1 /* $TOG: xdmauth.c /main/4 1997/03/14 13:45:35 barstow $ */
2 /* (c) Copyright 1997 The Open Group */
4 * (c) Copyright 1993, 1994 Hewlett-Packard Company *
5 * (c) Copyright 1993, 1994 International Business Machines Corp. *
6 * (c) Copyright 1993, 1994 Sun Microsystems, Inc. *
7 * (c) Copyright 1993, 1994 Novell, Inc. *
16 * Revision 1.1.2.3 1995/06/06 20:25:50 Chris_Beute
17 * Code snapshot merge from March 15 and SIA changes
18 * [1995/05/31 20:17:31 Chris_Beute]
20 * Revision 1.1.2.2 1995/04/21 13:05:43 Peter_Derr
21 * dtlogin auth key fixes from deltacde
22 * [1995/04/12 19:21:36 Peter_Derr]
24 * xdm R6 version used to handle XDM-AUTHORIZATION-1
25 * [1995/04/12 18:06:02 Peter_Derr]
31 Copyright (c) 1988 X Consortium
33 Permission is hereby granted, free of charge, to any person obtaining
34 a copy of this software and associated documentation files (the
35 "Software"), to deal in the Software without restriction, including
36 without limitation the rights to use, copy, modify, merge, publish,
37 distribute, sublicense, and/or sell copies of the Software, and to
38 permit persons to whom the Software is furnished to do so, subject to
39 the following conditions:
41 The above copyright notice and this permission notice shall be included
42 in all copies or substantial portions of the Software.
44 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
45 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
46 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
47 IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
48 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
49 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
50 OTHER DEALINGS IN THE SOFTWARE.
52 Except as contained in this notice, the name of the X Consortium shall
53 not be used in advertising or otherwise to promote the sale, use or
54 other dealings in this Software without prior written authorization
55 from the X Consortium.
60 * xdm - display manager daemon
61 * Author: Keith Packard, MIT X Consortium
65 * generate authorization data for XDM-AUTHORIZATION-1 as per XDMCP spec
72 static char auth_name[256];
73 static int auth_name_len;
75 XdmPrintDataHex (s, a, l)
83 for (i = 0; i < l; i++)
84 Debug (" %02x", a[i] & 0xff);
88 #ifdef notdef /* not used */
93 XdmPrintDataHex (s, (char *) k->data, 8);
98 XdmPrintArray8Hex (s, a)
102 XdmPrintDataHex (s, (char *) a->data, a->length);
106 XdmInitAuth (name_len, name)
107 #if NeedWidePrototypes
108 unsigned int name_len;
110 unsigned short name_len;
111 #endif /* NeedWidePrototypes */
116 auth_name_len = name_len;
117 memmove( auth_name, name, name_len);
121 * Generate authorization for XDM-AUTHORIZATION-1
123 * When being used with XDMCP, 8 bytes are generated for the session key
124 * (sigma), as the random number (rho) is already shared between xdm and
125 * the server. Otherwise, we'll prepend a random number to pass in the file
126 * between xdm and the server (16 bytes total)
130 XdmGetAuthHelper (namelen, name, includeRho)
131 unsigned short namelen;
136 new = (Xauth *) malloc (sizeof (Xauth));
140 new->family = FamilyWild;
141 new->address_length = 0;
143 new->number_length = 0;
146 new->data_length = 16;
148 new->data_length = 8;
150 new->data = (char *) malloc (new->data_length);
156 new->name = (char *) malloc (namelen);
159 free ((char *) new->data);
163 memmove( (char *)new->name, name, namelen);
164 new->name_length = namelen;
165 GenerateAuthData ((char *)new->data, new->data_length);
167 * set the first byte of the session key to zero as it
168 * is a DES key and only uses 56 bits
170 ((char *)new->data)[new->data_length - 8] = '\0';
171 XdmPrintDataHex ("Local server auth", (char *)new->data, new->data_length);
176 XdmGetAuth (namelen, name)
