diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-07-01 15:48:55 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-07-01 15:48:55 +0200 |
commit | 2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1 (patch) | |
tree | ba1bf29ee69e8ae391b0773161ff3baf58707761 | |
parent | a3a295288189d1312f5abef0e7b4cc57b948e7d3 (diff) | |
parent | 20454528656dbe98a538de7c67ce89e50841bd5f (diff) | |
download | nx-libs-2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1.tar.gz nx-libs-2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1.tar.bz2 nx-libs-2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1.zip |
Merge branch 'sunweaver-pr/libXau-cleanup' into 3.6.x
Attributes GH PR #152: https://github.com/ArcticaProject/nx-libs/pull/152
Reviewed by: Vadim Troshchinskiy <vadim@qindel.com> -- Fri, 01 Jul 2016 14:55:00 +0200
55 files changed, 33 insertions, 5515 deletions
@@ -103,7 +103,7 @@ install-lite: gzip $(DESTDIR)$(PREFIX)/share/man/man1/*.1 install-full: - for f in nxagent nxauth; do \ + for f in nxagent; do \ $(INSTALL_PROGRAM) bin/$$f $(DESTDIR)$(BINDIR); done for d in nxcompext nxcompshad; do \ $(MAKE) -C $$d install; done @@ -115,13 +115,10 @@ install-full: $(INSTALL_FILE) nx-X11/programs/Xserver/Xext/SecurityPolicy $(DESTDIR)$(PREFIX)/share/nx $(INSTALL_DIR) $(DESTDIR)$(NXLIBDIR)/bin - $(INSTALL_PROGRAM) nx-X11/programs/nxauth/nxauth $(DESTDIR)$(NXLIBDIR)/bin $(INSTALL_PROGRAM) nx-X11/programs/Xserver/nxagent $(DESTDIR)$(NXLIBDIR)/bin $(INSTALL_DIR) $(DESTDIR)$(PREFIX)/share/man/man1/ $(INSTALL_FILE) nx-X11/programs/Xserver/hw/nxagent/man/nxagent.1 $(DESTDIR)$(PREFIX)/share/man/man1/ - $(INSTALL_FILE) nx-X11/programs/nxauth/nxauth.man $(DESTDIR)$(PREFIX)/share/man/man1/ - mv -f $(DESTDIR)$(PREFIX)/share/man/man1/nxauth.man $(DESTDIR)$(PREFIX)/share/man/man1/nxauth.1 gzip $(DESTDIR)$(PREFIX)/share/man/man1/*.1 # create a clean nx-X11/.build-exports space @@ -180,7 +177,7 @@ uninstall-lite: $(RM_DIR) $(DESTDIR)$(NXLIBDIR)/share/nx/ uninstall-full: - for f in nxagent nxauth; do \ + for f in nxagent; do \ $(RM_FILE) $(DESTDIR)$(BINDIR)/$$f; done $(RM_FILE) $(DESTDIR)$(PREFIX)/share/nx/VERSION.nxagent diff --git a/debian/README.source b/debian/README.source index a43fa1de5..71cc0c2b2 100644 --- a/debian/README.source +++ b/debian/README.source @@ -10,7 +10,7 @@ This package originally pulled in 7 source tarballs from NoMachine: nx-X11 nxagent - nxauth + nxauth (discontinued in nx-libs) nxcomp nxcompshad nxcompext diff --git a/debian/control b/debian/control index 1a58cf6a7..c7e36f50c 100644 --- a/debian/control +++ b/debian/control @@ -75,6 +75,7 @@ Depends: nx-x11-common (>= ${source:Version}), nx-x11-common (<< ${source:Version}.1), Breaks: nxlibs (<= 3.5.1), libnx-x11 (<< 2:3.5.0.29-1~), + libnx-xau6 (<< 2:3.6.0.0), libnx-xcomposite1 (<< 2:3.6.0.0), libnx-xdamage1 (<< 2:3.6.0.0), libnx-xdmcp6 (<< 2:3.6.0.0), @@ -85,6 +86,7 @@ Breaks: nxlibs (<= 3.5.1), libnx-xrender1 (<< 2:3.6.0.0), libnx-xtst6 (<< 2:3.6.0.0), Replaces: nxlibs, + libnx-xau6, libnx-xcomposite1, libnx-xdamage1, libnx-xdmcp6, @@ -107,6 +109,7 @@ Provides: libnx-x11-6-dev Section: libdevel Architecture: any Breaks: nxlibs-dev (<=3.5.1), + libnx-xau-dev (<< 2:3.6.0.0), libnx-xcomposite-dev (<< 2:3.6.0.0), libnx-xdamage-dev (<< 2:3.6.0.0), libnx-xdmcp-dev (<< 2:3.6.0.0), @@ -117,6 +120,7 @@ Breaks: nxlibs-dev (<=3.5.1), libnx-xrender-dev (<< 2:3.6.0.0), libnx-xtst-dev (<< 2:3.6.0.0), Replaces: nxlibs-dev, + libnx-xau-dev, libnx-xcomposite-dev, libnx-xdamage-dev, libnx-xdmcp-dev, @@ -145,6 +149,7 @@ Depends: ${misc:Depends}, Section: debug Breaks: nx-x11-dbg (<< 2:3.5.0.29-1~), + libnx-xau6-dbg (<< 2:3.6.0.0), libnx-xcomposite1-dbg (<< 2:3.6.0.0), libnx-xdamage1-dbg (<< 2:3.6.0.0), libnx-xdmcp6-dbg (<< 2:3.6.0.0), @@ -155,6 +160,7 @@ Breaks: nx-x11-dbg (<< 2:3.5.0.29-1~), libnx-xrender1-dbg (<< 2:3.6.0.0), libnx-xtst6-dbg (<< 2:3.6.0.0), Replaces: nx-x11-dbg, + libnx-xau6-dbg, libnx-xcomposite1-dbg, libnx-xdamage1-dbg, libnx-xdmcp6-dbg, @@ -172,63 +178,6 @@ Description: nx-X11 client-side library (debug package) This package contains debug symbols for the core nx-X11 libraries customized for nxagent. -Package: libnx-xau6 -Architecture: any -Multi-Arch: same -Depends: - ${shlibs:Depends}, - ${misc:Depends}, -Breaks: nxlibs (<= 3.5.1), - libnx-x11 (<< 2:3.5.0.29-1~), -Description: nx-X11 authorisation library - NX is a software suite which implements very efficient - compression of the X11 protocol. This increases performance when - using X applications over a network, especially a slow one. - . - This package provides the main interface to the nx-X11 authorisation handling, - which controls authorisation for X connections, both client-side and - server-side. - -Package: libnx-xau-dev -Provides: libnx-xau6-dev -Section: libdevel -Architecture: any -Multi-Arch: same -Depends: - libnx-xau6 (= ${binary:Version}), - ${misc:Depends}, -Breaks: nxlibs (<= 3.5.1), - libnx-x11-dev (<< 2:3.5.0.29-1~), -Description: nx-X11 authorisation library (development headers) - NX is a software suite which implements very efficient - compression of the X11 protocol. This increases performance when - using X applications over a network, especially a slow one. - . - This package provides the main interface to the nx-X11 authorisation handling, - which controls authorisation for X connections, both client-side and - server-side. - . - This package contains the development headers for this library. - -Package: libnx-xau6-dbg -Architecture: any -Multi-Arch: same -Depends: - libnx-xau6 (= ${binary:Version}), - ${misc:Depends}, -Section: debug -Breaks: nx-x11-dbg (<< 2:3.5.0.29-1~), -Description: nx-X11 authorisation library (debug package) - NX is a software suite which implements very efficient - compression of the X11 protocol. This increases performance when - using X applications over a network, especially a slow one. - . - This package provides the main interface to the nx-X11 authorisation handling, - which controls authorisation for X connections, both client-side and - server-side. - . - This package contains debug symbols for this library. - Package: nx-x11proto-composite-dev Section: libdevel Architecture: any @@ -430,6 +379,10 @@ Depends: Recommends: xfonts-base, xkb-data, +Breaks: + nxauth, +Replaces: + nxauth, Description: NX agent NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when @@ -473,12 +426,16 @@ Description: NX agent (debug package) Package: nxproxy Architecture: any -Breaks: qvd-nxproxy -Replaces: qvd-nxproxy Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, +Breaks: + qvd-nxproxy, + nxauth, +Replaces: + qvd-nxproxy, + nxauth, Description: NX proxy NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when @@ -507,38 +464,6 @@ Description: NX proxy (debug package) helpful backtraces. You can safely remove it if you do not intend to debug NX packages on this system. -Package: nxauth -Architecture: any -Multi-Arch: foreign -Depends: - ${shlibs:Depends}, - ${misc:Depends}, -Description: NX xauth - NX is a software suite which implements very efficient - compression of the X11 protocol. This increases performance when - using X applications over a network, especially a slow one. - . - This package provides the NX xauth binary. - -Package: nxauth-dbg -Section: debug -Architecture: any -Multi-Arch: foreign -Depends: - nxauth (= ${binary:Version}), - ${misc:Depends}, -Breaks: nx-x11-dbg (<< 2:3.5.0.29-1~), -Description: NX auth (debug package) - NX is a software suite which implements very efficient - compression of the X11 protocol. This increases performance when - using X applications over a network, especially a slow one. - . - This package provides the NX auth binary. - . - This package contains detached debug symbols that help generating more - helpful backtraces. You can safely remove it if you do not intend to - debug NX packages on this system. - Package: libxcomp3 Architecture: any Multi-Arch: same diff --git a/debian/libnx-x11-dev.install b/debian/libnx-x11-dev.install index 83e2def0e..5f9590cbc 100644 --- a/debian/libnx-x11-dev.install +++ b/debian/libnx-x11-dev.install @@ -1,5 +1,6 @@ usr/lib/*/libNX_X11.so usr/include/*/nx-X11/ImUtil.h +usr/include/*/nx-X11/Xauth.h usr/include/*/nx-X11/XKBlib.h usr/include/*/nx-X11/Xcms.h usr/include/*/nx-X11/Xlib.h diff --git a/debian/libnx-xau-dev.install b/debian/libnx-xau-dev.install deleted file mode 100644 index 1bf954c00..000000000 --- a/debian/libnx-xau-dev.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/lib/*/libNX_Xau.so -usr/include/*/nx-X11/Xauth.h diff --git a/debian/libnx-xau6.install b/debian/libnx-xau6.install deleted file mode 100644 index 246377f12..000000000 --- a/debian/libnx-xau6.install +++ /dev/null @@ -1 +0,0 @@ -usr/lib/*/libNX_Xau.so.* diff --git a/debian/libnx-xau6.symbols b/debian/libnx-xau6.symbols deleted file mode 100644 index 03eeee753..000000000 --- a/debian/libnx-xau6.symbols +++ /dev/null @@ -1,9 +0,0 @@ -libNX_Xau.so.6 libnx-xau6 #MINVER# - XauDisposeAuth@Base 3.5.0.29 - XauFileName@Base 3.5.0.29 - XauGetAuthByAddr@Base 3.5.0.29 - XauGetBestAuthByAddr@Base 3.5.0.29 - XauLockAuth@Base 3.5.0.29 - XauReadAuth@Base 3.5.0.29 - XauUnlockAuth@Base 3.5.0.29 - XauWriteAuth@Base 3.5.0.29 diff --git a/debian/nxauth.dirs b/debian/nxauth.dirs deleted file mode 100644 index 7c8e1505c..000000000 --- a/debian/nxauth.dirs +++ /dev/null @@ -1,2 +0,0 @@ -usr/bin -usr/lib/nx/bin diff --git a/debian/nxauth.install b/debian/nxauth.install deleted file mode 100644 index eefba46b9..000000000 --- a/debian/nxauth.install +++ /dev/null @@ -1,3 +0,0 @@ -usr/lib/nx/bin/nxauth -usr/bin/nxauth -usr/share/man/man1/nxauth.1* diff --git a/debian/rules b/debian/rules index e41f97c81..2395f43e5 100755 --- a/debian/rules +++ b/debian/rules @@ -56,12 +56,9 @@ override_dh_auto_build: override_dh_strip: dh_strip -plibnx-x11-6 --dbg-package=libnx-x11-6-dbg - dh_strip -plibnx-xau6 --dbg-package=libnx-xau6-dbg dh_strip -plibnx-xext6 --dbg-package=libnx-xext6-dbg dh_strip -plibxcomp3 --dbg-package=libxcomp3-dbg dh_strip -plibxcompshad3 --dbg-package=libxcompshad3-dbg dh_strip -plibxcompext3 --dbg-package=libxcompext3-dbg dh_strip -pnxagent --dbg-package=nxagent-dbg dh_strip -pnxproxy --dbg-package=nxproxy-dbg - dh_strip -pnxauth --dbg-package=nxauth-dbg - diff --git a/nx-X11/config/cf/Imake.tmpl b/nx-X11/config/cf/Imake.tmpl index f40864ced..d540f418b 100644 --- a/nx-X11/config/cf/Imake.tmpl +++ b/nx-X11/config/cf/Imake.tmpl @@ -566,12 +566,6 @@ X_BYTE_ORDER = ByteOrder #ifndef HasSecureRPC #define HasSecureRPC NO /* if you have Secure RPC */ #endif -#ifndef HasKrbIV -#define HasKrbIV NO /* if you have Kerberos IV */ -#endif -#ifndef HasKrb5 -#define HasKrb5 NO /* if you have Kerberos V5 */ -#endif #ifndef HasLatex #define HasLatex NO #endif @@ -591,27 +585,6 @@ X_BYTE_ORDER = ByteOrder #ifndef GzipLibrary /* if OS config didn't define it, assume it's -lz */ #define GzipLibrary -lz #endif -#if HasKrbIV -#ifndef KrbIVIncludes -#define KrbIVIncludes /**/ -#endif -#ifndef KrbIVLibraries -#define KrbIVLibraries -lkrb -ldes -#endif -#endif -#if HasKrb5 -#ifndef Krb5Includes -#define Krb5Includes -I/krb5/include -#endif -#ifndef Krb5Libraries -#define Krb5Libraries -L/krb5/lib -L/usr/isode/lib -lkrb5 -lcrypto -lisode -lcom_err -ldbm -#endif -#else -#undef Krb5Includes -#define Krb5Includes /**/ -#undef Krb5Libraries -#define Krb5Libraries /**/ -#endif #ifndef UseGnuMalloc #define UseGnuMalloc NO #endif @@ -1878,7 +1851,7 @@ MODLDCOMBINEFLAGS = ModuleLdCombineFlags STD_DEFINES = StandardDefines $(PROJECT_DEFINES) EXTRA_LOAD_FLAGS = ExtraLoadFlags EXTRA_LDOPTIONS = ExtraLoadOptions - EXTRA_LIBRARIES = MallocLibraries ExtraLibraries Krb5Libraries + EXTRA_LIBRARIES = MallocLibraries ExtraLibraries TAGS = TagsCmd #if ConstructMFLAGS MFLAGS = -$(MAKEFLAGS) diff --git a/nx-X11/config/cf/README b/nx-X11/config/cf/README index 826682314..0cd37245a 100644 --- a/nx-X11/config/cf/README +++ b/nx-X11/config/cf/README @@ -68,8 +68,6 @@ Imake.tmpl provides defaults for the following variables: HasGnuMake use the GNU make program? HasGhostPCL boolean for system has GhostPCL HasGhostScript boolean for system has GhostScript - HasKrbIV system has Kerberos version IV support? - HasKrb5 system has Kerberos version 5 support? HasLargeTmp boolean for system has /tmp space HasLatex system has LaTeX document preparation software HasLibCrypt boolean for system has libcrypt @@ -105,10 +103,6 @@ Imake.tmpl provides defaults for the following variables: InstPgmFlags install flags for normal programs InstUidFlags install flags for xterm to chown /dev/ptys InstallCmd command to install files - KrbIVIncludes where to include KerberosIV header files from - KrbIVLibraries where to load KerberosIV libraries from - Krb5Includes where to include Kerberos header files from - Krb5Libraries where to load Kerberos libraries from LdCmd command to run loader LdCombineFlags flags for incremental loading LexCmd command to run lex @@ -189,7 +183,6 @@ X11.tmpl provides defaults for the following variables: ConnectionFlags -D's for supported transports ContribDir location of user-contributed sources DebugLibX11 build libX11_d.a - DebugLibXau build libXau_d.a DebugLibXext build libXext_d.a DefaultCursorTheme name of default cursor theme DefaultFontPath default server font path @@ -208,7 +201,6 @@ X11.tmpl provides defaults for the following variables: needs Wraphelp.c, see Release Notes InstallLibManPages boolean for installing library man pages InstallSecurityConfig install server security policy file over old? - KrbIVDefines defines for use with KerberosIV LibDir directory in which to install X11 support files LibManSuffix man suffix for library pages LibmanDir directory in which to install library man pages @@ -223,12 +215,10 @@ X11.tmpl provides defaults for the following variables: NeedDefaultDepLibs boolean for enabling default DEPLIBS NlsDir directory in which to install nls files NormalLibX11 build libX11.a - NormalLibXau build libXau.a NormalLibXext build libXext.a OsNameDefines If uname(2) unavailable, set to -DOS_NAME=OSName PrimaryScreenResolution resolution of default server screen ProfileLibX11 build libX11_p.a - ProfileLibXau build libXau_p.a ProfileLibXext build libXext_p.a ProjectX version indicating this is the X Window System RemoveTargetProgramByMoving boolean for rm -f that doesn't @@ -239,7 +229,6 @@ X11.tmpl provides defaults for the following variables: ServerOSDefines OS -D's for server ServerAssertDefines -DNDEBUG for no assertions, /**/ for assertions SharedLibX11 boolean for making sharable libX11.so - SharedLibXau boolean for making sharable libXau.so SharedLibXext boolean for making sharable libXext.so ShmDefines MIT-SHM define TwmDir directory in which to install twm config files @@ -311,8 +300,6 @@ An <os>Lib.tmpl file provides defaults for the following variables: SharedX11Reqs required libs for libX11.so SharedX11Rev version number for libX11.so - SharedXauReqs required libs for libXau.so - SharedXauRev version number for libXau.so SharedXextReqs required libs for libXext.so SharedXextRev version number for libXext.so diff --git a/nx-X11/config/cf/X11.tmpl b/nx-X11/config/cf/X11.tmpl index 60693afd5..ce952fb68 100644 --- a/nx-X11/config/cf/X11.tmpl +++ b/nx-X11/config/cf/X11.tmpl @@ -153,10 +153,6 @@ XORGRELSTRING = XorgManVersionString #ifndef BuildXextLib #define BuildXextLib BuildLibraries #endif -#ifndef BuildXauLib -#define BuildXauLib (BuildLibraries || BuildLibrariesForXServers) -#endif -#define UseInstalledXauLib (defined(UseInstalled) || !BuildXauLib) #ifndef BuildTestExt #define BuildTestExt YES #endif @@ -743,20 +739,6 @@ FCHOWN_DEFINES = -DHAS_FCHOWN #ifndef ServerOSDefines #define ServerOSDefines /**/ #endif -#if HasKrbIV -#ifndef KrbIVDefines -#define KrbIVDefines -DKERBEROS -#endif -#else -#define KrbIVDefines /**/ -#endif -#if HasKrb5 -#ifndef Krb5Defines -#define Krb5Defines -DK5AUTH -#endif -#else -#define Krb5Defines /**/ -#endif #ifndef ServerExtraDefines #define ServerExtraDefines /* -DPIXPRIV */ #endif @@ -1237,31 +1219,6 @@ LINTEXTENSIONLIB = $(LINTEXTENSION) DEPXLIB = $(DEPEXTENSIONLIB) $(DEPXONLYLIB) XLIB = $(EXTENSIONLIB) $(XONLYLIB) LINTXLIB = $(LINTXONLYLIB) -#ifndef SharedLibXau -#define SharedLibXau YES -#endif -#ifndef NormalLibXau -#define NormalLibXau (!SharedLibXau | ForceNormalLib) -#endif -#ifndef DebugLibXau -#define DebugLibXau NO /* debugged auth library */ -#endif -#ifndef ProfileLibXau -#define ProfileLibXau NO /* profiled auth library */ -#endif - XAUTHSRC = $(LIBSRC)/Xau -#if SharedLibXau -#ifndef SharedXauRev -#define SharedXauRev 6.0 -#endif -SharedLibReferences(XAUTH,NX_Xau,$(XAUTHSRC),SOXAUTHREV,SharedXauRev) -#else -#if !UseInstalledXauLib -ProjectUnsharedLibReferences(XAUTH,NX_Xau,$(XAUTHSRC),XBuildLibDir) -#else -ProjectUnsharedLibReferences(XAUTH,NX_Xau,$(XAUTHSRC),$(USRLIBDIR)) -#endif -#endif #if HasMotif diff --git a/nx-X11/config/cf/host.def b/nx-X11/config/cf/host.def index f1737a998..76f2f6e8b 100644 --- a/nx-X11/config/cf/host.def +++ b/nx-X11/config/cf/host.def @@ -411,8 +411,6 @@ XCOMM $XFree86: xc/config/cf/xf86site.def,v 3.186 2003/06/25 18:06:22 eich Exp $ #define BuildXKB YES #define BuildXKBlib YES -#define SharedLibXau YES - /* * If you are running NetBSD 0.9C or later, and have the aperture driver * installed, uncomment this. @@ -563,7 +561,5 @@ XCOMM $XFree86: xc/config/cf/xf86site.def,v 3.186 2003/06/25 18:06:22 eich Exp $ #define X86EMU_LIBPATH /usr/local/lib */ -#define SharedLibXau YES - #define BuildRman NO #define BuildLoadableXlibI18n NO diff --git a/nx-X11/config/cf/linux.cf b/nx-X11/config/cf/linux.cf index 1caffce8a..37be61534 100644 --- a/nx-X11/config/cf/linux.cf +++ b/nx-X11/config/cf/linux.cf @@ -609,7 +609,6 @@ XCOMM binutils: (LinuxBinUtilsMajorVersion) # define AsCmd CcCmd -c -x assembler # define LdCmd CcCmd -nostdlib # define AsmDefines -D__ELF__ -# define SharedLibXau YES # endif /* HPArchitecture */ # ifdef i386Architecture # define CcCmd gcc -b i486-linux diff --git a/nx-X11/include/Imakefile b/nx-X11/include/Imakefile index 76a4daf6d..7e05f4354 100644 --- a/nx-X11/include/Imakefile +++ b/nx-X11/include/Imakefile @@ -16,6 +16,8 @@ GLXDIR = GL SUBDIRS = extensions $(GLXDIR) +AU_HEADERS = Xauth.h + #ifdef Win32Architecture EXTRA_HEADERS = Xw32defs.h Xwinsock.h Xwindows.h #elif defined(cygwinArchitecture) @@ -46,6 +48,7 @@ HEADERS = \ ap_keysym.h \ keysym.h \ keysymdef.h \ + $(AU_HEADERS) \ $(EXTRA_HEADERS) \ $(NULL) diff --git a/nx-X11/lib/Xau/Xauth.h b/nx-X11/include/Xauth.h index 7ac8bf77b..b5870f66f 100644 --- a/nx-X11/lib/Xau/Xauth.h +++ b/nx-X11/include/Xauth.h @@ -53,7 +53,6 @@ typedef struct xauth { # define FamilyLocal (256) /* not part of X standard (i.e. X.h) */ # define FamilyWild (65535) # define FamilyNetname (254) /* not part of X standard */ -# define FamilyKrb5Principal (253) /* Kerberos 5 principal name */ # define FamilyLocalHost (252) /* for local non-net authentication */ @@ -65,22 +64,6 @@ Xauth *XauReadAuth( FILE* /* auth_file */ ); -int XauLockAuth( -_Xconst char* /* file_name */, -int /* retries */, -int /* timeout */, -long /* dead */ -); - -int XauUnlockAuth( -_Xconst char* /* file_name */ -); - -int XauWriteAuth( -FILE* /* auth_file */, -Xauth* /* auth */ -); - Xauth *XauGetAuthByName( _Xconst char* /* display_name */ ); @@ -132,31 +115,8 @@ void XauDisposeAuth( Xauth* /* auth */ ); -#ifdef K5AUTH -#include <krb5/krb5.h> -/* 9/93: krb5.h leaks some symbols */ -#undef BITS32 -#undef xfree - -int XauKrb5Encode( - krb5_principal /* princ */, - krb5_data * /* outbuf */ -); - -int XauKrb5Decode( - krb5_data /* inbuf */, - krb5_principal * /* princ */ -); -#endif /* K5AUTH */ - _XFUNCPROTOEND -/* Return values from XauLockAuth */ - -# define LOCK_SUCCESS 0 /* lock succeeded */ -# define LOCK_ERROR 1 /* lock unexpectely failed, check errno */ -# define LOCK_TIMEOUT 2 /* lock failed, timeouts expired */ - #endif /* _XAUTH_STRUCT_ONLY */ #endif /* _Xauth_h */ diff --git a/nx-X11/lib/Imakefile b/nx-X11/lib/Imakefile index 20a18dab1..4cf8bf08e 100644 --- a/nx-X11/lib/Imakefile +++ b/nx-X11/lib/Imakefile @@ -15,10 +15,6 @@ NULL = XKBLIBDIR = xkbfile #endif -#if BuildXauLib -XAULIBDIR = Xau -#endif - #if BuildX11Lib X11LIBDIR = X11 #endif @@ -29,7 +25,6 @@ XEXTLIBDIR = Xext LINTSUBDIRS = \ - $(XAULIBDIR) \ $(X11LIBDIR) \ $(XEXTLIBDIR) \ $(XKBLIBDIR) \ diff --git a/nx-X11/lib/Xau/AuDispose.c b/nx-X11/lib/X11/AuDispose.c index dc2080f40..dc2080f40 100644 --- a/nx-X11/lib/Xau/AuDispose.c +++ b/nx-X11/lib/X11/AuDispose.c diff --git a/nx-X11/lib/Xau/AuFileName.c b/nx-X11/lib/X11/AuFileName.c index 6ab0138b8..6ab0138b8 100644 --- a/nx-X11/lib/Xau/AuFileName.c +++ b/nx-X11/lib/X11/AuFileName.c diff --git a/nx-X11/lib/Xau/AuGetBest.c b/nx-X11/lib/X11/AuGetBest.c index eb27f24c1..03d49ac80 100644 --- a/nx-X11/lib/Xau/AuGetBest.c +++ b/nx-X11/lib/X11/AuGetBest.c @@ -132,7 +132,7 @@ XauGetBestAuthByAddr ( if ((family == FamilyWild || entry->family == FamilyWild || (entry->family == family && ((address_length == entry->address_length && - binaryEqual (entry->address, address, (int)address_length)) + binaryEqual (entry->address, address, (int)address_length)) #ifdef hpux || (family == FamilyLocal && fully_qual_address_length == entry->address_length && diff --git a/nx-X11/lib/Xau/AuRead.c b/nx-X11/lib/X11/AuRead.c index 2e2509633..2e2509633 100644 --- a/nx-X11/lib/Xau/AuRead.c +++ b/nx-X11/lib/X11/AuRead.c diff --git a/nx-X11/lib/X11/Imakefile b/nx-X11/lib/X11/Imakefile index 1ba1e4818..cc87d6e7b 100644 --- a/nx-X11/lib/X11/Imakefile +++ b/nx-X11/lib/X11/Imakefile @@ -172,12 +172,6 @@ EXTRA_LIBRARIES = /**/ SETID_DEFINES = -DHASGETRESUID #endif XLC_DEFINES = -DXLOCALEDIR=\"$(XLOCALEDIR)\" -#if HasKrb5 - K5OBJS = k5encode.o - K5SRCS = k5encode.c - K5INCL = Krb5Includes - K5DEFS = Krb5Defines -#endif #if (defined(FreeBSDArchitecture) && OSRelVersion < 500016) || \ defined(OpenBSDArchitecture) THRSTUBSRCS = UIThrStubs.c @@ -1082,9 +1076,6 @@ SpecialCLibObjectRule(KeyBind,$(ICONFIGFILES),$(XKB_DEFINES)) SpecialCLibObjectRule(XKBBind,$(ICONFIGFILES),$(XKB_DEFINES)) SpecialCLibObjectRule(imConv,$(ICONFIGFILES),$(XKB_DEFINES)) #endif -#if HasKrb5 -SpecialCLibObjectRule(k5encode,$(_NOOP_),$(K5INCL)) -#endif #if BuildLoadableXlibI18n SpecialCLibObjectRuleSeparateOpts(lcInit,$(ICONFIGFILES),$(_NOOP_),$(LC_DYNDEFINES)) SpecialCLibObjectRuleSeparateOpts(lcGeneric,$(ICONFIGFILES),$(_NOOP_),$(LC_DYNDEFINES)) @@ -1104,15 +1095,6 @@ InstallNonExecFile(XErrorDB,$(LIBDIR)) InstallNonExecFile(XKeysymDB,$(LIBDIR)) InstallLintLibrary(X11,$(LINTLIBDIR)) - -LinkSourceFile(AuDispose.c,$(XAUTHSRC)) -LinkSourceFile(AuGetBest.c,$(XAUTHSRC)) -LinkSourceFile(AuFileName.c,$(XAUTHSRC)) -LinkSourceFile(AuRead.c,$(XAUTHSRC)) -#if HasKrb5 -LinkSourceFile(k5encode.c,$(XAUTHSRC)) -#endif - #ifdef QNX4Architecture LOCAL_LDFLAGS=-F #endif diff --git a/nx-X11/lib/Xau/AuGetAddr.c b/nx-X11/lib/Xau/AuGetAddr.c deleted file mode 100644 index d68ceadc2..000000000 --- a/nx-X11/lib/Xau/AuGetAddr.c +++ /dev/null @@ -1,112 +0,0 @@ -/* $Xorg: AuGetAddr.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuGetAddr.c,v 1.5 2001/12/14 19:54:36 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> -#include <nx-X11/Xos.h> - -static int -binaryEqual (_Xconst char *a, _Xconst char *b, int len) -{ - while (len--) - if (*a++ != *b++) - return 0; - return 1; -} - -Xauth * -XauGetAuthByAddr ( -#if NeedWidePrototypes -unsigned int family, -unsigned int address_length, -#else -unsigned short family, -unsigned short address_length, -#endif -_Xconst char* address, -#if NeedWidePrototypes -unsigned int number_length, -#else -unsigned short number_length, -#endif -_Xconst char* number, -#if NeedWidePrototypes -unsigned int name_length, -#else -unsigned short name_length, -#endif -_Xconst char* name) -{ - FILE *auth_file; - char *auth_name; - Xauth *entry; - - auth_name = XauFileName (); - if (!auth_name) - return 0; - if (access (auth_name, R_OK) != 0) /* checks REAL id */ - return 0; - auth_file = fopen (auth_name, "rb"); - if (!auth_file) - return 0; - for (;;) { - entry = XauReadAuth (auth_file); - if (!entry) - break; - /* - * Match when: - * either family or entry->family are FamilyWild or - * family and entry->family are the same and - * address and entry->address are the same - * and - * either number or entry->number are empty or - * number and entry->number are the same - * and - * either name or entry->name are empty or - * name and entry->name are the same - */ - - if ((family == FamilyWild || entry->family == FamilyWild || - (entry->family == family && - address_length == entry->address_length && - binaryEqual (entry->address, address, (int)address_length))) && - (number_length == 0 || entry->number_length == 0 || - (number_length == entry->number_length && - binaryEqual (entry->number, number, (int)number_length))) && - (name_length == 0 || entry->name_length == 0 || - (entry->name_length == name_length && - binaryEqual (entry->name, name, (int)name_length)))) - break; - XauDisposeAuth (entry); - } - (void) fclose (auth_file); - return entry; -} diff --git a/nx-X11/lib/Xau/AuLock.c b/nx-X11/lib/Xau/AuLock.c deleted file mode 100644 index 1813dc368..000000000 --- a/nx-X11/lib/Xau/AuLock.c +++ /dev/null @@ -1,106 +0,0 @@ -/* $Xorg: AuLock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuLock.c,v 3.6 2002/05/31 18:45:43 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> -#include <nx-X11/Xos.h> -#include <sys/stat.h> -#include <errno.h> -#include <time.h> -#define Time_t time_t -#ifndef X_NOT_POSIX -#include <unistd.h> -#else -#ifndef WIN32 -extern unsigned sleep (); -#else -#include <nx-X11/Xwindows.h> -#define link rename -#endif -#endif -#ifdef __UNIXOS2__ -#define link rename -#endif - -int -XauLockAuth ( -_Xconst char *file_name, -int retries, -int timeout, -long dead) -{ - char creat_name[1025], link_name[1025]; - struct stat statb; - Time_t now; - int creat_fd = -1; - - if (strlen (file_name) > 1022) - return LOCK_ERROR; - (void) strcpy (creat_name, file_name); - (void) strcat (creat_name, "-c"); - (void) strcpy (link_name, file_name); - (void) strcat (link_name, "-l"); - if (stat (creat_name, &statb) != -1) { - now = time ((Time_t *) 0); - /* - * NFS may cause ctime to be before now, special - * case a 0 deadtime to force lock removal - */ - if (dead == 0 || now - statb.st_ctime > dead) { - (void) unlink (creat_name); - (void) unlink (link_name); - } - } - - while (retries > 0) { - if (creat_fd == -1) { - creat_fd = open (creat_name, O_WRONLY | O_CREAT | O_EXCL, 0600); - if (creat_fd == -1) { - if (errno != EACCES) - return LOCK_ERROR; - } else - (void) close (creat_fd); - } - if (creat_fd != -1) { - if (link (creat_name, link_name) != -1) - return LOCK_SUCCESS; - if (errno == ENOENT) { - creat_fd = -1; /* force re-creat next time around */ - continue; - } - if (errno != EEXIST) - return LOCK_ERROR; - } - (void) sleep ((unsigned) timeout); - --retries; - } - return LOCK_TIMEOUT; -} diff --git a/nx-X11/lib/Xau/AuUnlock.c b/nx-X11/lib/Xau/AuUnlock.c deleted file mode 100644 index e40042104..000000000 --- a/nx-X11/lib/Xau/AuUnlock.c +++ /dev/null @@ -1,62 +0,0 @@ -/* $Xorg: AuUnlock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuUnlock.c,v 1.4 2001/12/14 19:54:36 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> -#include <nx-X11/Xos.h> - -int -XauUnlockAuth ( -_Xconst char *file_name) -{ -#ifndef WIN32 - char creat_name[1025]; -#endif - char link_name[1025]; - - if (strlen (file_name) > 1022) - return 0; -#ifndef WIN32 - (void) strcpy (creat_name, file_name); - (void) strcat (creat_name, "-c"); -#endif - (void) strcpy (link_name, file_name); - (void) strcat (link_name, "-l"); - /* - * I think this is the correct order - */ -#ifndef WIN32 - (void) unlink (creat_name); -#endif - (void) unlink (link_name); - - return 1; -} diff --git a/nx-X11/lib/Xau/AuWrite.c b/nx-X11/lib/Xau/AuWrite.c deleted file mode 100644 index 5a9b44eb2..000000000 --- a/nx-X11/lib/Xau/AuWrite.c +++ /dev/null @@ -1,73 +0,0 @@ -/* $Xorg: AuWrite.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuWrite.c,v 1.3 2001/01/17 19:42:24 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> - -static int -write_short (unsigned short s, FILE *file) -{ - unsigned char file_short[2]; - - file_short[0] = (s & (unsigned)0xff00) >> 8; - file_short[1] = s & 0xff; - if (fwrite ((char *) file_short, (int) sizeof (file_short), 1, file) != 1) - return 0; - return 1; -} - -static int -write_counted_string (unsigned short count, char *string, FILE *file) -{ - if (write_short (count, file) == 0) - return 0; - if (fwrite (string, (int) sizeof (char), (int) count, file) != count) - return 0; - return 1; -} - -int -XauWriteAuth (auth_file, auth) -FILE *auth_file; -Xauth *auth; -{ - if (write_short (auth->family, auth_file) == 0) - return 0; - if (write_counted_string (auth->address_length, auth->address, auth_file) == 0) - return 0; - if (write_counted_string (auth->number_length, auth->number, auth_file) == 0) - return 0; - if (write_counted_string (auth->name_length, auth->name, auth_file) == 0) - return 0; - if (write_counted_string (auth->data_length, auth->data, auth_file) == 0) - return 0; - return 1; -} diff --git a/nx-X11/lib/Xau/Autest.c b/nx-X11/lib/Xau/Autest.c deleted file mode 100644 index 2352cf170..000000000 --- a/nx-X11/lib/Xau/Autest.c +++ /dev/null @@ -1,71 +0,0 @@ -/* $Xorg: Autest.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> - -main (argc, argv) -char **argv; -{ - Xauth test_data; - char *name, *data, *file; - int state = 0; - FILE *output; - - while (*++argv) { - if (!strcmp (*argv, "-file")) - file = *++argv; - else if (state == 0) { - name = *argv; - ++state; - } else if (state == 1) { - data = *argv; - ++state; - } - } - if(!file) { - fprintf (stderr, "No file\n"); - exit (1); - } - test_data.family = 0; - test_data.address_length = 0; - test_data.address = ""; - test_data.number_length = 0; - test_data.number = ""; - test_data.name_length = strlen (name); - test_data.name = name; - test_data.data_length = strlen (data); - test_data.data = data; - output = fopen (file, "w"); - if (output) { - XauWriteAuth (output, &test_data); - fclose (output); - } -} diff --git a/nx-X11/lib/Xau/Imakefile b/nx-X11/lib/Xau/Imakefile deleted file mode 100644 index df80d28d4..000000000 --- a/nx-X11/lib/Xau/Imakefile +++ /dev/null @@ -1,49 +0,0 @@ -XCOMM $Xorg: Imakefile,v 1.3 2000/08/17 19:45:29 cpqbld Exp $ -XCOMM $XdotOrg: xc/lib/Xau/Imakefile,v 1.4 2005/09/22 23:54:18 alanc Exp $ - - - -XCOMM $XFree86: xc/lib/Xau/Imakefile,v 3.5 1999/04/17 09:08:11 dawes Exp $ - -#define DoNormalLib NormalLibXau -#define DoSharedLib SharedLibXau -#define DoExtraLib SharedLibXau -#define DoDebugLib DebugLibXau -#define DoProfileLib ProfileLibXau -#define LibName NX_Xau -#define SoRev SOXAUTHREV -#define IncSubdir nx-X11 - -#include <Threads.tmpl> - -#ifdef SharedXauReqs -REQUIREDLIBS = SharedXauReqs -#endif - - LINTLIBS = $(LINTXLIB) - -#if HasKrb5 -K5ENCSRC = k5encode.c -K5ENCOBJ = k5encode.o -INCLUDES = Krb5Includes -#else -K5ENCSRC = -K5ENCOBJ = -INCLUDES = -#endif - -HEADERS = \ - Xauth.h - -SRCS = AuDispose.c AuFileName.c AuGetAddr.c AuGetBest.c AuLock.c \ - AuRead.c AuUnlock.c AuWrite.c $(K5ENCSRC) - -OBJS = AuDispose.o AuFileName.o AuGetAddr.o AuGetBest.o AuLock.o \ - AuRead.o AuUnlock.o AuWrite.o $(K5ENCOBJ) - -#define IncludeSharedObjectInNormalLib -#define UnsharedLibObjCompile(options) LibObjCompile(unshared,$(CDEBUGFLAGS) $(CLIBDEBUGFLAGS) options $(PICFLAGS)) - -#include <Library.tmpl> - -DependTarget() diff --git a/nx-X11/lib/Xau/README b/nx-X11/lib/Xau/README deleted file mode 100644 index 404eef079..000000000 --- a/nx-X11/lib/Xau/README +++ /dev/null @@ -1,184 +0,0 @@ - - - A Sample Authorization Protocol for X - - -Overview - -The following note describes a very simple mechanism for providing individual -access to an X Window System display. It uses existing core protocol and -library hooks for specifying authorization data in the connection setup block -to restrict use of the display to only those clients that show that they -know a server-specific key called a "magic cookie". This mechanism is *not* -being proposed as an addition to the Xlib standard; among other reasons, a -protocol extension is needed to support more flexible mechanisms. We have -implemented this mechanism already; if you have comments, please send them -to us. - -This scheme involves changes to the following parts of the sample release: - - o xdm - - generate random magic cookie and store in protected file - - pass name of magic cookie file to server - - when user logs in, add magic cookie to user's auth file - - when user logs out, generate a new cookie for server - - o server - - a new command line option to specify cookie file - - check client authorization data against magic cookie - - read in cookie whenever the server resets - - do not add local machine to host list if magic cookie given - - o Xlib - - read in authorization data from file - - find data for appropriate server - - send authorization data if found - - o xauth [new program to manage user auth file] - - add entries to user's auth file - - remove entries from user's auth file - -This mechanism assumes that the superuser and the transport layer between -the client and the server is secure. Organizations that desire stricter -security are encouraged to look at systems such as Kerberos (at Project -Athena). - - -Description - -The sample implementation will use the xdm Display Manager to set up and -control the server's authorization file. Sites that do not run xdm will -need to build their own mechanisms. - -Xdm uses a random key (seeded by the system time and check sum of /dev/kmem) -to generate a unique sequence of characters at 16 bytes long. This sequence -will be written to a file which is made readable only by the server. The -server will then be started with a command line option instructing it to use -the contents of the file as the magic cookie for connections that include -authorization data. This will also disable the server from adding the local -machine's address to the initial host list. Note that the actual cookie must -not be stored on the command line or in an environment variable, to prevent -it from being publicly obtainable by the "ps" command. - -If a client presents an authorization name of "MIT-MAGIC-COOKIE-1" and -authorization data that matches the magic cookie, that client is allowed -access. If the name or data does not match and the host list is empty, -that client will be denied access. Otherwise, the existing host-based access -control will be used. Since any client that is making a connection from a -machine on the host list will be granted access even if their authorization -data is incorrect, sites are strongly urged not to set up any default hosts -using the /etc/X*.hosts files. Granting access to other machines should be -done by the user's session manager instead. - -Assuming the server is configured with an empty host list, the existence of the -cookie is sufficient to ensure there will be no unauthorized access to the -display. However, xdm will (continue to) work to minimize the chances of -spoofing on servers that do not support this authorization mechanism. This -will be done by grabbing the server and the keyboard after opening the display. -This action will be surrounded by a timer which will kill the server if the -grabs cannot be done within several seconds. [This level of security is now -implemented in patches already sent out.] - -After the user logs in, xdm will add authorization entries for each of the -server machine's network addresses to the user's authorization file (the format -of which is described below). This file will usually be named .Xauthority in -the users's home directory; will be owned by the user (as specified by the -pw_uid and pw_gid fields in the user's password entry), and will be accessible -only to the user (no group access). This file will contain authorization data -for all of the displays opened by the user. - -When the session terminates, xdm will generate and store a new magic cookie -for the server. Then, xdm will shutdown its own connection and send a -SIGHUP to the server process, which should cause the server to reset. The -server will then read in the new magic cookie. - -To support accesses (both read and write) from multiple machines (for use in -environments that use distributed file systems), file locking is done using -hard links. This is done by creat'ing (sic) a lock file and then linking it -to another name in the same directory. If the link-target already exists, -the link will fail, indicating failure to obtain the lock. Linking is used -instead of just creating the file read-only since link will fail even for -the superuser. - -Problems and Solutions - -There are a few problems with .Xauthority as described. If no home directory -exists, or if xdm cannot create a file there (disk full), xdm stores the -cookie in a file in a resource-specified back-up directory, and sets an -environment variable in the user's session (called XAUTHORITY) naming this -file. There is also the problem that the locking attempts will need to be -timed out, due to a leftover lock. Xdm, again, creates a file and set an -environment variable. Finally, the back-up directory might be full. Xdm, -as a last resort, provides a function key binding that allows a user to log -in without having the authorization data stored, and with host-based access -control disabled. - -Xlib - -XOpenDisplay in Xlib was enhanced to allow specification of authorization -information. As implied above, Xlib looks for the data in the -.Xauthority file of the home directory, or in the file pointed at by the -XAUTHORITY environment variable instead if that is defined. This required -no programmatic interface change to Xlib. In addition, a new Xlib routine -is provided to explicitly specify authorization. - - XSetAuthorization(name, namelen, data, datalen) - int namelen, datalen; - char *name, *data; - -There are three types of input: - - name NULL, data don't care - use default authorization mechanism. - name non-NULL, data NULL - use the named authorization; get - data from that mechanism's default. - name non-NULL, data non-NULL - use the given authorization and data. - -This interface is used by xdm and might also be used by any other -applications that wish to explicitly set the authorization information. - -Authorization File - -The .Xauthority file is a binary file consisting of a sequence of entries -in the following format: - - 2 bytes Family value (second byte is as in protocol HOST) - 2 bytes address length (always MSB first) - A bytes host address (as in protocol HOST) - 2 bytes display "number" length (always MSB first) - S bytes display "number" string - 2 bytes name length (always MSB first) - N bytes authorization name string - 2 bytes data length (always MSB first) - D bytes authorization data string - -The format is binary for easy processing, since authorization information -usually consists of arbitrary data. Host addresses are used instead of -names to eliminate potentially time-consuming name resolutions in -XOpenDisplay. Programs, such as xdm, that initialize the user's -authorization file will have to do the same work as the server in finding -addresses for all network interfaces. If more than one entry matches the -desired address, the entry that is chosen is implementation-dependent. In -our implementation, it is always the first in the file. - -The Family is specified in two bytes to allow out-of-band values -(i.e. values not in the Protocol) to be used. In particular, -two new values "FamilyLocal" and "FamilyWild" are defined. FamilyLocal -refers to any connections using a non-network method of connetion from the -local machine (Unix domain sockets, shared memory, loopback serial line). -In this case the host address is specified by the data returned from -gethostname() and better be unique in a collection of machines -which share NFS directories. FamilyWild is currently used only -by xdm to communicate authorization data to the server. It matches -any family/host address pair. - -For FamilyInternet, the host address is the 4 byte internet address, for -FamilyDecnet, the host address is the byte decnet address, for FamilyChaos -the address is also two bytes. - -The Display Number is the ascii representation of the display number -portion of the display name. It is in ascii to allow future expansion -to PseudoRoots or anything else that might happen. - -A utility called "xauth" will be provided for editing and viewing the -contents of authorization files. Note that the user's authorization file is -not the same as the server's magic cookie file. diff --git a/nx-X11/lib/Xau/k5encode.c b/nx-X11/lib/Xau/k5encode.c deleted file mode 100644 index c71222e1c..000000000 --- a/nx-X11/lib/Xau/k5encode.c +++ /dev/null @@ -1,186 +0,0 @@ -/* $Xorg: k5encode.