xserver: Branch 'XACE-modular' - 13 commits
Alan Coopersmith
alanc at kemper.freedesktop.org
Tue Jun 20 03:25:26 EEST 2006
.gitignore | 14 -
Xext/appgroup.c | 82 ++-----
Xext/security.c | 400 +++++++++++++++++-------------------
dix/devices.c | 22 -
dix/dispatch.c | 41 +--
dix/dixutils.c | 36 ---
dix/events.c | 25 +-
dix/extension.c | 59 ++---
dix/property.c | 25 +-
dix/resource.c | 19 +
dix/window.c | 25 --
exa/exa_migration.c | 2
fb/fbcompose.c | 29 +-
fb/fbpict.c | 50 ++++
hw/xfree86/dixmods/extmod/modinit.h | 5
hw/xfree86/i2c/fi1236.c | 8
hw/xfree86/i2c/fi1236.h | 1
hw/xfree86/i2c/tda9850.c | 2
include/dix.h | 19 -
include/dixstruct.h | 11
include/extnsionst.h | 3
include/resource.h | 6
mi/miinitext.c | 18 +
os/access.c | 19 -
os/connection.c | 8
render/picture.h | 84 +++----
render/picturestr.h | 2
27 files changed, 504 insertions(+), 511 deletions(-)
New commits:
diff-tree f818e0ab60da3779ab2602c6e6d3ff261b50917e (from 0707eb33d6826e1300a905edea28c12134600b12)
Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
Date: Wed May 5 20:07:37 2004 +0000
Modify XC-SECURITY and XC-APPGROUP extensions to work with XACE
(cherry picked from 0106715000196c7b349a0b4494b61545f0f5e138 commit)
diff --git a/Xext/appgroup.c b/Xext/appgroup.c
index 86bd36e..40096ae 100644
--- a/Xext/appgroup.c
+++ b/Xext/appgroup.c
@@ -44,6 +44,7 @@ from The Open Group.
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#include <X11/extensions/Xagsrv.h>
+#include "xacestr.h"
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
#include <X11/Xfuncproto.h>
@@ -129,62 +130,11 @@ void XagClientStateChange(
pointer nulldata,
pointer calldata)
{
- SecurityAuthorizationPtr pAuth;
NewClientInfoRec* pci = (NewClientInfoRec*) calldata;
ClientPtr pClient = pci->client;
- AppGroupPtr pAppGrp;
- XID authId = 0;
+ AppGroupPtr pAppGrp = pClient->appgroup;
int slot;
- if (!pClient->appgroup) {
- switch (pClient->clientState) {
-
- case ClientStateAuthenticating:
- case ClientStateRunning:
- case ClientStateCheckingSecurity:
- return;
-
- case ClientStateInitial:
- case ClientStateCheckedSecurity:
- /*
- * If the client is connecting via a firewall proxy (which
- * uses XC-QUERY-SECURITY-1, then the authId is available
- * during ClientStateCheckedSecurity, otherwise it's
- * available during ClientStateInitial.
- *
- * Don't get it from pClient because can't guarantee the order
- * of the callbacks and the security extension might not have
- * plugged it in yet.
- */
- authId = AuthorizationIDOfClient(pClient);
- break;
-
- case ClientStateGone:
- case ClientStateRetained:
- /*
- * Don't get if from AuthorizationIDOfClient because can't
- * guarantee the order of the callbacks and the security
- * extension may have torn down the client's private data
- */
- authId = pClient->authId;
- break;
- }
-
- if (authId == None)
- return;
-
- pAuth = (SecurityAuthorizationPtr)SecurityLookupIDByType(pClient,
- authId, SecurityAuthorizationResType, SecurityReadAccess);
-
- if (pAuth == NULL)
- return;
-
- for (pAppGrp = appGrpList; pAppGrp != NULL; pAppGrp = pAppGrp->next)
- if (pAppGrp->appgroupId == pAuth->group) break;
- } else {
- pAppGrp = pClient->appgroup;
- }
-
if (!pAppGrp)
return;
@@ -255,6 +205,7 @@ XagExtensionInit(INITARGS)
StandardMinorOpcode)) {
#endif
RT_APPGROUP = CreateNewResourceType (XagAppGroupFree);
+ XaceRegisterCallback(XACE_AUTH_AVAIL, XagCallClientStateChange, NULL);
}
}
@@ -821,12 +772,33 @@ void XagGetDeltaInfo(
}
void XagCallClientStateChange(
- ClientPtr client)
+ CallbackListPtr *pcbl,
+ pointer nulldata,
+ pointer calldata)
{
- if (appGrpList) {
+ XaceAuthAvailRec* rec = (XaceAuthAvailRec*) calldata;
+ ClientPtr pClient = rec->client;
+
+ if (!pClient->appgroup) {
+ SecurityAuthorizationPtr pAuth;
+ XID authId = rec->authId;
+
+ /* can't use SecurityLookupIDByType here -- client
+ * security state hasn't been setup yet.
+ */
+ pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId,
+ SecurityAuthorizationResType);
+ if (!pAuth)
+ return;
+
+ pClient->appgroup = (AppGroupPtr)LookupIDByType(pAuth->group,
+ RT_APPGROUP);
+ }
+
+ if (pClient->appgroup) {
NewClientInfoRec clientinfo;
- clientinfo.client = client;
+ clientinfo.client = pClient;
XagClientStateChange (NULL, NULL, (pointer)&clientinfo);
}
}
diff --git a/Xext/security.c b/Xext/security.c
index 48a45d0..957f083 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -39,6 +39,7 @@ in this Software without prior written a
#include "gcstruct.h"
#include "colormapst.h"
#include "propertyst.h"
+#include "xacestr.h"
#define _SECURITY_SERVER
#include <X11/extensions/securstr.h>
#include <assert.h>
@@ -61,6 +62,17 @@ in this Software without prior written a
static int SecurityErrorBase; /* first Security error number */
static int SecurityEventBase; /* first Security event number */
+static int slot; /* Xace security state number */
+
+/* this is what we store as client security state */
+typedef struct {
+ unsigned int trustLevel;
+ XID authId;
+} SecurityClientStateRec;
+
+#define STATEPTR(obj) ((obj)->securityState[slot])
+#define TRUSTLEVEL(obj) (((SecurityClientStateRec*)STATEPTR(obj))->trustLevel)
+#define AUTHID(obj) (((SecurityClientStateRec*)STATEPTR(obj))->authId)
CallbackListPtr SecurityValidateGroupCallback = NULL; /* see security.h */
@@ -68,19 +80,8 @@ RESTYPE SecurityAuthorizationResType; /*
static RESTYPE RTEventClient;
-/* Proc vectors for untrusted clients, swapped and unswapped versions.
- * These are the same as the normal proc vectors except that extensions
- * that haven't declared themselves secure will have ProcBadRequest plugged
- * in for their major opcode dispatcher. This prevents untrusted clients
- * from guessing extension major opcodes and using the extension even though
- * the extension can't be listed or queried.
- */
-int (*UntrustedProcVector[256])(
- ClientPtr /*client*/
-);
-int (*SwappedUntrustedProcVector[256])(
- ClientPtr /*client*/
-);
+#define CALLBACK(name) static void \
+name(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
/* SecurityAudit
*
@@ -94,7 +95,7 @@ int (*SwappedUntrustedProcVector[256])(
* Writes the message to the log file if security logging is on.
*/
-void
+static void
SecurityAudit(char *format, ...)
{
va_list args;
@@ -167,7 +168,7 @@ SecurityDeleteAuthorization(
for (i = 1; i<currentMaxClients; i++)
{
- if (clients[i] && (clients[i]->authId == pAuth->id))
+ if (clients[i] && (AUTHID(clients[i]) == pAuth->id))
CloseDownClient(clients[i]);
}
@@ -321,7 +322,7 @@ ProcSecurityQueryVersion(
/* paranoia: this "can't happen" because this extension is hidden
* from untrusted clients, but just in case...
*/
- if (client->trustLevel != XSecurityClientTrusted)
+ if (TRUSTLEVEL(client) != XSecurityClientTrusted)
return BadRequest;
REQUEST_SIZE_MATCH(xSecurityQueryVersionReq);
@@ -407,7 +408,7 @@ ProcSecurityGenerateAuthorization(
/* paranoia: this "can't happen" because this extension is hidden
* from untrusted clients, but just in case...
*/
- if (client->trustLevel != XSecurityClientTrusted)
+ if (TRUSTLEVEL(client) != XSecurityClientTrusted)
return BadRequest;
/* check request length */
@@ -590,7 +591,7 @@ ProcSecurityRevokeAuthorization(
/* paranoia: this "can't happen" because this extension is hidden
* from untrusted clients, but just in case...
*/
- if (client->trustLevel != XSecurityClientTrusted)
+ if (TRUSTLEVEL(client) != XSecurityClientTrusted)
return BadRequest;
REQUEST_SIZE_MATCH(xSecurityRevokeAuthorizationReq);
@@ -775,12 +776,12 @@ SecurityDetermineEventPropogationLimits(
* An audit message is generated if access is denied.
*/
-Bool
-SecurityCheckDeviceAccess(client, dev, fromRequest)
- ClientPtr client;
- DeviceIntPtr dev;
- Bool fromRequest;
+CALLBACK(SecurityCheckDeviceAccess)
{
+ XaceDeviceAccessRec *rec = (XaceDeviceAccessRec*)calldata;
+ ClientPtr client = rec->client;
+ DeviceIntPtr dev = rec->dev;
+ Bool fromRequest = rec->fromRequest;
WindowPtr pWin, pStopWin;
Bool untrusted_got_event;
Bool found_event_window;
@@ -788,12 +789,12 @@ SecurityCheckDeviceAccess(client, dev, f
int reqtype = 0;
/* trusted clients always allowed to do anything */
- if (client->trustLevel == XSecurityClientTrusted)
- return TRUE;
+ if (TRUSTLEVEL(client) == XSecurityClientTrusted)
+ return;
/* device security other than keyboard is not implemented yet */
if (dev != inputInfo.keyboard)
- return TRUE;
+ return;
/* some untrusted client wants access */
@@ -808,7 +809,8 @@ SecurityCheckDeviceAccess(client, dev, f
case X_SetModifierMapping:
SecurityAudit("client %d attempted request %d\n",
client->index, reqtype);
- return FALSE;
+ rec->rval = FALSE;
+ return;
default:
break;
}
@@ -820,7 +822,7 @@ SecurityCheckDeviceAccess(client, dev, f
if (dev->grab)
{
untrusted_got_event =
- ((rClient(dev->grab))->trustLevel != XSecurityClientTrusted);
+ (TRUSTLEVEL(rClient(dev->grab)) != XSecurityClientTrusted);
}
else
{
@@ -835,7 +837,7 @@ SecurityCheckDeviceAccess(client, dev, f
{
found_event_window = TRUE;
client = wClient(pWin);
- if (client->trustLevel != XSecurityClientTrusted)
+ if (TRUSTLEVEL(client) != XSecurityClientTrusted)
{
untrusted_got_event = TRUE;
}
@@ -848,7 +850,7 @@ SecurityCheckDeviceAccess(client, dev, f
if (other->mask & eventmask)
{
client = rClient(other);
- if (client->trustLevel != XSecurityClientTrusted)
+ if (TRUSTLEVEL(client) != XSecurityClientTrusted)
{
untrusted_got_event = TRUE;
break;
@@ -876,8 +878,9 @@ SecurityCheckDeviceAccess(client, dev, f
else
SecurityAudit("client %d attempted to access device %d (%s)\n",
client->index, dev->id, devname);
+ rec->rval = FALSE;
}
- return untrusted_got_event;
+ return;
} /* SecurityCheckDeviceAccess */
@@ -949,20 +952,22 @@ SecurityAuditResourceIDAccess(
* Disallowed resource accesses are audited.
