| 1 | /* |
| 2 | *Copyright (C) 2003-2004 Harold L Hunt II All Rights Reserved. |
| 3 | * |
| 4 | *Permission is hereby granted, free of charge, to any person obtaining |
| 5 | * a copy of this software and associated documentation files (the |
| 6 | *"Software"), to deal in the Software without restriction, including |
| 7 | *without limitation the rights to use, copy, modify, merge, publish, |
| 8 | *distribute, sublicense, and/or sell copies of the Software, and to |
| 9 | *permit persons to whom the Software is furnished to do so, subject to |
| 10 | *the following conditions: |
| 11 | * |
| 12 | *The above copyright notice and this permission notice shall be |
| 13 | *included in all copies or substantial portions of the Software. |
| 14 | * |
| 15 | *THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 16 | *EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| 17 | *MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 18 | *NONINFRINGEMENT. IN NO EVENT SHALL HAROLD L HUNT II BE LIABLE FOR |
| 19 | *ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF |
| 20 | *CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
| 21 | *WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| 22 | * |
| 23 | *Except as contained in this notice, the name of Harold L Hunt II |
| 24 | *shall not be used in advertising or otherwise to promote the sale, use |
| 25 | *or other dealings in this Software without prior written authorization |
| 26 | *from Harold L Hunt II. |
| 27 | * |
| 28 | * Authors: Harold L Hunt II |
| 29 | */ |
| 30 | |
| 31 | #ifdef HAVE_XWIN_CONFIG_H |
| 32 | #include <xwin-config.h> |
| 33 | #endif |
| 34 | |
| 35 | #include "win.h" |
| 36 | |
| 37 | /* Includes for authorization */ |
| 38 | #include "securitysrv.h" |
| 39 | #include "os/osdep.h" |
| 40 | |
| 41 | /* |
| 42 | * Constants |
| 43 | */ |
| 44 | |
| 45 | #define AUTH_NAME "MIT-MAGIC-COOKIE-1" |
| 46 | |
| 47 | /* |
| 48 | * Locals |
| 49 | */ |
| 50 | |
| 51 | static XID g_authId = 0; |
| 52 | static unsigned int g_uiAuthDataLen = 0; |
| 53 | static char *g_pAuthData = NULL; |
| 54 | |
| 55 | /* |
| 56 | * Code to generate a MIT-MAGIC-COOKIE-1, copied from under XCSECURITY |
| 57 | */ |
| 58 | |
| 59 | #ifndef XCSECURITY |
| 60 | void |
| 61 | GenerateRandomData(int len, char *buf) |
| 62 | { |
| 63 | int fd; |
| 64 | |
| 65 | fd = open("/dev/urandom", O_RDONLY); |
| 66 | read(fd, buf, len); |
| 67 | close(fd); |
| 68 | } |
| 69 | |
| 70 | static char cookie[16]; /* 128 bits */ |
| 71 | |
| 72 | XID |
| 73 | MitGenerateCookie(unsigned data_length, |
| 74 | const char *data, |
| 75 | XID id, unsigned *data_length_return, char **data_return) |
| 76 | { |
| 77 | int i = 0; |
| 78 | int status; |
| 79 | |
| 80 | while (data_length--) { |
| 81 | cookie[i++] += *data++; |
| 82 | if (i >= sizeof(cookie)) |
| 83 | i = 0; |
| 84 | } |
| 85 | GenerateRandomData(sizeof(cookie), cookie); |
| 86 | status = MitAddCookie(sizeof(cookie), cookie, id); |
| 87 | if (!status) { |
| 88 | id = -1; |
| 89 | } |
| 90 | else { |
| 91 | *data_return = cookie; |
| 92 | *data_length_return = sizeof(cookie); |
| 93 | } |
| 94 | return id; |
| 95 | } |
| 96 | |
| 97 | static |
| 98 | XID |
| 99 | GenerateAuthorization(unsigned name_length, |
| 100 | char *name, |
| 101 | unsigned data_length, |
| 102 | char *data, |
| 103 | unsigned *data_length_return, char **data_return) |
| 104 | { |
| 105 | return MitGenerateCookie(data_length, data, |
| 106 | FakeClientID(0), data_length_return, data_return); |
| 107 | } |
| 108 | #endif |
| 109 | |
| 110 | /* |
| 111 | * Generate authorization cookie for internal server clients |
| 112 | */ |
| 113 | |
| 114 | Bool |
| 115 | winGenerateAuthorization(void) |
| 116 | { |
| 117 | Bool fFreeAuth = FALSE; |
| 118 | SecurityAuthorizationPtr pAuth = NULL; |
| 119 | |
| 120 | /* Call OS layer to generate authorization key */ |
| 121 | g_authId = GenerateAuthorization(strlen(AUTH_NAME), |
| 122 | AUTH_NAME, |
| 123 | 0, NULL, &g_uiAuthDataLen, &g_pAuthData); |
| 124 | if ((XID) ~0L == g_authId) { |
| 125 | ErrorF("winGenerateAuthorization - GenerateAuthorization failed\n"); |
| 126 | goto auth_bailout; |
| 127 | } |
| 128 | |
| 129 | else { |
| 130 | winDebug("winGenerateAuthorization - GenerateAuthorization success!\n" |
| 131 | "AuthDataLen: %d AuthData: %s\n", |
| 132 | g_uiAuthDataLen, g_pAuthData); |
| 133 | } |
| 134 | |
| 135 | #ifdef XCSECURITY |
| 136 | /* Allocate structure for additional auth information */ |
| 137 | pAuth = (SecurityAuthorizationPtr) |
| 138 | malloc(sizeof(SecurityAuthorizationRec)); |
| 139 | if (!(pAuth)) { |
| 140 | ErrorF("winGenerateAuthorization - Failed allocating " |
| 141 | "SecurityAuthorizationPtr.\n"); |
| 142 | goto auth_bailout; |
| 143 | } |
| 144 | |
| 145 | /* Fill in the auth fields */ |
| 146 | pAuth->id = g_authId; |
| 147 | pAuth->timeout = 0; /* live for x seconds after refcnt == 0 */ |
| 148 | pAuth->group = None; |
| 149 | pAuth->trustLevel = XSecurityClientTrusted; |
| 150 | pAuth->refcnt = 1; /* this auth must stick around */ |
| 151 | pAuth->secondsRemaining = 0; |
| 152 | pAuth->timer = NULL; |
| 153 | pAuth->eventClients = NULL; |
| 154 | |
| 155 | /* Add the authorization to the server's auth list */ |
| 156 | if (!AddResource(g_authId, SecurityAuthorizationResType, pAuth)) { |
| 157 | ErrorF("winGenerateAuthorization - AddResource failed for auth.\n"); |
| 158 | fFreeAuth = TRUE; |
| 159 | goto auth_bailout; |
| 160 | } |
| 161 | |
| 162 | /* Don't free the auth data, since it is still used internally */ |
| 163 | pAuth = NULL; |
| 164 | #endif |
| 165 | |
| 166 | return TRUE; |
| 167 | |
| 168 | auth_bailout: |
| 169 | if (fFreeAuth) |
| 170 | free(pAuth); |
| 171 | |
| 172 | return FALSE; |
| 173 | } |
| 174 | |
| 175 | /* Use our generated cookie for authentication */ |
| 176 | void |
| 177 | winSetAuthorization(void) |
| 178 | { |
| 179 | XSetAuthorization(AUTH_NAME, |
| 180 | strlen(AUTH_NAME), g_pAuthData, g_uiAuthDataLen); |
| 181 | } |