diff options
| author | Peter Hutterer <peter@cs.unisa.edu.au> | 2008-01-03 17:04:54 +1030 |
|---|---|---|
| committer | Peter Hutterer <peter@cs.unisa.edu.au> | 2008-01-03 17:04:54 +1030 |
| commit | 8da83836b60f7cdb75d08482f4311fa0e2ab4e1d (patch) | |
| tree | 092efcfc39e3e293baaf04c4c84027ee453d3e13 /Xext | |
| parent | eace88989c3b65d5c20e9f37ea9b23c7c8e19335 (diff) | |
| parent | ae869fc7669764729e13fdd70149ed636753f2a3 (diff) | |
Merge branch 'master' into mpx
Conflicts:
XTrap/xtrapddmi.c
Xext/security.c
Xext/xprint.c
Xext/xtest.c
Xext/xvdisp.c
Xi/exevents.c
Xi/grabdevb.c
Xi/grabdevk.c
Xi/opendev.c
Xi/ungrdev.c
Xi/ungrdevb.c
Xi/ungrdevk.c
dix/cursor.c
dix/devices.c
dix/dixutils.c
dix/events.c
dix/getevents.c
dix/main.c
dix/window.c
hw/xfree86/ramdac/xf86Cursor.c
include/dix.h
include/input.h
include/inputstr.h
mi/midispcur.c
mi/miinitext.c
mi/misprite.c
render/animcur.c
xfixes/cursor.c
xkb/xkbAccessX.c
Diffstat (limited to 'Xext')
39 files changed, 2709 insertions, 2444 deletions
diff --git a/Xext/EVI.c b/Xext/EVI.c index edf8d66e9..50b6d3db9 100644 --- a/Xext/EVI.c +++ b/Xext/EVI.c @@ -35,9 +35,6 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. #include "EVIstruct.h" #include "modinit.h" -#if 0 -static unsigned char XEVIReqCode = 0; -#endif static EviPrivPtr eviPriv; static int @@ -182,19 +179,9 @@ EVIResetProc(ExtensionEntry *extEntry) void EVIExtensionInit(INITARGS) { -#if 0 - ExtensionEntry *extEntry; - - if ((extEntry = AddExtension(EVINAME, 0, 0, - ProcEVIDispatch, - SProcEVIDispatch, - EVIResetProc, StandardMinorOpcode))) { - XEVIReqCode = (unsigned char)extEntry->base; -#else if (AddExtension(EVINAME, 0, 0, ProcEVIDispatch, SProcEVIDispatch, EVIResetProc, StandardMinorOpcode)) { -#endif eviPriv = eviDDXInit(); } } diff --git a/Xext/Makefile.am b/Xext/Makefile.am index b6a2b5981..4f0429e7b 100644 --- a/Xext/Makefile.am +++ b/Xext/Makefile.am @@ -34,9 +34,6 @@ MODULE_SRCS = \ sync.c \ xcmisc.c -# Extra configuration files ship with some extensions -SERVERCONFIG_DATA = - # Optional sources included if extension enabled by configure.ac rules # MIT Shared Memory extension @@ -76,13 +73,17 @@ if XACE BUILTIN_SRCS += $(XACE_SRCS) endif +# SELinux extension: provides SELinux policy support for X objects +# requires X-ACE extension +XSELINUX_SRCS = xselinux.c xselinux.h +if XSELINUX +BUILTIN_SRCS += $(XSELINUX_SRCS) +endif + # Security extension: multi-level security to protect clients from each other XCSECURITY_SRCS = security.c securitysrv.h if XCSECURITY BUILTIN_SRCS += $(XCSECURITY_SRCS) - -SERVERCONFIG_DATA += SecurityPolicy -AM_CFLAGS += -DDEFAULTPOLICYFILE=\"$(SERVERCONFIGdir)/SecurityPolicy\" endif XCALIBRATE_SRCS = xcalibrate.c @@ -160,7 +161,6 @@ libXextmodule_la_SOURCES = $(MODULE_SRCS) endif EXTRA_DIST = \ - $(SERVERCONFIG_DATA) \ $(MITSHM_SRCS) \ $(XV_SRCS) \ $(RES_SRCS) \ diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy deleted file mode 100644 index cc521c263..000000000 --- a/Xext/SecurityPolicy +++ /dev/null @@ -1,88 +0,0 @@ -version-1 - -# $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $ - -# The site policy fields are interpreted by the XC-QUERY-SECURITY-1 -# authorization protocol. The values are arbitrary and site-specific. -# Refer to the Security Extension Specification for the usage of the policies. -#sitepolicy A -#sitepolicy B -#sitepolicy C - -# Property access rules: -# property <property> <window> <permissions> -# <window> ::= any | root | <propertyselector> -# <propertyselector> ::= <property> | <property>=<value> -# <permissions> :== [ <operation> | <action> | <space> ]* -# <operation> :== r | w | d -# r read -# w write -# d delete -# <action> :== a | i | e -# a allow -# i ignore -# e error - -# Allow reading of application resources, but not writing. -property RESOURCE_MANAGER root ar iw -property SCREEN_RESOURCES root ar iw - -# Ignore attempts to use cut buffers. Giving errors causes apps to crash, -# and allowing access may give away too much information. -property CUT_BUFFER0 root irw -property CUT_BUFFER1 root irw -property CUT_BUFFER2 root irw -property CUT_BUFFER3 root irw -property CUT_BUFFER4 root irw -property CUT_BUFFER5 root irw -property CUT_BUFFER6 root irw -property CUT_BUFFER7 root irw - -# If you are using Motif, you probably want these. -property _MOTIF_DEFAULT_BINDINGS root ar iw -property _MOTIF_DRAG_WINDOW root ar iw -property _MOTIF_DRAG_TARGETS any ar iw -property _MOTIF_DRAG_ATOMS any ar iw -property _MOTIF_DRAG_ATOM_PAIRS any ar iw - -# If you are running CDE you also need these -property _MOTIF_WM_INFO root arw -property TT_SESSION root irw -property WM_ICON_SIZE root irw -property "SDT Pixel Set" any irw - -# The next two rules let xwininfo -tree work when untrusted. -property WM_NAME any ar - -# Allow read of WM_CLASS, but only for windows with WM_NAME. -# This might be more restrictive than necessary, but demonstrates -# the <required property> facility, and is also an attempt to -# say "top level windows only." -property WM_CLASS WM_NAME ar - -# These next three let xlsclients work untrusted. Think carefully -# before including these; giving away the client machine name and command -# may be exposing too much. -property WM_STATE WM_NAME ar -property WM_CLIENT_MACHINE WM_NAME ar -property WM_COMMAND WM_NAME ar - -# To let untrusted clients use the standard colormaps created by -# xstdcmap, include these lines. -property RGB_DEFAULT_MAP root ar -property RGB_BEST_MAP root ar -property RGB_RED_MAP root ar -property RGB_GREEN_MAP root ar -property RGB_BLUE_MAP root ar -property RGB_GRAY_MAP root ar - -# To let untrusted clients use the color management database created -# by xcmsdb, include these lines. -property XDCCC_LINEAR_RGB_CORRECTION root ar -property XDCCC_LINEAR_RGB_MATRICES root ar -property XDCCC_GRAY_SCREENWHITEPOINT root ar -property XDCCC_GRAY_CORRECTION root ar - -# To let untrusted clients use the overlay visuals that many vendors -# support, include this line. -property SERVER_OVERLAY_VISUALS root ar diff --git a/Xext/appgroup.c b/Xext/appgroup.c index d721afce0..76487a0a0 100644 --- a/Xext/appgroup.c +++ b/Xext/appgroup.c @@ -345,7 +345,7 @@ int AttrValidate( ColormapPtr pColormap; rc = dixLookupWindow(&pWin, pAppGrp->default_root, client, - DixUnknownAccess); + DixGetAttrAccess); if (rc != Success) return rc; pScreen = pWin->drawable.pScreen; @@ -367,8 +367,10 @@ int AttrValidate( } if (pAppGrp->default_colormap) { - pColormap = (ColormapPtr)LookupIDByType (pAppGrp->default_colormap, RT_COLORMAP); - /* XXX check that pColormap is not NULL */ + rc = dixLookupResource((pointer *)&pColormap, pAppGrp->default_colormap, + RT_COLORMAP, client, DixUseAccess); + if (rc != Success) + return rc; if (pColormap->pScreen != pScreen) return BadColor; if (pColormap->pVisual->vid != (pAppGrp->root_visual ? pAppGrp->root_visual : pScreen->rootVisual)) @@ -470,7 +472,7 @@ int ProcXagQuery( int n, rc; REQUEST_SIZE_MATCH (xXagQueryReq); - rc = dixLookupClient(&pClient, stuff->resource, client, DixUnknownAccess); + rc = dixLookupClient(&pClient, stuff->resource, client, DixGetAttrAccess); if (rc != Success) return rc; diff --git a/Xext/bigreq.c b/Xext/bigreq.c index f1f85f9fb..f0dec2960 100644 --- a/Xext/bigreq.c +++ b/Xext/bigreq.c @@ -41,10 +41,6 @@ from The Open Group. #include "opaque.h" #include "modinit.h" -#if 0 -static unsigned char XBigReqCode; -#endif - static void BigReqResetProc( ExtensionEntry * /* extEntry */ ); @@ -54,20 +50,9 @@ static DISPATCH_PROC(ProcBigReqDispatch); void BigReqExtensionInit(INITARGS) { -#if 0 - ExtensionEntry *extEntry; - - if ((extEntry = AddExtension(XBigReqExtensionName, 0, 0, - ProcBigReqDispatch, ProcBigReqDispatch, - BigReqResetProc, StandardMinorOpcode)) != 0) - XBigReqCode = (unsigned char)extEntry->base; -#else - (void) AddExtension(XBigReqExtensionName, 0, 0, - ProcBigReqDispatch, ProcBigReqDispatch, - BigReqResetProc, StandardMinorOpcode); -#endif - - DeclareExtensionSecurity(XBigReqExtensionName, TRUE); + AddExtension(XBigReqExtensionName, 0, 0, + ProcBigReqDispatch, ProcBigReqDispatch, + BigReqResetProc, StandardMinorOpcode); } /*ARGSUSED*/ diff --git a/Xext/cup.c b/Xext/cup.c index d146959e4..79e11deff 100644 --- a/Xext/cup.c +++ b/Xext/cup.c @@ -51,11 +51,6 @@ static int ProcDispatch(ClientPtr client); static int SProcDispatch(ClientPtr client); static void ResetProc(ExtensionEntry* extEntry); -#if 0 -static unsigned char ReqCode = 0; -static int ErrorBase; -#endif - #if defined(WIN32) || defined(TESTWIN32) #define HAVE_SPECIAL_DESKTOP_COLORS #endif @@ -128,20 +123,6 @@ static xColorItem citems[] = { void XcupExtensionInit (INITARGS) { -#if 0 - ExtensionEntry* extEntry; - - if ((extEntry = AddExtension (XCUPNAME, - 0, - XcupNumberErrors, - ProcDispatch, - SProcDispatch, - ResetProc, - StandardMinorOpcode))) { - ReqCode = (unsigned char)extEntry->base; - ErrorBase = extEntry->errorBase; - } -#else (void) AddExtension (XCUPNAME, 0, XcupNumberErrors, @@ -149,7 +130,6 @@ XcupExtensionInit (INITARGS) SProcDispatch, ResetProc, StandardMinorOpcode); -#endif /* PC servers initialize the desktop colors (citems) here! */ } @@ -224,12 +204,13 @@ int ProcStoreColors( { REQUEST (xXcupStoreColorsReq); ColormapPtr pcmp; + int rc; REQUEST_AT_LEAST_SIZE (xXcupStoreColorsReq); - pcmp = (ColormapPtr) SecurityLookupIDByType (client, stuff->cmap, - RT_COLORMAP, DixWriteAccess); + rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, + client, DixAddAccess); - if (pcmp) { + if (rc == Success) { int ncolors, n; xXcupStoreColorsReply rep; xColorItem* cptr; @@ -273,7 +254,7 @@ int ProcStoreColors( return client->noClientException; } else { client->errorValue = stuff->cmap; - return BadColor; + return (rc == BadValue) ? BadColor : rc; } } diff --git a/Xext/dpms.c b/Xext/dpms.c index edd9ff766..0723c4694 100644 --- a/Xext/dpms.c +++ b/Xext/dpms.c @@ -50,9 +50,6 @@ Equipment Corporation. #include "dpmsproc.h" #include "modinit.h" -#if 0 -static unsigned char DPMSCode; -#endif static DISPATCH_PROC(ProcDPMSDispatch); static DISPATCH_PROC(SProcDPMSDispatch); static DISPATCH_PROC(ProcDPMSGetVersion); @@ -76,18 +73,9 @@ static void DPMSResetProc(ExtensionEntry* extEntry); void DPMSExtensionInit(INITARGS) { -#if 0 - ExtensionEntry *extEntry; - - if ((extEntry = AddExtension(DPMSExtensionName, 0, 0, - ProcDPMSDispatch, SProcDPMSDispatch, - DPMSResetProc, StandardMinorOpcode))) - DPMSCode = (unsigned char)extEntry->base; -#else - (void) AddExtension(DPMSExtensionName, 0, 0, - ProcDPMSDispatch, SProcDPMSDispatch, - DPMSResetProc, StandardMinorOpcode); -#endif + AddExtension(DPMSExtensionName, 0, 0, + ProcDPMSDispatch, SProcDPMSDispatch, + DPMSResetProc, StandardMinorOpcode); } /*ARGSUSED*/ @@ -218,7 +206,7 @@ ProcDPMSDisable(client) REQUEST_SIZE_MATCH(xDPMSDisableReq); - DPMSSet(DPMSModeOn); + DPMSSet(client, DPMSModeOn); DPMSEnabled = FALSE; @@ -253,7 +241,7 @@ ProcDPMSForceLevel(client) return BadValue; } - DPMSSet(stuff->level); + DPMSSet(client, stuff->level); return(client->noClientException); } diff --git a/Xext/dpmsproc.h b/Xext/dpmsproc.h index f5485ea79..d57f57318 100644 --- a/Xext/dpmsproc.h +++ b/Xext/dpmsproc.h @@ -8,7 +8,9 @@ #ifndef _DPMSPROC_H_ #define _DPMSPROC_H_ -void DPMSSet(int level); +#include "dixstruct.h" + +int DPMSSet(ClientPtr client, int level); int DPMSGet(int *plevel); Bool DPMSSupported(void); diff --git a/Xext/dpmsstubs.c b/Xext/dpmsstubs.c index 9f99a2d22..0f59d5160 100644 --- a/Xext/dpmsstubs.c +++ b/Xext/dpmsstubs.c @@ -26,8 +26,6 @@ Equipment Corporation. ******************************************************************/ -typedef int Bool; - #ifdef HAVE_DIX_CONFIG_H #include <dix-config.h> #endif @@ -46,7 +44,7 @@ int DPMSGet(int *plevel) return -1; } -void DPMSSet(int level) +int DPMSSet(ClientPtr client, int level) { - + return Success; } diff --git a/Xext/fontcache.c b/Xext/fontcache.c index 1b1ca41aa..b11968aec 100644 --- a/Xext/fontcache.c +++ b/Xext/fontcache.c @@ -67,10 +67,6 @@ static DISPATCH_PROC(SProcFontCacheGetCacheStatistics); static DISPATCH_PROC(SProcFontCacheQueryVersion); static DISPATCH_PROC(SProcFontCacheChangeCacheSettings); -#if 0 -static unsigned char FontCacheReqCode = 0; -#endif - void FontCacheExtensionInit(INITARGS) { @@ -84,9 +80,6 @@ FontCacheExtensionInit(INITARGS) SProcFontCacheDispatch, FontCacheResetProc, StandardMinorOpcode))) { -#if 0 - FontCacheReqCode = (unsigned char)extEntry->base; -#endif miscErrorBase = extEntry->errorBase; } } diff --git a/Xext/geext.c b/Xext/geext.c index 0c5fcabac..8f48e4493 100644 --- a/Xext/geext.c +++ b/Xext/geext.c @@ -38,7 +38,7 @@ from the author. int GEEventBase; int GEErrorBase; -int GEClientPrivateIndex; +DevPrivateKey GEClientPrivateKey = &GEClientPrivateKey; int GEEventType; /* The opcode for all GenericEvents will have. */ @@ -96,7 +96,6 @@ static int ProcGEQueryVersion(ClientPtr client) swaps(&rep.minorVersion, n); } - WriteToClient(client, sizeof(xGEQueryVersionReply), (char*)&rep); return(client->noClientException); } @@ -166,6 +165,12 @@ static void GEClientCallback(CallbackListPtr *list, ClientPtr pClient = clientinfo->client; GEClientInfoPtr pGEClient = GEGetClient(pClient); + if (pGEClient == NULL) + { + pGEClient = xcalloc(1, sizeof(GEClientInfoRec)); + dixSetPrivate(&pClient->devPrivates, GEClientPrivateKey, pGEClient); + } + pGEClient->major_version = 0; pGEClient->minor_version = 0; } @@ -200,18 +205,11 @@ SGEGenericEvent(xEvent* from, xEvent* to) } /* init extension, register at server */ -void +void GEExtensionInit(void) { ExtensionEntry *extEntry; - GEClientPrivateIndex = AllocateClientPrivateIndex(); - if (!AllocateClientPrivate(GEClientPrivateIndex, - sizeof(GenericMaskRec))) - { - FatalError("GEExtensionInit: Alloc client private failed.\n"); - } - if(!AddCallback(&ClientStateCallback, GEClientCallback, 0)) { FatalError("GEExtensionInit: register client callback failed.\n"); @@ -228,7 +226,7 @@ GEExtensionInit(void) memset(GEExtensions, 0, sizeof(GEExtensions)); - EventSwapVector[X_GenericEvent] = (EventSwapPtr) SGEGenericEvent; + EventSwapVector[GenericEvent] = (EventSwapPtr) SGEGenericEvent; } else { FatalError("GEInit: AddExtensions failed.\n"); } diff --git a/Xext/geint.h b/Xext/geint.h index 9e131d3b3..57404d872 100644 --- a/Xext/geint.h +++ b/Xext/geint.h @@ -45,14 +45,14 @@ from the author. extern int GEEventType; extern int GEEventBase; extern int GEErrorBase; -extern int GEClientPrivateIndex; +extern DevPrivateKey GEClientPrivateKey; typedef struct _GEClientInfo { CARD32 major_version; CARD32 minor_version; } GEClientInfoRec, *GEClientInfoPtr; -#define GEGetClient(pClient) ((GEClientInfoPtr) (pClient)->devPrivates[GEClientPrivateIndex].ptr) +#define GEGetClient(pClient) ((GEClientInfoPtr)(dixLookupPrivate(&((pClient)->devPrivates), GEClientPrivateKey))) extern int (*ProcGEVector[/*GENumRequests*/])(ClientPtr); extern int (*SProcGEVector[/*GENumRequests*/])(ClientPtr); diff --git a/Xext/mbuf.c b/Xext/mbuf.c index 348a18db3..199236700 100644 --- a/Xext/mbuf.c +++ b/Xext/mbuf.c @@ -59,9 +59,6 @@ in this Software without prior written authorization from The Open Group. #define ValidEventMasks (ExposureMask|MultibufferClobberNotifyMask|MultibufferUpdateNotifyMask) -#if 0 -static unsigned char MultibufferReqCode; -#endif static int MultibufferEventBase; static int MultibufferErrorBase; int MultibufferScreenIndex = -1; @@ -235,7 +232,7 @@ MultibufferExtensionInit() * create the resource types */ MultibufferDrawableResType = - CreateNewResourceType(MultibufferDrawableDelete)|RC_CACHED|RC_DRAWABLE; + CreateNewResourceType(MultibufferDrawableDelete)|RC_DRAWABLE; MultibufferResType = CreateNewResourceType(MultibufferDelete); MultibuffersResType = CreateNewResourceType(MultibuffersDelete); OtherClientResType = CreateNewResourceType(OtherClientDelete); @@ -247,9 +244,6 @@ MultibufferExtensionInit() ProcMultibufferDispatch, SProcMultibufferDispatch, MultibufferResetProc, StandardMinorOpcode))) { -#if 0 - MultibufferReqCode = (unsigned char)extEntry->base; -#endif MultibufferEventBase = extEntry->eventBase; MultibufferErrorBase = extEntry->errorBase; EventSwapVector[MultibufferEventBase + MultibufferClobberNotify] = (EventSwapPtr) SClobberNotifyEvent; diff --git a/Xext/mitmisc.c b/Xext/mitmisc.c index 365c7e638..07245c787 100644 --- a/Xext/mitmisc.c +++ b/Xext/mitmisc.c @@ -42,10 +42,6 @@ in this Software without prior written authorization from The Open Group. #include <X11/extensions/mitmiscstr.h> #include "modinit.h" -#if 0 -static unsigned char MITReqCode; -#endif - static void MITResetProc( ExtensionEntry * /* extEntry */ ); @@ -60,18 +56,9 @@ static DISPATCH_PROC(SProcMITSetBugMode); void MITMiscExtensionInit(INITARGS) { -#if 0 - ExtensionEntry *extEntry; - - if ((extEntry = AddExtension(MITMISCNAME, 0, 0, - ProcMITDispatch, SProcMITDispatch, - MITResetProc, StandardMinorOpcode)) != 0) - MITReqCode = (unsigned char)extEntry->base; -#else - (void) AddExtension(MITMISCNAME, 0, 0, - ProcMITDispatch, SProcMITDispatch, - MITResetProc, StandardMinorOpcode); -#endif + AddExtension(MITMISCNAME, 0, 0, + ProcMITDispatch, SProcMITDispatch, + MITResetProc, StandardMinorOpcode); } /*ARGSUSED*/ diff --git a/Xext/panoramiX.c b/Xext/panoramiX.c index 93c6fb4c5..87d52a9db 100644 --- a/Xext/panoramiX.c +++ b/Xext/panoramiX.c @@ -65,9 +65,6 @@ extern VisualPtr glxMatchVisual(ScreenPtr pScreen, ScreenPtr pMatchScreen); #endif -#if 0 -static unsigned char PanoramiXReqCode = 0; -#endif /* * PanoramiX data declarations */ @@ -110,8 +107,8 @@ static void PanoramiXResetProc(ExtensionEntry*); int (* SavedProcVector[256]) (ClientPtr client) = { NULL, }; -static int PanoramiXGCIndex = -1; -static int PanoramiXScreenIndex = -1; +static DevPrivateKey PanoramiXGCKey = &PanoramiXGCKey; +static DevPrivateKey PanoramiXScreenKey = &PanoramiXScreenKey; typedef struct { DDXPointRec clipOrg; @@ -140,8 +137,8 @@ static GCFuncs XineramaGCFuncs = { }; #define Xinerama_GC_FUNC_PROLOGUE(pGC)\ - PanoramiXGCPtr pGCPriv = \ - (PanoramiXGCPtr) (pGC)->devPrivates[PanoramiXGCIndex].ptr;\ + PanoramiXGCPtr pGCPriv = (PanoramiXGCPtr) \ + dixLookupPrivate(&(pGC)->devPrivates, PanoramiXGCKey); \ (pGC)->funcs = pGCPriv->wrapFuncs; #define Xinerama_GC_FUNC_EPILOGUE(pGC)\ @@ -152,8 +149,8 @@ static GCFuncs XineramaGCFuncs = { static Bool XineramaCloseScreen (int i, ScreenPtr pScreen) { - PanoramiXScreenPtr pScreenPriv = - (PanoramiXScreenPtr) pScreen->devPrivates[PanoramiXScreenIndex].ptr; + PanoramiXScreenPtr pScreenPriv = (PanoramiXScreenPtr) + dixLookupPrivate(&pScreen->devPrivates, PanoramiXScreenKey); pScreen->CloseScreen = pScreenPriv->CloseScreen; pScreen->CreateGC = pScreenPriv->CreateGC; @@ -171,14 +168,14 @@ static Bool XineramaCreateGC(GCPtr pGC) { ScreenPtr pScreen = pGC->pScreen; - PanoramiXScreenPtr pScreenPriv = - (PanoramiXScreenPtr) pScreen->devPrivates[PanoramiXScreenIndex].ptr; + PanoramiXScreenPtr pScreenPriv = (PanoramiXScreenPtr) + dixLookupPrivate(&pScreen->devPrivates, PanoramiXScreenKey); Bool ret; pScreen->CreateGC = pScreenPriv->CreateGC; if((ret = (*pScreen->CreateGC)(pGC))) { - PanoramiXGCPtr pGCPriv = - (PanoramiXGCPtr) pGC->devPrivates[PanoramiXGCIndex].ptr; + PanoramiXGCPtr pGCPriv = (PanoramiXGCPtr) + dixLookupPrivate(&pGC->devPrivates, PanoramiXGCKey); pGCPriv->wrapFuncs = pGC->funcs; pGC->funcs = &XineramaGCFuncs; @@ -284,8 +281,8 @@ XineramaCopyGC ( unsigned long mask, GCPtr pGCDst ){ - PanoramiXGCPtr pSrcPriv = - (PanoramiXGCPtr) pGCSrc->devPrivates[PanoramiXGCIndex].ptr; + PanoramiXGCPtr pSrcPriv = (PanoramiXGCPtr) + dixLookupPrivate(&pGCSrc->devPrivates, PanoramiXGCKey); Xinerama_GC_FUNC_PROLOGUE (pGCDst); if(mask & GCTileStipXOrigin) @@ -471,10 +468,6 @@ void PanoramiXExtensionInit(int argc, char *argv[]) break; } -#if 0 - PanoramiXReqCode = (unsigned char)extEntry->base; -#endif - /* * First make sure all the basic allocations succeed. If not, * run in non-PanoramiXeen mode. @@ -484,20 +477,17 @@ void PanoramiXExtensionInit(int argc, char *argv[]) xcalloc(PanoramiXNumScreens, sizeof(PanoramiXData)); BREAK_IF(!panoramiXdataPtr); - BREAK_IF((PanoramiXGCIndex = AllocateGCPrivateIndex()) < 0); - BREAK_IF((PanoramiXScreenIndex = AllocateScreenPrivateIndex()) < 0); + + if (!dixRequestPrivate(PanoramiXGCKey, sizeof(PanoramiXGCRec))) { + noPanoramiXExtension = TRUE; + return; + } for (i = 0; i < PanoramiXNumScreens; i++) { pScreen = screenInfo.screens[i]; - if(!AllocateGCPrivate(pScreen, PanoramiXGCIndex, - sizeof(PanoramiXGCRec))) { - noPanoramiXExtension = TRUE; - return; - } - pScreenPriv = xalloc(sizeof(PanoramiXScreenRec)); - pScreen->devPrivates[PanoramiXScreenIndex].ptr = - (pointer)pScreenPriv; + dixSetPrivate(&pScreen->devPrivates, PanoramiXScreenKey, + pScreenPriv); if(!pScreenPriv) { noPanoramiXExtension = TRUE; return; diff --git a/Xext/panoramiXSwap.c b/Xext/panoramiXSwap.c index dabab1f0e..e1720c9ab 100644 --- a/Xext/panoramiXSwap.c +++ b/Xext/panoramiXSwap.c @@ -41,10 +41,6 @@ Equipment Corporation. #include "window.h" #include "windowstr.h" #include "pixmapstr.h" -#if 0 -#include <sys/workstation.h> -#include <X11/Xserver/ws.h> -#endif #include "panoramiX.h" #include <X11/extensions/panoramiXproto.h> #include "panoramiXsrv.h" @@ -70,6 +66,7 @@ SProcPanoramiXGetState(ClientPtr client) swaps (&stuff->length, n); REQUEST_SIZE_MATCH(xPanoramiXGetStateReq); + swapl (&stuff->window, n); return ProcPanoramiXGetState(client); } @@ -81,6 +78,7 @@ SProcPanoramiXGetScreenCount(ClientPtr client) swaps (&stuff->length, n); REQUEST_SIZE_MATCH(xPanoramiXGetScreenCountReq); + swapl (&stuff->window, n); return ProcPanoramiXGetScreenCount(client); } @@ -92,6 +90,8 @@ SProcPanoramiXGetScreenSize(ClientPtr client) swaps (&stuff->length, n); REQUEST_SIZE_MATCH(xPanoramiXGetScreenSizeReq); + swapl (&stuff->window, n); + swapl (&stuff->screen, n); return ProcPanoramiXGetScreenSize(client); } diff --git a/Xext/panoramiXprocs.c b/Xext/panoramiXprocs.c index f51f65663..f9a579625 100644 --- a/Xext/panoramiXprocs.c +++ b/Xext/panoramiXprocs.c @@ -54,16 +54,6 @@ Equipment Corporation. #define INPUTONLY_LEGAL_MASK (CWWinGravity | CWEventMask | \ CWDontPropagate | CWOverrideRedirect | CWCursor ) -#if 0 -extern void (* EventSwapVector[128]) (fsError *, fsError *); - -extern void Swap32Write(); -extern void SLHostsExtend(); -extern void SQColorsExtend(); -WriteSConnectionInfo(); -extern void WriteSConnSetupPrefix(); -#endif - /* Various of the DIX function interfaces were not designed to allow * the client->errorValue to be set on BadValue and other errors. * Rather than changing interfaces and breaking untold code we introduce @@ -1049,8 +1039,7 @@ int PanoramiXCopyArea(ClientPtr client) FOR_NSCREENS_BACKWARD(j) { stuff->gc = gc->info[j].id; - VALIDATE_DRAWABLE_AND_GC(dst->info[j].id, pDst, pGC, client); - + VALIDATE_DRAWABLE_AND_GC(dst->info[j].id, pDst, DixWriteAccess); if(drawables[0]->depth != pDst->depth) { client->errorValue = stuff->dstDrawable; xfree(data); @@ -1086,7 +1075,8 @@ int PanoramiXCopyArea(ClientPtr client) stuff->dstY = dsty - panoramiXdataPtr[j].y; } - VALIDATE_DRAWABLE_AND_GC(stuff->dstDrawable, pDst, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->dstDrawable, pDst, DixWriteAccess); + if (stuff->dstDrawable != stuff->srcDrawable) { rc = dixLookupDrawable(&pSrc, stuff->srcDrawable, client, 0, DixReadAccess); @@ -1195,7 +1185,7 @@ int PanoramiXCopyPlane(ClientPtr client) stuff->dstY = dsty - panoramiXdataPtr[j].y; } - VALIDATE_DRAWABLE_AND_GC(stuff->dstDrawable, pdstDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->dstDrawable, pdstDraw, DixWriteAccess); if (stuff->dstDrawable != stuff->srcDrawable) { rc = dixLookupDrawable(&psrcDraw, stuff->srcDrawable, client, 0, DixReadAccess); diff --git a/Xext/saver.c b/Xext/saver.c index 99b87aae2..d4786b9b8 100644 --- a/Xext/saver.c +++ b/Xext/saver.c @@ -48,6 +48,7 @@ in this Software without prior written authorization from the X Consortium. #include "gcstruct.h" #include "cursorstr.h" #include "colormapst.h" +#include "xace.h" #ifdef PANORAMIX #include "panoramiX.h" #include "panoramiXsrv.h" @@ -61,9 +62,6 @@ in this Software without prior written authorization from the X Consortium. #include "modinit.h" -#if 0 -static unsigned char ScreenSaverReqCode = 0; -#endif static int ScreenSaverEventBase = 0; static DISPATCH_PROC(ProcScreenSaverQueryInfo); @@ -234,10 +232,12 @@ MakeScreenPrivate ( ScreenPtr /* pScreen */ ); -static int ScreenPrivateIndex; +static DevPrivateKey ScreenPrivateKey = &ScreenPrivateKey; -#define GetScreenPrivate(s) ((ScreenSaverScreenPrivatePtr)(s)->devPrivates[ScreenPrivateIndex].ptr) -#define SetScreenPrivate(s,v) ((s)->devPrivates[ScreenPrivateIndex].ptr = (pointer) v); +#define GetScreenPrivate(s) ((ScreenSaverScreenPrivatePtr) \ + dixLookupPrivate(&(s)->devPrivates, ScreenPrivateKey)) +#define SetScreenPrivate(s,v) \ + dixSetPrivate(&(s)->devPrivates, ScreenPrivateKey, v); #define SetupScreen(s) ScreenSaverScreenPrivatePtr pPriv = (s ? GetScreenPrivate(s) : NULL) #define New(t) ((t *) xalloc (sizeof (t))) @@ -260,21 +260,17 @@ ScreenSaverExtensionInit(INITARGS) AttrType = CreateNewResourceType(ScreenSaverFreeAttr); EventType = CreateNewResourceType(ScreenSaverFreeEvents); SuspendType = CreateNewResourceType(ScreenSaverFreeSuspend); - ScreenPrivateIndex = AllocateScreenPrivateIndex (); for (i = 0; i < screenInfo.numScreens; i++) { pScreen = screenInfo.screens[i]; SetScreenPrivate (pScreen, NULL); } - if (AttrType && EventType && SuspendType && ScreenPrivateIndex != -1 && + if (AttrType && EventType && SuspendType && (extEntry = AddExtension(ScreenSaverName, ScreenSaverNumberEvents, 0, ProcScreenSaverDispatch, SProcScreenSaverDispatch, ScreenSaverResetProc, StandardMinorOpcode))) { -#if 0 - ScreenSaverReqCode = (unsigned char)extEntry->base; -#endif ScreenSaverEventBase = extEntry->eventBase; EventSwapVector[ScreenSaverEventBase] = (EventSwapPtr) SScreenSaverNotifyEvent; } @@ -454,8 +450,8 @@ ScreenSaverFreeAttr (value, id) pPriv->attr = NULL; if (pPriv->hasWindow) { - SaveScreens (SCREEN_SAVER_FORCER, ScreenSaverReset); - SaveScreens (SCREEN_SAVER_FORCER, ScreenSaverActive); + dixSaveScreens (serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset); + dixSaveScreens (serverClient, SCREEN_SAVER_FORCER, ScreenSaverActive); } CheckScreenPrivate (pScreen); return TRUE; @@ -788,7 +784,11 @@ ProcScreenSaverQueryInfo (client) REQUEST_SIZE_MATCH (xScreenSaverQueryInfoReq); rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, - DixUnknownAccess); + DixGetAttrAccess); + if (rc != Success) + return rc; + rc = XaceHook(XACE_SCREENSAVER_ACCESS, client, pDraw->pScreen, + DixGetAttrAccess); if (rc != Success) return rc; @@ -857,9 +857,15 @@ ProcScreenSaverSelectInput (client) REQUEST_SIZE_MATCH (xScreenSaverSelectInputReq); rc = dixLookupDrawable (&pDraw, stuff->drawable, client, 0, - DixUnknownAccess); + DixGetAttrAccess); if (rc != Success) return rc; + + rc = XaceHook(XACE_SCREENSAVER_ACCESS, client, pDraw->pScreen, + DixSetAttrAccess); + if (rc != Success) + return rc; + if (!setEventMask (pDraw->pScreen, client, stuff->eventMask)) return BadAlloc; return Success; @@ -893,12 +899,16 @@ ScreenSaverSetAttributes (ClientPtr client) REQUEST_AT_LEAST_SIZE (xScreenSaverSetAttributesReq); ret = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, - DixUnknownAccess); + DixGetAttrAccess); if (ret != Success) return ret; pScreen = pDraw->pScreen; pParent = WindowTable[pScreen->myNum]; + ret = XaceHook(XACE_SCREENSAVER_ACCESS, client, pScreen, DixSetAttrAccess); + if (ret != Success) + return ret; + len = stuff->length - (sizeof(xScreenSaverSetAttributesReq) >> 2); if (Ones(stuff->mask) != len) return BadLength; @@ -1054,8 +1064,9 @@ ScreenSaverSetAttributes (ClientPtr client) } else { - pPixmap = (PixmapPtr)LookupIDByType(pixID, RT_PIXMAP); - if (pPixmap != (PixmapPtr) NULL) + ret = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP, + client, DixReadAccess); + if (ret == Success) { if ((pPixmap->drawable.depth != depth) || (pPixmap->drawable.pScreen != pScreen)) @@ -1069,7 +1080,7 @@ ScreenSaverSetAttributes (ClientPtr client) } else { - ret = BadPixmap; + ret = (ret == BadValue) ? BadPixmap : ret; client->errorValue = pixID; goto PatchUp; } @@ -1091,8 +1102,9 @@ ScreenSaverSetAttributes (ClientPtr client) } else { - pPixmap = (PixmapPtr)LookupIDByType(pixID, RT_PIXMAP); - if (pPixmap) + ret = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP, + client, DixReadAccess); + if (ret == Success) { if ((pPixmap->drawable.depth != depth) || (pPixmap->drawable.pScreen != pScreen)) @@ -1106,7 +1118,7 @@ ScreenSaverSetAttributes (ClientPtr client) } else { - ret = BadPixmap; + ret = (ret == BadValue) ? BadPixmap : ret; client->errorValue = pixID; goto PatchUp; } @@ -1184,10 +1196,11 @@ ScreenSaverSetAttributes (ClientPtr client) break; case CWColormap: cmap = (Colormap) *pVlist; - pCmap = (ColormapPtr)LookupIDByType(cmap, RT_COLORMAP); - if (!pCmap) + ret = dixLookupResource((pointer *)&pCmap, cmap, RT_COLORMAP, + client, DixUseAccess); + if (ret != Success) { - ret = BadColor; + ret = (ret == BadValue) ? BadColor : ret; client->errorValue = cmap; goto PatchUp; } @@ -1207,10 +1220,11 @@ ScreenSaverSetAttributes (ClientPtr client) } else { - pCursor = (CursorPtr)LookupIDByType(cursorID, RT_CURSOR); - if (!pCursor) + ret = dixLookupResource((pointer *)&pCursor, cursorID, + RT_CURSOR, client, DixUseAccess); + if (ret != Success) { - ret = BadCursor; + ret = (ret == BadValue) ? BadCursor : ret; client->errorValue = cursorID; goto PatchUp; } @@ -1252,7 +1266,7 @@ ScreenSaverUnsetAttributes (ClientPtr client) REQUEST_SIZE_MATCH (xScreenSaverUnsetAttributesReq); rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, - DixUnknownAccess); + DixGetAttrAccess); if (rc != Success) return rc; pPriv = GetScreenPrivate (pDraw->pScreen); diff --git a/Xext/security.c b/Xext/security.c index 231ea51ec..914cec2f7 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -28,63 +28,50 @@ in this Software without prior written authorization from The Open Group. #include <dix-config.h> #endif -#include "dixstruct.h" -#include "extnsionst.h" -#include "windowstr.h" -#include "inputstr.h" #include "scrnintstr.h" -#include "gcstruct.h" #include "colormapst.h" -#include "propertyst.h" +#include "privates.h" +#include "registry.h" #include "xacestr.h" #include "securitysrv.h" #include <X11/extensions/securstr.h> -#include <assert.h> -#include <stdarg.h> #ifdef XAPPGROUP #include "appgroup.h" #endif -#include <stdio.h> /* for file reading operations */ -#include <X11/Xatom.h> /* for XA_STRING */ - -#ifndef DEFAULTPOLICYFILE -# define DEFAULTPOLICYFILE NULL -#endif -#if defined(WIN32) || defined(__CYGWIN__) -#include <X11/Xos.h> -#undef index -#endif - #include "modinit.h" +/* Extension stuff */ static int SecurityErrorBase; /* first Security error number */ static int SecurityEventBase; /* first Security event number */ -static int securityClientPrivateIndex; -static int securityExtnsnPrivateIndex; -/* this is what we store as client security state */ -typedef struct { - unsigned int trustLevel; - XID authId; -} SecurityClientStateRec; - -#define STATEVAL(extnsn) \ - ((extnsn)->devPrivates[securityExtnsnPrivateIndex].val) -#define STATEPTR(client) \ - ((client)->devPrivates[securityClientPrivateIndex].ptr) -#define TRUSTLEVEL(client) \ - (((SecurityClientStateRec*)STATEPTR(client))->trustLevel) -#define AUTHID(client) \ - (((SecurityClientStateRec*)STATEPTR(client))->authId) +RESTYPE SecurityAuthorizationResType; /* resource type for authorizations */ +static RESTYPE RTEventClient; static CallbackListPtr SecurityValidateGroupCallback = NULL; -RESTYPE SecurityAuthorizationResType; /* resource type for authorizations */ +/* Private state record */ +static DevPrivateKey stateKey = &stateKey; -static RESTYPE RTEventClient; +/* This is what we store as client security state */ +typedef struct { + int haveState; + unsigned int trustLevel; + XID authId; +} SecurityStateRec; + +/* Extensions that untrusted clients shouldn't have access to */ +static char *SecurityUntrustedExtensions[] = { + "RandR", + "SECURITY", + "XFree86-DGA", + NULL +}; + +/* Access modes that untrusted clients can do to trusted stuff */ +static const Mask SecurityAllowedMask = + DixGetAttrAccess | DixListPropAccess | DixGetPropAccess | + DixGetFocusAccess | DixListAccess | DixReceiveAccess; -#define CALLBACK(name) static void \ -name(CallbackListPtr *pcbl, pointer nulldata, pointer calldata) /* SecurityAudit * @@ -110,6 +97,51 @@ SecurityAudit(char *format, ...) va_end(args); } /* SecurityAudit */ +/* + * Performs a Security permission check. + */ +static int +SecurityDoCheck(SecurityStateRec *subj, SecurityStateRec *obj, + Mask requested, Mask allowed) +{ + if (!subj->haveState || !obj->haveState) + return Success; + if (subj->trustLevel == XSecurityClientTrusted) + return Success; + if (obj->trustLevel != XSecurityClientTrusted) + return Success; + if ((requested | allowed) == allowed) + return Success; + + return BadAccess; +} + +/* + * Labels initial server objects. + */ +static void +SecurityLabelInitial(void) +{ + SecurityStateRec *state; + + /* Do the serverClient */ + state = dixLookupPrivate(&serverClient->devPrivates, stateKey); + state->trustLevel = XSecurityClientTrusted; + state->haveState = TRUE; +} + +/* + * Looks up a request name + */ +static _X_INLINE const char * +SecurityLookupRequestName(ClientPtr client) +{ + int major = ((xReq *)client->requestBuffer)->reqType; + int minor = MinorOpcodeOfRequest(client); + return LookupRequestName(major, minor); +} + + #define rClient(obj) (clients[CLIENT_ID((obj)->resource)]) /* SecurityDeleteAuthorization @@ -170,10 +202,12 @@ SecurityDeleteAuthorization( /* kill all clients using this auth */ for (i = 1; i<currentMaxClients; i++) - { - if (clients[i] && (AUTHID(clients[i]) == pAuth->id)) - CloseDownClient(clients[i]); - } + if (clients[i]) { + SecurityStateRec *state; + state = dixLookupPrivate(&clients[i]->devPrivates, stateKey); + if (state->haveState && state->authId == pAuth->id) + CloseDownClient(clients[i]); + } SecurityAudit("revoked authorization ID %d\n", pAuth->id); xfree(pAuth); @@ -322,12 +356,6 @@ ProcSecurityQueryVersion( /* REQUEST(xSecurityQueryVersionReq); */ xSecurityQueryVersionReply rep; - /* paranoia: this "can't happen" because this extension is hidden - * from untrusted clients, but just in case... - */ - if (TRUSTLEVEL(client) != XSecurityClientTrusted) - return BadRequest; - REQUEST_SIZE_MATCH(xSecurityQueryVersionReq); rep.type = X_Reply; rep.sequenceNumber = client->sequence; @@ -408,12 +436,6 @@ ProcSecurityGenerateAuthorization( char *pAuthdata; /* generated auth data */ Mask eventMask; /* what events on this auth does client want */ - /* paranoia: this "can't happen" because this extension is hidden - * from untrusted clients, but just in case... - */ - if (TRUSTLEVEL(client) != XSecurityClientTrusted) - return BadRequest; - /* check request length */ REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq); @@ -591,12 +613,6 @@ ProcSecurityRevokeAuthorization( REQUEST(xSecurityRevokeAuthorizationReq); SecurityAuthorizationPtr pAuth; - /* paranoia: this "can't happen" because this extension is hidden - * from untrusted clients, but just in case... - */ - if (TRUSTLEVEL(client) != XSecurityClientTrusted) - return BadRequest; - REQUEST_SIZE_MATCH(xSecurityRevokeAuthorizationReq); pAuth = (SecurityAuthorizationPtr)SecurityLookupIDByType(client, @@ -633,7 +649,7 @@ SProcSecurityQueryVersion( ClientPtr client) { REQUEST(xSecurityQueryVersionReq); - char n; + char n; swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xSecurityQueryVersionReq); @@ -648,7 +664,7 @@ SProcSecurityGenerateAuthorization( ClientPtr client) { REQUEST(xSecurityGenerateAuthorizationReq); - char n; + char n; CARD32 *values; unsigned long nvalues; @@ -671,7 +687,7 @@ SProcSecurityRevokeAuthorization( ClientPtr client) { REQUEST(xSecurityRevokeAuthorizationReq); - char n; + char n; swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xSecurityRevokeAuthorizationReq); @@ -710,59 +726,6 @@ SwapSecurityAuthorizationRevokedEvent( cpswapl(from->authId, to->authId); } -/* SecurityDetermineEventPropogationLimits - * - * This is a helper function for SecurityCheckDeviceAccess. - * - * Arguments: - * dev is the device for which the starting and stopping windows for - * event propogation should be determined. - * The values pointed to by ppWin and ppStopWin are not used. - * - * Returns: - * ppWin is filled in with a pointer to the window at which event - * propogation for the given device should start given the current - * state of the server (pointer position, window layout, etc.) - * ppStopWin is filled in with the window at which event propogation - * should stop; events should not go to ppStopWin. - * - * Side Effects: none. - */ - -static void -SecurityDetermineEventPropogationLimits( - DeviceIntPtr dev, - WindowPtr *ppWin, - WindowPtr *ppStopWin) -{ - WindowPtr pFocusWin = dev->focus ? dev->focus->win : NoneWin; - - if (pFocusWin == NoneWin) - { /* no focus -- events don't go anywhere */ - *ppWin = *ppStopWin = NULL; - return; - } - - if (pFocusWin == PointerRootWin) - { /* focus follows the pointer */ - *ppWin = GetSpriteWindow(dev); - *ppStopWin = NULL; /* propogate all the way to the root */ - } - else - { /* a real window is set for the focus */ - WindowPtr pSpriteWin = GetSpriteWindow(dev); - *ppStopWin = pFocusWin->parent; /* don't go past the focus window */ - - /* if the pointer is in a subwindow of the focus window, start - * at that subwindow, else start at the focus window itself - */ - if (IsParent(pFocusWin, pSpriteWin)) - *ppWin = pSpriteWin; - else *ppWin = pFocusWin; - } -} /* SecurityDetermineEventPropogationLimits */ - - /* SecurityCheckDeviceAccess * * Arguments: @@ -779,162 +742,26 @@ SecurityDetermineEventPropogationLimits( * An audit message is generated if access is denied. */ -CALLBACK(SecurityCheckDeviceAccess) -{ - XaceDeviceAccessRec *rec = (XaceDeviceAccessRec*)calldata; - ClientPtr client = rec->client; - DeviceIntPtr dev = rec->dev; - Bool fromRequest = rec->fromRequest; - WindowPtr pWin, pStopWin; - Bool untrusted_got_event; - Bool found_event_window; - Mask eventmask; - int reqtype = 0; - - /* trusted clients always allowed to do anything */ - if (TRUSTLEVEL(client) == XSecurityClientTrusted) - return; - - /* device security other than keyboard is not implemented yet */ - if (dev != inputInfo.keyboard) - return; - - /* some untrusted client wants access */ - - if (fromRequest) - { - reqtype = ((xReq *)client->requestBuffer)->reqType; - switch (reqtype) - { - /* never allow these */ - case X_ChangeKeyboardMapping: - case X_ChangeKeyboardControl: - case X_SetModifierMapping: - SecurityAudit("client %d attempted request %d\n", - client->index, reqtype); - rec->rval = FALSE; - return; - default: - break; - } - } - - untrusted_got_event = FALSE; - found_event_window = FALSE; - - if (dev->deviceGrab.grab) - { - untrusted_got_event = - (TRUSTLEVEL(rClient(dev->deviceGrab.grab)) != XSecurityClientTrusted); - } - else - { - SecurityDetermineEventPropogationLimits(dev, &pWin, &pStopWin); - - eventmask = KeyPressMask | KeyReleaseMask; - while ( (pWin != pStopWin) && !found_event_window) - { - OtherClients *other; - - if (pWin->eventMask & eventmask) - { - found_event_window = TRUE; - client = wClient(pWin); - if (TRUSTLEVEL(client) != XSecurityClientTrusted) - { - untrusted_got_event = TRUE; - } - } - if (wOtherEventMasks(pWin) & eventmask) - { - found_event_window = TRUE; - for (other = wOtherClients(pWin); other; other = other->next) - { - if (other->mask & eventmask) - { - client = rClient(other); - if (TRUSTLEVEL(client) != XSecurityClientTrusted) - { - untrusted_got_event = TRUE; - break; - } - } - } - } - if (wDontPropagateMask(pWin) & eventmask) - break; - pWin = pWin->parent; - } /* while propogating the event */ - } - - /* allow access by untrusted clients only if an event would have gone - * to an untrusted client - */ - - if (!untrusted_got_event) - { - char *devname = dev->name; - if (!devname) devname = "unnamed"; - if (fromRequest) - SecurityAudit("client %d attempted request %d device %d (%s)\n", - client->index, reqtype, dev->id, devname); - else - SecurityAudit("client %d attempted to access device %d (%s)\n", - client->index, dev->id, devname); - rec->rval = FALSE; - } - return; -} /* SecurityCheckDeviceAccess */ - - - -/* SecurityAuditResourceIDAccess - * - * Arguments: - * client is the client doing the resource access. - * id is the resource id. - * - * Returns: NULL - * - * Side Effects: - * An audit message is generated with details of the denied - * resource access. - */ - -static pointer -SecurityAuditResourceIDAccess( - ClientPtr client, - XID id) +static void +SecurityDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - int cid = CLIENT_ID(id); - int reqtype = ((xReq *)client->requestBuffer)->reqType; - switch (reqtype) - { - case X_ChangeProperty: - case X_DeleteProperty: - case X_GetProperty: - { - xChangePropertyReq *req = - (xChangePropertyReq *)client->requestBuffer; - int propertyatom = req->property; - char *propertyname = NameForAtom(propertyatom); - - SecurityAudit("client %d attempted request %d with window 0x%x property %s of client %d\n", - client->index, reqtype, id, propertyname, cid); - break; - } - default: - { - SecurityAudit("client %d attempted request %d with resource 0x%x of client %d\n", - client->index, reqtype, id, cid); - break; - } + XaceDeviceAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; + Mask requested = rec->access_mode; + Mask allowed = SecurityAllowedMask; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&serverClient->devPrivates, stateKey); + + if (SecurityDoCheck(subj, obj, requested, allowed) != Success) { + SecurityAudit("Security denied client %d keyboard access on request " + "%s\n", rec->client->index, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } - return NULL; -} /* SecurityAuditResourceIDAccess */ - +} -/* SecurityCheckResourceIDAccess +/* SecurityResource * * This function gets plugged into client->CheckAccess and is called from * SecurityLookupIDByType/Class to determine if the client can access the @@ -955,867 +782,246 @@ SecurityAuditResourceIDAccess( * Disallowed resource accesses are audited. */ -CALLBACK(SecurityCheckResourceIDAccess) +static void +SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - XaceResourceAccessRec *rec = (XaceResourceAccessRec*)calldata; - ClientPtr client = rec->client; - XID id = rec->id; - RESTYPE rtype = rec->rtype; - Mask access_mode = rec->access_mode; - pointer rval = rec->res; - int cid, reqtype; - - if (TRUSTLEVEL(client) == XSecurityClientTrusted || - DixUnknownAccess == access_mode) - return; /* for compatibility, we have to allow access */ - - cid = CLIENT_ID(id); - reqtype = ((xReq *)client->requestBuffer)->reqType; - switch (reqtype) - { /* these are always allowed */ - case X_QueryTree: - case X_TranslateCoords: - case X_GetGeometry: - /* property access is controlled in SecurityCheckPropertyAccess */ - case X_GetProperty: - case X_ChangeProperty: - case X_DeleteProperty: - case X_RotateProperties: - case X_ListProperties: - return; - default: - break; + XaceResourceAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; + int cid = CLIENT_ID(rec->id); + Mask requested = rec->access_mode; + Mask allowed = SecurityAllowedMask; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey); + + /* special checks for server-owned resources */ + if (cid == 0) { + if (rec->rtype & RC_DRAWABLE) + /* additional operations allowed on root windows */ + allowed |= DixReadAccess|DixSendAccess; + + else if (rec->rtype == RT_COLORMAP) + /* allow access to default colormaps */ + allowed = requested; } - if (cid != 0) - { /* not a server-owned resource */ - /* - * The following 'if' restricts clients to only access resources at - * the same trustLevel. Since there are currently only two trust levels, - * and trusted clients never call this function, this degenerates into - * saying that untrusted clients can only access resources of other - * untrusted clients. One way to add the notion of groups would be to - * allow values other than Trusted (0) and Untrusted (1) for this field. - * Clients at the same trust level would be able to use each other's - * resources, but not those of clients at other trust levels. I haven't - * tried it, but this probably mostly works already. The obvious - * competing alternative for grouping clients for security purposes is to - * use app groups. dpw - */ - if (TRUSTLEVEL(client) == TRUSTLEVEL(clients[cid]) + if (SecurityDoCheck(subj, obj, requested, allowed) == Success) + return; + #ifdef XAPPGROUP - || (RT_COLORMAP == rtype && - XagDefaultColormap (client) == (Colormap) id) + if (rec->id == XagDefaultColormap(rec->client)) + return; #endif - ) - return; - else - goto deny; - } - else /* server-owned resource - probably a default colormap or root window */ - { - if (RT_WINDOW == rtype || RC_DRAWABLE == rtype) - { - switch (reqtype) - { /* the following operations are allowed on root windows */ - case X_CreatePixmap: - case X_CreateGC: - case X_CreateWindow: - case X_CreateColormap: - case X_ListProperties: - case X_GrabPointer: - case X_UngrabButton: - case X_QueryBestSize: - case X_GetWindowAttributes: - break; - case X_SendEvent: - { /* see if it is an event specified by the ICCCM */ - xSendEventReq *req = (xSendEventReq *) - (client->requestBuffer); - if (req->propagate == xTrue - || - (req->eventMask != ColormapChangeMask && - req->eventMask != StructureNotifyMask && - req->eventMask != - (SubstructureRedirectMask|SubstructureNotifyMask) - ) - || - (req->event.u.u.type != UnmapNotify && - req->event.u.u.type != ConfigureRequest && - req->event.u.u.type != ClientMessage - ) - ) - { /* not an ICCCM event */ - goto deny; - } - break; - } /* case X_SendEvent on root */ - - case X_ChangeWindowAttributes: - { /* Allow selection of PropertyNotify and StructureNotify - * events on the root. - */ - xChangeWindowAttributesReq *req = - (xChangeWindowAttributesReq *)(client->requestBuffer); - if (req->valueMask == CWEventMask) - { - CARD32 value = *((CARD32 *)(req + 1)); - if ( (value & - ~(PropertyChangeMask|StructureNotifyMask)) == 0) - break; - } - goto deny; - } /* case X_ChangeWindowAttributes on root */ - - default: - { - /* others not allowed */ - goto deny; - } - } - } /* end server-owned window or drawable */ - else if (SecurityAuthorizationResType == rtype) - { - SecurityAuthorizationPtr pAuth = (SecurityAuthorizationPtr)rval; - if (pAuth->trustLevel != TRUSTLEVEL(client)) - goto deny; - } - else if (RT_COLORMAP != rtype) - { /* don't allow anything else besides colormaps */ - goto deny; - } - } - return; - deny: - SecurityAuditResourceIDAccess(client, id); - rec->rval = FALSE; /* deny access */ -} /* SecurityCheckResourceIDAccess */ - -/* SecurityClientStateCallback - * - * Arguments: - * pcbl is &ClientStateCallback. - * nullata is NULL. - * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h) - * which contains information about client state changes. - * - * Returns: nothing. - * - * Side Effects: - * - * If a new client is connecting, its authorization ID is copied to - * client->authID. If this is a generated authorization, its reference - * count is bumped, its timer is cancelled if it was running, and its - * trustlevel is copied to TRUSTLEVEL(client). - * - * If a client is disconnecting and the client was using a generated - * authorization, the authorization's reference count is decremented, and - * if it is now zero, the timer for this authorization is started. - */ - -CALLBACK(SecurityClientStateCallback) -{ - NewClientInfoRec *pci = (NewClientInfoRec *)calldata; - ClientPtr client = pci->client; - - switch (client->clientState) - { - case ClientStateInitial: - TRUSTLEVEL(client) = XSecurityClientTrusted; - AUTHID(client) = None; - break; - - case ClientStateRunning: - { - XID authId = AuthorizationIDOfClient(client); - SecurityAuthorizationPtr pAuth; - - TRUSTLEVEL(client) = XSecurityClientTrusted; - AUTHID(client) = authId; - pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId, - SecurityAuthorizationResType); - if (pAuth) - { /* it is a generated authorization */ - pAuth->refcnt++; - if (pAuth->refcnt == 1) - { - if (pAuth->timer) TimerCancel(pAuth->timer); - } - TRUSTLEVEL(client) = pAuth->trustLevel; - } - break; - } - case ClientStateGone: - case ClientStateRetained: /* client disconnected */ - { - SecurityAuthorizationPtr pAuth; - - /* client may not have any state (bad authorization) */ - if (!STATEPTR(client)) - break; - - pAuth = (SecurityAuthorizationPtr)LookupIDByType(AUTHID(client), - SecurityAuthorizationResType); - if (pAuth) - { /* it is a generated authorization */ - pAuth->refcnt--; - if (pAuth->refcnt == 0) - { - SecurityStartAuthorizationTimer(pAuth); - } - } - break; - } - default: break; - } -} /* SecurityClientStateCallback */ - -CALLBACK(SecurityCheckDrawableAccess) -{ - XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata; - - if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) - rec->rval = FALSE; + SecurityAudit("Security: denied client %d access to resource 0x%x " + "of client %d on request %s\n", rec->client->index, rec->id, + cid, SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; /* deny access */ } -CALLBACK(SecurityCheckMapAccess) -{ - XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; - WindowPtr pWin = rec->pWin; - - if (STATEPTR(rec->client) && - (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && - (pWin->drawable.class == InputOnly) && - pWin->parent && pWin->parent->parent && - (TRUSTLEVEL(wClient(pWin->parent)) == XSecurityClientTrusted)) - - rec->rval = FALSE; -} -CALLBACK(SecurityCheckBackgrndAccess) +static void +SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; - - if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) - rec->rval = FALSE; + XaceExtAccessRec *rec = calldata; + SecurityStateRec *subj; + int i = 0; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + + if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) + while (SecurityUntrustedExtensions[i]) + if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) { + SecurityAudit("Security: denied client %d access to extension " + "%s on request %s\n", + rec->client->index, rec->ext->name, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; + return; + } } -CALLBACK(SecurityCheckExtAccess) +static void +SecurityServer(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata; - - if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && - !STATEVAL(rec->ext)) - - rec->rval = FALSE; -} + XaceServerAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; + Mask requested = rec->access_mode; + Mask allowed = SecurityAllowedMask; -CALLBACK(SecurityCheckHostlistAccess) -{ - XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata; + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&serverClient->devPrivates, stateKey); - if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) - { - rec->rval = FALSE; - if (rec->access_mode == DixWriteAccess) - SecurityAudit("client %d attempted to change host access\n", - rec->client->index); - else - SecurityAudit("client %d attempted to list hosts\n", - rec->client->index); + if (SecurityDoCheck(subj, obj, requested, allowed) != Success) { + SecurityAudit("Security: denied client %d access to server " + "configuration request %s\n", rec->client->index, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } } -CALLBACK(SecurityDeclareExtSecure) -{ - XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata; - - /* security state for extensions is simply a boolean trust value */ - STATEVAL(rec->ext) = rec->secure; -} - -/**********************************************************************/ - -typedef struct _PropertyAccessRec { - ATOM name; - ATOM mustHaveProperty; - char *mustHaveValue; - char windowRestriction; -#define SecurityAnyWindow 0 -#define SecurityRootWindow 1 -#define SecurityWindowWithProperty 2 - char readAction; - char writeAction; - char destroyAction; - struct _PropertyAccessRec *next; -} PropertyAccessRec, *PropertyAccessPtr; - -static PropertyAccessPtr PropertyAccessList = NULL; -static char SecurityDefaultAction = XaceErrorOperation; -static char *SecurityPolicyFile = DEFAULTPOLICYFILE; -static ATOM SecurityMaxPropertyName = 0; - -static char *SecurityKeywords[] = { -#define SecurityKeywordComment 0 - "#", -#define SecurityKeywordProperty 1 - "property", -#define SecurityKeywordSitePolicy 2 - "sitepolicy", -#define SecurityKeywordRoot 3 - "root", -#define SecurityKeywordAny 4 - "any" -}; - -#define NUMKEYWORDS (sizeof(SecurityKeywords) / sizeof(char *)) - -#undef PROPDEBUG -/*#define PROPDEBUG 1*/ - static void -SecurityFreePropertyAccessList(void) -{ - while (PropertyAccessList) - { - PropertyAccessPtr freeit = PropertyAccessList; - PropertyAccessList = PropertyAccessList->next; - xfree(freeit); - } -} /* SecurityFreePropertyAccessList */ - -#define SecurityIsWhitespace(c) ( (c == ' ') || (c == '\t') || (c == '\n') ) - -static char * -SecuritySkipWhitespace( - char *p) +SecurityClient(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - while (SecurityIsWhitespace(*p)) - p++; - return p; -} /* SecuritySkipWhitespace */ - - -static char * -SecurityParseString( - char **rest) -{ - char *startOfString; - char *s = *rest; - char endChar = 0; - - s = SecuritySkipWhitespace(s); - - if (*s == '"' || *s == '\'') - { - endChar = *s++; - startOfString = s; - while (*s && (*s != endChar)) - s++; - } - else - { - startOfString = s; - while (*s && !SecurityIsWhitespace(*s)) - s++; + XaceClientAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; + Mask requested = rec->access_mode; + Mask allowed = SecurityAllowedMask; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->target->devPrivates, stateKey); + + if (SecurityDoCheck(subj, obj, requested, allowed) != Success) { + SecurityAudit("Security: denied client %d access to client %d on " + "request %s\n", rec->client->index, rec->target->index, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } - if (*s) - { - *s = '\0'; - *rest = s + 1; - return startOfString; - } - else - { - *rest = s; - return (endChar) ? NULL : startOfString; - } -} /* SecurityParseString */ - - -static int -SecurityParseKeyword( - char **p) -{ - int i; - char *s = *p; - s = SecuritySkipWhitespace(s); - for (i = 0; i < NUMKEYWORDS; i++) - { - int len = strlen(SecurityKeywords[i]); - if (strncmp(s, SecurityKeywords[i], len) == 0) - { - *p = s + len; - return (i); - } - } - *p = s; - return -1; -} /* SecurityParseKeyword */ - - -static Bool -SecurityParsePropertyAccessRule( - char *p) -{ - char *propname; - char c; - char action = SecurityDefaultAction; - char readAction, writeAction, destroyAction; - PropertyAccessPtr pacl, prev, cur; - char *mustHaveProperty = NULL; - char *mustHaveValue = NULL; - Bool invalid; - char windowRestriction; - int size; - int keyword; - - /* get property name */ - propname = SecurityParseString(&p); - if (!propname || (strlen(propname) == 0)) - return FALSE; - - /* get window on which property must reside for rule to apply */ - - keyword = SecurityParseKeyword(&p); - if (keyword == SecurityKeywordRoot) - windowRestriction = SecurityRootWindow; - else if (keyword == SecurityKeywordAny) - windowRestriction = SecurityAnyWindow; - else /* not root or any, must be a property name */ - { - mustHaveProperty = SecurityParseString(&p); - if (!mustHaveProperty || (strlen(mustHaveProperty) == 0)) - return FALSE; - windowRestriction = SecurityWindowWithProperty; - p = SecuritySkipWhitespace(p); - if (*p == '=') - { /* property value is specified too */ - p++; /* skip over '=' */ - mustHaveValue = SecurityParseString(&p); - if (!mustHaveValue) - return FALSE; - } - } - - /* get operations and actions */ - - invalid = FALSE; - readAction = writeAction = destroyAction = SecurityDefaultAction; - while ( (c = *p++) && !invalid) - { - switch (c) - { - case 'i': action = XaceIgnoreOperation; break; - case 'a': action = XaceAllowOperation; break; - case 'e': action = XaceErrorOperation; break; - - case 'r': readAction = action; break; - case 'w': writeAction = action; break; - case 'd': destroyAction = action; break; - - default : - if (!SecurityIsWhitespace(c)) - invalid = TRUE; - break; - } - } - if (invalid) - return FALSE; - - /* We've successfully collected all the information needed for this - * property access rule. Now record it in a PropertyAccessRec. - */ - size = sizeof(PropertyAccessRec); - - /* If there is a property value string, allocate space for it - * right after the PropertyAccessRec. - */ - if (mustHaveValue) - size += strlen(mustHaveValue) + 1; - pacl = (PropertyAccessPtr)Xalloc(size); - if (!pacl) - return FALSE; - - pacl->name = MakeAtom(propname, strlen(propname), TRUE); - if (pacl->name == BAD_RESOURCE) - { - Xfree(pacl); - return FALSE; - } - if (mustHaveProperty) - { - pacl->mustHaveProperty = MakeAtom(mustHaveProperty, - strlen(mustHaveProperty), TRUE); - if (pacl->mustHaveProperty == BAD_RESOURCE) - { - Xfree(pacl); - return FALSE; - } - } - else - pacl->mustHaveProperty = 0; - - if (mustHaveValue) - { - pacl->mustHaveValue = (char *)(pacl + 1); - strcpy(pacl->mustHaveValue, mustHaveValue); - } - else - pacl->mustHaveValue = NULL; - - SecurityMaxPropertyName = max(SecurityMaxPropertyName, pacl->name); - - pacl->windowRestriction = windowRestriction; - pacl->readAction = readAction; - pacl->writeAction = writeAction; - pacl->destroyAction = destroyAction; - - /* link the new rule into the list of rules in order of increasing - * property name (atom) value to make searching easier - */ +} - for (prev = NULL, cur = PropertyAccessList; - cur && cur->name <= pacl->name; - prev = cur, cur = cur->next) - ; - if (!prev) - { - pacl->next = cur; - PropertyAccessList = pacl; - } - else - { - prev->next = pacl; - pacl->next = cur; +static void +SecurityProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XacePropertyAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; + ATOM name = rec->pProp->propertyName; + Mask requested = rec->access_mode; + Mask allowed = SecurityAllowedMask | DixReadAccess; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&wClient(rec->pWin)->devPrivates, stateKey); + + if (SecurityDoCheck(subj, obj, requested, allowed) != Success) { + SecurityAudit("Security: denied client %d access to property %s " + "(atom 0x%x) window 0x%x of client %d on request %s\n", + rec->client->index, NameForAtom(name), name, + rec->pWin->drawable.id, wClient(rec->pWin)->index, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } - return TRUE; -} /* SecurityParsePropertyAccessRule */ - -static char **SecurityPolicyStrings = NULL; -static int nSecurityPolicyStrings = 0; +} -static Bool -SecurityParseSitePolicy( - char *p) +static void +SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - char *policyStr = SecurityParseString(&p); - char *copyPolicyStr; - char **newStrings; - - if (!policyStr) - return FALSE; - - copyPolicyStr = (char *)Xalloc(strlen(policyStr) + 1); - if (!copyPolicyStr) - return TRUE; - strcpy(copyPolicyStr, policyStr); - newStrings = (char **)Xrealloc(SecurityPolicyStrings, - sizeof (char *) * (nSecurityPolicyStrings + 1)); - if (!newStrings) - { - Xfree(copyPolicyStr); - return TRUE; - } - - SecurityPolicyStrings = newStrings; - SecurityPolicyStrings[nSecurityPolicyStrings++] = copyPolicyStr; + XaceSendAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; - return TRUE; + if (rec->client) { + int i; -} /* SecurityParseSitePolicy */ + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&wClient(rec->pWin)->devPrivates, stateKey); + if (SecurityDoCheck(subj, obj, DixSendAccess, 0) == Success) + return; -char ** -SecurityGetSitePolicyStrings(n) - int *n; -{ - *n = nSecurityPolicyStrings; - return SecurityPolicyStrings; -} /* SecurityGetSitePolicyStrings */ - -static void -SecurityFreeSitePolicyStrings(void) -{ - if (SecurityPolicyStrings) - { - assert(nSecurityPolicyStrings); - while (nSecurityPolicyStrings--) - { - Xfree(SecurityPolicyStrings[nSecurityPolicyStrings]); - } - Xfree(SecurityPolicyStrings); - SecurityPolicyStrings = NULL; - nSecurityPolicyStrings = 0; + for (i = 0; i < rec->count; i++) + if (rec->events[i].u.u.type != UnmapNotify && + rec->events[i].u.u.type != ConfigureRequest && + rec->events[i].u.u.type != ClientMessage) { + + SecurityAudit("Security: denied client %d from sending event " + "of type %s to window 0x%x of client %d\n", + rec->client->index, rec->pWin->drawable.id, + wClient(rec->pWin)->index, + LookupEventName(rec->events[i].u.u.type)); + rec->status = BadAccess; + return; + } } -} /* SecurityFreeSitePolicyStrings */ - +} static void -SecurityLoadPropertyAccessList(void) +SecurityReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - FILE *f; - int lineNumber = 0; + XaceReceiveAccessRec *rec = calldata; + SecurityStateRec *subj, *obj; - SecurityMaxPropertyName = 0; + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&wClient(rec->pWin)->devPrivates, stateKey); - if (!SecurityPolicyFile) - return; - - f = fopen(SecurityPolicyFile, "r"); - if (!f) - { - ErrorF("error opening security policy file %s\n", - SecurityPolicyFile); + if (SecurityDoCheck(subj, obj, DixReceiveAccess, 0) == Success) return; - } - - while (!feof(f)) - { - char buf[200]; - Bool validLine; - char *p; - - if (!(p = fgets(buf, sizeof(buf), f))) - break; - lineNumber++; - - /* if first line, check version number */ - if (lineNumber == 1) - { - char *v = SecurityParseString(&p); - if (strcmp(v, SECURITY_POLICY_FILE_VERSION) != 0) - { - ErrorF("%s: invalid security policy file version, ignoring file\n", - SecurityPolicyFile); - break; - } - validLine = TRUE; - } - else - { - switch (SecurityParseKeyword(&p)) - { - case SecurityKeywordComment: - validLine = TRUE; - break; - - case SecurityKeywordProperty: - validLine = SecurityParsePropertyAccessRule(p); - break; - case SecurityKeywordSitePolicy: - validLine = SecurityParseSitePolicy(p); - break; - - default: - validLine = (*p == '\0'); /* blank lines OK, others not */ - break; - } - } - - if (!validLine) - ErrorF("Line %d of %s invalid, ignoring\n", - lineNumber, SecurityPolicyFile); - } /* end while more input */ - -#ifdef PROPDEBUG - { - PropertyAccessPtr pacl; - char *op = "aie"; - for (pacl = PropertyAccessList; pacl; pacl = pacl->next) - { - ErrorF("property %s ", NameForAtom(pacl->name)); - switch (pacl->windowRestriction) - { - case SecurityAnyWindow: ErrorF("any "); break; - case SecurityRootWindow: ErrorF("root "); break; - case SecurityWindowWithProperty: - { - ErrorF("%s ", NameForAtom(pacl->mustHaveProperty)); - if (pacl->mustHaveValue) - ErrorF(" = \"%s\" ", pacl->mustHaveValue); - - } - break; - } - ErrorF("%cr %cw %cd\n", op[pacl->readAction], - op[pacl->writeAction], op[pacl->destroyAction]); - } - } -#endif /* PROPDEBUG */ - - fclose(f); -} /* SecurityLoadPropertyAccessList */ + SecurityAudit("Security: denied client %d from receiving an event " + "sent to window 0x%x of client %d\n", + rec->client->index, rec->pWin->drawable.id, + wClient(rec->pWin)->index); + rec->status = BadAccess; +} +/* SecurityClientStateCallback + * + * Arguments: + * pcbl is &ClientStateCallback. + * nullata is NULL. + * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h) + * which contains information about client state changes. + * + * Returns: nothing. + * + * Side Effects: + * + * If a new client is connecting, its authorization ID is copied to + * client->authID. If this is a generated authorization, its reference + * count is bumped, its timer is cancelled if it was running, and its + * trustlevel is copied to TRUSTLEVEL(client). + * + * If a client is disconnecting and the client was using a generated + * authorization, the authorization's reference count is decremented, and + * if it is now zero, the timer for this authorization is started. + */ -static Bool -SecurityMatchString( - char *ws, - char *cs) +static void +SecurityClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) { - while (*ws && *cs) - { - if (*ws == '*') - { - Bool match = FALSE; - ws++; - while (!(match = SecurityMatchString(ws, cs)) && *cs) - { - cs++; - } - return match; - } - else if (*ws == *cs) - { - ws++; - cs++; - } - else break; - } - return ( ( (*ws == '\0') || ((*ws == '*') && *(ws+1) == '\0') ) - && (*cs == '\0') ); -} /* SecurityMatchString */ - -#ifdef PROPDEBUG -#include <sys/types.h> -#include <sys/stat.h> -#endif + NewClientInfoRec *pci = calldata; + SecurityStateRec *state; + SecurityAuthorizationPtr pAuth; + int rc; + state = dixLookupPrivate(&pci->client->devPrivates, stateKey); -CALLBACK(SecurityCheckPropertyAccess) -{ - XacePropertyAccessRec *rec = (XacePropertyAccessRec*)calldata; - ClientPtr client = rec->client; - WindowPtr pWin = rec->pWin; - ATOM propertyName = rec->propertyName; - Mask access_mode = rec->access_mode; - PropertyAccessPtr pacl; - char action = SecurityDefaultAction; - - /* if client trusted or window untrusted, allow operation */ - - if ( (TRUSTLEVEL(client) == XSecurityClientTrusted) || - (TRUSTLEVEL(wClient(pWin)) != XSecurityClientTrusted) ) - return; + switch (pci->client->clientState) { + case ClientStateInitial: + state->trustLevel = XSecurityClientTrusted; + state->authId = None; + state->haveState = TRUE; + break; -#ifdef PROPDEBUG - /* For testing, it's more convenient if the property rules file gets - * reloaded whenever it changes, so we can rapidly try things without - * having to reset the server. - */ - { - struct stat buf; - static time_t lastmod = 0; - int ret = stat(SecurityPolicyFile , &buf); - if ( (ret == 0) && (buf.st_mtime > lastmod) ) - { - ErrorF("reloading property rules\n"); - SecurityFreePropertyAccessList(); - SecurityLoadPropertyAccessList(); - lastmod = buf.st_mtime; + case ClientStateRunning: + state->authId = AuthorizationIDOfClient(pci->client); + rc = dixLookupResource((pointer *)&pAuth, state->authId, + SecurityAuthorizationResType, serverClient, + DixGetAttrAccess); + if (rc == Success) { + /* it is a generated authorization */ + pAuth->refcnt++; + if (pAuth->refcnt == 1 && pAuth->timer) + TimerCancel(pAuth->timer); + + state->trustLevel = pAuth->trustLevel; } - } -#endif - - /* If the property atom is bigger than any atoms on the list, - * we know we won't find it, so don't even bother looking. - */ - if (propertyName <= SecurityMaxPropertyName) - { - /* untrusted client operating on trusted window; see if it's allowed */ - - for (pacl = PropertyAccessList; pacl; pacl = pacl->next) - { - if (pacl->name < propertyName) - continue; - if (pacl->name > propertyName) - break; + break; - /* pacl->name == propertyName, so see if it applies to this window */ + case ClientStateGone: + case ClientStateRetained: + rc = dixLookupResource((pointer *)&pAuth, state->authId, + SecurityAuthorizationResType, serverClient, + DixGetAttrAccess); + if (rc == Success) { + /* it is a generated authorization */ + pAuth->refcnt--; + if (pAuth->refcnt == 0) + SecurityStartAuthorizationTimer(pAuth); + } + break; - switch (pacl->windowRestriction) - { - case SecurityAnyWindow: /* always applies */ - break; - - case SecurityRootWindow: - { - /* if not a root window, this rule doesn't apply */ - if (pWin->parent) - continue; - } - break; - - case SecurityWindowWithProperty: - { - PropertyPtr pProp = wUserProps (pWin); - Bool match = FALSE; - char *p; - char *pEndData; - - while (pProp) - { - if (pProp->propertyName == pacl->mustHaveProperty) - break; - pProp = pProp->next; - } - if (!pProp) - continue; - if (!pacl->mustHaveValue) - break; - if (pProp->type != XA_STRING || pProp->format != 8) - continue; - - p = pProp->data; - pEndData = ((char *)pProp->data) + pProp->size; - while (!match && p < pEndData) - { - if (SecurityMatchString(pacl->mustHaveValue, p)) - match = TRUE; - else - { /* skip to the next string */ - while (*p++ && p < pEndData) - ; - } - } - if (!match) - continue; - } - break; /* end case SecurityWindowWithProperty */ - } /* end switch on windowRestriction */ - - /* If we get here, the property access rule pacl applies. - * If pacl doesn't apply, something above should have - * executed a continue, which will skip the follwing code. - */ - action = XaceAllowOperation; - if (access_mode & DixReadAccess) - action = max(action, pacl->readAction); - if (access_mode & DixWriteAccess) - action = max(action, pacl->writeAction); - if (access_mode & DixDestroyAccess) - action = max(action, pacl->destroyAction); - break; - } /* end for each pacl */ - } /* end if propertyName <= SecurityMaxPropertyName */ - - if (XaceAllowOperation != action) - { /* audit the access violation */ - int cid = CLIENT_ID(pWin->drawable.id); - int reqtype = ((xReq *)client->requestBuffer)->reqType; - char *actionstr = (XaceIgnoreOperation == action) ? - "ignored" : "error"; - SecurityAudit("client %d attempted request %d with window 0x%x property %s (atom 0x%x) of client %d, %s\n", - client->index, reqtype, pWin->drawable.id, - NameForAtom(propertyName), propertyName, cid, actionstr); + default: + break; } - /* return codes increase with strictness */ - if (action > rec->rval) - rec->rval = action; -} /* SecurityCheckPropertyAccess */ - +} /* SecurityResetProc * @@ -1832,66 +1038,19 @@ static void SecurityResetProc( ExtensionEntry *extEntry) { - SecurityFreePropertyAccessList(); - SecurityFreeSitePolicyStrings(); -} /* SecurityResetProc */ - - -int -XSecurityOptions(argc, argv, i) - int argc; - char **argv; - int i; -{ - if (strcmp(argv[i], "-sp") == 0) - { - if (i < argc) - SecurityPolicyFile = argv[++i]; - return (i + 1); - } - return (i); -} /* XSecurityOptions */ - - -/* SecurityExtensionSetup - * - * Arguments: none. - * - * Returns: nothing. - * - * Side Effects: - * Sets up the Security extension if possible. - * This function contains things that need to be done - * before any other extension init functions get called. - */ - -void -SecurityExtensionSetup(INITARGS) -{ - /* Allocate the client private index */ - securityClientPrivateIndex = AllocateClientPrivateIndex(); - if (!AllocateClientPrivate(securityClientPrivateIndex, - sizeof (SecurityClientStateRec))) - FatalError("SecurityExtensionSetup: Can't allocate client private.\n"); - - /* Allocate the extension private index */ - securityExtnsnPrivateIndex = AllocateExtensionPrivateIndex(); - if (!AllocateExtensionPrivate(securityExtnsnPrivateIndex, 0)) - FatalError("SecurityExtensionSetup: Can't allocate extnsn private.\n"); - - /* register callbacks */ -#define XaceRC XaceRegisterCallback - XaceRC(XACE_RESOURCE_ACCESS, SecurityCheckResourceIDAccess, NULL); - XaceRC(XACE_DEVICE_ACCESS, SecurityCheckDeviceAccess, NULL); - XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL); - XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL); - XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL); - XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL); - XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL); - XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL); - XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL); - XaceRC(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, NULL); -} /* SecurityExtensionSetup */ + /* Unregister callbacks */ + DeleteCallback(&ClientStateCallback, SecurityClientState, NULL); + + XaceDeleteCallback(XACE_EXT_DISPATCH, SecurityExtension, NULL); + XaceDeleteCallback(XACE_RESOURCE_ACCESS, SecurityResource, NULL); + XaceDeleteCallback(XACE_DEVICE_ACCESS, SecurityDevice, NULL); + XaceDeleteCallback(XACE_PROPERTY_ACCESS, SecurityProperty, NULL); + XaceDeleteCallback(XACE_SEND_ACCESS, SecuritySend, NULL); + XaceDeleteCallback(XACE_RECEIVE_ACCESS, SecurityReceive, NULL); + XaceDeleteCallback(XACE_CLIENT_ACCESS, SecurityClient, NULL); + XaceDeleteCallback(XACE_EXT_ACCESS, SecurityExtension, NULL); + XaceDeleteCallback(XACE_SERVER_ACCESS, SecurityServer, NULL); +} /* SecurityExtensionInit @@ -1908,6 +1067,7 @@ void SecurityExtensionInit(INITARGS) { ExtensionEntry *extEntry; + int ret = TRUE; SecurityAuthorizationResType = CreateNewResourceType(SecurityDeleteAuthorization); @@ -1920,9 +1080,27 @@ SecurityExtensionInit(INITARGS) RTEventClient |= RC_NEVERRETAIN; - if (!AddCallback(&ClientStateCallback, SecurityClientStateCallback, NULL)) - return; + /* Allocate the private storage */ + if (!dixRequestPrivate(stateKey, sizeof(SecurityStateRec))) + FatalError("SecurityExtensionSetup: Can't allocate client private.\n"); + + /* Register callbacks */ + ret &= AddCallback(&ClientStateCallback, SecurityClientState, NULL); + + ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SecurityExtension, NULL); + ret &= XaceRegisterCallback(XACE_RESOURCE_ACCESS, SecurityResource, NULL); + ret &= XaceRegisterCallback(XACE_DEVICE_ACCESS, SecurityDevice, NULL); + ret &= XaceRegisterCallback(XACE_PROPERTY_ACCESS, SecurityProperty, NULL); + ret &= XaceRegisterCallback(XACE_SEND_ACCESS, SecuritySend, NULL); + ret &= XaceRegisterCallback(XACE_RECEIVE_ACCESS, SecurityReceive, NULL); + ret &= XaceRegisterCallback(XACE_CLIENT_ACCESS, SecurityClient, NULL); + ret &= XaceRegisterCallback(XACE_EXT_ACCESS, SecurityExtension, NULL); + ret &= XaceRegisterCallback(XACE_SERVER_ACCESS, SecurityServer, NULL); + if (!ret) + FatalError("SecurityExtensionSetup: Failed to register callbacks\n"); + + /* Add extension to server */ extEntry = AddExtension(SECURITY_EXTENSION_NAME, XSecurityNumberEvents, XSecurityNumberErrors, ProcSecurityDispatch, SProcSecurityDispatch, @@ -1934,6 +1112,6 @@ SecurityExtensionInit(INITARGS) EventSwapVector[SecurityEventBase + XSecurityAuthorizationRevoked] = (EventSwapPtr)SwapSecurityAuthorizationRevokedEvent; - SecurityLoadPropertyAccessList(); - -} /* SecurityExtensionInit */ + /* Label objects that were created before we could register ourself */ + SecurityLabelInitial(); +} diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h index 67d864e2e..f4f3e32ae 100644 --- a/Xext/securitysrv.h +++ b/Xext/securitysrv.h @@ -77,13 +77,7 @@ typedef struct { Bool valid; /* did anyone recognize it? if so, set to TRUE */ } SecurityValidateGroupInfoRec; -extern int XSecurityOptions(int argc, char **argv, int i); - /* Give this value or higher to the -audit option to get security messages */ #define SECURITY_AUDIT_LEVEL 4 -#define SECURITY_POLICY_FILE_VERSION "version-1" - -extern char **SecurityGetSitePolicyStrings(int *n); - #endif /* _SECURITY_SRV_H */ diff --git a/Xext/shape.c b/Xext/shape.c index 2425eeb3b..6857c2865 100644 --- a/Xext/shape.c +++ b/Xext/shape.c @@ -111,9 +111,6 @@ static DISPATCH_PROC(SProcShapeSelectInput); #include "panoramiXsrv.h" #endif -#if 0 -static unsigned char ShapeReqCode = 0; -#endif static int ShapeEventBase = 0; static RESTYPE ClientType, EventType; /* resource types for event masks */ @@ -154,9 +151,6 @@ ShapeExtensionInit(void) ProcShapeDispatch, SProcShapeDispatch, ShapeResetProc, StandardMinorOpcode))) { -#if 0 - ShapeReqCode = (unsigned char)extEntry->base; -#endif ShapeEventBase = extEntry->eventBase; EventSwapVector[ShapeEventBase] = (EventSwapPtr) SShapeNotifyEvent; } @@ -323,7 +317,7 @@ ProcShapeRectangles (client) REQUEST_AT_LEAST_SIZE (xShapeRectanglesReq); UpdateCurrentTime(); - rc = dixLookupWindow(&pWin, stuff->dest, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->dest, client, DixSetAttrAccess); if (rc != Success) return rc; switch (stuff->destKind) { @@ -423,7 +417,7 @@ ProcShapeMask (client) REQUEST_SIZE_MATCH (xShapeMaskReq); UpdateCurrentTime(); - rc = dixLookupWindow(&pWin, stuff->dest, client, DixWriteAccess); + rc = dixLookupWindow(&pWin, stuff->dest, client, DixSetAttrAccess); if (rc != Success) return rc; switch (stuff->destKind) { @@ -444,10 +438,10 @@ ProcShapeMask (client) if (stuff->src == None) srcRgn = 0; else { - pPixmap = (PixmapPtr) SecurityLookupIDByType(client, stuff->src, - RT_PIXMAP, DixReadAccess); - if (!pPixmap) - return BadPixmap; + rc = dixLookupResource((pointer *)&pPixmap, stuff->src, RT_PIXMAP, + client, DixReadAccess); + if (rc != Success) + return (rc == BadValue) ? BadPixmap : rc; if (pPixmap->drawable.pScreen != pScreen || pPixmap->drawable.depth != 1) return BadMatch; @@ -531,7 +525,7 @@ ProcShapeCombine (client) REQUEST_SIZE_MATCH (xShapeCombineReq); UpdateCurrentTime(); - rc = dixLookupWindow(&pDestWin, stuff->dest, client, DixUnknownAccess); + rc = dixLookupWindow(&pDestWin, stuff->dest, client, DixSetAttrAccess); if (rc != Success) return rc; if (!pDestWin->optional) @@ -552,7 +546,7 @@ ProcShapeCombine (client) } pScreen = pDestWin->drawable.pScreen; - rc = dixLookupWindow(&pSrcWin, stuff->src, client, DixUnknownAccess); + rc = dixLookupWindow(&pSrcWin, stuff->src, client, DixGetAttrAccess); if (rc != Success) return rc; switch (stuff->srcKind) { @@ -651,7 +645,7 @@ ProcShapeOffset (client) REQUEST_SIZE_MATCH (xShapeOffsetReq); UpdateCurrentTime(); - rc = dixLookupWindow(&pWin, stuff->dest, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->dest, client, DixSetAttrAccess); if (rc != Success) return rc; switch (stuff->destKind) { @@ -716,7 +710,7 @@ ProcShapeQueryExtents (client) RegionPtr region; REQUEST_SIZE_MATCH (xShapeQueryExtentsReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); if (rc != Success) return rc; rep.type = X_Reply; @@ -826,7 +820,7 @@ ProcShapeSelectInput (client) int rc; REQUEST_SIZE_MATCH (xShapeSelectInputReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixReceiveAccess); if (rc != Success) return rc; pHead = (ShapeEventPtr *)SecurityLookupIDByType(client, @@ -999,7 +993,7 @@ ProcShapeInputSelected (client) int n; REQUEST_SIZE_MATCH (xShapeInputSelectedReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); if (rc != Success) return rc; pHead = (ShapeEventPtr *) SecurityLookupIDByType(client, @@ -1041,7 +1035,7 @@ ProcShapeGetRectangles (client) int n; REQUEST_SIZE_MATCH(xShapeGetRectanglesReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); if (rc != Success) return rc; switch (stuff->kind) { diff --git a/Xext/shm.c b/Xext/shm.c index 97a48cd73..1ee3bd14c 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -58,6 +58,7 @@ in this Software without prior written authorization from The Open Group. #include "extnsionst.h" #include "servermd.h" #include "shmint.h" +#include "xace.h" #define _XSHM_SERVER_ #include <X11/extensions/shmstr.h> #include <X11/Xfuncproto.h> @@ -146,7 +147,7 @@ static int pixmapFormat; static int shmPixFormat[MAXSCREENS]; static ShmFuncsPtr shmFuncs[MAXSCREENS]; static DestroyPixmapProcPtr destroyPixmap[MAXSCREENS]; -static int shmPixmapPrivate; +static DevPrivateKey shmPixmapPrivate = &shmPixmapPrivate; static ShmFuncs miFuncs = {NULL, miShmPutImage}; static ShmFuncs fbFuncs = {fbShmCreatePixmap, fbShmPutImage}; @@ -256,20 +257,11 @@ ShmExtensionInit(INITARGS) if (!pixmapFormat) pixmapFormat = ZPixmap; if (sharedPixmaps) - { for (i = 0; i < screenInfo.numScreens; i++) { destroyPixmap[i] = screenInfo.screens[i]->DestroyPixmap; screenInfo.screens[i]->DestroyPixmap = ShmDestroyPixmap; } - shmPixmapPrivate = AllocatePixmapPrivateIndex(); - for (i = 0; i < screenInfo.numScreens; i++) - { - if (!AllocatePixmapPrivate(screenInfo.screens[i], - shmPixmapPrivate, 0)) - return; - } - } } ShmSegType = CreateNewResourceType(ShmDetachSegment); if (ShmSegType && @@ -322,7 +314,8 @@ ShmDestroyPixmap (PixmapPtr pPixmap) if (pPixmap->refcnt == 1) { ShmDescPtr shmdesc; - shmdesc = (ShmDescPtr) pPixmap->devPrivates[shmPixmapPrivate].ptr; + shmdesc = (ShmDescPtr)dixLookupPrivate(&pPixmap->devPrivates, + shmPixmapPrivate); if (shmdesc) ShmDetachSegment ((pointer) shmdesc, pPixmap->drawable.id); } @@ -815,7 +808,7 @@ CreatePmap: shmdesc->addr + stuff->offset); if (pMap) { - pMap->devPrivates[shmPixmapPrivate].ptr = (pointer) shmdesc; + dixSetPrivate(&pMap->devPrivates, shmPixmapPrivate, shmdesc); shmdesc->refcnt++; pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER; pMap->drawable.id = newPix->info[j].id; @@ -855,7 +848,7 @@ ProcShmPutImage(client) REQUEST(xShmPutImageReq); REQUEST_SIZE_MATCH(xShmPutImageReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess); VERIFY_SHMPTR(stuff->shmseg, stuff->offset, FALSE, shmdesc, client); if ((stuff->sendEvent != xTrue) && (stuff->sendEvent != xFalse)) return BadValue; @@ -968,7 +961,7 @@ ProcShmGetImage(client) return(BadValue); } rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, - DixUnknownAccess); + DixReadAccess); if (rc != Success) return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); @@ -1100,7 +1093,7 @@ ProcShmCreatePixmap(client) return BadImplementation; LEGAL_NEW_RESOURCE(stuff->pid, client); rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY, - DixUnknownAccess); + DixGetAttrAccess); if (rc != Success) return rc; @@ -1129,7 +1122,13 @@ CreatePmap: shmdesc->addr + stuff->offset); if (pMap) { - pMap->devPrivates[shmPixmapPrivate].ptr = (pointer) shmdesc; + rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, RT_PIXMAP, + pMap, RT_NONE, NULL, DixCreateAccess); + if (rc != Success) { + pDraw->pScreen->DestroyPixmap(pMap); + return rc; + } + dixSetPrivate(&pMap->devPrivates, shmPixmapPrivate, shmdesc); shmdesc->refcnt++; pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER; pMap->drawable.id = stuff->pid; @@ -1137,6 +1136,7 @@ CreatePmap: { return(client->noClientException); } + pDraw->pScreen->DestroyPixmap(pMap); } return (BadAlloc); } diff --git a/Xext/sync.c b/Xext/sync.c index cea8f0acd..ce047024f 100644 --- a/Xext/sync.c +++ b/Xext/sync.c @@ -433,18 +433,18 @@ SyncInitTrigger(client, pTrigger, counter, changes) Mask changes; { SyncCounter *pCounter = pTrigger->pCounter; - int status; + int rc; Bool newcounter = FALSE; if (changes & XSyncCACounter) { if (counter == None) pCounter = NULL; - else if (!(pCounter = (SyncCounter *)SecurityLookupIDByType( - client, counter, RTCounter, DixReadAccess))) + else if (Success != (rc = dixLookupResource((pointer *)&pCounter, + counter, RTCounter, client, DixReadAccess))) { client->errorValue = counter; - return SyncErrorBase + XSyncBadCounter; + return (rc == BadValue) ? SyncErrorBase + XSyncBadCounter : rc; } if (pCounter != pTrigger->pCounter) { /* new counter for trigger */ @@ -526,8 +526,8 @@ SyncInitTrigger(client, pTrigger, counter, changes) */ if (newcounter) { - if ((status = SyncAddTriggerToCounter(pTrigger)) != Success) - return status; + if ((rc = SyncAddTriggerToCounter(pTrigger)) != Success) + return rc; } else if (IsSystemCounter(pCounter)) { @@ -1465,7 +1465,7 @@ ProcSyncSetPriority(client) priorityclient = client; else { rc = dixLookupClient(&priorityclient, stuff->id, client, - DixUnknownAccess); + DixSetAttrAccess); if (rc != Success) return rc; } @@ -1502,7 +1502,7 @@ ProcSyncGetPriority(client) priorityclient = client; else { rc = dixLookupClient(&priorityclient, stuff->id, client, - DixUnknownAccess); + DixGetAttrAccess); if (rc != Success) return rc; } diff --git a/Xext/xace.c b/Xext/xace.c index b4e0eee5f..9f8a8cc75 100644 --- a/Xext/xace.c +++ b/Xext/xace.c @@ -22,9 +22,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #endif #include <stdarg.h> -#include "windowstr.h" #include "scrnintstr.h" -#include "gcstruct.h" #include "xacestr.h" #include "modinit.h" @@ -81,95 +79,117 @@ int XaceHook(int hook, ...) va_arg(ap, ClientPtr), va_arg(ap, XID), va_arg(ap, RESTYPE), - va_arg(ap, Mask), va_arg(ap, pointer), - TRUE /* default allow */ + va_arg(ap, RESTYPE), + va_arg(ap, pointer), + va_arg(ap, Mask), + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_DEVICE_ACCESS: { XaceDeviceAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, DeviceIntPtr), - va_arg(ap, Bool), - TRUE /* default allow */ + va_arg(ap, Mask), + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_PROPERTY_ACCESS: { XacePropertyAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, WindowPtr), - va_arg(ap, Atom), + va_arg(ap, PropertyPtr), va_arg(ap, Mask), - XaceAllowOperation /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } - case XACE_DRAWABLE_ACCESS: { - XaceDrawableAccessRec rec = { + case XACE_SEND_ACCESS: { + XaceSendAccessRec rec = { va_arg(ap, ClientPtr), - va_arg(ap, DrawablePtr), - TRUE /* default allow */ + va_arg(ap, DeviceIntPtr), + va_arg(ap, WindowPtr), + va_arg(ap, xEventPtr), + va_arg(ap, int), + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } - case XACE_MAP_ACCESS: - case XACE_BACKGRND_ACCESS: { - XaceMapAccessRec rec = { + case XACE_RECEIVE_ACCESS: { + XaceReceiveAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, WindowPtr), - TRUE /* default allow */ + va_arg(ap, xEventPtr), + va_arg(ap, int), + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; + break; + } + case XACE_CLIENT_ACCESS: { + XaceClientAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, ClientPtr), + va_arg(ap, Mask), + Success /* default allow */ + }; + calldata = &rec; + prv = &rec.status; break; } - case XACE_EXT_DISPATCH: case XACE_EXT_ACCESS: { XaceExtAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, ExtensionEntry*), - TRUE /* default allow */ + DixGetAttrAccess, + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } - case XACE_HOSTLIST_ACCESS: { - XaceHostlistAccessRec rec = { + case XACE_SERVER_ACCESS: { + XaceServerAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, Mask), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } - case XACE_SITE_POLICY: { - XaceSitePolicyRec rec = { - va_arg(ap, char*), - va_arg(ap, int), - FALSE /* default unrecognized */ + case XACE_SELECTION_ACCESS: { + XaceSelectionAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, Atom), + va_arg(ap, Mask), + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } - case XACE_DECLARE_EXT_SECURE: { - XaceDeclareExtSecureRec rec = { - va_arg(ap, ExtensionEntry*), - va_arg(ap, Bool) + case XACE_SCREEN_ACCESS: + case XACE_SCREENSAVER_ACCESS: { + XaceScreenAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, ScreenPtr), + va_arg(ap, Mask), + Success /* default allow */ }; calldata = &rec; + prv = &rec.status; break; } case XACE_AUTH_AVAIL: { @@ -189,14 +209,6 @@ int XaceHook(int hook, ...) calldata = &rec; break; } - case XACE_WINDOW_INIT: { - XaceWindowRec rec = { - va_arg(ap, ClientPtr), - va_arg(ap, WindowPtr) - }; - calldata = &rec; - break; - } default: { va_end(ap); return 0; /* unimplemented hook number */ @@ -206,7 +218,7 @@ int XaceHook(int hook, ...) /* call callbacks and return result, if any. */ CallCallbacks(&XaceHooks[hook], calldata); - return prv ? *prv : 0; + return prv ? *prv : Success; } static int @@ -262,16 +274,16 @@ XaceCatchDispatchProc(ClientPtr client) { REQUEST(xReq); int major = stuff->reqType; - XaceCoreDispatchRec rec = { client, TRUE /* default allow */ }; + XaceCoreDispatchRec rec = { client, Success /* default allow */ }; if (!ProcVector[major]) - return (BadRequest); + return BadRequest; /* call callbacks and return result, if any. */ CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec); - if (!rec.rval) - return (BadAccess); + if (rec.status != Success) + return rec.status; return client->swapped ? (* SwappedProcVector[major])(client) : @@ -284,12 +296,16 @@ XaceCatchExtProc(ClientPtr client) REQUEST(xReq); int major = stuff->reqType; ExtensionEntry *ext = GetExtensionEntry(major); + XaceExtAccessRec rec = { client, ext, DixUseAccess, Success }; if (!ext || !ProcVector[major]) - return (BadRequest); + return BadRequest; + + /* call callbacks and return result, if any. */ + CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec); - if (!XaceHook(XACE_EXT_DISPATCH, client, ext)) - return (BadRequest); /* pretend extension doesn't exist */ + if (rec.status != Success) + return BadRequest; /* pretend extension doesn't exist */ return client->swapped ? (* SwappedProcVector[major])(client) : diff --git a/Xext/xace.h b/Xext/xace.h index 273635c73..6f92290a0 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -20,15 +20,10 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #ifndef _XACE_H #define _XACE_H -/* Hook return codes */ -#define XaceErrorOperation 0 -#define XaceAllowOperation 1 -#define XaceIgnoreOperation 2 - #ifdef XACE #define XACE_EXTENSION_NAME "XAccessControlExtension" -#define XACE_MAJOR_VERSION 1 +#define XACE_MAJOR_VERSION 2 #define XACE_MINOR_VERSION 0 #include "pixmap.h" /* for DrawablePtr */ @@ -37,6 +32,9 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #define XaceNumberEvents 0 #define XaceNumberErrors 0 +/* Default window background */ +#define XaceBackgroundNoneState None + /* security hooks */ /* Constants used to identify the available security hooks */ @@ -45,16 +43,16 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #define XACE_RESOURCE_ACCESS 2 #define XACE_DEVICE_ACCESS 3 #define XACE_PROPERTY_ACCESS 4 -#define XACE_DRAWABLE_ACCESS 5 -#define XACE_MAP_ACCESS 6 -#define XACE_BACKGRND_ACCESS 7 +#define XACE_SEND_ACCESS 5 +#define XACE_RECEIVE_ACCESS 6 +#define XACE_CLIENT_ACCESS 7 #define XACE_EXT_ACCESS 8 -#define XACE_HOSTLIST_ACCESS 9 -#define XACE_SITE_POLICY 10 -#define XACE_DECLARE_EXT_SECURE 11 -#define XACE_AUTH_AVAIL 12 -#define XACE_KEY_AVAIL 13 -#define XACE_WINDOW_INIT 14 +#define XACE_SERVER_ACCESS 9 +#define XACE_SELECTION_ACCESS 10 +#define XACE_SCREEN_ACCESS 11 +#define XACE_SCREENSAVER_ACCESS 12 +#define XACE_AUTH_AVAIL 13 +#define XACE_KEY_AVAIL 14 #define XACE_AUDIT_BEGIN 15 #define XACE_AUDIT_END 16 #define XACE_NUM_HOOKS 17 @@ -99,15 +97,18 @@ extern void XaceCensorImage( #else /* XACE */ +/* Default window background */ +#define XaceBackgroundNoneState None + /* Define calls away when XACE is not being built. */ #ifdef __GNUC__ -#define XaceHook(args...) XaceAllowOperation +#define XaceHook(args...) Success #define XaceHookAuditEnd(args...) { ; } #define XaceHookAuditBegin(args...) { ; } #define XaceCensorImage(args...) { ; } #else -#define XaceHook(...) XaceAllowOperation +#define XaceHook(...) Success #define XaceHookAuditEnd(...) { ; } #define XaceHookAuditBegin(...) { ; } #define XaceCensorImage(...) { ; } diff --git a/Xext/xacestr.h b/Xext/xacestr.h index 7114d066b..045f8364f 100644 --- a/Xext/xacestr.h +++ b/Xext/xacestr.h @@ -20,91 +20,110 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #ifndef _XACESTR_H #define _XACESTR_H -#include <X11/Xdefs.h> #include "dixstruct.h" #include "resource.h" #include "extnsionst.h" #include "gcstruct.h" #include "windowstr.h" #include "inputstr.h" +#include "propertyst.h" +#include "selection.h" #include "xace.h" /* XACE_CORE_DISPATCH */ typedef struct { ClientPtr client; - int rval; + int status; } XaceCoreDispatchRec; /* XACE_RESOURCE_ACCESS */ -/* XACE_RESOURCE_CREATE */ typedef struct { ClientPtr client; XID id; RESTYPE rtype; - Mask access_mode; pointer res; - int rval; + RESTYPE ptype; + pointer parent; + Mask access_mode; + int status; } XaceResourceAccessRec; /* XACE_DEVICE_ACCESS */ typedef struct { ClientPtr client; DeviceIntPtr dev; - Bool fromRequest; - int rval; + Mask access_mode; + int status; } XaceDeviceAccessRec; /* XACE_PROPERTY_ACCESS */ typedef struct { ClientPtr client; WindowPtr pWin; - Atom propertyName; + PropertyPtr pProp; Mask access_mode; - int rval; + int status; } XacePropertyAccessRec; -/* XACE_DRAWABLE_ACCESS */ +/* XACE_SEND_ACCESS */ typedef struct { ClientPtr client; - DrawablePtr pDraw; - int rval; -} XaceDrawableAccessRec; + DeviceIntPtr dev; + WindowPtr pWin; + xEventPtr events; + int count; + int status; +} XaceSendAccessRec; -/* XACE_MAP_ACCESS */ -/* XACE_BACKGRND_ACCESS */ +/* XACE_RECEIVE_ACCESS */ typedef struct { ClientPtr client; WindowPtr pWin; - int rval; -} XaceMapAccessRec; + xEventPtr events; + int count; + int status; +} XaceReceiveAccessRec; + +/* XACE_CLIENT_ACCESS */ +typedef struct { + ClientPtr client; + ClientPtr target; + Mask access_mode; + int status; +} XaceClientAccessRec; -/* XACE_EXT_DISPATCH_ACCESS */ +/* XACE_EXT_DISPATCH */ /* XACE_EXT_ACCESS */ typedef struct { ClientPtr client; ExtensionEntry *ext; - int rval; + Mask access_mode; + int status; } XaceExtAccessRec; -/* XACE_HOSTLIST_ACCESS */ +/* XACE_SERVER_ACCESS */ typedef struct { ClientPtr client; Mask access_mode; - int rval; -} XaceHostlistAccessRec; + int status; +} XaceServerAccessRec; -/* XACE_SITE_POLICY */ +/* XACE_SELECTION_ACCESS */ typedef struct { - char *policyString; - int len; - int rval; -} XaceSitePolicyRec; + ClientPtr client; + Atom name; + Mask access_mode; + int status; +} XaceSelectionAccessRec; -/* XACE_DECLARE_EXT_SECURE */ +/* XACE_SCREEN_ACCESS */ +/* XACE_SCREENSAVER_ACCESS */ typedef struct { - ExtensionEntry *ext; - Bool secure; -} XaceDeclareExtSecureRec; + ClientPtr client; + ScreenPtr screen; + Mask access_mode; + int status; +} XaceScreenAccessRec; /* XACE_AUTH_AVAIL */ typedef struct { @@ -119,12 +138,6 @@ typedef struct { int count; } XaceKeyAvailRec; -/* XACE_WINDOW_INIT */ -typedef struct { - ClientPtr client; - WindowPtr pWin; -} XaceWindowRec; - /* XACE_AUDIT_BEGIN */ /* XACE_AUDIT_END */ typedef struct { diff --git a/Xext/xcmisc.c b/Xext/xcmisc.c index 45450ef74..2f6208f1b 100644 --- a/Xext/xcmisc.c +++ b/Xext/xcmisc.c @@ -48,10 +48,6 @@ from The Open Group. #define UINT32_MAX 0xffffffffU #endif -#if 0 -static unsigned char XCMiscCode; -#endif - static void XCMiscResetProc( ExtensionEntry * /* extEntry */ ); @@ -68,20 +64,9 @@ static DISPATCH_PROC(SProcXCMiscGetXIDRange); void XCMiscExtensionInit(INITARGS) { -#if 0 - ExtensionEntry *extEntry; - - if ((extEntry = AddExtension(XCMiscExtensionName, 0, 0, - ProcXCMiscDispatch, SProcXCMiscDispatch, - XCMiscResetProc, StandardMinorOpcode)) != 0) - XCMiscCode = (unsigned char)extEntry->base; -#else - (void) AddExtension(XCMiscExtensionName, 0, 0, - ProcXCMiscDispatch, SProcXCMiscDispatch, - XCMiscResetProc, StandardMinorOpcode); -#endif - - DeclareExtensionSecurity(XCMiscExtensionName, TRUE); + AddExtension(XCMiscExtensionName, 0, 0, + ProcXCMiscDispatch, SProcXCMiscDispatch, + XCMiscResetProc, StandardMinorOpcode); } /*ARGSUSED*/ diff --git a/Xext/xevie.c b/Xext/xevie.c index 501625554..ff3a6282d 100644 --- a/Xext/xevie.c +++ b/Xext/xevie.c @@ -76,11 +76,11 @@ DeviceIntPtr xeviemouse = NULL; Mask xevieMask = 0; int xevieEventSent = 0; int xevieKBEventSent = 0; -static unsigned int xevieServerGeneration; -static int xevieDevicePrivateIndex; +static DevPrivateKey xevieDevicePrivateKey = &xevieDevicePrivateKey; static Bool xevieModifiersOn = FALSE; -#define XEVIEINFO(dev) ((xevieDeviceInfoPtr)dev->devPrivates[xevieDevicePrivateIndex].ptr) +#define XEVIEINFO(dev) ((xevieDeviceInfoPtr) \ + dixLookupPrivate(&(dev)->devPrivates, xevieDevicePrivateKey)) Mask xevieFilters[128] = { @@ -134,12 +134,6 @@ XevieExtensionInit (void) { ExtensionEntry* extEntry; - if (serverGeneration != xevieServerGeneration) { - if ((xevieDevicePrivateIndex = AllocateDevicePrivateIndex()) == -1) - return; - xevieServerGeneration = serverGeneration; - } - if (!AddCallback(&ServerGrabCallback,XevieServerGrabStateCallback,NULL)) return; @@ -374,7 +368,7 @@ int SProcSelectInput (ClientPtr client) REQUEST (xXevieSelectInputReq); swaps (&stuff->length, n); - REQUEST_AT_LEAST_SIZE (xXevieSendReq); + REQUEST_AT_LEAST_SIZE (xXevieSelectInputReq); swapl(&stuff->event_mask, n); return ProcSelectInput (client); } @@ -618,14 +612,11 @@ XevieAdd(DeviceIntPtr device, void* data) { xevieDeviceInfoPtr xeviep; - if (!AllocateDevicePrivate(device, xevieDevicePrivateIndex)) - return FALSE; - xeviep = xalloc (sizeof (xevieDeviceInfoRec)); if (!xeviep) return FALSE; - device->devPrivates[xevieDevicePrivateIndex].ptr = xeviep; + dixSetPrivate(&device->devPrivates, xevieDevicePrivateKey, xeviep); XevieUnwrapAdd(device, data); return TRUE; @@ -642,7 +633,7 @@ XevieRemove(DeviceIntPtr device,pointer data) UNWRAP_UNWRAPPROC(device,xeviep->unwrapProc); xfree(xeviep); - device->devPrivates[xevieDevicePrivateIndex].ptr = NULL; + dixSetPrivate(&device->devPrivates, xevieDevicePrivateKey, NULL); return TRUE; } diff --git a/Xext/xf86bigfont.c b/Xext/xf86bigfont.c index b20e82d6e..779f3b940 100644 --- a/Xext/xf86bigfont.c +++ b/Xext/xf86bigfont.c @@ -86,10 +86,6 @@ static DISPATCH_PROC(SProcXF86BigfontDispatch); static DISPATCH_PROC(SProcXF86BigfontQueryVersion); static DISPATCH_PROC(SProcXF86BigfontQueryFont); -#if 0 -static unsigned char XF86BigfontReqCode; -#endif - #ifdef HAS_SHM /* A random signature, transmitted to the clients so they can verify that the @@ -149,18 +145,6 @@ CheckForShmSyscall(void) void XFree86BigfontExtensionInit() { -#if 0 - ExtensionEntry* extEntry; - - if ((extEntry = AddExtension(XF86BIGFONTNAME, - XF86BigfontNumberEvents, - XF86BigfontNumberErrors, - ProcXF86BigfontDispatch, - SProcXF86BigfontDispatch, - XF86BigfontResetProc, - StandardMinorOpcode))) { - XF86BigfontReqCode = (unsigned char) extEntry->base; -#else if (AddExtension(XF86BIGFONTNAME, XF86BigfontNumberEvents, XF86BigfontNumberErrors, @@ -168,7 +152,6 @@ XFree86BigfontExtensionInit() SProcXF86BigfontDispatch, XF86BigfontResetProc, StandardMinorOpcode)) { -#endif #ifdef HAS_SHM #ifdef MUST_CHECK_FOR_SHM_SYSCALL /* @@ -445,10 +428,10 @@ ProcXF86BigfontQueryFont( #endif client->errorValue = stuff->id; /* EITHER font or gc */ pFont = (FontPtr)SecurityLookupIDByType(client, stuff->id, RT_FONT, - DixReadAccess); + DixGetAttrAccess); if (!pFont) { GC *pGC = (GC *) SecurityLookupIDByType(client, stuff->id, RT_GC, - DixReadAccess); + DixGetAttrAccess); if (!pGC) { client->errorValue = stuff->id; return BadFont; /* procotol spec says only error is BadFont */ diff --git a/Xext/xprint.c b/Xext/xprint.c index df189a1ac..aa345497f 100644 --- a/Xext/xprint.c +++ b/Xext/xprint.c @@ -153,8 +153,6 @@ static int XpFreePage(pointer, XID); static Bool XpCloseScreen(int, ScreenPtr); static CARD32 GetAllEventMasks(XpContextPtr); static struct _XpClient *CreateXpClient(ClientPtr); -static void InitContextPrivates(XpContextPtr); -static void ResetContextPrivates(void); static struct _XpClient *FindClient(XpContextPtr, ClientPtr); static struct _XpClient *AcquireClient(XpContextPtr, ClientPtr); @@ -233,21 +231,12 @@ static XpScreenPtr XpScreens[MAXSCREENS]; static unsigned char XpReqCode; static int XpEventBase; static int XpErrorBase; -static unsigned long XpGeneration = 0; -static int XpClientPrivateIndex; - -/* Variables for the context private machinery. - * These must be initialized at compile time because - * main() calls InitOutput before InitExtensions, and the - * output drivers are likely to call AllocateContextPrivate. - * These variables are reset at CloseScreen time. CloseScreen - * is used because it occurs after FreeAllResources, and before - * the next InitOutput cycle. - */ -static int contextPrivateCount = 0; -static int contextPrivateLen = 0; -static unsigned *contextPrivateSizes = (unsigned *)NULL; -static unsigned totalContextSize = sizeof(XpContextRec); +static DevPrivateKey XpClientPrivateKey = &XpClientPrivateKey; + +#define XP_GETPRIV(pClient) ((XpContextPtr) \ + dixLookupPrivate(&(pClient)->devPrivates, XpClientPrivateKey)) +#define XP_SETPRIV(pClient, p) \ + dixSetPrivate(&(pClient)->devPrivates, XpClientPrivateKey, p) /* * There are three types of resources involved. One is the resource associated @@ -305,20 +294,6 @@ XpExtensionInit(INITARGS) EventSwapVector[XpEventBase+1] = (EventSwapPtr) SwapXpAttributeEvent; } - if(XpGeneration != serverGeneration) - { - XpClientPrivateIndex = AllocateClientPrivateIndex(); - /* - * We allocate 0 length & simply stuff a pointer to the - * ContextRec in the DevUnion. - */ - if(AllocateClientPrivate(XpClientPrivateIndex, 0) != TRUE) - { - /* we can't alloc a client private, should we bail??? XXX */ - } - XpGeneration = serverGeneration; - } - for(i = 0; i < MAXSCREENS; i++) { /* @@ -335,7 +310,6 @@ XpExtensionInit(INITARGS) screenInfo.screens[i]->CloseScreen = XpCloseScreen; } } - DeclareExtensionSecurity(XP_PRINTNAME, TRUE); } static void @@ -378,36 +352,9 @@ XpCloseScreen(int index, ScreenPtr pScreen) } XpScreens[index] = (XpScreenPtr)NULL; - /* - * It's wasteful to call ResetContextPrivates() at every CloseScreen, - * but it's the best we know how to do for now. We do this because we - * have to wait until after all resources have been freed (so we know - * how to free the ContextRecs), and before the next InitOutput cycle. - * See dix/main.c for the order of initialization and reset. - */ - ResetContextPrivates(); return (*CloseScreen)(index, pScreen); } -#if 0 /* NOT USED */ -static void -FreeScreenEntry(XpScreenPtr pScreenEntry) -{ - XpDriverPtr pDriver; - - pDriver = pScreenEntry->drivers; - while(pDriver != (XpDriverPtr)NULL) - { - XpDriverPtr tmp; - - tmp = pDriver->next; - xfree(pDriver); - pDriver = tmp; - } - xfree(pScreenEntry); -} -#endif - /* * XpRegisterInitFunc tells the print extension which screens * are printers as opposed to displays, and what drivers are @@ -957,12 +904,10 @@ ProcXpCreateContext(ClientPtr client) /* * Allocate and add the context resource. */ - if((pContext = (XpContextPtr) xalloc(totalContextSize)) == + if((pContext = (XpContextPtr) xalloc(sizeof(XpContextRec))) == (XpContextPtr) NULL) return BadAlloc; - InitContextPrivates(pContext); - if(AddResource(stuff->contextID, RTcontext, (pointer) pContext) != TRUE) { @@ -976,6 +921,7 @@ ProcXpCreateContext(ClientPtr client) pContext->state = 0; pContext->clientSlept = (ClientPtr)NULL; pContext->imageRes = 0; + pContext->devPrivates = NULL; pContext->funcs.DestroyContext = 0; pContext->funcs.StartJob = 0; @@ -1042,8 +988,7 @@ ProcXpSetContext(ClientPtr client) REQUEST_AT_LEAST_SIZE(xPrintSetContextReq); - if((pContext = client->devPrivates[XpClientPrivateIndex].ptr) != - (pointer)NULL) + if((pContext = XP_GETPRIV(client)) != (pointer)NULL) { /* * Erase this client's knowledge of its old context, if any. @@ -1056,7 +1001,7 @@ ProcXpSetContext(ClientPtr client) FreeXpClient(pPrintClient, TRUE); } - client->devPrivates[XpClientPrivateIndex].ptr = (pointer)NULL; + XP_SETPRIV(client, NULL); } if(stuff->printContext == None) return Success; @@ -1078,7 +1023,7 @@ ProcXpSetContext(ClientPtr client) if((pPrintClient = AcquireClient(pContext, client)) == (XpClientPtr)NULL) return BadAlloc; - client->devPrivates[XpClientPrivateIndex].ptr = pContext; + XP_SETPRIV(client, pContext); XpSetFontResFunc(client); @@ -1091,7 +1036,7 @@ ProcXpSetContext(ClientPtr client) XpContextPtr XpGetPrintContext(ClientPtr client) { - return (client->devPrivates[XpClientPrivateIndex].ptr); + return XP_GETPRIV(client); } static int @@ -1106,8 +1051,7 @@ ProcXpGetContext(ClientPtr client) REQUEST_SIZE_MATCH(xPrintGetContextReq); - if((pContext = client->devPrivates[XpClientPrivateIndex].ptr) == - (pointer)NULL) + if((pContext = XP_GETPRIV(client)) == (pointer)NULL) rep.printContext = None; else rep.printContext = pContext->contextID; @@ -1250,6 +1194,7 @@ XpFreeContext(pointer data, XID id) } xfree(pContext->printerName); + dixFreePrivates(pContext->devPrivates); xfree(pContext); return Success; /* ??? */ } @@ -1285,11 +1230,9 @@ FreeXpClient(XpClientPtr pXpClient, Bool freeResource) * If we're freeing the clientRec associated with the context tied * to the client's devPrivates, then we need to clear the devPrivates. */ - if(pXpClient->client->devPrivates[XpClientPrivateIndex].ptr == - pXpClient->context) + if(XP_GETPRIV(pXpClient->client) == pXpClient->context) { - pXpClient->client->devPrivates[XpClientPrivateIndex].ptr = - (pointer)NULL; + XP_SETPRIV(pXpClient->client, NULL); } for(pPrev = (XpClientPtr)NULL, pCurrent = pContext->clientHead; @@ -1373,87 +1316,6 @@ XpFreePage(pointer data, XID id) return result; } -/* - * ContextPrivate machinery. - * Context privates are intended for use by the drivers, allowing the - * drivers to maintain context-specific data. The driver should free - * the associated data at DestroyContext time. - */ - -static void -InitContextPrivates(XpContextPtr context) -{ - char *ptr; - DevUnion *ppriv; - unsigned *sizes; - unsigned size; - int i; - - if (totalContextSize == sizeof(XpContextRec)) - ppriv = (DevUnion *)NULL; - else - ppriv = (DevUnion *)(context + 1); - - context->devPrivates = ppriv; - sizes = contextPrivateSizes; - ptr = (char *)(ppriv + contextPrivateLen); - for (i = contextPrivateLen; --i >= 0; ppriv++, sizes++) - { - if ( (size = *sizes) ) - { - ppriv->ptr = (pointer)ptr; - ptr += size; - } - else - ppriv->ptr = (pointer)NULL; - } -} - -static void -ResetContextPrivates(void) -{ - contextPrivateCount = 0; - contextPrivateLen = 0; - xfree(contextPrivateSizes); - contextPrivateSizes = (unsigned *)NULL; - totalContextSize = sizeof(XpContextRec); - -} - -int -XpAllocateContextPrivateIndex(void) -{ - return contextPrivateCount++; -} - -Bool -XpAllocateContextPrivate(int index, unsigned amount) -{ - unsigned oldamount; - - if (index >= contextPrivateLen) - { - unsigned *nsizes; - nsizes = (unsigned *)xrealloc(contextPrivateSizes, - (index + 1) * sizeof(unsigned)); - if (!nsizes) - return FALSE; - while (contextPrivateLen <= index) - { - nsizes[contextPrivateLen++] = 0; - totalContextSize += sizeof(DevUnion); - } - contextPrivateSizes = nsizes; - } - oldamount = contextPrivateSizes[index]; - if (amount > oldamount) - { - contextPrivateSizes[index] = amount; - totalContextSize += (amount - oldamount); - } - return TRUE; -} - static XpClientPtr AcquireClient(XpContextPtr pContext, ClientPtr client) { @@ -1502,8 +1364,7 @@ ProcXpStartJob(ClientPtr client) REQUEST_SIZE_MATCH(xPrintStartJobReq); /* Check to see that a context has been established by this client. */ - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadContext; if(pContext->state != 0) @@ -1543,8 +1404,7 @@ ProcXpEndJob(ClientPtr client) REQUEST_SIZE_MATCH(xPrintEndJobReq); - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadSequence; if(!(pContext->state & JOB_STARTED)) @@ -1649,8 +1509,7 @@ ProcXpStartDoc(ClientPtr client) REQUEST_SIZE_MATCH(xPrintStartDocReq); - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadSequence; if(!(pContext->state & JOB_STARTED) || @@ -1685,8 +1544,7 @@ ProcXpEndDoc(ClientPtr client) REQUEST_SIZE_MATCH(xPrintEndDocReq); - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadSequence; if(!(pContext->state & DOC_RAW_STARTED) && @@ -1838,8 +1696,7 @@ ProcXpStartPage(ClientPtr client) REQUEST_SIZE_MATCH(xPrintStartPageReq); - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadSequence; if(!(pContext->state & JOB_STARTED)) @@ -1883,8 +1740,7 @@ ProcXpEndPage(ClientPtr client) REQUEST_SIZE_MATCH(xPrintEndPageReq); - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadSequence; if(!(pContext->state & PAGE_STARTED)) @@ -1933,8 +1789,7 @@ ProcXpPutDocumentData(ClientPtr client) REQUEST_AT_LEAST_SIZE(xPrintPutDocumentDataReq); - if((pContext = (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr) - == (XpContextPtr)NULL) + if((pContext = XP_GETPRIV(client)) == (XpContextPtr)NULL) return XpErrorBase+XPBadSequence; if(!(pContext->state & DOC_RAW_STARTED) && @@ -2444,7 +2299,7 @@ GetAllEventMasks(XpContextPtr pContext) XpContextPtr XpContextOfClient(ClientPtr client) { - return (XpContextPtr)client->devPrivates[XpClientPrivateIndex].ptr; + return XP_GETPRIV(client); } diff --git a/Xext/xres.c b/Xext/xres.c index 9bbf0a48d..c6fcc3e5e 100644 --- a/Xext/xres.c +++ b/Xext/xres.c @@ -17,6 +17,7 @@ #include "dixstruct.h" #include "extnsionst.h" #include "swaprep.h" +#include "registry.h" #include <X11/extensions/XResproto.h> #include "pixmapstr.h" #include "windowstr.h" @@ -66,7 +67,7 @@ ProcXResQueryClients (ClientPtr client) current_clients = xalloc((currentMaxClients - 1) * sizeof(int)); num_clients = 0; - for(i = 1; i < currentMaxClients; i++) { + for(i = 0; i < currentMaxClients; i++) { if(clients[i]) { current_clients[num_clients] = i; num_clients++; @@ -127,9 +128,7 @@ ProcXResQueryClientResources (ClientPtr client) clientID = CLIENT_ID(stuff->xid); - /* we could remove the (clientID == 0) check if we wanted to allow - probing the X-server's resource usage */ - if(!clientID || (clientID >= currentMaxClients) || !clients[clientID]) { + if((clientID >= currentMaxClients) || !clients[clientID]) { client->errorValue = stuff->xid; return BadValue; } @@ -161,17 +160,20 @@ ProcXResQueryClientResources (ClientPtr client) if(num_types) { xXResType scratch; + char *name; for(i = 0; i < lastResourceType; i++) { if(!counts[i]) continue; - if(!ResourceNames[i + 1]) { + name = (char *)LookupResourceName(i + 1); + if (strcmp(name, XREGISTRY_UNKNOWN)) + scratch.resource_type = MakeAtom(name, strlen(name), TRUE); + else { char buf[40]; snprintf(buf, sizeof(buf), "Unregistered resource %i", i + 1); - RegisterResourceName(i + 1, buf); + scratch.resource_type = MakeAtom(buf, strlen(buf), TRUE); } - scratch.resource_type = ResourceNames[i + 1]; scratch.count = counts[i]; if(client->swapped) { @@ -250,9 +252,7 @@ ProcXResQueryClientPixmapBytes (ClientPtr client) clientID = CLIENT_ID(stuff->xid); - /* we could remove the (clientID == 0) check if we wanted to allow - probing the X-server's resource usage */ - if(!clientID || (clientID >= currentMaxClients) || !clients[clientID]) { + if((clientID >= currentMaxClients) || !clients[clientID]) { client->errorValue = stuff->xid; return BadValue; } @@ -387,15 +387,4 @@ ResExtensionInit(INITARGS) (void) AddExtension(XRES_NAME, 0, 0, ProcResDispatch, SProcResDispatch, ResResetProc, StandardMinorOpcode); - - RegisterResourceName(RT_NONE, "NONE"); - RegisterResourceName(RT_WINDOW, "WINDOW"); - RegisterResourceName(RT_PIXMAP, "PIXMAP"); - RegisterResourceName(RT_GC, "GC"); - RegisterResourceName(RT_FONT, "FONT"); - RegisterResourceName(RT_CURSOR, "CURSOR"); - RegisterResourceName(RT_COLORMAP, "COLORMAP"); - RegisterResourceName(RT_CMAPENTRY, "COLORMAP ENTRY"); - RegisterResourceName(RT_OTHERCLIENT, "OTHER CLIENT"); - RegisterResourceName(RT_PASSIVEGRAB, "PASSIVE GRAB"); } diff --git a/Xext/xselinux.c b/Xext/xselinux.c new file mode 100644 index 000000000..bbd8d1a46 --- /dev/null +++ b/Xext/xselinux.c @@ -0,0 +1,1438 @@ +/************************************************************ + +Author: Eamon Walsh <ewalsh@epoch.ncsc.mil> + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +/* + * Portions of this code copyright (c) 2005 by Trusted Computer Solutions, Inc. + * All rights reserved. + */ + +#include <selinux/selinux.h> +#include <selinux/label.h> +#include <selinux/avc.h> + +#include <libaudit.h> + +#ifdef HAVE_DIX_CONFIG_H +#include <dix-config.h> +#endif + +#include <X11/Xatom.h> +#include "resource.h" +#include "privates.h" +#include "registry.h" +#include "dixstruct.h" +#include "extnsionst.h" +#include "scrnintstr.h" +#include "selection.h" +#include "xacestr.h" +#include "xselinux.h" +#define XSERV_t +#define TRANS_SERVER +#include <X11/Xtrans/Xtrans.h> +#include "../os/osdep.h" +#include <stdio.h> +#include <stdarg.h> +#include "modinit.h" + + +/* + * Globals + */ + +/* private state record */ +static DevPrivateKey stateKey = &stateKey; + +/* This is what we store for security state */ +typedef struct { + security_id_t sid; + struct avc_entry_ref aeref; + char *command; +} SELinuxStateRec; + +/* selection manager */ +typedef struct { + Atom selection; + security_id_t sid; +} SELinuxSelectionRec; + +static ClientPtr selectionManager; +static Window selectionWindow; + +/* audit file descriptor */ +static int audit_fd; + +/* structure passed to auditing callback */ +typedef struct { + ClientPtr client; /* client */ + char *command; /* client's executable path */ + unsigned id; /* resource id, if any */ + int restype; /* resource type, if any */ + int event; /* event type, if any */ + Atom property; /* property name, if any */ + Atom selection; /* selection name, if any */ + char *extension; /* extension name, if any */ +} SELinuxAuditRec; + +/* labeling handle */ +static struct selabel_handle *label_hnd; + +/* whether AVC is active */ +static int avc_active; + +/* atoms for window label properties */ +static Atom atom_ctx; +static Atom atom_client_ctx; + +/* The unlabeled SID */ +static security_id_t unlabeled_sid; + +/* Array of object classes indexed by resource type */ +static security_class_t *knownTypes; +static unsigned numKnownTypes; + +/* Array of event SIDs indexed by event type */ +static security_id_t *knownEvents; +static unsigned numKnownEvents; + +/* Array of selection SID structures */ +static SELinuxSelectionRec *knownSelections; +static unsigned numKnownSelections; + +/* dynamically allocated security classes and permissions */ +static struct security_class_mapping map[] = { + { "x_drawable", { "read", "write", "destroy", "create", "getattr", "setattr", "list_property", "get_property", "set_property", "", "", "list_child", "add_child", "remove_child", "hide", "show", "blend", "override", "", "", "", "", "send", "receive", "", "manage", NULL }}, + { "x_screen", { "", "", "", "", "getattr", "setattr", "saver_getattr", "saver_setattr", "", "", "", "", "", "", "hide_cursor", "show_cursor", "saver_hide", "saver_show", NULL }}, + { "x_gc", { "", "", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }}, + { "x_font", { "", "", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_glyph", "remove_glyph", "", "", "", "", "", "", "", "", "", "", "use", NULL }}, + { "x_colormap", { "read", "write", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_color", "remove_color", "", "", "", "", "", "", "install", "uninstall", "", "", "use", NULL }}, + { "x_property", { "read", "write", "destroy", "create", NULL }}, + { "x_selection", { "read", "", "", "", "getattr", "setattr", NULL }}, + { "x_cursor", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }}, + { "x_client", { "", "", "destroy", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "manage", NULL }}, + { "x_device", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "", "manage", "", "bell", NULL }}, + { "x_server", { "record", "", "", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "grab", "", "", "", "", "", "", "", "manage", "debug", NULL }}, + { "x_extension", { "", "", "", "", "query", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }}, + { "x_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }}, + { "x_synthetic_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }}, + { "x_resource", { "read", "write", "write", "write", "read", "write", "read", "read", "write", "read", "write", "read", "write", "write", "write", "read", "read", "write", "write", "write", "write", "write", "write", "read", "read", "write", "read", "write", NULL }}, + { NULL } +}; + +/* forward declarations */ +static void SELinuxScreen(CallbackListPtr *, pointer, pointer); + +/* "true" pointer value for use as callback data */ +static pointer truep = (pointer)1; + + +/* + * Support Routines + */ + +/* + * Looks up the SID corresponding to the given selection atom + */ +static int +SELinuxSelectionToSID(Atom selection, SELinuxStateRec *sid_return) +{ + const char *name; + unsigned i, size; + + for (i = 0; i < numKnownSelections; i++) + if (knownSelections[i].selection == selection) { + sid_return->sid = knownSelections[i].sid; + return Success; + } + + /* Need to increase size of array */ + i = numKnownSelections; + size = (i + 1) * sizeof(SELinuxSelectionRec); + knownSelections = xrealloc(knownSelections, size); + if (!knownSelections) + return BadAlloc; + knownSelections[i].selection = selection; + + /* Look in the mappings of selection names to contexts */ + name = NameForAtom(selection); + if (name) { + security_context_t con; + security_id_t sid; + + if (selabel_lookup(label_hnd, &con, name, SELABEL_X_SELN) < 0) { + ErrorF("XSELinux: a selection label lookup failed!\n"); + return BadValue; + } + /* Get a SID for context */ + if (avc_context_to_sid(con, &sid) < 0) { + ErrorF("XSELinux: a context_to_SID call failed!\n"); + return BadAlloc; + } + freecon(con); + knownSelections[i].sid = sid_return->sid = sid; + } else + knownSelections[i].sid = sid_return->sid = unlabeled_sid; + + return Success; +} + +/* + * Looks up the SID corresponding to the given event type + */ +static int +SELinuxEventToSID(unsigned type, security_id_t sid_of_window, + SELinuxStateRec *sid_return) +{ + const char *name = LookupEventName(type); + security_context_t con; + type &= 127; + + if (type >= numKnownEvents) { + /* Need to increase size of classes array */ + unsigned size = sizeof(security_id_t); + knownEvents = xrealloc(knownEvents, (type + 1) * size); + if (!knownEvents) + return BadAlloc; + memset(knownEvents + numKnownEvents, 0, + (type - numKnownEvents + 1) * size); + numKnownEvents = type + 1; + } + + if (!knownEvents[type]) { + /* Look in the mappings of event names to contexts */ + if (selabel_lookup(label_hnd, &con, name, SELABEL_X_EVENT) < 0) { + ErrorF("XSELinux: an event label lookup failed!\n"); + return BadValue; + } + /* Get a SID for context */ + if (avc_context_to_sid(con, knownEvents + type) < 0) { + ErrorF("XSELinux: a context_to_SID call failed!\n"); + return BadAlloc; + } + freecon(con); + } + + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(sid_of_window, knownEvents[type], SECCLASS_X_EVENT, + &sid_return->sid) < 0) { + ErrorF("XSELinux: a compute_create call failed!\n"); + return BadValue; + } + + return Success; +} + +/* + * Returns the object class corresponding to the given resource type. + */ +static security_class_t +SELinuxTypeToClass(RESTYPE type) +{ + RESTYPE fulltype = type; + type &= TypeMask; + + if (type >= numKnownTypes) { + /* Need to increase size of classes array */ + unsigned size = sizeof(security_class_t); + knownTypes = xrealloc(knownTypes, (type + 1) * size); + if (!knownTypes) + return 0; + memset(knownTypes + numKnownTypes, 0, + (type - numKnownTypes + 1) * size); + numKnownTypes = type + 1; + } + + if (!knownTypes[type]) { + const char *str; + knownTypes[type] = SECCLASS_X_RESOURCE; + + if (fulltype & RC_DRAWABLE) + knownTypes[type] = SECCLASS_X_DRAWABLE; + if (fulltype == RT_GC) + knownTypes[type] = SECCLASS_X_GC; + if (fulltype == RT_FONT) + knownTypes[type] = SECCLASS_X_FONT; + if (fulltype == RT_CURSOR) + knownTypes[type] = SECCLASS_X_CURSOR; + if (fulltype == RT_COLORMAP) + knownTypes[type] = SECCLASS_X_COLORMAP; + + /* Need to do a string lookup */ + str = LookupResourceName(fulltype); + if (!strcmp(str, "PICTURE")) + knownTypes[type] = SECCLASS_X_DRAWABLE; + if (!strcmp(str, "GLYPHSET")) + knownTypes[type] = SECCLASS_X_FONT; + } + + return knownTypes[type]; +} + +/* + * Performs an SELinux permission check. + */ +static int +SELinuxDoCheck(int clientIndex, SELinuxStateRec *subj, SELinuxStateRec *obj, + security_class_t class, Mask mode, SELinuxAuditRec *auditdata) +{ + /* serverClient requests OK */ + if (clientIndex == 0) + return Success; + + auditdata->command = subj->command; + errno = 0; + + if (avc_has_perm(subj->sid, obj->sid, class, mode, &subj->aeref, + auditdata) < 0) { + if (errno == EACCES) + return BadAccess; + ErrorF("ServerPerm: unexpected error %d\n", errno); + return BadValue; + } + + return Success; +} + +/* + * Labels a newly connected client. + */ +static void +SELinuxLabelClient(ClientPtr client) +{ + XtransConnInfo ci = ((OsCommPtr)client->osPrivate)->trans_conn; + SELinuxStateRec *state; + security_context_t ctx; + + state = dixLookupPrivate(&client->devPrivates, stateKey); + sidput(state->sid); + + if (_XSERVTransIsLocal(ci)) { + int fd = _XSERVTransGetConnectionNumber(ci); + struct ucred creds; + socklen_t len = sizeof(creds); + char path[PATH_MAX + 1]; + size_t bytes; + + /* For local clients, can get context from the socket */ + if (getpeercon(fd, &ctx) < 0) + FatalError("Client %d: couldn't get context from socket\n", + client->index); + + /* Try and determine the client's executable name */ + memset(&creds, 0, sizeof(creds)); + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0) + goto finish; + + snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid); + fd = open(path, O_RDONLY); + if (fd < 0) + goto finish; + + bytes = read(fd, path, PATH_MAX + 1); + close(fd); + if (bytes <= 0) + goto finish; + + state->command = xalloc(bytes); + if (!state->command) + goto finish; + + memcpy(state->command, path, bytes); + state->command[bytes - 1] = 0; + } else + /* For remote clients, need to use a default context */ + if (selabel_lookup(label_hnd, &ctx, NULL, SELABEL_X_CLIENT) < 0) + FatalError("Client %d: couldn't get default remote context\n", + client->index); + +finish: + /* Get a SID from the context */ + if (avc_context_to_sid(ctx, &state->sid) < 0) + FatalError("Client %d: context_to_sid(%s) failed\n", + client->index, ctx); + + freecon(ctx); +} + +/* + * Labels initial server objects. + */ +static void +SELinuxLabelInitial(void) +{ + int i; + XaceScreenAccessRec srec; + SELinuxStateRec *state; + security_context_t ctx; + pointer unused; + + /* Do the serverClient */ + state = dixLookupPrivate(&serverClient->devPrivates, stateKey); + sidput(state->sid); + + /* Use the context of the X server process for the serverClient */ + if (getcon(&ctx) < 0) + FatalError("Couldn't get context of X server process\n"); + + /* Get a SID from the context */ + if (avc_context_to_sid(ctx, &state->sid) < 0) + FatalError("serverClient: context_to_sid(%s) failed\n", ctx); + + freecon(ctx); + + srec.client = serverClient; + srec.access_mode = DixCreateAccess; + srec.status = Success; + + for (i = 0; i < screenInfo.numScreens; i++) { + /* Do the screen object */ + srec.screen = screenInfo.screens[i]; + SELinuxScreen(NULL, NULL, &srec); + + /* Do the default colormap */ + dixLookupResource(&unused, screenInfo.screens[i]->defColormap, + RT_COLORMAP, serverClient, DixCreateAccess); + } +} + + +/* + * Libselinux Callbacks + */ + +static int +SELinuxAudit(void *auditdata, + security_class_t class, + char *msgbuf, + size_t msgbufsize) +{ + SELinuxAuditRec *audit = auditdata; + ClientPtr client = audit->client; + char idNum[16], *propertyName, *selectionName; + int major = -1, minor = -1; + + if (client) { + REQUEST(xReq); + if (stuff) { + major = stuff->reqType; + minor = MinorOpcodeOfRequest(client); + } + } + if (audit->id) + snprintf(idNum, 16, "%x", audit->id); + + propertyName = audit->property ? NameForAtom(audit->property) : NULL; + selectionName = audit->selection ? NameForAtom(audit->selection) : NULL; + + return snprintf(msgbuf, msgbufsize, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", + (major >= 0) ? "request=" : "", + (major >= 0) ? LookupRequestName(major, minor) : "", + audit->command ? " comm=" : "", + audit->command ? audit->command : "", + audit->id ? " resid=" : "", + audit->id ? idNum : "", + audit->restype ? " restype=" : "", + audit->restype ? LookupResourceName(audit->restype) : "", + audit->event ? " event=" : "", + audit->event ? LookupEventName(audit->event & 127) : "", + audit->property ? " property=" : "", + audit->property ? propertyName : "", + audit->selection ? " selection=" : "", + audit->selection ? selectionName : "", + audit->extension ? " extension=" : "", + audit->extension ? audit->extension : ""); +} + +static int +SELinuxLog(int type, const char *fmt, ...) +{ + va_list ap; + char buf[MAX_AUDIT_MESSAGE_LENGTH]; + int rc, aut = AUDIT_USER_AVC; + + va_start(ap, fmt); + vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap); + rc = audit_log_user_avc_message(audit_fd, aut, buf, NULL, NULL, NULL, 0); + va_end(ap); + return 0; +} + +/* + * XACE Callbacks + */ + +static void +SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceDeviceAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj; + SELinuxAuditRec auditdata = { .client = rec->client }; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->dev->devPrivates, stateKey); + + /* If this is a new object that needs labeling, do it now */ + if (rec->access_mode & DixCreateAccess) { + sidput(obj->sid); + + /* Label the device directly with the process SID */ + sidget(subj->sid); + obj->sid = subj->sid; + } + + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE, + rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceSendAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj, ev_sid; + SELinuxAuditRec auditdata = { .client = rec->client }; + security_class_t class; + int rc, i, type, clientIndex; + + if (rec->dev) { + subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey); + clientIndex = -1; /* some nonzero value */ + } else { + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + clientIndex = rec->client->index; + } + + obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey); + + /* Check send permission on window */ + rc = SELinuxDoCheck(clientIndex, subj, obj, SECCLASS_X_DRAWABLE, + DixSendAccess, &auditdata); + if (rc != Success) + goto err; + + /* Check send permission on specific event types */ + for (i = 0; i < rec->count; i++) { + type = rec->events[i].u.u.type; + class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; + + rc = SELinuxEventToSID(type, obj->sid, &ev_sid); + if (rc != Success) + goto err; + + auditdata.event = type; + rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class, + DixSendAccess, &auditdata); + if (rc != Success) + goto err; + } + return; +err: + rec->status = rc; +} + +static void +SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceReceiveAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj, ev_sid; + SELinuxAuditRec auditdata = { .client = NULL }; + security_class_t class; + int rc, i, type; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey); + + /* Check receive permission on window */ + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DRAWABLE, + DixReceiveAccess, &auditdata); + if (rc != Success) + goto err; + + /* Check receive permission on specific event types */ + for (i = 0; i < rec->count; i++) { + type = rec->events[i].u.u.type; + class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; + + rc = SELinuxEventToSID(type, obj->sid, &ev_sid); + if (rc != Success) + goto err; + + auditdata.event = type; + rc = SELinuxDoCheck(rec->client->index, subj, &ev_sid, class, + DixReceiveAccess, &auditdata); + if (rc != Success) + goto err; + } + return; +err: + rec->status = rc; +} + +static void +SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceExtAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj, *serv; + SELinuxAuditRec auditdata = { .client = rec->client }; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->ext->devPrivates, stateKey); + + /* If this is a new object that needs labeling, do it now */ + /* XXX there should be a separate callback for this */ + if (obj->sid == unlabeled_sid) { + const char *name = rec->ext->name; + security_context_t con; + security_id_t sid; + + serv = dixLookupPrivate(&serverClient->devPrivates, stateKey); + + /* Look in the mappings of property names to contexts */ + if (selabel_lookup(label_hnd, &con, name, SELABEL_X_EXT) < 0) { + ErrorF("XSELinux: a property label lookup failed!\n"); + rec->status = BadValue; + return; + } + /* Get a SID for context */ + if (avc_context_to_sid(con, &sid) < 0) { + ErrorF("XSELinux: a context_to_SID call failed!\n"); + rec->status = BadAlloc; + return; + } + + sidput(obj->sid); + + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(serv->sid, sid, SECCLASS_X_EXTENSION, + &obj->sid) < 0) { + ErrorF("XSELinux: a SID transition call failed!\n"); + freecon(con); + rec->status = BadValue; + return; + } + freecon(con); + } + + /* Perform the security check */ + auditdata.extension = rec->ext->name; + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_EXTENSION, + rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XacePropertyAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj; + SELinuxAuditRec auditdata = { .client = rec->client }; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->pProp->devPrivates, stateKey); + + /* If this is a new object that needs labeling, do it now */ + if (rec->access_mode & DixCreateAccess) { + const char *name = NameForAtom(rec->pProp->propertyName); + security_context_t con; + security_id_t sid; + + /* Look in the mappings of property names to contexts */ + if (selabel_lookup(label_hnd, &con, name, SELABEL_X_PROP) < 0) { + ErrorF("XSELinux: a property label lookup failed!\n"); + rec->status = BadValue; + return; + } + /* Get a SID for context */ + if (avc_context_to_sid(con, &sid) < 0) { + ErrorF("XSELinux: a context_to_SID call failed!\n"); + rec->status = BadAlloc; + return; + } + + sidput(obj->sid); + + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(subj->sid, sid, SECCLASS_X_PROPERTY, + &obj->sid) < 0) { + ErrorF("XSELinux: a SID transition call failed!\n"); + freecon(con); + rec->status = BadValue; + return; + } + freecon(con); + avc_entry_ref_init(&obj->aeref); + } + + /* Perform the security check */ + auditdata.property = rec->pProp->propertyName; + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_PROPERTY, + rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceResourceAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj, *pobj; + SELinuxAuditRec auditdata = { .client = rec->client }; + PrivateRec **privatePtr; + security_class_t class; + int rc, offset; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + + /* Determine if the resource object has a devPrivates field */ + offset = dixLookupPrivateOffset(rec->rtype); + if (offset < 0) { + /* No: use the SID of the owning client */ + class = SECCLASS_X_RESOURCE; + privatePtr = &clients[CLIENT_ID(rec->id)]->devPrivates; + obj = dixLookupPrivate(privatePtr, stateKey); + } else { + /* Yes: use the SID from the resource object itself */ + class = SELinuxTypeToClass(rec->rtype); + privatePtr = DEVPRIV_AT(rec->res, offset); + obj = dixLookupPrivate(privatePtr, stateKey); + } + + /* If this is a new object that needs labeling, do it now */ + if (rec->access_mode & DixCreateAccess && offset >= 0) { + if (rec->parent) + offset = dixLookupPrivateOffset(rec->ptype); + if (rec->parent && offset >= 0) + /* Use the SID of the parent object in the labeling operation */ + pobj = dixLookupPrivate(DEVPRIV_AT(rec->parent, offset), stateKey); + else + /* Use the SID of the subject */ + pobj = subj; + + sidput(obj->sid); + + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(subj->sid, pobj->sid, class, &obj->sid) < 0) { + ErrorF("XSELinux: a compute_create call failed!\n"); + rec->status = BadValue; + return; + } + } + + /* Perform the security check */ + auditdata.restype = rec->rtype; + auditdata.id = rec->id; + rc = SELinuxDoCheck(rec->client->index, subj, obj, class, + rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata) +{ + XaceScreenAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj; + SELinuxAuditRec auditdata = { .client = rec->client }; + Mask access_mode = rec->access_mode; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->screen->devPrivates, stateKey); + + /* If this is a new object that needs labeling, do it now */ + if (access_mode & DixCreateAccess) { + sidput(obj->sid); + + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SCREEN, + &obj->sid) < 0) { + ErrorF("XSELinux: a compute_create call failed!\n"); + rec->status = BadValue; + return; + } + } + + if (is_saver) + access_mode <<= 2; + + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SCREEN, + access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceClientAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj; + SELinuxAuditRec auditdata = { .client = rec->client }; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->target->devPrivates, stateKey); + + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_CLIENT, + rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceServerAccessRec *rec = calldata; + SELinuxStateRec *subj, *obj; + SELinuxAuditRec auditdata = { .client = rec->client }; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&serverClient->devPrivates, stateKey); + + rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SERVER, + rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + +static void +SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + XaceSelectionAccessRec *rec = (XaceSelectionAccessRec *)calldata; + SELinuxStateRec *subj, sel_sid; + SELinuxAuditRec auditdata = { .client = rec->client }; + int rc; + + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + + rc = SELinuxSelectionToSID(rec->name, &sel_sid); + if (rc != Success) { + rec->status = rc; + return; + } + + auditdata.selection = rec->name; + rc = SELinuxDoCheck(rec->client->index, subj, &sel_sid, + SECCLASS_X_SELECTION, rec->access_mode, &auditdata); + if (rc != Success) + rec->status = rc; +} + + +/* + * DIX Callbacks + */ + +static void +SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + NewClientInfoRec *pci = calldata; + + switch (pci->client->clientState) { + case ClientStateInitial: + SELinuxLabelClient(pci->client); + break; + + case ClientStateRetained: + case ClientStateGone: + if (pci->client == selectionManager) { + selectionManager = NULL; + selectionWindow = 0; + } + break; + + default: + break; + } +} + +static void +SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + ResourceStateInfoRec *rec = calldata; + SELinuxStateRec *state; + WindowPtr pWin; + + if (rec->type != RT_WINDOW) + return; + + pWin = (WindowPtr)rec->value; + state = dixLookupPrivate(&wClient(pWin)->devPrivates, stateKey); + + if (state->sid) { + security_context_t ctx; + int rc = avc_sid_to_context(state->sid, &ctx); + if (rc < 0) + FatalError("XSELinux: Failed to get security context!\n"); + rc = dixChangeWindowProperty(serverClient, + pWin, atom_client_ctx, XA_STRING, 8, + PropModeReplace, strlen(ctx), ctx, FALSE); + if (rc != Success) + FatalError("XSELinux: Failed to set label property on window!\n"); + freecon(ctx); + } + else + FatalError("XSELinux: Unexpected unlabeled client found\n"); + + state = dixLookupPrivate(&pWin->devPrivates, stateKey); + + if (state->sid) { + security_context_t ctx; + int rc = avc_sid_to_context(state->sid, &ctx); + if (rc < 0) + FatalError("XSELinux: Failed to get security context!\n"); + rc = dixChangeWindowProperty(serverClient, + pWin, atom_ctx, XA_STRING, 8, + PropModeReplace, strlen(ctx), ctx, FALSE); + if (rc != Success) + FatalError("XSELinux: Failed to set label property on window!\n"); + freecon(ctx); + } + else + FatalError("XSELinux: Unexpected unlabeled window found\n"); +} + +static void +SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + SelectionInfoRec *rec = calldata; + SELinuxStateRec *subj, *obj; + + switch (rec->kind) { + case SelectionSetOwner: + /* save off the "real" owner of the selection */ + rec->selection->alt_client = rec->selection->client; + rec->selection->alt_window = rec->selection->window; + + /* figure out the new label for the content */ + subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); + obj = dixLookupPrivate(&rec->selection->devPrivates, stateKey); + sidput(obj->sid); + + if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SELECTION, + &obj->sid) < 0) { + ErrorF("XSELinux: a compute_create call failed!\n"); + obj->sid = unlabeled_sid; + } + break; + + case SelectionGetOwner: + /* restore the real owner */ + rec->selection->window = rec->selection->alt_window; + break; + + case SelectionConvertSelection: + /* redirect the convert request if necessary */ + if (selectionManager && selectionManager != rec->client) { + rec->selection->client = selectionManager; + rec->selection->window = selectionWindow; + } else { + rec->selection->client = rec->selection->alt_client; + rec->selection->window = rec->selection->alt_window; + } + break; + default: + break; + } +} + + +/* + * DevPrivates Callbacks + */ + +static void +SELinuxStateInit(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + PrivateCallbackRec *rec = calldata; + SELinuxStateRec *state = *rec->value; + + sidget(unlabeled_sid); + state->sid = unlabeled_sid; + + avc_entry_ref_init(&state->aeref); +} + +static void +SELinuxStateFree(CallbackListPtr *pcbl, pointer unused, pointer calldata) +{ + PrivateCallbackRec *rec = calldata; + SELinuxStateRec *state = *rec->value; + + xfree(state->command); + + if (avc_active) + sidput(state->sid); +} + + +/* + * Extension Dispatch + */ + +static int +ProcSELinuxQueryVersion(ClientPtr client) +{ + SELinuxQueryVersionReply rep; + + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; + rep.server_major = XSELINUX_MAJOR_VERSION; + rep.server_minor = XSELINUX_MINOR_VERSION; + if (client->swapped) { + int n; + swaps(&rep.sequenceNumber, n); + swapl(&rep.length, n); + swaps(&rep.server_major, n); + swaps(&rep.server_minor, n); + } + WriteToClient(client, sizeof(rep), (char *)&rep); + return (client->noClientException); +} + +static int +ProcSELinuxSetSelectionManager(ClientPtr client) +{ + WindowPtr pWin; + int rc; + + REQUEST(SELinuxSetSelectionManagerReq); + REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq); + + if (stuff->window == None) { + selectionManager = NULL; + selectionWindow = None; + } else { + rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW, + client, DixGetAttrAccess); + if (rc != Success) + return rc; + + selectionManager = client; + selectionWindow = stuff->window; + } + + return Success; +} + +static int +ProcSELinuxGetSelectionManager(ClientPtr client) +{ + SELinuxGetSelectionManagerReply rep; + + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; + rep.window = selectionWindow; + if (client->swapped) { + int n; + swaps(&rep.sequenceNumber, n); + swapl(&rep.length, n); + swapl(&rep.window, n); + } + WriteToClient(client, sizeof(rep), (char *)&rep); + return (client->noClientException); +} + +static int +ProcSELinuxSetDeviceCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetDeviceCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxSetDeviceContext(ClientPtr client) +{ + char *ctx; + security_id_t sid; + DeviceIntPtr dev; + SELinuxStateRec *state; + int rc; + + REQUEST(SELinuxSetContextReq); + REQUEST_FIXED_SIZE(SELinuxSetContextReq, stuff->context_len); + + ctx = (char *)(stuff + 1); + if (ctx[stuff->context_len - 1]) + return BadLength; + + rc = dixLookupDevice(&dev, stuff->id, client, DixManageAccess); + if (rc != Success) + return rc; + + rc = avc_context_to_sid(ctx, &sid); + if (rc != Success) + return BadValue; + + state = dixLookupPrivate(&dev->devPrivates, stateKey); + sidput(state->sid); + state->sid = sid; + return Success; +} + +static int +ProcSELinuxGetDeviceContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxSetPropertyCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetPropertyCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetPropertyContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxSetWindowCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetWindowCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetWindowContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxDispatch(ClientPtr client) +{ + REQUEST(xReq); + switch (stuff->data) { + case X_SELinuxQueryVersion: + return ProcSELinuxQueryVersion(client); + case X_SELinuxSetSelectionManager: + return ProcSELinuxSetSelectionManager(client); + case X_SELinuxGetSelectionManager: + return ProcSELinuxGetSelectionManager(client); + case X_SELinuxSetDeviceCreateContext: + return ProcSELinuxSetDeviceCreateContext(client); + case X_SELinuxGetDeviceCreateContext: + return ProcSELinuxGetDeviceCreateContext(client); + case X_SELinuxSetDeviceContext: + return ProcSELinuxSetDeviceContext(client); + case X_SELinuxGetDeviceContext: + return ProcSELinuxGetDeviceContext(client); + case X_SELinuxSetPropertyCreateContext: + return ProcSELinuxSetPropertyCreateContext(client); + case X_SELinuxGetPropertyCreateContext: + return ProcSELinuxGetPropertyCreateContext(client); + case X_SELinuxGetPropertyContext: + return ProcSELinuxGetPropertyContext(client); + case X_SELinuxSetWindowCreateContext: + return ProcSELinuxSetWindowCreateContext(client); + case X_SELinuxGetWindowCreateContext: + return ProcSELinuxGetWindowCreateContext(client); + case X_SELinuxGetWindowContext: + return ProcSELinuxGetWindowContext(client); + default: + return BadRequest; + } +} + +static int +SProcSELinuxQueryVersion(ClientPtr client) +{ + REQUEST(SELinuxQueryVersionReq); + int n; + + REQUEST_SIZE_MATCH (SELinuxQueryVersionReq); + swaps(&stuff->client_major,n); + swaps(&stuff->client_minor,n); + return ProcSELinuxQueryVersion(client); +} + +static int +SProcSELinuxSetSelectionManager(ClientPtr client) +{ + REQUEST(SELinuxSetSelectionManagerReq); + int n; + + REQUEST_SIZE_MATCH (SELinuxSetSelectionManagerReq); + swapl(&stuff->window,n); + return ProcSELinuxSetSelectionManager(client); +} + +static int +SProcSELinuxGetSelectionManager(ClientPtr client) +{ + return ProcSELinuxGetSelectionManager(client); +} + +static int +SProcSELinuxSetDeviceCreateContext(ClientPtr client) +{ + return ProcSELinuxSetDeviceCreateContext(client); +} + +static int +SProcSELinuxGetDeviceCreateContext(ClientPtr client) +{ + return ProcSELinuxGetDeviceCreateContext(client); +} + +static int +SProcSELinuxSetDeviceContext(ClientPtr client) +{ + return ProcSELinuxSetDeviceContext(client); +} + +static int +SProcSELinuxGetDeviceContext(ClientPtr client) +{ + return ProcSELinuxGetDeviceContext(client); +} + +static int +SProcSELinuxSetPropertyCreateContext(ClientPtr client) +{ + return ProcSELinuxSetPropertyCreateContext(client); +} + +static int +SProcSELinuxGetPropertyCreateContext(ClientPtr client) +{ + return ProcSELinuxGetPropertyCreateContext(client); +} + +static int +SProcSELinuxGetPropertyContext(ClientPtr client) +{ + return ProcSELinuxGetPropertyContext(client); +} + +static int +SProcSELinuxSetWindowCreateContext(ClientPtr client) +{ + return ProcSELinuxSetWindowCreateContext(client); +} + +static int +SProcSELinuxGetWindowCreateContext(ClientPtr client) +{ + return ProcSELinuxGetWindowCreateContext(client); +} + +static int +SProcSELinuxGetWindowContext(ClientPtr client) +{ + return ProcSELinuxGetWindowContext(client); +} + +static int +SProcSELinuxDispatch(ClientPtr client) +{ + REQUEST(xReq); + int n; + + swaps(&stuff->length, n); + + switch (stuff->data) { + case X_SELinuxQueryVersion: + return SProcSELinuxQueryVersion(client); + case X_SELinuxSetSelectionManager: + return SProcSELinuxSetSelectionManager(client); + case X_SELinuxGetSelectionManager: + return SProcSELinuxGetSelectionManager(client); + case X_SELinuxSetDeviceCreateContext: + return SProcSELinuxSetDeviceCreateContext(client); + case X_SELinuxGetDeviceCreateContext: + return SProcSELinuxGetDeviceCreateContext(client); + case X_SELinuxSetDeviceContext: + return SProcSELinuxSetDeviceContext(client); + case X_SELinuxGetDeviceContext: + return SProcSELinuxGetDeviceContext(client); + case X_SELinuxSetPropertyCreateContext: + return SProcSELinuxSetPropertyCreateContext(client); + case X_SELinuxGetPropertyCreateContext: + return SProcSELinuxGetPropertyCreateContext(client); + case X_SELinuxGetPropertyContext: + return SProcSELinuxGetPropertyContext(client); + case X_SELinuxSetWindowCreateContext: + return SProcSELinuxSetWindowCreateContext(client); + case X_SELinuxGetWindowCreateContext: + return SProcSELinuxGetWindowCreateContext(client); + case X_SELinuxGetWindowContext: + return SProcSELinuxGetWindowContext(client); + default: + return BadRequest; + } +} + + +/* + * Extension Setup / Teardown + */ + +static void +SELinuxResetProc(ExtensionEntry *extEntry) +{ + /* Unregister callbacks */ + DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL); + DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL); + DeleteCallback(&SelectionCallback, SELinuxSelectionState, NULL); + + XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL); + XaceDeleteCallback(XACE_RESOURCE_ACCESS, SELinuxResource, NULL); + XaceDeleteCallback(XACE_DEVICE_ACCESS, SELinuxDevice, NULL); + XaceDeleteCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, NULL); + XaceDeleteCallback(XACE_SEND_ACCESS, SELinuxSend, NULL); + XaceDeleteCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, NULL); + XaceDeleteCallback(XACE_CLIENT_ACCESS, SELinuxClient, NULL); + XaceDeleteCallback(XACE_EXT_ACCESS, SELinuxExtension, NULL); + XaceDeleteCallback(XACE_SERVER_ACCESS, SELinuxServer, NULL); + XaceDeleteCallback(XACE_SELECTION_ACCESS, SELinuxSelection, NULL); + XaceDeleteCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL); + XaceDeleteCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep); + + /* Tear down SELinux stuff */ + selabel_close(label_hnd); + label_hnd = NULL; + + audit_close(audit_fd); + + avc_destroy(); + avc_active = 0; + + /* Free local state */ + xfree(knownSelections); + knownSelections = NULL; + numKnownSelections = 0; + + xfree(knownEvents); + knownEvents = NULL; + numKnownEvents = 0; + + xfree(knownTypes); + knownTypes = NULL; + numKnownTypes = 0; +} + +void +XSELinuxExtensionInit(INITARGS) +{ + ExtensionEntry *extEntry; + struct selinux_opt options[] = { { SELABEL_OPT_VALIDATE, (char *)1 } }; + security_context_t con; + int ret = TRUE; + + /* Setup SELinux stuff */ + if (!is_selinux_enabled()) { + ErrorF("XSELinux: Extension failed to load: SELinux not enabled\n"); + return; + } + + selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)SELinuxLog); + selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback)SELinuxAudit); + + if (selinux_set_mapping(map) < 0) + FatalError("XSELinux: Failed to set up security class mapping\n"); + + if (avc_open(NULL, 0) < 0) + FatalError("XSELinux: Couldn't initialize SELinux userspace AVC\n"); + avc_active = 1; + + label_hnd = selabel_open(SELABEL_CTX_X, options, 1); + if (!label_hnd) + FatalError("XSELinux: Failed to open x_contexts mapping in policy\n"); + + if (security_get_initial_context("unlabeled", &con) < 0) + FatalError("XSELinux: Failed to look up unlabeled context\n"); + if (avc_context_to_sid(con, &unlabeled_sid) < 0) + FatalError("XSELinux: a context_to_SID call failed!