aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver/os
diff options
context:
space:
mode:
authorMike Gabriel <mike.gabriel@das-netzwerkteam.de>2016-07-01 15:48:55 +0200
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2016-07-01 15:48:55 +0200
commit2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1 (patch)
treeba1bf29ee69e8ae391b0773161ff3baf58707761 /nx-X11/programs/Xserver/os
parenta3a295288189d1312f5abef0e7b4cc57b948e7d3 (diff)
parent20454528656dbe98a538de7c67ce89e50841bd5f (diff)
downloadnx-libs-2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1.tar.gz
nx-libs-2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1.tar.bz2
nx-libs-2f19f2f66d7cc3d844e8f1eb58d65c4fa6b867d1.zip
Merge branch 'sunweaver-pr/libXau-cleanup' into 3.6.x
Attributes GH PR #152: https://github.com/ArcticaProject/nx-libs/pull/152 Reviewed by: Vadim Troshchinskiy <vadim@qindel.com> -- Fri, 01 Jul 2016 14:55:00 +0200
Diffstat (limited to 'nx-X11/programs/Xserver/os')
-rw-r--r--nx-X11/programs/Xserver/os/Imakefile18
-rw-r--r--nx-X11/programs/Xserver/os/access.c31
-rw-r--r--nx-X11/programs/Xserver/os/auth.c12
-rw-r--r--nx-X11/programs/Xserver/os/k5auth.c801
-rw-r--r--nx-X11/programs/Xserver/os/osdep.h23
-rw-r--r--nx-X11/programs/Xserver/os/rpcauth.c2
6 files changed, 5 insertions, 882 deletions
diff --git a/nx-X11/programs/Xserver/os/Imakefile b/nx-X11/programs/Xserver/os/Imakefile
index 5245b7841..00d28deb1 100644
--- a/nx-X11/programs/Xserver/os/Imakefile
+++ b/nx-X11/programs/Xserver/os/Imakefile
@@ -78,11 +78,6 @@ RPCOBJS =
RPCSRCS =
#endif
-#if HasKrb5
-KRB5OBJS = k5auth.o k5encode.o
-KRB5SRCS = k5auth.c k5encode.c
-#endif
-
#if HasBSD44Sockets
SOCK_DEFINES = -DBSD44SOCKETS
#endif
@@ -122,12 +117,12 @@ GETPEER_DEFINES = -DHAS_GETPEEREID
BOOTSTRAPCFLAGS =
SRCS = WaitFor.c access.c connection.c io.c $(COLOR_SRCS) \
osinit.c utils.c log.c auth.c mitauth.c secauth.c \
- $(XDMAUTHSRCS) $(RPCSRCS) $(KRB5SRCS) xdmcp.c OtherSources \
+ $(XDMAUTHSRCS) $(RPCSRCS) xdmcp.c OtherSources \
transport.c $(SNPRINTF_SRCS) $(STRLCAT_SRCS) \
$(MALLOC_SRCS) xprintf.c
OBJS = WaitFor.o access.o connection.o io.o $(COLOR_OBJS) \
osinit.o utils.o log.o auth.o mitauth.o secauth.o \
- $(XDMAUTHOBJS) $(RPCOBJS) $(KRB5OBJS) xdmcp.o OtherObjects \
+ $(XDMAUTHOBJS) $(RPCOBJS) xdmcp.o OtherObjects \
transport.o $(SNPRINTF_OBJS) $(STRLCAT_OBJS) \
$(MALLOC_OBJS) xprintf.o
@@ -146,7 +141,6 @@ BOOTSTRAPCFLAGS =
DBM_DEFINES = NdbmDefines
ADM_DEFINES = -DADMPATH=\"$(ADMDIR)/X\%smsgs\"
XDMCP_DEFINES = ServerXdmcpDefines
- KRB5_DEFINES = Krb5Defines
XALLOC_DEFINES = XallocDefines
ERROR_DEFINES = ServerErrorDefines
#if HasPam && HasPamMisc
@@ -154,11 +148,11 @@ BOOTSTRAPCFLAGS =
#endif
