xserver: Branch 'XACE-modular' - 13 commits
Alan Coopersmith
alanc at kemper.freedesktop.org
Wed Jun 21 05:04:29 EEST 2006
Xext/Makefile.am | 8
Xext/appgroup.c | 21 -
Xext/security.c | 2
Xext/securitysrv.h | 98 +++++
Xext/xace.c | 537 ++++++++++++++++++++++++++++
Xext/xace.h | 124 ++++++
Xext/xacestr.h | 141 +++++++
configure.ac | 16
fb/fbcompose.c | 9
hw/xfree86/common/xf86Init.c | 6
hw/xfree86/os-support/shared/libc_wrapper.c | 5
hw/xfree86/parser/write.c | 5
hw/xwin/winauth.c | 5
include/dix-config.h.in | 3
mi/miinitext.c | 2
os/auth.c | 3
os/connection.c | 3
os/secauth.c | 3
os/utils.c | 23 -
19 files changed, 967 insertions(+), 47 deletions(-)
New commits:
diff-tree 9af315a9be19b48faa1249e0575cbe3d1e31dec5 (from f68ecfa482b2c2037f929710310c7b9ce6fe9291)
Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
Date: Wed May 5 20:07:37 2004 +0000
Modify XC-SECURITY and XC-APPGROUP extensions to work with XACE
diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
index 596eead..7c6f432 100644
--- a/Xext/securitysrv.h
+++ b/Xext/securitysrv.h
@@ -86,46 +86,11 @@ typedef struct {
Bool valid; /* did anyone recognize it? if so, set to TRUE */
} SecurityValidateGroupInfoRec;
-/* Proc vectors for untrusted clients, swapped and unswapped versions.
- * These are the same as the normal proc vectors except that extensions
- * that haven't declared themselves secure will have ProcBadRequest plugged
- * in for their major opcode dispatcher. This prevents untrusted clients
- * from guessing extension major opcodes and using the extension even though
- * the extension can't be listed or queried.
- */
-extern int (*UntrustedProcVector[256])(ClientPtr client);
-extern int (*SwappedUntrustedProcVector[256])(ClientPtr client);
-
-extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev,
- Bool fromRequest);
-
-extern void SecurityAudit(char *format, ...);
-
extern int XSecurityOptions(int argc, char **argv, int i);
/* Give this value or higher to the -audit option to get security messages */
#define SECURITY_AUDIT_LEVEL 4
-extern void SecurityCensorImage(
- ClientPtr client,
- RegionPtr pVisibleRegion,
- long widthBytesLine,
- DrawablePtr pDraw,
- int x, int y, int w, int h,
- unsigned int format,
- char * pBuf);
-
-#define SecurityAllowOperation 0
-#define SecurityIgnoreOperation 1
-#define SecurityErrorOperation 2
-
-extern char
-SecurityCheckPropertyAccess(
- ClientPtr client,
- WindowPtr pWin,
- ATOM propertyName,
- Mask access_mode);
-
#define SECURITY_POLICY_FILE_VERSION "version-1"
extern char **SecurityGetSitePolicyStrings(int *n);
diff-tree f68ecfa482b2c2037f929710310c7b9ce6fe9291 (from a46c06dab8392cf8012c7cc0b916de9a9e569671)
Author: Alan Coopersmith <alan.coopersmith at sun.com>
Date: Tue Jun 20 19:01:34 2006 -0700
Add X-ACE to build system
- Added --disable-xace to configure.ac and issue configure error if trying
to build XC-Security without X-ACE
- Added XACE #define to dix-config.h
- Added X-ACE sources to Xext/Makefile.am
diff --git a/Xext/Makefile.am b/Xext/Makefile.am
index 56c5053..b5a1355 100644
--- a/Xext/Makefile.am
+++ b/Xext/Makefile.am
@@ -65,6 +65,13 @@ if XINERAMA
BUILTIN_SRCS += $(XINERAMA_SRCS)
endif
+# X-ACE extension: provides hooks for building security policy extensions
+# like XC-Security, X-SELinux & XTSol
+XACE_SRCS = xace.c xace.h xacestr.h
+if XACE
+BUILTIN_SRCS += $(XACE_SRCS)
+endif
+
# Security extension: multi-level security to protect clients from each other
XCSECURITY_SRCS = security.c
if XCSECURITY
@@ -149,6 +156,7 @@ EXTRA_DIST = \
$(XV_SRCS) \
$(RES_SRCS) \
$(SCREENSAVER_SRCS) \
+ $(XACE_SRCS) \
$(XCSECURITY_SRCS) \
$(XINERAMA_SRCS) \
$(XEVIE_SRCS) \
diff --git a/configure.ac b/configure.ac
index d025638..2cd9dbf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -412,7 +412,8 @@ AC_ARG_ENABLE(dri, AS_HELP_ST
AC_ARG_ENABLE(xinerama, AS_HELP_STRING([--disable-xinerama], [Build Xinerama extension (default: enabled)]), [XINERAMA=$enableval], [XINERAMA=yes])
AC_ARG_ENABLE(xf86vidmode, AS_HELP_STRING([--disable-xf86vidmode], [Build XF86VidMode extension (default: enabled)]), [XF86VIDMODE=$enableval], [XF86VIDMODE=yes])
AC_ARG_ENABLE(xf86misc, AS_HELP_STRING([--disable-xf86misc], [Build XF86Misc extension (default: enabled)]), [XF86MISC=$enableval], [XF86MISC=yes])
-AC_ARG_ENABLE(xcsecurity, AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (default: enabled)]), [XCSECURITY=$enableval], [XCSECURITY=yes])
+AC_ARG_ENABLE(xace, AS_HELP_STRING([--disable-xace], [Build X-ACE extension (default: enabled)]), [XACE=$enableval], [XACE=yes])
+AC_ARG_ENABLE(xcsecurity, AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (default: enabled)]), [XCSECURITY=$enableval], [XCSECURITY=$XACE])
AC_ARG_ENABLE(xevie, AS_HELP_STRING([--disable-xevie], [Build XEvIE extension (default: enabled)]), [XEVIE=$enableval], [XEVIE=yes])
AC_ARG_ENABLE(appgroup, AS_HELP_STRING([--disable-appgroup], [Build XC-APPGROUP extension (default: enabled)]), [APPGROUP=$enableval], [APPGROUP=yes])
AC_ARG_ENABLE(cup, AS_HELP_STRING([--disable-cup], [Build TOG-CUP extension (default: enabled)]), [CUP=$enableval], [CUP=yes])
@@ -618,8 +619,16 @@ if test "x$XINERAMA" = xyes; then
REQUIRED_MODULES="$REQUIRED_MODULES xineramaproto"
