summaryrefslogtreecommitdiff
path: root/xserver/os/xdmauth.c
diff options
context:
space:
mode:
authorMatthieu Herrb <matthieu@cvs.openbsd.org>2012-06-10 13:21:33 +0000
committerMatthieu Herrb <matthieu@cvs.openbsd.org>2012-06-10 13:21:33 +0000
commit171e929a08098b6c844887adc43879c7579dc15f (patch)
tree6b4d2e3bc20dbd4dc9a1f031416e66614c53dd21 /xserver/os/xdmauth.c
parent68781b09de2c95b87ea898c4ecf3018dfb4460d2 (diff)
Update to xserver 1.12.2. tested by naddy@, krw@, mpi@.
Diffstat (limited to 'xserver/os/xdmauth.c')
-rw-r--r--xserver/os/xdmauth.c516
1 files changed, 252 insertions, 264 deletions
diff --git a/xserver/os/xdmauth.c b/xserver/os/xdmauth.c
index b8cbada18..28584d2e8 100644
--- a/xserver/os/xdmauth.c
+++ b/xserver/os/xdmauth.c
@@ -58,390 +58,380 @@ static Bool authFromXDMCP;
/* XDM-AUTHENTICATION-1 */
-static XdmAuthKeyRec privateKey;
+static XdmAuthKeyRec privateKey;
static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1";
+
#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1)
-static XdmAuthKeyRec rho;
+static XdmAuthKeyRec rho;
-static Bool
-XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData,
- xdmOpCode packet_type)
+static Bool
+XdmAuthenticationValidator(ARRAY8Ptr privateData, ARRAY8Ptr incomingData,
+ xdmOpCode packet_type)
{
- XdmAuthKeyPtr incoming;
+ XdmAuthKeyPtr incoming;
- XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey,
- incomingData->data,incomingData->length);
+ XdmcpUnwrap(incomingData->data, (unsigned char *) &privateKey,
+ incomingData->data, incomingData->length);
if (packet_type == ACCEPT) {
- if (incomingData->length != 8)
- return FALSE;
- incoming = (XdmAuthKeyPtr) incomingData->data;
- XdmcpDecrementKey (incoming);
- return XdmcpCompareKeys (incoming, &rho);
+ if (incomingData->length != 8)
+ return FALSE;
+ incoming = (XdmAuthKeyPtr) incomingData->data;
+ XdmcpDecrementKey(incoming);
+ return XdmcpCompareKeys(incoming, &rho);
}
return FALSE;
}
static Bool
-XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData,
- xdmOpCode packet_type)
+XdmAuthenticationGenerator(ARRAY8Ptr privateData, ARRAY8Ptr outgoingData,
+ xdmOpCode packet_type)
{
outgoingData->length = 0;
outgoingData->data = 0;
if (packet_type == REQUEST) {
- if (XdmcpAllocARRAY8 (outgoingData, 8))
- XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey,
- outgoingData->data, 8);
+ if (XdmcpAllocARRAY8(outgoingData, 8))
+ XdmcpWrap((unsigned char *) &rho, (unsigned char *) &privateKey,
+ outgoingData->data, 8);
}
return TRUE;
}
static Bool
-XdmAuthenticationAddAuth (int name_len, const char *name,
- int data_len, char *data)
+XdmAuthenticationAddAuth(int name_len, const char *name,
+ int data_len, char *data)
{
- Bool ret;
- XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey,
- (unsigned char *)data, data_len);
+ Bool ret;
+
+ XdmcpUnwrap((unsigned char *) data, (unsigned char *) &privateKey,
+ (unsigned char *) data, data_len);
authFromXDMCP = TRUE;
- ret = AddAuthorization (name_len, name, data_len, data);
+ ret = AddAuthorization(name_len, name, data_len, data);
authFromXDMCP = FALSE;
return ret;
}
-
#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \
'a' <= c && c <= 'f' ? c - 'a' + 10 : \
'A' <= c && c <= 'F' ? c - 'A' + 10 : -1)
static int
-HexToBinary (const char *in, char *out, int len)
+HexToBinary(const char *in, char *out, int len)
{
- int top, bottom;
-
- while (len > 0)
- {
- top = atox(in[0]);
- if (top == -1)
- return 0;
