diff options
| author | Eamon Walsh <ewalsh@epoch.ncsc.mil> | 2004-05-05 20:04:52 +0000 |
|---|---|---|
| committer | Alan Coopersmith <alanc@alf.(none)> | 2006-06-19 17:09:37 -0700 |
| commit | 37f0ae02457bd22b27f8f30a373e5cb19f2fbaea (patch) | |
| tree | 94127e7ba8d70ead4ee3a0c47e56e965d0a7c685 /os | |
| parent | 8d9ccc90a54c786ca4ba5620ab0a965e3f3bc8ea (diff) | |
Replace XC-SECURITY code with XACE security hooks
(cherry picked from 8526cd6395490b03b279f1962df777fb0e4a9878 commit)
Diffstat (limited to 'os')
| -rw-r--r-- | os/access.c | 19 | ||||
| -rw-r--r-- | os/connection.c | 8 |
2 files changed, 12 insertions, 15 deletions
diff --git a/os/access.c b/os/access.c index 62af2f91f..dc54beef7 100644 --- a/os/access.c +++ b/os/access.c @@ -202,9 +202,8 @@ SOFTWARE. #include "dixstruct.h" #include "osdep.h" -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#ifdef XACE +#include "xace.h" #endif #ifndef PATH_MAX @@ -1383,15 +1382,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client) pointer addr; register HOST *host; -#ifdef XCSECURITY - /* untrusted clients can't change host access */ - if (client->trustLevel != XSecurityClientTrusted) - { - SecurityAudit("client %d attempted to change host access\n", - client->index); - return FALSE; - } -#endif if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, ¬used, &alen, &from)) { @@ -1534,6 +1524,11 @@ AuthorizedClient(ClientPtr client) { if (!client || defeatAccessControl) return TRUE; +#ifdef XACE + /* untrusted clients can't change host access */ + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess)) + return FALSE; +#endif return LocalClient(client); } diff --git a/os/connection.c b/os/connection.c index 21c1ea641..eb1bcbef9 100644 --- a/os/connection.c +++ b/os/connection.c @@ -150,6 +150,9 @@ extern __const__ int _nfiles; #ifdef XAPPGROUP #include <X11/extensions/Xagsrv.h> #endif +#ifdef XACE +#include "xace.h" +#endif #ifdef XCSECURITY #define _SECURITY_SERVER #include <X11/extensions/security.h> @@ -693,9 +696,8 @@ ClientAuthorized(ClientPtr client, /* indicate to Xdmcp protocol that we've opened new client */ XdmcpOpenDisplay(priv->fd); #endif /* XDMCP */ -#ifdef XAPPGROUP - if (ClientStateCallback) - XagCallClientStateChange (client); +#ifdef XACE + XaceHook(XACE_AUTH_AVAIL, client, auth_id); #endif /* At this point, if the client is authorized to change the access control * list, we should getpeername() information, and add the client to |