summaryrefslogtreecommitdiff
path: root/src/XSecurity.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/XSecurity.c')
-rw-r--r--src/XSecurity.c308
1 files changed, 308 insertions, 0 deletions
diff --git a/src/XSecurity.c b/src/XSecurity.c
new file mode 100644
index 0000000..7d0de9b
--- /dev/null
+++ b/src/XSecurity.c
@@ -0,0 +1,308 @@
+/* $Xorg: XSecurity.c,v 1.6 2001/02/09 02:03:49 xorgcvs Exp $ */
+/*
+
+Copyright 1996, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+#include <X11/Xlibint.h>
+#include "Xext.h"
+#include "extutil.h"
+#include "securstr.h"
+
+static XExtensionInfo _Security_info_data;
+static XExtensionInfo *Security_info = &_Security_info_data;
+static char *Security_extension_name = SECURITY_EXTENSION_NAME;
+
+#define SecurityCheckExtension(dpy,i,val) \
+ XextCheckExtension (dpy, i, Security_extension_name, val)
+#define SecuritySimpleCheckExtension(dpy,i) \
+ XextSimpleCheckExtension (dpy, i, Security_extension_name)
+
+#define SecurityGetReq(name,req,info) GetReq (name, req); \
+ req->reqType = info->codes->major_opcode; \
+ req->securityReqType = X_##name;
+
+/*****************************************************************************
+ * *
+ * private utility routines *
+ * *
+ *****************************************************************************/
+
+/*
+ * find_display - locate the display info block
+ */
+static int close_display();
+static Bool wire_to_event();
+static Status event_to_wire();
+static char *error_string();
+static XExtensionHooks Security_extension_hooks = {
+ NULL, /* create_gc */
+ NULL, /* copy_gc */
+ NULL, /* flush_gc */
+ NULL, /* free_gc */
+ NULL, /* create_font */
+ NULL, /* free_font */
+ close_display, /* close_display */
+ wire_to_event, /* wire_to_event */
+ event_to_wire, /* event_to_wire */
+ NULL, /* error */
+ error_string /* error_string */
+};
+
+static char *security_error_list[] = {
+ "BadAuthorization"
+ "BadAuthorizationProtocol"
+};
+
+static XEXT_GENERATE_FIND_DISPLAY (find_display, Security_info,
+ Security_extension_name,
+ &Security_extension_hooks,
+ XSecurityNumberEvents, NULL)
+
+static XEXT_GENERATE_CLOSE_DISPLAY (close_display, Security_info)
+
+static
+XEXT_GENERATE_ERROR_STRING(error_string, Security_extension_name,
+ XSecurityNumberErrors, security_error_list)
+
+static Bool
+wire_to_event(dpy, event, wire)
+ Display *dpy;
+ XEvent *event;
+ xEvent *wire;
+{
+ XExtDisplayInfo *info = find_display(dpy);
+
+ SecurityCheckExtension (dpy, info, False);
+
+ switch ((wire->u.u.type & 0x7F) - info->codes->first_event)
+ {
+ case XSecurityAuthorizationRevoked:
+ {
+ xSecurityAuthorizationRevokedEvent *rwire =
+ (xSecurityAuthorizationRevokedEvent *)wire;
+ XSecurityAuthorizationRevokedEvent *revent =
+ (XSecurityAuthorizationRevokedEvent *)event;
+
+ revent->type = rwire->type & 0x7F;
+ revent->serial = _XSetLastRequestRead(dpy,
+ (xGenericReply *) wire);
+ revent->send_event = (rwire->type & 0x80) != 0;
+ revent->display = dpy;
+ revent->auth_id = rwire->authId;
+ return True;
+ }
+ }
+ return False;
+}
+
+static Status
+event_to_wire(dpy, event, wire)
+ Display *dpy;
+ XEvent *event;
+ xEvent *wire;
+{
+ XExtDisplayInfo *info = find_display(dpy);
+
+ SecurityCheckExtension(dpy, info, False);
+
+ switch ((event->type & 0x7F) - info->codes->first_event)
+ {
+ case XSecurityAuthorizationRevoked:
+ {
+ xSecurityAuthorizationRevokedEvent *rwire =
+ (xSecurityAuthorizationRevokedEvent *)wire;
+ XSecurityAuthorizationRevokedEvent *revent =
+ (XSecurityAuthorizationRevokedEvent *)event;
+ rwire->type = revent->type | (revent->send_event ? 0x80 : 0);
+ rwire->sequenceNumber = revent->serial & 0xFFFF;
+ return True;
+ }
+ }
+ return False;
+}
+
+/*****************************************************************************
+ * *
+ * Security public interfaces *
+ * *
+ *****************************************************************************/
+
+Status XSecurityQueryExtension (
+ Display *dpy,
+ int *major_version_return,
+ int *minor_version_return)
+{
+ XExtDisplayInfo *info = find_display (dpy);
+ xSecurityQueryVersionReply rep;
+ register xSecurityQueryVersionReq *req;
