summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--AuDispose.c46
-rw-r--r--AuFileName.c70
-rw-r--r--AuGetAddr.c126
-rw-r--r--AuGetBest.c186
-rw-r--r--AuLock.c113
-rw-r--r--AuRead.c112
-rw-r--r--AuUnlock.c60
-rw-r--r--AuWrite.c76
-rw-r--r--Autest.c68
-rw-r--r--README184
-rw-r--r--Xau.man164
-rw-r--r--include/X11/Xauth.h180
-rw-r--r--k5encode.c183
13 files changed, 1568 insertions, 0 deletions
diff --git a/AuDispose.c b/AuDispose.c
new file mode 100644
index 0000000..b21cb67
--- /dev/null
+++ b/AuDispose.c
@@ -0,0 +1,46 @@
+/* $Xorg: AuDispose.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+
+void
+XauDisposeAuth (auth)
+Xauth *auth;
+{
+ if (auth) {
+ if (auth->address) (void) free (auth->address);
+ if (auth->number) (void) free (auth->number);
+ if (auth->name) (void) free (auth->name);
+ if (auth->data) {
+ (void) bzero (auth->data, auth->data_length);
+ (void) free (auth->data);
+ }
+ free ((char *) auth);
+ }
+ return;
+}
diff --git a/AuFileName.c b/AuFileName.c
new file mode 100644
index 0000000..aa456a1
--- /dev/null
+++ b/AuFileName.c
@@ -0,0 +1,70 @@
+/* $Xorg: AuFileName.c,v 1.5 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+#include <X11/Xos.h>
+
+char *
+XauFileName ()
+{
+ char *slashDotXauthority = "/.Xauthority";
+ char *name, *malloc (), *getenv ();
+ static char *buf;
+ static int bsize;
+#ifdef WIN32
+ char dir[128];
+#endif
+ int size;
+
+ if ((name = getenv ("XAUTHORITY")))
+ return name;
+ name = getenv ("HOME");
+ if (!name) {
+#ifdef WIN32
+ (void) strcpy (dir, "/users/");
+ if (name = getenv("USERNAME")) {
+ (void) strcat (dir, name);
+ name = dir;
+ }
+ if (!name)
+#endif
+ return 0;
+ }
+ size = strlen (name) + strlen(&slashDotXauthority[1]) + 2;
+ if (size > bsize) {
+ if (buf)
+ free (buf);
+ buf = malloc ((unsigned) size);
+ if (!buf)
+ return 0;
+ bsize = size;
+ }
+ strcpy (buf, name);
+ strcat (buf, slashDotXauthority + (name[1] == '\0' ? 1 : 0));
+ return buf;
+}
diff --git a/AuGetAddr.c b/AuGetAddr.c
new file mode 100644
index 0000000..af28414
--- /dev/null
+++ b/AuGetAddr.c
@@ -0,0 +1,126 @@
+/* $Xorg: AuGetAddr.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+#include <X11/Xos.h>
+
+static
+binaryEqual (a, b, len)
+register char *a, *b;
+register int len;
+{
+ while (len--)
+ if (*a++ != *b++)
+ return 0;
+ return 1;
+}
+
+#if NeedFunctionPrototypes
+Xauth *
+XauGetAuthByAddr (
+#if NeedWidePrototypes
+unsigned int family,
+unsigned int address_length,
+#else
+unsigned short family,
+unsigned short address_length,
+#endif
+_Xconst char* address,
+#if NeedWidePrototypes
+unsigned int number_length,
+#else
+unsigned short number_length,
+#endif
+_Xconst char* number,
+#if NeedWidePrototypes
+unsigned int name_length,
+#else
+unsigned short name_length,
+#endif
+_Xconst char* name)
+#else
+Xauth *
+XauGetAuthByAddr (family, address_length, address,
+ number_length, number,
+ name_length, name)
+unsigned short family;
+unsigned short address_length;
+char *address;
+unsigned short number_length;
+char *number;
+unsigned short name_length;
+char *name;
+#endif
+{
+ FILE *auth_file;
+ char *auth_name;
+ Xauth *entry;
+
+ auth_name = XauFileName ();
+ if (!auth_name)
+ return 0;
+ if (access (auth_name, R_OK) != 0) /* checks REAL id */
+ return 0;
+ auth_file = fopen (auth_name, "rb");
+ if (!auth_file)
+ return 0;
+ for (;;) {
+ entry = XauReadAuth (auth_file);
+ if (!entry)
+ break;
+ /*
+ * Match when:
+ * either family or entry->family are FamilyWild or
+ * family and entry->family are the same
+ * and
+ * either address or entry->address are empty or
+ * address and entry->address are the same
+ * and
+ * either number or entry->number are empty or
+ * number and entry->number are the same
+ * and
+ * either name or entry->name are empty or
+ * name and entry->name are the same
+ */
+
+ if ((family == FamilyWild || entry->family == FamilyWild ||
+ (entry->family == family &&
+ address_length == entry->address_length &&
+ binaryEqual (entry->address, address, (int)address_length))) &&
+ (number_length == 0 || entry->number_length == 0 ||
+ (number_length == entry->number_length &&
+ binaryEqual (entry->number, number, (int)number_length))) &&
+ (name_length == 0 || entry->name_length == 0 ||
+ (entry->name_length == name_length &&
+ binaryEqual (entry->name, name, (int)name_length))))
+ break;
+ XauDisposeAuth (entry);
+ }
+ (void) fclose (auth_file);
+ return entry;
+}
diff --git a/AuGetBest.c b/AuGetBest.c
new file mode 100644
index 0000000..ff24813
--- /dev/null
+++ b/AuGetBest.c
@@ -0,0 +1,186 @@
