Replace XC-SECURITY code with XACE security hooks
This commit is contained in:
parent
6d066cb109
commit
8526cd6395
|
@ -65,9 +65,8 @@ SOFTWARE.
|
|||
#ifdef XKB
|
||||
#include "XKBsrv.h"
|
||||
#endif
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
#ifdef LBX
|
||||
#include "lbxserve.h"
|
||||
|
@ -1003,8 +1002,8 @@ ProcSetModifierMapping(client)
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
|
||||
return BadAccess;
|
||||
#endif
|
||||
|
||||
|
@ -1125,9 +1124,8 @@ ProcChangeKeyboardMapping(client)
|
|||
client->errorValue = stuff->keySymsPerKeyCode;
|
||||
return BadValue;
|
||||
}
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard,
|
||||
TRUE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
return BadAccess;
|
||||
#endif
|
||||
keysyms.minKeyCode = stuff->firstKeyCode;
|
||||
|
@ -1284,8 +1282,8 @@ ProcChangeKeyboardControl (client)
|
|||
vmask = stuff->mask;
|
||||
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
|
||||
return BadLength;
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
|
||||
return BadAccess;
|
||||
#endif
|
||||
vlist = (XID *)&stuff[1]; /* first word of values */
|
||||
|
@ -1681,8 +1679,8 @@ ProcQueryKeymap(client)
|
|||
rep.type = X_Reply;
|
||||
rep.sequenceNumber = client->sequence;
|
||||
rep.length = 2;
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
{
|
||||
bzero((char *)&rep.map[0], 32);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/dix/dispatch.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||
/* $Xorg: dispatch.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
|
||||
/************************************************************
|
||||
|
||||
|
@ -103,9 +103,8 @@ int ProcInitialConnection();
|
|||
#include "panoramiX.h"
|
||||
#include "panoramiXsrv.h"
|
||||
#endif
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
#ifdef XAPPGROUP
|
||||
#include "Xagsrv.h"
|
||||
|
@ -1109,11 +1108,10 @@ ProcConvertSelection(client)
|
|||
CurrentSelections[i].selection != stuff->selection) i++;
|
||||
if ((i < NumCurrentSelections) &&
|
||||
(CurrentSelections[i].window != None)
|
||||
#ifdef XCSECURITY
|
||||
&& (!client->CheckAccess ||
|
||||
(* client->CheckAccess)(client, CurrentSelections[i].window,
|
||||
RT_WINDOW, SecurityReadAccess,
|
||||
CurrentSelections[i].pWin))
|
||||
#ifdef XACE
|
||||
&& XaceHook(XACE_RESOURCE_ACCESS, client,
|
||||
CurrentSelections[i].window, RT_WINDOW,
|
||||
SecurityReadAccess, CurrentSelections[i].pWin)
|
||||
#endif
|
||||
)
|
||||
{
|
||||
|
@ -2218,9 +2216,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
|||
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
if (client->trustLevel != XSecurityClientTrusted &&
|
||||
pDraw->type == DRAWABLE_WINDOW)
|
||||
#ifdef XACE
|
||||
if (pDraw->type == DRAWABLE_WINDOW &&
|
||||
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
|
||||
{
|
||||
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
|
||||
if (pVisibleRegion)
|
||||
|
@ -2248,9 +2246,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
|||
format,
|
||||
planemask,
|
||||
(pointer) pBuf);
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
if (pVisibleRegion)
|
||||
SecurityCensorImage(client, pVisibleRegion, widthBytesLine,
|
||||
XaceCensorImage(client, pVisibleRegion, widthBytesLine,
|
||||
pDraw, x, y + linesDone, width,
|
||||
nlines, format, pBuf);
|
||||
#endif
|
||||
|
@ -2289,9 +2287,9 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
|||
format,
|
||||
plane,
|
||||
(pointer)pBuf);
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
if (pVisibleRegion)
|
||||
SecurityCensorImage(client, pVisibleRegion,
|
||||
XaceCensorImage(client, pVisibleRegion,
|
||||
widthBytesLine,
|
||||
pDraw, x, y + linesDone, width,
|
||||
nlines, format, pBuf);
|
||||
|
@ -2317,7 +2315,7 @@ DoGetImage(client, format, drawable, x, y, width, height, planemask, im_return)
|
|||
}
|
||||
}
|
||||
}
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
if (pVisibleRegion)
|
||||
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
|
||||
#endif
|
||||
|
@ -3354,11 +3352,10 @@ ProcListHosts(client)
