frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace XC-SECURITY code with XACE security hooks

This commit is contained in:
Eamon Walsh 2004-05-05 20:04:52 +00:00
parent 6d066cb109
commit 8526cd6395
17 changed files with 169 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
dix/devices.c
View File

@ -65,9 +65,8 @@ SOFTWARE.
#ifdef XKB #ifdef XKB
#include "XKBsrv.h" #include "XKBsrv.h"
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
#ifdef LBX #ifdef LBX
#include "lbxserve.h" #include "lbxserve.h"
@ -1003,8 +1002,8 @@ ProcSetModifierMapping(client)
} }
} }
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess; return BadAccess;
#endif #endif
@ -1125,9 +1124,8 @@ ProcChangeKeyboardMapping(client)
client->errorValue = stuff->keySymsPerKeyCode; client->errorValue = stuff->keySymsPerKeyCode;
return BadValue; return BadValue;
} }
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
TRUE))
return BadAccess; return BadAccess;
#endif #endif
keysyms.minKeyCode = stuff->firstKeyCode; keysyms.minKeyCode = stuff->firstKeyCode;
@ -1284,8 +1282,8 @@ ProcChangeKeyboardControl (client)
vmask = stuff->mask; vmask = stuff->mask;
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask)) if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength; return BadLength;
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess; return BadAccess;
#endif #endif
vlist = (XID *)&stuff[1]; /* first word of values */ vlist = (XID *)&stuff[1]; /* first word of values */
@ -1681,8 +1679,8 @@ ProcQueryKeymap(client)
rep.type = X_Reply; rep.type = X_Reply;
rep.sequenceNumber = client->sequence; rep.sequenceNumber = client->sequence;
rep.length = 2; rep.length = 2;
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{ {
bzero((char *)&rep.map[0], 32); bzero((char *)&rep.map[0], 32);
} }

43
dix/dispatch.c
View File

@ -1,4 +1,4 @@
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */ /* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $Xorg: dispatch.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */ /* $Xorg: dispatch.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
/************************************************************ /************************************************************
@ -103,9 +103,8 @@ int ProcInitialConnection();
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include "Xagsrv.h" #include "Xagsrv.h"
@ -1109,11 +1108,10 @@ ProcConvertSelection(client)
CurrentSelections[i].selection != stuff->selection) i++; CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) && if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None) (CurrentSelections[i].window != None)
#ifdef XCSECURITY #ifdef XACE
&& (!client->CheckAccess || && XaceHook(XACE_RESOURCE_ACCESS, client,
(* client->CheckAccess)(client, CurrentSelections[i].window, CurrentSelections[i].window, RT_WINDOW,
RT_WINDOW, SecurityReadAccess, SecurityReadAccess, CurrentSelections[i].pWin)
CurrentSelections[i].pWin))
#endif #endif
) )
{ {
@ -2218,9 +2216,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
} }
#ifdef XCSECURITY #ifdef XACE
if (client->trustLevel != XSecurityClientTrusted && if (pDraw->type == DRAWABLE_WINDOW &&
pDraw->type == DRAWABLE_WINDOW) !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{ {
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw); pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion) if (pVisibleRegion)
@ -2248,9 +2246,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
format, format,
planemask, planemask,
(pointer) pBuf); (pointer) pBuf);
#ifdef XCSECURITY #ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion, widthBytesLine, XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width, pDraw, x, y + linesDone, width,
nlines, format, pBuf); nlines, format, pBuf);
#endif #endif
@ -2289,9 +2287,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
format, format,
plane, plane,
(pointer)pBuf); (pointer)pBuf);
#ifdef XCSECURITY #ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion, XaceCensorImage(client, pVisibleRegion,
widthBytesLine, widthBytesLine,
pDraw, x, y + linesDone, width, pDraw, x, y + linesDone, width,
nlines, format, pBuf); nlines, format, pBuf);
@ -2317,7 +2315,7 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
} }
} }
} }
#ifdef XCSECURITY #ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion); REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif #endif
@ -3354,11 +3352,10 @@ ProcListHosts(client)
/* REQUEST(xListHostsReq); */ /* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq); REQUEST_SIZE_MATCH(xListHostsReq);
#ifdef XCSECURITY #ifdef XACE
/* untrusted clients can't list hosts */ /* untrusted clients can't list hosts */
if (client->trustLevel != XSecurityClientTrusted) if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{ {
SecurityAudit("client %d attempted to list hosts\n", client->index);
return BadAccess; return BadAccess;
} }
#endif #endif
@ -3743,10 +3740,8 @@ void InitClient(client, i, ospriv)
#ifdef LBX #ifdef LBX
client->readRequest = StandardReadRequestFromClient; client->readRequest = StandardReadRequestFromClient;
#endif #endif
#ifdef XCSECURITY #ifdef XACE
client->trustLevel = XSecurityClientTrusted; XACE_STATE_INIT(client->securityState);
client->CheckAccess = NULL;
client->authId = 0;
#endif #endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
client->appgroup = NULL; client->appgroup = NULL;

