frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace XC-SECURITY code with XACE security hooks 

(cherry picked from 8526cd6395 commit)
This commit is contained in:
Eamon Walsh 2004-05-05 20:04:52 +00:00 committed by Alan Coopersmith
parent 8d9ccc90a5
commit 37f0ae0245
14 changed files with 133 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
dix/devices.c
View File

@ -72,9 +72,8 @@ SOFTWARE.
#ifdef XKB
#include <X11/extensions/XKBsrv.h>
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
#include "dispatch.h"
@ -956,8 +955,8 @@ ProcSetModifierMapping(ClientPtr client)
}
}
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess;
#endif
@ -1073,9 +1072,8 @@ ProcChangeKeyboardMapping(ClientPtr client)
client->errorValue = stuff->keySymsPerKeyCode;
return BadValue;
}
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard,
TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return BadAccess;
#endif
keysyms.minKeyCode = stuff->firstKeyCode;
@ -1221,8 +1219,8 @@ ProcChangeKeyboardControl (ClientPtr client)
vmask = stuff->mask;
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength;
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess;
#endif
vlist = (XID *)&stuff[1]; /* first word of values */
@ -1610,8 +1608,8 @@ ProcQueryKeymap(ClientPtr client)
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.length = 2;
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
bzero((char *)&rep.map[0], 32);
}

41
dix/dispatch.c
View File

@ -107,9 +107,8 @@ int ProcInitialConnection();
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
@ -1103,11 +1102,10 @@ ProcConvertSelection(register ClientPtr client)
CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None)
#ifdef XCSECURITY
&& (!client->CheckAccess ||
(* client->CheckAccess)(client, CurrentSelections[i].window,
RT_WINDOW, SecurityReadAccess,
CurrentSelections[i].pWin))
#ifdef XACE
&& XaceHook(XACE_RESOURCE_ACCESS, client,
CurrentSelections[i].window, RT_WINDOW,
SecurityReadAccess, CurrentSelections[i].pWin)
#endif
)
{
@ -2205,9 +2203,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
#ifdef XCSECURITY
if (client->trustLevel != XSecurityClientTrusted &&
pDraw->type == DRAWABLE_WINDOW)
#ifdef XACE
if (pDraw->type == DRAWABLE_WINDOW &&
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion)
@ -2235,9 +2233,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format,
planemask,
(pointer) pBuf);
#ifdef XCSECURITY
#ifdef XACE
if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion, widthBytesLine,
XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
#endif
@ -2276,9 +2274,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format,
plane,
(pointer)pBuf);
#ifdef XCSECURITY
#ifdef XACE
if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion,
XaceCensorImage(client, pVisibleRegion,
widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
@ -2304,7 +2302,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
}
}
}
#ifdef XCSECURITY
#ifdef XACE
if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif
@ -3278,11 +3276,10 @@ ProcListHosts(register ClientPtr client)
/* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq);
#ifdef XCSECURITY
#ifdef XACE
/* untrusted clients can't list hosts */
if (client->trustLevel != XSecurityClientTrusted)
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{
SecurityAudit("client %d attempted to list hosts\n", client->index);
return BadAccess;
}
#endif
@ -3650,10 +3647,8 @@ void InitClient(ClientPtr client, int i, pointer ospriv)
}
#endif
client->replyBytesRemaining = 0;
#ifdef XCSECURITY
client->trustLevel = XSecurityClientTrusted;
client->CheckAccess = NULL;
client->authId = 0;
#ifdef XACE
XACE_STATE_INIT(client->securityState);
#endif
#ifdef XAPPGROUP
client->appgroup = NULL;

