upstream/oracle/x-cons/x-s12-clone: comparison open-src/xserver/xorg/sun-src/tsol/tsolextension.c

equal deleted inserted replaced

-:e5259db5befc
+:068c11b419c9
-/* Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+/* Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 *
 * Except as contained in this notice, the name of a copyright holder
 * shall not be used in advertising or otherwise to promote the sale, use
 * or other dealings in this Software without prior written authorization
 * of the copyright holder.
 */
-#pragma ident   "@(#)tsolextension.c 1.30     08/07/21 SMI"
+#pragma ident   "@(#)tsolextension.c 1.31     09/01/14 SMI"
 #include <stdio.h>
 #include "auditwrite.h"
 #include <bsm/libbsm.h>
 #include <bsm/audit_uevents.h>
 #include "osdep.h"
 #include <X11/Xauth.h>
 #include "tsol.h"
 #include "inputstr.h"
 #include "extnsionst.h"
+#include "dixstruct.h"
+#include "xace.h"
+#include "xacestr.h"
 #ifdef PANORAMIX
 #include "../Xext/panoramiXsrv.h"
 #endif
 #ifdef XCSECURITY
 #define _SECURITY_SERVER
 #include "security.h"
+#include "../Xext/securitysrv.h"
 #endif
 #include "tsolpolicy.h"
 #define  BadCmapCookie      0
 #define  Tsolextension      0x0080    /* Tsol extensions begin at 128 */
 #define EXTNSIZE 128
 #define SECURE_RPC_AUTH	"SUN-DES-1"
 #define SECURE_RPC_LEN	9
-extern bslabel_t *lookupSL();
+#define CALLBACK(name) void \
-extern void (*ReplySwapVector[]) ();
+name(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
-extern TsolInfoPtr GetClientTsolInfo();
-extern char *NameForAtom(Atom atom);
 static int ProcTsolDispatch(ClientPtr);
 static int ProcSetPolyInstInfo(ClientPtr);
 static int ProcSetPropLabel(ClientPtr);
 static int ProcSetPropUID(ClientPtr);
 static int SProcGetResAttributes(ClientPtr);
 static int SProcMakeTPWindow(ClientPtr);
 static int SProcMakeTrustedWindow(ClientPtr);
 static int SProcMakeUntrustedWindow(ClientPtr);
-static void TsolReset();
+static void TsolReset(ExtensionEntry *extension);
 static void BreakAllGrabs(ClientPtr client);
-extern void init_xtsol();
+extern void init_xtsol(void);
-extern void init_win_privsets();
-extern void free_win_privsets();
 extern int DoScreenStripeHeight(int screen_num);
 extern int AddUID(int *userid);
 static unsigned char TsolReqCode = 0;
 static int tsolEventBase = -1;
 extern unsigned int StripeHeight;
 int ScreenStripeHeight[MAX_SCREENS - 1] = {0, 0};
-extern int tsolClientPrivateIndex;
-extern int tsolWindowPrivateIndex;
-extern int tsolPixmapPrivateIndex;
 static HotKeyRec hotkey = {FALSE, 0, 0, 0, 0};
 int tsolMultiLevel = TRUE;
 extern WindowPtr tpwin;
 extern bclear_t SessionHI;        /* HI Clearance */
 extern bclear_t SessionLO;        /* LO Clearance */
 extern TsolPolyInstInfoRec tsolpolyinstinfo;
-extern void LoadTsolConfig();
+extern void LoadTsolConfig(void);
-extern void MakeTSOLAtoms();
+extern void MakeTSOLAtoms(void);
-extern void UpdateTsolNode();
+extern void UpdateTsolNode(void);
-/*
-* Protocol handling vectors
-*/
-extern int (*ProcVector[])();
-extern int (*SwappedProcVector[])();
 int (*TsolSavedProcVector[PROCVECTORSIZE])(ClientPtr client);
 int (*TsolSavedSwappedProcVector[PROCVECTORSIZE])(ClientPtr client);
 extern SecurityHookPtr pSecHook;
 SecurityHook tsolSecHook;
 XID TsolCheckAuthorization (unsigned int name_length,
 	char *name, unsigned int data_length,
 	char *data, ClientPtr client, char **reason);
 void TsolDeleteClientFromAnySelections(ClientPtr);
 void TsolDeleteWindowFromAnySelections(WindowPtr);
 extern int TsolChangeWindowProperty(ClientPtr, WindowPtr, Atom, Atom, int, int,
 	unsigned long, pointer, Bool);
 extern int TsolDeleteProperty(ClientPtr, WindowPtr, Atom);
 extern int TsolInitWindow(ClientPtr, WindowPtr);
-extern void TsolAuditStart(ClientPtr);
-extern void TsolAuditEnd(ClientPtr, int);
-static void TsolClientStateCallback(CallbackListPtr *pcbl,
-	pointer nulldata, pointer calldata);
 static void TsolSetClientInfo(ClientPtr client);
-static void TsolProcessKeyboard(xEvent *, KeyClassPtr);
-static char TsolCheckPropertyAccess(ClientPtr client, WindowPtr pWin, ATOM propertyName,
+/* XACE hook callbacks */
-	Mask access_mode);
+static CALLBACK(TsolCheckExtensionAccess);
+static CALLBACK(TsolCheckPropertyAccess);
+static CALLBACK(TsolCheckResourceIDAccess);
+static CALLBACK(TsolProcessKeyboard);
+extern CALLBACK(TsolAuditStart);
+extern CALLBACK(TsolAuditEnd);
+/* other callbacks */
+static CALLBACK(TsolClientStateCallback);
 extern int ProcTsolInternAtom(ClientPtr client);
 extern int ProcTsolSetSelectionOwner(ClientPtr client);
 extern int ProcTsolGetSelectionOwner(ClientPtr client);
 extern int ProcTsolConvertSelection(ClientPtr client);
 * Initialize the extension. Main entry point for this loadable
 * module.
