1 /***********************************************************
3 Copyright 1987, 1998 The Open Group
7 Permission is hereby granted, free of charge, to any person obtaining a
8 copy of this software and associated documentation files (the
9 "Software"), to deal in the Software without restriction, including
10 without limitation the rights to use, copy, modify, merge, publish,
11 distribute, and/or sell copies of the Software, and to permit persons
12 to whom the Software is furnished to do so, provided that the above
13 copyright notice(s) and this permission notice appear in all copies of
14 the Software and that both the above copyright notice(s) and this
15 permission notice appear in supporting documentation.
17 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
18 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
20 OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
21 HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
22 INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
23 FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
24 NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
25 WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
27 Except as contained in this notice, the name of a copyright holder
28 shall not be used in advertising or otherwise to promote the sale, use
29 or other dealings in this Software without prior written authorization
30 of the copyright holder.
32 X Window System is a trademark of The Open Group.
34 Copyright 1987 by Digital Equipment Corporation, Maynard, Massachusetts.
38 Permission to use, copy, modify, and distribute this software and its
39 documentation for any purpose and without fee is hereby granted,
40 provided that the above copyright notice appear in all copies and that
41 both that copyright notice and this permission notice appear in
42 supporting documentation, and that the name of Digital not be
43 used in advertising or publicity pertaining to distribution of the
44 software without specific, written prior permission.
46 DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
47 ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
48 DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
49 ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
50 WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
51 ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
54 ******************************************************************/
57 * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
59 * Permission is hereby granted, free of charge, to any person obtaining a
60 * copy of this software and associated documentation files (the "Software"),
61 * to deal in the Software without restriction, including without limitation
62 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
63 * and/or sell copies of the Software, and to permit persons to whom the
64 * Software is furnished to do so, subject to the following conditions:
66 * The above copyright notice and this permission notice (including the next
67 * paragraph) shall be included in all copies or substantial portions of the
70 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
71 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
72 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
73 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
74 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
75 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
76 * DEALINGS IN THE SOFTWARE.
79 #ifdef HAVE_DIX_CONFIG_H
80 #include <dix-config.h>
84 #include <X11/Xwinsock.h>
92 #include <X11/Xtrans/Xtrans.h>
93 #include <X11/Xauth.h>
95 #include <X11/Xproto.h>
99 #include <sys/types.h>
101 #include <sys/socket.h>
102 #include <sys/ioctl.h>
105 #if defined(TCPCONN) || defined(STREAMSCONN)
106 #include <netinet/in.h>
107 #endif /* TCPCONN || STREAMSCONN */
109 #ifdef HAVE_GETPEERUCRED
116 #if defined(SVR4) || (defined(SYSV) && defined(__i386__)) || defined(__GNU__)
117 #include <sys/utsname.h>
119 #if defined(SYSV) && defined(__i386__)
120 #include <sys/stream.h>
130 #include <sys/sockio.h>
131 #include <sys/stropts.h>
137 #include <sys/param.h>
139 #define VARIABLE_IFREQ
144 #ifndef VARIABLE_IFREQ
145 #define VARIABLE_IFREQ
149 #ifdef HAVE_GETIFADDRS
153 /* Solaris provides an extended interface SIOCGLIFCONF. Other systems
154 * may have this as well, but the code has only been tested on Solaris
155 * so far, so we only enable it there. Other platforms may be added as
158 * Test for Solaris commented out -- TSI @ UQV 2003.06.13
161 /* #if defined(sun) */
162 #define USE_SIOCGLIFCONF
168 #define X_INCLUDE_NETDB_H
169 #include <X11/Xos_r.h>
171 #include "dixstruct.h"
176 Bool defeatAccessControl = FALSE;
178 #define addrEqual(fam, address, length, host) \
179 ((fam) == (host)->family &&\
180 (length) == (host)->len &&\
181 !memcmp (address, (host)->addr, length))
183 static int ConvertAddr(struct sockaddr * /*saddr */ ,
185 pointer * /*addr */ );
187 static int CheckAddr(int /*family */ ,
188 const void * /*pAddr */ ,
189 unsigned /*length */ );
191 static Bool NewHost(int /*family */ ,
192 const void * /*addr */ ,
194 int /* addingLocalHosts */ );
196 /* XFree86 bug #156: To keep track of which hosts were explicitly requested in
197 /etc/X<display>.hosts, we've added a requested field to the HOST struct,
198 and a LocalHostRequested variable. These default to FALSE, but are set
199 to TRUE in ResetHosts when reading in /etc/X<display>.hosts. They are
200 checked in DisableLocalHost(), which is called to disable the default
201 local host entries when stronger authentication is turned on. */
203 typedef struct _host {
211 #define MakeHost(h,l) (h)=malloc(sizeof *(h)+(l));\
213 (h)->addr=(unsigned char *) ((h) + 1);\
214 (h)->requested = FALSE; \
216 #define FreeHost(h) free(h)
217 static HOST *selfhosts = NULL;
218 static HOST *validhosts = NULL;
219 static int AccessEnabled = DEFAULT_ACCESS_CONTROL;
220 static int LocalHostEnabled = FALSE;
221 static int LocalHostRequested = FALSE;
222 static int UsingXdmcp = FALSE;
224 /* FamilyServerInterpreted implementation */
225 static Bool siAddrMatch(int family, pointer addr, int len, HOST * host,
227 static int siCheckAddr(const char *addrString, int length);
228 static void siTypesInitialize(void);
231 * called when authorization is not enabled to add the
232 * local host to the access list
236 EnableLocalHost(void)
239 LocalHostEnabled = TRUE;
245 * called when authorization is enabled to keep us secure
248 DisableLocalHost(void)
252 if (!LocalHostRequested) /* Fix for XFree86 bug #156 */
253 LocalHostEnabled = FALSE;
254 for (self = selfhosts; self; self = self->next) {
255 if (!self->requested) /* Fix for XFree86 bug #156 */
256 (void) RemoveHost((ClientPtr) NULL, self->family, self->len,
257 (pointer) self->addr);
262 * called at init time when XDMCP will be used; xdmcp always
263 * adds local hosts manually when needed
267 AccessUsingXdmcp(void)
270 LocalHostEnabled = FALSE;
273 #if defined(SVR4) && !defined(sun) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF)
275 /* Deal with different SIOCGIFCONF ioctl semantics on these OSs */
278 ifioctl(int fd, int cmd, char *arg)
283 memset((char *) &ioc, 0, sizeof(ioc));
286 if (cmd == SIOCGIFCONF) {
287 ioc.ic_len = ((struct ifconf *) arg)->ifc_len;
288 ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf;
291 ioc.ic_len = sizeof(struct ifreq);
294 ret = ioctl(fd, I_STR, (char *) &ioc);
295 if (ret >= 0 && cmd == SIOCGIFCONF)
297 ((struct ifconf *) arg)->ifc_len = ioc.ic_len;
302 #define ifioctl ioctl
308 * Define this host for access control. Find all the hosts the OS knows about
309 * for this fd and add them to the selfhosts list.
