frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define calls away when not building XACE, allowing ifdef's to be removed.

This commit is contained in:
Eamon Walsh 2006-12-01 20:48:15 -05:00 committed by Eamon Walsh
parent a5d6499d66
commit f44f14fe56
12 changed files with 105 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Xext/xace.h
View File

@ -20,6 +20,13 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifndef _XACE_H
#define _XACE_H
/* Hook return codes */
#define SecurityErrorOperation 0
#define SecurityAllowOperation 1
#define SecurityIgnoreOperation 2
#ifdef XACE
#define XACE_EXTENSION_NAME "XAccessControlExtension"
#define XACE_MAJOR_VERSION 1
#define XACE_MINOR_VERSION 0
@ -75,11 +82,6 @@ extern int XaceHook(
/* From the original Security extension...
*/
/* Hook return codes */
#define SecurityAllowOperation 0
#define SecurityIgnoreOperation 1
#define SecurityErrorOperation 2
/* Proc vectors for untrusted clients, swapped and unswapped versions.
* These are the same as the normal proc vectors except that extensions
* that haven't declared themselves secure will have ProcBadRequest plugged
@ -100,4 +102,18 @@ extern void XaceCensorImage(
char * pBuf
);
#else /* XACE */
/* Define calls away when XACE is not being built. */
#ifdef __GNUC__
#define XaceHook(args...) SecurityAllowOperation
#define XaceCensorImage(args...) { ; }
#else
#define XaceHook(...) SecurityAllowOperation
#define XaceCensorImage(...) { ; }
#endif
#endif /* XACE */
#endif /* _XACE_H */

20
dix/devices.c
View File

@ -69,9 +69,7 @@ SOFTWARE.
#ifdef XKB
#include <X11/extensions/XKBsrv.h>
#endif
#ifdef XACE
#include "xace.h"
#endif
#include "dispatch.h"
#include "swaprep.h"
@ -1178,10 +1176,8 @@ DoSetModifierMapping(ClientPtr client, KeyCode *inputMap,
}
}
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
return BadAccess;
#endif
/* None of the modifiers (old or new) may be down while we change
* the map. */
@ -1302,14 +1298,12 @@ ProcChangeKeyboardMapping(ClientPtr client)
return BadValue;
}
#ifdef XACE
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) {
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
return BadAccess;
}
}
#endif
keysyms.minKeyCode = stuff->firstKeyCode;
keysyms.maxKeyCode = stuff->firstKeyCode + stuff->keyCodes - 1;
@ -1655,7 +1649,6 @@ ProcChangeKeyboardControl (ClientPtr client)
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength;
#ifdef XACE
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
pDev->kbdfeed && pDev->kbdfeed->CtrlProc) {
@ -1663,7 +1656,6 @@ ProcChangeKeyboardControl (ClientPtr client)
return BadAccess;
}
}
#endif
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
@ -1920,15 +1912,13 @@ ProcQueryKeymap(ClientPtr client)
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.length = 2;
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
bzero((char *)&rep.map[0], 32);
}
else
#endif
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
for (i = 0; i<32; i++)
rep.map[i] = down[i];
else
bzero((char *)&rep.map[0], 32);
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
return Success;
}