 */
 void
-TsolExtensionInit()
+TsolExtensionInit(void)
 {
 	ExtensionEntry *extEntry;
-	ScreenPtr pScreen;
 	int i;
-	priv_set_t	*pset;
 	/* sleep(20); */
 	/* This extension is supported on a labeled system */
 	if (!is_system_labeled()) {
 	init_xtsol();
 	init_win_privsets();
 	extEntry = AddExtension(TSOLNAME, TSOL_NUM_EVENTS, TSOL_NUM_ERRORS,
 		ProcTsolDispatch, SProcTsolDispatch, TsolReset,
 		StandardMinorOpcode);
 	if (extEntry == NULL) {
 		ErrorF("TsolExtensionInit: AddExtension failed for X Trusted Extensions\n");
 		return;
 	}
-	extEntry->secure = TRUE;
 TsolReqCode = (unsigned char) extEntry->base;
 tsolEventBase = extEntry->eventBase;
 	if (!AddCallback(&ClientStateCallback, TsolClientStateCallback, NULL))
 		return;
-	/* Allocate the client private index */
+	/* Allocate storage in devPrivates */
-	tsolClientPrivateIndex = AllocateClientPrivateIndex();
+	if (!dixRequestPrivate(tsolPrivKey, sizeof (TsolPrivRec))) {
-	if (!AllocateClientPrivate(tsolClientPrivateIndex,
+		ErrorF("TsolExtensionInit: Cannot allocate devPrivate.\n");
-		   sizeof (TsolInfoRec))) {
-		ErrorF("TsolExtensionInit: Cannot allocate client private.\n");
 		return;
-	}
-	/* Allocate per screen window/pixmap private index */
-	tsolWindowPrivateIndex = AllocateWindowPrivateIndex();
-	tsolPixmapPrivateIndex = AllocatePixmapPrivateIndex();
-	for (i = 0; i < screenInfo.numScreens; i++) {
-		pScreen = screenInfo.screens[i];
-		if (!AllocateWindowPrivate(pScreen, tsolWindowPrivateIndex,
-			   sizeof (TsolResRec))) {
-			ErrorF("TsolExtensionInit: Cannot allocate window private.\n");
-		return;
-		}
-		if (!AllocatePixmapPrivate(pScreen, tsolPixmapPrivateIndex,
-sizeof (TsolResRec))) {
-			ErrorF("TsolExtensionInit: Cannot allocate pixmap private.\n");
-			return;
-		}
 	}
 	LoadTsolConfig();
 	MakeTSOLAtoms();
 	UpdateTsolNode();
+	/* Initialize security hooks */
+	tsolSecHook.CheckAuthorization = TsolCheckAuthorization;
+	tsolSecHook.ChangeWindowProperty = TsolChangeWindowProperty;
+	tsolSecHook.DeleteProperty = TsolDeleteProperty;
+	tsolSecHook.DeleteClientFromAnySelections = TsolDeleteClientFromAnySelections;
+	tsolSecHook.DeleteWindowFromAnySelections = TsolDeleteWindowFromAnySelections;
+	pSecHook = &tsolSecHook;
+	XaceRegisterCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess,
+			     NULL);
+	XaceRegisterCallback(XACE_PROPERTY_ACCESS, TsolCheckPropertyAccess,
+			     NULL);
+	XaceRegisterCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL);
+	XaceRegisterCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL);
+	XaceRegisterCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL);
+	XaceRegisterCallback(XACE_AUDIT_END, TsolAuditEnd, NULL);
 	/* Save original Proc vectors */
 	for (i = 0; i < PROCVECTORSIZE; i++) {
 		TsolSavedProcVector[i] = ProcVector[i];
 		TsolSavedSwappedProcVector[i] = SwappedProcVector[i];
 	}
-	/* Initialize security hooks */
-	tsolSecHook.CheckAuthorization = TsolCheckAuthorization;
-	tsolSecHook.ChangeWindowProperty = TsolChangeWindowProperty;
-	tsolSecHook.CheckPropertyAccess = TsolCheckPropertyAccess;
-	tsolSecHook.DeleteProperty = TsolDeleteProperty;
-	tsolSecHook.InitWindow = TsolInitWindow;
-	tsolSecHook.ProcessKeyboard = TsolProcessKeyboard;
-	tsolSecHook.DeleteClientFromAnySelections = TsolDeleteClientFromAnySelections;
-	tsolSecHook.DeleteWindowFromAnySelections = TsolDeleteWindowFromAnySelections;
-	tsolSecHook.AuditStart = TsolAuditStart;
-	tsolSecHook.AuditEnd = TsolAuditEnd;
-	pSecHook = &tsolSecHook;
 	/* Replace some of the original Proc vectors with our own TBD */
 	ProcVector[X_InternAtom] = ProcTsolInternAtom;
 	ProcVector[X_SetSelectionOwner] = ProcTsolSetSelectionOwner;
 	ProcVector[X_GetSelectionOwner] = ProcTsolGetSelectionOwner;
 	ProcVector[X_PolySegment] = ProcTsolPolySegment;
 	ProcVector[X_PolyRectangle] = ProcTsolPolyRectangle;
 }
-static pointer
+static CALLBACK(
-TsolCheckResourceIDAccess(
+TsolCheckResourceIDAccess)
-ClientPtr client,
+{
-XID id,
+XaceResourceAccessRec *rec = calldata;
-RESTYPE rtype,
+ClientPtr client = rec->client;
-Mask access_mode,
+XID id = rec->id;
-pointer rval)
+RESTYPE rtype = rec->rtype;
-{
+pointer rval = rec->res;
+Mask access_mode = rec->access_mode;
 int cid = CLIENT_ID(id);
-int reqtype = ((xReq *)client->requestBuffer)->reqType;  /* protocol */