+/* $Xorg: AuGetBest.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+#include <X11/Xos.h>
+#ifdef XTHREADS
+#include <X11/Xthreads.h>
+#endif
+#ifdef hpux
+#define X_INCLUDE_NETDB_H
+#define XOS_USE_NO_LOCKING
+#include <X11/Xos_r.h>
+#endif
+
+static
+binaryEqual (a, b, len)
+register char *a, *b;
+register int len;
+{
+ while (len--)
+ if (*a++ != *b++)
+ return 0;
+ return 1;
+}
+
+#if NeedFunctionPrototypes
+Xauth *
+XauGetBestAuthByAddr (
+#if NeedWidePrototypes
+ unsigned int family,
+ unsigned int address_length,
+#else
+ unsigned short family,
+ unsigned short address_length,
+#endif
+ _Xconst char* address,
+#if NeedWidePrototypes
+ unsigned int number_length,
+#else
+ unsigned short number_length,
+#endif
+ _Xconst char* number,
+ int types_length,
+ char** types,
+ _Xconst int* type_lengths)
+#else
+Xauth *
+XauGetBestAuthByAddr (family, address_length, address,
+ number_length, number,
+ types_length, types, type_lengths)
+ unsigned short family;
+ unsigned short address_length;
+ char *address;
+ unsigned short number_length;
+ char *number;
+ int types_length;
+ char **types;
+ int *type_lengths;
+#endif
+{
+ FILE *auth_file;
+ char *auth_name;
+ Xauth *entry;
+ Xauth *best;
+ int best_type;
+ int type;
+#ifdef hpux
+ char *fully_qual_address;
+ unsigned short fully_qual_address_length;
+#endif
+
+ auth_name = XauFileName ();
+ if (!auth_name)
+ return 0;
+ if (access (auth_name, R_OK) != 0) /* checks REAL id */
+ return 0;
+ auth_file = fopen (auth_name, "rb");
+ if (!auth_file)
+ return 0;
+
+#ifdef hpux
+ if (family == FamilyLocal) {
+ _Xgethostbynameparams hparams;
+ struct hostent *hostp;
+
+ /* make sure we try fully-qualified hostname */
+ if ((hostp = _XGethostbyname(address,hparams)) != NULL) {
+ fully_qual_address = hostp->h_name;
+ fully_qual_address_length = strlen(fully_qual_address);
+ }
+ else
+ {
+ fully_qual_address = NULL;
+ fully_qual_address_length = 0;
+ }
+ }
+#endif /* hpux */
+
+ best = 0;
+ best_type = types_length;
+ for (;;) {
+ entry = XauReadAuth (auth_file);
+ if (!entry)
+ break;
+ /*
+ * Match when:
+ * either family or entry->family are FamilyWild or
+ * family and entry->family are the same
+ * and
+ * either address or entry->address are empty or
+ * address and entry->address are the same
+ * and
+ * either number or entry->number are empty or
+ * number and entry->number are the same
+ * and
+ * name matches one of the specified names, or no names
+ * were specified
+ */
+
+ if ((family == FamilyWild || entry->family == FamilyWild ||
+ (entry->family == family &&
+ ((address_length == entry->address_length &&
+ binaryEqual (entry->address, address, (int)address_length))
+#ifdef hpux
+ || (family == FamilyLocal &&
+ fully_qual_address_length == entry->address_length &&
+ binaryEqual (entry->address, fully_qual_address,
+ (int) fully_qual_address_length))
+#endif
+ ))) &&
+ (number_length == 0 || entry->number_length == 0 ||
+ (number_length == entry->number_length &&
+ binaryEqual (entry->number, number, (int)number_length))))
+ {
+ if (best_type == 0)
+ {
+ best = entry;
+ break;
+ }
+ for (type = 0; type < best_type; type++)
+ if (type_lengths[type] == entry->name_length &&
+ !(strncmp (types[type], entry->name, entry->name_length)))
+ {
+ break;
+ }
+ if (type < best_type)
+ {
+ if (best)
+ XauDisposeAuth (best);
+ best = entry;
+ best_type = type;
+ if (type == 0)
+ break;
+ continue;
+ }
+ }
+ XauDisposeAuth (entry);
+ }
+ (void) fclose (auth_file);
+ return best;
+}
diff --git a/AuLock.c b/AuLock.c
new file mode 100644
index 0000000..6c9aa8d
--- /dev/null
+++ b/AuLock.c
@@ -0,0 +1,113 @@
+/* $Xorg: AuLock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+#include <X11/Xos.h>
+#include <sys/stat.h>
+#include <errno.h>
+#ifdef X_NOT_STDC_ENV
+extern int errno;
+#define Time_t long
+extern Time_t time ();
+#else
+#include <time.h>
+#define Time_t time_t
+#endif
+#ifndef X_NOT_POSIX
+#include <unistd.h>
+#else
+#ifndef WIN32
+extern unsigned sleep ();
+#else
+#define link rename
+#endif
+#endif
+
+#if NeedFunctionPrototypes
+int
+XauLockAuth (
+_Xconst char *file_name,
+int retries,
+int timeout,
+long dead)
+#else
+int
+XauLockAuth (file_name, retries, timeout, dead)
+char *file_name;
+int retries;
+int timeout;
+long dead;
+#endif
+{
+ char creat_name[1025], link_name[1025];
+ struct stat statb;
+ Time_t now;
+ int creat_fd = -1;
+
+ if (strlen (file_name) > 1022)
+ return LOCK_ERROR;
+ (void) strcpy (creat_name, file_name);
+ (void) strcat (creat_name, "-c");
+ (void) strcpy (link_name, file_name);
+ (void) strcat (link_name, "-l");
+ if (stat (creat_name, &statb) != -1) {
