rpcauth.c (5021B)
1 /* 2 3 Copyright 1991, 1998 The Open Group 4 5 Permission to use, copy, modify, distribute, and sell this software and its 6 documentation for any purpose is hereby granted without fee, provided that 7 the above copyright notice appear in all copies and that both that 8 copyright notice and this permission notice appear in supporting 9 documentation. 10 11 The above copyright notice and this permission notice shall be included 12 in all copies or substantial portions of the Software. 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 17 IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR 18 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 20 OTHER DEALINGS IN THE SOFTWARE. 21 22 Except as contained in this notice, the name of The Open Group shall 23 not be used in advertising or otherwise to promote the sale, use or 24 other dealings in this Software without prior written authorization 25 from The Open Group. 26 27 */ 28 29 /* 30 * SUN-DES-1 authentication mechanism 31 * Author: Mayank Choudhary, Sun Microsystems 32 */ 33 34 #ifdef HAVE_DIX_CONFIG_H 35 #include <dix-config.h> 36 #endif 37 38 #ifdef SECURE_RPC 39 40 #include <X11/X.h> 41 #include <X11/Xauth.h> 42 #include "misc.h" 43 #include "os.h" 44 #include "osdep.h" 45 #include "dixstruct.h" 46 47 #include <rpc/rpc.h> 48 49 #ifdef __sun 50 /* <rpc/auth.h> only includes this if _KERNEL is #defined... */ 51 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); 52 #endif 53 54 static enum auth_stat why; 55 56 static char * 57 authdes_ezdecode(const char *inmsg, int len) 58 { 59 struct rpc_msg msg; 60 char cred_area[MAX_AUTH_BYTES]; 61 char verf_area[MAX_AUTH_BYTES]; 62 char *temp_inmsg; 63 struct svc_req r; 64 bool_t res0, res1; 65 XDR xdr; 66 SVCXPRT xprt; 67 68 temp_inmsg = malloc(len); 69 if (temp_inmsg == NULL) { 70 why = AUTH_FAILED; /* generic error, since there is no AUTH_BADALLOC */ 71 return NULL; 72 } 73 memmove(temp_inmsg, inmsg, len); 74 75 memset((char *) &msg, 0, sizeof(msg)); 76 memset((char *) &r, 0, sizeof(r)); 77 memset(cred_area, 0, sizeof(cred_area)); 78 memset(verf_area, 0, sizeof(verf_area)); 79 80 msg.rm_call.cb_cred.oa_base = cred_area; 81 msg.rm_call.cb_verf.oa_base = verf_area; 82 why = AUTH_FAILED; 83 xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); 84 85 if ((r.rq_clntcred = malloc(MAX_AUTH_BYTES)) == NULL) 86 goto bad1; 87 r.rq_xprt = &xprt; 88 89 /* decode into msg */ 90 res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); 91 res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf)); 92 if (!(res0 && res1)) 93 goto bad2; 94 95 /* do the authentication */ 96 97 r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */ 98 if (r.rq_cred.oa_flavor != AUTH_DES) { 99 why = AUTH_TOOWEAK; 100 goto bad2; 101 } 102 #ifdef SVR4 103 if ((why = __authenticate(&r, &msg)) != AUTH_OK) { 104 #else 105 if ((why = _authenticate(&r, &msg)) != AUTH_OK) { 106 #endif 107 goto bad2; 108 } 109 return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name); 110 111 bad2: 112 free(r.rq_clntcred); 113 bad1: 114 return ((char *) 0); /* ((struct authdes_cred *) NULL); */ 115 } 116 117 static XID rpc_id = (XID) ~0L; 118 119 static Bool 120 CheckNetName(unsigned char *addr, short len, void *closure) 121 { 122 return (len == strlen((char *) closure) && 123 strncmp((char *) addr, (char *) closure, len) == 0); 124 } 125 126 static char rpc_error[MAXNETNAMELEN + 50]; 127 128 _X_HIDDEN XID 129 SecureRPCCheck(unsigned short data_length, const char *data, 130 ClientPtr client, const char **reason) 131 { 132 char *fullname; 133 134 if (rpc_id == (XID) ~0L) { 135 *reason = "Secure RPC authorization not initialized"; 136 } 137 else { 138 fullname = authdes_ezdecode(data, data_length); 139 if (fullname == (char *) 0) { 140 snprintf(rpc_error, sizeof(rpc_error), 141 "Unable to authenticate secure RPC client (why=%d)", why); 142 *reason = rpc_error; 143 } 144 else { 145 if (ForEachHostInFamily(FamilyNetname, CheckNetName, fullname)) 146 return rpc_id; 147 snprintf(rpc_error, sizeof(rpc_error), 148 "Principal \"%s\" is not authorized to connect", fullname); 149 *reason = rpc_error; 150 } 151 } 152 return (XID) ~0L; 153 } 154 155 _X_HIDDEN void 156 SecureRPCInit(void) 157 { 158 if (rpc_id == ~0L) 159 AddAuthorization(9, "SUN-DES-1", 0, (char *) 0); 160 } 161 162 _X_HIDDEN int 163 SecureRPCAdd(unsigned short data_length, const char *data, XID id) 164 { 165 if (data_length) 166 AddHost((void *) 0, FamilyNetname, data_length, data); 167 rpc_id = id; 168 return 1; 169 } 170 171 _X_HIDDEN int 172 SecureRPCReset(void) 173 { 174 rpc_id = (XID) ~0L; 175 return 1; 176 } 177 178 _X_HIDDEN int 179 SecureRPCFromID(XID id, unsigned short *data_lenp, char **datap) 180 { 181 return 0; 182 } 183 184 _X_HIDDEN int 185 SecureRPCRemove(unsigned short data_length, const char *data) 186 { 187 return 0; 188 } 189 #endif /* SECURE_RPC */