+int reqtype;
-pointer retval;
-char msgbuf[1024];
+if (client->requestBuffer) {
+	reqtype = MAJOROP;  /* protocol */
+} else {
-retval = rval;
+	reqtype = -1;
+}
 switch (rtype) {
-	case RT_GC:
+case RT_GC:
-		switch (access_mode) {
+	    if (access_mode & DixReadAccess) {
-		case SecurityReadAccess:
+		if (xtsol_policy(TSOL_RES_GC, TSOL_READ, (void *)id,
-		    if (xtsol_policy(TSOL_RES_GC, TSOL_READ, (void *)id,
+				 client, TSOL_ALL, (void *)MAJOROP))
-			client, TSOL_ALL, (void *)MAJOROP))
+		    rec->status = BadAccess;
-				retval = NULL;
+	    }
-		    break;
+	    if (access_mode & DixWriteAccess) {
-		case SecurityWriteAccess:
+		if (xtsol_policy(TSOL_RES_GC, TSOL_MODIFY, (void *)id,
-		    if (xtsol_policy(TSOL_RES_GC, TSOL_MODIFY, (void *)id,
+				 client, TSOL_ALL, (void *)MAJOROP))
-			client, TSOL_ALL, (void *)MAJOROP))
+		    rec->status = BadAccess;
-				retval = NULL;
+	    }
-		    break;
+	    if (access_mode & DixDestroyAccess) {
-		case SecurityDestroyAccess:
+		if (xtsol_policy(TSOL_RES_GC, TSOL_DESTROY, (void *)id,
-		    if (xtsol_policy(TSOL_RES_GC, TSOL_DESTROY, (void *)id,
+				 client, TSOL_ALL, (void *)MAJOROP))
-			client, TSOL_ALL, (void *)MAJOROP))
+		    rec->status = BadAccess;
-				retval = NULL;
+	    }
-		    break;
+	    break;
-		}
-		break;
 	case RT_WINDOW:		/* Drawables */
+	    if (access_mode & DixCreateAccess) {
+		/* Replaces InitWindow hook */
+		TsolInitWindow(client, (WindowPtr) rval);
+	    }
+	    /* The rest falls through to code shared with RT_PIXMAP */
 	case RT_PIXMAP:
 	    /* Drawing operations use pixel access policy */
 	    switch (reqtype) {
 		case X_PolyPoint:
 		case X_PolyLine:
 		case X_PutImage:
 		case X_PolyText8:
 		case X_PolyText16:
 		case X_ImageText8:
 		case X_ImageText16:
-		switch (access_mode) {
+		    if (access_mode & DixReadAccess) {
-		case SecurityReadAccess:
+			if (xtsol_policy(TSOL_RES_PIXEL, TSOL_READ,
-		    if (xtsol_policy(TSOL_RES_PIXEL, TSOL_READ, (void *)rval,
+					 (void *)rval, client, TSOL_ALL,
-			client, TSOL_ALL, (void *)MAJOROP))
+					 (void *)MAJOROP))
-				retval = NULL;
+			    rec->status = BadAccess;
-		    break;
+		    }
-		case SecurityWriteAccess:
+		    if (access_mode & DixWriteAccess) {
-		    if (xtsol_policy(TSOL_RES_PIXEL, TSOL_MODIFY, (void *)rval,
+			if (xtsol_policy(TSOL_RES_PIXEL, TSOL_MODIFY,
-			client, TSOL_ALL, (void *)MAJOROP))
+					 (void *)rval, client, TSOL_ALL,
-				retval = NULL;
+					 (void *)MAJOROP))
-		    break;
+			    rec->status = BadAccess;
-		}
+		    }
 		break;
 		/* Property protocols */
 		case X_ChangeProperty:
 		case X_DeleteProperty:
 		case X_GetProperty:
 		case X_ListProperties:
 		case X_RotateProperties:
-		switch (access_mode) {
+		    if (access_mode & DixReadAccess) {
-		case SecurityReadAccess:
+			if (xtsol_policy(TSOL_RES_PROPWIN, TSOL_READ,
-		    if (xtsol_policy(TSOL_RES_PROPWIN, TSOL_READ, (void *)rval,
+					 (void *)rval, client, TSOL_ALL,
-			client, TSOL_ALL, (void *)MAJOROP))
+					 (void *)MAJOROP))
-				retval = NULL;
+			    rec->status = BadAccess;
+		    }
+		    if (access_mode & DixWriteAccess) {
+			if (xtsol_policy(TSOL_RES_PROPWIN, TSOL_MODIFY,
+					 (void *)rval, client, TSOL_ALL,
+					 (void *)MAJOROP))
+			    rec->status = BadAccess;
+		    }
 		    break;
+	    }
-		case SecurityWriteAccess:
+	    break;
-		    if (xtsol_policy(TSOL_RES_PROPWIN, TSOL_MODIFY, (void *)rval,
+}
-			client, TSOL_ALL, (void *)MAJOROP))
-				retval = NULL;
+if (rec->status == BadAccess) {
-		    break;
+	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-		}
-		break;
+	ErrorF("Access failed: cid = %d, rtype=%X, access=%d,"
-		}
+	       " xid=%X, proto = %d, pid = %d\n",
-		break;
+	       cid, (uint_t) rtype, access_mode, id, reqtype, tsolinfo->pid);
 }
+}
-if (retval == NULL) {
-	TsolInfoPtr tsolinfo, res_tsolinfo;
+static
-	tsolinfo = GetClientTsolInfo(client);
+CALLBACK(TsolClientStateCallback)
-	snprintf(msgbuf, sizeof (msgbuf),
-	    "Access failed: cid = %d, rtype=%X, access=%d, xid=%X, proto = %d, pid = %d\n",
-		cid, rtype, access_mode, id, reqtype, tsolinfo->pid);
-	ErrorF(msgbuf);
-}
-return retval;
-}
-static void
-TsolClientStateCallback(CallbackListPtr *pcbl,
-	pointer nulldata,
-	pointer calldata)
 {