36
dix/dixutils.c
View File

@ -93,9 +93,8 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h" #include "scrnintstr.h"
#define XK_LATIN1 #define XK_LATIN1
#include "keysymdef.h" #include "keysymdef.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
/* /*
@ -173,7 +172,7 @@ CopyISOLatin1Lowered(dest, source, length)
*dest = '\0'; *dest = '\0';
} }
#ifdef XCSECURITY #ifdef XACE
/* SecurityLookupWindow and SecurityLookupDrawable: /* SecurityLookupWindow and SecurityLookupDrawable:
* Look up the window/drawable taking into account the client doing * Look up the window/drawable taking into account the client doing
@ -181,6 +180,7 @@ CopyISOLatin1Lowered(dest, source, length)
* if it exists and the client is allowed access, else return NULL. * if it exists and the client is allowed access, else return NULL.
* Most Proc* functions should be calling these instead of * Most Proc* functions should be calling these instead of
* LookupWindow and LookupDrawable, which do no access checks. * LookupWindow and LookupDrawable, which do no access checks.
* XACE note: need to see if client->lastDrawableID can still be used here.
*/ */
WindowPtr WindowPtr
@ -189,27 +189,10 @@ SecurityLookupWindow(rid, client, access_mode)
ClientPtr client; ClientPtr client;
Mask access_mode; Mask access_mode;
{ {
WindowPtr pWin;
client->errorValue = rid; client->errorValue = rid;
if(rid == INVALID) if(rid == INVALID)
return NULL; return NULL;
if (client->trustLevel != XSecurityClientTrusted) return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (client->lastDrawableID == rid)
{
if (client->lastDrawable->type == DRAWABLE_WINDOW)
return ((WindowPtr) client->lastDrawable);
return (WindowPtr) NULL;
}
pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
client->lastDrawable = (DrawablePtr) pWin;
client->lastDrawableID = rid;
client->lastGCID = INVALID;
client->lastGC = (GCPtr)NULL;
}
return pWin;
} }
@ -223,11 +206,6 @@ SecurityLookupDrawable(rid, client, access_mode)
if(rid == INVALID) if(rid == INVALID)
return (pointer) NULL; return (pointer) NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (client->lastDrawableID == rid)
return ((pointer) client->lastDrawable);
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE, pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode); access_mode);
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW)) if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
@ -255,7 +233,7 @@ LookupDrawable(rid, client)
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess); return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
} }
#else /* not XCSECURITY */ #else /* not XACE */
WindowPtr WindowPtr
LookupWindow(rid, client) LookupWindow(rid, client)
@ -301,7 +279,7 @@ LookupDrawable(rid, client)
return (pointer)NULL; return (pointer)NULL;
} }
#endif /* XCSECURITY */ #endif /* XACE */
ClientPtr ClientPtr
LookupClient(rid, client) LookupClient(rid, client)

