|
Lines 40-72
Author: Ralph Mor, X Consortium
Link Here
|
| 40 |
#include <bsd/stdlib.h> /* for arc4random_buf() */ |
40 |
#include <bsd/stdlib.h> /* for arc4random_buf() */ |
| 41 |
#endif |
41 |
#endif |
| 42 |
|
42 |
|
|
|
43 |
#ifdef HAVE_GETRANDOM |
| 44 |
#include <linux/random.h> |
| 45 |
#include <sys/syscall.h> |
| 46 |
#endif |
| 47 |
|
| 48 |
#include <sys/types.h> |
| 49 |
#include <sys/stat.h> |
| 50 |
#include <fcntl.h> |
| 51 |
#include <errno.h> |
| 52 |
|
| 43 |
static int was_called_state; |
53 |
static int was_called_state; |
| 44 |
|
54 |
|
| 45 |
/* |
55 |
#ifndef HAVE_ARC4RANDOM_BUF |
| 46 |
* MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by |
|
|
| 47 |
* the SI. It is not part of standard ICElib. |
| 48 |
*/ |
| 49 |
|
56 |
|
| 50 |
|
57 |
static void |
| 51 |
char * |
58 |
emulate_getrandom_buf ( |
| 52 |
IceGenerateMagicCookie ( |
59 |
char *auth, |
| 53 |
int len |
60 |
int len |
| 54 |
) |
61 |
) |
| 55 |
{ |
62 |
{ |
| 56 |
char *auth; |
|
|
| 57 |
#ifndef HAVE_ARC4RANDOM_BUF |
| 58 |
long ldata[2]; |
63 |
long ldata[2]; |
| 59 |
int seed; |
64 |
int seed; |
| 60 |
int value; |
65 |
int value; |
| 61 |
int i; |
66 |
int i; |
| 62 |
#endif |
|
|
| 63 |
|
67 |
|
| 64 |
if ((auth = malloc (len + 1)) == NULL) |
|
|
| 65 |
return (NULL); |
| 66 |
|
| 67 |
#ifdef HAVE_ARC4RANDOM_BUF |
| 68 |
arc4random_buf(auth, len); |
| 69 |
#else |
| 70 |
#ifdef ITIMER_REAL |
68 |
#ifdef ITIMER_REAL |
| 71 |
{ |
69 |
{ |
| 72 |
struct timeval now; |
70 |
struct timeval now; |
|
Lines 74-86
IceGenerateMagicCookie (
Link Here
|
| 74 |
ldata[0] = now.tv_sec; |
72 |
ldata[0] = now.tv_sec; |
| 75 |
ldata[1] = now.tv_usec; |
73 |
ldata[1] = now.tv_usec; |
| 76 |
} |
74 |
} |
| 77 |
#else |
75 |
#else /* ITIMER_REAL */ |
| 78 |
{ |
76 |
{ |
| 79 |
long time (); |
77 |
long time (); |
| 80 |
ldata[0] = time ((long *) 0); |
78 |
ldata[0] = time ((long *) 0); |
| 81 |
ldata[1] = getpid (); |
79 |
ldata[1] = getpid (); |
| 82 |
} |
80 |
} |
| 83 |
#endif |
81 |
#endif /* ITIMER_REAL */ |
| 84 |
seed = (ldata[0]) + (ldata[1] << 16); |
82 |
seed = (ldata[0]) + (ldata[1] << 16); |
| 85 |
srand (seed); |
83 |
srand (seed); |
| 86 |
for (i = 0; i < len; i++) |
84 |
for (i = 0; i < len; i++) |
|
Lines 88-94
IceGenerateMagicCookie (
Link Here
|
| 88 |
value = rand (); |
86 |
value = rand (); |
| 89 |
auth[i] = value & 0xff; |
87 |
auth[i] = value & 0xff; |
| 90 |
} |
88 |
} |
|
|
89 |
} |
| 90 |
|
| 91 |
#ifdef HAVE_GETRANDOM |
| 92 |
static int |
| 93 |
emulate_getentropy_getrandom |
| 94 |
( |
| 95 |
void *buffer, |
| 96 |
size_t length |
| 97 |
) |
| 98 |
{ |
| 99 |
int res; |
| 100 |
size_t filled = 0; |
| 101 |
|
| 102 |
if( length > 256 ) { |
| 103 |
errno = EIO; |
| 104 |
return -1; |
| 105 |
} |
| 106 |
|
| 107 |
while( filled < length ) { |
| 108 |
/* |
| 109 |
* glibc does not contain a syscall wrapper for this in older |
| 110 |
* versions |
| 111 |
