diff --git a/GL/glx/glxdri.c b/GL/glx/glxdri.c index 41e49e225..b5723049d 100644 --- a/GL/glx/glxdri.c +++ b/GL/glx/glxdri.c @@ -73,6 +73,9 @@ struct __GLXDRIscreen { __DRIscreen driScreen; void *driver; + xf86EnterVTProc *enterVT; + xf86LeaveVTProc *leaveVT; + unsigned char glx_enable_bits[__GLX_EXT_BYTES]; }; @@ -622,8 +625,7 @@ static __DRIfuncPtr getProcAddress(const char *proc_name) static __DRIscreen *findScreen(__DRInativeDisplay *dpy, int scrn) { - __GLXDRIscreen *screen = - (__GLXDRIscreen *) __glXgetActiveScreen(scrn); + __GLXDRIscreen *screen = (__GLXDRIscreen *) __glXgetActiveScreen(scrn); return &screen->driScreen; } @@ -817,6 +819,30 @@ static const __DRIinterfaceMethods interface_methods = { static const char dri_driver_path[] = DRI_DRIVER_PATH; +static Bool +glxDRIEnterVT (int index, int flags) +{ + __GLXDRIscreen *screen = (__GLXDRIscreen *) __glXgetActiveScreen(index); + + LogMessage(X_INFO, "AIGLX: Resuming AIGLX clients after VT switch\n"); + + glxResumeClients(); + + return (*screen->enterVT) (index, flags); +} + +static void +glxDRILeaveVT (int index, int flags) +{ + __GLXDRIscreen *screen = (__GLXDRIscreen *) __glXgetActiveScreen(index); + + LogMessage(X_INFO, "AIGLX: Suspending AIGLX clients for VT switch\n"); + + glxSuspendClients(); + + return (*screen->leaveVT) (index, flags); +} + static __GLXscreen * __glXDRIscreenProbe(ScreenPtr pScreen) { @@ -842,6 +868,7 @@ __glXDRIscreenProbe(ScreenPtr pScreen) char filename[128]; Bool isCapable; size_t buffer_size; + ScrnInfoPtr pScrn = xf86Screens[pScreen->myNum]; if (!xf86LoaderCheckSymbol("DRIQueryDirectRenderingCapable")) { LogMessage(X_ERROR, "AIGLX: DRI module not loaded\n"); @@ -1029,6 +1056,11 @@ __glXDRIscreenProbe(ScreenPtr pScreen) __glXsetEnterLeaveServerFuncs(__glXDRIenterServer, __glXDRIleaveServer); + screen->enterVT = pScrn->EnterVT; + pScrn->EnterVT = glxDRIEnterVT; + screen->leaveVT = pScrn->LeaveVT; + pScrn->LeaveVT = glxDRILeaveVT; + LogMessage(X_INFO, "AIGLX: Loaded and initialized %s\n", filename); diff --git a/GL/glx/glxext.c b/GL/glx/glxext.c index fdb8ea262..11fb7fcaf 100644 --- a/GL/glx/glxext.c +++ b/GL/glx/glxext.c @@ -59,10 +59,7 @@ xGLXSingleReply __glXReply; ** A set of state for each client. The 0th one is unused because client ** indices start at 1, not 0. */ -__GLXclientState *__glXClients[MAXCLIENTS+1]; - - -static Bool inDispatch; +static __GLXclientState *__glXClients[MAXCLIENTS + 1]; /* ** Forward declarations. @@ -219,6 +216,10 @@ static Bool DrawableGone(__GLXdrawable *glxPriv, XID xid) return True; } +static __GLXcontext *glxPendingDestroyContexts; +static int glxServerLeaveCount; +static int glxBlockClients; + /* ** Free a context. */ @@ -236,13 +237,14 @@ GLboolean __glXFreeContext(__GLXcontext *cx) * __glXDispatch() or as a callback from the resource manager. In * the latter case we need to lift the DRI lock manually. */ - if (!inDispatch) - __glXleaveServer(); - - cx->destroy(cx); - - if (!inDispatch) - __glXenterServer(); + if (glxBlockClients) { + __glXleaveServer(); + cx->destroy(cx); + __glXenterServer(); + } else { + cx->next = glxPendingDestroyContexts; + glxPendingDestroyContexts = cx; + } return GL_TRUE; } @@ -338,7 +340,7 @@ void GlxExtensionInit(void) /* ** Initialize table of client state. There is never a client 0. */ - for (i=1; i <= MAXCLIENTS; i++) { + for (i = 1; i <= MAXCLIENTS; i++) { __glXClients[i] = 0; } @@ -409,11 +411,43 @@ __GLXcontext *__glXForceCurrent(__GLXclientState *cl, GLXContextTag tag, /************************************************************************/ -/* -** Top level dispatcher; all commands are executed from here down. -*/ +void glxSuspendClients(void) +{ + int i; -/* I cried when I wrote this. Damn you XAA! */ + for (i = 1; i <= MAXCLIENTS; i++) { + if (__glXClients[i] == NULL || !__glXClients[i]->inUse) + continue; + + IgnoreClient(__glXClients[i]->client); + } + + glxBlockClients = TRUE; +} + +void glxResumeClients(void) +{ + __GLXcontext *cx, *next; + int i; + + glxBlockClients = FALSE; + + for (i = 1; i <= MAXCLIENTS; i++) { + if (__glXClients[i] == NULL || !__glXClients[i]->inUse) + continue; + + AttendClient(__glXClients[i]->client); + } + + __glXleaveServer(); + for (cx = glxPendingDestroyContexts; cx != NULL; cx = next) { + next = cx->next; + + cx->destroy(cx); + } + glxPendingDestroyContexts = NULL; + __glXenterServer(); +} static void __glXnopEnterServer(void) @@ -438,14 +472,19 @@ void __glXsetEnterLeaveServerFuncs(void (*enter)(void), void __glXenterServer(void) { - (*__glXenterServerFunc)(); + glxServerLeaveCount--; + + if (glxServerLeaveCount == 0) + (*__glXenterServerFunc)(); } void __glXleaveServer(void) { - (*__glXleaveServerFunc)(); -} + if (glxServerLeaveCount == 0) + (*__glXleaveServerFunc)(); + glxServerLeaveCount++; +} /* ** Top level dispatcher; all commands are executed from here down. @@ -491,6 +530,15 @@ static int __glXDispatch(ClientPtr client) return __glXError(GLXBadLargeRequest); } + /* If we're currently blocking GLX clients, just put this guy to + * sleep, reset the request and return. */ + if (glxBlockClients) { + ResetCurrentRequest(client); + client->sequence--; + IgnoreClient(client); + return(client->noClientException); + } + /* ** Use the opcode to index into the procedure table. */ @@ -500,12 +548,8 @@ static int __glXDispatch(ClientPtr client) if (proc != NULL) { __glXleaveServer(); - inDispatch = True; - retval = (*proc)(cl, (GLbyte *) stuff); - inDispatch = False; - __glXenterServer(); } else { diff --git a/GL/glx/glxext.h b/GL/glx/glxext.h index d7082086b..edd66a8f0 100644 --- a/GL/glx/glxext.h +++ b/GL/glx/glxext.h @@ -71,9 +71,6 @@ extern void __glXClearErrorOccured(void); extern GLboolean __glXErrorOccured(void); extern void __glXResetLargeCommandStatus(__GLXclientState*); -extern int __glXQueryContextInfoEXT(__GLXclientState *cl, GLbyte *pc); -extern int __glXSwapQueryContextInfoEXT(__GLXclientState *cl, GLbyte *pc); - extern int DoMakeCurrent( __GLXclientState *cl, GLXDrawable drawId, GLXDrawable readId, GLXContextID contextId, GLXContextTag tag ); extern int DoGetVisualConfigs(__GLXclientState *cl, unsigned screen, @@ -93,8 +90,6 @@ extern int DoRenderLarge(__GLXclientState *cl, GLbyte *pc, int do_swap); extern void GlxExtensionInit(void); -extern Bool __glXCoreType(void); - extern const char GLServerVersion[]; extern int DoGetString(__GLXclientState *cl, GLbyte *pc, GLboolean need_swap); diff --git a/GL/glx/glxserver.h b/GL/glx/glxserver.h index a79520e4a..49cad7328 100644 --- a/GL/glx/glxserver.h +++ b/GL/glx/glxserver.h @@ -136,6 +136,9 @@ void __glXsetEnterLeaveServerFuncs(void (*enter)(void), void __glXenterServer(void); void __glXleaveServer(void); +void glxSuspendClients(void); +void glxResumeClients(void); + /* ** State kept per client. */ @@ -176,8 +179,6 @@ struct __GLXclientStateRec { char *GLClientextensions; }; -extern __GLXclientState *__glXClients[]; - /************************************************************************/ /* @@ -191,7 +192,6 @@ typedef int (*__GLXdispatchVendorPrivProcPtr)(__GLXclientState *, GLbyte *); * Dispatch for GLX commands. */ typedef int (*__GLXprocPtr)(__GLXclientState *, char *pc); -extern __GLXprocPtr __glXProcTable[]; /* * Tables for computing the size of each rendering command. @@ -252,6 +252,4 @@ extern int __glXImageSize(GLenum format, GLenum type, GLint imageHeight, GLint rowLength, GLint skipImages, GLint skipRows, GLint alignment); -extern int __glXDrawArraysReqSize(const GLbyte *pc, Bool swap); - #endif /* !__GLX_server_h__ */ diff --git a/GL/glx/glxutil.h b/GL/glx/glxutil.h index c30a1f9cd..1937ef2cf 100644 --- a/GL/glx/glxutil.h +++ b/GL/glx/glxutil.h @@ -40,36 +40,18 @@ ** */ -extern void __glXNop(void); - /* relate contexts with drawables */ extern void __glXAssociateContext(__GLXcontext *glxc); extern void __glXDeassociateContext(__GLXcontext *glxc); -/* drawable operation */ -extern void __glXGetDrawableSize(__GLdrawablePrivate *glPriv, - GLint *x, GLint *y, - GLuint *width, GLuint *height); -extern GLboolean __glXResizeDrawable(__GLdrawablePrivate *glPriv); -extern GLboolean __glXResizeDrawableBuffers(__GLXdrawable *glxPriv); - /* drawable management */ extern void __glXRefDrawable(__GLXdrawable *glxPriv); extern void __glXUnrefDrawable(__GLXdrawable *glxPriv); -extern __GLXdrawable *__glXCreateDrawable(__GLXscreen *screen, - DrawablePtr pDraw, XID drawId, - __GLcontextModes *modes); extern GLboolean __glXDrawableInit(__GLXdrawable *drawable, __GLXscreen *screen, DrawablePtr pDraw, XID drawID, __GLcontextModes *modes); -extern GLboolean __glXDestroyDrawable(__GLXdrawable *glxPriv); -extern __GLXdrawable *__glXFindDrawable(XID glxpixmapId); -extern __GLXdrawable *__glXGetDrawable(__GLXcontext *ctx, - DrawablePtr pDraw, - XID glxpixmapId); -extern void __glXCacheDrawableSize(__GLXdrawable *glxPriv); /* context helper routines */ extern __GLXcontext *__glXLookupContextByTag(__GLXclientState*, GLXContextTag); @@ -79,4 +61,3 @@ extern void *__glXglDDXScreenInfo(void); extern void *__glXglDDXExtensionInfo(void); #endif /* _glxcmds_h_ */ - diff --git a/GL/glx/indirect_table.c b/GL/glx/indirect_table.c index d13e4f8df..57712f4f5 100644 --- a/GL/glx/indirect_table.c +++ b/GL/glx/indirect_table.c @@ -1232,12 +1232,12 @@ const struct __glXDispatchInfo Render_dispatch_info = { /*****************************************************************/ /* tree depth = 13 */ -static const int_fast16_t VendorPriv_dispatch_tree[155] = { +static const int_fast16_t VendorPriv_dispatch_tree[158] = { /* [0] -> opcode range [0, 131072], node depth 1 */ 2, 5, EMPTY_LEAF, - 119, + 122, EMPTY_LEAF, /* [5] -> opcode range [0, 32768], node depth 2 */ @@ -1254,7 +1254,7 @@ static const int_fast16_t VendorPriv_dispatch_tree[155] = { 2, 16, EMPTY_LEAF, - 78, + 81, EMPTY_LEAF, /* [16] -> opcode range [0, 2048], node depth 5 */ @@ -1299,7 +1299,7 @@ static const int_fast16_t VendorPriv_dispatch_tree[155] = { 44, EMPTY_LEAF, 56, - 67, + 70, /* [44] -> opcode range [1024, 1152], node depth 7 */ 1, @@ -1327,164 +1327,169 @@ static const int_fast16_t VendorPriv_dispatch_tree[155] = { EMPTY_LEAF, /* [59] -> opcode range [1280, 1344], node depth 8 */ - 1, - 62, - EMPTY_LEAF, - - /* [62] -> opcode range [1280, 1312], node depth 9 */ 2, - EMPTY_LEAF, + 64, LEAF(16), - LEAF(24), + EMPTY_LEAF, + 67, + + /* [64] -> opcode range [1280, 1296], node depth 9 */ + 1, + EMPTY_LEAF, LEAF(32), - /* [67] -> opcode range [1408, 1536], node depth 7 */ + /* [67] -> opcode range [1328, 1344], node depth 9 */ 1, - 70, + LEAF(40), EMPTY_LEAF, - /* [70] -> opcode range [1408, 1472], node depth 8 */ + /* [70] -> opcode range [1408, 1536], node depth 7 */ 1, 73, EMPTY_LEAF, - /* [73] -> opcode range [1408, 1440], node depth 9 */ - 2, - EMPTY_LEAF, - LEAF(40), - LEAF(48), - EMPTY_LEAF, - - /* [78] -> opcode range [4096, 6144], node depth 5 */ - 2, - 83, - EMPTY_LEAF, - 101, - EMPTY_LEAF, - - /* [83] -> opcode range [4096, 4608], node depth 6 */ + /* [73] -> opcode range [1408, 1472], node depth 8 */ 1, + 76, + EMPTY_LEAF, + + /* [76] -> opcode range [1408, 1440], node depth 9 */ + 2, + EMPTY_LEAF, + LEAF(48), + LEAF(56), + EMPTY_LEAF, + + /* [81] -> opcode range [4096, 6144], node depth 5 */ + 2, 86, EMPTY_LEAF, + 104, + EMPTY_LEAF, - /* [86] -> opcode range [4096, 4352], node depth 7 */ + /* [86] -> opcode range [4096, 4608], node depth 6 */ 1, 89, EMPTY_LEAF, - /* [89] -> opcode range [4096, 4224], node depth 8 */ + /* [89] -> opcode range [4096, 4352], node depth 7 */ 1, 92, EMPTY_LEAF, - /* [92] -> opcode range [4096, 4160], node depth 9 */ + /* [92] -> opcode range [4096, 4224], node depth 8 */ 1, 95, EMPTY_LEAF, - /* [95] -> opcode range [4096, 4128], node depth 10 */ + /* [95] -> opcode range [4096, 4160], node depth 9 */ 1, 98, EMPTY_LEAF, - /* [98] -> opcode range [4096, 4112], node depth 11 */ + /* [98] -> opcode range [4096, 4128], node depth 10 */ 1, - LEAF(56), + 101, EMPTY_LEAF, - /* [101] -> opcode range [5120, 5632], node depth 6 */ - 1, - 104, - EMPTY_LEAF, - - /* [104] -> opcode range [5120, 5376], node depth 7 */ - 1, - 107, - EMPTY_LEAF, - - /* [107] -> opcode range [5120, 5248], node depth 8 */ - 1, - 110, - EMPTY_LEAF, - - /* [110] -> opcode range [5120, 5184], node depth 9 */ - 1, - EMPTY_LEAF, - 113, - - /* [113] -> opcode range [5152, 5184], node depth 10 */ - 1, - 116, - EMPTY_LEAF, - - /* [116] -> opcode range [5152, 5168], node depth 11 */ + /* [101] -> opcode range [4096, 4112], node depth 11 */ 1, LEAF(64), EMPTY_LEAF, - /* [119] -> opcode range [65536, 98304], node depth 2 */ + /* [104] -> opcode range [5120, 5632], node depth 6 */ 1, - 122, + 107, EMPTY_LEAF, - /* [122] -> opcode range [65536, 81920], node depth 3 */ + /* [107] -> opcode range [5120, 5376], node depth 7 */ 1, - 125, + 110, EMPTY_LEAF, - /* [125] -> opcode range [65536, 73728], node depth 4 */ + /* [110] -> opcode range [5120, 5248], node depth 8 */ 1, - 128, + 113, EMPTY_LEAF, - /* [128] -> opcode range [65536, 69632], node depth 5 */ + /* [113] -> opcode range [5120, 5184], node depth 9 */ 1, - 131, + EMPTY_LEAF, + 116, + + /* [116] -> opcode range [5152, 5184], node depth 10 */ + 1, + 119, EMPTY_LEAF, - /* [131] -> opcode range [65536, 67584], node depth 6 */ - 1, - 134, - EMPTY_LEAF, - - /* [134] -> opcode range [65536, 66560], node depth 7 */ - 1, - 137, - EMPTY_LEAF, - - /* [137] -> opcode range [65536, 66048], node depth 8 */ - 1, - 140, - EMPTY_LEAF, - - /* [140] -> opcode range [65536, 65792], node depth 9 */ - 1, - 143, - EMPTY_LEAF, - - /* [143] -> opcode range [65536, 65664], node depth 10 */ - 1, - 146, - EMPTY_LEAF, - - /* [146] -> opcode range [65536, 65600], node depth 11 */ - 1, - 149, - EMPTY_LEAF, - - /* [149] -> opcode range [65536, 65568], node depth 12 */ - 1, - 152, - EMPTY_LEAF, - - /* [152] -> opcode range [65536, 65552], node depth 13 */ + /* [119] -> opcode range [5152, 5168], node depth 11 */ 1, LEAF(72), EMPTY_LEAF, + /* [122] -> opcode range [65536, 98304], node depth 2 */ + 1, + 125, + EMPTY_LEAF, + + /* [125] -> opcode range [65536, 81920], node depth 3 */ + 1, + 128, + EMPTY_LEAF, + + /* [128] -> opcode