xserver: Branch 'master' - 4 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Fri Jan 25 16:23:46 PST 2008
Xext/Makefile.am | 2
Xext/xace.c | 198 +++---------------------------------
Xext/xace.h | 10 -
dix/dispatch.c | 5
hw/xfree86/dixmods/extmod/modinit.c | 9 +
hw/xfree86/dixmods/extmod/modinit.h | 5
mi/miinitext.c | 15 --
7 files changed, 35 insertions(+), 209 deletions(-)
New commits:
commit e915a2639752bc0ea9e6e192e020cc2031c08063
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 25 19:22:19 2008 -0500
xselinux: Move the extension to extmod instead of being built-in.
diff --git a/Xext/Makefile.am b/Xext/Makefile.am
index f57e599..648736d 100644
--- a/Xext/Makefile.am
+++ b/Xext/Makefile.am
@@ -76,7 +76,7 @@ endif
# requires X-ACE extension
XSELINUX_SRCS = xselinux.c xselinux.h
if XSELINUX
-BUILTIN_SRCS += $(XSELINUX_SRCS)
+MODULE_SRCS += $(XSELINUX_SRCS)
endif
# Security extension: multi-level security to protect clients from each other
diff --git a/hw/xfree86/dixmods/extmod/modinit.c b/hw/xfree86/dixmods/extmod/modinit.c
index acd7006..d0d892a 100644
--- a/hw/xfree86/dixmods/extmod/modinit.c
+++ b/hw/xfree86/dixmods/extmod/modinit.c
@@ -38,6 +38,15 @@ static MODULESETUPPROTO(extmodSetup);
* Array describing extensions to be initialized
*/
static ExtensionModule extensionModules[] = {
+#ifdef XSELINUX
+ {
+ SELinuxExtensionInit,
+ SELINUX_EXTENSION_NAME,
+ NULL,
+ NULL,
+ NULL
+ },
+#endif
#ifdef SHAPE
{
ShapeExtensionInit,
diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h
index 116cb2e..3c2e202 100644
--- a/hw/xfree86/dixmods/extmod/modinit.h
+++ b/hw/xfree86/dixmods/extmod/modinit.h
@@ -127,6 +127,7 @@ extern void ShmRegisterFuncs(
#ifdef XSELINUX
extern void SELinuxExtensionInit(INITARGS);
+#include "xselinux.h"
#endif
#if 1
diff --git a/mi/miinitext.c b/mi/miinitext.c
index 30cbc7a..261fac9 100644
--- a/mi/miinitext.c
+++ b/mi/miinitext.c
@@ -690,9 +690,6 @@ static ExtensionModule staticExtensions[] = {
#ifdef XCSECURITY
{ SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
#endif
-#ifdef XSELINUX
- { SELinuxExtensionInit, SELINUX_EXTENSION_NAME, NULL, NULL, NULL },
-#endif
#ifdef XPRINT
{ XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL },
#endif
commit f6a78ee143e3a3ad69538adf2b9675d724468ffa
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 25 18:04:10 2008 -0500
XACE: Remove the extension code entirely, XACE is completely static now.
diff --git a/Xext/xace.c b/Xext/xace.c
index 0b3baf6..0470e44 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -24,7 +24,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include <stdarg.h>
#include "scrnintstr.h"
#include "xacestr.h"
-#include "modinit.h"
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
@@ -222,14 +221,6 @@ int XaceHook(int hook, ...)
return prv ? *prv : Success;
}
-/* XaceExtensionInit
- *
- * Initialize the XACE Extension
- */
-void XaceExtensionInit(INITARGS)
-{
-}
-
/* XaceCensorImage
*
* Called after pScreen->GetImage to prevent pieces or trusted windows from
diff --git a/Xext/xace.h b/Xext/xace.h
index a8fac98..4100ba1 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -22,7 +22,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifdef XACE
-#define XACE_EXTENSION_NAME "XAccessControlExtension"
#define XACE_MAJOR_VERSION 2
#define XACE_MINOR_VERSION 0
diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h
index 99d714c..116cb2e 100644
--- a/hw/xfree86/dixmods/extmod/modinit.h
+++ b/hw/xfree86/dixmods/extmod/modinit.h
@@ -125,10 +125,6 @@ extern void ShmRegisterFuncs(
ShmFuncsPtr funcs);
#endif
-#ifdef XACE
-extern void XaceExtensionInit(INITARGS);
-#endif
-
#ifdef XSELINUX
extern void SELinuxExtensionInit(INITARGS);
#endif
diff --git a/mi/miinitext.c b/mi/miinitext.c
index b146907..30cbc7a 100644
--- a/mi/miinitext.c
+++ b/mi/miinitext.c
@@ -244,9 +244,6 @@ typedef void (*InitExtension)(INITARGS);
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#endif
-#ifdef XACE
-#include "xace.h"
-#endif
#ifdef XCSECURITY
#include "securitysrv.h"
#include <X11/extensions/securstr.h>
@@ -323,9 +320,6 @@ extern void DbeExtensionInit(INITARGS);
#ifdef XAPPGROUP
extern void XagExtensionInit(INITARGS);
#endif
-#ifdef XACE
-extern void XaceExtensionInit(INITARGS);
-#endif
#ifdef XCSECURITY
extern void SecurityExtensionInit(INITARGS);
#endif
@@ -599,9 +593,6 @@ InitExtensions(argc, argv)
#ifdef XAPPGROUP
if (!noXagExtension) XagExtensionInit();
#endif
-#ifdef XACE
- XaceExtensionInit();
-#endif
#ifdef XCSECURITY
if (!noSecurityExtension) SecurityExtensionInit();
#endif
@@ -696,9 +687,6 @@ static ExtensionModule staticExtensions[] = {
#ifdef XAPPGROUP
{ XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL },
#endif
-#ifdef XACE
- { XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL },
-#endif
#ifdef XCSECURITY
{ SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
#endif
commit 7724c30a751c653ca3e2e8a6752af27bc37de3f0
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 25 17:28:17 2008 -0500
XACE: Stop using fake requestVectors in favor of a simple hook call.
