diff options
| -rw-r--r-- | dix/devices.c | 22 | ||||
| -rw-r--r-- | dix/dispatch.c | 41 | ||||
| -rw-r--r-- | dix/dixutils.c | 36 | ||||
| -rw-r--r-- | dix/events.c | 25 | ||||
| -rw-r--r-- | dix/extension.c | 59 | ||||
| -rw-r--r-- | dix/property.c | 25 | ||||
| -rw-r--r-- | dix/resource.c | 19 | ||||
| -rw-r--r-- | dix/window.c | 25 | ||||
| -rw-r--r-- | include/dix.h | 19 | ||||
| -rw-r--r-- | include/dixstruct.h | 11 | ||||
| -rw-r--r-- | include/extnsionst.h | 3 | ||||
| -rw-r--r-- | include/resource.h | 6 | ||||
| -rw-r--r-- | os/access.c | 19 | ||||
| -rw-r--r-- | os/connection.c | 8 |
14 files changed, 133 insertions, 185 deletions
diff --git a/dix/devices.c b/dix/devices.c index c7d3494e8..324d64bc6 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -72,9 +72,8 @@ SOFTWARE. #ifdef XKB #include <X11/extensions/XKBsrv.h> #endif -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif #include "dispatch.h" @@ -956,8 +955,8 @@ ProcSetModifierMapping(ClientPtr client) } } -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE)) return BadAccess; #endif @@ -1073,9 +1072,8 @@ ProcChangeKeyboardMapping(ClientPtr client) client->errorValue = stuff->keySymsPerKeyCode; return BadValue; } -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, - TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) return BadAccess; #endif keysyms.minKeyCode = stuff->firstKeyCode; @@ -1221,8 +1219,8 @@ ProcChangeKeyboardControl (ClientPtr client) vmask = stuff->mask; if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask)) return BadLength; -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE)) return BadAccess; #endif vlist = (XID *)&stuff[1]; /* first word of values */ @@ -1610,8 +1608,8 @@ ProcQueryKeymap(ClientPtr client) rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.length = 2; -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) { bzero((char *)&rep.map[0], 32); } diff --git a/dix/dispatch.c b/dix/dispatch.c index 04e2ba11f..ef97edcf2 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -107,9 +107,8 @@ int ProcInitialConnection(); #include "panoramiX.h" #include "panoramiXsrv.h" #endif -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif #ifdef XAPPGROUP #include <X11/extensions/Xagsrv.h> @@ -1103,11 +1102,10 @@ ProcConvertSelection(register ClientPtr client) CurrentSelections[i].selection != stuff->selection) i++; if ((i < NumCurrentSelections) && (CurrentSelections[i].window != None) -#ifdef XCSECURITY - && (!client->CheckAccess || - (* client->CheckAccess)(client, CurrentSelections[i].window, - RT_WINDOW, SecurityReadAccess, - CurrentSelections[i].pWin)) +#ifdef XACE + && XaceHook(XACE_RESOURCE_ACCESS, client, + CurrentSelections[i].window, RT_WINDOW, + SecurityReadAccess, CurrentSelections[i].pWin) #endif ) { @@ -2205,9 +2203,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); } -#ifdef XCSECURITY - if (client->trustLevel != XSecurityClientTrusted && - pDraw->type == DRAWABLE_WINDOW) +#ifdef XACE + if (pDraw->type == DRAWABLE_WINDOW && + !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw)) { pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw); if (pVisibleRegion) @@ -2235,9 +2233,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, format, planemask, (pointer) pBuf); -#ifdef XCSECURITY +#ifdef XACE if (pVisibleRegion) - SecurityCensorImage(client, pVisibleRegion, widthBytesLine, + XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y + linesDone, width, nlines, format, pBuf); #endif @@ -2276,9 +2274,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, format, plane, (pointer)pBuf); -#ifdef XCSECURITY +#ifdef XACE if (pVisibleRegion) - SecurityCensorImage(client, pVisibleRegion, + XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y + linesDone, width, nlines, format, pBuf); @@ -2304,7 +2302,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, } } } -#ifdef XCSECURITY +#ifdef XACE if (pVisibleRegion) REGION_DESTROY(pDraw->pScreen, pVisibleRegion); #endif @@ -3278,11 +3276,10 @@ ProcListHosts(register ClientPtr client) /* REQUEST(xListHostsReq); */ REQUEST_SIZE_MATCH(xListHostsReq); -#ifdef XCSECURITY +#ifdef XACE /* untrusted clients can't list hosts */ - if (client->trustLevel != XSecurityClientTrusted) + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess)) { - SecurityAudit("client %d attempted to list hosts\n", client->index); return BadAccess; } #endif @@ -3650,10 +3647,8 @@ void InitClient(ClientPtr client, int i, pointer ospriv) } #endif client->replyBytesRemaining = 0; -#ifdef XCSECURITY - client->trustLevel = XSecurityClientTrusted; - client->CheckAccess = NULL; - client->authId = 0; +#ifdef XACE + XACE_STATE_INIT(client->securityState); #endif #ifdef XAPPGROUP client->appgroup = NULL; diff --git a/dix/dixutils.c b/dix/dixutils.c index 91796eade..0a14da221 100644 --- a/dix/dixutils.c +++ b/dix/dixutils.c @@ -97,9 +97,8 @@ Author: Adobe Systems Incorporated #include "scrnintstr.h" #define XK_LATIN1 #include <X11/keysymdef.h> -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif /* @@ -199,7 +198,7 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len, return (int) c1 - (int) c2; } -#ifdef XCSECURITY +#ifdef XACE /* SecurityLookupWindow and SecurityLookupDrawable: * Look up the window/drawable taking into account the client doing @@ -207,32 +206,16 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len, * if it exists and the client is allowed access, else return NULL. * Most Proc* functions should be calling these instead of * LookupWindow and LookupDrawable, which do no access checks. + * XACE note: need to see if client->lastDrawableID can still be used here. */ _X_EXPORT WindowPtr SecurityLookupWindow(XID rid, ClientPtr client, Mask access_mode) { - WindowPtr pWin; - client->errorValue = rid; if(rid == INVALID) return NULL; - if (client->trustLevel != XSecurityClientTrusted) - return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); - if (client->lastDrawableID == rid) - { - if (client->lastDrawable->type == DRAWABLE_WINDOW) - return ((WindowPtr) client->lastDrawable); - return (WindowPtr) NULL; - } - pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); - if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) { - client->lastDrawable = (DrawablePtr) pWin; - client->lastDrawableID = rid; - client->lastGCID = INVALID; - client->lastGC = (GCPtr)NULL; - } - return pWin; + return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); } @@ -243,11 +226,6 @@ SecurityLookupDrawable(XID rid, ClientPtr client, Mask access_mode) if(rid == INVALID) return (pointer) NULL; - if (client->trustLevel != XSecurityClientTrusted) - return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE, - access_mode); - if (client->lastDrawableID == rid) - return ((pointer) client->lastDrawable); pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE, access_mode); if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW)) @@ -271,7 +249,7 @@ LookupDrawable(XID rid, ClientPtr client) return SecurityLookupDrawable(rid, client, SecurityUnknownAccess); } -#else /* not XCSECURITY */ +#else /* not XACE */ WindowPtr LookupWindow(XID rid, ClientPtr client) @@ -313,7 +291,7 @@ LookupDrawable(XID rid, ClientPtr client) return (pointer)NULL; } -#endif /* XCSECURITY */ +#endif /* XACE */ _X_EXPORT ClientPtr LookupClient(XID rid, ClientPtr client) diff --git a/dix/events.c b/dix/events.c index b014fdbb7..f02c5f907 100644 --- a/dix/events.c +++ b/dix/events.c @@ -138,9 +138,8 @@ of the copyright holder. extern Bool XkbFilterEvents(ClientPtr, int, xEvent *); #endif -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif #ifdef XEVIE @@ -2541,8 +2540,8 @@ CheckPassiveGrabsOnWindow( (grab->confineTo->realized && BorderSizeNotEmpty(grab->confineTo)))) { -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE)) return FALSE; #endif #ifdef XKB @@ -3350,10 +3349,10 @@ EnterLeaveEvent( { xKeymapEvent ke; -#ifdef XCSECURITY +#ifdef XACE ClientPtr client = grab ? rClient(grab) : clients[CLIENT_ID(pWin->drawable.id)]; - if (!SecurityCheckDeviceAccess(client, keybd, FALSE)) + if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE)) { bzero((char *)&ke.map[0], 31); } @@ -3445,9 +3444,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr ((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask)) { xKeymapEvent ke; -#ifdef XCSECURITY +#ifdef XACE ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)]; - if (!SecurityCheckDeviceAccess(client, dev, FALSE)) + if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE)) { bzero((char *)&ke.map[0], 31); } @@ -3716,8 +3715,8 @@ ProcSetInputFocus(client) REQUEST(xSetInputFocusReq); REQUEST_SIZE_MATCH(xSetInputFocusReq); -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) return Success; #endif return SetInputFocus(client, inputInfo.keyboard, stuff->focus, @@ -3981,8 +3980,8 @@ ProcGrabKeyboard(ClientPtr client) int result; REQUEST_SIZE_MATCH(xGrabKeyboardReq); -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) { result = Success; rep.status = AlreadyGrabbed; diff --git a/dix/extension.c b/dix/extension.c index f6f38fcf3..bb20ade96 100644 --- a/dix/extension.c +++ b/dix/extension.c @@ -61,9 +61,8 @@ SOFTWARE. #include "gcstruct.h" #include "scrnintstr.h" #include "dispatch.h" -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif #define EXTENSION_BASE 128 @@ -147,8 +146,8 @@ AddExtension(char *name, int NumEvents, int NumErrors, ext->errorBase = 0; ext->errorLast = 0; } -#ifdef XCSECURITY - ext->secure = FALSE; +#ifdef XACE + XACE_STATE_INIT(ext->securityState); #endif return(ext); @@ -210,26 +209,27 @@ CheckExtension(const char *extname) return NULL; } +/* + * Added as part of Xace. + */ +ExtensionEntry * +GetExtensionEntry(int major) +{ + if (major < EXTENSION_BASE) + return NULL; + major -= EXTENSION_BASE; + if (major >= NumExtensions) + return NULL; + return extensions[major]; +} + _X_EXPORT void DeclareExtensionSecurity(char *extname, Bool secure) { -#ifdef XCSECURITY +#ifdef XACE int i = FindExtension(extname, strlen(extname)); if (i >= 0) - { - int majorop = extensions[i]->base; - extensions[i]->secure = secure; - if (secure) - { - UntrustedProcVector[majorop] = ProcVector[majorop]; - SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop]; - } - else - { - UntrustedProcVector[majorop] = ProcBadRequest; - SwappedUntrustedProcVector[majorop] = ProcBadRequest; - } - } + XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure); #endif } @@ -307,10 +307,9 @@ ProcQueryExtension(ClientPtr client) { i = FindExtension((char *)&stuff[1], stuff->nbytes); if (i < 0 -#ifdef XCSECURITY - /* don't show insecure extensions to untrusted clients */ - || (client->trustLevel == XSecurityClientUntrusted && - !extensions[i]->secure) +#ifdef XACE + /* call callbacks to find out whether to show extension */ + || !XaceHook(XACE_EXT_ACCESS, client, extensions[i]) #endif ) reply.present = xFalse; @@ -347,10 +346,9 @@ ProcListExtensions(ClientPtr client) for (i=0; i<NumExtensions; i++) { -#ifdef XCSECURITY - /* don't show insecure extensions to untrusted clients */ - if (client->trustLevel == XSecurityClientUntrusted && - !extensions[i]->secure) +#ifdef XACE + /* call callbacks to find out whether to show extension */ + if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) continue; #endif total_length += strlen(extensions[i]->name) + 1; @@ -365,9 +363,8 @@ ProcListExtensions(ClientPtr client) for (i=0; i<NumExtensions; i++) { int len; -#ifdef XCSECURITY - if (client->trustLevel == XSecurityClientUntrusted && - !extensions[i]->secure) +#ifdef XACE + if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) continue; #endif *bufptr++ = len = strlen(extensions[i]->name); diff --git a/dix/property.c b/dix/property.c index e074c68dd..e69b8d8ed 100644 --- a/dix/property.c +++ b/dix/property.c @@ -60,9 +60,8 @@ SOFTWARE. #include "dixstruct.h" #include "dispatch.h" #include "swaprep.h" -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif /***************************************************************** @@ -121,12 +120,12 @@ ProcRotateProperties(ClientPtr client) return(BadAlloc); for (i = 0; i < stuff->nAtoms; i++) { -#ifdef XCSECURITY - char action = SecurityCheckPropertyAccess(client, pWin, atoms[i], +#ifdef XACE + char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i], SecurityReadAccess|SecurityWriteAccess); #endif if (!ValidAtom(atoms[i]) -#ifdef XCSECURITY +#ifdef XACE || (SecurityErrorOperation == action) #endif ) @@ -135,7 +134,7 @@ ProcRotateProperties(ClientPtr client) client->errorValue = atoms[i]; return BadAtom; } -#ifdef XCSECURITY +#ifdef XACE if (SecurityIgnoreOperation == action) { DEALLOCATE_LOCAL(props); @@ -236,8 +235,8 @@ ProcChangeProperty(ClientPtr client) return(BadAtom); } -#ifdef XCSECURITY - switch (SecurityCheckPropertyAccess(client, pWin, stuff->property, +#ifdef XACE + switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, SecurityWriteAccess)) { case SecurityErrorOperation: @@ -504,13 +503,13 @@ ProcGetProperty(ClientPtr client) if (!pProp) return NullPropertyReply(client, None, 0, &reply); -#ifdef XCSECURITY +#ifdef XACE { Mask access_mode = SecurityReadAccess; if (stuff->delete) access_mode |= SecurityDestroyAccess; - switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, + switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, access_mode)) { case SecurityErrorOperation: @@ -666,8 +665,8 @@ ProcDeleteProperty(register ClientPtr client) return (BadAtom); } -#ifdef XCSECURITY - switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, +#ifdef XACE + switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, SecurityDestroyAccess)) { case SecurityErrorOperation: diff --git a/dix/resource.c b/dix/resource.c index bb34bc9d4..abe79dee6 100644 --- a/dix/resource.c +++ b/dix/resource.c @@ -123,6 +123,9 @@ Equipment Corporation. #include "panoramiX.h" #include "panoramiXsrv.h" #endif +#ifdef XACE +#include "xace.h" +#endif #include <assert.h> static void RebuildTable( @@ -821,7 +824,7 @@ LegalNewID(XID id, register ClientPtr client) !LookupIDByClass(id, RC_ANY))); } -#ifdef XCSECURITY +#ifdef XACE /* SecurityLookupIDByType and SecurityLookupIDByClass: * These are the heart of the resource ID security system. They take @@ -854,8 +857,9 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode) break; } } - if (retval && client && client->CheckAccess) - retval = (* client->CheckAccess)(client, id, rtype, mode, retval); + if (retval && client && + !XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval)) + retval = NULL; return retval; } @@ -883,8 +887,9 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode) break; } } - if (retval && client && client->CheckAccess) - retval = (* client->CheckAccess)(client, id, res->type, mode, retval); + if (retval && client && + !