*/
-static pointer
-SecurityCheckResourceIDAccess(
- ClientPtr client,
- XID id,
- RESTYPE rtype,
- Mask access_mode,
- pointer rval)
+CALLBACK(SecurityCheckResourceIDAccess)
{
- int cid = CLIENT_ID(id);
- int reqtype = ((xReq *)client->requestBuffer)->reqType;
-
- if (SecurityUnknownAccess == access_mode)
- return rval; /* for compatibility, we have to allow access */
+ XaceResourceAccessRec *rec = (XaceResourceAccessRec*)calldata;
+ ClientPtr client = rec->client;
+ XID id = rec->id;
+ RESTYPE rtype = rec->rtype;
+ Mask access_mode = rec->access_mode;
+ pointer rval = rec->res;
+ int cid, reqtype;
+
+ if (TRUSTLEVEL(client) == XSecurityClientTrusted ||
+ SecurityUnknownAccess == access_mode)
+ return; /* for compatibility, we have to allow access */
+ cid = CLIENT_ID(id);
+ reqtype = ((xReq *)client->requestBuffer)->reqType;
switch (reqtype)
{ /* these are always allowed */
case X_QueryTree:
@@ -974,7 +979,7 @@ SecurityCheckResourceIDAccess(
case X_DeleteProperty:
case X_RotateProperties:
case X_ListProperties:
- return rval;
+ return;
default:
break;
}
@@ -994,15 +999,15 @@ SecurityCheckResourceIDAccess(
* competing alternative for grouping clients for security purposes is to
* use app groups. dpw
*/
- if (client->trustLevel == clients[cid]->trustLevel
+ if (TRUSTLEVEL(client) == TRUSTLEVEL(clients[cid])
#ifdef XAPPGROUP
|| (RT_COLORMAP == rtype &&
XagDefaultColormap (client) == (Colormap) id)
#endif
)
- return rval;
+ return;
else
- return SecurityAuditResourceIDAccess(client, id);
+ goto deny;
}
else /* server-owned resource - probably a default colormap or root window */
{
@@ -1038,7 +1043,7 @@ SecurityCheckResourceIDAccess(
)
)
{ /* not an ICCCM event */
- return SecurityAuditResourceIDAccess(client, id);
+ goto deny;
}
break;
} /* case X_SendEvent on root */
@@ -1056,28 +1061,31 @@ SecurityCheckResourceIDAccess(
~(PropertyChangeMask|StructureNotifyMask)) == 0)
break;
}
- return SecurityAuditResourceIDAccess(client, id);
+ goto deny;
} /* case X_ChangeWindowAttributes on root */
default:
{
/* others not allowed */
- return SecurityAuditResourceIDAccess(client, id);
+ goto deny;
}
}
} /* end server-owned window or drawable */
else if (SecurityAuthorizationResType == rtype)
{
SecurityAuthorizationPtr pAuth = (SecurityAuthorizationPtr)rval;
- if (pAuth->trustLevel != client->trustLevel)
- return SecurityAuditResourceIDAccess(client, id);
+ if (pAuth->trustLevel != TRUSTLEVEL(client))
+ goto deny;
}
else if (RT_COLORMAP != rtype)
{ /* don't allow anything else besides colormaps */
- return SecurityAuditResourceIDAccess(client, id);
+ goto deny;
}
}
- return rval;
+ return;
+ deny:
+ SecurityAuditResourceIDAccess(client, id);
+ rec->rval = FALSE; /* deny access */
} /* SecurityCheckResourceIDAccess */
@@ -1096,18 +1104,14 @@ SecurityCheckResourceIDAccess(
* If a new client is connecting, its authorization ID is copied to
* client->authID. If this is a generated authorization, its reference
* count is bumped, its timer is cancelled if it was running, and its
- * trustlevel is copied to client->trustLevel.
+ * trustlevel is copied to TRUSTLEVEL(client).
*
* If a client is disconnecting and the client was using a generated
* authorization, the authorization's reference count is decremented, and
* if it is now zero, the timer for this authorization is started.
*/
-static void
-SecurityClientStateCallback(
- CallbackListPtr *pcbl,
- pointer nulldata,
- pointer calldata)
+CALLBACK(SecurityClientStateCallback)
{
NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
ClientPtr client = pci->client;
@@ -1119,7 +1123,14 @@ SecurityClientStateCallback(
XID authId = AuthorizationIDOfClient(client);
SecurityAuthorizationPtr pAuth;
- client->authId = authId;
+ /* allocate space for security state */
+ STATEPTR(client) = xalloc(sizeof(SecurityClientStateRec));
+ if (!STATEPTR(client))
+ FatalError("Client %d: couldn't allocate security state\n",
+ client->index);
+
+ TRUSTLEVEL(client) = XSecurityClientTrusted;
+ AUTHID(client) = authId;
pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId,
SecurityAuthorizationResType);
if (pAuth)
@@ -1129,23 +1140,21 @@ SecurityClientStateCallback(
{
if (pAuth->timer) TimerCancel(pAuth->timer);
}
- client->trustLevel = pAuth->trustLevel;
- if (client->trustLevel != XSecurityClientTrusted)
- {
- client->CheckAccess = SecurityCheckResourceIDAccess;
- client->requestVector = client->swapped ?
- SwappedUntrustedProcVector : UntrustedProcVector;
- }
+ TRUSTLEVEL(client) = pAuth->trustLevel;
}
break;
}
case ClientStateGone:
case ClientStateRetained: /* client disconnected */
{
- XID authId = client->authId;
SecurityAuthorizationPtr pAuth;
+ pointer freeit;
- pAuth = (SecurityAuthorizationPtr)LookupIDByType(authId,
+ /* client may not have any state (bad authorization) */
+ if (!STATEPTR(client))
+ break;
+
+ pAuth = (SecurityAuthorizationPtr)LookupIDByType(AUTHID(client),
SecurityAuthorizationResType);
if (pAuth)
{ /* it is a generated authorization */
@@ -1155,130 +1164,78 @@ SecurityClientStateCallback(
SecurityStartAuthorizationTimer(pAuth);
}
}
+ /* free security state */
+ freeit = STATEPTR(client);
+ STATEPTR(client) = NULL;
+ xfree(freeit);
break;
}
default: break;
}
} /* SecurityClientStateCallback */
-/* SecurityCensorImage
- *
- * Called after pScreen->GetImage to prevent pieces or trusted windows from
- * being returned in image data from an untrusted window.
- *
- * Arguments:
- * client is the client doing the GetImage.
- * pVisibleRegion is the visible region of the window.
- * widthBytesLine is the width in bytes of one horizontal line in pBuf.
- * pDraw is the source window.
- * x, y, w, h is the rectangle of image data from pDraw in pBuf.
- * format is the format of the image data in pBuf: ZPixmap or XYPixmap.
- * pBuf is the image data.
- *
- * Returns: nothing.
- *
- * Side Effects:
- * Any part of the rectangle (x, y, w, h) that is outside the visible
- * region of the window will be destroyed (overwritten) in pBuf.
- */
-void
-SecurityCensorImage(client, pVisibleRegion, widthBytesLine, pDraw, x, y, w, h,
- format, pBuf)
- ClientPtr client;
- RegionPtr pVisibleRegion;
- long widthBytesLine;
- DrawablePtr pDraw;
- int x, y, w, h;
- unsigned int format;
- char * pBuf;
+CALLBACK(SecurityCheckDrawableAccess)
{
- RegionRec imageRegion; /* region representing x,y,w,h */
- RegionRec censorRegion; /* region to obliterate */
- BoxRec imageBox;
- int nRects;
+ XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
- imageBox.x1 = x;
- imageBox.y1 = y;
- imageBox.x2 = x + w;
- imageBox.y2 = y + h;
- REGION_INIT(pScreen, &imageRegion, &imageBox, 1);
- REGION_NULL(pScreen, &censorRegion);
+ if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
+ rec->rval = FALSE;
+}
- /* censorRegion = imageRegion - visibleRegion */
- REGION_SUBTRACT(pScreen, &censorRegion, &imageRegion, pVisibleRegion);
- nRects = REGION_NUM_RECTS(&censorRegion);
- if (nRects > 0)
- { /* we have something to censor */
- GCPtr pScratchGC = NULL;
- PixmapPtr pPix = NULL;
- xRectangle *pRects = NULL;
- Bool failed = FALSE;
- int depth = 1;
- int bitsPerPixel = 1;
- int i;
- BoxPtr pBox;
+CALLBACK(SecurityCheckMapAccess)
+{
+ XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
+ WindowPtr pWin = rec->pWin;
- /* convert region to list-of-rectangles for PolyFillRect */
+ if (STATEPTR(rec->client) &&
+ (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
+ (pWin->drawable.class == InputOnly) &&
+ (TRUSTLEVEL(wClient(pWin->parent)) == XSecurityClientTrusted))
- pRects = (xRectangle *)ALLOCATE_LOCAL(nRects * sizeof(xRectangle *));
- if (!pRects)
- {
- failed = TRUE;
- goto failSafe;
- }
- for (pBox = REGION_RECTS(&censorRegion), i = 0;
- i < nRects;
- i++, pBox++)
- {
- pRects[i].x = pBox->x1;
- pRects[i].y = pBox->y1 - imageBox.y1;
- pRects[i].width = pBox->x2 - pBox->x1;
- pRects[i].height = pBox->y2 - pBox->y1;
- }
+ rec->rval = FALSE;
+}
- /* use pBuf as a fake pixmap */
+CALLBACK(SecurityCheckBackgrndAccess)
+{
+ XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
- if (format == ZPixmap)
- {
- depth = pDraw->depth;
- bitsPerPixel = pDraw->bitsPerPixel;
- }
+ if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
+ rec->rval = FALSE;
+}
- pPix = GetScratchPixmapHeader(pDraw->pScreen, w, h,
- depth, bitsPerPixel,
- widthBytesLine, (pointer)pBuf);
- if (!pPix)
- {
- failed = TRUE;
- goto failSafe;
- }
+CALLBACK(SecurityCheckExtAccess)
+{
+ XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata;
- pScratchGC = GetScratchGC(depth, pPix->drawable.pScreen);
- if (!pScratchGC)
- {
- failed = TRUE;
- goto failSafe;
- }
+ if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
+ !STATEPTR(rec->ext))
- ValidateGC(&pPix->drawable, pScratchGC);
- (* pScratchGC->ops->PolyFillRect)(&pPix->drawable,
- pScratchGC, nRects, pRects);
+ rec->rval = FALSE;
+}
- failSafe:
- if (failed)
- {
- /* Censoring was not completed above. To be safe, wipe out
- * all the image data so that nothing trusted gets out.
