--- /dev/null
+/* $XConsortium: secauth.c /main/4 1996/11/27 16:57:14 swick $ */
+/*
+Copyright (c) 1996 X Consortium
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of the X Consortium shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from the X Consortium.
+*/
+
+#include "X.h"
+#include "os.h"
+#include "osdep.h"
+#include "dixstruct.h"
+
+/*================================================================
+ BEGIN ORL VNC modification
+ Need function prototype for SecurityGetSitePolicyStrings even when
+ XCSECURITY isn't defined */
+
+/* REMOVE
+#ifdef XCSECURITY
+*/
+#define _SECURITY_SERVER
+#include "extensions/security.h"
+/* REMOVE
+#endif
+*/
+
+/* END ORL VNC modification
+================================================================*/
+
+static char InvalidPolicyReason[] = "invalid policy specification";
+static char PolicyViolationReason[] = "policy violation";
+
+static Bool
+AuthCheckSitePolicy(data_lengthP, dataP, client, reason)
+ unsigned short *data_lengthP;
+ char **dataP;
+ ClientPtr client;
+ char **reason;
+{
+ char *policy = *dataP;
+ int length;
+ Bool permit;
+ int nPolicies;
+ char **sitePolicies;
+ int nSitePolicies;
+ Bool found = FALSE;
+
+ if ((length = *data_lengthP) < 2) {
+ *reason = InvalidPolicyReason;
+ return FALSE;
+ }
+
+ permit = (*policy++ == 0);
+ nPolicies = *policy++;
+
+ length -= 2;
+
+ sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
+
+ while (nPolicies) {
+ int strLen, sitePolicy;
+
+ if (length == 0) {
+ *reason = InvalidPolicyReason;
+ return FALSE;
+ }
+
+ strLen = *policy++;
+ if (--length < strLen) {
+ *reason = InvalidPolicyReason;
+ return FALSE;
+ }
+
+ if (!found)
+ {
+ for (sitePolicy = 0; sitePolicy < nSitePolicies; sitePolicy++)
+ {
+ char *testPolicy = sitePolicies[sitePolicy];
+ if ((strLen == strlen(testPolicy)) &&
+ (strncmp(policy, testPolicy, strLen) == 0))
+ {
+ found = TRUE; /* need to continue parsing the policy... */
+ break;
+ }
+ }
+ }
+
+ policy += strLen;
+ length -= strLen;
+ nPolicies--;
+ }
+
+ if (found != permit)
+ {
+ *reason = PolicyViolationReason;
+ return FALSE;
+ }
+
+ *data_lengthP = length;
+ *dataP = policy;
+ return TRUE;
+}
+
+XID
+AuthSecurityCheck (data_length, data, client, reason)
+ unsigned short data_length;
+ char *data;
+ ClientPtr client;
+ char **reason;
+{
+#ifdef XCSECURITY
+ OsCommPtr oc = (OsCommPtr)client->osPrivate;
+ register ConnectionInputPtr oci = oc->input;
+ xConnSetupPrefix csp;
+ xReq freq;
+
+ if (client->clientState == ClientStateCheckedSecurity)
+ {
+ *reason = "repeated security check not permitted";
+ return (XID) -1;
+ }
+ else if (data_length > 0)
+ {
+ char policy_mask = *data++;
+
+ if (--data_length == 1) {
+ *reason = InvalidPolicyReason;
+ return (XID) -1;
+ }
+
+ if (policy_mask & 0x01) /* Extensions policy */
+ {
+ /* AuthCheckExtensionPolicy(&data_length, &data, client, reason) */
+ *reason = "security policy not implemented";
+ return (XID) -1;
+ }
+
+ if (policy_mask & 0x02) /* Site policy */
+ {
+ if (!AuthCheckSitePolicy(&data_length, &data, client, reason))
+ return (XID) -1;
+ }
+
+ if (data_length > 0) { /* did we consume the whole policy? */
+ *reason = InvalidPolicyReason;
+ return (XID) -1;
+ }
+
+ }
+ else if (!GetAccessControl())
+ {
+ *reason = "server host access control is disabled";
+ return (XID) -1;
+ }
+
+ client->clientState = ClientStateCheckingSecurity;
+
+ csp.success = 2 /* Authenticate */;
+ csp.lengthReason = 0;
+ csp.length = 0;
+ csp.majorVersion = X_PROTOCOL;
+ csp.minorVersion = X_PROTOCOL_REVISION;
+ if (client->swapped)
+ WriteSConnSetupPrefix(client, &csp);
+ else
+ (void)WriteToClient(client, sz_xConnSetupPrefix, (char *) &csp);
+
+ /*
+ * Next time the client sends the real auth data, we want
+ * ProcEstablishConnection to be called.
+ */
+
+ freq.reqType = 1;
+ freq.length = (sz_xReq + sz_xConnClientPrefix) >> 2;
+ client->swapped = FALSE;
+ if (!InsertFakeRequest(client, (char *)&freq, sz_xReq))
+ {
+ *reason = "internal error";
+ return (XID) -1;
+ }
+
+ return (XID) 0;
+#else
+ *reason = "method not supported";
+ return (XID) -1;
+#endif
+}