--- a/open-src/lib/Makefile Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/lib/Makefile Wed Nov 18 14:43:45 2015 -0800
@@ -77,7 +77,6 @@
libXres: libX11 libXext
libXScrnSaver: libX11 libXext
libXt: libX11 libSM libICE
-libXtsol: libX11 libXext
libXtst: libX11 libXext
libXv: libX11 libXext
libXvMC: libX11 libXext libXv
@@ -139,7 +138,6 @@
libXrandr \
libXres \
libXScrnSaver \
- libXtsol \
libXtst \
libXv \
libXvMC \
@@ -165,7 +163,8 @@
libXaw5 \
libXlg3d \
libXprintUtil \
- libXprintAppUtil
+ libXprintAppUtil \
+ libXtsol
PWD:sh=pwd
TOP=$(PWD)/../..
--- a/open-src/lib/libXtsol/Makefile Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-###############################################################################
-#
-# libXtsol - client library for TSOL extension for Solaris Trusted Extensions
-#
-# Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-#
-#
-
-# Package name used in tarballs
-MODULE_NAME=libXtsol
-
-# Package classification (override default)
-MODULE_PKGCLASS=System/Trusted
-MODULE_PKGCLASS_SET=yes
-
-# Package metadata
-MODULE_LICENSE = Oracle
-MODULE_LICENSE_SET = yes
-
-# Dates to show in Oracle copyright notice in pkg license file
-# Earliest & latest of the copyrights in the Oracle files in this pkg
-ORACLE_COPYRIGHT_YEARS = 2004, 2014
-
-# No upstream sources, only local sources
-MODULE_VERSION=src
-SOURCE_TARBALL_NAME=NONE
-SOURCE_TARBALL_NAME_SET=yes
-SOURCE_TARGETS =
-SOURCE_TARGETS_SET=yes
-
-# Library name (used for specfiles/mapfiles)
-LIBNAME=Xtsol
-
-# Man pages to apply Sun footer to & attributes to list
-SUNTOUCHED_MANPAGES= # None
-MODULE_STABILITY=Committed
-LIB_MAN_SUFFIX=3xtsol
-
-# pkg(5) name we deliver the files in (override default)
-MODULE_PKGNAME=x11/trusted/libxtsol
-MODULE_PKGNAME_SET=yes
-
-# ARC cases that covered this module
-# LSARC/2004/109 - Trusted Solaris X Server Extension
-MODULE_ARC_CASES = LSARC/2004/109
-
-# No configure script to run, but need to make build dirs
-CONFIGURE_TARGETS = $(BUILD_DIR)
-CONFIGURE_TARGETS_SET=yes
-
-# Since we don't have a configure script, pass configure flags to make
-# and pass path to $(REL_SOURCE_DIR) for makefiles & source files
-REL_SOURCE_DIR = ../sun-src
-MODULE_MAKEFLAGS = VPATH=$(REL_SOURCE_DIR) -f $(REL_SOURCE_DIR)/Makefile
-MODULE_BUILD_ENV = $(CONFIG_ENV) PREFIX=$(MODULE_PREFIX)
-
-# Compatibility links from /usr/X11/lib to /usr/lib
-MODULE_X11_LIBCOMPAT_LINKS = libXtsol.so libXtsol.so.1
-
-include ../Makefile.inc
--- a/open-src/lib/libXtsol/sun-src/Makefile Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-# Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-#
-
-HEADERSPublic = Xtsol.h Xtsolproto.h
-HEADERSPublic_dir = $(PREFIX)/include/X11/extensions
-
-SRCS = Xtsol.c
-OBJS = $(SRCS:.c=.o)
-
-REQUIREDLIBS = -lX11 -ltsol -lc
-
-XLIB_CFLAGS:sh = pkg-config --cflags x11
-
-libXtsol.so.1: $(OBJS) mapfile-vers
- $(CC) -G -o $@ -h $@ $(CFLAGS) $(LDFLAGS) -M mapfile-vers \
- $(OBJS) $(REQUIREDLIBS)
-
-.c.o:
- $(CC) -Kpic $(XLIB_CFLAGS) $(CFLAGS) $(CPPFLAGS) -c $<
-
-install: libXtsol.so.1 $(HEADERSPublic)
- mkdir -p $(DESTDIR)$(HEADERSPublic_dir)
- $(INSTALL) -m 0444 $(HEADERSPublic) $(DESTDIR)$(HEADERSPublic_dir)
- mkdir -p $(DESTDIR)$(libdir)
- -rm -f $(DESTDIR)$(libdir)/libXtsol.so \
- $(DESTDIR)$(libdir)/libXtsol.so.1
- $(INSTALL) -m 0555 libXtsol.so.1 $(DESTDIR)$(libdir)/libXtsol.so.1
- ln -s libXtsol.so.1 $(DESTDIR)$(libdir)/libXtsol.so
--- a/open-src/lib/libXtsol/sun-src/Xtsol.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,790 +0,0 @@
-/* Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#define NEED_REPLIES
-#define NEED_EVENTS
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <tsol/label.h>
-#include <sys/tsol/label_macro.h>
-
-#include <X11/Xlibint.h>
-#include <X11/Xlib.h>
-#include <X11/Xutil.h>
-#include <X11/extensions/Xext.h>
-#include <X11/extensions/extutil.h>
-
-#include "Xtsolproto.h"
-#include "Xtsol.h"
-
-#define SL_SIZE (sizeof (blevel_t))
-
-
-/*
- * Initialiazation routine
- */
-static int TsolInitialized = False;
-static int X_TsolExtensionCode;
-
-#define TsolCheckExtension(dpy)\
- {\
- if (!TsolInitialized)\
- if (InitializeTsol(dpy) == 0)\
- {\
- return 0;\
- }\
- }
-
-static int
-InitializeTsol(Display *dpy)
-{
- int tmp;
- int event;
-
- if (XQueryExtension(dpy, TSOLNAME, &X_TsolExtensionCode, &event, &tmp))
- {
- TsolInitialized = True;
- return 1;
- }
- else
- {
- TsolInitialized = False;
- return 0; /* Failure */
- }
-}
-
-/*
- * returns true if win is trusted path
- */
-Bool
-XTSOLIsWindowTrusted(
- Display *dpy,
- Window win)
-{
- XTsolClientAttributes clientattr;
- Status result;
- extern Status XTSOLgetClientAttributes(Display *, XID, XTsolClientAttributes *);
-
- TsolCheckExtension(dpy);
-
- result = XTSOLgetClientAttributes(dpy, win, &clientattr);
-
- return (result ? clientattr.trustflag : False);
-}
-
-Status
-XTSOLsetPolyInstInfo(
- Display *dpy,
- m_label_t *sl,
- uid_t *uidp,
- int enabled)
-{
- register xSetPolyInstInfoReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetPolyInstInfo, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetPolyInstInfo;
- req->uid = (CARD32 )*uidp;
- req->enabled = (CARD32 )enabled;
- req->sllength = (CARD16 )SL_SIZE;
- req->length = (CARD16 ) (4 + ((int)(req->sllength) / 4));
- Data(dpy, (char *)sl, SL_SIZE);
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-Status
-XTSOLsetPropLabel(
- Display *dpy,
- Window win,
- Atom property,
- m_label_t *sl)
-{
- register xSetPropLabelReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetPropLabel, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetPropLabel;
- req->id = win;
- req->atom = property;
- req->labelType = (CARD16) RES_SL;
- req->sllength = SL_SIZE;
- req->illength = 0;
- req->length = 5 + (int)(req->sllength / 4);
- Data(dpy, (char *)sl, SL_SIZE);
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-Status
-XTSOLsetPropUID(
- Display *dpy,
- Window win,
- Atom property,
- uid_t *uidp)
-{
- register xSetPropUIDReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetPropUID, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetPropUID;
- req->length = 4;
- req->id = win;
- req->atom = property;
- req->uid = *uidp;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-Status
-XTSOLsetResLabel(
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- m_label_t *sl)
-{
- register xSetResLabelReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetResLabel, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetResLabel;
- req->id = object;
- req->resourceType = (CARD16) resourceFlag;
- req->labelType = (CARD16) RES_SL;
- req->sllength = SL_SIZE;
- req->illength = 0;
- req->length = 4 + (int)(req->sllength / 4);
- Data(dpy, (char *)sl, SL_SIZE);
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-Status
-XTSOLsetResUID(
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- uid_t *uidp)
-{
- register xSetResUIDReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetResUID, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetResUID;
- req->length = 4;
- req->id = object;
- req->resourceType = (CARD16) resourceFlag;
- req->uid = *uidp;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-Status
-XTSOLsetSSHeight(
- Display *dpy,
- int screen_num,
- int newHeight)
-{
- register xSetResUIDReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetResUID, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetResUID;
- req->length = 4;
- req->id = screen_num;
- req->resourceType = STRIPEHEIGHT;
- req->uid = newHeight;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-Status
-XTSOLsetSessionHI(
- Display *dpy,
- bclear_t *sl)
-{
- register xSetResLabelReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetResLabel, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetResLabel;
- req->id = 0;
- req->resourceType = SESSIONHI;
- req->labelType = RES_SL;
- req->sllength = SL_SIZE;
- req->illength = 0;
- req->length = 4 + (int)(req->sllength / 4);
- Data(dpy, (char *)sl, SL_SIZE);
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-
-}
-
-Status
-XTSOLsetSessionLO(
- Display *dpy,
- m_label_t *sl)
-{
- register xSetResLabelReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetResLabel, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetResLabel;
- req->id = 0;
- req->resourceType = SESSIONLO;
- req->labelType = RES_SL;
- req->sllength = SL_SIZE;
- req->illength = 0;
- req->length = 4 + (int)(req->sllength / 4);
- Data(dpy, (char *)sl, SL_SIZE);
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-
-}
-
-Status
-XTSOLsetWorkstationOwner(
- Display *dpy,
- uid_t *uidp)
-{
- register xSetResUIDReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(SetResUID, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_SetResUID;
- req->length = 4;
- req->id = 0;
- req->resourceType = RES_OUID;
- req->uid = *uidp;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-}
-
-/*
- * make the window a trusted path window
- */
-Status
-XTSOLMakeTPWindow(
- Display *dpy,
- Window win)
-{
- register xMakeTPWindowReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(MakeTPWindow, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_MakeTPWindow;
- req->id = win;
- req->length = 2;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-
-}
-
-/*
- * Turn on the trusted bit of window
- */
-Status
-XTSOLMakeTrustedWindow(
- Display *dpy,
- Window win)
-{
- register xMakeTrustedWindowReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(MakeTrustedWindow, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_MakeTrustedWindow;
- req->id = win;
- req->length = 2;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-
-}
-
-/*
- * Turn off the trusted bit of window
- */
-Status
-XTSOLMakeUntrustedWindow(
- Display *dpy,
- Window win)
-{
- register xMakeUntrustedWindowReq *req;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(MakeUntrustedWindow, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_MakeUntrustedWindow;
- req->id = win;
- req->length = 2;
-
- UnlockDisplay(dpy);
- SyncHandle();
- return 1;
-
-}
-
-/*
- * get resource attributes.
- */
-Status
-XTSOLgetClientAttributes(
- Display *dpy,
- XID xid, /* window id of client */
- XTsolClientAttributes *clientattr)
-{
- register xGetClientAttributesReq *req;
- xGetClientAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetClientAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetClientAttributes;
- req->length = 2;
- req->id = xid;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xTrue);
- if (status)
- {
- /* copy the data to user struct */
- if (rep.trustflag == (BYTE)1)
- clientattr->trustflag = 1;
- else
- clientattr->trustflag = 0;
- clientattr->uid = (uid_t) rep.uid;
- clientattr->gid = (gid_t) rep.gid;
- clientattr->pid = (pid_t) rep.pid;
- clientattr->auditid = (au_id_t) rep.auditid;
- clientattr->sessionid = (u_long) rep.sessionid;
- clientattr->iaddr = (u_long) rep.iaddr;
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-Status
-XTSOLgetClientLabel(
- Display *dpy,
- XID object,
- m_label_t *sl)
-{
- register xGetClientLabelReq *req;
- xGetClientLabelReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetClientLabel, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetClientLabel;
- req->length = 3;
- req->id = object;
- req->mask = RES_LABEL;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (status && (rep.length > 0))
- {
- if (rep.blabel_bytes == blabel_size())
- {
- _XRead (dpy, (char *) sl, rep.blabel_bytes);
- }
- else
- {
- _XEatDataWords(dpy, rep.length);
- status = BadLength;
- }
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-Status
-XTSOLgetPropAttributes(
- Display *dpy,
- Window window,
- Atom property,
- XTsolPropAttributes *propattrp)
-{
- register xGetPropAttributesReq *req;
- xGetPropAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetPropAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetPropAttributes;
- req->length = 4;
- req->id = window;
- req->atom = property;
- req->mask = RES_ALL;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (status)
- {
- /* copy the data to user struct */
- propattrp->uid = rep.uid;
- /* read the label info */
- if (rep.sllength == blabel_size())
- {
- _XRead (dpy, (char *) (propattrp->sl), rep.sllength);
- }
- else if (rep.length > 0)
- {
- _XEatDataWords(dpy, rep.length);
- status = BadLength;
- }
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-Status
-XTSOLgetPropLabel(
- Display *dpy,
- Window win,
- Atom property,
- m_label_t *sl)
-{
- register xGetPropAttributesReq *req;
- xGetPropAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetPropAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetPropAttributes;
- req->length = 4;
- req->id = win;
- req->atom = property;
- req->mask = RES_LABEL;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (status && (rep.length > 0))
- {
- /* copy the data to user struct */
- /* read the label info */
- if (rep.sllength == blabel_size())
- {
- _XRead (dpy, (char *) sl, rep.sllength);
- }
- else
- {
- _XEatDataWords(dpy, rep.length);
- status = BadLength;
- }
- }
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-
-}
-
-Status
-XTSOLgetPropUID(
- Display *dpy,
- Window win,
- Atom property,
- uid_t *uidp)
-{
- register xGetPropAttributesReq *req;
- xGetPropAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetPropAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetPropAttributes;
- req->length = 4;
- req->id = win;
- req->atom = property;
- req->mask = RES_UID;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xTrue);
- if (status)
- {
- /* copy the data to user struct */
- *uidp = rep.uid;
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-Status
-XTSOLgetResAttributes(
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- XTsolResAttributes *resattrp)
-{
- register xGetResAttributesReq *req;
- xGetResAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetResAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetResAttributes;
- req->length = 3;
- req->id = object;
- req->resourceType = (CARD16) resourceFlag;
- req->mask = RES_ALL;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (status)
- {
- /* copy the data to user struct */
- resattrp->uid = rep.uid;
- resattrp->ouid = rep.owneruid;
- /* read the label info */
- if (rep.sllength == blabel_size())
- {
- _XRead (dpy, (char *) (resattrp->sl), rep.sllength);
- }
- else if (rep.length > 0)
- {
- _XEatDataWords(dpy, rep.length);
- status = BadLength;
- }
- }
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-/*
- * get resource label.
- */
-Status
-XTSOLgetResLabel(
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- m_label_t *sl)
-{
- register xGetResAttributesReq *req;
- xGetResAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetResAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetResAttributes;
- req->length = 3;
- req->id = object;
- req->resourceType = (CARD16) resourceFlag;
- req->mask = RES_LABEL;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (status && (rep.length > 0))
- {
- if (rep.sllength == blabel_size())
- {
- _XRead (dpy, (char *) sl, rep.sllength);
- }
- else
- {
- _XEatDataWords(dpy, rep.length);
- status = BadLength;
- }
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-Status
-XTSOLgetResUID(
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- uid_t *uidp)
-{
- register xGetResAttributesReq *req;
- xGetResAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetResAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetResAttributes;
- req->length = 3;
- req->id = object;
- req->resourceType = (CARD16) resourceFlag;
- req->mask = RES_UID;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xTrue);
- if (status)
- {
- /* copy the data to user struct */
- *uidp = rep.uid;
- }
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
-
-Status
-XTSOLgetSSHeight(
- Display *dpy,
- int screen_num,
- int *newHeight)
-{
- register xGetResAttributesReq *req;
- xGetResAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetResAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetResAttributes;
- req->length = 3;
- req->id = screen_num;
- req->resourceType = STRIPEHEIGHT;
- req->mask = RES_STRIPE;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xTrue);
- if (status)
- {
- /* copy the data to user struct */
- *newHeight = rep.uid;
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-
-}
-
-Status
-XTSOLgetWorkstationOwner(
- Display *dpy,
- uid_t *uidp)
-{
- register xGetResAttributesReq *req;
- xGetResAttributesReply rep;
- Status status;
-
- TsolCheckExtension(dpy);
- LockDisplay(dpy);
- GetReq(GetResAttributes, req);
-
- req->reqType = (CARD8) X_TsolExtensionCode;
- req->minorCode = X_GetResAttributes;
- req->length = 3;
- req->mask = RES_OUID;
-
- status = _XReply (dpy, (xReply *)&rep, 0, xTrue);
- if (status)
- {
- /* copy the data to user struct */
- *uidp = rep.owneruid;
- }
-
- UnlockDisplay(dpy);
- SyncHandle();
- return status;
-}
--- a/open-src/lib/libXtsol/sun-src/Xtsol.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,289 +0,0 @@
-/* Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#ifndef _XTSOL_H_
-#define _XTSOL_H_
-
-#include <sys/types.h>
-#include <bsm/audit.h>
-#include <X11/Xmd.h>
-#include <tsol/label.h>
-
-#ifndef _XTSOL_SERVER
-#include <X11/Xlib.h>
-#endif /* _XTSOL_SERVER */
-
-#include <X11/Xfuncproto.h>
-
-_XFUNCPROTOBEGIN
-
-typedef enum { IsWindow, IsPixmap, IsColormap } ResourceType;
-
-/*
- * Name of the Trusted Solaris extension
- */
-#define TSOLNAME "SUN_TSOL"
-
-/*
- * Resource value masks
- * The following resource masks are obsolete:
- * RES_IL 2 # information label
- * RES_IIL 4 # input info label
- */
-
-#define RES_SL 1 /* sensitivity label */
-#define RES_UID 8 /* user id */
-#define RES_OUID 16 /* owner uid */
-#define RES_STRIPE 32 /* screen stripe */
-#define RES_LABEL (RES_SL)
-#define RES_ALL (RES_SL|RES_UID|RES_OUID)
-
-
-typedef struct _XTsolResAttributes {
- CARD32 ouid; /* owner uid */
- CARD32 uid;
- m_label_t *sl; /* sensitivity label */
-} XTsolResAttributes;
-
-typedef struct _XTsolPropAttributes {
- CARD32 uid;
- m_label_t *sl; /* sensitivity label */
-} XTsolPropAttributes;
-
-/*
- * Client Attributes
- */
-typedef struct _XTsolClientAttributes {
- int trustflag; /* true, if client masked as trusted */
- uid_t uid; /* owner uid */
- gid_t gid; /* group id */
- pid_t pid; /* process id */
- u_long sessionid; /* session id */
- au_id_t auditid; /* audit id */
- u_long iaddr; /* internet addr */
-} XTsolClientAttributes;
-
-/*
- * Trusted X Server Interfaces
- * Status value 0 means failure, else success
- * Status is defined in Xlib.h for user includes.
- */
-
-#ifndef Status
-#define Status int
-#endif
-
-#ifndef _XTSOL_SERVER
-
-extern Bool XTSOLIsWindowTrusted(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win
-#endif
-);
-
-extern Status XTSOLsetPolyInstInfo(
-#if NeedFunctionPrototypes
- Display *dpy,
- m_label_t *sl,
- uid_t *uidp,
- int enabled
-#endif
-);
-
-extern Status XTSOLsetPropLabel(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win,
- Atom property,
- m_label_t *sl
-#endif
-);
-
-extern Status XTSOLsetPropUID(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win,
- Atom property,
- uid_t *uidp
-#endif
-);
-
-extern Status XTSOLsetResLabel(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- m_label_t *sl
-#endif
-);
-
-extern Status XTSOLsetResUID(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- uid_t *uidp
-#endif
-);
-
-extern Status XTSOLsetSSHeight(
-#if NeedFunctionPrototypes
- Display *dpy,
- int screen_num,
- int newHeight
-#endif
-);
-
-extern Status XTSOLgetSSHeight(
-#if NeedFunctionPrototypes
- Display *dpy,
- int screen_num,
- int *newHeight
-#endif
-);
-
-extern Status XTSOLsetSessionHI(
-#if NeedFunctionPrototypes
- Display *dpy,
- bclear_t *sl
-#endif
-);
-
-extern Status XTSOLsetSessionLO(
-#if NeedFunctionPrototypes
- Display *dpy,
- m_label_t *sl
-#endif
-);
-
-extern Status XTSOLsetWorkstationOwner(
-#if NeedFunctionPrototypes
- Display *dpy,
- uid_t *uidp
-#endif
-);
-
-extern Status XTSOLgetClientAttributes(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID xid,
- XTsolClientAttributes *clientattr
-#endif
-);
-
-extern Status XTSOLgetClientLabel(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID xid,
- m_label_t *sl
-#endif
-);
-
-extern Status XTSOLgetPropAttributes(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window window,
- Atom property,
- XTsolPropAttributes *propattrp
-#endif
-);
-
-extern Status XTSOLgetPropLabel(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win,
- Atom property,
- m_label_t *sl
-#endif
-);
-
-extern Status XTSOLgetPropUID(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win,
- Atom property,
- uid_t *uidp
-#endif
-);
-
-extern Status XTSOLgetResAttributes(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- XTsolResAttributes *resattrp
-#endif
-);
-
-extern Status XTSOLgetResLabel(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- m_label_t *sl
-#endif
-);
-
-extern Status XTSOLgetResUID(
-#if NeedFunctionPrototypes
- Display *dpy,
- XID object,
- ResourceType resourceFlag,
- uid_t *uidp
-#endif
-);
-
-extern Status XTSOLgetWorkstationOwner(
-#if NeedFunctionPrototypes
- Display *dpy,
- uid_t *uidp
-#endif
-);
-
-extern Status XTSOLMakeTPWindow(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win
-#endif
-);
-
-extern Status XTSOLMakeTrustedWindow(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win
-#endif
-);
-
-extern Status XTSOLMakeUntrustedWindow(
-#if NeedFunctionPrototypes
- Display *dpy,
- Window win
-#endif
-);
-
-#endif /* _XTSOL_SERVER */
-
-_XFUNCPROTOEND
-
-#endif /* _XTSOL_H_ */
--- a/open-src/lib/libXtsol/sun-src/Xtsolproto.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,249 +0,0 @@
-/* Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-/*
- * X Server Trusted Extensions
- */
-
-#ifndef _XTSOLPROTO_H
-#define _XTSOLPROTO_H
-
-#define TSOL_NUM_EVENTS 0 /* New events defined by this extension */
-#define TSOL_NUM_ERRORS 0 /* New errors defined by this extension */
-
-/* extension request minor codes */
-#define X_SetClearance 2
-#define X_SetPolyInstInfo 3
-#define X_SetPropLabel 4
-#define X_SetPropUID 5
-#define X_SetResLabel 6
-#define X_SetResUID 7
-#define X_SetTrusted 8
-#define X_GetClientAttributes 9
-#define X_GetClientLabel 10
-#define X_GetPropAttributes 11
-#define X_GetResAttributes 12
-#define X_MakeTPWindow 13
-#define X_MakeTrustedWindow 14
-#define X_MakeUntrustedWindow 15
-#define X_TSOLIntern 16
-
-/* extension request sizes */
-#define sz_xSetClearanceReq 0
-#define sz_xSetPolyInstInfoReq 16
-#define sz_xSetPropLabelReq 20
-#define sz_xSetPropUIDReq 16
-#define sz_xSetResLabelReq 16
-#define sz_xSetResUIDReq 16
-#define sz_xSetTrustedReq 0
-#define sz_xGetClientAttributesReq 8
-#define sz_xGetClientLabelReq 12
-#define sz_xGetPropAttributesReq 16
-#define sz_xGetResAttributesReq 12
-#define sz_xMakeTPWindowReq 8
-#define sz_xMakeTrustedWindowReq 8
-#define sz_xMakeUntrustedWindowReq 8
-#define sz_xTSOLInternReq 0
-
-
-/* extension reply sizes */
-#define sz_xGetClientAttributesReply 32
-#define sz_xGetClientLabelReply 32
-#define sz_xGetPropAttributesReply 32
-#define sz_xGetResAttributesReply 32
-#define sz_xTSOLInternReply 0
-
-
-/* extension request encoding format */
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 3 */
- CARD16 length B16; /* = 18; packet size=72 */
- CARD32 uid B32; /* user id */
- CARD32 enabled B32; /* enable matching */
- CARD16 sllength B16; /* length of SL */
- CARD16 pad1 B16; /* padding */
-} xSetPolyInstInfoReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 4 */
- CARD16 length B16; /* = 18; packet size=72 */
- CARD32 id B32; /* resource ID */
- CARD32 atom B32; /* atom ID */
- CARD16 labelType B16;
- CARD16 pad1 B16;
- CARD16 sllength B16; /* length of SL */
- CARD16 illength B16; /* length of IL */
-} xSetPropLabelReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 5 */
- CARD16 length B16; /* = 4; packet size= 16 */
- CARD32 id B32; /* resource ID */
- CARD32 atom B32; /* atom ID */
- CARD32 uid B16; /* UID */
-} xSetPropUIDReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 6 */
- CARD16 length B16; /* = 17; packet size=68 */
- CARD32 id B32; /* resource ID */
- CARD16 resourceType B16; /* 0:window, 1:pixmap */
- CARD16 labelType B16; /* */
- CARD16 sllength B16; /* length of SL */
- CARD16 illength B16; /* length of IL or IIL */
-} xSetResLabelReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 7 */
- CARD16 length B16; /* = 4; packet size= 16 */
- CARD32 id B32; /* resource ID */
- CARD16 resourceType B16; /* 0:window, 1:pixmap */
- CARD16 pad1 B16; /* not used */
- CARD32 uid B16;
-} xSetResUIDReq;
-
-typedef struct {
- CARD8 reqType; /* Extension major code */
- BYTE minorCode; /* = 9 */
- CARD16 length B16; /* = 4; packet size=16 */
- CARD32 id B32; /* Client ID */
-} xGetClientAttributesReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 10 */
- CARD16 length B16; /* = 4; packet size= 16 */
- CARD32 id B32; /* client ID */
- CARD16 mask B16;
- CARD16 pad;
-} xGetClientLabelReq;
-
-typedef struct {
- CARD8 reqType; /* Extension major code */
- BYTE minorCode; /* = 11 */
- CARD16 length B16; /* = 4; packet size=16 */
- CARD32 id B32; /* resource ID */
- CARD32 atom B32; /* resource ID */
- CARD16 mask B16;
- CARD16 pad B16; /* not used */
-} xGetPropAttributesReq;
-
-typedef struct {
- CARD8 reqType; /* Extension major code */
- BYTE minorCode; /* = 12 */
- CARD16 length B16; /* = 3; packet size=12 */
- CARD32 id B32; /* resource ID */
- CARD16 resourceType B16; /* 0:window; 1:pixmap */
- CARD16 mask B16;
-} xGetResAttributesReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 13 */
- CARD16 length B16; /* = 4; packet size= 16 */
- CARD32 id B32; /* resource ID */
-} xMakeTPWindowReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 14 */
- CARD16 length B16; /* = 4; packet size= 16 */
- CARD32 id B32; /* resource ID */
-} xMakeTrustedWindowReq;
-
-typedef struct {
- CARD8 reqType; /* extension major code */
- BYTE minorCode; /* = 15 */
- CARD16 length B16; /* = 4; packet size= 16 */
- CARD32 id B32; /* resource ID */
-} xMakeUntrustedWindowReq;
-
-/* extension reply encoding format */
-typedef struct {
- BYTE type; /* = X_Reply */
- BYTE trustflag; /* set if client masked as trusted */
- CARD16 sequenceNumber B16;
- CARD32 length B32; /* = 4; */
- CARD32 uid B32;
- CARD32 pid B32;
- CARD32 gid B32;
- CARD32 auditid B32;
- CARD32 sessionid B32;
- CARD32 iaddr; /* internet address */
-} xGetClientAttributesReply;
-
-typedef struct {
- BYTE type; /* = X_Reply */
- BYTE pad1; /* not used */
- CARD16 sequenceNumber B16;
- CARD32 length B32; /* = blabel_bytes / 4; */
- CARD32 blabel_bytes B32; /* = blabel_size() */
- CARD32 pad2 B32;
- CARD32 pad3 B32;
- CARD32 pad4 B32;
- CARD32 pad5 B32;
- CARD32 pad6 B32;
-} xGetClientLabelReply;
-
-typedef struct {
- BYTE type; /* = X_Reply */
- BYTE pad1; /* not used */
- CARD16 sequenceNumber B16;
- CARD32 length B32; /* = 4; */
- CARD32 uid B32;
- CARD16 sllength B16;
- CARD16 illength B16;
- CARD32 pad2 B32;
- CARD32 pad3 B32;
- CARD32 pad4 B32;
- CARD32 pad5 B32;
-} xGetPropAttributesReply;
-
-typedef struct {
- BYTE type; /* = X_Reply */
- BYTE pad1; /* not used */
- CARD16 sequenceNumber B16;
- CARD32 length B32; /* = 4; */
- CARD32 uid B32;
- CARD32 owneruid B32;
- CARD16 sllength B16;
- CARD16 illength B16;
- CARD16 iillength B16;
- CARD16 pad2 B16;
- CARD32 pad3 B32;
- CARD32 pad4 B32;
-} xGetResAttributesReply;
-
-
-#define DOOWNERUID 1000
-#define SESSIONHI 1010
-#define SESSIONLO 1020
-#define STRIPEHEIGHT 1030
-#define INPUTIL 1040
-
-#endif /* _XTSOLPROTO_H */
--- a/open-src/lib/libXtsol/sun-src/mapfile-vers Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,49 +0,0 @@
-# Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-
-SUNW_1.1 {
- global:
- XTSOLgetResAttributes;
- XTSOLsetResLabel;
- XTSOLsetResUID;
- XTSOLgetPropUID;
- XTSOLsetSSHeight;
- XTSOLgetResLabel;
- XTSOLgetResUID;
- XTSOLgetSSHeight;
- XTSOLMakeTPWindow;
- XTSOLsetSessionHI;
- XTSOLMakeTrustedWindow;
- XTSOLsetSessionLO;
- XTSOLsetWorkstationOwner;
- XTSOLIsWindowTrusted;
- XTSOLgetClientLabel;
- XTSOLsetPolyInstInfo;
- XTSOLgetPropAttributes;
- XTSOLgetClientAttributes;
- XTSOLsetPropLabel;
- XTSOLgetPropLabel;
- XTSOLsetPropUID;
- XTSOLgetWorkstationOwner;
- XTSOLMakeUntrustedWindow;
- local:
- *;
-};
--- a/open-src/lib/libxtrans/Makefile Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/lib/libxtrans/Makefile Wed Nov 18 14:43:45 2015 -0800
@@ -48,9 +48,8 @@
TARBALL_SHA256= adbd3b36932ce4c062cd10f57d78a156ba98d618bdb6f50664da327502bc8301
# Patches to apply to source after unpacking, in order
-SOURCE_PATCHES = inetv6.patch,-p1 \
- 7162172.patch
-SOURCE_PATCHES += tsol-unix-domain.patch,-p1
+SOURCE_PATCHES = inetv6.patch,-p1
+SOURCE_PATCHES += 7162172.patch
# Library name (used for specfiles/mapfiles)
LIBNAME=xtrans
--- a/open-src/lib/libxtrans/tsol-unix-domain.patch Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- */
-
-Unix domain rendezvous created under /var/tsol/doors/ for Trusted
-Extensions. This directory is loopback mounted into all labeled
-zones from the global zone. A link is created from /tmp/.X11-unix
-to the above loopback mounted dir.
-(See LSARC/2008/506)
-
-diff --git a/Xtranssock.c b/Xtranssock.c
-index 8c11b9d..8428314 100644
---- a/Xtranssock.c
-+++ b/Xtranssock.c
-@@ -95,6 +95,9 @@ from the copyright holders.
- #include <sys/stat.h>
- #endif
-
-+#if defined(X11_t)
-+#include <tsol/label.h>
-+#endif /* X11_t */
-
- #ifndef NO_TCP_H
- #if defined(linux) || defined(__GLIBC__)
-@@ -213,6 +216,7 @@ static int TRANS(SocketINETClose) (XtransConnInfo ciptr);
- #if defined(X11_t)
- #define UNIX_PATH "/tmp/.X11-unix/X"
- #define UNIX_DIR "/tmp/.X11-unix"
-+#define TSOL_UNIX_DIR "/var/tsol/doors/.X11-unix"
- #endif /* X11_t */
- #if defined(XIM_t)
- #define UNIX_PATH "/tmp/.XIM-unix/XIM"
-@@ -1086,6 +1090,29 @@ TRANS(SocketUNIXCreateListener) (XtransConnInfo ciptr, char *port,
- #else
- mode = 0777;
- #endif
-+
-+#ifdef X11_t
-+ if (is_system_labeled()) {
-+ struct stat sbuf;
-+
-+ if (!abstract && trans_mkdir(TSOL_UNIX_DIR, mode) == -1) {
-+ prmsg (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
-+ TSOL_UNIX_DIR, errno);
-+ (void) umask (oldUmask);
-+ return TRANS_CREATE_LISTENER_FAILED;
-+ }
-+
-+ /* Create a symlink for UNIX_DIR to TSOL_UNIX_DIR */
-+ if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
-+ prmsg (1,
-+ "SocketUNIXCreateListener: symlink to %s failed, errno = %d\n",
-+ TSOL_UNIX_DIR, errno);
-+ (void) umask (oldUmask);
-+ return TRANS_CREATE_LISTENER_FAILED;
-+ }
-+
-+ } else
-+#endif /* X11_t */
- if (!abstract && trans_mkdir(UNIX_DIR, mode) == -1) {
- prmsg (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
- UNIX_DIR, errno);
-@@ -1967,6 +1994,24 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr, char *host, char *port)
- return TRANS_CONNECT_FAILED;
- }
-
-+#if defined(X11_t)
-+ /*
-+ * Create a symlink for UNIX_DIR to TSOL_UNIX_DIR
-+ * This link is created in the labeled (non-global) zones.
-+ * The rendezvous created by the X server resides in the global zone
-+ * and is mounted read-only to other zones.
-+ */
-+ if (is_system_labeled()) {
-+ struct stat sbuf;
-+
-+ if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
-+ prmsg (1, "SocketUNIXConnect:: symlink to %s failed, errno = %d\n",
-+ TSOL_UNIX_DIR, errno);
-+ return TRANS_CONNECT_FAILED;
-+ }
-+ }
-+#endif /* X11_t */
-+
- /*
- * Build the socket name.
- */
--- a/open-src/xserver/xorg/17385060.patch Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
---- a/mi/miinitext.c Fri Aug 30 09:09:00 2013
-+++ b/mi/miinitext.c Fri Aug 30 10:10:51 2013
-@@ -317,6 +317,12 @@
- #ifdef RES
- {ResExtensionInit, XRES_NAME, &noResExtension},
- #endif
-+#if defined(SolarisIAExtension) && !defined(XORGSERVER)
-+ {IAExtensionInit, IANAME, &noIAExtension},
-+#endif
-+#if defined(TSOL) && !defined(XORGSERVER)
-+ {TsolExtensionInit, TSOLNAME, &noXTSolExtension},
-+#endif
- #ifdef XV
- {XvExtensionInit, XvName, &noXvExtension},
- {XvMCExtensionInit, XvMCName, &noXvExtension},
--- a/open-src/xserver/xorg/21206921.patch Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/21206921.patch Wed Nov 18 14:43:45 2015 -0800
@@ -5,7 +5,7 @@
*
*/
-/* Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
-+/* Copyright (c) 2008, 2015 Oracle and/or its affiliates. All rights reserved.
++/* Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -18,9 +18,9 @@
return TRUE;
+ user_id = geteuid();
+ if (user_id != 0) { /* reset privs back to root */
-+ if (seteuid(0) < 0) {
-+ xf86Msg(X_WARNING, "Error in resetting euid to root \n");
-+ }
++ if (seteuid(0) < 0) {
++ xf86Msg(X_WARNING, "Error in resetting euid to root \n");
++ }
+ }
if (sysi86(SI86V86, V86SC_IOPL, PS_IOPL) < 0) {
@@ -32,7 +32,7 @@
+ ExtendedEnabled = TRUE;
+ if (user_id != 0) { /* reset privs back to user */
+ if (seteuid(user_id) < 0) {
-+ xf86Msg(X_WARNING, "Error in resetting euid to %d\n", user_id);
++ xf86Msg(X_WARNING, "Error in resetting euid to %d\n", user_id);
+ }
+ }
#endif /* i386 */
@@ -45,7 +45,7 @@
- sysi86(SI86V86, V86SC_IOPL, 0);
-
- ExtendedEnabled = FALSE;
-+ if (sysi86(SI86V86, V86SC_IOPL, 0) < 0 )
++ if (sysi86(SI86V86, V86SC_IOPL, 0) < 0)
+ xf86Msg(X_WARNING, "xf86DisableIOPorts: Failed to set IOPL for I/O\n");
+ else
+ ExtendedEnabled = FALSE;
--- a/open-src/xserver/xorg/COPYING Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/COPYING Wed Nov 18 14:43:45 2015 -0800
@@ -766,31 +766,6 @@
--------------------------------------------------------------------
-tsol/tsolpolicy.h:
-
-Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the "Software"),
-to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next
-paragraph) shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
---------------------------------------------------------------------
-
hw/xfree86/os-support/bsd/bsd_bell.c:
Copyright 1992 by Rich Murphey <[email protected]>
@@ -2532,31 +2507,6 @@
--------------------------------------------------------------------
-tsol/tsol.h, tsol/tsolinfo.h, tsol/tsolpolicy.c, tsol/tsolprotocol.c, tsol/tsolutils.c:
-
-Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the "Software"),
-to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next
-paragraph) shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
---------------------------------------------------------------------
-
hw/xfree86/os-support/solaris/sun_apm.c:
Based on hw/xfree86/os-support/bsd/bsd_apm.c which bore no explicit
@@ -4660,31 +4610,6 @@
--------------------------------------------------------------------
-tsol/tsolextension.h:
-
-Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the "Software"),
-to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next
-paragraph) shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
---------------------------------------------------------------------
-
hw/xfree86/os-support/bsd/alpha_video.c, hw/xfree86/os-support/bsd/bsd_init.c, hw/xfree86/os-support/bsd/i386_video.c, hw/xfree86/os-support/bsd/ppc_video.c, hw/xfree86/os-support/bsd/sparc64_video.c:
Copyright 1992 by Rich Murphey <[email protected]>
@@ -4916,31 +4841,6 @@
--------------------------------------------------------------------
-hw/xfree86/dixmods/tsolmodule.c:
-
-Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the "Software"),
-to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next
-paragraph) shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
---------------------------------------------------------------------
-
miext/rootless/rootlessCommon.h:
Copyright (c) 2001 Greg Parker. All Rights Reserved.
@@ -8685,31 +8585,6 @@
--------------------------------------------------------------------
-tsol/auditwrite.c, tsol/auditwrite.h:
-
-Copyright (c) 2004, 2008, Oracle and/or its affiliates. All rights reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the "Software"),
-to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next
-paragraph) shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
---------------------------------------------------------------------
-
glx/extension_string.c, glx/extension_string.h:
(C) Copyright IBM Corporation 2002-2006
@@ -9346,7 +9221,7 @@
--------------------------------------------------------------------
-os/solaris/mdb/modules/Xserver_clients.c, tsol/tsolextension.c:
+os/solaris/mdb/modules/Xserver_clients.c:
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
--- a/open-src/xserver/xorg/COPYING.tsol Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
--- a/open-src/xserver/xorg/IA.patch Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/IA.patch Wed Nov 18 14:43:45 2015 -0800
@@ -1,6 +1,8 @@
---- a/Makefile.am Thu Nov 6 14:32:19 2014
-+++ b/Makefile.am Thu Nov 6 14:33:16 2014
-@@ -58,6 +58,7 @@
+diff --git a/Makefile.am b/Makefile.am
+index f0fa2d8..2127601 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -58,6 +58,7 @@ SUBDIRS = \
$(GLX_DIR) \
$(PRESENT_DIR) \
$(DRI3_DIR) \
@@ -8,9 +10,11 @@
exa \
$(GLAMOR_DIR) \
config \
---- a/configure.ac Thu Nov 6 14:33:28 2014
-+++ b/configure.ac Thu Nov 6 14:39:52 2014
-@@ -1421,6 +1421,10 @@
+diff --git a/configure.ac b/configure.ac
+index c7379de..e09f020 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1421,6 +1421,10 @@ AC_DEFINE(XINPUT, 1, [Support X Input extension])
XI_LIB='$(top_builddir)/Xi/libXi.la'
XI_INC='-I$(top_srcdir)/Xi'
@@ -21,30 +25,37 @@
AM_CONDITIONAL(XF86UTILS, test "x$XF86UTILS" = xyes)
AM_CONDITIONAL(VGAHW, test "x$VGAHW" = xyes)
AM_CONDITIONAL(VBE, test "x$VBE" = xyes)
-@@ -2622,3 +2626,6 @@
+@@ -2636,3 +2640,6 @@ xserver.ent
xorg-server.pc
])
AC_OUTPUT
+
+# Add Sun IA extension
+AC_OUTPUT([IA/Makefile])
---- a/hw/xfree86/dixmods/Makefile.am Thu Nov 6 14:40:47 2014
-+++ b/hw/xfree86/dixmods/Makefile.am Thu Nov 6 14:41:06 2014
-@@ -48,3 +48,11 @@
- libdixmods_la_CFLAGS = $(AM_CFLAGS)
+diff --git a/include/extinit.h b/include/extinit.h
+index fa5f293..62a0ab2 100644
+--- a/include/extinit.h
++++ b/include/extinit.h
+@@ -121,6 +121,14 @@ extern _X_EXPORT Bool noMITShmExtension;
+ extern void ShmExtensionInit(void);
+ #endif
- libxorgxkb_la_SOURCES = xkbVT.c xkbPrivate.c xkbKillSrv.c
++#define SolarisIAExtension
+
-+# Sun IA extension module additions
-+extsmodule_LTLIBRARIES += libia.la
-+libia_la_CPPFLAGS = $(AM_CPPFLAGS) -I$(top_srcdir)/IA
-+libia_la_LDFLAGS = -avoid-version
-+libia_la_LIBADD = $(top_builddir)/IA/libIA.la
-+libia_la_SOURCES = iamodule.c
++#ifdef SolarisIAExtension
++#include <X11/extensions/interactive.h>
++extern _X_EXPORT Bool noIAExtension;
++extern void IAExtensionInit(void);
++#endif
+
---- a/mi/miinitext.c Thu Nov 6 14:41:23 2014
-+++ b/mi/miinitext.c Thu Nov 6 14:41:39 2014
-@@ -150,6 +150,9 @@
+ extern void SyncExtensionInit(void);
+
+ extern void XCMiscExtensionInit(void);
+diff --git a/mi/miinitext.c b/mi/miinitext.c
+index 5872bf5..a9a3826 100644
+--- a/mi/miinitext.c
++++ b/mi/miinitext.c
+@@ -150,6 +150,9 @@ static ExtensionToggle ExtensionToggleList[] = {
#ifdef XCSECURITY
{"SECURITY", &noSecurityExtension},
#endif
@@ -54,13 +65,27 @@
#ifdef RES
{"X-Resource", &noResExtension},
#endif
---- a/hw/xfree86/common/xf86Config.c Mon Jun 22 07:30:22 2015
-+++ b/hw/xfree86/common/xf86Config.c Mon Jun 22 07:35:50 2015
-@@ -118,6 +118,7 @@
- {.name = "fb",.toLoad = TRUE,.load_opt = NULL},
- {.name = "shadow",.toLoad = TRUE,.load_opt = NULL},
+@@ -296,6 +299,9 @@ static const ExtensionModule staticExtensions[] = {
+ #ifdef RES
+ {ResExtensionInit, XRES_NAME, &noResExtension},
#endif
-+ {.name = "ia",.toLoad = TRUE,.load_opt = NULL},
- {.name = NULL,.toLoad = FALSE,.load_opt = NULL}
- };
++#ifdef SolarisIAExtension
++ {IAExtensionInit, IANAME, &noIAExtension},
++#endif
+ #ifdef XV
+ {XvExtensionInit, XvName, &noXvExtension},
+ {XvMCExtensionInit, XvMCName, &noXvExtension},
+diff --git a/os/utils.c b/os/utils.c
+index 1a070de..efaeef7 100644
+--- a/os/utils.c
++++ b/os/utils.c
+@@ -184,6 +184,9 @@ Bool noXvExtension = FALSE;
+ #ifdef DRI2
+ Bool noDRI2Extension = FALSE;
+ #endif
++#ifdef SolarisIAExtension
++Bool noIAExtension = FALSE;
++#endif
+ Bool noGEExtension = FALSE;
+
--- a/open-src/xserver/xorg/Makefile Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/Makefile Wed Nov 18 14:43:45 2015 -0800
@@ -297,19 +297,17 @@
install_fix_paths: install_fix_paths_glxmodule
-# Install metadata for Xephyr, Xvfb, Xdmx, & xtsol packages too
+# Install metadata for Xephyr, Xvfb, & Xdmx packages too
XCOMMON_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-xorg=%-xserver-common)
XEPHYR_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-xorg=%-xephyr)
XVFB_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-xorg=%-xvfb)
XDMX_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-xorg=%-xdmx)
-XTSOL_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-server-xorg=%-trusted-trusted-xorg)
MODES_PKG_METADATA_DIR = $(MODULE_PKG_METADATA_DIR:%-server-xorg=%-modeline-utilities)
EXTRA_METADATA_DIRS = $(XCOMMON_PKG_METADATA_DIR) \
$(XEPHYR_PKG_METADATA_DIR) \
$(XVFB_PKG_METADATA_DIR) \
$(XDMX_PKG_METADATA_DIR) \
- $(XTSOL_PKG_METADATA_DIR) \
$(MODES_PKG_METADATA_DIR)
EXTRA_ATTRDATA_FILES = $(EXTRA_METADATA_DIRS:%=%/$(ATTRDATA_FILE_NAME))
@@ -326,12 +324,6 @@
$(EXTRA_METADATA_DIRS):
mkdir -p $@
-# Xtsol module is covered only by Oracle copyright/license
-XTSOL_LICENSE = $(XTSOL_PKG_METADATA_DIR)/$(LICENSE_FILE_NAME)
-$(XTSOL_LICENSE):= LICENSE_NAME = $(ORACLE_LICENSE_NAME)
-$(XTSOL_LICENSE):= LICENSE_FILE = COPYING.tsol
-$(XTSOL_LICENSE):= LICENSE_INSERT = $(ORACLE_LICENSE_INSERT)
-
# Special compatibility links from /usr/X11/include to /usr/include
X11_INCLUDE_COMPAT_DIR = $(PROTODIR)/usr/X11/include
X11_INCLUDE_COMPAT_LINKS = $(X11_INCLUDE_COMPAT_DIR)/drm \
--- a/open-src/xserver/xorg/dixmods-deps.patch Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/dixmods-deps.patch Wed Nov 18 14:43:45 2015 -0800
@@ -1,15 +1,17 @@
---- a/configure.ac Fri Feb 20 08:16:58 2015
-+++ b/configure.ac Fri Feb 20 08:17:59 2015
-@@ -226,6 +226,8 @@
+diff --git a/configure.ac b/configure.ac
+index e09f020..cce0080 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -226,6 +226,8 @@ AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
dnl Find the math libary, then check for cbrt function in it.