- */
- bzero(pBuf, (int)(widthBytesLine * h));
- }
- if (pRects) DEALLOCATE_LOCAL(pRects);
- if (pScratchGC) FreeScratchGC(pScratchGC);
- if (pPix) FreeScratchPixmapHeader(pPix);
- }
- REGION_UNINIT(pScreen, &imageRegion);
- REGION_UNINIT(pScreen, &censorRegion);
-} /* SecurityCensorImage */
+CALLBACK(SecurityCheckHostlistAccess)
+{
+ XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata;
+
+ if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
+ {
+ rec->rval = FALSE;
+ if (rec->access_mode == SecurityWriteAccess)
+ SecurityAudit("client %d attempted to change host access\n",
+ rec->client->index);
+ else
+ SecurityAudit("client %d attempted to list hosts\n",
+ rec->client->index);
+ }
+}
+
+CALLBACK(SecurityDeclareExtSecure)
+{
+ XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata;
+
+ /* security state for extensions is simply a boolean trust value */
+ STATEPTR(rec->ext) = (pointer)rec->secure;
+}
/**********************************************************************/
@@ -1737,21 +1694,21 @@ SecurityMatchString(
#endif
-char
-SecurityCheckPropertyAccess(client, pWin, propertyName, access_mode)
- ClientPtr client;
- WindowPtr pWin;
- ATOM propertyName;
- Mask access_mode;
-{
+CALLBACK(SecurityCheckPropertyAccess)
+{
+ XacePropertyAccessRec *rec = (XacePropertyAccessRec*)calldata;
+ ClientPtr client = rec->client;
+ WindowPtr pWin = rec->pWin;
+ ATOM propertyName = rec->propertyName;
+ Mask access_mode = rec->access_mode;
PropertyAccessPtr pacl;
char action = SecurityDefaultAction;
/* if client trusted or window untrusted, allow operation */
- if ( (client->trustLevel == XSecurityClientTrusted) ||
- (wClient(pWin)->trustLevel != XSecurityClientTrusted) )
- return SecurityAllowOperation;
+ if ( (TRUSTLEVEL(client) == XSecurityClientTrusted) ||
+ (TRUSTLEVEL(wClient(pWin)) != XSecurityClientTrusted) )
+ return;
#ifdef PROPDEBUG
/* For testing, it's more convenient if the property rules file gets
@@ -1864,7 +1821,9 @@ SecurityCheckPropertyAccess(client, pWin
client->index, reqtype, pWin->drawable.id,
NameForAtom(propertyName), propertyName, cid, actionstr);
}
- return action;
+ /* return codes increase with strictness */
+ if (action > rec->rval)
+ rec->rval = action;
} /* SecurityCheckPropertyAccess */
@@ -1883,6 +1842,10 @@ static void
SecurityResetProc(
ExtensionEntry *extEntry)
{
+ pointer freeit = STATEPTR(serverClient);
+ STATEPTR(serverClient) = NULL;
+ xfree(freeit);
+ XaceUnregisterExtension(slot);
SecurityFreePropertyAccessList();
SecurityFreeSitePolicyStrings();
} /* SecurityResetProc */
@@ -1904,6 +1867,43 @@ XSecurityOptions(argc, argv, i)
} /* XSecurityOptions */
+/* SecurityExtensionSetup
+ *
+ * Arguments: none.
+ *
+ * Returns: nothing.
+ *
+ * Side Effects:
+ * Sets up the Security extension if possible.
+ * This function contains things that need to be done
+ * before any other extension init functions get called.
+ */
+
+void
+SecurityExtensionSetup(INITARGS)
+{
+ /* allocate space for security state (freed in SecurityResetProc) */
+ STATEPTR(serverClient) = xalloc(sizeof(SecurityClientStateRec));
+ if (!STATEPTR(serverClient))
+ FatalError("serverClient: couldn't allocate security state\n");
+
+ TRUSTLEVEL(serverClient) = XSecurityClientTrusted;
+ AUTHID(serverClient) = None;
+
+ /* register callbacks */
+#define XaceRC XaceRegisterCallback
+ XaceRC(XACE_RESOURCE_ACCESS, SecurityCheckResourceIDAccess, NULL);
+ XaceRC(XACE_DEVICE_ACCESS, SecurityCheckDeviceAccess, NULL);
+ XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL);
+ XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL);
+ XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL);
+ XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
+ XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
+ XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
+ XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL);
+ XaceRC(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, NULL);
+} /* SecurityExtensionSetup */
+
/* SecurityExtensionInit
*
@@ -1919,7 +1919,6 @@ void
SecurityExtensionInit(INITARGS)
{
ExtensionEntry *extEntry;
- int i;
SecurityAuthorizationResType =
CreateNewResourceType(SecurityDeleteAuthorization);
@@ -1935,6 +1934,10 @@ SecurityExtensionInit(INITARGS)
if (!AddCallback(&ClientStateCallback, SecurityClientStateCallback, NULL))
return;
+ slot = XaceRegisterExtension(SECURITY_EXTENSION_NAME);
+ if (slot < 0)
+ return;
+
extEntry = AddExtension(SECURITY_EXTENSION_NAME,
XSecurityNumberEvents, XSecurityNumberErrors,
ProcSecurityDispatch, SProcSecurityDispatch,
@@ -1946,25 +1949,6 @@ SecurityExtensionInit(INITARGS)
EventSwapVector[SecurityEventBase + XSecurityAuthorizationRevoked] =
(EventSwapPtr)SwapSecurityAuthorizationRevokedEvent;
- /* initialize untrusted proc vectors */
-
- for (i = 0; i < 128; i++)
- {
- UntrustedProcVector[i] = ProcVector[i];
- SwappedUntrustedProcVector[i] = SwappedProcVector[i];
- }
-
- /* make sure insecure extensions are not allowed */
-
- for (i = 128; i < 256; i++)
- {
- if (!UntrustedProcVector[i])
- {
- UntrustedProcVector[i] = ProcBadRequest;
- SwappedUntrustedProcVector[i] = ProcBadRequest;
- }
- }
-
SecurityLoadPropertyAccessList();
} /* SecurityExtensionInit */
diff-tree 0707eb33d6826e1300a905edea28c12134600b12 (from parents)
Merge: 37f0ae02457bd22b27f8f30a373e5cb19f2fbaea 98d17bba716619e3402bd74c7c3e1c01d055ef6e
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Mon Jun 19 17:09:51 2006 -0700
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver
diff-tree 37f0ae02457bd22b27f8f30a373e5cb19f2fbaea (from 8d9ccc90a54c786ca4ba5620ab0a965e3f3bc8ea)
Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
Date: Wed May 5 20:04:52 2004 +0000
Replace XC-SECURITY code with XACE security hooks
(cherry picked from 8526cd6395490b03b279f1962df777fb0e4a9878 commit)
diff --git a/dix/devices.c b/dix/devices.c
index c7d3494..324d64b 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -72,9 +72,8 @@ SOFTWARE.