DEFINES = -DXSERV_t -DTRANS_SERVER $(CONNECTION_FLAGS) $(MEM_DEFINES) \
$(XDMAUTHDEFS) $(RPCDEFS) $(SIGNAL_DEFINES) $(OS_DEFINES) \
- $(KRB5_DEFINES) $(RGB_DEFINES) $(GETPEER_DEFINES) \
+ $(RGB_DEFINES) $(GETPEER_DEFINES) \
$(RANDOM_DEFINES) $(BUGMSG) $(XTRANS_FAILDEFINES) $(NX_DEFINES)
INCLUDES = -I. -I../include -I$(XINCLUDESRC) -I$(EXTINCSRC) \
-I$(SERVERSRC)/Xext -I$(SERVERSRC)/render \
- -I$(TOP)/lib/Xau Krb5Includes $(NX_INCLUDES) \
+ -I$(TOP)/lib/Xau $(NX_INCLUDES) \
`pkg-config --cflags-only-I pixman-1`
DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) $(EXT_DEFINES) \
$(TRANS_INCLUDES) $(CONNECTION_FLAGS) $(GETPEER_DEFINES) \
@@ -204,10 +198,6 @@ oscolor.o: oscolor.c $(ICONFIGFILES)
SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES))
#endif
-#if HasKrb5
-LinkSourceFile(k5encode.c,$(XAUTHSRC))
-#endif
-
#if !HasSnprintf
LinkSourceFile(snprintf.c,$(LIBSRC)/misc)
#endif
diff --git a/nx-X11/programs/Xserver/os/access.c b/nx-X11/programs/Xserver/os/access.c
index d2bf972fe..7f45e5ec9 100644
--- a/nx-X11/programs/Xserver/os/access.c
+++ b/nx-X11/programs/Xserver/os/access.c
@@ -1170,10 +1170,6 @@ ResetHosts (char *display)
struct nodeent *np;
struct dn_naddr dnaddr, *dnaddrp, *dnet_addr();
#endif
-#ifdef K5AUTH
- krb5_principal princ;
- krb5_data kbuf;
-#endif
int family = 0;
void *addr;
int len;
@@ -1249,13 +1245,6 @@ ResetHosts (char *display)
hostname = ohostname + 4;
}
#endif
-#ifdef K5AUTH
- else if (!strncmp("krb:", lhostname, 4))
- {
- family = FamilyKrb5Principal;
- hostname = ohostname + 4;
- }
-#endif
else if (!strncmp("si:", lhostname, 3))
{
family = FamilyServerInterpreted;
@@ -1298,16 +1287,6 @@ ResetHosts (char *display)
}
else
#endif /* DNETCONN */
-#ifdef K5AUTH
- if (family == FamilyKrb5Principal)
- {
- krb5_parse_name(hostname, &princ);
- XauKrb5Encode(princ, &kbuf);
- (void) NewHost(FamilyKrb5Principal, kbuf.data, kbuf.length, FALSE);
- krb5_free_principal(princ);
- }
- else
-#endif
#ifdef SECURE_RPC
if ((family == FamilyNetname) || (strchr(hostname, '@')))
{
@@ -1553,11 +1532,6 @@ AddHost (ClientPtr client,
len = length;
LocalHostEnabled = TRUE;
break;
-#ifdef K5AUTH
- case FamilyKrb5Principal:
- len = length;
- break;
-#endif
#ifdef SECURE_RPC
case FamilyNetname:
len = length;
@@ -1656,11 +1630,6 @@ RemoveHost (
len = length;
LocalHostEnabled = FALSE;
break;
-#ifdef K5AUTH
- case FamilyKrb5Principal:
- len = length;
- break;
-#endif
#ifdef SECURE_RPC
case FamilyNetname:
len = length;
diff --git a/nx-X11/programs/Xserver/os/auth.c b/nx-X11/programs/Xserver/os/auth.c
index c14c1e874..587e0d5ec 100644
--- a/nx-X11/programs/Xserver/os/auth.c
+++ b/nx-X11/programs/Xserver/os/auth.c
@@ -54,9 +54,6 @@ from The Open Group.
