diff options
-rw-r--r-- | AuDispose.c | 46 | ||||
-rw-r--r-- | AuFileName.c | 70 | ||||
-rw-r--r-- | AuGetAddr.c | 126 | ||||
-rw-r--r-- | AuGetBest.c | 186 | ||||
-rw-r--r-- | AuLock.c | 113 | ||||
-rw-r--r-- | AuRead.c | 112 | ||||
-rw-r--r-- | AuUnlock.c | 60 | ||||
-rw-r--r-- | AuWrite.c | 76 | ||||
-rw-r--r-- | Autest.c | 68 | ||||
-rw-r--r-- | README | 184 | ||||
-rw-r--r-- | Xau.man | 164 | ||||
-rw-r--r-- | include/X11/Xauth.h | 180 | ||||
-rw-r--r-- | k5encode.c | 183 |
13 files changed, 1568 insertions, 0 deletions
diff --git a/AuDispose.c b/AuDispose.c new file mode 100644 index 0000000..b21cb67 --- /dev/null +++ b/AuDispose.c @@ -0,0 +1,46 @@ +/* $Xorg: AuDispose.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> + +void +XauDisposeAuth (auth) +Xauth *auth; +{ + if (auth) { + if (auth->address) (void) free (auth->address); + if (auth->number) (void) free (auth->number); + if (auth->name) (void) free (auth->name); + if (auth->data) { + (void) bzero (auth->data, auth->data_length); + (void) free (auth->data); + } + free ((char *) auth); + } + return; +} diff --git a/AuFileName.c b/AuFileName.c new file mode 100644 index 0000000..aa456a1 --- /dev/null +++ b/AuFileName.c @@ -0,0 +1,70 @@ +/* $Xorg: AuFileName.c,v 1.5 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> +#include <X11/Xos.h> + +char * +XauFileName () +{ + char *slashDotXauthority = "/.Xauthority"; + char *name, *malloc (), *getenv (); + static char *buf; + static int bsize; +#ifdef WIN32 + char dir[128]; +#endif + int size; + + if ((name = getenv ("XAUTHORITY"))) + return name; + name = getenv ("HOME"); + if (!name) { +#ifdef WIN32 + (void) strcpy (dir, "/users/"); + if (name = getenv("USERNAME")) { + (void) strcat (dir, name); + name = dir; + } + if (!name) +#endif + return 0; + } + size = strlen (name) + strlen(&slashDotXauthority[1]) + 2; + if (size > bsize) { + if (buf) + free (buf); + buf = malloc ((unsigned) size); + if (!buf) + return 0; + bsize = size; + } + strcpy (buf, name); + strcat (buf, slashDotXauthority + (name[1] == '\0' ? 1 : 0)); + return buf; +} diff --git a/AuGetAddr.c b/AuGetAddr.c new file mode 100644 index 0000000..af28414 --- /dev/null +++ b/AuGetAddr.c @@ -0,0 +1,126 @@ +/* $Xorg: AuGetAddr.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> +#include <X11/Xos.h> + +static +binaryEqual (a, b, len) +register char *a, *b; +register int len; +{ + while (len--) + if (*a++ != *b++) + return 0; + return 1; +} + +#if NeedFunctionPrototypes +Xauth * +XauGetAuthByAddr ( +#if NeedWidePrototypes +unsigned int family, +unsigned int address_length, +#else +unsigned short family, +unsigned short address_length, +#endif +_Xconst char* address, +#if NeedWidePrototypes +unsigned int number_length, +#else +unsigned short number_length, +#endif +_Xconst char* number, +#if NeedWidePrototypes +unsigned int name_length, +#else +unsigned short name_length, +#endif +_Xconst char* name) +#else +Xauth * +XauGetAuthByAddr (family, address_length, address, + number_length, number, + name_length, name) +unsigned short family; +unsigned short address_length; +char *address; +unsigned short number_length; +char *number; +unsigned short name_length; +char *name; +#endif +{ + FILE *auth_file; + char *auth_name; + Xauth *entry; + + auth_name = XauFileName (); + if (!auth_name) + return 0; + if (access (auth_name, R_OK) != 0) /* checks REAL id */ + return 0; + auth_file = fopen (auth_name, "rb"); + if (!auth_file) + return 0; + for (;;) { + entry = XauReadAuth (auth_file); + if (!entry) + break; + /* + * Match when: + * either family or entry->family are FamilyWild or + * family and entry->family are the same + * and + * either address or entry->address are empty or + * address and entry->address are the same + * and + * either number or entry->number are empty or + * number and entry->number are the same + * and + * either name or entry->name are empty or + * name and entry->name are the same + */ + + if ((family == FamilyWild || entry->family == FamilyWild || + (entry->family == family && + address_length == entry->address_length && + binaryEqual (entry->address, address, (int)address_length))) && + (number_length == 0 || entry->number_length == 0 || + (number_length == entry->number_length && + binaryEqual (entry->number, number, (int)number_length))) && + (name_length == 0 || entry->name_length == 0 || + (entry->name_length == name_length && + binaryEqual (entry->name, name, (int)name_length)))) + break; + XauDisposeAuth (entry); + } + (void) fclose (auth_file); + return entry; +} diff --git a/AuGetBest.c b/AuGetBest.c new file mode 100644 index 0000000..ff24813 --- /dev/null +++ b/AuGetBest.c @@ -0,0 +1,186 @@ +/* $Xorg: AuGetBest.