xref: /OK3568_Linux_fs/external/xserver/os/rpcauth.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1 /*
2 
3 Copyright 1991, 1998  The Open Group
4 
5 Permission to use, copy, modify, distribute, and sell this software and its
6 documentation for any purpose is hereby granted without fee, provided that
7 the above copyright notice appear in all copies and that both that
8 copyright notice and this permission notice appear in supporting
9 documentation.
10 
11 The above copyright notice and this permission notice shall be included
12 in all copies or substantial portions of the Software.
13 
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
17 IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
18 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20 OTHER DEALINGS IN THE SOFTWARE.
21 
22 Except as contained in this notice, the name of The Open Group shall
23 not be used in advertising or otherwise to promote the sale, use or
24 other dealings in this Software without prior written authorization
25 from The Open Group.
26 
27 */
28 
29 /*
30  * SUN-DES-1 authentication mechanism
31  * Author:  Mayank Choudhary, Sun Microsystems
32  */
33 
34 #ifdef HAVE_DIX_CONFIG_H
35 #include <dix-config.h>
36 #endif
37 
38 #ifdef SECURE_RPC
39 
40 #include <X11/X.h>
41 #include <X11/Xauth.h>
42 #include "misc.h"
43 #include "os.h"
44 #include "osdep.h"
45 #include "dixstruct.h"
46 
47 #include <rpc/rpc.h>
48 
49 #ifdef __sun
50 /* <rpc/auth.h> only includes this if _KERNEL is #defined... */
51 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
52 #endif
53 
54 static enum auth_stat why;
55 
56 static char *
authdes_ezdecode(const char * inmsg,int len)57 authdes_ezdecode(const char *inmsg, int len)
58 {
59     struct rpc_msg msg;
60     char cred_area[MAX_AUTH_BYTES];
61     char verf_area[MAX_AUTH_BYTES];
62     char *temp_inmsg;
63     struct svc_req r;
64     bool_t res0, res1;
65     XDR xdr;
66     SVCXPRT xprt;
67 
68     temp_inmsg = malloc(len);
69     if (temp_inmsg == NULL) {
70         why = AUTH_FAILED; /* generic error, since there is no AUTH_BADALLOC */
71         return NULL;
72     }
73     memmove(temp_inmsg, inmsg, len);
74 
75     memset((char *) &msg, 0, sizeof(msg));
76     memset((char *) &r, 0, sizeof(r));
77     memset(cred_area, 0, sizeof(cred_area));
78     memset(verf_area, 0, sizeof(verf_area));
79 
80     msg.rm_call.cb_cred.oa_base = cred_area;
81     msg.rm_call.cb_verf.oa_base = verf_area;
82     why = AUTH_FAILED;
83     xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE);
84 
85     if ((r.rq_clntcred = malloc(MAX_AUTH_BYTES)) == NULL)
86         goto bad1;
87     r.rq_xprt = &xprt;
88 
89     /* decode into msg */
90     res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred));
91     res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf));
92     if (!(res0 && res1))
93         goto bad2;
94 
95     /* do the authentication */
96 
97     r.rq_cred = msg.rm_call.cb_cred;    /* read by opaque stuff */
98     if (r.rq_cred.oa_flavor != AUTH_DES) {
99         why = AUTH_TOOWEAK;
100         goto bad2;
101     }
102 #ifdef SVR4
103     if ((why = __authenticate(&r, &msg)) != AUTH_OK) {
104 #else
105     if ((why = _authenticate(&r, &msg)) != AUTH_OK) {
106 #endif
107         goto bad2;
108     }
109     return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name);
110 
111  bad2:
112     free(r.rq_clntcred);
113  bad1:
114     return ((char *) 0);        /* ((struct authdes_cred *) NULL); */
115 }
116 
117 static XID rpc_id = (XID) ~0L;
118 
119 static Bool
120 CheckNetName(unsigned char *addr, short len, void *closure)
121 {
122     return (len == strlen((char *) closure) &&
123             strncmp((char *) addr, (char *) closure, len) == 0);
124 }
125 
126 static char rpc_error[MAXNETNAMELEN + 50];
127 
128 _X_HIDDEN XID
129 SecureRPCCheck(unsigned short data_length, const char *data,
130                ClientPtr client, const char **reason)
131 {
132     char *fullname;
133 
134     if (rpc_id == (XID) ~0L) {
135         *reason = "Secure RPC authorization not initialized";
136     }
137     else {
138         fullname = authdes_ezdecode(data, data_length);
139         if (fullname == (char *) 0) {
140             snprintf(rpc_error, sizeof(rpc_error),
141                      "Unable to authenticate secure RPC client (why=%d)", why);
142             *reason = rpc_error;
143         }
144         else {
145             if (ForEachHostInFamily(FamilyNetname, CheckNetName, fullname))
146                 return rpc_id;
147             snprintf(rpc_error, sizeof(rpc_error),
148                      "Principal \"%s\" is not authorized to connect", fullname);
149             *reason = rpc_error;
150         }
151     }
152     return (XID) ~0L;
153 }
154 
155 _X_HIDDEN void
156 SecureRPCInit(void)
157 {
158     if (rpc_id == ~0L)
159         AddAuthorization(9, "SUN-DES-1", 0, (char *) 0);
160 }
161 
162 _X_HIDDEN int
163 SecureRPCAdd(unsigned short data_length, const char *data, XID id)
164 {
165     if (data_length)
166         AddHost((void *) 0, FamilyNetname, data_length, data);
167     rpc_id = id;
168     return 1;
169 }
170 
171 _X_HIDDEN int
172 SecureRPCReset(void)
173 {
174     rpc_id = (XID) ~0L;
175     return 1;
176 }
177 
178 _X_HIDDEN int
179 SecureRPCFromID(XID id, unsigned short *data_lenp, char **datap)
180 {
181     return 0;
182 }
183 
184 _X_HIDDEN int
185 SecureRPCRemove(unsigned short data_length, const char *data)
186 {
187     return 0;
188 }
189 #endif                          /* SECURE_RPC */
190