fi
+AM_CONDITIONAL(XACE, [test "x$XACE" = xyes])
+if test "x$XACE" = xyes; then
+ AC_DEFINE(XACE, 1, [Build X-ACE extension])
+fi
+
AM_CONDITIONAL(XCSECURITY, [test "x$XCSECURITY" = xyes])
if test "x$XCSECURITY" = xyes; then
+ if test "x$XACE" != xyes; then
+ AC_MSG_ERROR([cannot build Security extension without X-ACE])
+ fi
AC_DEFINE(XCSECURITY, 1, [Build Security extension])
fi
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 4c3a4b7..a6b8719 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -302,6 +302,9 @@
/* unaligned word accesses behave as expected */
#undef WORKING_UNALIGNED_INT
+/* Build X-ACE extension */
+#undef XACE
+
/* Support XCMisc extension */
#undef XCMISC
diff-tree a46c06dab8392cf8012c7cc0b916de9a9e569671 (from parents)
Merge: 49b368c0bb04816c4a3579071c596b2398cae3ec d44b2a0a57fb89741173c31676af0ccc822387dc
Author: Alan Coopersmith <alan.coopersmith at sun.com>
Date: Tue Jun 20 18:40:18 2006 -0700
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver
Conflicts:
Xext/appgroup.c
Xext/security.c
dix/devices.c
dix/dispatch.c
dix/dixutils.c
dix/events.c
dix/extension.c
dix/property.c
dix/window.c
os/access.c
diff --cc Xext/appgroup.c
index e182cad,61c1aa0..8db4cef
@@@ -44,9 -44,7 +44,8 @@@
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#include <X11/extensions/Xagsrv.h>
+#include "xacestr.h"
- #define _SECURITY_SERVER
- #include <X11/extensions/security.h>
+ #include "securitysrv.h"
#include <X11/Xfuncproto.h>
#define XSERV_t
diff --cc Xext/security.c
index 957f083,31f2b92..f80d464
@@@ -39,8 -39,7 +39,8 @@@
#include "gcstruct.h"
#include "colormapst.h"
#include "propertyst.h"
+#include "xacestr.h"
- #define _SECURITY_SERVER
+ #include "securitysrv.h"
#include <X11/extensions/securstr.h>
#include <assert.h>
#include <stdarg.h>
diff --cc mi/miinitext.c
index 2a57a89,51faac9..19ecf03
@@@ -243,11 -243,8 +243,11 @@@
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#endif
+#ifdef XACE
+#include "xace.h"
+#endif
#ifdef XCSECURITY
- #define _SECURITY_SERVER
+ #include "securitysrv.h"
#include <X11/extensions/securstr.h>
#endif
#ifdef PANORAMIX
diff --cc os/connection.c
index eb1bcbe,697ff4e..2fc3e8c
@@@ -150,12 -150,8 +150,11 @@@
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
#endif
+#ifdef XACE
+#include "xace.h"
+#endif
#ifdef XCSECURITY
- #define _SECURITY_SERVER
- #include <X11/extensions/security.h>
+ #include "securitysrv.h"
#endif
#ifdef X_NOT_POSIX
diff-tree d44b2a0a57fb89741173c31676af0ccc822387dc (from a54435946544a039fc333bb5e3438501d0d1ffc6)
Author: Alan Coopersmith <alan.coopersmith at sun.com>
Date: Tue Jun 20 18:22:51 2006 -0700
Move Xserver API for security extension to securitysrv.h
diff --git a/Xext/appgroup.c b/Xext/appgroup.c
index cf42a7d..61c1aa0 100644
--- a/Xext/appgroup.c
+++ b/Xext/appgroup.c
@@ -44,8 +44,7 @@ from The Open Group.
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#include <X11/extensions/Xagsrv.h>
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#include <X11/Xfuncproto.h>
#define XSERV_t
diff --git a/Xext/security.c b/Xext/security.c
index 48a45d0..31f2b92 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -39,7 +39,7 @@ in this Software without prior written a
#include "gcstruct.h"
#include "colormapst.h"
#include "propertyst.h"
-#define _SECURITY_SERVER
+#include "securitysrv.h"
#include <X11/extensions/securstr.h>
#include <assert.h>
#include <stdarg.h>
diff --git a/dix/devices.c b/dix/devices.c
index c7d3494..40afac9 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -73,8 +73,7 @@ SOFTWARE.
#include <X11/extensions/XKBsrv.h>
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#include "dispatch.h"
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 04e2ba1..4b4eb2b 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -108,8 +108,7 @@ int ProcInitialConnection();
#include "panoramiXsrv.h"
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
diff --git a/dix/dixutils.c b/dix/dixutils.c
index 91796ea..8cf9daa 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -98,8 +98,7 @@ Author: Adobe Systems Incorporated
#define XK_LATIN1
#include <X11/keysymdef.h>
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
/*
diff --git a/dix/events.c b/dix/events.c
index b014fdb..c67cf8c 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -139,8 +139,7 @@ extern Bool XkbFilterEvents(ClientPtr, i
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#ifdef XEVIE
diff --git a/dix/extension.c b/dix/extension.c
index f6f38fc..fd87270 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -62,8 +62,7 @@ SOFTWARE.
#include "scrnintstr.h"
#include "dispatch.h"
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#define EXTENSION_BASE 128
diff --git a/dix/property.c b/dix/property.c
index e074c68..35799f8 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -61,8 +61,7 @@ SOFTWARE.
#include "dispatch.h"
#include "swaprep.h"
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
/*****************************************************************
diff --git a/dix/window.c b/dix/window.c
index 9fba5f8..2be01df 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -130,8 +130,7 @@ Equipment Corporation.