#ifdef XKB
#include <X11/extensions/XKBsrv.h>
#endif
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
#include "dispatch.h"
@@ -956,8 +955,8 @@ ProcSetModifierMapping(ClientPtr client)
}
}
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess;
#endif
@@ -1073,9 +1072,8 @@ ProcChangeKeyboardMapping(ClientPtr clie
client->errorValue = stuff->keySymsPerKeyCode;
return BadValue;
}
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard,
- TRUE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return BadAccess;
#endif
keysyms.minKeyCode = stuff->firstKeyCode;
@@ -1221,8 +1219,8 @@ ProcChangeKeyboardControl (ClientPtr cli
vmask = stuff->mask;
if (client->req_len != (sizeof(xChangeKeyboardControlReq)>>2)+Ones(vmask))
return BadLength;
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(client, keybd, TRUE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, TRUE))
return BadAccess;
#endif
vlist = (XID *)&stuff[1]; /* first word of values */
@@ -1610,8 +1608,8 @@ ProcQueryKeymap(ClientPtr client)
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.length = 2;
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
bzero((char *)&rep.map[0], 32);
}
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 04e2ba1..ef97edc 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -107,9 +107,8 @@ int ProcInitialConnection();
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
@@ -1103,11 +1102,10 @@ ProcConvertSelection(register ClientPtr
CurrentSelections[i].selection != stuff->selection) i++;
if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None)
-#ifdef XCSECURITY
- && (!client->CheckAccess ||
- (* client->CheckAccess)(client, CurrentSelections[i].window,
- RT_WINDOW, SecurityReadAccess,
- CurrentSelections[i].pWin))
+#ifdef XACE
+ && XaceHook(XACE_RESOURCE_ACCESS, client,
+ CurrentSelections[i].window, RT_WINDOW,
+ SecurityReadAccess, CurrentSelections[i].pWin)
#endif
)
{
@@ -2205,9 +2203,9 @@ DoGetImage(register ClientPtr client, in
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
-#ifdef XCSECURITY
- if (client->trustLevel != XSecurityClientTrusted &&
- pDraw->type == DRAWABLE_WINDOW)
+#ifdef XACE
+ if (pDraw->type == DRAWABLE_WINDOW &&
+ !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
{
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion)
@@ -2235,9 +2233,9 @@ DoGetImage(register ClientPtr client, in
format,
planemask,
(pointer) pBuf);
-#ifdef XCSECURITY
+#ifdef XACE
if (pVisibleRegion)
- SecurityCensorImage(client, pVisibleRegion, widthBytesLine,
+ XaceCensorImage(client, pVisibleRegion, widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
#endif
@@ -2276,9 +2274,9 @@ DoGetImage(register ClientPtr client, in
format,
plane,
(pointer)pBuf);
-#ifdef XCSECURITY
+#ifdef XACE
if (pVisibleRegion)
- SecurityCensorImage(client, pVisibleRegion,
+ XaceCensorImage(client, pVisibleRegion,
widthBytesLine,
pDraw, x, y + linesDone, width,
nlines, format, pBuf);
@@ -2304,7 +2302,7 @@ DoGetImage(register ClientPtr client, in
}
}
}
-#ifdef XCSECURITY
+#ifdef XACE
if (pVisibleRegion)
REGION_DESTROY(pDraw->pScreen, pVisibleRegion);
#endif
@@ -3278,11 +3276,10 @@ ProcListHosts(register ClientPtr client)
/* REQUEST(xListHostsReq); */
REQUEST_SIZE_MATCH(xListHostsReq);
-#ifdef XCSECURITY
+#ifdef XACE
/* untrusted clients can't list hosts */
- if (client->trustLevel != XSecurityClientTrusted)
+ if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityReadAccess))
{
- SecurityAudit("client %d attempted to list hosts\n", client->index);
return BadAccess;
}
#endif
@@ -3650,10 +3647,8 @@ void InitClient(ClientPtr client, int i,
}
#endif
client->replyBytesRemaining = 0;
-#ifdef XCSECURITY
- client->trustLevel = XSecurityClientTrusted;
- client->CheckAccess = NULL;
- client->authId = 0;
+#ifdef XACE
+ XACE_STATE_INIT(client->securityState);
#endif
#ifdef XAPPGROUP
client->appgroup = NULL;
diff --git a/dix/dixutils.c b/dix/dixutils.c
index 91796ea..0a14da2 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -97,9 +97,8 @@ Author: Adobe Systems Incorporated
#include "scrnintstr.h"
#define XK_LATIN1
#include <X11/keysymdef.h>
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
/*
@@ -199,7 +198,7 @@ CompareISOLatin1Lowered(unsigned char *s
return (int) c1 - (int) c2;
}
-#ifdef XCSECURITY
+#ifdef XACE
/* SecurityLookupWindow and SecurityLookupDrawable:
* Look up the window/drawable taking into account the client doing
@@ -207,32 +206,16 @@ CompareISOLatin1Lowered(unsigned char *s
* if it exists and the client is allowed access, else return NULL.
* Most Proc* functions should be calling these instead of
* LookupWindow and LookupDrawable, which do no access checks.
+ * XACE note: need to see if client->lastDrawableID can still be used here.
*/
_X_EXPORT WindowPtr
SecurityLookupWindow(XID rid, ClientPtr client, Mask access_mode)
{
- WindowPtr pWin;
-
client->errorValue = rid;
if(rid == INVALID)
return NULL;
- if (client->trustLevel != XSecurityClientTrusted)
- return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
- if (client->lastDrawableID == rid)
- {
- if (client->lastDrawable->type == DRAWABLE_WINDOW)
- return ((WindowPtr) client->lastDrawable);
- return (WindowPtr) NULL;
- }
- pWin = (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
- if (pWin && pWin->drawable.type == DRAWABLE_WINDOW) {
- client->lastDrawable = (DrawablePtr) pWin;
- client->lastDrawableID = rid;
- client->lastGCID = INVALID;
- client->lastGC = (GCPtr)NULL;
- }
- return pWin;
+ return (WindowPtr)SecurityLookupIDByType(client, rid, RT_WINDOW, access_mode);
}
@@ -243,11 +226,6 @@ SecurityLookupDrawable(XID rid, ClientPt
if(rid == INVALID)
return (pointer) NULL;
- if (client->trustLevel != XSecurityClientTrusted)
- return (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
- access_mode);
- if (client->lastDrawableID == rid)
- return ((pointer) client->lastDrawable);
pDraw = (DrawablePtr)SecurityLookupIDByClass(client, rid, RC_DRAWABLE,
access_mode);
if (pDraw && (pDraw->type != UNDRAWABLE_WINDOW))
@@ -271,7 +249,7 @@ LookupDrawable(XID rid, ClientPtr client
return SecurityLookupDrawable(rid, client, SecurityUnknownAccess);
}
-#else /* not XCSECURITY */
+#else /* not XACE */
WindowPtr
LookupWindow(XID rid, ClientPtr client)
@@ -313,7 +291,7 @@ LookupDrawable(XID rid, ClientPtr client
return (pointer)NULL;
}
-#endif /* XCSECURITY */
+#endif /* XACE */
_X_EXPORT ClientPtr
LookupClient(XID rid, ClientPtr client)
diff --git a/dix/events.c b/dix/events.c
index b014fdb..f02c5f9 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -138,9 +138,8 @@ of the copyright holder.
extern Bool XkbFilterEvents(ClientPtr, int, xEvent *);
#endif
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
#ifdef XEVIE
@@ -2541,8 +2540,8 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo))))
{
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(wClient(pWin), device, FALSE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE;
#endif
#ifdef XKB
@@ -3350,10 +3349,10 @@ EnterLeaveEvent(
{
xKeymapEvent ke;
-#ifdef XCSECURITY
+#ifdef XACE
ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)];
- if (!SecurityCheckDeviceAccess(client, keybd, FALSE))
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
@@ -3445,9 +3444,9 @@ FocusEvent(DeviceIntPtr dev, int type, i
((pWin->eventMask | wOtherEventMasks(pWin)) & KeymapStateMask))
{
xKeymapEvent ke;
-#ifdef XCSECURITY
+#ifdef XACE
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
- if (!SecurityCheckDeviceAccess(client, dev, FALSE))
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
{
bzero((char *)&ke.map[0], 31);
}
@@ -3716,8 +3715,8 @@ ProcSetInputFocus(client)
REQUEST(xSetInputFocusReq);
REQUEST_SIZE_MATCH(xSetInputFocusReq);
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success;
#endif
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
@@ -3981,8 +3980,8 @@ ProcGrabKeyboard(ClientPtr client)
int result;
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
-#ifdef XCSECURITY
- if (!SecurityCheckDeviceAccess(client, inputInfo.keyboard, TRUE))
+#ifdef XACE
+ if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
{
result = Success;
rep.status = AlreadyGrabbed;
diff --git a/dix/extension.c b/dix/extension.c
index f6f38fc..bb20ade 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -61,9 +61,8 @@ SOFTWARE.
#include "gcstruct.h"
#include "scrnintstr.h"
#include "dispatch.h"
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
#define EXTENSION_BASE 128
@@ -147,8 +146,8 @@ AddExtension(char *name, int NumEvents,
ext->errorBase = 0;
ext->errorLast = 0;
}
-#ifdef XCSECURITY
- ext->secure = FALSE;
+#ifdef XACE
+ XACE_STATE_INIT(ext->securityState);
#endif
return(ext);
@@ -210,26 +209,27 @@ CheckExtension(const char *extname)
return NULL;
}
+/*
+ * Added as part of Xace.
+ */
+ExtensionEntry *
+GetExtensionEntry(int major)
+{
+ if (major < EXTENSION_BASE)
+ return NULL;
+ major -= EXTENSION_BASE;
+ if (major >= NumExtensions)
+ return NULL;
+ return extensions[major];
+}
+
_X_EXPORT void
DeclareExtensionSecurity(char *extname, Bool secure)
{
-#ifdef XCSECURITY
+#ifdef XACE
int i = FindExtension(extname, strlen(extname));
if (i >= 0)
- {
- int majorop = extensions[i]->base;
- extensions[i]->secure = secure;
- if (secure)
- {
- UntrustedProcVector[majorop] = ProcVector[majorop];
- SwappedUntrustedProcVector[majorop] = SwappedProcVector[majorop];
- }
- else
- {
- UntrustedProcVector[majorop] = ProcBadRequest;
- SwappedUntrustedProcVector[majorop] = ProcBadRequest;
- }
- }
+ XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
#endif
}
@@ -307,10 +307,9 @@ ProcQueryExtension(ClientPtr client)
{
i = FindExtension((char *)&stuff[1], stuff->nbytes);
if (i < 0
-#ifdef XCSECURITY
- /* don't show insecure extensions to untrusted clients */
- || (client->trustLevel == XSecurityClientUntrusted &&
- !extensions[i]->secure)
+#ifdef XACE
+ /* call callbacks to find out whether to show extension */
+ || !XaceHook(XACE_EXT_ACCESS, client, extensions[i])
#endif
)
reply.present = xFalse;
@@ -347,10 +346,9 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
-#ifdef XCSECURITY
- /* don't show insecure extensions to untrusted clients */
- if (client->trustLevel == XSecurityClientUntrusted &&
- !extensions[i]->secure)
+#ifdef XACE
+ /* call callbacks to find out whether to show extension */
+ if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
total_length += strlen(extensions[i]->name) + 1;
@@ -365,9 +363,8 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
int len;
-#ifdef XCSECURITY
- if (client->trustLevel == XSecurityClientUntrusted &&
- !extensions[i]->secure)
+#ifdef XACE
+ if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
continue;
#endif
*bufptr++ = len = strlen(extensions[i]->name);
diff --git a/dix/property.c b/dix/property.c
index e074c68..e69b8d8 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -60,9 +60,8 @@ SOFTWARE.