|
|||
/* REQUEST(xListHostsReq); */
|
||||
|
||||
REQUEST_SIZE_MATCH(xListHostsReq);
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
/* untrusted clients can't list hosts */
|
||||
if (client->trustLevel != XSecurityClientTrusted)
|
||||
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
|
||||
{
|
||||
SecurityAudit("client %d attempted to list hosts\n", client->index);
|
||||
return BadAccess;
|
||||
}
|
||||
#endif
|
||||
|
@ -3743,10 +3740,8 @@ void InitClient(client, i, ospriv)
|
|||
#ifdef LBX
|
||||
client->readRequest = StandardReadRequestFromClient;
|
||||
#endif
|
||||
#ifdef XCSECURITY
|
||||
client->trustLevel = XSecurityClientTrusted;
|
||||
client->CheckAccess = NULL;
|
||||
client->authId = 0;
|
||||
#ifdef XACE
|
||||
XACE_STATE_INIT(client->securityState);
|
||||
#endif
|
||||
#ifdef XAPPGROUP
|
||||
client->appgroup = NULL;
|
||||
|
|
|
@ -93,9 +93,8 @@ Author: Adobe Systems Incorporated
|
|||
#include "scrnintstr.h"
|
||||
#define XK_LATIN1
|
||||
#include "keysymdef.h"
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -173,7 +172,7 @@ CopyISOLatin1Lowered(dest, source, length)
|
|||
*dest = '\0';
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
|
||||
/* SecurityLookupWindow and SecurityLookupDrawable:
|
||||
* Look up the window/drawable taking into account the client doing
|
||||
|
@ -181,6 +180,7 @@ CopyISOLatin1Lowered(dest, source, length)
|
|||
* if it exists and the client is allowed access, else return NULL.
|
||||
* Most Proc* functions should be calling these instead of
|
||||
* LookupWindow and LookupDrawable, which do no access checks.
|
||||
* XACE note: need to see if client->lastDrawableID can still be used here.
|
||||
*/
|
||||
|
||||
WindowPtr
|
||||
|
@ -189,27 +189,10 @@ SecurityLookupWindow(rid, client, access_mode)
|
|||
ClientPtr client;
|
||||
Mask access_mode;
|
||||
{
|
||||
WindowPtr pWin;
|
||||
|
||||
client->errorValue = rid;
|
||||
if(rid == INVALID)
|
||||
return NULL;
|
||||
if (client->trustLevel != XSecurityClientTrusted)
|
||||
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
|
||||
if (client->lastDrawableID == rid)
|
||||
{
|
||||
if (client->lastDrawable->type == DRAWABLE_WINDOW)
|
||||
return ((WindowPtr) client->lastDrawable);
|
||||
return (WindowPtr) NULL;
|
||||
}
|
||||
pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
|
||||
if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
|
||||
client->lastDrawable = (DrawablePtr) pWin;
|
||||
client->lastDrawableID = rid;
|
||||
client->lastGCID = INVALID;
|
||||
client->lastGC = (GCPtr)NULL;
|
||||
}
|
||||
return pWin;
|
||||
return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
|
||||
}
|
||||
|
||||
|
||||
|
@ -223,11 +206,6 @@ SecurityLookupDrawable(rid, client, access_mode)
|
|||
|
||||
if(rid == INVALID)
|
||||
return (pointer) NULL;
|
||||
if (client->trustLevel != XSecurityClientTrusted)
|
||||
return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
|
||||
access_mode);
|
||||
if (client->lastDrawableID == rid)
|
||||
return ((pointer) client->lastDrawable);
|
||||
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
|
||||
access_mode);
|
||||
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
|
||||
|
@ -255,7 +233,7 @@ LookupDrawable(rid, client)
|
|||
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
|
||||
}
|
||||
|
||||
#else /* not XCSECURITY */
|
||||
#else /* not XACE */
|
||||
|
||||
WindowPtr
|
||||
LookupWindow(rid, client)
|
||||
|
@ -301,7 +279,7 @@ LookupDrawable(rid, client)
|
|||
return (pointer)NULL;
|
||||
}
|
||||
|
||||
#endif /* XCSECURITY */
|
||||
#endif /* XACE */
|
||||
|
||||
ClientPtr
|
||||
LookupClient(rid, client)
|
||||
|
|
27
dix/events.c
27
dix/events.c
|
@ -1,4 +1,4 @@
|
|||
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/dix/events.c,v 1.1.4.9.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||
/* $XFree86: xc/programs/Xserver/dix/events.c,v 3.51 2004/01/12 17:04:52 tsi Exp $ */
|
||||
/************************************************************
|
||||
|
||||
|
@ -101,9 +101,8 @@ Equipment Corporation.
|
|||
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
|
||||
#endif
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
|
||||
#include "XIproto.h"
|
||||
|
@ -2403,8 +2402,8 @@ CheckPassiveGrabsOnWindow(
|
|||
(grab->confineTo->realized &&
|
||||
BorderSizeNotEmpty(grab->confineTo))))
|
||||
{
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
|
||||
return FALSE;
|
||||
#endif
|
||||
#ifdef XKB
|
||||
|
@ -3164,10 +3163,10 @@ EnterLeaveEvent(
|
|||
{
|
||||
xKeymapEvent ke;
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
ClientPtr client = grab ? rClient(grab)
|
||||
: clients[CLIENT_ID(pWin->drawable.id)];
|
||||
if (!SecurityCheckDeviceAccess(client, keybd, FALSE))
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
|
||||
{
|
||||
bzero((char *)&ke.map[0], 31);
|
||||
}
|
||||
|
@ -3259,9 +3258,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr
|
|||
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
|
||||
{
|
||||
xKeymapEvent ke;
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
|
||||
if (!SecurityCheckDeviceAccess(client, dev, FALSE))
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
|
||||
{
|
||||
bzero((char *)&ke.map[0], 31);
|
||||
}
|
||||
|
@ -3533,8 +3532,8 @@ ProcSetInputFocus(client)
|
|||
REQUEST(xSetInputFocusReq);
|
||||
|
||||
REQUEST_SIZE_MATCH(xSetInputFocusReq);
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
return Success;
|
||||
#endif
|
||||
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
|
||||
|
@ -3811,8 +3810,8 @@ ProcGrabKeyboard(client)
|
|||
int result;
|
||||
|
||||
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
|
||||
#ifdef XCSECURITY
|
||||
if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
{
|
||||
result = Success;
|
||||
rep.status = AlreadyGrabbed;
|
||||
|
|
|
@ -57,9 +57,8 @@ SOFTWARE.
|
|||
#include "gcstruct.h"
|
||||
#include "scrnintstr.h"
|
||||
#include "dispatch.h"
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
#ifdef LBX
|
||||
#include "lbxserve.h"
|
||||
|
@ -146,8 +145,8 @@ AddExtension(char *name, int NumEvents, int NumErrors,
|
|||
ext->errorBase = 0;
|
||||
ext->errorLast = 0;
|
||||
}
|
||||
#ifdef XCSECURITY
|
||||
ext->secure = FALSE;
|
||||
#ifdef XACE
|
||||
XACE_STATE_INIT(ext->securityState);
|
||||
#endif
|
||||
|
||||
#ifdef LBX
|
||||
|
@ -218,28 +217,29 @@ CheckExtension(const char *extname)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Added as part of Xace.
|
||||
*/
|
||||
ExtensionEntry *
|
||||
GetExtensionEntry(int major)
|
||||
{
|
||||
if (major < EXTENSION_BASE)
|
||||
return NULL;
|
||||
major -= EXTENSION_BASE;
|
||||
if (major >= NumExtensions)
|
||||
return NULL;
|
||||
return extensions[major];
|
||||
}
|
||||
|
||||
void
|
||||
DeclareExtensionSecurity(extname, secure)
|
||||
char *extname;
|
||||
Bool secure;
|
||||
{
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
int i = FindExtension(extname, strlen(extname));
|
||||
if (i >= 0)
|
||||
{
|
||||
int majorop = extensions[i]->base;
|
||||
extensions[i]->secure = secure;
|
||||
if (secure)
|
||||
{
|
||||
UntrustedProcVector[majorop] = ProcVector[majorop];
|
||||
SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
|
||||
}
|
||||
else
|
||||
{
|
||||
UntrustedProcVector[majorop] = ProcBadRequest;
|
||||
SwappedUntrustedProcVector[majorop] = ProcBadRequest;
|
||||
}
|
||||
}
|
||||
XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
|
||||
#endif
|
||||
#ifdef LBX
|
||||
LbxDeclareExtensionSecurity(extname, secure);
|
||||
|
@ -327,10 +327,9 @@ ProcQueryExtension(client)
|
|||
{
|
||||
i = FindExtension((char *)&stuff[1], stuff->nbytes);
|
||||
if (i < 0
|
||||
#ifdef XCSECURITY
|
||||
/* don't show insecure extensions to untrusted clients */
|
||||
|| (client->trustLevel == XSecurityClientUntrusted &&