*/ |
| 112 |
res = syscall(SYS_getrandom, (char*)buffer + filled, length - filled, 0); |
| 113 |
|
| 114 |
if( res == -1 ) { |
| 115 |
if( errno == EINTR ) |
| 116 |
continue; |
| 117 |
|
| 118 |
return -1; |
| 119 |
} else if ( res == 0 ) { |
| 120 |
// no more bytes available? should not happen |
| 121 |
errno = EIO; |
| 122 |
return -1; |
| 123 |
} |
| 124 |
|
| 125 |
filled += res; |
| 126 |
} |
| 127 |
|
| 128 |
return 0; |
| 129 |
} |
| 91 |
#endif |
130 |
#endif |
|
|
131 |
|
| 132 |
static int emulate_getentropy_devurandom |
| 133 |
( |
| 134 |
void *buffer, |
| 135 |
size_t length |
| 136 |
) |
| 137 |
{ |
| 138 |
int random_fd = -1; |
| 139 |
ssize_t res = -1; |
| 140 |
size_t filled = 0; |
| 141 |
|
| 142 |
if( length > 256 ) { |
| 143 |
errno = EIO; |
| 144 |
return -1; |
| 145 |
} |
| 146 |
|
| 147 |
random_fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC); |
| 148 |
|
| 149 |
if( random_fd == -1 ) { |
| 150 |
return -1; |
| 151 |
} |
| 152 |
|
| 153 |
while( filled < length ) { |
| 154 |
res = read(random_fd, (char*)buffer + filled, length - filled); |
| 155 |
|
| 156 |
if( res == -1 ) { |
| 157 |
// shouldn't actually happen acc. to man(4) random, |
| 158 |
// but you never know |
| 159 |
if( errno == EINTR ) |
| 160 |
continue; |
| 161 |
|
| 162 |
return -1; |
| 163 |
} else if( res == 0 ) { |
| 164 |
// no more bytes available? should not happen |
| 165 |
errno = EIO; |
| 166 |
return -1; |
| 167 |
} |
| 168 |
|
| 169 |
filled += res; |
| 170 |
} |
| 171 |
|
| 172 |
return 0; |
| 173 |
} |
| 174 |
|
| 175 |
static void |
| 176 |
arc4random_buf ( |
| 177 |
char *auth, |
| 178 |
int len |
| 179 |
) |
| 180 |
{ |
| 181 |
int ret = -1; |
| 182 |
|
| 183 |
#if HAVE_GETENTROPY |
| 184 |
/* weak emulation of arc4random through the entropy libc */ |
| 185 |
ret = getentropy (auth, len); |
| 186 |
#elif HAVE_GETRANDOM |
| 187 |
/* drop-in replacement for getentropy() via getrandrom() */ |
| 188 |
ret = emulate_getentropy_getrandom (auth, len); |
| 189 |
#else |
| 190 |
/* drop-in replacement for getentropy() using /dev/urandom */ |
| 191 |
ret = emulate_getentropy_devurandom(auth, len); |
| 192 |
#endif /* HAVE_GETENTROPY */ |
| 193 |
if (ret == 0) |
| 194 |
return; |
| 195 |
|
| 196 |
emulate_getrandom_buf (auth, len); |
| 197 |
} |
| 198 |
|
| 199 |
#endif /* !defined(HAVE_ARC4RANDOM_BUF) */ |
| 200 |
|
| 201 |
/* |
| 202 |
* MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by |
| 203 |
* the SI. It is not part of standard ICElib. |
| 204 |
*/ |
| 205 |
|
| 206 |
|
| 207 |
char * |
| 208 |
IceGenerateMagicCookie ( |
| 209 |
int len |
| 210 |
) |
| 211 |
{ |
| 212 |
char *auth; |
| 213 |
|
| 214 |
if ((auth = malloc (len + 1)) == NULL) |
| 215 |
return (NULL); |
| 216 |
|
| 217 |
arc4random_buf (auth, len); |
| 218 |
|
| 92 |
auth[len] = '\0'; |
219 |
auth[len] = '\0'; |
| 93 |
return (auth); |
220 |
return (auth); |
| 94 |
} |
221 |
} |