1 /* $XConsortium: auth.c /main/27 1996/12/02 10:22:41 lehors $ */
4 Copyright (c) 1988 X Consortium
6 Permission is hereby granted, free of charge, to any person obtaining
7 a copy of this software and associated documentation files (the
8 "Software"), to deal in the Software without restriction, including
9 without limitation the rights to use, copy, modify, merge, publish,
10 distribute, sublicense, and/or sell copies of the Software, and to
11 permit persons to whom the Software is furnished to do so, subject to
12 the following conditions:
14 The above copyright notice and this permission notice shall be included
15 in all copies or substantial portions of the Software.
17 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
18 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
20 IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
21 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
22 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 OTHER DEALINGS IN THE SOFTWARE.
25 Except as contained in this notice, the name of the X Consortium shall
26 not be used in advertising or otherwise to promote the sale, use or
27 other dealings in this Software without prior written authorization
28 from the X Consortium.
33 * authorization hooks for the server
34 * Author: Keith Packard, MIT X Consortium
38 # include <krb5/krb5.h>
43 # include "dixstruct.h"
44 # include <sys/types.h>
45 # include <sys/stat.h>
47 #define _SECURITY_SERVER
48 # include "extensions/security.h"
55 unsigned short name_length;
57 int (*Add)(); /* new authorization data */
58 XID (*Check)(); /* verify client authorization data */
59 int (*Reset)(); /* delete all authorization data entries */
60 XID (*ToID)(); /* convert cookie to ID */
61 int (*FromID)(); /* convert ID to cookie */
62 int (*Remove)(); /* remove a specific cookie */
68 extern int MitAddCookie ();
69 extern XID MitCheckCookie ();
70 extern int MitResetCookie ();
71 extern XID MitToID ();
72 extern int MitFromID (), MitRemoveCookie ();
73 extern XID MitGenerateCookie();
76 extern int XdmAddCookie ();
77 extern XID XdmCheckCookie ();
78 extern int XdmResetCookie ();
79 extern XID XdmToID ();
80 extern int XdmFromID (), XdmRemoveCookie ();
84 extern int SecureRPCAdd();
85 extern XID SecureRPCCheck();
86 extern int SecureRPCReset();
87 extern XID SecureRPCToID();
88 extern int SecureRPCFromID(), SecureRPCRemove();
96 extern int K5FromID(), K5Remove();
99 extern XID AuthSecurityCheck();
101 static struct protocol protocols[] = {
102 { (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
103 MitAddCookie, MitCheckCookie, MitResetCookie,
104 MitToID, MitFromID, MitRemoveCookie,
110 { (unsigned short) 19, "XDM-AUTHORIZATION-1",
111 XdmAddCookie, XdmCheckCookie, XdmResetCookie,
112 XdmToID, XdmFromID, XdmRemoveCookie,
119 { (unsigned short) 9, "SUN-DES-1",
120 SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
121 SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
128 { (unsigned short) 14, "MIT-KERBEROS-5",
129 K5Add, K5Check, K5Reset,
130 K5ToID, K5FromID, K5Remove,
137 { (unsigned short) XSecurityAuthorizationNameLen,
138 XSecurityAuthorizationName,
139 NULL, AuthSecurityCheck, NULL,
146 # define NUM_AUTHORIZATION (sizeof (protocols) /\
147 sizeof (struct protocol))
150 * Initialize all classes of authorization by reading the
151 * specified authorization file
154 static char *authorization_file = (char *)NULL;
156 static Bool ShouldLoadAuth = TRUE;
159 InitAuthorization (file_name)
162 authorization_file = file_name;
173 ShouldLoadAuth = FALSE;
174 if (!authorization_file)
176 f = fopen (authorization_file, "r");
179 while (auth = XauReadAuth (f)) {
180 for (i = 0; i < NUM_AUTHORIZATION; i++) {
