diff options
author | marha <marha@users.sourceforge.net> | 2011-12-16 20:45:15 +0100 |
---|---|---|
committer | Marc Haesen <marc@hc-consult.be> | 2011-12-16 20:45:15 +0100 |
commit | 47913e82955ec8e2b1ba4d4b145497dede9163b5 (patch) | |
tree | d23c322caf26864270171d54eb2805cee2721e4d /xorg-server/os | |
parent | 53d28537755790ee4625dc16f560cad5aa93f56b (diff) | |
download | vcxsrv-47913e82955ec8e2b1ba4d4b145497dede9163b5.tar.gz vcxsrv-47913e82955ec8e2b1ba4d4b145497dede9163b5.tar.bz2 vcxsrv-47913e82955ec8e2b1ba4d4b145497dede9163b5.zip |
xserver git update 16 dec 2011
Diffstat (limited to 'xorg-server/os')
-rw-r--r-- | xorg-server/os/access.c | 30 | ||||
-rw-r--r-- | xorg-server/os/auth.c | 656 | ||||
-rw-r--r-- | xorg-server/os/connection.c | 4 | ||||
-rw-r--r-- | xorg-server/os/io.c | 2 | ||||
-rw-r--r-- | xorg-server/os/mitauth.c | 394 | ||||
-rw-r--r-- | xorg-server/os/osdep.h | 2 | ||||
-rw-r--r-- | xorg-server/os/osinit.c | 2 | ||||
-rw-r--r-- | xorg-server/os/rpcauth.c | 2 | ||||
-rw-r--r-- | xorg-server/os/utils.c | 4 | ||||
-rw-r--r-- | xorg-server/os/xdmauth.c | 998 | ||||
-rw-r--r-- | xorg-server/os/xdmcp.c | 6 |
11 files changed, 1048 insertions, 1052 deletions
diff --git a/xorg-server/os/access.c b/xorg-server/os/access.c index 0800c7f73..b609442de 100644 --- a/xorg-server/os/access.c +++ b/xorg-server/os/access.c @@ -176,12 +176,10 @@ SOFTWARE. Bool defeatAccessControl = FALSE; -#define acmp(a1, a2, len) memcmp((char *)(a1), (char *)(a2), len) -#define acopy(a1, a2, len) memmove((char *)(a2), (char *)(a1), len) #define addrEqual(fam, address, length, host) \ ((fam) == (host)->family &&\ (length) == (host)->len &&\ - !acmp (address, (host)->addr, length)) + !memcmp (address, (host)->addr, length)) static int ConvertAddr(struct sockaddr * /*saddr*/, int * /*len*/, @@ -371,13 +369,13 @@ DefineSelf (int fd) switch (hp->h_addrtype) { case AF_INET: inetaddr = (struct sockaddr_in *) (&(saddr.sa)); - acopy ( hp->h_addr, &(inetaddr->sin_addr), hp->h_length); + memcpy ( &(inetaddr->sin_addr), hp->h_addr, hp->h_length); len = sizeof(saddr.sa); break; #if defined(IPv6) && defined(AF_INET6) case AF_INET6: inet6addr = (struct sockaddr_in6 *) (&(saddr.sa)); - acopy ( hp->h_addr, &(inet6addr->sin6_addr), hp->h_length); + memcpy ( &(inet6addr->sin6_addr), hp->h_addr, hp->h_length); len = sizeof(saddr.in6); break; #endif @@ -398,7 +396,7 @@ DefineSelf (int fd) { host->family = family; host->len = len; - acopy ( addr, host->addr, len); + memcpy ( host->addr, addr, len); host->next = selfhosts; selfhosts = host; } @@ -448,7 +446,7 @@ DefineLocalHost: { host->family = FamilyLocalHost; host->len = 0; - acopy("", host->addr, 0); + /* Nothing to store in host->addr */ host->next = selfhosts; selfhosts = host; } @@ -585,7 +583,7 @@ DefineSelf (int fd) { host->family = family; host->len = len; - acopy(addr, host->addr, len); + memcpy(host->addr, addr, len); host->next = selfhosts; selfhosts = host; } @@ -717,7 +715,7 @@ DefineSelf (int fd) if (host != NULL) { host->family = family; host->len = len; - acopy(addr, host->addr, len); + memcpy(host->addr, addr, len); host->next = selfhosts; selfhosts = host; } @@ -792,7 +790,7 @@ DefineSelf (int fd) { host->family = FamilyLocalHost; host->len = 0; - acopy("", host->addr, 0); + /* Nothing to store in host->addr */ host->next = selfhosts; selfhosts = host; } @@ -821,7 +819,7 @@ AugmentSelf(pointer from, int len) return; host->family = family; host->len = len; - acopy(addr, host->addr, len); + memcpy(host->addr, addr, len); host->next = selfhosts; selfhosts = host; } @@ -1306,7 +1304,7 @@ NewHost (int family, return FALSE; host->family = family; host->len = len; - acopy(addr, host->addr, len); + memcpy(host->addr, addr, len); host->next = validhosts; validhosts = host; return TRUE; @@ -1400,7 +1398,7 @@ GetHosts ( ((xHostEntry *)ptr)->family = host->family; ((xHostEntry *)ptr)->length = len; ptr += sizeof(xHostEntry); - acopy (host->addr, ptr, len); + memcpy (ptr, host->addr, len); ptr += pad_to_int32(len); } } else { @@ -1763,7 +1761,7 @@ siHostnameAddrMatch(int family, pointer addr, int len, hostaddrlen = a->ai_addrlen; f = ConvertAddr(a->ai_addr,&hostaddrlen,&hostaddr); if ((f == family) && (len == hostaddrlen) && - (acmp (addr, hostaddr, len) == 0) ) { + (memcmp (addr, hostaddr, len) == 0) ) { res = TRUE; break; } @@ -1798,12 +1796,12 @@ siHostnameAddrMatch(int family, pointer addr, int len, struct sockaddr_in sin; sin.sin_family = hp->h_addrtype; - acopy ( *addrlist, &(sin.sin_addr), hp->h_length); + memcpy ( &(sin.sin_addr), *addrlist, hp->h_length); hostaddrlen = sizeof(sin); f = ConvertAddr ((struct sockaddr *)&sin, &hostaddrlen, &hostaddr); if ((f == family) && (len == hostaddrlen) && - (acmp (addr, hostaddr, len) == 0) ) { + (memcmp (addr, hostaddr, len) == 0) ) { res = TRUE; break; } diff --git a/xorg-server/os/auth.c b/xorg-server/os/auth.c index 52868f0ba..6669c148e 100644 --- a/xorg-server/os/auth.c +++ b/xorg-server/os/auth.c @@ -1,328 +1,328 @@ -/*
-
-Copyright 1988, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-
-*/
-
-/*
- * authorization hooks for the server
- * Author: Keith Packard, MIT X Consortium
- */
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-# include <X11/X.h>
-# include <X11/Xauth.h>
-# include "misc.h"
-# include "osdep.h"
-# include "dixstruct.h"
-# include <sys/types.h>
-# include <sys/stat.h>
-#ifdef WIN32
-#include <X11/Xw32defs.h>
-#endif
-
-struct protocol {
- unsigned short name_length;
- char *name;
- AuthAddCFunc Add; /* new authorization data */
- AuthCheckFunc Check; /* verify client authorization data */
- AuthRstCFunc Reset; /* delete all authorization data entries */
- AuthToIDFunc ToID; /* convert cookie to ID */
- AuthFromIDFunc FromID; /* convert ID to cookie */
- AuthRemCFunc Remove; /* remove a specific cookie */
-#ifdef XCSECURITY
- AuthGenCFunc Generate;
-#endif
-};
-
-static struct protocol protocols[] = {
-{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
