156 extern int tsol_check_policy(TsolInfoPtr tsolinfo, TsolResPtr tsolres,
162 extern Bool client_has_privilege(TsolInfoPtr tsolinfo, priv_set_t *priv);
255         	TsolInfoPtr tsolinfo = GetClientTsolInfo(serverClient);
256 		if (tsolinfo->sl == NULL) {
257 			tsolinfo->sl = (bslabel_t *)lookupSL_low();
258 			tsolinfo->uid = 0;
259 			tsolinfo->pid = getpid();
260 			snprintf(tsolinfo->pname, MAXNAME,
262 				 serverClient->index, tsolinfo->pid);
380 	TsolInfoPtr tsolinfo = TsolClientPrivate(client);
398 		if (tsolinfo != NULL && tsolinfo->privs != NULL) {
399 			priv_freeset(tsolinfo->privs);
402 		if (system_audit_on && (au_preselect(AUE_ClientDisconnect, &(tsolinfo->amask),
404 			auditwrite(AW_PRESELECT, &(tsolinfo->amask),AW_END);
407 			       AW_SLABEL, tsolinfo->sl,
410 			tsolinfo->flags &= ~TSOL_DOXAUDIT;
411 			tsolinfo->flags &= ~TSOL_AUDITEVENT;
413 			auditwrite(AW_DISCARDRD, tsolinfo->asaverd, AW_END);
699     TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
707     if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
723     TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
767     if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
786     TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
829     if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
844     TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
857     if (!client_has_privilege(tsolinfo, pset_win_mac_write)) {
936     TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
951             if (!HasTrustedPath(tsolinfo))
962             if (!HasTrustedPath(tsolinfo))
1006     if (!client_has_privilege(tsolinfo, pset_win_dac_write)) {
1021     TsolInfoPtr tsolinfo, res_tsolinfo;
1044     tsolinfo = GetClientTsolInfo(client);
1083     TsolInfoPtr tsolinfo, res_tsolinfo;
1107     tsolinfo = GetClientTsolInfo(client);
1159     TsolInfoPtr  tsolinfo = GetClientTsolInfo(client);
1196                 if (tsolprop->uid == tsolinfo->uid &&
1197                         tsolprop->sl == tsolinfo->sl) {
1361     TsolInfoPtr  tsolinfo;
1370     tsolinfo = GetClientTsolInfo(client);
1371     if (tsolinfo && HasTrustedPath(tsolinfo) &&
1451     TsolInfoPtr  tsolinfo;
1466     tsolinfo = GetClientTsolInfo(client);
1468     if (!HasTrustedPath(tsolinfo))
1472     tsolinfo->forced_trust = 1;
1484     TsolInfoPtr  tsolinfo;
1500     tsolinfo = GetClientTsolInfo(client);
1501     if (!HasTrustedPath(tsolinfo))
1504     tsolinfo->forced_trust = 0;
1505     tsolinfo->trusted_path = FALSE;
1559 	TsolInfoPtr tsolinfo = TsolClientPrivate(client);
1565 		tsolinfo->uid = (uid_t)(-1);
1566 		tsolinfo->sl = NULL;
1567 		snprintf(tsolinfo->pname, MAXNAME,
1572 			       tsolinfo->pname, errmsg);
1577 	tsolinfo->zid = ucred_getzoneid(uc);
1578 	tsolinfo->uid = ucred_getruid(uc);
1579 	tsolinfo->euid = ucred_geteuid(uc);
1580 	tsolinfo->gid = ucred_getrgid(uc);
1581 	tsolinfo->egid = ucred_getegid(uc);
1582 	tsolinfo->pid = ucred_getpid(uc);
1584 	tsolinfo->sl = (bslabel_t *)lookupSL(sl);
1589 	snprintf(tsolinfo->pname, MAXNAME, "client id %d (pid %d)",
1590 		 client->index, tsolinfo->pid);
1593 	if ((tsolinfo->privs = priv_allocset()) != NULL) {
1597 				priv_emptyset(tsolinfo->privs);
1599 				priv_copyset(privs, tsolinfo->privs);
1602 			priv_fillset(tsolinfo->privs);
1606 	tsolinfo->priv_debug = FALSE;
1613 	if (tsolinfo->zid == (zoneid_t)-1) {
1614 		tsolinfo->client_type = CLIENT_REMOTE;
1616 		tsolinfo->client_type = CLIENT_LOCAL;
1621 	if (tsolinfo->zid == GLOBAL_ZONEID) {
1622 		tsolinfo->trusted_path = TRUE;
1624 		tsolinfo->trusted_path = FALSE;
1627 	if (tsolinfo->trusted_path || !tsolMultiLevel)
1632         tsolinfo->forced_trust = 0;