312 #if !defined(SIOCGIFCONF)
316 #if !defined(TCPCONN) && !defined(STREAMSCONN) && !defined(UNIXCONN)
333 register struct hostent *hp;
337 struct sockaddr_in in;
338 #if defined(IPv6) && defined(AF_INET6)
339 struct sockaddr_in6 in6;
343 struct sockaddr_in *inetaddr;
344 struct sockaddr_in6 *inet6addr;
345 struct sockaddr_in broad_addr;
347 #ifdef XTHREADS_NEEDS_BYNAMEPARAMS
348 _Xgethostbynameparams hparams;
351 /* Why not use gethostname()? Well, at least on my system, I've had to
352 * make an ugly kernel patch to get a name longer than 8 characters, and
353 * uname() lets me access to the whole string (it smashes release, you
354 * see), whereas gethostname() kindly truncates it for me.
359 gethostname(name.nodename, sizeof(name.nodename));
362 hp = _XGethostbyname(name.nodename, hparams);
364 saddr.sa.sa_family = hp->h_addrtype;
365 switch (hp->h_addrtype) {
367 inetaddr = (struct sockaddr_in *) (&(saddr.sa));
368 memcpy(&(inetaddr->sin_addr), hp->h_addr, hp->h_length);
369 len = sizeof(saddr.sa);
371 #if defined(IPv6) && defined(AF_INET6)
373 inet6addr = (struct sockaddr_in6 *) (&(saddr.sa));
374 memcpy(&(inet6addr->sin6_addr), hp->h_addr, hp->h_length);
375 len = sizeof(saddr.in6);
379 goto DefineLocalHost;
381 family = ConvertAddr(&(saddr.sa), &len, (pointer *) &addr);
382 if (family != -1 && family != FamilyLocal) {
383 for (host = selfhosts;
384 host && !addrEqual(family, addr, len, host);
387 /* add this host to the host list. */
390 host->family = family;
392 memcpy(host->addr, addr, len);
393 host->next = selfhosts;
398 * If this is an Internet Address, but not the localhost
399 * address (127.0.0.1), nor the bogus address (0.0.0.0),
402 if (family == FamilyInternet &&
405 (addr[0] == 0 && addr[1] == 0 &&
406 addr[2] == 0 && addr[3] == 0)))
408 XdmcpRegisterConnection(family, (char *) addr, len);
409 broad_addr = *inetaddr;
410 ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr =
411 htonl(INADDR_BROADCAST);
412 XdmcpRegisterBroadcastAddress((struct sockaddr_in *)
415 #if defined(IPv6) && defined(AF_INET6)
416 else if (family == FamilyInternet6 &&
417 !(IN6_IS_ADDR_LOOPBACK((struct in6_addr *) addr))) {
418 XdmcpRegisterConnection(family, (char *) addr, len);
427 * now add a host of family FamilyLocalHost...
430 for (host = selfhosts;
431 host && !addrEqual(FamilyLocalHost, "", 0, host); host = host->next);
435 host->family = FamilyLocalHost;
437 /* Nothing to store in host->addr */
438 host->next = selfhosts;
442 #endif /* !TCPCONN && !STREAMSCONN && !UNIXCONN */
447 #ifdef USE_SIOCGLIFCONF
448 #define ifr_type struct lifreq
450 #define ifr_type struct ifreq
453 #ifdef VARIABLE_IFREQ
454 #define ifr_size(p) (sizeof (struct ifreq) + \
455 (p->ifr_addr.sa_len > sizeof (p->ifr_addr) ? \
456 p->ifr_addr.sa_len - sizeof (p->ifr_addr) : 0))
457 #define ifraddr_size(a) (a.sa_len)
459 #define ifr_size(p) (sizeof (ifr_type))
460 #define ifraddr_size(a) (sizeof (a))
463 #if defined(IPv6) && defined(AF_INET6)
464 #include <arpa/inet.h>
467 #if defined(IPv6) && defined(AF_INET6)
469 in6_fillscopeid(struct sockaddr_in6 *sin6)
471 #if defined(__KAME__)
472 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
473 sin6->sin6_scope_id =
474 ntohs(*(u_int16_t *) & sin6->sin6_addr.s6_addr[2]);
475 sin6->sin6_addr.s6_addr[2] = sin6->sin6_addr.s6_addr[3] = 0;
484 #ifndef HAVE_GETIFADDRS
487 #ifdef USE_SIOCGLIFCONF
488 struct sockaddr_storage buf[16];
490 register struct lifreq *ifr;
495 #else /* !USE_SIOCGLIFCONF */
498 register struct ifreq *ifr;
501 #else /* HAVE_GETIFADDRS */
502 struct ifaddrs *ifap, *ifr;
509 #ifndef HAVE_GETIFADDRS
513 #ifdef USE_SIOCGLIFCONF
516 ifn.lifn_family = AF_UNSPEC;
518 if (ioctl(fd, SIOCGLIFNUM, (char *) &ifn) < 0)
519 ErrorF("Getting interface count: %s\n", strerror(errno));
520 if (len < (ifn.lifn_count * sizeof(struct lifreq))) {
521 len = ifn.lifn_count * sizeof(struct lifreq);
522 bufptr = malloc(len);
526 ifc.lifc_family = AF_UNSPEC;
529 ifc.lifc_buf = bufptr;
531 #define IFC_IOCTL_REQ SIOCGLIFCONF
532 #define IFC_IFC_REQ ifc.lifc_req
533 #define IFC_IFC_LEN ifc.lifc_len
534 #define IFR_IFR_ADDR ifr->lifr_addr
