xserver-multidpi/os/access.c

1758 lines
42 KiB
C
Raw Normal View History

2003-11-14 16:54:54 +01:00
/* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
/***********************************************************
Copyright 1987, 1998 The Open Group
Permission to use, copy, modify, distribute, and sell this software and its
documentation for any purpose is hereby granted without fee, provided that
the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of The Open Group shall not be
used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from The Open Group.
Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts.
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Digital not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
******************************************************************/
/* $XFree86: xc/programs/Xserver/os/access.c,v 3.54 2004/01/03 17:38:39 herrb Exp $ */
2003-11-14 16:54:54 +01:00
#ifdef WIN32
#include <X11/Xwinsock.h>
#endif
#include <stdio.h>
#include <stdlib.h>
2003-11-14 16:54:54 +01:00
#include <X11/Xtrans.h>
#include <X11/Xauth.h>
2003-11-14 17:49:22 +01:00
#include <X.h>
#include <Xproto.h>
2003-11-14 16:54:54 +01:00
#include "misc.h"
#include "site.h"
#include <errno.h>
2003-11-14 17:49:22 +01:00
#include <sys/types.h>
2003-11-14 16:54:54 +01:00
#ifndef WIN32
2003-11-14 17:49:22 +01:00
#ifndef Lynx
2003-11-14 16:54:54 +01:00
#include <sys/socket.h>
2003-11-14 17:49:22 +01:00
#else
#include <socket.h>
2003-11-14 16:54:54 +01:00
#endif
#include <sys/ioctl.h>
#include <ctype.h>
2003-11-14 17:49:22 +01:00
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(ISC) || defined(SCO)
2003-11-14 16:54:54 +01:00
#include <netinet/in.h>
2003-11-14 17:49:22 +01:00
#endif /* TCPCONN || STREAMSCONN || ISC || SCO */
2003-11-14 16:54:54 +01:00
#ifdef DNETCONN
#include <netdnet/dn.h>
#include <netdnet/dnetdb.h>
#endif
2003-11-14 17:49:22 +01:00
#if defined(DGUX)
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <ctype.h>
#include <sys/utsname.h>
#include <sys/stream.h>
#include <sys/stropts.h>
#include <sys/param.h>
#include <sys/sockio.h>
#endif
#if defined(hpux) || defined(QNX4)
2003-11-14 16:54:54 +01:00
# include <sys/utsname.h>
# ifdef HAS_IFREQ
# include <net/if.h>
# endif
#else
2003-11-14 17:49:22 +01:00
#if defined(SVR4) || (defined(SYSV) && defined(i386)) || defined(__GNU__)
2003-11-14 16:54:54 +01:00
# include <sys/utsname.h>
#endif
#if defined(SYSV) && defined(i386)
# include <sys/stream.h>
2003-11-14 17:49:22 +01:00
# ifdef ISC
# include <sys/stropts.h>
# include <sys/sioctl.h>
# endif /* ISC */
2003-11-14 16:54:54 +01:00
#endif
2003-11-14 17:49:22 +01:00
#ifdef __GNU__
#undef SIOCGIFCONF
#include <netdb.h>
#else /*!__GNU__*/
2003-11-14 16:54:54 +01:00
# include <net/if.h>
2003-11-14 17:49:22 +01:00
#endif /*__GNU__ */
2003-11-14 16:54:54 +01:00
#endif /* hpux */
#ifdef SVR4
2003-11-14 17:49:22 +01:00
#ifndef SCO
2003-11-14 16:54:54 +01:00
#include <sys/sockio.h>
#endif
2003-11-14 17:49:22 +01:00
#include <sys/stropts.h>
#endif
2003-11-14 16:54:54 +01:00
#include <netdb.h>
2003-11-14 17:49:22 +01:00
#ifdef CSRG_BASED
#include <sys/param.h>
#if (BSD >= 199103)
#define VARIABLE_IFREQ
#endif
#endif
#ifdef BSD44SOCKETS
#ifndef VARIABLE_IFREQ
#define VARIABLE_IFREQ
#endif
#endif
#ifdef HAS_GETIFADDRS
#include <ifaddrs.h>
2003-11-14 16:54:54 +01:00
#endif
/* Solaris provides an extended interface SIOCGLIFCONF. Other systems
* may have this as well, but the code has only been tested on Solaris
* so far, so we only enable it there. Other platforms may be added as
* needed.
*
* Test for Solaris commented out -- TSI @ UQV 2003.06.13
*/
#ifdef SIOCGLIFCONF
/* #if defined(sun) */
#define USE_SIOCGLIFCONF
/* #endif */
#endif
2003-11-14 16:54:54 +01:00
#endif /* WIN32 */
2003-11-14 17:49:22 +01:00
#ifndef PATH_MAX
#ifndef Lynx
#include <sys/param.h>
#else
#include <param.h>
#endif
#ifndef PATH_MAX
#ifdef MAXPATHLEN
#define PATH_MAX MAXPATHLEN
#else
#define PATH_MAX 1024
#endif
#endif
#endif
2003-11-14 16:54:54 +01:00
#define X_INCLUDE_NETDB_H
#include <X11/Xos_r.h>
#include "dixstruct.h"
#include "osdep.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "extensions/security.h"
#endif
#ifndef PATH_MAX
#ifdef MAXPATHLEN
#define PATH_MAX MAXPATHLEN
#else
#define PATH_MAX 1024
#endif
#endif
2003-11-14 16:54:54 +01:00
Bool defeatAccessControl = FALSE;
#define acmp(a1, a2, len) memcmp((char *)(a1), (char *)(a2), len)
#define acopy(a1, a2, len) memmove((char *)(a2), (char *)(a1), len)
#define addrEqual(fam, address, length, host) \
((fam) == (host)->family &&\
(length) == (host)->len &&\
!acmp (address, (host)->addr, length))
2003-11-14 17:49:22 +01:00
static int ConvertAddr(struct sockaddr */*saddr*/,
int */*len*/,
pointer */*addr*/);
2003-11-14 16:54:54 +01:00
2003-11-14 17:49:22 +01:00
static int CheckAddr(int /*family*/,
pointer /*pAddr*/,
unsigned /*length*/);
2003-11-14 16:54:54 +01:00
2003-11-14 17:49:22 +01:00
static Bool NewHost(int /*family*/,
pointer /*addr*/,
int /*len*/,
int /* addingLocalHosts */);
/* XFree86 bug #156: To keep track of which hosts were explicitly requested in
/etc/X<display>.hosts, we've added a requested field to the HOST struct,
and a LocalHostRequested variable. These default to FALSE, but are set
to TRUE in ResetHosts when reading in /etc/X<display>.hosts. They are
checked in DisableLocalHost(), which is called to disable the default
