diff options
Diffstat (limited to 'xorg-server/os')
-rw-r--r-- | xorg-server/os/access.c | 4404 | ||||
-rw-r--r-- | xorg-server/os/auth.c | 679 | ||||
-rw-r--r-- | xorg-server/os/mitauth.c | 394 | ||||
-rw-r--r-- | xorg-server/os/osdep.h | 23 | ||||
-rw-r--r-- | xorg-server/os/rpcauth.c | 386 | ||||
-rw-r--r-- | xorg-server/os/xdmauth.c | 998 | ||||
-rw-r--r-- | xorg-server/os/xdmcp.c | 3332 |
7 files changed, 5109 insertions, 5107 deletions
diff --git a/xorg-server/os/access.c b/xorg-server/os/access.c index 74c340a43..603210f85 100644 --- a/xorg-server/os/access.c +++ b/xorg-server/os/access.c @@ -1,2202 +1,2202 @@ -/*********************************************************** - -Copyright 1987, 1998 The Open Group - -All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, and/or sell copies of the Software, and to permit persons -to whom the Software is furnished to do so, provided that the above -copyright notice(s) and this permission notice appear in all copies of -the Software and that both the above copyright notice(s) and this -permission notice appear in supporting documentation. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT -OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR -HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL -INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING -FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Except as contained in this notice, the name of a copyright holder -shall not be used in advertising or otherwise to promote the sale, use -or other dealings in this Software without prior written authorization -of the copyright holder. - -X Window System is a trademark of The Open Group. - -Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts. - - All Rights Reserved - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of Digital not be -used in advertising or publicity pertaining to distribution of the -software without specific, written prior permission. - -DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING -ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL -DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR -ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, -WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, -ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -SOFTWARE. - -******************************************************************/ - -/* - * Copyright © 2004 Sun Microsystems, Inc. All rights reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a - * copy of this software and associated documentation files (the "Software"), - * to deal in the Software without restriction, including without limitation - * the rights to use, copy, modify, merge, publish, distribute, sublicense, - * and/or sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice (including the next - * paragraph) shall be included in all copies or substantial portions of the - * Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#ifdef WIN32 -#include <X11/Xwinsock.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#define XSERV_t -#define TRANS_SERVER -#define TRANS_REOPEN -#include <X11/Xtrans/Xtrans.h> -#include <X11/Xauth.h> -#include <X11/X.h> -#include <X11/Xproto.h> -#include "misc.h" -#include "site.h" -#include <errno.h> -#include <sys/types.h> -#ifndef WIN32 -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <ctype.h> - -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(__SCO__) -#include <netinet/in.h> -#endif /* TCPCONN || STREAMSCONN || ISC || __SCO__ */ -#ifdef DNETCONN -#include <netdnet/dn.h> -#include <netdnet/dnetdb.h> -#endif - -#ifdef HAS_GETPEERUCRED -# include <ucred.h> -# ifdef sun -# include <zone.h> -# endif -#endif - -#if defined(SVR4) || (defined(SYSV) && defined(__i386__)) || defined(__GNU__) -# include <sys/utsname.h> -#endif -#if defined(SYSV) && defined(__i386__) -# include <sys/stream.h> -#endif -#ifdef __GNU__ -#undef SIOCGIFCONF -#include <netdb.h> -#else /*!__GNU__*/ -# include <net/if.h> -#endif /*__GNU__ */ - -#ifdef SVR4 -#include <sys/sockio.h> -#include <sys/stropts.h> -#endif - -#include <netdb.h> - -#ifdef CSRG_BASED -#include <sys/param.h> -#if (BSD >= 199103) -#define VARIABLE_IFREQ -#endif -#endif - -#ifdef BSD44SOCKETS -#ifndef VARIABLE_IFREQ -#define VARIABLE_IFREQ -#endif -#endif - -#ifdef HAS_GETIFADDRS -#include <ifaddrs.h> -#endif - -/* Solaris provides an extended interface SIOCGLIFCONF. Other systems - * may have this as well, but the code has only been tested on Solaris - * so far, so we only enable it there. Other platforms may be added as - * needed. - * - * Test for Solaris commented out -- TSI @ UQV 2003.06.13 - */ -#ifdef SIOCGLIFCONF -/* #if defined(sun) */ -#define USE_SIOCGLIFCONF -/* #endif */ -#endif - -#endif /* WIN32 */ - -#ifndef PATH_MAX -#include <sys/param.h> -#ifndef PATH_MAX -#ifdef MAXPATHLEN -#define PATH_MAX MAXPATHLEN -#else -#define PATH_MAX 1024 -#endif -#endif -#endif - -#ifdef __SCO__ -/* The system defined value is wrong. MAXPATHLEN is set in sco5.cf. */ -#undef PATH_MAX -#endif - -#define X_INCLUDE_NETDB_H -#include <X11/Xos_r.h> - -#include "dixstruct.h" -#include "osdep.h" - -#include "xace.h" - -#ifndef PATH_MAX -#ifdef MAXPATHLEN -#define PATH_MAX MAXPATHLEN -#else -#define PATH_MAX 1024 -#endif -#endif - -Bool defeatAccessControl = FALSE; - -#define acmp(a1, a2, len) memcmp((char *)(a1), (char *)(a2), len) -#define acopy(a1, a2, len) memmove((char *)(a2), (char *)(a1), len) -#define addrEqual(fam, address, length, host) \ - ((fam) == (host)->family &&\ - (length) == (host)->len &&\ - !acmp (address, (host)->addr, length)) - -static int ConvertAddr(struct sockaddr * /*saddr*/, - int * /*len*/, - pointer * /*addr*/); - -static int CheckAddr(int /*family*/, - pointer /*pAddr*/, - unsigned /*length*/); - -static Bool NewHost(int /*family*/, - pointer /*addr*/, - int /*len*/, - int /* addingLocalHosts */); - -/* XFree86 bug #156: To keep track of which hosts were explicitly requested in - /etc/X<display>.hosts, we've added a requested field to the HOST struct, - and a LocalHostRequested variable. These default to FALSE, but are set - to TRUE in ResetHosts when reading in /etc/X<display>.hosts. They are - checked in DisableLocalHost(), which is called to disable the default - local host entries when stronger authentication is turned on. */ - -typedef struct _host { - short family; - short len; - unsigned char *addr; - struct _host *next; - int requested; -} HOST; - -#define MakeHost(h,l) (h)=xalloc(sizeof *(h)+(l));\ - if (h) { \ - (h)->addr=(unsigned char *) ((h) + 1);\ - (h)->requested = FALSE; \ - } -#define FreeHost(h) xfree(h) -static HOST *selfhosts = NULL; -static HOST *validhosts = NULL; -static int AccessEnabled = DEFAULT_ACCESS_CONTROL; -static int LocalHostEnabled = FALSE; -static int LocalHostRequested = FALSE; -static int UsingXdmcp = FALSE; - -/* FamilyServerInterpreted implementation */ -static Bool siAddrMatch(int family, pointer addr, int len, HOST *host, - ClientPtr client); -static int siCheckAddr(const char *addrString, int length); -static void siTypesInitialize(void); - -/* - * called when authorization is not enabled to add the - * local host to the access list - */ - -void -EnableLocalHost (void) -{ - if (!UsingXdmcp) - { - LocalHostEnabled = TRUE; - AddLocalHosts (); - } -} - -/* - * called when authorization is enabled to keep us secure - */ -void -DisableLocalHost (void) -{ - HOST *self; - - if (!LocalHostRequested) /* Fix for XFree86 bug #156 */ - LocalHostEnabled = FALSE; - for (self = selfhosts; self; self = self->next) { - if (!self->requested) /* Fix for XFree86 bug #156 */ - (void) RemoveHost ((ClientPtr)NULL, self->family, self->len, (pointer)self->addr); - } -} - -/* - * called at init time when XDMCP will be used; xdmcp always - * adds local hosts manually when needed - */ - -void -AccessUsingXdmcp (void) -{ - UsingXdmcp = TRUE; - LocalHostEnabled = FALSE; -} - - -#if defined(SVR4) && !defined(SCO325) && !defined(sun) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF) - -/* Deal with different SIOCGIFCONF ioctl semantics on these OSs */ - -static int -ifioctl (int fd, int cmd, char *arg) -{ - struct strioctl ioc; - int ret; - - bzero((char *) &ioc, sizeof(ioc)); - ioc.ic_cmd = cmd; - ioc.ic_timout = 0; - if (cmd == SIOCGIFCONF) - { - ioc.ic_len = ((struct ifconf *) arg)->ifc_len; - ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf; - } - else - { - ioc.ic_len = sizeof(struct ifreq); - ioc.ic_dp = arg; - } - ret = ioctl(fd, I_STR, (char *) &ioc); - if (ret >= 0 && cmd == SIOCGIFCONF) -#ifdef SVR4 - ((struct ifconf *) arg)->ifc_len = ioc.ic_len; -#endif - return(ret); -} -#else /* Case sun, SCO325 and others */ -#define ifioctl ioctl -#endif /* ((SVR4 && !sun !SCO325) || ISC) && SIOCGIFCONF */ - -/* - * DefineSelf (fd): - * - * Define this host for access control. Find all the hosts the OS knows about - * for this fd and add them to the selfhosts list. - */ - -#if !defined(SIOCGIFCONF) -void -DefineSelf (int fd) -{ -#if !defined(TCPCONN) && !defined(STREAMSCONN) && !defined(UNIXCONN) && !defined(MNX_TCPCONN) - return; -#else - register int n; - int len; - caddr_t addr; - int family; - register HOST *host; - -#ifndef WIN32 - struct utsname name; -#else - struct { - char nodename[512]; - } name; -#endif - - register struct hostent *hp; - - union { - struct sockaddr sa; - struct sockaddr_in in; -#if defined(IPv6) && defined(AF_INET6) - struct sockaddr_in6 in6; -#endif - } saddr; - - struct sockaddr_in *inetaddr; - struct sockaddr_in6 *inet6addr; - struct sockaddr_in broad_addr; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - - /* Why not use gethostname()? Well, at least on my system, I've had to - * make an ugly kernel patch to get a name longer than 8 characters, and - * uname() lets me access to the whole string (it smashes release, you - * see), whereas gethostname() kindly truncates it for me. - */ -#ifndef WIN32 - uname(&name); -#else - gethostname(name.nodename, sizeof(name.nodename)); -#endif - - hp = _XGethostbyname(name.nodename, hparams); - if (hp != NULL) - { - saddr.sa.sa_family = hp->h_addrtype; - switch (hp->h_addrtype) { - case AF_INET: - inetaddr = (struct sockaddr_in *) (&(saddr.sa)); - acopy ( hp->h_addr, &(inetaddr->sin_addr), hp->h_length); - len = sizeof(saddr.sa); - break; -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: - inet6addr = (struct sockaddr_in6 *) (&(saddr.sa)); - acopy ( hp->h_addr, &(inet6addr->sin6_addr), hp->h_length); - len = sizeof(saddr.in6); - break; -#endif - default: - goto DefineLocalHost; - } - family = ConvertAddr ( &(saddr.sa), &len, (pointer *)&addr); - if ( family != -1 && family != FamilyLocal ) - { - for (host = selfhosts; - host && !addrEqual (family, addr, len, host); - host = host->next) ; - if (!host) - { - /* add this host to the host list. */ - MakeHost(host,len) - if (host) - { - host->family = family; - host->len = len; - acopy ( addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } -#ifdef XDMCP - /* - * If this is an Internet Address, but not the localhost - * address (127.0.0.1), nor the bogus address (0.0.0.0), - * register it. - */ - if (family == FamilyInternet && - !(len == 4 && - ((addr[0] == 127) || - (addr[0] == 0 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 0))) - ) - { - XdmcpRegisterConnection (family, (char *)addr, len); - broad_addr = *inetaddr; - ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr = - htonl (INADDR_BROADCAST); - XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) - &broad_addr); - } -#if defined(IPv6) && defined(AF_INET6) - else if (family == FamilyInternet6 && - !(IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))) - { - XdmcpRegisterConnection (family, (char *)addr, len); - } -#endif - -#endif /* XDMCP */ - } - } - } - /* - * now add a host of family FamilyLocalHost... - */ -DefineLocalHost: - for (host = selfhosts; - host && !addrEqual(FamilyLocalHost, "", 0, host); - host = host->next); - if (!host) - { - MakeHost(host, 0); - if (host) - { - host->family = FamilyLocalHost; - host->len = 0; - acopy("", host->addr, 0); - host->next = selfhosts; - selfhosts = host; - } - } -#endif /* !TCPCONN && !STREAMSCONN && !UNIXCONN && !MNX_TCPCONN */ -} - -#else - -#ifdef USE_SIOCGLIFCONF -#define ifr_type struct lifreq -#else -#define ifr_type struct ifreq -#endif - -#ifdef VARIABLE_IFREQ -#define ifr_size(p) (sizeof (struct ifreq) + \ - (p->ifr_addr.sa_len > sizeof (p->ifr_addr) ? \ - p->ifr_addr.sa_len - sizeof (p->ifr_addr) : 0)) -#define ifraddr_size(a) (a.sa_len) -#else -#define ifr_size(p) (sizeof (ifr_type)) -#define ifraddr_size(a) (sizeof (a)) -#endif - -#if defined(IPv6) && defined(AF_INET6) -#include <arpa/inet.h> -#endif - -#if defined(IPv6) && defined(AF_INET6) -static void -in6_fillscopeid(struct sockaddr_in6 *sin6) -{ -#if defined(__KAME__) - if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { - sin6->sin6_scope_id = - ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); - sin6->sin6_addr.s6_addr[2] = sin6->sin6_addr.s6_addr[3] = 0; - } -#endif -} -#endif - -void -DefineSelf (int fd) -{ -#ifndef HAS_GETIFADDRS - char *cp, *cplim; -# ifdef USE_SIOCGLIFCONF - struct sockaddr_storage buf[16]; - struct lifconf ifc; - register struct lifreq *ifr; -# ifdef SIOCGLIFNUM - struct lifnum ifn; -# endif -# else /* !USE_SIOCGLIFCONF */ - char buf[2048]; - struct ifconf ifc; - register struct ifreq *ifr; -# endif - void * bufptr = buf; -#else /* HAS_GETIFADDRS */ - struct ifaddrs * ifap, *ifr; -#endif - int len; - unsigned char * addr; - int family; - register HOST *host; - -#ifdef DNETCONN - struct dn_naddr *dnaddr = getnodeadd(); - /* - * AF_DECnet may not be listed in the interface list. Instead use - * the supported library call to find out the local address (if any). - */ - if (dnaddr) - { - addr = (unsigned char *) dnaddr; - len = dnaddr->a_len + sizeof(dnaddr->a_len); - family = FamilyDECnet; - for (host = selfhosts; - host && !addrEqual (family, addr, len, host); - host = host->next) - ; - if (!host) - { - MakeHost(host,len) - if (host) - { - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } - } - } -#endif /* DNETCONN */ -#ifndef HAS_GETIFADDRS - - len = sizeof(buf); - -#ifdef USE_SIOCGLIFCONF - -#ifdef SIOCGLIFNUM - ifn.lifn_family = AF_UNSPEC; - ifn.lifn_flags = 0; - if (ioctl (fd, SIOCGLIFNUM, (char *) &ifn) < 0) - Error ("Getting interface count"); - if (len < (ifn.lifn_count * sizeof(struct lifreq))) { - len = ifn.lifn_count * sizeof(struct lifreq); - bufptr = xalloc(len); - } -#endif - - ifc.lifc_family = AF_UNSPEC; - ifc.lifc_flags = 0; - ifc.lifc_len = len; - ifc.lifc_buf = bufptr; - -#define IFC_IOCTL_REQ SIOCGLIFCONF -#define IFC_IFC_REQ ifc.lifc_req -#define IFC_IFC_LEN ifc.lifc_len -#define IFR_IFR_ADDR ifr->lifr_addr -#define IFR_IFR_NAME ifr->lifr_name - -#else /* Use SIOCGIFCONF */ - ifc.ifc_len = len; - ifc.ifc_buf = bufptr; - -#define IFC_IOCTL_REQ SIOCGIFCONF -#define IFC_IFC_REQ ifc.ifc_req -#define IFC_IFC_LEN ifc.ifc_len -#define IFR_IFR_ADDR ifr->ifr_addr -#define IFR_IFR_NAME ifr->ifr_name -#endif - - if (ifioctl (fd, IFC_IOCTL_REQ, (pointer) &ifc) < 0) - Error ("Getting interface configuration (4)"); - - cplim = (char *) IFC_IFC_REQ + IFC_IFC_LEN; - - for (cp = (char *) IFC_IFC_REQ; cp < cplim; cp += ifr_size (ifr)) - { - ifr = (ifr_type *) cp; - len = ifraddr_size (IFR_IFR_ADDR); - family = ConvertAddr ((struct sockaddr *) &IFR_IFR_ADDR, - &len, (pointer *)&addr); -#ifdef DNETCONN - /* - * DECnet was handled up above. - */ - if (family == AF_DECnet) - continue; -#endif /* DNETCONN */ - if (family == -1 || family == FamilyLocal) - continue; -#if defined(IPv6) && defined(AF_INET6) - if (family == FamilyInternet6) - in6_fillscopeid((struct sockaddr_in6 *)&IFR_IFR_ADDR); -#endif - for (host = selfhosts; - host && !addrEqual (family, addr, len, host); - host = host->next) - ; - if (host) - continue; - MakeHost(host,len) - if (host) - { - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } -#ifdef XDMCP - { -#ifdef USE_SIOCGLIFCONF - struct sockaddr_storage broad_addr; -#else - struct sockaddr broad_addr; -#endif - - /* - * If this isn't an Internet Address, don't register it. - */ - if (family != FamilyInternet -#if defined(IPv6) && defined(AF_INET6) - && family != FamilyInternet6 -#endif - ) - continue; - - /* - * ignore 'localhost' entries as they're not useful - * on the other end of the wire - */ - if (family == FamilyInternet && - addr[0] == 127 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 1) - continue; -#if defined(IPv6) && defined(AF_INET6) - else if (family == FamilyInternet6 && - IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)) - continue; -#endif - - /* - * Ignore '0.0.0.0' entries as they are - * returned by some OSes for unconfigured NICs but they are - * not useful on the other end of the wire. - */ - if (len == 4 && - addr[0] == 0 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 0) - continue; - - XdmcpRegisterConnection (family, (char *)addr, len); - -#if defined(IPv6) && defined(AF_INET6) - /* IPv6 doesn't support broadcasting, so we drop out here */ - if (family == FamilyInternet6) - continue; -#endif - - broad_addr = IFR_IFR_ADDR; - - ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr = - htonl (INADDR_BROADCAST); -#if defined(USE_SIOCGLIFCONF) && defined(SIOCGLIFBRDADDR) - { - struct lifreq broad_req; - - broad_req = *ifr; - if (ioctl (fd, SIOCGLIFFLAGS, (char *) &broad_req) != -1 && - (broad_req.lifr_flags & IFF_BROADCAST) && - (broad_req.lifr_flags & IFF_UP) - ) - { - broad_req = *ifr; - if (ioctl (fd, SIOCGLIFBRDADDR, &broad_req) != -1) - broad_addr = broad_req.lifr_broadaddr; - else - continue; - } - else - continue; - } - -#elif defined(SIOCGIFBRDADDR) - { - struct ifreq broad_req; - - broad_req = *ifr; - if (ifioctl (fd, SIOCGIFFLAGS, (pointer) &broad_req) != -1 && - (broad_req.ifr_flags & IFF_BROADCAST) && - (broad_req.ifr_flags & IFF_UP) - ) - { - broad_req = *ifr; - if (ifioctl (fd, SIOCGIFBRDADDR, (pointer) &broad_req) != -1) - broad_addr = broad_req.ifr_addr; - else - continue; - } - else - continue; - } -#endif /* SIOCGIFBRDADDR */ - XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) &broad_addr); - } -#endif /* XDMCP */ - } - if (bufptr != buf) - free(bufptr); -#else /* HAS_GETIFADDRS */ - if (getifaddrs(&ifap) < 0) { - ErrorF("Warning: getifaddrs returns %s\n", strerror(errno)); - return; - } - for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) { - if (!ifr->ifa_addr) - continue; -#ifdef DNETCONN - if (ifr->ifa_addr.sa_family == AF_DECnet) - continue; -#endif /* DNETCONN */ - len = sizeof(*(ifr->ifa_addr)); - family = ConvertAddr(ifr->ifa_addr, &len, (pointer *)&addr); - if (family == -1 || family == FamilyLocal) - continue; -#if defined(IPv6) && defined(AF_INET6) - if (family == FamilyInternet6) - in6_fillscopeid((struct sockaddr_in6 *)ifr->ifa_addr); -#endif - - for (host = selfhosts; - host != NULL && !addrEqual(family, addr, len, host); - host = host->next) - ; - if (host != NULL) - continue; - MakeHost(host, len); - if (host != NULL) { - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } -#ifdef XDMCP - { - struct sockaddr broad_addr; - /* - * If this isn't an Internet Address, don't register it. - */ - if (family != FamilyInternet -#if defined(IPv6) && defined(AF_INET6) - && family != FamilyInternet6 -#endif - ) - continue; - - /* - * ignore 'localhost' entries as they're not useful - * on the other end of the wire - */ - if (ifr->ifa_flags & IFF_LOOPBACK) - continue; - - if (family == FamilyInternet && - addr[0] == 127 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 1) - continue; - - /* - * Ignore '0.0.0.0' entries as they are - * returned by some OSes for unconfigured NICs but they are - * not useful on the other end of the wire. - */ - if (len == 4 && - addr[0] == 0 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 0) - continue; -#if defined(IPv6) && defined(AF_INET6) - else if (family == FamilyInternet6 && - IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)) - continue; -#endif - XdmcpRegisterConnection(family, (char *)addr, len); -#if defined(IPv6) && defined(AF_INET6) - if (family == FamilyInternet6) - /* IPv6 doesn't support broadcasting, so we drop out here */ - continue; -#endif - if ((ifr->ifa_flags & IFF_BROADCAST) && - (ifr->ifa_flags & IFF_UP) && - ifr->ifa_broadaddr) - broad_addr = *ifr->ifa_broadaddr; - else - continue; - XdmcpRegisterBroadcastAddress((struct sockaddr_in *) - &broad_addr); - } -#endif /* XDMCP */ - - } /* for */ - freeifaddrs(ifap); -#endif /* HAS_GETIFADDRS */ - - /* - * add something of FamilyLocalHost - */ - for (host = selfhosts; - host && !addrEqual(FamilyLocalHost, "", 0, host); - host = host->next); - if (!host) - { - MakeHost(host, 0); - if (host) - { - host->family = FamilyLocalHost; - host->len = 0; - acopy("", host->addr, 0); - host->next = selfhosts; - selfhosts = host; - } - } -} -#endif /* hpux && !HAS_IFREQ */ - -#ifdef XDMCP -void -AugmentSelf(pointer from, int len) -{ - int family; - pointer addr; - register HOST *host; - - family = ConvertAddr(from, &len, (pointer *)&addr); - if (family == -1 || family == FamilyLocal) - return; - for (host = selfhosts; host; host = host->next) - { - if (addrEqual(family, addr, len, host)) - return; - } - MakeHost(host,len) - if (!host) - return; - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; -} -#endif - -void -AddLocalHosts (void) -{ - HOST *self; - - for (self = selfhosts; self; self = self->next) - /* Fix for XFree86 bug #156: pass addingLocal = TRUE to - * NewHost to tell that we are adding the default local - * host entries and not to flag the entries as being - * explicitely requested */ - (void) NewHost (self->family, self->addr, self->len, TRUE); -} - -/* Reset access control list to initial hosts */ -void -ResetHosts (char *display) -{ - register HOST *host; - char lhostname[120], ohostname[120]; - char *hostname = ohostname; - char fname[PATH_MAX + 1]; - int fnamelen; - FILE *fd; - char *ptr; - int i, hostlen; -#if ((defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)) && \ - (!defined(IPv6) || !defined(AF_INET6))) || defined(DNETCONN) - union { - struct sockaddr sa; -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - struct sockaddr_in in; -#endif /* TCPCONN || STREAMSCONN */ -#ifdef DNETCONN - struct sockaddr_dn dn; -#endif - } saddr; -#endif -#ifdef DNETCONN - struct nodeent *np; - struct dn_naddr dnaddr, *dnaddrp, *dnet_addr(); -#endif - int family = 0; - pointer addr; - int len; - - siTypesInitialize(); - AccessEnabled = defeatAccessControl ? FALSE : DEFAULT_ACCESS_CONTROL; - LocalHostEnabled = FALSE; - while ((host = validhosts) != 0) - { - validhosts = host->next; - FreeHost (host); - } - -#if defined WIN32 && defined __MINGW32__ -#define ETC_HOST_PREFIX "X" -#else -#define ETC_HOST_PREFIX "/etc/X" -#endif -#define ETC_HOST_SUFFIX ".hosts" - fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) + - strlen(display) + 1; - if (fnamelen > sizeof(fname)) - FatalError("Display name `%s' is too long\n", display); - snprintf(fname, sizeof(fname), ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX, - display); - - if ((fd = fopen (fname, "r")) != 0) - { - while (fgets (ohostname, sizeof (ohostname), fd)) - { - family = FamilyWild; - if (*ohostname == '#') - continue; - if ((ptr = strchr(ohostname, '\n')) != 0) - *ptr = 0; - hostlen = strlen(ohostname) + 1; - for (i = 0; i < hostlen; i++) - lhostname[i] = tolower(ohostname[i]); - hostname = ohostname; - if (!strncmp("local:", lhostname, 6)) - { - family = FamilyLocalHost; - NewHost(family, "", 0, FALSE); - LocalHostRequested = TRUE; /* Fix for XFree86 bug #156 */ - } -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - else if (!strncmp("inet:", lhostname, 5)) - { - family = FamilyInternet; - hostname = ohostname + 5; - } -#if defined(IPv6) && defined(AF_INET6) - else if (!strncmp("inet6:", lhostname, 6)) - { - family = FamilyInternet6; - hostname = ohostname + 6; - } -#endif -#endif -#ifdef DNETCONN - else if (!strncmp("dnet:", lhostname, 5)) - { - family = FamilyDECnet; - hostname = ohostname + 5; - } -#endif -#ifdef SECURE_RPC - else if (!strncmp("nis:", lhostname, 4)) - { - family = FamilyNetname; - hostname = ohostname + 4; - } -#endif - else if (!strncmp("si:", lhostname, 3)) - { - family = FamilyServerInterpreted; - hostname = ohostname + 3; - hostlen -= 3; - } - - - if (family == FamilyServerInterpreted) - { - len = siCheckAddr(hostname, hostlen); - if (len >= 0) { - NewHost(family, hostname, len, FALSE); - } - } - else -#ifdef DNETCONN - if ((family == FamilyDECnet) || ((family == FamilyWild) && - (ptr = strchr(hostname, ':')) && (*(ptr + 1) == ':') && - !(*ptr = '\0'))) /* bash trailing colons if necessary */ - { - /* node name (DECnet names end in "::") */ - dnaddrp = dnet_addr(hostname); - if (!dnaddrp && (np = getnodebyname (hostname))) - { - /* node was specified by name */ - saddr.sa.sa_family = np->n_addrtype; - len = sizeof(saddr.sa); - if (ConvertAddr (&saddr.sa, &len, (pointer *)&addr) == FamilyDECnet) - { - bzero ((char *) &dnaddr, sizeof (dnaddr)); - dnaddr.a_len = np->n_length; - acopy (np->n_addr, dnaddr.a_addr, np->n_length); - dnaddrp = &dnaddr; - } - } - if (dnaddrp) - (void) NewHost(FamilyDECnet, (pointer)dnaddrp, - (int)(dnaddrp->a_len + sizeof(dnaddrp->a_len)), FALSE); - } - else -#endif /* DNETCONN */ -#ifdef SECURE_RPC - if ((family == FamilyNetname) || (strchr(hostname, '@'))) - { - SecureRPCInit (); - (void) NewHost (FamilyNetname, hostname, strlen (hostname), FALSE); - } - else -#endif /* SECURE_RPC */ -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - { -#if defined(IPv6) && defined(AF_INET6) - if ( (family == FamilyInternet) || (family == FamilyInternet6) || - (family == FamilyWild) ) - { - struct addrinfo *addresses; - struct addrinfo *a; - int f; - - if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) { - for (a = addresses ; a != NULL ; a = a->ai_next) { - len = a->ai_addrlen; - f = ConvertAddr(a->ai_addr,&len,(pointer *)&addr); - if ( (family == f) || - ((family == FamilyWild) && (f != -1)) ) { - NewHost(f, addr, len, FALSE); - } - } - freeaddrinfo(addresses); - } - } -#else -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - register struct hostent *hp; - - /* host name */ - if ((family == FamilyInternet && - ((hp = _XGethostbyname(hostname, hparams)) != 0)) || - ((hp = _XGethostbyname(hostname, hparams)) != 0)) - { - saddr.sa.sa_family = hp->h_addrtype; - len = sizeof(saddr.sa); - if ((family = ConvertAddr (&saddr.sa, &len, (pointer *)&addr)) != -1) - { -#ifdef h_addr /* new 4.3bsd version of gethostent */ - char **list; - - /* iterate over the addresses */ - for (list = hp->h_addr_list; *list; list++) - (void) NewHost (family, (pointer)*list, len, FALSE); -#else - (void) NewHost (family, (pointer)hp->h_addr, len, FALSE); -#endif - } - } -#endif /* IPv6 */ - } -#endif /* TCPCONN || STREAMSCONN */ - family = FamilyWild; - } - fclose (fd); - } -} - -/* Is client on the local host */ -Bool LocalClient(ClientPtr client) -{ - int alen, family, notused; - Xtransaddr *from = NULL; - pointer addr; - register HOST *host; - - if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, - ¬used, &alen, &from)) - { - family = ConvertAddr ((struct sockaddr *) from, - &alen, (pointer *)&addr); - if (family == -1) - { - xfree (from); - return FALSE; - } - if (family == FamilyLocal) - { - xfree (from); - return TRUE; - } - for (host = selfhosts; host; host = host->next) - { - if (addrEqual (family, addr, alen, host)) - return TRUE; - } - xfree (from); - } - return FALSE; -} - -/* - * Return the uid and gid of a connected local client - * - * Used by XShm to test access rights to shared memory segments - */ -int -LocalClientCred(ClientPtr client, int *pUid, int *pGid) -{ - LocalClientCredRec *lcc; - int ret = GetLocalClientCreds(client, &lcc); - - if (ret == 0) { -#ifdef HAVE_GETZONEID /* only local if in the same zone */ - if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) { - FreeLocalClientCreds(lcc); - return -1; - } -#endif - if ((lcc->fieldsSet & LCC_UID_SET) && (pUid != NULL)) - *pUid = lcc->euid; - if ((lcc->fieldsSet & LCC_GID_SET) && (pGid != NULL)) - *pGid = lcc->egid; - FreeLocalClientCreds(lcc); - } - return ret; -} - -/* - * Return the uid and all gids of a connected local client - * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds - * - * Used by localuser & localgroup ServerInterpreted access control forms below - * Used by AuthAudit to log who local connections came from - */ -int -GetLocalClientCreds(ClientPtr client, LocalClientCredRec **lccp) -{ -#if defined(HAS_GETPEEREID) || defined(HAS_GETPEERUCRED) || defined(SO_PEERCRED) - int fd; - XtransConnInfo ci; - LocalClientCredRec *lcc; -#ifdef HAS_GETPEEREID - uid_t uid; - gid_t gid; -#elif defined(HAS_GETPEERUCRED) - ucred_t *peercred = NULL; - const gid_t *gids; -#elif defined(SO_PEERCRED) - struct ucred peercred; - socklen_t so_len = sizeof(peercred); -#endif - - if (client == NULL) - return -1; - ci = ((OsCommPtr)client->osPrivate)->trans_conn; -#if !(defined(sun) && defined(HAS_GETPEERUCRED)) - /* Most implementations can only determine peer credentials for Unix - * domain sockets - Solaris getpeerucred can work with a bit more, so - * we just let it tell us if the connection type is supported or not - */ - if (!