#include <dix-config.h>
#endif
-#ifdef K5AUTH
-# include <krb5/krb5.h>
-#endif
# include <nx-X11/X.h>
# include <nx-X11/Xauth.h>
# include "misc.h"
@@ -112,15 +109,6 @@ static struct protocol protocols[] = {
#endif
},
#endif
-#ifdef K5AUTH
-{ (unsigned short) 14, "MIT-KERBEROS-5",
- K5Add, K5Check, K5Reset,
- K5ToID, K5FromID, K5Remove,
-#ifdef XCSECURITY
- NULL
-#endif
-},
-#endif
#ifdef XCSECURITY
{ (unsigned short) XSecurityAuthorizationNameLen,
XSecurityAuthorizationName,
diff --git a/nx-X11/programs/Xserver/os/k5auth.c b/nx-X11/programs/Xserver/os/k5auth.c
deleted file mode 100644
index f2ed5369d..000000000
--- a/nx-X11/programs/Xserver/os/k5auth.c
+++ /dev/null
@@ -1,801 +0,0 @@
-/* $Xorg: k5auth.c,v 1.4 2001/02/09 02:05:23 xorgcvs Exp $ */
-/*
-
-Copyright 1993, 1994, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-
-*/
-/* $XFree86: xc/programs/Xserver/os/k5auth.c,v 3.4 2001/01/17 22:37:10 dawes Exp $ */
-
-/*
- * Kerberos V5 authentication scheme
- * Author: Tom Yu <tlyu@MIT.EDU>
- *
- * Mostly snarfed wholesale from the user_user demo in the
- * krb5 distribution. (At least the checking part)
- */
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifdef TCPCONN
-#include <netinet/in.h>
-#endif
-#ifdef DNETCONN
-#include <netdnet/dn.h>
-#endif
-#include <arpa/inet.h>
-#include <krb5/krb5.h>
-/* 9/93: krb5.h leaks some symbols */
-#undef BITS32
-#undef xfree
-#include <krb5/los-proto.h>
-#include <nx-X11/X.h>
-#include "os.h"
-#include "osdep.h"
-#include <nx-X11/Xproto.h>
-#include <nx-X11/Xfuncs.h>
-#include "dixstruct.h"
-#include <com_err.h>
-#include "Xauth.h"
-
-extern int (*k5_Vector[256])();
-extern int SendConnSetup();
-extern char *display; /* need this to generate rcache name */
-
-static XID krb5_id = ~0L;
-static krb5_principal srvname = NULL; /* service name */
-static char *ccname = NULL;
-static char *ktname = NULL; /* key table name */
-static char kerror[256];
-
-/*
- * tgt_keyproc:
- *
- * extract session key from a credentials struct
- */
-krb5_error_code tgt_keyproc(keyprocarg, principal, vno, key)
- krb5_void * keyprocarg;
- krb5_principal principal;
- krb5_kvno vno;
- krb5_keyblock **key;
-{
- krb5_creds *creds = (krb5_creds *)keyprocarg;
-
- return krb5_copy_keyblock(&creds->keyblock, key);
-}
-
-/*
- * k5_cmpenc:
- *
- * compare "encoded" principals
- */
-Bool k5_cmpenc(pname, plen, buf)
- unsigned char *pname;
- short plen;
- krb5_data *buf;
-{
- return (plen == buf->length &&
- memcmp(pname, buf->data, plen) == 0);
-}
-
-/*
- * K5Check:
- *
- * This is stage 0 of the krb5 authentication protocol. It
- * goes through the current credentials cache and extracts the
- * primary principal and tgt to send to the client, or as
- * appropriate, extracts from a keytab.
- *
- * The packet sent to the client has the following format:
- *
- * CARD8 reqType = 2
- * CARD8 data = 0
- * CARD16 length = total length of packet (in 32 bit units)
- * CARD16 plen = length of encoded principal following
- * STRING8 princ = encoded principal
- * STRING8 ticket = server tgt
- *
- * For client-server authentication, the packet is as follows:
- *
- * CARD8 reqType = 3
- * CARD8 data = 0
- * CARD16 length = total length
- * STRING8 princ = encoded principal of server
- */
-XID K5Check(data_length, data, client, reason)
