0N/A# Copyright (c) 2006, 2013, Oracle
and/or its affiliates. All rights reserved.
0N/A# Permission is hereby granted, free of charge, to any person obtaining a
0N/A# copy of this software and associated documentation files (the "Software"),
0N/A# to deal in the Software without restriction, including without limitation
0N/A# the rights to use, copy, modify, merge, publish, distribute, sublicense,
0N/A#
and/or sell copies of the Software, and to permit persons to whom the
0N/A# Software is furnished to do so, subject to the following conditions:
0N/A# The above copyright notice and this permission notice (including the next
0N/A# paragraph) shall be included in all copies or substantial portions of the
0N/A# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
0N/A# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
0N/A# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
0N/A# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
0N/A# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
1105N/A# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
1186N/Aindex 7ce17e3..8d5c65d 100644
1140N/A@@ -17,6 +17,10 @@ if RECORD
1186N/A@@ -38,6 +42,7 @@ SUBDIRS = \
1186N/Aindex 6cc9aa0..3fed0b3 100644
1186N/A@@ -1084,3 +1084,27 @@ SecurityExtensionInit(void)
1186N/A /* Label objects that were created before we could register ourself */
1186N/A+/* API needed for Xtsol module to
get/set client trustLevel */
1186N/A+getClientTrustLevel(ClientPtr client)
1186N/A+ state = dixLookupPrivate(&client->devPrivates, stateKey);
1186N/A+setClientTrustLevel(ClientPtr client, unsigned int newLevel)
1186N/A+ state = dixLookupPrivate(&client->devPrivates, stateKey);
1186N/A+ oldLevel = state->trustLevel;
1186N/A+ state->trustLevel = newLevel;
1186N/Aindex 8904242..56dbfc6 100644
1186N/A@@ -79,4 +79,8 @@ typedef struct {
1186N/A /* Give this value or higher to the -audit option to get security messages */
1186N/A #define SECURITY_AUDIT_LEVEL 4
1186N/A+/* API needed for Xtsol module to
get/set client trustLevel */
+extern _X_EXPORT unsigned int getClientTrustLevel(ClientPtr client);
+extern _X_EXPORT unsigned int setClientTrustLevel(ClientPtr client, unsigned int newLevel);
#endif /* _SECURITY_SRV_H */
index 5a8e173..017fcd7 100644
@@ -223,6 +223,14 @@ dnl Find the math libary, then check for cbrt function in it.
+dnl Check for libtsol for Solaris Trusted Extensions module
+AC_CHECK_LIB(tsol, bsllow, [BUILD_TSOL_MODULE=yes], [BUILD_TSOL_MODULE=no])
+AM_CONDITIONAL(BUILD_TSOL_MODULE, [test x$BUILD_TSOL_MODULE = xyes])
+if test "x$BUILD_TSOL_MODULE" = xyes; then
+ TSOL_SYS_LIBS='-ltsol -ltsnet -lsecdb -lbsm'
@@ -1569,6 +1577,8 @@ AM_CONDITIONAL(XVFB, [test "x$XVFB" = xyes])
if test "x$XVFB" = xyes; then
XVFB_LIBS="$FB_LIB $FIXES_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB"
XVFB_SYS_LIBS="$XVFBMODULES_LIBS $GLX_SYS_LIBS"
+ XVFB_LIBS="$XVFB_LIBS $TSOL_LIB"
+ XVFB_SYS_LIBS="$XVFB_SYS_LIBS $TSOL_SYS_LIBS"
AC_SUBST([XVFB_SYS_LIBS])
@@ -1590,6 +1600,8 @@ if test "x$XNEST" = xyes; then
XNEST_LIBS="$FB_LIB $FIXES_LIB $MI_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB $DIX_LIB $OS_LIB"
XNEST_SYS_LIBS="$XNESTMODULES_LIBS $GLX_SYS_LIBS"
+ XNEST_LIBS="$XNEST_LIBS $TSOL_LIB"
+ XNEST_SYS_LIBS="$XNEST_SYS_LIBS $TSOL_SYS_LIBS"
AC_SUBST([XNEST_SYS_LIBS])
@@ -2132,6 +2144,7 @@ if test "$KDRIVE" = yes; then
KDRIVE_CFLAGS="$XSERVER_CFLAGS -DHAVE_KDRIVE_CONFIG_H $TSLIB_CFLAGS"
KDRIVE_PURE_LIBS="$FB_LIB $MI_LIB $FIXES_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $OS_LIB"
+ KDRIVE_PURE_LIBS="$KDRIVE_PURE_LIBS $TSOL_LIB"
+# Add Sun Trusted Extensions extension
@@ -73,8 +73,8 @@ Equipment Corporation.