- MitAddCookie, MitCheckCookie, MitResetCookie,
- MitToID, MitFromID, MitRemoveCookie,
-#ifdef XCSECURITY
- MitGenerateCookie
-#endif
-},
-#ifdef HASXDMAUTH
-{ (unsigned short) 19, "XDM-AUTHORIZATION-1",
- XdmAddCookie, XdmCheckCookie, XdmResetCookie,
- XdmToID, XdmFromID, XdmRemoveCookie,
-#ifdef XCSECURITY
- NULL
-#endif
-},
-#endif
-#ifdef SECURE_RPC
-{ (unsigned short) 9, "SUN-DES-1",
- SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
- SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
-#ifdef XCSECURITY
- NULL
-#endif
-},
-#endif
-};
-
-# define NUM_AUTHORIZATION (sizeof (protocols) /\
- sizeof (struct protocol))
-
-/*
- * Initialize all classes of authorization by reading the
- * specified authorization file
- */
-
-static char *authorization_file = (char *)NULL;
-
-static Bool ShouldLoadAuth = TRUE;
-
-void
-InitAuthorization (char *file_name)
-{
- authorization_file = file_name;
-}
-
-static int
-LoadAuthorization (void)
-{
- FILE *f;
- Xauth *auth;
- int i;
- int count = 0;
-
- ShouldLoadAuth = FALSE;
- if (!authorization_file)
- return 0;
-
- f = Fopen (authorization_file, "r");
- if (!f)
- return -1;
-
- while ((auth = XauReadAuth (f)) != 0) {
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].name_length == auth->name_length &&
- memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
- protocols[i].Add)
- {
- ++count;
- (*protocols[i].Add) (auth->data_length, auth->data,
- FakeClientID(0));
- }
- }
- XauDisposeAuth (auth);
- }
-
- Fclose (f);
- return count;
-}
-
-#ifdef XDMCP
-/*
- * XdmcpInit calls this function to discover all authorization
- * schemes supported by the display
- */
-void
-RegisterAuthorizations (void)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++)
- XdmcpRegisterAuthorization (protocols[i].name,
- (int)protocols[i].name_length);
-}
-#endif
-
-XID
-CheckAuthorization (
- unsigned int name_length,
- const char *name,
- unsigned int data_length,
- const char *data,
- ClientPtr client,
- char **reason) /* failure message. NULL for default msg */
-{
- int i;
- struct stat buf;
- static time_t lastmod = 0;
- static Bool loaded = FALSE;
-
- if (!authorization_file || stat(authorization_file, &buf))
- {
- if (lastmod != 0) {
- lastmod = 0;
- ShouldLoadAuth = TRUE; /* stat lost, so force reload */
- }
- }
- else if (buf.st_mtime > lastmod)
- {
- lastmod = buf.st_mtime;
- ShouldLoadAuth = TRUE;
- }
- if (ShouldLoadAuth)
- {
- int loadauth = LoadAuthorization();
-
- /*
- * If the authorization file has at least one entry for this server,
- * disable local host access. (loadauth > 0)
- *
- * If there are zero entries (either initially or when the
- * authorization file is later reloaded), or if a valid
- * authorization file was never loaded, enable local host access.
- * (loadauth == 0 || !loaded)
- *
- * If the authorization file was loaded initially (with valid
- * entries for this server), and reloading it later fails, don't
- * change anything. (loadauth == -1 && loaded)
- */
-
- if (loadauth > 0)
- {
- DisableLocalHost(); /* got at least one */
- loaded = TRUE;
- }
- else if (loadauth == 0 || !loaded)
- EnableLocalHost ();
- }
- if (name_length) {
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].name_length == name_length &&
- memcmp (protocols[i].name, name, (int) name_length) == 0)
- {
- return (*protocols[i].Check) (data_length, data, client, reason);
- }
- *reason = "Protocol not supported by server\n";
- }
- } else *reason = "No protocol specified\n";
- return (XID) ~0L;
-}
-
-void
-ResetAuthorization (void)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++)
- if (protocols[i].Reset)
- (*protocols[i].Reset)();
- ShouldLoadAuth = TRUE;
-}
-
-int
-AuthorizationFromID (
- XID id,
- unsigned short *name_lenp,
- char **namep,
- unsigned short *data_lenp,
- char **datap)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].FromID &&
- (*protocols[i].FromID) (id, data_lenp, datap)) {
- *name_lenp = protocols[i].name_length;
- *namep = protocols[i].name;
- return 1;
- }
- }
- return 0;
-}
-
-int
-RemoveAuthorization (
- unsigned short name_length,
- const char *name,
- unsigned short data_length,
- const char *data)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].name_length == name_length &&
- memcmp (protocols[i].name, name, (int) name_length) == 0 &&
- protocols[i].Remove)
- {
- return (*protocols[i].Remove) (data_length, data);
- }
- }
- return 0;
-}
-
-int
-AddAuthorization (unsigned name_length, const char *name,
- unsigned data_length, char *data)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].name_length == name_length &&
- memcmp (protocols[i].name, name, (int) name_length) == 0 &&
- protocols[i].Add)
- {
- return (*protocols[i].Add) (data_length, data, FakeClientID(0));
- }
- }
- return 0;
-}
-
-#ifdef XCSECURITY
-
-XID
-GenerateAuthorization(
- unsigned name_length,
- const char *name,
- unsigned data_length,
- const char *data,
- unsigned *data_length_return,
- char **data_return)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].name_length == name_length &&
- memcmp (protocols[i].name, name, (int) name_length) == 0 &&
- protocols[i].Generate)
- {
- return (*protocols[i].Generate) (data_length, data,
- FakeClientID(0), data_length_return, data_return);
- }
- }
- return -1;
-}
-
-void
-GenerateRandomData (int len, char *buf)
-{
- int fd;
-
- fd = open("/dev/urandom", O_RDONLY);
- read(fd, buf, len);
- close(fd);
-}
-
-#endif /* XCSECURITY */
