Rebase Security extension to use devPrivates for storing security state.
This commit is contained in:
Eamon Walsh
Eamon Walsh
parent
3c23dec596
commit
96e45626c4
|
|
@ -62,7 +62,8 @@ in this Software without prior written authorization from The Open Group.
|
|||
|
||||
static int SecurityErrorBase; /* first Security error number */
|
||||
static int SecurityEventBase; /* first Security event number */
|
||||
static int slot; /* Xace security state number */
|
||||
static int securityClientPrivateIndex;
|
||||
static int securityExtnsnPrivateIndex;
|
||||
|
||||
/* this is what we store as client security state */
|
||||
typedef struct {
|
||||
|
|
@ -70,9 +71,14 @@ typedef struct {
|
|||
XID authId;
|
||||
} SecurityClientStateRec;
|
||||
|
||||
#define STATEPTR(obj) ((obj)->securityState[slot])
|
||||
#define TRUSTLEVEL(obj) (((SecurityClientStateRec*)STATEPTR(obj))->trustLevel)
|
||||
#define AUTHID(obj) (((SecurityClientStateRec*)STATEPTR(obj))->authId)
|
||||
#define STATEVAL(extnsn) \
|
||||
((extnsn)->devPrivates[securityExtnsnPrivateIndex].val)
|
||||
#define STATEPTR(client) \
|
||||
((client)->devPrivates[securityClientPrivateIndex].ptr)
|
||||
#define TRUSTLEVEL(client) \
|
||||
(((SecurityClientStateRec*)STATEPTR(client))->trustLevel)
|
||||
#define AUTHID(client) \
|
||||
(((SecurityClientStateRec*)STATEPTR(client))->authId)
|
||||
|
||||
CallbackListPtr SecurityValidateGroupCallback = NULL; /* see security.h */
|
||||
|
||||
|
|
@ -1118,6 +1124,11 @@ CALLBACK(SecurityClientStateCallback)
|
|||
|
||||
switch (client->clientState)
|
||||
{
|
||||
case ClientStateInitial:
|
||||
TRUSTLEVEL(serverClient) = XSecurityClientTrusted;
|
||||
AUTHID(serverClient) = None;
|
||||
break;
|
||||
|
||||
case ClientStateRunning:
|
||||
{
|
||||
XID authId = AuthorizationIDOfClient(client);
|
||||
|
|
@ -1148,7 +1159,6 @@ CALLBACK(SecurityClientStateCallback)
|
|||
case ClientStateRetained: /* client disconnected */
|
||||
{
|
||||
SecurityAuthorizationPtr pAuth;
|
||||
pointer freeit;
|
||||
|
||||
/* client may not have any state (bad authorization) */
|
||||
if (!STATEPTR(client))
|
||||
|
|
@ -1164,10 +1174,6 @@ CALLBACK(SecurityClientStateCallback)
|
|||
SecurityStartAuthorizationTimer(pAuth);
|
||||
}
|
||||
}
|
||||
/* free security state */
|
||||
freeit = STATEPTR(client);
|
||||
STATEPTR(client) = NULL;
|
||||
xfree(freeit);
|
||||
break;
|
||||
}
|
||||
default: break;
|
||||
|
|
@ -1208,7 +1214,7 @@ CALLBACK(SecurityCheckExtAccess)
|
|||
XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata;
|
||||
|
||||
if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
|
||||
!STATEPTR(rec->ext))
|
||||
!STATEVAL(rec->ext))
|
||||
|
||||
rec->rval = FALSE;
|
||||
}
|
||||
|
|
@ -1234,7 +1240,7 @@ CALLBACK(SecurityDeclareExtSecure)
|
|||
XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata;
|
||||
|
||||
/* security state for extensions is simply a boolean trust value */
|
||||
STATEPTR(rec->ext) = (pointer)rec->secure;
|
||||
STATEVAL(rec->ext) = rec->secure;
|
||||
}
|
||||
|
||||
/**********************************************************************/
|
||||
|
|
@ -1842,10 +1848,6 @@ static void
|
|||
SecurityResetProc(
|
||||
ExtensionEntry *extEntry)
|
||||
{
|
||||
pointer freeit = STATEPTR(serverClient);
|
||||
STATEPTR(serverClient) = NULL;
|
||||
xfree(freeit);
|
||||
XaceUnregisterExtension(slot);
|
||||
SecurityFreePropertyAccessList();
|
||||
SecurityFreeSitePolicyStrings();
