Replace XC-SECURITY code with XACE security hooks
This commit is contained in:
parent
6d066cb109
commit
8526cd6395
|
@ -65,9 +65,8 @@ SOFTWARE.
|
||||||
#ifdef XKB
|
#ifdef XKB
|
||||||
#include "XKBsrv.h"
|
#include "XKBsrv.h"
|
||||||
#endif
|
#endif
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
#include "lbxserve.h"
|
#include "lbxserve.h"
|
||||||
|
@ -1003,8 +1002,8 @@ ProcSetModifierMapping(client)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
|
||||||
return BadAccess;
|
return BadAccess;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1125,9 +1124,8 @@ ProcChangeKeyboardMapping(client)
|
||||||
client->errorValue = stuff->keySymsPerKeyCode;
|
client->errorValue = stuff->keySymsPerKeyCode;
|
||||||
return BadValue;
|
return BadValue;
|
||||||
}
|
}
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard,
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||||
TRUE))
|
|
||||||
return BadAccess;
|
return BadAccess;
|
||||||
#endif
|
#endif
|
||||||
keysyms.minKeyCode = stuff->firstKeyCode;
|
keysyms.minKeyCode = stuff->firstKeyCode;
|
||||||
|
@ -1284,8 +1282,8 @@ ProcChangeKeyboardControl (client)
|
||||||
vmask = stuff->mask;
|
vmask = stuff->mask;
|
||||||
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
|
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
|
||||||
return BadLength;
|
return BadLength;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
|
||||||
return BadAccess;
|
return BadAccess;
|
||||||
#endif
|
#endif
|
||||||
vlist = (XID *)&stuff[1]; /* first word of values */
|
vlist = (XID *)&stuff[1]; /* first word of values */
|
||||||
|
@ -1681,8 +1679,8 @@ ProcQueryKeymap(client)
|
||||||
rep.type = X_Reply;
|
rep.type = X_Reply;
|
||||||
rep.sequenceNumber = client->sequence;
|
rep.sequenceNumber = client->sequence;
|
||||||
rep.length = 2;
|
rep.length = 2;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||||
{
|
{
|
||||||
bzero((char *)&rep.map[0], 32);
|
bzero((char *)&rep.map[0], 32);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
|
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||||
/* $Xorg: dispatch.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
|
/* $Xorg: dispatch.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
|
||||||
/************************************************************
|
/************************************************************
|
||||||
|
|
||||||
|
@ -103,9 +103,8 @@ int ProcInitialConnection();
|
||||||
#include "panoramiX.h"
|
#include "panoramiX.h"
|
||||||
#include "panoramiXsrv.h"
|
#include "panoramiXsrv.h"
|
||||||
#endif
|
#endif
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
#include "Xagsrv.h"
|
#include "Xagsrv.h"
|
||||||
|
@ -1109,11 +1108,10 @@ ProcConvertSelection(client)
|
||||||
CurrentSelections[i].selection != stuff->selection) i++;
|
CurrentSelections[i].selection != stuff->selection) i++;
|
||||||
if ((i < NumCurrentSelections) &&
|
if ((i < NumCurrentSelections) &&
|
||||||
(CurrentSelections[i].window != None)
|
(CurrentSelections[i].window != None)
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
&& (!client->CheckAccess ||
|
&& XaceHook(XACE_RESOURCE_ACCESS, client,
|
||||||
(* client->CheckAccess)(client, CurrentSelections[i].window,
|
CurrentSelections[i].window, RT_WINDOW,
|
||||||
RT_WINDOW, SecurityReadAccess,
|
SecurityReadAccess, CurrentSelections[i].pWin)
|
||||||
CurrentSelections[i].pWin))
|
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
@ -2218,9 +2216,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
||||||
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
|
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (client->trustLevel != XSecurityClientTrusted &&
|
if (pDraw->type == DRAWABLE_WINDOW &&
|
||||||
pDraw->type == DRAWABLE_WINDOW)
|
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
|
||||||
{
|
{
|
||||||
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
|
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
|
||||||
if (pVisibleRegion)
|
if (pVisibleRegion)
|
||||||
|
@ -2248,9 +2246,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
||||||
format,
|
format,
|
||||||
planemask,
|
planemask,
|
||||||
(pointer) pBuf);
|
(pointer) pBuf);
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (pVisibleRegion)
|
if (pVisibleRegion)
|
||||||
SecurityCensorImage(client, pVisibleRegion, widthBytesLine,
|
XaceCensorImage(client, pVisibleRegion, widthBytesLine,
|
||||||
pDraw, x, y + linesDone, width,
|
pDraw, x, y + linesDone, width,
|
||||||
nlines, format, pBuf);
|
nlines, format, pBuf);
|
||||||
#endif
|
#endif
|
||||||
|
@ -2289,9 +2287,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
||||||
format,
|
format,
|
||||||
plane,
|
plane,
|
||||||
(pointer)pBuf);
|
(pointer)pBuf);
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (pVisibleRegion)
|
if (pVisibleRegion)
|
||||||
SecurityCensorImage(client, pVisibleRegion,
|
XaceCensorImage(client, pVisibleRegion,
|
||||||
widthBytesLine,
|
widthBytesLine,
|
||||||
pDraw, x, y + linesDone, width,
|
pDraw, x, y + linesDone, width,
|
||||||
nlines, format, pBuf);
|
nlines, format, pBuf);
|
||||||
|
@ -2317,7 +2315,7 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (pVisibleRegion)
|
if (pVisibleRegion)
|
||||||
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
|
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
|
||||||
#endif
|
#endif
|
||||||
|
@ -3354,11 +3352,10 @@ ProcListHosts(client)
|
||||||
/* REQUEST(xListHostsReq); */
|
/* REQUEST(xListHostsReq); */
|
||||||
|
|
||||||
REQUEST_SIZE_MATCH(xListHostsReq);