range [65536, 73728], node depth 4 */ + 1, + 131, + EMPTY_LEAF, + + /* [131] -> opcode range [65536, 69632], node depth 5 */ + 1, + 134, + EMPTY_LEAF, + + /* [134] -> opcode range [65536, 67584], node depth 6 */ + 1, + 137, + EMPTY_LEAF, + + /* [137] -> opcode range [65536, 66560], node depth 7 */ + 1, + 140, + EMPTY_LEAF, + + /* [140] -> opcode range [65536, 66048], node depth 8 */ + 1, + 143, + EMPTY_LEAF, + + /* [143] -> opcode range [65536, 65792], node depth 9 */ + 1, + 146, + EMPTY_LEAF, + + /* [146] -> opcode range [65536, 65664], node depth 10 */ + 1, + 149, + EMPTY_LEAF, + + /* [149] -> opcode range [65536, 65600], node depth 11 */ + 1, + 152, + EMPTY_LEAF, + + /* [152] -> opcode range [65536, 65568], node depth 12 */ + 1, + 155, + EMPTY_LEAF, + + /* [155] -> opcode range [65536, 65552], node depth 13 */ + 1, + LEAF(80), + EMPTY_LEAF, + }; -static const void *VendorPriv_function_table[80][2] = { +static const void *VendorPriv_function_table[88][2] = { /* [ 0] = 8 */ {NULL, NULL}, /* [ 1] = 9 */ {NULL, NULL}, /* [ 2] = 10 */ {NULL, NULL}, @@ -1501,70 +1506,78 @@ static const void *VendorPriv_function_table[80][2] = { /* [ 13] = 1029 */ {NULL, NULL}, /* [ 14] = 1030 */ {NULL, NULL}, /* [ 15] = 1031 */ {NULL, NULL}, - /* [ 16] = 1288 */ {NULL, NULL}, - /* [ 17] = 1289 */ {NULL, NULL}, - /* [ 18] = 1290 */ {NULL, NULL}, - /* [ 19] = 1291 */ {NULL, NULL}, - /* [ 20] = 1292 */ {NULL, NULL}, - /* [ 21] = 1293 */ {__glXDisp_AreProgramsResidentNV, __glXDispSwap_AreProgramsResidentNV}, - /* [ 22] = 1294 */ {__glXDisp_DeleteProgramsNV, __glXDispSwap_DeleteProgramsNV}, - /* [ 23] = 1295 */ {__glXDisp_GenProgramsNV, __glXDispSwap_GenProgramsNV}, - /* [ 24] = 1296 */ {__glXDisp_GetProgramEnvParameterfvARB, __glXDispSwap_GetProgramEnvParameterfvARB}, - /* [ 25] = 1297 */ {__glXDisp_GetProgramEnvParameterdvARB, __glXDispSwap_GetProgramEnvParameterdvARB}, - /* [ 26] = 1298 */ {__glXDisp_GetProgramivNV, __glXDispSwap_GetProgramivNV}, - /* [ 27] = 1299 */ {__glXDisp_GetProgramStringNV, __glXDispSwap_GetProgramStringNV}, - /* [ 28] = 1300 */ {__glXDisp_GetTrackMatrixivNV, __glXDispSwap_GetTrackMatrixivNV}, - /* [ 29] = 1301 */ {__glXDisp_GetVertexAttribdvARB, __glXDispSwap_GetVertexAttribdvARB}, - /* [ 30] = 1302 */ {__glXDisp_GetVertexAttribfvNV, __glXDispSwap_GetVertexAttribfvNV}, - /* [ 31] = 1303 */ {__glXDisp_GetVertexAttribivNV, __glXDispSwap_GetVertexAttribivNV}, - /* [ 32] = 1304 */ {__glXDisp_IsProgramNV, __glXDispSwap_IsProgramNV}, - /* [ 33] = 1305 */ {__glXDisp_GetProgramLocalParameterfvARB, __glXDispSwap_GetProgramLocalParameterfvARB}, - /* [ 34] = 1306 */ {__glXDisp_GetProgramLocalParameterdvARB, __glXDispSwap_GetProgramLocalParameterdvARB}, - /* [ 35] = 1307 */ {__glXDisp_GetProgramivARB, __glXDispSwap_GetProgramivARB}, - /* [ 36] = 1308 */ {__glXDisp_GetProgramStringARB, __glXDispSwap_GetProgramStringARB}, - /* [ 37] = 1309 */ {NULL, NULL}, - /* [ 38] = 1310 */ {__glXDisp_GetProgramNamedParameterfvNV, __glXDispSwap_GetProgramNamedParameterfvNV}, - /* [ 39] = 1311 */ {__glXDisp_GetProgramNamedParameterdvNV, __glXDispSwap_GetProgramNamedParameterdvNV}, - /* [ 40] = 1416 */ {NULL, NULL}, - /* [ 41] = 1417 */ {NULL, NULL}, - /* [ 42] = 1418 */ {NULL, NULL}, - /* [ 43] = 1419 */ {NULL, NULL}, - /* [ 44] = 1420 */ {NULL, NULL}, - /* [ 45] = 1421 */ {NULL, NULL}, - /* [ 46] = 1422 */ {__glXDisp_IsRenderbufferEXT, __glXDispSwap_IsRenderbufferEXT}, - /* [ 47] = 1423 */ {__glXDisp_GenRenderbuffersEXT, __glXDispSwap_GenRenderbuffersEXT}, - /* [ 48] = 1424 */ {__glXDisp_GetRenderbufferParameterivEXT, __glXDispSwap_GetRenderbufferParameterivEXT}, - /* [ 49] = 1425 */ {__glXDisp_IsFramebufferEXT, __glXDispSwap_IsFramebufferEXT}, - /* [ 50] = 1426 */ {__glXDisp_GenFramebuffersEXT, __glXDispSwap_GenFramebuffersEXT}, - /* [ 51] = 1427 */ {__glXDisp_CheckFramebufferStatusEXT, __glXDispSwap_CheckFramebufferStatusEXT}, - /* [ 52] = 1428 */ {__glXDisp_GetFramebufferAttachmentParameterivEXT, __glXDispSwap_GetFramebufferAttachmentParameterivEXT}, - /* [ 53] = 1429 */ {NULL, NULL}, - /* [ 54] = 1430 */ {NULL, NULL}, - /* [ 55] = 1431 */ {NULL, NULL}, - /* [ 56] = 4096 */ {NULL, NULL}, - /* [ 57] = 4097 */ {NULL, NULL}, - /* [ 58] = 4098 */ {__glXDisp_GetColorTableSGI, __glXDispSwap_GetColorTableSGI}, - /* [ 59] = 4099 */ {__glXDisp_GetColorTableParameterfvSGI, __glXDispSwap_GetColorTableParameterfvSGI}, - /* [ 60] = 4100 */ {__glXDisp_GetColorTableParameterivSGI, __glXDispSwap_GetColorTableParameterivSGI}, - /* [ 61] = 4101 */ {NULL, NULL}, - /* [ 62] = 4102 */ {NULL, NULL}, - /* [ 63] = 4103 */ {NULL, NULL}, - /* [ 64] = 5152 */ {__glXDisp_BindTexImageEXT, __glXDispSwap_BindTexImageEXT}, - /* [ 65] = 5153 */ {__glXDisp_ReleaseTexImageEXT, __glXDispSwap_ReleaseTexImageEXT}, - /* [ 66] = 5154 */ {__glXDisp_CopySubBufferMESA, __glXDispSwap_CopySubBufferMESA}, - /* [ 67] = 5155 */ {NULL, NULL}, - /* [ 68] = 5156 */ {NULL, NULL}, - /* [ 69] = 5157 */ {NULL, NULL}, - /* [ 70] = 5158 */ {NULL, NULL}, - /* [ 71] = 5159 */ {NULL, NULL}, - /* [ 72] = 65536 */ {__glXDisp_SwapIntervalSGI, __glXDispSwap_SwapIntervalSGI}, - /* [ 73] = 65537 */ {__glXDisp_MakeCurrentReadSGI, __glXDispSwap_MakeCurrentReadSGI}, - /* [ 74] = 65538 */ {NULL, NULL}, - /* [ 75] = 65539 */ {NULL, NULL}, - /* [ 76] = 65540 */ {__glXDisp_GetFBConfigsSGIX, __glXDispSwap_GetFBConfigsSGIX}, - /* [ 77] = 65541 */ {__glXDisp_CreateContextWithConfigSGIX, __glXDispSwap_CreateContextWithConfigSGIX}, - /* [ 78] = 65542 */ {__glXDisp_CreateGLXPixmapWithConfigSGIX, __glXDispSwap_CreateGLXPixmapWithConfigSGIX}, - /* [ 79] = 65543 */ {NULL, NULL}, + /* [ 16] = 1296 */ {__glXDisp_GetProgramEnvParameterfvARB, __glXDispSwap_GetProgramEnvParameterfvARB}, + /* [ 17] = 1297 */ {__glXDisp_GetProgramEnvParameterdvARB, __glXDispSwap_GetProgramEnvParameterdvARB}, + /* [ 18] = 1298 */ {__glXDisp_GetProgramivNV, __glXDispSwap_GetProgramivNV}, + /* [ 19] = 1299 */ {__glXDisp_GetProgramStringNV, __glXDispSwap_GetProgramStringNV}, + /* [ 20] = 1300 */ {__glXDisp_GetTrackMatrixivNV, __glXDispSwap_GetTrackMatrixivNV}, + /* [ 21] = 1301 */ {__glXDisp_GetVertexAttribdvARB, __glXDispSwap_GetVertexAttribdvARB}, + /* [ 22] = 1302 */ {__glXDisp_GetVertexAttribfvNV, __glXDispSwap_GetVertexAttribfvNV}, + /* [ 23] = 1303 */ {__glXDisp_GetVertexAttribivNV, __glXDispSwap_GetVertexAttribivNV}, + /* [ 24] = 1304 */ {__glXDisp_IsProgramNV, __glXDispSwap_IsProgramNV}, + /* [ 25] = 1305 */ {__glXDisp_GetProgramLocalParameterfvARB, __glXDispSwap_GetProgramLocalParameterfvARB}, + /* [ 26] = 1306 */ {__glXDisp_GetProgramLocalParameterdvARB, __glXDispSwap_GetProgramLocalParameterdvARB}, + /* [ 27] = 1307 */ {__glXDisp_GetProgramivARB, __glXDispSwap_GetProgramivARB}, + /* [ 28] = 1308 */ {__glXDisp_GetProgramStringARB, __glXDispSwap_GetProgramStringARB}, + /* [ 29] = 1309 */ {NULL, NULL}, + /* [ 30] = 1310 */ {__glXDisp_GetProgramNamedParameterfvNV, __glXDispSwap_GetProgramNamedParameterfvNV}, + /* [ 31] = 1311 */ {__glXDisp_GetProgramNamedParameterdvNV, __glXDispSwap_GetProgramNamedParameterdvNV}, + /* [ 32] = 1288 */ {NULL, NULL}, + /* [ 33] = 1289 */ {NULL, NULL}, + /* [ 34] = 1290 */ {NULL, NULL}, + /* [ 35] = 1291 */ {NULL, NULL}, + /* [ 36] = 1292 */ {NULL, NULL}, + /* [ 37] = 1293 */ {__glXDisp_AreProgramsResidentNV, __glXDispSwap_AreProgramsResidentNV}, + /* [ 38] = 1294 */ {__glXDisp_DeleteProgramsNV, __glXDispSwap_DeleteProgramsNV}, + /* [ 39] = 1295 */ {__glXDisp_GenProgramsNV, __glXDispSwap_GenProgramsNV}, + /* [ 40] = 1328 */ {NULL, NULL}, + /* [ 41] = 1329 */ {NULL, NULL}, + /* [ 42] = 1330 */ {__glXDisp_BindTexImageEXT, __glXDispSwap_BindTexImageEXT}, + /* [ 43] = 1331 */ {__glXDisp_ReleaseTexImageEXT, __glXDispSwap_ReleaseTexImageEXT}, + /* [ 44] = 1332 */ {NULL, NULL}, + /* [ 45] = 1333 */ {NULL, NULL}, + /* [ 46] = 1334 */ {NULL, NULL}, + /* [ 47] = 1335 */ {NULL, NULL}, + /* [ 48] = 1416 */ {NULL, NULL}, + /* [ 49] = 1417 */ {NULL, NULL}, + /* [ 50] = 1418 */ {NULL, NULL}, + /* [ 51] = 1419 */ {NULL, NULL}, + /* [ 52] = 1420 */ {NULL, NULL}, + /* [ 53] = 1421 */ {NULL, NULL}, + /* [ 54] = 1422 */ {__glXDisp_IsRenderbufferEXT, __glXDispSwap_IsRenderbufferEXT}, + /* [ 55] = 1423 */ {__glXDisp_GenRenderbuffersEXT, __glXDispSwap_GenRenderbuffersEXT}, + /* [ 56] = 1424 */ {__glXDisp_GetRenderbufferParameterivEXT, __glXDispSwap_GetRenderbufferParameterivEXT}, + /* [ 57] = 1425 */ {__glXDisp_IsFramebufferEXT, __glXDispSwap_IsFramebufferEXT}, + /* [ 58] = 1426 */ {__glXDisp_GenFramebuffersEXT, __glXDispSwap_GenFramebuffersEXT}, + /* [ 59] = 1427 */ {__glXDisp_CheckFramebufferStatusEXT, __glXDispSwap_CheckFramebufferStatusEXT}, + /* [ 60] = 1428 */ {__glXDisp_GetFramebufferAttachmentParameterivEXT, __glXDispSwap_GetFramebufferAttachmentParameterivEXT}, + /* [ 61] = 1429 */ {NULL, NULL}, + /* [ 62] = 1430 */ {NULL, NULL}, + /* [ 63] = 1431 */ {NULL, NULL}, + /* [ 64] = 4096 */ {NULL, NULL}, + /* [ 65] = 4097 */ {NULL, NULL}, + /* [ 66] = 4098 */ {__glXDisp_GetColorTableSGI, __glXDispSwap_GetColorTableSGI}, + /* [ 67] = 4099 */ {__glXDisp_GetColorTableParameterfvSGI, __glXDispSwap_GetColorTableParameterfvSGI}, + /* [ 68] = 4100 */ {__glXDisp_GetColorTableParameterivSGI, __glXDispSwap_GetColorTableParameterivSGI}, + /* [ 69] = 4101 */ {NULL, NULL}, + /* [ 70] = 4102 */ {NULL, NULL}, + /* [ 71] = 4103 */ {NULL, NULL}, + /* [ 72] = 5152 */ {NULL, NULL}, + /* [ 73] = 5153 */ {NULL, NULL}, + /* [ 74] = 5154 */ {__glXDisp_CopySubBufferMESA, __glXDispSwap_CopySubBufferMESA}, + /* [ 75] = 5155 */ {NULL, NULL}, + /* [ 76] = 5156 */ {NULL, NULL}, + /* [ 77] = 5157 */ {NULL, NULL}, + /* [ 78] = 5158 */ {NULL, NULL}, + /* [ 79] = 5159 */ {NULL, NULL}, + /* [ 80] = 65536 */ {__glXDisp_SwapIntervalSGI, __glXDispSwap_SwapIntervalSGI}, + /* [ 81] = 65537 */ {__glXDisp_MakeCurrentReadSGI, __glXDispSwap_MakeCurrentReadSGI}, + /* [ 82] = 65538 */ {NULL, NULL}, + /* [ 83] = 65539 */ {NULL, NULL}, + /* [ 84] = 65540 */ {__glXDisp_GetFBConfigsSGIX, __glXDispSwap_GetFBConfigsSGIX}, + /* [ 85] = 65541 */ {__glXDisp_CreateContextWithConfigSGIX, __glXDispSwap_CreateContextWithConfigSGIX}, + /* [ 86] = 65542 */ {__glXDisp_CreateGLXPixmapWithConfigSGIX, __glXDispSwap_CreateGLXPixmapWithConfigSGIX}, + /* [ 87] = 65543 */ {NULL, NULL}, }; const struct __glXDispatchInfo VendorPriv_dispatch_info = { diff --git a/Xext/Makefile.am b/Xext/Makefile.am index 3a48109bc..6ea3d7445 100644 --- a/Xext/Makefile.am +++ b/Xext/Makefile.am @@ -33,6 +33,10 @@ MODULE_SRCS = \ sync.c \ xcmisc.c +# Extra configuration files ship with some extensions +SERVERCONFIGdir = $(libdir)/xserver +SERVERCONFIG_DATA = + # Optional sources included if extension enabled by configure.ac rules # MIT Shared Memory extension @@ -65,13 +69,19 @@ if XINERAMA BUILTIN_SRCS += $(XINERAMA_SRCS) endif +# X-ACE extension: provides hooks for building security policy extensions +# like XC-Security, X-SELinux & XTSol +XACE_SRCS = xace.c xace.h xacestr.h +if XACE +BUILTIN_SRCS += $(XACE_SRCS) +endif + # Security extension: multi-level security to protect clients from each other XCSECURITY_SRCS = security.c securitysrv.h if XCSECURITY BUILTIN_SRCS += $(XCSECURITY_SRCS) -SERVERCONFIGdir = $(libdir)/xserver -SERVERCONFIG_DATA = SecurityPolicy +SERVERCONFIG_DATA += SecurityPolicy AM_CFLAGS += -DDEFAULTPOLICYFILE=\"$(SERVERCONFIGdir)/SecurityPolicy\" endif @@ -150,11 +160,12 @@ libXextmodule_la_SOURCES = $(MODULE_SRCS) endif EXTRA_DIST = \ - SecurityPolicy \ + $(SERVERCONFIG_DATA) \ $(MITSHM_SRCS) \ $(XV_SRCS) \ $(RES_SRCS) \ $(SCREENSAVER_SRCS) \ + $(XACE_SRCS) \ $(XCSECURITY_SRCS) \ $(XCALIBRATE_SRCS) \ $(XINERAMA_SRCS) \ diff --git a/Xext/appgroup.c b/Xext/appgroup.c index b047945c0..650dc0ab8 100644 --- a/Xext/appgroup.c +++ b/Xext/appgroup.c @@ -41,6 +41,7 @@ from The Open Group. #include "servermd.h" #define _XAG_SERVER_ #include +#include "xacestr.h" #include "securitysrv.h" #include @@ -121,62 +122,11 @@ void XagClientStateChange( pointer nulldata, pointer calldata) { - SecurityAuthorizationPtr pAuth; NewClientInfoRec* pci = (NewClientInfoRec*) calldata; ClientPtr pClient = pci->client; - AppGroupPtr pAppGrp; - XID authId = 0; + AppGroupPtr pAppGrp = pClient->appgroup; int slot; - if (!pClient->appgroup) { - switch (pClient->clientState) { - - case ClientStateAuthenticating: - case ClientStateRunning: - case ClientStateCheckingSecurity: - return; - - case ClientStateInitial: - case ClientStateCheckedSecurity: - /* - * If the client is connecting via a firewall proxy (which - * uses XC-QUERY-SECURITY-1, then the authId is available - * during ClientStateCheckedSecurity, otherwise it's - * available during ClientStateInitial. - * - * Don't get it from pClient because can't guarantee the order - * of the callbacks and the security extension might not have - * plugged it in yet. - */ - authId = AuthorizationIDOfClient(pClient); - break; - - case ClientStateGone: - case ClientStateRetained: - /* - * Don't get if from AuthorizationIDOfClient because can't - * guarantee the order of the callbacks and the security - * extension may have torn down the client's private data - */ - authId = pClient->authId; - break; - } - - if (authId == None) - return; - - pAuth = (SecurityAuthorizationPtr)SecurityLookupIDByType(pClient, - authId, SecurityAuthorizationResType, SecurityReadAccess); - - if (pAuth == NULL) - return; - - for (pAppGrp = appGrpList; pAppGrp != NULL; pAppGrp = pAppGrp->next) - if (pAppGrp->appgroupId == pAuth->group) break; - } else { - pAppGrp = pClient->appgroup; - } - if (!pAppGrp) return; @@ -233,6 +183,7 @@ XagExtensionInit(INITARGS) XagResetProc, StandardMinorOpcode)) { RT_APPGROUP = CreateNewResourceType (XagAppGroupFree); + XaceRegisterCallback(XACE_AUTH_AVAIL, XagCallClientStateChange, NULL); } } @@ -799,12 +750,33 @@ void XagGetDeltaInfo( } void XagCallClientStateChange( - ClientPtr client) + CallbackListPtr *pcbl, + pointer nulldata, + pointer calldata) { - if (appGrpList) { + XaceAuthAvailRec* rec = (XaceAuthAvailRec*) calldata; + ClientPtr pClient = rec->client; + + if (!pClient->appgroup) { + SecurityAuthorizationPtr pAuth; + XID authId = rec->authId; + + /* can't