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> +#include <X11/Xos.h> +#ifdef XTHREADS +#include <X11/Xthreads.h> +#endif +#ifdef hpux +#define X_INCLUDE_NETDB_H +#define XOS_USE_NO_LOCKING +#include <X11/Xos_r.h> +#endif + +static +binaryEqual (a, b, len) +register char *a, *b; +register int len; +{ + while (len--) + if (*a++ != *b++) + return 0; + return 1; +} + +#if NeedFunctionPrototypes +Xauth * +XauGetBestAuthByAddr ( +#if NeedWidePrototypes + unsigned int family, + unsigned int address_length, +#else + unsigned short family, + unsigned short address_length, +#endif + _Xconst char* address, +#if NeedWidePrototypes + unsigned int number_length, +#else + unsigned short number_length, +#endif + _Xconst char* number, + int types_length, + char** types, + _Xconst int* type_lengths) +#else +Xauth * +XauGetBestAuthByAddr (family, address_length, address, + number_length, number, + types_length, types, type_lengths) + unsigned short family; + unsigned short address_length; + char *address; + unsigned short number_length; + char *number; + int types_length; + char **types; + int *type_lengths; +#endif +{ + FILE *auth_file; + char *auth_name; + Xauth *entry; + Xauth *best; + int best_type; + int type; +#ifdef hpux + char *fully_qual_address; + unsigned short fully_qual_address_length; +#endif + + auth_name = XauFileName (); + if (!auth_name) + return 0; + if (access (auth_name, R_OK) != 0) /* checks REAL id */ + return 0; + auth_file = fopen (auth_name, "rb"); + if (!auth_file) + return 0; + +#ifdef hpux + if (family == FamilyLocal) { + _Xgethostbynameparams hparams; + struct hostent *hostp; + + /* make sure we try fully-qualified hostname */ + if ((hostp = _XGethostbyname(address,hparams)) != NULL) { + fully_qual_address = hostp->h_name; + fully_qual_address_length = strlen(fully_qual_address); + } + else + { + fully_qual_address = NULL; + fully_qual_address_length = 0; + } + } +#endif /* hpux */ + + best = 0; + best_type = types_length; + for (;;) { + entry = XauReadAuth (auth_file); + if (!entry) + break; + /* + * Match when: + * either family or entry->family are FamilyWild or + * family and entry->family are the same + * and + * either address or entry->address are empty or + * address and entry->address are the same + * and + * either number or entry->number are empty or + * number and entry->number are the same + * and + * name matches one of the specified names, or no names + * were specified + */ + + if ((family == FamilyWild || entry->family == FamilyWild || + (entry->family == family && + ((address_length == entry->address_length && + binaryEqual (entry->address, address, (int)address_length)) +#ifdef hpux + || (family == FamilyLocal && + fully_qual_address_length == entry->address_length && + binaryEqual (entry->address, fully_qual_address, + (int) fully_qual_address_length)) +#endif + ))) && + (number_length == 0 || entry->number_length == 0 || + (number_length == entry->number_length && + binaryEqual (entry->number, number, (int)number_length)))) + { + if (best_type == 0) + { + best = entry; + break; + } + for (type = 0; type < best_type; type++) + if (type_lengths[type] == entry->name_length && + !(strncmp (types[type], entry->name, entry->name_length))) + { + break; + } + if (type < best_type) + { + if (best) + XauDisposeAuth (best); + best = entry; + best_type = type; + if (type == 0) + break; + continue; + } + } + XauDisposeAuth (entry); + } + (void) fclose (auth_file); + return best; +} diff --git a/AuLock.c b/AuLock.c new file mode 100644 index 0000000..6c9aa8d --- /dev/null +++ b/AuLock.c @@ -0,0 +1,113 @@ +/* $Xorg: AuLock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> +#include <X11/Xos.h> +#include <sys/stat.h> +#include <errno.h> +#ifdef X_NOT_STDC_ENV +extern int errno; +#define Time_t long +extern Time_t time (); +#else +#include <time.h> +#define Time_t time_t +#endif +#ifndef X_NOT_POSIX +#include <unistd.h> +#else +#ifndef WIN32 +extern unsigned sleep (); +#else +#define link rename +#endif +#endif + +#if NeedFunctionPrototypes +int +XauLockAuth ( +_Xconst char *file_name, +int retries, +int timeout, +long dead) +#else +int +XauLockAuth (file_name, retries, timeout, dead) +char *file_name; +int retries; +int timeout; +long dead; +#endif +{ + char creat_name[1025], link_name[1025]; + struct stat statb; + Time_t now; + int creat_fd = -1; + + if (strlen (file_name) > 1022) + return LOCK_ERROR; + (void) strcpy (creat_name, file_name); + (void) strcat (creat_name, "-c"); + (void) strcpy (link_name, file_name); + (void) strcat (link_name, "-l"); + if (stat (creat_name, &statb) != -1) { + now = time ((Time_t *) 0); + /* + * NFS may cause ctime to be before now, special + * case a 0 deadtime to force lock removal + */ + if (dead == 0 || now - statb.st_ctime > dead) { + (void) unlink (creat_name); + (void) unlink (link_name); + } + } + + while (retries > 0) { + if (creat_fd == -1) { + creat_fd = creat (creat_name, 0666); + if (creat_fd == -1) { + if (errno != EACCES) + return LOCK_ERROR; + } else + (void) close (creat_fd); + } + if (creat_fd != -1) { + if (link (creat_name, link_name) != -1) + return LOCK_SUCCESS; + if (errno == ENOENT) { + creat_fd = -1; /* force re-creat next time around */ + continue; + } + if (errno != EEXIST) + return LOCK_ERROR; + } + (void) sleep ((unsigned) timeout); + --retries; + } + return LOCK_TIMEOUT; +} diff --git a/AuRead.c b/AuRead.c new file mode 100644 index 0000000..28437d1 --- /dev/null +++ b/AuRead.c @@ -0,0 +1,112 @@ +/* $Xorg: AuRead.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> + +static +read_short (shortp, file) +unsigned short *shortp; +FILE *file; +{ + unsigned char file_short[2]; + + if (fread ((char *) file_short, (int) sizeof (file_short), 1, file) != 1) + return 0; + *shortp = file_short[0] * 256 + file_short[1]; + return 1; +} + +static +read_counted_string (countp, stringp, file) +unsigned short *countp; +char **stringp; +FILE *file; +{ + unsigned short len; + char *data, *malloc (); + + if (read_short (&len, file) == 0) + return 0; + if (len == 0) { + data = 0; + } else { + data = malloc ((unsigned) len); + if (!data) + return 0; + if (fread (data, (int) sizeof (char), (int) len, file) != len) { + bzero (data, len); + free (data); + return 0; + } + } + *stringp = data; + *countp = len; + return 1; +} + +Xauth * +XauReadAuth (auth_file) +FILE *auth_file; +{ + Xauth local; + Xauth *ret; + char *malloc (); + + if (read_short (&local.family, auth_file) == 0) + return 0; + if (read_counted_string (&local.address_length, &local.address, auth_file) == 0) + return 0; + if (read_counted_string (&local.number_length, &local.number, auth_file) == 0) { + if (local.address) free (local.address); + return 0; + } + if (read_counted_string (&local.name_length, &local.name, auth_file) == 0) { + if (local.address) free (local.address); + if (local.number) free (local.number); + return 0; + } + if (read_counted_string (&local.data_length, &local.data, auth_file) == 0) { + if (local.address) free (local.address); + if (local.number) free (local.number); + if (local.name) free (local.name); + return 0; + } + ret = (Xauth *) malloc (sizeof (Xauth)); + if (!ret) { + if (local.address) free (local.address); + if (local.number) free (local.number); + if (local.name) free (local.name); + if (local.data) { + bzero (local.data, local.data_length); + free (local.data); + } + return 0; + } + *ret = local; + return ret; +} diff --git a/AuUnlock.c b/AuUnlock.c new file mode 100644 index 0000000..0832c82 --- /dev/null +++ b/AuUnlock.c @@ -0,0 +1,60 @@ +/* $Xorg: AuUnlock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> +#include <X11/Xos.h> + +#if NeedFunctionPrototypes +XauUnlockAuth ( +_Xconst char *file_name) +#else +XauUnlockAuth (file_name) +char *file_name; +#endif +{ +#ifndef WIN32 + char creat_name[1025]; +#endif + char link_name[1025]; + + if (strlen (file_name) > 1022) + return; +#ifndef WIN32 + (void) strcpy (creat_name, file_name); + (void) strcat (creat_name, "-c"); +#endif + (void) strcpy (link_name, file_name); + (void) strcat (link_name, "-l"); + /* + * I think this is the correct order + */ +#ifndef WIN32 + (void) unlink (creat_name); +#endif + (void) unlink (link_name); +} diff --git a/AuWrite.c b/AuWrite.c new file mode 100644 index 0000000..f372c93 --- /dev/null +++ b/AuWrite.c @@ -0,0 +1,76 @@ +/* $Xorg: AuWrite.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> + +static +write_short (s, file) +unsigned short s; +FILE *file; +{ + unsigned char file_short[2]; + + file_short[0] = (s & (unsigned)0xff00) >> 8; + file_short[1] = s & 0xff; + if (fwrite ((char *) file_short, (int) sizeof (file_short), 1, file) != 1) + return 0; + return 1; +} + +static +write_counted_string (count, string, file) +unsigned short count; +char *string; +FILE *file; +{ + if (write_short (count, file) == 0) + return 0; + if (fwrite (string, (int) sizeof (char), (int) count, file) != count) + return 0; + return 1; +} + +int +XauWriteAuth (auth_file, auth) +FILE *auth_file; +Xauth *auth; +{ + char *malloc (); + + if (write_short (auth->family, auth_file) == 0) + return 0; + if (write_counted_string (auth->address_length, auth->address, auth_file) == 0) + return 0; + if (write_counted_string (auth->number_length, auth->number, auth_file) == 0) + return 0; + if (write_counted_string (auth->name_length, auth->name, auth_file) == 0) + return 0; + if (write_counted_string (auth->data_length, auth->data, auth_file) == 0) + return 0; + return 1; +} diff --git a/Autest.c b/Autest.c new file mode 100644 index 0000000..faf0b0a --- /dev/null +++ b/Autest.c @@ -0,0 +1,68 @@ +/* $Xorg: Autest.