27
dix/events.c
View File

@ -1,4 +1,4 @@
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */ /* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.1.4.9.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $XFree86: xc/programs/Xserver/dix/events.c,v 3.51 2004/01/12 17:04:52 tsi Exp $ */ /* $XFree86: xc/programs/Xserver/dix/events.c,v 3.51 2004/01/12 17:04:52 tsi Exp $ */
/************************************************************ /************************************************************
@ -101,9 +101,8 @@ Equipment Corporation.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *); extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
#include "XIproto.h" #include "XIproto.h"
@ -2403,8 +2402,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized && (grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo)))) BorderSizeNotEmpty(grab->confineTo))))
{ {
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE; return FALSE;
#endif #endif
#ifdef XKB #ifdef XKB
@ -3164,10 +3163,10 @@ EnterLeaveEvent(
{ {
xKeymapEvent ke; xKeymapEvent ke;
#ifdef XCSECURITY #ifdef XACE
ClientPtr client = grab ? rClient(grab) ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)]; : clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, keybd, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{ {
bzero((char *)&ke.map[0], 31); bzero((char *)&ke.map[0], 31);
} }
@ -3259,9 +3258,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask)) ((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{ {
xKeymapEvent ke; xKeymapEvent ke;
#ifdef XCSECURITY #ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)]; ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, dev, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{ {
bzero((char *)&ke.map[0], 31); bzero((char *)&ke.map[0], 31);
} }
@ -3533,8 +3532,8 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq); REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq); REQUEST_SIZE_MATCH(xSetInputFocusReq);
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success; return Success;
#endif #endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus, return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
@ -3811,8 +3810,8 @@ ProcGrabKeyboard(client)
int result; int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq); REQUEST_SIZE_MATCH(xGrabKeyboardReq);
#ifdef XCSECURITY #ifdef XACE
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{ {
result = Success; result = Success;
rep.status = AlreadyGrabbed; rep.status = AlreadyGrabbed;

59
dix/extension.c
View File

@ -57,9 +57,8 @@ SOFTWARE.
#include "gcstruct.h" #include "gcstruct.h"
#include "scrnintstr.h" #include "scrnintstr.h"
#include "dispatch.h" #include "dispatch.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
#ifdef LBX #ifdef LBX
#include "lbxserve.h" #include "lbxserve.h"
@ -146,8 +145,8 @@ AddExtension(char *name, int NumEvents, int NumErrors,
ext->errorBase = 0; ext->errorBase = 0;
ext->errorLast = 0; ext->errorLast = 0;
} }
#ifdef XCSECURITY #ifdef XACE
ext->secure = FALSE; XACE_STATE_INIT(ext->securityState);
#endif #endif
#ifdef LBX #ifdef LBX
@ -218,28 +217,29 @@ CheckExtension(const char *extname)
return NULL; return NULL;
} }
/*
* Added as part of Xace.
*/
ExtensionEntry *
GetExtensionEntry(int major)
{
if (major < EXTENSION_BASE)
return NULL;
major -= EXTENSION_BASE;
if (major >= NumExtensions)
return NULL;
return extensions[major];
}
void void
DeclareExtensionSecurity(extname, secure) DeclareExtensionSecurity(extname, secure)
char *extname; char *extname;
Bool secure; Bool secure;
{ {
#ifdef XCSECURITY #ifdef XACE
int i = FindExtension(extname, strlen(extname)); int i = FindExtension(extname, strlen(extname));
if (i >= 0) if (i >= 0)
{ XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
int majorop = extensions[i]->base;
extensions[i]->secure = secure;
if (secure)
{
UntrustedProcVector[majorop] = ProcVector[majorop];
SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
}
else
{
UntrustedProcVector[majorop] = ProcBadRequest;
SwappedUntrustedProcVector[majorop] = ProcBadRequest;
}
}
#endif #endif
#ifdef LBX #ifdef LBX
LbxDeclareExtensionSecurity(extname, secure); LbxDeclareExtensionSecurity(extname, secure);
@ -327,10 +327,9 @@ ProcQueryExtension(client)
{ {
i = FindExtension((char *)&stuff[1], stuff->nbytes); i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0 if (i < 0
#ifdef XCSECURITY #ifdef XACE
/* don't show insecure extensions to untrusted clients */ /* call callbacks to find out whether to show extension */
|| (client->trustLevel == XSecurityClientUntrusted && || !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
!extensions[i]->secure)
#endif #endif
) )
reply.present = xFalse; reply.present = xFalse;
@ -368,10 +367,9 @@ ProcListExtensions(client)
for (i=0; i<NumExtensions; i++) for (i=0; i<NumExtensions; i++)
{ {
#ifdef XCSECURITY #ifdef XACE
/* don't show insecure extensions to untrusted clients */ /* call callbacks to find out whether to show extension */
if (client->trustLevel == XSecurityClientUntrusted && if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
!extensions[i]->secure)
continue; continue;
#endif #endif
total_length += strlen(extensions[i]->name) + 1; total_length += strlen(extensions[i]->name) + 1;
@ -386,9 +384,8 @@ ProcListExtensions(client)
for (i=0; i<NumExtensions; i++) for (i=0; i<NumExtensions; i++)
{ {
int len; int len;
#ifdef XCSECURITY #ifdef XACE
if (client->trustLevel == XSecurityClientUntrusted && if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
!extensions[i]->secure)
continue; continue;
#endif #endif
*bufptr++ = len = strlen(extensions[i]->name); *bufptr++ = len = strlen(extensions[i]->name);

