1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
putty-source/unix/x11.c

225 lines
6.2 KiB
C
Raw Normal View History

/*
* x11.c: fetch local auth data for X forwarding.
*/
#include <ctype.h>
#include <unistd.h>
#include <assert.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "putty.h"
#include "ssh.h"
#include "network.h"
Post-release destabilisation! Completely remove the struct type 'Config' in putty.h, which stores all PuTTY's settings and includes an arbitrary length limit on every single one of those settings which is stored in string form. In place of it is 'Conf', an opaque data type everywhere outside the new file conf.c, which stores a list of (key, value) pairs in which every key contains an integer identifying a configuration setting, and for some of those integers the key also contains extra parts (so that, for instance, CONF_environmt is a string-to-string mapping). Everywhere that a Config was previously used, a Conf is now; everywhere there was a Config structure copy, conf_copy() is called; every lookup, adjustment, load and save operation on a Config has been rewritten; and there's a mechanism for serialising a Conf into a binary blob and back for use with Duplicate Session. User-visible effects of this change _should_ be minimal, though I don't doubt I've introduced one or two bugs here and there which will eventually be found. The _intended_ visible effects of this change are that all arbitrary limits on configuration strings and lists (e.g. limit on number of port forwardings) should now disappear; that list boxes in the configuration will now be displayed in a sorted order rather than the arbitrary order in which they were added to the list (since the underlying data structure is now a sorted tree234 rather than an ad-hoc comma-separated string); and one more specific change, which is that local and dynamic port forwardings on the same port number are now mutually exclusive in the configuration (putting 'D' in the key rather than the value was a mistake in the first place). One other reorganisation as a result of this is that I've moved all the dialog.c standard handlers (dlg_stdeditbox_handler and friends) out into config.c, because I can't really justify calling them generic any more. When they took a pointer to an arbitrary structure type and the offset of a field within that structure, they were independent of whether that structure was a Config or something completely different, but now they really do expect to talk to a Conf, which can _only_ be used for PuTTY configuration, so I've renamed them all things like conf_editbox_handler and moved them out of the nominally independent dialog-box management module into the PuTTY-specific config.c. [originally from svn r9214]
2011-07-14 18:52:21 +00:00
void platform_get_x11_auth(struct X11Display *disp, Conf *conf)
{
char *xauthfile;
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
bool needs_free;
/*
* Find the .Xauthority file.
*/
needs_free = false;
xauthfile = getenv("XAUTHORITY");
if (!xauthfile) {
xauthfile = getenv("HOME");
if (xauthfile) {
xauthfile = dupcat(xauthfile, "/.Xauthority");
needs_free = true;
}
}
if (xauthfile) {
Filename *xauthfn = filename_from_str(xauthfile);
if (needs_free)
sfree(xauthfile);
x11_get_auth_from_authfile(disp, xauthfn);
filename_free(xauthfn);
}
}
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
const bool platform_uses_x11_unix_by_default = true;
int platform_make_x11_server(Plug *plug, const char *progname, int mindisp,
const char *screen_number_suffix,
ptrlen authproto, ptrlen authdata,
Socket **sockets, Conf *conf)
{
char *tmpdir;
char *authfilename = NULL;
strbuf *authfiledata = NULL;
char *unix_path = NULL;
SockAddr *a_tcp = NULL, *a_unix = NULL;
int authfd;
FILE *authfp;
int displayno;
authfiledata = strbuf_new_nm();
int nsockets = 0;
/*
* Look for a free TCP port to run our server on.
*/
for (displayno = mindisp;; displayno++) {
const char *err;
int tcp_port = displayno + 6000;
int addrtype = ADDRTYPE_IPV4;
sockets[nsockets] = new_listener(
NULL, tcp_port, plug, false, conf, addrtype);
err = sk_socket_error(sockets[nsockets]);
if (!err) {
char *hostname = get_hostname();
if (hostname) {
char *canonicalname = NULL;
a_tcp = sk_namelookup(hostname, &canonicalname, addrtype);
sfree(canonicalname);
}
sfree(hostname);
nsockets++;
break; /* success! */
} else {
sk_close(sockets[nsockets]);
}
/*
* If we weren't able to bind to this port because it's in use
* by another program, go round this loop and try again. But
* for any other reason, give up completely and return failure
* to our caller.