535 #define IFR_IFR_NAME ifr->lifr_name
537 #else /* Use SIOCGIFCONF */
539 ifc.ifc_buf = bufptr;
541 #define IFC_IOCTL_REQ SIOCGIFCONF
542 #define IFC_IFC_REQ ifc.ifc_req
543 #define IFC_IFC_LEN ifc.ifc_len
544 #define IFR_IFR_ADDR ifr->ifr_addr
545 #define IFR_IFR_NAME ifr->ifr_name
548 if (ifioctl(fd, IFC_IOCTL_REQ, (pointer) &ifc) < 0)
549 ErrorF("Getting interface configuration (4): %s\n", strerror(errno));
551 cplim = (char *) IFC_IFC_REQ + IFC_IFC_LEN;
553 for (cp = (char *) IFC_IFC_REQ; cp < cplim; cp += ifr_size(ifr)) {
554 ifr = (ifr_type *) cp;
555 len = ifraddr_size(IFR_IFR_ADDR);
556 family = ConvertAddr((struct sockaddr *) &IFR_IFR_ADDR,
557 &len, (pointer *) &addr);
558 if (family == -1 || family == FamilyLocal)
560 #if defined(IPv6) && defined(AF_INET6)
561 if (family == FamilyInternet6)
562 in6_fillscopeid((struct sockaddr_in6 *) &IFR_IFR_ADDR);
564 for (host = selfhosts;
565 host && !addrEqual(family, addr, len, host); host = host->next);
570 host->family = family;
572 memcpy(host->addr, addr, len);
573 host->next = selfhosts;
578 #ifdef USE_SIOCGLIFCONF
579 struct sockaddr_storage broad_addr;
581 struct sockaddr broad_addr;
585 * If this isn't an Internet Address, don't register it.
587 if (family != FamilyInternet
588 #if defined(IPv6) && defined(AF_INET6)
589 && family != FamilyInternet6
595 * ignore 'localhost' entries as they're not useful
596 * on the other end of the wire
598 if (family == FamilyInternet &&
599 addr[0] == 127 && addr[1] == 0 && addr[2] == 0 && addr[3] == 1)
601 #if defined(IPv6) && defined(AF_INET6)
602 else if (family == FamilyInternet6 &&
603 IN6_IS_ADDR_LOOPBACK((struct in6_addr *) addr))
608 * Ignore '0.0.0.0' entries as they are
609 * returned by some OSes for unconfigured NICs but they are
610 * not useful on the other end of the wire.
613 addr[0] == 0 && addr[1] == 0 && addr[2] == 0 && addr[3] == 0)
616 XdmcpRegisterConnection(family, (char *) addr, len);
618 #if defined(IPv6) && defined(AF_INET6)
619 /* IPv6 doesn't support broadcasting, so we drop out here */
620 if (family == FamilyInternet6)
624 broad_addr = IFR_IFR_ADDR;
626 ((struct sockaddr_in *) &broad_addr)->sin_addr.s_addr =
627 htonl(INADDR_BROADCAST);
628 #if defined(USE_SIOCGLIFCONF) && defined(SIOCGLIFBRDADDR)
630 struct lifreq broad_req;
633 if (ioctl(fd, SIOCGLIFFLAGS, (char *) &broad_req) != -1 &&
634 (broad_req.lifr_flags & IFF_BROADCAST) &&
635 (broad_req.lifr_flags & IFF_UP)
638 if (ioctl(fd, SIOCGLIFBRDADDR, &broad_req) != -1)
639 broad_addr = broad_req.lifr_broadaddr;
647 #elif defined(SIOCGIFBRDADDR)
649 struct ifreq broad_req;
652 if (ifioctl(fd, SIOCGIFFLAGS, (pointer) &broad_req) != -1 &&
653 (broad_req.ifr_flags & IFF_BROADCAST) &&
654 (broad_req.ifr_flags & IFF_UP)
657 if (ifioctl(fd, SIOCGIFBRDADDR, (pointer) &broad_req) != -1)
658 broad_addr = broad_req.ifr_addr;
665 #endif /* SIOCGIFBRDADDR */
666 XdmcpRegisterBroadcastAddress((struct sockaddr_in *) &broad_addr);
672 #else /* HAVE_GETIFADDRS */
673 if (getifaddrs(&ifap) < 0) {
674 ErrorF("Warning: getifaddrs returns %s\n", strerror(errno));
677 for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) {
680 len = sizeof(*(ifr->ifa_addr));
681 family = ConvertAddr((struct sockaddr *) ifr->ifa_addr, &len,
683 if (family == -1 || family == FamilyLocal)
685 #if defined(IPv6) && defined(AF_INET6)
686 if (family == FamilyInternet6)
687 in6_fillscopeid((struct sockaddr_in6 *) ifr->ifa_addr);
690 for (host = selfhosts;
691 host != NULL && !addrEqual(family, addr, len, host);
697 host->family = family;
699 memcpy(host->addr, addr, len);
700 host->next = selfhosts;
706 * If this isn't an Internet Address, don't register it.
708 if (family != FamilyInternet
709 #if defined(IPv6) && defined(AF_INET6)
710 && family != FamilyInternet6
716 * ignore 'localhost' entries as they're not useful
717 * on the other end of the wire
719 if (ifr->ifa_flags & IFF_LOOPBACK)
722 if (family == FamilyInternet &&
723 addr[0] == 127 && addr[1] == 0 && addr[2] == 0 && addr[3] == 1)
727 * Ignore '0.0.0.0' entries as they are
728 * returned by some OSes for unconfigured NICs but they are
729 * not useful on the other end of the wire.
