412 lines
9.1 KiB
C
412 lines
9.1 KiB
C
/* $Xorg: auth.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
|
|
/*
|
|
|
|
Copyright 1988, 1998 The Open Group
|
|
|
|
Permission to use, copy, modify, distribute, and sell this software and its
|
|
documentation for any purpose is hereby granted without fee, provided that
|
|
the above copyright notice appear in all copies and that both that
|
|
copyright notice and this permission notice appear in supporting
|
|
documentation.
|
|
|
|
The above copyright notice and this permission notice shall be included
|
|
in all copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
|
IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
|
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
|
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
Except as contained in this notice, the name of The Open Group shall
|
|
not be used in advertising or otherwise to promote the sale, use or
|
|
other dealings in this Software without prior written authorization
|
|
from The Open Group.
|
|
|
|
*/
|
|
|
|
/*
|
|
* authorization hooks for the server
|
|
* Author: Keith Packard, MIT X Consortium
|
|
*/
|
|
|
|
#ifdef K5AUTH
|
|
# include <krb5/krb5.h>
|
|
#endif
|
|
# include "X.h"
|
|
# include "Xauth.h"
|
|
# include "misc.h"
|
|
# include "dixstruct.h"
|
|
# include <sys/types.h>
|
|
# include <sys/stat.h>
|
|
#ifdef XCSECURITY
|
|
#define _SECURITY_SERVER
|
|
# include "extensions/security.h"
|
|
#endif
|
|
#ifdef WIN32
|
|
#include "Xw32defs.h"
|
|
#endif
|
|
|
|
struct protocol {
|
|
unsigned short name_length;
|
|
char *name;
|
|
int (*Add)(); /* new authorization data */
|
|
XID (*Check)(); /* verify client authorization data */
|
|
int (*Reset)(); /* delete all authorization data entries */
|
|
XID (*ToID)(); /* convert cookie to ID */
|
|
int (*FromID)(); /* convert ID to cookie */
|
|
int (*Remove)(); /* remove a specific cookie */
|
|
#ifdef XCSECURITY
|
|
XID (*Generate)();
|
|
#endif
|
|
};
|
|
|
|
extern int MitAddCookie ();
|
|
extern XID MitCheckCookie ();
|
|
extern int MitResetCookie ();
|
|
extern XID MitToID ();
|
|
extern int MitFromID (), MitRemoveCookie ();
|
|
extern XID MitGenerateCookie();
|
|
|
|
#ifdef HASXDMAUTH
|
|
extern int XdmAddCookie ();
|
|
extern XID XdmCheckCookie ();
|
|
extern int XdmResetCookie ();
|
|
extern XID XdmToID ();
|
|
extern int XdmFromID (), XdmRemoveCookie ();
|
|
#endif
|
|
|
|
#ifdef SECURE_RPC
|
|
extern int SecureRPCAdd();
|
|
extern XID SecureRPCCheck();
|
|
extern int SecureRPCReset();
|
|
extern XID SecureRPCToID();
|
|
extern int SecureRPCFromID(), SecureRPCRemove();
|
|
#endif
|
|
|
|
#ifdef K5AUTH
|
|
extern int K5Add();
|
|
extern XID K5Check();
|
|
extern int K5Reset();
|
|
extern XID K5ToID();
|
|
extern int K5FromID(), K5Remove();
|
|
#endif
|
|
|
|
extern XID AuthSecurityCheck();
|
|
|
|
static struct protocol protocols[] = {
|
|
{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
|
|
MitAddCookie, MitCheckCookie, MitResetCookie,
|
|
MitToID, MitFromID, MitRemoveCookie,
|
|
#ifdef XCSECURITY
|
|
MitGenerateCookie
|
|
#endif
|
|
},
|
|
#ifdef HASXDMAUTH
|
|
{ (unsigned short) 19, "XDM-AUTHORIZATION-1",
|
|
XdmAddCookie, XdmCheckCookie, XdmResetCookie,
|
|
XdmToID, XdmFromID, XdmRemoveCookie,
|
|
#ifdef XCSECURITY
