diff options
Diffstat (limited to 'nx-X11/lib')
-rw-r--r-- | nx-X11/lib/Imakefile | 5 | ||||
-rw-r--r-- | nx-X11/lib/X11/AuDispose.c (renamed from nx-X11/lib/Xau/AuDispose.c) | 0 | ||||
-rw-r--r-- | nx-X11/lib/X11/AuFileName.c (renamed from nx-X11/lib/Xau/AuFileName.c) | 0 | ||||
-rw-r--r-- | nx-X11/lib/X11/AuGetBest.c (renamed from nx-X11/lib/Xau/AuGetBest.c) | 2 | ||||
-rw-r--r-- | nx-X11/lib/X11/AuRead.c (renamed from nx-X11/lib/Xau/AuRead.c) | 0 | ||||
-rw-r--r-- | nx-X11/lib/X11/Imakefile | 9 | ||||
-rw-r--r-- | nx-X11/lib/Xau/AuGetAddr.c | 112 | ||||
-rw-r--r-- | nx-X11/lib/Xau/AuLock.c | 106 | ||||
-rw-r--r-- | nx-X11/lib/Xau/AuUnlock.c | 62 | ||||
-rw-r--r-- | nx-X11/lib/Xau/AuWrite.c | 73 | ||||
-rw-r--r-- | nx-X11/lib/Xau/Autest.c | 71 | ||||
-rw-r--r-- | nx-X11/lib/Xau/Imakefile | 49 | ||||
-rw-r--r-- | nx-X11/lib/Xau/README | 184 | ||||
-rw-r--r-- | nx-X11/lib/Xau/Xauth.h | 162 | ||||
-rw-r--r-- | nx-X11/lib/Xau/k5encode.c | 186 |
15 files changed, 1 insertions, 1020 deletions
diff --git a/nx-X11/lib/Imakefile b/nx-X11/lib/Imakefile index 20a18dab1..4cf8bf08e 100644 --- a/nx-X11/lib/Imakefile +++ b/nx-X11/lib/Imakefile @@ -15,10 +15,6 @@ NULL = XKBLIBDIR = xkbfile #endif -#if BuildXauLib -XAULIBDIR = Xau -#endif - #if BuildX11Lib X11LIBDIR = X11 #endif @@ -29,7 +25,6 @@ XEXTLIBDIR = Xext LINTSUBDIRS = \ - $(XAULIBDIR) \ $(X11LIBDIR) \ $(XEXTLIBDIR) \ $(XKBLIBDIR) \ diff --git a/nx-X11/lib/Xau/AuDispose.c b/nx-X11/lib/X11/AuDispose.c index dc2080f40..dc2080f40 100644 --- a/nx-X11/lib/Xau/AuDispose.c +++ b/nx-X11/lib/X11/AuDispose.c diff --git a/nx-X11/lib/Xau/AuFileName.c b/nx-X11/lib/X11/AuFileName.c index 6ab0138b8..6ab0138b8 100644 --- a/nx-X11/lib/Xau/AuFileName.c +++ b/nx-X11/lib/X11/AuFileName.c diff --git a/nx-X11/lib/Xau/AuGetBest.c b/nx-X11/lib/X11/AuGetBest.c index eb27f24c1..03d49ac80 100644 --- a/nx-X11/lib/Xau/AuGetBest.c +++ b/nx-X11/lib/X11/AuGetBest.c @@ -132,7 +132,7 @@ XauGetBestAuthByAddr ( if ((family == FamilyWild || entry->family == FamilyWild || (entry->family == family && ((address_length == entry->address_length && - binaryEqual (entry->address, address, (int)address_length)) + binaryEqual (entry->address, address, (int)address_length)) #ifdef hpux || (family == FamilyLocal && fully_qual_address_length == entry->address_length && diff --git a/nx-X11/lib/Xau/AuRead.c b/nx-X11/lib/X11/AuRead.c index 2e2509633..2e2509633 100644 --- a/nx-X11/lib/Xau/AuRead.c +++ b/nx-X11/lib/X11/AuRead.c diff --git a/nx-X11/lib/X11/Imakefile b/nx-X11/lib/X11/Imakefile index 1ba1e4818..8be1b592d 100644 --- a/nx-X11/lib/X11/Imakefile +++ b/nx-X11/lib/X11/Imakefile @@ -1104,15 +1104,6 @@ InstallNonExecFile(XErrorDB,$(LIBDIR)) InstallNonExecFile(XKeysymDB,$(LIBDIR)) InstallLintLibrary(X11,$(LINTLIBDIR)) - -LinkSourceFile(AuDispose.c,$(XAUTHSRC)) -LinkSourceFile(AuGetBest.c,$(XAUTHSRC)) -LinkSourceFile(AuFileName.c,$(XAUTHSRC)) -LinkSourceFile(AuRead.c,$(XAUTHSRC)) -#if HasKrb5 -LinkSourceFile(k5encode.c,$(XAUTHSRC)) -#endif - #ifdef QNX4Architecture LOCAL_LDFLAGS=-F #endif diff --git a/nx-X11/lib/Xau/AuGetAddr.c b/nx-X11/lib/Xau/AuGetAddr.c deleted file mode 100644 index d68ceadc2..000000000 --- a/nx-X11/lib/Xau/AuGetAddr.c +++ /dev/null @@ -1,112 +0,0 @@ -/* $Xorg: AuGetAddr.