34
dix/dixutils.c
View File

@ -97,9 +97,8 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h"
#define XK_LATIN1
#include <X11/keysymdef.h>
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
/*
@ -199,7 +198,7 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len,
return (int) c1 - (int) c2;
}
#ifdef XCSECURITY
#ifdef XACE
/* SecurityLookupWindow and SecurityLookupDrawable:
* Look up the window/drawable taking into account the client doing
@ -207,32 +206,16 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len,
* if it exists and the client is allowed access, else return NULL.
* Most Proc* functions should be calling these instead of
* LookupWindow and LookupDrawable, which do no access checks.
* XACE note: need to see if client->lastDrawableID can still be used here.
*/
_X_EXPORT WindowPtr
SecurityLookupWindow(XID rid, ClientPtr client, Mask access_mode)
{
WindowPtr pWin;
client->errorValue = rid;
if(rid == INVALID)
return NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (client->lastDrawableID == rid)
{
if (client->lastDrawable->type == DRAWABLE_WINDOW)
return ((WindowPtr) client->lastDrawable);
return (WindowPtr) NULL;
}
pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
client->lastDrawable = (DrawablePtr) pWin;
client->lastDrawableID = rid;
client->lastGCID = INVALID;
client->lastGC = (GCPtr)NULL;
}
return pWin;
}
@ -243,11 +226,6 @@ SecurityLookupDrawable(XID rid, ClientPtr client, Mask access_mode)
if(rid == INVALID)
return (pointer) NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (client->lastDrawableID == rid)
return ((pointer) client->lastDrawable);
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
@ -271,7 +249,7 @@ LookupDrawable(XID rid, ClientPtr client)
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
}
#else /* not XCSECURITY */
#else /* not XACE */
WindowPtr
LookupWindow(XID rid, ClientPtr client)
@ -313,7 +291,7 @@ LookupDrawable(XID rid, ClientPtr client)
return (pointer)NULL;
}
#endif /* XCSECURITY */
#endif /* XACE */
_X_EXPORT ClientPtr
LookupClient(XID rid, ClientPtr client)

25
dix/events.c
View File

@ -138,9 +138,8 @@ of the copyright holder.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
#ifdef XEVIE
@ -2541,8 +2540,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo))))
{
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE;
#endif
#ifdef XKB
@ -3350,10 +3349,10 @@ EnterLeaveEvent(
{
xKeymapEvent ke;
#ifdef XCSECURITY
#ifdef XACE
ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, keybd, FALSE))
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
@ -3445,9 +3444,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{
xKeymapEvent ke;
#ifdef XCSECURITY
#ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, dev, FALSE))
if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
@ -3716,8 +3715,8 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq);
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success;
#endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
@ -3981,8 +3980,8 @@ ProcGrabKeyboard(ClientPtr client)
int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
result = Success;
rep.status = AlreadyGrabbed;

59
dix/extension.c
View File

@ -61,9 +61,8 @@ SOFTWARE.
#include "gcstruct.h"
#include "scrnintstr.h"
#include "dispatch.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
#define EXTENSION_BASE 128
@ -147,8 +146,8 @@ AddExtension(char *name, int NumEvents, int NumErrors,
ext->errorBase = 0;
ext->errorLast = 0;
}
#ifdef XCSECURITY
ext->secure = FALSE;
#ifdef XACE
XACE_STATE_INIT(ext->securityState);
#endif
return(ext);
@ -210,26 +209,27 @@ CheckExtension(const char *extname)
return NULL;
}
/*
* Added as part of Xace.
*/
ExtensionEntry *
GetExtensionEntry(int major)
{
if (major < EXTENSION_BASE)
return NULL;
major -= EXTENSION_BASE;
if (major >= NumExtensions)
return NULL;
return extensions[major];
}
_X_EXPORT void
DeclareExtensionSecurity(char *extname, Bool secure)
{
#ifdef XCSECURITY
#ifdef XACE
int i = FindExtension(extname, strlen(extname));
if (i >= 0)
{
int majorop = extensions[i]->base;
extensions[i]->secure = secure;
if (secure)
{
UntrustedProcVector[majorop] = ProcVector[majorop];
SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
}
else
{
UntrustedProcVector[majorop] = ProcBadRequest;
SwappedUntrustedProcVector[majorop] = ProcBadRequest;
}
}
XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
#endif
}
@ -307,10 +307,9 @@ ProcQueryExtension(ClientPtr client)
{
i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0
#ifdef XCSECURITY
/* don't show insecure extensions to untrusted clients */
|| (client->trustLevel == XSecurityClientUntrusted &&
!extensions[i]->secure)
#ifdef XACE
/* call callbacks to find out whether to show extension */
|| !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
#endif
)
reply.present = xFalse;
@ -347,10 +346,9 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
#ifdef XCSECURITY
/* don't show insecure extensions to untrusted clients */
if (client->trustLevel == XSecurityClientUntrusted &&
!extensions[i]->secure)
#ifdef XACE
/* call callbacks to find out whether to show extension */
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
total_length += strlen(extensions[i]->name) + 1;
@ -365,9 +363,8 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
int len;
#ifdef XCSECURITY
if (client->trustLevel == XSecurityClientUntrusted &&
!extensions[i]->secure)
#ifdef XACE
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
*bufptr++ = len = strlen(extensions[i]->name);