 	NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
 	ClientPtr client = pci->client;
-	TsolInfoPtr tsolinfo = (TsolInfoPtr)
+	TsolInfoPtr tsolinfo = TsolClientPriv(client);
-		(client->devPrivates[tsolClientPrivateIndex].ptr);
 	switch (client->clientState) {
 	case ClientStateInitial:
 		/* Got a new connection */
 		TsolSetClientInfo(client);
-		client->CheckAccess = TsolCheckResourceIDAccess;
 		break;
 	case ClientStateRunning:
 		break;
 	}
 }
 static void
-TsolReset()
+TsolReset(ExtensionEntry *extension)
 {
-	free_win_privsets();
+free_win_privsets();
+XaceDeleteCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, NULL);
+XaceDeleteCallback(XACE_PROPERTY_ACCESS, TsolCheckPropertyAccess, NULL);
+XaceDeleteCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL);
+XaceDeleteCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL);
+XaceDeleteCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL);
+XaceDeleteCallback(XACE_AUDIT_END, TsolAuditEnd, NULL);
 }
 /*
 * Dispatch routine
 *
 */
 static int
-ProcTsolDispatch(client)
+ProcTsolDispatch(register ClientPtr client)
-register ClientPtr client;
 {
 int retval;
 REQUEST(xReq);
 case X_GetClientLabel:
 retval = ProcGetClientLabel(client);
 break;
 case X_GetPropAttributes:
 retval =  ProcGetPropAttributes(client);
 break;
 case X_GetResAttributes:
 retval =  ProcGetResAttributes(client);
 break;
 case X_MakeTPWindow:
 retval =  ProcMakeTPWindow(client);
 return (retval);
 }
 static int
-SProcTsolDispatch(client)
+SProcTsolDispatch(register ClientPtr client)
-register ClientPtr client;
 {
 int n;
 int retval;
 REQUEST(xReq);
 case X_GetClientLabel:
 retval = SProcGetClientLabel(client);
 break;
 case X_GetPropAttributes:
 retval =  SProcGetPropAttributes(client);
 break;
 case X_GetResAttributes:
 retval =  SProcGetResAttributes(client);
 break;
 case X_MakeTPWindow:
 retval =  SProcMakeTPWindow(client);
 return (ProcMakeUntrustedWindow(client));
 }
 /*
 * Set PolyInstantiation Info.
 * Normally a get(prop) will
 * get the prop. that has match sl, uid of the client. Setting
 * enabled to true will get only the prop. corresponding to
 * sl, uid specified instead of that of client. This is used
 * by dtwm/dtfile in special motif lib.
 */
 static int
 ProcSetPolyInstInfo(ClientPtr client)
 {
 bslabel_t *sl;
 ProcSetPropLabel(ClientPtr client)
 {
 bslabel_t   *sl;
 WindowPtr    pWin;
 TsolPropPtr  tsolprop;
+TsolPropPtr *tsolpropP;
 PropertyPtr  pProp;
 int          err_code;
 REQUEST(xSetPropLabelReq);
 REQUEST_AT_LEAST_SIZE(xSetPropLabelReq);
 client->errorValue = stuff->atom;
 return (BadAtom);
 }
 /* Initialize property created internally by server */
-if (pProp->secPrivate == NULL)
+tsolpropP = TsolPropertyPriv(pProp);
-{
+if (*tsolpropP == NULL)
-pProp->secPrivate = (pointer)AllocServerTsolProp();
+{
-if (pProp->secPrivate == NULL)
+*tsolpropP = (pointer)AllocServerTsolProp();
+if (*tsolpropP == NULL)
 	    return(BadAlloc);
 }
-tsolprop = (TsolPropPtr)(pProp->secPrivate);
+tsolprop = *tsolpropP;
 sl = (bslabel_t *)(stuff + 1);
 if (!blequal(tsolprop->sl, sl))
 {
 	{
 	    return (err_code);
 	}
 	tsolprop->sl = lookupSL(sl);
 }
 return (client->noClientException);
 }
 static int
 ProcSetPropUID(ClientPtr client)
 {
 WindowPtr   pWin;
 TsolPropPtr tsolprop;
+TsolPropPtr *tsolpropP;
 PropertyPtr pProp;
 int         err_code;
 REQUEST(xSetPropUIDReq);
 REQUEST_SIZE_MATCH(xSetPropUIDReq);
 pWin = LookupWindow(stuff->id, client);
 if (!pWin)
 {
 client->errorValue = stuff->id;
 return (BadWindow);
 client, TSOL_ALL, (void *)MAJOROP))
 {
 return (err_code);
 }
 /* Initialize property created internally by server */
-if (pProp->secPrivate == NULL)
+tsolpropP = TsolPropertyPriv(pProp);
-{
+if (*tsolpropP == NULL)
-pProp->secPrivate = (pointer)AllocServerTsolProp();
+{
-if (pProp->secPrivate == NULL)
+*tsolpropP = AllocServerTsolProp();
-	    return(BadAlloc);
+if (*tsolpropP == NULL)
-}
+	    return (BadAlloc);
+}
-tsolprop = (TsolPropPtr)(pProp->secPrivate);
+tsolprop = *tsolpropP;
 tsolprop->uid = stuff->uid;
 return (client->noClientException);
 }
 bslabel_t  *sl;
 PixmapPtr   pMap;
 WindowPtr   pWin;
 xEvent      message;
 TsolResPtr  tsolres;
-DrawablePtr pDraw;
 int         err_code;
 REQUEST(xSetResLabelReq);
 REQUEST_AT_LEAST_SIZE(xSetResLabelReq);
 sl = (bslabel_t *)(stuff + 1);
