Cygwin/X: Always use an authorization cookie for internal clients

Don't conditionalize use of an authorization cookie for internal client
threads on XCSECURITY, always use one (this avoids certain problems
with XDMCP setups where the XDMCP host removes localhost from the access
list etc.)

Conditionalize the use of a XCSECURITY authorization descriptor on XCSECURITY

Consolidate the various places where the authorization cookie is set
for internal threads into a new function, winSetAuthorization()

Use authorization cookie for multiwindow WM X message thread as well

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>

1 files changed, 87 insertions, 16 deletions

diff --git a/hw/xwin/winauth.c b/hw/xwin/winauth.c
index b57a35abf..fcd1872da 100644
--- a/hw/xwin/winauth.c
+++ b/hw/xwin/winauth.c
@@ -1,7 +1,3 @@
-#ifdef HAVE_XWIN_CONFIG_H
-#include <xwin-config.h>
-#endif
-#if defined(XCSECURITY)
 /*
  *Copyright (C) 2003-2004 Harold L Hunt II All Rights Reserved.
  *
@@ -32,12 +28,14 @@
  * Authors:	Harold L Hunt II
  */
 
+#ifdef HAVE_XWIN_CONFIG_H
+#include <xwin-config.h>
+#endif
+
 #include "win.h"
 
 /* Includes for authorization */
-#include <X11/Xauth.h>
 #include "securitysrv.h"
-#include <X11/extensions/securstr.h>
 
 
 /*
@@ -48,13 +46,76 @@
 
 
 /*
- * Globals
+ * Locals
+ */
+
+static XID g_authId = 0;
+static unsigned int g_uiAuthDataLen = 0;
+static char *g_pAuthData = NULL;
+
+/*
+ * Code to generate a MIT-MAGIC-COOKIE-1, copied from under XCSECURITY
  */
 
-XID		g_authId = 0;
-unsigned int	g_uiAuthDataLen = 0;
-char		*g_pAuthData = NULL;
+#ifndef XCSECURITY
+static
+void
+GenerateRandomData (int len, char *buf)
+{
+    int fd;
+
+    fd = open("/dev/urandom", O_RDONLY);
+    read(fd, buf, len);
+    close(fd);
+}
+
+
+static char cookie[16]; /* 128 bits */
+
+XID
+static MitGenerateCookie (
+    unsigned	data_length,
+    char	*data,
+    XID		id,
+    unsigned	*data_length_return,
+    char	**data_return)
+{
+    int i = 0;
+    int status;
+
+    while (data_length--)
+    {
+	cookie[i++] += *data++;
+	if (i >= sizeof (cookie)) i = 0;
+    }
+    GenerateRandomData(sizeof (cookie), cookie);
+    status = MitAddCookie(sizeof (cookie), cookie, id);
+    if (!status)
+    {
+	id = -1;
+    }
+    else
+    {
+	*data_return = cookie;
+	*data_length_return = sizeof (cookie);
+    }
+    return id;
+}
 
+static
+XID
+GenerateAuthorization(
+	unsigned name_length,
+	char	*name,
+	unsigned data_length,
+	char	*data,
+	unsigned *data_length_return,
+	char	**data_return)
+{
+    return MitGenerateCookie(data_length, data,
+                             FakeClientID(0), data_length_return, data_return);
+}
+#endif
 
 /*
  * Generate authorization cookie for internal server clients
@@ -78,15 +139,15 @@ winGenerateAuthorization ()
       ErrorF ("winGenerateAuthorization - GenerateAuthorization failed\n");
       goto auth_bailout;
     }
-#if 0
+
   else
     {
-      ErrorF ("winGenerateAuthorization - GenerateAuthorization success!\n"
+      winDebug("winGenerateAuthorization - GenerateAuthorization success!\n"
 	      "AuthDataLen: %d AuthData: %s\n",
 	      g_uiAuthDataLen, g_pAuthData);
     }
-#endif
-  
+
+#ifdef XCSECURITY
   /* Allocate structure for additional auth information */
   pAuth = (SecurityAuthorizationPtr) 
     xalloc (sizeof (SecurityAuthorizationRec));
@@ -119,7 +180,8 @@ winGenerateAuthorization ()
   
   /* Don't free the auth data, since it is still used internally */
   pAuth = NULL;
-  
+#endif
+
   return TRUE;
 
  auth_bailout:
@@ -128,4 +190,13 @@ winGenerateAuthorization ()
   
   return FALSE;
 }
-#endif
+
+/* Use our generated cookie for authentication */
+void
+winSetAuthorization(void)
+{
+  XSetAuthorization (AUTH_NAME,
+		     strlen (AUTH_NAME),
+		     g_pAuthData,
+		     g_uiAuthDataLen);
+}