37
dix/dispatch.c
View File

@ -135,9 +135,7 @@ int ProcInitialConnection();
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XAPPGROUP
#include "appgroup.h"
#endif
@ -504,16 +502,11 @@ Dispatch(void)
#endif
if (result > (maxBigRequestSize << 2))
result = BadLength;
else
#ifdef XACE
{
else {
XaceHook(XACE_AUDIT_BEGIN, client);
result = (* client->requestVector[MAJOROP])(client);
XaceHook(XACE_AUDIT_END, client, result);
}
#else
result = (* client->requestVector[MAJOROP])(client);
#endif /* XACE */
#ifdef XSERVER_DTRACE
XSERVER_REQUEST_DONE(GetRequestName(MAJOROP), MAJOROP,
client->sequence, client->index, result);
@ -1167,13 +1160,10 @@ ProcConvertSelection(register ClientPtr client)
while ((i < NumCurrentSelections) &&
CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None)
#ifdef XACE
&& XaceHook(XACE_RESOURCE_ACCESS, client,
(CurrentSelections[i].window != None) &&
XaceHook(XACE_RESOURCE_ACCESS, client,
CurrentSelections[i].window, RT_WINDOW,
SecurityReadAccess, CurrentSelections[i].pWin)
#endif
)
SecurityReadAccess, CurrentSelections[i].pWin))
{
event.u.u.type = SelectionRequest;
event.u.selectionRequest.time = stuff->time;
@ -2163,9 +2153,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
Mask plane = 0;
char *pBuf;
xGetImageReply xgi;
#ifdef XACE
RegionPtr pVisibleRegion = NULL;
#endif
if ((format != XYPixmap) && (format != ZPixmap))
{
@ -2269,17 +2257,16 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
#ifdef XACE
if (pDraw->type == DRAWABLE_WINDOW &&
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion)
{
REGION_TRANSLATE(pDraw->pScreen, pVisibleRegion, -pDraw->x, -pDraw->y);
REGION_TRANSLATE(pDraw->pScreen, pVisibleRegion,
-pDraw->x, -pDraw->y);
}
}
#endif
if (linesPerBuf == 0)
{
@ -2299,12 +2286,10 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format,
planemask,
(pointer) pBuf);
#ifdef XACE
if (pVisibleRegion)
XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
#endif
/* Note that this is NOT a call to WriteSwappedDataToClient,
as we do NOT byte swap */
@ -2340,13 +2325,11 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
format,
plane,
(pointer)pBuf);
#ifdef XACE
if (pVisibleRegion)
XaceCensorImage(client, pVisibleRegion,
widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
#endif
/* Note: NOT a call to WriteSwappedDataToClient,
as we do NOT byte swap */
@ -2368,10 +2351,8 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable,
}
}
}
#ifdef XACE
if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif
if (!im_return)
DEALLOCATE_LOCAL(pBuf);
return (client->noClientException);
@ -3342,13 +3323,11 @@ ProcListHosts(register ClientPtr client)
/* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq);
#ifdef XACE
/* untrusted clients can't list hosts */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{
return BadAccess;
}
#endif
result = GetHosts(&pdata, &nHosts, &len, &reply.enabled);
if (result != Success)
return(result);

2
dix/dixutils.c
View File

@ -95,9 +95,7 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h"
#define XK_LATIN1
#include <X11/keysymdef.h>
#ifdef XACE
#include "xace.h"
#endif
/*
* CompareTimeStamps returns -1, 0, or +1 depending on if the first

48
dix/events.c
View File

@ -137,9 +137,7 @@ of the copyright holder.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XSERVER_DTRACE
#include <sys/types.h>
@ -2462,10 +2460,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo))))
{
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE;
#endif
#ifdef XKB
if (!noXkbExtension) {
XE_KBPTR.state &= 0x1f00;
@ -2826,9 +2822,7 @@ drawable.id:0;
if (deactivateGrab)
(*keybd->DeactivateGrab)(keybd);
#ifdef XACE
XaceHook(XACE_KEY_AVAIL, xE, keybd, count);
#endif
}
#ifdef XKB
@ -3252,17 +3246,13 @@ EnterLeaveEvent(
if ((type == EnterNotify) && (mask & KeymapStateMask))
{
xKeymapEvent ke;
#ifdef XACE
ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)];
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
else
#endif
if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
else
bzero((char *)&ke.map[0], 31);
ke.type = KeymapNotify;
if (grab)
(void)TryClientEvents(rClient(grab), (xEvent *)&ke, 1, mask,
@ -3348,15 +3338,12 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{
xKeymapEvent ke;
#ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
else
#endif
if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
else
bzero((char *)&ke.map[0], 31);
ke.type = KeymapNotify;
(void)DeliverEventsToWindow(pWin, (xEvent *)&ke, 1,
KeymapStateMask, NullGrab, 0);
@ -3619,10 +3606,10 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq);
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success;
#endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
stuff->revertTo, stuff->time, FALSE);
}
@ -3884,18 +3871,17 @@ ProcGrabKeyboard(ClientPtr client)
int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
result = Success;
rep.status = AlreadyGrabbed;
}
else
#endif
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
stuff->pointerMode, stuff->grabWindow,
stuff->ownerEvents, stuff->time,
KeyPressMask | KeyReleaseMask, &rep.status);
else {
result = Success;
rep.status = AlreadyGrabbed;
}
if (result != Success)
return result;
rep.type = X_Reply;

17
dix/extension.c
View File

@ -59,9 +59,7 @@ SOFTWARE.
#include "gcstruct.h"
#include "scrnintstr.h"
#include "dispatch.h"
#ifdef XACE
#include "xace.h"
#endif
#define EXTENSION_BASE 128
#define EXTENSION_EVENT_BASE 64
@ -256,11 +254,9 @@ GetExtensionEntry(int major)
_X_EXPORT void
DeclareExtensionSecurity(char *extname, Bool secure)
{
#ifdef XACE
int i = FindExtension(extname, strlen(extname));
if (i >= 0)
XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
#endif
}
_X_EXPORT unsigned short
@ -336,12 +332,7 @@ ProcQueryExtension(ClientPtr client)
else
{
i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0
#ifdef XACE
/* call callbacks to find out whether to show extension */
|| !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
#endif
)
if (i < 0 || !XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
reply.present = xFalse;
else
{
@ -376,11 +367,10 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
#ifdef XACE
/* call callbacks to find out whether to show extension */
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
total_length += strlen(extensions[i]->name) + 1;
reply.nExtensions += 1 + extensions[i]->num_aliases;
for (j = extensions[i]->num_aliases; --j >= 0;)
@ -393,10 +383,9 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
int len;
#ifdef XACE
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
*bufptr++ = len = strlen(extensions[i]->name);
memmove(bufptr, extensions[i]->name, len);
bufptr += len;

4
dix/getevents.c
View File

@ -48,10 +48,6 @@
extern Bool XkbCopyKeymap(XkbDescPtr src, XkbDescPtr dst, Bool sendNotifies);
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef PANORAMIX
#include "panoramiX.h"
#include "panoramiXsrv.h"

37
dix/property.c
View File

@ -58,9 +58,7 @@ SOFTWARE.
#include "dixstruct.h"
#include "dispatch.h"
#include "swaprep.h"
#ifdef XACE
#include "xace.h"
#endif
/*****************************************************************
* Property Stuff
@ -118,27 +116,19 @@ ProcRotateProperties(ClientPtr client)
return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++)
{
#ifdef XACE
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess);
#endif
if (!ValidAtom(atoms[i])
#ifdef XACE
|| (SecurityErrorOperation == action)
#endif
)
{
if (!ValidAtom(atoms[i]) || (SecurityErrorOperation == action)) {
DEALLOCATE_LOCAL(props);
client->errorValue = atoms[i];
return BadAtom;
}
#ifdef XACE
if (SecurityIgnoreOperation == action)
{
if (SecurityIgnoreOperation == action) {
DEALLOCATE_LOCAL(props);
return Success;
}
#endif
for (j = i + 1; j < stuff->nAtoms; j++)
if (atoms[j] == atoms[i])
{
@ -233,7 +223,6 @@ ProcChangeProperty(ClientPtr client)
return(BadAtom);
}
#ifdef XACE
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess))
{
@ -243,7 +232,6 @@ ProcChangeProperty(ClientPtr client)
case SecurityIgnoreOperation:
return Success;
}
#endif
err = ChangeWindowProperty(pWin, stuff->property, stuff->type, (int)format,
(int)mode, len, (pointer)&stuff[1], TRUE);
@ -460,6 +448,7 @@ ProcGetProperty(ClientPtr client)
unsigned long n, len, ind;
WindowPtr pWin;
xGetPropertyReply reply;
Mask access_mode = SecurityReadAccess;
REQUEST(xGetPropertyReq);
REQUEST_SIZE_MATCH(xGetPropertyReq);
@ -501,24 +490,18 @@ ProcGetProperty(ClientPtr client)
if (!pProp)
return NullPropertyReply(client, None, 0, &reply);
#ifdef XACE
{
Mask access_mode = SecurityReadAccess;
if (stuff->delete)
access_mode |= SecurityDestroyAccess;
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode))
{
case SecurityErrorOperation:
client->errorValue = stuff->property;
return BadAtom;;
case SecurityIgnoreOperation:
return NullPropertyReply(client, pProp->type, pProp->format,
&reply);
return NullPropertyReply(client, pProp->type, pProp->format, &reply);
}
}
#endif
/* If the request type and actual type don't match. Return the
property information, but not the data. */
@ -663,8 +646,7 @@ ProcDeleteProperty(register ClientPtr client)
return (BadAtom);
}
#ifdef XACE
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityDestroyAccess))
{
case SecurityErrorOperation:
@ -673,7 +655,6 @@ ProcDeleteProperty(register ClientPtr client)
case SecurityIgnoreOperation:
return Success;
}
#endif
result = DeleteProperty(pWin, stuff->property);
if (client->noClientException != Success)