732 addr[0] == 0 && addr[1] == 0 && addr[2] == 0 && addr[3] == 0)
734 #if defined(IPv6) && defined(AF_INET6)
735 else if (family == FamilyInternet6 &&
736 IN6_IS_ADDR_LOOPBACK((struct in6_addr *) addr))
739 XdmcpRegisterConnection(family, (char *) addr, len);
740 #if defined(IPv6) && defined(AF_INET6)
741 if (family == FamilyInternet6)
742 /* IPv6 doesn't support broadcasting, so we drop out here */
745 if ((ifr->ifa_flags & IFF_BROADCAST) &&
746 (ifr->ifa_flags & IFF_UP) && ifr->ifa_broadaddr)
747 XdmcpRegisterBroadcastAddress((struct sockaddr_in *) ifr->
756 #endif /* HAVE_GETIFADDRS */
759 * add something of FamilyLocalHost
761 for (host = selfhosts;
762 host && !addrEqual(FamilyLocalHost, "", 0, host); host = host->next);
766 host->family = FamilyLocalHost;
768 /* Nothing to store in host->addr */
769 host->next = selfhosts;
774 #endif /* hpux && !HAVE_IFREQ */
778 AugmentSelf(pointer from, int len)
784 family = ConvertAddr(from, &len, (pointer *) &addr);
785 if (family == -1 || family == FamilyLocal)
787 for (host = selfhosts; host; host = host->next) {
788 if (addrEqual(family, addr, len, host))
794 host->family = family;
796 memcpy(host->addr, addr, len);
797 host->next = selfhosts;
807 for (self = selfhosts; self; self = self->next)
808 /* Fix for XFree86 bug #156: pass addingLocal = TRUE to
809 * NewHost to tell that we are adding the default local
810 * host entries and not to flag the entries as being
811 * explicitely requested */
812 (void) NewHost(self->family, self->addr, self->len, TRUE);
815 /* Reset access control list to initial hosts */
817 ResetHosts(char *display)
820 char lhostname[120], ohostname[120];
821 char *hostname = ohostname;
822 char fname[PATH_MAX + 1];
828 #if (defined(TCPCONN) || defined(STREAMSCONN) ) && \
829 (!defined(IPv6) || !defined(AF_INET6))
832 #if defined(TCPCONN) || defined(STREAMSCONN)
833 struct sockaddr_in in;
834 #endif /* TCPCONN || STREAMSCONN */
842 AccessEnabled = defeatAccessControl ? FALSE : DEFAULT_ACCESS_CONTROL;
843 LocalHostEnabled = FALSE;
844 while ((host = validhosts) != 0) {
845 validhosts = host->next;
849 #if defined WIN32 && defined __MINGW32__
850 #define ETC_HOST_PREFIX "X"
852 #define ETC_HOST_PREFIX "/etc/X"
854 #define ETC_HOST_SUFFIX ".hosts"
855 fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) +
857 if (fnamelen > sizeof(fname))
858 FatalError("Display name `%s' is too long\n", display);
859 snprintf(fname, sizeof(fname), ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX,
862 if ((fd = fopen(fname, "r")) != 0) {
863 while (fgets(ohostname, sizeof(ohostname), fd)) {
865 if (*ohostname == '#')
867 if ((ptr = strchr(ohostname, '\n')) != 0)
869 hostlen = strlen(ohostname) + 1;
870 for (i = 0; i < hostlen; i++)
871 lhostname[i] = tolower(ohostname[i]);
872 hostname = ohostname;
873 if (!strncmp("local:", lhostname, 6)) {
874 family = FamilyLocalHost;
875 NewHost(family, "", 0, FALSE);
876 LocalHostRequested = TRUE; /* Fix for XFree86 bug #156 */
878 #if defined(TCPCONN) || defined(STREAMSCONN)
879 else if (!strncmp("inet:", lhostname, 5)) {
880 family = FamilyInternet;
881 hostname = ohostname + 5;
883 #if defined(IPv6) && defined(AF_INET6)
884 else if (!strncmp("inet6:", lhostname, 6)) {
885 family = FamilyInternet6;
886 hostname = ohostname + 6;
891 else if (!strncmp("nis:", lhostname, 4)) {
892 family = FamilyNetname;
893 hostname = ohostname + 4;
896 else if (!strncmp("si:", lhostname, 3)) {
897 family = FamilyServerInterpreted;
898 hostname = ohostname + 3;
902 if (family == FamilyServerInterpreted) {
903 len = siCheckAddr(hostname, hostlen);
905 NewHost(family, hostname, len, FALSE);
910 if ((family == FamilyNetname) || (strchr(hostname, '@'))) {
912 (void) NewHost(FamilyNetname, hostname, strlen(hostname),
916 #endif /* SECURE_RPC */
917 #if defined(TCPCONN) || defined(STREAMSCONN)
919 #if defined(IPv6) && defined(AF_INET6)
920 if ((family == FamilyInternet) || (family == FamilyInternet6) ||
921 (family == FamilyWild)) {
922 struct addrinfo *addresses;
926 if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) {
927 for (a = addresses; a != NULL; a = a->ai_next) {
929 f = ConvertAddr(a->ai_addr, &len,
932 ((family == FamilyWild) && (f != -1))) {
933 NewHost(f, addr, len, FALSE);
936 freeaddrinfo(addresses);
940 #ifdef XTHREADS_NEEDS_BYNAMEPARAMS
941 _Xgethostbynameparams hparams;
943 register struct hostent *hp;
946 if ((family == FamilyInternet &&
947 ((hp = _XGethostbyname(hostname, hparams)) != 0)) ||
948 ((hp = _XGethostbyname(hostname, hparams)) != 0)) {
949 saddr.sa.sa_family = hp->h_addrtype;
950 len = sizeof(saddr.sa);
952 ConvertAddr(&saddr.sa, &len,
953 (pointer *) &addr)) != -1) {
954 #ifdef h_addr /* new 4.3bsd version of gethostent */
957 /* iterate over the addresses */
958 for (list = hp->h_addr_list; *list; list++)
959 (void) NewHost(family, (pointer) *list, len, FALSE);
961 (void) NewHost(family, (pointer) hp->h_addr, len,
968 #endif /* TCPCONN || STREAMSCONN */
975 /* Is client on the local host */
