1 | /* |
---|
2 | * xdm - display manager daemon |
---|
3 | * |
---|
4 | * $XConsortium: xdmauth.c,v 1.8 91/07/24 00:07:05 keith Exp $ |
---|
5 | * |
---|
6 | * Copyright 1988 Massachusetts Institute of Technology |
---|
7 | * |
---|
8 | * Permission to use, copy, modify, and distribute this software and its |
---|
9 | * documentation for any purpose and without fee is hereby granted, provided |
---|
10 | * that the above copyright notice appear in all copies and that both that |
---|
11 | * copyright notice and this permission notice appear in supporting |
---|
12 | * documentation, and that the name of M.I.T. not be used in advertising or |
---|
13 | * publicity pertaining to distribution of the software without specific, |
---|
14 | * written prior permission. M.I.T. makes no representations about the |
---|
15 | * suitability of this software for any purpose. It is provided "as is" |
---|
16 | * without express or implied warranty. |
---|
17 | * |
---|
18 | * Author: Keith Packard, MIT X Consortium |
---|
19 | */ |
---|
20 | |
---|
21 | /* |
---|
22 | * xdmauth |
---|
23 | * |
---|
24 | * generate authorization data for XDM-AUTHORIZATION-1 as per XDMCP spec |
---|
25 | */ |
---|
26 | |
---|
27 | #include "dm.h" |
---|
28 | |
---|
29 | #ifdef HASXDMAUTH |
---|
30 | |
---|
31 | static char auth_name[256]; |
---|
32 | static int auth_name_len; |
---|
33 | #define AUTH_DATA_LEN 16 |
---|
34 | |
---|
35 | XdmPrintDataHex (s, a, l) |
---|
36 | char *s; |
---|
37 | char *a; |
---|
38 | int l; |
---|
39 | { |
---|
40 | int i; |
---|
41 | |
---|
42 | Debug ("%s", s); |
---|
43 | for (i = 0; i < l; i++) |
---|
44 | Debug (" %2x", a[i]); |
---|
45 | Debug ("\n"); |
---|
46 | } |
---|
47 | |
---|
48 | #ifdef notdef /* not used */ |
---|
49 | XdmPrintKey (s, k) |
---|
50 | char *s; |
---|
51 | XdmAuthKeyRec *k; |
---|
52 | { |
---|
53 | XdmPrintDataHex (s, (char *) k->data, 8); |
---|
54 | } |
---|
55 | #endif |
---|
56 | |
---|
57 | #ifdef XDMCP |
---|
58 | XdmPrintArray8Hex (s, a) |
---|
59 | char *s; |
---|
60 | ARRAY8Ptr a; |
---|
61 | { |
---|
62 | XdmPrintDataHex (s, (char *) a->data, a->length); |
---|
63 | } |
---|
64 | #endif |
---|
65 | |
---|
66 | XdmInitAuth (name_len, name) |
---|
67 | unsigned short name_len; |
---|
68 | char *name; |
---|
69 | { |
---|
70 | if (name_len > 256) |
---|
71 | name_len = 256; |
---|
72 | auth_name_len = name_len; |
---|
73 | bcopy (name, auth_name, name_len); |
---|
74 | } |
---|
75 | |
---|
76 | Xauth * |
---|
77 | XdmGetAuth (namelen, name) |
---|
78 | unsigned short namelen; |
---|
79 | char *name; |
---|
80 | { |
---|
81 | Xauth *new; |
---|
82 | new = (Xauth *) malloc (sizeof (Xauth)); |
---|
83 | |
---|
84 | if (!new) |
---|
85 | return (Xauth *) 0; |
---|
86 | new->family = FamilyWild; |
---|
87 | new->address_length = 0; |
---|
88 | new->address = 0; |
---|
89 | new->number_length = 0; |
---|
90 | new->number = 0; |
---|
91 | |
---|
92 | new->data = (char *) malloc (AUTH_DATA_LEN); |
---|
93 | if (!new->data) |