local host entries when stronger authentication is turned on. */
2003-11-14 16:54:54 +01:00
typedef struct _host {
short family;
short len;
unsigned char *addr;
struct _host *next;
int requested;
2003-11-14 16:54:54 +01:00
} HOST;
#define MakeHost(h,l) (h)=(HOST *) xalloc(sizeof *(h)+(l));\
if (h) { \
(h)->addr=(unsigned char *) ((h) + 1);\
(h)->requested = FALSE; \
}
2003-11-14 16:54:54 +01:00
#define FreeHost(h) xfree(h)
static HOST *selfhosts = NULL;
static HOST *validhosts = NULL;
static int AccessEnabled = DEFAULT_ACCESS_CONTROL;
static int LocalHostEnabled = FALSE;
static int LocalHostRequested = FALSE;
2003-11-14 16:54:54 +01:00
static int UsingXdmcp = FALSE;
/*
* called when authorization is not enabled to add the
* local host to the access list
*/
void
2003-11-14 17:49:22 +01:00
EnableLocalHost (void)
2003-11-14 16:54:54 +01:00
{
if (!UsingXdmcp)
{
LocalHostEnabled = TRUE;
AddLocalHosts ();
}
}
/*
* called when authorization is enabled to keep us secure
*/
void
2003-11-14 17:49:22 +01:00
DisableLocalHost (void)
2003-11-14 16:54:54 +01:00
{
HOST *self;
if (!LocalHostRequested) /* Fix for XFree86 bug #156 */
LocalHostEnabled = FALSE;
for (self = selfhosts; self; self = self->next) {
if (!self->requested) /* Fix for XFree86 bug #156 */
2003-11-14 16:54:54 +01:00
(void) RemoveHost ((ClientPtr)NULL, self->family, self->len, (pointer)self->addr);
}
2003-11-14 16:54:54 +01:00
}
/*
* called at init time when XDMCP will be used; xdmcp always
* adds local hosts manually when needed
*/
void
2003-11-14 17:49:22 +01:00
AccessUsingXdmcp (void)
2003-11-14 16:54:54 +01:00
{
UsingXdmcp = TRUE;
LocalHostEnabled = FALSE;
}
#if ((defined(SVR4) && !defined(DGUX) && !defined(SCO325) && !defined(sun) && !defined(NCR)) || defined(ISC)) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF)
2003-11-14 17:49:22 +01:00
/* Deal with different SIOCGIFCONF ioctl semantics on these OSs */
static int
ifioctl (int fd, int cmd, char *arg)
{
struct strioctl ioc;
int ret;
bzero((char *) &ioc, sizeof(ioc));
ioc.ic_cmd = cmd;
ioc.ic_timout = 0;
if (cmd == SIOCGIFCONF)
{
ioc.ic_len = ((struct ifconf *) arg)->ifc_len;
ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf;
#ifdef ISC
/* SIOCGIFCONF is somewhat brain damaged on ISC. The argument
* buffer must contain the ifconf structure as header. Ifc_req
* is also not a pointer but a one element array of ifreq
* structures. On return this array is extended by enough
* ifreq fields to hold all interfaces. The return buffer length
* is placed in the buffer header.
*/
((struct ifconf *) ioc.ic_dp)->ifc_len =
ioc.ic_len - sizeof(struct ifconf);
#endif
}
else
{
ioc.ic_len = sizeof(struct ifreq);
ioc.ic_dp = arg;
}
ret = ioctl(fd, I_STR, (char *) &ioc);
if (ret >= 0 && cmd == SIOCGIFCONF)
#ifdef SVR4
((struct ifconf *) arg)->ifc_len = ioc.ic_len;
#endif
#ifdef ISC
{
((struct ifconf *) arg)->ifc_len =
((struct ifconf *)ioc.ic_dp)->ifc_len;
((struct ifconf *) arg)->ifc_buf =
(caddr_t)((struct ifconf *)ioc.ic_dp)->ifc_req;
}
#endif
return(ret);
}
#else /* Case DGUX, sun, SCO325 NCR and others */
#define ifioctl ioctl
#endif /* ((SVR4 && !DGUX !sun !SCO325 !NCR) || ISC) && SIOCGIFCONF */
2003-11-14 16:54:54 +01:00
/*
* DefineSelf (fd):
*
* Define this host for access control. Find all the hosts the OS knows about
* for this fd and add them to the selfhosts list.
*/
#ifdef WINTCP /* NCR Wollongong based TCP */
#include <sys/un.h>
#include <stropts.h>
#include <tiuser.h>
#include <sys/stream.h>
#include <net/if.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
void
2003-11-14 17:49:22 +01:00
DefineSelf (int fd)
2003-11-14 16:54:54 +01:00
{
/*
* The Wolongong drivers used by NCR SVR4/MP-RAS don't understand the
* socket IO calls that most other drivers seem to like. Because of
* this, this routine must be special cased for NCR. Eventually,
* this will be cleared up.
*/
struct ipb ifnet;
struct in_ifaddr ifaddr;
struct strioctl str;
unsigned char *addr;
register HOST *host;
int family, len;
if ((fd = open ("/dev/ip", O_RDWR, 0 )) < 0)
2003-11-14 17:49:22 +01:00
Error ("Getting interface configuration (1)");
2003-11-14 16:54:54 +01:00
/* Indicate that we want to start at the begining */
ifnet.ib_next = (struct ipb *) 1;
while (ifnet.ib_next)
{
str.ic_cmd = IPIOC_GETIPB;
str.ic_timout = 0;
str.ic_len = sizeof (struct ipb);
str.ic_dp = (char *) &ifnet;
if (ioctl (fd, (int) I_STR, (char *) &str) < 0)
{
close (fd);
2003-11-14 17:49:22 +01:00
Error ("Getting interface configuration (2)");
2003-11-14 16:54:54 +01:00
}
ifaddr.ia_next = (struct in_ifaddr *) ifnet.if_addrlist;
str.ic_cmd = IPIOC_GETINADDR;
str.ic_timout = 0;
str.ic_len = sizeof (struct in_ifaddr);
str.ic_dp = (char *) &ifaddr;
if (ioctl (fd, (int) I_STR, (char *) &str) < 0)
{
close (fd);
2003-11-14 17:49:22 +01:00
Error ("Getting interface configuration (3)");
2003-11-14 16:54:54 +01:00
}
len = sizeof(struct sockaddr_in);
family = ConvertAddr (IA_SIN(&ifaddr), &len, (pointer *)&addr);
if (family == -1 || family == FamilyLocal)
continue;
for (host = selfhosts;
host && !addrEqual (family, addr, len, host);
host = host->next)
;
if (host)
continue;
MakeHost(host,len)
if (host)
{
host->family = family;
host->len = len;
acopy(addr, host->addr, len);
host->next = selfhosts;
selfhosts = host;
}
#ifdef XDMCP
{
struct sockaddr broad_addr;
/*
* If this isn't an Internet Address, don't register it.