use SecurityLookupIDByType here -- client + * security state hasn't been setup yet. + */ + pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId, + SecurityAuthorizationResType); + if (!pAuth) + return; + + pClient->appgroup = (AppGroupPtr)LookupIDByType(pAuth->group, + RT_APPGROUP); + } + + if (pClient->appgroup) { NewClientInfoRec clientinfo; - clientinfo.client = client; + clientinfo.client = pClient; XagClientStateChange (NULL, NULL, (pointer)&clientinfo); } } diff --git a/Xext/appgroup.h b/Xext/appgroup.h index 39087fe8e..a875068fc 100644 --- a/Xext/appgroup.h +++ b/Xext/appgroup.h @@ -51,7 +51,9 @@ extern ClientPtr XagLeader( ); extern void XagCallClientStateChange( - ClientPtr /* client */ + CallbackListPtr * /* pcbl */, + pointer /* nulldata */, + pointer /* calldata */ ); extern Bool XagIsControlledRoot ( diff --git a/Xext/fontcache.c b/Xext/fontcache.c index 00a45c90e..db0348144 100644 --- a/Xext/fontcache.c +++ b/Xext/fontcache.c @@ -45,8 +45,8 @@ #include "inputstr.h" #include "servermd.h" #define _FONTCACHE_SERVER_ -#include "fontcacheP.h" -#include "fontcachstr.h" +#include +#include #include #include "swaprep.h" diff --git a/Xext/security.c b/Xext/security.c index 4684d783b..54a2b3e3f 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -36,6 +36,7 @@ in this Software without prior written authorization from The Open Group. #include "gcstruct.h" #include "colormapst.h" #include "propertyst.h" +#include "xacestr.h" #include "securitysrv.h" #include #include @@ -58,6 +59,23 @@ in this Software without prior written authorization from The Open Group. static int SecurityErrorBase; /* first Security error number */ static int SecurityEventBase; /* first Security event number */ +static int securityClientPrivateIndex; +static int securityExtnsnPrivateIndex; + +/* this is what we store as client security state */ +typedef struct { + unsigned int trustLevel; + XID authId; +} SecurityClientStateRec; + +#define STATEVAL(extnsn) \ + ((extnsn)->devPrivates[securityExtnsnPrivateIndex].val) +#define STATEPTR(client) \ + ((client)->devPrivates[securityClientPrivateIndex].ptr) +#define TRUSTLEVEL(client) \ + (((SecurityClientStateRec*)STATEPTR(client))->trustLevel) +#define AUTHID(client) \ + (((SecurityClientStateRec*)STATEPTR(client))->authId) CallbackListPtr SecurityValidateGroupCallback = NULL; /* see security.h */ @@ -65,19 +83,8 @@ RESTYPE SecurityAuthorizationResType; /* resource type for authorizations */ static RESTYPE RTEventClient; -/* Proc vectors for untrusted clients, swapped and unswapped versions. - * These are the same as the normal proc vectors except that extensions - * that haven't declared themselves secure will have ProcBadRequest plugged - * in for their major opcode dispatcher. This prevents untrusted clients - * from guessing extension major opcodes and using the extension even though - * the extension can't be listed or queried. - */ -int (*UntrustedProcVector[256])( - ClientPtr /*client*/ -); -int (*SwappedUntrustedProcVector[256])( - ClientPtr /*client*/ -); +#define CALLBACK(name) static void \ +name(CallbackListPtr *pcbl, pointer nulldata, pointer calldata) /* SecurityAudit * @@ -91,7 +98,7 @@ int (*SwappedUntrustedProcVector[256])( * Writes the message to the log file if security logging is on. */ -void +static void SecurityAudit(char *format, ...) { va_list args; @@ -164,7 +171,7 @@ SecurityDeleteAuthorization( for (i = 1; iauthId == pAuth->id)) + if (clients[i] && (AUTHID(clients[i]) == pAuth->id)) CloseDownClient(clients[i]); } @@ -318,7 +325,7 @@ ProcSecurityQueryVersion( /* paranoia: this "can't happen" because this extension is hidden * from untrusted clients, but just in case... */ - if (client->trustLevel != XSecurityClientTrusted) + if (TRUSTLEVEL(client) != XSecurityClientTrusted) return BadRequest; REQUEST_SIZE_MATCH(xSecurityQueryVersionReq); @@ -404,7 +411,7 @@ ProcSecurityGenerateAuthorization( /* paranoia: this "can't happen" because this extension is hidden * from untrusted clients, but just in case... */ - if (client->trustLevel != XSecurityClientTrusted) + if (TRUSTLEVEL(client) != XSecurityClientTrusted) return BadRequest; /* check request length */ @@ -587,7 +594,7 @@ ProcSecurityRevokeAuthorization( /* paranoia: this "can't happen" because this extension is hidden * from untrusted clients, but just in case... */ - if (client->trustLevel != XSecurityClientTrusted) + if (TRUSTLEVEL(client) != XSecurityClientTrusted) return BadRequest; REQUEST_SIZE_MATCH(xSecurityRevokeAuthorizationReq); @@ -772,12 +779,12 @@ SecurityDetermineEventPropogationLimits( * An audit message is generated if access is denied. */ -Bool -SecurityCheckDeviceAccess(client, dev, fromRequest) - ClientPtr client; - DeviceIntPtr dev; - Bool fromRequest; +CALLBACK(SecurityCheckDeviceAccess) { + XaceDeviceAccessRec *rec = (XaceDeviceAccessRec*)calldata; + ClientPtr client = rec->client; + DeviceIntPtr dev = rec->dev; + Bool fromRequest = rec->fromRequest; WindowPtr pWin, pStopWin; Bool untrusted_got_event; Bool found_event_window; @@ -785,12 +792,12 @@ SecurityCheckDeviceAccess(client, dev, fromRequest) int reqtype = 0; /* trusted clients always allowed to do anything */ - if (client->trustLevel == XSecurityClientTrusted) - return TRUE; + if (TRUSTLEVEL(client) == XSecurityClientTrusted) + return; /* device security other than keyboard is not implemented yet */ if (dev != inputInfo.keyboard) - return TRUE; + return; /* some untrusted client wants access */ @@ -805,7 +812,8 @@ SecurityCheckDeviceAccess(client, dev, fromRequest) case X_SetModifierMapping: SecurityAudit("client %d attempted request %d\n", client->index, reqtype); - return FALSE; + rec->rval = FALSE; + return; default: break; } @@ -817,7 +825,7 @@ SecurityCheckDeviceAccess(client, dev, fromRequest) if (dev->grab) { untrusted_got_event = - ((rClient(dev->grab))->trustLevel != XSecurityClientTrusted); + (TRUSTLEVEL(rClient(dev->grab)) != XSecurityClientTrusted); } else { @@ -832,7 +840,7 @@ SecurityCheckDeviceAccess(client, dev, fromRequest) { found_event_window = TRUE; client = wClient(pWin); - if (client->trustLevel != XSecurityClientTrusted) + if (TRUSTLEVEL(client) != XSecurityClientTrusted) { untrusted_got_event = TRUE; } @@ -845,7 +853,7 @@ SecurityCheckDeviceAccess(client, dev, fromRequest) if (other->mask & eventmask) { client = rClient(other); - if (client->trustLevel != XSecurityClientTrusted) + if (TRUSTLEVEL(client) != XSecurityClientTrusted) { untrusted_got_event = TRUE; break; @@ -873,8 +881,9 @@ SecurityCheckDeviceAccess(client, dev, fromRequest) else SecurityAudit("client %d attempted to access device %d (%s)\n", client->index, dev->id, devname); + rec->rval = FALSE; } - return untrusted_got_event; + return; } /* SecurityCheckDeviceAccess */ @@ -946,20 +955,22 @@ SecurityAuditResourceIDAccess( * Disallowed resource accesses are audited. */ -static pointer -SecurityCheckResourceIDAccess( - ClientPtr client, - XID id, - RESTYPE rtype, - Mask access_mode, - pointer rval) +CALLBACK(SecurityCheckResourceIDAccess) { - int cid = CLIENT_ID(id); - int reqtype = ((xReq *)client->requestBuffer)->reqType; + XaceResourceAccessRec *rec = (XaceResourceAccessRec*)calldata; + ClientPtr client = rec->client; + XID id = rec->id; + RESTYPE rtype = rec->rtype; + Mask access_mode = rec->access_mode; + pointer rval = rec->res; + int cid, reqtype; - if (SecurityUnknownAccess == access_mode) - return rval; /* for compatibility, we have to allow access */ + if (TRUSTLEVEL(client) == XSecurityClientTrusted || + SecurityUnknownAccess == access_mode) + return; /* for compatibility, we have to allow access */ + cid = CLIENT_ID(id); + reqtype = ((xReq *)client->requestBuffer)->reqType; switch (reqtype) { /* these are always allowed */ case X_QueryTree: @@ -971,7 +982,7 @@ SecurityCheckResourceIDAccess( case X_DeleteProperty: case X_RotateProperties: case X_ListProperties: - return rval; + return; default: break; } @@ -991,15 +1002,15 @@ SecurityCheckResourceIDAccess( * competing alternative for grouping clients for security purposes is to * use app groups. dpw */ - if (client->trustLevel == clients[cid]->trustLevel + if (TRUSTLEVEL(client) == TRUSTLEVEL(clients[cid]) #ifdef XAPPGROUP || (RT_COLORMAP == rtype && XagDefaultColormap (client) == (Colormap) id) #endif ) - return rval; + return; else - return SecurityAuditResourceIDAccess(client, id); + goto deny; } else /* server-owned resource - probably a default colormap or root window */ { @@ -1035,7 +1046,7 @@ SecurityCheckResourceIDAccess( ) ) { /* not an ICCCM event */ - return SecurityAuditResourceIDAccess(client, id); + goto deny; } break; } /* case X_SendEvent on root */ @@ -1053,28 +1064,31 @@ SecurityCheckResourceIDAccess( ~(PropertyChangeMask|StructureNotifyMask)) == 0) break; } - return SecurityAuditResourceIDAccess(client, id); + goto deny; } /* case X_ChangeWindowAttributes on root */ default: { /* others not allowed */ - return SecurityAuditResourceIDAccess(client, id); + goto deny; } } } /* end server-owned window or drawable */ else if (SecurityAuthorizationResType == rtype) { SecurityAuthorizationPtr pAuth = (SecurityAuthorizationPtr)rval; - if (pAuth->trustLevel != client->trustLevel) - return SecurityAuditResourceIDAccess(client, id); + if (pAuth->trustLevel != TRUSTLEVEL(client)) + goto deny; } else if (RT_COLORMAP != rtype) { /* don't allow anything else besides colormaps */ - return SecurityAuditResourceIDAccess(client, id); + goto deny; } } - return rval; + return; + deny: + SecurityAuditResourceIDAccess(client, id); + rec->rval = FALSE; /* deny access */ } /* SecurityCheckResourceIDAccess */ @@ -1093,30 +1107,32 @@ SecurityCheckResourceIDAccess( * If a new client is connecting, its authorization ID is copied to * client->authID. If this is a generated authorization, its reference * count is bumped, its timer is cancelled if it was running, and its - * trustlevel is copied to client->trustLevel. + * trustlevel is copied to TRUSTLEVEL(client). * * If a client is disconnecting and the client was using a generated * authorization, the authorization's reference count is decremented, and * if it is now zero, the timer for this authorization is started. */ -static void -SecurityClientStateCallback( - CallbackListPtr *pcbl, - pointer nulldata, - pointer calldata) +CALLBACK(SecurityClientStateCallback) { NewClientInfoRec *pci = (NewClientInfoRec *)calldata; ClientPtr client = pci->client; switch (client->clientState) { + case ClientStateInitial: + TRUSTLEVEL(serverClient) = XSecurityClientTrusted; + AUTHID(serverClient) = None; + break; + case ClientStateRunning: { XID authId = AuthorizationIDOfClient(client); SecurityAuthorizationPtr pAuth; - client->authId = authId; + TRUSTLEVEL(client) = XSecurityClientTrusted; + AUTHID(client) = authId; pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId, SecurityAuthorizationResType); if (pAuth) @@ -1126,23 +1142,20 @@ SecurityClientStateCallback( { if (pAuth->timer) TimerCancel(pAuth->timer); } - client->trustLevel = pAuth->trustLevel; - if (client->trustLevel != XSecurityClientTrusted) - { - client->CheckAccess = SecurityCheckResourceIDAccess; - client->requestVector = client->swapped ? - SwappedUntrustedProcVector : UntrustedProcVector; - } + TRUSTLEVEL(client) = pAuth->trustLevel; } break; } case ClientStateGone: case ClientStateRetained: /* client disconnected */ { - XID authId = client->authId; SecurityAuthorizationPtr pAuth; - pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId, + /* client may not have any state (bad authorization) */ + if (!STATEPTR(client)) + break; + + pAuth = (SecurityAuthorizationPtr)LookupIDByType(AUTHID(client), SecurityAuthorizationResType); if (pAuth) { /* it is a generated authorization */ @@ -1158,124 +1171,68 @@ SecurityClientStateCallback( } } /* SecurityClientStateCallback */ -/* SecurityCensorImage - * - * Called after pScreen->GetImage to prevent pieces or trusted windows from - * being returned in image data from an untrusted window. - * - * Arguments: - * client is the client doing the GetImage. - * pVisibleRegion is the visible region of the window. - * widthBytesLine is the width in bytes of one horizontal line in pBuf. - * pDraw is the source window. - * x, y, w, h is the rectangle of image data from pDraw in pBuf. - * format is the format of the image data in pBuf: ZPixmap or XYPixmap. - * pBuf is the image data. - * - * Returns: nothing. - * - * Side Effects: - * Any part of the rectangle (x, y, w, h) that is outside the visible - * region of the window will be destroyed (overwritten) in pBuf. - */ -void -SecurityCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y, w, h, - format, pBuf) - ClientPtr client; - RegionPtr pVisibleRegion; - long widthBytesLine; - DrawablePtr pDraw; - int x, y, w, h; - unsigned int format; - char * pBuf; +CALLBACK(SecurityCheckDrawableAccess) { - RegionRec imageRegion; /* region representing x,y,w,h */ - RegionRec censorRegion; /* region to obliterate */ - BoxRec imageBox; - int nRects; + XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata; - imageBox.x1 = x; - imageBox.y1 = y; - imageBox.x2 = x + w; - imageBox.y2 = y + h; - REGION_INIT(pScreen, &imageRegion, &imageBox, 1); - REGION_NULL(pScreen, &censorRegion); + if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) + rec->rval = FALSE; +} - /* censorRegion = imageRegion - visibleRegion */ - REGION_SUBTRACT(pScreen, &censorRegion, &imageRegion, pVisibleRegion); - nRects = REGION_NUM_RECTS(&censorRegion); - if (nRects > 0) - { /* we have something to censor */ - GCPtr pScratchGC = NULL; - PixmapPtr pPix = NULL; - xRectangle *pRects = NULL; - Bool failed = FALSE; - int depth = 1; - int bitsPerPixel = 1; - int i; - BoxPtr pBox; +CALLBACK(SecurityCheckMapAccess) +{ + XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; + WindowPtr pWin = rec->pWin; - /* convert region to list-of-rectangles for PolyFillRect */ + if (STATEPTR(rec->client) && + (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && + (pWin->drawable.class == InputOnly) && + (TRUSTLEVEL(wClient(pWin->parent)) == XSecurityClientTrusted)) - pRects = (xRectangle *)ALLOCATE_LOCAL(nRects * sizeof(xRectangle *)); - if (!pRects) - { - failed = TRUE; - goto failSafe; - } - for (pBox = REGION_RECTS(&censorRegion), i = 0; - i < nRects; - i++, pBox++) - { - pRects[i].x = pBox->x1; - pRects[i].y = pBox->y1 - imageBox.y1; - pRects[i].width = pBox->x2 - pBox->x1; - pRects[i].height = pBox->y2 - pBox->y1; - } + rec->rval = FALSE; +} - /* use pBuf as a fake pixmap */ +CALLBACK(SecurityCheckBackgrndAccess) +{ + XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; - if (format == ZPixmap) - { - depth = pDraw->depth; - bitsPerPixel = pDraw->bitsPerPixel; - } + if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) + rec->rval = FALSE; +} - pPix = GetScratchPixmapHeader(pDraw->pScreen, w, h, - depth, bitsPerPixel, - widthBytesLine, (pointer)pBuf); - if (!pPix) - { - failed = TRUE; - goto failSafe; - } +CALLBACK(SecurityCheckExtAccess) +{ + XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata; - pScratchGC = GetScratchGC(depth, pPix->drawable.pScreen); - if (!pScratchGC) - { - failed = TRUE; - goto failSafe; - } + if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && + !STATEVAL(rec->ext)) - ValidateGC(&pPix->drawable, pScratchGC); - (* pScratchGC->ops->PolyFillRect)(&pPix->drawable, - pScratchGC, nRects, pRects); + rec->rval = FALSE; +} - failSafe: - if (failed) - { - /* Censoring was not completed above. To be safe, wipe out - * all the image data so that nothing trusted gets out. - */ - bzero(pBuf, (int)(widthBytesLine * h)); - } - if (pRects) DEALLOCATE_LOCAL(pRects); - if (pScratchGC) FreeScratchGC(pScratchGC); - if (pPix) FreeScratchPixmapHeader(pPix); +CALLBACK(SecurityCheckHostlistAccess) +{ + XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata; + + if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) + { + rec->rval = FALSE; + if (rec->access_mode == SecurityWriteAccess) + SecurityAudit("client %d attempted to change host access\n", + rec->client->index); + else + SecurityAudit("client %d attempted to list hosts\n", + rec->client->index); } - REGION_UNINIT(pScreen, &imageRegion); - REGION_UNINIT(pScreen, &censorRegion); -} /* SecurityCensorImage */ +} + +CALLBACK(SecurityDeclareExtSecure) +{ + XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata; + + /* security state for extensions is simply a boolean trust value */ + STATEVAL(rec->ext) = rec->secure; +} /**********************************************************************/ @@ -1734,21 +1691,21 @@ SecurityMatchString( #endif -char -SecurityCheckPropertyAccess(client, pWin, propertyName, access_mode) - ClientPtr client; - WindowPtr pWin; - ATOM propertyName; - Mask access_mode; -{ +CALLBACK(SecurityCheckPropertyAccess) +{ + XacePropertyAccessRec *rec = (XacePropertyAccessRec*)calldata; + ClientPtr client = rec->client; + WindowPtr pWin = rec->pWin; + ATOM propertyName = rec->propertyName; + Mask access_mode = rec->access_mode; PropertyAccessPtr pacl; char action = SecurityDefaultAction; /* if client trusted or window untrusted, allow operation */ - if ( (client->trustLevel == XSecurityClientTrusted) || - (wClient(pWin)->trustLevel != XSecurityClientTrusted) ) - return SecurityAllowOperation; + if ( (TRUSTLEVEL(client) == XSecurityClientTrusted) || + (TRUSTLEVEL(wClient(pWin)) != XSecurityClientTrusted) ) + return; #ifdef PROPDEBUG /* For testing, it's more convenient if the property rules file gets @@ -1861,7 +1818,9 @@ SecurityCheckPropertyAccess(client, pWin, propertyName, access_mode) client->index, reqtype, pWin->drawable.id, NameForAtom(propertyName), propertyName, cid, actionstr); } - return action; + /* return codes increase with strictness */ + if (action > rec->rval) + rec->rval = action; } /* SecurityCheckPropertyAccess */ @@ -1901,6 +1860,46 @@ XSecurityOptions(argc, argv, i) } /* XSecurityOptions */ +/* SecurityExtensionSetup + * + * Arguments: none. + * + * Returns: nothing. + * + * Side Effects: + * Sets up the Security extension if possible. + * This function contains things that need to be done + * before any other extension init functions get called. + */ + +void +SecurityExtensionSetup(INITARGS) +{ + /* Allocate the client private index */ + securityClientPrivateIndex = AllocateClientPrivateIndex(); + if (!AllocateClientPrivate(securityClientPrivateIndex, + sizeof (SecurityClientStateRec))) + FatalError("SecurityExtensionSetup: Can't allocate client private.\n"); + + /* Allocate the extension private index */ + securityExtnsnPrivateIndex = AllocateExtensionPrivateIndex(); + if (!AllocateExtensionPrivate(securityExtnsnPrivateIndex, 0)) + FatalError("SecurityExtensionSetup: Can't allocate extnsn private.\n"); + + /* register callbacks */ +#define XaceRC XaceRegisterCallback + XaceRC(XACE_RESOURCE_ACCESS, SecurityCheckResourceIDAccess, NULL); + XaceRC(XACE_DEVICE_ACCESS, SecurityCheckDeviceAccess, NULL); + XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL); + XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL); + XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL); + XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL); + XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL); + XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL); + XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL); + XaceRC(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, NULL); +} /* SecurityExtensionSetup */ + /* SecurityExtensionInit * @@ -1916,7 +1915,6 @@ void SecurityExtensionInit(INITARGS) { ExtensionEntry *extEntry; - int i; SecurityAuthorizationResType = CreateNewResourceType(SecurityDeleteAuthorization); @@ -1943,25 +1941,6 @@ SecurityExtensionInit(INITARGS) EventSwapVector[SecurityEventBase + XSecurityAuthorizationRevoked] = (EventSwapPtr)SwapSecurityAuthorizationRevokedEvent; - /* initialize untrusted proc vectors */ - - for (i = 0; i < 128; i++) - { - UntrustedProcVector[i] = ProcVector[i]; - SwappedUntrustedProcVector[i] = SwappedProcVector[i]; - } - - /* make sure insecure extensions are not allowed */ - - for (i = 128; i < 256; i++) - { - if (!UntrustedProcVector[i]) - { - UntrustedProcVector[i] = ProcBadRequest; - SwappedUntrustedProcVector[i] = ProcBadRequest; - } - } - SecurityLoadPropertyAccessList(); } /* SecurityExtensionInit */ diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h index 596eead0d..7c6f432fe 100644 --- a/Xext/securitysrv.h +++ b/Xext/securitysrv.h @@ -86,46 +86,11 @@ typedef struct { Bool valid; /* did anyone recognize it? if so, set to TRUE */ } SecurityValidateGroupInfoRec; -/* Proc vectors for untrusted clients, swapped and unswapped versions. - * These are the same as the normal proc vectors except that extensions - * that haven't declared themselves secure will have ProcBadRequest plugged - * in for their major opcode dispatcher. This prevents untrusted clients - * from guessing extension major opcodes and using the extension even though - * the extension can't be listed or queried. - */ -extern int (*UntrustedProcVector[256])(ClientPtr client); -extern int (*SwappedUntrustedProcVector[256])(ClientPtr client); - -extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev, - Bool fromRequest); - -extern void SecurityAudit(char *format, ...); - extern int XSecurityOptions(int argc, char **argv, int i); /* Give this value or higher to the -audit option to get security messages */ #define SECURITY_AUDIT_LEVEL 4 -extern void SecurityCensorImage( - ClientPtr client, - RegionPtr pVisibleRegion, - long widthBytesLine, - DrawablePtr pDraw, - int x, int y, int w, int h, - unsigned int format, - char * pBuf); - -#define SecurityAllowOperation 0 -#define SecurityIgnoreOperation 1 -#define SecurityErrorOperation 2 - -extern char -SecurityCheckPropertyAccess( - ClientPtr client, - WindowPtr pWin, - ATOM propertyName, - Mask access_mode); - #define SECURITY_POLICY_FILE_VERSION "version-1" extern char **SecurityGetSitePolicyStrings(int *n); diff --git a/Xext/xace.c b/Xext/xace.c new file mode 100644 index 000000000..14a5e7963 --- /dev/null +++ b/Xext/xace.c @@ -0,0 +1,496 @@ +/************************************************************ + +Author: Eamon Walsh + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif + +#include +#include "windowstr.h" +#include "scrnintstr.h" +#include "gcstruct.h" +#include "xacestr.h" +#include "modinit.h" + +CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0}; + +/* Proc vectors for untrusted clients, swapped and unswapped versions. + * These are the same as the normal proc vectors except that extensions + * that haven't declared themselves secure will have ProcBadRequest plugged + * in for their major opcode dispatcher. This prevents untrusted clients + * from guessing extension major opcodes and using the extension even though + * the extension can't be listed or queried. + */ +int (*UntrustedProcVector[256])( + ClientPtr /*client*/ +); +int (*SwappedUntrustedProcVector[256])( + ClientPtr /*client*/ +); + +/* Entry point for hook functions. Called by Xserver. + */ +int XaceHook(int hook, ...) +{ + pointer calldata; /* data passed to callback */ + int *prv = NULL; /* points to return value from callback */ + va_list ap; /* argument list */ + va_start(ap, hook); + + /* Marshal arguments for passing to callback. + * Each callback has its own case, which sets up a structure to hold + * the arguments and integer return parameter, or in some cases just + * sets calldata directly to a single argument (with no return result) + */ + switch (hook) + { + case XACE_CORE_DISPATCH: { + XaceCoreDispatchRec rec = { + va_arg(ap, ClientPtr), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_RESOURCE_ACCESS: { + XaceResourceAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, XID), + va_arg(ap, RESTYPE), + va_arg(ap, Mask), + va_arg(ap, pointer), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DEVICE_ACCESS: { + XaceDeviceAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, DeviceIntPtr), + va_arg(ap, Bool), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_PROPERTY_ACCESS: { + XacePropertyAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, WindowPtr), + va_arg(ap, Atom), + va_arg(ap, Mask), + SecurityAllowOperation /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DRAWABLE_ACCESS: { + XaceDrawableAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, DrawablePtr), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_MAP_ACCESS: + case XACE_BACKGRND_ACCESS: { + XaceMapAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, WindowPtr), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_EXT_DISPATCH: + case XACE_EXT_ACCESS: { + XaceExtAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, ExtensionEntry*), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_HOSTLIST_ACCESS: { + XaceHostlistAccessRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, Mask), + TRUE /* default allow */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_SITE_POLICY: { + XaceSitePolicyRec rec = { + va_arg(ap, char*), + va_arg(ap, int), + FALSE /* default unrecognized */ + }; + calldata = &rec; + prv = &rec.rval; + break; + } + case XACE_DECLARE_EXT_SECURE: { + XaceDeclareExtSecureRec rec = { + va_arg(ap, ExtensionEntry*), + va_arg(ap, Bool) + }; + calldata = &rec; + break; + } + case XACE_AUTH_AVAIL: { + XaceAuthAvailRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, XID) + }; + calldata = &rec; + break; + } + case XACE_KEY_AVAIL: { + XaceKeyAvailRec rec = { + va_arg(ap, xEventPtr), + va_arg(ap, DeviceIntPtr), + va_arg(ap, int) + }; + calldata = &rec; + break; + } + case XACE_WINDOW_INIT: { + XaceWindowRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, WindowPtr) + }; + calldata = &rec; + break; + } + case XACE_AUDIT_BEGIN: { + XaceAuditRec rec = { + va_arg(ap, ClientPtr), + 0 + }; + calldata = &rec; + break; + } + case XACE_AUDIT_END: { + XaceAuditRec rec = { + va_arg(ap, ClientPtr), + va_arg(ap, int) + }; + calldata = &rec; + break; + } + default: { + va_end(ap); + return 0; /* unimplemented hook number */ + } + } + va_end(ap); + + /* call callbacks and return result, if any. */ + CallCallbacks(&XaceHooks[hook], calldata); + return prv ? *prv : 0; +} + +static int +ProcXaceDispatch(ClientPtr client) +{ + REQUEST(xReq); + + switch (stuff->data) + { + default: + return BadRequest; + } +} /* ProcXaceDispatch */ + +static int +SProcXaceDispatch(ClientPtr client) +{ + REQUEST(xReq); + + switch (stuff->data) + { + default: + return BadRequest; + } +} /* SProcXaceDispatch */ + + +/* XaceResetProc + * + * Arguments: + * extEntry is the extension information for the XACE extension. + * + * Returns: nothing. + * + * Side Effects: + * Performs any cleanup needed by XACE at server shutdown time. + */ +static void +XaceResetProc(ExtensionEntry *extEntry) +{ + int i; + + for (i=0; ireqType; + + if (!ProcVector[major]) + return (BadRequest); + + if (!XaceHook(XACE_CORE_DISPATCH, client)) + return (BadAccess); + + return client->swapped ? + (* SwappedProcVector[major])(client) : + (* ProcVector[major])(client); +} + +static int +XaceCatchExtProc(ClientPtr client) +{ + REQUEST(xReq); + int major = stuff->reqType; + ExtensionEntry *ext = GetExtensionEntry(major); + + if (!ext || !ProcVector[major]) + return (BadRequest); + + if (!XaceHook(XACE_EXT_DISPATCH, client, ext)) + return (BadRequest); /* pretend extension doesn't exist */ + + return client->swapped ? + (* SwappedProcVector[major])(client) : + (* ProcVector[major])(client); +} + + +/* SecurityClientStateCallback + * + * Arguments: + * pcbl is &ClientStateCallback. + * nullata is NULL. + * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h) + * which contains information about client state changes. + * + * Returns: nothing. + * + * Side Effects: + * + * If a new client is connecting, its authorization ID is copied to + * client->authID. If this is a generated authorization, its reference + * count is bumped, its timer is cancelled if it was running, and its + * trustlevel is copied to TRUSTLEVEL(client). + * + * If a client is disconnecting and the client was using a generated + * authorization, the authorization's reference