security: drop support for XC-QUERY-SECURITY authorization method.

8 files changed, 3 insertions, 304 deletions

diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy
index 0000c5a8f..04dfb0e6b 100644
--- a/Xext/SecurityPolicy
+++ b/Xext/SecurityPolicy
@@ -2,13 +2,6 @@ version-1
 
 # $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $
 
-# The site policy fields are interpreted by the XC-QUERY-SECURITY-1
-# authorization protocol.  The values are arbitrary and site-specific.
-# Refer to the Security Extension Specification for the usage of the policies.
-#sitepolicy A
-#sitepolicy B
-#sitepolicy C
-
 # Property access rules:
 # property <property> <window> <permissions>
 # <window> ::= any | root | <propertyselector>
diff --git a/Xext/security.c b/Xext/security.c
index b1c0ce008..9e3b2dd9d 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1526,64 +1526,6 @@ SecurityParseExtensionRule(
 
 } /* SecurityParseExtensionRule */
 
-static char **SecurityPolicyStrings = NULL;
-static int nSecurityPolicyStrings = 0;
-
-static Bool
-SecurityParseSitePolicy(
-    char *p)
-{
-    char *policyStr = SecurityParseString(&p);
-    char *copyPolicyStr;
-    char **newStrings;
-
-    if (!policyStr)
-	return FALSE;
-
-    copyPolicyStr = (char *)Xalloc(strlen(policyStr) + 1);
-    if (!copyPolicyStr)
-	return TRUE;
-    strcpy(copyPolicyStr, policyStr);
-    newStrings = (char **)Xrealloc(SecurityPolicyStrings,
-			  sizeof (char *) * (nSecurityPolicyStrings + 1));
-    if (!newStrings)
-    {
-	Xfree(copyPolicyStr);
-	return TRUE;
-    }
-
-    SecurityPolicyStrings = newStrings;
-    SecurityPolicyStrings[nSecurityPolicyStrings++] = copyPolicyStr;
-
-    return TRUE;
-
-} /* SecurityParseSitePolicy */
-
-
-char **
-SecurityGetSitePolicyStrings(n)
-    int *n;
-{
-    *n = nSecurityPolicyStrings;
-    return SecurityPolicyStrings;
-} /* SecurityGetSitePolicyStrings */
-
-static void
-SecurityFreeSitePolicyStrings(void)
-{
-    if (SecurityPolicyStrings)
-    {
-	assert(nSecurityPolicyStrings);
-	while (nSecurityPolicyStrings--)
-	{
-	    Xfree(SecurityPolicyStrings[nSecurityPolicyStrings]);
-	}
-	Xfree(SecurityPolicyStrings);
-	SecurityPolicyStrings = NULL;
-	nSecurityPolicyStrings = 0;
-    }
-} /* SecurityFreeSitePolicyStrings */
-
 static void
 SecurityFreeTrustedExtensionStrings(void)
 {
@@ -1646,6 +1588,7 @@ SecurityLoadPropertyAccessList(void)
 	    switch (SecurityParseKeyword(&p))
 	    {
 		case SecurityKeywordComment:
+		case SecurityKeywordSitePolicy:
 		    validLine = TRUE;
 		break;
 
@@ -1653,10 +1596,6 @@ SecurityLoadPropertyAccessList(void)
 		    validLine = SecurityParsePropertyAccessRule(p);
 		break;
 
-		case SecurityKeywordSitePolicy:
-		    validLine = SecurityParseSitePolicy(p);
-		break;
-
 		case SecurityKeywordExtension:
 		    validLine = SecurityParseExtensionRule(p);
 		break;
@@ -1837,7 +1776,6 @@ SecurityResetProc(
 {
     SecurityFreePropertyAccessList();
     SecurityFreeTrustedExtensionStrings();
-    SecurityFreeSitePolicyStrings();
 } /* SecurityResetProc */
 
 
diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
index 67d864e2e..7320ab7da 100644
--- a/Xext/securitysrv.h
+++ b/Xext/securitysrv.h
@@ -84,6 +84,4 @@ extern int XSecurityOptions(int argc, char **argv, int i);
 
 #define SECURITY_POLICY_FILE_VERSION "version-1"
 
-extern char **SecurityGetSitePolicyStrings(int *n);
-
 #endif /* _SECURITY_SRV_H */
diff --git a/os/Makefile.am b/os/Makefile.am
index 53b2d7f0c..9dd1b5432 100644
--- a/os/Makefile.am
+++ b/os/Makefile.am
@@ -6,7 +6,6 @@ AM_CFLAGS = $(DIX_CFLAGS)
 SECURERPC_SRCS = rpcauth.c
 INTERNALMALLOC_SRCS = xalloc.c
 
-XCSECURITY_SRCS = secauth.c
 XDMCP_SRCS = xdmcp.c
 STRLCAT_SRCS = strlcat.c strlcpy.c
 XORG_SRCS = log.c
@@ -28,10 +27,6 @@ libos_la_SOURCES = 	\
 	xprintf.c	\
 	$(XORG_SRCS)
 
-if XCSECURITY
-libos_la_SOURCES += $(XCSECURITY_SRCS)
-endif
-
 if XDMCP
 libos_la_SOURCES += $(XDMCP_SRCS)
 endif
@@ -48,7 +43,7 @@ libcwrapper_la_CFLAGS = \
 	$(AM_CFLAGS)
 
 EXTRA_DIST = $(SECURERPC_SRCS) $(INTERNALMALLOC_SRCS) \
-     $(XCSECURITY_SRCS) $(XDMCP_SRCS) $(STRLCAT_SRCS)
+     $(XDMCP_SRCS) $(STRLCAT_SRCS)
 
 if XSERVER_DTRACE
 # Generate dtrace object code for probes in libos & libdix
diff --git a/os/auth.c b/os/auth.c
index b2a145f89..d2aa980a8 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -42,9 +42,6 @@ from The Open Group.
 # include   "dixstruct.h"
 # include   <sys/types.h>
 # include   <sys/stat.h>
-#ifdef XCSECURITY
-# include   "securitysrv.h"
-#endif
 #ifdef WIN32
 #include    <X11/Xw32defs.h>
 #endif
@@ -89,14 +86,6 @@ static struct protocol   protocols[] = {
 #endif
 },
 #endif
-#ifdef XCSECURITY
-{   (unsigned short) XSecurityAuthorizationNameLen,
-	XSecurityAuthorizationName,
-		NULL, AuthSecurityCheck, NULL,
-		NULL, NULL, NULL,
-		NULL
-},
-#endif
 };
 
 # define NUM_AUTHORIZATION  (sizeof (protocols) /\
diff --git a/os/connection.c b/os/connection.c
index d975f87d2..c1152aad7 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -140,9 +140,6 @@ SOFTWARE.
 #include "appgroup.h"
 #endif
 #include "xace.h"
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
 
 #ifdef X_NOT_POSIX
 #define Pid_t int
@@ -669,13 +666,7 @@ ClientAuthorized(ClientPtr client,
 
     if (auth_id == (XID) ~0L)
     {
-	if (
-#ifdef XCSECURITY	    
-	    (proto_n == 0 ||
-	    strncmp (auth_proto, XSecurityAuthorizationName, proto_n) != 0) &&
-#endif
-	    _XSERVTransGetPeerAddr (trans_conn,
-	        &family, &fromlen, &from) != -1)
+	if (_XSERVTransGetPeerAddr(trans_conn, &family, &fromlen, &from) != -1)
 	{
 	    if (InvalidHost ((struct sockaddr *) from, fromlen, client))
 		AuthAudit(client, FALSE, (struct sockaddr *) from,
diff --git a/os/osdep.h b/os/osdep.h
index 965436df5..0c07a9004 100644
--- a/os/osdep.h
+++ b/os/osdep.h
@@ -260,9 +260,6 @@ extern int  SecureRPCRemove   (AuthRemCArgs);
 extern int  SecureRPCReset    (AuthRstCArgs);
 #endif
 