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval)) + retval = NULL; return retval; } @@ -906,7 +911,7 @@ LookupIDByClass(XID id, RESTYPE classes) SecurityUnknownAccess); } -#else /* not XCSECURITY */ +#else /* not XACE */ /* * LookupIDByType returns the object with the given id and type, else NULL. @@ -951,4 +956,4 @@ LookupIDByClass(XID id, RESTYPE classes) return (pointer)NULL; } -#endif /* XCSECURITY */ +#endif /* XACE */ diff --git a/dix/window.c b/dix/window.c index 9fba5f832..45a80391f 100644 --- a/dix/window.c +++ b/dix/window.c @@ -129,9 +129,8 @@ Equipment Corporation. #ifdef XAPPGROUP #include <X11/extensions/Xagsrv.h> #endif -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif /****** @@ -726,11 +725,11 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w, } pWin->borderWidth = bw; -#ifdef XCSECURITY +#ifdef XACE /* can't let untrusted clients have background None windows; * they make it too easy to steal window contents */ - if (client->trustLevel != XSecurityClientTrusted) + if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) { pWin->backgroundState = BackgroundPixel; pWin->background.pixel = 0; @@ -1020,9 +1019,9 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt borderRelative = TRUE; if (pixID == None) { -#ifdef XCSECURITY +#ifdef XACE /* can't let untrusted clients have background None windows */ - if (client->trustLevel == XSecurityClientTrusted) + if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) { #endif if (pWin->backgroundState == BackgroundPixmap) @@ -1031,7 +1030,7 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt MakeRootTile(pWin); else pWin->backgroundState = None; -#ifdef XCSECURITY +#ifdef XACE } else { /* didn't change the background to None, so don't tell ddx */ @@ -2719,13 +2718,9 @@ MapWindow(register WindowPtr pWin, ClientPtr client) if (pWin->mapped) return(Success); -#ifdef XCSECURITY - /* don't let an untrusted client map a child-of-trusted-window, InputOnly - * window; too easy to steal device input - */ - if ( (client->trustLevel != XSecurityClientTrusted) && - (pWin->drawable.class == InputOnly) && - (wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) ) +#ifdef XACE + /* general check for permission to map window */ + if (!XaceHook(XACE_MAP_ACCESS, client, pWin)) return Success; #endif diff --git a/include/dix.h b/include/dix.h index 01777213d..56c55b3da 100644 --- a/include/dix.h +++ b/include/dix.h @@ -89,12 +89,9 @@ SOFTWARE. ((client->lastDrawableID == did) ? \ client->lastDrawable : (DrawablePtr)LookupDrawable(did, client)) -#ifdef XCSECURITY +#ifdef XACE #define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\ - if (client->lastDrawableID == did && !client->trustLevel)\ - pDraw = client->lastDrawable;\ - else \ {\ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ RC_DRAWABLE, mode);\ @@ -108,9 +105,6 @@ SOFTWARE. } #define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\ - if (client->lastDrawableID == did && !client->trustLevel)\ - pDraw = client->lastDrawable;\ - else \ {\ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ RC_DRAWABLE, mode);\ @@ -122,9 +116,6 @@ SOFTWARE. } #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ - if (client->lastGCID == rid && !client->trustLevel)\ - pGC = client->lastGC;\ - else\ pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\ if (!pGC)\ {\ @@ -141,7 +132,7 @@ SOFTWARE. #define VERIFY_GC(pGC, rid, client)\ SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess) -#else /* not XCSECURITY */ +#else /* not XACE */ #define VERIFY_DRAWABLE(pDraw, did, client)\ if (client->lastDrawableID == did)\ @@ -191,7 +182,7 @@ SOFTWARE. #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ VERIFY_GC(pGC, rid, client) -#endif /* XCSECURITY */ +#endif /* XACE */ /* * We think that most hardware implementations of DBE will want @@ -386,7 +377,7 @@ extern int CompareISOLatin1Lowered( unsigned char * /*b*/, int blen); -#ifdef XCSECURITY +#ifdef XACE extern WindowPtr SecurityLookupWindow( XID /*rid*/, @@ -422,7 +413,7 @@ extern pointer LookupDrawable( #define SecurityLookupDrawable(rid, client, access_mode) \ LookupDrawable(rid, client) -#endif /* XCSECURITY */ +#endif /* XACE */ extern ClientPtr LookupClient( XID /*rid*/, diff --git a/include/dixstruct.h b/include/dixstruct.h index f38a64d07..1ac7d84b6 100644 --- a/include/dixstruct.h +++ b/include/dixstruct.h @@ -130,15 +130,8 @@ typedef struct _Client { int requestLogIndex; #endif unsigned long replyBytesRemaining; -#ifdef XCSECURITY - XID authId; - unsigned int trustLevel; - pointer (* CheckAccess)( - ClientPtr /*pClient*/, - XID /*id*/, - RESTYPE /*classes*/, - Mask /*access_mode*/, - pointer /*resourceval*/); +#ifdef XACE + pointer securityState[4]; /* 4 slots for use */ #endif #ifdef XAPPGROUP struct _AppGroupRec* appgroup; diff --git a/include/extnsionst.h b/include/extnsionst.h index daf37bf43..8532b69b7 100644 --- a/include/extnsionst.h +++ b/include/extnsionst.h @@ -71,7 +71,7 @@ typedef struct _ExtensionEntry { unsigned short (* MinorOpcode)( /* called for errors */ ClientPtr /* client */); #ifdef XCSECURITY - Bool secure; /* extension visible to untrusted clients? */ + pointer securityState[4]; /* 4 slots for use */ #endif } ExtensionEntry; @@ -129,6 +129,7 @@ extern Bool AddExtensionAlias( ExtensionEntry * /*extension*/); extern ExtensionEntry *CheckExtension(const char *extname); +extern ExtensionEntry *GetExtensionEntry(int major); extern ExtensionLookupProc LookupProc( char* /*name*/, diff --git a/include/resource.h b/include/resource.h index 49c189869..c08998c9f 100644 --- a/include/resource.h +++ b/include/resource.h @@ -227,7 +227,7 @@ extern pointer LookupClientResourceComplex( #define SecurityWriteAccess (1<<1) /* changing the object */ #define SecurityDestroyAccess (1<<2) /* destroying the object */ -#ifdef XCSECURITY +#ifdef XACE extern pointer SecurityLookupIDByType( ClientPtr /*client*/, @@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass( RESTYPE /*classes*/, Mask /*access_mode*/); -#else /* not XCSECURITY */ +#else /* not XACE */ #define SecurityLookupIDByType(client, id, rtype, access_mode) \ LookupIDByType(id, rtype) @@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass( #define SecurityLookupIDByClass(client, id, classes, access_mode) \ LookupIDByClass(id, classes) -#endif /* XCSECURITY */ +#endif /* XACE */ extern void GetXIDRange( int /*client*/, diff --git a/os/access.c b/os/access.c index 62af2f91f..dc54beef7 100644 --- a/os/access.c +++ b/os/access.c @@ -202,9 +202,8 @@ SOFTWARE. #include "dixstruct.h" #include "osdep.h" -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif #ifndef PATH_MAX @@ -1383,15 +1382,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client) pointer addr; register HOST *host; -#ifdef XCSECURITY - /* untrusted clients can't change host access */ - if (client->trustLevel != XSecurityClientTrusted) - { - SecurityAudit("client %d attempted to change host access\n", - client->index); - return FALSE; - } -#endif if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, ¬used, &alen, &from)) { @@ -1534,6 +1524,11 @@ AuthorizedClient(ClientPtr client) { if (!client || defeatAccessControl) return TRUE; +#ifdef XACE + /* untrusted clients can't change host access */ + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess)) + return FALSE; +#endif return LocalClient(client); } diff --git a/os/connection.c b/os/connection.c index 21c1ea641..eb1bcbef9 100644 --- a/os/connection.c +++ b/os/connection.c @@ -150,6 +150,9 @@ extern __const__ int _nfiles; #ifdef XAPPGROUP #include <X11/extensions/Xagsrv.h> #endif +#ifdef XACE +#include "xace.h" +#endif #ifdef XCSECURITY #define _SECURITY_SERVER #include <X11/extensions/security.h> @@ -693,9 +696,8 @@ ClientAuthorized(ClientPtr client, /* indicate to Xdmcp protocol that we've opened new client */ XdmcpOpenDisplay(priv->fd); #endif /* XDMCP */ -#ifdef XAPPGROUP - if (ClientStateCallback) - XagCallClientStateChange (client); +#ifdef XACE + XaceHook(XACE_AUTH_AVAIL, client, auth_id); #endif /* At this point, if the client is authorized to change the access control * list, we should getpeername() information, and add the client to |