*
* sk_socket_error currently has no machine-readable component
* (it would need a cross-platform abstraction of the socket
* error types we care about, plus translation from each OS
* error enumeration into that). So we use the disgusting
* approach of a string compare between the error string and
* the one EADDRINUSE would have given :-(
*/
if (strcmp(err, strerror(EADDRINUSE)))
goto out;
}
if (a_tcp) {
x11_format_auth_for_authfile(
BinarySink_UPCAST(authfiledata),
a_tcp, displayno, authproto, authdata);
}
/*
* Try to establish the Unix-domain analogue. That may or may not
* work - file permissions in /tmp may prevent it, for example -
* but it's worth a try, and we don't consider it a fatal error if
* it doesn't work.
*/
unix_path = dupprintf("/tmp/.X11-unix/X%d", displayno);
a_unix = unix_sock_addr(unix_path);
sockets[nsockets] = new_unix_listener(a_unix, plug);
if (!sk_socket_error(sockets[nsockets])) {
x11_format_auth_for_authfile(
BinarySink_UPCAST(authfiledata),
a_unix, displayno, authproto, authdata);
nsockets++;
} else {
sk_close(sockets[nsockets]);
sfree(unix_path);
unix_path = NULL;
}
/*
* Decide where the authority data will be written.
*/
tmpdir = getenv("TMPDIR");
if (!tmpdir || !*tmpdir)
tmpdir = "/tmp";
authfilename = dupcat(tmpdir, "/", progname, "-Xauthority-XXXXXX");
{
int oldumask = umask(077);
authfd = mkstemp(authfilename);
umask(oldumask);
}
if (authfd < 0) {
while (nsockets-- > 0)
sk_close(sockets[nsockets]);
goto out;
}
/*
* Spawn a subprocess which will try to reliably delete our
* auth file when we terminate, in case we die unexpectedly.
*/
{
int cleanup_pipe[2];
pid_t pid;
/* Don't worry if pipe or fork fails; it's not _that_ critical. */
if (!pipe(cleanup_pipe)) {
if ((pid = fork()) == 0) {
int buf[1024];
/*
* Our parent process holds the writing end of
* this pipe, and writes nothing to it. Hence,
* we expect read() to return EOF as soon as
* that process terminates.
*/
close(0);
close(1);
close(2);
setpgid(0, 0);
close(cleanup_pipe[1]);
close(authfd);
while (read(cleanup_pipe[0], buf, sizeof(buf)) > 0);
unlink(authfilename);
if (unix_path)
unlink(unix_path);
_exit(0);
} else if (pid < 0) {
close(cleanup_pipe[0]);
close(cleanup_pipe[1]);
} else {
close(cleanup_pipe[0]);
cloexec(cleanup_pipe[1]);
}
}
}
authfp = fdopen(authfd, "wb");
fwrite(authfiledata->u, 1, authfiledata->len, authfp);
fclose(authfp);
{
char *display = dupprintf(":%d%s", displayno, screen_number_suffix);
conf_set_str_str(conf, CONF_environmt, "DISPLAY", display);
sfree(display);
}
conf_set_str_str(conf, CONF_environmt, "XAUTHORITY", authfilename);
/*
* FIXME: return at least the DISPLAY and XAUTHORITY env settings,
* and perhaps also the display number
*/
out:
if (a_tcp)
sk_addr_free(a_tcp);
/* a_unix doesn't need freeing, because new_unix_listener took it over */
sfree(authfilename);
strbuf_free(authfiledata);
sfree(unix_path);
return nsockets;
}