|
||||
!extensions[i]->secure)
|
||||
#ifdef XACE
|
||||
/* call callbacks to find out whether to show extension */
|
||||
|| !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
|
||||
#endif
|
||||
)
|
||||
reply.present = xFalse;
|
||||
|
@ -368,10 +367,9 @@ ProcListExtensions(client)
|
|||
|
||||
for (i=0; i<NumExtensions; i++)
|
||||
{
|
||||
#ifdef XCSECURITY
|
||||
/* don't show insecure extensions to untrusted clients */
|
||||
if (client->trustLevel == XSecurityClientUntrusted &&
|
||||
!extensions[i]->secure)
|
||||
#ifdef XACE
|
||||
/* call callbacks to find out whether to show extension */
|
||||
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||
continue;
|
||||
#endif
|
||||
total_length += strlen(extensions[i]->name) + 1;
|
||||
|
@ -386,9 +384,8 @@ ProcListExtensions(client)
|
|||
for (i=0; i<NumExtensions; i++)
|
||||
{
|
||||
int len;
|
||||
#ifdef XCSECURITY
|
||||
if (client->trustLevel == XSecurityClientUntrusted &&
|
||||
!extensions[i]->secure)
|
||||
#ifdef XACE
|
||||
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||
continue;
|
||||
#endif
|
||||
*bufptr++ = len = strlen(extensions[i]->name);
|
||||
|
|
|
@ -56,9 +56,8 @@ SOFTWARE.
|
|||
#include "dixstruct.h"
|
||||
#include "dispatch.h"
|
||||
#include "swaprep.h"
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
#ifdef LBX
|
||||
#include "lbxserve.h"
|
||||
|
@ -132,12 +131,12 @@ ProcRotateProperties(client)
|
|||
return(BadAlloc);
|
||||
for (i = 0; i < stuff->nAtoms; i++)
|
||||
{
|
||||
#ifdef XCSECURITY
|
||||
char action = SecurityCheckPropertyAccess(client, pWin, atoms[i],
|
||||
#ifdef XACE
|
||||
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
|
||||
SecurityReadAccess|SecurityWriteAccess);
|
||||
#endif
|
||||
if (!ValidAtom(atoms[i])
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
|| (SecurityErrorOperation == action)
|
||||
#endif
|
||||
)
|
||||
|
@ -146,7 +145,7 @@ ProcRotateProperties(client)
|
|||
client->errorValue = atoms[i];
|
||||
return BadAtom;
|
||||
}
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
if (SecurityIgnoreOperation == action)
|
||||
{
|
||||
DEALLOCATE_LOCAL(props);
|
||||
|
@ -248,8 +247,8 @@ ProcChangeProperty(client)
|
|||
return(BadAtom);
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
||||
#ifdef XACE
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||
SecurityWriteAccess))
|
||||
{
|
||||
case SecurityErrorOperation:
|
||||
|
@ -543,13 +542,13 @@ ProcGetProperty(client)
|
|||
if (!pProp)
|
||||
return NullPropertyReply(client, None, 0, &reply);
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
{
|
||||
Mask access_mode = SecurityReadAccess;
|
||||
|
||||
if (stuff->delete)
|
||||
access_mode |= SecurityDestroyAccess;
|
||||
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
||||
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||
access_mode))
|
||||
{
|
||||
case SecurityErrorOperation:
|
||||
|
@ -718,8 +717,8 @@ ProcDeleteProperty(client)
|
|||
return (BadAtom);
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
||||
#ifdef XACE
|
||||
switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||
SecurityDestroyAccess))
|
||||
{
|
||||
case SecurityErrorOperation:
|
||||
|
|
|
@ -74,7 +74,7 @@ Equipment Corporation.
|
|||
******************************************************************/
|
||||
|
||||
/* $Xorg: resource.c,v 1.5 2001/02/09 02:04:40 xorgcvs Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.3 2004/04/25 22:42:09 gisburn Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/dix/resource.c,v 1.1.4.6.4.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||
/* $TOG: resource.c /main/41 1998/02/09 14:20:31 kaleb $ */
|
||||
|
||||
/* Routines to manage various kinds of resources:
|
||||
|
@ -119,6 +119,9 @@ Equipment Corporation.
