Status SetAuthentication_local (int count, IceListenObj *listenObjs)
{
int i;
for (i = 0; i < count; i ++) {
char *prot = IceGetListenConnectionString(listenObjs[i]);
if (!prot) continue;
char *host = strchr(prot, '/');
char *sock = 0;
if (host) {
*host=0;
host++;
sock = strchr(host, ':');
if (sock) {
*sock = 0;
sock++;
}
}
kDebug( 1218 ) << "KSMServer: SetAProc_loc: conn " << (unsigned)i << ", prot=" << prot << ", file=" << sock;
if (sock && !strcmp(prot, "local")) {
chmod(sock, 0700);
}
IceSetHostBasedAuthProc (listenObjs[i], HostBasedAuthProc);
free(prot);
}
return 1;
}
Status SetAuthentication (int count, IceListenObj *listenObjs,
IceAuthDataEntry **authDataEntries)
{
KTemporaryFile addTempFile;
remTempFile = new KTemporaryFile;
if (!addTempFile.open() || !remTempFile->open())
return 0;
if ((*authDataEntries = (IceAuthDataEntry *) malloc (
count * 2 * sizeof (IceAuthDataEntry))) == NULL)
return 0;
FILE *addAuthFile = fopen(QFile::encodeName(addTempFile.fileName()), "r+");
FILE *remAuthFile = fopen(QFile::encodeName(remTempFile->fileName()), "r+");
for (int i = 0; i < numTransports * 2; i += 2) {
(*authDataEntries)[i].network_id =
IceGetListenConnectionString (listenObjs[i/2]);
(*authDataEntries)[i].protocol_name = (char *) "ICE";
(*authDataEntries)[i].auth_name = (char *) "MIT-MAGIC-COOKIE-1";
(*authDataEntries)[i].auth_data =
IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
(*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN;
(*authDataEntries)[i+1].network_id =
IceGetListenConnectionString (listenObjs[i/2]);
(*authDataEntries)[i+1].protocol_name = (char *) "XSMP";
(*authDataEntries)[i+1].auth_name = (char *) "MIT-MAGIC-COOKIE-1";
(*authDataEntries)[i+1].auth_data =
IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
(*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN;
write_iceauth (addAuthFile, remAuthFile, &(*authDataEntries)[i]);
write_iceauth (addAuthFile, remAuthFile, &(*authDataEntries)[i+1]);
IceSetPaAuthData (2, &(*authDataEntries)[i]);
IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc);
}
fclose(addAuthFile);
fclose(remAuthFile);
QString iceAuth = KGlobal::dirs()->findExe("iceauth");
if (iceAuth.isEmpty())
{
qWarning("KSMServer: could not find iceauth");
return 0;
}
KProcess p;
p << iceAuth << "source" << addTempFile.fileName();
p.execute();
return (1);
}
/*
* Provide authentication data to clients that wish to connect
*/
Status
SetAuthentication (
int count,
IceListenObj *listenObjs,
IceAuthDataEntry **authDataEntries)
{
int i;
int nEntries = count * 2;
if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc (
nEntries * sizeof (IceAuthDataEntry))) == NULL)
return 0;
for (i = 0; i < nEntries; i += 2)
{
(*authDataEntries)[i].network_id =
IceGetListenConnectionString (listenObjs[i/2]);
(*authDataEntries)[i].protocol_name = "ICE";
(*authDataEntries)[i].auth_name = "MIT-MAGIC-COOKIE-1";
(*authDataEntries)[i].auth_data =
IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
(*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN;
(*authDataEntries)[i+1].network_id =
IceGetListenConnectionString (listenObjs[i/2]);
(*authDataEntries)[i+1].protocol_name = "XSMP";
(*authDataEntries)[i+1].auth_name = "MIT-MAGIC-COOKIE-1";
(*authDataEntries)[i+1].auth_data =
IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
(*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN;
IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc);
}
/* Merge new entries into auth file. */
if (!writeIceauth(nEntries, *authDataEntries, 0))
return 0;
IceSetPaAuthData(nEntries, *authDataEntries);
return 1;
}
int
doSetupPMListen(
char * pm_port,
int * size_pm_listen_array,
int ** pm_listen_array,
IceListenObj ** listen_objects,
int * nfds,
fd_set * rinit)
{
int num_fds_returned;
char errormsg[256];
int fd_counter;
IceListenObj * temp_obj;
/*
* establish PM listeners
*/
if (!IceListenForWellKnownConnections(pm_port,
&num_fds_returned,
listen_objects,
256,
errormsg))
{
(void) fprintf(stderr, "IceListenForWellKnowConnections error: %s\n",
errormsg);
return 0;
}
/*
* Create space for pm_listen_array
*/
*pm_listen_array = (int *) malloc (num_fds_returned * sizeof (int *));
if (!pm_listen_array)
{
(void) fprintf (stderr, "malloc - pm_listen_array\n");
return 0;
}
*size_pm_listen_array = num_fds_returned;
/*
* obtain the PM listen fd's for the connection objects
*/
for (fd_counter = 0; fd_counter < num_fds_returned; fd_counter++)
{
/*
* get fd(s) for PM listen (could be more than one if different
* transport mechanisms)
*/
temp_obj = *listen_objects;
IceSetHostBasedAuthProc(temp_obj[fd_counter], FWPHostBasedAuthProc);