#include "dixstruct.h"
#include "dispatch.h"
#include "swaprep.h"
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
/*****************************************************************
@@ -121,12 +120,12 @@ ProcRotateProperties(ClientPtr client)
return(BadAlloc);
for (i = 0; i < stuff->nAtoms; i++)
{
-#ifdef XCSECURITY
- char action = SecurityCheckPropertyAccess(client, pWin, atoms[i],
+#ifdef XACE
+ char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
SecurityReadAccess|SecurityWriteAccess);
#endif
if (!ValidAtom(atoms[i])
-#ifdef XCSECURITY
+#ifdef XACE
|| (SecurityErrorOperation == action)
#endif
)
@@ -135,7 +134,7 @@ ProcRotateProperties(ClientPtr client)
client->errorValue = atoms[i];
return BadAtom;
}
-#ifdef XCSECURITY
+#ifdef XACE
if (SecurityIgnoreOperation == action)
{
DEALLOCATE_LOCAL(props);
@@ -236,8 +235,8 @@ ProcChangeProperty(ClientPtr client)
return(BadAtom);
}
-#ifdef XCSECURITY
- switch (SecurityCheckPropertyAccess(client, pWin, stuff->property,
+#ifdef XACE
+ switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityWriteAccess))
{
case SecurityErrorOperation:
@@ -504,13 +503,13 @@ ProcGetProperty(ClientPtr client)
if (!pProp)
return NullPropertyReply(client, None, 0, &reply);
-#ifdef XCSECURITY
+#ifdef XACE
{
Mask access_mode = SecurityReadAccess;
if (stuff->delete)
access_mode |= SecurityDestroyAccess;
- switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
+ switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
access_mode))
{
case SecurityErrorOperation:
@@ -666,8 +665,8 @@ ProcDeleteProperty(register ClientPtr cl
return (BadAtom);
}
-#ifdef XCSECURITY
- switch(SecurityCheckPropertyAccess(client, pWin, stuff->property,
+#ifdef XACE
+ switch(XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
SecurityDestroyAccess))
{
case SecurityErrorOperation:
diff --git a/dix/resource.c b/dix/resource.c
index bb34bc9..abe79de 100644
--- a/dix/resource.c
+++ b/dix/resource.c
@@ -123,6 +123,9 @@ Equipment Corporation.
#include "panoramiX.h"
#include "panoramiXsrv.h"
#endif
+#ifdef XACE
+#include "xace.h"
+#endif
#include <assert.h>
static void RebuildTable(
@@ -821,7 +824,7 @@ LegalNewID(XID id, register ClientPtr cl
!LookupIDByClass(id, RC_ANY)));
}
-#ifdef XCSECURITY
+#ifdef XACE
/* SecurityLookupIDByType and SecurityLookupIDByClass:
* These are the heart of the resource ID security system. They take
@@ -854,8 +857,9 @@ SecurityLookupIDByType(ClientPtr client,
break;
}
}
- if (retval && client && client->CheckAccess)
- retval = (* client->CheckAccess)(client, id, rtype, mode, retval);
+ if (retval && client &&
+ !XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, mode, retval))
+ retval = NULL;
return retval;
}
@@ -883,8 +887,9 @@ SecurityLookupIDByClass(ClientPtr client
break;
}
}
- if (retval && client && client->CheckAccess)
- retval = (* client->CheckAccess)(client, id, res->type, mode, retval);
+ if (retval && client &&
+ !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, mode, retval))
+ retval = NULL;
return retval;
}
@@ -906,7 +911,7 @@ LookupIDByClass(XID id, RESTYPE classes)
SecurityUnknownAccess);
}
-#else /* not XCSECURITY */
+#else /* not XACE */
/*
* LookupIDByType returns the object with the given id and type, else NULL.
@@ -951,4 +956,4 @@ LookupIDByClass(XID id, RESTYPE classes)
return (pointer)NULL;
}
-#endif /* XCSECURITY */
+#endif /* XACE */
diff --git a/dix/window.c b/dix/window.c
index 9fba5f8..45a8039 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -129,9 +129,8 @@ Equipment Corporation.
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
#endif
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
/******
@@ -726,11 +725,11 @@ CreateWindow(Window wid, register Window
}
pWin->borderWidth = bw;
-#ifdef XCSECURITY
+#ifdef XACE
/* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents
*/
- if (client->trustLevel != XSecurityClientTrusted)
+ if (!XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
pWin->backgroundState = BackgroundPixel;
pWin->background.pixel = 0;
@@ -1020,9 +1019,9 @@ ChangeWindowAttributes(register WindowPt
borderRelative = TRUE;
if (pixID == None)
{
-#ifdef XCSECURITY
+#ifdef XACE
/* can't let untrusted clients have background None windows */
- if (client->trustLevel == XSecurityClientTrusted)
+ if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
{
#endif
if (pWin->backgroundState == BackgroundPixmap)
@@ -1031,7 +1030,7 @@ ChangeWindowAttributes(register WindowPt
MakeRootTile(pWin);
else
pWin->backgroundState = None;
-#ifdef XCSECURITY
+#ifdef XACE
}
else
{ /* didn't change the background to None, so don't tell ddx */
@@ -2719,13 +2718,9 @@ MapWindow(register WindowPtr pWin, Clien
if (pWin->mapped)
return(Success);
-#ifdef XCSECURITY
- /* don't let an untrusted client map a child-of-trusted-window, InputOnly
- * window; too easy to steal device input
- */
- if ( (client->trustLevel != XSecurityClientTrusted) &&
- (pWin->drawable.class == InputOnly) &&
- (wClient(pWin->parent)->trustLevel == XSecurityClientTrusted) )
+#ifdef XACE
+ /* general check for permission to map window */
+ if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
return Success;
#endif
diff --git a/include/dix.h b/include/dix.h
index 0177721..56c55b3 100644
--- a/include/dix.h
+++ b/include/dix.h
@@ -89,12 +89,9 @@ SOFTWARE.
((client->lastDrawableID == did) ? \
client->lastDrawable : (DrawablePtr)LookupDrawable(did, client))
-#ifdef XCSECURITY
+#ifdef XACE
#define SECURITY_VERIFY_DRAWABLE(pDraw, did, client, mode)\
- if (client->lastDrawableID == did && !client->trustLevel)\
- pDraw = client->lastDrawable;\
- else \
{\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\
@@ -108,9 +105,6 @@ SOFTWARE.
}
#define SECURITY_VERIFY_GEOMETRABLE(pDraw, did, client, mode)\
- if (client->lastDrawableID == did && !client->trustLevel)\
- pDraw = client->lastDrawable;\
- else \
{\
pDraw = (DrawablePtr) SecurityLookupIDByClass(client, did, \
RC_DRAWABLE, mode);\
@@ -122,9 +116,6 @@ SOFTWARE.
}
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
- if (client->lastGCID == rid && !client->trustLevel)\
- pGC = client->lastGC;\
- else\
pGC = (GC *) SecurityLookupIDByType(client, rid, RT_GC, mode);\
if (!pGC)\
{\
@@ -141,7 +132,7 @@ SOFTWARE.
#define VERIFY_GC(pGC, rid, client)\
SECURITY_VERIFY_GC(pGC, rid, client, SecurityUnknownAccess)
-#else /* not XCSECURITY */
+#else /* not XACE */
#define VERIFY_DRAWABLE(pDraw, did, client)\
if (client->lastDrawableID == did)\
@@ -191,7 +182,7 @@ SOFTWARE.
#define SECURITY_VERIFY_GC(pGC, rid, client, mode)\
VERIFY_GC(pGC, rid, client)
-#endif /* XCSECURITY */
+#endif /* XACE */
/*
* We think that most hardware implementations of DBE will want
@@ -386,7 +377,7 @@ extern int CompareISOLatin1Lowered(
unsigned char * /*b*/,
int blen);
-#ifdef XCSECURITY
+#ifdef XACE
extern WindowPtr SecurityLookupWindow(
XID /*rid*/,
@@ -422,7 +413,7 @@ extern pointer LookupDrawable(
#define SecurityLookupDrawable(rid, client, access_mode) \
LookupDrawable(rid, client)
-#endif /* XCSECURITY */
+#endif /* XACE */
extern ClientPtr LookupClient(
XID /*rid*/,
diff --git a/include/dixstruct.h b/include/dixstruct.h
index f38a64d..1ac7d84 100644
--- a/include/dixstruct.h
+++ b/include/dixstruct.h
@@ -130,15 +130,8 @@ typedef struct _Client {
int requestLogIndex;
#endif
unsigned long replyBytesRemaining;
-#ifdef XCSECURITY
- XID authId;
- unsigned int trustLevel;
- pointer (* CheckAccess)(
- ClientPtr /*pClient*/,
- XID /*id*/,
- RESTYPE /*classes*/,
- Mask /*access_mode*/,
- pointer /*resourceval*/);
+#ifdef XACE
+ pointer securityState[4]; /* 4 slots for use */
#endif
#ifdef XAPPGROUP
struct _AppGroupRec* appgroup;
diff --git a/include/extnsionst.h b/include/extnsionst.h
index daf37bf..8532b69 100644
--- a/include/extnsionst.h
+++ b/include/extnsionst.h
@@ -71,7 +71,7 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */
ClientPtr /* client */);
#ifdef XCSECURITY
- Bool secure; /* extension visible to untrusted clients? */
+ pointer securityState[4]; /* 4 slots for use */
#endif
} ExtensionEntry;
@@ -129,6 +129,7 @@ extern Bool AddExtensionAlias(
ExtensionEntry * /*extension*/);
extern ExtensionEntry *CheckExtension(const char *extname);
+extern ExtensionEntry *GetExtensionEntry(int major);
extern ExtensionLookupProc LookupProc(
char* /*name*/,
diff --git a/include/resource.h b/include/resource.h
index 49c1898..c08998c 100644
--- a/include/resource.h
+++ b/include/resource.h
@@ -227,7 +227,7 @@ extern pointer LookupClientResourceCompl
#define SecurityWriteAccess (1<<1) /* changing the object */
#define SecurityDestroyAccess (1<<2) /* destroying the object */
-#ifdef XCSECURITY
+#ifdef XACE
extern pointer SecurityLookupIDByType(
ClientPtr /*client*/,
@@ -241,7 +241,7 @@ extern pointer SecurityLookupIDByClass(
RESTYPE /*classes*/,
Mask /*access_mode*/);
-#else /* not XCSECURITY */
+#else /* not XACE */
#define SecurityLookupIDByType(client, id, rtype, access_mode) \
LookupIDByType(id, rtype)
@@ -249,7 +249,7 @@ extern pointer SecurityLookupIDByClass(
#define SecurityLookupIDByClass(client, id, classes, access_mode) \
LookupIDByClass(id, classes)
-#endif /* XCSECURITY */
+#endif /* XACE */
extern void GetXIDRange(
int /*client*/,
diff --git a/os/access.c b/os/access.c
index 62af2f9..dc54bee 100644
--- a/os/access.c
+++ b/os/access.c
@@ -202,9 +202,8 @@ SOFTWARE.
