frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace XC-SECURITY code with XACE security hooks 

(cherry picked from 8526cd6395 commit)
This commit is contained in:
Eamon Walsh 2004-05-05 20:04:52 +00:00 committed by Alan Coopersmith
parent 8d9ccc90a5
commit 37f0ae0245
14 changed files with 133 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
dix/devices.c
View File

@ -72,9 +72,8 @@ SOFTWARE.
#ifdef XKB #ifdef XKB
#include <X11/extensions/XKBsrv.h> #include <X11/extensions/XKBsrv.h>
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
#include "dispatch.h" #include "dispatch.h"
@ -956,8 +955,8 @@ ProcSetModifierMapping(ClientPtr client)
} }
} }
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess; return BadAccess;
#endif #endif
@ -1073,9 +1072,8 @@ ProcChangeKeyboardMapping(ClientPtr client)
client->errorValue = stuff->keySymsPerKeyCode; client->errorValue = stuff->keySymsPerKeyCode;
return BadValue; return BadValue;
} }
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
TRUE))
return BadAccess; return BadAccess;
#endif #endif
keysyms.minKeyCode = stuff->firstKeyCode; keysyms.minKeyCode = stuff->firstKeyCode;
@ -1221,8 +1219,8 @@ ProcChangeKeyboardControl (ClientPtr client)
vmask = stuff->mask; vmask = stuff->mask;
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask)) if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength; return BadLength;
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess; return BadAccess;
#endif #endif
vlist = (XID *)&stuff[1]; /* first word of values */ vlist = (XID *)&stuff[1]; /* first word of values */
@ -1610,8 +1608,8 @@ ProcQueryKeymap(ClientPtr client)
rep.type = X_Reply; rep.type = X_Reply;
rep.sequenceNumber = client->sequence; rep.sequenceNumber = client->sequence;
rep.length = 2; rep.length = 2;
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{ {
bzero((char *)&rep.map[0], 32); bzero((char *)&rep.map[0], 32);
} }

41
dix/dispatch.c
View File

@ -107,9 +107,8 @@ int ProcInitialConnection();
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h> #include <X11/extensions/Xagsrv.h>
@ -1103,11 +1102,10 @@ ProcConvertSelection(register ClientPtr client)
CurrentSelections[i].selection != stuff->selection) i++; CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) && if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None) (CurrentSelections[i].window != None)
#ifdef XCSECURITY #ifdef XACE
&& (!client->CheckAccess || && XaceHook(XACE_RESOURCE_ACCESS, client,
(* client->CheckAccess)(client, CurrentSelections[i].window, CurrentSelections[i].window, RT_WINDOW,
RT_WINDOW, SecurityReadAccess, SecurityReadAccess, CurrentSelections[i].pWin)
CurrentSelections[i].pWin))
#endif #endif
) )
{ {
@ -2205,9 +2203,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
} }
#ifdef XCSECURITY #ifdef XACE
if (client->trustLevel != XSecurityClientTrusted && if (pDraw->type == DRAWABLE_WINDOW &&
pDraw->type == DRAWABLE_WINDOW) !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{ {
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw); pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion) if (pVisibleRegion)
@ -2235,9 +2233,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format, format,
planemask, planemask,
(pointer) pBuf); (pointer) pBuf);
#ifdef XCSECURITY #ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion, widthBytesLine, XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width, pDraw, x, y + linesDone, width,
nlines, format, pBuf); nlines, format, pBuf);
#endif #endif
@ -2276,9 +2274,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format, format,
plane, plane,
(pointer)pBuf); (pointer)pBuf);
#ifdef XCSECURITY #ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion, XaceCensorImage(client, pVisibleRegion,
widthBytesLine, widthBytesLine,
pDraw, x, y + linesDone, width, pDraw, x, y + linesDone, width,
nlines, format, pBuf); nlines, format, pBuf);
@ -2304,7 +2302,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
} }
} }
} }
#ifdef XCSECURITY #ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion); REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif #endif
@ -3278,11 +3276,10 @@ ProcListHosts(register ClientPtr client)
/* REQUEST(xListHostsReq); */ /* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq); REQUEST_SIZE_MATCH(xListHostsReq);
#ifdef XCSECURITY #ifdef XACE
/* untrusted clients can't list hosts */ /* untrusted clients can't list hosts */
if (client->trustLevel != XSecurityClientTrusted) if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{ {
SecurityAudit("client %d attempted to list hosts\n", client->index);
return BadAccess; return BadAccess;
} }
#endif #endif
@ -3650,10 +3647,8 @@ void InitClient(ClientPtr client, int i, pointer ospriv)
} }
#endif #endif
client->replyBytesRemaining = 0; client->replyBytesRemaining = 0;
#ifdef XCSECURITY #ifdef XACE
client->trustLevel = XSecurityClientTrusted; XACE_STATE_INIT(client->securityState);
client->CheckAccess = NULL;
client->authId = 0;
#endif #endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
client->appgroup = NULL; client->appgroup = NULL;