- bottom = atox(in[1]);
- if (bottom == -1)
- return 0;
- *out++ = (top << 4) | bottom;
- in += 2;
- len -= 2;
+ int top, bottom;
+
+ while (len > 0) {
+ top = atox(in[0]);
+ if (top == -1)
+ return 0;
+ bottom = atox(in[1]);
+ if (bottom == -1)
+ return 0;
+ *out++ = (top << 4) | bottom;
+ in += 2;
+ len -= 2;
}
if (len)
- return 0;
+ return 0;
*out++ = '\0';
return 1;
}
void
-XdmAuthenticationInit (const char *cookie, int cookie_len)
+XdmAuthenticationInit(const char *cookie, int cookie_len)
{
memset(privateKey.data, 0, 8);
- if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2))
- {
- if (cookie_len > 2 + 2 * 8)
- cookie_len = 2 + 2 * 8;
- HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2);
+ if (!strncmp(cookie, "0x", 2) || !strncmp(cookie, "0X", 2)) {
+ if (cookie_len > 2 + 2 * 8)
+ cookie_len = 2 + 2 * 8;
+ HexToBinary(cookie + 2, (char *) privateKey.data, cookie_len - 2);
}
- else
- {
- if (cookie_len > 7)
- cookie_len = 7;
- memmove (privateKey.data + 1, cookie, cookie_len);
+ else {
+ if (cookie_len > 7)
+ cookie_len = 7;
+ memmove(privateKey.data + 1, cookie, cookie_len);
}
- XdmcpGenerateKey (&rho);
- XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen,
- (char *)&rho,
- sizeof (rho),
- (ValidatorFunc)XdmAuthenticationValidator,
- (GeneratorFunc)XdmAuthenticationGenerator,
- (AddAuthorFunc)XdmAuthenticationAddAuth);
+ XdmcpGenerateKey(&rho);
+ XdmcpRegisterAuthentication(XdmAuthenticationName, XdmAuthenticationNameLen,
+ (char *) &rho,
+ sizeof(rho),
+ (ValidatorFunc) XdmAuthenticationValidator,
+ (GeneratorFunc) XdmAuthenticationGenerator,
+ (AddAuthorFunc) XdmAuthenticationAddAuth);
}
-#endif /* XDMCP */
+#endif /* XDMCP */
/* XDM-AUTHORIZATION-1 */
typedef struct _XdmAuthorization {
- struct _XdmAuthorization *next;
- XdmAuthKeyRec rho;
- XdmAuthKeyRec key;
- XID id;
+ struct _XdmAuthorization *next;
+ XdmAuthKeyRec rho;
+ XdmAuthKeyRec key;
+ XID id;
} XdmAuthorizationRec, *XdmAuthorizationPtr;
static XdmAuthorizationPtr xdmAuth;
typedef struct _XdmClientAuth {
- struct _XdmClientAuth *next;
- XdmAuthKeyRec rho;
- char client[6];
- long time;
+ struct _XdmClientAuth *next;
+ XdmAuthKeyRec rho;
+ char client[6];
+ long time;
} XdmClientAuthRec, *XdmClientAuthPtr;
-static XdmClientAuthPtr xdmClients;
-static long clockOffset;
-static Bool gotClock;
+static XdmClientAuthPtr xdmClients;
+static long clockOffset;
+static Bool gotClock;
#define TwentyMinutes (20 * 60)
#define TwentyFiveMinutes (25 * 60)
static Bool
-XdmClientAuthCompare (const XdmClientAuthPtr a, const XdmClientAuthPtr b)
+XdmClientAuthCompare(const XdmClientAuthPtr a, const XdmClientAuthPtr b)
{
- int i;
+ int i;
- if (!XdmcpCompareKeys (&a->rho, &b->rho))
- return FALSE;
+ if (!XdmcpCompareKeys(&a->rho, &b->rho))
+ return FALSE;
for (i = 0; i < 6; i++)
- if (a->client[i] != b->client[i])
- return FALSE;
+ if (a->client[i] != b->client[i])
+ return FALSE;
return a->time == b->time;
}
static void
-XdmClientAuthDecode (const unsigned char *plain, XdmClientAuthPtr auth)
+XdmClientAuthDecode(const unsigned char *plain, XdmClientAuthPtr auth)
{
- int i, j;
+ int i, j;
j = 0;
- for (i = 0; i < 8; i++)
- {
- auth->rho.data[i] = plain[j];
- ++j;
+ for (i = 0; i < 8; i++) {
+ auth->rho.data[i] = plain[j];
+ ++j;
}
- for (i = 0; i < 6; i++)
- {
- auth->client[i] = plain[j];
- ++j;
+ for (i = 0; i < 6; i++) {
+ auth->client[i] = plain[j];
+ ++j;
}
auth->time = 0;
- for (i = 0; i < 4; i++)
- {