_XSERVTransIsLocal(ci)) { - return -1; - } -#endif - - *lccp = Xcalloc(sizeof(LocalClientCredRec)); - if (*lccp == NULL) - return -1; - lcc = *lccp; - - fd = _XSERVTransGetConnectionNumber(ci); -#ifdef HAS_GETPEEREID - if (getpeereid(fd, &uid, &gid) == -1) { - FreeLocalClientCreds(lcc); - return -1; - } - lcc->euid = uid; - lcc->egid = gid; - lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET; - return 0; -#elif defined(HAS_GETPEERUCRED) - if (getpeerucred(fd, &peercred) < 0) { - FreeLocalClientCreds(lcc); - return -1; - } - lcc->euid = ucred_geteuid(peercred); - if (lcc->euid != -1) - lcc->fieldsSet |= LCC_UID_SET; - lcc->egid = ucred_getegid(peercred); - if (lcc->egid != -1) - lcc->fieldsSet |= LCC_GID_SET; - lcc->pid = ucred_getpid(peercred); - if (lcc->pid != -1) - lcc->fieldsSet |= LCC_PID_SET; -#ifdef HAVE_GETZONEID - lcc->zoneid = ucred_getzoneid(peercred); - if (lcc->zoneid != -1) - lcc->fieldsSet |= LCC_ZID_SET; -#endif - lcc->nSuppGids = ucred_getgroups(peercred, &gids); - if (lcc->nSuppGids > 0) { - lcc->pSuppGids = Xcalloc((lcc->nSuppGids) * sizeof(int)); - if (lcc->pSuppGids == NULL) { - lcc->nSuppGids = 0; - } else { - int i; - for (i = 0 ; i < lcc->nSuppGids; i++) { - (lcc->pSuppGids)[i] = (int) gids[i]; - } - } - } else { - lcc->nSuppGids = 0; - } - ucred_free(peercred); - return 0; -#elif defined(SO_PEERCRED) - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1) { - FreeLocalClientCreds(lcc); - return -1; - } - lcc->euid = peercred.uid; - lcc->egid = peercred.gid; - lcc->pid = peercred.pid; - lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET | LCC_PID_SET; - return 0; -#endif -#else - /* No system call available to get the credentials of the peer */ -#define NO_LOCAL_CLIENT_CRED - return -1; -#endif -} - -void -FreeLocalClientCreds(LocalClientCredRec *lcc) -{ - if (lcc != NULL) { - if (lcc->nSuppGids > 0) { - Xfree(lcc->pSuppGids); - } - Xfree(lcc); - } -} - -static int -AuthorizedClient(ClientPtr client) -{ - int rc; - - if (!client || defeatAccessControl) - return Success; - - /* untrusted clients can't change host access */ - rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess); - if (rc != Success) - return rc; - - return LocalClient(client) ? Success : BadAccess; -} - -/* Add a host to the access control list. This is the external interface - * called from the dispatcher */ - -int -AddHost (ClientPtr client, - int family, - unsigned length, /* of bytes in pAddr */ - pointer pAddr) -{ - int rc, len; - - rc = AuthorizedClient(client); - if (rc != Success) - return rc; - switch (family) { - case FamilyLocalHost: - len = length; - LocalHostEnabled = TRUE; - break; -#ifdef SECURE_RPC - case FamilyNetname: - len = length; - SecureRPCInit (); - break; -#endif - case FamilyInternet: -#if defined(IPv6) && defined(AF_INET6) - case FamilyInternet6: -#endif - case FamilyDECnet: - case FamilyChaos: - case FamilyServerInterpreted: - if ((len = CheckAddr (family, pAddr, length)) < 0) - { - client->errorValue = length; - return (BadValue); - } - break; - case FamilyLocal: - default: - client->errorValue = family; - return (BadValue); - } - if (NewHost (family, pAddr, len, FALSE)) - return Success; - return BadAlloc; -} - -Bool -ForEachHostInFamily (int family, - Bool (*func)( - unsigned char * /* addr */, - short /* len */, - pointer /* closure */), - pointer closure) -{ - HOST *host; - - for (host = validhosts; host; host = host->next) - if (family == host->family && func (host->addr, host->len, closure)) - return TRUE; - return FALSE; -} - -/* Add a host to the access control list. This is the internal interface - * called when starting or resetting the server */ -static Bool -NewHost (int family, - pointer addr, - int len, - int addingLocalHosts) -{ - register HOST *host; - - for (host = validhosts; host; host = host->next) - { - if (addrEqual (family, addr, len, host)) - return TRUE; - } - if (!addingLocalHosts) { /* Fix for XFree86 bug #156 */ - for (host = selfhosts; host; host = host->next) { - if (addrEqual (family, addr, len, host)) { - host->requested = TRUE; - break; - } - } - } - MakeHost(host,len) - if (!host) - return FALSE; - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = validhosts; - validhosts = host; - return TRUE; -} - -/* Remove a host from the access control list */ - -int -RemoveHost ( - ClientPtr client, - int family, - unsigned length, /* of bytes in pAddr */ - pointer pAddr) -{ - int rc, len; - register HOST *host, **prev; - - rc = AuthorizedClient(client); - if (rc != Success) - return rc; - switch (family) { - case FamilyLocalHost: - len = length; - LocalHostEnabled = FALSE; - break; -#ifdef SECURE_RPC - case FamilyNetname: - len = length; - break; -#endif - case FamilyInternet: -#if defined(IPv6) && defined(AF_INET6) - case FamilyInternet6: -#endif - case FamilyDECnet: - case FamilyChaos: - case FamilyServerInterpreted: - if ((len = CheckAddr (family, pAddr, length)) < 0) - { - client->errorValue = length; - return(BadValue); - } - break; - case FamilyLocal: - default: - client->errorValue = family; - return(BadValue); - } - for (prev = &validhosts; - (host = *prev) && (!addrEqual (family, pAddr, len, host)); - prev = &host->next) - ; - if (host) - { - *prev = host->next; - FreeHost (host); - } - return (Success); -} - -/* Get all hosts in the access control list */ -int -GetHosts ( - pointer *data, - int *pnHosts, - int *pLen, - BOOL *pEnabled) -{ - int len; - register int n = 0; - register unsigned char *ptr; - register HOST *host; - int nHosts = 0; - - *pEnabled = AccessEnabled ? EnableAccess : DisableAccess; - for (host = validhosts; host; host = host->next) - { - nHosts++; - n += pad_to_int32(host->len) + sizeof(xHostEntry); - } - if (n) - { - *data = ptr = xalloc (n); - if (!ptr) - { - return(BadAlloc); - } - for (host = validhosts; host; host = host->next) - { - len = host->len; - ((xHostEntry *)ptr)->family = host->family; - ((xHostEntry *)ptr)->length = len; - ptr += sizeof(xHostEntry); - acopy (host->addr, ptr, len); - ptr += pad_to_int32(len); - } - } else { - *data = NULL; - } - *pnHosts = nHosts; - *pLen = n; - return(Success); -} - -/* Check for valid address family and length, and return address length. */ - -/*ARGSUSED*/ -static int -CheckAddr ( - int family, - pointer pAddr, - unsigned length) -{ - int len; - - switch (family) - { -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - case FamilyInternet: - if (length == sizeof (struct in_addr)) - len = length; - else - len = -1; - break; -#if defined(IPv6) && defined(AF_INET6) - case FamilyInternet6: - if (length == sizeof (struct in6_addr)) - len = length; - else - len = -1; - break; -#endif -#endif -#ifdef DNETCONN - case FamilyDECnet: - { - struct dn_naddr *dnaddr = (struct dn_naddr *) pAddr; - - if ((length < sizeof(dnaddr->a_len)) || - (length < dnaddr->a_len + sizeof(dnaddr->a_len))) - len = -1; - else - len = dnaddr->a_len + sizeof(dnaddr->a_len); - if (len > sizeof(struct dn_naddr)) - len = -1; - } - break; -#endif - case FamilyServerInterpreted: - len = siCheckAddr(pAddr, length); - break; - default: - len = -1; - } - return (len); -} - -/* Check if a host is not in the access control list. - * Returns 1 if host is invalid, 0 if we've found it. */ - -int -InvalidHost ( - register struct sockaddr *saddr, - int len, - ClientPtr client) -{ - int family; - pointer addr; - register HOST *selfhost, *host; - - if (!AccessEnabled) /* just let them in */ - return(0); - family = ConvertAddr (saddr, &len, (pointer *)&addr); - if (family == -1) - return 1; - if (family == FamilyLocal) - { - if (!LocalHostEnabled) - { - /* - * check to see if any local address is enabled. This - * implicitly enables local connections. - */ - for (selfhost = selfhosts; selfhost; selfhost=selfhost->next) - { - for (host = validhosts; host; host=host->next) - { - if (addrEqual (selfhost->family, selfhost->addr, - selfhost->len, host)) - return 0; - } - } - } else - return 0; - } - for (host = validhosts; host; host = host->next) - { - if ((host->family == FamilyServerInterpreted)) { - if (siAddrMatch (family, addr, len, host, client)) { - return (0); - } - } else { - if (addrEqual (family, addr, len, host)) - return (0); - } - - } - return (1); -} - -static int -ConvertAddr ( - register struct sockaddr *saddr, - int *len, - pointer *addr) -{ - if (*len == 0) - return (FamilyLocal); - switch (saddr->sa_family) - { - case AF_UNSPEC: -#if defined(UNIXCONN) || defined(LOCALCONN) - case AF_UNIX: -#endif - return FamilyLocal; -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - case AF_INET: -#ifdef WIN32 - if (16777343 == *(long*)&((struct sockaddr_in *) saddr)->sin_addr) - return FamilyLocal; -#endif - *len = sizeof (struct in_addr); - *addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr); - return FamilyInternet; -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: - { - struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *) saddr; - if (IN6_IS_ADDR_V4MAPPED(&(saddr6->sin6_addr))) { - *len = sizeof (struct in_addr); - *addr = (pointer) &(saddr6->sin6_addr.s6_addr[12]); - return FamilyInternet; - } else { - *len = sizeof (struct in6_addr); - *addr = (pointer) &(saddr6->sin6_addr); - return FamilyInternet6; - } - } -#endif -#endif -#ifdef DNETCONN - case AF_DECnet: - { - struct sockaddr_dn *sdn = (struct sockaddr_dn *) saddr; - *len = sdn->sdn_nodeaddrl + sizeof(sdn->sdn_nodeaddrl); - *addr = (pointer) &(sdn->sdn_add); - } - return FamilyDECnet; -#endif -#ifdef CHAOSCONN - case AF_CHAOS: - { - not implemented - } - return FamilyChaos; -#endif - default: - return -1; - } -} - -int -ChangeAccessControl( - ClientPtr client, - int fEnabled) -{ - int rc = AuthorizedClient(client); - if (rc != Success) - return rc; - AccessEnabled = fEnabled; - return Success; -} - -/* returns FALSE if xhost + in effect, else TRUE */ -int -GetAccessControl(void) -{ - return AccessEnabled; -} - -/***************************************************************************** - * FamilyServerInterpreted host entry implementation - * - * Supports an extensible system of host types which the server can interpret - * See the IPv6 extensions to the X11 protocol spec for the definition. - * - * Currently supported schemes: - * - * hostname - hostname as defined in IETF RFC 2396 - * ipv6 - IPv6 literal address as defined in IETF RFC's 3513 and <TBD> - * - * See xc/doc/specs/SIAddresses for formal definitions of each type. - */ - -/* These definitions and the siTypeAdd function could be exported in the - * future to enable loading additional host types, but that was not done for - * the initial implementation. - */ -typedef Bool (*siAddrMatchFunc)(int family, pointer addr, int len, - const char *siAddr, int siAddrlen, ClientPtr client, void *siTypePriv); -typedef int (*siCheckAddrFunc)(const char *addrString, int length, - void *siTypePriv); - -struct siType { - struct siType * next; - const char * typeName; - siAddrMatchFunc addrMatch; - siCheckAddrFunc checkAddr; - void * typePriv; /* Private data for type routines */ -}; - -static struct siType *siTypeList; - -static int -siTypeAdd(const char *typeName, siAddrMatchFunc addrMatch, - siCheckAddrFunc checkAddr, void *typePriv) -{ - struct siType *s, *p; - - if ((typeName == NULL) || (addrMatch == NULL) || (checkAddr == NULL)) - return BadValue; - - for (s = siTypeList, p = NULL; s != NULL ; p = s, s = s->next) { - if (strcmp(typeName, s->typeName) == 0) { - s->addrMatch = addrMatch; - s->checkAddr = checkAddr; - s->typePriv = typePriv; - return Success; - } - } - - s = xalloc(sizeof(struct siType)); - if (s == NULL) - return BadAlloc; - - if (p == NULL) - siTypeList = s; - else - p->next = s; - - s->next = NULL; - s->typeName = typeName; - s->addrMatch = addrMatch; - s->checkAddr = checkAddr; - s->typePriv = typePriv; - return Success; -} - -/* Checks to see if a host matches a server-interpreted host entry */ -static Bool -siAddrMatch(int family, pointer addr, int len, HOST *host, ClientPtr client) -{ - Bool matches = FALSE; - struct siType *s; - const char *valueString; - int addrlen; - - valueString = (const char *) memchr(host->addr, '\0', host->len); - if (valueString != NULL) { - for (s = siTypeList; s != NULL ; s = s->next) { - if (strcmp((char *) host->addr, s->typeName) == 0) { - addrlen = host->len - (strlen((char *)host->addr) + 1); - matches = s->addrMatch(family, addr, len, - valueString + 1, addrlen, client, s->typePriv); - break; - } - } -#ifdef FAMILY_SI_DEBUG - ErrorF( - "Xserver: siAddrMatch(): type = %s, value = %*.*s -- %s\n", - host->addr, addrlen, addrlen, valueString + 1, - (matches) ? "accepted" : "rejected"); -#endif - } - return matches; -} - -static int -siCheckAddr(const char *addrString, int length) -{ - const char *valueString; - int addrlen, typelen; - int len = -1; - struct siType *s; - - /* Make sure there is a \0 byte inside the specified length - to separate the address type from the address value. */ - valueString = (const char *) memchr(addrString, '\0', length); - if (valueString != NULL) { - /* Make sure the first string is a recognized address type, - * and the second string is a valid address of that type. - */ - typelen = strlen(addrString) + 1; - addrlen = length - typelen; - - for (s = siTypeList; s != NULL ; s = s->next) { - if (strcmp(addrString, s->typeName) == 0) { - len = s->checkAddr(valueString + 1, addrlen, s->typePriv); - if (len >= 0) { - len += typelen; - } - break; - } - } -#ifdef FAMILY_SI_DEBUG - { - const char *resultMsg; - - if (s == NULL) { - resultMsg = "type not registered"; - } else { - if (len == -1) - resultMsg = "rejected"; - else - resultMsg = "accepted"; - } - - ErrorF("Xserver: siCheckAddr(): type = %s, value = %*.*s, len = %d -- %s\n", - addrString, addrlen, addrlen, valueString + 1, len, resultMsg); - } -#endif - } - return len; -} - - -/*** - * Hostname server-interpreted host type - * - * Stored as hostname string, explicitly defined to be resolved ONLY - * at access check time, to allow for hosts with dynamic addresses - * but static hostnames, such as found in some DHCP & mobile setups. - * - * Hostname must conform to IETF RFC 2396 sec. 3.2.2, which defines it as: - * hostname = *( domainlabel "." ) toplabel [ "." ] - * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum - * toplabel = alpha | alpha *( alphanum | "-" ) alphanum - */ - -#ifdef NI_MAXHOST -# define SI_HOSTNAME_MAXLEN NI_MAXHOST -#else -# ifdef MAXHOSTNAMELEN -# define SI_HOSTNAME_MAXLEN MAXHOSTNAMELEN -# else -# define SI_HOSTNAME_MAXLEN 256 -# endif -#endif - -static Bool -siHostnameAddrMatch(int family, pointer addr, int len, - const char *siAddr, int siAddrLen, ClientPtr client, void *typePriv) -{ - Bool res = FALSE; - -/* Currently only supports checking against IPv4 & IPv6 connections, but - * support for other address families, such as DECnet, could be added if - * desired. - */ -#if defined(IPv6) && defined(AF_INET6) - if ((family == FamilyInternet) || (family == FamilyInternet6)) { - char hostname[SI_HOSTNAME_MAXLEN]; - struct addrinfo *addresses; - struct addrinfo *a; - int f, hostaddrlen; - pointer hostaddr; - - if (siAddrLen >= sizeof(hostname)) - return FALSE; - - strncpy(hostname, siAddr, siAddrLen); - hostname[siAddrLen] = '\0'; - - if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) { - for (a = addresses ; a != NULL ; a = a->ai_next) { - hostaddrlen = a->ai_addrlen; - f = ConvertAddr(a->ai_addr,&hostaddrlen,&hostaddr); - if ((f == family) && (len == hostaddrlen) && - (acmp (addr, hostaddr, len) == 0) ) { - res = TRUE; - break; - } - } - freeaddrinfo(addresses); - } - } -#else /* IPv6 not supported, use gethostbyname instead for IPv4 */ - if (family == FamilyInternet) { - register struct hostent *hp; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - char hostname[SI_HOSTNAME_MAXLEN]; - int f, hostaddrlen; - pointer hostaddr; - const char **addrlist; - - if (siAddrLen >= sizeof(hostname)) - return FALSE; - - strncpy(hostname, siAddr, siAddrLen); - hostname[siAddrLen] = '\0'; - - if ((hp = _XGethostbyname(hostname, hparams)) != NULL) { -#ifdef h_addr /* new 4.3bsd version of gethostent */ - /* iterate over the addresses */ - for (addrlist = hp->h_addr_list; *addrlist; addrlist++) -#else - addrlist = &hp->h_addr; -#endif - { - struct sockaddr_in sin; - - sin.sin_family = hp->h_addrtype; - acopy ( *addrlist, &(sin.sin_addr), hp->h_length); - hostaddrlen = sizeof(sin); - f = ConvertAddr ((struct sockaddr *)&sin, - &hostaddrlen, &hostaddr); - if ((f == family) && (len == hostaddrlen) && - (acmp (addr, hostaddr, len) == 0) ) { - res = TRUE; - break; - } - } - } - } -#endif - return res; -} - - -static int -siHostnameCheckAddr(const char *valueString, int length, void *typePriv) -{ - /* Check conformance of hostname to RFC 2396 sec. 3.2.2 definition. - * We do not use ctype functions here to avoid locale-specific - * character sets. Hostnames must be pure ASCII. - */ - int len = length; - int i; - Bool dotAllowed = FALSE; - Bool dashAllowed = FALSE; - - if ((length <= 0) || (length >= SI_HOSTNAME_MAXLEN)) { - len = -1; - } else { - for (i = 0; i < length; i++) { - char c = valueString[i]; - - if (c == 0x2E) { /* '.' */ - if (dotAllowed == FALSE) { - len = -1; - break; - } else { - dotAllowed = FALSE; - dashAllowed = FALSE; - } - } else if (c == 0x2D) { /* '-' */ - if (dashAllowed == FALSE) { - len = -1; - break; - } else { - dotAllowed = FALSE; - } - } else if (((c >= 0x30) && (c <= 0x3A)) /* 0-9 */ || - ((c >= 0x61) && (c <= 0x7A)) /* a-z */ || - ((c >= 0x41) && (c <= 0x5A)) /* A-Z */) { - dotAllowed = TRUE; - dashAllowed = TRUE; - } else { /* Invalid character */ - len = -1; - break; - } - } - } - return len; -} - -#if defined(IPv6) && defined(AF_INET6) -/*** - * "ipv6" server interpreted type - * - * Currently supports only IPv6 literal address as specified in IETF RFC 3513 - * - * Once draft-ietf-ipv6-scoping-arch-00.txt becomes an RFC, support will be - * added for the scoped address format it specifies. - */ - -/* Maximum length of an IPv6 address string - increase when adding support - * for scoped address qualifiers. Includes room for trailing NUL byte. - */ -#define SI_IPv6_MAXLEN INET6_ADDRSTRLEN - -static Bool -siIPv6AddrMatch(int family, pointer addr, int len, - const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv) -{ - struct in6_addr addr6; - char addrbuf[SI_IPv6_MAXLEN]; - - if ((family != FamilyInternet6) || (len != sizeof(addr6))) - return FALSE; - - memcpy(addrbuf, siAddr, siAddrlen); - addrbuf[siAddrlen] = '\0'; - - if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) { - perror("inet_pton"); - return FALSE; - } - - if (memcmp(addr, &addr6, len) == 0) { - return TRUE; - } else { - return FALSE; - } -} - -static int -siIPv6CheckAddr(const char *addrString, int length, void *typePriv) -{ - int len; - - /* Minimum length is 3 (smallest legal address is "::1") */ - if (length < 3) { - /* Address is too short! */ - len = -1; - } else if (length >= SI_IPv6_MAXLEN) { - /* Address is too long! */ - len = -1; - } else { - /* Assume inet_pton is sufficient validation */ - struct in6_addr addr6; - char addrbuf[SI_IPv6_MAXLEN]; - - memcpy(addrbuf, addrString, length); - addrbuf[length] = '\0'; - - if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) { - perror("inet_pton"); - len = -1; - } else { - len = length; - } - } - return len; -} -#endif /* IPv6 */ - -#if !defined(NO_LOCAL_CLIENT_CRED) -/*** - * "localuser" & "localgroup" server interpreted types - * - * Allows local connections from a given local user or group - */ - -#include <pwd.h> -#include <grp.h> - -#define LOCAL_USER 1 -#define LOCAL_GROUP 2 - -typedef struct { - int credType; -} siLocalCredPrivRec, *siLocalCredPrivPtr; - -static siLocalCredPrivRec siLocalUserPriv = { LOCAL_USER }; -static siLocalCredPrivRec siLocalGroupPriv = { LOCAL_GROUP }; - -static Bool -siLocalCredGetId(const char *addr, int len, siLocalCredPrivPtr lcPriv, int *id) -{ - Bool parsedOK = FALSE; - char *addrbuf = xalloc(len + 1); - - if (addrbuf == NULL) { - return FALSE; - } - - memcpy(addrbuf, addr, len); - addrbuf[len] = '\0'; - - if (addr[0] == '#') { /* numeric id */ - char *cp; - errno = 0; - *id = strtol(addrbuf + 1, &cp, 0); - if ((errno == 0) && (cp != (addrbuf+1))) { - parsedOK = TRUE; - } - } else { /* non-numeric name */ - if (lcPriv->credType == LOCAL_USER) { - struct passwd *pw = getpwnam(addrbuf); - - if (pw != NULL) { - *id = (int) pw->pw_uid; - parsedOK = TRUE; - } - } else { /* group */ - struct group *gr = getgrnam(addrbuf); - - if (gr != NULL) { - *id = (int) gr->gr_gid; - parsedOK = TRUE; - } - } - } - - xfree(addrbuf); - return parsedOK; -} - -static Bool -siLocalCredAddrMatch(int family, pointer addr, int len, - const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv) -{ - int siAddrId; - LocalClientCredRec *lcc; - siLocalCredPrivPtr lcPriv = (siLocalCredPrivPtr) typePriv; - - if (GetLocalClientCreds(client, &lcc) == -1) { - return FALSE; - } - -#ifdef HAVE_GETZONEID /* Ensure process is in the same zone */ - if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) { - FreeLocalClientCreds(lcc); - return FALSE; - } -#endif - - if (siLocalCredGetId(siAddr, siAddrlen, lcPriv, &siAddrId) == FALSE) { - FreeLocalClientCreds(lcc); - return FALSE; - } - - if (lcPriv->credType == LOCAL_USER) { - if ((lcc->fieldsSet & LCC_UID_SET) && (lcc->euid == siAddrId)) { - FreeLocalClientCreds(lcc); - return TRUE; - } - } else { - if ((lcc->fieldsSet & LCC_GID_SET) && (lcc->egid == siAddrId)) { - FreeLocalClientCreds(lcc); - return TRUE; - } - if (lcc->pSuppGids != NULL) { - int i; - - for (i = 0 ; i < lcc->nSuppGids; i++) { - if (lcc->pSuppGids[i] == siAddrId) { - FreeLocalClientCreds(lcc); - return TRUE; - } - } - } - } - FreeLocalClientCreds(lcc); - return FALSE; -} - -static int -siLocalCredCheckAddr(const char *addrString, int length, void *typePriv) -{ - int len = length; - int id; - - if (siLocalCredGetId(addrString, length, - (siLocalCredPrivPtr)typePriv, &id) == FALSE) { - len = -1; - } - return len; -} -#endif /* localuser */ - -static void -siTypesInitialize(void) -{ - siTypeAdd("hostname", siHostnameAddrMatch, siHostnameCheckAddr, NULL); -#if defined(IPv6) && defined(AF_INET6) - siTypeAdd("ipv6", siIPv6AddrMatch, siIPv6CheckAddr, NULL); -#endif -#if !defined(NO_LOCAL_CLIENT_CRED) - siTypeAdd("localuser", siLocalCredAddrMatch, siLocalCredCheckAddr, - &siLocalUserPriv); - siTypeAdd("localgroup", siLocalCredAddrMatch, siLocalCredCheckAddr, - &siLocalGroupPriv); -#endif -} +/***********************************************************
+
+Copyright 1987, 1998 The Open Group
+
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, and/or sell copies of the Software, and to permit persons
+to whom the Software is furnished to do so, provided that the above
+copyright notice(s) and this permission notice appear in all copies of
+the Software and that both the above copyright notice(s) and this
+permission notice appear in supporting documentation.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+Except as contained in this notice, the name of a copyright holder
+shall not be used in advertising or otherwise to promote the sale, use
+or other dealings in this Software without prior written authorization
+of the copyright holder.
+
+X Window System is a trademark of The Open Group.
+
+Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts.
+
+ All Rights Reserved
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of Digital not be
+used in advertising or publicity pertaining to distribution of the
+software without specific, written prior permission.
+
+DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+******************************************************************/
+
+/*
+ * Copyright © 2004 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#ifdef WIN32
+#include <X11/Xwinsock.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#define XSERV_t
+#define TRANS_SERVER
+#define TRANS_REOPEN
+#include <X11/Xtrans/Xtrans.h>
+#include <X11/Xauth.h>
+#include <X11/X.h>
+#include <X11/Xproto.h>
+#include "misc.h"
+#include "site.h"
+#include <errno.h>
+#include <sys/types.h>
+#ifndef WIN32
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <ctype.h>
+
+#if defined(TCPCONN) || defined(STREAMSCONN) || defined(__SCO__)
+#include <netinet/in.h>
+#endif /* TCPCONN || STREAMSCONN || ISC || __SCO__ */
+#ifdef DNETCONN
+#include <netdnet/dn.h>
+#include <netdnet/dnetdb.h>
+#endif
+
+#ifdef HAS_GETPEERUCRED
+# include <ucred.h>
+# ifdef sun
+# include <zone.h>
+# endif
+#endif
+
+#if defined(SVR4) || (defined(SYSV) && defined(__i386__)) || defined(__GNU__)
+# include <sys/utsname.h>
+#endif
+#if defined(SYSV) && defined(__i386__)
+# include <sys/stream.h>
+#endif
+#ifdef __GNU__
+#undef SIOCGIFCONF
+#include <netdb.h>
+#else /*!__GNU__*/
+# include <net/if.h>
+#endif /*__GNU__ */
+
+#ifdef SVR4
+#include <sys/sockio.h>
+#include <sys/stropts.h>
+#endif
+
+#include <netdb.h>
+
+#ifdef CSRG_BASED
+#include <sys/param.h>
+#if (BSD >= 199103)
+#define VARIABLE_IFREQ
+#endif
+#endif
+
+#ifdef BSD44SOCKETS
+#ifndef VARIABLE_IFREQ
+#define VARIABLE_IFREQ
+#endif
+#endif
+
+#ifdef HAS_GETIFADDRS
+#include <ifaddrs.h>
+#endif
+
+/* Solaris provides an extended interface SIOCGLIFCONF. Other systems
+ * may have this as well, but the code has only been tested on Solaris
+ * so far, so we only enable it there. Other platforms may be added as
+ * needed.
+ *
+ * Test for Solaris commented out -- TSI @ UQV 2003.06.13
+ */
+#ifdef SIOCGLIFCONF
+/* #if defined(sun) */
+#define USE_SIOCGLIFCONF
+/* #endif */
+#endif
+
+#endif /* WIN32 */
+
+#ifndef PATH_MAX
+#include <sys/param.h>
+#ifndef PATH_MAX
+#ifdef MAXPATHLEN
+#define PATH_MAX MAXPATHLEN
+#else
+#define PATH_MAX 1024
+#endif
+#endif
+#endif
+
+#ifdef __SCO__
+/* The system defined value is wrong. MAXPATHLEN is set in sco5.cf. */
+#undef PATH_MAX
+#endif
+
+#define X_INCLUDE_NETDB_H
+#include <X11/Xos_r.h>
+
+#include "dixstruct.h"
+#include "osdep.h"
+
+#include "xace.h"
+
+#ifndef PATH_MAX
+#ifdef MAXPATHLEN
+#define PATH_MAX MAXPATHLEN
+#else
+#define PATH_MAX 1024
+#endif
+#endif
+
+Bool defeatAccessControl = FALSE;
+
+#define acmp(a1, a2, len) memcmp((char *)(a1), (char *)(a2), len)
+#define acopy(a1, a2, len) memmove((char *)(a2), (char *)(a1), len)
+#define addrEqual(fam, address, length, host) \
+ ((fam) == (host)->family &&\
+ (length) == (host)->len &&\
+ !acmp (address, (host)->addr, length))
+
+static int ConvertAddr(struct sockaddr * /*saddr*/,
+ int * /*len*/,
+ pointer * /*addr*/);
+
+static int CheckAddr(int /*family*/,
+ const void * /*pAddr*/,
+ unsigned /*length*/);
+
+static Bool NewHost(int /*family*/,
+ const void * /*addr*/,
+ int /*len*/,
+ int /* addingLocalHosts */);
+
+/* XFree86 bug #156: To keep track of which hosts were explicitly requested in
+ /etc/X<display>.hosts, we've added a requested field to the HOST struct,
+ and a LocalHostRequested variable. These default to FALSE, but are set
+ to TRUE in ResetHosts when reading in /etc/X<display>.hosts. They are
+ checked in DisableLocalHost(), which is called to disable the default
+ local host entries when stronger authentication is turned on. */
+
+typedef struct _host {
+ short family;
+ short len;
+ unsigned char *addr;
+ struct _host *next;
+ int requested;
+} HOST;
+
+#define MakeHost(h,l) (h)=xalloc(sizeof *(h)+(l));\
+ if (h) { \
+ (h)->addr=(unsigned char *) ((h) + 1);\
+ (h)->requested = FALSE; \
+ }
+#define FreeHost(h) xfree(h)
+static HOST *selfhosts = NULL;
+static HOST *validhosts = NULL;
+static int AccessEnabled = DEFAULT_ACCESS_CONTROL;
+static int LocalHostEnabled = FALSE;
+static int LocalHostRequested = FALSE;
+static int UsingXdmcp = FALSE;
+
+/* FamilyServerInterpreted implementation */
+static Bool siAddrMatch(int family, pointer addr, int len, HOST *host,
+ ClientPtr client);
+static int siCheckAddr(const char *addrString, int length);
+static void siTypesInitialize(void);
+
+/*
+ * called when authorization is not enabled to add the
+ * local host to the access list
+ */
+
+void
+EnableLocalHost (void)
+{
+ if (!UsingXdmcp)
+ {
+ LocalHostEnabled = TRUE;
+ AddLocalHosts ();
+ }
+}
+
+/*
+ * called when authorization is enabled to keep us secure
+ */
+void
+DisableLocalHost (void)
+{
+ HOST *self;
+
+ if (!LocalHostRequested) /* Fix for XFree86 bug #156 */
+ LocalHostEnabled = FALSE;
+ for (self = selfhosts; self; self = self->next) {
+ if (!self->requested) /* Fix for XFree86 bug #156 */
+ (void) RemoveHost ((ClientPtr)NULL, self->family, self->len, (pointer)self->addr);
+ }
+}
+
+/*
+ * called at init time when XDMCP will be used; xdmcp always
+ * adds local hosts manually when needed
+ */
+
+void
+AccessUsingXdmcp (void)
+{
+ UsingXdmcp = TRUE;
+ LocalHostEnabled = FALSE;
+}
+
+
+#if defined(SVR4) && !defined(SCO325) && !defined(sun) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF)
+
+/* Deal with different SIOCGIFCONF ioctl semantics on these OSs */
+
+static int
+ifioctl (int fd, int cmd, char *arg)
+{
+ struct strioctl ioc;
+ int ret;
+
+ bzero((char *) &ioc, sizeof(ioc));
+ ioc.ic_cmd = cmd;
+ ioc.ic_timout = 0;
+ if (cmd == SIOCGIFCONF)
+ {
+ ioc.ic_len = ((struct ifconf *) arg)->ifc_len;
+ ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf;
+ }
+ else
+ {
+ ioc.ic_len = sizeof(struct ifreq);
+ ioc.ic_dp = arg;
+ }
+ ret = ioctl(fd, I_STR, (char *) &ioc);
+ if (ret >= 0 && cmd == SIOCGIFCONF)
+#ifdef SVR4
+ ((struct ifconf *) arg)->ifc_len = ioc.ic_len;
+#endif
+ return(ret);
+}
+#else /* Case sun, SCO325 and others */
+#define ifioctl ioctl
+#endif /* ((SVR4 && !sun !SCO325) || ISC) && SIOCGIFCONF */
+
+/*
+ * DefineSelf (fd):
+ *
+ * Define this host for access control. Find all the hosts the OS knows about
+ * for this fd and add them to the selfhosts list.
+ */
+
+#if !defined(SIOCGIFCONF)
+void
+DefineSelf (int fd)
+{
+#if !defined(TCPCONN) && !defined(STREAMSCONN) && !defined(UNIXCONN) && !defined(MNX_TCPCONN)
+ return;
+#else
+ register int n;
+ int len;
+ caddr_t addr;
+ int family;
+ register HOST *host;
+
+#ifndef WIN32
+ struct utsname name;
+#else
+ struct {
+ char nodename[512];
+ } name;
+#endif
+
+ register struct hostent *hp;
+
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in in;
+#if defined(IPv6) && defined(AF_INET6)
+ struct sockaddr_in6 in6;
+#endif
+ } saddr;
+
+ struct sockaddr_in *inetaddr;
+ struct sockaddr_in6 *inet6addr;
+ struct sockaddr_in broad_addr;
+#ifdef XTHREADS_NEEDS_BYNAMEPARAMS
+ _Xgethostbynameparams hparams;
+#endif
+
+ /* Why not use gethostname()? Well, at least on my system, I've had to
+ * make an ugly kernel patch to get a name longer than 8 characters, and
+ * uname() lets me access to the whole string (it smashes release, you
+ * see), whereas gethostname() kindly truncates it for me.
+ */
+#ifndef WIN32
+ uname(&name);
+#else
+ gethostname(name.nodename, sizeof(name.nodename));
+#endif
+
+ hp = _XGethostbyname(name.nodename, hparams);
+ if (hp != NULL)
+ {
+ saddr.sa.sa_family = hp->h_addrtype;
+ switch (hp->h_addrtype) {
+ case AF_INET:
+ inetaddr = (struct sockaddr_in *) (&(saddr.sa));
+ acopy ( hp->h_addr, &(inetaddr->sin_addr), hp->h_length);
+ len = sizeof(saddr.sa);
+ break;
+#if defined(IPv6) && defined(AF_INET6)
+ case AF_INET6:
+ inet6addr = (struct sockaddr_in6 *) (&(saddr.sa));
+ acopy ( hp->h_addr, &(inet6addr->sin6_addr), hp->h_length);
+ len = sizeof(saddr.in6);
+ break;
+#endif
+ default:
+ goto DefineLocalHost;
+ }
+ family = ConvertAddr ( &(saddr.sa), &len, (pointer *)&addr);
+ if ( family != -1 && family != FamilyLocal )
+ {
+ for (host = selfhosts;
+ host && !addrEqual (family, addr, len, host);
+ host = host->next) ;
+ if (!host)
+ {
+ /* add this host to the host list. */
+ MakeHost(host,len)
+ if (host)
+ {
+ host->family = family;
+ host->len = len;
+ acopy ( addr, host->addr, len);
+ host->next = selfhosts;
+ selfhosts = host;
+ }
+#ifdef XDMCP
+ /*
+ * If this is an Internet Address, but not the localhost
+ * address (127.0.0.1), nor the bogus address (0.0.0.0),
+ * register it.
+ */
+ if (family == FamilyInternet &&
+ !(len == 4 &&
+ ((addr[0] == 127) ||
+ (addr[0] == 0 && addr[1] == 0 &&
+ addr[2] == 0 && addr[3] == 0)))
+ )
+ {
+ XdmcpRegisterConnection (family, (char *)addr, len);
+ broad_addr = *inetaddr;
+ ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr =
+ htonl (INADDR_BROADCAST);
+ XdmcpRegisterBroadcastAddress ((struct sockaddr_in *)
+ &broad_addr);
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ else if (family == FamilyInternet6 &&
+ !(IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)))
+ {
+ XdmcpRegisterConnection (family, (char *)addr, len);
+ }
+#endif
+
+#endif /* XDMCP */
+ }
+ }
+ }
+ /*
+ * now add a host of family FamilyLocalHost...
