xref: /OK3568_Linux_fs/external/xserver/os/xdmauth.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun 
3*4882a593Smuzhiyun Copyright 1988, 1998  The Open Group
4*4882a593Smuzhiyun 
5*4882a593Smuzhiyun Permission to use, copy, modify, distribute, and sell this software and its
6*4882a593Smuzhiyun documentation for any purpose is hereby granted without fee, provided that
7*4882a593Smuzhiyun the above copyright notice appear in all copies and that both that
8*4882a593Smuzhiyun copyright notice and this permission notice appear in supporting
9*4882a593Smuzhiyun documentation.
10*4882a593Smuzhiyun 
11*4882a593Smuzhiyun The above copyright notice and this permission notice shall be included
12*4882a593Smuzhiyun in all copies or substantial portions of the Software.
13*4882a593Smuzhiyun 
14*4882a593Smuzhiyun THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15*4882a593Smuzhiyun OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16*4882a593Smuzhiyun MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
17*4882a593Smuzhiyun IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
18*4882a593Smuzhiyun OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19*4882a593Smuzhiyun ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20*4882a593Smuzhiyun OTHER DEALINGS IN THE SOFTWARE.
21*4882a593Smuzhiyun 
22*4882a593Smuzhiyun Except as contained in this notice, the name of The Open Group shall
23*4882a593Smuzhiyun not be used in advertising or otherwise to promote the sale, use or
24*4882a593Smuzhiyun other dealings in this Software without prior written authorization
25*4882a593Smuzhiyun from The Open Group.
26*4882a593Smuzhiyun 
27*4882a593Smuzhiyun */
28*4882a593Smuzhiyun 
29*4882a593Smuzhiyun /*
30*4882a593Smuzhiyun  * XDM-AUTHENTICATION-1 (XDMCP authentication) and
31*4882a593Smuzhiyun  * XDM-AUTHORIZATION-1 (client authorization) protocols
32*4882a593Smuzhiyun  *
33*4882a593Smuzhiyun  * Author:  Keith Packard, MIT X Consortium
34*4882a593Smuzhiyun  */
35*4882a593Smuzhiyun 
36*4882a593Smuzhiyun #ifdef HAVE_DIX_CONFIG_H
37*4882a593Smuzhiyun #include <dix-config.h>
38*4882a593Smuzhiyun #endif
39*4882a593Smuzhiyun 
40*4882a593Smuzhiyun #include <stdio.h>
41*4882a593Smuzhiyun #include <X11/X.h>
42*4882a593Smuzhiyun #define XSERV_t
43*4882a593Smuzhiyun #define TRANS_SERVER
44*4882a593Smuzhiyun #define TRANS_REOPEN
45*4882a593Smuzhiyun #include <X11/Xtrans/Xtrans.h>
46*4882a593Smuzhiyun #include "os.h"
47*4882a593Smuzhiyun #include "osdep.h"
48*4882a593Smuzhiyun #include "dixstruct.h"
49*4882a593Smuzhiyun 
50*4882a593Smuzhiyun #ifdef HASXDMAUTH
51*4882a593Smuzhiyun 
52*4882a593Smuzhiyun static Bool authFromXDMCP;
53*4882a593Smuzhiyun 
54*4882a593Smuzhiyun #ifdef XDMCP
55*4882a593Smuzhiyun #include <X11/Xmd.h>
56*4882a593Smuzhiyun #undef REQUEST
57*4882a593Smuzhiyun #include <X11/Xdmcp.h>
58*4882a593Smuzhiyun 
59*4882a593Smuzhiyun /* XDM-AUTHENTICATION-1 */
60*4882a593Smuzhiyun 
61*4882a593Smuzhiyun static XdmAuthKeyRec privateKey;
62*4882a593Smuzhiyun static char XdmAuthenticationName[] = "XDM-AUTHENTICATION-1";
63*4882a593Smuzhiyun 
64*4882a593Smuzhiyun #define XdmAuthenticationNameLen (sizeof XdmAuthenticationName - 1)
65*4882a593Smuzhiyun static XdmAuthKeyRec global_rho;
66*4882a593Smuzhiyun 
67*4882a593Smuzhiyun static Bool