|
REQUEST_SIZE_MATCH(xListHostsReq);
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* untrusted clients can't list hosts */
|
/* untrusted clients can't list hosts */
|
||||||
if (client->trustLevel != XSecurityClientTrusted)
|
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
|
||||||
{
|
{
|
||||||
SecurityAudit("client %d attempted to list hosts\n", client->index);
|
|
||||||
return BadAccess;
|
return BadAccess;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -3743,10 +3740,8 @@ void InitClient(client, i, ospriv)
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
client->readRequest = StandardReadRequestFromClient;
|
client->readRequest = StandardReadRequestFromClient;
|
||||||
#endif
|
#endif
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
client->trustLevel = XSecurityClientTrusted;
|
XACE_STATE_INIT(client->securityState);
|
||||||
client->CheckAccess = NULL;
|
|
||||||
client->authId = 0;
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
client->appgroup = NULL;
|
client->appgroup = NULL;
|
||||||
|
|
|
@ -93,9 +93,8 @@ Author: Adobe Systems Incorporated
|
||||||
#include "scrnintstr.h"
|
#include "scrnintstr.h"
|
||||||
#define XK_LATIN1
|
#define XK_LATIN1
|
||||||
#include "keysymdef.h"
|
#include "keysymdef.h"
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -173,7 +172,7 @@ CopyISOLatin1Lowered(dest, source, length)
|
||||||
*dest = '\0';
|
*dest = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
|
|
||||||
/* SecurityLookupWindow and SecurityLookupDrawable:
|
/* SecurityLookupWindow and SecurityLookupDrawable:
|
||||||
* Look up the window/drawable taking into account the client doing
|
* Look up the window/drawable taking into account the client doing
|
||||||
|
@ -181,6 +180,7 @@ CopyISOLatin1Lowered(dest, source, length)
|
||||||
* if it exists and the client is allowed access, else return NULL.
|
* if it exists and the client is allowed access, else return NULL.
|
||||||
* Most Proc* functions should be calling these instead of
|
* Most Proc* functions should be calling these instead of
|
||||||
* LookupWindow and LookupDrawable, which do no access checks.
|
* LookupWindow and LookupDrawable, which do no access checks.
|
||||||
|
* XACE note: need to see if client->lastDrawableID can still be used here.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
WindowPtr
|
WindowPtr
|
||||||
|
@ -189,27 +189,10 @@ SecurityLookupWindow(rid, client, access_mode)
|
||||||
ClientPtr client;
|
ClientPtr client;
|
||||||
Mask access_mode;
|
Mask access_mode;
|
||||||
{
|
{
|
||||||
WindowPtr pWin;
|
|
||||||
|
|
||||||
client->errorValue = rid;
|
client->errorValue = rid;
|
||||||
if(rid == INVALID)
|
if(rid == INVALID)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (client->trustLevel != XSecurityClientTrusted)
|
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
|
||||||
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
|
|
||||||
if (client->lastDrawableID == rid)
|
|
||||||
{
|
|
||||||
if (client->lastDrawable->type == DRAWABLE_WINDOW)
|
|
||||||
return ((WindowPtr) client->lastDrawable);
|
|
||||||
return (WindowPtr) NULL;
|
|
||||||
}
|
|
||||||
pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
|
|
||||||
if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
|
|
||||||
client->lastDrawable = (DrawablePtr) pWin;
|
|
||||||
client->lastDrawableID = rid;
|
|
||||||
client->lastGCID = INVALID;
|
|
||||||
client->lastGC = (GCPtr)NULL;
|
|
||||||
}
|
|
||||||
return pWin;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -223,11 +206,6 @@ SecurityLookupDrawable(rid, client, access_mode)
|
||||||
|
|
||||||
if(rid == INVALID)
|
if(rid == INVALID)
|
||||||
return (pointer) NULL;
|
return (pointer) NULL;
|
||||||
if (client->trustLevel != XSecurityClientTrusted)
|
|
||||||
return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
|
|
||||||
access_mode);
|
|
||||||
if (client->lastDrawableID == rid)
|
|
||||||
return ((pointer) client->lastDrawable);
|
|
||||||
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
|
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
|
||||||
access_mode);
|
access_mode);
|
||||||
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
|
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
|
||||||
|
@ -255,7 +233,7 @@ LookupDrawable(rid, client)
|
||||||
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
|
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
|
||||||
}
|
}
|
||||||
|
|
||||||
#else /* not XCSECURITY */
|
#else /* not XACE */
|
||||||
|
|
||||||
WindowPtr
|
WindowPtr
|
||||||
LookupWindow(rid, client)
|
LookupWindow(rid, client)
|
||||||
|
@ -301,7 +279,7 @@ LookupDrawable(rid, client)
|
||||||
return (pointer)NULL;
|
return (pointer)NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* XCSECURITY */
|
#endif /* XACE */
|
||||||
|
|
||||||
ClientPtr
|
ClientPtr
|
||||||
LookupClient(rid, client)
|
LookupClient(rid, client)
|
||||||
|
|
27
dix/events.c
27
dix/events.c
|
@ -1,4 +1,4 @@
|
||||||
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
|
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.1.4.9.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||||
/* $XFree86: xc/programs/Xserver/dix/events.c,v 3.51 2004/01/12 17:04:52 tsi Exp $ */
|
/* $XFree86: xc/programs/Xserver/dix/events.c,v 3.51 2004/01/12 17:04:52 tsi Exp $ */
|
||||||
/************************************************************
|
/************************************************************
|
||||||
|
|
||||||
|
@ -101,9 +101,8 @@ Equipment Corporation.