+ */
+DefineLocalHost:
+ for (host = selfhosts;
+ host && !addrEqual(FamilyLocalHost, "", 0, host);
+ host = host->next);
+ if (!host)
+ {
+ MakeHost(host, 0);
+ if (host)
+ {
+ host->family = FamilyLocalHost;
+ host->len = 0;
+ acopy("", host->addr, 0);
+ host->next = selfhosts;
+ selfhosts = host;
+ }
+ }
+#endif /* !TCPCONN && !STREAMSCONN && !UNIXCONN && !MNX_TCPCONN */
+}
+
+#else
+
+#ifdef USE_SIOCGLIFCONF
+#define ifr_type struct lifreq
+#else
+#define ifr_type struct ifreq
+#endif
+
+#ifdef VARIABLE_IFREQ
+#define ifr_size(p) (sizeof (struct ifreq) + \
+ (p->ifr_addr.sa_len > sizeof (p->ifr_addr) ? \
+ p->ifr_addr.sa_len - sizeof (p->ifr_addr) : 0))
+#define ifraddr_size(a) (a.sa_len)
+#else
+#define ifr_size(p) (sizeof (ifr_type))
+#define ifraddr_size(a) (sizeof (a))
+#endif
+
+#if defined(IPv6) && defined(AF_INET6)
+#include <arpa/inet.h>
+#endif
+
+#if defined(IPv6) && defined(AF_INET6)
+static void
+in6_fillscopeid(struct sockaddr_in6 *sin6)
+{
+#if defined(__KAME__)
+ if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
+ sin6->sin6_scope_id =
+ ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]);
+ sin6->sin6_addr.s6_addr[2] = sin6->sin6_addr.s6_addr[3] = 0;
+ }
+#endif
+}
+#endif
+
+void
+DefineSelf (int fd)
+{
+#ifndef HAS_GETIFADDRS
+ char *cp, *cplim;
+# ifdef USE_SIOCGLIFCONF
+ struct sockaddr_storage buf[16];
+ struct lifconf ifc;
+ register struct lifreq *ifr;
+# ifdef SIOCGLIFNUM
+ struct lifnum ifn;
+# endif
+# else /* !USE_SIOCGLIFCONF */
+ char buf[2048];
+ struct ifconf ifc;
+ register struct ifreq *ifr;
+# endif
+ void * bufptr = buf;
+#else /* HAS_GETIFADDRS */
+ struct ifaddrs * ifap, *ifr;
+#endif
+ int len;
+ unsigned char * addr;
+ int family;
+ register HOST *host;
+
+#ifdef DNETCONN
+ struct dn_naddr *dnaddr = getnodeadd();
+ /*
+ * AF_DECnet may not be listed in the interface list. Instead use
+ * the supported library call to find out the local address (if any).
+ */
+ if (dnaddr)
+ {
+ addr = (unsigned char *) dnaddr;
+ len = dnaddr->a_len + sizeof(dnaddr->a_len);
+ family = FamilyDECnet;
+ for (host = selfhosts;
+ host && !addrEqual (family, addr, len, host);
+ host = host->next)
+ ;
+ if (!host)
+ {
+ MakeHost(host,len)
+ if (host)
+ {
+ host->family = family;
+ host->len = len;
+ acopy(addr, host->addr, len);
+ host->next = selfhosts;
+ selfhosts = host;
+ }
+ }
+ }
+#endif /* DNETCONN */
+#ifndef HAS_GETIFADDRS
+
+ len = sizeof(buf);
+
+#ifdef USE_SIOCGLIFCONF
+
+#ifdef SIOCGLIFNUM
+ ifn.lifn_family = AF_UNSPEC;
+ ifn.lifn_flags = 0;
+ if (ioctl (fd, SIOCGLIFNUM, (char *) &ifn) < 0)
+ Error ("Getting interface count");
+ if (len < (ifn.lifn_count * sizeof(struct lifreq))) {
+ len = ifn.lifn_count * sizeof(struct lifreq);
+ bufptr = xalloc(len);
+ }
+#endif
+
+ ifc.lifc_family = AF_UNSPEC;
+ ifc.lifc_flags = 0;
+ ifc.lifc_len = len;
+ ifc.lifc_buf = bufptr;
+
+#define IFC_IOCTL_REQ SIOCGLIFCONF
+#define IFC_IFC_REQ ifc.lifc_req
+#define IFC_IFC_LEN ifc.lifc_len
+#define IFR_IFR_ADDR ifr->lifr_addr
+#define IFR_IFR_NAME ifr->lifr_name
+
+#else /* Use SIOCGIFCONF */
+ ifc.ifc_len = len;
+ ifc.ifc_buf = bufptr;
+
+#define IFC_IOCTL_REQ SIOCGIFCONF
+#define IFC_IFC_REQ ifc.ifc_req
+#define IFC_IFC_LEN ifc.ifc_len
+#define IFR_IFR_ADDR ifr->ifr_addr
+#define IFR_IFR_NAME ifr->ifr_name
+#endif
+
+ if (ifioctl (fd, IFC_IOCTL_REQ, (pointer) &ifc) < 0)
+ Error ("Getting interface configuration (4)");
+
+ cplim = (char *) IFC_IFC_REQ + IFC_IFC_LEN;
+
+ for (cp = (char *) IFC_IFC_REQ; cp < cplim; cp += ifr_size (ifr))
+ {
+ ifr = (ifr_type *) cp;
+ len = ifraddr_size (IFR_IFR_ADDR);
+ family = ConvertAddr ((struct sockaddr *) &IFR_IFR_ADDR,
+ &len, (pointer *)&addr);
+#ifdef DNETCONN
+ /*
+ * DECnet was handled up above.
+ */
+ if (family == AF_DECnet)
+ continue;
+#endif /* DNETCONN */
+ if (family == -1 || family == FamilyLocal)
+ continue;
+#if defined(IPv6) && defined(AF_INET6)
+ if (family == FamilyInternet6)
+ in6_fillscopeid((struct sockaddr_in6 *)&IFR_IFR_ADDR);
+#endif
+ for (host = selfhosts;
+ host && !addrEqual (family, addr, len, host);
+ host = host->next)
+ ;
+ if (host)
+ continue;
+ MakeHost(host,len)
+ if (host)
+ {
+ host->family = family;
+ host->len = len;
+ acopy(addr, host->addr, len);
+ host->next = selfhosts;
+ selfhosts = host;
+ }
+#ifdef XDMCP
+ {
+#ifdef USE_SIOCGLIFCONF
+ struct sockaddr_storage broad_addr;
+#else
+ struct sockaddr broad_addr;
+#endif
+
+ /*
+ * If this isn't an Internet Address, don't register it.
+ */
+ if (family != FamilyInternet
+#if defined(IPv6) && defined(AF_INET6)
+ && family != FamilyInternet6
+#endif
+ )
+ continue;
+
+ /*
+ * ignore 'localhost' entries as they're not useful
+ * on the other end of the wire
+ */
+ if (family == FamilyInternet &&
+ addr[0] == 127 && addr[1] == 0 &&
+ addr[2] == 0 && addr[3] == 1)
+ continue;
+#if defined(IPv6) && defined(AF_INET6)
+ else if (family == FamilyInternet6 &&
+ IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))
+ continue;
+#endif
+
+ /*
+ * Ignore '0.0.0.0' entries as they are
+ * returned by some OSes for unconfigured NICs but they are
+ * not useful on the other end of the wire.
+ */
+ if (len == 4 &&
+ addr[0] == 0 && addr[1] == 0 &&
+ addr[2] == 0 && addr[3] == 0)
+ continue;
+
+ XdmcpRegisterConnection (family, (char *)addr, len);
+
+#if defined(IPv6) && defined(AF_INET6)
+ /* IPv6 doesn't support broadcasting, so we drop out here */
+ if (family == FamilyInternet6)
+ continue;
+#endif
+
+ broad_addr = IFR_IFR_ADDR;
+
+ ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr =
+ htonl (INADDR_BROADCAST);
+#if defined(USE_SIOCGLIFCONF) && defined(SIOCGLIFBRDADDR)
+ {
+ struct lifreq broad_req;
+
+ broad_req = *ifr;
+ if (ioctl (fd, SIOCGLIFFLAGS, (char *) &broad_req) != -1 &&
+ (broad_req.lifr_flags & IFF_BROADCAST) &&
+ (broad_req.lifr_flags & IFF_UP)
+ )
+ {
+ broad_req = *ifr;
+ if (ioctl (fd, SIOCGLIFBRDADDR, &broad_req) != -1)
+ broad_addr = broad_req.lifr_broadaddr;
+ else
+ continue;
+ }
+ else
+ continue;
+ }
+
+#elif defined(SIOCGIFBRDADDR)
+ {
+ struct ifreq broad_req;
+
+ broad_req = *ifr;
+ if (ifioctl (fd, SIOCGIFFLAGS, (pointer) &broad_req) != -1 &&
+ (broad_req.ifr_flags & IFF_BROADCAST) &&
+ (broad_req.ifr_flags & IFF_UP)
+ )
+ {
+ broad_req = *ifr;
+ if (ifioctl (fd, SIOCGIFBRDADDR, (pointer) &broad_req) != -1)
+ broad_addr = broad_req.ifr_addr;
+ else
+ continue;
+ }
+ else
+ continue;
+ }
+#endif /* SIOCGIFBRDADDR */
+ XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) &broad_addr);
+ }
+#endif /* XDMCP */
+ }
+ if (bufptr != buf)
+ free(bufptr);
+#else /* HAS_GETIFADDRS */
+ if (getifaddrs(&ifap) < 0) {
+ ErrorF("Warning: getifaddrs returns %s\n", strerror(errno));
+ return;
+ }
+ for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) {
+ if (!ifr->ifa_addr)
+ continue;
+#ifdef DNETCONN
+ if (ifr->ifa_addr.sa_family == AF_DECnet)
+ continue;
+#endif /* DNETCONN */
+ len = sizeof(*(ifr->ifa_addr));
+ family = ConvertAddr(ifr->ifa_addr, &len, (pointer *)&addr);
+ if (family == -1 || family == FamilyLocal)
+ continue;
+#if defined(IPv6) && defined(AF_INET6)
+ if (family == FamilyInternet6)
+ in6_fillscopeid((struct sockaddr_in6 *)ifr->ifa_addr);
+#endif
+
+ for (host = selfhosts;
+ host != NULL && !addrEqual(family, addr, len, host);
+ host = host->next)
+ ;
+ if (host != NULL)
+ continue;
+ MakeHost(host, len);
+ if (host != NULL) {
+ host->family = family;
+ host->len = len;
+ acopy(addr, host->addr, len);
+ host->next = selfhosts;
+ selfhosts = host;
+ }
+#ifdef XDMCP
+ {
+ struct sockaddr broad_addr;
+ /*
+ * If this isn't an Internet Address, don't register it.
+ */
+ if (family != FamilyInternet
+#if defined(IPv6) && defined(AF_INET6)
+ && family != FamilyInternet6
+#endif
+ )
+ continue;
+
+ /*
+ * ignore 'localhost' entries as they're not useful
+ * on the other end of the wire
+ */
+ if (ifr->ifa_flags & IFF_LOOPBACK)
+ continue;
+
+ if (family == FamilyInternet &&
+ addr[0] == 127 && addr[1] == 0 &&
+ addr[2] == 0 && addr[3] == 1)
+ continue;
+
+ /*
+ * Ignore '0.0.0.0' entries as they are
+ * returned by some OSes for unconfigured NICs but they are
+ * not useful on the other end of the wire.
+ */
+ if (len == 4 &&
+ addr[0] == 0 && addr[1] == 0 &&
+ addr[2] == 0 && addr[3] == 0)
+ continue;
+#if defined(IPv6) && defined(AF_INET6)
+ else if (family == FamilyInternet6 &&
+ IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))
+ continue;
+#endif
+ XdmcpRegisterConnection(family, (char *)addr, len);
+#if defined(IPv6) && defined(AF_INET6)
+ if (family == FamilyInternet6)
+ /* IPv6 doesn't support broadcasting, so we drop out here */
+ continue;
+#endif
+ if ((ifr->ifa_flags & IFF_BROADCAST) &&
+ (ifr->ifa_flags & IFF_UP) &&
+ ifr->ifa_broadaddr)
+ broad_addr = *ifr->ifa_broadaddr;
+ else
+ continue;
+ XdmcpRegisterBroadcastAddress((struct sockaddr_in *)
+ &broad_addr);
+ }
+#endif /* XDMCP */
+
+ } /* for */
+ freeifaddrs(ifap);
+#endif /* HAS_GETIFADDRS */
+
+ /*
+ * add something of FamilyLocalHost
+ */
+ for (host = selfhosts;
+ host && !addrEqual(FamilyLocalHost, "", 0, host);
+ host = host->next);
+ if (!host)
+ {
+ MakeHost(host, 0);
+ if (host)
+ {
+ host->family = FamilyLocalHost;
+ host->len = 0;
+ acopy("", host->addr, 0);
+ host->next = selfhosts;
+ selfhosts = host;
+ }
+ }
+}
+#endif /* hpux && !HAS_IFREQ */
+
+#ifdef XDMCP
+void
+AugmentSelf(pointer from, int len)
+{
+ int family;
+ pointer addr;
+ register HOST *host;
+
+ family = ConvertAddr(from, &len, (pointer *)&addr);
+ if (family == -1 || family == FamilyLocal)
+ return;
+ for (host = selfhosts; host; host = host->next)
+ {
+ if (addrEqual(family, addr, len, host))
+ return;
+ }
+ MakeHost(host,len)
+ if (!host)
+ return;
+ host->family = family;
+ host->len = len;
+ acopy(addr, host->addr, len);
+ host->next = selfhosts;
+ selfhosts = host;
+}
+#endif
+
+void
+AddLocalHosts (void)
+{
+ HOST *self;
+
+ for (self = selfhosts; self; self = self->next)
+ /* Fix for XFree86 bug #156: pass addingLocal = TRUE to
+ * NewHost to tell that we are adding the default local
+ * host entries and not to flag the entries as being
+ * explicitely requested */
+ (void) NewHost (self->family, self->addr, self->len, TRUE);
+}
+
+/* Reset access control list to initial hosts */
+void
+ResetHosts (char *display)
+{
+ register HOST *host;
+ char lhostname[120], ohostname[120];
+ char *hostname = ohostname;
+ char fname[PATH_MAX + 1];
+ int fnamelen;
+ FILE *fd;
+ char *ptr;
+ int i, hostlen;
+#if ((defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)) && \
+ (!defined(IPv6) || !defined(AF_INET6))) || defined(DNETCONN)
+ union {
+ struct sockaddr sa;
+#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
+ struct sockaddr_in in;
+#endif /* TCPCONN || STREAMSCONN */
+#ifdef DNETCONN
+ struct sockaddr_dn dn;
+#endif
+ } saddr;
+#endif
+#ifdef DNETCONN
+ struct nodeent *np;
+ struct dn_naddr dnaddr, *dnaddrp, *dnet_addr();
+#endif
+ int family = 0;
+ pointer addr;
+ int len;
+
+ siTypesInitialize();
+ AccessEnabled = defeatAccessControl ? FALSE : DEFAULT_ACCESS_CONTROL;
+ LocalHostEnabled = FALSE;
+ while ((host = validhosts) != 0)
+ {
+ validhosts = host->next;
+ FreeHost (host);
+ }
+
+#if defined WIN32 && defined __MINGW32__
+#define ETC_HOST_PREFIX "X"
+#else
+#define ETC_HOST_PREFIX "/etc/X"
+#endif
+#define ETC_HOST_SUFFIX ".hosts"
+ fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) +
+ strlen(display) + 1;
+ if (fnamelen > sizeof(fname))
+ FatalError("Display name `%s' is too long\n", display);
+ snprintf(fname, sizeof(fname), ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX,
+ display);
+
+ if ((fd = fopen (fname, "r")) != 0)
+ {
+ while (fgets (ohostname, sizeof (ohostname), fd))
+ {
+ family = FamilyWild;
+ if (*ohostname == '#')
+ continue;
+ if ((ptr = strchr(ohostname, '\n')) != 0)
+ *ptr = 0;
+ hostlen = strlen(ohostname) + 1;
+ for (i = 0; i < hostlen; i++)
+ lhostname[i] = tolower(ohostname[i]);
+ hostname = ohostname;
+ if (!strncmp("local:", lhostname, 6))
+ {
+ family = FamilyLocalHost;
+ NewHost(family, "", 0, FALSE);
+ LocalHostRequested = TRUE; /* Fix for XFree86 bug #156 */
+ }
+#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
+ else if (!strncmp("inet:", lhostname, 5))
+ {
+ family = FamilyInternet;
+ hostname = ohostname + 5;
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ else if (!strncmp("inet6:", lhostname, 6))
+ {
+ family = FamilyInternet6;
+ hostname = ohostname + 6;
+ }
+#endif
+#endif
+#ifdef DNETCONN
+ else if (!strncmp("dnet:", lhostname, 5))
+ {
+ family = FamilyDECnet;
+ hostname = ohostname + 5;
+ }
+#endif
+#ifdef SECURE_RPC
+ else if (!strncmp("nis:", lhostname, 4))
+ {
+ family = FamilyNetname;
+ hostname = ohostname + 4;
+ }
+#endif
+ else if (!strncmp("si:", lhostname, 3))
+ {
+ family = FamilyServerInterpreted;
+ hostname = ohostname + 3;
+ hostlen -= 3;
+ }
+
+
+ if (family == FamilyServerInterpreted)
+ {
+ len = siCheckAddr(hostname, hostlen);
+ if (len >= 0) {
+ NewHost(family, hostname, len, FALSE);
+ }
+ }
+ else
+#ifdef DNETCONN
+ if ((family == FamilyDECnet) || ((family == FamilyWild) &&
+ (ptr = strchr(hostname, ':')) && (*(ptr + 1) == ':') &&
+ !(*ptr = '\0'))) /* bash trailing colons if necessary */
+ {
+ /* node name (DECnet names end in "::") */
+ dnaddrp = dnet_addr(hostname);
+ if (!dnaddrp && (np = getnodebyname (hostname)))
+ {
+ /* node was specified by name */
+ saddr.sa.sa_family = np->n_addrtype;
+ len = sizeof(saddr.sa);
+ if (ConvertAddr (&saddr.sa, &len, (pointer *)&addr) == FamilyDECnet)
+ {
+ bzero ((char *) &dnaddr, sizeof (dnaddr));
+ dnaddr.a_len = np->n_length;
+ acopy (np->n_addr, dnaddr.a_addr, np->n_length);
+ dnaddrp = &dnaddr;
+ }
+ }
+ if (dnaddrp)
+ (void) NewHost(FamilyDECnet, (pointer)dnaddrp,
+ (int)(dnaddrp->a_len + sizeof(dnaddrp->a_len)), FALSE);
+ }
+ else
+#endif /* DNETCONN */
+#ifdef SECURE_RPC
+ if ((family == FamilyNetname) || (strchr(hostname, '@')))
+ {
+ SecureRPCInit ();
+ (void) NewHost (FamilyNetname, hostname, strlen (hostname), FALSE);
+ }
+ else
+#endif /* SECURE_RPC */
+#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
+ {
+#if defined(IPv6) && defined(AF_INET6)
+ if ( (family == FamilyInternet) || (family == FamilyInternet6) ||
+ (family == FamilyWild) )
+ {
+ struct addrinfo *addresses;
+ struct addrinfo *a;
+ int f;
+
+ if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) {
+ for (a = addresses ; a != NULL ; a = a->ai_next) {
+ len = a->ai_addrlen;
+ f = ConvertAddr(a->ai_addr,&len,(pointer *)&addr);
+ if ( (family == f) ||
+ ((family == FamilyWild) && (f != -1)) ) {
+ NewHost(f, addr, len, FALSE);
+ }
+ }
+ freeaddrinfo(addresses);
+ }
+ }
+#else
+#ifdef XTHREADS_NEEDS_BYNAMEPARAMS
+ _Xgethostbynameparams hparams;
+#endif
+ register struct hostent *hp;
+
+ /* host name */
+ if ((family == FamilyInternet &&
+ ((hp = _XGethostbyname(hostname, hparams)) != 0)) ||
+ ((hp = _XGethostbyname(hostname, hparams)) != 0))
+ {
+ saddr.sa.sa_family = hp->h_addrtype;
+ len = sizeof(saddr.sa);
+ if ((family = ConvertAddr (&saddr.sa, &len, (pointer *)&addr)) != -1)
+ {
+#ifdef h_addr /* new 4.3bsd version of gethostent */
+ char **list;
+
+ /* iterate over the addresses */
+ for (list = hp->h_addr_list; *list; list++)
+ (void) NewHost (family, (pointer)*list, len, FALSE);
+#else
+ (void) NewHost (family, (pointer)hp->h_addr, len, FALSE);
+#endif
+ }
+ }
+#endif /* IPv6 */
+ }
+#endif /* TCPCONN || STREAMSCONN */
+ family = FamilyWild;
+ }
+ fclose (fd);
+ }
+}
+
+/* Is client on the local host */
+Bool LocalClient(ClientPtr client)
+{
+ int alen, family, notused;
+ Xtransaddr *from = NULL;
+ pointer addr;
+ register HOST *host;
+
+ if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
+ ¬used, &alen, &from))
+ {
+ family = ConvertAddr ((struct sockaddr *) from,
+ &alen, (pointer *)&addr);
+ if (family == -1)
+ {
+ xfree (from);
+ return FALSE;
+ }
+ if (family == FamilyLocal)
+ {
+ xfree (from);
+ return TRUE;
+ }
+ for (host = selfhosts; host; host = host->next)
+ {
+ if (addrEqual (family, addr, alen, host))
+ return TRUE;
+ }
+ xfree (from);
+ }
+ return FALSE;
+}
+
+/*
+ * Return the uid and gid of a connected local client
+ *
+ * Used by XShm to test access rights to shared memory segments
+ */
+int
+LocalClientCred(ClientPtr client, int *pUid, int *pGid)
+{
+ LocalClientCredRec *lcc;
+ int ret = GetLocalClientCreds(client, &lcc);
+
+ if (ret == 0) {
+#ifdef HAVE_GETZONEID /* only local if in the same zone */
+ if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) {
+ FreeLocalClientCreds(lcc);
+ return -1;
+ }
+#endif
+ if ((lcc->fieldsSet & LCC_UID_SET) && (pUid != NULL))
+ *pUid = lcc->euid;
+ if ((lcc->fieldsSet & LCC_GID_SET) && (pGid != NULL))
+ *pGid = lcc->egid;
+ FreeLocalClientCreds(lcc);
+ }
+ return ret;
+}
+
+/*
+ * Return the uid and all gids of a connected local client
+ * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds
+ *
+ * Used by localuser & localgroup ServerInterpreted access control forms below
+ * Used by AuthAudit to log who local connections came from
+ */
+int
+GetLocalClientCreds(ClientPtr client, LocalClientCredRec **lccp)
+{
+#if defined(HAS_GETPEEREID) || defined(HAS_GETPEERUCRED) || defined(SO_PEERCRED)
+ int fd;
+ XtransConnInfo ci;
+ LocalClientCredRec *lcc;
+#ifdef HAS_GETPEEREID
+ uid_t uid;
+ gid_t gid;
+#elif defined(HAS_GETPEERUCRED)
+ ucred_t *peercred = NULL;
+ const gid_t *gids;
+#elif defined(SO_PEERCRED)
+ struct ucred peercred;
+ socklen_t so_len = sizeof(peercred);
+#endif
+
+ if (client == NULL)
+ return -1;
+ ci = ((OsCommPtr)client->osPrivate)->trans_conn;
+#if !(defined(sun) && defined(HAS_GETPEERUCRED))
+ /* Most implementations can only determine peer credentials for Unix
+ * domain sockets - Solaris getpeerucred can work with a bit more, so
+ * we just let it tell us if the connection type is supported or not
+ */
+ if (!_XSERVTransIsLocal(ci)) {
+ return -1;
+ }
+#endif
+
+ *lccp = Xcalloc(sizeof(LocalClientCredRec));
+ if (*lccp == NULL)
+ return -1;
+ lcc = *lccp;
+
+ fd = _XSERVTransGetConnectionNumber(ci);
+#ifdef HAS_GETPEEREID
+ if (getpeereid(fd, &uid, &gid) == -1) {
+ FreeLocalClientCreds(lcc);
+ return -1;
+ }
+ lcc->euid = uid;
+ lcc->egid = gid;
+ lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET;
+ return 0;
+#elif defined(HAS_GETPEERUCRED)
+ if (getpeerucred(fd, &peercred) < 0) {
+ FreeLocalClientCreds(lcc);
+ return -1;
+ }
+ lcc->euid = ucred_geteuid(peercred);
+ if (lcc->euid != -1)
+ lcc->fieldsSet |= LCC_UID_SET;
+ lcc->egid = ucred_getegid(peercred);
+ if (lcc->egid != -1)
+ lcc->fieldsSet |= LCC_GID_SET;
+ lcc->pid = ucred_getpid(peercred);
+ if (lcc->pid != -1)
+ lcc->fieldsSet |= LCC_PID_SET;
+#ifdef HAVE_GETZONEID
+ lcc->zoneid = ucred_getzoneid(peercred);
+ if (lcc->zoneid != -1)
+ lcc->fieldsSet |= LCC_ZID_SET;
+#endif
+ lcc->nSuppGids = ucred_getgroups(peercred, &gids);
+ if (lcc->nSuppGids > 0) {
+ lcc->pSuppGids = Xcalloc((lcc->nSuppGids) * sizeof(int));
+ if (lcc->pSuppGids == NULL) {
+ lcc->nSuppGids = 0;
+ } else {
+ int i;
+ for (i = 0 ; i < lcc->nSuppGids; i++) {
+ (lcc->pSuppGids)[i] = (int) gids[i];
+ }
+ }
+ } else {
+ lcc->nSuppGids = 0;
+ }
+ ucred_free(peercred);
+ return 0;
+#elif defined(SO_PEERCRED)
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1) {
+ FreeLocalClientCreds(lcc);
+ return -1;
+ }
+ lcc->euid = peercred.uid;
+ lcc->egid = peercred.gid;
+ lcc->pid = peercred.pid;
+ lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET | LCC_PID_SET;
+ return 0;
+#endif
+#else
+ /* No system call available to get the credentials of the peer */
+#define NO_LOCAL_CLIENT_CRED
+ return -1;
+#endif
+}
+
+void
+FreeLocalClientCreds(LocalClientCredRec *lcc)
+{
+ if (lcc != NULL) {
+ if (lcc->nSuppGids > 0) {
+ Xfree(lcc->pSuppGids);
+ }
+ Xfree(lcc);
+ }
+}
+
+static int
+AuthorizedClient(ClientPtr client)
+{
+ int rc;
+
+ if (!client || defeatAccessControl)
+ return Success;
+
+ /* untrusted clients can't change host access */
+ rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
+ if (rc != Success)
+ return rc;
+
+ return LocalClient(client) ? Success : BadAccess;
+}
+
+/* Add a host to the access control list. This is the external interface
+ * called from the dispatcher */
+
+int
+AddHost (ClientPtr client,
+ int family,
+ unsigned length, /* of bytes in pAddr */
+ const void * pAddr)
+{
+ int rc, len;
+
+ rc = AuthorizedClient(client);
+ if (rc != Success)
+ return rc;
+ switch (family) {
+ case FamilyLocalHost:
+ len = length;
+ LocalHostEnabled = TRUE;
+ break;
+#ifdef SECURE_RPC
+ case FamilyNetname:
+ len = length;
+ SecureRPCInit ();
+ break;
+#endif
+ case FamilyInternet:
+#if defined(IPv6) && defined(AF_INET6)
+ case FamilyInternet6:
+#endif
+ case FamilyDECnet:
+ case FamilyChaos:
+ case FamilyServerInterpreted:
+ if ((len = CheckAddr (family, pAddr, length)) < 0)
+ {
+ client->errorValue = length;
+ return (BadValue);
+ }
+ break;
+ case FamilyLocal:
+ default:
+ client->errorValue = family;
+ return (BadValue);
+ }
+ if (NewHost (family, pAddr, len, FALSE))
+ return Success;
+ return BadAlloc;
+}
+
+Bool
+ForEachHostInFamily (int family,
+ Bool (*func)(
+ unsigned char * /* addr */,
+ short /* len */,
+ pointer /* closure */),
+ pointer closure)
+{
+ HOST *host;
+
+ for (host = validhosts; host; host = host->next)
+ if (family == host->family && func (host->addr, host->len, closure))
+ return TRUE;
+ return FALSE;
+}
+
+/* Add a host to the access control list. This is the internal interface
+ * called when starting or resetting the server */
+static Bool
+NewHost (int family,
+ const void * addr,
+ int len,
+ int addingLocalHosts)
+{
+ register HOST *host;
+
+ for (host = validhosts; host; host = host->next)
+ {
+ if (addrEqual (family, addr, len, host))
+ return TRUE;
+ }
+ if (!addingLocalHosts) { /* Fix for XFree86 bug #156 */
+ for (host = selfhosts; host; host = host->next) {
+ if (addrEqual (family, addr, len, host)) {
+ host->requested = TRUE;
+ break;
+ }
+ }
+ }
+ MakeHost(host,len)
+ if (!host)
+ return FALSE;
+ host->family = family;
+ host->len = len;
+ acopy(addr, host->addr, len);
+ host->next = validhosts;
+ validhosts = host;
+ return TRUE;
+}
+
+/* Remove a host from the access control list */
+
+int
+RemoveHost (
+ ClientPtr client,
+ int family,
+ unsigned length, /* of bytes in pAddr */
+ pointer pAddr)
+{
+ int rc, len;
+ register HOST *host, **prev;
+
+ rc = AuthorizedClient(client);
+ if (rc != Success)
+ return rc;
+ switch (family) {
+ case FamilyLocalHost:
+ len = length;
+ LocalHostEnabled = FALSE;
+ break;
+#ifdef SECURE_RPC
+ case FamilyNetname:
+ len = length;
+ break;
+#endif
+ case FamilyInternet:
+#if defined(IPv6) && defined(AF_INET6)
+ case FamilyInternet6:
+#endif
+ case FamilyDECnet:
+ case FamilyChaos:
+ case FamilyServerInterpreted:
+ if ((len = CheckAddr (family, pAddr, length)) < 0)
+ {
+ client->errorValue = length;
+ return(BadValue);
+ }
+ break;
+ case FamilyLocal:
+ default:
+ client->errorValue = family;
+ return(BadValue);
+ }
+ for (prev = &validhosts;
+ (host = *prev) && (!addrEqual (family, pAddr, len, host));
+ prev = &host->next)
+ ;
+ if (host)
+ {
+ *prev = host->next;
+ FreeHost (host);
+ }
+ return (Success);
+}
+
+/* Get all hosts in the access control list */
+int
+GetHosts (
+ pointer *data,
+ int *pnHosts,
+ int *pLen,
+ BOOL *pEnabled)
+{
+ int len;
+ register int n = 0;
+ register unsigned char *ptr;
+ register HOST *host;
+ int nHosts = 0;
+
+ *pEnabled = AccessEnabled ? EnableAccess : DisableAccess;
+ for (host = validhosts; host; host = host->next)
+ {
+ nHosts++;
+ n += pad_to_int32(host->len) + sizeof(xHostEntry);
+ }
+ if (n)
+ {
+ *data = ptr = xalloc (n);
+ if (!ptr)
+ {
+ return(BadAlloc);
+ }
+ for (host = validhosts; host; host = host->next)
+ {
+ len = host->len;
+ ((xHostEntry *)ptr)->family = host->family;
+ ((xHostEntry *)ptr)->length = len;
+ ptr += sizeof(xHostEntry);
+ acopy (host->addr, ptr, len);
+ ptr += pad_to_int32(len);
+ }
+ } else {
+ *data = NULL;
+ }
+ *pnHosts = nHosts;
+ *pLen = n;
+ return(Success);
+}
+
+/* Check for valid address family and length, and return address length. */
+
+/*ARGSUSED*/
+static int
+CheckAddr (
+ int family,
+ const void * pAddr,
+ unsigned length)
+{
+ int len;
+
+ switch (family)
+ {
+#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
+ case FamilyInternet:
+ if (length == sizeof (struct in_addr))
+ len = length;
+ else
+ len = -1;
+ break;
+#if defined(IPv6) && defined(AF_INET6)
+ case FamilyInternet6:
+ if (length == sizeof (struct in6_addr))
+ len = length;
+ else
+ len = -1;
+ break;
+#endif
+#endif
+#ifdef DNETCONN
+ case FamilyDECnet:
+ {
+ struct dn_naddr *dnaddr = (struct dn_naddr *) pAddr;
+
+ if ((length < sizeof(dnaddr->a_len)) ||
+ (length < dnaddr->a_len + sizeof(dnaddr->a_len)))
+ len = -1;
+ else
+ len = dnaddr->a_len + sizeof(dnaddr->a_len);
+ if (len > sizeof(struct dn_naddr))
+ len = -1;
+ }
+ break;
+#endif
+ case FamilyServerInterpreted:
+ len = siCheckAddr(pAddr, length);
+ break;
+ default:
+ len = -1;
+ }
+ return (len);
+}
+
+/* Check if a host is not in the access control list.
+ * Returns 1 if host is invalid, 0 if we've found it. */
+
+int
+InvalidHost (
+ register struct sockaddr *saddr,
+ int len,
+ ClientPtr client)
+{
+ int family;
+ pointer addr;
+ register HOST *selfhost, *host;
+
+ if (!AccessEnabled) /* just let them in */
+ return(0);
+ family = ConvertAddr (saddr, &len, (pointer *)&addr);
+ if (family == -1)
+ return 1;
+ if (family == FamilyLocal)
+ {
+ if (!LocalHostEnabled)
+ {
+ /*
+ * check to see if any local address is enabled. This
+ * implicitly enables local connections.
+ */
+ for (selfhost = selfhosts; selfhost; selfhost=selfhost->next)
+ {
+ for (host = validhosts; host; host=host->next)
+ {
+ if (addrEqual (selfhost->family, selfhost->addr,
+ selfhost->len, host))
+ return 0;
+ }
+ }
+ } else
+ return 0;
+ }
+ for (host = validhosts; host; host = host->next)
+ {
+ if ((host->family == FamilyServerInterpreted)) {
+ if (siAddrMatch (family, addr, len, host, client)) {
+ return (0);
+ }
+ } else {
+ if (addrEqual (family, addr, len, host))
+ return (0);
+ }
+
+ }
+ return (1);
+}
+
+static int
+ConvertAddr (
+ register struct sockaddr *saddr,
+ int *len,
+ pointer *addr)
+{
+ if (*len == 0)
+ return (FamilyLocal);
+ switch (saddr->sa_family)
+ {
+ case AF_UNSPEC:
+#if defined(UNIXCONN) || defined(LOCALCONN)
+ case AF_UNIX:
+#endif
+ return FamilyLocal;
+#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)
+ case AF_INET:
+#ifdef WIN32
+ if (16777343 == *(long*)&((struct sockaddr_in *) saddr)->sin_addr)
+ return FamilyLocal;
+#endif
+ *len = sizeof (struct in_addr);
+ *addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr);
+ return FamilyInternet;
+#if defined(IPv6) && defined(AF_INET6)
+ case AF_INET6:
+ {
+ struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *) saddr;
+ if (IN6_IS_ADDR_V4MAPPED(&(saddr6->sin6_addr))) {
+ *len = sizeof (struct in_addr);
+ *addr = (pointer) &(saddr6->sin6_addr.s6_addr[12]);
+ return FamilyInternet;
+ } else {
+ *len = sizeof (struct in6_addr);
+ *addr = (pointer) &(saddr6->sin6_addr);
+ return FamilyInternet6;
+ }
+ }
+#endif
+#endif
+#ifdef DNETCONN
+ case AF_DECnet:
+ {
+ struct sockaddr_dn *sdn = (struct sockaddr_dn *) saddr;
+ *len = sdn->sdn_nodeaddrl + sizeof(sdn->sdn_nodeaddrl);
+ *addr = (pointer) &(sdn->sdn_add);
+ }
+ return FamilyDECnet;
+#endif
+#ifdef CHAOSCONN
+ case AF_CHAOS:
+ {
+ not implemented
+ }
+ return FamilyChaos;
+#endif
+ default:
+ return -1;
+ }
+}
+
+int
+ChangeAccessControl(
+ ClientPtr client,
+ int fEnabled)
+{
+ int rc = AuthorizedClient(client);
+ if (rc != Success)
+ return rc;
+ AccessEnabled = fEnabled;
+ return Success;
+}
+
+/* returns FALSE if xhost + in effect, else TRUE */
+int
+GetAccessControl(void)
+{
+ return AccessEnabled;
+}
+
+/*****************************************************************************
+ * FamilyServerInterpreted host entry implementation
+ *
+ * Supports an extensible system of host types which the server can interpret
+ * See the IPv6 extensions to the X11 protocol spec for the definition.