1633         tsolinfo->iaddr = 0;
1638 	namelen = sizeof (tsolinfo->saddr);
1639 	if (getpeername(fd, (struct sockaddr *)&tsolinfo->saddr, &namelen) == 0
1640 	  && (tsolinfo->client_type == CLIENT_REMOTE)) {
1646 		errcode = getnameinfo((struct sockaddr *)&(tsolinfo->saddr), namelen,
1654 				blequal(tsolinfo->sl, &admin_low)) {
1655 				tsolinfo->trusted_path = TRUE;
1658 				priv_fillset(tsolinfo->privs);
1671 	tsolinfo->auid = ucred_getauid(uc);
1672 	if (tsolinfo->auid == AU_NOAUDITID) {
1673 	    tsolinfo->auid = UID_NOBODY;
1677 	tsolinfo->asid = ucred_getasid(uc);
1681 	    tsolinfo->amask = *amask;
1684 	        tsolinfo->amask = pauinfo->ai_mask;
1686 	        tsolinfo->amask.am_failure = 0; /* clear the masks */
1687 	        tsolinfo->amask.am_success = 0;
1691 	tsolinfo->asaverd = 0;
1780 	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
1782 	if (tsolinfo->uid == (uid_t) -1) {
1792 					tsolinfo->uid = client_uid;
1800 	if (tsolinfo->uid == (uid_t)-1) {
1801 		tsolinfo->uid = UID_NOBODY; /* uid not available */
1810 		if (HasTrustedPath(tsolinfo)) {
1819 		if (tsolinfo->uid == OwnerUID) {
1820 			if ((tsolinfo->sl != NULL &&
1821 			     (bldominates(tsolinfo->sl, &SessionLO) &&
1822 			      bldominates(&SessionHI, tsolinfo->sl))) ||
1823 			    (HasTrustedPath(tsolinfo))) {
1824 			    auth_token = (XID)(tsolinfo->uid);
1828 			if (tsolinfo->uid == 0 && HasTrustedPath(tsolinfo)) {
1829 				auth_token = (XID)(tsolinfo->uid);
1837 				if (!user2netname(netname, tsolinfo->uid, domainname)) {
1842 					return ((XID)(tsolinfo->uid));
1861 		(au_preselect(AUE_ClientConnect, &(tsolinfo->amask),
1869 		switch (tsolinfo->saddr.ss_family) {
1871                                 sin = (struct sockaddr_in *)&(tsolinfo->saddr);
1876                                 sin6 = (struct sockaddr_in6 *)&(tsolinfo->saddr);
1885 				AW_SLABEL, tsolinfo->sl,
1891 				AW_SLABEL, tsolinfo->sl,
1900 		tsolinfo->flags &= ~TSOL_DOXAUDIT;
1901 		tsolinfo->flags &= ~TSOL_AUDITEVENT;
1941 	TsolInfoPtr tsolinfo;
1954 	tsolinfo = GetClientTsolInfo(client);
1957 	rec->status = tsol_check_policy(tsolinfo, tsolres, flags, MAJOROP_CODE);
1961     	tsolinfo = GetClientTsolInfo(client);
1965 		   tsolinfo->pname,
1993     TsolInfoPtr tsolinfo; /* tsol client info */
1994     tsolinfo = GetClientTsolInfo(client);
2007 	    if (HasWinSelection(tsolinfo)) {
2008 	        if (tsolinfo->flags & TSOL_AUDITEVENT)
2013 	        if (tsolinfo->flags & TSOL_AUDITEVENT)
2031             tsolseln->sl = tsolinfo->sl;
2032             tsolseln->uid = tsolinfo->uid;
2043 		    if (tsolseln->uid == tsolinfo->uid &&
2044 			 tsolseln->sl == tsolinfo->sl)
2061 	    tsolseln->sl = tsolinfo->sl;
2062             tsolseln->uid = tsolinfo->uid;
2075 		        if (tsolseln->uid == tsolinfo->uid &&
2076 			     tsolseln->sl == tsolinfo->sl)
2097 	    if (!HasWinSelection(tsolinfo) &&
2098 			(tsolseln->uid != tsolinfo->uid ||
2099 			tsolseln->sl != tsolinfo->sl) &&
2103 		if (HasWinSelection(tsolinfo) &&
2104 			(tsolinfo->flags & TSOL_AUDITEVENT)) {
2113               tsolinfo = GetClientTsolInfo(client);
2117                       tsolinfo->pname,
2136     TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
2156 		    tsolprop->sl = tsolinfo->sl;        /* use client's sl/uid */
2157 		    tsolprop->uid = tsolinfo->uid;
2158 		    tsolprop->pid = tsolinfo->pid;
2176 	    retcode = tsol_check_policy(tsolinfo, tsolprop, flags, MAJOROP_CODE);
2193 		tsolprop->sl = tsolinfo->sl;
2194 		tsolprop->uid = tsolinfo->uid;
2201 			    tsolprop->sl == tsolinfo->sl &&
2202 			    tsolprop->uid == tsolinfo->uid)
2219 		   tsolinfo->pname, pWin->drawable.id,

Indexes created Tue Jul 24 14:28:13 CEST 2018