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1993, 1994, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ - -/* - * functions to encode/decode Kerberos V5 principals - * into something that can be reasonable spewed over - * the wire - * - * Author: Tom Yu <tlyu@MIT.EDU> - * - * Still needs to be fixed up wrt signed/unsigned lengths, but we'll worry - * about that later. - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <krb5/krb5.h> -/* 9/93: krb5.h leaks some symbols */ -#undef BITS32 -#undef xfree - -#include <nx-X11/X.h> -#include <nx-X11/Xos.h> -#include <nx-X11/Xmd.h> -#include <nx-X11/Xfuncs.h> - -/* - * XauKrb5Encode - * - * this function encodes the principal passed to it in a format that can - * easily be dealt with by stuffing it into an X packet. Encoding is as - * follows: - * length count of the realm name - * realm - * component count - * length of component - * actual principal component - * etc.... - * - * Note that this function allocates a hunk of memory, which must be - * freed to avoid nasty memory leak type things. All counts are - * byte-swapped if needed. (except for the total length returned) - * - * nevermind.... stuffing the encoded packet in net byte order just to - * always do the right thing. Don't have to frob with alignment that way. - */ -int -XauKrb5Encode(princ, outbuf) - krb5_principal princ; /* principal to encode */ - krb5_data *outbuf; /* output buffer */ -{ - CARD16 i, numparts, totlen = 0, plen, rlen; - char *cp, *pdata; - - rlen = krb5_princ_realm(princ)->length; - numparts = krb5_princ_size(princ); - totlen = 2 + rlen + 2; /* include room for realm length - and component count */ - for (i = 0; i < numparts; i++) - totlen += krb5_princ_component(princ, i)->length + 2; - /* add 2 bytes each time for length */ - if ((outbuf->data = (char *)malloc(totlen)) == NULL) - return -1; - cp = outbuf->data; - *cp++ = (char)((int)(0xff00 & rlen) >> 8); - *cp++ = (char)(0x00ff & rlen); - memcpy(cp, krb5_princ_realm(princ)->data, rlen); - cp += rlen; - *cp++ = (char)((int)(0xff00 & numparts) >> 8); - *cp++ = (char)(0x00ff & numparts); - for (i = 0; i < numparts; i++) - { - plen = krb5_princ_component(princ, i)->length; - pdata = krb5_princ_component(princ, i)->data; - *cp++ = (char)((int)(0xff00 & plen) >> 8); - *cp++ = (char)(0x00ff & plen); - memcpy(cp, pdata, plen); - cp += plen; - } - outbuf->length = totlen; - return 0; -} - -/* - * XauKrb5Decode - * - * This function essentially reverses what XauKrb5Encode does. - * return value: 0 if okay, -1 if malloc fails, -2 if inbuf format bad - */ -int -XauKrb5Decode(inbuf, princ) - krb5_data inbuf; - krb5_principal *princ; -{ - CARD16 i, numparts, plen, rlen; - CARD8 *cp, *pdata; - - if (inbuf.length < 4) - { - return -2; - } - *princ = (krb5_principal)malloc(sizeof (krb5_principal_data)); - if (*princ == NULL) - return -1; - bzero(*princ, sizeof (krb5_principal_data)); - cp = (CARD8 *)inbuf.data; - rlen = *cp++ << 8; - rlen |= *cp++; - if (inbuf.length < 4 + (int)rlen + 2) - { - krb5_free_principal(*princ); - return -2; - } - krb5_princ_realm(*princ)->data = (char *)malloc(rlen); - if (krb5_princ_realm(*princ)->data == NULL) - { - krb5_free_principal(*princ); - return -1; - } - krb5_princ_realm(*princ)->length = rlen; - memcpy(krb5_princ_realm(*princ)->data, cp, rlen); - cp += rlen; - numparts = *cp++ << 8; - numparts |= *cp++; - krb5_princ_name(*princ) = - (krb5_data *)malloc(numparts * sizeof (krb5_data)); - if (krb5_princ_name(*princ) == NULL) - { - krb5_free_principal(*princ); - return -1; - } - krb5_princ_size(*princ) = 0; - for (i = 0; i < numparts; i++) - { - if (cp + 2 > (CARD8 *)inbuf.data + inbuf.length) - { - krb5_free_principal(*princ); - return -2; - } - plen = *cp++ << 8; - plen |= *cp++; - if (cp + plen > (CARD8 *)inbuf.data + inbuf.length) - { - krb5_free_principal(*princ); - return -2; - } - pdata = (CARD8 *)malloc(plen); - if (pdata == NULL) - { - krb5_free_principal(*princ); - return -1; - } - krb5_princ_component(*princ, i)->data = (char *)pdata; - krb5_princ_component(*princ, i)->length = plen; - memcpy(pdata, cp, plen); - cp += plen; - krb5_princ_size(*princ)++; - } - return 0; -} diff --git a/nx-X11/programs/Imakefile b/nx-X11/programs/Imakefile index 77a84a65f..c618d2de9 100644 --- a/nx-X11/programs/Imakefile +++ b/nx-X11/programs/Imakefile @@ -22,11 +22,7 @@ XSSRCDIR = Xserver #endif -#if defined(NXEmbeddedXServer) SUBDIRS = $(XSSRCDIR) -#else -SUBDIRS = $(XSSRCDIR) nxauth -#endif MakeSubdirs($(SUBDIRS)) DependSubdirs($(SUBDIRS)) diff --git a/nx-X11/programs/Xserver/Imakefile b/nx-X11/programs/Xserver/Imakefile index 50031217e..93a3286b1 100644 --- a/nx-X11/programs/Xserver/Imakefile +++ b/nx-X11/programs/Xserver/Imakefile @@ -163,7 +163,7 @@ INSTPGMFLAGS = $(DBEDIR) $(RECORDDIR) $(SITEEXTDIRS) \ $(RANDRDIR) $(RENDERDIR) $(XPCONFIGDIR) \ $(FIXESDIR) $(DAMAGEDIR) $(CWDIR) $(COMPOSITEDIR) - OS = os/LibraryTargetName(os) $(DEPXAUTHLIB) + OS = os/LibraryTargetName(os) BSDEMUL = $(DEPXBSDLIB) #if DoLoadableServer MFB = mfb/ModuleLibraryTargetName(mfb) @@ -246,7 +246,7 @@ INSTPGMFLAGS = #if !(SystemV4 || defined(SGIArchitecture) || UseRgbTxt) DBMLIBS = DBMLibrary #endif - SYSLIBS = $(ZLIB) MathLibrary Krb5Libraries $(DBMLIBS) $(USB) \ + SYSLIBS = $(ZLIB) MathLibrary $(DBMLIBS) $(USB) \ $(PAMLIBS) $(EXTRASYSLIBS) #if !HasCbrt CBRT = mi/LibraryTargetName(cbrt) diff --git a/nx-X11/programs/Xserver/dix/Imakefile b/nx-X11/programs/Xserver/dix/Imakefile index ed7530caf..fb67cb65b 100644 --- a/nx-X11/programs/Xserver/dix/Imakefile +++ b/nx-X11/programs/Xserver/dix/Imakefile @@ -126,10 +126,6 @@ VENDORRELEASE = XVendorRelease VENDOR_RELEASE = -DVENDOR_RELEASE="$(VENDORRELEASE)" #endif -#if HasKrb5 - K5DEFS = Krb5Defines -#endif - #ifdef DarwinArchitecture #if DarwinQuartzSupport QUARTZ_DEFINES = -DDARWIN_WITH_QUARTZ @@ -146,8 +142,6 @@ LintLibraryTarget(dix,$(SRCS) $(XPSRC)) NormalLintTarget($(SRCS) $(XPSRC)) SpecialCObjectRule(globals,$(ICONFIGFILES),$(SITE_DEFINES)) -SpecialCObjectRule(tables,$(ICONFIGFILES),$(K5DEFS)) -SpecialCObjectRule(dispatch,$(ICONFIGFILES),$(K5DEFS)) SpecialCObjectRule(main,$(ICONFIGFILES),$(VENDOR_DEFINES)) SpecialCObjectRule(pixmap,$(ICONFIGFILES),$(_NOOP_)) SpecialCObjectRule(privates,$(ICONFIGFILES),$(_NOOP_)) diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c index fe4da8a0c..803870369 100644 --- a/nx-X11/programs/Xserver/dix/dispatch.c +++ b/nx-X11/programs/Xserver/dix/dispatch.c @@ -955,10 +955,6 @@ ProcGetAtomName(register ClientPtr client) } } -#ifdef K5AUTH -extern int k5_bad(); -#endif - #ifndef NXAGENT_SERVER int ProcSetSelectionOwner(register ClientPtr client) @@ -3506,12 +3502,6 @@ InitProcVectors(void) ProcVector[i] = SwappedProcVector[i] = ProcBadRequest; ReplySwapVector[i] = ReplyNotSwappd; } -#ifdef K5AUTH - if (!k5_Vector[i]) - { - k5_Vector[i] = k5_bad; - } -#endif } for(i = LASTEvent; i < 128; i++) { diff --git a/nx-X11/programs/Xserver/dix/tables.c b/nx-X11/programs/Xserver/dix/tables.c index eb4f4c8d2..df15de7d1 100644 --- a/nx-X11/programs/Xserver/dix/tables.c +++ b/nx-X11/programs/Xserver/dix/tables.c @@ -63,11 +63,6 @@ SOFTWARE. #include "swaprep.h" #include "swapreq.h" -#ifdef K5AUTH -extern int - k5_stage1(), k5_stage2(), k5_stage3(), k5_bad(); -#endif - int (* InitialVector[3]) ( ClientPtr /* client */ ) = @@ -517,13 +512,3 @@ ReplySwapPtr ReplySwapVector[256] = ReplyNotSwappd, /* NoOperation */ ReplyNotSwappd }; - -#ifdef K5AUTH -int (*k5_Vector[256])() = -{ - k5_bad, - k5_stage1, - k5_bad, - k5_stage3 -}; -#endif diff --git a/nx-X11/programs/Xserver/include/dixstruct.h b/nx-X11/programs/Xserver/include/dixstruct.h index 01a1c86dc..57033a43e 100644 --- a/nx-X11/programs/Xserver/include/dixstruct.h +++ b/nx-X11/programs/Xserver/include/dixstruct.h @@ -219,10 +219,6 @@ extern int (* ProcVector[256]) (ClientPtr /*client*/); extern int (* SwappedProcVector[256]) (ClientPtr /*client*/); -#ifdef K5AUTH -extern int (*k5_Vector[256])(ClientPtr /*client*/); -#endif - extern ReplySwapPtr ReplySwapVector[256]; extern int ProcBadRequest(ClientPtr /*client*/); diff --git a/nx-X11/programs/Xserver/os/Imakefile b/nx-X11/programs/Xserver/os/Imakefile index 5245b7841..00d28deb1 100644 --- a/nx-X11/programs/Xserver/os/Imakefile +++ b/nx-X11/programs/Xserver/os/Imakefile @@ -78,11 +78,6 @@ RPCOBJS = RPCSRCS = #endif -#if HasKrb5 -KRB5OBJS = k5auth.o k5encode.o -KRB5SRCS = k5auth.c k5encode.c -#endif - #if HasBSD44Sockets SOCK_DEFINES = -DBSD44SOCKETS #endif @@ -122,12 +117,12 @@ GETPEER_DEFINES = -DHAS_GETPEEREID BOOTSTRAPCFLAGS = SRCS = WaitFor.c access.c connection.c io.c $(COLOR_SRCS) \ osinit.c utils.c log.c auth.c mitauth.c secauth.c \ - $(XDMAUTHSRCS) $(RPCSRCS) $(KRB5SRCS) xdmcp.c OtherSources \ + $(XDMAUTHSRCS) $(RPCSRCS) xdmcp.c OtherSources \ transport.c $(SNPRINTF_SRCS) $(STRLCAT_SRCS) \ $(MALLOC_SRCS) xprintf.c OBJS = WaitFor.o access.o connection.o io.o $(COLOR_OBJS) \ osinit.o utils.o log.o auth.o mitauth.o secauth.o \ - $(XDMAUTHOBJS) $(RPCOBJS) $(KRB5OBJS) xdmcp.o OtherObjects \ + $(XDMAUTHOBJS) $(RPCOBJS) xdmcp.o OtherObjects \ transport.o $(SNPRINTF_OBJS) $(STRLCAT_OBJS) \ $(MALLOC_OBJS) xprintf.o @@ -146,7 +141,6 @@ BOOTSTRAPCFLAGS = DBM_DEFINES = NdbmDefines ADM_DEFINES = -DADMPATH=\"$(ADMDIR)/X\%smsgs\" XDMCP_DEFINES = ServerXdmcpDefines - KRB5_DEFINES = Krb5Defines XALLOC_DEFINES = XallocDefines ERROR_DEFINES = ServerErrorDefines #if HasPam && HasPamMisc @@ -154,11 +148,11 @@ BOOTSTRAPCFLAGS = #endif DEFINES = -DXSERV_t -DTRANS_SERVER $(CONNECTION_FLAGS) $(MEM_DEFINES) \ $(XDMAUTHDEFS) $(RPCDEFS) $(SIGNAL_DEFINES) $(OS_DEFINES) \ - $(KRB5_DEFINES) $(RGB_DEFINES) $(GETPEER_DEFINES) \ + $(RGB_DEFINES) $(GETPEER_DEFINES) \ $(RANDOM_DEFINES) $(BUGMSG) $(XTRANS_FAILDEFINES) $(NX_DEFINES) INCLUDES = -I. -I../include -I$(XINCLUDESRC) -I$(EXTINCSRC) \ -I$(SERVERSRC)/Xext -I$(SERVERSRC)/render \ - -I$(TOP)/lib/Xau Krb5Includes $(NX_INCLUDES) \ + -I$(TOP)/lib/Xau $(NX_INCLUDES) \ `pkg-config --cflags-only-I pixman-1` DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) $(EXT_DEFINES) \ $(TRANS_INCLUDES) $(CONNECTION_FLAGS) $(GETPEER_DEFINES) \ @@ -204,10 +198,6 @@ oscolor.o: oscolor.c $(ICONFIGFILES) SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES)) #endif -#if HasKrb5 -LinkSourceFile(k5encode.c,$(XAUTHSRC)) -#endif - #if !HasSnprintf LinkSourceFile(snprintf.c,$(LIBSRC)/misc) #endif diff --git a/nx-X11/programs/Xserver/os/access.c b/nx-X11/programs/Xserver/os/access.c index d2bf972fe..7f45e5ec9 100644 --- a/nx-X11/programs/Xserver/os/access.c +++ b/nx-X11/programs/Xserver/os/access.c @@ -1170,10 +1170,6 @@ ResetHosts (char *display) struct nodeent *np; struct dn_naddr dnaddr, *dnaddrp, *dnet_addr(); #endif -#ifdef K5AUTH - krb5_principal princ; - krb5_data kbuf; -#endif int family = 0; void *addr; int len; @@ -1249,13 +1245,6 @@ ResetHosts (char *display) hostname = ohostname + 4; } #endif -#ifdef K5AUTH - else if (!strncmp("krb:", lhostname, 4)) - { - family = FamilyKrb5Principal; - hostname = ohostname + 4; - } -#endif else if (!strncmp("si:", lhostname, 3)) { family = FamilyServerInterpreted; @@ -1298,16 +1287,6 @@ ResetHosts (char *display) } else #endif /* DNETCONN */ -#ifdef K5AUTH - if (family == FamilyKrb5Principal) - { - krb5_parse_name(hostname, &princ); - XauKrb5Encode(princ, &kbuf); - (void) NewHost(FamilyKrb5Principal, kbuf.data, kbuf.length, FALSE); - krb5_free_principal(princ); - } - else -#endif #ifdef SECURE_RPC if ((family == FamilyNetname) || (strchr(hostname, '@'))) { @@ -1553,11 +1532,6 @@ AddHost (ClientPtr client, len = length; LocalHostEnabled = TRUE; break; -#ifdef K5AUTH - case FamilyKrb5Principal: - len = length; - break; -#endif #ifdef SECURE_RPC case FamilyNetname: len = length; @@ -1656,11 +1630,6 @@ RemoveHost ( len = length; LocalHostEnabled = FALSE; break; -#ifdef K5AUTH - case FamilyKrb5Principal: - len = length; - break; -#endif #ifdef SECURE_RPC case FamilyNetname: len = length; diff --git a/nx-X11/programs/Xserver/os/auth.c b/nx-X11/programs/Xserver/os/auth.c index c14c1e874..587e0d5ec 100644 --- a/nx-X11/programs/Xserver/os/auth.c +++ b/nx-X11/programs/Xserver/os/auth.c @@ -54,9 +54,6 @@ from The Open Group. #include <dix-config.h> #endif -#ifdef K5AUTH -# include <krb5/krb5.h> -#endif # include <nx-X11/X.h> # include <nx-X11/Xauth.h> # include "misc.h" @@ -112,15 +109,6 @@ static struct protocol protocols[] = { #endif }, #endif -#ifdef K5AUTH -{ (unsigned short) 14, "MIT-KERBEROS-5", - K5Add, K5Check, K5Reset, - K5ToID, K5FromID, K5Remove, -#ifdef XCSECURITY - NULL -#endif -}, -#endif #ifdef XCSECURITY { (unsigned short) XSecurityAuthorizationNameLen, XSecurityAuthorizationName, diff --git a/nx-X11/programs/Xserver/os/k5auth.c b/nx-X11/programs/Xserver/os/k5auth.c deleted file mode 100644 index f2ed5369d..000000000 --- a/nx-X11/programs/Xserver/os/k5auth.c +++ /dev/null @@ -1,801 +0,0 @@ -/* $Xorg: k5auth.c,v 1.4 2001/02/09 02:05:23 xorgcvs Exp $ */ -/* - -Copyright 1993, 1994, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ -/* $XFree86: xc/programs/Xserver/os/k5auth.c,v 3.4 2001/01/17 22:37:10 dawes Exp $ */ - -/* - * Kerberos V5 authentication scheme - * Author: Tom Yu <tlyu@MIT.EDU> - * - * Mostly snarfed wholesale from the user_user demo in the - * krb5 distribution. (At least the checking part) - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#include <sys/types.h> -#include <sys/socket.h> -#ifdef TCPCONN -#include <netinet/in.h> -#endif -#ifdef DNETCONN -#include <netdnet/dn.h> -#endif -#include <arpa/inet.h> -#include <krb5/krb5.h> -/* 9/93: krb5.h leaks some symbols */ -#undef BITS32 -#undef xfree -#include <krb5/los-proto.h> -#include <nx-X11/X.h> -#include "os.h" -#include "osdep.h" -#include <nx-X11/Xproto.h> -#include <nx-X11/Xfuncs.h> -#include "dixstruct.h" -#include <com_err.h> -#include "Xauth.h" - -extern int (*k5_Vector[256])(); -extern int SendConnSetup(); -extern char *display; /* need this to generate rcache name */ - -static XID krb5_id = ~0L; -static krb5_principal srvname = NULL; /* service name */ -static char *ccname = NULL; -static char *ktname = NULL; /* key table name */ -static char kerror[256]; - -/* - * tgt_keyproc: - * - * extract session key from a credentials struct - */ -krb5_error_code tgt_keyproc(keyprocarg, principal, vno, key) - krb5_void * keyprocarg; - krb5_principal principal; - krb5_kvno vno; - krb5_keyblock **key; -{ - krb5_creds *creds = (krb5_creds *)keyprocarg; - - return krb5_copy_keyblock(&creds->keyblock, key); -} - -/* - * k5_cmpenc: - * - * compare "encoded" principals - */ -Bool k5_cmpenc(pname, plen, buf) - unsigned char *pname; - short plen; - krb5_data *buf; -{ - return (plen == buf->length && - memcmp(pname, buf->data, plen) == 0); -} - -/* - * K5Check: - * - * This is stage 0 of the krb5 authentication protocol. It - * goes through the current credentials cache and extracts the - * primary principal and tgt to send to the client, or as - * appropriate, extracts from a keytab. - * - * The packet sent to the client has the following format: - * - * CARD8 reqType = 2 - * CARD8 data = 0 - * CARD16 length = total length of packet (in 32 bit units) - * CARD16 plen = length of encoded principal following - * STRING8 princ = encoded principal - * STRING8 ticket = server tgt - * - * For client-server authentication, the packet is as follows: - * - * CARD8 reqType = 3 - * CARD8 data = 0 - * CARD16 length = total length - * STRING8 princ = encoded principal of server - */ -XID K5Check(data_length, data, client, reason) - unsigned short data_length; - char *data; - ClientPtr client; - char **reason; -{ - krb5_error_code retval; - CARD16 tlen; - krb5_principal sprinc, cprinc; - krb5_ccache cc; - krb5_creds *creds; - char *outbuf, *cp; - krb5_data princ; - register char n; - xReq prefix; - - if (krb5_id == ~0L) - return ~0L; - if (!ccname && !srvname) - return ~0L; - if (ccname) - { - if ((creds = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL) - return ~0L; - if (retval = krb5_cc_resolve(ccname, &cc)) - return ~0L; - bzero((char*)creds, sizeof (krb5_creds)); - if (retval = krb5_cc_get_principal(cc, &cprinc)) - { - krb5_free_creds(creds); - krb5_cc_close(cc); - return ~0L; - } - creds->client = cprinc; - if (retval = - krb5_build_principal_ext(&sprinc, - krb5_princ_realm(creds->client)->length, - krb5_princ_realm(creds->client)->data, - 6, "krbtgt", - krb5_princ_realm(creds->client)->length, - krb5_princ_realm(creds->client)->data, - 0)) - { - krb5_free_creds(creds); - krb5_cc_close(cc); - return ~0L; - } - creds->server = sprinc; - retval = krb5_get_credentials(KRB5_GC_CACHED, cc, creds); - krb5_cc_close(cc); - if (retval) - { - krb5_free_creds(creds); - return ~0L; - } - if (retval = XauKrb5Encode(cprinc, &princ)) - { - krb5_free_creds(creds); - return ~0L; - } - tlen = sz_xReq + 2 + princ.length + creds->ticket.length; - prefix.reqType = 2; /* opcode = authenticate user-to-user */ - } - else if (srvname) - { - if (retval = XauKrb5Encode(srvname, &princ)) - { - return ~0L; - } - tlen = sz_xReq + princ.length; - prefix.reqType = 3; /* opcode = authenticate client-server */ - } - prefix.data = 0; /* stage = 0 */ - prefix.length = (tlen + 3) >> 2; /* round up to nearest multiple - of 4 bytes */ - if (client->swapped) - { - swaps(&prefix.length, n); - } - if ((cp = outbuf = (char *)malloc(tlen)) == NULL) - { - if (ccname) - { - krb5_free_creds(creds); - } - free(princ.data); - return ~0L; - } - memcpy(cp, &prefix, sz_xReq); - cp += sz_xReq; - if (ccname) - { - memcpy(cp, &princ.length, 2); - if (client->swapped) - { - swaps((CARD16 *)cp, n); - } - cp += 2; - } - memcpy(cp, princ.data, princ.length); - cp += princ.length; - free(princ.data); /* we