iceauth.c revision 9ef0b394 
1266e564dSmrg/******************************************************************************
2266e564dSmrg
3266e564dSmrg
4266e564dSmrgCopyright 1993, 1998  The Open Group
5266e564dSmrg
6266e564dSmrgPermission to use, copy, modify, distribute, and sell this software and its
7266e564dSmrgdocumentation for any purpose is hereby granted without fee, provided that
8266e564dSmrgthe above copyright notice appear in all copies and that both that
9266e564dSmrgcopyright notice and this permission notice appear in supporting
10266e564dSmrgdocumentation.
11266e564dSmrg
12266e564dSmrgThe above copyright notice and this permission notice shall be included in
13266e564dSmrgall copies or substantial portions of the Software.
14266e564dSmrg
15266e564dSmrgTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16266e564dSmrgIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17266e564dSmrgFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
18266e564dSmrgOPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
19266e564dSmrgAN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20266e564dSmrgCONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21266e564dSmrg
22266e564dSmrgExcept as contained in this notice, the name of The Open Group shall not be
23266e564dSmrgused in advertising or otherwise to promote the sale, use or other dealings
24266e564dSmrgin this Software without prior written authorization from The Open Group.
25266e564dSmrg
26266e564dSmrgAuthor: Ralph Mor, X Consortium
27266e564dSmrg******************************************************************************/
28266e564dSmrg
29266e564dSmrg#ifdef HAVE_CONFIG_H
30266e564dSmrg#include <config.h>
31266e564dSmrg#endif
32266e564dSmrg#include <X11/ICE/ICElib.h>
33266e564dSmrg#include "ICElibint.h"
34266e564dSmrg#include <X11/ICE/ICEutil.h>
35266e564dSmrg
36266e564dSmrg#include <time.h>
37266e564dSmrg#define Time_t time_t
38266e564dSmrg
39266e564dSmrgstatic int was_called_state;
40266e564dSmrg
41266e564dSmrg/*
42266e564dSmrg * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
43266e564dSmrg * the SI.  It is not part of standard ICElib.
44266e564dSmrg */
45266e564dSmrg
46266e564dSmrg
47266e564dSmrgchar *
48c5629e66SmrgIceGenerateMagicCookie (
49c5629e66Smrg	int len
50c5629e66Smrg)
51266e564dSmrg{
52266e564dSmrg    char    *auth;
53266e564dSmrg    long    ldata[2];
54266e564dSmrg    int	    seed;
55266e564dSmrg    int	    value;
56266e564dSmrg    int	    i;
579ef0b394Smrg
58266e564dSmrg    if ((auth = (char *) malloc (len + 1)) == NULL)
59266e564dSmrg	return (NULL);
60266e564dSmrg
61266e564dSmrg#ifdef ITIMER_REAL
62266e564dSmrg    {
63266e564dSmrg	struct timeval  now;
64266e564dSmrg	X_GETTIMEOFDAY (&now);
65266e564dSmrg	ldata[0] = now.tv_sec;
66266e564dSmrg	ldata[1] = now.tv_usec;
67266e564dSmrg    }
68266e564dSmrg#else
69266e564dSmrg    {
70266e564dSmrg#ifndef __UNIXOS2__
71266e564dSmrg	long    time ();
72266e564dSmrg#endif
73266e564dSmrg	ldata[0] = time ((long *) 0);
74266e564dSmrg	ldata[1] = getpid ();
75266e564dSmrg    }
76266e564dSmrg#endif
77266e564dSmrg    seed = (ldata[0]) + (ldata[1] << 16);
78266e564dSmrg    srand (seed);
79266e564dSmrg    for (i = 0; i < len; i++)
80266e564dSmrg    {
81266e564dSmrg	value = rand ();
82266e564dSmrg	auth[i] = value & 0xff;
83266e564dSmrg    }
84266e564dSmrg    auth[len] = '\0';
85266e564dSmrg
86266e564dSmrg    return (auth);
87266e564dSmrg}
88266e564dSmrg
89266e564dSmrg
90266e564dSmrg
91266e564dSmrgIcePoAuthStatus
92c5629e66Smrg_IcePoMagicCookie1Proc (
93c5629e66Smrg	IceConn		iceConn,
94c5629e66Smrg	IcePointer	*authStatePtr,
95c5629e66Smrg	Bool 		cleanUp,
96c5629e66Smrg	Bool		swap,
97c5629e66Smrg	int     	authDataLen,
98c5629e66Smrg	IcePointer	authData,
99c5629e66Smrg	int 		*replyDataLenRet,
100c5629e66Smrg	IcePointer	*replyDataRet,
101c5629e66Smrg	char    	**errorStringRet
102c5629e66Smrg)
103266e564dSmrg{
104266e564dSmrg    if (cleanUp)
105266e564dSmrg    {
106266e564dSmrg	/*
107266e564dSmrg	 * We didn't allocate any state.  We're done.
