From fd6a3b79f4e022e3f41f0c71ab7c6f21393c0db1 Mon Sep 17 00:00:00 2001
From: Ludovico de Nittis <ludovico.denittis@collabora.com>
Date: Wed, 17 Feb 2021 18:03:00 +0100
Subject: [PATCH] run: Propagate X11 cookies with an address equals to
 XAUTHLOCALHOSTNAME

OpenSUSE inherits the hostname value from DHCP without updating its X11
authentication cookie, and it keeps the initial value in
`XAUTHLOCALHOSTNAME`.
To avoid breaking the X11 applications, OpenSUSE patches libxcb so that
it also considers the value in `XAUTHLOCALHOSTNAME` as another possible
hostname.

https://bugzilla.opensuse.org/show_bug.cgi?id=262309

To cope with that behavior we need to check `XAUTHLOCALHOSTNAME` too
and, if we have a cookie with that address, propagate it inside the
container adjusting its address to the canonical hostname
`unames.nodename`.

Fixes: #4043

Signed-off-by: Ludovico de Nittis <ludovico.denittis@collabora.com>
---
 common/flatpak-run.c | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 4eeac123..f48f402a 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -118,7 +118,24 @@ xauth_entry_should_propagate (Xauth *xa,
 
   /* ensure entry is for this machine */
   if (xa->family == FamilyLocal && !auth_streq (hostname, xa->address, xa->address_length))
-    return FALSE;
+    {
+      /* OpenSUSE inherits the hostname value from DHCP without updating
+       * its X11 authentication cookie. The old hostname value can still
+       * be found in the environment variable XAUTHLOCALHOSTNAME.
+       * For reference:
+       * https://bugzilla.opensuse.org/show_bug.cgi?id=262309
+       * For this reason if we have a cookie whose address is equal to the
+       * variable XAUTHLOCALHOSTNAME, we still need to propagate it, but
+       * we also need to change its address to `unames.nodename`.
+       */
+      const char *xauth_local_hostname;
+      xauth_local_hostname = g_getenv ("XAUTHLOCALHOSTNAME");
+      if (xauth_local_hostname == NULL)
+        return FALSE;
+
+      if (!auth_streq ((char *) xauth_local_hostname, xa->address, xa->address_length))
+        return FALSE;
+    }
 
   /* ensure entry is for this session */
   if (xa->number != NULL && !auth_streq (number, xa->number, xa->number_length))
@@ -160,6 +177,17 @@ write_xauth (char *number, FILE *output)
               local_xa.number_length = 2;
             }
 
+          if (local_xa.family == FamilyLocal &&
+              !auth_streq (unames.nodename, local_xa.address, local_xa.address_length))
+            {
+              /* If we decided to propagate this cookie, but its address
+               * doesn't match `unames.nodename`, we need to change it or
+               * inside the container it will not work.
+               */
+              local_xa.address = unames.nodename;
+              local_xa.address_length = strlen (local_xa.address);
+            }
+
           if (!XauWriteAuth (output, &local_xa))
             g_warning ("xauth write error");
         }