count is decremented, and + * if it is now zero, the timer for this authorization is started. + */ + +static void +XaceClientStateCallback( + CallbackListPtr *pcbl, + pointer nulldata, + pointer calldata) +{ + NewClientInfoRec *pci = (NewClientInfoRec *)calldata; + ClientPtr client = pci->client; + + switch (client->clientState) + { + case ClientStateRunning: + { + client->requestVector = client->swapped ? + SwappedUntrustedProcVector : UntrustedProcVector; + break; + } + default: break; + } +} /* XaceClientStateCallback */ + +/* XaceExtensionInit + * + * Initialize the XACE Extension + */ +void XaceExtensionInit(INITARGS) +{ + ExtensionEntry *extEntry; + int i; + + if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL)) + return; + + extEntry = AddExtension(XACE_EXTENSION_NAME, + XaceNumberEvents, XaceNumberErrors, + ProcXaceDispatch, SProcXaceDispatch, + XaceResetProc, StandardMinorOpcode); + + /* initialize dispatching intercept functions */ + for (i = 0; i < 128; i++) + { + UntrustedProcVector[i] = XaceCatchDispatchProc; + SwappedUntrustedProcVector[i] = XaceCatchDispatchProc; + } + for (i = 128; i < 256; i++) + { + UntrustedProcVector[i] = XaceCatchExtProc; + SwappedUntrustedProcVector[i] = XaceCatchExtProc; + } +} + +/* XaceCensorImage + * + * Called after pScreen->GetImage to prevent pieces or trusted windows from + * being returned in image data from an untrusted window. + * + * Arguments: + * client is the client doing the GetImage. + * pVisibleRegion is the visible region of the window. + * widthBytesLine is the width in bytes of one horizontal line in pBuf. + * pDraw is the source window. + * x, y, w, h is the rectangle of image data from pDraw in pBuf. + * format is the format of the image data in pBuf: ZPixmap or XYPixmap. + * pBuf is the image data. + * + * Returns: nothing. + * + * Side Effects: + * Any part of the rectangle (x, y, w, h) that is outside the visible + * region of the window will be destroyed (overwritten) in pBuf. + */ +void +XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y, w, h, + format, pBuf) + ClientPtr client; + RegionPtr pVisibleRegion; + long widthBytesLine; + DrawablePtr pDraw; + int x, y, w, h; + unsigned int format; + char * pBuf; +{ + ScreenPtr pScreen = pDraw->pScreen; + RegionRec imageRegion; /* region representing x,y,w,h */ + RegionRec censorRegion; /* region to obliterate */ + BoxRec imageBox; + int nRects; + + imageBox.x1 = x; + imageBox.y1 = y; + imageBox.x2 = x + w; + imageBox.y2 = y + h; + REGION_INIT(pScreen, &imageRegion, &imageBox, 1); + REGION_NULL(pScreen, &censorRegion); + + /* censorRegion = imageRegion - visibleRegion */ + REGION_SUBTRACT(pScreen, &censorRegion, &imageRegion, pVisibleRegion); + nRects = REGION_NUM_RECTS(&censorRegion); + if (nRects > 0) + { /* we have something to censor */ + GCPtr pScratchGC = NULL; + PixmapPtr pPix = NULL; + xRectangle *pRects = NULL; + Bool failed = FALSE; + int depth = 1; + int bitsPerPixel = 1; + int i; + BoxPtr pBox; + + /* convert region to list-of-rectangles for PolyFillRect */ + + pRects = (xRectangle *)ALLOCATE_LOCAL(nRects * sizeof(xRectangle *)); + if (!pRects) + { + failed = TRUE; + goto failSafe; + } + for (pBox = REGION_RECTS(&censorRegion), i = 0; + i < nRects; + i++, pBox++) + { + pRects[i].x = pBox->x1; + pRects[i].y = pBox->y1 - imageBox.y1; + pRects[i].width = pBox->x2 - pBox->x1; + pRects[i].height = pBox->y2 - pBox->y1; + } + + /* use pBuf as a fake pixmap */ + + if (format == ZPixmap) + { + depth = pDraw->depth; + bitsPerPixel = pDraw->bitsPerPixel; + } + + pPix = GetScratchPixmapHeader(pDraw->pScreen, w, h, + depth, bitsPerPixel, + widthBytesLine, (pointer)pBuf); + if (!pPix) + { + failed = TRUE; + goto failSafe; + } + + pScratchGC = GetScratchGC(depth, pPix->drawable.pScreen); + if (!pScratchGC) + { + failed = TRUE; + goto failSafe; + } + + ValidateGC(&pPix->drawable, pScratchGC); + (* pScratchGC->ops->PolyFillRect)(&pPix->drawable, + pScratchGC, nRects, pRects); + + failSafe: + if (failed) + { + /* Censoring was not completed above. To be safe, wipe out + * all the image data so that nothing trusted gets out. + */ + bzero(pBuf, (int)(widthBytesLine * h)); + } + if (pRects) DEALLOCATE_LOCAL(pRects); + if (pScratchGC) FreeScratchGC(pScratchGC); + if (pPix) FreeScratchPixmapHeader(pPix); + } + REGION_UNINIT(pScreen, &imageRegion); + REGION_UNINIT(pScreen, &censorRegion); +} /* XaceCensorImage */ diff --git a/Xext/xace.h b/Xext/xace.h new file mode 100644 index 000000000..6cb4b4f5d --- /dev/null +++ b/Xext/xace.h @@ -0,0 +1,103 @@ +/************************************************************ + +Author: Eamon Walsh + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifndef _XACE_H +#define _XACE_H + +#define XACE_EXTENSION_NAME "XAccessControlExtension" +#define XACE_MAJOR_VERSION 1 +#define XACE_MINOR_VERSION 0 + +#include "pixmap.h" /* for DrawablePtr */ +#include "regionstr.h" /* for RegionPtr */ + +#define XaceNumberEvents 0 +#define XaceNumberErrors 0 + +/* security hooks */ +/* Constants used to identify the available security hooks + */ +#define XACE_CORE_DISPATCH 0 +#define XACE_EXT_DISPATCH 1 +#define XACE_RESOURCE_ACCESS 2 +#define XACE_DEVICE_ACCESS 3 +#define XACE_PROPERTY_ACCESS 4 +#define XACE_DRAWABLE_ACCESS 5 +#define XACE_MAP_ACCESS 6 +#define XACE_BACKGRND_ACCESS 7 +#define XACE_EXT_ACCESS 8 +#define XACE_HOSTLIST_ACCESS 9 +#define XACE_SITE_POLICY 10 +#define XACE_DECLARE_EXT_SECURE 11 +#define XACE_AUTH_AVAIL 12 +#define XACE_KEY_AVAIL 13 +#define XACE_WINDOW_INIT 14 +#define XACE_AUDIT_BEGIN 15 +#define XACE_AUDIT_END 16 +#define XACE_NUM_HOOKS 17 + +extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS]; + +/* Entry point for hook functions. Called by Xserver. + */ +extern int XaceHook( + int /*hook*/, + ... /*appropriate args for hook*/ + ); + +/* Register a callback for a given hook. + */ +#define XaceRegisterCallback(hook,callback,data) \ + AddCallback(XaceHooks+(hook), callback, data) + +/* Unregister an existing callback for a given hook. + */ +#define XaceDeleteCallback(hook,callback,data) \ + DeleteCallback(XaceHooks+(hook), callback, data) + + +/* From the original Security extension... + */ + +/* Hook return codes */ +#define SecurityAllowOperation 0 +#define SecurityIgnoreOperation 1 +#define SecurityErrorOperation 2 + +/* Proc vectors for untrusted clients, swapped and unswapped versions. + * These are the same as the normal proc vectors except that extensions + * that haven't declared themselves secure will have ProcBadRequest plugged + * in for their major opcode dispatcher. This prevents untrusted clients + * from guessing extension major opcodes and using the extension even though + * the extension can't be listed or queried. + */ +extern int (*UntrustedProcVector[256])(ClientPtr client); +extern int (*SwappedUntrustedProcVector[256])(ClientPtr client); + +extern void XaceCensorImage( + ClientPtr client, + RegionPtr pVisibleRegion, + long widthBytesLine, + DrawablePtr pDraw, + int x, int y, int w, int h, + unsigned int format, + char * pBuf + ); + +#endif /* _XACE_H */ diff --git a/Xext/xacestr.h b/Xext/xacestr.h new file mode 100644 index 000000000..7114d066b --- /dev/null +++ b/Xext/xacestr.h @@ -0,0 +1,135 @@ +/************************************************************ + +Author: Eamon Walsh + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifndef _XACESTR_H +#define _XACESTR_H + +#include +#include "dixstruct.h" +#include "resource.h" +#include "extnsionst.h" +#include "gcstruct.h" +#include "windowstr.h" +#include "inputstr.h" +#include "xace.h" + +/* XACE_CORE_DISPATCH */ +typedef struct { + ClientPtr client; + int rval; +} XaceCoreDispatchRec; + +/* XACE_RESOURCE_ACCESS */ +/* XACE_RESOURCE_CREATE */ +typedef struct { + ClientPtr client; + XID id; + RESTYPE rtype; + Mask access_mode; + pointer res; + int rval; +} XaceResourceAccessRec; + +/* XACE_DEVICE_ACCESS */ +typedef struct { + ClientPtr client; + DeviceIntPtr dev; + Bool fromRequest; + int rval; +} XaceDeviceAccessRec; + +/* XACE_PROPERTY_ACCESS */ +typedef struct { + ClientPtr client; + WindowPtr pWin; + Atom propertyName; + Mask access_mode; + int rval; +} XacePropertyAccessRec; + +/* XACE_DRAWABLE_ACCESS */ +typedef struct { + ClientPtr client; + DrawablePtr pDraw; + int rval; +} XaceDrawableAccessRec; + +/* XACE_MAP_ACCESS */ +/* XACE_BACKGRND_ACCESS */ +typedef struct { + ClientPtr client; + WindowPtr pWin; + int rval; +} XaceMapAccessRec; + +/* XACE_EXT_DISPATCH_ACCESS */ +/* XACE_EXT_ACCESS */ +typedef struct { + ClientPtr client; + ExtensionEntry *ext; + int rval; +} XaceExtAccessRec; + +/* XACE_HOSTLIST_ACCESS */ +typedef struct { + ClientPtr client; + Mask access_mode; + int rval; +} XaceHostlistAccessRec; + +/* XACE_SITE_POLICY */ +typedef struct { + char *policyString; + int len; + int rval; +} XaceSitePolicyRec; + +/* XACE_DECLARE_EXT_SECURE */ +typedef struct { + ExtensionEntry *ext; + Bool secure; +} XaceDeclareExtSecureRec; + +/* XACE_AUTH_AVAIL */ +typedef struct { + ClientPtr client; + XID authId; +} XaceAuthAvailRec; + +/* XACE_KEY_AVAIL */ +typedef struct { + xEventPtr event; + DeviceIntPtr keybd; + int count; +} XaceKeyAvailRec; + +/* XACE_WINDOW_INIT */ +typedef struct { + ClientPtr client; + WindowPtr pWin; +} XaceWindowRec; + +/* XACE_AUDIT_BEGIN */ +/* XACE_AUDIT_END */ +typedef struct { + ClientPtr client; + int requestResult; +} XaceAuditRec; + +#endif /* _XACESTR_H */ diff --git a/configure.ac b/configure.ac index 798c8f0da..49dfad2d3 100644 --- a/configure.ac +++ b/configure.ac @@ -413,11 +413,12 @@ AC_ARG_ENABLE(dri, AS_HELP_STRING([--enable-dri], [Build DRI extensio AC_ARG_ENABLE(xinerama, AS_HELP_STRING([--disable-xinerama], [Build Xinerama extension (default: enabled)]), [XINERAMA=$enableval], [XINERAMA=yes]) AC_ARG_ENABLE(xf86vidmode, AS_HELP_STRING([--disable-xf86vidmode], [Build XF86VidMode extension (default: enabled)]), [XF86VIDMODE=$enableval], [XF86VIDMODE=yes]) AC_ARG_ENABLE(xf86misc, AS_HELP_STRING([--disable-xf86misc], [Build XF86Misc extension (default: enabled)]), [XF86MISC=$enableval], [XF86MISC=yes]) -AC_ARG_ENABLE(xcsecurity, AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (default: enabled)]), [XCSECURITY=$enableval], [XCSECURITY=yes]) +AC_ARG_ENABLE(xace, AS_HELP_STRING([--disable-xace], [Build X-ACE extension (default: enabled)]), [XACE=$enableval], [XACE=yes]) +AC_ARG_ENABLE(xcsecurity, AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (default: enabled)]), [XCSECURITY=$enableval], [XCSECURITY=$XACE]) +AC_ARG_ENABLE(appgroup, AS_HELP_STRING([--disable-appgroup], [Build XC-APPGROUP extension (default: enabled)]), [APPGROUP=$enableval], [APPGROUP=$XCSECURITY]) AC_ARG_ENABLE(xcalibrate, AS_HELP_STRING([--enable-xcalibrate], [Build XCalibrate extension (default: disabled)]), [XCALIBRATE=$enableval], [XCALIBRATE=no]) AC_ARG_ENABLE(tslib, AS_HELP_STRING([--enable-tslib], [Build kdrive tslib touchscreen support (default: disabled)]), [TSLIB=$enableval], [TSLIB=no]) AC_ARG_ENABLE(xevie, AS_HELP_STRING([--disable-xevie], [Build XEvIE extension (default: enabled)]), [XEVIE=$enableval], [XEVIE=yes]) -AC_ARG_ENABLE(appgroup, AS_HELP_STRING([--disable-appgroup], [Build XC-APPGROUP extension (default: enabled)]), [APPGROUP=$enableval], [APPGROUP=yes]) AC_ARG_ENABLE(cup, AS_HELP_STRING([--disable-cup], [Build TOG-CUP extension (default: enabled)]), [CUP=$enableval], [CUP=yes]) AC_ARG_ENABLE(evi, AS_HELP_STRING([--disable-evi], [Build Extended-Visual-Information extension (default: enabled)]), [EVI=$enableval], [EVI=yes]) AC_ARG_ENABLE(multibuffer, AS_HELP_STRING([--enable-multibuffer], [Build Multibuffer extension (default: disabled)]), [MULTIBUFFER=$enableval], [MULTIBUFFER=no]) @@ -621,8 +622,16 @@ if test "x$XINERAMA" = xyes; then REQUIRED_MODULES="$REQUIRED_MODULES xineramaproto" fi +AM_CONDITIONAL(XACE, [test "x$XACE" = xyes]) +if test "x$XACE" = xyes; then + AC_DEFINE(XACE, 1, [Build X-ACE extension]) +fi + AM_CONDITIONAL(XCSECURITY, [test "x$XCSECURITY" = xyes]) if test "x$XCSECURITY" = xyes; then + if test "x$XACE" != xyes; then + AC_MSG_ERROR([cannot build Security extension without X-ACE]) + fi AC_DEFINE(XCSECURITY, 1, [Build Security extension]) fi @@ -632,12 +641,11 @@ if test "x$XEVIE" = xyes; then REQUIRED_MODULES="$REQUIRED_MODULES evieproto" fi -if test "x$APPGROUP" = xyes && test "x$XCSECURITY" != xyes; then - AC_MSG_NOTICE([Disabling APPGROUP extension]) - APPGROUP=no -fi AM_CONDITIONAL(APPGROUP, [test "x$APPGROUP" = xyes]) if test "x$APPGROUP" = xyes; then + if test "x$XACE" != xyes || test "x$XCSECURITY" != xyes; then + AC_MSG_ERROR([cannot build APPGROUP extension without X-ACE and XC-SECURITY]) + fi AC_DEFINE(XAPPGROUP, 1, [Build APPGROUP extension]) fi diff --git a/dix/devices.c b/dix/devices.c index bcf8f4fa6..607510203 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -69,8 +69,8 @@ SOFTWARE. #ifdef XKB #include #endif -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif #include "dispatch.h" @@ -946,8 +946,8 @@ ProcSetModifierMapping(ClientPtr client) } } -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE)) return BadAccess; #endif @@ -1063,9 +1063,8 @@ ProcChangeKeyboardMapping(ClientPtr client) client->errorValue = stuff->keySymsPerKeyCode; return BadValue; } -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, - TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) return BadAccess; #endif keysyms.minKeyCode = stuff->firstKeyCode; @@ -1211,8 +1210,8 @@ ProcChangeKeyboardControl (ClientPtr client) vmask = stuff->mask; if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask)) return BadLength; -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, keybd, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE)) return BadAccess; #endif vlist = (XID *)&stuff[1]; /* first word of values */ @@ -1600,8 +1599,8 @@ ProcQueryKeymap(ClientPtr client) rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.length = 2; -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) { bzero((char *)&rep.map[0], 32); } diff --git a/dix/dispatch.c b/dix/dispatch.c index 08b015991..7c4d539fa 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -104,8 +104,8 @@ int ProcInitialConnection(); #include "panoramiX.h" #include "panoramiXsrv.h" #endif -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif #ifdef XAPPGROUP #include "appgroup.h" @@ -451,7 +451,15 @@ Dispatch(void) if (result > (maxBigRequestSize << 2)) result = BadLength; else +#ifdef XACE + { + XaceHook(XACE_AUDIT_BEGIN, client); result = (* client->requestVector[MAJOROP])(client); + XaceHook(XACE_AUDIT_END, client, result); + } +#else + result = (* client->requestVector[MAJOROP])(client); +#endif /* XACE */ if (result != Success) { @@ -1099,11 +1107,10 @@ ProcConvertSelection(register ClientPtr client) CurrentSelections[i].selection != stuff->selection) i++; if ((i < NumCurrentSelections) && (CurrentSelections[i].window != None) -#ifdef XCSECURITY - && (!client->CheckAccess || - (* client->CheckAccess)(client, CurrentSelections[i].window, - RT_WINDOW, SecurityReadAccess, - CurrentSelections[i].pWin)) +#ifdef XACE + && XaceHook(XACE_RESOURCE_ACCESS, client, + CurrentSelections[i].window, RT_WINDOW, + SecurityReadAccess, CurrentSelections[i].pWin) #endif ) { @@ -2095,7 +2102,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, Mask plane = 0; char *pBuf; xGetImageReply xgi; -#ifdef XCSECURITY +#ifdef XACE RegionPtr pVisibleRegion = NULL; #endif @@ -2201,9 +2208,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); } -#ifdef XCSECURITY - if (client->trustLevel != XSecurityClientTrusted && - pDraw->type == DRAWABLE_WINDOW) +#ifdef XACE + if (pDraw->type == DRAWABLE_WINDOW && + !