+
+ if (!XextHasExtension (info))
+ return (Status)0; /* failure */
+
+ LockDisplay (dpy);
+ SecurityGetReq (SecurityQueryVersion, req, info);
+ req->majorVersion = SECURITY_MAJOR_VERSION;
+ req->minorVersion = SECURITY_MINOR_VERSION;
+
+ if (!_XReply (dpy, (xReply *) &rep, 0, xTrue)) {
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return (Status)0; /* failure */
+ }
+ *major_version_return = rep.majorVersion;
+ *minor_version_return = rep.minorVersion;
+ UnlockDisplay (dpy);
+
+ SyncHandle ();
+
+ if (*major_version_return != SECURITY_MAJOR_VERSION)
+ return (Status)0; /* failure */
+ else
+ return (Status)1; /* success */
+}
+
+Xauth *
+XSecurityAllocXauth(void)
+{
+ return Xcalloc(1, sizeof(Xauth));
+}
+
+void
+XSecurityFreeXauth(Xauth *auth)
+{
+ XFree(auth);
+}
+
+static int
+Ones(Mask mask)
+{
+ register Mask y;
+
+ y = (mask >> 1) &033333333333;
+ y = mask - y - ((y >>1) & 033333333333);
+ return (((y + (y >> 3)) & 030707070707) % 077);
+}
+
+Xauth *
+XSecurityGenerateAuthorization(
+ Display *dpy,
+ Xauth *auth_in,
+ unsigned long valuemask,
+ XSecurityAuthorizationAttributes *attributes,
+ XSecurityAuthorization *auth_id_return)
+{
+ XExtDisplayInfo *info = find_display (dpy);
+ register xSecurityGenerateAuthorizationReq *req;
+ xSecurityGenerateAuthorizationReply rep;
+ Xauth *auth_return;
+ unsigned long values[3];
+ unsigned long *value = values;
+ unsigned int nvalues;
+
+ *auth_id_return = 0; /* in case we fail */
+
+ /* make sure extension is available */
+
+ SecurityCheckExtension (dpy, info, (Xauth *)NULL);
+
+ LockDisplay(dpy);
+ SecurityGetReq(SecurityGenerateAuthorization, req, info);
+
+ req->nbytesAuthProto = auth_in->name_length;
+ req->nbytesAuthData = auth_in->data_length;
+
+ /* adjust length to account for auth name and data */
+ req->length += (auth_in->name_length + (unsigned)3) >> 2;
+ req->length += (auth_in->data_length + (unsigned)3) >> 2;
+
+ /* adjust length to account for list of values */
+ req->valueMask = valuemask & XSecurityAllAuthorizationAttributes;
+ nvalues = Ones(req->valueMask);
+ req->length += nvalues;
+
+ /* send auth name and data */
+ Data(dpy, auth_in->name, auth_in->name_length);
+ Data(dpy, auth_in->data, auth_in->data_length);
+
+ /* send values */
+ if (valuemask & XSecurityTimeout) *value++ = attributes->timeout;
+ if (valuemask & XSecurityTrustLevel) *value++ = attributes->trust_level;
+ if (valuemask & XSecurityGroup) *value++ = attributes->group;
+ if (valuemask & XSecurityEventMask) *value++ = attributes->event_mask;
+
+ nvalues <<= 2;
+ Data32(dpy, (long *)values, (long)nvalues);
+
+ if (!_XReply (dpy, (xReply *) &rep, 0, xFalse)) {
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return (Xauth *)NULL;
+ }
+
+ *auth_id_return = rep.authId;
+
+ /* Allocate space for the Xauth struct and the auth name and data all
+ * in one hunk. This lets XSecurityFreeXauth not have to care
+ * about whether the auth was allocated here or in
+ * XSecurityAllocXauth; in both cases, you just free one pointer.
+ */
+
+ if ((auth_return = (Xauth *)Xcalloc(1,
+ (sizeof(Xauth) + auth_in->name_length + rep.dataLength))))
+ {
+ auth_return->data_length = rep.dataLength;
+ auth_return->data = (char *)&auth_return[1];
+ _XReadPad(dpy, auth_return->data, (long)rep.dataLength);
+
+ auth_return->name_length = auth_in->name_length;
+ auth_return->name = auth_return->data + auth_return->data_length;
+ memcpy(auth_return->name, auth_in->name, auth_return->name_length);
+ }
+ else
+ {
+ _XEatData(dpy, (unsigned long) (rep.dataLength + 3) & ~3);
+ }
+
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return auth_return;
+
+} /* XSecurityGenerateAuthorization */
+
+Status
+XSecurityRevokeAuthorization(
+ Display *dpy,
+ XSecurityAuthorization auth_id)
+{
+ XExtDisplayInfo *info = find_display (dpy);
+ xSecurityRevokeAuthorizationReq *req;
+
+ SecurityCheckExtension (dpy, info, 0);
+ LockDisplay(dpy);
+ SecurityGetReq(SecurityRevokeAuthorization, req, info);
+ req->authId = auth_id;
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return 1;
+} /* XSecurityRevokeAuthorization */