 return (client->noClientException);
 case IsWindow:
 pWin = LookupWindow(stuff->id, client);
 if (pWin)
 {
-tsolres =
+tsolres = TsolWindowPriv(pWin);
-(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
 }
 else
 {
 client->errorValue = stuff->id;
 return (BadWindow);
 break;
 case IsPixmap:
 pMap = (PixmapPtr)LookupIDByType(stuff->id, RT_PIXMAP);
 if (pMap)
 {
-tsolres =
+tsolres = TsolPixmapPriv(pMap);
-(TsolResPtr)(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
 }
 else
 {
 client->errorValue = stuff->id;
 return (BadPixmap);
 return (client->noClientException);
 case IsWindow:
 pWin = LookupWindow(stuff->id, client);
 if (pWin)
 {
-tsolres =
+tsolres = TsolWindowPriv(pWin);
-(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
 }
 else
 {
 client->errorValue = stuff->id;
 return (BadWindow);
 break;
 case IsPixmap:
 pMap = (PixmapPtr)LookupIDByType(stuff->id, RT_PIXMAP);
 if (pMap)
 {
-tsolres =
+tsolres = TsolPixmapPriv(pMap);
-(TsolResPtr)(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
 }
 else
 {
 client->errorValue = stuff->id;
 return (BadPixmap);
 }
 break;
 default:
 return (BadValue);
 }
 if (err_code = xtsol_policy(TSOL_RES_UID, TSOL_MODIFY, NULL,
 client, TSOL_ALL, (void *)MAJOROP))
 {
 return (err_code);
 }
 ClientPtr   res_client; /* resource owner client */
 TsolInfoPtr tsolinfo, res_tsolinfo;
 WindowPtr	pWin;
 xGetClientAttributesReply rep;
 REQUEST(xGetClientAttributesReq);
 REQUEST_SIZE_MATCH(xGetClientAttributesReq);
 /* Valid window check */
 /* Valid window check */
 res_tsolinfo = GetClientTsolInfo(res_client);
 /* Transfer the client info to reply rec */
 rep.type = X_Reply;
 rep.sequenceNumber = client->sequence;
 rep.trustflag = (res_tsolinfo->forced_trust == 1
 	|| res_tsolinfo->trusted_path) ? (BYTE)1 : (BYTE)0;
 rep.uid = (CARD32) res_tsolinfo->uid;
 rep.pid = (CARD32) res_tsolinfo->pid;
 rep.gid = (CARD32) res_tsolinfo->gid;
 rep.auditid = (CARD32) res_tsolinfo->auid;
 /* Transfer the client info to reply rec */
 rep.type = X_Reply;
 rep.sequenceNumber = client->sequence;
 /* allocate temp storage for labels */
-sl = (bslabel_t *)(ALLOCATE_LOCAL(SL_SIZE));
+sl = (bslabel_t *)(xalloc(SL_SIZE));
 rep.data00 = rep.data01 = 0;
 if (sl == NULL)
 return (BadAlloc);
 /* fill the fields as per request mask */
 if (stuff->mask & RES_SL)
 {
 memcpy(sl, res_tsolinfo->sl, SL_SIZE);
 rep.data00 = SL_SIZE;
 }
 rep.length = (CARD32)(rep.data00)/4;
 if (rep.length > 0)
 {
 reply_length = rep.length*4;
 if (write_to_client == 1)
 {
 WriteToClient(client, reply_length, (char *)sl);
 }
-DEALLOCATE_LOCAL(sl);
+xfree(sl);
 return (client->noClientException);
 }
 static int
 ProcGetPropAttributes(ClientPtr client)
 {
 int          n;
 int          reply_length;
-int          extralen;
 int          err_code;
 Bool         write_to_client = 0;
 PropertyPtr  pProp;
 bslabel_t   *sl;
 WindowPtr    pWin;
 REQUEST(xGetPropAttributesReq);
 REQUEST_SIZE_MATCH(xGetPropAttributesReq);
 pWin = LookupWindow(stuff->id, client);
-if (pWin)
+if (!pWin)
-{
-tsolprop = (TsolPropPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
-}
-else
 {
 client->errorValue = stuff->id;
 return (BadWindow);
 }
 if (err_code = xtsol_policy(TSOL_RES_WINDOW, TSOL_READ, pWin,
 {
 /* property does not exist */
 client->errorValue = stuff->atom;
 return (BadAtom);
 }
-tsolprop = (TsolPropPtr)(pProp->secPrivate);
+tsolprop = TsolPropertyPriv(pProp);
 tmp_prop = tsolprop;
 while (tmp_prop)
 {
 if (tsolpolyinstinfo.enabled)
 {
 {
 rep.uid = tsolprop->uid;
 }
 /* allocate temp storage for labels */
-sl = (bslabel_t *)(ALLOCATE_LOCAL(SL_SIZE));
+sl = (bslabel_t *)(xalloc(SL_SIZE));
 rep.sllength = rep.illength = 0;
 if (sl == NULL)
 return (BadAlloc);
 /* fill the fields as per request mask */
 if (stuff->mask & RES_SL)
 {
 memcpy(sl, tsolprop->sl, SL_SIZE);
 rep.sllength = SL_SIZE;
 if (write_to_client == 1)
 {
 WriteToClient(client, reply_length, (char *)sl);
 }
-DEALLOCATE_LOCAL(sl);
+xfree(sl);
 return (client->noClientException);
 }
 static int
 ProcGetResAttributes(ClientPtr client)
 {
 int         n;
 int         reply_length;
-int         extralen;
 int         err_code;
 Bool        write_to_client = 0;
 bslabel_t  *sl;
 PixmapPtr   pMap;
 WindowPtr   pWin;
 }
 if (stuff->mask & RES_OUID)
 {
 rep.owneruid = OwnerUID;
 }