don't need that anymore */ - if (ccname) - memcpy(cp, creds->ticket.data, creds->ticket.length); - WriteToClient(client, tlen, outbuf); - free(outbuf); - client->requestVector = k5_Vector; /* hack in our dispatch vector */ - client->clientState = ClientStateAuthenticating; - if (ccname) - { - ((OsCommPtr)client->osPrivate)->authstate.srvcreds = (void *)creds; /* save tgt creds */ - ((OsCommPtr)client->osPrivate)->authstate.ktname = NULL; - ((OsCommPtr)client->osPrivate)->authstate.srvname = NULL; - } - if (srvname) - { - ((OsCommPtr)client->osPrivate)->authstate.srvcreds = NULL; - ((OsCommPtr)client->osPrivate)->authstate.ktname = (void *)ktname; - ((OsCommPtr)client->osPrivate)->authstate.srvname = (void *)srvname; - } - ((OsCommPtr)client->osPrivate)->authstate.stageno = 1; /* next stage is 1 */ - return krb5_id; -} - -/* - * k5_stage1: - * - * This gets called out of the dispatcher after K5Check frobs with the - * client->requestVector. It accepts the ap_req from the client and verifies - * it. In addition, if the client has set AP_OPTS_MUTUAL_REQUIRED, it then - * sends an ap_rep to the client to achieve mutual authentication. - * - * client stage1 packet format is as follows: - * - * CARD8 reqType = 1 - * CARD8 data = ignored - * CARD16 length = total length - * STRING8 data = the actual ap_req - * - * stage2 packet sent back to client for mutual authentication: - * - * CARD8 reqType = 2 - * CARD8 data = 2 - * CARD16 length = total length - * STRING8 data = the ap_rep - */ -int k5_stage1(client) - register ClientPtr client; -{ - long addrlen; - krb5_error_code retval, retval2; - register char n; - struct sockaddr cli_net_addr; - xReq prefix; - krb5_principal cprinc; - krb5_data buf; - krb5_creds *creds = (krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds; - krb5_keyblock *skey; - krb5_address cli_addr, **localaddrs = NULL; - krb5_tkt_authent *authdat; - krb5_ap_rep_enc_part rep; - krb5_int32 ctime, cusec; - krb5_rcache rcache = NULL; - char *cachename = NULL, *rc_type = NULL, *rc_base = "rcX", *kt = NULL; - REQUEST(xReq); - - if (((OsCommPtr)client->osPrivate)->authstate.stageno != 1) - { - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "expected Krb5 stage1 packet")); - } - addrlen = sizeof (cli_net_addr); - if (getpeername(((OsCommPtr)client->osPrivate)->fd, - &cli_net_addr, &addrlen) == -1) - { - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "Krb5 stage1: getpeername failed")); - } - if (cli_net_addr.sa_family == AF_UNSPEC -#if defined(UNIXCONN) || defined(LOCALCONN) || defined(OS2PIPECONN) - || cli_net_addr.sa_family == AF_UNIX -#endif - ) /* assume local host */ - { - krb5_os_localaddr(&localaddrs); - if (!localaddrs || !localaddrs[0]) - { - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "Krb5 failed to get localaddrs")); - } - cli_addr.addrtype = localaddrs[0]->addrtype; - cli_addr.length = localaddrs[0]->length; - cli_addr.contents = localaddrs[0]->contents; - } - else - { - cli_addr.addrtype = cli_net_addr.sa_family; /* the values - are compatible */ - switch (cli_net_addr.sa_family) - { -#ifdef TCPCONN - case AF_INET: - cli_addr.length = sizeof (struct in_addr); - cli_addr.contents = - (krb5_octet *)&((struct sockaddr_in *)&cli_net_addr)->sin_addr; - break; -#endif -#ifdef DNETCONN - case AF_DECnet: - cli_addr.length = sizeof (struct dn_naddr); - cli_addr.contents = - (krb5_octet *)&((struct sockaddr_dn *)&cli_net_addr)->sdn_add; - break; -#endif - default: - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - sprintf(kerror, "Krb5 stage1: unknown address family %d from getpeername", - cli_net_addr.sa_family); - return(SendConnSetup(client, kerror)); - } - } - if ((rcache = (krb5_rcache)malloc(sizeof(*rcache))) == NULL) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "malloc bombed for krb5_rcache")); - } - if ((rc_type = krb5_rc_default_type()) == NULL) - rc_type = "dfl"; - if (retval = krb5_rc_resolve_type(&rcache, rc_type)) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - free(rcache); - strcpy(kerror, "krb5_rc_resolve_type failed: "); - strncat(kerror, error_message(retval), 231); - return(SendConnSetup(client, kerror)); - } - if ((cachename = (char *)malloc(strlen(rc_base) + strlen(display) + 1)) - == NULL) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - free(rcache); - return(SendConnSetup(client, "Krb5: malloc bombed for cachename")); - } - strcpy(cachename, rc_base); - strcat(cachename, display); - if (retval = krb5_rc_resolve(rcache, cachename)) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - free(rcache); - free(cachename); - strcpy(kerror, "krb5_rc_resolve failed: "); - strncat(kerror, error_message(retval), 236); - return(SendConnSetup(client, kerror)); - } - free(cachename); - if (krb5_rc_recover(rcache)) - { - extern krb5_deltat krb5_clockskew; - if (retval = krb5_rc_initialize(rcache, krb5_clockskew)) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - if (retval2 = krb5_rc_close(rcache)) - { - strcpy(kerror, "krb5_rc_close failed: "); - strncat(kerror, error_message(retval2), 238); - return(SendConnSetup(client, kerror)); - } - free(rcache); - strcpy(kerror, "krb5_rc_initialize failed: "); - strncat(kerror, error_message(retval), 233); - return(SendConnSetup(client, kerror)); - } - } - buf.length = (stuff->length << 2) - sz_xReq; - buf.data = (char *)stuff + sz_xReq; - if (creds) - { - retval = krb5_rd_req(&buf, - NULL, /* don't bother with server name */ - &cli_addr, - NULL, /* no fetchfrom */ - tgt_keyproc, - creds, /* credentials as arg to - keyproc */ - rcache, - &authdat); - krb5_free_creds(creds); - } - else if (kt = (char *)((OsCommPtr)client->osPrivate)->authstate.ktname) - { - retval = krb5_rd_req(&buf, srvname, &cli_addr, kt, NULL, NULL, - rcache, &authdat); - ((OsCommPtr)client->osPrivate)->authstate.ktname = NULL; - } - else - { - if (localaddrs) - krb5_free_addresses(localaddrs); - return(SendConnSetup(client, "Krb5: neither srvcreds nor ktname set")); - } - if (localaddrs) - krb5_free_addresses(localaddrs); - if (rcache) - { - if (retval2 = krb5_rc_close(rcache)) - { - strcpy(kerror, "krb5_rc_close failed (2): "); - strncat(kerror, error_message(retval2), 230); - return(SendConnSetup(client, kerror)); - } - free(rcache); - } - if (retval) - { - strcpy(kerror, "Krb5: Bad application request: "); - strncat(kerror, error_message(retval), 224); - return(SendConnSetup(client, kerror)); - } - cprinc = authdat->ticket->enc_part2->client; - skey = authdat->ticket->enc_part2->session; - if (XauKrb5Encode(cprinc, &buf)) - { - krb5_free_tkt_authent(authdat); - return(SendConnSetup(client, "XauKrb5Encode bombed")); - } - /* - * Now check to see if the principal we got is one that we want to let in - */ - if (ForEachHostInFamily(FamilyKrb5Principal, k5_cmpenc, (void *)&buf)) - { - free(buf.data); - /* - * The following deals with sending an ap_rep to the client to - * achieve mutual authentication. The client sends back a stage 3 - * packet if all is ok. - */ - if (authdat->ap_options | AP_OPTS_MUTUAL_REQUIRED) - { - /* - * stage 2: send ap_rep to client - */ - if (retval = krb5_us_timeofday(&ctime, &cusec)) - { - krb5_free_tkt_authent(authdat); - strcpy(kerror, "error in krb5_us_timeofday: "); - strncat(kerror, error_message(retval), 234); - return(SendConnSetup(client, kerror)); - } - rep.ctime = ctime; - rep.cusec = cusec; - rep.subkey = NULL; - rep.seq_number = 0; - if (retval = krb5_mk_rep(&rep, skey, &buf)) - { - krb5_free_tkt_authent(authdat); - strcpy(kerror, "error in krb5_mk_rep: "); - strncat(kerror, error_message(retval), 238); - return(SendConnSetup(client, kerror)); - } - prefix.reqType = 2; /* opcode = authenticate */ - prefix.data = 2; /* stage = 2 */ - prefix.length = (buf.length + sz_xReq + 3) >> 2; - if (client->swapped) - { - swaps(&prefix.length, n); - } - WriteToClient(client, sz_xReq, (char *)&prefix); - WriteToClient(client, buf.length, buf.data); - free(buf.data); - krb5_free_tkt_authent(authdat); - ((OsCommPtr)client->osPrivate)->authstate.stageno = 3; /* expect stage3 packet */ - return(Success); - } - else - { - free(buf.data); - krb5_free_tkt_authent(authdat); - return(SendConnSetup(client, NULL)); /* success! */ - } - } - else - { - char *kname; - - krb5_free_tkt_authent(authdat); - free(buf.data); - retval = krb5_unparse_name(cprinc, &kname); - if (retval == 0) - { - sprintf(kerror, "Principal \"%s\" is not authorized to connect", - kname); - if (kname) - free(kname); - return(SendConnSetup(client, kerror)); - } - else - return(SendConnSetup(client,"Principal is not authorized to connect to Server")); - } -} - -/* - * k5_stage3: - * - * Get the short ack packet from the client. This packet can conceivably - * be expanded to allow for switching on end-to-end encryption. - * - * stage3 packet format: - * - * CARD8 reqType = 3 - * CARD8 data = ignored (for now) - * CARD16 length = should be zero - */ -int k5_stage3(client) - register ClientPtr client; -{ - REQUEST(xReq); - - if (((OsCommPtr)client->osPrivate)->authstate.stageno != 3) - { - return(SendConnSetup(client, "expected Krb5 stage3 packet")); - } - else - return(SendConnSetup(client, NULL)); /* success! */ -} - -k5_bad(client) - register ClientPtr client; -{ - if (((OsCommPtr)client->osPrivate)->authstate.srvcreds) - krb5_free_creds((krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds); - sprintf(kerror, "unrecognized Krb5 auth packet %d, expecting %d", - ((xReq *)client->requestBuffer)->reqType, - ((OsCommPtr)client->osPrivate)->authstate.stageno); - return(SendConnSetup(client, kerror)); -} - -/* - * K5Add: - * - * Takes the name of a credentials cache and resolves it. Also adds the - * primary principal of the ccache to the acl. - * - * Now will also take a service name. - */ -int K5Add(data_length, data, id) - unsigned short data_length; - char *data; - XID id; -{ - krb5_principal princ; - krb5_error_code retval; - krb5_keytab_entry tmp_entry; - krb5_keytab keytab; - krb5_kvno kvno = 0; - krb5_ccache cc; - char *nbuf, *cp; - krb5_data kbuf; - int i, ktlen; - - krb5_init_ets(); /* can't think of a better place to put it */ - krb5_id = ~0L; - if (data_length < 3) - return 0; - if ((nbuf = (char *)malloc(data_length - 2)) == NULL) - return 0; - memcpy(nbuf, data + 3, data_length - 3); - nbuf[data_length - 3] = '\0'; - if (ccname) - { - free(ccname); - ccname = NULL; - } - if (srvname) - { - krb5_free_principal(srvname); - srvname = NULL; - } - if (ktname) - { - free(ktname); - ktname = NULL; - } - if (!strncmp(data, "UU:", 3)) - { - if (retval = krb5_cc_resolve(nbuf, &cc)) - { - ErrorF("K5Add: krb5_cc_resolve of \"%s\" failed: %s\n", - nbuf, error_message(retval)); - free(nbuf); - return 0; - } - if (cc && !(retval = krb5_cc_get_principal(cc, &princ))) - { - if (XauKrb5Encode(princ, &kbuf)) - { - free(nbuf); - krb5_free_principal(princ); - krb5_cc_close(cc); - return 0; - } - if (krb5_cc_close(cc)) - return 0; - AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_free_principal(princ); - free(kbuf.data); - ccname = nbuf; - krb5_id = id; - return 1; - } - else - { - ErrorF("K5Add: getting principal from cache \"%s\" failed: %s\n", - nbuf, error_message(retval)); - } - } - else if (!strncmp(data, "CS:", 3)) - { - if ((cp = strchr(nbuf, ',')) == NULL) - { - free(nbuf); - return 0; - } - *cp = '\0'; /* gross but it works :-) */ - ktlen = strlen(cp + 1); - if ((ktname = (char *)malloc(ktlen + 1)) == NULL) - { - free(nbuf); - return 0; - } - strcpy(ktname, cp + 1); - retval = krb5_sname_to_principal(NULL, /* NULL for hostname uses - local host name*/ - nbuf, KRB5_NT_SRV_HST, - &srvname); - free(nbuf); - if (retval) - { - free(ktname); - ktname = NULL; - return 0; - } - if (retval = krb5_kt_resolve(ktname, &keytab)) - { - free(ktname); - ktname = NULL; - krb5_free_principal(srvname); - srvname = NULL; - return 0; - } - retval = krb5_kt_get_entry(keytab, srvname, kvno, &tmp_entry); - krb5_kt_free_entry(&tmp_entry); - if (retval) - { - free(ktname); - ktname = NULL; - krb5_free_principal(srvname); - srvname = NULL; - return 0; - } - if (XauKrb5Encode(srvname, &kbuf)) - { - free(ktname); - ktname = NULL; - krb5_free_principal(srvname); - srvname = NULL; - return 0; - } - AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_id = id; - return 1; - } - else - { - ErrorF("K5Add: credentials cache name \"%.*s\" in auth file: unknown type\n", - data_length, data); - } - return 0; -} - -/* - * K5Reset: - * - * Reset krb5_id, also nuke the current principal from the acl. - */ -int K5Reset() -{ - krb5_principal princ; - krb5_error_code retval; - krb5_ccache cc; - krb5_data kbuf; - int i; - - if (ccname) - { - if (retval = krb5_cc_resolve(ccname, &cc)) - { - free(ccname); - ccname = NULL; - } - if (cc && !(retval = krb5_cc_get_principal(cc, &princ))) - { - if (XauKrb5Encode(princ, &kbuf)) - return 1; - RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_free_principal(princ); - free(kbuf.data); - if (krb5_cc_close(cc)) - return 1; - free(ccname); - ccname = NULL; - } - } - if (srvname) - { - if (XauKrb5Encode(srvname, &kbuf)) - return 1; - RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_free_principal(srvname); - free(kbuf.data); - srvname = NULL; - } - if (ktname) - { - free(ktname); - ktname = NULL; - } - krb5_id = ~0L; - return 0; -} - -XID K5ToID(data_length, data) - unsigned short data_length; - char *data; -{ - return krb5_id; -} - -int K5FromID(id, data_lenp, datap) - XID id; - unsigned short *data_lenp; - char **datap; -{ - return 0; -} - -int K5Remove(data_length, data) - unsigned short data_length; - char *data; -{ - return 0; -} diff --git a/nx-X11/programs/Xserver/os/osdep.h b/nx-X11/programs/Xserver/os/osdep.h index acf832e1c..633039f4a 100644 --- a/nx-X11/programs/Xserver/os/osdep.h +++ b/nx-X11/programs/Xserver/os/osdep.h @@ -145,16 +145,6 @@ typedef struct _connectionOutput { int count; } ConnectionOutput, *ConnectionOutputPtr; -#ifdef K5AUTH -typedef struct _k5_state { - int stageno; /* current stage of auth protocol */ - void *srvcreds; /* server credentials */ - void *srvname; /* server principal name */ - void *ktname; /* key table: principal-key pairs */ - void *skey; /* session key */ -} k5_state; -#endif - struct _osComm; #define AuthInitArgs void @@ -190,9 +180,6 @@ typedef struct _osComm { ConnectionInputPtr input; ConnectionOutputPtr output; XID auth_id; /* authorization id */ -#ifdef K5AUTH - k5_state authstate; /* state of setup auth conversation */ -#endif CARD32 conn_time; /* timestamp if not established, else 0 */ struct _XtransConnInfo *trans_conn; /* transport connection object */ } OsCommRec, *OsCommPtr; @@ -283,16 +270,6 @@ extern int SecureRPCRemove (AuthRemCArgs); extern int SecureRPCReset (AuthRstCArgs); #endif -/* in k5auth.c */ -#ifdef K5AUTH -extern XID K5Check (AuthCheckArgs); -extern XID K5ToID (AuthToIDArgs); -extern int K5Add (AuthAddCArgs); -extern int K5FromID (AuthFromIDArgs); -extern int K5Remove (AuthRemCArgs); -extern int K5Reset (AuthRstCArgs); -#endif - /* in secauth.c */ extern XID AuthSecurityCheck (AuthCheckArgs); diff --git a/nx-X11/programs/Xserver/os/rpcauth.c b/nx-X11/programs/Xserver/os/rpcauth.c index 94c26651b..91823553c 100644 --- a/nx-X11/programs/Xserver/os/rpcauth.c +++ b/nx-X11/programs/Xserver/os/rpcauth.c @@ -41,7 +41,7 @@ from The Open Group. #ifdef SECURE_RPC #include <nx-X11/X.h> -#include "Xauth.h" +#include <nx-X11/Xauth.h> #include "misc.h" #include "os.h" #include "dixstruct.h" diff --git a/nx-X11/programs/nxauth/CHANGELOG b/nx-X11/programs/nxauth/CHANGELOG deleted file mode 100644 index 9faf9eba2..000000000 --- a/nx-X11/programs/nxauth/CHANGELOG +++ /dev/null @@ -1,108 +0,0 @@ -ChangeLog: - -nxauth-3.5.0-1 - -- Opened the 3.5.0 branch based on nxauth-3.4.0-3. - -- Updated copyright to year 2011. - -nxauth-3.4.0-3 - -- Updated the launchd socket detection to support OSX versions relea- - sed so far. - -nxauth-3.4.0-2 - -- Updated copyright to year 2010. - -nxauth-3.4.0-1 - -- Opened the 3.4.0 branch based on nxauth-3.3.0-1. - -- Updated copyright to year 2009. - -nxauth-3.3.0-1 - -- Opened the 3.3.0 branch based on nxauth-3.2.0-1. - -nxauth-3.2.0-1 - -- Opened the 3.2.0 branch based on nxauth-3.1.0-2. - -nxauth-3.1.0-2 - -- Added support for launchd socket. - -nxauth-3.1.0-1 - -- Opened the 3.1.0 branch based on nxauth-3.0.0-6. - -nxauth-3.0.0-6 - -- Updated the NoMachine copyright notice. - -nxauth-3.0.0-5 - -- Changed the copyright attribution from Medialogic to NoMachine. - -nxauth-3.0.0-4 - -- Changed the LICENSE file to state that the software is only made - available under the version 2 of the GPL. - -- Added file COPYING. - -nxauth-3.0.0-3 - -- Updated copyright notices to year 2007. - -nxauth-3.0.0-2 - -- Imported changes up to nxauth-2.1.0-1. - -- Ignoring lock on '.Xauthority' file. - -- Using '__CYGWIN__' definition in process.c. 'WIN32' is not defined - during compilation under nx-X11 and wrong code block is used to - rename xauth temporary file. - -nxauth-3.0.0-1 - -- Opened the 3.0.0 branch based on nxauth-2.0.0-2. - -nxauth-2.0.0-2 - -- Updated the NoMachine copyright notices. - -nxauth-2.0.0-1 - -- Opened the 2.0.0 branch based on the 1.6.0-1. - -nxauth-1.6.0-1 - -- Opened the 1.6.0 branch based on nxauth-1.5.0-1. - -nxauth-1.5.0-1 - -- Opened the 1.5.0 branch. - -nxauth-1.4.1-1 - -- Opened the 1.4.1 branch. - -nxauth-1.4.0-2 - -- Removed debug message 'host name is'. - -nxauth-1.4.0-1 - -- Opened the 1.4.0 branch based on nxauth-1.3.2-1. - -nxauth-1.3.2-1 - -- Opened the 1.3.2 branch. - -nxauth-1.3.1-2 - -- Fixed problem with compilation on systems without - X11 includes instaled. diff --git a/nx-X11/programs/nxauth/COPYING b/nx-X11/programs/nxauth/COPYING deleted file mode 100644 index d511905c1..000000000 --- a/nx-X11/programs/nxauth/COPYING +++ /dev/null @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - <one line to give the program's name and a brief idea of what it does.> - Copyright (C) <year> <name of author> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - <signature of Ty Coon>, 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/nx-X11/programs/nxauth/Imakefile b/nx-X11/programs/nxauth/Imakefile deleted file mode 100644 index 278904f05..000000000 --- a/nx-X11/programs/nxauth/Imakefile +++ /dev/null @@ -1,38 +0,0 @@ -XCOMM $Xorg: Imakefile,v 1.3 2000/08/17 19:54:11 cpqbld Exp $ - - - - -XCOMM $XFree86: xc/programs/xauth/Imakefile,v 3.5 2001/03/30 02:15:23 keithp Exp $ - -/**************************************************************************/ -/* */ -/* Copyright (c) 2001, 2010 NoMachine, http://www.nomachine.com/. */ -/* */ -/* NXAUTH, NX protocol compression and NX extensions to this software */ -/* are copyright of NoMachine. Redistribution and use of the present */ -/* software is allowed according to terms specified in the file LICENSE */ -/* which comes in the source distribution. */ -/* */ -/* Check http://www.nomachine.com/licensing.html for applicability. */ -/* */ -/* NX and NoMachine are trademarks of Medialogic S.p.A. */ -/* */ -/* All rights reserved. */ -/* */ -/**************************************************************************/ -/* LOCAL_LIBRARIES = $(DESTDIR)$(SHLIBDIR)/libXau.a */ - - - INCLUDES=-I../../lib - DEPLIBS = $(DEPXAUTHLIB) - LOCAL_LIBRARIES = $(XAUTHLIB) - SRCS = xauth.c gethost.c process.c parsedpy.c - OBJS = xauth.o gethost.o process.o parsedpy.o - CONN_DEFINES = $(CONNECTION_FLAGS) - -ComplexProgramTarget(nxauth) - -SpecialCObjectRule(gethost,$(ICONFIGFILES),$(CONN_DEFINES) $(SIGNAL_DEFINES)) -SpecialCObjectRule(process,$(ICONFIGFILES),$(SIGNAL_DEFINES)) -SpecialCObjectRule(parsedpy,$(ICONFIGFILES),$(CONN_DEFINES)) diff --git a/nx-X11/programs/nxauth/LICENSE b/nx-X11/programs/nxauth/LICENSE deleted file mode 100644 index 626b9c54f..000000000 --- a/nx-X11/programs/nxauth/LICENSE +++ /dev/null @@ -1,26 +0,0 @@ -Copyright (c) 2001, 2010 NoMachine - http://www.nomachine.com/. - -NXAUTH and NX extensions to X are copyright of NoMachine. - -Redistribution and use of this software is allowed according to the -following terms: - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License Version 2, and -not any other version, as published by the Free Software Foundation. - -This program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTA- -BILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, you can request a copy to NoMachine -or write to the Free Software Foundation, Inc., 59 Temple Place, -Suite 330, Boston, MA 02111-1307 USA - -Parts of this software are derived from XFree86 project. Other copy- -rights and the MIT/X11 license applies to different sources. Please -check the applicable copyrights in each file or subdirectory. - -All rights reserved. diff --git a/nx-X11/programs/nxauth/gethost.c b/nx-X11/programs/nxauth/gethost.c deleted file mode 100644 index fa889f29b..000000000 --- a/nx-X11/programs/nxauth/gethost.