#include "dixstruct.h"
#include "osdep.h"
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
#endif
#ifndef PATH_MAX
@@ -1383,15 +1382,6 @@ _X_EXPORT Bool LocalClient(ClientPtr cli
pointer addr;
register HOST *host;
-#ifdef XCSECURITY
- /* untrusted clients can't change host access */
- if (client->trustLevel != XSecurityClientTrusted)
- {
- SecurityAudit("client %d attempted to change host access\n",
- client->index);
- return FALSE;
- }
-#endif
if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
¬used, &alen, &from))
{
@@ -1534,6 +1524,11 @@ AuthorizedClient(ClientPtr client)
{
if (!client || defeatAccessControl)
return TRUE;
+#ifdef XACE
+ /* untrusted clients can't change host access */
+ if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
+ return FALSE;
+#endif
return LocalClient(client);
}
diff --git a/os/connection.c b/os/connection.c
index 21c1ea6..eb1bcbe 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -150,6 +150,9 @@ extern __const__ int _nfiles;
#ifdef XAPPGROUP
#include <X11/extensions/Xagsrv.h>
#endif
+#ifdef XACE
+#include "xace.h"
+#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/security.h>
@@ -693,9 +696,8 @@ ClientAuthorized(ClientPtr client,
/* indicate to Xdmcp protocol that we've opened new client */
XdmcpOpenDisplay(priv->fd);
#endif /* XDMCP */
-#ifdef XAPPGROUP
- if (ClientStateCallback)
- XagCallClientStateChange (client);
+#ifdef XACE
+ XaceHook(XACE_AUTH_AVAIL, client, auth_id);
#endif
/* At this point, if the client is authorized to change the access control
* list, we should getpeername() information, and add the client to
diff-tree 98d17bba716619e3402bd74c7c3e1c01d055ef6e (from 569c808a2375be71f835ee8693605487484bd22e)
Author: Alan Coopersmith <alanc at alf.(none)>
Date: Mon Jun 19 17:07:59 2006 -0700
Tell git to ignore emacs *~ droppings and git .msg files
diff --git a/.gitignore b/.gitignore
index 8ae5358..429f677 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,10 +2,12 @@ Makefile
Makefile.in
.deps
.libs
+.msg
*.lo
*.la
*.a
*.o
+*~
aclocal.m4
autom4te.cache
compile
diff-tree 569c808a2375be71f835ee8693605487484bd22e (from 55426650417df4ec22ea0e2a67f6074f0ac1d54e)
Author: Eric Anholt <anholt at FreeBSD.org>
Date: Mon Jun 19 16:42:09 2006 -0700
Fix crash when using PICT_x4a4 by supplying an appropriate fbFetchPixel_x4a4.
diff --git a/fb/fbcompose.c b/fb/fbcompose.c
index 771245e..41fff7b 100644
--- a/fb/fbcompose.c
+++ b/fb/fbcompose.c
@@ -849,6 +849,14 @@ fbFetchPixel_c8 (const FbBits *bits, int
return indexed->rgba[pixel];
}
+static FASTCALL CARD32
+fbFetchPixel_x4a4 (const FbBits *bits, int offset, miIndexedPtr indexed)
+{
+ CARD32 pixel = ((CARD8 *) bits)[offset];
+
+ return ((pixel & 0xf) | ((pixel & 0xf) << 4)) << 24;
+}
+
#define Fetch8(l,o) (((CARD8 *) (l))[(o) >> 2])
#if IMAGE_BYTE_ORDER == MSBFirst
#define Fetch4(l,o) ((o) & 2 ? Fetch8(l,o) & 0xf : Fetch8(l,o) >> 4)
@@ -988,6 +996,7 @@ static fetchPixelProc fetchPixelProcForP
case PICT_a2b2g2r2: return fbFetchPixel_a2b2g2r2;
case PICT_c8: return fbFetchPixel_c8;
case PICT_g8: return fbFetchPixel_c8;
+ case PICT_x4a4: return fbFetchPixel_x4a4;
/* 4bpp formats */
case PICT_a4: return fbFetchPixel_a4;
diff-tree 8d9ccc90a54c786ca4ba5620ab0a965e3f3bc8ea (from 9f2793551f335e5fb08990fc8bb9e05e0ffb68d5)
Author: Eamon Walsh <ewalsh at epoch.ncsc.mil>
Date: Wed May 5 20:15:41 2004 +0000
Add XACE extension
(partially cherry picked from 8d4f21ab53c44ca48501d6211ea6db0c0b8af916 commit)
diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h
index 4f7a23e..9a85b48 100644
--- a/hw/xfree86/dixmods/extmod/modinit.h
+++ b/hw/xfree86/dixmods/extmod/modinit.h
@@ -127,7 +127,12 @@ extern void ShmRegisterFuncs(
ShmFuncsPtr funcs);
#endif
+#ifdef XACE
+extern void XaceExtensionInit(INITARGS);
+#endif
+
#if 1
+extern void SecurityExtensionSetup(INITARGS);
extern void SecurityExtensionInit(INITARGS);
#endif
diff --git a/mi/miinitext.c b/mi/miinitext.c
index 091ac6b..2a57a89 100644
--- a/mi/miinitext.c
+++ b/mi/miinitext.c
@@ -243,6 +243,9 @@ typedef void (*InitExtension)(INITARGS);
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#endif
+#ifdef XACE
+#include "xace.h"
+#endif
#ifdef XCSECURITY
#define _SECURITY_SERVER
#include <X11/extensions/securstr.h>
@@ -313,7 +316,11 @@ extern void DbeExtensionInit(INITARGS);
#ifdef XAPPGROUP
extern void XagExtensionInit(INITARGS);
#endif
+#ifdef XACE
+extern void XaceExtensionInit(INITARGS);
+#endif
#ifdef XCSECURITY
+extern void SecurityExtensionSetup(INITARGS);
extern void SecurityExtensionInit(INITARGS);
#endif
#ifdef XPRINT
@@ -524,6 +531,9 @@ InitExtensions(argc, argv)
int argc;
char *argv[];
{
+#ifdef XCSECURITY
+ SecurityExtensionSetup();
+#endif
#ifdef PANORAMIX
# if !defined(PRINT_ONLY_SERVER) && !defined(NO_PANORAMIX)
if (!noPanoramiXExtension) PanoramiXExtensionInit();
@@ -586,6 +596,9 @@ InitExtensions(argc, argv)
#ifdef XAPPGROUP
if (!noXagExtension) XagExtensionInit();
#endif
+#ifdef XACE
+ XaceExtensionInit();
+#endif
#ifdef XCSECURITY
if (!noSecurityExtension) SecurityExtensionInit();
#endif
@@ -688,8 +701,11 @@ static ExtensionModule staticExtensions[
#ifdef XAPPGROUP
{ XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL },
#endif
+#ifdef XACE
+ { XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL },
+#endif
#ifdef XCSECURITY
- { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
+ { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, SecurityExtensionSetup, NULL },
#endif
#ifdef XPRINT
{ XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL },
diff-tree 55426650417df4ec22ea0e2a67f6074f0ac1d54e (from 520c80f4b807ae6419e70fe2b524532465b509ac)
Author: Eric Anholt <anholt at FreeBSD.org>
Date: Mon Jun 19 15:04:46 2006 -0700
Clean up gcc warnings from picture format CARD32 -> enum change.
diff --git a/fb/fbpict.c b/fb/fbpict.c
index f248fdb..55fb0a7 100644
--- a/fb/fbpict.c
+++ b/fb/fbpict.c
@@ -925,6 +925,8 @@ fbComposite (CARD8 op,
#endif
func = fbCompositeSolidMask_nx8x8888;
break;
+ default:
+ break;
}
break;
case PICT_a8r8g8b8:
@@ -947,6 +949,8 @@ fbComposite (CARD8 op,
#endif
func = fbCompositeSolidMask_nx8888x0565C;
break;
+ default:
+ break;
}
}
break;
@@ -970,6 +974,8 @@ fbComposite (CARD8 op,
#endif
func = fbCompositeSolidMask_nx8888x0565C;
break;
+ default:
+ break;
}
}
break;
@@ -985,9 +991,15 @@ fbComposite (CARD8 op,
case PICT_x8b8g8r8:
func = fbCompositeSolidMask_nx1xn;
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
+ default:
+ break;
}
}
else if (! srcRepeat) /* has mask and non-repeating source */
@@ -1016,8 +1028,12 @@ fbComposite (CARD8 op,
func = fbCompositeSrc_8888RevNPx0565mmx;
#endif
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
break;
case PICT_x8r8g8b8:
@@ -1038,10 +1054,16 @@ fbComposite (CARD8 op,
func = fbCompositeSrc_8888RevNPx0565mmx;
#endif
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
break;
}
@@ -1094,8 +1116,12 @@ fbComposite (CARD8 op,
}
#endif
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
}
else if (! srcRepeat)
@@ -1118,6 +1144,8 @@ fbComposite (CARD8 op,
case PICT_r5g6b5:
func = fbCompositeSrc_8888x0565;
break;
+ default:
+ break;
}
break;
case PICT_x8r8g8b8:
@@ -1129,6 +1157,8 @@ fbComposite (CARD8 op,
func = fbCompositeCopyAreammx;
#endif
break;
+ default:
+ break;
}
case PICT_x8b8g8r8:
switch (pDst->format) {
@@ -1139,6 +1169,8 @@ fbComposite (CARD8 op,
func = fbCompositeCopyAreammx;
#endif
break;
+ default:
+ break;
}
break;
case PICT_a8b8g8r8:
@@ -1158,6 +1190,8 @@ fbComposite (CARD8 op,
case PICT_b5g6r5:
func = fbCompositeSrc_8888x0565;
break;
+ default:
+ break;
}
break;
case PICT_r5g6b5:
@@ -1165,6 +1199,8 @@ fbComposite (CARD8 op,
case PICT_r5g6b5:
func = fbCompositeSrc_0565x0565;
break;
+ default:
+ break;
}
break;
case PICT_b5g6r5:
@@ -1172,8 +1208,12 @@ fbComposite (CARD8 op,
case PICT_b5g6r5:
func = fbCompositeSrc_0565x0565;
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
}
}
@@ -1192,6 +1232,8 @@ fbComposite (CARD8 op,
#endif
func = fbCompositeSrcAdd_8888x8888;
break;
+ default:
+ break;
}
break;
case PICT_a8b8g8r8:
@@ -1204,6 +1246,8 @@ fbComposite (CARD8 op,
#endif
func = fbCompositeSrcAdd_8888x8888;
break;
+ default:
+ break;
}
break;
case PICT_a8:
@@ -1216,6 +1260,8 @@ fbComposite (CARD8 op,
#endif
func = fbCompositeSrcAdd_8000x8000;
break;
+ default:
+ break;
}
break;
case PICT_a1:
@@ -1223,8 +1269,12 @@ fbComposite (CARD8 op,
case PICT_a1:
func = fbCompositeSrcAdd_1000x1000;
break;
+ default:
+ break;
}
break;
+ default:
+ break;
}
}
break;
diff-tree 520c80f4b807ae6419e70fe2b524532465b509ac (from e793f0eeee3e9c83b6a7b50d451fb6db12839087)
Author: Eric Anholt <anholt at FreeBSD.org>
Date: Mon Jun 19 14:40:27 2006 -0700
Don't forget to step the rows when verifying the equivalence of fb/sys areas.
