Auth.h

/**************************************************************************/
/*                                                                        */
/* Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com)          */
/* Copyright (c) 2008-2014 Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>  */
/* Copyright (c) 2014-2016 Ulrich Sibiller <uli42@gmx.de>                 */
/* Copyright (c) 2014-2016 Mihai Moldovan <ionic@ionic.de>                */
/* Copyright (c) 2011-2016 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>*/
/* Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com)           */
/*                                                                        */
/* NXCOMP, NX protocol compression and NX extensions to this software     */
/* are copyright of the aforementioned persons and companies.             */
/*                                                                        */
/* Redistribution and use of the present software is allowed according    */
/* to terms specified in the file LICENSE.nxcomp which comes in the       */
/* source distribution.                                                   */
/*                                                                        */
/* All rights reserved.                                                   */
/*                                                                        */
/* NOTE: This software has received contributions from various other      */
/* contributors, only the core maintainers and supporters are listed as   */
/* copyright holders. Please contact us, if you feel you should be listed */
/* as copyright holder, as well.                                          */
/*                                                                        */
/**************************************************************************/

#ifndef Auth_H
#define Auth_H

#include "Timestamp.h"

//
// Handle the forwarding of authorization credentials
// to the X server by replacing the fake cookie with
// the real cookie as it is read from the auth file.
// At the moment only the MIT-MAGIC-COOKIE-1 cookies
// are recognized. The implementation is based on the
// corresponding code found in the SSH client.
//

class Auth
{
  public:

  //
  // Must be created by passing the fake cookie that
  // will be forwarded by the remote end and with the
  // real X display that is going to be used for the
  // session.
  //

  Auth(char *display, char *cookie);

  ~Auth();

  int isValid()
  {
    return (isTimestamp(last_) == 1 && fakeCookie_ != NULL &&
                *fakeCookie_ != '\0' && realCookie_ != NULL &&
                    *realCookie_ != '\0' && fakeData_ != NULL &&
                        realData_ != NULL && dataSize_ != 0);
  }

  int isFake() const
  {
    return generatedCookie_;
  }

  //
  // Method called in the channel class to find if the
  // provided cookie matches the fake one. If the data
  // matches, the fake cookie is replaced with the real
  // one.
  //

  int checkCookie(unsigned char *buffer);

  protected:

  //
  // Update the real cookie for the display. If called
  // a further time, check if the auth file is changed
  // and get the new cookie.
  //

  int updateCookie();

  //
  // Find out which authorization file is to be used
  // and query the cookie for the current display.
  //

  int getCookie();

  //
  // Extract the binary data from the cookies so that
  // data can be directly compared at the time it is
  // taken from the X request.
  //

  int validateCookie();

  //
  // Generate a fake random cookie and copy it to the
  // provided string.
  //

  void generateCookie(char *cookie);

  private:

  char *display_;
  char *file_;

  T_timestamp last_;

  char *fakeCookie_;
  char *realCookie_;

  char *fakeData_;
  char *realData_;

  int dataSize_;

  int generatedCookie_;
};

#endif /* Auth_H */