XdmAuthenticationValidator(ARRAY8Ptr privateData,ARRAY8Ptr incomingData,xdmOpCode packet_type)68*4882a593Smuzhiyun XdmAuthenticationValidator(ARRAY8Ptr privateData, ARRAY8Ptr incomingData,
69*4882a593Smuzhiyun                            xdmOpCode packet_type)
70*4882a593Smuzhiyun {
71*4882a593Smuzhiyun     XdmAuthKeyPtr incoming;
72*4882a593Smuzhiyun 
73*4882a593Smuzhiyun     XdmcpUnwrap(incomingData->data, (unsigned char *) &privateKey,
74*4882a593Smuzhiyun                 incomingData->data, incomingData->length);
75*4882a593Smuzhiyun     if (packet_type == ACCEPT) {
76*4882a593Smuzhiyun         if (incomingData->length != 8)
77*4882a593Smuzhiyun             return FALSE;
78*4882a593Smuzhiyun         incoming = (XdmAuthKeyPtr) incomingData->data;
79*4882a593Smuzhiyun         XdmcpDecrementKey(incoming);
80*4882a593Smuzhiyun         return XdmcpCompareKeys(incoming, &global_rho);
81*4882a593Smuzhiyun     }
82*4882a593Smuzhiyun     return FALSE;
83*4882a593Smuzhiyun }
84*4882a593Smuzhiyun 
85*4882a593Smuzhiyun static Bool
XdmAuthenticationGenerator(ARRAY8Ptr privateData,ARRAY8Ptr outgoingData,xdmOpCode packet_type)86*4882a593Smuzhiyun XdmAuthenticationGenerator(ARRAY8Ptr privateData, ARRAY8Ptr outgoingData,
87*4882a593Smuzhiyun                            xdmOpCode packet_type)
88*4882a593Smuzhiyun {
89*4882a593Smuzhiyun     outgoingData->length = 0;
90*4882a593Smuzhiyun     outgoingData->data = 0;
91*4882a593Smuzhiyun     if (packet_type == REQUEST) {
92*4882a593Smuzhiyun         if (XdmcpAllocARRAY8(outgoingData, 8))
93*4882a593Smuzhiyun             XdmcpWrap((unsigned char *) &global_rho, (unsigned char *) &privateKey,
94*4882a593Smuzhiyun                       outgoingData->data, 8);
95*4882a593Smuzhiyun     }
96*4882a593Smuzhiyun     return TRUE;
97*4882a593Smuzhiyun }
98*4882a593Smuzhiyun 
99*4882a593Smuzhiyun static Bool
XdmAuthenticationAddAuth(int name_len,const char * name,int data_len,char * data)100*4882a593Smuzhiyun XdmAuthenticationAddAuth(int name_len, const char *name,
101*4882a593Smuzhiyun                          int data_len, char *data)
102*4882a593Smuzhiyun {
103*4882a593Smuzhiyun     Bool ret;
104*4882a593Smuzhiyun 
105*4882a593Smuzhiyun     XdmcpUnwrap((unsigned char *) data, (unsigned char *) &privateKey,
106*4882a593Smuzhiyun                 (unsigned char *) data, data_len);
107*4882a593Smuzhiyun     authFromXDMCP = TRUE;
108*4882a593Smuzhiyun     ret = AddAuthorization(name_len, name, data_len, data);
109*4882a593Smuzhiyun     authFromXDMCP = FALSE;
110*4882a593Smuzhiyun     return ret;
111*4882a593Smuzhiyun }
112*4882a593Smuzhiyun 
113*4882a593Smuzhiyun #define atox(c)	('0' <= c && c <= '9' ? c - '0' : \
114*4882a593Smuzhiyun 		 'a' <= c && c <= 'f' ? c - 'a' + 10 : \
115*4882a593Smuzhiyun 		 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1)
116*4882a593Smuzhiyun 
117*4882a593Smuzhiyun static int
HexToBinary(const char * in,char * out,int len)118*4882a593Smuzhiyun HexToBinary(const char *in, char *out, int len)
119*4882a593Smuzhiyun {
120*4882a593Smuzhiyun     int top, bottom;
121*4882a593Smuzhiyun 
122*4882a593Smuzhiyun     while (len > 0) {
123*4882a593Smuzhiyun         top = atox(in[0]);
124*4882a593Smuzhiyun         if (top == -1)
125*4882a593Smuzhiyun             return 0;
126*4882a593Smuzhiyun         bottom = atox(in[1]);
127*4882a593Smuzhiyun         if (bottom == -1)
128*4882a593Smuzhiyun             return 0;
