xserver: Branch 'XACE-SELINUX' - 14 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Thu Aug 16 15:23:17 PDT 2007
Xext/dpms.c | 4
Xext/dpmsproc.h | 4
Xext/dpmsstubs.c | 2
Xext/mbuf.c | 2
Xext/saver.c | 4
Xext/security.c | 19 -
Xext/xace.c | 18 +
Xext/xace.h | 4
Xext/xacestr.h | 15 -
Xext/xselinux.c | 18 -
Xext/xtest.c | 2
dbe/dbe.c | 2
dix/colormap.c | 11
dix/cursor.c | 92 +++----
dix/dispatch.c | 522 +++++++++++++++++++++--------------------
dix/dixfonts.c | 26 +-
dix/dixutils.c | 46 +--
dix/events.c | 18 -
dix/gc.c | 58 ++--
dix/main.c | 4
dix/property.c | 19 -
dix/resource.c | 20 -
dix/window.c | 181 +++++++-------
hw/darwin/darwinEvents.c | 2
hw/dmx/dmxdpms.c | 2
hw/dmx/dmxfont.c | 4
hw/xfree86/common/xf86DPMS.c | 16 -
hw/xfree86/common/xf86Events.c | 6
hw/xfree86/common/xf86Init.c | 2
hw/xfree86/common/xf86PM.c | 2
hw/xfree86/common/xf86xv.c | 3
hw/xwin/winclipboardwrappers.c | 1
include/cursor.h | 26 --
include/dix.h | 15 -
include/dixfont.h | 6
include/dixstruct.h | 4
include/gc.h | 4
include/os.h | 2
include/resource.h | 6
include/window.h | 9
mi/mibstore.c | 3
mi/midispcur.c | 9
mi/mieq.c | 4
mi/miexpose.c | 2
miext/cw/cw.c | 2
os/WaitFor.c | 4
os/access.c | 32 +-
os/connection.c | 9
render/render.c | 26 +-
xfixes/cursor.c | 8
50 files changed, 682 insertions(+), 618 deletions(-)
New commits:
diff-tree 0a994d4f859a4e48d41a90ed9d2a282bb528c555 (from 3ef2e9e623819c625a92f464fb14f1e5c181df42)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Aug 16 12:54:35 2007 -0400
xace: add hooks + new access codes: core protocol selection requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index ece240c..bb30619 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -980,9 +980,10 @@ ProcSetSelectionOwner(ClientPtr client)
{
WindowPtr pWin;
TimeStamp time;
+ int rc;
REQUEST(xSetSelectionOwnerReq);
-
REQUEST_SIZE_MATCH(xSetSelectionOwnerReq);
+
UpdateCurrentTime();
time = ClientTimeToServerTime(stuff->time);
@@ -992,7 +993,7 @@ ProcSetSelectionOwner(ClientPtr client)
return Success;
if (stuff->window != None)
{
- int rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixSetAttrAccess);
if (rc != Success)
return rc;
}
@@ -1012,6 +1013,10 @@ ProcSetSelectionOwner(ClientPtr client)
{
xEvent event;
+ rc = XaceHook(XACE_SELECTION_ACCESS, client, CurrentSelections[i],
+ DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
/* If the timestamp in client's request is in the past relative
to the time stamp indicating the last time the owner of the
selection was set, do not set the selection, just return
@@ -1049,6 +1054,10 @@ ProcSetSelectionOwner(ClientPtr client)
CurrentSelections = newsels;
CurrentSelections[i].selection = stuff->selection;
CurrentSelections[i].devPrivates = NULL;
+ rc = XaceHook(XACE_SELECTION_ACCESS, CurrentSelections[i],
+ DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
}
dixFreePrivates(CurrentSelections[i].devPrivates);
CurrentSelections[i].lastTimeChanged = time;
@@ -1094,7 +1103,7 @@ ProcGetSelectionOwner(ClientPtr client)
reply.sequenceNumber = client->sequence;
if (i < NumCurrentSelections &&
XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i],
- DixReadAccess) == Success)
+ DixGetAttrAccess) == Success)
reply.owner = CurrentSelections[i].destwindow;
else
reply.owner = None;
@@ -1118,7 +1127,7 @@ ProcConvertSelection(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xConvertSelectionReq);
- rc = dixLookupWindow(&pWin, stuff->requestor, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->requestor, client, DixSetAttrAccess);
if (rc != Success)
return rc;
diff-tree 3ef2e9e623819c625a92f464fb14f1e5c181df42 (from fe9bc481efb0821134e10760c23993c6a7386450)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Aug 16 12:27:48 2007 -0400
xace: add hooks + new access codes: core protocol pixmap requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index f6a85bb..ece240c 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1500,7 +1500,7 @@ ProcCreatePixmap(ClientPtr client)
LEGAL_NEW_RESOURCE(stuff->pid, client);
rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY,
- DixReadAccess);
+ DixGetAttrAccess);
if (rc != Success)
return rc;
@@ -1543,9 +1543,17 @@ CreatePmap:
{
pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER;
pMap->drawable.id = stuff->pid;
+ /* security creation/labeling check */
+ rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, RT_PIXMAP,
+ DixCreateAccess, pMap);
+ if (rc != Success) {
+ (*pDraw->pScreen->DestroyPixmap)(pMap);
+ return rc;
+ }
if (AddResource(stuff->pid, RT_PIXMAP, (pointer)pMap))
return(client->noClientException);
}
+ (*pDraw->pScreen->DestroyPixmap)(pMap);
return (BadAlloc);
}
@@ -1553,13 +1561,13 @@ int
ProcFreePixmap(ClientPtr client)
{
PixmapPtr pMap;
-
+ int rc;
REQUEST(xResourceReq);
-
REQUEST_SIZE_MATCH(xResourceReq);
- pMap = (PixmapPtr)SecurityLookupIDByType(client, stuff->id, RT_PIXMAP,
- DixDestroyAccess);
- if (pMap)
+
+ rc = dixLookupResource((pointer *)&pMap, stuff->id, RT_PIXMAP, client,
+ DixDestroyAccess);
+ if (rc == Success)
{
FreeResource(stuff->id, RT_NONE);
return(client->noClientException);
@@ -1567,7 +1575,7 @@ ProcFreePixmap(ClientPtr client)
else
{
client->errorValue = stuff->id;
- return (BadPixmap);
+ return (rc == BadValue) ? BadPixmap : rc;
}
}
diff-tree fe9bc481efb0821134e10760c23993c6a7386450 (from e89301c8790df9fc49de13dd7c7f36e5340c0c31)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Aug 16 12:02:59 2007 -0400
xace: add hooks + new access codes: core protocol font requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 30f44fb..f6a85bb 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1354,23 +1354,21 @@ ProcQueryFont(ClientPtr client)
xQueryFontReply *reply;
FontPtr pFont;
GC *pGC;
+ int rc;
REQUEST(xResourceReq);
-
REQUEST_SIZE_MATCH(xResourceReq);
+
client->errorValue = stuff->id; /* EITHER font or gc */
- pFont = (FontPtr)SecurityLookupIDByType(client, stuff->id, RT_FONT,
- DixReadAccess);
- if (!pFont)
- {
- pGC = (GC *) SecurityLookupIDByType(client, stuff->id, RT_GC,
- DixReadAccess);
- if (!pGC)
- {
- client->errorValue = stuff->id;
- return(BadFont); /* procotol spec says only error is BadFont */
- }
- pFont = pGC->font;
+ rc = dixLookupResource((pointer *)&pFont, stuff->id, RT_FONT, client,
+ DixGetAttrAccess);
+ if (rc == BadValue) {
+ rc = dixLookupResource((pointer *)&pGC, stuff->id, RT_GC, client,
+ DixGetAttrAccess);
+ if (rc == Success)
+ pFont = pGC->font;
}
+ if (rc != Success)
+ return (rc == BadValue) ? BadFont: rc;
{
xCharInfo *pmax = FONTINKMAX(pFont);
@@ -1409,28 +1407,27 @@ ProcQueryFont(ClientPtr client)
int
ProcQueryTextExtents(ClientPtr client)
{
- REQUEST(xQueryTextExtentsReq);
xQueryTextExtentsReply reply;
FontPtr pFont;
GC *pGC;
ExtentInfoRec info;
unsigned long length;
-
+ int rc;
+ REQUEST(xQueryTextExtentsReq);
REQUEST_AT_LEAST_SIZE(xQueryTextExtentsReq);
- pFont = (FontPtr)SecurityLookupIDByType(client, stuff->fid, RT_FONT,
- DixReadAccess);
- if (!pFont)
- {
- pGC = (GC *)SecurityLookupIDByType(client, stuff->fid, RT_GC,
- DixReadAccess);
- if (!pGC)
- {
- client->errorValue = stuff->fid;
- return(BadFont);
- }
- pFont = pGC->font;
+ client->errorValue = stuff->fid; /* EITHER font or gc */
+ rc = dixLookupResource((pointer *)&pFont, stuff->fid, RT_FONT, client,
+ DixGetAttrAccess);
+ if (rc == BadValue) {
+ rc = dixLookupResource((pointer *)&pGC, stuff->fid, RT_GC, client,
+ DixGetAttrAccess);
+ if (rc == Success)
+ pFont = pGC->font;
}
+ if (rc != Success)
+ return (rc == BadValue) ? BadFont: rc;
+
length = client->req_len - (sizeof(xQueryTextExtentsReq) >> 2);
length = length << 1;
if (stuff->oddLength)
diff-tree e89301c8790df9fc49de13dd7c7f36e5340c0c31 (from 5bee8db003a5d552ee1d85bb6c40a3cb93bd6b2b)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Aug 16 10:57:49 2007 -0400
xace: add hooks + new access codes: core protocol client requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 2dc32a5..30f44fb 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -3519,9 +3519,14 @@ ProcGetFontPath(ClientPtr client)
int
ProcChangeCloseDownMode(ClientPtr client)
{
+ int rc;
REQUEST(xSetCloseDownModeReq);
-
REQUEST_SIZE_MATCH(xSetCloseDownModeReq);
+
+ rc = XaceHook(XACE_CLIENT_ACCESS, client, client, DixManageAccess);
+ if (rc != Success)
+ return rc;
+
if ((stuff->mode == AllTemporary) ||
(stuff->mode == RetainPermanent) ||
(stuff->mode == RetainTemporary))
diff --git a/dix/dixutils.c b/dix/dixutils.c
index e8d7daf..786f4e3 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -254,17 +254,25 @@ _X_EXPORT int
dixLookupClient(ClientPtr *pClient, XID rid, ClientPtr client, Mask access)
{
pointer pRes;
- int clientIndex = CLIENT_ID(rid);
- client->errorValue = rid;
+ int rc = BadValue, clientIndex = CLIENT_ID(rid);
- dixLookupResource(&pRes, rid, RC_ANY, client, access);
+ if (!clientIndex || !clients[clientIndex] || (rid & SERVER_BIT))
+ goto bad;
- if (clientIndex && pRes && clients[clientIndex] && !(rid & SERVER_BIT)) {
- *pClient = clients[clientIndex];
- return Success;
- }
+ rc = dixLookupResource(&pRes, rid, RC_ANY, client, DixGetAttrAccess);
+ if (rc != Success)
+ goto bad;
+
+ rc = XaceHook(XACE_CLIENT_ACCESS, client, clients[clientIndex], access);
+ if (rc != Success)
+ goto bad;
+
+ *pClient = clients[clientIndex];
+ return Success;
+bad:
+ client->errorValue = rid;
*pClient = NULL;
- return BadValue;
+ return rc;
}
int
diff-tree 5bee8db003a5d552ee1d85bb6c40a3cb93bd6b2b (from b82557c9fb60f11fd2696c8fb2ae17b9dfd915ed)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Aug 16 10:44:51 2007 -0400
xace: drop background-none checking hook, add new hook for controlling
access to other clients.
