Add patch that contain Mali fixes.
[deb_xorg-server.git] / os / rpcauth.c
1 /*
2
3 Copyright 1991, 1998 The Open Group
4
5 Permission to use, copy, modify, distribute, and sell this software and its
6 documentation for any purpose is hereby granted without fee, provided that
7 the above copyright notice appear in all copies and that both that
8 copyright notice and this permission notice appear in supporting
9 documentation.
10
11 The above copyright notice and this permission notice shall be included
12 in all copies or substantial portions of the Software.
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
17 IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
18 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20 OTHER DEALINGS IN THE SOFTWARE.
21
22 Except as contained in this notice, the name of The Open Group shall
23 not be used in advertising or otherwise to promote the sale, use or
24 other dealings in this Software without prior written authorization
25 from The Open Group.
26
27 */
28
29 /*
30 * SUN-DES-1 authentication mechanism
31 * Author: Mayank Choudhary, Sun Microsystems
32 */
33
34 #ifdef HAVE_DIX_CONFIG_H
35 #include <dix-config.h>
36 #endif
37
38 #ifdef SECURE_RPC
39
40 #include <X11/X.h>
41 #include <X11/Xauth.h>
42 #include "misc.h"
43 #include "os.h"
44 #include "osdep.h"
45 #include "dixstruct.h"
46
47 #include <rpc/rpc.h>
48
49 #ifdef sun
50 /* <rpc/auth.h> only includes this if _KERNEL is #defined... */
51 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
52 #endif
53
54 static enum auth_stat why;
55
56 static char *
57 authdes_ezdecode(const char *inmsg, int len)
58 {
59 struct rpc_msg msg;
60 char cred_area[MAX_AUTH_BYTES];
61 char verf_area[MAX_AUTH_BYTES];
62 char *temp_inmsg;
63 struct svc_req r;
64 bool_t res0, res1;
65 XDR xdr;
66 SVCXPRT xprt;
67
68 temp_inmsg = malloc(len);
69 memmove(temp_inmsg, inmsg, len);
70
71 memset((char *) &msg, 0, sizeof(msg));
72 memset((char *) &r, 0, sizeof(r));
73 memset(cred_area, 0, sizeof(cred_area));
74 memset(verf_area, 0, sizeof(verf_area));
75
76 msg.rm_call.cb_cred.oa_base = cred_area;
77 msg.rm_call.cb_verf.oa_base = verf_area;
78 why = AUTH_FAILED;
79 xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE);
80
81 if ((r.rq_clntcred = malloc(MAX_AUTH_BYTES)) == NULL)
82 goto bad1;
83 r.rq_xprt = &xprt;
84
85 /* decode into msg */
86 res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred));
87 res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf));
88 if (!(res0 && res1))
89 goto bad2;
90
91 /* do the authentication */
92
93 r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */
94 if (r.rq_cred.oa_flavor != AUTH_DES) {
95 why = AUTH_TOOWEAK;
96 goto bad2;
97 }
98 #ifdef SVR4
99 if ((why = __authenticate(&r, &msg)) != AUTH_OK) {
100 #else
101 if ((why = _authenticate(&r, &msg)) != AUTH_OK) {
102 #endif
103 goto bad2;
104 }
105 return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name);
106
107 bad2:
108 free(r.rq_clntcred);
109 bad1:
110 return ((char *) 0); /* ((struct authdes_cred *) NULL); */
111 }
112
113 static XID rpc_id = (XID) ~0L;
114
115 static Bool
116 CheckNetName(unsigned char *addr, short len, pointer closure)
117 {
118 return (len == strlen((char *) closure) &&
119 strncmp((char *) addr, (char *) closure, len) == 0);
120 }
121
122 static char rpc_error[MAXNETNAMELEN + 50];
123
124 _X_HIDDEN XID
125 SecureRPCCheck(unsigned short data_length, const char *data,
126 ClientPtr client, const char **reason)
127 {
128 char *fullname;
129
130 if (rpc_id == (XID) ~0L) {
131 *reason = "Secure RPC authorization not initialized";
132 }
133 else {
134 fullname = authdes_ezdecode(data, data_length);
135 if (fullname == (char *) 0) {
136 snprintf(rpc_error, sizeof(rpc_error),
137 "Unable to authenticate secure RPC client (why=%d)", why);
138 *reason = rpc_error;
139 }
140 else {
141 if (ForEachHostInFamily(FamilyNetname, CheckNetName, fullname))
142 return rpc_id;
143 snprintf(rpc_error, sizeof(rpc_error),
144 "Principal \"%s\" is not authorized to connect", fullname);
145 *reason = rpc_error;
146 }
147 }
148 return (XID) ~0L;
149 }
150
151 _X_HIDDEN void
152 SecureRPCInit(void)
153 {
154 if (rpc_id == ~0L)
155 AddAuthorization(9, "SUN-DES-1", 0, (char *) 0);
156 }
157
158 _X_HIDDEN int
159 SecureRPCAdd(unsigned short data_length, const char *data, XID id)
160 {
161 if (data_length)
162 AddHost((pointer) 0, FamilyNetname, data_length, data);
163 rpc_id = id;
164 return 1;
165 }
166
167 _X_HIDDEN int
168 SecureRPCReset(void)
169 {
170 rpc_id = (XID) ~0L;
171 return 1;
172 }
173
174 _X_HIDDEN XID
175 SecureRPCToID(unsigned short data_length, char *data)
176 {
177 return rpc_id;
178 }
179
180 _X_HIDDEN int
181 SecureRPCFromID(XID id, unsigned short *data_lenp, char **datap)
182 {
183 return 0;
184 }
185
186 _X_HIDDEN int
187 SecureRPCRemove(unsigned short data_length, const char *data)
188 {
189 return 0;
190 }
191 #endif /* SECURE_RPC */