# HG changeset patch # User Lokanath Das # Date 1150757103 25200 # Node ID 07b00e5ea8c8d1ac31806e29ed76832bee97f98e # Parent b52017b8441ee15bcf246aaa25ba99dd5f0170c1 Trusted Extensions bug fixes 6293567 Package names need to be changed from "Trusted Solaris" to "Solaris Trusted Extensions" 6387466 X server needs to generate audit records 6393844 TX: pkginfo for SUNWtsmc, and probably others, uses Trusted Solaris 6396755 Please add NAUTILUS_ACTIVE_DESKTOP_ID and _NET_WORKAREA to TrustedExtensionsPolicy files 6397574 With TX SL causes JDS (local zones) desktop unusable 6400613 xdpyinfo shows incorrect extensions list 6400625 Xsun core dump upon waking from screen saver 6414944 Optimize privilege checking in the X server 6423607 xhost +username@ fails with errors 6423611 X_ChangeKeyboardControl produces error causing application to exit 6424645 [tjds] right clisk on desktop and drop menu lists not functional in labeled workspaces diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/packages/SUNWxorg-tsol-module/depend --- a/XORG_NV/packages/SUNWxorg-tsol-module/depend Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/packages/SUNWxorg-tsol-module/depend Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ # or other dealings in this Software without prior written authorization # of the copyright holder. # -# ident "@(#)depend 1.2 06/03/06 SMI" +# ident "@(#)depend 1.3 06/05/30 SMI" # # Xorg Trusted Extensions # @@ -35,4 +35,4 @@ P SUNWcsu Core Solaris, (Usr) P SUNWcsl Core Solaris, (Shared Libs) P SUNWxorg-server X.Org Foundation Xserver -P SUNWxwts X Trusted Extensions +P SUNWxwts Trusted Extensions, X Windows diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/packages/SUNWxorg-tsol-module/pkginfo.tmpl --- a/XORG_NV/packages/SUNWxorg-tsol-module/pkginfo.tmpl Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/packages/SUNWxorg-tsol-module/pkginfo.tmpl Mon Jun 19 15:45:03 2006 -0700 @@ -26,21 +26,21 @@ # or other dealings in this Software without prior written authorization # of the copyright holder. # -#ident "@(#)pkginfo.tmpl 1.2 06/03/06" +#ident "@(#)pkginfo.tmpl 1.4 06/05/31" # PKG="SUNWxorg-tsol-module" -NAME="Xorg Server Trusted Extensions" +NAME="Trusted Extensions, Xorg" ARCH="ISA" VERSION=0.1,REV=0.2005.10.10 CATEGORY="system" -DESC="Trusted Extensions module the Xorg X Server" +DESC="Solaris Trusted Extensions, Xorg X Server support" BASEDIR="/usr" VENDOR="Sun Microsystems, Inc." HOTLINE="Please contact your local service provider" EMAIL="" MAXINST="1000" SUNW_PKGVERS=1.0 -SUNW_PRODNAME="X.Org Trusted Extensions for Solaris" +SUNW_PRODNAME="Trusted Extensions" SUNW_PRODVERS=1.0 SUNW_PKGTYPE=usr diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/TrustedExtensionsPolicy --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/TrustedExtensionsPolicy Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/TrustedExtensionsPolicy Mon Jun 19 15:45:03 2006 -0700 @@ -1,12 +1,13 @@ # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "@(#)TrustedExtensionsPolicy 1.1 04/08/03 SMI" +# ident "@(#)TrustedExtensionsPolicy 1.3 06/04/12 SMI" -# TrustedSolarisPolicy +# TrustedExtensionsPolicy # Syntax: name +# Blank lines or lines starting with # are ignored. # # property and selection can take a regular expression for name. # name must start with / for regular expresssions. @@ -157,11 +158,20 @@ property _MOTIF_ATOM_2 property _MOTIF_ATOM_3 property _MOTIF_DRAG_RECEIVER_INFO + +# +# Sun Ray Support +# property _SUN_CORONA_SESSION property _SUN_SUNRAY_SESSION property _SUN_SUNRAY_CONN_INFO property _SUN_SUNRAY_SESSION_GEOMETRY +# +# Multilevel JDS/GNOME Support +# +property NAUTILUS_ACTIVE_DESKTOP_ID +property _NET_WORKAREA selection Dtfile selection Dtpad diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsol.h --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsol.h Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsol.h Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ * of the copyright holder. */ -#pragma ident "@(#)tsol.h 1.3 06/03/07 SMI" +#pragma ident "@(#)tsol.h 1.5 06/04/18 SMI" /* * tsol.h server side extension @@ -56,3 +56,13 @@ extern int tsolWindowPrivateIndex; /* declared in tsol.c */ extern int tsolPixmapPrivateIndex; +extern int SpecialName(char *string, int len); +extern TsolInfoPtr GetClientTsolInfo(); +extern bslabel_t *lookupSL_low(); +extern int PolyPropReadable(PropertyPtr pProp, ClientPtr client); +extern void ReflectStackChange(WindowPtr pWin, WindowPtr pSib, VTKind kind); +extern WindowPtr TsolPointerWindow(); + +#ifdef PANORAMIX +extern int PanoramiXGetInputFocus(ClientPtr client); +#endif diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolextension.c --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolextension.c Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolextension.c Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ * of the copyright holder. */ -#pragma ident "@(#)tsolextension.c 1.11 06/03/07 SMI" +#pragma ident "@(#)tsolextension.c 1.16 06/06/08 SMI" #include #include @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -69,7 +70,8 @@ #define MAX_SCREENS 3 /* screens allowed */ #define EXTNSIZE 128 -extern Bool il_enabled; +#define SECURE_RPC_AUTH "SUN-DES-1" +#define SECURE_RPC_LEN 9 extern bslabel_t *lookupSL(); extern void (*ReplySwapVector[]) (); @@ -108,6 +110,8 @@ static void BreakAllGrabs(ClientPtr client); extern void init_xtsol(); +extern void init_win_privsets(); +extern void free_win_privsets(); extern int DoScreenStripeHeight(int screen_num); extern int AddUID(int *userid); @@ -121,6 +125,7 @@ extern int tsolPixmapPrivateIndex; static HotKeyRec hotkey = {FALSE, 0, 0, 0, 0}; +static int tsolMultiLevel = TRUE; int OwnerUIDint; extern uid_t OwnerUID; @@ -202,6 +207,10 @@ extern int ProcTsolGetImage(ClientPtr client); extern int ProcTsolQueryTree(ClientPtr client); extern int ProcTsolQueryPointer(ClientPtr client); +extern int ProcTsolQueryExtension(ClientPtr client); +extern int ProcTsolListExtensions(ClientPtr client); +extern int ProcTsolMapWindow(ClientPtr client); +extern int ProcTsolMapSubwindows(ClientPtr client); /* * Initialize the extension. Main entry point for this loadable @@ -225,9 +234,11 @@ return; } + tsolMultiLevel = TRUE; (void) setpflags(PRIV_AWARE, 1); init_xtsol(); + init_win_privsets(); extEntry = AddExtension(TSOLNAME, TSOL_NUM_EVENTS, TSOL_NUM_ERRORS, ProcTsolDispatch, SProcTsolDispatch, TsolReset, @@ -238,6 +249,7 @@ return; } + extEntry->secure = TRUE; TsolReqCode = (unsigned char) extEntry->base; tsolEventBase = extEntry->eventBase; @@ -333,6 +345,10 @@ ProcVector[X_GetImage] = ProcTsolGetImage; ProcVector[X_QueryTree] = ProcTsolQueryTree; ProcVector[X_QueryPointer] = ProcTsolQueryPointer; + ProcVector[X_QueryExtension] = ProcTsolQueryExtension; + ProcVector[X_ListExtensions] = ProcTsolListExtensions; + ProcVector[X_MapWindow] = ProcTsolMapWindow; + ProcVector[X_MapSubwindows] = ProcTsolMapSubwindows; } @@ -388,7 +404,6 @@ case X_PolyFillRectangle: case X_PolyFillArc: case X_PutImage: - case X_GetImage: case X_PolyText8: case X_PolyText16: case X_ImageText8: @@ -475,19 +490,33 @@ if (tsolinfo != NULL && tsolinfo->privs != NULL) { priv_freeset(tsolinfo->privs); } + /* Audit disconnect */ + if (system_audit_on && (au_preselect(AUE_ClientDisconnect, &(tsolinfo->amask), + AU_PRS_BOTH, AU_PRS_USECACHE) == 1)) { + auditwrite(AW_PRESELECT, &(tsolinfo->amask),AW_END); + auditwrite(AW_EVENTNUM, AUE_ClientDisconnect, + AW_XCLIENT, client->index, + AW_SLABEL, tsolinfo->sl, + AW_RETURN, 0, 0, AW_WRITE, AW_END); + + tsolinfo->flags &= ~TSOL_DOXAUDIT; + tsolinfo->flags &= ~TSOL_AUDITEVENT; + auditwrite(AW_FLUSH, AW_END); + auditwrite(AW_DISCARDRD, tsolinfo->asaverd, AW_END); + auditwrite(AW_NOPRESELECT, AW_END); + } break; + default: break; } } -/* - * Reset routine. Don't know what to put here yet - */ static void TsolReset() { + free_win_privsets(); } /* @@ -1145,7 +1174,7 @@ rep.pid = (CARD32) res_tsolinfo->pid; rep.gid = (CARD32) res_tsolinfo->gid; rep.auditid = (CARD32) res_tsolinfo->auid; - rep.sessionid = (CARD32) res_tsolinfo->sid; + rep.sessionid = (CARD32) res_tsolinfo->asid; rep.iaddr = (CARD32) res_tsolinfo->iaddr; rep.length = (CARD32) 0; @@ -1499,12 +1528,24 @@ { WindowPtr pWin, pParent; int err_code; + TsolInfoPtr tsolinfo; extern void ReflectStackChange(WindowPtr, WindowPtr, VTKind); REQUEST(xMakeTPWindowReq); REQUEST_SIZE_MATCH(xMakeTPWindowReq); + /* + * Session type single-level? This is set by the + * label builder + */ + tsolinfo = GetClientTsolInfo(client); + if (tsolinfo && HasTrustedPath(tsolinfo) && + blequal(&SessionLO, &SessionHI) && stuff->id == 0) { + tsolMultiLevel = FALSE; + return (client->noClientException); + } + pWin = LookupWindow(stuff->id, client); /* window should not be root but child of root */ @@ -1640,6 +1681,11 @@ priv_set_t *privs; const au_tid64_addr_t *tid64; const au_mask_t *amask; + au_mask_t mask; /* user audit mask */ + socklen_t namelen; + struct passwd *pw; + struct auditinfo auinfo; + struct auditinfo *pauinfo; OsCommPtr oc = (OsCommPtr)client->osPrivate; register ConnectionInputPtr oci = oc->input; int fd = oc->fd; @@ -1647,7 +1693,6 @@ extern au_id_t ucred_getauid(const ucred_t *uc); extern au_asid_t ucred_getasid(const ucred_t *uc); extern const au_mask_t *ucred_getamask(const ucred_t *uc); - extern const au_tid64_addr_t *ucred_getatid(const ucred_t *uc); TsolInfoPtr tsolinfo = (TsolInfoPtr) (client->devPrivates[tsolClientPrivateIndex].ptr); @@ -1672,34 +1717,19 @@ tsolinfo->sl = (bslabel_t *)lookupSL(sl); /* Set privileges */ - privs = (priv_set_t *)ucred_getprivset(uc, PRIV_EFFECTIVE); if ((tsolinfo->privs = priv_allocset()) != NULL) { - if (privs == NULL) { - priv_emptyset(tsolinfo->privs); + if (tsolMultiLevel) { + privs = (priv_set_t *)ucred_getprivset(uc, PRIV_EFFECTIVE); + if (privs == NULL) { + priv_emptyset(tsolinfo->privs); + } else { + priv_copyset(privs, tsolinfo->privs); + } } else { - priv_copyset(privs, tsolinfo->privs); + priv_fillset(tsolinfo->privs); } } - /* Set audit info */ - tsolinfo->auinfo.ai_auid = ucred_getauid(uc); - tsolinfo->auinfo.ai_asid = ucred_getasid(uc); - if ((amask = ucred_getamask(uc)) != NULL) { - tsolinfo->auinfo.ai_mask = *amask; - } - if ((tid64 = ucred_getatid(uc)) != NULL) { -#ifdef _LP64 - tsolinfo->auinfo.ai_termid = *tid64; -#else - tsolinfo->auinfo.ai_termid.at_type = tid64->at_type; - tsolinfo->auinfo.ai_termid.at_port = (tid64->at_port.at_major & MAXMIN32); - tsolinfo->auinfo.ai_termid.at_port |= (tid64->at_port.at_major & MAXMAJ32) << - NBITSMINOR32; - tsolinfo->auinfo.ai_termid.at_addr[0] = *(tid64->at_addr); -#endif - } - ucred_free(uc); - tsolinfo->priv_debug = FALSE; @@ -1717,59 +1747,148 @@ /* Set Trusted Path for local clients */ if (tsolinfo->zid == GLOBAL_ZONEID) { tsolinfo->trusted_path = TRUE; - client->trustLevel = XSecurityClientTrusted; }else { tsolinfo->trusted_path = FALSE; + } + + if (tsolinfo->trusted_path || !tsolMultiLevel) + client->trustLevel = XSecurityClientTrusted; + else client->trustLevel = XSecurityClientUntrusted; - } tsolinfo->forced_trust = 0; tsolinfo->iaddr = 0; bsllow(&admin_low); + + namelen = sizeof (tsolinfo->saddr); + if (getpeername(fd, (struct sockaddr *)&tsolinfo->saddr, &namelen) != 0) { + return; + } + /* Set reasonable defaults for remote clients */ if (tsolinfo->client_type == CLIENT_REMOTE) { + int errcode; + char hostbuf[NI_MAXHOST]; + tsol_host_type_t host_type; struct sockaddr sname; - socklen_t namelen; - char *rhost; - tsol_host_type_t host_type; - struct sockaddr_in *so = (struct sockaddr_in *)&sname; extern tsol_host_type_t tsol_getrhtype(char *); - namelen = sizeof (sname); - if (getpeername(fd, &sname, &namelen) == 0) { - tsolinfo->iaddr = so->sin_addr.s_addr; - rhost = inet_ntoa(so->sin_addr); - host_type = tsol_getrhtype(rhost); + /* Use NI_NUMERICHOST to avoid DNS lookup */ + errcode = getnameinfo((struct sockaddr *)&(tsolinfo->saddr), namelen, + hostbuf, sizeof(hostbuf), NULL, 0, NI_NUMERICHOST); + + if (errcode) { + perror(gai_strerror(errcode)); + } else { + host_type = tsol_getrhtype(hostbuf); if ((host_type == SUN_CIPSO) && - blequal(tsolinfo->sl, &admin_low)) { + blequal(tsolinfo->sl, &admin_low)) { tsolinfo->trusted_path = TRUE; client->trustLevel = XSecurityClientTrusted; priv_fillset(tsolinfo->privs); } } } - /* TBD: Initialize audit context here */ - { - au_mask_t mask; - struct passwd *pw = getpwuid(getuid()); - if ((pw != NULL) && (!au_user_mask(pw->pw_name, &mask))) { - if (!getaudit(&tsolinfo->aw_auinfo)) { - tsolinfo->aw_auinfo.ai_mask.am_success = mask.am_success; - tsolinfo->aw_auinfo.ai_mask.am_failure = mask.am_failure; - } - } - tsolinfo->sid = 0; + + /* setup audit context */ + if (getaudit(&auinfo) == 0) { + pauinfo = &auinfo; + } else { + pauinfo = NULL; + } + + /* Audit id */ + tsolinfo->auid = ucred_getauid(uc); + if (tsolinfo->auid == AU_NOAUDITID) { + tsolinfo->auid = UID_NOBODY; } + + /* session id */ + tsolinfo->asid = ucred_getasid(uc); + + /* Audit mask */ + if ((amask = ucred_getamask(uc)) != NULL) { + tsolinfo->amask = *amask; + } else { + if (pauinfo != NULL) { + tsolinfo->amask = pauinfo->ai_mask; + } else { + tsolinfo->amask.am_failure = 0; /* clear the masks */ + tsolinfo->amask.am_success = 0; + } + } + + tsolinfo->asaverd = 0; + + ucred_free(uc); } +static enum auth_stat tsol_why; + +static char * +tsol_authdes_decode(inmsg, len) +char *inmsg; +int len; +{ + struct rpc_msg msg; + char cred_area[MAX_AUTH_BYTES]; + char verf_area[MAX_AUTH_BYTES]; + char *temp_inmsg; + struct svc_req r; + bool_t res0, res1, auth_ret; + XDR xdr; + SVCXPRT xprt; + extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); + + temp_inmsg = (char *) xalloc(len); + memmove(temp_inmsg, inmsg, len); + + memset((char *)&msg, 0, sizeof(msg)); + memset((char *)&r, 0, sizeof(r)); + memset(cred_area, 0, sizeof(cred_area)); + memset(verf_area, 0, sizeof(verf_area)); + + msg.rm_call.cb_cred.oa_base = cred_area; + msg.rm_call.cb_verf.oa_base = verf_area; + tsol_why = AUTH_FAILED; + xdrmem_create(&xdr, temp_inmsg, len, XDR_DECODE); + + if ((r.rq_clntcred = (caddr_t) xalloc(MAX_AUTH_BYTES)) == NULL) + goto bad1; + r.rq_xprt = &xprt; + + /* decode into msg */ + res0 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_cred)); + res1 = xdr_opaque_auth(&xdr, &(msg.rm_call.cb_verf)); + if ( ! (res0 && res1) ) + goto bad2; + + /* do the authentication */ + + r.rq_cred = msg.rm_call.cb_cred; /* read by opaque stuff */ + if (r.rq_cred.oa_flavor != AUTH_DES) { + tsol_why = AUTH_TOOWEAK; + goto bad2; + } +#ifdef SVR4 + if ((tsol_why = __authenticate(&r, &msg)) != AUTH_OK) { +#else + if ((tsol_why = _authenticate(&r, &msg)) != AUTH_OK) { +#endif + goto bad2; + } + return (((struct authdes_cred *) r.rq_clntcred)->adc_fullname.name); + +bad2: + Xfree(r.rq_clntcred); +bad1: + return ((char *)0); /* ((struct authdes_cred *) NULL); */ +} static Bool -CheckNetName (addr, len, closure) - unsigned char *addr; - short len; - pointer closure; +TsolCheckNetName (unsigned char *addr, short len, pointer closure) { - return (len == strlen ((char *) closure) && + return (len == (short) strlen ((char *) closure) && strncmp ((char *) addr, (char *) closure, len) == 0); } @@ -1778,40 +1897,58 @@ TsolCheckAuthorization(unsigned int name_length, char *name, unsigned int data_length, char *data, ClientPtr client, char **reason) { - TsolInfoPtr tsolinfo = GetClientTsolInfo(client); char domainname[128]; char netname[128]; + char audit_ret; + u_int audit_val; + uid_t client_uid; + gid_t client_gid; + int client_gidlen; + char *fullname; + gid_t client_gidlist; + XID auth_token = (XID)(-1); + TsolInfoPtr tsolinfo = GetClientTsolInfo(client); + extern int getdomainname(char *, int); + if (tsolinfo->uid == -1) { + /* Retrieve uid from SecureRPC */ + if (strncmp(name, SECURE_RPC_AUTH, (size_t)name_length) == 0) { + fullname = tsol_authdes_decode(data, data_length); + if (fullname == NULL) { + ErrorF("Unable to authenticate Secure RPC client"); + } else { + if (netname2user(fullname, + &client_uid, &client_gid, + &client_gidlen, &client_gidlist)) { + tsolinfo->uid = client_uid; + } else { + ErrorF("netname2user failed"); + } + } + } + } + if (tsolinfo->uid == (uid_t)-1) { + tsolinfo->uid = UID_NOBODY; /* uid not available */ + } + /* Workstation Owner not set */ if (OwnerUID == (uid_t )(-1)) { if (HasTrustedPath(tsolinfo)) { - return (CheckAuthorization(name_length, name, data_length, - data, client, reason)); + auth_token = CheckAuthorization(name_length, name, data_length, + data, client, reason); } } else { - /* Reject all invalid SLs or invalid uids for local hosts */ - if (tsolinfo->sl == NULL || !bslvalid(tsolinfo->sl) || - (tsolinfo->client_type == CLIENT_LOCAL && - tsolinfo->uid == (uid_t)-1)) { - return ((XID)-1); - } - - /* uid needs to be retrieved from Secure RPC */ - if (tsolinfo->uid == -1) { - /* Temporary kludge */ - tsolinfo->uid = OwnerUID; - } - /* * Workstation Owner set, client must be within label * range or have trusted path */ if (tsolinfo->uid == OwnerUID) { - if ((bldominates(tsolinfo->sl, &SessionLO) && - bldominates(&SessionHI, tsolinfo->sl)) || - (HasTrustedPath(tsolinfo))) { - return ((XID)(tsolinfo->uid)); + if (tsolinfo->sl != NULL && + (bldominates(tsolinfo->sl, &SessionLO) && + bldominates(&SessionHI, tsolinfo->sl)) || + (HasTrustedPath(tsolinfo))) { + auth_token = (XID)(tsolinfo->uid); } } else { if (tsolinfo->uid != 0) { @@ -1820,7 +1957,7 @@ if (!user2netname(netname, tsolinfo->uid, domainname)) { return ((XID)-1); } - if (ForEachHostInFamily (FamilyNetname, CheckNetName, + if (ForEachHostInFamily (FamilyNetname, TsolCheckNetName, (pointer) netname)) { return ((XID)(tsolinfo->uid)); } else { @@ -1830,10 +1967,63 @@ } else /* Allow all connections from global zones for now */ if (HasTrustedPath(tsolinfo)) { - return ((XID)(tsolinfo->uid)); + auth_token = (XID)(tsolinfo->uid); } } } + + /* Audit the connection */ + if (auth_token == (XID)(-1)) { + audit_ret = (char )-1; /* failure */ + audit_val = 1; + } else { + audit_ret = 0; /* success */ + audit_val = 0; + } + + if (system_audit_on && + (au_preselect(AUE_ClientConnect, &(tsolinfo->amask), + AU_PRS_BOTH, AU_PRS_USECACHE) == 1)) { + int status; + u_short connect_port = 0; + struct in_addr *connect_addr = NULL; + struct sockaddr_in *sin; + struct sockaddr_in6 *sin6; + + switch (tsolinfo->saddr.ss_family) { + case AF_INET: + sin = (struct sockaddr_in *)&(tsolinfo->saddr); + connect_addr = &(sin->sin_addr); + connect_port = sin->sin_port; + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *)&(tsolinfo->saddr); + connect_addr = (struct in_addr *)&(sin6->sin6_addr); + connect_port = sin6->sin6_port; + break; + } + + if (connect_addr == NULL || connect_port == 0) { + status = auditwrite(AW_EVENTNUM, AUE_ClientConnect, + AW_XCLIENT, client->index, + AW_SLABEL, tsolinfo->sl, + AW_RETURN, audit_ret, audit_val, + AW_WRITE, AW_END); + } else { + status = auditwrite(AW_EVENTNUM, AUE_ClientConnect, + AW_XCLIENT, client->index, + AW_SLABEL, tsolinfo->sl, + AW_INADDR, connect_addr, + AW_IPORT, connect_port, + AW_RETURN, audit_ret, audit_val, + AW_WRITE, AW_END); + } + + if (!status) + (void) auditwrite(AW_FLUSH, AW_END); + tsolinfo->flags &= ~TSOL_DOXAUDIT; + tsolinfo->flags &= ~TSOL_AUDITEVENT; + } } static void diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolinfo.h --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolinfo.h Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolinfo.h Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ * of the copyright holder. */ -#pragma ident "@(#)tsolinfo.h 1.11 06/03/07 SMI" +#pragma ident "@(#)tsolinfo.h 1.14 06/05/25 SMI" #ifndef _TSOL_INFO_H @@ -43,7 +43,6 @@ #include #include #include -#include "tsolpriv.h" #include "misc.h" #include "dixstruct.h" #include "keysym.h" @@ -160,12 +159,6 @@ #define XTSOLTrusted(pWin)\ (((TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr))->flags & TRUSTED_MASK) -/* - * win_selection can be a process attribute or a priv - */ -#define HasWinSelection(tsolinfo)\ - (priv_test((tsolinfo->privs), PRIV_WIN_SELECTION)) - /********************************* * @@ -192,17 +185,17 @@ zoneid_t zid; /* zone id */ priv_set_t *privs; /* privileges */ bslabel_t *sl; /* sensitivity label */ - u_long sid; /* session id */ u_long iaddr; /* internet addr */ Bool trusted_path; /* has trusted path */ Bool priv_debug; /* do privilege debugging */ u_long flags; /* various flags */ int forced_trust; /* client masked as trusted */ - struct auditinfo_addr auinfo; /* audit addr */ au_id_t auid; /* audit id */ - au_tid_addr_t tid; /* terminal id */ - auditinfo_t aw_auinfo; /* audit info */ + au_mask_t amask; /* audit mask */ + au_asid_t asid; /* audit session id */ client_type_t client_type; /* Local or Remote client */ + int asaverd; + struct sockaddr_storage saddr; /* socket information */ } TsolInfoRec, *TsolInfoPtr; /* @@ -360,7 +353,7 @@ extern int tsolWindowPrivateIndex; extern int tsolPixmapPrivateIndex; extern uid_t OwnerUID; /* Workstation owner uid */ - +extern Bool system_audit_on; /********************************* * @@ -375,6 +368,17 @@ extern WindowPtr XYToWin(int x, int y); /* Defined in events.c */ extern Window RootOf(WindowPtr pWin); extern Window RootOfClient(WindowPtr pWin); +extern int TsolDisabledExtension(char *extname, int extlen); +extern int MatchTsolConfig(char *name, int len); +extern int HasWinSelection(TsolInfoPtr tsolinfo); +extern int same_client (ClientPtr client, XID xid); +extern int client_private (ClientPtr client, XID xid); +extern TsolPropPtr AllocTsolProp(); +extern bslabel_t *lookupSL_low(); +extern bslabel_t *lookupSL(bslabel_t *slptr); +extern BoxPtr WindowExtents(WindowPtr pWin, BoxPtr pBox); +extern Bool ShapeOverlap(WindowPtr pWin, BoxPtr pWinBox, + WindowPtr pSib, BoxPtr pSibBox); #ifdef __cplusplus diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.c --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.c Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.c Mon Jun 19 15:45:03 2006 -0700 @@ -26,12 +26,14 @@ * of the copyright holder. */ -#pragma ident "@(#)tsolpolicy.c 1.9 06/03/07 SMI" +#pragma ident "@(#)tsolpolicy.c 1.11 06/05/25 SMI" #include "X.h" #define NEED_REPLIES #define NEED_EVENTS #include +#include +#include #include #include #include @@ -56,6 +58,18 @@ #include "tsolinfo.h" #include "tsolpolicy.h" +static priv_set_t *pset_win_mac_read = NULL; +static priv_set_t *pset_win_mac_write = NULL; +static priv_set_t *pset_win_dac_read = NULL; +static priv_set_t *pset_win_dac_write = NULL; +static priv_set_t *pset_win_config = NULL; +static priv_set_t *pset_win_devices = NULL; +static priv_set_t *pset_win_fontpath = NULL; +static priv_set_t *pset_win_colormap = NULL; +static priv_set_t *pset_win_upgrade_sl = NULL; +static priv_set_t *pset_win_downgrade_sl = NULL; +static priv_set_t *pset_win_selection = NULL; + extern TsolInfoPtr GetClientTsolInfo(); extern int tsolWindowPrivateIndex; extern int tsolPixmapPrivateIndex; @@ -74,12 +88,14 @@ #define