diff options
Diffstat (limited to 'security.h')
-rw-r--r-- | security.h | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/security.h b/security.h new file mode 100644 index 0000000..2813e5e --- /dev/null +++ b/security.h @@ -0,0 +1,186 @@ +/* $Xorg: security.h,v 1.4 2001/02/09 02:03:24 xorgcvs Exp $ */ +/* +Copyright 1996, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. +*/ + +#ifndef _SECURITY_H +#define _SECURITY_H + +#define _XAUTH_STRUCT_ONLY +#include <X11/Xauth.h> + +/* constants that server, library, and application all need */ + +#define XSecurityNumberEvents 1 +#define XSecurityNumberErrors 2 +#define XSecurityBadAuthorization 0 +#define XSecurityBadAuthorizationProtocol 1 + +/* trust levels */ +#define XSecurityClientTrusted 0 +#define XSecurityClientUntrusted 1 + +/* authorization attribute masks */ +#define XSecurityTimeout (1<<0) +#define XSecurityTrustLevel (1<<1) +#define XSecurityGroup (1<<2) +#define XSecurityEventMask (1<<3) +#define XSecurityAllAuthorizationAttributes \ + (XSecurityTimeout | XSecurityTrustLevel | XSecurityGroup | XSecurityEventMask) + +/* event masks */ +#define XSecurityAuthorizationRevokedMask (1<<0) +#define XSecurityAllEventMasks XSecurityAuthorizationRevokedMask + +/* event offsets */ +#define XSecurityAuthorizationRevoked 0 + +#define XSecurityAuthorizationName "XC-QUERY-SECURITY-1" +#define XSecurityAuthorizationNameLen 19 + + +#ifndef _SECURITY_SERVER + +_XFUNCPROTOBEGIN + +Status XSecurityQueryExtension ( + Display *dpy, + int *major_version_return, + int *minor_version_return); + +Xauth *XSecurityAllocXauth(void); + +void XSecurityFreeXauth(Xauth *auth); + +/* type for returned auth ids */ +typedef unsigned long XSecurityAuthorization; + +typedef struct { + unsigned int timeout; + unsigned int trust_level; + XID group; + long event_mask; +} XSecurityAuthorizationAttributes; + +Xauth *XSecurityGenerateAuthorization( + Display *dpy, + Xauth *auth_in, + unsigned long valuemask, + XSecurityAuthorizationAttributes *attributes, + XSecurityAuthorization *auth_id_return); + +Status XSecurityRevokeAuthorization( + Display *dpy, + XSecurityAuthorization auth_id); + +_XFUNCPROTOEND + +typedef struct { + int type; /* event base + XSecurityAuthorizationRevoked */ + unsigned long serial; /* # of last request processed by server */ + Bool send_event; /* true if this came from a SendEvent request */ + Display *display; /* Display the event was read from */ + XSecurityAuthorization auth_id; /* revoked authorization id */ +} XSecurityAuthorizationRevokedEvent; + +#else /* _SECURITY_SERVER */ + +#include "input.h" /* for DeviceIntPtr */ +#include "property.h" /* for PropertyPtr */ + +/* resource type to pass in LookupIDByType for authorizations */ +extern RESTYPE SecurityAuthorizationResType; + +/* this is what we store for an authorization */ +typedef struct { + XID id; /* resource ID */ + CARD32 timeout; /* how long to live in seconds after refcnt == 0 */ + unsigned int trustLevel; /* trusted/untrusted */ + XID group; /* see embedding extension */ + unsigned int refcnt; /* how many clients connected with this auth */ + unsigned int secondsRemaining; /* overflow time amount for >49 days */ + OsTimerPtr timer; /* timer for this auth */ + struct _OtherClients *eventClients; /* clients wanting events */ +} SecurityAuthorizationRec, *SecurityAuthorizationPtr; + +/* The following callback is called when a GenerateAuthorization request + * is processed to sanity check the group argument. The call data will + * be a pointer to a SecurityValidateGroupInfoRec (below). + * Functions registered on this callback are expected to examine the + * group and set the valid field to TRUE if they recognize the group as a + * legitimate group. If they don't recognize it, they should not change the + * valid field. + */ +extern CallbackListPtr SecurityValidateGroupCallback; +typedef struct { + XID group; /* the group that was sent in GenerateAuthorization */ + Bool valid; /* did anyone recognize it? if so, set to TRUE */ +} SecurityValidateGroupInfoRec; + +/* Proc vectors for untrusted clients, swapped and unswapped versions. + * These are the same as the normal proc vectors except that extensions + * that haven't declared themselves secure will have ProcBadRequest plugged + * in for their major opcode dispatcher. This prevents untrusted clients + * from guessing extension major opcodes and using the extension even though + * the extension can't be listed or queried. + */ +extern int (*UntrustedProcVector[256])(ClientPtr client); +extern int (*SwappedUntrustedProcVector[256])(ClientPtr client); + +extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev, + Bool fromRequest); + +extern void SecurityAudit(char *format, ...); + +/* Give this value or higher to the -audit option to get security messages */ +#define SECURITY_AUDIT_LEVEL 4 + +extern void SecurityCensorImage( + ClientPtr client, + RegionPtr pVisibleRegion, + long widthBytesLine, + DrawablePtr pDraw, + int x, int y, int w, int h, + unsigned int format, + char * pBuf); + +#define SecurityAllowOperation 0 +#define SecurityIgnoreOperation 1 +#define SecurityErrorOperation 2 + +char +SecurityCheckPropertyAccess( + ClientPtr client, + WindowPtr pWin, + ATOM propertyName, + Mask access_mode); + +#define SECURITY_POLICY_FILE_VERSION "version-1" + +char **SecurityGetSitePolicyStrings(int *n); + +#endif /* _SECURITY_SERVER */ + +#endif /* _SECURITY_H */ |