3 Copyright 1988, 1998 The Open Group
5 Permission to use, copy, modify, distribute, and sell this software and its
6 documentation for any purpose is hereby granted without fee, provided that
7 the above copyright notice appear in all copies and that both that
8 copyright notice and this permission notice appear in supporting
11 The above copyright notice and this permission notice shall be included
12 in all copies or substantial portions of the Software.
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
17 IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
18 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20 OTHER DEALINGS IN THE SOFTWARE.
22 Except as contained in this notice, the name of The Open Group shall
23 not be used in advertising or otherwise to promote the sale, use or
24 other dealings in this Software without prior written authorization
30 * authorization hooks for the server
31 * Author: Keith Packard, MIT X Consortium
34 #ifdef HAVE_DIX_CONFIG_H
35 #include <dix-config.h>
39 #include <X11/Xauth.h>
42 #include "dixstruct.h"
43 #include <sys/types.h>
46 #include <X11/Xw32defs.h>
50 unsigned short name_length
;
52 AuthAddCFunc Add
; /* new authorization data */
53 AuthCheckFunc Check
; /* verify client authorization data */
54 AuthRstCFunc Reset
; /* delete all authorization data entries */
55 AuthToIDFunc ToID
; /* convert cookie to ID */
56 AuthFromIDFunc FromID
; /* convert ID to cookie */
57 AuthRemCFunc Remove
; /* remove a specific cookie */
59 AuthGenCFunc Generate
;
63 static struct protocol protocols
[] = {
64 {(unsigned short) 18, "MIT-MAGIC-COOKIE-1",
65 MitAddCookie
, MitCheckCookie
, MitResetCookie
,
66 MitToID
, MitFromID
, MitRemoveCookie
,
72 {(unsigned short) 19, "XDM-AUTHORIZATION-1",
73 XdmAddCookie
, XdmCheckCookie
, XdmResetCookie
,
74 XdmToID
, XdmFromID
, XdmRemoveCookie
,
81 {(unsigned short) 9, "SUN-DES-1",
82 SecureRPCAdd
, SecureRPCCheck
, SecureRPCReset
,
83 SecureRPCToID
, SecureRPCFromID
, SecureRPCRemove
,
91 #define NUM_AUTHORIZATION (sizeof (protocols) /\
92 sizeof (struct protocol))
95 * Initialize all classes of authorization by reading the
96 * specified authorization file
99 static char *authorization_file
= (char *) NULL
;
101 static Bool ShouldLoadAuth
= TRUE
;
104 InitAuthorization(char *file_name
)
106 authorization_file
= file_name
;
110 LoadAuthorization(void)
117 ShouldLoadAuth
= FALSE
;
118 if (!authorization_file
)
121 f
= Fopen(authorization_file
, "r");
125 while ((auth
= XauReadAuth(f
)) != 0) {
126 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++) {
127 if (protocols
[i
].name_length
== auth
->name_length
&&
128 memcmp(protocols
[i
].name
, auth
->name
,
129 (int) auth
->name_length
) == 0 && protocols
[i
].Add
) {
131 (*protocols
[i
].Add
) (auth
->data_length
, auth
->data
,
135 XauDisposeAuth(auth
);
144 * XdmcpInit calls this function to discover all authorization
145 * schemes supported by the display
148 RegisterAuthorizations(void)
152 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++)
153 XdmcpRegisterAuthorization(protocols
[i
].name
,
154 (int) protocols
[i
].name_length
);
159 CheckAuthorization(unsigned int name_length
,
161 unsigned int data_length
,
162 const char *data
, ClientPtr client
, const char **reason
)
163 { /* failure message. NULL for default msg */
166 static time_t lastmod
= 0;
167 static Bool loaded
= FALSE
;
169 if (!authorization_file
|| stat(authorization_file
, &buf
)) {
172 ShouldLoadAuth
= TRUE
; /* stat lost, so force reload */
175 else if (buf
.st_mtime
> lastmod
) {
176 lastmod
= buf
.st_mtime
;
177 ShouldLoadAuth
= TRUE
;
179 if (ShouldLoadAuth
) {
180 int loadauth
= LoadAuthorization();
183 * If the authorization file has at least one entry for this server,
184 * disable local host access. (loadauth > 0)
186 * If there are zero entries (either initially or when the
187 * authorization file is later reloaded), or if a valid
188 * authorization file was never loaded, enable local host access.
189 * (loadauth == 0 || !loaded)
191 * If the authorization file was loaded initially (with valid
192 * entries for this server), and reloading it later fails, don't
193 * change anything. (loadauth == -1 && loaded)
197 DisableLocalHost(); /* got at least one */
200 else if (loadauth
== 0 || !loaded
)
204 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++) {
205 if (protocols
[i
].name_length
== name_length
&&
206 memcmp(protocols
[i
].name
, name
, (int) name_length
) == 0) {
207 return (*protocols
[i
].Check
) (data_length
, data
, client
,
210 *reason
= "Protocol not supported by server\n";
214 *reason
= "No protocol specified\n";
219 ResetAuthorization(void)
223 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++)
224 if (protocols
[i
].Reset
)
225 (*protocols
[i
].Reset
) ();
226 ShouldLoadAuth
= TRUE
;
230 AuthorizationFromID(XID id
,
231 unsigned short *name_lenp
,
232 const char **namep
, unsigned short *data_lenp
, char **datap
)
236 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++) {
237 if (protocols
[i
].FromID
&&
238 (*protocols
[i
].FromID
) (id
, data_lenp
, datap
)) {
239 *name_lenp
= protocols
[i
].name_length
;
240 *namep
= protocols
[i
].name
;
248 RemoveAuthorization(unsigned short name_length
,
250 unsigned short data_length
, const char *data
)
254 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++) {
255 if (protocols
[i
].name_length
== name_length
&&
256 memcmp(protocols
[i
].name
, name
, (int) name_length
) == 0 &&
257 protocols
[i
].Remove
) {
258 return (*protocols
[i
].Remove
) (data_length
, data
);
265 AddAuthorization(unsigned name_length
, const char *name
,
266 unsigned data_length
, char *data
)
270 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++) {
271 if (protocols
[i
].name_length
== name_length
&&
272 memcmp(protocols
[i
].name
, name
, (int) name_length
) == 0 &&
274 return (*protocols
[i
].Add
) (data_length
, data
, FakeClientID(0));
283 GenerateAuthorization(unsigned name_length
,
285 unsigned data_length
,
287 unsigned *data_length_return
, char **data_return
)
291 for (i
= 0; i
< NUM_AUTHORIZATION
; i
++) {
292 if (protocols
[i
].name_length
== name_length
&&
293 memcmp(protocols
[i
].name
, name
, (int) name_length
) == 0 &&
294 protocols
[i
].Generate
) {
295 return (*protocols
[i
].Generate
) (data_length
, data
,
297 data_length_return
, data_return
);
304 GenerateRandomData(int len
, char *buf
)
308 fd
= open("/dev/urandom", O_RDONLY
);
313 #endif /* XCSECURITY */