977 ComputeLocalClient(ClientPtr client)
979 int alen, family, notused;
980 Xtransaddr *from = NULL;
983 OsCommPtr oc = (OsCommPtr) client->osPrivate;
988 if (!_XSERVTransGetPeerAddr(oc->trans_conn, ¬used, &alen, &from)) {
989 family = ConvertAddr((struct sockaddr *) from,
990 &alen, (pointer *) &addr);
995 if (family == FamilyLocal) {
999 for (host = selfhosts; host; host = host->next) {
1000 if (addrEqual(family, addr, alen, host)) {
1011 LocalClient(ClientPtr client)
1013 if (!client->osPrivate)
1015 return ((OsCommPtr) client->osPrivate)->local_client;
1019 * Return the uid and gid of a connected local client
1021 * Used by XShm to test access rights to shared memory segments
1024 LocalClientCred(ClientPtr client, int *pUid, int *pGid)
1026 LocalClientCredRec *lcc;
1027 int ret = GetLocalClientCreds(client, &lcc);
1030 #ifdef HAVE_GETZONEID /* only local if in the same zone */
1031 if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) {
1032 FreeLocalClientCreds(lcc);
1036 if ((lcc->fieldsSet & LCC_UID_SET) && (pUid != NULL))
1038 if ((lcc->fieldsSet & LCC_GID_SET) && (pGid != NULL))
1040 FreeLocalClientCreds(lcc);
1046 * Return the uid and all gids of a connected local client
1047 * Allocates a LocalClientCredRec - caller must call FreeLocalClientCreds
1049 * Used by localuser & localgroup ServerInterpreted access control forms below
1050 * Used by AuthAudit to log who local connections came from
1053 GetLocalClientCreds(ClientPtr client, LocalClientCredRec ** lccp)
1055 #if defined(HAVE_GETPEEREID) || defined(HAVE_GETPEERUCRED) || defined(SO_PEERCRED)
1058 LocalClientCredRec *lcc;
1060 #ifdef HAVE_GETPEEREID
1063 #elif defined(HAVE_GETPEERUCRED)
1064 ucred_t *peercred = NULL;
1066 #elif defined(SO_PEERCRED)
1067 struct ucred peercred;
1068 socklen_t so_len = sizeof(peercred);
1073 ci = ((OsCommPtr) client->osPrivate)->trans_conn;
1074 #if !(defined(sun) && defined(HAVE_GETPEERUCRED))
1075 /* Most implementations can only determine peer credentials for Unix
1076 * domain sockets - Solaris getpeerucred can work with a bit more, so
1077 * we just let it tell us if the connection type is supported or not
1079 if (!_XSERVTransIsLocal(ci)) {
1084 *lccp = calloc(1, sizeof(LocalClientCredRec));
1089 fd = _XSERVTransGetConnectionNumber(ci);
1090 #ifdef HAVE_GETPEEREID
1091 if (getpeereid(fd, &uid, &gid) == -1) {
1092 FreeLocalClientCreds(lcc);
1097 lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET;
1099 #elif defined(HAVE_GETPEERUCRED)
1100 if (getpeerucred(fd, &peercred) < 0) {
1101 FreeLocalClientCreds(lcc);
1104 lcc->euid = ucred_geteuid(peercred);
1105 if (lcc->euid != -1)
1106 lcc->fieldsSet |= LCC_UID_SET;
1107 lcc->egid = ucred_getegid(peercred);
1108 if (lcc->egid != -1)
1109 lcc->fieldsSet |= LCC_GID_SET;
1110 lcc->pid = ucred_getpid(peercred);
1112 lcc->fieldsSet |= LCC_PID_SET;
1113 #ifdef HAVE_GETZONEID
1114 lcc->zoneid = ucred_getzoneid(peercred);
1115 if (lcc->zoneid != -1)
1116 lcc->fieldsSet |= LCC_ZID_SET;
1118 lcc->nSuppGids = ucred_getgroups(peercred, &gids);
1119 if (lcc->nSuppGids > 0) {
1120 lcc->pSuppGids = calloc(lcc->nSuppGids, sizeof(int));
1121 if (lcc->pSuppGids == NULL) {
1127 for (i = 0; i < lcc->nSuppGids; i++) {
1128 (lcc->pSuppGids)[i] = (int) gids[i];
1135 ucred_free(peercred);
1137 #elif defined(SO_PEERCRED)
1138 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1) {
1139 FreeLocalClientCreds(lcc);
1142 lcc->euid = peercred.uid;
1143 lcc->egid = peercred.gid;
1144 lcc->pid = peercred.pid;
1145 lcc->fieldsSet = LCC_UID_SET | LCC_GID_SET | LCC_PID_SET;
1149 /* No system call available to get the credentials of the peer */
1150 #define NO_LOCAL_CLIENT_CRED
1156 FreeLocalClientCreds(LocalClientCredRec * lcc)
1159 if (lcc->nSuppGids > 0) {
1160 free(lcc->pSuppGids);
1167 AuthorizedClient(ClientPtr client)
1171 if (!client || defeatAccessControl)
1174 /* untrusted clients can't change host access */
1175 rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
1179 return LocalClient(client) ? Success : BadAccess;
1182 /* Add a host to the access control list. This is the external interface
1183 * called from the dispatcher */
1186 AddHost(ClientPtr client, int family, unsigned length, /* of bytes in pAddr */
1191 rc = AuthorizedClient(client);
1195 case FamilyLocalHost:
1197 LocalHostEnabled = TRUE;
1205 case FamilyInternet:
1206 #if defined(IPv6) && defined(AF_INET6)
1207 case FamilyInternet6:
1211 case FamilyServerInterpreted:
1212 if ((len = CheckAddr(family, pAddr, length)) < 0) {
1213 client->errorValue = length;
1219 client->errorValue = family;
1222 if (NewHost(family, pAddr, len, FALSE))
1228 ForEachHostInFamily(int family, Bool (*func) (unsigned char * /* addr */ ,
1230 pointer /* closure */ ),
1235 for (host = validhosts; host; host = host->next)
1236 if (family == host->family && func(host->addr, host->len, closure))
1241 /* Add a host to the access control list. This is the internal interface
1242 * called when starting or resetting the server */