#include <X11/extensions/Xagsrv.h>
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
/******
diff --git a/hw/xwin/winauth.c b/hw/xwin/winauth.c
index 3d24ef4..b57a35a 100644
--- a/hw/xwin/winauth.c
+++ b/hw/xwin/winauth.c
@@ -35,9 +35,8 @@
#include "win.h"
/* Includes for authorization */
-#include "X11/Xauth.h"
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include <X11/Xauth.h>
+#include "securitysrv.h"
#include <X11/extensions/securstr.h>
diff --git a/mi/miinitext.c b/mi/miinitext.c
index 091ac6b..51faac9 100644
--- a/mi/miinitext.c
+++ b/mi/miinitext.c
@@ -244,7 +244,7 @@ typedef void (*InitExtension)(INITARGS);
#include <X11/extensions/Xagstr.h>
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
+#include "securitysrv.h"
#include <X11/extensions/securstr.h>
#endif
#ifdef PANORAMIX
diff --git a/os/access.c b/os/access.c
index 62af2f9..db52aa0 100644
--- a/os/access.c
+++ b/os/access.c
@@ -203,8 +203,7 @@ SOFTWARE.
#include "osdep.h"
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#ifndef PATH_MAX
diff --git a/os/auth.c b/os/auth.c
index 19c5534..d170ef8 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -48,8 +48,7 @@ from The Open Group.
# include <sys/types.h>
# include <sys/stat.h>
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-# include <X11/extensions/security.h>
+# include "securitysrv.h"
#endif
#ifdef WIN32
#include <X11/Xw32defs.h>
diff --git a/os/connection.c b/os/connection.c
index 21c1ea6..697ff4e 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -151,8 +151,7 @@ extern __const__ int _nfiles;
#include <X11/extensions/Xagsrv.h>
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#ifdef X_NOT_POSIX
diff --git a/os/secauth.c b/os/secauth.c
index 1000b4e..8c87008 100644
--- a/os/secauth.c
+++ b/os/secauth.c
@@ -37,8 +37,7 @@ from The Open Group.
#include "swaprep.h"
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
static char InvalidPolicyReason[] = "invalid policy specification";
diff --git a/os/utils.c b/os/utils.c
index 617d201..f977b83 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -120,8 +120,7 @@ OR PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/XKBsrv.h>
#endif
#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
#endif
#ifdef RENDER
diff-tree a54435946544a039fc333bb5e3438501d0d1ffc6 (from 481d4012e74d9b0e98911f0ae02700ecf4cfc5ac)
Author: Alan Coopersmith <alan.coopersmith at sun.com>
Date: Tue Jun 20 18:14:27 2006 -0700
Move Xserver API for security extension to securitysrv.h
diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
new file mode 100644
index 0000000..596eead
--- /dev/null
+++ b/Xext/securitysrv.h
@@ -0,0 +1,133 @@
+/*
+Copyright 1996, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+*/
+
+/* Xserver internals for Security extension - moved here from
+ _SECURITY_SERVER section of <X11/extensions/security.h> */
+
+#ifndef _SECURITY_SRV_H
+#define _SECURITY_SRV_H
+
+/* Allow client side portions of <X11/extensions/security.h> to compile */
+#ifndef Status
+# define Status int
+# define NEED_UNDEF_Status
+#endif
+#ifndef Display
+# define Display void
+# define NEED_UNDEF_Display
+#endif
+
+#include <X11/extensions/security.h>
+
+#ifdef NEED_UNDEF_Status
+# undef Status
+# undef NEED_UNDEF_Status
+#endif
+#ifdef NEED_UNDEF_Display
+# undef Display
+# undef NEED_UNDEF_Display
+#endif
+
+
+#include "input.h" /* for DeviceIntPtr */
+#include "property.h" /* for PropertyPtr */
+#include "pixmap.h" /* for DrawablePtr */
+#include "resource.h" /* for RESTYPE */
+
+/* resource type to pass in LookupIDByType for authorizations */
+extern RESTYPE SecurityAuthorizationResType;
+
+/* this is what we store for an authorization */
+typedef struct {
+ XID id; /* resource ID */
+ CARD32 timeout; /* how long to live in seconds after refcnt == 0 */
+ unsigned int trustLevel; /* trusted/untrusted */
+ XID group; /* see embedding extension */
+ unsigned int refcnt; /* how many clients connected with this auth */
+ unsigned int secondsRemaining; /* overflow time amount for >49 days */
+ OsTimerPtr timer; /* timer for this auth */
+ struct _OtherClients *eventClients; /* clients wanting events */
+} SecurityAuthorizationRec, *SecurityAuthorizationPtr;
+
+/* The following callback is called when a GenerateAuthorization request
+ * is processed to sanity check the group argument. The call data will
+ * be a pointer to a SecurityValidateGroupInfoRec (below).
+ * Functions registered on this callback are expected to examine the
+ * group and set the valid field to TRUE if they recognize the group as a
+ * legitimate group. If they don't recognize it, they should not change the
+ * valid field.
+ */
+extern CallbackListPtr SecurityValidateGroupCallback;
+typedef struct {
+ XID group; /* the group that was sent in GenerateAuthorization */
+ Bool valid; /* did anyone recognize it? if so, set to TRUE */
+} SecurityValidateGroupInfoRec;
+
+/* Proc vectors for untrusted clients, swapped and unswapped versions.
+ * These are the same as the normal proc vectors except that extensions
+ * that haven't declared themselves secure will have ProcBadRequest plugged
+ * in for their major opcode dispatcher. This prevents untrusted clients
+ * from guessing extension major opcodes and using the extension even though
+ * the extension can't be listed or queried.
