diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2021-01-18 11:41:47 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2021-01-18 11:41:47 +0100 |
| commit | 24b903be52601b223f9527cd28334cb3d9e3aad0 (patch) | |
| tree | 42847fa64d1e5a9ce14517a16250cc35fa1837a1 | |
| parent | f4782bbd2c3e98176cd34ed1bfabba954d9489e4 (diff) | |
| parent | a26011503c7c64549a11ff679f504f3ad2dce081 (diff) | |
| download | nx-libs-24b903be52601b223f9527cd28334cb3d9e3aad0.tar.gz nx-libs-24b903be52601b223f9527cd28334cb3d9e3aad0.tar.bz2 nx-libs-24b903be52601b223f9527cd28334cb3d9e3aad0.zip | |
Merge branch 'uli42-pr/drop_alternative_securitypolicy' into 3.6.x
Attributes GH PR #989: https://github.com/ArcticaProject/nx-libs/pull/989
| -rw-r--r-- | nx-X11/programs/Xserver/Xext/Imakefile | 5 | ||||
| -rw-r--r-- | nx-X11/programs/Xserver/Xext/security.c | 202 |
2 files changed, 2 insertions, 205 deletions
diff --git a/nx-X11/programs/Xserver/Xext/Imakefile b/nx-X11/programs/Xserver/Xext/Imakefile index 540ac80fa..c3bb8391f 100644 --- a/nx-X11/programs/Xserver/Xext/Imakefile +++ b/nx-X11/programs/Xserver/Xext/Imakefile @@ -56,8 +56,7 @@ XF86BIGFOBJS = xf86bigfont.o #if BuildXCSecurity SECURITYSRCS = security.c SECURITYOBJS = security.o - SERVERCONFIGDIR = ServerConfigDir - POLICYFILEDEF = -DDEFAULTPOLICYFILE=\"$(SERVERCONFIGDIR)/SecurityPolicy\" + POLICYFILEDEF = -DDEFAULTPOLICYFILE=\"$(USRDATADIR)/SecurityPolicy\" #endif #if BuildXinerama PNRXSRCS = panoramiX.c panoramiXSwap.c panoramiXprocs.c @@ -125,7 +124,7 @@ SpecialCObjectRule(security,$(ICONFIGFILES),$(POLICYFILEDEF)) LinkConfDirectory(xserver,.,xserver,.) #if BuildXCSecurity && InstallSecurityConfig -InstallNonExecFile(SecurityPolicy,$(SERVERCONFIGDIR)) +InstallNonExecFile(SecurityPolicy,$(USRDATADIR)) #endif DependTarget() diff --git a/nx-X11/programs/Xserver/Xext/security.c b/nx-X11/programs/Xserver/Xext/security.c index 2a7d5628f..2b4fa2cb5 100644 --- a/nx-X11/programs/Xserver/Xext/security.c +++ b/nx-X11/programs/Xserver/Xext/security.c @@ -69,49 +69,15 @@ in this Software without prior written authorization from The Open Group. #include <stdio.h> /* for file reading operations */ #include <nx-X11/Xatom.h> /* for XA_STRING */ -#ifdef NXAGENT_SERVER - -#include <unistd.h> -#include <string.h> -#include <sys/types.h> -#include <sys/stat.h> - -#endif - #ifndef DEFAULTPOLICYFILE # define DEFAULTPOLICYFILE NULL #endif -#ifdef NXAGENT_SERVER - -#define NX_ALTERNATIVEPOLICYFILE "/usr/local/share/nx/SecurityPolicy" - -#endif - #if defined(WIN32) || defined(__CYGWIN__) #include <nx-X11/Xos.h> #undef index #endif -/* - * Set here the required NX log level. - */ - -#ifdef NXAGENT_SERVER - -#define PANIC -#define WARNING -#undef TEST -#undef DEBUG - -#endif - -#ifdef NXAGENT_SERVER - -static char _NXPolicyFilePath[1024]; - -#endif - static int SecurityErrorBase; /* first Security error number */ static int SecurityEventBase; /* first Security event number */ @@ -135,115 +101,6 @@ int (*SwappedUntrustedProcVector[256])( ClientPtr /*client*/ ); -#ifdef NXAGENT_SERVER - -/* - * This function returns the SecurityPolicy - * file full path. This path is referred by - * SecurityPolicyFile variable (generally it - * contains the hardcoded path at compile time). - * If the path does not exist, the function will - * try a set of well known paths. - */ - -char *_NXGetPolicyFilePath(const char *path) -{ - - struct stat SecurityPolicyStat; - - /* - * Check the policy file path only once. - */ - - if (*_NXPolicyFilePath != '\0') - { - return _NXPolicyFilePath; - } - - if (stat(path, &SecurityPolicyStat) == 0) - { - if (strlen(path) + 1 > 1024) - { - #ifdef WARNING - fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file path exceeded.