frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rebase Security extension to use devPrivates for storing security state.

This commit is contained in:
Eamon Walsh 2006-08-02 20:29:59 -04:00 committed by Eamon Walsh
parent 3c23dec596
commit 96e45626c4
7 changed files with 27 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
Xext/security.c
View File

@ -62,7 +62,8 @@ in this Software without prior written authorization from The Open Group.
static int SecurityErrorBase; /* first Security error number */ static int SecurityErrorBase; /* first Security error number */
static int SecurityEventBase; /* first Security event number */ static int SecurityEventBase; /* first Security event number */
static int slot; /* Xace security state number */ static int securityClientPrivateIndex;
static int securityExtnsnPrivateIndex;
/* this is what we store as client security state */ /* this is what we store as client security state */
typedef struct { typedef struct {
@ -70,9 +71,14 @@ typedef struct {
XID authId; XID authId;
} SecurityClientStateRec; } SecurityClientStateRec;
#define STATEPTR(obj) ((obj)->securityState[slot]) #define STATEVAL(extnsn) \
#define TRUSTLEVEL(obj) (((SecurityClientStateRec*)STATEPTR(obj))->trustLevel) ((extnsn)->devPrivates[securityExtnsnPrivateIndex].val)
#define AUTHID(obj) (((SecurityClientStateRec*)STATEPTR(obj))->authId) #define STATEPTR(client) \
((client)->devPrivates[securityClientPrivateIndex].ptr)
#define TRUSTLEVEL(client) \
(((SecurityClientStateRec*)STATEPTR(client))->trustLevel)
#define AUTHID(client) \
(((SecurityClientStateRec*)STATEPTR(client))->authId)
CallbackListPtr SecurityValidateGroupCallback = NULL; /* see security.h */ CallbackListPtr SecurityValidateGroupCallback = NULL; /* see security.h */
@ -1118,6 +1124,11 @@ CALLBACK(SecurityClientStateCallback)
switch (client->clientState) switch (client->clientState)
{ {
case ClientStateInitial:
TRUSTLEVEL(serverClient) = XSecurityClientTrusted;
AUTHID(serverClient) = None;
break;
case ClientStateRunning: case ClientStateRunning:
{ {
XID authId = AuthorizationIDOfClient(client); XID authId = AuthorizationIDOfClient(client);
@ -1148,7 +1159,6 @@ CALLBACK(SecurityClientStateCallback)
case ClientStateRetained: /* client disconnected */ case ClientStateRetained: /* client disconnected */
{ {
SecurityAuthorizationPtr pAuth; SecurityAuthorizationPtr pAuth;
pointer freeit;
/* client may not have any state (bad authorization) */ /* client may not have any state (bad authorization) */
if (!STATEPTR(client)) if (!STATEPTR(client))
@ -1164,10 +1174,6 @@ CALLBACK(SecurityClientStateCallback)
SecurityStartAuthorizationTimer(pAuth); SecurityStartAuthorizationTimer(pAuth);
} }
} }
/* free security state */
freeit = STATEPTR(client);
STATEPTR(client) = NULL;
xfree(freeit);
break; break;
} }
default: break; default: break;
@ -1208,7 +1214,7 @@ CALLBACK(SecurityCheckExtAccess)
XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata; XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata;
if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
!STATEPTR(rec->ext)) !STATEVAL(rec->ext))
rec->rval = FALSE; rec->rval = FALSE;
} }
@ -1234,7 +1240,7 @@ CALLBACK(SecurityDeclareExtSecure)
XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata; XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata;
/* security state for extensions is simply a boolean trust value */ /* security state for extensions is simply a boolean trust value */
STATEPTR(rec->ext) = (pointer)rec->secure; STATEVAL(rec->ext) = rec->secure;
} }
/**********************************************************************/ /**********************************************************************/
@ -1842,10 +1848,6 @@ static void
SecurityResetProc( SecurityResetProc(
ExtensionEntry *extEntry) ExtensionEntry *extEntry)
{ {
pointer freeit = STATEPTR(serverClient);
STATEPTR(serverClient) = NULL;
xfree(freeit);
XaceUnregisterExtension(slot);
SecurityFreePropertyAccessList(); SecurityFreePropertyAccessList();
SecurityFreeSitePolicyStrings(); SecurityFreeSitePolicyStrings();
} /* SecurityResetProc */ } /* SecurityResetProc */
@ -1882,13 +1884,16 @@ XSecurityOptions(argc, argv, i)
void void
SecurityExtensionSetup(INITARGS) SecurityExtensionSetup(INITARGS)
{ {
/* allocate space for security state (freed in SecurityResetProc) */ /* Allocate the client private index */
STATEPTR(serverClient) = xalloc(sizeof(SecurityClientStateRec)); securityClientPrivateIndex = AllocateClientPrivateIndex();
if (!STATEPTR(serverClient)) if (!AllocateClientPrivate(securityClientPrivateIndex,
FatalError("serverClient: couldn't allocate security state\n"); sizeof (SecurityClientStateRec)))
FatalError("SecurityExtensionSetup: Can't allocate client private.\n");
TRUSTLEVEL(serverClient) = XSecurityClientTrusted; /* Allocate the extension private index */
AUTHID(serverClient) = None; securityExtnsnPrivateIndex = AllocateExtensionPrivateIndex();
if (!AllocateExtensionPrivate(securityExtnsnPrivateIndex, 0))
FatalError("SecurityExtensionSetup: Can't allocate extnsn private.\n");
/* register callbacks */ /* register callbacks */
#define XaceRC XaceRegisterCallback #define XaceRC XaceRegisterCallback
@ -1934,10 +1939,6 @@ SecurityExtensionInit(INITARGS)
if (!AddCallback(&ClientStateCallback, SecurityClientStateCallback, NULL)) if (!AddCallback(&ClientStateCallback, SecurityClientStateCallback, NULL))
return; return;
slot = XaceRegisterExtension(SECURITY_EXTENSION_NAME);
if (slot < 0)
return;
extEntry = AddExtension(SECURITY_EXTENSION_NAME, extEntry = AddExtension(SECURITY_EXTENSION_NAME,
XSecurityNumberEvents, XSecurityNumberErrors, XSecurityNumberEvents, XSecurityNumberErrors,
ProcSecurityDispatch, SProcSecurityDispatch, ProcSecurityDispatch, SProcSecurityDispatch,

