From 49c7992dfc9c6b8a60baf1afbede4616e0265e7f Mon Sep 17 00:00:00 2001 From: marha Date: Sun, 9 May 2010 21:09:18 +0000 Subject: xserver git update 9/5/2010 --- xorg-server/os/access.c | 4404 +++++++++++++++++++++++----------------------- xorg-server/os/auth.c | 655 +++---- xorg-server/os/mitauth.c | 394 ++--- xorg-server/os/osdep.h | 23 +- xorg-server/os/rpcauth.c | 386 ++-- xorg-server/os/xdmauth.c | 998 +++++------ xorg-server/os/xdmcp.c | 3322 +++++++++++++++++----------------- 7 files changed, 5092 insertions(+), 5090 deletions(-) (limited to 'xorg-server/os') diff --git a/xorg-server/os/access.c b/xorg-server/os/access.c index 74c340a43..603210f85 100644 --- a/xorg-server/os/access.c +++ b/xorg-server/os/access.c @@ -1,2202 +1,2202 @@ -/*********************************************************** - -Copyright 1987, 1998 The Open Group - -All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, and/or sell copies of the Software, and to permit persons -to whom the Software is furnished to do so, provided that the above -copyright notice(s) and this permission notice appear in all copies of -the Software and that both the above copyright notice(s) and this -permission notice appear in supporting documentation. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT -OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR -HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL -INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING -FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Except as contained in this notice, the name of a copyright holder -shall not be used in advertising or otherwise to promote the sale, use -or other dealings in this Software without prior written authorization -of the copyright holder. - -X Window System is a trademark of The Open Group. - -Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts. - - All Rights Reserved - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of Digital not be -used in advertising or publicity pertaining to distribution of the -software without specific, written prior permission. - -DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING -ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL -DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR -ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, -WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, -ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -SOFTWARE. - -******************************************************************/ - -/* - * Copyright © 2004 Sun Microsystems, Inc. All rights reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a - * copy of this software and associated documentation files (the "Software"), - * to deal in the Software without restriction, including without limitation - * the rights to use, copy, modify, merge, publish, distribute, sublicense, - * and/or sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice (including the next - * paragraph) shall be included in all copies or substantial portions of the - * Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - */ - -#ifdef HAVE_DIX_CONFIG_H -#include -#endif - -#ifdef WIN32 -#include -#endif - -#include -#include -#define XSERV_t -#define TRANS_SERVER -#define TRANS_REOPEN -#include -#include -#include -#include -#include "misc.h" -#include "site.h" -#include -#include -#ifndef WIN32 -#include -#include -#include - -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(__SCO__) -#include -#endif /* TCPCONN || STREAMSCONN || ISC || __SCO__ */ -#ifdef DNETCONN -#include -#include -#endif - -#ifdef HAS_GETPEERUCRED -# include -# ifdef sun -# include -# endif -#endif - -#if defined(SVR4) || (defined(SYSV) && defined(__i386__)) || defined(__GNU__) -# include -#endif -#if defined(SYSV) && defined(__i386__) -# include -#endif -#ifdef __GNU__ -#undef SIOCGIFCONF -#include -#else /*!__GNU__*/ -# include -#endif /*__GNU__ */ - -#ifdef SVR4 -#include -#include -#endif - -#include - -#ifdef CSRG_BASED -#include -#if (BSD >= 199103) -#define VARIABLE_IFREQ -#endif -#endif - -#ifdef BSD44SOCKETS -#ifndef VARIABLE_IFREQ -#define VARIABLE_IFREQ -#endif -#endif - -#ifdef HAS_GETIFADDRS -#include -#endif - -/* Solaris provides an extended interface SIOCGLIFCONF. Other systems - * may have this as well, but the code has only been tested on Solaris - * so far, so we only enable it there. Other platforms may be added as - * needed. - * - * Test for Solaris commented out -- TSI @ UQV 2003.06.13 - */ -#ifdef SIOCGLIFCONF -/* #if defined(sun) */ -#define USE_SIOCGLIFCONF -/* #endif */ -#endif - -#endif /* WIN32 */ - -#ifndef PATH_MAX -#include -#ifndef PATH_MAX -#ifdef MAXPATHLEN -#define PATH_MAX MAXPATHLEN -#else -#define PATH_MAX 1024 -#endif -#endif -#endif - -#ifdef __SCO__ -/* The system defined value is wrong. MAXPATHLEN is set in sco5.cf. */ -#undef PATH_MAX -#endif - -#define X_INCLUDE_NETDB_H -#include - -#include "dixstruct.h" -#include "osdep.h" - -#include "xace.h" - -#ifndef PATH_MAX -#ifdef MAXPATHLEN -#define PATH_MAX MAXPATHLEN -#else -#define PATH_MAX 1024 -#endif -#endif - -Bool defeatAccessControl = FALSE; - -#define acmp(a1, a2, len) memcmp((char *)(a1), (char *)(a2), len) -#define acopy(a1, a2, len) memmove((char *)(a2), (char *)(a1), len) -#define addrEqual(fam, address, length, host) \ - ((fam) == (host)->family &&\ - (length) == (host)->len &&\ - !acmp (address, (host)->addr, length)) - -static int ConvertAddr(struct sockaddr * /*saddr*/, - int * /*len*/, - pointer * /*addr*/); - -static int CheckAddr(int /*family*/, - pointer /*pAddr*/, - unsigned /*length*/); - -static Bool NewHost(int /*family*/, - pointer /*addr*/, - int /*len*/, - int /* addingLocalHosts */); - -/* XFree86 bug #156: To keep track of which hosts were explicitly requested in - /etc/X.hosts, we've added a requested field to the HOST struct, - and a LocalHostRequested variable. These default to FALSE, but are set - to TRUE in ResetHosts when reading in /etc/X.hosts. They are - checked in DisableLocalHost(), which is called to disable the default - local host entries when stronger authentication is turned on. */ - -typedef struct _host { - short family; - short len; - unsigned char *addr; - struct _host *next; - int requested; -} HOST; - -#define MakeHost(h,l) (h)=xalloc(sizeof *(h)+(l));\ - if (h) { \ - (h)->addr=(unsigned char *) ((h) + 1);\ - (h)->requested = FALSE; \ - } -#define FreeHost(h) xfree(h) -static HOST *selfhosts = NULL; -static HOST *validhosts = NULL; -static int AccessEnabled = DEFAULT_ACCESS_CONTROL; -static int LocalHostEnabled = FALSE; -static int LocalHostRequested = FALSE; -static int UsingXdmcp = FALSE; - -/* FamilyServerInterpreted implementation */ -static Bool siAddrMatch(int family, pointer addr, int len, HOST *host, - ClientPtr client); -static int siCheckAddr(const char *addrString, int length); -static void siTypesInitialize(void); - -/* - * called when authorization is not enabled to add the - * local host to the access list - */ - -void -EnableLocalHost (void) -{ - if (!UsingXdmcp) - { - LocalHostEnabled = TRUE; - AddLocalHosts (); - } -} - -/* - * called when authorization is enabled to keep us secure - */ -void -DisableLocalHost (void) -{ - HOST *self; - - if (!LocalHostRequested) /* Fix for XFree86 bug #156 */ - LocalHostEnabled = FALSE; - for (self = selfhosts; self; self = self->next) { - if (!self->requested) /* Fix for XFree86 bug #156 */ - (void) RemoveHost ((ClientPtr)NULL, self->family, self->len, (pointer)self->addr); - } -} - -/* - * called at init time when XDMCP will be used; xdmcp always - * adds local hosts manually when needed - */ - -void -AccessUsingXdmcp (void) -{ - UsingXdmcp = TRUE; - LocalHostEnabled = FALSE; -} - - -#if defined(SVR4) && !defined(SCO325) && !defined(sun) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF) - -/* Deal with different SIOCGIFCONF ioctl semantics on these OSs */ - -static int -ifioctl (int fd, int cmd, char *arg) -{ - struct strioctl ioc; - int ret; - - bzero((char *) &ioc, sizeof(ioc)); - ioc.ic_cmd = cmd; - ioc.ic_timout = 0; - if (cmd == SIOCGIFCONF) - { - ioc.ic_len = ((struct ifconf *) arg)->ifc_len; - ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf; - } - else - { - ioc.ic_len = sizeof(struct ifreq); - ioc.ic_dp = arg; - } - ret = ioctl(fd, I_STR, (char *) &ioc); - if (ret >= 0 && cmd == SIOCGIFCONF) -#ifdef SVR4 - ((struct ifconf *) arg)->ifc_len = ioc.ic_len; -#endif - return(ret); -} -#else /* Case sun, SCO325 and others */ -#define ifioctl ioctl -#endif /* ((SVR4 && !sun !SCO325) || ISC) && SIOCGIFCONF */ - -/* - * DefineSelf (fd): - * - * Define this host for access control. Find all the hosts the OS knows about - * for this fd and add them to the selfhosts list. - */ - -#if !defined(SIOCGIFCONF) -void -DefineSelf (int fd) -{ -#if !defined(TCPCONN) && !defined(STREAMSCONN) && !defined(UNIXCONN) && !defined(MNX_TCPCONN) - return; -#else - register int n; - int len; - caddr_t addr; - int family; - register HOST *host; - -#ifndef WIN32 - struct utsname name; -#else - struct { - char nodename[512]; - } name; -#endif - - register struct hostent *hp; - - union { - struct sockaddr sa; - struct sockaddr_in in; -#if defined(IPv6) && defined(AF_INET6) - struct sockaddr_in6 in6; -#endif - } saddr; - - struct sockaddr_in *inetaddr; - struct sockaddr_in6 *inet6addr; - struct sockaddr_in broad_addr; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - - /* Why not use gethostname()? Well, at least on my system, I've had to - * make an ugly kernel patch to get a name longer than 8 characters, and - * uname() lets me access to the whole string (it smashes release, you - * see), whereas gethostname() kindly truncates it for me. - */ -#ifndef WIN32 - uname(&name); -#else - gethostname(name.nodename, sizeof(name.nodename)); -#endif - - hp = _XGethostbyname(name.nodename, hparams); - if (hp != NULL) - { - saddr.sa.sa_family = hp->h_addrtype; - switch (hp->h_addrtype) { - case AF_INET: - inetaddr = (struct sockaddr_in *) (&(saddr.sa)); - acopy ( hp->h_addr, &(inetaddr->sin_addr), hp->h_length); - len = sizeof(saddr.sa); - break; -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: - inet6addr = (struct sockaddr_in6 *) (&(saddr.sa)); - acopy ( hp->h_addr, &(inet6addr->sin6_addr), hp->h_length); - len = sizeof(saddr.in6); - break; -#endif - default: - goto DefineLocalHost; - } - family = ConvertAddr ( &(saddr.sa), &len, (pointer *)&addr); - if ( family != -1 && family != FamilyLocal ) - { - for (host = selfhosts; - host && !addrEqual (family, addr, len, host); - host = host->next) ; - if (!host) - { - /* add this host to the host list. */ - MakeHost(host,len) - if (host) - { - host->family = family; - host->len = len; - acopy ( addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } -#ifdef XDMCP - /* - * If this is an Internet Address, but not the localhost - * address (127.0.0.1), nor the bogus address (0.0.0.0), - * register it. - */ - if (family == FamilyInternet && - !(len == 4 && - ((addr[0] == 127) || - (addr[0] == 0 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 0))) - ) - { - XdmcpRegisterConnection (family, (char *)addr, len); - broad_addr = *inetaddr; - ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr = - htonl (INADDR_BROADCAST); - XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) - &broad_addr); - } -#if defined(IPv6) && defined(AF_INET6) - else if (family == FamilyInternet6 && - !(IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))) - { - XdmcpRegisterConnection (family, (char *)addr, len); - } -#endif - -#endif /* XDMCP */ - } - } - } - /* - * now add a host of family FamilyLocalHost... - */ -DefineLocalHost: - for (host = selfhosts; - host && !addrEqual(FamilyLocalHost, "", 0, host); - host = host->next); - if (!host) - { - MakeHost(host, 0); - if (host) - { - host->family = FamilyLocalHost; - host->len = 0; - acopy("", host->addr, 0); - host->next = selfhosts; - selfhosts = host; - } - } -#endif /* !TCPCONN && !STREAMSCONN && !UNIXCONN && !MNX_TCPCONN */ -} - -#else - -#ifdef USE_SIOCGLIFCONF -#define ifr_type struct lifreq -#else -#define ifr_type struct ifreq -#endif - -#ifdef VARIABLE_IFREQ -#define ifr_size(p) (sizeof (struct ifreq) + \ - (p->ifr_addr.sa_len > sizeof (p->ifr_addr) ? \ - p->ifr_addr.sa_len - sizeof (p->ifr_addr) : 0)) -#define ifraddr_size(a) (a.sa_len) -#else -#define ifr_size(p) (sizeof (ifr_type)) -#define ifraddr_size(a) (sizeof (a)) -#endif - -#if defined(IPv6) && defined(AF_INET6) -#include -#endif - -#if defined(IPv6) && defined(AF_INET6) -static void -in6_fillscopeid(struct sockaddr_in6 *sin6) -{ -#if defined(__KAME__) - if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { - sin6->sin6_scope_id = - ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); - sin6->sin6_addr.s6_addr[2] = sin6->sin6_addr.s6_addr[3] = 0; - } -#endif -} -#endif - -void -DefineSelf (int fd) -{ -#ifndef HAS_GETIFADDRS - char *cp, *cplim; -# ifdef USE_SIOCGLIFCONF - struct sockaddr_storage buf[16]; - struct lifconf ifc; - register struct lifreq *ifr; -# ifdef SIOCGLIFNUM - struct lifnum ifn; -# endif -# else /* !USE_SIOCGLIFCONF */ - char buf[2048]; - struct ifconf ifc; - register struct ifreq *ifr; -# endif - void * bufptr = buf; -#else /* HAS_GETIFADDRS */ - struct ifaddrs * ifap, *ifr; -#endif - int len; - unsigned char * addr; - int family; - register HOST *host; - -#ifdef DNETCONN - struct dn_naddr *dnaddr = getnodeadd(); - /* - * AF_DECnet may not be listed in the interface list. Instead use - * the supported library call to find out the local address (if any). - */ - if (dnaddr) - { - addr = (unsigned char *) dnaddr; - len = dnaddr->a_len + sizeof(dnaddr->a_len); - family = FamilyDECnet; - for (host = selfhosts; - host && !addrEqual (family, addr, len, host); - host = host->next) - ; - if (!host) - { - MakeHost(host,len) - if (host) - { - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } - } - } -#endif /* DNETCONN */ -#ifndef HAS_GETIFADDRS - - len = sizeof(buf); - -#ifdef USE_SIOCGLIFCONF - -#ifdef SIOCGLIFNUM - ifn.lifn_family = AF_UNSPEC; - ifn.lifn_flags = 0; - if (ioctl (fd, SIOCGLIFNUM, (char *) &ifn) < 0) - Error ("Getting interface count"); - if (len < (ifn.lifn_count * sizeof(struct lifreq))) { - len = ifn.lifn_count * sizeof(struct lifreq); - bufptr = xalloc(len); - } -#endif - - ifc.lifc_family = AF_UNSPEC; - ifc.lifc_flags = 0; - ifc.lifc_len = len; - ifc.lifc_buf = bufptr; - -#define IFC_IOCTL_REQ SIOCGLIFCONF -#define IFC_IFC_REQ ifc.lifc_req -#define IFC_IFC_LEN ifc.lifc_len -#define IFR_IFR_ADDR ifr->lifr_addr -#define IFR_IFR_NAME ifr->lifr_name - -#else /* Use SIOCGIFCONF */ - ifc.ifc_len = len; - ifc.ifc_buf = bufptr; - -#define IFC_IOCTL_REQ SIOCGIFCONF -#define IFC_IFC_REQ ifc.ifc_req -#define IFC_IFC_LEN ifc.ifc_len -#define IFR_IFR_ADDR ifr->ifr_addr -#define IFR_IFR_NAME ifr->ifr_name -#endif - - if (ifioctl (fd, IFC_IOCTL_REQ, (pointer) &ifc) < 0) - Error ("Getting interface configuration (4)"); - - cplim = (char *) IFC_IFC_REQ + IFC_IFC_LEN; - - for (cp = (char *) IFC_IFC_REQ; cp < cplim; cp += ifr_size (ifr)) - { - ifr = (ifr_type *) cp; - len = ifraddr_size (IFR_IFR_ADDR); - family = ConvertAddr ((struct sockaddr *) &IFR_IFR_ADDR, - &len, (pointer *)&addr); -#ifdef DNETCONN - /* - * DECnet was handled up above. - */ - if (family == AF_DECnet) - continue; -#endif /* DNETCONN */ - if (family == -1 || family == FamilyLocal) - continue; -#if defined(IPv6) && defined(AF_INET6) - if (family == FamilyInternet6) - in6_fillscopeid((struct sockaddr_in6 *)&IFR_IFR_ADDR); -#endif - for (host = selfhosts; - host && !addrEqual (family, addr, len, host); - host = host->next) - ; - if (host) - continue; - MakeHost(host,len) - if (host) - { - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } -#ifdef XDMCP - { -#ifdef USE_SIOCGLIFCONF - struct sockaddr_storage broad_addr; -#else - struct sockaddr broad_addr; -#endif - - /* - * If this isn't an Internet Address, don't register it. - */ - if (family != FamilyInternet -#if defined(IPv6) && defined(AF_INET6) - && family != FamilyInternet6 -#endif - ) - continue; - - /* - * ignore 'localhost' entries as they're not useful - * on the other end of the wire - */ - if (family == FamilyInternet && - addr[0] == 127 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 1) - continue; -#if defined(IPv6) && defined(AF_INET6) - else if (family == FamilyInternet6 && - IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)) - continue; -#endif - - /* - * Ignore '0.0.0.0' entries as they are - * returned by some OSes for unconfigured NICs but they are - * not useful on the other end of the wire. - */ - if (len == 4 && - addr[0] == 0 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 0) - continue; - - XdmcpRegisterConnection (family, (char *)addr, len); - -#if defined(IPv6) && defined(AF_INET6) - /* IPv6 doesn't support broadcasting, so we drop out here */ - if (family == FamilyInternet6) - continue; -#endif - - broad_addr = IFR_IFR_ADDR; - - ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr = - htonl (INADDR_BROADCAST); -#if defined(USE_SIOCGLIFCONF) && defined(SIOCGLIFBRDADDR) - { - struct lifreq broad_req; - - broad_req = *ifr; - if (ioctl (fd, SIOCGLIFFLAGS, (char *) &broad_req) != -1 && - (broad_req.lifr_flags & IFF_BROADCAST) && - (broad_req.lifr_flags & IFF_UP) - ) - { - broad_req = *ifr; - if (ioctl (fd, SIOCGLIFBRDADDR, &broad_req) != -1) - broad_addr = broad_req.lifr_broadaddr; - else - continue; - } - else - continue; - } - -#elif defined(SIOCGIFBRDADDR) - { - struct ifreq broad_req; - - broad_req = *ifr; - if (ifioctl (fd, SIOCGIFFLAGS, (pointer) &broad_req) != -1 && - (broad_req.ifr_flags & IFF_BROADCAST) && - (broad_req.ifr_flags & IFF_UP) - ) - { - broad_req = *ifr; - if (ifioctl (fd, SIOCGIFBRDADDR, (pointer) &broad_req) != -1) - broad_addr = broad_req.ifr_addr; - else - continue; - } - else - continue; - } -#endif /* SIOCGIFBRDADDR */ - XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) &broad_addr); - } -#endif /* XDMCP */ - } - if (bufptr != buf) - free(bufptr); -#else /* HAS_GETIFADDRS */ - if (getifaddrs(&ifap) < 0) { - ErrorF("Warning: getifaddrs returns %s\n", strerror(errno)); - return; - } - for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) { - if (!ifr->ifa_addr) - continue; -#ifdef DNETCONN - if (ifr->ifa_addr.sa_family == AF_DECnet) - continue; -#endif /* DNETCONN */ - len = sizeof(*(ifr->ifa_addr)); - family = ConvertAddr(ifr->ifa_addr, &len, (pointer *)&addr); - if (family == -1 || family == FamilyLocal) - continue; -#if defined(IPv6) && defined(AF_INET6) - if (family == FamilyInternet6) - in6_fillscopeid((struct sockaddr_in6 *)ifr->ifa_addr); -#endif - - for (host = selfhosts; - host != NULL && !addrEqual(family, addr, len, host); - host = host->next) - ; - if (host != NULL) - continue; - MakeHost(host, len); - if (host != NULL) { - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; - } -#ifdef XDMCP - { - struct sockaddr broad_addr; - /* - * If this isn't an Internet Address, don't register it. - */ - if (family != FamilyInternet -#if defined(IPv6) && defined(AF_INET6) - && family != FamilyInternet6 -#endif - ) - continue; - - /* - * ignore 'localhost' entries as they're not useful - * on the other end of the wire - */ - if (ifr->ifa_flags & IFF_LOOPBACK) - continue; - - if (family == FamilyInternet && - addr[0] == 127 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 1) - continue; - - /* - * Ignore '0.0.0.0' entries as they are - * returned by some OSes for unconfigured NICs but they are - * not useful on the other end of the wire. - */ - if (len == 4 && - addr[0] == 0 && addr[1] == 0 && - addr[2] == 0 && addr[3] == 0) - continue; -#if defined(IPv6) && defined(AF_INET6) - else if (family == FamilyInternet6 && - IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)) - continue; -#endif - XdmcpRegisterConnection(family, (char *)addr, len); -#if defined(IPv6) && defined(AF_INET6) - if (family == FamilyInternet6) - /* IPv6 doesn't support broadcasting, so we drop out here */ - continue; -#endif - if ((ifr->ifa_flags & IFF_BROADCAST) && - (ifr->ifa_flags & IFF_UP) && - ifr->ifa_broadaddr) - broad_addr = *ifr->ifa_broadaddr; - else - continue; - XdmcpRegisterBroadcastAddress((struct sockaddr_in *) - &broad_addr); - } -#endif /* XDMCP */ - - } /* for */ - freeifaddrs(ifap); -#endif /* HAS_GETIFADDRS */ - - /* - * add something of FamilyLocalHost - */ - for (host = selfhosts; - host && !addrEqual(FamilyLocalHost, "", 0, host); - host = host->next); - if (!host) - { - MakeHost(host, 0); - if (host) - { - host->family = FamilyLocalHost; - host->len = 0; - acopy("", host->addr, 0); - host->next = selfhosts; - selfhosts = host; - } - } -} -#endif /* hpux && !HAS_IFREQ */ - -#ifdef XDMCP -void -AugmentSelf(pointer from, int len) -{ - int family; - pointer addr; - register HOST *host; - - family = ConvertAddr(from, &len, (pointer *)&addr); - if (family == -1 || family == FamilyLocal) - return; - for (host = selfhosts; host; host = host->next) - { - if (addrEqual(family, addr, len, host)) - return; - } - MakeHost(host,len) - if (!host) - return; - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = selfhosts; - selfhosts = host; -} -#endif - -void -AddLocalHosts (void) -{ - HOST *self; - - for (self = selfhosts; self; self = self->next) - /* Fix for XFree86 bug #156: pass addingLocal = TRUE to - * NewHost to tell that we are adding the default local - * host entries and not to flag the entries as being - * explicitely requested */ - (void) NewHost (self->family, self->addr, self->len, TRUE); -} - -/* Reset access control list to initial hosts */ -void -ResetHosts (char *display) -{ - register HOST *host; - char lhostname[120], ohostname[120]; - char *hostname = ohostname; - char fname[PATH_MAX + 1]; - int fnamelen; - FILE *fd; - char *ptr; - int i, hostlen; -#if ((defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)) && \ - (!defined(IPv6) || !defined(AF_INET6))) || defined(DNETCONN) - union { - struct sockaddr sa; -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - struct sockaddr_in in; -#endif /* TCPCONN || STREAMSCONN */ -#ifdef DNETCONN - struct sockaddr_dn dn; -#endif - } saddr; -#endif -#ifdef DNETCONN - struct nodeent *np; - struct dn_naddr dnaddr, *dnaddrp, *dnet_addr(); -#endif - int family = 0; - pointer addr; - int len; - - siTypesInitialize(); - AccessEnabled = defeatAccessControl ? FALSE : DEFAULT_ACCESS_CONTROL; - LocalHostEnabled = FALSE; - while ((host = validhosts) != 0) - { - validhosts = host->next; - FreeHost (host); - } - -#if defined WIN32 && defined __MINGW32__ -#define ETC_HOST_PREFIX "X" -#else -#define ETC_HOST_PREFIX "/etc/X" -#endif -#define ETC_HOST_SUFFIX ".hosts" - fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) + - strlen(display) + 1; - if (fnamelen > sizeof(fname)) - FatalError("Display name `%s' is too long\n", display); - snprintf(fname, sizeof(fname), ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX, - display); - - if ((fd = fopen (fname, "r")) != 0) - { - while (fgets (ohostname, sizeof (ohostname), fd)) - { - family = FamilyWild; - if (*ohostname == '#') - continue; - if ((ptr = strchr(ohostname, '\n')) != 0) - *ptr = 0; - hostlen = strlen(ohostname) + 1; - for (i = 0; i < hostlen; i++) - lhostname[i] = tolower(ohostname[i]); - hostname = ohostname; - if (!strncmp("local:", lhostname, 6)) - { - family = FamilyLocalHost; - NewHost(family, "", 0, FALSE); - LocalHostRequested = TRUE; /* Fix for XFree86 bug #156 */ - } -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - else if (!strncmp("inet:", lhostname, 5)) - { - family = FamilyInternet; - hostname = ohostname + 5; - } -#if defined(IPv6) && defined(AF_INET6) - else if (!strncmp("inet6:", lhostname, 6)) - { - family = FamilyInternet6; - hostname = ohostname + 6; - } -#endif -#endif -#ifdef DNETCONN - else if (!strncmp("dnet:", lhostname, 5)) - { - family = FamilyDECnet; - hostname = ohostname + 5; - } -#endif -#ifdef SECURE_RPC - else if (!strncmp("nis:", lhostname, 4)) - { - family = FamilyNetname; - hostname = ohostname + 4; - } -#endif - else if (!strncmp("si:", lhostname, 3)) - { - family = FamilyServerInterpreted; - hostname = ohostname + 3; - hostlen -= 3; - } - - - if (family == FamilyServerInterpreted) - { - len = siCheckAddr(hostname, hostlen); - if (len >= 0) { - NewHost(family, hostname, len, FALSE); - } - } - else -#ifdef DNETCONN - if ((family == FamilyDECnet) || ((family == FamilyWild) && - (ptr = strchr(hostname, ':')) && (*(ptr + 1) == ':') && - !(*ptr = '\0'))) /* bash trailing colons if necessary */ - { - /* node name (DECnet names end in "::") */ - dnaddrp = dnet_addr(hostname); - if (!dnaddrp && (np = getnodebyname (hostname))) - { - /* node was specified by name */ - saddr.sa.sa_family = np->n_addrtype; - len = sizeof(saddr.sa); - if (ConvertAddr (&saddr.sa, &len, (pointer *)&addr) == FamilyDECnet) - { - bzero ((char *) &dnaddr, sizeof (dnaddr)); - dnaddr.a_len = np->n_length; - acopy (np->n_addr, dnaddr.a_addr, np->n_length); - dnaddrp = &dnaddr; - } - } - if (dnaddrp) - (void) NewHost(FamilyDECnet, (pointer)dnaddrp, - (int)(dnaddrp->a_len + sizeof(dnaddrp->a_len)), FALSE); - } - else -#endif /* DNETCONN */ -#ifdef SECURE_RPC - if ((family == FamilyNetname) || (strchr(hostname, '@'))) - { - SecureRPCInit (); - (void) NewHost (FamilyNetname, hostname, strlen (hostname), FALSE); - } - else -#endif /* SECURE_RPC */ -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - { -#if defined(IPv6) && defined(AF_INET6) - if ( (family == FamilyInternet) || (family == FamilyInternet6) || - (family == FamilyWild) ) - { - struct addrinfo *addresses; - struct addrinfo *a; - int f; - - if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) { - for (a = addresses ; a != NULL ; a = a->ai_next) { - len = a->ai_addrlen; - f = ConvertAddr(a->ai_addr,&len,(pointer *)&addr); - if ( (family == f) || - ((family == FamilyWild) && (f != -1)) ) { - NewHost(f, addr, len, FALSE); - } - } - freeaddrinfo(addresses); - } - } -#else -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - register struct hostent *hp; - - /* host name */ - if ((family == FamilyInternet && - ((hp = _XGethostbyname(hostname, hparams)) != 0)) || - ((hp = _XGethostbyname(hostname, hparams)) != 0)) - { - saddr.sa.sa_family = hp->h_addrtype; - len = sizeof(saddr.sa); - if ((family = ConvertAddr (&saddr.sa, &len, (pointer *)&addr)) != -1) - { -#ifdef h_addr /* new 4.3bsd version of gethostent */ - char **list; - - /* iterate over the addresses */ - for (list = hp->h_addr_list; *list; list++) - (void) NewHost (family, (pointer)*list, len, FALSE); -#else - (void) NewHost (family, (pointer)hp->h_addr, len, FALSE); -#endif - } - } -#endif /* IPv6 */ - } -#endif /* TCPCONN || STREAMSCONN */ - family = FamilyWild; - } - fclose (fd); - } -} - -/* Is client on the local host */ -Bool LocalClient(ClientPtr client) -{ - int alen, family, notused; - Xtransaddr *from = NULL; - pointer addr; - register HOST *host; - - if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, - ¬used, &alen, &from)) - { - family = ConvertAddr ((struct sockaddr *) from, - &alen, (pointer *)&addr); - if (family == -1) - { - xfree (from); - return FALSE; - } - if (family == FamilyLocal) - { - xfree (from); - return TRUE; - } - for (host = selfhosts; host; host = host->next) - { - if (addrEqual (family, addr, alen, host)) - return TRUE; - } - xfree (from); - } - return FALSE; -} - -/* - * Return the uid and gid of a connected local client - * - * Used by XShm to test access rights to shared memory segments - */ -int -LocalClientCred(ClientPtr client, int *pUid, int *pGid) -{ - LocalClientCredRec *lcc; - int ret = GetLocalClientCreds(client, &lcc); - - if (ret == 0) { -#ifdef HAVE_GETZONEID /* only local if in the same zone */ - if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) { - FreeLocalClientCreds(lcc); - return -1; - } -#endif - if ((lcc->fieldsSet & LCC_UID_SET) && (pUid != NULL)) - *pUid = lcc->euid; - if ((lcc->fieldsSet & LCC_GID_SET) && (pGid != NULL)) - *pGid = lcc->egid; - FreeLocalClientCreds(lcc); - } - return ret; -} - -/* - * Return the uid and all gids of a connected local client - * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds - * - * Used by localuser & localgroup ServerInterpreted access control forms below - * Used by AuthAudit to log who local connections came from - */ -int -GetLocalClientCreds(ClientPtr client, LocalClientCredRec **lccp) -{ -#if defined(HAS_GETPEEREID) || defined(HAS_GETPEERUCRED) || defined(SO_PEERCRED) - int fd; - XtransConnInfo ci; - LocalClientCredRec *lcc; -#ifdef HAS_GETPEEREID - uid_t uid; - gid_t gid; -#elif defined(HAS_GETPEERUCRED) - ucred_t *peercred = NULL; - const gid_t *gids; -#elif defined(SO_PEERCRED) - struct ucred peercred; - socklen_t so_len = sizeof(peercred); -#endif - - if (client == NULL) - return -1; - ci = ((OsCommPtr)client->osPrivate)->trans_conn; -#if !(defined(sun) && defined(HAS_GETPEERUCRED)) - /* Most implementations can only determine peer credentials for Unix - * domain sockets - Solaris getpeerucred can work with a bit more, so - * we just let it tell us if the connection type is supported or not - */ - if (!