is delimited by either one colon, - * or two colons in the case of DECnet (DECnet Phase V allows a single - * colon in the hostname). (See note above regarding IPv6 numeric - * addresses with triple colons or [] brackets.) - */ - - lastp = p; - lastc = NULL; - for (; *p; p++) - if (*p == ':') - lastc = p; - - if (!lastc) return NULL; /* must have a colon */ - - if ((lastp != lastc) && (*(lastc - 1) == ':') -#if defined(IPv6) && defined(AF_INET6) - && ( ((lastc - 1) == lastp) || (*(lastc - 2) != ':')) -#endif - ) { - /* DECnet display specified */ - -#ifndef DNETCONN - goto bad; -#else - dnet = True; - /* override the protocol specified */ - if (pprotocol) - Xfree (pprotocol); - pprotocol = copystring ("dnet", 4); - hostlen = lastc - 1 - lastp; -#endif - } - else - hostlen = lastc - lastp; - - if (hostlen > 0) { /* hostname given? */ - phostname = copystring (lastp, hostlen); - if (!phostname) goto bad; /* no memory */ - } - - p = lastc; - -#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN) - /* check if phostname == localnodename AND protocol not specified */ - if (!pprotocol && phostname) { - char localhostname[256]; - - if ((_XGetHostname (localhostname, sizeof localhostname) > 0) - && (strcmp(phostname, localhostname) == 0)) { - original_hostname = phostname; - phostname = NULL; - reset_hostname = True; - } - } -#endif - - - /* - * Step 2, find the display number. This field is required and is - * delimited either by a nul or a period, depending on whether or not - * a screen number is present. - */ - - for (lastp = ++p; *p && isascii(*p) && isdigit(*p); p++) ; - if ((p == lastp) || /* required field */ - (*p != '\0' && *p != '.') || /* invalid non-digit terminator */ - !(pdpynum = copystring (lastp, p - lastp))) /* no memory */ - goto bad; - idisplay = atoi (pdpynum); - - - /* - * Step 3, find the screen number. This field is optional. It is - * present only if the display number was followed by a period (which - * we've already verified is the only non-nul character). - */ - - if (*p) { - for (lastp = ++p; *p && isascii(*p) && isdigit (*p); p++) ; - if (p != lastp) { - if (*p || /* non-digits */ - !(pscrnum = copystring (lastp, p - lastp))) /* no memory */ - goto bad; - iscreen = atoi (lastp); - } - } - - /* - * At this point, we know the following information: - * - * pprotocol protocol string or NULL - * phostname hostname string or NULL - * idisplay display number - * iscreen screen number - * dnet DECnet boolean - * - * We can now decide which transport to use based on the defined - * connection types and the hostname string. - * If phostname & pprotocol are NULL, then choose the best transport. - * If phostname is "unix" & pprotocol is NULL, then choose UNIX domain - * sockets (if configured). - */ - -#if defined(TCPCONN) || defined(UNIXCONN) || defined(LOCALCONN) || defined(MNX_TCPCONN) || defined(OS2PIPECONN) - if (!pprotocol) { -#if defined(UNIXCONN) - if (phostname && (strcmp (phostname, "unix") == 0)) { - Xfree(pprotocol); - pprotocol = copystring ("unix", 4); - } else -#endif -#ifdef HAVE_LAUNCHD - if (phostname && phostname[0]=='/') { - pprotocol = copystring ("local", 5); - } -#endif - if (!phostname) - { - if (local_transport[0] != NULL) { - pprotocol = Xstrdup(local_transport[0]); - local_transport_index = 0; - } - } - - if (!pprotocol) { /* if still not found one, tcp is our last resort */ - pprotocol = copystring ("tcp", 3); - } - } -#endif - - - connect: - /* - * This seems kind of backwards, but we need to put the protocol, - * host, and port back together to pass to _X11TransOpenCOTSClient(). - */ - - { - int olen = 3 + (pprotocol ? strlen(pprotocol) : 0) + - (phostname ? strlen(phostname) : 0) + - (pdpynum ? strlen(pdpynum) : 0); - if (olen > sizeof addrbuf) address = Xmalloc (olen); - } - if (!address) goto bad; - - sprintf(address,"%s/%s:%d", - pprotocol ? pprotocol : "", - phostname ? phostname : "", - idisplay ); - - /* - * Make the connection, also need to get the auth address info for - * the connection. Do retries in case server host has hit its - * backlog (which, unfortunately, isn't distinguishable from there not - * being a server listening at all, which is why we have to not retry - * too many times). - */ - for(retry=X_CONNECTION_RETRIES; retry>=0; retry-- ) - { - if ( (trans_conn = _X11TransOpenCOTSClient(address)) == NULL ) - { - break; - } - if ((connect_stat = _X11TransConnect(trans_conn,address)) < 0 ) - { - _X11TransClose(trans_conn); - trans_conn = NULL; - - if (connect_stat == TRANS_TRY_CONNECT_AGAIN) - continue; - else - break; - } - - _X11TransGetPeerAddr(trans_conn, &family, &saddrlen, &saddr); - - /* - * The family is given in a socket format (ie AF_INET). This - * will convert it to the format used by the authorization and - * X protocol (ie FamilyInternet). - */ - - if( _X11TransConvertAddress(&family, &saddrlen, &saddr) < 0 ) - { - _X11TransClose(trans_conn); - trans_conn = NULL; - if (saddr) - { - free ((char *) saddr); - saddr = NULL; - } - continue; - } - - break; - } - - if (address != addrbuf) Xfree (address); - address = addrbuf; - - if( trans_conn == NULL ) - goto bad; - - /* - * Set close-on-exec so that programs that fork() doesn't get confused. - */ - - _X11TransSetOption(trans_conn,TRANS_CLOSEONEXEC,1); - - /* - * Build the expanded display name: - * - * [host] : [:] dpy . scr \0 - */ -#if defined(LOCALCONN) || defined(TCPCONN) || defined(UNIXCONN) - /* - * If we computed the host name, get rid of it so that - * XDisplayString() and XDisplayName() agree. - */ - if (reset_hostname && (phostname != original_hostname)) { - Xfree (phostname); - phostname = original_hostname; - original_hostname = NULL; - } -#endif - len = ((phostname ? strlen(phostname) : 0) + 1 + (dnet ? 1 : 0) + - strlen(pdpynum) + 1 + (pscrnum ? strlen(pscrnum) : 1) + 1); - *fullnamep = (char *) Xmalloc (len); - if (!*fullnamep) goto bad; - -#ifdef HAVE_LAUNCHD - if (phostname && strlen(phostname) > 11 && !strncmp(phostname, "/tmp/launch", 11)) - sprintf (*fullnamep, "%s%s%d", - (phostname ? phostname : ""), - (dnet ? "::" : ":"), - idisplay); - else -#endif - sprintf (*fullnamep, "%s%s%d.%d", - (phostname ? phostname : ""), - (dnet ? "::" : ":"), - idisplay, iscreen); - - *dpynump = idisplay; - *screenp = iscreen; - if (pprotocol) Xfree (pprotocol); - if (phostname) Xfree (phostname); - if (pdpynum) Xfree (pdpynum); - if (pscrnum) Xfree (pscrnum); -#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN) - if (original_hostname) Xfree (original_hostname); -#endif - - GetAuthorization(trans_conn, family, (char *) saddr, saddrlen, idisplay, - auth_namep, auth_namelenp, auth_datap, auth_datalenp); - return trans_conn; - - - /* - * error return; make sure everything is cleaned up. - */ - bad: - if (trans_conn) (void)_X11TransClose(trans_conn); - if (saddr) free ((char *) saddr); - if (pprotocol) Xfree (pprotocol); - if (phostname) Xfree (phostname); - if (address && address != addrbuf) { Xfree(address); address = addrbuf; } - -#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN) - /* If connecting to the local machine, and we failed, try again with - * the next transport type available, if there is one. - */ - if (local_transport_index >= 0) { - if (local_transport[++local_transport_index] != NULL) { - pprotocol = Xstrdup(local_transport[local_transport_index]); -#ifdef TCPCONN - if (strcmp(pprotocol, "tcp") == 0) { - if (original_hostname != NULL) { - phostname = original_hostname; - original_hostname = NULL; - } else { - phostname = copystring("localhost", 9); - } - } else -#endif /* TCPCONN */ - { - if ((phostname != NULL) && (original_hostname == NULL)) { - original_hostname = phostname; - } - phostname = NULL; - } - goto connect; - } - } - - /* No more to try, we've failed all available local transports */ - if (original_hostname) Xfree(original_hostname); -#endif /* LOCALCONN || UNIXCONN || TCPCONN */ - - if (pdpynum) Xfree (pdpynum); - if (pscrnum) Xfree (pscrnum); - return NULL; - -} - -/* - * This is gross, but we need it for compatiblity. - * The test suite relies on the following interface. - * - */ - -int _XConnectDisplay ( - char *display_name, - char **fullnamep, /* RETURN */ - int *dpynump, /* RETURN */ - int *screenp, /* RETURN */ - char **auth_namep, /* RETURN */ - int *auth_namelenp, /* RETURN */ - char **auth_datap, /* RETURN */ - int *auth_datalenp) /* RETURN */ -{ - XtransConnInfo trans_conn; - - trans_conn = _X11TransConnectDisplay ( - display_name, fullnamep, dpynump, screenp, - auth_namep, auth_namelenp, auth_datap, auth_datalenp); - - if (trans_conn) - { - int fd = _X11TransGetConnectionNumber (trans_conn); - _X11TransFreeConnInfo (trans_conn); - return (fd); - } - else - return (-1); -} - - -/***************************************************************************** - * * - * Connection Utility Routines * - * * - *****************************************************************************/ - -/* - * Disconnect from server. - */ - -int _XDisconnectDisplay (trans_conn) - -XtransConnInfo trans_conn; - -{ - _X11TransDisconnect(trans_conn); - _X11TransClose(trans_conn); - return 0; -} - - - -Bool -_XSendClientPrefix (dpy, client, auth_proto, auth_string, prefix) - Display *dpy; - xConnClientPrefix *client; /* contains count for auth_* */ - char *auth_proto, *auth_string; /* NOT null-terminated */ - xConnSetupPrefix *prefix; /* prefix information */ -{ - int auth_length = client->nbytesAuthProto; - int auth_strlen = client->nbytesAuthString; - static char padbuf[3]; /* for padding to 4x bytes */ - int pad; - struct iovec iovarray[5], *iov = iovarray; - int niov = 0; - int len = 0; - -#define add_to_iov(b,l) \ - { iov->iov_base = (b); iov->iov_len = (l); iov++, niov++; len += (l); } - - add_to_iov ((caddr_t) client, SIZEOF(xConnClientPrefix)); - - /* - * write authorization protocol name and data - */ - if (auth_length > 0) { - add_to_iov (auth_proto, auth_length); - pad = -auth_length & 3; /* pad auth_length to a multiple of 4 */ - if (pad) add_to_iov (padbuf, pad); - } - if (auth_strlen > 0) { - add_to_iov (auth_string, auth_strlen); - pad = -auth_strlen & 3; /* pad auth_strlen to a multiple of 4 */ - if (pad) add_to_iov (padbuf, pad); - } - -#undef add_to_iov - - len -= _X11TransWritev (dpy->trans_conn, iovarray, niov); - - /* - * Set the connection non-blocking since we use select() to block. - */ - - _X11TransSetOption(dpy->trans_conn, TRANS_NONBLOCKING, 1); - - if (len != 0) - return -1; - -#ifdef K5AUTH - if (auth_length == 14 && - !strncmp(auth_proto, "MIT-KERBEROS-5", 14)) - { - return k5_clientauth(dpy, prefix); - } else -#endif - return 0; -} - - -#ifdef STREAMSCONN -#ifdef SVR4 -#include <tiuser.h> -#else -#undef HASXDMAUTH -#endif -#endif - -#ifdef SECURE_RPC -#include <rpc/rpc.h> -#ifdef ultrix -#include <time.h> -#include <rpc/auth_des.h> -#endif -#endif - -#ifdef HASXDMAUTH -#include <time.h> -#define Time_t time_t -#endif - -/* - * First, a routine for setting authorization data - */ -static int xauth_namelen = 0; -static char *xauth_name = NULL; /* NULL means use default mechanism */ -static int xauth_datalen = 0; -static char *xauth_data = NULL; /* NULL means get default data */ - -/* - * This is a list of the authorization names which Xlib currently supports. - * Xau will choose the file entry which matches the earliest entry in this - * array, allowing us to prioritize these in terms of the most secure first - */ - -static char *default_xauth_names[] = { -#ifdef K5AUTH - "MIT-KERBEROS-5", -#endif -#ifdef SECURE_RPC - "SUN-DES-1", -#endif -#ifdef HASXDMAUTH - "XDM-AUTHORIZATION-1", -#endif - "MIT-MAGIC-COOKIE-1" -}; - -static _Xconst int default_xauth_lengths[] = { -#ifdef K5AUTH - 14, /* strlen ("MIT-KERBEROS-5") */ -#endif -#ifdef SECURE_RPC - 9, /* strlen ("SUN-DES-1") */ -#endif -#ifdef HASXDMAUTH - 19, /* strlen ("XDM-AUTHORIZATION-1") */ -#endif - 18 /* strlen ("MIT-MAGIC-COOKIE-1") */ -}; - -#define NUM_DEFAULT_AUTH (sizeof (default_xauth_names) / sizeof (default_xauth_names[0])) - -static char **xauth_names = default_xauth_names; -static _Xconst int *xauth_lengths = default_xauth_lengths; - -static int xauth_names_length = NUM_DEFAULT_AUTH; - -void XSetAuthorization (name, namelen, data, datalen) - int namelen, datalen; /* lengths of name and data */ - char *name, *data; /* NULL or arbitrary array of bytes */ -{ - char *tmpname, *tmpdata; - - _XLockMutex(_Xglobal_lock); - if (xauth_name) Xfree (xauth_name); /* free any existing data */ - if (xauth_data) Xfree (xauth_data); - - xauth_name = xauth_data = NULL; /* mark it no longer valid */ - xauth_namelen = xauth_datalen = 0; - _XUnlockMutex(_Xglobal_lock); - - if (namelen < 0) namelen = 0; /* check for bogus inputs */ - if (datalen < 0) datalen = 0; /* maybe should return? */ - - if (namelen > 0) { /* try to allocate space */ - tmpname = Xmalloc ((unsigned) namelen); - if (!tmpname) return; - memcpy (tmpname, name, namelen); - } else { - tmpname = NULL; - } - - if (datalen > 0) { - tmpdata = Xmalloc ((unsigned) datalen); - if (!tmpdata) { - if (tmpname) (void) Xfree (tmpname); - return; - } - memcpy (tmpdata, data, datalen); - } else { - tmpdata = NULL; - } - - _XLockMutex(_Xglobal_lock); - xauth_name = tmpname; /* and store the suckers */ - xauth_namelen = namelen; - if (tmpname) - { - xauth_names = &xauth_name; - xauth_lengths = &xauth_namelen; - xauth_names_length = 1; - } - else - { - xauth_names = default_xauth_names; - xauth_lengths = default_xauth_lengths; - xauth_names_length = NUM_DEFAULT_AUTH; - } - xauth_data = tmpdata; - xauth_datalen = datalen; - _XUnlockMutex(_Xglobal_lock); - return; -} - -#ifdef SECURE_RPC -/* - * Create a credential that we can send to the X server. - */ -static int -auth_ezencode( - char *servername, - int window, - char *cred_out, - int *len) -{ - AUTH *a; - XDR xdr; - -#if defined(SVR4) && defined(sun) - a = authdes_seccreate(servername, window, NULL, NULL); -#else - a = (AUTH *)authdes_create(servername, window, NULL, NULL); -#endif - if (a == (AUTH *)NULL) { - perror("auth_create"); - return 0; - } - xdrmem_create(&xdr, cred_out, *len, XDR_ENCODE); - if (AUTH_MARSHALL(a, &xdr) == FALSE) { - perror("auth_marshall"); - AUTH_DESTROY(a); - return 0; - } - *len = xdr_getpos(&xdr); - AUTH_DESTROY(a); - return 1; -} -#endif - -#ifdef K5AUTH -#include <com_err.h> - -extern krb5_flags krb5_kdc_default_options; - -/* - * k5_clientauth - * - * Returns non-zero if the setup prefix has been read, - * so we can tell XOpenDisplay to not bother looking for it by - * itself. - */ -static int k5_clientauth(dpy, sprefix) - Display *dpy; - xConnSetupPrefix *sprefix; -{ - krb5_error_code retval; - xReq prefix; - char *buf; - CARD16 plen, tlen; - krb5_data kbuf; - krb5_ccache cc; - krb5_creds creds; - krb5_principal cprinc, sprinc; - krb5_ap_rep_enc_part *repl; - - krb5_init_ets(); - /* - * stage 0: get encoded principal and tgt from server - */ - _XRead(dpy, (char *)&prefix, sz_xReq); - if (prefix.reqType != 2 && prefix.reqType != 3) - /* not an auth packet... so deal */ - if (prefix.reqType == 0 || prefix.reqType == 1) - { - memcpy((char *)sprefix, (char *)&prefix, sz_xReq); - _XRead(dpy, (char *)sprefix + sz_xReq, - sz_xConnSetupPrefix - sz_xReq); /* ewww... gross */ - return 1; - } - else - { - fprintf(stderr, - "Xlib: Krb5 stage 0: got illegal connection setup success code %d\n", - prefix.reqType); - return -1; - } - if (prefix.data != 0) - { - fprintf(stderr, "Xlib: got out of sequence (%d) packet in Krb5 auth\n", - prefix.data); - return -1; - } - buf = (char *)malloc((prefix.length << 2) - sz_xReq); - if (buf == NULL) /* malloc failed. Run away! */ - { - fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n"); - return -1; - } - tlen = (prefix.length << 2) - sz_xReq; - _XRead(dpy, buf, tlen); - if (prefix.reqType == 2 && tlen < 6) - { - fprintf(stderr, "Xlib: Krb5 stage 0 reply from server too short\n"); - free(buf); - return -1; - } - if (prefix.reqType == 2) - { - plen = *(CARD16 *)buf; - kbuf.data = buf + 2; - kbuf.length = (plen > tlen) ? tlen : plen; - } - else - { - kbuf.data = buf; - kbuf.length = tlen; - } - if (XauKrb5Decode(kbuf, &sprinc)) - { - free(buf); - fprintf(stderr, "Xlib: XauKrb5Decode bombed\n"); - return -1; - } - if (prefix.reqType == 3) /* do some special stuff here */ - { - char *sname, *hostname = NULL; - - sname = (char *)malloc(krb5_princ_component(sprinc, 0)->length + 1); - if (sname == NULL) - { - free(buf); - krb5_free_principal(sprinc); - fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n"); - return -1; - } - memcpy(sname, krb5_princ_component(sprinc, 0)->data, - krb5_princ_component(sprinc, 0)->length); - sname[krb5_princ_component(sprinc, 0)->length] = '\0'; - krb5_free_principal(sprinc); - if (dpy->display_name[0] != ':') /* hunt for a hostname */ - { - char *t; - - if ((hostname = (char *)malloc(strlen(dpy->display_name))) - == NULL) - { - free(buf); - free(sname); - fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n"); - return -1; - } - strcpy(hostname, dpy->display_name); - t = strchr(hostname, ':'); - if (t == NULL) - { - free(buf); - free(sname); - free(hostname); - fprintf(stderr, - "Xlib: shouldn't get here! malformed display name."); - return -1; - } - if ((t - hostname + 1 < strlen(hostname)) && t[1] == ':') - t++; - *t = '\0'; /* truncate the dpy number out */ - } - retval = krb5_sname_to_principal(hostname, sname, - KRB5_NT_SRV_HST, &sprinc); - free(sname); - if (hostname) - free(hostname); - if (retval) - { - free(buf); - fprintf(stderr, "Xlib: krb5_sname_to_principal failed: %s\n", - error_message(retval)); - return -1; - } - } - if (retval = krb5_cc_default(&cc)) - { - free(buf); - krb5_free_principal(sprinc); - fprintf(stderr, "Xlib: krb5_cc_default failed: %s\n", - error_message(retval)); - return -1; - } - if (retval = krb5_cc_get_principal(cc, &cprinc)) - { - free(buf); - krb5_free_principal(sprinc); - fprintf(stderr, "Xlib: cannot get Kerberos principal from \"%s\": %s\n", - krb5_cc_default_name(), error_message(retval)); - return -1; - } - bzero((char *)&creds, sizeof(creds)); - creds.server = sprinc; - creds.client = cprinc; - if (prefix.reqType == 2) - { - creds.second_ticket.length = tlen - plen - 2; - creds.second_ticket.data = buf + 2 + plen; - retval = krb5_get_credentials(KRB5_GC_USER_USER | - krb5_kdc_default_options, - cc, &creds); - } - else - retval = krb5_get_credentials(krb5_kdc_default_options, - cc, &creds); - if (retval) - { - free(buf); - krb5_free_cred_contents(&creds); - fprintf(stderr, "Xlib: cannot get Kerberos credentials: %s\n", - error_message(retval)); - return -1; - } - /* - * now format the ap_req to send to the server - */ - if (prefix.reqType == 2) - retval = krb5_mk_req_extended(AP_OPTS_USE_SESSION_KEY | - AP_OPTS_MUTUAL_REQUIRED, NULL, - 0, 0, NULL, cc, - &creds, NULL, &kbuf); - else - retval = krb5_mk_req_extended(AP_OPTS_MUTUAL_REQUIRED, NULL, - 0, 0, NULL, cc, &creds, NULL, - &kbuf); - free(buf); - if (retval) /* Some manner of Kerberos lossage */ - { - krb5_free_cred_contents(&creds); - fprintf(stderr, "Xlib: krb5_mk_req_extended failed: %s\n", - error_message(retval)); - return -1; - } - prefix.reqType = 1; - prefix.data = 0; - prefix.length = (kbuf.length + sz_xReq + 3) >> 2; - /* - * stage 1: send ap_req to server - */ - _XSend(dpy, (char *)&prefix, sz_xReq); - _XSend(dpy, (char *)kbuf.data, kbuf.length); - free(kbuf.data); - /* - * stage 2: get ap_rep from server to mutually authenticate - */ - _XRead(dpy, (char *)&prefix, sz_xReq); - if (prefix.reqType != 2) - if (prefix.reqType == 0 || prefix.reqType == 1) - { - memcpy((char *)sprefix, (char *)&prefix, sz_xReq); - _XRead(dpy, (char *)sprefix + sz_xReq, - sz_xConnSetupPrefix - sz_xReq); - return 1; - } - else - { - fprintf(stderr, - "Xlib: Krb5 stage 2: got illegal connection setup success code %d\n", - prefix.reqType); - return -1; - } - if (prefix.data != 2) - return -1; - kbuf.length = (prefix.length << 2) - sz_xReq; - kbuf.data = (char *)malloc(kbuf.length); - if (kbuf.data == NULL) - { - fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n"); - return -1; - } - _XRead(dpy, (char *)kbuf.data, kbuf.length); - retval = krb5_rd_rep(&kbuf, &creds.keyblock, &repl); - if (retval) - { - free(kbuf.data); - fprintf(stderr, "Xlib: krb5_rd_rep failed: %s\n", - error_message(retval)); - return -1; - } - free(kbuf.data); - /* - * stage 3: send a short ack to the server and return - */ - prefix.reqType = 3; - prefix.data = 0; - prefix.length = sz_xReq >> 2; - _XSend(dpy, (char *)&prefix, sz_xReq); - return 0; -} -#endif /* K5AUTH */ - -static void -GetAuthorization( - XtransConnInfo trans_conn, - int family, - char *saddr, - int saddrlen, - int idisplay, - char **auth_namep, /* RETURN */ - int *auth_namelenp, /* RETURN */ - char **auth_datap, /* RETURN */ - int *auth_datalenp) /* RETURN */ -{ -#ifdef SECURE_RPC - char rpc_cred[MAX_AUTH_BYTES]; -#endif -#ifdef HASXDMAUTH - unsigned char xdmcp_data[192/8]; -#endif - char *auth_name; - int auth_namelen; - unsigned char *auth_data; - int auth_datalen; - Xauth *authptr = NULL; - -/* - * Look up the authorization protocol name and data if necessary. - */ - if (xauth_name && xauth_data) { - auth_namelen = xauth_namelen; - auth_name = xauth_name; - auth_datalen = xauth_datalen; - auth_data = (unsigned char *) xauth_data; - } else { - char dpynumbuf[40]; /* big enough to hold 2^64 and more */ - (void) sprintf (dpynumbuf, "%d", idisplay); - - authptr = XauGetBestAuthByAddr ((unsigned short) family, - (unsigned short) saddrlen, - saddr, - (unsigned short) strlen (dpynumbuf), - dpynumbuf, - xauth_names_length, - xauth_names, - xauth_lengths); - if (authptr) { - auth_namelen = authptr->name_length; - auth_name = (char *)authptr->name; - auth_datalen = authptr->data_length; - auth_data = (unsigned char *) authptr->data; - } else { - auth_namelen = 0; - auth_name = NULL; - auth_datalen = 0; - auth_data = NULL; - } - } -#ifdef HASXDMAUTH - /* - * build XDM-AUTHORIZATION-1 data - */ - if (auth_namelen == 19 && !strncmp (auth_name, "XDM-AUTHORIZATION-1", 19)) - { - int i, j; - Time_t now; - int family, addrlen; - Xtransaddr *addr = NULL; - - for (j = 0; j < 8; j++) - xdmcp_data[j] = auth_data[j]; - - _X11TransGetMyAddr(trans_conn, &family, &addrlen, &addr); - - switch( family ) - { -#ifdef AF_INET - case AF_INET: - { - /* - * addr will contain a sockaddr_in with all - * of the members already in network byte order. - */ - - for(i=4; i<8; i++) /* do sin_addr */ - xdmcp_data[j++] = ((char *)addr)[i]; - for(i=2; i<4; i++) /* do sin_port */ - xdmcp_data[j++] = ((char *)addr)[i]; - break; - } -#endif /* AF_INET */ -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: - /* XXX This should probably never happen */ - { - unsigned char