+ *
+ * Currently supported schemes:
+ *
+ * hostname - hostname as defined in IETF RFC 2396
+ * ipv6 - IPv6 literal address as defined in IETF RFC's 3513 and <TBD>
+ *
+ * See xc/doc/specs/SIAddresses for formal definitions of each type.
+ */
+
+/* These definitions and the siTypeAdd function could be exported in the
+ * future to enable loading additional host types, but that was not done for
+ * the initial implementation.
+ */
+typedef Bool (*siAddrMatchFunc)(int family, pointer addr, int len,
+ const char *siAddr, int siAddrlen, ClientPtr client, void *siTypePriv);
+typedef int (*siCheckAddrFunc)(const char *addrString, int length,
+ void *siTypePriv);
+
+struct siType {
+ struct siType * next;
+ const char * typeName;
+ siAddrMatchFunc addrMatch;
+ siCheckAddrFunc checkAddr;
+ void * typePriv; /* Private data for type routines */
+};
+
+static struct siType *siTypeList;
+
+static int
+siTypeAdd(const char *typeName, siAddrMatchFunc addrMatch,
+ siCheckAddrFunc checkAddr, void *typePriv)
+{
+ struct siType *s, *p;
+
+ if ((typeName == NULL) || (addrMatch == NULL) || (checkAddr == NULL))
+ return BadValue;
+
+ for (s = siTypeList, p = NULL; s != NULL ; p = s, s = s->next) {
+ if (strcmp(typeName, s->typeName) == 0) {
+ s->addrMatch = addrMatch;
+ s->checkAddr = checkAddr;
+ s->typePriv = typePriv;
+ return Success;
+ }
+ }
+
+ s = xalloc(sizeof(struct siType));
+ if (s == NULL)
+ return BadAlloc;
+
+ if (p == NULL)
+ siTypeList = s;
+ else
+ p->next = s;
+
+ s->next = NULL;
+ s->typeName = typeName;
+ s->addrMatch = addrMatch;
+ s->checkAddr = checkAddr;
+ s->typePriv = typePriv;
+ return Success;
+}
+
+/* Checks to see if a host matches a server-interpreted host entry */
+static Bool
+siAddrMatch(int family, pointer addr, int len, HOST *host, ClientPtr client)
+{
+ Bool matches = FALSE;
+ struct siType *s;
+ const char *valueString;
+ int addrlen;
+
+ valueString = (const char *) memchr(host->addr, '\0', host->len);
+ if (valueString != NULL) {
+ for (s = siTypeList; s != NULL ; s = s->next) {
+ if (strcmp((char *) host->addr, s->typeName) == 0) {
+ addrlen = host->len - (strlen((char *)host->addr) + 1);
+ matches = s->addrMatch(family, addr, len,
+ valueString + 1, addrlen, client, s->typePriv);
+ break;
+ }
+ }
+#ifdef FAMILY_SI_DEBUG
+ ErrorF(
+ "Xserver: siAddrMatch(): type = %s, value = %*.*s -- %s\n",
+ host->addr, addrlen, addrlen, valueString + 1,
+ (matches) ? "accepted" : "rejected");
+#endif
+ }
+ return matches;
+}
+
+static int
+siCheckAddr(const char *addrString, int length)
+{
+ const char *valueString;
+ int addrlen, typelen;
+ int len = -1;
+ struct siType *s;
+
+ /* Make sure there is a \0 byte inside the specified length
+ to separate the address type from the address value. */
+ valueString = (const char *) memchr(addrString, '\0', length);
+ if (valueString != NULL) {
+ /* Make sure the first string is a recognized address type,
+ * and the second string is a valid address of that type.
+ */
+ typelen = strlen(addrString) + 1;
+ addrlen = length - typelen;
+
+ for (s = siTypeList; s != NULL ; s = s->next) {
+ if (strcmp(addrString, s->typeName) == 0) {
+ len = s->checkAddr(valueString + 1, addrlen, s->typePriv);
+ if (len >= 0) {
+ len += typelen;
+ }
+ break;
+ }
+ }
+#ifdef FAMILY_SI_DEBUG
+ {
+ const char *resultMsg;
+
+ if (s == NULL) {
+ resultMsg = "type not registered";
+ } else {
+ if (len == -1)
+ resultMsg = "rejected";
+ else
+ resultMsg = "accepted";
+ }
+
+ ErrorF("Xserver: siCheckAddr(): type = %s, value = %*.*s, len = %d -- %s\n",
+ addrString, addrlen, addrlen, valueString + 1, len, resultMsg);
+ }
+#endif
+ }
+ return len;
+}
+
+
+/***
+ * Hostname server-interpreted host type
+ *
+ * Stored as hostname string, explicitly defined to be resolved ONLY
+ * at access check time, to allow for hosts with dynamic addresses
+ * but static hostnames, such as found in some DHCP & mobile setups.
+ *
+ * Hostname must conform to IETF RFC 2396 sec. 3.2.2, which defines it as:
+ * hostname = *( domainlabel "." ) toplabel [ "." ]
+ * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
+ * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
+ */
+
+#ifdef NI_MAXHOST
+# define SI_HOSTNAME_MAXLEN NI_MAXHOST
+#else
+# ifdef MAXHOSTNAMELEN
+# define SI_HOSTNAME_MAXLEN MAXHOSTNAMELEN
+# else
+# define SI_HOSTNAME_MAXLEN 256
+# endif
+#endif
+
+static Bool
+siHostnameAddrMatch(int family, pointer addr, int len,
+ const char *siAddr, int siAddrLen, ClientPtr client, void *typePriv)
+{
+ Bool res = FALSE;
+
+/* Currently only supports checking against IPv4 & IPv6 connections, but
+ * support for other address families, such as DECnet, could be added if
+ * desired.
+ */
+#if defined(IPv6) && defined(AF_INET6)
+ if ((family == FamilyInternet) || (family == FamilyInternet6)) {
+ char hostname[SI_HOSTNAME_MAXLEN];
+ struct addrinfo *addresses;
+ struct addrinfo *a;
+ int f, hostaddrlen;
+ pointer hostaddr;
+
+ if (siAddrLen >= sizeof(hostname))
+ return FALSE;
+
+ strncpy(hostname, siAddr, siAddrLen);
+ hostname[siAddrLen] = '\0';
+
+ if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) {
+ for (a = addresses ; a != NULL ; a = a->ai_next) {
+ hostaddrlen = a->ai_addrlen;
+ f = ConvertAddr(a->ai_addr,&hostaddrlen,&hostaddr);
+ if ((f == family) && (len == hostaddrlen) &&
+ (acmp (addr, hostaddr, len) == 0) ) {
+ res = TRUE;
+ break;
+ }
+ }
+ freeaddrinfo(addresses);
+ }
+ }
+#else /* IPv6 not supported, use gethostbyname instead for IPv4 */
+ if (family == FamilyInternet) {
+ register struct hostent *hp;
+#ifdef XTHREADS_NEEDS_BYNAMEPARAMS
+ _Xgethostbynameparams hparams;
+#endif
+ char hostname[SI_HOSTNAME_MAXLEN];
+ int f, hostaddrlen;
+ pointer hostaddr;
+ const char **addrlist;
+
+ if (siAddrLen >= sizeof(hostname))
+ return FALSE;
+
+ strncpy(hostname, siAddr, siAddrLen);
+ hostname[siAddrLen] = '\0';
+
+ if ((hp = _XGethostbyname(hostname, hparams)) != NULL) {
+#ifdef h_addr /* new 4.3bsd version of gethostent */
+ /* iterate over the addresses */
+ for (addrlist = hp->h_addr_list; *addrlist; addrlist++)
+#else
+ addrlist = &hp->h_addr;
+#endif
+ {
+ struct sockaddr_in sin;
+
+ sin.sin_family = hp->h_addrtype;
+ acopy ( *addrlist, &(sin.sin_addr), hp->h_length);
+ hostaddrlen = sizeof(sin);
+ f = ConvertAddr ((struct sockaddr *)&sin,
+ &hostaddrlen, &hostaddr);
+ if ((f == family) && (len == hostaddrlen) &&
+ (acmp (addr, hostaddr, len) == 0) ) {
+ res = TRUE;
+ break;
+ }
+ }
+ }
+ }
+#endif
+ return res;
+}
+
+
+static int
+siHostnameCheckAddr(const char *valueString, int length, void *typePriv)
+{
+ /* Check conformance of hostname to RFC 2396 sec. 3.2.2 definition.
+ * We do not use ctype functions here to avoid locale-specific
+ * character sets. Hostnames must be pure ASCII.
+ */
+ int len = length;
+ int i;
+ Bool dotAllowed = FALSE;
+ Bool dashAllowed = FALSE;
+
+ if ((length <= 0) || (length >= SI_HOSTNAME_MAXLEN)) {
+ len = -1;
+ } else {
+ for (i = 0; i < length; i++) {
+ char c = valueString[i];
+
+ if (c == 0x2E) { /* '.' */
+ if (dotAllowed == FALSE) {
+ len = -1;
+ break;
+ } else {
+ dotAllowed = FALSE;
+ dashAllowed = FALSE;
+ }
+ } else if (c == 0x2D) { /* '-' */
+ if (dashAllowed == FALSE) {
+ len = -1;
+ break;
+ } else {
+ dotAllowed = FALSE;
+ }
+ } else if (((c >= 0x30) && (c <= 0x3A)) /* 0-9 */ ||
+ ((c >= 0x61) && (c <= 0x7A)) /* a-z */ ||
+ ((c >= 0x41) && (c <= 0x5A)) /* A-Z */) {
+ dotAllowed = TRUE;
+ dashAllowed = TRUE;
+ } else { /* Invalid character */
+ len = -1;
+ break;
+ }
+ }
+ }
+ return len;
+}
+
+#if defined(IPv6) && defined(AF_INET6)
+/***
+ * "ipv6" server interpreted type
+ *
+ * Currently supports only IPv6 literal address as specified in IETF RFC 3513
+ *
+ * Once draft-ietf-ipv6-scoping-arch-00.txt becomes an RFC, support will be
+ * added for the scoped address format it specifies.
+ */
+
+/* Maximum length of an IPv6 address string - increase when adding support
+ * for scoped address qualifiers. Includes room for trailing NUL byte.
+ */
+#define SI_IPv6_MAXLEN INET6_ADDRSTRLEN
+
+static Bool
+siIPv6AddrMatch(int family, pointer addr, int len,
+ const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv)
+{
+ struct in6_addr addr6;
+ char addrbuf[SI_IPv6_MAXLEN];
+
+ if ((family != FamilyInternet6) || (len != sizeof(addr6)))
+ return FALSE;
+
+ memcpy(addrbuf, siAddr, siAddrlen);
+ addrbuf[siAddrlen] = '\0';
+
+ if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) {
+ perror("inet_pton");
+ return FALSE;
+ }
+
+ if (memcmp(addr, &addr6, len) == 0) {
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+}
+
+static int
+siIPv6CheckAddr(const char *addrString, int length, void *typePriv)
+{
+ int len;
+
+ /* Minimum length is 3 (smallest legal address is "::1") */
+ if (length < 3) {
+ /* Address is too short! */
+ len = -1;
+ } else if (length >= SI_IPv6_MAXLEN) {
+ /* Address is too long! */
+ len = -1;
+ } else {
+ /* Assume inet_pton is sufficient validation */
+ struct in6_addr addr6;
+ char addrbuf[SI_IPv6_MAXLEN];
+
+ memcpy(addrbuf, addrString, length);
+ addrbuf[length] = '\0';
+
+ if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) {
+ perror("inet_pton");
+ len = -1;
+ } else {
+ len = length;
+ }
+ }
+ return len;
+}
+#endif /* IPv6 */
+
+#if !defined(NO_LOCAL_CLIENT_CRED)
+/***
+ * "localuser" & "localgroup" server interpreted types
+ *
+ * Allows local connections from a given local user or group
+ */
+
+#include <pwd.h>
+#include <grp.h>
+
+#define LOCAL_USER 1
+#define LOCAL_GROUP 2
+
+typedef struct {
+ int credType;
+} siLocalCredPrivRec, *siLocalCredPrivPtr;
+
+static siLocalCredPrivRec siLocalUserPriv = { LOCAL_USER };
+static siLocalCredPrivRec siLocalGroupPriv = { LOCAL_GROUP };
+
+static Bool
+siLocalCredGetId(const char *addr, int len, siLocalCredPrivPtr lcPriv, int *id)
+{
+ Bool parsedOK = FALSE;
+ char *addrbuf = xalloc(len + 1);
+
+ if (addrbuf == NULL) {
+ return FALSE;
+ }
+
+ memcpy(addrbuf, addr, len);
+ addrbuf[len] = '\0';
+
+ if (addr[0] == '#') { /* numeric id */
+ char *cp;
+ errno = 0;
+ *id = strtol(addrbuf + 1, &cp, 0);
+ if ((errno == 0) && (cp != (addrbuf+1))) {
+ parsedOK = TRUE;
+ }
+ } else { /* non-numeric name */
+ if (lcPriv->credType == LOCAL_USER) {
+ struct passwd *pw = getpwnam(addrbuf);
+
+ if (pw != NULL) {
+ *id = (int) pw->pw_uid;
+ parsedOK = TRUE;
+ }
+ } else { /* group */
+ struct group *gr = getgrnam(addrbuf);
+
+ if (gr != NULL) {
+ *id = (int) gr->gr_gid;
+ parsedOK = TRUE;
+ }
+ }
+ }
+
+ xfree(addrbuf);
+ return parsedOK;
+}
+
+static Bool
+siLocalCredAddrMatch(int family, pointer addr, int len,
+ const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv)
+{
+ int siAddrId;
+ LocalClientCredRec *lcc;
+ siLocalCredPrivPtr lcPriv = (siLocalCredPrivPtr) typePriv;
+
+ if (GetLocalClientCreds(client, &lcc) == -1) {
+ return FALSE;
+ }
+
+#ifdef HAVE_GETZONEID /* Ensure process is in the same zone */
+ if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) {
+ FreeLocalClientCreds(lcc);
+ return FALSE;
+ }
+#endif
+
+ if (siLocalCredGetId(siAddr, siAddrlen, lcPriv, &siAddrId) == FALSE) {
+ FreeLocalClientCreds(lcc);
+ return FALSE;
+ }
+
+ if (lcPriv->credType == LOCAL_USER) {
+ if ((lcc->fieldsSet & LCC_UID_SET) && (lcc->euid == siAddrId)) {
+ FreeLocalClientCreds(lcc);
+ return TRUE;
+ }
+ } else {
+ if ((lcc->fieldsSet & LCC_GID_SET) && (lcc->egid == siAddrId)) {
+ FreeLocalClientCreds(lcc);
+ return TRUE;
+ }
+ if (lcc->pSuppGids != NULL) {
+ int i;
+
+ for (i = 0 ; i < lcc->nSuppGids; i++) {
+ if (lcc->pSuppGids[i] == siAddrId) {
+ FreeLocalClientCreds(lcc);
+ return TRUE;
+ }
+ }
+ }
+ }
+ FreeLocalClientCreds(lcc);
+ return FALSE;
+}
+
+static int
+siLocalCredCheckAddr(const char *addrString, int length, void *typePriv)
+{
+ int len = length;
+ int id;
+
+ if (siLocalCredGetId(addrString, length,
+ (siLocalCredPrivPtr)typePriv, &id) == FALSE) {
+ len = -1;
+ }
+ return len;
+}
+#endif /* localuser */
+
+static void
+siTypesInitialize(void)
+{
+ siTypeAdd("hostname", siHostnameAddrMatch, siHostnameCheckAddr, NULL);
+#if defined(IPv6) && defined(AF_INET6)
+ siTypeAdd("ipv6", siIPv6AddrMatch, siIPv6CheckAddr, NULL);
+#endif
+#if !defined(NO_LOCAL_CLIENT_CRED)
+ siTypeAdd("localuser", siLocalCredAddrMatch, siLocalCredCheckAddr,
+ &siLocalUserPriv);
+ siTypeAdd("localgroup", siLocalCredAddrMatch, siLocalCredCheckAddr,
+ &siLocalGroupPriv);
+#endif
+}
diff --git a/xorg-server/os/auth.c b/xorg-server/os/auth.c index 0514d1788..f80e53155 100644 --- a/xorg-server/os/auth.c +++ b/xorg-server/os/auth.c @@ -1,339 +1,340 @@ -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * authorization hooks for the server - * Author: Keith Packard, MIT X Consortium - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -# include <X11/X.h> -# include <X11/Xauth.h> -# include "misc.h" -# include "osdep.h" -# include "dixstruct.h" -# include <sys/types.h> -# include <sys/stat.h> -#ifdef WIN32 -#include <X11/Xw32defs.h> -#endif - -struct protocol { - unsigned short name_length; - char *name; - AuthAddCFunc Add; /* new authorization data */ - AuthCheckFunc Check; /* verify client authorization data */ - AuthRstCFunc Reset; /* delete all authorization data entries */ - AuthToIDFunc ToID; /* convert cookie to ID */ - AuthFromIDFunc FromID; /* convert ID to cookie */ - AuthRemCFunc Remove; /* remove a specific cookie */ -#ifdef XCSECURITY - AuthGenCFunc Generate; -#endif -}; - -static struct protocol protocols[] = { -{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1", - MitAddCookie, MitCheckCookie, MitResetCookie, - MitToID, MitFromID, MitRemoveCookie, -#ifdef XCSECURITY - MitGenerateCookie -#endif -}, -#ifdef HASXDMAUTH -{ (unsigned short) 19, "XDM-AUTHORIZATION-1", - XdmAddCookie, XdmCheckCookie, XdmResetCookie, - XdmToID, XdmFromID, XdmRemoveCookie, -#ifdef XCSECURITY - NULL -#endif -}, -#endif -#ifdef SECURE_RPC -{ (unsigned short) 9, "SUN-DES-1", - SecureRPCAdd, SecureRPCCheck, SecureRPCReset, - SecureRPCToID, SecureRPCFromID,SecureRPCRemove, -#ifdef XCSECURITY - NULL -#endif -}, -#endif -}; - -# define NUM_AUTHORIZATION (sizeof (protocols) /\ - sizeof (struct protocol)) - -/* - * Initialize all classes of authorization by reading the - * specified authorization file - */ - -static char *authorization_file = (char *)NULL; - -static Bool ShouldLoadAuth = TRUE; - -void -InitAuthorization (char *file_name) -{ - authorization_file = file_name; -} - -static int -LoadAuthorization (void) -{ - FILE *f; - Xauth *auth; - int i; - int count = 0; - - ShouldLoadAuth = FALSE; - if (!authorization_file) - return 0; - - f = Fopen (authorization_file, "r"); - if (!f) - return -1; - - while ((auth = XauReadAuth (f)) != 0) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == auth->name_length && - memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 && - protocols[i].Add) - { - ++count; - (*protocols[i].Add) (auth->data_length, auth->data, - FakeClientID(0)); - } - } - XauDisposeAuth (auth); - } - - Fclose (f); - return count; -} - -#ifdef XDMCP -/* - * XdmcpInit calls this function to discover all authorization - * schemes supported by the display - */ -void -RegisterAuthorizations (void) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) - XdmcpRegisterAuthorization (protocols[i].name, - (int)protocols[i].name_length); -} -#endif - -XID -CheckAuthorization ( - unsigned int name_length, - char *name, - unsigned int data_length, - char *data, - ClientPtr client, - char **reason) /* failure message. NULL for default msg */ -{ - int i; - struct stat buf; - static time_t lastmod = 0; - static Bool loaded = FALSE; - - if (!authorization_file || stat(authorization_file, &buf)) - { - if (lastmod != 0) { - lastmod = 0; - ShouldLoadAuth = TRUE; /* stat lost, so force reload */ - } - } - else if (buf.st_mtime > lastmod) - { - lastmod = buf.st_mtime; - ShouldLoadAuth = TRUE; - } - if (ShouldLoadAuth) - { - int loadauth = LoadAuthorization(); - - /* - * If the authorization file has at least one entry for this server, - * disable local host access. (loadauth > 0) - * - * If there are zero entries (either initially or when the - * authorization file is later reloaded), or if a valid - * authorization file was never loaded, enable local host access. - * (loadauth == 0 || !loaded) - * - * If the authorization file was loaded initially (with valid - * entries for this server), and reloading it later fails, don't - * change anything. (loadauth == -1 && loaded) - */ - - if (loadauth > 0) - { - DisableLocalHost(); /* got at least one */ - loaded = TRUE; - } - else if (loadauth == 0 || !loaded) - EnableLocalHost (); - } - if (name_length) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0) - { - return (*protocols[i].Check) (data_length, data, client, reason); - } - *reason = "Protocol not supported by server\n"; - } - } else *reason = "No protocol specified\n"; - return (XID) ~0L; -} - -void -ResetAuthorization (void) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) - if (protocols[i].Reset) - (*protocols[i].Reset)(); - ShouldLoadAuth = TRUE; -} - -int -AuthorizationFromID ( - XID id, - unsigned short *name_lenp, - char **namep, - unsigned short *data_lenp, - char **datap) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].FromID && - (*protocols[i].FromID) (id, data_lenp, datap)) { - *name_lenp = protocols[i].name_length; - *namep = protocols[i].name; - return 1; - } - } - return 0; -} - -int -RemoveAuthorization ( - unsigned short name_length, - char *name, - unsigned short data_length, - char *data) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0 && - protocols[i].Remove) - { - return (*protocols[i].Remove) (data_length, data); - } - } - return 0; -} - -int -AddAuthorization (unsigned name_length, char *name, unsigned data_length, char *data) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0 && - protocols[i].Add) - { - return (*protocols[i].Add) (data_length, data, FakeClientID(0)); - } - } - return 0; -} - -#ifdef XCSECURITY - -XID -GenerateAuthorization( - unsigned name_length, - char *name, - unsigned data_length, - char *data, - unsigned *data_length_return, - char **data_return) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0 && - protocols[i].Generate) - { - return (*protocols[i].Generate) (data_length, data, - FakeClientID(0), data_length_return, data_return); - } - } - return -1; -} - -void -GenerateRandomData (int len, char *buf) -{ -#ifdef _MSC_VER - static HANDLE hAdvApi32; - static BOOLEAN (_stdcall * RtlGenRandom)(void *,unsigned long); - - if (!hAdvApi32) - { - hAdvApi32=LoadLibrary("advapi32.dll"); - RtlGenRandom=(BOOLEAN (_stdcall *)(void*,unsigned long))GetProcAddress(hAdvApi32,"SystemFunction036"); - } - RtlGenRandom(buf, len); -#else - int fd; - - fd = open("/dev/urandom", O_RDONLY); - read(fd, buf, len); - close(fd); -#endif -} - -#endif /* XCSECURITY */ +/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+
+*/
+
+/*
+ * authorization hooks for the server
+ * Author: Keith Packard, MIT X Consortium
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+# include <X11/X.h>
+# include <X11/Xauth.h>
+# include "misc.h"
+# include "osdep.h"
+# include "dixstruct.h"
+# include <sys/types.h>
+# include <sys/stat.h>
+#ifdef WIN32
+#include <X11/Xw32defs.h>
+#endif
+
+struct protocol {
+ unsigned short name_length;
+ char *name;
+ AuthAddCFunc Add; /* new authorization data */
+ AuthCheckFunc Check; /* verify client authorization data */
+ AuthRstCFunc Reset; /* delete all authorization data entries */
+ AuthToIDFunc ToID; /* convert cookie to ID */
+ AuthFromIDFunc FromID; /* convert ID to cookie */
+ AuthRemCFunc Remove; /* remove a specific cookie */
+#ifdef XCSECURITY
+ AuthGenCFunc Generate;
+#endif
+};
+
+static struct protocol protocols[] = {
+{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
+ MitAddCookie, MitCheckCookie, MitResetCookie,
+ MitToID, MitFromID, MitRemoveCookie,
+#ifdef XCSECURITY
+ MitGenerateCookie
+#endif
+},
+#ifdef HASXDMAUTH
+{ (unsigned short) 19, "XDM-AUTHORIZATION-1",
+ XdmAddCookie, XdmCheckCookie, XdmResetCookie,
+ XdmToID, XdmFromID, XdmRemoveCookie,
+#ifdef XCSECURITY
+ NULL
+#endif
+},
+#endif
+#ifdef SECURE_RPC
+{ (unsigned short) 9, "SUN-DES-1",
+ SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
+ SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
+#ifdef XCSECURITY
+ NULL
+#endif
+},
+#endif
+};
+
+# define NUM_AUTHORIZATION (sizeof (protocols) /\
+ sizeof (struct protocol))
+
+/*
+ * Initialize all classes of authorization by reading the
+ * specified authorization file
+ */
+
+static char *authorization_file = (char *)NULL;
+
+static Bool ShouldLoadAuth = TRUE;
+
+void
+InitAuthorization (char *file_name)
+{
+ authorization_file = file_name;
+}
+
+static int
+LoadAuthorization (void)
+{
+ FILE *f;
+ Xauth *auth;
+ int i;
+ int count = 0;
+
+ ShouldLoadAuth = FALSE;
+ if (!authorization_file)
+ return 0;
+
+ f = Fopen (authorization_file, "r");
+ if (!f)
+ return -1;
+
+ while ((auth = XauReadAuth (f)) != 0) {
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == auth->name_length &&
+ memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 &&
+ protocols[i].Add)
+ {
+ ++count;
+ (*protocols[i].Add) (auth->data_length, auth->data,
+ FakeClientID(0));
+ }
+ }
+ XauDisposeAuth (auth);
+ }
+
+ Fclose (f);
+ return count;
+}
+
+#ifdef XDMCP
+/*
+ * XdmcpInit calls this function to discover all authorization
+ * schemes supported by the display
+ */
+void
+RegisterAuthorizations (void)
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++)
+ XdmcpRegisterAuthorization (protocols[i].name,
+ (int)protocols[i].name_length);
+}
+#endif
+
+XID
+CheckAuthorization (
+ unsigned int name_length,
+ const char *name,
+ unsigned int data_length,
+ const char *data,
+ ClientPtr client,
+ char **reason) /* failure message. NULL for default msg */
+{
+ int i;
+ struct stat buf;
+ static time_t lastmod = 0;
+ static Bool loaded = FALSE;
+
+ if (!authorization_file || stat(authorization_file, &buf))
+ {
+ if (lastmod != 0) {
+ lastmod = 0;
+ ShouldLoadAuth = TRUE; /* stat lost, so force reload */
+ }
+ }
+ else if (buf.st_mtime > lastmod)
+ {
+ lastmod = buf.st_mtime;
+ ShouldLoadAuth = TRUE;
+ }
+ if (ShouldLoadAuth)
+ {
+ int loadauth = LoadAuthorization();
+
+ /*
+ * If the authorization file has at least one entry for this server,
+ * disable local host access. (loadauth > 0)
+ *
+ * If there are zero entries (either initially or when the
+ * authorization file is later reloaded), or if a valid
+ * authorization file was never loaded, enable local host access.