AC_CHECK_LIB(m, sqrt)
AC_CHECK_FUNCS([cbrt])
+# But we don't want to link everything with libm
+LIBS="${LIBS//-lm}"
- dnl Check for libtsol for Solaris Trusted Extensions module
- AC_CHECK_LIB(tsol, bsllow, [BUILD_TSOL_MODULE=yes], [BUILD_TSOL_MODULE=no])
-@@ -1340,7 +1342,6 @@
+ AC_CHECK_HEADERS([ndbm.h dbm.h rpcsvc/dbm.h])
+
+@@ -1332,7 +1334,6 @@ AM_CONDITIONAL(AIGLX_DRI_LOADER, { test "x$DRI2" = xyes; } && test "x$AIGLX" = x
if test "x$GLX_USE_TLS" = xyes ; then
GLX_DEFINES="-DGLX_USE_TLS -DPTHREADS"
@@ -17,7 +19,7 @@
fi
AC_SUBST([GLX_DEFINES])
AC_SUBST([GLX_SYS_LIBS])
-@@ -1738,6 +1739,7 @@
+@@ -1730,6 +1731,7 @@ XSERVER_CFLAGS="${XSERVER_CFLAGS} ${XSERVERCFLAGS_CFLAGS}"
XSERVER_LIBS="$DIX_LIB $MI_LIB $OS_LIB"
XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS}"
XSERVER_SYS_LIBS="${XSERVER_SYS_LIBS} -lproject"
@@ -25,7 +27,7 @@
AC_SUBST([XSERVER_LIBS])
AC_SUBST([XSERVER_SYS_LIBS])
-@@ -1769,7 +1769,7 @@
+@@ -1759,7 +1761,7 @@ case "$host_os" in
[AC_LANG_SOURCE([int main(int argc, char **argv) { return 0; }])],
[mv conftest$EXEEXT conftest.parent
XORG_CHECK_LINKER_FLAGS([-Wl,-z,parent=conftest.parent -G],
@@ -34,9 +36,11 @@
# Not set yet, since this gets exported in xorg-server.pc to all the drivers,
# and they're not all fixed to build correctly with it yet.
# XORG_DRIVER_LIBS="-Wl,-z,defs -Wl,-z,parent=${bindir}/Xorg"
---- a/hw/xfree86/Makefile.am Fri Feb 20 08:18:30 2015
-+++ b/hw/xfree86/Makefile.am Fri Feb 20 08:21:20 2015
-@@ -34,10 +34,10 @@
+diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
+index 27f2cc6..ef456e1 100644
+--- a/hw/xfree86/Makefile.am
++++ b/hw/xfree86/Makefile.am
+@@ -34,10 +34,10 @@ if INT10MODULE
INT10_SUBDIR = int10
endif
@@ -51,7 +55,7 @@
$(GLAMOR_EGL_SUBDIR) drivers
DIST_SUBDIRS = common ddc i2c x86emu int10 fbdevhw os-support \
-@@ -48,7 +48,7 @@
+@@ -48,7 +48,7 @@ DIST_SUBDIRS = common ddc i2c x86emu int10 fbdevhw os-support \
bin_PROGRAMS = Xorg
nodist_Xorg_SOURCES = sdksyms.c
@@ -60,63 +64,7 @@
AM_CPPFLAGS = $(XORG_INCS) -I$(srcdir)/parser -I$(top_srcdir)/miext/cw \
-I$(srcdir)/ddc -I$(srcdir)/i2c -I$(srcdir)/modes -I$(srcdir)/ramdac \
-I$(srcdir)/dri -I$(srcdir)/dri2 -I$(top_srcdir)/dri3
---- a/hw/xfree86/dixmods/Makefile.am Fri Feb 20 08:22:01 2015
-+++ b/hw/xfree86/dixmods/Makefile.am Fri Feb 20 08:22:49 2015
-@@ -18,7 +18,9 @@
- -I$(top_srcdir)/glx
-
- libfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
-+libfb_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
- libfb_la_LIBADD = $(top_builddir)/fb/libfb.la
-+libfb_la_LIBADD += -lpixman-1
- libfb_la_SOURCES = fbmodule.c
- libfb_la_CFLAGS = $(AM_CFLAGS)
-
-@@ -28,9 +30,12 @@
- libwfb_la_CFLAGS = $(AM_CFLAGS) -DFB_ACCESS_WRAPPER
-
- libglx_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
-+libglx_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
- libglx_la_LIBADD = $(top_builddir)/glx/libglx.la $(GLX_SYS_LIBS)
- if AIGLX_DRI_LOADER
- libglx_la_LIBADD += $(top_builddir)/glx/libglxdri.la
-+libglx_la_LDFLAGS += -R$(extsmoduledir)
-+libglx_la_LDFLAGS += $(LIBDRM_LIBS)
- if NO_UNDEFINED
- libglx_la_LIBADD += $(LIBDRM_LIBS) $(PIXMAN_LIBS)
- endif
-@@ -39,6 +44,8 @@
-
- libshadow_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
- libshadow_la_LIBADD = $(top_builddir)/miext/shadow/libshadow.la
-+libshadow_la_DEPENDENCIES = libfb.la
-+libshadow_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
- if NO_UNDEFINED
- libshadow_la_LIBADD += libfb.la
- endif
---- a/hw/xfree86/shadowfb/Makefile.am Fri Feb 20 08:23:29 2015
-+++ b/hw/xfree86/shadowfb/Makefile.am Fri Feb 20 08:23:42 2015
-@@ -8,3 +8,8 @@
- AM_CPPFLAGS = $(XORG_INCS)
-
- AM_CFLAGS = $(DIX_CFLAGS) $(XORG_CFLAGS)
-+
-+libshadowfb_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
-+libshadowfb_la_LIBADD += -lXfont
-+
-+
---- a/hw/xfree86/vbe/Makefile.am Fri Feb 20 08:25:27 2015
-+++ b/hw/xfree86/vbe/Makefile.am Fri Feb 20 08:25:44 2015
-@@ -12,3 +12,6 @@
- AM_CPPFLAGS = $(XORG_INCS) -I$(srcdir)/../ddc -I$(srcdir)/../i2c \
- -I$(srcdir)/../modes -I$(srcdir)/../parser \
- -I$(srcdir)/../int10
-+
-+libvbe_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
-+
---- a/hw/xfree86/Makefile.am Wed Feb 25 12:48:07 2015
-+++ b/hw/xfree86/Makefile.am Wed Feb 25 12:48:52 2015
-@@ -135,14 +135,17 @@
+@@ -135,14 +135,17 @@ CLEANFILES = sdksyms.c sdksyms.dep Xorg.sh
EXTRA_DIST += sdksyms.sh
sdksyms.dep sdksyms.c: sdksyms.sh
@@ -136,3 +84,63 @@
dixmods/libdixmods.la:
$(AM_V_at)cd dixmods && $(MAKE) libdixmods.la
+diff --git a/hw/xfree86/dixmods/Makefile.am b/hw/xfree86/dixmods/Makefile.am
+index 762ac49..8706aa5 100644
+--- a/hw/xfree86/dixmods/Makefile.am
++++ b/hw/xfree86/dixmods/Makefile.am
+@@ -18,7 +18,9 @@ AM_CPPFLAGS = @XORG_INCS@ \
+ -I$(top_srcdir)/glx
+
+ libfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
++libfb_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
+ libfb_la_LIBADD = $(top_builddir)/fb/libfb.la
++libfb_la_LIBADD += -lpixman-1
+ libfb_la_SOURCES = fbmodule.c
+ libfb_la_CFLAGS = $(AM_CFLAGS)
+
+@@ -28,9 +30,12 @@ libwfb_la_SOURCES = fbmodule.c
+ libwfb_la_CFLAGS = $(AM_CFLAGS) -DFB_ACCESS_WRAPPER
+
+ libglx_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
++libglx_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
+ libglx_la_LIBADD = $(top_builddir)/glx/libglx.la $(GLX_SYS_LIBS)
+ if AIGLX_DRI_LOADER
+ libglx_la_LIBADD += $(top_builddir)/glx/libglxdri.la
++libglx_la_LDFLAGS += -R$(extsmoduledir)
++libglx_la_LDFLAGS += $(LIBDRM_LIBS)
+ if NO_UNDEFINED
+ libglx_la_LIBADD += $(LIBDRM_LIBS) $(PIXMAN_LIBS)
+ endif
+@@ -39,6 +44,8 @@ libglx_la_SOURCES = glxmodule.c
+
+ libshadow_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+ libshadow_la_LIBADD = $(top_builddir)/miext/shadow/libshadow.la
++libshadow_la_DEPENDENCIES = libfb.la
++libshadow_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
+ if NO_UNDEFINED
+ libshadow_la_LIBADD += libfb.la
+ endif
+diff --git a/hw/xfree86/shadowfb/Makefile.am b/hw/xfree86/shadowfb/Makefile.am
+index 22f7ada..06247a5 100644
+--- a/hw/xfree86/shadowfb/Makefile.am
++++ b/hw/xfree86/shadowfb/Makefile.am
+@@ -8,3 +8,8 @@ sdk_HEADERS = shadowfb.h
+ AM_CPPFLAGS = $(XORG_INCS)
+
+ AM_CFLAGS = $(DIX_CFLAGS) $(XORG_CFLAGS)
++
++libshadowfb_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
++libshadowfb_la_LIBADD += -lXfont
++
++
+diff --git a/hw/xfree86/vbe/Makefile.am b/hw/xfree86/vbe/Makefile.am
+index 041b47a..2eab12d 100644
+--- a/hw/xfree86/vbe/Makefile.am
++++ b/hw/xfree86/vbe/Makefile.am
+@@ -12,3 +12,6 @@ AM_CFLAGS = $(DIX_CFLAGS) $(XORG_CFLAGS)
+ AM_CPPFLAGS = $(XORG_INCS) -I$(srcdir)/../ddc -I$(srcdir)/../i2c \
+ -I$(srcdir)/../modes -I$(srcdir)/../parser \
+ -I$(srcdir)/../int10
++
++libvbe_la_LDFLAGS += $(XORG_EXTERNS_FLAG)
++
--- a/open-src/xserver/xorg/fontmod.patch Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/fontmod.patch Wed Nov 18 14:43:45 2015 -0800
@@ -1,4 +1,4 @@
-# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
@@ -19,8 +19,8 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
-Add Sun's old "bitstream" font module to the list of obsolete modules
-to ignore in xorg.conf files.
+Add Sun's old "bitstream" font module & IA & xtsol extension modules to the
+list of obsolete modules to ignore in xorg.conf files.
diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index af8a89e..ab9a37a 100644
@@ -30,7 +30,7 @@
const char *ignore[] = { "GLcore", "speedo", "bitmap", "drm",
"freetype", "type1",
-+ "bitstream",
++ "bitstream", "ia", "xtsol",
NULL
};
pointer *optarray;
--- a/open-src/xserver/xorg/patch-list Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/patch-list Wed Nov 18 14:43:45 2015 -0800
@@ -7,7 +7,6 @@
make_xkm_output_dir.patch,-p1
dtlogin-userinfo.patch,-p1
IA.patch,-p1
-xtsol.patch,-p1
amd64-loader-path.patch,-p1
fontmod.patch,-p1
sparc-probe.patch,-p1
@@ -26,7 +25,6 @@
cli-nolock.patch,-p1
16418361.patch,-p1
sparc-config-improv.patch,-p1
-17385060.patch,-p1
add-input-dev-in-multi-session.patch,-p1
sparc-multisession.patch,-p1
glx-mesa.patch,-p1
--- a/open-src/xserver/xorg/sun-src/hw/xfree86/dixmods/iamodule.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
-#include "xf86Module.h"
-#include "xf86Opt.h"
-
-#include <X11/extensions/interactive.h>
-#include "interactive_srv.h"
-
-extern void LoadExtensionList();
-
-static MODULESETUPPROTO(IASetup);
-
-static const ExtensionModule IAExt[] =
-{
- IAExtensionInit,
- IANAME,
- NULL
-};
-
-static XF86ModuleVersionInfo VersRec =
-{
- "IANAME",
- MODULEVENDORSTRING,
- MODINFOSTRING1,
- MODINFOSTRING2,
- XORG_VERSION_CURRENT,
- 1, 0, 0,
- ABI_CLASS_EXTENSION,
- ABI_EXTENSION_VERSION,
- MOD_CLASS_NONE,
- {0,0,0,0}
-};
-
-_X_EXPORT XF86ModuleData iaModuleData = { &VersRec, IASetup, NULL };
-
-static void *
-IASetup(void *module, void *opts, int *errmaj, int *errmin)
-{
- if (opts) {
- void *o = xf86FindOption(opts, "IADebugLevel");
- if (o) {
- IADebugLevel = xf86SetIntOption(opts, "IADebugLevel", 0);
- }
- }
- LoadExtensionList(IAExt, ARRAY_SIZE(IAExt), FALSE);
-
- /* Need a non-NULL return */
- return (void *)1;
-}
--- a/open-src/xserver/xorg/sun-src/hw/xfree86/dixmods/tsolmodule.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-/* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-/*
- * X Trusted Extension module for X.org X server
- */
-
-#ifdef HAVE_XORG_CONFIG_H
-#include <xorg-config.h>
-#endif
-
-#include "xf86Module.h"
-
-static MODULESETUPPROTO(xtsolSetup);
-extern void TsolExtensionInit(INITARGS);
-
-extern void LoadExtensionList();
-
-static const ExtensionModule xtsolExt[] = {
- TsolExtensionInit,
- "SUN_TSOL",
- NULL
-};
-
-static XF86ModuleVersionInfo VersRec =
-{
- "xtsol",
- MODULEVENDORSTRING,
- MODINFOSTRING1,
- MODINFOSTRING2,
- XORG_VERSION_CURRENT,
- 1, 0, 0,
- ABI_CLASS_EXTENSION,
- ABI_EXTENSION_VERSION,
- MOD_CLASS_EXTENSION,
- {0,0,0,0}
-};
-
-/*
- * Data for the loader
- */
-_X_EXPORT XF86ModuleData xtsolModuleData = { &VersRec, xtsolSetup, NULL };
-
-static void *
-xtsolSetup(void *module, void *opts, int *errmaj, int *errmin)
-{
- LoadExtensionList(xtsolExt, ARRAY_SIZE(xtsolExt), FALSE);
-
- /* Need a non-NULL return value to indicate success */
- return (void *)1;
-}
--- a/open-src/xserver/xorg/sun-src/os/solaris/mdb/modules/Xserver_mdb.h Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xorg/sun-src/os/solaris/mdb/modules/Xserver_mdb.h Wed Nov 18 14:43:45 2015 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -35,6 +35,7 @@
/* include/regionstr.h */
#define REGIONSTRUCT_H
typedef struct pixman_region16 RegionRec, *RegionPtr;
+typedef struct pixman_box16 BoxRec;
/* include/callback.h */
#define CALLBACK_H
typedef void (*CallbackProcPtr) (void *, void *, void *);
--- a/open-src/xserver/xorg/sun-src/tsol/Makefile.am Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-#########################################################################
-#
-# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-#
-#########################################################################
-#
-#
-
-noinst_LTLIBRARIES = libxtsol.la
-
-libxtsol_la_SOURCES= tsolpolicy.c tsolutils.c tsolextension.c tsolprotocol.c \
- auditwrite.c
-
-INCLUDES = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/os
-
-SERVERCONFIGdir = @SERVER_MISC_CONFIG_PATH@
-SERVERCONFIG_DATA = TrustedExtensionsPolicy
-
-TSOLPOLICYFILEDEF = -DTSOLPOLICYFILE=\"$(SERVERCONFIGdir)/TrustedExtensionsPolicy\"
-
-AM_CFLAGS = $(DIX_CFLAGS) $(TSOLPOLICYFILEDEF)
-
-libxtsol_la_LIBADD = -ltsol -ltsnet -lbsm
--- a/open-src/xserver/xorg/sun-src/tsol/TrustedExtensionsPolicy Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,231 +0,0 @@
-#
-# Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-#
-
-# TrustedExtensionsPolicy
-# Syntax: <atom|property|selection|extension|privilege> name
-# Blank lines or lines starting with # are ignored.
-#
-# property and selection can take a regular expression for name.
-# name must start with / for regular expresssions.
-#
-
-atom CAP_HEIGHT
-atom CLIPBOARD
-atom COPYRIGHT
-atom END_SPACE
-atom FAMILY_NAME
-atom FONT
-atom FONT_NAME
-atom FULL_NAME
-atom ITALIC_ANGLE
-atom LENGTH
-atom LIST_LENGTH
-atom MAX_SPACE
-atom MIN_SPACE
-atom MULTIPLE
-atom NORM_SPACE
-atom NOTICE
-atom POINT_SIZE
-atom PRIMARY
-atom QUAD_WIDTH
-atom RESOLUTION
-atom RESOURCE_MANAGER
-atom RGB_BEST_MAP
-atom RGB_BLUE_MAP
-atom RGB_COLOR_MAP
-atom RGB_DEFAULT_MAP
-atom RGB_GRAY_MAP
-atom RGB_GREEN_MAP
-atom RGB_RED_MAP
-atom SECONDARY
-atom STRIKEOUT_ASCENT
-atom STRIKEOUT_DESCENT
-atom SUBSCRIPT_X
-atom SUBSCRIPT_Y
-atom SUPERSCRIPT_X
-atom SUPERSCRIPT_Y
-atom TARGETS
-atom TIMESTAMP
-atom UNDERLINE_POSITION
-atom UNDERLINE_THICKNESS
-atom WEIGHT
-atom WM_CHANGE_STATE
-atom WM_CLASS
-atom WM_CLIENT_MACHINE
-atom WM_COLORMAP_WINDOWS
-atom WM_COMMAND
-atom WM_DELETE_WINDOW
-atom WM_HINTS
-atom WM_ICON_NAME
-atom WM_ICON_SIZE
-atom WM_NAME
-atom WM_NORMAL_HINTS
-atom WM_PROTOCOLS
-atom WM_SAVE_YOURSELF
-atom WM_SIZE_HINTS
-atom WM_STATE
-atom WM_TAKE_FOCUS
-atom WM_TRANSIENT_FOR
-atom WM_ZOOM_HINTS
-atom XV_DO_DRAG_COPY
-atom XV_DO_DRAG_LOAD
-atom XV_DO_DRAG_MOVE
-atom X_HEIGHT
-atom _DT_WORKSPACE_CURRENT
-atom _DT_WORKSPACE_PRESENCE
-atom _DT_WORKSPACE_INFO_ws0
-atom _DT_WORKSPACE_INFO_ws1
-atom _DT_WORKSPACE_INFO_ws2
-atom _DT_WORKSPACE_INFO_ws3
-atom _DT_WORKSPACE_INFO_ws4
-atom _DT_WORKSPACE_INFO_ws5
-atom _DT_WORKSPACE_INFO_ws6
-atom _DT_WORKSPACE_INFO_ws7
-atom _DT_WORKSPACE_INFO_ws8
-atom _DT_WORKSPACE_INFO_ws9
-atom _DT_WORKSPACE_LIST
-atom _OLWM_TIMESTAMP
-atom _OL_DECOR_ADD
-atom _OL_DECOR_CLOSE
-atom _OL_DECOR_DEL
-atom _OL_DECOR_FOOTER
-atom _OL_DECOR_HEADER
-atom _OL_DECOR_PIN
-atom _OL_DECOR_RESIZE
-atom _OL_DFLT_BTN
-atom _OL_MENU_FULL
-atom _OL_MENU_LIMITED
-atom _OL_NONE
-atom _OL_PIN_IN
-atom _OL_PIN_OUT
-atom _OL_PIN_STATE
-atom _OL_PROPS_APPLY
-atom _OL_PROPS_RESET
-atom _OL_SHOW_PROPS
-atom _OL_WINMSG_ERROR
-atom _OL_WINMSG_STATE
-atom _OL_WIN_ATTR
-atom _OL_WIN_BUSY
-atom _OL_WT_BASE
-atom _OL_WT_CMD
-atom _OL_WT_HELP
-atom _OL_WT_NOTICE
-atom _OL_WT_OTHER
-atom _OL_WT_PROP
-atom _SUN_DRAGDROP_ACK
-atom _SUN_DRAGDROP_DONE
-atom _SUN_DRAGDROP_DSDM
-atom _SUN_DRAGDROP_INTEREST
-atom _SUN_DRAGDROP_PREVIEW
-atom _SUN_DRAGDROP_TRIGGER
-atom _SUN_QUICK_SELECTION_KEY_STATE
-atom _SUN_SELN_CARET
-atom _SUN_SELN_END_REQUEST
-atom _SUN_SELN_FIRST
-atom _SUN_SELN_FUNC_KEY_STATE
-atom _SUN_SELN_IS_READONLY
-atom _SUN_SELN_LAST
-atom _SUN_SELN_YIELD
-atom _SUN_SELN_YIELD
-atom _SUN_SUNVIEW_ENV
-atom ws0
-atom ws1
-atom ws2
-atom ws3
-atom ws4
-atom ws5
-atom ws6
-atom ws7
-atom ws8
-atom ws9
-
-
-property WM_ICON_SIZE
-property RESOURCE_MANAGER
-property RGB_DEFAULT_MAP
-property _SUN_DESKSET_COLORS
-property _SUN_LED_MAP
-property _MOTIF_WM_INFO
-property _DT_RESTORE_MODE
-property _DT_SAVE_MODE
-property _DT_SM_WINDOW_INFO
-property _MOTIF_ATOM_0
-property _MOTIF_ATOM_1
-property _MOTIF_ATOM_2
-property _MOTIF_ATOM_3
-property _MOTIF_DRAG_RECEIVER_INFO
-
-#
-# Sun Ray Support
-#
-property _SUN_CORONA_SESSION
-property _SUN_SUNRAY_SESSION
-property _SUN_SUNRAY_CONN_INFO
-property _SUN_SUNRAY_SESSION_GEOMETRY
-property _SUN_SUNRAY_HOME
-property _SCREENSAVER_STATUS
-
-#
-# Multilevel JDS/GNOME Support
-#
-property NAUTILUS_ACTIVE_DESKTOP_ID
-property _NET_WORKAREA
-
-selection /^_DBUS_SESSION_BUS_SELECTION_/
-
-selection Dtfile
-selection Dtpad
-selection _Frame_RPC
-selection _MOTIF_CLIP_LOCK
-
-
-#
-# Entries required to polyinstantiate applications
-#
-selection /^_ADOBE_READER_/
-
-#
-# I18N: Input Method for Ja locale
-#
-selection /^_IIIM_/
-selection /^IIIM_/
-selection /^_XIM_/
-selection /^XIM_/
-selection /^jp.co.justsystem.atokx2/
-
-selection /^_XIMP_/
-selection /^_HTT_/
-
-#
-# Input Method of zh_TW.UTF-8 and zh_CN.UTF-8
-selection /^Wnn/
-selection /^wnn/
-selection /^com.sun.iiim/
-
-extension SYNC
-extension XTEST
-
-privilege win_colormap
-privilege win_config
-privilege win_devices
-privilege win_fontpath
--- a/open-src/xserver/xorg/sun-src/tsol/auditwrite.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2818 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-/*
- * auditwrite() - Construct and write user level records to the audit trail.
- */
-
-/* Include common system files first */
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <strings.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/fcntl.h>
-#include <stdio.h>
-#include <thread.h>
-#include <synch.h>
-#include <bsm/audit.h>
-#include <bsm/adt.h>
-#include <bsm/audit_record.h>
-#include <bsm/libbsm.h>
-#include "auditwrite.h"
-#include <bsm/audit_uevents.h>
-#include <priv.h>
-#include <tsol/label.h>
-
-/*
- * invocation flags
- */
-
-#define AW_NO_FLAGS ((uint_t)0x00000000) /* No flags. */
-
-#define AW_ABORT_FLAG ((uint_t)0x0000010) /* Abort gracefully */
-#define AW_APPEND_FLAG ((uint_t)0x0000020) /* Append to save rec */
-#define AW_ATTRIB_FLAG ((uint_t)0x0000040) /* Got some attribs */
-#define AW_DEFAULTRD_FLAG ((uint_t)0x0000080) /* Use default rd */
-#define AW_DISCARDRD_FLAG ((uint_t)0x0000100) /* Get rid of one rec */
-#define AW_DISCARD_FLAG ((uint_t)0x0000200) /* Get rid of all recs */
-#define AW_EVENT_FLAG ((uint_t)0x0000400) /* Event type */
-#define AW_FLUSH_FLAG ((uint_t)0x0000800) /* Flush queued recs */
-#define AW_GETRD_FLAG ((uint_t)0x0001000) /* Get a descriptor */
-#define AW_INVOKED_BEFORE_FLAG ((uint_t)0x0002000) /* Been here before */
-#define AW_NOPRESELECT_FLAG ((uint_t)0x0004000) /* Don't preselect recs */
-#define AW_NOQUEUE_FLAG ((uint_t)0x0008000) /* Stop queueing. Flush */
-#define AW_NOSAVE_FLAG ((uint_t)0x0010000) /* Don't attach save buf */
-#define AW_NOSERVER_FLAG ((uint_t)0x0020000) /* Not a trusted srvr */
-#define AW_PRESELECT_FLAG ((uint_t)0x0040000) /* Preselect recs here */
-#define AW_QUEUE_FLAG ((uint_t)0x0080000) /* Buffer all records */
-#define AW_SAVERD_FLAG ((uint_t)0x0100000) /* Attach save buffer */
-#define AW_SERVER_FLAG ((uint_t)0x0200000) /* A trusted server */
-#define AW_USERD_FLAG ((uint_t)0x0400000) /* Use rec. descriptor */
-#define AW_WRITE_FLAG ((uint_t)0x0800000) /* Write to trail */
-#define AW_SAVEDONE ((uint_t)0x1000000) /* Context is saved, */
- /* needs to be restored */
-
-/*
- * required attribute flags
- * if these attributes are not included in the record, they are added
- */
-#define AW_REC_RETURN_FLAG ((char)0x0000001) /* return attribute */
-#define AW_REC_SUBJECT_FLAG ((char)0x0000002) /* subject attribute */
-
-#define AW_CTRLCMD_FLAGS \
- (AW_ABORT_FLAG | AW_APPEND_FLAG | AW_DISCARD_FLAG | \
- AW_DISCARDRD_FLAG | AW_FLUSH_FLAG | AW_GETRD_FLAG | \
- AW_NOQUEUE_FLAG | AW_NOSAVE_FLAG | AW_NOSERVER_FLAG | \
- AW_PRESELECT_FLAG | AW_NOPRESELECT_FLAG | AW_QUEUE_FLAG | \
- AW_SAVERD_FLAG | AW_SERVER_FLAG | AW_USERD_FLAG | \
- AW_WRITE_FLAG | AW_DEFAULTRD_FLAG)
-
-#define AW_NORMALCMD_FLAGS (AW_CTRLCMD_FLAGS & ~AW_USERD_FLAG)
-
-/*
- * AW_NOUSERDCMD - these cmds may not be used with AW_USERD on auditwrite call.
- */
-#define AW_NOUSERDCMD_FLAGS \
- (AW_DISCARD_FLAG | AW_DISCARDRD_FLAG | AW_FLUSH_FLAG | \
- AW_GETRD_FLAG | AW_DEFAULTRD_FLAG | AW_USERD_FLAG)
-
-#define AW_SUCCESS_RTN (0)
-#define AW_ERR_RTN (-1)
-
-#define AW_PARSE_ERR(flags, error) \
-{ \
- if (aw_iflags & flags) { \
- aw_set_err(error); \
- aw_restore(); \
- return (AW_ERR_RTN); \
- } \
-}
-
-#define AW_GEN_ERR(error) \
-{ \
- aw_set_err(error); \
- aw_restore(); \
- return (AW_ERR_RTN); \
-}
-
-#define AW_CMD_MIN AW_END
-#define AW_CMD_MAX AW_SUBJECT_EX
-
-/*
- * Where control commands end and attribute commands begin.
- */
-#define AW_CMD_CUTOFF AW_ACL
-
-#define AW_IS_CONTROL_CMD(cmd_num) \
- ((cmd_num) < AW_CMD_CUTOFF)
-
-#define AW_IS_DATA_CMD(cmd_num) \
- ((cmd_num) >= AW_CMD_CUTOFF)
-
-/*
- * Currently, AW_MAX_REC_SIZE applies to both audit(2). This
- * will need to be changed as the limits associated w/audit(2) and
- * auditctl(2) change. It's defined here because the kernel imposed maximum
- * record size is not program visible.
- */
-#define AW_MAX_REC_SIZE (0x8000)
-
-/*
- * Number of record pointers to initially allocate
- */
-#define AW_NUM_RECP (20)
-
-/*
- * A record descriptor that is not allocated.
- */
-#define AW_NO_RD (-1)
-
-/*
- * This is a fakeout for auditwrite. We don't have a
- * auditctl(A_AUDIT), so we'll emulate this with existing
- * functionality.
- */
-#define A_AUDIT (10)
-
-struct aw_context {
- uint_t static_flags; /* static flags */
- au_mask_t pmask; /* preselection mask */
- int save_rd; /* associated save rd */
- int aw_errno; /* errno for this rec */
-};
-typedef struct aw_context aw_context_t;
-
-aw_context_t old_context; /* For saving previous state */
-int old_cur_rd;
-
-/* Data structures used to account for and queue audit record buffers */
-
-struct aw_rec {
- aw_context_t context; /* saved state for this rec */
- char aflags; /* for required attribs */
- int len; /* number of bytes in buffer */
- au_event_t event_id; /* audit event identifier */
- au_emod_t event_mod; /* audit event modifier */
- uint_t class; /* audit event classes associated with event */
- caddr_t buf; /* audit record buffer */
-};
-typedef struct aw_rec aw_rec_t;
-
-static aw_rec_t **aw_recs; /* dynam arr of aud rec ptrs */
-static int aw_num_recs; /* # token pointers */
-static caddr_t aw_queue; /* a rec queue in user addr space */
-static int aw_queue_hiwater; /* max number of bytes on queue */
-static int aw_queue_bytes; /* current # of bytes on queue */
-
-static mutex_t mutex_auditwrite = DEFAULTMUTEX; /* Global audiwrite mutex */
-
-/*
- * Command table. Contains the command and the number of args that follow
- * the command.
- *
- * If you add to the list, be aware that this is an array, and
- * in indexed accordingly. I don't know why the cmd_number field
- * was ever used.
- */
-static struct {
- int cmd_number;
- int cmd_numargs;
-} aw_cmd_table[] = {
- {AW_END, 0},
-/*
- * Control commands. These control the behavior of auditwrite.
- */
- {AW_ABORT, 0},
- {AW_APPEND, 0},
- {AW_DEFAULTRD, 0},
- {AW_DISCARD, 0},
- {AW_DISCARDRD, 1},
- {AW_FLUSH, 0},
- {AW_GETRD, 1},
- {AW_NOPRESELECT, 0},
- {AW_NOQUEUE, 0},
- {AW_NOSAVE, 0},
- {AW_NOSERVER, 0},
- {AW_PRESELECT, 1},
- {AW_QUEUE, 1},
- {AW_SAVERD, 1},
- {AW_SERVER, 0},
- {AW_USERD, 1},
- {AW_WRITE, 0},
- {AW_END, 0}, /* Reserved for future use */
- {AW_END, 0},
- {AW_END, 0},
- {AW_END, 0},
- {AW_END, 0},
- {AW_END, 0},
- {AW_END, 0},
-/*
- * Attribute commands. These tell audiwrite how many attributes
- * of data to expect.
- */
- {AW_ACL, 0}, /* Don't support ACL's yet */
- {AW_ARG, 3},
- {AW_ATTR, 6},
- {AW_DATA, 4},
- {AW_EVENT, 1},
- {AW_EVENTNUM, 1},
- {AW_EXEC_ARGS, 1},
- {AW_EXEC_ENV, 1},
- {AW_EXIT, 2},
- {AW_GROUPS, 2},
- {AW_IN_ADDR, 1},
- {AW_IPC, 2},
- {AW_END, 0}, /* obsolete AW_IPC_PERM */
- {AW_IPORT, 1},
- {AW_OPAQUE, 2},
- {AW_PATH, 1},
- {AW_PROCESS, 8},
- {AW_RETURN, 2},
- {AW_SOCKET, 1},
- {AW_SUBJECT, 8},
- {AW_TEXT, 1},
- {AW_UAUTH, 1},
- {AW_CMD, 3},
- {AW_END, 0}, /* Reserved for future use */
- {AW_END, 0},
-
- {AW_END, 0},
- {AW_END, 0},
- {AW_LEVEL, 1},
- {AW_LIAISON, 1},
- {AW_PRIVILEGE, 2},
- {AW_SLABEL, 1},
- {AW_USEOFPRIV, 2},
- {AW_END, 0}, /* Reserved for future use */
- {AW_END, 0},
- {AW_END, 0},
-
- {AW_XATOM, 1},
- {AW_XCOLORMAP, 2},
- {AW_XCURSOR, 2},
- {AW_XFONT, 2},
- {AW_XGC, 2},
- {AW_END, /* OBS */ 0},
- {AW_XPIXMAP, 2},
- {AW_XPROPERTY, 3},
- {AW_END, /* OBS */ 0},
- {AW_XSELECT, 3},
- {AW_XWINDOW, 2},
- {AW_XCLIENT, 1},
-
- {AW_PROCESS_EX, 8},
- {AW_SUBJECT_EX, 8}
-};
-
-/* externally accessible data */
-int aw_errno = AW_ERR_NO_ERROR; /* error number */
-
-static char *aw_errlist[] = {
- "No error",
- "Address invalid",
- "Memory allocation failure",
- "auditon(2) failed",
- "audit(2) failed",
- "Command incomplete",
- "Command invalid",
- "Command in effect",
- "Command not in effect",
- "More than one control command specified",
- "Event ID invalid",
- "Event ID not set",
- "getaudit(2) or getaudit_addr(2) failed",
- "Queue size invalid",
- "Record descriptor invalid",
- "Record too big",
- "No process label",
-};
-
-int aw_nerr = sizeof (aw_errlist) / sizeof (char *);
-
-/* Data used by parsing routines and auditwrite */
-
-static int *get_rd_p; /* descriptor addr */
-static int *save_rd_p; /* descriptor addr */
-
-static uint_t aw_iflags = AW_NO_FLAGS; /* invocation line flags */
-
-static uint_t aw_static_flags; /* flags saved between invocations */
-
-static int dflt_rd = AW_NO_RD; /* default audit record descriptor */
- /* used if invoker doesn't specify one */
-
-static int save_rd = AW_NO_RD; /* audit record buffer attribs to prepend to */
- /* every audit record */
-
-static int user_rd; /* descriptor passed by user */
-
-static int cur_rd = AW_NO_RD; /* the current rd */
-
-static au_mask_t pmask; /* for preselection */
-
-static int audit_policies; /* cache the audit policies for the sake */
- /* of efficiency */
-
-static void aw_abort(void);
-static int aw_buf_append(caddr_t *b1, int *l1, caddr_t b2, int l2);
-static int aw_buf_prepend(caddr_t *b1, int *l1, caddr_t b2, int l2);
-static int aw_chk_addr(caddr_t p);
-static int aw_chk_event_id(int rd);
-static int aw_chk_print(char arg);
-static int aw_chk_type(char arg);
-static int aw_chk_rd(int rd);
-static void aw_cleanup(void);
-static char aw_cvrt_path(char *path, char **pathp);
-static char aw_cvrt_print(char arg);
-static char aw_cvrt_type(char arg);
-static int aw_do_subject(int rd);
-static int aw_do_write(void);
-static int aw_write_cleanup(void);
-static void aw_free(caddr_t p);
-static void aw_free_tok(token_t *tokp);
-static int aw_gen_rec(int param, va_list arglist);
-static int aw_head(int rd);
-static int aw_parse(int param, va_list arglist);
-static int aw_preselect(int rd, au_mask_t *pmaskp);
-static void aw_queue_dealloc(void);
-static int aw_queue_flush(void);
-static int aw_queue_write(int rd);
-static int aw_rec_alloc(int *rdp);
-#ifdef NOTYET
-static int aw_rec_append(int to_rd, int from_rd);
-#endif /* NOTYET */
-static void aw_rec_dealloc(int rd);
-static int aw_rec_prepend(int to_rd, int from_rd);
-static int aw_return_attrib(int rd);
-static void aw_set_err(int error);
-static void aw_set_event(int rd, au_event_t event_id, uint_t class);
-static int aw_init(void);
-static int aw_set_context(int param, va_list arglist);
-static void aw_restore(void);
-static int aw_audit_write(int rd);
-static int aw_auditctl_write(int rd);
-static int auditctl(uint32_t command, uint32_t value, caddr_t data);
-#ifdef DEBUG
-static void aw_debuglog(char *string, int rc, int param, va_list arglist);
-#endif
-
-/* adt private */
-extern void adt_get_asid(const adt_session_data_t *, au_asid_t *);
-extern void adt_get_auid(const adt_session_data_t *, au_id_t *);
-extern void adt_get_mask(const adt_session_data_t *, au_mask_t *);
-extern void adt_get_termid(const adt_session_data_t *, au_tid_addr_t *);
-
-/*
- * a w _ g e t _ a r g s ( )
- *
- * Gets arguments off the stack;
- *
- */
-#define aw_get_args(arglist, ad, numargs) \
-{ \
- int i; \
- \
- for (i = 0; i < (numargs); i++) \
- (ad)[i] = (void *)va_arg((arglist), void *); \
-}
-
-/*
- * a w _ s k i p _ a r g ( )
- *
- * Skip args on the invocation line.
- *
- */
-#define aw_skip_args(arglist, numskips) \
-{ \
- int i; \
- \
- for (i = 0; i < (numskips); i++) \
- (void) va_arg((arglist), void *); \
-}
-
-/*
- * a u d i t w r i t e ( )
- *
- * Construct and write user level audit records to the audit trail.
- *
- */
-/*VARARGS*/
-int
-auditwrite(int param, ...)
-{
- va_list arglist; /* var args arglist pointer */
- int get_rd; /* rd to pass back */
- register int i; /* counter */
- int retval; /* return value */
-
- /* Grab the lock */
- (void) mutex_lock(&mutex_auditwrite);
-
-#ifdef DEBUG
- va_start(arglist, param);
- aw_debuglog("in ", 0, param, arglist);
- va_end(arglist);
-#endif /* DEBUG */
-
- /*
- * first time initialization stuff.
- * get the preselection mask and the audit policy.
- * allocate a default record buffer.
- */
- if (aw_init() == AW_ERR_RTN) {
- (void) mutex_unlock(&mutex_auditwrite);
- return (AW_ERR_RTN);
- }
-
- /*
- * set context, parse the invocation line and get the command.
- */
- va_start(arglist, param);
- retval = aw_set_context(param, arglist);
- if (retval != AW_ERR_RTN) {
- /* need to rewind the command line first... */
- va_start(arglist, param);
- retval = aw_parse(param, arglist);
- }
- if (retval == AW_ERR_RTN) {
- aw_abort();
- aw_restore();
- (void) mutex_unlock(&mutex_auditwrite);
- return (AW_ERR_RTN);
- }
- va_end(arglist);
-
- retval = AW_SUCCESS_RTN;
-
-#ifdef DEBUG
- aw_debuglog("my in ", 0, param, arglist);
-#endif /* DEBUG */
-
- switch (aw_iflags & AW_NORMALCMD_FLAGS) {
-
- case AW_WRITE_FLAG:
- /*
- * Preselect the record here.
- * If we're not going to write it, no sense in constructing it.
- */
- if (!aw_preselect(cur_rd, &pmask)) {
- retval = aw_write_cleanup();
- break;
- }
-
- if (aw_iflags & AW_ATTRIB_FLAG) {
- va_start(arglist, param);
- if ((retval = aw_gen_rec(param, arglist)) == AW_ERR_RTN)
- break;
- va_end(arglist);
- }
-
- if ((retval = aw_do_write()) == AW_SUCCESS_RTN)
- retval = aw_write_cleanup();
- break;
-
- case AW_APPEND_FLAG:
- va_start(arglist, param);
- if ((retval = aw_gen_rec(param, arglist)) == AW_ERR_RTN)
- break;
- va_end(arglist);
- break;
-
- case AW_ABORT_FLAG:
- aw_abort();
- break;
-
- case AW_DEFAULTRD_FLAG:
- cur_rd = dflt_rd;
- break;
-
- case AW_DISCARD_FLAG:
- /*
- * deallocate all records
- */
- for (i = 0; i < aw_num_recs; i++)
- aw_rec_dealloc(i);
- /*
- * deallocate the queue
- */
- aw_queue_dealloc();
- /*
- * save buffer is gone
- */
- aw_static_flags &= ~AW_SAVERD_FLAG;
- cur_rd = dflt_rd = save_rd = AW_NO_RD;
- break;
-
- case AW_DISCARDRD_FLAG:
- if ((retval = aw_chk_rd(user_rd)) == AW_ERR_RTN)
- break;
- else {
- aw_rec_dealloc(user_rd);
- if (user_rd == save_rd) {
- aw_static_flags &= ~AW_SAVERD_FLAG;
- save_rd = AW_NO_RD;
- }
- /*
- * special case - reallocate the default rd
- * if user blows it away.
- */
- if (user_rd == dflt_rd) {
- if ((retval = aw_rec_alloc(&dflt_rd))
- == AW_ERR_RTN)
- break;
- }
- /*
- * if user blows away the current rd, set it back
- * to the default
- */
- if (user_rd == cur_rd)
- cur_rd = dflt_rd;
- }
- break;
-
- case AW_FLUSH_FLAG:
- retval = aw_queue_flush();
- break;
-
- case AW_GETRD_FLAG:
- if ((retval = aw_rec_alloc(&get_rd)) == AW_ERR_RTN)
- break;
- *get_rd_p = get_rd;
- break;
-
- case AW_NOQUEUE_FLAG:
- if ((retval = aw_queue_flush()) == AW_ERR_RTN) {
- aw_queue_dealloc();
- break;
- }
- aw_queue_dealloc();
- aw_static_flags &= ~AW_QUEUE_FLAG;
- break;
-
- case AW_NOPRESELECT_FLAG: {
- adt_session_data_t *ah;
-
- /* Get the info from the proc */
- if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
- aw_set_err(AW_ERR_GETAUDIT_FAIL);
- retval = AW_ERR_RTN;
- }
-
- /* Stuff the real values in */
- adt_get_mask(ah, &pmask);
-
- (void) adt_end_session(ah);
-
- aw_static_flags &= ~AW_PRESELECT_FLAG;
- break;
- }
- case AW_NOSAVE_FLAG:
- aw_rec_dealloc(save_rd);
- aw_static_flags &= ~AW_SAVERD_FLAG;
- save_rd = AW_NO_RD;
- break;
-
- case AW_NOSERVER_FLAG:
- aw_static_flags &= ~AW_SERVER_FLAG;
- break;
-
- case AW_PRESELECT_FLAG:
- aw_static_flags |= AW_PRESELECT_FLAG;
- break;
-
- case AW_QUEUE_FLAG:
- aw_static_flags |= AW_QUEUE_FLAG;
- break;
-
- case AW_SAVERD_FLAG:
- if (aw_rec_alloc(&save_rd) == AW_ERR_RTN)
- break;
- *save_rd_p = save_rd;
- /*
- * SAVERD can be used by long-running processes
- * (servers) to set-up context for a new "subject".
- * Take the opportunity here to force a check of
- * the event file on disk for any changes.
- */
- /* XXXX refreshauevcache(); */
- aw_static_flags |= AW_SAVERD_FLAG;
- break;
-
- case AW_SERVER_FLAG:
- aw_static_flags |= AW_SERVER_FLAG;
- break;
-
- default:
- break;
- }
-
- if (retval == AW_ERR_RTN)
- aw_abort();
-
- /* Free up the lock */
- (void) mutex_unlock(&mutex_auditwrite);
-
-#ifdef DEBUG
- aw_debuglog("my out", retval, param, arglist);
-#endif /* DEBUG */
- aw_restore();
-#ifdef DEBUG
- aw_debuglog("out ", retval, param, arglist);
-#endif /* DEBUG */
- return (retval);
-}
-
-/*
- * a w _ a b o r t ( )
- *
- * Called when an an error occurs. Write any incomplete or buffered records.