_XSERVTransIsLocal(ci)) { - return -1; - } -#endif - - *lccp = Xcalloc(sizeof(LocalClientCredRec)); - if (*lccp == NULL) - return -1; - lcc = *lccp; - - fd = _XSERVTransGetConnectionNumber(ci); -#ifdef HAS_GETPEEREID - if (getpeereid(fd, &uid, &gid) == -1) { - FreeLocalClientCreds(lcc); - return -1; - } - lcc->euid = uid; - lcc->egid = gid; - lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET; - return 0; -#elif defined(HAS_GETPEERUCRED) - if (getpeerucred(fd, &peercred) < 0) { - FreeLocalClientCreds(lcc); - return -1; - } - lcc->euid = ucred_geteuid(peercred); - if (lcc->euid != -1) - lcc->fieldsSet |= LCC_UID_SET; - lcc->egid = ucred_getegid(peercred); - if (lcc->egid != -1) - lcc->fieldsSet |= LCC_GID_SET; - lcc->pid = ucred_getpid(peercred); - if (lcc->pid != -1) - lcc->fieldsSet |= LCC_PID_SET; -#ifdef HAVE_GETZONEID - lcc->zoneid = ucred_getzoneid(peercred); - if (lcc->zoneid != -1) - lcc->fieldsSet |= LCC_ZID_SET; -#endif - lcc->nSuppGids = ucred_getgroups(peercred, &gids); - if (lcc->nSuppGids > 0) { - lcc->pSuppGids = Xcalloc((lcc->nSuppGids) * sizeof(int)); - if (lcc->pSuppGids == NULL) { - lcc->nSuppGids = 0; - } else { - int i; - for (i = 0 ; i < lcc->nSuppGids; i++) { - (lcc->pSuppGids)[i] = (int) gids[i]; - } - } - } else { - lcc->nSuppGids = 0; - } - ucred_free(peercred); - return 0; -#elif defined(SO_PEERCRED) - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1) { - FreeLocalClientCreds(lcc); - return -1; - } - lcc->euid = peercred.uid; - lcc->egid = peercred.gid; - lcc->pid = peercred.pid; - lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET | LCC_PID_SET; - return 0; -#endif -#else - /* No system call available to get the credentials of the peer */ -#define NO_LOCAL_CLIENT_CRED - return -1; -#endif -} - -void -FreeLocalClientCreds(LocalClientCredRec *lcc) -{ - if (lcc != NULL) { - if (lcc->nSuppGids > 0) { - Xfree(lcc->pSuppGids); - } - Xfree(lcc); - } -} - -static int -AuthorizedClient(ClientPtr client) -{ - int rc; - - if (!client || defeatAccessControl) - return Success; - - /* untrusted clients can't change host access */ - rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess); - if (rc != Success) - return rc; - - return LocalClient(client) ? Success : BadAccess; -} - -/* Add a host to the access control list. This is the external interface - * called from the dispatcher */ - -int -AddHost (ClientPtr client, - int family, - unsigned length, /* of bytes in pAddr */ - pointer pAddr) -{ - int rc, len; - - rc = AuthorizedClient(client); - if (rc != Success) - return rc; - switch (family) { - case FamilyLocalHost: - len = length; - LocalHostEnabled = TRUE; - break; -#ifdef SECURE_RPC - case FamilyNetname: - len = length; - SecureRPCInit (); - break; -#endif - case FamilyInternet: -#if defined(IPv6) && defined(AF_INET6) - case FamilyInternet6: -#endif - case FamilyDECnet: - case FamilyChaos: - case FamilyServerInterpreted: - if ((len = CheckAddr (family, pAddr, length)) < 0) - { - client->errorValue = length; - return (BadValue); - } - break; - case FamilyLocal: - default: - client->errorValue = family; - return (BadValue); - } - if (NewHost (family, pAddr, len, FALSE)) - return Success; - return BadAlloc; -} - -Bool -ForEachHostInFamily (int family, - Bool (*func)( - unsigned char * /* addr */, - short /* len */, - pointer /* closure */), - pointer closure) -{ - HOST *host; - - for (host = validhosts; host; host = host->next) - if (family == host->family && func (host->addr, host->len, closure)) - return TRUE; - return FALSE; -} - -/* Add a host to the access control list. This is the internal interface - * called when starting or resetting the server */ -static Bool -NewHost (int family, - pointer addr, - int len, - int addingLocalHosts) -{ - register HOST *host; - - for (host = validhosts; host; host = host->next) - { - if (addrEqual (family, addr, len, host)) - return TRUE; - } - if (!addingLocalHosts) { /* Fix for XFree86 bug #156 */ - for (host = selfhosts; host; host = host->next) { - if (addrEqual (family, addr, len, host)) { - host->requested = TRUE; - break; - } - } - } - MakeHost(host,len) - if (!host) - return FALSE; - host->family = family; - host->len = len; - acopy(addr, host->addr, len); - host->next = validhosts; - validhosts = host; - return TRUE; -} - -/* Remove a host from the access control list */ - -int -RemoveHost ( - ClientPtr client, - int family, - unsigned length, /* of bytes in pAddr */ - pointer pAddr) -{ - int rc, len; - register HOST *host, **prev; - - rc = AuthorizedClient(client); - if (rc != Success) - return rc; - switch (family) { - case FamilyLocalHost: - len = length; - LocalHostEnabled = FALSE; - break; -#ifdef SECURE_RPC - case FamilyNetname: - len = length; - break; -#endif - case FamilyInternet: -#if defined(IPv6) && defined(AF_INET6) - case FamilyInternet6: -#endif - case FamilyDECnet: - case FamilyChaos: - case FamilyServerInterpreted: - if ((len = CheckAddr (family, pAddr, length)) < 0) - { - client->errorValue = length; - return(BadValue); - } - break; - case FamilyLocal: - default: - client->errorValue = family; - return(BadValue); - } - for (prev = &validhosts; - (host = *prev) && (!addrEqual (family, pAddr, len, host)); - prev = &host->next) - ; - if (host) - { - *prev = host->next; - FreeHost (host); - } - return (Success); -} - -/* Get all hosts in the access control list */ -int -GetHosts ( - pointer *data, - int *pnHosts, - int *pLen, - BOOL *pEnabled) -{ - int len; - register int n = 0; - register unsigned char *ptr; - register HOST *host; - int nHosts = 0; - - *pEnabled = AccessEnabled ? EnableAccess : DisableAccess; - for (host = validhosts; host; host = host->next) - { - nHosts++; - n += pad_to_int32(host->len) + sizeof(xHostEntry); - } - if (n) - { - *data = ptr = xalloc (n); - if (!ptr) - { - return(BadAlloc); - } - for (host = validhosts; host; host = host->next) - { - len = host->len; - ((xHostEntry *)ptr)->family = host->family; - ((xHostEntry *)ptr)->length = len; - ptr += sizeof(xHostEntry); - acopy (host->addr, ptr, len); - ptr += pad_to_int32(len); - } - } else { - *data = NULL; - } - *pnHosts = nHosts; - *pLen = n; - return(Success); -} - -/* Check for valid address family and length, and return address length. */ - -/*ARGSUSED*/ -static int -CheckAddr ( - int family, - pointer pAddr, - unsigned length) -{ - int len; - - switch (family) - { -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - case FamilyInternet: - if (length == sizeof (struct in_addr)) - len = length; - else - len = -1; - break; -#if defined(IPv6) && defined(AF_INET6) - case FamilyInternet6: - if (length == sizeof (struct in6_addr)) - len = length; - else - len = -1; - break; -#endif -#endif -#ifdef DNETCONN - case FamilyDECnet: - { - struct dn_naddr *dnaddr = (struct dn_naddr *) pAddr; - - if ((length < sizeof(dnaddr->a_len)) || - (length < dnaddr->a_len + sizeof(dnaddr->a_len))) - len = -1; - else - len = dnaddr->a_len + sizeof(dnaddr->a_len); - if (len > sizeof(struct dn_naddr)) - len = -1; - } - break; -#endif - case FamilyServerInterpreted: - len = siCheckAddr(pAddr, length); - break; - default: - len = -1; - } - return (len); -} - -/* Check if a host is not in the access control list. - * Returns 1 if host is invalid, 0 if we've found it. */ - -int -InvalidHost ( - register struct sockaddr *saddr, - int len, - ClientPtr client) -{ - int family; - pointer addr; - register HOST *selfhost, *host; - - if (!AccessEnabled) /* just let them in */ - return(0); - family = ConvertAddr (saddr, &len, (pointer *)&addr); - if (family == -1) - return 1; - if (family == FamilyLocal) - { - if (!LocalHostEnabled) - { - /* - * check to see if any local address is enabled. This - * implicitly enables local connections. - */ - for (selfhost = selfhosts; selfhost; selfhost=selfhost->next) - { - for (host = validhosts; host; host=host->next) - { - if (addrEqual (selfhost->family, selfhost->addr, - selfhost->len, host)) - return 0; - } - } - } else - return 0; - } - for (host = validhosts; host; host = host->next) - { - if ((host->family == FamilyServerInterpreted)) { - if (siAddrMatch (family, addr, len, host, client)) { - return (0); - } - } else { - if (addrEqual (family, addr, len, host)) - return (0); - } - - } - return (1); -} - -static int -ConvertAddr ( - register struct sockaddr *saddr, - int *len, - pointer *addr) -{ - if (*len == 0) - return (FamilyLocal); - switch (saddr->sa_family) - { - case AF_UNSPEC: -#if defined(UNIXCONN) || defined(LOCALCONN) - case AF_UNIX: -#endif - return FamilyLocal; -#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) - case AF_INET: -#ifdef WIN32 - if (16777343 == *(long*)&((struct sockaddr_in *) saddr)->sin_addr) - return FamilyLocal; -#endif - *len = sizeof (struct in_addr); - *addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr); - return FamilyInternet; -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: - { - struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *) saddr; - if (IN6_IS_ADDR_V4MAPPED(&(saddr6->sin6_addr))) { - *len = sizeof (struct in_addr); - *addr = (pointer) &(saddr6->sin6_addr.s6_addr[12]); - return FamilyInternet; - } else { - *len = sizeof (struct in6_addr); - *addr = (pointer) &(saddr6->sin6_addr); - return FamilyInternet6; - } - } -#endif -#endif -#ifdef DNETCONN - case AF_DECnet: - { - struct sockaddr_dn *sdn = (struct sockaddr_dn *) saddr; - *len = sdn->sdn_nodeaddrl + sizeof(sdn->sdn_nodeaddrl); - *addr = (pointer) &(sdn->sdn_add); - } - return FamilyDECnet; -#endif -#ifdef CHAOSCONN - case AF_CHAOS: - { - not implemented - } - return FamilyChaos; -#endif - default: - return -1; - } -} - -int -ChangeAccessControl( - ClientPtr client, - int fEnabled) -{ - int rc = AuthorizedClient(client); - if (rc != Success) - return rc; - AccessEnabled = fEnabled; - return Success; -} - -/* returns FALSE if xhost + in effect, else TRUE */ -int -GetAccessControl(void) -{ - return AccessEnabled; -} - -/***************************************************************************** - * FamilyServerInterpreted host entry implementation - * - * Supports an extensible system of host types which the server can interpret - * See the IPv6 extensions to the X11 protocol spec for the definition. - * - * Currently supported schemes: - * - * hostname - hostname as defined in IETF RFC 2396 - * ipv6 - IPv6 literal address as defined in IETF RFC's 3513 and - * - * See xc/doc/specs/SIAddresses for formal definitions of each type. - */ - -/* These definitions and the siTypeAdd function could be exported in the - * future to enable loading additional host types, but that was not done for - * the initial implementation. - */ -typedef Bool (*siAddrMatchFunc)(int family, pointer addr, int len, - const char *siAddr, int siAddrlen, ClientPtr client, void *siTypePriv); -typedef int (*siCheckAddrFunc)(const char *addrString, int length, - void *siTypePriv); - -struct siType { - struct siType * next; - const char * typeName; - siAddrMatchFunc addrMatch; - siCheckAddrFunc checkAddr; - void * typePriv; /* Private data for type routines */ -}; - -static struct siType *siTypeList; - -static int -siTypeAdd(const char *typeName, siAddrMatchFunc addrMatch, - siCheckAddrFunc checkAddr, void *typePriv) -{ - struct siType *s, *p; - - if ((typeName == NULL) || (addrMatch == NULL) || (checkAddr == NULL)) - return BadValue; - - for (s = siTypeList, p = NULL; s != NULL ; p = s, s = s->next) { - if (strcmp(typeName, s->typeName) == 0) { - s->addrMatch = addrMatch; - s->checkAddr = checkAddr; - s->typePriv = typePriv; - return Success; - } - } - - s = xalloc(sizeof(struct siType)); - if (s == NULL) - return BadAlloc; - - if (p == NULL) - siTypeList = s; - else - p->next = s; - - s->next = NULL; - s->typeName = typeName; - s->addrMatch = addrMatch; - s->checkAddr = checkAddr; - s->typePriv = typePriv; - return Success; -} - -/* Checks to see if a host matches a server-interpreted host entry */ -static Bool -siAddrMatch(int family, pointer addr, int len, HOST *host, ClientPtr client) -{ - Bool matches = FALSE; - struct siType *s; - const char *valueString; - int addrlen; - - valueString = (const char *) memchr(host->addr, '\0', host->len); - if (valueString != NULL) { - for (s = siTypeList; s != NULL ; s = s->next) { - if (strcmp((char *) host->addr, s->typeName) == 0) { - addrlen = host->len - (strlen((char *)host->addr) + 1); - matches = s->addrMatch(family, addr, len, - valueString + 1, addrlen, client, s->typePriv); - break; - } - } -#ifdef FAMILY_SI_DEBUG - ErrorF( - "Xserver: siAddrMatch(): type = %s, value = %*.*s -- %s\n", - host->addr, addrlen, addrlen, valueString + 1, - (matches) ? "accepted" : "rejected"); -#endif - } - return matches; -} - -static int -siCheckAddr(const char *addrString, int length) -{ - const char *valueString; - int addrlen, typelen; - int len = -1; - struct siType *s; - - /* Make sure there is a \0 byte inside the specified length - to separate the address type from the address value. */ - valueString = (const char *) memchr(addrString, '\0', length); - if (valueString != NULL) { - /* Make sure the first string is a recognized address type, - * and the second string is a valid address of that type. - */ - typelen = strlen(addrString) + 1; - addrlen = length - typelen; - - for (s = siTypeList; s != NULL ; s = s->next) { - if (strcmp(addrString, s->typeName) == 0) { - len = s->checkAddr(valueString + 1, addrlen, s->typePriv); - if (len >= 0) { - len += typelen; - } - break; - } - } -#ifdef FAMILY_SI_DEBUG - { - const char *resultMsg; - - if (s == NULL) { - resultMsg = "type not registered"; - } else { - if (len == -1) - resultMsg = "rejected"; - else - resultMsg = "accepted"; - } - - ErrorF("Xserver: siCheckAddr(): type = %s, value = %*.*s, len = %d -- %s\n", - addrString, addrlen, addrlen, valueString + 1, len, resultMsg); - } -#endif - } - return len; -} - - -/*** - * Hostname server-interpreted host type - * - * Stored as hostname string, explicitly defined to be resolved ONLY - * at access check time, to allow for hosts with dynamic addresses - * but static hostnames, such as found in some DHCP & mobile setups. - * - * Hostname must conform to IETF RFC 2396 sec. 3.2.2, which defines it as: - * hostname = *( domainlabel "." ) toplabel [ "." ] - * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum - * toplabel = alpha | alpha *( alphanum | "-" ) alphanum - */ - -#ifdef NI_MAXHOST -# define SI_HOSTNAME_MAXLEN NI_MAXHOST -#else -# ifdef MAXHOSTNAMELEN -# define SI_HOSTNAME_MAXLEN MAXHOSTNAMELEN -# else -# define SI_HOSTNAME_MAXLEN 256 -# endif -#endif - -static Bool -siHostnameAddrMatch(int family, pointer addr, int len, - const char *siAddr, int siAddrLen, ClientPtr client, void *typePriv) -{ - Bool res = FALSE; - -/* Currently only supports checking against IPv4 & IPv6 connections, but - * support for other address families, such as DECnet, could be added if - * desired. - */ -#if defined(IPv6) && defined(AF_INET6) - if ((family == FamilyInternet) || (family == FamilyInternet6)) { - char hostname[SI_HOSTNAME_MAXLEN]; - struct addrinfo *addresses; - struct addrinfo *a; - int f, hostaddrlen; - pointer hostaddr; - - if (siAddrLen >= sizeof(hostname)) - return FALSE; - - strncpy(hostname, siAddr, siAddrLen); - hostname[siAddrLen] = '\0'; - - if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) { - for (a = addresses ; a != NULL ; a = a->ai_next) { - hostaddrlen = a->ai_addrlen; - f = ConvertAddr(a->ai_addr,&hostaddrlen,&hostaddr); - if ((f == family) && (len == hostaddrlen) && - (acmp (addr, hostaddr, len) == 0) ) { - res = TRUE; - break; - } - } - freeaddrinfo(addresses); - } - } -#else /* IPv6 not supported, use gethostbyname instead for IPv4 */ - if (family == FamilyInternet) { - register struct hostent *hp; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - char hostname[SI_HOSTNAME_MAXLEN]; - int f, hostaddrlen; - pointer hostaddr; - const char **addrlist; - - if (siAddrLen >= sizeof(hostname)) - return FALSE; - - strncpy(hostname, siAddr, siAddrLen); - hostname[siAddrLen] = '\0'; - - if ((hp = _XGethostbyname(hostname, hparams)) != NULL) { -#ifdef h_addr /* new 4.3bsd version of gethostent */ - /* iterate over the addresses */ - for (addrlist = hp->h_addr_list; *addrlist; addrlist++) -#else - addrlist = &hp->h_addr; -#endif - { - struct sockaddr_in sin; - - sin.sin_family = hp->h_addrtype; - acopy ( *addrlist, &(sin.sin_addr), hp->h_length); - hostaddrlen = sizeof(sin); - f = ConvertAddr ((struct sockaddr *)&sin, - &hostaddrlen, &hostaddr); - if ((f == family) && (len == hostaddrlen) && - (acmp (addr, hostaddr, len) == 0) ) { - res = TRUE; - break; - } - } - } - } -#endif - return res; -} - - -static int -siHostnameCheckAddr(const char *valueString, int length, void *typePriv) -{ - /* Check conformance of hostname to RFC 2396 sec. 3.2.2 definition. - * We do not use ctype functions here to avoid locale-specific - * character sets. Hostnames must be pure ASCII. - */ - int len = length; - int i; - Bool dotAllowed = FALSE; - Bool dashAllowed = FALSE; - - if ((length <= 0) || (length >= SI_HOSTNAME_MAXLEN)) { - len = -1; - } else { - for (i = 0; i < length; i++) { - char c = valueString[i]; - - if (c == 0x2E) { /* '.' */ - if (dotAllowed == FALSE) { - len = -1; - break; - } else { - dotAllowed = FALSE; - dashAllowed = FALSE; - } - } else if (c == 0x2D) { /* '-' */ - if (dashAllowed == FALSE) { - len = -1; - break; - } else { - dotAllowed = FALSE; - } - } else if (((c >= 0x30) && (c <= 0x3A)) /* 0-9 */ || - ((c >= 0x61) && (c <= 0x7A)) /* a-z */ || - ((c >= 0x41) && (c <= 0x5A)) /* A-Z */) { - dotAllowed = TRUE; - dashAllowed = TRUE; - } else { /* Invalid character */ - len = -1; - break; - } - } - } - return len; -} - -#if defined(IPv6) && defined(AF_INET6) -/*** - * "ipv6" server interpreted type - * - * Currently supports only IPv6 literal address as specified in IETF RFC 3513 - * - * Once draft-ietf-ipv6-scoping-arch-00.txt becomes an RFC, support will be - * added for the scoped address format it specifies. - */ - -/* Maximum length of an IPv6 address string - increase when adding support - * for scoped address qualifiers. Includes room for trailing NUL byte. - */ -#define SI_IPv6_MAXLEN INET6_ADDRSTRLEN - -static Bool -siIPv6AddrMatch(int family, pointer addr, int len, - const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv) -{ - struct in6_addr addr6; - char addrbuf[SI_IPv6_MAXLEN]; - - if ((family != FamilyInternet6) || (len != sizeof(addr6))) - return FALSE; - - memcpy(addrbuf, siAddr, siAddrlen); - addrbuf[siAddrlen] = '\0'; - - if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) { - perror("inet_pton"); - return FALSE; - } - - if (memcmp(addr, &addr6, len) == 0) { - return TRUE; - } else { - return FALSE; - } -} - -static int -siIPv6CheckAddr(const char *addrString, int length, void *typePriv) -{ - int len; - - /* Minimum length is 3 (smallest legal address is "::1") */ - if (length < 3) { - /* Address is too short! */ - len = -1; - } else if (length >= SI_IPv6_MAXLEN) { - /* Address is too long! */ - len = -1; - } else { - /* Assume inet_pton is sufficient validation */ - struct in6_addr addr6; - char addrbuf[SI_IPv6_MAXLEN]; - - memcpy(addrbuf, addrString, length); - addrbuf[length] = '\0'; - - if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) { - perror("inet_pton"); - len = -1; - } else { - len = length; - } - } - return len; -} -#endif /* IPv6 */ - -#if !defined(NO_LOCAL_CLIENT_CRED) -/*** - * "localuser" & "localgroup" server interpreted types - * - * Allows local connections from a given local user or group - */ - -#include -#include - -#define LOCAL_USER 1 -#define LOCAL_GROUP 2 - -typedef struct { - int credType; -} siLocalCredPrivRec, *siLocalCredPrivPtr; - -static siLocalCredPrivRec siLocalUserPriv = { LOCAL_USER }; -static siLocalCredPrivRec siLocalGroupPriv = { LOCAL_GROUP }; - -static Bool -siLocalCredGetId(const char *addr, int len, siLocalCredPrivPtr lcPriv, int *id) -{ - Bool parsedOK = FALSE; - char *addrbuf = xalloc(len + 1); - - if (addrbuf == NULL) { - return FALSE; - } - - memcpy(addrbuf, addr, len); - addrbuf[len] = '\0'; - - if (addr[0] == '#') { /* numeric id */ - char *cp; - errno = 0; - *id = strtol(addrbuf + 1, &cp, 0); - if ((errno == 0) && (cp != (addrbuf+1))) { - parsedOK = TRUE; - } - } else { /* non-numeric name */ - if (lcPriv->credType == LOCAL_USER) { - struct passwd *pw = getpwnam(addrbuf); - - if (pw != NULL) { - *id = (int) pw->pw_uid; - parsedOK = TRUE; - } - } else { /* group */ - struct group *gr = getgrnam(addrbuf); - - if (gr != NULL) { - *id = (int) gr->gr_gid; - parsedOK = TRUE; - } - } - } - - xfree(addrbuf); - return parsedOK; -} - -static Bool -siLocalCredAddrMatch(int family, pointer addr, int len, - const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv) -{ - int siAddrId; - LocalClientCredRec *lcc; - siLocalCredPrivPtr lcPriv = (siLocalCredPrivPtr) typePriv; - - if (GetLocalClientCreds(client, &lcc) == -1) { - return FALSE; - } - -#ifdef HAVE_GETZONEID /* Ensure process is in the same zone */ - if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) { - FreeLocalClientCreds(lcc); - return FALSE; - } -#endif - - if (siLocalCredGetId(siAddr, siAddrlen, lcPriv, &siAddrId) == FALSE) { - FreeLocalClientCreds(lcc); - return FALSE; - } - - if (lcPriv->credType == LOCAL_USER) { - if ((lcc->fieldsSet & LCC_UID_SET) && (lcc->euid == siAddrId)) { - FreeLocalClientCreds(lcc); - return TRUE; - } - } else { - if ((lcc->fieldsSet & LCC_GID_SET) && (lcc->egid == siAddrId)) { - FreeLocalClientCreds(lcc); - return TRUE; - } - if (lcc->pSuppGids != NULL) { - int i; - - for (i = 0 ; i < lcc->nSuppGids; i++) { - if (lcc->pSuppGids[i] == siAddrId) { - FreeLocalClientCreds(lcc); - return TRUE; - } - } - } - } - FreeLocalClientCreds(lcc); - return FALSE; -} - -static int -siLocalCredCheckAddr(const char *addrString, int length, void *typePriv) -{ - int len = length; - int id; - - if (siLocalCredGetId(addrString, length, - (siLocalCredPrivPtr)typePriv, &id) == FALSE) { - len = -1; - } - return len; -} -#endif /* localuser */ - -static void -siTypesInitialize(void) -{ - siTypeAdd("hostname", siHostnameAddrMatch, siHostnameCheckAddr, NULL); -#if defined(IPv6) && defined(AF_INET6) - siTypeAdd("ipv6", siIPv6AddrMatch, siIPv6CheckAddr, NULL); -#endif -#if !defined(NO_LOCAL_CLIENT_CRED) - siTypeAdd("localuser", siLocalCredAddrMatch, siLocalCredCheckAddr, - &siLocalUserPriv); - siTypeAdd("localgroup", siLocalCredAddrMatch, siLocalCredCheckAddr, - &siLocalGroupPriv); -#endif -} +/*********************************************************** + +Copyright 1987, 1998 The Open Group + +All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, and/or sell copies of the Software, and to permit persons +to whom the Software is furnished to do so, provided that the above +copyright notice(s) and this permission notice appear in all copies of +the Software and that both the above copyright notice(s) and this +permission notice appear in supporting documentation. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT +OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR +HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL +INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING +FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +Except as contained in this notice, the name of a copyright holder +shall not be used in advertising or otherwise to promote the sale, use +or other dealings in this Software without prior written authorization +of the copyright holder. + +X Window System is a trademark of The Open Group. + +Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts. + + All Rights Reserved + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the above copyright notice appear in all copies and that +both that copyright notice and this permission notice appear in +supporting documentation, and that the name of Digital not be +used in advertising or publicity pertaining to distribution of the +software without specific, written prior permission. + +DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING +ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL +DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR +ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +SOFTWARE. + +******************************************************************/ + +/* + * Copyright © 2004 Sun Microsystems, Inc. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +#ifdef WIN32 +#include +#endif + +#include +#include +#define XSERV_t +#define TRANS_SERVER +#define TRANS_REOPEN +#include +#include +#include +#include +#include "misc.h" +#include "site.h" +#include +#include +#ifndef WIN32 +#include +#include +#include + +#if defined(TCPCONN) || defined(STREAMSCONN) || defined(__SCO__) +#include +#endif /* TCPCONN || STREAMSCONN || ISC || __SCO__ */ +#ifdef DNETCONN +#include +#include +#endif + +#ifdef HAS_GETPEERUCRED +# include +# ifdef sun +# include +# endif +#endif + +#if defined(SVR4) || (defined(SYSV) && defined(__i386__)) || defined(__GNU__) +# include +#endif +#if defined(SYSV) && defined(__i386__) +# include +#endif +#ifdef __GNU__ +#undef SIOCGIFCONF +#include +#else /*!__GNU__*/ +# include +#endif /*__GNU__ */ + +#ifdef SVR4 +#include +#include +#endif + +#include + +#ifdef CSRG_BASED +#include +#if (BSD >= 199103) +#define VARIABLE_IFREQ +#endif +#endif + +#ifdef BSD44SOCKETS +#ifndef VARIABLE_IFREQ +#define VARIABLE_IFREQ +#endif +#endif + +#ifdef HAS_GETIFADDRS +#include +#endif + +/* Solaris provides an extended interface SIOCGLIFCONF. Other systems + * may have this as well, but the code has only been tested on Solaris + * so far, so we only enable it there. Other platforms may be added as + * needed. + * + * Test for Solaris commented out -- TSI @ UQV 2003.06.13 + */ +#ifdef SIOCGLIFCONF +/* #if defined(sun) */ +#define USE_SIOCGLIFCONF +/* #endif */ +#endif + +#endif /* WIN32 */ + +#ifndef PATH_MAX +#include +#ifndef PATH_MAX +#ifdef MAXPATHLEN +#define PATH_MAX MAXPATHLEN +#else +#define PATH_MAX 1024 +#endif +#endif +#endif + +#ifdef __SCO__ +/* The system defined value is wrong. MAXPATHLEN is set in sco5.cf. */ +#undef PATH_MAX +#endif + +#define X_INCLUDE_NETDB_H +#include + +#include "dixstruct.h" +#include "osdep.h" + +#include "xace.h" + +#ifndef PATH_MAX +#ifdef MAXPATHLEN +#define PATH_MAX MAXPATHLEN +#else +#define PATH_MAX 1024 +#endif +#endif + +Bool defeatAccessControl = FALSE; + +#define acmp(a1, a2, len) memcmp((char *)(a1), (char *)(a2), len) +#define acopy(a1, a2, len) memmove((char *)(a2), (char *)(a1), len) +#define addrEqual(fam, address, length, host) \ + ((fam) == (host)->family &&\ + (length) == (host)->len &&\ + !acmp (address, (host)->addr, length)) + +static int ConvertAddr(struct sockaddr * /*saddr*/, + int * /*len*/, + pointer * /*addr*/); + +static int CheckAddr(int /*family*/, + const void * /*pAddr*/, + unsigned /*length*/); + +static Bool NewHost(int /*family*/, + const void * /*addr*/, + int /*len*/, + int /* addingLocalHosts */); + +/* XFree86 bug #156: To keep track of which hosts were explicitly requested in + /etc/X.hosts, we've added a requested field to the HOST struct, + and a LocalHostRequested variable. These default to FALSE, but are set + to TRUE in ResetHosts when reading in /etc/X.hosts. They are + checked in DisableLocalHost(), which is called to disable the default + local host entries when stronger authentication is turned on. */ + +typedef struct _host { + short family; + short len; + unsigned char *addr; + struct _host *next; + int requested; +} HOST; + +#define MakeHost(h,l) (h)=xalloc(sizeof *(h)+(l));\ + if (h) { \ + (h)->addr=(unsigned char *) ((h) + 1);\ + (h)->requested = FALSE; \ + } +#define FreeHost(h) xfree(h) +static HOST *selfhosts = NULL; +static HOST *validhosts = NULL; +static int AccessEnabled = DEFAULT_ACCESS_CONTROL; +static int LocalHostEnabled = FALSE; +static int LocalHostRequested = FALSE; +static int UsingXdmcp = FALSE; + +/* FamilyServerInterpreted implementation */ +static Bool siAddrMatch(int family, pointer addr, int len, HOST *host, + ClientPtr client); +static int siCheckAddr(const char *addrString, int length); +static void siTypesInitialize(void); + +/* + * called when authorization is not enabled to add the + * local host to the access list + */ + +void +EnableLocalHost (void) +{ + if (!UsingXdmcp) + { + LocalHostEnabled = TRUE; + AddLocalHosts (); + } +} + +/* + * called when authorization is enabled to keep us secure + */ +void +DisableLocalHost (void) +{ + HOST *self; + + if (!LocalHostRequested) /* Fix for XFree86 bug #156 */ + LocalHostEnabled = FALSE; + for (self = selfhosts; self; self = self->next) { + if (!self->requested) /* Fix for XFree86 bug #156 */ + (void) RemoveHost ((ClientPtr)NULL, self->family, self->len, (pointer)self->addr); + } +} + +/* + * called at init time when XDMCP will be used; xdmcp always + * adds local hosts manually when needed + */ + +void +AccessUsingXdmcp (void) +{ + UsingXdmcp = TRUE; + LocalHostEnabled = FALSE; +} + + +#if defined(SVR4) && !defined(SCO325) && !defined(sun) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF) + +/* Deal with different SIOCGIFCONF ioctl semantics on these OSs */ + +static int +ifioctl (int fd, int cmd, char *arg) +{ + struct strioctl ioc; + int ret; + + bzero((char *) &ioc, sizeof(ioc)); + ioc.ic_cmd = cmd; + ioc.ic_timout = 0; + if (cmd == SIOCGIFCONF) + { + ioc.ic_len = ((struct ifconf *) arg)->ifc_len; + ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf; + } + else + { + ioc.ic_len = sizeof(struct ifreq); + ioc.ic_dp = arg; + } + ret = ioctl(fd, I_STR, (char *) &ioc); + if (ret >= 0 && cmd == SIOCGIFCONF) +#ifdef SVR4 + ((struct ifconf *) arg)->ifc_len = ioc.ic_len; +#endif + return(ret); +} +#else /* Case sun, SCO325 and others */ +#define ifioctl ioctl +#endif /* ((SVR4 && !sun !SCO325) || ISC) && SIOCGIFCONF */ + +/* + * DefineSelf (fd): + * + * Define this host for access control. Find all the hosts the OS knows about + * for this fd and add them to the selfhosts list. + */ + +#if !defined(SIOCGIFCONF) +void +DefineSelf (int fd) +{ +#if !defined(TCPCONN) && !defined(STREAMSCONN) && !defined(UNIXCONN) && !defined(MNX_TCPCONN) + return; +#else + register int n; + int len; + caddr_t addr; + int family; + register HOST *host; + +#ifndef WIN32 + struct utsname name; +#else + struct { + char nodename[512]; + } name; +#endif + + register struct hostent *hp; + + union { + struct sockaddr sa; + struct sockaddr_in in; +#if defined(IPv6) && defined(AF_INET6) + struct sockaddr_in6 in6; +#endif + } saddr; + + struct sockaddr_in *inetaddr; + struct sockaddr_in6 *inet6addr; + struct sockaddr_in broad_addr; +#ifdef XTHREADS_NEEDS_BYNAMEPARAMS + _Xgethostbynameparams hparams; +#endif + + /* Why not use gethostname()? Well, at least on my system, I've had to + * make an ugly kernel patch to get a name longer than 8 characters, and + * uname() lets me access to the whole string (it smashes release, you + * see), whereas gethostname() kindly truncates it for me. + */ +#ifndef WIN32 + uname(&name); +#else + gethostname(name.nodename, sizeof(name.nodename)); +#endif + + hp = _XGethostbyname(name.nodename, hparams); + if (hp != NULL) + { + saddr.sa.sa_family = hp->h_addrtype; + switch (hp->h_addrtype) { + case AF_INET: + inetaddr = (struct sockaddr_in *) (&(saddr.sa)); + acopy ( hp->h_addr, &(inetaddr->sin_addr), hp->h_length); + len = sizeof(saddr.sa); + break; +#if defined(IPv6) && defined(AF_INET6) + case AF_INET6: + inet6addr = (struct sockaddr_in6 *) (&(saddr.sa)); + acopy ( hp->h_addr, &(inet6addr->sin6_addr), hp->h_length); + len = sizeof(saddr.in6); + break; +#endif + default: + goto DefineLocalHost; + } + family = ConvertAddr ( &(saddr.sa), &len, (pointer *)&addr); + if ( family != -1 && family != FamilyLocal ) + { + for (host = selfhosts; + host && !addrEqual (family, addr, len, host); + host = host->next) ; + if (!host) + { + /* add this host to the host list. */ + MakeHost(host,len) + if (host) + { + host->family = family; + host->len = len; + acopy ( addr, host->addr, len); + host->next = selfhosts; + selfhosts = host; + } +#ifdef XDMCP + /* + * If this is an Internet Address, but not the localhost + * address (127.0.0.1), nor the bogus address (0.0.0.0), + * register it. + */ + if (family == FamilyInternet && + !