129*4882a593Smuzhiyun         *out++ = (top << 4) | bottom;
130*4882a593Smuzhiyun         in += 2;
131*4882a593Smuzhiyun         len -= 2;
132*4882a593Smuzhiyun     }
133*4882a593Smuzhiyun     if (len)
134*4882a593Smuzhiyun         return 0;
135*4882a593Smuzhiyun     *out++ = '\0';
136*4882a593Smuzhiyun     return 1;
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun 
139*4882a593Smuzhiyun void
XdmAuthenticationInit(const char * cookie,int cookie_len)140*4882a593Smuzhiyun XdmAuthenticationInit(const char *cookie, int cookie_len)
141*4882a593Smuzhiyun {
142*4882a593Smuzhiyun     memset(privateKey.data, 0, 8);
143*4882a593Smuzhiyun     if (!strncmp(cookie, "0x", 2) || !strncmp(cookie, "0X", 2)) {
144*4882a593Smuzhiyun         if (cookie_len > 2 + 2 * 8)
145*4882a593Smuzhiyun             cookie_len = 2 + 2 * 8;
146*4882a593Smuzhiyun         HexToBinary(cookie + 2, (char *) privateKey.data, cookie_len - 2);
147*4882a593Smuzhiyun     }
148*4882a593Smuzhiyun     else {
149*4882a593Smuzhiyun         if (cookie_len > 7)
150*4882a593Smuzhiyun             cookie_len = 7;
151*4882a593Smuzhiyun         memmove(privateKey.data + 1, cookie, cookie_len);
152*4882a593Smuzhiyun     }
153*4882a593Smuzhiyun     XdmcpGenerateKey(&global_rho);
154*4882a593Smuzhiyun     XdmcpRegisterAuthentication(XdmAuthenticationName, XdmAuthenticationNameLen,
155*4882a593Smuzhiyun                                 (char *) &global_rho,
156*4882a593Smuzhiyun                                 sizeof(global_rho),
157*4882a593Smuzhiyun                                 (ValidatorFunc) XdmAuthenticationValidator,
158*4882a593Smuzhiyun                                 (GeneratorFunc) XdmAuthenticationGenerator,
159*4882a593Smuzhiyun                                 (AddAuthorFunc) XdmAuthenticationAddAuth);
160*4882a593Smuzhiyun }
161*4882a593Smuzhiyun 
162*4882a593Smuzhiyun #endif                          /* XDMCP */
163*4882a593Smuzhiyun 
164*4882a593Smuzhiyun /* XDM-AUTHORIZATION-1 */
165*4882a593Smuzhiyun typedef struct _XdmAuthorization {
166*4882a593Smuzhiyun     struct _XdmAuthorization *next;
167*4882a593Smuzhiyun     XdmAuthKeyRec rho;
168*4882a593Smuzhiyun     XdmAuthKeyRec key;
169*4882a593Smuzhiyun     XID id;
170*4882a593Smuzhiyun } XdmAuthorizationRec, *XdmAuthorizationPtr;
171*4882a593Smuzhiyun 
172*4882a593Smuzhiyun static XdmAuthorizationPtr xdmAuth;
173*4882a593Smuzhiyun 
174*4882a593Smuzhiyun typedef struct _XdmClientAuth {
175*4882a593Smuzhiyun     struct _XdmClientAuth *next;
176*4882a593Smuzhiyun     XdmAuthKeyRec rho;
177*4882a593Smuzhiyun     char client[6];
178*4882a593Smuzhiyun     long time;
179*4882a593Smuzhiyun } XdmClientAuthRec, *XdmClientAuthPtr;
180*4882a593Smuzhiyun 
181*4882a593Smuzhiyun static XdmClientAuthPtr xdmClients;
182*4882a593Smuzhiyun static long clockOffset;
183*4882a593Smuzhiyun static Bool gotClock;
184*4882a593Smuzhiyun 
185*4882a593Smuzhiyun #define TwentyMinutes	(20 * 60)
186*4882a593Smuzhiyun #define TwentyFiveMinutes (25 * 60)
187*4882a593Smuzhiyun 
188*4882a593Smuzhiyun static Bool
XdmClientAuthCompare(const XdmClientAuthPtr a,const XdmClientAuthPtr b)189*4882a593Smuzhiyun XdmClientAuthCompare(const XdmClientAuthPtr a, const XdmClientAuthPtr b)
190*4882a593Smuzhiyun {
191*4882a593Smuzhiyun     int i;
192*4882a593Smuzhiyun 
193*4882a593Smuzhiyun     if (!XdmcpCompareKeys(&a->rho, &b->rho))