8
dix/resource.c
View File

@ -148,9 +148,7 @@ Equipment Corporation.
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
#include <assert.h>
#ifdef XSERVER_DTRACE
@ -904,11 +902,10 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode)
break;
}
}
#ifdef XACE
if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
retval = NULL;
#endif
return retval;
}
@ -932,11 +929,10 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode)
break;
}
}
#ifdef XACE
if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
retval = NULL;
#endif
return retval;
}

30
dix/window.c
View File

@ -126,9 +126,7 @@ Equipment Corporation.
#ifdef XAPPGROUP
#include "appgroup.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
/******
* Window stuff for server
@ -531,9 +529,7 @@ InitRootWindow(WindowPtr pWin)
/* We SHOULD check for an error value here XXX */
(*pScreen->ChangeWindowAttributes)(pWin, backFlag);
#ifdef XACE
XaceHook(XACE_WINDOW_INIT, serverClient, pWin);
#endif
MapWindow(pWin, serverClient);
}
@ -738,18 +734,16 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w,
}
pWin->borderWidth = bw;
#ifdef XACE
/* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents
*/
if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
pWin->backgroundState = None;
else {
pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0;
}
else
#endif
pWin->backgroundState = None;
pWin->borderIsPixel = pParent->borderIsPixel;
pWin->border = pParent->border;
@ -769,9 +763,7 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w,
REGION_NULL(pScreen, &pWin->winSize);
REGION_NULL(pScreen, &pWin->borderSize);
#ifdef XACE
XaceHook(XACE_WINDOW_INIT, client, pWin);
#endif
pHead = RealChildHead(pParent);
if (pHead)
@ -1036,24 +1028,18 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt
borderRelative = TRUE;
if (pixID == None)
{
#ifdef XACE
/* can't let untrusted clients have background None windows */
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
#endif
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) {
if (pWin->backgroundState == BackgroundPixmap)
(*pScreen->DestroyPixmap)(pWin->background.pixmap);
if (!pWin->parent)
MakeRootTile(pWin);
else
pWin->backgroundState = None;
#ifdef XACE
}
else
{ /* didn't change the background to None, so don't tell ddx */
} else {
/* didn't change the backgrnd to None, so don't tell ddx */
index2 = 0;
}
#endif
}
else if (pixID == ParentRelative)
{
@ -2739,11 +2725,9 @@ MapWindow(register WindowPtr pWin, ClientPtr client)
if (pWin->mapped)
return(Success);
#ifdef XACE
/* general check for permission to map window */
if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
return Success;
#endif
pScreen = pWin->drawable.pScreen;
if ( (pParent = pWin->parent) )

6
os/access.c
View File

@ -202,9 +202,7 @@ SOFTWARE.
#include "dixstruct.h"
#include "osdep.h"
#ifdef XACE
#include "xace.h"
#endif
#ifndef PATH_MAX
#ifdef MAXPATHLEN
@ -1528,11 +1526,11 @@ AuthorizedClient(ClientPtr client)
{
if (!client || defeatAccessControl)
return TRUE;
#ifdef XACE
/* untrusted clients can't change host access */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
return FALSE;
#endif
return LocalClient(client);
}

6
os/connection.c
View File

@ -148,9 +148,7 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP
#include "appgroup.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XCSECURITY
#include "securitysrv.h"
#endif
@ -750,9 +748,9 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */
#ifdef XACE
XaceHook(XACE_AUTH_AVAIL, client, auth_id);
#endif
/* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to
* the selfhosts list. It's not really the host machine, but the