/* See LICENSE file for copyright and license details. */ #include "common.h" enum { FamilyInternet = 0, FamilyDECnet = 1, FamilyChaos = 2, FamilyInternet6 = 6, FamilyLocal = 256 }; static char * path_in_home(const char *filename) { const char *home; struct passwd *pwd, pwd_buf; size_t buf_size; char *buf, *ret; int r; home = getenv("HOME"); if (!home || !*home) { buf_size = sysconf(_SC_GETPW_R_SIZE_MAX); buf_size = buf_size == -1 ? 16384 : buf_size; buf = alloca(buf_size); r = getpwuid_r(getuid(), &pwd_buf, buf, buf_size, &pwd); if (!pwd) { liberror_save_backtrace(NULL); r = (r == ENOENT || r == ESRCH || r == EBADF || r == EPERM || r == EIO /* glibc bug */) ? 0 : r; if (r) { liberror_set_error_errno(strerror(r), "getpwuid_r", r); } else { liberror_set_error_errno("User does not exist", "getpwuid_r", "libaxl", LIBAXL_ERROR_USER_DOES_NOT_EXIST); } return NULL; } else { home = pwd->pw_dir; if (!home || !*home) { liberror_save_backtrace(NULL); liberror_set_error_errno("User does not have a home", "libaxl_connect", "libaxl", LIBAXL_ERROR_USER_DOES_NOT_HAVE_A_HOME); return NULL; } } } ret = liberror_malloc(strlen(home) + strlen(filename) + 2); if (!ret) return NULL; stpcpy(stpcpy(stpcpy(ret, home), "/"), filename); return ret; } static char * get_auth_file(int *freep) { char *xauthfile = getenv("XAUTHORITY"); if (!xauthfile || !*xauthfile) { xauthfile = path_in_home(".Xauthority"); *freep = 1; } else { *freep = 0; } return xauthfile; } static int next_auth(int authfd, char **authbufp, size_t *bufsizep, size_t *lenp, size_t *havep) { ssize_t r; size_t got = *havep, need = 4; int stage; void *new; *lenp = 0; for (stage = 0; stage < 4; stage++) { while (got < need) { if (need > *bufsizep) { new = liberror_realloc(*authbufp, need); if (!new) return -1; *authbufp = new; *bufsizep = need; } r = read(authfd, &(*authbufp)[got], *bufsizep - got); if (r < 0) { liberror_save_backtrace(NULL); liberror_set_error_errno(strerror(errno), "read", errno); return -1; } else if (!r) { return 0; } got += (size_t)r; } need += (size_t)ntohs(*(uint16_t *)&(*authbufp)[need - 2]) + (stage < 3 ? 2 : 0); } *lenp = need; if (*havep > need) *havep -= need; else *havep = got - need; return 0; } static int get_auth(const char *xauthfile, int sockfd, const char *host, const char *protocol, int display, char **authnamep, size_t *authnamelenp, char **authdatap, size_t *authdatalenp, char **authbufp) { int authfd, family, saved_errno; char hostname[HOST_NAME_MAX + 1], number[2 + 3 * sizeof(int)]; struct sockaddr_storage sockaddr; socklen_t sockaddrlen = (socklen_t)sizeof(sockaddr); size_t bufsize = 128, len, have = 0, off, numberlen, hostnamelen; uint16_t partlen; (void) host; (void) protocol; *authnamep = *authdatap = *authbufp = NULL; *authnamelenp = *authdatalenp = 0; numberlen = (size_t)sprintf(number, "%i", display); if (gethostname(hostname, HOST_NAME_MAX)) stpcpy(hostname, "localhost"); hostnamelen = strlen(hostname); if (getpeername(sockfd, (void *)&sockaddr, &sockaddrlen)) { liberror_save_backtrace(NULL); liberror_set_error_errno(strerror(errno), "getsockname", errno); return -1; } switch (sockaddr.ss_family) { case AF_LOCAL: family = FamilyLocal; break; case AF_INET: family = FamilyInternet; /* TODO */ return 0; case AF_INET6: family = FamilyInternet6; /* TODO */ return 0; default: return 0; } *authbufp = liberror_malloc(bufsize); if (!