|
|||
#include "panoramiX.h"
|
||||
#include "panoramiXsrv.h"
|
||||
#endif
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
static void RebuildTable(
|
||||
|
@ -840,7 +843,7 @@ LegalNewID(id, client)
|
|||
!LookupIDByClass(id, RC_ANY)));
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
|
||||
/* SecurityLookupIDByType and SecurityLookupIDByClass:
|
||||
* These are the heart of the resource ID security system. They take
|
||||
|
@ -877,8 +880,9 @@ SecurityLookupIDByType(client, id, rtype, mode)
|
|||
break;
|
||||
}
|
||||
}
|
||||
if (retval && client && client->CheckAccess)
|
||||
retval = (* client->CheckAccess)(client, id, rtype, mode, retval);
|
||||
if (retval && client &&
|
||||
!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
|
||||
retval = NULL;
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
@ -910,8 +914,9 @@ SecurityLookupIDByClass(client, id, classes, mode)
|
|||
break;
|
||||
}
|
||||
}
|
||||
if (retval && client && client->CheckAccess)
|
||||
retval = (* client->CheckAccess)(client, id, res->type, mode, retval);
|
||||
if (retval && client &&
|
||||
!XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
|
||||
retval = NULL;
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
@ -937,7 +942,7 @@ LookupIDByClass(id, classes)
|
|||
SecurityUnknownAccess);
|
||||
}
|
||||
|
||||
#else /* not XCSECURITY */
|
||||
#else /* not XACE */
|
||||
|
||||
/*
|
||||
* LookupIDByType returns the object with the given id and type, else NULL.
|
||||
|
@ -986,4 +991,4 @@ LookupIDByClass(id, classes)
|
|||
return (pointer)NULL;
|
||||
}
|
||||
|
||||
#endif /* XCSECURITY */
|
||||
#endif /* XACE */
|
||||
|
|
27
dix/window.c
27
dix/window.c
|
@ -1,4 +1,4 @@
|
|||
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.2 2004/04/23 19:04:44 eich Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/dix/window.c,v 1.1.4.8.2.1 2004/05/04 19:43:10 ewalsh Exp $ */
|
||||
/* $Xorg: window.c,v 1.4 2001/02/09 02:04:41 xorgcvs Exp $ */
|
||||
/*
|
||||
|
||||
|
@ -103,9 +103,8 @@ Equipment Corporation.
|
|||
#ifdef XAPPGROUP
|
||||
#include "Xagsrv.h"
|
||||
#endif
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
|
||||
/******
|
||||
|
@ -706,11 +705,11 @@ CreateWindow(wid, pParent, x, y, w, h, bw, class, vmask, vlist,
|
|||
}
|
||||
|
||||
pWin->borderWidth = bw;
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
/* can't let untrusted clients have background None windows;
|
||||
* they make it too easy to steal window contents
|
||||
*/
|
||||
if (client->trustLevel != XSecurityClientTrusted)
|
||||
if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
|
||||
{
|
||||
pWin->backgroundState = BackgroundPixel;
|
||||
pWin->background.pixel = 0;
|
||||
|
@ -1008,9 +1007,9 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
|
|||
borderRelative = TRUE;
|
||||
if (pixID == None)
|
||||
{
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
/* can't let untrusted clients have background None windows */
|
||||
if (client->trustLevel == XSecurityClientTrusted)
|
||||
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
|
||||
{
|
||||
#endif
|
||||
if (pWin->backgroundState == BackgroundPixmap)
|
||||
|
@ -1019,7 +1018,7 @@ ChangeWindowAttributes(pWin, vmask, vlist, client)
|
|||
MakeRootTile(pWin);
|
||||
else
|
||||
pWin->backgroundState = None;
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
}
|
||||
else
|
||||
{ /* didn't change the background to None, so don't tell ddx */
|
||||
|
@ -2697,13 +2696,9 @@ MapWindow(pWin, client)
|
|||
if (pWin->mapped)
|
||||
return(Success);
|
||||
|
||||
#ifdef XCSECURITY
|
||||
/* don't let an untrusted client map a child-of-trusted-window, InputOnly
|
||||
* window; too easy to steal device input
|
||||
*/
|
||||
if ( (client->trustLevel != XSecurityClientTrusted) &&
|
||||
(pWin->drawable.class == InputOnly) &&
|
||||
(wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
|
||||
#ifdef XACE
|
||||
/* general check for permission to map window */
|
||||
if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
|
||||
return Success;
|
||||
#endif
|
||||
|
||||
|
|
|
@ -89,12 +89,9 @@ SOFTWARE.
