andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Replace XC-SECURITY code with XACE security hooks

Browse Source
This commit is contained in:
Eamon Walsh 2004-05-05 20:04:52 +00:00
parent 6d066cb109
commit 8526cd6395
17 changed files with 169 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
dix/devices.c
View File

@ -65,9 +65,8 @@ SOFTWARE.
#ifdef XKB
#include "XKBsrv.h"
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
#ifdef LBX
#include "lbxserve.h"
@ -1003,8 +1002,8 @@ ProcSetModifierMapping(client)
}
}
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess;
#endif
@ -1125,9 +1124,8 @@ ProcChangeKeyboardMapping(client)
client->errorValue = stuff->keySymsPerKeyCode;
return BadValue;
}
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard,
TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return BadAccess;
#endif
keysyms.minKeyCode = stuff->firstKeyCode;
@ -1284,8 +1282,8 @@ ProcChangeKeyboardControl (client)
vmask = stuff->mask;
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength;
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess;
#endif
vlist = (XID *)&stuff[1]; /* first word of values */
@ -1681,8 +1679,8 @@ ProcQueryKeymap(client)
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.length = 2;
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
bzero((char *)&rep.map[0], 32);
}

43
dix/dispatch.c
View File

@ -1,4 +1,4 @@
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $Xorg: dispatch.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
/************************************************************
@ -103,9 +103,8 @@ int ProcInitialConnection();
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
#ifdef XAPPGROUP
#include "Xagsrv.h"
@ -1109,11 +1108,10 @@ ProcConvertSelection(client)
CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None)
#ifdef XCSECURITY
&& (!client->CheckAccess ||
(* client->CheckAccess)(client, CurrentSelections[i].window,
RT_WINDOW, SecurityReadAccess,
CurrentSelections[i].pWin))
#ifdef XACE
&& XaceHook(XACE_RESOURCE_ACCESS, client,
CurrentSelections[i].window, RT_WINDOW,
SecurityReadAccess, CurrentSelections[i].pWin)
#endif
)
{
@ -2218,9 +2216,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
#ifdef XCSECURITY
if (client->trustLevel != XSecurityClientTrusted &&
pDraw->type == DRAWABLE_WINDOW)
#ifdef XACE
if (pDraw->type == DRAWABLE_WINDOW &&
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion)
@ -2248,9 +2246,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
format,
planemask,
(pointer) pBuf);
#ifdef XCSECURITY
#ifdef XACE
if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion, widthBytesLine,
XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
#endif
@ -2289,9 +2287,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
format,
plane,
(pointer)pBuf);
#ifdef XCSECURITY
#ifdef XACE
if (pVisibleRegion)
SecurityCensorImage(client, pVisibleRegion,
XaceCensorImage(client, pVisibleRegion,
widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
@ -2317,7 +2315,7 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
}
}
}
#ifdef XCSECURITY
#ifdef XACE
if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif
@ -3354,11 +3352,10 @@ ProcListHosts(client)
/* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq);
#ifdef XCSECURITY
#ifdef XACE
/* untrusted clients can't list hosts */
if (client->trustLevel != XSecurityClientTrusted)
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{
SecurityAudit("client %d attempted to list hosts\n", client->index);
return BadAccess;
}
#endif
@ -3743,10 +3740,8 @@ void InitClient(client, i, ospriv)
#ifdef LBX
client->readRequest = StandardReadRequestFromClient;
#endif
#ifdef XCSECURITY
client->trustLevel = XSecurityClientTrusted;
client->CheckAccess = NULL;
client->authId = 0;
#ifdef XACE
XACE_STATE_INIT(client->securityState);
#endif
#ifdef XAPPGROUP
client->appgroup = NULL;

36
dix/dixutils.c
View File

@ -93,9 +93,8 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h"
#define XK_LATIN1
#include "keysymdef.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
/*
@ -173,7 +172,7 @@ CopyISOLatin1Lowered(dest, source, length)
*dest = '\0';
}
#ifdef XCSECURITY
#ifdef XACE
/* SecurityLookupWindow and SecurityLookupDrawable:
* Look up the window/drawable taking into account the client doing
@ -181,6 +180,7 @@ CopyISOLatin1Lowered(dest, source, length)
* if it exists and the client is allowed access, else return NULL.
* Most Proc* functions should be calling these instead of
* LookupWindow and LookupDrawable, which do no access checks.
* XACE note: need to see if client->lastDrawableID can still be used here.
*/
WindowPtr
@ -189,27 +189,10 @@ SecurityLookupWindow(rid, client, access_mode)
ClientPtr client;
Mask access_mode;
{
WindowPtr pWin;
client->errorValue = rid;
if(rid == INVALID)
return NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (client->lastDrawableID == rid)
{
if (client->lastDrawable->type == DRAWABLE_WINDOW)
return ((WindowPtr) client->lastDrawable);
return (WindowPtr) NULL;
}
pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
client->lastDrawable = (DrawablePtr) pWin;
client->lastDrawableID = rid;
client->lastGCID = INVALID;
client->lastGC = (GCPtr)NULL;
}
return pWin;
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
}
@ -223,11 +206,6 @@ SecurityLookupDrawable(rid, client, access_mode)
if(rid == INVALID)
return (pointer) NULL;
if (client->trustLevel != XSecurityClientTrusted)
return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (client->lastDrawableID == rid)
return ((pointer) client->lastDrawable);
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
@ -255,7 +233,7 @@ LookupDrawable(rid, client)
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
}
#else /* not XCSECURITY */
#else /* not XACE */
WindowPtr
LookupWindow(rid, client)
@ -301,7 +279,7 @@ LookupDrawable(rid, client)
return (pointer)NULL;
}
#endif /* XCSECURITY */
#endif /* XACE */
ClientPtr
LookupClient(rid, client)

27
dix/events.c
View File

@ -1,4 +1,4 @@
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.1.4.9.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $XFree86: xc/programs/Xserver/dix/events.c,v 3.51 2004/01/12 17:04:52 tsi Exp $ */
/************************************************************
@ -101,9 +101,8 @@ Equipment Corporation.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
#include "XIproto.h"
@ -2403,8 +2402,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo))))
{
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE;
#endif
#ifdef XKB
@ -3164,10 +3163,10 @@ EnterLeaveEvent(
{
xKeymapEvent ke;
#ifdef XCSECURITY
#ifdef XACE
ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, keybd, FALSE))
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
@ -3259,9 +3258,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{
xKeymapEvent ke;
#ifdef XCSECURITY
#ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
if (!SecurityCheckDeviceAccess(client, dev, FALSE))
if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
@ -3533,8 +3532,8 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq);
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success;
#endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
@ -3811,8 +3810,8 @@ ProcGrabKeyboard(client)
int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
#ifdef XCSECURITY
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
#ifdef XACE
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
result = Success;
rep.status = AlreadyGrabbed;

59
dix/extension.c
View File

@ -57,9 +57,8 @@ SOFTWARE.
#include "gcstruct.h"
#include "scrnintstr.h"
#include "dispatch.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
#ifdef LBX
#include "lbxserve.h"
@ -146,8 +145,8 @@ AddExtension(char *name, int NumEvents, int NumErrors,
ext->errorBase = 0;
ext->errorLast = 0;
}
#ifdef XCSECURITY
ext->secure = FALSE;
#ifdef XACE
XACE_STATE_INIT(ext->securityState);
#endif
#ifdef LBX
@ -218,28 +217,29 @@ CheckExtension(const char *extname)
return NULL;
}
/*
* Added as part of Xace.
*/
ExtensionEntry *
GetExtensionEntry(int major)
{
if (major < EXTENSION_BASE)
return NULL;
major -= EXTENSION_BASE;
if (major >= NumExtensions)
return NULL;
return extensions[major];
}
void
DeclareExtensionSecurity(extname, secure)
char *extname;
Bool secure;
{
#ifdef XCSECURITY
#ifdef XACE
int i = FindExtension(extname, strlen(extname));
if (i >= 0)
{
int majorop = extensions[i]->base;
extensions[i]->secure = secure;
if (secure)
{
UntrustedProcVector[majorop] = ProcVector[majorop];
SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
}
else
{
UntrustedProcVector[majorop] = ProcBadRequest;
SwappedUntrustedProcVector[majorop] = ProcBadRequest;
}
}
XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
#endif
#ifdef LBX
LbxDeclareExtensionSecurity(extname, secure);
@ -327,10 +327,9 @@ ProcQueryExtension(client)
{
i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0
#ifdef XCSECURITY
/* don't show insecure extensions to untrusted clients */
|| (client->trustLevel == XSecurityClientUntrusted &&
!extensions[i]->secure)
#ifdef XACE
/* call callbacks to find out whether to show extension */
|| !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
#endif
)
reply.present = xFalse;
@ -368,10 +367,9 @@ ProcListExtensions(client)
for (i=0; i<NumExtensions; i++)
{
#ifdef XCSECURITY
/* don't show insecure extensions to untrusted clients */
if (client->trustLevel == XSecurityClientUntrusted &&
!extensions[i]->secure)
#ifdef XACE
/* call callbacks to find out whether to show extension */
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
total_length += strlen(extensions[i]->name) + 1;
@ -386,9 +384,8 @@ ProcListExtensions(client)
for (i=0; i<NumExtensions; i++)
{
int len;
#ifdef XCSECURITY
if (client->trustLevel == XSecurityClientUntrusted &&
!extensions[i]->secure)
#ifdef XACE
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
*bufptr++ = len = strlen(extensions[i]->name);

25
dix/property.c
View File

@ -56,9 +56,8 @@ SOFTWARE.
#include "dixstruct.h"
#include "dispatch.h"
#include "swaprep.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
#ifdef LBX
#include "lbxserve.h"
@ -132,12 +131,12 @@ ProcRotateProperties(client)
return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++)
{
#ifdef XCSECURITY
char action = SecurityCheckPropertyAccess(client, pWin, atoms[i],
#ifdef XACE
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess);
#endif
if (!ValidAtom(atoms[i])
#ifdef XCSECURITY
#ifdef XACE
|| (SecurityErrorOperation == action)
#endif
)
@ -146,7 +145,7 @@ ProcRotateProperties(client)
client->errorValue = atoms[i];
return BadAtom;
}
#ifdef XCSECURITY
#ifdef XACE
if (SecurityIgnoreOperation == action)
{
DEALLOCATE_LOCAL(props);
@ -248,8 +247,8 @@ ProcChangeProperty(client)
return(BadAtom);
}
#ifdef XCSECURITY
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
#ifdef XACE
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess))
{
case SecurityErrorOperation:
@ -543,13 +542,13 @@ ProcGetProperty(client)
if (!pProp)
return NullPropertyReply(client, None, 0, &reply);
#ifdef XCSECURITY
#ifdef XACE
{
Mask access_mode = SecurityReadAccess;
if (stuff->delete)
access_mode |= SecurityDestroyAccess;
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode))
{
case SecurityErrorOperation:
@ -718,8 +717,8 @@ ProcDeleteProperty(client)
return (BadAtom);
}
#ifdef XCSECURITY
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
#ifdef XACE
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityDestroyAccess))
{
case SecurityErrorOperation:

21
dix/resource.c
View File

@ -74,7 +74,7 @@ Equipment Corporation.
******************************************************************/
/* $Xorg: resource.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.3 2004/04/25 22:42:09 gisburn Exp $ */
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.1.4.6.4.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $TOG: resource.c /main/41 1998/02/09 14:20:31 kaleb $ */
/* Routines to manage various kinds of resources:
@ -119,6 +119,9 @@ Equipment Corporation.
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
#include <assert.h>
static void RebuildTable(
@ -840,7 +843,7 @@ LegalNewID(id, client)
!LookupIDByClass(id, RC_ANY)));
}
#ifdef XCSECURITY
#ifdef XACE
/* SecurityLookupIDByType and SecurityLookupIDByClass:
* These are the heart of the resource ID security system. They take
@ -877,8 +880,9 @@ SecurityLookupIDByType(client, id, rtype, mode)
break;
}
}
if (retval && client && client->CheckAccess)
retval = (* client->CheckAccess)(client, id, rtype, mode, retval);
if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
retval = NULL;
return retval;
}
@ -910,8 +914,9 @@ SecurityLookupIDByClass(client, id, classes, mode)
break;
}
}
if (retval && client && client->CheckAccess)
retval = (* client->CheckAccess)(client, id, res->type, mode, retval);
if (retval && client &&
!XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
retval = NULL;
return retval;
}
@ -937,7 +942,7 @@ LookupIDByClass(id, classes)
SecurityUnknownAccess);
}
#else /* not XCSECURITY */
#else /* not XACE */
/*
* LookupIDByType returns the object with the given id and type, else NULL.
@ -986,4 +991,4 @@ LookupIDByClass(id, classes)
return (pointer)NULL;
}
#endif /* XCSECURITY */
#endif /* XACE */

27
dix/window.c
View File

@ -1,4 +1,4 @@
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
/* $Xorg: window.c,v 1.4 2001/02/09 02:04:41 xorgcvs Exp $ */
/*
@ -103,9 +103,8 @@ Equipment Corporation.
#ifdef XAPPGROUP
#include "Xagsrv.h"
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "security.h"
#ifdef XACE
#include "xace.h"
#endif
/******
@ -706,11 +705,11 @@ CreateWindow(wid, pParent, x, y, w, h, bw, class, vmask, vlist,
}
pWin->borderWidth = bw;
#ifdef XCSECURITY
#ifdef XACE
/* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents
*/
if (client->trustLevel != XSecurityClientTrusted)
if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0;
@ -1008,9 +1007,9 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
borderRelative = TRUE;
if (pixID == None)
{
#ifdef XCSECURITY
#ifdef XACE
/* can't let untrusted clients have background None windows */
if (client->trustLevel == XSecurityClientTrusted)
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
#endif
if (pWin->backgroundState == BackgroundPixmap)
@ -1019,7 +1018,7 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
MakeRootTile(pWin);
else
pWin->backgroundState = None;
#ifdef XCSECURITY
#ifdef XACE
}
else
{ /* didn't change the background to None, so don't tell ddx */
@ -2697,13 +2696,9 @@ MapWindow(pWin, client)
if (pWin->mapped)
return(Success);
#ifdef XCSECURITY
/* don't let an untrusted client map a child-of-trusted-window, InputOnly
* window; too easy to steal device input
*/
if ( (client->trustLevel != XSecurityClientTrusted) &&
(pWin->drawable.class == InputOnly) &&
(wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
#ifdef XACE
/* general check for permission to map window */
if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
return Success;
#endif

19
include/dix.h
View File

@ -89,12 +89,9 @@ SOFTWARE.
((client->lastDrawableID == did) ? \
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
#ifdef XCSECURITY
#ifdef XACE
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\
@ -108,9 +105,6 @@ SOFTWARE.
}
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
if (client->lastDrawableID == did && !client->trustLevel)\
pDraw = client->lastDrawable;\
else \
{\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\
@ -122,9 +116,6 @@ SOFTWARE.
}
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
if (client->lastGCID == rid && !client->trustLevel)\
pGC = client->lastGC;\
else\
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
if (!pGC)\
{\
@ -141,7 +132,7 @@ SOFTWARE.
#define VERIFY_GC(pGC, rid, client)\
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
#else /* not XCSECURITY */
#else /* not XACE */
#define VERIFY_DRAWABLE(pDraw, did, client)\
if (client->lastDrawableID == did)\
@ -191,7 +182,7 @@ SOFTWARE.
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
VERIFY_GC(pGC, rid, client)
#endif /* XCSECURITY */
#endif /* XACE */
/*
* We think that most hardware implementations of DBE will want
@ -379,7 +370,7 @@ extern void CopyISOLatin1Lowered(
unsigned char * /*source*/,
int /*length*/);
#ifdef XCSECURITY
#ifdef XACE
extern WindowPtr SecurityLookupWindow(
XID /*rid*/,
@ -415,7 +406,7 @@ extern pointer LookupDrawable(
#define SecurityLookupDrawable(rid, client, access_mode) \
LookupDrawable(rid, client)
#endif /* XCSECURITY */
#endif /* XACE */
extern ClientPtr LookupClient(
XID /*rid*/,

11
include/dixstruct.h
View File

@ -111,15 +111,8 @@ typedef struct _Client {
int (*readRequest)(ClientPtr /*client*/);
#endif
unsigned long replyBytesRemaining;
#ifdef XCSECURITY
XID authId;
unsigned int trustLevel;
pointer (* CheckAccess)(
ClientPtr /*pClient*/,
XID /*id*/,
RESTYPE /*classes*/,
Mask /*access_mode*/,
pointer /*resourceval*/);
#ifdef XACE
pointer securityState[4]; /* 4 slots for use */
#endif
#ifdef XAPPGROUP
struct _AppGroupRec* appgroup;

3
include/extnsionst.h
View File

@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */
ClientPtr /* client */);
#ifdef XCSECURITY
Bool secure; /* extension visible to untrusted clients? */
pointer securityState[4]; /* 4 slots for use */
#endif
} ExtensionEntry;
@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
ExtensionEntry * /*extension*/);
extern ExtensionEntry *CheckExtension(const char *extname);
extern ExtensionEntry *GetExtensionEntry(int major);
extern ExtensionLookupProc LookupProc(
char* /*name*/,

6
include/resource.h
View File

@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex(
#define SecurityWriteAccess (1<<1) /* changing the object */
#define SecurityDestroyAccess (1<<2) /* destroying the object */
#ifdef XCSECURITY
#ifdef XACE
extern pointer SecurityLookupIDByType(
ClientPtr /*client*/,
@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
RESTYPE /*classes*/,
Mask /*access_mode*/);
#else /* not XCSECURITY */
#else /* not XACE */
#define SecurityLookupIDByType(client, id, rtype, access_mode) \
LookupIDByType(id, rtype)
@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
#define SecurityLookupIDByClass(client, id, classes, access_mode) \
LookupIDByClass(id, classes)
#endif /* XCSECURITY */
#endif /* XACE */
extern void GetXIDRange(
int /*client*/,

34
lbx/lbxexts.c
View File

@ -32,27 +32,10 @@
#define _XLBX_SERVER_
#include "lbxstr.h"
#include "lbxserve.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "extensions/security.h"
#ifdef XACE
#include "xace.h"
#endif
typedef struct _lbxext {
char *name;
char **aliases;
int num_aliases;
int idx;
int opcode;
int ev_base;
int err_base;
int num_reqs;
CARD8 *rep_mask;
CARD8 *ev_mask;
#ifdef XCSECURITY
Bool secure;
#endif
} LbxExtensionEntry;
static LbxExtensionEntry **lbx_extensions = NULL;
static int num_exts = 0;
@ -97,8 +80,8 @@ LbxAddExtension(char *name,
ext->ev_mask = NULL;
ext->rep_mask = NULL;
ext->num_reqs = 0;
#ifdef XCSECURITY
ext->secure = FALSE;
#ifdef XACE
XACE_STATE_INIT(ext->securityState);
#endif
return TRUE;
@ -149,10 +132,10 @@ void
LbxDeclareExtensionSecurity(char *extname,
Bool secure)
{
#ifdef XCSECURITY
#ifdef XACE
int i = LbxFindExtension(extname, strlen(extname));
if (i >= 0)
lbx_extensions[i]->secure = secure;
XaceHook(XACE_DECLARE_LBX_EXT_SECURE, lbx_extensions[i], secure);
#endif
}
@ -203,10 +186,9 @@ LbxQueryExtension(ClientPtr client,
i = LbxFindExtension(ename, nlen);
if (i < 0
#ifdef XCSECURITY
#ifdef XACE
/* don't show insecure extensions to untrusted clients */
|| (client->trustLevel == XSecurityClientUntrusted &&
!lbx_extensions[i]->secure)
|| !XaceHook(XACE_LBX_EXT_ACCESS, client, lbx_extensions[i])
#endif
)
rep.present = FALSE;