*/
if (family != FamilyInternet)
continue;
/*
* ignore 'localhost' entries as they're not useful
* on the other end of the wire
*/
if (len == 4 &&
addr[0] == 127 && addr[1] == 0 &&
addr[2] == 0 && addr[3] == 1)
continue;
XdmcpRegisterConnection (family, (char *)addr, len);
#define IA_BROADADDR(ia) ((struct sockaddr_in *)(&((struct in_ifaddr *)ia)->ia_broadaddr))
XdmcpRegisterBroadcastAddress (
(struct sockaddr_in *) IA_BROADADDR(&ifaddr));
#undef IA_BROADADDR
}
#endif /* XDMCP */
}
close(fd);
/*
* add something of FamilyLocalHost
*/
for (host = selfhosts;
host && !addrEqual(FamilyLocalHost, "", 0, host);
host = host->next);
if (!host)
{
MakeHost(host, 0);
if (host)
{
host->family = FamilyLocalHost;
host->len = 0;
acopy("", host->addr, 0);
host->next = selfhosts;
selfhosts = host;
}
}
}
#else /* WINTCP */
2003-11-14 17:49:22 +01:00
#if !defined(SIOCGIFCONF) || (defined (hpux) && ! defined (HAS_IFREQ)) || defined(QNX4)
2003-11-14 16:54:54 +01:00
void
2003-11-14 17:49:22 +01:00
DefineSelf (int fd)
2003-11-14 16:54:54 +01:00
{
2003-11-14 17:49:22 +01:00
#if !defined(TCPCONN) && !defined(STREAMSCONN) && !defined(UNIXCONN) && !defined(MNX_TCPCONN)
2003-11-14 16:54:54 +01:00
return;
#else
register int n;
int len;
caddr_t addr;
int family;
register HOST *host;
struct utsname name;
register struct hostent *hp;
union {
struct sockaddr sa;
struct sockaddr_in in;
#if defined(IPv6) && defined(AF_INET6)
struct sockaddr_in6 in6;
#endif
2003-11-14 16:54:54 +01:00
} saddr;
struct sockaddr_in *inetaddr;
struct sockaddr_in6 *inet6addr;
2003-11-14 16:54:54 +01:00
struct sockaddr_in broad_addr;
2003-11-14 17:49:22 +01:00
#ifdef XTHREADS_NEEDS_BYNAMEPARAMS
2003-11-14 16:54:54 +01:00
_Xgethostbynameparams hparams;
2003-11-14 17:49:22 +01:00
#endif
2003-11-14 16:54:54 +01:00
/* Why not use gethostname()? Well, at least on my system, I've had to
* make an ugly kernel patch to get a name longer than 8 characters, and
* uname() lets me access to the whole string (it smashes release, you
* see), whereas gethostname() kindly truncates it for me.
*/
2003-11-14 17:49:22 +01:00
#ifndef QNX4
2003-11-14 16:54:54 +01:00
uname(&name);
2003-11-14 17:49:22 +01:00
#else
/* QNX4's uname returns node number in name.nodename, not the hostname
have to overwrite it */
char hname[1024];
gethostname(hname, 1024);
name.nodename = hname;
2003-11-14 16:54:54 +01:00
#endif
2003-11-14 17:49:22 +01:00
hp = _XGethostbyname(name.nodename, hparams);
2003-11-14 16:54:54 +01:00
if (hp != NULL)
{
saddr.sa.sa_family = hp->h_addrtype;
switch (hp->h_addrtype) {
case AF_INET:
inetaddr = (struct sockaddr_in *) (&(saddr.sa));
acopy ( hp->h_addr, &(inetaddr->sin_addr), hp->h_length);
len = sizeof(saddr.sa);
break;
#if defined(IPv6) && defined(AF_INET6)
case AF_INET6:
inet6addr = (struct sockaddr_in6 *) (&(saddr.sa));
acopy ( hp->h_addr, &(inet6addr->sin6_addr), hp->h_length);
len = sizeof(saddr.in6);
break;
#endif
default:
goto DefineLocalHost;
}
2003-11-14 16:54:54 +01:00
family = ConvertAddr ( &(saddr.sa), &len, (pointer *)&addr);
if ( family != -1 && family != FamilyLocal )
{
for (host = selfhosts;
host && !addrEqual (family, addr, len, host);
host = host->next) ;
if (!host)
{
/* add this host to the host list. */
MakeHost(host,len)
if (host)
{
host->family = family;
host->len = len;
acopy ( addr, host->addr, len);
host->next = selfhosts;
selfhosts = host;
}
#ifdef XDMCP
/*
* If this is an Internet Address, but not the localhost
* address (127.0.0.1), register it.
*/
if (family == FamilyInternet &&
!(len == 4 && addr[0] == 127 && addr[1] == 0 &&
addr[2] == 0 && addr[3] == 1)
)
{
XdmcpRegisterConnection (family, (char *)addr, len);
broad_addr = *inetaddr;
((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr =
htonl (INADDR_BROADCAST);
XdmcpRegisterBroadcastAddress ((struct sockaddr_in *)
&broad_addr);
}
#if defined(IPv6) && defined(AF_INET6)
else if (family == FamilyInternet6 &&
!(IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)))
{
XdmcpRegisterConnection (family, (char *)addr, len);
}
#endif
2003-11-14 16:54:54 +01:00
#endif /* XDMCP */
}
}
}
/*
* now add a host of family FamilyLocalHost...
*/
DefineLocalHost:
2003-11-14 16:54:54 +01:00
for (host = selfhosts;
host && !addrEqual(FamilyLocalHost, "", 0, host);
host = host->next);
if (!host)
{
MakeHost(host, 0);
if (host)
{
host->family = FamilyLocalHost;
host->len = 0;
acopy("", host->addr, 0);
host->next = selfhosts;
selfhosts = host;
}
}
2003-11-14 17:49:22 +01:00
#endif /* !TCPCONN && !STREAMSCONN && !UNIXCONN && !MNX_TCPCONN */
2003-11-14 16:54:54 +01:00
}
#else
2003-11-14 17:49:22 +01:00
#ifdef USE_SIOCGLIFCONF
#define ifr_type struct lifreq
#else
#define ifr_type struct ifreq
#endif
2003-11-14 17:49:22 +01:00
#ifdef VARIABLE_IFREQ
#define ifr_size(p) (sizeof (struct ifreq) + \
(p->ifr_addr.sa_len > sizeof (p->ifr_addr) ? \
p->ifr_addr.sa_len - sizeof (p->ifr_addr) : 0))
#define ifraddr_size(a) (a.sa_len)
#else
#ifdef QNX4
#define ifr_size(p) (p->ifr_addr.sa_len + IFNAMSIZ)
#define ifraddr_size(a) (a.sa_len)
#else
#define ifr_size(p) (sizeof (ifr_type))
2003-11-14 17:49:22 +01:00
#define ifraddr_size(a) (sizeof (a))
#endif
#endif
#ifdef DEF_SELF_DEBUG
#include <arpa/inet.h>
#endif
#if defined(IPv6) && defined(AF_INET6)
static void
in6_fillscopeid(struct sockaddr_in6 *sin6)
{
#if defined(__KAME__)
if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
sin6->sin6_scope_id =
ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]);
sin6->sin6_addr.s6_addr[2] = sin6->sin6_addr.s6_addr[3] = 0;
}
#endif
}
#endif
2003-11-14 16:54:54 +01:00
void
2003-11-14 17:49:22 +01:00
DefineSelf (int fd)
2003-11-14 16:54:54 +01:00
{
2003-11-14 17:49:22 +01:00
#ifndef HAS_GETIFADDRS
char buf[2048], *cp, *cplim;
void * bufptr = buf;
#ifdef USE_SIOCGLIFCONF
struct lifconf ifc;
register struct lifreq *ifr;
#ifdef SIOCGLIFNUM
struct lifnum ifn;
#endif
#else
2003-11-14 16:54:54 +01:00
struct ifconf ifc;
2003-11-14 17:49:22 +01:00
register struct ifreq *ifr;
#endif
2003-11-14 17:49:22 +01:00
#else
struct ifaddrs * ifap, *ifr;
#endif
2003-11-14 16:54:54 +01:00
int len;
unsigned char * addr;
int family;
register HOST *host;
#ifdef DNETCONN
struct dn_naddr *dnaddr = getnodeadd();
/*
* AF_DECnet may not be listed in the interface list. Instead use
* the supported library call to find out the local address (if any).