\n"); + freecon(con); + + /* Prepare for auditing */ + audit_fd = audit_open(); + if (audit_fd < 0) + FatalError("XSELinux: Failed to open the system audit log\n"); + + /* Allocate private storage */ + if (!dixRequestPrivate(stateKey, sizeof(SELinuxStateRec))) + FatalError("XSELinux: Failed to allocate private storage.\n"); + + /* Create atoms for doing window labeling */ + atom_ctx = MakeAtom("_SELINUX_CONTEXT", 16, TRUE); + if (atom_ctx == BAD_RESOURCE) + FatalError("XSELinux: Failed to create atom\n"); + atom_client_ctx = MakeAtom("_SELINUX_CLIENT_CONTEXT", 23, TRUE); + if (atom_client_ctx == BAD_RESOURCE) + FatalError("XSELinux: Failed to create atom\n"); + + /* Register callbacks */ + ret &= dixRegisterPrivateInitFunc(stateKey, SELinuxStateInit, NULL); + ret &= dixRegisterPrivateDeleteFunc(stateKey, SELinuxStateFree, NULL); + + ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL); + ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL); + ret &= AddCallback(&SelectionCallback, SELinuxSelectionState, NULL); + + ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL); + ret &= XaceRegisterCallback(XACE_RESOURCE_ACCESS, SELinuxResource, NULL); + ret &= XaceRegisterCallback(XACE_DEVICE_ACCESS, SELinuxDevice, NULL); + ret &= XaceRegisterCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, NULL); + ret &= XaceRegisterCallback(XACE_SEND_ACCESS, SELinuxSend, NULL); + ret &= XaceRegisterCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, NULL); + ret &= XaceRegisterCallback(XACE_CLIENT_ACCESS, SELinuxClient, NULL); + ret &= XaceRegisterCallback(XACE_EXT_ACCESS, SELinuxExtension, NULL); + ret &= XaceRegisterCallback(XACE_SERVER_ACCESS, SELinuxServer, NULL); + ret &= XaceRegisterCallback(XACE_SELECTION_ACCESS, SELinuxSelection, NULL); + ret &= XaceRegisterCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL); + ret &= XaceRegisterCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep); + if (!ret) + FatalError("XSELinux: Failed to register one or more callbacks\n"); + + /* Add extension to server */ + extEntry = AddExtension(XSELINUX_EXTENSION_NAME, + XSELinuxNumberEvents, XSELinuxNumberErrors, + ProcSELinuxDispatch, SProcSELinuxDispatch, + SELinuxResetProc, StandardMinorOpcode); + + /* Label objects that were created before we could register ourself */ + SELinuxLabelInitial(); +} diff --git a/Xext/xselinux.h b/Xext/xselinux.h new file mode 100644 index 000000000..ebcc4aae0 --- /dev/null +++ b/Xext/xselinux.h @@ -0,0 +1,195 @@ +/************************************************************ + +Author: Eamon Walsh <ewalsh@epoch.ncsc.mil> + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifndef _XSELINUX_H +#define _XSELINUX_H + +#include "dixaccess.h" + +/* Extension info */ +#define XSELINUX_EXTENSION_NAME "SELinux" +#define XSELINUX_MAJOR_VERSION 1 +#define XSELINUX_MINOR_VERSION 0 +#define XSELinuxNumberEvents 0 +#define XSELinuxNumberErrors 0 + +/* Extension protocol */ +#define X_SELinuxQueryVersion 0 +#define X_SELinuxSetSelectionManager 1 +#define X_SELinuxGetSelectionManager 2 +#define X_SELinuxSetDeviceCreateContext 3 +#define X_SELinuxGetDeviceCreateContext 4 +#define X_SELinuxSetDeviceContext 5 +#define X_SELinuxGetDeviceContext 6 +#define X_SELinuxSetPropertyCreateContext 7 +#define X_SELinuxGetPropertyCreateContext 8 +#define X_SELinuxGetPropertyContext 9 +#define X_SELinuxSetWindowCreateContext 10 +#define X_SELinuxGetWindowCreateContext 11 +#define X_SELinuxGetWindowContext 12 + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD8 client_major; + CARD8 client_minor; + CARD16 unused; +} SELinuxQueryVersionReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD16 server_major; + CARD16 server_minor; + CARD32 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; +} SELinuxQueryVersionReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 window; +} SELinuxSetSelectionManagerReq; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; +} SELinuxGetSelectionManagerReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD32 window; + CARD32 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; +} SELinuxGetSelectionManagerReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD8 permanent; + CARD8 unused; + CARD16 context_len; +} SELinuxSetCreateContextReq; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; +} SELinuxGetCreateContextReq; + +typedef struct { + CARD8 type; + CARD8 permanent; + CARD16 sequenceNumber; + CARD32 length; + CARD16 context_len; + CARD16 pad1; + CARD32 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; +} SELinuxGetCreateContextReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 id; + CARD16 unused; + CARD16 context_len; +} SELinuxSetContextReq; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 id; +} SELinuxGetContextReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD16 context_len; + CARD16 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; + CARD32 pad7; +} SELinuxGetContextReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 window; + CARD32 property; +} SELinuxGetPropertyContextReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD16 context_len; + CARD16 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; + CARD32 pad7; +} SELinuxGetPropertyContextReply; + + +/* Private Flask definitions */ +#define SECCLASS_X_DRAWABLE 1 +#define SECCLASS_X_SCREEN 2 +#define SECCLASS_X_GC 3 +#define SECCLASS_X_FONT 4 +#define SECCLASS_X_COLORMAP 5 +#define SECCLASS_X_PROPERTY 6 +#define SECCLASS_X_SELECTION 7 +#define SECCLASS_X_CURSOR 8 +#define SECCLASS_X_CLIENT 9 +#define SECCLASS_X_DEVICE 10 +#define SECCLASS_X_SERVER 11 +#define SECCLASS_X_EXTENSION 12 +#define SECCLASS_X_EVENT 13 +#define SECCLASS_X_FAKEEVENT 14 +#define SECCLASS_X_RESOURCE 15 + +#endif /* _XSELINUX_H */ diff --git a/Xext/xtest.c b/Xext/xtest.c index 371be4e9e..8d27e16a5 100644 --- a/Xext/xtest.c +++ b/Xext/xtest.c @@ -49,15 +49,10 @@ from The Open Group. #include <X11/extensions/XI.h> #include <X11/extensions/XIproto.h> #define EXTENSION_EVENT_BASE 64 -#include "extinit.h" /* LookupDeviceIntRec */ #endif /* XINPUT */ #include "modinit.h" -#if 0 -static unsigned char XTestReqCode; -#endif - #ifdef XINPUT extern int DeviceValuator; #endif /* XINPUT */ @@ -89,18 +84,9 @@ static DISPATCH_PROC(SProcXTestGrabControl); void XTestExtensionInit(INITARGS) { -#if 0 - ExtensionEntry *extEntry; - - if ((extEntry = AddExtension(XTestExtensionName, 0, 0, - ProcXTestDispatch, SProcXTestDispatch, - XTestResetProc, StandardMinorOpcode)) != 0) - XTestReqCode = (unsigned char)extEntry->base; -#else - (void) AddExtension(XTestExtensionName, 0, 0, - ProcXTestDispatch, SProcXTestDispatch, - XTestResetProc, StandardMinorOpcode); -#endif + AddExtension(XTestExtensionName, 0, 0, + ProcXTestDispatch, SProcXTestDispatch, + XTestResetProc, StandardMinorOpcode); } /*ARGSUSED*/ @@ -140,22 +126,23 @@ ProcXTestCompareCursor(client) WindowPtr pWin; CursorPtr pCursor; int n, rc; - DeviceIntPtr pointer = PickPointer(client); + DeviceIntPtr ptr = PickPointer(client); REQUEST_SIZE_MATCH(xXTestCompareCursorReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); if (rc != Success) return rc; if (stuff->cursor == None) pCursor = NullCursor; else if (stuff->cursor == XTestCurrentCursor) - pCursor = GetSpriteCursor(pointer); + pCursor = GetSpriteCursor(ptr); else { - pCursor = (CursorPtr)LookupIDByType(stuff->cursor, RT_CURSOR); - if (!pCursor) + rc = dixLookupResource((pointer *)&pCursor, stuff->cursor, RT_CURSOR, + client, DixReadAccess); + if (rc != Success) { client->errorValue = stuff->cursor; - return (BadCursor); + return (rc == BadValue) ? BadCursor : rc; } } rep.type = X_Reply; @@ -287,11 +274,12 @@ ProcXTestFakeInput(client) #ifdef XINPUT if (extension) { - dev = LookupDeviceIntRec(stuff->deviceid & 0177); - if (!dev) + rc = dixLookupDevice(&dev, stuff->deviceid & 0177, client, + DixWriteAccess); + if (rc != Success) { client->errorValue = stuff->deviceid & 0177; - return BadValue; + return rc; } if (nev > 1) { @@ -368,7 +356,7 @@ ProcXTestFakeInput(client) else { rc = dixLookupWindow(&root, ev->u.keyButtonPointer.root, client, - DixUnknownAccess); + DixGetAttrAccess); if (rc != Success) return rc; if (root->parent) @@ -461,7 +449,7 @@ ProcXTestFakeInput(client) break; } if (screenIsSaved == SCREEN_SAVER_ON) - SaveScreens(SCREEN_SAVER_OFF, ScreenSaverReset); + dixSaveScreens(serverClient, SCREEN_SAVER_OFF, ScreenSaverReset); ev->u.keyButtonPointer.time = currentTime.milliseconds; (*dev->public.processInputProc)(ev, dev, nev); return client->noClientException; diff --git a/Xext/xvdisp.c b/Xext/xvdisp.c index 5465e25b9..8096c8c14 100644 --- a/Xext/xvdisp.c +++ b/Xext/xvdisp.c @@ -19,33 +19,8 @@ ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - ******************************************************************/ -/* -** File: -** -** xvdisp.c --- Xv server extension dispatch module. -** -** Author: -** -** David Carver (Digital Workstation Engineering/Project Athena) -** -** Revisions: -** -** 11.06.91 Carver -** - changed SetPortControl to SetPortAttribute -** - changed GetPortControl to GetPortAttribute -** - changed QueryBestSize -** -** 15.05.91 Carver -** - version 2.0 upgrade -** -** 24.01.91 Carver -** - version 1.4 upgrade -** -*/ - #ifdef HAVE_DIX_CONFIG_H #include <dix-config.h> #endif @@ -78,81 +53,246 @@ SOFTWARE. #include "panoramiXsrv.h" unsigned long XvXRTPort; - -#ifdef MITSHM -static int XineramaXvShmPutImage(ClientPtr); -#endif -static int XineramaXvPutImage(ClientPtr); -static int XineramaXvPutVideo(ClientPtr); -static int XineramaXvPutStill(ClientPtr); -static int XineramaXvSetPortAttribute(ClientPtr); -static int XineramaXvStopVideo(ClientPtr); #endif -/* INTERNAL */ - -static int ProcXvQueryExtension(ClientPtr); -static int ProcXvQueryAdaptors(ClientPtr); -static int ProcXvQueryEncodings(ClientPtr); -static int ProcXvPutVideo(ClientPtr); -static int ProcXvPutStill(ClientPtr); -static int ProcXvGetVideo(ClientPtr); -static int ProcXvGetStill(ClientPtr); -static int ProcXvGrabPort(ClientPtr); -static int ProcXvUngrabPort(ClientPtr); -static int ProcXvSelectVideoNotify(ClientPtr); -static int ProcXvSelectPortNotify(ClientPtr); -static int ProcXvStopVideo(ClientPtr); -static int ProcXvSetPortAttribute(ClientPtr); -static int ProcXvGetPortAttribute(ClientPtr); -static int ProcXvQueryBestSize(ClientPtr); -static int ProcXvQueryPortAttributes(ClientPtr); -static int ProcXvPutImage(ClientPtr); -#ifdef MITSHM -static int ProcXvShmPutImage(ClientPtr); -#endif -static int ProcXvQueryImageAttributes(ClientPtr); -static int ProcXvListImageFormats(ClientPtr); - -static int SProcXvQueryExtension(ClientPtr); -static int SProcXvQueryAdaptors(ClientPtr); -static int SProcXvQueryEncodings(ClientPtr); -static int SProcXvPutVideo(ClientPtr); -static int SProcXvPutStill(ClientPtr); -static int SProcXvGetVideo(ClientPtr); -static int SProcXvGetStill(ClientPtr); -static int SProcXvGrabPort(ClientPtr); -static int SProcXvUngrabPort(ClientPtr); -static int SProcXvSelectVideoNotify(ClientPtr); -static int SProcXvSelectPortNotify(ClientPtr); -static int SProcXvStopVideo(ClientPtr); -static int SProcXvSetPortAttribute(ClientPtr); -static int SProcXvGetPortAttribute(ClientPtr); -static int SProcXvQueryBestSize(ClientPtr); -static int SProcXvQueryPortAttributes(ClientPtr); -static int SProcXvPutImage(ClientPtr); -#ifdef MITSHM -static int SProcXvShmPutImage(ClientPtr); -#endif -static int SProcXvQueryImageAttributes(ClientPtr); -static int SProcXvListImageFormats(ClientPtr); - -static int SWriteQueryAdaptorsReply(ClientPtr, xvQueryAdaptorsReply *); -static int SWriteQueryExtensionReply(ClientPtr, xvQueryExtensionReply *); -static int SWriteQueryEncodingsReply(ClientPtr, xvQueryEncodingsReply *); -static int SWriteAdaptorInfo(ClientPtr, xvAdaptorInfo *); -static int SWriteEncodingInfo(ClientPtr, xvEncodingInfo *); -static int SWriteFormat(ClientPtr, xvFormat *); -static int SWriteAttributeInfo(ClientPtr, xvAttributeInfo *); -static int SWriteGrabPortReply(ClientPtr, xvGrabPortReply *); -static int SWriteGetPortAttributeReply(ClientPtr, xvGetPortAttributeReply *); -static int SWriteQueryBestSizeReply(ClientPtr, xvQueryBestSizeReply *); -static int SWriteQueryPortAttributesReply( - ClientPtr, xvQueryPortAttributesReply *); -static int SWriteQueryImageAttributesReply( - ClientPtr, xvQueryImageAttributesReply*); -static int SWriteListImageFormatsReply(ClientPtr, xvListImageFormatsReply*); -static int SWriteImageFormatInfo(ClientPtr, xvImageFormatInfo*); +static int +SWriteQueryExtensionReply( + ClientPtr client, + xvQueryExtensionReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swaps(&rep->version, n); + swaps(&rep->revision, n); + + (void)WriteToClient(client, sz_xvQueryExtensionReply, (char *)&rep); + + return Success; +} + +static int +SWriteQueryAdaptorsReply( + ClientPtr client, + xvQueryAdaptorsReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swaps(&rep->num_adaptors, n); + + (void)WriteToClient(client, sz_xvQueryAdaptorsReply, (char *)&rep); + + return Success; +} + +static int +SWriteQueryEncodingsReply( + ClientPtr client, + xvQueryEncodingsReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swaps(&rep->num_encodings, n); + + (void)WriteToClient(client, sz_xvQueryEncodingsReply, (char *)&rep); + + return Success; +} + +static int +SWriteAdaptorInfo( + ClientPtr client, + xvAdaptorInfo *pAdaptor +){ + char n; + + swapl(&pAdaptor->base_id, n); + swaps(&pAdaptor->name_size, n); + swaps(&pAdaptor->num_ports, n); + swaps(&pAdaptor->num_formats, n); + + (void)WriteToClient(client, sz_xvAdaptorInfo, (char *)pAdaptor); + + return Success; +} + +static int +SWriteEncodingInfo( + ClientPtr client, + xvEncodingInfo *pEncoding +){ + char n; + + swapl(&pEncoding->encoding, n); + swaps(&pEncoding->name_size, n); + swaps(&pEncoding->width, n); + swaps(&pEncoding->height, n); + swapl(&pEncoding->rate.numerator, n); + swapl(&pEncoding->rate.denominator, n); + (void)WriteToClient(client, sz_xvEncodingInfo, (char *)pEncoding); + + return Success; +} + +static int +SWriteFormat( + ClientPtr client, + xvFormat *pFormat +){ + char n; + + swapl(&pFormat->visual, n); + (void)WriteToClient(client, sz_xvFormat, (char *)pFormat); + + return Success; +} + +static int +SWriteAttributeInfo( + ClientPtr client, + xvAttributeInfo *pAtt +){ + char n; + + swapl(&pAtt->flags, n); + swapl(&pAtt->size, n); + swapl(&pAtt->min, n); + swapl(&pAtt->max, n); + (void)WriteToClient(client, sz_xvAttributeInfo, (char *)pAtt); + + return Success; +} + +static int +SWriteImageFormatInfo( + ClientPtr client, + xvImageFormatInfo *pImage +){ + char n; + + swapl(&pImage->id, n); + swapl(&pImage->red_mask, n); + swapl(&pImage->green_mask, n); + swapl(&pImage->blue_mask, n); + swapl(&pImage->y_sample_bits, n); + swapl(&pImage->u_sample_bits, n); + swapl(&pImage->v_sample_bits, n); + swapl(&pImage->horz_y_period, n); + swapl(&pImage->horz_u_period, n); + swapl(&pImage->horz_v_period, n); + swapl(&pImage->vert_y_period, n); + swapl(&pImage->vert_u_period, n); + swapl(&pImage->vert_v_period, n); + + (void)WriteToClient(client, sz_xvImageFormatInfo, (char *)pImage); + + return Success; +} + +static int +SWriteGrabPortReply( + ClientPtr client, + xvGrabPortReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + + (void)WriteToClient(client, sz_xvGrabPortReply, (char *)&rep); + + return Success; +} + +static int +SWriteGetPortAttributeReply( + ClientPtr client, + xvGetPortAttributeReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swapl(&rep->value, n); + + (void)WriteToClient(client, sz_xvGetPortAttributeReply, (char *)&rep); + + return Success; +} + +static int +SWriteQueryBestSizeReply( + ClientPtr client, + xvQueryBestSizeReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swaps(&rep->actual_width, n); + swaps(&rep->actual_height, n); + + (void)WriteToClient(client, sz_xvQueryBestSizeReply, (char *)&rep); + + return Success; +} + +static int +SWriteQueryPortAttributesReply( + ClientPtr client, + xvQueryPortAttributesReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swapl(&rep->num_attributes, n); + swapl(&rep->text_size, n); + + (void)WriteToClient(client, sz_xvQueryPortAttributesReply, (char *)&rep); + + return Success; +} + +static int +SWriteQueryImageAttributesReply( + ClientPtr client, + xvQueryImageAttributesReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swapl(&rep->num_planes, n); + swapl(&rep->data_size, n); + swaps(&rep->width, n); + swaps(&rep->height, n); + + (void)WriteToClient(client, sz_xvQueryImageAttributesReply, (char *)&rep); + + return Success; +} + +static int +SWriteListImageFormatsReply( + ClientPtr client, + xvListImageFormatsReply *rep +){ + char n; + + swaps(&rep->sequenceNumber, n); + swapl(&rep->length, n); + swapl(&rep->num_formats, n); + + (void)WriteToClient(client, sz_xvListImageFormatsReply, (char *)&rep); + + return Success; +} #define _WriteQueryAdaptorsReply(_c,_d) \ if ((_c)->swapped) SWriteQueryAdaptorsReply(_c, _d); \ @@ -213,141 +353,6 @@ static int SWriteImageFormatInfo(ClientPtr, xvImageFormatInfo*); #define _AllocatePort(_i,_p) \ ((_p)->id != _i) ? (* (_p)->pAdaptor->ddAllocatePort)(_i,_p,&_p) : Success -/* -** ProcXvDispatch -** -** -** -*/ - -int -ProcXvDispatch(ClientPtr client) -{ - REQUEST(xReq); - - UpdateCurrentTime(); - - switch (stuff->data) - { - case xv_QueryExtension: return(ProcXvQueryExtension(client)); - case xv_QueryAdaptors: return(ProcXvQueryAdaptors(client)); - case xv_QueryEncodings: return(ProcXvQueryEncodings(client)); - case xv_PutVideo: -#ifdef PANORAMIX - if(!noPanoramiXExtension) - return(XineramaXvPutVideo(client)); - else -#endif - return(ProcXvPutVideo(client)); - case xv_PutStill: -#ifdef PANORAMIX - if(!noPanoramiXExtension) - return(XineramaXvPutStill(client)); - else -#endif - return(ProcXvPutStill(client)); - case xv_GetVideo: return(ProcXvGetVideo(client)); - case xv_GetStill: return(ProcXvGetStill(client)); - case xv_GrabPort: return(ProcXvGrabPort(client)); - case xv_UngrabPort: return(ProcXvUngrabPort(client)); - case xv_SelectVideoNotify: return(ProcXvSelectVideoNotify(client)); - case xv_SelectPortNotify: return(ProcXvSelectPortNotify(client)); - case xv_StopVideo: -#ifdef PANORAMIX - if(!noPanoramiXExtension) - return(XineramaXvStopVideo(client)); - else -#endif - return(ProcXvStopVideo(client)); - case xv_SetPortAttribute: -#ifdef PANORAMIX - if(!noPanoramiXExtension) - return(XineramaXvSetPortAttribute(client)); - else -#endif - return(ProcXvSetPortAttribute(client)); - case xv_GetPortAttribute: return(ProcXvGetPortAttribute(client)); - case xv_QueryBestSize: return(ProcXvQueryBestSize(client)); - case xv_QueryPortAttributes: return(ProcXvQueryPortAttributes(client)); - case xv_PutImage: -#ifdef PANORAMIX - if(!noPanoramiXExtension) - return(XineramaXvPutImage(client)); - else -#endif - return(ProcXvPutImage(client)); -#ifdef MITSHM - case xv_ShmPutImage: -#ifdef PANORAMIX - if(!noPanoramiXExtension) - return(XineramaXvShmPutImage(client)); - else -#endif - return(ProcXvShmPutImage(client)); -#endif - case xv_QueryImageAttributes: return(ProcXvQueryImageAttributes(client)); - case xv_ListImageFormats: return(ProcXvListImageFormats(client)); - default: - if (stuff->data < xvNumRequests) - { - SendErrorToClient(client, XvReqCode, stuff->data, 0, - BadImplementation); - return(BadImplementation); - } - else - { - SendErrorToClient(client, XvReqCode, stuff->data, 0, BadRequest); - return(BadRequest); - } - } -} - -int -SProcXvDispatch(ClientPtr client) -{ - REQUEST(xReq); - - UpdateCurrentTime(); - - switch (stuff->data) - { - case xv_QueryExtension: return(SProcXvQueryExtension(client)); - case xv_QueryAdaptors: return(SProcXvQueryAdaptors(client)); - case xv_QueryEncodings: return(SProcXvQueryEncodings(client)); - case xv_PutVideo: return(SProcXvPutVideo(client)); - case xv_PutStill: return(SProcXvPutStill(client)); - case xv_GetVideo: return(SProcXvGetVideo(client)); - case xv_GetStill: return(SProcXvGetStill(client)); - case xv_GrabPort: return(SProcXvGrabPort(client)); - case xv_UngrabPort: return(SProcXvUngrabPort(client)); - case xv_SelectVideoNotify: return(SProcXvSelectVideoNotify(client)); - case xv_SelectPortNotify: return(SProcXvSelectPortNotify(client)); - case xv_StopVideo: return(SProcXvStopVideo(client)); - case xv_SetPortAttribute: return(SProcXvSetPortAttribute(client)); - case xv_GetPortAttribute: return(SProcXvGetPortAttribute(client)); - case xv_QueryBestSize: return(SProcXvQueryBestSize(client)); - case xv_QueryPortAttributes: return(SProcXvQueryPortAttributes(client)); - case xv_PutImage: return(SProcXvPutImage(client)); -#ifdef MITSHM - case xv_ShmPutImage: return(SProcXvShmPutImage(client)); -#endif - case xv_QueryImageAttributes: return(SProcXvQueryImageAttributes(client)); - case xv_ListImageFormats: return(SProcXvListImageFormats(client)); - default: - if (stuff->data < xvNumRequests) - { - SendErrorToClient(client, XvReqCode, stuff->data, 0, - BadImplementation); - return(BadImplementation); - } - else - { - SendErrorToClient(client, XvReqCode, stuff->data, 0, BadRequest); - return(BadRequest); - } - } -} - static int ProcXvQueryExtension(ClientPtr client) { @@ -364,7 +369,6 @@ ProcXvQueryExtension(ClientPtr client) _WriteQueryExtensionReply(client, &rep); return Success; - } static int @@ -383,13 +387,13 @@ ProcXvQueryAdaptors(ClientPtr client) REQUEST(xvQueryAdaptorsReq); REQUEST_SIZE_MATCH(xvQueryAdaptorsReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixUnknownAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); if (rc != Success) return rc; pScreen = pWin->drawable.pScreen; - pxvs = (XvScreenPtr)pScreen->devPrivates[XvScreenIndex].ptr; - + pxvs = (XvScreenPtr)dixLookupPrivate(&pScreen->devPrivates, + XvGetScreenKey()); if (!pxvs) { rep.type = X_Reply; @@ -457,7 +461,6 @@ ProcXvQueryAdaptors(ClientPtr client) } return (client->noClientException); - } static int @@ -521,7 +524,6 @@ ProcXvQueryEncodings(ClientPtr client) } return (client->noClientException); - } static int @@ -535,7 +537,7 @@ ProcXvPutVideo(ClientPtr client) REQUEST(xvPutVideoReq); REQUEST_SIZE_MATCH(xvPutVideoReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess); if(!