<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2014-10-18 5:17 GMT-03:00 Uli Schlachter <span dir="ltr"><<a href="mailto:psychon@znc.in" target="_blank">psychon@znc.in</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi,<br>
<br>
typo in the subject: funcTion<br></blockquote><div><br></div><div>Fixed. Thanks!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
I have not much clue about X11 authentication. Could someone else comment on the<br>
idea behind this patch?<br>
<br>
Am 17.10.2014 um 20:23 schrieb Laércio de Sousa:<br>
<div><div class="h5">> This patch introduces a function called xcb_connect_with_auth_file(),<br>
> which is similar to xcb_connect_to_display_with_auth_info(), but expects<br>
> an authorization file path rather than a xcb_auth_info_t struct.<br>
><br>
> Signed-off-by: Laércio de Sousa <<a href="mailto:laerciosousa@sme-mogidascruzes.sp.gov.br">laerciosousa@sme-mogidascruzes.sp.gov.br</a>><br>
> ---<br>
> src/xcb.h | 21 +++++++++++++++++++++<br>
> src/xcb_auth.c | 15 +++++++++++++--<br>
> src/xcb_util.c | 27 ++++++++++++++++++++-------<br>
> src/xcbint.h | 2 +-<br>
> 4 files changed, 55 insertions(+), 10 deletions(-)<br>
><br>
> diff --git a/src/xcb.h b/src/xcb.h<br>
> index 23fe74e..0314ce5 100644<br>
> --- a/src/xcb.h<br>
> +++ b/src/xcb.h<br>
> @@ -535,6 +535,27 @@ int xcb_parse_display(const char *name, char **host, int *display, int *screen);<br>
> xcb_connection_t *xcb_connect(const char *displayname, int *screenp);<br>
><br>
> /**<br>
> + * @brief Connects to the X server, using and authorization file.<br>
> + * @param displayname: The name of the display.<br>
> + * @param authfile: The authorization file path.<br>
> + * @param screenp: A pointer to a preferred screen number.<br>
> + * @return A newly allocated xcb_connection_t structure.<br>
> + *<br>
> + * Connects to the X server specified by @p displayname, using the<br>
> + * authorization file @p authfile. If @p authfile value @c NULL, uses<br>
> + * the value of the XAUTHORITY environment variable. If a particular<br>
> + * screen on that server is preferred, the int pointed to by @p screenp<br>
> + * (if not @c NULL) will be set to that screen; otherwise @p screenp<br>
> + * will be set to 0.<br>
> + *<br>
> + * Always returns a non-NULL pointer to a xcb_connection_t, even on failure.<br>
> + * Callers need to use xcb_connection_has_error() to check for failure.<br>
> + * When finished, use xcb_disconnect() to close the connection and free<br>
> + * the structure.<br>
> + */<br>
> +xcb_connection_t *xcb_connect_with_auth_file(const char *displayname, const char *authfile, int *screenp);<br>
> +<br>
> +/**<br>
> * @brief Connects to the X server, using an authorization information.<br>
> * @param display: The name of the display.<br>
> * @param auth: The authorization information.<br>
> diff --git a/src/xcb_auth.c b/src/xcb_auth.c<br>
> index 29e2b6f..284a582 100644<br>
> --- a/src/xcb_auth.c<br>
> +++ b/src/xcb_auth.c<br>
> @@ -34,6 +34,7 @@<br>
> #include <sys/param.h><br>
> #include <unistd.h><br>
> #include <stdlib.h><br>
> +#include <stdio.h><br>
><br>
> #ifdef __INTERIX<br>
> /* _don't_ ask. interix has INADDR_LOOPBACK in here. */<br>
> @@ -309,7 +310,7 @@ static struct sockaddr *get_peer_sock_name(int (*socket_func)(int,<br>
> return NULL;<br>
> }<br>
><br>
> -int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display)<br>
> +int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display, const char *authfile)<br>
> {<br>
> /* code adapted from Xlib/ConnDis.c, xtrans/Xtranssocket.c,<br>
> xtrans/Xtransutils.c */<br>
> @@ -334,7 +335,17 @@ int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display)<br>
> gotsockname = 1;<br>
> }<br>
><br>
> - authptr = get_authptr(sockname, display);<br>
> + if (authfile) {<br>
> + FILE *f = fopen(authfile, "r");<br>
> +<br>
> + if (f) {<br>
<br>
</div></div>Instead of ignoring errors, shouldn't this return an error connection to the<br>
caller?<br>
<br>
> + authptr = XauReadAuth(f);<br>
<br>
Ok, now I actually googled this code and the man page says:<br>
<br>
XauReadAuth reads the next entry from auth_file. The entry is not<br>
statically allocated and should be freed by calling XauDisposeAuth.<br>
<br>
I have no clue about Xau, but the part that says "the next entry" makes me think<br>
that this code doesn't actually work well. And yeah, "xauth list" in a terminal<br>
obviously indicates that an XAUTHORITY file can contain multiple<br>