|
|
NULL
|
|
#endif
|
|
},
|
|
#endif
|
|
#ifdef SECURE_RPC
|
|
{ (unsigned short) 9, "SUN-DES-1",
|
|
SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
|
|
SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
|
|
#ifdef XCSECURITY
|
|
NULL
|
|
#endif
|
|
},
|
|
#endif
|
|
#ifdef K5AUTH
|
|
{ (unsigned short) 14, "MIT-KERBEROS-5",
|
|
K5Add, K5Check, K5Reset,
|
|
K5ToID, K5FromID, K5Remove,
|
|
#ifdef XCSECURITY
|
|
NULL
|
|
#endif
|
|
},
|
|
#endif
|
|
#ifdef XCSECURITY
|
|
{ (unsigned short) XSecurityAuthorizationNameLen,
|
|
XSecurityAuthorizationName,
|
|
NULL, AuthSecurityCheck, NULL,
|
|
NULL, NULL, NULL,
|
|
NULL
|
|
},
|
|
#endif
|
|
};
|
|
|
|
# define NUM_AUTHORIZATION (sizeof (protocols) /\
|
|
sizeof (struct protocol))
|
|
|
|
/*
|
|
* Initialize all classes of authorization by reading the
|
|
* specified authorization file
|
|
*/
|
|
|
|
static char *authorization_file = (char *)NULL;
|
|
|
|
static Bool ShouldLoadAuth = TRUE;
|
|
|
|
void
|
|
InitAuthorization (file_name)
|
|
char *file_name;
|
|
{
|
|
authorization_file = file_name;
|
|
}
|
|
|
|
int
|
|
LoadAuthorization ()
|
|
{
|
|
FILE *f;
|
|
Xauth *auth;
|
|
int i;
|
|
int count = 0;
|
|
|
|
ShouldLoadAuth = FALSE;
|
|
if (!authorization_file)
|
|
return 0;
|
|
f = fopen (authorization_file, "r");
|
|
if (!f)
|
|
return 0;
|
|
while (auth = XauReadAuth (f)) {
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].name_length == auth->name_length &&
|
|
memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
|
|
protocols[i].Add)
|
|
{
|
|
++count;
|
|
(*protocols[i].Add) (auth->data_length, auth->data,
|
|
FakeClientID(0));
|
|
}
|
|
}
|
|
XauDisposeAuth (auth);
|
|
}
|
|
fclose (f);
|
|
return count;
|
|
}
|
|
|
|
#ifdef XDMCP
|
|
/*
|
|
* XdmcpInit calls this function to discover all authorization
|
|
* schemes supported by the display
|
|
*/
|
|
void
|
|
RegisterAuthorizations ()
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++)
|
|
XdmcpRegisterAuthorization (protocols[i].name,
|
|
(int)protocols[i].name_length);
|
|
}
|
|
#endif
|
|
|
|
XID
|
|
CheckAuthorization (name_length, name, data_length, data, client, reason)
|
|
unsigned int name_length;
|
|
char *name;
|
|
unsigned int data_length;
|
|
char *data;
|
|
ClientPtr client;
|
|
char **reason; /* failure message. NULL for default msg */
|
|
{
|
|
int i;
|
|
struct stat buf;
|
|
static time_t lastmod = 0;
|
|
|
|
if (!authorization_file || stat(authorization_file, &buf))
|
|
{
|
|
if (lastmod != 0) {
|
|
lastmod = 0;
|
|
ShouldLoadAuth = TRUE; /* stat lost, so force reload */
|
|
}
|
|
}
|
|
else if (buf.st_mtime > lastmod)
|
|
{
|
|
lastmod = buf.st_mtime;
|
|
ShouldLoadAuth = TRUE;
|
|
}
|
|
if (ShouldLoadAuth)
|
|
{
|
|
if (LoadAuthorization())
|
|
DisableLocalHost(); /* got at least one */
|
|
else
|
|
EnableLocalHost ();
|
|
}
|
|
if (name_length)
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].name_length == name_length &&
|
|
memcmp (protocols[i].name, name, (int) name_length) == 0)
|
|
{
|
|
return (*protocols[i].Check) (data_length, data, client, reason);
|
|
}
|
|
}
|
|
return (XID) ~0L;
|
|
}
|
|
|
|
void
|
|
ResetAuthorization ()
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++)
|
|
if (protocols[i].Reset)
|
|
(*protocols[i].Reset)();
|
|