(pPort = LOOKUP_PORT(stuff->port, client) )) { @@ -567,7 +569,6 @@ ProcXvPutVideo(ClientPtr client) stuff->vid_w, stuff->vid_h, stuff->drw_x, stuff->drw_y, stuff->drw_w, stuff->drw_h); - } static int @@ -581,7 +582,7 @@ ProcXvPutStill(ClientPtr client) REQUEST(xvPutStillReq); REQUEST_SIZE_MATCH(xvPutStillReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess); if(!(pPort = LOOKUP_PORT(stuff->port, client) )) { @@ -613,10 +614,8 @@ ProcXvPutStill(ClientPtr client) stuff->vid_w, stuff->vid_h, stuff->drw_x, stuff->drw_y, stuff->drw_w, stuff->drw_h); - } - static int ProcXvGetVideo(ClientPtr client) { @@ -628,7 +627,7 @@ ProcXvGetVideo(ClientPtr client) REQUEST(xvGetVideoReq); REQUEST_SIZE_MATCH(xvGetVideoReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixReadAccess); if(!(pPort = LOOKUP_PORT(stuff->port, client) )) { @@ -660,10 +659,8 @@ ProcXvGetVideo(ClientPtr client) stuff->vid_w, stuff->vid_h, stuff->drw_x, stuff->drw_y, stuff->drw_w, stuff->drw_h); - } - static int ProcXvGetStill(ClientPtr client) { @@ -675,7 +672,7 @@ ProcXvGetStill(ClientPtr client) REQUEST(xvGetStillReq); REQUEST_SIZE_MATCH(xvGetStillReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixReadAccess); if(!(pPort = LOOKUP_PORT(stuff->port, client) )) { @@ -707,7 +704,6 @@ ProcXvGetStill(ClientPtr client) stuff->vid_w, stuff->vid_h, stuff->drw_x, stuff->drw_y, stuff->drw_w, stuff->drw_h); - } static int @@ -718,12 +714,11 @@ ProcXvSelectVideoNotify(ClientPtr client) REQUEST(xvSelectVideoNotifyReq); REQUEST_SIZE_MATCH(xvSelectVideoNotifyReq); - rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixUnknownAccess); + rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixReceiveAccess); if (rc != Success) return rc; return XVCALL(diSelectVideoNotify)(client, pDraw, stuff->onoff); - } static int @@ -747,7 +742,6 @@ ProcXvSelectPortNotify(ClientPtr client) } return XVCALL(diSelectPortNotify)(client, pPort, stuff->onoff); - } static int @@ -786,7 +780,6 @@ ProcXvGrabPort(ClientPtr client) _WriteGrabPortReply(client, &rep); return Success; - } static int @@ -810,10 +803,8 @@ ProcXvUngrabPort(ClientPtr client) } return XVCALL(diUngrabPort)(client, pPort, stuff->time); - } - static int ProcXvStopVideo(ClientPtr client) { @@ -835,12 +826,11 @@ ProcXvStopVideo(ClientPtr client) return (status); } - rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixUnknownAccess); + rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixWriteAccess); if (rc != Success) return rc; return XVCALL(diStopVideo)(client, pPort, pDraw); - } static int @@ -1021,8 +1011,6 @@ ProcXvQueryPortAttributes(ClientPtr client) return Success; } - - static int ProcXvPutImage(ClientPtr client) { @@ -1036,7 +1024,7 @@ ProcXvPutImage(ClientPtr client) REQUEST(xvPutImageReq); REQUEST_AT_LEAST_SIZE(xvPutImageReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess); if(!(pPort = LOOKUP_PORT(stuff->port, client) )) { @@ -1124,7 +1112,7 @@ ProcXvShmPutImage(ClientPtr client) REQUEST(xvShmPutImageReq); REQUEST_SIZE_MATCH(xvShmPutImageReq); - VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, pGC, client); + VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess); if(!(pPort = LOOKUP_PORT(stuff->port, client) )) { @@ -1200,6 +1188,13 @@ ProcXvShmPutImage(ClientPtr client) return status; } +#else /* !MITSHM */ +static int +ProcXvShmPutImage(ClientPtr client) +{ + SendErrorToClient(client, XvReqCode, xv_ShmPutImage, 0, BadImplementation); + return(BadImplementation); +} #endif #ifdef XvMCExtension @@ -1327,7 +1322,43 @@ ProcXvListImageFormats(ClientPtr client) return Success; } +static int (*XvProcVector[xvNumRequests])(ClientPtr) = { + ProcXvQueryExtension, + ProcXvQueryAdaptors, + ProcXvQueryEncodings, + ProcXvGrabPort, + ProcXvUngrabPort, + ProcXvPutVideo, + ProcXvPutStill, + ProcXvGetVideo, + ProcXvGetStill, + ProcXvStopVideo, + ProcXvSelectVideoNotify, + ProcXvSelectPortNotify, + ProcXvQueryBestSize, + ProcXvSetPortAttribute, + ProcXvGetPortAttribute, + ProcXvQueryPortAttributes, + ProcXvListImageFormats, + ProcXvQueryImageAttributes, + ProcXvPutImage, + ProcXvShmPutImage, +}; + +int +ProcXvDispatch(ClientPtr client) +{ + REQUEST(xReq); + + UpdateCurrentTime(); + if (stuff->data > xvNumRequests) { + SendErrorToClient(client, XvReqCode, stuff->data, 0, BadRequest); + return(BadRequest); + } + + return XvProcVector[stuff->data](client); +} /* Swapped Procs */ @@ -1337,7 +1368,7 @@ SProcXvQueryExtension(ClientPtr client) char n; REQUEST(xvQueryExtensionReq); swaps(&stuff->length, n); - return ProcXvQueryExtension(client); + return XvProcVector[xv_QueryExtension](client); } static int @@ -1347,7 +1378,7 @@ SProcXvQueryAdaptors(ClientPtr client) REQUEST(xvQueryAdaptorsReq); swaps(&stuff->length, n); swapl(&stuff->window, n); - return ProcXvQueryAdaptors(client); + return XvProcVector[xv_QueryAdaptors](client); } static int @@ -1357,7 +1388,7 @@ SProcXvQueryEncodings(ClientPtr client) REQUEST(xvQueryEncodingsReq); swaps(&stuff->length, n); swapl(&stuff->port, n); - return ProcXvQueryEncodings(client); + return XvProcVector[xv_QueryEncodings](client); } static int @@ -1368,7 +1399,7 @@ SProcXvGrabPort(ClientPtr client) swaps(&stuff->length, n); swapl(&stuff->port, n); swapl(&stuff->time, n); - return ProcXvGrabPort(client); + return XvProcVector[xv_GrabPort](client); } static int @@ -1379,7 +1410,7 @@ SProcXvUngrabPort(ClientPtr client) swaps(&stuff->length, n); swapl(&stuff->port, n); swapl(&stuff->time, n); - return ProcXvUngrabPort(client); + return XvProcVector[xv_UngrabPort](client); } static int @@ -1399,7 +1430,7 @@ SProcXvPutVideo(ClientPtr client) swaps(&stuff->drw_y, n); swaps(&stuff->drw_w, n); swaps(&stuff->drw_h, n); - return ProcXvPutVideo(client); + return XvProcVector[xv_PutVideo](client); } static int @@ -1419,7 +1450,7 @@ SProcXvPutStill(ClientPtr client) swaps(&stuff->drw_y, n); swaps(&stuff->drw_w, n); swaps(&stuff->drw_h, n); - return ProcXvPutStill(client); + return XvProcVector[xv_PutStill](client); } static int @@ -1439,7 +1470,7 @@ SProcXvGetVideo(ClientPtr client) swaps(&stuff->drw_y, n); swaps(&stuff->drw_w, n); swaps(&stuff->drw_h, n); - return ProcXvGetVideo(client); + return XvProcVector[xv_GetVideo](client); } static int @@ -1459,7 +1490,7 @@ SProcXvGetStill(ClientPtr client) swaps(&stuff->drw_y, n); swaps(&stuff->drw_w, n); swaps(&stuff->drw_h, n); - return ProcXvGetStill(client); + return XvProcVector[xv_GetStill](client); } static int @@ -1482,7 +1513,7 @@ SProcXvPutImage(ClientPtr client) swaps(&stuff->drw_h, n); swaps(&stuff->width, n); swaps(&stuff->height, n); - return ProcXvPutImage(client); + return XvProcVector[xv_PutImage](client); } #ifdef MITSHM @@ -1508,11 +1539,12 @@ SProcXvShmPutImage(ClientPtr client) swaps(&stuff->offset, n); swaps(&stuff->width, n); swaps(&stuff->height, n); - return ProcXvShmPutImage(client); + return XvProcVector[xv_ShmPutImage](client); } +#else /* MITSHM */ +#define SProcXvShmPutImage ProcXvShmPutImage #endif - static int SProcXvSelectVideoNotify(ClientPtr client) { @@ -1520,7 +1552,7 @@ SProcXvSelectVideoNotify(ClientPtr client) REQUEST(xvSelectVideoNotifyReq); swaps(&stuff->length, n); swapl(&stuff->drawable, n); - return ProcXvSelectVideoNotify(client); + return XvProcVector[xv_SelectVideoNotify](client); } static int @@ -1530,7 +1562,7 @@ SProcXvSelectPortNotify(ClientPtr client) REQUEST(xvSelectPortNotifyReq); swaps(&stuff->length, n); swapl(&stuff->port, n); - return ProcXvSelectPortNotify(client); + return XvProcVector[xv_SelectPortNotify](client); } static int @@ -1541,7 +1573,7 @@ SProcXvStopVideo(ClientPtr client) swaps(&stuff->length, n); swapl(&stuff->port, n); swapl(&stuff->drawable, n); - return ProcXvStopVideo(client); + return XvProcVector[xv_StopVideo](client); } static int @@ -1552,7 +1584,7 @@ SProcXvSetPortAttribute(ClientPtr client) swaps(&stuff->length, n); swapl(&stuff->port, n); swapl(&stuff->attribute, n); - return ProcXvSetPortAttribute(client); + return XvProcVector[xv_SetPortAttribute](client); } static int @@ -1563,7 +1595,7 @@ SProcXvGetPortAttribute(ClientPtr client) swaps(&stuff->length, n); swapl(&stuff->port, n); swapl(&stuff->attribute, n); - return ProcXvGetPortAttribute(client); + return XvProcVector[xv_GetPortAttribute](client); } static int @@ -1577,7 +1609,7 @@ SProcXvQueryBestSize(ClientPtr client) swaps(&stuff->vid_h, n); swaps(&stuff->drw_w, n); swaps(&stuff->drw_h, n); - return ProcXvQueryBestSize(client); + return XvProcVector[xv_QueryBestSize](client); } static int @@ -1587,7 +1619,7 @@ SProcXvQueryPortAttributes(ClientPtr client) REQUEST(xvQueryPortAttributesReq); swaps(&stuff->length, n); swapl(&stuff->port, n); - return ProcXvQueryPortAttributes(client); + return XvProcVector[xv_QueryPortAttributes](client); } static int @@ -1599,7 +1631,7 @@ SProcXvQueryImageAttributes(ClientPtr client) swapl(&stuff->id, n); swaps(&stuff->width, n); swaps(&stuff->width, n); - return ProcXvQueryImageAttributes(client); + return XvProcVector[xv_QueryImageAttributes](client); } static int @@ -1609,258 +1641,48 @@ SProcXvListImageFormats(ClientPtr client) REQUEST(xvListImageFormatsReq); swaps(&stuff->length, n); swapl(&stuff->port, n); - return ProcXvListImageFormats(client); -} - - -static int -SWriteQueryExtensionReply( - ClientPtr client, - xvQueryExtensionReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swaps(&rep->version, n); - swaps(&rep->revision, n); - - (void)WriteToClient(client, sz_xvQueryExtensionReply, (char *)&rep); - - return Success; -} - -static int -SWriteQueryAdaptorsReply( - ClientPtr client, - xvQueryAdaptorsReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swaps(&rep->num_adaptors, n); - - (void)WriteToClient(client, sz_xvQueryAdaptorsReply, (char *)&rep); - - return Success; -} - -static int -SWriteQueryEncodingsReply( - ClientPtr client, - xvQueryEncodingsReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swaps(&rep->num_encodings, n); - - (void)WriteToClient(client, sz_xvQueryEncodingsReply, (char *)&rep); - - return Success; + return XvProcVector[xv_ListImageFormats](client); } -static int -SWriteAdaptorInfo( - ClientPtr client, - xvAdaptorInfo *pAdaptor -){ - char n; - - swapl(&pAdaptor->base_id, n); - swaps(&pAdaptor->name_size, n); - swaps(&pAdaptor->num_ports, n); - swaps(&pAdaptor->num_formats, n); - - (void)WriteToClient(client, sz_xvAdaptorInfo, (char *)pAdaptor); - - return Success; -} - -static int -SWriteEncodingInfo( - ClientPtr client, - xvEncodingInfo *pEncoding -){ - char n; - - swapl(&pEncoding->encoding, n); - swaps(&pEncoding->name_size, n); - swaps(&pEncoding->width, n); - swaps(&pEncoding->height, n); - swapl(&pEncoding->rate.numerator, n); - swapl(&pEncoding->rate.denominator, n); - (void)WriteToClient(client, sz_xvEncodingInfo, (char *)pEncoding); - - return Success; -} - -static int -SWriteFormat( - ClientPtr client, - xvFormat *pFormat -){ - char n; - - swapl(&pFormat->visual, n); - (void)WriteToClient(client, sz_xvFormat, (char *)pFormat); - - return Success; -} - -static int -SWriteAttributeInfo( - ClientPtr client, - xvAttributeInfo *pAtt -){ - char n; - - swapl(&pAtt->flags, n); - swapl(&pAtt->size, n); - swapl(&pAtt->min, n); - swapl(&pAtt->max, n); - (void)WriteToClient(client, sz_xvAttributeInfo, (char *)pAtt); +static int (*SXvProcVector[xvNumRequests])(ClientPtr) = { + SProcXvQueryExtension, + SProcXvQueryAdaptors, + SProcXvQueryEncodings, + SProcXvGrabPort, + SProcXvUngrabPort, + SProcXvPutVideo, + SProcXvPutStill, + SProcXvGetVideo, + SProcXvGetStill, + SProcXvStopVideo, + SProcXvSelectVideoNotify, + SProcXvSelectPortNotify, + SProcXvQueryBestSize, + SProcXvSetPortAttribute, + SProcXvGetPortAttribute, + SProcXvQueryPortAttributes, + SProcXvListImageFormats, + SProcXvQueryImageAttributes, + SProcXvPutImage, + SProcXvShmPutImage, +}; - return Success; -} - -static int -SWriteImageFormatInfo( - ClientPtr client, - xvImageFormatInfo *pImage -){ - char n; - - swapl(&pImage->id, n); - swapl(&pImage->red_mask, n); - swapl(&pImage->green_mask, n); - swapl(&pImage->blue_mask, n); - swapl(&pImage->y_sample_bits, n); - swapl(&pImage->u_sample_bits, n); - swapl(&pImage->v_sample_bits, n); - swapl(&pImage->horz_y_period, n); - swapl(&pImage->horz_u_period, n); - swapl(&pImage->horz_v_period, n); - swapl(&pImage->vert_y_period, n); - swapl(&pImage->vert_u_period, n); - swapl(&pImage->vert_v_period, n); - - (void)WriteToClient(client, sz_xvImageFormatInfo, (char *)pImage); - - return Success; -} - - - -static int -SWriteGrabPortReply( - ClientPtr client, - xvGrabPortReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - - (void)WriteToClient(client, sz_xvGrabPortReply, (char *)&rep); - - return Success; -} - -static int -SWriteGetPortAttributeReply( - ClientPtr client, - xvGetPortAttributeReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swapl(&rep->value, n); - - (void)WriteToClient(client, sz_xvGetPortAttributeReply, (char *)&rep); - - return Success; -} - -static int -SWriteQueryBestSizeReply( - ClientPtr client, - xvQueryBestSizeReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swaps(&rep->actual_width, n); - swaps(&rep->actual_height, n); - - (void)WriteToClient(client, sz_xvQueryBestSizeReply, (char *)&rep); - - return Success; -} - -static int -SWriteQueryPortAttributesReply( - ClientPtr client, - xvQueryPortAttributesReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swapl(&rep->num_attributes, n); - swapl(&rep->text_size, n); - - (void)WriteToClient(client, sz_xvQueryPortAttributesReply, (char *)&rep); - - return Success; -} - -static int -SWriteQueryImageAttributesReply( - ClientPtr client, - xvQueryImageAttributesReply *rep -){ - char n; - - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swapl(&rep->num_planes, n); - swapl(&rep->data_size, n); - swaps(&rep->width, n); - swaps(&rep->height, n); - - (void)WriteToClient(client, sz_xvQueryImageAttributesReply, (char *)&rep); - - return Success; -} - - -static int -SWriteListImageFormatsReply( - ClientPtr client, - xvListImageFormatsReply *rep -){ - char n; +int +SProcXvDispatch(ClientPtr client) +{ + REQUEST(xReq); - swaps(&rep->sequenceNumber, n); - swapl(&rep->length, n); - swapl(&rep->num_formats, n); + UpdateCurrentTime(); - (void)WriteToClient(client, sz_xvListImageFormatsReply, (char *)&rep); + if (stuff->data > xvNumRequests) { + SendErrorToClient(client, XvReqCode, stuff->data, 0, BadRequest); + return(BadRequest); + } - return Success; + return SXvProcVector[stuff->data](client); } - #ifdef PANORAMIX - - - - static int XineramaXvStopVideo(ClientPtr client) { @@ -1910,7 +1732,6 @@ XineramaXvSetPortAttribute(ClientPtr client) return result; } - #ifdef MITSHM static int XineramaXvShmPutImage(ClientPtr client) @@ -1958,6 +1779,8 @@ XineramaXvShmPutImage(ClientPtr client) } return result; } +#else +#define XineramaXvShmPutImage ProcXvShmPutImage #endif static int @@ -2095,11 +1918,11 @@ XineramaXvPutStill(ClientPtr client) return result; } - void XineramifyXv(void) { ScreenPtr pScreen, screen0 = screenInfo.screens[0]; - XvScreenPtr xvsp0 = (XvScreenPtr)screen0->devPrivates[XvScreenIndex].ptr; + XvScreenPtr xvsp0 = (XvScreenPtr)dixLookupPrivate(&screen0->devPrivates, + XvGetScreenKey()); XvAdaptorPtr refAdapt, pAdapt; XvAttributePtr pAttr; XvScreenPtr xvsp; @@ -2132,8 +1955,8 @@ void XineramifyXv(void) for(j = 1; j < PanoramiXNumScreens; j++) { pScreen = screenInfo.screens[j]; - xvsp = (XvScreenPtr)pScreen->devPrivates[XvScreenIndex].ptr; - + xvsp = (XvScreenPtr)dixLookupPrivate(&pScreen->devPrivates, + XvGetScreenKey()); /* Do not try to go on if xv is not supported on this screen */ if (xvsp==NULL) continue ; @@ -2201,6 +2024,26 @@ void XineramifyXv(void) } } } + + /* munge the dispatch vector */ + XvProcVector[xv_PutVideo] = XineramaXvPutVideo; + XvProcVector[xv_PutStill] = XineramaXvPutStill; + XvProcVector[xv_StopVideo] = XineramaXvStopVideo; + XvProcVector[xv_SetPortAttribute] = XineramaXvSetPortAttribute; + XvProcVector[xv_PutImage] = XineramaXvPutImage; + XvProcVector[xv_ShmPutImage] = XineramaXvShmPutImage; } +#endif /* PANORAMIX */ +void +XvResetProcVector(void) +{ +#ifdef PANORAMIX + XvProcVector[xv_PutVideo] = ProcXvPutVideo; + XvProcVector[xv_PutStill] = ProcXvPutStill; + XvProcVector[xv_StopVideo] = ProcXvStopVideo; + XvProcVector[xv_SetPortAttribute] = ProcXvSetPortAttribute; + XvProcVector[xv_PutImage] = ProcXvPutImage; + XvProcVector[xv_ShmPutImage] = ProcXvShmPutImage; #endif +} diff --git a/Xext/xvdisp.h b/Xext/xvdisp.h index 75cacddcc..298d39560 100644 --- a/Xext/xvdisp.h +++ b/Xext/xvdisp.h @@ -1 +1,2 @@ extern void XineramifyXv(void); +extern void XvResetProcVector(void); diff --git a/Xext/xvdix.h b/Xext/xvdix.h index 9e94e05d5..a516cf113 100644 --- a/Xext/xvdix.h +++ b/Xext/xvdix.h @@ -55,7 +55,6 @@ SOFTWARE. #include "scrnintstr.h" #include <X11/extensions/Xvproto.h> -extern int XvScreenIndex; extern unsigned long XvExtensionGeneration; extern unsigned long XvScreenGeneration; extern unsigned long XvResourceGeneration; @@ -224,10 +223,8 @@ typedef struct { DevUnion devPriv; } XvScreenRec, *XvScreenPtr; -#define SCREEN_PROLOGUE(pScreen, field)\ - ((pScreen)->field = \ - ((XvScreenPtr) \ - (pScreen)->devPrivates[XvScreenIndex].ptr)->field) +#define SCREEN_PROLOGUE(pScreen, field) ((pScreen)->field = ((XvScreenPtr) \ + dixLookupPrivate(&(pScreen)->devPrivates, XvScreenKey))->field) #define SCREEN_EPILOGUE(pScreen, field, wrapper)\ ((pScreen)->field = wrapper) @@ -242,7 +239,7 @@ extern int SProcXvDispatch(ClientPtr); extern void XvExtensionInit(void); extern int XvScreenInit(ScreenPtr); -extern int XvGetScreenIndex(void); +extern DevPrivateKey XvGetScreenKey(void); extern unsigned long XvGetRTPort(void); extern int XvdiSendPortNotify(XvPortPtr, Atom, INT32); extern int XvdiVideoStopped(XvPortPtr, int); diff --git a/Xext/xvmain.c b/Xext/xvmain.c index ddf3d1d6b..9834fcfa0 100644 --- a/Xext/xvmain.c +++ b/Xext/xvmain.c @@ -102,10 +102,10 @@ SOFTWARE. #ifdef PANORAMIX #include "panoramiX.h" #include "panoramiXsrv.h" -#include "xvdisp.h" #endif +#include "xvdisp.h" -int XvScreenIndex = -1; +static DevPrivateKey XvScreenKey = &XvScreenKey; unsigned long XvExtensionGeneration = 0; unsigned long XvScreenGeneration = 0; unsigned long XvResourceGeneration = 0; @@ -166,12 +166,6 @@ XvExtensionInit(void) ErrorF("XvExtensionInit: Unable to allocate resource types\n"); return; } - XvScreenIndex = AllocateScreenPrivateIndex (); - if (XvScreenIndex < 0) - { - ErrorF("XvExtensionInit: Unable to allocate screen private index\n"); - return; - } #ifdef PANORAMIX XineramaRegisterConnectionBlockCallback(XineramifyXv); #endif @@ -265,19 +259,13 @@ XvScreenInit(ScreenPtr pScreen) ErrorF("XvScreenInit: Unable to allocate resource types\n"); return BadAlloc; } - XvScreenIndex = AllocateScreenPrivateIndex (); - if (XvScreenIndex < 0) - { - ErrorF("XvScreenInit: Unable to allocate screen private index\n"); - return BadAlloc; - } #ifdef PANORAMIX XineramaRegisterConnectionBlockCallback(XineramifyXv); #endif XvScreenGeneration = serverGeneration; } - if (pScreen->devPrivates[XvScreenIndex].ptr) + if (dixLookupPrivate(&pScreen->devPrivates, XvScreenKey)) { ErrorF("XvScreenInit: screen devPrivates ptr non-NULL before init\n"); } @@ -291,7 +279,7 @@ XvScreenInit(ScreenPtr pScreen) return BadAlloc; } - pScreen->devPrivates[XvScreenIndex].ptr = (pointer)pxvs; + dixSetPrivate(&pScreen->devPrivates, XvScreenKey, pxvs); pxvs->DestroyPixmap = pScreen->DestroyPixmap; @@ -313,7 +301,7 @@ XvCloseScreen( XvScreenPtr pxvs; - pxvs = (XvScreenPtr) pScreen->devPrivates[XvScreenIndex].ptr; + pxvs = (XvScreenPtr)dixLookupPrivate(&pScreen->devPrivates, XvScreenKey); pScreen->DestroyPixmap = pxvs->DestroyPixmap; pScreen->DestroyWindow = pxvs->DestroyWindow; @@ -323,21 +311,21 @@ XvCloseScreen( xfree(pxvs); - pScreen->devPrivates[XvScreenIndex].ptr = (pointer)NULL; + dixSetPrivate(&pScreen->devPrivates, XvScreenKey, NULL); return (*pScreen->CloseScreen)(ii, pScreen); - } static void XvResetProc(ExtensionEntry* extEntry) { + XvResetProcVector(); } -_X_EXPORT int -XvGetScreenIndex(void) +_X_EXPORT DevPrivateKey +XvGetScreenKey(void) { - return XvScreenIndex; + return XvScreenKey; } _X_EXPORT unsigned long @@ -361,7 +349,7 @@ XvDestroyPixmap(PixmapPtr pPix) SCREEN_PROLOGUE(pScreen, DestroyPixmap); - pxvs = (XvScreenPtr)pScreen->devPrivates[XvScreenIndex].ptr; + pxvs = (XvScreenPtr)dixLookupPrivate(&pScreen->devPrivates, XvScreenKey); /* CHECK TO SEE IF THIS PORT IS IN USE */ @@ -413,7 +401,7 @@ XvDestroyWindow(WindowPtr pWin) SCREEN_PROLOGUE(pScreen, DestroyWindow); - pxvs = (XvScreenPtr)pScreen->devPrivates[XvScreenIndex].ptr; + pxvs = (XvScreenPtr)dixLookupPrivate(&pScreen->devPrivates, XvScreenKey); /* CHECK TO SEE IF THIS PORT IS IN USE */ diff --git a/Xext/xvmc.c b/Xext/xvmc.c index 97a02c1b1..0c6dbeb91 100644 --- a/Xext/xvmc.c +++ b/Xext/xvmc.c @@ -39,7 +39,7 @@ #define DR_CLIENT_DRIVER_NAME_SIZE 48 #define DR_BUSID_SIZE 48 -int XvMCScreenIndex = -1; +static DevPrivateKey XvMCScreenKey = NULL; unsigned long XvMCGeneration = 0; @@ -63,7 +63,7 @@ typedef struct { } XvMCScreenRec, *XvMCScreenPtr; #define XVMC_GET_PRIVATE(pScreen) \ - (XvMCScreenPtr)((pScreen)->devPrivates[XvMCScreenIndex].ptr) + (XvMCScreenPtr)(dixLookupPrivate(&(pScreen)->devPrivates, XvMCScreenKey)) static int @@ -153,7 +153,7 @@ ProcXvMCListSurfaceTypes(ClientPtr client) return _XvBadPort; } - if(XvMCScreenIndex >= 0) { /* any adaptors at all */ + if(XvMCScreenKey) { /* any adaptors at all */ ScreenPtr pScreen = pPort->pAdaptor->pScreen; if((pScreenPriv = XVMC_GET_PRIVATE(pScreen))) { /* any this screen */ for(i = 0; i < pScreenPriv->num_adaptors; i++) { @@ -211,7 +211,7 @@ ProcXvMCCreateContext(ClientPtr client) pScreen = pPort->pAdaptor->pScreen; - if(XvMCScreenIndex < 0) /* no XvMC adaptors */ + if(XvMCScreenKey == NULL) /* no XvMC adaptors */ return BadMatch; if(!(pScreenPriv = XVMC_GET_PRIVATE(pScreen))) /* none this screen */ @@ -494,7 +494,7 @@ ProcXvMCListSubpictureTypes(ClientPtr client) pScreen = pPort->pAdaptor->pScreen; - if(XvMCScreenIndex < 0) /* No XvMC adaptors */ + if(XvMCScreenKey == NULL) /* No XvMC adaptors */ return BadMatch; if(!(pScreenPriv = XVMC_GET_PRIVATE(pScreen))) @@ -679,7 +679,7 @@ XvMCExtensionInit(void) { ExtensionEntry *extEntry; - if(XvMCScreenIndex < 0) /* nobody supports it */ + if(XvMCScreenKey == NULL) /* nobody supports it */ return; if(!(XvMCRTContext = CreateNewResourceType(XvMCDestroyContextRes))) @@ -720,17 +720,12 @@ XvMCScreenInit(ScreenPtr pScreen, int num, XvMCAdaptorPtr pAdapt) { XvMCScreenPtr pScreenPriv; - if(XvMCGeneration != serverGeneration) { - if((XvMCScreenIndex = AllocateScreenPrivateIndex()) < 0) - return BadAlloc; - - XvMCGeneration = serverGeneration; - } + XvMCScreenKey = &XvMCScreenKey; if(!(pScreenPriv = (XvMCScreenPtr)xalloc(sizeof(XvMCScreenRec)))) return BadAlloc; - pScreen->devPrivates[XvMCScreenIndex].ptr = (pointer)pScreenPriv; + dixSetPrivate(&pScreen->devPrivates, XvMCScreenKey, pScreenPriv); pScreenPriv->CloseScreen = pScreen->CloseScreen; pScreen->CloseScreen = XvMCCloseScreen; @@ -754,7 +749,7 @@ XvImagePtr XvMCFindXvImage(XvPortPtr pPort, CARD32 id) XvMCAdaptorPtr adaptor = NULL; int i; - if(XvMCScreenIndex < 0) return NULL; + if(XvMCScreenKey == NULL) return NULL; if(!(pScreenPriv = XVMC_GET_PRIVATE(pScreen))) return NULL; |