34
dix/dixutils.c
View File

@ -97,9 +97,8 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h" #include "scrnintstr.h"
#define XK_LATIN1 #define XK_LATIN1
#include <X11/keysymdef.h> #include <X11/keysymdef.h>
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
/* /*
@ -199,7 +198,7 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len,
return (int) c1 - (int) c2; return (int) c1 - (int) c2;
} }
#ifdef XCSECURITY #ifdef XACE
/* SecurityLookupWindow and SecurityLookupDrawable: /* SecurityLookupWindow and SecurityLookupDrawable:
* Look up the window/drawable taking into account the client doing * Look up the window/drawable taking into account the client doing
@ -207,32 +206,16 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len,
* if it exists and the client is allowed access, else return NULL. * if it exists and the client is allowed access, else return NULL.
* Most Proc* functions should be calling these instead of * Most Proc* functions should be calling these instead of
* LookupWindow and LookupDrawable, which do no access checks. * LookupWindow and LookupDrawable, which do no access checks.
* XACE note: need to see if client->lastDrawableID can still be used here.
*/ */
_X_EXPORT WindowPtr _X_EXPORT WindowPtr
SecurityLookupWindow(XID rid, ClientPtr client, Mask access_mode) SecurityLookupWindow(XID rid, ClientPtr client, Mask access_mode)
{ {
WindowPtr pWin;
client->errorValue = rid; client->errorValue = rid;
if(rid == INVALID) if(rid == INVALID)
return NULL; return NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (client->lastDrawableID == rid)
{
if (client->lastDrawable->type == DRAWABLE_WINDOW)
return ((WindowPtr) client->lastDrawable);
return (WindowPtr) NULL;
}
pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
client->lastDrawable = (DrawablePtr) pWin;
client->lastDrawableID = rid;
client->lastGCID = INVALID;
client->lastGC = (GCPtr)NULL;
}
return pWin;
} }
@ -243,11 +226,6 @@ SecurityLookupDrawable(XID rid, ClientPtr client, Mask access_mode)
if(rid == INVALID) if(rid == INVALID)
return (pointer) NULL; return (pointer) NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (client->lastDrawableID == rid)
return ((pointer) client->lastDrawable);
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE, pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode); access_mode);
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW)) if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
@ -271,7 +249,7 @@ LookupDrawable(XID rid, ClientPtr client)
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess); return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
} }
#else /* not XCSECURITY */ #else /* not XACE */
WindowPtr WindowPtr
LookupWindow(XID rid, ClientPtr client) LookupWindow(XID rid, ClientPtr client)
@ -313,7 +291,7 @@ LookupDrawable(XID rid, ClientPtr client)
return (pointer)NULL; return (pointer)NULL;
} }
#endif /* XCSECURITY */ #endif /* XACE */
_X_EXPORT ClientPtr _X_EXPORT ClientPtr
LookupClient(XID rid, ClientPtr client) LookupClient(XID rid, ClientPtr client)