- auth->time |= plain[j] << ((3 - i) << 3);
- j++;
+ for (i = 0; i < 4; i++) {
+ auth->time |= plain[j] << ((3 - i) << 3);
+ j++;
}
}
static void
-XdmClientAuthTimeout (long now)
+XdmClientAuthTimeout(long now)
{
- XdmClientAuthPtr client, next, prev;
+ XdmClientAuthPtr client, next, prev;
prev = 0;
- for (client = xdmClients; client; client=next)
- {
- next = client->next;
- if (abs (now - client->time) > TwentyFiveMinutes)
- {
- if (prev)
- prev->next = next;
- else
- xdmClients = next;
- free(client);
- }
- else
- prev = client;
+ for (client = xdmClients; client; client = next) {
+ next = client->next;
+ if (abs(now - client->time) > TwentyFiveMinutes) {
+ if (prev)
+ prev->next = next;
+ else
+ xdmClients = next;
+ free(client);
+ }
+ else
+ prev = client;
}
}
static XdmClientAuthPtr
-XdmAuthorizationValidate (unsigned char *plain, int length,
- XdmAuthKeyPtr rho, ClientPtr xclient, char **reason)
+XdmAuthorizationValidate(unsigned char *plain, int length,
+ XdmAuthKeyPtr rho, ClientPtr xclient,
+ const char **reason)
{
- XdmClientAuthPtr client, existing;
- long now;
- int i;
+ XdmClientAuthPtr client, existing;
+ long now;
+ int i;
if (length != (192 / 8)) {
- if (reason)
- *reason = "Bad XDM authorization key length";
- return NULL;
+ if (reason)
+ *reason = "Bad XDM authorization key length";
+ return NULL;
}
- client = malloc(sizeof (XdmClientAuthRec));
+ client = malloc(sizeof(XdmClientAuthRec));
if (!client)
- return NULL;
- XdmClientAuthDecode (plain, client);
- if (!XdmcpCompareKeys (&client->rho, rho))
- {
- free(client);
- if (reason)
- *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)";
- return NULL;
+ return NULL;
+ XdmClientAuthDecode(plain, client);
+ if (!XdmcpCompareKeys(&client->rho, rho)) {
+ free(client);
+ if (reason)
+ *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)";
+ return NULL;
}
for (i = 18; i < 24; i++)
- if (plain[i] != 0) {
- free(client);
- if (reason)
- *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)";
- return NULL;
- }
+ if (plain[i] != 0) {
+ free(client);
+ if (reason)
+ *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)";
+ return NULL;
+ }
if (xclient) {
- int family, addr_len;
- Xtransaddr *addr;
+ int family, addr_len;
+ Xtransaddr *addr;
- if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn,
- &family, &addr_len, &addr) == 0
- && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) {
+ if (_XSERVTransGetPeerAddr(((OsCommPtr) xclient->osPrivate)->trans_conn,
+ &family, &addr_len, &addr) == 0
+ && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) {
#if defined(TCPCONN) || defined(STREAMSCONN)
- if (family == FamilyInternet &&
- memcmp((char *)addr, client->client, 4) != 0) {
- free(client);
- free(addr);
- if (reason)
- *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)";
- return NULL;
-
- }
+ if (family == FamilyInternet &&
+ memcmp((char *) addr, client->client, 4) != 0) {
+ free(client);
+ free(addr);
+ if (reason)
+ *reason =
+ "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)";
+ return NULL;
+
+ }
#endif
- free(addr);
- }
+ free(addr);
+ }
}
now = time(0);
- if (!gotClock)
- {
- clockOffset = client->time - now;
- gotClock = TRUE;
+ if (!gotClock) {
+ clockOffset = client->time - now;
+ gotClock = TRUE;
}
now += clockOffset;
- XdmClientAuthTimeout (now);
- if (abs (client->time - now) > TwentyMinutes)
- {
- free(client);
- if (reason)
- *reason = "Excessive XDM-AUTHORIZATION-1 time offset";