|
||||||
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
|
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "XIproto.h"
|
#include "XIproto.h"
|
||||||
|
@ -2403,8 +2402,8 @@ CheckPassiveGrabsOnWindow(
|
||||||
(grab->confineTo->realized &&
|
(grab->confineTo->realized &&
|
||||||
BorderSizeNotEmpty(grab->confineTo))))
|
BorderSizeNotEmpty(grab->confineTo))))
|
||||||
{
|
{
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
|
||||||
return FALSE;
|
return FALSE;
|
||||||
#endif
|
#endif
|
||||||
#ifdef XKB
|
#ifdef XKB
|
||||||
|
@ -3164,10 +3163,10 @@ EnterLeaveEvent(
|
||||||
{
|
{
|
||||||
xKeymapEvent ke;
|
xKeymapEvent ke;
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
ClientPtr client = grab ? rClient(grab)
|
ClientPtr client = grab ? rClient(grab)
|
||||||
: clients[CLIENT_ID(pWin->drawable.id)];
|
: clients[CLIENT_ID(pWin->drawable.id)];
|
||||||
if (!SecurityCheckDeviceAccess(client, keybd, FALSE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
|
||||||
{
|
{
|
||||||
bzero((char *)&ke.map[0], 31);
|
bzero((char *)&ke.map[0], 31);
|
||||||
}
|
}
|
||||||
|
@ -3259,9 +3258,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
|
||||||
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
|
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
|
||||||
{
|
{
|
||||||
xKeymapEvent ke;
|
xKeymapEvent ke;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
|
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
|
||||||
if (!SecurityCheckDeviceAccess(client, dev, FALSE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
|
||||||
{
|
{
|
||||||
bzero((char *)&ke.map[0], 31);
|
bzero((char *)&ke.map[0], 31);
|
||||||
}
|
}
|
||||||
|
@ -3533,8 +3532,8 @@ ProcSetInputFocus(client)
|
||||||
REQUEST(xSetInputFocusReq);
|
REQUEST(xSetInputFocusReq);
|
||||||
|
|
||||||
REQUEST_SIZE_MATCH(xSetInputFocusReq);
|
REQUEST_SIZE_MATCH(xSetInputFocusReq);
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||||
return Success;
|
return Success;
|
||||||
#endif
|
#endif
|
||||||
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
|
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
|
||||||
|
@ -3811,8 +3810,8 @@ ProcGrabKeyboard(client)
|
||||||
int result;
|
int result;
|
||||||
|
|
||||||
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
|
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
|
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||||
{
|
{
|
||||||
result = Success;
|
result = Success;
|
||||||
rep.status = AlreadyGrabbed;
|
rep.status = AlreadyGrabbed;
|
||||||
|
|
|
@ -57,9 +57,8 @@ SOFTWARE.
|
||||||
#include "gcstruct.h"
|
#include "gcstruct.h"
|
||||||
#include "scrnintstr.h"
|
#include "scrnintstr.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
#include "lbxserve.h"
|
#include "lbxserve.h"
|
||||||
|
@ -146,8 +145,8 @@ AddExtension(char *name, int NumEvents, int NumErrors,
|
||||||
ext->errorBase = 0;
|
ext->errorBase = 0;
|
||||||
ext->errorLast = 0;
|
ext->errorLast = 0;
|
||||||
}
|
}
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
ext->secure = FALSE;
|
XACE_STATE_INIT(ext->securityState);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
|
@ -218,28 +217,29 @@ CheckExtension(const char *extname)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Added as part of Xace.