108266e564dSmrg	 */
109266e564dSmrg
110266e564dSmrg	return (IcePoAuthDoneCleanup);
111266e564dSmrg    }
112266e564dSmrg
113266e564dSmrg    *errorStringRet = NULL;
114266e564dSmrg
115266e564dSmrg    if (*authStatePtr == NULL)
116266e564dSmrg    {
117266e564dSmrg	/*
118266e564dSmrg	 * This is the first time we're being called.  Search the
119266e564dSmrg	 * authentication data for the first occurence of
120266e564dSmrg	 * MIT-MAGIC-COOKIE-1 that matches iceConn->connection_string.
121266e564dSmrg	 */
122266e564dSmrg
123266e564dSmrg	unsigned short  length;
124266e564dSmrg	char		*data;
125266e564dSmrg
126266e564dSmrg	_IceGetPoAuthData ("ICE", iceConn->connection_string,
127266e564dSmrg	    "MIT-MAGIC-COOKIE-1", &length, &data);
128266e564dSmrg
129266e564dSmrg	if (!data)
130266e564dSmrg	{
131266e564dSmrg	    const char *tempstr =
132266e564dSmrg		"Could not find correct MIT-MAGIC-COOKIE-1 authentication";
133266e564dSmrg
134266e564dSmrg	    *errorStringRet = strdup(tempstr);
135266e564dSmrg
136266e564dSmrg	    return (IcePoAuthFailed);
137266e564dSmrg	}
138266e564dSmrg	else
139266e564dSmrg	{
140266e564dSmrg	    *authStatePtr = (IcePointer) &was_called_state;
141266e564dSmrg
142266e564dSmrg	    *replyDataLenRet = length;
143266e564dSmrg	    *replyDataRet = data;
144266e564dSmrg
145266e564dSmrg	    return (IcePoAuthHaveReply);
146266e564dSmrg	}
147266e564dSmrg    }
148266e564dSmrg    else
149266e564dSmrg    {
150266e564dSmrg	/*
151266e564dSmrg	 * We should never get here for MIT-MAGIC-COOKIE-1 since it is
152266e564dSmrg	 * a single pass authentication method.
