From 689f811ba1bac8caee40e50149127e5c81ec575c Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller <uli42@gmx.de>
Date: Sat, 16 Jan 2021 23:29:04 +0100
Subject: Xext: use $USRDATADIR/SecurityPolicy

This reflects the path where the file is placed after installation.

It also obsoletes the NX_ALTERNATIVEPOLICYFILE.

Fixes ArcticaProject/nx-libs#988
---
 nx-X11/programs/Xserver/Xext/Imakefile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/nx-X11/programs/Xserver/Xext/Imakefile b/nx-X11/programs/Xserver/Xext/Imakefile
index 540ac80fa..c3bb8391f 100644
--- a/nx-X11/programs/Xserver/Xext/Imakefile
+++ b/nx-X11/programs/Xserver/Xext/Imakefile
@@ -56,8 +56,7 @@ XF86BIGFOBJS = xf86bigfont.o
 #if BuildXCSecurity
     SECURITYSRCS = security.c
     SECURITYOBJS = security.o
- SERVERCONFIGDIR = ServerConfigDir
-   POLICYFILEDEF = -DDEFAULTPOLICYFILE=\"$(SERVERCONFIGDIR)/SecurityPolicy\"
+   POLICYFILEDEF = -DDEFAULTPOLICYFILE=\"$(USRDATADIR)/SecurityPolicy\"
 #endif
 #if BuildXinerama
         PNRXSRCS = panoramiX.c panoramiXSwap.c panoramiXprocs.c
@@ -125,7 +124,7 @@ SpecialCObjectRule(security,$(ICONFIGFILES),$(POLICYFILEDEF))
 LinkConfDirectory(xserver,.,xserver,.)
 
 #if BuildXCSecurity && InstallSecurityConfig
-InstallNonExecFile(SecurityPolicy,$(SERVERCONFIGDIR))
+InstallNonExecFile(SecurityPolicy,$(USRDATADIR))
 #endif
 
 DependTarget()
-- 
cgit v1.2.3


From a26011503c7c64549a11ff679f504f3ad2dce081 Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller <uli42@gmx.de>
Date: Sat, 16 Jan 2021 23:31:12 +0100
Subject: Xext: drop NX_ALTERNATIVEPOLICYFILE

We can now also drop all remaining NX specific lines from the security.c

see ArcticaProject/nx-libs#988
---
 nx-X11/programs/Xserver/Xext/security.c | 202 --------------------------------
 1 file changed, 202 deletions(-)

diff --git a/nx-X11/programs/Xserver/Xext/security.c b/nx-X11/programs/Xserver/Xext/security.c
index 2a7d5628f..2b4fa2cb5 100644
--- a/nx-X11/programs/Xserver/Xext/security.c
+++ b/nx-X11/programs/Xserver/Xext/security.c
@@ -69,49 +69,15 @@ in this Software without prior written authorization from The Open Group.
 #include <stdio.h>  /* for file reading operations */
 #include <nx-X11/Xatom.h>  /* for XA_STRING */
 
-#ifdef NXAGENT_SERVER
-
-#include <unistd.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#endif
-
 #ifndef DEFAULTPOLICYFILE
 # define DEFAULTPOLICYFILE NULL
 #endif
 
-#ifdef NXAGENT_SERVER
-
-#define NX_ALTERNATIVEPOLICYFILE "/usr/local/share/nx/SecurityPolicy"
-
-#endif
-
 #if defined(WIN32) || defined(__CYGWIN__)
 #include <nx-X11/Xos.h>
 #undef index
 #endif
 
-/*
- * Set here the required NX log level.
- */
-
-#ifdef NXAGENT_SERVER
-
-#define PANIC
-#define WARNING
-#undef  TEST
-#undef  DEBUG
-
-#endif
-
-#ifdef NXAGENT_SERVER
-
-static char _NXPolicyFilePath[1024];
-
-#endif
-
 static int SecurityErrorBase;  /* first Security error number */
 static int SecurityEventBase;  /* first Security event number */
 