25
dix/property.c
View File

@ -56,9 +56,8 @@ SOFTWARE.
#include "dixstruct.h" #include "dixstruct.h"
#include "dispatch.h" #include "dispatch.h"
#include "swaprep.h" #include "swaprep.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
#ifdef LBX #ifdef LBX
#include "lbxserve.h" #include "lbxserve.h"
@ -132,12 +131,12 @@ ProcRotateProperties(client)
return(BadAlloc); return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++) for (i = 0; i < stuff->nAtoms; i++)
{ {
#ifdef XCSECURITY #ifdef XACE
char action = SecurityCheckPropertyAccess(client, pWin, atoms[i], char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess); SecurityReadAccess|SecurityWriteAccess);
#endif #endif
if (!ValidAtom(atoms[i]) if (!ValidAtom(atoms[i])
#ifdef XCSECURITY #ifdef XACE
|| (SecurityErrorOperation == action) || (SecurityErrorOperation == action)
#endif #endif
) )
@ -146,7 +145,7 @@ ProcRotateProperties(client)
client->errorValue = atoms[i]; client->errorValue = atoms[i];
return BadAtom; return BadAtom;
} }
#ifdef XCSECURITY #ifdef XACE
if (SecurityIgnoreOperation == action) if (SecurityIgnoreOperation == action)
{ {
DEALLOCATE_LOCAL(props); DEALLOCATE_LOCAL(props);
@ -248,8 +247,8 @@ ProcChangeProperty(client)
return(BadAtom); return(BadAtom);
} }
#ifdef XCSECURITY #ifdef XACE
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property, switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess)) SecurityWriteAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:
@ -543,13 +542,13 @@ ProcGetProperty(client)
if (!pProp) if (!pProp)
return NullPropertyReply(client, None, 0, &reply); return NullPropertyReply(client, None, 0, &reply);
#ifdef XCSECURITY #ifdef XACE
{ {
Mask access_mode = SecurityReadAccess; Mask access_mode = SecurityReadAccess;
if (stuff->delete) if (stuff->delete)
access_mode |= SecurityDestroyAccess; access_mode |= SecurityDestroyAccess;
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode)) access_mode))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:
@ -718,8 +717,8 @@ ProcDeleteProperty(client)
return (BadAtom); return (BadAtom);
} }
#ifdef XCSECURITY #ifdef XACE
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityDestroyAccess)) SecurityDestroyAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:

