[Xcb] [Bug 14202] XDM- AUTHORIZATION-1 is broken

Sat Apr 11 08:26:29 PDT 2009

http://bugs.freedesktop.org/show_bug.cgi?id=14202

--- Comment #8 from Julien Danjou <julien at danjou.info>  2009-04-11 08:26:29 PST ---
Thanks for your patch Bart.

I think it's still bad, but I may be wrong, I'm going to explain what I
understand in the current code:

1. We getpeername() the socket to get the socket peer address. If everything is
OK, we continue.
2. We pass that peer address to get_authptr() which is responsible to find auth
data.
3. We pass that authptr and this peer address to compute_auth() which compute
again some authentification stuff.

So far so good.
But, in the auth information, we put the *peer* address.

The problem is that XDM-AUTHORIZATION-1 (see the document I pointed earlier)
wants the *local* address (not the peer one).

So what the initial patch in this bug report do is the following:
1. Same as above.
2. Same as above.
3. Same as above.
4. If 3. fails, get the *local* address (rather than the peer one) and redo 2.
and 3.

The problem I see with this solution is that it probably make things work, but
it's a bit heavy.

And now, what I wonder it is what we should put ? socket's peer address or
socket's local address ? I know that XDM-AUTHORIZATION-1 wants local's address
which IMHO makes sense.
Puting peer's address might be required by another authentification method
(like MIT-MAGIC-COOKIE), I don't know what should be put.

Finally, I took a look at libx11, since this has been sucked out from
ConnDis.c.
And it has a special case in GetAuthorization()  to handle XDM-AUTHORIZATION-1
and in this case get the *local* address.

So I really don't know how to patch this correctly because it looks like a pile
of spaghettis to me right now.

-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.