+/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * authorization hooks for the server + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef HAVE_DIX_CONFIG_H +#include <dix-config.h> +#endif + +# include <X11/X.h> +# include <X11/Xauth.h> +# include "misc.h" +# include "osdep.h" +# include "dixstruct.h" +# include <sys/types.h> +# include <sys/stat.h> +#ifdef WIN32 +#include <X11/Xw32defs.h> +#endif + +struct protocol { + unsigned short name_length; + const char *name; + AuthAddCFunc Add; /* new authorization data */ + AuthCheckFunc Check; /* verify client authorization data */ + AuthRstCFunc Reset; /* delete all authorization data entries */ + AuthToIDFunc ToID; /* convert cookie to ID */ + AuthFromIDFunc FromID; /* convert ID to cookie */ + AuthRemCFunc Remove; /* remove a specific cookie */ +#ifdef XCSECURITY + AuthGenCFunc Generate; +#endif +}; + +static struct protocol protocols[] = { +{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1", + MitAddCookie, MitCheckCookie, MitResetCookie, + MitToID, MitFromID, MitRemoveCookie, +#ifdef XCSECURITY + MitGenerateCookie +#endif +}, +#ifdef HASXDMAUTH +{ (unsigned short) 19, "XDM-AUTHORIZATION-1", + XdmAddCookie, XdmCheckCookie, XdmResetCookie, + XdmToID, XdmFromID, XdmRemoveCookie, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +#ifdef SECURE_RPC +{ (unsigned short) 9, "SUN-DES-1", + SecureRPCAdd, SecureRPCCheck, SecureRPCReset, + SecureRPCToID, SecureRPCFromID,SecureRPCRemove, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +}; + +# define NUM_AUTHORIZATION (sizeof (protocols) /\ + sizeof (struct protocol)) + +/* + * Initialize all classes of authorization by reading the + * specified authorization file + */ + +static char *authorization_file = (char *)NULL; + +static Bool ShouldLoadAuth = TRUE; + +void +InitAuthorization (char *file_name) +{ + authorization_file = file_name; +} + +static int +LoadAuthorization (void) +{ + FILE *f; + Xauth *auth; + int i; + int count = 0; + + ShouldLoadAuth = FALSE; + if (!authorization_file) + return 0; + + f = Fopen (authorization_file, "r"); + if (!f) + return -1; + + while ((auth = XauReadAuth (f)) != 0) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == auth->name_length && + memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 && + protocols[i].Add) + { + ++count; + (*protocols[i].Add) (auth->data_length, auth->data, + FakeClientID(0)); + } + } + XauDisposeAuth (auth); + } + + Fclose (f); + return count; +} + +#ifdef XDMCP +/* + * XdmcpInit calls this function to discover all authorization + * schemes supported by the display + */ +void +RegisterAuthorizations (void) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) + XdmcpRegisterAuthorization (protocols[i].name, + (int)protocols[i].name_length); +} +#endif + +XID +CheckAuthorization ( + unsigned int name_length, + const char *name, + unsigned int data_length, + const char *data, + ClientPtr client, + const char **reason) /* failure message. NULL for default msg */ +{ + int i; + struct stat buf; + static time_t lastmod = 0; + static Bool loaded = FALSE; + + if (!authorization_file || stat(authorization_file, &buf)) + { + if (lastmod != 0) { + lastmod = 0; + ShouldLoadAuth = TRUE; /* stat lost, so force reload */ + } + } + else if (buf.st_mtime > lastmod) + { + lastmod = buf.st_mtime; + ShouldLoadAuth = TRUE; + } + if (ShouldLoadAuth) + { + int loadauth = LoadAuthorization(); + + /* + * If the authorization file has at least one entry for this server, + * disable local host access. (loadauth > 0) + * + * If there are zero entries (either initially or when the + * authorization file is later reloaded), or if a valid + * authorization file was never loaded, enable local host access. + * (loadauth == 0 || !loaded) + * + * If the authorization file was loaded initially (with valid + * entries for this server), and reloading it later fails, don't + * change anything. (loadauth == -1 && loaded) + */ + + if (loadauth > 0) + { + DisableLocalHost(); /* got at least one */ + loaded = TRUE; + } + else if (loadauth == 0 || !loaded) + EnableLocalHost (); + } + if (name_length) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0) + { + return (*protocols[i].Check) (data_length, data, client, reason); + } + *reason = "Protocol not supported by server\n"; + } + } else *reason = "No protocol specified\n"; + return (XID) ~0L; +} + +void +ResetAuthorization (void) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) + if (protocols[i].Reset) + (*protocols[i].Reset)(); + ShouldLoadAuth = TRUE; +} + +int +AuthorizationFromID ( + XID id, + unsigned short *name_lenp, + const char **namep, + unsigned short *data_lenp, + char **datap) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].FromID && + (*protocols[i].FromID) (id, data_lenp, datap)) { + *name_lenp = protocols[i].name_length; + *namep = protocols[i].name; + return 1; + } + } + return 0; +} + +int +RemoveAuthorization ( + unsigned short name_length, + const char *name, + unsigned short data_length, + const char *data) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Remove) + { + return (*protocols[i].Remove) (data_length, data); + } + } + return 0; +} + +int +AddAuthorization (unsigned name_length, const char *name, + unsigned data_length, char *data) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Add) + { + return (*protocols[i].Add) (data_length, data, FakeClientID(0)); + } + } + return 0; +} + +#ifdef XCSECURITY + +XID +GenerateAuthorization( + unsigned name_length, + const char *name, + unsigned data_length, + const char *data, + unsigned *data_length_return, + char **data_return) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Generate) + { + return (*protocols[i].Generate) (data_length, data, + FakeClientID(0), data_length_return, data_return); + } + } + return -1; +} + +void +GenerateRandomData (int len, char *buf) +{ + int fd; + + fd = open("/dev/urandom", O_RDONLY); + read(fd, buf, len); + close(fd); +} + +#endif /* XCSECURITY */ diff --git a/xorg-server/os/connection.c b/xorg-server/os/connection.c index 6f480deb6..8a677a7ef 100644 --- a/xorg-server/os/connection.c +++ b/xorg-server/os/connection.c @@ -629,7 +629,7 @@ AuthorizationIDOfClient(ClientPtr client) * *****************************************************************/ -char * +const char * ClientAuthorized(ClientPtr client, unsigned int proto_n, char *auth_proto, unsigned int string_n, char *auth_string) @@ -639,7 +639,7 @@ ClientAuthorized(ClientPtr client, int family; int fromlen; XID auth_id; - char *reason = NULL; + const char *reason = NULL; XtransConnInfo trans_conn; priv = (OsCommPtr)client->osPrivate; diff --git a/xorg-server/os/io.c b/xorg-server/os/io.c index 955bf8b73..ebb821653 100644 --- a/xorg-server/os/io.c +++ b/xorg-server/os/io.c @@ -823,7 +823,7 @@ WriteToClient (ClientPtr who, int count, const void *__buf) CARD32 replylen; unsigned long bytesleft; - replylen = ((xGenericReply *)buf)->length; + replylen = ((const xGenericReply *)buf)->length; if (who->swapped) swapl(&replylen); bytesleft = (replylen * 4) + SIZEOF(xReply) - count - padBytes; diff --git a/xorg-server/os/mitauth.c b/xorg-server/os/mitauth.c index 8dfb42be6..477736ee8 100644 --- a/xorg-server/os/mitauth.c +++ b/xorg-server/os/mitauth.c @@ -1,197 +1,197 @@ -/*