+ * (loadauth == 0 || !loaded)
+ *
+ * If the authorization file was loaded initially (with valid
+ * entries for this server), and reloading it later fails, don't
+ * change anything. (loadauth == -1 && loaded)
+ */
+
+ if (loadauth > 0)
+ {
+ DisableLocalHost(); /* got at least one */
+ loaded = TRUE;
+ }
+ else if (loadauth == 0 || !loaded)
+ EnableLocalHost ();
+ }
+ if (name_length) {
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0)
+ {
+ return (*protocols[i].Check) (data_length, data, client, reason);
+ }
+ *reason = "Protocol not supported by server\n";
+ }
+ } else *reason = "No protocol specified\n";
+ return (XID) ~0L;
+}
+
+void
+ResetAuthorization (void)
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++)
+ if (protocols[i].Reset)
+ (*protocols[i].Reset)();
+ ShouldLoadAuth = TRUE;
+}
+
+int
+AuthorizationFromID (
+ XID id,
+ unsigned short *name_lenp,
+ char **namep,
+ unsigned short *data_lenp,
+ char **datap)
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].FromID &&
+ (*protocols[i].FromID) (id, data_lenp, datap)) {
+ *name_lenp = protocols[i].name_length;
+ *namep = protocols[i].name;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+RemoveAuthorization (
+ unsigned short name_length,
+ const char *name,
+ unsigned short data_length,
+ const char *data)
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].Remove)
+ {
+ return (*protocols[i].Remove) (data_length, data);
+ }
+ }
+ return 0;
+}
+
+int
+AddAuthorization (unsigned name_length, const char *name,
+ unsigned data_length, char *data)
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].Add)
+ {
+ return (*protocols[i].Add) (data_length, data, FakeClientID(0));
+ }
+ }
+ return 0;
+}
+
+#ifdef XCSECURITY
+
+XID
+GenerateAuthorization(
+ unsigned name_length,
+ const char *name,
+ unsigned data_length,
+ const char *data,
+ unsigned *data_length_return,
+ char **data_return)
+{
+ int i;
+
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+ if (protocols[i].name_length == name_length &&
+ memcmp (protocols[i].name, name, (int) name_length) == 0 &&
+ protocols[i].Generate)
+ {
+ return (*protocols[i].Generate) (data_length, data,
+ FakeClientID(0), data_length_return, data_return);
+ }
+ }
+ return -1;
+}
+
+void
+GenerateRandomData (int len, char *buf)
+{
+#ifdef _MSC_VER
+ static HANDLE hAdvApi32;
+ static BOOLEAN (_stdcall * RtlGenRandom)(void *,unsigned long);
+
+ if (!hAdvApi32)
+ {
+ hAdvApi32=LoadLibrary("advapi32.dll");
+ RtlGenRandom=(BOOLEAN (_stdcall *)(void*,unsigned long))GetProcAddress(hAdvApi32,"SystemFunction036");
+ }
+ RtlGenRandom(buf, len);
+#else
+ int fd;
+
+ fd = open("/dev/urandom", O_RDONLY);
+ read(fd, buf, len);
+ close(fd);
+#endif
+}
+
+#endif /* XCSECURITY */
diff --git a/xorg-server/os/mitauth.c b/xorg-server/os/mitauth.c index a7968cbd7..5baf552bc 100644 --- a/xorg-server/os/mitauth.c +++ b/xorg-server/os/mitauth.c @@ -1,197 +1,197 @@ -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * MIT-MAGIC-COOKIE-1 authorization scheme - * Author: Keith Packard, MIT X Consortium - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#include <X11/X.h> -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" - -static struct auth { - struct auth *next; - unsigned short len; - char *data; - XID id; -} *mit_auth; - -int -MitAddCookie ( - unsigned short data_length, - char *data, - XID id) -{ - struct auth *new; - - new = xalloc (sizeof (struct auth)); - if (!new) - return 0; - new->data = xalloc ((unsigned) data_length); - if (!new->data) { - xfree(new); - return 0; - } - new->next = mit_auth; - mit_auth = new; - memmove(new->data, data, (int) data_length); - new->len = data_length; - new->id = id; - return 1; -} - -XID -MitCheckCookie ( - unsigned short data_length, - char *data, - ClientPtr client, - char **reason) -{ - struct auth *auth; - - for (auth = mit_auth; auth; auth=auth->next) { - if (data_length == auth->len && - memcmp (data, auth->data, (int) data_length) == 0) - return auth->id; - } - *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; - return (XID) -1; -} - -int -MitResetCookie (void) -{ - struct auth *auth, *next; - - for (auth = mit_auth; auth; auth=next) { - next = auth->next; - xfree (auth->data); - xfree (auth); - } - mit_auth = 0; - return 0; -} - -XID -MitToID ( - unsigned short data_length, - char *data) -{ - struct auth *auth; - - for (auth = mit_auth; auth; auth=auth->next) { - if (data_length == auth->len && - memcmp (data, auth->data, data_length) == 0) - return auth->id; - } - return (XID) -1; -} - -int -MitFromID ( - XID id, - unsigned short *data_lenp, - char **datap) -{ - struct auth *auth; - - for (auth = mit_auth; auth; auth=auth->next) { - if (id == auth->id) { - *data_lenp = auth->len; - *datap = auth->data; - return 1; - } - } - return 0; -} - -int -MitRemoveCookie ( - unsigned short data_length, - char *data) -{ - struct auth *auth, *prev; - - prev = 0; - for (auth = mit_auth; auth; prev = auth, auth=auth->next) { - if (data_length == auth->len && - memcmp (data, auth->data, data_length) == 0) - { - if (prev) - prev->next = auth->next; - else - mit_auth = auth->next; - xfree (auth->data); - xfree (auth); - return 1; - } - } - return 0; -} - -#ifdef XCSECURITY - -static char cookie[16]; /* 128 bits */ - -XID -MitGenerateCookie ( - unsigned data_length, - char *data, - XID id, - unsigned *data_length_return, - char **data_return) -{ - int i = 0; - int status; - - while (data_length--) - { - cookie[i++] += *data++; - if (i >= sizeof (cookie)) i = 0; - } - GenerateRandomData(sizeof (cookie), cookie); - status = MitAddCookie(sizeof (cookie), cookie, id); - if (!status) - { - id = -1; - } - else - { - *data_return = cookie; - *data_length_return = sizeof (cookie); - } - return id; -} - -#endif /* XCSECURITY */ +/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+
+*/
+
+/*
+ * MIT-MAGIC-COOKIE-1 authorization scheme
+ * Author: Keith Packard, MIT X Consortium
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include <X11/X.h>
+#include "os.h"
+#include "osdep.h"
+#include "dixstruct.h"
+
+static struct auth {
+ struct auth *next;
+ unsigned short len;
+ char *data;
+ XID id;
+} *mit_auth;
+
+int
+MitAddCookie (
+ unsigned short data_length,
+ const char *data,
+ XID id)
+{
+ struct auth *new;
+
+ new = xalloc (sizeof (struct auth));
+ if (!new)
+ return 0;
+ new->data = xalloc ((unsigned) data_length);
+ if (!new->data) {
+ xfree(new);
+ return 0;
+ }
+ new->next = mit_auth;
+ mit_auth = new;
+ memmove(new->data, data, (int) data_length);
+ new->len = data_length;
+ new->id = id;
+ return 1;
+}
+
+XID
+MitCheckCookie (
+ unsigned short data_length,
+ const char *data,
+ ClientPtr client,
+ char **reason)
+{
+ struct auth *auth;
+
+ for (auth = mit_auth; auth; auth=auth->next) {
+ if (data_length == auth->len &&
+ memcmp (data, auth->data, (int) data_length) == 0)
+ return auth->id;
+ }
+ *reason = "Invalid MIT-MAGIC-COOKIE-1 key";
+ return (XID) -1;
+}
+
+int
+MitResetCookie (void)
+{
+ struct auth *auth, *next;
+
+ for (auth = mit_auth; auth; auth=next) {
+ next = auth->next;
+ xfree (auth->data);
+ xfree (auth);
+ }
+ mit_auth = 0;
+ return 0;
+}
+
+XID
+MitToID (
+ unsigned short data_length,
+ char *data)
+{
+ struct auth *auth;
+
+ for (auth = mit_auth; auth; auth=auth->next) {
+ if (data_length == auth->len &&
+ memcmp (data, auth->data, data_length) == 0)
+ return auth->id;
+ }
+ return (XID) -1;
+}
+
+int
+MitFromID (
+ XID id,
+ unsigned short *data_lenp,
+ char **datap)
+{
+ struct auth *auth;
+
+ for (auth = mit_auth; auth; auth=auth->next) {
+ if (id == auth->id) {
+ *data_lenp = auth->len;
+ *datap = auth->data;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+MitRemoveCookie (
+ unsigned short data_length,
+ const char *data)
+{
+ struct auth *auth, *prev;
+
+ prev = 0;
+ for (auth = mit_auth; auth; prev = auth, auth=auth->next) {
+ if (data_length == auth->len &&
+ memcmp (data, auth->data, data_length) == 0)
+ {
+ if (prev)
+ prev->next = auth->next;
+ else
+ mit_auth = auth->next;
+ xfree (auth->data);
+ xfree (auth);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+#ifdef XCSECURITY
+
+static char cookie[16]; /* 128 bits */
+
+XID
+MitGenerateCookie (
+ unsigned data_length,
+ const char *data,
+ XID id,
+ unsigned *data_length_return,
+ char **data_return)
+{
+ int i = 0;
+ int status;
+
+ while (data_length--)
+ {
+ cookie[i++] += *data++;
+ if (i >= sizeof (cookie)) i = 0;
+ }
+ GenerateRandomData(sizeof (cookie), cookie);
+ status = MitAddCookie(sizeof (cookie), cookie, id);
+ if (!status)
+ {
+ id = -1;
+ }
+ else
+ {
+ *data_return = cookie;
+ *data_length_return = sizeof (cookie);
+ }
+ return id;
+}
+
+#endif /* XCSECURITY */
diff --git a/xorg-server/os/osdep.h b/xorg-server/os/osdep.h index fda1edf72..32b4a6763 100644 --- a/xorg-server/os/osdep.h +++ b/xorg-server/os/osdep.h @@ -114,7 +114,8 @@ SOFTWARE. #if defined(XDMCP) || defined(HASXDMAUTH)
typedef Bool (*ValidatorFunc)(ARRAY8Ptr Auth, ARRAY8Ptr Data, int packet_type);
typedef Bool (*GeneratorFunc)(ARRAY8Ptr Auth, ARRAY8Ptr Data, int packet_type);
-typedef Bool (*AddAuthorFunc)(unsigned name_length, char *name, unsigned data_length, char *data);
+typedef Bool (*AddAuthorFunc)(unsigned name_length, const char *name,
+ unsigned data_length, char *data);
#endif
typedef struct _connectionInput {
@@ -138,19 +139,19 @@ struct _osComm; #define AuthInitArgs void
typedef void (*AuthInitFunc) (AuthInitArgs);
-#define AuthAddCArgs unsigned short data_length, char *data, XID id
+#define AuthAddCArgs unsigned short data_length, const char *data, XID id
typedef int (*AuthAddCFunc) (AuthAddCArgs);
-#define AuthCheckArgs unsigned short data_length, char *data, ClientPtr client, char **reason
+#define AuthCheckArgs unsigned short data_length, const char *data, ClientPtr client, char **reason
typedef XID (*AuthCheckFunc) (AuthCheckArgs);
#define AuthFromIDArgs XID id, unsigned short *data_lenp, char **datap
typedef int (*AuthFromIDFunc) (AuthFromIDArgs);
-#define AuthGenCArgs unsigned data_length, char *data, XID id, unsigned *data_length_return, char **data_return
+#define AuthGenCArgs unsigned data_length, const char *data, XID id, unsigned *data_length_return, char **data_return
typedef XID (*AuthGenCFunc) (AuthGenCArgs);
-#define AuthRemCArgs unsigned short data_length, char *data
+#define AuthRemCArgs unsigned short data_length, const char *data
typedef int (*AuthRemCFunc) (AuthRemCArgs);
#define AuthRstCArgs void
@@ -254,29 +255,29 @@ extern void XdmcpUseMsg (void); extern int XdmcpOptions(int argc, char **argv, int i);
extern void XdmcpRegisterConnection (
int type,
- char *address,
+ const char *address,
int addrlen);
extern void XdmcpRegisterAuthorizations (void);
-extern void XdmcpRegisterAuthorization (char *name, int namelen);
+extern void XdmcpRegisterAuthorization (const char *name, int namelen);
extern void XdmcpInit (void);
extern void XdmcpReset (void);
extern void XdmcpOpenDisplay(int sock);
extern void XdmcpCloseDisplay(int sock);
extern void XdmcpRegisterAuthentication (
- char *name,
+ const char *name,
int namelen,
- char *data,
+ const char *data,
int datalen,
ValidatorFunc Validator,
GeneratorFunc Generator,
AddAuthorFunc AddAuth);
struct sockaddr_in;
-extern void XdmcpRegisterBroadcastAddress (struct sockaddr_in *addr);
+extern void XdmcpRegisterBroadcastAddress (const struct sockaddr_in *addr);
#endif
#ifdef HASXDMAUTH
-extern void XdmAuthenticationInit (char *cookie, int cookie_length);
+extern void XdmAuthenticationInit (const char *cookie, int cookie_length);
#endif
#endif /* _OSDEP_H_ */
diff --git a/xorg-server/os/rpcauth.c b/xorg-server/os/rpcauth.c index 5ddbe210b..a63304375 100644 --- a/xorg-server/os/rpcauth.c +++ b/xorg-server/os/rpcauth.c @@ -1,193 +1,193 @@ -/* - -Copyright 1991, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * SUN-DES-1 authentication mechanism - * Author: Mayank Choudhary, Sun Microsystems - */ - - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#ifdef SECURE_RPC - -#include <X11/X.h> -#include <X11/Xauth.h> -#include "misc.h" -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" - -#include <rpc/rpc.h> - -#ifdef sun -/* <rpc/auth.h> only includes this if _KERNEL is #defined... */ -extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); -#endif - -static enum auth_stat why; - -static char * -authdes_ezdecode(char *inmsg, int len) -{ - struct rpc_msg msg; - char cred_area[MAX_AUTH_BYTES]; - char verf_area[MAX_AUTH_BYTES]; - char *temp_inmsg; - struct svc_req r; - bool_t res0, res1; - XDR xdr; - SVCXPRT xprt; - - temp_inmsg = xalloc(len); - memmove(temp_inmsg, inmsg, len); - - memset((char *)&msg, 0, sizeof(msg)); - memset((char *)&r, 0, sizeof(r)); - memset(cred_area, 0, sizeof(cred_area)); - memset(verf_area, 0, sizeof(verf_area)); - - msg.rm_call.cb_cred.oa_base = cred_area; - msg.rm_call.cb_verf.oa_base = verf_area; - why = AUTH_FAILED; - xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); - - if ((r.rq_clntcred = xalloc(MAX_AUTH_BYTES)) == NULL) - goto bad1; - r.rq_xprt = &xprt; - - /* decode into msg */ - res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); - res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf)); - if ( ! (res0 && res1) ) - goto bad2; - - /* do the authentication */ - - r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */ - if (r.rq_cred.oa_flavor != AUTH_DES) { - why = AUTH_TOOWEAK; - goto bad2; - } -#ifdef SVR4 - if ((why = __authenticate(&r, &msg)) != AUTH_OK) { -#else - if ((why = _authenticate(&r, &msg)) != AUTH_OK) { -#endif - goto bad2; - } - return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name); - -bad2: - xfree(r.rq_clntcred); -bad1: - return ((char *)0); /* ((struct authdes_cred *) NULL); */ -} - -static XID rpc_id = (XID) ~0L; - -static Bool -CheckNetName ( - unsigned char *addr, - short len, - pointer closure -) -{ - return (len == strlen ((char *) closure) && - strncmp ((char *) addr, (char *) closure, len) == 0); -} - -static char rpc_error[MAXNETNAMELEN+50]; - -_X_HIDDEN XID -SecureRPCCheck (unsigned short data_length, char *data, - ClientPtr client, char **reason) -{ - char *fullname; - - if (rpc_id == (XID) ~0L) { - *reason = "Secure RPC authorization not initialized"; - } else { - fullname = authdes_ezdecode(data, data_length); - if (fullname == (char *)0) { - sprintf(rpc_error, "Unable to authenticate secure RPC client (why=%d)", why); - *reason = rpc_error; - } else { - if (ForEachHostInFamily (FamilyNetname, CheckNetName, fullname)) - return rpc_id; - sprintf(rpc_error, "Principal \"%s\" is not authorized to connect", - fullname); - *reason = rpc_error; - } - } - return (XID) ~0L; -} - -_X_HIDDEN void -SecureRPCInit (void) -{ - if (rpc_id == ~0L) - AddAuthorization (9, "SUN-DES-1", 0, (char *) 0); -} - -_X_HIDDEN int -SecureRPCAdd (unsigned short data_length, char *data, XID id) -{ - if (data_length) - AddHost ((pointer) 0, FamilyNetname, data_length, data); - rpc_id = id; - return 1; -} - -_X_HIDDEN int -SecureRPCReset (void) -{ - rpc_id = (XID) ~0L; - return 1; -} - -_X_HIDDEN XID -SecureRPCToID (unsigned short data_length, char *data) -{ - return rpc_id; -} - -_X_HIDDEN int -SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap) -{ - return 0; -} - -_X_HIDDEN int -SecureRPCRemove (unsigned short data_length, char *data) -{ - return 0; -} -#endif /* SECURE_RPC */ +/*
+
+Copyright 1991, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+
+*/
+
+/*
+ * SUN-DES-1 authentication mechanism
+ * Author: Mayank Choudhary, Sun Microsystems
+ */
+
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#ifdef SECURE_RPC
+
+#include <X11/X.h>
+#include <X11/Xauth.h>
+#include "misc.h"
+#include "os.h"
+#include "osdep.h"
+#include "dixstruct.h"
+
+#include <rpc/rpc.h>
+
+#ifdef sun
+/* <rpc/auth.h> only includes this if _KERNEL is #defined... */
+extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
+#endif
+
+static enum auth_stat why;
+
+static char *
+authdes_ezdecode(const char *inmsg, int len)
+{
+ struct rpc_msg msg;
+ char cred_area[MAX_AUTH_BYTES];
+ char verf_area[MAX_AUTH_BYTES];
+ char *temp_inmsg;
+ struct svc_req r;
+ bool_t res0, res1;
+ XDR xdr;
+ SVCXPRT xprt;
+
+ temp_inmsg = xalloc(len);
+ memmove(temp_inmsg, inmsg, len);
+
+ memset((char *)&msg, 0, sizeof(msg));
+ memset((char *)&r, 0, sizeof(r));
+ memset(cred_area, 0, sizeof(cred_area));
+ memset(verf_area, 0, sizeof(verf_area));
+
+ msg.rm_call.cb_cred.oa_base = cred_area;
+ msg.rm_call.cb_verf.oa_base = verf_area;
+ why = AUTH_FAILED;
+ xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE);
+
+ if ((r.rq_clntcred = xalloc(MAX_AUTH_BYTES)) == NULL)
+ goto bad1;
+ r.rq_xprt = &xprt;
+
+ /* decode into msg */
+ res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred));
+ res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf));
+ if ( ! (res0 && res1) )
+ goto bad2;
+
+ /* do the authentication */
+
+ r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */
+ if (r.rq_cred.oa_flavor != AUTH_DES) {
+ why = AUTH_TOOWEAK;
+ goto bad2;
+ }
+#ifdef SVR4
+ if ((why = __authenticate(&r, &msg)) != AUTH_OK) {
+#else
+ if ((why = _authenticate(&r, &msg)) != AUTH_OK) {
+#endif
+ goto bad2;
+ }
+ return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name);
+
+bad2:
+ xfree(r.rq_clntcred);
+bad1:
+ return ((char *)0); /* ((struct authdes_cred *) NULL); */
+}
+
+static XID rpc_id = (XID) ~0L;
+
+static Bool
+CheckNetName (
+ unsigned char *addr,
+ short len,
+ pointer closure
+)
+{
+ return (len == strlen ((char *) closure) &&
+ strncmp ((char *) addr, (char *) closure, len) == 0);
+}
+
+static char rpc_error[MAXNETNAMELEN+50];
+
+_X_HIDDEN XID
+SecureRPCCheck (unsigned short data_length, const char *data,
+ ClientPtr client, char **reason)
+{
+ char *fullname;
+
+ if (rpc_id == (XID) ~0L) {
+ *reason = "Secure RPC authorization not initialized";
+ } else {
+ fullname = authdes_ezdecode(data, data_length);
+ if (fullname == (char *)0) {
+ sprintf(rpc_error, "Unable to authenticate secure RPC client (why=%d)", why);
+ *reason = rpc_error;
+ } else {
+ if (ForEachHostInFamily (FamilyNetname, CheckNetName, fullname))
+ return rpc_id;
+ sprintf(rpc_error, "Principal \"%s\" is not authorized to connect",
+ fullname);
+ *reason = rpc_error;
+ }
+ }
+ return (XID) ~0L;
+}
+
+_X_HIDDEN void
+SecureRPCInit (void)
+{
+ if (rpc_id == ~0L)
+ AddAuthorization (9, "SUN-DES-1", 0, (char *) 0);
+}
+
+_X_HIDDEN int
+SecureRPCAdd (unsigned short data_length, const char *data, XID id)
+{
+ if (data_length)
+ AddHost ((pointer) 0, FamilyNetname, data_length, data);
+ rpc_id = id;
+ return 1;
+}
+
+_X_HIDDEN int
+SecureRPCReset (void)
+{
+ rpc_id = (XID) ~0L;
+ return 1;
+}
+
+_X_HIDDEN XID
+SecureRPCToID (unsigned short data_length, char *data)
+{
+ return rpc_id;
+}
+
+_X_HIDDEN int
+SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap)
+{
+ return 0;
+}
+
+_X_HIDDEN int
+SecureRPCRemove (unsigned short data_length, const char *data)
+{
+ return 0;
+}
+#endif /* SECURE_RPC */
diff --git a/xorg-server/os/xdmauth.c b/xorg-server/os/xdmauth.c index e19e4f93d..7834b56f8 100644 --- a/xorg-server/os/xdmauth.c +++ b/xorg-server/os/xdmauth.c @@ -1,499 +1,499 @@ -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * XDM-AUTHENTICATION-1 (XDMCP authentication) and - * XDM-AUTHORIZATION-1 (client authorization) protocols - * - * Author: Keith Packard, MIT X Consortium - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#include <stdio.h> -#include <X11/X.h> -#define XSERV_t -#define TRANS_SERVER -#define TRANS_REOPEN -#include <X11/Xtrans/Xtrans.h> -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" - -#ifdef HASXDMAUTH - -static Bool authFromXDMCP; - -#ifdef XDMCP -#include <X11/Xmd.h> -#undef REQUEST -#include <X11/Xdmcp.h> - -/* XDM-AUTHENTICATION-1 */ - -static XdmAuthKeyRec privateKey; -static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1"; -#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1) -static XdmAuthKeyRec rho; - -static Bool -XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData, - xdmOpCode packet_type) -{ - XdmAuthKeyPtr incoming; - - XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey, - incomingData->data,incomingData->length); - if (packet_type == ACCEPT) { - if (incomingData->length != 8) - return FALSE; - incoming = (XdmAuthKeyPtr) incomingData->data; - XdmcpDecrementKey (incoming); - return XdmcpCompareKeys (incoming, &rho); - } - return FALSE; -} - -static Bool -XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData, - xdmOpCode packet_type) -{ - outgoingData->length = 0; - outgoingData->data = 0; - if (packet_type == REQUEST) { - if (XdmcpAllocARRAY8 (outgoingData, 8)) - XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey, - outgoingData->data, 8); - } - return TRUE; -} - -static Bool -XdmAuthenticationAddAuth (int name_len, char *name, - int data_len, char *data) -{ - Bool ret; - XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey, - (unsigned char *)data, data_len); - authFromXDMCP = TRUE; - ret = AddAuthorization (name_len, name, data_len, data); - authFromXDMCP = FALSE; - return ret; -} - - -#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \ - 'a' <= c && c <= 'f' ? c - 'a' + 10 : \ - 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1) - -static int -HexToBinary (char *in, char *out, int len) -{ - int top, bottom; - - while (len > 0) - { - top = atox(in[0]); - if (top == -1) - return 0; - bottom = atox(in[1]); - if (bottom == -1) - return 0; - *out++ = (top << 4) | bottom; - in += 2; - len -= 2; - } - if (len) - return 0; - *out++ = '\0'; - return 1; -} - -void -XdmAuthenticationInit (char *cookie, int cookie_len) -{ - bzero (privateKey.data, 8); - if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2)) - { - if (cookie_len > 2 + 2 * 8) - cookie_len = 2 + 2 * 8; - HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2); - } - else - { - if (cookie_len > 7) - cookie_len = 7; - memmove (privateKey.data + 1, cookie, cookie_len); - } - XdmcpGenerateKey (&rho); - XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen, - (char *)&rho, - sizeof (rho), - (ValidatorFunc)XdmAuthenticationValidator, - (GeneratorFunc)XdmAuthenticationGenerator, - (AddAuthorFunc)XdmAuthenticationAddAuth); -} - -#endif /* XDMCP */ - -/* XDM-AUTHORIZATION-1 */ -typedef struct _XdmAuthorization { - struct _XdmAuthorization *next; - XdmAuthKeyRec rho; - XdmAuthKeyRec key; - XID id; -} XdmAuthorizationRec, *XdmAuthorizationPtr; - -static XdmAuthorizationPtr xdmAuth; - -typedef struct _XdmClientAuth { - struct _XdmClientAuth *next; - XdmAuthKeyRec rho; - char client[6]; - long time; -} XdmClientAuthRec, *XdmClientAuthPtr; - -static XdmClientAuthPtr xdmClients; -static long clockOffset; -static Bool gotClock; - -#define TwentyMinutes (20 * 60) -#define TwentyFiveMinutes (25 * 60) - -static Bool -XdmClientAuthCompare (XdmClientAuthPtr a, XdmClientAuthPtr b) -{ - int i; - - if (!XdmcpCompareKeys (&a->rho, &b->rho)) - return FALSE; - for (i = 0; i < 6; i++) - if (a->client[i] != b->client[i]) - return FALSE; - return a->time == b->time; -} - -static void -XdmClientAuthDecode (unsigned char *plain, XdmClientAuthPtr auth) -{ - int i, j; - - j = 0; - for (i = 0; i < 8; i++) - { - auth->rho.data[i] = plain[j]; - ++j; - } - for (i = 0; i < 6; i++) - { - auth->client[i] = plain[j]; - ++j; - } - auth->time = 0; - for (i = 0; i < 4; i++) - { - auth->time |= plain[j] << ((3 - i) << 3); - j++; - } -} - -static void -XdmClientAuthTimeout (long now) -{ - XdmClientAuthPtr client, next, prev; - - prev = 0; - for (client = xdmClients; client; client=next) - { - next = client->next; - if (abs (now - client->time) > TwentyFiveMinutes) - { - if (prev) - prev->next = next; - else - xdmClients = next; - xfree (client); - } - else - prev = client; - } -} - -static XdmClientAuthPtr -XdmAuthorizationValidate (unsigned char *plain, int length, - XdmAuthKeyPtr rho, ClientPtr xclient, char **reason) -{ - XdmClientAuthPtr client, existing; - long now; - int i; - - if (length != (192 / 8)) { - if (reason) - *reason = "Bad XDM authorization key length"; - return NULL; - } - client = xalloc (sizeof (XdmClientAuthRec)); - if (!client) - return NULL; - XdmClientAuthDecode (plain, client); - if (!XdmcpCompareKeys (&client->rho, rho)) - { - xfree (client); - if (reason) - *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)"; - return NULL; - } - for (i = 18; i < 24; i++) - if (plain[i] != 0) { - xfree (client); - if (reason) - *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)"; - return NULL; - } - if (xclient) { - int family, addr_len; - Xtransaddr *addr; - - if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn, - &family, &addr_len, &addr) == 0 - && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) { -#if defined(TCPCONN) || defined(STREAMSCONN) - if (family == FamilyInternet && - memcmp((char *)addr, client->client, 4) != 0) { - xfree (client); - xfree (addr); - if (reason) - *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)"; - return NULL; - - } -#endif - xfree (addr); - } - } - now = time(0); - if (!gotClock) - { - clockOffset = client->time - now; - gotClock = TRUE; - } - now += clockOffset; - XdmClientAuthTimeout (now); - if (abs (client->time - now) > TwentyMinutes) - { - xfree (client); - if (reason) - *reason = "Excessive XDM-AUTHORIZATION-1 time offset"; - return NULL; - } - for (existing = xdmClients; existing; existing=existing->next) - { - if (XdmClientAuthCompare (existing, client)) - { - xfree (client); - if (reason) - *reason = "XDM authorization key matches an existing client!"; - return NULL; - } - } - return client; -} - -int -XdmAddCookie (unsigned short data_length, char *data, XID id) -{ - XdmAuthorizationPtr new; - unsigned char *rho_bits, *key_bits; - - switch (data_length) - { - case 16: /* auth from files is 16 bytes long */ -#ifdef XDMCP - if (authFromXDMCP) - { - /* R5 xdm sent bogus authorization data in the accept packet, - * but we can recover */ - rho_bits = rho.data; - key_bits = (unsigned char *) data; - key_bits[0] = '\0'; - } - else -#endif - { - rho_bits = (unsigned char *) data; - key_bits = (unsigned char *) (data + 8); - } - break; -#ifdef XDMCP - case 8: /* auth from XDMCP is 8 bytes long */ - rho_bits = rho.data; - key_bits = (unsigned char *) data; - break; -#endif - default: - return 0; - } - /* the first octet of the key must be zero */ - if (key_bits[0] != '\0') - return 0; - new = xalloc (sizeof (XdmAuthorizationRec)); - if (!new) - return 0; - new->next = xdmAuth; - xdmAuth = new; - memmove (new->key.data, key_bits, (int) 8); - memmove (new->rho.data, rho_bits, (int) 8); - new->id = id; - return 1; -} - -XID -XdmCheckCookie (unsigned short cookie_length, char *cookie, - ClientPtr xclient, char **reason) -{ - XdmAuthorizationPtr auth; - XdmClientAuthPtr client; - unsigned char *plain; - - /* Auth packets must be a multiple of 8 bytes long */ - if (cookie_length & 7) - return (XID) -1; - plain = xalloc (cookie_length); - if (!plain) - return (XID) -1; - for (auth = xdmAuth; auth; auth=auth->next) { - XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); - if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL) - { - client->next = xdmClients; - xdmClients = client; - xfree (plain); - return auth->id; - } - } - xfree (plain); - return (XID) -1; -} - -int -XdmResetCookie (void) -{ - XdmAuthorizationPtr auth, next_auth; - XdmClientAuthPtr client, next_client; - - for (auth = xdmAuth; auth; auth=next_auth) - { - next_auth = auth->next; - xfree (auth); - } - xdmAuth = 0; - for (client = xdmClients; client; client=next_client) - { - next_client = client->next; - xfree (client); - } - xdmClients = (XdmClientAuthPtr) 0; - return 1; -} - -XID -XdmToID (unsigned short cookie_length, char *cookie) -{ - XdmAuthorizationPtr auth; - XdmClientAuthPtr client; - unsigned char *plain; - - plain = xalloc (cookie_length); - if (!plain) - return (XID) -1; - for (auth = xdmAuth; auth; auth=auth->next) { - XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); - if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL) - { - xfree (client); - xfree (cookie); - xfree (plain); - return auth->id; - } - } - xfree (cookie); - xfree (plain); - return (XID) -1; -} - -int -XdmFromID (XID id, unsigned short *data_lenp, char **datap) -{ - XdmAuthorizationPtr auth; - - for (auth = xdmAuth; auth; auth=auth->next) { - if (id == auth->id) { - *data_lenp = 16; - *datap = (char *) &auth->rho; - return 1; - } - } - return 0; -} - -int -XdmRemoveCookie (unsigned short data_length, char *data) -{ - XdmAuthorizationPtr auth; - XdmAuthKeyPtr key_bits, rho_bits; - - switch (data_length) - { - case 16: - rho_bits = (XdmAuthKeyPtr) data; - key_bits = (XdmAuthKeyPtr) (data + 8); - break; -#ifdef XDMCP - case 8: - rho_bits = ρ - key_bits = (XdmAuthKeyPtr) data; - break; -#endif - default: - return 0; - } - for (auth = xdmAuth; auth; auth=auth->next) { - if (XdmcpCompareKeys (rho_bits, &auth->rho) && - XdmcpCompareKeys (key_bits, &auth->key)) - { - xdmAuth = auth->next; - xfree (auth); - return 1; - } - } - return 0; -} - -#endif +/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+
+*/
+
+/*
+ * XDM-AUTHENTICATION-1 (XDMCP authentication) and
+ * XDM-AUTHORIZATION-1 (client authorization) protocols
+ *
+ * Author: Keith Packard, MIT X Consortium
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include <stdio.h>
+#include <X11/X.h>
+#define XSERV_t
+#define TRANS_SERVER
+#define TRANS_REOPEN
+#include <X11/Xtrans/Xtrans.h>
+#include "os.h"
+#include "osdep.h"
+#include "dixstruct.h"
+
+#ifdef HASXDMAUTH
+
+static Bool authFromXDMCP;
+
+#ifdef XDMCP
+#include <X11/Xmd.h>
+#undef REQUEST
+#include <X11/Xdmcp.h>
+
+/* XDM-AUTHENTICATION-1 */
+
+static XdmAuthKeyRec privateKey;
+static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1";
+#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1)
+static XdmAuthKeyRec rho;
+
+static Bool
+XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData,
+ xdmOpCode packet_type)
+{
+ XdmAuthKeyPtr incoming;
+
+ XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey,
+ incomingData->data,incomingData->length);
+ if (packet_type == ACCEPT) {
+ if (incomingData->length != 8)
+ return FALSE;
+ incoming = (XdmAuthKeyPtr) incomingData->data;
+ XdmcpDecrementKey (incoming);
+ return XdmcpCompareKeys (incoming, &rho);
+ }
+ return FALSE;
+}
+
+static Bool
+XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData,
+ xdmOpCode packet_type)
+{
+ outgoingData->length = 0;
+ outgoingData->data = 0;
+ if (packet_type == REQUEST) {
+ if (XdmcpAllocARRAY8 (outgoingData, 8))
+ XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey,
+ outgoingData->data, 8);
+ }
+ return TRUE;
+}
+
+static Bool
+XdmAuthenticationAddAuth (int name_len, const char *name,
+ int data_len, char *data)
+{
+ Bool ret;
+ XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey,
+ (unsigned char *)data, data_len);
+ authFromXDMCP = TRUE;
+ ret = AddAuthorization (name_len, name, data_len, data);
+ authFromXDMCP = FALSE;
+ return ret;
+}
+
+
+#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \
+ 'a' <= c && c <= 'f' ? c - 'a' + 10 : \
+ 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1)
+
+static int
+HexToBinary (const char *in, char *out, int len)
+{
+ int top, bottom;
+
+ while (len > 0)
+ {
+ top = atox(in[0]);
+ if (top == -1)
+ return 0;
+ bottom = atox(in[1]);
+ if (bottom == -1)
+ return 0;