******************************************************************/
-/* XSERVER_DTRACE additions:
- * Copyright (c) 2005-2006, Oracle
and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2006, Oracle
and/or its affiliates. All rights reserved.
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -162,6 +162,10 @@ int connBlockScreenStart;
static void KillAllClients(void);
+SecurityHookPtr pSecHook = NULL;
static int nextFreeClientID; /* always MIN free client ID */
static int nClients; /* number of authorized clients */
@@ -885,7 +889,12 @@ ProcCirculateWindow(ClientPtr client)
GetGeometry(ClientPtr client, xGetGeometryReply * rep)
@@ -1966,7 +1975,12 @@ ProcPutImage(ClientPtr client)
DoGetImage(ClientPtr client, int format, Drawable drawable,
int x, int y, int width, int height,
Mask planemask, xGetImageReply ** im_return)
index ddb5b34..14c2833 100644
@@ -2771,6 +2771,9 @@ PointInBorderSize(WindowPtr pWin, int x, int y)
* @returns the window at the given coordinates.
XYToWindow(SpritePtr pSprite, int x, int y)
index 49ef4a0..3f2a99e 100644
@@ -96,6 +96,34 @@ Equipment Corporation.
******************************************************************/
+/* Copyright (c) 2006, Oracle
and/or its affiliates. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
@@ -180,6 +208,11 @@ static Bool TileScreenSaver(ScreenPtr pScreen, int kind);
#define SubStrSend(pWin,pParent) (StrSend(pWin) || SubSend(pParent))
+extern SecurityHookPtr pSecHook;
static const char *overlay_win_name = "<composite overlay>";
@@ -1831,7 +1864,12 @@ IsSiblingAboveMe(WindowPtr pMe, WindowPtr pSib)
WindowExtents(WindowPtr pWin, BoxPtr pBox)
@@ -1858,7 +1896,12 @@ MakeBoundingRegion(WindowPtr pWin, BoxPtr pBox)
ShapeOverlap(WindowPtr pWin, BoxPtr pWinBox, WindowPtr pSib, BoxPtr pSibBox)
RegionPtr pWinRgn, pSibRgn;
@@ -2034,7 +2077,12 @@ WhereDoIGoInTheStack(WindowPtr pWin,
ReflectStackChange(WindowPtr pWin, WindowPtr pSib, VTKind kind)
/* Note that pSib might be NULL */
@@ -118,6 +118,7 @@ static ModuleDefault ModuleDefaults[] = {
{.name = "shadow",.toLoad = TRUE,.load_opt = NULL},
{.name = "ia",.toLoad = TRUE,.load_opt = NULL},
+ {.name = "xtsol",.toLoad = TRUE,.load_opt = NULL},
{.name = NULL,.toLoad = FALSE,.load_opt = NULL}
@@ -56,3 +56,11 @@ libia_la_CPPFLAGS = $(AM_CPPFLAGS) -I$(top_builddir)/IA
libia_la_LDFLAGS = -avoid-version
+# Sun Trusted Extensions extension module additions
+libxtsol_la_LDFLAGS = -avoid-version
index 74123b5..6e53887 100644
@@ -166,6 +166,14 @@ extern _X_EXPORT void MarkClientException(ClientPtr /*client */ );
extern _X_HIDDEN Bool CreateConnectionBlock(void);
+extern _X_EXPORT int DoGetImage(ClientPtr client, int format, Drawable drawable,
+ int x, int y, int width, int height,
+ Mask planemask, xGetImageReply **im_return);
+extern _X_EXPORT int GetGeometry(ClientPtr client, xGetGeometryReply *rep);
extern _X_EXPORT int CompareISOLatin1Lowered(const unsigned char * /*a */ ,
@@ -44,6 +44,34 @@ SOFTWARE.