- unsigned short data_length;
- char *data;
- ClientPtr client;
- char **reason;
-{
- krb5_error_code retval;
- CARD16 tlen;
- krb5_principal sprinc, cprinc;
- krb5_ccache cc;
- krb5_creds *creds;
- char *outbuf, *cp;
- krb5_data princ;
- register char n;
- xReq prefix;
-
- if (krb5_id == ~0L)
- return ~0L;
- if (!ccname && !srvname)
- return ~0L;
- if (ccname)
- {
- if ((creds = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL)
- return ~0L;
- if (retval = krb5_cc_resolve(ccname, &cc))
- return ~0L;
- bzero((char*)creds, sizeof (krb5_creds));
- if (retval = krb5_cc_get_principal(cc, &cprinc))
- {
- krb5_free_creds(creds);
- krb5_cc_close(cc);
- return ~0L;
- }
- creds->client = cprinc;
- if (retval =
- krb5_build_principal_ext(&sprinc,
- krb5_princ_realm(creds->client)->length,
- krb5_princ_realm(creds->client)->data,
- 6, "krbtgt",
- krb5_princ_realm(creds->client)->length,
- krb5_princ_realm(creds->client)->data,
- 0))
- {
- krb5_free_creds(creds);
- krb5_cc_close(cc);
- return ~0L;
- }
- creds->server = sprinc;
- retval = krb5_get_credentials(KRB5_GC_CACHED, cc, creds);
- krb5_cc_close(cc);
- if (retval)
- {
- krb5_free_creds(creds);
- return ~0L;
- }
- if (retval = XauKrb5Encode(cprinc, &princ))
- {
- krb5_free_creds(creds);
- return ~0L;
- }
- tlen = sz_xReq + 2 + princ.length + creds->ticket.length;
- prefix.reqType = 2; /* opcode = authenticate user-to-user */
- }
- else if (srvname)
- {
- if (retval = XauKrb5Encode(srvname, &princ))
- {
- return ~0L;
- }
- tlen = sz_xReq + princ.length;
- prefix.reqType = 3; /* opcode = authenticate client-server */
- }
- prefix.data = 0; /* stage = 0 */
- prefix.length = (tlen + 3) >> 2; /* round up to nearest multiple
- of 4 bytes */
- if (client->swapped)
- {
- swaps(&prefix.length, n);
- }
- if ((cp = outbuf = (char *)malloc(tlen)) == NULL)
- {
- if (ccname)
- {
- krb5_free_creds(creds);
- }
- free(princ.data);
- return ~0L;
- }
- memcpy(cp, &prefix, sz_xReq);
- cp += sz_xReq;
- if (ccname)
- {
- memcpy(cp, &princ.length, 2);
- if (client->swapped)
- {
- swaps((CARD16 *)cp, n);
- }
- cp += 2;
- }
- memcpy(cp, princ.data, princ.length);
- cp += princ.length;
- free(princ.data); /* we don't need that anymore */
- if (ccname)
- memcpy(cp, creds->ticket.data, creds->ticket.length);
- WriteToClient(client, tlen, outbuf);
- free(outbuf);
- client->requestVector = k5_Vector; /* hack in our dispatch vector */
- client->clientState = ClientStateAuthenticating;
- if (ccname)
- {
- ((OsCommPtr)client->osPrivate)->authstate.srvcreds = (void *)creds; /* save tgt creds */
- ((OsCommPtr)client->osPrivate)->authstate.ktname = NULL;
- ((OsCommPtr)client->osPrivate)->authstate.srvname = NULL;
- }
- if (srvname)
- {
- ((OsCommPtr)client->osPrivate)->authstate.srvcreds = NULL;
- ((OsCommPtr)client->osPrivate)->authstate.ktname = (void *)ktname;
- ((OsCommPtr)client->osPrivate)->authstate.srvname = (void *)srvname;
- }
- ((OsCommPtr)client->osPrivate)->authstate.stageno = 1; /* next stage is 1 */
- return krb5_id;
-}
-
-/*
- * k5_stage1:
- *
- * This gets called out of the dispatcher after K5Check frobs with the
- * client->requestVector. It accepts the ap_req from the client and verifies
- * it. In addition, if the client has set AP_OPTS_MUTUAL_REQUIRED, it then
- * sends an ap_rep to the client to achieve mutual authentication.
