Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitaab6bff

Browse files
committed
fix(agent/agentssh): fix X11 forwarding by improving Xauthority management
Fixes#11531
1 parent6e5c2ef commitaab6bff

File tree

2 files changed

+390
-2
lines changed

2 files changed

+390
-2
lines changed

‎agent/agentssh/x11.go‎

Lines changed: 183 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import (
66
"encoding/hex"
77
"errors"
88
"fmt"
9+
"io"
910
"net"
1011
"os"
1112
"path/filepath"
@@ -141,7 +142,7 @@ func addXauthEntry(ctx context.Context, fs afero.Fs, host string, display string
141142
}
142143

143144
// Open or create the Xauthority file
144-
file,err:=fs.OpenFile(xauthPath,os.O_RDWR|os.O_CREATE|os.O_APPEND,0o600)
145+
file,err:=fs.OpenFile(xauthPath,os.O_RDWR|os.O_CREATE,0o600)
145146
iferr!=nil {
146147
returnxerrors.Errorf("failed to open Xauthority file: %w",err)
147148
}
@@ -153,7 +154,94 @@ func addXauthEntry(ctx context.Context, fs afero.Fs, host string, display string
153154
returnxerrors.Errorf("failed to decode auth cookie: %w",err)
154155
}
155156

156-
// Write Xauthority entry
157+
// Read the Xauthority file and look for an existing entry for the host,
158+
// display, and auth protocol. If an entry is found, overwrite the auth
159+
// cookie (if it fits). Otherwise, mark the entry for deletion.
160+
typedeleteEntrystruct {
161+
start,endint64
162+
}
163+
vardeleteEntries []deleteEntry
164+
pos:=int64(0)
165+
updated:=false
166+
for {
167+
entry,err:=readXauthEntry(file)
168+
iferr!=nil {
169+
iferrors.Is(err,io.EOF) {
170+
break
171+
}
172+
returnxerrors.Errorf("failed to read Xauthority entry: %w",err)
173+
}
174+
175+
nextPos:=pos+int64(entry.Len())
176+
cookieStartPos:=nextPos-int64(len(entry.authCookie))
177+
178+
ifentry.family==0x0100&&entry.address==host&&entry.display==display&&entry.authProtocol==authProtocol {
179+
if!updated&&len(entry.authCookie)==len(authCookieBytes) {
180+
// Overwrite the auth cookie
181+
_,err:=file.WriteAt(authCookieBytes,cookieStartPos)
182+
iferr!=nil {
183+
returnxerrors.Errorf("failed to write auth cookie: %w",err)
184+
}
185+
updated=true
186+
}else {
187+
// Mark entry for deletion.
188+
iflen(deleteEntries)>0&&deleteEntries[len(deleteEntries)-1].end==pos {
189+
deleteEntries[len(deleteEntries)-1].end=nextPos
190+
}else {
191+
deleteEntries=append(deleteEntries,deleteEntry{
192+
start:pos,
193+
end:nextPos,
194+
})
195+
}
196+
}
197+
}
198+
199+
pos=nextPos
200+
}
201+
202+
// In case the magic cookie changed, or we've previously bloated the
203+
// Xauthority file, we may have to delete entries.
204+
iflen(deleteEntries)>0 {
205+
// Read the entire file into memory. This is not ideal, but it's the
206+
// simplest way to delete entries from the middle of the file. The
207+
// Xauthority file is small, so this should be fine.
208+
_,err=file.Seek(0,io.SeekStart)
209+
iferr!=nil {
210+
returnxerrors.Errorf("failed to seek Xauthority file: %w",err)
211+
}
212+
data,err:=io.ReadAll(file)
213+
iferr!=nil {
214+
returnxerrors.Errorf("failed to read Xauthority file: %w",err)
215+
}
216+
217+
// Delete the entries.
218+
for_,entry:=rangedeleteEntries {
219+
data=append(data[:entry.start],data[entry.end:]...)
220+
}
221+
222+
// Write the data back to the file.
223+
_,err=file.Seek(0,io.SeekStart)
224+
iferr!=nil {
225+
returnxerrors.Errorf("failed to seek Xauthority file: %w",err)
226+
}
227+
_,err=file.Write(data)
228+
iferr!=nil {
229+
returnxerrors.Errorf("failed to write Xauthority file: %w",err)
230+
}
231+
232+
// Truncate the file.
233+
err=file.Truncate(int64(len(data)))
234+
iferr!=nil {
235+
returnxerrors.Errorf("failed to truncate Xauthority file: %w",err)
236+
}
237+
}
238+
239+
// Return if we've already updated the entry.
240+
ifupdated {
241+
returnnil
242+
}
243+
244+
// Append Xauthority entry.
157245
family:=uint16(0x0100)// FamilyLocal
158246
err=binary.Write(file,binary.BigEndian,family)
159247
iferr!=nil {
@@ -198,3 +286,96 @@ func addXauthEntry(ctx context.Context, fs afero.Fs, host string, display string
198286

