diff options
author | Eamon Walsh <ewalsh@epoch.ncsc.mil> | 2004-06-01 21:09:25 +0000 |
---|---|---|
committer | Alan Coopersmith <alanc@alf.(none)> | 2006-06-20 15:29:42 -0700 |
commit | 227a3193405147fbbee2971cc15bac92cc13285a (patch) | |
tree | 5173de73576428035478ab93c242e68f8893a5f6 | |
parent | f818e0ab60da3779ab2602c6e6d3ff261b50917e (diff) |
Add XACE extension source files.
(Copied from XACE-SELINUX branch in Xorg monolith CVS since these were never
imported to modular cvs or git trees.)
-rw-r--r-- | Xext/xace.c | 537 | ||||
-rw-r--r-- | Xext/xace.h | 124 | ||||
-rw-r--r-- | Xext/xacestr.h | 141 |
3 files changed, 802 insertions, 0 deletions
diff --git a/Xext/xace.c b/Xext/xace.c new file mode 100644 index 000000000..75fb8a35b --- /dev/null +++ b/Xext/xace.c @@ -0,0 +1,537 @@ +/************************************************************ + +Author: Eamon Walsh <ewalsh@epoch.ncsc.mil> + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#include <stdarg.h> +#include "windowstr.h" +#include "scrnintstr.h" +#include "gcstruct.h" +#include "xacestr.h" +#include "modinit.h" + +CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0}; + +static Bool stateSlotsUsed[XACE_STATE_SLOTS] = {0}; +static char *stateExtNames[XACE_STATE_SLOTS] = {0}; + +/* Proc vectors for untrusted clients, swapped and unswapped versions. + * These are the same as the normal proc vectors except that extensions + * that haven't declared themselves secure will have ProcBadRequest plugged + * in for their major opcode dispatcher. This prevents untrusted clients + * from guessing extension major opcodes and using the extension even though + * the extension can't be listed or queried. + */ +int (*UntrustedProcVector[256])( + ClientPtr /*client*/ +); +int (*SwappedUntrustedProcVector[256])( + ClientPtr /*client*/ +); + +/* Register with the security module, which allows an extension to store + * security state. The return value is the index which should be passed + * to the state macros, or -1 if no more slots are available. + */ +int XaceRegisterExtension(name) + char *name; +{ + int i; + for (i=0; i<XACE_STATE_SLOTS; i++) + if (!stateSlotsUsed[i]) + { + /* save the extension name */ + if (name) { + stateExtNames[i] = (char*)xalloc(strlen(name)+1); + if (!stateExtNames[i]) + return -1; + memcpy(stateExtNames[i], name, strlen(name)+1); + } + stateSlotsUsed[i] = TRUE; + return i; + } + return -1; /* no slots free */ +} + +/* Unregister an extension. Pass the index returned at registration time. + */ +void XaceUnregisterExtension(idx) + int idx; /* state index */ +{ + /* free the extension name */ + if (stateExtNames[idx]) { + xfree(stateExtNames[idx]); + stateExtNames[idx] = NULL; + } + stateSlotsUsed[idx] = FALSE; +} + +/* Entry point for hook functions. Called by Xserver. + */ +int XaceHook(int hook, ...) +{ + pointer calldata; /* data passed to callback */ + int *prv = NULL; /* points to return value from callback */ + va_list ap; /* argument list */ + va_start(ap, hook); + + /* Marshal arguments for passing to callback. + * Each callback has its own case, which sets up a structure to hold + * the arguments and integer return parameter, or in some cases just + * sets calldata directly to a single argument (with no return result) + */ + switch (hook) + { + case XACE_CORE_DISPATCH: { + XaceCoreDispatchRec rec = { + va_arg(ap, ClientPtr), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_RESOURCE_ACCESS: { + XaceResourceAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, XID), + va_arg(ap, RESTYPE), + va_arg(ap, Mask), + va_arg(ap, pointer), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DEVICE_ACCESS: { + XaceDeviceAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, DeviceIntPtr), + va_arg(ap, Bool), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_PROPERTY_ACCESS: { + XacePropertyAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, WindowPtr), + va_arg(ap, Atom), + va_arg(ap, Mask), + SecurityAllowOperation /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DRAWABLE_ACCESS: { + XaceDrawableAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, DrawablePtr), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_MAP_ACCESS: + case XACE_BACKGRND_ACCESS: { + XaceMapAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, WindowPtr), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_EXT_DISPATCH: + case XACE_EXT_ACCESS: { + XaceExtAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, ExtensionEntry*), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_HOSTLIST_ACCESS: { + XaceHostlistAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, Mask), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_SITE_POLICY: { + XaceSitePolicyRec rec = { + va_arg(ap, char*), + va_arg(ap, int), + FALSE /* default unrecognized */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DECLARE_EXT_SECURE: { + XaceDeclareExtSecureRec rec = { + va_arg(ap, ExtensionEntry*), + va_arg(ap, Bool) + }; + calldata = &rec; + break; + } + case XACE_AUTH_AVAIL: { + XaceAuthAvailRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, XID) + }; + calldata = &rec; + break; + } +#ifdef LBX + case XACE_LBX_EXT_ACCESS: { + XaceLbxExtAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, LbxExtensionEntry*), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DECLARE_LBX_EXT_SECURE: { + XaceDeclareLbxExtSecureRec rec = { + va_arg(ap, LbxExtensionEntry*), + va_arg(ap, Bool) + }; + calldata = &rec; + break; + } + case XACE_LBX_PROXY_ACCESS: { + XaceLbxProxyAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, XID), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } +#endif + default: { + va_end(ap); + return 0; /* unimplemented hook number */ + } + } + va_end(ap); + + /* call callbacks and return result, if any. */ + CallCallbacks(&XaceHooks[hook], calldata); + return prv ? *prv : 0; +} + +static int +ProcXaceDispatch(ClientPtr client) +{ + REQUEST(xReq); + + switch (stuff->data) + { + default: + return BadRequest; + } +} /* ProcXaceDispatch */ + +static int +SProcXaceDispatch(ClientPtr client) +{ + REQUEST(xReq); + + switch (stuff->data) + { + default: + return BadRequest; + } +} /* SProcXaceDispatch */ + + +/* XaceResetProc + * + * Arguments: + * extEntry is the extension information for the XACE extension. + * + * Returns: nothing. + * + * Side Effects: + * Performs any cleanup needed by XACE at server shutdown time. + */ +static void +XaceResetProc(ExtensionEntry *extEntry) +{ + int i; + + for (i=0; i<XACE_NUM_HOOKS; i++) + { + DeleteCallbackList(&XaceHooks[i]); + XaceHooks[i] = NULL; + } + + for (i=0; i<XACE_STATE_SLOTS; i++) + { + if (stateExtNames[i]) + xfree(stateExtNames[i]); + stateExtNames[i] = NULL; + stateSlotsUsed[i] = FALSE; + } +} /* XaceResetProc */ + + +static int +XaceCatchDispatchProc(ClientPtr client) +{ + REQUEST(xReq); + int major = stuff->reqType; + + if (!ProcVector[major]) + return (BadRequest); + + if (!XaceHook(XACE_CORE_DISPATCH, client)) + return (BadAccess); + + return client->swapped ? + (* SwappedProcVector[major])(client) : + (* ProcVector[major])(client); +} + +static int +XaceCatchExtProc(ClientPtr client) +{ + REQUEST(xReq); + int major = stuff->reqType; + ExtensionEntry *ext = GetExtensionEntry(major); + + if (!ext || !ProcVector[major]) + return (BadRequest); + + if (!XaceHook(XACE_EXT_DISPATCH, client, ext)) + return (BadRequest); /* pretend extension