 if (stuff->resourceType == IsWindow &&
 (stuff->mask & (RES_UID | RES_SL )))
 {
 pWin = LookupWindow(stuff->id, client);
 if (pWin)
 {
-tsolres = (TsolResPtr)
+tsolres = TsolWindowPriv(pWin);
-(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
 }
 else
 {
 client->errorValue = stuff->id;
 return (BadWindow);
 client, TSOL_ALL, (void *)MAJOROP))
 {
 return (err_code);
 }
 }
 if (stuff->resourceType == IsPixmap &&
 (stuff->mask & (RES_UID | RES_SL )))
 {
 pMap = (PixmapPtr)LookupIDByType(stuff->id, RT_PIXMAP);
 if (pMap)
 {
-tsolres = (TsolResPtr)
+tsolres = TsolPixmapPriv(pMap);
-(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
 }
 else
 {
 client->errorValue = stuff->id;
 return (BadPixmap);
 {
 rep.uid = tsolres->uid;
 }
 /* allocate temp storage for labels */
-sl = (bslabel_t *)(ALLOCATE_LOCAL(SL_SIZE));
+sl = (bslabel_t *)(xalloc(SL_SIZE));
 rep.sllength = rep.illength = rep.iillength = 0;
 if (sl == NULL)
 return (BadAlloc);
 /* fill the fields as per request mask */
 if (stuff->mask & RES_SL)
 {
 memcpy(sl, tsolres->sl, SL_SIZE);
 rep.sllength = SL_SIZE;
 if (write_to_client == 1)
 {
 WriteToClient(client, reply_length, (char *)sl);
 }
-DEALLOCATE_LOCAL(sl);
+xfree(sl);
 return (client->noClientException);
 }
 int
 REQUEST(xMakeTPWindowReq);
 REQUEST_SIZE_MATCH(xMakeTPWindowReq);
 /*
 * Session type single-level? This is set by the
 * label builder
 */
 tsolinfo = GetClientTsolInfo(client);
 if (tsolinfo && HasTrustedPath(tsolinfo) &&
 		blequal(&SessionLO, &SessionHI) && stuff->id == 0) {
 	tsolMultiLevel = FALSE;
 	return (client->noClientException);
 }
 #if defined(PANORAMIX)
 if (!noPanoramiXExtension)
 {
-#if defined(IN_MODULE)
-	/* Xorg X server */
 PanoramiXRes     *panres = NULL;
 int         j;
 	if ((panres = (PanoramiXRes *)LookupIDByType(stuff->id, XRT_WINDOW))
 		== NULL)
 		{
 		    tpwin = (WindowPtr)NULL;
 		    ReflectStackChange(pWin, pParent->firstChild, VTStack);
 		}
 	}
-#else
+} else
-	/* Xsun X server */
-PanoramiXWindow     *pPanoramiXWin = PanoramiXWinRoot;
-int         j;
-PANORAMIXFIND_ID(pPanoramiXWin, stuff->id);
-IF_RETURN(!pPanoramiXWin, BadWindow);
-	FOR_NSCREENS_OR_ONCE(pPanoramiXWin, j)
-	{
-		pWin = LookupWindow(pPanoramiXWin->info[j].id, client);
-		/* window should not be root but child of root */
-		if (!pWin || (!pWin->parent))
-		{
-		    client->errorValue = stuff->id;
-		    return (BadWindow);
-		}
-		if (err_code = xtsol_policy(TSOL_RES_TPWIN, TSOL_MODIFY, pWin,
-					client, TSOL_ALL, (void *)MAJOROP))
-		{
-		    return (err_code);
-		}
-		pParent = pWin->parent;
-		if (pParent->firstChild != pWin)
-		{
-		    tpwin = (WindowPtr)NULL;
-		    ReflectStackChange(pWin, pParent->firstChild, VTStack);
-		}
-	}
-#endif
-} else
 #endif
 {
 	pWin = LookupWindow(stuff->id, client);
 	/* window should not be root but child of root */
 if (err_code = xtsol_policy(TSOL_RES_TPWIN, TSOL_MODIFY, pWin,
 client, TSOL_ALL, (void *)MAJOROP))
 {
 return (err_code);
 }
 tsolinfo = GetClientTsolInfo(client);
 /* Turn on Trusted bit of the window */
 tsolinfo->forced_trust = 1;
 return (client->noClientException);
 }
 if (err_code = xtsol_policy(TSOL_RES_TPWIN, TSOL_MODIFY, pWin,
 client, TSOL_ALL, (void *)MAJOROP))
 {
 return (err_code);
 }
 tsolinfo = GetClientTsolInfo(client);
 tsolinfo->forced_trust = 0;
 tsolinfo->trusted_path = FALSE;
 return (client->noClientException);
 }
 /*
 * Break keyboard & ptr grabs of clients other than
 TsolSetClientInfo(ClientPtr client)
 {
 	bslabel_t *sl;
 	bslabel_t admin_low;
 	priv_set_t *privs;
-	const au_tid64_addr_t *tid64;
 	const au_mask_t *amask;
-	au_mask_t mask;		/* user audit mask */
 	socklen_t namelen;
-	struct passwd *pw;
 	struct auditinfo auinfo;
 	struct auditinfo *pauinfo;
 	OsCommPtr oc = (OsCommPtr)client->osPrivate;
-	register ConnectionInputPtr oci = oc->input;
 	int fd = oc->fd;
 	ucred_t *uc = NULL;
 	extern  au_id_t ucred_getauid(const ucred_t *uc);
 	extern  au_asid_t ucred_getasid(const ucred_t *uc);
 	extern  const au_mask_t *ucred_getamask(const ucred_t *uc);
-	TsolInfoPtr tsolinfo = (TsolInfoPtr)
+	TsolInfoPtr tsolinfo = TsolClientPriv(client);
-		(client->devPrivates[tsolClientPrivateIndex].ptr);
 	/* Get client attributes from the socket */
 	if (getpeerucred(fd, &uc) == -1) {
 		tsolinfo->uid = (uid_t)(-1);