9
lbx/lbxprop.c
View File

@ -69,9 +69,8 @@ in this Software without prior written authorization from The Open Group.
#include "lbxserve.h"
#include "lbxtags.h"
#include "Xfuncproto.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "extensions/security.h"
#ifdef XACE
#include "extensions/xace.h"
#endif
#include "swaprep.h"
@ -334,8 +333,8 @@ LbxChangeProperty(ClientPtr client)
swaps(&rep.sequenceNumber, n);
}
#ifdef XCSECURITY
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
#ifdef XACE
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess))
{
case SecurityErrorOperation:

16
lbx/lbxserve.h
View File

@ -119,6 +119,22 @@ typedef struct _LbxProxy {
lbxMotionCache motionCache;
} LbxProxyRec;
typedef struct _lbxext {
char *name;
char **aliases;
int num_aliases;
int idx;
int opcode;
int ev_base;
int err_base;
int num_reqs;
CARD8 *rep_mask;
CARD8 *ev_mask;
#ifdef XACE
pointer securityState[4];
#endif
} LbxExtensionEntry;
/* This array is indexed by server client index, not lbx proxy index */
extern LbxClientPtr lbxClients[MAXCLIENTS];

21
os/access.c
View File

@ -1,5 +1,5 @@
/* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.2 2004/04/23 19:54:28 eich Exp $ */
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.1.4.4.4.1 2004/05/04 19:44:01 ewalsh Exp $ */
/***********************************************************
Copyright 1987, 1998 The Open Group
@ -192,9 +192,8 @@ SOFTWARE.
#include "dixstruct.h"
#include "osdep.h"
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "extensions/security.h"
#ifdef XACE
#include "xace.h"
#endif
#ifndef PATH_MAX
@ -1321,15 +1320,6 @@ Bool LocalClient(ClientPtr client)
pointer addr;
register HOST *host;
#ifdef XCSECURITY
/* untrusted clients can't change host access */
if (client->trustLevel != XSecurityClientTrusted)
{
SecurityAudit("client %d attempted to change host access\n",
client->index);
return FALSE;
}
#endif
#ifdef LBX
if (!((OsCommPtr)client->osPrivate)->trans_conn)
return FALSE;
@ -1431,6 +1421,11 @@ AuthorizedClient(ClientPtr client)
{
if (!client || defeatAccessControl)
return TRUE;
#ifdef XACE
/* untrusted clients can't change host access */
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
return FALSE;
#endif
return LocalClient(client);
}

13
os/connection.c
View File

@ -149,6 +149,9 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP
#include "extensions/Xagsrv.h"
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include "extensions/security.h"
@ -632,8 +635,9 @@ ClientAuthorized(ClientPtr client,
if (! priv->trans_conn) {
if (auth_id == (XID) ~0L && !GetAccessControl())
auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id;
#ifdef XCSECURITY
else if (auth_id != (XID) ~0L && !SecuritySameLevel(lbxpc, auth_id)) {
#ifdef XACE
else if (auth_id != (XID) ~0L &&
!XaceHook(XACE_LBX_PROXY_ACCESS, lbxpc, auth_id)) {
auth_id = (XID) ~0L;
reason = "Client trust level differs from that of LBX Proxy";
}
@ -709,9 +713,8 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */
#ifdef XAPPGROUP
if (ClientStateCallback)
XagCallClientStateChange (client);
#ifdef XACE
XaceHook(XACE_AUTH_AVAIL, client, auth_id);
#endif
/* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to