(len == 4 && + ((addr[0] == 127) || + (addr[0] == 0 && addr[1] == 0 && + addr[2] == 0 && addr[3] == 0))) + ) + { + XdmcpRegisterConnection (family, (char *)addr, len); + broad_addr = *inetaddr; + ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr = + htonl (INADDR_BROADCAST); + XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) + &broad_addr); + } +#if defined(IPv6) && defined(AF_INET6) + else if (family == FamilyInternet6 && + !(IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr))) + { + XdmcpRegisterConnection (family, (char *)addr, len); + } +#endif + +#endif /* XDMCP */ + } + } + } + /* + * now add a host of family FamilyLocalHost... + */ +DefineLocalHost: + for (host = selfhosts; + host && !addrEqual(FamilyLocalHost, "", 0, host); + host = host->next); + if (!host) + { + MakeHost(host, 0); + if (host) + { + host->family = FamilyLocalHost; + host->len = 0; + acopy("", host->addr, 0); + host->next = selfhosts; + selfhosts = host; + } + } +#endif /* !TCPCONN && !STREAMSCONN && !UNIXCONN && !MNX_TCPCONN */ +} + +#else + +#ifdef USE_SIOCGLIFCONF +#define ifr_type struct lifreq +#else +#define ifr_type struct ifreq +#endif + +#ifdef VARIABLE_IFREQ +#define ifr_size(p) (sizeof (struct ifreq) + \ + (p->ifr_addr.sa_len > sizeof (p->ifr_addr) ? \ + p->ifr_addr.sa_len - sizeof (p->ifr_addr) : 0)) +#define ifraddr_size(a) (a.sa_len) +#else +#define ifr_size(p) (sizeof (ifr_type)) +#define ifraddr_size(a) (sizeof (a)) +#endif + +#if defined(IPv6) && defined(AF_INET6) +#include +#endif + +#if defined(IPv6) && defined(AF_INET6) +static void +in6_fillscopeid(struct sockaddr_in6 *sin6) +{ +#if defined(__KAME__) + if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { + sin6->sin6_scope_id = + ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); + sin6->sin6_addr.s6_addr[2] = sin6->sin6_addr.s6_addr[3] = 0; + } +#endif +} +#endif + +void +DefineSelf (int fd) +{ +#ifndef HAS_GETIFADDRS + char *cp, *cplim; +# ifdef USE_SIOCGLIFCONF + struct sockaddr_storage buf[16]; + struct lifconf ifc; + register struct lifreq *ifr; +# ifdef SIOCGLIFNUM + struct lifnum ifn; +# endif +# else /* !USE_SIOCGLIFCONF */ + char buf[2048]; + struct ifconf ifc; + register struct ifreq *ifr; +# endif + void * bufptr = buf; +#else /* HAS_GETIFADDRS */ + struct ifaddrs * ifap, *ifr; +#endif + int len; + unsigned char * addr; + int family; + register HOST *host; + +#ifdef DNETCONN + struct dn_naddr *dnaddr = getnodeadd(); + /* + * AF_DECnet may not be listed in the interface list. Instead use + * the supported library call to find out the local address (if any). + */ + if (dnaddr) + { + addr = (unsigned char *) dnaddr; + len = dnaddr->a_len + sizeof(dnaddr->a_len); + family = FamilyDECnet; + for (host = selfhosts; + host && !addrEqual (family, addr, len, host); + host = host->next) + ; + if (!host) + { + MakeHost(host,len) + if (host) + { + host->family = family; + host->len = len; + acopy(addr, host->addr, len); + host->next = selfhosts; + selfhosts = host; + } + } + } +#endif /* DNETCONN */ +#ifndef HAS_GETIFADDRS + + len = sizeof(buf); + +#ifdef USE_SIOCGLIFCONF + +#ifdef SIOCGLIFNUM + ifn.lifn_family = AF_UNSPEC; + ifn.lifn_flags = 0; + if (ioctl (fd, SIOCGLIFNUM, (char *) &ifn) < 0) + Error ("Getting interface count"); + if (len < (ifn.lifn_count * sizeof(struct lifreq))) { + len = ifn.lifn_count * sizeof(struct lifreq); + bufptr = xalloc(len); + } +#endif + + ifc.lifc_family = AF_UNSPEC; + ifc.lifc_flags = 0; + ifc.lifc_len = len; + ifc.lifc_buf = bufptr; + +#define IFC_IOCTL_REQ SIOCGLIFCONF +#define IFC_IFC_REQ ifc.lifc_req +#define IFC_IFC_LEN ifc.lifc_len +#define IFR_IFR_ADDR ifr->lifr_addr +#define IFR_IFR_NAME ifr->lifr_name + +#else /* Use SIOCGIFCONF */ + ifc.ifc_len = len; + ifc.ifc_buf = bufptr; + +#define IFC_IOCTL_REQ SIOCGIFCONF +#define IFC_IFC_REQ ifc.ifc_req +#define IFC_IFC_LEN ifc.ifc_len +#define IFR_IFR_ADDR ifr->ifr_addr +#define IFR_IFR_NAME ifr->ifr_name +#endif + + if (ifioctl (fd, IFC_IOCTL_REQ, (pointer) &ifc) < 0) + Error ("Getting interface configuration (4)"); + + cplim = (char *) IFC_IFC_REQ + IFC_IFC_LEN; + + for (cp = (char *) IFC_IFC_REQ; cp < cplim; cp += ifr_size (ifr)) + { + ifr = (ifr_type *) cp; + len = ifraddr_size (IFR_IFR_ADDR); + family = ConvertAddr ((struct sockaddr *) &IFR_IFR_ADDR, + &len, (pointer *)&addr); +#ifdef DNETCONN + /* + * DECnet was handled up above. + */ + if (family == AF_DECnet) + continue; +#endif /* DNETCONN */ + if (family == -1 || family == FamilyLocal) + continue; +#if defined(IPv6) && defined(AF_INET6) + if (family == FamilyInternet6) + in6_fillscopeid((struct sockaddr_in6 *)&IFR_IFR_ADDR); +#endif + for (host = selfhosts; + host && !addrEqual (family, addr, len, host); + host = host->next) + ; + if (host) + continue; + MakeHost(host,len) + if (host) + { + host->family = family; + host->len = len; + acopy(addr, host->addr, len); + host->next = selfhosts; + selfhosts = host; + } +#ifdef XDMCP + { +#ifdef USE_SIOCGLIFCONF + struct sockaddr_storage broad_addr; +#else + struct sockaddr broad_addr; +#endif + + /* + * If this isn't an Internet Address, don't register it. + */ + if (family != FamilyInternet +#if defined(IPv6) && defined(AF_INET6) + && family != FamilyInternet6 +#endif + ) + continue; + + /* + * ignore 'localhost' entries as they're not useful + * on the other end of the wire + */ + if (family == FamilyInternet && + addr[0] == 127 && addr[1] == 0 && + addr[2] == 0 && addr[3] == 1) + continue; +#if defined(IPv6) && defined(AF_INET6) + else if (family == FamilyInternet6 && + IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)) + continue; +#endif + + /* + * Ignore '0.0.0.0' entries as they are + * returned by some OSes for unconfigured NICs but they are + * not useful on the other end of the wire. + */ + if (len == 4 && + addr[0] == 0 && addr[1] == 0 && + addr[2] == 0 && addr[3] == 0) + continue; + + XdmcpRegisterConnection (family, (char *)addr, len); + +#if defined(IPv6) && defined(AF_INET6) + /* IPv6 doesn't support broadcasting, so we drop out here */ + if (family == FamilyInternet6) + continue; +#endif + + broad_addr = IFR_IFR_ADDR; + + ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr = + htonl (INADDR_BROADCAST); +#if defined(USE_SIOCGLIFCONF) && defined(SIOCGLIFBRDADDR) + { + struct lifreq broad_req; + + broad_req = *ifr; + if (ioctl (fd, SIOCGLIFFLAGS, (char *) &broad_req) != -1 && + (broad_req.lifr_flags & IFF_BROADCAST) && + (broad_req.lifr_flags & IFF_UP) + ) + { + broad_req = *ifr; + if (ioctl (fd, SIOCGLIFBRDADDR, &broad_req) != -1) + broad_addr = broad_req.lifr_broadaddr; + else + continue; + } + else + continue; + } + +#elif defined(SIOCGIFBRDADDR) + { + struct ifreq broad_req; + + broad_req = *ifr; + if (ifioctl (fd, SIOCGIFFLAGS, (pointer) &broad_req) != -1 && + (broad_req.ifr_flags & IFF_BROADCAST) && + (broad_req.ifr_flags & IFF_UP) + ) + { + broad_req = *ifr; + if (ifioctl (fd, SIOCGIFBRDADDR, (pointer) &broad_req) != -1) + broad_addr = broad_req.ifr_addr; + else + continue; + } + else + continue; + } +#endif /* SIOCGIFBRDADDR */ + XdmcpRegisterBroadcastAddress ((struct sockaddr_in *) &broad_addr); + } +#endif /* XDMCP */ + } + if (bufptr != buf) + free(bufptr); +#else /* HAS_GETIFADDRS */ + if (getifaddrs(&ifap) < 0) { + ErrorF("Warning: getifaddrs returns %s\n", strerror(errno)); + return; + } + for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) { + if (!ifr->ifa_addr) + continue; +#ifdef DNETCONN + if (ifr->ifa_addr.sa_family == AF_DECnet) + continue; +#endif /* DNETCONN */ + len = sizeof(*(ifr->ifa_addr)); + family = ConvertAddr(ifr->ifa_addr, &len, (pointer *)&addr); + if (family == -1 || family == FamilyLocal) + continue; +#if defined(IPv6) && defined(AF_INET6) + if (family == FamilyInternet6) + in6_fillscopeid((struct sockaddr_in6 *)ifr->ifa_addr); +#endif + + for (host = selfhosts; + host != NULL && !addrEqual(family, addr, len, host); + host = host->next) + ; + if (host != NULL) + continue; + MakeHost(host, len); + if (host != NULL) { + host->family = family; + host->len = len; + acopy(addr, host->addr, len); + host->next = selfhosts; + selfhosts = host; + } +#ifdef XDMCP + { + struct sockaddr broad_addr; + /* + * If this isn't an Internet Address, don't register it. + */ + if (family != FamilyInternet +#if defined(IPv6) && defined(AF_INET6) + && family != FamilyInternet6 +#endif + ) + continue; + + /* + * ignore 'localhost' entries as they're not useful + * on the other end of the wire + */ + if (ifr->ifa_flags & IFF_LOOPBACK) + continue; + + if (family == FamilyInternet && + addr[0] == 127 && addr[1] == 0 && + addr[2] == 0 && addr[3] == 1) + continue; + + /* + * Ignore '0.0.0.0' entries as they are + * returned by some OSes for unconfigured NICs but they are + * not useful on the other end of the wire. + */ + if (len == 4 && + addr[0] == 0 && addr[1] == 0 && + addr[2] == 0 && addr[3] == 0) + continue; +#if defined(IPv6) && defined(AF_INET6) + else if (family == FamilyInternet6 && + IN6_IS_ADDR_LOOPBACK((struct in6_addr *)addr)) + continue; +#endif + XdmcpRegisterConnection(family, (char *)addr, len); +#if defined(IPv6) && defined(AF_INET6) + if (family == FamilyInternet6) + /* IPv6 doesn't support broadcasting, so we drop out here */ + continue; +#endif + if ((ifr->ifa_flags & IFF_BROADCAST) && + (ifr->ifa_flags & IFF_UP) && + ifr->ifa_broadaddr) + broad_addr = *ifr->ifa_broadaddr; + else + continue; + XdmcpRegisterBroadcastAddress((struct sockaddr_in *) + &broad_addr); + } +#endif /* XDMCP */ + + } /* for */ + freeifaddrs(ifap); +#endif /* HAS_GETIFADDRS */ + + /* + * add something of FamilyLocalHost + */ + for (host = selfhosts; + host && !addrEqual(FamilyLocalHost, "", 0, host); + host = host->next); + if (!host) + { + MakeHost(host, 0); + if (host) + { + host->family = FamilyLocalHost; + host->len = 0; + acopy("", host->addr, 0); + host->next = selfhosts; + selfhosts = host; + } + } +} +#endif /* hpux && !HAS_IFREQ */ + +#ifdef XDMCP +void +AugmentSelf(pointer from, int len) +{ + int family; + pointer addr; + register HOST *host; + + family = ConvertAddr(from, &len, (pointer *)&addr); + if (family == -1 || family == FamilyLocal) + return; + for (host = selfhosts; host; host = host->next) + { + if (addrEqual(family, addr, len, host)) + return; + } + MakeHost(host,len) + if (!host) + return; + host->family = family; + host->len = len; + acopy(addr, host->addr, len); + host->next = selfhosts; + selfhosts = host; +} +#endif + +void +AddLocalHosts (void) +{ + HOST *self; + + for (self = selfhosts; self; self = self->next) + /* Fix for XFree86 bug #156: pass addingLocal = TRUE to + * NewHost to tell that we are adding the default local + * host entries and not to flag the entries as being + * explicitely requested */ + (void) NewHost (self->family, self->addr, self->len, TRUE); +} + +/* Reset access control list to initial hosts */ +void +ResetHosts (char *display) +{ + register HOST *host; + char lhostname[120], ohostname[120]; + char *hostname = ohostname; + char fname[PATH_MAX + 1]; + int fnamelen; + FILE *fd; + char *ptr; + int i, hostlen; +#if ((defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN)) && \ + (!defined(IPv6) || !defined(AF_INET6))) || defined(DNETCONN) + union { + struct sockaddr sa; +#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) + struct sockaddr_in in; +#endif /* TCPCONN || STREAMSCONN */ +#ifdef DNETCONN + struct sockaddr_dn dn; +#endif + } saddr; +#endif +#ifdef DNETCONN + struct nodeent *np; + struct dn_naddr dnaddr, *dnaddrp, *dnet_addr(); +#endif + int family = 0; + pointer addr; + int len; + + siTypesInitialize(); + AccessEnabled = defeatAccessControl ? FALSE : DEFAULT_ACCESS_CONTROL; + LocalHostEnabled = FALSE; + while ((host = validhosts) != 0) + { + validhosts = host->next; + FreeHost (host); + } + +#if defined WIN32 && defined __MINGW32__ +#define ETC_HOST_PREFIX "X" +#else +#define ETC_HOST_PREFIX "/etc/X" +#endif +#define ETC_HOST_SUFFIX ".hosts" + fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) + + strlen(display) + 1; + if (fnamelen > sizeof(fname)) + FatalError("Display name `%s' is too long\n", display); + snprintf(fname, sizeof(fname), ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX, + display); + + if ((fd = fopen (fname, "r")) != 0) + { + while (fgets (ohostname, sizeof (ohostname), fd)) + { + family = FamilyWild; + if (*ohostname == '#') + continue; + if ((ptr = strchr(ohostname, '\n')) != 0) + *ptr = 0; + hostlen = strlen(ohostname) + 1; + for (i = 0; i < hostlen; i++) + lhostname[i] = tolower(ohostname[i]); + hostname = ohostname; + if (!strncmp("local:", lhostname, 6)) + { + family = FamilyLocalHost; + NewHost(family, "", 0, FALSE); + LocalHostRequested = TRUE; /* Fix for XFree86 bug #156 */ + } +#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) + else if (!strncmp("inet:", lhostname, 5)) + { + family = FamilyInternet; + hostname = ohostname + 5; + } +#if defined(IPv6) && defined(AF_INET6) + else if (!strncmp("inet6:", lhostname, 6)) + { + family = FamilyInternet6; + hostname = ohostname + 6; + } +#endif +#endif +#ifdef DNETCONN + else if (!strncmp("dnet:", lhostname, 5)) + { + family = FamilyDECnet; + hostname = ohostname + 5; + } +#endif +#ifdef SECURE_RPC + else if (!strncmp("nis:", lhostname, 4)) + { + family = FamilyNetname; + hostname = ohostname + 4; + } +#endif + else if (!strncmp("si:", lhostname, 3)) + { + family = FamilyServerInterpreted; + hostname = ohostname + 3; + hostlen -= 3; + } + + + if (family == FamilyServerInterpreted) + { + len = siCheckAddr(hostname, hostlen); + if (len >= 0) { + NewHost(family, hostname, len, FALSE); + } + } + else +#ifdef DNETCONN + if ((family == FamilyDECnet) || ((family == FamilyWild) && + (ptr = strchr(hostname, ':')) && (*(ptr + 1) == ':') && + !(*ptr = '\0'))) /* bash trailing colons if necessary */ + { + /* node name (DECnet names end in "::") */ + dnaddrp = dnet_addr(hostname); + if (!dnaddrp && (np = getnodebyname (hostname))) + { + /* node was specified by name */ + saddr.sa.sa_family = np->n_addrtype; + len = sizeof(saddr.sa); + if (ConvertAddr (&saddr.sa, &len, (pointer *)&addr) == FamilyDECnet) + { + bzero ((char *) &dnaddr, sizeof (dnaddr)); + dnaddr.a_len = np->n_length; + acopy (np->n_addr, dnaddr.a_addr, np->n_length); + dnaddrp = &dnaddr; + } + } + if (dnaddrp) + (void) NewHost(FamilyDECnet, (pointer)dnaddrp, + (int)(dnaddrp->a_len + sizeof(dnaddrp->a_len)), FALSE); + } + else +#endif /* DNETCONN */ +#ifdef SECURE_RPC + if ((family == FamilyNetname) || (strchr(hostname, '@'))) + { + SecureRPCInit (); + (void) NewHost (FamilyNetname, hostname, strlen (hostname), FALSE); + } + else +#endif /* SECURE_RPC */ +#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) + { +#if defined(IPv6) && defined(AF_INET6) + if ( (family == FamilyInternet) || (family == FamilyInternet6) || + (family == FamilyWild) ) + { + struct addrinfo *addresses; + struct addrinfo *a; + int f; + + if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) { + for (a = addresses ; a != NULL ; a = a->ai_next) { + len = a->ai_addrlen; + f = ConvertAddr(a->ai_addr,&len,(pointer *)&addr); + if ( (family == f) || + ((family == FamilyWild) && (f != -1)) ) { + NewHost(f, addr, len, FALSE); + } + } + freeaddrinfo(addresses); + } + } +#else +#ifdef XTHREADS_NEEDS_BYNAMEPARAMS + _Xgethostbynameparams hparams; +#endif + register struct hostent *hp; + + /* host name */ + if ((family == FamilyInternet && + ((hp = _XGethostbyname(hostname, hparams)) != 0)) || + ((hp = _XGethostbyname(hostname, hparams)) != 0)) + { + saddr.sa.sa_family = hp->h_addrtype; + len = sizeof(saddr.sa); + if ((family = ConvertAddr (&saddr.sa, &len, (pointer *)&addr)) != -1) + { +#ifdef h_addr /* new 4.3bsd version of gethostent */ + char **list; + + /* iterate over the addresses */ + for (list = hp->h_addr_list; *list; list++) + (void) NewHost (family, (pointer)*list, len, FALSE); +#else + (void) NewHost (family, (pointer)hp->h_addr, len, FALSE); +#endif + } + } +#endif /* IPv6 */ + } +#endif /* TCPCONN || STREAMSCONN */ + family = FamilyWild; + } + fclose (fd); + } +} + +/* Is client on the local host */ +Bool LocalClient(ClientPtr client) +{ + int alen, family, notused; + Xtransaddr *from = NULL; + pointer addr; + register HOST *host; + + if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, + ¬used, &alen, &from)) + { + family = ConvertAddr ((struct sockaddr *) from, + &alen, (pointer *)&addr); + if (family == -1) + { + xfree (from); + return FALSE; + } + if (family == FamilyLocal) + { + xfree (from); + return TRUE; + } + for (host = selfhosts; host; host = host->next) + { + if (addrEqual (family, addr, alen, host)) + return TRUE; + } + xfree (from); + } + return FALSE; +} + +/* + * Return the uid and gid of a connected local client + * + * Used by XShm to test access rights to shared memory segments + */ +int +LocalClientCred(ClientPtr client, int *pUid, int *pGid) +{ + LocalClientCredRec *lcc; + int ret = GetLocalClientCreds(client, &lcc); + + if (ret == 0) { +#ifdef HAVE_GETZONEID /* only local if in the same zone */ + if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) { + FreeLocalClientCreds(lcc); + return -1; + } +#endif + if ((lcc->fieldsSet & LCC_UID_SET) && (pUid != NULL)) + *pUid = lcc->euid; + if ((lcc->fieldsSet & LCC_GID_SET) && (pGid != NULL)) + *pGid = lcc->egid; + FreeLocalClientCreds(lcc); + } + return ret; +} + +/* + * Return the uid and all gids of a connected local client + * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds + * + * Used by localuser & localgroup ServerInterpreted access control forms below + * Used by AuthAudit to log who local connections came from + */ +int +GetLocalClientCreds(ClientPtr client, LocalClientCredRec **lccp) +{ +#if defined(HAS_GETPEEREID) || defined(HAS_GETPEERUCRED) || defined(SO_PEERCRED) + int fd; + XtransConnInfo ci; + LocalClientCredRec *lcc; +#ifdef HAS_GETPEEREID + uid_t uid; + gid_t gid; +#elif defined(HAS_GETPEERUCRED) + ucred_t *peercred = NULL; + const gid_t *gids; +#elif defined(SO_PEERCRED) + struct ucred peercred; + socklen_t so_len = sizeof(peercred); +#endif + + if (client == NULL) + return -1; + ci = ((OsCommPtr)client->osPrivate)->trans_conn; +#if !(defined(sun) && defined(HAS_GETPEERUCRED)) + /* Most implementations can only determine peer credentials for Unix + * domain sockets - Solaris getpeerucred can work with a bit more, so + * we just let it tell us if the connection type is supported or not + */ + if (!_XSERVTransIsLocal(ci)) { + return -1; + } +#endif + + *lccp = Xcalloc(sizeof(LocalClientCredRec)); + if (*lccp == NULL) + return -1; + lcc = *lccp; + + fd = _XSERVTransGetConnectionNumber(ci); +#ifdef HAS_GETPEEREID + if (getpeereid(fd, &uid, &gid) == -1) { + FreeLocalClientCreds(lcc); + return -1; + } + lcc->euid = uid; + lcc->egid = gid; + lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET; + return 0; +#elif defined(HAS_GETPEERUCRED) + if (getpeerucred(fd, &peercred) < 0) { + FreeLocalClientCreds(lcc); + return -1; + } + lcc->euid = ucred_geteuid(peercred); + if (lcc->euid != -1) + lcc->fieldsSet |= LCC_UID_SET; + lcc->egid = ucred_getegid(peercred); + if (lcc->egid != -1) + lcc->fieldsSet |= LCC_GID_SET; + lcc->pid = ucred_getpid(peercred); + if (lcc->pid != -1) + lcc->fieldsSet |= LCC_PID_SET; +#ifdef HAVE_GETZONEID + lcc->zoneid = ucred_getzoneid(peercred); + if (lcc->zoneid != -1) + lcc->fieldsSet |= LCC_ZID_SET; +#endif + lcc->nSuppGids = ucred_getgroups(peercred, &gids); + if (lcc->nSuppGids > 0) { + lcc->pSuppGids = Xcalloc((lcc->nSuppGids) * sizeof(int)); + if (lcc->pSuppGids == NULL) { + lcc->nSuppGids = 0; + } else { + int i; + for (i = 0 ; i < lcc->nSuppGids; i++) { + (lcc->pSuppGids)[i] = (int) gids[i]; + } + } + } else { + lcc->nSuppGids = 0; + } + ucred_free(peercred); + return 0; +#elif defined(SO_PEERCRED) + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1) { + FreeLocalClientCreds(lcc); + return -1; + } + lcc->euid = peercred.uid; + lcc->egid = peercred.gid; + lcc->pid = peercred.pid; + lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET | LCC_PID_SET; + return 0; +#endif +#else + /* No system call available to get the credentials of the peer */ +#define NO_LOCAL_CLIENT_CRED + return -1; +#endif +} + +void +FreeLocalClientCreds(LocalClientCredRec *lcc) +{ + if (lcc != NULL) { + if (lcc->nSuppGids > 0) { + Xfree(lcc->pSuppGids); + } + Xfree(lcc); + } +} + +static int +AuthorizedClient(ClientPtr client) +{ + int rc; + + if (!client || defeatAccessControl) + return Success; + + /* untrusted clients can't change host access */ + rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess); + if (rc != Success) + return rc; + + return LocalClient(client) ? Success : BadAccess; +} + +/* Add a host to the access control list. This is the external interface + * called from the dispatcher */ + +int +AddHost (ClientPtr client, + int family, + unsigned length, /* of bytes in pAddr */ + const void * pAddr) +{ + int rc, len; + + rc = AuthorizedClient(client); + if (rc != Success) + return rc; + switch (family) { + case FamilyLocalHost: + len = length; + LocalHostEnabled = TRUE; + break; +#ifdef SECURE_RPC + case FamilyNetname: + len = length; + SecureRPCInit (); + break; +#endif + case FamilyInternet: +#if defined(IPv6) && defined(AF_INET6) + case FamilyInternet6: +#endif + case FamilyDECnet: + case FamilyChaos: + case FamilyServerInterpreted: + if ((len = CheckAddr (family, pAddr, length)) < 0) + { + client->errorValue = length; + return (BadValue); + } + break; + case FamilyLocal: + default: + client->errorValue = family; + return (BadValue); + } + if (NewHost (family, pAddr, len, FALSE)) + return Success; + return BadAlloc; +} + +Bool +ForEachHostInFamily (int family, + Bool (*func)( + unsigned char * /* addr */, + short /* len */, + pointer /* closure */), + pointer closure) +{ + HOST *host; + + for (host = validhosts; host; host = host->next) + if (family == host->family && func (host->addr, host->len, closure)) + return TRUE; + return FALSE; +} + +/* Add a host to the access control list. This is the internal interface + * called when starting or resetting the server */ +static Bool +NewHost (int family, + const void * addr, + int len, + int addingLocalHosts) +{ + register HOST *host; + + for (host = validhosts; host; host = host->next) + { + if (addrEqual (family, addr, len, host)) + return TRUE; + } + if (!addingLocalHosts) { /* Fix for XFree86 bug #156 */ + for (host = selfhosts; host; host = host->next) { + if (addrEqual (family, addr, len, host)) { + host->requested = TRUE; + break; + } + } + } + MakeHost(host,len) + if (!host) + return FALSE; + host->family = family; + host->len = len; + acopy(addr, host->addr, len); + host->next = validhosts; + validhosts = host; + return TRUE; +} + +/* Remove a host from the access control list */ + +int +RemoveHost ( + ClientPtr client, + int family, + unsigned length, /* of bytes in pAddr */ + pointer pAddr) +{ + int rc, len; + register HOST *host, **prev; + + rc = AuthorizedClient(client); + if (rc != Success) + return rc; + switch (family) { + case FamilyLocalHost: + len = length; + LocalHostEnabled = FALSE; + break; +#ifdef SECURE_RPC + case FamilyNetname: + len = length; + break; +#endif + case FamilyInternet: +#if defined(IPv6) && defined(AF_INET6) + case FamilyInternet6: +#endif + case FamilyDECnet: + case FamilyChaos: + case FamilyServerInterpreted: + if ((len = CheckAddr (family, pAddr, length)) < 0) + { + client->errorValue = length; + return(BadValue); + } + break; + case FamilyLocal: + default: + client->errorValue = family; + return(BadValue); + } + for (prev = &validhosts; + (host = *prev) && (!addrEqual (family, pAddr, len, host)); + prev = &host->next) + ; + if (host) + { + *prev = host->next; + FreeHost (host); + } + return (Success); +} + +/* Get all hosts in the access control list */ +int +GetHosts ( + pointer *data, + int *pnHosts, + int *pLen, + BOOL *pEnabled) +{ + int len; + register int n = 0; + register unsigned char *ptr; + register HOST *host; + int nHosts = 0; + + *pEnabled = AccessEnabled ? EnableAccess : DisableAccess; + for (host = validhosts; host; host = host->next) + { + nHosts++; + n += pad_to_int32(host->len) + sizeof(xHostEntry); + } + if (n) + { + *data = ptr = xalloc (n); + if (!ptr) + { + return(BadAlloc); + } + for (host = validhosts; host; host = host->next) + { + len = host->len; + ((xHostEntry *)ptr)->family = host->family; + ((xHostEntry *)ptr)->length = len; + ptr += sizeof(xHostEntry); + acopy (host->addr, ptr, len); + ptr += pad_to_int32(len); + } + } else { + *data = NULL; + } + *pnHosts = nHosts; + *pLen = n; + return(Success); +} + +/* Check for valid address family and length, and return address length. */ + +/*ARGSUSED*/ +static int +CheckAddr ( + int family, + const void * pAddr, + unsigned length) +{ + int len; + + switch (family) + { +#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) + case FamilyInternet: + if (length == sizeof (struct in_addr)) + len = length; + else + len = -1; + break; +#if defined(IPv6) && defined(AF_INET6) + case FamilyInternet6: + if (length == sizeof (struct in6_addr)) + len = length; + else + len = -1; + break; +#endif +#endif +#ifdef DNETCONN + case FamilyDECnet: + { + struct dn_naddr *dnaddr = (struct dn_naddr *) pAddr; + + if ((length < sizeof(dnaddr->a_len)) || + (length < dnaddr->a_len + sizeof(dnaddr->a_len))) + len = -1; + else + len = dnaddr->a_len + sizeof(dnaddr->a_len); + if (len > sizeof(struct dn_naddr)) + len = -1; + } + break; +#endif + case FamilyServerInterpreted: + len = siCheckAddr(pAddr, length); + break; + default: + len = -1; + } + return (len); +} + +/* Check if a host is not in the access control list. + * Returns 1 if host is invalid, 0 if we've found it. */ + +int +InvalidHost ( + register struct sockaddr *saddr, + int len, + ClientPtr client) +{ + int family; + pointer addr; + register HOST *selfhost, *host; + + if (!AccessEnabled) /* just let them in */ + return(0); + family = ConvertAddr (saddr, &len, (pointer *)&addr); + if (family == -1) + return 1; + if (family == FamilyLocal) + { + if (!LocalHostEnabled) + { + /* + * check to see if any local