+ *out++ = (top << 4) | bottom;
+ in += 2;
+ len -= 2;
+ }
+ if (len)
+ return 0;
+ *out++ = '\0';
+ return 1;
+}
+
+void
+XdmAuthenticationInit (const char *cookie, int cookie_len)
+{
+ bzero (privateKey.data, 8);
+ if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2))
+ {
+ if (cookie_len > 2 + 2 * 8)
+ cookie_len = 2 + 2 * 8;
+ HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2);
+ }
+ else
+ {
+ if (cookie_len > 7)
+ cookie_len = 7;
+ memmove (privateKey.data + 1, cookie, cookie_len);
+ }
+ XdmcpGenerateKey (&rho);
+ XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen,
+ (char *)&rho,
+ sizeof (rho),
+ (ValidatorFunc)XdmAuthenticationValidator,
+ (GeneratorFunc)XdmAuthenticationGenerator,
+ (AddAuthorFunc)XdmAuthenticationAddAuth);
+}
+
+#endif /* XDMCP */
+
+/* XDM-AUTHORIZATION-1 */
+typedef struct _XdmAuthorization {
+ struct _XdmAuthorization *next;
+ XdmAuthKeyRec rho;
+ XdmAuthKeyRec key;
+ XID id;
+} XdmAuthorizationRec, *XdmAuthorizationPtr;
+
+static XdmAuthorizationPtr xdmAuth;
+
+typedef struct _XdmClientAuth {
+ struct _XdmClientAuth *next;
+ XdmAuthKeyRec rho;
+ char client[6];
+ long time;
+} XdmClientAuthRec, *XdmClientAuthPtr;
+
+static XdmClientAuthPtr xdmClients;
+static long clockOffset;
+static Bool gotClock;
+
+#define TwentyMinutes (20 * 60)
+#define TwentyFiveMinutes (25 * 60)
+
+static Bool
+XdmClientAuthCompare (const XdmClientAuthPtr a, const XdmClientAuthPtr b)
+{
+ int i;
+
+ if (!XdmcpCompareKeys (&a->rho, &b->rho))
+ return FALSE;
+ for (i = 0; i < 6; i++)
+ if (a->client[i] != b->client[i])
+ return FALSE;
+ return a->time == b->time;
+}
+
+static void
+XdmClientAuthDecode (const unsigned char *plain, XdmClientAuthPtr auth)
+{
+ int i, j;
+
+ j = 0;
+ for (i = 0; i < 8; i++)
+ {
+ auth->rho.data[i] = plain[j];
+ ++j;
+ }
+ for (i = 0; i < 6; i++)
+ {
+ auth->client[i] = plain[j];
+ ++j;
+ }
+ auth->time = 0;
+ for (i = 0; i < 4; i++)
+ {
+ auth->time |= plain[j] << ((3 - i) << 3);
+ j++;
+ }
+}
+
+static void
+XdmClientAuthTimeout (long now)
+{
+ XdmClientAuthPtr client, next, prev;
+
+ prev = 0;
+ for (client = xdmClients; client; client=next)
+ {
+ next = client->next;
+ if (abs (now - client->time) > TwentyFiveMinutes)
+ {
+ if (prev)
+ prev->next = next;
+ else
+ xdmClients = next;
+ xfree (client);
+ }
+ else
+ prev = client;
+ }
+}
+
+static XdmClientAuthPtr
+XdmAuthorizationValidate (unsigned char *plain, int length,
+ XdmAuthKeyPtr rho, ClientPtr xclient, char **reason)
+{
+ XdmClientAuthPtr client, existing;
+ long now;
+ int i;
+
+ if (length != (192 / 8)) {
+ if (reason)
+ *reason = "Bad XDM authorization key length";
+ return NULL;
+ }
+ client = xalloc (sizeof (XdmClientAuthRec));
+ if (!client)
+ return NULL;
+ XdmClientAuthDecode (plain, client);
+ if (!XdmcpCompareKeys (&client->rho, rho))
+ {
+ xfree (client);
+ if (reason)
+ *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)";
+ return NULL;
+ }
+ for (i = 18; i < 24; i++)
+ if (plain[i] != 0) {
+ xfree (client);
+ if (reason)
+ *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)";
+ return NULL;
+ }
+ if (xclient) {
+ int family, addr_len;
+ Xtransaddr *addr;
+
+ if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn,
+ &family, &addr_len, &addr) == 0
+ && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) {
+#if defined(TCPCONN) || defined(STREAMSCONN)
+ if (family == FamilyInternet &&
+ memcmp((char *)addr, client->client, 4) != 0) {
+ xfree (client);
+ xfree (addr);
+ if (reason)
+ *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)";
+ return NULL;
+
+ }
+#endif
+ xfree (addr);
+ }
+ }
+ now = time(0);
+ if (!gotClock)
+ {
+ clockOffset = client->time - now;
+ gotClock = TRUE;
+ }
+ now += clockOffset;
+ XdmClientAuthTimeout (now);
+ if (abs (client->time - now) > TwentyMinutes)
+ {
+ xfree (client);
+ if (reason)
+ *reason = "Excessive XDM-AUTHORIZATION-1 time offset";
+ return NULL;
+ }
+ for (existing = xdmClients; existing; existing=existing->next)
+ {
+ if (XdmClientAuthCompare (existing, client))
+ {
+ xfree (client);
+ if (reason)
+ *reason = "XDM authorization key matches an existing client!";
+ return NULL;
+ }
+ }
+ return client;
+}
+
+int
+XdmAddCookie (unsigned short data_length, const char *data, XID id)
+{
+ XdmAuthorizationPtr new;
+ unsigned char *rho_bits, *key_bits;
+
+ switch (data_length)
+ {
+ case 16: /* auth from files is 16 bytes long */
+#ifdef XDMCP
+ if (authFromXDMCP)
+ {
+ /* R5 xdm sent bogus authorization data in the accept packet,
+ * but we can recover */
+ rho_bits = rho.data;
+ key_bits = (unsigned char *) data;
+ key_bits[0] = '\0';
+ }
+ else
+#endif
+ {
+ rho_bits = (unsigned char *) data;
+ key_bits = (unsigned char *) (data + 8);
+ }
+ break;
+#ifdef XDMCP
+ case 8: /* auth from XDMCP is 8 bytes long */
+ rho_bits = rho.data;
+ key_bits = (unsigned char *) data;
+ break;
+#endif
+ default:
+ return 0;
+ }
+ /* the first octet of the key must be zero */
+ if (key_bits[0] != '\0')
+ return 0;
+ new = xalloc (sizeof (XdmAuthorizationRec));
+ if (!new)
+ return 0;
+ new->next = xdmAuth;
+ xdmAuth = new;
+ memmove (new->key.data, key_bits, (int) 8);
+ memmove (new->rho.data, rho_bits, (int) 8);
+ new->id = id;
+ return 1;
+}
+
+XID
+XdmCheckCookie (unsigned short cookie_length, const char *cookie,
+ ClientPtr xclient, char **reason)
+{
+ XdmAuthorizationPtr auth;
+ XdmClientAuthPtr client;
+ unsigned char *plain;
+
+ /* Auth packets must be a multiple of 8 bytes long */
+ if (cookie_length & 7)
+ return (XID) -1;
+ plain = xalloc (cookie_length);
+ if (!plain)
+ return (XID) -1;
+ for (auth = xdmAuth; auth; auth=auth->next) {
+ XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
+ if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL)
+ {
+ client->next = xdmClients;
+ xdmClients = client;
+ xfree (plain);
+ return auth->id;
+ }
+ }
+ xfree (plain);
+ return (XID) -1;
+}
+
+int
+XdmResetCookie (void)
+{
+ XdmAuthorizationPtr auth, next_auth;
+ XdmClientAuthPtr client, next_client;
+
+ for (auth = xdmAuth; auth; auth=next_auth)
+ {
+ next_auth = auth->next;
+ xfree (auth);
+ }
+ xdmAuth = 0;
+ for (client = xdmClients; client; client=next_client)
+ {
+ next_client = client->next;
+ xfree (client);
+ }
+ xdmClients = (XdmClientAuthPtr) 0;
+ return 1;
+}
+
+XID
+XdmToID (unsigned short cookie_length, char *cookie)
+{
+ XdmAuthorizationPtr auth;
+ XdmClientAuthPtr client;
+ unsigned char *plain;
+
+ plain = xalloc (cookie_length);
+ if (!plain)
+ return (XID) -1;
+ for (auth = xdmAuth; auth; auth=auth->next) {
+ XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
+ if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL)
+ {
+ xfree (client);
+ xfree (cookie);
+ xfree (plain);
+ return auth->id;
+ }
+ }
+ xfree (cookie);
+ xfree (plain);
+ return (XID) -1;
+}
+
+int
+XdmFromID (XID id, unsigned short *data_lenp, char **datap)
+{
+ XdmAuthorizationPtr auth;
+
+ for (auth = xdmAuth; auth; auth=auth->next) {
+ if (id == auth->id) {
+ *data_lenp = 16;
+ *datap = (char *) &auth->rho;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int
+XdmRemoveCookie (unsigned short data_length, const char *data)
+{
+ XdmAuthorizationPtr auth;
+ XdmAuthKeyPtr key_bits, rho_bits;
+
+ switch (data_length)
+ {
+ case 16:
+ rho_bits = (XdmAuthKeyPtr) data;
+ key_bits = (XdmAuthKeyPtr) (data + 8);
+ break;
+#ifdef XDMCP
+ case 8:
+ rho_bits = ρ
+ key_bits = (XdmAuthKeyPtr) data;
+ break;
+#endif
+ default:
+ return 0;
+ }
+ for (auth = xdmAuth; auth; auth=auth->next) {
+ if (XdmcpCompareKeys (rho_bits, &auth->rho) &&
+ XdmcpCompareKeys (key_bits, &auth->key))
+ {
+ xdmAuth = auth->next;
+ xfree (auth);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+#endif
diff --git a/xorg-server/os/xdmcp.c b/xorg-server/os/xdmcp.c index d6447e50a..ca890871e 100644 --- a/xorg-server/os/xdmcp.c +++ b/xorg-server/os/xdmcp.c @@ -1,1666 +1,1666 @@ -/* - * Copyright 1989 Network Computing Devices, Inc., Mountain View, California. - * - * Permission to use, copy, modify, and distribute this software and its - * documentation for any purpose and without fee is hereby granted, provided - * that the above copyright notice appear in all copies and that both that - * copyright notice and this permission notice appear in supporting - * documentation, and that the name of N.C.D. not be used in advertising or - * publicity pertaining to distribution of the software without specific, - * written prior permission. N.C.D. makes no representations about the - * suitability of this software for any purpose. It is provided "as is" - * without express or implied warranty. - * - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#ifdef WIN32 -#include <X11/Xwinsock.h> -#endif - -#include <X11/Xos.h> - -#if !defined(WIN32) -#include <sys/param.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netdb.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <X11/X.h> -#include <X11/Xmd.h> -#include "misc.h" -#include <X11/Xpoll.h> -#include "osdep.h" -#include "input.h" -#include "dixstruct.h" -#include "opaque.h" -#include "site.h" - -#ifdef STREAMSCONN -#include <tiuser.h> -#include <netconfig.h> -#include <netdir.h> -#endif - -#ifdef XDMCP -#undef REQUEST - -#ifdef XDMCP_NO_IPV6 -#undef IPv6 -#endif - -#include <X11/Xdmcp.h> - -#define X_INCLUDE_NETDB_H -#include <X11/Xos_r.h> - -static char *defaultDisplayClass = COMPILEDDISPLAYCLASS; - -static int xdmcpSocket, sessionSocket; -static xdmcp_states state; -#if defined(IPv6) && defined(AF_INET6) -static int xdmcpSocket6; -static struct sockaddr_storage req_sockaddr; -#else -static struct sockaddr_in req_sockaddr; -#endif -static int req_socklen; -static CARD32 SessionID; -static CARD32 timeOutTime; -static int timeOutRtx; -static CARD32 defaultKeepaliveDormancy = XDM_DEF_DORMANCY; -static CARD32 keepaliveDormancy = XDM_DEF_DORMANCY; -static CARD16 DisplayNumber; -static xdmcp_states XDM_INIT_STATE = XDM_OFF; -#ifdef HASXDMAUTH -static char *xdmAuthCookie; -#endif - -static XdmcpBuffer buffer; - -#if defined(IPv6) && defined(AF_INET6) - -static struct addrinfo *mgrAddr; -static struct addrinfo *mgrAddrFirst; - -#define SOCKADDR_TYPE struct sockaddr_storage -#define SOCKADDR_FAMILY(s) ((struct sockaddr *)&(s))->sa_family - -#ifdef BSD44SOCKETS -#define SOCKLEN_FIELD(s) ((struct sockaddr *)&(s))->sa_len -#define SOCKLEN_TYPE unsigned char -#else -#define SOCKLEN_TYPE unsigned int -#endif - -#else - -#define SOCKADDR_TYPE struct sockaddr_in -#define SOCKADDR_FAMILY(s) (s).sin_family - -#ifdef BSD44SOCKETS -#define SOCKLEN_FIELD(s) (s).sin_len -#define SOCKLEN_TYPE unsigned char -#else -#define SOCKLEN_TYPE size_t -#endif - -#endif - -static SOCKADDR_TYPE ManagerAddress; -static SOCKADDR_TYPE FromAddress; - -#ifdef SOCKLEN_FIELD -#define ManagerAddressLen SOCKLEN_FIELD(ManagerAddress) -#define FromAddressLen SOCKLEN_FIELD(FromAddress) -#else -static SOCKLEN_TYPE ManagerAddressLen, FromAddressLen; -#endif - -#if defined(IPv6) && defined(AF_INET6) -static struct multicastinfo { - struct multicastinfo *next; - struct addrinfo *ai; - int hops; -} *mcastlist; -#endif - -static void XdmcpAddHost( - struct sockaddr *from, - int fromlen, - ARRAY8Ptr AuthenticationName, - ARRAY8Ptr hostname, - ARRAY8Ptr status); - -static void XdmcpSelectHost( - struct sockaddr *host_sockaddr, - int host_len, - ARRAY8Ptr AuthenticationName); - -static void get_xdmcp_sock(void); - -static void send_query_msg(void); - -static void recv_willing_msg( - struct sockaddr * /*from*/, - int /*fromlen*/, - unsigned /*length*/); - -static void send_request_msg(void); - -static void recv_accept_msg(unsigned /*length*/); - -static void recv_decline_msg(unsigned /*length*/); - -static void send_manage_msg(void); - -static void recv_refuse_msg(unsigned /*length*/); - -static void recv_failed_msg(unsigned /*length*/); - -static void send_keepalive_msg(void); - -static void recv_alive_msg(unsigned /*length*/); - -static void XdmcpFatal( - char * /*type*/, - ARRAY8Ptr /*status*/); - -static void XdmcpWarning(char * /*str*/); - -static void get_manager_by_name( - int /*argc*/, - char ** /*argv*/, - int /*i*/); - -static void get_fromaddr_by_name(int /*argc*/, char ** /*argv*/, int /*i*/); - -#if defined(IPv6) && defined(AF_INET6) -static int get_mcast_options(int /*argc*/, char ** /*argv*/, int /*i*/); -#endif - -static void receive_packet(int /*socketfd*/); - -static void send_packet(void); - -static void timeout(void); - -static void restart(void); - -static void XdmcpBlockHandler( - pointer /*data*/, - struct timeval ** /*wt*/, - pointer /*LastSelectMask*/); - -static void XdmcpWakeupHandler( - pointer /*data*/, - int /*i*/, - pointer /*LastSelectMask*/); - -#define XSERV_t -#define TRANS_SERVER -#define TRANS_REOPEN -#include <X11/Xtrans/Xtrans.h> - -/* - * Register the Manufacturer display ID - */ - -static ARRAY8 ManufacturerDisplayID; - -static void -XdmcpRegisterManufacturerDisplayID (char *name, int length) -{ - int i; - - XdmcpDisposeARRAY8 (&ManufacturerDisplayID); - if (!XdmcpAllocARRAY8 (&ManufacturerDisplayID, length)) - return; - for (i = 0; i < length; i++) - ManufacturerDisplayID.data[i] = (CARD8) name[i]; -} - -static unsigned short xdm_udp_port = XDM_UDP_PORT; -static Bool OneSession = FALSE; -static const char *xdm_from = NULL; - -void -XdmcpUseMsg (void) -{ - ErrorF("-query host-name contact named host for XDMCP\n"); - ErrorF("-broadcast broadcast for XDMCP\n"); -#if defined(IPv6) && defined(AF_INET6) - ErrorF("-multicast [addr [hops]] IPv6 multicast for XDMCP\n"); -#endif - ErrorF("-indirect host-name contact named host for indirect XDMCP\n"); - ErrorF("-port port-num UDP port number to send messages to\n"); - ErrorF("-from local-address specify the local address to connect from\n"); - ErrorF("-once Terminate server after one session\n"); - ErrorF("-class display-class specify display class to send in manage\n"); -#ifdef HASXDMAUTH - ErrorF("-cookie xdm-auth-bits specify the magic cookie for XDMCP\n"); -#endif - ErrorF("-displayID display-id manufacturer display ID for request\n"); -} - -int -XdmcpOptions(int argc, char **argv, int i) -{ - if (strcmp(argv[i], "-query") == 0) { - get_manager_by_name(argc, argv, i++); - XDM_INIT_STATE = XDM_QUERY; - AccessUsingXdmcp (); - return (i + 1); - } - if (strcmp(argv[i], "-broadcast") == 0) { - XDM_INIT_STATE = XDM_BROADCAST; - AccessUsingXdmcp (); - return (i + 1); - } -#if defined(IPv6) && defined(AF_INET6) - if (strcmp(argv[i], "-multicast") == 0) { - i = get_mcast_options(argc, argv, ++i); - XDM_INIT_STATE = XDM_MULTICAST; - AccessUsingXdmcp (); - return (i + 1); - } -#endif - if (strcmp(argv[i], "-indirect") == 0) { - get_manager_by_name(argc, argv, i++); - XDM_INIT_STATE = XDM_INDIRECT; - AccessUsingXdmcp (); - return (i + 1); - } - if (strcmp(argv[i], "-port") == 0) { - if (++i == argc) { - FatalError("Xserver: missing port number in command line\n"); - } - xdm_udp_port = (unsigned short) atoi(argv[i]); - return (i + 1); - } - if (strcmp(argv[i], "-from") == 0) { - get_fromaddr_by_name(argc, argv, ++i); - return (i + 1); - } - if (strcmp(argv[i], "-once") == 0) { - OneSession = TRUE; - return (i + 1); - } - if (strcmp(argv[i], "-class") == 0) { - if (++i == argc) { - FatalError("Xserver: missing class name in command line\n"); - } - defaultDisplayClass = argv[i]; - return (i + 1); - } -#ifdef HASXDMAUTH - if (strcmp(argv[i], "-cookie") == 0) { - if (++i == argc) { - FatalError("Xserver: missing cookie data in command line\n"); - } - xdmAuthCookie = argv[i]; - return (i + 1); - } -#endif - if (strcmp(argv[i], "-displayID") == 0) { - if (++i == argc) { - FatalError("Xserver: missing displayID in command line\n"); - } - XdmcpRegisterManufacturerDisplayID (argv[i], strlen (argv[i])); - return (i + 1); - } - return (i); -} - -/* - * This section is a collection of routines for - * registering server-specific data with the XDMCP - * state machine. - */ - - -/* - * Save all broadcast addresses away so BroadcastQuery - * packets get sent everywhere - */ - -#define MAX_BROADCAST 10 - -/* This stays sockaddr_in since IPv6 doesn't support broadcast */ -static struct sockaddr_in BroadcastAddresses[MAX_BROADCAST]; -static int NumBroadcastAddresses; - -void -XdmcpRegisterBroadcastAddress (struct sockaddr_in *addr) -{ - struct sockaddr_in *bcast; - if (NumBroadcastAddresses >= MAX_BROADCAST) - return; - bcast = &BroadcastAddresses[NumBroadcastAddresses++]; - bzero (bcast, sizeof (struct sockaddr_in)); -#ifdef BSD44SOCKETS - bcast->sin_len = addr->sin_len; -#endif - bcast->sin_family = addr->sin_family; - bcast->sin_port = htons (xdm_udp_port); - bcast->sin_addr = addr->sin_addr; -} - -/* - * Each authentication type is registered here; Validator - * will be called to check all access attempts using - * the specified authentication type - */ - -static ARRAYofARRAY8 AuthenticationNames, AuthenticationDatas; -typedef struct _AuthenticationFuncs { - ValidatorFunc Validator; - GeneratorFunc Generator; - AddAuthorFunc AddAuth; -} AuthenticationFuncsRec, *AuthenticationFuncsPtr; - -static AuthenticationFuncsPtr AuthenticationFuncsList; - -void -XdmcpRegisterAuthentication ( - char *name, - int namelen, - char *data, - int datalen, - ValidatorFunc Validator, - GeneratorFunc Generator, - AddAuthorFunc AddAuth) -{ - int i; - ARRAY8 AuthenticationName, AuthenticationData; - static AuthenticationFuncsPtr newFuncs; - - if (!XdmcpAllocARRAY8 (&AuthenticationName, namelen)) - return; - if (!XdmcpAllocARRAY8 (&AuthenticationData, datalen)) - { - XdmcpDisposeARRAY8 (&AuthenticationName); - return; - } - for (i = 0; i < namelen; i++) - AuthenticationName.data[i] = name[i]; - for (i = 0; i < datalen; i++) - AuthenticationData.data[i] = data[i]; - if (!(XdmcpReallocARRAYofARRAY8 (&AuthenticationNames, - AuthenticationNames.length + 1) && - XdmcpReallocARRAYofARRAY8 (&AuthenticationDatas, - AuthenticationDatas.length + 1) && - (newFuncs = xalloc ((AuthenticationNames.length + 1) * sizeof (AuthenticationFuncsRec))))) - { - XdmcpDisposeARRAY8 (&AuthenticationName); - XdmcpDisposeARRAY8 (&AuthenticationData); - return; - } - for (i = 0; i < AuthenticationNames.length - 1; i++) - newFuncs[i] = AuthenticationFuncsList[i]; - newFuncs[AuthenticationNames.length-1].Validator = Validator; - newFuncs[AuthenticationNames.length-1].Generator = Generator; - newFuncs[AuthenticationNames.length-1].AddAuth = AddAuth; - xfree (AuthenticationFuncsList); - AuthenticationFuncsList = newFuncs; - AuthenticationNames.data[AuthenticationNames.length-1] = AuthenticationName; - AuthenticationDatas.data[AuthenticationDatas.length-1] = AuthenticationData; -} - -/* - * Select the authentication type to be used; this is - * set by the manager of the host to be connected to. - */ - -static ARRAY8 noAuthenticationName = {(CARD16) 0, (CARD8Ptr) 0}; -static ARRAY8 noAuthenticationData = {(CARD16) 0, (CARD8Ptr) 0}; -static ARRAY8Ptr AuthenticationName = &noAuthenticationName; -static ARRAY8Ptr AuthenticationData = &noAuthenticationData; -static AuthenticationFuncsPtr AuthenticationFuncs; - -static void -XdmcpSetAuthentication (ARRAY8Ptr name) -{ - int i; - - for (i = 0; i < AuthenticationNames.length; i++) - if (XdmcpARRAY8Equal (&AuthenticationNames.data[i], name)) - { - AuthenticationName = &AuthenticationNames.data[i]; - AuthenticationData = &AuthenticationDatas.data[i]; - AuthenticationFuncs = &AuthenticationFuncsList[i]; - break; - } -} - -/* - * Register the host address for the display - */ - -static ARRAY16 ConnectionTypes; -static ARRAYofARRAY8 ConnectionAddresses; -static long xdmcpGeneration; - -void -XdmcpRegisterConnection ( - int type, - char *address, - int addrlen) -{ - int i; - CARD8 *newAddress; - - if (xdmcpGeneration != serverGeneration) - { - XdmcpDisposeARRAY16 (&ConnectionTypes); - XdmcpDisposeARRAYofARRAY8 (&ConnectionAddresses); - xdmcpGeneration = serverGeneration; - } - if (xdm_from != NULL) { /* Only register the requested address */ - const void *regAddr = address; - const void *fromAddr = NULL; - int regAddrlen = addrlen; - - if (addrlen == sizeof(struct in_addr)) { - if (SOCKADDR_FAMILY(FromAddress) == AF_INET) { - fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; - } -#if defined(IPv6) && defined(AF_INET6) - else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET6) && - IN6_IS_ADDR_V4MAPPED( - &((struct sockaddr_in6 *)&FromAddress)->sin6_addr)) { - fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr.s6_addr[12]; - } -#endif - } -#if defined(IPv6) && defined(AF_INET6) - else if (addrlen == sizeof(struct in6_addr)) { - if (SOCKADDR_FAMILY(FromAddress) == AF_INET6) { - fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr; - } else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET) && - IN6_IS_ADDR_V4MAPPED((struct in6_addr *) address)) { - fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; - regAddr = &((struct sockaddr_in6 *)&address)->sin6_addr.s6_addr[12]; - regAddrlen = sizeof(struct in_addr); - } - } -#endif - if (fromAddr && memcmp(regAddr, fromAddr, regAddrlen) != 0) { - return; - } - } - if (ConnectionAddresses.length + 1 == 256) - return; - newAddress = xalloc (addrlen * sizeof (CARD8)); - if (!newAddress) - return; - if (!XdmcpReallocARRAY16 (&ConnectionTypes, ConnectionTypes.length + 1)) - { - xfree (newAddress); - return; - } - if (!XdmcpReallocARRAYofARRAY8 (&ConnectionAddresses, - ConnectionAddresses.length + 1)) - { - xfree (newAddress); - return; - } - ConnectionTypes.data[ConnectionTypes.length - 1] = (CARD16) type; - for (i = 0; i < addrlen; i++) - newAddress[i] = address[i]; - ConnectionAddresses.data[ConnectionAddresses.length-1].data = newAddress; - ConnectionAddresses.data[ConnectionAddresses.length-1].length = addrlen; -} - -/* - * Register an Authorization Name. XDMCP advertises this list - * to the manager. - */ - -static ARRAYofARRAY8 AuthorizationNames; - -void -XdmcpRegisterAuthorizations (void) -{ - XdmcpDisposeARRAYofARRAY8 (&AuthorizationNames); - RegisterAuthorizations (); -} - -void -XdmcpRegisterAuthorization (char *name, int namelen) -{ - ARRAY8 authName; - int i; - - authName.data = xalloc (namelen * sizeof (CARD8)); - if (!authName.data) - return; - if (!XdmcpReallocARRAYofARRAY8 (&AuthorizationNames, AuthorizationNames.length +1)) - { - xfree (authName.data); - return; - } - for (i = 0; i < namelen; i++) - authName.data[i] = (CARD8) name[i]; - authName.length = namelen; - AuthorizationNames.data[AuthorizationNames.length-1] = authName; -} - -/* - * Register the DisplayClass string - */ - -static ARRAY8 DisplayClass; - -static void -XdmcpRegisterDisplayClass (char *name, int length) -{ - int i; - - XdmcpDisposeARRAY8 (&DisplayClass); - if (!XdmcpAllocARRAY8 (&DisplayClass, length)) - return; - for (i = 0; i < length; i++) - DisplayClass.data[i] = (CARD8) name[i]; -} - -/* - * initialize XDMCP; create the socket, compute the display - * number, set up the state machine - */ - -void -XdmcpInit(void) -{ - state = XDM_INIT_STATE; -#ifdef HASXDMAUTH - if (xdmAuthCookie) - XdmAuthenticationInit (xdmAuthCookie, strlen (xdmAuthCookie)); -#endif - if (state != XDM_OFF) - { - XdmcpRegisterAuthorizations(); - XdmcpRegisterDisplayClass (defaultDisplayClass, strlen (defaultDisplayClass)); - AccessUsingXdmcp(); - RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler, - (pointer) 0); - timeOutRtx = 0; - DisplayNumber = (CARD16) atoi(display); - get_xdmcp_sock(); - send_packet(); - } -} - -void -XdmcpReset (void) -{ - state = XDM_INIT_STATE; - if (state != XDM_OFF) - { - RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler, - (pointer) 0); - timeOutRtx = 0; - send_packet(); - } -} - -/* - * Called whenever a new connection is created; notices the - * first connection and saves it to terminate the session - * when it is closed - */ - -void -XdmcpOpenDisplay(int sock) -{ - if (state != XDM_AWAIT_MANAGE_RESPONSE) - return; - state = XDM_RUN_SESSION; - sessionSocket = sock; -} - -void -XdmcpCloseDisplay(int sock) -{ - if ((state != XDM_RUN_SESSION && state != XDM_AWAIT_ALIVE_RESPONSE) - || sessionSocket != sock) - return; - state = XDM_INIT_STATE; - if (OneSession) - dispatchException |= DE_TERMINATE; - else - dispatchException |= DE_RESET; - isItTimeToYield = TRUE; -} - -/* - * called before going to sleep, this routine - * may modify the timeout value about to be sent - * to select; in this way XDMCP can do appropriate things - * dynamically while starting up - */ - -/*ARGSUSED*/ -static void -XdmcpBlockHandler( - pointer data, /* unused */ - struct timeval **wt, - pointer pReadmask) -{ - fd_set *LastSelectMask = (fd_set*)pReadmask; - CARD32 millisToGo; - - if (state == XDM_OFF) - return; - FD_SET(xdmcpSocket, LastSelectMask); -#if defined(IPv6) && defined(AF_INET6) - if (xdmcpSocket6 >= 0) - FD_SET(xdmcpSocket6, LastSelectMask); -#endif - if (timeOutTime == 0) - return; - millisToGo = timeOutTime - GetTimeInMillis(); - if ((int) millisToGo < 0) - millisToGo = 0; - AdjustWaitForDelay (wt, millisToGo); -} - -/* - * called after select returns; this routine will - * recognise when XDMCP packets await and - * process them appropriately - */ - -/*ARGSUSED*/ -static void -XdmcpWakeupHandler( - pointer data, /* unused */ - int i, - pointer pReadmask) -{ - fd_set* LastSelectMask = (fd_set*)pReadmask; - fd_set devicesReadable; - - if (state == XDM_OFF) - return; - if (i > 0) - { - if (FD_ISSET(xdmcpSocket, LastSelectMask)) - { - receive_packet(xdmcpSocket); - FD_CLR(xdmcpSocket, LastSelectMask); - } -#if defined(IPv6) && defined(AF_INET6) - if (xdmcpSocket6 >= 0 && FD_ISSET(xdmcpSocket6, LastSelectMask)) - { - receive_packet(xdmcpSocket6); - FD_CLR(xdmcpSocket6, LastSelectMask); - } -#endif - XFD_ANDSET(&devicesReadable, LastSelectMask, &EnabledDevices); - if (XFD_ANYSET(&devicesReadable)) - { - if (state == XDM_AWAIT_USER_INPUT) - restart(); - else if (state == XDM_RUN_SESSION) - keepaliveDormancy = defaultKeepaliveDormancy; - } - if (XFD_ANYSET(&AllClients) && state == XDM_RUN_SESSION) - timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000; - } - else if (timeOutTime && (int) (GetTimeInMillis() - timeOutTime) >= 0) - { - if (state == XDM_RUN_SESSION) - { - state = XDM_KEEPALIVE; - send_packet(); - } - else - timeout(); - } -} - -/* - * This routine should be called from the routine that drives the - * user's host menu when the user selects a host - */ - -static void -XdmcpSelectHost( - struct sockaddr *host_sockaddr, - int host_len, - ARRAY8Ptr AuthenticationName) -{ - state = XDM_START_CONNECTION; - memmove(&req_sockaddr, host_sockaddr, host_len); - req_socklen = host_len; - XdmcpSetAuthentication (AuthenticationName); - send_packet(); -} - -/* - * !!! this routine should be replaced by a routine that adds - * the host to the user's host menu. the current version just - * selects the first host to respond with willing message. - */ - -/*ARGSUSED*/ -static void -XdmcpAddHost( - struct sockaddr *from, - int fromlen, - ARRAY8Ptr AuthenticationName, - ARRAY8Ptr hostname, - ARRAY8Ptr status) -{ - XdmcpSelectHost(from, fromlen, AuthenticationName); -} - -/* - * A message is queued on the socket; read it and - * do the appropriate thing - */ - -static ARRAY8 UnwillingMessage = { (CARD8) 14, (CARD8 *) "Host unwilling" }; - -static void -receive_packet(int socketfd) -{ -#if defined(IPv6) && defined(AF_INET6) - struct sockaddr_storage from; -#else - struct sockaddr_in from; -#endif - int fromlen = sizeof(from); - XdmcpHeader header; - - /* read message off socket */ - if (!XdmcpFill (socketfd, &buffer, (XdmcpNetaddr) &from, &fromlen)) - return; - - /* reset retransmission backoff */ - timeOutRtx = 0; - - if (!XdmcpReadHeader (&buffer, &header)) - return; - - if (header.version != XDM_PROTOCOL_VERSION) - return; - - switch (header.opcode) { - case WILLING: - recv_willing_msg((struct sockaddr *) &from, fromlen, header.length); - break; - case UNWILLING: - XdmcpFatal("Manager unwilling", &UnwillingMessage); - break; - case ACCEPT: - recv_accept_msg(header.length); - break; - case DECLINE: - recv_decline_msg(header.length); - break; - case REFUSE: - recv_refuse_msg(header.length); - break; - case FAILED: - recv_failed_msg(header.length); - break; - case ALIVE: - recv_alive_msg(header.length); - break; - } -} - -/* - * send the appropriate message given the current state - */ - -static void -send_packet(void) -{ - int rtx; - switch (state) { - case XDM_QUERY: - case XDM_BROADCAST: - case XDM_INDIRECT: -#if defined(IPv6) && defined(AF_INET6) - case XDM_MULTICAST: -#endif - send_query_msg(); - break; - case XDM_START_CONNECTION: - send_request_msg(); - break; - case XDM_MANAGE: - send_manage_msg(); - break; - case XDM_KEEPALIVE: - send_keepalive_msg(); - break; - default: - break; - } - rtx = (XDM_MIN_RTX << timeOutRtx); - if (rtx > XDM_MAX_RTX) - rtx = XDM_MAX_RTX; - timeOutTime = GetTimeInMillis() + rtx * 1000; -} - -/* - * The session is declared dead for some reason; too many - * timeouts, or Keepalive failure. - */ - -static void -XdmcpDeadSession (char *reason) -{ - ErrorF ("XDM: %s, declaring session dead\n", reason); - state = XDM_INIT_STATE; - isItTimeToYield = TRUE; - dispatchException |= DE_RESET; - timeOutTime = 0; - timeOutRtx = 0; - send_packet(); -} - -/* - * Timeout waiting for an XDMCP response. - */ - -static void -timeout(void) -{ - timeOutRtx++; - if (state == XDM_AWAIT_ALIVE_RESPONSE && timeOutRtx >= XDM_KA_RTX_LIMIT ) - { - XdmcpDeadSession ("too many keepalive retransmissions"); - return; - } - else if (timeOutRtx >= XDM_RTX_LIMIT) - { - /* Quit if "-once" specified, otherwise reset and try again. */ - if (OneSession) { - dispatchException |= DE_TERMINATE; - ErrorF("XDM: too many retransmissions\n"); - } else { - XdmcpDeadSession("too many retransmissions"); - } - return; - } - -#if defined(IPv6) && defined(AF_INET6) - if (state == XDM_COLLECT_QUERY || state == XDM_COLLECT_INDIRECT_QUERY) { - /* Try next address */ - for (mgrAddr = mgrAddr->ai_next; ; mgrAddr = mgrAddr->ai_next) { - if (mgrAddr == NULL) { - mgrAddr = mgrAddrFirst; - } - if (mgrAddr->ai_family == AF_INET - || mgrAddr->ai_family == AF_INET6) - break; - } -#ifndef SIN6_LEN - ManagerAddressLen = mgrAddr->ai_addrlen; -#endif - memcpy(&ManagerAddress, mgrAddr->ai_addr, mgrAddr->ai_addrlen); - } -#endif - - switch (state) { - case XDM_COLLECT_QUERY: - state = XDM_QUERY; - break; - case XDM_COLLECT_BROADCAST_QUERY: - state = XDM_BROADCAST; - break; -#if defined(IPv6) && defined(AF_INET6) - case XDM_COLLECT_MULTICAST_QUERY: - state = XDM_MULTICAST; - break; -#endif - case XDM_COLLECT_INDIRECT_QUERY: - state = XDM_INDIRECT; - break; - case XDM_AWAIT_REQUEST_RESPONSE: - state = XDM_START_CONNECTION; - break; - case XDM_AWAIT_MANAGE_RESPONSE: - state = XDM_MANAGE; - break; - case XDM_AWAIT_ALIVE_RESPONSE: - state = XDM_KEEPALIVE; - break; - default: - break; - } - send_packet(); -} - -static void -restart(void) -{ - state = XDM_INIT_STATE; - timeOutRtx = 0; - send_packet(); -} - -static int -XdmcpCheckAuthentication (ARRAY8Ptr Name, ARRAY8Ptr Data, int packet_type) -{ - return (XdmcpARRAY8Equal (Name, AuthenticationName) && - (AuthenticationName->length == 0 || - (*AuthenticationFuncs->Validator) (AuthenticationData, Data, packet_type))); -} - -static int -XdmcpAddAuthorization (ARRAY8Ptr name, ARRAY8Ptr data) -{ - AddAuthorFunc AddAuth; - - if (AuthenticationFuncs && AuthenticationFuncs->AddAuth) - AddAuth = AuthenticationFuncs->AddAuth; - else - AddAuth = AddAuthorization; - return (*AddAuth) ((unsigned short)name->length, - (char *)name->data, - (unsigned short)data->length, - (char *)data->data); -} - -/* - * from here to the end of this file are routines private - * to the state machine. - */ - -static void -get_xdmcp_sock(void) -{ -#ifdef STREAMSCONN - struct netconfig *nconf; - - if ((xdmcpSocket = t_open("/dev/udp", O_RDWR, 0)) < 0) { - XdmcpWarning("t_open() of /dev/udp failed"); - return; - } - - if( t_bind(xdmcpSocket,NULL,NULL) < 0 ) { - XdmcpWarning("UDP socket creation failed"); - t_error("t_bind(xdmcpSocket) failed" ); - t_close(xdmcpSocket); - return; - } - - /* - * This part of the code looks contrived. It will actually fit in nicely - * when the CLTS part of Xtrans is implemented. - */ - - if( (nconf=getnetconfigent("udp")) == NULL ) { - XdmcpWarning("UDP socket creation failed: getnetconfigent()"); - t_unbind(xdmcpSocket); - t_close(xdmcpSocket); - return; - } - - if( netdir_options(nconf, ND_SET_BROADCAST, xdmcpSocket, NULL) ) { - XdmcpWarning("UDP set broadcast option failed: netdir_options()"); - freenetconfigent(nconf); - t_unbind(xdmcpSocket); - t_close(xdmcpSocket); - return; - } - - freenetconfigent(nconf); -#else - int soopts = 1; - -#if defined(IPv6) && defined(AF_INET6) - if ((xdmcpSocket6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) - XdmcpWarning("INET6 UDP socket creation failed"); -#endif - if ((xdmcpSocket = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - XdmcpWarning("UDP socket creation failed"); -#ifdef SO_BROADCAST - else if (setsockopt(xdmcpSocket, SOL_SOCKET, SO_BROADCAST, (char *)&soopts, - sizeof(soopts)) < 0) - XdmcpWarning("UDP set broadcast socket-option failed"); -#endif /* SO_BROADCAST */ - if (xdmcpSocket >= 0 && xdm_from != NULL) { - if (bind(xdmcpSocket, (struct sockaddr *)&FromAddress, - FromAddressLen) < 0) { - FatalError("Xserver: failed to bind to -from address: %s\n", xdm_from); - } - } -#endif /* STREAMSCONN */ -} - -static void -send_query_msg(void) -{ - XdmcpHeader header; - Bool broadcast = FALSE; -#if defined(IPv6) && defined(AF_INET6) - Bool multicast = FALSE; -#endif - int i; - int socketfd = xdmcpSocket; - - header.version = XDM_PROTOCOL_VERSION; - switch(state){ - case XDM_QUERY: - header.opcode = (CARD16) QUERY; - state = XDM_COLLECT_QUERY; - break; - case XDM_BROADCAST: - header.opcode = (CARD16) BROADCAST_QUERY; - state = XDM_COLLECT_BROADCAST_QUERY; - broadcast = TRUE; - break; -#if defined(IPv6) && defined(AF_INET6) - case XDM_MULTICAST: - header.opcode = (CARD16) BROADCAST_QUERY; - state = XDM_COLLECT_MULTICAST_QUERY; - multicast = TRUE; - break; -#endif - case XDM_INDIRECT: - header.opcode = (CARD16) INDIRECT_QUERY; - state = XDM_COLLECT_INDIRECT_QUERY; - break; - default: - break; - } - header.length = 1; - for (i = 0; i < AuthenticationNames.length; i++) - header.length += 2 + AuthenticationNames.data[i].length; - - XdmcpWriteHeader (&buffer, &header); - XdmcpWriteARRAYofARRAY8 (&buffer, &AuthenticationNames); - if (broadcast) - { - int i; - - for (i = 0; i < NumBroadcastAddresses; i++) - XdmcpFlush (xdmcpSocket, &buffer, (XdmcpNetaddr) &BroadcastAddresses[i], - sizeof (struct sockaddr_in)); - } -#if defined(IPv6) && defined(AF_INET6) - else if (multicast) - { - struct multicastinfo *mcl; - struct addrinfo *ai; - - for (mcl = mcastlist; mcl != NULL; mcl = mcl->next) { - for (ai = mcl->ai ; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family == AF_INET) { - unsigned char hopflag = (unsigned char) mcl->hops; - socketfd = xdmcpSocket; - setsockopt(socketfd, IPPROTO_IP, IP_MULTICAST_TTL, - &hopflag, sizeof(hopflag)); - } else if (ai->ai_family == AF_INET6) { - int hopflag6 = mcl->hops; - socketfd = xdmcpSocket6; - setsockopt(socketfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, - &hopflag6, sizeof(hopflag6)); - } else { - continue; - } - XdmcpFlush (socketfd, &buffer, - (XdmcpNetaddr) ai->ai_addr, ai->ai_addrlen); - break; - } - } - } -#endif - else - { -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(ManagerAddress) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &ManagerAddress, - ManagerAddressLen); - } -} - -static void -recv_willing_msg( - struct sockaddr *from, - int fromlen, - unsigned length) -{ - ARRAY8 authenticationName; - ARRAY8 hostname; - ARRAY8 status; - - authenticationName.data = 0; - hostname.data = 0; - status.data = 0; - if (XdmcpReadARRAY8 (&buffer, &authenticationName) && - XdmcpReadARRAY8 (&buffer, &hostname) && - XdmcpReadARRAY8 (&buffer, &status)) - { - if (length == 6 + authenticationName.length + - hostname.length + status.length) - { - switch (state) - { - case XDM_COLLECT_QUERY: - XdmcpSelectHost(from, fromlen, &authenticationName); - break; - case XDM_COLLECT_BROADCAST_QUERY: -#if defined(IPv6) && defined(AF_INET6) - case XDM_COLLECT_MULTICAST_QUERY: -#endif - case XDM_COLLECT_INDIRECT_QUERY: - XdmcpAddHost(from, fromlen, &authenticationName, &hostname, &status); - break; - default: - break; - } - } - } - XdmcpDisposeARRAY8 (&authenticationName); - XdmcpDisposeARRAY8 (&hostname); - XdmcpDisposeARRAY8 (&status); -} - -static void -send_request_msg(void) -{ - XdmcpHeader header; - int length; - int i; - CARD16 XdmcpConnectionType; - ARRAY8 authenticationData; - int socketfd = xdmcpSocket; - - switch (SOCKADDR_FAMILY(ManagerAddress)) - { - case AF_INET: XdmcpConnectionType=FamilyInternet; break; -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: XdmcpConnectionType=FamilyInternet6; break; -#endif - default: XdmcpConnectionType=0xffff; break; - } - - header.version = XDM_PROTOCOL_VERSION; - header.opcode = (CARD16) REQUEST; - - length = 2; /* display number */ - length += 1 + 2 * ConnectionTypes.length; /* connection types */ - length += 1; /* connection addresses */ - for (i = 0; i < ConnectionAddresses.length; i++) - length += 2 + ConnectionAddresses.data[i].length; - authenticationData.length = 0; - authenticationData.data = 0; - if (AuthenticationFuncs) - { - (*AuthenticationFuncs->Generator) (AuthenticationData, - &authenticationData, - REQUEST); - } - length += 2 + AuthenticationName->length; /* authentication name */ - length += 2 + authenticationData.length; /* authentication data */ - length += 1; /* authorization names */ - for (i = 0; i < AuthorizationNames.length; i++) - length += 2 + AuthorizationNames.data[i].length; - length += 2 + ManufacturerDisplayID.length; /* display ID */ - header.length = length; - - if (!XdmcpWriteHeader (&buffer, &header)) - { - XdmcpDisposeARRAY8 (&authenticationData); - return; - } - XdmcpWriteCARD16 (&buffer, DisplayNumber); - XdmcpWriteCARD8 (&buffer, ConnectionTypes.length); - - /* The connection array is send reordered, so that connections of */ - /* the same address type as the XDMCP manager connection are send */ - /* first. This works around a bug in xdm. mario@klebsch.de */ - for (i = 0; i < (int)ConnectionTypes.length; i++) - if (ConnectionTypes.data[i]==XdmcpConnectionType) - XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]); - for (i = 0; i < (int)ConnectionTypes.length; i++) - if (ConnectionTypes.data[i]!=XdmcpConnectionType) - XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]); - - XdmcpWriteCARD8 (&buffer, ConnectionAddresses.length); - for (i = 0; i < (int)ConnectionAddresses.length; i++) - if ( (i<ConnectionTypes.length) && - (ConnectionTypes.data[i]==XdmcpConnectionType) ) - XdmcpWriteARRAY8 (&buffer, &ConnectionAddresses.data[i]); - for (i = 0; i < (int)ConnectionAddresses.length; i++) - if ( (i>=ConnectionTypes.length) || - (ConnectionTypes.data[i]!=XdmcpConnectionType) ) - XdmcpWriteARRAY8 (&buffer, &ConnectionAddresses.data[i]); - - XdmcpWriteARRAY8 (&buffer, AuthenticationName); - XdmcpWriteARRAY8 (&buffer, &authenticationData); - XdmcpDisposeARRAY8 (&authenticationData); - XdmcpWriteARRAYofARRAY8 (&buffer, &AuthorizationNames); - XdmcpWriteARRAY8 (&buffer, &ManufacturerDisplayID); -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - if (XdmcpFlush (socketfd, &buffer, - (XdmcpNetaddr) &req_sockaddr, req_socklen)) - state = XDM_AWAIT_REQUEST_RESPONSE; -} - -static void -recv_accept_msg(unsigned length) -{ - CARD32 AcceptSessionID; - ARRAY8 AcceptAuthenticationName, AcceptAuthenticationData; - ARRAY8 AcceptAuthorizationName, AcceptAuthorizationData; - - if (state != XDM_AWAIT_REQUEST_RESPONSE) - return; - AcceptAuthenticationName.data = 0; - AcceptAuthenticationData.data = 0; - AcceptAuthorizationName.data = 0; - AcceptAuthorizationData.data = 0; - if (XdmcpReadCARD32 (&buffer, &AcceptSessionID) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationName) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationData) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationName) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationData)) - { - if (length == 12 + AcceptAuthenticationName.length + - AcceptAuthenticationData.length + - AcceptAuthorizationName.length + - AcceptAuthorizationData.length) - { - if (!XdmcpCheckAuthentication (&AcceptAuthenticationName, - &AcceptAuthenticationData, ACCEPT)) - { - XdmcpFatal ("Authentication Failure", &AcceptAuthenticationName); - } - /* permit access control manipulations from this host */ - AugmentSelf (&req_sockaddr, req_socklen); - /* if the authorization specified in the packet fails - * to be acceptable, enable the local addresses - */ - if (!XdmcpAddAuthorization (&AcceptAuthorizationName, - &AcceptAuthorizationData)) - { - AddLocalHosts (); - } - SessionID = AcceptSessionID; - state = XDM_MANAGE; - send_packet(); - } - } - XdmcpDisposeARRAY8 (&AcceptAuthenticationName); - XdmcpDisposeARRAY8 (&AcceptAuthenticationData); - XdmcpDisposeARRAY8 (&AcceptAuthorizationName); - XdmcpDisposeARRAY8 (&AcceptAuthorizationData); -} - -static void -recv_decline_msg(unsigned length) -{ - ARRAY8 status, DeclineAuthenticationName, DeclineAuthenticationData; - - status.data = 0; - DeclineAuthenticationName.data = 0; - DeclineAuthenticationData.data = 0; - if (XdmcpReadARRAY8 (&buffer, &status) && - XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationName) && - XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationData)) - { - if (length == 6 + status.length + - DeclineAuthenticationName.length + - DeclineAuthenticationData.length && - XdmcpCheckAuthentication (&DeclineAuthenticationName, - &DeclineAuthenticationData, DECLINE)) - { - XdmcpFatal ("Session declined", &status); - } - } - XdmcpDisposeARRAY8 (&status); - XdmcpDisposeARRAY8 (&DeclineAuthenticationName); - XdmcpDisposeARRAY8 (&DeclineAuthenticationData); -} - -static void -send_manage_msg(void) -{ - XdmcpHeader header; - int socketfd = xdmcpSocket; - - header.version = XDM_PROTOCOL_VERSION; - header.opcode = (CARD16) MANAGE; - header.length = 8 + DisplayClass.length; - - if (!XdmcpWriteHeader (&buffer, &header)) - return; - XdmcpWriteCARD32 (&buffer, SessionID); - XdmcpWriteCARD16 (&buffer, DisplayNumber); - XdmcpWriteARRAY8 (&buffer, &DisplayClass); - state = XDM_AWAIT_MANAGE_RESPONSE; -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen); -} - -static void -recv_refuse_msg(unsigned length) -{ - CARD32 RefusedSessionID; - - if (state != XDM_AWAIT_MANAGE_RESPONSE) - return; - if (length != 4) - return; - if (XdmcpReadCARD32 (&buffer, &RefusedSessionID)) - { - if (RefusedSessionID == SessionID) - { - state = XDM_START_CONNECTION; - send_packet(); - } - } -} - -static void -recv_failed_msg(unsigned length) -{ - CARD32 FailedSessionID; - ARRAY8 status; - - if (state != XDM_AWAIT_MANAGE_RESPONSE) - return; - status.data = 0; - if (XdmcpReadCARD32 (&buffer, &FailedSessionID) && - XdmcpReadARRAY8 (&buffer, &status)) - { - if (length == 6 + status.length && - SessionID == FailedSessionID) - { - XdmcpFatal ("Session failed", &status); - } - } - XdmcpDisposeARRAY8 (&status); -} - -static void -send_keepalive_msg(void) -{ - XdmcpHeader header; - int socketfd = xdmcpSocket; - - header.version = XDM_PROTOCOL_VERSION; - header.opcode = (CARD16) KEEPALIVE; - header.length = 6; - - XdmcpWriteHeader (&buffer, &header); - XdmcpWriteCARD16 (&buffer, DisplayNumber); - XdmcpWriteCARD32 (&buffer, SessionID); - - state = XDM_AWAIT_ALIVE_RESPONSE; -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen); -} - -static void -recv_alive_msg (unsigned length) -{ - CARD8 SessionRunning; - CARD32 AliveSessionID; - - if (state != XDM_AWAIT_ALIVE_RESPONSE) - return; - if (length != 5) - return; - if (XdmcpReadCARD8 (&buffer, &SessionRunning) && - XdmcpReadCARD32 (&buffer, &AliveSessionID)) - { - if (SessionRunning && AliveSessionID == SessionID) - { - /* backoff dormancy period */ - state = XDM_RUN_SESSION; - if ((GetTimeInMillis() - lastDeviceEventTime.milliseconds) > - keepaliveDormancy * 1000) - { - keepaliveDormancy <<= 1; - if (keepaliveDormancy > XDM_MAX_DORMANCY) - keepaliveDormancy = XDM_MAX_DORMANCY; - } - timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000; - } - else - { - XdmcpDeadSession ("Alive response indicates session dead"); - } - } -} - -static void -XdmcpFatal ( - char *type, - ARRAY8Ptr status) -{ - FatalError ("XDMCP fatal error: %s %*.*s\n", type, - status->length, status->length, status->data); -} - -static void -XdmcpWarning(char *str) -{ - ErrorF("XDMCP warning: %s\n", str); -} - -static void -get_addr_by_name( - char * argtype, - char * namestr, - int port, - int socktype, - SOCKADDR_TYPE *addr, - SOCKLEN_TYPE *addrlen -#if defined(IPv6) && defined(AF_INET6) - , - struct addrinfo **aip, - struct addrinfo **aifirstp -#endif - ) -{ -#if defined(IPv6) && defined(AF_INET6) - struct addrinfo *ai; - struct addrinfo hints; - char portstr[6]; - char *pport = portstr; - int gaierr; - - bzero(&hints, sizeof(hints)); - hints.ai_socktype = socktype; - - if (port == 0) { - pport = NULL; - } else if (port > 0 && port < 65535) { - sprintf(portstr, "%d", port); - } else { - FatalError("Xserver: port out of range: %d\n", port); - } - - if (*aifirstp != NULL) { - freeaddrinfo(*aifirstp); - *aifirstp = NULL; - } - - if ((gaierr = getaddrinfo(namestr, pport, &hints, aifirstp)) == 0) { - for (ai = *aifirstp; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family == AF_INET || ai->ai_family == AF_INET6) - break; - } - if ((ai == NULL) || (ai->ai_addrlen > sizeof(SOCKADDR_TYPE))) { - FatalError ("Xserver: %s host %s not on supported network type\n", - argtype, namestr); - } else { - *aip = ai; - *addrlen = ai->ai_addrlen; - memcpy(addr, ai->ai_addr, ai->ai_addrlen); - } - } else { - FatalError("Xserver: %s: %s %s\n", gai_strerror(gaierr), argtype, namestr); - } -#else - struct hostent *hep; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif -#if defined(WIN32) && (defined(TCPCONN) || defined(DNETCONN)) - _XSERVTransWSAStartup(); -#endif - if (!(hep = _XGethostbyname(namestr, hparams))) - { - FatalError("Xserver: %s unknown host: %s\n", argtype, namestr); - } - if (hep->h_length == sizeof (struct in_addr)) - { - memmove(&addr->sin_addr, hep->h_addr, hep->h_length); - *addrlen = sizeof(struct sockaddr_in); - addr->sin_family = AF_INET; - addr->sin_port = htons (port); - } - else - { - FatalError("Xserver: %s host on strange network %s\n", argtype, namestr); - } -#endif -} - -static void -get_manager_by_name( - int argc, - char **argv, - int i) -{ - - if ((i + 1) == argc) - { - FatalError("Xserver: missing %s host name in command line\n", argv[i]); - } - - get_addr_by_name(argv[i], argv[i+1], xdm_udp_port, SOCK_DGRAM, - &ManagerAddress, &ManagerAddressLen -#if defined(IPv6) && defined(AF_INET6) - , &mgrAddr, &mgrAddrFirst -#endif - ); -} - - -static void -get_fromaddr_by_name( - int argc, - char **argv, - int i) -{ -#if defined(IPv6) && defined(AF_INET6) - struct addrinfo *ai = NULL; - struct addrinfo *aifirst = NULL; -#endif - if (i == argc) - { - FatalError("Xserver: missing -from host name in command line\n"); - } - get_addr_by_name("-from", argv[i], 0, 0, &FromAddress, &FromAddressLen -#if defined(IPv6) && defined(AF_INET6) - , &ai, &aifirst -#endif - ); -#if defined(IPv6) && defined(AF_INET6) - if (aifirst != NULL) - freeaddrinfo(aifirst); -#endif - xdm_from = argv[i]; -} - - -#if defined(IPv6) && defined(AF_INET6) -static int -get_mcast_options(int argc, char **argv, int i) -{ - char *address = XDM_DEFAULT_MCAST_ADDR6; - int hopcount = 1; - struct addrinfo hints; - char portstr[6]; - int gaierr; - struct addrinfo *ai, *firstai; - - if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) { - address = argv[i++]; - if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) { - hopcount = strtol(argv[i++], NULL, 10); - if ((hopcount < 1) || (hopcount > 255)) { - FatalError("Xserver: multicast hop count out of range: %d\n", - hopcount); - } - } - } - - if (xdm_udp_port > 0 && xdm_udp_port < 65535) { - sprintf(portstr, "%d", xdm_udp_port); - } else { - FatalError("Xserver: port out of range: %d\n", xdm_udp_port); - } - bzero(&hints, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; - - if ((gaierr = getaddrinfo(address, portstr, &hints, &firstai)) == 0) { - for (ai = firstai; ai != NULL; ai = ai->ai_next) { - if (((ai->ai_family == AF_INET) && - IN_MULTICAST(((struct sockaddr_in *) ai->ai_addr) - ->sin_addr.s_addr)) - || ((ai->ai_family == AF_INET6) && - IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *) ai->ai_addr) - ->sin6_addr))) - break; - } - if (ai == NULL) { - FatalError ("Xserver: address not supported multicast type %s\n", - address); - } else { - struct multicastinfo *mcastinfo, *mcl; - - mcastinfo = malloc(sizeof(struct multicastinfo)); - mcastinfo->next = NULL; - mcastinfo->ai = firstai; - mcastinfo->hops = hopcount; - - if (mcastlist == NULL) { - mcastlist = mcastinfo; - } else { - for (mcl = mcastlist; mcl->next != NULL; mcl = mcl->next) { - /* Do nothing - just find end of list */ - } - mcl->next = mcastinfo; - } - } - } else { - FatalError("Xserver: %s: %s\n", gai_strerror(gaierr), address); - } - return i; -} -#endif - -#else -static int xdmcp_non_empty; /* avoid complaint by ranlib */ -#endif /* XDMCP */ +/*
+ * Copyright 1989 Network Computing Devices, Inc., Mountain View, California.
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of N.C.D. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission. N.C.D. makes no representations about the
+ * suitability of this software for any purpose. It is provided "as is"
+ * without express or implied warranty.
+ *
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#ifdef WIN32
+#include <X11/Xwinsock.h>
+#endif
+
+#include <X11/Xos.h>
+
+#if !defined(WIN32)
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <X11/X.h>
+#include <X11/Xmd.h>
+#include "misc.h"
+#include <X11/Xpoll.h>
+#include "osdep.h"
+#include "input.h"
+#include "dixstruct.h"
+#include "opaque.h"
+#include "site.h"
+
+#ifdef STREAMSCONN
+#include <tiuser.h>
+#include <netconfig.h>
+#include <netdir.h>
+#endif
+
+#ifdef XDMCP
+#undef REQUEST
+
+#ifdef XDMCP_NO_IPV6
+#undef IPv6
+#endif
+
+#include <X11/Xdmcp.h>
+
+#define X_INCLUDE_NETDB_H
+#include <X11/Xos_r.h>
+
+static char *defaultDisplayClass = COMPILEDDISPLAYCLASS;
+
+static int xdmcpSocket, sessionSocket;
+static xdmcp_states state;
+#if defined(IPv6) && defined(AF_INET6)
+static int xdmcpSocket6;
+static struct sockaddr_storage req_sockaddr;
+#else
+static struct sockaddr_in req_sockaddr;
+#endif
+static int req_socklen;
+static CARD32 SessionID;
+static CARD32 timeOutTime;
+static int timeOutRtx;
+static CARD32 defaultKeepaliveDormancy = XDM_DEF_DORMANCY;
+static CARD32 keepaliveDormancy = XDM_DEF_DORMANCY;
+static CARD16 DisplayNumber;
+static xdmcp_states XDM_INIT_STATE = XDM_OFF;
+#ifdef HASXDMAUTH
+static char *xdmAuthCookie;
+#endif
+
+static XdmcpBuffer buffer;
+
+#if defined(IPv6) && defined(AF_INET6)
+
+static struct addrinfo *mgrAddr;
+static struct addrinfo *mgrAddrFirst;
+
+#define SOCKADDR_TYPE struct sockaddr_storage
+#define SOCKADDR_FAMILY(s) ((struct sockaddr *)&(s))->sa_family
+
+#ifdef BSD44SOCKETS
+#define SOCKLEN_FIELD(s) ((struct sockaddr *)&(s))->sa_len
+#define SOCKLEN_TYPE unsigned char
+#else
+#define SOCKLEN_TYPE unsigned int
+#endif
+
+#else
+
+#define SOCKADDR_TYPE struct sockaddr_in
+#define SOCKADDR_FAMILY(s) (s).sin_family
+
+#ifdef BSD44SOCKETS
+#define SOCKLEN_FIELD(s) (s).sin_len
+#define SOCKLEN_TYPE unsigned char
+#else
+#define SOCKLEN_TYPE size_t
+#endif
+
+#endif
+
+static SOCKADDR_TYPE ManagerAddress;
+static SOCKADDR_TYPE FromAddress;
+
+#ifdef SOCKLEN_FIELD
+#define ManagerAddressLen SOCKLEN_FIELD(ManagerAddress)
+#define FromAddressLen SOCKLEN_FIELD(FromAddress)
+#else
+static SOCKLEN_TYPE ManagerAddressLen, FromAddressLen;
+#endif
+
+#if defined(IPv6) && defined(AF_INET6)
+static struct multicastinfo {
+ struct multicastinfo *next;
+ struct addrinfo *ai;
+ int hops;
+} *mcastlist;
+#endif
+
+static void XdmcpAddHost(
+ const struct sockaddr *from,
+ int fromlen,
+ ARRAY8Ptr AuthenticationName,
+ ARRAY8Ptr hostname,
+ ARRAY8Ptr status);
+
+static void XdmcpSelectHost(
+ const struct sockaddr *host_sockaddr,
+ int host_len,
+ ARRAY8Ptr AuthenticationName);
+
+static void get_xdmcp_sock(void);
+
+static void send_query_msg(void);
+
+static void recv_willing_msg(
+ struct sockaddr * /*from*/,
+ int /*fromlen*/,
+ unsigned /*length*/);
+
+static void send_request_msg(void);
+
+static void recv_accept_msg(unsigned /*length*/);
+
+static void recv_decline_msg(unsigned /*length*/);
+
+static void send_manage_msg(void);
+
+static void recv_refuse_msg(unsigned /*length*/);
+
+static void recv_failed_msg(unsigned /*length*/);
+
+static void send_keepalive_msg(void);
+
+static void recv_alive_msg(unsigned /*length*/);
+
+static void XdmcpFatal(
+ const char * /*type*/,
+ ARRAY8Ptr /*status*/);
+
+static void XdmcpWarning(const char * /*str*/);
+
+static void get_manager_by_name(
+ int /*argc*/,
+ char ** /*argv*/,
+ int /*i*/);
+
+static void get_fromaddr_by_name(int /*argc*/, char ** /*argv*/, int /*i*/);
+
+#if defined(IPv6) && defined(AF_INET6)
+static int get_mcast_options(int /*argc*/, char ** /*argv*/, int /*i*/);
+#endif
+
+static void receive_packet(int /*socketfd*/);
+
+static void send_packet(void);
+
+static void timeout(void);
+
+static void restart(void);
+
+static void XdmcpBlockHandler(
+ pointer /*data*/,
+ struct timeval ** /*wt*/,
+ pointer /*LastSelectMask*/);
+
+static void XdmcpWakeupHandler(
+ pointer /*data*/,
+ int /*i*/,
+ pointer /*LastSelectMask*/);
+
+#define XSERV_t
+#define TRANS_SERVER
+#define TRANS_REOPEN
+#include <X11/Xtrans/Xtrans.h>
+
+/*
+ * Register the Manufacturer display ID
+ */
+
+static ARRAY8 ManufacturerDisplayID;
+
+static void
+XdmcpRegisterManufacturerDisplayID (const char *name, int length)
+{
+ int i;
+
+ XdmcpDisposeARRAY8 (&ManufacturerDisplayID);
+ if (!XdmcpAllocARRAY8 (&ManufacturerDisplayID, length))
+ return;
+ for (i = 0; i < length; i++)
+ ManufacturerDisplayID.data[i] = (CARD8) name[i];
+}
+
+static unsigned short xdm_udp_port = XDM_UDP_PORT;
+static Bool OneSession = FALSE;
+static const char *xdm_from = NULL;
+
+void
+XdmcpUseMsg (void)
+{
+ ErrorF("-query host-name contact named host for XDMCP\n");
+ ErrorF("-broadcast broadcast for XDMCP\n");
+#if defined(IPv6) && defined(AF_INET6)
+ ErrorF("-multicast [addr [hops]] IPv6 multicast for XDMCP\n");
+#endif
+ ErrorF("-indirect host-name contact named host for indirect XDMCP\n");
+ ErrorF("-port port-num UDP port number to send messages to\n");
+ ErrorF("-from local-address specify the local address to connect from\n");
+ ErrorF("-once Terminate server after one session\n");
+ ErrorF("-class display-class specify display class to send in manage\n");
+#ifdef HASXDMAUTH
+ ErrorF("-cookie xdm-auth-bits specify the magic cookie for XDMCP\n");
+#endif
+ ErrorF("-displayID display-id manufacturer display ID for request\n");
+}
+
+int
+XdmcpOptions(int argc, char **argv, int i)
+{
+ if (strcmp(argv[i], "-query") == 0) {
+ get_manager_by_name(argc, argv, i++);
+ XDM_INIT_STATE = XDM_QUERY;
+ AccessUsingXdmcp ();
+ return (i + 1);
+ }
+ if (strcmp(argv[i], "-broadcast") == 0) {
+ XDM_INIT_STATE = XDM_BROADCAST;
+ AccessUsingXdmcp ();
+ return (i + 1);
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ if (strcmp(argv[i], "-multicast") == 0) {
+ i = get_mcast_options(argc, argv, ++i);
+ XDM_INIT_STATE = XDM_MULTICAST;
+ AccessUsingXdmcp ();
+ return (i + 1);
+ }
+#endif
+ if (strcmp(argv[i], "-indirect") == 0) {
+ get_manager_by_name(argc, argv, i++);
+ XDM_INIT_STATE = XDM_INDIRECT;
+ AccessUsingXdmcp ();
+ return (i + 1);
+ }
+ if (strcmp(argv[i], "-port") == 0) {
+ if (++i == argc) {
+ FatalError("Xserver: missing port number in command line\n");
+ }
+ xdm_udp_port = (unsigned short) atoi(argv[i]);
+ return (i + 1);
+ }
+ if (strcmp(argv[i], "-from") == 0) {
+ get_fromaddr_by_name(argc, argv, ++i);
+ return (i + 1);
+ }
+ if (strcmp(argv[i], "-once") == 0) {
+ OneSession = TRUE;
+ return (i + 1);
+ }
+ if (strcmp(argv[i], "-class") == 0) {
+ if (++i == argc) {
+ FatalError("Xserver: missing class name in command line\n");
+ }
+ defaultDisplayClass = argv[i];
+ return (i + 1);
+ }
+#ifdef HASXDMAUTH
+ if (strcmp(argv[i], "-cookie") == 0) {
+ if (++i == argc) {
+ FatalError("Xserver: missing cookie data in command line\n");
+ }
+ xdmAuthCookie = argv[i];
+ return (i + 1);
+ }
+#endif
+ if (strcmp(argv[i], "-displayID") == 0) {
+ if (++i == argc) {
+ FatalError("Xserver: missing displayID in command line\n");
+ }
+ XdmcpRegisterManufacturerDisplayID (argv[i], strlen (argv[i]));
+ return (i + 1);
+ }
+ return (i);
+}
+
+/*
+ * This section is a collection of routines for
+ * registering server-specific data with the XDMCP
+ * state machine.
+ */
+
+
+/*
+ * Save all broadcast addresses away so BroadcastQuery
+ * packets get sent everywhere
+ */
+
+#define MAX_BROADCAST 10
+
+/* This stays sockaddr_in since IPv6 doesn't support broadcast */
+static struct sockaddr_in BroadcastAddresses[MAX_BROADCAST];
+static int NumBroadcastAddresses;
+
+void
+XdmcpRegisterBroadcastAddress (const struct sockaddr_in *addr)
+{
+ struct sockaddr_in *bcast;
+ if (NumBroadcastAddresses >= MAX_BROADCAST)
+ return;
+ bcast = &BroadcastAddresses[NumBroadcastAddresses++];
+ bzero (bcast, sizeof (struct sockaddr_in));
+#ifdef BSD44SOCKETS
+ bcast->sin_len = addr->sin_len;
+#endif
+ bcast->sin_family = addr->sin_family;
+ bcast->sin_port = htons (xdm_udp_port);
+ bcast->sin_addr = addr->sin_addr;
+}
+
+/*
+ * Each authentication type is registered here; Validator
+ * will be called to check all access attempts using
+ * the specified authentication type
+ */
+
+static ARRAYofARRAY8 AuthenticationNames, AuthenticationDatas;
+typedef struct _AuthenticationFuncs {
+ ValidatorFunc Validator;
+ GeneratorFunc Generator;
+ AddAuthorFunc AddAuth;
+} AuthenticationFuncsRec, *AuthenticationFuncsPtr;
+
+static AuthenticationFuncsPtr AuthenticationFuncsList;
+
+void
+XdmcpRegisterAuthentication (
+ const char *name,
+ int namelen,
+ const char *data,
+ int datalen,
+ ValidatorFunc Validator,
+ GeneratorFunc Generator,
+ AddAuthorFunc AddAuth)
+{
+ int i;
+ ARRAY8 AuthenticationName, AuthenticationData;
+ static AuthenticationFuncsPtr newFuncs;
+
+ if (!XdmcpAllocARRAY8 (&AuthenticationName, namelen))
+ return;
+ if (!XdmcpAllocARRAY8 (&AuthenticationData, datalen))
+ {
+ XdmcpDisposeARRAY8 (&AuthenticationName);
+ return;
+ }
+ for (i = 0; i < namelen; i++)
+ AuthenticationName.data[i] = name[i];
+ for (i = 0; i < datalen; i++)
+ AuthenticationData.data[i] = data[i];
+ if (!(XdmcpReallocARRAYofARRAY8 (&AuthenticationNames,
+ AuthenticationNames.length + 1) &&
+ XdmcpReallocARRAYofARRAY8 (&AuthenticationDatas,
+ AuthenticationDatas.length + 1) &&
+ (newFuncs = xalloc ((AuthenticationNames.length + 1) * sizeof (AuthenticationFuncsRec)))))
+ {
+ XdmcpDisposeARRAY8 (&AuthenticationName);
+ XdmcpDisposeARRAY8 (&AuthenticationData);
+ return;
+ }
+ for (i = 0; i < AuthenticationNames.length - 1; i++)
+ newFuncs[i] = AuthenticationFuncsList[i];
+ newFuncs[AuthenticationNames.length-1].Validator = Validator;
+ newFuncs[AuthenticationNames.length-1].Generator = Generator;
+ newFuncs[AuthenticationNames.length-1].AddAuth = AddAuth;
+ xfree (AuthenticationFuncsList);
+ AuthenticationFuncsList = newFuncs;
+ AuthenticationNames.data[AuthenticationNames.length-1] = AuthenticationName;
+ AuthenticationDatas.data[AuthenticationDatas.length-1] = AuthenticationData;
+}
+
+/*
+ * Select the authentication type to be used; this is
+ * set by the manager of the host to be connected to.
+ */
+
+static ARRAY8 noAuthenticationName = {(CARD16) 0, (CARD8Ptr) 0};
+static ARRAY8 noAuthenticationData = {(CARD16) 0, (CARD8Ptr) 0};
+static ARRAY8Ptr AuthenticationName = &noAuthenticationName;
+static ARRAY8Ptr AuthenticationData = &noAuthenticationData;
+static AuthenticationFuncsPtr AuthenticationFuncs;
+
+static void
+XdmcpSetAuthentication (const ARRAY8Ptr name)
+{
+ int i;
+
+ for (i = 0; i < AuthenticationNames.length; i++)
+ if (XdmcpARRAY8Equal (&AuthenticationNames.data[i], name))
+ {
+ AuthenticationName = &AuthenticationNames.data[i];
+ AuthenticationData = &AuthenticationDatas.data[i];
+ AuthenticationFuncs = &AuthenticationFuncsList[i];
+ break;
+ }
+}
+
+/*
+ * Register the host address for the display
+ */
+
+static ARRAY16 ConnectionTypes;
+static ARRAYofARRAY8 ConnectionAddresses;
+static long xdmcpGeneration;
+
+void
+XdmcpRegisterConnection (
+ int type,
+ const char *address,
+ int addrlen)
+{
+ int i;
+ CARD8 *newAddress;
+
+ if (xdmcpGeneration != serverGeneration)
+ {
+ XdmcpDisposeARRAY16 (&ConnectionTypes);
+ XdmcpDisposeARRAYofARRAY8 (&ConnectionAddresses);
+ xdmcpGeneration = serverGeneration;
+ }
+ if (xdm_from != NULL) { /* Only register the requested address */
+ const void *regAddr = address;
+ const void *fromAddr = NULL;
+ int regAddrlen = addrlen;
+
+ if (addrlen == sizeof(struct in_addr)) {
+ if (SOCKADDR_FAMILY(FromAddress) == AF_INET) {
+ fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr;
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET6) &&
+ IN6_IS_ADDR_V4MAPPED(
+ &((struct sockaddr_in6 *)&FromAddress)->sin6_addr)) {
+ fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr.s6_addr[12];
+ }
+#endif
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ else if (addrlen == sizeof(struct in6_addr)) {
+ if (SOCKADDR_FAMILY(FromAddress) == AF_INET6) {
+ fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr;
+ } else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET) &&
+ IN6_IS_ADDR_V4MAPPED((struct in6_addr *) address)) {
+ fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr;
+ regAddr = &((struct sockaddr_in6 *)&address)->sin6_addr.s6_addr[12];
+ regAddrlen = sizeof(struct in_addr);
+ }
+ }
+#endif
+ if (fromAddr && memcmp(regAddr, fromAddr, regAddrlen) != 0) {
+ return;
+ }
+ }
+ if (ConnectionAddresses.length + 1 == 256)
+ return;
+ newAddress = xalloc (addrlen * sizeof (CARD8));
+ if (!newAddress)
+ return;
+ if (!XdmcpReallocARRAY16 (&ConnectionTypes, ConnectionTypes.length + 1))
+ {
+ xfree (newAddress);
+ return;
+ }
+ if (!XdmcpReallocARRAYofARRAY8 (&ConnectionAddresses,
+ ConnectionAddresses.length + 1))
+ {
+ xfree (newAddress);
+ return;
+ }
+ ConnectionTypes.data[ConnectionTypes.length - 1] = (CARD16) type;
+ for (i = 0; i < addrlen; i++)
+ newAddress[i] = address[i];
+ ConnectionAddresses.data[ConnectionAddresses.length-1].data = newAddress;
+ ConnectionAddresses.data[ConnectionAddresses.length-1].length = addrlen;
+}
+
+/*
+ * Register an Authorization Name. XDMCP advertises this list
+ * to the manager.