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw)) { pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw); if (pVisibleRegion) @@ -2231,9 +2238,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, format, planemask, (pointer) pBuf); -#ifdef XCSECURITY +#ifdef XACE if (pVisibleRegion) - SecurityCensorImage(client, pVisibleRegion, widthBytesLine, + XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y + linesDone, width, nlines, format, pBuf); #endif @@ -2272,9 +2279,9 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, format, plane, (pointer)pBuf); -#ifdef XCSECURITY +#ifdef XACE if (pVisibleRegion) - SecurityCensorImage(client, pVisibleRegion, + XaceCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y + linesDone, width, nlines, format, pBuf); @@ -2300,7 +2307,7 @@ DoGetImage(register ClientPtr client, int format, Drawable drawable, } } } -#ifdef XCSECURITY +#ifdef XACE if (pVisibleRegion) REGION_DESTROY(pDraw->pScreen, pVisibleRegion); #endif @@ -3274,11 +3281,10 @@ ProcListHosts(register ClientPtr client) /* REQUEST(xListHostsReq); */ REQUEST_SIZE_MATCH(xListHostsReq); -#ifdef XCSECURITY +#ifdef XACE /* untrusted clients can't list hosts */ - if (client->trustLevel != XSecurityClientTrusted) + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess)) { - SecurityAudit("client %d attempted to list hosts\n", client->index); return BadAccess; } #endif @@ -3606,8 +3612,13 @@ CloseDownRetainedResources() } } +extern int clientPrivateLen; +extern unsigned *clientPrivateSizes; +extern unsigned totalClientSize; + void InitClient(ClientPtr client, int i, pointer ospriv) { + bzero(client, totalClientSize); client->index = i; client->sequence = 0; client->clientAsMask = ((Mask)i) << CLIENTOFFSET; @@ -3646,11 +3657,6 @@ void InitClient(ClientPtr client, int i, pointer ospriv) } #endif client->replyBytesRemaining = 0; -#ifdef XCSECURITY - client->trustLevel = XSecurityClientTrusted; - client->CheckAccess = NULL; - client->authId = 0; -#endif #ifdef XAPPGROUP client->appgroup = NULL; #endif @@ -3663,10 +3669,6 @@ void InitClient(ClientPtr client, int i, pointer ospriv) #endif } -extern int clientPrivateLen; -extern unsigned *clientPrivateSizes; -extern unsigned totalClientSize; - int InitClientPrivates(ClientPtr client) { @@ -3699,6 +3701,17 @@ InitClientPrivates(ClientPtr client) else ppriv->ptr = (pointer)NULL; } + + /* Allow registrants to initialize the serverClient devPrivates */ + if (!client->index && ClientStateCallback) + { + NewClientInfoRec clientinfo; + + clientinfo.client = client; + clientinfo.prefix = (xConnSetupPrefix *)NULL; + clientinfo.setup = (xConnSetup *) NULL; + CallCallbacks((&ClientStateCallback), (pointer)&clientinfo); + } return 1; } diff --git a/dix/dixutils.c b/dix/dixutils.c index b35754dbb..a395d4474 100644 --- a/dix/dixutils.c +++ b/dix/dixutils.c @@ -95,8 +95,8 @@ Author: Adobe Systems Incorporated #include "scrnintstr.h" #define XK_LATIN1 #include -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif /* @@ -196,7 +196,7 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len, return (int) c1 - (int) c2; } -#ifdef XCSECURITY +#ifdef XACE /* SecurityLookupWindow and SecurityLookupDrawable: * Look up the window/drawable taking into account the client doing @@ -204,32 +204,16 @@ CompareISOLatin1Lowered(unsigned char *s1, int s1len, * if it exists and the client is allowed access, else return NULL. * Most Proc* functions should be calling these instead of * LookupWindow and LookupDrawable, which do no access checks. + * XACE note: need to see if client->lastDrawableID can still be used here. */ _X_EXPORT WindowPtr SecurityLookupWindow(XID rid, ClientPtr client, Mask access_mode) { - WindowPtr pWin; - client->errorValue = rid; if(rid == INVALID) return NULL; - if (client->trustLevel != XSecurityClientTrusted) - return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); - if (client->lastDrawableID == rid) - { - if (client->lastDrawable->type == DRAWABLE_WINDOW) - return ((WindowPtr) client->lastDrawable); - return (WindowPtr) NULL; - } - pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); - if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) { - client->lastDrawable = (DrawablePtr) pWin; - client->lastDrawableID = rid; - client->lastGCID = INVALID; - client->lastGC = (GCPtr)NULL; - } - return pWin; + return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode); } @@ -240,11 +224,6 @@ SecurityLookupDrawable(XID rid, ClientPtr client, Mask access_mode) if(rid == INVALID) return (pointer) NULL; - if (client->trustLevel != XSecurityClientTrusted) - return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE, - access_mode); - if (client->lastDrawableID == rid) - return ((pointer) client->lastDrawable); pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE, access_mode); if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW)) @@ -268,7 +247,7 @@ LookupDrawable(XID rid, ClientPtr client) return SecurityLookupDrawable(rid, client, SecurityUnknownAccess); } -#else /* not XCSECURITY */ +#else /* not XACE */ WindowPtr LookupWindow(XID rid, ClientPtr client) @@ -310,7 +289,7 @@ LookupDrawable(XID rid, ClientPtr client) return (pointer)NULL; } -#endif /* XCSECURITY */ +#endif /* XACE */ _X_EXPORT ClientPtr LookupClient(XID rid, ClientPtr client) diff --git a/dix/events.c b/dix/events.c index 7225543a3..c57a30ed8 100644 --- a/dix/events.c +++ b/dix/events.c @@ -135,8 +135,8 @@ of the copyright holder. extern Bool XkbFilterEvents(ClientPtr, int, xEvent *); #endif -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif #ifdef XEVIE @@ -2476,8 +2476,8 @@ CheckPassiveGrabsOnWindow( (grab->confineTo->realized && BorderSizeNotEmpty(grab->confineTo)))) { -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE)) return FALSE; #endif #ifdef XKB @@ -2846,6 +2846,10 @@ drawable.id:0; DeliverFocusedEvent(keybd, xE, sprite.win, count); if (deactivateGrab) (*keybd->DeactivateGrab)(keybd); + +#ifdef XACE + XaceHook(XACE_KEY_AVAIL, xE, keybd, count); +#endif } #ifdef XKB @@ -3279,10 +3283,10 @@ EnterLeaveEvent( { xKeymapEvent ke; -#ifdef XCSECURITY +#ifdef XACE ClientPtr client = grab ? rClient(grab) : clients[CLIENT_ID(pWin->drawable.id)]; - if (!SecurityCheckDeviceAccess(client, keybd, FALSE)) + if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE)) { bzero((char *)&ke.map[0], 31); } @@ -3374,9 +3378,9 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, register WindowPtr ((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask)) { xKeymapEvent ke; -#ifdef XCSECURITY +#ifdef XACE ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)]; - if (!SecurityCheckDeviceAccess(client, dev, FALSE)) + if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE)) { bzero((char *)&ke.map[0], 31); } @@ -3645,8 +3649,8 @@ ProcSetInputFocus(client) REQUEST(xSetInputFocusReq); REQUEST_SIZE_MATCH(xSetInputFocusReq); -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) return Success; #endif return SetInputFocus(client, inputInfo.keyboard, stuff->focus, @@ -3910,8 +3914,8 @@ ProcGrabKeyboard(ClientPtr client) int result; REQUEST_SIZE_MATCH(xGrabKeyboardReq); -#ifdef XCSECURITY - if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE)) +#ifdef XACE + if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) { result = Success; rep.status = AlreadyGrabbed; diff --git a/dix/extension.c b/dix/extension.c index 5ad457940..f58c73138 100644 --- a/dix/extension.c +++ b/dix/extension.c @@ -59,8 +59,8 @@ SOFTWARE. #include "gcstruct.h" #include "scrnintstr.h" #include "dispatch.h" -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif #define EXTENSION_BASE 128 @@ -76,6 +76,39 @@ int lastEvent = EXTENSION_EVENT_BASE; static int lastError = FirstExtensionError; static unsigned int NumExtensions = 0; +extern int extensionPrivateLen; +extern unsigned *extensionPrivateSizes; +extern unsigned totalExtensionSize; + +static void +InitExtensionPrivates(ExtensionEntry *ext) +{ + register char *ptr; + DevUnion *ppriv; + register unsigned *sizes; + register unsigned size; + register int i; + + if (totalExtensionSize == sizeof(ExtensionEntry)) + ppriv = (DevUnion *)NULL; + else + ppriv = (DevUnion *)(ext + 1); + + ext->devPrivates = ppriv; + sizes = extensionPrivateSizes; + ptr = (char *)(ppriv + extensionPrivateLen); + for (i = extensionPrivateLen; --i >= 0; ppriv++, sizes++) + { + if ( (size = *sizes) ) + { + ppriv->ptr = (pointer)ptr; + ptr += size; + } + else + ppriv->ptr = (pointer)NULL; + } +} + _X_EXPORT ExtensionEntry * AddExtension(char *name, int NumEvents, int NumErrors, int (*MainProc)(ClientPtr c1), @@ -92,9 +125,11 @@ AddExtension(char *name, int NumEvents, int NumErrors, (unsigned)(lastError + NumErrors > LAST_ERROR)) return((ExtensionEntry *) NULL); - ext = (ExtensionEntry *) xalloc(sizeof(ExtensionEntry)); + ext = (ExtensionEntry *) xalloc(totalExtensionSize); if (!ext) return((ExtensionEntry *) NULL); + bzero(ext, totalExtensionSize); + InitExtensionPrivates(ext); ext->name = (char *)xalloc(strlen(name) + 1); ext->num_aliases = 0; ext->aliases = (char **)NULL; @@ -144,9 +179,6 @@ AddExtension(char *name, int NumEvents, int NumErrors, ext->errorBase = 0; ext->errorLast = 0; } -#ifdef XCSECURITY - ext->secure = FALSE; -#endif return(ext); } @@ -207,26 +239,27 @@ CheckExtension(const char *extname) return NULL; } +/* + * Added as part of Xace. + */ +ExtensionEntry * +GetExtensionEntry(int major) +{ + if (major < EXTENSION_BASE) + return NULL; + major -= EXTENSION_BASE; + if (major >= NumExtensions) + return NULL; + return extensions[major]; +} + _X_EXPORT void DeclareExtensionSecurity(char *extname, Bool secure) { -#ifdef XCSECURITY +#ifdef XACE int i = FindExtension(extname, strlen(extname)); if (i >= 0) - { - int majorop = extensions[i]->base; - extensions[i]->secure = secure; - if (secure) - { - UntrustedProcVector[majorop] = ProcVector[majorop]; - SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop]; - } - else - { - UntrustedProcVector[majorop] = ProcBadRequest; - SwappedUntrustedProcVector[majorop] = ProcBadRequest; - } - } + XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure); #endif } @@ -304,10 +337,9 @@ ProcQueryExtension(ClientPtr client) { i = FindExtension((char *)&stuff[1], stuff->nbytes); if (i < 0 -#ifdef XCSECURITY - /* don't show insecure extensions to untrusted clients */ - || (client->trustLevel == XSecurityClientUntrusted && - !extensions[i]->secure) +#ifdef XACE + /* call callbacks to find out whether to show extension */ + || !XaceHook(XACE_EXT_ACCESS, client, extensions[i]) #endif ) reply.present = xFalse; @@ -344,10 +376,9 @@ ProcListExtensions(ClientPtr client) for (i=0; itrustLevel == XSecurityClientUntrusted && - !extensions[i]->secure) +#ifdef XACE + /* call callbacks to find out whether to show extension */ + if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) continue; #endif total_length += strlen(extensions[i]->name) + 1; @@ -362,9 +393,8 @@ ProcListExtensions(ClientPtr client) for (i=0; itrustLevel == XSecurityClientUntrusted && - !extensions[i]->secure) +#ifdef XACE + if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) continue; #endif *bufptr++ = len = strlen(extensions[i]->name); diff --git a/dix/main.c b/dix/main.c index 3fb4cdd9c..f3cde189c 100644 --- a/dix/main.c +++ b/dix/main.c @@ -354,6 +354,7 @@ main(int argc, char *argv[], char *envp[]) InitAtoms(); InitEvents(); InitGlyphCaching(); + ResetExtensionPrivates(); ResetClientPrivates(); ResetScreenPrivates(); ResetWindowPrivates(); diff --git a/dix/privates.c b/dix/privates.c index 46b696416..b20a1dbf0 100644 --- a/dix/privates.c +++ b/dix/privates.c @@ -42,6 +42,7 @@ from The Open Group. #include "servermd.h" #include "site.h" #include "inputstr.h" +#include "extnsionst.h" /* * See the Wrappers and devPrivates section in "Definition of the @@ -49,6 +50,63 @@ from The Open Group. * for information on how to use devPrivates. */ +/* + * extension private machinery + */ + +static int extensionPrivateCount; +int extensionPrivateLen; +unsigned *extensionPrivateSizes; +unsigned totalExtensionSize; + +void +ResetExtensionPrivates() +{ + extensionPrivateCount = 0; + extensionPrivateLen = 0; + xfree(extensionPrivateSizes); + extensionPrivateSizes = (unsigned *)NULL; + totalExtensionSize = + ((sizeof(ExtensionEntry) + sizeof(long) - 1) / sizeof(long)) * sizeof(long); +} + +_X_EXPORT int +AllocateExtensionPrivateIndex() +{ + return extensionPrivateCount++; +} + +_X_EXPORT Bool +AllocateExtensionPrivate(int index2, unsigned amount) +{ + unsigned