*/
if (dnaddr)
{
addr = (unsigned char *) dnaddr;
len = dnaddr->a_len + sizeof(dnaddr->a_len);
family = FamilyDECnet;
for (host = selfhosts;
host && !addrEqual (family, addr, len, host);
host = host->next)
;
if (!host)
{
MakeHost(host,len)
if (host)
{
host->family = family;
host->len = len;
acopy(addr, host->addr, len);
host->next = selfhosts;
selfhosts = host;
}
}
}
2003-11-14 17:49:22 +01:00
#endif /* DNETCONN */
#ifndef HAS_GETIFADDRS
len = sizeof(buf);
#ifdef USE_SIOCGLIFCONF
#ifdef SIOCGLIFNUM
ifn.lifn_family = AF_UNSPEC;
ifn.lifn_flags = 0;
if (ioctl (fd, SIOCGLIFNUM, (char *) &ifn) < 0)
Error ("Getting interface count");
if (len < (ifn.lifn_count * sizeof(struct lifreq))) {
len = ifn.lifn_count * sizeof(struct lifreq);
bufptr = xalloc(len);
}
#endif
ifc.lifc_family = AF_UNSPEC;
ifc.lifc_flags = 0;
ifc.lifc_len = len;
ifc.lifc_buf = bufptr;
#define IFC_IOCTL_REQ SIOCGLIFCONF
#define IFC_IFC_REQ ifc.lifc_req
#define IFC_IFC_LEN ifc.lifc_len
#define IFR_IFR_ADDR ifr->lifr_addr
#define IFR_IFR_NAME ifr->lifr_name
#else /* Use SIOCGIFCONF */
ifc.ifc_len = len;
ifc.ifc_buf = bufptr;
#define IFC_IOCTL_REQ SIOCGIFCONF
2003-11-14 17:49:22 +01:00
#ifdef ISC
#define IFC_IFC_REQ (struct ifreq *) ifc.ifc_buf
2003-11-14 16:54:54 +01:00
#else
2003-11-14 17:49:22 +01:00
#define IFC_IFC_REQ ifc.ifc_req
#endif /* ISC */
#define IFC_IFC_LEN ifc.ifc_len
#define IFR_IFR_ADDR ifr->ifr_addr
#define IFR_IFR_NAME ifr->ifr_name
#endif
if (ifioctl (fd, IFC_IOCTL_REQ, (pointer) &ifc) < 0)
Error ("Getting interface configuration (4)");
2003-11-14 17:49:22 +01:00
cplim = (char *) IFC_IFC_REQ + IFC_IFC_LEN;
2003-11-14 17:49:22 +01:00
for (cp = (char *) IFC_IFC_REQ; cp < cplim; cp += ifr_size (ifr))
2003-11-14 16:54:54 +01:00
{
ifr = (ifr_type *) cp;
len = ifraddr_size (IFR_IFR_ADDR);
family = ConvertAddr ((struct sockaddr *) &IFR_IFR_ADDR,
&len, (pointer *)&addr);
2003-11-14 16:54:54 +01:00
#ifdef DNETCONN
/*
* DECnet was handled up above.
*/
if (family == AF_DECnet)
2003-11-14 16:54:54 +01:00
continue;
#endif /* DNETCONN */
if (family == -1 || family == FamilyLocal)
continue;
#if defined(IPv6) && defined(AF_INET6)
if (family == FamilyInternet6)
in6_fillscopeid((struct sockaddr_in6 *)&IFR_IFR_ADDR);
#endif
2003-11-14 17:49:22 +01:00
#ifdef DEF_SELF_DEBUG
if (family == FamilyInternet)
ErrorF("Xserver: DefineSelf(): ifname = %s, addr = %d.%d.%d.%d\n",
IFR_IFR_NAME, addr[0], addr[1], addr[2], addr[3]);
#if defined(IPv6) && defined(AF_INET6)
else if (family == FamilyInternet6) {
char cp[INET6_ADDRSTRLEN] = "";
inet_ntop(AF_INET6, addr, cp, sizeof(cp));
ErrorF("Xserver: DefineSelf(): ifname = %s, addr = %s\n",
IFR_IFR_NAME, cp);
}
#endif
2003-11-14 17:49:22 +01:00
#endif /* DEF_SELF_DEBUG */
2003-11-14 16:54:54 +01:00
for (host = selfhosts;
host && !addrEqual (family, addr, len, host);
host = host->next)
;
if (host)
continue;
MakeHost(host,len)
if (host)
{
host->family = family;
host->len = len;
acopy(addr, host->addr, len);
host->next = selfhosts;
selfhosts = host;
}
#ifdef XDMCP
{
#ifdef USE_SIOCGLIFCONF
struct sockaddr_storage broad_addr;
#else
2003-11-14 16:54:54 +01:00
struct sockaddr broad_addr;
#endif
2003-11-14 16:54:54 +01:00
/*
* If this isn't an Internet Address, don't register it.
