![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to access.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Research Unix] / researchv9 / X11 / src / X.V11R1 / server / os / 4.2bsd|
Return to access.c CVS log | Up to [Research Unix] / researchv9 / X11 / src / X.V11R1 / server / os / 4.2bsd |
1.1 ! root 1: /*********************************************************** ! 2: Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts, ! 3: and the Massachusetts Institute of Technology, Cambridge, Massachusetts. ! 4: ! 5: All Rights Reserved ! 6: ! 7: Permission to use, copy, modify, and distribute this software and its ! 8: documentation for any purpose and without fee is hereby granted, ! 9: provided that the above copyright notice appear in all copies and that ! 10: both that copyright notice and this permission notice appear in ! 11: supporting documentation, and that the names of Digital or MIT not be ! 12: used in advertising or publicity pertaining to distribution of the ! 13: software without specific, written prior permission. ! 14: ! 15: DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ! 16: ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ! 17: DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ! 18: ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, ! 19: WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ! 20: ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ! 21: SOFTWARE. ! 22: ! 23: ******************************************************************/ ! 24: ! 25: /* $Header: access.c,v 1.18 87/09/03 14:24:02 toddb Exp $ */ ! 26: ! 27: #include "X.h" ! 28: #include "Xproto.h" ! 29: #include "misc.h" ! 30: #include <errno.h> ! 31: #include <sys/types.h> ! 32: #include <sys/socket.h> ! 33: #include <sys/ioctl.h> ! 34: #include <net/if.h> ! 35: #include <netdb.h> ! 36: #ifdef TCPCONN ! 37: #include <netinet/in.h> ! 38: #endif /* TCPCONN */ ! 39: #ifdef DNETCONN ! 40: #include <netdnet/dn.h> ! 41: #include <netdnet/dnetdb.h> ! 42: #endif ! 43: #undef NULL ! 44: #include <stdio.h> ! 45: #include "dixstruct.h" ! 46: #include "osdep.h" ! 47: ! 48: ! 49: #define DONT_CHECK -1 ! 50: extern char *index(); ! 51: ! 52: typedef struct _host { ! 53: short family; ! 54: short len; ! 55: unsigned char addr[4]; /* will need to be bigger eventually */ ! 56: struct _host *next; ! 57: } HOST; ! 58: ! 59: static HOST *selfhosts = NULL; ! 60: static HOST *validhosts = NULL; ! 61: static int AccessEnabled = TRUE; ! 62: ! 63: typedef struct { ! 64: int af, xf; ! 65: } FamilyMap; ! 66: ! 67: static FamilyMap familyMap[] = { ! 68: #ifdef AF_DECnet ! 69: {AF_DECnet, FamilyDECnet}, ! 70: #endif /* AF_DECnet */ ! 71: #ifdef AF_CHAOS ! 72: {AF_CHAOS, FamilyChaos}, ! 73: #endif /* AF_CHAOS */ ! 74: #ifdef AF_INET ! 75: {AF_INET, FamilyInternet} ! 76: #endif ! 77: }; ! 78: ! 79: #define FAMILIES ((sizeof familyMap)/(sizeof familyMap[0])) ! 80: ! 81: /* Define this host for access control. Find all the hosts the OS knows about ! 82: * for this fd and add them to the selfhosts list. ! 83: */ ! 84: DefineSelf (fd) ! 85: int fd; ! 86: { ! 87: char buf[2048]; ! 88: struct ifconf ifc; ! 89: register int n; ! 90: int len; ! 91: pointer addr; ! 92: short family; ! 93: register HOST *host; ! 94: register struct ifreq *ifr; ! 95: ! 96: ifc.ifc_len = sizeof (buf); ! 97: ifc.ifc_buf = buf; ! 98: if (ioctl (fd, (int) SIOCGIFCONF, (pointer) &ifc) < 0) ! 99: Error ("Getting interface configuration"); ! 100: for (ifr = ifc.ifc_req, n = ifc.ifc_len / sizeof (struct ifreq); --n >= 0; ! 101: ifr++) ! 102: { ! 103: #ifdef DNETCONN ! 104: /* ! 105: * this is ugly but SIOCGIFCONF returns decnet addresses in ! 