diff --git a/Xext/security.c b/Xext/security.c
index 0059245..bf414a5 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1197,16 +1197,6 @@ SecurityCheckMapAccess(CallbackListPtr *
}
static void
-SecurityCheckBackgrndAccess(CallbackListPtr *pcbl, pointer unused,
- pointer calldata)
-{
- XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
-
- if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
- rec->status = BadAccess;
-}
-
-static void
SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused,
pointer calldata)
{
@@ -1848,7 +1838,6 @@ SecurityExtensionInit(INITARGS)
XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL);
XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL);
XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL);
- XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
XaceRC(XACE_SERVER_ACCESS, SecurityCheckServerAccess, NULL);
diff --git a/Xext/xace.c b/Xext/xace.c
index de1887f..54e910f 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -113,8 +113,7 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
- case XACE_MAP_ACCESS:
- case XACE_BACKGRND_ACCESS: {
+ case XACE_MAP_ACCESS: {
XaceMapAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, WindowPtr),
@@ -124,6 +123,17 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
+ case XACE_CLIENT_ACCESS: {
+ XaceClientAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, ClientPtr),
+ va_arg(ap, Mask),
+ Success /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.status;
+ break;
+ }
case XACE_EXT_DISPATCH:
case XACE_EXT_ACCESS: {
XaceExtAccessRec rec = {
diff --git a/Xext/xace.h b/Xext/xace.h
index f7ff205..f1a6e9d 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -47,7 +47,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE
#define XACE_PROPERTY_ACCESS 4
#define XACE_DRAWABLE_ACCESS 5
#define XACE_MAP_ACCESS 6
-#define XACE_BACKGRND_ACCESS 7
+#define XACE_CLIENT_ACCESS 7
#define XACE_EXT_ACCESS 8
#define XACE_SERVER_ACCESS 9
#define XACE_SELECTION_ACCESS 10
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index e4db3a1..10c625b 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -71,13 +71,20 @@ typedef struct {
} XaceDrawableAccessRec;
/* XACE_MAP_ACCESS */
-/* XACE_BACKGRND_ACCESS */
typedef struct {
ClientPtr client;
WindowPtr pWin;
int status;
} XaceMapAccessRec;
+/* XACE_CLIENT_ACCESS */
+typedef struct {
+ ClientPtr client;
+ ClientPtr target;
+ Mask access_mode;
+ int status;
+} XaceClientAccessRec;
+
/* XACE_EXT_DISPATCH */
/* XACE_EXT_ACCESS */
typedef struct {
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9cb2f32..1ffd79d 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1157,15 +1157,6 @@ XSELinuxMap(CallbackListPtr *pcbl, point
} /* XSELinuxMap */
static void
-XSELinuxBackgrnd(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
- if (IDPerm(rec->client, rec->pWin->drawable.id,
- SECCLASS_WINDOW, WINDOW__TRANSPARENT) != Success)
- rec->status = BadAccess;
-} /* XSELinuxBackgrnd */
-
-static void
XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
@@ -1398,7 +1389,6 @@ XSELinuxExtensionInit(INITARGS)
XaceRegisterCallback(XACE_RESOURCE_ACCESS, XSELinuxResLookup, NULL);
XaceRegisterCallback(XACE_MAP_ACCESS, XSELinuxMap, NULL);
XaceRegisterCallback(XACE_SERVER_ACCESS, XSELinuxServer, NULL);
- XaceRegisterCallback(XACE_BACKGRND_ACCESS, XSELinuxBackgrnd, NULL);
XaceRegisterCallback(XACE_DRAWABLE_ACCESS, XSELinuxDrawable, NULL);
XaceRegisterCallback(XACE_PROPERTY_ACCESS, XSELinuxProperty, NULL);
/* XaceRegisterCallback(XACE_DECLARE_EXT_SECURE, XSELinuxDeclare, NULL);
diff-tree b82557c9fb60f11fd2696c8fb2ae17b9dfd915ed (from 568ae737d1d5d476a0bf85659d88910c4e0ef5e0)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Aug 16 10:36:05 2007 -0400
xace: add hooks + new access codes: core protocol screensaver requests
diff --git a/Xext/dpms.c b/Xext/dpms.c
index aced406..97622cb 100644
--- a/Xext/dpms.c
+++ b/Xext/dpms.c
@@ -218,7 +218,7 @@ ProcDPMSDisable(client)
REQUEST_SIZE_MATCH(xDPMSDisableReq);
- DPMSSet(DPMSModeOn);
+ DPMSSet(client, DPMSModeOn);
DPMSEnabled = FALSE;
@@ -253,7 +253,7 @@ ProcDPMSForceLevel(client)
return BadValue;
}
- DPMSSet(stuff->level);
+ DPMSSet(client, stuff->level);
return(client->noClientException);
}
diff --git a/Xext/dpmsproc.h b/Xext/dpmsproc.h
index f5485ea..d57f573 100644
--- a/Xext/dpmsproc.h
+++ b/Xext/dpmsproc.h
@@ -8,7 +8,9 @@
#ifndef _DPMSPROC_H_
#define _DPMSPROC_H_
-void DPMSSet(int level);
+#include "dixstruct.h"
+
+int DPMSSet(ClientPtr client, int level);
int DPMSGet(int *plevel);
Bool DPMSSupported(void);
diff --git a/Xext/dpmsstubs.c b/Xext/dpmsstubs.c
index 9f99a2d..8d58935 100644
--- a/Xext/dpmsstubs.c
+++ b/Xext/dpmsstubs.c
@@ -46,7 +46,7 @@ int DPMSGet(int *plevel)
return -1;
}
-void DPMSSet(int level)
+int DPMSSet(ClientPtr client, int level)
{
}
diff --git a/Xext/saver.c b/Xext/saver.c
index a9f1dd3..dabfbea 100644
--- a/Xext/saver.c
+++ b/Xext/saver.c
@@ -454,8 +454,8 @@ ScreenSaverFreeAttr (value, id)
pPriv->attr = NULL;
if (pPriv->hasWindow)
{
- SaveScreens (SCREEN_SAVER_FORCER, ScreenSaverReset);
- SaveScreens (SCREEN_SAVER_FORCER, ScreenSaverActive);
+ SaveScreens (serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset);
+ SaveScreens (serverClient, SCREEN_SAVER_FORCER, ScreenSaverActive);
}
CheckScreenPrivate (pScreen);
return TRUE;
diff --git a/Xext/xtest.c b/Xext/xtest.c
index 94d8974..8d879c7 100644
--- a/Xext/xtest.c
+++ b/Xext/xtest.c
@@ -458,7 +458,7 @@ ProcXTestFakeInput(client)
break;
}
if (screenIsSaved == SCREEN_SAVER_ON)
- SaveScreens(SCREEN_SAVER_OFF, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_OFF, ScreenSaverReset);
ev->u.keyButtonPointer.time = currentTime.milliseconds;
(*dev->public.processInputProc)(ev, dev, nev);
return client->noClientException;
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 0bf92de..2dc32a5 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -3244,10 +3244,17 @@ ProcQueryBestSize (ClientPtr client)
int
ProcSetScreenSaver (ClientPtr client)
{
- int blankingOption, exposureOption;
+ int rc, i, blankingOption, exposureOption;
REQUEST(xSetScreenSaverReq);
-
REQUEST_SIZE_MATCH(xSetScreenSaverReq);
+
+ for (i = 0; i < screenInfo.numScreens; i++) {
+ rc = XaceHook(XACE_SCREENSAVER_ACCESS, client, screenInfo.screens[i],
+ DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
+ }
+
blankingOption = stuff->preferBlank;
if ((blankingOption != DontPreferBlanking) &&
(blankingOption != PreferBlanking) &&
@@ -3301,8 +3308,16 @@ int
ProcGetScreenSaver(ClientPtr client)
{
xGetScreenSaverReply rep;
-
+ int rc, i;
REQUEST_SIZE_MATCH(xReq);
+
+ for (i = 0; i < screenInfo.numScreens; i++) {
+ rc = XaceHook(XACE_SCREENSAVER_ACCESS, client, screenInfo.screens[i],
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+ }
+
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -3523,6 +3538,7 @@ ProcChangeCloseDownMode(ClientPtr client
int ProcForceScreenSaver(ClientPtr client)
{
+ int rc;
REQUEST(xForceScreenSaverReq);
REQUEST_SIZE_MATCH(xForceScreenSaverReq);
@@ -3533,7 +3549,9 @@ int ProcForceScreenSaver(ClientPtr clien
client->errorValue = stuff->mode;
return BadValue;
}
- SaveScreens(SCREEN_SAVER_FORCER, (int)stuff->mode);
+ rc = SaveScreens(client, SCREEN_SAVER_FORCER, (int)stuff->mode);
+ if (rc != Success)
+ return rc;
return client->noClientException;
}
diff --git a/dix/main.c b/dix/main.c
index 4ae09dc..3e5d0e4 100644
--- a/dix/main.c
+++ b/dix/main.c
@@ -430,7 +430,7 @@ main(int argc, char *argv[], char *envp[
for (i = 0; i < screenInfo.numScreens; i++)
InitRootWindow(WindowTable[i]);
DefineInitialRootWindow(WindowTable[0]);
- SaveScreens(SCREEN_SAVER_FORCER, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset);
#ifdef PANORAMIX
if (!noPanoramiXExtension) {
@@ -449,7 +449,7 @@ main(int argc, char *argv[], char *envp[
/* Now free up whatever must be freed */
if (screenIsSaved == SCREEN_SAVER_ON)
- SaveScreens(SCREEN_SAVER_OFF, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_OFF, ScreenSaverReset);
FreeScreenSaverTimer();
CloseDownExtensions();
diff --git a/dix/window.c b/dix/window.c
index 9d1947a..597c55d 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -3369,12 +3369,10 @@ static void DrawLogo(
);
#endif
-_X_EXPORT void
-SaveScreens(int on, int mode)
+_X_EXPORT int
+SaveScreens(ClientPtr client, int on, int mode)
{
- int i;
- int what;
- int type;
+ int rc, i, what, type;
if (on == SCREEN_SAVER_FORCER)
{
@@ -3393,6 +3391,13 @@ SaveScreens(int on, int mode)
if (what == screenIsSaved)
type = SCREEN_SAVER_CYCLE;
}
+
+ for (i = 0; i < screenInfo.numScreens; i++) {
+ rc = XaceHook(XACE_SCREENSAVER_ACCESS, client, screenInfo.screens[i],
+ DixShowAccess | DixHideAccess);
+ if (rc != Success)
+ return rc;
+ }
for (i = 0; i < screenInfo.numScreens; i++)
{
if (on == SCREEN_SAVER_FORCER)
@@ -3480,6 +3485,7 @@ SaveScreens(int on, int mode)
screenIsSaved = what;
if (mode == ScreenSaverReset)
SetScreenSaverTimer();
+ return Success;
}
static Bool
diff --git a/hw/darwin/darwinEvents.c b/hw/darwin/darwinEvents.c
index 3d7f268..97ad857 100644
--- a/hw/darwin/darwinEvents.c
+++ b/hw/darwin/darwinEvents.c
@@ -276,7 +276,7 @@ void ProcessInputEvents(void) {
while (darwinEventQueue.head != darwinEventQueue.tail)
{
if (screenIsSaved == SCREEN_SAVER_ON)
- SaveScreens (SCREEN_SAVER_OFF, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_OFF, ScreenSaverReset);
e = &darwinEventQueue.events[darwinEventQueue.head];
xe = e->event;
diff --git a/hw/dmx/dmxdpms.c b/hw/dmx/dmxdpms.c
index 5c176df..ea0d66c 100644
--- a/hw/dmx/dmxdpms.c
+++ b/hw/dmx/dmxdpms.c
@@ -175,7 +175,7 @@ void dmxDPMSTerm(DMXScreenInfo *dmxScree
void dmxDPMSWakeup(void)
{
if (screenIsSaved == SCREEN_SAVER_ON)
- SaveScreens(SCREEN_SAVER_OFF, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_OFF, ScreenSaverReset);
#ifdef DPMSExtension
if (DPMSPowerLevel) DPMSSet(0);
#endif
diff --git a/hw/xfree86/common/xf86DPMS.c b/hw/xfree86/common/xf86DPMS.c
index 3aa83e8..a4ae67e 100644
--- a/hw/xfree86/common/xf86DPMS.c
+++ b/hw/xfree86/common/xf86DPMS.c
@@ -144,20 +144,23 @@ DPMSClose(int i, ScreenPtr pScreen)
* Device dependent DPMS mode setting hook. This is called whenever
* the DPMS mode is to be changed.
*/
-_X_EXPORT void
-DPMSSet(int level)
+_X_EXPORT int
+DPMSSet(ClientPtr client, int level)
{
- int i;
+ int rc, i;
DPMSPtr pDPMS;
ScrnInfoPtr pScrn;
DPMSPowerLevel = level;
if (DPMSIndex < 0)
- return;
+ return Success;
- if (level != DPMSModeOn)
- SaveScreens(SCREEN_SAVER_FORCER, ScreenSaverActive);
+ if (level != DPMSModeOn) {
+ rc = SaveScreens(client, SCREEN_SAVER_FORCER, ScreenSaverActive);
+ if (rc != Success)
+ return rc;
+ }
/* For each screen, set the DPMS level */
for (i = 0; i < xf86NumScreens; i++) {
@@ -168,6 +171,7 @@ DPMSSet(int level)
pScrn->DPMSSet(pScrn, level, 0);
}
}
+ return Success;
}
diff --git a/hw/xfree86/common/xf86Events.c b/hw/xfree86/common/xf86Events.c
index dd9c34e..7c2c250 100644
--- a/hw/xfree86/common/xf86Events.c
+++ b/hw/xfree86/common/xf86Events.c
@@ -853,7 +853,7 @@ xf86VTSwitch()
#endif
#ifdef DPMSExtension
if (DPMSPowerLevel != DPMSModeOn)
- DPMSSet(DPMSModeOn);
+ DPMSSet(serverClient, DPMSModeOn);
#endif
for (i = 0; i < xf86NumScreens; i++) {
if (!(dispatchException & DE_TERMINATE))
@@ -902,7 +902,7 @@ xf86VTSwitch()
(*xf86Screens[i]->EnableDisableFBAccess) (i, TRUE);
}
}
- SaveScreens(SCREEN_SAVER_FORCER, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset);
pInfo = xf86InputDevs;
while (pInfo) {
@@ -966,7 +966,7 @@ xf86VTSwitch()
}
/* Turn screen saver off when switching back */
- SaveScreens(SCREEN_SAVER_FORCER,ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset);
pInfo = xf86InputDevs;
while (pInfo) {
diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
index bf7dac6..27bc9ad 100644
--- a/hw/xfree86/common/xf86Init.c
+++ b/hw/xfree86/common/xf86Init.c
@@ -1086,7 +1086,7 @@ AbortDDX()
#endif
#ifdef DPMSExtension /* Turn screens back on */
if (DPMSPowerLevel != DPMSModeOn)
- DPMSSet(DPMSModeOn);
+ DPMSSet(serverClient, DPMSModeOn);
#endif
if (xf86Screens) {
if (xf86Screens[0]->vtSema)
diff --git a/hw/xfree86/common/xf86PM.c b/hw/xfree86/common/xf86PM.c
index a6bcc34..278a514 100644
--- a/hw/xfree86/common/xf86PM.c
+++ b/hw/xfree86/common/xf86PM.c
@@ -116,7 +116,7 @@ resume(pmEvent event, Bool undo)
if (xf86Screens[i]->EnableDisableFBAccess)
(*xf86Screens[i]->EnableDisableFBAccess) (i, TRUE);
}
- SaveScreens(SCREEN_SAVER_FORCER, ScreenSaverReset);
+ SaveScreens(serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset);
pInfo = xf86InputDevs;
while (pInfo) {
EnableDevice(pInfo->dev);
diff --git a/include/window.h b/include/window.h
index 472f379..d5437a7 100644
--- a/include/window.h
+++ b/include/window.h
@@ -207,9 +207,10 @@ extern RegionPtr NotClippedByChildren(
extern void SendVisibilityNotify(
WindowPtr /*pWin*/);
-extern void SaveScreens(
- int /*on*/,
- int /*mode*/);
+extern int SaveScreens(
+ ClientPtr client,
+ int on,
+ int mode);
extern WindowPtr FindWindowWithOptional(
WindowPtr /*w*/);
diff --git a/mi/mieq.c b/mi/mieq.c
index 20c4b62..5093023 100644
--- a/mi/mieq.c
+++ b/mi/mieq.c
@@ -200,13 +200,13 @@ mieqProcessInputEvents(void)
while (miEventQueue.head != miEventQueue.tail) {
if (screenIsSaved == SCREEN_SAVER_ON)
- SaveScreens (SCREEN_SAVER_OFF, ScreenSaverReset);
+ SaveScreens (serverClient, SCREEN_SAVER_OFF, ScreenSaverReset);
#ifdef DPMSExtension
else if (DPMSPowerLevel != DPMSModeOn)
SetScreenSaverTimer();
if (DPMSPowerLevel != DPMSModeOn)
- DPMSSet(DPMSModeOn);
+ DPMSSet(serverClient, DPMSModeOn);
#endif
e = &miEventQueue.events[miEventQueue.head];
diff --git a/os/WaitFor.c b/os/WaitFor.c
index ec1592c..1ef79bc 100644
--- a/os/WaitFor.c
+++ b/os/WaitFor.c
@@ -583,7 +583,7 @@ TimerInit(void)
#define DPMS_CHECK_MODE(mode,time)\
if (time > 0 && DPMSPowerLevel < mode && timeout >= time)\
- DPMSSet(mode);
+ DPMSSet(serverClient, mode);
#define DPMS_CHECK_TIMEOUT(time)\
if (time > 0 && (time - timeout) > 0)\
@@ -652,7 +652,7 @@ ScreenSaverTimeoutExpire(OsTimerPtr time
}
ResetOsBuffers(); /* not ideal, but better than nothing */
- SaveScreens(SCREEN_SAVER_ON, ScreenSaverActive);
+ SaveScreens(serverClient, SCREEN_SAVER_ON, ScreenSaverActive);
if (ScreenSaverInterval > 0)
{
diff-tree 568ae737d1d5d476a0bf85659d88910c4e0ef5e0 (from 3c9553ac2cac7f3a41966def44a50d722d7e645b)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Aug 15 14:14:45 2007 -0400
xace: add hooks + new access codes: core protocol server requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 8cca44b..0bf92de 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1169,6 +1169,7 @@ ProcConvertSelection(ClientPtr client)
int
ProcGrabServer(ClientPtr client)
{
+ int rc;
REQUEST_SIZE_MATCH(xReq);
if (grabState != GrabNone && client != grabClient)
{
@@ -1178,7 +1179,9 @@ ProcGrabServer(ClientPtr client)
IgnoreClient(client);
return(client->noClientException);
}
- OnlyListenToOneClient(client);
+ rc = OnlyListenToOneClient(client);
+ if (rc != Success)
+ return rc;
grabState = GrabKickout;
grabClient = client;
@@ -3478,12 +3481,14 @@ int
ProcGetFontPath(ClientPtr client)
{
xGetFontPathReply reply;
- int stringLens, numpaths;
+ int rc, stringLens, numpaths;
unsigned char *bufferStart;
/* REQUEST (xReq); */
REQUEST_SIZE_MATCH(xReq);
- bufferStart = GetFontPath(&numpaths, &stringLens);
+ rc = GetFontPath(client, &numpaths, &stringLens, &bufferStart);
+ if (rc != Success)
+ return rc;
reply.type = X_Reply;
reply.sequenceNumber = client->sequence;
diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index c21b3ec..4ea6302 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -65,6 +65,7 @@ Equipment Corporation.