194*4882a593Smuzhiyun         return FALSE;
195*4882a593Smuzhiyun     for (i = 0; i < 6; i++)
196*4882a593Smuzhiyun         if (a->client[i] != b->client[i])
197*4882a593Smuzhiyun             return FALSE;
198*4882a593Smuzhiyun     return a->time == b->time;
199*4882a593Smuzhiyun }
200*4882a593Smuzhiyun 
201*4882a593Smuzhiyun static void
XdmClientAuthDecode(const unsigned char * plain,XdmClientAuthPtr auth)202*4882a593Smuzhiyun XdmClientAuthDecode(const unsigned char *plain, XdmClientAuthPtr auth)
203*4882a593Smuzhiyun {
204*4882a593Smuzhiyun     int i, j;
205*4882a593Smuzhiyun 
206*4882a593Smuzhiyun     j = 0;
207*4882a593Smuzhiyun     for (i = 0; i < 8; i++) {
208*4882a593Smuzhiyun         auth->rho.data[i] = plain[j];
209*4882a593Smuzhiyun         ++j;
210*4882a593Smuzhiyun     }
211*4882a593Smuzhiyun     for (i = 0; i < 6; i++) {
212*4882a593Smuzhiyun         auth->client[i] = plain[j];
213*4882a593Smuzhiyun         ++j;
214*4882a593Smuzhiyun     }
215*4882a593Smuzhiyun     auth->time = 0;
216*4882a593Smuzhiyun     for (i = 0; i < 4; i++) {
217*4882a593Smuzhiyun         auth->time |= plain[j] << ((3 - i) << 3);
218*4882a593Smuzhiyun         j++;
219*4882a593Smuzhiyun     }
220*4882a593Smuzhiyun }
221*4882a593Smuzhiyun 
222*4882a593Smuzhiyun static void
XdmClientAuthTimeout(long now)223*4882a593Smuzhiyun XdmClientAuthTimeout(long now)
224*4882a593Smuzhiyun {
225*4882a593Smuzhiyun     XdmClientAuthPtr client, next, prev;
226*4882a593Smuzhiyun 
227*4882a593Smuzhiyun     prev = 0;
228*4882a593Smuzhiyun     for (client = xdmClients; client; client = next) {
229*4882a593Smuzhiyun         next = client->next;
230*4882a593Smuzhiyun         if (labs(now - client->time) > TwentyFiveMinutes) {
231*4882a593Smuzhiyun             if (prev)
232*4882a593Smuzhiyun                 prev->next = next;
233*4882a593Smuzhiyun             else
234*4882a593Smuzhiyun                 xdmClients = next;
235*4882a593Smuzhiyun             free(client);
236*4882a593Smuzhiyun         }
237*4882a593Smuzhiyun         else
238*4882a593Smuzhiyun             prev = client;
239*4882a593Smuzhiyun     }
240*4882a593Smuzhiyun }
241*4882a593Smuzhiyun 
242*4882a593Smuzhiyun static XdmClientAuthPtr
XdmAuthorizationValidate(unsigned char * plain,int length,XdmAuthKeyPtr rho,ClientPtr xclient,const char ** reason)243*4882a593Smuzhiyun XdmAuthorizationValidate(unsigned char *plain, int length,
244*4882a593Smuzhiyun                          XdmAuthKeyPtr rho, ClientPtr xclient,
245*4882a593Smuzhiyun                          const char **reason)
246*4882a593Smuzhiyun {
247*4882a593Smuzhiyun     XdmClientAuthPtr client, existing;
248*4882a593Smuzhiyun     long now;
249*4882a593Smuzhiyun     int i;
250*4882a593Smuzhiyun 
251*4882a593Smuzhiyun     if (length != (192 / 8)) {
252*4882a593Smuzhiyun         if (reason)
253*4882a593Smuzhiyun             *reason = "Bad XDM authorization key length";
254*4882a593Smuzhiyun         return NULL;
255*4882a593Smuzhiyun     }
256*4882a593Smuzhiyun     client = malloc(sizeof(XdmClientAuthRec));
257*4882a593Smuzhiyun     if (!client)
258*4882a593Smuzhiyun         return NULL;
259*4882a593Smuzhiyun     XdmClientAuthDecode(plain, client);
260*4882a593Smuzhiyun     if (!XdmcpCompareKeys(&client->rho, rho)) {
261*4882a593Smuzhiyun         free(client);