diff --git a/Xext/xace.c b/Xext/xace.c
index 6326735..0b3baf6 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -28,27 +28,28 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
-/* Proc vectors for untrusted clients, swapped and unswapped versions.
- * These are the same as the normal proc vectors except that extensions
- * that haven't declared themselves secure will have ProcBadRequest plugged
- * in for their major opcode dispatcher. This prevents untrusted clients
- * from guessing extension major opcodes and using the extension even though
- * the extension can't be listed or queried.
- */
-static int (*UntrustedProcVector[256])(
- ClientPtr /*client*/
-);
-static int (*SwappedUntrustedProcVector[256])(
- ClientPtr /*client*/
-);
-
/* Special-cased hook functions. Called by Xserver.
*/
-void XaceHookAuditBegin(ClientPtr ptr)
+int XaceHookDispatch(ClientPtr client, int major)
{
- XaceAuditRec rec = { ptr, 0 };
- /* call callbacks, there is no return value. */
+ /* Call the audit begin callback, there is no return value. */
+ XaceAuditRec rec = { client, 0 };
CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
+
+ if (major < 128) {
+ /* Call the core dispatch hook */
+ XaceCoreDispatchRec rec = { client, Success /* default allow */ };
+ CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec);
+ return rec.status;
+ } else {
+ /* Call the extension dispatch hook */
+ ExtensionEntry *ext = GetExtensionEntry(major);
+ XaceExtAccessRec rec = { client, ext, DixUseAccess, Success };
+ if (ext)
+ CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec);
+ /* On error, pretend extension doesn't exist */
+ return (rec.status == Success) ? Success : BadRequest;
+ }
}
void XaceHookAuditEnd(ClientPtr ptr, int result)
@@ -221,116 +222,12 @@ int XaceHook(int hook, ...)
return prv ? *prv : Success;
}
-static int
-XaceCatchDispatchProc(ClientPtr client)
-{
- REQUEST(xReq);
- int major = stuff->reqType;
- XaceCoreDispatchRec rec = { client, Success /* default allow */ };
-
- if (!ProcVector[major])
- return BadRequest;
-
- /* call callbacks and return result, if any. */
- CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec);
-
- if (rec.status != Success)
- return rec.status;
-
- return client->swapped ?
- (* SwappedProcVector[major])(client) :
- (* ProcVector[major])(client);
-}
-
-static int
-XaceCatchExtProc(ClientPtr client)
-{
- REQUEST(xReq);
- int major = stuff->reqType;
- ExtensionEntry *ext = GetExtensionEntry(major);
- XaceExtAccessRec rec = { client, ext, DixUseAccess, Success };
-
- if (!ext || !ProcVector[major])
- return BadRequest;
-
- /* call callbacks and return result, if any. */
- CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec);
-
- if (rec.status != Success)
- return BadRequest; /* pretend extension doesn't exist */
-
- return client->swapped ?
- (* SwappedProcVector[major])(client) :
- (* ProcVector[major])(client);
-}
-
-
-/* SecurityClientStateCallback
- *
- * Arguments:
- * pcbl is &ClientStateCallback.
- * nullata is NULL.
- * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h)
- * which contains information about client state changes.
- *
- * Returns: nothing.
- *
- * Side Effects:
- *
- * If a new client is connecting, its authorization ID is copied to
- * client->authID. If this is a generated authorization, its reference
- * count is bumped, its timer is cancelled if it was running, and its
- * trustlevel is copied to TRUSTLEVEL(client).
- *
- * If a client is disconnecting and the client was using a generated
- * authorization, the authorization's reference count is decremented, and
- * if it is now zero, the timer for this authorization is started.
