/* * Copyright (c) 1995, 1996 Kungliga Tekniska Högskolan (Royal Institute * of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Högskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "kx.h" RCSID("$Id$"); char x_socket[MaxPathLen]; u_int32_t display_num; char display[MaxPathLen]; int display_size = sizeof(display); char xauthfile[MaxPathLen]; int xauthfile_size = sizeof(xauthfile); u_char cookie[16]; size_t cookie_len = sizeof(cookie); static int do_enccopy (int fd1, int fd2, int mode, des_cblock *iv, des_key_schedule schedule, int *num) { int ret; u_char buf[BUFSIZ]; ret = read (fd1, buf, sizeof(buf)); if (ret == 0) return 0; if (ret < 0) { fprintf (stderr, "%s: read: %s\n", prog, strerror (errno)); return ret; } #ifndef NOENCRYPTION des_cfb64_encrypt (buf, buf, ret, schedule, iv, num, mode); #endif ret = krb_net_write (fd2, buf, ret); if (ret < 0) { fprintf (stderr, "%s: write: %s\n", prog, strerror (errno)); return ret; } return 1; } /* * Copy data from `fd1' to `fd2', encrypting it. Data in the other * direction is of course, decrypted. */ int copy_encrypted (int fd1, int fd2, des_cblock *iv, des_key_schedule schedule) { des_cblock iv1, iv2; int num1 = 0, num2 = 0; memcpy (&iv1, iv, sizeof(iv1)); memcpy (&iv2, iv, sizeof(iv2)); for (;;) { fd_set fdset; int ret; FD_ZERO(&fdset); FD_SET(fd1, &fdset); FD_SET(fd2, &fdset); ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL); if (ret < 0 && errno != EINTR) { fprintf (stderr, "%s: select: %s\n", prog, strerror (errno)); return 1; } if (FD_ISSET(fd1, &fdset)) { ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, schedule, &num1); if (ret <= 0) return ret; } if (FD_ISSET(fd2, &fdset)) { ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, schedule, &num2); if (ret <= 0) return ret; } } } #ifndef X_UNIX_PATH #define X_UNIX_PATH "/tmp/.X11-unix/X" #endif #ifndef INADDR_LOOPBACK #define INADDR_LOOPBACK 0x7f000001 #endif /* * Allocate and listen on a local X server socket and a TCP socket. * Return the display number. */ int get_xsockets (int *unix_socket, int *tcp_socket) { int unixfd, tcpfd = -1; struct sockaddr_un unixaddr; struct sockaddr_in tcpaddr; int dpy; int oldmask; struct in_addr local; char *dir, *p; dir = strdup (X_UNIX_PATH); p = strrchr (dir, '/'); if (p) *p = '\0'; oldmask = umask(0); mkdir (dir, 01777); chmod (dir, 01777); umask (oldmask); free (dir); local.s_addr = htonl(INADDR_LOOPBACK); for(dpy = 4; dpy < 256; ++dpy) { unixfd = socket (AF_UNIX, SOCK_STREAM, 0); if (unixfd < 0) { fprintf (stderr, "%s: socket: %s\n", prog, strerror(errno)); return -1; } memset (&unixaddr, 0, sizeof(unixaddr)); unixaddr.sun_family = AF_UNIX; sprintf (unixaddr.sun_path, X_UNIX_PATH "%u", dpy); if(bind(unixfd, (struct sockaddr *)&unixaddr, sizeof(unixaddr)) < 0) { close (unixfd); if (errno == EADDRINUSE || errno == EACCES) /* Cray return EACCESS */ continue; else return -1; } if (tcp_socket) { int one = 1; tcpfd = socket (AF_INET, SOCK_STREAM, 0); if (tcpfd < 0) { fprintf (stderr, "%s: socket: %s\n", prog, strerror(errno)); close (unixfd); return -1; } #ifdef TCP_NODELAY setsockopt (tcpfd, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one)); #endif memset (&tcpaddr, 0, sizeof(tcpaddr)); tcpaddr.sin_family = AF_INET; tcpaddr.sin_addr = local; tcpaddr.sin_port = htons(6000 + dpy); if (bind (tcpfd, (struct sockaddr *)&tcpaddr, sizeof(tcpaddr)) < 0) { close (unixfd); close (tcpfd); if (errno == EADDRINUSE) continue; else return -1; } } break; } if (dpy == 256) { fprintf (stderr, "%s: no free x-servers\n", prog); return -1; } if (listen (unixfd, SOMAXCONN) < 0) { fprintf (stderr, "%s: listen: %s\n", prog, strerror(errno)); return -1; } if (tcp_socket) if (listen (tcpfd, SOMAXCONN) < 0) { fprintf (stderr, "%s: listen: %s\n", prog, strerror(errno)); return -1; } strcpy(x_socket, unixaddr.sun_path); *unix_socket = unixfd; if (tcp_socket) *tcp_socket = tcpfd; return dpy; } /* * */ int connect_local_xsocket (unsigned dnr) { int fd; struct sockaddr_un addr; fd = socket (AF_UNIX, SOCK_STREAM, 0); if (fd < 0) { fprintf (stderr, "%s: socket: %s\n", prog, strerror(errno)); return fd; } addr.sun_family = AF_UNIX; sprintf (addr.sun_path, "/tmp/.X11-unix/X%u", dnr); if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { fprintf (stderr, "%s: connect: %s\n", prog, strerror(errno)); return -1; } return fd; } int create_and_write_cookie (char *xauthfile, u_char *cookie, size_t sz) { Xauth auth; char tmp[64]; FILE *f; char hostname[MaxHostNameLen]; struct in_addr loopback; struct hostent *h; k_gethostname (hostname, sizeof(hostname)); loopback.s_addr = htonl(INADDR_LOOPBACK); auth.family = FamilyLocal; auth.address = hostname; auth.address_length = strlen(auth.address); sprintf (tmp, "%d", display_num); auth.number_length = strlen(tmp); auth.number = tmp; auth.name = COOKIE_TYPE; auth.name_length = strlen(auth.name); auth.data_length = sz; auth.data = (char*)cookie; des_rand_data (cookie, sz); f = fopen(xauthfile, "w"); if (f == NULL) return 1; if(XauWriteAuth(f, &auth) == 0) { fclose(f); return 1; } h = gethostbyname (hostname); if (h == NULL) { fclose (f); return 1; } /* * I would like to write a cookie for localhost:n here, but some * stupid code in libX11 will not look for cookies of that type, * so we are forced to use FamilyWild instead. */ auth.family = FamilyWild; auth.address_length = 0; #if 0 /* XXX */ auth.address = (char *)&loopback; auth.address_length = sizeof(loopback); #endif if (XauWriteAuth(f, &auth) == 0) { fclose (f); return 1; } if(fclose(f)) return 1; return 0; } /* * Some simple controls on the address and corresponding socket */ int suspicious_address (int sock, struct sockaddr_in addr) { char data[40]; int len = sizeof(data); return addr.sin_addr.s_addr != htonl(INADDR_LOOPBACK) || getsockopt (sock, IPPROTO_IP, IP_OPTIONS, data, &len) < 0 || len != 0; }