ipv4mappedprefix[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff }; - - /* In the case of v4 mapped addresses send the v4 - part of the address - addr is already in network byte order */ - if (memcmp((char*)addr+8, ipv4mappedprefix, 12) == 0) { - for (i = 20 ; i < 24; i++) - xdmcp_data[j++] = ((char *)addr)[i]; - - /* Port number */ - for (i=2; i<4; i++) - xdmcp_data[j++] = ((char *)addr)[i]; - } else { - /* Fake data to keep the data aligned. Otherwise the - the server will bail about incorrect timing data */ - for (i = 0; i < 6; i++) { - xdmcp_data[j++] = 0; - } - } - break; - } -#endif /* AF_INET6 */ -#ifdef AF_UNIX - case AF_UNIX: - { - /* - * We don't use the sockaddr_un for this encoding. - * Instead, we create a sockaddr_in filled with - * a decreasing counter for the address, and the - * pid for the port. - */ - - static unsigned long unix_addr = 0xFFFFFFFF; - unsigned long the_addr; - unsigned short the_port; - unsigned long the_utime; - struct timeval tp; - - X_GETTIMEOFDAY(&tp); - _XLockMutex(_Xglobal_lock); - the_addr = unix_addr--; - _XUnlockMutex(_Xglobal_lock); - the_utime = (unsigned long) tp.tv_usec; - the_port = getpid (); - - xdmcp_data[j++] = (the_utime >> 24) & 0xFF; - xdmcp_data[j++] = (the_utime >> 16) & 0xFF; - xdmcp_data[j++] = ((the_utime >> 8) & 0xF0) - | ((the_addr >> 8) & 0x0F); - xdmcp_data[j++] = (the_addr >> 0) & 0xFF; - xdmcp_data[j++] = (the_port >> 8) & 0xFF; - xdmcp_data[j++] = (the_port >> 0) & 0xFF; - break; - } -#endif /* AF_UNIX */ -#ifdef AF_DECnet - case AF_DECnet: - /* - * What is the defined encoding for this? - */ - break; -#endif /* AF_DECnet */ - default: - /* - * Need to return some kind of errro status here. - * maybe a NULL auth?? - */ - break; - } /* switch */ - - if (addr) - free ((char *) addr); - - time (&now); - xdmcp_data[j++] = (now >> 24) & 0xFF; - xdmcp_data[j++] = (now >> 16) & 0xFF; - xdmcp_data[j++] = (now >> 8) & 0xFF; - xdmcp_data[j++] = (now >> 0) & 0xFF; - while (j < 192 / 8) - xdmcp_data[j++] = 0; - _XLockMutex(_Xglobal_lock); - /* this function might use static data, hence the lock around it */ - XdmcpWrap (xdmcp_data, auth_data + 8, - xdmcp_data, j); - _XUnlockMutex(_Xglobal_lock); - auth_data = xdmcp_data; - auth_datalen = j; - } -#endif /* HASXDMAUTH */ -#ifdef SECURE_RPC - /* - * The SUN-DES-1 authorization protocol uses the - * "secure RPC" mechanism in SunOS 4.0+. - */ - if (auth_namelen == 9 && !strncmp(auth_name, "SUN-DES-1", 9)) { - char servernetname[MAXNETNAMELEN + 1]; - - /* - * Copy over the server's netname from the authorization - * data field filled in by XauGetAuthByAddr(). - */ - if (auth_datalen > MAXNETNAMELEN) { - auth_datalen = 0; - auth_data = NULL; - } else { - memcpy(servernetname, auth_data, auth_datalen); - servernetname[auth_datalen] = '\0'; - - auth_datalen = sizeof (rpc_cred); - if (auth_ezencode(servernetname, 100, rpc_cred, - &auth_datalen)) - auth_data = (unsigned char *) rpc_cred; - else { - auth_datalen = 0; - auth_data = NULL; - } - } - } -#endif - if (saddr) free ((char *) saddr); - if ((*auth_namelenp = auth_namelen)) - { - if ((*auth_namep = Xmalloc(auth_namelen))) - memcpy(*auth_namep, auth_name, auth_namelen); - else - *auth_namelenp = 0; - } - else - *auth_namep = NULL; - if ((*auth_datalenp = auth_datalen)) - { - if ((*auth_datap = Xmalloc(auth_datalen))) - memcpy(*auth_datap, auth_data, auth_datalen); - else - *auth_datalenp = 0; - } - else - *auth_datap = NULL; - if (authptr) XauDisposeAuth (authptr); -} +/*
+
+Copyright 1989, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+/*
+ * This file contains operating system dependencies.
+ */
+
+#define NEED_EVENTS
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <X11/Xlibint.h>
+#include <X11/Xtrans/Xtrans.h>
+#include <X11/Xauth.h>
+#ifdef HASXDMAUTH
+#include <X11/Xdmcp.h>
+#endif
+#include <stdio.h>
+#include <ctype.h>
+#include <unistd.h>
+
+#if !defined(WIN32)
+#ifndef Lynx
+#include <sys/socket.h>
+#else
+#include <socket.h>
+#endif
+#else
+#include <X11/Xwindows.h>
+#endif
+
+#ifndef X_CONNECTION_RETRIES /* number retries on ECONNREFUSED */
+#define X_CONNECTION_RETRIES 5
+#endif
+
+#include "Xintconn.h"
+
+/* prototypes */
+static void GetAuthorization(
+ XtransConnInfo trans_conn,
+ int family,
+ char *saddr,
+ int saddrlen,
+ int idisplay,
+ char **auth_namep,
+ int *auth_namelenp,
+ char **auth_datap,
+ int *auth_datalenp);
+
+/* functions */
+static char *copystring (const char *src, int len)
+{
+ char *dst = Xmalloc (len + 1);
+
+ if (dst) {
+ strncpy (dst, src, len);
+ dst[len] = '\0';
+ }
+
+ return dst;
+}
+
+#define Xstrdup(s) copystring(s, strlen(s))
+
+#ifdef TCPCONN
+# define TCP_TRANS "tcp"
+#endif
+#ifdef UNIXCONN
+# define UNIX_TRANS "unix"
+#endif
+#if defined(LOCALCONN) || defined(OS2PIPECONN)
+# define LOCAL_TRANS "local"
+#endif
+
+/*
+ * Attempts to connect to server, given display name. Returns file descriptor
+ * (network socket) or -1 if connection fails. Display names may be of the
+ * following format:
+ *
+ * [protocol/] [hostname] : [:] displaynumber [.screennumber]
+ *
+ * A string with exactly two colons seperating hostname from the display
+ * indicates a DECnet style name. Colons in the hostname may occur if an
+ * IPv6 numeric address is used as the hostname. An IPv6 numeric address
+ * may also end in a double colon, so three colons in a row indicates an
+ * IPv6 address ending in :: followed by :display. To make it easier for
+ * people to read, an IPv6 numeric address hostname may be surrounded by
+ * [ ] in a similar fashion to the IPv6 numeric address URL syntax defined
+ * by IETF RFC 2732.
+ *
+ * If no hostname and no protocol is specified, the string is interpreted
+ * as the most efficient local connection to a server on the same machine.
+ * This is usually:
+ *
+ * o shared memory
+ * o local stream
+ * o UNIX domain socket
+ * o TCP to local host
+ *
+ * This function will eventually call the X Transport Interface functions
+ * which expects the hostname in the format:
+ *
+ * [protocol/] [hostname] : [:] displaynumber
+ *
+ */
+XtransConnInfo
+_X11TransConnectDisplay (
+ char *display_name,
+ char **fullnamep, /* RETURN */
+ int *dpynump, /* RETURN */
+ int *screenp, /* RETURN */
+ char **auth_namep, /* RETURN */
+ int *auth_namelenp, /* RETURN */
+ char **auth_datap, /* RETURN */
+ int *auth_datalenp) /* RETURN */
+{
+ int family;
+ int saddrlen;
+ Xtransaddr *saddr;
+ char *lastp, *lastc, *p; /* char pointers */
+ char *pprotocol = NULL; /* start of protocol name */
+ char *phostname = NULL; /* start of host of display */
+ char *pdpynum = NULL; /* start of dpynum of display */
+ char *pscrnum = NULL; /* start of screen of display */
+ Bool dnet = False; /* if true, then DECnet format */
+ int idisplay = 0; /* required display number */
+ int iscreen = 0; /* optional screen number */
+ /* int (*connfunc)(); */ /* method to create connection */
+ int len, hostlen; /* length tmp variable */
+ int retry; /* retry counter */
+ char addrbuf[128]; /* final address passed to
+ X Transport Interface */
+ char* address = addrbuf;
+ XtransConnInfo trans_conn = NULL; /* transport connection object */
+ int connect_stat;
+#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN)
+ Bool reset_hostname = False; /* Reset hostname? */
+ char *original_hostname = NULL;
+ int local_transport_index = -1;
+ const char *local_transport[] = { LOCAL_TRANSPORT_LIST, NULL };
+#endif
+
+ p = display_name;
+
+ saddrlen = 0; /* set so that we can clear later */
+ saddr = NULL;
+
+ /*
+ * Step 0, find the protocol. This is delimited by the optional
+ * slash ('/').