+ */
+extern int (*UntrustedProcVector[256])(ClientPtr client);
+extern int (*SwappedUntrustedProcVector[256])(ClientPtr client);
+
+extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev,
+ Bool fromRequest);
+
+extern void SecurityAudit(char *format, ...);
+
+extern int XSecurityOptions(int argc, char **argv, int i);
+
+/* Give this value or higher to the -audit option to get security messages */
+#define SECURITY_AUDIT_LEVEL 4
+
+extern void SecurityCensorImage(
+ ClientPtr client,
+ RegionPtr pVisibleRegion,
+ long widthBytesLine,
+ DrawablePtr pDraw,
+ int x, int y, int w, int h,
+ unsigned int format,
+ char * pBuf);
+
+#define SecurityAllowOperation 0
+#define SecurityIgnoreOperation 1
+#define SecurityErrorOperation 2
+
+extern char
+SecurityCheckPropertyAccess(
+ ClientPtr client,
+ WindowPtr pWin,
+ ATOM propertyName,
+ Mask access_mode);
+
+#define SECURITY_POLICY_FILE_VERSION "version-1"
+
+extern char **SecurityGetSitePolicyStrings(int *n);
+
+#endif /* _SECURITY_SRV_H */
diff-tree 49b368c0bb04816c4a3579071c596b2398cae3ec (from parents)
Merge: 63f6e6bbfd0d3677e29621af982c9392ead98dd7 481d4012e74d9b0e98911f0ae02700ecf4cfc5ac
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Tue Jun 20 16:22:39 2006 -0700
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver
diff-tree 481d4012e74d9b0e98911f0ae02700ecf4cfc5ac (from 6df52fb7745c185c0168060f69cc6b4f5315914e)
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Tue Jun 20 16:16:19 2006 -0700
Don't add -ldl to XORG_LIBS if it's not needed for dlopen
diff --git a/configure.ac b/configure.ac
index 84c2c70..d025638 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1030,7 +1030,10 @@ if test "x$XORG" = xyes -o "x$XGL" = xye
XORG_CFLAGS="$XORGSERVER_CFLAGS -DHAVE_XORG_CONFIG_H"
XORG_LIBS="$COMPOSITE_LIB $MI_LIB $FIXES_LIB $XEXTXORG_LIB $GLX_LIBS $RENDER_LIB $RANDR_LIB $DAMAGE_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XPSTUBS_LIB $OS_LIB"
- AC_CHECK_LIB([dl], [dlopen], XORG_LIBS="$XORG_LIBS -ldl")
+dnl Check to see if dlopen is in default libraries (like Solaris, which
+dnl has it in libc), or if libdl is needed to get it.
+ AC_CHECK_FUNC([dlopen], [],
+ AC_CHECK_LIB([dl], [dlopen], XORG_LIBS="$XORG_LIBS -ldl"))
case $host_os in
linux*)
diff-tree 63f6e6bbfd0d3677e29621af982c9392ead98dd7 (from parents)
Merge: 88ede2cec79281a43cecb43ee6dec65770f82530 6df52fb7745c185c0168060f69cc6b4f5315914e
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Tue Jun 20 16:03:34 2006 -0700
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver
diff --cc Xext/appgroup.c
index 40096ae,cf42a7d..e182cad
@@@ -203,9 -236,7 +186,8 @@@
SProcXagDispatch,
XagResetProc,
StandardMinorOpcode)) {
- #endif
RT_APPGROUP = CreateNewResourceType (XagAppGroupFree);
+ XaceRegisterCallback(XACE_AUTH_AVAIL, XagCallClientStateChange, NULL);
}
}
diff-tree 6df52fb7745c185c0168060f69cc6b4f5315914e (from 2b58685402e70f123e131fd8146e6083ff5214a4)
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Tue Jun 20 16:02:55 2006 -0700
Delete code that's been inside #if 0 since X11R6.7.
diff --git a/Xext/appgroup.c b/Xext/appgroup.c
index 86bd36e..cf42a7d 100644
--- a/Xext/appgroup.c
+++ b/Xext/appgroup.c
@@ -77,10 +77,6 @@ static int ProcXagDispatch(ClientPtr cl
static int SProcXagDispatch(ClientPtr client);
static void XagResetProc(ExtensionEntry* extEntry);
-#if 0
-static unsigned char XagReqCode = 0;
-static int XagErrorBase;
-#endif
static int XagCallbackRefCount = 0;
static RESTYPE RT_APPGROUP;
@@ -233,19 +229,6 @@ void XagClientStateChange(
void
XagExtensionInit(INITARGS)
{
-#if 0
- ExtensionEntry* extEntry;
-
- if ((extEntry = AddExtension (XAGNAME,
- 0,
- XagNumberErrors,
- ProcXagDispatch,
- SProcXagDispatch,
- XagResetProc,
- StandardMinorOpcode))) {
- XagReqCode = (unsigned char)extEntry->base;
- XagErrorBase = extEntry->errorBase;
-#else
if (AddExtension (XAGNAME,
0,
XagNumberErrors,
@@ -253,7 +236,6 @@ XagExtensionInit(INITARGS)
SProcXagDispatch,
XagResetProc,
StandardMinorOpcode)) {
-#endif
RT_APPGROUP = CreateNewResourceType (XagAppGroupFree);
}
}
diff-tree 88ede2cec79281a43cecb43ee6dec65770f82530 (from parents)
Merge: 227a3193405147fbbee2971cc15bac92cc13285a 2b58685402e70f123e131fd8146e6083ff5214a4
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Tue Jun 20 15:29:55 2006 -0700
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver
diff-tree 227a3193405147fbbee2971cc15bac92cc13285a (from f818e0ab60da3779ab2602c6e6d3ff261b50917e)
Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
Date: Tue Jun 1 21:09:25 2004 +0000
Add XACE extension source files.
(Copied from XACE-SELINUX branch in Xorg monolith CVS since these were never
imported to modular cvs or git trees.)
diff --git a/Xext/xace.c b/Xext/xace.c
new file mode 100644
index 0000000..75fb8a3
--- /dev/null
+++ b/Xext/xace.c
@@ -0,0 +1,537 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+#include <stdarg.h>
+#include "windowstr.h"
+#include "scrnintstr.h"
+#include "gcstruct.h"
+#include "xacestr.h"
+#include "modinit.h"
+
+CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
+
+static Bool stateSlotsUsed[XACE_STATE_SLOTS] = {0};
+static char *stateExtNames[XACE_STATE_SLOTS] = {0};
+
+/* Proc vectors for untrusted clients, swapped and unswapped versions.
+ * These are the same as the normal proc vectors except that extensions
+ * that haven't declared themselves secure will have ProcBadRequest plugged
+ * in for their major opcode dispatcher. This prevents untrusted clients
+ * from guessing extension major opcodes and using the extension even though
+ * the extension can't be listed or queried.
+ */
+int (*UntrustedProcVector[256])(
+ ClientPtr /*client*/
+);
+int (*SwappedUntrustedProcVector[256])(
+ ClientPtr /*client*/
+);
+
+/* Register with the security module, which allows an extension to store
+ * security state. The return value is the index which should be passed
+ * to the state macros, or -1 if no more slots are available.
+ */
+int XaceRegisterExtension(name)
+ char *name;
+{
+ int i;
+ for (i=0; i<XACE_STATE_SLOTS; i++)
+ if (!stateSlotsUsed[i])
+ {
+ /* save the extension name */
+ if (name) {
+ stateExtNames[i] = (char*)xalloc(strlen(name)+1);
+ if (!stateExtNames[i])
+ return -1;
+ memcpy(stateExtNames[i], name, strlen(name)+1);
+ }
+ stateSlotsUsed[i] = TRUE;
+ return i;
+ }
+ return -1; /* no slots free */
+}
+
+/* Unregister an extension. Pass the index returned at registration time.
+ */
+void XaceUnregisterExtension(idx)
+ int idx; /* state index */
+{
+ /* free the extension name */
+ if (stateExtNames[idx]) {
+ xfree(stateExtNames[idx]);
+ stateExtNames[idx] = NULL;
+ }
+ stateSlotsUsed[idx] = FALSE;
+}
+
+/* Entry point for hook functions. Called by Xserver.
+ */
+int XaceHook(int hook, ...)
+{
+ pointer calldata; /* data passed to callback */
+ int *prv = NULL; /* points to return value from callback */
+ va_list ap; /* argument list */
+ va_start(ap, hook);
+
+ /* Marshal arguments for passing to callback.
+ * Each callback has its own case, which sets up a structure to hold
+ * the arguments and integer return parameter, or in some cases just
+ * sets calldata directly to a single argument (with no return result)
+ */
+ switch (hook)
+ {
+ case XACE_CORE_DISPATCH: {
+ XaceCoreDispatchRec rec = {
+ va_arg(ap, ClientPtr),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_RESOURCE_ACCESS: {
+ XaceResourceAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, XID),
+ va_arg(ap, RESTYPE),
+ va_arg(ap, Mask),
+ va_arg(ap, pointer),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_DEVICE_ACCESS: {
+ XaceDeviceAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, DeviceIntPtr),
+ va_arg(ap, Bool),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_PROPERTY_ACCESS: {
+ XacePropertyAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, WindowPtr),
+ va_arg(ap, Atom),
+ va_arg(ap, Mask),
+ SecurityAllowOperation /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_DRAWABLE_ACCESS: {
+ XaceDrawableAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, DrawablePtr),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_MAP_ACCESS:
+ case XACE_BACKGRND_ACCESS: {
+ XaceMapAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, WindowPtr),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_EXT_DISPATCH:
+ case XACE_EXT_ACCESS: {
+ XaceExtAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, ExtensionEntry*),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_HOSTLIST_ACCESS: {
+ XaceHostlistAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, Mask),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_SITE_POLICY: {
+ XaceSitePolicyRec rec = {
+ va_arg(ap, char*),
+ va_arg(ap, int),
+ FALSE /* default unrecognized */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_DECLARE_EXT_SECURE: {
+ XaceDeclareExtSecureRec rec = {
+ va_arg(ap, ExtensionEntry*),
+ va_arg(ap, Bool)
+ };
+ calldata = &rec;
+ break;
+ }
+ case XACE_AUTH_AVAIL: {
+ XaceAuthAvailRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, XID)
+ };
+ calldata = &rec;
+ break;
+ }
+#ifdef LBX
+ case XACE_LBX_EXT_ACCESS: {
+ XaceLbxExtAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, LbxExtensionEntry*),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+ case XACE_DECLARE_LBX_EXT_SECURE: {
+ XaceDeclareLbxExtSecureRec rec = {
+ va_arg(ap, LbxExtensionEntry*),
+ va_arg(ap, Bool)
+ };
+ calldata = &rec;
+ break;
+ }
+ case XACE_LBX_PROXY_ACCESS: {
+ XaceLbxProxyAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, XID),
+ TRUE /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.rval;
+ break;
+ }
+#endif
+ default: {
+ va_end(ap);
+ return 0; /* unimplemented hook number */
+ }
+ }
+ va_end(ap);
+
+ /* call callbacks and return result, if any. */
+ CallCallbacks(&XaceHooks[hook], calldata);
+ return prv ? *prv : 0;
+}
+
+static int
+ProcXaceDispatch(ClientPtr client)
+{
+ REQUEST(xReq);
+
+ switch (stuff->data)
+ {
+ default:
+ return BadRequest;
+ }
+} /* ProcXaceDispatch */
+
+static int
+SProcXaceDispatch(ClientPtr client)
+{
+ REQUEST(xReq);
+
+ switch (stuff->data)
+ {
+ default:
+ return BadRequest;
+ }
+} /* SProcXaceDispatch */
+
+
+/* XaceResetProc
+ *
+ * Arguments:
+ * extEntry is the extension information for the XACE extension.
+ *
+ * Returns: nothing.
+ *
+ * Side Effects:
+ * Performs any cleanup needed by XACE at server shutdown time.
+ */
+static void
+XaceResetProc(ExtensionEntry *extEntry)
+{
+ int i;
+
+ for (i=0; i<XACE_NUM_HOOKS; i++)
+ {
+ DeleteCallbackList(&XaceHooks[i]);
+ XaceHooks[i] = NULL;
+ }
+
+ for (i=0; i<XACE_STATE_SLOTS; i++)
+ {
+ if (stateExtNames[i])
+ xfree(stateExtNames[i]);
+ stateExtNames[i] = NULL;
+ stateSlotsUsed[i] = FALSE;
+ }
+} /* XaceResetProc */
+
+
+static int
+XaceCatchDispatchProc(ClientPtr client)
+{
+ REQUEST(xReq);
+ int major = stuff->reqType;
+
+ if (!ProcVector[major])
+ return (BadRequest);
+
+ if (!XaceHook(XACE_CORE_DISPATCH, client))
+ return (BadAccess);
+
+ return client->swapped ?
+ (* SwappedProcVector[major])(client) :
+ (* ProcVector[major])(client);
+}
+
+static int
+XaceCatchExtProc(ClientPtr client)
+{
+ REQUEST(xReq);
+ int major = stuff->reqType;
+ ExtensionEntry *ext = GetExtensionEntry(major);
+
+ if (!ext || !ProcVector[major])
+ return (BadRequest);
+
+ if (!XaceHook(XACE_EXT_DISPATCH, client, ext))
+ return (BadRequest); /* pretend extension doesn't exist */
+
+ return client->swapped ?
+ (* SwappedProcVector[major])(client) :
+ (* ProcVector[major])(client);
+}
+
+
+/* SecurityClientStateCallback
+ *
+ * Arguments:
+ * pcbl is &ClientStateCallback.
+ * nullata is NULL.
+ * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h)
+ * which contains information about client state changes.
+ *
+ * Returns: nothing.
+ *
+ * Side Effects:
+ *
+ * If a new client is connecting, its authorization ID is copied to
+ * client->authID. If this is a generated authorization, its reference
+ * count is bumped, its timer is cancelled if it was running, and its
+ * trustlevel is copied to TRUSTLEVEL(client).