This is only used by fakexa, but we would have missed some errors without this
fix.
diff --git a/exa/exa_migration.c b/exa/exa_migration.c
index 57d651f..06a4b93 100644
--- a/exa/exa_migration.c
+++ b/exa/exa_migration.c
@@ -435,6 +435,8 @@ exaAssertNotDirty (PixmapPtr pPixmap)
if (memcmp(dst, src, data_row_bytes) != 0) {
abort();
}
+ dst += dst_pitch;
+ src += src_pitch;
}
exaFinishAccess(&pPixmap->drawable, EXA_PREPARE_SRC);
}
diff-tree e793f0eeee3e9c83b6a7b50d451fb6db12839087 (from e1672a12eb70836a2ceec803d505294897ae8cd2)
Author: Eric Anholt <anholt at FreeBSD.org>
Date: Mon Jun 19 14:06:02 2006 -0700
Correct component ordering when fetching [ax]4b4g4r4 pixels.
Noticed by: rendercheck
diff --git a/fb/fbcompose.c b/fb/fbcompose.c
index c4f979d..771245e 100644
--- a/fb/fbcompose.c
+++ b/fb/fbcompose.c
@@ -267,11 +267,11 @@ fbFetch_a4b4g4r4 (const FbBits *bits, in
CARD32 r,g,b, a;
a = ((p & 0xf000) | ((p & 0xf000) >> 4)) << 16;
- b = ((p & 0x0f00) | ((p & 0x0f00) >> 4)) << 12;
+ b = ((p & 0x0f00) | ((p & 0x0f00) >> 4)) >> 4;
g = ((p & 0x00f0) | ((p & 0x00f0) >> 4)) << 8;
- r = ((p & 0x000f) | ((p & 0x000f) << 4));
+ r = ((p & 0x000f) | ((p & 0x000f) << 4)) << 16;
*buffer++ = (a | r | g | b);
- }
+ }
}
static FASTCALL void
@@ -283,11 +283,11 @@ fbFetch_x4b4g4r4 (const FbBits *bits, in
CARD32 p = *pixel++;
CARD32 r,g,b;
- b = ((p & 0x0f00) | ((p & 0x0f00) >> 4)) << 12;
+ b = ((p & 0x0f00) | ((p & 0x0f00) >> 4)) >> 4;
g = ((p & 0x00f0) | ((p & 0x00f0) >> 4)) << 8;
- r = ((p & 0x000f) | ((p & 0x000f) << 4));
+ r = ((p & 0x000f) | ((p & 0x000f) << 4)) << 16;
*buffer++ = (0xff000000 | r | g | b);
- }
+ }
}
static FASTCALL void
@@ -758,9 +758,9 @@ fbFetchPixel_a4b4g4r4 (const FbBits *bit
CARD32 a,r,g,b;
a = ((pixel & 0xf000) | ((pixel & 0xf000) >> 4)) << 16;
- b = ((pixel & 0x0f00) | ((pixel & 0x0f00) >> 4)) << 12;
+ b = ((pixel & 0x0f00) | ((pixel & 0x0f00) >> 4)) >> 4;
g = ((pixel & 0x00f0) | ((pixel & 0x00f0) >> 4)) << 8;
- r = ((pixel & 0x000f) | ((pixel & 0x000f) << 4));
+ r = ((pixel & 0x000f) | ((pixel & 0x000f) << 4)) << 16;
return (a | r | g | b);
}
@@ -770,9 +770,9 @@ fbFetchPixel_x4b4g4r4 (const FbBits *bit
CARD32 pixel = ((CARD16 *) bits)[offset];
CARD32 r,g,b;
- b = ((pixel & 0x0f00) | ((pixel & 0x0f00) >> 4)) << 12;
+ b = ((pixel & 0x0f00) | ((pixel & 0x0f00) >> 4)) >> 4;
g = ((pixel & 0x00f0) | ((pixel & 0x00f0) >> 4)) << 8;
- r = ((pixel & 0x000f) | ((pixel & 0x000f) << 4));
+ r = ((pixel & 0x000f) | ((pixel & 0x000f) << 4)) << 16;
return (0xff000000 | r | g | b);
}
diff-tree e1672a12eb70836a2ceec803d505294897ae8cd2 (from 9742d55c820a260a42a4537502295931d4529deb)
Author: Eric Anholt <anholt at FreeBSD.org>
Date: Mon Jun 19 13:20:56 2006 -0700
Convert PICT_* names from #defines to an enum to aid in debugging.
diff --git a/render/picture.h b/render/picture.h
index 778eb5c..e7d86ac 100644
--- a/render/picture.h
+++ b/render/picture.h
@@ -68,61 +68,63 @@ typedef struct _Picture *PicturePtr;
#define PICT_FORMAT_COLOR(f) (PICT_FORMAT_TYPE(f) & 2)
/* 32bpp formats */
-#define PICT_a8r8g8b8 PICT_FORMAT(32,PICT_TYPE_ARGB,8,8,8,8)
-#define PICT_x8r8g8b8 PICT_FORMAT(32,PICT_TYPE_ARGB,0,8,8,8)
-#define PICT_a8b8g8r8 PICT_FORMAT(32,PICT_TYPE_ABGR,8,8,8,8)
-#define PICT_x8b8g8r8 PICT_FORMAT(32,PICT_TYPE_ABGR,0,8,8,8)
+typedef enum _PictFormatShort {
+ PICT_a8r8g8b8 = PICT_FORMAT(32,PICT_TYPE_ARGB,8,8,8,8),
+ PICT_x8r8g8b8 = PICT_FORMAT(32,PICT_TYPE_ARGB,0,8,8,8),
+ PICT_a8b8g8r8 = PICT_FORMAT(32,PICT_TYPE_ABGR,8,8,8,8),
+ PICT_x8b8g8r8 = PICT_FORMAT(32,PICT_TYPE_ABGR,0,8,8,8),
/* 24bpp formats */
-#define PICT_r8g8b8 PICT_FORMAT(24,PICT_TYPE_ARGB,0,8,8,8)
-#define PICT_b8g8r8 PICT_FORMAT(24,PICT_TYPE_ABGR,0,8,8,8)
+ PICT_r8g8b8 = PICT_FORMAT(24,PICT_TYPE_ARGB,0,8,8,8),
+ PICT_b8g8r8 = PICT_FORMAT(24,PICT_TYPE_ABGR,0,8,8,8),
/* 16bpp formats */
-#define PICT_r5g6b5 PICT_FORMAT(16,PICT_TYPE_ARGB,0,5,6,5)
-#define PICT_b5g6r5 PICT_FORMAT(16,PICT_TYPE_ABGR,0,5,6,5)
+ PICT_r5g6b5 = PICT_FORMAT(16,PICT_TYPE_ARGB,0,5,6,5),
+ PICT_b5g6r5 = PICT_FORMAT(16,PICT_TYPE_ABGR,0,5,6,5),
-#define PICT_a1r5g5b5 PICT_FORMAT(16,PICT_TYPE_ARGB,1,5,5,5)
-#define PICT_x1r5g5b5 PICT_FORMAT(16,PICT_TYPE_ARGB,0,5,5,5)
-#define PICT_a1b5g5r5 PICT_FORMAT(16,PICT_TYPE_ABGR,1,5,5,5)
-#define PICT_x1b5g5r5 PICT_FORMAT(16,PICT_TYPE_ABGR,0,5,5,5)
-#define PICT_a4r4g4b4 PICT_FORMAT(16,PICT_TYPE_ARGB,4,4,4,4)
-#define PICT_x4r4g4b4 PICT_FORMAT(16,PICT_TYPE_ARGB,0,4,4,4)
-#define PICT_a4b4g4r4 PICT_FORMAT(16,PICT_TYPE_ABGR,4,4,4,4)
-#define PICT_x4b4g4r4 PICT_FORMAT(16,PICT_TYPE_ABGR,0,4,4,4)
+ PICT_a1r5g5b5 = PICT_FORMAT(16,PICT_TYPE_ARGB,1,5,5,5),
+ PICT_x1r5g5b5 = PICT_FORMAT(16,PICT_TYPE_ARGB,0,5,5,5),
+ PICT_a1b5g5r5 = PICT_FORMAT(16,PICT_TYPE_ABGR,1,5,5,5),
+ PICT_x1b5g5r5 = PICT_FORMAT(16,PICT_TYPE_ABGR,0,5,5,5),
+ PICT_a4r4g4b4 = PICT_FORMAT(16,PICT_TYPE_ARGB,4,4,4,4),
+ PICT_x4r4g4b4 = PICT_FORMAT(16,PICT_TYPE_ARGB,0,4,4,4),
+ PICT_a4b4g4r4 = PICT_FORMAT(16,PICT_TYPE_ABGR,4,4,4,4),
+ PICT_x4b4g4r4 = PICT_FORMAT(16,PICT_TYPE_ABGR,0,4,4,4),
/* 8bpp formats */
-#define PICT_a8 PICT_FORMAT(8,PICT_TYPE_A,8,0,0,0)
-#define PICT_r3g3b2 PICT_FORMAT(8,PICT_TYPE_ARGB,0,3,3,2)
-#define PICT_b2g3r3 PICT_FORMAT(8,PICT_TYPE_ABGR,0,3,3,2)
-#define PICT_a2r2g2b2 PICT_FORMAT(8,PICT_TYPE_ARGB,2,2,2,2)
-#define PICT_a2b2g2r2 PICT_FORMAT(8,PICT_TYPE_ABGR,2,2,2,2)
-
-#define PICT_c8 PICT_FORMAT(8,PICT_TYPE_COLOR,0,0,0,0)
-#define PICT_g8 PICT_FORMAT(8,PICT_TYPE_GRAY,0,0,0,0)
-
-#define PICT_x4a4 PICT_FORMAT(8,PICT_TYPE_A,4,0,0,0)
-#define PICT_x4r1g2b1 PICT_FORMAT(8,PICT_TYPE_ARGB,0,1,2,1)
-#define PICT_x4b1g2r1 PICT_FORMAT(8,PICT_TYPE_ABGR,0,1,2,1)
-#define PICT_x4a1r1g1b1 PICT_FORMAT(8,PICT_TYPE_ARGB,1,1,1,1)
-#define PICT_x4a1b1g1r1 PICT_FORMAT(8,PICT_TYPE_ABGR,1,1,1,1)
+ PICT_a8 = PICT_FORMAT(8,PICT_TYPE_A,8,0,0,0),
+ PICT_r3g3b2 = PICT_FORMAT(8,PICT_TYPE_ARGB,0,3,3,2),
