1/* 2 * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34/* $Id$ */ 35 36#ifdef HAVE_CONFIG_H 37#include "config.h" 38#endif /* HAVE_CONFIG_H */ 39 40#include <stdio.h> 41#include <stdarg.h> 42#include <stdlib.h> 43#include <string.h> 44#include <signal.h> 45#include <errno.h> 46#ifdef HAVE_UNISTD_H 47#include <unistd.h> 48#endif 49#ifdef HAVE_PWD_H 50#include <pwd.h> 51#endif 52#ifdef HAVE_GRP_H 53#include <grp.h> 54#endif 55#ifdef HAVE_SYSLOG_H 56#include <syslog.h> 57#endif 58#ifdef HAVE_SYS_TYPES_H 59#include <sys/types.h> 60#endif 61#ifdef TIME_WITH_SYS_TIME 62#include <sys/time.h> 63#include <time.h> 64#elif defined(HAVE_SYS_TIME_H) 65#include <sys/time.h> 66#else 67#include <time.h> 68#endif 69#ifdef HAVE_SYS_RESOURCE_H 70#include <sys/resource.h> 71#endif 72#ifdef HAVE_SYS_SELECT_H 73#include <sys/select.h> 74#endif 75#ifdef HAVE_SYS_WAIT_H 76#include <sys/wait.h> 77#endif 78#ifdef HAVE_SYS_STAT_H 79#include <sys/stat.h> 80#endif 81#ifdef HAVE_SYS_SOCKET_H 82#include <sys/socket.h> 83#endif 84#ifdef HAVE_NETINET_IN_H 85#include <netinet/in.h> 86#endif 87#ifdef HAVE_NETINET_TCP_H 88#include <netinet/tcp.h> 89#endif 90#ifdef HAVE_ARPA_INET_H 91#include <arpa/inet.h> 92#endif 93#ifdef HAVE_NETDB_H 94#include <netdb.h> 95#endif 96#ifdef HAVE_SYS_UN_H 97#include <sys/un.h> 98#endif 99#include <X11/X.h> 100#include <X11/Xlib.h> 101#include <X11/Xauth.h> 102 103#ifdef HAVE_SYS_STREAM_H 104#include <sys/stream.h> 105#endif 106#ifdef HAVE_SYS_STROPTS_H 107#include <sys/stropts.h> 108#endif 109 110/* defined by aix's sys/stream.h and again by arpa/nameser.h */ 111 112#undef NOERROR 113 114/* as far as we know, this is only used with later versions of Slowlaris */ 115#if SunOS >= 50 && defined(HAVE_SYS_STROPTS_H) && defined(HAVE_FATTACH) && defined(I_PUSH) 116#define MAY_HAVE_X11_PIPES 117#endif 118 119#ifdef SOCKS 120#include <socks.h> 121/* This doesn't belong here. */ 122struct tm *localtime(const time_t *); 123struct hostent *gethostbyname(const char *); 124#endif 125 126#ifdef KRB5 127#include <krb5.h> 128#endif 129 130#include <err.h> 131#include <getarg.h> 132#include <roken.h> 133 134struct x_socket { 135 char *pathname; 136 int fd; 137 enum { 138 LISTENP = 0x80, 139 TCP = LISTENP | 1, 140 UNIX_SOCKET = LISTENP | 2, 141 STREAM_PIPE = 3 142 } flags; 143}; 144 145extern char x_socket[]; 146extern uint32_t display_num; 147extern char display[]; 148extern int display_size; 149extern char xauthfile[]; 150extern int xauthfile_size; 151extern u_char cookie[]; 152extern size_t cookie_len; 153 154int get_xsockets (int *number, struct x_socket **sockets, int tcpp); 155int chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid); 156 157int connect_local_xsocket (unsigned dnr); 158int create_and_write_cookie (char *file, 159 size_t file_size, 160 u_char *cookie_buf, 161 size_t sz); 162int verify_and_remove_cookies (int fd, int sock, int cookiesp); 163int replace_cookie(int xserver, int fd, char *filename, int cookiesp); 164 165int suspicious_address (int sock, struct sockaddr *addr); 166 167#define KX_PORT 2111 168 169#define KX_OLD_VERSION "KXSERV.1" 170#define KX_VERSION "KXSERV.2" 171 172#define COOKIE_TYPE "MIT-MAGIC-COOKIE-1" 173 174enum { INIT = 0, ACK = 1, NEW_CONN = 2, ERROR = 3 }; 175 176enum kx_flags { PASSIVE = 1, KEEP_ALIVE = 2 }; 177 178typedef enum kx_flags kx_flags; 179 180struct kx_context { 181 int (*authenticate)(struct kx_context *kc, int s); 182 int (*userok)(struct kx_context *kc, char *user); 183 ssize_t (*read)(struct kx_context *kc, 184 int fd, void *buf, size_t len); 185 ssize_t (*write)(struct kx_context *kc, 186 int fd, const void *buf, size_t len); 187 int (*copy_encrypted)(struct kx_context *kc, 188 int fd1, int fd2); 189 void (*destroy)(struct kx_context *kc); 190 const char *host; 191 const char *user; 192 int port; 193 int debug_flag; 194 int keepalive_flag; 195 int tcp_flag; 196 struct sockaddr_storage __ss_this; 197 struct sockaddr_storage __ss_that; 198 struct sockaddr *thisaddr; 199 struct sockaddr *thataddr; 200 socklen_t thisaddr_len, thataddr_len; 201 void *data; 202}; 203 204typedef struct kx_context kx_context; 205 206void 207context_set (kx_context *kc, const char *host, const char *user, int port, 208 int debug_flag, int keepalive_flag, int tcp_flag); 209 210void 211context_destroy (kx_context *kc); 212 213int 214context_authenticate (kx_context *kc, int s); 215 216int 217context_userok (kx_context *kc, char *user); 218 219ssize_t 220kx_read (kx_context *kc, int fd, void *buf, size_t len); 221 222ssize_t 223kx_write (kx_context *kc, int fd, const void *buf, size_t len); 224 225int 226copy_encrypted (kx_context *kc, int fd1, int fd2); 227 228#ifdef KRB5 229 230void 231krb5_make_context (kx_context *c); 232 233int 234recv_v5_auth (kx_context *kc, int sock, u_char *buf); 235 236#endif 237 238void 239fatal (kx_context *kc, int fd, char *format, ...) 240#ifdef __GNUC__ 241__attribute__ ((format (printf, 3, 4))) 242#endif 243; 244 245int 246kx_get_int(void *f, uint32_t *to, int size, int lsb); 247 248int 249kx_put_int(uint32_t from, void *to, size_t rem, int size); 250