******************************************************************/
+/* Copyright (c) 2006, 2007, Oracle
and/or its affiliates. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
#ifndef EXTENSIONSTRUCT_H
#define EXTENSIONSTRUCT_H
@@ -54,6 +82,10 @@ SOFTWARE.
typedef struct _ExtensionEntry {
void (*CloseDown) ( /* called at server shutdown */
@@ -109,4 +141,20 @@ CheckExtension(const char *extname);
extern _X_EXPORT ExtensionEntry *
GetExtensionEntry(int major);
+ XID (*CheckAuthorization)(unsigned int, char *, unsigned int,
+ char *, ClientPtr , const char **);
+ int (*ChangeWindowProperty)(ClientPtr, WindowPtr, Atom, Atom, int, int,
+ unsigned long, pointer, Bool);
+ int (*DeleteProperty)(ClientPtr, WindowPtr, Atom);
+ void (*DeleteClientFromAnySelections)(ClientPtr);
+ void (*DeleteWindowFromAnySelections)(WindowPtr);
+} SecurityHook, *SecurityHookPtr;
+extern _X_EXPORT SecurityHookPtr pSecHook;
#endif /* EXTENSIONSTRUCT_H */
@@ -397,7 +397,7 @@ extern void NoteLedState(DeviceIntPtr /*keybd */ ,
-extern void MaybeStopHint(DeviceIntPtr /*device */ ,
+extern _X_EXPORT void MaybeStopHint(DeviceIntPtr /*device */ ,
extern void ProcessPointerEvent(InternalEvent * /* ev */ ,
@@ -227,5 +227,11 @@ extern _X_EXPORT void EnableMapUnmapEvents(WindowPtr /* pWin */ );
extern _X_EXPORT void SetRootClip(ScreenPtr pScreen, Bool enable);
extern _X_EXPORT void PrintWindowTree(void);
+#include "
validate.h" /* needed for VTKind enum definition */
+extern _X_EXPORT void ReflectStackChange(WindowPtr pWin, WindowPtr pSib,
extern _X_EXPORT VisualPtr WindowGetVisual(WindowPtr /*pWin*/);
index 720dca4..26e7f5c 100644
@@ -90,6 +90,7 @@ SOFTWARE.
#ifdef HAVE_XNEST_CONFIG_H
@@ -154,6 +155,9 @@ static ExtensionToggle ExtensionToggleList[] = {
#ifdef SolarisIAExtension
{ IANAME /* "SolarisIA" */, &noIAExtension },
+ { TSOLNAME /* "SUN_TSOL" */, &noXTSolExtension },
{"X-Resource", &noResExtension},
index 721ad65..62a227c 100644
@@ -43,6 +43,33 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
******************************************************************/
+/* Copyright (c) 2006, Oracle
and/or its affiliates. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
/*****************************************************************
* Stuff to create connections --- OS dependent
@@ -255,6 +282,11 @@ static int ListenTransCount;
static void ErrorConnMax(XtransConnInfo /* trans_conn */ );
+extern SecurityHookPtr pSecHook;
lookup_trans_conn(int fd)
@@ -667,6 +699,12 @@ ClientAuthorized(ClientPtr client,
priv = (OsCommPtr) client->osPrivate;
trans_conn = priv->trans_conn;
+ auth_id = (*pSecHook->CheckAuthorization) (proto_n, auth_proto,
+ string_n, auth_string, client, &reason);
/* Allow any client to connect without authorization on a launchd socket,
because it is securely created -- this prevents a race condition on launch */
if (trans_conn->flags & TRANS_NOXAUTH) {