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#include <X11/Xauth.h> + +main (argc, argv) +char **argv; +{ + Xauth test_data; + char *name, *data, *file; + int state = 0; + FILE *output; + + while (*++argv) { + if (!strcmp (*argv, "-file")) + file = *++argv; + else if (state == 0) { + name = *argv; + ++state; + } else if (state == 1) { + data = *argv; + ++state; + } + } + if(!file) { + fprintf (stderr, "No file\n"); + exit (1); + } + test_data.family = 0; + test_data.address_length = 0; + test_data.address = ""; + test_data.number_length = 0; + test_data.number = ""; + test_data.name_length = strlen (name); + test_data.name = name; + test_data.data_length = strlen (data); + test_data.data = data; + output = fopen (file, "w"); + if (output) { + XauWriteAuth (output, &test_data); + fclose (output); + } +} @@ -0,0 +1,184 @@ + + + A Sample Authorization Protocol for X + + +Overview + +The following note describes a very simple mechanism for providing individual +access to an X Window System display. It uses existing core protocol and +library hooks for specifying authorization data in the connection setup block +to restrict use of the display to only those clients that show that they +know a server-specific key called a "magic cookie". This mechanism is *not* +being proposed as an addition to the Xlib standard; among other reasons, a +protocol extension is needed to support more flexible mechanisms. We have +implemented this mechanism already; if you have comments, please send them +to us. + +This scheme involves changes to the following parts of the sample release: + + o xdm + - generate random magic cookie and store in protected file + - pass name of magic cookie file to server + - when user logs in, add magic cookie to user's auth file + - when user logs out, generate a new cookie for server + + o server + - a new command line option to specify cookie file + - check client authorization data against magic cookie + - read in cookie whenever the server resets + - do not add local machine to host list if magic cookie given + + o Xlib + - read in authorization data from file + - find data for appropriate server + - send authorization data if found + + o xauth [new program to manage user auth file] + - add entries to user's auth file + - remove entries from user's auth file + +This mechanism assumes that the superuser and the transport layer between +the client and the server is secure. Organizations that desire stricter +security are encouraged to look at systems such as Kerberos (at Project +Athena). + + +Description + +The sample implementation will use the xdm Display Manager to set up and +control the server's authorization file. Sites that do not run xdm will +need to build their own mechanisms. + +Xdm uses a random key (seeded by the system time and check sum of /dev/kmem) +to generate a unique sequence of characters at 16 bytes long. This sequence +will be written to a file which is made readable only by the server. The +server will then be started with a command line option instructing it to use +the contents of the file as the magic cookie for connections that include +authorization data. This will also disable the server from adding the local +machine's address to the initial host list. Note that the actual cookie must +not be stored on the command line or in an environment variable, to prevent +it from being publicly obtainable by the "ps" command. + +If a client presents an authorization name of "MIT-MAGIC-COOKIE-1" and +authorization data that matches the magic cookie, that client is allowed +access. If the name or data does not match and the host list is empty, +that client will be denied access. Otherwise, the existing host-based access +control will be used. Since any client that is making a connection from a +machine on the host list will be granted access even if their authorization +data is incorrect, sites are strongly urged not to set up any default hosts +using the /etc/X*.hosts files. Granting access to other machines should be +done by the user's session manager instead. + +Assuming the server is configured with an empty host list, the existence of the +cookie is sufficient to ensure there will be no unauthorized access to the +display. However, xdm will (continue to) work