98N/A@@ -34,6 +34,10 @@ if DBE
98N/A+if BUILD_TSOL_MODULE
98N/A@@ -59,6 +63,7 @@ SUBDIRS = \
98N/A@@ -149,6 +149,10 @@ if DPMSExtension
98N/A MODULE_SRCS += $(DPMS_SRCS)
98N/A+# Solaris Trusted Extensions / XACE compatibility
98N/A+BUILTIN_SRCS += $(TSOL_SRCS)
98N/A # Now take all of the above, mix well, bake for 10 minutes and get libXext*.la
98N/A libXext_la_SOURCES = $(BUILTIN_SRCS) $(MODULE_SRCS)
493N/A@@ -72,10 +72,15 @@ typedef struct {
98N/A ((extnsn)->devPrivates[securityExtnsnPrivateIndex].val)
98N/A #define STATEPTR(client) \
851N/A ((client)->devPrivates[securityClientPrivateIndex].ptr)
98N/A+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
98N/A+#define TRUSTLEVEL(client) ((client)->trustLevel)
761N/A+#define AUTHID(client) ((client)->authId)
98N/A #define TRUSTLEVEL(client) \
98N/A (((SecurityClientStateRec*)STATEPTR(client))->trustLevel)
98N/A #define AUTHID(client) \
98N/A (((SecurityClientStateRec*)STATEPTR(client))->authId)
98N/A CallbackListPtr SecurityValidateGroupCallback = NULL; /* see
security.h */
98N/A@@ -113,6 +113,10 @@ AC_CHECK_FUNC([mmap], AC_DEFINE(HAS_MMAP
+dnl Check for libtlc for Solaris Trusted Extensions module
+AC_CHECK_LIB(tlc, auditwrite, [BUILD_TSOL_MODULE=yes], [BUILD_TSOL_MODULE=no])
+AM_CONDITIONAL(BUILD_TSOL_MODULE, [test x$BUILD_TSOL_MODULE = xyes])
+# Add Sun Trusted Extensions extension
@@ -74,8 +74,8 @@ Equipment Corporation.
******************************************************************/
-/* XSERVER_DTRACE additions:
- * Copyright 2005-2006 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
@@ -188,6 +188,11 @@ static void KillAllClients(void);
static void DeleteClientFromAnySelections(ClientPtr client);
+SecurityHookPtr pSecHook = NULL;
static int nextFreeClientID; /* always MIN free client ID */
static int nClients; /* number of authorized clients */
@@ -3563,6 +3568,11 @@ CloseDownClient(register ClientPtr clien
BITCLEAR(grabWaiters, client->index);
+ (*pSecHook->DeleteClientFromAnySelections)(client);
DeleteClientFromAnySelections(client);
ReleaseActiveGrabs(client);
DeleteClientFontStuff(client);
@@ -3716,6 +3726,11 @@ void InitClient(ClientPtr client, int i,
client->replyBytesRemaining = 0;
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
+ client->trustLevel = XSecurityClientTrusted;
+ client->CheckAccess = NULL;
@@ -76,7 +76,7 @@ Equipment Corporation.
/*****************************************************************
-Copyright 2003-2005 Sun Microsystems, Inc.
+Copyright 2007 Sun Microsystems, Inc.
@@ -266,7 +266,12 @@ static void DoEnterLeaveEvents(
-static WindowPtr XYToWindow(
@@ -1947,7 +1952,12 @@ PointInBorderSize(WindowPtr pWin, int x,
@@ -45,6 +45,34 @@ SOFTWARE.
******************************************************************/
+/* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
@@ -62,6 +90,11 @@ SOFTWARE.
+extern SecurityHookPtr pSecHook;
/*****************************************************************
@@ -245,6 +278,12 @@ ProcChangeProperty(ClientPtr client)
+ err = (*pSecHook->ChangeWindowProperty)(client, pWin, stuff->property,
+ stuff->type, (int)format, (int)mode, len, (pointer)&stuff[1], TRUE);
err = ChangeWindowProperty(pWin, stuff->property, stuff->type, (int)format,
(int)mode, len, (pointer)&stuff[1], TRUE);
@@ -298,6 +337,9 @@ ChangeWindowProperty(WindowPtr pWin, Ato
pProp->next = pWin->optional->userProps;
pWin->optional->userProps = pProp;
+ pProp->secPrivate = (pointer)NULL;
@@ -400,6 +442,9 @@ DeleteProperty(WindowPtr pWin, Atom prop
DeliverEvents(pWin, &event, 1, (WindowPtr)NULL);
+ xfree(pProp->secPrivate);
@@ -422,6 +467,9 @@ DeleteAllWindowProperties(WindowPtr pWin
DeliverEvents(pWin, &event, 1, (WindowPtr)NULL);
+ xfree(pProp->secPrivate);
@@ -675,6 +723,11 @@ ProcDeleteProperty(register ClientPtr cl
+ result = (*pSecHook->DeleteProperty)(client, pWin, stuff->property);
result = DeleteProperty(pWin, stuff->property);
if (client->noClientException != Success)
return(client->noClientException);
@@ -98,6 +98,33 @@ Equipment Corporation.
