| @@ -1,275 +1,284 @@ | | | @@ -1,275 +1,284 @@ |
1 | /* $Xorg: iceauth.c,v 1.4 2001/02/09 02:03:26 xorgcvs Exp $ */ | | 1 | /* $Xorg: iceauth.c,v 1.4 2001/02/09 02:03:26 xorgcvs Exp $ */ |
2 | /****************************************************************************** | | 2 | /****************************************************************************** |
3 | | | 3 | |
4 | | | 4 | |
5 | Copyright 1993, 1998 The Open Group | | 5 | Copyright 1993, 1998 The Open Group |
6 | | | 6 | |
7 | Permission to use, copy, modify, distribute, and sell this software and its | | 7 | Permission to use, copy, modify, distribute, and sell this software and its |
8 | documentation for any purpose is hereby granted without fee, provided that | | 8 | documentation for any purpose is hereby granted without fee, provided that |
9 | the above copyright notice appear in all copies and that both that | | 9 | the above copyright notice appear in all copies and that both that |
10 | copyright notice and this permission notice appear in supporting | | 10 | copyright notice and this permission notice appear in supporting |
11 | documentation. | | 11 | documentation. |
12 | | | 12 | |
13 | The above copyright notice and this permission notice shall be included in | | 13 | The above copyright notice and this permission notice shall be included in |
14 | all copies or substantial portions of the Software. | | 14 | all copies or substantial portions of the Software. |
15 | | | 15 | |
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | | 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | | 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
19 | OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN | | 19 | OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN |
20 | AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | | 20 | AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
21 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | | 21 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
22 | | | 22 | |
23 | Except as contained in this notice, the name of The Open Group shall not be | | 23 | Except as contained in this notice, the name of The Open Group shall not be |
24 | used in advertising or otherwise to promote the sale, use or other dealings | | 24 | used in advertising or otherwise to promote the sale, use or other dealings |
25 | in this Software without prior written authorization from The Open Group. | | 25 | in this Software without prior written authorization from The Open Group. |
26 | | | 26 | |
27 | Author: Ralph Mor, X Consortium | | 27 | Author: Ralph Mor, X Consortium |
28 | ******************************************************************************/ | | 28 | ******************************************************************************/ |
29 | /* $XFree86: xc/lib/ICE/iceauth.c,v 3.6 2002/05/31 18:45:41 dawes Exp $ */ | | 29 | /* $XFree86: xc/lib/ICE/iceauth.c,v 3.6 2002/05/31 18:45:41 dawes Exp $ */ |
30 | | | 30 | |
31 | #include <X11/ICE/ICElib.h> | | 31 | #include <X11/ICE/ICElib.h> |
32 | #include "ICElibint.h" | | 32 | #include "ICElibint.h" |
33 | #include <X11/ICE/ICEutil.h> | | 33 | #include <X11/ICE/ICEutil.h> |
34 | | | 34 | |
35 | #include <time.h> | | 35 | #include <time.h> |
36 | #define Time_t time_t | | 36 | #define Time_t time_t |
37 | | | 37 | |
38 | static int binaryEqual (); | | 38 | static int binaryEqual (); |
39 | | | 39 | |
| | | 40 | #ifdef HAVE_LIBBSD |
| | | 41 | #include <bsd/stdlib.h> /* for arc4random_buf() */ |
| | | 42 | #endif |
| | | 43 | |
40 | static int was_called_state; | | 44 | static int was_called_state; |
41 | | | 45 | |
42 | /* | | 46 | /* |
43 | * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by | | 47 | * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by |
44 | * the SI. It is not part of standard ICElib. | | 48 | * the SI. It is not part of standard ICElib. |
45 | */ | | 49 | */ |
