handle Internet cookie addresses correctly. Fixes #121

2026-06-24 17:21:47 +00:00 · 2016-01-15 16:01:54 +11:00 · 2016-01-15 16:01:54 +11:00 · 70519cbb38
commit 70519cbb38
parent 0d7346fbac
3 changed files with 85 additions and 92 deletions
--- a/lib/auth.js
+++ b/lib/auth.js
@ -11,13 +11,6 @@ function parseXauth( buf )
    var auth = [];
    var cookieProperties = ['address', 'display', 'authName', 'authData'];
    function handleCookieProperty(property) {
        var length = buf.unpack('n', offset)[0];
        offset += 2;
        cookie[property] = buf.unpackString(length, offset);
        offset += length; 
    }
    while (offset < buf.length)
    {
        var cookie = {};
@ -33,59 +26,59 @@ function parseXauth( buf )
              5: 'ServerInterpreted',
              6: 'InternetV6'
        };
-        cookie.type = buf.unpack('n')[0];
+        cookie.type = buf.readUInt16LE(offset);
        console.log('Cookie type: ');
        if (!typeToName[cookie.type]) {
            console.warn('Unknown address type');
        }
        offset += 2;
-        //JSHint becomes angry when handleCookieProperty is declared inside loop
+        cookieProperties.forEach(function(property) {
-        cookieProperties.forEach(handleCookieProperty);
+          var length = buf.unpack('n', offset)[0];
          offset += 2;
          if (cookie.type === 0 && property == 'address') { // Internet
            // 4 bytes of ip addess, convert to w.x.y.z string
            cookie.address = [ buf[offset], buf[offset+1], buf[offset+2], buf[offset+3]]
              .map(function(octet) { return octet.toString(10) }).join('.');
          } else {
            cookie[property] = buf.unpackString(length, offset);
          }
          offset += length;
        });
        auth.push(cookie);
    }
    return auth;
 }
 var os   = require('os');
 var path = require('path');
 function readXauthority(cb) {
  var filename = process.env.XAUTHORITY || path.join(os.homedir(), '.Xauthority');
  fs.readFile(filename, function(err, data) {
    if (!err)
      return cb(null, data);
    if(err.code == 'ENOENT') {
      // Xming/windows uses %HOME%/Xauthority ( .Xauthority with no dot ) - try with this name
      filename = process.env.XAUTHORITY || path.join(os.homedir(), 'Xauthority');
      return fs.readFile(filename, cb);
    } else {
      cb(err);
    }
  });
 }
 module.exports = function( display, host, cb )
 {
-    var XAuthorityFile = process.env.XAUTHORITY;
+  readXauthority(function(err, data) {
-    if (!XAuthorityFile)
+    if(err) return cb(err);
    var auth = parseXauth(data);
    for (var cookieNum in auth)
    {
-        if ( process.platform.match(/win/) ) {
+      var cookie = auth[cookieNum];
-            // http://www.straightrunning.com/XmingNotes/trouble.php
+      if (cookie.display === display && cookie.address === host)
-            //
+        return cb( null, cookie );
            // The Xming magic cookie program, xauth (user-based), uses an 
            // Xauthority file (not the traditional .Xauthority file) in 
            // the %HOME% directory. To use xauth from Command Processor 
            // e.g. on Windows machine 192.168.0.2 with user colin...
            XAuthorityFile = process.env.USERPROFILE + '\\Xauthority';
        } else {
            XAuthorityFile = process.env.HOME + '/.Xauthority';
        }
    }
-
+    cb(new Error('No auth cookie matching display=' + display + ' and  host=' + host));
-    fs.readFile(XAuthorityFile, function (err, data) {
+  });
        if (err) 
        {
            if (err.code == 'ENOENT')
            {
                cb('','');
                return;
            }
            throw err;
        }
        var auth = parseXauth(data);
        for (var cookieNum in auth)
        {
            var cookie = auth[cookieNum];
            if (cookie.display == display && cookie.address == host)
            {
                cb( cookie.authName, cookie.authData );
                return;
            }
        }
        // throw 'No auth cookie matching display=' + display + ' and  host=' + host;
        cb( '', '' );            
    });       
 };
--- a/lib/handshake.js
+++ b/lib/handshake.js
@ -191,7 +191,8 @@ function getByteOrder() {
 function writeClientHello(stream, displayNum, authHost)
 {
-    getAuthString( displayNum, authHost, function( authType, authData ) {
+    getAuthString( displayNum, authHost, function( err, cookie ) {
        debugger;
        var byte_order = getByteOrder();
        var protocol_major = 11; // TODO: config? env?
        var protocol_minor = 0;
@ -201,10 +202,10 @@ function writeClientHello(stream, displayNum, authHost)
            byte_order,
            protocol_major,
            protocol_minor,
-            authType.length,
+            cookie.authName.length,
-            authData.length,
+            cookie.authData.length,
-            authType,
+            cookie.authName,
-            authData
+            cookie.authData
            ]
        );
        stream.flush();
--- a/lib/xcore.js
+++ b/lib/xcore.js
@ -520,8 +520,7 @@ XClient.prototype.expectReplyHeader = function()
    );
 }
-XClient.prototype.startHandshake = function()
+XClient.prototype.startHandshake = function() {
 {
    var client = this;
    handshake.writeClientHello(this.pack_stream, this.displayNum, this.authHost);