*/
if (family != FamilyInternet
#if defined(IPv6) && defined(AF_INET6)
&& family != FamilyInternet6
#endif
)
2003-11-14 16:54:54 +01:00
continue;
/*
* ignore 'localhost' entries as they're not useful
* on the other end of the wire
*/
if (family == FamilyInternet &&
2003-11-14 16:54:54 +01:00
addr[0] == 127 && addr[1] == 0 &&
addr[2] == 0 && addr[3] == 1)
continue;
#if defined(IPv6) && defined(AF_INET6)
else if (family == FamilyInternet6 &&
IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))
continue;
#endif
2003-11-14 16:54:54 +01:00
XdmcpRegisterConnection (family, (char *)addr, len);
#if defined(IPv6) && defined(AF_INET6)
/* IPv6 doesn't support broadcasting, so we drop out here */
if (family == FamilyInternet6)
continue;
#endif
broad_addr = IFR_IFR_ADDR;
2003-11-14 16:54:54 +01:00
((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr =
htonl (INADDR_BROADCAST);
#if defined(USE_SIOCGLIFCONF) && defined(SIOCGLIFBRDADDR)
{
struct lifreq broad_req;
broad_req = *ifr;
if (ioctl (fd, SIOCGLIFFLAGS, (char *) &broad_req) != -1 &&
(broad_req.lifr_flags & IFF_BROADCAST) &&
(broad_req.lifr_flags & IFF_UP)
)
{
broad_req = *ifr;
if (ioctl (fd, SIOCGLIFBRDADDR, &broad_req) != -1)
broad_addr = broad_req.lifr_broadaddr;
else
continue;
}
else
continue;
}
#elif defined(SIOCGIFBRDADDR)
2003-11-14 16:54:54 +01:00
{
struct ifreq broad_req;
broad_req = *ifr;
if (ifioctl (fd, SIOCGIFFLAGS, (pointer) &broad_req) != -1 &&
2003-11-14 16:54:54 +01:00
(broad_req.ifr_flags & IFF_BROADCAST) &&
(broad_req.ifr_flags & IFF_UP)
)
{
broad_req = *ifr;
if (ifioctl (fd, SIOCGIFBRDADDR, (pointer) &broad_req) != -1)
2003-11-14 16:54:54 +01:00
broad_addr = broad_req.ifr_addr;
else
continue;
}
else
continue;
}
2003-11-14 17:49:22 +01:00
#endif /* SIOCGIFBRDADDR */
#ifdef DEF_SELF_DEBUG
ErrorF("Xserver: DefineSelf(): ifname = %s, baddr = %s\n",
IFR_IFR_NAME,
2003-11-14 17:49:22 +01:00
inet_ntoa(((struct sockaddr_in *) &broad_addr)->sin_addr));
#endif /* DEF_SELF_DEBUG */
2003-11-14 16:54:54 +01:00
XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) &broad_addr);
}
2003-11-14 17:49:22 +01:00
#endif /* XDMCP */
}
if (bufptr != buf)
free(bufptr);
2003-11-14 17:49:22 +01:00
#else /* HAS_GETIFADDRS */
if (getifaddrs(&ifap) < 0) {
ErrorF("Warning: getifaddrs returns %s\n", strerror(errno));
return;
2003-11-14 16:54:54 +01:00
}
2003-11-14 17:49:22 +01:00
for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) {
#ifdef DNETCONN
if (ifr->ifa_addr.sa_family == AF_DECnet)
continue;
#endif /* DNETCONN */
len = sizeof(*(ifr->ifa_addr));
2003-11-14 17:49:22 +01:00
family = ConvertAddr(ifr->ifa_addr, &len, (pointer *)&addr);
if (family == -1 || family == FamilyLocal)
continue;
#if defined(IPv6) && defined(AF_INET6)
if (family == FamilyInternet6)
in6_fillscopeid((struct sockaddr_in6 *)ifr->ifa_addr);
#endif
2003-11-14 17:49:22 +01:00
#ifdef DEF_SELF_DEBUG
if (family == FamilyInternet)
ErrorF("Xserver: DefineSelf(): ifname = %s, addr = %d.%d.%d.%d\n",
ifr->ifa_name, addr[0], addr[1], addr[2], addr[3]);
#if defined(IPv6) && defined(AF_INET6)
else if (family == FamilyInternet6) {
char cp[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, addr, cp, sizeof(cp));
ErrorF("Xserver: DefineSelf(): ifname = %s addr = %s\n",
ifr->ifa_name, cp);
}
#endif
2003-11-14 17:49:22 +01:00
#endif /* DEF_SELF_DEBUG */
for (host = selfhosts;
host != NULL && !addrEqual(family, addr, len, host);
host = host->next)
;
if (host != NULL)
continue;
MakeHost(host, len);
if (host != NULL) {
host->family = family;
host->len = len;
acopy(addr, host->addr, len);
host->next = selfhosts;
selfhosts = host;
}
#ifdef XDMCP
{
struct sockaddr broad_addr;
/*
* If this isn't an Internet Address, don't register it.
*/
if (family != FamilyInternet
#if defined(IPv6) && defined(AF_INET6)
&& family != FamilyInternet6
#endif
)
2003-11-14 17:49:22 +01:00
continue;
/*
* ignore 'localhost' entries as they're not useful
2003-11-14 17:49:22 +01:00
* on the other end of the wire
*/
if (ifr->ifa_flags & IFF_LOOPBACK)
continue;
if (family == FamilyInternet &&
2003-11-14 17:49:22 +01:00
addr[0] == 127 && addr[1] == 0 &&
addr[2] == 0 && addr[3] == 1)
2003-11-14 17:49:22 +01:00
continue;
#if defined(IPv6) && defined(AF_INET6)
else if (family == FamilyInternet6 &&
IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))
continue;
#endif
2003-11-14 17:49:22 +01:00
XdmcpRegisterConnection(family, (char *)addr, len);
#if defined(IPv6) && defined(AF_INET6)
if (family == FamilyInternet6)
/* IPv6 doesn't support broadcasting, so we drop out here */
continue;
#endif
2003-11-14 17:49:22 +01:00
if ((ifr->ifa_flags & IFF_BROADCAST) &&
(ifr->ifa_flags & IFF_UP))
broad_addr = *ifr->ifa_broadaddr;
else
continue;
#ifdef DEF_SELF_DEBUG
ErrorF("Xserver: DefineSelf(): ifname = %s, baddr = %s\n",
ifr->ifa_name,
inet_ntoa(((struct sockaddr_in *) &broad_addr)->sin_addr));
#endif /* DEF_SELF_DEBUG */
XdmcpRegisterBroadcastAddress((struct sockaddr_in *)
&broad_addr);
}
#endif /* XDMCP */
} /* for */
freeifaddrs(ifap);
#endif /* HAS_GETIFADDRS */
2003-11-14 16:54:54 +01:00
/*
* add something of FamilyLocalHost
*/
for (host = selfhosts;
host && !addrEqual(FamilyLocalHost, "", 0, host);
host = host->next);
if (!host)
{
MakeHost(host, 0);
if (host)
{
host->family = FamilyLocalHost;
host->len = 0;
acopy("", host->addr, 0);
host->next = selfhosts;
selfhosts = host;
}
}
}
#endif /* hpux && !HAS_IFREQ */
#endif /* WINTCP */
#ifdef XDMCP
void
2003-11-14 17:49:22 +01:00
AugmentSelf(pointer from, int len)
2003-11-14 16:54:54 +01:00
{
int family;
pointer addr;
register HOST *host;
family = ConvertAddr(from, &len, (pointer *)&addr);
