Status SetAuthentication_local (int count, IceListenObj *listenObjs) { int i; for (i = 0; i < count; i ++) { char *prot = IceGetListenConnectionString(listenObjs[i]); if (!prot) continue; char *host = strchr(prot, '/'); char *sock = 0; if (host) { *host=0; host++; sock = strchr(host, ':'); if (sock) { *sock = 0; sock++; } } kDebug( 1218 ) << "KSMServer: SetAProc_loc: conn " << (unsigned)i << ", prot=" << prot << ", file=" << sock; if (sock && !strcmp(prot, "local")) { chmod(sock, 0700); } IceSetHostBasedAuthProc (listenObjs[i], HostBasedAuthProc); free(prot); } return 1; }
Status SetAuthentication (int count, IceListenObj *listenObjs, IceAuthDataEntry **authDataEntries) { KTemporaryFile addTempFile; remTempFile = new KTemporaryFile; if (!addTempFile.open() || !remTempFile->open()) return 0; if ((*authDataEntries = (IceAuthDataEntry *) malloc ( count * 2 * sizeof (IceAuthDataEntry))) == NULL) return 0; FILE *addAuthFile = fopen(QFile::encodeName(addTempFile.fileName()), "r+"); FILE *remAuthFile = fopen(QFile::encodeName(remTempFile->fileName()), "r+"); for (int i = 0; i < numTransports * 2; i += 2) { (*authDataEntries)[i].network_id = IceGetListenConnectionString (listenObjs[i/2]); (*authDataEntries)[i].protocol_name = (char *) "ICE"; (*authDataEntries)[i].auth_name = (char *) "MIT-MAGIC-COOKIE-1"; (*authDataEntries)[i].auth_data = IceGenerateMagicCookie (MAGIC_COOKIE_LEN); (*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN; (*authDataEntries)[i+1].network_id = IceGetListenConnectionString (listenObjs[i/2]); (*authDataEntries)[i+1].protocol_name = (char *) "XSMP"; (*authDataEntries)[i+1].auth_name = (char *) "MIT-MAGIC-COOKIE-1"; (*authDataEntries)[i+1].auth_data = IceGenerateMagicCookie (MAGIC_COOKIE_LEN); (*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN; write_iceauth (addAuthFile, remAuthFile, &(*authDataEntries)[i]); write_iceauth (addAuthFile, remAuthFile, &(*authDataEntries)[i+1]); IceSetPaAuthData (2, &(*authDataEntries)[i]); IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc); } fclose(addAuthFile); fclose(remAuthFile); QString iceAuth = KGlobal::dirs()->findExe("iceauth"); if (iceAuth.isEmpty()) { qWarning("KSMServer: could not find iceauth"); return 0; } KProcess p; p << iceAuth << "source" << addTempFile.fileName(); p.execute(); return (1); }
/* * Provide authentication data to clients that wish to connect */ Status SetAuthentication ( int count, IceListenObj *listenObjs, IceAuthDataEntry **authDataEntries) { int i; int nEntries = count * 2; if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc ( nEntries * sizeof (IceAuthDataEntry))) == NULL) return 0; for (i = 0; i < nEntries; i += 2) { (*authDataEntries)[i].network_id = IceGetListenConnectionString (listenObjs[i/2]); (*authDataEntries)[i].protocol_name = "ICE"; (*authDataEntries)[i].auth_name = "MIT-MAGIC-COOKIE-1"; (*authDataEntries)[i].auth_data = IceGenerateMagicCookie (MAGIC_COOKIE_LEN); (*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN; (*authDataEntries)[i+1].network_id = IceGetListenConnectionString (listenObjs[i/2]); (*authDataEntries)[i+1].protocol_name = "XSMP"; (*authDataEntries)[i+1].auth_name = "MIT-MAGIC-COOKIE-1"; (*authDataEntries)[i+1].auth_data = IceGenerateMagicCookie (MAGIC_COOKIE_LEN); (*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN; IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc); } /* Merge new entries into auth file. */ if (!writeIceauth(nEntries, *authDataEntries, 0)) return 0; IceSetPaAuthData(nEntries, *authDataEntries); return 1; }
int doSetupPMListen( char * pm_port, int * size_pm_listen_array, int ** pm_listen_array, IceListenObj ** listen_objects, int * nfds, fd_set * rinit) { int num_fds_returned; char errormsg[256]; int fd_counter; IceListenObj * temp_obj; /* * establish PM listeners */ if (!IceListenForWellKnownConnections(pm_port, &num_fds_returned, listen_objects, 256, errormsg)) { (void) fprintf(stderr, "IceListenForWellKnowConnections error: %s\n", errormsg); return 0; } /* * Create space for pm_listen_array */ *pm_listen_array = (int *) malloc (num_fds_returned * sizeof (int *)); if (!pm_listen_array) { (void) fprintf (stderr, "malloc - pm_listen_array\n"); return 0; } *size_pm_listen_array = num_fds_returned; /* * obtain the PM listen fd's for the connection objects */ for (fd_counter = 0; fd_counter < num_fds_returned; fd_counter++) { /* * get fd(s) for PM listen (could be more than one if different * transport mechanisms) */ temp_obj = *listen_objects; IceSetHostBasedAuthProc(temp_obj[fd_counter], FWPHostBasedAuthProc); (*pm_listen_array)[fd_counter] = IceGetListenConnectionNumber(temp_obj[fd_counter]); /* * set all read mask bits on which we are going to select(); * [NOTE: We don't care about write bits here because we don't * use select() to manage writing to the PM] */ FD_SET((*pm_listen_array)[fd_counter], rinit); /* * compute nfds for select() */ *nfds = max(*nfds, (*pm_listen_array)[fd_counter] + 1); } return 1; }
