R6.6 is the Xorg base-lineXORG-MAIN

1 files changed, 411 insertions, 0 deletions

diff --git a/os/auth.c b/os/auth.c
new file mode 100644
index 000000000..7b914bb28
--- /dev/null
+++ b/os/auth.c
@@ -0,0 +1,411 @@
+/* $Xorg: auth.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
+/*
+
+Copyright 1988, 1998  The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+
+*/
+
+/*
+ * authorization hooks for the server
+ * Author:  Keith Packard, MIT X Consortium
+ */
+
+#ifdef K5AUTH
+# include   <krb5/krb5.h>
+#endif
+# include   "X.h"
+# include   "Xauth.h"
+# include   "misc.h"
+# include   "dixstruct.h"
+# include   <sys/types.h>
+# include   <sys/stat.h>
+#ifdef XCSECURITY
+#define _SECURITY_SERVER
+# include   "extensions/security.h"
+#endif
+#ifdef WIN32
+#include "Xw32defs.h"
+#endif
+
+struct protocol {
+    unsigned short   name_length;
+    char    *name;
+    int     (*Add)();	    /* new authorization data */
+    XID	    (*Check)();	    /* verify client authorization data */
+    int     (*Reset)();	    /* delete all authorization data entries */
+    XID	    (*ToID)();	    /* convert cookie to ID */
+    int	    (*FromID)();    /* convert ID to cookie */
+    int	    (*Remove)();    /* remove a specific cookie */
+#ifdef XCSECURITY
+    XID     (*Generate)();
+#endif
+};
+
+extern int  MitAddCookie ();
+extern XID  MitCheckCookie ();
+extern int  MitResetCookie ();
+extern XID  MitToID ();
+extern int  MitFromID (), MitRemoveCookie ();
+extern XID  MitGenerateCookie();
+
+#ifdef HASXDMAUTH
+extern int  XdmAddCookie ();
+extern XID  XdmCheckCookie ();
+extern int  XdmResetCookie ();
+extern XID  XdmToID ();
+extern int  XdmFromID (), XdmRemoveCookie ();
+#endif
+
+#ifdef SECURE_RPC
+extern int  SecureRPCAdd();
+extern XID  SecureRPCCheck();
+extern int  SecureRPCReset();
+extern XID  SecureRPCToID();
+extern int  SecureRPCFromID(), SecureRPCRemove();
+#endif
+
+#ifdef K5AUTH
+extern int K5Add();
+extern XID K5Check();
+extern int K5Reset();
+extern XID K5ToID();
+extern int K5FromID(), K5Remove();
+#endif
+
+extern XID AuthSecurityCheck();
+
+static struct protocol   protocols[] = {
+{   (unsigned short) 18,    "MIT-MAGIC-COOKIE-1",
+		MitAddCookie,	MitCheckCookie,	MitResetCookie,
+		MitToID,	MitFromID,	MitRemoveCookie,
+#ifdef XCSECURITY
+		MitGenerateCookie
+#endif
+},
+#ifdef HASXDMAUTH
+{   (unsigned short) 19,    "XDM-AUTHORIZATION-1",
+		XdmAddCookie,	XdmCheckCookie,	XdmResetCookie,
+		XdmToID,	XdmFromID,	XdmRemoveCookie,
+#ifdef XCSECURITY
+		NULL
+#endif
+},
+#endif
+#ifdef SECURE_RPC
+{   (unsigned short) 9,    "SUN-DES-1",
+		SecureRPCAdd,	SecureRPCCheck,	SecureRPCReset,
+		SecureRPCToID,	SecureRPCFromID,SecureRPCRemove,
+#ifdef XCSECURITY
+		NULL
+#endif
+},
+#endif
+#ifdef K5AUTH
+{   (unsigned short) 14, "MIT-KERBEROS-5",
+		K5Add, K5Check, K5Reset,
+		K5ToID, K5FromID, K5Remove,
+#ifdef XCSECURITY
+		NULL
+#endif
+},
+#endif
+#ifdef XCSECURITY
+{   (unsigned short) XSecurityAuthorizationNameLen,
+	XSecurityAuthorizationName,
+		NULL, AuthSecurityCheck, NULL,
+		NULL, NULL, NULL,
+		NULL
+},
+#endif
+};
+
+# define NUM_AUTHORIZATION  (sizeof (protocols) /\
+			     sizeof (struct protocol))
+
+/*
+ * Initialize all classes of authorization by reading the
+ * specified authorization file
+ */
+
+static char *authorization_file = (char *)NULL;
+
+static Bool ShouldLoadAuth = TRUE;
+
+void
+InitAuthorization (file_name)
+char	*file_name;
+{
+    authorization_file = file_name;
+}
+
+int
+LoadAuthorization ()
+{
+    FILE    *f;
+    Xauth   *auth;
+    int	    i;
+    int	    count = 0;
+
+    ShouldLoadAuth = FALSE;
+    if (!authorization_file)
+	return 0;
+    f = fopen (authorization_file, "r");
+    if (!f)
+	return 0;
+    while (auth = XauReadAuth (f)) {
+	for (i = 0; i < NUM_AUTHORIZATION; i++) {
+	    if (protocols[i].name_length == auth->name_length &&
+		memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
+		protocols[i].Add)
+	    {
+		++count;
+		(*protocols[i].Add) (auth->data_length, auth->data,
+					 FakeClientID(0));
+	    }
+	}
+	XauDisposeAuth (auth);
+    }
+    fclose (f);
+    return count;
+}
+
+#ifdef XDMCP
+/*
+ * XdmcpInit calls this function to discover all authorization
+ * schemes supported by the display
+ */
+void
+RegisterAuthorizations ()
+{
+    int	    i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++)
+	XdmcpRegisterAuthorization (protocols[i].name,
+				    (int)protocols[i].name_length);
+}
+#endif
+
+XID