+ */
+ for (lastp = p; *p && *p != ':' && *p != '/'; p++) ;
+ if (!*p) return NULL; /* must have a colon */
+
+ if (p != lastp && *p != ':') { /* protocol given? */
+ pprotocol = copystring (lastp, p - lastp);
+ if (!pprotocol) goto bad; /* no memory */
+ p++; /* skip the '/' */
+ } else
+ p = display_name; /* reset the pointer in
+ case no protocol was given */
+
+ /*
+ * Step 1, find the hostname. This is delimited by either one colon,
+ * or two colons in the case of DECnet (DECnet Phase V allows a single
+ * colon in the hostname). (See note above regarding IPv6 numeric
+ * addresses with triple colons or [] brackets.)
+ */
+
+ lastp = p;
+ lastc = NULL;
+ for (; *p; p++)
+ if (*p == ':')
+ lastc = p;
+
+ if (!lastc) return NULL; /* must have a colon */
+
+ if ((lastp != lastc) && (*(lastc - 1) == ':')
+#if defined(IPv6) && defined(AF_INET6)
+ && ( ((lastc - 1) == lastp) || (*(lastc - 2) != ':'))
+#endif
+ ) {
+ /* DECnet display specified */
+
+#ifndef DNETCONN
+ goto bad;
+#else
+ dnet = True;
+ /* override the protocol specified */
+ if (pprotocol)
+ Xfree (pprotocol);
+ pprotocol = copystring ("dnet", 4);
+ hostlen = lastc - 1 - lastp;
+#endif
+ }
+ else
+ hostlen = lastc - lastp;
+
+ if (hostlen > 0) { /* hostname given? */
+ phostname = copystring (lastp, hostlen);
+ if (!phostname) goto bad; /* no memory */
+ }
+
+ p = lastc;
+
+#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN)
+ /* check if phostname == localnodename AND protocol not specified */
+ if (!pprotocol && phostname) {
+ char localhostname[256];
+
+ if ((_XGetHostname (localhostname, sizeof localhostname) > 0)
+ && (strcmp(phostname, localhostname) == 0)) {
+ original_hostname = phostname;
+ phostname = NULL;
+ reset_hostname = True;
+ }
+ }
+#endif
+
+
+ /*
+ * Step 2, find the display number. This field is required and is
+ * delimited either by a nul or a period, depending on whether or not
+ * a screen number is present.
+ */
+
+ for (lastp = ++p; *p && isascii(*p) && isdigit(*p); p++) ;
+ if ((p == lastp) || /* required field */
+ (*p != '\0' && *p != '.') || /* invalid non-digit terminator */
+ !(pdpynum = copystring (lastp, p - lastp))) /* no memory */
+ goto bad;
+ idisplay = atoi (pdpynum);
+
+
+ /*
+ * Step 3, find the screen number. This field is optional. It is
+ * present only if the display number was followed by a period (which
+ * we've already verified is the only non-nul character).
+ */
+
+ if (*p) {
+ for (lastp = ++p; *p && isascii(*p) && isdigit (*p); p++) ;
+ if (p != lastp) {
+ if (*p || /* non-digits */
+ !(pscrnum = copystring (lastp, p - lastp))) /* no memory */
+ goto bad;
+ iscreen = atoi (lastp);
+ }
+ }
+
+ /*
+ * At this point, we know the following information:
+ *
+ * pprotocol protocol string or NULL
+ * phostname hostname string or NULL
+ * idisplay display number
+ * iscreen screen number
+ * dnet DECnet boolean
+ *
+ * We can now decide which transport to use based on the defined
+ * connection types and the hostname string.
+ * If phostname & pprotocol are NULL, then choose the best transport.
+ * If phostname is "unix" & pprotocol is NULL, then choose UNIX domain
+ * sockets (if configured).
+ */
+
+#if defined(TCPCONN) || defined(UNIXCONN) || defined(LOCALCONN) || defined(MNX_TCPCONN) || defined(OS2PIPECONN)
+ if (!pprotocol) {
+#if defined(UNIXCONN)
+ if (phostname && (strcmp (phostname, "unix") == 0)) {
+ Xfree(pprotocol);
+ pprotocol = copystring ("unix", 4);
+ } else
+#endif
+#ifdef HAVE_LAUNCHD
+ if (phostname && phostname[0]=='/') {
+ pprotocol = copystring ("local", 5);
+ }
+#endif
+ if (!phostname)
+ {
+ if (local_transport[0] != NULL) {
+ pprotocol = Xstrdup(local_transport[0]);
+ local_transport_index = 0;
+ }
+ }
+
+ if (!pprotocol) { /* if still not found one, tcp is our last resort */
+ pprotocol = copystring ("tcp", 3);
+ }
+ }
+#endif
+
+
+ connect:
+ /*
+ * This seems kind of backwards, but we need to put the protocol,
+ * host, and port back together to pass to _X11TransOpenCOTSClient().
+ */
+
+ {
+ int olen = 3 + (pprotocol ? strlen(pprotocol) : 0) +
+ (phostname ? strlen(phostname) : 0) +
+ (pdpynum ? strlen(pdpynum) : 0);
+ if (olen > sizeof addrbuf) address = Xmalloc (olen);
+ }
+ if (!address) goto bad;
+
+ sprintf(address,"%s/%s:%d",
+ pprotocol ? pprotocol : "",
+ phostname ? phostname : "",
+ idisplay );
+
+ /*
+ * Make the connection, also need to get the auth address info for
+ * the connection. Do retries in case server host has hit its
+ * backlog (which, unfortunately, isn't distinguishable from there not
+ * being a server listening at all, which is why we have to not retry
+ * too many times).
+ */
+ for(retry=X_CONNECTION_RETRIES; retry>=0; retry-- )
+ {
+ if ( (trans_conn = _X11TransOpenCOTSClient(address)) == NULL )
+ {
+ break;
+ }
+ if ((connect_stat = _X11TransConnect(trans_conn,address)) < 0 )
+ {
+ _X11TransClose(trans_conn);
+ trans_conn = NULL;
+
+ if (connect_stat == TRANS_TRY_CONNECT_AGAIN)
+ continue;
+ else
+ break;
+ }
+
+ _X11TransGetPeerAddr(trans_conn, &family, &saddrlen, &saddr);
+
+ /*
+ * The family is given in a socket format (ie AF_INET). This
+ * will convert it to the format used by the authorization and
+ * X protocol (ie FamilyInternet).
+ */
+
+ if( _X11TransConvertAddress(&family, &saddrlen, &saddr) < 0 )
+ {
+ _X11TransClose(trans_conn);
+ trans_conn = NULL;
+ if (saddr)
+ {
+ free ((char *) saddr);
+ saddr = NULL;
+ }
+ continue;
+ }
+
+ break;
+ }
+
+ if (address != addrbuf) Xfree (address);
+ address = addrbuf;
+
+ if( trans_conn == NULL )
+ goto bad;
+
+ /*
+ * Set close-on-exec so that programs that fork() doesn't get confused.
+ */
+
+ _X11TransSetOption(trans_conn,TRANS_CLOSEONEXEC,1);
+
+ /*
+ * Build the expanded display name:
+ *
+ * [host] : [:] dpy . scr \0
+ */
+#if defined(LOCALCONN) || defined(TCPCONN) || defined(UNIXCONN)
+ /*
+ * If we computed the host name, get rid of it so that
+ * XDisplayString() and XDisplayName() agree.
+ */
+ if (reset_hostname && (phostname != original_hostname)) {
+ Xfree (phostname);
+ phostname = original_hostname;
+ original_hostname = NULL;
+ }
+#endif
+ len = ((phostname ? strlen(phostname) : 0) + 1 + (dnet ? 1 : 0) +
+ strlen(pdpynum) + 1 + (pscrnum ? strlen(pscrnum) : 1) + 1);
+ *fullnamep = (char *) Xmalloc (len);
+ if (!*fullnamep) goto bad;
+
+#ifdef HAVE_LAUNCHD
+ if (phostname && strlen(phostname) > 11 && !strncmp(phostname, "/tmp/launch", 11))
+ sprintf (*fullnamep, "%s%s%d",
+ (phostname ? phostname : ""),
+ (dnet ? "::" : ":"),
+ idisplay);
+ else
+#endif
+ sprintf (*fullnamep, "%s%s%d.%d",
+ (phostname ? phostname : ""),
+ (dnet ? "::" : ":"),
+ idisplay, iscreen);
+
+ *dpynump = idisplay;
+ *screenp = iscreen;
+ if (pprotocol) Xfree (pprotocol);
+ if (phostname) Xfree (phostname);
+ if (pdpynum) Xfree (pdpynum);
+ if (pscrnum) Xfree (pscrnum);
+#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN)
+ if (original_hostname) Xfree (original_hostname);
+#endif
+
+ GetAuthorization(trans_conn, family, (char *) saddr, saddrlen, idisplay,
+ auth_namep, auth_namelenp, auth_datap, auth_datalenp);
+ return trans_conn;
+
+
+ /*
+ * error return; make sure everything is cleaned up.
