summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authorKaleb Keithley <kaleb@freedesktop.org>2003-11-14 15:54:55 +0000
committerKaleb Keithley <kaleb@freedesktop.org>2003-11-14 15:54:55 +0000
commitc8ddd5d82a72167de6e0a544b55f9b03ab93053e (patch)
tree878ae3ddd67e48798427db3d709940a664801cd0 /auth.c
R6.6 is the Xorg base-lineXORG-MAIN
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c254
1 files changed, 254 insertions, 0 deletions
diff --git a/auth.c b/auth.c
new file mode 100644
index 0000000..beb9b77
--- /dev/null
+++ b/auth.c
@@ -0,0 +1,254 @@
+/* $Xorg: auth.c,v 1.4 2001/02/09 02:05:59 xorgcvs Exp $ */
+/******************************************************************************
+
+Copyright 1993, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+******************************************************************************/
+
+#include "xsm.h"
+
+#include <X11/ICE/ICEutil.h>
+
+static char *addAuthFile = NULL;
+static char *remAuthFile = NULL;
+
+
+
+/*
+ * Host Based Authentication Callback. This callback is invoked if
+ * the connecting client can't offer any authentication methods that
+ * we can accept. We can accept/reject based on the hostname.
+ */
+
+Bool
+HostBasedAuthProc (hostname)
+
+char *hostname;
+
+{
+ return (0); /* For now, we don't support host based authentication */
+}
+
+
+
+/*
+ * We use temporary files which contain commands to add/remove entries from
+ * the .ICEauthority file.
+ */
+
+static void
+write_iceauth (addfp, removefp, entry)
+
+FILE *addfp;
+FILE *removefp;
+IceAuthDataEntry *entry;
+
+{
+ fprintf (addfp,
+ "add %s \"\" %s %s ",
+ entry->protocol_name,
+ entry->network_id,
+ entry->auth_name);
+ fprintfhex (addfp, entry->auth_data_length, entry->auth_data);
+ fprintf (addfp, "\n");
+
+ fprintf (removefp,
+ "remove protoname=%s protodata=\"\" netid=%s authname=%s\n",
+ entry->protocol_name,
+ entry->network_id,
+ entry->auth_name);
+}
+
+
+
+static char *
+unique_filename (path, prefix)
+
+char *path;
+char *prefix;
+
+{
+#ifndef X_NOT_POSIX
+ return ((char *) tempnam (path, prefix));
+#else
+ char tempFile[PATH_MAX];
+ char *tmp;
+
+ sprintf (tempFile, "%s/%sXXXXXX", path, prefix);
+ tmp = (char *) mktemp (tempFile);
+ if (tmp)
+ {
+ char *ptr = (char *) malloc (strlen (tmp) + 1);
+ strcpy (ptr, tmp);
+ return (ptr);
+ }
+ else
+ return (NULL);
+#endif
+}
+
+
+
+
+/*
+ * Provide authentication data to clients that wish to connect
+ */
+
+#define MAGIC_COOKIE_LEN 16
+
+Status
+SetAuthentication (count, listenObjs, authDataEntries)
+
+int count;
+IceListenObj *listenObjs;
+IceAuthDataEntry **authDataEntries;
+
+{
+ FILE *addfp = NULL;
+ FILE *removefp = NULL;
+ char *path;
+ int original_umask;
+ char command[256];
+ int i;
+
+ original_umask = umask (0077); /* disallow non-owner access */
+
+ path = (char *) getenv ("SM_SAVE_DIR");
+ if (!path)
+ {
+ path = (char *) getenv ("HOME");
+ if (!path)
+ path = ".";
+ }
+
+ if ((addAuthFile = unique_filename (path, ".xsm")) == NULL)
+ goto bad;
+
+ if (!(addfp = fopen (addAuthFile, "w")))
+ goto bad;
+
+ if ((remAuthFile = unique_filename (path, ".xsm")) == NULL)
+ goto bad;
+
+ if (!(removefp = fopen (remAuthFile, "w")))
+ goto bad;
+
+ if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc (
+ count * 2 * sizeof (IceAuthDataEntry))) == NULL)
+ goto bad;
+
+ for (i = 0; i < count * 2; i += 2)
+ {
+ (*authDataEntries)[i].network_id =
+ IceGetListenConnectionString (listenObjs[i/2]);
+ (*authDataEntries)[i].protocol_name = "ICE";
+ (*authDataEntries)[i].auth_name = "MIT-MAGIC-COOKIE-1";
+
+ (*authDataEntries)[i].auth_data =
+ IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
+ (*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN;
+
+ (*authDataEntries)[i+1].network_id =
+ IceGetListenConnectionString (listenObjs[i/2]);
+ (*authDataEntries)[i+1].protocol_name = "XSMP";
+ (*authDataEntries)[i+1].auth_name = "MIT-MAGIC-COOKIE-1";
+
+ (*authDataEntries)[i+1].auth_data =
+ IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
+ (*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN;
+
+ write_iceauth (addfp, removefp, &(*authDataEntries)[i]);
+ write_iceauth (addfp, removefp, &(*authDataEntries)[i+1]);
+
+ IceSetPaAuthData (2, &(*authDataEntries)[i]);
+
+ IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc);
+ }
+
+ fclose (addfp);
+ fclose (removefp);
+
+ umask (original_umask);
+
+ sprintf (command, "iceauth source %s", addAuthFile);
+ execute_system_command (command);
+
+ unlink (addAuthFile);
+
+ return (1);
+
+ bad:
+
+ if (addfp)
+ fclose (addfp);
+
+ if (removefp)
+ fclose (removefp);
+
+ if (addAuthFile)
+ {
+ unlink (addAuthFile);
+ free (addAuthFile);
+ }
+ if (remAuthFile)
+ {
+ unlink (remAuthFile);
+ free (remAuthFile);
+ }
+
+ return (0);
+}
+
+
+
+/*
+ * Free up authentication data.
+ */
+
+void
+FreeAuthenticationData (count, authDataEntries)
+
+int count;
+IceAuthDataEntry *authDataEntries;
+
+{
+ /* Each transport has entries for ICE and XSMP */
+
+ char command[256];
+ int i;
+
+ for (i = 0; i < count * 2; i++)
+ {
+ free (authDataEntries[i].network_id);
+ free (authDataEntries[i].auth_data);
+ }
+
+ XtFree ((char *) authDataEntries);
+
+ sprintf (command, "iceauth source %s", remAuthFile);
+ execute_system_command (command);
+
+ unlink (remAuthFile);
+
+ free (addAuthFile);
+ free (remAuthFile);
+}