199287
returnnil
200288
}
289+
290+
// xauthEntry is an representation of an Xauthority entry.
291+
//
292+
// The Xauthority file format is as follows:
293+
//
294+
// - 16-bit family
295+
// - 16-bit address length
296+
// - address
297+
// - 16-bit display length
298+
// - display
299+
// - 16-bit auth protocol length
300+
// - auth protocol
301+
// - 16-bit auth cookie length
302+
// - auth cookie
303+
typexauthEntrystruct {
304+
familyuint16
305+
addressstring
306+
displaystring
307+
authProtocolstring
308+
authCookie []byte
309+
}
310+
311+
func (exauthEntry)Len()int {
312+
// 5 * uint16 = 10 bytes for the family/length fields.
313+
return2*5+len(e.address)+len(e.display)+len(e.authProtocol)+len(e.authCookie)
314+
}
315+
316+
funcreadXauthEntry(r io.Reader) (xauthEntry,error) {
317+
varentryxauthEntry
318+
319+
// Read family
320+
err:=binary.Read(r,binary.BigEndian,&entry.family)
321+
iferr!=nil {
322+
returnxauthEntry{},xerrors.Errorf("failed to read family: %w",err)
323+
}
324+
325+
// Read address
326+
varaddressLengthuint16
327+
err=binary.Read(r,binary.BigEndian,&addressLength)
328+
iferr!=nil {
329+
returnxauthEntry{},xerrors.Errorf("failed to read address length: %w",err)
330+
}
331+
332+
addressBytes:=make([]byte,addressLength)
333+
_,err=r.Read(addressBytes)
334+
iferr!=nil {
335+
returnxauthEntry{},xerrors.Errorf("failed to read address: %w",err)
336+
}
337+
entry.address=string(addressBytes)
338+
339+
// Read display
340+
vardisplayLengthuint16
341+
err=binary.Read(r,binary.BigEndian,&displayLength)
342+
iferr!=nil {
343+
returnxauthEntry{},xerrors.Errorf("failed to read display length: %w",err)
344+
}
345+
346+
displayBytes:=make([]byte,displayLength)
347+
_,err=r.Read(displayBytes)
348+
iferr!=nil {
349+
returnxauthEntry{},xerrors.Errorf("failed to read display: %w",err)
350+
}
351+
entry.display=string(displayBytes)
352+
353+
// Read auth protocol
354+
varauthProtocolLengthuint16
355+
err=binary.Read(r,binary.BigEndian,&authProtocolLength)
356+
iferr!=nil {
357+
returnxauthEntry{},xerrors.Errorf("failed to read auth protocol length: %w",err)
358+
}
359+
360+
authProtocolBytes:=make([]byte,authProtocolLength)
361+
_,err=r.Read(authProtocolBytes)
362+
iferr!=nil {
363+
returnxauthEntry{},xerrors.Errorf("failed to read auth protocol: %w",err)
364+
}
365+
entry.authProtocol=string(authProtocolBytes)
366+
367+
// Read auth cookie
368+
varauthCookieLengthuint16
369+
err=binary.Read(r,binary.BigEndian,&authCookieLength)
370+
iferr!=nil {
371+
returnxauthEntry{},xerrors.Errorf("failed to read auth cookie length: %w",err)
372+
}
373+
374+
entry.authCookie=make([]byte,authCookieLength)
375+
_,err=r.Read(entry.authCookie)
376+
iferr!=nil {
377+
returnxauthEntry{},xerrors.Errorf("failed to read auth cookie: %w",err)
378+
}
379+
380+
returnentry,nil
381+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp