frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define calls away when not building XACE, allowing ifdef's to be removed.

This commit is contained in:
Eamon Walsh 2006-12-01 20:48:15 -05:00 committed by Eamon Walsh
parent a5d6499d66
commit f44f14fe56
12 changed files with 105 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Xext/xace.h
View File

@ -20,6 +20,13 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifndef _XACE_H #ifndef _XACE_H
#define _XACE_H #define _XACE_H
/* Hook return codes */
#define SecurityErrorOperation 0
#define SecurityAllowOperation 1
#define SecurityIgnoreOperation 2
#ifdef XACE
#define XACE_EXTENSION_NAME "XAccessControlExtension" #define XACE_EXTENSION_NAME "XAccessControlExtension"
#define XACE_MAJOR_VERSION 1 #define XACE_MAJOR_VERSION 1
#define XACE_MINOR_VERSION 0 #define XACE_MINOR_VERSION 0
@ -75,11 +82,6 @@ extern int XaceHook(
/* From the original Security extension... /* From the original Security extension...
*/ */
/* Hook return codes */
#define SecurityAllowOperation 0
#define SecurityIgnoreOperation 1
#define SecurityErrorOperation 2
/* Proc vectors for untrusted clients, swapped and unswapped versions. /* Proc vectors for untrusted clients, swapped and unswapped versions.
* These are the same as the normal proc vectors except that extensions * These are the same as the normal proc vectors except that extensions
* that haven't declared themselves secure will have ProcBadRequest plugged * that haven't declared themselves secure will have ProcBadRequest plugged
@ -100,4 +102,18 @@ extern void XaceCensorImage(
char * pBuf char * pBuf
); );
#else /* XACE */
/* Define calls away when XACE is not being built. */
#ifdef __GNUC__
#define XaceHook(args...) SecurityAllowOperation
#define XaceCensorImage(args...) { ; }
#else
#define XaceHook(...) SecurityAllowOperation
#define XaceCensorImage(...) { ; }
#endif
#endif /* XACE */
#endif /* _XACE_H */ #endif /* _XACE_H */

22
dix/devices.c
View File

@ -69,9 +69,7 @@ SOFTWARE.
#ifdef XKB #ifdef XKB
#include <X11/extensions/XKBsrv.h> #include <X11/extensions/XKBsrv.h>
#endif #endif
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#include "dispatch.h" #include "dispatch.h"
#include "swaprep.h" #include "swaprep.h"
@ -1178,10 +1176,8 @@ DoSetModifierMapping(ClientPtr client, KeyCode *inputMap,
} }
} }
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
return BadAccess; return BadAccess;
#endif
/* None of the modifiers (old or new) may be down while we change /* None of the modifiers (old or new) may be down while we change
* the map. */ * the map. */
@ -1302,14 +1298,12 @@ ProcChangeKeyboardMapping(ClientPtr client)
return BadValue; return BadValue;
} }
#ifdef XACE
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) { for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) { if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) {
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
return BadAccess; return BadAccess;
} }
} }
#endif
keysyms.minKeyCode = stuff->firstKeyCode; keysyms.minKeyCode = stuff->firstKeyCode;
keysyms.maxKeyCode = stuff->firstKeyCode + stuff->keyCodes - 1; keysyms.maxKeyCode = stuff->firstKeyCode + stuff->keyCodes - 1;
@ -1655,7 +1649,6 @@ ProcChangeKeyboardControl (ClientPtr client)
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask)) if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength; return BadLength;
#ifdef XACE
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) { for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
pDev->kbdfeed && pDev->kbdfeed->CtrlProc) { pDev->kbdfeed && pDev->kbdfeed->CtrlProc) {
@ -1663,7 +1656,6 @@ ProcChangeKeyboardControl (ClientPtr client)
return BadAccess; return BadAccess;
} }
} }
#endif
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) { for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
@ -1920,15 +1912,13 @@ ProcQueryKeymap(ClientPtr client)
rep.type = X_Reply; rep.type = X_Reply;
rep.sequenceNumber = client->sequence; rep.sequenceNumber = client->sequence;
rep.length = 2; rep.length = 2;
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{ for (i = 0; i<32; i++)
bzero((char *)&rep.map[0], 32); rep.map[i] = down[i];
}
else else
#endif bzero((char *)&rep.map[0], 32);
for (i = 0; i<32; i++)
rep.map[i] = down[i];
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep); WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
return Success; return Success;
} }

41
dix/dispatch.c
View File

@ -135,9 +135,7 @@ int ProcInitialConnection();
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"
#endif #endif
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include "appgroup.h" #include "appgroup.h"
#endif #endif
@ -504,16 +502,11 @@ Dispatch(void)
#endif #endif
if (result > (maxBigRequestSize << 2)) if (result > (maxBigRequestSize << 2))
result = BadLength; result = BadLength;
else else {
#ifdef XACE
{
XaceHook(XACE_AUDIT_BEGIN, client); XaceHook(XACE_AUDIT_BEGIN, client);
result = (* client->requestVector[MAJOROP])(client); result = (* client->requestVector[MAJOROP])(client);
XaceHook(XACE_AUDIT_END, client, result); XaceHook(XACE_AUDIT_END, client, result);
} }
#else
result = (* client->requestVector[MAJOROP])(client);
#endif /* XACE */
#ifdef XSERVER_DTRACE #ifdef XSERVER_DTRACE
XSERVER_REQUEST_DONE(GetRequestName(MAJOROP), MAJOROP, XSERVER_REQUEST_DONE(GetRequestName(MAJOROP), MAJOROP,
client->sequence, client->index, result); client->sequence, client->index, result);
@ -1166,14 +1159,11 @@ ProcConvertSelection(register ClientPtr client)
i = 0; i = 0;
while ((i < NumCurrentSelections) && while ((i < NumCurrentSelections) &&
CurrentSelections[i].selection != stuff->selection) i++; CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) && if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None) (CurrentSelections[i].window != None) &&
#ifdef XACE XaceHook(XACE_RESOURCE_ACCESS, client,
&& XaceHook(XACE_RESOURCE_ACCESS, client, CurrentSelections[i].window, RT_WINDOW,
CurrentSelections[i].window, RT_WINDOW, SecurityReadAccess, CurrentSelections[i].pWin))
SecurityReadAccess, CurrentSelections[i].pWin)
#endif
)
{ {
event.u.u.type = SelectionRequest; event.u.u.type = SelectionRequest;
event.u.selectionRequest.time = stuff->time; event.u.selectionRequest.time = stuff->time;
@ -2163,9 +2153,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
Mask plane = 0; Mask plane = 0;
char *pBuf; char *pBuf;
xGetImageReply xgi; xGetImageReply xgi;
#ifdef XACE
RegionPtr pVisibleRegion = NULL; RegionPtr pVisibleRegion = NULL;
#endif
if ((format != XYPixmap) && (format != ZPixmap)) if ((format != XYPixmap) && (format != ZPixmap))
{ {
@ -2269,17 +2257,16 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
} }
#ifdef XACE
if (pDraw->type == DRAWABLE_WINDOW && if (pDraw->type == DRAWABLE_WINDOW &&
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw)) !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{ {
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw); pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion) if (pVisibleRegion)
{ {
REGION_TRANSLATE(pDraw->pScreen, pVisibleRegion, -pDraw->x, -pDraw->y); REGION_TRANSLATE(pDraw->pScreen, pVisibleRegion,
-pDraw->x, -pDraw->y);
} }
} }
#endif
if (linesPerBuf == 0) if (linesPerBuf == 0)
{ {
@ -2299,12 +2286,10 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format, format,
planemask, planemask,
(pointer) pBuf); (pointer) pBuf);
#ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
XaceCensorImage(client, pVisibleRegion, widthBytesLine, XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width, pDraw, x, y + linesDone, width,
nlines, format, pBuf); nlines, format, pBuf);
#endif
/* Note that this is NOT a call to WriteSwappedDataToClient, /* Note that this is NOT a call to WriteSwappedDataToClient,
as we do NOT byte swap */ as we do NOT byte swap */
@ -2340,13 +2325,11 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format, format,
plane, plane,
(pointer)pBuf); (pointer)pBuf);
#ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
XaceCensorImage(client, pVisibleRegion, XaceCensorImage(client, pVisibleRegion,
widthBytesLine, widthBytesLine,
pDraw, x, y + linesDone, width, pDraw, x, y + linesDone, width,
nlines, format, pBuf); nlines, format, pBuf);
#endif
/* Note: NOT a call to WriteSwappedDataToClient, /* Note: NOT a call to WriteSwappedDataToClient,
as we do NOT byte swap */ as we do NOT byte swap */
@ -2368,10 +2351,8 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
} }
} }
} }
#ifdef XACE
if (pVisibleRegion) if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion); REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif
if (!im_return) if (!im_return)
DEALLOCATE_LOCAL(pBuf); DEALLOCATE_LOCAL(pBuf);
return (client->noClientException); return (client->noClientException);
@ -3342,13 +3323,11 @@ ProcListHosts(register ClientPtr client)
/* REQUEST(xListHostsReq); */ /* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq); REQUEST_SIZE_MATCH(xListHostsReq);
#ifdef XACE
/* untrusted clients can't list hosts */ /* untrusted clients can't list hosts */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess)) if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{
return BadAccess; return BadAccess;
}
#endif
result = GetHosts(&pdata, &nHosts, &len, &reply.enabled); result = GetHosts(&pdata, &nHosts, &len, &reply.enabled);
if (result != Success) if (result != Success)
return(result); return(result);

2
dix/dixutils.c
View File

@ -95,9 +95,7 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h" #include "scrnintstr.h"
#define XK_LATIN1 #define XK_LATIN1
#include <X11/keysymdef.h> #include <X11/keysymdef.h>
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
/* /*
* CompareTimeStamps returns -1, 0, or +1 depending on if the first * CompareTimeStamps returns -1, 0, or +1 depending on if the first

50
dix/events.c
View File

@ -137,9 +137,7 @@ of the copyright holder.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *); extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif #endif
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#ifdef XSERVER_DTRACE #ifdef XSERVER_DTRACE
#include <sys/types.h> #include <sys/types.h>
@ -2462,10 +2460,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized && (grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo)))) BorderSizeNotEmpty(grab->confineTo))))
{ {
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE)) if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE; return FALSE;
#endif
#ifdef XKB #ifdef XKB
if (!noXkbExtension) { if (!noXkbExtension) {
XE_KBPTR.state &= 0x1f00; XE_KBPTR.state &= 0x1f00;
@ -2826,9 +2822,7 @@ drawable.id:0;
if (deactivateGrab) if (deactivateGrab)
(*keybd->DeactivateGrab)(keybd); (*keybd->DeactivateGrab)(keybd);
#ifdef XACE
XaceHook(XACE_KEY_AVAIL, xE, keybd, count); XaceHook(XACE_KEY_AVAIL, xE, keybd, count);
#endif
} }
#ifdef XKB #ifdef XKB
@ -3252,17 +3246,13 @@ EnterLeaveEvent(
if ((type == EnterNotify) && (mask & KeymapStateMask)) if ((type == EnterNotify) && (mask & KeymapStateMask))
{ {
xKeymapEvent ke; xKeymapEvent ke;
#ifdef XACE
ClientPtr client = grab ? rClient(grab) ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)]; : clients[CLIENT_ID(pWin->drawable.id)];
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE)) if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{ memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
bzero((char *)&ke.map[0], 31);
}
else else
#endif bzero((char *)&ke.map[0], 31);
memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
ke.type = KeymapNotify; ke.type = KeymapNotify;
if (grab) if (grab)
(void)TryClientEvents(rClient(grab), (xEvent *)&ke, 1, mask, (void)TryClientEvents(rClient(grab), (xEvent *)&ke, 1, mask,
@ -3348,15 +3338,12 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask)) ((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{ {
xKeymapEvent ke; xKeymapEvent ke;
#ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)]; ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE)) if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{ memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
bzero((char *)&ke.map[0], 31);
}
else else
#endif bzero((char *)&ke.map[0], 31);
memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
ke.type = KeymapNotify; ke.type = KeymapNotify;
(void)DeliverEventsToWindow(pWin, (xEvent *)&ke, 1, (void)DeliverEventsToWindow(pWin, (xEvent *)&ke, 1,
KeymapStateMask, NullGrab, 0); KeymapStateMask, NullGrab, 0);
@ -3619,10 +3606,10 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq); REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq); REQUEST_SIZE_MATCH(xSetInputFocusReq);
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success; return Success;
#endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus, return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
stuff->revertTo, stuff->time, FALSE); stuff->revertTo, stuff->time, FALSE);
} }
@ -3884,18 +3871,17 @@ ProcGrabKeyboard(ClientPtr client)
int result; int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq); REQUEST_SIZE_MATCH(xGrabKeyboardReq);
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{ result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
stuff->pointerMode, stuff->grabWindow,
stuff->ownerEvents, stuff->time,
KeyPressMask | KeyReleaseMask, &rep.status);
else {
result = Success; result = Success;
rep.status = AlreadyGrabbed; rep.status = AlreadyGrabbed;
} }
else
#endif
result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
stuff->pointerMode, stuff->grabWindow,
stuff->ownerEvents, stuff->time,
KeyPressMask | KeyReleaseMask, &rep.status);
if (result != Success) if (result != Success)
return result; return result;
rep.type = X_Reply; rep.type = X_Reply;

17
dix/extension.c
View File

@ -59,9 +59,7 @@ SOFTWARE.
#include "gcstruct.h" #include "gcstruct.h"
#include "scrnintstr.h" #include "scrnintstr.h"
#include "dispatch.h" #include "dispatch.h"
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#define EXTENSION_BASE 128 #define EXTENSION_BASE 128
#define EXTENSION_EVENT_BASE 64 #define EXTENSION_EVENT_BASE 64
@ -256,11 +254,9 @@ GetExtensionEntry(int major)
_X_EXPORT void _X_EXPORT void
DeclareExtensionSecurity(char *extname, Bool secure) DeclareExtensionSecurity(char *extname, Bool secure)
{ {
#ifdef XACE
int i = FindExtension(extname, strlen(extname)); int i = FindExtension(extname, strlen(extname));
if (i >= 0) if (i >= 0)
XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure); XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
#endif
} }
_X_EXPORT unsigned short _X_EXPORT unsigned short
@ -336,12 +332,7 @@ ProcQueryExtension(ClientPtr client)
else else
{ {
i = FindExtension((char *)&stuff[1], stuff->nbytes); i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0 if (i < 0 || !XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
#ifdef XACE
/* call callbacks to find out whether to show extension */
|| !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
#endif
)
reply.present = xFalse; reply.present = xFalse;
else else
{ {
@ -376,11 +367,10 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++) for (i=0; i<NumExtensions; i++)
{ {
#ifdef XACE
/* call callbacks to find out whether to show extension */ /* call callbacks to find out whether to show extension */
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue; continue;
#endif
total_length += strlen(extensions[i]->name) + 1; total_length += strlen(extensions[i]->name) + 1;
reply.nExtensions += 1 + extensions[i]->num_aliases; reply.nExtensions += 1 + extensions[i]->num_aliases;
for (j = extensions[i]->num_aliases; --j >= 0;) for (j = extensions[i]->num_aliases; --j >= 0;)
@ -393,10 +383,9 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++) for (i=0; i<NumExtensions; i++)
{ {
int len; int len;
#ifdef XACE
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue; continue;
#endif
*bufptr++ = len = strlen(extensions[i]->name); *bufptr++ = len = strlen(extensions[i]->name);
memmove(bufptr, extensions[i]->name, len); memmove(bufptr, extensions[i]->name, len);
bufptr += len; bufptr += len;

4
dix/getevents.c
View File

@ -48,10 +48,6 @@
extern Bool XkbCopyKeymap(XkbDescPtr src, XkbDescPtr dst, Bool sendNotifies); extern Bool XkbCopyKeymap(XkbDescPtr src, XkbDescPtr dst, Bool sendNotifies);
#endif #endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef PANORAMIX #ifdef PANORAMIX
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"

75
dix/property.c
View File

@ -58,9 +58,7 @@ SOFTWARE.
#include "dixstruct.h" #include "dixstruct.h"
#include "dispatch.h" #include "dispatch.h"
#include "swaprep.h" #include "swaprep.h"
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
/***************************************************************** /*****************************************************************
* Property Stuff * Property Stuff
@ -118,27 +116,19 @@ ProcRotateProperties(ClientPtr client)
return(BadAlloc); return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++) for (i = 0; i < stuff->nAtoms; i++)
{ {
#ifdef XACE
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i], char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess); SecurityReadAccess|SecurityWriteAccess);
#endif
if (!ValidAtom(atoms[i]) if (!ValidAtom(atoms[i]) || (SecurityErrorOperation == action)) {
#ifdef XACE
|| (SecurityErrorOperation == action)
#endif
)
{
DEALLOCATE_LOCAL(props); DEALLOCATE_LOCAL(props);
client->errorValue = atoms[i]; client->errorValue = atoms[i];
return BadAtom; return BadAtom;
} }
#ifdef XACE if (SecurityIgnoreOperation == action) {
if (SecurityIgnoreOperation == action)
{
DEALLOCATE_LOCAL(props); DEALLOCATE_LOCAL(props);
return Success; return Success;
} }
#endif
for (j = i + 1; j < stuff->nAtoms; j++) for (j = i + 1; j < stuff->nAtoms; j++)
if (atoms[j] == atoms[i]) if (atoms[j] == atoms[i])
{ {
@ -233,17 +223,15 @@ ProcChangeProperty(ClientPtr client)
return(BadAtom); return(BadAtom);
} }
#ifdef XACE
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess)) SecurityWriteAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:
client->errorValue = stuff->property; client->errorValue = stuff->property;
return BadAtom; return BadAtom;
case SecurityIgnoreOperation: case SecurityIgnoreOperation:
return Success; return Success;
} }
#endif
err = ChangeWindowProperty(pWin, stuff->property, stuff->type, (int)format, err = ChangeWindowProperty(pWin, stuff->property, stuff->type, (int)format,
(int)mode, len, (pointer)&stuff[1], TRUE); (int)mode, len, (pointer)&stuff[1], TRUE);
@ -460,6 +448,7 @@ ProcGetProperty(ClientPtr client)
unsigned long n, len, ind; unsigned long n, len, ind;
WindowPtr pWin; WindowPtr pWin;
xGetPropertyReply reply; xGetPropertyReply reply;
Mask access_mode = SecurityReadAccess;
REQUEST(xGetPropertyReq); REQUEST(xGetPropertyReq);
REQUEST_SIZE_MATCH(xGetPropertyReq); REQUEST_SIZE_MATCH(xGetPropertyReq);
@ -501,24 +490,18 @@ ProcGetProperty(ClientPtr client)
if (!pProp) if (!pProp)
return NullPropertyReply(client, None, 0, &reply); return NullPropertyReply(client, None, 0, &reply);
#ifdef XACE if (stuff->delete)
access_mode |= SecurityDestroyAccess;
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode))
{ {
Mask access_mode = SecurityReadAccess; case SecurityErrorOperation:
client->errorValue = stuff->property;
if (stuff->delete) return BadAtom;;
access_mode |= SecurityDestroyAccess; case SecurityIgnoreOperation:
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, return NullPropertyReply(client, pProp->type, pProp->format, &reply);
access_mode))
{
case SecurityErrorOperation:
client->errorValue = stuff->property;
return BadAtom;;
case SecurityIgnoreOperation:
return NullPropertyReply(client, pProp->type, pProp->format,
&reply);
}
} }
#endif
/* If the request type and actual type don't match. Return the /* If the request type and actual type don't match. Return the
property information, but not the data. */ property information, but not the data. */
@ -663,17 +646,15 @@ ProcDeleteProperty(register ClientPtr client)
return (BadAtom); return (BadAtom);
} }
#ifdef XACE switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, SecurityDestroyAccess))
SecurityDestroyAccess))
{ {
case SecurityErrorOperation: case SecurityErrorOperation:
client->errorValue = stuff->property; client->errorValue = stuff->property;
return BadAtom;; return BadAtom;;
case SecurityIgnoreOperation: case SecurityIgnoreOperation:
return Success; return Success;
} }
#endif
result = DeleteProperty(pWin, stuff->property); result = DeleteProperty(pWin, stuff->property);
if (client->noClientException != Success) if (client->noClientException != Success)

8
dix/resource.c
View File

@ -148,9 +148,7 @@ Equipment Corporation.
#include "panoramiX.h" #include "panoramiX.h"
#include "panoramiXsrv.h" #include "panoramiXsrv.h"
#endif #endif
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#include <assert.h> #include <assert.h>
#ifdef XSERVER_DTRACE #ifdef XSERVER_DTRACE
@ -904,11 +902,10 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode)
break; break;
} }
} }
#ifdef XACE
if (retval && client && if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval)) !XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
retval = NULL; retval = NULL;
#endif
return retval; return retval;
} }
@ -932,11 +929,10 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode)
break; break;
} }
} }
#ifdef XACE
if (retval && client && if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval)) !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
retval = NULL; retval = NULL;
#endif
return retval; return retval;
} }