*authbufp) return -1; authfd = open(xauthfile, O_RDONLY); if (authfd < 0 && errno != ENOENT) { liberror_save_backtrace(NULL); liberror_set_error_errno(strerror(errno), "open", errno); return -1; } else if (authfd < 0) { return 0; } for (;; memmove(*authbufp, &(*authbufp)[len], have)) { if (next_auth(authfd, authbufp, &bufsize, &len, &have)) { liberror_save_backtrace(NULL); liberror_set_error_errno(strerror(errno), "read", errno); saved_errno = errno; close(authfd); errno = saved_errno; return -1; } else if (!len) { break; } if (*(uint16_t *)&(*authbufp)[0] != htons(family)) continue; if (*(uint16_t *)&(*authbufp)[2] != htons((uint16_t)hostnamelen)) continue; if (memcmp(&(*authbufp)[4], hostname, hostnamelen)) continue; off = 4 + (size_t)hostnamelen; partlen = ntohs(*(uint16_t *)&(*authbufp)[off]); off += 2; if (partlen != numberlen) continue; if (memcmp(&(*authbufp)[off], number, numberlen)) continue; off += numberlen; *authnamelenp = (size_t)ntohs(*(uint16_t *)&(*authbufp)[off]); off += 2; *authnamep = &(*authbufp)[off]; off += *authnamelenp; *authdatalenp = (size_t)ntohs(*(uint16_t *)&(*authbufp)[off]); off += 2; *authdatap = &(*authbufp)[off]; break; } close(authfd); return 0; } LIBAXL_CONNECTION * libaxl_connect(const char *restrict display, char **restrict reasonp) { struct liberror_state error_state; LIBAXL_CONNECTION *conn = NULL; LIBAXL_CONTEXT *ctx = NULL; int xauthfile_free = 0, dispnum, screen, major, minor, r; char *xauthfile = NULL, *host = NULL, *protocol = NULL; char *authname = NULL, *authdata = NULL, *authbuf = NULL; size_t authnamelen, authdatalen; int saved_errno = errno; if (reasonp) *reasonp = NULL; r = libaxl_parse_display(display, &host, &protocol, &dispnum, &screen); if (r) goto fail; xauthfile = get_auth_file(&xauthfile_free); if (!xauthfile) goto fail; conn = libaxl_connect_without_handshake(host, protocol, dispnum, screen); if (!conn) goto fail; ctx = libaxl_context_create(conn); if (!ctx) goto fail; if (get_auth(xauthfile, conn->fd, host, protocol, dispnum, &authname, &authnamelen, &authdata, &authdatalen, &authbuf)) goto fail; r = libaxl_send_handshake(ctx, authname, authnamelen, authdata, authdatalen, MSG_NOSIGNAL); if (r) { if (r == LIBAXL_ERROR_SYSTEM && errno == EINPROGRESS) { for (;;) { r = libaxl_flush(conn, MSG_NOSIGNAL); if (r != LIBAXL_ERROR_SYSTEM || errno != EINPROGRESS) break; liberror_pop_error(); } } if (r) goto fail; liberror_pop_error(); } errno = saved_errno; r = libaxl_receive_handshake(ctx, &major, &minor, reasonp, MSG_NOSIGNAL); switch (r) { case LIBAXL_HANDSHAKE_FAILED: /* TODO */ case LIBAXL_HANDSHAKE_AUTHENTICATE: /* TODO */ abort(); break; case LIBAXL_HANDSHAKE_SUCCESS: break; default: goto fail; } if (xauthfile_free) free(xauthfile); libaxl_context_free(ctx); free(authbuf); free(host); free(protocol); return conn; fail: liberror_start(&error_state); if (xauthfile_free) free(xauthfile); free(authbuf); free(host); free(protocol); libaxl_context_free(ctx); libaxl_close(conn); liberror_end(&error_state); return NULL; }