diff options
Diffstat (limited to 'os/auth.c')
-rw-r--r-- | os/auth.c | 411 |
1 files changed, 411 insertions, 0 deletions
diff --git a/os/auth.c b/os/auth.c new file mode 100644 index 000000000..7b914bb28 --- /dev/null +++ b/os/auth.c @@ -0,0 +1,411 @@ +/* $Xorg: auth.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */ +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * authorization hooks for the server + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef K5AUTH +# include <krb5/krb5.h> +#endif +# include "X.h" +# include "Xauth.h" +# include "misc.h" +# include "dixstruct.h" +# include <sys/types.h> +# include <sys/stat.h> +#ifdef XCSECURITY +#define _SECURITY_SERVER +# include "extensions/security.h" +#endif +#ifdef WIN32 +#include "Xw32defs.h" +#endif + +struct protocol { + unsigned short name_length; + char *name; + int (*Add)(); /* new authorization data */ + XID (*Check)(); /* verify client authorization data */ + int (*Reset)(); /* delete all authorization data entries */ + XID (*ToID)(); /* convert cookie to ID */ + int (*FromID)(); /* convert ID to cookie */ + int (*Remove)(); /* remove a specific cookie */ +#ifdef XCSECURITY + XID (*Generate)(); +#endif +}; + +extern int MitAddCookie (); +extern XID MitCheckCookie (); +extern int MitResetCookie (); +extern XID MitToID (); +extern int MitFromID (), MitRemoveCookie (); +extern XID MitGenerateCookie(); + +#ifdef HASXDMAUTH +extern int XdmAddCookie (); +extern XID XdmCheckCookie (); +extern int XdmResetCookie (); +extern XID XdmToID (); +extern int XdmFromID (), XdmRemoveCookie (); +#endif + +#ifdef SECURE_RPC +extern int SecureRPCAdd(); +extern XID SecureRPCCheck(); +extern int SecureRPCReset(); +extern XID SecureRPCToID(); +extern int SecureRPCFromID(), SecureRPCRemove(); +#endif + +#ifdef K5AUTH +extern int K5Add(); +extern XID K5Check(); +extern int K5Reset(); +extern XID K5ToID(); +extern int K5FromID(), K5Remove(); +#endif + +extern XID AuthSecurityCheck(); + +static struct protocol protocols[] = { +{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1", + MitAddCookie, MitCheckCookie, MitResetCookie, + MitToID, MitFromID, MitRemoveCookie, +#ifdef XCSECURITY + MitGenerateCookie +#endif +}, +#ifdef HASXDMAUTH +{ (unsigned short) 19, "XDM-AUTHORIZATION-1", + XdmAddCookie, XdmCheckCookie, XdmResetCookie, + XdmToID, XdmFromID, XdmRemoveCookie, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +#ifdef SECURE_RPC +{ (unsigned short) 9, "SUN-DES-1", + SecureRPCAdd, SecureRPCCheck, SecureRPCReset, + SecureRPCToID, SecureRPCFromID,SecureRPCRemove, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +#ifdef K5AUTH +{ (unsigned short) 14, "MIT-KERBEROS-5", + K5Add, K5Check, K5Reset, + K5ToID, K5FromID, K5Remove, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +#ifdef XCSECURITY +{ (unsigned short) XSecurityAuthorizationNameLen, + XSecurityAuthorizationName, + NULL, AuthSecurityCheck, NULL, + NULL, NULL, NULL, + NULL +}, +#endif +}; + +# define NUM_AUTHORIZATION (sizeof (protocols) /\ + sizeof (struct protocol)) + +/* + * Initialize all classes of authorization by reading the + * specified authorization file + */ + +static char *authorization_file = (char *)NULL; + +static Bool ShouldLoadAuth = TRUE; + +void +InitAuthorization (file_name) +char *file_name; +{ + authorization_file = file_name; +} + +int +LoadAuthorization () +{ + FILE *f; + Xauth *auth; + int i; + int count = 0; + + ShouldLoadAuth = FALSE; + if (!authorization_file) + return 0; + f = fopen (authorization_file, "r"); + if (!f) + return 0; + while (auth = XauReadAuth (f)) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == auth->name_length && + memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 && + protocols[i].Add) + { + ++count; + (*protocols[i].Add) (auth->data_length, auth->data, + FakeClientID(0)); + } + } + XauDisposeAuth (auth); + } + fclose (f); + return count; +} + +#ifdef XDMCP +/* + * XdmcpInit calls this function to discover all authorization + * schemes supported by the display + */ +void +RegisterAuthorizations () +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) + XdmcpRegisterAuthorization (protocols[i].name, + (int)protocols[i].name_length); +} +#endif + +XID +CheckAuthorization (name_length, name, data_length, data, client, reason) + unsigned int name_length; + char *name; + unsigned int data_length; + char *data; + ClientPtr client; + char **reason; /* failure message. NULL for default msg */ +{ + int i; + struct stat buf; + static time_t lastmod = 0; + + if (!authorization_file || stat(authorization_file, &buf)) + { + if (lastmod != 0) { + lastmod = 0; + ShouldLoadAuth = TRUE; /* stat lost, so force reload */ + } + } + else if (buf.st_mtime > lastmod) + { + lastmod = buf.st_mtime; + ShouldLoadAuth = TRUE; + } + if (ShouldLoadAuth) + { + if (LoadAuthorization()) + DisableLocalHost(); /* got at least one */ + else + EnableLocalHost (); + } + if (name_length) + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0) + { + return (*protocols[i].Check) (data_length, data, client, reason); + } + } + return (XID) ~0L; +} + +void +ResetAuthorization () +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) + if (protocols[i].Reset) + (*protocols[i].Reset)(); + ShouldLoadAuth = TRUE; +} + +XID +AuthorizationToID (name_length, name, data_length, data) +unsigned short name_length; +char *name; +unsigned short data_length; +char *data; +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].ToID) + { + return (*protocols[i].ToID) (data_length, data); + } + } + return (XID) ~0L; +} + +int +AuthorizationFromID (id, name_lenp, namep, data_lenp, datap) +XID id; +unsigned short *name_lenp; +char **namep; +unsigned short *data_lenp; +char **datap; +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].FromID && + (*protocols[i].FromID) (id, data_lenp, datap)) { + *name_lenp = protocols[i].name_length; + *namep = protocols[i].name; + return 1; + } + } + return 0; +} + +int +RemoveAuthorization (name_length, name, data_length, data) +unsigned short name_length; +char *name; +unsigned short data_length; +char *data; +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Remove) + { + return (*protocols[i].Remove) (data_length, data); + } + } + return 0; +} + +int +AddAuthorization (name_length, name, data_length, data) +unsigned int name_length; +char *name; +unsigned int data_length; +char *data; +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Add) + { + return (*protocols[i].Add) (data_length, data, FakeClientID(0)); + } + } + return 0; +} + +#ifdef XCSECURITY + +XID +GenerateAuthorization(name_length, name, data_length, data, + data_length_return, data_return) +unsigned int name_length; +char *name; +unsigned int data_length; +char *data; +unsigned int *data_length_return; +char **data_return; +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Generate) + { + return (*protocols[i].Generate) (data_length, data, + FakeClientID(0), data_length_return, data_return); + } + } + return -1; +} + +/* A random number generator that is more unpredictable + than that shipped with some systems. + This code is taken from the C standard. */ + +static unsigned long int next = 1; + +static int +xdm_rand() +{ + next = next * 1103515245 + 12345; + return (unsigned int)(next/65536) % 32768; +} + +static void +xdm_srand(seed) + unsigned int seed; +{ + next = seed; +} + +void +GenerateRandomData (len, buf) +int len; +char *buf; +{ + static int seed; + int value; + int i; + + seed += GetTimeInMillis(); + xdm_srand (seed); + for (i = 0; i < len; i++) + { + value = xdm_rand (); + buf[i] ^= (value & 0xff00) >> 8; + } + + /* XXX add getrusage, popen("ps -ale") */ +} + +#endif /* XCSECURITY */ |