-
-Copyright 1988, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-
-*/
-
-/*
- * MIT-MAGIC-COOKIE-1 authorization scheme
- * Author: Keith Packard, MIT X Consortium
- */
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include "os.h"
-#include "osdep.h"
-#include "dixstruct.h"
-
-static struct auth {
- struct auth *next;
- unsigned short len;
- char *data;
- XID id;
-} *mit_auth;
-
-int
-MitAddCookie (
- unsigned short data_length,
- const char *data,
- XID id)
-{
- struct auth *new;
-
- new = malloc(sizeof (struct auth));
- if (!new)
- return 0;
- new->data = malloc((unsigned) data_length);
- if (!new->data) {
- free(new);
- return 0;
- }
- new->next = mit_auth;
- mit_auth = new;
- memmove(new->data, data, (int) data_length);
- new->len = data_length;
- new->id = id;
- return 1;
-}
-
-XID
-MitCheckCookie (
- unsigned short data_length,
- const char *data,
- ClientPtr client,
- char **reason)
-{
- struct auth *auth;
-
- for (auth = mit_auth; auth; auth=auth->next) {
- if (data_length == auth->len &&
- memcmp (data, auth->data, (int) data_length) == 0)
- return auth->id;
- }
- *reason = "Invalid MIT-MAGIC-COOKIE-1 key";
- return (XID) -1;
-}
-
-int
-MitResetCookie (void)
-{
- struct auth *auth, *next;
-
- for (auth = mit_auth; auth; auth=next) {
- next = auth->next;
- free(auth->data);
- free(auth);
- }
- mit_auth = 0;
- return 0;
-}
-
-XID
-MitToID (
- unsigned short data_length,
- char *data)
-{
- struct auth *auth;
-
- for (auth = mit_auth; auth; auth=auth->next) {
- if (data_length == auth->len &&
- memcmp (data, auth->data, data_length) == 0)
- return auth->id;
- }
- return (XID) -1;
-}
-
-int
-MitFromID (
- XID id,
- unsigned short *data_lenp,
- char **datap)
-{
- struct auth *auth;
-
- for (auth = mit_auth; auth; auth=auth->next) {
- if (id == auth->id) {
- *data_lenp = auth->len;
- *datap = auth->data;
- return 1;
- }
- }
- return 0;
-}
-
-int
-MitRemoveCookie (
- unsigned short data_length,
- const char *data)
-{
- struct auth *auth, *prev;
-
- prev = 0;
- for (auth = mit_auth; auth; prev = auth, auth=auth->next) {
- if (data_length == auth->len &&
- memcmp (data, auth->data, data_length) == 0)
- {
- if (prev)
- prev->next = auth->next;
- else
- mit_auth = auth->next;
- free(auth->data);
- free(auth);
- return 1;
- }
- }
- return 0;
-}
-
-#ifdef XCSECURITY
-
-static char cookie[16]; /* 128 bits */
-
-XID
-MitGenerateCookie (
- unsigned data_length,
- const char *data,
- XID id,
- unsigned *data_length_return,
- char **data_return)
-{
- int i = 0;
- int status;
-
- while (data_length--)
- {
- cookie[i++] += *data++;
- if (i >= sizeof (cookie)) i = 0;
- }
- GenerateRandomData(sizeof (cookie), cookie);
- status = MitAddCookie(sizeof (cookie), cookie, id);
- if (!status)
- {
- id = -1;
- }
- else
- {
- *data_return = cookie;
- *data_length_return = sizeof (cookie);
- }
- return id;
-}
-
-#endif /* XCSECURITY */
+/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * MIT-MAGIC-COOKIE-1 authorization scheme + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef HAVE_DIX_CONFIG_H +#include <dix-config.h> +#endif + +#include <X11/X.h> +#include "os.h" +#include "osdep.h" +#include "dixstruct.h" + +static struct auth { + struct auth *next; + unsigned short len; + char *data; + XID id; +} *mit_auth; + +int +MitAddCookie ( + unsigned short data_length, + const char *data, + XID id) +{ + struct auth *new; + + new = malloc(sizeof (struct auth)); + if (!new) + return 0; + new->data = malloc((unsigned) data_length); + if (!new->data) { + free(new); + return 0; + } + new->next = mit_auth; + mit_auth = new; + memmove(new->data, data, (int) data_length); + new->len = data_length; + new->id = id; + return 1; +} + +XID +MitCheckCookie ( + unsigned short data_length, + const char *data, + ClientPtr client, + const char **reason) +{ + struct auth *auth; + + for (auth = mit_auth; auth; auth=auth->next) { + if (data_length == auth->len && + memcmp (data, auth->data, (int) data_length) == 0) + return auth->id; + } + *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; + return (XID) -1; +} + +int +MitResetCookie (void) +{ + struct auth *auth, *next; + + for (auth = mit_auth; auth; auth=next) { + next = auth->next; + free(auth->data); + free(auth); + } + mit_auth = 0; + return 0; +} + +XID +MitToID ( + unsigned short data_length, + char *data) +{ + struct auth *auth; + + for (auth = mit_auth; auth; auth=auth->next) { + if (data_length == auth->len && + memcmp (data, auth->data, data_length) == 0) + return auth->id; + } + return (XID) -1; +} + +int +MitFromID ( + XID id, + unsigned short *data_lenp, + char **datap) +{ + struct auth *auth; + + for (auth = mit_auth; auth; auth=auth->next) { + if (id == auth->id) { + *data_lenp = auth->len; + *datap = auth->data; + return 1; + } + } + return 0; +} + +int +MitRemoveCookie ( + unsigned short data_length, + const char *data) +{ + struct auth *auth, *prev; + + prev = 0; + for (auth = mit_auth; auth; prev = auth, auth=auth->next) { + if (data_length == auth->len && + memcmp (data, auth->data, data_length) == 0) + { + if (prev) + prev->next = auth->next; + else + mit_auth = auth->next; + free(auth->data); + free(auth); + return 1; + } + } + return 0; +} + +#ifdef XCSECURITY + +static char cookie[16]; /* 128 bits */ + +XID +MitGenerateCookie ( + unsigned data_length, + const char *data, + XID id, + unsigned *data_length_return, + char **data_return) +{ + int i = 0; + int status; + + while (data_length--) + { + cookie[i++] += *data++; + if (i >= sizeof (cookie)) i = 0; + } + GenerateRandomData(sizeof (cookie), cookie); + status = MitAddCookie(sizeof (cookie), cookie, id); + if (!status) + { + id = -1; + } + else + { + *data_return = cookie; + *data_length_return = sizeof (cookie); + } + return id; +} + +#endif /* XCSECURITY */ diff --git a/xorg-server/os/osdep.h b/xorg-server/os/osdep.h index 72bd7d762..71a7e44e3 100644 --- a/xorg-server/os/osdep.h +++ b/xorg-server/os/osdep.h @@ -137,7 +137,7 @@ typedef void (*AuthInitFunc) (AuthInitArgs); #define AuthAddCArgs unsigned short data_length, const char *data, XID id typedef int (*AuthAddCFunc) (AuthAddCArgs); -#define AuthCheckArgs unsigned short data_length, const char *data, ClientPtr client, char **reason +#define AuthCheckArgs unsigned short data_length, const char *data, ClientPtr client, const char **reason typedef XID (*AuthCheckFunc) (AuthCheckArgs); #define AuthFromIDArgs XID id, unsigned short *data_lenp, char **datap diff --git a/xorg-server/os/osinit.c b/xorg-server/os/osinit.c index acea682ce..ff3c45de0 100644 --- a/xorg-server/os/osinit.c +++ b/xorg-server/os/osinit.c @@ -151,7 +151,7 @@ void OsInit(void) { static Bool been_here = FALSE; - static char* devnull = "/dev/null"; + static const char* devnull = "/dev/null"; char fname[PATH_MAX]; if (!been_here) { diff --git a/xorg-server/os/rpcauth.c b/xorg-server/os/rpcauth.c index 989a49a06..63b97b675 100644 --- a/xorg-server/os/rpcauth.c +++ b/xorg-server/os/rpcauth.c @@ -128,7 +128,7 @@ static char rpc_error[MAXNETNAMELEN+50]; _X_HIDDEN XID SecureRPCCheck (unsigned short data_length, const char *data, - ClientPtr client, char **reason) + ClientPtr client, const char **reason) { char *fullname; diff --git a/xorg-server/os/utils.c b/xorg-server/os/utils.c index b49fd3251..6461ed591 100644 --- a/xorg-server/os/utils.c +++ b/xorg-server/os/utils.c @@ -248,7 +248,7 @@ LockServer(void) { char tmp[PATH_MAX], pid_str[12]; int lfd, i, haslock, l_pid, t; - char *tmppath = NULL; + const char *tmppath = LOCK_DIR; int len; char port[20]; @@ -256,8 +256,6 @@ LockServer(void) /* * Path names */ - tmppath = LOCK_DIR; - snprintf(port, sizeof(port), "%d", atoi(display)); len = strlen(LOCK_PREFIX) > strlen(LOCK_TMP_PREFIX) ? strlen(LOCK_PREFIX) : strlen(LOCK_TMP_PREFIX); diff --git a/xorg-server/os/xdmauth.c b/xorg-server/os/xdmauth.c index 13da77a37..733fda504 100644 --- a/xorg-server/os/xdmauth.c +++ b/xorg-server/os/xdmauth.c @@ -1,499 +1,499 @@ -/*
-
-Copyright 1988, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-
-*/
-
-/*
- * XDM-AUTHENTICATION-1 (XDMCP authentication) and
- * XDM-AUTHORIZATION-1 (client authorization) protocols
- *
- * Author: Keith Packard, MIT X Consortium
- */
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <stdio.h>
-#include <X11/X.h>
-#define XSERV_t
-#define TRANS_SERVER
-#define TRANS_REOPEN
-#include <X11/Xtrans/Xtrans.h>
-#include "os.h"
-#include "osdep.h"
-#include "dixstruct.h"
-
-#ifdef HASXDMAUTH
-
-static Bool authFromXDMCP;
-
-#ifdef XDMCP
-#include <X11/Xmd.h>
-#undef REQUEST
-#include <X11/Xdmcp.h>
-
-/* XDM-AUTHENTICATION-1 */
-
-static XdmAuthKeyRec privateKey;
-static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1";
-#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1)
-static XdmAuthKeyRec rho;
-
-static Bool
-XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData,
- xdmOpCode packet_type)
-{
- XdmAuthKeyPtr incoming;
-
- XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey,
- incomingData->data,incomingData->length);
- if (packet_type == ACCEPT) {
- if (incomingData->length != 8)
- return FALSE;
- incoming = (XdmAuthKeyPtr) incomingData->data;
- XdmcpDecrementKey (incoming);
- return XdmcpCompareKeys (incoming, &rho);
- }
- return FALSE;
-}
-
-static Bool
-XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData,
- xdmOpCode packet_type)
-{
- outgoingData->length = 0;
- outgoingData->data = 0;
- if (packet_type == REQUEST) {
- if (XdmcpAllocARRAY8 (outgoingData, 8))
- XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey,
- outgoingData->data, 8);
- }
- return TRUE;
-}
-
-static Bool
-XdmAuthenticationAddAuth (int name_len, const char *name,
- int data_len, char *data)
-{
- Bool ret;
- XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey,
- (unsigned char *)data, data_len);
- authFromXDMCP = TRUE;
- ret = AddAuthorization (name_len, name, data_len, data);
- authFromXDMCP = FALSE;
- return ret;
-}
-
-
-#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \
- 'a' <= c && c <= 'f' ? c - 'a' + 10 : \
- 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1)
-
-static int
-HexToBinary (const char *in, char *out, int len)
-{
- int top, bottom;
-
- while (len > 0)
- {
- top = atox(in[0]);
- if (top == -1)
- return 0;
- bottom = atox(in[1]);
- if (bottom == -1)
- return 0;
- *out++ = (top << 4) | bottom;
- in += 2;
- len -= 2;
- }
- if (len)
- return 0;
- *out++ = '\0';
- return 1;
-}
-
-void
-XdmAuthenticationInit (const char *cookie, int cookie_len)
-{
- memset(privateKey.data, 0, 8);
- if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2))
- {
- if (cookie_len > 2 + 2 * 8)
- cookie_len = 2 + 2 * 8;
- HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2);
- }
- else
- {
- if (cookie_len > 7)
- cookie_len = 7;
- memmove (privateKey.data + 1, cookie, cookie_len);
- }
- XdmcpGenerateKey (&rho);
- XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen,
- (char *)&rho,
- sizeof (rho),
- (ValidatorFunc)XdmAuthenticationValidator,
- (GeneratorFunc)XdmAuthenticationGenerator,
- (AddAuthorFunc)XdmAuthenticationAddAuth);
-}
-
-#endif /* XDMCP */
-