|
||||
} /* SecurityResetProc */
|
||||
|
|
@ -1882,13 +1884,16 @@ XSecurityOptions(argc, argv, i)
|
|||
void
|
||||
SecurityExtensionSetup(INITARGS)
|
||||
{
|
||||
/* allocate space for security state (freed in SecurityResetProc) */
|
||||
STATEPTR(serverClient) = xalloc(sizeof(SecurityClientStateRec));
|
||||
if (!STATEPTR(serverClient))
|
||||
FatalError("serverClient: couldn't allocate security state\n");
|
||||
/* Allocate the client private index */
|
||||
securityClientPrivateIndex = AllocateClientPrivateIndex();
|
||||
if (!AllocateClientPrivate(securityClientPrivateIndex,
|
||||
sizeof (SecurityClientStateRec)))
|
||||
FatalError("SecurityExtensionSetup: Can't allocate client private.\n");
|
||||
|
||||
TRUSTLEVEL(serverClient) = XSecurityClientTrusted;
|
||||
AUTHID(serverClient) = None;
|
||||
/* Allocate the extension private index */
|
||||
securityExtnsnPrivateIndex = AllocateExtensionPrivateIndex();
|
||||
if (!AllocateExtensionPrivate(securityExtnsnPrivateIndex, 0))
|
||||
FatalError("SecurityExtensionSetup: Can't allocate extnsn private.\n");
|
||||
|
||||
/* register callbacks */
|
||||
#define XaceRC XaceRegisterCallback
|
||||
|
|
@ -1934,10 +1939,6 @@ SecurityExtensionInit(INITARGS)
|
|||
if (!AddCallback(&ClientStateCallback, SecurityClientStateCallback, NULL))
|
||||
return;
|
||||
|
||||
slot = XaceRegisterExtension(SECURITY_EXTENSION_NAME);
|
||||
if (slot < 0)
|
||||
return;
|
||||
|
||||
extEntry = AddExtension(SECURITY_EXTENSION_NAME,
|
||||
XSecurityNumberEvents, XSecurityNumberErrors,
|
||||
ProcSecurityDispatch, SProcSecurityDispatch,
|
||||
|
|
|
|||
48
Xext/xace.c
48
Xext/xace.c
|
|
@ -26,9 +26,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
|
||||
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
|
||||
|
||||
static Bool stateSlotsUsed[XACE_STATE_SLOTS] = {0};
|
||||
static char *stateExtNames[XACE_STATE_SLOTS] = {0};
|
||||
|
||||
/* Proc vectors for untrusted clients, swapped and unswapped versions.
|
||||
* These are the same as the normal proc vectors except that extensions
|
||||
* that haven't declared themselves secure will have ProcBadRequest plugged
|
||||
|
|
@ -43,43 +40,6 @@ int (*SwappedUntrustedProcVector[256])(
|
|||
ClientPtr /*client*/
|
||||
);
|
||||
|
||||
/* Register with the security module, which allows an extension to store
|
||||
* security state. The return value is the index which should be passed
|
||||
* to the state macros, or -1 if no more slots are available.
|
||||
*/
|
||||
int XaceRegisterExtension(name)
|
||||
char *name;
|
||||
{
|
||||
int i;
|
||||
for (i=0; i<XACE_STATE_SLOTS; i++)
|
||||
if (!stateSlotsUsed[i])
|
||||
{
|
||||
/* save the extension name */
|
||||
if (name) {
|
||||
stateExtNames[i] = (char*)xalloc(strlen(name)+1);
|
||||
if (!stateExtNames[i])
|
||||
return -1;
|
||||
memcpy(stateExtNames[i], name, strlen(name)+1);
|
||||
}
|
||||
stateSlotsUsed[i] = TRUE;
|
||||
return i;
|
||||
}
|
||||
return -1; /* no slots free */
|
||||
}
|
||||
|
||||
/* Unregister an extension. Pass the index returned at registration time.
|
||||
*/
|
||||
void XaceUnregisterExtension(idx)
|
||||
int idx; /* state index */
|
||||
{
|
||||
/* free the extension name */
|
||||
if (stateExtNames[idx]) {
|
||||
xfree(stateExtNames[idx]);
|
||||
stateExtNames[idx] = NULL;
|
||||
}
|
||||
stateSlotsUsed[idx] = FALSE;
|
||||
}
|
||||
|
||||
/* Entry point for hook functions. Called by Xserver.