address is enabled. This + * implicitly enables local connections. + */ + for (selfhost = selfhosts; selfhost; selfhost=selfhost->next) + { + for (host = validhosts; host; host=host->next) + { + if (addrEqual (selfhost->family, selfhost->addr, + selfhost->len, host)) + return 0; + } + } + } else + return 0; + } + for (host = validhosts; host; host = host->next) + { + if ((host->family == FamilyServerInterpreted)) { + if (siAddrMatch (family, addr, len, host, client)) { + return (0); + } + } else { + if (addrEqual (family, addr, len, host)) + return (0); + } + + } + return (1); +} + +static int +ConvertAddr ( + register struct sockaddr *saddr, + int *len, + pointer *addr) +{ + if (*len == 0) + return (FamilyLocal); + switch (saddr->sa_family) + { + case AF_UNSPEC: +#if defined(UNIXCONN) || defined(LOCALCONN) + case AF_UNIX: +#endif + return FamilyLocal; +#if defined(TCPCONN) || defined(STREAMSCONN) || defined(MNX_TCPCONN) + case AF_INET: +#ifdef WIN32 + if (16777343 == *(long*)&((struct sockaddr_in *) saddr)->sin_addr) + return FamilyLocal; +#endif + *len = sizeof (struct in_addr); + *addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr); + return FamilyInternet; +#if defined(IPv6) && defined(AF_INET6) + case AF_INET6: + { + struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *) saddr; + if (IN6_IS_ADDR_V4MAPPED(&(saddr6->sin6_addr))) { + *len = sizeof (struct in_addr); + *addr = (pointer) &(saddr6->sin6_addr.s6_addr[12]); + return FamilyInternet; + } else { + *len = sizeof (struct in6_addr); + *addr = (pointer) &(saddr6->sin6_addr); + return FamilyInternet6; + } + } +#endif +#endif +#ifdef DNETCONN + case AF_DECnet: + { + struct sockaddr_dn *sdn = (struct sockaddr_dn *) saddr; + *len = sdn->sdn_nodeaddrl + sizeof(sdn->sdn_nodeaddrl); + *addr = (pointer) &(sdn->sdn_add); + } + return FamilyDECnet; +#endif +#ifdef CHAOSCONN + case AF_CHAOS: + { + not implemented + } + return FamilyChaos; +#endif + default: + return -1; + } +} + +int +ChangeAccessControl( + ClientPtr client, + int fEnabled) +{ + int rc = AuthorizedClient(client); + if (rc != Success) + return rc; + AccessEnabled = fEnabled; + return Success; +} + +/* returns FALSE if xhost + in effect, else TRUE */ +int +GetAccessControl(void) +{ + return AccessEnabled; +} + +/***************************************************************************** + * FamilyServerInterpreted host entry implementation + * + * Supports an extensible system of host types which the server can interpret + * See the IPv6 extensions to the X11 protocol spec for the definition. + * + * Currently supported schemes: + * + * hostname - hostname as defined in IETF RFC 2396 + * ipv6 - IPv6 literal address as defined in IETF RFC's 3513 and + * + * See xc/doc/specs/SIAddresses for formal definitions of each type. + */ + +/* These definitions and the siTypeAdd function could be exported in the + * future to enable loading additional host types, but that was not done for + * the initial implementation. + */ +typedef Bool (*siAddrMatchFunc)(int family, pointer addr, int len, + const char *siAddr, int siAddrlen, ClientPtr client, void *siTypePriv); +typedef int (*siCheckAddrFunc)(const char *addrString, int length, + void *siTypePriv); + +struct siType { + struct siType * next; + const char * typeName; + siAddrMatchFunc addrMatch; + siCheckAddrFunc checkAddr; + void * typePriv; /* Private data for type routines */ +}; + +static struct siType *siTypeList; + +static int +siTypeAdd(const char *typeName, siAddrMatchFunc addrMatch, + siCheckAddrFunc checkAddr, void *typePriv) +{ + struct siType *s, *p; + + if ((typeName == NULL) || (addrMatch == NULL) || (checkAddr == NULL)) + return BadValue; + + for (s = siTypeList, p = NULL; s != NULL ; p = s, s = s->next) { + if (strcmp(typeName, s->typeName) == 0) { + s->addrMatch = addrMatch; + s->checkAddr = checkAddr; + s->typePriv = typePriv; + return Success; + } + } + + s = xalloc(sizeof(struct siType)); + if (s == NULL) + return BadAlloc; + + if (p == NULL) + siTypeList = s; + else + p->next = s; + + s->next = NULL; + s->typeName = typeName; + s->addrMatch = addrMatch; + s->checkAddr = checkAddr; + s->typePriv = typePriv; + return Success; +} + +/* Checks to see if a host matches a server-interpreted host entry */ +static Bool +siAddrMatch(int family, pointer addr, int len, HOST *host, ClientPtr client) +{ + Bool matches = FALSE; + struct siType *s; + const char *valueString; + int addrlen; + + valueString = (const char *) memchr(host->addr, '\0', host->len); + if (valueString != NULL) { + for (s = siTypeList; s != NULL ; s = s->next) { + if (strcmp((char *) host->addr, s->typeName) == 0) { + addrlen = host->len - (strlen((char *)host->addr) + 1); + matches = s->addrMatch(family, addr, len, + valueString + 1, addrlen, client, s->typePriv); + break; + } + } +#ifdef FAMILY_SI_DEBUG + ErrorF( + "Xserver: siAddrMatch(): type = %s, value = %*.*s -- %s\n", + host->addr, addrlen, addrlen, valueString + 1, + (matches) ? "accepted" : "rejected"); +#endif + } + return matches; +} + +static int +siCheckAddr(const char *addrString, int length) +{ + const char *valueString; + int addrlen, typelen; + int len = -1; + struct siType *s; + + /* Make sure there is a \0 byte inside the specified length + to separate the address type from the address value. */ + valueString = (const char *) memchr(addrString, '\0', length); + if (valueString != NULL) { + /* Make sure the first string is a recognized address type, + * and the second string is a valid address of that type. + */ + typelen = strlen(addrString) + 1; + addrlen = length - typelen; + + for (s = siTypeList; s != NULL ; s = s->next) { + if (strcmp(addrString, s->typeName) == 0) { + len = s->checkAddr(valueString + 1, addrlen, s->typePriv); + if (len >= 0) { + len += typelen; + } + break; + } + } +#ifdef FAMILY_SI_DEBUG + { + const char *resultMsg; + + if (s == NULL) { + resultMsg = "type not registered"; + } else { + if (len == -1) + resultMsg = "rejected"; + else + resultMsg = "accepted"; + } + + ErrorF("Xserver: siCheckAddr(): type = %s, value = %*.*s, len = %d -- %s\n", + addrString, addrlen, addrlen, valueString + 1, len, resultMsg); + } +#endif + } + return len; +} + + +/*** + * Hostname server-interpreted host type + * + * Stored as hostname string, explicitly defined to be resolved ONLY + * at access check time, to allow for hosts with dynamic addresses + * but static hostnames, such as found in some DHCP & mobile setups. + * + * Hostname must conform to IETF RFC 2396 sec. 3.2.2, which defines it as: + * hostname = *( domainlabel "." ) toplabel [ "." ] + * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum + * toplabel = alpha | alpha *( alphanum | "-" ) alphanum + */ + +#ifdef NI_MAXHOST +# define SI_HOSTNAME_MAXLEN NI_MAXHOST +#else +# ifdef MAXHOSTNAMELEN +# define SI_HOSTNAME_MAXLEN MAXHOSTNAMELEN +# else +# define SI_HOSTNAME_MAXLEN 256 +# endif +#endif + +static Bool +siHostnameAddrMatch(int family, pointer addr, int len, + const char *siAddr, int siAddrLen, ClientPtr client, void *typePriv) +{ + Bool res = FALSE; + +/* Currently only supports checking against IPv4 & IPv6 connections, but + * support for other address families, such as DECnet, could be added if + * desired. + */ +#if defined(IPv6) && defined(AF_INET6) + if ((family == FamilyInternet) || (family == FamilyInternet6)) { + char hostname[SI_HOSTNAME_MAXLEN]; + struct addrinfo *addresses; + struct addrinfo *a; + int f, hostaddrlen; + pointer hostaddr; + + if (siAddrLen >= sizeof(hostname)) + return FALSE; + + strncpy(hostname, siAddr, siAddrLen); + hostname[siAddrLen] = '\0'; + + if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) { + for (a = addresses ; a != NULL ; a = a->ai_next) { + hostaddrlen = a->ai_addrlen; + f = ConvertAddr(a->ai_addr,&hostaddrlen,&hostaddr); + if ((f == family) && (len == hostaddrlen) && + (acmp (addr, hostaddr, len) == 0) ) { + res = TRUE; + break; + } + } + freeaddrinfo(addresses); + } + } +#else /* IPv6 not supported, use gethostbyname instead for IPv4 */ + if (family == FamilyInternet) { + register struct hostent *hp; +#ifdef XTHREADS_NEEDS_BYNAMEPARAMS + _Xgethostbynameparams hparams; +#endif + char hostname[SI_HOSTNAME_MAXLEN]; + int f, hostaddrlen; + pointer hostaddr; + const char **addrlist; + + if (siAddrLen >= sizeof(hostname)) + return FALSE; + + strncpy(hostname, siAddr, siAddrLen); + hostname[siAddrLen] = '\0'; + + if ((hp = _XGethostbyname(hostname, hparams)) != NULL) { +#ifdef h_addr /* new 4.3bsd version of gethostent */ + /* iterate over the addresses */ + for (addrlist = hp->h_addr_list; *addrlist; addrlist++) +#else + addrlist = &hp->h_addr; +#endif + { + struct sockaddr_in sin; + + sin.sin_family = hp->h_addrtype; + acopy ( *addrlist, &(sin.sin_addr), hp->h_length); + hostaddrlen = sizeof(sin); + f = ConvertAddr ((struct sockaddr *)&sin, + &hostaddrlen, &hostaddr); + if ((f == family) && (len == hostaddrlen) && + (acmp (addr, hostaddr, len) == 0) ) { + res = TRUE; + break; + } + } + } + } +#endif + return res; +} + + +static int +siHostnameCheckAddr(const char *valueString, int length, void *typePriv) +{ + /* Check conformance of hostname to RFC 2396 sec. 3.2.2 definition. + * We do not use ctype functions here to avoid locale-specific + * character sets. Hostnames must be pure ASCII. + */ + int len = length; + int i; + Bool dotAllowed = FALSE; + Bool dashAllowed = FALSE; + + if ((length <= 0) || (length >= SI_HOSTNAME_MAXLEN)) { + len = -1; + } else { + for (i = 0; i < length; i++) { + char c = valueString[i]; + + if (c == 0x2E) { /* '.' */ + if (dotAllowed == FALSE) { + len = -1; + break; + } else { + dotAllowed = FALSE; + dashAllowed = FALSE; + } + } else if (c == 0x2D) { /* '-' */ + if (dashAllowed == FALSE) { + len = -1; + break; + } else { + dotAllowed = FALSE; + } + } else if (((c >= 0x30) && (c <= 0x3A)) /* 0-9 */ || + ((c >= 0x61) && (c <= 0x7A)) /* a-z */ || + ((c >= 0x41) && (c <= 0x5A)) /* A-Z */) { + dotAllowed = TRUE; + dashAllowed = TRUE; + } else { /* Invalid character */ + len = -1; + break; + } + } + } + return len; +} + +#if defined(IPv6) && defined(AF_INET6) +/*** + * "ipv6" server interpreted type + * + * Currently supports only IPv6 literal address as specified in IETF RFC 3513 + * + * Once draft-ietf-ipv6-scoping-arch-00.txt becomes an RFC, support will be + * added for the scoped address format it specifies. + */ + +/* Maximum length of an IPv6 address string - increase when adding support + * for scoped address qualifiers. Includes room for trailing NUL byte. + */ +#define SI_IPv6_MAXLEN INET6_ADDRSTRLEN + +static Bool +siIPv6AddrMatch(int family, pointer addr, int len, + const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv) +{ + struct in6_addr addr6; + char addrbuf[SI_IPv6_MAXLEN]; + + if ((family != FamilyInternet6) || (len != sizeof(addr6))) + return FALSE; + + memcpy(addrbuf, siAddr, siAddrlen); + addrbuf[siAddrlen] = '\0'; + + if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) { + perror("inet_pton"); + return FALSE; + } + + if (memcmp(addr, &addr6, len) == 0) { + return TRUE; + } else { + return FALSE; + } +} + +static int +siIPv6CheckAddr(const char *addrString, int length, void *typePriv) +{ + int len; + + /* Minimum length is 3 (smallest legal address is "::1") */ + if (length < 3) { + /* Address is too short! */ + len = -1; + } else if (length >= SI_IPv6_MAXLEN) { + /* Address is too long! */ + len = -1; + } else { + /* Assume inet_pton is sufficient validation */ + struct in6_addr addr6; + char addrbuf[SI_IPv6_MAXLEN]; + + memcpy(addrbuf, addrString, length); + addrbuf[length] = '\0'; + + if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) { + perror("inet_pton"); + len = -1; + } else { + len = length; + } + } + return len; +} +#endif /* IPv6 */ + +#if !defined(NO_LOCAL_CLIENT_CRED) +/*** + * "localuser" & "localgroup" server interpreted types + * + * Allows local connections from a given local user or group + */ + +#include +#include + +#define LOCAL_USER 1 +#define LOCAL_GROUP 2 + +typedef struct { + int credType; +} siLocalCredPrivRec, *siLocalCredPrivPtr; + +static siLocalCredPrivRec siLocalUserPriv = { LOCAL_USER }; +static siLocalCredPrivRec siLocalGroupPriv = { LOCAL_GROUP }; + +static Bool +siLocalCredGetId(const char *addr, int len, siLocalCredPrivPtr lcPriv, int *id) +{ + Bool parsedOK = FALSE; + char *addrbuf = xalloc(len + 1); + + if (addrbuf == NULL) { + return FALSE; + } + + memcpy(addrbuf, addr, len); + addrbuf[len] = '\0'; + + if (addr[0] == '#') { /* numeric id */ + char *cp; + errno = 0; + *id = strtol(addrbuf + 1, &cp, 0); + if ((errno == 0) && (cp != (addrbuf+1))) { + parsedOK = TRUE; + } + } else { /* non-numeric name */ + if (lcPriv->credType == LOCAL_USER) { + struct passwd *pw = getpwnam(addrbuf); + + if (pw != NULL) { + *id = (int) pw->pw_uid; + parsedOK = TRUE; + } + } else { /* group */ + struct group *gr = getgrnam(addrbuf); + + if (gr != NULL) { + *id = (int) gr->gr_gid; + parsedOK = TRUE; + } + } + } + + xfree(addrbuf); + return parsedOK; +} + +static Bool +siLocalCredAddrMatch(int family, pointer addr, int len, + const char *siAddr, int siAddrlen, ClientPtr client, void *typePriv) +{ + int siAddrId; + LocalClientCredRec *lcc; + siLocalCredPrivPtr lcPriv = (siLocalCredPrivPtr) typePriv; + + if (GetLocalClientCreds(client, &lcc) == -1) { + return FALSE; + } + +#ifdef HAVE_GETZONEID /* Ensure process is in the same zone */ + if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) { + FreeLocalClientCreds(lcc); + return FALSE; + } +#endif + + if (siLocalCredGetId(siAddr, siAddrlen, lcPriv, &siAddrId) == FALSE) { + FreeLocalClientCreds(lcc); + return FALSE; + } + + if (lcPriv->credType == LOCAL_USER) { + if ((lcc->fieldsSet & LCC_UID_SET) && (lcc->euid == siAddrId)) { + FreeLocalClientCreds(lcc); + return TRUE; + } + } else { + if ((lcc->fieldsSet & LCC_GID_SET) && (lcc->egid == siAddrId)) { + FreeLocalClientCreds(lcc); + return TRUE; + } + if (lcc->pSuppGids != NULL) { + int i; + + for (i = 0 ; i < lcc->nSuppGids; i++) { + if (lcc->pSuppGids[i] == siAddrId) { + FreeLocalClientCreds(lcc); + return TRUE; + } + } + } + } + FreeLocalClientCreds(lcc); + return FALSE; +} + +static int +siLocalCredCheckAddr(const char *addrString, int length, void *typePriv) +{ + int len = length; + int id; + + if (siLocalCredGetId(addrString, length, + (siLocalCredPrivPtr)typePriv, &id) == FALSE) { + len = -1; + } + return len; +} +#endif /* localuser */ + +static void +siTypesInitialize(void) +{ + siTypeAdd("hostname", siHostnameAddrMatch, siHostnameCheckAddr, NULL); +#if defined(IPv6) && defined(AF_INET6) + siTypeAdd("ipv6", siIPv6AddrMatch, siIPv6CheckAddr, NULL); +#endif +#if !defined(NO_LOCAL_CLIENT_CRED) + siTypeAdd("localuser", siLocalCredAddrMatch, siLocalCredCheckAddr, + &siLocalUserPriv); + siTypeAdd("localgroup", siLocalCredAddrMatch, siLocalCredCheckAddr, + &siLocalGroupPriv); +#endif +} diff --git a/xorg-server/os/auth.c b/xorg-server/os/auth.c index a852e1c3b..52868f0ba 100644 --- a/xorg-server/os/auth.c +++ b/xorg-server/os/auth.c @@ -1,327 +1,328 @@ -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * authorization hooks for the server - * Author: Keith Packard, MIT X Consortium - */ - -#ifdef HAVE_DIX_CONFIG_H -#include -#endif - -# include -# include -# include "misc.h" -# include "osdep.h" -# include "dixstruct.h" -# include -# include -#ifdef WIN32 -#include -#endif - -struct protocol { - unsigned short name_length; - char *name; - AuthAddCFunc Add; /* new authorization data */ - AuthCheckFunc Check; /* verify client authorization data */ - AuthRstCFunc Reset; /* delete all authorization data entries */ - AuthToIDFunc ToID; /* convert cookie to ID */ - AuthFromIDFunc FromID; /* convert ID to cookie */ - AuthRemCFunc Remove; /* remove a specific cookie */ -#ifdef XCSECURITY - AuthGenCFunc Generate; -#endif -}; - -static struct protocol protocols[] = { -{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1", - MitAddCookie, MitCheckCookie, MitResetCookie, - MitToID, MitFromID, MitRemoveCookie, -#ifdef XCSECURITY - MitGenerateCookie -#endif -}, -#ifdef HASXDMAUTH -{ (unsigned short) 19, "XDM-AUTHORIZATION-1", - XdmAddCookie, XdmCheckCookie, XdmResetCookie, - XdmToID, XdmFromID, XdmRemoveCookie, -#ifdef XCSECURITY - NULL -#endif -}, -#endif -#ifdef SECURE_RPC -{ (unsigned short) 9, "SUN-DES-1", - SecureRPCAdd, SecureRPCCheck, SecureRPCReset, - SecureRPCToID, SecureRPCFromID,SecureRPCRemove, -#ifdef XCSECURITY - NULL -#endif -}, -#endif -}; - -# define NUM_AUTHORIZATION (sizeof (protocols) /\ - sizeof (struct protocol)) - -/* - * Initialize all classes of authorization by reading the - * specified authorization file - */ - -static char *authorization_file = (char *)NULL; - -static Bool ShouldLoadAuth = TRUE; - -void -InitAuthorization (char *file_name) -{ - authorization_file = file_name; -} - -static int -LoadAuthorization (void) -{ - FILE *f; - Xauth *auth; - int i; - int count = 0; - - ShouldLoadAuth = FALSE; - if (!authorization_file) - return 0; - - f = Fopen (authorization_file, "r"); - if (!f) - return -1; - - while ((auth = XauReadAuth (f)) != 0) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == auth->name_length && - memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 && - protocols[i].Add) - { - ++count; - (*protocols[i].Add) (auth->data_length, auth->data, - FakeClientID(0)); - } - } - XauDisposeAuth (auth); - } - - Fclose (f); - return count; -} - -#ifdef XDMCP -/* - * XdmcpInit calls this function to discover all authorization - * schemes supported by the display - */ -void -RegisterAuthorizations (void) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) - XdmcpRegisterAuthorization (protocols[i].name, - (int)protocols[i].name_length); -} -#endif - -XID -CheckAuthorization ( - unsigned int name_length, - char *name, - unsigned int data_length, - char *data, - ClientPtr client, - char **reason) /* failure message. NULL for default msg */ -{ - int i; - struct stat buf; - static time_t lastmod = 0; - static Bool loaded = FALSE; - - if (!authorization_file || stat(authorization_file, &buf)) - { - if (lastmod != 0) { - lastmod = 0; - ShouldLoadAuth = TRUE; /* stat lost, so force reload */ - } - } - else if (buf.st_mtime > lastmod) - { - lastmod = buf.st_mtime; - ShouldLoadAuth = TRUE; - } - if (ShouldLoadAuth) - { - int loadauth = LoadAuthorization(); - - /* - * If the authorization file has at least one entry for this server, - * disable local host access. (loadauth > 0) - * - * If there are zero entries (either initially or when the - * authorization file is later reloaded), or if a valid - * authorization file was never loaded, enable local host access. - * (loadauth == 0 || !loaded) - * - * If the authorization file was loaded initially (with valid - * entries for this server), and reloading it later fails, don't - * change anything. (loadauth == -1 && loaded) - */ - - if (loadauth > 0) - { - DisableLocalHost(); /* got at least one */ - loaded = TRUE; - } - else if (loadauth == 0 || !loaded) - EnableLocalHost (); - } - if (name_length) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0) - { - return (*protocols[i].Check) (data_length, data, client, reason); - } - *reason = "Protocol not supported by server\n"; - } - } else *reason = "No protocol specified\n"; - return (XID) ~0L; -} - -void -ResetAuthorization (void) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) - if (protocols[i].Reset) - (*protocols[i].Reset)(); - ShouldLoadAuth = TRUE; -} - -int -AuthorizationFromID ( - XID id, - unsigned short *name_lenp, - char **namep, - unsigned short *data_lenp, - char **datap) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].FromID && - (*protocols[i].FromID) (id, data_lenp, datap)) { - *name_lenp = protocols[i].name_length; - *namep = protocols[i].name; - return 1; - } - } - return 0; -} - -int -RemoveAuthorization ( - unsigned short name_length, - char *name, - unsigned short data_length, - char *data) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0 && - protocols[i].Remove) - { - return (*protocols[i].Remove) (data_length, data); - } - } - return 0; -} - -int -AddAuthorization (unsigned name_length, char *name, unsigned data_length, char *data) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0 && - protocols[i].Add) - { - return (*protocols[i].Add) (data_length, data, FakeClientID(0)); - } - } - return 0; -} - -#ifdef XCSECURITY - -XID -GenerateAuthorization( - unsigned name_length, - char *name, - unsigned data_length, - char *data, - unsigned *data_length_return, - char **data_return) -{ - int i; - - for (i = 0; i < NUM_AUTHORIZATION; i++) { - if (protocols[i].name_length == name_length && - memcmp (protocols[i].name, name, (int) name_length) == 0 && - protocols[i].Generate) - { - return (*protocols[i].Generate) (data_length, data, - FakeClientID(0), data_length_return, data_return); - } - } - return -1; -} - -void -GenerateRandomData (int len, char *buf) -{ - int fd; - - fd = open("/dev/urandom", O_RDONLY); - read(fd, buf, len); - close(fd); -} - -#endif /* XCSECURITY */ +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * authorization hooks for the server + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +# include +# include +# include "misc.h" +# include "osdep.h" +# include "dixstruct.h" +# include +# include +#ifdef WIN32 +#include +#endif + +struct protocol { + unsigned short name_length; + char *name; + AuthAddCFunc Add; /* new authorization data */ + AuthCheckFunc Check; /* verify client authorization data */ + AuthRstCFunc Reset; /* delete all authorization data entries */ + AuthToIDFunc ToID; /* convert cookie to ID */ + AuthFromIDFunc FromID; /* convert ID to cookie */ + AuthRemCFunc Remove; /* remove a specific cookie */ +#ifdef XCSECURITY + AuthGenCFunc Generate; +#endif +}; + +static struct protocol protocols[] = { +{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1", + MitAddCookie, MitCheckCookie, MitResetCookie, + MitToID, MitFromID, MitRemoveCookie, +#ifdef XCSECURITY + MitGenerateCookie +#endif +}, +#ifdef HASXDMAUTH +{ (unsigned short) 19, "XDM-AUTHORIZATION-1", + XdmAddCookie, XdmCheckCookie, XdmResetCookie, + XdmToID, XdmFromID, XdmRemoveCookie, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +#ifdef SECURE_RPC +{ (unsigned short) 9, "SUN-DES-1", + SecureRPCAdd, SecureRPCCheck, SecureRPCReset, + SecureRPCToID, SecureRPCFromID,SecureRPCRemove, +#ifdef XCSECURITY + NULL +#endif +}, +#endif +}; + +# define NUM_AUTHORIZATION (sizeof (protocols) /\ + sizeof (struct protocol)) + +/* + * Initialize all classes of authorization by reading the + * specified authorization file + */ + +static char *authorization_file = (char *)NULL; + +static Bool ShouldLoadAuth = TRUE; + +void +InitAuthorization (char *file_name) +{ + authorization_file = file_name; +} + +static int +LoadAuthorization (void) +{ + FILE *f; + Xauth *auth; + int i; + int count = 0; + + ShouldLoadAuth = FALSE; + if (!authorization_file) + return 0; + + f = Fopen (authorization_file, "r"); + if (!f) + return -1; + + while ((auth = XauReadAuth (f)) != 0) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == auth->name_length && + memcmp (protocols[i].name, auth->name, (int) auth->name_length) == 0 && + protocols[i].Add) + { + ++count; + (*protocols[i].Add) (auth->data_length, auth->data, + FakeClientID(0)); + } + } + XauDisposeAuth (auth); + } + + Fclose (f); + return count; +} + +#ifdef XDMCP +/* + * XdmcpInit calls this function to discover all authorization + * schemes supported by the display + */ +void +RegisterAuthorizations (void) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) + XdmcpRegisterAuthorization (protocols[i].name, + (int)protocols[i].name_length); +} +#endif + +XID +CheckAuthorization ( + unsigned int name_length, + const char *name, + unsigned int data_length, + const char *data, + ClientPtr client, + char **reason) /* failure message. NULL for default msg */ +{ + int i; + struct stat buf; + static time_t lastmod = 0; + static Bool loaded = FALSE; + + if (!authorization_file || stat(authorization_file, &buf)) + { + if (lastmod != 0) { + lastmod = 0; + ShouldLoadAuth = TRUE; /* stat lost, so force reload */ + } + } + else if (buf.st_mtime > lastmod) + { + lastmod = buf.st_mtime; + ShouldLoadAuth = TRUE; + } + if (ShouldLoadAuth) + { + int loadauth = LoadAuthorization(); + + /* + * If the authorization file has at least one entry for this server, + * disable local host access. (loadauth > 0) + * + * If there are zero entries (either initially or when the + * authorization file is later reloaded), or if a valid + * authorization file was never loaded, enable local host access. + * (loadauth == 0 || !loaded) + * + * If the authorization file was loaded initially (with valid + * entries for this server), and reloading it later fails, don't + * change anything. (loadauth == -1 && loaded) + */ + + if (loadauth > 0) + { + DisableLocalHost(); /* got at least one */ + loaded = TRUE; + } + else if (loadauth == 0 || !loaded) + EnableLocalHost (); + } + if (name_length) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0) + { + return (*protocols[i].Check) (data_length, data, client, reason); + } + *reason = "Protocol not supported by server\n"; + } + } else *reason = "No protocol specified\n"; + return (XID) ~0L; +} + +void +ResetAuthorization (void) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) + if (protocols[i].Reset) + (*protocols[i].Reset)(); + ShouldLoadAuth = TRUE; +} + +int +AuthorizationFromID ( + XID id, + unsigned short *name_lenp, + char **namep, + unsigned short *data_lenp, + char **datap) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].FromID && + (*protocols[i].FromID) (id, data_lenp, datap)) { + *name_lenp = protocols[i].name_length; + *namep = protocols[i].name; + return 1; + } + } + return 0; +} + +int +RemoveAuthorization ( + unsigned short name_length, + const char *name, + unsigned short data_length, + const char *data) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Remove) + { + return (*protocols[i].Remove) (data_length, data); + } + } + return 0; +} + +int +AddAuthorization (unsigned name_length, const char *name, + unsigned data_length, char *data) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Add) + { + return (*protocols[i].Add) (data_length, data, FakeClientID(0)); + } + } + return 0; +} + +#ifdef XCSECURITY + +XID +GenerateAuthorization( + unsigned name_length, + const char *name, + unsigned data_length, + const char *data, + unsigned *data_length_return, + char **data_return) +{ + int i; + + for (i = 0; i < NUM_AUTHORIZATION; i++) { + if (protocols[i].name_length == name_length && + memcmp (protocols[i].name, name, (int) name_length) == 0 && + protocols[i].Generate) + { + return (*protocols[i].Generate) (data_length, data, + FakeClientID(0), data_length_return, data_return); + } + } + return -1; +} + +void +GenerateRandomData (int len, char *buf) +{ + int fd; + + fd = open("/dev/urandom", O_RDONLY); + read(fd, buf, len); + close(fd); +} + +#endif /* XCSECURITY */ diff --git a/xorg-server/os/mitauth.c b/xorg-server/os/mitauth.c index a7968cbd7..5baf552bc 100644 --- a/xorg-server/os/mitauth.c +++ b/xorg-server/os/mitauth.c @@ -1,197 +1,197 @@ -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * MIT-MAGIC-COOKIE-1 authorization scheme - * Author: Keith Packard, MIT X Consortium - */ - -#ifdef HAVE_DIX_CONFIG_H -#include -#endif - -#include -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" - -static struct auth { - struct auth *next; - unsigned short len; - char *data; - XID id; -} *mit_auth; - -int -MitAddCookie ( - unsigned short data_length, - char *data, - XID id) -{ - struct auth *new; - - new = xalloc (sizeof (struct auth)); - if (!new) - return 0; - new->data = xalloc ((unsigned) data_length); - if (!new->data) { - xfree(new); - return 0; - } - new->next = mit_auth; - mit_auth = new; - memmove(new->data, data, (int) data_length); - new->len = data_length; - new->id = id; - return 1; -} - -XID -MitCheckCookie ( - unsigned short data_length, - char *data, - ClientPtr client, - char **reason) -{ - struct auth *auth; - - for (auth = mit_auth; auth; auth=auth->next) { - if (data_length == auth->len && - memcmp (data, auth->data, (int) data_length) == 0) - return auth->id; - } - *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; - return (XID) -1; -} - -int -MitResetCookie (void) -{ - struct auth *auth, *next; - - for (auth = mit_auth; auth; auth=next) { - next = auth->next; - xfree (auth->data); - xfree (auth); - } - mit_auth = 0; - return 0; -} - -XID -MitToID ( - unsigned short data_length, - char *data) -{ - struct auth *auth; - - for (auth = mit_auth; auth; auth=auth->next) { - if (data_length == auth->len && - memcmp (data, auth->data, data_length) == 0) - return auth->id; - } - return (XID) -1; -} - -int -MitFromID ( - XID id, - unsigned short *data_lenp, - char **datap) -{ - struct auth *auth; - - for (auth = mit_auth; auth; auth=auth->next) { - if (id == auth->id) { - *data_lenp = auth->len; - *datap = auth->data; - return 1; - } - } - return 0; -} - -int -MitRemoveCookie ( - unsigned short data_length, - char *data) -{ - struct auth *auth, *prev; - - prev = 0; - for (auth = mit_auth; auth; prev = auth, auth=auth->next) { - if (data_length == auth->len && - memcmp (data, auth->data, data_length) == 0) - { - if (prev) - prev->next = auth->next; - else - mit_auth = auth->next; - xfree (auth->data); - xfree (auth); - return 1; - } - } - return 0; -} - -#ifdef XCSECURITY - -static char cookie[16]; /* 128 bits */ - -XID -MitGenerateCookie ( - unsigned data_length, - char *data, - XID id, - unsigned *data_length_return, - char **data_return) -{ - int i = 0; - int status; - - while (data_length--) - { - cookie[i++] += *data++; - if (i >= sizeof (cookie)) i = 0; - } - GenerateRandomData(sizeof (cookie), cookie); - status = MitAddCookie(sizeof (cookie), cookie, id); - if (!status) - { - id = -1; - } - else - { - *data_return = cookie; - *data_length_return = sizeof (cookie); - } - return id; -} - -#endif /* XCSECURITY */ +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * MIT-MAGIC-COOKIE-1 authorization scheme + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +#include +#include "os.h" +#include "osdep.h" +#include "dixstruct.h" + +static struct auth { + struct auth *next; + unsigned short len; + char *data; + XID id; +} *mit_auth; + +int +MitAddCookie ( + unsigned short data_length, + const char *data, + XID id) +{ + struct auth *new; + + new = xalloc (sizeof (struct auth)); + if (!new) + return 0; + new->data = xalloc ((unsigned) data_length); + if (!new->data) { + xfree(new); + return 0; + } + new->next = mit_auth; + mit_auth = new; + memmove(new->data, data, (int) data_length); + new->len = data_length; + new->id = id; + return 1; +} + +XID +MitCheckCookie ( + unsigned short data_length, + const char *data, + ClientPtr client, + char **reason) +{ + struct auth *auth; + + for (auth = mit_auth; auth; auth=auth->next) { + if (data_length == auth->len && + memcmp (data, auth->data, (int) data_length) == 0) + return auth->id; + } + *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; + return (XID) -1; +} + +int +MitResetCookie (void) +{ + struct auth *auth, *next; + + for (auth = mit_auth; auth; auth=next) { + next = auth->next; + xfree (auth->data); + xfree (auth); + } + mit_auth = 0; + return 0; +} + +XID +MitToID ( + unsigned short data_length, + char *data) +{ + struct auth *auth; + + for (auth = mit_auth; auth; auth=auth->next) { + if (data_length == auth->len && + memcmp (data, auth->data, data_length) == 0) + return auth->id; + } + return (XID) -1; +} + +int +MitFromID ( + XID id, + unsigned short *data_lenp, + char **datap) +{ + struct auth *auth; + + for (auth = mit_auth; auth; auth=auth->next) { + if (id == auth->id) { + *data_lenp = auth->len; + *datap = auth->data; + return 1; + } + } + return 0; +} + +int +MitRemoveCookie ( + unsigned short data_length, + const char *data) +{ + struct auth *auth, *prev; + + prev = 0; + for (auth = mit_auth; auth; prev = auth, auth=auth->next) { + if (data_length == auth->len && + memcmp (data, auth->data, data_length) == 0) + { + if (prev) + prev->next = auth->next; + else + mit_auth = auth->next; + xfree (auth->data); + xfree (auth); + return 1; + } + } + return 0; +} + +#ifdef XCSECURITY + +static char cookie[16]; /* 128 bits */ + +XID +MitGenerateCookie ( + unsigned data_length, + const char *data, + XID id, + unsigned *data_length_return, + char **data_return) +{ + int i = 0; + int status; + + while (data_length--) + { + cookie[i++] += *data++; + if (i >= sizeof (cookie)) i = 0; + } + GenerateRandomData(sizeof (cookie), cookie); + status = MitAddCookie(sizeof (cookie), cookie, id); + if (!status) + { + id = -1; + } + else + { + *data_return = cookie; + *data_length_return = sizeof (cookie); + } + return id; +} + +#endif /* XCSECURITY */ diff --git a/xorg-server/os/osdep.h b/xorg-server/os/osdep.h index fda1edf72..32b4a6763 100644 --- a/xorg-server/os/osdep.h +++ b/xorg-server/os/osdep.h @@ -114,7 +114,8 @@ SOFTWARE. #if defined(XDMCP) || defined(HASXDMAUTH) typedef Bool (*ValidatorFunc)(ARRAY8Ptr Auth, ARRAY8Ptr Data, int packet_type); typedef Bool (*GeneratorFunc)(ARRAY8Ptr Auth, ARRAY8Ptr Data, int packet_type); -typedef Bool (*AddAuthorFunc)(unsigned name_length, char *name, unsigned data_length, char *data); +typedef Bool (*AddAuthorFunc)(unsigned name_length, const char *name, + unsigned data_length, char *data); #endif typedef struct _connectionInput { @@ -138,19 +139,19 @@ struct _osComm; #define AuthInitArgs void typedef void (*AuthInitFunc) (AuthInitArgs); -#define AuthAddCArgs unsigned short data_length, char *data, XID id +#define AuthAddCArgs unsigned short data_length, const char *data, XID id typedef int (*AuthAddCFunc) (AuthAddCArgs); -#define AuthCheckArgs unsigned short data_length, char *data, ClientPtr client, char **reason +#define AuthCheckArgs unsigned short data_length, const char *data, ClientPtr client, char **reason typedef XID (*AuthCheckFunc) (AuthCheckArgs); #define AuthFromIDArgs XID id, unsigned short *data_lenp, char **datap typedef int (*AuthFromIDFunc) (AuthFromIDArgs); -#define AuthGenCArgs unsigned data_length, char *data, XID id, unsigned *data_length_return, char **data_return +#define AuthGenCArgs unsigned data_length, const char *data, XID id, unsigned *data_length_return, char **data_return typedef XID (*AuthGenCFunc) (AuthGenCArgs); -#define AuthRemCArgs unsigned short data_length, char *data +#define AuthRemCArgs unsigned short data_length, const char *data typedef int (*AuthRemCFunc) (AuthRemCArgs); #define AuthRstCArgs void @@ -254,29 +255,29 @@ extern void XdmcpUseMsg (void); extern int XdmcpOptions(int argc, char **argv, int i); extern void XdmcpRegisterConnection ( int type, - char *address, + const char *address, int addrlen); extern void XdmcpRegisterAuthorizations (void); -extern void XdmcpRegisterAuthorization (char *name, int namelen); +extern void XdmcpRegisterAuthorization (const char *name, int namelen); extern void XdmcpInit (void); extern void XdmcpReset (void); extern void XdmcpOpenDisplay(int sock); extern void XdmcpCloseDisplay(int sock); extern void XdmcpRegisterAuthentication ( - char *name, + const char *name, int namelen, - char *data, + const char *data, int datalen, ValidatorFunc Validator, GeneratorFunc Generator, AddAuthorFunc AddAuth); struct sockaddr_in; -extern void XdmcpRegisterBroadcastAddress (struct sockaddr_in *addr); +extern void XdmcpRegisterBroadcastAddress (const struct sockaddr_in *addr); #endif #ifdef HASXDMAUTH -extern void XdmAuthenticationInit (char *cookie, int cookie_length); +extern void XdmAuthenticationInit (const char *cookie, int cookie_length); #endif #endif /* _OSDEP_H_ */ diff --git a/xorg-server/os/rpcauth.c b/xorg-server/os/rpcauth.c index 5ddbe210b..a63304375 100644 --- a/xorg-server/os/rpcauth.c +++ b/xorg-server/os/rpcauth.c @@ -1,193 +1,193 @@ -/* - -Copyright 1991, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * SUN-DES-1 authentication mechanism - * Author: Mayank Choudhary, Sun Microsystems - */ - - -#ifdef HAVE_DIX_CONFIG_H -#include -#endif - -#ifdef SECURE_RPC - -#include -#include -#include "misc.h" -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" - -#include - -#ifdef sun -/* only includes this if _KERNEL is #defined... */ -extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); -#endif - -static enum auth_stat why; - -static char * -authdes_ezdecode(char *inmsg, int len) -{ - struct rpc_msg msg; - char cred_area[MAX_AUTH_BYTES]; - char verf_area[MAX_AUTH_BYTES]; - char *temp_inmsg; - struct svc_req r; - bool_t res0, res1; - XDR xdr; - SVCXPRT xprt; - - temp_inmsg = xalloc(len); - memmove(temp_inmsg, inmsg, len); - - memset((char *)&msg, 0, sizeof(msg)); - memset((char *)&r, 0, sizeof(r)); - memset(cred_area, 0, sizeof(cred_area)); - memset(verf_area, 0, sizeof(verf_area)); - - msg.rm_call.cb_cred.oa_base = cred_area; - msg.rm_call.cb_verf.oa_base = verf_area; - why = AUTH_FAILED; - xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); - - if ((r.rq_clntcred = xalloc(MAX_AUTH_BYTES)) == NULL) - goto bad1; - r.rq_xprt = &xprt; - - /* decode into msg */ - res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); - res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf)); - if ( ! (res0 && res1) ) - goto bad2; - - /* do the authentication */ - - r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */ - if (r.rq_cred.oa_flavor != AUTH_DES) { - why = AUTH_TOOWEAK; - goto bad2; - } -#ifdef SVR4 - if ((why = __authenticate(&r, &msg)) != AUTH_OK) { -#else - if ((why = _authenticate(&r, &msg)) != AUTH_OK) { -#endif - goto bad2; - } - return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name); - -bad2: - xfree(r.rq_clntcred); -bad1: - return ((char *)0); /* ((struct authdes_cred *) NULL); */ -} - -static XID rpc_id = (XID) ~0L; - -static Bool -CheckNetName ( - unsigned char *addr, - short len, - pointer closure -) -{ - return (len == strlen ((char *) closure) && - strncmp ((char *) addr, (char *) closure, len) == 0); -} - -static char rpc_error[MAXNETNAMELEN+50]; - -_X_HIDDEN XID -SecureRPCCheck (unsigned short data_length, char *data, - ClientPtr client, char **reason) -{ - char *fullname; - - if (rpc_id == (XID) ~0L) { - *reason = "Secure RPC authorization not initialized"; - } else { - fullname = authdes_ezdecode(data, data_length); - if (fullname == (char *)0) { - sprintf(rpc_error, "Unable to authenticate secure RPC client (why=%d)", why); - *reason = rpc_error; - } else { - if (ForEachHostInFamily (FamilyNetname, CheckNetName, fullname)) - return rpc_id; - sprintf(rpc_error, "Principal \"%s\" is not authorized to connect", - fullname); - *reason = rpc_error; - } - } - return (XID) ~0L; -} - -_X_HIDDEN void -SecureRPCInit (void) -{ - if (rpc_id == ~0L) - AddAuthorization (9, "SUN-DES-1", 0, (char *) 0); -} - -_X_HIDDEN int -SecureRPCAdd (unsigned short data_length, char *data, XID id) -{ - if (data_length) - AddHost ((pointer) 0, FamilyNetname, data_length, data); - rpc_id = id; - return 1; -} - -_X_HIDDEN int -SecureRPCReset (void) -{ - rpc_id = (XID) ~0L; - return 1; -} - -_X_HIDDEN XID -SecureRPCToID (unsigned short data_length, char *data) -{ - return rpc_id; -} - -_X_HIDDEN int -SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap) -{ - return 0; -} - -_X_HIDDEN int -SecureRPCRemove (unsigned short data_length, char *data) -{ - return 0; -} -#endif /* SECURE_RPC */ +/* + +Copyright 1991, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * SUN-DES-1 authentication mechanism + * Author: Mayank Choudhary, Sun Microsystems + */ + + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +#ifdef SECURE_RPC + +#include +#include +#include "misc.h" +#include "os.h" +#include "osdep.h" +#include "dixstruct.h" + +#include + +#ifdef sun +/* only includes this if _KERNEL is #defined... */ +extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); +#endif + +static enum auth_stat why; + +static char * +authdes_ezdecode(const char *inmsg, int len) +{ + struct rpc_msg msg; + char cred_area[MAX_AUTH_BYTES]; + char verf_area[MAX_AUTH_BYTES]; + char *temp_inmsg; + struct svc_req r; + bool_t res0, res1; + XDR xdr; + SVCXPRT xprt; + + temp_inmsg = xalloc(len); + memmove(temp_inmsg, inmsg, len); + + memset((char *)&msg, 0, sizeof(msg)); + memset((char *)&r, 0, sizeof(r)); + memset(cred_area, 0, sizeof(cred_area)); + memset(verf_area, 0, sizeof(verf_area)); + + msg.rm_call.cb_cred.oa_base = cred_area; + msg.rm_call.cb_verf.oa_base = verf_area; + why = AUTH_FAILED; + xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); + + if ((r.rq_clntcred = xalloc(MAX_AUTH_BYTES)) == NULL) + goto bad1; + r.rq_xprt = &xprt; + + /* decode into msg */ + res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); + res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf)); + if ( ! (res0 && res1) ) + goto bad2; + + /* do the authentication */ + + r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */ + if (r.rq_cred.oa_flavor != AUTH_DES) { + why = AUTH_TOOWEAK; + goto bad2; + } +#ifdef SVR4 + if ((why = __authenticate(&r, &msg)) != AUTH_OK) { +#else + if ((why = _authenticate(&r, &msg)) != AUTH_OK) { +#endif + goto bad2; + } + return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name); + +bad2: + xfree(r.rq_clntcred); +bad1: + return ((char *)0); /* ((struct authdes_cred *) NULL); */ +} + +static XID rpc_id = (XID) ~0L; + +static Bool +CheckNetName ( + unsigned char *addr, + short len, + pointer closure +) +{ + return (len == strlen ((char *) closure) && + strncmp ((char *) addr, (char *) closure, len) == 0); +} + +static char rpc_error[MAXNETNAMELEN+50]; + +_X_HIDDEN XID +SecureRPCCheck (unsigned short data_length, const char *data, + ClientPtr client, char **reason) +{ + char *fullname; + + if (rpc_id == (XID) ~0L) { + *reason = "Secure RPC authorization not initialized"; + } else { + fullname = authdes_ezdecode(data, data_length); + if (fullname == (char *)0) { + sprintf(rpc_error, "Unable to authenticate secure RPC client (why=%d)", why); + *reason = rpc_error; + } else { + if (ForEachHostInFamily (FamilyNetname, CheckNetName, fullname)) + return rpc_id; + sprintf(rpc_error, "Principal \"%s\" is not authorized to connect", + fullname); + *reason = rpc_error; + } + } + return (XID) ~0L; +} + +_X_HIDDEN void +SecureRPCInit (void) +{ + if (rpc_id == ~0L) + AddAuthorization (9, "SUN-DES-1", 0, (char *) 0); +} + +_X_HIDDEN int +SecureRPCAdd (unsigned short data_length, const char *data, XID id) +{ + if (data_length) + AddHost ((pointer) 0, FamilyNetname, data_length, data); + rpc_id = id; + return 1; +} + +_X_HIDDEN int +SecureRPCReset (void) +{ + rpc_id = (XID) ~0L; + return 1; +} + +_X_HIDDEN XID +SecureRPCToID (unsigned short data_length, char *data) +{ + return rpc_id; +} + +_X_HIDDEN int +SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap) +{ + return 0; +} + +_X_HIDDEN int +SecureRPCRemove (unsigned short data_length, const char *data) +{ + return 0; +} +#endif /* SECURE_RPC */ diff --git a/xorg-server/os/xdmauth.c b/xorg-server/os/xdmauth.c index e19e4f93d..7834b56f8 100644 --- a/xorg-server/os/xdmauth.c +++ b/xorg-server/os/xdmauth.c @@ -1,499 +1,499 @@ -/* - -Copyright 1988, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ - -/* - * XDM-AUTHENTICATION-1 (XDMCP authentication) and - * XDM-AUTHORIZATION-1 (client authorization) protocols - * - * Author: Keith Packard, MIT X Consortium - */ - -#ifdef HAVE_DIX_CONFIG_H -#include -#endif - -#include -#include -#define XSERV_t -#define TRANS_SERVER -#define TRANS_REOPEN -#include -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" - -#ifdef HASXDMAUTH - -static Bool authFromXDMCP; - -#ifdef XDMCP -#include -#undef REQUEST -#include - -/* XDM-AUTHENTICATION-1 */ - -static XdmAuthKeyRec privateKey; -static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1"; -#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1) -static XdmAuthKeyRec rho; - -static Bool -XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData, - xdmOpCode packet_type) -{ - XdmAuthKeyPtr incoming; - - XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey, - incomingData->data,incomingData->length); - if (packet_type == ACCEPT) { - if (incomingData->length != 8) - return FALSE; - incoming = (XdmAuthKeyPtr) incomingData->data; - XdmcpDecrementKey (incoming); - return XdmcpCompareKeys (incoming, &rho); - } - return FALSE; -} - -static Bool -XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData, - xdmOpCode packet_type) -{ - outgoingData->length = 0; - outgoingData->data = 0; - if (packet_type == REQUEST) { - if (XdmcpAllocARRAY8 (outgoingData, 8)) - XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey, - outgoingData->data, 8); - } - return TRUE; -} - -static Bool -XdmAuthenticationAddAuth (int name_len, char *name, - int data_len, char *data) -{ - Bool ret; - XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey, - (unsigned char *)data, data_len); - authFromXDMCP = TRUE; - ret = AddAuthorization (name_len, name, data_len, data); - authFromXDMCP = FALSE; - return ret; -} - - -#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \ - 'a' <= c && c <= 'f' ? c - 'a' + 10 : \ - 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1) - -static int -HexToBinary (char *in, char *out, int len) -{ - int top, bottom; - - while (len > 0) - { - top = atox(in[0]); - if (top == -1) - return 0; - bottom = atox(in[1]); - if (bottom == -1) - return 0; - *out++ = (top << 4) | bottom; - in += 2; - len -= 2; - } - if (len) - return 0; - *out++ = '\0'; - return 1; -} - -void -XdmAuthenticationInit (char *cookie, int cookie_len) -{ - bzero (privateKey.data, 8); - if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2)) - { - if (cookie_len > 2 + 2 * 8) - cookie_len = 2 + 2 * 8; - HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2); - } - else - { - if (cookie_len > 7) - cookie_len = 7; - memmove (privateKey.data + 1, cookie, cookie_len); - } - XdmcpGenerateKey (&rho); - XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen, - (char *)&rho, - sizeof (rho), - (ValidatorFunc)XdmAuthenticationValidator, - (GeneratorFunc)XdmAuthenticationGenerator, - (AddAuthorFunc)XdmAuthenticationAddAuth); -} - -#endif /* XDMCP */ - -/* XDM-AUTHORIZATION-1 */ -typedef struct _XdmAuthorization { - struct _XdmAuthorization *next; - XdmAuthKeyRec rho; - XdmAuthKeyRec key; - XID id; -} XdmAuthorizationRec, *XdmAuthorizationPtr; - -static XdmAuthorizationPtr xdmAuth; - -typedef struct _XdmClientAuth { - struct _XdmClientAuth *next; - XdmAuthKeyRec rho; - char client[6]; - long time; -} XdmClientAuthRec, *XdmClientAuthPtr; - -static XdmClientAuthPtr xdmClients; -static long clockOffset; -static Bool gotClock; - -#define TwentyMinutes (20 * 60) -#define TwentyFiveMinutes (25 * 60) - -static Bool -XdmClientAuthCompare (XdmClientAuthPtr a, XdmClientAuthPtr b) -{ - int i; - - if (!XdmcpCompareKeys (&a->rho, &b->rho)) - return FALSE; - for (i = 0; i < 6; i++) - if (a->client[i] != b->client[i]) - return FALSE; - return a->time == b->time; -} - -static void -XdmClientAuthDecode (unsigned char *plain, XdmClientAuthPtr auth) -{ - int i, j; - - j = 0; - for (i = 0; i < 8; i++) - { - auth->rho.data[i] = plain[j]; - ++j; - } - for (i = 0; i < 6; i++) - { - auth->client[i] = plain[j]; - ++j; - } - auth->time = 0; - for (i = 0; i < 4; i++) - { - auth->time |= plain[j] << ((3 - i) << 3); - j++; - } -} - -static void -XdmClientAuthTimeout (long now) -{ - XdmClientAuthPtr client, next, prev; - - prev = 0; - for (client = xdmClients; client; client=next) - { - next = client->next; - if (abs (now - client->time) > TwentyFiveMinutes) - { - if (prev) - prev->next = next; - else - xdmClients = next; - xfree (client); - } - else - prev = client; - } -} - -static XdmClientAuthPtr -XdmAuthorizationValidate (unsigned char *plain, int length, - XdmAuthKeyPtr rho, ClientPtr xclient, char **reason) -{ - XdmClientAuthPtr client, existing; - long now; - int i; - - if (length != (192 / 8)) { - if (reason) - *reason = "Bad XDM authorization key length"; - return NULL; - } - client = xalloc (sizeof (XdmClientAuthRec)); - if (!client) - return NULL; - XdmClientAuthDecode (plain, client); - if (!XdmcpCompareKeys (&client->rho, rho)) - { - xfree (client); - if (reason) - *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)"; - return NULL; - } - for (i = 18; i < 24; i++) - if (plain[i] != 0) { - xfree (client); - if (reason) - *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)"; - return NULL; - } - if (xclient) { - int family, addr_len; - Xtransaddr *addr; - - if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn, - &family, &addr_len, &addr) == 0 - && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) { -#if defined(TCPCONN) || defined(STREAMSCONN) - if (family == FamilyInternet && - memcmp((char *)addr, client->client, 4) != 0) { - xfree (client); - xfree (addr); - if (reason) - *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)"; - return NULL; - - } -#endif - xfree (addr); - } - } - now = time(0); - if (!gotClock) - { - clockOffset = client->time - now; - gotClock = TRUE; - } - now += clockOffset; - XdmClientAuthTimeout (now); - if (abs (client->time - now) > TwentyMinutes) - { - xfree (client); - if (reason) - *reason = "Excessive XDM-AUTHORIZATION-1 time offset"; - return NULL; - } - for (existing = xdmClients; existing; existing=existing->next) - { - if (XdmClientAuthCompare (existing, client)) - { - xfree (client); - if (reason) - *reason = "XDM authorization key matches an existing client!"; - return NULL; - } - } - return client; -} - -int -XdmAddCookie (unsigned short data_length, char *data, XID id) -{ - XdmAuthorizationPtr new; - unsigned char *rho_bits, *key_bits; - - switch (data_length) - { - case 16: /* auth from files is 16 bytes long */ -#ifdef XDMCP - if (authFromXDMCP) - { - /* R5 xdm sent bogus authorization data in the accept packet, - * but we can recover */ - rho_bits = rho.data; - key_bits = (unsigned char *) data; - key_bits[0] = '\0'; - } - else -#endif - { - rho_bits = (unsigned char *) data; - key_bits = (unsigned char *) (data + 8); - } - break; -#ifdef XDMCP - case 8: /* auth from XDMCP is 8 bytes long */ - rho_bits = rho.data; - key_bits = (unsigned char *) data; - break; -#endif - default: - return 0; - } - /* the first octet of the key must be zero */ - if (key_bits[0] != '\0') - return 0; - new = xalloc (sizeof (XdmAuthorizationRec)); - if (!new) - return 0; - new->next = xdmAuth; - xdmAuth = new; - memmove (new->key.data, key_bits, (int) 8); - memmove (new->rho.data, rho_bits, (int) 8); - new->id = id; - return 1; -} - -XID -XdmCheckCookie (unsigned short cookie_length, char *cookie, - ClientPtr xclient, char **reason) -{ - XdmAuthorizationPtr auth; - XdmClientAuthPtr client; - unsigned char *plain; - - /* Auth packets must be a multiple of 8 bytes long */ - if (cookie_length & 7) - return (XID) -1; - plain = xalloc (cookie_length); - if (!plain) - return (XID) -1; - for (auth = xdmAuth; auth; auth=auth->next) { - XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); - if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL) - { - client->next = xdmClients; - xdmClients = client; - xfree (plain); - return auth->id; - } - } - xfree (plain); - return (XID) -1; -} - -int -XdmResetCookie (void) -{ - XdmAuthorizationPtr auth, next_auth; - XdmClientAuthPtr client, next_client; - - for (auth = xdmAuth; auth; auth=next_auth) - { - next_auth = auth->next; - xfree (auth); - } - xdmAuth = 0; - for (client = xdmClients; client; client=next_client) - { - next_client = client->next; - xfree (client); - } - xdmClients = (XdmClientAuthPtr) 0; - return 1; -} - -XID -XdmToID (unsigned short cookie_length, char *cookie) -{ - XdmAuthorizationPtr auth; - XdmClientAuthPtr client; - unsigned char *plain; - - plain = xalloc (cookie_length); - if (!plain) - return (XID) -1; - for (auth = xdmAuth; auth; auth=auth->next) { - XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); - if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL) - { - xfree (client); - xfree (cookie); - xfree (plain); - return auth->id; - } - } - xfree (cookie); - xfree (plain); - return (XID) -1; -} - -int -XdmFromID (XID id, unsigned short *data_lenp, char **datap) -{ - XdmAuthorizationPtr auth; - - for (auth = xdmAuth; auth; auth=auth->next) { - if (id == auth->id) { - *data_lenp = 16; - *datap = (char *) &auth->rho; - return 1; - } - } - return 0; -} - -int -XdmRemoveCookie (unsigned short data_length, char *data) -{ - XdmAuthorizationPtr auth; - XdmAuthKeyPtr key_bits, rho_bits; - - switch (data_length) - { - case 16: - rho_bits = (XdmAuthKeyPtr) data; - key_bits = (XdmAuthKeyPtr) (data + 8); - break; -#ifdef XDMCP - case 8: - rho_bits = ρ - key_bits = (XdmAuthKeyPtr) data; - break; -#endif - default: - return 0; - } - for (auth = xdmAuth; auth; auth=auth->next) { - if (XdmcpCompareKeys (rho_bits, &auth->rho) && - XdmcpCompareKeys (key_bits, &auth->key)) - { - xdmAuth = auth->next; - xfree (auth); - return 1; - } - } - return 0; -} - -#endif +/* + +Copyright 1988, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + +*/ + +/* + * XDM-AUTHENTICATION-1 (XDMCP authentication) and + * XDM-AUTHORIZATION-1 (client authorization) protocols + * + * Author: Keith Packard, MIT X Consortium + */ + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +#include +#include +#define XSERV_t +#define TRANS_SERVER +#define TRANS_REOPEN +#include +#include "os.h" +#include "osdep.h" +#include "dixstruct.h" + +#ifdef HASXDMAUTH + +static Bool authFromXDMCP; + +#ifdef XDMCP +#include +#undef REQUEST +#include + +/* XDM-AUTHENTICATION-1 */ + +static XdmAuthKeyRec privateKey; +static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1"; +#define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1) +static XdmAuthKeyRec rho; + +static Bool +XdmAuthenticationValidator (ARRAY8Ptr privateData, ARRAY8Ptr incomingData, + xdmOpCode packet_type) +{ + XdmAuthKeyPtr incoming; + + XdmcpUnwrap (incomingData->data, (unsigned char *)&privateKey, + incomingData->data,incomingData->length); + if (packet_type == ACCEPT) { + if (incomingData->length != 8) + return FALSE; + incoming = (XdmAuthKeyPtr) incomingData->data; + XdmcpDecrementKey (incoming); + return XdmcpCompareKeys (incoming, &rho); + } + return FALSE; +} + +static Bool +XdmAuthenticationGenerator (ARRAY8Ptr privateData, ARRAY8Ptr outgoingData, + xdmOpCode packet_type) +{ + outgoingData->length = 0; + outgoingData->data = 0; + if (packet_type == REQUEST) { + if (XdmcpAllocARRAY8 (outgoingData, 8)) + XdmcpWrap ((unsigned char *)&rho, (unsigned char *)&privateKey, + outgoingData->data, 8); + } + return TRUE; +} + +static Bool +XdmAuthenticationAddAuth (int name_len, const char *name, + int data_len, char *data) +{ + Bool ret; + XdmcpUnwrap ((unsigned char *)data, (unsigned char *)&privateKey, + (unsigned char *)data, data_len); + authFromXDMCP = TRUE; + ret = AddAuthorization (name_len, name, data_len, data); + authFromXDMCP = FALSE; + return ret; +} + + +#define atox(c) ('0' <= c && c <= '9' ? c - '0' : \ + 'a' <= c && c <= 'f' ? c - 'a' + 10 : \ + 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1) + +static int +HexToBinary (const char *in, char *out, int len) +{ + int top, bottom; + + while (len > 0) + { + top = atox(in[0]); + if (top == -1) + return 0; + bottom = atox(in[1]); + if (bottom == -1) + return 0; + *out++ = (top << 4) | bottom; + in += 2; + len -= 2; + } + if (len) + return 0; + *out++ = '\0'; + return 1; +} + +void +XdmAuthenticationInit (const char *cookie, int cookie_len) +{ + bzero (privateKey.data, 8); + if (!strncmp (cookie, "0x", 2) || !strncmp (cookie, "0X", 2)) + { + if (cookie_len > 2 + 2 * 8) + cookie_len = 2 + 2 * 8; + HexToBinary (cookie + 2, (char *)privateKey.data, cookie_len - 2); + } + else + { + if (cookie_len > 7) + cookie_len = 7; + memmove (privateKey.data + 1, cookie, cookie_len); + } + XdmcpGenerateKey (&rho); + XdmcpRegisterAuthentication (XdmAuthenticationName, XdmAuthenticationNameLen, + (char *)&rho, + sizeof (rho), + (ValidatorFunc)XdmAuthenticationValidator, + (GeneratorFunc)XdmAuthenticationGenerator, + (AddAuthorFunc)XdmAuthenticationAddAuth); +} + +#endif /* XDMCP */ + +/* XDM-AUTHORIZATION-1 */ +typedef struct _XdmAuthorization { + struct _XdmAuthorization *next; + XdmAuthKeyRec rho; + XdmAuthKeyRec key; + XID id; +} XdmAuthorizationRec, *XdmAuthorizationPtr; + +static XdmAuthorizationPtr xdmAuth; + +typedef struct _XdmClientAuth { + struct _XdmClientAuth *next; + XdmAuthKeyRec rho; + char client[6]; + long time; +} XdmClientAuthRec, *XdmClientAuthPtr; + +static XdmClientAuthPtr xdmClients; +static long clockOffset; +static Bool gotClock; + +#define TwentyMinutes (20 * 60) +#define TwentyFiveMinutes (25 * 60) + +static Bool +XdmClientAuthCompare (const XdmClientAuthPtr a, const XdmClientAuthPtr b) +{ + int i; + + if (!XdmcpCompareKeys (&a->rho, &b->rho)) + return FALSE; + for (i = 0; i < 6; i++) + if (a->client[i] != b->client[i]) + return FALSE; + return a->time == b->time; +} + +static void +XdmClientAuthDecode (const unsigned char *plain, XdmClientAuthPtr auth) +{ + int i, j; + + j = 0; + for (i = 0; i < 8; i++) + { + auth->rho.data[i] = plain[j]; + ++j; + } + for (i = 0; i < 6; i++) + { + auth->client[i] = plain[j]; + ++j; + } + auth->time = 0; + for (i = 0; i < 4; i++) + { + auth->time |= plain[j] << ((3 - i) << 3); + j++; + } +} + +static void +XdmClientAuthTimeout (long now) +{ + XdmClientAuthPtr client, next, prev; + + prev = 0; + for (client = xdmClients; client; client=next) + { + next = client->next; + if (abs (now - client->time) > TwentyFiveMinutes) + { + if (prev) + prev->next = next; + else + xdmClients = next; + xfree (client); + } + else + prev = client; + } +} + +static XdmClientAuthPtr +XdmAuthorizationValidate (unsigned char *plain, int length, + XdmAuthKeyPtr rho, ClientPtr xclient, char **reason) +{ + XdmClientAuthPtr client, existing; + long now; + int i; + + if (length != (192 / 8)) { + if (reason) + *reason = "Bad XDM authorization key length"; + return NULL; + } + client = xalloc (sizeof (XdmClientAuthRec)); + if (!client) + return NULL; + XdmClientAuthDecode (plain, client); + if (!XdmcpCompareKeys (&client->rho, rho)) + { + xfree (client); + if (reason) + *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)"; + return