- */
-static void
-aw_abort(void)
-{
- uint_t i;
-
- char *err_mesg; /* Mesg returned by strerror */
- char *aw_err_mesg; /* Mesg returned by aw_strerror */
-
- /* Write queued or partial records */
-
- if (aw_static_flags & AW_QUEUE_FLAG)
- (void) aw_queue_flush();
- else
- for (i = 0; i < aw_num_recs; i++) {
- if (aw_recs[i] != (aw_rec_t *)0 &&
- aw_recs[i]->buf != (caddr_t)0 &&
- aw_recs[i]->len != 0) {
- (void) aw_audit_write(i);
- }
- }
-
- aw_cleanup();
-
- (void) openlog("auditwrite(3)", LOG_PID|LOG_CONS, LOG_USER);
- (void) syslog(LOG_ALERT,
- "aborted: aw_errno = %d = %s, errno = %d = %s",
- aw_errno,
- (aw_err_mesg = aw_strerror(aw_errno)) ? aw_err_mesg : "unknown error",
- errno,
- (err_mesg = strerror(errno)) ? err_mesg : "unknown error");
- (void) closelog();
-
-}
-
-/*
- * Several programs, most noticably init(1M), have their own local
- * copies of bcopy(3C), which take precedence over lib C's
- * bcopy(3C) that we previously used here. memmove(3C) does the same
- * thing, and doesn't have any name collisions...so far.
- */
-
-/*
- * a w _ b u f _ a p p e n d ( )
- *
- * Append some data from one buffer to another
- *
- */
-static int
-aw_buf_append(caddr_t *b1, int *l1, caddr_t b2, int l2)
-{
- if (l2 == 0)
- return (AW_SUCCESS_RTN);
-
- if (*b1 == (caddr_t)0) {
- if ((*b1 = (caddr_t)calloc(1, (size_t)l2)) == (caddr_t)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- (void) memmove(*b1, b2, l2);
-
- *l1 = l2;
-
- return (AW_SUCCESS_RTN);
- }
-
- if ((*b1 = (caddr_t)realloc((void *)*b1, (size_t)(*l1 + l2)))
- == (caddr_t)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- (void) memmove(*b1+*l1, b2, l2);
-
- *l1 += l2;
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ b u f _ p r e p e n d ( )
- *
- * Prepend the contents of one buffer to another
- *
- */
-static int
-aw_buf_prepend(caddr_t *b1, int *l1, caddr_t b2, int l2)
-{
- if (l2 == 0)
- return (AW_SUCCESS_RTN);
-
- if (*b1 == (caddr_t)0) {
- if ((*b1 = (caddr_t)calloc(1, (size_t)l2)) == (caddr_t)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- (void) memmove(*b1, b2, l2);
-
- *l1 = l2;
-
- return (AW_SUCCESS_RTN);
- }
-
- if ((*b1 = (caddr_t)realloc((void *)*b1, (size_t)(*l1 + l2)))
- == (caddr_t)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- (void) memmove(*b1+l2, *b1, *l1);
-
- (void) memmove(*b1, b2, l2);
-
- *l1 += l2;
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ c h k _ a d d r ( )
- *
- * Make sure address is within allowable boundaries. This is done to minimize
- * core dumps (mostly SIGSEGV and SIGBUS) that can occur when a bad
- * invocation line is passed.
- *
- */
-static int
-aw_chk_addr(caddr_t p)
-{
- /*
- * if pointer is null, it's bogus
- */
-
- if (p == (caddr_t)0)
- return (AW_ERR_RTN);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ c h k _ e v e n t _ i d ( )
- *
- * Make sure event id is set.
- */
-static int
-aw_chk_event_id(int rd)
-{
- if (aw_recs[rd]->event_id == (au_event_t)NULL)
- return (AW_ERR_RTN);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ c h k _ p r i n t ( )
- *
- * Indicate validity of arbitrary data print arg.
- */
-static int
-aw_chk_print(char arg)
-{
- switch (arg) {
- case AWD_BINARY:
- case AWD_OCTAL:
- case AWD_DECIMAL:
- case AWD_HEX:
- case AWD_STRING:
- return (AW_SUCCESS_RTN);
- default:
- return (AW_ERR_RTN);
- }
- /*NOTREACHED*/
-}
-
-/*
- * a w _ c h k _ t y p e ( )
- *
- * Indicate validity of arbitrary data type arg.
- */
-static int
-aw_chk_type(char arg)
-{
- switch (arg) {
- case AWD_BYTE:
- case AWD_CHAR:
- case AWD_SHORT:
- case AWD_INT:
- case AWD_LONG:
- case AWD_INT32:
- case AWD_INT64:
- return (AW_SUCCESS_RTN);
- default:
- return (AW_ERR_RTN);
- }
- /*NOTREACHED*/
-}
-
-/*
- * a w _ c h k _ r d ( )
- *
- * Make sure record descriptor is valid
- */
-static int
-aw_chk_rd(int rd)
-{
- if ((rd > aw_num_recs) || (aw_recs[rd] == (aw_rec_t *)0))
- AW_GEN_ERR(AW_ERR_RD_INVALID);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ c l e a n u p ( )
- *
- * Free all buffer space. Reset all static flags.
- *
- */
-static void
-aw_cleanup(void)
-{
- int i;
-
- /* Deallocate all audit records and record pointer array */
-
- for (i = 0; i < aw_num_recs; i++) {
- aw_rec_dealloc(i);
- }
-
- cur_rd = dflt_rd = save_rd = AW_NO_RD;
-
- aw_free((caddr_t)aw_recs);
- aw_recs = (aw_rec_t **)0;
-
- /* Deallocate audit record queue */
-
- aw_queue_dealloc();
-
- /* Reset flags */
-
- aw_iflags = aw_static_flags = AW_NO_FLAGS;
-}
-
-/*
- * a w _ c v r t _ p a t h ( )
- *
- * Get path ready for the audit trail by prepending the absolute root.
- */
-static char
-aw_cvrt_path(char *path, /* orig path */
- char **pathp) /* converted path */
-{
-#define AW_PATH_LEN (MAXPATHLEN)
-
- int cmd;
- char absroot[AW_PATH_LEN+1];
- static char cvrt_path[AW_PATH_LEN+AW_PATH_LEN+2];
-
- if (path[0] == '/')
- cmd = A_GETCAR;
- else
- cmd = A_GETCWD;
-
- if (auditon(cmd, absroot, AW_PATH_LEN+1) != 0)
- AW_GEN_ERR(AW_ERR_AUDITON_FAIL);
-
- (void) strncpy(cvrt_path, absroot, AW_PATH_LEN);
- (void) strcat(cvrt_path, "/");
- (void) strcat(cvrt_path, path);
-
- *pathp = cvrt_path;
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ c v r t _ t y p e ( )
- *
- * Convert arbitrary data print suggestions to token print suggestions.
- */
-static char
-aw_cvrt_print(char arg)
-{
- switch (arg) {
- case AWD_BINARY:
- return (AUP_BINARY);
- case AWD_OCTAL:
- return (AUP_OCTAL);
- case AWD_DECIMAL:
- return (AUP_DECIMAL);
- case AWD_HEX:
- return (AUP_HEX);
- case AWD_STRING:
- return (AUP_STRING);
- }
- return ((char)~0);
-}
-
-/*
- * a w _ c v r t _ t y p e ( )
- *
- * Convert arbitrary data type to token data type.
- */
-static char
-aw_cvrt_type(char arg)
-{
- switch (arg) {
- case AWD_BYTE:
- return (AUR_BYTE);
- case AWD_CHAR:
- return (AUR_CHAR);
- case AWD_SHORT:
- return (AUR_SHORT);
- case AWD_INT:
- return (AUR_INT);
- case AWD_LONG:
- return (AUR_INT32);
- case AWD_INT32:
- return (AUR_INT32);
- case AWD_INT64:
- return (AUR_INT64);
- }
- return ((char)~0);
-}
-
-/*
- * a w _ d o _ s u b j e c t ( )
- *
- * Add subject/groups/SL/IL attribs if they haven't already been added.
- * Check the audit policy and add any necessary attribs.
- * The remaining policies such as seq and trailers are done by audit(2).
- */
-static int
-aw_do_subject(int rd)
-{
- token_t *tokp;
- gid_t gidset[NGROUPS_MAX];
- adt_session_data_t *ah;
- au_asid_t asid;
- au_id_t auid;
- au_tid_addr_t tid;
- bslabel_t label_p;
-
- /*
- * if the record does not contain a subject attribute
- * prepend one now
- */
- if (AW_REC_SUBJECT_FLAG & aw_recs[rd]->aflags)
- return (AW_SUCCESS_RTN);
-
- if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
- AW_GEN_ERR(AW_ERR_GETAUDIT_FAIL);
- }
- adt_get_asid(ah, &asid);
- adt_get_termid(ah, &tid);
- adt_get_auid(ah, &auid);
-
- /*
- * Add the subject token using the values we have.
- * Append them to the record under construction
- */
-
- if ((tokp = au_to_subject_ex(auid, geteuid(),
- getegid(), getuid(), getgid(), getpid(),
- asid, &tid))
- == (token_t *)0)
- (void) adt_end_session(ah);
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
- tokp->tt_data, (int)tokp->tt_size) ==
- AW_ERR_RTN) {
- (void) adt_end_session(ah);
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- (void) adt_end_session(ah);
- aw_free_tok(tokp);
-
- /* Go grab the sensitivity label for this process */
- if (getplabel(&label_p) != 0)
- AW_GEN_ERR(AW_ERR_NO_PLABEL);
-
- /* Now output the SL */
- if ((tokp = au_to_label(&label_p)) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
- tokp->tt_data, (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
-
- /* Now add the groups */
- if (audit_policies & AUDIT_GROUP) {
- (void) getgroups(NGROUPS_MAX, gidset);
- if ((tokp = au_to_groups((int *)gidset)) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- if (aw_buf_append(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
- tokp->tt_data, (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- }
-
- /*
- * The sequence token is no longer required to be added by
- * auditwrite(), it's added by BSM.
- */
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ d o _ w r i t e ( )
- *
- * Write an audit record.
- */
-static int
-aw_do_write(void)
-{
- /*
- * an attempt to write an audit record without an event id
- * set is a serious error
- */
- if (aw_static_flags & AW_SAVERD_FLAG) {
- if (aw_chk_event_id(cur_rd) == AW_ERR_RTN &&
- aw_chk_event_id(save_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_EVENT_ID_NOT_SET);
- } else {
- if (aw_chk_event_id(cur_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_EVENT_ID_NOT_SET);
- }
-
- if (aw_static_flags & AW_SAVERD_FLAG)
- if (aw_rec_prepend(cur_rd, save_rd) == AW_ERR_RTN)
- return (AW_ERR_RTN);
-
- /*
- * if we are a server, we don't need to add subject and return
- * attributes.
- */
- if ((aw_static_flags & AW_SERVER_FLAG) == 0) {
- if (aw_do_subject(cur_rd) == AW_ERR_RTN)
- return (AW_ERR_RTN);
- }
-
- /*
- * Must add a return attribute in all cases if one
- * has not already been added. this attribute denotes
- * the success/failure of the event.
- */
- if (!(aw_recs[cur_rd]->aflags & AW_REC_RETURN_FLAG))
- if (aw_return_attrib(cur_rd) == AW_ERR_RTN)
- return (AW_ERR_RTN);
-
- /* Now finish up by writing the header attribute */
- if (aw_head(cur_rd) == AW_ERR_RTN)
- return (AW_ERR_RTN);
-
- /*
- * if queueing is on write to the queue
- */
- if (aw_static_flags & AW_QUEUE_FLAG)
- return (aw_queue_write(cur_rd));
-
- /*
- * if we are a server, we need to use auditctl(2)
- */
- if (aw_static_flags & AW_SERVER_FLAG)
- return (aw_auditctl_write(cur_rd));
-
- /*
- * default case. we are not a server and we are not queueing.
- */
- return (aw_audit_write(cur_rd));
-}
-
-
-static int
-aw_write_cleanup(void)
-{
- aw_rec_dealloc(cur_rd);
-
- if (cur_rd == dflt_rd)
- dflt_rd = AW_NO_RD;
-
- if (cur_rd == save_rd) {
- save_rd = AW_NO_RD;
- aw_static_flags &= ~AW_SAVERD_FLAG;
- }
-
- if ((aw_iflags & AW_SAVEDONE) && (save_rd != AW_NO_RD)) {
- /*
- * If we are in context for a descriptor, now that the
- * descriptor is gone we must clean up its save rd if any.
- */
- aw_rec_dealloc(save_rd);
- save_rd = AW_NO_RD;
- aw_static_flags &= ~AW_SAVERD_FLAG;
- }
-
- cur_rd = AW_NO_RD;
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ f r e e ( )
- *
- * Only free good addrs.
- */
-static void
-aw_free(caddr_t p)
-{
- if (p != (caddr_t)0)
- free((void *)p);
-}
-
-/*
- * a w _ f r e e _ t o k ( )
- *
- * Free tokens.
- */
-static void
-aw_free_tok(token_t *tokp)
-{
- aw_free((caddr_t)tokp->tt_data);
- aw_free((caddr_t)tokp);
-}
-
-/*
- * a w _ g e n _ r e c ( )
- *
- * Traverse the invocation line again. This time grab all the record attributes,
- * convert them to ADR format and append them to the current record buffer.
- */
-static int
-aw_gen_rec(int param, va_list arglist)
-{
- void *ad[8] = { NULL }; /* attribute data */
- token_t *tokp; /* token for converted data */
- int a; /* invocation line argument */
- au_event_ent_t *auevent; /* event for this call */
- char *apath; /* anchored path */
-
- a = param;
-
- while (a != AW_END) {
-
- if (AW_IS_CONTROL_CMD(a)) {
- aw_skip_args(arglist, aw_cmd_table[a].cmd_numargs);
- a = va_arg(arglist, int);
- continue;
- }
-
- aw_get_args(arglist, ad, aw_cmd_table[a].cmd_numargs);
-
- switch (a) {
-
- case AW_ARG:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_arg32((char)(uintptr_t)ad[0],
- (char *)ad[1],
- (uint32_t)(uintptr_t)ad[2])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len), tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_ATTR: {
- /*
- * This is a bit of a hack. Rather than
- * write a new au_to_attr() routine, we
- * simply allocate a new vattr and stuff
- * values in.
- */
- vattr_t attr;
-
- if (aw_chk_addr((caddr_t)ad[6]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
-
- attr.va_mode = (int)(uintptr_t)ad[0];
- attr.va_uid = (int)(uintptr_t)ad[1];
- attr.va_gid = (int)(uintptr_t)ad[2];
- attr.va_fsid = (int)(uintptr_t)ad[3];
- attr.va_nodeid = (int)(uintptr_t)ad[4];
- attr.va_rdev = (int)(uintptr_t)ad[5];
-
- if ((tokp = au_to_attr(&attr)) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len), tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- }
-
- case AW_DATA:
- if (aw_chk_print((char)(uintptr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_CMD_INVALID);
- ad[0] = (void *)(uintptr_t)aw_cvrt_print(
- (char)(uintptr_t)ad[0]);
- if (aw_chk_type((char)(uintptr_t)ad[1]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_CMD_INVALID);
- ad[1] = (void *)(uintptr_t)aw_cvrt_type(
- (char)(uintptr_t)ad[1]);
- if (aw_chk_addr((caddr_t)ad[3]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_data((char)(uintptr_t)ad[0],
- (char)(uintptr_t)ad[1],
- (char)(uintptr_t)ad[2], (char *)ad[3])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_EVENT:
- aw_iflags |= AW_EVENT_FLAG;
- if ((auevent = getauevnam((char *)ad[0]))
- == (au_event_ent_t *)NULL)
- AW_GEN_ERR(AW_ERR_EVENT_ID_INVALID)
- else
- aw_set_event(cur_rd, auevent->ae_number,
- auevent->ae_class);
- break;
-
- case AW_EVENTNUM:
- aw_iflags |= AW_EVENT_FLAG;
- if ((cacheauevent(&auevent,
- (au_event_t)(uintptr_t)ad[0])) != 1)
- AW_GEN_ERR(AW_ERR_EVENT_ID_INVALID)
- else
- aw_set_event(cur_rd, auevent->ae_number,
- auevent->ae_class);
- break;
-
- case AW_EXEC_ARGS:
- if (!(audit_policies & AUDIT_ARGV))
- break;
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_exec_args((char **)ad[0]))
- == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_EXEC_ENV:
- if (!(audit_policies & AUDIT_ARGE))
- break;
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_exec_env((char **)ad[0]))
- == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_EXIT:
- if ((tokp = au_to_exit((int)(uintptr_t)ad[0],
- (int)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_GROUPS:
- if (!(audit_policies & AUDIT_GROUP))
- break;
- if (aw_chk_addr((caddr_t)ad[1]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_newgroups((int)(uintptr_t)ad[0],
- (gid_t *)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_IN_ADDR:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_in_addr((struct in_addr *)
- ad[0])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_IPC:
- if ((tokp = au_to_ipc((char)(uintptr_t)ad[0],
- (int)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_IPORT:
- if ((tokp = au_to_iport((ushort_t)(uintptr_t)ad[0])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_OPAQUE:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_opaque((char *)ad[0],
- (short)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_PATH:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- return (AW_ERR_RTN);
- if (aw_cvrt_path((char *)ad[0], &apath) == AW_ERR_RTN)
- return (AW_ERR_RTN);
- if ((tokp = au_to_path(apath)) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_PRIVILEGE:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_privset("",
- (priv_set_t *)ad[0])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_LEVEL:
- case AW_SLABEL:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_label((bslabel_t *)ad[0])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_PROCESS:
- if (aw_chk_addr((caddr_t)ad[7]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_process((uint32_t)(uintptr_t)ad[0],
- (uint32_t)(uintptr_t)ad[1],
- (uint32_t)(uintptr_t)ad[2],
- (uint32_t)(uintptr_t)ad[3],
- (uint32_t)(uintptr_t)ad[4],
- (uint32_t)(uintptr_t)ad[5],
- (uint32_t)(uintptr_t)ad[6],
- (au_tid_t *)ad[7])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_PROCESS_EX:
- if (aw_chk_addr((caddr_t)ad[7]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_process_ex((uint32_t)(uintptr_t)ad[0],
- (uint32_t)(uintptr_t)ad[1],
- (uint32_t)(uintptr_t)ad[2],
- (uint32_t)(uintptr_t)ad[3],
- (uint32_t)(uintptr_t)ad[4],
- (uint32_t)(uintptr_t)ad[5],
- (uint32_t)(uintptr_t)ad[6],
- (au_tid_addr_t *)ad[7])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_RETURN:
- aw_recs[cur_rd]->aflags |= AW_REC_RETURN_FLAG;
- if ((tokp = au_to_return32((char)(uintptr_t)ad[0],
- (uint_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- /*
- * Set up event for success/failure preselection
- */
- if ((char)(uintptr_t)ad[0] != 0)
- aw_recs[cur_rd]->event_mod |= PAD_FAILURE;
- break;
-
-#if 0
- case AW_SOCKET:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_socket((struct socket *)ad[0])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-#endif
-
- case AW_SUBJECT:
- aw_recs[cur_rd]->aflags |= AW_REC_SUBJECT_FLAG;
- if (aw_chk_addr((caddr_t)ad[7]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_subject((uint32_t)(uintptr_t)ad[0],
- (uint32_t)(uintptr_t)ad[1],
- (uint32_t)(uintptr_t)ad[2],
- (uint32_t)(uintptr_t)ad[3],
- (uint32_t)(uintptr_t)ad[4],
- (uint32_t)(uintptr_t)ad[5],
- (uint32_t)(uintptr_t)ad[6],
- (au_tid_t *)ad[7])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_SUBJECT_EX:
- aw_recs[cur_rd]->aflags |= AW_REC_SUBJECT_FLAG;
- if (aw_chk_addr((caddr_t)ad[7]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_subject_ex((uint32_t)(uintptr_t)ad[0],
- (uint32_t)(uintptr_t)ad[1],
- (uint32_t)(uintptr_t)ad[2],
- (uint32_t)(uintptr_t)ad[3],
- (uint32_t)(uintptr_t)ad[4],
- (uint32_t)(uintptr_t)ad[5],
- (uint32_t)(uintptr_t)ad[6],
- (au_tid_addr_t *)ad[7])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_USEOFPRIV:
- if ((tokp = au_to_upriv((char)(uintptr_t)ad[0],
- (char *)ad[1])) == (token_t *)0) {
- aw_free_tok(tokp);
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL)
- }
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_TEXT:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_text((char *)
- ad[0])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_UAUTH:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_uauth((char *)
- ad[0])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_CMD: {
- char **env = NULL;
-
- if (aw_chk_addr((caddr_t)ad[1]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if (aw_chk_addr((caddr_t)ad[2]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
-
- if (audit_policies & AUDIT_ARGE)
- env = (char **)ad[2];
-
- if ((tokp = au_to_cmd((int)(uintptr_t)ad[0],
- (char **)ad[1], env)) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len), tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
- }
-
- case AW_XATOM:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_xatom((char *)ad[0]))
- == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XCLIENT:
- if ((tokp = au_to_xclient(
- (uint32_t)(uintptr_t)ad[0])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XCURSOR:
- if ((tokp = au_to_xcursor(
- (int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XCOLORMAP:
- if ((tokp = au_to_xcolormap(
- (int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XFONT:
- if ((tokp = au_to_xfont((int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XGC:
- if ((tokp = au_to_xgc((int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XPIXMAP:
- if ((tokp = au_to_xpixmap(
- (int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XPROPERTY:
- if (aw_chk_addr((caddr_t)ad[2]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_xproperty(
- (int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1], (char *)ad[2])) ==
- (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XSELECT:
- if (aw_chk_addr((caddr_t)ad[0]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if (aw_chk_addr((caddr_t)ad[1]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if (aw_chk_addr((caddr_t)ad[2]) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- if ((tokp = au_to_xselect((char *)ad[0],
- (char *)ad[1], (char *)ad[2])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- case AW_XWINDOW:
- if ((tokp = au_to_xwindow(
- (int32_t)(uintptr_t)ad[0],
- (uid_t)(uintptr_t)ad[1])) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[cur_rd]->buf),
- &(aw_recs[cur_rd]->len),
- tokp->tt_data,
- (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
- aw_free_tok(tokp);
- break;
-
- default:
- AW_GEN_ERR(AW_ERR_CMD_INVALID)
-
- } /* switch */
-
- a = va_arg(arglist, int);
-
- } /* while */
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ h e a d ( )
- *
- * Add a header to an audit record.
- *
- * Note that we no longer need to add a trailer in Solaris 2.x, as this
- * is handled by the audit(2) system call.
- */
-static int
-aw_head(int rd)
-{
-
- token_t *tokp;
- adr_t adr; /* tmp pointer */
- char id; /* tmp variable to hold value */
- int32_t len; /* Value to fix */
-
- if ((tokp = au_to_header_ex(aw_recs[rd]->event_id,
- aw_recs[rd]->event_mod)) == (token_t *)NULL)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- /*
- * Need to fix up the size correctly.
- */
- len = aw_recs[rd]->len + tokp->tt_size;
- adrm_start(&adr, tokp->tt_data); /* beginning of pointer */
- adrm_char(&adr, &id, 1); /* move past attr id */
- adr_int32(&adr, &len, 1); /* fix the length */
-
- if (aw_buf_prepend(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
- tokp->tt_data, (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
-
- aw_free_tok(tokp);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ p a r s e ( )
- *
- * Parse the invocation line looking for invalid commands and invalid data
- * (bad pointers).
- *
- * Returns AW_ERR_RTN when:
- * more than one control command has been specified.
- * AW_APPEND is specified w/out any attribute commands.
- *
- * Returns AW_SUCCESS_RTN upon success.
- */
-static int
-aw_parse(int param, va_list arglist)
-{
- int a;
- au_event_ent_t *auevent;
- void *ad[8] = { NULL }; /* argument data */
-
- /*
- * During the port from TS 2, we had to slightly reorg code, thus
- * I'm simply going to continue to use the "a" variable.
- */
- a = param;
-
- while (a != AW_END) {
-
- if (a < AW_CMD_MIN || a > AW_CMD_MAX)
- AW_GEN_ERR(AW_ERR_CMD_INVALID);
-
- /*
- * EVENT attribute and RETURN attribute have preselection
- * info. Need to gobble up that info here so that we can
- * preselect without the overhead of record construction.
- */
- if (AW_IS_DATA_CMD(a) &&
- ((a != AW_EVENT) && (a != AW_EVENTNUM)) &&
- (a != AW_RETURN)) {
- aw_iflags |= AW_ATTRIB_FLAG;
- aw_skip_args(arglist, aw_cmd_table[a].cmd_numargs);
- /* Reload with next value of "a" */
- a = va_arg(arglist, int);
- continue;
- }
-
- aw_get_args(arglist, ad, aw_cmd_table[a].cmd_numargs);
-
- switch (a) {
-
- /* AW_ABORT is not documented. It is used for debugging */
-
- case AW_ABORT:
- aw_iflags |= AW_ABORT_FLAG;
- break;
-
- case AW_APPEND:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- aw_iflags |= AW_APPEND_FLAG;
- break;
-
- case AW_EVENT:
- aw_iflags |= AW_EVENT_FLAG;
- aw_iflags |= AW_ATTRIB_FLAG;
- if ((auevent = getauevnam((char *)ad[0]))
- == (au_event_ent_t *)0)
- AW_GEN_ERR(AW_ERR_EVENT_ID_INVALID)
- else
- aw_set_event(cur_rd, auevent->ae_number,
- auevent->ae_class);
- break;
-
- case AW_EVENTNUM:
- aw_iflags |= AW_EVENT_FLAG;
- aw_iflags |= AW_ATTRIB_FLAG;
- if ((cacheauevent(&auevent,
- (au_event_t)(uintptr_t)ad[0])) != 1)
- AW_GEN_ERR(AW_ERR_EVENT_ID_INVALID)
- else
- aw_set_event(cur_rd, auevent->ae_number,
- auevent->ae_class);
- break;
-
- case AW_QUEUE:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if (aw_static_flags & AW_QUEUE_FLAG)
- AW_GEN_ERR(AW_ERR_CMD_IN_EFFECT);
- aw_queue_hiwater = (int)(uintptr_t)ad[0];
- if (aw_queue_hiwater > AW_MAX_REC_SIZE ||
- aw_queue_hiwater == 0)
- AW_GEN_ERR(AW_ERR_QUEUE_SIZE_INVALID);
- aw_iflags |= AW_QUEUE_FLAG;
- break;
-
- case AW_DEFAULTRD:
- AW_PARSE_ERR(AW_CTRLCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- aw_iflags |= AW_DEFAULTRD_FLAG;
- break;
-
- case AW_DISCARD:
- AW_PARSE_ERR(AW_CTRLCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- aw_iflags |= AW_DISCARD_FLAG;
- break;
-
- case AW_DISCARDRD:
- AW_PARSE_ERR(AW_CTRLCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- user_rd = (int)(uintptr_t)ad[0];
- /*
- * A specified rd of -1 here means that the
- * default rd should be discarded.
- */
- if (user_rd == -1)
- user_rd = dflt_rd;
- aw_iflags |= AW_DISCARDRD_FLAG;
- break;
-
- case AW_FLUSH:
- AW_PARSE_ERR(AW_CTRLCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if (!(aw_static_flags & AW_QUEUE_FLAG))
- AW_GEN_ERR(AW_ERR_CMD_NOT_IN_EFFECT);
- aw_iflags |= AW_FLUSH_FLAG;
- break;
-
- case AW_GETRD:
- AW_PARSE_ERR(AW_CTRLCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- get_rd_p = (int *)ad[0];
- if (aw_chk_addr((caddr_t)get_rd_p) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- aw_iflags |= AW_GETRD_FLAG;
- break;
-
- case AW_NOPRESELECT:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if (!(aw_static_flags & AW_PRESELECT_FLAG))
- AW_GEN_ERR(AW_ERR_CMD_NOT_IN_EFFECT);
- aw_iflags |= AW_NOPRESELECT_FLAG;
- break;
-
- case AW_NOQUEUE:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if (!(aw_static_flags & AW_QUEUE_FLAG))
- AW_GEN_ERR(AW_ERR_CMD_NOT_IN_EFFECT);
- aw_queue_hiwater = 0;
- aw_iflags |= AW_NOQUEUE_FLAG;
- break;
-
- case AW_NOSAVE:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if (!(aw_static_flags & AW_SAVERD_FLAG))
- AW_GEN_ERR(AW_ERR_CMD_NOT_IN_EFFECT);
- aw_iflags |= AW_NOSAVE_FLAG;
- break;
-
- case AW_NOSERVER:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if (!(aw_static_flags & AW_SERVER_FLAG))
- AW_GEN_ERR(AW_ERR_CMD_NOT_IN_EFFECT);
- aw_iflags |= AW_NOSERVER_FLAG;
- break;
-
- case AW_PRESELECT:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- if ((au_mask_t *)ad[0] != (au_mask_t *)0) {
- (void) memcpy((char *)&pmask,
- (char *)((au_mask_t *)ad[0]),
- sizeof (au_mask_t));
- }
- aw_iflags |= AW_PRESELECT_FLAG;
- break;
-
- case AW_RETURN:
- /*
- * Set up event for success/failure preselection
- */
- aw_iflags |= AW_ATTRIB_FLAG;
- if ((char)(uintptr_t)ad[0] != 0)
- aw_recs[cur_rd]->event_mod |= PAD_FAILURE;
- break;
-
- case AW_SAVERD:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- save_rd_p = (int *)ad[0];
- if (aw_chk_addr((caddr_t)save_rd_p) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ADDR_INVALID);
- aw_iflags |= AW_SAVERD_FLAG;
- break;
-
- case AW_SERVER:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- aw_iflags |= AW_SERVER_FLAG;
- break;
-
- case AW_USERD:
- /*
- * Already handled a valid one in aw_set_context().
- */
- AW_PARSE_ERR(AW_NOUSERDCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- aw_iflags |= AW_USERD_FLAG;
- break;
-
- case AW_WRITE:
- AW_PARSE_ERR(AW_NORMALCMD_FLAGS, AW_ERR_CMD_TOO_MANY);
- aw_iflags |= AW_WRITE_FLAG;
- break;
-
- default:
- AW_GEN_ERR(AW_ERR_CMD_INVALID)
-
- } /* switch */
-
- /* Reload with the next value of "a" */
- a = va_arg(arglist, int);
-
- } /* while */
-
- /* Must have a control command */
- if (!(aw_iflags & AW_CTRLCMD_FLAGS))
- AW_GEN_ERR(AW_ERR_CMD_INCOMPLETE);
-
- /* Must be an attribute command with AW_APPEND control command */
- if ((aw_iflags & AW_APPEND_FLAG) &&
- !(aw_iflags & AW_ATTRIB_FLAG))
- AW_GEN_ERR(AW_ERR_CMD_INCOMPLETE);
-
- /*
- * If there was an attribute command, need a control command to that
- * tells what to do with the attributes.
- */
- if ((aw_iflags & AW_ATTRIB_FLAG) &&
- !((aw_iflags & AW_APPEND_FLAG) ||
- (aw_iflags & AW_WRITE_FLAG)))
- AW_GEN_ERR(AW_ERR_CMD_INCOMPLETE);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ p r e s e l e c t ( )
- *
- * Do user level audit preselection
- *
- * Returns:
- * 1 - audit event is preselected
- * 0 - audit event is not preselected
- */
-static int
-aw_preselect(int rd, au_mask_t *pmaskp)
-{
- if (aw_recs[rd]->event_mod & PAD_FAILURE)
- return (aw_recs[rd]->class & pmaskp->am_failure);
-
- return (aw_recs[rd]->class & pmaskp->am_success);
-}
-
-/*
- * a w _ q u e u e _ d e a l l o c ( )
- *
- * Deallocate audit record queue.
- */
-static void
-aw_queue_dealloc(void)
-{
- aw_queue_bytes = 0;
- aw_free(aw_queue);
- aw_queue = (caddr_t)0;
-}
-
-/*
- * a w _ q u e u e _ f l u s h ( )
- *
- * Flush audit record queue.
- */
-static int
-aw_queue_flush(void)
-{
- /* write all records on queue to trail */
-
- if (aw_queue_bytes) {
- if (auditctl(A_AUDIT, (uint32_t)aw_queue_bytes,
- aw_queue) == -1)
- AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
-
- aw_queue_bytes = 0;
- }
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ q u e u e _ w r i t e ( )
- *
- * "Queue" an audit record. Actually, each record passed is appended to a
- * buffer. This buffer eventually gets written with auditctl(2). Auditctl(2)
- * will process the records in the order in which it receives them. This
- * creates a "queueing" effect.
- */
-static int
-aw_queue_write(int rd)
-{
- if (aw_queue_bytes + aw_recs[rd]->len > AW_MAX_REC_SIZE) {
-
- (void) aw_queue_flush();
-
- if ((auditctl(A_AUDIT, (uint32_t)aw_recs[rd]->len,
- aw_recs[rd]->buf)) == -1)
- AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
-
- return (AW_SUCCESS_RTN);
- }
-
- /* no queue? allocate it now. */
-
- if (aw_buf_append(&aw_queue, &aw_queue_bytes,
- aw_recs[rd]->buf, aw_recs[rd]->len) == AW_ERR_RTN)
- return (AW_ERR_RTN);
-
- /* did we reach the hi-water mark? */
-
- if (aw_queue_bytes >= aw_queue_hiwater)
- if (aw_queue_flush() == AW_ERR_RTN)
- return (AW_ERR_RTN);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ r e c _ i n i t ( )
- *
- * Init a rec area.
- *
- */
-static void
-aw_rec_init(aw_rec_t *rec)
-{
- rec->event_id = 0;
- rec->event_mod = 0;
-
- rec->context.static_flags = AW_NO_FLAGS;
- rec->context.save_rd = AW_NO_RD;
- rec->context.aw_errno = AW_ERR_NO_ERROR;
- rec->context.pmask.am_success = AU_MASK_NONE;
- rec->context.pmask.am_failure = AU_MASK_NONE;
-}
-/*
- * a w _ r e c _ a l l o c ( )
- *
- * Allocate a buffer to store an audit record.
- *
- */
-static int
-aw_rec_alloc(int *rdp)
-{
- int slot;
-
- /* allocate the audit record buffer pointers */
-
- if (aw_recs == (aw_rec_t **)0) {
- if ((aw_recs = (aw_rec_t **)calloc(AW_NUM_RECP,
- (size_t)sizeof (aw_rec_t *))) == (aw_rec_t **)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- aw_num_recs = AW_NUM_RECP;
-
- /* allocate the record */
-
- if ((aw_recs[0] = (aw_rec_t *)calloc(1,
- (size_t)sizeof (aw_rec_t))) == (aw_rec_t *)0)
- return (AW_ERR_RTN);
-
- aw_rec_init(aw_recs[0]);
- *rdp = 0;
-
- return (AW_SUCCESS_RTN);
- }
- /* linear search to find the next open slot */
-
- for (slot = 0; slot < aw_num_recs; slot++)
- if (aw_recs[slot] == (aw_rec_t *)0) {
-
- /* allocate the record */
-
- if ((aw_recs[slot] = (aw_rec_t *)calloc(1,
- (size_t)sizeof (aw_rec_t))) == (aw_rec_t *)0)
- return (AW_ERR_RTN);
-
- aw_rec_init(aw_recs[slot]);
- *rdp = slot;
-
- return (AW_SUCCESS_RTN);
- }
- /* no open slots, allocate for another */
- if ((aw_recs = (aw_rec_t **)realloc((void *)aw_recs,
- ((size_t)(aw_num_recs + 1) * sizeof (aw_rec_t *)))) ==
- (aw_rec_t **)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
-
- /* allocate the record */
-
- slot = aw_num_recs;
-
- if ((aw_recs[slot] = (aw_rec_t *)calloc(1, (size_t)sizeof (aw_rec_t)))
- == (aw_rec_t *)0)
- return (AW_ERR_RTN);
-
- aw_rec_init(aw_recs[aw_num_recs]);
- *rdp = aw_num_recs++;
-
- return (AW_SUCCESS_RTN);
-}
-
-#ifdef NOTYET
-/*
- * a w _ r e c _ a p p e n d ( )
- *
- * Concatentate two previously allocated records.
- *
- */
-static int
-aw_rec_append(int to_rd, int from_rd)
-{
- if (aw_chk_rd(to_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_RD_INVALID);
-
- if (aw_chk_rd(from_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_RD_INVALID);
-
- if (aw_recs[from_rd]->event_id) {
- aw_recs[to_rd]->event_id = aw_recs[from_rd]->event_id;
- aw_recs[to_rd]->class = aw_recs[from_rd]->class;
- }
-
- aw_recs[to_rd]->aflags |= aw_recs[from_rd]->aflags;
-
- if ((aw_recs[to_rd]->len +
- aw_recs[from_rd]->len) > AW_MAX_REC_SIZE)
- AW_GEN_ERR(AW_ERR_REC_TOO_BIG);
-
- return (aw_buf_append(&(aw_recs[to_rd]->buf),
- &(aw_recs[to_rd]->len),
- aw_recs[from_rd]->buf,
- aw_recs[from_rd]->len));
-}
-#endif /* NOTYET */
-
-/*
- * a w _ r e c _ d e a l l o c ( )
- *
- * Deallocate a previously allocated audit record buffer.
- *
- */
-static void
-aw_rec_dealloc(int rd)
-{
- /* free the audit record buffer */
-
- if (aw_recs[rd] == (aw_rec_t *)0)
- return;
-
- aw_free(aw_recs[rd]->buf);
- aw_recs[rd]->buf = (caddr_t)0;
-
- /* free the record */
-
- aw_free((caddr_t)aw_recs[rd]);
- aw_recs[rd] = (aw_rec_t *)0;
-}
-
-/*
- * a w _ r e c _ p r e p e n d ( )
- *
- * Prepend a record buffer with the contents of another record buffer.
- *
- */
-static int
-aw_rec_prepend(int to_rd, int from_rd)
-{
- if (aw_chk_rd(to_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_RD_INVALID);
-
- if (aw_chk_rd(from_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_RD_INVALID);
-
- if (aw_recs[from_rd]->event_id)
- aw_recs[to_rd]->event_id = aw_recs[from_rd]->event_id;
-
- if ((aw_recs[to_rd]->len +
- aw_recs[from_rd]->len) > AW_MAX_REC_SIZE)
- AW_GEN_ERR(AW_ERR_REC_TOO_BIG);
-
- return (aw_buf_prepend(&(aw_recs[to_rd]->buf),
- &(aw_recs[to_rd]->len),
- aw_recs[from_rd]->buf,
- aw_recs[from_rd]->len));
-}
-
-static int
-aw_return_attrib(int rd)
-{
- token_t *tokp;
-
- /*
- * append a return token indicating a success event
- */
- if ((tokp = au_to_return32(0, 0)) == (token_t *)0)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- if (aw_buf_append(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
- tokp->tt_data, (int)tokp->tt_size) == AW_ERR_RTN) {
- aw_free_tok(tokp);
- return (AW_ERR_RTN);
- }
-
- aw_free_tok(tokp);
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ s e t _ e r r ( )
- *
- * This routine sets aw_errno. It insures aw_errno is set
- * once per invocation.
- */
-static void
-aw_set_err(int error)
-{
- if (error == AW_ERR_NO_ERROR || aw_errno == AW_ERR_NO_ERROR)
- aw_errno = error;
-}
-
-/*
- * a w _ s e t _ e v e n t ( )
- *
- * Set event id and class.
- */
-static void
-aw_set_event(int rd, au_event_t event_id, uint_t class)
-{
- aw_recs[rd]->event_id = event_id;
- aw_recs[rd]->class = class;
-}
-
-/*
- * a w _ i n i t ( )
- *
- * if this is the first invocation of auditwrite(3), do some setup
- */
-static int
-aw_init(void)
-{
- adt_session_data_t *ah;
-
- aw_errno = AW_ERR_NO_ERROR; /* No error so far */
-
- /*
- * allocate a default audit record buf if we don't have one.
- */
- if (dflt_rd == AW_NO_RD) {
- if (aw_rec_alloc(&dflt_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
- }
-
- /*
- * current record buf was recently deallocated
- * set it back to the default
- */
- if (cur_rd == AW_NO_RD)
- cur_rd = dflt_rd;
-
- if (aw_static_flags & AW_INVOKED_BEFORE_FLAG) {
- aw_iflags = AW_NO_FLAGS;
- return (AW_SUCCESS_RTN);
- }
-
- /*
- * First call setup
- *
- * Cache the preselection mask and the audit policies in order
- * to reduce system call overhead. If they change, we will be
- * auditing with stale values.
- */
- if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
- AW_GEN_ERR(AW_ERR_GETAUDIT_FAIL);
- }
-
- /* Stuff the real values in */
- adt_get_mask(ah, &pmask);
-
- (void) adt_end_session(ah);
-
- if (auditon(A_GETPOLICY, (caddr_t)&audit_policies, 0) == -1)
- AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
-
- aw_static_flags |= AW_INVOKED_BEFORE_FLAG;
-
- cur_rd = dflt_rd;
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ s e t _ c o n t e x t ( )
- *
- * set context as needed.
- */
-static int
-aw_set_context(int param, va_list arglist)
-{
- int a;
- void *ad[8] = { NULL }; /* argument data */
-
- a = param;
-
- /*
- * If the input params start with USERD and after this there's
- * anything besides AW_END, then we need to switch to the context
- * for that record descriptor.
- */
- if (a != AW_USERD)
- return (AW_SUCCESS_RTN);
-
- aw_get_args(arglist, ad, aw_cmd_table[a].cmd_numargs);
- user_rd = (int)(uintptr_t)ad[0];
- if (aw_chk_rd(user_rd) == AW_ERR_RTN)
- AW_GEN_ERR(AW_ERR_RD_INVALID);
-
- a = va_arg(arglist, int);
- if (a != AW_END) {
- /*
- * USERD is used with another command.
- * Save context first, then load context for the
- * given rd.
- */
- old_context.static_flags = aw_static_flags;
- old_context.save_rd = save_rd;
- old_context.aw_errno = aw_errno;
- old_context.pmask = pmask;
-
- old_cur_rd = cur_rd;
-
- /*
- * Now load up our values.
- */
- aw_static_flags =
- aw_recs[user_rd]->context.static_flags;
- save_rd = aw_recs[user_rd]->context.save_rd;
- aw_errno = aw_recs[user_rd]->context.aw_errno;
- pmask = aw_recs[user_rd]->context.pmask;
-
- /* initialize as needed... */
- if (aw_init() == AW_ERR_RTN) {
- return (AW_ERR_RTN);
- }
-
- aw_iflags |= AW_SAVEDONE;
- }
-
- /*
- * Finish basic USERD processing here.
- */
- cur_rd = user_rd;
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ r e s t o r e ( )
- *
- * restore context if needed.
- */
-static void
-aw_restore(void)
-{
- if (aw_iflags & AW_SAVEDONE) {
- /*
- * Save context for our rd first... If our rd is gone
- * by now, we can't and won't need to do this part.
- */
- if ((user_rd <= aw_num_recs) &&
- (aw_recs[user_rd] != (aw_rec_t *)0)) {
- aw_recs[user_rd]->context.static_flags =
- aw_static_flags;
- aw_recs[user_rd]->context.save_rd = save_rd;
- aw_recs[user_rd]->context.aw_errno = aw_errno;
- aw_recs[user_rd]->context.pmask = pmask;
- }
-
- /*
- * Now restore the old values.
- */
- aw_static_flags = old_context.static_flags;
- save_rd = old_context.save_rd;
- pmask = old_context.pmask;
-
- cur_rd = old_cur_rd;
-
- aw_iflags &= ~AW_SAVEDONE;
- }
-}
-
-/*
- * a w _ a u d i t _ w r i t e ( )
- *
- * Write an audit record to the audit trail using the audit(2) system call.
- */
-static int
-aw_audit_write(int rd)
-{
- if (audit(aw_recs[rd]->buf, aw_recs[rd]->len) == -1)
- AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
-
- return (AW_SUCCESS_RTN);
-}
-
-/*
- * a w _ a u d i t c t l _ w r i t e ( )
- *
- * Write an audit record to the audit trail using the auditctl(2) system call.
- */
-static int
-aw_auditctl_write(int rd)
-{
- if (auditctl(A_AUDIT, (uint32_t)aw_recs[rd]->len,
- aw_recs[rd]->buf) == -1)
- AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
-
- return (AW_SUCCESS_RTN);
-}
-
-#ifdef DEBUG
-/*
- * aw_debuglog: dump auditwrite parameters and current state
- * to the debug file.
- *
- * General format of such an entry:
- *
- * xxx e pid= nnn stat-flags= xxxxxx aw_errno= n cur_rd= n
- * dflt_rd= n save_rd= n arg1 arg2 ... arg11
- *
- * ...where:
- * xxx = text, generally either "in" (auditwrite begin) or "out" (exit)
- * e = auditwrite return value (significant only with "out")
- * arg1, = auditwrite arguments (1st 11 only, whether used or not)
- * arg2
- * ...
- *
- */
-static int cntr = 0;
-
-static void
-aw_debuglog(char *s, int rc, int param, va_list arglist)
-{
- void *a;
- int i;
- FILE *f;
-
- f = fopen("/var/audit/awlog", "a");
- if (f == NULL) {
- return;
- }
-
- if (strcmp(s, "in ") == 0) {
- cntr++;
- (void) fprintf(f, "\n%4d \n", cntr);
- }
-
- (void) fprintf(f, "%9s ", s);
- (void) fprintf(f, "%8d ", rc);
- (void) fprintf(f, "pid= %7ld ", (long)getpid());
-
- (void) fprintf(f, "stat-flags= %8x ", aw_static_flags);
- (void) fprintf(f, "aw_errno= %8d ", aw_errno);
-
- (void) fprintf(f, "cur_rd= %8x ", cur_rd);
- (void) fprintf(f, "dflt_rd= %8x ", dflt_rd);
- (void) fprintf(f, "save_rd= %8x\n\t\t", save_rd);
-
- if ((arglist == 0) && (param == 0))
- goto done;
-
- /*
- * Now dump in the arguments auditwrite was called with... Since
- * the number of args is variable, just dump the first 10 or so
- * (some of which may not actually have been passed).