+ now = time ((Time_t *) 0);
+ /*
+ * NFS may cause ctime to be before now, special
+ * case a 0 deadtime to force lock removal
+ */
+ if (dead == 0 || now - statb.st_ctime > dead) {
+ (void) unlink (creat_name);
+ (void) unlink (link_name);
+ }
+ }
+
+ while (retries > 0) {
+ if (creat_fd == -1) {
+ creat_fd = creat (creat_name, 0666);
+ if (creat_fd == -1) {
+ if (errno != EACCES)
+ return LOCK_ERROR;
+ } else
+ (void) close (creat_fd);
+ }
+ if (creat_fd != -1) {
+ if (link (creat_name, link_name) != -1)
+ return LOCK_SUCCESS;
+ if (errno == ENOENT) {
+ creat_fd = -1; /* force re-creat next time around */
+ continue;
+ }
+ if (errno != EEXIST)
+ return LOCK_ERROR;
+ }
+ (void) sleep ((unsigned) timeout);
+ --retries;
+ }
+ return LOCK_TIMEOUT;
+}
diff --git a/AuRead.c b/AuRead.c
new file mode 100644
index 0000000..28437d1
--- /dev/null
+++ b/AuRead.c
@@ -0,0 +1,112 @@
+/* $Xorg: AuRead.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+
+static
+read_short (shortp, file)
+unsigned short *shortp;
+FILE *file;
+{
+ unsigned char file_short[2];
+
+ if (fread ((char *) file_short, (int) sizeof (file_short), 1, file) != 1)
+ return 0;
+ *shortp = file_short[0] * 256 + file_short[1];
+ return 1;
+}
+
+static
+read_counted_string (countp, stringp, file)
+unsigned short *countp;
+char **stringp;
+FILE *file;
+{
+ unsigned short len;
+ char *data, *malloc ();
+
+ if (read_short (&len, file) == 0)
+ return 0;
+ if (len == 0) {
+ data = 0;
+ } else {
+ data = malloc ((unsigned) len);
+ if (!data)
+ return 0;
+ if (fread (data, (int) sizeof (char), (int) len, file) != len) {
+ bzero (data, len);
+ free (data);
+ return 0;
+ }
+ }
+ *stringp = data;
+ *countp = len;
+ return 1;
+}
+
+Xauth *
+XauReadAuth (auth_file)
+FILE *auth_file;
+{
+ Xauth local;
+ Xauth *ret;
+ char *malloc ();
+
+ if (read_short (&local.family, auth_file) == 0)
+ return 0;
+ if (read_counted_string (&local.address_length, &local.address, auth_file) == 0)
+ return 0;
+ if (read_counted_string (&local.number_length, &local.number, auth_file) == 0) {
+ if (local.address) free (local.address);
+ return 0;
+ }
+ if (read_counted_string (&local.name_length, &local.name, auth_file) == 0) {
+ if (local.address) free (local.address);
+ if (local.number) free (local.number);
+ return 0;
+ }
+ if (read_counted_string (&local.data_length, &local.data, auth_file) == 0) {
+ if (local.address) free (local.address);
+ if (local.number) free (local.number);
+ if (local.name) free (local.name);
+ return 0;
+ }
+ ret = (Xauth *) malloc (sizeof (Xauth));
+ if (!ret) {
+ if (local.address) free (local.address);
+ if (local.number) free (local.number);
+ if (local.name) free (local.name);
+ if (local.data) {
+ bzero (local.data, local.data_length);
+ free (local.data);
+ }
+ return 0;
+ }
+ *ret = local;
+ return ret;
+}
diff --git a/AuUnlock.c b/AuUnlock.c
new file mode 100644
index 0000000..0832c82
--- /dev/null
+++ b/AuUnlock.c
@@ -0,0 +1,60 @@
+/* $Xorg: AuUnlock.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+#include <X11/Xos.h>
+
+#if NeedFunctionPrototypes
+XauUnlockAuth (
+_Xconst char *file_name)
+#else
+XauUnlockAuth (file_name)
+char *file_name;
+#endif
+{
+#ifndef WIN32
+ char creat_name[1025];
+#endif
+ char link_name[1025];
+
+ if (strlen (file_name) > 1022)
+ return;
+#ifndef WIN32
+ (void) strcpy (creat_name, file_name);
+ (void) strcat (creat_name, "-c");
+#endif
+ (void) strcpy (link_name, file_name);
+ (void) strcat (link_name, "-l");
+ /*
+ * I think this is the correct order
+ */
+#ifndef WIN32
+ (void) unlink (creat_name);
+#endif
+ (void) unlink (link_name);
+}
diff --git a/AuWrite.c b/AuWrite.c
new file mode 100644
index 0000000..f372c93
--- /dev/null
+++ b/AuWrite.c
@@ -0,0 +1,76 @@
+/* $Xorg: AuWrite.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+
+static
+write_short (s, file)
+unsigned short s;
+FILE *file;
+{
+ unsigned char file_short[2];
+
+ file_short[0] = (s & (unsigned)0xff00) >> 8;
+ file_short[1] = s & 0xff;
+ if (fwrite ((char *) file_short, (int) sizeof (file_short), 1, file) != 1)
+ return 0;
+ return 1;
+}
+
+static
+write_counted_string (count, string, file)
+unsigned short count;
+char *string;
+FILE *file;
+{
+ if (write_short (count, file) == 0)
+ return 0;
+ if (fwrite (string, (int) sizeof (char), (int) count, file) != count)
+ return 0;
+ return 1;
+}
+
+int
+XauWriteAuth (auth_file, auth)
+FILE *auth_file;
+Xauth *auth;
+{
+ char *malloc ();
+