-/* in secauth.c */
-extern XID AuthSecurityCheck (AuthCheckArgs);
-
 /* in xdmcp.c */
 extern void XdmcpUseMsg (void);
 extern int XdmcpOptions(int argc, char **argv, int i);
diff --git a/os/secauth.c b/os/secauth.c
deleted file mode 100644
index d01879bfd..000000000
--- a/os/secauth.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
-Copyright 1996, 1998  The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-*/
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include "os.h"
-#include "osdep.h"
-#include "dixstruct.h"
-#include "swaprep.h"
-
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
-
-static char InvalidPolicyReason[] = "invalid policy specification";
-static char PolicyViolationReason[] = "policy violation";
-
-static Bool
-AuthCheckSitePolicy(
-    unsigned short *data_lengthP,
-    char	**dataP,
-    ClientPtr	client,
-    char	**reason)
-{
-    CARD8	*policy = *(CARD8 **)dataP;
-    int		length;
-    Bool	permit;
-    int		nPolicies;
-    char	**sitePolicies;
-    int		nSitePolicies;
-    Bool	found = FALSE;
-
-    if ((length = *data_lengthP) < 2) {
-	*reason = InvalidPolicyReason;
-	return FALSE;
-    }
-
-    permit = (*policy++ == 0);
-    nPolicies = (CARD8) *policy++;
-
-    length -= 2;
-
-    sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
-
-    while (nPolicies) {
-	int strLen, sitePolicy;
-
-	if (length == 0) {
-	    *reason = InvalidPolicyReason;
-	    return FALSE;
-	}
-
-	strLen = (CARD8) *policy++;
-	if (--length < strLen) {
-	    *reason = InvalidPolicyReason;
-	    return FALSE;
-	}
-
-	if (!found)
-	{
-	    for (sitePolicy = 0; sitePolicy < nSitePolicies; sitePolicy++)
-	    {
-		char *testPolicy = sitePolicies[sitePolicy];
-		if ((strLen == strlen(testPolicy)) &&
-		    (strncmp((char *)policy, testPolicy, strLen) == 0))
-		{
-		    found = TRUE; /* need to continue parsing the policy... */
-		    break;
-		}
-	    }
-	}
-
-	policy += strLen;
-	length -= strLen;
-	nPolicies--;
-    }
-
-    if (found != permit)
-    {
-	*reason = PolicyViolationReason;
-	return FALSE;
-    }
-
-    *data_lengthP = length;
-    *dataP = (char *)policy;
-    return TRUE;
-}
-
-XID
-AuthSecurityCheck (
-    unsigned short	data_length,
-    char		*data,
-    ClientPtr		client,
-    char		**reason)
-{
-#ifdef XCSECURITY
-    xConnSetupPrefix csp;
-    xReq freq;
-
-    if (client->clientState == ClientStateCheckedSecurity)
-    {
-	*reason = "repeated security check not permitted";
-	return (XID) -1;
-    }
-    else if (data_length > 0)
-    {
-	char policy_mask = *data++;
-
-	if (--data_length == 1) {
-	    *reason = InvalidPolicyReason;
-	    return (XID) -1;
-	}
-
-	if (policy_mask & 0x01)	/* Extensions policy */
-	{
-	 /* AuthCheckExtensionPolicy(&data_length, &data, client, reason) */
-	    *reason = "security policy not implemented";
-	    return (XID) -1;
-	}
-
-	if (policy_mask & 0x02)	/* Site policy */
-	{
-	    if (!AuthCheckSitePolicy(&data_length, &data, client, reason))
-		return (XID) -1;
-	}
-
-	if (data_length > 0) {	/* did we consume the whole policy? */
-	    *reason = InvalidPolicyReason;
-	    return (XID) -1;
-	}
-
-    }
-    else if (!GetAccessControl())
-    {
-	/*
-	 * The client - possibly the X FireWall Proxy - gave
-	 * no auth data and host-based authorization is turned
-	 * off.  In this case, the client should be denied
-	 * access to the X server.
-	 */
-	*reason = "server host access control is disabled";
-	return (XID) -1;
-    }
-
-    client->clientState = ClientStateCheckingSecurity;
-
-    csp.success = 2 /* Authenticate */;
-    csp.lengthReason = 0;
-    csp.length = 0;
-    csp.majorVersion = X_PROTOCOL;
-    csp.minorVersion = X_PROTOCOL_REVISION;
-    if (client->swapped)
-	WriteSConnSetupPrefix(client, &csp);
-    else
-	(void)WriteToClient(client, sz_xConnSetupPrefix, (char *) &csp);
-
-    /*
-     * Next time the client sends the real auth data, we want
-     * ProcEstablishConnection to be called.
-     */
-
-    freq.reqType = 1;
-    freq.length = (sz_xReq + sz_xConnClientPrefix) >> 2;
-    client->swapped = FALSE;
-    if (!InsertFakeRequest(client, (char *)&freq, sz_xReq))
-    {
-	*reason = "internal error";
-	return (XID) -1;
-    }
-
-    return (XID) 0;
-#else
-    *reason = "method not supported";
-    return (XID) -1;
-#endif
-}