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuGetAddr.c,v 1.5 2001/12/14 19:54:36 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> -#include <nx-X11/Xos.h> - -static int -binaryEqual (_Xconst char *a, _Xconst char *b, int len) -{ - while (len--) - if (*a++ != *b++) - return 0; - return 1; -} - -Xauth * -XauGetAuthByAddr ( -#if NeedWidePrototypes -unsigned int family, -unsigned int address_length, -#else -unsigned short family, -unsigned short address_length, -#endif -_Xconst char* address, -#if NeedWidePrototypes -unsigned int number_length, -#else -unsigned short number_length, -#endif -_Xconst char* number, -#if NeedWidePrototypes -unsigned int name_length, -#else -unsigned short name_length, -#endif -_Xconst char* name) -{ - FILE *auth_file; - char *auth_name; - Xauth *entry; - - auth_name = XauFileName (); - if (!auth_name) - return 0; - if (access (auth_name, R_OK) != 0) /* checks REAL id */ - return 0; - auth_file = fopen (auth_name, "rb"); - if (!auth_file) - return 0; - for (;;) { - entry = XauReadAuth (auth_file); - if (!entry) - break; - /* - * Match when: - * either family or entry->family are FamilyWild or - * family and entry->family are the same and - * address and entry->address are the same - * and - * either number or entry->number are empty or - * number and entry->number are the same - * and - * either name or entry->name are empty or - * name and entry->name are the same - */ - - if ((family == FamilyWild || entry->family == FamilyWild || - (entry->family == family && - address_length == entry->address_length && - binaryEqual (entry->address, address, (int)address_length))) && - (number_length == 0 || entry->number_length == 0 || - (number_length == entry->number_length && - binaryEqual (entry->number, number, (int)number_length))) && - (name_length == 0 || entry->name_length == 0 || - (entry->name_length == name_length && - binaryEqual (entry->name, name, (int)name_length)))) - break; - XauDisposeAuth (entry); - } - (void) fclose (auth_file); - return entry; -} diff --git a/nx-X11/lib/Xau/AuLock.c b/nx-X11/lib/Xau/AuLock.c deleted file mode 100644 index 1813dc368..000000000 --- a/nx-X11/lib/Xau/AuLock.c +++ /dev/null @@ -1,106 +0,0 @@ -/* $Xorg: AuLock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuLock.c,v 3.6 2002/05/31 18:45:43 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> -#include <nx-X11/Xos.h> -#include <sys/stat.h> -#include <errno.h> -#include <time.h> -#define Time_t time_t -#ifndef X_NOT_POSIX -#include <unistd.h> -#else -#ifndef WIN32 -extern unsigned sleep (); -#else -#include <nx-X11/Xwindows.h> -#define link rename -#endif -#endif -#ifdef __UNIXOS2__ -#define link rename -#endif - -int -XauLockAuth ( -_Xconst char *file_name, -int retries, -int timeout, -long dead) -{ - char creat_name[1025], link_name[1025]; - struct stat statb; - Time_t now; - int creat_fd = -1; - - if (strlen (file_name) > 1022) - return LOCK_ERROR; - (void) strcpy (creat_name, file_name); - (void) strcat (creat_name, "-c"); - (void) strcpy (link_name, file_name); - (void) strcat (link_name, "-l"); - if (stat (creat_name, &statb) != -1) { - now = time ((Time_t *) 0); - /* - * NFS may cause ctime to be before now, special - * case a 0 deadtime to force lock removal - */ - if (dead == 0 || now - statb.st_ctime > dead) { - (void) unlink (creat_name); - (void) unlink (link_name); - } - } - - while (retries > 0) { - if (creat_fd == -1) { - creat_fd = open (creat_name, O_WRONLY | O_CREAT | O_EXCL, 0600); - if (creat_fd == -1) { - if (errno != EACCES) - return LOCK_ERROR; - } else - (void) close (creat_fd); - } - if (creat_fd != -1) { - if (link (creat_name, link_name) != -1) - return LOCK_SUCCESS; - if (errno == ENOENT) { - creat_fd = -1; /* force re-creat next time around */ - continue; - } - if (errno != EEXIST) - return LOCK_ERROR; - } - (void) sleep ((unsigned) timeout); - --retries; - } - return