summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Xext/SecurityPolicy7
-rw-r--r--Xext/security.c64
-rw-r--r--Xext/securitysrv.h2
-rw-r--r--os/Makefile.am7
-rw-r--r--os/auth.c11
-rw-r--r--os/connection.c11
-rw-r--r--os/osdep.h3
-rw-r--r--os/secauth.c202
8 files changed, 3 insertions, 304 deletions
diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy
index 0000c5a8f..04dfb0e6b 100644
--- a/Xext/SecurityPolicy
+++ b/Xext/SecurityPolicy
@@ -2,13 +2,6 @@ version-1
# $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $
-# The site policy fields are interpreted by the XC-QUERY-SECURITY-1
-# authorization protocol. The values are arbitrary and site-specific.
-# Refer to the Security Extension Specification for the usage of the policies.
-#sitepolicy A
-#sitepolicy B
-#sitepolicy C
-
# Property access rules:
# property <property> <window> <permissions>
# <window> ::= any | root | <propertyselector>
diff --git a/Xext/security.c b/Xext/security.c
index b1c0ce008..9e3b2dd9d 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1526,64 +1526,6 @@ SecurityParseExtensionRule(
} /* SecurityParseExtensionRule */
-static char **SecurityPolicyStrings = NULL;
-static int nSecurityPolicyStrings = 0;
-
-static Bool
-SecurityParseSitePolicy(
- char *p)
-{
- char *policyStr = SecurityParseString(&p);
- char *copyPolicyStr;
- char **newStrings;
-
- if (!policyStr)
- return FALSE;
-
- copyPolicyStr = (char *)Xalloc(strlen(policyStr) + 1);
- if (!copyPolicyStr)
- return TRUE;
- strcpy(copyPolicyStr, policyStr);
- newStrings = (char **)Xrealloc(SecurityPolicyStrings,
- sizeof (char *) * (nSecurityPolicyStrings + 1));
- if (!newStrings)
- {
- Xfree(copyPolicyStr);
- return TRUE;
- }
-
- SecurityPolicyStrings = newStrings;
- SecurityPolicyStrings[nSecurityPolicyStrings++] = copyPolicyStr;
-
- return TRUE;
-
-} /* SecurityParseSitePolicy */
-
-
-char **
-SecurityGetSitePolicyStrings(n)
- int *n;
-{
- *n = nSecurityPolicyStrings;
- return SecurityPolicyStrings;
-} /* SecurityGetSitePolicyStrings */
-
-static void
-SecurityFreeSitePolicyStrings(void)
-{
- if (SecurityPolicyStrings)
- {
- assert(nSecurityPolicyStrings);
- while (nSecurityPolicyStrings--)
- {
- Xfree(SecurityPolicyStrings[nSecurityPolicyStrings]);
- }
- Xfree(SecurityPolicyStrings);
- SecurityPolicyStrings = NULL;
- nSecurityPolicyStrings = 0;
- }
-} /* SecurityFreeSitePolicyStrings */
-
static void
SecurityFreeTrustedExtensionStrings(void)
{
@@ -1646,6 +1588,7 @@ SecurityLoadPropertyAccessList(void)
switch (SecurityParseKeyword(&p))
{
case SecurityKeywordComment:
+ case SecurityKeywordSitePolicy:
validLine = TRUE;
break;
@@ -1653,10 +1596,6 @@ SecurityLoadPropertyAccessList(void)
validLine = SecurityParsePropertyAccessRule(p);
break;
- case SecurityKeywordSitePolicy:
- validLine = SecurityParseSitePolicy(p);
- break;
-
case SecurityKeywordExtension:
validLine = SecurityParseExtensionRule(p);
break;
@@ -1837,7 +1776,6 @@ SecurityResetProc(
{
SecurityFreePropertyAccessList();
SecurityFreeTrustedExtensionStrings();
- SecurityFreeSitePolicyStrings();
} /* SecurityResetProc */
diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
index 67d864e2e..7320ab7da 100644
--- a/Xext/securitysrv.h
+++ b/Xext/securitysrv.h
@@ -84,6 +84,4 @@ extern int XSecurityOptions(int argc, char **argv, int i);