+ if (write_short (auth->family, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->address_length, auth->address, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->number_length, auth->number, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->name_length, auth->name, auth_file) == 0)
+ return 0;
+ if (write_counted_string (auth->data_length, auth->data, auth_file) == 0)
+ return 0;
+ return 1;
+}
diff --git a/Autest.c b/Autest.c
new file mode 100644
index 0000000..faf0b0a
--- /dev/null
+++ b/Autest.c
@@ -0,0 +1,68 @@
+/* $Xorg: Autest.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#include <X11/Xauth.h>
+
+main (argc, argv)
+char **argv;
+{
+ Xauth test_data;
+ char *name, *data, *file;
+ int state = 0;
+ FILE *output;
+
+ while (*++argv) {
+ if (!strcmp (*argv, "-file"))
+ file = *++argv;
+ else if (state == 0) {
+ name = *argv;
+ ++state;
+ } else if (state == 1) {
+ data = *argv;
+ ++state;
+ }
+ }
+ if(!file) {
+ fprintf (stderr, "No file\n");
+ exit (1);
+ }
+ test_data.family = 0;
+ test_data.address_length = 0;
+ test_data.address = "";
+ test_data.number_length = 0;
+ test_data.number = "";
+ test_data.name_length = strlen (name);
+ test_data.name = name;
+ test_data.data_length = strlen (data);
+ test_data.data = data;
+ output = fopen (file, "w");
+ if (output) {
+ XauWriteAuth (output, &test_data);
+ fclose (output);
+ }
+}
diff --git a/README b/README
new file mode 100644
index 0000000..404eef0
--- /dev/null
+++ b/README
@@ -0,0 +1,184 @@
+
+
+ A Sample Authorization Protocol for X
+
+
+Overview
+
+The following note describes a very simple mechanism for providing individual
+access to an X Window System display. It uses existing core protocol and
+library hooks for specifying authorization data in the connection setup block
+to restrict use of the display to only those clients that show that they
+know a server-specific key called a "magic cookie". This mechanism is *not*
+being proposed as an addition to the Xlib standard; among other reasons, a
+protocol extension is needed to support more flexible mechanisms. We have
+implemented this mechanism already; if you have comments, please send them
+to us.
+
+This scheme involves changes to the following parts of the sample release:
+
+ o xdm
+ - generate random magic cookie and store in protected file
+ - pass name of magic cookie file to server
+ - when user logs in, add magic cookie to user's auth file
+ - when user logs out, generate a new cookie for server
+
+ o server
+ - a new command line option to specify cookie file
+ - check client authorization data against magic cookie
+ - read in cookie whenever the server resets
+ - do not add local machine to host list if magic cookie given
+
+ o Xlib
+ - read in authorization data from file
+ - find data for appropriate server
+ - send authorization data if found
+
+ o xauth [new program to manage user auth file]
+ - add entries to user's auth file
+ - remove entries from user's auth file
+
+This mechanism assumes that the superuser and the transport layer between
+the client and the server is secure. Organizations that desire stricter
+security are encouraged to look at systems such as Kerberos (at Project
+Athena).
+
+
+Description
+
+The sample implementation will use the xdm Display Manager to set up and
+control the server's authorization file. Sites that do not run xdm will
+need to build their own mechanisms.
+
+Xdm uses a random key (seeded by the system time and check sum of /dev/kmem)
+to generate a unique sequence of characters at 16 bytes long. This sequence
+will be written to a file which is made readable only by the server. The
+server will then be started with a command line option instructing it to use
+the contents of the file as the magic cookie for connections that include
+authorization data. This will also disable the server from adding the local
+machine's address to the initial host list. Note that the actual cookie must
+not be stored on the command line or in an environment variable, to prevent
+it from being publicly obtainable by the "ps" command.
+
+If a client presents an authorization name of "MIT-MAGIC-COOKIE-1" and
+authorization data that matches the magic cookie, that client is allowed
+access. If the name or data does not match and the host list is empty,
+that client will be denied access. Otherwise, the existing host-based access
+control will be used. Since any client that is making a connection from a
+machine on the host list will be granted access even if their authorization
+data is incorrect, sites are strongly urged not to set up any default hosts
+using the /etc/X*.hosts files. Granting access to other machines should be
+done by the user's session manager instead.