NULL; + } + for (i = 18; i < 24; i++) + if (plain[i] != 0) { + xfree (client); + if (reason) + *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)"; + return NULL; + } + if (xclient) { + int family, addr_len; + Xtransaddr *addr; + + if (_XSERVTransGetPeerAddr(((OsCommPtr)xclient->osPrivate)->trans_conn, + &family, &addr_len, &addr) == 0 + && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) { +#if defined(TCPCONN) || defined(STREAMSCONN) + if (family == FamilyInternet && + memcmp((char *)addr, client->client, 4) != 0) { + xfree (client); + xfree (addr); + if (reason) + *reason = "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)"; + return NULL; + + } +#endif + xfree (addr); + } + } + now = time(0); + if (!gotClock) + { + clockOffset = client->time - now; + gotClock = TRUE; + } + now += clockOffset; + XdmClientAuthTimeout (now); + if (abs (client->time - now) > TwentyMinutes) + { + xfree (client); + if (reason) + *reason = "Excessive XDM-AUTHORIZATION-1 time offset"; + return NULL; + } + for (existing = xdmClients; existing; existing=existing->next) + { + if (XdmClientAuthCompare (existing, client)) + { + xfree (client); + if (reason) + *reason = "XDM authorization key matches an existing client!"; + return NULL; + } + } + return client; +} + +int +XdmAddCookie (unsigned short data_length, const char *data, XID id) +{ + XdmAuthorizationPtr new; + unsigned char *rho_bits, *key_bits; + + switch (data_length) + { + case 16: /* auth from files is 16 bytes long */ +#ifdef XDMCP + if (authFromXDMCP) + { + /* R5 xdm sent bogus authorization data in the accept packet, + * but we can recover */ + rho_bits = rho.data; + key_bits = (unsigned char *) data; + key_bits[0] = '\0'; + } + else +#endif + { + rho_bits = (unsigned char *) data; + key_bits = (unsigned char *) (data + 8); + } + break; +#ifdef XDMCP + case 8: /* auth from XDMCP is 8 bytes long */ + rho_bits = rho.data; + key_bits = (unsigned char *) data; + break; +#endif + default: + return 0; + } + /* the first octet of the key must be zero */ + if (key_bits[0] != '\0') + return 0; + new = xalloc (sizeof (XdmAuthorizationRec)); + if (!new) + return 0; + new->next = xdmAuth; + xdmAuth = new; + memmove (new->key.data, key_bits, (int) 8); + memmove (new->rho.data, rho_bits, (int) 8); + new->id = id; + return 1; +} + +XID +XdmCheckCookie (unsigned short cookie_length, const char *cookie, + ClientPtr xclient, char **reason) +{ + XdmAuthorizationPtr auth; + XdmClientAuthPtr client; + unsigned char *plain; + + /* Auth packets must be a multiple of 8 bytes long */ + if (cookie_length & 7) + return (XID) -1; + plain = xalloc (cookie_length); + if (!plain) + return (XID) -1; + for (auth = xdmAuth; auth; auth=auth->next) { + XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); + if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, xclient, reason)) != NULL) + { + client->next = xdmClients; + xdmClients = client; + xfree (plain); + return auth->id; + } + } + xfree (plain); + return (XID) -1; +} + +int +XdmResetCookie (void) +{ + XdmAuthorizationPtr auth, next_auth; + XdmClientAuthPtr client, next_client; + + for (auth = xdmAuth; auth; auth=next_auth) + { + next_auth = auth->next; + xfree (auth); + } + xdmAuth = 0; + for (client = xdmClients; client; client=next_client) + { + next_client = client->next; + xfree (client); + } + xdmClients = (XdmClientAuthPtr) 0; + return 1; +} + +XID +XdmToID (unsigned short cookie_length, char *cookie) +{ + XdmAuthorizationPtr auth; + XdmClientAuthPtr client; + unsigned char *plain; + + plain = xalloc (cookie_length); + if (!plain) + return (XID) -1; + for (auth = xdmAuth; auth; auth=auth->next) { + XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length); + if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL) + { + xfree (client); + xfree (cookie); + xfree (plain); + return auth->id; + } + } + xfree (cookie); + xfree (plain); + return (XID) -1; +} + +int +XdmFromID (XID id, unsigned short *data_lenp, char **datap) +{ + XdmAuthorizationPtr auth; + + for (auth = xdmAuth; auth; auth=auth->next) { + if (id == auth->id) { + *data_lenp = 16; + *datap = (char *) &auth->rho; + return 1; + } + } + return 0; +} + +int +XdmRemoveCookie (unsigned short data_length, const char *data) +{ + XdmAuthorizationPtr auth; + XdmAuthKeyPtr key_bits, rho_bits; + + switch (data_length) + { + case 16: + rho_bits = (XdmAuthKeyPtr) data; + key_bits = (XdmAuthKeyPtr) (data + 8); + break; +#ifdef XDMCP + case 8: + rho_bits = ρ + key_bits = (XdmAuthKeyPtr) data; + break; +#endif + default: + return 0; + } + for (auth = xdmAuth; auth; auth=auth->next) { + if (XdmcpCompareKeys (rho_bits, &auth->rho) && + XdmcpCompareKeys (key_bits, &auth->key)) + { + xdmAuth = auth->next; + xfree (auth); + return 1; + } + } + return 0; +} + +#endif diff --git a/xorg-server/os/xdmcp.c b/xorg-server/os/xdmcp.c index c1d650d46..436ec726e 100644 --- a/xorg-server/os/xdmcp.c +++ b/xorg-server/os/xdmcp.c @@ -1,1661 +1,1661 @@ -/* - * Copyright 1989 Network Computing Devices, Inc., Mountain View, California. - * - * Permission to use, copy, modify, and distribute this software and its - * documentation for any purpose and without fee is hereby granted, provided - * that the above copyright notice appear in all copies and that both that - * copyright notice and this permission notice appear in supporting - * documentation, and that the name of N.C.D. not be used in advertising or - * publicity pertaining to distribution of the software without specific, - * written prior permission. N.C.D. makes no representations about the - * suitability of this software for any purpose. It is provided "as is" - * without express or implied warranty. - * - */ - -#ifdef HAVE_DIX_CONFIG_H -#include -#endif - -#ifdef WIN32 -#include -#endif - -#include - -#if !defined(WIN32) -#include -#include -#include -#include -#endif - -#include -#include -#include -#include -#include "misc.h" -#include -#include "osdep.h" -#include "input.h" -#include "dixstruct.h" -#include "opaque.h" -#include "site.h" - -#ifdef STREAMSCONN -#include -#include -#include -#endif - -#ifdef XDMCP -#undef REQUEST - -#ifdef XDMCP_NO_IPV6 -#undef IPv6 -#endif - -#include - -#define X_INCLUDE_NETDB_H -#include - -static char *defaultDisplayClass = COMPILEDDISPLAYCLASS; - -static int xdmcpSocket, sessionSocket; -static xdmcp_states state; -#if defined(IPv6) && defined(AF_INET6) -static int xdmcpSocket6; -static struct sockaddr_storage req_sockaddr; -#else -static struct sockaddr_in req_sockaddr; -#endif -static int req_socklen; -static CARD32 SessionID; -static CARD32 timeOutTime; -static int timeOutRtx; -static CARD32 defaultKeepaliveDormancy = XDM_DEF_DORMANCY; -static CARD32 keepaliveDormancy = XDM_DEF_DORMANCY; -static CARD16 DisplayNumber; -static xdmcp_states XDM_INIT_STATE = XDM_OFF; -#ifdef HASXDMAUTH -static char *xdmAuthCookie; -#endif - -static XdmcpBuffer buffer; - -#if defined(IPv6) && defined(AF_INET6) - -static struct addrinfo *mgrAddr; -static struct addrinfo *mgrAddrFirst; - -#define SOCKADDR_TYPE struct sockaddr_storage -#define SOCKADDR_FAMILY(s) ((struct sockaddr *)&(s))->sa_family - -#ifdef BSD44SOCKETS -#define SOCKLEN_FIELD(s) ((struct sockaddr *)&(s))->sa_len -#define SOCKLEN_TYPE unsigned char -#else -#define SOCKLEN_TYPE unsigned int -#endif - -#else - -#define SOCKADDR_TYPE struct sockaddr_in -#define SOCKADDR_FAMILY(s) (s).sin_family - -#ifdef BSD44SOCKETS -#define SOCKLEN_FIELD(s) (s).sin_len -#define SOCKLEN_TYPE unsigned char -#else -#define SOCKLEN_TYPE size_t -#endif - -#endif - -static SOCKADDR_TYPE ManagerAddress; -static SOCKADDR_TYPE FromAddress; - -#ifdef SOCKLEN_FIELD -#define ManagerAddressLen SOCKLEN_FIELD(ManagerAddress) -#define FromAddressLen SOCKLEN_FIELD(FromAddress) -#else -static SOCKLEN_TYPE ManagerAddressLen, FromAddressLen; -#endif - -#if defined(IPv6) && defined(AF_INET6) -static struct multicastinfo { - struct multicastinfo *next; - struct addrinfo *ai; - int hops; -} *mcastlist; -#endif - -static void XdmcpAddHost( - struct sockaddr *from, - int fromlen, - ARRAY8Ptr AuthenticationName, - ARRAY8Ptr hostname, - ARRAY8Ptr status); - -static void XdmcpSelectHost( - struct sockaddr *host_sockaddr, - int host_len, - ARRAY8Ptr AuthenticationName); - -static void get_xdmcp_sock(void); - -static void send_query_msg(void); - -static void recv_willing_msg( - struct sockaddr * /*from*/, - int /*fromlen*/, - unsigned /*length*/); - -static void send_request_msg(void); - -static void recv_accept_msg(unsigned /*length*/); - -static void recv_decline_msg(unsigned /*length*/); - -static void send_manage_msg(void); - -static void recv_refuse_msg(unsigned /*length*/); - -static void recv_failed_msg(unsigned /*length*/); - -static void send_keepalive_msg(void); - -static void recv_alive_msg(unsigned /*length*/); - -static void XdmcpFatal( - char * /*type*/, - ARRAY8Ptr /*status*/); - -static void XdmcpWarning(char * /*str*/); - -static void get_manager_by_name( - int /*argc*/, - char ** /*argv*/, - int /*i*/); - -static void get_fromaddr_by_name(int /*argc*/, char ** /*argv*/, int /*i*/); - -#if defined(IPv6) && defined(AF_INET6) -static int get_mcast_options(int /*argc*/, char ** /*argv*/, int /*i*/); -#endif - -static void receive_packet(int /*socketfd*/); - -static void send_packet(void); - -static void timeout(void); - -static void restart(void); - -static void XdmcpBlockHandler( - pointer /*data*/, - struct timeval ** /*wt*/, - pointer /*LastSelectMask*/); - -static void XdmcpWakeupHandler( - pointer /*data*/, - int /*i*/, - pointer /*LastSelectMask*/); - -/* - * Register the Manufacturer display ID - */ - -static ARRAY8 ManufacturerDisplayID; - -static void -XdmcpRegisterManufacturerDisplayID (char *name, int length) -{ - int i; - - XdmcpDisposeARRAY8 (&ManufacturerDisplayID); - if (!XdmcpAllocARRAY8 (&ManufacturerDisplayID, length)) - return; - for (i = 0; i < length; i++) - ManufacturerDisplayID.data[i] = (CARD8) name[i]; -} - -static unsigned short xdm_udp_port = XDM_UDP_PORT; -static Bool OneSession = FALSE; -static const char *xdm_from = NULL; - -void -XdmcpUseMsg (void) -{ - ErrorF("-query host-name contact named host for XDMCP\n"); - ErrorF("-broadcast broadcast for XDMCP\n"); -#if defined(IPv6) && defined(AF_INET6) - ErrorF("-multicast [addr [hops]] IPv6 multicast for XDMCP\n"); -#endif - ErrorF("-indirect host-name contact named host for indirect XDMCP\n"); - ErrorF("-port port-num UDP port number to send messages to\n"); - ErrorF("-from local-address specify the local address to connect from\n"); - ErrorF("-once Terminate server after one session\n"); - ErrorF("-class display-class specify display class to send in manage\n"); -#ifdef HASXDMAUTH - ErrorF("-cookie xdm-auth-bits specify the magic cookie for XDMCP\n"); -#endif - ErrorF("-displayID display-id manufacturer display ID for request\n"); -} - -int -XdmcpOptions(int argc, char **argv, int i) -{ - if (strcmp(argv[i], "-query") == 0) { - get_manager_by_name(argc, argv, i++); - XDM_INIT_STATE = XDM_QUERY; - AccessUsingXdmcp (); - return (i + 1); - } - if (strcmp(argv[i], "-broadcast") == 0) { - XDM_INIT_STATE = XDM_BROADCAST; - AccessUsingXdmcp (); - return (i + 1); - } -#if defined(IPv6) && defined(AF_INET6) - if (strcmp(argv[i], "-multicast") == 0) { - i = get_mcast_options(argc, argv, ++i); - XDM_INIT_STATE = XDM_MULTICAST; - AccessUsingXdmcp (); - return (i + 1); - } -#endif - if (strcmp(argv[i], "-indirect") == 0) { - get_manager_by_name(argc, argv, i++); - XDM_INIT_STATE = XDM_INDIRECT; - AccessUsingXdmcp (); - return (i + 1); - } - if (strcmp(argv[i], "-port") == 0) { - if (++i == argc) { - FatalError("Xserver: missing port number in command line\n"); - } - xdm_udp_port = (unsigned short) atoi(argv[i]); - return (i + 1); - } - if (strcmp(argv[i], "-from") == 0) { - get_fromaddr_by_name(argc, argv, ++i); - return (i + 1); - } - if (strcmp(argv[i], "-once") == 0) { - OneSession = TRUE; - return (i + 1); - } - if (strcmp(argv[i], "-class") == 0) { - if (++i == argc) { - FatalError("Xserver: missing class name in command line\n"); - } - defaultDisplayClass = argv[i]; - return (i + 1); - } -#ifdef HASXDMAUTH - if (strcmp(argv[i], "-cookie") == 0) { - if (++i == argc) { - FatalError("Xserver: missing cookie data in command line\n"); - } - xdmAuthCookie = argv[i]; - return (i + 1); - } -#endif - if (strcmp(argv[i], "-displayID") == 0) { - if (++i == argc) { - FatalError("Xserver: missing displayID in command line\n"); - } - XdmcpRegisterManufacturerDisplayID (argv[i], strlen (argv[i])); - return (i + 1); - } - return (i); -} - -/* - * This section is a collection of routines for - * registering server-specific data with the XDMCP - * state machine. - */ - - -/* - * Save all broadcast addresses away so BroadcastQuery - * packets get sent everywhere - */ - -#define MAX_BROADCAST 10 - -/* This stays sockaddr_in since IPv6 doesn't support broadcast */ -static struct sockaddr_in BroadcastAddresses[MAX_BROADCAST]; -static int NumBroadcastAddresses; - -void -XdmcpRegisterBroadcastAddress (struct sockaddr_in *addr) -{ - struct sockaddr_in *bcast; - if (NumBroadcastAddresses >= MAX_BROADCAST) - return; - bcast = &BroadcastAddresses[NumBroadcastAddresses++]; - bzero (bcast, sizeof (struct sockaddr_in)); -#ifdef BSD44SOCKETS - bcast->sin_len = addr->sin_len; -#endif - bcast->sin_family = addr->sin_family; - bcast->sin_port = htons (xdm_udp_port); - bcast->sin_addr = addr->sin_addr; -} - -/* - * Each authentication type is registered here; Validator - * will be called to check all access attempts using - * the specified authentication type - */ - -static ARRAYofARRAY8 AuthenticationNames, AuthenticationDatas; -typedef struct _AuthenticationFuncs { - ValidatorFunc Validator; - GeneratorFunc Generator; - AddAuthorFunc AddAuth; -} AuthenticationFuncsRec, *AuthenticationFuncsPtr; - -static AuthenticationFuncsPtr AuthenticationFuncsList; - -void -XdmcpRegisterAuthentication ( - char *name, - int namelen, - char *data, - int datalen, - ValidatorFunc Validator, - GeneratorFunc Generator, - AddAuthorFunc AddAuth) -{ - int i; - ARRAY8 AuthenticationName, AuthenticationData; - static AuthenticationFuncsPtr newFuncs; - - if (!XdmcpAllocARRAY8 (&AuthenticationName, namelen)) - return; - if (!XdmcpAllocARRAY8 (&AuthenticationData, datalen)) - { - XdmcpDisposeARRAY8 (&AuthenticationName); - return; - } - for (i = 0; i < namelen; i++) - AuthenticationName.data[i] = name[i]; - for (i = 0; i < datalen; i++) - AuthenticationData.data[i] = data[i]; - if (!(XdmcpReallocARRAYofARRAY8 (&AuthenticationNames, - AuthenticationNames.length + 1) && - XdmcpReallocARRAYofARRAY8 (&AuthenticationDatas, - AuthenticationDatas.length + 1) && - (newFuncs = xalloc ((AuthenticationNames.length + 1) * sizeof (AuthenticationFuncsRec))))) - { - XdmcpDisposeARRAY8 (&AuthenticationName); - XdmcpDisposeARRAY8 (&AuthenticationData); - return; - } - for (i = 0; i < AuthenticationNames.length - 1; i++) - newFuncs[i] = AuthenticationFuncsList[i]; - newFuncs[AuthenticationNames.length-1].Validator = Validator; - newFuncs[AuthenticationNames.length-1].Generator = Generator; - newFuncs[AuthenticationNames.length-1].AddAuth = AddAuth; - xfree (AuthenticationFuncsList); - AuthenticationFuncsList = newFuncs; - AuthenticationNames.data[AuthenticationNames.length-1] = AuthenticationName; - AuthenticationDatas.data[AuthenticationDatas.length-1] = AuthenticationData; -} - -/* - * Select the authentication type to be used; this is - * set by the manager of the host to be connected to. - */ - -static ARRAY8 noAuthenticationName = {(CARD16) 0, (CARD8Ptr) 0}; -static ARRAY8 noAuthenticationData = {(CARD16) 0, (CARD8Ptr) 0}; -static ARRAY8Ptr AuthenticationName = &noAuthenticationName; -static ARRAY8Ptr AuthenticationData = &noAuthenticationData; -static AuthenticationFuncsPtr AuthenticationFuncs; - -static void -XdmcpSetAuthentication (ARRAY8Ptr name) -{ - int i; - - for (i = 0; i < AuthenticationNames.length; i++) - if (XdmcpARRAY8Equal (&AuthenticationNames.data[i], name)) - { - AuthenticationName = &AuthenticationNames.data[i]; - AuthenticationData = &AuthenticationDatas.data[i]; - AuthenticationFuncs = &AuthenticationFuncsList[i]; - break; - } -} - -/* - * Register the host address for the display - */ - -static ARRAY16 ConnectionTypes; -static ARRAYofARRAY8 ConnectionAddresses; -static long xdmcpGeneration; - -void -XdmcpRegisterConnection ( - int type, - char *address, - int addrlen) -{ - int i; - CARD8 *newAddress; - - if (xdmcpGeneration != serverGeneration) - { - XdmcpDisposeARRAY16 (&ConnectionTypes); - XdmcpDisposeARRAYofARRAY8 (&ConnectionAddresses); - xdmcpGeneration = serverGeneration; - } - if (xdm_from != NULL) { /* Only register the requested address */ - const void *regAddr = address; - const void *fromAddr = NULL; - int regAddrlen = addrlen; - - if (addrlen == sizeof(struct in_addr)) { - if (SOCKADDR_FAMILY(FromAddress) == AF_INET) { - fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; - } -#if defined(IPv6) && defined(AF_INET6) - else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET6) && - IN6_IS_ADDR_V4MAPPED( - &((struct sockaddr_in6 *)&FromAddress)->sin6_addr)) { - fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr.s6_addr[12]; - } -#endif - } -#if defined(IPv6) && defined(AF_INET6) - else if (addrlen == sizeof(struct in6_addr)) { - if (SOCKADDR_FAMILY(FromAddress) == AF_INET6) { - fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr; - } else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET) && - IN6_IS_ADDR_V4MAPPED((struct in6_addr *) address)) { - fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; - regAddr = &((struct sockaddr_in6 *)&address)->sin6_addr.s6_addr[12]; - regAddrlen = sizeof(struct in_addr); - } - } -#endif - if (fromAddr && memcmp(regAddr, fromAddr, regAddrlen) != 0) { - return; - } - } - if (ConnectionAddresses.length + 1 == 256) - return; - newAddress = xalloc (addrlen * sizeof (CARD8)); - if (!newAddress) - return; - if (!XdmcpReallocARRAY16 (&ConnectionTypes, ConnectionTypes.length + 1)) - { - xfree (newAddress); - return; - } - if (!XdmcpReallocARRAYofARRAY8 (&ConnectionAddresses, - ConnectionAddresses.length + 1)) - { - xfree (newAddress); - return; - } - ConnectionTypes.data[ConnectionTypes.length - 1] = (CARD16) type; - for (i = 0; i < addrlen; i++) - newAddress[i] = address[i]; - ConnectionAddresses.data[ConnectionAddresses.length-1].data = newAddress; - ConnectionAddresses.data[ConnectionAddresses.length-1].length = addrlen; -} - -/* - * Register an Authorization Name. XDMCP advertises this list - * to the manager. - */ - -static ARRAYofARRAY8 AuthorizationNames; - -void -XdmcpRegisterAuthorizations (void) -{ - XdmcpDisposeARRAYofARRAY8 (&AuthorizationNames); - RegisterAuthorizations (); -} - -void -XdmcpRegisterAuthorization (char *name, int namelen) -{ - ARRAY8 authName; - int i; - - authName.data = xalloc (namelen * sizeof (CARD8)); - if (!authName.data) - return; - if (!XdmcpReallocARRAYofARRAY8 (&AuthorizationNames, AuthorizationNames.length +1)) - { - xfree (authName.data); - return; - } - for (i = 0; i < namelen; i++) - authName.data[i] = (CARD8) name[i]; - authName.length = namelen; - AuthorizationNames.data[AuthorizationNames.length-1] = authName; -} - -/* - * Register the DisplayClass string - */ - -static ARRAY8 DisplayClass; - -static void -XdmcpRegisterDisplayClass (char *name, int length) -{ - int i; - - XdmcpDisposeARRAY8 (&DisplayClass); - if (!XdmcpAllocARRAY8 (&DisplayClass, length)) - return; - for (i = 0; i < length; i++) - DisplayClass.data[i] = (CARD8) name[i]; -} - -/* - * initialize XDMCP; create the socket, compute the display - * number, set up the state machine - */ - -void -XdmcpInit(void) -{ - state = XDM_INIT_STATE; -#ifdef HASXDMAUTH - if (xdmAuthCookie) - XdmAuthenticationInit (xdmAuthCookie, strlen (xdmAuthCookie)); -#endif - if (state != XDM_OFF) - { - XdmcpRegisterAuthorizations(); - XdmcpRegisterDisplayClass (defaultDisplayClass, strlen (defaultDisplayClass)); - AccessUsingXdmcp(); - RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler, - (pointer) 0); - timeOutRtx = 0; - DisplayNumber = (CARD16) atoi(display); - get_xdmcp_sock(); - send_packet(); - } -} - -void -XdmcpReset (void) -{ - state = XDM_INIT_STATE; - if (state != XDM_OFF) - { - RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler, - (pointer) 0); - timeOutRtx = 0; - send_packet(); - } -} - -/* - * Called whenever a new connection is created; notices the - * first connection and saves it to terminate the session - * when it is closed - */ - -void -XdmcpOpenDisplay(int sock) -{ - if (state != XDM_AWAIT_MANAGE_RESPONSE) - return; - state = XDM_RUN_SESSION; - sessionSocket = sock; -} - -void -XdmcpCloseDisplay(int sock) -{ - if ((state != XDM_RUN_SESSION && state != XDM_AWAIT_ALIVE_RESPONSE) - || sessionSocket != sock) - return; - state = XDM_INIT_STATE; - if (OneSession) - dispatchException |= DE_TERMINATE; - else - dispatchException |= DE_RESET; - isItTimeToYield = TRUE; -} - -/* - * called before going to sleep, this routine - * may modify the timeout value about to be sent - * to select; in this way XDMCP can do appropriate things - * dynamically while starting up - */ - -/*ARGSUSED*/ -static void -XdmcpBlockHandler( - pointer data, /* unused */ - struct timeval **wt, - pointer pReadmask) -{ - fd_set *LastSelectMask = (fd_set*)pReadmask; - CARD32 millisToGo; - - if (state == XDM_OFF) - return; - FD_SET(xdmcpSocket, LastSelectMask); -#if defined(IPv6) && defined(AF_INET6) - if (xdmcpSocket6 >= 0) - FD_SET(xdmcpSocket6, LastSelectMask); -#endif - if (timeOutTime == 0) - return; - millisToGo = timeOutTime - GetTimeInMillis(); - if ((int) millisToGo < 0) - millisToGo = 0; - AdjustWaitForDelay (wt, millisToGo); -} - -/* - * called after select returns; this routine will - * recognise when XDMCP packets await and - * process them appropriately - */ - -/*ARGSUSED*/ -static void -XdmcpWakeupHandler( - pointer data, /* unused */ - int i, - pointer pReadmask) -{ - fd_set* LastSelectMask = (fd_set*)pReadmask; - fd_set devicesReadable; - - if (state == XDM_OFF) - return; - if (i > 0) - { - if (FD_ISSET(xdmcpSocket, LastSelectMask)) - { - receive_packet(xdmcpSocket); - FD_CLR(xdmcpSocket, LastSelectMask); - } -#if defined(IPv6) && defined(AF_INET6) - if (xdmcpSocket6 >= 0 && FD_ISSET(xdmcpSocket6, LastSelectMask)) - { - receive_packet(xdmcpSocket6); - FD_CLR(xdmcpSocket6, LastSelectMask); - } -#endif - XFD_ANDSET(&devicesReadable, LastSelectMask, &EnabledDevices); - if (XFD_ANYSET(&devicesReadable)) - { - if (state == XDM_AWAIT_USER_INPUT) - restart(); - else if (state == XDM_RUN_SESSION) - keepaliveDormancy = defaultKeepaliveDormancy; - } - if (XFD_ANYSET(&AllClients) && state == XDM_RUN_SESSION) - timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000; - } - else if (timeOutTime && (int) (GetTimeInMillis() - timeOutTime) >= 0) - { - if (state == XDM_RUN_SESSION) - { - state = XDM_KEEPALIVE; - send_packet(); - } - else - timeout(); - } -} - -/* - * This routine should be called from the routine that drives the - * user's host menu when the user selects a host - */ - -static void -XdmcpSelectHost( - struct sockaddr *host_sockaddr, - int host_len, - ARRAY8Ptr AuthenticationName) -{ - state = XDM_START_CONNECTION; - memmove(&req_sockaddr, host_sockaddr, host_len); - req_socklen = host_len; - XdmcpSetAuthentication (AuthenticationName); - send_packet(); -} - -/* - * !!! this routine should be replaced by a routine that adds - * the host to the user's host menu. the current version just - * selects the first host to respond with willing message. - */ - -/*ARGSUSED*/ -static void -XdmcpAddHost( - struct sockaddr *from, - int fromlen, - ARRAY8Ptr AuthenticationName, - ARRAY8Ptr hostname, - ARRAY8Ptr status) -{ - XdmcpSelectHost(from, fromlen, AuthenticationName); -} - -/* - * A message is queued on the socket; read it and - * do the appropriate thing - */ - -static ARRAY8 UnwillingMessage = { (CARD8) 14, (CARD8 *) "Host unwilling" }; - -static void -receive_packet(int socketfd) -{ -#if defined(IPv6) && defined(AF_INET6) - struct sockaddr_storage from; -#else - struct sockaddr_in from; -#endif - int fromlen = sizeof(from); - XdmcpHeader header; - - /* read message off socket */ - if (!XdmcpFill (socketfd, &buffer, (XdmcpNetaddr) &from, &fromlen)) - return; - - /* reset retransmission backoff */ - timeOutRtx = 0; - - if (!XdmcpReadHeader (&buffer, &header)) - return; - - if (header.version != XDM_PROTOCOL_VERSION) - return; - - switch (header.opcode) { - case WILLING: - recv_willing_msg((struct sockaddr *) &from, fromlen, header.length); - break; - case UNWILLING: - XdmcpFatal("Manager unwilling", &UnwillingMessage); - break; - case ACCEPT: - recv_accept_msg(header.length); - break; - case DECLINE: - recv_decline_msg(header.length); - break; - case REFUSE: - recv_refuse_msg(header.length); - break; - case FAILED: - recv_failed_msg(header.length); - break; - case ALIVE: - recv_alive_msg(header.length); - break; - } -} - -/* - * send the appropriate message given the current state - */ - -static void -send_packet(void) -{ - int rtx; - switch (state) { - case XDM_QUERY: - case XDM_BROADCAST: - case XDM_INDIRECT: -#if defined(IPv6) && defined(AF_INET6) - case XDM_MULTICAST: -#endif - send_query_msg(); - break; - case XDM_START_CONNECTION: - send_request_msg(); - break; - case XDM_MANAGE: - send_manage_msg(); - break; - case XDM_KEEPALIVE: - send_keepalive_msg(); - break; - default: - break; - } - rtx = (XDM_MIN_RTX << timeOutRtx); - if (rtx > XDM_MAX_RTX) - rtx = XDM_MAX_RTX; - timeOutTime = GetTimeInMillis() + rtx * 1000; -} - -/* - * The session is declared dead for some reason; too many - * timeouts, or Keepalive failure. - */ - -static void -XdmcpDeadSession (char *reason) -{ - ErrorF ("XDM: %s, declaring session dead\n", reason); - state = XDM_INIT_STATE; - isItTimeToYield = TRUE; - dispatchException |= DE_RESET; - timeOutTime = 0; - timeOutRtx = 0; - send_packet(); -} - -/* - * Timeout waiting for an XDMCP response. - */ - -static void -timeout(void) -{ - timeOutRtx++; - if (state == XDM_AWAIT_ALIVE_RESPONSE && timeOutRtx >= XDM_KA_RTX_LIMIT ) - { - XdmcpDeadSession ("too many keepalive retransmissions"); - return; - } - else if (timeOutRtx >= XDM_RTX_LIMIT) - { - /* Quit if "-once" specified, otherwise reset and try again. */ - if (OneSession) { - dispatchException |= DE_TERMINATE; - ErrorF("XDM: too many retransmissions\n"); - } else { - XdmcpDeadSession("too many retransmissions"); - } - return; - } - -#if defined(IPv6) && defined(AF_INET6) - if (state == XDM_COLLECT_QUERY || state == XDM_COLLECT_INDIRECT_QUERY) { - /* Try next address */ - for (mgrAddr = mgrAddr->ai_next; ; mgrAddr = mgrAddr->ai_next) { - if (mgrAddr == NULL) { - mgrAddr = mgrAddrFirst; - } - if (mgrAddr->ai_family == AF_INET - || mgrAddr->ai_family == AF_INET6) - break; - } -#ifndef SIN6_LEN - ManagerAddressLen = mgrAddr->ai_addrlen; -#endif - memcpy(&ManagerAddress, mgrAddr->ai_addr, mgrAddr->ai_addrlen); - } -#endif - - switch (state) { - case XDM_COLLECT_QUERY: - state = XDM_QUERY; - break; - case XDM_COLLECT_BROADCAST_QUERY: - state = XDM_BROADCAST; - break; -#if defined(IPv6) && defined(AF_INET6) - case XDM_COLLECT_MULTICAST_QUERY: - state = XDM_MULTICAST; - break; -#endif - case XDM_COLLECT_INDIRECT_QUERY: - state = XDM_INDIRECT; - break; - case XDM_AWAIT_REQUEST_RESPONSE: - state = XDM_START_CONNECTION; - break; - case XDM_AWAIT_MANAGE_RESPONSE: - state = XDM_MANAGE; - break; - case XDM_AWAIT_ALIVE_RESPONSE: - state = XDM_KEEPALIVE; - break; - default: - break; - } - send_packet(); -} - -static void -restart(void) -{ - state = XDM_INIT_STATE; - timeOutRtx = 0; - send_packet(); -} - -static int -XdmcpCheckAuthentication (ARRAY8Ptr Name, ARRAY8Ptr Data, int packet_type) -{ - return (XdmcpARRAY8Equal (Name, AuthenticationName) && - (AuthenticationName->length == 0 || - (*AuthenticationFuncs->Validator) (AuthenticationData, Data, packet_type))); -} - -static int -XdmcpAddAuthorization (ARRAY8Ptr name, ARRAY8Ptr data) -{ - AddAuthorFunc AddAuth; - - if (AuthenticationFuncs && AuthenticationFuncs->AddAuth) - AddAuth = AuthenticationFuncs->AddAuth; - else - AddAuth = AddAuthorization; - return (*AddAuth) ((unsigned short)name->length, - (char *)name->data, - (unsigned short)data->length, - (char *)data->data); -} - -/* - * from here to the end of this file are routines private - * to the state machine. - */ - -static void -get_xdmcp_sock(void) -{ -#ifdef STREAMSCONN - struct netconfig *nconf; - - if ((xdmcpSocket = t_open("/dev/udp", O_RDWR, 0)) < 0) { - XdmcpWarning("t_open() of /dev/udp failed"); - return; - } - - if( t_bind(xdmcpSocket,NULL,NULL) < 0 ) { - XdmcpWarning("UDP socket creation failed"); - t_error("t_bind(xdmcpSocket) failed" ); - t_close(xdmcpSocket); - return; - } - - /* - * This part of the code looks contrived. It will actually fit in nicely - * when the CLTS part of Xtrans is implemented. - */ - - if( (nconf=getnetconfigent("udp")) == NULL ) { - XdmcpWarning("UDP socket creation failed: getnetconfigent()"); - t_unbind(xdmcpSocket); - t_close(xdmcpSocket); - return; - } - - if( netdir_options(nconf, ND_SET_BROADCAST, xdmcpSocket, NULL) ) { - XdmcpWarning("UDP