- return NULL;
+ XdmClientAuthTimeout(now);
+ if (abs(client->time - now) > TwentyMinutes) {
+ free(client);
+ if (reason)
+ *reason = "Excessive XDM-AUTHORIZATION-1 time offset";
+ return NULL;
}
- for (existing = xdmClients; existing; existing=existing->next)
- {
- if (XdmClientAuthCompare (existing, client))
- {
- free(client);
- if (reason)
- *reason = "XDM authorization key matches an existing client!";
- return NULL;
- }
+ for (existing = xdmClients; existing; existing = existing->next) {
+ if (XdmClientAuthCompare(existing, client)) {
+ free(client);
+ if (reason)
+ *reason = "XDM authorization key matches an existing client!";
+ return NULL;
+ }
}
return client;
}
int
-XdmAddCookie (unsigned short data_length, const char *data, XID id)
+XdmAddCookie(unsigned short data_length, const char *data, XID id)
{
- XdmAuthorizationPtr new;
- unsigned char *rho_bits, *key_bits;
+ XdmAuthorizationPtr new;
+ unsigned char *rho_bits, *key_bits;
- switch (data_length)
- {
- case 16: /* auth from files is 16 bytes long */
+ switch (data_length) {
+ case 16: /* auth from files is 16 bytes long */
#ifdef XDMCP
- if (authFromXDMCP)
- {
- /* R5 xdm sent bogus authorization data in the accept packet,
- * but we can recover */
- rho_bits = rho.data;
- key_bits = (unsigned char *) data;
- key_bits[0] = '\0';
- }
- else
+ if (authFromXDMCP) {
+ /* R5 xdm sent bogus authorization data in the accept packet,
+ * but we can recover */
+ rho_bits = rho.data;
+ key_bits = (unsigned char *) data;
+ key_bits[0] = '\0';
+ }
+ else
#endif
- {
- rho_bits = (unsigned char *) data;
- key_bits = (unsigned char *) (data + 8);
- }
- break;
+ {
+ rho_bits = (unsigned char *) data;
+ key_bits = (unsigned char *) (data + 8);
+ }
+ break;
#ifdef XDMCP
- case 8: /* auth from XDMCP is 8 bytes long */
- rho_bits = rho.data;
- key_bits = (unsigned char *) data;
- break;
+ case 8: /* auth from XDMCP is 8 bytes long */
+ rho_bits = rho.data;
+ key_bits = (unsigned char *) data;
+ break;
#endif
default:
- return 0;
+ return 0;
}
/* the first octet of the key must be zero */
if (key_bits[0] != '\0')
- return 0;
- new = malloc(sizeof (XdmAuthorizationRec));
+ return 0;
+ new = malloc(sizeof(XdmAuthorizationRec));
if (!new)
- return 0;
+ return 0;
new->next = xdmAuth;
xdmAuth = new;
- memmove (new->key.data, key_bits, (int) 8);
- memmove (new->rho.data, rho_bits, (int) 8);
+ memmove(new->key.data, key_bits, (int) 8);
+ memmove(new->rho.data, rho_bits, (int) 8);
new->id = id;
return 1;
}
XID
-XdmCheckCookie (unsigned short cookie_length, const char *cookie,
- ClientPtr xclient, char **reason)
+XdmCheckCookie(unsigned short cookie_length, const char *cookie,
+ ClientPtr xclient, const char **reason)
{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
+ XdmAuthorizationPtr auth;
+ XdmClientAuthPtr client;
+ unsigned char *plain;
/* Auth packets must be a multiple of 8 bytes long */
if (cookie_length & 7)
- return (XID) -1;
+ return (XID) -1;
plain = malloc(cookie_length);
if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth=auth->next) {
- XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
- if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL)
- {
- client->next = xdmClients;
- xdmClients = client;
- free(plain);
- return auth->id;
- }
+ return (XID) -1;
+ for (auth = xdmAuth; auth; auth = auth->next) {
+ XdmcpUnwrap((unsigned char *) cookie, (unsigned char *) &auth->key,
+ plain, cookie_length);