25
dix/events.c
View File

@ -138,9 +138,8 @@ of the copyright holder.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *); extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
#ifdef XEVIE #ifdef XEVIE
@ -2541,8 +2540,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized && (grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo)))) BorderSizeNotEmpty(grab->confineTo))))
{ {
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE; return FALSE;
#endif #endif
#ifdef XKB #ifdef XKB
@ -3350,10 +3349,10 @@ EnterLeaveEvent(
{ {
xKeymapEvent ke; xKeymapEvent ke;
#ifdef XCSECURITY #ifdef XACE
ClientPtr client = grab ? rClient(grab) ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)]; : clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, keybd, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{ {
bzero((char *)&ke.map[0], 31); bzero((char *)&ke.map[0], 31);
} }
@ -3445,9 +3444,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask)) ((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{ {
xKeymapEvent ke; xKeymapEvent ke;
#ifdef XCSECURITY #ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)]; ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, dev, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{ {
bzero((char *)&ke.map[0], 31); bzero((char *)&ke.map[0], 31);
} }
@ -3716,8 +3715,8 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq); REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq); REQUEST_SIZE_MATCH(xSetInputFocusReq);
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success; return Success;
#endif #endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus, return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
@ -3981,8 +3980,8 @@ ProcGrabKeyboard(ClientPtr client)
int result; int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq); REQUEST_SIZE_MATCH(xGrabKeyboardReq);
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{ {
result = Success; result = Success;
rep.status = AlreadyGrabbed; rep.status = AlreadyGrabbed;

59
dix/extension.c
View File

@ -61,9 +61,8 @@ SOFTWARE.
#include "gcstruct.h" #include "gcstruct.h"
#include "scrnintstr.h" #include "scrnintstr.h"
#include "dispatch.h" #include "dispatch.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
#define EXTENSION_BASE 128 #define EXTENSION_BASE 128
@ -147,8 +146,8 @@ AddExtension(char *name, int NumEvents, int NumErrors,
ext->errorBase = 0; ext->errorBase = 0;
ext->errorLast = 0; ext->errorLast = 0;
} }
#ifdef XCSECURITY #ifdef XACE
ext->secure = FALSE; XACE_STATE_INIT(ext->securityState);
#endif #endif
return(ext); return(ext);
@ -210,26 +209,27 @@ CheckExtension(const char *extname)
return NULL; return NULL;
} }
/*
* Added as part of Xace.
*/
ExtensionEntry *
GetExtensionEntry(int major)
{
if (major < EXTENSION_BASE)
return NULL;
major -= EXTENSION_BASE;
if (major >= NumExtensions)
return NULL;
return extensions[major];
}
_X_EXPORT void _X_EXPORT void
DeclareExtensionSecurity(char *extname, Bool secure) DeclareExtensionSecurity(char *extname, Bool secure)
{ {
#ifdef XCSECURITY #ifdef XACE
int i = FindExtension(extname, strlen(extname)); int i = FindExtension(extname, strlen(extname));
if (i >= 0) if (i >= 0)
{ XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
int majorop = extensions[i]->base;
extensions[i]->secure = secure;
if (secure)
{
UntrustedProcVector[majorop] = ProcVector[majorop];
SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
}
else
{
UntrustedProcVector[majorop] = ProcBadRequest;
SwappedUntrustedProcVector[majorop] = ProcBadRequest;
}
}
#endif #endif
} }
@ -307,10 +307,9 @@ ProcQueryExtension(ClientPtr client)
{ {
i = FindExtension((char *)&stuff[1], stuff->nbytes); i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0 if (i < 0
#ifdef XCSECURITY #ifdef XACE
/* don't show insecure extensions to untrusted clients */ /* call callbacks to find out whether to show extension */
|| (client->trustLevel == XSecurityClientUntrusted && || !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
!extensions[i]->secure)
#endif #endif
) )
reply.present = xFalse; reply.present = xFalse;
@ -347,10 +346,9 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++) for (i=0; i<NumExtensions; i++)
{ {
#ifdef XCSECURITY #ifdef XACE
/* don't show insecure extensions to untrusted clients */ /* call callbacks to find out whether to show extension */
if (client->trustLevel == XSecurityClientUntrusted && if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
!extensions[i]->secure)
continue; continue;
#endif #endif
total_length += strlen(extensions[i]->name) + 1; total_length += strlen(extensions[i]->name) + 1;
@ -365,9 +363,8 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++) for (i=0; i<NumExtensions; i++)
{ {
int len; int len;
#ifdef XCSECURITY #ifdef XACE
if (client->trustLevel == XSecurityClientUntrusted && if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
!extensions[i]->secure)
continue; continue;
#endif #endif
*bufptr++ = len = strlen(extensions[i]->name); *bufptr++ = len = strlen(extensions[i]->name);