set broadcast option failed: netdir_options()"); - freenetconfigent(nconf); - t_unbind(xdmcpSocket); - t_close(xdmcpSocket); - return; - } - - freenetconfigent(nconf); -#else - int soopts = 1; - -#if defined(IPv6) && defined(AF_INET6) - if ((xdmcpSocket6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) - XdmcpWarning("INET6 UDP socket creation failed"); -#endif - if ((xdmcpSocket = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - XdmcpWarning("UDP socket creation failed"); -#ifdef SO_BROADCAST - else if (setsockopt(xdmcpSocket, SOL_SOCKET, SO_BROADCAST, (char *)&soopts, - sizeof(soopts)) < 0) - XdmcpWarning("UDP set broadcast socket-option failed"); -#endif /* SO_BROADCAST */ - if (xdmcpSocket >= 0 && xdm_from != NULL) { - if (bind(xdmcpSocket, (struct sockaddr *)&FromAddress, - FromAddressLen) < 0) { - FatalError("Xserver: failed to bind to -from address: %s\n", xdm_from); - } - } -#endif /* STREAMSCONN */ -} - -static void -send_query_msg(void) -{ - XdmcpHeader header; - Bool broadcast = FALSE; -#if defined(IPv6) && defined(AF_INET6) - Bool multicast = FALSE; -#endif - int i; - int socketfd = xdmcpSocket; - - header.version = XDM_PROTOCOL_VERSION; - switch(state){ - case XDM_QUERY: - header.opcode = (CARD16) QUERY; - state = XDM_COLLECT_QUERY; - break; - case XDM_BROADCAST: - header.opcode = (CARD16) BROADCAST_QUERY; - state = XDM_COLLECT_BROADCAST_QUERY; - broadcast = TRUE; - break; -#if defined(IPv6) && defined(AF_INET6) - case XDM_MULTICAST: - header.opcode = (CARD16) BROADCAST_QUERY; - state = XDM_COLLECT_MULTICAST_QUERY; - multicast = TRUE; - break; -#endif - case XDM_INDIRECT: - header.opcode = (CARD16) INDIRECT_QUERY; - state = XDM_COLLECT_INDIRECT_QUERY; - break; - default: - break; - } - header.length = 1; - for (i = 0; i < AuthenticationNames.length; i++) - header.length += 2 + AuthenticationNames.data[i].length; - - XdmcpWriteHeader (&buffer, &header); - XdmcpWriteARRAYofARRAY8 (&buffer, &AuthenticationNames); - if (broadcast) - { - int i; - - for (i = 0; i < NumBroadcastAddresses; i++) - XdmcpFlush (xdmcpSocket, &buffer, (XdmcpNetaddr) &BroadcastAddresses[i], - sizeof (struct sockaddr_in)); - } -#if defined(IPv6) && defined(AF_INET6) - else if (multicast) - { - struct multicastinfo *mcl; - struct addrinfo *ai; - - for (mcl = mcastlist; mcl != NULL; mcl = mcl->next) { - for (ai = mcl->ai ; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family == AF_INET) { - unsigned char hopflag = (unsigned char) mcl->hops; - socketfd = xdmcpSocket; - setsockopt(socketfd, IPPROTO_IP, IP_MULTICAST_TTL, - &hopflag, sizeof(hopflag)); - } else if (ai->ai_family == AF_INET6) { - int hopflag6 = mcl->hops; - socketfd = xdmcpSocket6; - setsockopt(socketfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, - &hopflag6, sizeof(hopflag6)); - } else { - continue; - } - XdmcpFlush (socketfd, &buffer, - (XdmcpNetaddr) ai->ai_addr, ai->ai_addrlen); - break; - } - } - } -#endif - else - { -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(ManagerAddress) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &ManagerAddress, - ManagerAddressLen); - } -} - -static void -recv_willing_msg( - struct sockaddr *from, - int fromlen, - unsigned length) -{ - ARRAY8 authenticationName; - ARRAY8 hostname; - ARRAY8 status; - - authenticationName.data = 0; - hostname.data = 0; - status.data = 0; - if (XdmcpReadARRAY8 (&buffer, &authenticationName) && - XdmcpReadARRAY8 (&buffer, &hostname) && - XdmcpReadARRAY8 (&buffer, &status)) - { - if (length == 6 + authenticationName.length + - hostname.length + status.length) - { - switch (state) - { - case XDM_COLLECT_QUERY: - XdmcpSelectHost(from, fromlen, &authenticationName); - break; - case XDM_COLLECT_BROADCAST_QUERY: -#if defined(IPv6) && defined(AF_INET6) - case XDM_COLLECT_MULTICAST_QUERY: -#endif - case XDM_COLLECT_INDIRECT_QUERY: - XdmcpAddHost(from, fromlen, &authenticationName, &hostname, &status); - break; - default: - break; - } - } - } - XdmcpDisposeARRAY8 (&authenticationName); - XdmcpDisposeARRAY8 (&hostname); - XdmcpDisposeARRAY8 (&status); -} - -static void -send_request_msg(void) -{ - XdmcpHeader header; - int length; - int i; - CARD16 XdmcpConnectionType; - ARRAY8 authenticationData; - int socketfd = xdmcpSocket; - - switch (SOCKADDR_FAMILY(ManagerAddress)) - { - case AF_INET: XdmcpConnectionType=FamilyInternet; break; -#if defined(IPv6) && defined(AF_INET6) - case AF_INET6: XdmcpConnectionType=FamilyInternet6; break; -#endif - default: XdmcpConnectionType=0xffff; break; - } - - header.version = XDM_PROTOCOL_VERSION; - header.opcode = (CARD16) REQUEST; - - length = 2; /* display number */ - length += 1 + 2 * ConnectionTypes.length; /* connection types */ - length += 1; /* connection addresses */ - for (i = 0; i < ConnectionAddresses.length; i++) - length += 2 + ConnectionAddresses.data[i].length; - authenticationData.length = 0; - authenticationData.data = 0; - if (AuthenticationFuncs) - { - (*AuthenticationFuncs->Generator) (AuthenticationData, - &authenticationData, - REQUEST); - } - length += 2 + AuthenticationName->length; /* authentication name */ - length += 2 + authenticationData.length; /* authentication data */ - length += 1; /* authorization names */ - for (i = 0; i < AuthorizationNames.length; i++) - length += 2 + AuthorizationNames.data[i].length; - length += 2 + ManufacturerDisplayID.length; /* display ID */ - header.length = length; - - if (!XdmcpWriteHeader (&buffer, &header)) - { - XdmcpDisposeARRAY8 (&authenticationData); - return; - } - XdmcpWriteCARD16 (&buffer, DisplayNumber); - XdmcpWriteCARD8 (&buffer, ConnectionTypes.length); - - /* The connection array is send reordered, so that connections of */ - /* the same address type as the XDMCP manager connection are send */ - /* first. This works around a bug in xdm. mario@klebsch.de */ - for (i = 0; i < (int)ConnectionTypes.length; i++) - if (ConnectionTypes.data[i]==XdmcpConnectionType) - XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]); - for (i = 0; i < (int)ConnectionTypes.length; i++) - if (ConnectionTypes.data[i]!=XdmcpConnectionType) - XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]); - - XdmcpWriteCARD8 (&buffer, ConnectionAddresses.length); - for (i = 0; i < (int)ConnectionAddresses.length; i++) - if ( (i=ConnectionTypes.length) || - (ConnectionTypes.data[i]!=XdmcpConnectionType) ) - XdmcpWriteARRAY8 (&buffer, &ConnectionAddresses.data[i]); - - XdmcpWriteARRAY8 (&buffer, AuthenticationName); - XdmcpWriteARRAY8 (&buffer, &authenticationData); - XdmcpDisposeARRAY8 (&authenticationData); - XdmcpWriteARRAYofARRAY8 (&buffer, &AuthorizationNames); - XdmcpWriteARRAY8 (&buffer, &ManufacturerDisplayID); -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - if (XdmcpFlush (socketfd, &buffer, - (XdmcpNetaddr) &req_sockaddr, req_socklen)) - state = XDM_AWAIT_REQUEST_RESPONSE; -} - -static void -recv_accept_msg(unsigned length) -{ - CARD32 AcceptSessionID; - ARRAY8 AcceptAuthenticationName, AcceptAuthenticationData; - ARRAY8 AcceptAuthorizationName, AcceptAuthorizationData; - - if (state != XDM_AWAIT_REQUEST_RESPONSE) - return; - AcceptAuthenticationName.data = 0; - AcceptAuthenticationData.data = 0; - AcceptAuthorizationName.data = 0; - AcceptAuthorizationData.data = 0; - if (XdmcpReadCARD32 (&buffer, &AcceptSessionID) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationName) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationData) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationName) && - XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationData)) - { - if (length == 12 + AcceptAuthenticationName.length + - AcceptAuthenticationData.length + - AcceptAuthorizationName.length + - AcceptAuthorizationData.length) - { - if (!XdmcpCheckAuthentication (&AcceptAuthenticationName, - &AcceptAuthenticationData, ACCEPT)) - { - XdmcpFatal ("Authentication Failure", &AcceptAuthenticationName); - } - /* permit access control manipulations from this host */ - AugmentSelf (&req_sockaddr, req_socklen); - /* if the authorization specified in the packet fails - * to be acceptable, enable the local addresses - */ - if (!XdmcpAddAuthorization (&AcceptAuthorizationName, - &AcceptAuthorizationData)) - { - AddLocalHosts (); - } - SessionID = AcceptSessionID; - state = XDM_MANAGE; - send_packet(); - } - } - XdmcpDisposeARRAY8 (&AcceptAuthenticationName); - XdmcpDisposeARRAY8 (&AcceptAuthenticationData); - XdmcpDisposeARRAY8 (&AcceptAuthorizationName); - XdmcpDisposeARRAY8 (&AcceptAuthorizationData); -} - -static void -recv_decline_msg(unsigned length) -{ - ARRAY8 status, DeclineAuthenticationName, DeclineAuthenticationData; - - status.data = 0; - DeclineAuthenticationName.data = 0; - DeclineAuthenticationData.data = 0; - if (XdmcpReadARRAY8 (&buffer, &status) && - XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationName) && - XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationData)) - { - if (length == 6 + status.length + - DeclineAuthenticationName.length + - DeclineAuthenticationData.length && - XdmcpCheckAuthentication (&DeclineAuthenticationName, - &DeclineAuthenticationData, DECLINE)) - { - XdmcpFatal ("Session declined", &status); - } - } - XdmcpDisposeARRAY8 (&status); - XdmcpDisposeARRAY8 (&DeclineAuthenticationName); - XdmcpDisposeARRAY8 (&DeclineAuthenticationData); -} - -static void -send_manage_msg(void) -{ - XdmcpHeader header; - int socketfd = xdmcpSocket; - - header.version = XDM_PROTOCOL_VERSION; - header.opcode = (CARD16) MANAGE; - header.length = 8 + DisplayClass.length; - - if (!XdmcpWriteHeader (&buffer, &header)) - return; - XdmcpWriteCARD32 (&buffer, SessionID); - XdmcpWriteCARD16 (&buffer, DisplayNumber); - XdmcpWriteARRAY8 (&buffer, &DisplayClass); - state = XDM_AWAIT_MANAGE_RESPONSE; -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen); -} - -static void -recv_refuse_msg(unsigned length) -{ - CARD32 RefusedSessionID; - - if (state != XDM_AWAIT_MANAGE_RESPONSE) - return; - if (length != 4) - return; - if (XdmcpReadCARD32 (&buffer, &RefusedSessionID)) - { - if (RefusedSessionID == SessionID) - { - state = XDM_START_CONNECTION; - send_packet(); - } - } -} - -static void -recv_failed_msg(unsigned length) -{ - CARD32 FailedSessionID; - ARRAY8 status; - - if (state != XDM_AWAIT_MANAGE_RESPONSE) - return; - status.data = 0; - if (XdmcpReadCARD32 (&buffer, &FailedSessionID) && - XdmcpReadARRAY8 (&buffer, &status)) - { - if (length == 6 + status.length && - SessionID == FailedSessionID) - { - XdmcpFatal ("Session failed", &status); - } - } - XdmcpDisposeARRAY8 (&status); -} - -static void -send_keepalive_msg(void) -{ - XdmcpHeader header; - int socketfd = xdmcpSocket; - - header.version = XDM_PROTOCOL_VERSION; - header.opcode = (CARD16) KEEPALIVE; - header.length = 6; - - XdmcpWriteHeader (&buffer, &header); - XdmcpWriteCARD16 (&buffer, DisplayNumber); - XdmcpWriteCARD32 (&buffer, SessionID); - - state = XDM_AWAIT_ALIVE_RESPONSE; -#if defined(IPv6) && defined(AF_INET6) - if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) - socketfd = xdmcpSocket6; -#endif - XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen); -} - -static void -recv_alive_msg (unsigned length) -{ - CARD8 SessionRunning; - CARD32 AliveSessionID; - - if (state != XDM_AWAIT_ALIVE_RESPONSE) - return; - if (length != 5) - return; - if (XdmcpReadCARD8 (&buffer, &SessionRunning) && - XdmcpReadCARD32 (&buffer, &AliveSessionID)) - { - if (SessionRunning && AliveSessionID == SessionID) - { - /* backoff dormancy period */ - state = XDM_RUN_SESSION; - if ((GetTimeInMillis() - lastDeviceEventTime.milliseconds) > - keepaliveDormancy * 1000) - { - keepaliveDormancy <<= 1; - if (keepaliveDormancy > XDM_MAX_DORMANCY) - keepaliveDormancy = XDM_MAX_DORMANCY; - } - timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000; - } - else - { - XdmcpDeadSession ("Alive response indicates session dead"); - } - } -} - -static void -XdmcpFatal ( - char *type, - ARRAY8Ptr status) -{ - FatalError ("XDMCP fatal error: %s %*.*s\n", type, - status->length, status->length, status->data); -} - -static void -XdmcpWarning(char *str) -{ - ErrorF("XDMCP warning: %s\n", str); -} - -static void -get_addr_by_name( - char * argtype, - char * namestr, - int port, - int socktype, - SOCKADDR_TYPE *addr, - SOCKLEN_TYPE *addrlen -#if defined(IPv6) && defined(AF_INET6) - , - struct addrinfo **aip, - struct addrinfo **aifirstp -#endif - ) -{ -#if defined(IPv6) && defined(AF_INET6) - struct addrinfo *ai; - struct addrinfo hints; - char portstr[6]; - char *pport = portstr; - int gaierr; - - bzero(&hints, sizeof(hints)); - hints.ai_socktype = socktype; - - if (port == 0) { - pport = NULL; - } else if (port > 0 && port < 65535) { - sprintf(portstr, "%d", port); - } else { - FatalError("Xserver: port out of range: %d\n", port); - } - - if (*aifirstp != NULL) { - freeaddrinfo(*aifirstp); - *aifirstp = NULL; - } - - if ((gaierr = getaddrinfo(namestr, pport, &hints, aifirstp)) == 0) { - for (ai = *aifirstp; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family == AF_INET || ai->ai_family == AF_INET6) - break; - } - if ((ai == NULL) || (ai->ai_addrlen > sizeof(SOCKADDR_TYPE))) { - FatalError ("Xserver: %s host %s not on supported network type\n", - argtype, namestr); - } else { - *aip = ai; - *addrlen = ai->ai_addrlen; - memcpy(addr, ai->ai_addr, ai->ai_addrlen); - } - } else { - FatalError("Xserver: %s: %s %s\n", gai_strerror(gaierr), argtype, namestr); - } -#else - struct hostent *hep; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif -#if defined(WIN32) && (defined(TCPCONN) || defined(DNETCONN)) - _XSERVTransWSAStartup(); -#endif - if (!(hep = _XGethostbyname(namestr, hparams))) - { - FatalError("Xserver: %s unknown host: %s\n", argtype, namestr); - } - if (hep->h_length == sizeof (struct in_addr)) - { - memmove(&addr->sin_addr, hep->h_addr, hep->h_length); - *addrlen = sizeof(struct sockaddr_in); - addr->sin_family = AF_INET; - addr->sin_port = htons (port); - } - else - { - FatalError("Xserver: %s host on strange network %s\n", argtype, namestr); - } -#endif -} - -static void -get_manager_by_name( - int argc, - char **argv, - int i) -{ - - if ((i + 1) == argc) - { - FatalError("Xserver: missing %s host name in command line\n", argv[i]); - } - - get_addr_by_name(argv[i], argv[i+1], xdm_udp_port, SOCK_DGRAM, - &ManagerAddress, &ManagerAddressLen -#if defined(IPv6) && defined(AF_INET6) - , &mgrAddr, &mgrAddrFirst -#endif - ); -} - - -static void -get_fromaddr_by_name( - int argc, - char **argv, - int i) -{ -#if defined(IPv6) && defined(AF_INET6) - struct addrinfo *ai = NULL; - struct addrinfo *aifirst = NULL; -#endif - if (i == argc) - { - FatalError("Xserver: missing -from host name in command line\n"); - } - get_addr_by_name("-from", argv[i], 0, 0, &FromAddress, &FromAddressLen -#if defined(IPv6) && defined(AF_INET6) - , &ai, &aifirst -#endif - ); -#if defined(IPv6) && defined(AF_INET6) - if (aifirst != NULL) - freeaddrinfo(aifirst); -#endif - xdm_from = argv[i]; -} - - -#if defined(IPv6) && defined(AF_INET6) -static int -get_mcast_options(int argc, char **argv, int i) -{ - char *address = XDM_DEFAULT_MCAST_ADDR6; - int hopcount = 1; - struct addrinfo hints; - char portstr[6]; - int gaierr; - struct addrinfo *ai, *firstai; - - if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) { - address = argv[i++]; - if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) { - hopcount = strtol(argv[i++], NULL, 10); - if ((hopcount < 1) || (hopcount > 255)) { - FatalError("Xserver: multicast hop count out of range: %d\n", - hopcount); - } - } - } - - if (xdm_udp_port > 0 && xdm_udp_port < 65535) { - sprintf(portstr, "%d", xdm_udp_port); - } else { - FatalError("Xserver: port out of range: %d\n", xdm_udp_port); - } - bzero(&hints, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; - - if ((gaierr = getaddrinfo(address, portstr, &hints, &firstai)) == 0) { - for (ai = firstai; ai != NULL; ai = ai->ai_next) { - if (((ai->ai_family == AF_INET) && - IN_MULTICAST(((struct sockaddr_in *) ai->ai_addr) - ->sin_addr.s_addr)) - || ((ai->ai_family == AF_INET6) && - IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *) ai->ai_addr) - ->sin6_addr))) - break; - } - if (ai == NULL) { - FatalError ("Xserver: address not supported multicast type %s\n", - address); - } else { - struct multicastinfo *mcastinfo, *mcl; - - mcastinfo = malloc(sizeof(struct multicastinfo)); - mcastinfo->next = NULL; - mcastinfo->ai = firstai; - mcastinfo->hops = hopcount; - - if (mcastlist == NULL) { - mcastlist = mcastinfo; - } else { - for (mcl = mcastlist; mcl->next != NULL; mcl = mcl->next) { - /* Do nothing - just find end of list */ - } - mcl->next = mcastinfo; - } - } - } else { - FatalError("Xserver: %s: %s\n", gai_strerror(gaierr), address); - } - return i; -} -#endif - -#else -static int xdmcp_non_empty; /* avoid complaint by ranlib */ -#endif /* XDMCP */ +/* + * Copyright 1989 Network Computing Devices, Inc., Mountain View, California. + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, provided + * that the above copyright notice appear in all copies and that both that + * copyright notice and this permission notice appear in supporting + * documentation, and that the name of N.C.D. not be used in advertising or + * publicity pertaining to distribution of the software without specific, + * written prior permission. N.C.D. makes no representations about the + * suitability of this software for any purpose. It is provided "as is" + * without express or implied warranty. + * + */ + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +#ifdef WIN32 +#include +#endif + +#include + +#if !defined(WIN32) +#include +#include +#include +#include +#endif + +#include +#include +#include +#include +#include "misc.h" +#include +#include "osdep.h" +#include "input.h" +#include "dixstruct.h" +#include "opaque.h" +#include "site.h" + +#ifdef STREAMSCONN +#include +#include +#include +#endif + +#ifdef XDMCP +#undef REQUEST + +#ifdef XDMCP_NO_IPV6 +#undef IPv6 +#endif + +#include + +#define X_INCLUDE_NETDB_H +#include + +static char *defaultDisplayClass = COMPILEDDISPLAYCLASS; + +static int xdmcpSocket, sessionSocket; +static xdmcp_states state; +#if defined(IPv6) && defined(AF_INET6) +static int xdmcpSocket6; +static struct sockaddr_storage req_sockaddr; +#else +static struct sockaddr_in req_sockaddr; +#endif +static int req_socklen; +static CARD32 SessionID; +static CARD32 timeOutTime; +static int timeOutRtx; +static CARD32 defaultKeepaliveDormancy = XDM_DEF_DORMANCY; +static CARD32 keepaliveDormancy = XDM_DEF_DORMANCY; +static CARD16 DisplayNumber; +static xdmcp_states XDM_INIT_STATE = XDM_OFF; +#ifdef HASXDMAUTH +static char *xdmAuthCookie; +#endif + +static XdmcpBuffer buffer; + +#if defined(IPv6) && defined(AF_INET6) + +static struct addrinfo *mgrAddr; +static struct addrinfo *mgrAddrFirst; + +#define SOCKADDR_TYPE struct sockaddr_storage +#define SOCKADDR_FAMILY(s) ((struct sockaddr *)&(s))->sa_family + +#ifdef BSD44SOCKETS +#define SOCKLEN_FIELD(s) ((struct sockaddr *)&(s))->sa_len +#define SOCKLEN_TYPE unsigned char +#else +#define SOCKLEN_TYPE unsigned int +#endif + +#else + +#define SOCKADDR_TYPE struct sockaddr_in +#define SOCKADDR_FAMILY(s) (s).sin_family + +#ifdef BSD44SOCKETS +#define SOCKLEN_FIELD(s) (s).sin_len +#define SOCKLEN_TYPE unsigned char +#else +#define SOCKLEN_TYPE size_t +#endif + +#endif + +static SOCKADDR_TYPE ManagerAddress; +static SOCKADDR_TYPE FromAddress; + +#ifdef SOCKLEN_FIELD +#define ManagerAddressLen SOCKLEN_FIELD(ManagerAddress) +#define FromAddressLen SOCKLEN_FIELD(FromAddress) +#else +static SOCKLEN_TYPE ManagerAddressLen, FromAddressLen; +#endif + +#if defined(IPv6) && defined(AF_INET6) +static struct multicastinfo { + struct multicastinfo *next; + struct addrinfo *ai; + int hops; +} *mcastlist; +#endif + +static void XdmcpAddHost( + const struct sockaddr *from, + int fromlen, + ARRAY8Ptr AuthenticationName, + ARRAY8Ptr hostname, + ARRAY8Ptr status); + +static void XdmcpSelectHost( + const struct sockaddr *host_sockaddr, + int host_len, + ARRAY8Ptr AuthenticationName); + +static void get_xdmcp_sock(void); + +static void send_query_msg(void); + +static void recv_willing_msg( + struct sockaddr * /*from*/, + int /*fromlen*/, + unsigned /*length*/); + +static void send_request_msg(void); + +static void recv_accept_msg(unsigned /*length*/); + +static void recv_decline_msg(unsigned /*length*/); + +static void send_manage_msg(void); + +static void recv_refuse_msg(unsigned /*length*/); + +static void recv_failed_msg(unsigned /*length*/); + +static void send_keepalive_msg(void); + +static void recv_alive_msg(unsigned /*length*/); + +static void XdmcpFatal( + const char * /*type*/, + ARRAY8Ptr /*status*/); + +static void XdmcpWarning(const char * /*str*/); + +static void get_manager_by_name( + int /*argc*/, + char ** /*argv*/, + int /*i*/); + +static void get_fromaddr_by_name(int /*argc*/, char ** /*argv*/, int /*i*/); + +#if defined(IPv6) && defined(AF_INET6) +static int get_mcast_options(int /*argc*/, char ** /*argv*/, int /*i*/); +#endif + +static void receive_packet(int /*socketfd*/); + +static void send_packet(void); + +static void timeout(void); + +static void restart(void); + +static void XdmcpBlockHandler( + pointer /*data*/, + struct timeval ** /*wt*/, + pointer /*LastSelectMask*/); + +static void XdmcpWakeupHandler( + pointer /*data*/, + int /*i*/, + pointer /*LastSelectMask*/); + +/* + * Register the Manufacturer display ID + */ + +static ARRAY8 ManufacturerDisplayID; + +static void +XdmcpRegisterManufacturerDisplayID (const char *name, int length) +{ + int i; + + XdmcpDisposeARRAY8 (&ManufacturerDisplayID); + if (!XdmcpAllocARRAY8 (&ManufacturerDisplayID, length)) + return; + for (i = 0; i < length; i++) + ManufacturerDisplayID.data[i] = (CARD8) name[i]; +} + +static unsigned short xdm_udp_port = XDM_UDP_PORT; +static Bool OneSession = FALSE; +static const char *xdm_from = NULL; + +void +XdmcpUseMsg (void) +{ + ErrorF("-query host-name contact named host for XDMCP\n"); + ErrorF("-broadcast broadcast for XDMCP\n"); +#if defined(IPv6) && defined(AF_INET6) + ErrorF("-multicast [addr [hops]] IPv6 multicast for XDMCP\n"); +#endif + ErrorF("-indirect host-name contact named host for indirect XDMCP\n"); + ErrorF("-port port-num UDP port number to send messages to\n"); + ErrorF("-from local-address specify the local address to connect from\n"); + ErrorF("-once Terminate server after one session\n"); + ErrorF("-class display-class specify display class to send in manage\n"); +#ifdef HASXDMAUTH + ErrorF("-cookie xdm-auth-bits specify the magic cookie for XDMCP\n"); +#endif + ErrorF("-displayID display-id manufacturer display ID for request\n"); +} + +int +XdmcpOptions(int argc, char **argv, int i) +{ + if (strcmp(argv[i], "-query") == 0) { + get_manager_by_name(argc, argv, i++); + XDM_INIT_STATE = XDM_QUERY; + AccessUsingXdmcp (); + return (i + 1); + } + if (strcmp(argv[i], "-broadcast") == 0) { + XDM_INIT_STATE = XDM_BROADCAST; + AccessUsingXdmcp (); + return (i + 1); + } +#if defined(IPv6) && defined(AF_INET6) + if (strcmp(argv[i], "-multicast") == 0) { + i = get_mcast_options(argc, argv, ++i); + XDM_INIT_STATE = XDM_MULTICAST; + AccessUsingXdmcp (); + return (i + 1); + } +#endif + if (strcmp(argv[i], "-indirect") == 0) { + get_manager_by_name(argc, argv, i++); + XDM_INIT_STATE = XDM_INDIRECT; + AccessUsingXdmcp (); + return (i + 1); + } + if (strcmp(argv[i], "-port") == 0) { + if (++i == argc) { + FatalError("Xserver: missing port number in command line\n"); + } + xdm_udp_port = (unsigned short) atoi(argv[i]); + return (i + 1); + } + if (strcmp(argv[i], "-from") == 0) { + get_fromaddr_by_name(argc, argv, ++i); + return (i + 1); + } + if (strcmp(argv[i], "-once") == 0) { + OneSession = TRUE; + return (i + 1); + } + if (strcmp(argv[i], "-class") == 0) { + if (++i == argc) { + FatalError("Xserver: missing class name in command line\n"); + } + defaultDisplayClass = argv[i]; + return (i + 1); + } +#ifdef HASXDMAUTH + if (strcmp(argv[i], "-cookie") == 0) { + if (++i == argc) { + FatalError("Xserver: missing cookie data in command line\n"); + } + xdmAuthCookie = argv[i]; + return (i + 1); + } +#endif + if (strcmp(argv[i], "-displayID") == 0) { + if (++i == argc) { + FatalError("Xserver: missing displayID in command line\n"); + } + XdmcpRegisterManufacturerDisplayID (argv[i], strlen (argv[i])); + return (i + 1); + } + return (i); +} + +/* + * This section is a collection of routines for + * registering server-specific data with the XDMCP + * state machine. + */ + + +/* + * Save all broadcast addresses away so BroadcastQuery + * packets get sent everywhere + */ + +#define MAX_BROADCAST 10 + +/* This stays sockaddr_in since IPv6 doesn't support broadcast */ +static struct sockaddr_in BroadcastAddresses[MAX_BROADCAST]; +static int NumBroadcastAddresses; + +void +XdmcpRegisterBroadcastAddress (const struct sockaddr_in *addr) +{ + struct sockaddr_in *bcast; + if (NumBroadcastAddresses >= MAX_BROADCAST) + return; + bcast = &BroadcastAddresses[NumBroadcastAddresses++]; + bzero (bcast, sizeof (struct sockaddr_in)); +#ifdef BSD44SOCKETS + bcast->sin_len = addr->sin_len; +#endif + bcast->sin_family = addr->sin_family; + bcast->sin_port = htons (xdm_udp_port); + bcast->sin_addr = addr->sin_addr; +} + +/* + * Each authentication type is registered here; Validator + * will be called to check all access attempts using + * the specified authentication type + */ + +static ARRAYofARRAY8 AuthenticationNames, AuthenticationDatas; +typedef struct _AuthenticationFuncs { + ValidatorFunc Validator; + GeneratorFunc Generator; + AddAuthorFunc AddAuth; +} AuthenticationFuncsRec, *AuthenticationFuncsPtr; + +static AuthenticationFuncsPtr AuthenticationFuncsList; + +void +XdmcpRegisterAuthentication ( + const char *name, + int namelen, + const char *data, + int datalen, + ValidatorFunc Validator, + GeneratorFunc Generator, + AddAuthorFunc AddAuth) +{ + int i; + ARRAY8 AuthenticationName, AuthenticationData; + static AuthenticationFuncsPtr newFuncs; + + if (!XdmcpAllocARRAY8 (&AuthenticationName, namelen)) + return; + if (!XdmcpAllocARRAY8 (&AuthenticationData, datalen)) + { + XdmcpDisposeARRAY8 (&AuthenticationName); + return; + } + for (i = 0; i < namelen; i++) + AuthenticationName.data[i] = name[i]; + for (i = 0; i < datalen; i++) + AuthenticationData.data[i] = data[i]; + if (!