summaryrefslogtreecommitdiff
path: root/os/secauth.c
diff options
context:
space:
mode:
Diffstat (limited to 'os/secauth.c')
-rw-r--r--os/secauth.c202
1 files changed, 0 insertions, 202 deletions
diff --git a/os/secauth.c b/os/secauth.c
deleted file mode 100644
index d01879bfd..000000000
--- a/os/secauth.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
-Copyright 1996, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-*/
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include "os.h"
-#include "osdep.h"
-#include "dixstruct.h"
-#include "swaprep.h"
-
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
-
-static char InvalidPolicyReason[] = "invalid policy specification";
-static char PolicyViolationReason[] = "policy violation";
-
-static Bool
-AuthCheckSitePolicy(
- unsigned short *data_lengthP,
- char **dataP,
- ClientPtr client,
- char **reason)
-{
- CARD8 *policy = *(CARD8 **)dataP;
- int length;
- Bool permit;
- int nPolicies;
- char **sitePolicies;
- int nSitePolicies;
- Bool found = FALSE;
-
- if ((length = *data_lengthP) < 2) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- permit = (*policy++ == 0);
- nPolicies = (CARD8) *policy++;
-
- length -= 2;
-
- sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
-
- while (nPolicies) {
- int strLen, sitePolicy;
-
- if (length == 0) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- strLen = (CARD8) *policy++;
- if (--length < strLen) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- if (!found)
- {
- for (sitePolicy = 0; sitePolicy < nSitePolicies; sitePolicy++)
- {
- char *testPolicy = sitePolicies[sitePolicy];
- if ((strLen == strlen(testPolicy)) &&
- (strncmp((char *)policy, testPolicy, strLen) == 0))
- {
- found = TRUE; /* need to continue parsing the policy... */
- break;
- }
- }
- }
-
- policy += strLen;
- length -= strLen;
- nPolicies--;
- }
-
- if (found != permit)
- {
- *reason = PolicyViolationReason;
- return FALSE;
- }
-
- *data_lengthP = length;
- *dataP = (char *)policy;
- return TRUE;
-}
-
-XID
-AuthSecurityCheck (
- unsigned short data_length,
- char *data,
- ClientPtr client,
- char **reason)
-{
-#ifdef XCSECURITY
- xConnSetupPrefix csp;
- xReq freq;
-
- if (client->clientState == ClientStateCheckedSecurity)
- {
- *reason = "repeated security check not permitted";
- return (XID) -1;
- }
- else if (data_length > 0)
- {
- char policy_mask = *data++;
-
- if (--data_length == 1) {
- *reason = InvalidPolicyReason;
- return (XID) -1;
- }
-
- if (policy_mask & 0x01) /* Extensions policy */
- {
- /* AuthCheckExtensionPolicy(&data_length, &data, client, reason) */
- *reason = "security policy not implemented";
- return (XID) -1;
- }
-
- if (policy_mask & 0x02) /* Site policy */
- {
- if (!AuthCheckSitePolicy(&data_length, &data, client, reason))
- return (XID) -1;
- }
-
- if (data_length > 0) { /* did we consume the whole policy? */
- *reason = InvalidPolicyReason;
- return (XID) -1;
- }
-
- }
- else if (!GetAccessControl())
- {
- /*
- * The client - possibly the X FireWall Proxy - gave
- * no auth data and host-based authorization is turned
- * off. In this case, the client should be denied
- * access to the X server.
- */
- *reason = "server host access control is disabled";
- return (XID) -1;
- }
-
- client->clientState = ClientStateCheckingSecurity;
-
- csp.success = 2 /* Authenticate */;
- csp.lengthReason = 0;
- csp.length = 0;
- csp.majorVersion = X_PROTOCOL;
- csp.minorVersion = X_PROTOCOL_REVISION;
- if (client->swapped)
- WriteSConnSetupPrefix(client, &csp);
- else
- (void)WriteToClient(client, sz_xConnSetupPrefix, (char *) &csp);
-
- /*
- * Next time the client sends the real auth data, we want
- * ProcEstablishConnection to be called.
- */
-
- freq.reqType = 1;
- freq.length = (sz_xReq + sz_xConnClientPrefix) >> 2;
- client->swapped = FALSE;
- if (!InsertFakeRequest(client, (char *)&freq, sz_xReq))
- {
- *reason = "internal error";
- return (XID) -1;
- }
-
- return (XID) 0;
-#else
- *reason = "method not supported";
- return (XID) -1;
-#endif
-}