|
||||||
|
*/
|
||||||
|
ExtensionEntry *
|
||||||
|
GetExtensionEntry(int major)
|
||||||
|
{
|
||||||
|
if (major < EXTENSION_BASE)
|
||||||
|
return NULL;
|
||||||
|
major -= EXTENSION_BASE;
|
||||||
|
if (major >= NumExtensions)
|
||||||
|
return NULL;
|
||||||
|
return extensions[major];
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
DeclareExtensionSecurity(extname, secure)
|
DeclareExtensionSecurity(extname, secure)
|
||||||
char *extname;
|
char *extname;
|
||||||
Bool secure;
|
Bool secure;
|
||||||
{
|
{
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
int i = FindExtension(extname, strlen(extname));
|
int i = FindExtension(extname, strlen(extname));
|
||||||
if (i >= 0)
|
if (i >= 0)
|
||||||
{
|
XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
|
||||||
int majorop = extensions[i]->base;
|
|
||||||
extensions[i]->secure = secure;
|
|
||||||
if (secure)
|
|
||||||
{
|
|
||||||
UntrustedProcVector[majorop] = ProcVector[majorop];
|
|
||||||
SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
UntrustedProcVector[majorop] = ProcBadRequest;
|
|
||||||
SwappedUntrustedProcVector[majorop] = ProcBadRequest;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
LbxDeclareExtensionSecurity(extname, secure);
|
LbxDeclareExtensionSecurity(extname, secure);
|
||||||
|
@ -327,10 +327,9 @@ ProcQueryExtension(client)
|
||||||
{
|
{
|
||||||
i = FindExtension((char *)&stuff[1], stuff->nbytes);
|
i = FindExtension((char *)&stuff[1], stuff->nbytes);
|
||||||
if (i < 0
|
if (i < 0
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* don't show insecure extensions to untrusted clients */
|
/* call callbacks to find out whether to show extension */
|
||||||
|| (client->trustLevel == XSecurityClientUntrusted &&
|
|| !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
|
||||||
!extensions[i]->secure)
|
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
reply.present = xFalse;
|
reply.present = xFalse;
|
||||||
|
@ -368,10 +367,9 @@ ProcListExtensions(client)
|
||||||
|
|
||||||
for (i=0; i<NumExtensions; i++)
|
for (i=0; i<NumExtensions; i++)
|
||||||
{
|
{
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* don't show insecure extensions to untrusted clients */
|
/* call callbacks to find out whether to show extension */
|
||||||
if (client->trustLevel == XSecurityClientUntrusted &&
|
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||||
!extensions[i]->secure)
|
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
total_length += strlen(extensions[i]->name) + 1;
|
total_length += strlen(extensions[i]->name) + 1;
|
||||||
|
@ -386,9 +384,8 @@ ProcListExtensions(client)
|
||||||
for (i=0; i<NumExtensions; i++)
|
for (i=0; i<NumExtensions; i++)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (client->trustLevel == XSecurityClientUntrusted &&
|
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||||
!extensions[i]->secure)
|
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
*bufptr++ = len = strlen(extensions[i]->name);
|
*bufptr++ = len = strlen(extensions[i]->name);
|
||||||
|
|
|
@ -56,9 +56,8 @@ SOFTWARE.
|
||||||
#include "dixstruct.h"
|
#include "dixstruct.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "swaprep.h"
|
#include "swaprep.h"
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
#include "lbxserve.h"
|
#include "lbxserve.h"
|
||||||
|
@ -132,12 +131,12 @@ ProcRotateProperties(client)
|
||||||
return(BadAlloc);
|
return(BadAlloc);
|
||||||
for (i = 0; i < stuff->nAtoms; i++)
|
for (i = 0; i < stuff->nAtoms; i++)
|
||||||
{
|
{
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
char action = SecurityCheckPropertyAccess(client, pWin, atoms[i],
|
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
|
||||||
SecurityReadAccess|SecurityWriteAccess);
|
SecurityReadAccess|SecurityWriteAccess);
|
||||||
#endif
|
#endif
|
||||||
if (!ValidAtom(atoms[i])
|
if (!ValidAtom(atoms[i])
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
|| (SecurityErrorOperation == action)
|
|| (SecurityErrorOperation == action)
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
|
@ -146,7 +145,7 @@ ProcRotateProperties(client)
|
||||||
client->errorValue = atoms[i];
|
client->errorValue = atoms[i];
|
||||||
return BadAtom;
|
return BadAtom;
|
||||||
}
|
}
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
if (SecurityIgnoreOperation == action)
|
if (SecurityIgnoreOperation == action)
|
||||||
{
|
{
|
||||||
DEALLOCATE_LOCAL(props);
|
DEALLOCATE_LOCAL(props);
|
||||||
|
@ -248,8 +247,8 @@ ProcChangeProperty(client)
|
||||||
return(BadAtom);
|
return(BadAtom);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
SecurityWriteAccess))
|
SecurityWriteAccess))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case SecurityErrorOperation:
|
||||||
|
@ -543,13 +542,13 @@ ProcGetProperty(client)
|
||||||
if (!pProp)
|
if (!pProp)
|
||||||
return NullPropertyReply(client, None, 0, &reply);
|
return NullPropertyReply(client, None, 0, &reply);
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
{
|
{
|
||||||
Mask access_mode = SecurityReadAccess;
|
Mask access_mode = SecurityReadAccess;
|
||||||
|
|
||||||
if (stuff->delete)
|
if (stuff->delete)
|
||||||
access_mode |= SecurityDestroyAccess;
|
access_mode |= SecurityDestroyAccess;
|
||||||
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
access_mode))
|
access_mode))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case SecurityErrorOperation:
|
||||||
|
@ -718,8 +717,8 @@ ProcDeleteProperty(client)
|
||||||
return (BadAtom);
|
return (BadAtom);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
SecurityDestroyAccess))
|
SecurityDestroyAccess))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case SecurityErrorOperation:
|
||||||
|
|
|
@ -74,7 +74,7 @@ Equipment Corporation.
|
||||||
******************************************************************/
|
******************************************************************/
|
||||||
|
|
||||||
/* $Xorg: resource.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
|
/* $Xorg: resource.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
|
||||||
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.3 2004/04/25 22:42:09 gisburn Exp $ */
|
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.1.4.6.4.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||||
/* $TOG: resource.c /main/41 1998/02/09 14:20:31 kaleb $ */
|
/* $TOG: resource.c /main/41 1998/02/09 14:20:31 kaleb $ */
|
||||||
|
|
||||||
/* Routines to manage various kinds of resources:
|
/* Routines to manage various kinds of resources:
|
||||||
|
@ -119,6 +119,9 @@ Equipment Corporation.