177 #if NeedWidePrototypes
178 unsigned int namelen;
180 unsigned short namelen;
181 #endif /* NeedWidePrototypes */
184 return XdmGetAuthHelper (namelen, name, TRUE);
189 XdmGetXdmcpAuth (pdpy,authorizationNameLen, authorizationName)
190 struct protoDisplay *pdpy;
191 #if NeedWidePrototypes
192 unsigned int authorizationNameLen;
194 unsigned short authorizationNameLen;
195 #endif /* NeedWidePrototypes */
196 char *authorizationName;
198 Xauth *fileauth, *xdmcpauth;
200 if (pdpy->fileAuthorization && pdpy->xdmcpAuthorization)
202 xdmcpauth = XdmGetAuthHelper (authorizationNameLen, authorizationName, FALSE);
205 fileauth = (Xauth *) malloc (sizeof (Xauth));
208 XauDisposeAuth(xdmcpauth);
211 /* build the file auth from the XDMCP auth */
212 *fileauth = *xdmcpauth;
213 fileauth->name = malloc (xdmcpauth->name_length);
214 fileauth->data = malloc (16);
215 fileauth->data_length = 16;
216 if (!fileauth->name || !fileauth->data)
218 XauDisposeAuth (xdmcpauth);
220 free ((char *) fileauth->name);
222 free ((char *) fileauth->data);
223 free ((char *) fileauth);
227 * for the file authorization, prepend the random number (rho)
228 * which is simply the number we've been passing back and
231 memmove( fileauth->name, xdmcpauth->name, xdmcpauth->name_length);
232 memmove( fileauth->data, pdpy->authenticationData.data, 8);
233 memmove( fileauth->data + 8, xdmcpauth->data, 8);
234 XdmPrintDataHex ("Accept packet auth", xdmcpauth->data, xdmcpauth->data_length);
235 XdmPrintDataHex ("Auth file auth", fileauth->data, fileauth->data_length);
236 /* encrypt the session key for its trip back to the server */
237 XdmcpWrap (xdmcpauth->data, &pdpy->key, xdmcpauth->data, 8);
238 pdpy->fileAuthorization = fileauth;
239 pdpy->xdmcpAuthorization = xdmcpauth;
242 #define atox(c) ('0' <= c && c <= '9' ? c - '0' : \
243 'a' <= c && c <= 'f' ? c - 'a' + 10 : \
244 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1)
255 while (in[0] && in[1])
260 bottom = atox(in[1]);
263 *out++ = (top << 4) | bottom;
273 * Search the Keys file for the entry matching this display. This
274 * routine accepts either plain ascii strings for keys, or hex-encoded numbers
277 XdmGetKey (pdpy, displayID)
278 struct protoDisplay *pdpy;
282 char line[1024], id[1024], key[1024];
285 Debug ("Lookup key for %*.*s\n", displayID->length, displayID->length, displayID->data);
286 keys = fopen (keyFile, "r");
289 while (fgets (line, sizeof (line) - 1, keys))
291 if (line[0] == '#' || sscanf (line, "%s %s", id, key) != 2)
293 bzero(line, sizeof(line));
294 Debug ("Key entry \"%s\" \"%s\"\n", id, key);
295 if (strlen (id) == displayID->length &&
296 !strncmp (id, (char *)displayID->data, displayID->length))
298 if (!strncmp (key, "0x", 2) || !strncmp (key, "0X", 2))
299 if (!HexToBinary (key))
301 keylen = strlen (key);
303 key[keylen++] = '\0';
304 pdpy->key.data[0] = '\0';
305 memmove( pdpy->key.data + 1, key, 7);
306 bzero(key, sizeof(key));
311 bzero(line, sizeof(line));
312 bzero(key, sizeof(key));
318 XdmCheckAuthentication (pdpy, displayID, authenticationName, authenticationData)
319 struct protoDisplay *pdpy;
320 ARRAY8Ptr displayID, authenticationName, authenticationData;
322 XdmAuthKeyPtr incoming;
324 if (!XdmGetKey (pdpy, displayID))
326 if (authenticationData->length != 8)
328 XdmcpUnwrap (authenticationData->data, &pdpy->key,
329 authenticationData->data, 8);
330 XdmPrintArray8Hex ("Request packet auth", authenticationData);
331 if (!XdmcpCopyARRAY8(authenticationData, &pdpy->authenticationData))
333 incoming = (XdmAuthKeyPtr) authenticationData->data;
334 XdmcpIncrementKey (incoming);
335 XdmcpWrap (authenticationData->data, &pdpy->key,
336 authenticationData->data, 8);
341 #endif /* HASXDMAUTH (covering the entire file) */