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * $Xorg: gethost.c,v 1.5 2001/02/09 02:05:38 xorgcvs Exp $ - * - * -Copyright 1989, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - * * - * Author: Jim Fulton, MIT X Consortium - */ - -/* $XFree86: xc/programs/xauth/gethost.c,v 3.16 2001/12/14 20:01:14 dawes Exp $ */ - -/* sorry, streams support does not really work yet */ -#if defined(STREAMSCONN) && defined(SVR4) -#undef STREAMSCONN -#define TCPCONN -#endif - -#ifdef WIN32 -#include <nx-X11/Xwinsock.h> -#define EPROTOTYPE WSAEPROTOTYPE -#endif -#include <nx-X11/X.h> -#include <signal.h> -#include <setjmp.h> -#include <ctype.h> -#ifndef __TYPES__ -#include <sys/types.h> -#define __TYPES__ -#endif -#ifndef WIN32 -#ifndef STREAMSCONN -#ifndef Lynx -#include <sys/socket.h> -#else -#include <socket.h> -#endif -#include <netdb.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#ifdef SYSV -#ifdef i386 -#ifndef sco -#include <net/errno.h> -#endif /* !sco */ -#endif /* i386 */ -#endif /* SYSV */ -#endif /* !STREAMSCONN */ -#endif /* !WIN32 */ -#include <errno.h> -#include "xauth.h" - -#ifdef DNETCONN -#include <netdnet/dn.h> -#include <netdnet/dnetdb.h> -#endif - -#ifdef SIGALRM -Bool nameserver_timedout = False; - - -/* - * get_hostname - Given an internet address, return a name (CHARON.MIT.EDU) - * or a string representing the address (18.58.0.13) if the name cannot - * be found. Stolen from xhost. - */ - -static jmp_buf env; -static -#ifdef SIGNALRETURNSINT -int -#else -void -#endif -nameserver_lost(int sig) -{ - nameserver_timedout = True; - longjmp (env, -1); - /* NOTREACHED */ -#ifdef SIGNALRETURNSINT - return -1; /* for picky compilers */ -#endif -} -#endif - -char * -get_hostname (auth) - Xauth *auth; -{ - static struct hostent *hp = NULL; -#ifdef DNETCONN - struct nodeent *np; - static char nodeaddr[4 + 2 * DN_MAXADDL]; -#endif /* DNETCONN */ - - if (auth->address_length == 0) - return "Illegal Address"; -#ifdef TCPCONN - if (auth->family == FamilyInternet) { -#ifdef SIGALRM - /* gethostbyaddr can take a LONG time if the host does not exist. - Assume that if it does not respond in NAMESERVER_TIMEOUT seconds - that something is wrong and do not make the user wait. - gethostbyaddr will continue after a signal, so we have to - jump out of it. - */ - nameserver_timedout = False; - signal (SIGALRM, nameserver_lost); - alarm (4); - if (setjmp(env) == 0) { -#endif - hp = gethostbyaddr (auth->address, auth->address_length, AF_INET); -#ifdef SIGALRM - } - alarm (0); -#endif - if (hp) - return (hp->h_name); - else - return (inet_ntoa(*((struct in_addr *)(auth->address)))); - } -#endif -#ifdef DNETCONN - if (auth->family == FamilyDECnet) { - struct dn_naddr *addr_ptr = (struct dn_naddr *) auth->address; - - if (np = getnodebyaddr(addr_ptr->a_addr, addr_ptr->a_len, AF_DECnet)) { - sprintf(nodeaddr, "%s:", np->n_name); - } else { - sprintf(nodeaddr, "%s:", dnet_htoa(auth->address)); - } - return(nodeaddr); - } -#endif - - return (NULL); -} - -#ifdef TCPCONN -/* - * cribbed from lib/X/XConnDis.c - */ -static Bool -get_inet_address(char *name, unsigned int *resultp) -{ - unsigned int hostinetaddr = inet_addr (name); - struct hostent *host_ptr; - struct sockaddr_in inaddr; /* dummy variable for size calcs */ - -#ifndef INADDR_NONE -#define INADDR_NONE -1 -#endif - - if (hostinetaddr == INADDR_NONE) { - if ((host_ptr = gethostbyname (name)) == NULL) { - /* No such host! */ - errno = EINVAL; - return False; - } - /* Check the address type for an internet host. */ - if (host_ptr->h_addrtype != AF_INET) { - /* Not an Internet host! */ - errno = EPROTOTYPE; - return False; - } - - memmove( (char *)&hostinetaddr, (char *)host_ptr->h_addr, - sizeof(inaddr.sin_addr)); - } - *resultp = hostinetaddr; - return True; -} -#endif - -#ifdef DNETCONN -static Bool get_dnet_address (name, resultp) - char *name; - struct dn_naddr *resultp; -{ - struct dn_naddr *dnaddrp, dnaddr; - struct nodeent *np; - - if (dnaddrp = dnet_addr (name)) { /* stolen from xhost */ - dnaddr = *dnaddrp; - } else { - if ((np = getnodebyname (name)) == NULL) return False; - dnaddr.a_len = np->n_length; - memmove( dnaddr.a_addr, np->n_addr, np->n_length); - } - *resultp = dnaddr; - return True; -} -#endif - -char *get_address_info (family, fulldpyname, prefix, host, lenp) - int family; - char *fulldpyname; - int prefix; - char *host; - int *lenp; -{ - char *retval = NULL; - int len = 0; - char *src = NULL; -#ifdef TCPCONN - unsigned int hostinetaddr; -#endif -#ifdef DNETCONN - struct dn_naddr dnaddr; -#endif - char buf[255]; - - /* - * based on the family, set the pointer src to the start of the address - * information to be copied and set len to the number of bytes. - */ - switch (family) { - case FamilyLocal: /* hostname/unix:0 */ - /* handle unix:0 and :0 specially */ - if (prefix == 0 && (strncmp (fulldpyname, "unix:", 5) == 0 || - fulldpyname[0] == ':')) { - - if (!get_local_hostname (buf, sizeof buf)) { - len = 0; - } else { - src = buf; - len = strlen (buf); - } - } else { - src = fulldpyname; - len = prefix; - } - break; - case FamilyInternet: /* host:0 */ -#ifdef TCPCONN - if (!get_inet_address (host, &hostinetaddr)) return NULL; - src = (char *) &hostinetaddr; - len = 4; /* sizeof inaddr.sin_addr, would fail on Cray */ - break; -#else - return NULL; -#endif - case FamilyDECnet: /* host::0 */ -#ifdef DNETCONN - if (!get_dnet_address (host, &dnaddr)) return NULL; - src = (char *) &dnaddr; - len = (sizeof dnaddr); - break; -#else - /* fall through since we don't have code for it */ -#endif - default: - src = NULL; - len = 0; - } - - /* - * if source was provided, allocate space and copy it - */ - if (len == 0 || !src) return NULL; - - retval = malloc (len); - if (retval) { - memmove( retval, src, len); - *lenp = len; - } - return retval; -} diff --git a/nx-X11/programs/nxauth/nxauth.man b/nx-X11/programs/nxauth/nxauth.man deleted file mode 100644 index b9df3737d..000000000 --- a/nx-X11/programs/nxauth/nxauth.man +++ /dev/null @@ -1,236 +0,0 @@ -.\" $Xorg: xauth.man,v 1.4 2001/02/09 02:05:38 xorgcvs Exp $ -.\" Copyright 1993, 1998 The Open Group -.\" -.\" Permission to use, copy, modify, distribute, and sell this software and its -.\" documentation for any purpose is hereby granted without fee, provided that -.\" the above copyright notice appear in all copies and that both that -.\" copyright notice and this permission notice appear in supporting -.\" documentation. -.\" -.\" The above copyright notice and this permission notice shall be included -.\" in all copies or substantial portions of the Software. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -.\" OTHER DEALINGS IN THE SOFTWARE. -.\" -.\" Except as contained in this notice, the name of The Open Group shall -.\" not be used in advertising or otherwise to promote the sale, use or -.\" other dealings in this Software without prior written authorization -.\" from The Open Group. -.\" -.\" $XFree86: xc/programs/xauth/xauth.man,v 1.7 2001/12/14 20:01:15 dawes Exp $ -.\" -.TH XAUTH 1 __xorgversion__ -.SH NAME -nxauth \- NoMachine X authority file utility -.SH SYNOPSIS -.B nxauth -[ \fB\-f\fP \fIauthfile\fP ] [ \fB\-vqib\fP ] [ \fIcommand arg ...\fP ] -.SH DESCRIPTION -.PP -The \fInxauth\fP program is used to edit and display the authorization -information used in connecting to the X server. This program is usually -used to extract authorization records from one machine and merge them in on -another (as is the case when using remote logins or granting access to -other users). Commands (described below) may be entered interactively, -on the \fInxauth\fP command line, or in scripts. Note that this program -does \fBnot\fP contact the X server except when the generate command is used. -Normally \fInxauth\fP is not used to create the authority file entry in -the first place; \fIxdm\fP does that. -.SH OPTIONS -The following options may be used with \fInxauth\fP. They may be given -individually (e.g., \fI\-q \-i\|\fP) or may combined (e.g., \fI\-qi\|\fP). -.TP 8 -.B "\-f \fIauthfile\fP" -This option specifies the name of the authority file to use. By default, -\fInxauth\fP will use the file specified by the nxauthORITY environment variable -or \fI\.Xauthority\fP in the user's home directory. -.TP 8 -.B \-q -This option indicates that \fInxauth\fP should operate quietly and not print -unsolicited status messages. This is the default if an \fInxauth\fP command is -is given on the command line or if the standard output is not directed to a -terminal. -.TP 8 -.B \-v -This option indicates that \fInxauth\fP should operate verbosely and print -status messages indicating the results of various operations (e.g., how many -records have been read in or written out). This is the default if \fInxauth\fP -is reading commands from its standard input and its standard output is -directed to a terminal. -.TP 8 -.B \-i -This option indicates that \fInxauth\fP should ignore any authority file -locks. Normally, \fInxauth\fP will refuse to read or edit any authority files -that have been locked by other programs (usually \fIxdm\fP or another -\fInxauth\fP). -.TP 8 -.B \-b -This option indicates that \fInxauth\fP should attempt to break any authority -file locks before proceeding. Use this option only to clean up stale locks. -.SH COMMANDS -The following commands may be used to manipulate authority files: -.TP 8 -.B "add \fIdisplayname protocolname hexkey" -An authorization entry for the indicated display using the given protocol -and key data is added to the authorization file. The data is specified as -an even-lengthed string of hexadecimal digits, each pair representing -one octet. The first digit of each pair gives the most significant 4 bits -of the octet, and the second digit of the pair gives the least significant 4 -bits. For example, a 32 character hexkey would represent a 128-bit value. -A protocol name consisting of just a -single period is treated as an abbreviation for \fIMIT-MAGIC-COOKIE-1\fP. - -.TP 8 -.B "generate \fIdisplayname protocolname\fP \fR[\fPtrusted|untrusted\fR]\fP" -.B \fR[\fPtimeout \fIseconds\fP\fR]\fP \fR[\fPgroup \fIgroup-id\fP\fR]\fP \fR[\fBdata \fIhexdata\fR] - -This command is similar to add. The main difference is that instead -of requiring the user to supply the key data, it connects to the -server specified in \fIdisplayname\fP and uses the SECURITY extension -in order to get the key data to store in the authorization file. If -the server cannot be contacted or if it does not support the SECURITY -extension, the command fails. Otherwise, an authorization entry for -the indicated display using the given protocol is added to the -authorization file. A protocol name consisting of just a single -period is treated as an abbreviation for \fIMIT-MAGIC-COOKIE-1\fP. - -If the \fBtrusted\fP option is used, clients that connect using this -authorization will have full run of the display, as usual. If -\fBuntrusted\fP is used, clients that connect using this authorization -will be considered untrusted and prevented from stealing or tampering -with data belonging to trusted clients. See the SECURITY extension -specification for full details on the restrictions imposed on -untrusted clients. The default is \fBuntrusted\fP. - -The \fBtimeout\fP option specifies how long in seconds this -authorization will be valid. If the authorization remains unused (no -clients are connected with it) for longer than this time period, the -server purges the authorization, and future attempts to connect using -it will fail. Note that the purging done by the server does \fBnot\fP -delete the authorization entry from the authorization file. The -default timeout is 60 seconds. - -The \fBgroup\fP option specifies the application group that clients -connecting with this authorization should belong to. See the -application group extension specification for more details. The -default is to not belong to an application group. - -The \fBdata\fP option specifies data that the server should use to -generate the authorization. Note that this is \fBnot\fP the same data -that gets written to the authorization file. The interpretation of -this data depends on the authorization protocol. The \fIhexdata\fP is -in the same format as the \fIhexkey\fP described in the add command. -The default is to send no data. - -.TP 8 -.B "[n]extract \fIfilename displayname..." -Authorization entries for each of the specified displays are written to the -indicated file. If the \fInextract\fP command is used, the entries are written -in a numeric format suitable for non-binary transmission (such as secure -electronic mail). The extracted entries can be read back in using the -\fImerge\fP and \fInmerge\fP commands. If the filename consists of -just a single dash, the entries will be written to the standard output. -.TP 8 -.B "[n]list \fR[\fIdisplayname\fP...]" -Authorization entries for each of the specified displays (or all if no -displays are named) are printed on the standard output. If the \fInlist\fP -command is used, entries will be shown in the numeric format used by -the \fInextract\fP command; otherwise, they are shown in a textual format. -Key data is always displayed in the hexadecimal format given in the -description of the \fIadd\fP command. -.TP 8 -.B "[n]merge \fR[\fIfilename\fP...]" -Authorization entries are read from the specified files and are merged into -the authorization database, superceding any matching existing entries. If -the \fInmerge\fP command is used, the numeric format given in the description -of the \fIextract\fP command is used. If a filename consists of just a single -dash, the standard input will be read if it hasn't been read before. -.TP 8 -.B "remove \fIdisplayname\fR..." -Authorization entries matching the specified displays are removed from the -authority file. -.TP 8 -.B "source \fIfilename" -The specified file is treated as a script containing \fInxauth\fP commands -to execute. Blank lines and lines beginning with a sharp sign (#) are -ignored. A single dash may be used to indicate the standard input, if it -hasn't already been read. -.TP 8 -.B "info" -Information describing the authorization file, whether or not any changes -have been made, and from where \fInxauth\fP commands are being read -is printed on the standard output. -.TP 8 -.B "exit" -If any modifications have been made, the authority file is written out (if -allowed), and the program exits. An end of file is treated as an implicit -\fIexit\fP command. -.TP 8 -.B "quit" -The program exits, ignoring any modifications. This may also be accomplished -by pressing the interrupt character. -.TP 8 -.B "help [\fIstring\fP]" -A description of all commands that begin with the given string (or all -commands if no string is given) is printed on the standard output. -.TP 8 -.B "?" -A short list of the valid commands is printed on the standard output. -.SH "DISPLAY NAMES" -Display names for the \fIadd\fP, \fI[n]extract\fP, \fI[n]list\fP, -\fI[n]merge\fP, and \fIremove\fP commands use the same format as the -DISPLAY environment variable and the common \fI\-display\fP command line -argument. Display-specific information (such as the screen number) -is unnecessary and will be ignored. -Same-machine connections (such as local-host sockets, -shared memory, and the Internet Protocol hostname \fIlocalhost\fP) are -referred to as \fIhostname\fP/unix:\fIdisplaynumber\fP so that -local entries for different machines may be stored in one authority file. -.SH EXAMPLE -.PP -The most common use for \fInxauth\fP is to extract the entry for the -current display, copy it to another machine, and merge it into the -user's authority file on the remote machine: -.sp -.nf - % nxauth extract \- $DISPLAY | rsh otherhost nxauth merge \- -.fi -.PP -.sp -The following command contacts the server :0 to create an -authorization using the MIT-MAGIC-COOKIE-1 protocol. Clients that -connect with this authorization will be untrusted. -.nf - % nxauth generate :0 . -.fi -.SH ENVIRONMENT -This \fInxauth\fP program uses the following environment variables: -.TP 8 -.B XAUTHORITY -to get the name of the authority file to use if the \fI\-f\fP option isn't -used. -.TP 8 -.B HOME -to get the user's home directory if XAUTHORITY isn't defined. -.SH FILES -.TP 8 -.I $HOME/.Xauthority -default authority file if XAUTHORITY isn't defined. -.SH BUGS -.PP -Users that have unsecure networks should take care to use encrypted -file transfer mechanisms to copy authorization entries between machines. -Similarly, the \fIMIT-MAGIC-COOKIE-1\fP protocol is not very useful in -unsecure environments. Sites that are interested in additional security -may need to use encrypted authorization mechanisms such as Kerberos. -.PP -Spaces are currently not allowed in the protocol name. Quoting could be -added for the truly perverse. -.SH AUTHOR -Jim Fulton, MIT X Consortium diff --git a/nx-X11/programs/nxauth/parsedpy.c b/nx-X11/programs/nxauth/parsedpy.c deleted file mode 100644 index d0f022574..000000000 --- a/nx-X11/programs/nxauth/parsedpy.