262*4882a593Smuzhiyun         if (reason)
263*4882a593Smuzhiyun             *reason = "Invalid XDM-AUTHORIZATION-1 key (failed key comparison)";
264*4882a593Smuzhiyun         return NULL;
265*4882a593Smuzhiyun     }
266*4882a593Smuzhiyun     for (i = 18; i < 24; i++)
267*4882a593Smuzhiyun         if (plain[i] != 0) {
268*4882a593Smuzhiyun             free(client);
269*4882a593Smuzhiyun             if (reason)
270*4882a593Smuzhiyun                 *reason = "Invalid XDM-AUTHORIZATION-1 key (failed NULL check)";
271*4882a593Smuzhiyun             return NULL;
272*4882a593Smuzhiyun         }
273*4882a593Smuzhiyun     if (xclient) {
274*4882a593Smuzhiyun         int family, addr_len;
275*4882a593Smuzhiyun         Xtransaddr *addr;
276*4882a593Smuzhiyun 
277*4882a593Smuzhiyun         if (_XSERVTransGetPeerAddr(((OsCommPtr) xclient->osPrivate)->trans_conn,
278*4882a593Smuzhiyun                                    &family, &addr_len, &addr) == 0
279*4882a593Smuzhiyun             && _XSERVTransConvertAddress(&family, &addr_len, &addr) == 0) {
280*4882a593Smuzhiyun #if defined(TCPCONN)
281*4882a593Smuzhiyun             if (family == FamilyInternet &&
282*4882a593Smuzhiyun                 memcmp((char *) addr, client->client, 4) != 0) {
283*4882a593Smuzhiyun                 free(client);
284*4882a593Smuzhiyun                 free(addr);
285*4882a593Smuzhiyun                 if (reason)
286*4882a593Smuzhiyun                     *reason =
287*4882a593Smuzhiyun                         "Invalid XDM-AUTHORIZATION-1 key (failed address comparison)";
288*4882a593Smuzhiyun                 return NULL;
289*4882a593Smuzhiyun 
290*4882a593Smuzhiyun             }
291*4882a593Smuzhiyun #endif
292*4882a593Smuzhiyun             free(addr);
293*4882a593Smuzhiyun         }
294*4882a593Smuzhiyun     }
295*4882a593Smuzhiyun     now = time(0);
296*4882a593Smuzhiyun     if (!gotClock) {
297*4882a593Smuzhiyun         clockOffset = client->time - now;
298*4882a593Smuzhiyun         gotClock = TRUE;
299*4882a593Smuzhiyun     }
300*4882a593Smuzhiyun     now += clockOffset;
301*4882a593Smuzhiyun     XdmClientAuthTimeout(now);
302*4882a593Smuzhiyun     if (labs(client->time - now) > TwentyMinutes) {
303*4882a593Smuzhiyun         free(client);
304*4882a593Smuzhiyun         if (reason)
305*4882a593Smuzhiyun             *reason = "Excessive XDM-AUTHORIZATION-1 time offset";
306*4882a593Smuzhiyun         return NULL;
307*4882a593Smuzhiyun     }
308*4882a593Smuzhiyun     for (existing = xdmClients; existing; existing = existing->next) {
309*4882a593Smuzhiyun         if (XdmClientAuthCompare(existing, client)) {
310*4882a593Smuzhiyun             free(client);
311*4882a593Smuzhiyun             if (reason)
312*4882a593Smuzhiyun                 *reason = "XDM authorization key matches an existing client!";
313*4882a593Smuzhiyun             return NULL;
314*4882a593Smuzhiyun         }
315*4882a593Smuzhiyun     }
316*4882a593Smuzhiyun     return client;
317*4882a593Smuzhiyun }
318*4882a593Smuzhiyun 
319*4882a593Smuzhiyun int
XdmAddCookie(unsigned short data_length,const char * data,XID id)320*4882a593Smuzhiyun XdmAddCookie(unsigned short data_length, const char *data, XID id)
321*4882a593Smuzhiyun {
322*4882a593Smuzhiyun     XdmAuthorizationPtr new;
323*4882a593Smuzhiyun     unsigned char *rho_bits, *key_bits;
324*4882a593Smuzhiyun 