ShouldLoadAuth = TRUE;
|
|
}
|
|
|
|
XID
|
|
AuthorizationToID (name_length, name, data_length, data)
|
|
unsigned short name_length;
|
|
char *name;
|
|
unsigned short data_length;
|
|
char *data;
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].name_length == name_length &&
|
|
memcmp (protocols[i].name, name, (int) name_length) == 0 &&
|
|
protocols[i].ToID)
|
|
{
|
|
return (*protocols[i].ToID) (data_length, data);
|
|
}
|
|
}
|
|
return (XID) ~0L;
|
|
}
|
|
|
|
int
|
|
AuthorizationFromID (id, name_lenp, namep, data_lenp, datap)
|
|
XID id;
|
|
unsigned short *name_lenp;
|
|
char **namep;
|
|
unsigned short *data_lenp;
|
|
char **datap;
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].FromID &&
|
|
(*protocols[i].FromID) (id, data_lenp, datap)) {
|
|
*name_lenp = protocols[i].name_length;
|
|
*namep = protocols[i].name;
|
|
return 1;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
RemoveAuthorization (name_length, name, data_length, data)
|
|
unsigned short name_length;
|
|
char *name;
|
|
unsigned short data_length;
|
|
char *data;
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].name_length == name_length &&
|
|
memcmp (protocols[i].name, name, (int) name_length) == 0 &&
|
|
protocols[i].Remove)
|
|
{
|
|
return (*protocols[i].Remove) (data_length, data);
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
AddAuthorization (name_length, name, data_length, data)
|
|
unsigned int name_length;
|
|
char *name;
|
|
unsigned int data_length;
|
|
char *data;
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].name_length == name_length &&
|
|
memcmp (protocols[i].name, name, (int) name_length) == 0 &&
|
|
protocols[i].Add)
|
|
{
|
|
return (*protocols[i].Add) (data_length, data, FakeClientID(0));
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
#ifdef XCSECURITY
|
|
|
|
XID
|
|
GenerateAuthorization(name_length, name, data_length, data,
|
|
data_length_return, data_return)
|
|
unsigned int name_length;
|
|
char *name;
|
|
unsigned int data_length;
|
|
char *data;
|
|
unsigned int *data_length_return;
|
|
char **data_return;
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < NUM_AUTHORIZATION; i++) {
|
|
if (protocols[i].name_length == name_length &&
|
|
memcmp (protocols[i].name, name, (int) name_length) == 0 &&
|
|
protocols[i].Generate)
|
|
{
|
|
return (*protocols[i].Generate) (data_length, data,
|
|
FakeClientID(0), data_length_return, data_return);
|
|
}
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
/* A random number generator that is more unpredictable
|
|
than that shipped with some systems.
|
|
This code is taken from the C standard. */
|
|
|
|
static unsigned long int next = 1;
|
|
|
|
static int
|
|
xdm_rand()
|
|
{
|
|
next = next * 1103515245 + 12345;
|
|
return (unsigned int)(next/65536) % 32768;
|
|
}
|
|
|
|
static void
|
|
xdm_srand(seed)
|
|
unsigned int seed;
|
|
{
|
|
next = seed;
|
|
}
|
|
|
|
void
|
|
GenerateRandomData (len, buf)
|
|
int len;
|
|
char *buf;
|
|
{
|
|
static int seed;
|
|
int value;
|
|
int i;
|
|
|
|
seed += GetTimeInMillis();
|
|
xdm_srand (seed);
|
|
for (i = 0; i < len; i++)
|
|
{
|
|
value = xdm_rand ();
|
|
buf[i] ^= (value & 0xff00) >> 8;
|
|
}
|
|
|
|
/* XXX add getrusage, popen("ps -ale") */
|
|
}
|
|
|
|
#endif /* XCSECURITY */
|