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * $Xorg: parsedpy.c,v 1.4 2001/02/09 02:05:38 xorgcvs Exp $ - * - * parse_displayname - utility routine for splitting up display name strings - * - * -Copyright 1989, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - * * - * Author: Jim Fulton, MIT X Consortium - */ - -/* $XFree86: xc/programs/xauth/parsedpy.c,v 3.6 2001/12/14 20:01:15 dawes Exp $ */ -/**************************************************************************/ -/* */ -/* Copyright (c) 2001, 2010 NoMachine, http://www.nomachine.com/. */ -/* */ -/* NXAUTH, NX protocol compression and NX extensions to this software */ -/* are copyright of NoMachine. Redistribution and use of the present */ -/* software is allowed according to terms specified in the file LICENSE */ -/* which comes in the source distribution. */ -/* */ -/* Check http://www.nomachine.com/licensing.html for applicability. */ -/* */ -/* NX and NoMachine are trademarks of Medialogic S.p.A. */ -/* */ -/* All rights reserved. */ -/* */ -/**************************************************************************/ - -#include <stdio.h> /* for NULL */ -#include <ctype.h> /* for isascii() and isdigit() */ -#include <nx-X11/Xos.h> /* for strchr() and string routines */ -#include <nx-X11/Xlib.h> /* for Family contants */ -#ifdef hpux -#include <sys/utsname.h> /* for struct utsname */ -#endif -#include <nx-X11/Xauth.h> /* for FamilyLocal */ - -#if defined(UNIXCONN) || defined(LOCALCONN) -#define UNIX_CONNECTION "unix" -#define UNIX_CONNECTION_LENGTH 4 -#endif - -#include <stdlib.h> -#include "xauth.h" - -#define PANIC -#define WARNING -#undef TEST -#undef DEBUG - -/* - * private utility routines - */ - -char * -copystring (char *src, int len) -{ - char *cp; - - if (!src && len != 0) return NULL; - cp = malloc (len + 1); - if (cp) { - if (src) strncpy (cp, src, len); - cp[len] = '\0'; - } - return cp; -} - - -char * -get_local_hostname (char *buf, int maxlen) -{ - buf[0] = '\0'; -/* - (void) XmuGetHostname (buf, maxlen); -*/ - /*FIXME*/ - - (void) gethostname (buf, maxlen); - - buf [maxlen - 1] = '\0'; - - #ifdef TEST - printf("get_local_hostname: Host name is %s", buf); - #endif - - return (buf[0] ? buf : NULL); -} - -#ifndef UNIXCONN -static char * -copyhostname (void) -{ - char buf[256]; - - return (get_local_hostname (buf, sizeof buf) ? - copystring (buf, strlen (buf)) : NULL); -} -#endif - -/* - * parse_displayname - display a display string up into its component parts - */ -Bool -parse_displayname (char *displayname, - int *familyp, /* return */ - char **hostp, /* return */ - int *dpynump, /* return */ - int *scrnump, /* return */ - char **restp) /* return */ -{ - char *ptr; /* work variables */ - int len; /* work variable */ - int family = -1; /* value to be returned */ - char *host = NULL; /* must free if set and error return */ - int dpynum = -1; /* value to be returned */ - int scrnum = 0; /* value to be returned */ - char *rest = NULL; /* must free if set and error return */ - Bool dnet = False; /* if true then using DECnet */ - - /* check the name */ - if (!displayname || !displayname[0]) return False; - - /* must have at least :number */ - ptr = strchr(displayname, ':'); - if (!ptr || !ptr[1]) return False; - if (ptr[1] == ':') { - if (ptr[2] == '\0') return False; - dnet = True; - } - - - /* - * get the host string; if none is given, use the most effiecient path - */ - - len = (ptr - displayname); /* length of host name */ - if (len == 0) { /* choose most efficient path */ -#if defined(UNIXCONN) || defined(LOCALCONN) - host = copystring (UNIX_CONNECTION, UNIX_CONNECTION_LENGTH); - family = FamilyLocal; -#else - if (dnet) { - host = copystring ("0", 1); - family = FamilyDECnet; - } else { - host = copyhostname (); - family = FamilyInternet; - } -#endif - } else { - host = copystring (displayname, len); - if (dnet) { - family = dnet; - } else { -#if defined(UNIXCONN) || defined(LOCALCONN) - if (host && strcmp (host, UNIX_CONNECTION) == 0) - family = FamilyLocal; - else -#endif - family = FamilyInternet; - } - } - - if (!host) return False; - - - /* - * get the display number; we know that there is something after the - * colon (or colons) from above. note that host is now set and must - * be freed if there is an error. - */ - - if (dnet) ptr++; /* skip the extra DECnet colon */ - ptr++; /* move to start of display num */ - { - register char *cp; - - for (cp = ptr; *cp && isascii(*cp) && isdigit(*cp); cp++) ; - len = (cp - ptr); - /* check present and valid follow */ - if (len == 0 || (*cp && *cp != '.')) { - free (host); - return False; - } - - dpynum = atoi (ptr); /* it will handle num. as well */ - ptr = cp; - } - - /* - * now get screen number if given; ptr may point to nul at this point - */ - if (ptr[0] == '.') { - register char *cp; - - ptr++; - for (cp = ptr; *cp && isascii(*cp) && isdigit(*cp); cp++) ; - len = (cp - ptr); - if (len == 0 || (*cp && *cp != '.')) { /* all prop name */ - free (host); - return False; - } - - scrnum = atoi (ptr); /* it will handle num. as well */ - ptr = cp; - } - - /* - * and finally, get any additional stuff that might be following the - * the screen number; ptr must point to a period if there is anything - */ - - if (ptr[0] == '.') { - ptr++; - len = strlen (ptr); - if (len > 0) { - rest = copystring (ptr, len); - if (!rest) { - free (host); - return False; - } - } - } - - /* - * and we are done! - */ - - *familyp = family; - *hostp = host; - *dpynump = dpynum; - *scrnump = scrnum; - *restp = rest; - return True; -} - - diff --git a/nx-X11/programs/nxauth/process.c b/nx-X11/programs/nxauth/process.c deleted file mode 100644 index 86aba2b2a..000000000 --- a/nx-X11/programs/nxauth/process.c +++ /dev/null @@ -1,1872 +0,0 @@ -/* $Xorg: process.c,v 1.6 2001/02/09 02:05:38 xorgcvs Exp $ */ -/* - -Copyright 1989, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ -/* $XFree86: xc/programs/xauth/process.c,v 3.18 2003/02/13 02:50:22 dawes Exp $ */ - -/**************************************************************************/ -/* */ -/* Copyright (c) 2001, 2010 NoMachine, http://www.nomachine.com/. */ -/* */ -/* NXAUTH, NX protocol compression and NX extensions to this software */ -/* are copyright of NoMachine. Redistribution and use of the present */ -/* software is allowed according to terms specified in the file LICENSE */ -/* which comes in the source distribution. */ -/* */ -/* Check http://www.nomachine.com/licensing.html for applicability. */ -/* */ -/* NX and NoMachine are trademarks of Medialogic S.p.A. */ -/* */ -/* All rights reserved. */ -/* */ -/**************************************************************************/ - -/* - * Author: Jim Fulton, MIT X Consortium - */ - -#include "xauth.h" -#include <ctype.h> -#include <errno.h> -#include <sys/stat.h> - -#include <signal.h> -/*#include <nx-X11/X.h>*/ /* for Family constants */ -/* -#include <nx-X11/Xlib.h> -#include <nx-X11/extensions/security.h> -*/ - -/*FIXME*/ -#define FamilyInternet 0 -#define FamilyDECnet 1 - -extern Bool naneserver_timedout; - -#ifndef DEFAULT_PROTOCOL_ABBREV /* to make add command easier */ -#define DEFAULT_PROTOCOL_ABBREV "." -#endif -#ifndef DEFAULT_PROTOCOL /* for protocol abbreviation */ -#define DEFAULT_PROTOCOL "MIT-MAGIC-COOKIE-1" -#endif - -#define SECURERPC "SUN-DES-1" -#define K5AUTH "MIT-KERBEROS-5" - -#define XAUTH_DEFAULT_RETRIES 10 /* number of competitors we expect */ -#define XAUTH_DEFAULT_TIMEOUT 2 /* in seconds, be quick */ -#define XAUTH_DEFAULT_DEADTIME 600L /* 10 minutes in seconds */ - -typedef struct _AuthList { /* linked list of entries */ - struct _AuthList *next; - Xauth *auth; -} AuthList; - -typedef int (*ProcessFunc)(char *, int, int, char**); - -#define add_to_list(h,t,e) {if (t) (t)->next = (e); else (h) = (e); (t) = (e);} - -typedef struct _CommandTable { /* commands that are understood */ - char *name; /* full name */ - int minlen; /* unique prefix */ - int maxlen; /* strlen(name) */ - ProcessFunc processfunc; /* handler */ - char *helptext; /* what to print for help */ -} CommandTable; - -struct _extract_data { /* for iterating */ - FILE *fp; /* input source */ - char *filename; /* name of input */ - Bool used_stdout; /* whether or not need to close */ - Bool numeric; /* format in which to write */ - int nwritten; /* number of entries written */ - char *cmd; /* for error messages */ -}; - -struct _list_data { /* for iterating */ - FILE *fp; /* output file */ - Bool numeric; /* format in which to write */ -}; - - -/* - * private data - */ -static char *stdin_filename = "(stdin)"; /* for messages */ -static char *stdout_filename = "(stdout)"; /* for messages */ -static char *Yes = "yes"; /* for messages */ -static char *No = "no"; /* for messages */ - -static int do_help ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_questionmark ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_list ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_merge ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_extract ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_add ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_remove ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_info ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_exit ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_quit ( char *inputfilename, int lineno, int argc, char **argv ); -static int do_source ( char *inputfilename, int lineno, int argc, char **argv ); -/* -static int do_generate ( char *inputfilename, int lineno, int argc, char **argv ); -*/ -static CommandTable command_table[] = { /* table of known commands */ - { "add", 2, 3, do_add, - "add dpyname protoname hexkey add entry" }, - { "exit", 3, 4, do_exit, - "exit save changes and exit program" }, - { "extract", 3, 7, do_extract, - "extract filename dpyname... extract entries into file" }, - { "help", 1, 4, do_help, - "help [topic] print help" }, - { "info", 1, 4, do_info, - "info print information about entries" }, - { "list", 1, 4, do_list, - "list [dpyname...] list entries" }, - { "merge", 1, 5, do_merge, - "merge filename... merge entries from files" }, - { "nextract", 2, 8, do_extract, - "nextract filename dpyname... numerically extract entries" }, - { "nlist", 2, 5, do_list, - "nlist [dpyname...] numerically list entries" }, - { "nmerge", 2, 6, do_merge, - "nmerge filename... numerically merge entries" }, - { "quit", 1, 4, do_quit, - "quit abort changes and exit program" }, - { "remove", 1, 6, do_remove, - "remove dpyname... remove entries" }, - { "source", 1, 6, do_source, - "source filename read commands from file" }, - { "?", 1, 1, do_questionmark, - "? list available commands" }, -/* { "generate", 1, 8, do_generate, - "generate dpyname protoname [options] use server to generate entry\n" - " options are:\n" - " timeout n authorization expiration time in seconds\n" - " trusted clients using this entry are trusted\n" - " untrusted clients using this entry are untrusted\n" - " group n clients using this entry belong to application group n\n" - " data hexkey auth protocol specific data needed to generate the entry\n" - }, */ - { NULL, 0, 0, NULL, NULL }, -}; - -#define COMMAND_NAMES_PADDED_WIDTH 10 /* wider than anything above */ - - -static Bool okay_to_use_stdin = True; /* set to false after using */ - -static char *hex_table[] = { /* for printing hex digits */ - "00", "01", "02", "03", "04", "05", "06", "07", - "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", - "10", "11", "12", "13", "14", "15", "16", "17", - "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", - "20", "21", "22", "23", "24", "25", "26", "27", - "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", - "30", "31", "32", "33", "34", "35", "36", "37", - "38", "39", "3a", "3b", "3c", "3d", "3e", "3f", - "40", "41", "42", "43", "44", "45", "46", "47", - "48", "49", "4a", "4b", "4c", "4d", "4e", "4f", - "50", "51", "52", "53", "54", "55", "56", "57", - "58", "59", "5a", "5b", "5c", "5d", "5e", "5f", - "60", "61", "62", "63", "64", "65", "66", "67", - "68", "69", "6a", "6b", "6c", "6d", "6e", "6f", - "70", "71", "72", "73", "74", "75", "76", "77", - "78", "79", "7a", "7b", "7c", "7d", "7e", "7f", - "80", "81", "82", "83", "84", "85", "86", "87", - "88", "89", "8a", "8b", "8c", "8d", "8e", "8f", - "90", "91", "92", "93", "94", "95", "96", "97", - "98", "99", "9a", "9b", "9c", "9d", "9e", "9f", - "a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7", - "a8", "a9", "aa", "ab", "ac", "ad", "ae", "af", - "b0", "b1", "b2", "b3", "b4", "b5", "b6", "b7", - "b8", "b9", "ba", "bb", "bc", "bd", "be", "bf", - "c0", "c1", "c2", "c3", "c4", "c5", "c6", "c7", - "c8", "c9", "ca", "cb", "cc", "cd", "ce", "cf", - "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", - "d8", "d9", "da", "db", "dc", "dd", "de", "df", - "e0", "e1", "e2", "e3", "e4", "e5", "e6", "e7", - "e8", "e9", "ea", "eb", "ec", "ed", "ee", "ef", - "f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7", - "f8", "f9", "fa", "fb", "fc", "fd", "fe", "ff", -}; - -static unsigned int hexvalues[256]; /* for parsing hex input */ - -static int original_umask = 0; /* for restoring */ - - -/* - * private utility procedures - */ - -static void -prefix(char *fn, int n) -{ - fprintf (stderr, "%s: %s:%d: ", ProgramName, fn, n); -} - -static void -baddisplayname(char *dpy, char *cmd) -{ - fprintf (stderr, "bad display name \"%s\" in \"%s\" command\n", - dpy, cmd); -} - -static void -badcommandline(char *cmd) -{ - fprintf (stderr, "bad \"%s\" command line\n", cmd); -} - -static char * -skip_space(register char *s) -{ - if (!s) return NULL; - - for ( ; *s && isascii(*s) && isspace(*s); s++) - ; - return s; -} - - -static char * -skip_nonspace(register char *s) -{ - if (!s) return NULL; - - /* put quoting into loop if need be */ - for ( ; *s && isascii(*s) && !isspace(*s); s++) - ; - return s; -} - -static char ** -split_into_words(char *src, int *argcp) /* argvify string */ -{ - char *jword; - char savec; - char **argv; - int cur, total; - - *argcp = 0; -#define WORDSTOALLOC 4 /* most lines are short */ - argv = (char **) malloc (WORDSTOALLOC * sizeof (char *)); - if (!argv) return NULL; - cur = 0; - total = WORDSTOALLOC; - - /* - * split the line up into separate, nul-terminated tokens; the last - * "token" will point to the empty string so that it can be bashed into - * a null pointer. - */ - - do { - jword = skip_space (src); - src = skip_nonspace (jword); - savec = *src; - *src = '\0'; - if (cur == total) { - total += WORDSTOALLOC; - argv = (char **) realloc (argv, total * sizeof (char *)); - if (!argv) return NULL; - } - argv[cur++] = jword; - if (savec) src++; /* if not last on line advance */ - } while (jword != src); - - argv[--cur] = NULL; /* smash empty token to end list */ - *argcp = cur; - return argv; -} - - -static FILE * -open_file(char **filenamep, - char *mode, - Bool *usedstdp, - char *srcfn, - int srcln, - char *cmd) -{ - FILE *fp; - - if (strcmp (*filenamep, "-") == 0) { - *usedstdp = True; - /* select std descriptor to use */ - if (mode[0] == 'r') { - if (okay_to_use_stdin) { - okay_to_use_stdin = False; - *filenamep = stdin_filename; - return stdin; - } else { - prefix (srcfn, srcln); - fprintf (stderr, "%s: stdin already in use\n", cmd); - return NULL; - } - } else { - *filenamep = stdout_filename; - return stdout; /* always okay to use stdout */ - } - } - - fp = fopen (*filenamep, mode); - if (!fp) { - prefix (srcfn, srcln); - fprintf (stderr, "%s: unable to open file %s\n", cmd, *filenamep); - } - return fp; -} - -static int -getinput(FILE *fp) -{ - register int c; - - while ((c = getc (fp)) != EOF && isascii(c) && c != '\n' && isspace(c)) ; - return c; -} - -static int -get_short(FILE *fp, unsigned short *sp) /* for reading numeric input */ -{ - int c; - int i; - unsigned short us = 0; - - /* - * read family: written with %04x - */ - for (i = 0; i < 4; i++) { - switch (c = getinput (fp)) { - case EOF: - case '\n': - return 0; - } - if (c < 0 || c > 255) return 0; - us = (us * 16) + hexvalues[c]; /* since msb */ - } - *sp = us; - return 1; -} - -static int -get_bytes(FILE *fp, unsigned int n, char **ptr) /* for reading numeric input */ -{ - char *s; - register char *cp; - int c1, c2; - - cp = s = malloc (n); - if (!cp) return 0; - - while (n > 0) { - if ((c1 = getinput (fp)) == EOF || c1 == '\n' || - (c2 = getinput (fp)) == EOF || c2 == '\n') { - free (s); - return 0; - } - *cp = (char) ((hexvalues[c1] * 16) + hexvalues[c2]); - cp++; - n--; - } - - *ptr = s; - return 1; -} - - -static Xauth * -read_numeric(FILE *fp) -{ - Xauth *auth; - - auth = (Xauth *) malloc (sizeof (Xauth)); - if (!auth) goto bad; - auth->family = 0; - auth->address = NULL; - auth->address_length = 0; - auth->number = NULL; - auth->number_length = 0; - auth->name = NULL; - auth->name_length = 0; - auth->data = NULL; - auth->data_length = 0; - - if (!get_short (fp, (unsigned short *) &auth->family)) - goto bad; - if (!get_short (fp, (unsigned short *) &auth->address_length)) - goto bad; - if (!get_bytes (fp, (unsigned int) auth->address_length, &auth->address)) - goto bad; - if (!get_short (fp, (unsigned short *) &auth->number_length)) - goto bad; - if (!get_bytes (fp, (unsigned int) auth->number_length, &auth->number)) - goto bad; - if (!get_short (fp, (unsigned short *) &auth->name_length)) - goto bad; - if (!get_bytes (fp, (unsigned int) auth->name_length, &auth->name)) - goto bad; - if (!get_short (fp, (unsigned short *) &auth->data_length)) - goto bad; - if (!get_bytes (fp, (unsigned int) auth->data_length, &auth->data)) - goto bad; - - switch (getinput (fp)) { /* get end of line */ - case EOF: - case '\n': - return auth; - } - - bad: - if (auth) XauDisposeAuth (auth); /* won't free null pointers */ - return NULL; -} - -typedef Xauth *(*ReadFunc)(FILE *); - -static int -read_auth_entries(FILE *fp, Bool numeric, AuthList **headp, AuthList **tailp) -{ - ReadFunc readfunc = (numeric ? read_numeric : XauReadAuth); - Xauth *auth; - AuthList *head, *tail; - int n; - - head = tail = NULL; - n = 0; - /* put all records into linked list */ - while ((auth = ((*readfunc) (fp))) != NULL) { - AuthList *l = (AuthList *) malloc (sizeof (AuthList)); - if (!l) { - fprintf (stderr, - "%s: unable to alloc entry reading auth file\n", - ProgramName); - exit (1); - } - l->next = NULL; - l->auth = auth; - if (tail) /* if not first time through append */ - tail->next = l; - else - head = l; /* first time through, so assign */ - tail = l; - n++; - } - *headp = head; - *tailp = tail; - return n; -} - -static Bool -get_displayname_auth(char *displayname, Xauth *auth) -{ - int family; - char *host = NULL, *rest = NULL; - int dpynum, scrnum; - char *cp; - int len; - Xauth proto; - int prelen = 0; - - /* - * check to see if the display name is of the form "host/unix:" - * which is how the list routine prints out local connections - */ - cp = strchr(displayname, '/'); - if (cp && strncmp (cp, "/unix:", 6) == 0) - prelen = (cp - displayname); - - #ifdef __APPLE__ - - /* - * FIXME: This is an attempt to get the right - * cookie, because no one can grant that the - * X server is running on the display number - * reported in the launchd display name. - */ - - if (strncmp (displayname, "/tmp/launch", 11) == 0) - displayname = strrchr(displayname, ':'); - - #endif - - if (!parse_displayname (displayname + ((prelen > 0) ? prelen + 1 : 0), - &family, &host, &dpynum, &scrnum, &rest)) { - return False; - } - - proto.family = family; - proto.address = get_address_info (family, displayname, prelen, host, &len); - if (proto.address) { - char buf[40]; /* want to hold largest display num */ - - proto.address_length = len; - buf[0] = '\0'; - sprintf (buf, "%d", dpynum); - proto.number_length = strlen (buf); - if (proto.number_length <= 0) { - free (proto.address); - proto.address = NULL; - } else { - proto.number = copystring (buf, proto.number_length); - } - } - - if (host) free (host); - if (rest) free (rest); - - if (proto.address) { - auth->family = proto.family; - auth->address = proto.address; - auth->address_length = proto.address_length; - auth->number = proto.number; - auth->number_length = proto.number_length; - auth->name = NULL; - auth->name_length = 0; - auth->data = NULL; - auth->data_length = 0; - return True; - } else { - return False; - } -} - -static int -cvthexkey(char *hexstr, char **ptrp) /* turn hex key string into octets */ -{ - int i; - int len = 0; - char *retval, *s; - unsigned char *us; - char c; - char savec = '\0'; - - /* count */ - for (s = hexstr; *s; s++) { - if (!isascii(*s)) return -1; - if (isspace(*s)) continue; - if (!isxdigit(*s)) return -1; - len++; - } - - /* if odd then there was an error */ - if ((len & 1) == 1) return -1; - - - /* now we know that the input is good */ - len >>= 1; - retval = malloc (len); - if (!retval) { - fprintf (stderr, "%s: unable to allocate %d bytes for hexkey\n", - ProgramName, len); - return -1; - } - - for (us = (unsigned char *) retval, i = len; i > 0; hexstr++) { - c = *hexstr; - if (isspace(c)) continue; /* already know it is ascii */ - if (isupper(c)) - c = tolower(c); - if (savec) { -#define atoh(c) ((c) - (((c) >= '0' && (c) <= '9') ? '0' : ('a'-10))) - *us = (unsigned char)((atoh(savec) << 4) + atoh(c)); -#undef atoh - savec = 0; /* ready for next character */ - us++; - i--; - } else { - savec = c; - } - } - *ptrp = retval; - return len; -} - -static int -dispatch_command(char *inputfilename, - int lineno, - int argc, - char **argv, - CommandTable *tab, - int *statusp) -{ - CommandTable *ct; - char *cmd; - int n; - /* scan table for command */ - cmd = argv[0]; - n = strlen (cmd); - for (ct = tab; ct->name; ct++) { - /* look for unique prefix */ - if (n >= ct->minlen && n <= ct->maxlen && - strncmp (cmd, ct->name, n) == 0) { - *statusp = (*(ct->processfunc))(inputfilename, lineno, argc, argv); - return 1; - } - } - - *statusp = 1; - return 0; -} - - -static AuthList *xauth_head = NULL; /* list of auth entries */ -static Bool xauth_existed = False; /* if was present at initialize */ -static Bool xauth_modified = False; /* if added, removed, or merged */ -static Bool xauth_allowed = True; /* if allowed to write auth file */ -static Bool xauth_locked = False; /* if has been locked */ -static char *xauth_filename = NULL; -static Bool dieing = False; - -#ifdef SIGNALRETURNSINT -#define _signal_t int -#else -#define _signal_t void -#endif - -/* poor man's puts(), for under signal handlers */ -#define WRITES(fd, S) (void)write((fd), (S), strlen((S))) - -/* ARGSUSED */ -static _signal_t -die(int sig) -{ - dieing = True; - _exit (auth_finalize ()); - /* NOTREACHED */ -#ifdef SIGNALRETURNSINT - return -1; /* for picky compilers */ -#endif -} - -static _signal_t -catchsig(int sig) -{ -#ifdef SYSV - if (sig > 0) signal (sig, die); /* re-establish signal handler */ -#endif - /* - * fileno() might not be reentrant, avoid it if possible, and use - * stderr instead of stdout - */ -#ifdef STDERR_FILENO - if (verbose && xauth_modified) WRITES(STDERR_FILENO, "\r\n"); -#else - if (verbose && xauth_modified) WRITES(fileno(stderr), "\r\n"); -#endif - die (sig); - /* NOTREACHED */ -#ifdef SIGNALRETURNSINT - return -1; /* for picky compilers */ -#endif -} - -static void -register_signals(void) -{ - signal (SIGINT, catchsig); - signal (SIGTERM, catchsig); -#ifdef SIGHUP - signal (SIGHUP, catchsig); -#endif - return; -} - - -/* - * public procedures for parsing lines of input - */ - -int -auth_initialize(char *authfilename) -{ - int n; - AuthList *head, *tail; - FILE *authfp; - Bool exists; - - xauth_filename = authfilename; /* used in cleanup, prevent race with - signals */ - register_signals (); - - bzero ((char *) hexvalues, sizeof hexvalues); - hexvalues['0'] = 0; - hexvalues['1'] = 1; - hexvalues['2'] = 2; - hexvalues['3'] = 3; - hexvalues['4'] = 4; - hexvalues['5'] = 5; - hexvalues['6'] = 6; - hexvalues['7'] = 7; - hexvalues['8'] = 8; - hexvalues['9'] = 9; - hexvalues['a'] = hexvalues['A'] = 0xa; - hexvalues['b'] = hexvalues['B'] = 0xb; - hexvalues['c'] = hexvalues['C'] = 0xc; - hexvalues['d'] = hexvalues['D'] = 0xd; - hexvalues['e'] = hexvalues['E'] = 0xe; - hexvalues['f'] = hexvalues['F'] = 0xf; - - if (break_locks && verbose) { - printf ("Attempting to break locks on authority file %s\n", - authfilename); - } - - if (ignore_locks) { - if (break_locks) XauUnlockAuth (authfilename); - } else { - n = XauLockAuth (authfilename, XAUTH_DEFAULT_RETRIES, - XAUTH_DEFAULT_TIMEOUT, - (break_locks ? 0L : XAUTH_DEFAULT_DEADTIME)); - if (n != LOCK_SUCCESS) { - char *reason = "unknown error"; - switch (n) { - case LOCK_ERROR: - reason = "error"; - break; - case LOCK_TIMEOUT: - reason = "timeout"; - break; - } - fprintf (stderr, "%s: %s in locking authority file %s\n", - ProgramName, reason, authfilename); - return -1; - } else - xauth_locked = True; - } - - /* these checks can only be done reliably after the file is locked */ - exists = (access (authfilename, F_OK) == 0); - if (exists && access (authfilename, W_OK) != 0) { - fprintf (stderr, - "%s: %s not writable, changes will be ignored\n", - ProgramName, authfilename); - xauth_allowed = False; - } - - original_umask = umask (0077); /* disallow non-owner access */ - - authfp = fopen (authfilename, "rb"); - if (!authfp) { - int olderrno = errno; - - /* if file there then error */ - if (access (authfilename, F_OK) == 0) { /* then file does exist! */ - errno = olderrno; - return -1; - } /* else ignore it */ - fprintf (stderr, - "%s: creating new authority file %s\n", - ProgramName, authfilename); - } else { - xauth_existed = True; - n = read_auth_entries (authfp, False, &head, &tail); - (void) fclose (authfp); - if (n < 0) { - fprintf (stderr, - "%s: unable to read auth entries from file \"%s\"\n", - ProgramName, authfilename); - return -1; - } - xauth_head = head; - } - - n = strlen (authfilename); - xauth_filename = malloc (n + 1); - if (xauth_filename) strcpy (xauth_filename, authfilename); - else { - fprintf(stderr,"cannot allocate memory\n"); - return -1; - } - - xauth_modified = False; - - if (verbose) { - printf ("%s authority file %s\n", - ignore_locks ? "Ignoring locks on" : "Using", authfilename); - } - return 0; -} - -static int -write_auth_file(char *tmp_nam) -{ - FILE *fp = NULL; - int fd; - AuthList *list; - - /* - * xdm and auth spec assumes auth file is 12 or fewer characters - */ - strcpy (tmp_nam, xauth_filename); - strcat (tmp_nam, "-n"); /* for new */ - (void) unlink (tmp_nam); - /* CPhipps 2000/02/12 - fix file unlink/fopen race */ - fd = open(tmp_nam, O_WRONLY | O_CREAT | O_EXCL, 0600); - if (fd != -1) fp = fdopen (fd, "wb"); - if (!fp) { - if (fd != -1) close(fd); - fprintf (stderr, "%s: unable to open tmp file \"%s\"\n", - ProgramName, tmp_nam); - return -1; - } - - /* - * Write MIT-MAGIC-COOKIE-1 first, because R4 Xlib knows - * only that and uses the first authorization it finds. - */ - for (list = xauth_head; list; list = list->next) { - if (list->auth->name_length == 18 - && strncmp(list->auth->name, "MIT-MAGIC-COOKIE-1", 18) == 0) { - if (!XauWriteAuth(fp, list->auth)) { - (void) fclose(fp); - return -1; - } - } - } - for (list = xauth_head; list; list = list->next) { - if (list->auth->name_length != 18 - || strncmp(list->auth->name, "MIT-MAGIC-COOKIE-1", 18) != 0) { - if (!XauWriteAuth(fp, list->auth)) { - (void) fclose(fp); - return -1; - } - } - } - - (void) fclose (fp); - return 0; -} - -int -auth_finalize(void) -{ - char temp_name[1024]; /* large filename size */ - - if (xauth_modified) { - if (dieing) { - if (verbose) { - /* - * called from a signal handler -- printf is *not* reentrant; also - * fileno() might not be reentrant, avoid it if possible, and use - * stderr instead of stdout - */ -#ifdef STDERR_FILENO - WRITES(STDERR_FILENO, "\nAborting changes to authority file "); - WRITES(STDERR_FILENO, xauth_filename); - WRITES(STDERR_FILENO, "\n"); -#else - WRITES(fileno(stderr), "\nAborting changes to authority file "); - WRITES(fileno(stderr), xauth_filename); - WRITES(fileno(stderr), "\n"); -#endif - } - } else if (!xauth_allowed) { - fprintf (stderr, - "%s: %s not writable, changes ignored\n", - ProgramName, xauth_filename); - } else { - if (verbose) { - printf ("%s authority file %s\n", - ignore_locks ? "Ignoring locks and writing" : - "Writing", xauth_filename); - } - temp_name[0] = '\0'; - if (write_auth_file (temp_name) == -1) { - fprintf (stderr, - "%s: unable to write authority file %s\n", - ProgramName, temp_name); - } else { - (void) unlink (xauth_filename); -#if defined(WIN32) || defined(__UNIXOS2__)|| defined(__CYGWIN__) - if (rename(temp_name, xauth_filename) == -1) -#else - if (link (temp_name, xauth_filename) == -1) -#endif - { - fprintf (stderr, - "%s: unable to link authority file %s, use %s\n", - ProgramName, xauth_filename, temp_name); - } else { - (void) unlink (temp_name); - } - } - } - } - - if (xauth_locked) { - XauUnlockAuth (xauth_filename); - } - (void) umask (original_umask); - return 0; -} - -int -process_command(char *inputfilename, int lineno, int argc, char **argv) -{ - int status; - - if (argc < 1 || !argv || !argv[0]) return 1; - - if (dispatch_command (inputfilename, lineno, argc, argv, - command_table, &status)) - return status; - - prefix (inputfilename, lineno); - fprintf (stderr, "unknown command \"%s\"\n", argv[0]); - return 1; -} - - -/* - * utility routines - */ - -static char * -bintohex(unsigned int len, char *bindata) -{ - char *hexdata, *starthex; - - /* two chars per byte, plus null termination */ - starthex = hexdata = (char *)malloc(2*len + 1); - if (!hexdata) - return NULL; - - for (; len > 0; len--, bindata++) { - register char *s = hex_table[(unsigned char)*bindata]; - *hexdata++ = s[0]; - *hexdata++ = s[1]; - } - *hexdata = '\0'; - return starthex; -} - -static void -fprintfhex(register FILE *fp, int len, char *cp) -{ - char *hex; - - hex = bintohex(len, cp); - fprintf(fp, "%s", hex); - free(hex); -} - -int -dump_numeric(register FILE *fp, register Xauth *auth) -{ - fprintf (fp, "%04x", auth->family); /* unsigned short */ - fprintf (fp, " %04x ", auth->address_length); /* short */ - fprintfhex (fp, auth->address_length, auth->address); - fprintf (fp, " %04x ", auth->number_length); /* short */ - fprintfhex (fp, auth->number_length, auth->number); - fprintf (fp, " %04x ", auth->name_length); /* short */ - fprintfhex (fp, auth->name_length, auth->name); - fprintf (fp, " %04x ", auth->data_length); /* short */ - fprintfhex (fp, auth->data_length, auth->data); - putc ('\n', fp); - return 1; -} - -/* ARGSUSED */ -static int -dump_entry(char *inputfilename, int lineno, Xauth *auth, char *data) -{ - struct _list_data *ld = (struct _list_data *) data; - FILE *fp = ld->fp; - - if (ld->numeric) { - dump_numeric (fp, auth); - } else { - char *dpyname = NULL; - - switch (auth->family) { - case FamilyLocal: - fwrite (auth->address, sizeof (char), auth->address_length, fp); - fprintf (fp, "/unix"); - break; - case FamilyInternet: - case FamilyDECnet: - dpyname = get_hostname (auth); - if (dpyname) { - fprintf (fp, "%s", dpyname); - break; - } - /* else fall through to default */ - default: - fprintf (fp, "#%04x#", auth->family); - fprintfhex (fp, auth->address_length, auth->address); - putc ('#', fp); - } - putc (':', fp); - fwrite (auth->number, sizeof (char), auth->number_length, fp); - putc (' ', fp); - putc (' ', fp); - fwrite (auth->name, sizeof (char), auth->name_length, fp); - putc (' ', fp); - putc (' ', fp); - if (!strncmp(auth->name, SECURERPC, auth->name_length) || - !strncmp(auth->name, K5AUTH, auth->name_length)) - fwrite (auth->data, sizeof (char), auth->data_length, fp); - else - fprintfhex (fp, auth->data_length, auth->data); - putc ('\n', fp); - } - return 0; -} - -static int -extract_entry(char *inputfilename, int lineno, Xauth *auth, char *data) -{ - struct _extract_data *ed = (struct _extract_data *) data; - - if (!ed->fp) { - ed->fp = open_file (&ed->filename, - ed->numeric ? "w" : "wb", - &ed->used_stdout, - inputfilename, lineno, ed->cmd); - if (!ed->fp) { - prefix (inputfilename, lineno); - fprintf (stderr, - "unable to open extraction file \"%s\"\n", - ed->filename); - return -1; - } - } - (*(ed->numeric ? dump_numeric : XauWriteAuth)) (ed->fp, auth); - ed->nwritten++; - - return 0; -} - - -static int -match_auth_dpy(register Xauth *a, register Xauth *b) -{ - return ((a->family == b->family && - a->address_length == b->address_length && - a->number_length == b->number_length && - memcmp(a->address, b->address, a->address_length) == 0 && - memcmp(a->number, b->number, a->number_length) == 0) ? 1 : 0); -} - -/* return non-zero iff display and authorization type are the same */ - -static int -match_auth(register Xauth *a, register Xauth *b) -{ - return ((match_auth_dpy(a, b) - && a->name_length == b->name_length - && memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0); -} - - -static int -merge_entries(AuthList **firstp, AuthList *second, int *nnewp, int *nreplp) -{ - AuthList *a, *b, *first, *tail; - int n = 0, nnew = 0, nrepl = 0; - - if (!second) return 0; - - if (!*firstp) { /* if nothing to merge into */ - *firstp = second; - for (tail = *firstp, n = 1; tail->next; n++, tail = tail->next) ; - *nnewp = n; - *nreplp = 0; - return n; - } - - first = *firstp; - /* - * find end of first list and stick second list on it - */ - for (tail = first; tail->next; tail = tail->next) ; - tail->next = second; - - /* - * run down list freeing duplicate entries; if an entry is okay, then - * bump the tail up to include it, otherwise, cut the entry out of - * the chain. - */ - for (b = second; b; ) { - AuthList *next = b->next; /* in case we free it */ - - a = first; - for (;;) { - if (match_auth (a->auth, b->auth)) { /* found a duplicate */ - AuthList tmp; /* swap it in for old one */ - tmp = *a; - *a = *b; - *b = tmp; - a->next = b->next; - XauDisposeAuth (b->auth); - free ((char *) b); - b = NULL; - tail->next = next; - nrepl++; - nnew--; - break; - } - if (a == tail) break; /* if have looked at left side */ - a = a->next; - } - if (b) { /* if we didn't remove it */ - tail = b; /* bump end of first list */ - } - b = next; - n++; - nnew++; - } - - *nnewp = nnew; - *nreplp = nrepl; - return n; - -} - -typedef int (*YesNoFunc)(char *, int, Xauth *, char *); - -static int -iterdpy (char *inputfilename, int lineno, int start, - int argc, char *argv[], - YesNoFunc yfunc, YesNoFunc nfunc, char *data) -{ - int i; - int status; - int errors = 0; - Xauth proto; - AuthList *l, *next; - - /* - * iterate - */ - for (i = start; i < argc; i++) { - char *displayname = argv[i]; - proto.address = proto.number = NULL; - if (!get_displayname_auth (displayname, &proto)) { - prefix (inputfilename, lineno); - baddisplayname (displayname, argv[0]); - errors++; - continue; - } - status = 0; - for (l = xauth_head; l; l = next) { - next = l->next; - if (match_auth_dpy (&proto, l->auth)) { - if (yfunc) { - status = (*yfunc) (inputfilename, lineno, - l->auth, data); - if (status < 0) break; - } - } else { - if (nfunc) { - status = (*nfunc) (inputfilename, lineno, - l->auth, data); - if (status < 0) break; - } - } - } - if (proto.address) free (proto.address); - if (proto.number) free (proto.number); - if (status < 0) { - errors -= status; /* since status is negative */ - break; - } - } - - return errors; -} - -/* ARGSUSED */ -static int -remove_entry(char *inputfilename, int lineno, Xauth *auth, char *data) -{ - int *nremovedp = (int *) data; - AuthList **listp = &xauth_head; - AuthList *list; - - /* - * unlink the auth we were asked to - */ - while ((list = *listp)->auth != auth) - listp = &list->next; - *listp = list->next; - XauDisposeAuth (list->auth); /* free the auth */ - free (list); /* free the link */ - xauth_modified = True; - (*nremovedp)++; - return 1; -} - -/* - * action routines - */ - -/* - * help - */ -int -print_help(FILE *fp, char *cmd, char *prefix) -{ - CommandTable *ct; - int n = 0; - - if (!prefix) prefix = ""; - - if (!cmd) { /* if no cmd, print all help */ - for (ct = command_table; ct->name; ct++) { - fprintf (fp, "%s%s\n", prefix, ct->helptext); - n++; - } - } else { - int len = strlen (cmd); - for (ct = command_table; ct->name; ct++) { - if (strncmp (cmd, ct->name, len) == 0) { - fprintf (fp, "%s%s\n", prefix, ct->helptext); - n++; - } - } - } - - return n; -} - -static int -do_help(char *inputfilename, int lineno, int argc, char **argv) -{ - char *cmd = (argc > 1 ? argv[1] : NULL); - int n; - - n = print_help (stdout, cmd, " "); /* a nice amount */ - - if (n < 0 || (n == 0 && !cmd)) { - prefix (inputfilename, lineno); - fprintf (stderr, "internal error with help"); - if (cmd) { - fprintf (stderr, " on command \"%s\"", cmd); - } - fprintf (stderr, "\n"); - return 1; - } - - if (n == 0) { - prefix (inputfilename, lineno); - /* already know that cmd is set in this case */ - fprintf (stderr, "no help for noexistent command \"%s\"\n", cmd); - } - - return 0; -} - -/* - * questionmark - */ -/* ARGSUSED */ -static int -do_questionmark(char *inputfilename, int lineno, int argc, char **argv) -{ - CommandTable *ct; - int i; -#define WIDEST_COLUMN 72 - int col = WIDEST_COLUMN; - - printf ("Commands:\n"); - for (ct = command_table; ct->name; ct++) { - if ((col + ct->maxlen) > WIDEST_COLUMN) { - if (ct != command_table) { - putc ('\n', stdout); - } - fputs (" ", stdout); - col = 8; /* length of string above */ - } - fputs (ct->name, stdout); - col += ct->maxlen; - for (i = ct->maxlen; i < COMMAND_NAMES_PADDED_WIDTH; i++) { - putc (' ', stdout); - col++; - } - } - if (col != 0) { - putc ('\n', stdout); - } - - /* allow bad lines since this is help */ - return 0; -} - -/* - * list [displayname ...] - */ -static int -do_list (char *inputfilename, int lineno, int argc, char **argv) -{ - struct _list_data ld; - - ld.fp = stdout; - ld.numeric = (argv[0][0] == 'n'); - - if (argc == 1) { - register AuthList *l; - - if (xauth_head) { - for (l = xauth_head; l; l = l->next) { - dump_entry (inputfilename, lineno, l->auth, (char *) &ld); - } - } - return 0; - } - - return iterdpy (inputfilename, lineno, 1, argc, argv, - dump_entry, NULL, (char *) &ld); - - return 0; -} - -/* - * merge filename [filename ...] - */ -static int -do_merge(char *inputfilename, int lineno, int argc, char **argv) -{ - int i; - int errors = 0; - AuthList *head, *tail, *listhead, *listtail; - int nentries, nnew, nrepl; - Bool numeric = False; - - if (argc < 2) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - if (argv[0][0] == 'n') numeric = True; - listhead = listtail = NULL; - - for (i = 1; i < argc; i++) { - char *filename = argv[i]; - FILE *fp; - Bool used_stdin = False; - - fp = open_file (&filename, - numeric ? "r" : "rb", - &used_stdin, inputfilename, lineno, - argv[0]); - if (!fp) { - errors++; - continue; - } - - head = tail = NULL; - nentries = read_auth_entries (fp, numeric, &head, &tail); - if (nentries == 0) { - prefix (inputfilename, lineno); - fprintf (stderr, "unable to read any entries from file \"%s\"\n", - filename); - errors++; - } else { /* link it in */ - add_to_list (listhead, listtail, head); - } - - if (!used_stdin) (void) fclose (fp); - } - - /* - * if we have new entries, merge them in (freeing any duplicates) - */ - if (listhead) { - nentries = merge_entries (&xauth_head, listhead, &nnew, &nrepl); - if (verbose) - printf ("%d entries read in: %d new, %d replacement%s\n", - nentries, nnew, nrepl, nrepl != 1 ? "s" : ""); - if (nentries > 0) xauth_modified = True; - } - - return 0; -} - -/* - * extract filename displayname [displayname ...] - */ -static int -do_extract(char *inputfilename, int lineno, int argc, char **argv) -{ - int errors; - struct _extract_data ed; - - if (argc < 3) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - ed.fp = NULL; - ed.filename = argv[1]; - ed.numeric = (argv[0][0] == 'n'); - ed.nwritten = 0; - ed.cmd = argv[0]; - - errors = iterdpy (inputfilename, lineno, 2, argc, argv, - extract_entry, NULL, (char *) &ed); - - if (!ed.fp) { - fprintf (stderr, - "No matches found, authority file \"%s\" not written\n", - ed.filename); - } else { - if (verbose) { - printf ("%d entries written to \"%s\"\n", - ed.nwritten, ed.filename); - } - if (!ed.used_stdout) { - (void) fclose (ed.fp); - } - } - - return errors; -} - - -/* - * add