SAMECLIENT(client, xid) ((client)->index == CLIENT_ID(xid)) +int access_xid(xresource_t res, xmethod_t method, void *resource, + void *subject, xpolicy_t policy_flags, void *misc, + RESTYPE res_type, priv_set_t *which_priv); + +int check_priv(xresource_t res, xmethod_t method, void *resource, + void *subject, xpolicy_t policy_flags, void *misc, priv_set_t *priv); + #ifdef DEBUG -struct optimization_stats { - unsigned long pixel_count; - unsigned long window_count; -}; -struct optimization_stats opt_stats = {0, 0}; int xtsol_debug = XTSOL_FAIL; /* set it to 0 if no logging is required */ void XTsolErr(char *err_type, int protocol, bslabel_t *osl, @@ -134,7 +150,7 @@ */ int -xpriv_policy(priv_set_t *set, priv_t priv, xresource_t res, +xpriv_policy(priv_set_t *set, priv_set_t *priv, xresource_t res, xmethod_t method, void *subject, Bool do_audit) { int i; @@ -144,7 +160,7 @@ ClientPtr client = subject; TsolInfoPtr tsolinfo = GetClientTsolInfo(client); - if (priv_test(set, priv)) + if (priv_issubset(priv, set)) { status = 1; audit_status = 1; @@ -211,9 +227,6 @@ /* optimization based on client id */ if (SAMECLIENT(client, pWin->drawable.id)) { -#ifdef DEBUG - opt_stats.window_count++; -#endif /* DEBUG */ return PASSED; } /* @@ -225,7 +238,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit) || (tsolownerinfo && HasWinSelection(tsolownerinfo))) { @@ -253,7 +266,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -296,9 +309,6 @@ /* optimization based on client id */ if (SAMECLIENT(client, pWin->drawable.id)) { -#ifdef DEBUG - opt_stats.window_count++; -#endif /* DEBUG */ return PASSED; } /* @@ -321,7 +331,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -345,7 +355,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -420,7 +430,7 @@ { do_audit = TRUE; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -447,7 +457,7 @@ { do_audit = TRUE; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -512,7 +522,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -537,7 +547,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -637,7 +647,7 @@ tsolinfo->flags |= MAC_READ_AUDITED; } /* PRIV override? */ - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -665,7 +675,7 @@ do_audit = TRUE; tsolinfo->flags |= DAC_READ_AUDITED; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -681,12 +691,6 @@ } } } /* end if !SAMECLIENT */ - else - { -#ifdef DEBUG - opt_stats.pixel_count++; -#endif /* DEBUG */ - } if (do_audit) { @@ -768,7 +772,7 @@ do_audit = TRUE; tsolinfo->flags |= CONFIG_AUDITED; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_CONFIG, + if (xpriv_policy(tsolinfo->privs, pset_win_config, res, method, client, do_audit)) { ret_stat = PASSED; @@ -795,7 +799,7 @@ do_audit = TRUE; tsolinfo->flags |= MAC_WRITE_AUDITED; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -823,7 +827,7 @@ do_audit = TRUE; tsolinfo->flags |= DAC_WRITE_AUDITED; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -839,12 +843,6 @@ } } } /* end if SAMECLIENT */ - else - { -#ifdef DEBUG - opt_stats.pixel_count++; -#endif /* DEBUG */ - } if (do_audit) { @@ -879,7 +877,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -903,7 +901,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -952,7 +950,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -976,7 +974,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1025,7 +1023,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1049,7 +1047,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1103,7 +1101,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1128,7 +1126,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1189,7 +1187,7 @@ /* * Needs win_config priv */ - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_CONFIG, + if (xpriv_policy(tsolinfo->privs, pset_win_config, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1247,7 +1245,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1272,7 +1270,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1319,7 +1317,7 @@ void *subject, xpolicy_t policy_flags, void *misc) { return (access_xid(res, method, resource, subject, policy_flags, - misc, RT_GC, PRIV_WIN_DAC_READ)); + misc, RT_GC, pset_win_dac_read)); } /* @@ -1332,7 +1330,7 @@ unsigned int protocol = (unsigned int)misc; return (access_xid(res, method, resource, subject, policy_flags, - misc, RT_GC, PRIV_WIN_DAC_WRITE)); + misc, RT_GC, pset_win_dac_write)); } /* @@ -1343,7 +1341,7 @@ void *subject, xpolicy_t policy_flags, void *misc) { return (access_xid(res, method, resource, subject, policy_flags, - misc, RT_FONT, PRIV_WIN_DAC_READ)); + misc, RT_FONT, pset_win_dac_read)); } /* @@ -1354,7 +1352,7 @@ void *subject, xpolicy_t policy_flags, void *misc) { return (access_xid(res, method, resource, subject, policy_flags, - misc,RT_FONT, PRIV_WIN_DAC_WRITE)); + misc,RT_FONT, pset_win_dac_write)); } /* @@ -1365,7 +1363,7 @@ void *subject, xpolicy_t policy_flags, void *misc) { return (access_xid(res, method, resource, subject, policy_flags, - misc, RT_CURSOR, PRIV_WIN_DAC_WRITE)); + misc, RT_CURSOR, pset_win_dac_write)); } /* @@ -1394,11 +1392,11 @@ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; priv = - (method == TSOL_READ) ? PRIV_WIN_MAC_READ : PRIV_WIN_MAC_WRITE; + (method == TSOL_READ) ? pset_win_mac_read : pset_win_mac_write; /* * any colorcell owned by root is readable by all */ - if ((priv == PRIV_WIN_MAC_READ) && (pentp->uid == 0)) + if ((priv == pset_win_mac_read) && (pentp->uid == 0)) ret_stat = PASSED; else if (xpriv_policy(tsolinfo->privs, priv, res, method, client, do_audit)) @@ -1425,11 +1423,11 @@ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; priv = (method == TSOL_READ) ? - PRIV_WIN_DAC_READ : PRIV_WIN_DAC_WRITE; + pset_win_dac_read : pset_win_dac_write; /* * any colorcell owned by root is readable by all */ - if ((priv == PRIV_WIN_DAC_READ) && (pentp->uid == 0)) + if ((priv == pset_win_dac_read) && (pentp->uid == 0)) ret_stat = PASSED; else if (xpriv_policy(tsolinfo->privs, priv, res, method, client, do_audit)) @@ -1521,7 +1519,7 @@ return (PASSED); return (access_xid(res, method, (void *)(pcmp->mid), subject, policy_flags, - misc, RT_COLORMAP, PRIV_WIN_DAC_READ)); + misc, RT_COLORMAP, pset_win_dac_read)); } /* @@ -1538,7 +1536,7 @@ return (PASSED); return (access_xid(res, method,(void *)(pcmp->mid) , subject, policy_flags, - misc, RT_COLORMAP, PRIV_WIN_DAC_WRITE)); + misc, RT_COLORMAP, pset_win_dac_write)); } /* @@ -1568,7 +1566,7 @@ /* * check only win_colormap priv */ - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_COLORMAP, + if (xpriv_policy(tsolinfo->privs, pset_win_colormap, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1595,7 +1593,7 @@ int access_xid(xresource_t res, xmethod_t method, void *resource, void *subject, xpolicy_t policy_flags, void *misc, - RESTYPE res_type, priv_t which_priv) + RESTYPE res_type, priv_set_t *which_priv) { int ret_stat = PASSED; int object_code = 0; @@ -1695,7 +1693,7 @@ /* * No MAC & DAC. Check win_fontpath priv only */ - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_FONTPATH, + if (xpriv_policy(tsolinfo->privs, pset_win_fontpath, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1737,7 +1735,7 @@ /* * No MAC/DAC check. Needs win_devices priv */ - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DEVICES, + if (xpriv_policy(tsolinfo->privs, pset_win_devices, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1777,7 +1775,7 @@ /* * No MAC/DAC check. Needs win_devices priv */ - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DEVICES, + if (xpriv_policy(tsolinfo->privs, pset_win_devices, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1818,7 +1816,7 @@ */ if (tsolinfo->uid != OwnerUID) { - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_CONFIG, res, + if (xpriv_policy(tsolinfo->privs, pset_win_config, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1885,7 +1883,7 @@ /* PRIV override? */ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { status = PASSED; @@ -1950,7 +1948,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -1976,7 +1974,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2038,7 +2036,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2063,7 +2061,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2113,7 +2111,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2138,7 +2136,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2200,7 +2198,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2226,7 +2224,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2294,7 +2292,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2318,7 +2316,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2362,7 +2360,7 @@ else { return (check_priv(res, method, resource, subject, policy_flags, - misc, PRIV_WIN_CONFIG)); + misc, pset_win_config)); } } @@ -2380,7 +2378,7 @@ else { return (check_priv(res, method, resource, subject, policy_flags, - misc, PRIV_WIN_CONFIG)); + misc, pset_win_config)); } } @@ -2390,7 +2388,7 @@ */ int check_priv(xresource_t res, xmethod_t method, void *resource, - void *subject, xpolicy_t policy_flags, void *misc, priv_t priv) + void *subject, xpolicy_t policy_flags, void *misc, priv_set_t *priv) { int ret_stat = PASSED; int err_code = BadValue; @@ -2465,7 +2463,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2491,7 +2489,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2564,7 +2562,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2588,7 +2586,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2639,7 +2637,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2665,7 +2663,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2710,7 +2708,7 @@ { if (!SameClient(grab, client)) { - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DEVICES, + if (xpriv_policy(tsolinfo->privs, pset_win_devices, res, method, client)) { /* audit? */ @@ -2771,7 +2769,7 @@ do_audit = TRUE; tsolinfo->flags |= MAC_READ_AUDITED; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2801,7 +2799,7 @@ do_audit = TRUE; tsolinfo->flags |= DAC_READ_AUDITED; } - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_READ, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_read, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2906,7 +2904,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2930,7 +2928,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -2996,7 +2994,7 @@ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_CONFIG, + if (xpriv_policy(tsolinfo->privs, pset_win_config, res, method, client, do_audit)) { ret_stat = PASSED; @@ -3022,7 +3020,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_UPGRADE_SL, + if (xpriv_policy(tsolinfo->privs, pset_win_upgrade_sl, res, method, client, do_audit)) { ret_stat = PASSED; @@ -3039,7 +3037,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DOWNGRADE_SL, + if (xpriv_policy(tsolinfo->privs, pset_win_downgrade_sl, res, method, client, do_audit)) { ret_stat = PASSED; @@ -3103,7 +3101,7 @@ */ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit) || (tsolownerinfo && HasWinSelection(tsolownerinfo))) { @@ -3131,7 +3129,7 @@ { if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -3217,7 +3215,7 @@ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -3250,11 +3248,11 @@ if (tsolinfo->flags & TSOL_AUDITEVENT) do_audit = TRUE; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_MAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_mac_write, res, method, client, do_audit)) { ret_stat = PASSED; - if (xpriv_policy(tsolinfo->privs, PRIV_WIN_DAC_WRITE, + if (xpriv_policy(tsolinfo->privs, pset_win_dac_write, res, method, client, do_audit)) { ret_stat = PASSED; @@ -3304,12 +3302,6 @@ return BadAccess; } -int -priv_test(priv_set_t *set, priv_t priv) -{ - return (PRIV_ISASSERT(set, priv)); -} - /* * Return value of 0 success, errcode for failure * @@ -3494,3 +3486,65 @@ return ret_value; } } + +/* + * Allocate a single privilege set + */ +static priv_set_t * +alloc_win_priv(const char *priv) +{ + priv_set_t *pset; + + if ((pset = priv_allocset()) == NULL) { + perror("priv_allocset"); + FatalError("Cannot allocate privilege set"); + } + priv_emptyset(pset); + priv_addset(pset, priv); + + return pset; +} + +/* + * Initialize all string window privileges to the binary equivalent. + * Binary privilege testing is much faster than the string testing + */ +void +init_win_privsets() +{ + + pset_win_mac_read = alloc_win_priv(PRIV_WIN_MAC_READ); + pset_win_mac_write = alloc_win_priv(PRIV_WIN_MAC_WRITE); + pset_win_dac_read = alloc_win_priv(PRIV_WIN_DAC_READ); + pset_win_dac_write = alloc_win_priv(PRIV_WIN_DAC_WRITE); + pset_win_config = alloc_win_priv(PRIV_WIN_CONFIG); + pset_win_devices = alloc_win_priv(PRIV_WIN_DEVICES); + pset_win_fontpath = alloc_win_priv(PRIV_WIN_FONTPATH); + pset_win_colormap = alloc_win_priv(PRIV_WIN_COLORMAP); + pset_win_upgrade_sl = alloc_win_priv(PRIV_WIN_UPGRADE_SL); + pset_win_downgrade_sl = alloc_win_priv(PRIV_WIN_DOWNGRADE_SL); + pset_win_selection = alloc_win_priv(PRIV_WIN_SELECTION); +} + +void +free_win_privsets() +{ + priv_freeset(pset_win_mac_read); + priv_freeset(pset_win_mac_write); + priv_freeset(pset_win_dac_read); + priv_freeset(pset_win_dac_write); + priv_freeset(pset_win_config); + priv_freeset(pset_win_devices); + priv_freeset(pset_win_fontpath); + priv_freeset(pset_win_colormap); + priv_freeset(pset_win_upgrade_sl); + priv_freeset(pset_win_downgrade_sl); + priv_freeset(pset_win_selection); +} + +int +HasWinSelection(TsolInfoPtr tsolinfo) +{ + return (priv_issubset(pset_win_selection, (tsolinfo->privs))); +} + diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.h --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.h Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.h Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ * of the copyright holder. */ -#pragma ident "@(#)tsolpolicy.h 1.4 06/03/07 SMI" +#pragma ident "@(#)tsolpolicy.h 1.5 06/04/18 SMI" #ifndef _TSOL_POLICY_H @@ -38,7 +38,6 @@ extern "C" { #endif -#include "tsolpriv.h" #include #define PASSED 0 /* success code 0 */ diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpriv.h --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpriv.h Fri Jun 23 19:18:21 2006 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,119 +0,0 @@ -/* Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a - * copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, and/or sell copies of the Software, and to permit persons - * to whom the Software is furnished to do so, provided that the above - * copyright notice(s) and this permission notice appear in all copies of - * the Software and that both the above copyright notice(s) and this - * permission notice appear in supporting documentation. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS - * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT - * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL - * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Except as contained in this notice, the name of a copyright holder - * shall not be used in advertising or otherwise to promote the sale, use - * or other dealings in this Software without prior written authorization - * of the copyright holder. - */ - -#pragma ident "@(#)tsolpriv.h 1.2 06/03/07 SMI" - -#ifndef _SYS_TSOL_PRIV_H -#define _SYS_TSOL_PRIV_H - - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum priv_ftype { - PRIV_ALLOWED, - PRIV_FORCED -} priv_ftype_t; - -/* - * Privilege macros. - */ - -/* - * PRIV_ASSERT(a, b) setst.privilege "b" in privilege set "a". - */ -#define PRIV_ASSERT(a, b) (priv_addset(a, b)) - -/* - * PRIV_CLEAR(a,b) clearst.privilege "b" in privilege set "a". - */ -#define PRIV_CLEAR(a, b) (priv_delset(a, b)) - -/* - * PRIV_EQUAL(set_a, set_b) is true if set_a and set_b are identical. - */ -#define PRIV_EQUAL(a, b) (priv_isequalset(a, b)) -#define PRIV_EMPTY(a) (priv_emptyset(a)) -#define PRIV_FILL(a) (priv_fillset(a)) - -/* - * PRIV_ISASSERT tests if privilege 'b' is asserted in privilege set 'a'. - */ -#define PRIV_ISASSERT(a, b) (priv_ismember(a, b)) -#define PRIV_ISEMPTY(a) (priv_isemptyset(a)) -#define PRIV_ISFULL(a) (priv_isfullset(a)) - -/* - * This macro returns 1 if all privileges asserted in privilege set "a" - * are also asserted in privilege set "b" (i.e. if a is a subset of b) - */ -#define PRIV_ISSUBSET(a, b) (priv_issubset(a, b)) - -/* - * Takes intersection of "a" and "b" and stores in "b". - */ -#define PRIV_INTERSECT(a, b) (priv_intersect(a, b)) - -/* - * Replaces "a" with inverse of "a". - */ -#define PRIV_INVERSE(a) (priv_inverse(a)) - -/* - * Takes union of "a" and "b" and stores in "b". - */ -#define PRIV_UNION(a, b) (priv_union(a, b)) - - -#define PRIV_PROC_AUDIT_TCB ((const char *)"proc_audit") -#define PRIV_PROC_AUDIT_APPL ((const char *)"proc_audit") -# -#define PRIV_NET_REPLY_EQUAL ((const char *)"net_reply_equal") -# -#define PRIV_SYS_TRANS_LABEL ((const char *)"sys_trans_label") -#define PRIV_WIN_COLORMAP ((const char *)"win_colormap") -#define PRIV_WIN_CONFIG ((const char *)"win_config") -#define PRIV_WIN_DAC_READ ((const char *)"win_dac_read") -#define PRIV_WIN_DAC_WRITE ((const char *)"win_dac_write") -#define PRIV_WIN_DGA ((const char *)"win_dga") -#define PRIV_WIN_DEVICES ((const char *)"win_devices") -#define PRIV_WIN_DOWNGRADE_SL ((const char *)"win_downgrade_sl") -#define PRIV_WIN_FONTPATH ((const char *)"win_fontpath") -#define PRIV_WIN_MAC_READ ((const char *)"win_mac_read") -#define PRIV_WIN_MAC_WRITE ((const char *)"win_mac_write") -#define PRIV_WIN_SELECTION ((const char *)"win_selection") -#define PRIV_WIN_UPGRADE_SL ((const char *)"win_upgrade_sl") - -#ifdef __cplusplus -} -#endif - -#endif /* _SYS_TSOL_PRIV_H */ diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolprotocol.c --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolprotocol.c Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolprotocol.c Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ * of the copyright holder. */ -#pragma ident "@(#)tsolprotocol.c 1.8 06/03/07 SMI" +#pragma ident "@(#)tsolprotocol.c 1.12 06/05/25 SMI" #include #include @@ -68,106 +68,106 @@ #define MAX_AUDIT_EVENTS 100 int audit_eventsid[100][2] = { - X_CreateWindow, 9103, - X_ChangeWindowAttributes, 9104, - X_GetWindowAttributes, 9105, - X_DestroyWindow, 9106, - X_DestroySubwindows, 9107, - X_ChangeSaveSet, 9108, - X_ReparentWindow, 9109, - X_MapWindow, 9110, - X_MapSubwindows, 9111, - X_UnmapWindow, 9112, - X_UnmapSubwindows, 9113, - X_ConfigureWindow, 9114, - X_CirculateWindow, 9115, - X_GetGeometry, 9116, - X_QueryTree, 9117, - X_InternAtom, 9118, - X_GetAtomName, 9119, - X_ChangeProperty, 9120, - X_DeleteProperty, 9121, - X_GetProperty, 9122, - X_ListProperties, 9123, - X_SetSelectionOwner, 9124, - X_GetSelectionOwner, 9125, - X_ConvertSelection, 9126, - X_SendEvent, 9127, - X_GrabPointer, 9128, - X_UngrabPointer, 9129, - X_GrabButton, 9130, - X_UngrabButton, 9131, - X_ChangeActivePointerGrab, 9132, - X_GrabKeyboard, 9133, - X_UngrabKeyboard, 9134, - X_GrabKey, 9135, - X_UngrabKey, 9136, - X_GrabServer, 9137, - X_UngrabServer, 9138, - X_QueryPointer, 9139, - X_GetMotionEvents, 9140, - X_TranslateCoords, 9141, - X_WarpPointer, 9142, - X_SetInputFocus, 9143, - X_GetInputFocus, 9144, - X_QueryKeymap, 9145, - X_SetFontPath, 9146, - X_FreePixmap, 9147, - X_ChangeGC, 9148, - X_CopyGC, 9149, - X_SetDashes, 9150, - X_SetClipRectangles, 9151, - X_FreeGC, 9152, - X_ClearArea, 9153, - X_CopyArea, 9154, - X_CopyPlane, 9155, - X_PolyPoint, 9156, - X_PolyLine, 9157, - X_PolySegment, 9158, - X_PolyRectangle, 9159, - X_PolyArc, 9160, - X_FillPoly, 9161, - X_PolyFillRectangle, 9162, - X_PolyFillArc, 9163, - X_PutImage, 9164, - X_GetImage, 9165, - X_PolyText8, 9166, - X_PolyText16, 9167, - X_ImageText8, 9168, - X_ImageText16, 9169, - X_CreateColormap, 9170, - X_FreeColormap, 9171, - X_CopyColormapAndFree, 9172, - X_InstallColormap, 9173, - X_UninstallColormap, 9174, - X_ListInstalledColormaps, 9175, - X_AllocColor, 9176, - X_AllocNamedColor, 9177, - X_AllocColorCells, 9178, - X_AllocColorPlanes, 9179, - X_FreeColors, 9180, - X_StoreColors, 9181, - X_StoreNamedColor, 9182, - X_QueryColors, 9183, - X_LookupColor, 9184, - X_CreateCursor, 9185, - X_CreateGlyphCursor, 9186, - X_FreeCursor, 9187, - X_RecolorCursor, 9188, - X_ChangeKeyboardMapping, 9189, - X_ChangeKeyboardControl, 9190, - X_Bell, 9191, - X_ChangePointerControl, 9192, - X_SetScreenSaver, 9193, - X_ChangeHosts, 9194, - X_SetAccessControl, 9195, - X_SetCloseDownMode, 9196, - X_KillClient, 9197, - X_RotateProperties, 9198, - X_ForceScreenSaver, 9199, - X_SetPointerMapping, 9200, - X_SetModifierMapping, 9201, - X_NoOperation, 9202 + X_CreateWindow, AUE_CreateWindow, + X_ChangeWindowAttributes, AUE_ChangeWindowAttributes, + X_GetWindowAttributes, AUE_GetWindowAttributes, + X_DestroyWindow, AUE_DestroyWindow, + X_DestroySubwindows, AUE_DestroySubwindows, + X_ChangeSaveSet, AUE_ChangeSaveSet, + X_ReparentWindow, AUE_ReparentWindow, + X_MapWindow, AUE_MapWindow, + X_MapSubwindows, AUE_MapSubwindows, + X_UnmapWindow, AUE_UnmapWindow, + X_UnmapSubwindows, AUE_UnmapSubwindows, + X_ConfigureWindow, AUE_ConfigureWindow, + X_CirculateWindow, AUE_CirculateWindow, + X_GetGeometry, AUE_GetGeometry, + X_QueryTree, AUE_QueryTree, + X_InternAtom, AUE_InternAtom, + X_GetAtomName, AUE_GetAtomName, + X_ChangeProperty, AUE_ChangeProperty, + X_DeleteProperty, AUE_DeleteProperty, + X_GetProperty, AUE_GetProperty, + X_ListProperties, AUE_ListProperties, + X_SetSelectionOwner, AUE_SetSelectionOwner, + X_GetSelectionOwner, AUE_GetSelectionOwner, + X_ConvertSelection, AUE_ConvertSelection, + X_SendEvent, AUE_SendEvent, + X_GrabPointer, AUE_GrabPointer, + X_UngrabPointer, AUE_UngrabPointer, + X_GrabButton, AUE_GrabButton, + X_UngrabButton, AUE_UngrabButton, + X_ChangeActivePointerGrab, AUE_ChangeActivePointerGrab, + X_GrabKeyboard, AUE_GrabKeyboard, + X_UngrabKeyboard, AUE_UngrabKeyboard, + X_GrabKey, AUE_GrabKey, + X_UngrabKey, AUE_UngrabKey, + X_GrabServer, AUE_GrabServer, + X_UngrabServer, AUE_UngrabServer, + X_QueryPointer, AUE_QueryPointer, + X_GetMotionEvents, AUE_GetMotionEvents, + X_TranslateCoords, AUE_TranslateCoords, + X_WarpPointer, AUE_WarpPointer, + X_SetInputFocus, AUE_SetInputFocus, + X_GetInputFocus, AUE_GetInputFocus, + X_QueryKeymap, AUE_QueryKeymap, + X_SetFontPath, AUE_SetFontPath, + X_FreePixmap, AUE_FreePixmap, + X_ChangeGC, AUE_ChangeGC, + X_CopyGC, AUE_CopyGC, + X_SetDashes, AUE_SetDashes, + X_SetClipRectangles, AUE_SetClipRectangles, + X_FreeGC, AUE_FreeGC, + X_ClearArea, AUE_ClearArea, + X_CopyArea, AUE_CopyArea, + X_CopyPlane, AUE_CopyPlane, + X_PolyPoint, AUE_PolyPoint, + X_PolyLine, AUE_PolyLine, + X_PolySegment, AUE_PolySegment, + X_PolyRectangle, AUE_PolyRectangle, + X_PolyArc, AUE_PolyArc, + X_FillPoly, AUE_FillPolygon, + X_PolyFillRectangle, AUE_PolyFillRectangle, + X_PolyFillArc, AUE_PolyFillArc, + X_PutImage, AUE_PutImage, + X_GetImage, AUE_GetImage, + X_PolyText8, AUE_PolyText8, + X_PolyText16, AUE_PolyText16, + X_ImageText8, AUE_ImageText8, + X_ImageText16, AUE_ImageText16, + X_CreateColormap, AUE_CreateColormap, + X_FreeColormap, AUE_