|
||||
*/
|
||||
int XaceHook(int hook, ...)
|
||||
|
|
@ -296,14 +256,6 @@ XaceResetProc(ExtensionEntry *extEntry)
|
|||
DeleteCallbackList(&XaceHooks[i]);
|
||||
XaceHooks[i] = NULL;
|
||||
}
|
||||
|
||||
for (i=0; i<XACE_STATE_SLOTS; i++)
|
||||
{
|
||||
if (stateExtNames[i])
|
||||
xfree(stateExtNames[i]);
|
||||
stateExtNames[i] = NULL;
|
||||
stateSlotsUsed[i] = FALSE;
|
||||
}
|
||||
} /* XaceResetProc */
|
||||
|
||||
|
||||
|
|
|
|||
16
Xext/xace.h
16
Xext/xace.h
|
|
@ -30,10 +30,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#define XaceNumberEvents 0
|
||||
#define XaceNumberErrors 0
|
||||
|
||||
/* security state */
|
||||
#define XACE_STATE_SLOTS 4
|
||||
#define XACE_STATE_INIT(ary) memset(ary, 0, sizeof(ary))
|
||||
|
||||
/* security hooks */
|
||||
/* Constants used to identify the available security hooks
|
||||
*/
|
||||
|
|
@ -81,18 +77,6 @@ extern int XaceHook(
|
|||
DeleteCallback(XaceHooks+(hook), callback, data)
|
||||
|
||||
|
||||
/* extension registration */
|
||||
|
||||
/* Register with the security module, which allows an extension to store
|
||||
* security state. Pass the name of the calling extension. Returns the
|
||||
* index number for the state macros or -1 if no more slots are available.
|
||||
*/
|
||||
extern int XaceRegisterExtension(char *);
|
||||
|
||||
/* Unregister an extension. Pass the index returned at registration time.
|
||||
*/
|
||||
extern void XaceUnregisterExtension(int);
|
||||
|
||||
/* From the original Security extension...
|
||||
*/
|
||||
|
||||
|
|
|
|||
|
|
@ -3647,9 +3647,6 @@ void InitClient(ClientPtr client, int i, pointer ospriv)
|
|||
}
|
||||
#endif
|
||||
client->replyBytesRemaining = 0;
|
||||
#ifdef XACE
|
||||
XACE_STATE_INIT(client->securityState);
|
||||
#endif
|
||||
#ifdef XAPPGROUP
|
||||
client->appgroup = NULL;
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -131,6 +131,7 @@ AddExtension(char *name, int NumEvents, int NumErrors,
|
|||
ext = (ExtensionEntry *) xalloc(totalExtensionSize);
|
||||
if (!ext || !InitExtensionPrivates(ext))
|
||||
return((ExtensionEntry *) NULL);
|
||||
bzero(ext, totalExtensionSize);
|
||||
ext->name = (char *)xalloc(strlen(name) + 1);
|
||||
ext->num_aliases = 0;
|
||||
ext->aliases = (char **)NULL;
|
||||
|
|
@ -180,9 +181,6 @@ AddExtension(char *name, int NumEvents, int NumErrors,
|
|||
ext->errorBase = 0;
|
||||
ext->errorLast = 0;
|
||||
}
|
||||
#ifdef XACE
|
||||
XACE_STATE_INIT(ext->securityState);
|
||||
#endif
|
||||
|
||||
return(ext);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -130,9 +130,6 @@ typedef struct _Client {
|
|||
int requestLogIndex;
|
||||
#endif
|
||||
unsigned long replyBytesRemaining;
|
||||
#ifdef XACE
|
||||
pointer securityState[4]; /* 4 slots for use */
|
||||
#endif
|
||||
#ifdef XAPPGROUP
|
||||
struct _AppGroupRec* appgroup;
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -72,9 +72,6 @@ typedef struct _ExtensionEntry {
|
|||
unsigned short (* MinorOpcode)( /* called for errors */
|
||||
ClientPtr /* client */);
|
||||
DevUnion *devPrivates;
|
||||
#ifdef XACE
|
||||
pointer securityState[4]; /* 4 slots for use */
|
||||
#endif
|
||||
} ExtensionEntry;
|
||||
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in New Issue