- *
- * client stage1 packet format is as follows:
- *
- * CARD8 reqType = 1
- * CARD8 data = ignored
- * CARD16 length = total length
- * STRING8 data = the actual ap_req
- *
- * stage2 packet sent back to client for mutual authentication:
- *
- * CARD8 reqType = 2
- * CARD8 data = 2
- * CARD16 length = total length
- * STRING8 data = the ap_rep
- */
-int k5_stage1(client)
- register ClientPtr client;
-{
- long addrlen;
- krb5_error_code retval, retval2;
- register char n;
- struct sockaddr cli_net_addr;
- xReq prefix;
- krb5_principal cprinc;
- krb5_data buf;
- krb5_creds *creds = (krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds;
- krb5_keyblock *skey;
- krb5_address cli_addr, **localaddrs = NULL;
- krb5_tkt_authent *authdat;
- krb5_ap_rep_enc_part rep;
- krb5_int32 ctime, cusec;
- krb5_rcache rcache = NULL;
- char *cachename = NULL, *rc_type = NULL, *rc_base = "rcX", *kt = NULL;
- REQUEST(xReq);
-
- if (((OsCommPtr)client->osPrivate)->authstate.stageno != 1)
- {
- if (creds)
- krb5_free_creds(creds);
- return(SendConnSetup(client, "expected Krb5 stage1 packet"));
- }
- addrlen = sizeof (cli_net_addr);
- if (getpeername(((OsCommPtr)client->osPrivate)->fd,
- &cli_net_addr, &addrlen) == -1)
- {
- if (creds)
- krb5_free_creds(creds);
- return(SendConnSetup(client, "Krb5 stage1: getpeername failed"));
- }
- if (cli_net_addr.sa_family == AF_UNSPEC
-#if defined(UNIXCONN) || defined(LOCALCONN) || defined(OS2PIPECONN)
- || cli_net_addr.sa_family == AF_UNIX
-#endif
- ) /* assume local host */
- {
- krb5_os_localaddr(&localaddrs);
- if (!localaddrs || !localaddrs[0])
- {
- if (creds)
- krb5_free_creds(creds);
- return(SendConnSetup(client, "Krb5 failed to get localaddrs"));
- }
- cli_addr.addrtype = localaddrs[0]->addrtype;
- cli_addr.length = localaddrs[0]->length;
- cli_addr.contents = localaddrs[0]->contents;
- }
- else
- {
- cli_addr.addrtype = cli_net_addr.sa_family; /* the values
- are compatible */
- switch (cli_net_addr.sa_family)
- {
-#ifdef TCPCONN
- case AF_INET:
- cli_addr.length = sizeof (struct in_addr);
- cli_addr.contents =
- (krb5_octet *)&((struct sockaddr_in *)&cli_net_addr)->sin_addr;
- break;
-#endif
-#ifdef DNETCONN
- case AF_DECnet:
- cli_addr.length = sizeof (struct dn_naddr);
- cli_addr.contents =
- (krb5_octet *)&((struct sockaddr_dn *)&cli_net_addr)->sdn_add;
- break;
-#endif
- default:
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (creds)
- krb5_free_creds(creds);
- sprintf(kerror, "Krb5 stage1: unknown address family %d from getpeername",
- cli_net_addr.sa_family);
- return(SendConnSetup(client, kerror));
- }
- }
- if ((rcache = (krb5_rcache)malloc(sizeof(*rcache))) == NULL)
- {
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (creds)
- krb5_free_creds(creds);
- return(SendConnSetup(client, "malloc bombed for krb5_rcache"));
- }
- if ((rc_type = krb5_rc_default_type()) == NULL)
- rc_type = "dfl";
- if (retval = krb5_rc_resolve_type(&rcache, rc_type))
- {
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (creds)
- krb5_free_creds(creds);
- free(rcache);
- strcpy(kerror, "krb5_rc_resolve_type failed: ");
- strncat(kerror, error_message(retval), 231);
- return(SendConnSetup(client, kerror));
- }
- if ((cachename = (char *)malloc(strlen(rc_base) + strlen(display) + 1))
- == NULL)
- {
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (creds)
- krb5_free_creds(creds);
- free(rcache);
- return(SendConnSetup(client, "Krb5: malloc bombed for cachename"));
- }
- strcpy(cachename, rc_base);
- strcat(cachename, display);
- if (retval = krb5_rc_resolve(rcache, cachename))
- {
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (creds)
- krb5_free_creds(creds);
- free(rcache);
- free(cachename);
- strcpy(kerror, "krb5_rc_resolve failed: ");
- strncat(kerror, error_message(retval), 236);
- return(SendConnSetup(client, kerror));
- }
- free(cachename);
- if (krb5_rc_recover(rcache))
- {
- extern krb5_deltat krb5_clockskew;