+ if ((client =
+ XdmAuthorizationValidate(plain, cookie_length, &auth->rho, xclient,
+ reason)) != NULL) {
+ client->next = xdmClients;
+ xdmClients = client;
+ free(plain);
+ return auth->id;
+ }
}
free(plain);
return (XID) -1;
}
int
-XdmResetCookie (void)
+XdmResetCookie(void)
{
- XdmAuthorizationPtr auth, next_auth;
- XdmClientAuthPtr client, next_client;
+ XdmAuthorizationPtr auth, next_auth;
+ XdmClientAuthPtr client, next_client;
- for (auth = xdmAuth; auth; auth=next_auth)
- {
- next_auth = auth->next;
- free(auth);
+ for (auth = xdmAuth; auth; auth = next_auth) {
+ next_auth = auth->next;
+ free(auth);
}
xdmAuth = 0;
- for (client = xdmClients; client; client=next_client)
- {
- next_client = client->next;
- free(client);
+ for (client = xdmClients; client; client = next_client) {
+ next_client = client->next;
+ free(client);
}
xdmClients = (XdmClientAuthPtr) 0;
return 1;
}
XID
-XdmToID (unsigned short cookie_length, char *cookie)
+XdmToID(unsigned short cookie_length, char *cookie)
{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
+ XdmAuthorizationPtr auth;
+ XdmClientAuthPtr client;
+ unsigned char *plain;
plain = malloc(cookie_length);
if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth=auth->next) {
- XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
- if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL)
- {
- free(client);
- free(cookie);
- free(plain);
- return auth->id;
- }
+ return (XID) -1;
+ for (auth = xdmAuth; auth; auth = auth->next) {
+ XdmcpUnwrap((unsigned char *) cookie, (unsigned char *) &auth->key,
+ plain, cookie_length);
+ if ((client =
+ XdmAuthorizationValidate(plain, cookie_length, &auth->rho, NULL,
+ NULL)) != NULL) {
+ free(client);
+ free(cookie);
+ free(plain);
+ return auth->id;
+ }
}
free(cookie);
free(plain);
@@ -449,49 +439,47 @@ XdmToID (unsigned short cookie_length, char *cookie)
}
int
-XdmFromID (XID id, unsigned short *data_lenp, char **datap)
+XdmFromID(XID id, unsigned short *data_lenp, char **datap)
{
- XdmAuthorizationPtr auth;
-
- for (auth = xdmAuth; auth; auth=auth->next) {
- if (id == auth->id) {
- *data_lenp = 16;
- *datap = (char *) &auth->rho;
- return 1;
- }
+ XdmAuthorizationPtr auth;
+
+ for (auth = xdmAuth; auth; auth = auth->next) {
+ if (id == auth->id) {
+ *data_lenp = 16;
+ *datap = (char *) &auth->rho;
+ return 1;
+ }
}
return 0;
}
int
-XdmRemoveCookie (unsigned short data_length, const char *data)
+XdmRemoveCookie(unsigned short data_length, const char *data)
{
- XdmAuthorizationPtr auth;
- XdmAuthKeyPtr key_bits, rho_bits;
+ XdmAuthorizationPtr auth;
+ XdmAuthKeyPtr key_bits, rho_bits;
- switch (data_length)
- {
+ switch (data_length) {
case 16:
- rho_bits = (XdmAuthKeyPtr) data;
- key_bits = (XdmAuthKeyPtr) (data + 8);
- break;
+ rho_bits = (XdmAuthKeyPtr) data;
+ key_bits = (XdmAuthKeyPtr) (data + 8);
+ break;
#ifdef XDMCP
case 8:
- rho_bits = &rho;
- key_bits = (XdmAuthKeyPtr) data;
- break;
+ rho_bits = &rho;
+ key_bits = (XdmAuthKeyPtr) data;
+ break;
#endif
default:
- return 0;
+ return 0;
}
- for (auth = xdmAuth; auth; auth=auth->next) {
- if (XdmcpCompareKeys (rho_bits, &auth->rho) &&
- XdmcpCompareKeys (key_bits, &auth->key))
- {
- xdmAuth = auth->next;
- free(auth);
- return 1;
- }
+ for (auth = xdmAuth; auth; auth = auth->next) {
+ if (XdmcpCompareKeys(rho_bits, &auth->rho) &&
+ XdmcpCompareKeys(key_bits, &auth->key)) {
+ xdmAuth = auth->next;
+ free(auth);
+ return 1;
+ }
}
return 0;
}