---|
94 | { |
---|
95 | free ((char *) new); |
---|
96 | return (Xauth *) 0; |
---|
97 | } |
---|
98 | new->name = (char *) malloc (namelen); |
---|
99 | if (!new->name) |
---|
100 | { |
---|
101 | free ((char *) new->data); |
---|
102 | free ((char *) new); |
---|
103 | return (Xauth *) 0; |
---|
104 | } |
---|
105 | bcopy (name, (char *)new->name, namelen); |
---|
106 | new->name_length = namelen; |
---|
107 | GenerateAuthorization ((char *)new->data, AUTH_DATA_LEN); |
---|
108 | ((char *)new->data)[8] = '\0'; |
---|
109 | new->data_length = AUTH_DATA_LEN; |
---|
110 | XdmPrintDataHex ("Local server auth", (char *)new->data, new->data_length); |
---|
111 | return new; |
---|
112 | } |
---|
113 | |
---|
114 | #ifdef XDMCP |
---|
115 | |
---|
116 | XdmGetXdmcpAuth (pdpy,authorizationNameLen, authorizationName) |
---|
117 | struct protoDisplay *pdpy; |
---|
118 | unsigned short authorizationNameLen; |
---|
119 | char *authorizationName; |
---|
120 | { |
---|
121 | Xauth *fileauth, *xdmcpauth; |
---|
122 | |
---|
123 | if (pdpy->fileAuthorization && pdpy->xdmcpAuthorization) |
---|
124 | return; |
---|
125 | xdmcpauth = XdmGetAuth (authorizationNameLen, authorizationName); |
---|
126 | if (!xdmcpauth) |
---|
127 | return; |
---|
128 | fileauth = (Xauth *) malloc (sizeof (Xauth)); |
---|
129 | if (!fileauth) |
---|
130 | { |
---|
131 | XauDisposeAuth(xdmcpauth); |
---|
132 | return; |
---|
133 | } |
---|
134 | *fileauth = *xdmcpauth; |
---|
135 | fileauth->name = malloc (xdmcpauth->name_length); |
---|
136 | fileauth->data = malloc (16); |
---|
137 | fileauth->data_length = 16; |
---|
138 | if (!fileauth->name || !fileauth->data) |
---|
139 | { |
---|
140 | XauDisposeAuth (xdmcpauth); |
---|
141 | if (fileauth->name) |
---|
142 | free ((char *) fileauth->name); |
---|
143 | if (fileauth->data) |
---|
144 | free ((char *) fileauth->data); |
---|
145 | free ((char *) fileauth); |
---|
146 | return; |
---|
147 | } |
---|
148 | bcopy (xdmcpauth->name, fileauth->name, xdmcpauth->name_length); |
---|
149 | bcopy (pdpy->authenticationData.data, fileauth->data, 8); |
---|
150 | bcopy (xdmcpauth->data, fileauth->data + 8, 8); |
---|
151 | XdmPrintDataHex ("Accept packet auth", xdmcpauth->data, xdmcpauth->data_length); |
---|
152 | XdmPrintDataHex ("Auth file auth", fileauth->data, fileauth->data_length); |
---|
153 | XdmcpWrap (xdmcpauth->data, &pdpy->key, xdmcpauth->data, 8); |
---|
154 | pdpy->fileAuthorization = fileauth; |
---|
155 | pdpy->xdmcpAuthorization = xdmcpauth; |
---|
156 | } |
---|
157 | |
---|
158 | #define atox(c) ('0' <= c && c <= '9' ? c - '0' : \ |
---|
159 | 'a' <= c && c <= 'f' ? c - 'a' + 10 : \ |
---|
160 | 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1) |
---|
161 | |
---|
162 | static |
---|
163 | HexToBinary (key) |
---|
164 | char *key; |
---|
165 | { |
---|
166 | char *out, *in; |
---|
167 | int top, bottom; |
---|
168 | |
---|
169 | in = key + 2; |
---|
170 | out= key; |
---|
171 | while (in[0] && in[1]) |
---|
