diff options
| author | Eamon Walsh <ewalsh@epoch.ncsc.mil> | 2004-05-05 20:04:52 +0000 |
|---|---|---|
| committer | Eamon Walsh <ewalsh@epoch.ncsc.mil> | 2004-05-05 20:04:52 +0000 |
| commit | 8526cd6395490b03b279f1962df777fb0e4a9878 (patch) | |
| tree | bf9295d0b0fc0925f3ddc959d0fa32243db40897 /os | |
| parent | 6d066cb10990d951449b342b40dec1f1b1ae593c (diff) | |
Replace XC-SECURITY code with XACE security hooks
Diffstat (limited to 'os')
| -rw-r--r-- | os/access.c | 21 | ||||
| -rw-r--r-- | os/connection.c | 13 |
2 files changed, 16 insertions, 18 deletions
diff --git a/os/access.c b/os/access.c index 9662ab624..bf28e6c13 100644 --- a/os/access.c +++ b/os/access.c @@ -1,5 +1,5 @@ /* $Xorg: access.c,v 1.5 2001/02/09 02:05:23 xorgcvs Exp $ */ -/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.2 2004/04/23 19:54:28 eich Exp $ */ +/* $XdotOrg: xc/programs/Xserver/os/access.c,v 1.1.4.4.4.1 2004/05/04 19:44:01 ewalsh Exp $ */ /*********************************************************** Copyright 1987, 1998 The Open Group @@ -192,9 +192,8 @@ SOFTWARE. #include "dixstruct.h" #include "osdep.h" -#ifdef XCSECURITY -#define _SECURITY_SERVER -#include "extensions/security.h" +#ifdef XACE +#include "xace.h" #endif #ifndef PATH_MAX @@ -1321,15 +1320,6 @@ Bool LocalClient(ClientPtr client) pointer addr; register HOST *host; -#ifdef XCSECURITY - /* untrusted clients can't change host access */ - if (client->trustLevel != XSecurityClientTrusted) - { - SecurityAudit("client %d attempted to change host access\n", - client->index); - return FALSE; - } -#endif #ifdef LBX if (!((OsCommPtr)client->osPrivate)->trans_conn) return FALSE; @@ -1431,6 +1421,11 @@ AuthorizedClient(ClientPtr client) { if (!client || defeatAccessControl) return TRUE; +#ifdef XACE + /* untrusted clients can't change host access */ + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess)) + return FALSE; +#endif return LocalClient(client); } diff --git a/os/connection.c b/os/connection.c index 930d38528..01f538c73 100644 --- a/os/connection.c +++ b/os/connection.c @@ -149,6 +149,9 @@ extern __const__ int _nfiles; #ifdef XAPPGROUP #include "extensions/Xagsrv.h" #endif +#ifdef XACE +#include "xace.h" +#endif #ifdef XCSECURITY #define _SECURITY_SERVER #include "extensions/security.h" @@ -632,8 +635,9 @@ ClientAuthorized(ClientPtr client, if (! priv->trans_conn) { if (auth_id == (XID) ~0L && !GetAccessControl()) auth_id = ((OsCommPtr)lbxpc->osPrivate)->auth_id; -#ifdef XCSECURITY - else if (auth_id != (XID) ~0L && !SecuritySameLevel(lbxpc, auth_id)) { +#ifdef XACE + else if (auth_id != (XID) ~0L && + !XaceHook(XACE_LBX_PROXY_ACCESS, lbxpc, auth_id)) { auth_id = (XID) ~0L; reason = "Client trust level differs from that of LBX Proxy"; } @@ -709,9 +713,8 @@ ClientAuthorized(ClientPtr client, /* indicate to Xdmcp protocol that we've opened new client */ XdmcpOpenDisplay(priv->fd); #endif /* XDMCP */ -#ifdef XAPPGROUP - if (ClientStateCallback) - XagCallClientStateChange (client); +#ifdef XACE + XaceHook(XACE_AUTH_AVAIL, client, auth_id); #endif /* At this point, if the client is authorized to change the access control * list, we should getpeername() information, and add the client to |