21
dix/resource.c
View File

@ -74,7 +74,7 @@ Equipment Corporation.
******************************************************************/ ******************************************************************/
/* $Xorg: resource.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */ /* $Xorg: resource.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.3 2004/04/25 22:42:09 gisburn Exp $ */ /* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.1.4.6.4.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $TOG: resource.c /main/41 1998/02/09 14:20:31 kaleb $ */ /* $TOG: resource.c /main/41 1998/02/09 14:20:31 kaleb $ */
/* Routines to manage various kinds of resources: /* Routines to manage various kinds of resources:
@ -119,6 +119,9 @@ Equipment Corporation.
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"
#endif #endif
#ifdef XACE
#include "xace.h"
#endif
#include <assert.h> #include <assert.h>
static void RebuildTable( static void RebuildTable(
@ -840,7 +843,7 @@ LegalNewID(id, client)
!LookupIDByClass(id, RC_ANY))); !LookupIDByClass(id, RC_ANY)));
} }
#ifdef XCSECURITY #ifdef XACE
/* SecurityLookupIDByType and SecurityLookupIDByClass: /* SecurityLookupIDByType and SecurityLookupIDByClass:
* These are the heart of the resource ID security system. They take * These are the heart of the resource ID security system. They take
@ -877,8 +880,9 @@ SecurityLookupIDByType(client, id, rtype, mode)
break; break;
} }
} }
if (retval && client && client->CheckAccess) if (retval && client &&
retval = (* client->CheckAccess)(client, id, rtype, mode, retval); !XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
retval = NULL;
return retval; return retval;
} }
@ -910,8 +914,9 @@ SecurityLookupIDByClass(client, id, classes, mode)
break; break;
} }
} }
if (retval && client && client->CheckAccess) if (retval && client &&
retval = (* client->CheckAccess)(client, id, res->type, mode, retval); !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
retval = NULL;
return retval; return retval;
} }
@ -937,7 +942,7 @@ LookupIDByClass(id, classes)
SecurityUnknownAccess); SecurityUnknownAccess);
} }
#else /* not XCSECURITY */ #else /* not XACE */
/* /*
* LookupIDByType returns the object with the given id and type, else NULL. * LookupIDByType returns the object with the given id and type, else NULL.
@ -986,4 +991,4 @@ LookupIDByClass(id, classes)
return (pointer)NULL; return (pointer)NULL;
} }
#endif /* XCSECURITY */ #endif /* XACE */

27
dix/window.c
View File

@ -1,4 +1,4 @@
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */ /* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $Xorg: window.c,v 1.4 2001/02/09 02:04:41 xorgcvs Exp $ */ /* $Xorg: window.c,v 1.4 2001/02/09 02:04:41 xorgcvs Exp $ */
/* /*
@ -103,9 +103,8 @@ Equipment Corporation.
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include "Xagsrv.h" #include "Xagsrv.h"
#endif #endif
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "security.h"
#endif #endif
/****** /******
@ -706,11 +705,11 @@ CreateWindow(wid, pParent, x, y, w, h, bw, class, vmask, vlist,
} }
pWin->borderWidth = bw; pWin->borderWidth = bw;
#ifdef XCSECURITY #ifdef XACE
/* can't let untrusted clients have background None windows; /* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents * they make it too easy to steal window contents
*/ */
if (client->trustLevel != XSecurityClientTrusted) if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{ {
pWin->backgroundState = BackgroundPixel; pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0; pWin->background.pixel = 0;
@ -1008,9 +1007,9 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
borderRelative = TRUE; borderRelative = TRUE;
if (pixID == None) if (pixID == None)
{ {
#ifdef XCSECURITY #ifdef XACE
/* can't let untrusted clients have background None windows */ /* can't let untrusted clients have background None windows */
if (client->trustLevel == XSecurityClientTrusted) if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{ {
#endif #endif
if (pWin->backgroundState == BackgroundPixmap) if (pWin->backgroundState == BackgroundPixmap)
@ -1019,7 +1018,7 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
MakeRootTile(pWin); MakeRootTile(pWin);
else else
pWin->backgroundState = None; pWin->backgroundState = None;
#ifdef XCSECURITY #ifdef XACE
} }
else else
{ /* didn't change the background to None, so don't tell ddx */ { /* didn't change the background to None, so don't tell ddx */
@ -2697,13 +2696,9 @@ MapWindow(pWin, client)
if (pWin->mapped) if (pWin->mapped)
return(Success); return(Success);
#ifdef XCSECURITY #ifdef XACE
/* don't let an untrusted client map a child-of-trusted-window, InputOnly /* general check for permission to map window */
* window; too easy to steal device input if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
*/
if ( (client->trustLevel != XSecurityClientTrusted) &&
(pWin->drawable.class == InputOnly) &&
(wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
return Success; return Success;
#endif #endif