46 | | | 50 | |
47 | | | 51 | |
48 | char * | | 52 | char * |
49 | IceGenerateMagicCookie (len) | | 53 | IceGenerateMagicCookie (len) |
50 | | | 54 | |
51 | int len; | | 55 | int len; |
52 | | | 56 | |
53 | { | | 57 | { |
54 | char *auth; | | 58 | char *auth; |
| | | 59 | #ifndef HAVE_ARC4RANDOM_BUF |
55 | long ldata[2]; | | 60 | long ldata[2]; |
56 | int seed; | | 61 | int seed; |
57 | int value; | | 62 | int value; |
58 | int i; | | 63 | int i; |
| | | 64 | #endif |
59 | | | 65 | |
60 | if ((auth = (char *) malloc (len + 1)) == NULL) | | 66 | if ((auth = (char *) malloc (len + 1)) == NULL) |
61 | return (NULL); | | 67 | return (NULL); |
62 | | | 68 | |
| | | 69 | #ifdef HAVE_ARC4RANDOM_BUF |
| | | 70 | arc4random_buf(auth, len); |
| | | 71 | #else |
63 | #ifdef ITIMER_REAL | | 72 | #ifdef ITIMER_REAL |
64 | { | | 73 | { |
65 | struct timeval now; | | 74 | struct timeval now; |
66 | X_GETTIMEOFDAY (&now); | | 75 | X_GETTIMEOFDAY (&now); |
67 | ldata[0] = now.tv_sec; | | 76 | ldata[0] = now.tv_sec; |
68 | ldata[1] = now.tv_usec; | | 77 | ldata[1] = now.tv_usec; |
69 | } | | 78 | } |
70 | #else | | 79 | #else |
71 | { | | 80 | { |
72 | #ifndef __UNIXOS2__ | | 81 | #ifndef __UNIXOS2__ |
73 | long time (); | | 82 | long time (); |
74 | #endif | | 83 | #endif |
75 | ldata[0] = time ((long *) 0); | | 84 | ldata[0] = time ((long *) 0); |
76 | ldata[1] = getpid (); | | 85 | ldata[1] = getpid (); |
77 | } | | 86 | } |
78 | #endif | | 87 | #endif |
79 | seed = (ldata[0]) + (ldata[1] << 16); | | 88 | seed = (ldata[0]) + (ldata[1] << 16); |
80 | srand (seed); | | 89 | srand (seed); |
81 | for (i = 0; i < len; i++) | | 90 | for (i = 0; i < len; i++) |
82 | { | | 91 | { |
83 | value = rand (); | | 92 | value = rand (); |
84 | auth[i] = value & 0xff; | | 93 | auth[i] = value & 0xff; |
85 | } | | 94 | } |
| | | 95 | #endif |
86 | auth[len] = '\0'; | | 96 | auth[len] = '\0'; |
87 | | | | |
88 | return (auth); | | 97 | return (auth); |
89 | } | | 98 | } |
90 | | | 99 | |
91 | | | 100 | |
92 | | | 101 | |
93 | IcePoAuthStatus | | 102 | IcePoAuthStatus |
94 | _IcePoMagicCookie1Proc (iceConn, authStatePtr, cleanUp, swap, | | 103 | _IcePoMagicCookie1Proc (iceConn, authStatePtr, cleanUp, swap, |
95 | authDataLen, authData, replyDataLenRet, replyDataRet, errorStringRet) | | 104 | authDataLen, authData, replyDataLenRet, replyDataRet, errorStringRet) |
96 | | | 105 | |
97 | IceConn iceConn; | | 106 | IceConn iceConn; |
98 | IcePointer *authStatePtr; | | 107 | IcePointer *authStatePtr; |
99 | Bool cleanUp; | | 108 | Bool cleanUp; |
100 | Bool swap; | | 109 | Bool swap; |
101 | int authDataLen; | | 110 | int authDataLen; |
102 | IcePointer authData; | | 111 | IcePointer authData; |
103 | int *replyDataLenRet; | | 112 | int *replyDataLenRet; |
104 | IcePointer *replyDataRet; | | 113 | IcePointer *replyDataRet; |
105 | char **errorStringRet; | | 114 | char **errorStringRet; |
106 | | | 115 | |
107 | { | | 116 | { |
108 | if (cleanUp) | | 117 | if (cleanUp) |
109 | { | | 118 | { |
110 | /* | | 119 | /* |
111 | * We didn't allocate any state. We're done. | | 120 | * We didn't allocate any state. We're done. |
112 | */ | | 121 | */ |
113 | | | 122 | |
114 | return (IcePoAuthDoneCleanup); | | 123 | return (IcePoAuthDoneCleanup); |
115 | } | | 124 | } |
116 | | | 125 | |
117 | *errorStringRet = NULL; | | 126 | *errorStringRet = NULL; |
118 | | | 127 | |
119 | if (*authStatePtr == NULL) | | 128 | if (*authStatePtr == NULL) |
120 | { | | 129 | { |
121 | /* | | 130 | /* |
122 | * This is the first time we're being called. Search the | | 131 | * This is the first time we're being called. Search the |
123 | * authentication data for the first occurence of | | 132 | * authentication data for the first occurence of |
124 | * MIT-MAGIC-COOKIE-1 that matches iceConn->connection_string. | | 133 | * MIT-MAGIC-COOKIE-1 that matches iceConn->connection_string. |
125 | */ | | 134 | */ |