authentications. Your code will only use the first one.<br></blockquote><div><br></div><div>I'm thinking about this. libxcb currently calls XauGetBestAuthByAddr(), which calls XauReadAuth() on the file name returned by XauFileName() --- namely, the value of XAUTHORITY environment variable or ~/.Xauthority. Maybe the best option would be patching libXau so we can pass explicitly a file name path to XauGetBestAuthByAddr() --- if none is passed, get one by calling XauFileName().</div><div><br></div><div>I'm affraid all this is becoming too complex. Maybe I should just give up and call setenv("XAUTHORITY", ...) from my client application before calling xcb_connect(). My main motivation for proposing this patch is about symmetry: if I can call xcb_connect() with an explicit display number --- instead of calling setenv("DISPLAY", ...) and then xcb_connect(NULL,...) --- shouldn't I be able to do the same with the authorization file?</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div class="h5">
> + fclose(f);<br>
> + }<br>
> + }<br>
> + else<br>
> + authptr = get_authptr(sockname, display);<br>
> +<br>
> if (authptr == 0)<br>
> {<br>
> free(sockname);<br>
> diff --git a/src/xcb_util.c b/src/xcb_util.c<br>
> index ba0f108..aafb73d 100644<br>
> --- a/src/xcb_util.c<br>
> +++ b/src/xcb_util.c<br>
> @@ -475,12 +475,10 @@ static int _xcb_open_abstract(char *protocol, const char *file, size_t filelen)<br>
> }<br>
> #endif<br>
><br>
> -xcb_connection_t *xcb_connect(const char *displayname, int *screenp)<br>
> -{<br>
> - return xcb_connect_to_display_with_auth_info(displayname, NULL, screenp);<br>
> -}<br>
> -<br>
> -xcb_connection_t *xcb_connect_to_display_with_auth_info(const char *displayname, xcb_auth_info_t *auth, int *screenp)<br>
> +static xcb_connection_t *_xcb_connect_to_display_with_auth_info_or_file(const char *displayname,<br>
> + const char *authfile,<br>
> + xcb_auth_info_t *auth,<br>
> + int *screenp)<br>
> {<br>
> int fd, display = 0;<br>
> char *host = NULL;<br>
> @@ -518,7 +516,7 @@ xcb_connection_t *xcb_connect_to_display_with_auth_info(const char *displayname,<br>
> goto out;<br>
> }<br>
><br>
> - if(_xcb_get_auth_info(fd, &ourauth, display))<br>
> + if(_xcb_get_auth_info(fd, &ourauth, display, authfile))<br>
> {<br>
> c = xcb_connect_to_fd(fd, &ourauth);<br>
> free(<a href="http://ourauth.name" target="_blank">ourauth.name</a>);<br>
> @@ -542,3 +540,18 @@ out:<br>
> free(protocol);<br>
> return c;<br>
> }<br>
> +<br>
> +xcb_connection_t *xcb_connect(const char *displayname, int *screenp)<br>
> +{<br>
> + return xcb_connect_to_display_with_auth_info(displayname, NULL, screenp);<br>
<br>
</div></div>I'd propose to call _xcb_connect_to_display_with_auth_info_or_file() directly<br></blockquote><div><br></div><div>Fixed. Thanks!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
(urgh, what a function name...).<br></blockquote><div><br></div><div>I've renamed it to _xcb_connect_to_display_with_auth(). Does it look better now? :-)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><br>
> +}<br>
> +<br>
> +xcb_connection_t *xcb_connect_with_auth_file(const char *displayname, const char *authfile, int *screenp)<br>
> +{<br>
> + return _xcb_connect_to_display_with_auth_info_or_file(displayname, authfile, NULL, screenp);<br>
> +}<br>
> +<br>
> +xcb_connection_t *xcb_connect_to_display_with_auth_info(const char *displayname, xcb_auth_info_t *auth, int *screenp)<br>
> +{<br>
> + return _xcb_connect_to_display_with_auth_info_or_file(displayname, NULL, auth, screenp);<br>
> +}<br>
> diff --git a/src/xcbint.h b/src/xcbint.h<br>
> index f89deba..01aca8c 100644<br>
> --- a/src/xcbint.h<br>
> +++ b/src/xcbint.h<br>
> @@ -218,7 +218,7 @@ int _xcb_conn_wait(xcb_connection_t *c, pthread_cond_t *cond, struct iovec **vec<br>
><br>
> /* xcb_auth.c */<br>
><br>
> -int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display);<br>
> +int _xcb_get_auth_info(int fd, xcb_auth_info_t *info, int display, const char *authfile);<br>
><br>
> #ifdef GCC_HAS_VISIBILITY<br>
> #pragma GCC visibility pop<br>
><br>
<br>
</span>Cheers,<br>
Uli<br>
<span class=""><font color="#888888">--<br>
A normal person is just someone you don't know well enough yet.<br>
- Nettie Wiebe<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><b>Laércio de Sousa</b><br></div><div style="text-align:center"><div style="text-align:left"><i>Orientador de Informática</i></div><div style="text-align:left"><u>Escola Municipal "Professor Eulálio Gruppi"</u></div><div style="text-align:left"><i>Rua Ismael da Silva Mello, 559, Mogi Moderno</i></div><i><div style="text-align:left"><i>Mogi das Cruzes - SP</i></div><div style="text-align:left"><i>CEP 08717-390</i></div></i></div><div><span style="font-family:arial;font-size:small">Telefone: (11) 4726-8313</span></div></div>
</div></div>