summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordkf <donal.k.fellows@manchester.ac.uk>2009-08-25 08:46:06 (GMT)
committerdkf <donal.k.fellows@manchester.ac.uk>2009-08-25 08:46:06 (GMT)
commit722bf308e2388220307c511109010cb283d1c477 (patch)
tree064482abcc7a416e71668cfa2e9f5e0e2b25fc98
parentbe443037d96546bb6095977a5c5a81c5ccf681e2 (diff)
downloadtk-722bf308e2388220307c511109010cb283d1c477.zip
tk-722bf308e2388220307c511109010cb283d1c477.tar.gz
tk-722bf308e2388220307c511109010cb283d1c477.tar.bz2
[Bug 1909931]: Add support for server-interpreted access control addreses.
-rw-r--r--ChangeLog5
-rw-r--r--unix/tkUnixSend.c88
2 files changed, 71 insertions, 22 deletions
diff --git a/ChangeLog b/ChangeLog
index a5a50f8..622ce56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009-08-25 Donal K. Fellows <dkf@users.sf.net>
+
+ * unix/tkUnixSend.c (ServerSecure): [Bug 1909931]: Added some support
+ for server-interpreted access control addreses.
+
2009-08-24 Donal K. Fellows <dkf@users.sf.net>
* library/msgbox.tcl (::tk::MessageBox): Correct bindings so that they
diff --git a/unix/tkUnixSend.c b/unix/tkUnixSend.c
index 7394ec5..b6d4dce 100644
--- a/unix/tkUnixSend.c
+++ b/unix/tkUnixSend.c
@@ -11,7 +11,7 @@
* See the file "license.terms" for information on usage and redistribution of
* this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tkUnixSend.c,v 1.24 2008/11/18 23:49:43 nijtmans Exp $
+ * RCS: @(#) $Id: tkUnixSend.c,v 1.25 2009/08/25 08:46:06 dkf Exp $
*/
#include "tkUnixInt.h"
@@ -226,7 +226,7 @@ static int ServerSecure(TkDisplay *dispPtr);
static void UpdateCommWindow(TkDisplay *dispPtr);
static int ValidateName(TkDisplay *dispPtr, const char *name,
Window commWindow, int oldOK);
-
+
/*
*----------------------------------------------------------------------
*
@@ -325,7 +325,7 @@ RegOpen(
}
return regPtr;
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -378,7 +378,7 @@ RegFindName(
}
return None;
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -442,7 +442,7 @@ RegDeleteName(
}
}
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -492,7 +492,7 @@ RegAddName(
regPtr->property = newProp;
regPtr->allocedByX = 0;
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -552,7 +552,7 @@ RegClose(
}
ckfree((char *) regPtr);
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -647,7 +647,7 @@ ValidateName(
}
return result;
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -681,8 +681,52 @@ ServerSecure(
secure = 0;
addrPtr = XListHosts(dispPtr->display, &numHosts, &enabled);
- if (enabled && (numHosts == 0)) {
- secure = 1;
+ if (enabled) {
+ if (numHosts == 0) {
+ secure = 1;
+ }
+
+ /*
+ * Recent versions of X11 have the extra feature of allowing more
+ * sophisticated authorization checks to be performed than the dozy
+ * old ones that used to plague xhost usage. However, not all deployed
+ * versions of Xlib know how to deal with this feature, so this code
+ * is conditional on having the right #def in place. [Bug 1909931]
+ */
+
+#ifdef FamilyServerInterpreted
+ if (numHosts == 1 && addrPtr[0].family == FamilyServerInterpreted) {
+ XServerInterpretedAddress *siPtr =
+ (XServerInterpretedAddress *) addrPtr[0].address;
+
+ if (siPtr->typelength==9 && !memcmp(siPtr->type,"localuser",9)) {
+ /*
+ * We don't check the username here. This is because it's
+ * officially non-portable and we are just making sure there
+ * aren't silly misconfigurations. (Apparently 'root' is not a
+ * very good choice, but we still don't put any effort in to
+ * spot that.)
+ */
+
+ secure = 1;
+ } else if (siPtr->typelength == 10
+ && !memcmp(siPtr->type, "localgroup", 10)) {
+ /*
+ * Similarly to above, we don't attempt to peek inside server
+ * interpreted group names. If someone set it, it's what they
+ * want and we assume it's OK.
+ */
+
+ secure = 1;
+ }
+
+ /*
+ * The other defined types of server-interpreted controls involve
+ * particular hosts; these are still insecure for the same reasons
+ * that classic xhost access is insecure.
+ */
+ }
+#endif
}
if (addrPtr != NULL) {
XFree((char *) addrPtr);
@@ -690,7 +734,7 @@ ServerSecure(
return secure;
#endif /* TK_NO_SECURITY */
}
-
+
/*
*--------------------------------------------------------------
*
@@ -849,7 +893,7 @@ Tk_SetAppName(
return riPtr->name;
}
-
+
/*
*--------------------------------------------------------------
*
@@ -1138,7 +1182,7 @@ Tk_SendCmd(
ckfree(pending.result);
return pending.code;
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -1226,7 +1270,7 @@ TkGetInterpNames(
RegClose(regPtr);
return TCL_OK;
}
-
+
/*
*--------------------------------------------------------------
*
@@ -1256,7 +1300,7 @@ TkSendCleanup(
dispPtr->commTkwin = NULL;
}
}
-
+
/*
*--------------------------------------------------------------
*
@@ -1313,7 +1357,7 @@ SendInit(
return TCL_OK;
}
-
+
/*
*--------------------------------------------------------------
*
@@ -1651,7 +1695,7 @@ SendEventProc(
}
XFree(propInfo);
}
-
+
/*
*--------------------------------------------------------------
*
@@ -1730,7 +1774,7 @@ AppendErrorProc(
}
return 0;
}
-
+
/*
*--------------------------------------------------------------
*
@@ -1779,7 +1823,7 @@ DeleteProc(
UpdateCommWindow(riPtr->dispPtr);
Tcl_EventuallyFree(riPtr, TCL_DYNAMIC);
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -1819,7 +1863,7 @@ SendRestrictProc(
}
return TK_DEFER_EVENT;
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -1859,7 +1903,7 @@ UpdateCommWindow(
Tcl_DStringLength(&names));
Tcl_DStringFree(&names);
}
-
+
/*
*----------------------------------------------------------------------
*
@@ -1967,7 +2011,7 @@ TkpTestsendCmd(
}
return TCL_OK;
}
-
+
/*
* Local Variables:
* mode: c