126 | | | 135 | |
127 | unsigned short length; | | 136 | unsigned short length; |
128 | char *data; | | 137 | char *data; |
129 | | | 138 | |
130 | _IceGetPoAuthData ("ICE", iceConn->connection_string, | | 139 | _IceGetPoAuthData ("ICE", iceConn->connection_string, |
131 | "MIT-MAGIC-COOKIE-1", &length, &data); | | 140 | "MIT-MAGIC-COOKIE-1", &length, &data); |
132 | | | 141 | |
133 | if (!data) | | 142 | if (!data) |
134 | { | | 143 | { |
135 | char *tempstr = | | 144 | char *tempstr = |
136 | "Could not find correct MIT-MAGIC-COOKIE-1 authentication"; | | 145 | "Could not find correct MIT-MAGIC-COOKIE-1 authentication"; |
137 | | | 146 | |
138 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); | | 147 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); |
139 | if (*errorStringRet) | | 148 | if (*errorStringRet) |
140 | strcpy (*errorStringRet, tempstr); | | 149 | strcpy (*errorStringRet, tempstr); |
141 | | | 150 | |
142 | return (IcePoAuthFailed); | | 151 | return (IcePoAuthFailed); |
143 | } | | 152 | } |
144 | else | | 153 | else |
145 | { | | 154 | { |
146 | *authStatePtr = (IcePointer) &was_called_state; | | 155 | *authStatePtr = (IcePointer) &was_called_state; |
147 | | | 156 | |
148 | *replyDataLenRet = length; | | 157 | *replyDataLenRet = length; |
149 | *replyDataRet = data; | | 158 | *replyDataRet = data; |
150 | | | 159 | |
151 | return (IcePoAuthHaveReply); | | 160 | return (IcePoAuthHaveReply); |
152 | } | | 161 | } |
153 | } | | 162 | } |
154 | else | | 163 | else |
155 | { | | 164 | { |
156 | /* | | 165 | /* |
157 | * We should never get here for MIT-MAGIC-COOKIE-1 since it is | | 166 | * We should never get here for MIT-MAGIC-COOKIE-1 since it is |
158 | * a single pass authentication method. | | 167 | * a single pass authentication method. |
159 | */ | | 168 | */ |
160 | | | 169 | |
161 | char *tempstr = "MIT-MAGIC-COOKIE-1 authentication internal error"; | | 170 | char *tempstr = "MIT-MAGIC-COOKIE-1 authentication internal error"; |
162 | | | 171 | |
163 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); | | 172 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); |
164 | if (*errorStringRet) | | 173 | if (*errorStringRet) |
165 | strcpy (*errorStringRet, tempstr); | | 174 | strcpy (*errorStringRet, tempstr); |
166 | | | 175 | |
167 | return (IcePoAuthFailed); | | 176 | return (IcePoAuthFailed); |
168 | } | | 177 | } |
169 | } | | 178 | } |
170 | | | 179 | |
171 | | | 180 | |
172 | | | 181 | |
173 | IcePaAuthStatus | | 182 | IcePaAuthStatus |
174 | _IcePaMagicCookie1Proc (iceConn, authStatePtr, swap, | | 183 | _IcePaMagicCookie1Proc (iceConn, authStatePtr, swap, |
175 | authDataLen, authData, replyDataLenRet, replyDataRet, errorStringRet) | | 184 | authDataLen, authData, replyDataLenRet, replyDataRet, errorStringRet) |
176 | | | 185 | |
177 | IceConn iceConn; | | 186 | IceConn iceConn; |
178 | IcePointer *authStatePtr; | | 187 | IcePointer *authStatePtr; |
179 | Bool swap; | | 188 | Bool swap; |
180 | int authDataLen; | | 189 | int authDataLen; |
181 | IcePointer authData; | | 190 | IcePointer authData; |
182 | int *replyDataLenRet; | | 191 | int *replyDataLenRet; |
183 | IcePointer *replyDataRet; | | 192 | IcePointer *replyDataRet; |
184 | char **errorStringRet; | | 193 | char **errorStringRet; |
185 | | | 194 | |
186 | { | | 195 | { |
187 | *errorStringRet = NULL; | | 196 | *errorStringRet = NULL; |
188 | *replyDataLenRet = 0; | | 197 | *replyDataLenRet = 0; |
189 | *replyDataRet = NULL; | | 198 | *replyDataRet = NULL; |
190 | | | 199 | |
191 | if (*authStatePtr == NULL) | | 200 | if (*authStatePtr == NULL) |
192 | { | | 201 | { |
193 | /* | | 202 | /* |
194 | * This is the first time we're being called. We don't have | | 203 | * This is the first time we're being called. We don't have |
195 | * any data to pass to the other client. | | 204 | * any data to pass to the other client. |
196 | */ | | 205 | */ |
