From 24632dab0bee9785fcedbcfa5dac594b0a550e2f Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Wed, 15 Feb 2017 10:10:29 -0500 Subject: [PATCH] run: propagate wildcard xauth entries to app bundle At the moment, flatpak applications are only given FamilyLocal family xauth cookies from the Xauthority file. This is so, the sandboxed application doesn't inadvertently get access to displays on other computers. But FamilyLocal isn't the only xauth family that's local. FamilyWild entries can be local as well. Furthermore, FamilyWild entries are preferable to FamilyLocal entries when found, because they don't break if the system hostname is changed. This commit makes FamilyWild xauth entries get propagated in the same way as their FamilyLocal counterparts. (cherry picked from commit a82708cb1062b2f340bcbeb205aeb1845d130288) --- common/flatpak-run.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 908a0655..fde7c27c 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -1745,6 +1745,26 @@ auth_streq (char *str, return au_len == strlen (str) && memcmp (str, au_str, au_len) == 0; } +static gboolean +xauth_entry_should_propagate (Xauth *xa, + char *hostname, + char *number) +{ + /* ensure entry isn't for remote access */ + if (xa->family != FamilyLocal && xa->family != FamilyWild) + return FALSE; + + /* ensure entry is for this machine */ + if (xa->family == FamilyLocal && !auth_streq (hostname, xa->address, xa->address_length)) + return FALSE; + + /* ensure entry is for this session */ + if (xa->number != NULL && !auth_streq (number, xa->number, xa->number_length)) + return FALSE; + + return TRUE; +} + static void write_xauth (char *number, FILE *output) { @@ -1769,9 +1789,7 @@ write_xauth (char *number, FILE *output) xa = XauReadAuth (f); if (xa == NULL) break; - if (xa->family == FamilyLocal && - auth_streq (unames.nodename, xa->address, xa->address_length) && - (xa->number == NULL || auth_streq (number, xa->number, xa->number_length))) + if (xauth_entry_should_propagate (xa, unames.nodename, number)) { local_xa = *xa; if (local_xa.number)