\n"); - #endif - - goto _NXGetPolicyFilePathError; - } - - strcpy(_NXPolicyFilePath, path); - - #ifdef TEST - fprintf(stderr, "_NXGetPolicyFilePath: Using SecurityPolicy file path [%s].\n", - _NXPolicyFilePath); - #endif - - return _NXPolicyFilePath; - } - - if (stat(DEFAULTPOLICYFILE, &SecurityPolicyStat) == 0) - { - if (strlen(DEFAULTPOLICYFILE) + 1 > 1024) - { - #ifdef WARNING - fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file path exceeded.\n"); - #endif - - goto _NXGetPolicyFilePathError; - } - - strcpy(_NXPolicyFilePath, DEFAULTPOLICYFILE); - - #ifdef TEST - fprintf(stderr, "_NXGetPolicyFilePath: Using SecurityPolicy file path [%s].\n", - _NXPolicyFilePath); - #endif - - return _NXPolicyFilePath; - } - - if (stat(NX_ALTERNATIVEPOLICYFILE, &SecurityPolicyStat) == 0) - { - if (strlen(NX_ALTERNATIVEPOLICYFILE) + 1 > 1024) - { - #ifdef WARNING - fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file path exceeded.\n"); - #endif - - goto _NXGetPolicyFilePathError; - } - - strcpy(_NXPolicyFilePath, NX_ALTERNATIVEPOLICYFILE); - - #ifdef TEST - fprintf(stderr, "_NXGetPolicyFilePath: Using SecurityPolicy file path [%s].\n", - _NXPolicyFilePath); - #endif - - return _NXPolicyFilePath; - } - -_NXGetPolicyFilePathError: - - if (strlen(path) + 1 > 1024) - { - #ifdef WARNING - fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file exceeded.\n"); - #endif - } - - strcpy(_NXPolicyFilePath, path); - - #ifdef TEST - fprintf(stderr, "_NXGetPolicyFilePath: Using default SecurityPolicy file path [%s].\n", - _NXPolicyFilePath); - #endif - - return _NXPolicyFilePath; -} - -#endif - /* SecurityAudit * * Arguments: @@ -1756,44 +1613,16 @@ SecurityLoadPropertyAccessList(void) SecurityMaxPropertyName = 0; -#ifdef NXAGENT_SERVER - - if (!_NXGetPolicyFilePath(SecurityPolicyFile)) - { - return; - } - -#else - if (!SecurityPolicyFile) return; -#endif - -#ifdef NXAGENT_SERVER - - f = Fopen(_NXGetPolicyFilePath(SecurityPolicyFile), "r"); - -#else - f = Fopen(SecurityPolicyFile, "r"); -#endif - if (!f) { -#ifdef NXAGENT_SERVER - - ErrorF("error opening security policy file %s\n", - _NXGetPolicyFilePath(SecurityPolicyFile)); - -#else ErrorF("error opening security policy file %s\n", SecurityPolicyFile); - -#endif - return; } @@ -1813,19 +1642,8 @@ SecurityLoadPropertyAccessList(void) char *v = SecurityParseString(&p); if (strcmp(v, SECURITY_POLICY_FILE_VERSION) != 0) { - -#ifdef NXAGENT_SERVER - - ErrorF("%s: invalid security policy file version, ignoring file\n", - _NXGetPolicyFilePath(SecurityPolicyFile)); - -#else - ErrorF("%s: invalid security policy file version, ignoring file\n", SecurityPolicyFile); - -#endif - break; } validLine = TRUE; @@ -1852,22 +1670,10 @@ SecurityLoadPropertyAccessList(void) } } -#ifdef NXAGENT_SERVER - - if (!validLine) - { - ErrorF("Line %d of %s invalid, ignoring\n", - lineNumber, _NXGetPolicyFilePath(SecurityPolicyFile)); - } - -#else - if (!validLine) ErrorF("Line %d of %s invalid, ignoring\n", lineNumber, SecurityPolicyFile); -#endif - } /* end while more input */ #ifdef PROPDEBUG @@ -1959,16 +1765,8 @@ SecurityCheckPropertyAccess(client, pWin, propertyName, access_mode) struct stat buf; static time_t lastmod = 0; -#ifdef NXAGENT_SERVER - - int ret = stat(_NXGetPolicyFilePath(SecurityPolicyFile), &buf); - -#else - int ret = stat(SecurityPolicyFile , &buf); -#endif - if ( (ret == 0) && (buf.st_mtime > lastmod) ) { ErrorF("reloading property rules\n"); |