106: * a different form from other decnet calls ! 107: */ ! 108: if (ifr->ifr_addr.sa_family == AF_DECnet) { ! 109: len = sizeof (struct dn_naddr); ! 110: addr = (pointer)ifr->ifr_addr.sa_data; ! 111: family = AF_DECnet; ! 112: } else ! 113: #endif /* DNETCONN */ ! 114: if ((family = ConvertAddr (&ifr->ifr_addr, &len, &addr)) <= 0) ! 115: continue; ! 116: for (host = selfhosts; host && (family != host->family || ! 117: bcmp (addr, host->addr, len)); host = host->next) ! 118: ; ! 119: if (host) ! 120: continue; ! 121: host = (HOST *) Xalloc (sizeof (HOST)); ! 122: host->family = family; ! 123: host->len = len; ! 124: bcopy(addr, host->addr, len); ! 125: host->next = selfhosts; ! 126: selfhosts = host; ! 127: } ! 128: } ! 129: ! 130: /* Reset access control list to initial hosts */ ! 131: ResetHosts (display) ! 132: char *display; ! 133: { ! 134: register HOST *host, *self; ! 135: char hostname[120]; ! 136: char fname[32]; ! 137: FILE *fd; ! 138: char *ptr; ! 139: union { ! 140: struct sockaddr sa; ! 141: #ifdef TCPCONN ! 142: struct sockaddr_in in; ! 143: #endif /* TCPCONN */ ! 144: #ifdef DNETCONN ! 145: struct sockaddr_dn dn; ! 146: #endif ! 147: } saddr; ! 148: #ifdef DNETCONN ! 149: struct nodeent *np; ! 150: struct dn_naddr dnaddr, *dnaddrp, *dnet_addr(); ! 151: #endif ! 152: short family; ! 153: int len; ! 154: pointer addr; ! 155: register struct hostent *hp; ! 156: ! 157: while (host = validhosts) ! 158: { ! 159: validhosts = host->next; ! 160: Xfree ((pointer) host); ! 161: } ! 162: for (self = selfhosts; self; self = self->next) ! 163: { ! 164: host = (HOST *) Xalloc (sizeof (HOST)); ! 165: *host = *self; ! 166: host->next = validhosts; ! 167: validhosts = host; ! 168: } ! 169: strcpy (fname, "/etc/X"); ! 170: strcat (fname, display); ! 171: strcat (fname, ".hosts"); ! 172: if (fd = fopen (fname, "r")) ! 173: { ! 174: while (fgets (hostname, sizeof (hostname), fd)) ! 175: { ! 176: if (ptr = index (hostname, '\n')) ! 177: *ptr = 0; ! 178: #ifdef DNETCONN ! 179: if ((ptr = index (hostname, ':')) && (*(ptr + 1) == ':')) ! 180: { ! 181: /* node name (DECnet names end in "::") */ ! 182: *ptr = 0; ! 183: if (dnaddrp = dnet_addr(hostname)) ! 184: { ! 185: /* allow nodes to be specified by address */ ! 186: NewHost (AF_DECnet, (pointer) dnaddrp); ! 187: } ! 188: else ! 189: { ! 190: if (np = getnodebyname (hostname)) ! 191: { ! 192: /* node was specified by name */ ! 193: saddr.sa.sa_family = np->n_addrtype; ! 194: if ((family = ConvertAddr (&saddr.sa, &len, &addr)) == ! 195: AF_DECnet) ! 196: { ! 197: bzero ((pointer) &dnaddr, sizeof (dnaddr)); ! 198: dnaddr.a_len = np->n_length; ! 199: bcopy (np->n_addr, (pointer) dnaddr.a_addr, ! 200: np->n_length); ! 201: NewHost (family, (pointer) &dnaddr); ! 202: } ! 203: } ! 204: } ! 205: } ! 206: else ! 207: { ! 208: #endif /* DNETCONN */ ! 209: #ifdef TCPCONN ! 210: /* host name */ ! 211: if (hp = gethostbyname (hostname)) ! 212: { ! 213: saddr.sa.sa_family = hp->h_addrtype; ! 214: if ((family = ConvertAddr (&saddr.sa, &len, &addr)) > 0) ! 215: #ifdef NEW_HEADER_WITH_OLD_LIBRARY ! 216: NewHost (family, hp->h_addr_list); ! 217: #else ! 218: NewHost (family, hp->h_addr); ! 219: #endif ! 220: ! 221: } ! 222: #endif /* TCPCONN */ ! 223: #ifdef DNETCONN ! 224: } ! 225: #endif /* DNETCONN */ ! 226: } ! 227: fclose (fd); ! 228: } ! 229: } ! 230: ! 231: /* Add a host to the access control list. This is the external interface ! 232: * called from the dispatcher */ ! 233: ! 234: int ! 235: AddHost (client, family, length, pAddr) ! 236: int client; ! 237: int family; ! 238: int length; /* of bytes in pAddr */ ! 