48
Xext/xace.c
View File

@ -26,9 +26,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0}; CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
static Bool stateSlotsUsed[XACE_STATE_SLOTS] = {0};
static char *stateExtNames[XACE_STATE_SLOTS] = {0};
/* Proc vectors for untrusted clients, swapped and unswapped versions. /* Proc vectors for untrusted clients, swapped and unswapped versions.
* These are the same as the normal proc vectors except that extensions * These are the same as the normal proc vectors except that extensions
* that haven't declared themselves secure will have ProcBadRequest plugged * that haven't declared themselves secure will have ProcBadRequest plugged
@ -43,43 +40,6 @@ int (*SwappedUntrustedProcVector[256])(
ClientPtr /*client*/ ClientPtr /*client*/
); );
/* Register with the security module, which allows an extension to store
* security state. The return value is the index which should be passed
* to the state macros, or -1 if no more slots are available.
*/
int XaceRegisterExtension(name)
char *name;
{
int i;
for (i=0; i<XACE_STATE_SLOTS; i++)
if (!stateSlotsUsed[i])
{
/* save the extension name */
if (name) {
stateExtNames[i] = (char*)xalloc(strlen(name)+1);
if (!stateExtNames[i])
return -1;
memcpy(stateExtNames[i], name, strlen(name)+1);
}
stateSlotsUsed[i] = TRUE;
return i;
}
return -1; /* no slots free */
}
/* Unregister an extension. Pass the index returned at registration time.
*/
void XaceUnregisterExtension(idx)
int idx; /* state index */
{
/* free the extension name */
if (stateExtNames[idx]) {
xfree(stateExtNames[idx]);
stateExtNames[idx] = NULL;
}
stateSlotsUsed[idx] = FALSE;
}
/* Entry point for hook functions. Called by Xserver. /* Entry point for hook functions. Called by Xserver.
*/ */
int XaceHook(int hook, ...) int XaceHook(int hook, ...)
@ -296,14 +256,6 @@ XaceResetProc(ExtensionEntry *extEntry)
DeleteCallbackList(&XaceHooks[i]); DeleteCallbackList(&XaceHooks[i]);
XaceHooks[i] = NULL; XaceHooks[i] = NULL;
} }
for (i=0; i<XACE_STATE_SLOTS; i++)
{
if (stateExtNames[i])
xfree(stateExtNames[i]);
stateExtNames[i] = NULL;
stateSlotsUsed[i] = FALSE;
}
} /* XaceResetProc */ } /* XaceResetProc */