25
dix/property.c
View File

@ -60,9 +60,8 @@ SOFTWARE.
#include "dixstruct.h"
#include "dispatch.h"
#include "swaprep.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
/*****************************************************************
@ -121,12 +120,12 @@ ProcRotateProperties(ClientPtr client)
return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++)
{
#ifdef XCSECURITY
char action = SecurityCheckPropertyAccess(client, pWin, atoms[i],
#ifdef XACE
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess);
#endif
if (!ValidAtom(atoms[i])
#ifdef XCSECURITY
#ifdef XACE
|| (SecurityErrorOperation == action)
#endif
)
@ -135,7 +134,7 @@ ProcRotateProperties(ClientPtr client)
client->errorValue = atoms[i];
return BadAtom;
}
#ifdef XCSECURITY
#ifdef XACE
if (SecurityIgnoreOperation == action)
{
DEALLOCATE_LOCAL(props);
@ -236,8 +235,8 @@ ProcChangeProperty(ClientPtr client)
return(BadAtom);
}
#ifdef XCSECURITY
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
#ifdef XACE
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess))
{
case SecurityErrorOperation:
@ -504,13 +503,13 @@ ProcGetProperty(ClientPtr client)
if (!pProp)
return NullPropertyReply(client, None, 0, &reply);
#ifdef XCSECURITY
#ifdef XACE
{
Mask access_mode = SecurityReadAccess;
if (stuff->delete)
access_mode |= SecurityDestroyAccess;
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode))
{
case SecurityErrorOperation:
@ -666,8 +665,8 @@ ProcDeleteProperty(register ClientPtr client)
return (BadAtom);
}
#ifdef XCSECURITY
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
#ifdef XACE
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityDestroyAccess))
{
case SecurityErrorOperation:

19
dix/resource.c
View File

@ -123,6 +123,9 @@ Equipment Corporation.
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
#include <assert.h>
static void RebuildTable(
@ -821,7 +824,7 @@ LegalNewID(XID id, register ClientPtr client)
!LookupIDByClass(id, RC_ANY)));
}
#ifdef XCSECURITY
#ifdef XACE
/* SecurityLookupIDByType and SecurityLookupIDByClass:
* These are the heart of the resource ID security system. They take
@ -854,8 +857,9 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode)
break;
}
}
if (retval && client && client->CheckAccess)
retval = (* client->CheckAccess)(client, id, rtype, mode, retval);
if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
retval = NULL;
return retval;
}
@ -883,8 +887,9 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode)
break;
}
}
if (retval && client && client->CheckAccess)
retval = (* client->CheckAccess)(client, id, res->type, mode, retval);
if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
retval = NULL;
return retval;
}
@ -906,7 +911,7 @@ LookupIDByClass(XID id, RESTYPE classes)
SecurityUnknownAccess);
}
#else /* not XCSECURITY */
#else /* not XACE */
/*
* LookupIDByType returns the object with the given id and type, else NULL.
@ -951,4 +956,4 @@ LookupIDByClass(XID id, RESTYPE classes)
return (pointer)NULL;
}
#endif /* XCSECURITY */
#endif /* XACE */

25
dix/window.c
View File

@ -129,9 +129,8 @@ Equipment Corporation.
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
/******
@ -726,11 +725,11 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w,
}
pWin->borderWidth = bw;
#ifdef XCSECURITY
#ifdef XACE
/* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents
*/
if (client->trustLevel != XSecurityClientTrusted)
if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0;
@ -1020,9 +1019,9 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt
borderRelative = TRUE;
if (pixID == None)
{
#ifdef XCSECURITY
#ifdef XACE
/* can't let untrusted clients have background None windows */
if (client->trustLevel == XSecurityClientTrusted)
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
#endif
if (pWin->backgroundState == BackgroundPixmap)
@ -1031,7 +1030,7 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt
MakeRootTile(pWin);
else
pWin->backgroundState = None;
#ifdef XCSECURITY
#ifdef XACE
}
else
{ /* didn't change the background to None, so don't tell ddx */
@ -2719,13 +2718,9 @@ MapWindow(register WindowPtr pWin, ClientPtr client)
if (pWin->mapped)
return(Success);
#ifdef XCSECURITY
/* don't let an untrusted client map a child-of-trusted-window, InputOnly
* window; too easy to steal device input
*/
if ( (client->trustLevel != XSecurityClientTrusted) &&
(pWin->drawable.class == InputOnly) &&
(wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
#ifdef XACE
/* general check for permission to map window */
if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
return Success;
#endif