to minimize the chances of +spoofing on servers that do not support this authorization mechanism. This +will be done by grabbing the server and the keyboard after opening the display. +This action will be surrounded by a timer which will kill the server if the +grabs cannot be done within several seconds. [This level of security is now +implemented in patches already sent out.] + +After the user logs in, xdm will add authorization entries for each of the +server machine's network addresses to the user's authorization file (the format +of which is described below). This file will usually be named .Xauthority in +the users's home directory; will be owned by the user (as specified by the +pw_uid and pw_gid fields in the user's password entry), and will be accessible +only to the user (no group access). This file will contain authorization data +for all of the displays opened by the user. + +When the session terminates, xdm will generate and store a new magic cookie +for the server. Then, xdm will shutdown its own connection and send a +SIGHUP to the server process, which should cause the server to reset. The +server will then read in the new magic cookie. + +To support accesses (both read and write) from multiple machines (for use in +environments that use distributed file systems), file locking is done using +hard links. This is done by creat'ing (sic) a lock file and then linking it +to another name in the same directory. If the link-target already exists, +the link will fail, indicating failure to obtain the lock. Linking is used +instead of just creating the file read-only since link will fail even for +the superuser. + +Problems and Solutions + +There are a few problems with .Xauthority as described. If no home directory +exists, or if xdm cannot create a file there (disk full), xdm stores the +cookie in a file in a resource-specified back-up directory, and sets an +environment variable in the user's session (called XAUTHORITY) naming this +file. There is also the problem that the locking attempts will need to be +timed out, due to a leftover lock. Xdm, again, creates a file and set an +environment variable. Finally, the back-up directory might be full. Xdm, +as a last resort, provides a function key binding that allows a user to log +in without having the authorization data stored, and with host-based access +control disabled. + +Xlib + +XOpenDisplay in Xlib was enhanced to allow specification of authorization +information. As implied above, Xlib looks for the data in the +.Xauthority file of the home directory, or in the file pointed at by the +XAUTHORITY environment variable instead if that is defined. This required +no programmatic interface change to Xlib. In addition, a new Xlib routine +is provided to explicitly specify authorization. + + XSetAuthorization(name, namelen, data, datalen) + int namelen, datalen; + char *name, *data; + +There are three types of input: + + name NULL, data don't care - use default authorization mechanism. + name non-NULL, data NULL - use the named authorization; get + data from that mechanism's default. + name non-NULL, data non-NULL - use the given authorization and data. + +This interface is used by xdm and might also be used by any other +applications that wish to explicitly set the authorization information. + +Authorization File + +The .Xauthority file is a binary file consisting of a sequence of entries +in the following format: + + 2 bytes Family value (second byte is as in protocol HOST) + 2 bytes address length (always MSB first) + A bytes host address (as in protocol HOST) + 2 bytes display "number" length (always MSB first) + S bytes display "number" string + 2 bytes name length (always MSB first) + N bytes authorization name string + 2 bytes data length (always MSB first) + D bytes authorization data string + +The format is binary for easy processing, since authorization information +usually consists of arbitrary data. Host addresses are used instead of +names to eliminate potentially time-consuming name resolutions in +XOpenDisplay. Programs, such as xdm, that initialize the user's +authorization file will have to do the same work as the server in finding +addresses for all network interfaces. If more than one entry matches the +desired address, the entry that is chosen is implementation-dependent. In +our implementation, it is always the first in the file. + +The Family is specified in two bytes to allow out-of-band values +(i.e. values not in the Protocol) to be used. In particular, +two new values "FamilyLocal" and "FamilyWild" are defined. FamilyLocal +refers to any connections using a non-network method of