1706f2543Smrg/*
2706f2543Smrg *Copyright (C) 2003-2004 Harold L Hunt II All Rights Reserved.
3706f2543Smrg *
4706f2543Smrg *Permission is hereby granted, free of charge, to any person obtaining
5706f2543Smrg * a copy of this software and associated documentation files (the
6706f2543Smrg *"Software"), to deal in the Software without restriction, including
7706f2543Smrg *without limitation the rights to use, copy, modify, merge, publish,
8706f2543Smrg *distribute, sublicense, and/or sell copies of the Software, and to
9706f2543Smrg *permit persons to whom the Software is furnished to do so, subject to
10706f2543Smrg *the following conditions:
11706f2543Smrg *
12706f2543Smrg *The above copyright notice and this permission notice shall be
13706f2543Smrg *included in all copies or substantial portions of the Software.
14706f2543Smrg *
15706f2543Smrg *THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16706f2543Smrg *EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17706f2543Smrg *MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18706f2543Smrg *NONINFRINGEMENT. IN NO EVENT SHALL HAROLD L HUNT II BE LIABLE FOR
19706f2543Smrg *ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
20706f2543Smrg *CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21706f2543Smrg *WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22706f2543Smrg *
23706f2543Smrg *Except as contained in this notice, the name of Harold L Hunt II
24706f2543Smrg *shall not be used in advertising or otherwise to promote the sale, use
25706f2543Smrg *or other dealings in this Software without prior written authorization
26706f2543Smrg *from Harold L Hunt II.
27706f2543Smrg *
28706f2543Smrg * Authors:	Harold L Hunt II
29706f2543Smrg */
30706f2543Smrg
31706f2543Smrg#ifdef HAVE_XWIN_CONFIG_H
32706f2543Smrg#include <xwin-config.h>
33706f2543Smrg#endif
34706f2543Smrg
35706f2543Smrg#include "win.h"
36706f2543Smrg
37706f2543Smrg/* Includes for authorization */
38706f2543Smrg#include "securitysrv.h"
39706f2543Smrg
40706f2543Smrg
41706f2543Smrg/*
42706f2543Smrg * Constants
43706f2543Smrg */
44706f2543Smrg
45706f2543Smrg#define AUTH_NAME	"MIT-MAGIC-COOKIE-1"
46706f2543Smrg
47706f2543Smrg
48706f2543Smrg/*
49706f2543Smrg * Locals
50706f2543Smrg */
51706f2543Smrg
52706f2543Smrgstatic XID g_authId = 0;
53706f2543Smrgstatic unsigned int g_uiAuthDataLen = 0;
54706f2543Smrgstatic char *g_pAuthData = NULL;
55706f2543Smrg
56706f2543Smrg/*
57706f2543Smrg * Code to generate a MIT-MAGIC-COOKIE-1, copied from under XCSECURITY
58706f2543Smrg */
59706f2543Smrg
60706f2543Smrg#ifndef XCSECURITY
61706f2543Smrgstatic
62706f2543Smrgvoid
63706f2543SmrgGenerateRandomData (int len, char *buf)
64706f2543Smrg{
65706f2543Smrg    int fd;
66706f2543Smrg
67706f2543Smrg    fd = open("/dev/urandom", O_RDONLY);
68706f2543Smrg    read(fd, buf, len);
69706f2543Smrg    close(fd);
70706f2543Smrg}
71706f2543Smrg
72706f2543Smrg
73706f2543Smrgstatic char cookie[16]; /* 128 bits */
74706f2543Smrg
75706f2543SmrgXID
76706f2543Smrgstatic MitGenerateCookie (
77706f2543Smrg    unsigned	data_length,
78706f2543Smrg    char	*data,
79706f2543Smrg    XID		id,
80706f2543Smrg    unsigned	*data_length_return,
81706f2543Smrg    char	**data_return)
82706f2543Smrg{
83706f2543Smrg    int i = 0;
84706f2543Smrg    int status;
85706f2543Smrg
86706f2543Smrg    while (data_length--)
87706f2543Smrg    {
88706f2543Smrg	cookie[i++] += *data++;
89706f2543Smrg	if (i >= sizeof (cookie)) i = 0;
90706f2543Smrg    }
91706f2543Smrg    GenerateRandomData(sizeof (cookie), cookie);
92706f2543Smrg    status = MitAddCookie(sizeof (cookie), cookie, id);
93706f2543Smrg    if (!status)
94706f2543Smrg    {
95706f2543Smrg	id = -1;
96706f2543Smrg    }
97706f2543Smrg    else
98706f2543Smrg    {
99706f2543Smrg	*data_return = cookie;
100706f2543Smrg	*data_length_return = sizeof (cookie);