 		tsolinfo->sl = NULL;
 				priv_emptyset(tsolinfo->privs);
 			} else {
 				priv_copyset(privs, tsolinfo->privs);
 			}
 		} else {
 			priv_fillset(tsolinfo->privs);
 		}
 	}
 	tsolinfo->priv_debug = FALSE;
 	/*
 	 * For remote hosts, the uid is determined during access control
 	 * using Secure RPC
 	 */
 	if (tsolinfo->zid == (zoneid_t)-1) {
 		tsolinfo->client_type = CLIENT_REMOTE;
 	} else {
 		tsolinfo->client_type = CLIENT_LOCAL;
 	}
 	/* Set Trusted Path for local clients */
 	if (tsolinfo->zid == GLOBAL_ZONEID) {
 		tsolinfo->trusted_path = TRUE;
 	}else {
 		tsolinfo->trusted_path = FALSE;
 	}
 	if (tsolinfo->trusted_path || !tsolMultiLevel)
-		client->trustLevel = XSecurityClientTrusted;
+		setClientTrustLevel(client, XSecurityClientTrusted);
 	else
-		client->trustLevel = XSecurityClientUntrusted;
+		setClientTrustLevel(client, XSecurityClientUntrusted);
 tsolinfo->forced_trust = 0;
 tsolinfo->iaddr = 0;
 	bsllow(&admin_low);
 	namelen = sizeof (tsolinfo->saddr);
 	if (getpeername(fd, (struct sockaddr *)&tsolinfo->saddr, &namelen) == 0
 	  && (tsolinfo->client_type == CLIENT_REMOTE)) {
 		int errcode;
 		char hostbuf[NI_MAXHOST];
 		tsol_host_type_t host_type;
-		struct sockaddr sname;
 		extern tsol_host_type_t tsol_getrhtype(char *);
 		/* Use NI_NUMERICHOST to avoid DNS lookup */
 		errcode = getnameinfo((struct sockaddr *)&(tsolinfo->saddr), namelen,
 			hostbuf, sizeof(hostbuf), NULL, 0, NI_NUMERICHOST);
 		if (errcode) {
 			perror(gai_strerror(errcode));
 		} else {
 			host_type = tsol_getrhtype(hostbuf);
 			if ((host_type == SUN_CIPSO) &&
 				blequal(tsolinfo->sl, &admin_low)) {
 				tsolinfo->trusted_path = TRUE;
-				client->trustLevel = XSecurityClientTrusted;
+				setClientTrustLevel(client,
+						    XSecurityClientTrusted);
 				priv_fillset(tsolinfo->privs);
 			}
 		}
 	}
 	ucred_free(uc);
 }
 static enum auth_stat tsol_why;
 static char *
-tsol_authdes_decode(inmsg, len)
+tsol_authdes_decode(char *inmsg, int len)
-char *inmsg;
-int  len;
 {
 struct rpc_msg  msg;
 char            cred_area[MAX_AUTH_BYTES];
 char            verf_area[MAX_AUTH_BYTES];
 char            *temp_inmsg;
 struct svc_req  r;
-bool_t          res0, res1, auth_ret;
+bool_t          res0, res1;
 XDR             xdr;
 SVCXPRT         xprt;
 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
 temp_inmsg = (char *) xalloc(len);
 memset(cred_area, 0, sizeof(cred_area));
 memset(verf_area, 0, sizeof(verf_area));
 msg.rm_call.cb_cred.oa_base = cred_area;
 msg.rm_call.cb_verf.oa_base = verf_area;
 tsol_why = AUTH_FAILED;
 xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE);
 if ((r.rq_clntcred = (caddr_t) xalloc(MAX_AUTH_BYTES)) == NULL)
 goto bad1;
 r.rq_xprt = &xprt;
 /* decode into msg */
 res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred));
 res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf));
 if ( ! (res0 && res1) )
 goto bad2;
 /* do the authentication */
 #else
 if ((tsol_why = _authenticate(&r, &msg)) != AUTH_OK) {
 #endif
 goto bad2;
 }
 return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name);
 bad2:
 Xfree(r.rq_clntcred);
 bad1:
 return ((char *)0); /* ((struct authdes_cred *) NULL); */
 }
 static Bool
 TsolCheckNetName (unsigned char *addr, short len, pointer closure)
 {
 return (len == (short) strlen ((char *) closure) &&
 strncmp ((char *) addr, (char *) closure, len) == 0);
 }
 XID
 TsolCheckAuthorization(unsigned int name_length, char *name, unsigned int data_length,
 	char *data, ClientPtr client, char **reason)
 {
 	char	domainname[128];
 	char	netname[128];
 	char	audit_ret;
 		if (strncmp(name, SECURE_RPC_AUTH, (size_t)name_length) == 0) {
 			fullname = tsol_authdes_decode(data, data_length);
 			if (fullname == NULL) {
 				ErrorF("Unable to authenticate Secure RPC client");
 			} else {
 				if (netname2user(fullname,
 					&client_uid, &client_gid,
 					&client_gidlen, &client_gidlist)) {
 					tsolinfo->uid = client_uid;
 				} else {
 					ErrorF("netname2user failed");
 				}
 			}
 		}
 	}
 	if (tsolinfo->uid == (uid_t)-1) {
 		tsolinfo->uid = UID_NOBODY; /* uid not available */
 	}
 	/*
 	 * For multilevel desktop, limit connections to the trusted path
 	 * i.e. global zone until a user logs in and the trusted stripe
 	 * is in place. Unlabeled connections are rejected.