1244 NewHost(int family, const void *addr, int len, int addingLocalHosts)
1246 register HOST *host;
1248 for (host = validhosts; host; host = host->next) {
1249 if (addrEqual(family, addr, len, host))
1252 if (!addingLocalHosts) { /* Fix for XFree86 bug #156 */
1253 for (host = selfhosts; host; host = host->next) {
1254 if (addrEqual(family, addr, len, host)) {
1255 host->requested = TRUE;
1263 host->family = family;
1265 memcpy(host->addr, addr, len);
1266 host->next = validhosts;
1271 /* Remove a host from the access control list */
1274 RemoveHost(ClientPtr client, int family, unsigned length, /* of bytes in pAddr */
1278 register HOST *host, **prev;
1280 rc = AuthorizedClient(client);
1284 case FamilyLocalHost:
1286 LocalHostEnabled = FALSE;
1293 case FamilyInternet:
1294 #if defined(IPv6) && defined(AF_INET6)
1295 case FamilyInternet6:
1299 case FamilyServerInterpreted:
1300 if ((len = CheckAddr(family, pAddr, length)) < 0) {
1301 client->errorValue = length;
1307 client->errorValue = family;
1310 for (prev = &validhosts;
1311 (host = *prev) && (!addrEqual(family, pAddr, len, host));
1312 prev = &host->next);
1320 /* Get all hosts in the access control list */
1322 GetHosts(pointer *data, int *pnHosts, int *pLen, BOOL * pEnabled)
1326 register unsigned char *ptr;
1327 register HOST *host;
1330 *pEnabled = AccessEnabled ? EnableAccess : DisableAccess;
1331 for (host = validhosts; host; host = host->next) {
1333 n += pad_to_int32(host->len) + sizeof(xHostEntry);
1336 *data = ptr = malloc(n);
1340 for (host = validhosts; host; host = host->next) {
1342 ((xHostEntry *) ptr)->family = host->family;
1343 ((xHostEntry *) ptr)->length = len;
1344 ptr += sizeof(xHostEntry);
1345 memcpy(ptr, host->addr, len);
1346 ptr += pad_to_int32(len);
1357 /* Check for valid address family and length, and return address length. */
1359 /*ARGSUSED*/ static int
1360 CheckAddr(int family, const void *pAddr, unsigned length)
1365 #if defined(TCPCONN) || defined(STREAMSCONN)
1366 case FamilyInternet:
1367 if (length == sizeof(struct in_addr))
1372 #if defined(IPv6) && defined(AF_INET6)
1373 case FamilyInternet6:
1374 if (length == sizeof(struct in6_addr))
1381 case FamilyServerInterpreted:
1382 len = siCheckAddr(pAddr, length);
1390 /* Check if a host is not in the access control list.
1391 * Returns 1 if host is invalid, 0 if we've found it. */
1394 InvalidHost(register struct sockaddr *saddr, int len, ClientPtr client)
1398 register HOST *selfhost, *host;
1400 if (!AccessEnabled) /* just let them in */
1402 family = ConvertAddr(saddr, &len, (pointer *) &addr);
1405 if (family == FamilyLocal) {
1406 if (!LocalHostEnabled) {
1408 * check to see if any local address is enabled. This
1409 * implicitly enables local connections.
1411 for (selfhost = selfhosts; selfhost; selfhost = selfhost->next) {
1412 for (host = validhosts; host; host = host->next) {
1413 if (addrEqual(selfhost->family, selfhost->addr,
1414 selfhost->len, host))
1422 for (host = validhosts; host; host = host->next) {
1423 if (host->family == FamilyServerInterpreted) {
1424 if (siAddrMatch(family, addr, len, host, client)) {
1429 if (addrEqual(family, addr, len, host))
1438 ConvertAddr(register struct sockaddr *saddr, int *len, pointer *addr)
1442 switch (saddr->sa_family) {
1444 #if defined(UNIXCONN) || defined(LOCALCONN)
1448 #if defined(TCPCONN) || defined(STREAMSCONN)
1451 if (16777343 == *(long *) &((struct sockaddr_in *) saddr)->sin_addr)
1454 *len = sizeof(struct in_addr);
1455 *addr = (pointer) &(((struct sockaddr_in *) saddr)->sin_addr);
1456 return FamilyInternet;
1457 #if defined(IPv6) && defined(AF_INET6)
1460 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *) saddr;
1462 if (IN6_IS_ADDR_V4MAPPED(&(saddr6->sin6_addr))) {
1463 *len = sizeof(struct in_addr);
1464 *addr = (pointer) &(saddr6->sin6_addr.s6_addr[12]);
1465 return FamilyInternet;
1468 *len = sizeof(struct in6_addr);
1469 *addr = (pointer) &(saddr6->sin6_addr);
1470 return FamilyInternet6;
1481 ChangeAccessControl(ClientPtr client, int fEnabled)
1483 int rc = AuthorizedClient(client);
1487 AccessEnabled = fEnabled;
1491 /* returns FALSE if xhost + in effect, else TRUE */
1493 GetAccessControl(void)
1495 return AccessEnabled;
1498 /*****************************************************************************
1499 * FamilyServerInterpreted host entry implementation
1501 * Supports an extensible system of host types which the server can interpret
1502 * See the IPv6 extensions to the X11 protocol spec for the definition.
1504 * Currently supported schemes:
1506 * hostname - hostname as defined in IETF RFC 2396
1507 * ipv6 - IPv6 literal address as defined in IETF RFC's 3513 and <TBD>
1509 * See xc/doc/specs/SIAddresses for formal definitions of each type.
1512 /* These definitions and the siTypeAdd function could be exported in the
1513 * future to enable loading additional host types, but that was not done for
1514 * the initial implementation.