oldamount; + + /* Round up sizes for proper alignment */ + amount = ((amount + (sizeof(long) - 1)) / sizeof(long)) * sizeof(long); + + if (index2 >= extensionPrivateLen) + { + unsigned *nsizes; + nsizes = (unsigned *)xrealloc(extensionPrivateSizes, + (index2 + 1) * sizeof(unsigned)); + if (!nsizes) + return FALSE; + while (extensionPrivateLen <= index2) + { + nsizes[extensionPrivateLen++] = 0; + totalExtensionSize += sizeof(DevUnion); + } + extensionPrivateSizes = nsizes; + } + oldamount = extensionPrivateSizes[index2]; + if (amount > oldamount) + { + extensionPrivateSizes[index2] = amount; + totalExtensionSize += (amount - oldamount); + } + return TRUE; +} + /* * client private machinery */ diff --git a/dix/property.c b/dix/property.c index 5588a90b0..da983838f 100644 --- a/dix/property.c +++ b/dix/property.c @@ -58,8 +58,8 @@ SOFTWARE. #include "dixstruct.h" #include "dispatch.h" #include "swaprep.h" -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif /***************************************************************** @@ -118,12 +118,12 @@ ProcRotateProperties(ClientPtr client) return(BadAlloc); for (i = 0; i < stuff->nAtoms; i++) { -#ifdef XCSECURITY - char action = SecurityCheckPropertyAccess(client, pWin, atoms[i], +#ifdef XACE + char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i], SecurityReadAccess|SecurityWriteAccess); #endif if (!ValidAtom(atoms[i]) -#ifdef XCSECURITY +#ifdef XACE || (SecurityErrorOperation == action) #endif ) @@ -132,7 +132,7 @@ ProcRotateProperties(ClientPtr client) client->errorValue = atoms[i]; return BadAtom; } -#ifdef XCSECURITY +#ifdef XACE if (SecurityIgnoreOperation == action) { DEALLOCATE_LOCAL(props); @@ -233,8 +233,8 @@ ProcChangeProperty(ClientPtr client) return(BadAtom); } -#ifdef XCSECURITY - switch (SecurityCheckPropertyAccess(client, pWin, stuff->property, +#ifdef XACE + switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, SecurityWriteAccess)) { case SecurityErrorOperation: @@ -501,13 +501,13 @@ ProcGetProperty(ClientPtr client) if (!pProp) return NullPropertyReply(client, None, 0, &reply); -#ifdef XCSECURITY +#ifdef XACE { Mask access_mode = SecurityReadAccess; if (stuff->delete) access_mode |= SecurityDestroyAccess; - switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, + switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, access_mode)) { case SecurityErrorOperation: @@ -663,8 +663,8 @@ ProcDeleteProperty(register ClientPtr client) return (BadAtom); } -#ifdef XCSECURITY - switch(SecurityCheckPropertyAccess(client, pWin, stuff->property, +#ifdef XACE + switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property, SecurityDestroyAccess)) { case SecurityErrorOperation: diff --git a/dix/resource.c b/dix/resource.c index 39374cc8d..b2d01c8f3 100644 --- a/dix/resource.c +++ b/dix/resource.c @@ -120,6 +120,9 @@ Equipment Corporation. #include "panoramiX.h" #include "panoramiXsrv.h" #endif +#ifdef XACE +#include "xace.h" +#endif #include static void RebuildTable( @@ -818,8 +821,6 @@ LegalNewID(XID id, register ClientPtr client) !LookupIDByClass(id, RC_ANY))); } -#ifdef XCSECURITY - /* SecurityLookupIDByType and SecurityLookupIDByClass: * These are the heart of the resource ID security system. They take * two additional arguments compared to the old LookupID functions: @@ -835,10 +836,6 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode) register ResourcePtr res; pointer retval = NULL; - assert(client == NullClient || - (client->index <= currentMaxClients && clients[client->index] == client)); - assert( (rtype & TypeMask) <= lastResourceType); - if (((cid = CLIENT_ID(id)) < MAXCLIENTS) && clientTable[cid].buckets) { @@ -851,8 +848,11 @@ SecurityLookupIDByType(ClientPtr client, XID id, RESTYPE rtype, Mask mode) break; } } - if (retval && client && client->CheckAccess) - retval = (* client->CheckAccess)(client, id, rtype, mode, retval); +#ifdef XACE + if (retval && client && + !XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval)) + retval = NULL; +#endif return retval; } @@ -864,10 +864,6 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode) register ResourcePtr res = NULL; pointer retval = NULL; - assert(client == NullClient || - (client->index <= currentMaxClients && clients[client->index] == client)); - assert (classes >= lastResourceClass); - if (((cid = CLIENT_ID(id)) < MAXCLIENTS) && clientTable[cid].buckets) { @@ -880,8 +876,11 @@ SecurityLookupIDByClass(ClientPtr client, XID id, RESTYPE classes, Mask mode) break; } } - if (retval && client && client->CheckAccess) - retval = (* client->CheckAccess)(client, id, res->type, mode, retval); +#ifdef XACE + if (retval && client && + !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval)) + retval = NULL; +#endif return retval; } @@ -902,50 +901,3 @@ LookupIDByClass(XID id, RESTYPE classes) return SecurityLookupIDByClass(NullClient, id, classes, SecurityUnknownAccess); } - -#else /* not XCSECURITY */ - -/* - * LookupIDByType returns the object with the given id and type, else NULL. - */ -pointer -LookupIDByType(XID id, RESTYPE rtype) -{ - int cid; - register ResourcePtr res; - - if (((cid = CLIENT_ID(id)) < MAXCLIENTS) && - clientTable[cid].buckets) - { - res = clientTable[cid].resources[Hash(cid, id)]; - - for (; res; res = res->next) - if ((res->id == id) && (res->type == rtype)) - return res->value; - } - return (pointer)NULL; -} - -/* - * LookupIDByClass returns the object with the given id and any one of the - * given classes, else NULL. - */ -pointer -LookupIDByClass(XID id, RESTYPE classes) -{ - int cid; - register ResourcePtr res; - - if (((cid = CLIENT_ID(id)) < MAXCLIENTS) && - clientTable[cid].buckets) - { - res = clientTable[cid].resources[Hash(cid, id)]; - - for (; res; res = res->next) - if ((res->id == id) && (res->type & classes)) - return res->value; - } - return (pointer)NULL; -} - -#endif /* XCSECURITY */ diff --git a/dix/window.c b/dix/window.c index 0beeb3a4d..3dfeda36e 100644 --- a/dix/window.c +++ b/dix/window.c @@ -126,8 +126,8 @@ Equipment Corporation. #ifdef XAPPGROUP #include "appgroup.h" #endif -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif /****** @@ -530,6 +530,10 @@ InitRootWindow(WindowPtr pWin) /* We SHOULD check for an error value here XXX */ (*pScreen->ChangeWindowAttributes)(pWin, backFlag); +#ifdef XACE + XaceHook(XACE_WINDOW_INIT, serverClient, pWin); +#endif + MapWindow(pWin, serverClient); } @@ -731,11 +735,11 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w, } pWin->borderWidth = bw; -#ifdef XCSECURITY +#ifdef XACE /* can't let untrusted clients have background None windows; * they make it too easy to steal window contents */ - if (client->trustLevel != XSecurityClientTrusted) + if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) { pWin->backgroundState = BackgroundPixel; pWin->background.pixel = 0; @@ -762,6 +766,10 @@ CreateWindow(Window wid, register WindowPtr pParent, int x, int y, unsigned w, REGION_NULL(pScreen, &pWin->winSize); REGION_NULL(pScreen, &pWin->borderSize); +#ifdef XACE + XaceHook(XACE_WINDOW_INIT, client, pWin); +#endif + pHead = RealChildHead(pParent); if (pHead) { @@ -1025,9 +1033,9 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt borderRelative = TRUE; if (pixID == None) { -#ifdef XCSECURITY +#ifdef XACE /* can't let untrusted clients have background None windows */ - if (client->trustLevel == XSecurityClientTrusted) + if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) { #endif if (pWin->backgroundState == BackgroundPixmap) @@ -1036,7 +1044,7 @@ ChangeWindowAttributes(register WindowPtr pWin, Mask vmask, XID *vlist, ClientPt MakeRootTile(pWin); else pWin->backgroundState = None; -#ifdef XCSECURITY +#ifdef XACE } else { /* didn't change the background to None, so don't tell ddx */ @@ -2724,13 +2732,9 @@ MapWindow(register WindowPtr pWin, ClientPtr client) if (pWin->mapped) return(Success); -#ifdef XCSECURITY - /* don't let an untrusted client map a child-of-trusted-window, InputOnly - * window; too easy to steal device input - */ - if ( (client->trustLevel != XSecurityClientTrusted) && - (pWin->drawable.class == InputOnly) && - (wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) ) +#ifdef XACE + /* general check for permission to map window */ + if (!XaceHook(XACE_MAP_ACCESS, client, pWin)) return Success; #endif diff --git a/fb/fbimage.c b/fb/fbimage.c index bf5c06b57..3b4a07c3d 100644 --- a/fb/fbimage.c +++ b/fb/fbimage.c @@ -68,7 +68,7 @@ fbPutImage (DrawablePtr pDrawable, break; case XYPixmap: srcStride = BitmapBytePad(w + leftPad) / sizeof (FbStip); - for (i = 1 << (pDrawable->depth - 1); i; i >>= 1) + for (i = (unsigned long)1 << (pDrawable->depth - 1); i; i >>= 1) { if (i & pGC->planemask) { diff --git a/hw/dmx/Makefile.am b/hw/dmx/Makefile.am index 81b62f1fe..d36647b54 100644 --- a/hw/dmx/Makefile.am +++ b/hw/dmx/Makefile.am @@ -83,6 +83,7 @@ Xdmx_LDADD = $(XORG_CORE_LIBS) \ Xdmx_CFLAGS = \ -DHAVE_DMX_CONFIG_H \ + $(DIX_CFLAGS) \ $(GLX_INCS) \ $(GLX_DEFS) \ @DMXMODULES_CFLAGS@ diff --git a/hw/dmx/dmx.h b/hw/dmx/dmx.h index 18e75de90..becb2da38 100644 --- a/hw/dmx/dmx.h +++ b/hw/dmx/dmx.h @@ -51,6 +51,10 @@ #ifndef DMX_H #define DMX_H +#if HAVE_DMX_CONFIG_H +#include +#endif + #include "gcstruct.h" /* Handle client-side include files in one place. */ diff --git a/hw/xfree86/common/xf86.h b/hw/xfree86/common/xf86.h index 4903791f2..458750007 100644 --- a/hw/xfree86/common/xf86.h +++ b/hw/xfree86/common/xf86.h @@ -36,6 +36,12 @@ #ifndef _XF86_H #define _XF86_H +#if HAVE_XORG_CONFIG_H +#include +#elif HAVE_DIX_CONFIG_H +#include +#endif + #include "xf86str.h" #include "xf86Opt.h" #include diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h index bb68bcb9d..41f060b2a 100644 --- a/hw/xfree86/dixmods/extmod/modinit.h +++ b/hw/xfree86/dixmods/extmod/modinit.h @@ -125,7 +125,12 @@ extern void ShmRegisterFuncs( ShmFuncsPtr funcs); #endif +#ifdef XACE +extern void XaceExtensionInit(INITARGS); +#endif + #if 1 +extern void SecurityExtensionSetup(INITARGS); extern void SecurityExtensionInit(INITARGS); #endif diff --git a/hw/xfree86/loader/dixsym.c b/hw/xfree86/loader/dixsym.c index 22fe501f3..27a3093b1 100644 --- a/hw/xfree86/loader/dixsym.c +++ b/hw/xfree86/loader/dixsym.c @@ -162,7 +162,7 @@ _X_HIDDEN void *dixLookupTab[] = { SYMFUNC(QueueWorkProc) SYMFUNC(RegisterBlockAndWakeupHandlers) SYMFUNC(RemoveBlockAndWakeupHandlers) -#ifdef XCSECURITY +#ifdef XACE SYMFUNC(SecurityLookupDrawable) SYMFUNC(SecurityLookupWindow) #endif @@ -255,6 +255,8 @@ _X_HIDDEN void *dixLookupTab[] = { SYMFUNC(GetScratchPixmapHeader) SYMFUNC(FreeScratchPixmapHeader) /* privates.c */ + SYMFUNC(AllocateExtensionPrivate) + SYMFUNC(AllocateExtensionPrivateIndex) SYMFUNC(AllocateClientPrivate) SYMFUNC(AllocateClientPrivateIndex) SYMFUNC(AllocateGCPrivate) @@ -282,10 +284,8 @@ _X_HIDDEN void *dixLookupTab[] = { SYMFUNC(LookupIDByType) SYMFUNC(LookupIDByClass) SYMFUNC(LegalNewID) -#ifdef XCSECURITY SYMFUNC(SecurityLookupIDByClass) SYMFUNC(SecurityLookupIDByType) -#endif SYMFUNC(FindClientResourcesByType) SYMFUNC(FindAllClientResources) SYMVAR(lastResourceType) diff --git a/hw/xfree86/os-support/bus/linuxPci.c b/hw/xfree86/os-support/bus/linuxPci.c index a3c07f330..a97e6f0c9 100644 --- a/hw/xfree86/os-support/bus/linuxPci.c +++ b/hw/xfree86/os-support/bus/linuxPci.c @@ -83,7 +83,13 @@ static pciBusFuncs_t linuxFuncs0 = { /* pciAddrBusToHost */ linuxPpcBusAddrToHostAddr, #else /* pciAddrHostToBus */ pciAddrNOOP, +/* linuxTransAddrBusToHost is busted on sparc64 but the PCI rework tree + * makes it all moot, so we kludge it for now */ +#if defined(__sparc64__) +/* pciAddrBusToHost */ pciAddrNOOP, +#else /* pciAddrBusToHost */ linuxTransAddrBusToHost, +#endif /* __sparc64__ */ #endif /* pciControlBridge */ NULL, diff --git a/hw/xfree86/parser/Makefile.am b/hw/xfree86/parser/Makefile.am index acda83d27..46ef79060 100644 --- a/hw/xfree86/parser/Makefile.am +++ b/hw/xfree86/parser/Makefile.am @@ -1,5 +1,8 @@ if INSTALL_LIBXF86CONFIG lib_LIBRARIES = libxf86config.a +LIBHEADERS = \ + xf86Optrec.h \ + xf86Parser.h else noinst_LIBRARIES = libxf86config.a endif @@ -32,3 +35,6 @@ EXTRA_DIST = \ xf86Parser.h \ xf86tokens.h \ cpconfig.c + +sdk_HEADERS = \ + $(LIBHEADERS) diff --git a/hw/xnest/Makefile.am b/hw/xnest/Makefile.am index b237788bc..d40d122f4 100644 --- a/hw/xnest/Makefile.am +++ b/hw/xnest/Makefile.am @@ -51,7 +51,7 @@ Xnest_LDFLAGS = AM_CFLAGS = -DHAVE_XNEST_CONFIG_H \ -DNO_HW_ONLY_EXTS \ - \ + $(DIX_CFLAGS) \ $(XNESTMODULES_CFLAGS) EXTRA_DIST = os2Stub.c \ diff --git a/hw/xprint/config/C/print/models/PS2PDFspooldir-GS/Makefile.am b/hw/xprint/config/C/print/models/PS2PDFspooldir-GS/Makefile.am index 37b57d7bb..2b73b9dad 100644 --- a/hw/xprint/config/C/print/models/PS2PDFspooldir-GS/Makefile.am +++ b/hw/xprint/config/C/print/models/PS2PDFspooldir-GS/Makefile.am @@ -1,3 +1,4 @@ xpcdir = @xpconfigdir@/C/print/models/PS2PDFspooldir-GS -dist_xpc_DATA = model-config ps2pdf_spooltodir.sh +dist_xpc_DATA = model-config +dist_xpc_SCRIPTS = ps2pdf_spooltodir.sh diff --git a/hw/xprint/config/C/print/models/PSspooldir/Makefile.am b/hw/xprint/config/C/print/models/PSspooldir/Makefile.am index 52313aa23..717cd2c36 100644 --- a/hw/xprint/config/C/print/models/PSspooldir/Makefile.am +++ b/hw/xprint/config/C/print/models/PSspooldir/Makefile.am @@ -1,3 +1,4 @@ xpcdir = @xpconfigdir@/C/print/models/PSspooldir -dist_xpc_DATA = model-config spooltodir.sh +dist_xpc_DATA = model-config +dist_xpc_SCRIPTS = spooltodir.sh diff --git a/hw/xprint/config/Makefile.am b/hw/xprint/config/Makefile.am index a5ea214c4..197d19de0 100644 --- a/hw/xprint/config/Makefile.am +++ b/hw/xprint/config/Makefile.am @@ -709,4 +709,4 @@ install-data-local: remove-links uninstall-hook: remove-links -EXTRA_DIST = README +dist_xpconfig_DATA = README diff --git a/hw/xprint/doc/Xprt.html b/hw/xprint/doc/Xprt.html index f84a3c134..2aa0c9e3c 100644 --- a/hw/xprint/doc/Xprt.html +++ b/hw/xprint/doc/Xprt.html @@ -4,7 +4,7 @@ applications to use devices like printers, FAX or create documents in formats like PostScript, PCL or PDF. It may be used by clients such as mozilla. -

