Commit | Line | Data |
---|---|---|
a09e091a JB |
1 | /* |
2 | ||
3 | Copyright 1991, 1998 The Open Group | |
4 | ||
5 | Permission to use, copy, modify, distribute, and sell this software and its | |
6 | documentation for any purpose is hereby granted without fee, provided that | |
7 | the above copyright notice appear in all copies and that both that | |
8 | copyright notice and this permission notice appear in supporting | |
9 | documentation. | |
10 | ||
11 | The above copyright notice and this permission notice shall be included | |
12 | in all copies or substantial portions of the Software. | |
13 | ||
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
15 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |
16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | |
17 | IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR | |
18 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | |
19 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | |
20 | OTHER DEALINGS IN THE SOFTWARE. | |
21 | ||
22 | Except as contained in this notice, the name of The Open Group shall | |
23 | not be used in advertising or otherwise to promote the sale, use or | |
24 | other dealings in this Software without prior written authorization | |
25 | from The Open Group. | |
26 | ||
27 | */ | |
28 | ||
29 | /* | |
30 | * SUN-DES-1 authentication mechanism | |
31 | * Author: Mayank Choudhary, Sun Microsystems | |
32 | */ | |
33 | ||
34 | #ifdef HAVE_DIX_CONFIG_H | |
35 | #include <dix-config.h> | |
36 | #endif | |
37 | ||
38 | #ifdef SECURE_RPC | |
39 | ||
40 | #include <X11/X.h> | |
41 | #include <X11/Xauth.h> | |
42 | #include "misc.h" | |
43 | #include "os.h" | |
44 | #include "osdep.h" | |
45 | #include "dixstruct.h" | |
46 | ||
47 | #include <rpc/rpc.h> | |
48 | ||
49 | #ifdef sun | |
50 | /* <rpc/auth.h> only includes this if _KERNEL is #defined... */ | |
51 | extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); | |
52 | #endif | |
53 | ||
54 | static enum auth_stat why; | |
55 | ||
56 | static char * | |
57 | authdes_ezdecode(const char *inmsg, int len) | |
58 | { | |
59 | struct rpc_msg msg; | |
60 | char cred_area[MAX_AUTH_BYTES]; | |
61 | char verf_area[MAX_AUTH_BYTES]; | |
62 | char *temp_inmsg; | |
63 | struct svc_req r; | |
64 | bool_t res0, res1; | |
65 | XDR xdr; | |
66 | SVCXPRT xprt; | |
67 | ||
68 | temp_inmsg = malloc(len); | |
69 | memmove(temp_inmsg, inmsg, len); | |
70 | ||
71 | memset((char *) &msg, 0, sizeof(msg)); | |
72 | memset((char *) &r, 0, sizeof(r)); | |
73 | memset(cred_area, 0, sizeof(cred_area)); | |
74 | memset(verf_area, 0, sizeof(verf_area)); | |
75 | ||
76 | msg.rm_call.cb_cred.oa_base = cred_area; | |
77 | msg.rm_call.cb_verf.oa_base = verf_area; | |
78 | why = AUTH_FAILED; | |
79 | xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); | |
80 | ||
81 | if ((r.rq_clntcred = malloc(MAX_AUTH_BYTES)) == NULL) | |
82 | goto bad1; | |
83 | r.rq_xprt = &xprt; | |
84 | ||
85 | /* decode into msg */ | |
86 | res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); | |
87 | res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf)); | |
88 | if (!(res0 && res1)) | |
89 | goto bad2; | |
90 | ||
91 | /* do the authentication */ | |
92 | ||
93 | r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */ | |
94 | if (r.rq_cred.oa_flavor != AUTH_DES) { | |
95 | why = AUTH_TOOWEAK; | |
96 | goto bad2; | |
97 | } | |
98 | #ifdef SVR4 | |
99 | if ((why = __authenticate(&r, &msg)) != AUTH_OK) { | |
100 | #else | |
101 | if ((why = _authenticate(&r, &msg)) != AUTH_OK) { | |
102 | #endif | |
103 | goto bad2; | |
104 | } | |
105 | return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name); | |
106 | ||
107 | bad2: | |
108 | free(r.rq_clntcred); | |
109 | bad1: | |
110 | return ((char *) 0); /* ((struct authdes_cred *) NULL); */ | |
111 | } | |
112 | ||
113 | static XID rpc_id = (XID) ~0L; | |
114 | ||
115 | static Bool | |
116 | CheckNetName(unsigned char *addr, short len, pointer closure) | |
117 | { | |
118 | return (len == strlen((char *) closure) && | |
119 | strncmp((char *) addr, (char *) closure, len) == 0); | |
120 | } | |
121 | ||
122 | static char rpc_error[MAXNETNAMELEN + 50]; | |
123 | ||
124 | _X_HIDDEN XID | |
125 | SecureRPCCheck(unsigned short data_length, const char *data, | |
126 | ClientPtr client, const char **reason) | |
127 | { | |
128 | char *fullname; | |
129 | ||
130 | if (rpc_id == (XID) ~0L) { | |
131 | *reason = "Secure RPC authorization not initialized"; | |
132 | } | |
133 | else { | |
134 | fullname = authdes_ezdecode(data, data_length); | |
135 | if (fullname == (char *) 0) { | |
136 | snprintf(rpc_error, sizeof(rpc_error), | |
137 | "Unable to authenticate secure RPC client (why=%d)", why); | |
138 | *reason = rpc_error; | |
139 | } | |
140 | else { | |
141 | if (ForEachHostInFamily(FamilyNetname, CheckNetName, fullname)) | |
142 | return rpc_id; | |
143 | snprintf(rpc_error, sizeof(rpc_error), | |
144 | "Principal \"%s\" is not authorized to connect", fullname); | |
145 | *reason = rpc_error; | |
146 | } | |
147 | } | |
148 | return (XID) ~0L; | |
149 | } | |
150 | ||
151 | _X_HIDDEN void | |
152 | SecureRPCInit(void) | |
153 | { | |
154 | if (rpc_id == ~0L) | |
155 | AddAuthorization(9, "SUN-DES-1", 0, (char *) 0); | |
156 | } | |
157 | ||
158 | _X_HIDDEN int | |
159 | SecureRPCAdd(unsigned short data_length, const char *data, XID id) | |
160 | { | |
161 | if (data_length) | |
162 | AddHost((pointer) 0, FamilyNetname, data_length, data); | |
163 | rpc_id = id; | |
164 | return 1; | |
165 | } | |
166 | ||
167 | _X_HIDDEN int | |
168 | SecureRPCReset(void) | |
169 | { | |
170 | rpc_id = (XID) ~0L; | |
171 | return 1; | |
172 | } | |
173 | ||
174 | _X_HIDDEN XID | |
175 | SecureRPCToID(unsigned short data_length, char *data) | |
176 | { | |
177 | return rpc_id; | |
178 | } | |
179 | ||
180 | _X_HIDDEN int | |
181 | SecureRPCFromID(XID id, unsigned short *data_lenp, char **datap) | |
182 | { | |
183 | return 0; | |
184 | } | |
185 | ||
186 | _X_HIDDEN int | |
187 | SecureRPCRemove(unsigned short data_length, const char *data) | |
188 | { | |
189 | return 0; | |
190 | } | |
191 | #endif /* SECURE_RPC */ |