(XdmcpReallocARRAYofARRAY8 (&AuthenticationNames, + AuthenticationNames.length + 1) && + XdmcpReallocARRAYofARRAY8 (&AuthenticationDatas, + AuthenticationDatas.length + 1) && + (newFuncs = xalloc ((AuthenticationNames.length + 1) * sizeof (AuthenticationFuncsRec))))) + { + XdmcpDisposeARRAY8 (&AuthenticationName); + XdmcpDisposeARRAY8 (&AuthenticationData); + return; + } + for (i = 0; i < AuthenticationNames.length - 1; i++) + newFuncs[i] = AuthenticationFuncsList[i]; + newFuncs[AuthenticationNames.length-1].Validator = Validator; + newFuncs[AuthenticationNames.length-1].Generator = Generator; + newFuncs[AuthenticationNames.length-1].AddAuth = AddAuth; + xfree (AuthenticationFuncsList); + AuthenticationFuncsList = newFuncs; + AuthenticationNames.data[AuthenticationNames.length-1] = AuthenticationName; + AuthenticationDatas.data[AuthenticationDatas.length-1] = AuthenticationData; +} + +/* + * Select the authentication type to be used; this is + * set by the manager of the host to be connected to. + */ + +static ARRAY8 noAuthenticationName = {(CARD16) 0, (CARD8Ptr) 0}; +static ARRAY8 noAuthenticationData = {(CARD16) 0, (CARD8Ptr) 0}; +static ARRAY8Ptr AuthenticationName = &noAuthenticationName; +static ARRAY8Ptr AuthenticationData = &noAuthenticationData; +static AuthenticationFuncsPtr AuthenticationFuncs; + +static void +XdmcpSetAuthentication (const ARRAY8Ptr name) +{ + int i; + + for (i = 0; i < AuthenticationNames.length; i++) + if (XdmcpARRAY8Equal (&AuthenticationNames.data[i], name)) + { + AuthenticationName = &AuthenticationNames.data[i]; + AuthenticationData = &AuthenticationDatas.data[i]; + AuthenticationFuncs = &AuthenticationFuncsList[i]; + break; + } +} + +/* + * Register the host address for the display + */ + +static ARRAY16 ConnectionTypes; +static ARRAYofARRAY8 ConnectionAddresses; +static long xdmcpGeneration; + +void +XdmcpRegisterConnection ( + int type, + const char *address, + int addrlen) +{ + int i; + CARD8 *newAddress; + + if (xdmcpGeneration != serverGeneration) + { + XdmcpDisposeARRAY16 (&ConnectionTypes); + XdmcpDisposeARRAYofARRAY8 (&ConnectionAddresses); + xdmcpGeneration = serverGeneration; + } + if (xdm_from != NULL) { /* Only register the requested address */ + const void *regAddr = address; + const void *fromAddr = NULL; + int regAddrlen = addrlen; + + if (addrlen == sizeof(struct in_addr)) { + if (SOCKADDR_FAMILY(FromAddress) == AF_INET) { + fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; + } +#if defined(IPv6) && defined(AF_INET6) + else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET6) && + IN6_IS_ADDR_V4MAPPED( + &((struct sockaddr_in6 *)&FromAddress)->sin6_addr)) { + fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr.s6_addr[12]; + } +#endif + } +#if defined(IPv6) && defined(AF_INET6) + else if (addrlen == sizeof(struct in6_addr)) { + if (SOCKADDR_FAMILY(FromAddress) == AF_INET6) { + fromAddr = &((struct sockaddr_in6 *)&FromAddress)->sin6_addr; + } else if ((SOCKADDR_FAMILY(FromAddress) == AF_INET) && + IN6_IS_ADDR_V4MAPPED((struct in6_addr *) address)) { + fromAddr = &((struct sockaddr_in *)&FromAddress)->sin_addr; + regAddr = &((struct sockaddr_in6 *)&address)->sin6_addr.s6_addr[12]; + regAddrlen = sizeof(struct in_addr); + } + } +#endif + if (fromAddr && memcmp(regAddr, fromAddr, regAddrlen) != 0) { + return; + } + } + if (ConnectionAddresses.length + 1 == 256) + return; + newAddress = xalloc (addrlen * sizeof (CARD8)); + if (!newAddress) + return; + if (!XdmcpReallocARRAY16 (&ConnectionTypes, ConnectionTypes.length + 1)) + { + xfree (newAddress); + return; + } + if (!XdmcpReallocARRAYofARRAY8 (&ConnectionAddresses, + ConnectionAddresses.length + 1)) + { + xfree (newAddress); + return; + } + ConnectionTypes.data[ConnectionTypes.length - 1] = (CARD16) type; + for (i = 0; i < addrlen; i++) + newAddress[i] = address[i]; + ConnectionAddresses.data[ConnectionAddresses.length-1].data = newAddress; + ConnectionAddresses.data[ConnectionAddresses.length-1].length = addrlen; +} + +/* + * Register an Authorization Name. XDMCP advertises this list + * to the manager. + */ + +static ARRAYofARRAY8 AuthorizationNames; + +void +XdmcpRegisterAuthorizations (void) +{ + XdmcpDisposeARRAYofARRAY8 (&AuthorizationNames); + RegisterAuthorizations (); +} + +void +XdmcpRegisterAuthorization (const char *name, int namelen) +{ + ARRAY8 authName; + int i; + + authName.data = xalloc (namelen * sizeof (CARD8)); + if (!authName.data) + return; + if (!XdmcpReallocARRAYofARRAY8 (&AuthorizationNames, AuthorizationNames.length +1)) + { + xfree (authName.data); + return; + } + for (i = 0; i < namelen; i++) + authName.data[i] = (CARD8) name[i]; + authName.length = namelen; + AuthorizationNames.data[AuthorizationNames.length-1] = authName; +} + +/* + * Register the DisplayClass string + */ + +static ARRAY8 DisplayClass; + +static void +XdmcpRegisterDisplayClass (const char *name, int length) +{ + int i; + + XdmcpDisposeARRAY8 (&DisplayClass); + if (!XdmcpAllocARRAY8 (&DisplayClass, length)) + return; + for (i = 0; i < length; i++) + DisplayClass.data[i] = (CARD8) name[i]; +} + +/* + * initialize XDMCP; create the socket, compute the display + * number, set up the state machine + */ + +void +XdmcpInit(void) +{ + state = XDM_INIT_STATE; +#ifdef HASXDMAUTH + if (xdmAuthCookie) + XdmAuthenticationInit (xdmAuthCookie, strlen (xdmAuthCookie)); +#endif + if (state != XDM_OFF) + { + XdmcpRegisterAuthorizations(); + XdmcpRegisterDisplayClass (defaultDisplayClass, strlen (defaultDisplayClass)); + AccessUsingXdmcp(); + RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler, + (pointer) 0); + timeOutRtx = 0; + DisplayNumber = (CARD16) atoi(display); + get_xdmcp_sock(); + send_packet(); + } +} + +void +XdmcpReset (void) +{ + state = XDM_INIT_STATE; + if (state != XDM_OFF) + { + RegisterBlockAndWakeupHandlers (XdmcpBlockHandler, XdmcpWakeupHandler, + (pointer) 0); + timeOutRtx = 0; + send_packet(); + } +} + +/* + * Called whenever a new connection is created; notices the + * first connection and saves it to terminate the session + * when it is closed + */ + +void +XdmcpOpenDisplay(int sock) +{ + if (state != XDM_AWAIT_MANAGE_RESPONSE) + return; + state = XDM_RUN_SESSION; + sessionSocket = sock; +} + +void +XdmcpCloseDisplay(int sock) +{ + if ((state != XDM_RUN_SESSION && state != XDM_AWAIT_ALIVE_RESPONSE) + || sessionSocket != sock) + return; + state = XDM_INIT_STATE; + if (OneSession) + dispatchException |= DE_TERMINATE; + else + dispatchException |= DE_RESET; + isItTimeToYield = TRUE; +} + +/* + * called before going to sleep, this routine + * may modify the timeout value about to be sent + * to select; in this way XDMCP can do appropriate things + * dynamically while starting up + */ + +/*ARGSUSED*/ +static void +XdmcpBlockHandler( + pointer data, /* unused */ + struct timeval **wt, + pointer pReadmask) +{ + fd_set *LastSelectMask = (fd_set*)pReadmask; + CARD32 millisToGo; + + if (state == XDM_OFF) + return; + FD_SET(xdmcpSocket, LastSelectMask); +#if defined(IPv6) && defined(AF_INET6) + if (xdmcpSocket6 >= 0) + FD_SET(xdmcpSocket6, LastSelectMask); +#endif + if (timeOutTime == 0) + return; + millisToGo = timeOutTime - GetTimeInMillis(); + if ((int) millisToGo < 0) + millisToGo = 0; + AdjustWaitForDelay (wt, millisToGo); +} + +/* + * called after select returns; this routine will + * recognise when XDMCP packets await and + * process them appropriately + */ + +/*ARGSUSED*/ +static void +XdmcpWakeupHandler( + pointer data, /* unused */ + int i, + pointer pReadmask) +{ + fd_set* LastSelectMask = (fd_set*)pReadmask; + fd_set devicesReadable; + + if (state == XDM_OFF) + return; + if (i > 0) + { + if (FD_ISSET(xdmcpSocket, LastSelectMask)) + { + receive_packet(xdmcpSocket); + FD_CLR(xdmcpSocket, LastSelectMask); + } +#if defined(IPv6) && defined(AF_INET6) + if (xdmcpSocket6 >= 0 && FD_ISSET(xdmcpSocket6, LastSelectMask)) + { + receive_packet(xdmcpSocket6); + FD_CLR(xdmcpSocket6, LastSelectMask); + } +#endif + XFD_ANDSET(&devicesReadable, LastSelectMask, &EnabledDevices); + if (XFD_ANYSET(&devicesReadable)) + { + if (state == XDM_AWAIT_USER_INPUT) + restart(); + else if (state == XDM_RUN_SESSION) + keepaliveDormancy = defaultKeepaliveDormancy; + } + if (XFD_ANYSET(&AllClients) && state == XDM_RUN_SESSION) + timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000; + } + else if (timeOutTime && (int) (GetTimeInMillis() - timeOutTime) >= 0) + { + if (state == XDM_RUN_SESSION) + { + state = XDM_KEEPALIVE; + send_packet(); + } + else + timeout(); + } +} + +/* + * This routine should be called from the routine that drives the + * user's host menu when the user selects a host + */ + +static void +XdmcpSelectHost( + const struct sockaddr *host_sockaddr, + int host_len, + ARRAY8Ptr AuthenticationName) +{ + state = XDM_START_CONNECTION; + memmove(&req_sockaddr, host_sockaddr, host_len); + req_socklen = host_len; + XdmcpSetAuthentication (AuthenticationName); + send_packet(); +} + +/* + * !!! this routine should be replaced by a routine that adds + * the host to the user's host menu. the current version just + * selects the first host to respond with willing message. + */ + +/*ARGSUSED*/ +static void +XdmcpAddHost( + const struct sockaddr *from, + int fromlen, + ARRAY8Ptr AuthenticationName, + ARRAY8Ptr hostname, + ARRAY8Ptr status) +{ + XdmcpSelectHost(from, fromlen, AuthenticationName); +} + +/* + * A message is queued on the socket; read it and + * do the appropriate thing + */ + +static ARRAY8 UnwillingMessage = { (CARD8) 14, (CARD8 *) "Host unwilling" }; + +static void +receive_packet(int socketfd) +{ +#if defined(IPv6) && defined(AF_INET6) + struct sockaddr_storage from; +#else + struct sockaddr_in from; +#endif + int fromlen = sizeof(from); + XdmcpHeader header; + + /* read message off socket */ + if (!XdmcpFill (socketfd, &buffer, (XdmcpNetaddr) &from, &fromlen)) + return; + + /* reset retransmission backoff */ + timeOutRtx = 0; + + if (!XdmcpReadHeader (&buffer, &header)) + return; + + if (header.version != XDM_PROTOCOL_VERSION) + return; + + switch (header.opcode) { + case WILLING: + recv_willing_msg((struct sockaddr *) &from, fromlen, header.length); + break; + case UNWILLING: + XdmcpFatal("Manager unwilling", &UnwillingMessage); + break; + case ACCEPT: + recv_accept_msg(header.length); + break; + case DECLINE: + recv_decline_msg(header.length); + break; + case REFUSE: + recv_refuse_msg(header.length); + break; + case FAILED: + recv_failed_msg(header.length); + break; + case ALIVE: + recv_alive_msg(header.length); + break; + } +} + +/* + * send the appropriate message given the current state + */ + +static void +send_packet(void) +{ + int rtx; + switch (state) { + case XDM_QUERY: + case XDM_BROADCAST: + case XDM_INDIRECT: +#if defined(IPv6) && defined(AF_INET6) + case XDM_MULTICAST: +#endif + send_query_msg(); + break; + case XDM_START_CONNECTION: + send_request_msg(); + break; + case XDM_MANAGE: + send_manage_msg(); + break; + case XDM_KEEPALIVE: + send_keepalive_msg(); + break; + default: + break; + } + rtx = (XDM_MIN_RTX << timeOutRtx); + if (rtx > XDM_MAX_RTX) + rtx = XDM_MAX_RTX; + timeOutTime = GetTimeInMillis() + rtx * 1000; +} + +/* + * The session is declared dead for some reason; too many + * timeouts, or Keepalive failure. + */ + +static void +XdmcpDeadSession (const char *reason) +{ + ErrorF ("XDM: %s, declaring session dead\n", reason); + state = XDM_INIT_STATE; + isItTimeToYield = TRUE; + dispatchException |= DE_RESET; + timeOutTime = 0; + timeOutRtx = 0; + send_packet(); +} + +/* + * Timeout waiting for an XDMCP response. + */ + +static void +timeout(void) +{ + timeOutRtx++; + if (state == XDM_AWAIT_ALIVE_RESPONSE && timeOutRtx >= XDM_KA_RTX_LIMIT ) + { + XdmcpDeadSession ("too many keepalive retransmissions"); + return; + } + else if (timeOutRtx >= XDM_RTX_LIMIT) + { + /* Quit if "-once" specified, otherwise reset and try again. */ + if (OneSession) { + dispatchException |= DE_TERMINATE; + ErrorF("XDM: too many retransmissions\n"); + } else { + XdmcpDeadSession("too many retransmissions"); + } + return; + } + +#if defined(IPv6) && defined(AF_INET6) + if (state == XDM_COLLECT_QUERY || state == XDM_COLLECT_INDIRECT_QUERY) { + /* Try next address */ + for (mgrAddr = mgrAddr->ai_next; ; mgrAddr = mgrAddr->ai_next) { + if (mgrAddr == NULL) { + mgrAddr = mgrAddrFirst; + } + if (mgrAddr->ai_family == AF_INET + || mgrAddr->ai_family == AF_INET6) + break; + } +#ifndef SIN6_LEN + ManagerAddressLen = mgrAddr->ai_addrlen; +#endif + memcpy(&ManagerAddress, mgrAddr->ai_addr, mgrAddr->ai_addrlen); + } +#endif + + switch (state) { + case XDM_COLLECT_QUERY: + state = XDM_QUERY; + break; + case XDM_COLLECT_BROADCAST_QUERY: + state = XDM_BROADCAST; + break; +#if defined(IPv6) && defined(AF_INET6) + case XDM_COLLECT_MULTICAST_QUERY: + state = XDM_MULTICAST; + break; +#endif + case XDM_COLLECT_INDIRECT_QUERY: + state = XDM_INDIRECT; + break; + case XDM_AWAIT_REQUEST_RESPONSE: + state = XDM_START_CONNECTION; + break; + case XDM_AWAIT_MANAGE_RESPONSE: + state = XDM_MANAGE; + break; + case XDM_AWAIT_ALIVE_RESPONSE: + state = XDM_KEEPALIVE; + break; + default: + break; + } + send_packet(); +} + +static void +restart(void) +{ + state = XDM_INIT_STATE; + timeOutRtx = 0; + send_packet(); +} + +static int +XdmcpCheckAuthentication (ARRAY8Ptr Name, ARRAY8Ptr Data, int packet_type) +{ + return (XdmcpARRAY8Equal (Name, AuthenticationName) && + (AuthenticationName->length == 0 || + (*AuthenticationFuncs->Validator) (AuthenticationData, Data, packet_type))); +} + +static int +XdmcpAddAuthorization (ARRAY8Ptr name, ARRAY8Ptr data) +{ + AddAuthorFunc AddAuth; + + if (AuthenticationFuncs && AuthenticationFuncs->AddAuth) + AddAuth = AuthenticationFuncs->AddAuth; + else + AddAuth = AddAuthorization; + return (*AddAuth) ((unsigned short)name->length, + (char *)name->data, + (unsigned short)data->length, + (char *)data->data); +} + +/* + * from here to the end of this file are routines private + * to the state machine. + */ + +static void +get_xdmcp_sock(void) +{ +#ifdef STREAMSCONN + struct netconfig *nconf; + + if ((xdmcpSocket = t_open("/dev/udp", O_RDWR, 0)) < 0) { + XdmcpWarning("t_open() of /dev/udp failed"); + return; + } + + if( t_bind(xdmcpSocket,NULL,NULL) < 0 ) { + XdmcpWarning("UDP socket creation failed"); + t_error("t_bind(xdmcpSocket) failed" ); + t_close(xdmcpSocket); + return; + } + + /* + * This part of the code looks contrived. It will actually fit in nicely + * when the CLTS part of Xtrans is implemented. + */ + + if( (nconf=getnetconfigent("udp")) == NULL ) { + XdmcpWarning("UDP socket creation failed: getnetconfigent()"); + t_unbind(xdmcpSocket); + t_close(xdmcpSocket); + return; + } + + if( netdir_options(nconf, ND_SET_BROADCAST, xdmcpSocket, NULL) ) { + XdmcpWarning("UDP set broadcast option failed: netdir_options()"); + freenetconfigent(nconf); + t_unbind(xdmcpSocket); + t_close(xdmcpSocket); + return; + } + + freenetconfigent(nconf); +#else + int soopts = 1; + +#if defined(IPv6) && defined(AF_INET6) + if ((xdmcpSocket6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) + XdmcpWarning("INET6 UDP socket creation failed"); +#endif + if ((xdmcpSocket = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + XdmcpWarning("UDP socket creation failed"); +#ifdef SO_BROADCAST + else if (setsockopt(xdmcpSocket, SOL_SOCKET, SO_BROADCAST, (char *)&soopts, + sizeof(soopts)) < 0) + XdmcpWarning("UDP set broadcast socket-option failed"); +#endif /* SO_BROADCAST */ + if (xdmcpSocket >= 0 && xdm_from != NULL) { + if (bind(xdmcpSocket, (struct sockaddr *)&FromAddress, + FromAddressLen) < 0) { + FatalError("Xserver: failed to bind to -from address: %s\n", xdm_from); + } + } +#endif /* STREAMSCONN */ +} + +static void +send_query_msg(void) +{ + XdmcpHeader header; + Bool broadcast = FALSE; +#if defined(IPv6) && defined(AF_INET6) + Bool multicast = FALSE; +#endif + int i; + int socketfd = xdmcpSocket; + + header.version = XDM_PROTOCOL_VERSION; + switch(state){ + case XDM_QUERY: + header.opcode = (CARD16) QUERY; + state = XDM_COLLECT_QUERY; + break; + case XDM_BROADCAST: + header.opcode = (CARD16) BROADCAST_QUERY; + state = XDM_COLLECT_BROADCAST_QUERY; + broadcast = TRUE; + break; +#if defined(IPv6) && defined(AF_INET6) + case XDM_MULTICAST: + header.opcode = (CARD16) BROADCAST_QUERY; + state = XDM_COLLECT_MULTICAST_QUERY; + multicast = TRUE; + break; +#endif + case XDM_INDIRECT: + header.opcode = (CARD16) INDIRECT_QUERY; + state = XDM_COLLECT_INDIRECT_QUERY; + break; + default: + break; + } + header.length = 1; + for (i = 0; i < AuthenticationNames.length; i++) + header.length += 2 + AuthenticationNames.data[i].length; + + XdmcpWriteHeader (&buffer, &header); + XdmcpWriteARRAYofARRAY8 (&buffer, &AuthenticationNames); + if (broadcast) + { + int i; + + for (i = 0; i < NumBroadcastAddresses; i++) + XdmcpFlush (xdmcpSocket, &buffer, (XdmcpNetaddr) &BroadcastAddresses[i], + sizeof (struct sockaddr_in)); + } +#if defined(IPv6) && defined(AF_INET6) + else if (multicast) + { + struct multicastinfo *mcl; + struct addrinfo *ai; + + for (mcl = mcastlist; mcl != NULL; mcl = mcl->next) { + for (ai = mcl->ai ; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family == AF_INET) { + unsigned char hopflag = (unsigned char) mcl->hops; + socketfd = xdmcpSocket; + setsockopt(socketfd, IPPROTO_IP, IP_MULTICAST_TTL, + &hopflag, sizeof(hopflag)); + } else if (ai->ai_family == AF_INET6) { + int hopflag6 = mcl->hops; + socketfd = xdmcpSocket6; + setsockopt(socketfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, + &hopflag6, sizeof(hopflag6)); + } else { + continue; + } + XdmcpFlush (socketfd, &buffer, + (XdmcpNetaddr) ai->ai_addr, ai->ai_addrlen); + break; + } + } + } +#endif + else + { +#if defined(IPv6) && defined(AF_INET6) + if (SOCKADDR_FAMILY(ManagerAddress) == AF_INET6) + socketfd = xdmcpSocket6; +#endif + XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &ManagerAddress, + ManagerAddressLen); + } +} + +static void +recv_willing_msg( + struct sockaddr *from, + int fromlen, + unsigned length) +{ + ARRAY8 authenticationName; + ARRAY8 hostname; + ARRAY8 status; + + authenticationName.data = 0; + hostname.data = 0; + status.data = 0; + if (XdmcpReadARRAY8 (&buffer, &authenticationName) && + XdmcpReadARRAY8 (&buffer, &hostname) && + XdmcpReadARRAY8 (&buffer, &status)) + { + if (length == 6 + authenticationName.length + + hostname.length + status.length) + { + switch (state) + { + case XDM_COLLECT_QUERY: + XdmcpSelectHost(from, fromlen, &authenticationName); + break; + case XDM_COLLECT_BROADCAST_QUERY: +#if defined(IPv6) && defined(AF_INET6) + case XDM_COLLECT_MULTICAST_QUERY: +#endif + case XDM_COLLECT_INDIRECT_QUERY: + XdmcpAddHost(from, fromlen, &authenticationName, &hostname, &status); + break; + default: + break; + } + } + } + XdmcpDisposeARRAY8 (&authenticationName); + XdmcpDisposeARRAY8 (&hostname); + XdmcpDisposeARRAY8 (&status); +} + +static void +send_request_msg(void) +{ + XdmcpHeader header; + int length; + int i; + CARD16 XdmcpConnectionType; + ARRAY8 authenticationData; + int socketfd = xdmcpSocket; + + switch (SOCKADDR_FAMILY(ManagerAddress)) + { + case AF_INET: XdmcpConnectionType=FamilyInternet; break; +#if defined(IPv6) && defined(AF_INET6) + case AF_INET6: XdmcpConnectionType=FamilyInternet6; break; +#endif + default: XdmcpConnectionType=0xffff; break; + } + + header.version = XDM_PROTOCOL_VERSION; + header.opcode = (CARD16) REQUEST; + + length = 2; /* display number */ + length += 1 + 2 * ConnectionTypes.length; /* connection types */ + length += 1; /* connection addresses */ + for (i = 0; i < ConnectionAddresses.length; i++) + length += 2 + ConnectionAddresses.data[i].length; + authenticationData.length = 0; + authenticationData.data = 0; + if (AuthenticationFuncs) + { + (*AuthenticationFuncs->Generator) (AuthenticationData, + &authenticationData, + REQUEST); + } + length += 2 + AuthenticationName->length; /* authentication name */ + length += 2 + authenticationData.length; /* authentication data */ + length += 1; /* authorization names */ + for (i = 0; i < AuthorizationNames.length; i++) + length += 2 + AuthorizationNames.data[i].length; + length += 2 + ManufacturerDisplayID.length; /* display ID */ + header.length = length; + + if (!XdmcpWriteHeader (&buffer, &header)) + { + XdmcpDisposeARRAY8 (&authenticationData); + return; + } + XdmcpWriteCARD16 (&buffer, DisplayNumber); + XdmcpWriteCARD8 (&buffer, ConnectionTypes.length); + + /* The connection array is send reordered, so that connections of */ + /* the same address type as the XDMCP manager connection are send */ + /* first. This works around a bug in xdm. mario@klebsch.de */ + for (i = 0; i < (int)ConnectionTypes.length; i++) + if (ConnectionTypes.data[i]==XdmcpConnectionType) + XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]); + for (i = 0; i < (int)ConnectionTypes.length; i++) + if (ConnectionTypes.data[i]!=XdmcpConnectionType) + XdmcpWriteCARD16 (&buffer, ConnectionTypes.data[i]); + + XdmcpWriteCARD8 (&buffer, ConnectionAddresses.length); + for (i = 0; i < (int)ConnectionAddresses.length; i++) + if ( (i=ConnectionTypes.length) || + (ConnectionTypes.data[i]!=XdmcpConnectionType) ) + XdmcpWriteARRAY8 (&buffer, &ConnectionAddresses.data[i]); + + XdmcpWriteARRAY8 (&buffer, AuthenticationName); + XdmcpWriteARRAY8 (&buffer, &authenticationData); + XdmcpDisposeARRAY8 (&authenticationData); + XdmcpWriteARRAYofARRAY8 (&buffer, &AuthorizationNames); + XdmcpWriteARRAY8 (&buffer, &ManufacturerDisplayID); +#if defined(IPv6) && defined(AF_INET6) + if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) + socketfd = xdmcpSocket6; +#endif + if (XdmcpFlush (socketfd, &buffer, + (XdmcpNetaddr) &req_sockaddr, req_socklen)) + state = XDM_AWAIT_REQUEST_RESPONSE; +} + +static void +recv_accept_msg(unsigned length) +{ + CARD32 AcceptSessionID; + ARRAY8 AcceptAuthenticationName, AcceptAuthenticationData; + ARRAY8 AcceptAuthorizationName, AcceptAuthorizationData; + + if (state != XDM_AWAIT_REQUEST_RESPONSE) + return; + AcceptAuthenticationName.data = 0; + AcceptAuthenticationData.data = 0; + AcceptAuthorizationName.data = 0; + AcceptAuthorizationData.data = 0; + if (XdmcpReadCARD32 (&buffer, &AcceptSessionID) && + XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationName) && + XdmcpReadARRAY8 (&buffer, &AcceptAuthenticationData) && + XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationName) && + XdmcpReadARRAY8 (&buffer, &AcceptAuthorizationData)) + { + if (length == 12 + AcceptAuthenticationName.length + + AcceptAuthenticationData.length + + AcceptAuthorizationName.length + + AcceptAuthorizationData.length) + { + if (!XdmcpCheckAuthentication (&AcceptAuthenticationName, + &AcceptAuthenticationData, ACCEPT)) + { + XdmcpFatal ("Authentication Failure", &AcceptAuthenticationName); + } + /* permit access control manipulations from this host */ + AugmentSelf (&req_sockaddr, req_socklen); + /* if the authorization specified in the packet fails + * to be acceptable, enable the local addresses + */ + if (!XdmcpAddAuthorization (&AcceptAuthorizationName, + &AcceptAuthorizationData)) + { + AddLocalHosts (); + } + SessionID = AcceptSessionID; + state = XDM_MANAGE; + send_packet(); + } + } + XdmcpDisposeARRAY8 (&AcceptAuthenticationName); + XdmcpDisposeARRAY8 (&AcceptAuthenticationData); + XdmcpDisposeARRAY8 (&AcceptAuthorizationName); + XdmcpDisposeARRAY8 (&AcceptAuthorizationData); +} + +static void +recv_decline_msg(unsigned length) +{ + ARRAY8 status, DeclineAuthenticationName, DeclineAuthenticationData; + + status.data = 0; + DeclineAuthenticationName.data = 0; + DeclineAuthenticationData.data = 0; + if (XdmcpReadARRAY8 (&buffer, &status) && + XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationName) && + XdmcpReadARRAY8 (&buffer, &DeclineAuthenticationData)) + { + if (length == 6 + status.length + + DeclineAuthenticationName.length + + DeclineAuthenticationData.length && + XdmcpCheckAuthentication (&DeclineAuthenticationName, + &DeclineAuthenticationData, DECLINE)) + { + XdmcpFatal ("Session declined", &status); + } + } + XdmcpDisposeARRAY8 (&status); + XdmcpDisposeARRAY8 (&DeclineAuthenticationName); + XdmcpDisposeARRAY8 (&DeclineAuthenticationData); +} + +static void +send_manage_msg(void) +{ + XdmcpHeader header; + int socketfd = xdmcpSocket; + + header.version = XDM_PROTOCOL_VERSION; + header.opcode = (CARD16) MANAGE; + header.length = 8 + DisplayClass.length; + + if (!XdmcpWriteHeader (&buffer, &header)) + return; + XdmcpWriteCARD32 (&buffer, SessionID); + XdmcpWriteCARD16 (&buffer, DisplayNumber); + XdmcpWriteARRAY8 (&buffer, &DisplayClass); + state = XDM_AWAIT_MANAGE_RESPONSE; +#if defined(IPv6) && defined(AF_INET6) + if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) + socketfd = xdmcpSocket6; +#endif + XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen); +} + +static void +recv_refuse_msg(unsigned length) +{ + CARD32 RefusedSessionID; + + if (state != XDM_AWAIT_MANAGE_RESPONSE) + return; + if (length != 4) + return; + if (XdmcpReadCARD32 (&buffer, &RefusedSessionID)) + { + if (RefusedSessionID == SessionID) + { + state = XDM_START_CONNECTION; + send_packet(); + } + } +} + +static void +recv_failed_msg(unsigned length) +{ + CARD32 FailedSessionID; + ARRAY8 status; + + if (state != XDM_AWAIT_MANAGE_RESPONSE) + return; + status.data = 0; + if (XdmcpReadCARD32 (&buffer, &FailedSessionID) && + XdmcpReadARRAY8 (&buffer, &status)) + { + if (length == 6 + status.length && + SessionID == FailedSessionID) + { + XdmcpFatal ("Session failed", &status); + } + } + XdmcpDisposeARRAY8 (&status); +} + +static void +send_keepalive_msg(void) +{ + XdmcpHeader header; + int socketfd = xdmcpSocket; + + header.version = XDM_PROTOCOL_VERSION; + header.opcode = (CARD16) KEEPALIVE; + header.length = 6; + + XdmcpWriteHeader (&buffer, &header); + XdmcpWriteCARD16 (&buffer, DisplayNumber); + XdmcpWriteCARD32 (&buffer, SessionID); + + state = XDM_AWAIT_ALIVE_RESPONSE; +#if defined(IPv6) && defined(AF_INET6) + if (SOCKADDR_FAMILY(req_sockaddr) == AF_INET6) + socketfd = xdmcpSocket6; +#endif + XdmcpFlush (socketfd, &buffer, (XdmcpNetaddr) &req_sockaddr, req_socklen); +} + +static void +recv_alive_msg (unsigned length) +{ + CARD8 SessionRunning; + CARD32 AliveSessionID; + + if (state != XDM_AWAIT_ALIVE_RESPONSE) + return; + if (length != 5) + return; + if (XdmcpReadCARD8 (&buffer, &SessionRunning) && + XdmcpReadCARD32 (&buffer, &AliveSessionID)) + { + if (SessionRunning && AliveSessionID == SessionID) + { + /* backoff dormancy period */ + state = XDM_RUN_SESSION; + if ((GetTimeInMillis() - lastDeviceEventTime.milliseconds) > + keepaliveDormancy * 1000) + { + keepaliveDormancy <<= 1; + if (keepaliveDormancy > XDM_MAX_DORMANCY) + keepaliveDormancy = XDM_MAX_DORMANCY; + } + timeOutTime = GetTimeInMillis() + keepaliveDormancy * 1000; + } + else + { + XdmcpDeadSession ("Alive response indicates session dead"); + } + } +} + +static void +XdmcpFatal ( + const char *type, + ARRAY8Ptr status) +{ + FatalError ("XDMCP fatal error: %s %*.*s\n", type, + status->length, status->length, status->data); +} + +static void +XdmcpWarning(const char *str) +{ + ErrorF("XDMCP warning: %s\n", str); +} + +static void +get_addr_by_name( + const char *argtype, + const char *namestr, + int port, + int socktype, + SOCKADDR_TYPE *addr, + SOCKLEN_TYPE *addrlen +#if defined(IPv6) && defined(AF_INET6) + , + struct addrinfo **aip, + struct addrinfo **aifirstp +#endif + ) +{ +#if defined(IPv6) && defined(AF_INET6) + struct addrinfo *ai; + struct addrinfo hints; + char portstr[6]; + char *pport = portstr; + int gaierr; + + bzero(&hints, sizeof(hints)); + hints.ai_socktype = socktype; + + if (port == 0) { + pport = NULL; + } else if (port > 0 && port < 65535) { + sprintf(portstr, "%d", port); + } else { + FatalError("Xserver: port out of range: %d\n", port); + } + + if (*aifirstp != NULL) { + freeaddrinfo(*aifirstp); + *aifirstp = NULL; + } + + if ((gaierr = getaddrinfo(namestr, pport, &hints, aifirstp)) == 0) { + for (ai = *aifirstp; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family == AF_INET || ai->ai_family == AF_INET6) + break; + } + if ((ai == NULL) || (ai->ai_addrlen > sizeof(SOCKADDR_TYPE))) { + FatalError ("Xserver: %s host %s not on supported network type\n", + argtype, namestr); + } else { + *aip = ai; + *addrlen = ai->ai_addrlen; + memcpy(addr, ai->ai_addr, ai->ai_addrlen); + } + } else { + FatalError("Xserver: %s: %s %s\n", gai_strerror(gaierr), argtype, namestr); + } +#else + struct hostent *hep; +#ifdef XTHREADS_NEEDS_BYNAMEPARAMS + _Xgethostbynameparams hparams; +#endif +#if defined(WIN32) && (defined(TCPCONN) || defined(DNETCONN)) + _XSERVTransWSAStartup(); +#endif + if (!(hep = _XGethostbyname(namestr, hparams))) + { + FatalError("Xserver: %s unknown host: %s\n", argtype, namestr); + } + if (hep->h_length == sizeof (struct in_addr)) + { + memmove(&addr->sin_addr, hep->h_addr, hep->h_length); + *addrlen = sizeof(struct sockaddr_in); + addr->sin_family = AF_INET; + addr->sin_port = htons (port); + } + else + { + FatalError("Xserver: %s host on strange network %s\n", argtype, namestr); + } +#endif +} + +static void +get_manager_by_name( + int argc, + char **argv, + int i) +{ + + if ((i + 1) == argc) + { + FatalError("Xserver: missing %s host name in command line\n", argv[i]); + } + + get_addr_by_name(argv[i], argv[i+1], xdm_udp_port, SOCK_DGRAM, + &ManagerAddress, &ManagerAddressLen +#if defined(IPv6) && defined(AF_INET6) + , &mgrAddr, &mgrAddrFirst +#endif + ); +} + + +static void +get_fromaddr_by_name( + int argc, + char **argv, + int i) +{ +#if defined(IPv6) && defined(AF_INET6) + struct addrinfo *ai = NULL; + struct addrinfo *aifirst = NULL; +#endif + if (i == argc) + { + FatalError("Xserver: missing -from host name in command line\n"); + } + get_addr_by_name("-from", argv[i], 0, 0, &FromAddress, &FromAddressLen +#if defined(IPv6) && defined(AF_INET6) + , &ai, &aifirst +#endif + ); +#if defined(IPv6) && defined(AF_INET6) + if (aifirst != NULL) + freeaddrinfo(aifirst); +#endif + xdm_from = argv[i]; +} + + +#if defined(IPv6) && defined(AF_INET6) +static int +get_mcast_options(int argc, char **argv, int i) +{ + char *address = XDM_DEFAULT_MCAST_ADDR6; + int hopcount = 1; + struct addrinfo hints; + char portstr[6]; + int gaierr; + struct addrinfo *ai, *firstai; + + if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) { + address = argv[i++]; + if ((i < argc) && (argv[i][0] != '-') && (argv[i][0] != '+')) { + hopcount = strtol(argv[i++], NULL, 10); + if ((hopcount < 1) || (hopcount > 255)) { + FatalError("Xserver: multicast hop count out of range: %d\n", + hopcount); + } + } + } + + if (xdm_udp_port > 0 && xdm_udp_port < 65535) { + sprintf(portstr, "%d", xdm_udp_port); + } else { + FatalError("Xserver: port out of range: %d\n", xdm_udp_port); + } + bzero(&hints, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; + + if ((gaierr = getaddrinfo(address, portstr, &hints, &firstai)) == 0) { + for (ai = firstai; ai != NULL; ai = ai->ai_next) { + if (((ai->ai_family == AF_INET) && + IN_MULTICAST(((struct sockaddr_in *) ai->ai_addr) + ->sin_addr.s_addr)) + || ((ai->ai_family == AF_INET6) && + IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *) ai->ai_addr) + ->sin6_addr))) + break; + } + if (ai == NULL) { + FatalError ("Xserver: address not supported multicast type %s\n", + address); + } else { + struct multicastinfo *mcastinfo, *mcl; + + mcastinfo = malloc(sizeof(struct multicastinfo)); + mcastinfo->next = NULL; + mcastinfo->ai = firstai; + mcastinfo->hops = hopcount; + + if (mcastlist == NULL) { + mcastlist = mcastinfo; + } else { + for (mcl = mcastlist; mcl->next != NULL; mcl = mcl->next) { + /* Do nothing - just find end of list */ + } + mcl->next = mcastinfo; + } + } + } else { + FatalError("Xserver: %s: %s\n", gai_strerror(gaierr), address); + } + return i; +} +#endif + +#else +static int xdmcp_non_empty; /* avoid complaint by ranlib */ +#endif /* XDMCP */ -- cgit v1.2.3