doesn't exist */ + + return client->swapped ? + (* SwappedProcVector[major])(client) : + (* ProcVector[major])(client); +} + + +/* SecurityClientStateCallback + * + * Arguments: + * pcbl is &ClientStateCallback. + * nullata is NULL. + * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h) + * which contains information about client state changes. + * + * Returns: nothing. + * + * Side Effects: + * + * If a new client is connecting, its authorization ID is copied to + * client->authID. If this is a generated authorization, its reference + * count is bumped, its timer is cancelled if it was running, and its + * trustlevel is copied to TRUSTLEVEL(client). + * + * If a client is disconnecting and the client was using a generated + * authorization, the authorization's reference count is decremented, and + * if it is now zero, the timer for this authorization is started. + */ + +static void +XaceClientStateCallback( + CallbackListPtr *pcbl, + pointer nulldata, + pointer calldata) +{ + NewClientInfoRec *pci = (NewClientInfoRec *)calldata; + ClientPtr client = pci->client; + + switch (client->clientState) + { + case ClientStateRunning: + { + client->requestVector = client->swapped ? + SwappedUntrustedProcVector : UntrustedProcVector; + break; + } + default: break; + } +} /* XaceClientStateCallback */ + +/* XaceExtensionInit + * + * Initialize the XACE Extension + */ +void XaceExtensionInit(INITARGS) +{ + ExtensionEntry *extEntry; + int i; + + if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL)) + return; + + extEntry = AddExtension(XACE_EXTENSION_NAME, + XaceNumberEvents, XaceNumberErrors, + ProcXaceDispatch, SProcXaceDispatch, + XaceResetProc, StandardMinorOpcode); + + /* initialize dispatching intercept functions */ + for (i = 0; i < 128; i++) + { + UntrustedProcVector[i] = XaceCatchDispatchProc; + SwappedUntrustedProcVector[i] = XaceCatchDispatchProc; + } + for (i = 128; i < 256; i++) + { + UntrustedProcVector[i] = XaceCatchExtProc; + SwappedUntrustedProcVector[i] = XaceCatchExtProc; + } +} + +/* XaceCensorImage + * + * Called after pScreen->GetImage to prevent pieces or trusted windows from + * being returned in image data from an untrusted window. + * + * Arguments: + * client is the client doing the GetImage. + * pVisibleRegion is the visible region of the window. + * widthBytesLine is the width in bytes of one horizontal line in pBuf. + * pDraw is the source window. + * x, y, w, h is the rectangle of image data from pDraw in pBuf. + * format is the format of the image data in pBuf: ZPixmap or XYPixmap. + * pBuf is the image data. + * + * Returns: nothing. + * + * Side Effects: + * Any part of the rectangle (x, y, w, h) that is outside the visible + * region of the window will be destroyed (overwritten) in pBuf. + */ +void +XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y, w, h, + format, pBuf) + ClientPtr client; + RegionPtr pVisibleRegion; + long widthBytesLine; + DrawablePtr pDraw; + int x, y, w, h; + unsigned int format; + char * pBuf; +{ + ScreenPtr pScreen = pDraw->pScreen; + RegionRec imageRegion; /* region representing x,y,w,h */ + RegionRec censorRegion; /* region to obliterate */ + BoxRec imageBox; + int nRects; + + imageBox.x1 = x; + imageBox.y1 = y; + imageBox.x2 = x + w; + imageBox.y2 = y + h; + REGION_INIT(pScreen, &imageRegion, &imageBox, 1); + REGION_NULL(pScreen, &censorRegion); + + /* censorRegion = imageRegion - visibleRegion */ + REGION_SUBTRACT(pScreen, &censorRegion, &imageRegion, pVisibleRegion); + nRects = REGION_NUM_RECTS(&censorRegion); + if (nRects > 0) + { /* we have something to censor */ + GCPtr pScratchGC = NULL; + PixmapPtr pPix = NULL; + xRectangle *pRects = NULL; + Bool failed = FALSE; + int depth = 1; + int bitsPerPixel = 1; + int i; + BoxPtr pBox; + + /* convert region to list-of-rectangles for PolyFillRect */ + + pRects = (xRectangle *)ALLOCATE_LOCAL(nRects * sizeof(xRectangle *)); + if (!pRects) + { + failed = TRUE; + goto failSafe; + } + for (pBox = REGION_RECTS(&censorRegion), i = 0; + i < nRects; + i++, pBox++) + { + pRects[i].x = pBox->x1; + pRects[i].y = pBox->y1 - imageBox.y1; + pRects[i].width = pBox->x2 - pBox->x1; + pRects[i].height = pBox->y2 - pBox->y1; + } + + /* use pBuf as a fake pixmap */ + + if (format == ZPixmap) + { + depth = pDraw->depth; + bitsPerPixel = pDraw->bitsPerPixel; + } + + pPix = GetScratchPixmapHeader(pDraw->pScreen, w, h, + depth, bitsPerPixel, + widthBytesLine, (pointer)pBuf); + if (!pPix) + { + failed = TRUE; + goto failSafe; + } + + pScratchGC = GetScratchGC(depth, pPix->drawable.pScreen); + if (!pScratchGC) + { + failed = TRUE; + goto failSafe; + } + + ValidateGC(&pPix->drawable, pScratchGC); + (* pScratchGC->ops->PolyFillRect)(&pPix->drawable, + pScratchGC, nRects, pRects); + + failSafe: + if (failed) + { + /* Censoring was not completed above. To be safe, wipe out + * all the image data so that nothing trusted gets out. + */ + bzero(pBuf, (int)(widthBytesLine * h)); + } + if (pRects) DEALLOCATE_LOCAL(pRects); + if (pScratchGC) FreeScratchGC(pScratchGC); + if (pPix) FreeScratchPixmapHeader(pPix); + } + REGION_UNINIT(pScreen, &imageRegion); + REGION_UNINIT(pScreen, &censorRegion); +} /* XaceCensorImage */ diff --git a/Xext/xace.h b/Xext/xace.h new file mode 100644 index 000000000..d7fb0c38d --- /dev/null +++ b/Xext/xace.h @@ -0,0 +1,124 @@ +/************************************************************ + +Author: Eamon Walsh <ewalsh@epoch.ncsc.mil> + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifndef _XACE_H +#define _XACE_H + +#define XACE_EXTENSION_NAME "XAccessControlExtension" +#define XACE_MAJOR_VERSION 1 +#define XACE_MINOR_VERSION 0 + +#include "pixmap.h" /* for DrawablePtr */ +#include "regionstr.h" /* for RegionPtr */ + +#define XaceNumberEvents 0 +#define XaceNumberErrors 0 + +/* security state */ +#define XACE_STATE_SLOTS 4 +#define XACE_STATE_INIT(ary) memset(ary, 0, sizeof(ary)) + +/* security hooks */ +/* Constants used to identify the available security hooks + */ +#define XACE_CORE_DISPATCH 0 +#define XACE_EXT_DISPATCH 1 +#define XACE_RESOURCE_ACCESS 2 +#define XACE_DEVICE_ACCESS 3 +#define XACE_PROPERTY_ACCESS 4 +#define XACE_DRAWABLE_ACCESS 5 +#define XACE_MAP_ACCESS 6 +#define XACE_BACKGRND_ACCESS 7 +#define XACE_EXT_ACCESS 8 +#define XACE_HOSTLIST_ACCESS 9 +#define XACE_SITE_POLICY 10 +#define XACE_DECLARE_EXT_SECURE 11 +#define XACE_AUTH_AVAIL 12 +#ifndef LBX +#define XACE_NUM_HOOKS 13 +#else /* LBX */ +#define XACE_LBX_EXT_ACCESS 13 +#define XACE_DECLARE_LBX_EXT_SECURE 14 +#define XACE_LBX_PROXY_ACCESS 15 +#define XACE_NUM_HOOKS 16 +#endif + +extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS]; + +/* Entry point for hook functions. Called by Xserver. + */ +extern int XaceHook( + int /*hook*/, + ... /*appropriate args for hook*/ + ); + +/* Register a callback for a given hook. Extensions do not + * need to register themselves with XACERegisterExtension() + * to do this. + */ +#define XaceRegisterCallback(hook,callback,data) \ + AddCallback(XaceHooks+(hook), callback, data) + +/* Unregister an existing callback for a given hook. + */ +#define XaceDeleteCallback(hook,callback,data) \ + DeleteCallback(XaceHooks+(hook), callback, data) + + +/* extension registration */ + +/* Register with the security module, which allows an extension to store + * security state. Pass the name of the calling extension. Returns the + * index number for the