- */
-
-static void
-XaceClientStateCallback(
- CallbackListPtr *pcbl,
- pointer nulldata,
- pointer calldata)
-{
- NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
- ClientPtr client = pci->client;
-
- switch (client->clientState)
- {
- case ClientStateRunning:
- {
- client->requestVector = client->swapped ?
- SwappedUntrustedProcVector : UntrustedProcVector;
- break;
- }
- default: break;
- }
-} /* XaceClientStateCallback */
-
/* XaceExtensionInit
*
* Initialize the XACE Extension
*/
void XaceExtensionInit(INITARGS)
{
- ExtensionEntry *extEntry;
- int i;
-
- if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL))
- return;
-
- /* initialize dispatching intercept functions */
- for (i = 0; i < 128; i++)
- {
- UntrustedProcVector[i] = XaceCatchDispatchProc;
- SwappedUntrustedProcVector[i] = XaceCatchDispatchProc;
- }
- for (i = 128; i < 256; i++)
- {
- UntrustedProcVector[i] = XaceCatchExtProc;
- SwappedUntrustedProcVector[i] = XaceCatchExtProc;
- }
}
/* XaceCensorImage
diff --git a/Xext/xace.h b/Xext/xace.h
index fdf91d1..a8fac98 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -65,8 +65,8 @@ extern int XaceHook(
/* Special-cased hook functions
*/
+extern int XaceHookDispatch(ClientPtr ptr, int major);
extern void XaceHookAuditEnd(ClientPtr ptr, int result);
-extern void XaceHookAuditBegin(ClientPtr ptr);
/* Register a callback for a given hook.
*/
@@ -101,13 +101,13 @@ extern void XaceCensorImage(
#ifdef __GNUC__
#define XaceHook(args...) Success
+#define XaceHookDispatch(args...) Success
#define XaceHookAuditEnd(args...) { ; }
-#define XaceHookAuditBegin(args...) { ; }
#define XaceCensorImage(args...) { ; }
#else
#define XaceHook(...) Success
+#define XaceHookDispatch(...) Success
#define XaceHookAuditEnd(...) { ; }
-#define XaceHookAuditBegin(...) { ; }
#define XaceCensorImage(...) { ; }
#endif
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 004509c..663bf7d 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -463,8 +463,9 @@ Dispatch(void)
if (result > (maxBigRequestSize << 2))
result = BadLength;
else {
- XaceHookAuditBegin(client);
- result = (* client->requestVector[MAJOROP])(client);
+ result = XaceHookDispatch(client, MAJOROP);
+ if (result == Success)
+ result = (* client->requestVector[MAJOROP])(client);
XaceHookAuditEnd(client, result);
}
#ifdef XSERVER_DTRACE
commit f82329b0811469ddae5c44dcfffa38185c11a67c
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 25 16:20:46 2008 -0500
XACE: Don't need to actually register a protocol extension.
diff --git a/Xext/xace.c b/Xext/xace.c
index e85a517..6326735 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -222,51 +222,6 @@ int XaceHook(int hook, ...)
}
static int
-ProcXaceDispatch(ClientPtr client)
-{
- REQUEST(xReq);
-
- switch (stuff->data)
- {
- default:
- return BadRequest;
- }
-} /* ProcXaceDispatch */
-
-static int
-SProcXaceDispatch(ClientPtr client)
-{
- REQUEST(xReq);
-
- switch (stuff->data)
- {
- default:
- return BadRequest;
- }
-} /* SProcXaceDispatch */
-
-
-/* XaceResetProc
- *
- * Arguments:
- * extEntry is the extension information for the XACE extension.
- *
- * Returns: nothing.
- *
- * Side Effects:
- * Performs any cleanup needed by XACE at server shutdown time.
- */
-static void
-XaceResetProc(ExtensionEntry *extEntry)
-{
- int i;
-
- for (i=0; i<XACE_NUM_HOOKS; i++)
- DeleteCallbackList(&XaceHooks[i]);
-} /* XaceResetProc */
-
-
-static int
XaceCatchDispatchProc(ClientPtr client)
{
REQUEST(xReq);
@@ -365,11 +320,6 @@ void XaceExtensionInit(INITARGS)
if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL))
return;
- extEntry = AddExtension(XACE_EXTENSION_NAME,
- XaceNumberEvents, XaceNumberErrors,
- ProcXaceDispatch, SProcXaceDispatch,
- XaceResetProc, StandardMinorOpcode);
-
/* initialize dispatching intercept functions */
for (i = 0; i < 128; i++)
{
diff --git a/Xext/xace.h b/Xext/xace.h
index 6f92290..fdf91d1 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -29,9 +29,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "pixmap.h" /* for DrawablePtr */
#include "regionstr.h" /* for RegionPtr */
-#define XaceNumberEvents 0
-#define XaceNumberErrors 0
-
/* Default window background */
#define XaceBackgroundNoneState None
More information about the xorg-commit
mailing list