winauth.c revision f7df2e56 
105b261ecSmrg/*
205b261ecSmrg *Copyright (C) 2003-2004 Harold L Hunt II All Rights Reserved.
305b261ecSmrg *
405b261ecSmrg *Permission is hereby granted, free of charge, to any person obtaining
505b261ecSmrg * a copy of this software and associated documentation files (the
605b261ecSmrg *"Software"), to deal in the Software without restriction, including
705b261ecSmrg *without limitation the rights to use, copy, modify, merge, publish,
805b261ecSmrg *distribute, sublicense, and/or sell copies of the Software, and to
905b261ecSmrg *permit persons to whom the Software is furnished to do so, subject to
1005b261ecSmrg *the following conditions:
1105b261ecSmrg *
1205b261ecSmrg *The above copyright notice and this permission notice shall be
1305b261ecSmrg *included in all copies or substantial portions of the Software.
1405b261ecSmrg *
1505b261ecSmrg *THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
1605b261ecSmrg *EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
1705b261ecSmrg *MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
1805b261ecSmrg *NONINFRINGEMENT. IN NO EVENT SHALL HAROLD L HUNT II BE LIABLE FOR
1905b261ecSmrg *ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
2005b261ecSmrg *CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
2105b261ecSmrg *WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
2205b261ecSmrg *
2305b261ecSmrg *Except as contained in this notice, the name of Harold L Hunt II
2405b261ecSmrg *shall not be used in advertising or otherwise to promote the sale, use
2505b261ecSmrg *or other dealings in this Software without prior written authorization
2605b261ecSmrg *from Harold L Hunt II.
2705b261ecSmrg *
2805b261ecSmrg * Authors:	Harold L Hunt II
2905b261ecSmrg */
3005b261ecSmrg
314202a189Smrg#ifdef HAVE_XWIN_CONFIG_H
324202a189Smrg#include <xwin-config.h>
334202a189Smrg#endif
344202a189Smrg
3505b261ecSmrg#include "win.h"
3605b261ecSmrg
3705b261ecSmrg/* Includes for authorization */
3805b261ecSmrg#include "securitysrv.h"
39f7df2e56Smrg#include "os/osdep.h"
4005b261ecSmrg
4105b261ecSmrg/*
4205b261ecSmrg * Constants
4305b261ecSmrg */
4405b261ecSmrg
4505b261ecSmrg#define AUTH_NAME	"MIT-MAGIC-COOKIE-1"
4605b261ecSmrg
4705b261ecSmrg/*
484202a189Smrg * Locals
494202a189Smrg */
504202a189Smrg
514202a189Smrgstatic XID g_authId = 0;
524202a189Smrgstatic unsigned int g_uiAuthDataLen = 0;
534202a189Smrgstatic char *g_pAuthData = NULL;
544202a189Smrg
554202a189Smrg/*
564202a189Smrg * Code to generate a MIT-MAGIC-COOKIE-1, copied from under XCSECURITY
5705b261ecSmrg */
5805b261ecSmrg
594202a189Smrg#ifndef XCSECURITY
604202a189Smrgvoid
61f7df2e56SmrgGenerateRandomData(int len, char *buf)
624202a189Smrg{
634202a189Smrg    int fd;
644202a189Smrg
654202a189Smrg    fd = open("/dev/urandom", O_RDONLY);
664202a189Smrg    read(fd, buf, len);
674202a189Smrg    close(fd);
684202a189Smrg}
694202a189Smrg
70f7df2e56Smrgstatic char cookie[16];         /* 128 bits */
714202a189Smrg
724202a189SmrgXID
73f7df2e56SmrgMitGenerateCookie(unsigned data_length,
74f7df2e56Smrg                  const char *data,
75f7df2e56Smrg                  XID id, unsigned *data_length_return, char **data_return)
764202a189Smrg{
774202a189Smrg    int i = 0;
784202a189Smrg    int status;
794202a189Smrg
80f7df2e56Smrg    while (data_length--) {
81f7df2e56Smrg        cookie[i++] += *data++;
82f7df2e56Smrg        if (i >= sizeof(cookie))
83f7df2e56Smrg            i = 0;
844202a189Smrg    }
85f7df2e56Smrg    GenerateRandomData(sizeof(cookie), cookie);
86f7df2e56Smrg    status = MitAddCookie(sizeof(cookie), cookie, id);
87f7df2e56Smrg    if (!status) {