displayname protocolname hexkey - */ -static int -do_add(char *inputfilename, int lineno, int argc, char **argv) -{ - int n, nnew, nrepl; - int len; - char *dpyname; - char *protoname; - char *hexkey; - char *key; - Xauth *auth; - AuthList *list; - - if (argc != 4 || !argv[1] || !argv[2] || !argv[3]) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - dpyname = argv[1]; - protoname = argv[2]; - hexkey = argv[3]; - - len = strlen(hexkey); - if (hexkey[0] == '"' && hexkey[len-1] == '"') { - key = malloc(len-1); - strncpy(key, hexkey+1, len-2); - len -= 2; - } else if (!strcmp(protoname, SECURERPC) || - !strcmp(protoname, K5AUTH)) { - key = malloc(len+1); - strcpy(key, hexkey); - } else { - len = cvthexkey (hexkey, &key); - if (len < 0) { - prefix (inputfilename, lineno); - fprintf (stderr, - "key contains odd number of or non-hex characters\n"); - return 1; - } - } - - auth = (Xauth *) malloc (sizeof (Xauth)); - if (!auth) { - prefix (inputfilename, lineno); - fprintf (stderr, "unable to allocate %ld bytes for Xauth structure\n", - (unsigned long)sizeof (Xauth)); - free (key); - return 1; - } - - if (!get_displayname_auth (dpyname, auth)) { - prefix (inputfilename, lineno); - baddisplayname (dpyname, argv[0]); - free (auth); - free (key); - return 1; - } - - /* - * allow an abbreviation for common protocol names - */ - if (strcmp (protoname, DEFAULT_PROTOCOL_ABBREV) == 0) { - protoname = DEFAULT_PROTOCOL; - } - - auth->name_length = strlen (protoname); - auth->name = copystring (protoname, auth->name_length); - if (!auth->name) { - prefix (inputfilename, lineno); - fprintf (stderr, "unable to allocate %d character protocol name\n", - auth->name_length); - free (auth); - free (key); - return 1; - } - auth->data_length = len; - auth->data = key; - - list = (AuthList *) malloc (sizeof (AuthList)); - if (!list) { - prefix (inputfilename, lineno); - fprintf (stderr, "unable to allocate %ld bytes for auth list\n", - (unsigned long)sizeof (AuthList)); - free (auth); - free (key); - free (auth->name); - return 1; - } - - list->next = NULL; - list->auth = auth; - - /* - * merge it in; note that merge will deal with allocation - */ - n = merge_entries (&xauth_head, list, &nnew, &nrepl); - if (n <= 0) { - prefix (inputfilename, lineno); - fprintf (stderr, "unable to merge in added record\n"); - return 1; - } - - xauth_modified = True; - return 0; -} - -/* - * remove displayname - */ -static int -do_remove(char *inputfilename, int lineno, int argc, char **argv) -{ - int nremoved = 0; - int errors; - - if (argc < 2) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - errors = iterdpy (inputfilename, lineno, 1, argc, argv, - remove_entry, NULL, (char *) &nremoved); - if (verbose) printf ("%d entries removed\n", nremoved); - return errors; -} - -/* - * info - */ -static int -do_info(char *inputfilename, int lineno, int argc, char **argv) -{ - int n; - AuthList *l; - - if (argc != 1) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - for (l = xauth_head, n = 0; l; l = l->next, n++) ; - - printf ("Authority file: %s\n", - xauth_filename ? xauth_filename : "(none)"); - printf ("File new: %s\n", xauth_existed ? No : Yes); - printf ("File locked: %s\n", xauth_locked ? No : Yes); - printf ("Number of entries: %d\n", n); - printf ("Changes honored: %s\n", xauth_allowed ? Yes : No); - printf ("Changes made: %s\n", xauth_modified ? Yes : No); - printf ("Current input: %s:%d\n", inputfilename, lineno); - return 0; -} - - -/* - * exit - */ -static Bool alldone = False; - -/* ARGSUSED */ -static int -do_exit(char *inputfilename, int lineno, int argc, char **argv) -{ - /* allow bogus stuff */ - alldone = True; - return 0; -} - -/* - * quit - */ -/* ARGSUSED */ -static int -do_quit(char *inputfilename, int lineno, int argc, char **argv) -{ - /* allow bogus stuff */ - die (0); - /* NOTREACHED */ - return -1; /* for picky compilers */ -} - - -/* - * source filename - */ -static int -do_source(char *inputfilename, int lineno, int argc, char **argv) -{ - char *script; - char buf[BUFSIZ]; - FILE *fp; - Bool used_stdin = False; - int len; - int errors = 0, status; - int sublineno = 0; - char **subargv; - int subargc; - Bool prompt = False; /* only true if reading from tty */ - - if (argc != 2 || !argv[1]) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - script = argv[1]; - - fp = open_file (&script, "r", &used_stdin, inputfilename, lineno, argv[0]); - if (!fp) { - return 1; - } - - if (verbose && used_stdin && isatty (fileno (fp))) prompt = True; - - while (!alldone) { - buf[0] = '\0'; - if (prompt) { - printf ("xauth> "); - fflush (stdout); - } - if (fgets (buf, sizeof buf, fp) == NULL) break; - sublineno++; - len = strlen (buf); - if (len == 0 || buf[0] == '#') continue; - if (buf[len-1] != '\n') { - prefix (script, sublineno); - fprintf (stderr, "line too long\n"); - errors++; - break; - } - buf[--len] = '\0'; /* remove new line */ - subargv = split_into_words (buf, &subargc); - if (subargv) { - status = process_command (script, sublineno, subargc, subargv); - free ((char *) subargv); - errors += status; - } else { - prefix (script, sublineno); - fprintf (stderr, "unable to break line into words\n"); - errors++; - } - } - - if (!used_stdin) { - (void) fclose (fp); - } - return errors; -} - -/*static int -static int x_protocol_error; -catch_x_protocol_error(Display *dpy, XErrorEvent *errevent) -{ - char buf[80]; - XGetErrorText(dpy, errevent->error_code, buf, sizeof (buf)); - fprintf(stderr, "%s\n", buf); - x_protocol_error = errevent->error_code; - return 1; -} -*/ -/* - * generate - */ -/*static int -do_generate(char *inputfilename, int lineno, int argc, char **argv) -{ - char *displayname; - int major_version, minor_version; - XSecurityAuthorization id_return; - Xauth *auth_in, *auth_return; - XSecurityAuthorizationAttributes attributes; - unsigned long attrmask = 0; - Display *dpy; - int status; - char *args[4]; - char *protoname = "."; - int i; - int authdatalen = 0; - char *hexdata; - char *authdata = NULL; - - if (argc < 2 || !argv[1]) { - prefix (inputfilename, lineno); - badcommandline (argv[0]); - return 1; - } - - displayname = argv[1]; - - if (argc > 2) { - protoname = argv[2]; - } - - for (i = 3; i < argc; i++) { - if (0 == strcmp(argv[i], "timeout")) { - if (++i == argc) { - prefix (inputfilename, lineno); - badcommandline (argv[i-1]); - return 1; - } - attributes.timeout = atoi(argv[i]); - attrmask |= XSecurityTimeout; - - } else if (0 == strcmp(argv[i], "trusted")) { - attributes.trust_level = XSecurityClientTrusted; - attrmask |= XSecurityTrustLevel; - - } else if (0 == strcmp(argv[i], "untrusted")) { - attributes.trust_level = XSecurityClientUntrusted; - attrmask |= XSecurityTrustLevel; - - } else if (0 == strcmp(argv[i], "group")) { - if (++i == argc) { - prefix (inputfilename, lineno); - badcommandline (argv[i-1]); - return 1; - } - attributes.group = atoi(argv[i]); - attrmask |= XSecurityGroup; - - } else if (0 == strcmp(argv[i], "data")) { - if (++i == argc) { - prefix (inputfilename, lineno); - badcommandline (argv[i-1]); - return 1; - } - hexdata = argv[i]; - authdatalen = strlen(hexdata); - if (hexdata[0] == '"' && hexdata[authdatalen-1] == '"') { - authdata = malloc(authdatalen-1); - strncpy(authdata, hexdata+1, authdatalen-2); - authdatalen -= 2; - } else { - authdatalen = cvthexkey (hexdata, &authdata); - if (authdatalen < 0) { - prefix (inputfilename, lineno); - fprintf (stderr, - "data contains odd number of or non-hex characters\n"); - return 1; - } - } - } else { - prefix (inputfilename, lineno); - badcommandline (argv[i]); - return 1; - } - } - - // generate authorization using the Security extension / - - dpy = XOpenDisplay (displayname); - if (!dpy) { - prefix (inputfilename, lineno); - fprintf (stderr, "unable to open display \"%s\".\n", displayname); - return 1; - } - - status = XSecurityQueryExtension(dpy, &major_version, &minor_version); - if (!status) - { - prefix (inputfilename, lineno); - fprintf (stderr, "couldn't query Security extension on display \"%s\"\n", - displayname); - return 1; - } - - // fill in input Xauth struct / - - auth_in = XSecurityAllocXauth(); - if (strcmp (protoname, DEFAULT_PROTOCOL_ABBREV) == 0) { - auth_in->name = DEFAULT_PROTOCOL; - } - else - auth_in->name = protoname; - auth_in->name_length = strlen(auth_in->name); - auth_in->data = authdata; - auth_in->data_length = authdatalen; - - x_protocol_error = 0; - XSetErrorHandler(catch_x_protocol_error); - auth_return = XSecurityGenerateAuthorization(dpy, auth_in, attrmask, - &attributes, &id_return); - XSync(dpy, False); - - if (!auth_return || x_protocol_error) - { - prefix (inputfilename, lineno); - fprintf (stderr, "couldn't generate authorization\n"); - return 1; - } - - if (verbose) - printf("authorization id is %ld\n", id_return); - - // create a fake input line to give to do_add / - - args[0] = "add"; - args[1] = displayname; - args[2] = auth_in->name; - args[3] = bintohex(auth_return->data_length, auth_return->data); - - status = do_add(inputfilename, lineno, 4, args); - - if (authdata) free(authdata); - XSecurityFreeXauth(auth_in); - XSecurityFreeXauth(auth_return); - free(args[3]); // hex data / - XCloseDisplay(dpy); - return status; -} -*/ diff --git a/nx-X11/programs/nxauth/xauth.c b/nx-X11/programs/nxauth/xauth.c deleted file mode 100644 index 5a37c34c8..000000000 --- a/nx-X11/programs/nxauth/xauth.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * $Xorg: xauth.c,v 1.4 2001/02/09 02:05:38 xorgcvs Exp $ - * - * xauth - manipulate authorization file - * - * -Copyright 1989,1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - * * - * Author: Jim Fulton, MIT X Consortium - */ -/* $XFree86: xc/programs/xauth/xauth.c,v 1.5 2001/12/14 20:01:15 dawes Exp $ */ - -/**************************************************************************/ -/* */ -/* Copyright (c) 2001, 2010 NoMachine, http://www.nomachine.com/. */ -/* */ -/* NXAUTH, NX protocol compression and NX extensions to this software */ -/* are copyright of NoMachine. Redistribution and use of the present */ -/* software is allowed according to terms specified in the file LICENSE */ -/* which comes in the source distribution. */ -/* */ -/* Check http://www.nomachine.com/licensing.html for applicability. */ -/* */ -/* NX and NoMachine are trademarks of Medialogic S.p.A. */ -/* */ -/* All rights reserved. */ -/* */ -/**************************************************************************/ - -#include "xauth.h" - - -/* - * global data - */ -char *ProgramName; /* argv[0], set at top of main() */ -int verbose = -1; /* print certain messages */ -Bool ignore_locks = True; /* for error recovery */ -Bool break_locks = False; /* for error recovery */ - -/* - * local data - */ - -static char *authfilename = NULL; /* filename of cookie file */ -static char *defcmds[] = { "source", "-", NULL }; /* default command */ -static int ndefcmds = 2; -static char *defsource = "(stdin)"; - -/* - * utility routines - */ -static void -usage(void) -{ - static char *prefixmsg[] = { -"", -"where options include:", -" -f authfilename name of authority file to use", -" -v turn on extra messages", -" -q turn off extra messages", -" -i ignore locks on authority file", -" -b break locks on authority file", -"", -"and commands have the following syntax:", -"", -NULL }; - static char *suffixmsg[] = { -"A dash may be used with the \"merge\" and \"source\" to read from the", -"standard input. Commands beginning with \"n\" use numeric format.", -"", -NULL }; - char **msg; - - fprintf (stderr, "usage: %s [-options ...] [command arg ...]\n", - ProgramName); - for (msg = prefixmsg; *msg; msg++) { - fprintf (stderr, "%s\n", *msg); - } - print_help (stderr, NULL, " "); /* match prefix indentation */ - fprintf (stderr, "\n"); - for (msg = suffixmsg; *msg; msg++) { - fprintf (stderr, "%s\n", *msg); - } - exit (1); -} - - -/* - * The main routine - parses command line and calls action procedures - */ -int -main(int argc, char *argv[]) -{ - int i; - char *sourcename = defsource; - char **arglist = defcmds; - int nargs = ndefcmds; - int status; - - ProgramName = argv[0]; - - for (i = 1; i < argc; i++) { - char *arg = argv[i]; - - if (arg[0] == '-') { - char *flag; - - for (flag = (arg + 1); *flag; flag++) { - switch (*flag) { - case 'f': /* -f authfilename */ - if (++i >= argc) usage (); - authfilename = argv[i]; - continue; - case 'v': /* -v */ - verbose = 1; - continue; - case 'q': /* -q */ - verbose = 0; - continue; - case 'b': /* -b */ - break_locks = True; - continue; - case 'i': /* -i */ - ignore_locks = True; - continue; - default: - usage (); - } - } - } else { - sourcename = "(argv)"; - nargs = argc - i; - arglist = argv + i; - if (verbose == -1) verbose = 0; - break; - } - } - - if (verbose == -1) { /* set default, don't junk stdout */ - verbose = (isatty(fileno(stdout)) != 0); - } - - if (!authfilename) { - authfilename = XauFileName (); /* static name, do not free */ - if (!authfilename) { - fprintf (stderr, - "%s: unable to generate an authority file name\n", - ProgramName); - exit (1); - } - } - if (auth_initialize (authfilename) != 0) { - /* error message printed in auth_initialize */ - exit (1); - } - - status = process_command (sourcename, 1, nargs, arglist); - - (void) auth_finalize (); - exit ((status != 0) ? 1 : 0); -} - - diff --git a/nx-X11/programs/nxauth/xauth.h b/nx-X11/programs/nxauth/xauth.h deleted file mode 100644 index 4f8490070..000000000 --- a/nx-X11/programs/nxauth/xauth.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * $Xorg: xauth.h,v 1.4 2001/02/09 02:05:38 xorgcvs Exp $ - * - * -Copyright 1989, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - * * - * Author: Jim Fulton, MIT X Consortium - */ -/* $XFree86: xc/programs/xauth/xauth.h,v 1.6 2001/12/14 20:01:15 dawes Exp $ */ - -#include <stdio.h> -#include <nx-X11/Xos.h> -#include <nx-X11/Xauth.h> -#include <nx-X11/Xfuncs.h> - -#ifndef True -typedef int Bool; -#define False 0 -#define True 1 -#endif - -extern char *ProgramName; - -#include <stdlib.h> - -extern char *get_hostname ( Xauth *auth ); -extern char *get_address_info ( int family, char *fulldpyname, int prefix, char *host, int *lenp ); -extern char *copystring ( char *src, int len ); -extern char *get_local_hostname ( char *buf, int maxlen ); -extern Bool parse_displayname ( char *displayname, int *familyp, char **hostp, int *dpynump, int *scrnump, char **restp ); -extern int auth_initialize ( char *authfilename ); -extern int auth_finalize ( void ); -extern int process_command ( char *inputfilename, int lineno, int argc, char **argv ); -extern int dump_numeric ( FILE *fp, Xauth *auth ); -extern int print_help ( FILE *fp, char *cmd, char *prefix ); -extern int verbose; -extern Bool ignore_locks; -extern Bool break_locks; diff --git a/nx-libs.spec b/nx-libs.spec index ae6a53e4c..a82849476 100644 --- a/nx-libs.spec +++ b/nx-libs.spec @@ -155,50 +155,10 @@ This package contains all necessary include files and libraries needed to develop applications that require these. -%package -n libNX_Xau-devel -Group: Development/Libraries -Summary: Development files for the NX authorization protocol library -Requires: libNX_Xau6%{?_isa} = %{version}-%{release} -Requires: nx-proto-devel%{?_isa} = %{version}-%{release} - -%description -n libNX_Xau-devel -NX is a software suite which implements very efficient compression of -the X11 protocol. This increases performance when using X -applications over a network, especially a slow one. - -libNX_Xau provides mechanisms for individual access to an nx-X11 Window -System display. It uses existing core protocol and library hooks for -specifying authorization data in the connection setup block to restrict -use of the display to only those clients that show that they know a -server-specific key called a "magic cookie". - -This package contains all necessary include files and libraries -needed to develop applications that require these. - - -%package -n libNX_Xau6 -Group: System Environment/Libraries -Summary: NX authorization protocol library -Requires: %{name}%{?_isa} >= 3.5.0.29 -Obsoletes: libNX_Xau - -%description -n libNX_Xau6 -NX is a software suite which implements very efficient compression of -the X11 protocol. This increases performance when using X -applications over a network, especially a slow one. - -libNX_Xau provides mechanisms for individual access to an X Window -System display. It uses existing core protocol and library hooks for -specifying authorization data in the connection setup block to -restrict use of the display to only those clients that show that they -know a server-specific key called a "magic cookie". - - %package -n libNX_Xext-devel Group: Development/Libraries Summary: Development files for the NX Common Extensions library Requires: libNX_Xext6%{?_isa} = %{version}-%{release} -Requires: libNX_Xau6-devel%{?_isa} = %{version}-%{release} Requires: nx-proto-devel%{?_isa} = %{version}-%{release} %description -n libNX_Xext-devel @@ -333,7 +293,6 @@ This package provides the session shadowing library. Group: Development/Libraries Summary: Include files and libraries for NX development Requires: libNX_X11-devel%{?_isa} = %{version}-%{release} -Requires: libNX_Xau-devel%{?_isa} = %{version}-%{release} Requires: libNX_Xext-devel%{?_isa} = %{version}-%{release} Requires: nx-proto-devel%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release} @@ -391,18 +350,6 @@ related requests locally, ensuring that the most common source of round-trips are nearly reduced to zero. -%package -n nxauth -Group: Applications/System -Summary: NX Auth - -%description -n nxauth -NX is a software suite which implements very efficient compression of -the X11 protocol. This increases performance when using X -applications over a network, especially a slow one. - -This package provides the NX xauth binary. - - %package -n nxproxy Group: Applications/System Summary: NX Proxy @@ -489,14 +436,12 @@ rm -r %{buildroot}%{_includedir}/nx-X11/Xtrans %post -p /sbin/ldconfig %post -n libNX_X11-6 -p /sbin/ldconfig -%post -n libNX_Xau6 -p /sbin/ldconfig %post -n libNX_Xext6 -p /sbin/ldconfig %post -n libXcomp3 -p /sbin/ldconfig %post -n libXcompext3 -p /sbin/ldconfig %post -n libXcompshad3 -p /sbin/ldconfig %postun -p /sbin/ldconfig %postun -n libNX_X11-6 -p /sbin/ldconfig -%postun -n libNX_Xau6 -p /sbin/ldconfig %postun -n libNX_Xext6 -p /sbin/ldconfig %postun -n libXcomp3 -p /sbin/ldconfig %postun -n libXcompext3 -p /sbin/ldconfig @@ -531,15 +476,6 @@ rm -r %{buildroot}%{_includedir}/nx-X11/Xtrans %{_includedir}/nx-X11/Xutil.h %{_includedir}/nx-X11/cursorfont.h -%files -n libNX_Xau-devel -%defattr(-,root,root) -%{_libdir}/libNX_Xau.so -%{_includedir}/nx-X11/Xauth.h - -%files -n libNX_Xau6 -%defattr(-,root,root) -%{_libdir}/libNX_Xau.so.6* - %files -n libNX_Xext-devel %defattr(-,root,root) %{_libdir}/libNX_Xext.so @@ -669,13 +605,6 @@ rm -r %{buildroot}%{_includedir}/nx-X11/Xtrans %{_datadir}/nx/rgb %{_datadir}/man/man1/nxagent.1* -%files -n nxauth -%defattr(-,root,root) -%{_bindir}/nxauth -%dir %{_libdir}/nx/bin -%{_libdir}/nx/bin/nxauth -%{_datadir}/man/man1/nxauth.1* - %files -n nxproxy %defattr(-,root,root) %{_bindir}/nxproxy diff --git a/roll-tarballs.sh b/roll-tarballs.sh index 60b5e916f..166f8738b 100755 --- a/roll-tarballs.sh +++ b/roll-tarballs.sh @@ -100,7 +100,7 @@ if [ "x$MODE" = "xfull" ]; then echo "${file##*/}" >> "doc/applied-patches/series" done else - rm -f "bin/"{nxagent,nxauth} + rm -f "bin/nxagent" rm -Rf "nxcompshad"* rm -Rf "nxcompext"* rm -Rf "nx-X11"* |