+
+Assuming the server is configured with an empty host list, the existence of the
+cookie is sufficient to ensure there will be no unauthorized access to the
+display. However, xdm will (continue to) work to minimize the chances of
+spoofing on servers that do not support this authorization mechanism. This
+will be done by grabbing the server and the keyboard after opening the display.
+This action will be surrounded by a timer which will kill the server if the
+grabs cannot be done within several seconds. [This level of security is now
+implemented in patches already sent out.]
+
+After the user logs in, xdm will add authorization entries for each of the
+server machine's network addresses to the user's authorization file (the format
+of which is described below). This file will usually be named .Xauthority in
+the users's home directory; will be owned by the user (as specified by the
+pw_uid and pw_gid fields in the user's password entry), and will be accessible
+only to the user (no group access). This file will contain authorization data
+for all of the displays opened by the user.
+
+When the session terminates, xdm will generate and store a new magic cookie
+for the server. Then, xdm will shutdown its own connection and send a
+SIGHUP to the server process, which should cause the server to reset. The
+server will then read in the new magic cookie.
+
+To support accesses (both read and write) from multiple machines (for use in
+environments that use distributed file systems), file locking is done using
+hard links. This is done by creat'ing (sic) a lock file and then linking it
+to another name in the same directory. If the link-target already exists,
+the link will fail, indicating failure to obtain the lock. Linking is used
+instead of just creating the file read-only since link will fail even for
+the superuser.
+
+Problems and Solutions
+
+There are a few problems with .Xauthority as described. If no home directory
+exists, or if xdm cannot create a file there (disk full), xdm stores the
+cookie in a file in a resource-specified back-up directory, and sets an
+environment variable in the user's session (called XAUTHORITY) naming this
+file. There is also the problem that the locking attempts will need to be
+timed out, due to a leftover lock. Xdm, again, creates a file and set an
+environment variable. Finally, the back-up directory might be full. Xdm,
+as a last resort, provides a function key binding that allows a user to log
+in without having the authorization data stored, and with host-based access
+control disabled.
+
+Xlib
+
+XOpenDisplay in Xlib was enhanced to allow specification of authorization
+information. As implied above, Xlib looks for the data in the
+.Xauthority file of the home directory, or in the file pointed at by the
+XAUTHORITY environment variable instead if that is defined. This required
+no programmatic interface change to Xlib. In addition, a new Xlib routine
+is provided to explicitly specify authorization.
+
+ XSetAuthorization(name, namelen, data, datalen)
+ int namelen, datalen;
+ char *name, *data;
+
+There are three types of input:
+
+ name NULL, data don't care - use default authorization mechanism.
+ name non-NULL, data NULL - use the named authorization; get
+ data from that mechanism's default.
+ name non-NULL, data non-NULL - use the given authorization and data.
+
+This interface is used by xdm and might also be used by any other
+applications that wish to explicitly set the authorization information.
+
+Authorization File
+
+The .Xauthority file is a binary file consisting of a sequence of entries
+in the following format:
+
+ 2 bytes Family value (second byte is as in protocol HOST)
+ 2 bytes address length (always MSB first)
+ A bytes host address (as in protocol HOST)
+ 2 bytes display "number" length (always MSB first)
+ S bytes display "number" string
+ 2 bytes name length (always MSB first)
+ N bytes authorization name string
+ 2 bytes data length (always MSB first)
+ D bytes authorization data string
+
+The format is binary for easy processing, since authorization information
+usually consists of arbitrary data. Host addresses are used instead of
+names to eliminate potentially time-consuming name resolutions in
+XOpenDisplay. Programs, such as xdm, that initialize the user's
+authorization file will have to do the same work as the server in finding
+addresses for all network interfaces. If more than one entry matches the
+desired address, the entry that is chosen is implementation-dependent. In
+our implementation, it is always the first in the file.
+
+The Family is specified in two bytes to allow out-of-band values
+(i.e. values not in the Protocol) to be used. In particular,
+two new values "FamilyLocal" and "FamilyWild" are defined. FamilyLocal
+refers to any connections using a non-network method of connetion from the
+local machine (Unix domain sockets, shared memory, loopback serial line).
+In this case the host address is specified by the data returned from
+gethostname() and better be unique in a collection of machines
+which share NFS directories. FamilyWild is currently used only
+by xdm to communicate authorization data to the server. It matches
+any family/host address pair.
+
+For FamilyInternet, the host address is the 4 byte internet address, for
+FamilyDecnet, the host address is the byte decnet address, for FamilyChaos
+the address is also two bytes.
+
+The Display Number is the ascii representation of the display number
+portion of the display name. It is in ascii to allow future expansion
+to PseudoRoots or anything else that might happen.