153266e564dSmrg	 */
154266e564dSmrg
155266e564dSmrg	const char *tempstr =
156266e564dSmrg	    "MIT-MAGIC-COOKIE-1 authentication internal error";
157266e564dSmrg
158266e564dSmrg	*errorStringRet = strdup(tempstr);
159266e564dSmrg
160266e564dSmrg	return (IcePoAuthFailed);
161266e564dSmrg    }
162266e564dSmrg}
163266e564dSmrg
164c5629e66SmrgIcePoAuthProc	_IcePoAuthProcs[] = {_IcePoMagicCookie1Proc};
165266e564dSmrg
166266e564dSmrg
167266e564dSmrgIcePaAuthStatus
168c5629e66Smrg_IcePaMagicCookie1Proc (
169c5629e66Smrg	IceConn		iceConn,
170c5629e66Smrg	IcePointer	*authStatePtr,
171c5629e66Smrg	Bool		swap,
172c5629e66Smrg	int     	authDataLen,
173c5629e66Smrg	IcePointer	authData,
174c5629e66Smrg	int 		*replyDataLenRet,
175c5629e66Smrg	IcePointer	*replyDataRet,
176c5629e66Smrg	char    	**errorStringRet
177c5629e66Smrg)
178266e564dSmrg{
179266e564dSmrg    *errorStringRet = NULL;
180266e564dSmrg    *replyDataLenRet = 0;
181266e564dSmrg    *replyDataRet = NULL;
182266e564dSmrg
183266e564dSmrg    if (*authStatePtr == NULL)
184266e564dSmrg    {
185266e564dSmrg	/*
186266e564dSmrg	 * This is the first time we're being called.  We don't have
187266e564dSmrg	 * any data to pass to the other client.
188266e564dSmrg	 */
189266e564dSmrg
190266e564dSmrg	*authStatePtr = (IcePointer) &was_called_state;
191266e564dSmrg
192266e564dSmrg	return (IcePaAuthContinue);
193266e564dSmrg    }
194266e564dSmrg    else
195266e564dSmrg    {
196266e564dSmrg	/*
197266e564dSmrg	 * Search the authentication data for the first occurence of
198266e564dSmrg	 * MIT-MAGIC-COOKIE-1 that matches iceConn->connection_string.
199266e564dSmrg	 */
200266e564dSmrg
201266e564dSmrg	unsigned short  length;
202266e564dSmrg	char		*data;
203266e564dSmrg
204266e564dSmrg	_IceGetPaAuthData ("ICE", iceConn->connection_string,
205266e564dSmrg	    "MIT-MAGIC-COOKIE-1", &length, &data);
206266e564dSmrg
207266e564dSmrg	if (data)
208266e564dSmrg	{
209266e564dSmrg	    IcePaAuthStatus stat;
210266e564dSmrg
211266e564dSmrg	    if (authDataLen == length &&
212c5629e66Smrg	        memcmp (authData, data, authDataLen) == 0)
213266e564dSmrg	    {
214266e564dSmrg		stat = IcePaAuthAccepted;
215266e564dSmrg	    }
216266e564dSmrg	    else
217266e564dSmrg	    {
218266e564dSmrg		const char *tempstr
219266e564dSmrg		    = "MIT-MAGIC-COOKIE-1 authentication rejected";
220266e564dSmrg
221266e564dSmrg		*errorStringRet = strdup(tempstr);
222266e564dSmrg
223266e564dSmrg		stat = IcePaAuthRejected;
224266e564dSmrg	    }
225266e564dSmrg
226266e564dSmrg	    free (data);
227266e564dSmrg	    return (stat);
228266e564dSmrg	}
229266e564dSmrg	else
230266e564dSmrg	{
231266e564dSmrg	    /*
232266e564dSmrg	     * We should never get here because in the ConnectionReply
233266e564dSmrg	     * we should have passed all the valid methods.  So we should
234266e564dSmrg	     * always find a valid entry.
235266e564dSmrg	     */
236266e564dSmrg
237266e564dSmrg	    const char *tempstr =
238266e564dSmrg		"MIT-MAGIC-COOKIE-1 authentication internal error";
239266e564dSmrg
240266e564dSmrg	    *errorStringRet = strdup(tempstr);
241266e564dSmrg
242266e564dSmrg	    return (IcePaAuthFailed);
243266e564dSmrg	}
244266e564dSmrg    }
245266e564dSmrg}
246266e564dSmrg
247c5629e66SmrgIcePaAuthProc	_IcePaAuthProcs[] = {_IcePaMagicCookie1Proc};
248