if (family == -1 || family == FamilyLocal)
return;
for (host = selfhosts; host; host = host->next)
{
if (addrEqual(family, addr, len, host))
return;
}
MakeHost(host,len)
if (!host)
return;
host->family = family;
host->len = len;
acopy(addr, host->addr, len);
host->next = selfhosts;
selfhosts = host;
}
#endif
void
2003-11-14 17:49:22 +01:00
AddLocalHosts (void)
2003-11-14 16:54:54 +01:00
{
HOST *self;
for (self = selfhosts; self; self = self->next)
/* Fix for XFree86 bug #156: pass addingLocal = TRUE to
* NewHost to tell that we are adding the default local
* host entries and not to flag the entries as being
* explicitely requested */
(void) NewHost (self->family, self->addr, self->len, TRUE);
2003-11-14 16:54:54 +01:00
}
/* Reset access control list to initial hosts */
void
2003-11-14 17:49:22 +01:00
ResetHosts (char *display)
2003-11-14 16:54:54 +01:00
{
register HOST *host;
char lhostname[120], ohostname[120];
char *hostname = ohostname;
2003-11-14 17:49:22 +01:00
char fname[PATH_MAX + 1];
2003-11-14 16:54:54 +01:00
int fnamelen;
FILE *fd;
char *ptr;
int i, hostlen;
#if ((defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)) && \
(!defined(IPv6) || !defined(AF_INET6))) || defined(DNETCONN)
2003-11-14 16:54:54 +01:00
union {
struct sockaddr sa;
2003-11-14 17:49:22 +01:00
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
struct sockaddr_in in;
2003-11-14 16:54:54 +01:00
#endif /* TCPCONN || STREAMSCONN */
#ifdef DNETCONN
struct sockaddr_dn dn;
#endif
} saddr;
2003-11-14 16:54:54 +01:00
#endif
#ifdef DNETCONN
struct nodeent *np;
struct dn_naddr dnaddr, *dnaddrp, *dnet_addr();
#endif
#ifdef K5AUTH
krb5_principal princ;
krb5_data kbuf;
#endif
2003-11-14 17:49:22 +01:00
int family = 0;
2003-11-14 16:54:54 +01:00
pointer addr;
int len;
AccessEnabled = defeatAccessControl ? FALSE : DEFAULT_ACCESS_CONTROL;
LocalHostEnabled = FALSE;
2003-11-14 17:49:22 +01:00
while ((host = validhosts) != 0)
2003-11-14 16:54:54 +01:00
{
validhosts = host->next;
FreeHost (host);
}
2003-11-14 17:49:22 +01:00
#define ETC_HOST_PREFIX "/etc/X"
#define ETC_HOST_SUFFIX ".hosts"
fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) +
strlen(display) + 1;
if (fnamelen > sizeof(fname))
FatalError("Display name `%s' is too long\n", display);
sprintf(fname, ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX, display);
#ifdef __UNIXOS2__
strcpy(fname, (char*)__XOS2RedirRoot(fname));
#endif /* __UNIXOS2__ */
if ((fd = fopen (fname, "r")) != 0)
2003-11-14 16:54:54 +01:00
{
while (fgets (ohostname, sizeof (ohostname), fd))
{
family = FamilyWild;
2003-11-14 16:54:54 +01:00
if (*ohostname == '#')
continue;
2003-11-14 17:49:22 +01:00
if ((ptr = strchr(ohostname, '\n')) != 0)
*ptr = 0;
#ifdef __UNIXOS2__
if ((ptr = strchr(ohostname, '\r')) != 0)
2003-11-14 16:54:54 +01:00
*ptr = 0;
2003-11-14 17:49:22 +01:00
#endif
2003-11-14 16:54:54 +01:00
hostlen = strlen(ohostname) + 1;
for (i = 0; i < hostlen; i++)
lhostname[i] = tolower(ohostname[i]);
hostname = ohostname;
if (!strncmp("local:", lhostname, 6))
{
family = FamilyLocalHost;
NewHost(family, "", 0, FALSE);
LocalHostRequested = TRUE; /* Fix for XFree86 bug #156 */
2003-11-14 16:54:54 +01:00
}
2003-11-14 17:49:22 +01:00
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
2003-11-14 16:54:54 +01:00
else if (!strncmp("inet:", lhostname, 5))
{
family = FamilyInternet;
hostname = ohostname + 5;
}
#if defined(IPv6) && defined(AF_INET6)
else if (!strncmp("inet6:", lhostname, 6))
{
family = FamilyInternet6;
hostname = ohostname + 6;
}
#endif
2003-11-14 16:54:54 +01:00
#endif
#ifdef DNETCONN
else if (!strncmp("dnet:", lhostname, 5))
{
family = FamilyDECnet;
hostname = ohostname + 5;
}
#endif
#ifdef SECURE_RPC
else if (!strncmp("nis:", lhostname, 4))
{
family = FamilyNetname;
hostname = ohostname + 4;
}
#endif
#ifdef K5AUTH
else if (!strncmp("krb:", lhostname, 4))
{
family = FamilyKrb5Principal;
hostname = ohostname + 4;
}
#endif
#ifdef DNETCONN
if ((family == FamilyDECnet) ||
(ptr = strchr(hostname, ':')) && (*(ptr + 1) == ':') &&
!(*ptr = '\0')) /* bash trailing colons if necessary */
{
/* node name (DECnet names end in "::") */
dnaddrp = dnet_addr(hostname);
if (!dnaddrp && (np = getnodebyname (hostname)))
{
/* node was specified by name */
saddr.sa.sa_family = np->n_addrtype;
len = sizeof(saddr.sa);
if (ConvertAddr (&saddr.sa, &len, (pointer *)&addr) == FamilyDECnet)
{
bzero ((char *) &dnaddr, sizeof (dnaddr));
dnaddr.a_len = np->n_length;
acopy (np->n_addr, dnaddr.a_addr, np->n_length);
dnaddrp = &dnaddr;
}
}
if (dnaddrp)
(void) NewHost(FamilyDECnet, (pointer)dnaddrp,
(int)(dnaddrp->a_len + sizeof(dnaddrp->a_len)), FALSE);
2003-11-14 16:54:54 +01:00
}
else
#endif /* DNETCONN */
#ifdef K5AUTH
if (family == FamilyKrb5Principal)
{
krb5_parse_name(hostname, &princ);
XauKrb5Encode(princ, &kbuf);
(void) NewHost(FamilyKrb5Principal, kbuf.data, kbuf.length, FALSE);
2003-11-14 16:54:54 +01:00
krb5_free_principal(princ);
}
else
#endif
#ifdef SECURE_RPC
if ((family == FamilyNetname) || (strchr(hostname, '@')))
{
SecureRPCInit ();
(void) NewHost (FamilyNetname, hostname, strlen (hostname), FALSE);
2003-11-14 16:54:54 +01:00
}
else
#endif /* SECURE_RPC */
2003-11-14 17:49:22 +01:00
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
2003-11-14 16:54:54 +01:00
{
#if defined(IPv6) && defined(AF_INET6)
if ( (family == FamilyInternet) || (family == FamilyInternet6) ||
(family == FamilyWild) )
{
struct addrinfo *addresses;
struct addrinfo *a;
int f;
if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) {
for (a = addresses ; a != NULL ; a = a->ai_next) {
len = a->ai_addrlen;