|
||||||
#include "panoramiX.h"
|
#include "panoramiX.h"
|
||||||
#include "panoramiXsrv.h"
|
#include "panoramiXsrv.h"
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef XACE
|
||||||
|
#include "xace.h"
|
||||||
|
#endif
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
|
||||||
static void RebuildTable(
|
static void RebuildTable(
|
||||||
|
@ -840,7 +843,7 @@ LegalNewID(id, client)
|
||||||
!LookupIDByClass(id, RC_ANY)));
|
!LookupIDByClass(id, RC_ANY)));
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
|
|
||||||
/* SecurityLookupIDByType and SecurityLookupIDByClass:
|
/* SecurityLookupIDByType and SecurityLookupIDByClass:
|
||||||
* These are the heart of the resource ID security system. They take
|
* These are the heart of the resource ID security system. They take
|
||||||
|
@ -877,8 +880,9 @@ SecurityLookupIDByType(client, id, rtype, mode)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (retval && client && client->CheckAccess)
|
if (retval && client &&
|
||||||
retval = (* client->CheckAccess)(client, id, rtype, mode, retval);
|
!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
|
||||||
|
retval = NULL;
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -910,8 +914,9 @@ SecurityLookupIDByClass(client, id, classes, mode)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (retval && client && client->CheckAccess)
|
if (retval && client &&
|
||||||
retval = (* client->CheckAccess)(client, id, res->type, mode, retval);
|
!XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
|
||||||
|
retval = NULL;
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -937,7 +942,7 @@ LookupIDByClass(id, classes)
|
||||||
SecurityUnknownAccess);
|
SecurityUnknownAccess);
|
||||||
}
|
}
|
||||||
|
|
||||||
#else /* not XCSECURITY */
|
#else /* not XACE */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* LookupIDByType returns the object with the given id and type, else NULL.
|
* LookupIDByType returns the object with the given id and type, else NULL.
|
||||||
|
@ -986,4 +991,4 @@ LookupIDByClass(id, classes)
|
||||||
return (pointer)NULL;
|
return (pointer)NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* XCSECURITY */
|
#endif /* XACE */
|
||||||
|
|
27
dix/window.c
27
dix/window.c
|
@ -1,4 +1,4 @@
|
||||||
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
|
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||||
/* $Xorg: window.c,v 1.4 2001/02/09 02:04:41 xorgcvs Exp $ */
|
/* $Xorg: window.c,v 1.4 2001/02/09 02:04:41 xorgcvs Exp $ */
|
||||||
/*
|
/*
|
||||||
|
|
||||||
|
@ -103,9 +103,8 @@ Equipment Corporation.
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
#include "Xagsrv.h"
|
#include "Xagsrv.h"
|
||||||
#endif
|
#endif
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "security.h"
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/******
|
/******
|
||||||
|
@ -706,11 +705,11 @@ CreateWindow(wid, pParent, x, y, w, h, bw, class, vmask, vlist,
|
||||||
}
|
}
|
||||||
|
|
||||||
pWin->borderWidth = bw;
|
pWin->borderWidth = bw;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* can't let untrusted clients have background None windows;
|
/* can't let untrusted clients have background None windows;
|
||||||
* they make it too easy to steal window contents
|
* they make it too easy to steal window contents
|
||||||
*/
|
*/
|
||||||
if (client->trustLevel != XSecurityClientTrusted)
|
if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
|
||||||
{
|
{
|
||||||
pWin->backgroundState = BackgroundPixel;
|
pWin->backgroundState = BackgroundPixel;
|
||||||
pWin->background.pixel = 0;
|
pWin->background.pixel = 0;
|
||||||
|
@ -1008,9 +1007,9 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
|
||||||
borderRelative = TRUE;
|
borderRelative = TRUE;
|
||||||
if (pixID == None)
|
if (pixID == None)
|
||||||
{
|
{
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* can't let untrusted clients have background None windows */
|
/* can't let untrusted clients have background None windows */
|
||||||
if (client->trustLevel == XSecurityClientTrusted)
|
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
|
||||||
{
|
{
|
||||||
#endif
|
#endif
|
||||||
if (pWin->backgroundState == BackgroundPixmap)
|
if (pWin->backgroundState == BackgroundPixmap)
|
||||||
|
@ -1019,7 +1018,7 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
|
||||||
MakeRootTile(pWin);
|
MakeRootTile(pWin);
|
||||||
else
|
else
|
||||||
pWin->backgroundState = None;
|
pWin->backgroundState = None;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{ /* didn't change the background to None, so don't tell ddx */
|
{ /* didn't change the background to None, so don't tell ddx */
|
||||||
|
@ -2697,13 +2696,9 @@ MapWindow(pWin, client)
|
||||||
if (pWin->mapped)
|
if (pWin->mapped)
|
||||||
return(Success);
|
return(Success);
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* don't let an untrusted client map a child-of-trusted-window, InputOnly
|
/* general check for permission to map window */
|
||||||
* window; too easy to steal device input
|
if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
|
||||||
*/
|
|
||||||
if ( (client->trustLevel != XSecurityClientTrusted) &&
|
|
||||||
(pWin->drawable.class == InputOnly) &&
|
|
||||||
(wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
|
|
||||||
return Success;
|
return Success;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -89,12 +89,9 @@ SOFTWARE.
|
||||||
((client->lastDrawableID == did) ? \
|
((client->lastDrawableID == did) ? \
|
||||||
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
|
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
|
|
||||||
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
|
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
|
||||||
if (client->lastDrawableID == did && !client->trustLevel)\
|
|
||||||
pDraw = client->lastDrawable;\
|
|
||||||
else \
|
|
||||||
{\
|
{\
|
||||||
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
|
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
|
||||||
RC_DRAWABLE, mode);\
|
RC_DRAWABLE, mode);\
|
||||||
|
@ -108,9 +105,6 @@ SOFTWARE.