- */
- a = (void *)param;
- for (i = 1; i <= 10; i++) {
- (void) fprintf(f, "%d ", a);
- a = va_arg(arglist, void *);
- }
-
-done:
- (void) fprintf(f, "\n");
- (void) fclose(f);
-}
-#endif
-
-/*
- * aw_strerror: return the error string
- */
-char *
-aw_strerror(const int aw_errnum)
-{
- if ((aw_errnum < aw_nerr) && (aw_errnum >= 0))
- return (aw_errlist[aw_errnum]);
- else
- return (NULL);
-}
-
-/*
- * aw_geterrno: return the aw_errno for the given descriptor.
- */
-int
-aw_geterrno(const int rd)
-{
- int err;
-
- (void) mutex_lock(&mutex_auditwrite);
-
- if (aw_chk_rd(rd) == AW_ERR_RTN) {
- (void) mutex_unlock(&mutex_auditwrite);
- return (AW_ERR_RD_INVALID);
- }
-
- err = aw_recs[rd]->context.aw_errno;
-
- (void) mutex_unlock(&mutex_auditwrite);
- return (err);
-}
-
-/*
- * aw_perror_c: common internal routine to return the error string
- */
-static void
-aw_perror_c(const int err, const char *s)
-{
- char *c;
-
- if ((err < aw_nerr) && (err >= 0))
- c = aw_errlist[err];
- else
- c = "Unknown error";
-
- if (s && *s) {
- (void) write(2, s, strlen(s));
- (void) write(2, ": ", 2);
- }
-
- (void) write(2, c, strlen(c));
- (void) write(2, "\n", 1);
-}
-
-/*
- * aw_perror: return the error string
- */
-void
-aw_perror(const char *s)
-{
- aw_perror_c(aw_errno, s);
-}
-
-/*
- * aw_perror_r: return the error string
- */
-void
-aw_perror_r(const int rd, const char *s)
-{
- int err;
-
- err = aw_geterrno(rd);
- aw_perror_c(err, s);
-}
-
-/*
- * Currently we are using Solaris 2.x BSM's audit mechanism,
- * which doesn't have the large queue buffer mechanism. Rather
- * than rewrite the system call, we'll simply emulate the large
- * buffer write. If this gets to be problem in performance,
- * we can readd the system call.
- */
-static int
-auditctl(uint32_t command, uint32_t value, caddr_t data)
-{
- uint32_t bytes_left = value; /* number of bytes to write */
- caddr_t mover = data; /* moving pointer */
- adr_t adr; /* byte independent addressing */
- char id; /* check for proper audit record */
- int32_t bytes; /* number of bytes for this record */
-
- /* The only remaining option to auditctl is be A_AUDIT */
- if (command != A_AUDIT)
- return (-1);
-
- while (bytes_left > (uint32_t)0) {
-
- /* Where to start parsing */
- adrm_start(&adr, mover);
- adrm_char(&adr, &id, 1);
- adrm_int32(&adr, &bytes, 1);
-
- /* Make sure we have a header and output the record */
-
- if (!((id == AUT_HEADER32) || (id == AUT_HEADER64) ||
- (id == AUT_HEADER32_EX) || (id == AUT_HEADER64_EX)) ||
- (bytes > bytes_left)) {
- errno = EINVAL;
- return (-1);
- }
-
- if (audit((caddr_t)mover, bytes) != 0) {
- /* Use the audit(2) errno */
- return (-1);
- }
-
- mover += bytes;
- bytes_left -= bytes;
- }
-
- /* Last minute check to make sure we wrote out the exact number */
- if (bytes_left != 0) {
- errno = E2BIG;
- return (-1);
- }
-
- return (0);
-}
--- a/open-src/xserver/xorg/sun-src/tsol/auditwrite.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,186 +0,0 @@
-/*
- * Copyright (c) 2004, 2008, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifndef _BSM_AUDITWRITE_H
-#define _BSM_AUDITWRITE_H
-
-
-#include <bsm/libbsm.h>
-#include <tsol/label.h>
-#include <sys/tsol/label_macro.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
- * This file contains declarations and defines for use with
- * auditwrite(3).
- */
-
-/* Mandatory last arg on auditwrite(3) invocation line */
-
-#define AW_END (0)
-
-/* control commands */
-
-#define AW_ABORT (1) /* Stop everything. */
-#define AW_APPEND (2) /* Append to recbuf. */
-#define AW_DEFAULTRD (3) /* Use default rd. */
-#define AW_DISCARD (4) /* Discard all audit recs. */
-#define AW_DISCARDRD (5) /* Discard one audit rec. */
-#define AW_FLUSH (6) /* Flush queued recbufs. */
-#define AW_GETRD (7) /* Get a recbuf descriptor. */
-#define AW_NOPRESELECT (8) /* No user level preselection */
-#define AW_NOQUEUE (9) /* Stop queueing. Flush. */
-#define AW_NOSAVE (10) /* Don't attach save buffer. */
-#define AW_NOSERVER (11) /* We're not a trusted server. */
-#define AW_PRESELECT (12) /* Do user level preselection. */
-#define AW_QUEUE (13) /* Buffer all records. */
-#define AW_SAVERD (14) /* Attach save buffer. */
-#define AW_SERVER (15) /* We're a trusted server. */
-#define AW_USERD (16) /* Use recbuf descriptor. */
-#define AW_WRITE (17) /* Write to trail. */
-
-/*
- * Attribute commands. These tell audiwrite(3) what kind
- * of data to expect.
- */
-
-#define AW_ACL (25)
-#define AW_ARG (26)
-#define AW_ATTR (27)
-#define AW_DATA (28)
-#define AW_EVENT (29)
-#define AW_EVENTNUM (30)
-#define AW_EXEC_ARGS (31)
-#define AW_EXEC_ENV (32)
-#define AW_EXIT (33)
-#define AW_GROUPS (34)
-#define AW_INADDR (35)
-#define AW_IN_ADDR AW_INADDR
-#define AW_IPC (36)
-#define AW_IPORT (38)
-#define AW_OPAQUE (39)
-#define AW_PATH (40)
-#define AW_PROCESS (41)
-#define AW_RETURN (42)
-#define AW_SOCKET (43)
-#define AW_SUBJECT (44)
-#define AW_TEXT (45)
-#define AW_UAUTH (46)
-#define AW_CMD (47)
-
-#define AW_LEVEL (52)
-#define AW_LIAISON (53)
-#define AW_PRIVILEGE (54) /* OBSOLETE */
-#define AW_SLABEL (55)
-#define AW_USEOFPRIV (56)
-
-#define AW_XATOM (60)
-#define AW_XCOLORMAP (61)
-#define AW_XCURSOR (62)
-#define AW_XFONT (63)
-#define AW_XGC (64)
-#define AW_XOBJ (65) /* OBSOLETE */
-#define AW_XPIXMAP (66)
-#define AW_XPROPERTY (67)
-#define AW_XPROTO (68) /* OBSOLETE */
-#define AW_XSELECT (69)
-#define AW_XWINDOW (70)
-#define AW_XCLIENT (71)
-#define AW_PROCESS_EX (72)
-/*
- * The next is the last and highest numbered valid command code; if more
- * are added, remember to update AW_CMD_MAX in auditwrite.c.
- */
-#define AW_SUBJECT_EX (73)
-
-/*
- * describe data specified with AW_DATA
- */
-
-#define AWD_BYTE ((char)1)
-#define AWD_CHAR ((char)2)
-#define AWD_SHORT ((char)3)
-#define AWD_INT ((char)4)
-#define AWD_LONG ((char)5)
-#define AWD_INT32 ((char)6)
-#define AWD_INT64 ((char)7)
-
-/*
- * describe how to print data specified with AW_DATA
- */
-
-#define AWD_BINARY ((char)1)
-#define AWD_OCTAL ((char)2)
-#define AWD_DECIMAL ((char)3)
-#define AWD_HEX ((char)4)
-#define AWD_STRING ((char)5)
-
-/*
- * auditwrite(3) error indicators
- */
-
-#define AW_ERR_NO_ERROR (0)
-
-#define AW_ERR_ADDR_INVALID (1)
-#define AW_ERR_ALLOC_FAIL (2)
-#define AW_ERR_AUDITON_FAIL (3)
-#define AW_ERR_AUDIT_FAIL (4)
-#define AW_ERR_CMD_INCOMPLETE (5)
-#define AW_ERR_CMD_INVALID (6)
-#define AW_ERR_CMD_IN_EFFECT (7)
-#define AW_ERR_CMD_NOT_IN_EFFECT (8)
-#define AW_ERR_CMD_TOO_MANY (9)
-#define AW_ERR_EVENT_ID_INVALID (10)
-#define AW_ERR_EVENT_ID_NOT_SET (11)
-#define AW_ERR_GETAUDIT_FAIL (12)
-#define AW_ERR_QUEUE_SIZE_INVALID (13)
-#define AW_ERR_RD_INVALID (14)
-#define AW_ERR_REC_TOO_BIG (15)
-#define AW_ERR_NO_PLABEL (16)
-
-#ifdef __STDC__
-extern int auditwrite(int, ...); /* writes audit records */
-extern int aw_errno; /* error number */
-extern void aw_perror(const char *); /* print error */
-extern void aw_perror_r(const int, const char *); /* print error for */
- /* record descriptor */
-extern int aw_geterrno(const int); /* get error for record descriptor */
-extern char *aw_strerror(const int); /* format error into string */
-#else
-extern int auditwrite();
-extern int aw_errno;
-extern void aw_perror();
-extern void aw_perror_r();
-extern int aw_geterrno();
-extern char *aw_strerror();
-#endif /* __STDC__ */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _BSM_AUDITWRITE_H */
--- a/open-src/xserver/xorg/sun-src/tsol/tsol.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,159 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifndef _XTSOL_SERVER_H
-#define _XTSOL_SERVER_H
-
-/*
- * tsol.h server side extension
- */
-#define _XTSOL_SERVER
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include <X11/Xproto.h>
-#include "misc.h"
-#include "os.h"
-#include "windowstr.h"
-#include "input.h"
-#include "scrnintstr.h"
-#include "pixmapstr.h"
-#include "extnsionst.h"
-#include "dixstruct.h"
-#include "gcstruct.h"
-#include "propertyst.h"
-#include "validate.h"
-#include <X11/extensions/Xtsol.h>
-#include <X11/extensions/Xtsolproto.h>
-
-#include "tsolextension.h"
-#include "tsolinfo.h"
-
-#ifndef CALLBACK
-# define CALLBACK(name) void \
-name(CallbackListPtr *pcbl, void *nulldata, void *calldata)
-#endif
-
-/* tsolutils.c */
-extern void init_xtsol(void);
-extern void InitHotKey(DeviceIntPtr keybd);
-extern void HandleHotKey(DeviceIntPtr keybd);
-extern void LoadTsolConfig(void);
-extern void MakeTSOLAtoms(void);
-extern int SpecialName(const char *string, int len);
-extern TsolInfoPtr GetClientTsolInfo(ClientPtr client);
-extern bslabel_t *lookupSL_low(void);
-extern int PolyPropReadable(PropertyPtr pProp, ClientPtr client);
-extern WindowPtr TsolPointerWindow(void);
-extern int DoScreenStripeHeight(int screen_num);
-extern int AddUID(int *userid);
-extern WindowPtr AnyWindowOverlapsJustMe(WindowPtr pWin,
- WindowPtr pHead, BoxPtr box);
-
-extern Bool priv_win_colormap;
-extern Bool priv_win_config;
-extern Bool priv_win_devices;
-extern Bool priv_win_dga;
-extern Bool priv_win_fontpath;
-
-extern WindowPtr tpwin;
-extern bclear_t SessionHI; /* HI Clearance */
-extern bclear_t SessionLO; /* LO Clearance */
-extern unsigned int StripeHeight;
-extern bslabel_t PublicObjSL;
-
-extern Atom tsol_lastAtom;
-extern int tsol_nodelength;
-extern TsolNodePtr tsol_node;
-
-
-/* tsolextension.c */
-extern int tsolMultiLevel;
-extern int (*TsolSavedProcVector[PROCVECTORSIZE])(ClientPtr /*client*/);
-extern int (*TsolSavedSwappedProcVector[PROCVECTORSIZE])(ClientPtr /*client*/);
-
-/* tsolprotocol.c */
-extern void UpdateTsolNode(Atom thisAtom, ClientPtr client);
-extern int TsolChangeWindowProperty(ClientPtr, WindowPtr, Atom, Atom, int, int,
- unsigned long, void *, Bool);
-extern int TsolDeleteProperty(ClientPtr, WindowPtr, Atom);
-extern int TsolInitWindow(ClientPtr, WindowPtr);
-extern int TsolInitPixmap(ClientPtr, PixmapPtr);
-extern void TsolDeleteClientFromAnySelections(ClientPtr);
-extern void TsolDeleteWindowFromAnySelections(WindowPtr);
-
-extern int ProcTsolInternAtom(ClientPtr client);
-extern int ProcTsolGetAtomName(ClientPtr client);
-extern int ProcTsolSetSelectionOwner(ClientPtr client);
-extern int ProcTsolGetSelectionOwner(ClientPtr client);
-extern int ProcTsolConvertSelection(ClientPtr client);
-extern int ProcTsolGetProperty(ClientPtr client);
-extern int ProcTsolListProperties(ClientPtr client);
-extern int ProcTsolChangeKeyboardMapping(ClientPtr client);
-extern int ProcTsolSetPointerMapping(ClientPtr client);
-extern int ProcTsolChangeKeyboardControl(ClientPtr client);
-extern int ProcTsolBell(ClientPtr client);
-extern int ProcTsolChangePointerControl(ClientPtr client);
-extern int ProcTsolSetModifierMapping(ClientPtr client);
-
-extern int ProcTsolCreateWindow(ClientPtr client);
-extern int ProcTsolChangeWindowAttributes(ClientPtr client);
-extern int ProcTsolConfigureWindow(ClientPtr client);
-extern int ProcTsolCirculateWindow(ClientPtr client);
-extern int ProcTsolReparentWindow(ClientPtr client);
-extern int ProcTsolSetInputFocus(ClientPtr client);
-extern int ProcTsolGetInputFocus(ClientPtr client);
-extern int ProcTsolSendEvent(ClientPtr client);
-extern int ProcTsolSetInputFocus(ClientPtr client);
-extern int ProcTsolGetInputFocus(ClientPtr client);
-extern int ProcTsolGetGeometry(ClientPtr client);
-extern int ProcTsolGrabServer(ClientPtr client);
-extern int ProcTsolUngrabServer(ClientPtr client);
-extern int ProcTsolCreatePixmap(ClientPtr client);
-extern int ProcTsolSetScreenSaver(ClientPtr client);
-extern int ProcTsolChangeHosts(ClientPtr client);
-extern int ProcTsolChangeAccessControl(ClientPtr client);
-extern int ProcTsolKillClient(ClientPtr client);
-extern int ProcTsolSetFontPath(ClientPtr client);
-extern int ProcTsolChangeCloseDownMode(ClientPtr client);
-extern int ProcTsolListInstalledColormaps(ClientPtr client);
-extern int ProcTsolGetImage(ClientPtr client);
-extern int ProcTsolQueryTree(ClientPtr client);
-extern int ProcTsolQueryPointer(ClientPtr client);
-extern int ProcTsolQueryExtension(ClientPtr client);
-extern int ProcTsolListExtensions(ClientPtr client);
-extern int ProcTsolMapWindow(ClientPtr client);
-extern int ProcTsolMapSubwindows(ClientPtr client);
-extern int ProcTsolCopyArea(ClientPtr client);
-extern int ProcTsolCopyPlane(ClientPtr client);
-extern int ProcTsolPolySegment(ClientPtr client);
-extern int ProcTsolPolyRectangle(ClientPtr client);
-
-extern int TsolPanoramiXGetGeometry(ClientPtr client);
-
-extern CALLBACK(TsolAuditStart);
-extern CALLBACK(TsolAuditEnd);
-#endif /* _XTSOL_SERVER_H */
--- a/open-src/xserver/xorg/sun-src/tsol/tsolextension.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2259 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#include <stdio.h>
-#include "auditwrite.h"
-#include <bsm/libbsm.h>
-#include <bsm/audit_uevents.h>
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <ucred.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <arpa/inet.h>
-#include <sys/tsol/tndb.h>
-#include <strings.h>
-#include <string.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <rpc/rpc.h>
-#include <zone.h>
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include "misc.h"
-#include "osdep.h"
-#include <X11/Xauth.h>
-#include "tsol.h"
-#include "inputstr.h"
-#include "extnsionst.h"
-#include "dixstruct.h"
-#include "xace.h"
-#include "xacestr.h"
-#ifdef PANORAMIX
-#include "../Xext/panoramiXsrv.h"
-#endif
-#ifdef XCSECURITY
-#include <X11/extensions/secur.h>
-#include "../Xext/securitysrv.h"
-#endif
-#include "tsolpolicy.h"
-
-#define BadCmapCookie 0
-#define Tsolextension 0x0080 /* Tsol extensions begin at 128 */
-#define MAX_SCREENS 3 /* screens allowed */
-#define EXTNSIZE 128
-
-#define SECURE_RPC_AUTH "SUN-DES-1"
-#define SECURE_RPC_LEN 9
-
-static int ProcTsolDispatch(ClientPtr);
-static int ProcSetPolyInstInfo(ClientPtr);
-static int ProcSetPropLabel(ClientPtr);
-static int ProcSetPropUID(ClientPtr);
-static int ProcSetResLabel(ClientPtr);
-static int ProcSetResUID(ClientPtr);
-static int ProcGetClientAttributes(ClientPtr);
-static int ProcGetClientLabel(ClientPtr);
-static int ProcGetPropAttributes(ClientPtr);
-static int ProcGetResAttributes(ClientPtr);
-static int ProcMakeTPWindow(ClientPtr);
-static int ProcMakeTrustedWindow(ClientPtr);
-static int ProcMakeUntrustedWindow(ClientPtr);
-
-static int SProcTsolDispatch(ClientPtr);
-static int SProcSetPolyInstInfo(ClientPtr);
-static int SProcSetPropLabel(ClientPtr);
-static int SProcSetPropUID(ClientPtr);
-static int SProcSetResLabel(ClientPtr);
-static int SProcSetResUID(ClientPtr);
-static int SProcGetClientAttributes(ClientPtr);
-static int SProcGetClientLabel(ClientPtr);
-static int SProcGetPropAttributes(ClientPtr);
-static int SProcGetResAttributes(ClientPtr);
-static int SProcMakeTPWindow(ClientPtr);
-static int SProcMakeTrustedWindow(ClientPtr);
-static int SProcMakeUntrustedWindow(ClientPtr);
-
-static void TsolReset(ExtensionEntry *extension);
-static void BreakAllGrabs(ClientPtr client);
-
-static unsigned char TsolReqCode = 0;
-static int tsolEventBase = -1;
-static int ScreenStripeHeight[MAX_SCREENS] = {0, 0};
-
-int tsolMultiLevel = TRUE;
-int tsol_mac_enabled;
-
-static int OwnerUIDint;
-static Selection *tsol_sel_agnt = NULL; /* entry in CurrentSelection to get seln */
-static Atom tsol_atom_sel_agnt = 0; /* selection agent atom created during init */
-
-/*
- * Key to lookup devPrivate data in various structures
- */
-DevPrivateKeyRec tsolClientPrivateKeyRec;
-DevPrivateKeyRec tsolPixmapPrivateKeyRec;
-DevPrivateKeyRec tsolWindowPrivateKeyRec;
-DevPrivateKeyRec tsolPropertyPrivateKeyRec;
-DevPrivateKeyRec tsolSelectionPrivateKeyRec;
-DevPrivateKeyRec tsolDevicePrivateKeyRec;
-
-
-int (*TsolSavedProcVector[PROCVECTORSIZE])(ClientPtr client);
-int (*TsolSavedSwappedProcVector[PROCVECTORSIZE])(ClientPtr client);
-
-static SecurityHook tsolSecHook;
-
-static XID TsolCheckAuthorization (unsigned int name_length,
- char *name, unsigned int data_length,
- char *data, ClientPtr client, const char **reason);
-
-static void TsolSetClientInfo(ClientPtr client);
-
-/* XACE hook callbacks */
-static CALLBACK(TsolCheckExtensionAccess);
-static CALLBACK(TsolCheckPropertyAccess);
-static CALLBACK(TsolCheckResourceIDAccess);
-static CALLBACK(TsolCheckSendAccess);
-static CALLBACK(TsolCheckReceiveAccess);
-static CALLBACK(TsolCheckSelectionAccess);
-static CALLBACK(TsolProcessKeyboard);
-CALLBACK(TsolCheckDeviceAccess);
-CALLBACK(TsolCheckServerAccess);
-CALLBACK(TsolCheckClientAccess);
-
-/* other callbacks */
-static CALLBACK(TsolClientStateCallback);
-static CALLBACK(TsolSelectionCallback);
-
-extern int tsol_check_policy(TsolInfoPtr tsolinfo, TsolResPtr tsolres,
- xpolicy_t flags, int reqcode);
-extern void TsolCheckDrawableAccess(CallbackListPtr *pcbl, void *nulldata,
- void *calldata);
-extern void TsolCheckXIDAccess(CallbackListPtr *pcbl, void *nulldata,
- void *calldata);
-extern Bool client_has_privilege(TsolInfoPtr tsolinfo, priv_set_t *priv);
-
-extern priv_set_t *pset_win_mac_write;
-extern priv_set_t *pset_win_dac_write;
-extern priv_set_t *pset_win_config;
-
-extern RESTYPE RREventType;
-
-/*
- * Initialize the extension. Main entry point for this loadable
- * module.
- */
-
-_X_EXPORT void
-TsolExtensionInit(void)
-{
- ExtensionEntry *extEntry;
- int i;
-
- /* sleep(20); */
-
- /* MAC/Label support is available only if labeld svc is enabled */
- if (is_system_labeled()) {
- tsol_mac_enabled = TRUE;
- } else {
- /* DAC support can be added in future */
- tsol_mac_enabled = FALSE;
- return;
- }
-
- tsolMultiLevel = TRUE;
- (void) setpflags(PRIV_AWARE, 1);
-
- init_xtsol();
- init_win_privsets();
-
- extEntry = AddExtension(TSOLNAME, TSOL_NUM_EVENTS, TSOL_NUM_ERRORS,
- ProcTsolDispatch, SProcTsolDispatch, TsolReset,
- StandardMinorOpcode);
-
- if (extEntry == NULL) {
- ErrorF("TsolExtensionInit: AddExtension failed for X Trusted Extensions\n");
- return;
- }
-
- TsolReqCode = (unsigned char) extEntry->base;
- tsolEventBase = extEntry->eventBase;
-
- if (!AddCallback(&ClientStateCallback, TsolClientStateCallback, NULL))
- return;
-
- if (!AddCallback(&SelectionCallback, TsolSelectionCallback, NULL))
- return;
-
- /* Allocate storage in devPrivates */
- if (!dixRegisterPrivateKey(tsolClientPrivateKey, PRIVATE_CLIENT,
- sizeof (TsolInfoRec))) {
- ErrorF("TsolExtensionInit: Cannot allocate client private.\n");
- return;
- }
-
- if (!dixRegisterPrivateKey(tsolPixmapPrivateKey, PRIVATE_PIXMAP,
- sizeof (TsolResRec))) {
- ErrorF("TsolExtensionInit: Cannot allocate pixmap private.\n");
- return;
- }
-
- if (!dixRegisterPrivateKey(tsolWindowPrivateKey, PRIVATE_WINDOW,
- sizeof (TsolResRec))) {
- ErrorF("TsolExtensionInit: Cannot allocate window private.\n");
- return;
- }
-
- if (!dixRegisterPrivateKey(tsolPropertyPrivateKey, PRIVATE_PROPERTY,
- sizeof (TsolResRec))) {
- ErrorF("TsolExtensionInit: Cannot allocate property private.\n");
- return;
- }
-
- if (!dixRegisterPrivateKey(tsolSelectionPrivateKey, PRIVATE_SELECTION,
- sizeof (TsolResRec))) {
- ErrorF("TsolExtensionInit: Cannot allocate selection private.\n");
- return;
- }
-
- if (!dixRegisterPrivateKey(tsolDevicePrivateKey, PRIVATE_DEVICE,
- sizeof (HotKeyRec))) {
- ErrorF("TsolExtensionInit: Cannot allocate device private.\n");
- return;
- }
-
- /* Initialize the client info for server itself */
- if (serverClient) {
- TsolInfoPtr tsolinfo = GetClientTsolInfo(serverClient);
- if (tsolinfo->sl == NULL) {
- tsolinfo->sl = (bslabel_t *)lookupSL_low();
- tsolinfo->uid = 0;
- tsolinfo->pid = getpid();
- snprintf(tsolinfo->pname, MAXNAME,
- "client id %d (pid %d)",
- serverClient->index, tsolinfo->pid);
- }
- }
-
- LoadTsolConfig();
-
- MakeTSOLAtoms();
- UpdateTsolNode(0, NULL);
-
- tsol_atom_sel_agnt = MakeAtom("_TSOL_SEL_AGNT", 14, 1);
-
- /* Initialize security hooks */
- tsolSecHook.CheckAuthorization = TsolCheckAuthorization;
- pSecHook = &tsolSecHook;
-
- XaceRegisterCallback(XACE_EXT_DISPATCH, TsolCheckExtensionAccess, NULL);
- XaceRegisterCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, NULL);
- XaceRegisterCallback(XACE_PROPERTY_ACCESS, TsolCheckPropertyAccess, NULL);
- XaceRegisterCallback(XACE_SEND_ACCESS, TsolCheckSendAccess, NULL);
- XaceRegisterCallback(XACE_RECEIVE_ACCESS, TsolCheckReceiveAccess, NULL);
- XaceRegisterCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL);
- XaceRegisterCallback(XACE_DEVICE_ACCESS, TsolCheckDeviceAccess, NULL);
- XaceRegisterCallback(XACE_SCREEN_ACCESS, TsolCheckDeviceAccess, NULL);
- XaceRegisterCallback(XACE_SCREENSAVER_ACCESS, TsolCheckDeviceAccess, NULL);
- XaceRegisterCallback(XACE_SELECTION_ACCESS, TsolCheckSelectionAccess, NULL);
- XaceRegisterCallback(XACE_SERVER_ACCESS, TsolCheckServerAccess, NULL);
- XaceRegisterCallback(XACE_CLIENT_ACCESS, TsolCheckClientAccess, NULL);
- XaceRegisterCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL);
- XaceRegisterCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL);
- XaceRegisterCallback(XACE_AUDIT_END, TsolAuditEnd, NULL);
-
- /* Save original Proc vectors */
- for (i = 0; i < PROCVECTORSIZE; i++) {
- TsolSavedProcVector[i] = ProcVector[i];
- TsolSavedSwappedProcVector[i] = SwappedProcVector[i];
- }
-
- ProcVector[X_InternAtom] = ProcTsolInternAtom;
- ProcVector[X_GetAtomName] = ProcTsolGetAtomName;
-
- ProcVector[X_CreateWindow] = ProcTsolCreateWindow;
- ProcVector[X_ChangeWindowAttributes] = ProcTsolChangeWindowAttributes;
- ProcVector[X_ConfigureWindow] = ProcTsolConfigureWindow;
- ProcVector[X_CirculateWindow] = ProcTsolCirculateWindow;
- ProcVector[X_ReparentWindow] = ProcTsolReparentWindow;
- ProcVector[X_GrabServer] = ProcTsolGrabServer;
- ProcVector[X_UngrabServer] = ProcTsolUngrabServer;
- ProcVector[X_GetImage] = ProcTsolGetImage;
- ProcVector[X_QueryTree] = ProcTsolQueryTree;
- ProcVector[X_QueryPointer] = ProcTsolQueryPointer;
- ProcVector[X_GetGeometry] = ProcTsolGetGeometry;
- ProcVector[X_CopyArea] = ProcTsolCopyArea;
- ProcVector[X_CopyPlane] = ProcTsolCopyPlane;
- ProcVector[X_PolySegment] = ProcTsolPolySegment;
- ProcVector[X_PolyRectangle] = ProcTsolPolyRectangle;
-
-}
-
-static CALLBACK(
- TsolCheckResourceIDAccess)
-{
- XaceResourceAccessRec *rec = calldata;
- RESTYPE rtype = rec->rtype;
-
- switch (rtype) {
- case RT_WINDOW:
- case RT_PIXMAP:
- /* Drawables policy */
- TsolCheckDrawableAccess(pcbl, nulldata, calldata);
- break;
-
- case RT_GC:
- case RT_CURSOR:
- case RT_FONT:
- TsolCheckXIDAccess(pcbl, nulldata, calldata);
- break;
- default:
- /*
- * Handle other resource types.
- * In RANDR extension, usual window policy is
- * enforced before checking for RREventType.
- */
- if (rtype == RREventType) {
- rec->status = Success;
- }
- break;
- }
-}
-
-static
-CALLBACK(TsolSelectionCallback)
-{
- SelectionInfoRec *pselinfo = (SelectionInfoRec *)calldata;
- Selection *pSel = pselinfo->selection;
- TsolResPtr tsolseln = TsolSelectionPrivate(pSel);
-
- switch (pselinfo->kind) {
- case SelectionClientClose:
- if (tsol_sel_agnt && pSel->selection == tsol_sel_agnt->selection) {
- tsol_sel_agnt = NULL; /* selection manager died. */
- }
- /* fall through to reset the SL */
-
- case SelectionWindowDestroy:
- tsolseln->sl = NULL;
- break;
-
- default:
- /* All others handled in SelectionAccess handler */
- break;
- }
-}
-
-static
-CALLBACK(TsolClientStateCallback)
-{
- NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
- ClientPtr client = pci->client;
- TsolInfoPtr tsolinfo = TsolClientPrivate(client);
-
- switch (client->clientState) {
-
- case ClientStateInitial:
- /* Got a new connection */
- TsolSetClientInfo(client);
- break;
-
- case ClientStateRunning:
- break;
-
- case ClientStateRetained: /* client disconnected */
- break;
- case ClientStateGone:
- if (tpwin && wClient(tpwin) == client)
- tpwin = NULL; /* reset tpwin */
-
- if (tsolinfo != NULL && tsolinfo->privs != NULL) {
- priv_freeset(tsolinfo->privs);
- }
- /* Audit disconnect */
- if (au_preselect(AUE_ClientDisconnect, &(tsolinfo->amask),
- AU_PRS_BOTH, AU_PRS_USECACHE) == 1) {
- auditwrite(AW_PRESELECT, &(tsolinfo->amask),AW_END);
- auditwrite(AW_EVENTNUM, AUE_ClientDisconnect,
- AW_XCLIENT, client->index,
- AW_SLABEL, tsolinfo->sl,
- AW_RETURN, 0, 0, AW_WRITE, AW_END);
-
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- auditwrite(AW_FLUSH, AW_END);
- auditwrite(AW_DISCARDRD, tsolinfo->asaverd, AW_END);
- auditwrite(AW_NOPRESELECT, AW_END);
- }
- break;
-
- default:
- break;
- }
-
-}
-
-
-static void
-TsolReset(ExtensionEntry *extension)
-{
- free_win_privsets();
- XaceDeleteCallback(XACE_EXT_DISPATCH, TsolCheckExtensionAccess, NULL);
- XaceDeleteCallback(XACE_RESOURCE_ACCESS, TsolCheckResourceIDAccess, NULL);
- XaceDeleteCallback(XACE_PROPERTY_ACCESS, TsolCheckPropertyAccess, NULL);
- XaceDeleteCallback(XACE_SEND_ACCESS, TsolCheckSendAccess, NULL);
- XaceDeleteCallback(XACE_RECEIVE_ACCESS, TsolCheckReceiveAccess, NULL);
- XaceDeleteCallback(XACE_EXT_ACCESS, TsolCheckExtensionAccess, NULL);
- XaceDeleteCallback(XACE_DEVICE_ACCESS, TsolCheckDeviceAccess, NULL);
- XaceDeleteCallback(XACE_SCREEN_ACCESS, TsolCheckDeviceAccess, NULL);
- XaceDeleteCallback(XACE_SCREENSAVER_ACCESS, TsolCheckDeviceAccess, NULL);
- XaceDeleteCallback(XACE_SELECTION_ACCESS, TsolCheckSelectionAccess, NULL);
- XaceDeleteCallback(XACE_SERVER_ACCESS, TsolCheckServerAccess, NULL);
- XaceDeleteCallback(XACE_CLIENT_ACCESS, TsolCheckClientAccess, NULL);
- XaceDeleteCallback(XACE_KEY_AVAIL, TsolProcessKeyboard, NULL);
- XaceDeleteCallback(XACE_AUDIT_BEGIN, TsolAuditStart, NULL);
- XaceDeleteCallback(XACE_AUDIT_END, TsolAuditEnd, NULL);
-}
-
-/*
- * Dispatch routine
- *
- */
-static int
-ProcTsolDispatch(register ClientPtr client)
-{
- int retval;
-
- REQUEST(xReq);
-
- switch (stuff->data)
- {
- case X_SetPolyInstInfo:
- retval = ProcSetPolyInstInfo(client);
- break;
- case X_SetPropLabel:
- retval = ProcSetPropLabel(client);
- break;
- case X_SetPropUID:
- retval = ProcSetPropUID(client);
- break;
- case X_SetResLabel:
- retval = ProcSetResLabel(client);
- break;
- case X_SetResUID:
- retval = ProcSetResUID(client);
- break;
- case X_GetClientAttributes:
- retval = ProcGetClientAttributes(client);
- break;
- case X_GetClientLabel:
- retval = ProcGetClientLabel(client);
- break;
- case X_GetPropAttributes:
- retval = ProcGetPropAttributes(client);
- break;
- case X_GetResAttributes:
- retval = ProcGetResAttributes(client);
- break;
- case X_MakeTPWindow:
- retval = ProcMakeTPWindow(client);
- break;
- case X_MakeTrustedWindow:
- retval = ProcMakeTrustedWindow(client);
- break;
- case X_MakeUntrustedWindow:
- retval = ProcMakeUntrustedWindow(client);
- break;
- default:
- SendErrorToClient(client, TsolReqCode, stuff->data, 0, BadRequest);
- retval = BadRequest;
- }
- return (retval);
-}
-
-
-static int
-SProcTsolDispatch(register ClientPtr client)
-{
- int retval;
-
- REQUEST(xReq);
-
- swaps(&stuff->length);
- switch (stuff->data)
- {
- case X_SetPolyInstInfo:
- retval = SProcSetPolyInstInfo(client);
- break;
- case X_SetPropLabel:
- retval = SProcSetPropLabel(client);
- break;
- case X_SetPropUID:
- retval = SProcSetPropUID(client);
- break;
- case X_SetResLabel:
- retval = SProcSetResLabel(client);
- break;
- case X_SetResUID:
- retval = SProcSetResUID(client);
- break;
- case X_GetClientAttributes:
- retval = SProcGetClientAttributes(client);
- break;
- case X_GetClientLabel:
- retval = SProcGetClientLabel(client);
- break;
- case X_GetPropAttributes:
- retval = SProcGetPropAttributes(client);
- break;
- case X_GetResAttributes:
- retval = SProcGetResAttributes(client);
- break;
- case X_MakeTPWindow:
- retval = SProcMakeTPWindow(client);
- break;
- case X_MakeTrustedWindow:
- retval = SProcMakeTrustedWindow(client);
- break;
- case X_MakeUntrustedWindow:
- retval = SProcMakeUntrustedWindow(client);
- break;
- default:
- SendErrorToClient(client, TsolReqCode, stuff->data, 0, BadRequest);
- retval = BadRequest;
- }
- return (retval);
-}
-
-
-/*
- * Individual routines
- */
-
-static int
-SProcSetPolyInstInfo(ClientPtr client)
-{
- REQUEST(xSetPolyInstInfoReq);
- swapl(&stuff->uid);
- swapl(&stuff->enabled);
- swaps(&stuff->sllength);
-
- return (ProcSetPolyInstInfo(client));
-}
-
-static int
-SProcSetPropLabel(ClientPtr client)
-{
- REQUEST(xSetPropLabelReq);
- swapl(&stuff->id);
- swapl(&stuff->atom);
- swaps(&stuff->labelType);
- swaps(&stuff->sllength);
- swaps(&stuff->illength);
-
- return (ProcSetPropLabel(client));
-}
-
-static int
-SProcSetPropUID(ClientPtr client)
-{
- REQUEST(xSetPropUIDReq);
- swapl(&stuff->id);
- swapl(&stuff->atom);
- swapl(&stuff->uid);
-
- return (ProcSetPropUID(client));
-}
-
-static int
-SProcSetResLabel(ClientPtr client)
-{
- REQUEST(xSetResLabelReq);
- swapl(&stuff->id);
- swaps(&stuff->resourceType);
- swaps(&stuff->labelType);
- swaps(&stuff->sllength);
- swaps(&stuff->illength);
-
- return (ProcSetResLabel(client));
-}
-
-static int
-SProcSetResUID(ClientPtr client)
-{
- REQUEST(xSetResUIDReq);
- swapl(&stuff->id);
- swaps(&stuff->resourceType);
- swapl(&stuff->uid);
-
- return (ProcSetResUID(client));
-}
-
-static int
-SProcGetClientAttributes(ClientPtr client)
-{
- REQUEST(xGetClientAttributesReq);
- swapl(&stuff->id);
-
- return (ProcGetClientAttributes(client));
-}
-
-static int
-SProcGetClientLabel(ClientPtr client)
-{
- REQUEST(xGetClientLabelReq);
- swapl(&stuff->id);
- swaps(&stuff->mask);
-
- return (ProcGetClientLabel(client));
-}
-
-static int
-SProcGetPropAttributes(ClientPtr client)
-{
- REQUEST(xGetPropAttributesReq);
- swapl(&stuff->id);
- swapl(&stuff->atom);
- swaps(&stuff->mask);
-
- return (ProcGetPropAttributes(client));
-}
-
-static int
-SProcGetResAttributes(ClientPtr client)
-{
- REQUEST(xGetResAttributesReq);
- swapl(&stuff->id);
- swaps(&stuff->resourceType);
- swaps(&stuff->mask);
-
- return (ProcGetResAttributes(client));
-}
-
-static int
-SProcMakeTPWindow(ClientPtr client)
-{
- REQUEST(xMakeTPWindowReq);
- swapl(&stuff->id);
-
- return (ProcMakeTPWindow(client));
-}
-
-static int
-SProcMakeTrustedWindow(ClientPtr client)
-{
- REQUEST(xMakeTrustedWindowReq);
- swapl(&stuff->id);
-
- return (ProcMakeTrustedWindow(client));
-}
-
-static int
-SProcMakeUntrustedWindow(ClientPtr client)
-{
- REQUEST(xMakeUntrustedWindowReq);
- swapl(&stuff->id);
-
- return (ProcMakeUntrustedWindow(client));
-}
-
-/*
- * Set PolyInstantiation Info.
- * Normally a get(prop) will
- * get the prop. that has match sl, uid of the client. Setting
- * enabled to true will get only the prop. corresponding to
- * sl, uid specified instead of that of client. This is used
- * by dtwm/dtfile in special motif lib.