#include "dixfontstr.h"
#include "closestr.h"
#include "dixfont.h"
+#include "xace.h"
#ifdef DEBUG
#include <stdio.h>
@@ -833,6 +834,10 @@ ListFonts(ClientPtr client, unsigned cha
if (length > XLFDMAXFONTNAMELEN)
return BadAlloc;
+ i = XaceHook(XACE_SERVER_ACCESS, client, DixGetAttrAccess);
+ if (i != Success)
+ return i;
+
if (!(c = (LFclosurePtr) xalloc(sizeof *c)))
return BadAlloc;
c->fpe_list = (FontPathElementPtr *)
@@ -1105,6 +1110,10 @@ StartListFontsWithInfo(ClientPtr client,
if (length > XLFDMAXFONTNAMELEN)
return BadAlloc;
+ i = XaceHook(XACE_SERVER_ACCESS, client, DixGetAttrAccess);
+ if (i != Success)
+ return i;
+
if (!(c = (LFWIclosurePtr) xalloc(sizeof *c)))
goto badAlloc;
c->fpe_list = (FontPathElementPtr *)
@@ -1771,7 +1780,9 @@ bail:
int
SetFontPath(ClientPtr client, int npaths, unsigned char *paths, int *error)
{
- int err = Success;
+ int err = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
+ if (err != Success)
+ return err;
if (npaths == 0) {
if (SetDefaultFontPath(defaultFontPath) != Success)
@@ -1823,14 +1834,18 @@ SetDefaultFontPath(char *path)
return err;
}
-unsigned char *
-GetFontPath(int *count, int *length)
+int
+GetFontPath(ClientPtr client, int *count, int *length, unsigned char **result)
{
int i;
unsigned char *c;
int len;
FontPathElementPtr fpe;
+ i = XaceHook(XACE_SERVER_ACCESS, client, DixGetAttrAccess);
+ if (i != Success)
+ return i;
+
len = 0;
for (i = 0; i < num_fpes; i++) {
fpe = font_path_elements[i];
@@ -1838,7 +1853,7 @@ GetFontPath(int *count, int *length)
}
font_path_string = (unsigned char *) xrealloc(font_path_string, len);
if (!font_path_string)
- return NULL;
+ return BadAlloc;
c = font_path_string;
*length = 0;
@@ -1850,7 +1865,8 @@ GetFontPath(int *count, int *length)
c += fpe->name_length;
}
*count = num_fpes;
- return font_path_string;
+ *result = font_path_string;
+ return Success;
}
_X_EXPORT int
diff --git a/hw/dmx/dmxfont.c b/hw/dmx/dmxfont.c
index 500b568..e5f8635 100644
--- a/hw/dmx/dmxfont.c
+++ b/hw/dmx/dmxfont.c
@@ -66,7 +66,7 @@ static char **dmxGetFontPath(int *npaths
char *newfp;
int len, l, i;
- paths = GetFontPath(npaths, &len);
+ GetFontPath(serverClient, npaths, &len, &paths);
newfp = xalloc(*npaths + len);
c = (unsigned char *)newfp;
@@ -194,7 +194,7 @@ static int dmxProcSetFontPath(ClientPtr
if (total >= 4)
return BadLength;
- tmpFontPath = GetFontPath(&nOldPaths, &lenOldPaths);
+ GetFontPath(serverClient, &nOldPaths, &lenOldPaths, &tmpFontPath);
oldFontPath = xalloc(nOldPaths + lenOldPaths);
memmove(oldFontPath, tmpFontPath, nOldPaths + lenOldPaths);
diff --git a/include/dixfont.h b/include/dixfont.h
index 709da62..54017ce 100644
--- a/include/dixfont.h
+++ b/include/dixfont.h
@@ -105,8 +105,10 @@ extern int SetFontPath(ClientPtr /*clien
extern int SetDefaultFontPath(char * /*path*/);
-extern unsigned char *GetFontPath(int * /*count*/,
- int * /*length*/);
+extern int GetFontPath(ClientPtr client,
+ int *count,
+ int *length,
+ unsigned char **result);
extern int LoadGlyphs(ClientPtr /*client*/,
FontPtr /*pfont*/,
diff --git a/include/os.h b/include/os.h
index 3d68947..891f331 100644
--- a/include/os.h
+++ b/include/os.h
@@ -155,7 +155,7 @@ extern void AddEnabledDevice(int /*fd*/)
extern void RemoveEnabledDevice(int /*fd*/);
-extern void OnlyListenToOneClient(ClientPtr /*client*/);
+extern int OnlyListenToOneClient(ClientPtr /*client*/);
extern void ListenToAllClients(void);
diff --git a/os/access.c b/os/access.c
index b049acc..33b2eb6 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1493,17 +1493,20 @@ LocalClientCredAndGroups(ClientPtr clien
#endif
}
-static Bool
+static int
AuthorizedClient(ClientPtr client)
{
+ int rc;
+
if (!client || defeatAccessControl)
- return TRUE;
+ return Success;
/* untrusted clients can't change host access */
- if (XaceHook(XACE_SERVER_ACCESS, client, DixWriteAccess) != Success)
- return FALSE;
+ rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
+ if (rc != Success)
+ return rc;
- return LocalClient(client);
+ return LocalClient(client) ? Success : BadAccess;
}
/* Add a host to the access control list. This is the external interface
@@ -1515,10 +1518,11 @@ AddHost (ClientPtr client,
unsigned length, /* of bytes in pAddr */
pointer pAddr)
{
- int len;
+ int rc, len;
- if (!AuthorizedClient(client))
- return(BadAccess);
+ rc = AuthorizedClient(client);
+ if (rc != Success)
+ return rc;
switch (family) {
case FamilyLocalHost:
len = length;
@@ -1612,11 +1616,12 @@ RemoveHost (
unsigned length, /* of bytes in pAddr */
pointer pAddr)
{
- int len;
+ int rc, len;
register HOST *host, **prev;
- if (!AuthorizedClient(client))
- return(BadAccess);
+ rc = AuthorizedClient(client);
+ if (rc != Success)
+ return rc;
switch (family) {
case FamilyLocalHost:
len = length;
@@ -1873,8 +1878,9 @@ ChangeAccessControl(
ClientPtr client,
int fEnabled)
{
- if (!AuthorizedClient(client))
- return BadAccess;
+ int rc = AuthorizedClient(client);
+ if (rc != Success)
+ return rc;
AccessEnabled = fEnabled;
return Success;
}
diff --git a/os/connection.c b/os/connection.c
index c1152aa..afe392c 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -1081,11 +1081,15 @@ RemoveEnabledDevice(int fd)
* This routine is "undone" by ListenToAllClients()
*****************/
-void
+int
OnlyListenToOneClient(ClientPtr client)
{
OsCommPtr oc = (OsCommPtr)client->osPrivate;
- int connection = oc->fd;
+ int rc, connection = oc->fd;
+
+ rc = XaceHook(XACE_SERVER_ACCESS, client, DixGrabAccess);
+ if (rc != Success)
+ return rc;
if (! GrabInProgress)
{
@@ -1106,6 +1110,7 @@ OnlyListenToOneClient(ClientPtr client)
XFD_ORSET(&AllSockets, &AllSockets, &AllClients);
GrabInProgress = client->index;
}
+ return rc;
}
/****************
diff-tree 3c9553ac2cac7f3a41966def44a50d722d7e645b (from dc84bb3418933297a8c005070902d9a91ed3d18f)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Aug 15 14:14:25 2007 -0400
xace: rename hostlist security hook to "server" as this hook will be used
for other types of server access besides just the host list.
diff --git a/Xext/security.c b/Xext/security.c
index 9e3b2dd..0059245 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1222,10 +1222,10 @@ SecurityCheckExtAccess(CallbackListPtr *
}
static void
-SecurityCheckHostlistAccess(CallbackListPtr *pcbl, pointer unused,
- pointer calldata)
+SecurityCheckServerAccess(CallbackListPtr *pcbl, pointer unused,
+ pointer calldata)
{
- XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata;
+ XaceServerAccessRec *rec = (XaceServerAccessRec*)calldata;
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
{
@@ -1851,5 +1851,5 @@ SecurityExtensionInit(INITARGS)
XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
- XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL);
+ XaceRC(XACE_SERVER_ACCESS, SecurityCheckServerAccess, NULL);
} /* SecurityExtensionInit */
diff --git a/Xext/xace.c b/Xext/xace.c
index 50361d0..de1887f 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -135,8 +135,8 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
- case XACE_HOSTLIST_ACCESS: {
- XaceHostlistAccessRec rec = {
+ case XACE_SERVER_ACCESS: {
+ XaceServerAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, Mask),
Success /* default allow */
diff --git a/Xext/xace.h b/Xext/xace.h
index e2982cf..f7ff205 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -49,7 +49,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE
#define XACE_MAP_ACCESS 6
#define XACE_BACKGRND_ACCESS 7
#define XACE_EXT_ACCESS 8
-#define XACE_HOSTLIST_ACCESS 9
+#define XACE_SERVER_ACCESS 9
#define XACE_SELECTION_ACCESS 10
#define XACE_SCREEN_ACCESS 11
#define XACE_SCREENSAVER_ACCESS 12
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 8d09251..e4db3a1 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -86,12 +86,12 @@ typedef struct {
int status;
} XaceExtAccessRec;
-/* XACE_HOSTLIST_ACCESS */
+/* XACE_SERVER_ACCESS */
typedef struct {
ClientPtr client;
Mask access_mode;
int status;
-} XaceHostlistAccessRec;
+} XaceServerAccessRec;
/* XACE_SELECTION_ACCESS */
typedef struct {
@@ -101,6 +101,8 @@ typedef struct {
int status;
} XaceSelectionAccessRec;
+/* XACE_SCREEN_ACCESS */
+/* XACE_SCREENSAVER_ACCESS */
typedef struct {
ClientPtr client;
ScreenPtr screen;
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 038ec59..9cb2f32 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1175,15 +1175,15 @@ XSELinuxDrawable(CallbackListPtr *pcbl,
} /* XSELinuxDrawable */
static void
-XSELinuxHostlist(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+XSELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
- XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata;
+ XaceServerAccessRec *rec = (XaceServerAccessRec*)calldata;
access_vector_t perm = (rec->access_mode == DixReadAccess) ?
XSERVER__GETHOSTLIST : XSERVER__SETHOSTLIST;
if (ServerPerm(rec->client, SECCLASS_XSERVER, perm) != Success)
rec->status = BadAccess;
-} /* XSELinuxHostlist */
+} /* XSELinuxServer */
/* Extension callbacks */
static void
@@ -1397,7 +1397,7 @@ XSELinuxExtensionInit(INITARGS)
XaceRegisterCallback(XACE_EXT_DISPATCH, XSELinuxExtDispatch, NULL);
XaceRegisterCallback(XACE_RESOURCE_ACCESS, XSELinuxResLookup, NULL);
XaceRegisterCallback(XACE_MAP_ACCESS, XSELinuxMap, NULL);
- XaceRegisterCallback(XACE_HOSTLIST_ACCESS, XSELinuxHostlist, NULL);
+ XaceRegisterCallback(XACE_SERVER_ACCESS, XSELinuxServer, NULL);
XaceRegisterCallback(XACE_BACKGRND_ACCESS, XSELinuxBackgrnd, NULL);
XaceRegisterCallback(XACE_DRAWABLE_ACCESS, XSELinuxDrawable, NULL);
XaceRegisterCallback(XACE_PROPERTY_ACCESS, XSELinuxProperty, NULL);
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 4a9064d..8cca44b 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -3346,7 +3346,7 @@ ProcListHosts(ClientPtr client)
REQUEST_SIZE_MATCH(xListHostsReq);
/* untrusted clients can't list hosts */
- result = XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess);
+ result = XaceHook(XACE_SERVER_ACCESS, client, DixReadAccess);
if (result != Success)
return result;
diff --git a/os/access.c b/os/access.c
index 8d96e04..b049acc 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1500,7 +1500,7 @@ AuthorizedClient(ClientPtr client)
return TRUE;
/* untrusted clients can't change host access */
- if (XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess) != Success)
+ if (XaceHook(XACE_SERVER_ACCESS, client, DixWriteAccess) != Success)
return FALSE;
return LocalClient(client);
diff-tree dc84bb3418933297a8c005070902d9a91ed3d18f (from b424e01ec59d9600a02823f1522949325797268c)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Aug 15 14:13:53 2007 -0400
xace: add hooks + new access codes: core protocol cursor requests
diff --git a/dix/cursor.c b/dix/cursor.c
index d903124..b188e3f 100644
--- a/dix/cursor.c
+++ b/dix/cursor.c
@@ -59,6 +59,7 @@ SOFTWARE.
#include "cursorstr.h"
#include "dixfontstr.h"
#include "opaque.h"
+#include "xace.h"
typedef struct _GlyphShare {
FontPtr font;
@@ -161,23 +162,25 @@ CheckForEmptyMask(CursorBitsPtr bits)
* \param pmaskbits server-defined padding
* \param argb no padding
*/
-CursorPtr
-AllocCursorARGB(unsigned char *psrcbits, unsigned char *pmaskbits, CARD32 *argb,
- CursorMetricPtr cm,
- unsigned foreRed, unsigned foreGreen, unsigned foreBlue,
- unsigned backRed, unsigned backGreen, unsigned backBlue)
+int
+AllocARGBCursor(unsigned char *psrcbits, unsigned char *pmaskbits,
+ CARD32 *argb, CursorMetricPtr cm,
+ unsigned foreRed, unsigned foreGreen, unsigned foreBlue,
+ unsigned backRed, unsigned backGreen, unsigned backBlue,
+ CursorPtr *ppCurs, ClientPtr client, XID cid)
{
CursorBitsPtr bits;
CursorPtr pCurs;
- int nscr;
+ int rc, nscr;
ScreenPtr pscr;
+ *ppCurs = NULL;
pCurs = (CursorPtr)xalloc(sizeof(CursorRec) + sizeof(CursorBits));
if (!pCurs)
{
xfree(psrcbits);
xfree(pmaskbits);
- return (CursorPtr)NULL;
+ return BadAlloc;
}
bits = (CursorBitsPtr)((char *)pCurs + sizeof(CursorRec));
bits->source = psrcbits;
@@ -207,6 +210,15 @@ AllocCursorARGB(unsigned char *psrcbits,
pCurs->backGreen = backGreen;
pCurs->backBlue = backBlue;
+ /* security creation/labeling check */
+ rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, RT_CURSOR,
+ DixCreateAccess, pCurs);
+ if (rc != Success) {
+ FreeCursorBits(bits);
+ xfree(pCurs);
+ return rc;
+ }
+
/*
* realize the cursor for every screen
*/
@@ -222,59 +234,43 @@ AllocCursorARGB(unsigned char *psrcbits,
}
FreeCursorBits(bits);
xfree(pCurs);
- return (CursorPtr)NULL;
+ return BadAlloc;
}
}
- return pCurs;
-}
-
-/**
- *
- * \param psrcbits server-defined padding
- * \param pmaskbits server-defined padding
- */
-CursorPtr
-AllocCursor(unsigned char *psrcbits, unsigned char *pmaskbits,
- CursorMetricPtr cm,
- unsigned foreRed, unsigned foreGreen, unsigned foreBlue,
- unsigned backRed, unsigned backGreen, unsigned backBlue)
-{
- return AllocCursorARGB (psrcbits, pmaskbits, (CARD32 *) 0, cm,
- foreRed, foreGreen, foreBlue,
- backRed, backGreen, backBlue);
+ *ppCurs = pCurs;
+ return rc;
}
int
AllocGlyphCursor(Font source, unsigned sourceChar, Font mask, unsigned maskChar,
unsigned foreRed, unsigned foreGreen, unsigned foreBlue,
unsigned backRed, unsigned backGreen, unsigned backBlue,
- CursorPtr *ppCurs, ClientPtr client)
+ CursorPtr *ppCurs, ClientPtr client, XID cid)
{
FontPtr sourcefont, maskfont;
unsigned char *srcbits;
unsigned char *mskbits;
CursorMetricRec cm;
- int res;
+ int rc;
CursorBitsPtr bits;
CursorPtr pCurs;
int nscr;
ScreenPtr pscr;
GlyphSharePtr pShare;
- sourcefont = (FontPtr) SecurityLookupIDByType(client, source, RT_FONT,
- DixReadAccess);
- maskfont = (FontPtr) SecurityLookupIDByType(client, mask, RT_FONT,
- DixReadAccess);
-
- if (!sourcefont)
+ rc = dixLookupResource((pointer *)&sourcefont, source, RT_FONT, client,
+ DixUseAccess);
+ if (rc != Success)
{
client->errorValue = source;
- return(BadFont);
+ return (rc == BadValue) ? BadFont : rc;
}
- if (!maskfont && (mask != None))
+ rc = dixLookupResource((pointer *)&maskfont, mask, RT_FONT, client,
+ DixUseAccess);
+ if (rc != Success && mask != None)
{
client->errorValue = mask;
- return(BadFont);
+ return (rc == BadValue) ? BadFont : rc;
}
if (sourcefont != maskfont)
pShare = (GlyphSharePtr)NULL;
@@ -322,13 +318,13 @@ AllocGlyphCursor(Font source, unsigned s
client->errorValue = maskChar;
return BadValue;
}
- if ((res = ServerBitsFromGlyph(maskfont, maskChar, &cm, &mskbits)) != 0)
- return res;
+ if ((rc = ServerBitsFromGlyph(maskfont, maskChar, &cm, &mskbits)))
+ return rc;
}
- if ((res = ServerBitsFromGlyph(sourcefont, sourceChar, &cm, &srcbits)) != 0)
+ if ((rc = ServerBitsFromGlyph(sourcefont, sourceChar, &cm, &srcbits)))
{
xfree(mskbits);
- return res;
+ return rc;
}
if (sourcefont != maskfont)
{
@@ -398,6 +394,15 @@ AllocGlyphCursor(Font source, unsigned s
pCurs->backGreen = backGreen;
pCurs->backBlue = backBlue;
+ /* security creation/labeling check */
+ rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, RT_CURSOR,
+ DixCreateAccess, pCurs);
+ if (rc != Success) {
+ FreeCursorBits(bits);
+ xfree(pCurs);
+ return rc;
+ }
+
/*
* realize the cursor for every screen
*/
@@ -447,7 +452,8 @@ CreateRootCursor(char *unused1, unsigned
cm.xhot = 0;
cm.yhot = 0;
- curs = AllocCursor(NULL, NULL, &cm, 0, 0, 0, 0, 0, 0);
+ AllocARGBCursor(NULL, NULL, NULL, &cm, 0, 0, 0, 0, 0, 0,
+ &curs, serverClient, (XID)0);
if (curs == NullCursor)
return NullCursor;
@@ -461,8 +467,8 @@ CreateRootCursor(char *unused1, unsigned
cursorfont = (FontPtr)LookupIDByType(fontID, RT_FONT);
if (!cursorfont)
return NullCursor;
- if (AllocGlyphCursor(fontID, 0, fontID, 1,
- 0, 0, 0, ~0, ~0, ~0, &curs, serverClient) != Success)
+ if (AllocGlyphCursor(fontID, 0, fontID, 1, 0, 0, 0, ~0, ~0, ~0,
+ &curs, serverClient, (XID)0) != Success)
return NullCursor;
#endif
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 4260799..4a9064d 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -3070,28 +3070,28 @@ ProcCreateCursor (ClientPtr client)
unsigned short width, height;
long n;
CursorMetricRec cm;
-
+ int rc;
REQUEST(xCreateCursorReq);
REQUEST_SIZE_MATCH(xCreateCursorReq);
LEGAL_NEW_RESOURCE(stuff->cid, client);
- src = (PixmapPtr)SecurityLookupIDByType(client, stuff->source,
- RT_PIXMAP, DixReadAccess);
- msk = (PixmapPtr)SecurityLookupIDByType(client, stuff->mask,
- RT_PIXMAP, DixReadAccess);
- if ( src == (PixmapPtr)NULL)
- {
+ rc = dixLookupResource((pointer *)&src, stuff->source, RT_PIXMAP, client,
+ DixReadAccess);
+ if (rc != Success) {
client->errorValue = stuff->source;
- return (BadPixmap);
+ return (rc == BadValue) ? BadPixmap : rc;
}
- if ( msk == (PixmapPtr)NULL)
+
+ rc = dixLookupResource((pointer *)&msk, stuff->mask, RT_PIXMAP, client,
+ DixReadAccess);
+ if (rc != Success)
{
if (stuff->mask != None)
{
client->errorValue = stuff->mask;
- return (BadPixmap);
+ return (rc == BadValue) ? BadPixmap : rc;
}
}
else if ( src->drawable.width != msk->drawable.width
@@ -3139,13 +3139,17 @@ ProcCreateCursor (ClientPtr client)
cm.height = height;
cm.xhot = stuff->x;
cm.yhot = stuff->y;
- pCursor = AllocCursor( srcbits, mskbits, &cm,
- stuff->foreRed, stuff->foreGreen, stuff->foreBlue,
- stuff->backRed, stuff->backGreen, stuff->backBlue);
+ rc = AllocARGBCursor(srcbits, mskbits, NULL, &cm,
+ stuff->foreRed, stuff->foreGreen, stuff->foreBlue,
+ stuff->backRed, stuff->backGreen, stuff->backBlue,
+ &pCursor, client, stuff->cid);
- if (pCursor && AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor))
- return (client->noClientException);
- return BadAlloc;
+ if (rc != Success)
+ return rc;
+ if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor))
+ return BadAlloc;
+
+ return client->noClientException;
}
int
@@ -3163,7 +3167,7 @@ ProcCreateGlyphCursor (ClientPtr client)
stuff->mask, stuff->maskChar,
stuff->foreRed, stuff->foreGreen, stuff->foreBlue,
stuff->backRed, stuff->backGreen, stuff->backBlue,
- &pCursor, client);
+ &pCursor, client, stuff->cid);
if (res != Success)
return res;
if (AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor))
@@ -3176,12 +3180,13 @@ int
ProcFreeCursor (ClientPtr client)
{
CursorPtr pCursor;
+ int rc;
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- pCursor = (CursorPtr)SecurityLookupIDByType(client, stuff->id,
- RT_CURSOR, DixDestroyAccess);
- if (pCursor)
+ rc = dixLookupResource((pointer *)&pCursor, stuff->id, RT_CURSOR, client,
+ DixDestroyAccess);
+ if (rc == Success)
{
FreeResource(stuff->id, RT_NONE);
return (client->noClientException);
@@ -3189,7 +3194,7 @@ ProcFreeCursor (ClientPtr client)
else
{
client->errorValue = stuff->id;
- return (BadCursor);
+ return (rc == BadValue) ? BadCursor : rc;
}
}
diff --git a/dix/events.c b/dix/events.c
index 3fbe9b8..f109dad 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -4115,12 +4115,12 @@ ProcChangeActivePointerGrab(ClientPtr cl
newCursor = NullCursor;
else
{
- newCursor = (CursorPtr)SecurityLookupIDByType(client, stuff->cursor,
- RT_CURSOR, DixReadAccess);
- if (!newCursor)
+ int rc = dixLookupResource((pointer *)&newCursor, stuff->cursor,
+ RT_CURSOR, client, DixUseAccess);
+ if (rc != Success)
{
client->errorValue = stuff->cursor;
- return BadCursor;
+ return (rc == BadValue) ? BadCursor : rc;
}
}
if (!grab)
@@ -4889,18 +4889,18 @@ int
ProcRecolorCursor(ClientPtr client)
{
CursorPtr pCursor;
- int nscr;
+ int rc, nscr;
ScreenPtr pscr;
Bool displayed;
REQUEST(xRecolorCursorReq);
REQUEST_SIZE_MATCH(xRecolorCursorReq);
- pCursor = (CursorPtr)SecurityLookupIDByType(client, stuff->cursor,
- RT_CURSOR, DixWriteAccess);
- if ( !pCursor)
+ rc = dixLookupResource((pointer *)&pCursor, stuff->cursor, RT_CURSOR,
+ client, DixWriteAccess);
+ if (rc != Success)
{
client->errorValue = stuff->cursor;
- return (BadCursor);
+ return (rc == BadValue) ? BadCursor : rc;
}
pCursor->foreRed = stuff->foreRed;
diff --git a/dix/window.c b/dix/window.c
index 3addc73..9d1947a 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -3541,7 +3541,8 @@ TileScreenSaver(int i, int kind)
{
for (j=0; j<BitmapBytePad(32)*16; j++)
srcbits[j] = mskbits[j] = 0x0;
- cursor = AllocCursor(srcbits, mskbits, &cm, 0, 0, 0, 0, 0, 0);
+ result = AllocARGBCursor(srcbits, mskbits, NULL, &cm, 0, 0, 0, 0, 0, 0,
+ &cursor, serverClient, (XID)0);
if (cursor)
{
cursorID = FakeClientID(0);
diff --git a/include/cursor.h b/include/cursor.h
index bdf4fd3..8635cf1 100644
--- a/include/cursor.h
+++ b/include/cursor.h
@@ -68,23 +68,7 @@ extern int FreeCursor(
pointer /*pCurs*/,
XID /*cid*/);
-/* Quartz support on Mac OS X pulls in the QuickDraw
- framework whose AllocCursor function conflicts here. */
-#ifdef __DARWIN__
-#define AllocCursor Darwin_X_AllocCursor
-#endif
-extern CursorPtr AllocCursor(
- unsigned char* /*psrcbits*/,
- unsigned char* /*pmaskbits*/,
- CursorMetricPtr /*cm*/,
- unsigned /*foreRed*/,
- unsigned /*foreGreen*/,
- unsigned /*foreBlue*/,
- unsigned /*backRed*/,
- unsigned /*backGreen*/,
- unsigned /*backBlue*/);
-
-extern CursorPtr AllocCursorARGB(
+extern int AllocARGBCursor(
unsigned char* /*psrcbits*/,
unsigned char* /*pmaskbits*/,
CARD32* /*argb*/,
@@ -94,7 +78,10 @@ extern CursorPtr AllocCursorARGB(
unsigned /*foreBlue*/,
unsigned /*backRed*/,
unsigned /*backGreen*/,
- unsigned /*backBlue*/);
+ unsigned /*backBlue*/,
+ CursorPtr* /*ppCurs*/,
+ ClientPtr /*client*/,
+ XID /*cid*/);
extern int AllocGlyphCursor(
Font /*source*/,
@@ -108,7 +95,8 @@ extern int AllocGlyphCursor(
unsigned /*backGreen*/,
unsigned /*backBlue*/,
CursorPtr* /*ppCurs*/,
- ClientPtr /*client*/);
+ ClientPtr /*client*/,
+ XID /*cid*/);
extern CursorPtr CreateRootCursor(
char* /*pfilename*/,
diff --git a/render/render.c b/render/render.c
index caaa278..e57ffb1 100644
--- a/render/render.c
+++ b/render/render.c
@@ -1492,7 +1492,7 @@ ProcRenderCreateCursor (ClientPtr client
CursorMetricRec cm;
CursorPtr pCursor;
CARD32 twocolor[3];
- int ncolor;
+ int rc, ncolor;
REQUEST_SIZE_MATCH (xRenderCreateCursorReq);
LEGAL_NEW_RESOURCE(stuff->cid, client);
@@ -1659,16 +1659,20 @@ ProcRenderCreateCursor (ClientPtr client
cm.height = height;
cm.xhot = stuff->x;
cm.yhot = stuff->y;
- pCursor = AllocCursorARGB (srcbits, mskbits, argbbits, &cm,
- GetColor(twocolor[0], 16),
- GetColor(twocolor[0], 8),
- GetColor(twocolor[0], 0),
- GetColor(twocolor[1], 16),
- GetColor(twocolor[1], 8),
- GetColor(twocolor[1], 0));
- if (pCursor && AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor))
- return (client->noClientException);
- return BadAlloc;
+ rc = AllocARGBCursor(srcbits, mskbits, argbbits, &cm,
+ GetColor(twocolor[0], 16),
+ GetColor(twocolor[0], 8),
+ GetColor(twocolor[0], 0),
+ GetColor(twocolor[1], 16),
+ GetColor(twocolor[1], 8),
+ GetColor(twocolor[1], 0),
+ &pCursor, client, stuff->cid);
+ if (rc != Success)
+ return rc;
+ if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor))
+ return BadAlloc;
+
+ return client->noClientException;
}
static int
diff --git a/xfixes/cursor.c b/xfixes/cursor.c
index 401c403..450f366 100755
--- a/xfixes/cursor.c
+++ b/xfixes/cursor.c
@@ -980,6 +980,7 @@ createInvisibleCursor (void)
CursorPtr pCursor;
static unsigned int *psrcbits, *pmaskbits;
CursorMetricRec cm;
+ int rc;
psrcbits = (unsigned int *) xalloc(4);
pmaskbits = (unsigned int *) xalloc(4);
@@ -994,12 +995,13 @@ createInvisibleCursor (void)
cm.xhot = 0;
cm.yhot = 0;
- pCursor = AllocCursor(
+ rc = AllocARGBCursor(
(unsigned char *)psrcbits,
(unsigned char *)pmaskbits,
- &cm,
+ NULL, &cm,
0, 0, 0,
- 0, 0, 0);
+ 0, 0, 0,
+ &pCursor, serverClient, (XID)0);
return pCursor;
}
diff-tree b424e01ec59d9600a02823f1522949325797268c (from 42d6112ec21949a336ee8b34469f2695273ee2d6)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Aug 14 13:20:42 2007 -0400
xace: add hooks + new access codes: core protocol property requests
diff --git a/dix/property.c b/dix/property.c
index c0de5b3..5f12dec 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -129,7 +129,7 @@ ProcRotateProperties(ClientPtr client)
REQUEST_FIXED_SIZE(xRotatePropertiesReq, stuff->nAtoms << 2);
UpdateCurrentTime();
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixSetPropAccess);
if (rc != Success)
return rc;
if (!stuff->nAtoms)
@@ -217,7 +217,7 @@ ProcChangeProperty(ClientPtr client)
totalSize = len * sizeInBytes;
REQUEST_FIXED_SIZE(xChangePropertyReq, totalSize);
- err = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ err = dixLookupWindow(&pWin, stuff->window, client, DixSetPropAccess);
if (err != Success)
return err;
if (!ValidAtom(stuff->property))
@@ -277,7 +277,7 @@ dixChangeWindowProperty(ClientPtr pClien
pProp->size = len;
pProp->devPrivates = NULL;
rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
- DixCreateAccess);
+ DixCreateAccess|DixWriteAccess);
if (rc != Success) {
xfree(data);
xfree(pProp);
@@ -449,13 +449,15 @@ ProcGetProperty(ClientPtr client)
int rc;
WindowPtr pWin;
xGetPropertyReply reply;
- Mask access_mode = DixReadAccess;
+ Mask access_mode = DixGetPropAccess;
REQUEST(xGetPropertyReq);
REQUEST_SIZE_MATCH(xGetPropertyReq);
- if (stuff->delete)
+ if (stuff->delete) {
UpdateCurrentTime();
- rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+ access_mode |= DixSetPropAccess;
+ }
+ rc = dixLookupWindow(&pWin, stuff->window, client, access_mode);
if (rc != Success)
return rc;
@@ -490,6 +492,7 @@ ProcGetProperty(ClientPtr client)
if (!pProp)
return NullPropertyReply(client, None, 0, &reply);
+ access_mode = DixReadAccess;
if (stuff->delete)
access_mode |= DixDestroyAccess;
@@ -581,7 +584,7 @@ ProcListProperties(ClientPtr client)
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListPropAccess);
if (rc != Success)
return rc;
@@ -625,7 +628,7 @@ ProcDeleteProperty(ClientPtr client)
REQUEST_SIZE_MATCH(xDeletePropertyReq);
UpdateCurrentTime();
- result = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ result = dixLookupWindow(&pWin, stuff->window, client, DixSetPropAccess);
if (result != Success)
return result;
if (!ValidAtom(stuff->property))
diff-tree 42d6112ec21949a336ee8b34469f2695273ee2d6 (from 9a183d7ba50e31afa133cc03aee7991517a283ea)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Aug 14 13:09:38 2007 -0400
xace: add hooks + new access codes: core protocol GC requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 69b1922..4260799 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1583,15 +1583,16 @@ ProcCreateGC(ClientPtr client)
REQUEST_AT_LEAST_SIZE(xCreateGCReq);
client->errorValue = stuff->gc;
LEGAL_NEW_RESOURCE(stuff->gc, client);
- rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixReadAccess);
+ rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0,
+ DixGetAttrAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xCreateGCReq) >> 2);
if (len != Ones(stuff->mask))
return BadLength;
- pGC = (GC *)CreateGC(pDraw, stuff->mask,
- (XID *) &stuff[1], &error);
+ pGC = (GC *)CreateGC(pDraw, stuff->mask, (XID *) &stuff[1], &error,
+ stuff->gc, client);
if (error != Success)
return error;
if (!AddResource(stuff->gc, RT_GC, (pointer)pGC))
@@ -1608,7 +1609,7 @@ ProcChangeGC(ClientPtr client)
REQUEST(xChangeGCReq);
REQUEST_AT_LEAST_SIZE(xChangeGCReq);
- result = dixLookupGC(&pGC, stuff->gc, client, DixWriteAccess);
+ result = dixLookupGC(&pGC, stuff->gc, client, DixSetAttrAccess);
if (result != Success)
return result;
@@ -1635,10 +1636,10 @@ ProcCopyGC(ClientPtr client)
REQUEST(xCopyGCReq);
REQUEST_SIZE_MATCH(xCopyGCReq);
- result = dixLookupGC(&pGC, stuff->srcGC, client, DixReadAccess);
+ result = dixLookupGC(&pGC, stuff->srcGC, client, DixGetAttrAccess);
if (result != Success)
return result;
- result = dixLookupGC(&dstGC, stuff->dstGC, client, DixWriteAccess);
+ result = dixLookupGC(&dstGC, stuff->dstGC, client, DixSetAttrAccess);
if (result != Success)
return result;
if ((dstGC->pScreen != pGC->pScreen) || (dstGC->depth != pGC->depth))
@@ -1667,7 +1668,7 @@ ProcSetDashes(ClientPtr client)
return BadValue;
}
- result = dixLookupGC(&pGC,stuff->gc, client, DixWriteAccess);
+ result = dixLookupGC(&pGC,stuff->gc, client, DixSetAttrAccess);
if (result != Success)
return result;
@@ -1696,7 +1697,7 @@ ProcSetClipRectangles(ClientPtr client)
client->errorValue = stuff->ordering;
return BadValue;
}
- result = dixLookupGC(&pGC,stuff->gc, client, DixWriteAccess);
+ result = dixLookupGC(&pGC,stuff->gc, client, DixSetAttrAccess);
if (result != Success)
return result;
diff --git a/dix/gc.c b/dix/gc.c
index e7c4849..ccd586b 100644
--- a/dix/gc.c
+++ b/dix/gc.c
@@ -63,6 +63,7 @@ SOFTWARE.
#include "privates.h"
#include "dix.h"
+#include "xace.h"
#include <assert.h>
extern XID clientErrorValue;
@@ -148,7 +149,7 @@ _X_EXPORT int
dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr pUnion)
{
BITS32 index2;
- int error = 0;
+ int rc, error = 0;
PixmapPtr pPixmap;
BITS32 maskQ;
@@ -267,14 +268,15 @@ dixChangeGC(ClientPtr client, GC *pGC, B
if (pUnion)
{
NEXT_PTR(PixmapPtr, pPixmap);
+ rc = Success;
}
else
{
NEXTVAL(XID, newpix);
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
- newpix, RT_PIXMAP, DixReadAccess);
+ rc = dixLookupResource((pointer *)&pPixmap, newpix,
+ RT_PIXMAP, client, DixReadAccess);
}
- if (pPixmap)
+ if (rc == Success)
{
if ((pPixmap->drawable.depth != pGC->depth) ||
(pPixmap->drawable.pScreen != pGC->pScreen))
@@ -293,7 +295,7 @@ dixChangeGC(ClientPtr client, GC *pGC, B
else
{
clientErrorValue = newpix;
- error = BadPixmap;
+ error = (rc == BadValue) ? BadPixmap : rc;
}
break;
}
@@ -303,14 +305,15 @@ dixChangeGC(ClientPtr client, GC *pGC, B
if (pUnion)
{
NEXT_PTR(PixmapPtr, pPixmap);
+ rc = Success;
}
else
{
NEXTVAL(XID, newstipple)
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
- newstipple, RT_PIXMAP, DixReadAccess);
+ rc = dixLookupResource((pointer *)&pPixmap, newstipple,
+ RT_PIXMAP, client, DixReadAccess);
}
- if (pPixmap)
+ if (rc == Success)
{
if ((pPixmap->drawable.depth != 1) ||
(pPixmap->drawable.pScreen != pGC->pScreen))
@@ -328,7 +331,7 @@ dixChangeGC(ClientPtr client, GC *pGC, B
else
{
clientErrorValue = newstipple;
- error = BadPixmap;
+ error = (rc == BadValue) ? BadPixmap : rc;
}
break;
}
@@ -345,14 +348,15 @@ dixChangeGC(ClientPtr client, GC *pGC, B
if (pUnion)
{
NEXT_PTR(FontPtr, pFont);
+ rc = Success;
}
else
{
NEXTVAL(XID, newfont)
- pFont = (FontPtr)SecurityLookupIDByType(client, newfont,
- RT_FONT, DixReadAccess);
+ rc = dixLookupResource((pointer *)&pFont, newfont,
+ RT_FONT, client, DixUseAccess);
}
- if (pFont)
+ if (rc == Success)
{
pFont->refcnt++;
if (pGC->font)
@@ -362,7 +366,7 @@ dixChangeGC(ClientPtr client, GC *pGC, B
else
{
clientErrorValue = newfont;
- error = BadFont;
+ error = (rc == BadValue) ? BadFont : rc;
}
break;
}
@@ -415,9 +419,15 @@ dixChangeGC(ClientPtr client, GC *pGC, B
clipType = CT_NONE;
pPixmap = NullPixmap;
}
- else
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
- pid, RT_PIXMAP, DixReadAccess);
+ else {
+ rc = dixLookupResource((pointer *)&pPixmap, pid,
+ RT_PIXMAP, client,
+ DixReadAccess);
+ if (rc != Success) {
+ clientErrorValue = pid;
+ error = (rc == BadValue) ? BadPixmap : rc;
+ }
+ }
}
if (pPixmap)
@@ -433,11 +443,6 @@ dixChangeGC(ClientPtr client, GC *pGC, B
pPixmap->refcnt++;
}
}
- else if (!pUnion && (pid != None))
- {
- clientErrorValue = pid;
- error = BadPixmap;
- }
if(error == Success)
{
(*pGC->funcs->ChangeClip)(pGC, clipType,
@@ -601,7 +606,8 @@ AllocateGC(ScreenPtr pScreen)
}
_X_EXPORT GCPtr
-CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
+CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus,
+ XID gcid, ClientPtr client)
{
GCPtr pGC;
@@ -663,6 +669,12 @@ CreateGC(DrawablePtr pDrawable, BITS32 m
pGC->stipple = pGC->pScreen->PixmapPerDepth[0];
pGC->stipple->refcnt++;
+ /* security creation/labeling check */
+ *pStatus = XaceHook(XACE_RESOURCE_ACCESS, client, gcid, RT_GC,
+ DixCreateAccess|DixSetAttrAccess, pGC);
+ if (*pStatus != Success)
+ goto out;
+
pGC->stateChanges = (1 << (GCLastBit+1)) - 1;
if (!(*pGC->pScreen->CreateGC)(pGC))
*pStatus = BadAlloc;
@@ -670,6 +682,8 @@ CreateGC(DrawablePtr pDrawable, BITS32 m
*pStatus = ChangeGC(pGC, mask, pval);
else
*pStatus = Success;
+
+out:
if (*pStatus != Success)
{
if (!pGC->tileIsPixel && !pGC->tile.pixmap)
diff --git a/hw/xfree86/common/xf86xv.c b/hw/xfree86/common/xf86xv.c
index 6abe31c..70a9469 100644
--- a/hw/xfree86/common/xf86xv.c
+++ b/hw/xfree86/common/xf86xv.c
@@ -1844,7 +1844,8 @@ xf86XVFillKeyHelperDrawable (DrawablePtr
int status;
pval[0] = key;
pval[1] = IncludeInferiors;
- pGC = CreateGC(pDraw, GCForeground | GCSubwindowMode, pval, &status);
+ pGC = CreateGC(pDraw, GCForeground | GCSubwindowMode, pval, &status,
+ (XID)0, serverClient);
if(!pGC) return;
ValidateGC(pDraw, pGC);
if (pPriv) pPriv->pGC = pGC;
diff --git a/include/dix.h b/include/dix.h
index daf16cb..05366ec 100644
--- a/include/dix.h
+++ b/include/dix.h
@@ -88,7 +88,7 @@ SOFTWARE.
DixWriteAccess);\
if (rc != Success)\
return rc;\
- rc = dixLookupGC(&(pGC), stuff->gc, client, DixReadAccess);\
+ rc = dixLookupGC(&(pGC), stuff->gc, client, DixUseAccess);\
if (rc != Success)\
return rc;\
if ((pGC->depth != pDraw->depth) || (pGC->pScreen != pDraw->pScreen))\
diff --git a/include/gc.h b/include/gc.h
index 3b7e38e..bf4c268 100644
--- a/include/gc.h
+++ b/include/gc.h
@@ -115,7 +115,9 @@ extern GCPtr CreateGC(
DrawablePtr /*pDrawable*/,
BITS32 /*mask*/,
XID* /*pval*/,
- int* /*pStatus*/);
+ int* /*pStatus*/,
+ XID /*gcid*/,
+ ClientPtr /*client*/);
extern int CopyGC(
GCPtr/*pgcSrc*/,
diff --git a/mi/mibstore.c b/mi/mibstore.c
index 70839ce..e27c681 100644
--- a/mi/mibstore.c
+++ b/mi/mibstore.c
@@ -3468,7 +3468,8 @@ miBSValidateGC (pGC, stateChanges, pDraw
/* We never want ops with the backingGC to generate GraphicsExpose */
pBackingGC = CreateGC ((DrawablePtr)pWindowPriv->pBackingPixmap,
- GCGraphicsExposures, &noexpose, &status);
+ GCGraphicsExposures, &noexpose, &status,
+ (XID)0, serverClient);
if (status != Success)
lift_functions = TRUE;
else
diff --git a/mi/midispcur.c b/mi/midispcur.c
index de009cb..ab10837 100644
--- a/mi/midispcur.c
+++ b/mi/midispcur.c
@@ -450,7 +450,8 @@ miDCMakeGC(
gcvals[0] = IncludeInferiors;
gcvals[1] = FALSE;
pGC = CreateGC((DrawablePtr)pWin,
- GCSubwindowMode|GCGraphicsExposures, gcvals, &status);
+ GCSubwindowMode|GCGraphicsExposures, gcvals, &status,
+ (XID)0, serverClient);
if (pGC && pWin->drawable.pScreen->DrawGuarantee)
(*pWin->drawable.pScreen->DrawGuarantee) (pWin, pGC, GuaranteeVisBack);
*ppGC = pGC;
@@ -746,7 +747,7 @@ miDCMoveCursor (pScreen, pCursor, x, y,
if (!pScreenPriv->pMoveGC)
{
pScreenPriv->pMoveGC = CreateGC ((DrawablePtr)pTemp,
- GCGraphicsExposures, &gcval, &status);
+ GCGraphicsExposures, &gcval, &status, (XID)0, serverClient);
if (!pScreenPriv->pMoveGC)
return FALSE;
}
@@ -782,14 +783,14 @@ miDCMoveCursor (pScreen, pCursor, x, y,
if (!pScreenPriv->pPixSourceGC)
{
pScreenPriv->pPixSourceGC = CreateGC ((DrawablePtr)pTemp,
- GCGraphicsExposures, &gcval, &status);
+ GCGraphicsExposures, &gcval, &status, (XID)0, serverClient);
if (!pScreenPriv->pPixSourceGC)
return FALSE;
}
if (!pScreenPriv->pPixMaskGC)
{
pScreenPriv->pPixMaskGC = CreateGC ((DrawablePtr)pTemp,
- GCGraphicsExposures, &gcval, &status);
+ GCGraphicsExposures, &gcval, &status, (XID)0, serverClient);
if (!pScreenPriv->pPixMaskGC)
return FALSE;
}
diff --git a/mi/miexpose.c b/mi/miexpose.c
index df04bd2..332b216 100644
--- a/mi/miexpose.c
+++ b/mi/miexpose.c
@@ -763,7 +763,7 @@ int what;
if (!ResType && !(ResType = CreateNewResourceType(tossGC)))
return;
screenContext[i] = CreateGC((DrawablePtr)pWin, (BITS32) 0,
- (XID *)NULL, &status);
+ (XID *)NULL, &status, 0, serverClient);
if (!screenContext[i])
return;
numGCs++;
diff --git a/miext/cw/cw.c b/miext/cw/cw.c
index 7ee013b..b03f5e3 100644
--- a/miext/cw/cw.c
+++ b/miext/cw/cw.c
@@ -123,7 +123,7 @@ cwCreateBackingGC(GCPtr pGC, DrawablePtr
pBackingDrawable = cwGetBackingDrawable(pDrawable, &x_off, &y_off);
pPriv->pBackingGC = CreateGC(pBackingDrawable, GCGraphicsExposures,
- &noexpose, &status);
+ &noexpose, &status, (XID)0, serverClient);
if (status != Success)
return FALSE;
diff-tree 9a183d7ba50e31afa133cc03aee7991517a283ea (from 2763056ab5ae31bed422a0948198d98c6ace6d55)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Aug 14 11:39:26 2007 -0400
dix: remove caching of drawables and graphics contexts. The security checks
simply bypass the cached values so they are unused.
diff --git a/Xext/mbuf.c b/Xext/mbuf.c
index ed352e2..ee2ef64 100644
--- a/Xext/mbuf.c
+++ b/Xext/mbuf.c
@@ -235,7 +235,7 @@ MultibufferExtensionInit()
* create the resource types
*/
MultibufferDrawableResType =
- CreateNewResourceType(MultibufferDrawableDelete)|RC_CACHED|RC_DRAWABLE;
+ CreateNewResourceType(MultibufferDrawableDelete)|RC_DRAWABLE;
MultibufferResType = CreateNewResourceType(MultibufferDelete);
MultibuffersResType = CreateNewResourceType(MultibuffersDelete);
OtherClientResType = CreateNewResourceType(OtherClientDelete);
diff --git a/dbe/dbe.c b/dbe/dbe.c
index d63620d..aec626b 100644
--- a/dbe/dbe.c
+++ b/dbe/dbe.c
@@ -1783,7 +1783,7 @@ DbeExtensionInit(void)
/* Create the resource types. */
dbeDrawableResType =
- CreateNewResourceType(DbeDrawableDelete) | RC_CACHED | RC_DRAWABLE;
+ CreateNewResourceType(DbeDrawableDelete) | RC_DRAWABLE;
dbeWindowPrivResType =
CreateNewResourceType(DbeWindowPrivDelete);
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 1c40e2f..69b1922 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -258,34 +258,6 @@ InitSelections(void)
CurrentSelections = (Selection *)NULL;
NumCurrentSelections = 0;
}
-
-void
-FlushClientCaches(XID id)
-{
- int i;
- ClientPtr client;
-
- client = clients[CLIENT_ID(id)];
- if (client == NullClient)
- return ;
- for (i=0; i<currentMaxClients; i++)
- {
- client = clients[i];
- if (client != NullClient)
- {
- if (client->lastDrawableID == id)
- {
- client->lastDrawableID = WindowTable[0]->drawable.id;
- client->lastDrawable = (DrawablePtr)WindowTable[0];
- }
- else if (client->lastGCID == id)
- {
- client->lastGCID = INVALID;
- client->lastGC = (GCPtr)NULL;
- }
- }
- }
-}
#ifdef SMART_SCHEDULE
#undef SMART_DEBUG
@@ -3702,20 +3674,7 @@ void InitClient(ClientPtr client, int i,
client->sequence = 0;
client->clientAsMask = ((Mask)i) << CLIENTOFFSET;
client->clientGone = FALSE;
- if (i)
- {
- client->closeDownMode = DestroyAll;
- client->lastDrawable = (DrawablePtr)WindowTable[0];
- client->lastDrawableID = WindowTable[0]->drawable.id;
- }
- else
- {
- client->closeDownMode = RetainPermanent;
- client->lastDrawable = (DrawablePtr)NULL;
- client->lastDrawableID = INVALID;
- }
- client->lastGC = (GCPtr) NULL;
- client->lastGCID = INVALID;
+ client->closeDownMode = i ? DestroyAll : RetainPermanent;
client->numSaved = 0;
client->saveSet = (SaveSetElt *)NULL;
client->noClientException = Success;
diff --git a/dix/dixutils.c b/dix/dixutils.c
index 14ef7e6..e8d7daf 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -208,7 +208,6 @@ dixLookupDrawable(DrawablePtr *pDraw, XI
Mask type, Mask access)
{
DrawablePtr pTmp;
- RESTYPE rtype;
int rc;
*pDraw = NULL;
@@ -217,28 +216,15 @@ dixLookupDrawable(DrawablePtr *pDraw, XI
if (id == INVALID)
return BadDrawable;
- if (id == client->lastDrawableID) {
- pTmp = client->lastDrawable;
+ rc = dixLookupResource((pointer *)&pTmp, id, RC_DRAWABLE, client, access);
- /* an access check is required for cached drawables */
- rtype = (type & M_WINDOW) ? RT_WINDOW : RT_PIXMAP;
- rc = XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp);
- if (rc != Success)
- return rc;
- } else
- dixLookupResource((void **)&pTmp, id, RC_DRAWABLE, client, access);
-
- if (!pTmp)
+ if (rc == BadValue)
return BadDrawable;
+ if (rc != Success)
+ return rc;
if (!((1 << pTmp->type) & (type ? type : M_DRAWABLE)))
return BadMatch;
- if (type & M_DRAWABLE) {
- client->lastDrawable = pTmp;
- client->lastDrawableID = id;
- client->lastGCID = INVALID;
- client->lastGC = (GCPtr)NULL;
- }
*pDraw = pTmp;
return Success;
}
diff --git a/dix/resource.c b/dix/resource.c
index ea0a310..844d12e 100644
--- a/dix/resource.c
+++ b/dix/resource.c
@@ -585,8 +585,6 @@ FreeResource(XID id, RESTYPE skipDeleteF
CallResourceStateCallback(ResourceStateFreeing, res);
- if (rtype & RC_CACHED)
- FlushClientCaches(res->id);
if (rtype != skipDeleteFuncType)
(*DeleteFuncs[rtype & TypeMask])(res->value, res->id);
xfree(res);
@@ -597,11 +595,6 @@ FreeResource(XID id, RESTYPE skipDeleteF
else
prev = &res->next;
}
- if(clients[cid] && (id == clients[cid]->lastDrawableID))
- {
- clients[cid]->lastDrawable = (DrawablePtr)WindowTable[0];
- clients[cid]->lastDrawableID = WindowTable[0]->drawable.id;
- }
}
if (!gotOne)
ErrorF("Freeing resource id=%lX which isn't there.\n",
@@ -632,8 +625,6 @@ FreeResourceByType(XID id, RESTYPE type,
CallResourceStateCallback(ResourceStateFreeing, res);
- if (type & RC_CACHED)
- FlushClientCaches(res->id);
if (!skipFree)
(*DeleteFuncs[type & TypeMask])(res->value, res->id);
xfree(res);
@@ -642,11 +633,6 @@ FreeResourceByType(XID id, RESTYPE type,
else
prev = &res->next;
}
- if(clients[cid] && (id == clients[cid]->lastDrawableID))
- {
- clients[cid]->lastDrawable = (DrawablePtr)WindowTable[0];
- clients[cid]->lastDrawableID = WindowTable[0]->drawable.id;
- }
}
}
@@ -669,8 +655,6 @@ ChangeResourceValue (XID id, RESTYPE rty
for (; res; res = res->next)
if ((res->id == id) && (res->type == rtype))
{
- if (rtype & RC_CACHED)
- FlushClientCaches(res->id);
res->value = value;
return TRUE;
}
@@ -801,8 +785,6 @@ FreeClientNeverRetainResources(ClientPtr
CallResourceStateCallback(ResourceStateFreeing, this);
- if (rtype & RC_CACHED)
- FlushClientCaches(this->id);
(*DeleteFuncs[rtype & TypeMask])(this->value, this->id);
xfree(this);
}
@@ -854,8 +836,6 @@ FreeClientResources(ClientPtr client)
CallResourceStateCallback(ResourceStateFreeing, this);
- if (rtype & RC_CACHED)
- FlushClientCaches(this->id);
(*DeleteFuncs[rtype & TypeMask])(this->value, this->id);
xfree(this);
}
diff --git a/hw/xwin/winclipboardwrappers.c b/hw/xwin/winclipboardwrappers.c
index 825d3dc..2cfe0ff 100755
--- a/hw/xwin/winclipboardwrappers.c
+++ b/hw/xwin/winclipboardwrappers.c
@@ -431,7 +431,6 @@ winProcSetSelectionOwner (ClientPtr clie
* and we currently own the Win32 clipboard.
*/
if (None == stuff->window
- && g_iClipboardWindow != client->lastDrawableID
&& (None == s_iOwners[CLIP_OWN_PRIMARY]
|| g_iClipboardWindow == s_iOwners[CLIP_OWN_PRIMARY])
&& (None == s_iOwners[CLIP_OWN_CLIPBOARD]
diff --git a/include/dix.h b/include/dix.h
index 71f4c23..daf16cb 100644
--- a/include/dix.h
+++ b/include/dix.h
@@ -82,8 +82,6 @@ SOFTWARE.
}
#define VALIDATE_DRAWABLE_AND_GC(drawID, pDraw, pGC, client)\
- if ((stuff->gc == INVALID) || (client->lastGCID != stuff->gc) ||\
- (client->lastDrawableID != drawID))\
{\
int rc;\
rc = dixLookupDrawable(&(pDraw), drawID, client, M_ANY,\
@@ -95,15 +93,6 @@ SOFTWARE.