+ */
+
+static ARRAYofARRAY8 AuthorizationNames;
+
+void
+XdmcpRegisterAuthorizations (void)
+{
+ XdmcpDisposeARRAYofARRAY8 (&AuthorizationNames);
+ RegisterAuthorizations ();
+}
+
+void
+XdmcpRegisterAuthorization (const char *name, int namelen)
+{
+ ARRAY8 authName;
+ int i;
+
+ authName.data = xalloc (namelen * sizeof (CARD8));
+ if (!authName.data)
+ return;
+ if (!XdmcpReallocARRAYofARRAY8 (&AuthorizationNames, AuthorizationNames.length +1))
+ {
+ xfree (authName.data);
+ return;
+ }
+ for (i = 0; i < namelen; i++)
+ authName.data[i] = (CARD8) name[i];
+ authName.length = namelen;
+ AuthorizationNames.data[AuthorizationNames.length-1] = authName;
+}
+
+/*
+ * Register the DisplayClass string
+ */
+
+static ARRAY8 DisplayClass;
+
+static void
+XdmcpRegisterDisplayClass (const char *name, int length)
+{
+ int i;
+
+ XdmcpDisposeARRAY8 (&DisplayClass);
+ if (!XdmcpAllocARRAY8 (&DisplayClass, length))
+ return;
+ for (i = 0; i < length; i++)
+ DisplayClass.data[i] = (CARD8) name[i];
+}
+
+/*
+ * initialize XDMCP; create the socket, compute the display
+ * number, set up the state machine
+ */
+
+void
+XdmcpInit(void)
+{
+ state = XDM_INIT_STATE;
+#ifdef HASXDMAUTH
+ if (xdmAuthCookie)
+ XdmAuthenticationInit (xdmAuthCookie, strlen (xdmAuthCookie));
+#endif
+ if (state != XDM_OFF)
+ {
+ XdmcpRegisterAuthorizations();
+ XdmcpRegisterDisplayClass (defaultDisplayClass, strlen (defaultDisplayClass));
+ AccessUsingXdmcp();
+ RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler,
+ (pointer) 0);
+ timeOutRtx = 0;
+ DisplayNumber = (CARD16) atoi(display);
+ get_xdmcp_sock();
+ send_packet();
+ }
+}
+
+void
+XdmcpReset (void)
+{
+ state = XDM_INIT_STATE;
+ if (state != XDM_OFF)
+ {
+ RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler,
+ (pointer) 0);
+ timeOutRtx = 0;
+ send_packet();
+ }
+}
+
+/*
+ * Called whenever a new connection is created; notices the
+ * first connection and saves it to terminate the session
+ * when it is closed
+ */
+
+void
+XdmcpOpenDisplay(int sock)
+{
+ if (state != XDM_AWAIT_MANAGE_RESPONSE)
+ return;
+ state = XDM_RUN_SESSION;
+ sessionSocket = sock;
+}
+
+void
+XdmcpCloseDisplay(int sock)
+{
+ if ((state != XDM_RUN_SESSION && state != XDM_AWAIT_ALIVE_RESPONSE)
+ || sessionSocket != sock)
+ return;
+ state = XDM_INIT_STATE;
+ if (OneSession)
+ dispatchException |= DE_TERMINATE;
+ else
+ dispatchException |= DE_RESET;
+ isItTimeToYield = TRUE;
+}
+
+/*
+ * called before going to sleep, this routine
+ * may modify the timeout value about to be sent
+ * to select; in this way XDMCP can do appropriate things
+ * dynamically while starting up
+ */
+
+/*ARGSUSED*/
+static void
+XdmcpBlockHandler(
+ pointer data, /* unused */
+ struct timeval **wt,
+ pointer pReadmask)
+{
+ fd_set *LastSelectMask = (fd_set*)pReadmask;
+ CARD32 millisToGo;
+
+ if (state == XDM_OFF)
+ return;
+ FD_SET(xdmcpSocket, LastSelectMask);
+#if defined(IPv6) && defined(AF_INET6)
+ if (xdmcpSocket6 >= 0)
+ FD_SET(xdmcpSocket6, LastSelectMask);
+#endif
+ if (timeOutTime == 0)
+ return;
+ millisToGo = timeOutTime - GetTimeInMillis();
+ if ((int) millisToGo < 0)
+ millisToGo = 0;
+ AdjustWaitForDelay (wt, millisToGo);
+}
+
+/*
+ * called after select returns; this routine will
+ * recognise when XDMCP packets await and
+ * process them appropriately
+ */
+
+/*ARGSUSED*/
+static void
+XdmcpWakeupHandler(
+ pointer data, /* unused */
+ int i,
+ pointer pReadmask)
+{
+ fd_set* LastSelectMask = (fd_set*)pReadmask;
+ fd_set devicesReadable;
+
+ if (state == XDM_OFF)
+ return;
+ if (i > 0)
+ {
+ if (FD_ISSET(xdmcpSocket, LastSelectMask))
+ {
+ receive_packet(xdmcpSocket);
+ FD_CLR(xdmcpSocket, LastSelectMask);
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ if (xdmcpSocket6 >= 0 && FD_ISSET(xdmcpSocket6, LastSelectMask))
+ {
+ receive_packet(xdmcpSocket6);
+ FD_CLR(xdmcpSocket6, LastSelectMask);
+ }
+#endif
+ XFD_ANDSET(&devicesReadable, LastSelectMask, &EnabledDevices);
+ if (XFD_ANYSET(&devicesReadable))
+ {
+ if (state == XDM_AWAIT_USER_INPUT)
+ restart();
+ else if (state == XDM_RUN_SESSION)
+ keepaliveDormancy = defaultKeepaliveDormancy;
+ }
+ if (XFD_ANYSET(&AllClients) && state == XDM_RUN_SESSION)
+ timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000;
+ }
+ else if (timeOutTime && (int) (GetTimeInMillis() - timeOutTime) >= 0)
+ {
+ if (state == XDM_RUN_SESSION)
+ {
+ state = XDM_KEEPALIVE;
+ send_packet();
+ }
+ else
+ timeout();
+ }
+}
+
+/*
+ * This routine should be called from the routine that drives the
+ * user's host menu when the user selects a host
+ */
+
+static void
+XdmcpSelectHost(
+ const struct sockaddr *host_sockaddr,
+ int host_len,
+ ARRAY8Ptr AuthenticationName)
+{
+ state = XDM_START_CONNECTION;
+ memmove(&req_sockaddr, host_sockaddr, host_len);
+ req_socklen = host_len;
+ XdmcpSetAuthentication (AuthenticationName);
+ send_packet();
+}
+
+/*
+ * !!! this routine should be replaced by a routine that adds
+ * the host to the user's host menu. the current version just
+ * selects the first host to respond with willing message.
+ */
+
+/*ARGSUSED*/
+static void
+XdmcpAddHost(
+ const struct sockaddr *from,
+ int fromlen,
+ ARRAY8Ptr AuthenticationName,
+ ARRAY8Ptr hostname,
+ ARRAY8Ptr status)
+{
+ XdmcpSelectHost(from, fromlen, AuthenticationName);
+}
+
+/*
+ * A message is queued on the socket; read it and
+ * do the appropriate thing
+ */
+
+static ARRAY8 UnwillingMessage = { (CARD8) 14, (CARD8 *) "Host unwilling" };
+
+static void
+receive_packet(int socketfd)
+{
+#if defined(IPv6) && defined(AF_INET6)
+ struct sockaddr_storage from;
+#else
+ struct sockaddr_in from;
+#endif
+ int fromlen = sizeof(from);
+ XdmcpHeader header;
+
+ /* read message off socket */
+ if (!XdmcpFill (socketfd, &buffer, (XdmcpNetaddr) &from, &fromlen))
+ return;
+
+ /* reset retransmission backoff */
+ timeOutRtx = 0;
+
+ if (!XdmcpReadHeader (&buffer, &header))
+ return;
+
+ if (header.version != XDM_PROTOCOL_VERSION)
+ return;
+
+ switch (header.opcode) {
+ case WILLING:
+ recv_willing_msg((struct sockaddr *) &from, fromlen, header.length);
+ break;
+ case UNWILLING:
+ XdmcpFatal("Manager unwilling", &UnwillingMessage);
+ break;
+ case ACCEPT:
+ recv_accept_msg(header.length);
+ break;
+ case DECLINE:
+ recv_decline_msg(header.length);
+ break;
+ case REFUSE:
+ recv_refuse_msg(header.length);
+ break;
+ case FAILED:
+ recv_failed_msg(header.length);
+ break;
+ case ALIVE:
+ recv_alive_msg(header.length);
+ break;
+ }
+}
+
+/*
+ * send the appropriate message given the current state
+ */
+
+static void
+send_packet(void)
+{
+ int rtx;
+ switch (state) {
+ case XDM_QUERY:
+ case XDM_BROADCAST:
+ case XDM_INDIRECT:
+#if defined(IPv6) && defined(AF_INET6)
+ case XDM_MULTICAST:
+#endif
+ send_query_msg();
+ break;
+ case XDM_START_CONNECTION:
+ send_request_msg();
+ break;
+ case XDM_MANAGE:
+ send_manage_msg();
+ break;
+ case XDM_KEEPALIVE:
+ send_keepalive_msg();
+ break;
+ default:
+ break;
+ }
+ rtx = (XDM_MIN_RTX << timeOutRtx);
+ if (rtx > XDM_MAX_RTX)
+ rtx = XDM_MAX_RTX;
+ timeOutTime = GetTimeInMillis() + rtx * 1000;
+}
+
+/*
+ * The session is declared dead for some reason; too many
+ * timeouts, or Keepalive failure.
+ */
+
+static void
+XdmcpDeadSession (const char *reason)
+{
+ ErrorF ("XDM: %s, declaring session dead\n", reason);
+ state = XDM_INIT_STATE;
+ isItTimeToYield = TRUE;
+ dispatchException |= DE_RESET;
+ timeOutTime = 0;
+ timeOutRtx = 0;
+ send_packet();
+}
+
+/*
+ * Timeout waiting for an XDMCP response.
+ */
+
+static void
+timeout(void)
+{
+ timeOutRtx++;
+ if (state == XDM_AWAIT_ALIVE_RESPONSE && timeOutRtx >= XDM_KA_RTX_LIMIT )
+ {
+ XdmcpDeadSession ("too many keepalive retransmissions");
+ return;
+ }
+ else if (timeOutRtx >= XDM_RTX_LIMIT)
+ {
+ /* Quit if "-once" specified, otherwise reset and try again. */
+ if (OneSession) {
+ dispatchException |= DE_TERMINATE;
+ ErrorF("XDM: too many retransmissions\n");
+ } else {
+ XdmcpDeadSession("too many retransmissions");
+ }
+ return;
+ }
+
+#if defined(IPv6) && defined(AF_INET6)
+ if (state == XDM_COLLECT_QUERY || state == XDM_COLLECT_INDIRECT_QUERY) {
+ /* Try next address */
+ for (mgrAddr = mgrAddr->ai_next; ; mgrAddr = mgrAddr->ai_next) {
+ if (mgrAddr == NULL) {
+ mgrAddr = mgrAddrFirst;
+ }
+ if (mgrAddr->ai_family == AF_INET
+ || mgrAddr->ai_family == AF_INET6)
+ break;
+ }
+#ifndef SIN6_LEN
+ ManagerAddressLen = mgrAddr->ai_addrlen;
+#endif
+ memcpy(&ManagerAddress, mgrAddr->ai_addr, mgrAddr->ai_addrlen);
+ }
+#endif
+
+ switch (state) {
+ case XDM_COLLECT_QUERY:
+ state = XDM_QUERY;
+ break;
+ case XDM_COLLECT_BROADCAST_QUERY:
+ state = XDM_BROADCAST;
+ break;
+#if defined(IPv6) && defined(AF_INET6)
+ case XDM_COLLECT_MULTICAST_QUERY:
+ state = XDM_MULTICAST;
+ break;
+#endif
+ case XDM_COLLECT_INDIRECT_QUERY:
+ state = XDM_INDIRECT;
+ break;
+ case XDM_AWAIT_REQUEST_RESPONSE:
+ state = XDM_START_CONNECTION;
+ break;
+ case XDM_AWAIT_MANAGE_RESPONSE:
+ state = XDM_MANAGE;
+ break;
+ case XDM_AWAIT_ALIVE_RESPONSE:
+ state = XDM_KEEPALIVE;
+ break;
+ default:
+ break;
+ }
+ send_packet();
+}
+
+static void
+restart(void)
+{
+ state = XDM_INIT_STATE;
+ timeOutRtx = 0;
+ send_packet();
+}
+
+static int
+XdmcpCheckAuthentication (ARRAY8Ptr Name, ARRAY8Ptr Data, int packet_type)
+{
+ return (XdmcpARRAY8Equal (Name, AuthenticationName) &&
+ (AuthenticationName->length == 0 ||
+ (*AuthenticationFuncs->Validator) (AuthenticationData, Data, packet_type)));
+}
+
+static int
+XdmcpAddAuthorization (ARRAY8Ptr name, ARRAY8Ptr data)
+{
+ AddAuthorFunc AddAuth;
+
+ if (AuthenticationFuncs && AuthenticationFuncs->AddAuth)
+ AddAuth = AuthenticationFuncs->AddAuth;
+ else
+ AddAuth = AddAuthorization;
+ return (*AddAuth) ((unsigned short)name->length,
+ (char *)name->data,
+ (unsigned short)data->length,
+ (char *)data->data);
+}
+
+/*
+ * from here to the end of this file are routines private
+ * to the state machine.
+ */
+
+static void
+get_xdmcp_sock(void)
+{
+#ifdef STREAMSCONN
+ struct netconfig *nconf;
+
+ if ((xdmcpSocket = t_open("/dev/udp", O_RDWR, 0)) < 0) {
+ XdmcpWarning("t_open() of /dev/udp failed");
+ return;
+ }
+
+ if( t_bind(xdmcpSocket,NULL,NULL) < 0 ) {
+ XdmcpWarning("UDP socket creation failed");
+ t_error("t_bind(xdmcpSocket) failed" );
+ t_close(xdmcpSocket);
+ return;
+ }
+
+ /*
+ * This part of the code looks contrived. It will actually fit in nicely
+ * when the CLTS part of Xtrans is implemented.
+ */
+
+ if( (nconf=getnetconfigent("udp")) == NULL ) {
+ XdmcpWarning("UDP socket creation failed: getnetconfigent()");
+ t_unbind(xdmcpSocket);
+ t_close(xdmcpSocket);
+ return;
+ }
+
+ if( netdir_options(nconf, ND_SET_BROADCAST, xdmcpSocket, NULL) ) {
+ XdmcpWarning("UDP set broadcast option failed: netdir_options()");
+ freenetconfigent(nconf);
+ t_unbind(xdmcpSocket);
+ t_close(xdmcpSocket);
+ return;
+ }
+
+ freenetconfigent(nconf);
+#else
+ int soopts = 1;
+
+#if defined(IPv6) && defined(AF_INET6)
+ if ((xdmcpSocket6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
+ XdmcpWarning("INET6 UDP socket creation failed");
+#endif
+ if ((xdmcpSocket = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ XdmcpWarning("UDP socket creation failed");
+#ifdef SO_BROADCAST
+ else if (setsockopt(xdmcpSocket, SOL_SOCKET, SO_BROADCAST, (char *)&soopts,
+ sizeof(soopts)) < 0)
+ XdmcpWarning("UDP set broadcast socket-option failed");
+#endif /* SO_BROADCAST */
+ if (xdmcpSocket >= 0 && xdm_from != NULL) {
+ if (bind(xdmcpSocket, (struct sockaddr *)&FromAddress,
+ FromAddressLen) < 0) {
+ FatalError("Xserver: failed to bind to -from address: %s\n", xdm_from);
+ }
+ }
+#endif /* STREAMSCONN */
+}
+
+static void
+send_query_msg(void)
+{
+ XdmcpHeader header;
+ Bool broadcast = FALSE;
+#if defined(IPv6) && defined(AF_INET6)
+ Bool multicast = FALSE;
+#endif
+ int i;
+ int socketfd = xdmcpSocket;
+
+ header.version = XDM_PROTOCOL_VERSION;
+ switch(state){
+ case XDM_QUERY:
+ header.opcode = (CARD16) QUERY;
+ state = XDM_COLLECT_QUERY;
+ break;
+ case XDM_BROADCAST:
+ header.opcode = (CARD16) BROADCAST_QUERY;
+ state = XDM_COLLECT_BROADCAST_QUERY;
+ broadcast = TRUE;
+ break;
+#if defined(IPv6) && defined(AF_INET6)
+ case XDM_MULTICAST:
+ header.opcode = (CARD16) BROADCAST_QUERY;
+ state = XDM_COLLECT_MULTICAST_QUERY;
+ multicast = TRUE;
+ break;
+#endif
+ case XDM_INDIRECT:
+ header.opcode = (CARD16) INDIRECT_QUERY;
+ state = XDM_COLLECT_INDIRECT_QUERY;
+ break;
+ default:
+ break;
+ }
+ header.length = 1;
+ for (i = 0; i < AuthenticationNames.length; i++)
+ header.length += 2 + AuthenticationNames.data[i].length;
+
+ XdmcpWriteHeader (&buffer, &header);
+ XdmcpWriteARRAYofARRAY8 (&buffer, &AuthenticationNames);
+ if (broadcast)
+ {
+ int i;
+
+ for (i = 0; i < NumBroadcastAddresses; i++)
+ XdmcpFlush (xdmcpSocket, &buffer, (XdmcpNetaddr) &BroadcastAddresses[i],
+ sizeof (struct sockaddr_in));
+ }
+#if defined(IPv6) && defined(AF_INET6)
+ else if (multicast)
+ {
+ struct multicastinfo *mcl;
+ struct addrinfo *ai;
+
+ for (mcl = mcastlist; mcl != NULL; mcl = mcl->next) {
+ for (ai = mcl->ai ; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family == AF_INET) {
+ unsigned char hopflag = (unsigned char) mcl->hops;
+ socketfd = xdmcpSocket;
+ setsockopt(socketfd, IPPROTO_IP, IP_MULTICAST_TTL,
+ &hopflag, sizeof(hopflag));
+ } else if (ai->ai_family == AF_INET6) {
+ int hopflag6 = mcl->hops;
+ socketfd = xdmcpSocket6;
+ setsockopt(socketfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
+ &hopflag6, sizeof(hopflag6));
+ } else {
+ continue;
+ }
+ XdmcpFlush (socketfd, &buffer,
+ (XdmcpNetaddr) ai->ai_addr, ai->ai_addrlen);
+ break;
+ }
+ }
+ }
+#endif
+ else
+ {
+#if defined(IPv6) && defined(AF_INET6)
+ if (SOCKADDR_FAMILY(ManagerAddress) == AF_INET6)
+ socketfd = xdmcpSocket6;
+#endif
+ XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &ManagerAddress,
+ ManagerAddressLen);
+ }
+}
+
+static void
+recv_willing_msg(
+ struct sockaddr *from,
+ int fromlen,
+ unsigned length)
+{
+ ARRAY8 authenticationName;
+ ARRAY8 hostname;
+ ARRAY8 status;
+
+ authenticationName.data = 0;
+ hostname.data = 0;
+ status.data = 0;
+ if (XdmcpReadARRAY8 (&buffer, &authenticationName) &&
+ XdmcpReadARRAY8 (&buffer, &hostname) &&
+ XdmcpReadARRAY8 (&buffer, &status))
+ {
+ if (length == 6 + authenticationName.length +
+ hostname.length + status.length)
+ {
+ switch (state)
+ {
+ case XDM_COLLECT_QUERY:
+ XdmcpSelectHost(from, fromlen, &authenticationName);
+ break;
+ case XDM_COLLECT_BROADCAST_QUERY:
+#if defined(IPv6) && defined(AF_INET6)
+ case XDM_COLLECT_MULTICAST_QUERY:
+#endif
+ case XDM_COLLECT_INDIRECT_QUERY:
+ XdmcpAddHost(from, fromlen, &authenticationName, &hostname, &status);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ XdmcpDisposeARRAY8 (&authenticationName);
+ XdmcpDisposeARRAY8 (&hostname);
+ XdmcpDisposeARRAY8 (&status);
+}
+
+static void
+send_request_msg(void)
+{
+ XdmcpHeader header;
+ int length;
+ int i;
+ CARD16 XdmcpConnectionType;
+ ARRAY8 authenticationData;
+ int socketfd = xdmcpSocket;
+
+ switch (SOCKADDR_FAMILY(ManagerAddress))
+ {
+ case AF_INET: XdmcpConnectionType=FamilyInternet; break;
+#if defined(IPv6) && defined(AF_INET6)
+ case AF_INET6: XdmcpConnectionType=FamilyInternet6; break;
+#endif
+ default: XdmcpConnectionType=0xffff; break;
+ }
+
+ header.version = XDM_PROTOCOL_VERSION;
+ header.opcode = (CARD16) REQUEST;
+
+ length = 2; /* display number */
+ length += 1 + 2 * ConnectionTypes.length; /* connection types */
+ length += 1; /* connection addresses */
+ for (i = 0; i < ConnectionAddresses.length; i++)
+ length += 2 + ConnectionAddresses.data[i].length;
+ authenticationData.length = 0;
+ authenticationData.data = 0;
+ if (AuthenticationFuncs)
+ {
+ (*AuthenticationFuncs->Generator) (AuthenticationData,
+ &authenticationData,
+ REQUEST);
+ }
+ length += 2 + AuthenticationName->length; /* authentication name */
+ length += 2 + authenticationData.length; /* authentication data */
+ length += 1; /* authorization names */
+ for (i = 0; i < AuthorizationNames.length; i++)
+ length += 2 + AuthorizationNames.data[i].length;
+ length += 2 + ManufacturerDisplayID.length; /* display ID */
+ header.length = length;
+
+ if (!XdmcpWriteHeader (&buffer, &header))
+ {
+ XdmcpDisposeARRAY8 (&authenticationData);
+ return;
+ }
+ XdmcpWriteCARD16 (&buffer, DisplayNumber);
+ XdmcpWriteCARD8 (&buffer, ConnectionTypes.length);
+
+ /* The connection array is send reordered, so that connections of */
+ /* the same address type as the XDMCP manager connection are send */
+ /* first. This works around a bug in xdm. mario@klebsch.de */
+ for (i = 0; i < (int)ConnectionTypes.length; i++)
+ if (ConnectionTypes.data[i]==XdmcpConnectionType)
+ XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]);
+ for (i = 0; i < (int)ConnectionTypes.length; i++)
+ if (ConnectionTypes.data[i]!=XdmcpConnectionType)
+ XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]);
+
+ XdmcpWriteCARD8 (&buffer, ConnectionAddresses.length);
+ for (i = 0; i < (int)ConnectionAddresses.length; i++)
+ if ( (i<ConnectionTypes.length) &&
+ (ConnectionTypes.data[i]==XdmcpConnectionType) )
+ XdmcpWriteARRAY8 (&buffer, &ConnectionAddresses.data[i]);
+ for (i = 0; i < (int)ConnectionAddresses.length; i++)
+ if ( (i>=ConnectionTypes.length) ||
+ (ConnectionTypes.data[i]!=XdmcpConnectionType) )
+ XdmcpWriteARRAY8 (&buffer, &ConnectionAddresses.data[i]);
+
+ XdmcpWriteARRAY8 (&buffer, AuthenticationName);
+ XdmcpWriteARRAY8 (&buffer, &authenticationData);
+ XdmcpDisposeARRAY8 (&authenticationData);
+ XdmcpWriteARRAYofARRAY8 (&buffer, &AuthorizationNames);
+ XdmcpWriteARRAY8 (&buffer, &ManufacturerDisplayID);
+#if defined(IPv6) && defined(AF_INET6)
+ if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6)
+ socketfd = xdmcpSocket6;
+#endif
+ if (XdmcpFlush (socketfd, &buffer,
+ (XdmcpNetaddr) &req_sockaddr, req_socklen))
+ state = XDM_AWAIT_REQUEST_RESPONSE;
+}
+
+static void
+recv_accept_msg(unsigned length)
+{
+ CARD32 AcceptSessionID;
+ ARRAY8 AcceptAuthenticationName, AcceptAuthenticationData;
+ ARRAY8 AcceptAuthorizationName, AcceptAuthorizationData;
+
+ if (state != XDM_AWAIT_REQUEST_RESPONSE)
+ return;
+ AcceptAuthenticationName.data = 0;
+ AcceptAuthenticationData.data = 0;
+ AcceptAuthorizationName.data = 0;
+ AcceptAuthorizationData.data = 0;
+ if (XdmcpReadCARD32 (&buffer, &AcceptSessionID) &&
+ XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationName) &&
+ XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationData) &&
+ XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationName) &&
+ XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationData))
+ {
+ if (length == 12 + AcceptAuthenticationName.length +
+ AcceptAuthenticationData.length +
+ AcceptAuthorizationName.length +
+ AcceptAuthorizationData.length)
+ {
+ if (!XdmcpCheckAuthentication (&AcceptAuthenticationName,
+ &AcceptAuthenticationData, ACCEPT))
+ {
+ XdmcpFatal ("Authentication Failure", &AcceptAuthenticationName);
+ }
+ /* permit access control manipulations from this host */
+ AugmentSelf (&req_sockaddr, req_socklen);
+ /* if the authorization specified in the packet fails
+ * to be acceptable, enable the local addresses
+ */
+ if (!XdmcpAddAuthorization (&AcceptAuthorizationName,
+ &AcceptAuthorizationData))
+ {
+ AddLocalHosts ();
+ }
+ SessionID = AcceptSessionID;
+ state = XDM_MANAGE;
+ send_packet();
+ }
+ }
+ XdmcpDisposeARRAY8 (&AcceptAuthenticationName);
+ XdmcpDisposeARRAY8 (&AcceptAuthenticationData);
+ XdmcpDisposeARRAY8 (&AcceptAuthorizationName);
+ XdmcpDisposeARRAY8 (&AcceptAuthorizationData);
+}
+
+static void
+recv_decline_msg(unsigned length)
+{
+ ARRAY8 status, DeclineAuthenticationName, DeclineAuthenticationData;
+
+ status.data = 0;
+ DeclineAuthenticationName.data = 0;
+ DeclineAuthenticationData.data = 0;
+ if (XdmcpReadARRAY8 (&buffer, &status) &&
+ XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationName) &&
+ XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationData))
+ {
+ if (length == 6 + status.length +
+ DeclineAuthenticationName.length +
+ DeclineAuthenticationData.length &&
+ XdmcpCheckAuthentication (&DeclineAuthenticationName,
+ &DeclineAuthenticationData, DECLINE))
+ {
+ XdmcpFatal ("Session declined", &status);
+ }
+ }
+ XdmcpDisposeARRAY8 (&status);
+ XdmcpDisposeARRAY8 (&DeclineAuthenticationName);
+ XdmcpDisposeARRAY8 (&DeclineAuthenticationData);
+}
+
+static void
+send_manage_msg(void)
+{
+ XdmcpHeader header;
+ int socketfd = xdmcpSocket;
+
+ header.version = XDM_PROTOCOL_VERSION;
+ header.opcode = (CARD16) MANAGE;
+ header.length = 8 + DisplayClass.length;
+
+ if (!XdmcpWriteHeader (&buffer, &header))
+ return;
+ XdmcpWriteCARD32 (&buffer, SessionID);
+ XdmcpWriteCARD16 (&buffer, DisplayNumber);
+ XdmcpWriteARRAY8 (&buffer, &DisplayClass);
+ state = XDM_AWAIT_MANAGE_RESPONSE;
+#if defined(IPv6) && defined(AF_INET6)
+ if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6)
+ socketfd = xdmcpSocket6;
+#endif
+ XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen);
+}
+
+static void
+recv_refuse_msg(unsigned length)
+{
+ CARD32 RefusedSessionID;
+
+ if (state != XDM_AWAIT_MANAGE_RESPONSE)
+ return;
+ if (length != 4)
+ return;
+ if (XdmcpReadCARD32 (&buffer, &RefusedSessionID))
+ {
+ if (RefusedSessionID == SessionID)
+ {
+ state = XDM_START_CONNECTION;
+ send_packet();
+ }
+ }
+}
+
+static void
+recv_failed_msg(unsigned length)
+{
+ CARD32 FailedSessionID;
+ ARRAY8 status;
+
+ if (state != XDM_AWAIT_MANAGE_RESPONSE)
+ return;
+ status.data = 0;
+ if (XdmcpReadCARD32 (&buffer, &FailedSessionID) &&
+ XdmcpReadARRAY8 (&buffer, &status))
+ {
+ if (length == 6 + status.length &&
+ SessionID == FailedSessionID)
+ {
+ XdmcpFatal ("Session failed", &status);
+ }
+ }
+ XdmcpDisposeARRAY8 (&status);
+}
+
+static void
+send_keepalive_msg(void)
+{
+ XdmcpHeader header;
+ int socketfd = xdmcpSocket;
+
+ header.version = XDM_PROTOCOL_VERSION;
+ header.opcode = (CARD16) KEEPALIVE;
+ header.length = 6;
+
+ XdmcpWriteHeader (&buffer, &header);
+ XdmcpWriteCARD16 (&buffer, DisplayNumber);
+ XdmcpWriteCARD32 (&buffer, SessionID);
+
+ state = XDM_AWAIT_ALIVE_RESPONSE;
+#if defined(IPv6) && defined(AF_INET6)
+ if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6)
+ socketfd = xdmcpSocket6;
+#endif
+ XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen);
+}
+
+static void
+recv_alive_msg (unsigned length)
+{
+ CARD8 SessionRunning;
+ CARD32 AliveSessionID;
+
+ if (state != XDM_AWAIT_ALIVE_RESPONSE)
+ return;
+ if (length != 5)
+ return;
+ if (XdmcpReadCARD8 (&buffer, &SessionRunning) &&
+ XdmcpReadCARD32 (&buffer, &AliveSessionID))
+ {
+ if (SessionRunning && AliveSessionID == SessionID)
+ {
+ /* backoff dormancy period */
+ state = XDM_RUN_SESSION;
+ if ((GetTimeInMillis() - lastDeviceEventTime.milliseconds) >
+ keepaliveDormancy * 1000)
+ {
+ keepaliveDormancy <<= 1;
+ if (keepaliveDormancy > XDM_MAX_DORMANCY)
+ keepaliveDormancy = XDM_MAX_DORMANCY;
+ }
+ timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000;
+ }
+ else
+ {
+ XdmcpDeadSession ("Alive response indicates session dead");
+ }
+ }
+}
+
+static void
+XdmcpFatal (
+ const char *type,
+ ARRAY8Ptr status)
+{
+ FatalError ("XDMCP fatal error: %s %*.*s\n", type,
+ status->length, status->length, status->data);
+}
+
+static void
+XdmcpWarning(const char *str)
+{
+ ErrorF("XDMCP warning: %s\n", str);
+}
+
+static void
+get_addr_by_name(
+ const char *argtype,
+ const char *namestr,
+ int port,
+ int socktype,
+ SOCKADDR_TYPE *addr,
+ SOCKLEN_TYPE *addrlen
+#if defined(IPv6) && defined(AF_INET6)
+ ,
+ struct addrinfo **aip,
+ struct addrinfo **aifirstp
+#endif
+ )
+{
+#if defined(IPv6) && defined(AF_INET6)
+ struct addrinfo *ai;
+ struct addrinfo hints;
+ char portstr[6];
+ char *pport = portstr;
+ int gaierr;
+
+ bzero(&hints, sizeof(hints));
+ hints.ai_socktype = socktype;
+
+ if (port == 0) {
+ pport = NULL;
+ } else if (port > 0 && port < 65535) {
+ sprintf(portstr, "%d", port);
+ } else {
+ FatalError("Xserver: port out of range: %d\n", port);
+ }
+
+ if (*aifirstp != NULL) {
+ freeaddrinfo(*aifirstp);
+ *aifirstp = NULL;
+ }
+
+ if ((gaierr = getaddrinfo(namestr, pport, &hints, aifirstp)) == 0) {
+ for (ai = *aifirstp; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family == AF_INET || ai->ai_family == AF_INET6)
+ break;
+ }
+ if ((ai == NULL) || (ai->ai_addrlen > sizeof(SOCKADDR_TYPE))) {
+ FatalError ("Xserver: %s host %s not on supported network type\n",
+ argtype, namestr);
+ } else {
+ *aip = ai;
+ *addrlen = ai->ai_addrlen;
+ memcpy(addr, ai->ai_addr, ai->ai_addrlen);
+ }
+ } else {
+ FatalError("Xserver: %s: %s %s\n", gai_strerror(gaierr), argtype, namestr);
+ }
+#else
+ struct hostent *hep;
+#ifdef XTHREADS_NEEDS_BYNAMEPARAMS
+ _Xgethostbynameparams hparams;
+#endif
+#if defined(WIN32) && (defined(TCPCONN) || defined(DNETCONN))
+ _XSERVTransWSAStartup();
+#endif
+ if (!(hep = _XGethostbyname(namestr, hparams)))
+ {
+ FatalError("Xserver: %s unknown host: %s\n", argtype, namestr);
+ }
+ if (hep->h_length == sizeof (struct in_addr))
+ {
+ memmove(&addr->sin_addr, hep->h_addr, hep->h_length);
+ *addrlen = sizeof(struct sockaddr_in);
+ addr->sin_family = AF_INET;
+ addr->sin_port = htons (port);
+ }
+ else
+ {
+ FatalError("Xserver: %s host on strange network %s\n", argtype, namestr);
+ }
+#endif
+}
+
+static void
+get_manager_by_name(
+ int argc,
+ char **argv,
+ int i)
+{
+
+ if ((i + 1) == argc)
+ {
+ FatalError("Xserver: missing %s host name in command line\n", argv[i]);
+ }
+
+ get_addr_by_name(argv[i], argv[i+1], xdm_udp_port, SOCK_DGRAM,
+ &ManagerAddress, &ManagerAddressLen
+#if defined(IPv6) && defined(AF_INET6)
+ , &mgrAddr, &mgrAddrFirst
+#endif
+ );
+}
+
+
+static void
+get_fromaddr_by_name(
+ int argc,
+ char **argv,
+ int i)
+{
+#if defined(IPv6) && defined(AF_INET6)
+ struct addrinfo *ai = NULL;
+ struct addrinfo *aifirst = NULL;
+#endif
+ if (i == argc)
+ {
+ FatalError("Xserver: missing -from host name in command line\n");
+ }
+ get_addr_by_name("-from", argv[i], 0, 0, &FromAddress, &FromAddressLen
+#if defined(IPv6) && defined(AF_INET6)
+ , &ai, &aifirst
+#endif
+ );
+#if defined(IPv6) && defined(AF_INET6)
+ if (aifirst != NULL)
+ freeaddrinfo(aifirst);
+#endif
+ xdm_from = argv[i];
+}
+
+
+#if defined(IPv6) && defined(AF_INET6)
+static int
+get_mcast_options(int argc, char **argv, int i)
+{
+ char *address = XDM_DEFAULT_MCAST_ADDR6;
+ int hopcount = 1;
+ struct addrinfo hints;
+ char portstr[6];
+ int gaierr;
+ struct addrinfo *ai, *firstai;
+
+ if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) {
+ address = argv[i++];
+ if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) {
+ hopcount = strtol(argv[i++], NULL, 10);
+ if ((hopcount < 1) || (hopcount > 255)) {
+ FatalError("Xserver: multicast hop count out of range: %d\n",
+ hopcount);
+ }
+ }
+ }
+
+ if (xdm_udp_port > 0 && xdm_udp_port < 65535) {
+ sprintf(portstr, "%d", xdm_udp_port);
+ } else {
+ FatalError("Xserver: port out of range: %d\n", xdm_udp_port);
+ }
+ bzero(&hints, sizeof(hints));
+ hints.ai_socktype = SOCK_DGRAM;
+
+ if ((gaierr = getaddrinfo(address, portstr, &hints, &firstai)) == 0) {
+ for (ai = firstai; ai != NULL; ai = ai->ai_next) {
+ if (((ai->ai_family == AF_INET) &&
+ IN_MULTICAST(((struct sockaddr_in *) ai->ai_addr)
+ ->sin_addr.s_addr))
+ || ((ai->ai_family == AF_INET6) &&
+ IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *) ai->ai_addr)
+ ->sin6_addr)))
+ break;
+ }
+ if (ai == NULL) {
+ FatalError ("Xserver: address not supported multicast type %s\n",
+ address);
+ } else {
+ struct multicastinfo *mcastinfo, *mcl;
+
+ mcastinfo = malloc(sizeof(struct multicastinfo));
+ mcastinfo->next = NULL;
+ mcastinfo->ai = firstai;
+ mcastinfo->hops = hopcount;
+
+ if (mcastlist == NULL) {
+ mcastlist = mcastinfo;
+ } else {
+ for (mcl = mcastlist; mcl->next != NULL; mcl = mcl->next) {
+ /* Do nothing - just find end of list */
+ }
+ mcl->next = mcastinfo;
+ }
+ }
+ } else {
+ FatalError("Xserver: %s: %s\n", gai_strerror(gaierr), address);
+ }
+ return i;
+}
+#endif
+
+#else
+static int xdmcp_non_empty; /* avoid complaint by ranlib */
+#endif /* XDMCP */
|