state macros or -1 if no more slots are available. + */ +extern int XaceRegisterExtension(char *); + +/* Unregister an extension. Pass the index returned at registration time. + */ +extern void XaceUnregisterExtension(int); + +/* From the original Security extension... + */ + +/* Hook return codes */ +#define SecurityAllowOperation 0 +#define SecurityIgnoreOperation 1 +#define SecurityErrorOperation 2 + +/* Proc vectors for untrusted clients, swapped and unswapped versions. + * These are the same as the normal proc vectors except that extensions + * that haven't declared themselves secure will have ProcBadRequest plugged + * in for their major opcode dispatcher. This prevents untrusted clients + * from guessing extension major opcodes and using the extension even though + * the extension can't be listed or queried. + */ +extern int (*UntrustedProcVector[256])(ClientPtr client); +extern int (*SwappedUntrustedProcVector[256])(ClientPtr client); + +extern void XaceCensorImage( + ClientPtr client, + RegionPtr pVisibleRegion, + long widthBytesLine, + DrawablePtr pDraw, + int x, int y, int w, int h, + unsigned int format, + char * pBuf + ); + +#endif /* _XACE_H */ diff --git a/Xext/xacestr.h b/Xext/xacestr.h new file mode 100644 index 000000000..d460715f9 --- /dev/null +++ b/Xext/xacestr.h @@ -0,0 +1,141 @@ +/************************************************************ + +Author: Eamon Walsh <ewalsh@epoch.ncsc.mil> + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifndef _XACESTR_H +#define _XACESTR_H + +#include <X11/Xdefs.h> +#include "dixstruct.h" +#include "resource.h" +#include "extnsionst.h" +#include "gcstruct.h" +#include "windowstr.h" +#include "inputstr.h" +#include "xace.h" +#ifdef LBX +#include "lbxserve.h" /* for LbxExtensionEntry */ +#endif + +/* XACE_CORE_DISPATCH */ +typedef struct { + ClientPtr client; + int rval; +} XaceCoreDispatchRec; + +/* XACE_RESOURCE_ACCESS */ +/* XACE_RESOURCE_CREATE */ +typedef struct { + ClientPtr client; + XID id; + RESTYPE rtype; + Mask access_mode; + pointer res; + int rval; +} XaceResourceAccessRec; + +/* XACE_DEVICE_ACCESS */ +typedef struct { + ClientPtr client; + DeviceIntPtr dev; + Bool fromRequest; + int rval; +} XaceDeviceAccessRec; + +/* XACE_PROPERTY_ACCESS */ +typedef struct { + ClientPtr client; + WindowPtr pWin; + Atom propertyName; + Mask access_mode; + int rval; +} XacePropertyAccessRec; + +/* XACE_DRAWABLE_ACCESS */ +typedef struct { + ClientPtr client; + DrawablePtr pDraw; + int rval; +} XaceDrawableAccessRec; + +/* XACE_MAP_ACCESS */ +/* XACE_BACKGRND_ACCESS */ +typedef struct { + ClientPtr client; + WindowPtr pWin; + int rval; +} XaceMapAccessRec; + +/* XACE_EXT_DISPATCH_ACCESS */ +/* XACE_EXT_ACCESS */ +typedef struct { + ClientPtr client; + ExtensionEntry *ext; + int rval; +} XaceExtAccessRec; + +/* XACE_HOSTLIST_ACCESS */ +typedef struct { + ClientPtr client; + Mask access_mode; + int rval; +} XaceHostlistAccessRec; + +/* XACE_SITE_POLICY */ +typedef struct { + char *policyString; + int len; + int rval; +} XaceSitePolicyRec; + +/* XACE_DECLARE_EXT_SECURE */ +typedef struct { + ExtensionEntry *ext; + Bool secure; +} XaceDeclareExtSecureRec; + +/* XACE_AUTH_AVAIL */ +typedef struct { + ClientPtr client; + XID authId; +} XaceAuthAvailRec; + +#ifdef LBX +/* XACE_LBX_EXT_ACCESS */ +typedef struct { + ClientPtr client; + LbxExtensionEntry *ext; + int rval; +} XaceLbxExtAccessRec; + +/* XACE_DECLARE_LBX_EXT_SECURE */ +typedef struct { + LbxExtensionEntry *ext; + Bool secure; +} XaceDeclareLbxExtSecureRec; + +/* XACE_LBX_PROXY_ACCESS */ +typedef struct { + ClientPtr client; + XID authId; + int rval; +} XaceLbxProxyAccessRec; + +#endif /* LBX */ + +#endif /* _XACESTR_H */ |