+CheckAuthorization (name_length, name, data_length, data, client, reason)
+    unsigned int name_length;
+    char	*name;
+    unsigned int data_length;
+    char	*data;
+    ClientPtr client;
+    char	**reason;	/* failure message.  NULL for default msg */
+{
+    int	i;
+    struct stat buf;
+    static time_t lastmod = 0;
+
+    if (!authorization_file || stat(authorization_file, &buf))
+    {
+	if (lastmod != 0) {
+	    lastmod = 0;
+	    ShouldLoadAuth = TRUE;	/* stat lost, so force reload */
+	}
+    }
+    else if (buf.st_mtime > lastmod)
+    {
+	lastmod = buf.st_mtime;
+	ShouldLoadAuth = TRUE;
+    }
+    if (ShouldLoadAuth)
+    {
+	if (LoadAuthorization())
+	    DisableLocalHost(); /* got at least one */
+	else
+	    EnableLocalHost ();
+    }
+    if (name_length)
+	for (i = 0; i < NUM_AUTHORIZATION; i++) {
+	    if (protocols[i].name_length == name_length &&
+		memcmp (protocols[i].name, name, (int) name_length) == 0)
+	    {
+		return (*protocols[i].Check) (data_length, data, client, reason);
+	    }
+	}
+    return (XID) ~0L;
+}
+
+void
+ResetAuthorization ()
+{
+    int	i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++)
+	if (protocols[i].Reset)
+	    (*protocols[i].Reset)();
+    ShouldLoadAuth = TRUE;
+}
+
+XID
+AuthorizationToID (name_length, name, data_length, data)
+unsigned short	name_length;
+char	*name;
+unsigned short	data_length;
+char	*data;
+{
+    int	i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++) {
+    	if (protocols[i].name_length == name_length &&
+	    memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+	    protocols[i].ToID)
+    	{
+	    return (*protocols[i].ToID) (data_length, data);
+    	}
+    }
+    return (XID) ~0L;
+}
+
+int
+AuthorizationFromID (id, name_lenp, namep, data_lenp, datap)
+XID id;
+unsigned short	*name_lenp;
+char	**namep;
+unsigned short	*data_lenp;
+char	**datap;
+{
+    int	i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++) {
+	if (protocols[i].FromID &&
+	    (*protocols[i].FromID) (id, data_lenp, datap)) {
+	    *name_lenp = protocols[i].name_length;
+	    *namep = protocols[i].name;
+	    return 1;
+	}
+    }
+    return 0;
+}
+
+int
+RemoveAuthorization (name_length, name, data_length, data)
+unsigned short	name_length;
+char	*name;
+unsigned short	data_length;
+char	*data;
+{
+    int	i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++) {
+    	if (protocols[i].name_length == name_length &&
+	    memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+	    protocols[i].Remove)
+    	{
+	    return (*protocols[i].Remove) (data_length, data);
+    	}
+    }
+    return 0;
+}
+
+int
+AddAuthorization (name_length, name, data_length, data)
+unsigned int name_length;
+char	*name;
+unsigned int data_length;
+char	*data;
+{
+    int	i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++) {
+    	if (protocols[i].name_length == name_length &&
+	    memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+	    protocols[i].Add)
+    	{
+	    return (*protocols[i].Add) (data_length, data, FakeClientID(0));
+    	}
+    }
+    return 0;
+}
+
+#ifdef XCSECURITY
+
+XID
+GenerateAuthorization(name_length, name, data_length, data,
+		      data_length_return, data_return)
+unsigned int name_length;
+char	*name;
+unsigned int data_length;
+char	*data;
+unsigned int *data_length_return;
+char	**data_return;
+{
+    int	i;
+
+    for (i = 0; i < NUM_AUTHORIZATION; i++) {
+    	if (protocols[i].name_length == name_length &&
+	    memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+	    protocols[i].Generate)
+    	{
+	    return (*protocols[i].Generate) (data_length, data,
+			FakeClientID(0), data_length_return, data_return);
+    	}
+    }
+    return -1;
+}
+
+/* A random number generator that is more unpredictable
+   than that shipped with some systems.
+   This code is taken from the C standard. */
+
+static unsigned long int next = 1;
+
+static int
+xdm_rand()
+{
+    next = next * 1103515245 + 12345;
+    return (unsigned int)(next/65536) % 32768;
+}
+
+static void
+xdm_srand(seed)
+    unsigned int seed;
+{
+    next = seed;
+}
+
+void
+GenerateRandomData (len, buf)
+int	len;
+char	*buf;
+{
+    static int seed;
+    int value;
+    int i;
+
+    seed += GetTimeInMillis();
+    xdm_srand (seed);
+    for (i = 0; i < len; i++)
+    {
+	value = xdm_rand ();
+	buf[i] ^= (value & 0xff00) >> 8;
+    }
+
+    /* XXX add getrusage, popen("ps -ale") */
+}
+
+#endif /* XCSECURITY */