325*4882a593Smuzhiyun     switch (data_length) {
326*4882a593Smuzhiyun     case 16:                   /* auth from files is 16 bytes long */
327*4882a593Smuzhiyun #ifdef XDMCP
328*4882a593Smuzhiyun         if (authFromXDMCP) {
329*4882a593Smuzhiyun             /* R5 xdm sent bogus authorization data in the accept packet,
330*4882a593Smuzhiyun              * but we can recover */
331*4882a593Smuzhiyun             rho_bits = global_rho.data;
332*4882a593Smuzhiyun             key_bits = (unsigned char *) data;
333*4882a593Smuzhiyun             key_bits[0] = '\0';
334*4882a593Smuzhiyun         }
335*4882a593Smuzhiyun         else
336*4882a593Smuzhiyun #endif
337*4882a593Smuzhiyun         {
338*4882a593Smuzhiyun             rho_bits = (unsigned char *) data;
339*4882a593Smuzhiyun             key_bits = (unsigned char *) (data + 8);
340*4882a593Smuzhiyun         }
341*4882a593Smuzhiyun         break;
342*4882a593Smuzhiyun #ifdef XDMCP
343*4882a593Smuzhiyun     case 8:                    /* auth from XDMCP is 8 bytes long */
344*4882a593Smuzhiyun         rho_bits = global_rho.data;
345*4882a593Smuzhiyun         key_bits = (unsigned char *) data;
346*4882a593Smuzhiyun         break;
347*4882a593Smuzhiyun #endif
348*4882a593Smuzhiyun     default:
349*4882a593Smuzhiyun         return 0;
350*4882a593Smuzhiyun     }
351*4882a593Smuzhiyun     /* the first octet of the key must be zero */
352*4882a593Smuzhiyun     if (key_bits[0] != '\0')
353*4882a593Smuzhiyun         return 0;
354*4882a593Smuzhiyun     new = malloc(sizeof(XdmAuthorizationRec));
355*4882a593Smuzhiyun     if (!new)
356*4882a593Smuzhiyun         return 0;
357*4882a593Smuzhiyun     new->next = xdmAuth;
358*4882a593Smuzhiyun     xdmAuth = new;
359*4882a593Smuzhiyun     memmove(new->key.data, key_bits, (int) 8);
360*4882a593Smuzhiyun     memmove(new->rho.data, rho_bits, (int) 8);
361*4882a593Smuzhiyun     new->id = id;
362*4882a593Smuzhiyun     return 1;
363*4882a593Smuzhiyun }
364*4882a593Smuzhiyun 
365*4882a593Smuzhiyun XID
XdmCheckCookie(unsigned short cookie_length,const char * cookie,ClientPtr xclient,const char ** reason)366*4882a593Smuzhiyun XdmCheckCookie(unsigned short cookie_length, const char *cookie,
367*4882a593Smuzhiyun                ClientPtr xclient, const char **reason)
368*4882a593Smuzhiyun {
369*4882a593Smuzhiyun     XdmAuthorizationPtr auth;
370*4882a593Smuzhiyun     XdmClientAuthPtr client;
371*4882a593Smuzhiyun     unsigned char *plain;
372*4882a593Smuzhiyun 
373*4882a593Smuzhiyun     /* Auth packets must be a multiple of 8 bytes long */
374*4882a593Smuzhiyun     if (cookie_length & 7)
375*4882a593Smuzhiyun         return (XID) -1;
376*4882a593Smuzhiyun     plain = malloc(cookie_length);
377*4882a593Smuzhiyun     if (!plain)
378*4882a593Smuzhiyun         return (XID) -1;
379*4882a593Smuzhiyun     for (auth = xdmAuth; auth; auth = auth->next) {
380*4882a593Smuzhiyun         XdmcpUnwrap((unsigned char *) cookie, (unsigned char *) &auth->key,
381*4882a593Smuzhiyun                     plain, cookie_length);
382*4882a593Smuzhiyun         if ((client =
383*4882a593Smuzhiyun              XdmAuthorizationValidate(plain, cookie_length, &auth->rho, xclient,
384*4882a593Smuzhiyun                                       reason)) != NULL) {
385*4882a593Smuzhiyun             client->next = xdmClients;
386*4882a593Smuzhiyun             xdmClients = client;