|
|||
((client->lastDrawableID == did) ? \
|
||||
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
|
||||
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
|
||||
if (client->lastDrawableID == did && !client->trustLevel)\
|
||||
pDraw = client->lastDrawable;\
|
||||
else \
|
||||
{\
|
||||
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
|
||||
RC_DRAWABLE, mode);\
|
||||
|
@ -108,9 +105,6 @@ SOFTWARE.
|
|||
}
|
||||
|
||||
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
|
||||
if (client->lastDrawableID == did && !client->trustLevel)\
|
||||
pDraw = client->lastDrawable;\
|
||||
else \
|
||||
{\
|
||||
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
|
||||
RC_DRAWABLE, mode);\
|
||||
|
@ -122,9 +116,6 @@ SOFTWARE.
|
|||
}
|
||||
|
||||
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
|
||||
if (client->lastGCID == rid && !client->trustLevel)\
|
||||
pGC = client->lastGC;\
|
||||
else\
|
||||
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
|
||||
if (!pGC)\
|
||||
{\
|
||||
|
@ -141,7 +132,7 @@ SOFTWARE.
|
|||
#define VERIFY_GC(pGC, rid, client)\
|
||||
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
|
||||
|
||||
#else /* not XCSECURITY */
|
||||
#else /* not XACE */
|
||||
|
||||
#define VERIFY_DRAWABLE(pDraw, did, client)\
|
||||
if (client->lastDrawableID == did)\
|
||||
|
@ -191,7 +182,7 @@ SOFTWARE.
|
|||
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
|
||||
VERIFY_GC(pGC, rid, client)
|
||||
|
||||
#endif /* XCSECURITY */
|
||||
#endif /* XACE */
|
||||
|
||||
/*
|
||||
* We think that most hardware implementations of DBE will want
|
||||
|
@ -379,7 +370,7 @@ extern void CopyISOLatin1Lowered(
|
|||
unsigned char * /*source*/,
|
||||
int /*length*/);
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
|
||||
extern WindowPtr SecurityLookupWindow(
|
||||
XID /*rid*/,
|
||||
|
@ -415,7 +406,7 @@ extern pointer LookupDrawable(
|
|||
#define SecurityLookupDrawable(rid, client, access_mode) \
|
||||
LookupDrawable(rid, client)
|
||||
|
||||
#endif /* XCSECURITY */
|
||||
#endif /* XACE */
|
||||
|
||||
extern ClientPtr LookupClient(
|
||||
XID /*rid*/,
|
||||
|
|
|
@ -111,15 +111,8 @@ typedef struct _Client {
|
|||
int (*readRequest)(ClientPtr /*client*/);
|
||||
#endif
|
||||
unsigned long replyBytesRemaining;
|
||||
#ifdef XCSECURITY
|
||||
XID authId;
|
||||
unsigned int trustLevel;
|
||||
pointer (* CheckAccess)(
|
||||
ClientPtr /*pClient*/,
|
||||
XID /*id*/,
|
||||
RESTYPE /*classes*/,
|
||||
Mask /*access_mode*/,
|
||||
pointer /*resourceval*/);
|
||||
#ifdef XACE
|
||||
pointer securityState[4]; /* 4 slots for use */
|
||||
#endif
|
||||
#ifdef XAPPGROUP
|
||||
struct _AppGroupRec* appgroup;
|
||||
|
|
|
@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
|
|||
unsigned short (* MinorOpcode)( /* called for errors */
|
||||
ClientPtr /* client */);
|
||||
#ifdef XCSECURITY
|
||||
Bool secure; /* extension visible to untrusted clients? */
|
||||
pointer securityState[4]; /* 4 slots for use */
|
||||
#endif
|
||||
} ExtensionEntry;
|
||||
|
||||
|
@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
