diff --git a/ssh.c b/ssh.c index d158d53b..d713ccf0 100644 --- a/ssh.c +++ b/ssh.c @@ -312,10 +312,10 @@ enum { PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM }; typedef struct ssh_tag *Ssh; -extern char *x11_init(Socket *, char *, void *); +extern char *x11_init(Socket *, char *, void *, void *); extern void x11_close(Socket); extern int x11_send(Socket, char *, int); -extern void x11_invent_auth(char *, int, char *, int); +extern void *x11_invent_auth(char *, int, char *, int); extern void x11_unthrottle(Socket s); extern void x11_override_throttle(Socket s, int enable); @@ -628,6 +628,8 @@ struct ssh_tag { char *portfwd_strptr; int pkt_ctx; + void *x11auth; + int version; int v1_throttle_count; int overall_bufsize; @@ -3030,7 +3032,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (cfg.x11_forward) { char proto[20], data[64]; logevent("Requesting X11 forwarding"); - x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + ssh->x11auth = x11_invent_auth(proto, sizeof(proto), + data, sizeof(data)); if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) { send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING, PKT_STR, proto, PKT_STR, data, @@ -3273,7 +3276,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) c = smalloc(sizeof(struct ssh_channel)); c->ssh = ssh; - if (x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL) { + if (x11_init(&c->u.x11.s, cfg.x11_display, c, + ssh->x11auth) != NULL) { logevent("opening X11 forward connection failed"); sfree(c); send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE, @@ -5057,7 +5061,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (cfg.x11_forward) { char proto[20], data[64]; logevent("Requesting X11 forwarding"); - x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + ssh->x11auth = x11_invent_auth(proto, sizeof(proto), + data, sizeof(data)); ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST); ssh2_pkt_adduint32(ssh, ssh->mainchan->remoteid); ssh2_pkt_addstring(ssh, "x11-req"); @@ -5703,8 +5708,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (typelen == 3 && !memcmp(type, "x11", 3)) { if (!ssh->X11_fwd_enabled) error = "X11 forwarding is not enabled"; - else if (x11_init(&c->u.x11.s, cfg.x11_display, c) != - NULL) { + else if (x11_init(&c->u.x11.s, cfg.x11_display, c, + ssh->x11auth) != NULL) { error = "Unable to open an X11 connection"; } else { c->type = CHAN_X11; @@ -5869,6 +5874,7 @@ static char *ssh_init(void *frontend_handle, void **backend_handle, ssh->deferred_size = 0; ssh->fallback_cmd = 0; ssh->pkt_ctx = 0; + ssh->x11auth = NULL; ssh->v2_outgoing_sequence = 0; ssh->ssh1_rdpkt_crstate = 0; ssh->ssh2_rdpkt_crstate = 0; diff --git a/x11fwd.c b/x11fwd.c index 6f7be40a..033184b2 100644 --- a/x11fwd.c +++ b/x11fwd.c @@ -51,10 +51,16 @@ #define PUT_16BIT(endian, cp, val) \ (endian=='B' ? PUT_16BIT_MSB_FIRST(cp, val) : PUT_16BIT_LSB_FIRST(cp, val)) +struct X11Auth { + unsigned char data[64]; + int len; +}; + struct X11Private { - struct plug_function_table *fn; + const struct plug_function_table *fn; /* the above variable absolutely *must* be the first in this structure */ unsigned char firstpkt[12]; /* first X data packet */ + struct X11Auth *auth; char *auth_protocol; unsigned char *auth_data; int data_read, auth_plen, auth_psize, auth_dlen, auth_dsize; @@ -66,35 +72,36 @@ struct X11Private { void x11_close(Socket s); -static unsigned char x11_authdata[64]; -static int x11_authdatalen; - -void x11_invent_auth(char *proto, int protomaxlen, +void *x11_invent_auth(char *proto, int protomaxlen, char *data, int datamaxlen) { + struct X11Auth *auth = smalloc(sizeof(struct X11Auth)); char ourdata[64]; int i; /* MIT-MAGIC-COOKIE-1. Cookie size is 128 bits (16 bytes). */ - x11_authdatalen = 16; + auth->len = 16; for (i = 0; i < 16; i++) - x11_authdata[i] = random_byte(); + auth->data[i] = random_byte(); /* Now format for the recipient. */ strncpy(proto, "MIT-MAGIC-COOKIE-1", protomaxlen); ourdata[0] = '\0'; - for (i = 0; i < x11_authdatalen; i++) - sprintf(ourdata + strlen(ourdata), "%02x", x11_authdata[i]); + for (i = 0; i < auth->len; i++) + sprintf(ourdata + strlen(ourdata), "%02x", auth->data[i]); strncpy(data, ourdata, datamaxlen); + + return auth; } -static int x11_verify(char *proto, unsigned char *data, int dlen) +static int x11_verify(struct X11Auth *auth, + char *proto, unsigned char *data, int dlen) { if (strcmp(proto, "MIT-MAGIC-COOKIE-1") != 0) return 0; /* wrong protocol attempted */ - if (dlen != x11_authdatalen) + if (dlen != auth->len) return 0; /* cookie was wrong length */ - if (memcmp(x11_authdata, data, dlen) != 0) + if (memcmp(auth->data, data, dlen) != 0) return 0; /* cookie was wrong cookie! */ return 1; } @@ -139,9 +146,9 @@ static void x11_sent(Plug plug, int bufsize) * Returns an error message, or NULL on success. * also, fills the SocketsStructure */ -char *x11_init(Socket * s, char *display, void *c) +char *x11_init(Socket * s, char *display, void *c, void *auth) { - static struct plug_function_table fn_table = { + static const struct plug_function_table fn_table = { x11_closing, x11_receive, x11_sent, @@ -183,6 +190,7 @@ char *x11_init(Socket * s, char *display, void *c) pr = (struct X11Private *) smalloc(sizeof(struct X11Private)); pr->fn = &fn_table; pr->auth_protocol = NULL; + pr->auth = (struct X11Auth *)auth; pr->verified = 0; pr->data_read = 0; pr->throttled = pr->throttle_override = 0; @@ -287,7 +295,8 @@ int x11_send(Socket s, char *data, int len) int ret; pr->auth_protocol[pr->auth_plen] = '\0'; /* ASCIZ */ - ret = x11_verify(pr->auth_protocol, pr->auth_data, pr->auth_dlen); + ret = x11_verify(pr->auth, pr->auth_protocol, + pr->auth_data, pr->auth_dlen); /* * If authentication failed, construct and send an error