+ *
+ * If a client is disconnecting and the client was using a generated
+ * authorization, the authorization's reference count is decremented, and
+ * if it is now zero, the timer for this authorization is started.
+ */
+
+static void
+XaceClientStateCallback(
+ CallbackListPtr *pcbl,
+ pointer nulldata,
+ pointer calldata)
+{
+ NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
+ ClientPtr client = pci->client;
+
+ switch (client->clientState)
+ {
+ case ClientStateRunning:
+ {
+ client->requestVector = client->swapped ?
+ SwappedUntrustedProcVector : UntrustedProcVector;
+ break;
+ }
+ default: break;
+ }
+} /* XaceClientStateCallback */
+
+/* XaceExtensionInit
+ *
+ * Initialize the XACE Extension
+ */
+void XaceExtensionInit(INITARGS)
+{
+ ExtensionEntry *extEntry;
+ int i;
+
+ if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL))
+ return;
+
+ extEntry = AddExtension(XACE_EXTENSION_NAME,
+ XaceNumberEvents, XaceNumberErrors,
+ ProcXaceDispatch, SProcXaceDispatch,
+ XaceResetProc, StandardMinorOpcode);
+
+ /* initialize dispatching intercept functions */
+ for (i = 0; i < 128; i++)
+ {
+ UntrustedProcVector[i] = XaceCatchDispatchProc;
+ SwappedUntrustedProcVector[i] = XaceCatchDispatchProc;
+ }
+ for (i = 128; i < 256; i++)
+ {
+ UntrustedProcVector[i] = XaceCatchExtProc;
+ SwappedUntrustedProcVector[i] = XaceCatchExtProc;
+ }
+}
+
+/* XaceCensorImage
+ *
+ * Called after pScreen->GetImage to prevent pieces or trusted windows from
+ * being returned in image data from an untrusted window.
+ *
+ * Arguments:
+ * client is the client doing the GetImage.
+ * pVisibleRegion is the visible region of the window.
+ * widthBytesLine is the width in bytes of one horizontal line in pBuf.
+ * pDraw is the source window.
+ * x, y, w, h is the rectangle of image data from pDraw in pBuf.
+ * format is the format of the image data in pBuf: ZPixmap or XYPixmap.
+ * pBuf is the image data.
+ *
+ * Returns: nothing.
+ *
+ * Side Effects:
+ * Any part of the rectangle (x, y, w, h) that is outside the visible
+ * region of the window will be destroyed (overwritten) in pBuf.
+ */
+void
+XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y, w, h,
+ format, pBuf)
+ ClientPtr client;
+ RegionPtr pVisibleRegion;
+ long widthBytesLine;
+ DrawablePtr pDraw;
+ int x, y, w, h;
+ unsigned int format;
+ char * pBuf;
+{
+ ScreenPtr pScreen = pDraw->pScreen;
+ RegionRec imageRegion; /* region representing x,y,w,h */
+ RegionRec censorRegion; /* region to obliterate */
+ BoxRec imageBox;
+ int nRects;
+
+ imageBox.x1 = x;
+ imageBox.y1 = y;
+ imageBox.x2 = x + w;
+ imageBox.y2 = y + h;
+ REGION_INIT(pScreen, &imageRegion, &imageBox, 1);
+ REGION_NULL(pScreen, &censorRegion);
+
+ /* censorRegion = imageRegion - visibleRegion */
+ REGION_SUBTRACT(pScreen, &censorRegion, &imageRegion, pVisibleRegion);
+ nRects = REGION_NUM_RECTS(&censorRegion);
+ if (nRects > 0)
+ { /* we have something to censor */
+ GCPtr pScratchGC = NULL;
+ PixmapPtr pPix = NULL;
+ xRectangle *pRects = NULL;
+ Bool failed = FALSE;
+ int depth = 1;
+ int bitsPerPixel = 1;
+ int i;
+ BoxPtr pBox;
+
+ /* convert region to list-of-rectangles for PolyFillRect */
+
+ pRects = (xRectangle *)ALLOCATE_LOCAL(nRects * sizeof(xRectangle *));
+ if (!pRects)
+ {
+ failed = TRUE;
+ goto failSafe;
+ }
+ for (pBox = REGION_RECTS(&censorRegion), i = 0;
+ i < nRects;
+ i++, pBox++)
+ {
+ pRects[i].x = pBox->x1;
+ pRects[i].y = pBox->y1 - imageBox.y1;
+ pRects[i].width = pBox->x2 - pBox->x1;
+ pRects[i].height = pBox->y2 - pBox->y1;
+ }
+
+ /* use pBuf as a fake pixmap */
+
+ if (format == ZPixmap)
+ {
+ depth = pDraw->depth;
+ bitsPerPixel = pDraw->bitsPerPixel;
+ }
+
+ pPix = GetScratchPixmapHeader(pDraw->pScreen, w, h,
+ depth, bitsPerPixel,
+ widthBytesLine, (pointer)pBuf);
+ if (!pPix)
+ {
+ failed = TRUE;
+ goto failSafe;
+ }
+
+ pScratchGC = GetScratchGC(depth, pPix->drawable.pScreen);
+ if (!pScratchGC)
+ {
+ failed = TRUE;
+ goto failSafe;
+ }
+
+ ValidateGC(&pPix->drawable, pScratchGC);
+ (* pScratchGC->ops->PolyFillRect)(&pPix->drawable,
+ pScratchGC, nRects, pRects);
+
+ failSafe:
+ if (failed)
+ {
+ /* Censoring was not completed above. To be safe, wipe out
+ * all the image data so that nothing trusted gets out.
