Xnamespace: add support for multiple auth tokens per namespace

Support having more than one auth token per namespace, so separate tokens can be handed out to clients that are still landing in the same namespace. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2025-05-30 14:22:01 +02:00 · 2025-05-30 14:22:01 +02:00 · a353ffddd0
parent f790bae8dc
commit a353ffddd0
4 changed files with 47 additions and 25 deletions
--- a/Xext/namespace/config.c
+++ b/Xext/namespace/config.c
@ -105,21 +105,27 @@ static void parseLine(char *line, struct Xnamespace **walk_ns)
        if (token == NULL)
            return;

-        curr->authProto = strdup(token);
+        struct auth_token *new_token = calloc(1, sizeof(struct auth_token));
+        if (new_token == NULL)
+            FatalError("Xnamespace: failed allocating token\n");
+
+        new_token->authProto = strdup(token);
        token = strtok(NULL, " ");

-        curr->authTokenLen = strlen(token)/2;
-        curr->authTokenData = calloc(1, curr->authTokenLen);
-        if (!curr->authTokenData) {
-            curr->authTokenLen = 0;
+        new_token->authTokenLen = strlen(token)/2;
+        new_token->authTokenData = calloc(1, new_token->authTokenLen);
+        if (!new_token->authTokenData) {
+            free(new_token);
            return;
        }
-        hex2bin(token, curr->authTokenData);
+        hex2bin(token, new_token->authTokenData);

-        AddAuthorization(strlen(curr->authProto),
-                         curr->authProto,
-                         curr->authTokenLen,
-                         curr->authTokenData);
+        new_token->authId = AddAuthorization(strlen(new_token->authProto),
+                                             new_token->authProto,
+                                             new_token->authTokenLen,
+                                             new_token->authTokenData);
+
+        xorg_list_append(&new_token->entry, &curr->auth_tokens);
        return;
    }

@ -179,12 +185,14 @@ Bool XnsLoadConfig(void)

    struct Xnamespace *ns;
    xorg_list_for_each_entry(ns, &ns_list, entry) {
-        XNS_LOG("namespace: \"%s\" \"%s\" \"",
-            ns->name,
-            ns->authProto);
-        for (int i=0; i<ns->authTokenLen; i++)
-            printf("%02X", (unsigned char)ns->authTokenData[i]);
-        printf("\"\n");
+        XNS_LOG("namespace: \"%s\" \n", ns->name);
+        struct auth_token *at;
+        xorg_list_for_each_entry(at, &ns->auth_tokens, entry) {
+            XNS_LOG("      auth: \"%s\" \"", at->authProto);
+            for (int i=0; i<at->authTokenLen; i++)
+                printf("%02X", (unsigned char)at->authTokenData[i]);
+            printf("\"\n");
+        }
    }

    return TRUE;
--- a/Xext/namespace/namespace.c
+++ b/Xext/namespace/namespace.c
@ -76,12 +76,15 @@ struct Xnamespace* XnsFindByAuth(size_t szAuthProto, const char* authProto, size
 {
    struct Xnamespace *walk;
    xorg_list_for_each_entry(walk, &ns_list, entry) {
-        int protoLen = walk->authProto ? strlen(walk->authProto) : 0;
-        if ((protoLen == szAuthProto) &&
-            (walk->authTokenLen == szAuthToken) &&
-            (memcmp(walk->authTokenData, authToken, szAuthToken)==0) &&
-            (memcmp(walk->authProto, authProto, szAuthProto)==0))
-            return walk;
+        struct auth_token *at;
+        xorg_list_for_each_entry(at, &walk->auth_tokens, entry) {
+            int protoLen = at->authProto ? strlen(at->authProto) : 0;
+            if ((protoLen == szAuthProto) &&
+                (at->authTokenLen == szAuthToken) &&
+                (memcmp(at->authTokenData, authToken, szAuthToken)==0) &&
+                (memcmp(at->authProto, authProto, szAuthProto)==0))
+                return walk;
+        }
    }

    // default to anonymous if credentials aren't assigned to specific NS
--- a/Xext/namespace/namespace.h
+++ b/Xext/namespace/namespace.h
@ -10,6 +10,14 @@
 #include "include/window.h"
 #include "include/windowstr.h"

+struct auth_token {
+    struct xorg_list entry;
+    const char *authProto;
+    char *authTokenData;
+    size_t authTokenLen;
+    XID authId;
+};
+
 struct Xnamespace {
    struct xorg_list entry;
    const char *name;
@ -20,9 +28,7 @@ struct Xnamespace {
    Bool allowXInput;
    Bool allowXKeyboard;
    Bool superPower;
-    const char *authProto;
-    char *authTokenData;
-    size_t authTokenLen;
+    struct xorg_list auth_tokens;
    size_t refcnt;
    WindowPtr rootWindow;
 };
--- a/Xext/namespace/ns.conf.example
+++ b/Xext/namespace/ns.conf.example
@ -1,13 +1,18 @@

 # auth <proto> <hex-key>
  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad90b0
+  auth MIT-MAGIC-COOKIE-1 56f8e62b78e58962de0ceefc05ad90b0

 # container <name> <parent_name>
 container xeyes root
  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad90b8
+  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad90a8
  allow mouse-motion
  allow shape
  allow xinput

 container xclock root
  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad90b7
+  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad91b7
+  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad92b7
+  auth MIT-MAGIC-COOKIE-1 46f8e62b78e58962de0ceefc05ad93b7