Xprint is a very flexible, extensible, scaleable, client/server +

Xprint is a very flexible, extensible, scalable, client/server print system based on ISO 10175 (and some other specs) and the X11 rendering protocol. Using Xprint an application can search, query and use devices like @@ -44,11 +44,11 @@ font databases.

-pn

permits the server to continue running if it fails to establish all of its well-known sockets (connection points for clients), but establishes at least - one.

-XpFile file

Sets an altername Xprinters file (see section FILES).

-XpSpoolerType spoolername

+ one.

-XpFile file

Sets an alternate Xprinters file (see section FILES).

-XpSpoolerType spoolername

Defines the spooler system to be used for print job spooling. Supported values in xprint.mozdev.org release 009 are:

aix
aix4
bsd
osf
solaris
sysv
uxp
cups
lprng
other
none

- (multiple values can be specified, seperated by ':', the first active spooler will be chosen). + (multiple values can be specified, separated by ':', the first active spooler will be chosen). The default value is platform-specific and can be obtained via 

Xprt -h

.

ENVIRONMENT

diff --git a/hw/xprint/doc/Xprt.man.pre b/hw/xprint/doc/Xprt.man.pre index 7599a1344..837619cb2 100644 --- a/hw/xprint/doc/Xprt.man.pre +++ b/hw/xprint/doc/Xprt.man.pre @@ -20,7 +20,7 @@ applications to use devices like printers, FAX or create documents in formats like PostScript, PCL or PDF. It may be used by clients such as mozilla. .PP -Xprint is a very flexible, extensible, scaleable, client/server +Xprint is a very flexible, extensible, scalable, client/server print system based on ISO 10175 (and some other specs) and the X11 rendering protocol. Using Xprint an application can search, query and use devices like @@ -85,7 +85,7 @@ points for clients), but establishes at least one. .TP \fB\-XpFile \fIfile\fB\fR -Sets an altername Xprinters file (see section FILES). +Sets an alternate Xprinters file (see section FILES). .TP \fB\-XpSpoolerType \fIspoolername\fB\fR Defines the spooler system to be used for print job spooling. @@ -113,7 +113,7 @@ other none -(multiple values can be specified, seperated by ':', the first active spooler will be chosen). +(multiple values can be specified, separated by ':', the first active spooler will be chosen). The default value is platform-specific and can be obtained via .nf diff --git a/hw/xprint/doc/Xprt.sgml b/hw/xprint/doc/Xprt.sgml index 0ffa39fcb..a62499263 100644 --- a/hw/xprint/doc/Xprt.sgml +++ b/hw/xprint/doc/Xprt.sgml @@ -55,7 +55,7 @@ HTML generation can be done like this: clients such as mozilla. - Xprint is a very flexible, extensible, scaleable, client/server + Xprint is a very flexible, extensible, scalable, client/server print system based on ISO 10175 (and some other specs) and the X11 rendering protocol. Using Xprint an application can search, query and use devices like @@ -155,7 +155,7 @@ HTML generation can be done like this: - Sets an altername Xprinters file (see section FILES). + Sets an alternate Xprinters file (see section FILES). @@ -178,7 +178,7 @@ HTML generation can be done like this: other none - (multiple values can be specified, seperated by ':', the first active spooler will be chosen). + (multiple values can be specified, separated by ':', the first active spooler will be chosen). The default value is platform-specific and can be obtained via Xprt -h. diff --git a/hw/xprint/etc/Xsession.d/cde_xsessiond_xprint.sh b/hw/xprint/etc/Xsession.d/cde_xsessiond_xprint.sh index 3fb6bba7c..54c431d5c 100644 --- a/hw/xprint/etc/Xsession.d/cde_xsessiond_xprint.sh +++ b/hw/xprint/etc/Xsession.d/cde_xsessiond_xprint.sh @@ -22,8 +22,8 @@ # Obtain list of Xprint servers # -if [ -f "/etc/init.d/xprint" ] ; then - XPSERVERLIST="`/bin/sh /etc/init.d/xprint get_xpserverlist`" +if [ -x "/etc/init.d/xprint" ] ; then + XPSERVERLIST="`/etc/init.d/xprint get_xpserverlist`" export XPSERVERLIST fi diff --git a/include/dix-config.h.in b/include/dix-config.h.in index 69dc674a9..571a86719 100644 --- a/include/dix-config.h.in +++ b/include/dix-config.h.in @@ -308,6 +308,9 @@ /* unaligned word accesses behave as expected */ #undef WORKING_UNALIGNED_INT +/* Build X-ACE extension */ +#undef XACE + /* Support XCMisc extension */ #undef XCMISC diff --git a/include/dix.h b/include/dix.h index 99f77f404..f346b43a2 100644 --- a/include/dix.h +++ b/include/dix.h @@ -87,12 +87,9 @@ SOFTWARE. ((client->lastDrawableID == did) ? \ client->lastDrawable : (DrawablePtr)LookupDrawable(did, client)) -#ifdef XCSECURITY +#ifdef XACE #define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\ - if (client->lastDrawableID == did && !client->trustLevel)\ - pDraw = client->lastDrawable;\ - else \ {\ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ RC_DRAWABLE, mode);\ @@ -106,9 +103,6 @@ SOFTWARE. } #define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\ - if (client->lastDrawableID == did && !client->trustLevel)\ - pDraw = client->lastDrawable;\ - else \ {\ pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \ RC_DRAWABLE, mode);\ @@ -120,9 +114,6 @@ SOFTWARE. } #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ - if (client->lastGCID == rid && !client->trustLevel)\ - pGC = client->lastGC;\ - else\ pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\ if (!pGC)\ {\ @@ -139,7 +130,7 @@ SOFTWARE. #define VERIFY_GC(pGC, rid, client)\ SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess) -#else /* not XCSECURITY */ +#else /* not XACE */ #define VERIFY_DRAWABLE(pDraw, did, client)\ if (client->lastDrawableID == did)\ @@ -189,7 +180,7 @@ SOFTWARE. #define SECURITY_VERIFY_GC(pGC, rid, client, mode)\ VERIFY_GC(pGC, rid, client) -#endif /* XCSECURITY */ +#endif /* XACE */ /* * We think that most hardware implementations of DBE will want @@ -384,7 +375,7 @@ extern int CompareISOLatin1Lowered( unsigned char * /*b*/, int blen); -#ifdef XCSECURITY +#ifdef XACE extern WindowPtr SecurityLookupWindow( XID /*rid*/, @@ -420,7 +411,7 @@ extern pointer LookupDrawable( #define SecurityLookupDrawable(rid, client, access_mode) \ LookupDrawable(rid, client) -#endif /* XCSECURITY */ +#endif /* XACE */ extern ClientPtr LookupClient( XID /*rid*/, diff --git a/include/dixstruct.h b/include/dixstruct.h index 9645a9be3..b5ffcca49 100644 --- a/include/dixstruct.h +++ b/include/dixstruct.h @@ -128,16 +128,6 @@ typedef struct _Client { int requestLogIndex; #endif unsigned long replyBytesRemaining; -#ifdef XCSECURITY - XID authId; - unsigned int trustLevel; - pointer (* CheckAccess)( - ClientPtr /*pClient*/, - XID /*id*/, - RESTYPE /*classes*/, - Mask /*access_mode*/, - pointer /*resourceval*/); -#endif #ifdef XAPPGROUP struct _AppGroupRec* appgroup; #endif diff --git a/include/extension.h b/include/extension.h index 6e6081740..74975c50b 100644 --- a/include/extension.h +++ b/include/extension.h @@ -58,6 +58,14 @@ extern Bool EnableDisableExtension(char *name, Bool enable); extern void EnableDisableExtensionError(char *name, Bool enable); +extern void ResetExtensionPrivates(void); + +extern int AllocateExtensionPrivateIndex(void); + +extern Bool AllocateExtensionPrivate( + int /*index*/, + unsigned /*amount*/); + extern void InitExtensions(int argc, char **argv); extern void InitVisualWrap(void); diff --git a/include/extnsionst.h b/include/extnsionst.h index 8873f0cf9..38d4bd7d9 100644 --- a/include/extnsionst.h +++ b/include/extnsionst.h @@ -48,6 +48,7 @@ SOFTWARE. #ifndef EXTENSIONSTRUCT_H #define EXTENSIONSTRUCT_H +#include "dix.h" #include "misc.h" #include "screenint.h" #include "extension.h" @@ -68,9 +69,7 @@ typedef struct _ExtensionEntry { pointer extPrivate; unsigned short (* MinorOpcode)( /* called for errors */ ClientPtr /* client */); -#ifdef XCSECURITY - Bool secure; /* extension visible to untrusted clients? */ -#endif + DevUnion *devPrivates; } ExtensionEntry; /* @@ -127,6 +126,7 @@ extern Bool AddExtensionAlias( ExtensionEntry * /*extension*/); extern ExtensionEntry *CheckExtension(const char *extname); +extern ExtensionEntry *GetExtensionEntry(int major); extern ExtensionLookupProc LookupProc( char* /*name*/, diff --git a/include/resource.h b/include/resource.h index f513141c0..fd0caaeb5 100644 --- a/include/resource.h +++ b/include/resource.h @@ -225,8 +225,6 @@ extern pointer LookupClientResourceComplex( #define SecurityWriteAccess (1<<1) /* changing the object */ #define SecurityDestroyAccess (1<<2) /* destroying the object */ -#ifdef XCSECURITY - extern pointer SecurityLookupIDByType( ClientPtr /*client*/, XID /*id*/, @@ -239,15 +237,6 @@ extern pointer SecurityLookupIDByClass( RESTYPE /*classes*/, Mask /*access_mode*/); -#else /* not XCSECURITY */ - -#define SecurityLookupIDByType(client, id, rtype, access_mode) \ - LookupIDByType(id, rtype) - -#define SecurityLookupIDByClass(client, id, classes, access_mode) \ - LookupIDByClass(id, classes) - -#endif /* XCSECURITY */ extern void GetXIDRange( int /*client*/, diff --git a/mi/mieq.c b/mi/mieq.c index a7c6f9a51..a69ce7037 100644 --- a/mi/mieq.c +++ b/mi/mieq.c @@ -32,6 +32,10 @@ in this Software without prior written authorization from The Open Group. * */ +#if HAVE_DIX_CONFIG_H +#include +#endif + # define NEED_EVENTS # include # include diff --git a/mi/miinitext.c b/mi/miinitext.c index 80bacaa7a..aafd014ae 100644 --- a/mi/miinitext.c +++ b/mi/miinitext.c @@ -241,6 +241,9 @@ typedef void (*InitExtension)(INITARGS); #define _XAG_SERVER_ #include #endif +#ifdef XACE +#include "xace.h" +#endif #ifdef XCSECURITY #include "securitysrv.h" #include @@ -311,7 +314,11 @@ extern void DbeExtensionInit(INITARGS); #ifdef XAPPGROUP extern void XagExtensionInit(INITARGS); #endif +#ifdef XACE +extern void XaceExtensionInit(INITARGS); +#endif #ifdef XCSECURITY +extern void SecurityExtensionSetup(INITARGS); extern void SecurityExtensionInit(INITARGS); #endif #ifdef XPRINT @@ -522,6 +529,9 @@ InitExtensions(argc, argv) int argc; char *argv[]; { +#ifdef XCSECURITY + SecurityExtensionSetup(); +#endif #ifdef PANORAMIX # if !defined(PRINT_ONLY_SERVER) && !defined(NO_PANORAMIX) if (!noPanoramiXExtension) PanoramiXExtensionInit(); @@ -584,6 +594,9 @@ InitExtensions(argc, argv) #ifdef XAPPGROUP if (!noXagExtension) XagExtensionInit(); #endif +#ifdef XACE + XaceExtensionInit(); +#endif #ifdef XCSECURITY if (!noSecurityExtension) SecurityExtensionInit(); #endif @@ -686,8 +699,11 @@ static ExtensionModule staticExtensions[] = { #ifdef XAPPGROUP { XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL }, #endif +#ifdef XACE + { XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL }, +#endif #ifdef XCSECURITY - { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL }, + { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, SecurityExtensionSetup, NULL }, #endif #ifdef XPRINT { XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL }, diff --git a/os/access.c b/os/access.c index 69e305182..cdb17589c 100644 --- a/os/access.c +++ b/os/access.c @@ -202,8 +202,8 @@ SOFTWARE. #include "dixstruct.h" #include "osdep.h" -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif #ifndef PATH_MAX @@ -1386,15 +1386,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client) pointer addr; register HOST *host; -#ifdef XCSECURITY - /* untrusted clients can't change host access */ - if (client->trustLevel != XSecurityClientTrusted) - { - SecurityAudit("client %d attempted to change host access\n", - client->index); - return FALSE; - } -#endif if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, ¬used, &alen, &from)) { @@ -1537,6 +1528,11 @@ AuthorizedClient(ClientPtr client) { if (!client || defeatAccessControl) return TRUE; +#ifdef XACE + /* untrusted clients can't change host access */ + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess)) + return FALSE; +#endif return LocalClient(client); } diff --git a/os/connection.c b/os/connection.c index b64cda196..571ba58ab 100644 --- a/os/connection.c +++ b/os/connection.c @@ -148,6 +148,9 @@ extern __const__ int _nfiles; #ifdef XAPPGROUP #include "appgroup.h" #endif +#ifdef XACE +#include "xace.h" +#endif #ifdef XCSECURITY #include "securitysrv.h" #endif @@ -690,9 +693,8 @@ ClientAuthorized(ClientPtr client, /* indicate to Xdmcp protocol that we've opened new client */ XdmcpOpenDisplay(priv->fd); #endif /* XDMCP */ -#ifdef XAPPGROUP - if (ClientStateCallback) - XagCallClientStateChange (client); +#ifdef XACE + XaceHook(XACE_AUTH_AVAIL, client, auth_id); #endif /* At this point, if the client is authorized to change the access control * list, we should getpeername() information, and add the client to