- if (retval = krb5_rc_initialize(rcache, krb5_clockskew))
- {
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (creds)
- krb5_free_creds(creds);
- if (retval2 = krb5_rc_close(rcache))
- {
- strcpy(kerror, "krb5_rc_close failed: ");
- strncat(kerror, error_message(retval2), 238);
- return(SendConnSetup(client, kerror));
- }
- free(rcache);
- strcpy(kerror, "krb5_rc_initialize failed: ");
- strncat(kerror, error_message(retval), 233);
- return(SendConnSetup(client, kerror));
- }
- }
- buf.length = (stuff->length << 2) - sz_xReq;
- buf.data = (char *)stuff + sz_xReq;
- if (creds)
- {
- retval = krb5_rd_req(&buf,
- NULL, /* don't bother with server name */
- &cli_addr,
- NULL, /* no fetchfrom */
- tgt_keyproc,
- creds, /* credentials as arg to
- keyproc */
- rcache,
- &authdat);
- krb5_free_creds(creds);
- }
- else if (kt = (char *)((OsCommPtr)client->osPrivate)->authstate.ktname)
- {
- retval = krb5_rd_req(&buf, srvname, &cli_addr, kt, NULL, NULL,
- rcache, &authdat);
- ((OsCommPtr)client->osPrivate)->authstate.ktname = NULL;
- }
- else
- {
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- return(SendConnSetup(client, "Krb5: neither srvcreds nor ktname set"));
- }
- if (localaddrs)
- krb5_free_addresses(localaddrs);
- if (rcache)
- {
- if (retval2 = krb5_rc_close(rcache))
- {
- strcpy(kerror, "krb5_rc_close failed (2): ");
- strncat(kerror, error_message(retval2), 230);
- return(SendConnSetup(client, kerror));
- }
- free(rcache);
- }
- if (retval)
- {
- strcpy(kerror, "Krb5: Bad application request: ");
- strncat(kerror, error_message(retval), 224);
- return(SendConnSetup(client, kerror));
- }
- cprinc = authdat->ticket->enc_part2->client;
- skey = authdat->ticket->enc_part2->session;
- if (XauKrb5Encode(cprinc, &buf))
- {
- krb5_free_tkt_authent(authdat);
- return(SendConnSetup(client, "XauKrb5Encode bombed"));
- }
- /*
- * Now check to see if the principal we got is one that we want to let in
- */
- if (ForEachHostInFamily(FamilyKrb5Principal, k5_cmpenc, (void *)&buf))
- {
- free(buf.data);
- /*
- * The following deals with sending an ap_rep to the client to
- * achieve mutual authentication. The client sends back a stage 3
- * packet if all is ok.
- */
- if (authdat->ap_options | AP_OPTS_MUTUAL_REQUIRED)
- {
- /*
- * stage 2: send ap_rep to client
- */
- if (retval = krb5_us_timeofday(&ctime, &cusec))
- {
- krb5_free_tkt_authent(authdat);
- strcpy(kerror, "error in krb5_us_timeofday: ");
- strncat(kerror, error_message(retval), 234);
- return(SendConnSetup(client, kerror));
- }
- rep.ctime = ctime;
- rep.cusec = cusec;
- rep.subkey = NULL;
- rep.seq_number = 0;
- if (retval = krb5_mk_rep(&rep, skey, &buf))
- {
- krb5_free_tkt_authent(authdat);
- strcpy(kerror, "error in krb5_mk_rep: ");
- strncat(kerror, error_message(retval), 238);
- return(SendConnSetup(client, kerror));
- }
- prefix.reqType = 2; /* opcode = authenticate */
- prefix.data = 2; /* stage = 2 */
- prefix.length = (buf.length + sz_xReq + 3) >> 2;
- if (client->swapped)
- {
- swaps(&prefix.length, n);
- }
- WriteToClient(client, sz_xReq, (char *)&prefix);
- WriteToClient(client, buf.length, buf.data);
- free(buf.data);
- krb5_free_tkt_authent(authdat);
- ((OsCommPtr)client->osPrivate)->authstate.stageno = 3; /* expect stage3 packet */
- return(Success);
- }
- else
- {
- free(buf.data);
- krb5_free_tkt_authent(authdat);
- return(SendConnSetup(client, NULL)); /* success! */
- }
- }
- else
- {
- char *kname;
-
- krb5_free_tkt_authent(authdat);
- free(buf.data);
- retval = krb5_unparse_name(cprinc, &kname);
- if (retval == 0)
- {
- sprintf(kerror, "Principal \"%s\" is not authorized to connect",
- kname);
- if (kname)
- free(kname);
- return(SendConnSetup(client, kerror));
- }
- else
- return(SendConnSetup(client,"Principal is not authorized to connect to Server"));
- }
-}
-
-/*
- * k5_stage3:
- *
- * Get the short ack packet from the client. This packet can conceivably
- * be expanded to allow for switching on end-to-end encryption.