|
|||
ExtensionEntry * /*extension*/);
|
||||
|
||||
extern ExtensionEntry *CheckExtension(const char *extname);
|
||||
extern ExtensionEntry *GetExtensionEntry(int major);
|
||||
|
||||
extern ExtensionLookupProc LookupProc(
|
||||
char* /*name*/,
|
||||
|
|
|
@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex(
|
|||
#define SecurityWriteAccess (1<<1) /* changing the object */
|
||||
#define SecurityDestroyAccess (1<<2) /* destroying the object */
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
|
||||
extern pointer SecurityLookupIDByType(
|
||||
ClientPtr /*client*/,
|
||||
|
@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
|
|||
RESTYPE /*classes*/,
|
||||
Mask /*access_mode*/);
|
||||
|
||||
#else /* not XCSECURITY */
|
||||
#else /* not XACE */
|
||||
|
||||
#define SecurityLookupIDByType(client, id, rtype, access_mode) \
|
||||
LookupIDByType(id, rtype)
|
||||
|
@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
|
|||
#define SecurityLookupIDByClass(client, id, classes, access_mode) \
|
||||
LookupIDByClass(id, classes)
|
||||
|
||||
#endif /* XCSECURITY */
|
||||
#endif /* XACE */
|
||||
|
||||
extern void GetXIDRange(
|
||||
int /*client*/,
|
||||
|
|
|
@ -32,27 +32,10 @@
|
|||
#define _XLBX_SERVER_
|
||||
#include "lbxstr.h"
|
||||
#include "lbxserve.h"
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "extensions/security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
|
||||
typedef struct _lbxext {
|
||||
char *name;
|
||||
char **aliases;
|
||||
int num_aliases;
|
||||
int idx;
|
||||
int opcode;
|
||||
int ev_base;
|
||||
int err_base;
|
||||
int num_reqs;
|
||||
CARD8 *rep_mask;
|
||||
CARD8 *ev_mask;
|
||||
#ifdef XCSECURITY
|
||||
Bool secure;
|
||||
#endif
|
||||
} LbxExtensionEntry;
|
||||
|
||||
static LbxExtensionEntry **lbx_extensions = NULL;
|
||||
static int num_exts = 0;
|
||||
|
||||
|
@ -97,8 +80,8 @@ LbxAddExtension(char *name,
|
|||
ext->ev_mask = NULL;
|
||||
ext->rep_mask = NULL;
|
||||
ext->num_reqs = 0;
|
||||
#ifdef XCSECURITY
|
||||
ext->secure = FALSE;
|
||||
#ifdef XACE
|
||||
XACE_STATE_INIT(ext->securityState);
|
||||
#endif
|
||||
|
||||
return TRUE;
|
||||
|
@ -149,10 +132,10 @@ void
|
|||
LbxDeclareExtensionSecurity(char *extname,
|
||||
Bool secure)
|
||||
{
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
int i = LbxFindExtension(extname, strlen(extname));
|
||||
if (i >= 0)
|
||||
lbx_extensions[i]->secure = secure;
|
||||
XaceHook(XACE_DECLARE_LBX_EXT_SECURE, lbx_extensions[i], secure);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -203,10 +186,9 @@ LbxQueryExtension(ClientPtr client,
|
|||
i = LbxFindExtension(ename, nlen);
|
||||
|
||||
if (i < 0
|
||||
#ifdef XCSECURITY
|
||||
#ifdef XACE
|
||||
/* don't show insecure extensions to untrusted clients */
|
||||
|| (client->trustLevel == XSecurityClientUntrusted &&
|
||||
!lbx_extensions[i]->secure)
|
||||
|| !XaceHook(XACE_LBX_EXT_ACCESS, client, lbx_extensions[i])
|
||||
#endif
|
||||
)
|
||||
rep.present = FALSE;
|
||||
|
|
|
@ -69,9 +69,8 @@ in this Software without prior written authorization from The Open Group.