#define SECURITY_POLICY_FILE_VERSION "version-1"
-extern char **SecurityGetSitePolicyStrings(int *n);
-
#endif /* _SECURITY_SRV_H */
diff --git a/os/Makefile.am b/os/Makefile.am
index 53b2d7f0c..9dd1b5432 100644
--- a/os/Makefile.am
+++ b/os/Makefile.am
@@ -6,7 +6,6 @@ AM_CFLAGS = $(DIX_CFLAGS)
SECURERPC_SRCS = rpcauth.c
INTERNALMALLOC_SRCS = xalloc.c
-XCSECURITY_SRCS = secauth.c
XDMCP_SRCS = xdmcp.c
STRLCAT_SRCS = strlcat.c strlcpy.c
XORG_SRCS = log.c
@@ -28,10 +27,6 @@ libos_la_SOURCES = \
xprintf.c \
$(XORG_SRCS)
-if XCSECURITY
-libos_la_SOURCES += $(XCSECURITY_SRCS)
-endif
-
if XDMCP
libos_la_SOURCES += $(XDMCP_SRCS)
endif
@@ -48,7 +43,7 @@ libcwrapper_la_CFLAGS = \
$(AM_CFLAGS)
EXTRA_DIST = $(SECURERPC_SRCS) $(INTERNALMALLOC_SRCS) \
- $(XCSECURITY_SRCS) $(XDMCP_SRCS) $(STRLCAT_SRCS)
+ $(XDMCP_SRCS) $(STRLCAT_SRCS)
if XSERVER_DTRACE
# Generate dtrace object code for probes in libos & libdix
diff --git a/os/auth.c b/os/auth.c
index b2a145f89..d2aa980a8 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -42,9 +42,6 @@ from The Open Group.
# include "dixstruct.h"
# include <sys/types.h>
# include <sys/stat.h>
-#ifdef XCSECURITY
-# include "securitysrv.h"
-#endif
#ifdef WIN32
#include <X11/Xw32defs.h>
#endif
@@ -89,14 +86,6 @@ static struct protocol protocols[] = {
#endif
},
#endif
-#ifdef XCSECURITY
-{ (unsigned short) XSecurityAuthorizationNameLen,
- XSecurityAuthorizationName,
- NULL, AuthSecurityCheck, NULL,
- NULL, NULL, NULL,
- NULL
-},
-#endif
};
# define NUM_AUTHORIZATION (sizeof (protocols) /\
diff --git a/os/connection.c b/os/connection.c
index d975f87d2..c1152aad7 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -140,9 +140,6 @@ SOFTWARE.
#include "appgroup.h"
#endif
#include "xace.h"
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
#ifdef X_NOT_POSIX
#define Pid_t int
@@ -669,13 +666,7 @@ ClientAuthorized(ClientPtr client,
if (auth_id == (XID) ~0L)
{
- if (
-#ifdef XCSECURITY
- (proto_n == 0 ||
- strncmp (auth_proto, XSecurityAuthorizationName, proto_n) != 0) &&
-#endif
- _XSERVTransGetPeerAddr (trans_conn,
- &family, &fromlen, &from) != -1)
+ if (_XSERVTransGetPeerAddr(trans_conn, &family, &fromlen, &from) != -1)
{
if (InvalidHost ((struct sockaddr *) from, fromlen, client))
AuthAudit(client, FALSE, (struct sockaddr *) from,
diff --git a/os/osdep.h b/os/osdep.h
index 965436df5..0c07a9004 100644
--- a/os/osdep.h
+++ b/os/osdep.h
@@ -260,9 +260,6 @@ extern int SecureRPCRemove (AuthRemCArgs);
extern int SecureRPCReset (AuthRstCArgs);
#endif
-/* in secauth.c */
-extern XID AuthSecurityCheck (AuthCheckArgs);
-
/* in xdmcp.c */
extern void XdmcpUseMsg (void);
extern int XdmcpOptions(int argc, char **argv, int i);
diff --git a/os/secauth.c b/os/secauth.c
deleted file mode 100644
index d01879bfd..000000000
--- a/os/secauth.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
-Copyright 1996, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-*/
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include "os.h"
-#include "osdep.h"
-#include "dixstruct.h"
-#include "swaprep.h"
-
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
-
-static char InvalidPolicyReason[] = "invalid policy specification";
-static char PolicyViolationReason[] = "policy violation";