+ */
+ bad:
+ if (trans_conn) (void)_X11TransClose(trans_conn);
+ if (saddr) free ((char *) saddr);
+ if (pprotocol) Xfree (pprotocol);
+ if (phostname) Xfree (phostname);
+ if (address && address != addrbuf) { Xfree(address); address = addrbuf; }
+
+#if defined(LOCALCONN) || defined(UNIXCONN) || defined(TCPCONN)
+ /* If connecting to the local machine, and we failed, try again with
+ * the next transport type available, if there is one.
+ */
+ if (local_transport_index >= 0) {
+ if (local_transport[++local_transport_index] != NULL) {
+ pprotocol = Xstrdup(local_transport[local_transport_index]);
+#ifdef TCPCONN
+ if (strcmp(pprotocol, "tcp") == 0) {
+ if (original_hostname != NULL) {
+ phostname = original_hostname;
+ original_hostname = NULL;
+ } else {
+ phostname = copystring("localhost", 9);
+ }
+ } else
+#endif /* TCPCONN */
+ {
+ if ((phostname != NULL) && (original_hostname == NULL)) {
+ original_hostname = phostname;
+ }
+ phostname = NULL;
+ }
+ goto connect;
+ }
+ }
+
+ /* No more to try, we've failed all available local transports */
+ if (original_hostname) Xfree(original_hostname);
+#endif /* LOCALCONN || UNIXCONN || TCPCONN */
+
+ if (pdpynum) Xfree (pdpynum);
+ if (pscrnum) Xfree (pscrnum);
+ return NULL;
+
+}
+
+/*
+ * This is gross, but we need it for compatiblity.
+ * The test suite relies on the following interface.
+ *
+ */
+
+int _XConnectDisplay (
+ char *display_name,
+ char **fullnamep, /* RETURN */
+ int *dpynump, /* RETURN */
+ int *screenp, /* RETURN */
+ char **auth_namep, /* RETURN */
+ int *auth_namelenp, /* RETURN */
+ char **auth_datap, /* RETURN */
+ int *auth_datalenp) /* RETURN */
+{
+ XtransConnInfo trans_conn;
+
+ trans_conn = _X11TransConnectDisplay (
+ display_name, fullnamep, dpynump, screenp,
+ auth_namep, auth_namelenp, auth_datap, auth_datalenp);
+
+ if (trans_conn)
+ {
+ int fd = _X11TransGetConnectionNumber (trans_conn);
+ _X11TransFreeConnInfo (trans_conn);
+ return (fd);
+ }
+ else
+ return (-1);
+}
+
+
+/*****************************************************************************
+ * *
+ * Connection Utility Routines *
+ * *
+ *****************************************************************************/
+
+/*
+ * Disconnect from server.
+ */
+
+int _XDisconnectDisplay (XtransConnInfo trans_conn)
+{
+ _X11TransDisconnect(trans_conn);
+ _X11TransClose(trans_conn);
+ return 0;
+}
+
+
+
+Bool
+_XSendClientPrefix(
+ Display *dpy,
+ xConnClientPrefix *client, /* contains count for auth_* */
+ char *auth_proto, char *auth_string, /* NOT null-terminated */
+ xConnSetupPrefix *prefix) /* prefix information */
+{
+ int auth_length = client->nbytesAuthProto;
+ int auth_strlen = client->nbytesAuthString;
+ static char padbuf[3]; /* for padding to 4x bytes */
+ int pad;
+ struct iovec iovarray[5], *iov = iovarray;
+ int niov = 0;
+ int len = 0;
+
+#define add_to_iov(b,l) \
+ { iov->iov_base = (b); iov->iov_len = (l); iov++, niov++; len += (l); }
+
+ add_to_iov ((caddr_t) client, SIZEOF(xConnClientPrefix));
+
+ /*
+ * write authorization protocol name and data
+ */
+ if (auth_length > 0) {
+ add_to_iov (auth_proto, auth_length);
+ pad = -auth_length & 3; /* pad auth_length to a multiple of 4 */
+ if (pad) add_to_iov (padbuf, pad);
+ }
+ if (auth_strlen > 0) {
+ add_to_iov (auth_string, auth_strlen);
+ pad = -auth_strlen & 3; /* pad auth_strlen to a multiple of 4 */
+ if (pad) add_to_iov (padbuf, pad);
+ }
+
+#undef add_to_iov
+
+ len -= _X11TransWritev (dpy->trans_conn, iovarray, niov);
+
+ /*
+ * Set the connection non-blocking since we use select() to block.
+ */
+
+ _X11TransSetOption(dpy->trans_conn, TRANS_NONBLOCKING, 1);
+
+ if (len != 0)
+ return -1;
+
+#ifdef K5AUTH
+ if (auth_length == 14 &&
+ !strncmp(auth_proto, "MIT-KERBEROS-5", 14))
+ {
+ return k5_clientauth(dpy, prefix);
+ } else
+#endif
+ return 0;
+}
+
+
+#ifdef STREAMSCONN
+#ifdef SVR4
+#include <tiuser.h>
+#else
+#undef HASXDMAUTH
+#endif
+#endif
+
+#ifdef SECURE_RPC
+#include <rpc/rpc.h>
+#ifdef ultrix
+#include <time.h>
+#include <rpc/auth_des.h>
+#endif
+#endif
+
+#ifdef HASXDMAUTH
+#include <time.h>
+#define Time_t time_t
+#endif
+
+/*
+ * First, a routine for setting authorization data
+ */
+static int xauth_namelen = 0;
+static char *xauth_name = NULL; /* NULL means use default mechanism */
+static int xauth_datalen = 0;
+static char *xauth_data = NULL; /* NULL means get default data */
+
+/*
+ * This is a list of the authorization names which Xlib currently supports.
+ * Xau will choose the file entry which matches the earliest entry in this
+ * array, allowing us to prioritize these in terms of the most secure first
+ */
+
+static char *default_xauth_names[] = {
+#ifdef K5AUTH
+ "MIT-KERBEROS-5",
+#endif
+#ifdef SECURE_RPC
+ "SUN-DES-1",
+#endif
+#ifdef HASXDMAUTH
+ "XDM-AUTHORIZATION-1",
+#endif
+ "MIT-MAGIC-COOKIE-1"
+};
+
+static _Xconst int default_xauth_lengths[] = {
+#ifdef K5AUTH
+ 14, /* strlen ("MIT-KERBEROS-5") */
+#endif
+#ifdef SECURE_RPC
+ 9, /* strlen ("SUN-DES-1") */
+#endif
+#ifdef HASXDMAUTH
+ 19, /* strlen ("XDM-AUTHORIZATION-1") */
+#endif
+ 18 /* strlen ("MIT-MAGIC-COOKIE-1") */
+};
+
+#define NUM_DEFAULT_AUTH (sizeof (default_xauth_names) / sizeof (default_xauth_names[0]))
+
+static char **xauth_names = default_xauth_names;
+static _Xconst int *xauth_lengths = default_xauth_lengths;
+
+static int xauth_names_length = NUM_DEFAULT_AUTH;
+
+void XSetAuthorization (
+ char *name, int namelen, /* *len are lengths of name and data */
+ char *data, int datalen) /* name/data are NULL or arbitrary array of bytes */
+{
+ char *tmpname, *tmpdata;
+
+ _XLockMutex(_Xglobal_lock);
+ if (xauth_name) Xfree (xauth_name); /* free any existing data */
+ if (xauth_data) Xfree (xauth_data);
+
+ xauth_name = xauth_data = NULL; /* mark it no longer valid */
+ xauth_namelen = xauth_datalen = 0;
+ _XUnlockMutex(_Xglobal_lock);
+
+ if (namelen < 0) namelen = 0; /* check for bogus inputs */
+ if (datalen < 0) datalen = 0; /* maybe should return? */
+
+ if (namelen > 0) { /* try to allocate space */
+ tmpname = Xmalloc ((unsigned) namelen);
+ if (!tmpname) return;
+ memcpy (tmpname, name, namelen);
+ } else {
+ tmpname = NULL;
+ }
+
+ if (datalen > 0) {
+ tmpdata = Xmalloc ((unsigned) datalen);
+ if (!tmpdata) {
+ if (tmpname) (void) Xfree (tmpname);
+ return;
+ }
+ memcpy (tmpdata, data, datalen);
+ } else {
+ tmpdata = NULL;
+ }
+
+ _XLockMutex(_Xglobal_lock);
+ xauth_name = tmpname; /* and store the suckers */
+ xauth_namelen = namelen;
+ if (tmpname)
+ {
+ xauth_names = &xauth_name;
+ xauth_lengths = &xauth_namelen;
+ xauth_names_length = 1;
+ }
+ else
+ {
+ xauth_names = default_xauth_names;
+ xauth_lengths = default_xauth_lengths;
+ xauth_names_length = NUM_DEFAULT_AUTH;
+ }
+ xauth_data = tmpdata;
+ xauth_datalen = datalen;
+ _XUnlockMutex(_Xglobal_lock);
+ return;
+}
+
+#ifdef SECURE_RPC
+/*
+ * Create a credential that we can send to the X server.