25
dix/property.c
View File

@ -60,9 +60,8 @@ SOFTWARE.
#include "dixstruct.h" #include "dixstruct.h"
#include "dispatch.h" #include "dispatch.h"
#include "swaprep.h" #include "swaprep.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
/***************************************************************** /*****************************************************************
@ -121,12 +120,12 @@ ProcRotateProperties(ClientPtr client)
return(BadAlloc); return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++) for (i = 0; i < stuff->nAtoms; i++)
{ {
#ifdef XCSECURITY #ifdef XACE
char action = SecurityCheckPropertyAccess(client, pWin, atoms[i], char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess); SecurityReadAccess|SecurityWriteAccess);
#endif #endif
if (!ValidAtom(atoms[i]) if (!ValidAtom(atoms[i])
#ifdef XCSECURITY #ifdef XACE
|| (SecurityErrorOperation == action) || (SecurityErrorOperation == action)
#endif #endif
) )
@ -135,7 +134,7 @@ ProcRotateProperties(ClientPtr client)
client->errorValue = atoms[i]; client->errorValue = atoms[i];
return BadAtom; return BadAtom;
} }
#ifdef XCSECURITY #ifdef XACE
if (SecurityIgnoreOperation == action) if (SecurityIgnoreOperation == action)
{ {
DEALLOCATE_LOCAL(props); DEALLOCATE_LOCAL(props);
@ -236,8 +235,8 @@ ProcChangeProperty(ClientPtr client)
return(BadAtom); return(BadAtom);
} }
#ifdef XCSECURITY #ifdef XACE
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property, switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess)) SecurityWriteAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:
@ -504,13 +503,13 @@ ProcGetProperty(ClientPtr client)
if (!pProp) if (!pProp)
return NullPropertyReply(client, None, 0, &reply); return NullPropertyReply(client, None, 0, &reply);
#ifdef XCSECURITY #ifdef XACE
{ {
Mask access_mode = SecurityReadAccess; Mask access_mode = SecurityReadAccess;
if (stuff->delete) if (stuff->delete)
access_mode |= SecurityDestroyAccess; access_mode |= SecurityDestroyAccess;
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode)) access_mode))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:
@ -666,8 +665,8 @@ ProcDeleteProperty(register ClientPtr client)
return (BadAtom); return (BadAtom);
} }
#ifdef XCSECURITY #ifdef XACE
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityDestroyAccess)) SecurityDestroyAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:

19
dix/resource.c
View File

@ -123,6 +123,9 @@ Equipment Corporation.
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"
#endif #endif
#ifdef XACE
#include "xace.h"
#endif
#include <assert.h> #include <assert.h>
static void RebuildTable( static void RebuildTable(
@ -821,7 +824,7 @@ LegalNewID(XID id, register ClientPtr client)
!LookupIDByClass(id, RC_ANY))); !LookupIDByClass(id, RC_ANY)));
} }
#ifdef XCSECURITY #ifdef XACE
/* SecurityLookupIDByType and SecurityLookupIDByClass: /* SecurityLookupIDByType and SecurityLookupIDByClass:
* These are the heart of the resource ID security system. They take * These are the heart of the resource ID security system. They take
@ -854,8 +857,9 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode)
break; break;
} }
} }
if (retval && client && client->CheckAccess) if (retval && client &&
retval = (* client->CheckAccess)(client, id, rtype, mode, retval); !XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
retval = NULL;
return retval; return retval;
} }
@ -883,8 +887,9 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode)
break; break;
} }
} }
if (retval && client && client->CheckAccess) if (retval && client &&
retval = (* client->CheckAccess)(client, id, res->type, mode, retval); !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
retval = NULL;
return retval; return retval;
} }
@ -906,7 +911,7 @@ LookupIDByClass(XID id, RESTYPE classes)
SecurityUnknownAccess); SecurityUnknownAccess);
} }
#else /* not XCSECURITY */ #else /* not XACE */
/* /*
* LookupIDByType returns the object with the given id and type, else NULL. * LookupIDByType returns the object with the given id and type, else NULL.
@ -951,4 +956,4 @@ LookupIDByClass(XID id, RESTYPE classes)
return (pointer)NULL; return (pointer)NULL;
} }
#endif /* XCSECURITY */ #endif /* XACE */

