diff options
-rw-r--r-- | Xext/SecurityPolicy | 7 | ||||
-rw-r--r-- | Xext/security.c | 64 | ||||
-rw-r--r-- | Xext/securitysrv.h | 2 | ||||
-rw-r--r-- | os/Makefile.am | 7 | ||||
-rw-r--r-- | os/auth.c | 11 | ||||
-rw-r--r-- | os/connection.c | 11 | ||||
-rw-r--r-- | os/osdep.h | 3 | ||||
-rw-r--r-- | os/secauth.c | 202 |
8 files changed, 3 insertions, 304 deletions
diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy index 0000c5a8f..04dfb0e6b 100644 --- a/Xext/SecurityPolicy +++ b/Xext/SecurityPolicy @@ -2,13 +2,6 @@ version-1 # $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $ -# The site policy fields are interpreted by the XC-QUERY-SECURITY-1 -# authorization protocol. The values are arbitrary and site-specific. -# Refer to the Security Extension Specification for the usage of the policies. -#sitepolicy A -#sitepolicy B -#sitepolicy C - # Property access rules: # property <property> <window> <permissions> # <window> ::= any | root | <propertyselector> diff --git a/Xext/security.c b/Xext/security.c index b1c0ce008..9e3b2dd9d 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -1526,64 +1526,6 @@ SecurityParseExtensionRule( } /* SecurityParseExtensionRule */ -static char **SecurityPolicyStrings = NULL; -static int nSecurityPolicyStrings = 0; - -static Bool -SecurityParseSitePolicy( - char *p) -{ - char *policyStr = SecurityParseString(&p); - char *copyPolicyStr; - char **newStrings; - - if (!policyStr) - return FALSE; - - copyPolicyStr = (char *)Xalloc(strlen(policyStr) + 1); - if (!copyPolicyStr) - return TRUE; - strcpy(copyPolicyStr, policyStr); - newStrings = (char **)Xrealloc(SecurityPolicyStrings, - sizeof (char *) * (nSecurityPolicyStrings + 1)); - if (!newStrings) - { - Xfree(copyPolicyStr); - return TRUE; - } - - SecurityPolicyStrings = newStrings; - SecurityPolicyStrings[nSecurityPolicyStrings++] = copyPolicyStr; - - return TRUE; - -} /* SecurityParseSitePolicy */ - - -char ** -SecurityGetSitePolicyStrings(n) - int *n; -{ - *n = nSecurityPolicyStrings; - return SecurityPolicyStrings; -} /* SecurityGetSitePolicyStrings */ - -static void -SecurityFreeSitePolicyStrings(void) -{ - if (SecurityPolicyStrings) - { - assert(nSecurityPolicyStrings); - while (nSecurityPolicyStrings--) - { - Xfree(SecurityPolicyStrings[nSecurityPolicyStrings]); - } - Xfree(SecurityPolicyStrings); - SecurityPolicyStrings = NULL; - nSecurityPolicyStrings = 0; - } -} /* SecurityFreeSitePolicyStrings */ - static void SecurityFreeTrustedExtensionStrings(void) { @@ -1646,6 +1588,7 @@ SecurityLoadPropertyAccessList(void) switch (SecurityParseKeyword(&p)) { case SecurityKeywordComment: + case SecurityKeywordSitePolicy: validLine = TRUE; break; @@ -1653,10 +1596,6 @@ SecurityLoadPropertyAccessList(void) validLine = SecurityParsePropertyAccessRule(p); break; - case SecurityKeywordSitePolicy: - validLine = SecurityParseSitePolicy(p); - break; - case SecurityKeywordExtension: validLine = SecurityParseExtensionRule(p); break; @@ -1837,7 +1776,6 @@ SecurityResetProc( { SecurityFreePropertyAccessList(); SecurityFreeTrustedExtensionStrings(); - SecurityFreeSitePolicyStrings(); } /* SecurityResetProc */ diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h index 67d864e2e..7320ab7da 100644 --- a/Xext/securitysrv.h +++ b/Xext/securitysrv.h @@ -84,6 +84,4 @@ extern int XSecurityOptions(int argc, char **argv, int i); #define SECURITY_POLICY_FILE_VERSION "version-1" -extern char **SecurityGetSitePolicyStrings(int *n); - #endif /* _SECURITY_SRV_H */ diff --git a/os/Makefile.am b/os/Makefile.am index 53b2d7f0c..9dd1b5432 100644 --- a/os/Makefile.am +++ b/os/Makefile.am @@ -6,7 +6,6 @@ AM_CFLAGS = $(DIX_CFLAGS) SECURERPC_SRCS = rpcauth.c INTERNALMALLOC_SRCS = xalloc.c -XCSECURITY_SRCS = secauth.c XDMCP_SRCS = xdmcp.c STRLCAT_SRCS = strlcat.c strlcpy.c XORG_SRCS = log.c @@ -28,10 +27,6 @@ libos_la_SOURCES = \ xprintf.c \ $(XORG_SRCS) -if XCSECURITY -libos_la_SOURCES += $(XCSECURITY_SRCS) -endif - if XDMCP libos_la_SOURCES += $(XDMCP_SRCS) endif @@ -48,7 +43,7 @@ libcwrapper_la_CFLAGS = \ $(AM_CFLAGS) EXTRA_DIST = $(SECURERPC_SRCS) $(INTERNALMALLOC_SRCS) \ - $(XCSECURITY_SRCS) $(XDMCP_SRCS) $(STRLCAT_SRCS) + $(XDMCP_SRCS) $(STRLCAT_SRCS) if XSERVER_DTRACE # Generate dtrace object code for probes in libos & libdix @@ -42,9 +42,6 @@ from The Open Group. # include "dixstruct.h" # include <sys/types.h> # include <sys/stat.h> -#ifdef XCSECURITY -# include "securitysrv.h" -#endif #ifdef WIN32 #include <X11/Xw32defs.h> #endif @@ -89,14 +86,6 @@ static struct protocol protocols[] = { #endif }, #endif -#ifdef XCSECURITY -{ (unsigned short) XSecurityAuthorizationNameLen, - XSecurityAuthorizationName, - NULL, AuthSecurityCheck, NULL, - NULL, NULL, NULL, - NULL -}, -#endif }; # define NUM_AUTHORIZATION (sizeof (protocols) /\ diff --git a/os/connection.c b/os/connection.c index d975f87d2..c1152aad7 100644 --- a/os/connection.c +++ b/os/connection.c @@ -140,9 +140,6 @@ SOFTWARE. #include "appgroup.h" #endif #include "xace.h" -#ifdef XCSECURITY -#include "securitysrv.h" -#endif #ifdef X_NOT_POSIX #define Pid_t int @@ -669,13 +666,7 @@ ClientAuthorized(ClientPtr client, if (auth_id == (XID) ~0L) { - if ( -#ifdef XCSECURITY - (proto_n == 0 || - strncmp (auth_proto, XSecurityAuthorizationName, proto_n) != 0) && -#endif - _XSERVTransGetPeerAddr (trans_conn, - &family, &fromlen, &from) != -1) + if (_XSERVTransGetPeerAddr(trans_conn, &family, &fromlen, &from) != -1) { if (InvalidHost ((struct sockaddr *) from, fromlen, client)) AuthAudit(client, FALSE, (struct sockaddr *) from, diff --git a/os/osdep.h b/os/osdep.h index 965436df5..0c07a9004 100644 --- a/os/osdep.h +++ b/os/osdep.h @@ -260,9 +260,6 @@ extern int SecureRPCRemove (AuthRemCArgs); extern int SecureRPCReset (AuthRstCArgs); #endif -/* in secauth.c */ -extern XID AuthSecurityCheck (AuthCheckArgs); - /* in xdmcp.c */ extern void XdmcpUseMsg (void); extern int XdmcpOptions(int argc, char **argv, int i); diff --git a/os/secauth.c b/os/secauth.c deleted file mode 100644 index d01879bfd..000000000 --- a/os/secauth.c +++ /dev/null @@ -1,202 +0,0 @@ -/* -Copyright 1996, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. -*/ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#include <X11/X.h> -#include "os.h" -#include "osdep.h" -#include "dixstruct.h" -#include "swaprep.h" - -#ifdef XCSECURITY -#include "securitysrv.h" -#endif - -static char InvalidPolicyReason[] = "invalid policy specification"; -static char PolicyViolationReason[] = "policy violation"; - -static Bool -AuthCheckSitePolicy( - unsigned short *data_lengthP, - char **dataP, - ClientPtr client, - char **reason) -{ - CARD8 *policy = *(CARD8 **)dataP; - int length; - Bool permit; - int nPolicies; - char **sitePolicies; - int nSitePolicies; - Bool found = FALSE; - - if ((length = *data_lengthP) < 2) { - *reason = InvalidPolicyReason; - return FALSE; - } - - permit = (*policy++ == 0); - nPolicies = (CARD8) *policy++; - - length -= 2; - - sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies); - - while (nPolicies) { - int strLen, sitePolicy; - - if (length == 0) { - *reason = InvalidPolicyReason; - return FALSE; - } - - strLen = (CARD8) *policy++; - if (--length < strLen) { - *reason = InvalidPolicyReason; - return FALSE; - } - - if (!found) - { - for (sitePolicy = 0; sitePolicy < nSitePolicies; sitePolicy++) - { - char *testPolicy = sitePolicies[sitePolicy]; - if ((strLen == strlen(testPolicy)) && - (strncmp((char *)policy, testPolicy, strLen) == 0)) - { - found = TRUE; /* need to continue parsing the policy... */ - break; - } - } - } - - policy += strLen; - length -= strLen; - nPolicies--; - } - - if (found != permit) - { - *reason = PolicyViolationReason; - return FALSE; - } - - *data_lengthP = length; - *dataP = (char *)policy; - return TRUE; -} - -XID -AuthSecurityCheck ( - unsigned short data_length, - char *data, - ClientPtr client, - char **reason) -{ -#ifdef XCSECURITY - xConnSetupPrefix csp; - xReq freq; - - if (client->clientState == ClientStateCheckedSecurity) - { - *reason = "repeated security check not permitted"; - return (XID) -1; - } - else if (data_length > 0) - { - char policy_mask = *data++; - - if (--data_length == 1) { - *reason = InvalidPolicyReason; - return (XID) -1; - } - - if (policy_mask & 0x01) /* Extensions policy */ - { - /* AuthCheckExtensionPolicy(&data_length, &data, client, reason) */ - *reason = "security policy not implemented"; - return (XID) -1; - } - - if (policy_mask & 0x02) /* Site policy */ - { - if (!AuthCheckSitePolicy(&data_length, &data, client, reason)) - return (XID) -1; - } - - if (data_length > 0) { /* did we consume the whole policy? */ - *reason = InvalidPolicyReason; - return (XID) -1; - } - - } - else if (!GetAccessControl()) - { - /* - * The client - possibly the X FireWall Proxy - gave - * no auth data and host-based authorization is turned - * off. In this case, the client should be denied - * access to the X server. - */ - *reason = "server host access control is disabled"; - return (XID) -1; - } - - client->clientState = ClientStateCheckingSecurity; - - csp.success = 2 /* Authenticate */; - csp.lengthReason = 0; - csp.length = 0; - csp.majorVersion = X_PROTOCOL; - csp.minorVersion = X_PROTOCOL_REVISION; - if (client->swapped) - WriteSConnSetupPrefix(client, &csp); - else - (void)WriteToClient(client, sz_xConnSetupPrefix, (char *) &csp); - - /* - * Next time the client sends the real auth data, we want - * ProcEstablishConnection to be called. - */ - - freq.reqType = 1; - freq.length = (sz_xReq + sz_xConnClientPrefix) >> 2; - client->swapped = FALSE; - if (!InsertFakeRequest(client, (char *)&freq, sz_xReq)) - { - *reason = "internal error"; - return (XID) -1; - } - - return (XID) 0; -#else - *reason = "method not supported"; - return (XID) -1; -#endif -} |