- */
-static int
-ProcSetPolyInstInfo(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- bslabel_t *sl;
- extern priv_set_t *pset_win_mac_write;
-
- REQUEST(xSetPolyInstInfoReq);
- REQUEST_AT_LEAST_SIZE(xSetPolyInstInfoReq);
-
- /* Requires win_mac_write privilege */
- if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
- return (BadAccess);
- }
-
- sl = (bslabel_t *)(stuff + 1);
-
- tsolpolyinstinfo.enabled = stuff->enabled;
- tsolpolyinstinfo.uid = (uid_t) stuff->uid;
- tsolpolyinstinfo.sl = lookupSL(sl);
-
- return (client->noClientException);
-}
-
-static int
-ProcSetPropLabel(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- bslabel_t *sl;
- WindowPtr pWin;
- TsolResPtr tsolprop;
- PropertyPtr pProp;
- int rc;
-
- REQUEST(xSetPropLabelReq);
-
- REQUEST_AT_LEAST_SIZE(xSetPropLabelReq);
-
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- if (!pWin)
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
- if (!ValidAtom(stuff->atom))
- {
- client->errorValue = stuff->atom;
- return (BadAtom);
- }
-
- /* first see if property already exists */
- pProp = wUserProps (pWin);
- while (pProp)
- {
- if (pProp->propertyName == stuff->atom)
- break;
- pProp = pProp->next;
- }
-
- if (!pProp)
- {
- /* property does not exist */
- client->errorValue = stuff->atom;
- return (BadAtom);
- }
-
- /* Requires win_mac_write privilege */
- if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
- return (BadAccess);
- }
-
- /* Initialize property created internally by server */
- tsolprop = TsolPropertyPrivate(pProp);
-
- sl = (bslabel_t *)(stuff + 1);
-
- if (!blequal(tsolprop->sl, sl)) {
- tsolprop->sl = lookupSL(sl);
- }
-
- return (client->noClientException);
-}
-
-static int
-ProcSetPropUID(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- WindowPtr pWin;
- TsolResPtr tsolprop;
- PropertyPtr pProp;
- int rc;
-
- REQUEST(xSetPropUIDReq);
-
- REQUEST_SIZE_MATCH(xSetPropUIDReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- if (!pWin)
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
-
- if (!ValidAtom(stuff->atom))
- {
- client->errorValue = stuff->atom;
- return (BadAtom);
- }
-
- /* first see if property already exists */
- pProp = wUserProps (pWin);
- while (pProp)
- {
- if (pProp->propertyName == stuff->atom)
- break;
- pProp = pProp->next;
- }
-
- if (!pProp)
- {
- /* property does not exist */
- client->errorValue = stuff->atom;
- return (BadAtom);
- }
-
- /* Requires win_mac_write privilege */
- if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
- return (BadAccess);
- }
-
- /* Initialize property created internally by server */
- tsolprop = TsolPropertyPrivate(pProp);
-
- tsolprop->uid = stuff->uid;
-
- return (client->noClientException);
-}
-
-static int
-ProcSetResLabel(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- bslabel_t *sl;
- PixmapPtr pMap;
- WindowPtr pWin;
- xEvent message;
- TsolResPtr tsolres;
- int rc;
-
- REQUEST(xSetResLabelReq);
-
- REQUEST_AT_LEAST_SIZE(xSetResLabelReq);
-
- /* Requires win_mac_write privilege */
- if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
- return (BadAccess);
- }
-
- sl = (bslabel_t *)(stuff + 1);
- switch (stuff->resourceType) {
- case SESSIONHI: /* set server session HI */
- memcpy(&SessionHI, sl, SL_SIZE);
- return (client->noClientException);
-
- case SESSIONLO: /* set server session LO */
- memcpy(&SessionLO, sl, SL_SIZE);
- return (client->noClientException);
-
- case IsWindow:
- rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- if (pWin)
- {
- tsolres = TsolWindowPrivate(pWin);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
- break;
-
- case IsPixmap:
- rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client,
- M_DRAWABLE_PIXMAP, DixWriteAccess);
- if (rc != Success)
- return rc;
- if (pMap)
- {
- tsolres = TsolPixmapPrivate(pMap);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadPixmap);
- }
- break;
- default:
- client->errorValue = stuff->resourceType;
- return (BadValue);
- }
-
- if (!blequal(tsolres->sl, sl)) {
- tsolres->sl = lookupSL(sl);
- }
-
- /* generate the notify event for windows */
-
- if (stuff->resourceType == IsWindow)
- {
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- message.u.u.type = ClientMessage; /* 33 */
- message.u.u.detail = 32;
- message.u.clientMessage.window = RootOf(pWin);
- message.u.clientMessage.u.l.type =
- MakeAtom("_TSOL_CMWLABEL_CHANGE", 21, 1);
- message.u.clientMessage.u.l.longs0 = RootOfClient(pWin);
- message.u.clientMessage.u.l.longs1 = stuff->id;
- DeliverEventsToWindow(PickPointer(client), pWin, &message, 1,
- SubstructureRedirectMask, NullGrab);
-
- }
- return (client->noClientException);
-}
-
-static int
-ProcSetResUID(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- int ScreenNumber;
- PixmapPtr pMap;
- WindowPtr pWin;
- TsolResPtr tsolres;
- int rc;
- extern priv_set_t *pset_win_dac_write;
-
- REQUEST(xSetResUIDReq);
-
- REQUEST_SIZE_MATCH(xSetResUIDReq);
-
- switch (stuff->resourceType)
- {
- case STRIPEHEIGHT:
- if (!HasTrustedPath(tsolinfo))
- return (BadAccess);
- StripeHeight = stuff->uid;
- ScreenNumber = stuff->id;
-
- /* set Screen Stripe Size */
- DoScreenStripeHeight(ScreenNumber);
- ScreenStripeHeight [ScreenNumber] = StripeHeight;
- return (client->noClientException);
-
- case RES_OUID:
- if (!HasTrustedPath(tsolinfo))
- return (BadAccess);
-
- OwnerUID = stuff->uid;
- OwnerUIDint = OwnerUID;
- AddUID(&OwnerUIDint);
- return (client->noClientException);
-
- case IsWindow:
- rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- if (pWin)
- {
- tsolres = TsolWindowPrivate(pWin);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
- break;
- case IsPixmap:
- rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client,
- M_DRAWABLE_PIXMAP, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- if (pMap)
- {
- tsolres = TsolPixmapPrivate(pMap);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadPixmap);
- }
- break;
- default:
- return (BadValue);
- }
-
- /* Requires win_dac_write privilege */
- if (!client_has_privilege(tsolinfo, pset_win_dac_write)) {
- return (BadAccess);
- }
-
- tsolres->uid = stuff->uid;
-
- return (client->noClientException);
-}
-
-static int
-ProcGetClientAttributes(ClientPtr client)
-{
- int n;
- int rc;
- ClientPtr res_client; /* resource owner client */
- TsolInfoPtr tsolinfo, res_tsolinfo;
- WindowPtr pWin;
-
- xGetClientAttributesReply rep = {
- .type = X_Reply,
- .sequenceNumber = client->sequence,
- .length = 0
- };
-
- REQUEST(xGetClientAttributesReq);
- REQUEST_SIZE_MATCH(xGetClientAttributesReq);
-
- /* Valid window check */
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- if (!(res_client = clients[CLIENT_ID(stuff->id)]))
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
-
- tsolinfo = GetClientTsolInfo(client);
- res_tsolinfo = GetClientTsolInfo(res_client);
-
- /* Transfer the client info to reply rec */
- rep.trustflag = (res_tsolinfo->forced_trust == 1
- || res_tsolinfo->trusted_path) ? (BYTE)1 : (BYTE)0;
- rep.uid = (CARD32) res_tsolinfo->uid;
- rep.pid = (CARD32) res_tsolinfo->pid;
- rep.gid = (CARD32) res_tsolinfo->gid;
- rep.auditid = (CARD32) res_tsolinfo->auid;
- rep.sessionid = (CARD32) res_tsolinfo->asid;
- rep.iaddr = (CARD32) res_tsolinfo->iaddr;
-
- if (client->swapped)
- {
- swaps(&rep.sequenceNumber);
- swapl(&rep.length);
- swapl(&rep.uid);
- swapl(&rep.pid);
- swapl(&rep.gid);
- swapl(&rep.auditid);
- swapl(&rep.sessionid);
- swapl(&rep.iaddr);
- }
-
- WriteToClient(client, sizeof(xGetClientAttributesReply), (char *)&rep);
-
- return (client->noClientException);
-}
-
-static int
-ProcGetClientLabel(ClientPtr client)
-{
- int n;
- int reply_length = 0;
- int rc;
- Bool write_to_client = 0;
- bslabel_t *sl;
- ClientPtr res_client; /* resource owner client */
- TsolInfoPtr tsolinfo, res_tsolinfo;
- WindowPtr pWin;
-
- xGetClientLabelReply rep = {
- .type = X_Reply,
- .sequenceNumber = client->sequence,
- .length = 0,
- .blabel_bytes = 0
- };
-
- REQUEST(xGetClientLabelReq);
- REQUEST_SIZE_MATCH(xGetClientLabelReq);
-
- /* Valid window check */
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- if (!(res_client = clients[CLIENT_ID(stuff->id)]))
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
-
- tsolinfo = GetClientTsolInfo(client);
- res_tsolinfo = GetClientTsolInfo(res_client);
-
- /* allocate temp storage for labels */
- sl = malloc(SL_SIZE);
- if (sl == NULL)
- return (BadAlloc);
-
- /* fill the fields as per request mask */
- if (stuff->mask & RES_SL)
- {
- memcpy(sl, res_tsolinfo->sl, SL_SIZE);
- rep.blabel_bytes = SL_SIZE;
- }
-
- rep.length = (CARD32)(rep.blabel_bytes)/4;
-
- if (rep.length > 0)
- {
- reply_length = rep.length*4;
- write_to_client = 1;
- }
- if (client->swapped)
- {
- swaps(&rep.sequenceNumber);
- swapl(&rep.length);
- swapl(&rep.blabel_bytes);
- }
-
- WriteToClient(client, sizeof(xGetClientLabelReply), &rep);
-
- if (write_to_client == 1)
- {
- WriteToClient(client, reply_length, (char *)sl);
- }
- free(sl);
-
- return (client->noClientException);
-}
-
-static int
-ProcGetPropAttributes(ClientPtr client)
-{
- int n;
- int reply_length = 0;
- int rc;
- Bool write_to_client = 0;
- PropertyPtr pProp;
- bslabel_t *sl;
- WindowPtr pWin;
- TsolResPtr tsolprop;
- TsolResPtr tsolres;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- xGetPropAttributesReply rep = {
- .type = X_Reply,
- .sequenceNumber = client->sequence,
- .length = 0,
- .sllength = 0,
- .illength = 0
- };
-
- REQUEST(xGetPropAttributesReq);
-
- REQUEST_SIZE_MATCH(xGetPropAttributesReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- if (!ValidAtom(stuff->atom))
- {
- client->errorValue = stuff->atom;
- return (BadAtom);
- }
-
- /* first see if property already exists */
- pProp = wUserProps (pWin);
- while (pProp)
- {
- tsolprop = TsolPropertyPrivate(pProp);
-
- if (pProp->propertyName == stuff->atom) {
-
- if (tsolpolyinstinfo.enabled) {
- if (tsolprop->uid == tsolpolyinstinfo.uid &&
- tsolprop->sl == tsolpolyinstinfo.sl)
- break; /* match found */
- } else {
- if (tsolprop->uid == tsolinfo->uid &&
- tsolprop->sl == tsolinfo->sl) {
- break; /* match found */
- }
- }
- }
- pProp = pProp->next;
- }
-
- if (!pProp)
- {
- /* property does not exist, use window's attributes */
- tsolres = TsolWindowPrivate(pWin);
- tsolprop = NULL;
- }
-
- if (stuff->mask & RES_UID)
- {
- rep.uid = tsolprop ? tsolprop->uid : tsolres->uid;
- }
-
- /* allocate temp storage for labels */
- sl = malloc(SL_SIZE);
- if (sl == NULL)
- return (BadAlloc);
-
- /* fill the fields as per request mask */
- if (stuff->mask & RES_SL)
- {
- memcpy(sl, tsolprop ? tsolprop->sl : tsolres->sl, SL_SIZE);
- rep.sllength = SL_SIZE;
- }
-
- rep.length = (CARD32) (rep.sllength)/4;
-
- if (rep.length > 0)
- {
- reply_length = rep.length*4;
- write_to_client = 1;
- }
- if (client->swapped)
- {
- swaps(&rep.sequenceNumber);
- swapl(&rep.length);
- swapl(&rep.uid);
- swaps(&rep.sllength);
- swaps(&rep.illength);
- }
-
- WriteToClient(client, sizeof(xGetPropAttributesReply), (char *)&rep);
-
- if (write_to_client == 1)
- {
- WriteToClient(client, reply_length, (char *)sl);
- }
- free(sl);
-
- return (client->noClientException);
-}
-
-static int
-ProcGetResAttributes(ClientPtr client)
-{
- int n;
- int reply_length = 0;
- int rc;
- Bool write_to_client = 0;
- bslabel_t *sl;
- PixmapPtr pMap;
- WindowPtr pWin;
- TsolResPtr tsolres = NULL;
-
- xGetResAttributesReply rep = {
- .type = X_Reply,
- .sequenceNumber = client->sequence,
- .length = 0,
- .sllength = 0,
- .illength = 0,
- .iillength = 0
- };
-
- REQUEST(xGetResAttributesReq);
-
- REQUEST_SIZE_MATCH(xGetResAttributesReq);
-
- if (stuff->mask & RES_STRIPE)
- {
- rep.uid = ScreenStripeHeight[stuff->id];
- }
- if (stuff->mask & RES_OUID)
- {
- rep.owneruid = OwnerUID;
- }
- if (stuff->resourceType == IsWindow &&
- (stuff->mask & (RES_UID | RES_SL )))
- {
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- tsolres = TsolWindowPrivate(pWin);
- }
-
- if (stuff->resourceType == IsPixmap &&
- (stuff->mask & (RES_UID | RES_SL )))
- {
- rc = dixLookupDrawable((DrawablePtr *)&pMap, stuff->id, client,
- M_DRAWABLE_PIXMAP, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- tsolres = TsolPixmapPrivate(pMap);
- }
-
- if (stuff->mask & RES_UID)
- {
- rep.uid = tsolres->uid;
- }
-
- /* allocate temp storage for labels */
- sl = malloc(SL_SIZE);
- if (sl == NULL)
- return (BadAlloc);
-
- /* fill the fields as per request mask */
- if (stuff->mask & RES_SL)
- {
- memcpy(sl, tsolres->sl, SL_SIZE);
- rep.sllength = SL_SIZE;
- }
-
- rep.length = (CARD32) (rep.sllength)/4;
-
- if (rep.length > 0)
- {
- reply_length = rep.length*4;
- write_to_client = 1;
- }
- if (client->swapped)
- {
- swaps(&rep.sequenceNumber);
- swapl(&rep.length);
- swapl(&rep.uid);
- swapl(&rep.owneruid);
- swaps(&rep.sllength);
- swaps(&rep.illength);
- swaps(&rep.iillength);
- }
-
- WriteToClient(client, sizeof(xGetResAttributesReply), (char *)&rep);
-
- if (write_to_client == 1)
- {
- WriteToClient(client, reply_length, (char *)sl);
- }
- free(sl);
-
- return (client->noClientException);
-}
-
-int
-ProcMakeTPWindow(ClientPtr client)
-{
- WindowPtr pWin = NULL, pParent;
- int rc;
- TsolInfoPtr tsolinfo;
-
- REQUEST(xMakeTPWindowReq);
- REQUEST_SIZE_MATCH(xMakeTPWindowReq);
-
- /*
- * Session type single-level? This is set by the
- * label builder
- */
- tsolinfo = GetClientTsolInfo(client);
- if (tsolinfo && HasTrustedPath(tsolinfo) &&
- blequal(&SessionLO, &SessionHI) && stuff->id == 0) {
- tsolMultiLevel = FALSE;
- return (client->noClientException);
- }
-
-#if defined(PANORAMIX)
- if (!noPanoramiXExtension)
- {
- PanoramiXRes *panres = NULL;
- int j;
-
- rc = dixLookupResourceByType((void *) &panres, stuff->id,
- XRT_WINDOW, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- FOR_NSCREENS_BACKWARD(j)
- {
- rc = dixLookupWindow(&pWin, panres->info[j].id,
- client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- /* window should not be root but child of root */
- if (!pWin || (!pWin->parent))
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
-
- pParent = pWin->parent;
- if (pParent->firstChild != pWin)
- {
- tpwin = (WindowPtr)NULL;
- ReflectStackChange(pWin, pParent->firstChild, VTStack);
- }
- }
- } else
-#endif
- {
- rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
-
- /* window should not be root but child of root */
- if (!pWin || (!pWin->parent))
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
-
- pParent = pWin->parent;
- if (pParent->firstChild != pWin)
- {
- tpwin = (WindowPtr)NULL;
- ReflectStackChange(pWin, pParent->firstChild, VTStack);
- }
- }
-
- tpwin = pWin;
-
- /*
- * Force kbd & ptr ungrab. This will cause
- * screen to lock even when kbd/ptr grabbed by
- * a client
- */
- BreakAllGrabs(client);
- return (client->noClientException);
-}
-
-/*
- * Turn on window's Trusted bit
- */
-static int
-ProcMakeTrustedWindow(ClientPtr client)
-{
- WindowPtr pWin;
- int rc;
- TsolInfoPtr tsolinfo;
-
- REQUEST(xMakeTrustedWindowReq);
- REQUEST_SIZE_MATCH(xMakeTrustedWindowReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- /* window should not be root but child of root */
- if (!pWin || (!pWin->parent))
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
- tsolinfo = GetClientTsolInfo(client);
-
- if (!HasTrustedPath(tsolinfo))
- return (BadAccess);
-
- /* Turn on Trusted bit of the window */
- tsolinfo->forced_trust = 1;
- return (client->noClientException);
-}
-
-/*
- * Turn off window's Trusted bit
- */
-static int
-ProcMakeUntrustedWindow(ClientPtr client)
-{
- WindowPtr pWin;
- int rc;
- TsolInfoPtr tsolinfo;
-
- REQUEST(xMakeUntrustedWindowReq);
- REQUEST_SIZE_MATCH(xMakeUntrustedWindowReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixWriteAccess);
- if (rc != Success)
- return rc;
-
- /* window should not be root but child of root */
- if (!pWin || (!pWin->parent))
- {
- client->errorValue = stuff->id;
- return (BadWindow);
- }
-
- tsolinfo = GetClientTsolInfo(client);
- if (!HasTrustedPath(tsolinfo))
- return (BadAccess);
-
- tsolinfo->forced_trust = 0;
- tsolinfo->trusted_path = FALSE;
-
- return (client->noClientException);
-}
-
-/*
- * Break keyboard & ptr grabs of clients other than
- * the requesting client.
- * Called from ProcMakeTPWindow.
- */
-static void
-BreakAllGrabs(ClientPtr client)
-{
- ClientPtr grabclient;
- DeviceIntPtr keybd = PickKeyboard(client);
- GrabPtr kbdgrab = keybd->deviceGrab.grab;
- DeviceIntPtr mouse = PickPointer(client);
- GrabPtr ptrgrab = mouse->deviceGrab.grab;
-
- if (kbdgrab) {
- grabclient = clients[CLIENT_ID(kbdgrab->resource)];
- if (client->index != grabclient->index)
- (*keybd->deviceGrab.DeactivateGrab)(keybd);
- }
-
- if (ptrgrab) {
- grabclient = clients[CLIENT_ID(ptrgrab->resource)];
- if (client->index != grabclient->index)
- (*mouse->deviceGrab.DeactivateGrab)(mouse);
- }
-}
-
-/*
- * Trusted Network interface module. Uses tsix API
- */
-extern au_id_t ucred_getauid(const ucred_t *uc);
-extern au_asid_t ucred_getasid(const ucred_t *uc);
-extern const au_mask32_t *ucred_getamask(const ucred_t *uc);
-extern tsol_host_type_t tsol_getrhtype(char *);
-
-static void
-TsolSetClientInfo(ClientPtr client)
-{
- bslabel_t *sl;
- bslabel_t admin_low;
- priv_set_t *privs;
- const au_mask32_t *amask;
- socklen_t namelen;
- OsCommPtr oc = (OsCommPtr)client->osPrivate;
- int fd = oc->fd;
- ucred_t *uc = NULL;
-
- TsolInfoPtr tsolinfo = TsolClientPrivate(client);
-
- /* Get client attributes from the socket */
- if (getpeerucred(fd, &uc) == -1) {
- const char *errmsg = strerror(errno);
-
- tsolinfo->uid = (uid_t)(-1);
- tsolinfo->sl = NULL;
- snprintf(tsolinfo->pname, MAXNAME,
- "client id %d (pid unknown)", client->index);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX "Cannot get client attributes"
- " for %s, getpeerucred failed: %s\n",
- tsolinfo->pname, errmsg);
- return;
- }
-
- /* Extract individual fields from the cred structure */
- tsolinfo->zid = ucred_getzoneid(uc);
- tsolinfo->uid = ucred_getruid(uc);
- tsolinfo->euid = ucred_geteuid(uc);
- tsolinfo->gid = ucred_getrgid(uc);
- tsolinfo->egid = ucred_getegid(uc);
- tsolinfo->pid = ucred_getpid(uc);
- sl = ucred_getlabel(uc);
- tsolinfo->sl = (bslabel_t *)lookupSL(sl);
-
- /* store a string for debug/error messages - would be nice to
- get the real process name out of /proc in the future
- */
- snprintf(tsolinfo->pname, MAXNAME, "client id %d (pid %d)",
- client->index, tsolinfo->pid);
-
- /* Set privileges */
- if ((tsolinfo->privs = priv_allocset()) != NULL) {
- if (tsolMultiLevel) {
- privs = (priv_set_t *)ucred_getprivset(uc, PRIV_EFFECTIVE);
- if (privs == NULL) {
- priv_emptyset(tsolinfo->privs);
- } else {
- priv_copyset(privs, tsolinfo->privs);
- }
- } else {
- priv_fillset(tsolinfo->privs);
- }
- }
-
- tsolinfo->priv_debug = FALSE;
-
-
- /*
- * For remote hosts, the uid is determined during access control
- * using Secure RPC
- */
- if (tsolinfo->zid == (zoneid_t)-1) {
- tsolinfo->client_type = CLIENT_REMOTE;
- } else {
- tsolinfo->client_type = CLIENT_LOCAL;
- }
-
-
- /* Set Trusted Path for local clients */
- if (tsolinfo->zid == GLOBAL_ZONEID) {
- tsolinfo->trusted_path = TRUE;
- }else {
- tsolinfo->trusted_path = FALSE;
- }
-
- if (tsolinfo->trusted_path || !tsolMultiLevel)
- setClientTrustLevel(client, XSecurityClientTrusted);
- else
- setClientTrustLevel(client, XSecurityClientUntrusted);
-
- tsolinfo->forced_trust = 0;
- tsolinfo->iaddr = 0;
-
- bsllow(&admin_low);
-
- /* Set reasonable defaults for remote clients */
- namelen = sizeof (tsolinfo->saddr);
- if (getpeername(fd, (struct sockaddr *)&tsolinfo->saddr, &namelen) == 0
- && (tsolinfo->client_type == CLIENT_REMOTE)) {
- int errcode;
- char hostbuf[NI_MAXHOST];
- tsol_host_type_t host_type;
-
- /* Use NI_NUMERICHOST to avoid DNS lookup */
- errcode = getnameinfo((struct sockaddr *)&(tsolinfo->saddr), namelen,
- hostbuf, sizeof(hostbuf), NULL, 0, NI_NUMERICHOST);
-
- if (errcode) {
- perror(gai_strerror(errcode));
- } else {
- host_type = tsol_getrhtype(hostbuf);
- if ((host_type == SUN_CIPSO) &&
- blequal(tsolinfo->sl, &admin_low)) {
- tsolinfo->trusted_path = TRUE;
- setClientTrustLevel(client,
- XSecurityClientTrusted);
- priv_fillset(tsolinfo->privs);
- }
- }
- }
-
- /* setup audit context */
-
- /* Audit id */
- tsolinfo->auid = ucred_getauid(uc);
- if (tsolinfo->auid == AU_NOAUDITID) {
- tsolinfo->auid = UID_NOBODY;
- }
-
- /* session id */
- tsolinfo->asid = ucred_getasid(uc);
-
- /* Audit mask */
- if ((amask = ucred_getamask(uc)) != NULL) {
- tsolinfo->amask.am_failure = AU_CLASS_64(amask->am_failure_lo,
- amask->am_failure_hi);
- tsolinfo->amask.am_success = AU_CLASS_64(amask->am_success_lo,
- amask->am_success_hi);
- } else {
- /* clear the masks */
- tsolinfo->amask.am_failure = AU_MASK_NONE;
- tsolinfo->amask.am_success = AU_MASK_NONE;
- }
-
- tsolinfo->asaverd = 0;
-
- ucred_free(uc);
-}
-
-static enum auth_stat tsol_why;
-extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
-
-static char *
-tsol_authdes_decode(char *inmsg, int len)
-{
- struct rpc_msg msg;
- char cred_area[MAX_AUTH_BYTES];
- char verf_area[MAX_AUTH_BYTES];
- char *temp_inmsg;
- struct svc_req r;
- bool_t res0, res1;
- XDR xdr;
- SVCXPRT xprt;
-
- temp_inmsg = malloc(len);
- memmove(temp_inmsg, inmsg, len);
-
- memset((char *)&msg, 0, sizeof(msg));
- memset((char *)&r, 0, sizeof(r));
- memset(cred_area, 0, sizeof(cred_area));
- memset(verf_area, 0, sizeof(verf_area));
-
- msg.rm_call.cb_cred.oa_base = cred_area;
- msg.rm_call.cb_verf.oa_base = verf_area;
- tsol_why = AUTH_FAILED;
- xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE);
-
- if ((r.rq_clntcred = malloc(MAX_AUTH_BYTES)) == NULL)
- goto bad1;
- r.rq_xprt = &xprt;
-
- /* decode into msg */
- res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred));
- res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf));
- if ( ! (res0 && res1) )
- goto bad2;
-
- /* do the authentication */
-
- r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */
- if (r.rq_cred.oa_flavor != AUTH_DES) {
- tsol_why = AUTH_TOOWEAK;
- goto bad2;
- }
-#ifdef SVR4
- if ((tsol_why = __authenticate(&r, &msg)) != AUTH_OK) {
-#else
- if ((tsol_why = _authenticate(&r, &msg)) != AUTH_OK) {
-#endif
- goto bad2;
- }
- return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name);
-
-bad2:
- free(r.rq_clntcred);
-bad1:
- return ((char *)0); /* ((struct authdes_cred *) NULL); */
-}
-
-static Bool
-TsolCheckNetName (unsigned char *addr, short len, void *closure)
-{
- return (len == (short) strlen ((char *) closure) &&
- strncmp ((char *) addr, (char *) closure, len) == 0);
-}
-
-extern int getdomainname(char *, int);
-
-static XID
-TsolCheckAuthorization(unsigned int name_length, char *name,
- unsigned int data_length, char *data,
- ClientPtr client, const char **reason)
-{
- char domainname[128];
- char netname[128];
- char audit_ret;
- uint_t audit_val;
- uid_t client_uid;
- gid_t client_gid;
- int client_gidlen;
- char *fullname;
- gid_t client_gidlist;
- XID auth_token = (XID)(-1);
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- if (tsolinfo->uid == (uid_t) -1) {
- /* Retrieve uid from SecureRPC */
- if (strncmp(name, SECURE_RPC_AUTH, (size_t)name_length) == 0) {
- fullname = tsol_authdes_decode(data, data_length);
- if (fullname == NULL) {
- ErrorF("Unable to authenticate Secure RPC client");
- } else {
- if (netname2user(fullname,
- &client_uid, &client_gid,
- &client_gidlen, &client_gidlist)) {
- tsolinfo->uid = client_uid;
- } else {
- ErrorF("netname2user failed");
- }
- }
- }
- }
-
- if (tsolinfo->uid == (uid_t)-1) {
- tsolinfo->uid = UID_NOBODY; /* uid not available */
- }
-
- /*
- * For multilevel desktop, limit connections to the trusted path
- * i.e. global zone until a user logs in and the trusted stripe
- * is in place. Unlabeled connections are rejected.
- */
- if ((OwnerUID == (uid_t)(-1)) || (tsolMultiLevel && tpwin == NULL)) {
- if (HasTrustedPath(tsolinfo)) {
- auth_token = CheckAuthorization(name_length, name, data_length,
- data, client, reason);
- }
- } else {
- /*
- * Workstation Owner set, client must be within label
- * range or have trusted path
- */
- if (tsolinfo->uid == OwnerUID) {
- if ((tsolinfo->sl != NULL &&
- (bldominates(tsolinfo->sl, &SessionLO) &&
- bldominates(&SessionHI, tsolinfo->sl))) ||
- (HasTrustedPath(tsolinfo))) {
- auth_token = (XID)(tsolinfo->uid);
- }
- } else {
- /* Allow root from global zone */
- if (tsolinfo->uid == 0 && HasTrustedPath(tsolinfo)) {
- auth_token = (XID)(tsolinfo->uid);
- } else {
- /*
- * Access check based on uid. Check if
- * roles or other uids have been added by
- * xhost +role@
- */
- getdomainname(domainname, sizeof(domainname));
- if (!user2netname(netname, tsolinfo->uid, domainname)) {
- return ((XID)-1);
- }
- if (ForEachHostInFamily (FamilyNetname, TsolCheckNetName,
- (void *) netname)) {
- return ((XID)(tsolinfo->uid));
- } else {
- return (CheckAuthorization(name_length, name, data_length,
- data, client, reason));
- }
- }
- }
- }
-
- /* Audit the connection */
- if (auth_token == (XID)(-1)) {
- audit_ret = (char )-1; /* failure */
- audit_val = 1;
- } else {
- audit_ret = 0; /* success */
- audit_val = 0;
- }
-
- if (au_preselect(AUE_ClientConnect, &(tsolinfo->amask),
- AU_PRS_BOTH, AU_PRS_USECACHE) == 1) {
- int status;
- ushort_t connect_port = 0;
- struct in_addr *connect_addr = NULL;
- struct sockaddr_in *sin;
- struct sockaddr_in6 *sin6;
-
- switch (tsolinfo->saddr.ss_family) {
- case AF_INET:
- sin = (struct sockaddr_in *)&(tsolinfo->saddr);
- connect_addr = &(sin->sin_addr);
- connect_port = sin->sin_port;
- break;
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *)&(tsolinfo->saddr);
- connect_addr = (struct in_addr *)&(sin6->sin6_addr);
- connect_port = sin6->sin6_port;
- break;
- }
-
- if (connect_addr == NULL || connect_port == 0) {
- status = auditwrite(AW_EVENTNUM, AUE_ClientConnect,
- AW_XCLIENT, client->index,
- AW_SLABEL, tsolinfo->sl,
- AW_RETURN, audit_ret, audit_val,
- AW_WRITE, AW_END);
- } else {
- status = auditwrite(AW_EVENTNUM, AUE_ClientConnect,
- AW_XCLIENT, client->index,
- AW_SLABEL, tsolinfo->sl,
- AW_INADDR, connect_addr,
- AW_IPORT, connect_port,
- AW_RETURN, audit_ret, audit_val,
- AW_WRITE, AW_END);
- }
-
- if (!status)
- (void) auditwrite(AW_FLUSH, AW_END);
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- }
-
- return (auth_token);
-}
-
-static CALLBACK(
-TsolProcessKeyboard)
-{
- XaceKeyAvailRec *rec = (XaceKeyAvailRec *) calldata;
- xEvent *xE = rec->event;
- DeviceIntPtr keybd = rec->keybd;
-/* int count = rec->count; */
- HotKeyPtr hotkey = TsolKeyboardPrivate(keybd);
-
- if (xE->u.u.type == KeyPress)
- {
- if (!hotkey->initialized)
- InitHotKey(keybd);
-
- if (((xE->u.u.detail == hotkey->key) &&
- (xE->u.keyButtonPointer.state != 0 &&
- xE->u.keyButtonPointer.state == hotkey->shift)) ||
- ((xE->u.u.detail == hotkey->altkey) &&
- (xE->u.keyButtonPointer.state != 0 &&
- xE->u.keyButtonPointer.state == hotkey->altshift)))
- {
- HandleHotKey(keybd);
- }
- }
-}
-
-static CALLBACK(
-TsolCheckSendAccess)
-{
- XaceSendAccessRec *rec = (XaceSendAccessRec *) calldata;
- ClientPtr client = rec->client;
- WindowPtr pWin = rec->pWin;
- TsolResPtr tsolres;
- xpolicy_t flags;
- TsolInfoPtr tsolinfo;
-
- rec->status = BadAccess;
- if (client == NULL) {
- rec->status = Success;
- return;
- }
-
- if (WindowIsRoot(pWin) || XTSOLTrusted(pWin)) {
- rec->status = Success;
- return;
- }
-
- tsolinfo = GetClientTsolInfo(client);
- tsolres = TsolWindowPrivate(pWin);
- flags = (TSOL_MAC|TSOL_DAC|TSOL_DOMINATE|TSOL_READOP);
- rec->status = tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE);
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
- if (rec->status != Success) {
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "TsolCheckSendAccess(%s, %s) = %s\n",
- tsolinfo->pname,
- TsolRequestNameString(MAJOROP_CODE),
- TsolErrorNameString(rec->status));
- }
-
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-}
-
-static CALLBACK(
-TsolCheckReceiveAccess)
-{
- XaceReceiveAccessRec *rec = (XaceReceiveAccessRec *) calldata;
-
- rec->status = Success;
-}
-
-
-
-static CALLBACK(
-TsolCheckSelectionAccess)
-{
- XaceSelectionAccessRec *rec = (XaceSelectionAccessRec *) calldata;
- ClientPtr client = rec->client;
- Selection *pSel = *rec->ppSel;
- Atom selAtom = pSel->selection;
- Mask access_mode = rec->access_mode;
- int reqtype;
- TsolResPtr tsolseln;
- TsolInfoPtr tsolinfo; /* tsol client info */
- tsolinfo = GetClientTsolInfo(client);
- int polySelection = PolySelection(selAtom);
-
- reqtype = MAJOROP_CODE;
-
- switch (reqtype) {
- case X_SetSelectionOwner:
- /*
- * Special processing for selection agent. This is how
- * we know who to redirect privileged ConvertSelection requests.
- * This is also used to fake the onwership of GetSelectionOwner requests.
- */
- if (selAtom == tsol_atom_sel_agnt) {
- if (HasWinSelection(tsolinfo)) {
- if (tsolinfo->flags & TSOL_AUDITEVENT)
- auditwrite(AW_USEOFPRIV, 1, PRIV_WIN_SELECTION,
- AW_APPEND, AW_END);
- tsol_sel_agnt = pSel; /* owner of this seln */
- } else {
- if (tsolinfo->flags & TSOL_AUDITEVENT)
- auditwrite(AW_USEOFPRIV, 0, PRIV_WIN_SELECTION,
- AW_APPEND, AW_END);
- client->errorValue = selAtom;
- rec->status = BadAtom;
- return;
- }
- }
-
- /*
- * The callback function is only called if at least one matching selection exists.
- * If it has no tsol attributes then we know it is the only match so we don't need to
- * check for polyinstantiation. Just initialize it and return.
- */
-
- tsolseln = TsolSelectionPrivate(pSel);
-
- if (tsolseln->sl == NULL) {
- tsolseln->sl = tsolinfo->sl;
- tsolseln->uid = tsolinfo->uid;
- break;
- }
-
- if (polySelection) {
-
- /* for poly-selections, search from the beginning to see if sl,uid match */
- for (pSel = CurrentSelections; pSel; pSel = pSel->next) {
-
- if (pSel->selection == selAtom) {
- tsolseln = TsolSelectionPrivate(pSel);
- if (tsolseln->uid == tsolinfo->uid &&
- tsolseln->sl == tsolinfo->sl)
- break;
- }
- }
-
- if (pSel) {
- /* found a match */
- *rec->ppSel = pSel;
- } else {
- /*
- * Doesn't match yet; we'll get called again
- * After it gets created.
- */
- rec->status = BadMatch;
- }
- } else {
- /* Assign the sl & uid */
- tsolseln->sl = tsolinfo->sl;
- tsolseln->uid = tsolinfo->uid;
- }
- break;
-
- case X_GetSelectionOwner:
- case X_ConvertSelection:
- if (polySelection) {
-
- /* for poly-selections, search from the beginning to see if sl,uid match */
- for (pSel = CurrentSelections; pSel; pSel = pSel->next) {
-
- if (pSel->selection == selAtom) {
- tsolseln = TsolSelectionPrivate(pSel);
- if (tsolseln->uid == tsolinfo->uid &&
- tsolseln->sl == tsolinfo->sl)
- break;
- }
- }
-
- if (pSel) {
- *rec->ppSel = pSel; /* found match */
- } else {
- /*
- * Doesn't match yet; we'll get called again
- * After it gets created.
- */
- rec->status = BadMatch;
- return;
- }
- }
-
- /*
- * Selection Agent processing. Override the owner
- */
- tsolseln = TsolSelectionPrivate(pSel);
- if (!HasWinSelection(tsolinfo) &&
- (tsolseln->uid != tsolinfo->uid ||
- tsolseln->sl != tsolinfo->sl) &&
- pSel->window != None && tsol_sel_agnt != NULL) {
- pSel = tsol_sel_agnt;
- } else {
- if (HasWinSelection(tsolinfo) &&
- (tsolinfo->flags & TSOL_AUDITEVENT)) {
- auditwrite(AW_USEOFPRIV, 1, PRIV_WIN_SELECTION, AW_APPEND, AW_END);
- }
- }
- *rec->ppSel = pSel;
- break;
-
- default:
-#ifndef NO_TSOL_DEBUG_MESSAGES
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_NOT_IMPLEMENTED, TSOL_MSG_UNIMPLEMENTED,
- TSOL_LOG_PREFIX
- "policy not implemented for CheckSelectionAccess(%s, %s, %s, %s) = %s\n",
- tsolinfo->pname,
- TsolDixAccessModeNameString(access_mode),
- TsolRequestNameString(reqtype),
- NameForAtom(selAtom),
- TsolErrorNameString(rec->status));
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
- break;
- }
-}
-
-static CALLBACK(
-TsolCheckPropertyAccess)
-{
- XacePropertyAccessRec *rec = (XacePropertyAccessRec *) calldata;
- ClientPtr client = rec->client;
- WindowPtr pWin = rec->pWin;
- PropertyPtr pProp = *rec->ppProp;
- Atom propertyName = pProp->propertyName;
- Mask access_mode = rec->access_mode;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- int reqtype;
- TsolResPtr tsolprop;
- TsolResPtr tsolres;
- Status retcode;
- xpolicy_t flags = 0;
-
- reqtype = MAJOROP_CODE;
- tsolres = TsolWindowPrivate(pWin);
- if (pProp != NULL) {
- int polyprop = PolyProperty(propertyName, pWin);
-
- tsolprop = TsolPropertyPrivate(pProp);
-
- if (!polyprop) {
-
- tsolres = TsolWindowPrivate(pWin);
- if (tsolprop->sl == NULL) {
- /* Initialize with label/uid etc */
- if (WindowIsRoot(pWin)) {
- tsolprop->sl = tsolinfo->sl; /* use client's sl/uid */
- tsolprop->uid = tsolinfo->uid;
- tsolprop->pid = tsolinfo->pid;
- if (client == serverClient)
- tsolprop->internal = TRUE;
- else
- tsolprop->internal = FALSE;
- } else {
- tsolprop->sl = tsolres->sl; /* use window's sl/uid */
- tsolprop->uid = tsolres->uid;
- tsolprop->pid = tsolres->pid;
- }
- }
-
- if (access_mode & (DixReadAccess | DixGetAttrAccess))
- flags = (TSOL_MAC|TSOL_DAC|TSOL_DOMINATE|TSOL_READOP);
-
- if (access_mode & (DixWriteAccess | DixSetAttrAccess))
- flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP);
-
- retcode = tsol_check_policy(tsolinfo, tsolprop, flags, MAJOROP_CODE);
- if (retcode != Success && (access_mode & DixGetAttrAccess)) {
- /* If current property is not accessible, move on to
- * next one for ListProperty
- */
- retcode = Success;
- *rec->ppProp = pProp->next; /* ignore failurefor List Prop */
- }
- rec->status = retcode;
- } else {
- /* Handle polyinstantiated property */
- if (tsolprop->sl == NULL) { /* New PolyProp */
- if (!(access_mode & DixCreateAccess)) {
- rec->status = BadImplementation;
- return;
- }
- /* Initialize with label/uid */
- tsolprop->sl = tsolinfo->sl;
- tsolprop->uid = tsolinfo->uid;
- rec->status = Success;
- } else {
- /* search for a matching (sl, uid) pair */
- while (pProp) {
- tsolprop = TsolPropertyPrivate(pProp);
- if (pProp->propertyName == propertyName &&
- tsolprop->sl == tsolinfo->sl &&
- tsolprop->uid == tsolinfo->uid)
- break; /* match found */
- pProp = pProp->next;
- }
-
- if (pProp) {
- *rec->ppProp = pProp; /* found */
- rec->status = Success;
- } else {
- rec->status = BadMatch;
- }
- }
- }
-#ifndef NO_TSOL_DEBUG_MESSAGES
- LogMessageVerb(X_INFO, TSOL_MSG_ACCESS_TRACE,
- TSOL_LOG_PREFIX
- "TsolCheckPropertyAccess(%s, 0x%x, %s, %s) = %s\n",
- tsolinfo->pname, pWin->drawable.id,
- NameForAtom(propertyName),
- TsolDixAccessModeNameString(access_mode),
- TsolPolicyReturnString(rec->status));
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
- }
-}
-
-static CALLBACK(
-TsolCheckExtensionAccess)
-{
- XaceExtAccessRec *rec = (XaceExtAccessRec *) calldata;
-
- if (TsolDisabledExtension(rec->ext->name)) {
- rec->status = BadAccess;
- } else {
- rec->status = Success;
- }
-}
-
-#ifdef UNUSED
-/*
- * Return TRUE if host is cipso
- */
-int
-host_is_cipso(int fd)
-{
- struct sockaddr sname;
- socklen_t namelen;
- char *rhost;
- tsol_host_type_t host_type;
- struct sockaddr_in *so = (struct sockaddr_in *)&sname;
- extern tsol_host_type_t tsol_getrhtype(char *);
-
- namelen = sizeof (sname);
- if (getpeername(fd, &sname, &namelen) == -1) {
- perror("getsockname: failed\n");
- return FALSE;
- }
-
- rhost = inet_ntoa(so->sin_addr);
- host_type = tsol_getrhtype(rhost);
- if (host_type == SUN_CIPSO) {
- return TRUE;
- }
-
- return FALSE;
-}
-#endif
--- a/open-src/xserver/xorg/sun-src/tsol/tsolextension.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifndef _XORG_TSOL_EXTENSION_H
-#define _XORG_TSOL_EXTENSION_H
-
-/*
- * tsol extension interfaces exposed to the core X server
- */
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include <X11/Xproto.h>
-
-#define _XTSOL_SERVER
-#include <X11/extensions/Xtsol.h>
-#include <X11/extensions/Xtsolproto.h>
-
-/* tsolextension.c */
-_X_EXPORT extern void TsolExtensionInit(void);
-#endif /* _XORG_TSOL_EXTENSION_H */
--- a/open-src/xserver/xorg/sun-src/tsol/tsolinfo.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,365 +0,0 @@
-/*
- * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-
-#ifndef _TSOL_INFO_H
-#define _TSOL_INFO_H
-
-#include <sys/types.h>
-
-#include <tsol/label.h>
-#include <sys/tsol/tndb.h>
-#include <bsm/audit.h>
-#include <sys/mkdev.h>
-#include <ucred.h>
-#include "misc.h"
-#include "dixstruct.h"
-#include "selection.h"
-#include "globals.h"
-#include <X11/keysym.h>
-
-/*********************************
- *
- * DEBUG INFO
- *
- *********************************/
-
-/* Message verbosity levels passed to os/log.c functions
- * Level 0 messages are printed by all servers to stderr.
- * Xorg defaults to logging messages in 0-3 to /var/log/Xorg.<display>.log
- * Ranges of messages to print to stderr can be changed with Xorg -verbose N
- * and Xephyr -verbosity N
- * Ranges of messages to print to log can be changed with Xorg -logverbose N
- * Other servers don't support runtime configuration of log messages yet.
- */
-
-#define TSOL_MSG_ERROR 0 /* Always printed */
-#define TSOL_MSG_WARNING 4
-#define TSOL_MSG_POLICY_DENIED 5
-#define TSOL_MSG_UNIMPLEMENTED 6
-#define TSOL_MSG_ACCESS_TRACE 7
-
-#define TSOL_LOG_PREFIX TSOLNAME ": "
-extern const char *TsolDixAccessModeNameString(Mask access_mode);
-extern const char *TsolErrorNameString(int req);
-extern const char *TsolPolicyReturnString(int pr);
-extern const char *TsolRequestNameString(int req);
-extern const char *TsolResourceTypeString(RESTYPE resource);
-
-#define MAXNAME 64 /* 63 chars of process name stored */
-
-/*********************************
- *
- * CONSTANTS
- *
- *********************************/
-
-
-/*
- * X audit events start from 9101 in audit_uevents.h. The first 2 events
- * are non-protocol ones viz. ClientConnect, mapped to 9101 and
- * ClientDisconnect, mapped to 9102.
- * The protocol events are mapped from 9103 onwards in the serial order
- * of their respective protocol opcode, for eg, the protocol UngrabPointer
- * which is has a protocol opcode 27 is mapped to 9129 (9102 + 27).
- * All extension protocols are mapped to a single audit event AUE_XExtension
- * as opcodes are assigined dynamically to these protocols. We set the
- * extension protocol opcode to be 128, one more than the last standard opcode.
- */
-#define XAUDIT_Q_SIZE 1024 /* audit queue size for x server */
-#define XAUDIT_OFFSET 9102
-#define XAUDIT_EXTENSION 128
-
-#define MAX_CLIENT 256
-#define MAX_SLS 256 /* used in atom */
-#define MAX_POLYPROPS 128 /* used in property */
-#define DEF_UID (uid_t)0 /* uid used for default objects */
-#define INVALID_UID (uid_t)0xFFFF /* invalid uid */
-/*
- * Various flags for TsolInfoRec, TsolResRec
- */
-#define TSOL_IIL 0x0000001 /* iil changed for window */
-#define TSOL_DOXAUDIT 0x0000002 /* write X audit rec if set */
-#define TSOL_AUDITEVENT 0x0000004 /* this event mask selected for audit */
-#define CONFIG_AUDITED 0x0000008 /* this priv has been asserted for */
-#define DAC_READ_AUDITED 0x0000010 /* the same object before */
-#define DAC_WRITE_AUDITED 0x0000020
-#define MAC_READ_AUDITED 0x0000040
-#define MAC_WRITE_AUDITED 0x0000080
-#define TRUSTED_MASK 0x0000100 /* Window has Trusted Path */
-
-/*
- * Polyinstantiated property/selections
- */
-#define POLY_SIZE 16 /* increase the list 16 at a time */
-#define CONFIG_PRIV_FILE "config.privs"
-#define CONFIG_EXTENSION_FILE "config.extensions"
-
-#define PROCVECTORSIZE (256)
-
-enum tsolconfig_types {
- TSOL_ATOM = 0,
- TSOL_PROPERTY,
- TSOL_SELECTION,
- TSOL_EXTENSION,
- TSOL_PRIVILEGE
-};
-
-#define MAJOROP_CODE (client->requestBuffer != 0 ? MAJOROP : (-1))
-
-typedef enum tsolconfig_types tsolconfig_t;
-
-/*
- * Masks corresponding various types
- */
-#define TSOLM_ATOM 1
-#define TSOLM_PROPERTY (1 << 1)
-#define TSOLM_SELECTION (1 << 2)
-
-#define SL_SIZE blabel_size()
-
-/*********************************
- *
- * MACROS
- *
- *********************************/
-
-
-#define WindowIsRoot(pWin) (pWin && (pWin->parent == NullWindow))
-#define DrawableIsRoot(pDraw)\
- (pDraw && (pDraw->id == pDraw->pScreen->root->drawable.id))
-
-/*
- * True if client is part of TrustedPath
- */
-#define HasTrustedPath(tsolinfo)\
- (tsolinfo->trusted_path ||\
- (tsolinfo->forced_trust == 1))
-
-#define XTSOLTrusted(pWin) \
- ((TsolWindowPrivate(pWin))->flags & TRUSTED_MASK)
-
-
-/*********************************
- *
- * DATA STRUCTURES
- *
- *********************************/
-enum client_types {
- CLIENT_LOCAL,
- CLIENT_REMOTE
-};
-
-typedef enum client_types client_type_t;
-
-/*
- * Extended attributes for each client.