|
||||||
}
|
}
|
||||||
|
|
||||||
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
|
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
|
||||||
if (client->lastDrawableID == did && !client->trustLevel)\
|
|
||||||
pDraw = client->lastDrawable;\
|
|
||||||
else \
|
|
||||||
{\
|
{\
|
||||||
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
|
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
|
||||||
RC_DRAWABLE, mode);\
|
RC_DRAWABLE, mode);\
|
||||||
|
@ -122,9 +116,6 @@ SOFTWARE.
|
||||||
}
|
}
|
||||||
|
|
||||||
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
|
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
|
||||||
if (client->lastGCID == rid && !client->trustLevel)\
|
|
||||||
pGC = client->lastGC;\
|
|
||||||
else\
|
|
||||||
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
|
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
|
||||||
if (!pGC)\
|
if (!pGC)\
|
||||||
{\
|
{\
|
||||||
|
@ -141,7 +132,7 @@ SOFTWARE.
|
||||||
#define VERIFY_GC(pGC, rid, client)\
|
#define VERIFY_GC(pGC, rid, client)\
|
||||||
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
|
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
|
||||||
|
|
||||||
#else /* not XCSECURITY */
|
#else /* not XACE */
|
||||||
|
|
||||||
#define VERIFY_DRAWABLE(pDraw, did, client)\
|
#define VERIFY_DRAWABLE(pDraw, did, client)\
|
||||||
if (client->lastDrawableID == did)\
|
if (client->lastDrawableID == did)\
|
||||||
|
@ -191,7 +182,7 @@ SOFTWARE.
|
||||||
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
|
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
|
||||||
VERIFY_GC(pGC, rid, client)
|
VERIFY_GC(pGC, rid, client)
|
||||||
|
|
||||||
#endif /* XCSECURITY */
|
#endif /* XACE */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We think that most hardware implementations of DBE will want
|
* We think that most hardware implementations of DBE will want
|
||||||
|
@ -379,7 +370,7 @@ extern void CopyISOLatin1Lowered(
|
||||||
unsigned char * /*source*/,
|
unsigned char * /*source*/,
|
||||||
int /*length*/);
|
int /*length*/);
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
|
|
||||||
extern WindowPtr SecurityLookupWindow(
|
extern WindowPtr SecurityLookupWindow(
|
||||||
XID /*rid*/,
|
XID /*rid*/,
|
||||||
|
@ -415,7 +406,7 @@ extern pointer LookupDrawable(
|
||||||
#define SecurityLookupDrawable(rid, client, access_mode) \
|
#define SecurityLookupDrawable(rid, client, access_mode) \
|
||||||
LookupDrawable(rid, client)
|
LookupDrawable(rid, client)
|
||||||
|
|
||||||
#endif /* XCSECURITY */
|
#endif /* XACE */
|
||||||
|
|
||||||
extern ClientPtr LookupClient(
|
extern ClientPtr LookupClient(
|
||||||
XID /*rid*/,
|
XID /*rid*/,
|
||||||
|
|
|
@ -111,15 +111,8 @@ typedef struct _Client {
|
||||||
int (*readRequest)(ClientPtr /*client*/);
|
int (*readRequest)(ClientPtr /*client*/);
|
||||||
#endif
|
#endif
|
||||||
unsigned long replyBytesRemaining;
|
unsigned long replyBytesRemaining;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
XID authId;
|
pointer securityState[4]; /* 4 slots for use */
|
||||||
unsigned int trustLevel;
|
|
||||||
pointer (* CheckAccess)(
|
|
||||||
ClientPtr /*pClient*/,
|
|
||||||
XID /*id*/,
|
|
||||||
RESTYPE /*classes*/,
|
|
||||||
Mask /*access_mode*/,
|
|
||||||
pointer /*resourceval*/);
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
struct _AppGroupRec* appgroup;
|
struct _AppGroupRec* appgroup;
|
||||||
|
|
|
@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
|
||||||
unsigned short (* MinorOpcode)( /* called for errors */
|
unsigned short (* MinorOpcode)( /* called for errors */
|
||||||
ClientPtr /* client */);
|
ClientPtr /* client */);
|
||||||
#ifdef XCSECURITY
|
#ifdef XCSECURITY
|
||||||
Bool secure; /* extension visible to untrusted clients? */
|
pointer securityState[4]; /* 4 slots for use */
|
||||||
#endif
|
#endif
|
||||||
} ExtensionEntry;
|
} ExtensionEntry;
|
||||||
|
|
||||||
|
@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
|
||||||
ExtensionEntry * /*extension*/);
|
ExtensionEntry * /*extension*/);
|
||||||
|
|
||||||
extern ExtensionEntry *CheckExtension(const char *extname);
|
extern ExtensionEntry *CheckExtension(const char *extname);