239: pointer pAddr; ! 240: { ! 241: int len; ! 242: register HOST *host; ! 243: int unixFamily; ! 244: ! 245: unixFamily = UnixFamily(family); ! 246: if ((len = CheckFamily (DONT_CHECK, unixFamily)) < 0) ! 247: return BadMatch; ! 248: ! 249: if (len != length) ! 250: return BadMatch; ! 251: for (host = validhosts; host; host = host->next) ! 252: { ! 253: if (unixFamily == host->family && !bcmp (pAddr, host->addr, len)) ! 254: return Success; ! 255: } ! 256: host = (HOST *) Xalloc (sizeof (HOST)); ! 257: host->family = unixFamily; ! 258: host->len = len; ! 259: bcopy(pAddr, host->addr, len); ! 260: host->next = validhosts; ! 261: validhosts = host; ! 262: return Success; ! 263: } ! 264: ! 265: /* Add a host to the access control list. This is the internal interface ! 266: * called when starting or resetting the server */ ! 267: NewHost (family, addr) ! 268: short family; ! 269: pointer addr; ! 270: { ! 271: int len; ! 272: register HOST *host; ! 273: ! 274: if ((len = CheckFamily (DONT_CHECK, family)) < 0) ! 275: return; ! 276: for (host = validhosts; host; host = host->next) ! 277: { ! 278: if (family == host->family && !bcmp (addr, host->addr, len)) ! 279: return; ! 280: } ! 281: host = (HOST *) Xalloc (sizeof (HOST)); ! 282: host->family = family; ! 283: host->len = len; ! 284: bcopy(addr, host->addr, len); ! 285: host->next = validhosts; ! 286: validhosts = host; ! 287: } ! 288: ! 289: /* Remove a host from the access control list */ ! 290: ! 291: int ! 292: RemoveHost (client, family, length, pAddr) ! 293: int client; ! 294: int family; ! 295: int length; /* of bytes in pAddr */ ! 296: pointer pAddr; ! 297: { ! 298: int len, ! 299: unixFamily; ! 300: register HOST *host, **prev; ! 301: ! 302: unixFamily = UnixFamily(family); ! 303: if ((len = CheckFamily (DONT_CHECK, unixFamily)) < 0) ! 304: return BadMatch; ! 305: if (len != length) ! 306: return BadMatch; ! 307: for (prev = &validhosts; ! 308: (host = *prev) && (unixFamily != host->family || ! 309: bcmp (pAddr, host->addr, len)); ! 310: prev = &host->next) ! 311: ; ! 312: if (host) ! 313: { ! 314: *prev = host->next; ! 315: Xfree ((pointer) host); ! 316: } ! 317: return Success; ! 318: } ! 319: ! 320: /* Get all hosts in the access control list */ ! 321: int ! 322: GetHosts (data, pnHosts, pEnabled) ! 323: pointer *data; ! 324: int *pnHosts; ! 325: BOOL *pEnabled; ! 326: { ! 327: int len; ! 328: register int n = 0; ! 329: register pointer ptr; ! 330: register HOST *host; ! 331: int nHosts = 0; ! 332: int *lengths = (int *) NULL; ! 333: ! 334: *pEnabled = AccessEnabled ? EnableAccess : DisableAccess; ! 335: for (host = validhosts; host; host = host->next) ! 336: { ! 337: if ((len = CheckFamily (DONT_CHECK, host->family)) < 0) ! 338: return (-1); ! 339: lengths = (int *) Xrealloc(lengths, (nHosts + 1) * sizeof(int)); ! 340: lengths[nHosts++] = len; ! 341: n += (((len + 3) >> 2) << 2) + sizeof(xHostEntry); ! 342: } ! 343: if (n) ! 344: { ! 345: *data = ptr = (pointer) Xalloc (n); ! 346: nHosts = 0; ! 347: for (host = validhosts; host; host = host->next) ! 348: { ! 349: ! 350: len = lengths[nHosts++]; ! 351: ((xHostEntry *)ptr)->family = XFamily(host->family); ! 352: ((xHostEntry *)ptr)->length = len; ! 353: ptr += sizeof(xHostEntry); ! 354: bcopy (host->addr, ptr, len); ! 355: ptr += ((len + 3) >> 2) << 2; ! 356: } ! 357: } ! 358: *pnHosts = nHosts; ! 359: Xfree(lengths); ! 360: return (n); ! 361: } ! 362: ! 363: /* Check for valid address family, and for local host if client modification. ! 364: * Return address length. ! 365: */ ! 366: ! 367: CheckFamily (connection, family) ! 368: int connection; ! 