+
+A utility called "xauth" will be provided for editing and viewing the
+contents of authorization files. Note that the user's authorization file is
+not the same as the server's magic cookie file.
diff --git a/Xau.man b/Xau.man
new file mode 100644
index 0000000..bff95af
--- /dev/null
+++ b/Xau.man
@@ -0,0 +1,164 @@
+.\" $Xorg: Xau.man,v 1.4 2001/03/16 17:48:26 pookie Exp $
+.\" Copyright (c) 1994 X Consortium
+.\"
+.\" Permission is hereby granted, free of charge, to any person obtaining a
+.\" copy of this software and associated documentation files (the "Software"),
+.\" to deal in the Software without restriction, including without limitation
+.\" the rights to use, copy, modify, merge, publish, distribute, sublicense,
+.\" and/or sell copies of the Software, and to permit persons to whom the
+.\" Software furnished to do so, subject to the following conditions:
+.\"
+.\" The above copyright notice and this permission notice shall be included in
+.\" all copies or substantial portions of the Software.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+.\" IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+.\" FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+.\" THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+.\" WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
+.\" OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+.\" SOFTWARE.
+.\"
+.\" Except as contained in this notice, the name of the X Consortium shall not
+.\" be used in advertising or otherwise to promote the sale, use or other
+.\" dealing in this Software without prior written authorization from the
+.\" X Consortium.
+.TH Xau 3 "Release 6.6" "X Version 11"
+.SH NAME
+Xau library: XauFileName, XauReadAuth, XauLockAuth, XauUnlockAuth,
+XauWriteAuth, XauDisposeAuth,
+XauGetAuthByAddr, XauGetBestAuthByAddr \- X authority database routines
+.SH SYNOPSIS
+.B "#include <X11/Xauth.h>"
+.PP
+.nf
+.ta .5i 2i
+typedef struct xauth {
+ unsigned short family;
+ unsigned short address_length;
+ char *address;
+ unsigned short number_length;
+ char *number;
+ unsigned short name_length;
+ char *name;
+ unsigned short data_length;
+ char *data;
+} Xauth;
+
+.ft B
+char *XauFileName ()
+
+.ft B
+Xauth *XauReadAuth (auth_file)
+.ft I
+ FILE *auth_file;
+
+.ft B
+int XauWriteAuth (auth_file, auth)
+.ft I
+ FILE *auth_file;
+ Xauth *auth;
+
+.ft B
+Xauth *XauGetAuthByAddr (\kAfamily,
+\h'|\nAu'address_length, address,
+\h'|\nAu'number_length, number)
+.ft I
+ unsigned short family;
+ unsigned short address_length;
+ char *address;
+ unsigned short number_length;
+ char *number;
+
+.ft B
+Xauth *XauGetBestAuthByAddr (\kAfamily,
+\h'|\nAu'address_length, address,
+\h'|\nAu'number_length, number,
+\h'|\nAu'types_length, types, type_lengths)
+.ft I
+ unsigned short family;
+ unsigned short address_length;
+ char *address;
+ unsigned short number_length;
+ char *number;
+ int types_length;
+ char **types;
+ int *type_lengths;
+
+.ft B
+int XauLockAuth (file_name, retries, timeout, dead)
+.ft I
+ char *file_name;
+ int retries;
+ int timeout;
+ long dead;
+
+.ft B
+int XauUnlockAuth (file_name)
+.ft I
+ char *file_name;
+
+.ft B
+XauDisposeAuth (auth)
+.ft I
+ Xauth *auth;
+
+.ft R
+.SH DESCRIPTION
+.PP
+\fBXauFileName\fP generates the default authorization file name by first
+checking the XAUTHORITY environment variable if set, else it returns
+$HOME/.Xauthority. This name is statically allocated and should
+not be freed.
+.PP
+\fBXauReadAuth\fP reads the next entry from \fIauth_file\fP. The entry is
+\fBnot\fP statically allocated and should be freed by calling
+\fIXauDisposeAuth\fP.
+.PP
+\fBXuWriteAuth\fP writes an authorization entry to \fIauth_file\fP. It
+returns 1 on success, 0 on failure.
+.PP
+\fBXauGetAuthByAddr\fP searches for an entry which matches the given network
+address/display number pair. The entry is \fBnot\fP statically allocated
+and should be freed by calling \fIXauDisposeAuth\fP.
+.PP
+\fBXauGetBestAuthByAddr\fP is similar to \fBXauGetAuthByAddr\fP, except
+that a list of acceptable authentication methods is specified. Xau will
+choose the file entry which matches the earliest entry in this list (e.g., the
+most secure authentication method). The \fItypes\fP argument is an array of
+strings, one string for each authentication method. \fItypes_length\fP
+specifies how many elements are in the \fItypes\fP array.
+\fItypes_lengths\fP is an array of integers representing the length
+of each string.
+.PP
+\fBXauLockAuth\fP does the work necessary to synchronously update an
+authorization file. First it makes two file names, one with ``-c'' appended
+to \fIfile_name\fP, the other with ``-l'' appended. If the ``-c'' file
+already exists and is more than \fIdead\fP seconds old, \fIXauLockAuth\fP
+removes it and the associated ``-l'' file. To prevent possible
+synchronization troubles with NFS, a \fIdead\fP value of zero forces the
+files to be removed. \fIXauLockAuth\fP makes \fIretries\fP attempts to
+create and link the file names, pausing \fItimeout\fP seconds between each
+attempt. \fIXauLockAuth\fP returns a collection of values depending on the
+results:
+.nf
+.ta .5i 2i
+
+ LOCK_ERROR A system error occurred, either a file_name
+ which is too long, or an unexpected failure from
+ a system call. errno may prove useful.
+
+ LOCK_TIMEOUT \fIretries\fP attempts failed
+
+ LOCK_SUCCESS The lock succeeded.