-
-static Bool
-AuthCheckSitePolicy(
- unsigned short *data_lengthP,
- char **dataP,
- ClientPtr client,
- char **reason)
-{
- CARD8 *policy = *(CARD8 **)dataP;
- int length;
- Bool permit;
- int nPolicies;
- char **sitePolicies;
- int nSitePolicies;
- Bool found = FALSE;
-
- if ((length = *data_lengthP) < 2) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- permit = (*policy++ == 0);
- nPolicies = (CARD8) *policy++;
-
- length -= 2;
-
- sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
-
- while (nPolicies) {
- int strLen, sitePolicy;
-
- if (length == 0) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- strLen = (CARD8) *policy++;
- if (--length < strLen) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- if (!found)
- {
- for (sitePolicy = 0; sitePolicy < nSitePolicies; sitePolicy++)
- {
- char *testPolicy = sitePolicies[sitePolicy];
- if ((strLen == strlen(testPolicy)) &&
- (strncmp((char *)policy, testPolicy, strLen) == 0))
- {
- found = TRUE; /* need to continue parsing the policy... */
- break;
- }
- }
- }
-
- policy += strLen;
- length -= strLen;
- nPolicies--;
- }
-
- if (found != permit)
- {
- *reason = PolicyViolationReason;
- return FALSE;
- }
-
- *data_lengthP = length;
- *dataP = (char *)policy;
- return TRUE;
-}
-
-XID
-AuthSecurityCheck (
- unsigned short data_length,
- char *data,
- ClientPtr client,
- char **reason)
-{
-#ifdef XCSECURITY
- xConnSetupPrefix csp;
- xReq freq;
-
- if (client->clientState == ClientStateCheckedSecurity)
- {
- *reason = "repeated security check not permitted";
- return (XID) -1;
- }
- else if (data_length > 0)
- {
- char policy_mask = *data++;
-
- if (--data_length == 1) {
- *reason = InvalidPolicyReason;
- return (XID) -1;
- }
-
- if (policy_mask & 0x01) /* Extensions policy */
- {
- /* AuthCheckExtensionPolicy(&data_length, &data, client, reason) */
- *reason = "security policy not implemented";
- return (XID) -1;
- }
-
- if (policy_mask & 0x02) /* Site policy */
- {
- if (!AuthCheckSitePolicy(&data_length, &data, client, reason))
- return (XID) -1;
- }
-
- if (data_length > 0) { /* did we consume the whole policy? */
- *reason = InvalidPolicyReason;
- return (XID) -1;
- }
-
- }
- else if (!GetAccessControl())
- {
- /*
- * The client - possibly the X FireWall Proxy - gave
- * no auth data and host-based authorization is turned
- * off. In this case, the client should be denied
- * access to the X server.
- */
- *reason = "server host access control is disabled";
- return (XID) -1;
- }
-
- client->clientState = ClientStateCheckingSecurity;
-
- csp.success = 2 /* Authenticate */;
- csp.lengthReason = 0;
- csp.length = 0;
- csp.majorVersion = X_PROTOCOL;
- csp.minorVersion = X_PROTOCOL_REVISION;
- if (client->swapped)
- WriteSConnSetupPrefix(client, &csp);
- else
- (void)WriteToClient(client, sz_xConnSetupPrefix, (char *) &csp);
-
- /*
- * Next time the client sends the real auth data, we want
- * ProcEstablishConnection to be called.
- */
-
- freq.reqType = 1;
- freq.length = (sz_xReq + sz_xConnClientPrefix) >> 2;
- client->swapped = FALSE;
- if (!InsertFakeRequest(client, (char *)&freq, sz_xReq))
- {
- *reason = "internal error";
- return (XID) -1;
- }
-
- return (XID) 0;
-#else
- *reason = "method not supported";
- return (XID) -1;
-#endif
-}