- *
- * stage3 packet format:
- *
- * CARD8 reqType = 3
- * CARD8 data = ignored (for now)
- * CARD16 length = should be zero
- */
-int k5_stage3(client)
- register ClientPtr client;
-{
- REQUEST(xReq);
-
- if (((OsCommPtr)client->osPrivate)->authstate.stageno != 3)
- {
- return(SendConnSetup(client, "expected Krb5 stage3 packet"));
- }
- else
- return(SendConnSetup(client, NULL)); /* success! */
-}
-
-k5_bad(client)
- register ClientPtr client;
-{
- if (((OsCommPtr)client->osPrivate)->authstate.srvcreds)
- krb5_free_creds((krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds);
- sprintf(kerror, "unrecognized Krb5 auth packet %d, expecting %d",
- ((xReq *)client->requestBuffer)->reqType,
- ((OsCommPtr)client->osPrivate)->authstate.stageno);
- return(SendConnSetup(client, kerror));
-}
-
-/*
- * K5Add:
- *
- * Takes the name of a credentials cache and resolves it. Also adds the
- * primary principal of the ccache to the acl.
- *
- * Now will also take a service name.
- */
-int K5Add(data_length, data, id)
- unsigned short data_length;
- char *data;
- XID id;
-{
- krb5_principal princ;
- krb5_error_code retval;
- krb5_keytab_entry tmp_entry;
- krb5_keytab keytab;
- krb5_kvno kvno = 0;
- krb5_ccache cc;
- char *nbuf, *cp;
- krb5_data kbuf;
- int i, ktlen;
-
- krb5_init_ets(); /* can't think of a better place to put it */
- krb5_id = ~0L;
- if (data_length < 3)
- return 0;
- if ((nbuf = (char *)malloc(data_length - 2)) == NULL)
- return 0;
- memcpy(nbuf, data + 3, data_length - 3);
- nbuf[data_length - 3] = '\0';
- if (ccname)
- {
- free(ccname);
- ccname = NULL;
- }
- if (srvname)
- {
- krb5_free_principal(srvname);
- srvname = NULL;
- }
- if (ktname)
- {
- free(ktname);
- ktname = NULL;
- }
- if (!strncmp(data, "UU:", 3))
- {
- if (retval = krb5_cc_resolve(nbuf, &cc))
- {
- ErrorF("K5Add: krb5_cc_resolve of \"%s\" failed: %s\n",
- nbuf, error_message(retval));
- free(nbuf);
- return 0;
- }
- if (cc && !(retval = krb5_cc_get_principal(cc, &princ)))
- {
- if (XauKrb5Encode(princ, &kbuf))
- {
- free(nbuf);
- krb5_free_principal(princ);
- krb5_cc_close(cc);
- return 0;
- }
- if (krb5_cc_close(cc))
- return 0;
- AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_free_principal(princ);
- free(kbuf.data);
- ccname = nbuf;
- krb5_id = id;
- return 1;
- }
- else
- {
- ErrorF("K5Add: getting principal from cache \"%s\" failed: %s\n",
- nbuf, error_message(retval));
- }
- }
- else if (!strncmp(data, "CS:", 3))
- {
- if ((cp = strchr(nbuf, ',')) == NULL)
- {
- free(nbuf);
- return 0;
- }
- *cp = '\0'; /* gross but it works :-) */
- ktlen = strlen(cp + 1);
- if ((ktname = (char *)malloc(ktlen + 1)) == NULL)
- {
- free(nbuf);
- return 0;
- }
- strcpy(ktname, cp + 1);
- retval = krb5_sname_to_principal(NULL, /* NULL for hostname uses
- local host name*/
- nbuf, KRB5_NT_SRV_HST,
- &srvname);
- free(nbuf);
- if (retval)
- {
- free(ktname);
- ktname = NULL;
- return 0;
- }
- if (retval = krb5_kt_resolve(ktname, &keytab))
- {
- free(ktname);
- ktname = NULL;
- krb5_free_principal(srvname);
- srvname = NULL;
- return 0;
- }
- retval = krb5_kt_get_entry(keytab, srvname, kvno, &tmp_entry);
- krb5_kt_free_entry(&tmp_entry);
- if (retval)
- {
- free(ktname);
- ktname = NULL;
- krb5_free_principal(srvname);
- srvname = NULL;
- return 0;
- }
- if (XauKrb5Encode(srvname, &kbuf))
- {
- free(ktname);
- ktname = NULL;
- krb5_free_principal(srvname);
- srvname = NULL;
- return 0;
- }
- AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_id = id;
- return 1;
- }
- else
- {
- ErrorF("K5Add: credentials cache name \"%.*s\" in auth file: unknown type\n",
- data_length, data);
- }
- return 0;
-}
-
-/*
- * K5Reset:
- *
- * Reset krb5_id, also nuke the current principal from the acl.