-/* XDM-AUTHORIZATION-1 */
-typedef struct _XdmAuthorization {
- struct _XdmAuthorization *next;
- XdmAuthKeyRec rho;
- XdmAuthKeyRec key;
- XID id;
-} XdmAuthorizationRec, *XdmAuthorizationPtr;
-
-static XdmAuthorizationPtr xdmAuth;
-
-typedef struct _XdmClientAuth {
- struct _XdmClientAuth *next;
- XdmAuthKeyRec rho;
- char client[6];
- long time;
-} XdmClientAuthRec, *XdmClientAuthPtr;
-
-static XdmClientAuthPtr xdmClients;
-static long clockOffset;
-static Bool gotClock;
-
-#define TwentyMinutes (20 * 60)
-#define TwentyFiveMinutes (25 * 60)
-
-static Bool
-XdmClientAuthCompare (const XdmClientAuthPtr a, const XdmClientAuthPtr b)
-{
- int i;
-
- if (!XdmcpCompareKeys (&a->rho, &b->rho))
- return FALSE;
- for (i = 0; i < 6; i++)
- if (a->client[i] != b->client[i])
- return FALSE;
- return a->time == b->time;
-}
-
-static void
-XdmClientAuthDecode (const unsigned char *plain, XdmClientAuthPtr auth)
-{
- int i, j;
-
- j = 0;
- for (i = 0; i < 8; i++)
- {
- auth->rho.data[i] = plain[j];
- ++j;
- }
- for (i = 0; i < 6; i++)
- {
- auth->client[i] = plain[j];
- ++j;
- }
- auth->time = 0;
- for (i = 0; i < 4; i++)
- {
- auth->time |= plain[j] << ((3 - i) << 3);
- j++;
- }
-}
-
-static void
-XdmClientAuthTimeout (long now)
-{
- XdmClientAuthPtr client, next, prev;
-
- prev = 0;
- for (client = xdmClients; client; client=next)
- {
- next = client->next;
- if (abs (now - client->time) > TwentyFiveMinutes)
- {
- if (prev)
- prev->next = next;
- else
- xdmClients = next;
- free(client);
- }
- else
- prev = client;
- }
-}
-
-static XdmClientAuthPtr
-XdmAuthorizationValidate (unsigned char *plain, int length,
- XdmAuthKeyPtr rho, ClientPtr xclient, char **reason)
-{
- XdmClientAuthPtr client, existing;
- long now;
- int i;
-
- if (length != (192 / 8)) {
- if (reason)
- *reason = "Bad XDM authorization key length";
- return NULL;
- }
- client = malloc(sizeof (XdmClientAuthRec));
- if (!client)
- return NULL;
- XdmClientAuthDecode (plain, client);
- if (!XdmcpCompareKeys (&client->rho, rho))
- {
- free(client);
- if (reason)
- *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)";
- return NULL;
- }
- for (i = 18; i < 24; i++)
- if (plain[i] != 0) {
- free(client);
- if (reason)
- *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)";
- return NULL;
- }
- if (xclient) {
- int family, addr_len;
- Xtransaddr *addr;
-
- if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn,
- &family, &addr_len, &addr) == 0
- && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) {
-#if defined(TCPCONN) || defined(STREAMSCONN)
- if (family == FamilyInternet &&
- memcmp((char *)addr, client->client, 4) != 0) {
- free(client);
- free(addr);
- if (reason)
- *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)";
- return NULL;
-
- }
-#endif
- free(addr);
- }
- }
- now = time(0);
- if (!gotClock)
- {
- clockOffset = client->time - now;
- gotClock = TRUE;
- }
- now += clockOffset;
- XdmClientAuthTimeout (now);
- if (abs (client->time - now) > TwentyMinutes)
- {
- free(client);
- if (reason)
- *reason = "Excessive XDM-AUTHORIZATION-1 time offset";
- return NULL;
- }
- for (existing = xdmClients; existing; existing=existing->next)
- {
- if (XdmClientAuthCompare (existing, client))
- {
- free(client);
- if (reason)
- *reason = "XDM authorization key matches an existing client!";
- return NULL;
- }
- }
- return client;
-}
-
-int
-XdmAddCookie (unsigned short data_length, const char *data, XID id)
-{
- XdmAuthorizationPtr new;
- unsigned char *rho_bits, *key_bits;
-
- switch (data_length)
- {
- case 16: /* auth from files is 16 bytes long */
-#ifdef XDMCP
- if (authFromXDMCP)
- {
- /* R5 xdm sent bogus authorization data in the accept packet,
- * but we can recover */
- rho_bits = rho.data;
- key_bits = (unsigned char *) data;
- key_bits[0] = '\0';
- }
- else
-#endif
- {
- rho_bits = (unsigned char *) data;
- key_bits = (unsigned char *) (data + 8);
- }
- break;
-#ifdef XDMCP
- case 8: /* auth from XDMCP is 8 bytes long */
- rho_bits = rho.data;
- key_bits = (unsigned char *) data;
- break;
-#endif
- default:
- return 0;
- }
- /* the first octet of the key must be zero */
- if (key_bits[0] != '\0')
- return 0;
- new = malloc(sizeof (XdmAuthorizationRec));
- if (!new)
- return 0;
- new->next = xdmAuth;
- xdmAuth = new;
- memmove (new->key.data, key_bits, (int) 8);
- memmove (new->rho.data, rho_bits, (int) 8);
- new->id = id;
- return 1;
-}
-
-XID
-XdmCheckCookie (unsigned short cookie_length, const char *cookie,
- ClientPtr xclient, char **reason)
-{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
-
- /* Auth packets must be a multiple of 8 bytes long */
- if (cookie_length & 7)
- return (XID) -1;
- plain = malloc(cookie_length);
- if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth=auth->next) {
- XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
- if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL)
- {
- client->next = xdmClients;
- xdmClients = client;
- free(plain);
- return auth->id;
- }
- }
- free(plain);
- return (XID) -1;
-}
-
-int
-XdmResetCookie (void)
-{
- XdmAuthorizationPtr auth, next_auth;
- XdmClientAuthPtr client, next_client;
-
- for (auth = xdmAuth; auth; auth=next_auth)
- {
- next_auth = auth->next;
- free(auth);
- }
- xdmAuth = 0;
- for (client = xdmClients; client; client=next_client)
- {
- next_client = client->next;
- free(client);
- }
- xdmClients = (XdmClientAuthPtr) 0;
- return 1;
-}
-
-XID
-XdmToID (unsigned short cookie_length, char *cookie)
-{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
-
- plain = malloc(cookie_length);
- if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth=auth->next) {
- XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
- if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL)
- {
- free(client);
- free(cookie);
- free(plain);
- return auth->id;
- }
- }
- free(cookie);
- free(plain);
- return (XID) -1;
-}
-
-int
-XdmFromID (XID id, unsigned short *data_lenp, char **datap)
-{