 	 */
 	if ((OwnerUID == (uid_t )(-1)) || (tsolMultiLevel && tpwin == NULL)) {
 		if (HasTrustedPath(tsolinfo)) {
 			auth_token = CheckAuthorization(name_length, name, data_length,
 				data, client, reason);
 		}
 	} else {
 		/*
 		 * Workstation Owner set, client must be within label
 		 * range or have trusted path
 		 */
 		if (tsolinfo->uid == OwnerUID) {
-			if (tsolinfo->sl != NULL &&
+			if ((tsolinfo->sl != NULL &&
-					(bldominates(tsolinfo->sl, &SessionLO) &&
+			     (bldominates(tsolinfo->sl, &SessionLO) &&
-					bldominates(&SessionHI, tsolinfo->sl)) ||
+			      bldominates(&SessionHI, tsolinfo->sl))) ||
-					(HasTrustedPath(tsolinfo))) {
+			    (HasTrustedPath(tsolinfo))) {
-				auth_token = (XID)(tsolinfo->uid);
+			    auth_token = (XID)(tsolinfo->uid);
 			}
 		} else {
 			/* Allow root from global zone */
 			if (tsolinfo->uid == 0 && HasTrustedPath(tsolinfo)) {
 				auth_token = (XID)(tsolinfo->uid);
 			} else {
 				/*
 				 * Access check based on uid. Check if
 				 * roles or other uids have  been added by
 				 * xhost +role@
 				 */
 				getdomainname(domainname, sizeof(domainname));
 	}
 	return (auth_token);
 }
-static void
+static CALLBACK(
-TsolProcessKeyboard(xEvent *xE, KeyClassPtr keyc)
+TsolProcessKeyboard)
 {
+XaceKeyAvailRec *rec = (XaceKeyAvailRec *) calldata;
+xEvent *xE = rec->event;
+DeviceIntPtr keybd = rec->keybd;
+/*  int count = rec->count; */
+KeyClassPtr keyc = keybd->key;
 extern void InitHotKey(HotKeyPtr hk);
-extern void HandleHotKey();
+extern void HandleHotKey(void);
 if (xE->u.u.type == KeyPress)
 {
 	if (!hotkey.initialized)
 	    InitHotKey(&hotkey);
 		(keyc->state != 0 && keyc->state == hotkey.altshift)))
 		HandleHotKey();
 }
 }
-static char
+static CALLBACK(
-TsolCheckPropertyAccess(ClientPtr client, WindowPtr pWin, ATOM propertyName,
+TsolCheckPropertyAccess)
-	Mask access_mode)
+{
-{
+XacePropertyAccessRec *rec = (XacePropertyAccessRec *) calldata;
-	char	action;
+ClientPtr client = rec->client;
-	PropertyPtr pProp;
+WindowPtr pWin = rec->pWin;
+PropertyPtr pProp = *rec->ppProp;
-pProp = wUserProps (pWin);
+Atom propertyName = pProp->propertyName;
-while (pProp)
+Mask access_mode = rec->access_mode;
-{
-if (pProp->propertyName == propertyName)
+if (pProp == NULL) {
-		break;
+	return;
-	    pProp = pProp->next;
+}
-}
+if (access_mode & DixReadAccess) {
-	if (pProp == NULL)
+	if (!PolyProperty(propertyName, pWin) &&
-		return SecurityAllowOperation;
+	    xtsol_policy(TSOL_RES_PROPERTY, TSOL_READ,
+			 pProp, client, TSOL_ALL, (void *)MAJOROP))
-	if (access_mode & SecurityReadAccess) {
+	    rec->status = BadAccess;
-		if (!PolyProperty(propertyName, pWin) &&
+/* this used to be:
-		    xtsol_policy(TSOL_RES_PROPERTY, TSOL_READ,
+return SecurityIgnoreOperation;
-			pProp, client, TSOL_ALL, (void *)MAJOROP))
+else
-		   return SecurityIgnoreOperation;
+return SecurityAllowOperation;
-		else
+*/
-		   return SecurityAllowOperation;
+}
-	}
+if (access_mode & DixWriteAccess) {
-	if (access_mode & SecurityWriteAccess) {
+	if (!PolyProperty(propertyName, pWin) &&
-		if (!PolyProperty(propertyName, pWin) &&
+	    xtsol_policy(TSOL_RES_PROPERTY, TSOL_MODIFY,
-		    xtsol_policy(TSOL_RES_PROPERTY, TSOL_MODIFY,
+			 pProp, client, TSOL_ALL, (void *)MAJOROP))
-			pProp, client, TSOL_ALL, (void *)MAJOROP))
+	    rec->status = BadAccess;
-		   return SecurityIgnoreOperation;
+/* this used to be:
-		else
+return SecurityIgnoreOperation;
-		   return SecurityAllowOperation;
+else
-	}
+return SecurityAllowOperation;
+*/
-	if (access_mode & SecurityDestroyAccess) {
+}
-		if (!PolyProperty(propertyName, pWin) &&
-		    xtsol_policy(TSOL_RES_PROPERTY, TSOL_DESTROY,
+if (access_mode & DixDestroyAccess) {
-			pProp, client, TSOL_ALL, (void *)MAJOROP))
+	if (!PolyProperty(propertyName, pWin) &&
-		   return SecurityIgnoreOperation;
+	    xtsol_policy(TSOL_RES_PROPERTY, TSOL_DESTROY,
-		else
+			 pProp, client, TSOL_ALL, (void *)MAJOROP))
-		   return SecurityAllowOperation;
+	    rec->status = BadAccess;
-	}
+/* this used to be:
+return SecurityIgnoreOperation;
-	return SecurityAllowOperation;
+else
-}
+return SecurityAllowOperation;
+*/
+}
+}
+static CALLBACK(
+TsolCheckExtensionAccess)
+{
+XaceExtAccessRec *rec = (XaceExtAccessRec *) calldata;
+if (TsolDisabledExtension(rec->ext->name)) {
+	rec->status = BadAccess;
+}
+}
+#ifdef UNUSED
 /*
 * Return TRUE if host is cipso
 */
 int
 host_is_cipso(int fd)
 {
 	struct sockaddr sname;
 	socklen_t namelen;
 	char *rhost;
 	tsol_host_type_t host_type;
 	struct sockaddr_in *so = (struct sockaddr_in *)&sname;
 	extern tsol_host_type_t tsol_getrhtype(char *);
 	namelen = sizeof (sname);
 	if (getpeername(fd, &sname, &namelen) == -1) {
 		return TRUE;
 	}
 	return FALSE;
 }
+#endif

changeset 606	068c11b419c9
parent 470	77e77d76a7c9
child 614	5ef3ebaba4c3