88f7df2e56Smrg        id = -1;
894202a189Smrg    }
90f7df2e56Smrg    else {
91f7df2e56Smrg        *data_return = cookie;
92f7df2e56Smrg        *data_length_return = sizeof(cookie);
934202a189Smrg    }
944202a189Smrg    return id;
954202a189Smrg}
9605b261ecSmrg
974202a189Smrgstatic
98f7df2e56Smrg    XID
99f7df2e56SmrgGenerateAuthorization(unsigned name_length,
100f7df2e56Smrg                      const char *name,
101f7df2e56Smrg                      unsigned data_length,
102f7df2e56Smrg                      const char *data,
103f7df2e56Smrg                      unsigned *data_length_return, char **data_return)
1044202a189Smrg{
1054202a189Smrg    return MitGenerateCookie(data_length, data,
1064202a189Smrg                             FakeClientID(0), data_length_return, data_return);
1074202a189Smrg}
1084202a189Smrg#endif
10905b261ecSmrg
11005b261ecSmrg/*
11105b261ecSmrg * Generate authorization cookie for internal server clients
11205b261ecSmrg */
11305b261ecSmrg
11405b261ecSmrgBool
115f7df2e56SmrgwinGenerateAuthorization(void)
11605b261ecSmrg{
117f7df2e56Smrg    SecurityAuthorizationPtr pAuth = NULL;
118f7df2e56Smrg
119f7df2e56Smrg    /* Call OS layer to generate authorization key */
120f7df2e56Smrg    g_authId = GenerateAuthorization(strlen(AUTH_NAME),
121f7df2e56Smrg                                     AUTH_NAME,
122f7df2e56Smrg                                     0, NULL, &g_uiAuthDataLen, &g_pAuthData);
123f7df2e56Smrg    if ((XID) ~0L == g_authId) {
124f7df2e56Smrg        ErrorF("winGenerateAuthorization - GenerateAuthorization failed\n");
125f7df2e56Smrg        return FALSE;
12605b261ecSmrg    }
1274202a189Smrg
128f7df2e56Smrg    else {
129f7df2e56Smrg        winDebug("winGenerateAuthorization - GenerateAuthorization success!\n"
130f7df2e56Smrg                 "AuthDataLen: %d AuthData: %s\n",
131f7df2e56Smrg                 g_uiAuthDataLen, g_pAuthData);
13205b261ecSmrg    }
1334202a189Smrg
1344202a189Smrg#ifdef XCSECURITY
135f7df2e56Smrg    /* Allocate structure for additional auth information */
136f7df2e56Smrg    pAuth = (SecurityAuthorizationPtr)
137f7df2e56Smrg        malloc(sizeof(SecurityAuthorizationRec));
138f7df2e56Smrg    if (!(pAuth)) {
139f7df2e56Smrg        ErrorF("winGenerateAuthorization - Failed allocating "
140f7df2e56Smrg               "SecurityAuthorizationPtr.\n");
141f7df2e56Smrg        return FALSE;
14205b261ecSmrg    }
143f7df2e56Smrg
144f7df2e56Smrg    /* Fill in the auth fields */
145f7df2e56Smrg    pAuth->id = g_authId;
146f7df2e56Smrg    pAuth->timeout = 0;         /* live for x seconds after refcnt == 0 */
147f7df2e56Smrg    pAuth->group = None;
148f7df2e56Smrg    pAuth->trustLevel = XSecurityClientTrusted;
149f7df2e56Smrg    pAuth->refcnt = 1;          /* this auth must stick around */
150f7df2e56Smrg    pAuth->secondsRemaining = 0;
151f7df2e56Smrg    pAuth->timer = NULL;
152f7df2e56Smrg    pAuth->eventClients = NULL;
153f7df2e56Smrg
154f7df2e56Smrg    /* Add the authorization to the server's auth list */
155f7df2e56Smrg    if (!AddResource(g_authId, SecurityAuthorizationResType, pAuth)) {
156f7df2e56Smrg        ErrorF("winGenerateAuthorization - AddResource failed for auth.\n");
157f7df2e56Smrg        return FALSE;
15805b261ecSmrg    }
1594202a189Smrg#endif
1604202a189Smrg
161f7df2e56Smrg    return TRUE;
16205b261ecSmrg}
1634202a189Smrg
1644202a189Smrg/* Use our generated cookie for authentication */
1654202a189Smrgvoid
1664202a189SmrgwinSetAuthorization(void)
1674202a189Smrg{
168f7df2e56Smrg    XSetAuthorization(AUTH_NAME,
169f7df2e56Smrg                      strlen(AUTH_NAME), g_pAuthData, g_uiAuthDataLen);
1704202a189Smrg}
171