|
|||
#include "lbxserve.h"
|
||||
#include "lbxtags.h"
|
||||
#include "Xfuncproto.h"
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "extensions/security.h"
|
||||
#ifdef XACE
|
||||
#include "extensions/xace.h"
|
||||
#endif
|
||||
#include "swaprep.h"
|
||||
|
||||
|
@ -334,8 +333,8 @@ LbxChangeProperty(ClientPtr client)
|
|||
swaps(&rep.sequenceNumber, n);
|
||||
}
|
||||
|
||||
#ifdef XCSECURITY
|
||||
switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
|
||||
#ifdef XACE
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||
SecurityWriteAccess))
|
||||
{
|
||||
case SecurityErrorOperation:
|
||||
|
|
|
@ -119,6 +119,22 @@ typedef struct _LbxProxy {
|
|||
lbxMotionCache motionCache;
|
||||
} LbxProxyRec;
|
||||
|
||||
typedef struct _lbxext {
|
||||
char *name;
|
||||
char **aliases;
|
||||
int num_aliases;
|
||||
int idx;
|
||||
int opcode;
|
||||
int ev_base;
|
||||
int err_base;
|
||||
int num_reqs;
|
||||
CARD8 *rep_mask;
|
||||
CARD8 *ev_mask;
|
||||
#ifdef XACE
|
||||
pointer securityState[4];
|
||||
#endif
|
||||
} LbxExtensionEntry;
|
||||
|
||||
/* This array is indexed by server client index, not lbx proxy index */
|
||||
|
||||
extern LbxClientPtr lbxClients[MAXCLIENTS];
|
||||
|
|
21
os/access.c
21
os/access.c
|
@ -1,5 +1,5 @@
|
|||
/* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.2 2004/04/23 19:54:28 eich Exp $ */
|
||||
/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.1.4.4.4.1 2004/05/04 19:44:01 ewalsh Exp $ */
|
||||
/***********************************************************
|
||||
|
||||
Copyright 1987, 1998 The Open Group
|
||||
|
@ -192,9 +192,8 @@ SOFTWARE.
|
|||
#include "dixstruct.h"
|
||||
#include "osdep.h"
|
||||
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "extensions/security.h"
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
|
||||
#ifndef PATH_MAX
|
||||
|
@ -1321,15 +1320,6 @@ Bool LocalClient(ClientPtr client)
|
|||
pointer addr;
|
||||
register HOST *host;
|
||||
|
||||
#ifdef XCSECURITY
|
||||
/* untrusted clients can't change host access */
|
||||
if (client->trustLevel != XSecurityClientTrusted)
|
||||
{
|
||||
SecurityAudit("client %d attempted to change host access\n",
|
||||
client->index);
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
#ifdef LBX
|
||||
if (!((OsCommPtr)client->osPrivate)->trans_conn)
|
||||
return FALSE;
|
||||
|
@ -1431,6 +1421,11 @@ AuthorizedClient(ClientPtr client)
|
|||
{
|
||||
if (!client || defeatAccessControl)
|
||||
return TRUE;
|
||||
#ifdef XACE
|
||||
/* untrusted clients can't change host access */
|
||||
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
|
||||
return FALSE;
|
||||
#endif
|
||||
return LocalClient(client);
|
||||
}
|
||||
|
||||
|
|
|
@ -149,6 +149,9 @@ extern __const__ int _nfiles;
|
|||
#ifdef XAPPGROUP
|
||||
#include "extensions/Xagsrv.h"
|
||||
#endif
|
||||
#ifdef XACE
|
||||
#include "xace.h"
|
||||
#endif
|
||||
#ifdef XCSECURITY
|
||||
#define _SECURITY_SERVER
|
||||
#include "extensions/security.h"
|
||||
|
@ -632,8 +635,9 @@ ClientAuthorized(ClientPtr client,
|
|||
if (! priv->trans_conn) {
|
||||
if (auth_id == (XID) ~0L && !GetAccessControl())
|
||||
auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id;
|
||||
#ifdef XCSECURITY
|
||||
else if (auth_id != (XID) ~0L && !SecuritySameLevel(lbxpc, auth_id)) {
|
||||
#ifdef XACE
|
||||
else if (auth_id != (XID) ~0L &&
|
||||
!XaceHook(XACE_LBX_PROXY_ACCESS, lbxpc, auth_id)) {
|
||||
auth_id = (XID) ~0L;
|
||||
reason = "Client trust level differs from that of LBX Proxy";
|
||||
}
|
||||
|
@ -709,9 +713,8 @@ ClientAuthorized(ClientPtr client,
|
|||
/* indicate to Xdmcp protocol that we've opened new client */
|
||||
XdmcpOpenDisplay(priv->fd);
|
||||
#endif /* XDMCP */
|
||||
#ifdef XAPPGROUP
|
||||
if (ClientStateCallback)
|
||||
XagCallClientStateChange (client);
|
||||
#ifdef XACE
|
||||
XaceHook(XACE_AUTH_AVAIL, client, auth_id);
|
||||
#endif
|
||||
/* At this point, if the client is authorized to change the access control
|
||||
* list, we should getpeername() information, and add the client to
|
||||
|
|
Loading…
Reference in New Issue
Block a user