--- a/open-src/xserver/xorg/sun-src/tsol/tsolextension.c Thu Jul 10 16:51:23 2008 -0700
+++ b/open-src/xserver/xorg/sun-src/tsol/tsolextension.c Thu Jul 10 17:06:00 2008 -0700
@@ -1,4 +1,4 @@
-/* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+/* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
@@ -26,7 +26,7 @@
* of the copyright holder.
*/
-#pragma ident "@(#)tsolextension.c 1.28 08/02/08 SMI"
+#pragma ident "@(#)tsolextension.c 1.29 08/07/10 SMI"
#include <stdio.h>
#include "auditwrite.h"
@@ -2020,8 +2020,15 @@
auth_token = (XID)(tsolinfo->uid);
}
} else {
- if (tsolinfo->uid != 0) {
- /* Access check based on uid */
+ /* Allow root from global zone */
+ if (tsolinfo->uid == 0 && HasTrustedPath(tsolinfo)) {
+ auth_token = (XID)(tsolinfo->uid);
+ } else {
+ /*
+ * Access check based on uid. Check if
+ * roles or other uids have been added by
+ * xhost +role@
+ */
getdomainname(domainname, sizeof(domainname));
if (!user2netname(netname, tsolinfo->uid, domainname)) {
return ((XID)-1);
@@ -2033,10 +2040,6 @@
return (CheckAuthorization(name_length, name, data_length,
data, client, reason));
}
- } else
- /* Allow all connections from global zones for now */
- if (HasTrustedPath(tsolinfo)) {
- auth_token = (XID)(tsolinfo->uid);
}
}
}