1516 typedef Bool (*siAddrMatchFunc) (int family, pointer addr, int len,
1517 const char *siAddr, int siAddrlen,
1518 ClientPtr client, void *siTypePriv);
1519 typedef int (*siCheckAddrFunc) (const char *addrString, int length,
1523 struct siType *next;
1524 const char *typeName;
1525 siAddrMatchFunc addrMatch;
1526 siCheckAddrFunc checkAddr;
1527 void *typePriv; /* Private data for type routines */
1530 static struct siType *siTypeList;
1533 siTypeAdd(const char *typeName, siAddrMatchFunc addrMatch,
1534 siCheckAddrFunc checkAddr, void *typePriv)
1536 struct siType *s, *p;
1538 if ((typeName == NULL) || (addrMatch == NULL) || (checkAddr == NULL))
1541 for (s = siTypeList, p = NULL; s != NULL; p = s, s = s->next) {
1542 if (strcmp(typeName, s->typeName) == 0) {
1543 s->addrMatch = addrMatch;
1544 s->checkAddr = checkAddr;
1545 s->typePriv = typePriv;
1550 s = malloc(sizeof(struct siType));
1560 s->typeName = typeName;
1561 s->addrMatch = addrMatch;
1562 s->checkAddr = checkAddr;
1563 s->typePriv = typePriv;
1567 /* Checks to see if a host matches a server-interpreted host entry */
1569 siAddrMatch(int family, pointer addr, int len, HOST * host, ClientPtr client)
1571 Bool matches = FALSE;
1573 const char *valueString;
1576 valueString = (const char *) memchr(host->addr, '\0', host->len);
1577 if (valueString != NULL) {
1578 for (s = siTypeList; s != NULL; s = s->next) {
1579 if (strcmp((char *) host->addr, s->typeName) == 0) {
1580 addrlen = host->len - (strlen((char *) host->addr) + 1);
1581 matches = s->addrMatch(family, addr, len,
1582 valueString + 1, addrlen, client,
1587 #ifdef FAMILY_SI_DEBUG
1588 ErrorF("Xserver: siAddrMatch(): type = %s, value = %*.*s -- %s\n",
1589 host->addr, addrlen, addrlen, valueString + 1,
1590 (matches) ? "accepted" : "rejected");
1597 siCheckAddr(const char *addrString, int length)
1599 const char *valueString;
1600 int addrlen, typelen;
1604 /* Make sure there is a \0 byte inside the specified length
1605 to separate the address type from the address value. */
1606 valueString = (const char *) memchr(addrString, '\0', length);
1607 if (valueString != NULL) {
1608 /* Make sure the first string is a recognized address type,
1609 * and the second string is a valid address of that type.
1611 typelen = strlen(addrString) + 1;
1612 addrlen = length - typelen;
1614 for (s = siTypeList; s != NULL; s = s->next) {
1615 if (strcmp(addrString, s->typeName) == 0) {
1616 len = s->checkAddr(valueString + 1, addrlen, s->typePriv);
1623 #ifdef FAMILY_SI_DEBUG
1625 const char *resultMsg;
1628 resultMsg = "type not registered";
1632 resultMsg = "rejected";
1634 resultMsg = "accepted";
1638 ("Xserver: siCheckAddr(): type = %s, value = %*.*s, len = %d -- %s\n",
1639 addrString, addrlen, addrlen, valueString + 1, len, resultMsg);
1647 * Hostname server-interpreted host type
1649 * Stored as hostname string, explicitly defined to be resolved ONLY
1650 * at access check time, to allow for hosts with dynamic addresses
1651 * but static hostnames, such as found in some DHCP & mobile setups.
1653 * Hostname must conform to IETF RFC 2396 sec. 3.2.2, which defines it as:
1654 * hostname = *( domainlabel "." ) toplabel [ "." ]
1655 * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
1656 * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
1660 #define SI_HOSTNAME_MAXLEN NI_MAXHOST
1662 #ifdef MAXHOSTNAMELEN
1663 #define SI_HOSTNAME_MAXLEN MAXHOSTNAMELEN
1665 #define SI_HOSTNAME_MAXLEN 256
1670 siHostnameAddrMatch(int family, pointer addr, int len,
1671 const char *siAddr, int siAddrLen, ClientPtr client,
1676 /* Currently only supports checking against IPv4 & IPv6 connections, but
1677 * support for other address families, such as DECnet, could be added if
1680 #if defined(IPv6) && defined(AF_INET6)
1681 if ((family == FamilyInternet) || (family == FamilyInternet6)) {
1682 char hostname[SI_HOSTNAME_MAXLEN];
1683 struct addrinfo *addresses;
1688 if (siAddrLen >= sizeof(hostname))
1691 strlcpy(hostname, siAddr, siAddrLen + 1);
1693 if (getaddrinfo(hostname, NULL, NULL, &addresses) == 0) {
1694 for (a = addresses; a != NULL; a = a->ai_next) {
1695 hostaddrlen = a->ai_addrlen;
1696 f = ConvertAddr(a->ai_addr, &hostaddrlen, &hostaddr);
1697 if ((f == family) && (len == hostaddrlen) &&
1698 (memcmp(addr, hostaddr, len) == 0)) {
1703 freeaddrinfo(addresses);
1706 #else /* IPv6 not supported, use gethostbyname instead for IPv4 */
1707 if (family == FamilyInternet) {
1708 register struct hostent *hp;
1710 #ifdef XTHREADS_NEEDS_BYNAMEPARAMS
1711 _Xgethostbynameparams hparams;
1713 char hostname[SI_HOSTNAME_MAXLEN];
1716 const char **addrlist;
1718 if (siAddrLen >= sizeof(hostname))
1721 strlcpy(hostname, siAddr, siAddrLen + 1);
1723 if ((hp = _XGethostbyname(hostname, hparams)) != NULL) {
1724 #ifdef h_addr /* new 4.3bsd version of gethostent */
1725 /* iterate over the addresses */
1726 for (addrlist = hp->h_addr_list; *addrlist; addrlist++)
1728 addrlist = &hp->h_addr;
1731 struct sockaddr_in sin;
1733 sin.sin_family = hp->h_addrtype;
1734 memcpy(&(sin.sin_addr), *addrlist, hp->h_length);
1735 hostaddrlen = sizeof(sin);
1736 f = ConvertAddr((struct sockaddr *) &sin,
1737 &hostaddrlen, &hostaddr);
1738 if ((f == family) && (len == hostaddrlen) &&
1739 (memcmp(addr, hostaddr, len) == 0)) {
1751 siHostnameCheckAddr(const char *valueString, int length, void *typePriv)
1753 /* Check conformance of hostname to RFC 2396 sec. 3.2.2 definition.
1754 * We do not use ctype functions here to avoid locale-specific
1755 * character sets. Hostnames must be pure ASCII.