369: short family; ! 370: { ! 371: struct sockaddr from; ! 372: int alen; ! 373: pointer addr; ! 374: register HOST *host; ! 375: int len; ! 376: ! 377: switch (family) ! 378: { ! 379: #ifdef TCPCONN ! 380: case AF_INET: ! 381: len = sizeof (struct in_addr); ! 382: break; ! 383: #endif ! 384: #ifdef DNETCONN ! 385: case AF_DECnet: ! 386: len = sizeof (struct dn_naddr); ! 387: break; ! 388: #endif ! 389: default: ! 390: /* BadValue */ ! 391: return (-1); ! 392: } ! 393: if (connection == DONT_CHECK) ! 394: return (len); ! 395: alen = sizeof (from); ! 396: if (!getpeername (connection, &from, &alen)) ! 397: { ! 398: if ((family = ConvertAddr (&from, &alen, &addr)) >= 0) ! 399: { ! 400: if (family == 0) ! 401: return (len); ! 402: for (host = selfhosts; host; host = host->next) ! 403: { ! 404: if (family == host->family && ! 405: !bcmp (addr, host->addr, alen)) ! 406: return (len); ! 407: } ! 408: } ! 409: } ! 410: /* Bad Access */ ! 411: return (-1); ! 412: } ! 413: ! 414: /* Check if a host is not in the access control list. ! 415: * Returns 1 if host is invalid, 0 if we've found it. */ ! 416: ! 417: InvalidHost (saddr, len) ! 418: register struct sockaddr *saddr; ! 419: int len; ! 420: { ! 421: short family; ! 422: pointer addr; ! 423: register HOST *host; ! 424: if ((family = ConvertAddr (saddr, len ? &len : 0, &addr)) < 0) ! 425: return (1); ! 426: if (family == 0) ! 427: return (0); ! 428: if (!AccessEnabled) /* just let them in */ ! 429: return(0); ! 430: for (host = validhosts; host; host = host->next) ! 431: { ! 432: if (family == host->family && !bcmp (addr, host->addr, len)) ! 433: return (0); ! 434: } ! 435: return (1); ! 436: } ! 437: ! 438: ConvertAddr (saddr, len, addr) ! 439: register struct sockaddr *saddr; ! 440: int *len; ! 441: pointer *addr; ! 442: { ! 443: if (len == 0) ! 444: return (0); ! 445: switch (saddr->sa_family) ! 446: { ! 447: case AF_UNSPEC: ! 448: case AF_UNIX: ! 449: return (0); ! 450: case AF_INET: ! 451: #ifdef TCPCONN ! 452: *len = sizeof (struct in_addr); ! 453: *addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr); ! 454: return (AF_INET); ! 455: #else TCPCONN ! 456: break; ! 457: #endif TCPCONN ! 458: ! 459: #ifdef DNETCONN ! 460: case AF_DECnet: ! 461: *len = sizeof (struct dn_naddr); ! 462: *addr = (pointer) &(((struct sockaddr_dn *) saddr)->sdn_add); ! 463: return (AF_DECnet); ! 464: #else DNETCONN ! 465: break; ! 466: #endif DNETCONN ! 467: ! 468: default: ! 469: break; ! 470: } ! 471: return (-1); ! 472: } ! 473: ! 474: ChangeAccessControl(client, fEnabled) ! 475: ClientPtr client; ! 476: int fEnabled; ! 477: { ! 478: int alen, family; ! 479: struct sockaddr from; ! 480: pointer addr; ! 481: register HOST *host; ! 482: ! 483: alen = sizeof (from); ! 484: if (!getpeername (((osPrivPtr)client->osPrivate)->fd, &from, &alen)) ! 485: { ! 486: if ((family = ConvertAddr (&from, &alen, &addr)) >= 0) ! 487: { ! 488: if (family == 0) ! 489: AccessEnabled = fEnabled; ! 490: for (host = selfhosts; host; host = host->next) ! 491: { ! 492: if (family == host->family && ! 493: !bcmp (addr, host->addr, alen)) ! 494: AccessEnabled = fEnabled; ! 495: } ! 496: } ! 497: } ! 498: } ! 499: ! 500: static int XFamily(af) ! 501: int af; ! 502: { ! 503: int i; ! 504: for (i = 0; i < FAMILIES; i++) ! 505: if (familyMap[i].af == af) ! 506: return familyMap[i].xf; ! 507: return -1; ! 508: } ! 509: ! 510: static int UnixFamily(xf) ! 511: int xf; ! 512: { ! 513: int i; ! 514: for (i = 0; i < FAMILIES; i++) ! 515: if (familyMap[i].xf == xf) ! 516: return familyMap[i].af; ! 517: return -1; ! 518: } ! 519:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.