- XdmAuthorizationPtr auth;
-
- for (auth = xdmAuth; auth; auth=auth->next) {
- if (id == auth->id) {
- *data_lenp = 16;
- *datap = (char *) &auth->rho;
- return 1;
- }
- }
- return 0;
-}
-
-int
-XdmRemoveCookie (unsigned short data_length, const char *data)
-{
- XdmAuthorizationPtr auth;
- XdmAuthKeyPtr key_bits, rho_bits;
-
- switch (data_length)
- {
- case 16:
- rho_bits = (XdmAuthKeyPtr) data;
- key_bits = (XdmAuthKeyPtr) (data + 8);
- break;
-#ifdef XDMCP
- case 8:
- rho_bits = ρ
- key_bits = (XdmAuthKeyPtr) data;
- break;
-#endif
- default:
- return 0;
- }
- for (auth = xdmAuth; auth; auth=auth->next) {
- if (XdmcpCompareKeys (rho_bits, &auth->rho) &&
- XdmcpCompareKeys (key_bits, &auth->key))
- {
- xdmAuth = auth->next;
- free(auth);
- return 1;
- }
- }
- return 0;
-}
-
-#endif
+/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * XDM-AUTHENTICATION-1 (XDMCP authentication) and + * XDM-AUTHORIZATION-1 (client authorization) protocols + * + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef HAVE_DIX_CONFIG_H +#include <dix-config.h> +#endif + +#include <stdio.h> +#include <X11/X.h> +#define XSERV_t +#define TRANS_SERVER +#define TRANS_REOPEN +#include <X11/Xtrans/Xtrans.h> +#include "os.h" +#include "osdep.h" +#include "dixstruct.h" + +#ifdef HASXDMAUTH + +static Bool authFromXDMCP; + +#ifdef XDMCP +#include <X11/Xmd.h> +#undef REQUEST +#include <X11/Xdmcp.h> + +/* XDM-AUTHENTICATION-1 */ + +static XdmAuthKeyRec privateKey; +static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1"; +#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1) +static XdmAuthKeyRec rho; + +static Bool +XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData, + xdmOpCode packet_type) +{ + XdmAuthKeyPtr incoming; + + XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey, + incomingData->data,incomingData->length); + if (packet_type == ACCEPT) { + if (incomingData->length != 8) + return FALSE; + incoming = (XdmAuthKeyPtr) incomingData->data; + XdmcpDecrementKey (incoming); + return XdmcpCompareKeys (incoming, &rho); + } + return FALSE; +} + +static Bool +XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData, + xdmOpCode packet_type) +{ + outgoingData->length = 0; + outgoingData->data = 0; + if (packet_type == REQUEST) { + if (XdmcpAllocARRAY8 (outgoingData, 8)) + XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey, + outgoingData->data, 8); + } + return TRUE; +} + +static Bool +XdmAuthenticationAddAuth (int name_len, const char *name, + int data_len, char *data) +{ + Bool ret; + XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey, + (unsigned char *)data, data_len); + authFromXDMCP = TRUE; + ret = AddAuthorization (name_len, name, data_len, data); + authFromXDMCP = FALSE; + return ret; +} + + +#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \ + 'a' <= c && c <= 'f' ? c - 'a' + 10 : \ + 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1) + +static int +HexToBinary (const char *in, char *out, int len) +{ + int top, bottom; + + while (len > 0) + { + top = atox(in[0]); + if (top == -1) + return 0; + bottom = atox(in[1]); + if (bottom == -1) + return 0; + *out++ = (top << 4) | bottom; + in += 2; + len -= 2; + } + if (len) + return 0; + *out++ = '\0'; + return 1; +} + +void +XdmAuthenticationInit (const char *cookie, int cookie_len) +{ + memset(privateKey.data, 0, 8); + if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2)) + { + if (cookie_len > 2 + 2 * 8) + cookie_len = 2 + 2 * 8; + HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2); + } + else + { + if (cookie_len > 7) + cookie_len = 7; + memmove (privateKey.data + 1, cookie, cookie_len); + } + XdmcpGenerateKey (&rho); + XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen, + (char *)&rho, + sizeof (rho), + (ValidatorFunc)XdmAuthenticationValidator, + (GeneratorFunc)XdmAuthenticationGenerator, + (AddAuthorFunc)XdmAuthenticationAddAuth); +} + +#endif /* XDMCP */ + +/* XDM-AUTHORIZATION-1 */ +typedef struct _XdmAuthorization { + struct _XdmAuthorization *next; + XdmAuthKeyRec rho; + XdmAuthKeyRec key; + XID id; +} XdmAuthorizationRec, *XdmAuthorizationPtr; + +static XdmAuthorizationPtr xdmAuth; + +typedef struct _XdmClientAuth { + struct _XdmClientAuth *next; + XdmAuthKeyRec rho; + char client[6]; + long time; +} XdmClientAuthRec, *XdmClientAuthPtr; + +static XdmClientAuthPtr xdmClients; +static long clockOffset; +static Bool gotClock; + +#define TwentyMinutes (20 * 60) +#define TwentyFiveMinutes (25 * 60) + +static Bool +XdmClientAuthCompare (const XdmClientAuthPtr a, const XdmClientAuthPtr b) +{ + int i; + + if (!XdmcpCompareKeys (&a->rho, &b->rho)) + return FALSE; + for (i = 0; i < 6; i++) + if (a->client[i] != b->client[i]) + return FALSE; + return a->time == b->time; +} + +static void +XdmClientAuthDecode (const unsigned char *plain, XdmClientAuthPtr auth) +{ + int i, j; + + j = 0; + for (i = 0; i < 8; i++) + { + auth->rho.data[i] = plain[j]; + ++j; + } + for (i = 0; i < 6; i++) + { + auth->client[i] = plain[j]; + ++j; + } + auth->time = 0; + for (i = 0; i < 4; i++) + { + auth->time |= plain[j] << ((3 - i) << 3); + j++; + } +} + +static void +XdmClientAuthTimeout (long now) +{ + XdmClientAuthPtr client, next, prev; + + prev = 0; + for (client = xdmClients; client; client=next) + { + next = client->next; + if (abs (now - client->time) > TwentyFiveMinutes) + { + if (prev) + prev->next = next; + else + xdmClients = next; + free(client); + } + else + prev = client; + } +} + +static XdmClientAuthPtr +XdmAuthorizationValidate (unsigned char *plain, int length, + XdmAuthKeyPtr rho, ClientPtr xclient, const char **reason) +{ + XdmClientAuthPtr client, existing; + long now; + int i; + + if (length != (192 / 8)) { + if (reason) + *reason = "Bad XDM authorization key length"; + return NULL; + } + client = malloc(sizeof (XdmClientAuthRec)); + if (!client) + return NULL; + XdmClientAuthDecode (plain, client); + if (!XdmcpCompareKeys (&client->rho, rho)) + { + free(client); + if (reason) + *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)"; + return NULL; + } + for (i = 18; i < 24; i++) + if (plain[i] != 0) { + free(client); + if (reason) + *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)"; + return NULL; + } + if (xclient) { + int family, addr_len; + Xtransaddr *addr; + + if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn, + &family, &addr_len, &addr) == 0 + && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) { +#if defined(TCPCONN) || defined(STREAMSCONN) + if (family == FamilyInternet && + memcmp((char *)addr, client->client, 4) != 0) { + free(client); + free(addr); + if (reason) + *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)"; + return NULL; + + } +#endif + free(addr); + } + } + now = time(0); + if (!gotClock) + { + clockOffset = client->time - now; + gotClock = TRUE; + } + now += clockOffset; + XdmClientAuthTimeout (now); + if (abs (client->time - now) > TwentyMinutes) + { + free(client); + if (reason) + *reason = "Excessive XDM-AUTHORIZATION-1 time offset"; + return NULL; + } + for (existing = xdmClients; existing; existing=existing->next) + { + if (XdmClientAuthCompare (existing, client)) + { + free(client); + if (reason) + *reason = "XDM authorization key matches an existing client!"; + return NULL; + } + } + return client; +} + +int +XdmAddCookie (unsigned short data_length, const char *data, XID id) +{ + XdmAuthorizationPtr new; + unsigned char *rho_bits, *key_bits; + + switch (data_length) + { + case 16: /* auth from files is 16 bytes long */ +#ifdef XDMCP + if (authFromXDMCP) + { + /* R5 xdm sent bogus authorization data in the accept packet, + * but we can recover */ + rho_bits = rho.data; + key_bits = (unsigned char *) data; + key_bits[0] = '\0'; + } + else +#endif + { + rho_bits = (unsigned char *) data; + key_bits = (unsigned char *) (data + 8); + } + break; +#ifdef XDMCP + case 8: /* auth from XDMCP is 8 bytes long */ + rho_bits = rho.data; + key_bits = (unsigned char *) data; + break; +#endif + default: + return 0; + } + /* the first octet of the key must be zero */ + if (key_bits[0] != '\0') + return 0; + new = malloc(sizeof (XdmAuthorizationRec)); + if (!new) + return 0; + new->next = xdmAuth; + xdmAuth = new; + memmove (new->key.data, key_bits, (int) 8); + memmove (new->rho.data, rho_bits, (int) 8); + new->id = id; + return 1; +} + +XID +XdmCheckCookie (unsigned short cookie_length, const char *cookie, + ClientPtr xclient, const char **reason) +{ + XdmAuthorizationPtr auth; + XdmClientAuthPtr client; + unsigned char *plain; + + /* Auth packets must be a multiple of 8 bytes long */ + if (cookie_length & 7) + return (XID) -1; + plain = malloc(cookie_length); + if (!plain) + return (XID) -1; + for (auth = xdmAuth; auth; auth=auth->next) { + XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); + if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL) + { + client->next = xdmClients; + xdmClients = client; + free(plain); + return auth->id; + } + } + free(plain); + return (XID) -1; +} + +int +XdmResetCookie (void) +{ + XdmAuthorizationPtr auth, next_auth; + XdmClientAuthPtr client, next_client; + + for (auth = xdmAuth; auth; auth=next_auth) + { + next_auth = auth->next; + free(auth); + } + xdmAuth = 0; + for (client = xdmClients; client; client=next_client) + { + next_client = client->next; + free(client); + } + xdmClients = (XdmClientAuthPtr) 0; + return 1; +} + +XID +XdmToID (unsigned short cookie_length, char *cookie) +{ + XdmAuthorizationPtr auth; + XdmClientAuthPtr client; + unsigned char *plain; + + plain = malloc(cookie_length); + if (!plain) + return (XID) -1; + for (auth = xdmAuth; auth; auth=auth->next) { + XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); + if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL) + { + free(client); + free(cookie); + free(plain); + return auth->id; + } + } + free(cookie); + free(plain); + return (XID) -1; +} + +int +XdmFromID (XID id, unsigned short *data_lenp, char **datap) +{ + XdmAuthorizationPtr auth; + + for (auth = xdmAuth; auth; auth=auth->next) { + if (id == auth->id) { + *data_lenp = 16; + *datap = (char *) &auth->rho; + return 1; + } + } + return 0; +} + +int +XdmRemoveCookie (unsigned short data_length, const char *data) +{ + XdmAuthorizationPtr auth; + XdmAuthKeyPtr key_bits, rho_bits; + + switch (data_length) + { + case 16: + rho_bits = (XdmAuthKeyPtr) data; + key_bits = (XdmAuthKeyPtr) (data + 8); + break; +#ifdef XDMCP + case 8: + rho_bits = ρ + key_bits = (XdmAuthKeyPtr) data; + break; +#endif + default: + return 0; + } + for (auth = xdmAuth; auth; auth=auth->next) { + if (XdmcpCompareKeys (rho_bits, &auth->rho) && + XdmcpCompareKeys (key_bits, &auth->key)) + { + xdmAuth = auth->next; + free(auth); + return 1; + } + } + return 0; +} + +#endif diff --git a/xorg-server/os/xdmcp.c b/xorg-server/os/xdmcp.c index 46440718c..77f02da91 100644 --- a/xorg-server/os/xdmcp.c +++ b/xorg-server/os/xdmcp.c @@ -60,7 +60,7 @@ #define X_INCLUDE_NETDB_H #include <X11/Xos_r.h> -static char *defaultDisplayClass = COMPILEDDISPLAYCLASS; +static const char *defaultDisplayClass = COMPILEDDISPLAYCLASS; static int xdmcpSocket, sessionSocket; static xdmcp_states state; @@ -479,7 +479,7 @@ XdmcpRegisterConnection ( if (SOCKADDR_FAMILY(FromAddress) == AF_INET6) { fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr; } else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET) && - IN6_IS_ADDR_V4MAPPED((struct in6_addr *) address)) { + IN6_IS_ADDR_V4MAPPED((const struct in6_addr *) address)) { fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; regAddr = &((struct sockaddr_in6 *)&address)->sin6_addr.s6_addr[12]; regAddrlen = sizeof(struct in_addr); @@ -1593,7 +1593,7 @@ get_fromaddr_by_name( static int get_mcast_options(int argc, char **argv, int i) { - char *address = XDM_DEFAULT_MCAST_ADDR6; + const char *address = XDM_DEFAULT_MCAST_ADDR6; int hopcount = 1; struct addrinfo hints; char portstr[6]; |