f = ConvertAddr(a->ai_addr,&len,(pointer *)&addr);
if ( (family == f) ||
((family == FamilyWild) && (f != -1)) ) {
NewHost(f, addr, len, FALSE);
}
}
freeaddrinfo(addresses);
}
}
#else
2003-11-14 17:49:22 +01:00
#ifdef XTHREADS_NEEDS_BYNAMEPARAMS
2003-11-14 16:54:54 +01:00
_Xgethostbynameparams hparams;
2003-11-14 17:49:22 +01:00
#endif
register struct hostent *hp;
2003-11-14 16:54:54 +01:00
/* host name */
2003-11-14 17:49:22 +01:00
if ((family == FamilyInternet &&
((hp = _XGethostbyname(hostname, hparams)) != 0)) ||
((hp = _XGethostbyname(hostname, hparams)) != 0))
2003-11-14 16:54:54 +01:00
{
saddr.sa.sa_family = hp->h_addrtype;
len = sizeof(saddr.sa);
if ((family = ConvertAddr (&saddr.sa, &len, (pointer *)&addr)) != -1)
{
#ifdef h_addr /* new 4.3bsd version of gethostent */
char **list;
/* iterate over the addresses */
for (list = hp->h_addr_list; *list; list++)
(void) NewHost (family, (pointer)*list, len, FALSE);
2003-11-14 16:54:54 +01:00
#else
(void) NewHost (family, (pointer)hp->h_addr, len, FALSE);
2003-11-14 16:54:54 +01:00
#endif
}
}
#endif /* IPv6 */
2003-11-14 16:54:54 +01:00
}
#endif /* TCPCONN || STREAMSCONN */
family = FamilyWild;
}
fclose (fd);
}
}
/* Is client on the local host */
2003-11-14 17:49:22 +01:00
Bool LocalClient(ClientPtr client)
2003-11-14 16:54:54 +01:00
{
int alen, family, notused;
Xtransaddr *from = NULL;
pointer addr;
register HOST *host;
#ifdef XCSECURITY
/* untrusted clients can't change host access */
if (client->trustLevel != XSecurityClientTrusted)
{
SecurityAudit("client %d attempted to change host access\n",
client->index);
return FALSE;
}
#endif
#ifdef LBX
if (!((OsCommPtr)client->osPrivate)->trans_conn)
return FALSE;
#endif
if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
&notused, &alen, &from))
{
family = ConvertAddr ((struct sockaddr *) from,
&alen, (pointer *)&addr);
if (family == -1)
{
xfree ((char *) from);
return FALSE;
}
if (family == FamilyLocal)
{
xfree ((char *) from);
return TRUE;
}
for (host = selfhosts; host; host = host->next)
{
if (addrEqual (family, addr, alen, host))
return TRUE;
}
xfree ((char *) from);
}
return FALSE;
}
2003-11-14 17:49:22 +01:00
/*
* Return the uid and gid of a connected local client
* or the uid/gid for nobody those ids cannot be determinded
*
* Used by XShm to test access rights to shared memory segments
*/
int
LocalClientCred(ClientPtr client, int *pUid, int *pGid)
{
#if defined(HAS_GETPEEREID) || defined(SO_PEERCRED)
2003-11-14 17:49:22 +01:00
int fd;
XtransConnInfo ci;
#ifdef HAS_GETPEEREID
uid_t uid;
gid_t gid;
#elif defined(SO_PEERCRED)
struct ucred peercred;
socklen_t so_len = sizeof(peercred);
#endif
if (client == NULL)
return -1;
ci = ((OsCommPtr)client->osPrivate)->trans_conn;
/* We can only determine peer credentials for Unix domain sockets */
if (!_XSERVTransIsLocal(ci)) {
return -1;
}
fd = _XSERVTransGetConnectionNumber(ci);
#ifdef HAS_GETPEEREID
if (getpeereid(fd, &uid, &gid) == -1)
return -1;
if (pUid != NULL)
*pUid = uid;
if (pGid != NULL)
*pGid = gid;
return 0;
#elif defined(SO_PEERCRED)
if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1)
return -1;
if (pUid != NULL)
*pUid = peercred.uid;
if (pGid != NULL)
*pGid = peercred.gid;
return 0;
#endif
2003-11-14 17:49:22 +01:00
#else
/* No system call available to get the credentials of the peer */
return -1;
#endif
}
2003-11-14 16:54:54 +01:00
static Bool
2003-11-14 17:49:22 +01:00
AuthorizedClient(ClientPtr client)
2003-11-14 16:54:54 +01:00
{
if (!client || defeatAccessControl)
return TRUE;
return LocalClient(client);
}
/* Add a host to the access control list. This is the external interface
* called from the dispatcher */
int
2003-11-14 17:49:22 +01:00
AddHost (ClientPtr client,
int family,
unsigned length, /* of bytes in pAddr */
pointer pAddr)
2003-11-14 16:54:54 +01:00
{
int len;
if (!AuthorizedClient(client))
return(BadAccess);
switch (family) {
case FamilyLocalHost:
len = length;
LocalHostEnabled = TRUE;
break;
#ifdef K5AUTH
case FamilyKrb5Principal:
len = length;
break;
#endif
#ifdef SECURE_RPC
case FamilyNetname:
len = length;
SecureRPCInit ();
break;
#endif
case FamilyInternet:
#if defined(IPv6) && defined(AF_INET6)
case FamilyInternet6:
#endif
2003-11-14 16:54:54 +01:00
case FamilyDECnet:
case FamilyChaos:
if ((len = CheckAddr (family, pAddr, length)) < 0)
{
client->errorValue = length;
return (BadValue);
}
break;
case FamilyLocal:
default:
client->errorValue = family;
return (BadValue);
}
if (NewHost (family, pAddr, len, FALSE))
2003-11-14 16:54:54 +01:00
return Success;
return BadAlloc;
}
Bool
2003-11-14 17:49:22 +01:00
ForEachHostInFamily (int family,
Bool (*func)(
unsigned char * /* addr */,
short /* len */,
pointer /* closure */),
pointer closure)
2003-11-14 16:54:54 +01:00
{
HOST *host;
for (host = validhosts; host; host = host->next)
if (family == host->family && func (host->addr, host->len, closure))
return TRUE;
return FALSE;
}
/* Add a host to the access control list. This is the internal interface
* called when starting or resetting the server */
static Bool
2003-11-14 17:49:22 +01:00
NewHost (int family,
pointer addr,
int len,
int addingLocalHosts)
2003-11-14 16:54:54 +01:00
{
register HOST *host;
for (host = validhosts; host; host = host->next)
{
if (addrEqual (family, addr, len, host))
return TRUE;
}
if (!addingLocalHosts) { /* Fix for XFree86 bug #156 */
for (host = selfhosts; host; host = host->next) {
if (addrEqual (family, addr, len, host)) {
host->requested = TRUE;
break;
}
}
}
2003-11-14 16:54:54 +01:00
MakeHost(host,len)
if (!host)
return FALSE;
host->family = family;
host->len = len;
acopy(addr, host->addr, len);
host->next = validhosts;
validhosts = host;
return TRUE;
}
/* Remove a host from the access control list */
int
2003-11-14 17:49:22 +01:00
RemoveHost (
ClientPtr client,
int family,
unsigned length, /* of bytes in pAddr */
pointer pAddr)
2003-11-14 16:54:54 +01:00
{
int len;
register HOST *host, **prev;
if (!AuthorizedClient(client))
return(BadAccess);
switch (family) {
case FamilyLocalHost:
len = length;
LocalHostEnabled = FALSE;
break;
#ifdef K5AUTH
case FamilyKrb5Principal:
len = length;
break;
#endif
#ifdef SECURE_RPC
case FamilyNetname:
len = length;
break;
#endif
case FamilyInternet:
#if defined(IPv6) && defined(AF_INET6)
case FamilyInternet6:
#endif
2003-11-14 16:54:54 +01:00
case FamilyDECnet:
case FamilyChaos:
if ((len = CheckAddr (family, pAddr, length)) < 0)
{
client->errorValue = length;
return(BadValue);
}
break;
case FamilyLocal:
default:
client->errorValue = family;
return(BadValue);
}
for (prev = &validhosts;
(host = *prev) && (!addrEqual (family, pAddr, len, host));
prev = &host->next)
;
if (host)
{
*prev = host->next;
FreeHost (host);
}
return (Success);
}
/* Get all hosts in the access control list */
int
2003-11-14 17:49:22 +01:00
GetHosts (
pointer *data,
int *pnHosts,
int *pLen,
BOOL *pEnabled)
2003-11-14 16:54:54 +01:00
{
int len;
register int n = 0;
register unsigned char *ptr;
register HOST *host;
int nHosts = 0;
*pEnabled = AccessEnabled ? EnableAccess : DisableAccess;
for (host = validhosts; host; host = host->next)
{
nHosts++;
n += (((host->len + 3) >> 2) << 2) + sizeof(xHostEntry);
}
if (n)
{
*data = ptr = (pointer) xalloc (n);
if (!ptr)
{
return(BadAlloc);
}
for (host = validhosts; host; host = host->next)
{
len = host->len;
((xHostEntry *)ptr)->family = host->family;
((xHostEntry *)ptr)->length = len;
ptr += sizeof(xHostEntry);
acopy (host->addr, ptr, len);
ptr += ((len + 3) >> 2) << 2;
}
} else {
*data = NULL;
}
*pnHosts = nHosts;
*pLen = n;
return(Success);
}
/* Check for valid address family and length, and return address length. */
/*ARGSUSED*/
static int
2003-11-14 17:49:22 +01:00
CheckAddr (
int family,
pointer pAddr,
unsigned length)
2003-11-14 16:54:54 +01:00
{
int len;
switch (family)
{
2003-11-14 17:49:22 +01:00
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(AMTCPCONN) || defined(MNX_TCPCONN)
2003-11-14 16:54:54 +01:00
case FamilyInternet:
if (length == sizeof (struct in_addr))
len = length;
else
len = -1;
break;
#if defined(IPv6) && defined(AF_INET6)
case FamilyInternet6:
if (length == sizeof (struct in6_addr))
len = length;
else
len = -1;
break;
#endif
2003-11-14 16:54:54 +01:00
#endif
#ifdef DNETCONN
case FamilyDECnet:
{
struct dn_naddr *dnaddr = (struct dn_naddr *) pAddr;
if ((length < sizeof(dnaddr->a_len)) ||
(length < dnaddr->a_len + sizeof(dnaddr->a_len)))
len = -1;
else
len = dnaddr->a_len + sizeof(dnaddr->a_len);
if (len > sizeof(struct dn_naddr))
len = -1;
}
break;
#endif
default:
len = -1;
}
return (len);
}
/* Check if a host is not in the access control list.
* Returns 1 if host is invalid, 0 if we've found it. */
2003-11-14 17:49:22 +01:00
int
InvalidHost (
register struct sockaddr *saddr,
int len)
2003-11-14 16:54:54 +01:00
{
int family;
pointer addr;
register HOST *selfhost, *host;
if (!AccessEnabled) /* just let them in */
return(0);
family = ConvertAddr (saddr, &len, (pointer *)&addr);
if (family == -1)
return 1;
if (family == FamilyLocal)
{
if (!LocalHostEnabled)
{
/*
* check to see if any local address is enabled. This
* implicitly enables local connections.
*/
for (selfhost = selfhosts; selfhost; selfhost=selfhost->next)
{
for (host = validhosts; host; host=host->next)
{
if (addrEqual (selfhost->family, selfhost->addr,
selfhost->len, host))
return 0;
}
}
return 1;
} else
return 0;
}
for (host = validhosts; host; host = host->next)
{
if (addrEqual (family, addr, len, host))
return (0);
}
return (1);
}
static int
2003-11-14 17:49:22 +01:00
ConvertAddr (
register struct sockaddr *saddr,
int *len,
pointer *addr)
2003-11-14 16:54:54 +01:00
{
if (*len == 0)
return (FamilyLocal);
switch (saddr->sa_family)
{
case AF_UNSPEC:
2003-11-14 17:49:22 +01:00
#if defined(UNIXCONN) || defined(LOCALCONN) || defined(OS2PIPECONN)
2003-11-14 16:54:54 +01:00
case AF_UNIX:
#endif
return FamilyLocal;
2003-11-14 17:49:22 +01:00
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
2003-11-14 16:54:54 +01:00
case AF_INET:
*len = sizeof (struct in_addr);
*addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr);
return FamilyInternet;
#if defined(IPv6) && defined(AF_INET6)
case AF_INET6:
{
struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *) saddr;
if (IN6_IS_ADDR_V4MAPPED(&(saddr6->sin6_addr))) {
*len = sizeof (struct in_addr);
*addr = (pointer) &(saddr6->sin6_addr.s6_addr[12]);
return FamilyInternet;
} else {
*len = sizeof (struct in6_addr);
*addr = (pointer) &(saddr6->sin6_addr);
return FamilyInternet6;
}
}
#endif
2003-11-14 16:54:54 +01:00
#endif
#ifdef DNETCONN
case AF_DECnet:
{
struct sockaddr_dn *sdn = (struct sockaddr_dn *) saddr;
*len = sdn->sdn_nodeaddrl + sizeof(sdn->sdn_nodeaddrl);
*addr = (pointer) &(sdn->sdn_add);
}
return FamilyDECnet;
#endif
#ifdef CHAOSCONN
case AF_CHAOS:
{
not implemented
}
return FamilyChaos;
#endif
default:
return -1;
}
}
int
2003-11-14 17:49:22 +01:00
ChangeAccessControl(
ClientPtr client,
int fEnabled)
2003-11-14 16:54:54 +01:00
{
if (!AuthorizedClient(client))
return BadAccess;
AccessEnabled = fEnabled;
return Success;
}
/* returns FALSE if xhost + in effect, else TRUE */
int
2003-11-14 17:49:22 +01:00
GetAccessControl(void)
2003-11-14 16:54:54 +01:00
{
return AccessEnabled;
}