+ PICT_b2g3r3 = PICT_FORMAT(8,PICT_TYPE_ABGR,0,3,3,2),
+ PICT_a2r2g2b2 = PICT_FORMAT(8,PICT_TYPE_ARGB,2,2,2,2),
+ PICT_a2b2g2r2 = PICT_FORMAT(8,PICT_TYPE_ABGR,2,2,2,2),
+
+ PICT_c8 = PICT_FORMAT(8,PICT_TYPE_COLOR,0,0,0,0),
+ PICT_g8 = PICT_FORMAT(8,PICT_TYPE_GRAY,0,0,0,0),
+
+ PICT_x4a4 = PICT_FORMAT(8,PICT_TYPE_A,4,0,0,0),
+ PICT_x4r1g2b1 = PICT_FORMAT(8,PICT_TYPE_ARGB,0,1,2,1),
+ PICT_x4b1g2r1 = PICT_FORMAT(8,PICT_TYPE_ABGR,0,1,2,1),
+ PICT_x4a1r1g1b1 = PICT_FORMAT(8,PICT_TYPE_ARGB,1,1,1,1),
+ PICT_x4a1b1g1r1 = PICT_FORMAT(8,PICT_TYPE_ABGR,1,1,1,1),
-#define PICT_x4c4 PICT_FORMAT(8,PICT_TYPE_COLOR,0,0,0,0)
-#define PICT_x4g4 PICT_FORMAT(8,PICT_TYPE_GRAY,0,0,0,0)
+ PICT_x4c4 = PICT_FORMAT(8,PICT_TYPE_COLOR,0,0,0,0),
+ PICT_x4g4 = PICT_FORMAT(8,PICT_TYPE_GRAY,0,0,0,0),
/* 4bpp formats */
-#define PICT_a4 PICT_FORMAT(4,PICT_TYPE_A,4,0,0,0)
-#define PICT_r1g2b1 PICT_FORMAT(4,PICT_TYPE_ARGB,0,1,2,1)
-#define PICT_b1g2r1 PICT_FORMAT(4,PICT_TYPE_ABGR,0,1,2,1)
-#define PICT_a1r1g1b1 PICT_FORMAT(4,PICT_TYPE_ARGB,1,1,1,1)
-#define PICT_a1b1g1r1 PICT_FORMAT(4,PICT_TYPE_ABGR,1,1,1,1)
+ PICT_a4 = PICT_FORMAT(4,PICT_TYPE_A,4,0,0,0),
+ PICT_r1g2b1 = PICT_FORMAT(4,PICT_TYPE_ARGB,0,1,2,1),
+ PICT_b1g2r1 = PICT_FORMAT(4,PICT_TYPE_ABGR,0,1,2,1),
+ PICT_a1r1g1b1 = PICT_FORMAT(4,PICT_TYPE_ARGB,1,1,1,1),
+ PICT_a1b1g1r1 = PICT_FORMAT(4,PICT_TYPE_ABGR,1,1,1,1),
-#define PICT_c4 PICT_FORMAT(4,PICT_TYPE_COLOR,0,0,0,0)
-#define PICT_g4 PICT_FORMAT(4,PICT_TYPE_GRAY,0,0,0,0)
+ PICT_c4 = PICT_FORMAT(4,PICT_TYPE_COLOR,0,0,0,0),
+ PICT_g4 = PICT_FORMAT(4,PICT_TYPE_GRAY,0,0,0,0),
/* 1bpp formats */
-#define PICT_a1 PICT_FORMAT(1,PICT_TYPE_A,1,0,0,0)
+ PICT_a1 = PICT_FORMAT(1,PICT_TYPE_A,1,0,0,0),
-#define PICT_g1 PICT_FORMAT(1,PICT_TYPE_GRAY,0,0,0,0)
+ PICT_g1 = PICT_FORMAT(1,PICT_TYPE_GRAY,0,0,0,0),
+} PictFormatShort;
/*
* For dynamic indexed visuals (GrayScale and PseudoColor), these control the
diff --git a/render/picturestr.h b/render/picturestr.h
index e81d769..1ea9120 100644
--- a/render/picturestr.h
+++ b/render/picturestr.h
@@ -129,7 +129,7 @@ typedef union _SourcePict {
typedef struct _Picture {
DrawablePtr pDrawable;
PictFormatPtr pFormat;
- CARD32 format; /* PICT_FORMAT */
+ PictFormatShort format; /* PICT_FORMAT */
int refcnt;
CARD32 id;
PicturePtr pNext; /* chain on same drawable */
diff-tree 9742d55c820a260a42a4537502295931d4529deb (from d97a21acb878bc4e5e6542912fbd820503bba312)
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Mon Jun 19 14:40:14 2006 -0700
update .gitignore to handle Xprint move
diff --git a/.gitignore b/.gitignore
index ce396c9..8ae5358 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,12 +23,6 @@ xorg-server.pc
stamp-h?
do-not-use-config.h
do-not-use-config.h.in
-XpConfig/C/print/Xprinters.ghostscript
-Xprint/Xprt
-Xprint/doc/Xprt.1x
-Xprint/doc/Xprt.man
-Xprint/dpmsstubs-wrapper.c
-Xprint/miinitext-wrapper.c
afb/afbbltC.c
afb/afbbltCI.c
afb/afbbltG.c
@@ -216,6 +210,12 @@ hw/xfree86/xorg.c
hw/xnest/Xnest
hw/xnest/Xnest.1x
hw/xnest/Xnest.man
+hw/xprint/Xprt
+hw/xprint/config/C/print/Xprinters.ghostscript
+hw/xprint/doc/Xprt.1x
+hw/xprint/doc/Xprt.man
+hw/xprint/dpmsstubs-wrapper.c
+hw/xprint/miinitext-wrapper.c
include/dix-config.h
include/kdrive-config.h
include/xgl-config.h
diff-tree d97a21acb878bc4e5e6542912fbd820503bba312 (from 29c78321e86956c4ce0c1c899d82557f927e04da)
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Mon Jun 19 14:36:54 2006 -0700
fix compiler warnings in hw/xfree86/i2c/fi1236.c
diff --git a/hw/xfree86/i2c/fi1236.c b/hw/xfree86/i2c/fi1236.c
index ea37414..742645b 100644
--- a/hw/xfree86/i2c/fi1236.c
+++ b/hw/xfree86/i2c/fi1236.c
@@ -99,6 +99,7 @@ xf86DrvMsg(f->d.pI2CBus->scrnIndex, X_IN
}
/* might be buggy */
+#if 0
static void MT2032_shutdown(FI1236Ptr f)
{
CARD8 data[10];
@@ -124,6 +125,7 @@ I2C_WriteRead(&(f->d), (I2CByte *)data,
usleep(15000);
}
+#endif
static void MT2032_dump_status(FI1236Ptr f);
@@ -131,7 +133,7 @@ static void MT2032_init(FI1236Ptr f)
{
CARD8 data[10];
CARD8 value;
-CARD8 xogc;
+CARD8 xogc = 0x00;
MT2032_getid(f);
@@ -479,7 +481,7 @@ if(type==TUNER_TYPE_MT2032){
}
-CARD32 AFC_TimerCallback(OsTimerPtr timer, CARD32 time, pointer data){
+static CARD32 AFC_TimerCallback(OsTimerPtr timer, CARD32 time, pointer data){
FI1236Ptr f=(FI1236Ptr)data;
if(FI1236_AFC(f))return 150;
else {
@@ -517,7 +519,7 @@ void FI1236_tune(FI1236Ptr f, CARD32 fre
xf86DrvMsg(f->d.pI2CBus->scrnIndex, X_INFO, "Setting tuner band to %d\n", f->tuner_data.band);
- xf86DrvMsg(f->d.pI2CBus->scrnIndex, X_INFO, "Setting tuner frequency to %d\n", frequency);
+ xf86DrvMsg(f->d.pI2CBus->scrnIndex, X_INFO, "Setting tuner frequency to %d\n", (int)frequency);
if ((f->type == TUNER_TYPE_FM1216ME) || (f->type == TUNER_TYPE_FI1236W))
{
diff --git a/hw/xfree86/i2c/fi1236.h b/hw/xfree86/i2c/fi1236.h
index dbb1546..7c1d070 100644
--- a/hw/xfree86/i2c/fi1236.h
+++ b/hw/xfree86/i2c/fi1236.h
@@ -90,6 +90,7 @@ typedef struct {
FI1236Ptr Detect_FI1236(I2CBusPtr b, I2CSlaveAddr addr);
void FI1236_set_tuner_type(FI1236Ptr f, int type);
void TUNER_set_frequency(FI1236Ptr f, CARD32 frequency);
+void FI1236_tune(FI1236Ptr f, CARD32 frequency);
int FI1236_AFC(FI1236Ptr f);
int TUNER_get_afc_hint(FI1236Ptr f);
void fi1236_dump_status(FI1236Ptr f);
diff-tree 29c78321e86956c4ce0c1c899d82557f927e04da (from 9f2793551f335e5fb08990fc8bb9e05e0ffb68d5)
Author: Greg Kroah-Hartman <gregkh at suse.de>
Date: Mon Jun 19 14:36:41 2006 -0700
fix compiler warning in hw/xfree86/i2c/tda9850.c
diff --git a/hw/xfree86/i2c/tda9850.c b/hw/xfree86/i2c/tda9850.c
index e6afd81..5b0c581 100644
--- a/hw/xfree86/i2c/tda9850.c
+++ b/hw/xfree86/i2c/tda9850.c
@@ -107,6 +107,6 @@ CARD16 tda9850_getstatus(TDA9850Ptr t)
{
CARD16 status;
-I2C_WriteRead(&(t->d), NULL, 0, &status, 2);
+I2C_WriteRead(&(t->d), NULL, 0, (I2CByte *)&status, 2);
return status;
}
More information about the xorg-commit
mailing list