LOCK_TIMEOUT; -} diff --git a/nx-X11/lib/Xau/AuUnlock.c b/nx-X11/lib/Xau/AuUnlock.c deleted file mode 100644 index e40042104..000000000 --- a/nx-X11/lib/Xau/AuUnlock.c +++ /dev/null @@ -1,62 +0,0 @@ -/* $Xorg: AuUnlock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuUnlock.c,v 1.4 2001/12/14 19:54:36 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> -#include <nx-X11/Xos.h> - -int -XauUnlockAuth ( -_Xconst char *file_name) -{ -#ifndef WIN32 - char creat_name[1025]; -#endif - char link_name[1025]; - - if (strlen (file_name) > 1022) - return 0; -#ifndef WIN32 - (void) strcpy (creat_name, file_name); - (void) strcat (creat_name, "-c"); -#endif - (void) strcpy (link_name, file_name); - (void) strcat (link_name, "-l"); - /* - * I think this is the correct order - */ -#ifndef WIN32 - (void) unlink (creat_name); -#endif - (void) unlink (link_name); - - return 1; -} diff --git a/nx-X11/lib/Xau/AuWrite.c b/nx-X11/lib/Xau/AuWrite.c deleted file mode 100644 index 5a9b44eb2..000000000 --- a/nx-X11/lib/Xau/AuWrite.c +++ /dev/null @@ -1,73 +0,0 @@ -/* $Xorg: AuWrite.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ -/* $XFree86: xc/lib/Xau/AuWrite.c,v 1.3 2001/01/17 19:42:24 dawes Exp $ */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> - -static int -write_short (unsigned short s, FILE *file) -{ - unsigned char file_short[2]; - - file_short[0] = (s & (unsigned)0xff00) >> 8; - file_short[1] = s & 0xff; - if (fwrite ((char *) file_short, (int) sizeof (file_short), 1, file) != 1) - return 0; - return 1; -} - -static int -write_counted_string (unsigned short count, char *string, FILE *file) -{ - if (write_short (count, file) == 0) - return 0; - if (fwrite (string, (int) sizeof (char), (int) count, file) != count) - return 0; - return 1; -} - -int -XauWriteAuth (auth_file, auth) -FILE *auth_file; -Xauth *auth; -{ - if (write_short (auth->family, auth_file) == 0) - return 0; - if (write_counted_string (auth->address_length, auth->address, auth_file) == 0) - return 0; - if (write_counted_string (auth->number_length, auth->number, auth_file) == 0) - return 0; - if (write_counted_string (auth->name_length, auth->name, auth_file) == 0) - return 0; - if (write_counted_string (auth->data_length, auth->data, auth_file) == 0) - return 0; - return 1; -} diff --git a/nx-X11/lib/Xau/Autest.c b/nx-X11/lib/Xau/Autest.c deleted file mode 100644 index 2352cf170..000000000 --- a/nx-X11/lib/Xau/Autest.c +++ /dev/null @@ -1,71 +0,0 @@ -/* $Xorg: Autest.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <nx-X11/Xauth.h> - -main (argc, argv) -char **argv; -{ - Xauth test_data; - char *name, *data, *file; - int state = 0; - FILE *output; - - while (*++argv) { - if (!strcmp (*argv, "-file")) - file = *++argv; - else if (state == 0) { - name = *argv; - ++state; - } else if (state == 1) { - data = *argv; - ++state; - } - } - if(!file) { - fprintf (stderr, "No file\n"); - exit (1); - } - test_data.family = 0; - test_data.address_length = 0; - test_data.address = ""; - test_data.number_length = 0; - test_data.number = ""; - test_data.name_length = strlen (name); - test_data.name = name; - test_data.data_length = strlen (data); - test_data.data = data; - output = fopen (file, "w"); - if (output) { - XauWriteAuth (output, &test_data); - fclose (output); - } -} diff --git a/nx-X11/lib/Xau/Imakefile b/nx-X11/lib/Xau/Imakefile deleted file mode 100644 index df80d28d4..000000000 --- a/nx-X11/lib/Xau/Imakefile +++ /dev/null @@ -1,49 +0,0 @@ -XCOMM $Xorg: Imakefile,v 1.3 2000/08/17 19:45:29 cpqbld Exp $ -XCOMM $XdotOrg: xc/lib/Xau/Imakefile,v 1.4 2005/09/22 23:54:18 alanc Exp $ - - - -XCOMM $XFree86: xc/lib/Xau/Imakefile,v 3.5 1999/04/17 09:08:11 dawes Exp $ - -#define DoNormalLib NormalLibXau -#define DoSharedLib SharedLibXau -#define DoExtraLib SharedLibXau -#define DoDebugLib DebugLibXau -#define DoProfileLib ProfileLibXau -#define LibName NX_Xau -#define SoRev SOXAUTHREV -#define IncSubdir nx-X11 - -#include <Threads.tmpl> - -#ifdef SharedXauReqs -REQUIREDLIBS = SharedXauReqs -#endif - - LINTLIBS = $(LINTXLIB) - -#if HasKrb5 -K5ENCSRC = k5encode.c -K5ENCOBJ = k5encode.o -INCLUDES = Krb5Includes -#else -K5ENCSRC = -K5ENCOBJ = -INCLUDES = -#endif - -HEADERS = \ - Xauth.h - -SRCS = AuDispose.c AuFileName.c AuGetAddr.c AuGetBest.c AuLock.c \ - AuRead.c AuUnlock.c AuWrite.c $(K5ENCSRC) - -OBJS = AuDispose.o AuFileName.o AuGetAddr.o AuGetBest.o AuLock.o \ - AuRead.o AuUnlock.o AuWrite.o $(K5ENCOBJ) - -#define IncludeSharedObjectInNormalLib -#define UnsharedLibObjCompile(options) LibObjCompile(unshared,$(CDEBUGFLAGS) $(CLIBDEBUGFLAGS) options $(PICFLAGS)) - -#include <Library.tmpl> - -DependTarget() diff --git a/nx-X11/lib/Xau/README b/nx-X11/lib/Xau/README deleted file mode 100644 index 404eef079..000000000 --- a/nx-X11/lib/Xau/README +++ /dev/null @@ -1,184 +0,0 @@ - - - A Sample Authorization Protocol for X - - -Overview - -The following note describes a very simple mechanism for providing individual -access to an X Window System display. It uses existing core protocol and -library hooks for specifying authorization data in the connection setup block -to restrict use of the display to only those clients that show that they -know a server-specific key called a "magic cookie". This mechanism is *not* -being proposed as an addition to the Xlib standard; among other reasons, a -protocol extension is needed to support more flexible mechanisms. We have -implemented this mechanism already; if you have comments, please send them -to us. - -This scheme involves changes to the following parts of the sample release: - - o xdm - - generate random magic cookie and store in protected file - - pass name of magic cookie file to server - - when user logs in, add magic cookie to user's auth file - - when user logs out, generate a new cookie for server - - o server - - a new command line option to specify cookie file - - check client authorization data against magic cookie - - read in cookie whenever the server resets - - do not add local machine to host list if magic cookie given - - o Xlib - - read in authorization data from file - - find data for appropriate server - - send authorization data if found - - o xauth [new program to manage user auth file] - - add entries to user's auth file - - remove entries from user's auth file - -This mechanism assumes that the superuser and the transport layer between -the client and the server is secure. Organizations that desire stricter -security are encouraged to look at systems such as Kerberos (at Project -Athena). - - -Description - -The sample implementation will use the xdm Display Manager to set up and -control the server's authorization file. Sites that do not run xdm will -need to build their own mechanisms. - -Xdm uses a random key (seeded by the system time and check sum of /dev/kmem) -to generate a unique sequence of characters at 16 bytes long. This sequence -will be written to a file which is made readable only by the server. The -server will then be started with a command line option instructing it to use -the contents of the file as the magic cookie for connections that include -authorization