25
dix/window.c
View File

@ -129,9 +129,8 @@ Equipment Corporation.
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h> #include <X11/extensions/Xagsrv.h>
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
/****** /******
@ -726,11 +725,11 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w,
} }
pWin->borderWidth = bw; pWin->borderWidth = bw;
#ifdef XCSECURITY #ifdef XACE
/* can't let untrusted clients have background None windows; /* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents * they make it too easy to steal window contents
*/ */
if (client->trustLevel != XSecurityClientTrusted) if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{ {
pWin->backgroundState = BackgroundPixel; pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0; pWin->background.pixel = 0;
@ -1020,9 +1019,9 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt
borderRelative = TRUE; borderRelative = TRUE;
if (pixID == None) if (pixID == None)
{ {
#ifdef XCSECURITY #ifdef XACE
/* can't let untrusted clients have background None windows */ /* can't let untrusted clients have background None windows */
if (client->trustLevel == XSecurityClientTrusted) if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{ {
#endif #endif
if (pWin->backgroundState == BackgroundPixmap) if (pWin->backgroundState == BackgroundPixmap)
@ -1031,7 +1030,7 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt
MakeRootTile(pWin); MakeRootTile(pWin);
else else
pWin->backgroundState = None; pWin->backgroundState = None;
#ifdef XCSECURITY #ifdef XACE
} }
else else
{ /* didn't change the background to None, so don't tell ddx */ { /* didn't change the background to None, so don't tell ddx */
@ -2719,13 +2718,9 @@ MapWindow(register WindowPtr pWin, ClientPtr client)
if (pWin->mapped) if (pWin->mapped)
return(Success); return(Success);
#ifdef XCSECURITY #ifdef XACE
/* don't let an untrusted client map a child-of-trusted-window, InputOnly /* general check for permission to map window */
* window; too easy to steal device input if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
*/
if ( (client->trustLevel != XSecurityClientTrusted) &&
(pWin->drawable.class == InputOnly) &&
(wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
return Success; return Success;
#endif #endif

19
include/dix.h
View File

@ -89,12 +89,9 @@ SOFTWARE.
((client->lastDrawableID == did) ? \ ((client->lastDrawableID == did) ? \
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client)) client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
#ifdef XCSECURITY #ifdef XACE
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\ #define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\ {\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\ RC_DRAWABLE, mode);\
@ -108,9 +105,6 @@ SOFTWARE.
} }
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\ #define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\ {\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\ RC_DRAWABLE, mode);\
@ -122,9 +116,6 @@ SOFTWARE.
} }
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
if (client->lastGCID == rid && !client->trustLevel)\
pGC = client->lastGC;\
else\
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\ pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
if (!pGC)\ if (!pGC)\
{\ {\
@ -141,7 +132,7 @@ SOFTWARE.
#define VERIFY_GC(pGC, rid, client)\ #define VERIFY_GC(pGC, rid, client)\
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess) SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
#else /* not XCSECURITY */ #else /* not XACE */
#define VERIFY_DRAWABLE(pDraw, did, client)\ #define VERIFY_DRAWABLE(pDraw, did, client)\
if (client->lastDrawableID == did)\ if (client->lastDrawableID == did)\
@ -191,7 +182,7 @@ SOFTWARE.
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
VERIFY_GC(pGC, rid, client) VERIFY_GC(pGC, rid, client)
#endif /* XCSECURITY */ #endif /* XACE */
/* /*
* We think that most hardware implementations of DBE will want * We think that most hardware implementations of DBE will want
@ -386,7 +377,7 @@ extern int CompareISOLatin1Lowered(
unsigned char * /*b*/, unsigned char * /*b*/,
int blen); int blen);
#ifdef XCSECURITY #ifdef XACE
extern WindowPtr SecurityLookupWindow( extern WindowPtr SecurityLookupWindow(
XID /*rid*/, XID /*rid*/,
@ -422,7 +413,7 @@ extern pointer LookupDrawable(
#define SecurityLookupDrawable(rid, client, access_mode) \ #define SecurityLookupDrawable(rid, client, access_mode) \
LookupDrawable(rid, client) LookupDrawable(rid, client)
#endif /* XCSECURITY */ #endif /* XACE */
extern ClientPtr LookupClient( extern ClientPtr LookupClient(
XID /*rid*/, XID /*rid*/,

