Attempt to remove Xlib dependency.

Author: tvrzna

README.md

@@ -246,11 +246,9 @@ __NOTE:__ If any issue starts to appear and you want to report it, ensure you do
 - go (>= 1.20)
 - gcc
 - pam-devel
-- libx11-devel (libx11)
 
 ### Dependencies
 - pam
-- libx11
 - xorg / xorg-server (optional)
 - xauth / xorg-xauth (required for xorg)
 - mcookie (required for xorg)
@@ -293,8 +291,5 @@ $ make build TAGS=tag1,tag2
 #### nopam
 This tag disables dependency on PAM. In Linux it switch to basic authentication with `shadow`.
 
-#### noxlib
-This tag disables dependency on libx11, could be useful, if only Wayland desktop is expected to be used.
-
 #### noutmp
 This tag disables dependency on UTMP/UTMPX. Its implementation is different by each libc/distro, this provides ability to build if incompatibility occurs.

src/emptty.go

@@ -197,7 +197,7 @@ func printHelp() {
 // Gets current version
 func getVersion() string {
 	tags := strings.Builder{}
-	for _, tag := range []string{tagPam, tagUtmp, tagXlib} {
+	for _, tag := range []string{tagPam, tagUtmp} {
 		if tags.Len() > 0 {
 			tags.WriteString(", ")
 		}

src/session_xorg.go

@@ -67,7 +67,7 @@ func (x *xorgSession) startCarrier() {
 	}
 	logPrint("Started Xorg")
 
-	if err := openXDisplay(x.auth.usr().getenv(envDisplay)); err != nil {
+	if err := openXDisplay(x.auth.usr().getenv(envDisplay), x.auth.usr().getenv(envXauthority)); err != nil {
 		handleStrErr("Could not open X Display.")
 	}
 }

src/x11.go

@@ -0,0 +1,158 @@
+package src
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+// Opens XDisplay via socket and tries to authenticate with Xauthority.
+func openXDisplay(dispName, xauthorityPath string) error {
+	displayNum, socketPath, err := resolveDisplay(dispName)
+	if err != nil {
+		return err
+	}
+
+	authName, authData, err := readXAuthority(displayNum, xauthorityPath)
+	if err != nil {
+		return fmt.Errorf("xauthority: %w", err)
+	}
+
+	for i := 0; i < 50; i++ {
+		conn, err := net.DialTimeout("unix", socketPath, 200*time.Millisecond)
+		if err == nil {
+			err = performHandshake(conn, authName, authData)
+			if err == nil {
+				return nil
+			} else {
+				conn.Close()
+			}
+		}
+		time.Sleep(50 * time.Millisecond)
+	}
+
+	return errors.New("could not open authenticated X display")
+}
+
+// Gets display number and its socket path from display name.
+func resolveDisplay(display string) (string, string, error) {
+	if !strings.HasPrefix(display, ":") {
+		return "", "", errors.New("only local displays supported")
+	}
+	num := strings.Split(display[1:], ".")[0]
+	socketPath := filepath.Join("/tmp/.X11-unix", "X"+num)
+	return num, socketPath, nil
+}
+
+// Reads and parses XAuthority file on defined path.
+func readXAuthority(displayNum, xauthorityPath string) (string, []byte, error) {
+	data, err := os.ReadFile(xauthorityPath)
+	if err != nil {
+		return "", nil, err
+	}
+
+	r := bytes.NewReader(data)
+
+	for r.Len() > 0 {
+		var family uint16
+		if err := binary.Read(r, binary.BigEndian, &family); err != nil {
+			return "", nil, err
+		}
+
+		addr, err := readString(r)
+		if err != nil {
+			return "", nil, err
+		}
+		_ = addr
+
+		display, err := readString(r)
+		if err != nil {
+			return "", nil, err
+		}
+
+		name, err := readString(r)
+		if err != nil {
+			return "", nil, err
+		}
+
+		authData, err := readString(r)
+		if err != nil {
+			return "", nil, err
+		}
+
+		if family == 256 &&
+			display == displayNum &&
+			name == "MIT-MAGIC-COOKIE-1" {
+			return name, []byte(authData), nil
+		}
+	}
+
+	return "", nil, errors.New("no matching MIT-MAGIC-COOKIE-1 entry found")
+}
+
+// Reads strings from reader by defined length.
+func readString(r *bytes.Reader) (string, error) {
+	var length uint16
+	if err := binary.Read(r, binary.BigEndian, &length); err != nil {
+		return "", err
+	}
+	buf := make([]byte, length)
+	if _, err := r.Read(buf); err != nil {
+		return "", err
+	}
+	return string(buf), nil
+}
+
+// Performs handshake authorization with opened X display.
+func performHandshake(conn net.Conn, authName string, authData []byte) error {
+	authNameBytes := []byte(authName)
+
+	pad := func(n int) int {
+		if n%4 == 0 {
+			return n
+		}
+		return n + (4 - (n % 4))
+	}
+
+	authNameLen := len(authNameBytes)
+	authDataLen := len(authData)
+
+	packetLen := 12 +
+		pad(authNameLen) +
+		pad(authDataLen)
+
+	buf := make([]byte, packetLen)
+
+	buf[0] = 'l'
+	binary.LittleEndian.PutUint16(buf[2:], 11)
+	binary.LittleEndian.PutUint16(buf[4:], 0)
+	binary.LittleEndian.PutUint16(buf[6:], uint16(authNameLen))
+	binary.LittleEndian.PutUint16(buf[8:], uint16(authDataLen))
+
+	offset := 12
+	copy(buf[offset:], authNameBytes)
+	offset += pad(authNameLen)
+
+	copy(buf[offset:], authData)
+
+	if _, err := conn.Write(buf); err != nil {
+		return err
+	}
+
+	reply := make([]byte, 8)
+	if _, err := conn.Read(reply); err != nil {
+		return err
+	}
+
+	if reply[0] != 1 {
+		return errors.New("X server authentication failed")
+	}
+
+	return nil
+}