172 | { |
---|
173 | top = atox(in[0]); |
---|
174 | if (top == -1) |
---|
175 | return 0; |
---|
176 | bottom = atox(in[1]); |
---|
177 | if (bottom == -1) |
---|
178 | return 0; |
---|
179 | *out++ = (top << 4) | bottom; |
---|
180 | in += 2; |
---|
181 | } |
---|
182 | if (in[0]) |
---|
183 | return 0; |
---|
184 | *out++ = '\0'; |
---|
185 | return 1; |
---|
186 | } |
---|
187 | |
---|
188 | /* |
---|
189 | * Search the Keys file for the entry matching this display. This |
---|
190 | * routine accepts either plain ascii strings for keys, or hex-encoded numbers |
---|
191 | */ |
---|
192 | |
---|
193 | XdmGetKey (pdpy, displayID) |
---|
194 | struct protoDisplay *pdpy; |
---|
195 | ARRAY8Ptr displayID; |
---|
196 | { |
---|
197 | FILE *keys; |
---|
198 | char line[1024], id[1024], key[1024]; |
---|
199 | int keylen; |
---|
200 | |
---|
201 | Debug ("Lookup key for %*.*s\n", displayID->length, displayID->length, displayID->data); |
---|
202 | keys = fopen (keyFile, "r"); |
---|
203 | if (!keys) |
---|
204 | return FALSE; |
---|
205 | while (fgets (line, sizeof (line) - 1, keys)) |
---|
206 | { |
---|
207 | if (line[0] == '#' || sscanf (line, "%s %s", id, key) != 2) |
---|
208 | continue; |
---|
209 | Debug ("Key entry \"%s\" \"%s\"\n", id, key); |
---|
210 | if (strlen (id) == displayID->length && |
---|
211 | !strncmp (id, (char *)displayID->data, displayID->length)) |
---|
212 | { |
---|
213 | if (!strncmp (key, "0x", 2) || !strncmp (key, "0X", 2)) |
---|
214 | if (!HexToBinary (key)) |
---|
215 | break; |
---|
216 | keylen = strlen (key); |
---|
217 | while (keylen < 7) |
---|
218 | key[keylen++] = '\0'; |
---|
219 | pdpy->key.data[0] = '\0'; |
---|
220 | bcopy (key, pdpy->key.data + 1, 7); |
---|
221 | fclose (keys); |
---|
222 | return TRUE; |
---|
223 | } |
---|
224 | } |
---|
225 | fclose (keys); |
---|
226 | return FALSE; |
---|
227 | } |
---|
228 | |
---|
229 | /*ARGSUSED*/ |
---|
230 | XdmCheckAuthentication (pdpy, displayID, authenticationName, authenticationData) |
---|
231 | struct protoDisplay *pdpy; |
---|
232 | ARRAY8Ptr displayID, authenticationName, authenticationData; |
---|
233 | { |
---|
234 | XdmAuthKeyPtr incoming; |
---|
235 | |
---|
236 | if (!XdmGetKey (pdpy, displayID)) |
---|
237 | return FALSE; |
---|
238 | if (authenticationData->length != 8) |
---|
239 | return FALSE; |
---|
240 | XdmcpUnwrap (authenticationData->data, &pdpy->key, |
---|
241 | authenticationData->data, 8); |
---|
242 | XdmPrintArray8Hex ("Request packet auth", authenticationData); |
---|
243 | if (!XdmcpCopyARRAY8(authenticationData, &pdpy->authenticationData)) |
---|
244 | return FALSE; |
---|
245 | incoming = (XdmAuthKeyPtr) authenticationData->data; |
---|
246 | XdmcpIncrementKey (incoming); |
---|
247 | XdmcpWrap (authenticationData->data, &pdpy->key, |
---|
248 | authenticationData->data, 8); |
---|
249 | return TRUE; |
---|
250 | } |
---|
251 | |
---|
252 | #endif /* XDMCP */ |
---|
253 | #endif /* HASXDMAUTH (covering the entire file) */ |
---|