FreeColormap, + X_CopyColormapAndFree, AUE_CopyColormapAndFree, + X_InstallColormap, AUE_InstallColormap, + X_UninstallColormap, AUE_UninstallColormap, + X_ListInstalledColormaps, AUE_ListInstalledColormaps, + X_AllocColor, AUE_AllocColor, + X_AllocNamedColor, AUE_AllocNamedColor, + X_AllocColorCells, AUE_AllocColorCells, + X_AllocColorPlanes, AUE_AllocColorPlanes, + X_FreeColors, AUE_FreeColors, + X_StoreColors, AUE_StoreColors, + X_StoreNamedColor, AUE_StoreNamedColor, + X_QueryColors, AUE_QueryColors, + X_LookupColor, AUE_LookupColor, + X_CreateCursor, AUE_CreateCursor, + X_CreateGlyphCursor, AUE_CreateGlyphCursor, + X_FreeCursor, AUE_FreeCursor, + X_RecolorCursor, AUE_RecolorCursor, + X_ChangeKeyboardMapping, AUE_ChangeKeyboardMapping, + X_ChangeKeyboardControl, AUE_ChangeKeyboardControl, + X_Bell, AUE_Bell, + X_ChangePointerControl, AUE_ChangePointerControl, + X_SetScreenSaver, AUE_SetScreenSaver, + X_ChangeHosts, AUE_ChangeHosts, + X_SetAccessControl, AUE_SetAccessControl, + X_SetCloseDownMode, AUE_SetCloseDownMode, + X_KillClient, AUE_KillClient, + X_RotateProperties, AUE_RotateProperties, + X_ForceScreenSaver, AUE_ForceScreenSaver, + X_SetPointerMapping, AUE_SetPointerMapping, + X_SetModifierMapping, AUE_SetModifierMapping, + X_NoOperation, AUE_XExtensions }; extern void Swap32Write(); extern int (*TsolSavedProcVector[PROCVECTORSIZE])(ClientPtr /*client*/); @@ -1090,6 +1090,8 @@ tsolres->uid = tsolinfo->uid; tsolres->sl = tsolinfo->sl; } + + return (Success); } int @@ -1441,104 +1443,131 @@ ProcTsolChangeKeyboardMapping(client) ClientPtr client; { - int err_code; + int status; + int savedtrust = client->trustLevel; - if (err_code = xtsol_policy(TSOL_RES_KEYMAP, TSOL_MODIFY, + client->trustLevel = XSecurityClientTrusted; + + if (xtsol_policy(TSOL_RES_KEYMAP, TSOL_MODIFY, NULL, client, TSOL_ALL, (void *)MAJOROP)) { - /* Ignore error */ - return client->noClientException; + status = client->noClientException; /* ignore error */ } else { - return (*TsolSavedProcVector[X_ChangeKeyboardMapping])(client); + status = (*TsolSavedProcVector[X_ChangeKeyboardMapping])(client); } + + client->trustLevel = savedtrust; + return (status); } int ProcTsolSetPointerMapping(client) ClientPtr client; { - int err_code; + int status; + int savedtrust = client->trustLevel; - if (err_code = xtsol_policy(TSOL_RES_PTRMAP, TSOL_MODIFY, + client->trustLevel = XSecurityClientTrusted; + + if (xtsol_policy(TSOL_RES_PTRMAP, TSOL_MODIFY, NULL, client, TSOL_ALL, (void *)MAJOROP)) { - /* Ignore error */ - return Success; + status = Success; /* ignore error */ } else { - return (*TsolSavedProcVector[X_SetPointerMapping])(client); + status = (*TsolSavedProcVector[X_SetPointerMapping])(client); } + + client->trustLevel = savedtrust; + return (status); } int ProcTsolChangeKeyboardControl(client) ClientPtr client; { - int err_code; + int status; + int savedtrust = client->trustLevel; - if (err_code = xtsol_policy(TSOL_RES_KBDCTL, TSOL_MODIFY, + client->trustLevel = XSecurityClientTrusted; + + if (xtsol_policy(TSOL_RES_KBDCTL, TSOL_MODIFY, NULL, client, TSOL_ALL, (void *)MAJOROP)) { - /* Ignore error */ - return Success; + status = Success; /* ignore error */ } else { - return (*TsolSavedProcVector[X_ChangeKeyboardControl])(client); + status = (*TsolSavedProcVector[X_ChangeKeyboardControl])(client); } + + client->trustLevel = savedtrust; + return (status); } int ProcTsolBell(client) ClientPtr client; { - int err_code; + int status; + int savedtrust = client->trustLevel; - if (err_code = xtsol_policy(TSOL_RES_BELL, TSOL_MODIFY, + client->trustLevel = XSecurityClientTrusted; + + if (xtsol_policy(TSOL_RES_BELL, TSOL_MODIFY, NULL, client, TSOL_ALL, (void *)MAJOROP)) { - /* Ignore error */ - return Success; + status = Success; /* ignore error */ } else { - return (*TsolSavedProcVector[X_Bell])(client); + status = (*TsolSavedProcVector[X_Bell])(client); } + + client->trustLevel = savedtrust; + return (status); } int ProcTsolChangePointerControl(client) ClientPtr client; { - int err_code; + int status; + int savedtrust = client->trustLevel; - if (err_code = xtsol_policy(TSOL_RES_PTRCTL, TSOL_MODIFY, + client->trustLevel = XSecurityClientTrusted; + + if (xtsol_policy(TSOL_RES_PTRCTL, TSOL_MODIFY, NULL, client, TSOL_ALL, (void *)MAJOROP)) { - /* Ignore error */ - return Success; + status = Success; /* ignore error */ } else { - return (*TsolSavedProcVector[X_ChangePointerControl])(client); + status = (*TsolSavedProcVector[X_ChangePointerControl])(client); } + + client->trustLevel = savedtrust; + return (status); } int ProcTsolSetModifierMapping(client) ClientPtr client; { + xSetModifierMappingReply rep; REQUEST(xSetModifierMappingReq); KeyCode *inputMap; int inputMapLen; register int i; - int err_code; + int status; DeviceIntPtr keybd = inputInfo.keyboard; register KeyClassPtr keyc = keybd->key; + int savedtrust = client->trustLevel; REQUEST_AT_LEAST_SIZE(xSetModifierMappingReq); @@ -1571,8 +1600,9 @@ rep.sequenceNumber = client->sequence; rep.success = MappingSuccess; + client->trustLevel = XSecurityClientTrusted; - if (err_code = xtsol_policy(TSOL_RES_MODMAP, TSOL_MODIFY, + if (xtsol_policy(TSOL_RES_MODMAP, TSOL_MODIFY, NULL, client, TSOL_ALL, (void *)MAJOROP)) { /* @@ -1582,12 +1612,15 @@ */ SendMappingNotify(MappingModifier, 0, 0,client); WriteReplyToClient(client, sizeof(xSetModifierMappingReply), &rep); - return(client->noClientException); + status = client->noClientException; } else { - return (*TsolSavedProcVector[X_SetModifierMapping])(client); + status = (*TsolSavedProcVector[X_SetModifierMapping])(client); } + + client->trustLevel = savedtrust; + return (status); } void @@ -1611,13 +1644,17 @@ } } -void -ResetStripeWindow() +static void +ResetStripeWindow(ClientPtr client) { WindowPtr pParent; + WindowPtr pWin = NULL; - /* Ignore if stripe is not set */ - if (!tpwin) + /* Validate trusted stripe window */ + if (tpwin) + pWin = LookupWindow(tpwin->drawable.id, client); + + if (tpwin == NullWindow || pWin == NullWindow) return; pParent = tpwin->parent; @@ -1676,7 +1713,7 @@ else tsolres->flags = 0; - ResetStripeWindow(); + ResetStripeWindow(client); return result; } @@ -1703,7 +1740,7 @@ } result = (*TsolSavedProcVector[X_ChangeWindowAttributes])(client); - ResetStripeWindow(); + ResetStripeWindow(client); return result; } @@ -1715,7 +1752,7 @@ int result; result = (*TsolSavedProcVector[X_ConfigureWindow])(client); - ResetStripeWindow(); + ResetStripeWindow(client); return result; } @@ -1727,7 +1764,7 @@ int result; result = (*TsolSavedProcVector[X_CirculateWindow])(client); - ResetStripeWindow(); + ResetStripeWindow(client); return result; } @@ -1739,7 +1776,7 @@ int result; result = (*TsolSavedProcVector[X_ReparentWindow])(client); - ResetStripeWindow(); + ResetStripeWindow(client); return result; } @@ -2048,6 +2085,7 @@ register ClientPtr client; { int result; + int savedtrust = client->trustLevel; REQUEST(xChangeHostsReq); @@ -2057,7 +2095,11 @@ client, TSOL_ALL, (void *)MAJOROP)) return (result); - return (*TsolSavedProcVector[X_ChangeHosts])(client); + client->trustLevel = XSecurityClientTrusted; + result = (*TsolSavedProcVector[X_ChangeHosts])(client); + client->trustLevel = savedtrust; + + return (result); } int @@ -2065,6 +2107,7 @@ register ClientPtr client; { int result; + int savedtrust = client->trustLevel; REQUEST(xSetAccessControlReq); @@ -2077,7 +2120,11 @@ return (result); } - return (*TsolSavedProcVector[X_SetAccessControl])(client); + client->trustLevel = XSecurityClientTrusted; + result = (*TsolSavedProcVector[X_SetAccessControl])(client); + client->trustLevel = savedtrust; + + return (result); } int @@ -2533,61 +2580,53 @@ char audit_ret = (char)NULL; TsolInfoPtr tsolinfo = (TsolInfoPtr)NULL; tsolinfo = GetClientTsolInfo(client); - if (system_audit_on && - (tsolinfo->aw_auinfo.ai_mask.am_success || - tsolinfo->aw_auinfo.ai_mask.am_failure)) - { - do_x_audit = TRUE; - auditwrite(AW_PRESELECT, &(tsolinfo->aw_auinfo.ai_mask), AW_END); - } - return; - /* - * X audit events start from 9101 in audit_uevents.h. The first two - * events are non-protocol ones viz. ClientConnect, mapped to 9101 - * and ClientDisconnect, mapped to 9102. - * The protocol events are mapped from 9103 onwards in the serial - * order of their respective protocol opcode, for eg, the protocol - * UngrabPointer which is has a protocol opcode 27 is mapped to - * 9129 (9102 + 27). - * All extension protocols are mapped to a single audit event - * AUE_XExtension as opcodes are assigined dynamically to these - * protocols. We set the extension protocol opcode to be 128, one - * more than the last standard opcode. - */ - protocol = (unsigned int)MAJOROP; - if (protocol > X_NoOperation) - { - xevent_num = audit_eventsid[MAX_AUDIT_EVENTS - 1][1]; - audit_event = TRUE; - } - else - { - for (count = 0; count < MAX_AUDIT_EVENTS; count++) - { - if (protocol == audit_eventsid[count][0]) - { - xevent_num = audit_eventsid[count][1]; + if (system_audit_on && + (tsolinfo->amask.am_success || tsolinfo->amask.am_failure)) { + + do_x_audit = TRUE; + auditwrite(AW_PRESELECT, &(tsolinfo->amask), AW_END); + + /* + * X audit events start from 9101 in audit_uevents.h. The first two + * events are non-protocol ones viz. ClientConnect, mapped to 9101 + * and ClientDisconnect, mapped to 9102. + * The protocol events are mapped from 9103 onwards in the serial + * order of their respective protocol opcode, for eg, the protocol + * UngrabPointer which is has a protocol opcode 27 is mapped to + * 9129 (9102 + 27). + * All extension protocols are mapped to a single audit event + * AUE_XExtension as opcodes are assigined dynamically to these + * protocols. We set the extension protocol opcode to be 128, one + * more than the last standard opcode. + */ + protocol = (unsigned int)MAJOROP; + if (protocol > X_NoOperation) { + xevent_num = audit_eventsid[MAX_AUDIT_EVENTS - 1][1]; + audit_event = TRUE; + } else { + for (count = 0; count < MAX_AUDIT_EVENTS; count++) { + if (protocol == audit_eventsid[count][0]) { + xevent_num = audit_eventsid[count][1]; audit_event = TRUE; break; - } - } - } - if (audit_event && - do_x_audit && - (au_preselect(xevent_num, - &(tsolinfo->aw_auinfo.ai_mask), - AU_PRS_BOTH, - AU_PRS_USECACHE) == 1)) - { - tsolinfo->flags |= TSOL_AUDITEVENT; - status = auditwrite(AW_EVENTNUM, xevent_num, AW_APPEND, AW_END); + } + } + } - } - else - { - tsolinfo->flags &= ~TSOL_AUDITEVENT; - tsolinfo->flags &= ~TSOL_DOXAUDIT; - } + /* + * Exclude Clients with Trusted Path such as tsoldtwm, tsoldtsession etc + * from generating the audit records for X protocols + */ + if (audit_event && do_x_audit && !HasTrustedPath(tsolinfo) && + (au_preselect(xevent_num, &(tsolinfo->amask), AU_PRS_BOTH, + AU_PRS_USECACHE) == 1)) { + tsolinfo->flags |= TSOL_AUDITEVENT; + status = auditwrite(AW_EVENTNUM, xevent_num, AW_APPEND, AW_END); + } else { + tsolinfo->flags &= ~TSOL_AUDITEVENT; + tsolinfo->flags &= ~TSOL_DOXAUDIT; + } + } } void @@ -2659,3 +2698,99 @@ return(Success); } + +int +ProcTsolQueryExtension(client) + ClientPtr client; +{ + xQueryExtensionReply reply; + int savedtrust; + int status = client->noClientException; + + REQUEST(xQueryExtensionReq); + + REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes); + + reply.type = X_Reply; + reply.length = 0; + reply.major_opcode = 0; + reply.sequenceNumber = client->sequence; + + /* Allow extensions in the labeled zones */ + savedtrust = client->trustLevel; + client->trustLevel = XSecurityClientTrusted; + + if (!TsolDisabledExtension((char *)&stuff[1], stuff->nbytes)) { + status = (*TsolSavedProcVector[X_QueryExtension])(client); + } else { + /* Hide this extension */ + reply.present = xFalse; + WriteReplyToClient(client, sizeof(xQueryExtensionReply), &reply); + status = client->noClientException; + } + + client->trustLevel = savedtrust; + + return (status); +} + +int +ProcTsolListExtensions(client) + ClientPtr client; +{ + int savedtrust; + int status; + + REQUEST(xReq); + REQUEST_SIZE_MATCH(xReq); + + /* Allow extensions in the labeled zones */ + savedtrust = client->trustLevel; + client->trustLevel = XSecurityClientTrusted; + status = (*TsolSavedProcVector[X_ListExtensions])(client); + client->trustLevel = savedtrust; + + return (status); +} + +int +ProcTsolMapWindow(register ClientPtr client) +{ + int savedtrust; + + WindowPtr pWin; + REQUEST(xResourceReq); + + REQUEST_SIZE_MATCH(xResourceReq); + pWin = (WindowPtr)SecurityLookupWindow(stuff->id, client, + SecurityReadAccess); + if (!pWin) + return(BadWindow); + savedtrust = client->trustLevel; + client->trustLevel = XSecurityClientTrusted; + MapWindow(pWin, client); + client->trustLevel = savedtrust; + + return(client->noClientException); +} + +int +ProcTsolMapSubwindows(register ClientPtr client) +{ + int savedtrust; + + WindowPtr pWin; + REQUEST(xResourceReq); + + REQUEST_SIZE_MATCH(xResourceReq); + pWin = (WindowPtr)SecurityLookupWindow( stuff->id, client, + SecurityReadAccess); + if (!pWin) + return(BadWindow); + savedtrust = client->trustLevel; + client->trustLevel = XSecurityClientTrusted; + MapSubwindows(pWin, client); + client->trustLevel = savedtrust; + + return(client->noClientException); +} diff -r b52017b8441e -r 07b00e5ea8c8 XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolutils.c --- a/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolutils.c Fri Jun 23 19:18:21 2006 -0700 +++ b/XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolutils.c Mon Jun 19 15:45:03 2006 -0700 @@ -26,7 +26,7 @@ * of the copyright holder. */ -#pragma ident "@(#)tsolutils.c 1.9 06/03/07 SMI" +#pragma ident "@(#)tsolutils.c 1.12 06/05/25 SMI" #define NEED_EVENTS @@ -37,7 +37,7 @@ #include #include #include -#include "tsolpriv.h" +#include #include "Xproto.h" #include "windowstr.h" #include "scrnintstr.h" @@ -411,30 +411,24 @@ void init_xtsol() { - extern Bool system_audit_on; /* from main.c */ + extern Bool system_audit_on; extern bslabel_t PublicObjSL; extern bclear_t SessionHI; /* HI Clearance */ extern bclear_t SessionLO; /* LO Clearance */ - int cant_audit = 0; + extern int cannot_audit(int); /* bsm function */ bclearhigh(&SessionHI); bclearlow(&SessionLO); bsllow(&PublicObjSL); init_TSOL_cached_SL(); init_TSOL_uid_table(); - set_effective_priv(PRIV_OFF, 1, PRIV_NET_REPLY_EQUAL); - - /* cant_audit = cannot_audit(1); */ - cant_audit = TRUE; - if (cant_audit) - system_audit_on = FALSE; - else - system_audit_on = TRUE; + if (cannot_audit(TRUE)) + system_audit_on = FALSE; + else + system_audit_on = TRUE; + auditwrite(AW_QUEUE, XAUDIT_Q_SIZE, AW_END); -#ifdef DEBUG - ErrorF("---------NEW LOG BEGINS HERE----------\n"); /* init the err log file */ -#endif /* DEBUG */ } /* @@ -857,8 +851,6 @@ return (NULL); } -#define SameClient(xid,client) \ - (CLIENT_BITS(xid) == (client)->clientAsMask) /* * same_client returns true if xid is owned/created by @@ -946,3 +938,24 @@ { return (GetSpriteWindow()); /* Window currently under mouse */ } + +/* + * Matches in the list of disabled extensions via + * the policy file (TrustedExtensionsPolicy) + * Returns + * TRUE - if a match is found + * FALSE - otherwise + */ +int +TsolDisabledExtension(char *extname, int extlen) +{ + int i; + + for (i = 0; i < tsolconfig[TSOL_EXTENSION].count; i++) { + if (strncmp(extname, tsolconfig[TSOL_EXTENSION].list[i], extlen) == 0) { + return TRUE; + } + } + + return FALSE; +}