- * Most of the information comes from getpeerucred()
- */
-typedef struct _TsolInfo {
- uid_t uid; /* real user id */
- uid_t euid; /* effective user id */
- gid_t gid; /* real group id */
- gid_t egid; /* effective group id */
- pid_t pid; /* process id */
- zoneid_t zid; /* zone id */
- priv_set_t *privs; /* privileges */
- bslabel_t *sl; /* sensitivity label */
- ulong_t iaddr; /* internet addr */
- Bool trusted_path; /* has trusted path */
- Bool priv_debug; /* do privilege debugging */
- ulong_t flags; /* various flags */
- int forced_trust; /* client masked as trusted */
- au_id_t auid; /* audit id */
- au_mask_t amask; /* audit mask */
- au_asid_t asid; /* audit session id */
- client_type_t client_type; /* Local or Remote client */
- int asaverd;
- struct sockaddr_storage saddr; /* socket information */
- char pname[MAXNAME]; /* process name for debug messages */
-} TsolInfoRec, *TsolInfoPtr;
-
-/*
- * per resource info
- */
-typedef struct _TsolRes {
- bslabel_t *sl; /* sensitivity label */
- uid_t uid; /* user id */
- ulong_t flags; /* various flags */
- pid_t pid; /* who created it */
- Bool internal; /* Created internally by the server */
- Bool poly; /* Polyinstantiated or not. Applicable
- to selection or properties */
-} TsolResRec, *TsolResPtr;
-
-/*
- * per keyboard info:
- * Hot Key structure caches keycode/mask for primary & alternate Hot Keys
- */
-typedef struct _HotKeyRec {
- int initialized;
- KeyCode key; /* Primary key */
- unsigned shift; /* Primary modifier/shift */
- KeyCode altkey; /* Alternate key */
- unsigned altshift; /* Alternate modifier/shift */
-} HotKeyRec, *HotKeyPtr;
-
-
-/*
- * information stored in devPrivates
- */
-extern _X_HIDDEN DevPrivateKeyRec tsolClientPrivateKeyRec;
-#define tsolClientPrivateKey (&tsolClientPrivateKeyRec)
-
-extern _X_HIDDEN DevPrivateKeyRec tsolPixmapPrivateKeyRec;
-#define tsolPixmapPrivateKey (&tsolPixmapPrivateKeyRec)
-
-extern _X_HIDDEN DevPrivateKeyRec tsolWindowPrivateKeyRec;
-#define tsolWindowPrivateKey (&tsolWindowPrivateKeyRec)
-
-extern _X_HIDDEN DevPrivateKeyRec tsolPropertyPrivateKeyRec;
-#define tsolPropertyPrivateKey (&tsolPropertyPrivateKeyRec)
-
-extern _X_HIDDEN DevPrivateKeyRec tsolSelectionPrivateKeyRec;
-#define tsolSelectionPrivateKey (&tsolSelectionPrivateKeyRec)
-
-/* Currently only used in keyboard devices */
-extern _X_HIDDEN DevPrivateKeyRec tsolDevicePrivateKeyRec;
-#define tsolDevicePrivateKey (&tsolDevicePrivateKeyRec)
-
-static inline TsolInfoPtr
-TsolClientPrivate (ClientPtr pClient)
-{
- return (TsolInfoPtr) dixLookupPrivate(&(pClient->devPrivates),
- tsolClientPrivateKey);
-}
-
-static inline TsolResPtr
-TsolPixmapPrivate (PixmapPtr pPix)
-{
- return (TsolResPtr) dixLookupPrivate(&(pPix->devPrivates),
- tsolPixmapPrivateKey);
-}
-
-static inline TsolResPtr
-TsolWindowPrivate (WindowPtr pWin)
-{
- return (TsolResPtr) dixLookupPrivate(&(pWin->devPrivates),
- tsolWindowPrivateKey);
-}
-
-static inline TsolResPtr
-TsolPropertyPrivate (PropertyPtr pProp)
-{
- return (TsolResPtr) dixLookupPrivate(&(pProp->devPrivates),
- tsolPropertyPrivateKey);
-}
-
-static inline TsolResPtr
-TsolSelectionPrivate (Selection *pSel)
-{
- return (TsolResPtr) dixLookupPrivate(&(pSel->devPrivates),
- tsolSelectionPrivateKey);
-}
-
-static inline HotKeyPtr
-TsolKeyboardPrivate (DeviceIntPtr pDev)
-{
- return (HotKeyPtr) dixLookupPrivate(&(pDev->devPrivates),
- tsolDevicePrivateKey);
-}
-
-
-#define NODE_SLSIZE 256 /* increase sl array by this amount */
-typedef struct _TsolNodeRec {
- unsigned int flags;
- int slcount; /* no. of SLs referenced */
- int slsize; /* size of the sl array */
- int IsSpecial;
- bslabel_t **sl;
-
-} TsolNodeRec, *TsolNodePtr;
-
-/*
- * if polyinst true, the name list is polyinstantiated
- * if false, the everything except the list is polyinstantiated
- * NOTE: Default for seln: polyinstantiate the list
- * Default for prop: polyinstantiate everything except the list
- */
-typedef struct _TsolPolyAtom {
- int polyinst;
- int size; /* max size of the list */
- int count; /* how many are actually valid */
- char **name;
-} TsolPolyAtomRec, *TsolPolyAtomPtr;
-
-/*
- * PolyInstInfo represents if a get request will match the
- * client's sl,uid for this or it will use the polyinstinfo
- * information to retrieve values for prop/selection
- */
-typedef struct _TsolPolyInstInfo {
- int enabled; /* if true use following sl, uid */
- uid_t uid;
- bslabel_t *sl;
-} TsolPolyInstInfoRec, *TsolPolyInstInfoPtr;
-
-
-/*********************************
- *
- * EXTERNS
- *
- *********************************/
-
-
-extern int PolyProperty(Atom atom, WindowPtr pWin);
-extern int PolySelection(Atom atom);
-extern TsolPolyInstInfoRec tsolpolyinstinfo;
-extern uid_t OwnerUID; /* Workstation owner uid */
-
-/*********************************
- *
- * FUNCTION PROTOTYPES
- *
- *********************************/
-
-
-void TsolReadPolyAtoms(char *filename, TsolPolyAtomPtr polyatomptr);
-extern WindowPtr TopClientWin(WindowPtr pWin);
-extern WindowPtr RootWin(WindowPtr pWin);
-extern Window RootOf(WindowPtr pWin);
-extern Window RootOfClient(WindowPtr pWin);
-extern int TsolDisabledExtension(const char *extname);
-extern int MatchTsolConfig(const char *name, int len);
-extern int HasWinSelection(TsolInfoPtr tsolinfo);
-extern int same_client (ClientPtr client, XID xid);
-extern int client_private (ClientPtr client, XID xid);
-extern bslabel_t *lookupSL_low(void);
-extern bslabel_t *lookupSL(bslabel_t *slptr);
-extern BoxPtr WindowExtents(WindowPtr pWin, BoxPtr pBox);
-extern Bool ShapeOverlap(WindowPtr pWin, BoxPtr pWinBox,
- WindowPtr pSib, BoxPtr pSibBox);
-extern TsolResPtr TsolDrawablePrivate(DrawablePtr pDraw, ClientPtr client);
-
-#endif /* _TSOL_INFO_H */
--- a/open-src/xserver/xorg/sun-src/tsol/tsolpolicy.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,842 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include "auditwrite.h"
-#include <bsm/audit_kevents.h>
-#include <bsm/audit_uevents.h>
-#include <X11/Xproto.h>
-#include "dix.h"
-#include "misc.h"
-#include "scrnintstr.h"
-#include "os.h"
-#include "regionstr.h"
-#include "validate.h"
-#include "windowstr.h"
-#include "propertyst.h"
-#include "input.h"
-#include "inputstr.h"
-#include "resource.h"
-#include "colormapst.h"
-#include "cursorstr.h"
-#include "dixstruct.h"
-#include "selection.h"
-#include "gcstruct.h"
-#include "servermd.h"
-#include <syslog.h>
-#include "extnsionst.h"
-#include "registry.h"
-#include "xace.h"
-#include "xacestr.h"
-#ifdef PANORAMIX
-#include "../Xext/panoramiXsrv.h"
-#endif
-#include "tsol.h"
-#include "tsolinfo.h"
-#include "tsolpolicy.h"
-
-priv_set_t *pset_win_mac_write = NULL;
-priv_set_t *pset_win_dac_write = NULL;
-priv_set_t *pset_win_config = NULL;
-
-static priv_set_t *pset_win_mac_read = NULL;
-static priv_set_t *pset_win_dac_read = NULL;
-static priv_set_t *pset_win_devices = NULL;
-static priv_set_t *pset_win_fontpath = NULL;
-static priv_set_t *pset_win_colormap = NULL;
-static priv_set_t *pset_win_upgrade_sl = NULL;
-static priv_set_t *pset_win_downgrade_sl = NULL;
-static priv_set_t *pset_win_selection = NULL;
-
-#define SAMECLIENT(client, xid) ((client)->index == CLIENT_ID(xid))
-
-/* Unless NO_TSOL_DEBUG_MESSAGES is defined, admins will be able to enable
- debugging messages at runtime via Xorg -logverbose */
-#ifndef NO_TSOL_DEBUG_MESSAGES
-static char *xsltos(bslabel_t *sl);
-
-#endif /* NO_TSOL_DEBUG_MESSAGES */
-
-extern int tsol_mac_enabled;
-
-static void
-set_audit_flags(TsolInfoPtr tsolinfo)
-{
- if (tsolinfo->flags & TSOL_AUDITEVENT)
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- if (!(tsolinfo->flags & TSOL_DOXAUDIT))
- tsolinfo->flags |= TSOL_DOXAUDIT;
-
-}
-
-static void
-unset_audit_flags(TsolInfoPtr tsolinfo)
-{
- if (tsolinfo->flags & TSOL_AUDITEVENT)
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- if (tsolinfo->flags & TSOL_DOXAUDIT)
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
-
-}
-/*
- * returns
- * TRUE - if client/subject has the required privilege
- * FALSE - otherwise
- */
-
-Bool
-client_has_privilege(TsolInfoPtr tsolinfo, priv_set_t *priv)
-{
-
- if (tsolinfo->privs == NULL) {
- return TRUE; /* server itself */
- }
-
- if (priv_issubset(priv, tsolinfo->privs)) {
- if (tsolinfo->flags & TSOL_AUDITEVENT) {
- auditwrite(AW_USEOFPRIV, AUDIT_SUCCESS, priv,
- AW_APPEND, AW_END);
- }
-
- return TRUE;
- } else
- return FALSE;
-}
-
-int
-tsol_check_policy(TsolInfoPtr tsolinfo, TsolResPtr tsolres,
- xpolicy_t flags, int reqcode)
-{
- int status = BadAccess;
-
- /* Check for Trusted Path (TP) */
- if (flags & TSOL_TP) {
- if (HasTrustedPath(tsolinfo)) {
- status = Success;
- } else {
- goto bad;
- }
- }
-
- /* Check for Mandatory Access Control (MAC) */
- if (tsol_mac_enabled & flags & TSOL_MAC) {
- if (flags & TSOL_READOP) {
- if (blequal(tsolinfo->sl, tsolres->sl) ||
- (blequal(tsolres->sl, &PublicObjSL) &&
- reqcode != X_GetImage) ||
- ((flags & TSOL_DOMINATE) &&
- bldominates(tsolinfo->sl, tsolres->sl)) ||
- client_has_privilege(tsolinfo, pset_win_mac_read) ||
- HasTrustedPath(tsolinfo)) {
-
- status = Success;
- } else {
- goto bad;
- }
- }
-
- if (flags & TSOL_WRITEOP) {
- if (blequal(tsolinfo->sl, tsolres->sl) ||
- client_has_privilege(tsolinfo, pset_win_mac_write)) {
- status = Success;
- } else {
- goto bad;
- }
- }
- }
-
- /* Check for Discretionary Access Control (DAC) */
- if (flags & TSOL_DAC) {
- if (flags & TSOL_READOP) {
- if ((tsolinfo->uid == tsolres->uid) ||
- tsolres->internal ||
- ((tsolres->uid == OwnerUID) &&
- /* ((tsolres->uid == OwnerUID || tsolres->uid == DEF_UID) && */
- blequal(tsolres->sl, &PublicObjSL)) ||
- client_has_privilege(tsolinfo, pset_win_dac_read)) {
-
- status = Success;
- } else {
- goto bad;
- }
- }
-
- if (flags & TSOL_WRITEOP) {
- if ((tsolinfo->uid == tsolres->uid) ||
- (tsolinfo->uid == OwnerUID &&
- reqcode == X_ChangeWindowAttributes) ||
- client_has_privilege(tsolinfo, pset_win_dac_write)) {
-
- status = Success;
- } else {
- goto bad;
- }
- }
- }
-
- return Success;
-
-bad:
- /* Access denied */
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "tsol_check_policy(%s, %s, %d, pid=%d, %s, %d, %s) = %s\n",
- tsolinfo->pname, xsltos(tsolinfo->sl), tsolinfo->uid,
- tsolres->pid, xsltos(tsolres->sl), tsolres->uid,
- TsolRequestNameString(reqcode),
- "BadAccess");
-
- return BadAccess;
-}
-
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
-/*
- * Converts SL to string
- */
-static char *
-xsltos(bslabel_t *sl)
-{
- char *slstring = NULL;
-
- if (bsltos(sl, &slstring, 0,
- VIEW_INTERNAL|SHORT_CLASSIFICATION | LONG_WORDS | ALL_ENTRIES) <= 0)
- return (NULL);
- else
- return slstring;
-}
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-
-
-/*
- * Allocate a single privilege set
- */
-static priv_set_t *
-alloc_win_priv(const char *priv)
-{
- priv_set_t *pset;
-
- if ((pset = priv_allocset()) == NULL) {
- perror("priv_allocset");
- FatalError("Cannot allocate privilege set");
- }
- priv_emptyset(pset);
- priv_addset(pset, priv);
-
- return pset;
-}
-
-/*
- * Initialize all string window privileges to the binary equivalent.
- * Binary privilege testing is much faster than the string testing
- */
-void
-init_win_privsets(void)
-{
-
- pset_win_mac_read = alloc_win_priv(PRIV_WIN_MAC_READ);
- pset_win_mac_write = alloc_win_priv(PRIV_WIN_MAC_WRITE);
- pset_win_dac_read = alloc_win_priv(PRIV_WIN_DAC_READ);
- pset_win_dac_write = alloc_win_priv(PRIV_WIN_DAC_WRITE);
- pset_win_config = alloc_win_priv(PRIV_WIN_CONFIG);
- pset_win_devices = alloc_win_priv(PRIV_WIN_DEVICES);
- pset_win_fontpath = alloc_win_priv(PRIV_WIN_FONTPATH);
- pset_win_colormap = alloc_win_priv(PRIV_WIN_COLORMAP);
- pset_win_upgrade_sl = alloc_win_priv(PRIV_WIN_UPGRADE_SL);
- pset_win_downgrade_sl = alloc_win_priv(PRIV_WIN_DOWNGRADE_SL);
- pset_win_selection = alloc_win_priv(PRIV_WIN_SELECTION);
-}
-
-void
-free_win_privsets(void)
-{
- priv_freeset(pset_win_mac_read);
- priv_freeset(pset_win_mac_write);
- priv_freeset(pset_win_dac_read);
- priv_freeset(pset_win_dac_write);
- priv_freeset(pset_win_config);
- priv_freeset(pset_win_devices);
- priv_freeset(pset_win_fontpath);
- priv_freeset(pset_win_colormap);
- priv_freeset(pset_win_upgrade_sl);
- priv_freeset(pset_win_downgrade_sl);
- priv_freeset(pset_win_selection);
-}
-
-int
-HasWinSelection(TsolInfoPtr tsolinfo)
-{
- return (priv_issubset(pset_win_selection, (tsolinfo->privs)));
-}
-
-void
-TsolCheckDrawableAccess(CallbackListPtr *pcbl, void *nulldata, void *calldata)
-{
- XaceResourceAccessRec *rec = calldata;
- ClientPtr client = rec->client;
- XID id = rec->id;
- RESTYPE rtype = rec->rtype;
- Mask access_mode = rec->access_mode;
- DeviceIntPtr device = PickPointer(client);
- WindowPtr pWin;
- PixmapPtr pMap;
- Mask modes;
- int obj_code;
- int status;
- int err_code;
-
- Mask check_mode = access_mode;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- TsolResPtr tsolres = NULL;
- xpolicy_t flags;
- int reqtype;
-
- if (client->requestBuffer) {
- reqtype = MAJOROP; /* protocol */
- } else {
- reqtype = -1;
- }
-
- status = BadAccess;
-
- switch (rtype) {
- case RT_WINDOW:
- obj_code = AW_XWINDOW;
- pWin = (WindowPtr ) (rec->res);
- tsolres = TsolWindowPrivate(pWin);
- err_code = BadWindow;
- break;
- case RT_PIXMAP:
- obj_code = AW_XPIXMAP;
- pMap = (PixmapPtr ) (rec->res);
- tsolres = TsolPixmapPrivate(pMap);
- err_code = BadDrawable;
- break;
- }
-
- /* Ignore unlabeled resources */
- if (tsolres->sl == NULL) {
- tsolres->sl= tsolinfo->sl;
- tsolres->uid = tsolinfo->uid;
- tsolres->pid = tsolinfo->pid;
- }
-
- switch (reqtype) {
- case X_GetImage:
- case X_CopyArea:
- case X_CopyPlane:
- /*
- * Image operations are allowed here for lookup reasons.
- * The actual policy enforcement is in the protocol handler.
- */
- if (check_mode & DixReadAccess) {
- status = Success;
- check_mode &= ~DixReadAccess;
- }
- break;
-
-
- case X_ClearArea:
- if (check_mode & DixWriteAccess) {
- status = Success;
- check_mode &= ~DixWriteAccess;
- }
- break;
-
- case X_GrabPointer:
- case X_UngrabPointer:
- case X_GrabKeyboard:
- case X_UngrabKeyboard:
- case X_GrabKey:
- case X_UngrabKey:
- case X_GrabButton:
- case X_UngrabButton:
- case X_WarpPointer:
- /*
- * Allow pointer grab on root window, as long as
- * pointer is currently in a window owned by
- * requesting client.
- */
-
- if (WindowIsRoot(pWin)) {
- pWin = GetSpriteWindow(device);
- tsolres = TsolWindowPrivate(pWin);
- }
- break;
-
- case X_ChangeSaveSet:
- modes = (DixManageAccess|DixSetAttrAccess);
- if (check_mode & modes) {
- if (priv_win_config ||
- client_has_privilege(tsolinfo, pset_win_config)) {
- status = Success;
- }
- check_mode &= ~modes;
-
- }
- break;
-
- }
-
- {
- /* Perform the standard MAC/DAC tests here */
- modes = (DixAddAccess|DixRemoveAccess|DixReadAccess|DixGetAttrAccess|
- DixSetAttrAccess|
- DixGetPropAccess|DixListPropAccess|DixSetPropAccess);
- if (rtype == RT_WINDOW && check_mode & modes) {
- if (WindowIsRoot(pWin) || XTSOLTrusted(pWin)) {
- status = Success;
- check_mode &= ~modes;
- }
- }
-
- /* Newly created drawable. Initialize it. */
- if (check_mode & DixCreateAccess) {
- if (rtype == RT_WINDOW)
- TsolInitWindow(client, pWin);
- if (rtype == RT_PIXMAP)
- TsolInitPixmap(client, pMap);
-
- status = Success;
- check_mode &= ~(DixCreateAccess);
- }
-
- modes = (DixReadAccess|DixGetAttrAccess|
- DixShowAccess|DixHideAccess|
- DixListAccess|DixGetPropAccess|DixListPropAccess);
- if (check_mode & modes) {
- flags = (TSOL_MAC|TSOL_DAC|TSOL_READOP);
- if (reqtype == X_GetInputFocus)
- flags |= TSOL_DOMINATE;
- status = tsol_check_policy(tsolinfo, tsolres, flags, reqtype);
- check_mode &= ~modes;
- }
-
- modes = (DixWriteAccess|DixSetAttrAccess|DixDestroyAccess|
- DixManageAccess|
- DixGrabAccess|DixSetAttrAccess|DixSetPropAccess|
- DixAddAccess|DixRemoveAccess);
- if (check_mode & modes) {
- flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP);
- status = tsol_check_policy(tsolinfo, tsolres, flags, reqtype);
- check_mode &= ~modes;
- }
-
- /* Event access, actual policy is implemented in the hook */
- modes = (DixSendAccess|DixReceiveAccess);
- if (check_mode & modes) {
- status = Success;
- check_mode &= ~modes;
- }
- }
-
- if (tsolinfo->flags & TSOL_AUDITEVENT) {
- set_audit_flags(tsolinfo);
- auditwrite(obj_code, id, tsolres->uid,
- AW_SLABEL, tsolres->sl,
- AW_APPEND, AW_END);
- }
-
- if (status == Success)
- rec->status = Success;
- else
- rec->status = err_code;
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
- if (check_mode) { /* Any access mode bits not yet handled ? */
- LogMessageVerb(X_NOT_IMPLEMENTED, TSOL_MSG_UNIMPLEMENTED,
- TSOL_LOG_PREFIX
- "policy not implemented for TsolCheckWindowAccess, "
- "rtype=0x%x (%s), mode=0x%x (%s)\n",
- (int) rtype, TsolResourceTypeString(rtype),
- check_mode, TsolDixAccessModeNameString(check_mode));
- }
-
- if (rec->status != Success) {
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "TsolCheckDrawableAccess(%s, %s, 0x%x, %s, %s) = %s\n",
- tsolinfo->pname,
- TsolResourceTypeString(rtype), id,
- TsolDixAccessModeNameString(access_mode),
- TsolRequestNameString(reqtype),
- TsolErrorNameString(rec->status));
- }
-
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-
-}
-
-void
-TsolCheckXIDAccess(CallbackListPtr *pcbl, void *nulldata, void *calldata)
-{
- XaceResourceAccessRec *rec = calldata;
- ClientPtr client = rec->client;
- XID id = rec->id;
- RESTYPE rtype = rec->rtype;
- Mask access_mode = rec->access_mode;
- Mask modes;
- int object_code;
- int err_code;
-
- Mask check_mode = access_mode;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- int reqtype;
-
- if (client->requestBuffer) {
- reqtype = MAJOROP; /* protocol */
- } else {
- reqtype = -1;
- }
-
- switch (rtype) {
- case RT_FONT:
- err_code = BadFont;
- object_code = AW_XFONT;
- break;
- case RT_GC:
- err_code = BadGC;
- object_code = AW_XGC;
- break;
- case RT_CURSOR:
- err_code = BadCursor;
- object_code = AW_XCURSOR;
- break;
- case RT_COLORMAP:
- err_code = BadColor;
- object_code = AW_XCOLORMAP;
- break;
- default:
- err_code = BadValue;
- object_code = AW_END;
- break;
- }
-
- /* Anyone can create an object */
- if (check_mode & DixCreateAccess) {
- rec->status = Success;
- check_mode &= ~DixCreateAccess;
- }
-
- /* DAC check is based on client isolation */
- modes = (DixReadAccess|DixGetAttrAccess|DixUseAccess);
- if (check_mode & modes) {
- if (!client_private(client, id) &&
- (!client_has_privilege(tsolinfo, pset_win_dac_read))) {
- rec->status = err_code;
- }
- check_mode &= ~modes;
- }
-
- modes = (DixWriteAccess|DixSetAttrAccess|DixDestroyAccess);
- if (check_mode & modes) {
- if (!client_private(client, id) &&
- (!client_has_privilege(tsolinfo, pset_win_dac_write))) {
- rec->status = err_code;
- }
- check_mode &= ~modes;
- }
-
- if (tsolinfo->flags & TSOL_AUDITEVENT) {
- set_audit_flags(tsolinfo);
- auditwrite(object_code, (ulong_t)id, tsolinfo->uid,
- AW_APPEND, AW_END);
- }
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
- if (check_mode) { /* Any access mode bits not yet handled ? */
- LogMessageVerb(X_NOT_IMPLEMENTED, TSOL_MSG_UNIMPLEMENTED,
- TSOL_LOG_PREFIX
- "policy not implemented for TsolCheckXIDAccess, "
- "rtype=0x%x (%s), mode=0x%x (%s)\n",
- (int) rtype, TsolResourceTypeString(rtype),
- check_mode, TsolDixAccessModeNameString(check_mode));
- }
-
- if (rec->status != Success) {
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "TsolCheckXIDAccess(%s, %s, 0x%x, %s, %s) = %s\n",
- tsolinfo->pname,
- TsolResourceTypeString(rtype), id,
- TsolDixAccessModeNameString(access_mode),
- TsolRequestNameString(reqtype),
- TsolErrorNameString(rec->status));
- }
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-}
-
-void
-TsolCheckServerAccess(CallbackListPtr *pcbl, void *nulldata, void *calldata)
-{
- XaceServerAccessRec *rec = calldata;
- ClientPtr client = rec->client;
- Mask access_mode = rec->access_mode;
- Mask modes;
- int object_code = 0;
-
- Mask check_mode = access_mode;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- int reqtype;
-
- if (client->requestBuffer) {
- reqtype = MAJOROP; /* protocol */
- } else {
- reqtype = -1;
- }
-
- /* rec->status = Success; return; */
-
- rec->status = BadAccess;
-
- modes = (DixManageAccess);
- if (check_mode & modes) {
- switch (reqtype) {
- case X_SetFontPath:
- if (priv_win_fontpath ||
- client_has_privilege(tsolinfo,
- pset_win_fontpath)) {
- rec->status = Success;
- }
- object_code = AW_XFONT;
- break;
-
- case X_ChangeHosts:
- case X_SetAccessControl:
- if (priv_win_config ||
- client_has_privilege(tsolinfo,
- pset_win_config)) {
- rec->status = Success;
- }
- object_code = AW_XCLIENT;
- break;
- }
-
- check_mode &= ~modes;
-
- if (tsolinfo->flags & TSOL_AUDITEVENT && object_code != 0) {
- set_audit_flags(tsolinfo);
- auditwrite(object_code, (ulong_t)client->index,
- tsolinfo->uid,
- AW_SLABEL, tsolinfo->sl,
- AW_APPEND, AW_END);
- }
- }
-
- /* Allow get/read attributes, grab is enforced in protocol handler */
- modes = (DixReadAccess|DixGetAttrAccess|DixGrabAccess);
- if (check_mode & modes) {
- rec->status = Success;
- check_mode &= ~modes;
- }
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
- if (check_mode) { /* Any access mode bits not yet handled ? */
- LogMessageVerb(X_NOT_IMPLEMENTED, TSOL_MSG_UNIMPLEMENTED,
- TSOL_LOG_PREFIX
- "policy not implemented for TsolCheckServerAccess, "
- "mode=0x%x (%s)\n",
- check_mode, TsolDixAccessModeNameString(check_mode));
- }
-
- if (rec->status != Success) {
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "TsolCheckServerAccess(%s, %s, %s) = %s\n",
- tsolinfo->pname,
- TsolDixAccessModeNameString(access_mode),
- TsolRequestNameString(reqtype),
- TsolErrorNameString(rec->status));
- }
-
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-}
-
-void
-TsolCheckClientAccess(CallbackListPtr *pcbl, void *nulldata, void *calldata)
-{
- XaceClientAccessRec *rec = calldata;
- ClientPtr client = rec->client;
- Mask access_mode = rec->access_mode;
- Mask modes;
-
- Mask check_mode = access_mode;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- int reqtype;
-
- if (client->requestBuffer) {
- reqtype = MAJOROP; /* protocol */
- } else {
- reqtype = -1;
- }
-
- rec->status = BadAccess;
-
- modes = (DixManageAccess|DixDestroyAccess);
- if (check_mode & modes) {
- if (priv_win_config ||
- client_has_privilege(tsolinfo, pset_win_config)) {
- rec->status = Success;
- }
- check_mode &= ~modes;
-
- if (tsolinfo->flags & TSOL_AUDITEVENT) {
- set_audit_flags(tsolinfo);
- auditwrite(AW_XCLIENT, (ulong_t)client->index,
- tsolinfo->uid,
- AW_SLABEL, tsolinfo->sl,
- AW_APPEND, AW_END);
- }
- }
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
- if (check_mode) { /* Any access mode bits not yet handled ? */
- LogMessageVerb(X_NOT_IMPLEMENTED, TSOL_MSG_UNIMPLEMENTED,
- TSOL_LOG_PREFIX
- "policy not implemented for TsolCheckClientAccess, "
- "mode=0x%x (%s)\n",
- check_mode, TsolDixAccessModeNameString(check_mode));
- }
-
- if (rec->status != Success) {
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "TsolCheckClientAccess(%s, %s, %s) = %s\n",
- tsolinfo->pname,
- TsolDixAccessModeNameString(access_mode),
- TsolRequestNameString(reqtype),
- TsolErrorNameString(rec->status));
- }
-
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-
-}
-
-void
-TsolCheckDeviceAccess(CallbackListPtr *pcbl, void *nulldata, void *calldata)
-{
- XaceDeviceAccessRec *rec = (XaceDeviceAccessRec *) calldata;
- ClientPtr client = rec->client;
- Mask access_mode = rec->access_mode;
- Mask check_mode = access_mode;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- int reqtype;
- Mask modes;
-
- if (client->requestBuffer) {
- reqtype = MAJOROP; /* protocol */
- } else {
- reqtype = -1;
- }
-
- rec->status = BadWindow;
-
- /* Allow all device access to the server itself */
- if (client == serverClient) {
- rec->status = Success;
- check_mode = 0;
- }
-
- /* get/read access is allowed */
- modes = (DixCreateAccess | DixGetAttrAccess | DixGetFocusAccess |
- DixReadAccess | DixShowAccess | DixHideAccess |
- DixUseAccess | DixBellAccess);
- if (check_mode & modes) {
- rec->status = Success;
- check_mode &= ~modes;
- }
-
- /* change/set access requires privilege */
- modes = (DixFreezeAccess | DixGrabAccess | DixManageAccess |
- DixSetAttrAccess | DixSetFocusAccess | DixForceAccess |
- DixWriteAccess);
- if (check_mode & modes) {
- if (priv_win_devices ||
- client_has_privilege(tsolinfo, pset_win_devices))
- rec->status = Success;
- if (tsolinfo->flags & TSOL_AUDITEVENT) {
- set_audit_flags(tsolinfo);
- auditwrite(AW_XCLIENT, client->index,
- AW_APPEND, AW_END);
- }
- check_mode &= ~modes;
- }
-
-#ifndef NO_TSOL_DEBUG_MESSAGES
- if (check_mode) { /* Any access mode bits not yet handled ? */
- LogMessageVerb(X_NOT_IMPLEMENTED, TSOL_MSG_UNIMPLEMENTED,
- TSOL_LOG_PREFIX
- "policy not implemented for TsolCheckDeviceAccess, %s, %s\n",
- TsolDixAccessModeNameString(check_mode),
- TsolRequestNameString(reqtype));
- }
-
- if (rec->status != Success) {
- tsolinfo = GetClientTsolInfo(client);
- LogMessageVerb(X_WARNING, TSOL_MSG_WARNING,
- TSOL_LOG_PREFIX
- "TsolCheckDeviceAccess(%s, %s, %s) = %s\n",
- tsolinfo->pname,
- TsolDixAccessModeNameString(access_mode),
- TsolRequestNameString(reqtype),
- TsolErrorNameString(rec->status));
- }
-
-#endif /* !NO_TSOL_DEBUG_MESSAGES */
-}
-
-TsolResPtr
-TsolDrawablePrivate(DrawablePtr pDraw, ClientPtr client)
-{
- int rc;
- TsolResPtr tsolres = NULL;
- PixmapPtr pMap = NullPixmap;
- WindowPtr pWin = NullWindow;
-
- if (pDraw->type == DRAWABLE_WINDOW) {
- rc = dixLookupWindow(&pWin, pDraw->id, client, DixReadAccess);
- if (rc == Success && pWin != NullWindow)
- tsolres = TsolWindowPrivate(pWin);
- }
- else if (pDraw->type == DRAWABLE_PIXMAP)
- {
- rc = dixLookupDrawable((DrawablePtr *)&pMap, pDraw->id, client,
- M_DRAWABLE_PIXMAP, DixReadAccess);
- if (rc == Success && pMap != NullPixmap)
- tsolres = TsolPixmapPrivate(pMap);
- }
-
- return tsolres;
-}
--- a/open-src/xserver/xorg/sun-src/tsol/tsolpolicy.h Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,83 +0,0 @@
-/* Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifndef _TSOL_POLICY_H
-#define _TSOL_POLICY_H
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <assert.h>
-
-#define PASSED 0 /* success code 0 */
-#ifndef FAILED
-#define FAILED 1 /* failed is non-zero (could be error no) */
-#endif /* FAILED */
-
-#define AUDIT_SUCCESS 1
-#define AUDIT_FAILURE 0
-
-/*
- * Policy checking flags
- */
-
-enum xpolicy_flags {
- TSOL_MAC = 0x00000001, /* MAC policy */
- TSOL_DAC = 0x00000002, /* DAC floating */
- TSOL_FLOAT = 0x00000004, /* float ILs */
- TSOL_AUDIT = 0x00000008, /* perform auditing */
- TSOL_PRIV = 0x00000010, /* privilege check */
- TSOL_TP = 0x00000020, /* Trusted Path check */
- TSOL_READOP = 0x00000040, /* read operation */
- TSOL_WRITEOP = 0x00000080, /* write operation */
- TSOL_OWNER = 0x00000100, /* Check for workstation owner */
- TSOL_DOMINATE = 0x00000200, /* Check for default uid */
- TSOL_ALL = 0x0fffffff /* do them all */
-};
-
-typedef enum xpolicy_flags xpolicy_t;
-
-#define XTSOL_FAIL 1 /* Replaces SecurityErrorOperation */
-#define XTSOL_ALLOW 2 /* Replaces SecurityAllowOperation */
-#define XTSOL_IGNORE 3 /* Replaces SecurityIgnoreOperation */
-
-
-#ifndef MAJOROP
-#define MAJOROP ((xReq *)client->requestBuffer)->reqType
-#endif /* MAJOROP */
-#define RES_TYPE(xid) ((xid) & (0x8000000F))
-
-
-/*
- * Function prototypes
- */
-
-void init_win_privsets(void);
-void free_win_privsets(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _TSOL_POLICY_H */
--- a/open-src/xserver/xorg/sun-src/tsol/tsolprotocol.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1503 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <ucred.h>
-#include <pwd.h>
-#include <strings.h>
-#include <sys/wait.h>
-#include "auditwrite.h"
-#include <bsm/libbsm.h>
-#include <bsm/audit_uevents.h>
-#include "tsol.h"
-
-#include "inputstr.h"
-#include "xkbstr.h"
-#include "xkbsrv.h"
-
-#include "dixevents.h"
-#include "selection.h"
-#include "osdep.h"
-#include "tsolpolicy.h"
-#include "swaprep.h"
-#include "swapreq.h"
-#include "servermd.h"
-#ifdef PANORAMIX
-#include "../Xext/panoramiXsrv.h"
-#endif
-#ifdef XCSECURITY
-#include "../Xext/securitysrv.h"
-#endif
-#include "xace.h"
-#include "xacestr.h"
-
-/*
- * The event # here match those in /usr/include/bsm/audit_uevents.h.
- * Changes in one should go with corresponding changes in another.
- */
-
-#define MAX_AUDIT_EVENTS 100
-
-int audit_eventsid[100][2] = {
- { X_CreateWindow, AUE_CreateWindow },
- { X_ChangeWindowAttributes, AUE_ChangeWindowAttributes },
- { X_GetWindowAttributes, AUE_GetWindowAttributes },
- { X_DestroyWindow, AUE_DestroyWindow },
- { X_DestroySubwindows, AUE_DestroySubwindows },
- { X_ChangeSaveSet, AUE_ChangeSaveSet },
- { X_ReparentWindow, AUE_ReparentWindow },
- { X_MapWindow, AUE_MapWindow },
- { X_MapSubwindows, AUE_MapSubwindows },
- { X_UnmapWindow, AUE_UnmapWindow },
- { X_UnmapSubwindows, AUE_UnmapSubwindows },
- { X_ConfigureWindow, AUE_ConfigureWindow },
- { X_CirculateWindow, AUE_CirculateWindow },
- { X_GetGeometry, AUE_GetGeometry },
- { X_QueryTree, AUE_QueryTree },
- { X_InternAtom, AUE_InternAtom },
- { X_GetAtomName, AUE_GetAtomName },
- { X_ChangeProperty, AUE_ChangeProperty },
- { X_DeleteProperty, AUE_DeleteProperty },
- { X_GetProperty, AUE_GetProperty },
- { X_ListProperties, AUE_ListProperties },
- { X_SetSelectionOwner, AUE_SetSelectionOwner },
- { X_GetSelectionOwner, AUE_GetSelectionOwner },
- { X_ConvertSelection, AUE_ConvertSelection },
- { X_SendEvent, AUE_SendEvent },
- { X_GrabPointer, AUE_GrabPointer },
- { X_UngrabPointer, AUE_UngrabPointer },
- { X_GrabButton, AUE_GrabButton },
- { X_UngrabButton, AUE_UngrabButton },
- { X_ChangeActivePointerGrab, AUE_ChangeActivePointerGrab },
- { X_GrabKeyboard, AUE_GrabKeyboard },
- { X_UngrabKeyboard, AUE_UngrabKeyboard },
- { X_GrabKey, AUE_GrabKey },
- { X_UngrabKey, AUE_UngrabKey },
- { X_GrabServer, AUE_GrabServer },
- { X_UngrabServer, AUE_UngrabServer },
- { X_QueryPointer, AUE_QueryPointer },
- { X_GetMotionEvents, AUE_GetMotionEvents },
- { X_TranslateCoords, AUE_TranslateCoords },
- { X_WarpPointer, AUE_WarpPointer },
- { X_SetInputFocus, AUE_SetInputFocus },
- { X_GetInputFocus, AUE_GetInputFocus },
- { X_QueryKeymap, AUE_QueryKeymap },
- { X_SetFontPath, AUE_SetFontPath },
- { X_FreePixmap, AUE_FreePixmap },
- { X_ChangeGC, AUE_ChangeGC },
- { X_CopyGC, AUE_CopyGC },
- { X_SetDashes, AUE_SetDashes },
- { X_SetClipRectangles, AUE_SetClipRectangles },
- { X_FreeGC, AUE_FreeGC },
- { X_ClearArea, AUE_ClearArea },
- { X_CopyArea, AUE_CopyArea },
- { X_CopyPlane, AUE_CopyPlane },
- { X_PolyPoint, AUE_PolyPoint },
- { X_PolyLine, AUE_PolyLine },
- { X_PolySegment, AUE_PolySegment },
- { X_PolyRectangle, AUE_PolyRectangle },
- { X_PolyArc, AUE_PolyArc },
- { X_FillPoly, AUE_FillPolygon },
- { X_PolyFillRectangle, AUE_PolyFillRectangle },
- { X_PolyFillArc, AUE_PolyFillArc },
- { X_PutImage, AUE_PutImage },
- { X_GetImage, AUE_GetImage },
- { X_PolyText8, AUE_PolyText8 },
- { X_PolyText16, AUE_PolyText16 },
- { X_ImageText8, AUE_ImageText8 },
- { X_ImageText16, AUE_ImageText16 },
- { X_CreateColormap, AUE_CreateColormap },
- { X_FreeColormap, AUE_FreeColormap },
- { X_CopyColormapAndFree, AUE_CopyColormapAndFree },
- { X_InstallColormap, AUE_InstallColormap },
- { X_UninstallColormap, AUE_UninstallColormap },
- { X_ListInstalledColormaps, AUE_ListInstalledColormaps },
- { X_AllocColor, AUE_AllocColor },
- { X_AllocNamedColor, AUE_AllocNamedColor },
- { X_AllocColorCells, AUE_AllocColorCells },
- { X_AllocColorPlanes, AUE_AllocColorPlanes },
- { X_FreeColors, AUE_FreeColors },
- { X_StoreColors, AUE_StoreColors },
- { X_StoreNamedColor, AUE_StoreNamedColor },
- { X_QueryColors, AUE_QueryColors },
- { X_LookupColor, AUE_LookupColor },
- { X_CreateCursor, AUE_CreateCursor },
- { X_CreateGlyphCursor, AUE_CreateGlyphCursor },
- { X_FreeCursor, AUE_FreeCursor },
- { X_RecolorCursor, AUE_RecolorCursor },
- { X_ChangeKeyboardMapping, AUE_ChangeKeyboardMapping },
- { X_ChangeKeyboardControl, AUE_ChangeKeyboardControl },
- { X_Bell, AUE_Bell },
- { X_ChangePointerControl, AUE_ChangePointerControl },
- { X_SetScreenSaver, AUE_SetScreenSaver },
- { X_ChangeHosts, AUE_ChangeHosts },
- { X_SetAccessControl, AUE_SetAccessControl },
- { X_SetCloseDownMode, AUE_SetCloseDownMode },
- { X_KillClient, AUE_KillClient },
- { X_RotateProperties, AUE_RotateProperties },
- { X_ForceScreenSaver, AUE_ForceScreenSaver },
- { X_SetPointerMapping, AUE_SetPointerMapping },
- { X_SetModifierMapping, AUE_SetModifierMapping },
- { X_NoOperation, AUE_XExtensions }
-};
-
-
-extern priv_set_t *pset_win_config;
-extern TsolResPtr TsolDrawablePrivateate(DrawablePtr pDraw, ClientPtr client);
-extern int tsol_check_policy(TsolInfoPtr tsolinfo, TsolResPtr tsolres,
- xpolicy_t flags, int reqcode);
-extern Bool client_has_privilege(TsolInfoPtr tsolinfo, priv_set_t *priv);
-
-
-#define INITIAL_TSOL_NODELENGTH 1500
-
-/*
- * Get number of atoms defined in the system
- */
-static Atom
-GetLastAtom(void)
-{
- Atom a = (Atom) 1; /* atoms start at 1 */
-
- while (ValidAtom(a)) {
- a++;
- }
-
- return (--a);
-}
-
-/*
- * Update Tsol info for atoms. This function gets
- * called typically during initialization. But, it could also get
- * called if some atoms are created internally by server.
- */
-void
-UpdateTsolNode(Atom thisAtom, ClientPtr client)
-{
- Atom lastAtom = GetLastAtom();
- Atom ia;
- int newsize;
-
- /* Allocate & Initialize the node for the first time */
- if (tsol_node == NULL) {
- newsize = (lastAtom > INITIAL_TSOL_NODELENGTH ?
- lastAtom : INITIAL_TSOL_NODELENGTH);
-
- tsol_node = malloc((newsize + 1) * sizeof(TsolNodeRec));
- if (tsol_node == NULL) {
- ErrorF("Cannot allocate memory for Tsol node\n");
- return;
- }
-
- tsol_nodelength = newsize;
-
- /* Atom id 0 is invalid */
- tsol_lastAtom = 0;
- tsol_node[0].flags = 0;
- tsol_node[0].slcount = 0;
- tsol_node[0].sl = NULL;
- tsol_node[0].slsize = 0;
- tsol_node[0].IsSpecial = 0;
- }
-
- /* If the node is already allocated, see if it needs to be extended */
- if (lastAtom > tsol_lastAtom) {
- tsol_node = realloc(tsol_node,
- (lastAtom + 1) * sizeof(TsolNodeRec));
-
- if (tsol_node == NULL) {
- ErrorF("Cannot allocate memory for Tsol node\n");
- return;
- }
-
- tsol_nodelength = lastAtom + 1;
-
- /*
- * Initialize all the newly created atoms
- */
- for (ia = tsol_lastAtom + 1; ia <= lastAtom; ia++) {
- const char *atomname = NameForAtom(ia);
-
- tsol_node[ia].slcount = 0;
- tsol_node[ia].sl = NULL;
- tsol_node[ia].slsize= 0;
- tsol_node[ia].flags = MatchTsolConfig(atomname,
- strlen(atomname));
- tsol_node[ia].IsSpecial = SpecialName(atomname,
- strlen(atomname));
- if (client == NULL) {
- /* Mark as internal atom for
- GetAtomName to succeed */
- tsol_node[ia].flags |= TSOLM_ATOM;
- }
-
-
- }
- tsol_lastAtom = lastAtom;
- }
-
- /* Store the label info for non-global atoms */
- if (thisAtom != 0 && client != NULL &&
- (tsol_node[thisAtom].flags & TSOLM_ATOM) == 0) {
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- TsolNodePtr tndp = &(tsol_node[thisAtom]);
- int k;
-
- /* private atoms must have a matching sl */
- for (k = 0; k < tndp->slcount; k++) {
- if (tsolinfo->sl == tndp->sl[k]) {
- return; /* found */
- }
- }
-
- /* Allocate storage for sl if needed */
- if (tndp->sl == NULL) {
- tndp->sl = malloc(NODE_SLSIZE * (sizeof(bslabel_t *)));
-
- if (tndp->sl == NULL) {
- ErrorF("Not enough memory for atoms\n");
- }
-
- tndp->slcount = 0;
- tndp->slsize = NODE_SLSIZE;
- }
-
- /* Expand storage space for sl if needed */
- if (tndp->slsize < tndp->slcount) {
- newsize = tndp->slsize + NODE_SLSIZE;
- tndp->sl = realloc(tndp->sl,
- newsize * (sizeof(bslabel_t *)));
- if (tndp->sl == NULL) {
- ErrorF("Not enough memory for atoms\n");
- }
- tndp->slsize = newsize;
- }
-
-
- /* Store client's sl */
- tndp->sl[tndp->slcount] = tsolinfo->sl;
- tndp->slcount++;
- }
-}
-
-int
-ProcTsolInternAtom(ClientPtr client)
-{
- Atom atom;
- char *tchar;
- REQUEST(xInternAtomReq);
-
- REQUEST_FIXED_SIZE(xInternAtomReq, stuff->nbytes);
- if ((stuff->onlyIfExists != xTrue) && (stuff->onlyIfExists != xFalse))
- {
- client->errorValue = stuff->onlyIfExists;
- return(BadValue);
- }
- tchar = (char *) &stuff[1];
- atom = MakeAtom(tchar, stuff->nbytes, !stuff->onlyIfExists);
-
- if (atom != BAD_RESOURCE)
- {
- /* Assign tsol attributes to this atom */
- UpdateTsolNode(atom, client);
-
- xInternAtomReply reply;
- reply.type = X_Reply;
- reply.length = 0;
- reply.sequenceNumber = client->sequence;
- reply.atom = atom;
- WriteReplyToClient(client, sizeof(xInternAtomReply), &reply);
- return(client->noClientException);
- }
- else
- return (BadAlloc);
-}
-
-int
-ProcTsolGetAtomName(ClientPtr client)
-{
- const char *str;
- xGetAtomNameReply reply;
- int len;
- REQUEST(xResourceReq);
-
- REQUEST_SIZE_MATCH(xResourceReq);
-
- if ((str = NameForAtom(stuff->id)))
- {
- char *blank_str = " ";
- TsolNodePtr tndp;
-
- tndp = &(tsol_node[stuff->id]);
- /* non-global atoms must have matching SL */
- if ((tndp->flags & TSOLM_ATOM) == 0) {
- int k;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- for (k = 0; k < tndp->slcount; k++) {
- if (tsolinfo->sl == tndp->sl[k])
- break;
- }
-
- /* SL can't be found, so return a blank string */
- if (k == tndp->slcount)
- str = blank_str;
- }
-
- len = strlen(str);
- reply.type = X_Reply;
- reply.length = (len + 3) >> 2;
- reply.sequenceNumber = client->sequence;
- reply.nameLength = len;
- WriteReplyToClient(client, sizeof(xGetAtomNameReply), &reply);
- (void)WriteToClient(client, len, str);
- return(client->noClientException);
- }
- else
- {
- client->errorValue = stuff->id;
- return (BadAtom);
- }
-}
-
-int
-TsolInitWindow(ClientPtr client, WindowPtr pWin)
-{
- bslabel_t admin_low;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- TsolResPtr tsolres = TsolWindowPrivate(pWin);
-
- tsolres->uid = tsolinfo->uid;
- tsolres->sl = tsolinfo->sl;
- tsolres->pid = tsolinfo->pid;
-
- if (client == serverClient)
- tsolres->internal = TRUE;
- else
- tsolres->internal = FALSE;
-
- bsllow(&admin_low);
- if (blequal(tsolres->sl, &admin_low))
- tsolres->flags = TRUSTED_MASK;
- else
- tsolres->flags = 0;
-
- return (Success);
-}
-
-int
-TsolInitPixmap(ClientPtr client, PixmapPtr pMap)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- TsolResPtr tsolres = TsolPixmapPrivate(pMap);
-
- tsolres->uid = tsolinfo->uid;
- tsolres->sl = tsolinfo->sl;
- tsolres->flags = 0;
-
- return (Success);
-}
-
-/* Generic ProcVector wrapper for functions which just need to set the
- client's TrustLevel to Trusted before executing. */
-static inline int
-ProcTsolUnwrapWithTrust(ClientPtr client, int majorop)
-{
- int result, savedtrust;
-
- savedtrust = setClientTrustLevel(client, XSecurityClientTrusted);
- result = (*TsolSavedProcVector[majorop])(client);
- setClientTrustLevel(client, savedtrust);
-
- return result;
-}
-
-
-static void
-ResetStripeWindow(ClientPtr client)
-{
- WindowPtr pParent;
- WindowPtr pWin = NULL;
- int rc;
-
-#if defined(PANORAMIX)
- if (!noPanoramiXExtension)
- {
- PanoramiXRes *panres = NULL;
- int j;
-
- if (tpwin) {
- rc = dixLookupResourceByType((void *) &panres,
- tpwin->drawable.id, XRT_WINDOW,
- client, DixReadAccess);
- if (rc != Success)
- return;
- }
-
- FOR_NSCREENS_BACKWARD(j)
- {
- if (panres == NULL)
- return;
- /* Validate trusted stripe window */
- rc = dixLookupWindow(&pWin, panres->info[j].id, client,
- DixReadAccess);
- if (rc != Success)
- return;
-
- if (tpwin == NullWindow || pWin == NullWindow)
- return;
-
- pParent = pWin->parent;
- if (!pParent || pParent->firstChild == pWin)
- return;
-
- ReflectStackChange(pWin, pParent->firstChild, VTStack);
- }
- } else
-#endif
- {
- /* Validate trusted stripe window */
- if (tpwin) {
- rc = dixLookupWindow(&pWin, tpwin->drawable.id, client,
- DixReadAccess);
- if (rc != Success)
- return;
- }
-
- if (tpwin == NullWindow || pWin == NullWindow)
- return;
-
- pParent = tpwin->parent;
- /* stripe is already at head, nothing to do */
- if (!pParent || pParent->firstChild == tpwin)
- return;
-
- ReflectStackChange(tpwin, pParent->firstChild, VTStack);
- }
-}
-
-
-/* Generic ProcVector wrapper for functions which just need to have
- ResetStripeWindow called after executing. */
-static inline int
-ProcTsolUnwrapAndResetStripe(ClientPtr client, int majorop)
-{
- int result;
-
- result = (*TsolSavedProcVector[majorop])(client);
- ResetStripeWindow(client);
-
- return result;
-}
-
-int
-ProcTsolCreateWindow(ClientPtr client)
-{
- return ProcTsolUnwrapAndResetStripe(client, X_CreateWindow);
-}
-
-int
-ProcTsolChangeWindowAttributes(ClientPtr client)
-{
- return ProcTsolUnwrapAndResetStripe(client, X_ChangeWindowAttributes);
-}
-
-int
-ProcTsolConfigureWindow(ClientPtr client)
-{
- return ProcTsolUnwrapAndResetStripe(client, X_ConfigureWindow);
-}
-
-int
-ProcTsolCirculateWindow(ClientPtr client)
-{
- return ProcTsolUnwrapAndResetStripe(client, X_CirculateWindow);
-}
-
-int
-ProcTsolReparentWindow(ClientPtr client)
-{
- return ProcTsolUnwrapAndResetStripe(client, X_ReparentWindow);
-}
-
-/*
- * HandleHotKey -
- * HotKey is Meta(Diamond)+ Stop Key
- * Breaks untrusted Ptr and Kbd grabs.