16
Xext/xace.h
View File

@ -30,10 +30,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#define XaceNumberEvents 0 #define XaceNumberEvents 0
#define XaceNumberErrors 0 #define XaceNumberErrors 0
/* security state */
#define XACE_STATE_SLOTS 4
#define XACE_STATE_INIT(ary) memset(ary, 0, sizeof(ary))
/* security hooks */ /* security hooks */
/* Constants used to identify the available security hooks /* Constants used to identify the available security hooks
*/ */
@ -81,18 +77,6 @@ extern int XaceHook(
DeleteCallback(XaceHooks+(hook), callback, data) DeleteCallback(XaceHooks+(hook), callback, data)
/* extension registration */
/* Register with the security module, which allows an extension to store
* security state. Pass the name of the calling extension. Returns the
* index number for the state macros or -1 if no more slots are available.
*/
extern int XaceRegisterExtension(char *);
/* Unregister an extension. Pass the index returned at registration time.
*/
extern void XaceUnregisterExtension(int);
/* From the original Security extension... /* From the original Security extension...
*/ */

3
dix/dispatch.c
View File

@ -3647,9 +3647,6 @@ void InitClient(ClientPtr client, int i, pointer ospriv)
} }
#endif #endif
client->replyBytesRemaining = 0; client->replyBytesRemaining = 0;
#ifdef XACE
XACE_STATE_INIT(client->securityState);
#endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
client->appgroup = NULL; client->appgroup = NULL;
#endif #endif

4
dix/extension.c
View File

@ -131,6 +131,7 @@ AddExtension(char *name, int NumEvents, int NumErrors,
ext = (ExtensionEntry *) xalloc(totalExtensionSize); ext = (ExtensionEntry *) xalloc(totalExtensionSize);
if (!ext || !InitExtensionPrivates(ext)) if (!ext || !InitExtensionPrivates(ext))
return((ExtensionEntry *) NULL); return((ExtensionEntry *) NULL);
bzero(ext, totalExtensionSize);
ext->name = (char *)xalloc(strlen(name) + 1); ext->name = (char *)xalloc(strlen(name) + 1);
ext->num_aliases = 0; ext->num_aliases = 0;
ext->aliases = (char **)NULL; ext->aliases = (char **)NULL;
@ -180,9 +181,6 @@ AddExtension(char *name, int NumEvents, int NumErrors,
ext->errorBase = 0; ext->errorBase = 0;
ext->errorLast = 0; ext->errorLast = 0;
} }
#ifdef XACE
XACE_STATE_INIT(ext->securityState);
#endif
return(ext); return(ext);
} }

3
include/dixstruct.h
View File

@ -130,9 +130,6 @@ typedef struct _Client {
int requestLogIndex; int requestLogIndex;
#endif #endif
unsigned long replyBytesRemaining; unsigned long replyBytesRemaining;
#ifdef XACE
pointer securityState[4]; /* 4 slots for use */
#endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
struct _AppGroupRec* appgroup; struct _AppGroupRec* appgroup;
#endif #endif

3
include/extnsionst.h
View File

@ -72,9 +72,6 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */ unsigned short (* MinorOpcode)( /* called for errors */
ClientPtr /* client */); ClientPtr /* client */);
DevUnion *devPrivates; DevUnion *devPrivates;
#ifdef XACE
pointer securityState[4]; /* 4 slots for use */
#endif
} ExtensionEntry; } ExtensionEntry;
/* /*