(*pm_listen_array)[fd_counter] =
IceGetListenConnectionNumber(temp_obj[fd_counter]);
/*
* set all read mask bits on which we are going to select();
* [NOTE: We don't care about write bits here because we don't
* use select() to manage writing to the PM]
*/
FD_SET((*pm_listen_array)[fd_counter], rinit);
/*
* compute nfds for select()
*/
*nfds = max(*nfds, (*pm_listen_array)[fd_counter] + 1);
}
return 1;
}
Status
SetAuthentication(int count, IceListenObj *listenObjs,
IceAuthDataEntry **authDataEntries)
{
FILE *addfp = NULL;
FILE *removefp = NULL;
const char *path;
mode_t original_umask;
char command[256];
int i;
#ifdef HAVE_MKSTEMP
int fd;
#endif
original_umask = umask (0077); /* disallow non-owner access */
path = getenv ("SM_SAVE_DIR");
if (!path)
{
path = getenv ("HOME");
if (!path)
path = ".";
}
#ifndef HAVE_MKSTEMP
if ((addAuthFile = unique_filename (path, ".xsm")) == NULL)
goto bad;
if (!(addfp = fopen (addAuthFile, "w")))
goto bad;
fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
if ((remAuthFile = unique_filename (path, ".xsm")) == NULL)
goto bad;
if (!(removefp = fopen (remAuthFile, "w")))
goto bad;
fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC);
#else
if ((addAuthFile = unique_filename (path, ".xsm", &fd)) == NULL)
goto bad;
if (!(addfp = fdopen(fd, "wb")))
goto bad;
fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
if ((remAuthFile = unique_filename (path, ".xsm", &fd)) == NULL)
goto bad;
if (!(removefp = fdopen(fd, "wb")))
goto bad;
fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC);
#endif
if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc (
count * 2 * sizeof (IceAuthDataEntry))) == NULL)
goto bad;
for (i = 0; i < count * 2; i += 2)
{
(*authDataEntries)[i].network_id =
IceGetListenConnectionString (listenObjs[i/2]);
(*authDataEntries)[i].protocol_name = "ICE";
(*authDataEntries)[i].auth_name = "MIT-MAGIC-COOKIE-1";
(*authDataEntries)[i].auth_data =
IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
(*authDataEntries)[i].auth_data_length = MAGIC_COOKIE_LEN;
(*authDataEntries)[i+1].network_id =
IceGetListenConnectionString (listenObjs[i/2]);
(*authDataEntries)[i+1].protocol_name = "XSMP";
(*authDataEntries)[i+1].auth_name = "MIT-MAGIC-COOKIE-1";
(*authDataEntries)[i+1].auth_data =
IceGenerateMagicCookie (MAGIC_COOKIE_LEN);
(*authDataEntries)[i+1].auth_data_length = MAGIC_COOKIE_LEN;
write_iceauth (addfp, removefp, &(*authDataEntries)[i]);
write_iceauth (addfp, removefp, &(*authDataEntries)[i+1]);
IceSetPaAuthData (2, &(*authDataEntries)[i]);
IceSetHostBasedAuthProc (listenObjs[i/2], HostBasedAuthProc);
}
fclose (addfp);
fclose (removefp);
umask (original_umask);
snprintf (command, sizeof(command), "iceauth source %s", addAuthFile);
execute_system_command (command);
remove (addAuthFile);
return (1);
bad:
if (addfp)
fclose (addfp);
if (removefp)
fclose (removefp);
if (addAuthFile)
{
remove (addAuthFile);
free (addAuthFile);
}
if (remAuthFile)
{
remove (remAuthFile);
free (remAuthFile);
}
return (0);
}
gboolean
ice_setup_listeners (int num_listeners,
IceListenObj *listen_objs,
XfsmManager *manager)
{
GIOChannel *channel;
char *auth_setup_file;
gchar *command;
FILE *cleanup_fp;
FILE *setup_fp;
int fd;
int n;
IceSetIOErrorHandler (ice_error_handler);
IceAddConnectionWatch (ice_connection_watch, manager);
cleanup_fp = ice_tmpfile(&auth_cleanup_file);
if (cleanup_fp == NULL)
return FALSE;
setup_fp = ice_tmpfile(&auth_setup_file);
if (setup_fp == NULL)
{
fclose (cleanup_fp);
unlink (auth_cleanup_file);
g_free (auth_cleanup_file);
return FALSE;
}
for (n = 0; n < num_listeners; n++)
{
fd = IceGetListenConnectionNumber (listen_objs[n]);
/* Make sure we don't pass on these file descriptors to an
* exec'd child process.
*/
fcntl (fd, F_SETFD, fcntl (fd, F_GETFD, 0) | FD_CLOEXEC);
channel = g_io_channel_unix_new (fd);
g_io_add_watch (channel, G_IO_ERR | G_IO_HUP | G_IO_IN,
ice_connection_accept,
listen_objs[n]);
g_io_channel_unref (channel);
/* setup auth for this listener */
ice_auth_add (setup_fp, cleanup_fp, "ICE", listen_objs[n]);
ice_auth_add (setup_fp, cleanup_fp, "XSMP", listen_objs[n]);
IceSetHostBasedAuthProc (listen_objs[n], ice_auth_proc);
}
fclose (setup_fp);
fclose (cleanup_fp);
/* setup ICE authority and remove setup file */
command = g_strdup_printf ("%s source %s", ICEAUTH_CMD, auth_setup_file);
if (system (command) != 0)
{
g_warning ("Failed to setup the ICE authentication data, session "
"management might not work properly.");
}
g_free (command);
unlink (auth_setup_file);
g_free (auth_setup_file);
return TRUE;
}