42
dix/window.c
View File

@ -126,9 +126,7 @@ Equipment Corporation.
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include "appgroup.h" #include "appgroup.h"
#endif #endif
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
/****** /******
* Window stuff for server * Window stuff for server
@ -531,9 +529,7 @@ InitRootWindow(WindowPtr pWin)
/* We SHOULD check for an error value here XXX */ /* We SHOULD check for an error value here XXX */
(*pScreen->ChangeWindowAttributes)(pWin, backFlag); (*pScreen->ChangeWindowAttributes)(pWin, backFlag);
#ifdef XACE
XaceHook(XACE_WINDOW_INIT, serverClient, pWin); XaceHook(XACE_WINDOW_INIT, serverClient, pWin);
#endif
MapWindow(pWin, serverClient); MapWindow(pWin, serverClient);
} }
@ -738,18 +734,16 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w,
} }
pWin->borderWidth = bw; pWin->borderWidth = bw;
#ifdef XACE
/* can't let untrusted clients have background None windows; /* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents * they make it too easy to steal window contents
*/ */
if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{ pWin->backgroundState = None;
else {
pWin->backgroundState = BackgroundPixel; pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0; pWin->background.pixel = 0;
} }
else
#endif
pWin->backgroundState = None;
pWin->borderIsPixel = pParent->borderIsPixel; pWin->borderIsPixel = pParent->borderIsPixel;
pWin->border = pParent->border; pWin->border = pParent->border;
@ -769,9 +763,7 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w,
REGION_NULL(pScreen, &pWin->winSize); REGION_NULL(pScreen, &pWin->winSize);
REGION_NULL(pScreen, &pWin->borderSize); REGION_NULL(pScreen, &pWin->borderSize);
#ifdef XACE
XaceHook(XACE_WINDOW_INIT, client, pWin); XaceHook(XACE_WINDOW_INIT, client, pWin);
#endif
pHead = RealChildHead(pParent); pHead = RealChildHead(pParent);
if (pHead) if (pHead)
@ -1036,24 +1028,18 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt
borderRelative = TRUE; borderRelative = TRUE;
if (pixID == None) if (pixID == None)
{ {
#ifdef XACE
/* can't let untrusted clients have background None windows */ /* can't let untrusted clients have background None windows */
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) {
{ if (pWin->backgroundState == BackgroundPixmap)
#endif (*pScreen->DestroyPixmap)(pWin->background.pixmap);
if (pWin->backgroundState == BackgroundPixmap) if (!pWin->parent)
(*pScreen->DestroyPixmap)(pWin->background.pixmap); MakeRootTile(pWin);
if (!pWin->parent) else
MakeRootTile(pWin); pWin->backgroundState = None;
else } else {
pWin->backgroundState = None; /* didn't change the backgrnd to None, so don't tell ddx */
#ifdef XACE
}
else
{ /* didn't change the background to None, so don't tell ddx */
index2 = 0; index2 = 0;
} }
#endif
} }
else if (pixID == ParentRelative) else if (pixID == ParentRelative)
{ {
@ -2739,11 +2725,9 @@ MapWindow(register WindowPtr pWin, ClientPtr client)
if (pWin->mapped) if (pWin->mapped)
return(Success); return(Success);
#ifdef XACE
/* general check for permission to map window */ /* general check for permission to map window */
if (!XaceHook(XACE_MAP_ACCESS, client, pWin)) if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
return Success; return Success;
#endif
pScreen = pWin->drawable.pScreen; pScreen = pWin->drawable.pScreen;
if ( (pParent = pWin->parent) ) if ( (pParent = pWin->parent) )

6
os/access.c
View File

@ -202,9 +202,7 @@ SOFTWARE.
#include "dixstruct.h" #include "dixstruct.h"
#include "osdep.h" #include "osdep.h"
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#ifndef PATH_MAX #ifndef PATH_MAX
#ifdef MAXPATHLEN #ifdef MAXPATHLEN
@ -1528,11 +1526,11 @@ AuthorizedClient(ClientPtr client)
{ {
if (!client || defeatAccessControl) if (!client || defeatAccessControl)
return TRUE; return TRUE;
#ifdef XACE
/* untrusted clients can't change host access */ /* untrusted clients can't change host access */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess)) if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
return FALSE; return FALSE;
#endif
return LocalClient(client); return LocalClient(client);
} }

6
os/connection.c
View File

@ -148,9 +148,7 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP #ifdef XAPPGROUP
#include "appgroup.h" #include "appgroup.h"
#endif #endif
#ifdef XACE
#include "xace.h" #include "xace.h"
#endif
#ifdef XCSECURITY #ifdef XCSECURITY
#include "securitysrv.h" #include "securitysrv.h"
#endif #endif
@ -750,9 +748,9 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */ /* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd); XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */ #endif /* XDMCP */
#ifdef XACE
XaceHook(XACE_AUTH_AVAIL, client, auth_id); XaceHook(XACE_AUTH_AVAIL, client, auth_id);
#endif
/* At this point, if the client is authorized to change the access control /* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to * list, we should getpeername() information, and add the client to
* the selfhosts list. It's not really the host machine, but the * the selfhosts list. It's not really the host machine, but the