19
include/dix.h
View File

@ -89,12 +89,9 @@ SOFTWARE.
((client->lastDrawableID == did) ? \ ((client->lastDrawableID == did) ? \
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client)) client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
#ifdef XCSECURITY #ifdef XACE
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\ #define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\ {\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\ RC_DRAWABLE, mode);\
@ -108,9 +105,6 @@ SOFTWARE.
} }
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\ #define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\ {\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\ RC_DRAWABLE, mode);\
@ -122,9 +116,6 @@ SOFTWARE.
} }
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
if (client->lastGCID == rid && !client->trustLevel)\
pGC = client->lastGC;\
else\
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\ pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
if (!pGC)\ if (!pGC)\
{\ {\
@ -141,7 +132,7 @@ SOFTWARE.
#define VERIFY_GC(pGC, rid, client)\ #define VERIFY_GC(pGC, rid, client)\
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess) SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
#else /* not XCSECURITY */ #else /* not XACE */
#define VERIFY_DRAWABLE(pDraw, did, client)\ #define VERIFY_DRAWABLE(pDraw, did, client)\
if (client->lastDrawableID == did)\ if (client->lastDrawableID == did)\
@ -191,7 +182,7 @@ SOFTWARE.
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
VERIFY_GC(pGC, rid, client) VERIFY_GC(pGC, rid, client)
#endif /* XCSECURITY */ #endif /* XACE */
/* /*
* We think that most hardware implementations of DBE will want * We think that most hardware implementations of DBE will want
@ -379,7 +370,7 @@ extern void CopyISOLatin1Lowered(
unsigned char * /*source*/, unsigned char * /*source*/,
int /*length*/); int /*length*/);
#ifdef XCSECURITY #ifdef XACE
extern WindowPtr SecurityLookupWindow( extern WindowPtr SecurityLookupWindow(
XID /*rid*/, XID /*rid*/,
@ -415,7 +406,7 @@ extern pointer LookupDrawable(
#define SecurityLookupDrawable(rid, client, access_mode) \ #define SecurityLookupDrawable(rid, client, access_mode) \
LookupDrawable(rid, client) LookupDrawable(rid, client)
#endif /* XCSECURITY */ #endif /* XACE */
extern ClientPtr LookupClient( extern ClientPtr LookupClient(
XID /*rid*/, XID /*rid*/,

11
include/dixstruct.h
View File

@ -111,15 +111,8 @@ typedef struct _Client {
int (*readRequest)(ClientPtr /*client*/); int (*readRequest)(ClientPtr /*client*/);
#endif #endif
unsigned long replyBytesRemaining; unsigned long replyBytesRemaining;
#ifdef XCSECURITY #ifdef XACE
XID authId; pointer securityState[4]; /* 4 slots for use */
unsigned int trustLevel;
pointer (* CheckAccess)(
ClientPtr /*pClient*/,
XID /*id*/,
RESTYPE /*classes*/,
Mask /*access_mode*/,
pointer /*resourceval*/);
#endif #endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
struct _AppGroupRec* appgroup; struct _AppGroupRec* appgroup;

3
include/extnsionst.h
View File

@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */ unsigned short (* MinorOpcode)( /* called for errors */
ClientPtr /* client */); ClientPtr /* client */);
#ifdef XCSECURITY #ifdef XCSECURITY
Bool secure; /* extension visible to untrusted clients? */ pointer securityState[4]; /* 4 slots for use */
#endif #endif
} ExtensionEntry; } ExtensionEntry;
@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
ExtensionEntry * /*extension*/); ExtensionEntry * /*extension*/);
extern ExtensionEntry *CheckExtension(const char *extname); extern ExtensionEntry *CheckExtension(const char *extname);
extern ExtensionEntry *GetExtensionEntry(int major);
extern ExtensionLookupProc LookupProc( extern ExtensionLookupProc LookupProc(
char* /*name*/, char* /*name*/,