387*4882a593Smuzhiyun             free(plain);
388*4882a593Smuzhiyun             return auth->id;
389*4882a593Smuzhiyun         }
390*4882a593Smuzhiyun     }
391*4882a593Smuzhiyun     free(plain);
392*4882a593Smuzhiyun     return (XID) -1;
393*4882a593Smuzhiyun }
394*4882a593Smuzhiyun 
395*4882a593Smuzhiyun int
XdmResetCookie(void)396*4882a593Smuzhiyun XdmResetCookie(void)
397*4882a593Smuzhiyun {
398*4882a593Smuzhiyun     XdmAuthorizationPtr auth, next_auth;
399*4882a593Smuzhiyun     XdmClientAuthPtr client, next_client;
400*4882a593Smuzhiyun 
401*4882a593Smuzhiyun     for (auth = xdmAuth; auth; auth = next_auth) {
402*4882a593Smuzhiyun         next_auth = auth->next;
403*4882a593Smuzhiyun         free(auth);
404*4882a593Smuzhiyun     }
405*4882a593Smuzhiyun     xdmAuth = 0;
406*4882a593Smuzhiyun     for (client = xdmClients; client; client = next_client) {
407*4882a593Smuzhiyun         next_client = client->next;
408*4882a593Smuzhiyun         free(client);
409*4882a593Smuzhiyun     }
410*4882a593Smuzhiyun     xdmClients = (XdmClientAuthPtr) 0;
411*4882a593Smuzhiyun     return 1;
412*4882a593Smuzhiyun }
413*4882a593Smuzhiyun 
414*4882a593Smuzhiyun int
XdmFromID(XID id,unsigned short * data_lenp,char ** datap)415*4882a593Smuzhiyun XdmFromID(XID id, unsigned short *data_lenp, char **datap)
416*4882a593Smuzhiyun {
417*4882a593Smuzhiyun     XdmAuthorizationPtr auth;
418*4882a593Smuzhiyun 
419*4882a593Smuzhiyun     for (auth = xdmAuth; auth; auth = auth->next) {
420*4882a593Smuzhiyun         if (id == auth->id) {
421*4882a593Smuzhiyun             *data_lenp = 16;
422*4882a593Smuzhiyun             *datap = (char *) &auth->rho;
423*4882a593Smuzhiyun             return 1;
424*4882a593Smuzhiyun         }
425*4882a593Smuzhiyun     }
426*4882a593Smuzhiyun     return 0;
427*4882a593Smuzhiyun }
428*4882a593Smuzhiyun 
429*4882a593Smuzhiyun int
XdmRemoveCookie(unsigned short data_length,const char * data)430*4882a593Smuzhiyun XdmRemoveCookie(unsigned short data_length, const char *data)
431*4882a593Smuzhiyun {
432*4882a593Smuzhiyun     XdmAuthorizationPtr auth;
433*4882a593Smuzhiyun     XdmAuthKeyPtr key_bits, rho_bits;
434*4882a593Smuzhiyun 
435*4882a593Smuzhiyun     switch (data_length) {
436*4882a593Smuzhiyun     case 16:
437*4882a593Smuzhiyun         rho_bits = (XdmAuthKeyPtr) data;
438*4882a593Smuzhiyun         key_bits = (XdmAuthKeyPtr) (data + 8);
439*4882a593Smuzhiyun         break;
440*4882a593Smuzhiyun #ifdef XDMCP
441*4882a593Smuzhiyun     case 8:
442*4882a593Smuzhiyun         rho_bits = &global_rho;
443*4882a593Smuzhiyun         key_bits = (XdmAuthKeyPtr) data;
444*4882a593Smuzhiyun         break;
445*4882a593Smuzhiyun #endif
446*4882a593Smuzhiyun     default:
447*4882a593Smuzhiyun         return 0;
448*4882a593Smuzhiyun     }
449*4882a593Smuzhiyun     for (auth = xdmAuth; auth; auth = auth->next) {
450*4882a593Smuzhiyun         if (XdmcpCompareKeys(rho_bits, &auth->rho) &&
451*4882a593Smuzhiyun             XdmcpCompareKeys(key_bits, &auth->key)) {
452*4882a593Smuzhiyun             xdmAuth = auth->next;
453*4882a593Smuzhiyun             free(auth);
454*4882a593Smuzhiyun             return 1;
455*4882a593Smuzhiyun         }
456*4882a593Smuzhiyun     }
457*4882a593Smuzhiyun     return 0;
458*4882a593Smuzhiyun }
459*4882a593Smuzhiyun 
460*4882a593Smuzhiyun #endif
461