Status SetAuthentication(int count, IceListenObj *listenObjs, IceAuthDataEntry **authDataEntries) { FILE *addfp = NULL; FILE *removefp = NULL; const char *path; mode_t original_umask; char command[256]; int i; #ifdef HAVE_MKSTEMP int fd; #endif original_umask = umask (0077); /* disallow non-owner access */ path = getenv ("SM_SAVE_DIR"); if (!path) { path = getenv ("HOME"); if (!path) path = "."; } #ifndef HAVE_MKSTEMP if ((addAuthFile = unique_filename (path, ".xsm")) == NULL) goto bad; if (!(addfp = fopen (addAuthFile, "w"))) goto bad; fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC); if ((remAuthFile = unique_filename (path, ".xsm")) == NULL) goto bad; if (!(removefp = fopen (remAuthFile, "w"))) goto bad; fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC); #else if ((addAuthFile = unique_filename (path, ".xsm", &fd)) == NULL) goto bad; if (!(addfp = fdopen(fd, "wb"))) goto bad; fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC); if ((remAuthFile = unique_filename (path, ".xsm", &fd)) == NULL) goto bad; if (!(removefp = fdopen(fd, "wb"))) goto bad; fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC); #endif if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc ( count * 2 * sizeof (IceAuthDataEntry))) == NULL) goto bad; for (i = 0; i < count * 2; i += 2) { (*authDataEntries)[i].network_id = IceGetListenConnectionString (listenObjs[i/2]); (*authDataEntries)[i].protocol_name = "ICE"; (*authDataEntries)[i].auth_name = "MIT-MAGIC-COOKIE-1"; (*authDataEntries)[i].auth_data = IceGenerateMagicCookie (MAGIC_COOKIE_LEN); (*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN; (*authDataEntries)[i+1].network_id = IceGetListenConnectionString (listenObjs[i/2]); (*authDataEntries)[i+1].protocol_name = "XSMP"; (*authDataEntries)[i+1].auth_name = "MIT-MAGIC-COOKIE-1"; (*authDataEntries)[i+1].auth_data = IceGenerateMagicCookie (MAGIC_COOKIE_LEN); (*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN; write_iceauth (addfp, removefp, &(*authDataEntries)[i]); write_iceauth (addfp, removefp, &(*authDataEntries)[i+1]); IceSetPaAuthData (2, &(*authDataEntries)[i]); IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc); } fclose (addfp); fclose (removefp); umask (original_umask); snprintf (command, sizeof(command), "iceauth source %s", addAuthFile); execute_system_command (command); remove (addAuthFile); return (1); bad: if (addfp) fclose (addfp); if (removefp) fclose (removefp); if (addAuthFile) { remove (addAuthFile); free (addAuthFile); } if (remAuthFile) { remove (remAuthFile); free (remAuthFile); } return (0); }
gboolean ice_setup_listeners (int num_listeners, IceListenObj *listen_objs, XfsmManager *manager) { GIOChannel *channel; char *auth_setup_file; gchar *command; FILE *cleanup_fp; FILE *setup_fp; int fd; int n; IceSetIOErrorHandler (ice_error_handler); IceAddConnectionWatch (ice_connection_watch, manager); cleanup_fp = ice_tmpfile(&auth_cleanup_file); if (cleanup_fp == NULL) return FALSE; setup_fp = ice_tmpfile(&auth_setup_file); if (setup_fp == NULL) { fclose (cleanup_fp); unlink (auth_cleanup_file); g_free (auth_cleanup_file); return FALSE; } for (n = 0; n < num_listeners; n++) { fd = IceGetListenConnectionNumber (listen_objs[n]); /* Make sure we don't pass on these file descriptors to an * exec'd child process. */ fcntl (fd, F_SETFD, fcntl (fd, F_GETFD, 0) | FD_CLOEXEC); channel = g_io_channel_unix_new (fd); g_io_add_watch (channel, G_IO_ERR | G_IO_HUP | G_IO_IN, ice_connection_accept, listen_objs[n]); g_io_channel_unref (channel); /* setup auth for this listener */ ice_auth_add (setup_fp, cleanup_fp, "ICE", listen_objs[n]); ice_auth_add (setup_fp, cleanup_fp, "XSMP", listen_objs[n]); IceSetHostBasedAuthProc (listen_objs[n], ice_auth_proc); } fclose (setup_fp); fclose (cleanup_fp); /* setup ICE authority and remove setup file */ command = g_strdup_printf ("%s source %s", ICEAUTH_CMD, auth_setup_file); if (system (command) != 0) { g_warning ("Failed to setup the ICE authentication data, session " "management might not work properly."); } g_free (command); unlink (auth_setup_file); g_free (auth_setup_file); return TRUE; }