connetion from the +local machine (Unix domain sockets, shared memory, loopback serial line). +In this case the host address is specified by the data returned from +gethostname() and better be unique in a collection of machines +which share NFS directories. FamilyWild is currently used only +by xdm to communicate authorization data to the server. It matches +any family/host address pair. + +For FamilyInternet, the host address is the 4 byte internet address, for +FamilyDecnet, the host address is the byte decnet address, for FamilyChaos +the address is also two bytes. + +The Display Number is the ascii representation of the display number +portion of the display name. It is in ascii to allow future expansion +to PseudoRoots or anything else that might happen. + +A utility called "xauth" will be provided for editing and viewing the +contents of authorization files. Note that the user's authorization file is +not the same as the server's magic cookie file. @@ -0,0 +1,164 @@ +.\" $Xorg: Xau.man,v 1.4 2001/03/16 17:48:26 pookie Exp $ +.\" Copyright (c) 1994 X Consortium +.\" +.\" Permission is hereby granted, free of charge, to any person obtaining a +.\" copy of this software and associated documentation files (the "Software"), +.\" to deal in the Software without restriction, including without limitation +.\" the rights to use, copy, modify, merge, publish, distribute, sublicense, +.\" and/or sell copies of the Software, and to permit persons to whom the +.\" Software furnished to do so, subject to the following conditions: +.\" +.\" The above copyright notice and this permission notice shall be included in +.\" all copies or substantial portions of the Software. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +.\" IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +.\" FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +.\" THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +.\" WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +.\" OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +.\" SOFTWARE. +.\" +.\" Except as contained in this notice, the name of the X Consortium shall not +.\" be used in advertising or otherwise to promote the sale, use or other +.\" dealing in this Software without prior written authorization from the +.\" X Consortium. +.TH Xau 3 "Release 6.6" "X Version 11" +.SH NAME +Xau library: XauFileName, XauReadAuth, XauLockAuth, XauUnlockAuth, +XauWriteAuth, XauDisposeAuth, +XauGetAuthByAddr, XauGetBestAuthByAddr \- X authority database routines +.SH SYNOPSIS +.B "#include <X11/Xauth.h>" +.PP +.nf +.ta .5i 2i +typedef struct xauth { + unsigned short family; + unsigned short address_length; + char *address; + unsigned short number_length; + char *number; + unsigned short name_length; + char *name; + unsigned short data_length; + char *data; +} Xauth; + +.ft B +char *XauFileName () + +.ft B +Xauth *XauReadAuth (auth_file) +.ft I + FILE *auth_file; + +.ft B +int XauWriteAuth (auth_file, auth) +.ft I + FILE *auth_file; + Xauth *auth; + +.ft B +Xauth *XauGetAuthByAddr (\kAfamily, +\h'|\nAu'address_length, address, +\h'|\nAu'number_length, number) +.ft I + unsigned short family; + unsigned short address_length; + char *address; + unsigned short number_length; + char *number; + +.ft B +Xauth *XauGetBestAuthByAddr (\kAfamily, +\h'|\nAu'address_length, address, +\h'|\nAu'number_length, number, +\h'|\nAu'types_length, types, type_lengths) +.ft I + unsigned short family; + unsigned short address_length; + char *address; + unsigned short number_length; + char *number; + int types_length; + char **types; + int *type_lengths; + +.ft B +int XauLockAuth (file_name, retries, timeout, dead) +.ft I + char *file_name; + int retries; + int timeout; + long dead; + +.ft B +int XauUnlockAuth (file_name) +.ft I + char *file_name; + +.ft B +XauDisposeAuth (auth) +.ft I + Xauth *auth; + +.ft R +.SH DESCRIPTION +.PP +\fBXauFileName\fP generates the default authorization file name by first +checking the XAUTHORITY environment variable if set, else it returns +$HOME/.Xauthority. This name is statically allocated and should +not be freed. +.PP +\fBXauReadAuth\fP reads the next entry from \fIauth_file\fP. The entry is +\fBnot\fP statically allocated and should be freed by calling +\fIXauDisposeAuth\fP. +.PP +\fBXuWriteAuth\fP writes an authorization entry to \fIauth_file\fP. It +returns 1 on success, 0 on failure. +.PP +\fBXauGetAuthByAddr\fP searches for an entry which matches the given network +address/display number pair. The entry is \fBnot\fP statically allocated +and should be freed by calling \fIXauDisposeAuth\fP. +.PP +\fBXauGetBestAuthByAddr\fP