return rc;\
if ((pGC->depth != pDraw->depth) || (pGC->pScreen != pDraw->pScreen))\
return (BadMatch);\
- client->lastDrawable = pDraw;\
- client->lastDrawableID = drawID;\
- client->lastGC = pGC;\
- client->lastGCID = stuff->gc;\
- }\
- else\
- {\
- pGC = client->lastGC;\
- pDraw = client->lastDrawable;\
}\
if (pGC->serialNumber != pDraw->serialNumber)\
ValidateGC(pDraw, pGC);
@@ -160,8 +149,6 @@ extern void UpdateCurrentTimeIf(void);
extern void InitSelections(void);
-extern void FlushClientCaches(XID /*id*/);
-
extern int dixDestroyPixmap(
pointer /*value*/,
XID /*pid*/);
diff --git a/include/dixstruct.h b/include/dixstruct.h
index dd6347f..2a3e696 100644
--- a/include/dixstruct.h
+++ b/include/dixstruct.h
@@ -101,10 +101,6 @@ typedef struct _Client {
int clientGone;
int noClientException; /* this client died or needs to be
* killed */
- DrawablePtr lastDrawable;
- Drawable lastDrawableID;
- GCPtr lastGC;
- GContext lastGCID;
SaveSetElt *saveSet;
int numSaved;
pointer screenPrivate[MAXSCREENS];
diff --git a/include/resource.h b/include/resource.h
index d2ecfde..087d62c 100644
--- a/include/resource.h
+++ b/include/resource.h
@@ -72,9 +72,9 @@ typedef unsigned long RESTYPE;
/* types for Resource routines */
-#define RT_WINDOW ((RESTYPE)1|RC_CACHED|RC_DRAWABLE)
-#define RT_PIXMAP ((RESTYPE)2|RC_CACHED|RC_DRAWABLE)
-#define RT_GC ((RESTYPE)3|RC_CACHED)
+#define RT_WINDOW ((RESTYPE)1|RC_DRAWABLE)
+#define RT_PIXMAP ((RESTYPE)2|RC_DRAWABLE)
+#define RT_GC ((RESTYPE)3)
#undef RT_FONT
#undef RT_CURSOR
#define RT_FONT ((RESTYPE)4)
diff-tree 2763056ab5ae31bed422a0948198d98c6ace6d55 (from d744df32a15103aa14237175f506350d25b2fec0)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Aug 13 13:40:47 2007 -0400
xace: add hooks + new access codes: core protocol window requests
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 83d761b..1c40e2f 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -556,12 +556,12 @@ ProcCreateWindow(ClientPtr client)
{
WindowPtr pParent, pWin;
REQUEST(xCreateWindowReq);
- int result, len, rc;
+ int len, rc;
REQUEST_AT_LEAST_SIZE(xCreateWindowReq);
LEGAL_NEW_RESOURCE(stuff->wid, client);
- rc = dixLookupWindow(&pParent, stuff->parent, client, DixWriteAccess);
+ rc = dixLookupWindow(&pParent, stuff->parent, client, DixAddAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xCreateWindowReq) >> 2);
@@ -577,7 +577,7 @@ ProcCreateWindow(ClientPtr client)
stuff->borderWidth, stuff->class,
stuff->mask, (XID *) &stuff[1],
(int)stuff->depth,
- client, stuff->visual, &result);
+ client, stuff->visual, &rc);
if (pWin)
{
Mask mask = pWin->eventMask;
@@ -590,7 +590,7 @@ ProcCreateWindow(ClientPtr client)
if (client->noClientException != Success)
return(client->noClientException);
else
- return(result);
+ return rc;
}
int
@@ -602,7 +602,7 @@ ProcChangeWindowAttributes(ClientPtr cli
int len, rc;
REQUEST_AT_LEAST_SIZE(xChangeWindowAttributesReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixSetAttrAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xChangeWindowAttributesReq) >> 2);
@@ -627,7 +627,7 @@ ProcGetWindowAttributes(ClientPtr client
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
GetWindowAttributes(pWin, client, &wa);
@@ -646,8 +646,13 @@ ProcDestroyWindow(ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->id, client, DixDestroyAccess);
if (rc != Success)
return rc;
- if (pWin->parent)
+ if (pWin->parent) {
+ rc = dixLookupWindow(&pWin, pWin->parent->drawable.id, client,
+ DixRemoveAccess);
+ if (rc != Success)
+ return rc;
FreeResource(stuff->id, RT_NONE);
+ }
return(client->noClientException);
}
@@ -659,7 +664,7 @@ ProcDestroySubwindows(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixDestroyAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixRemoveAccess);
if (rc != Success)
return rc;
DestroySubwindows(pWin, client);
@@ -674,7 +679,7 @@ ProcChangeSaveSet(ClientPtr client)
int result, rc;
REQUEST_SIZE_MATCH(xChangeSaveSetReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
if (rc != Success)
return rc;
if (client->clientAsMask == (CLIENT_BITS(pWin->drawable.id)))
@@ -702,10 +707,10 @@ ProcReparentWindow(ClientPtr client)
int result, rc;
REQUEST_SIZE_MATCH(xReparentWindowReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
if (rc != Success)
return rc;
- rc = dixLookupWindow(&pParent, stuff->parent, client, DixWriteAccess);
+ rc = dixLookupWindow(&pParent, stuff->parent, client, DixAddAccess);
if (rc != Success)
return rc;
if (SAME_SCREENS(pWin->drawable, pParent->drawable))
@@ -735,7 +740,7 @@ ProcMapWindow(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixShowAccess);
if (rc != Success)
return rc;
MapWindow(pWin, client);
@@ -751,7 +756,7 @@ ProcMapSubwindows(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
MapSubwindows(pWin, client);
@@ -767,7 +772,7 @@ ProcUnmapWindow(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixHideAccess);
if (rc != Success)
return rc;
UnmapWindow(pWin, FALSE);
@@ -783,7 +788,7 @@ ProcUnmapSubwindows(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
UnmapSubwindows(pWin);
@@ -799,7 +804,8 @@ ProcConfigureWindow(ClientPtr client)
int len, rc;
REQUEST_AT_LEAST_SIZE(xConfigureWindowReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client,
+ DixManageAccess|DixSetAttrAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xConfigureWindowReq) >> 2);
@@ -827,7 +833,7 @@ ProcCirculateWindow(ClientPtr client)
client->errorValue = stuff->direction;
return BadValue;
}
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
if (rc != Success)
return rc;
CirculateWindow(pWin, (int)stuff->direction, client);
@@ -842,7 +848,7 @@ GetGeometry(ClientPtr client, xGetGeomet
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupDrawable(&pDraw, stuff->id, client, M_ANY, DixReadAccess);
+ rc = dixLookupDrawable(&pDraw, stuff->id, client, M_ANY, DixGetAttrAccess);
if (rc != Success)
return rc;
@@ -903,7 +909,7 @@ ProcQueryTree(ClientPtr client)
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
reply.type = X_Reply;
@@ -1260,10 +1266,10 @@ ProcTranslateCoords(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xTranslateCoordsReq);
- rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
- rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixReadAccess);
+ rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
rep.type = X_Reply;
@@ -3233,12 +3239,15 @@ ProcQueryBestSize (ClientPtr client)
}
rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY,
- DixReadAccess);
+ DixGetAttrAccess);
if (rc != Success)
return rc;
if (stuff->class != CursorShape && pDraw->type == UNDRAWABLE_WINDOW)
return (BadMatch);
pScreen = pDraw->pScreen;
+ rc = XaceHook(XACE_SCREEN_ACCESS, client, pScreen, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
(* pScreen->QueryBestSize)(stuff->class, &stuff->width,
&stuff->height, pScreen);
reply.type = X_Reply;
diff --git a/dix/window.c b/dix/window.c
index 2f151b0..3addc73 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -733,20 +733,14 @@ CreateWindow(Window wid, WindowPtr pPare
/* security creation/labeling check
*/
*error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, RT_WINDOW,
- DixCreateAccess, pWin);
+ DixCreateAccess|DixSetAttrAccess, pWin);
if (*error != Success) {
xfree(pWin);
return NullWindow;
}
- /* can't let untrusted clients have background None windows;
- * they make it too easy to steal window contents
- */
- if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success)
- pWin->backgroundState = None;
- else {
- pWin->backgroundState = BackgroundPixel;
- pWin->background.pixel = 0;
- }
+
+ pWin->backgroundState = BackgroundPixel;
+ pWin->background.pixel = 0;
pWin->borderIsPixel = pParent->borderIsPixel;
pWin->border = pParent->border;
@@ -980,7 +974,7 @@ DeleteWindow(pointer value, XID wid)
return Success;
}
-void
+int
DestroySubwindows(WindowPtr pWin, ClientPtr client)
{
/* XXX
@@ -992,8 +986,15 @@ DestroySubwindows(WindowPtr pWin, Client
* If you care, simply delete the call to UnmapSubwindows.
*/
UnmapSubwindows(pWin);
- while (pWin->lastChild)
+ while (pWin->lastChild) {
+ int rc = XaceHook(XACE_RESOURCE_ACCESS, client,
+ pWin->lastChild->drawable.id, RT_WINDOW,
+ DixDestroyAccess, pWin->lastChild);
+ if (rc != Success)
+ return rc;
FreeResource(pWin->lastChild->drawable.id, RT_NONE);
+ }
+ return Success;
}
#define DeviceEventMasks (KeyPressMask | KeyReleaseMask | ButtonPressMask | \
@@ -1010,25 +1011,20 @@ DestroySubwindows(WindowPtr pWin, Client
_X_EXPORT int
ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
{
- Mask index2;
XID *pVlist;
PixmapPtr pPixmap;
Pixmap pixID;
CursorPtr pCursor, pOldCursor;
Cursor cursorID;
- WindowPtr pChild;
+ WindowPtr pChild, pLayerWin;
Colormap cmap;
ColormapPtr pCmap;
xEvent xE;
- int result;
+ int error, rc;
ScreenPtr pScreen;
- Mask vmaskCopy = 0;
- Mask tmask;
+ Mask index2, tmask, vmaskCopy = 0;
unsigned int val;
- int error;
- Bool checkOptional = FALSE;
- Bool borderRelative = FALSE;
- WindowPtr pLayerWin;
+ Bool checkOptional = FALSE, borderRelative = FALSE;
if ((pWin->drawable.class == InputOnly) && (vmask & (~INPUTONLY_LEGAL_MASK)))
return BadMatch;
@@ -1050,17 +1046,13 @@ ChangeWindowAttributes(WindowPtr pWin, M
borderRelative = TRUE;
if (pixID == None)
{
- /* can't let untrusted clients have background None windows */
- if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) {
- if (pWin->backgroundState == BackgroundPixmap)
- (*pScreen->DestroyPixmap)(pWin->background.pixmap);
- if (!pWin->parent)
- MakeRootTile(pWin);
- else
- pWin->backgroundState = None;
- } else {
- /* didn't change the backgrnd to None, so don't tell ddx */
- index2 = 0;
+ if (pWin->backgroundState == BackgroundPixmap)
+ (*pScreen->DestroyPixmap)(pWin->background.pixmap);
+ if (!pWin->parent)
+ MakeRootTile(pWin);
+ else {
+ pWin->backgroundState = BackgroundPixel;
+ pWin->background.pixel = 0;
}
}
else if (pixID == ParentRelative)
@@ -1083,9 +1075,9 @@ ChangeWindowAttributes(WindowPtr pWin, M
}
else
{
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client, pixID,
- RT_PIXMAP, DixReadAccess);
- if (pPixmap != (PixmapPtr) NULL)
+ rc = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP,
+ client, DixReadAccess);
+ if (rc == Success)
{
if ((pPixmap->drawable.depth != pWin->drawable.depth) ||
(pPixmap->drawable.pScreen != pScreen))
@@ -1101,7 +1093,7 @@ ChangeWindowAttributes(WindowPtr pWin, M
}
else
{
- error = BadPixmap;
+ error = (rc == BadValue) ? BadPixmap : rc;
client->errorValue = pixID;
goto PatchUp;
}
@@ -1130,42 +1122,40 @@ ChangeWindowAttributes(WindowPtr pWin, M
error = BadMatch;
goto PatchUp;
}
- if (pWin->borderIsPixel == FALSE)
- (*pScreen->DestroyPixmap)(pWin->border.pixmap);
- pWin->border = pWin->parent->border;
- if ((pWin->borderIsPixel = pWin->parent->borderIsPixel) == TRUE)
- {
+ if (pWin->parent->borderIsPixel == TRUE) {
+ if (pWin->borderIsPixel == FALSE)
+ (*pScreen->DestroyPixmap)(pWin->border.pixmap);
+ pWin->border = pWin->parent->border;
+ pWin->borderIsPixel = TRUE;
index2 = CWBorderPixel;
+ break;
}
else
{
- pWin->parent->border.pixmap->refcnt++;
+ pixID = pWin->parent->border.pixmap->drawable.id;
}
}
- else
- {
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client, pixID,
- RT_PIXMAP, DixReadAccess);
- if (pPixmap)
- {
- if ((pPixmap->drawable.depth != pWin->drawable.depth) ||
- (pPixmap->drawable.pScreen != pScreen))
- {
- error = BadMatch;
- goto PatchUp;
- }
- if (pWin->borderIsPixel == FALSE)
- (*pScreen->DestroyPixmap)(pWin->border.pixmap);
- pWin->borderIsPixel = FALSE;
- pWin->border.pixmap = pPixmap;
- pPixmap->refcnt++;
- }
- else
+ rc = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP,
+ client, DixReadAccess);
+ if (rc == Success)
+ {
+ if ((pPixmap->drawable.depth != pWin->drawable.depth) ||
+ (pPixmap->drawable.pScreen != pScreen))
{
- error = BadPixmap;
- client->errorValue = pixID;
+ error = BadMatch;
goto PatchUp;
}
+ if (pWin->borderIsPixel == FALSE)
+ (*pScreen->DestroyPixmap)(pWin->border.pixmap);
+ pWin->borderIsPixel = FALSE;
+ pWin->border.pixmap = pPixmap;
+ pPixmap->refcnt++;
+ }
+ else
+ {
+ error = (rc == BadValue) ? BadPixmap : rc;
+ client->errorValue = pixID;
+ goto PatchUp;
}
break;
case CWBorderPixel:
@@ -1290,20 +1280,20 @@ ChangeWindowAttributes(WindowPtr pWin, M
#endif /* DO_SAVE_UNDERS */
break;
case CWEventMask:
- result = EventSelectForWindow(pWin, client, (Mask )*pVlist);
- if (result)
+ rc = EventSelectForWindow(pWin, client, (Mask )*pVlist);
+ if (rc)
{
- error = result;
+ error = rc;
goto PatchUp;
}
pVlist++;
break;
case CWDontPropagate:
- result = EventSuppressForWindow(pWin, client, (Mask )*pVlist,
+ rc = EventSuppressForWindow(pWin, client, (Mask )*pVlist,
&checkOptional);
- if (result)
+ if (rc)
{
- error = result;
+ error = rc;
goto PatchUp;
}
pVlist++;
@@ -1317,6 +1307,15 @@ ChangeWindowAttributes(WindowPtr pWin, M
client->errorValue = val;
goto PatchUp;
}
+ if (val == xTrue) {
+ rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id,
+ RT_WINDOW, DixGrabAccess, pWin);
+ if (rc != Success) {
+ error = rc;
+ client->errorValue = pWin->drawable.id;
+ goto PatchUp;
+ }
+ }
pWin->overrideRedirect = val;
break;
case CWColormap:
@@ -1354,11 +1353,11 @@ ChangeWindowAttributes(WindowPtr pWin, M
error = BadMatch;
goto PatchUp;
}
- pCmap = (ColormapPtr)SecurityLookupIDByType(client, cmap,
- RT_COLORMAP, DixReadAccess);
- if (!pCmap)
+ rc = dixLookupResource((pointer *)&pCmap, cmap, RT_COLORMAP,
+ client, DixUseAccess);
+ if (rc != Success)
{
- error = BadColor;
+ error = (rc == BadValue) ? BadColor : rc;
client->errorValue = cmap;
goto PatchUp;
}
@@ -1430,11 +1429,11 @@ ChangeWindowAttributes(WindowPtr pWin, M
}
else
{
- pCursor = (CursorPtr)SecurityLookupIDByType(client, cursorID,
- RT_CURSOR, DixReadAccess);
- if (!pCursor)
+ rc = dixLookupResource((pointer *)&pCursor, cursorID,
+ RT_CURSOR, client, DixReadAccess);
+ if (rc != Success)
{
- error = BadCursor;
+ error = (rc == BadValue) ? BadCursor : rc;
client->errorValue = cursorID;
goto PatchUp;
}
@@ -2267,7 +2266,7 @@ ConfigureWindow(WindowPtr pWin, Mask mas
unsigned short w = pWin->drawable.width,
h = pWin->drawable.height,
bw = pWin->borderWidth;
- int action, smode = Above;
+ int rc, action, smode = Above;
#ifdef XAPPGROUP
ClientPtr win_owner;
ClientPtr ag_leader = NULL;
@@ -2328,12 +2327,11 @@ ConfigureWindow(WindowPtr pWin, Mask mas
case CWSibling:
sibwid = (Window ) *pVlist;
pVlist++;
- pSib = (WindowPtr )SecurityLookupIDByType(client, sibwid,
- RT_WINDOW, DixReadAccess);
- if (!pSib)
+ rc = dixLookupWindow(&pSib, sibwid, client, DixGetAttrAccess);
+ if (rc != Success)
{
client->errorValue = sibwid;
- return(BadWindow);
+ return rc;
}
if (pSib->parent != pParent)
return(BadMatch);
diff --git a/include/window.h b/include/window.h
index 312b75e..472f379 100644
--- a/include/window.h
+++ b/include/window.h
@@ -119,7 +119,7 @@ extern int DeleteWindow(
pointer /*pWin*/,
XID /*wid*/);
-extern void DestroySubwindows(
+extern int DestroySubwindows(
WindowPtr /*pWin*/,
ClientPtr /*client*/);
diff-tree d744df32a15103aa14237175f506350d25b2fec0 (from acc9a42c926a3f84159780de12ecc1dc6186068a)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Aug 6 12:23:21 2007 -0400
xace: add hooks + new access codes: core protocol colormap requests
diff --git a/dix/colormap.c b/dix/colormap.c
index 5155570..7d6e7da 100644
--- a/dix/colormap.c
+++ b/dix/colormap.c
@@ -64,6 +64,7 @@ SOFTWARE.
