summaryrefslogtreecommitdiff
path: root/os/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'os/auth.c')
-rw-r--r--os/auth.c411
1 files changed, 411 insertions, 0 deletions
diff --git a/os/auth.c b/os/auth.c
new file mode 100644
index 000000000..7b914bb28
--- /dev/null
+++ b/os/auth.c
@@ -0,0 +1,411 @@
+/* $Xorg: auth.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+
+*/
+
+/*
+ * authorization hooks for the server
+ * Author: Keith Packard, MIT X Consortium
+ */
+
+#ifdef K5AUTH
+# include <krb5/krb5.h>
+#endif
+# include "X.h"
+# include "Xauth.h"
+# include "misc.h"
+# include "dixstruct.h"
+# include <sys/types.h>
+# include <sys/stat.h>
+#ifdef XCSECURITY
+#define _SECURITY_SERVER
+# include "extensions/security.h"
+#endif
+#ifdef WIN32
+#include "Xw32defs.h"
+#endif
+
+struct protocol {
+ unsigned short name_length;
+ char *name;
+ int (*Add)(); /* new authorization data */
+ XID (*Check)(); /* verify client authorization data */
+ int (*Reset)(); /* delete all authorization data entries */
+ XID (*ToID)(); /* convert cookie to ID */
+ int (*FromID)(); /* convert ID to cookie */
+ int (*Remove)(); /* remove a specific cookie */
+#ifdef XCSECURITY
+ XID (*Generate)();
+#endif
+};
+
+extern int MitAddCookie ();
+extern XID MitCheckCookie ();
+extern int MitResetCookie ();
+extern XID MitToID ();
+extern int MitFromID (), MitRemoveCookie ();
+extern XID MitGenerateCookie();
+
+#ifdef HASXDMAUTH
+extern int XdmAddCookie ();
+extern XID XdmCheckCookie ();
+extern int XdmResetCookie ();
+extern XID XdmToID ();
+extern int XdmFromID (), XdmRemoveCookie ();
+#endif
+
+#ifdef SECURE_RPC
+extern int SecureRPCAdd();
+extern XID SecureRPCCheck();
+extern int SecureRPCReset();
+extern XID SecureRPCToID();
+extern int SecureRPCFromID(), SecureRPCRemove();
+#endif
+
+#ifdef K5AUTH
+extern int K5Add();
+extern XID K5Check();
+extern int K5Reset();
+extern XID K5ToID();
+extern int K5FromID(), K5Remove();
+#endif
+
+extern XID AuthSecurityCheck();
+
+static struct protocol protocols[] = {
+{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
+ MitAddCookie, MitCheckCookie, MitResetCookie,
+ MitToID, MitFromID, MitRemoveCookie,
+#ifdef XCSECURITY
+ MitGenerateCookie
+#endif
+},
+#ifdef HASXDMAUTH
+{ (unsigned short) 19, "XDM-AUTHORIZATION-1",
+ XdmAddCookie, XdmCheckCookie, XdmResetCookie,
+ XdmToID, XdmFromID, XdmRemoveCookie,
+#ifdef XCSECURITY
+ NULL
+#endif
+},
+#endif
+#ifdef SECURE_RPC
+{ (unsigned short) 9, "SUN-DES-1",
+ SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
+ SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
+#ifdef XCSECURITY
+ NULL
+#endif
+},
+#endif
+#ifdef K5AUTH
+{ (unsigned short) 14, "MIT-KERBEROS-5",
+ K5Add, K5Check, K5Reset,
+ K5ToID, K5FromID, K5Remove,
+#ifdef XCSECURITY
+ NULL
+#endif
+},
+#endif
+#ifdef XCSECURITY
+{ (unsigned short) XSecurityAuthorizationNameLen,
+ XSecurityAuthorizationName,
+ NULL, AuthSecurityCheck, NULL,
+ NULL, NULL, NULL,
+ NULL
+},
+#endif
+};
+
+# define NUM_AUTHORIZATION (sizeof (protocols) /\
+ sizeof (struct protocol))
+
+/*
+ * Initialize all classes of authorization by reading the
+ * specified authorization file
+ */
+
+static char *authorization_file = (char *)NULL;
+
+static Bool ShouldLoadAuth = TRUE;
+
+void
+InitAuthorization (file_name)
+char *file_name;
+{
+ authorization_file = file_name;
+}
+
+int
+LoadAuthorization ()
+{
+ FILE *f;
+ Xauth *auth;
+ int i;
+ int count = 0;
+
+ ShouldLoadAuth = FALSE;
+ if (!authorization_file)
+ return 0;
+ f = fopen (authorization_file, "r");
+ if (!f)
+ return 0;
+ while (auth = XauReadAuth (f)) {
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == auth->name_length &&
+ memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
+ protocols[i].Add)
+ {
+ ++count;
+ (*protocols[i].Add) (auth->data_length, auth->data,
+ FakeClientID(0));
+ }
+ }