******************************************************************/
+/* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
@@ -181,6 +208,11 @@ static Bool TileScreenSaver(int i, int k
_X_EXPORT int numSaveUndersViewable = 0;
_X_EXPORT int deltaSaveUndersViewable = 0;
+extern SecurityHookPtr pSecHook;
@@ -846,6 +878,11 @@ FreeWindowResources(register WindowPtr p
DeleteWindowFromAnySaveSet(pWin);
+ (*pSecHook->DeleteWindowFromAnySelections)(pWin);
DeleteWindowFromAnySelections(pWin);
DeleteWindowFromAnyEvents(pWin, TRUE);
REGION_UNINIT(pScreen, &pWin->clipList);
@@ -1929,7 +1966,12 @@ IsSiblingAboveMe(
@@ -1965,7 +2007,12 @@ MakeBoundingRegion (
@@ -2174,7 +2221,12 @@ WhereDoIGoInTheStack(
+ "\tLoad\t\"xtsol\"\n" \
#define BUILTIN_DEVICE_NAME \
@@ -298,6 +298,10 @@ xf86ModulelistFromConfig(pointer **optli
/* Sun addition - IA extension */
ptr = xf86addNewLoadDirective(ptr, "IA", XF86_LOAD_MODULE, NULL);
+ /* Sun addition - extension for Solaris Trusted Extensions */
+ ptr = xf86addNewLoadDirective(ptr, "xtsol", XF86_LOAD_MODULE, NULL);
@@ -109,3 +109,11 @@ extsmodule_LTLIBRARIES +=
libIA.la libIA_la_LDFLAGS = -avoid-version
+# Sun Trusted Extensions extension module additions
+libxtsol_la_LDFLAGS = -avoid-version
@@ -127,7 +127,20 @@ typedef struct _Client {
unsigned char requestLog[MAX_REQUEST_LOG];
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
+ int (*pad1)(ClientPtr /*client*/);
unsigned long replyBytesRemaining;
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
+ unsigned int trustLevel;
+ pointer (* CheckAccess)(
+ pointer /*resourceval*/);
struct _AppGroupRec* appgroup;
@@ -45,6 +45,34 @@ SOFTWARE.
******************************************************************/
+/* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
#ifndef EXTENSIONSTRUCT_H
#define EXTENSIONSTRUCT_H
@@ -54,6 +82,10 @@ SOFTWARE.
typedef struct _ExtensionEntry {
void (* CloseDown)( /* called at server shutdown */
@@ -69,6 +101,9 @@ typedef struct _ExtensionEntry {
unsigned short (* MinorOpcode)( /* called for errors */
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
+ Bool secure; /* extension visible to untrusted clients? */
@@ -146,5 +181,28 @@ extern void DeclareExtensionSecurity(
+ XID (*CheckAuthorization)(unsigned int, char *, unsigned int,
+ char *, ClientPtr , char **);
+ int (*InitWindow)(ClientPtr, WindowPtr);
+ int (*ChangeWindowProperty)(ClientPtr, WindowPtr, Atom, Atom, int, int,
+ unsigned long, pointer, Bool);
+ int (*DeleteProperty)(ClientPtr, WindowPtr, Atom);
+ char (*CheckPropertyAccess)(ClientPtr, WindowPtr, ATOM, Mask);
+ void (*ProcessKeyboard)(xEvent *, KeyClassPtr);
+ void (*DeleteClientFromAnySelections)(ClientPtr);
+ void (*DeleteWindowFromAnySelections)(WindowPtr);
+ void (*AuditStart)(ClientPtr);
+ void (*AuditEnd)(ClientPtr, int);
+} SecurityHook, *SecurityHookPtr;
+extern SecurityHookPtr pSecHook;
+extern void tsolCompatRegisterHooks(void);
#endif /* EXTENSIONSTRUCT_H */
@@ -45,6 +45,35 @@ SOFTWARE.
******************************************************************/
+/* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
@@ -60,6 +89,13 @@ typedef struct _Property {
short format; /* format of data for swapping - 8,16,32 */
long size; /* size of data in (format/8) bytes */
pointer data; /* private to client */
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
+ short pad1; /* previously used by LBX */
+ pointer secPrivate; /* Security information */
#endif /* PROPERTYSTRUCT_H */
@@ -49,6 +49,34 @@ SOFTWARE.
******************************************************************/
+/* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
@@ -61,6 +89,9 @@ typedef struct _Selection {
+ pointer secPrivate; /* Security Information */
@@ -84,6 +84,10 @@ SOFTWARE.
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
#if defined(QNX4) /* sleaze for Watcom on QNX4 ... */
@@ -774,6 +778,11 @@ InitExtensions(argc, argv)
+#ifdef TSOL /* Maintaining binary compatibility with Xtsol module */
+ if (pSecHook) { /* If TSOL security hooks set, add to XACE callbacks */
+ tsolCompatRegisterHooks();
static void (*__miHookInitVisualsFunction)(miInitVisualsProcPtr *);
@@ -44,6 +44,33 @@ ARISING OUT OF OR IN CONNECTION WITH THE
******************************************************************/
+/* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute,
and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
/*****************************************************************
* Stuff to create connections --- OS dependent
@@ -309,6 +336,11 @@ int ListenTransCount;
static void ErrorConnMax(XtransConnInfo /* trans_conn */);
+extern SecurityHookPtr pSecHook;
lookup_trans_conn (int fd)
@@ -711,6 +743,12 @@ ClientAuthorized(ClientPtr client,
priv = (OsCommPtr)client->osPrivate;
trans_conn = priv->trans_conn;
+ auth_id = (*pSecHook->CheckAuthorization) (proto_n, auth_proto,
+ string_n, auth_string, client, &reason);
auth_id = CheckAuthorization (proto_n, auth_proto,
string_n, auth_string, client, &reason);