: ########################################################################## # Title : xallowfrom - allow access to X display # Author : Heiner Steven # Date : 2003-07-29 # Requires : rsh, ssh, xauth # Category : X # SCCS-Id. : @(#) xallowfrom 2.3 05/08/24 ########################################################################## # Description # o If a X client wants to connect to a particular display of an X # server, it has to provide a "cookie" for authentication. The # cookies are stored in the file $HOME/.Xauthority for both the # server and the client. # This program allows for a client to connect to a remote X server # by extracting the remote "cookie" using "xauth nextract", and # inserts it into the local authentication database by calling # "xauth ... nmerge", basically resulting in a command line like # rsh $remhost xauth nextract - $DISPLAY | xauth nmerge - # Refer to the xauth(1) manual page for further documentation. # o If the script is called "xallowto" it tries to get access to a # remote display. If it is called "xallowfrom" it will allow a # remote client to get access to the local display ########################################################################## PN=`basename "$0"` # Program name VER='2.3' RCMD=${SSH_AGENT_PID+ssh} # If SSH_AGENT_PID is set, use "ssh" : ${RCMD:=rsh} # Default: use "rsh" # The following one-liner will search the specified directories and the # $PATH variable for an executable program called "xauth". This allows # this program to at least work with both Solaris # (/usr/openwin/bin/xauth) and Linux (/usr/X11/bin/xauth): searchxauth='for dir in /usr/openwin/bin /usr/X11/bin `echo "$PATH" | sed -e "s/^:/.:/" -e "s/:\$/:./" -e "s/:/ /g"`; do [ -x "$dir/xauth" ] || continue; echo "$dir/xauth"; break; done' runxauth='for dir in /usr/openwin/bin /usr/X11/bin `echo "$PATH" | sed -e "s/^:/.:/" -e "s/:\$/:./" -e "s/:/ /g"`; do [ -x "$dir/xauth" ] || continue; xa="$dir/xauth"; break; done; [ -n "$xa" ] || exit 1; $xa' usage () { echo >&2 "$PN - allow access to X display, $VER usage: $PN [-d display] [remuser@]remhost [...] -d: display number (default: DISPLAY=$DISPLAY)" case "$PN" in *from) echo >&2 " Allows the specified remote users to access the local display.";; *to) echo >&2 " Gets access to the remote display.";; esac echo >&2 " This program needs \"$RCMD\" access to the remote system. In case of problems verify that the following command works: $RCMD -l remuser remhost pwd" exit 1 } msg () { echo >&2 "$PN:" "$@" } fatal () { msg "$@"; exit 1; } ########################################################################## # Installation check case "$PN" in *from) localdisplay=true;; *to) localdisplay=false;; *) fatal "installation error: program name \"$PN\" needs to be either \"xallowfrom\" or \"xallowto\"";; esac ########################################################################## set -- `getopt :d:h "$@"` || usage [ $# -lt 1 ] && usage # "getopt" detected an error while [ $# -gt 0 ] do case "$1" in -d) Display=$2; shift;; --) shift; break;; -h) usage;; -*) usage;; *) break;; # First file name esac shift done [ $# -lt 1 ] && usage display=${Display:-${DISPLAY?}} user=${User:-${USER:-${LOGNAME?}}} xauth=`eval "$searchxauth"` #echo >&2 "DEBUG: xauth=<$xauth>" [ -x "$xauth" ] || fatal "cannot find program: xauth" for rspec do case "$rspec" in *@*) # user@host remuser=`echo "$rspec" | cut -d@ -f1` remhost=`echo "$rspec" | cut -d@ -f2-` ;; *) # host remuser=$user remhost=$rspec ;; esac msg "INFO: you may be prompted for $remuser@$remhost's \"$RCMD\" password" if $localdisplay then msg "allowing $remuser@$remhost access to local display $display" "$xauth" nextract - "$display" | ( grep . || msg "NOTE: there is no magic cookie for display" \ "\"$display\"" ) | "$RCMD" -l "$remuser" "$remhost" "$runxauth" nmerge - if [ $# -ne 0 ] then msg "ERROR: $RCMD $remuser@$remhost failed If you have access to the account $remuser@$remhost, you can manually run the following command logged in as that user: xauth nmerge - and enter (or cut & paste) the following line: `$xauth nextract - $display` " fi else msg "aquiring access to remote display $display of $remuser@$remhost" "$RCMD" -n -l "$remuser" "$remhost" "$runxauth" nextract - "$display" | ( grep . || msg "NOTE: there is no magic cookie for display" \ "\"$display\" of $remuser@$remhost" ) | "$xauth" nmerge - if [ $# -ne 0 ] then msg "ERROR: $RCMD $remuser@$remhost failed If you have access to the account $remuser@$remhost, you can manually run the following command logged in as that user: xauth nextract - $display and enter (or cut & paste) the resulting output line to the input of the following program: $xauth nmerge -" fi fi done