data. This will also disable the server from adding the local -machine's address to the initial host list. Note that the actual cookie must -not be stored on the command line or in an environment variable, to prevent -it from being publicly obtainable by the "ps" command. - -If a client presents an authorization name of "MIT-MAGIC-COOKIE-1" and -authorization data that matches the magic cookie, that client is allowed -access. If the name or data does not match and the host list is empty, -that client will be denied access. Otherwise, the existing host-based access -control will be used. Since any client that is making a connection from a -machine on the host list will be granted access even if their authorization -data is incorrect, sites are strongly urged not to set up any default hosts -using the /etc/X*.hosts files. Granting access to other machines should be -done by the user's session manager instead. - -Assuming the server is configured with an empty host list, the existence of the -cookie is sufficient to ensure there will be no unauthorized access to the -display. However, xdm will (continue to) work to minimize the chances of -spoofing on servers that do not support this authorization mechanism. This -will be done by grabbing the server and the keyboard after opening the display. -This action will be surrounded by a timer which will kill the server if the -grabs cannot be done within several seconds. [This level of security is now -implemented in patches already sent out.] - -After the user logs in, xdm will add authorization entries for each of the -server machine's network addresses to the user's authorization file (the format -of which is described below). This file will usually be named .Xauthority in -the users's home directory; will be owned by the user (as specified by the -pw_uid and pw_gid fields in the user's password entry), and will be accessible -only to the user (no group access). This file will contain authorization data -for all of the displays opened by the user. - -When the session terminates, xdm will generate and store a new magic cookie -for the server. Then, xdm will shutdown its own connection and send a -SIGHUP to the server process, which should cause the server to reset. The -server will then read in the new magic cookie. - -To support accesses (both read and write) from multiple machines (for use in -environments that use distributed file systems), file locking is done using -hard links. This is done by creat'ing (sic) a lock file and then linking it -to another name in the same directory. If the link-target already exists, -the link will fail, indicating failure to obtain the lock. Linking is used -instead of just creating the file read-only since link will fail even for -the superuser. - -Problems and Solutions - -There are a few problems with .Xauthority as described. If no home directory -exists, or if xdm cannot create a file there (disk full), xdm stores the -cookie in a file in a resource-specified back-up directory, and sets an -environment variable in the user's session (called XAUTHORITY) naming this -file. There is also the problem that the locking attempts will need to be -timed out, due to a leftover lock. Xdm, again, creates a file and set an -environment variable. Finally, the back-up directory might be full. Xdm, -as a last resort, provides a function key binding that allows a user to log -in without having the authorization data stored, and with host-based access -control disabled. - -Xlib - -XOpenDisplay in Xlib was enhanced to allow specification