+ */
+ bzero(pBuf, (int)(widthBytesLine * h));
+ }
+ if (pRects) DEALLOCATE_LOCAL(pRects);
+ if (pScratchGC) FreeScratchGC(pScratchGC);
+ if (pPix) FreeScratchPixmapHeader(pPix);
+ }
+ REGION_UNINIT(pScreen, &imageRegion);
+ REGION_UNINIT(pScreen, &censorRegion);
+} /* XaceCensorImage */
diff --git a/Xext/xace.h b/Xext/xace.h
new file mode 100644
index 0000000..d7fb0c3
--- /dev/null
+++ b/Xext/xace.h
@@ -0,0 +1,124 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+#ifndef _XACE_H
+#define _XACE_H
+
+#define XACE_EXTENSION_NAME "XAccessControlExtension"
+#define XACE_MAJOR_VERSION 1
+#define XACE_MINOR_VERSION 0
+
+#include "pixmap.h" /* for DrawablePtr */
+#include "regionstr.h" /* for RegionPtr */
+
+#define XaceNumberEvents 0
+#define XaceNumberErrors 0
+
+/* security state */
+#define XACE_STATE_SLOTS 4
+#define XACE_STATE_INIT(ary) memset(ary, 0, sizeof(ary))
+
+/* security hooks */
+/* Constants used to identify the available security hooks
+ */
+#define XACE_CORE_DISPATCH 0
+#define XACE_EXT_DISPATCH 1
+#define XACE_RESOURCE_ACCESS 2
+#define XACE_DEVICE_ACCESS 3
+#define XACE_PROPERTY_ACCESS 4
+#define XACE_DRAWABLE_ACCESS 5
+#define XACE_MAP_ACCESS 6
+#define XACE_BACKGRND_ACCESS 7
+#define XACE_EXT_ACCESS 8
+#define XACE_HOSTLIST_ACCESS 9
+#define XACE_SITE_POLICY 10
+#define XACE_DECLARE_EXT_SECURE 11
+#define XACE_AUTH_AVAIL 12
+#ifndef LBX
+#define XACE_NUM_HOOKS 13
+#else /* LBX */
+#define XACE_LBX_EXT_ACCESS 13
+#define XACE_DECLARE_LBX_EXT_SECURE 14
+#define XACE_LBX_PROXY_ACCESS 15
+#define XACE_NUM_HOOKS 16
+#endif
+
+extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
+
+/* Entry point for hook functions. Called by Xserver.
+ */
+extern int XaceHook(
+ int /*hook*/,
+ ... /*appropriate args for hook*/
+ );
+
+/* Register a callback for a given hook. Extensions do not
+ * need to register themselves with XACERegisterExtension()
+ * to do this.
+ */
+#define XaceRegisterCallback(hook,callback,data) \
+ AddCallback(XaceHooks+(hook), callback, data)
+
+/* Unregister an existing callback for a given hook.
+ */
+#define XaceDeleteCallback(hook,callback,data) \
+ DeleteCallback(XaceHooks+(hook), callback, data)
+
+
+/* extension registration */
+
+/* Register with the security module, which allows an extension to store
+ * security state. Pass the name of the calling extension. Returns the
+ * index number for the state macros or -1 if no more slots are available.
+ */
+extern int XaceRegisterExtension(char *);
+
+/* Unregister an extension. Pass the index returned at registration time.
+ */
+extern void XaceUnregisterExtension(int);
+
+/* From the original Security extension...
+ */
+
+/* Hook return codes */
+#define SecurityAllowOperation 0
+#define SecurityIgnoreOperation 1
+#define SecurityErrorOperation 2
+
+/* Proc vectors for untrusted clients, swapped and unswapped versions.
+ * These are the same as the normal proc vectors except that extensions
+ * that haven't declared themselves secure will have ProcBadRequest plugged
+ * in for their major opcode dispatcher. This prevents untrusted clients
+ * from guessing extension major opcodes and using the extension even though
+ * the extension can't be listed or queried.
+ */
+extern int (*UntrustedProcVector[256])(ClientPtr client);
+extern int (*SwappedUntrustedProcVector[256])(ClientPtr client);
+
+extern void XaceCensorImage(
+ ClientPtr client,
+ RegionPtr pVisibleRegion,
+ long widthBytesLine,
+ DrawablePtr pDraw,
+ int x, int y, int w, int h,
+ unsigned int format,
+ char * pBuf
+ );
+
+#endif /* _XACE_H */
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
new file mode 100644
index 0000000..d460715
--- /dev/null
+++ b/Xext/xacestr.h
@@ -0,0 +1,141 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+#ifndef _XACESTR_H
+#define _XACESTR_H
+
+#include <X11/Xdefs.h>
+#include "dixstruct.h"
+#include "resource.h"
+#include "extnsionst.h"
+#include "gcstruct.h"
+#include "windowstr.h"
+#include "inputstr.h"
+#include "xace.h"
+#ifdef LBX
+#include "lbxserve.h" /* for LbxExtensionEntry */
+#endif
+
+/* XACE_CORE_DISPATCH */
+typedef struct {
+ ClientPtr client;
+ int rval;
+} XaceCoreDispatchRec;
+
+/* XACE_RESOURCE_ACCESS */
+/* XACE_RESOURCE_CREATE */
+typedef struct {
+ ClientPtr client;
+ XID id;
+ RESTYPE rtype;
+ Mask access_mode;
+ pointer res;
+ int rval;
+} XaceResourceAccessRec;
+
+/* XACE_DEVICE_ACCESS */
+typedef struct {
+ ClientPtr client;
+ DeviceIntPtr dev;
+ Bool fromRequest;
+ int rval;
+} XaceDeviceAccessRec;
+
+/* XACE_PROPERTY_ACCESS */
+typedef struct {
+ ClientPtr client;
+ WindowPtr pWin;
+ Atom propertyName;
+ Mask access_mode;
+ int rval;
+} XacePropertyAccessRec;
+
+/* XACE_DRAWABLE_ACCESS */
+typedef struct {
+ ClientPtr client;
+ DrawablePtr pDraw;
+ int rval;
+} XaceDrawableAccessRec;
+
+/* XACE_MAP_ACCESS */
+/* XACE_BACKGRND_ACCESS */
+typedef struct {
+ ClientPtr client;
+ WindowPtr pWin;
+ int rval;
+} XaceMapAccessRec;
+
+/* XACE_EXT_DISPATCH_ACCESS */
+/* XACE_EXT_ACCESS */
+typedef struct {
+ ClientPtr client;
+ ExtensionEntry *ext;
+ int rval;
+} XaceExtAccessRec;
+
+/* XACE_HOSTLIST_ACCESS */
+typedef struct {
+ ClientPtr client;
+ Mask access_mode;
+ int rval;
+} XaceHostlistAccessRec;
+
+/* XACE_SITE_POLICY */
+typedef struct {
+ char *policyString;
+ int len;
+ int rval;
+} XaceSitePolicyRec;
+
+/* XACE_DECLARE_EXT_SECURE */
+typedef struct {
+ ExtensionEntry *ext;
+ Bool secure;
+} XaceDeclareExtSecureRec;
+
+/* XACE_AUTH_AVAIL */
+typedef struct {
+ ClientPtr client;
+ XID authId;
+} XaceAuthAvailRec;
+
+#ifdef LBX
+/* XACE_LBX_EXT_ACCESS */
+typedef struct {
+ ClientPtr client;
+ LbxExtensionEntry *ext;
+ int rval;
+} XaceLbxExtAccessRec;
+
+/* XACE_DECLARE_LBX_EXT_SECURE */
+typedef struct {
+ LbxExtensionEntry *ext;
+ Bool secure;
+} XaceDeclareLbxExtSecureRec;
+
+/* XACE_LBX_PROXY_ACCESS */
+typedef struct {
+ ClientPtr client;
+ XID authId;
+ int rval;
+} XaceLbxProxyAccessRec;
+
+#endif /* LBX */
+
+#endif /* _XACESTR_H */
diff-tree 2b58685402e70f123e131fd8146e6083ff5214a4 (from 4365d16c8629e824973ee0c357efdfbfd28b672c)
Author: Matthieu Herrb <matthieu at deville.herrb.com>
Date: Tue Jun 20 21:07:53 2006 +0200
Check setuid() return value. Bugzilla #7116.
diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
index 9bb2bf8..3aed369 100644
--- a/hw/xfree86/common/xf86Init.c
+++ b/hw/xfree86/common/xf86Init.c
@@ -1896,7 +1896,11 @@ xf86RunVtInit(void)
FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno));
break;
case 0: /* child */
- setuid(getuid());
+ if (setuid(getuid()) == -1) {
+ xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n",
+ strerror(errno));
+ exit(255);
+ }
/* set stdin, stdout to the consoleFd */
for (i = 0; i < 2; i++) {
if (xf86Info.consoleFd != i) {
diff --git a/hw/xfree86/os-support/shared/libc_wrapper.c b/hw/xfree86/os-support/shared/libc_wrapper.c
index fc4edc3..1663893 100644
--- a/hw/xfree86/os-support/shared/libc_wrapper.c
+++ b/hw/xfree86/os-support/shared/libc_wrapper.c
@@ -1270,7 +1270,10 @@ xf86execl(const char *pathname, const ch
#ifndef SELF_CONTAINED_WRAPPER
xf86DisableIO();
#endif
- setuid(getuid());
+ if (setuid(getuid()) == -1) {
+ ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno));
+ exit(255);
+ }
#if !defined(SELF_CONTAINED_WRAPPER)
/* set stdin, stdout to the consoleFD, and leave stderr alone */
for (i = 0; i < 2; i++)
diff --git a/hw/xfree86/parser/write.c b/hw/xfree86/parser/write.c
index 285080d..82baa5a 100644
--- a/hw/xfree86/parser/write.c
+++ b/hw/xfree86/parser/write.c
@@ -170,7 +170,10 @@ xf86writeConfigFile (const char *filenam
strerror(errno));
return 0;
case 0: /* child */
- setuid(getuid());
+ if (setuid(getuid() == -1)
+ FatalError("xf86writeConfigFile(): "
+ "setuid failed(%s)\n",
+ strerror(errno));
ret = doWriteConfigFile(filename, cptr);
exit(ret);
break;
diff --git a/os/utils.c b/os/utils.c
index 43c6365..617d201 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -1,4 +1,4 @@
-/* $XdotOrg: xserver/xorg/os/utils.c,v 1.25 2006/03/25 19:52:05 ajax Exp $ */
+/* $XdotOrg: xserver/xorg/os/utils.c,v 1.26 2006-06-01 22:06:41 daniels Exp $ */
/* $Xorg: utils.c,v 1.5 2001/02/09 02:05:24 xorgcvs Exp $ */
/*
@@ -1713,8 +1713,10 @@ System(char *command)
case -1: /* error */
p = -1;
case 0: /* child */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) == -1)
+ _exit(127);
+ if (setuid(getuid()) == -1)
+ _exit(127);
execl("/bin/sh", "sh", "-c", command, (char *)NULL);
_exit(127);
default: /* parent */
@@ -1765,8 +1767,10 @@ Popen(char *command, char *type)
xfree(cur);
return NULL;
case 0: /* child */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) == -1)
+ _exit(127);
+ if (setuid(getuid()) == -1)
+ _exit(127);
if (*type == 'r') {
if (pdes[1] != 1) {
/* stdout */
@@ -1840,8 +1844,10 @@ Fopen(char *file, char *type)
xfree(cur);
return NULL;
case 0: /* child */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) == -1)
+ _exit(127);
+ if (setuid(getuid()) == -1)
+ _exit(127);
if (*type == 'r') {
if (pdes[1] != 1) {
/* stdout */
diff-tree 4365d16c8629e824973ee0c357efdfbfd28b672c (from 98d17bba716619e3402bd74c7c3e1c01d055ef6e)
Author: Kristan Høgsberg <krh at redhat.com>
Date: Mon Jun 19 22:13:22 2006 -0400
Pull over convolution filter fixes from xgl-0-0-1 branch.
Cherry-picking patches:
8a5ea68800b9d7dca90ff4e573ad8533852f1ea3 and
4d755fe14274a7293748ce9aa666ab85df6297c5
diff --git a/fb/fbcompose.c b/fb/fbcompose.c
index 41fff7b..6f7e3e6 100644
--- a/fb/fbcompose.c
+++ b/fb/fbcompose.c
@@ -3280,8 +3280,8 @@ static void fbFetchTransformed(PicturePt
xFixed *params = pict->filter_params;
INT32 cwidth = xFixedToInt(params[0]);
INT32 cheight = xFixedToInt(params[1]);
- int xoff = params[0] >> 1;
- int yoff = params[1] >> 1;
+ int xoff = (params[0] - xFixed1) >> 1;
+ int yoff = (params[1] - xFixed1) >> 1;
params += 2;
for (i = 0; i < width; ++i) {
if (!v.vector[2]) {
@@ -3325,6 +3325,11 @@ static void fbFetchTransformed(PicturePt
}
}
+ satot >>= 16;
+ srtot >>= 16;
+ sgtot >>= 16;
+ sbtot >>= 16;
+
if (satot < 0) satot = 0; else if (satot > 0xff) satot = 0xff;
if (srtot < 0) srtot = 0; else if (srtot > 0xff) srtot = 0xff;
if (sgtot < 0) sgtot = 0; else if (sgtot > 0xff) sgtot = 0xff;
More information about the xorg-commit
mailing list