+ */
+static int
+auth_ezencode(
+ char *servername,
+ int window,
+ char *cred_out,
+ int *len)
+{
+ AUTH *a;
+ XDR xdr;
+
+#if defined(SVR4) && defined(sun)
+ a = authdes_seccreate(servername, window, NULL, NULL);
+#else
+ a = (AUTH *)authdes_create(servername, window, NULL, NULL);
+#endif
+ if (a == (AUTH *)NULL) {
+ perror("auth_create");
+ return 0;
+ }
+ xdrmem_create(&xdr, cred_out, *len, XDR_ENCODE);
+ if (AUTH_MARSHALL(a, &xdr) == FALSE) {
+ perror("auth_marshall");
+ AUTH_DESTROY(a);
+ return 0;
+ }
+ *len = xdr_getpos(&xdr);
+ AUTH_DESTROY(a);
+ return 1;
+}
+#endif
+
+#ifdef K5AUTH
+#include <com_err.h>
+
+extern krb5_flags krb5_kdc_default_options;
+
+/*
+ * k5_clientauth
+ *
+ * Returns non-zero if the setup prefix has been read,
+ * so we can tell XOpenDisplay to not bother looking for it by
+ * itself.
+ */
+static int k5_clientauth(dpy, sprefix)
+ Display *dpy;
+ xConnSetupPrefix *sprefix;
+{
+ krb5_error_code retval;
+ xReq prefix;
+ char *buf;
+ CARD16 plen, tlen;
+ krb5_data kbuf;
+ krb5_ccache cc;
+ krb5_creds creds;
+ krb5_principal cprinc, sprinc;
+ krb5_ap_rep_enc_part *repl;
+
+ krb5_init_ets();
+ /*
+ * stage 0: get encoded principal and tgt from server
+ */
+ _XRead(dpy, (char *)&prefix, sz_xReq);
+ if (prefix.reqType != 2 && prefix.reqType != 3)
+ /* not an auth packet... so deal */
+ if (prefix.reqType == 0 || prefix.reqType == 1)
+ {
+ memcpy((char *)sprefix, (char *)&prefix, sz_xReq);
+ _XRead(dpy, (char *)sprefix + sz_xReq,
+ sz_xConnSetupPrefix - sz_xReq); /* ewww... gross */
+ return 1;
+ }
+ else
+ {
+ fprintf(stderr,
+ "Xlib: Krb5 stage 0: got illegal connection setup success code %d\n",
+ prefix.reqType);
+ return -1;
+ }
+ if (prefix.data != 0)
+ {
+ fprintf(stderr, "Xlib: got out of sequence (%d) packet in Krb5 auth\n",
+ prefix.data);
+ return -1;
+ }
+ buf = (char *)malloc((prefix.length << 2) - sz_xReq);
+ if (buf == NULL) /* malloc failed. Run away! */
+ {
+ fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n");
+ return -1;
+ }
+ tlen = (prefix.length << 2) - sz_xReq;
+ _XRead(dpy, buf, tlen);
+ if (prefix.reqType == 2 && tlen < 6)
+ {
+ fprintf(stderr, "Xlib: Krb5 stage 0 reply from server too short\n");
+ free(buf);
+ return -1;
+ }
+ if (prefix.reqType == 2)
+ {
+ plen = *(CARD16 *)buf;
+ kbuf.data = buf + 2;
+ kbuf.length = (plen > tlen) ? tlen : plen;
+ }
+ else
+ {
+ kbuf.data = buf;
+ kbuf.length = tlen;
+ }
+ if (XauKrb5Decode(kbuf, &sprinc))
+ {
+ free(buf);
+ fprintf(stderr, "Xlib: XauKrb5Decode bombed\n");
+ return -1;
+ }
+ if (prefix.reqType == 3) /* do some special stuff here */
+ {
+ char *sname, *hostname = NULL;
+
+ sname = (char *)malloc(krb5_princ_component(sprinc, 0)->length + 1);
+ if (sname == NULL)
+ {
+ free(buf);
+ krb5_free_principal(sprinc);
+ fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n");
+ return -1;
+ }
+ memcpy(sname, krb5_princ_component(sprinc, 0)->data,
+ krb5_princ_component(sprinc, 0)->length);
+ sname[krb5_princ_component(sprinc, 0)->length] = '\0';
+ krb5_free_principal(sprinc);
+ if (dpy->display_name[0] != ':') /* hunt for a hostname */
+ {
+ char *t;
+
+ if ((hostname = (char *)malloc(strlen(dpy->display_name)))
+ == NULL)
+ {
+ free(buf);
+ free(sname);
+ fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n");
+ return -1;
+ }
+ strcpy(hostname, dpy->display_name);
+ t = strchr(hostname, ':');
+ if (t == NULL)
+ {
+ free(buf);
+ free(sname);
+ free(hostname);
+ fprintf(stderr,
+ "Xlib: shouldn't get here! malformed display name.");
+ return -1;
+ }
+ if ((t - hostname + 1 < strlen(hostname)) && t[1] == ':')
+ t++;
+ *t = '\0'; /* truncate the dpy number out */
+ }
+ retval = krb5_sname_to_principal(hostname, sname,
+ KRB5_NT_SRV_HST, &sprinc);
+ free(sname);
+ if (hostname)
+ free(hostname);
+ if (retval)
+ {
+ free(buf);
+ fprintf(stderr, "Xlib: krb5_sname_to_principal failed: %s\n",
+ error_message(retval));
+ return -1;
+ }
+ }
+ if (retval = krb5_cc_default(&cc))
+ {
+ free(buf);
+ krb5_free_principal(sprinc);
+ fprintf(stderr, "Xlib: krb5_cc_default failed: %s\n",
+ error_message(retval));
+ return -1;
+ }
+ if (retval = krb5_cc_get_principal(cc, &cprinc))
+ {
+ free(buf);
+ krb5_free_principal(sprinc);
+ fprintf(stderr, "Xlib: cannot get Kerberos principal from \"%s\": %s\n",
+ krb5_cc_default_name(), error_message(retval));
+ return -1;
+ }
+ bzero((char *)&creds, sizeof(creds));
+ creds.server = sprinc;
+ creds.client = cprinc;
+ if (prefix.reqType == 2)
+ {
+ creds.second_ticket.length = tlen - plen - 2;
+ creds.second_ticket.data = buf + 2 + plen;
+ retval = krb5_get_credentials(KRB5_GC_USER_USER |
+ krb5_kdc_default_options,
+ cc, &creds);
+ }
+ else
+ retval = krb5_get_credentials(krb5_kdc_default_options,
+ cc, &creds);
+ if (retval)
+ {
+ free(buf);
+ krb5_free_cred_contents(&creds);
+ fprintf(stderr, "Xlib: cannot get Kerberos credentials: %s\n",
+ error_message(retval));
+ return -1;
+ }
+ /*
+ * now format the ap_req to send to the server
+ */
+ if (prefix.reqType == 2)
+ retval = krb5_mk_req_extended(AP_OPTS_USE_SESSION_KEY |
+ AP_OPTS_MUTUAL_REQUIRED, NULL,
+ 0, 0, NULL, cc,
+ &creds, NULL, &kbuf);
+ else
+ retval = krb5_mk_req_extended(AP_OPTS_MUTUAL_REQUIRED, NULL,
+ 0, 0, NULL, cc, &creds, NULL,
+ &kbuf);
+ free(buf);
+ if (retval) /* Some manner of Kerberos lossage */
+ {
+ krb5_free_cred_contents(&creds);
+ fprintf(stderr, "Xlib: krb5_mk_req_extended failed: %s\n",
+ error_message(retval));
+ return -1;
+ }
+ prefix.reqType = 1;
+ prefix.data = 0;
+ prefix.length = (kbuf.length + sz_xReq + 3) >> 2;
+ /*
+ * stage 1: send ap_req to server
+ */
+ _XSend(dpy, (char *)&prefix, sz_xReq);
+ _XSend(dpy, (char *)kbuf.data, kbuf.length);
+ free(kbuf.data);
+ /*
+ * stage 2: get ap_rep from server to mutually authenticate
+ */
+ _XRead(dpy, (char *)&prefix, sz_xReq);
+ if (prefix.reqType != 2)
+ if (prefix.reqType == 0 || prefix.reqType == 1)
+ {
+ memcpy((char *)sprefix, (char *)&prefix, sz_xReq);
+ _XRead(dpy, (char *)sprefix + sz_xReq,
+ sz_xConnSetupPrefix - sz_xReq);
+ return 1;
+ }
+ else
+ {
+ fprintf(stderr,
+ "Xlib: Krb5 stage 2: got illegal connection setup success code %d\n",
+ prefix.reqType);
+ return -1;
+ }
+ if (prefix.data != 2)
+ return -1;
+ kbuf.length = (prefix.length << 2) - sz_xReq;
+ kbuf.data = (char *)malloc(kbuf.length);
+ if (kbuf.data == NULL)
+ {
+ fprintf(stderr, "Xlib: malloc bombed in Krb5 auth\n");
+ return -1;
+ }
+ _XRead(dpy, (char *)kbuf.data, kbuf.length);
+ retval = krb5_rd_rep(&kbuf, &creds.keyblock, &repl);
+ if (retval)
+ {
+ free(kbuf.data);
+ fprintf(stderr, "Xlib: krb5_rd_rep failed: %s\n",
+ error_message(retval));
+ return -1;
+ }
+ free(kbuf.data);
+ /*
+ * stage 3: send a short ack to the server and return
+ */
+ prefix.reqType = 3;
+ prefix.data = 0;
+ prefix.length = sz_xReq >> 2;
+ _XSend(dpy, (char *)&prefix, sz_xReq);
+ return 0;
+}
+#endif /* K5AUTH */
+
+static void
+GetAuthorization(
+ XtransConnInfo trans_conn,
+ int family,
+ char *saddr,
+ int saddrlen,
+ int idisplay,
+ char **auth_namep, /* RETURN */
+ int *auth_namelenp, /* RETURN */
+ char **auth_datap, /* RETURN */
+ int *auth_datalenp) /* RETURN */
+{
+#ifdef SECURE_RPC
+ char rpc_cred[MAX_AUTH_BYTES];
+#endif
+#ifdef HASXDMAUTH
+ unsigned char xdmcp_data[192/8];
+#endif
+ char *auth_name;
+ int auth_namelen;
+ unsigned char *auth_data;
+ int auth_datalen;
+ Xauth *authptr = NULL;
+
+/*
+ * Look up the authorization protocol name and data if necessary.