+
+.fi
+.PP
+\fBXauUnlockAuth\fP undoes the work of \fIXauLockAuth\fP by unlinking both
+the ``-c'' and ``-l'' file names.
+.PP
+\fBXauDisposeAuth\fP frees storage allocated to hold an authorization entry.
+.SH "SEE ALSO"
+xauth(1), xdm(1)
+.SH AUTHOR
+Keith Packard, MIT X Consortium
diff --git a/include/X11/Xauth.h b/include/X11/Xauth.h
new file mode 100644
index 0000000..eb69628
--- /dev/null
+++ b/include/X11/Xauth.h
@@ -0,0 +1,180 @@
+/* $Xorg: Xauth.h,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1988, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+#ifndef _Xauth_h
+#define _Xauth_h
+
+typedef struct xauth {
+ unsigned short family;
+ unsigned short address_length;
+ char *address;
+ unsigned short number_length;
+ char *number;
+ unsigned short name_length;
+ char *name;
+ unsigned short data_length;
+ char *data;
+} Xauth;
+
+#ifndef _XAUTH_STRUCT_ONLY
+
+# include <X11/Xfuncproto.h>
+# include <X11/Xfuncs.h>
+
+# include <stdio.h>
+
+# define FamilyLocal (256) /* not part of X standard (i.e. X.h) */
+# define FamilyWild (65535)
+# define FamilyNetname (254) /* not part of X standard */
+# define FamilyKrb5Principal (253) /* Kerberos 5 principal name */
+# define FamilyLocalHost (252) /* for local non-net authentication */
+
+
+_XFUNCPROTOBEGIN
+
+char *XauFileName();
+
+Xauth *XauReadAuth(
+#if NeedFunctionPrototypes
+FILE* /* auth_file */
+#endif
+);
+
+int XauLockAuth(
+#if NeedFunctionPrototypes
+_Xconst char* /* file_name */,
+int /* retries */,
+int /* timeout */,
+long /* dead */
+#endif
+);
+
+int XauUnlockAuth(
+#if NeedFunctionPrototypes
+_Xconst char* /* file_name */
+#endif
+);
+
+int XauWriteAuth(
+#if NeedFunctionPrototypes
+FILE* /* auth_file */,
+Xauth* /* auth */
+#endif
+);
+
+Xauth *XauGetAuthByName(
+#if NeedFunctionPrototypes
+_Xconst char* /* display_name */
+#endif
+);
+
+Xauth *XauGetAuthByAddr(
+#if NeedFunctionPrototypes
+#if NeedWidePrototypes
+unsigned int /* family */,
+unsigned int /* address_length */,
+#else
+unsigned short /* family */,
+unsigned short /* address_length */,
+#endif
+_Xconst char* /* address */,
+#if NeedWidePrototypes
+unsigned int /* number_length */,
+#else
+unsigned short /* number_length */,
+#endif
+_Xconst char* /* number */,
+#if NeedWidePrototypes
+unsigned int /* name_length */,
+#else
+unsigned short /* name_length */,
+#endif
+_Xconst char* /* name */
+#endif
+);
+
+Xauth *XauGetBestAuthByAddr(
+#if NeedFunctionPrototypes
+#if NeedWidePrototypes
+unsigned int /* family */,
+unsigned int /* address_length */,
+#else
+unsigned short /* family */,
+unsigned short /* address_length */,
+#endif
+_Xconst char* /* address */,
+#if NeedWidePrototypes
+unsigned int /* number_length */,
+#else
+unsigned short /* number_length */,
+#endif
+_Xconst char* /* number */,
+int /* types_length */,
+char** /* type_names */,
+_Xconst int* /* type_lengths */
+#endif
+);
+
+void XauDisposeAuth(
+#if NeedFunctionPrototypes
+Xauth* /* auth */
+#endif
+);
+
+#ifdef K5AUTH
+#include <krb5/krb5.h>
+/* 9/93: krb5.h leaks some symbols */
+#undef BITS32
+#undef xfree
+
+int XauKrb5Encode(
+#if NeedFunctionPrototypes
+ krb5_principal /* princ */,
+ krb5_data * /* outbuf */
+#endif
+);
+
+int XauKrb5Decode(
+#if NeedFunctionPrototypes
+ krb5_data /* inbuf */,
+ krb5_principal * /* princ */
+#endif
+);
+#endif /* K5AUTH */
+
+_XFUNCPROTOEND
+
+/* Return values from XauLockAuth */
+
+# define LOCK_SUCCESS 0 /* lock succeeded */
+# define LOCK_ERROR 1 /* lock unexpectely failed, check errno */
+# define LOCK_TIMEOUT 2 /* lock failed, timeouts expired */
+
+#endif /* _XAUTH_STRUCT_ONLY */
+
+#endif /* _Xauth_h */
diff --git a/k5encode.c b/k5encode.c
new file mode 100644
index 0000000..18d31ff
--- /dev/null
+++ b/k5encode.c
@@ -0,0 +1,183 @@
+/* $Xorg: k5encode.c,v 1.4 2001/02/09 02:03:42 xorgcvs Exp $ */
+
+/*
+
+Copyright 1993, 1994, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+
+/*
+ * functions to encode/decode Kerberos V5 principals
+ * into something that can be reasonable spewed over
+ * the wire
+ *
+ * Author: Tom Yu <tlyu@MIT.EDU>
+ *
+ * Still needs to be fixed up wrt signed/unsigned lengths, but we'll worry
+ * about that later.