- * Trusted Grabs are NOT broken
- * Warps pointer to the Trusted Stripe if not Trusted grabs in force.
- */
-void
-HandleHotKey(DeviceIntPtr keybd)
-{
- int x, y;
- Bool trusted_grab = FALSE;
- ClientPtr client;
- DeviceIntPtr mouse = GetPairedDevice(keybd);
- TsolInfoPtr tsolinfo;
- GrabPtr ptrgrab = mouse->deviceGrab.grab;
- GrabPtr kbdgrab = keybd->deviceGrab.grab;
- ScreenPtr pScreen;
-
- if (kbdgrab)
- {
- client = clients[CLIENT_ID(kbdgrab->resource)];
- tsolinfo = GetClientTsolInfo(client);
-
- if (tsolinfo)
- {
- if (HasTrustedPath(tsolinfo))
- trusted_grab = TRUE;
- else
- (*keybd->deviceGrab.DeactivateGrab)(keybd);
- }
-
- if (ptrgrab)
- {
- client = clients[CLIENT_ID(ptrgrab->resource)];
- tsolinfo = GetClientTsolInfo(client);
-
- if (tsolinfo)
- {
- if (HasTrustedPath(tsolinfo))
- trusted_grab = TRUE;
- else
- (*mouse->deviceGrab.DeactivateGrab)(mouse);
- }
- }
- }
-
- if (!trusted_grab)
- {
- /*
- * Warp the pointer to the Trusted Stripe
- */
- pScreen = screenInfo.screens[0];
- x = pScreen->width/2;
- y = pScreen->height - StripeHeight/2;
- (*pScreen->SetCursorPosition)(mouse, pScreen, x, y, TRUE);
- }
-}
-
-#ifdef UNUSED
-void
-PrintSiblings(WindowPtr p1)
-{
- WindowPtr p2;
-
- if (p1 == NULL || p1->parent == NULL) return;
-
- p2 = p1->parent->firstChild;
- while (p2)
- {
- ErrorF( "(%x, %d, %d, %x)\n", p2, p2->drawable.width,
- p2->drawable.height, p2->prevSib);
- p2 = p2->nextSib;
- }
-}
-
-/*
- * Checks that tpwin & its siblings have same
- * parents. Returns 0 if OK, a # indicating which
- * Sibling has a bad parent
- */
-int
-CheckTPWin(void)
-{
- WindowPtr pWin;
- int count = 1;
-
- pWin = tpwin->nextSib;
- while (pWin)
- {
- if (pWin->parent->parent)
- return count;
- pWin = pWin->nextSib;
- ++count;
- }
- return 0;
-}
-#endif /* UNUSED */
-
-/* NEW */
-
-int
-ProcTsolGetGeometry(ClientPtr client)
-{
- xGetGeometryReply rep;
- int status;
-
- REQUEST(xResourceReq);
-
- if ( noPanoramiXExtension )
- {
- if ((status = GetGeometry(client, &rep)) != Success)
- return status;
-
- /* Reduce root window height = stripe height */
- if (stuff->id == rep.root)
- {
- rep.height -= StripeHeight;
- }
-
- WriteReplyToClient(client, sizeof(xGetGeometryReply), &rep);
- return(client->noClientException);
-
- } else
- {
- status = (*TsolSavedProcVector[X_GetGeometry])(client);
- return (status);
- }
-}
-
-int
-ProcTsolGrabServer(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- /* REQUEST(xResourceReq); */
- REQUEST_SIZE_MATCH(xReq);
-
- if (priv_win_config ||
- client_has_privilege(tsolinfo, pset_win_config)) {
- return (*TsolSavedProcVector[X_GrabServer])(client);
- } else {
- /* turn off auditing because operation ignored */
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
-
- return(client->noClientException);
- }
-}
-
-int
-ProcTsolUngrabServer(ClientPtr client)
-{
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- /* REQUEST(xResourceReq); */
- REQUEST_SIZE_MATCH(xReq);
-
- if (priv_win_config ||
- client_has_privilege(tsolinfo, pset_win_config)) {
- return (*TsolSavedProcVector[X_UngrabServer])(client);
- } else {
- /* turn off auditing because operation ignored */
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
-
- return(client->noClientException);
- }
-}
-
-int
-ProcTsolQueryTree(ClientPtr client)
-{
- xQueryTreeReply reply;
- int rc, numChildren = 0;
- WindowPtr pChild, pWin, pHead;
- Window *childIDs = (Window *)NULL;
-
-#ifdef TSOL
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- TsolResPtr tsolres;
- xpolicy_t flags;
-#endif /* TSOL */
-
- REQUEST(xResourceReq);
-
- REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
- if (rc != Success)
- return rc;
-
-#ifdef TSOL
- flags = (TSOL_MAC|TSOL_DAC|TSOL_READOP);
- /*
- * Because of its recursive nature, QuerryTree can leave a huge trail
- * of audit records which could make deciphering the audit log for
- * critical records difficult. So we turn off any more auditing of
- * this protocol.
- */
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
-#endif /* TSOL */
-
- reply.type = X_Reply;
- reply.root = pWin->drawable.pScreen->root->drawable.id;
- reply.sequenceNumber = client->sequence;
- if (pWin->parent)
- reply.parent = pWin->parent->drawable.id;
- else
- reply.parent = (Window)None;
- pHead = RealChildHead(pWin);
- for (pChild = pWin->lastChild; pChild != pHead; pChild = pChild->prevSib)
-#ifdef TSOL
- {
- tsolres = TsolWindowPrivate(pChild);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) ==
- Success) {
- numChildren++;
- }
- }
-#else /* !TSOL */
- numChildren++;
-#endif /* TSOL */
- if (numChildren)
- {
- int curChild = 0;
-
- childIDs = malloc(numChildren * sizeof(Window));
- if (!childIDs)
- return BadAlloc;
- for (pChild = pWin->lastChild; pChild != pHead; pChild = pChild->prevSib)
-#ifdef TSOL
- {
-
- tsolres = TsolWindowPrivate(pChild);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) ==
- Success) {
- childIDs[curChild++] = pChild->drawable.id;
- }
- }
-#else /* !TSOL */
- childIDs[curChild++] = pChild->drawable.id;
-#endif /* TSOL */
- }
-
- reply.nChildren = numChildren;
- reply.length = (numChildren * sizeof(Window)) >> 2;
-
- WriteReplyToClient(client, sizeof(xQueryTreeReply), &reply);
- if (numChildren)
- {
- client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write;
- WriteSwappedDataToClient(client, numChildren * sizeof(Window), childIDs);
- free(childIDs);
- }
-
- return(client->noClientException);
-}
-
-CALLBACK(
-TsolAuditStart)
-{
- XaceAuditRec *rec = (XaceAuditRec *) calldata;
- ClientPtr client = rec->client;
-
- unsigned int protocol;
- int xevent_num = -1;
- int count = 0;
- int status = 0;
- Bool do_x_audit = FALSE;
- Bool audit_event = FALSE;
- TsolInfoPtr tsolinfo = (TsolInfoPtr)NULL;
- tsolinfo = GetClientTsolInfo(client);
- if (tsolinfo->amask.am_success || tsolinfo->amask.am_failure) {
-
- do_x_audit = TRUE;
- auditwrite(AW_PRESELECT, &(tsolinfo->amask), AW_END);
-
- /*
- * X audit events start from 9101 in audit_uevents.h. The first two
- * events are non-protocol ones viz. ClientConnect, mapped to 9101
- * and ClientDisconnect, mapped to 9102.
- * The protocol events are mapped from 9103 onwards in the serial
- * order of their respective protocol opcode, for eg, the protocol
- * UngrabPointer which is has a protocol opcode 27 is mapped to
- * 9129 (9102 + 27).
- * All extension protocols are mapped to a single audit event
- * AUE_XExtension as opcodes are assigined dynamically to these
- * protocols. We set the extension protocol opcode to be 128, one
- * more than the last standard opcode.
- */
- protocol = (unsigned int)MAJOROP_CODE;
- if (protocol > X_NoOperation) {
- xevent_num = audit_eventsid[MAX_AUDIT_EVENTS - 1][1];
- audit_event = TRUE;
- } else {
- for (count = 0; count < MAX_AUDIT_EVENTS; count++) {
- if (protocol == audit_eventsid[count][0]) {
- xevent_num = audit_eventsid[count][1];
- audit_event = TRUE;
- break;
- }
- }
- }
-
- /*
- * Exclude Clients with Trusted Path such as tsoldtwm, tsoldtsession etc
- * from generating the audit records for X protocols
- */
- if (audit_event && do_x_audit && !HasTrustedPath(tsolinfo) &&
- (au_preselect(xevent_num, &(tsolinfo->amask), AU_PRS_BOTH,
- AU_PRS_USECACHE) == 1)) {
- tsolinfo->flags |= TSOL_AUDITEVENT;
- status = auditwrite(AW_EVENTNUM, xevent_num, AW_APPEND, AW_END);
- } else {
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- }
- }
-}
-
-CALLBACK(
-TsolAuditEnd)
-{
- XaceAuditRec *rec = (XaceAuditRec *) calldata;
- ClientPtr client = rec->client;
- int result = rec->requestResult;
-
- char audit_ret = (char)NULL;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- if (tsolinfo->flags & TSOL_DOXAUDIT)
- {
- tsolinfo->flags &= ~TSOL_DOXAUDIT;
- if (tsolinfo->flags & TSOL_AUDITEVENT)
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- if (result != Success)
- audit_ret = -1;
- else
- audit_ret = 0;
- auditwrite(AW_RETURN, audit_ret, (u_int)result,
- AW_WRITE, AW_END);
- }
- else if (tsolinfo->flags & TSOL_AUDITEVENT)
- {
- tsolinfo->flags &= ~TSOL_AUDITEVENT;
- auditwrite(AW_DISCARDRD, -1, AW_END);
- }
-}
-
-int
-ProcTsolQueryPointer(ClientPtr client)
-{
- xQueryPointerReply rep;
- WindowPtr pWin, ptrWin;
- DeviceIntPtr mouse = PickPointer(client);
- DeviceIntPtr keyboard;
- SpritePtr pSprite;
- int rc;
- TsolResPtr tsolres;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- xpolicy_t flags;
-
- REQUEST(xResourceReq);
- REQUEST_SIZE_MATCH(xResourceReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
- if (rc != Success)
- return rc;
- rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixReadAccess);
- if (rc != Success && rc != BadAccess)
- return rc;
-
- keyboard = GetPairedDevice(mouse);
-
- pSprite = mouse->spriteInfo->sprite;
-
- ptrWin = GetSpriteWindow(mouse);
- tsolres = TsolWindowPrivate(ptrWin);
- flags = (TSOL_MAC|TSOL_DAC|TSOL_READOP);
-
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) == Success) {
- return (*TsolSavedProcVector[X_QueryPointer])(client);
- }
-
- if (mouse->valuator->motionHintWindow)
- MaybeStopHint(mouse, client);
- memset(&rep, 0, sizeof(xQueryPointerReply));
- rep.type = X_Reply;
- rep.sequenceNumber = client->sequence;
- rep.mask = mouse->button ? (mouse->button->state) : 0;
- rep.mask |= XkbStateFieldFromRec(&keyboard->key->xkbInfo->state);
- rep.length = 0;
- rep.root = RootOf(pWin);
- rep.rootX = 0;
- rep.rootY = 0;
- rep.child = None;
- rep.sameScreen = xTrue;
- rep.winX = 0;
- rep.winY = 0;
-
- WriteReplyToClient(client, sizeof(xQueryPointerReply), &rep);
-
- return(Success);
-}
-
-
-int
-ProcTsolQueryExtension(ClientPtr client)
-{
- /* Allow extensions in the labeled zones */
- return ProcTsolUnwrapWithTrust(client, X_QueryExtension);
-}
-
-int
-ProcTsolListExtensions(ClientPtr client)
-{
- /* Allow extensions in the labeled zones */
- return ProcTsolUnwrapWithTrust(client, X_ListExtensions);
-}
-
-int
-ProcTsolMapWindow(ClientPtr client)
-{
- return ProcTsolUnwrapWithTrust(client, X_MapWindow);
-}
-
-int
-ProcTsolMapSubwindows(ClientPtr client)
-{
- return ProcTsolUnwrapWithTrust(client, X_MapSubwindows);
-}
-
-static int
-TsolDoGetImage(
- ClientPtr client,
- int format,
- Drawable drawable,
- int x, int y, int width, int height,
- Mask planemask,
- xGetImageReply **im_return)
-{
- DrawablePtr pDraw;
- int nlines, linesPerBuf, rc;
- register int linesDone;
- long widthBytesLine, length;
- Mask plane = 0;
- char *pBuf;
- xGetImageReply xgi;
-
-#ifdef TSOL
- Bool getimage_ok = TRUE; /* if false get all 0s */
- Bool overlap = FALSE;
- Bool not_root_window = FALSE;
- WindowPtr pHead = NULL, pWin = NULL, pRoot;
- TsolResPtr tsolres_win;
- BoxRec winbox, box;
- BoxPtr pwinbox;
- DrawablePtr pDrawtmp;
- TsolResPtr tsolres;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- xpolicy_t flags;
-#endif /* TSOL */
-
- if ((format != XYPixmap) && (format != ZPixmap))
- {
- client->errorValue = format;
- return(BadValue);
- }
- rc = dixLookupDrawable(&pDraw, drawable, client, 0, DixReadAccess);
- if (rc != Success)
- return rc;
-
-
-#ifdef TSOL
- flags = (TSOL_MAC|TSOL_DAC|TSOL_READOP);
- tsolres = TsolDrawablePrivate(pDraw, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) == Success)
- {
- return DoGetImage(client, format, drawable, x, y,
- width, height, planemask);
- }
-
- if (pDraw->type == DRAWABLE_WINDOW)
- {
- if (DrawableIsRoot(pDraw))
- {
- DeviceIntPtr pDev = PickPointer(client);
- SpritePtr pSprite = pDev->spriteInfo->sprite;
- pWin = XYToWindow(pSprite, x, y);
- if (!WindowIsRoot(pWin))
- {
- pDrawtmp = &(pWin->parent->drawable);
- if (((WindowPtr) pDrawtmp)->realized)
- {
- int tmpx, tmpy;
-
- tmpx = x - pDrawtmp->x;
- tmpy = y - pDrawtmp->y;
-
- /* requested area must be a subset of the window area */
- if (tmpx >= 0 && tmpy >= 0 &&
- width <= pDrawtmp->width &&
- height <= pDrawtmp->height)
- {
- pDraw = pDrawtmp;
- x = tmpx;
- y = tmpy;
- not_root_window = TRUE;
- }
- }
- }
- }
- else
- {
- not_root_window = TRUE;
- }
-
- if (not_root_window)
- {
- Window root;
- WindowPtr tmpwin;
- int rc;
-
- not_root_window = TRUE;
- rc = dixLookupWindow(&tmpwin, pDraw->id, client, DixReadAccess);
- if (rc != Success)
- return rc;
-
- while (tmpwin)
- {
- if (tmpwin->parent && WindowIsRoot(tmpwin->parent))
- {
- pWin = tmpwin;
- break;
- }
- tmpwin = tmpwin->parent;
- }
- pwinbox = WindowExtents(pWin, &winbox);
- box.x1 = pwinbox->x1;
- box.y1 = pwinbox->y1;
- box.x2 = pwinbox->x2;
- box.y2 = box.y1;
- tsolres_win = TsolWindowPrivate(pWin);
- root = pWin->drawable.pScreen->root->drawable.id;
- rc = dixLookupWindow(&pRoot, root, client, DixReadAccess);
- if (rc != Success)
- return rc;
- pHead = pRoot->firstChild;
- }
-
- tsolres = TsolDrawablePrivate(pDraw, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) == Success)
- getimage_ok = TRUE;
- else
- getimage_ok = FALSE;
- }
-#endif /* TSOL */
-
- if(pDraw->type == DRAWABLE_WINDOW)
- {
-
- if( /* check for being viewable */
- !((WindowPtr) pDraw)->realized ||
- /* check for being on screen */
- pDraw->x + x < 0 ||
- pDraw->x + x + width > pDraw->pScreen->width ||
- pDraw->y + y < 0 ||
- pDraw->y + y + height > pDraw->pScreen->height ||
- /* check for being inside of border */
- x < - wBorderWidth((WindowPtr)pDraw) ||
- x + width > wBorderWidth((WindowPtr)pDraw) + (int)pDraw->width ||
- y < -wBorderWidth((WindowPtr)pDraw) ||
- y + height > wBorderWidth ((WindowPtr)pDraw) + (int)pDraw->height
- )
- return(BadMatch);
- xgi.visual = wVisual (((WindowPtr) pDraw));
- }
- else
- {
- if(x < 0 ||
- x+width > (int)pDraw->width ||
- y < 0 ||
- y+height > (int)pDraw->height
- )
- return(BadMatch);
- xgi.visual = None;
- }
-
- xgi.type = X_Reply;
- xgi.sequenceNumber = client->sequence;
- xgi.depth = pDraw->depth;
- if(format == ZPixmap)
- {
- widthBytesLine = PixmapBytePad(width, pDraw->depth);
- length = widthBytesLine * height;
-
- }
- else
- {
- widthBytesLine = BitmapBytePad(width);
- plane = ((Mask)1) << (pDraw->depth - 1);
- /* only planes asked for */
- length = widthBytesLine * height *
- Ones(planemask & (plane | (plane - 1)));
-
- }
-
- xgi.length = length;
-
- if (im_return) {
- pBuf = malloc(sz_xGetImageReply + length);
- if (!pBuf)
- return (BadAlloc);
- if (widthBytesLine == 0)
- linesPerBuf = 0;
- else
- linesPerBuf = height;
- *im_return = (xGetImageReply *)pBuf;
- *(xGetImageReply *)pBuf = xgi;
- pBuf += sz_xGetImageReply;
- } else {
- xgi.length = (xgi.length + 3) >> 2;
- if (widthBytesLine == 0 || height == 0)
- linesPerBuf = 0;
- else if (widthBytesLine >= IMAGE_BUFSIZE)
- linesPerBuf = 1;
- else
- {
- linesPerBuf = IMAGE_BUFSIZE / widthBytesLine;
- if (linesPerBuf > height)
- linesPerBuf = height;
- }
- length = linesPerBuf * widthBytesLine;
- if (linesPerBuf < height)
- {
- /* we have to make sure intermediate buffers don't need padding */
- while ((linesPerBuf > 1) &&
- (length & ((1L << LOG2_BYTES_PER_SCANLINE_PAD)-1)))
- {
- linesPerBuf--;
- length -= widthBytesLine;
- }
- while (length & ((1L << LOG2_BYTES_PER_SCANLINE_PAD)-1))
- {
- linesPerBuf++;
- length += widthBytesLine;
- }
- }
- if(!(pBuf = malloc(length)))
- return (BadAlloc);
- WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
- }
-
- if (linesPerBuf == 0)
- {
- /* nothing to do */
- }
- else if (format == ZPixmap)
- {
- linesDone = 0;
- while (height - linesDone > 0)
- {
- nlines = min(linesPerBuf, height - linesDone);
- (*pDraw->pScreen->GetImage) (pDraw,
- x,
- y + linesDone,
- width,
- nlines,
- format,
- planemask,
- (void *) pBuf);
-#ifdef TSOL
- if (not_root_window)
- {
- WindowPtr over_win = (WindowPtr)NULL;
-
- box.y1 = y + linesDone + pDraw->y;
- box.y2 = box.y1 + nlines;
- over_win = AnyWindowOverlapsJustMe(pWin, pHead, &box);
- if (over_win)
- {
- tsolres = TsolWindowPrivate(over_win);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success)
- overlap = TRUE;
- }
- }
-
- /*
- * fill the buffer with zeros in case of security failure
- */
- if (!getimage_ok || overlap)
- {
- if (overlap)
- overlap = FALSE;
- memset(pBuf, 0, (int)(nlines * widthBytesLine));
-
- }
-#endif /* TSOL */
-
- /* Note that this is NOT a call to WriteSwappedDataToClient,
- as we do NOT byte swap */
- if (!im_return)
- {
-/* Don't split me, gcc pukes when you do */
- (void)WriteToClient(client,
- (int)(nlines * widthBytesLine),
- pBuf);
- }
- linesDone += nlines;
- }
- }
- else /* XYPixmap */
- {
- for (; plane; plane >>= 1)
- {
- if (planemask & plane)
- {
- linesDone = 0;
- while (height - linesDone > 0)
- {
- nlines = min(linesPerBuf, height - linesDone);
- (*pDraw->pScreen->GetImage) (pDraw,
- x,
- y + linesDone,
- width,
- nlines,
- format,
- plane,
- (void *)pBuf);
-#ifdef TSOL
- if (not_root_window)
- {
- WindowPtr over_win = (WindowPtr)NULL;
-
- box.y1 = y + linesDone + pDraw->y;
- box.y2 = box.y1 + nlines;
- over_win = AnyWindowOverlapsJustMe(pWin, pHead, &box);
- if (over_win)
- {
- tsolres = TsolWindowPrivate(over_win);
- if (tsol_check_policy(tsolinfo, tsolres, flags,
- MAJOROP_CODE) != Success)
- overlap = TRUE;
- }
- }
- /*
- * fill the buffer with zeros in case of security failure
- */
- if (!getimage_ok || overlap)
- {
- if (overlap)
- overlap = FALSE;
- memset(pBuf, 0, (int)(nlines * widthBytesLine));
-
- }
-#endif /* TSOL */
-
- /* Note: NOT a call to WriteSwappedDataToClient,
- as we do NOT byte swap */
- if (im_return) {
- pBuf += nlines * widthBytesLine;
- } else {
-/* Don't split me, gcc pukes when you do */
- (void)WriteToClient(client,
- (int)(nlines * widthBytesLine),
- pBuf);
- }
- linesDone += nlines;
- }
- }
- }
- }
-
- if (!im_return)
- free(pBuf);
- return (client->noClientException);
-}
-
-int
-ProcTsolGetImage(ClientPtr client)
-{
- REQUEST(xGetImageReq);
-
- REQUEST_SIZE_MATCH(xGetImageReq);
-
- return TsolDoGetImage(client, stuff->format, stuff->drawable,
- stuff->x, stuff->y,
- (int)stuff->width, (int)stuff->height,
- stuff->planeMask, (xGetImageReply **)NULL);
-}
-
-int
-ProcTsolPolySegment(ClientPtr client)
-{
- int status;
- GC *pGC;
- DrawablePtr pDraw;
- TsolResPtr tsolres;
- xpolicy_t flags;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- REQUEST(xPolySegmentReq);
- REQUEST_AT_LEAST_SIZE(xPolySegmentReq);
-
- VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess);
-
- flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP);
- tsolres = TsolDrawablePrivate(pDraw, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success) {
- /* ignore the error message */
- return(client->noClientException);
- }
-
- status = (*TsolSavedProcVector[X_PolySegment])(client);
-
- return (status);
-}
-
-int
-ProcTsolPolyRectangle (ClientPtr client)
-{
- int status;
- GC *pGC;
- DrawablePtr pDraw;
- TsolResPtr tsolres;
- xpolicy_t flags;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- REQUEST(xPolyRectangleReq);
- REQUEST_AT_LEAST_SIZE(xPolyRectangleReq);
-
- VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess);
-
- flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP);
- tsolres = TsolDrawablePrivate(pDraw, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success) {
- /* ignore the error message */
- return(client->noClientException);
- }
-
- status = (*TsolSavedProcVector[X_PolyRectangle])(client);
-
- return (status);
-}
-
-int
-ProcTsolCopyArea (ClientPtr client)
-{
- int status;
- DrawablePtr pDst;
- DrawablePtr pSrc;
- GC *pGC;
- int rc;
- TsolResPtr tsolres;
- xpolicy_t flags;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
-
- REQUEST(xCopyAreaReq);
-
- REQUEST_SIZE_MATCH(xCopyAreaReq);
-
- VALIDATE_DRAWABLE_AND_GC(stuff->dstDrawable, pDst, DixWriteAccess);
-
- if (stuff->dstDrawable != stuff->srcDrawable)
- {
- rc = dixLookupDrawable(&pSrc, stuff->srcDrawable, client, 0,
- DixReadAccess);
- if (rc != Success)
- return rc;
- if ((pDst->pScreen != pSrc->pScreen) || (pDst->depth != pSrc->depth))
- {
- client->errorValue = stuff->dstDrawable;
- return (BadMatch);
- }
- }
- else
- pSrc = pDst;
-
- flags = (TSOL_MAC|TSOL_DAC|TSOL_READOP);
- tsolres = TsolDrawablePrivate(pSrc, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success) {
- /* ignore the error message for DnD zap effect */
- return(client->noClientException);
- }
-
- flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP);
- tsolres = TsolDrawablePrivate(pDst, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success) {
- /* ignore the error message for DnD zap effect */
- return(client->noClientException);
- }
-
- status = (*TsolSavedProcVector[X_CopyArea])(client);
-
- return (status);
-}
-
-int
-ProcTsolCopyPlane(ClientPtr client)
-{
- int savedtrust;
- int status;
- DrawablePtr psrcDraw, pdstDraw;
- GC *pGC;
- TsolResPtr tsolres;
- TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
- xpolicy_t flags;
- int rc;
-
- REQUEST(xCopyPlaneReq);
-
- REQUEST_SIZE_MATCH(xCopyPlaneReq);
-
- savedtrust = setClientTrustLevel(client, XSecurityClientTrusted);
-
- VALIDATE_DRAWABLE_AND_GC(stuff->dstDrawable, pdstDraw, DixWriteAccess);
-
- if (stuff->dstDrawable != stuff->srcDrawable)
- {
- rc = dixLookupDrawable(&psrcDraw, stuff->srcDrawable, client, 0,
- DixReadAccess);
- if (rc != Success)
- return rc;
-
- if (pdstDraw->pScreen != psrcDraw->pScreen)
- {
- client->errorValue = stuff->dstDrawable;
- return (BadMatch);
- }
- }
- else
- psrcDraw = pdstDraw;
-
- flags = (TSOL_MAC|TSOL_DAC|TSOL_READOP);
- tsolres = TsolDrawablePrivate(psrcDraw, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success) {
- /* ignore the error message for DnD zap effect */
- return(client->noClientException);
- }
-
- flags = (TSOL_MAC|TSOL_DAC|TSOL_WRITEOP);
- tsolres = TsolDrawablePrivate(pdstDraw, client);
- if (tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE) != Success) {
- /* ignore the error message for DnD zap effect */
- return(client->noClientException);
- }
-
- status = (*TsolSavedProcVector[X_CopyPlane])(client);
-
- return (status);
-}
--- a/open-src/xserver/xorg/sun-src/tsol/tsolutils.c Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1052 +0,0 @@
-/*
- * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice (including the next
- * paragraph) shall be included in all copies or substantial portions of the
- * Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <stdio.h>
-#include <X11/X.h>
-#include <X11/Xproto.h>
-#include <X11/Xprotostr.h>
-#include "auditwrite.h"
-#include <bsm/audit_uevents.h>
-#include <regex.h>
-#include <priv.h>
-#include <X11/Xproto.h>
-#include "windowstr.h"
-#include "scrnintstr.h"
-#include "xkbstr.h"
-#include "xkbsrv.h"
-#include "tsol.h"
-#include "tsolinfo.h"
-#include "tsolpolicy.h"
-#include <X11/keysym.h>
-#include "misc.h"
-#include "inputstr.h"
-#include "propertyst.h"
-#include "panoramiXsrv.h"
-#include "registry.h"
-
-#define MAX_SL_ENTRY 256
-#define MAX_UID_ENTRY 64
-#define ALLOCATED 1
-#define EMPTIED 0
-#define FamilyTSOL 5
-#define TSOLUIDlength 4
-
-#define BOXES_OVERLAP(b1, b2) \
- (!( ((b1)->x2 <= (b2)->x1) || \
- ( ((b1)->x1 >= (b2)->x2)) || \
- ( ((b1)->y2 <= (b2)->y1)) || \
- ( ((b1)->y1 >= (b2)->y2)) ) )
-
-Bool priv_win_colormap = FALSE;
-Bool priv_win_config = FALSE;
-Bool priv_win_devices = FALSE;
-Bool priv_win_dga = FALSE;
-Bool priv_win_fontpath = FALSE;
-
-
-/*
- * The following need to be moved to tsolextension.c
- * after all references in Xsun is pulled out
- */
-WindowPtr tpwin = NULL; /* only one trusted path window at a time */
-TsolPolyInstInfoRec tsolpolyinstinfo;
-#define TsolMaxPolyNameSize 80
-/*
- * Use the NodeRec struct in tsolinfo.h. This is referenced
- * in policy routines. So we had to move it there
- */
-static TsolPolyAtomRec tsolpolyprop = {FALSE, 0, 0, NULL};
-static TsolPolyAtomRec tsolpolyseln = {TRUE, 0, 0, NULL};
-
-bclear_t SessionHI; /* HI Clearance */
-bclear_t SessionLO; /* LO Clearance */
-unsigned int StripeHeight = 0;
-uid_t OwnerUID = (uid_t)(-1);
-bslabel_t PublicObjSL;
-
-Atom tsol_lastAtom = None;
-int tsol_nodelength = 0;
-TsolNodePtr tsol_node = NULL;
-
-/* This structure is used for protocol request ListHosts */
-struct xUIDreply
-{
- unsigned char family;
- unsigned char pad;
- unsigned short length;
- int uid; /* uid type */
-};
-
-struct slentry
-{
- bslabel_t senlabel;
- char allocated;
-};
-
-static struct slentry sltable[MAX_SL_ENTRY];
-
-/* This table contains list of users who can connect to the server */
-struct uidentry
-{
- int userid; /* uid type */
- char allocated;
-};
-
-static struct uidentry uidtable[MAX_UID_ENTRY];
-
-/* Index must match with keywords */
-static char *tsolconfig_keywords[] = {"atom", "property", "selection",
- "extension", "privilege"};
-
-#define KEYWORDCOUNT sizeof(tsolconfig_keywords)/sizeof(char *)
-
-typedef struct _TsolConfig
-{
- int count;
- char **list;
-} TsolConfigRec;
-
-static TsolConfigRec tsolconfig[KEYWORDCOUNT] = {
- {0, NULL},
- {0, NULL},
- {0, NULL},
- {0, NULL},
- {0, NULL}
-};
-
-#define TSOL_ATOMCOUNT 4
-static const char *tsolatomnames[TSOL_ATOMCOUNT] = {
- "_TSOL_CMWLABEL_CHANGE",
- "_TSOL_GRABNOTIFY",
- "_TSOL_CLIENT_TERM",
- "_TSOL_SEL_AGNT"
-};
-
-static void
-init_TSOL_cached_SL(void)
-{
- sltable[0].allocated = ALLOCATED;
- bsllow (&(sltable[0].senlabel));
-
- sltable[1].allocated = ALLOCATED;
- bslhigh(&(sltable[1].senlabel));
-
-}
-
-/* Initialize UID table, this table should at least contains owner UID */
-static void
-init_TSOL_uid_table(void)
-{
- uidtable[0].allocated = ALLOCATED;
- uidtable[0].userid = 0;
-}
-
-#if UNUSED
-/* Count how many valid entried in the uid table */
-int
-count_uid_table(void)
-{
- int i, count = 0;
-
- /* Search entire table */
- for (i = 0; i < MAX_UID_ENTRY; i++)
- {
- if (uidtable[i].allocated == ALLOCATED)
- count++;
- }
- return (count);
-}
-
-/* return (1); if userid is in the table */
-int
-lookupUID(int userid)
-{
- int i;
- for (i = 0; i < MAX_UID_ENTRY; i++)
- {
- if (uidtable[i].allocated == ALLOCATED &&
- uidtable[i].userid == userid)
- {
- return (1); /* yes, found it */
- }
- }
- return (0); /* not found */
-}
-
-/* Passed into a pointer to a storage which is used to store UID */
-/* and nUid represents how many UID in the table(returned by count_uid_table) */
-int
-ListUID(
- struct xUIDreply * uidaddr,
- int nUid)
-{
- int i, j = 0;
-
- for (i = 0; i < MAX_UID_ENTRY; i++)
- {
- if (uidtable[i].allocated == ALLOCATED)
- {
- uidaddr[j].family = FamilyTSOL;
- uidaddr[j].length = TSOLUIDlength;
- uidaddr[j].uid = uidtable[i].userid;
- j++;
- }
- }
- if (nUid != j)
- {
- ErrorF("Invalid no. of uid entries? \n");
- return (0);
- }
-
- return (1);
-}
-#endif /* UNUSED */
-
-/* add userid into UIDtable */
-int
-AddUID(int *userid)
-{
-
- int i = 0;
-
- /*
- * Search entire uidtable, to prevent duplicate uid
- * entry in the table
- */
- while (i < MAX_UID_ENTRY)
- {
- if ((uidtable[i].allocated == ALLOCATED) &&
- (uidtable[i].userid == *userid))
- {
- /* this uid entry is already in the table; no-op */
- return (1); /* Success, uid in the table */
- }
- i++;
- }
-
- i = 0;
- /*
- * If we can find an empty entry, then add this uid
- * into the table
- */
- while (i < MAX_UID_ENTRY)
- {
- if (uidtable[i].allocated != ALLOCATED)
- {
- uidtable[i].allocated = ALLOCATED;
- uidtable[i].userid = *userid;
- return (1); /* Success, uid in the table */
- }
- i++;
- }
-
- /* uidtable overflow */
- ErrorF("Server problem: Please enlarge the table size of uidtable \n");
- return (0);
-}
-
-#if UNUSED
-/* remove userid from UIDtable */
-int
-RemoveUID(int *userid)
-{
- int i = 0;
-
- if (*userid == 0)
- {
- ErrorF("\n UID 0 can not be removed from server UID list");
- return (0);
- }
-
- while (i < MAX_UID_ENTRY)
- {
- if ((uidtable[i].allocated == ALLOCATED) &&
- (uidtable[i].userid == *userid))
- {
- /* delete this entry in the table */
- uidtable[i].allocated = EMPTIED;
- return (1); /* Success, uid in the table */
-
- }
- i++;
- }
-
- /* no such entry in the table, why delete it? no-op */
- return (0);
-}
-#endif
-
-
-
-
-bslabel_t *
-lookupSL_low(void)
-{
- return (&(sltable[0].senlabel));
-}
-
-
-bslabel_t *
-lookupSL(bslabel_t *slptr)
-{
- int i = 0;
-
- if (slptr == NULL)
- return (slptr);
-
- while ((i < MAX_SL_ENTRY) && sltable[i].allocated == ALLOCATED)
- {
- if (blequal(slptr, &(sltable[i].senlabel)))
- {
- /* found a matching sensitivity label in sltable */
- return (&(sltable[i].senlabel));
- }
- i++;
- }
-
- if (i < MAX_SL_ENTRY)
- {
- /*
- * can't find a matching entry in sltable,
- * however, we have empty entry to store this
- * new sensitivity label; store it.
- */
- sltable[i].allocated = ALLOCATED;
- memcpy (&(sltable[i].senlabel), slptr, sizeof (bslabel_t));
- return (&(sltable[i].senlabel));
- }
-
- /*
- * no matching entry in sltable, and no room to
- * store this new sensitivity label,
- * the server needs to recomplie with a larger slabel
- */
-
- ErrorF("Server problem: Please enlarge the table size of sltable \n");
- return (NULL);
-}
-
-static const int padlength[4] = {0, 3, 2, 1};
-
-/* Updated version based roughly on RREditConnectionInfo in randr/rrscreen.c */
-int
-DoScreenStripeHeight(int screen_num)
-{
- int i, j;
- xConnSetup *connSetup;
- char *vendor;
- xPixmapFormat *formats;
- xWindowRoot *root;
- xDepth *depth;
- xVisualType *visual;
- ScreenPtr pScreen;
- int old_height;
- float height_mult;
-
- connSetup = (xConnSetup *) ConnectionInfo;
- vendor = (char *) connSetup + sizeof (xConnSetup);
- formats = (xPixmapFormat *) ((char *) vendor +
- connSetup->nbytesVendor +
- padlength[connSetup->nbytesVendor & 3]);
- root = (xWindowRoot *) ((char *) formats +
- sizeof (xPixmapFormat) *
- screenInfo.numPixmapFormats);
- for (i = 0; i < screen_num; i++)
- {
- depth = (xDepth *) ((char *) root +
- sizeof (xWindowRoot));
- for (j = 0; j < (int)root->nDepths; j++)
- {
- visual = (xVisualType *) ((char *) depth +
- sizeof (xDepth));
- depth = (xDepth *) ((char *) visual +
- depth->nVisuals *
- sizeof (xVisualType));
-
- }
- root = (xWindowRoot *) ((char *) depth);
- }
- old_height = root->pixHeight;
-
- if (noPanoramiXExtension)
- {
- pScreen = screenInfo.screens[screen_num];
- root->pixHeight = pScreen->height - StripeHeight;
- } else
- {
- root->pixHeight = PanoramiXPixHeight - StripeHeight;
- }
-
- /* compute new millimeter height */
- height_mult = (1.0 * root->pixHeight) / old_height;
- root->mmHeight *= height_mult;
-
- return (0);
-}
-
-void
-init_xtsol(void)
-{
- bclearhigh(&SessionHI);
- bclearlow(&SessionLO);
- bsllow(&PublicObjSL);
- init_TSOL_cached_SL();
- init_TSOL_uid_table();
-
- auditwrite(AW_QUEUE, XAUDIT_Q_SIZE, AW_END);
-}
-
-/*
- * Converts keycode to keysym, helper function.
- * Modelled after Xlib code
- */
-static KeySym
-KeycodetoKeysym(KeyCode keycode, int col, KeySymsPtr curKeySyms)
-{
- int per = curKeySyms->mapWidth;
- KeySym *syms = curKeySyms->map;
- KeySym lsym = 0, usym = 0;
-
- if ((col < 0) || ((col >= per) && (col > 3)) ||
- ((int)keycode < curKeySyms->minKeyCode) ||
- ((int)keycode > curKeySyms->maxKeyCode))
- return NoSymbol;
-
- syms = &curKeySyms->map[(keycode - curKeySyms->minKeyCode) * per];
- if (col < 4) {
- if (col > 1) {
- while ((per > 2) && (syms[per - 1] == NoSymbol))
- per--;
- if (per < 3)
- col -= 2;
- }
- if ((per <= (col|1)) || (syms[col|1] == NoSymbol)) {
- if (!(col & 1))
- return lsym;
- else if (usym == lsym)
- return NoSymbol;
- else
- return usym;
- }
- }
- return syms[col];
-}
-
-/*
- * Converts keysym to a keycode
- * Modelled after Xlib code
- */
-static KeyCode
-KeysymToKeycode(KeySym ks, KeySymsPtr curKeySyms)
-{
- int i, j;
-
- for (j = 0; j < curKeySyms->mapWidth; j++) {
- for (i = curKeySyms->minKeyCode; i <= curKeySyms->maxKeyCode; i++) {
- if (KeycodetoKeysym((KeyCode) i, j, curKeySyms) == ks)
- return i;
- }
- }
- return 0;
-}
-
-/*
- * converts a keysym to modifier equivalent mask
- * Modelled after Xlib
- */
-static unsigned
-KeysymToModifier(KeySym ks, KeySymsPtr keysyms,
- KeyCode *modifierKeyMap, int maxKeysPerModifier)
-{
- CARD8 code, mods;
- KeySym *kmax;
- KeySym *k;
-
- kmax = keysyms->map + (keysyms->maxKeyCode - keysyms->minKeyCode + 1) *
- keysyms->mapWidth;
- k = keysyms->map;
- mods = 0;
- while (k < kmax) {
- if (*k == ks ) {
- int j = maxKeysPerModifier << 3;
-
- code = (((k - keysyms->map) / keysyms->mapWidth) + keysyms->minKeyCode);
-
- while (--j >= 0) {
- if (code == modifierKeyMap[j])
- mods |= (1 << (j / maxKeysPerModifier));
- }
- }
- k++;
- }
- return mods;
-}
-
-/*
- * Initialize Hot Key keys. On A Sun type 5/6 keyboard
- * It's Meta(Diamond) + Stop. On a non-Sun keyboard, it's
- * Alt + Break(Pause) key. Hold down the meta or alt key
- * press stop or break key.
- *
- * NOTE:
- * Both Left & Right keys for (Meta or Alt) return the
- * same modifier mask
- */
-void
-InitHotKey(DeviceIntPtr keybd)
-{
- HotKeyPtr hk = TsolKeyboardPrivate(keybd);
- KeySymsPtr curKeySyms = XkbGetCoreMap(keybd);
- int rc;
- int max_keys_per_mod = 0;
- KeyCode *modkeymap = NULL;
-
- rc = generate_modkeymap(serverClient, keybd,
- &modkeymap, &max_keys_per_mod);
-
- /* Meta + Stop */
- hk->shift = KeysymToModifier(XK_Meta_L, curKeySyms,
- modkeymap, max_keys_per_mod);
- hk->key = KeysymToKeycode(XK_L1, curKeySyms);
-
- /* Alt + Break/Pause */
- hk->altshift = KeysymToModifier(XK_Alt_L, curKeySyms,
- modkeymap, max_keys_per_mod);
- hk->altkey = KeysymToKeycode(XK_Pause, curKeySyms);
-
- hk->initialized = TRUE;
-}
-
-static void
-UpdateTsolConfig(char *keyword, char *value)
-{
- int i;
- int count;
- char **newlist;
-
- if (keyword == NULL || value == NULL)
- return; /* ignore incomplete entries */
-
- /* find a matching keyword */
- for (i = 0; i < KEYWORDCOUNT; i++) {
- if (strcmp(keyword, tsolconfig_keywords[i]) == 0) {
- break;
- }
- }
-
- /* Invalid keyword */
- if (i >= KEYWORDCOUNT) {
- ErrorF("Invalid keyword : %s\n", keyword);
- return;
- }
-
- count = tsolconfig[i].count;
- newlist = realloc(tsolconfig[i].list, (count + 1) * sizeof(char **));
- if (newlist == NULL) {
- ErrorF("Not enough memory for %s %s\n", keyword, value);
- return;
- }
-
- newlist[count] = strdup(value);
- tsolconfig[i].list = newlist;
- tsolconfig[i].count++;
-}
-
-static void
-InitPrivileges(void)
-{
- int i;
- int count;
- char **list;
-
- count = tsolconfig[TSOL_PRIVILEGE].count;
- list = tsolconfig[TSOL_PRIVILEGE].list;
-
- for (i = 0; i < count; i++) {
- if (strcmp(list[i], PRIV_WIN_COLORMAP) == 0)
- priv_win_colormap = TRUE;
- else if (strcmp(list[i], PRIV_WIN_CONFIG) == 0)
- priv_win_config = TRUE;
- else if (strcmp(list[i], PRIV_WIN_DEVICES) == 0)
- priv_win_devices = TRUE;
- else if (strcmp(list[i], PRIV_WIN_FONTPATH) == 0)
- priv_win_fontpath = TRUE;
- else if (strcmp(list[i], PRIV_WIN_DGA) == 0)
- priv_win_dga = TRUE;
- }
-}
-
-/*
- * Load Trusted Solaris configuration file
- */
-void
-LoadTsolConfig(void)
-{
- FILE *fp;
- char buf[BUFSIZ];
- char *keyword;
- char *value;
-
- /* open the file from /etc first followed by /usr */
- if ((fp = fopen(TSOLPOLICYFILE, "r")) == NULL) {
- ErrorF("Cannot load %s. Some desktop applications may not\n"
- "work correctly\n", TSOLPOLICYFILE);
- return;
- }
-
- /* Read and parse the config file */
- while (fgets(buf, sizeof (buf), fp) != NULL) {
-
- /* ignore all comments, lines starting with white space */
- if (buf[0] == '#' || isspace((int)buf[0]))
- continue;
-
- keyword = strtok(buf, " \t");
- value = strtok(NULL, " \t\n");
- UpdateTsolConfig(keyword, value);
- }
- fclose(fp);
-
- InitPrivileges();
-}
-
-
-/*
- * It does not really tell if this atom is to be polyinstantiated
- * or not. Further check should be done to determine this.