19
include/dix.h
View File

@ -89,12 +89,9 @@ SOFTWARE.
((client->lastDrawableID == did) ? \
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
#ifdef XCSECURITY
#ifdef XACE
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\
@ -108,9 +105,6 @@ SOFTWARE.
}
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\
@ -122,9 +116,6 @@ SOFTWARE.
}
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
if (client->lastGCID == rid && !client->trustLevel)\
pGC = client->lastGC;\
else\
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
if (!pGC)\
{\
@ -141,7 +132,7 @@ SOFTWARE.
#define VERIFY_GC(pGC, rid, client)\
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
#else /* not XCSECURITY */
#else /* not XACE */
#define VERIFY_DRAWABLE(pDraw, did, client)\
if (client->lastDrawableID == did)\
@ -191,7 +182,7 @@ SOFTWARE.
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
VERIFY_GC(pGC, rid, client)
#endif /* XCSECURITY */
#endif /* XACE */
/*
* We think that most hardware implementations of DBE will want
@ -386,7 +377,7 @@ extern int CompareISOLatin1Lowered(
unsigned char * /*b*/,
int blen);
#ifdef XCSECURITY
#ifdef XACE
extern WindowPtr SecurityLookupWindow(
XID /*rid*/,
@ -422,7 +413,7 @@ extern pointer LookupDrawable(
#define SecurityLookupDrawable(rid, client, access_mode) \
LookupDrawable(rid, client)
#endif /* XCSECURITY */
#endif /* XACE */
extern ClientPtr LookupClient(
XID /*rid*/,

11
include/dixstruct.h
View File

@ -130,15 +130,8 @@ typedef struct _Client {
int requestLogIndex;
#endif
unsigned long replyBytesRemaining;
#ifdef XCSECURITY
XID authId;
unsigned int trustLevel;
pointer (* CheckAccess)(
ClientPtr /*pClient*/,
XID /*id*/,
RESTYPE /*classes*/,
Mask /*access_mode*/,
pointer /*resourceval*/);
#ifdef XACE
pointer securityState[4]; /* 4 slots for use */
#endif
#ifdef XAPPGROUP
struct _AppGroupRec* appgroup;

3
include/extnsionst.h
View File

@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */
ClientPtr /* client */);
#ifdef XCSECURITY
Bool secure; /* extension visible to untrusted clients? */
pointer securityState[4]; /* 4 slots for use */
#endif
} ExtensionEntry;
@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
ExtensionEntry * /*extension*/);
extern ExtensionEntry *CheckExtension(const char *extname);
extern ExtensionEntry *GetExtensionEntry(int major);
extern ExtensionLookupProc LookupProc(
char* /*name*/,

6
include/resource.h
View File

@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex(
#define SecurityWriteAccess (1<<1) /* changing the object */
#define SecurityDestroyAccess (1<<2) /* destroying the object */
#ifdef XCSECURITY
#ifdef XACE
extern pointer SecurityLookupIDByType(
ClientPtr /*client*/,
@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
RESTYPE /*classes*/,
Mask /*access_mode*/);
#else /* not XCSECURITY */
#else /* not XACE */
#define SecurityLookupIDByType(client, id, rtype, access_mode) \
LookupIDByType(id, rtype)
@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
#define SecurityLookupIDByClass(client, id, classes, access_mode) \
LookupIDByClass(id, classes)
#endif /* XCSECURITY */
#endif /* XACE */
extern void GetXIDRange(
int /*client*/,

19
os/access.c
View File

@ -202,9 +202,8 @@ SOFTWARE.
#include "dixstruct.h"
#include "osdep.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#ifdef XACE
#include "xace.h"
#endif
#ifndef PATH_MAX
@ -1383,15 +1382,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client)
pointer addr;
register HOST *host;
#ifdef XCSECURITY
/* untrusted clients can't change host access */
if (client->trustLevel != XSecurityClientTrusted)
{
SecurityAudit("client %d attempted to change host access\n",
client->index);
return FALSE;
}
#endif
if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
&notused, &alen, &from))
{
@ -1534,6 +1524,11 @@ AuthorizedClient(ClientPtr client)
{
if (!client || defeatAccessControl)
return TRUE;
#ifdef XACE
/* untrusted clients can't change host access */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
return FALSE;
#endif
return LocalClient(client);
}

8
os/connection.c
View File

@ -150,6 +150,9 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
@ -693,9 +696,8 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */
#ifdef XAPPGROUP
if (ClientStateCallback)
XagCallClientStateChange (client);
#ifdef XACE
XaceHook(XACE_AUTH_AVAIL, client, auth_id);
#endif
/* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to