181 if (protocols[i].name_length == auth->name_length &&
182 memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
186 (*protocols[i].Add) (auth->data_length, auth->data,
190 XauDisposeAuth (auth);
198 * XdmcpInit calls this function to discover all authorization
199 * schemes supported by the display
202 RegisterAuthorizations ()
206 for (i = 0; i < NUM_AUTHORIZATION; i++)
207 XdmcpRegisterAuthorization (protocols[i].name,
208 (int)protocols[i].name_length);
213 CheckAuthorization (name_length, name, data_length, data, client, reason)
214 unsigned int name_length;
216 unsigned int data_length;
219 char **reason; /* failure message. NULL for default msg */
223 static time_t lastmod = 0;
225 if (!authorization_file || stat(authorization_file, &buf))
228 ShouldLoadAuth = TRUE; /* stat lost, so force reload */
230 else if (buf.st_mtime > lastmod)
232 lastmod = buf.st_mtime;
233 ShouldLoadAuth = TRUE;
237 if (LoadAuthorization())
238 DisableLocalHost(); /* got at least one */
243 for (i = 0; i < NUM_AUTHORIZATION; i++) {
244 if (protocols[i].name_length == name_length &&
245 memcmp (protocols[i].name, name, (int) name_length) == 0)
247 return (*protocols[i].Check) (data_length, data, client, reason);
254 ResetAuthorization ()
258 for (i = 0; i < NUM_AUTHORIZATION; i++)
259 if (protocols[i].Reset)
260 (*protocols[i].Reset)();
261 ShouldLoadAuth = TRUE;
265 AuthorizationToID (name_length, name, data_length, data)
266 unsigned short name_length;
268 unsigned short data_length;
273 for (i = 0; i < NUM_AUTHORIZATION; i++) {
274 if (protocols[i].name_length == name_length &&
275 memcmp (protocols[i].name, name, (int) name_length) == 0 &&
278 return (*protocols[i].ToID) (data_length, data);
285 AuthorizationFromID (id, name_lenp, namep, data_lenp, datap)
287 unsigned short *name_lenp;
289 unsigned short *data_lenp;
294 for (i = 0; i < NUM_AUTHORIZATION; i++) {
295 if (protocols[i].FromID &&
296 (*protocols[i].FromID) (id, data_lenp, datap)) {
297 *name_lenp = protocols[i].name_length;
298 *namep = protocols[i].name;
306 RemoveAuthorization (name_length, name, data_length, data)
307 unsigned short name_length;
309 unsigned short data_length;
314 for (i = 0; i < NUM_AUTHORIZATION; i++) {
315 if (protocols[i].name_length == name_length &&
316 memcmp (protocols[i].name, name, (int) name_length) == 0 &&
319 return (*protocols[i].Remove) (data_length, data);
326 AddAuthorization (name_length, name, data_length, data)
327 unsigned int name_length;
329 unsigned int data_length;
334 for (i = 0; i < NUM_AUTHORIZATION; i++) {
335 if (protocols[i].name_length == name_length &&
336 memcmp (protocols[i].name, name, (int) name_length) == 0 &&
339 return (*protocols[i].Add) (data_length, data, FakeClientID(0));
348 GenerateAuthorization(name_length, name, data_length, data,
349 data_length_return, data_return)
350 unsigned int name_length;
352 unsigned int data_length;
354 unsigned int *data_length_return;
359 for (i = 0; i < NUM_AUTHORIZATION; i++) {
360 if (protocols[i].name_length == name_length &&
361 memcmp (protocols[i].name, name, (int) name_length) == 0 &&
362 protocols[i].Generate)
364 return (*protocols[i].Generate) (data_length, data,
365 FakeClientID(0), data_length_return, data_return);
371 /* A random number generator that is more unpredictable
372 than that shipped with some systems.
373 This code is taken from the C standard. */
375 static unsigned long int next = 1;
380 next = next * 1103515245 + 12345;
381 return (unsigned int)(next/65536) % 32768;
392 GenerateRandomData (len, buf)
400 seed += GetTimeInMillis();
402 for (i = 0; i < len; i++)
405 buf[i] ^= (value & 0xff00) >> 8;
408 /* XXX add getrusage, popen("ps -ale") */
411 #endif /* XCSECURITY */