+ XauDisposeAuth (auth);
+ }
+ fclose (f);
+ return count;
+}
+
+#ifdef XDMCP
+/*
+ * XdmcpInit calls this function to discover all authorization
+ * schemes supported by the display
+ */
+void
+RegisterAuthorizations ()
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++)
+ XdmcpRegisterAuthorization (protocols[i].name,
+ (int)protocols[i].name_length);
+}
+#endif
+
+XID
+CheckAuthorization (name_length, name, data_length, data, client, reason)
+ unsigned int name_length;
+ char *name;
+ unsigned int data_length;
+ char *data;
+ ClientPtr client;
+ char **reason; /* failure message. NULL for default msg */
+{
+ int i;
+ struct stat buf;
+ static time_t lastmod = 0;
+
+ if (!authorization_file || stat(authorization_file, &buf))
+ {
+ if (lastmod != 0) {
+ lastmod = 0;
+ ShouldLoadAuth = TRUE; /* stat lost, so force reload */
+ }
+ }
+ else if (buf.st_mtime > lastmod)
+ {
+ lastmod = buf.st_mtime;
+ ShouldLoadAuth = TRUE;
+ }
+ if (ShouldLoadAuth)
+ {
+ if (LoadAuthorization())
+ DisableLocalHost(); /* got at least one */
+ else
+ EnableLocalHost ();
+ }
+ if (name_length)
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0)
+ {
+ return (*protocols[i].Check) (data_length, data, client, reason);
+ }
+ }
+ return (XID) ~0L;
+}
+
+void
+ResetAuthorization ()
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++)
+ if (protocols[i].Reset)
+ (*protocols[i].Reset)();
+ ShouldLoadAuth = TRUE;
+}
+
+XID
+AuthorizationToID (name_length, name, data_length, data)
+unsigned short name_length;
+char *name;
+unsigned short data_length;
+char *data;
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].ToID)
+ {
+ return (*protocols[i].ToID) (data_length, data);
+ }
+ }
+ return (XID) ~0L;
+}
+
+int
+AuthorizationFromID (id, name_lenp, namep, data_lenp, datap)
+XID id;
+unsigned short *name_lenp;
+char **namep;
+unsigned short *data_lenp;
+char **datap;
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].FromID &&
+ (*protocols[i].FromID) (id, data_lenp, datap)) {
+ *name_lenp = protocols[i].name_length;
+ *namep = protocols[i].name;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+RemoveAuthorization (name_length, name, data_length, data)
+unsigned short name_length;
+char *name;
+unsigned short data_length;
+char *data;
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].Remove)
+ {
+ return (*protocols[i].Remove) (data_length, data);
+ }
+ }
+ return 0;
+}
+
+int
+AddAuthorization (name_length, name, data_length, data)
+unsigned int name_length;
+char *name;
+unsigned int data_length;
+char *data;
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].Add)
+ {
+ return (*protocols[i].Add) (data_length, data, FakeClientID(0));
+ }
+ }
+ return 0;
+}
+
+#ifdef XCSECURITY
+
+XID
+GenerateAuthorization(name_length, name, data_length, data,
+ data_length_return, data_return)
+unsigned int name_length;
+char *name;
+unsigned int data_length;
+char *data;
+unsigned int *data_length_return;
+char **data_return;
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].Generate)
+ {
+ return (*protocols[i].Generate) (data_length, data,
+ FakeClientID(0), data_length_return, data_return);
+ }
+ }
+ return -1;
+}
+
+/* A random number generator that is more unpredictable
+ than that shipped with some systems.
+ This code is taken from the C standard. */
+
+static unsigned long int next = 1;
+
+static int
+xdm_rand()
+{
+ next = next * 1103515245 + 12345;
+ return (unsigned int)(next/65536) % 32768;
+}
+
+static void
+xdm_srand(seed)
+ unsigned int seed;
+{
+ next = seed;
+}
+
+void
+GenerateRandomData (len, buf)
+int len;
+char *buf;
+{
+ static int seed;
+ int value;
+ int i;
+
+ seed += GetTimeInMillis();
+ xdm_srand (seed);
+ for (i = 0; i < len; i++)
+ {
+ value = xdm_rand ();
+ buf[i] ^= (value & 0xff00) >> 8;
+ }
+
+ /* XXX add getrusage, popen("ps -ale") */
+}
+
+#endif /* XCSECURITY */