101706f2543Smrg    }
102706f2543Smrg    return id;
103706f2543Smrg}
104706f2543Smrg
105706f2543Smrgstatic
106706f2543SmrgXID
107706f2543SmrgGenerateAuthorization(
108706f2543Smrg	unsigned name_length,
109706f2543Smrg	char	*name,
110706f2543Smrg	unsigned data_length,
111706f2543Smrg	char	*data,
112706f2543Smrg	unsigned *data_length_return,
113706f2543Smrg	char	**data_return)
114706f2543Smrg{
115706f2543Smrg    return MitGenerateCookie(data_length, data,
116706f2543Smrg                             FakeClientID(0), data_length_return, data_return);
117706f2543Smrg}
118706f2543Smrg#endif
119706f2543Smrg
120706f2543Smrg/*
121706f2543Smrg * Generate authorization cookie for internal server clients
122706f2543Smrg */
123706f2543Smrg
124706f2543SmrgBool
125706f2543SmrgwinGenerateAuthorization (void)
126706f2543Smrg{
127706f2543Smrg  Bool				fFreeAuth = FALSE;
128706f2543Smrg  SecurityAuthorizationPtr	pAuth = NULL;
129706f2543Smrg
130706f2543Smrg  /* Call OS layer to generate authorization key */
131706f2543Smrg  g_authId = GenerateAuthorization (strlen (AUTH_NAME),
132706f2543Smrg				    AUTH_NAME,
133706f2543Smrg				    0,
134706f2543Smrg				    NULL,
135706f2543Smrg				    &g_uiAuthDataLen,
136706f2543Smrg				    &g_pAuthData);
137706f2543Smrg  if ((XID) ~0L == g_authId)
138706f2543Smrg    {
139706f2543Smrg      ErrorF ("winGenerateAuthorization - GenerateAuthorization failed\n");
140706f2543Smrg      goto auth_bailout;
141706f2543Smrg    }
142706f2543Smrg
143706f2543Smrg  else
144706f2543Smrg    {
145706f2543Smrg      winDebug("winGenerateAuthorization - GenerateAuthorization success!\n"
146706f2543Smrg	      "AuthDataLen: %d AuthData: %s\n",
147706f2543Smrg	      g_uiAuthDataLen, g_pAuthData);
148706f2543Smrg    }
149706f2543Smrg
150706f2543Smrg#ifdef XCSECURITY
151706f2543Smrg  /* Allocate structure for additional auth information */
152706f2543Smrg  pAuth = (SecurityAuthorizationPtr)
153706f2543Smrg    malloc(sizeof (SecurityAuthorizationRec));
154706f2543Smrg  if (!(pAuth))
155706f2543Smrg    {
156706f2543Smrg      ErrorF ("winGenerateAuthorization - Failed allocating "
157706f2543Smrg	      "SecurityAuthorizationPtr.\n");
158706f2543Smrg      goto auth_bailout;
159706f2543Smrg    }
160706f2543Smrg
161706f2543Smrg  /* Fill in the auth fields */
162706f2543Smrg  pAuth->id = g_authId;
163706f2543Smrg  pAuth->timeout = 0; /* live for x seconds after refcnt == 0 */
164706f2543Smrg  pAuth->group = None;
165706f2543Smrg  pAuth->trustLevel = XSecurityClientTrusted;
166706f2543Smrg  pAuth->refcnt = 1; /* this auth must stick around */
167706f2543Smrg  pAuth->secondsRemaining = 0;
168706f2543Smrg  pAuth->timer = NULL;
169706f2543Smrg  pAuth->eventClients = NULL;
170706f2543Smrg
171706f2543Smrg  /* Add the authorization to the server's auth list */
172706f2543Smrg  if (!AddResource (g_authId,
173706f2543Smrg		    SecurityAuthorizationResType,
174706f2543Smrg		    pAuth))
175706f2543Smrg    {
176706f2543Smrg      ErrorF ("winGenerateAuthorization - AddResource failed for auth.\n");
177706f2543Smrg      fFreeAuth = TRUE;
178706f2543Smrg      goto auth_bailout;
179706f2543Smrg    }
180706f2543Smrg
181706f2543Smrg  /* Don't free the auth data, since it is still used internally */
182706f2543Smrg  pAuth = NULL;
183706f2543Smrg#endif
184706f2543Smrg
185706f2543Smrg  return TRUE;
186706f2543Smrg
187706f2543Smrg auth_bailout:
188706f2543Smrg  if (fFreeAuth)
189706f2543Smrg    free(pAuth);
190706f2543Smrg
191706f2543Smrg  return FALSE;
192706f2543Smrg}
193706f2543Smrg
194706f2543Smrg/* Use our generated cookie for authentication */
195706f2543Smrgvoid
196706f2543SmrgwinSetAuthorization(void)
197706f2543Smrg{
198706f2543Smrg  XSetAuthorization (AUTH_NAME,
199706f2543Smrg		     strlen (AUTH_NAME),
200706f2543Smrg		     g_pAuthData,
201706f2543Smrg		     g_uiAuthDataLen);
202706f2543Smrg}
203