- */
-int
-SpecialName(const char *string, int len)
-{
-
- return (MatchTsolConfig(string, len));
-}
-
-
-void
-MakeTSOLAtoms(void)
-{
- int i;
- char *atomname;
-
- /* Create new TSOL atoms */
- for (i = 0; i < TSOL_ATOMCOUNT; i++) {
- if (MakeAtom(tsolatomnames[i], strlen(tsolatomnames[i]), TRUE) == None)
- AtomError();
- }
-
- /* Create atoms defined in config file */
- for (i = 0; i < tsolconfig[TSOL_ATOM].count; i++) {
- atomname = tsolconfig[TSOL_ATOM].list[i];
- if (MakeAtom(atomname, strlen(atomname), TRUE) == None) {
- AtomError();
- }
- }
-}
-
-/*
- * Names starting with a slash in selection.atoms and property.atoms
- * are treated as regular expressions to be matched against the
- * selection and property names. They may optionally end with a slash.
- */
-static int
-regexcompare(const char *string, int len, char *regexp)
-{
- int status;
- regex_t compiledregexp;
- char *regexpstrp;
- int regexpstrlen;
- char buffer[BUFSIZ];
-
- if (regexp[0] == '/' && len < BUFSIZ) {
- /* Extract regular expression from between slashes */
- regexpstrp = regexp + 1;
- regexpstrlen = strlen(regexpstrp);
- if (regexpstrp[regexpstrlen - 1] == '/')
- regexpstrp[regexpstrlen - 1] = '\0';
- /* Compile the regular expression */
- status = regcomp(&compiledregexp, regexpstrp,
- REG_EXTENDED | REG_NOSUB);
- if (status == 0) {
- /* Make null-terminated copy of string */
- memcpy(buffer, string, len);
- buffer[len] = '\0';
- /* Compare string to regular expression */
- status = regexec(&compiledregexp,
- buffer, (size_t) 0, NULL, 0);
- regfree(&compiledregexp);
-
- if (status == 0)
- return (TRUE);
- else
- return (FALSE);
- }
- } else if (strncmp(string, regexp, len) == 0) {
- return (TRUE);
- }
-
- return (FALSE);
-}
-
-int
-MatchTsolConfig(const char *name, int len)
-{
- int i;
- int count;
- char **list;
- unsigned int flags = 0;
-
- count = tsolconfig[TSOL_PROPERTY].count;
- list = tsolconfig[TSOL_PROPERTY].list;
- for (i = 0; i < count; i++) {
- if (regexcompare(name, len, list[i])) {
- flags |= TSOLM_PROPERTY;
- break;
- }
- }
-
- count = tsolconfig[TSOL_SELECTION].count;
- list = tsolconfig[TSOL_SELECTION].list;
- for (i = 0; i < count; i++) {
- if (regexcompare(name, len, list[i])) {
- flags |= TSOLM_SELECTION;
- break;
- }
- }
-
- return (flags);
-}
-
-TsolInfoPtr
-GetClientTsolInfo(ClientPtr client)
-{
- return TsolClientPrivate(client);
-}
-
-/* Property is polyinstantiated only on root window */
-int
-PolyProperty(Atom atom, WindowPtr pWin)
-{
- if (WindowIsRoot(pWin) &&
- ((!tsolpolyprop.polyinst && !(tsol_node[atom].IsSpecial & TSOLM_PROPERTY)) ||
- (tsolpolyprop.polyinst && (tsol_node[atom].IsSpecial & TSOLM_PROPERTY))))
- return TRUE;
- return FALSE;
-}
-
-int
-PolySelection(Atom atom)
-{
- if ((tsolpolyseln.polyinst && (tsol_node[atom].IsSpecial & TSOLM_SELECTION)) ||
- (!tsolpolyseln.polyinst && !(tsol_node[atom].IsSpecial & TSOLM_SELECTION)))
- return TRUE;
- return FALSE;
-}
-
-/*
- * client_private returns true if xid is owned/created by
- * client or is a default server xid
- */
-int
-client_private (ClientPtr client, XID xid)
-{
- if (same_client(client, xid) || (xid & SERVER_BIT))
- return TRUE;
- else
- return FALSE;
-}
-/*
- * Same as TopClientWin()
- * except that it returns a Window ID
- * and not a ptr
- */
-Window
-RootOfClient(WindowPtr pWin)
-{
- if (pWin)
- {
- return (TopClientWin(pWin)->drawable.id);
- }
- return (NULL);
-}
-
-#ifdef UNUSED
-/*
- * Return root window of pWin
- */
-WindowPtr
-RootWin(WindowPtr pWin)
-{
- if (pWin)
- {
- while (pWin->parent)
- pWin = pWin->parent;
- }
- return (pWin);
-}
-#endif
-
-Window
-RootOf(WindowPtr pWin)
-{
- if (pWin)
- {
- while (pWin->parent)
- pWin = pWin->parent;
- return (pWin->drawable.id);
- }
- return (NULL);
-}
-
-
-/*
- * same_client returns true if xid is owned/created by
- * client
- */
-int
-same_client (ClientPtr client, XID xid)
-{
- TsolInfoPtr tsolinfo_client;
- TsolInfoPtr tsolinfo_xid;
- ClientPtr xid_client;
-
- if (CLIENT_ID(xid) == 0 || (clients[CLIENT_ID(xid)] == NULL))
- return FALSE;
-
- if((SERVER_BIT & xid) == 0)
- {
- if (client->index == CLIENT_ID(xid))
- return TRUE;
- xid_client = clients[CLIENT_ID(xid)];
- tsolinfo_client = GetClientTsolInfo(client);
- tsolinfo_xid = GetClientTsolInfo(xid_client);
- if (tsolinfo_client && tsolinfo_xid && tsolinfo_client->pid > 0)
- {
- if (tsolinfo_client->pid == tsolinfo_xid->pid)
- return TRUE;
- }
- }
- return FALSE;
-}
-
-WindowPtr
-AnyWindowOverlapsJustMe(
- WindowPtr pWin,
- WindowPtr pHead,
- register BoxPtr box)
-{
- register WindowPtr pSib;
- BoxRec sboxrec;
- register BoxPtr sbox;
- TsolResPtr win_res = TsolWindowPrivate(pWin);
-
- for (pSib = pWin->prevSib; (pSib != NULL && pSib != pHead); pSib = pSib->prevSib)
- {
- TsolResPtr sib_res = TsolWindowPrivate(pSib);
-
- if (pSib->mapped && !bldominates(win_res->sl, sib_res->sl))
- {
- sbox = WindowExtents(pSib, &sboxrec);
- if (BOXES_OVERLAP(sbox, box)
-#ifdef SHAPE
- && ShapeOverlap (pWin, box, pSib, sbox)
-#endif
- )
- return(pSib);
- }
- }
- return((WindowPtr)NULL);
-}
-/*
- * Return Top level client window of pWin
- */
-WindowPtr
-TopClientWin(WindowPtr pWin)
-{
- ClientPtr client;
-
- if (pWin)
- {
- client = wClient(pWin);
- while (pWin->parent)
- {
- if (client != wClient(pWin->parent))
- break;
- pWin = pWin->parent;
- }
- }
- return (pWin);
-}
-
-/*
- * Matches in the list of disabled extensions via
- * the policy file (TrustedExtensionsPolicy)
- * Returns
- * TRUE - if a match is found
- * FALSE - otherwise
- */
-int
-TsolDisabledExtension(const char *extname)
-{
- int i;
-
- for (i = 0; i < tsolconfig[TSOL_EXTENSION].count; i++) {
- if (strcmp(extname, tsolconfig[TSOL_EXTENSION].list[i]) == 0) {
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
-/*****************************************************************************/
-/* Debug/error message utility functions */
-
-/* Returns a string representation of the access mode for debugging messages */
-_X_HIDDEN const char *
-TsolDixAccessModeNameString(Mask access_mode) {
- static char access_mode_str[1024];
- int l = 0;
-
- access_mode_str[0] = '\0';
-
-#define APPEND_MODENAME_IF_SET(mode) \
- if (access_mode & (mode)) \
- l = strlcat(access_mode_str, #mode " | ", sizeof(access_mode_str))
-
- APPEND_MODENAME_IF_SET(DixUnknownAccess);
- APPEND_MODENAME_IF_SET(DixReadAccess);
- APPEND_MODENAME_IF_SET(DixWriteAccess);
- APPEND_MODENAME_IF_SET(DixDestroyAccess);
- APPEND_MODENAME_IF_SET(DixCreateAccess);
- APPEND_MODENAME_IF_SET(DixGetAttrAccess);
- APPEND_MODENAME_IF_SET(DixSetAttrAccess);
- APPEND_MODENAME_IF_SET(DixListPropAccess);
- APPEND_MODENAME_IF_SET(DixGetPropAccess);
- APPEND_MODENAME_IF_SET(DixSetPropAccess);
- APPEND_MODENAME_IF_SET(DixGetFocusAccess);
- APPEND_MODENAME_IF_SET(DixSetFocusAccess);
- APPEND_MODENAME_IF_SET(DixListAccess);
- APPEND_MODENAME_IF_SET(DixAddAccess);
- APPEND_MODENAME_IF_SET(DixRemoveAccess);
- APPEND_MODENAME_IF_SET(DixHideAccess);
- APPEND_MODENAME_IF_SET(DixShowAccess);
- APPEND_MODENAME_IF_SET(DixBlendAccess);
- APPEND_MODENAME_IF_SET(DixGrabAccess);
- APPEND_MODENAME_IF_SET(DixFreezeAccess);
- APPEND_MODENAME_IF_SET(DixForceAccess);
- APPEND_MODENAME_IF_SET(DixInstallAccess);
- APPEND_MODENAME_IF_SET(DixUninstallAccess);
- APPEND_MODENAME_IF_SET(DixSendAccess);
- APPEND_MODENAME_IF_SET(DixReceiveAccess);
- APPEND_MODENAME_IF_SET(DixUseAccess);
- APPEND_MODENAME_IF_SET(DixManageAccess);
- APPEND_MODENAME_IF_SET(DixDebugAccess);
- APPEND_MODENAME_IF_SET(DixBellAccess);
-
- if ( (l > 3) && (l < sizeof(access_mode_str)) ) {
- /* strip off trailing " | " */
- access_mode_str[l - 3] = '\0';
- }
-
- return access_mode_str;
-}
-
-/* Returns a string representation of the tsol policy for debugging messages */
-_X_HIDDEN const char *
-TsolPolicyReturnString(int pr)
-{
- if (pr == XTSOL_FAIL) {
- return "FAIL";
- } else if (pr == XTSOL_ALLOW) {
- return "ALLOW";
- } else if (pr == XTSOL_IGNORE) {
- return "IGNORE";
- } else {
- static char str[32];
- snprintf(str, sizeof(str), "<unknown value %d>", pr);
- return str;
- }
-}
-
-_X_HIDDEN const char *
-TsolErrorNameString(int errcode)
-{
- const char *regentry = LookupErrorName(errcode);
-
- if (strcmp(regentry, XREGISTRY_UNKNOWN) == 0) {
- static char unknown_string[32];
-
- snprintf(unknown_string, sizeof(unknown_string),
- "error code #%d", errcode);
-
- return unknown_string;
- }
-
- return regentry;
-}
-
-_X_HIDDEN const char *
-TsolResourceTypeString(RESTYPE resource)
-{
- const char *regentry = LookupResourceName(resource);
-
- if (strcmp(regentry, XREGISTRY_UNKNOWN) == 0) {
- static char unknown_string[32];
-
- snprintf(unknown_string, sizeof(unknown_string),
- "resource type #%d", (uint_t) resource);
-
- return unknown_string;
- }
-
- return regentry;
-}
-
-_X_HIDDEN const char *
-TsolRequestNameString(int req)
-{
- const char *regentry;
-
- if (req < 0) {
- return "<no request>";
- }
-
- regentry = LookupMajorName(req);
-
- if (strcmp(regentry, XREGISTRY_UNKNOWN) == 0) {
- static char unknown_string[32];
-
- snprintf(unknown_string, sizeof(unknown_string),
- "request type #%d", req);
-
- return unknown_string;
- }
-
- return regentry;
-}
--- a/open-src/xserver/xorg/xtsol.patch Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,509 +0,0 @@
---- a/Makefile.am Thu Nov 6 14:44:45 2014
-+++ b/Makefile.am Thu Nov 6 14:45:18 2014
-@@ -35,6 +35,10 @@
- GLAMOR_DIR=glamor
- endif
-
-+if BUILD_TSOL_MODULE
-+TSOL_DIR=tsol
-+endif
-+
- SUBDIRS = \
- doc \
- man \
-@@ -59,6 +63,7 @@
- $(PRESENT_DIR) \
- $(DRI3_DIR) \
- IA \
-+ $(TSOL_DIR) \
- exa \
- $(GLAMOR_DIR) \
- config \
---- a/Xext/security.c Thu Nov 6 14:46:15 2014
-+++ b/Xext/security.c Thu Nov 6 14:46:44 2014
-@@ -1089,3 +1089,28 @@
- /* Label objects that were created before we could register ourself */
- SecurityLabelInitial();
- }
-+
-+/* API needed for Xtsol module to get/set client trustLevel */
-+_X_EXPORT unsigned int
-+getClientTrustLevel(ClientPtr client)
-+{
-+ SecurityStateRec *state;
-+
-+ state = dixLookupPrivate(&client->devPrivates, stateKey);
-+
-+ return state->trustLevel;
-+}
-+
-+_X_EXPORT unsigned int
-+setClientTrustLevel(ClientPtr client, unsigned int newLevel)
-+{
-+ SecurityStateRec *state;
-+ unsigned int oldLevel;
-+
-+ state = dixLookupPrivate(&client->devPrivates, stateKey);
-+ oldLevel = state->trustLevel;
-+ state->trustLevel = newLevel;
-+
-+ return oldLevel;
-+}
-+
---- a/configure.ac Thu Nov 6 14:46:57 2014
-+++ b/configure.ac Thu Nov 6 14:49:25 2014
-@@ -224,6 +224,14 @@
- AC_CHECK_LIB(m, sqrt)
- AC_CHECK_FUNCS([cbrt])
-
-+dnl Check for libtsol for Solaris Trusted Extensions module
-+AC_CHECK_LIB(tsol, bsllow, [BUILD_TSOL_MODULE=yes], [BUILD_TSOL_MODULE=no])
-+AM_CONDITIONAL(BUILD_TSOL_MODULE, [test x$BUILD_TSOL_MODULE = xyes])
-+if test "x$BUILD_TSOL_MODULE" = xyes; then
-+ TSOL_LIB='$(top_builddir)/tsol/libxtsol.la'
-+ TSOL_SYS_LIBS='-ltsol -ltsnet -lsecdb -lbsm'
-+fi
-+
- AC_CHECK_HEADERS([ndbm.h dbm.h rpcsvc/dbm.h])
-
- dnl AGPGART headers
-@@ -1802,6 +1810,8 @@
- if test "x$XVFB" = xyes; then
- XVFB_LIBS="$FB_LIB $FIXES_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB"
- XVFB_SYS_LIBS="$XVFBMODULES_LIBS $GLX_SYS_LIBS"
-+ XVFB_LIBS="$XVFB_LIBS $TSOL_LIB"
-+ XVFB_SYS_LIBS="$XVFB_SYS_LIBS $TSOL_SYS_LIBS"
- AC_SUBST([XVFB_LIBS])
- AC_SUBST([XVFB_SYS_LIBS])
- fi
-@@ -1823,6 +1833,8 @@
- fi
- XNEST_LIBS="$FB_LIB $FIXES_LIB $MI_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB $DIX_LIB $OS_LIB"
- XNEST_SYS_LIBS="$XNESTMODULES_LIBS $GLX_SYS_LIBS"
-+ XNEST_LIBS="$XNEST_LIBS $TSOL_LIB"
-+ XNEST_SYS_LIBS="$XNEST_SYS_LIBS $TSOL_SYS_LIBS"
- AC_SUBST([XNEST_LIBS])
- AC_SUBST([XNEST_SYS_LIBS])
- fi
-@@ -2400,6 +2412,7 @@
- KDRIVE_CFLAGS="$XSERVER_CFLAGS -DHAVE_KDRIVE_CONFIG_H $TSLIB_CFLAGS"
-
- KDRIVE_PURE_LIBS="$FB_LIB $MI_LIB $FIXES_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $OS_LIB"
-+ KDRIVE_PURE_LIBS="$KDRIVE_PURE_LIBS $TSOL_LIB"
- KDRIVE_LIB='$(top_builddir)/hw/kdrive/src/libkdrive.la'
- case $host_os in
- *linux*)
-@@ -2629,3 +2642,7 @@
-
- # Add Sun IA extension
- AC_OUTPUT([IA/Makefile])
-+
-+# Add Sun Trusted Extensions extension
-+AC_OUTPUT([tsol/Makefile])
-+
---- a/dix/dispatch.c Thu Nov 6 14:49:38 2014
-+++ b/dix/dispatch.c Thu Nov 6 14:52:07 2014
-@@ -73,8 +73,8 @@
-
- ******************************************************************/
-
--/* XSERVER_DTRACE additions:
-- * Copyright (c) 2005-2006, Oracle and/or its affiliates. All rights reserved.
-+/*
-+ * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
-@@ -162,6 +162,10 @@
-
- static void KillAllClients(void);
-
-+#ifdef TSOL
-+SecurityHookPtr pSecHook = NULL;
-+#endif /* TSOL */
-+
- static int nextFreeClientID; /* always MIN free client ID */
-
- static int nClients; /* number of authorized clients */
-@@ -890,7 +894,12 @@
- return Success;
- }
-
--static int
-+#ifdef TSOL
-+_X_EXPORT
-+#else
-+static
-+#endif
-+int
- GetGeometry(ClientPtr client, xGetGeometryReply * rep)
- {
- DrawablePtr pDraw;
-@@ -1971,7 +1980,12 @@
- return Success;
- }
-
--static int
-+#ifdef TSOL
-+_X_EXPORT
-+#else
-+static
-+#endif
-+int
- DoGetImage(ClientPtr client, int format, Drawable drawable,
- int x, int y, int width, int height,
- Mask planemask)
---- a/dix/events.c Thu Nov 6 14:52:18 2014
-+++ b/dix/events.c Thu Nov 6 14:56:46 2014
-@@ -2873,6 +2873,9 @@
- *
- * @returns the window at the given coordinates.
- */
-+#ifdef TSOL
-+_X_EXPORT
-+#endif
- WindowPtr
- XYToWindow(SpritePtr pSprite, int x, int y)
- {
---- a/dix/window.c Thu Nov 6 14:56:59 2014
-+++ b/dix/window.c Thu Nov 6 14:59:39 2014
-@@ -95,6 +95,33 @@
- Equipment Corporation.
-
- ******************************************************************/
-+/* Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the
-+ * "Software"), to deal in the Software without restriction, including
-+ * without limitation the rights to use, copy, modify, merge, publish,
-+ * distribute, and/or sell copies of the Software, and to permit persons
-+ * to whom the Software is furnished to do so, provided that the above
-+ * copyright notice(s) and this permission notice appear in all copies of
-+ * the Software and that both the above copyright notice(s) and this
-+ * permission notice appear in supporting documentation.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
-+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
-+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
-+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
-+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ *
-+ * Except as contained in this notice, the name of a copyright holder
-+ * shall not be used in advertising or otherwise to promote the sale, use
-+ * or other dealings in this Software without prior written authorization
-+ * of the copyright holder.
-+ */
-
- #ifdef HAVE_DIX_CONFIG_H
- #include <dix-config.h>
-@@ -181,6 +208,11 @@
-
- #define SubStrSend(pWin,pParent) (StrSend(pWin) || SubSend(pParent))
-
-+#ifdef TSOL
-+#include "extnsionst.h"
-+extern SecurityHookPtr pSecHook;
-+#endif /* TSOL */
-+
- #ifdef COMPOSITE
- static const char *overlay_win_name = "<composite overlay>";
- #endif
-@@ -1836,7 +1868,12 @@
- return Below;
- }
-
--static BoxPtr
-+#ifdef TSOL
-+_X_EXPORT
-+#else
-+static
-+#endif
-+BoxPtr
- WindowExtents(WindowPtr pWin, BoxPtr pBox)
- {
- pBox->x1 = pWin->drawable.x - wBorderWidth(pWin);
-@@ -1863,7 +1900,12 @@
- return pRgn;
- }
-
--static Bool
-+#ifdef TSOL
-+_X_EXPORT
-+#else
-+static
-+#endif
-+Bool
- ShapeOverlap(WindowPtr pWin, BoxPtr pWinBox, WindowPtr pSib, BoxPtr pSibBox)
- {
- RegionPtr pWinRgn, pSibRgn;
-@@ -2037,7 +2079,12 @@
- }
- }
-
--static void
-+#ifdef TSOL
-+_X_EXPORT
-+#else
-+static
-+#endif
-+void
- ReflectStackChange(WindowPtr pWin, WindowPtr pSib, VTKind kind)
- {
- /* Note that pSib might be NULL */
---- a/hw/xfree86/dixmods/Makefile.am Thu Nov 6 15:04:19 2014
-+++ b/hw/xfree86/dixmods/Makefile.am Thu Nov 6 15:04:35 2014
-@@ -56,3 +56,11 @@
- libia_la_LIBADD = $(top_builddir)/IA/libIA.la
- libia_la_SOURCES = iamodule.c
-
-+if BUILD_TSOL_MODULE
-+# Sun Trusted Extensions extension module additions
-+extsmodule_LTLIBRARIES += libxtsol.la
-+libxtsol_la_LDFLAGS = -avoid-version
-+libxtsol_la_LIBADD = $(top_builddir)/tsol/libxtsol.la $(PIXMAN_LIBS)
-+libxtsol_la_SOURCES = tsolmodule.c
-+endif
-+
---- a/include/dix.h Thu Nov 6 15:05:09 2014
-+++ b/include/dix.h Fri Nov 7 07:37:58 2014
-@@ -166,6 +166,14 @@
-
- extern _X_HIDDEN Bool CreateConnectionBlock(void);
-
-+#ifdef TSOL
-+extern _X_EXPORT int DoGetImage(ClientPtr client, int format, Drawable drawable,
-+ int x, int y, int width, int height,
-+ Mask planemask);
-+
-+extern _X_EXPORT int GetGeometry(ClientPtr client, xGetGeometryReply *rep);
-+#endif
-+
- /* dixutils.c */
-
- extern _X_EXPORT int CompareISOLatin1Lowered(const unsigned char * /*a */ ,
---- a/include/extnsionst.h Fri Nov 7 07:38:22 2014
-+++ b/include/extnsionst.h Fri Nov 7 07:39:41 2014
-@@ -43,6 +43,33 @@
- SOFTWARE.
-
- ******************************************************************/
-+/* Copyright (c) 2006, 2007, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the
-+ * "Software"), to deal in the Software without restriction, including
-+ * without limitation the rights to use, copy, modify, merge, publish,
-+ * distribute, and/or sell copies of the Software, and to permit persons
-+ * to whom the Software is furnished to do so, provided that the above
-+ * copyright notice(s) and this permission notice appear in all copies of
-+ * the Software and that both the above copyright notice(s) and this
-+ * permission notice appear in supporting documentation.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
-+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
-+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
-+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
-+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ *
-+ * Except as contained in this notice, the name of a copyright holder
-+ * shall not be used in advertising or otherwise to promote the sale, use
-+ * or other dealings in this Software without prior written authorization
-+ * of the copyright holder.
-+ */
-
- #ifndef EXTENSIONSTRUCT_H
- #define EXTENSIONSTRUCT_H
-@@ -54,6 +81,10 @@
- #include "gc.h"
- #include "privates.h"
-
-+#ifdef TSOL
-+#include "inputstr.h"
-+#endif /* TSOL */
-+
- typedef struct _ExtensionEntry {
- int index;
- void (*CloseDown) ( /* called at server shutdown */
-@@ -109,4 +140,20 @@
- extern _X_EXPORT ExtensionEntry *
- GetExtensionEntry(int major);
-
-+#ifdef TSOL
-+typedef struct
-+{
-+ XID (*CheckAuthorization)(unsigned int, char *, unsigned int,
-+ char *, ClientPtr , const char **);
-+ int (*ChangeWindowProperty)(ClientPtr, WindowPtr, Atom, Atom, int, int,
-+ unsigned long, void *, Bool);
-+ int (*DeleteProperty)(ClientPtr, WindowPtr, Atom);
-+ void (*DeleteClientFromAnySelections)(ClientPtr);
-+ void (*DeleteWindowFromAnySelections)(WindowPtr);
-+} SecurityHook, *SecurityHookPtr;
-+
-+extern _X_EXPORT SecurityHookPtr pSecHook;
-+
-+#endif /* TSOL */
-+
- #endif /* EXTENSIONSTRUCT_H */
---- a/include/input.h Fri Nov 7 07:39:53 2014
-+++ b/include/input.h Fri Nov 7 07:40:32 2014
-@@ -406,7 +406,7 @@
- int /*led */ ,
- Bool /*on */ );
-
--extern void MaybeStopHint(DeviceIntPtr /*device */ ,
-+extern _X_EXPORT void MaybeStopHint(DeviceIntPtr /*device */ ,
- ClientPtr /*client */ );
-
- extern void ProcessPointerEvent(InternalEvent * /* ev */ ,
---- a/include/window.h Fri Nov 7 07:39:55 2014
-+++ b/include/window.h Fri Nov 7 07:41:07 2014
-@@ -224,5 +224,11 @@
- extern _X_EXPORT void SetRootClip(ScreenPtr pScreen, Bool enable);
- extern _X_EXPORT void PrintWindowTree(void);
-
-+#ifdef TSOL
-+#include "validate.h" /* needed for VTKind enum definition */
-+extern _X_EXPORT void ReflectStackChange(WindowPtr pWin, WindowPtr pSib,
-+ VTKind kind);
-+#endif
-+
- extern _X_EXPORT VisualPtr WindowGetVisual(WindowPtr /*pWin*/);
- #endif /* WINDOW_H */
---- a/mi/miinitext.c Fri Nov 7 07:41:26 2014
-+++ b/mi/miinitext.c Fri Nov 7 07:41:57 2014
-@@ -89,6 +89,7 @@
- #undef DAMAGE
- #undef COMPOSITE
- #undef MITSHM
-+#undef TSOL
- #endif
-
- #ifdef HAVE_XNEST_CONFIG_H
-@@ -153,6 +154,9 @@
- #ifdef SolarisIAExtension
- { IANAME /* "SolarisIA" */, &noIAExtension },
- #endif
-+#ifdef TSOL
-+ { TSOLNAME /* "SUN_TSOL" */, &noXTSolExtension },
-+#endif
- #ifdef RES
- {"X-Resource", &noResExtension},
- #endif
---- a/os/connection.c Fri Nov 7 07:42:15 2014
-+++ b/os/connection.c Fri Nov 7 07:43:16 2014
-@@ -43,6 +43,34 @@
- SOFTWARE.
-
- ******************************************************************/
-+/* Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the
-+ * "Software"), to deal in the Software without restriction, including
-+ * without limitation the rights to use, copy, modify, merge, publish,
-+ * distribute, and/or sell copies of the Software, and to permit persons
-+ * to whom the Software is furnished to do so, provided that the above
-+ * copyright notice(s) and this permission notice appear in all copies of
-+ * the Software and that both the above copyright notice(s) and this
-+ * permission notice appear in supporting documentation.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
-+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
-+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
-+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
-+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ *
-+ * Except as contained in this notice, the name of a copyright holder
-+ * shall not be used in advertising or otherwise to promote the sale, use
-+ * or other dealings in this Software without prior written authorization
-+ * of the copyright holder.
-+ */
-+
- /*****************************************************************
- * Stuff to create connections --- OS dependent
- *
-@@ -256,6 +284,11 @@
-
- static void ErrorConnMax(XtransConnInfo /* trans_conn */ );
-
-+#ifdef TSOL
-+#include "extnsionst.h"
-+extern SecurityHookPtr pSecHook;
-+#endif /* TSOL */
-+
- static XtransConnInfo
- lookup_trans_conn(int fd)
- {
-@@ -675,6 +708,13 @@
- priv = (OsCommPtr) client->osPrivate;
- trans_conn = priv->trans_conn;
-
-+#ifdef TSOL
-+ if (pSecHook)
-+ auth_id = (*pSecHook->CheckAuthorization) (proto_n, auth_proto,
-+ string_n, auth_string, client, &reason);
-+ else
-+#endif /* TSOL */
-+
- /* Allow any client to connect without authorization on a launchd socket,
- because it is securely created -- this prevents a race condition on launch */
- if (trans_conn->flags & TRANS_NOXAUTH) {
---- a/Xext/securitysrv.h Fri Nov 7 07:44:28 2014
-+++ b/Xext/securitysrv.h Fri Nov 7 07:44:47 2014
-@@ -79,4 +79,8 @@
- /* Give this value or higher to the -audit option to get security messages */
- #define SECURITY_AUDIT_LEVEL 4
-
-+/* API needed for Xtsol module to get/set client trustLevel */
-+extern _X_EXPORT unsigned int getClientTrustLevel(ClientPtr client);
-+extern _X_EXPORT unsigned int setClientTrustLevel(ClientPtr client, unsigned int newLevel);
-+
- #endif /* _SECURITY_SRV_H */
---- a/mi/miinitext.c Fri Nov 7 12:39:13 2014
-+++ b/mi/miinitext.c Fri Nov 7 12:39:55 2014
-@@ -120,6 +120,21 @@
- Bool *disablePtr;
- } ExtensionToggle;
-
-+#define SolarisIAExtension
-+
-+#ifdef SolarisIAExtension
-+#include <X11/extensions/interactive.h>
-+#include "../IA/interactive_srv.h"
-+Bool noIAExtension;
-+extern void IAExtensionInit(void);
-+#endif
-+
-+#ifdef TSOL
-+#include "../tsol/tsolextension.h"
-+Bool noXTSolExtension;
-+extern void TsolExtensionInit(void);
-+#endif
-+
- static ExtensionToggle ExtensionToggleList[] = {
- /* sort order is extension name string as shown in xdpyinfo */
- {"Generic Events", &noGEExtension},
---- a/hw/xfree86/common/xf86Config.c Mon Jun 22 07:37:35 2015
-+++ b/hw/xfree86/common/xf86Config.c Mon Jun 22 07:37:50 2015
-@@ -119,6 +119,7 @@
- {.name = "shadow",.toLoad = TRUE,.load_opt = NULL},
- #endif
- {.name = "ia",.toLoad = TRUE,.load_opt = NULL},
-+ {.name = "xtsol",.toLoad = TRUE,.load_opt = NULL},
- {.name = NULL,.toLoad = FALSE,.load_opt = NULL}
- };
-
--- a/open-src/xserver/xvnc/README.txt Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xvnc/README.txt Wed Nov 18 14:43:45 2015 -0800
@@ -1,6 +1,6 @@
###############################################################################
#
-# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
@@ -29,7 +29,7 @@
The open source TigerVNC release is built using the Xorg server sources
to provide the X server portion of the sources for Xvnc. This provides
an Xvnc that includes the same features as Sun's Xorg, including Sun
- enhancements like Trusted Extensions support & Xserver DTrace probes.
+ enhancements like IA Extension support & Xserver DTrace probes.
Source code access
@@ -107,7 +107,7 @@
10. Are there known issues or bugs with this feature? If so, please provide
bug Ids and any known workarounds.
- See bugster for known bugs.
+ See 10006/X11/VNC in BugDB for known bugs.
11. How would one recognize if the new feature is working or not working?
(Note: The engineer will provide as much information as possible at
--- a/open-src/xserver/xvnc/solaris-port.patch Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xvnc/solaris-port.patch Wed Nov 18 14:43:45 2015 -0800
@@ -1,4 +1,4 @@
-# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
@@ -74,22 +74,17 @@
bin_PROGRAMS = Xvnc
-@@ -33,13 +33,21 @@ Xvnc_CPPFLAGS = $(XVNC_CPPFLAGS) -DTIGERVNC -DNO_HW_ONLY_EXTS -DNO_MODULE_EXTS \
+@@ -33,13 +33,16 @@ Xvnc_CPPFLAGS = $(XVNC_CPPFLAGS) -DTIGERVNC -DNO_HW_ONLY_EXTS -DNO_MODULE_EXTS \
-UHAVE_CONFIG_H \
-DXFree86Server -DVENDOR_RELEASE="$(VENDOR_RELEASE)" \
-DVENDOR_STRING="\"$(VENDOR_STRING)\"" -I$(TIGERVNC_SRCDIR)/common \
- -I$(top_srcdir)/include -I$(includedir)/pixman-1 -I$(includedir)
+ -I$(top_srcdir)/include $(PIXMAN_CFLAGS)
-+
-+if BUILD_TSOL_MODULE
-+TSOL_LIBS = ../../tsol/libxtsol.la
-+endif
Xvnc_LDADD = $(XVNC_LIBS) libvnccommon.la $(COMMON_LIBS) \
- $(XSERVER_LIBS) $(XSERVER_SYS_LIBS) $(XVNC_SYS_LIBS) -lX11
+ -ljpeg -lz \
+ ../../IA/libIA.la \
-+ $(TSOL_LIBS) \
+ $(XSERVER_LIBS) $(XSERVER_SYS_LIBS) $(XVNC_SYS_LIBS)
Xvnc_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
--- a/open-src/xserver/xvnc/sun-src/unix/xserver113.patch Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-
---- xserver/configure.ac Mon Sep 17 11:33:02 2012
-+++ xserver/configure.ac Mon Sep 17 11:35:17 2012
-@@ -31,7 +31,6 @@
- RELEASE_NAME="Iced Tea"
- AC_CONFIG_SRCDIR([Makefile.am])
- AM_INIT_AUTOMAKE([foreign dist-bzip2])
--AM_MAINTAINER_MODE
-
- # Require xorg-macros minimum of 1.14 for XORG_COMPILER_BRAND in XORG_DEFAULT_OPTIONS
- m4_ifndef([XORG_MACROS_VERSION],
-@@ -73,6 +72,7 @@
- AC_CONFIG_HEADERS(include/version-config.h)
-
- AM_PROG_AS
-+AC_PROG_CXX
- AC_PROG_LN_S
- AC_LIBTOOL_WIN32_DLL
- AC_DISABLE_STATIC
-@@ -1583,7 +1583,15 @@
- AC_SUBST([XVFB_SYS_LIBS])
- fi
-
-+dnl Xvnc DDX
-+AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XEXT_INC $FB_INC $MI_INC $RENDER_INC $RANDR_INC"])
-+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
-+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
-
-+dnl This is necessary to allow Xvnc to statically link with GnuTLS
-+AC_ARG_VAR(GNUTLS_LDFLAGS, [Custom linker flags for using GnuTLS, e.g. -L{GnuTLS directory}/lib -lgnutls])
-+AC_SUBST(GNUTLS_LDFLAGS)
-+
- dnl Xnest DDX
-
- PKG_CHECK_MODULES(XNESTMODULES, [$LIBXEXT x11 xau $XDMCP_MODULES], [have_xnest=yes], [have_xnest=no])
-@@ -1674,6 +1682,8 @@
- xorg_bus_bsdpci=no
- xorg_bus_sparc=no
-
-+AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
-+
- AC_MSG_CHECKING([whether to build Xorg PCI functions])
- if test "x$PCI" = xyes; then
-
-@@ -1839,7 +1849,6 @@
- AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
- AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
- AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
-- AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
- AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
- AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
- AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
-@@ -2305,6 +2314,7 @@
- hw/dmx/man/Makefile
- hw/vfb/Makefile
- hw/vfb/man/Makefile
-+hw/vnc/Makefile
- hw/xnest/Makefile
- hw/xnest/man/Makefile
- hw/xwin/Makefile
---- xserver/hw/Makefile.am Mon Sep 17 11:35:43 2012
-+++ xserver/hw/Makefile.am Mon Sep 17 11:35:55 2012
-@@ -33,7 +33,8 @@
- $(XNEST_SUBDIRS) \
- $(DMX_SUBDIRS) \
- $(KDRIVE_SUBDIRS) \
-- $(XQUARTZ_SUBDIRS)
-+ $(XQUARTZ_SUBDIRS) \
-+ vnc
-
- DIST_SUBDIRS = dmx xfree86 vfb xnest xwin xquartz kdrive
-
---- xserver/mi/miinitext.c Wed Oct 10 12:33:15 2012
-+++ xserver/mi/miinitext.c Wed Oct 10 12:33:49 2012
-@@ -136,6 +136,11 @@
- extern void TsolExtensionInit(void);
- #endif
-
-+#ifdef TIGERVNC
-+extern void vncExtensionInit(INITARGS);
-+#endif
-+
-+
- static ExtensionToggle ExtensionToggleList[] = {
- /* sort order is extension name string as shown in xdpyinfo */
- {"Generic Events", &noGEExtension},
-@@ -311,6 +316,9 @@
- #ifdef DPMSExtension
- {DPMSExtensionInit, DPMSExtensionName, &noDPMSExtension},
- #endif
-+#ifdef TIGERVNC
-+ {vncExtensionInit, "VNC", NULL},
-+#endif
- #ifdef RES
- {ResExtensionInit, XRES_NAME, &noResExtension},
- #endif
-
---- xserver/configure.ac Fri Oct 26 11:05:29 2012
-+++ xserver/configure.ac Fri Oct 26 11:07:28 2012
-@@ -1849,6 +1849,7 @@
- AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
- AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
- AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
-+ AC_DEFINE(XFree86LOADER, 1, [Building loadable XFree86 server])
- AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
- AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
- AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
--- a/open-src/xserver/xvnc/sun-src/unix/xserver117.patch Wed Nov 18 13:51:23 2015 -0800
+++ b/open-src/xserver/xvnc/sun-src/unix/xserver117.patch Wed Nov 18 14:43:45 2015 -0800
@@ -64,7 +64,7 @@
--- xserver/mi/miinitext.c Tue Nov 11 15:22:55 2014
+++ xserver/mi/miinitext.c Tue Nov 11 15:28:19 2014
@@ -135,6 +135,10 @@
- extern void TsolExtensionInit(void);
+ extern void IAExtensionInit(void);
#endif
+#ifdef TIGERVNC
--- a/pkg/legacy/SUNWxorg-tsol-module.p5m Wed Nov 18 13:51:23 2015 -0800
+++ b/pkg/legacy/SUNWxorg-tsol-module.p5m Wed Nov 18 14:43:45 2015 -0800
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
@@ -20,6 +20,5 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
#
-set name=pkg.fmri value=pkg:/[email protected],5.11-0.133
-set name=pkg.renamed value=true
-depend type=require fmri=pkg:/x11/trusted/[email protected]
+set name=pkg.fmri value=pkg:/[email protected],5.12-5.12.0.0.0.87.0
+set name=pkg.obsolete value=true
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/legacy/x11-trusted-libxtsol.p5m Wed Nov 18 14:43:45 2015 -0800
@@ -0,0 +1,23 @@
+# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice (including the next
+# paragraph) shall be included in all copies or substantial portions of the
+# Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+set name=pkg.fmri value=pkg:/x11/trusted/[email protected],5.12-5.12.0.0.0.87.0
+set name=pkg.obsolete value=true
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/legacy/x11-trusted-trusted-xorg.p5m Wed Nov 18 14:43:45 2015 -0800
@@ -0,0 +1,24 @@
+# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice (including the next
+# paragraph) shall be included in all copies or substantial portions of the
+# Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+set name=pkg.fmri \
+ value=pkg:/x11/trusted/[email protected],5.12-5.12.0.0.0.87.0
+set name=pkg.obsolete value=true
--- a/pkg/manifests/compatibility-packages-SUNWxwplt.p5m Wed Nov 18 13:51:23 2015 -0800
+++ b/pkg/manifests/compatibility-packages-SUNWxwplt.p5m Wed Nov 18 14:43:45 2015 -0800
@@ -182,9 +182,6 @@
# app/xinit
depend type=require fmri=pkg:/x11/session/xinit
-# lib/libXtsol
-depend type=require fmri=pkg:/x11/trusted/libxtsol
-
# app/rgb, xgamma, xhost, xinput, xmodmap, xprop, xrandr, xrdb
# xrefresh, xset, xsetroot
depend type=require fmri=pkg:/x11/x11-server-utilities
--- a/pkg/manifests/x11-server-xorg.p5m Wed Nov 18 13:51:23 2015 -0800
+++ b/pkg/manifests/x11-server-xorg.p5m Wed Nov 18 14:43:45 2015 -0800
@@ -209,7 +209,6 @@
dir path=usr/lib/xorg/modules/dri
dir path=usr/lib/xorg/modules/drivers
dir path=usr/lib/xorg/modules/extensions
-file path=usr/lib/xorg/modules/extensions/libia.so
dir path=usr/lib/xorg/modules/input
file path=usr/lib/xorg/modules/libexa.so
file path=usr/lib/xorg/modules/libfb.so
--- a/pkg/manifests/x11-server-xserver-common.p5m Wed Nov 18 13:51:23 2015 -0800
+++ b/pkg/manifests/x11-server-xserver-common.p5m Wed Nov 18 14:43:45 2015 -0800
@@ -50,7 +50,6 @@
file path=usr/demo/Xserver/mdb/list_Xserver_servergrab_client mode=0555
file path=usr/lib/mdb/proc/$(ARCH64)/Xserver.so
dir path=usr/lib/xorg
-file path=usr/lib/xorg/TrustedExtensionsPolicy overlay=allow preserve=renamenew
file path=usr/lib/xorg/protocol.txt
dir path=usr/share/doc/Xserver
file path=usr/share/doc/Xserver/Xserver-DTrace.html
--- a/pkg/manifests/x11-trusted-libxtsol.p5m Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-#
-set name=pkg.fmri value=pkg:/x11/trusted/libxtsol@$(OSPKGVERS)
-set name=pkg.summary \
- value="libXtsol - Solaris Trusted Extensions X11 extension client library"
-set name=pkg.description \
- value="Xlib-based client API for the Solaris Trusted Extensions (SUN_TSOL) extension to the X11 protocol"
-link path=usr/X11/lib/$(ARCH64)/libXtsol.so \
- target=../../../lib/$(ARCH64)/libXtsol.so
-link path=usr/X11/lib/$(ARCH64)/libXtsol.so.1 \
- target=../../../lib/$(ARCH64)/libXtsol.so.1
-link path=usr/X11/lib/libXtsol.so target=../../lib/libXtsol.so
-link path=usr/X11/lib/libXtsol.so.1 target=../../lib/libXtsol.so.1
-file path=usr/include/X11/extensions/Xtsol.h
-file path=usr/include/X11/extensions/Xtsolproto.h
-link path=usr/lib/$(ARCH64)/libXtsol.so target=libXtsol.so.1
-file path=usr/lib/$(ARCH64)/libXtsol.so.1
-link path=usr/lib/libXtsol.so target=libXtsol.so.1
-file path=usr/lib/libXtsol.so.1
-depend type=require fmri=pkg:/x11/header/x11-protocols facet.devel=true
--- a/pkg/manifests/x11-trusted-trusted-xorg.p5m Wed Nov 18 13:51:23 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-# Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a
-# copy of this software and associated documentation files (the "Software"),
-# to deal in the Software without restriction, including without limitation
-# the rights to use, copy, modify, merge, publish, distribute, sublicense,
-# and/or sell copies of the Software, and to permit persons to whom the
-# Software is furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice (including the next
-# paragraph) shall be included in all copies or substantial portions of the
-# Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-# DEALINGS IN THE SOFTWARE.
-#
-set name=pkg.fmri value=pkg:/x11/trusted/trusted-xorg@__version:xorg-server__
-set name=pkg.summary value="Xorg X server - Trusted Extensions support"
-set name=pkg.description \
- value="Loadable extension module for the Xorg X server to provide the XTSOL extension required to support labeled desktops under Trusted Extensions."
-file path=usr/lib/xorg/modules/extensions/libxtsol.so
-legacy pkg=SUNWxorg-tsol-module \
- desc="Solaris Trusted Extensions, Xorg X Server support" \
- name="Trusted Extensions, Xorg"
-# Requires Xorg itself of course
-depend type=require fmri=pkg:/x11/server/xorg
-# Requires the TrustedExtensionsPolicy file from xserver-common pkg, but
-# that is currently auto-added by open-src/xserver/Makefile.inc rules.
-# depend fmri=pkg:/x11/server/xserver-common type=require