is similar to \fBXauGetAuthByAddr\fP, except +that a list of acceptable authentication methods is specified. Xau will +choose the file entry which matches the earliest entry in this list (e.g., the +most secure authentication method). The \fItypes\fP argument is an array of +strings, one string for each authentication method. \fItypes_length\fP +specifies how many elements are in the \fItypes\fP array. +\fItypes_lengths\fP is an array of integers representing the length +of each string. +.PP +\fBXauLockAuth\fP does the work necessary to synchronously update an +authorization file. First it makes two file names, one with ``-c'' appended +to \fIfile_name\fP, the other with ``-l'' appended. If the ``-c'' file +already exists and is more than \fIdead\fP seconds old, \fIXauLockAuth\fP +removes it and the associated ``-l'' file. To prevent possible +synchronization troubles with NFS, a \fIdead\fP value of zero forces the +files to be removed. \fIXauLockAuth\fP makes \fIretries\fP attempts to +create and link the file names, pausing \fItimeout\fP seconds between each +attempt. \fIXauLockAuth\fP returns a collection of values depending on the +results: +.nf +.ta .5i 2i + + LOCK_ERROR A system error occurred, either a file_name + which is too long, or an unexpected failure from + a system call. errno may prove useful. + + LOCK_TIMEOUT \fIretries\fP attempts failed + + LOCK_SUCCESS The lock succeeded. + +.fi +.PP +\fBXauUnlockAuth\fP undoes the work of \fIXauLockAuth\fP by unlinking both +the ``-c'' and ``-l'' file names. +.PP +\fBXauDisposeAuth\fP frees storage allocated to hold an authorization entry. +.SH "SEE ALSO" +xauth(1), xdm(1) +.SH AUTHOR +Keith Packard, MIT X Consortium diff --git a/include/X11/Xauth.h b/include/X11/Xauth.h new file mode 100644 index 0000000..eb69628 --- /dev/null +++ b/include/X11/Xauth.h @@ -0,0 +1,180 @@ +/* $Xorg: Xauth.h,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +#ifndef _Xauth_h +#define _Xauth_h + +typedef struct xauth { + unsigned short family; + unsigned short address_length; + char *address; + unsigned short number_length; + char *number; + unsigned short name_length; + char *name; + unsigned short data_length; + char *data; +} Xauth; + +#ifndef _XAUTH_STRUCT_ONLY + +# include <X11/Xfuncproto.h> +# include <X11/Xfuncs.h> + +# include <stdio.h> + +# define FamilyLocal (256) /* not part of X standard (i.e. X.h) */ +# define FamilyWild (65535) +# define FamilyNetname (254) /* not part of X standard */ +# define FamilyKrb5Principal (253) /* Kerberos 5 principal name */ +# define FamilyLocalHost (252) /* for local non-net authentication */ + + +_XFUNCPROTOBEGIN + +char *XauFileName(); + +Xauth *XauReadAuth( +#if NeedFunctionPrototypes +FILE* /* auth_file */ +#endif +); + +int XauLockAuth( +#if NeedFunctionPrototypes +_Xconst char* /* file_name */, +int /* retries */, +int /* timeout */, +long /* dead */ +#endif +); + +int XauUnlockAuth( +#if NeedFunctionPrototypes +_Xconst char* /* file_name */ +#endif +); + +int XauWriteAuth( +#if NeedFunctionPrototypes +FILE* /* auth_file */, +Xauth* /* auth */ +#endif +); + +Xauth *XauGetAuthByName( +#if NeedFunctionPrototypes +_Xconst char* /* display_name */ +#endif +); + +Xauth *XauGetAuthByAddr( +#if NeedFunctionPrototypes +#if NeedWidePrototypes +unsigned int /* family */, +unsigned int /* address_length */, +#else +unsigned short /* family */, +unsigned short /* address_length */, +#endif +_Xconst char* /* address */, +#if NeedWidePrototypes +unsigned int /* number_length */, +#else +unsigned short /* number_length */, +#endif +_Xconst char* /* number */, +#if NeedWidePrototypes +unsigned int /* name_length */, +#else +unsigned short /* name_length */, +#endif +_Xconst char* /* name */ +#endif +); + +Xauth *XauGetBestAuthByAddr( +#if NeedFunctionPrototypes +#if NeedWidePrototypes +unsigned int /* family */, +unsigned int /* address_length */, +#else +unsigned short /* family */, +unsigned short /* address_length */, +#endif +_Xconst char* /* address */, +#if NeedWidePrototypes +unsigned int /* number_length */, +#else +unsigned short /* number_length */, +#endif +_Xconst char* /* number */, +int /* types_length */, +char** /* type_names */, +_Xconst int* /* type_lengths */ +#endif +); + +void XauDisposeAuth( +#if NeedFunctionPrototypes +Xauth* /* auth */ +#endif +); + +#ifdef K5AUTH +#include <krb5/krb5.h> +/* 9/93: krb5.h leaks some symbols */ +#undef BITS32 +#undef xfree + +int XauKrb5Encode( +#if NeedFunctionPrototypes + krb5_principal /* princ */, + krb5_data * /* outbuf */ +#endif +); + +int XauKrb5Decode( +#if NeedFunctionPrototypes + krb5_data /* inbuf */, + krb5_principal * /* princ */ +#endif +); +#endif /* K5AUTH */ + +_XFUNCPROTOEND + +/* Return values from XauLockAuth */ + +# define LOCK_SUCCESS 0 /* lock succeeded */ +# define LOCK_ERROR 1 /* lock unexpectely failed, check errno */ +# define LOCK_TIMEOUT 2 /* lock failed, timeouts expired */ + +#endif /* _XAUTH_STRUCT_ONLY */ + +#endif /* _Xauth_h */ diff --git a/k5encode.c b/k5encode.c new file mode 100644 index 0000000..18d31ff --- /dev/null +++ b/k5encode.c @@ -0,0 +1,183 @@ +/* $Xorg: k5encode.