- */
-int K5Reset()
-{
- krb5_principal princ;
- krb5_error_code retval;
- krb5_ccache cc;
- krb5_data kbuf;
- int i;
-
- if (ccname)
- {
- if (retval = krb5_cc_resolve(ccname, &cc))
- {
- free(ccname);
- ccname = NULL;
- }
- if (cc && !(retval = krb5_cc_get_principal(cc, &princ)))
- {
- if (XauKrb5Encode(princ, &kbuf))
- return 1;
- RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_free_principal(princ);
- free(kbuf.data);
- if (krb5_cc_close(cc))
- return 1;
- free(ccname);
- ccname = NULL;
- }
- }
- if (srvname)
- {
- if (XauKrb5Encode(srvname, &kbuf))
- return 1;
- RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data);
- krb5_free_principal(srvname);
- free(kbuf.data);
- srvname = NULL;
- }
- if (ktname)
- {
- free(ktname);
- ktname = NULL;
- }
- krb5_id = ~0L;
- return 0;
-}
-
-XID K5ToID(data_length, data)
- unsigned short data_length;
- char *data;
-{
- return krb5_id;
-}
-
-int K5FromID(id, data_lenp, datap)
- XID id;
- unsigned short *data_lenp;
- char **datap;
-{
- return 0;
-}
-
-int K5Remove(data_length, data)
- unsigned short data_length;
- char *data;
-{
- return 0;
-}
diff --git a/nx-X11/programs/Xserver/os/osdep.h b/nx-X11/programs/Xserver/os/osdep.h
index acf832e1c..633039f4a 100644
--- a/nx-X11/programs/Xserver/os/osdep.h
+++ b/nx-X11/programs/Xserver/os/osdep.h
@@ -145,16 +145,6 @@ typedef struct _connectionOutput {
int count;
} ConnectionOutput, *ConnectionOutputPtr;
-#ifdef K5AUTH
-typedef struct _k5_state {
- int stageno; /* current stage of auth protocol */
- void *srvcreds; /* server credentials */
- void *srvname; /* server principal name */
- void *ktname; /* key table: principal-key pairs */
- void *skey; /* session key */
-} k5_state;
-#endif
-
struct _osComm;
#define AuthInitArgs void
@@ -190,9 +180,6 @@ typedef struct _osComm {
ConnectionInputPtr input;
ConnectionOutputPtr output;
XID auth_id; /* authorization id */
-#ifdef K5AUTH
- k5_state authstate; /* state of setup auth conversation */
-#endif
CARD32 conn_time; /* timestamp if not established, else 0 */
struct _XtransConnInfo *trans_conn; /* transport connection object */
} OsCommRec, *OsCommPtr;
@@ -283,16 +270,6 @@ extern int SecureRPCRemove (AuthRemCArgs);
extern int SecureRPCReset (AuthRstCArgs);
#endif
-/* in k5auth.c */
-#ifdef K5AUTH
-extern XID K5Check (AuthCheckArgs);
-extern XID K5ToID (AuthToIDArgs);
-extern int K5Add (AuthAddCArgs);
-extern int K5FromID (AuthFromIDArgs);
-extern int K5Remove (AuthRemCArgs);
-extern int K5Reset (AuthRstCArgs);
-#endif
-
/* in secauth.c */
extern XID AuthSecurityCheck (AuthCheckArgs);
diff --git a/nx-X11/programs/Xserver/os/rpcauth.c b/nx-X11/programs/Xserver/os/rpcauth.c
index 94c26651b..91823553c 100644
--- a/nx-X11/programs/Xserver/os/rpcauth.c
+++ b/nx-X11/programs/Xserver/os/rpcauth.c
@@ -41,7 +41,7 @@ from The Open Group.
#ifdef SECURE_RPC
#include <nx-X11/X.h>
-#include "Xauth.h"
+#include <nx-X11/Xauth.h>
#include "misc.h"
#include "os.h"
#include "dixstruct.h"