Appendix D

MIT-MAGIC-COOKIE-1 Authentication

The X Consortium's ICElib. implementation supports a simple MIT-MAGIC-COOKIE-1 authentication scheme using the authority file utilities described in Appendix A.

In this model, an application such as a session manager, obtains a magic cookie by calling IceGenerateMagicCookie, and then stores it in the user's local .ICEauthority file so that local clients can connect In order to allow remote clients to connect, some remote execution mechanism should be used to store the magic cookie in the user's .ICEauthority file on a remote machine.

In addition to storing the magic cookie in the .ICEauthority file, the application needs to call the IceSetPaAuthData function in order to store the magic cookie in memory. When it comes time for the MITMAGIC-COOKIE-1 authentication procedure to accept or reject the connection, it will compare the magic cookie presented by the request or to the magic cookie in memory.

char *IceGenerateMagicCookie (length )
int length;
length The desired length of the magic cookie

The magic cookie returned will be null terminated If memory can not be allocated for the magic cookie. the function will return NULL. Otherwise, the magic cookie should be freed with a call to free()

In order to store the authentication data in memory, call the IceSetPaAuthData function Currently, This function is only used for MIT-MAGIC-COOKIE-1 authentication, buy it may be used for additional authentication methods in the future.

void IceSetPaAuthData(num_entries, entries)
int num_entries;
IceAuthDataEmry *entries;
num entries The number of authentication data entries
entries The list of authentication data entries

Each entry has associated with it a protocol name (e g "ICE" for ICE connection setup authentication, "XSMP" for session management authentication), a network ID for the "accepling" client, an authentication name (e.g. MIT-MAGIC-COOKIE-1), and authentication data The ICE library will merge these entries with previously set entries, based on the (protocol_name, network_id, auth_name) tuple

typedef struct {
	char *protocol_name;
	char *network_id;
	char *auth_name;
	unsigned short auth_data_length;
	char *auth_data;
} Ice Auth Data Entry;


Contents Previous Chapter