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ + +/* + +Copyright 1993, 1994, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from The Open Group. + +*/ + +/* + * functions to encode/decode Kerberos V5 principals + * into something that can be reasonable spewed over + * the wire + * + * Author: Tom Yu <tlyu@MIT.EDU> + * + * Still needs to be fixed up wrt signed/unsigned lengths, but we'll worry + * about that later. + */ + +#include <krb5/krb5.h> +/* 9/93: krb5.h leaks some symbols */ +#undef BITS32 +#undef xfree + +#include <X11/X.h> +#include <X11/Xos.h> +#include <X11/Xmd.h> +#include <X11/Xfuncs.h> + +/* + * XauKrb5Encode + * + * this function encodes the principal passed to it in a format that can + * easily be dealt with by stuffing it into an X packet. Encoding is as + * follows: + * length count of the realm name + * realm + * component count + * length of component + * actual principal component + * etc.... + * + * Note that this function allocates a hunk of memory, which must be + * freed to avoid nasty memory leak type things. All counts are + * byte-swapped if needed. (except for the total length returned) + * + * nevermind.... stuffing the encoded packet in net byte order just to + * always do the right thing. Don't have to frob with alignment that way. + */ +int +XauKrb5Encode(princ, outbuf) + krb5_principal princ; /* principal to encode */ + krb5_data *outbuf; /* output buffer */ +{ + CARD16 i, numparts, totlen = 0, plen, rlen; + char *cp, *pdata; + + rlen = krb5_princ_realm(princ)->length; + numparts = krb5_princ_size(princ); + totlen = 2 + rlen + 2; /* include room for realm length + and component count */ + for (i = 0; i < numparts; i++) + totlen += krb5_princ_component(princ, i)->length + 2; + /* add 2 bytes each time for length */ + if ((outbuf->data = (char *)malloc(totlen)) == NULL) + return -1; + cp = outbuf->data; + *cp++ = (char)((int)(0xff00 & rlen) >> 8); + *cp++ = (char)(0x00ff & rlen); + memcpy(cp, krb5_princ_realm(princ)->data, rlen); + cp += rlen; + *cp++ = (char)((int)(0xff00 & numparts) >> 8); + *cp++ = (char)(0x00ff & numparts); + for (i = 0; i < numparts; i++) + { + plen = krb5_princ_component(princ, i)->length; + pdata = krb5_princ_component(princ, i)->data; + *cp++ = (char)((int)(0xff00 & plen) >> 8); + *cp++ = (char)(0x00ff & plen); + memcpy(cp, pdata, plen); + cp += plen; + } + outbuf->length = totlen; + return 0; +} + +/* + * XauKrb5Decode + * + * This function essentially reverses what XauKrb5Encode does. + * return value: 0 if okay, -1 if malloc fails, -2 if inbuf format bad + */ +int +XauKrb5Decode(inbuf, princ) + krb5_data inbuf; + krb5_principal *princ; +{ + CARD16 i, numparts, plen, rlen; + CARD8 *cp, *pdata; + + if (inbuf.length < 4) + { + return -2; + } + *princ = (krb5_principal)malloc(sizeof (krb5_principal_data)); + if (*princ == NULL) + return -1; + bzero(*princ, sizeof (krb5_principal_data)); + cp = (CARD8 *)inbuf.data; + rlen = *cp++ << 8; + rlen |= *cp++; + if (inbuf.length < 4 + (int)rlen + 2) + { + krb5_free_principal(*princ); + return -2; + } + krb5_princ_realm(*princ)->data = (char *)malloc(rlen); + if (krb5_princ_realm(*princ)->data == NULL) + { + krb5_free_principal(*princ); + return -1; + } + krb5_princ_realm(*princ)->length = rlen; + memcpy(krb5_princ_realm(*princ)->data, cp, rlen); + cp += rlen; + numparts = *cp++ << 8; + numparts |= *cp++; + krb5_princ_name(*princ) = + (krb5_data *)malloc(numparts * sizeof (krb5_data)); + if (krb5_princ_name(*princ) == NULL) + { + krb5_free_principal(*princ); + return -1; + } + krb5_princ_size(*princ) = 0; + for (i = 0; i < numparts; i++) + { + if (cp + 2 > (CARD8 *)inbuf.data + inbuf.length) + { + krb5_free_principal(*princ); + return -2; + } + plen = *cp++ << 8; + plen |= *cp++; + if (cp + plen > (CARD8 *)inbuf.data + inbuf.length) + { + krb5_free_principal(*princ); + return -2; + } + pdata = (CARD8 *)malloc(plen); + if (pdata == NULL) + { + krb5_free_principal(*princ); + return -1; + } + krb5_princ_component(*princ, i)->data = (char *)pdata; + krb5_princ_component(*princ, i)->length = plen; + memcpy(pdata, cp, plen); + cp += plen; + krb5_princ_size(*princ)++; + } + return 0; +} |