197 | | | 206 | |
198 | *authStatePtr = (IcePointer) &was_called_state; | | 207 | *authStatePtr = (IcePointer) &was_called_state; |
199 | | | 208 | |
200 | return (IcePaAuthContinue); | | 209 | return (IcePaAuthContinue); |
201 | } | | 210 | } |
202 | else | | 211 | else |
203 | { | | 212 | { |
204 | /* | | 213 | /* |
205 | * Search the authentication data for the first occurence of | | 214 | * Search the authentication data for the first occurence of |
206 | * MIT-MAGIC-COOKIE-1 that matches iceConn->connection_string. | | 215 | * MIT-MAGIC-COOKIE-1 that matches iceConn->connection_string. |
207 | */ | | 216 | */ |
208 | | | 217 | |
209 | unsigned short length; | | 218 | unsigned short length; |
210 | char *data; | | 219 | char *data; |
211 | | | 220 | |
212 | _IceGetPaAuthData ("ICE", iceConn->connection_string, | | 221 | _IceGetPaAuthData ("ICE", iceConn->connection_string, |
213 | "MIT-MAGIC-COOKIE-1", &length, &data); | | 222 | "MIT-MAGIC-COOKIE-1", &length, &data); |
214 | | | 223 | |
215 | if (data) | | 224 | if (data) |
216 | { | | 225 | { |
217 | IcePaAuthStatus stat; | | 226 | IcePaAuthStatus stat; |
218 | | | 227 | |
219 | if (authDataLen == length && | | 228 | if (authDataLen == length && |
220 | binaryEqual ((char *) authData, data, authDataLen)) | | 229 | binaryEqual ((char *) authData, data, authDataLen)) |
221 | { | | 230 | { |
222 | stat = IcePaAuthAccepted; | | 231 | stat = IcePaAuthAccepted; |
223 | } | | 232 | } |
224 | else | | 233 | else |
225 | { | | 234 | { |
226 | char *tempstr = "MIT-MAGIC-COOKIE-1 authentication rejected"; | | 235 | char *tempstr = "MIT-MAGIC-COOKIE-1 authentication rejected"; |
227 | | | 236 | |
228 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); | | 237 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); |
229 | if (*errorStringRet) | | 238 | if (*errorStringRet) |
230 | strcpy (*errorStringRet, tempstr); | | 239 | strcpy (*errorStringRet, tempstr); |
231 | | | 240 | |
232 | stat = IcePaAuthRejected; | | 241 | stat = IcePaAuthRejected; |
233 | } | | 242 | } |
234 | | | 243 | |
235 | free (data); | | 244 | free (data); |
236 | return (stat); | | 245 | return (stat); |
237 | } | | 246 | } |
238 | else | | 247 | else |
239 | { | | 248 | { |
240 | /* | | 249 | /* |
241 | * We should never get here because in the ConnectionReply | | 250 | * We should never get here because in the ConnectionReply |
242 | * we should have passed all the valid methods. So we should | | 251 | * we should have passed all the valid methods. So we should |
243 | * always find a valid entry. | | 252 | * always find a valid entry. |
244 | */ | | 253 | */ |
245 | | | 254 | |
246 | char *tempstr = | | 255 | char *tempstr = |
247 | "MIT-MAGIC-COOKIE-1 authentication internal error"; | | 256 | "MIT-MAGIC-COOKIE-1 authentication internal error"; |
248 | | | 257 | |
249 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); | | 258 | *errorStringRet = (char *) malloc (strlen (tempstr) + 1); |
250 | if (*errorStringRet) | | 259 | if (*errorStringRet) |
251 | strcpy (*errorStringRet, tempstr); | | 260 | strcpy (*errorStringRet, tempstr); |
252 | | | 261 | |
253 | return (IcePaAuthFailed); | | 262 | return (IcePaAuthFailed); |
254 | } | | 263 | } |
255 | } | | 264 | } |
256 | } | | 265 | } |
257 | | | 266 | |
258 | | | 267 | |
259 | | | 268 | |
260 | /* | | 269 | /* |
261 | * local routines | | 270 | * local routines |
262 | */ | | 271 | */ |
263 | | | 272 | |
264 | static int | | 273 | static int |
265 | binaryEqual (a, b, len) | | 274 | binaryEqual (a, b, len) |
266 | | | 275 | |
267 | register char *a, *b; | | 276 | register char *a, *b; |
268 | register unsigned len; | | 277 | register unsigned len; |
269 | | | 278 | |
270 | { | | 279 | { |
271 | while (len--) | | 280 | while (len--) |
272 | if (*a++ != *b++) | | 281 | if (*a++ != *b++) |
273 | return 0; | | 282 | return 0; |
274 | return 1; | | 283 | return 1; |
275 | } | | 284 | } |