1759 Bool dotAllowed = FALSE;
1760 Bool dashAllowed = FALSE;
1762 if ((length <= 0) || (length >= SI_HOSTNAME_MAXLEN)) {
1766 for (i = 0; i < length; i++) {
1767 char c = valueString[i];
1769 if (c == 0x2E) { /* '.' */
1770 if (dotAllowed == FALSE) {
1776 dashAllowed = FALSE;
1779 else if (c == 0x2D) { /* '-' */
1780 if (dashAllowed == FALSE) {
1788 else if (((c >= 0x30) && (c <= 0x3A)) /* 0-9 */ ||
1789 ((c >= 0x61) && (c <= 0x7A)) /* a-z */ ||
1790 ((c >= 0x41) && (c <= 0x5A)) /* A-Z */ ) {
1794 else { /* Invalid character */
1803 #if defined(IPv6) && defined(AF_INET6)
1805 * "ipv6" server interpreted type
1807 * Currently supports only IPv6 literal address as specified in IETF RFC 3513
1809 * Once draft-ietf-ipv6-scoping-arch-00.txt becomes an RFC, support will be
1810 * added for the scoped address format it specifies.
1813 /* Maximum length of an IPv6 address string - increase when adding support
1814 * for scoped address qualifiers. Includes room for trailing NUL byte.
1816 #define SI_IPv6_MAXLEN INET6_ADDRSTRLEN
1819 siIPv6AddrMatch(int family, pointer addr, int len,
1820 const char *siAddr, int siAddrlen, ClientPtr client,
1823 struct in6_addr addr6;
1824 char addrbuf[SI_IPv6_MAXLEN];
1826 if ((family != FamilyInternet6) || (len != sizeof(addr6)))
1829 memcpy(addrbuf, siAddr, siAddrlen);
1830 addrbuf[siAddrlen] = '\0';
1832 if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) {
1833 perror("inet_pton");
1837 if (memcmp(addr, &addr6, len) == 0) {
1846 siIPv6CheckAddr(const char *addrString, int length, void *typePriv)
1850 /* Minimum length is 3 (smallest legal address is "::1") */
1852 /* Address is too short! */
1855 else if (length >= SI_IPv6_MAXLEN) {
1856 /* Address is too long! */
1860 /* Assume inet_pton is sufficient validation */
1861 struct in6_addr addr6;
1862 char addrbuf[SI_IPv6_MAXLEN];
1864 memcpy(addrbuf, addrString, length);
1865 addrbuf[length] = '\0';
1867 if (inet_pton(AF_INET6, addrbuf, &addr6) != 1) {
1868 perror("inet_pton");
1879 #if !defined(NO_LOCAL_CLIENT_CRED)
1881 * "localuser" & "localgroup" server interpreted types
1883 * Allows local connections from a given local user or group
1889 #define LOCAL_USER 1
1890 #define LOCAL_GROUP 2
1894 } siLocalCredPrivRec, *siLocalCredPrivPtr;
1896 static siLocalCredPrivRec siLocalUserPriv = { LOCAL_USER };
1897 static siLocalCredPrivRec siLocalGroupPriv = { LOCAL_GROUP };
1900 siLocalCredGetId(const char *addr, int len, siLocalCredPrivPtr lcPriv, int *id)
1902 Bool parsedOK = FALSE;
1903 char *addrbuf = malloc(len + 1);
1905 if (addrbuf == NULL) {
1909 memcpy(addrbuf, addr, len);
1910 addrbuf[len] = '\0';
1912 if (addr[0] == '#') { /* numeric id */
1916 *id = strtol(addrbuf + 1, &cp, 0);
1917 if ((errno == 0) && (cp != (addrbuf + 1))) {
1921 else { /* non-numeric name */
1922 if (lcPriv->credType == LOCAL_USER) {
1923 struct passwd *pw = getpwnam(addrbuf);
1926 *id = (int) pw->pw_uid;
1931 struct group *gr = getgrnam(addrbuf);
1934 *id = (int) gr->gr_gid;
1945 siLocalCredAddrMatch(int family, pointer addr, int len,
1946 const char *siAddr, int siAddrlen, ClientPtr client,
1950 LocalClientCredRec *lcc;
1951 siLocalCredPrivPtr lcPriv = (siLocalCredPrivPtr) typePriv;
1953 if (GetLocalClientCreds(client, &lcc) == -1) {
1957 #ifdef HAVE_GETZONEID /* Ensure process is in the same zone */
1958 if ((lcc->fieldsSet & LCC_ZID_SET) && (lcc->zoneid != getzoneid())) {
1959 FreeLocalClientCreds(lcc);
1964 if (siLocalCredGetId(siAddr, siAddrlen, lcPriv, &siAddrId) == FALSE) {
1965 FreeLocalClientCreds(lcc);
1969 if (lcPriv->credType == LOCAL_USER) {
1970 if ((lcc->fieldsSet & LCC_UID_SET) && (lcc->euid == siAddrId)) {
1971 FreeLocalClientCreds(lcc);
1976 if ((lcc->fieldsSet & LCC_GID_SET) && (lcc->egid == siAddrId)) {
1977 FreeLocalClientCreds(lcc);
1980 if (lcc->pSuppGids != NULL) {
1983 for (i = 0; i < lcc->nSuppGids; i++) {
1984 if (lcc->pSuppGids[i] == siAddrId) {
1985 FreeLocalClientCreds(lcc);
1991 FreeLocalClientCreds(lcc);
1996 siLocalCredCheckAddr(const char *addrString, int length, void *typePriv)
2001 if (siLocalCredGetId(addrString, length,
2002 (siLocalCredPrivPtr) typePriv, &id) == FALSE) {
2007 #endif /* localuser */
2010 siTypesInitialize(void)
2012 siTypeAdd("hostname", siHostnameAddrMatch, siHostnameCheckAddr, NULL);
2013 #if defined(IPv6) && defined(AF_INET6)
2014 siTypeAdd("ipv6", siIPv6AddrMatch, siIPv6CheckAddr, NULL);
2016 #if !defined(NO_LOCAL_CLIENT_CRED)
2017 siTypeAdd("localuser", siLocalCredAddrMatch, siLocalCredCheckAddr,
2019 siTypeAdd("localgroup", siLocalCredAddrMatch, siLocalCredCheckAddr,
projects / framework / uifw / xorg / server / xorg-server.git / blob