11
include/dixstruct.h
View File

@ -130,15 +130,8 @@ typedef struct _Client {
int requestLogIndex; int requestLogIndex;
#endif #endif
unsigned long replyBytesRemaining; unsigned long replyBytesRemaining;
#ifdef XCSECURITY #ifdef XACE
XID authId; pointer securityState[4]; /* 4 slots for use */
unsigned int trustLevel;
pointer (* CheckAccess)(
ClientPtr /*pClient*/,
XID /*id*/,
RESTYPE /*classes*/,
Mask /*access_mode*/,
pointer /*resourceval*/);
#endif #endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
struct _AppGroupRec* appgroup; struct _AppGroupRec* appgroup;

3
include/extnsionst.h
View File

@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */ unsigned short (* MinorOpcode)( /* called for errors */
ClientPtr /* client */); ClientPtr /* client */);
#ifdef XCSECURITY #ifdef XCSECURITY
Bool secure; /* extension visible to untrusted clients? */ pointer securityState[4]; /* 4 slots for use */
#endif #endif
} ExtensionEntry; } ExtensionEntry;
@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
ExtensionEntry * /*extension*/); ExtensionEntry * /*extension*/);
extern ExtensionEntry *CheckExtension(const char *extname); extern ExtensionEntry *CheckExtension(const char *extname);
extern ExtensionEntry *GetExtensionEntry(int major);
extern ExtensionLookupProc LookupProc( extern ExtensionLookupProc LookupProc(
char* /*name*/, char* /*name*/,

6
include/resource.h
View File

@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex(
#define SecurityWriteAccess (1<<1) /* changing the object */ #define SecurityWriteAccess (1<<1) /* changing the object */
#define SecurityDestroyAccess (1<<2) /* destroying the object */ #define SecurityDestroyAccess (1<<2) /* destroying the object */
#ifdef XCSECURITY #ifdef XACE
extern pointer SecurityLookupIDByType( extern pointer SecurityLookupIDByType(
ClientPtr /*client*/, ClientPtr /*client*/,
@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
RESTYPE /*classes*/, RESTYPE /*classes*/,
Mask /*access_mode*/); Mask /*access_mode*/);
#else /* not XCSECURITY */ #else /* not XACE */
#define SecurityLookupIDByType(client, id, rtype, access_mode) \ #define SecurityLookupIDByType(client, id, rtype, access_mode) \
LookupIDByType(id, rtype) LookupIDByType(id, rtype)
@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
#define SecurityLookupIDByClass(client, id, classes, access_mode) \ #define SecurityLookupIDByClass(client, id, classes, access_mode) \
LookupIDByClass(id, classes) LookupIDByClass(id, classes)
#endif /* XCSECURITY */ #endif /* XACE */
extern void GetXIDRange( extern void GetXIDRange(
int /*client*/, int /*client*/,

19
os/access.c
View File

@ -202,9 +202,8 @@ SOFTWARE.
#include "dixstruct.h" #include "dixstruct.h"
#include "osdep.h" #include "osdep.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include <X11/extensions/security.h>
#endif #endif
#ifndef PATH_MAX #ifndef PATH_MAX
@ -1383,15 +1382,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client)
pointer addr; pointer addr;
register HOST *host; register HOST *host;
#ifdef XCSECURITY
/* untrusted clients can't change host access */
if (client->trustLevel != XSecurityClientTrusted)
{
SecurityAudit("client %d attempted to change host access\n",
client->index);
return FALSE;
}
#endif
if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
&notused, &alen, &from)) &notused, &alen, &from))
{ {
@ -1534,6 +1524,11 @@ AuthorizedClient(ClientPtr client)
{ {
if (!client || defeatAccessControl) if (!client || defeatAccessControl)
return TRUE; return TRUE;
#ifdef XACE
/* untrusted clients can't change host access */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
return FALSE;
#endif
return LocalClient(client); return LocalClient(client);
} }

8
os/connection.c
View File

@ -150,6 +150,9 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h> #include <X11/extensions/Xagsrv.h>
#endif #endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XCSECURITY #ifdef XCSECURITY
#define _SECURITY_SERVER #define _SECURITY_SERVER
#include <X11/extensions/security.h> #include <X11/extensions/security.h>
@ -693,9 +696,8 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */ /* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd); XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */ #endif /* XDMCP */
#ifdef XAPPGROUP #ifdef XACE
if (ClientStateCallback) XaceHook(XACE_AUTH_AVAIL, client, auth_id);
XagCallClientStateChange (client);
#endif #endif
/* At this point, if the client is authorized to change the access control /* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to * list, we should getpeername() information, and add the client to