|
||||||
|
extern ExtensionEntry *GetExtensionEntry(int major);
|
||||||
|
|
||||||
extern ExtensionLookupProc LookupProc(
|
extern ExtensionLookupProc LookupProc(
|
||||||
char* /*name*/,
|
char* /*name*/,
|
||||||
|
|
|
@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex(
|
||||||
#define SecurityWriteAccess (1<<1) /* changing the object */
|
#define SecurityWriteAccess (1<<1) /* changing the object */
|
||||||
#define SecurityDestroyAccess (1<<2) /* destroying the object */
|
#define SecurityDestroyAccess (1<<2) /* destroying the object */
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
|
|
||||||
extern pointer SecurityLookupIDByType(
|
extern pointer SecurityLookupIDByType(
|
||||||
ClientPtr /*client*/,
|
ClientPtr /*client*/,
|
||||||
|
@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
|
||||||
RESTYPE /*classes*/,
|
RESTYPE /*classes*/,
|
||||||
Mask /*access_mode*/);
|
Mask /*access_mode*/);
|
||||||
|
|
||||||
#else /* not XCSECURITY */
|
#else /* not XACE */
|
||||||
|
|
||||||
#define SecurityLookupIDByType(client, id, rtype, access_mode) \
|
#define SecurityLookupIDByType(client, id, rtype, access_mode) \
|
||||||
LookupIDByType(id, rtype)
|
LookupIDByType(id, rtype)
|
||||||
|
@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
|
||||||
#define SecurityLookupIDByClass(client, id, classes, access_mode) \
|
#define SecurityLookupIDByClass(client, id, classes, access_mode) \
|
||||||
LookupIDByClass(id, classes)
|
LookupIDByClass(id, classes)
|
||||||
|
|
||||||
#endif /* XCSECURITY */
|
#endif /* XACE */
|
||||||
|
|
||||||
extern void GetXIDRange(
|
extern void GetXIDRange(
|
||||||
int /*client*/,
|
int /*client*/,
|
||||||
|
|
|
@ -32,27 +32,10 @@
|
||||||
#define _XLBX_SERVER_
|
#define _XLBX_SERVER_
|
||||||
#include "lbxstr.h"
|
#include "lbxstr.h"
|
||||||
#include "lbxserve.h"
|
#include "lbxserve.h"
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "extensions/security.h"
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef struct _lbxext {
|
|
||||||
char *name;
|
|
||||||
char **aliases;
|
|
||||||
int num_aliases;
|
|
||||||
int idx;
|
|
||||||
int opcode;
|
|
||||||
int ev_base;
|
|
||||||
int err_base;
|
|
||||||
int num_reqs;
|
|
||||||
CARD8 *rep_mask;
|
|
||||||
CARD8 *ev_mask;
|
|
||||||
#ifdef XCSECURITY
|
|
||||||
Bool secure;
|
|
||||||
#endif
|
|
||||||
} LbxExtensionEntry;
|
|
||||||
|
|
||||||
static LbxExtensionEntry **lbx_extensions = NULL;
|
static LbxExtensionEntry **lbx_extensions = NULL;
|
||||||
static int num_exts = 0;
|
static int num_exts = 0;
|
||||||
|
|
||||||
|
@ -97,8 +80,8 @@ LbxAddExtension(char *name,
|
||||||
ext->ev_mask = NULL;
|
ext->ev_mask = NULL;
|
||||||
ext->rep_mask = NULL;
|
ext->rep_mask = NULL;
|
||||||
ext->num_reqs = 0;
|
ext->num_reqs = 0;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
ext->secure = FALSE;
|
XACE_STATE_INIT(ext->securityState);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
@ -149,10 +132,10 @@ void
|
||||||
LbxDeclareExtensionSecurity(char *extname,
|
LbxDeclareExtensionSecurity(char *extname,
|
||||||
Bool secure)
|
Bool secure)
|
||||||
{
|
{
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
int i = LbxFindExtension(extname, strlen(extname));
|
int i = LbxFindExtension(extname, strlen(extname));
|
||||||
if (i >= 0)
|
if (i >= 0)
|
||||||
lbx_extensions[i]->secure = secure;
|
XaceHook(XACE_DECLARE_LBX_EXT_SECURE, lbx_extensions[i], secure);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -203,10 +186,9 @@ LbxQueryExtension(ClientPtr client,
|
||||||
i = LbxFindExtension(ename, nlen);
|
i = LbxFindExtension(ename, nlen);
|
||||||
|
|
||||||
if (i < 0
|
if (i < 0
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
/* don't show insecure extensions to untrusted clients */
|
/* don't show insecure extensions to untrusted clients */
|
||||||
|| (client->trustLevel == XSecurityClientUntrusted &&
|
|| !XaceHook(XACE_LBX_EXT_ACCESS, client, lbx_extensions[i])
|
||||||
!lbx_extensions[i]->secure)
|
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
rep.present = FALSE;
|
rep.present = FALSE;
|
||||||
|
|
|
@ -69,9 +69,8 @@ in this Software without prior written authorization from The Open Group.