6
include/resource.h
View File

@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex(
#define SecurityWriteAccess (1<<1) /* changing the object */ #define SecurityWriteAccess (1<<1) /* changing the object */
#define SecurityDestroyAccess (1<<2) /* destroying the object */ #define SecurityDestroyAccess (1<<2) /* destroying the object */
#ifdef XCSECURITY #ifdef XACE
extern pointer SecurityLookupIDByType( extern pointer SecurityLookupIDByType(
ClientPtr /*client*/, ClientPtr /*client*/,
@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
RESTYPE /*classes*/, RESTYPE /*classes*/,
Mask /*access_mode*/); Mask /*access_mode*/);
#else /* not XCSECURITY */ #else /* not XACE */
#define SecurityLookupIDByType(client, id, rtype, access_mode) \ #define SecurityLookupIDByType(client, id, rtype, access_mode) \
LookupIDByType(id, rtype) LookupIDByType(id, rtype)
@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
#define SecurityLookupIDByClass(client, id, classes, access_mode) \ #define SecurityLookupIDByClass(client, id, classes, access_mode) \
LookupIDByClass(id, classes) LookupIDByClass(id, classes)
#endif /* XCSECURITY */ #endif /* XACE */
extern void GetXIDRange( extern void GetXIDRange(
int /*client*/, int /*client*/,

34
lbx/lbxexts.c
View File

@ -32,27 +32,10 @@
#define _XLBX_SERVER_ #define _XLBX_SERVER_
#include "lbxstr.h" #include "lbxstr.h"
#include "lbxserve.h" #include "lbxserve.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "extensions/security.h"
#endif #endif
typedef struct _lbxext {
char *name;
char **aliases;
int num_aliases;
int idx;
int opcode;
int ev_base;
int err_base;
int num_reqs;
CARD8 *rep_mask;
CARD8 *ev_mask;
#ifdef XCSECURITY
Bool secure;
#endif
} LbxExtensionEntry;
static LbxExtensionEntry **lbx_extensions = NULL; static LbxExtensionEntry **lbx_extensions = NULL;
static int num_exts = 0; static int num_exts = 0;
@ -97,8 +80,8 @@ LbxAddExtension(char *name,
ext->ev_mask = NULL; ext->ev_mask = NULL;
ext->rep_mask = NULL; ext->rep_mask = NULL;
ext->num_reqs = 0; ext->num_reqs = 0;
#ifdef XCSECURITY #ifdef XACE
ext->secure = FALSE; XACE_STATE_INIT(ext->securityState);
#endif #endif
return TRUE; return TRUE;
@ -149,10 +132,10 @@ void
LbxDeclareExtensionSecurity(char *extname, LbxDeclareExtensionSecurity(char *extname,
Bool secure) Bool secure)
{ {
#ifdef XCSECURITY #ifdef XACE
int i = LbxFindExtension(extname, strlen(extname)); int i = LbxFindExtension(extname, strlen(extname));
if (i >= 0) if (i >= 0)
lbx_extensions[i]->secure = secure; XaceHook(XACE_DECLARE_LBX_EXT_SECURE, lbx_extensions[i], secure);
#endif #endif
} }
@ -203,10 +186,9 @@ LbxQueryExtension(ClientPtr client,
i = LbxFindExtension(ename, nlen); i = LbxFindExtension(ename, nlen);
if (i < 0 if (i < 0
#ifdef XCSECURITY #ifdef XACE
/* don't show insecure extensions to untrusted clients */ /* don't show insecure extensions to untrusted clients */
|| (client->trustLevel == XSecurityClientUntrusted && || !XaceHook(XACE_LBX_EXT_ACCESS, client, lbx_extensions[i])
!lbx_extensions[i]->secure)
#endif #endif
) )
rep.present = FALSE; rep.present = FALSE;

9
lbx/lbxprop.c
View File

@ -69,9 +69,8 @@ in this Software without prior written authorization from The Open Group.
#include "lbxserve.h" #include "lbxserve.h"
#include "lbxtags.h" #include "lbxtags.h"
#include "Xfuncproto.h" #include "Xfuncproto.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "extensions/xace.h"
#include "extensions/security.h"
#endif #endif
#include "swaprep.h" #include "swaprep.h"
@ -334,8 +333,8 @@ LbxChangeProperty(ClientPtr client)
swaps(&rep.sequenceNumber, n); swaps(&rep.sequenceNumber, n);
} }
#ifdef XCSECURITY #ifdef XACE
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property, switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess)) SecurityWriteAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:

16
lbx/lbxserve.h
View File

@ -119,6 +119,22 @@ typedef struct _LbxProxy {
lbxMotionCache motionCache; lbxMotionCache motionCache;
} LbxProxyRec; } LbxProxyRec;
typedef struct _lbxext {
char *name;
char **aliases;
int num_aliases;
int idx;
int opcode;
int ev_base;
int err_base;
int num_reqs;
CARD8 *rep_mask;
CARD8 *ev_mask;
#ifdef XACE
pointer securityState[4];
#endif
} LbxExtensionEntry;
/* This array is indexed by server client index, not lbx proxy index */ /* This array is indexed by server client index, not lbx proxy index */
extern LbxClientPtr lbxClients[MAXCLIENTS]; extern LbxClientPtr lbxClients[MAXCLIENTS];

21
os/access.c
View File

@ -1,5 +1,5 @@
/* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */ /* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.2 2004/04/23 19:54:28 eich Exp $ */ /* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.1.4.4.4.1 2004/05/04 19:44:01 ewalsh Exp $ */
/*********************************************************** /***********************************************************
Copyright 1987, 1998 The Open Group Copyright 1987, 1998 The Open Group
@ -192,9 +192,8 @@ SOFTWARE.
#include "dixstruct.h" #include "dixstruct.h"
#include "osdep.h" #include "osdep.h"
#ifdef XCSECURITY #ifdef XACE
#define _SECURITY_SERVER #include "xace.h"
#include "extensions/security.h"
#endif #endif
#ifndef PATH_MAX #ifndef PATH_MAX
@ -1321,15 +1320,6 @@ Bool LocalClient(ClientPtr client)
pointer addr; pointer addr;
register HOST *host; register HOST *host;
#ifdef XCSECURITY
/* untrusted clients can't change host access */
if (client->trustLevel != XSecurityClientTrusted)
{
SecurityAudit("client %d attempted to change host access\n",
client->index);
return FALSE;
}
#endif
#ifdef LBX #ifdef LBX
if (!((OsCommPtr)client->osPrivate)->trans_conn) if (!((OsCommPtr)client->osPrivate)->trans_conn)
return FALSE; return FALSE;
@ -1431,6 +1421,11 @@ AuthorizedClient(ClientPtr client)
{ {
if (!client || defeatAccessControl) if (!client || defeatAccessControl)
return TRUE; return TRUE;
#ifdef XACE
/* untrusted clients can't change host access */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
return FALSE;
#endif
return LocalClient(client); return LocalClient(client);
} }

13
os/connection.c
View File

@ -149,6 +149,9 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include "extensions/Xagsrv.h" #include "extensions/Xagsrv.h"
#endif #endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XCSECURITY #ifdef XCSECURITY
#define _SECURITY_SERVER #define _SECURITY_SERVER
#include "extensions/security.h" #include "extensions/security.h"
@ -632,8 +635,9 @@ ClientAuthorized(ClientPtr client,
if (! priv->trans_conn) { if (! priv->trans_conn) {
if (auth_id == (XID) ~0L && !GetAccessControl()) if (auth_id == (XID) ~0L && !GetAccessControl())
auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id; auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id;
#ifdef XCSECURITY #ifdef XACE
else if (auth_id != (XID) ~0L && !SecuritySameLevel(lbxpc, auth_id)) { else if (auth_id != (XID) ~0L &&
!XaceHook(XACE_LBX_PROXY_ACCESS, lbxpc, auth_id)) {
auth_id = (XID) ~0L; auth_id = (XID) ~0L;
reason = "Client trust level differs from that of LBX Proxy"; reason = "Client trust level differs from that of LBX Proxy";
} }
@ -709,9 +713,8 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */ /* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd); XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */ #endif /* XDMCP */
#ifdef XAPPGROUP #ifdef XACE
if (ClientStateCallback) XaceHook(XACE_AUTH_AVAIL, client, auth_id);
XagCallClientStateChange (client);
#endif #endif
/* At this point, if the client is authorized to change the access control /* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to * list, we should getpeername() information, and add the client to