xserver: Branch 'master'

Alan Coopersmith alanc at kemper.freedesktop.org
Wed Jun 21 04:14:46 EEST 2006 

 Xext/securitysrv.h |  133 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 133 insertions(+)

New commits:
diff-tree a54435946544a039fc333bb5e3438501d0d1ffc6 (from 481d4012e74d9b0e98911f0ae02700ecf4cfc5ac)
Author: Alan Coopersmith <alan.coopersmith at sun.com>
Date:   Tue Jun 20 18:14:27 2006 -0700

    Move Xserver API for security extension to securitysrv.h

diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
new file mode 100644
index 0000000..596eead
--- /dev/null
+++ b/Xext/securitysrv.h
@@ -0,0 +1,133 @@
+/*
+Copyright 1996, 1998  The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+*/
+
+/* Xserver internals for Security extension - moved here from
+   _SECURITY_SERVER section of <X11/extensions/security.h> */
+
+#ifndef _SECURITY_SRV_H
+#define _SECURITY_SRV_H
+
+/* Allow client side portions of <X11/extensions/security.h> to compile */
+#ifndef Status
+# define Status int
+# define NEED_UNDEF_Status
+#endif
+#ifndef Display
+# define Display void
+# define NEED_UNDEF_Display
+#endif
+
+#include <X11/extensions/security.h>
+
+#ifdef NEED_UNDEF_Status
+# undef Status
+# undef NEED_UNDEF_Status
+#endif
+#ifdef NEED_UNDEF_Display
+# undef Display
+# undef NEED_UNDEF_Display
+#endif
+
+
+#include "input.h"    /* for DeviceIntPtr */
+#include "property.h" /* for PropertyPtr */
+#include "pixmap.h"   /* for DrawablePtr */
+#include "resource.h" /* for RESTYPE */
+
+/* resource type to pass in LookupIDByType for authorizations */
+extern RESTYPE SecurityAuthorizationResType;
+
+/* this is what we store for an authorization */
+typedef struct {
+    XID id;			/* resource ID */
+    CARD32 timeout;	/* how long to live in seconds after refcnt == 0 */
+    unsigned int trustLevel;	/* trusted/untrusted */
+    XID group;			/* see embedding extension */
+    unsigned int refcnt;	/* how many clients connected with this auth */
+    unsigned int secondsRemaining; /* overflow time amount for >49 days */
+    OsTimerPtr timer;		/* timer for this auth */
+    struct _OtherClients *eventClients; /* clients wanting events */
+} SecurityAuthorizationRec, *SecurityAuthorizationPtr;
+
+/* The following callback is called when a GenerateAuthorization request
+ * is processed to sanity check the group argument.  The call data will
+ * be a pointer to a SecurityValidateGroupInfoRec (below).  
+ * Functions registered on this callback are expected to examine the
+ * group and set the valid field to TRUE if they recognize the group as a
+ * legitimate group.  If they don't recognize it, they should not change the
+ * valid field.
+ */
+extern CallbackListPtr SecurityValidateGroupCallback;
+typedef struct {
+    XID group;	/* the group that was sent in GenerateAuthorization */
+    Bool valid; /* did anyone recognize it? if so, set to TRUE */
+} SecurityValidateGroupInfoRec;
+
+/* Proc vectors for untrusted clients, swapped and unswapped versions.
+ * These are the same as the normal proc vectors except that extensions
+ * that haven't declared themselves secure will have ProcBadRequest plugged
+ * in for their major opcode dispatcher.  This prevents untrusted clients
+ * from guessing extension major opcodes and using the extension even though
+ * the extension can't be listed or queried.
+ */
+extern int (*UntrustedProcVector[256])(ClientPtr client);
+extern int (*SwappedUntrustedProcVector[256])(ClientPtr client);
+
+extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev,
+			       Bool fromRequest);
+
+extern void SecurityAudit(char *format, ...);
+
+extern int XSecurityOptions(int argc, char **argv, int i);
+
+/* Give this value or higher to the -audit option to get security messages */
+#define SECURITY_AUDIT_LEVEL 4
+
+extern void SecurityCensorImage(
+    ClientPtr client,
+    RegionPtr pVisibleRegion,
+    long widthBytesLine,
+    DrawablePtr pDraw,
+    int x, int y, int w, int h,
+    unsigned int format,
+    char * pBuf);
+
+#define SecurityAllowOperation  0
+#define SecurityIgnoreOperation 1
+#define SecurityErrorOperation  2
+
+extern char
+SecurityCheckPropertyAccess(
+    ClientPtr client,
+    WindowPtr pWin,
+    ATOM  propertyName,
+    Mask access_mode);
+
+#define SECURITY_POLICY_FILE_VERSION "version-1"
+
+extern char **SecurityGetSitePolicyStrings(int *n);
+
+#endif /* _SECURITY_SRV_H */

More information about the xorg-commit mailing list