+ */
+ if (xauth_name && xauth_data) {
+ auth_namelen = xauth_namelen;
+ auth_name = xauth_name;
+ auth_datalen = xauth_datalen;
+ auth_data = (unsigned char *) xauth_data;
+ } else {
+ char dpynumbuf[40]; /* big enough to hold 2^64 and more */
+ (void) sprintf (dpynumbuf, "%d", idisplay);
+
+ authptr = XauGetBestAuthByAddr ((unsigned short) family,
+ (unsigned short) saddrlen,
+ saddr,
+ (unsigned short) strlen (dpynumbuf),
+ dpynumbuf,
+ xauth_names_length,
+ xauth_names,
+ xauth_lengths);
+ if (authptr) {
+ auth_namelen = authptr->name_length;
+ auth_name = (char *)authptr->name;
+ auth_datalen = authptr->data_length;
+ auth_data = (unsigned char *) authptr->data;
+ } else {
+ auth_namelen = 0;
+ auth_name = NULL;
+ auth_datalen = 0;
+ auth_data = NULL;
+ }
+ }
+#ifdef HASXDMAUTH
+ /*
+ * build XDM-AUTHORIZATION-1 data
+ */
+ if (auth_namelen == 19 && !strncmp (auth_name, "XDM-AUTHORIZATION-1", 19))
+ {
+ int i, j;
+ Time_t now;
+ int family, addrlen;
+ Xtransaddr *addr = NULL;
+
+ for (j = 0; j < 8; j++)
+ xdmcp_data[j] = auth_data[j];
+
+ _X11TransGetMyAddr(trans_conn, &family, &addrlen, &addr);
+
+ switch( family )
+ {
+#ifdef AF_INET
+ case AF_INET:
+ {
+ /*
+ * addr will contain a sockaddr_in with all
+ * of the members already in network byte order.
+ */
+
+ for(i=4; i<8; i++) /* do sin_addr */
+ xdmcp_data[j++] = ((char *)addr)[i];
+ for(i=2; i<4; i++) /* do sin_port */
+ xdmcp_data[j++] = ((char *)addr)[i];
+ break;
+ }
+#endif /* AF_INET */
+#if defined(IPv6) && defined(AF_INET6)
+ case AF_INET6:
+ /* XXX This should probably never happen */
+ {
+ unsigned char ipv4mappedprefix[] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff };
+
+ /* In the case of v4 mapped addresses send the v4
+ part of the address - addr is already in network byte order */
+ if (memcmp((char*)addr+8, ipv4mappedprefix, 12) == 0) {
+ for (i = 20 ; i < 24; i++)
+ xdmcp_data[j++] = ((char *)addr)[i];
+
+ /* Port number */
+ for (i=2; i<4; i++)
+ xdmcp_data[j++] = ((char *)addr)[i];
+ } else {
+ /* Fake data to keep the data aligned. Otherwise the
+ the server will bail about incorrect timing data */
+ for (i = 0; i < 6; i++) {
+ xdmcp_data[j++] = 0;
+ }
+ }
+ break;
+ }
+#endif /* AF_INET6 */
+#ifdef AF_UNIX
+ case AF_UNIX:
+ {
+ /*
+ * We don't use the sockaddr_un for this encoding.
+ * Instead, we create a sockaddr_in filled with
+ * a decreasing counter for the address, and the
+ * pid for the port.
+ */
+
+ static unsigned long unix_addr = 0xFFFFFFFF;
+ unsigned long the_addr;
+ unsigned short the_port;
+ unsigned long the_utime;
+ struct timeval tp;
+
+ X_GETTIMEOFDAY(&tp);
+ _XLockMutex(_Xglobal_lock);
+ the_addr = unix_addr--;
+ _XUnlockMutex(_Xglobal_lock);
+ the_utime = (unsigned long) tp.tv_usec;
+ the_port = getpid ();
+
+ xdmcp_data[j++] = (the_utime >> 24) & 0xFF;
+ xdmcp_data[j++] = (the_utime >> 16) & 0xFF;
+ xdmcp_data[j++] = ((the_utime >> 8) & 0xF0)
+ | ((the_addr >> 8) & 0x0F);
+ xdmcp_data[j++] = (the_addr >> 0) & 0xFF;
+ xdmcp_data[j++] = (the_port >> 8) & 0xFF;
+ xdmcp_data[j++] = (the_port >> 0) & 0xFF;
+ break;
+ }
+#endif /* AF_UNIX */
+#ifdef AF_DECnet
+ case AF_DECnet:
+ /*
+ * What is the defined encoding for this?
+ */
+ break;
+#endif /* AF_DECnet */
+ default:
+ /*
+ * Need to return some kind of errro status here.
+ * maybe a NULL auth??
+ */
+ break;
+ } /* switch */
+
+ if (addr)
+ free ((char *) addr);
+
+ time (&now);
+ xdmcp_data[j++] = (now >> 24) & 0xFF;
+ xdmcp_data[j++] = (now >> 16) & 0xFF;
+ xdmcp_data[j++] = (now >> 8) & 0xFF;
+ xdmcp_data[j++] = (now >> 0) & 0xFF;
+ while (j < 192 / 8)
+ xdmcp_data[j++] = 0;
+ _XLockMutex(_Xglobal_lock);
+ /* this function might use static data, hence the lock around it */
+ XdmcpWrap (xdmcp_data, auth_data + 8,
+ xdmcp_data, j);
+ _XUnlockMutex(_Xglobal_lock);
+ auth_data = xdmcp_data;
+ auth_datalen = j;
+ }
+#endif /* HASXDMAUTH */
+#ifdef SECURE_RPC
+ /*
+ * The SUN-DES-1 authorization protocol uses the
+ * "secure RPC" mechanism in SunOS 4.0+.
+ */
+ if (auth_namelen == 9 && !strncmp(auth_name, "SUN-DES-1", 9)) {
+ char servernetname[MAXNETNAMELEN + 1];
+
+ /*
+ * Copy over the server's netname from the authorization
+ * data field filled in by XauGetAuthByAddr().
+ */
+ if (auth_datalen > MAXNETNAMELEN) {
+ auth_datalen = 0;
+ auth_data = NULL;
+ } else {
+ memcpy(servernetname, auth_data, auth_datalen);
+ servernetname[auth_datalen] = '\0';
+
+ auth_datalen = sizeof (rpc_cred);
+ if (auth_ezencode(servernetname, 100, rpc_cred,
+ &auth_datalen))
+ auth_data = (unsigned char *) rpc_cred;
+ else {
+ auth_datalen = 0;
+ auth_data = NULL;
+ }
+ }
+ }
+#endif
+ if (saddr) free ((char *) saddr);
+ if ((*auth_namelenp = auth_namelen))
+ {
+ if ((*auth_namep = Xmalloc(auth_namelen)))
+ memcpy(*auth_namep, auth_name, auth_namelen);
+ else
+ *auth_namelenp = 0;
+ }
+ else
+ *auth_namep = NULL;
+ if ((*auth_datalenp = auth_datalen))
+ {
+ if ((*auth_datap = Xmalloc(auth_datalen)))
+ memcpy(*auth_datap, auth_data, auth_datalen);
+ else
+ *auth_datalenp = 0;
+ }
+ else
+ *auth_datap = NULL;
+ if (authptr) XauDisposeAuth (authptr);
+}
|