[Bug 1909931]: Add support for server-interpreted access control addreses.

1 files changed, 66 insertions, 22 deletions

diff --git a/unix/tkUnixSend.c b/unix/tkUnixSend.c
index 7394ec5..b6d4dce 100644
--- a/unix/tkUnixSend.c
+++ b/unix/tkUnixSend.c
@@ -11,7 +11,7 @@
  * See the file "license.terms" for information on usage and redistribution of
  * this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tkUnixSend.c,v 1.24 2008/11/18 23:49:43 nijtmans Exp $
+ * RCS: @(#) $Id: tkUnixSend.c,v 1.25 2009/08/25 08:46:06 dkf Exp $
  */
 
 #include "tkUnixInt.h"
@@ -226,7 +226,7 @@ static int		ServerSecure(TkDisplay *dispPtr);
 static void		UpdateCommWindow(TkDisplay *dispPtr);
 static int		ValidateName(TkDisplay *dispPtr, const char *name,
 			    Window commWindow, int oldOK);
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -325,7 +325,7 @@ RegOpen(
     }
     return regPtr;
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -378,7 +378,7 @@ RegFindName(
     }
     return None;
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -442,7 +442,7 @@ RegDeleteName(
 	}
     }
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -492,7 +492,7 @@ RegAddName(
     regPtr->property = newProp;
     regPtr->allocedByX = 0;
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -552,7 +552,7 @@ RegClose(
     }
     ckfree((char *) regPtr);
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -647,7 +647,7 @@ ValidateName(
     }
     return result;
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -681,8 +681,52 @@ ServerSecure(
 
     secure = 0;
     addrPtr = XListHosts(dispPtr->display, &numHosts, &enabled);
-    if (enabled && (numHosts == 0)) {
-	secure = 1;
+    if (enabled) {
+	if (numHosts == 0) {
+	    secure = 1;
+	}
+
+	/*
+	 * Recent versions of X11 have the extra feature of allowing more
+	 * sophisticated authorization checks to be performed than the dozy
+	 * old ones that used to plague xhost usage. However, not all deployed
+	 * versions of Xlib know how to deal with this feature, so this code
+	 * is conditional on having the right #def in place. [Bug 1909931]
+	 */
+
+#ifdef FamilyServerInterpreted
+	if (numHosts == 1 && addrPtr[0].family == FamilyServerInterpreted) {
+	    XServerInterpretedAddress *siPtr =
+		    (XServerInterpretedAddress *) addrPtr[0].address;
+
+	    if (siPtr->typelength==9 && !memcmp(siPtr->type,"localuser",9)) {
+		/*
+		 * We don't check the username here. This is because it's
+		 * officially non-portable and we are just making sure there
+		 * aren't silly misconfigurations. (Apparently 'root' is not a
+		 * very good choice, but we still don't put any effort in to
+		 * spot that.)
+		 */
+
+		secure = 1;
+	    } else if (siPtr->typelength == 10
+		    && !memcmp(siPtr->type, "localgroup", 10)) {
+		/*
+		 * Similarly to above, we don't attempt to peek inside server
+		 * interpreted group names. If someone set it, it's what they
+		 * want and we assume it's OK.
+		 */
+
+		secure = 1;
+	    }
+
+	    /*
+	     * The other defined types of server-interpreted controls involve
+	     * particular hosts; these are still insecure for the same reasons
+	     * that classic xhost access is insecure.
+	     */
+	}
+#endif
     }
     if (addrPtr != NULL) {
 	XFree((char *) addrPtr);
@@ -690,7 +734,7 @@ ServerSecure(
     return secure;
 #endif /* TK_NO_SECURITY */
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -849,7 +893,7 @@ Tk_SetAppName(
 
     return riPtr->name;
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -1138,7 +1182,7 @@ Tk_SendCmd(
     ckfree(pending.result);
     return pending.code;
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -1226,7 +1270,7 @@ TkGetInterpNames(
     RegClose(regPtr);
     return TCL_OK;
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -1256,7 +1300,7 @@ TkSendCleanup(
 	dispPtr->commTkwin = NULL;
     }
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -1313,7 +1357,7 @@ SendInit(
 
     return TCL_OK;
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -1651,7 +1695,7 @@ SendEventProc(
     }
     XFree(propInfo);
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -1730,7 +1774,7 @@ AppendErrorProc(
     }
     return 0;
 }
-
+
 /*
  *--------------------------------------------------------------
  *
@@ -1779,7 +1823,7 @@ DeleteProc(
     UpdateCommWindow(riPtr->dispPtr);
     Tcl_EventuallyFree(riPtr, TCL_DYNAMIC);
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -1819,7 +1863,7 @@ SendRestrictProc(
     }
     return TK_DEFER_EVENT;
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -1859,7 +1903,7 @@ UpdateCommWindow(
 	    Tcl_DStringLength(&names));
     Tcl_DStringFree(&names);
 }
-
+
 /*
  *----------------------------------------------------------------------
  *
@@ -1967,7 +2011,7 @@ TkpTestsendCmd(
     }
     return TCL_OK;
 }
-
+
 /*
  * Local Variables:
  * mode: c