+ /*
+ * This function has the job of inventing a set of X11 fake auth
+ * data, and adding it to 'authtree'. We must preserve the
+ * property that for any given actual authorisation attempt, _at
+ * most one_ thing in the tree can possibly match it.
+ *
+ * For MIT-MAGIC-COOKIE-1, that's not too difficult: the match
+ * criterion is simply that the entire cookie is correct, so we
+ * just have to make sure we don't make up two cookies the same.
+ * (Vanishingly unlikely, but we check anyway to be sure, and go
+ * round again inventing a new cookie if add234 tells us the one
+ * we thought of is already in use.)
+ *
+ * For XDM-AUTHORIZATION-1, it's a little more fiddly. The setup
+ * with XA1 is that half the cookie is used as a DES key with
+ * which to CBC-encrypt an assortment of stuff. Happily, the stuff
+ * encrypted _begins_ with the other half of the cookie, and the
+ * IV is always zero, which means that any valid XA1 authorisation
+ * attempt for a given cookie must begin with the same cipher
+ * block, consisting of the DES ECB encryption of the first half
+ * of the cookie using the second half as a key. So we compute
+ * that cipher block here and now, and use it as the sorting key
+ * for distinguishing XA1 entries in the tree.
+ */
+