|
||||||
#include "lbxserve.h"
|
#include "lbxserve.h"
|
||||||
#include "lbxtags.h"
|
#include "lbxtags.h"
|
||||||
#include "Xfuncproto.h"
|
#include "Xfuncproto.h"
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "extensions/xace.h"
|
||||||
#include "extensions/security.h"
|
|
||||||
#endif
|
#endif
|
||||||
#include "swaprep.h"
|
#include "swaprep.h"
|
||||||
|
|
||||||
|
@ -334,8 +333,8 @@ LbxChangeProperty(ClientPtr client)
|
||||||
swaps(&rep.sequenceNumber, n);
|
swaps(&rep.sequenceNumber, n);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
SecurityWriteAccess))
|
SecurityWriteAccess))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case SecurityErrorOperation:
|
||||||
|
|
|
@ -119,6 +119,22 @@ typedef struct _LbxProxy {
|
||||||
lbxMotionCache motionCache;
|
lbxMotionCache motionCache;
|
||||||
} LbxProxyRec;
|
} LbxProxyRec;
|
||||||
|
|
||||||
|
typedef struct _lbxext {
|
||||||
|
char *name;
|
||||||
|
char **aliases;
|
||||||
|
int num_aliases;
|
||||||
|
int idx;
|
||||||
|
int opcode;
|
||||||
|
int ev_base;
|
||||||
|
int err_base;
|
||||||
|
int num_reqs;
|
||||||
|
CARD8 *rep_mask;
|
||||||
|
CARD8 *ev_mask;
|
||||||
|
#ifdef XACE
|
||||||
|
pointer securityState[4];
|
||||||
|
#endif
|
||||||
|
} LbxExtensionEntry;
|
||||||
|
|
||||||
/* This array is indexed by server client index, not lbx proxy index */
|
/* This array is indexed by server client index, not lbx proxy index */
|
||||||
|
|
||||||
extern LbxClientPtr lbxClients[MAXCLIENTS];
|
extern LbxClientPtr lbxClients[MAXCLIENTS];
|
||||||
|
|
21
os/access.c
21
os/access.c
|
@ -1,5 +1,5 @@
|
||||||
/* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
|
/* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
|
||||||
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.2 2004/04/23 19:54:28 eich Exp $ */
|
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.1.4.4.4.1 2004/05/04 19:44:01 ewalsh Exp $ */
|
||||||
/***********************************************************
|
/***********************************************************
|
||||||
|
|
||||||
Copyright 1987, 1998 The Open Group
|
Copyright 1987, 1998 The Open Group
|
||||||
|
@ -192,9 +192,8 @@ SOFTWARE.
|
||||||
#include "dixstruct.h"
|
#include "dixstruct.h"
|
||||||
#include "osdep.h"
|
#include "osdep.h"
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
#define _SECURITY_SERVER
|
#include "xace.h"
|
||||||
#include "extensions/security.h"
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef PATH_MAX
|
#ifndef PATH_MAX
|
||||||
|
@ -1321,15 +1320,6 @@ Bool LocalClient(ClientPtr client)
|
||||||
pointer addr;
|
pointer addr;
|
||||||
register HOST *host;
|
register HOST *host;
|
||||||
|
|
||||||
#ifdef XCSECURITY
|
|
||||||
/* untrusted clients can't change host access */
|
|
||||||
if (client->trustLevel != XSecurityClientTrusted)
|
|
||||||
{
|
|
||||||
SecurityAudit("client %d attempted to change host access\n",
|
|
||||||
client->index);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef LBX
|
#ifdef LBX
|
||||||
if (!((OsCommPtr)client->osPrivate)->trans_conn)
|
if (!((OsCommPtr)client->osPrivate)->trans_conn)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -1431,6 +1421,11 @@ AuthorizedClient(ClientPtr client)
|
||||||
{
|
{
|
||||||
if (!client || defeatAccessControl)
|
if (!client || defeatAccessControl)
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
#ifdef XACE
|
||||||
|
/* untrusted clients can't change host access */
|
||||||
|
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
|
||||||
|
return FALSE;
|
||||||
|
#endif
|
||||||
return LocalClient(client);
|
return LocalClient(client);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -149,6 +149,9 @@ extern __const__ int _nfiles;
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
#include "extensions/Xagsrv.h"
|
#include "extensions/Xagsrv.h"
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef XACE
|
||||||
|
#include "xace.h"
|
||||||
|
#endif
|
||||||
#ifdef XCSECURITY
|
#ifdef XCSECURITY
|
||||||
#define _SECURITY_SERVER
|
#define _SECURITY_SERVER
|
||||||
#include "extensions/security.h"
|
#include "extensions/security.h"
|
||||||
|
@ -632,8 +635,9 @@ ClientAuthorized(ClientPtr client,
|
||||||
if (! priv->trans_conn) {
|
if (! priv->trans_conn) {
|
||||||
if (auth_id == (XID) ~0L && !GetAccessControl())
|
if (auth_id == (XID) ~0L && !GetAccessControl())
|
||||||
auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id;
|
auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id;
|
||||||
#ifdef XCSECURITY
|
#ifdef XACE
|
||||||
else if (auth_id != (XID) ~0L && !SecuritySameLevel(lbxpc, auth_id)) {
|
else if (auth_id != (XID) ~0L &&
|
||||||
|
!XaceHook(XACE_LBX_PROXY_ACCESS, lbxpc, auth_id)) {
|
||||||
auth_id = (XID) ~0L;
|
auth_id = (XID) ~0L;
|
||||||
reason = "Client trust level differs from that of LBX Proxy";
|
reason = "Client trust level differs from that of LBX Proxy";
|
||||||
}
|
}
|
||||||
|
@ -709,9 +713,8 @@ ClientAuthorized(ClientPtr client,
|
||||||
/* indicate to Xdmcp protocol that we've opened new client */
|
/* indicate to Xdmcp protocol that we've opened new client */
|
||||||
XdmcpOpenDisplay(priv->fd);
|
XdmcpOpenDisplay(priv->fd);
|
||||||
#endif /* XDMCP */
|
#endif /* XDMCP */
|
||||||
#ifdef XAPPGROUP
|
#ifdef XACE
|
||||||
if (ClientStateCallback)
|
XaceHook(XACE_AUTH_AVAIL, client, auth_id);
|
||||||
XagCallClientStateChange (client);
|
|
||||||
#endif
|
#endif
|
||||||
/* At this point, if the client is authorized to change the access control
|
/* At this point, if the client is authorized to change the access control
|
||||||
* list, we should getpeername() information, and add the client to
|
* list, we should getpeername() information, and add the client to
|
||||||
|
|
Loading…
Reference in New Issue