#include "resource.h"
#include "windowstr.h"
#include "privates.h"
+#include "xace.h"
extern XID clientErrorValue;
extern int colormapPrivateCount;
@@ -412,6 +413,16 @@ CreateColormap (Colormap mid, ScreenPtr
}
}
+ /*
+ * Security creation/labeling check
+ */
+ i = XaceHook(XACE_RESOURCE_ACCESS, clients[client], mid, RT_COLORMAP,
+ DixCreateAccess, pmap);
+ if (i != Success) {
+ FreeResource(mid, RT_NONE);
+ return i;
+ }
+
if (!(*pScreen->CreateColormap)(pmap))
{
FreeResource (mid, RT_NONE);
diff --git a/dix/dispatch.c b/dix/dispatch.c
index ffaad87..83d761b 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -2495,7 +2495,7 @@ ProcCreateColormap(ClientPtr client)
}
mid = stuff->mid;
LEGAL_NEW_RESOURCE(mid, client);
- result = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+ result = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
if (result != Success)
return result;
@@ -2521,12 +2521,13 @@ int
ProcFreeColormap(ClientPtr client)
{
ColormapPtr pmap;
+ int rc;
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- pmap = (ColormapPtr )SecurityLookupIDByType(client, stuff->id, RT_COLORMAP,
- DixDestroyAccess);
- if (pmap)
+ rc = dixLookupResource((pointer *)&pmap, stuff->id, RT_COLORMAP, client,
+ DixDestroyAccess);
+ if (rc == Success)
{
/* Freeing a default colormap is a no-op */
if (!(pmap->flags & IsDefault))
@@ -2536,7 +2537,7 @@ ProcFreeColormap(ClientPtr client)
else
{
client->errorValue = stuff->id;
- return (BadColor);
+ return rc;
}
}
@@ -2547,24 +2548,25 @@ ProcCopyColormapAndFree(ClientPtr client
Colormap mid;
ColormapPtr pSrcMap;
REQUEST(xCopyColormapAndFreeReq);
- int result;
+ int rc;
REQUEST_SIZE_MATCH(xCopyColormapAndFreeReq);
mid = stuff->mid;
LEGAL_NEW_RESOURCE(mid, client);
- if( (pSrcMap = (ColormapPtr )SecurityLookupIDByType(client, stuff->srcCmap,
- RT_COLORMAP, DixReadAccess|DixWriteAccess)) )
+ rc = dixLookupResource((pointer *)&pSrcMap, stuff->srcCmap, RT_COLORMAP,
+ client, DixReadAccess|DixRemoveAccess);
+ if (rc == Success)
{
- result = CopyColormapAndFree(mid, pSrcMap, client->index);
+ rc = CopyColormapAndFree(mid, pSrcMap, client->index);
if (client->noClientException != Success)
return(client->noClientException);
else
- return(result);
+ return rc;
}
else
{
client->errorValue = stuff->srcCmap;
- return(BadColor);
+ return rc;
}
}
@@ -2572,43 +2574,51 @@ int
ProcInstallColormap(ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xResourceReq);
-
REQUEST_SIZE_MATCH(xResourceReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->id,
- RT_COLORMAP, DixReadAccess);
- if (pcmp)
- {
- (*(pcmp->pScreen->InstallColormap)) (pcmp);
- return (client->noClientException);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadColor);
- }
+
+ rc = dixLookupResource((pointer *)&pcmp, stuff->id, RT_COLORMAP, client,
+ DixInstallAccess);
+ if (rc != Success)
+ goto out;
+
+ rc = XaceHook(XACE_SCREEN_ACCESS, client, pcmp->pScreen, DixSetAttrAccess);
+ if (rc != Success)
+ goto out;
+
+ (*(pcmp->pScreen->InstallColormap)) (pcmp);
+
+ rc = client->noClientException;
+out:
+ client->errorValue = stuff->id;
+ return (rc == BadValue) ? BadColor : rc;
}
int
ProcUninstallColormap(ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xResourceReq);
-
REQUEST_SIZE_MATCH(xResourceReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->id,
- RT_COLORMAP, DixReadAccess);
- if (pcmp)
- {
- if(pcmp->mid != pcmp->pScreen->defColormap)
- (*(pcmp->pScreen->UninstallColormap)) (pcmp);
- return (client->noClientException);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadColor);
- }
+
+ rc = dixLookupResource((pointer *)&pcmp, stuff->id, RT_COLORMAP, client,
+ DixUninstallAccess);
+ if (rc != Success)
+ goto out;
+
+ rc = XaceHook(XACE_SCREEN_ACCESS, client, pcmp->pScreen, DixSetAttrAccess);
+ if (rc != Success)
+ goto out;
+
+ if(pcmp->mid != pcmp->pScreen->defColormap)
+ (*(pcmp->pScreen->UninstallColormap)) (pcmp);
+
+ rc = client->noClientException;
+out:
+ client->errorValue = stuff->id;
+ return (rc == BadValue) ? BadColor : rc;
}
int
@@ -2618,11 +2628,16 @@ ProcListInstalledColormaps(ClientPtr cli
int nummaps, rc;
WindowPtr pWin;
REQUEST(xResourceReq);
-
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
- return rc;
+ goto out;
+
+ rc = XaceHook(XACE_SCREEN_ACCESS, client, pWin->drawable.pScreen,
+ DixGetAttrAccess);
+ if (rc != Success)
+ goto out;
preply = (xListInstalledColormapsReply *)
ALLOCATE_LOCAL(sizeof(xListInstalledColormapsReply) +
@@ -2641,21 +2656,23 @@ ProcListInstalledColormaps(ClientPtr cli
client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write;
WriteSwappedDataToClient(client, nummaps * sizeof(Colormap), &preply[1]);
DEALLOCATE_LOCAL(preply);
- return(client->noClientException);
+ rc = client->noClientException;
+out:
+ return (rc == BadValue) ? BadColor : rc;
}
int
ProcAllocColor (ClientPtr client)
{
ColormapPtr pmap;
- int retval;
+ int rc;
xAllocColorReply acr;
REQUEST(xAllocColorReq);
REQUEST_SIZE_MATCH(xAllocColorReq);
- pmap = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pmap)
+ rc = dixLookupResource((pointer *)&pmap, stuff->cmap, RT_COLORMAP, client,
+ DixAddAccess);
+ if (rc == Success)
{
acr.type = X_Reply;
acr.length = 0;
@@ -2664,13 +2681,13 @@ ProcAllocColor (ClientPtr client)
acr.green = stuff->green;
acr.blue = stuff->blue;
acr.pixel = 0;
- if( (retval = AllocColor(pmap, &acr.red, &acr.green, &acr.blue,
+ if( (rc = AllocColor(pmap, &acr.red, &acr.green, &acr.blue,
&acr.pixel, client->index)) )
{
if (client->noClientException != Success)
return(client->noClientException);
else
- return (retval);
+ return rc;
}
#ifdef PANORAMIX
if (noPanoramiXExtension || !pmap->pScreen->myNum)
@@ -2682,7 +2699,7 @@ ProcAllocColor (ClientPtr client)
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2690,15 +2707,14 @@ int
ProcAllocNamedColor (ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xAllocNamedColorReq);
REQUEST_FIXED_SIZE(xAllocNamedColorReq, stuff->nbytes);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixAddAccess);
+ if (rc == Success)
{
- int retval;
-
xAllocNamedColorReply ancr;
ancr.type = X_Reply;
@@ -2712,14 +2728,14 @@ ProcAllocNamedColor (ClientPtr client)
ancr.screenGreen = ancr.exactGreen;
ancr.screenBlue = ancr.exactBlue;
ancr.pixel = 0;
- if( (retval = AllocColor(pcmp,
+ if( (rc = AllocColor(pcmp,
&ancr.screenRed, &ancr.screenGreen, &ancr.screenBlue,
&ancr.pixel, client->index)) )
{
if (client->noClientException != Success)
return(client->noClientException);
else
- return(retval);
+ return rc;
}
#ifdef PANORAMIX
if (noPanoramiXExtension || !pcmp->pScreen->myNum)
@@ -2734,7 +2750,7 @@ ProcAllocNamedColor (ClientPtr client)
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2742,15 +2758,16 @@ int
ProcAllocColorCells (ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xAllocColorCellsReq);
REQUEST_SIZE_MATCH(xAllocColorCellsReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixAddAccess);
+ if (rc == Success)
{
xAllocColorCellsReply accr;
- int npixels, nmasks, retval;
+ int npixels, nmasks;
long length;
Pixel *ppixels, *pmasks;
@@ -2772,14 +2789,14 @@ ProcAllocColorCells (ClientPtr client)
return(BadAlloc);
pmasks = ppixels + npixels;
- if( (retval = AllocColorCells(client->index, pcmp, npixels, nmasks,
+ if( (rc = AllocColorCells(client->index, pcmp, npixels, nmasks,
(Bool)stuff->contiguous, ppixels, pmasks)) )
{
DEALLOCATE_LOCAL(ppixels);
if (client->noClientException != Success)
return(client->noClientException);
else
- return(retval);
+ return rc;
}
#ifdef PANORAMIX
if (noPanoramiXExtension || !pcmp->pScreen->myNum)
@@ -2800,7 +2817,7 @@ ProcAllocColorCells (ClientPtr client)
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2808,15 +2825,16 @@ int
ProcAllocColorPlanes(ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xAllocColorPlanesReq);
REQUEST_SIZE_MATCH(xAllocColorPlanesReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixAddAccess);
+ if (rc == Success)
{
xAllocColorPlanesReply acpr;
- int npixels, retval;
+ int npixels;
long length;
Pixel *ppixels;
@@ -2838,7 +2856,7 @@ ProcAllocColorPlanes(ClientPtr client)
ppixels = (Pixel *)ALLOCATE_LOCAL(length);
if(!ppixels)
return(BadAlloc);
- if( (retval = AllocColorPlanes(client->index, pcmp, npixels,
+ if( (rc = AllocColorPlanes(client->index, pcmp, npixels,
(int)stuff->red, (int)stuff->green, (int)stuff->blue,
(Bool)stuff->contiguous, ppixels,
&acpr.redMask, &acpr.greenMask, &acpr.blueMask)) )
@@ -2847,7 +2865,7 @@ ProcAllocColorPlanes(ClientPtr client)
if (client->noClientException != Success)
return(client->noClientException);
else
- return(retval);
+ return rc;
}
acpr.length = length >> 2;
#ifdef PANORAMIX
@@ -2864,7 +2882,7 @@ ProcAllocColorPlanes(ClientPtr client)
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2872,34 +2890,34 @@ int
ProcFreeColors(ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xFreeColorsReq);
REQUEST_AT_LEAST_SIZE(xFreeColorsReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixRemoveAccess);
+ if (rc == Success)
{
int count;
- int retval;
if(pcmp->flags & AllAllocated)
return(BadAccess);
count = ((client->req_len << 2)- sizeof(xFreeColorsReq)) >> 2;
- retval = FreeColors(pcmp, client->index, count,
+ rc = FreeColors(pcmp, client->index, count,
(Pixel *)&stuff[1], (Pixel)stuff->planeMask);
if (client->noClientException != Success)
return(client->noClientException);
else
{
client->errorValue = clientErrorValue;
- return(retval);
+ return rc;
}
}
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2907,33 +2925,33 @@ int
ProcStoreColors (ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xStoreColorsReq);
REQUEST_AT_LEAST_SIZE(xStoreColorsReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixWriteAccess);
+ if (rc == Success)
{
int count;
- int retval;
count = (client->req_len << 2) - sizeof(xStoreColorsReq);
if (count % sizeof(xColorItem))
return(BadLength);
count /= sizeof(xColorItem);
- retval = StoreColors(pcmp, count, (xColorItem *)&stuff[1]);
+ rc = StoreColors(pcmp, count, (xColorItem *)&stuff[1]);
if (client->noClientException != Success)
return(client->noClientException);
else
{
client->errorValue = clientErrorValue;
- return(retval);
+ return rc;
}
}
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2941,33 +2959,33 @@ int
ProcStoreNamedColor (ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xStoreNamedColorReq);
REQUEST_FIXED_SIZE(xStoreNamedColorReq, stuff->nbytes);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixWriteAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixWriteAccess);
+ if (rc == Success)
{
xColorItem def;
- int retval;
if(OsLookupColor(pcmp->pScreen->myNum, (char *)&stuff[1],
stuff->nbytes, &def.red, &def.green, &def.blue))
{
def.flags = stuff->flags;
def.pixel = stuff->pixel;
- retval = StoreColors(pcmp, 1, &def);
+ rc = StoreColors(pcmp, 1, &def);
if (client->noClientException != Success)
return(client->noClientException);
else
- return(retval);
+ return rc;
}
return (BadName);
}
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -2975,14 +2993,15 @@ int
ProcQueryColors(ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xQueryColorsReq);
REQUEST_AT_LEAST_SIZE(xQueryColorsReq);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixReadAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixReadAccess);
+ if (rc == Success)
{
- int count, retval;
+ int count;
xrgb *prgbs;
xQueryColorsReply qcr;
@@ -2990,7 +3009,7 @@ ProcQueryColors(ClientPtr client)
prgbs = (xrgb *)ALLOCATE_LOCAL(count * sizeof(xrgb));
if(!prgbs && count)
return(BadAlloc);
- if( (retval = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) )
+ if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) )
{
if (prgbs) DEALLOCATE_LOCAL(prgbs);
if (client->noClientException != Success)
@@ -2998,7 +3017,7 @@ ProcQueryColors(ClientPtr client)
else
{
client->errorValue = clientErrorValue;
- return (retval);
+ return rc;
}
}
qcr.type = X_Reply;
@@ -3018,7 +3037,7 @@ ProcQueryColors(ClientPtr client)
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
@@ -3026,12 +3045,13 @@ int
ProcLookupColor(ClientPtr client)
{
ColormapPtr pcmp;
+ int rc;
REQUEST(xLookupColorReq);
REQUEST_FIXED_SIZE(xLookupColorReq, stuff->nbytes);
- pcmp = (ColormapPtr)SecurityLookupIDByType(client, stuff->cmap,
- RT_COLORMAP, DixReadAccess);
- if (pcmp)
+ rc = dixLookupResource((pointer *)&pcmp, stuff->cmap, RT_COLORMAP, client,
+ DixReadAccess);
+ if (rc == Success)
{
xLookupColorReply lcr;
@@ -3056,7 +3076,7 @@ ProcLookupColor(ClientPtr client)
else
{
client->errorValue = stuff->cmap;
- return (BadColor);
+ return (rc == BadValue) ? BadColor : rc;
}
}
More information about the xorg-commit
mailing list