+ */
+
+#include <krb5/krb5.h>
+/* 9/93: krb5.h leaks some symbols */
+#undef BITS32
+#undef xfree
+
+#include <X11/X.h>
+#include <X11/Xos.h>
+#include <X11/Xmd.h>
+#include <X11/Xfuncs.h>
+
+/*
+ * XauKrb5Encode
+ *
+ * this function encodes the principal passed to it in a format that can
+ * easily be dealt with by stuffing it into an X packet. Encoding is as
+ * follows:
+ * length count of the realm name
+ * realm
+ * component count
+ * length of component
+ * actual principal component
+ * etc....
+ *
+ * Note that this function allocates a hunk of memory, which must be
+ * freed to avoid nasty memory leak type things. All counts are
+ * byte-swapped if needed. (except for the total length returned)
+ *
+ * nevermind.... stuffing the encoded packet in net byte order just to
+ * always do the right thing. Don't have to frob with alignment that way.
+ */
+int
+XauKrb5Encode(princ, outbuf)
+ krb5_principal princ; /* principal to encode */
+ krb5_data *outbuf; /* output buffer */
+{
+ CARD16 i, numparts, totlen = 0, plen, rlen;
+ char *cp, *pdata;
+
+ rlen = krb5_princ_realm(princ)->length;
+ numparts = krb5_princ_size(princ);
+ totlen = 2 + rlen + 2; /* include room for realm length
+ and component count */
+ for (i = 0; i < numparts; i++)
+ totlen += krb5_princ_component(princ, i)->length + 2;
+ /* add 2 bytes each time for length */
+ if ((outbuf->data = (char *)malloc(totlen)) == NULL)
+ return -1;
+ cp = outbuf->data;
+ *cp++ = (char)((int)(0xff00 & rlen) >> 8);
+ *cp++ = (char)(0x00ff & rlen);
+ memcpy(cp, krb5_princ_realm(princ)->data, rlen);
+ cp += rlen;
+ *cp++ = (char)((int)(0xff00 & numparts) >> 8);
+ *cp++ = (char)(0x00ff & numparts);
+ for (i = 0; i < numparts; i++)
+ {
+ plen = krb5_princ_component(princ, i)->length;
+ pdata = krb5_princ_component(princ, i)->data;
+ *cp++ = (char)((int)(0xff00 & plen) >> 8);
+ *cp++ = (char)(0x00ff & plen);
+ memcpy(cp, pdata, plen);
+ cp += plen;
+ }
+ outbuf->length = totlen;
+ return 0;
+}
+
+/*
+ * XauKrb5Decode
+ *
+ * This function essentially reverses what XauKrb5Encode does.
+ * return value: 0 if okay, -1 if malloc fails, -2 if inbuf format bad
+ */
+int
+XauKrb5Decode(inbuf, princ)
+ krb5_data inbuf;
+ krb5_principal *princ;
+{
+ CARD16 i, numparts, plen, rlen;
+ CARD8 *cp, *pdata;
+
+ if (inbuf.length < 4)
+ {
+ return -2;
+ }
+ *princ = (krb5_principal)malloc(sizeof (krb5_principal_data));
+ if (*princ == NULL)
+ return -1;
+ bzero(*princ, sizeof (krb5_principal_data));
+ cp = (CARD8 *)inbuf.data;
+ rlen = *cp++ << 8;
+ rlen |= *cp++;
+ if (inbuf.length < 4 + (int)rlen + 2)
+ {
+ krb5_free_principal(*princ);
+ return -2;
+ }
+ krb5_princ_realm(*princ)->data = (char *)malloc(rlen);
+ if (krb5_princ_realm(*princ)->data == NULL)
+ {
+ krb5_free_principal(*princ);
+ return -1;
+ }
+ krb5_princ_realm(*princ)->length = rlen;
+ memcpy(krb5_princ_realm(*princ)->data, cp, rlen);
+ cp += rlen;
+ numparts = *cp++ << 8;
+ numparts |= *cp++;
+ krb5_princ_name(*princ) =
+ (krb5_data *)malloc(numparts * sizeof (krb5_data));
+ if (krb5_princ_name(*princ) == NULL)
+ {
+ krb5_free_principal(*princ);
+ return -1;
+ }
+ krb5_princ_size(*princ) = 0;
+ for (i = 0; i < numparts; i++)
+ {
+ if (cp + 2 > (CARD8 *)inbuf.data + inbuf.length)
+ {
+ krb5_free_principal(*princ);
+ return -2;
+ }
+ plen = *cp++ << 8;
+ plen |= *cp++;
+ if (cp + plen > (CARD8 *)inbuf.data + inbuf.length)
+ {
+ krb5_free_principal(*princ);
+ return -2;
+ }
+ pdata = (CARD8 *)malloc(plen);
+ if (pdata == NULL)
+ {
+ krb5_free_principal(*princ);
+ return -1;
+ }
+ krb5_princ_component(*princ, i)->data = (char *)pdata;
+ krb5_princ_component(*princ, i)->length = plen;
+ memcpy(pdata, cp, plen);
+ cp += plen;
+ krb5_princ_size(*princ)++;
+ }
+ return 0;
+}