of authorization -information. As implied above, Xlib looks for the data in the -.Xauthority file of the home directory, or in the file pointed at by the -XAUTHORITY environment variable instead if that is defined. This required -no programmatic interface change to Xlib. In addition, a new Xlib routine -is provided to explicitly specify authorization. - - XSetAuthorization(name, namelen, data, datalen) - int namelen, datalen; - char *name, *data; - -There are three types of input: - - name NULL, data don't care - use default authorization mechanism. - name non-NULL, data NULL - use the named authorization; get - data from that mechanism's default. - name non-NULL, data non-NULL - use the given authorization and data. - -This interface is used by xdm and might also be used by any other -applications that wish to explicitly set the authorization information. - -Authorization File - -The .Xauthority file is a binary file consisting of a sequence of entries -in the following format: - - 2 bytes Family value (second byte is as in protocol HOST) - 2 bytes address length (always MSB first) - A bytes host address (as in protocol HOST) - 2 bytes display "number" length (always MSB first) - S bytes display "number" string - 2 bytes name length (always MSB first) - N bytes authorization name string - 2 bytes data length (always MSB first) - D bytes authorization data string - -The format is binary for easy processing, since authorization information -usually consists of arbitrary data. Host addresses are used instead of -names to eliminate potentially time-consuming name resolutions in -XOpenDisplay. Programs, such as xdm, that initialize the user's -authorization file will have to do the same work as the server in finding -addresses for all network interfaces. If more than one entry matches the -desired address, the entry that is chosen is implementation-dependent. In -our implementation, it is always the first in the file. - -The Family is specified in two bytes to allow out-of-band values -(i.e. values not in the Protocol) to be used. In particular, -two new values "FamilyLocal" and "FamilyWild" are defined. FamilyLocal -refers to any connections using a non-network method of connetion from the -local machine (Unix domain sockets, shared memory, loopback serial line). -In this case the host address is specified by the data returned from -gethostname() and better be unique in a collection of machines -which share NFS directories. FamilyWild is currently used only -by xdm to communicate authorization data to the server. It matches -any family/host address pair. - -For FamilyInternet, the host address is the 4 byte internet address, for -FamilyDecnet, the host address is the byte decnet address, for FamilyChaos -the address is also two bytes. - -The Display Number is the ascii representation of the display number -portion of the display name. It is in ascii to allow future expansion -to PseudoRoots or anything else that might happen. - -A utility called "xauth" will be provided for editing and viewing the -contents of authorization files. Note that the user's authorization file is -not the same as the server's magic cookie file. diff --git a/nx-X11/lib/Xau/Xauth.h b/nx-X11/lib/Xau/Xauth.h deleted file mode 100644 index 7ac8bf77b..000000000 --- a/nx-X11/lib/Xau/Xauth.h +++ /dev/null @@ -1,162 +0,0 @@ -/* $Xorg: Xauth.h,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ - -/* $XFree86: xc/lib/Xau/Xauth.h,v 1.5 2001/12/14 19:54:36 dawes Exp $ */ - -#ifndef _Xauth_h -#define _Xauth_h - -typedef struct xauth { - unsigned short family; - unsigned short address_length; - char *address; - unsigned short number_length; - char *number; - unsigned short name_length; - char *name; - unsigned short data_length; - char *data; -} Xauth; - -#ifndef _XAUTH_STRUCT_ONLY - -# include <nx-X11/Xfuncproto.h> -# include <nx-X11/Xfuncs.h> - -# include <stdio.h> - -# define FamilyLocal (256) /* not part of X standard (i.e. X.h) */ -# define FamilyWild (65535) -# define FamilyNetname (254) /* not part of X standard */ -# define FamilyKrb5Principal (253) /* Kerberos 5 principal name */ -# define FamilyLocalHost (252) /* for local non-net authentication */ - - -_XFUNCPROTOBEGIN - -char *XauFileName(void); - -Xauth *XauReadAuth( -FILE* /* auth_file */ -); - -int XauLockAuth( -_Xconst char* /* file_name */, -int /* retries */, -int /* timeout */, -long /* dead */ -); - -int XauUnlockAuth( -_Xconst char* /* file_name */ -); - -int XauWriteAuth( -FILE* /* auth_file */, -Xauth* /* auth */ -); - -Xauth *XauGetAuthByName( -_Xconst char* /* display_name */ -); - -Xauth *XauGetAuthByAddr( -#if NeedWidePrototypes -unsigned int /* family */, -unsigned int /* address_length */, -#else -unsigned short /* family */, -unsigned short /* address_length */, -#endif -_Xconst char* /* address */, -#if NeedWidePrototypes -unsigned int /* number_length */, -#else -unsigned short /* number_length */, -#endif -_Xconst char* /* number */, -#if NeedWidePrototypes -unsigned int /* name_length */, -#else -unsigned short /* name_length */, -#endif -_Xconst char* /* name */ -); - -Xauth *XauGetBestAuthByAddr( -#if NeedWidePrototypes -unsigned int /* family */, -unsigned int /* address_length */, -#else -unsigned short /* family */, -unsigned short /* address_length */, -#endif -_Xconst char* /* address */, -#if NeedWidePrototypes -unsigned int /* number_length */, -#else -unsigned short /* number_length */, -#endif -_Xconst char* /* number */, -int /* types_length */, -char** /* type_names */, -_Xconst int* /* type_lengths */ -); - -void XauDisposeAuth( -Xauth* /* auth */ -); - -#ifdef K5AUTH -#include <krb5/krb5.h> -/* 9/93: krb5.h leaks some symbols */ -#undef BITS32 -#undef xfree - -int XauKrb5Encode( - krb5_principal /* princ */, - krb5_data * /* outbuf */ -); - -int XauKrb5Decode( - krb5_data /* inbuf */, - krb5_principal * /* princ */ -); -#endif /* K5AUTH */ - -_XFUNCPROTOEND - -/* Return values from XauLockAuth */ - -# define LOCK_SUCCESS 0 /* lock succeeded */ -# define LOCK_ERROR 1 /* lock unexpectely failed, check errno */ -# define LOCK_TIMEOUT 2 /* lock failed, timeouts expired */ - -#endif /* _XAUTH_STRUCT_ONLY */ - -#endif /* _Xauth_h */ diff --git a/nx-X11/lib/Xau/k5encode.c b/nx-X11/lib/Xau/k5encode.c deleted file mode 100644 index c71222e1c..000000000 --- a/nx-X11/lib/Xau/k5encode.c +++ /dev/null @@ -1,186 +0,0 @@ -/* $Xorg: k5encode.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */ - -/* - -Copyright 1993, 1994, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall not be -used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization from The Open Group. - -*/ - -/* - * functions to encode/decode Kerberos V5 principals - * into something that can be reasonable spewed over - * the wire - * - * Author: Tom Yu <tlyu@MIT.EDU> - * - * Still needs to be fixed up wrt signed/unsigned lengths, but we'll worry - * about that later. - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <krb5/krb5.h> -/* 9/93: krb5.h leaks some symbols */ -#undef BITS32 -#undef xfree - -#include <nx-X11/X.h> -#include <nx-X11/Xos.h> -#include <nx-X11/Xmd.h> -#include <nx-X11/Xfuncs.h> - -/* - * XauKrb5Encode - * - * this function encodes the principal passed to it in a format that can - * easily be dealt with by stuffing it into an X packet. Encoding is as - * follows: - * length count of the realm name - * realm - * component count - * length of component - * actual principal component - * etc.... - * - * Note that this function allocates a hunk of memory, which must be - * freed to avoid nasty memory leak type things. All counts are - * byte-swapped if needed. (except for the total length returned) - * - * nevermind.... stuffing the encoded packet in net byte order just to - * always do the right thing. Don't have to frob with alignment that way. - */ -int -XauKrb5Encode(princ, outbuf) - krb5_principal princ; /* principal to encode */ - krb5_data *outbuf; /* output buffer */ -{ - CARD16 i, numparts, totlen = 0, plen, rlen; - char *cp, *pdata; - - rlen = krb5_princ_realm(princ)->length; - numparts = krb5_princ_size(princ); - totlen = 2 + rlen + 2; /* include room for realm length - and component count */ - for (i = 0; i < numparts; i++) - totlen += krb5_princ_component(princ, i)->length + 2; - /* add 2 bytes each time for length */ - if ((outbuf->data = (char *)malloc(totlen)) == NULL) - return -1; - cp = outbuf->data; - *cp++ = (char)((int)(0xff00 & rlen) >> 8); - *cp++ = (char)(0x00ff & rlen); - memcpy(cp, krb5_princ_realm(princ)->data, rlen); - cp += rlen; - *cp++ = (char)((int)(0xff00 & numparts) >> 8); - *cp++ = (char)(0x00ff & numparts); - for (i = 0; i < numparts; i++) - { - plen = krb5_princ_component(princ, i)->length; - pdata = krb5_princ_component(princ, i)->data; - *cp++ = (char)((int)(0xff00 & plen) >> 8); - *cp++ = (char)(0x00ff & plen); - memcpy(cp, pdata, plen); - cp += plen; - } - outbuf->length = totlen; - return 0; -} - -/* - * XauKrb5Decode - * - * This function essentially reverses what XauKrb5Encode does. - * return value: 0 if okay, -1 if malloc fails, -2 if inbuf format bad - */ -int -XauKrb5Decode(inbuf, princ) - krb5_data inbuf; - krb5_principal *princ; -{ - CARD16 i, numparts, plen, rlen; - CARD8 *cp, *pdata; - - if (inbuf.length < 4) - { - return -2; - } - *princ = (krb5_principal)malloc(sizeof (krb5_principal_data)); - if (*princ == NULL) - return -1; - bzero(*princ, sizeof (krb5_principal_data)); - cp = (CARD8 *)inbuf.data; - rlen = *cp++ << 8; - rlen |= *cp++; - if (inbuf.length < 4 + (int)rlen + 2) - { - krb5_free_principal(*princ); - return -2; - } - krb5_princ_realm(*princ)->data = (char *)malloc(rlen); - if (krb5_princ_realm(*princ)->data == NULL) - { - krb5_free_principal(*princ); - return -1; - } - krb5_princ_realm(*princ)->length = rlen; - memcpy(krb5_princ_realm(*princ)->data, cp, rlen); - cp += rlen; - numparts = *cp++ << 8; - numparts |= *cp++; - krb5_princ_name(*princ) = - (krb5_data *)malloc(numparts * sizeof (krb5_data)); - if (krb5_princ_name(*princ) == NULL) - { - krb5_free_principal(*princ); - return -1; - } - krb5_princ_size(*princ) = 0; - for (i = 0; i < numparts; i++) - { - if (cp + 2 > (CARD8 *)inbuf.data + inbuf.length) - { - krb5_free_principal(*princ); - return -2; - } - plen = *cp++ << 8; - plen |= *cp++; - if (cp + plen > (CARD8 *)inbuf.data + inbuf.length) - { - krb5_free_principal(*princ); - return -2; - } - pdata = (CARD8 *)malloc(plen); - if (pdata == NULL) - { - krb5_free_principal(*princ); - return -1; - } - krb5_princ_component(*princ, i)->data = (char *)pdata; - krb5_princ_component(*princ, i)->length = plen; - memcpy(pdata, cp, plen); - cp += plen; - krb5_princ_size(*princ)++; - } - return 0; -} |