@@ -135,115 +101,6 @@ int (*SwappedUntrustedProcVector[256])(
     ClientPtr /*client*/
 );
 
-#ifdef NXAGENT_SERVER
-
-/*
- * This function returns the SecurityPolicy
- * file full path. This path is referred by
- * SecurityPolicyFile variable (generally it
- * contains the hardcoded path at compile time).
- * If the path does not exist, the function will
- * try a set of well known paths.
- */
-
-char *_NXGetPolicyFilePath(const char *path)
-{
-
-  struct stat SecurityPolicyStat;
-
-  /*
-   * Check the policy file path only once.
-   */
-
-  if (*_NXPolicyFilePath != '\0')
-  {
-    return _NXPolicyFilePath;
-  }
-
-  if (stat(path, &SecurityPolicyStat) == 0)
-  {
-    if (strlen(path) + 1 > 1024)
-    {
-      #ifdef WARNING
-      fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file path exceeded.\n");
-      #endif
-
-      goto _NXGetPolicyFilePathError;
-    }
-
-    strcpy(_NXPolicyFilePath, path);
-
-    #ifdef TEST
-    fprintf(stderr, "_NXGetPolicyFilePath: Using SecurityPolicy file path [%s].\n",
-                _NXPolicyFilePath);
-    #endif
-
-    return _NXPolicyFilePath;
-  }
-
-  if (stat(DEFAULTPOLICYFILE, &SecurityPolicyStat) == 0)
-  {
-    if (strlen(DEFAULTPOLICYFILE) + 1 > 1024)
-    {
-      #ifdef WARNING
-      fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file path exceeded.\n");
-      #endif
-
-      goto _NXGetPolicyFilePathError;
-    }
-
-    strcpy(_NXPolicyFilePath, DEFAULTPOLICYFILE);
-
-    #ifdef TEST
-    fprintf(stderr, "_NXGetPolicyFilePath: Using SecurityPolicy file path [%s].\n",
-                _NXPolicyFilePath);
-    #endif
-
-    return _NXPolicyFilePath;
-  }
-
-  if (stat(NX_ALTERNATIVEPOLICYFILE, &SecurityPolicyStat) == 0)
-  {
-    if (strlen(NX_ALTERNATIVEPOLICYFILE) + 1 > 1024)
-    {
-      #ifdef WARNING
-      fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file path exceeded.\n");
-      #endif
-
-      goto _NXGetPolicyFilePathError;
-    }
-
-    strcpy(_NXPolicyFilePath, NX_ALTERNATIVEPOLICYFILE);
-
-    #ifdef TEST
-    fprintf(stderr, "_NXGetPolicyFilePath: Using SecurityPolicy file path [%s].\n",
-                _NXPolicyFilePath);
-    #endif
-
-    return _NXPolicyFilePath;
-  }
-
-_NXGetPolicyFilePathError:
-
-  if (strlen(path) + 1 > 1024)
-  {
-    #ifdef WARNING
-    fprintf(stderr, "_NXGetPolicyFilePath: WARNING! Maximum length of SecurityPolicy file exceeded.\n");
-    #endif
-  }
-
-  strcpy(_NXPolicyFilePath, path);
-
-  #ifdef TEST
-  fprintf(stderr, "_NXGetPolicyFilePath: Using default SecurityPolicy file path [%s].\n",
-              _NXPolicyFilePath);
-  #endif
-
-  return _NXPolicyFilePath;
-}
-
-#endif
-
 /* SecurityAudit
  *
  * Arguments:
@@ -1756,44 +1613,16 @@ SecurityLoadPropertyAccessList(void)
 
     SecurityMaxPropertyName = 0;
 
-#ifdef NXAGENT_SERVER
-
-    if (!_NXGetPolicyFilePath(SecurityPolicyFile))
-    {
-      return;
-    }
-
-#else
-
     if (!SecurityPolicyFile)
 	return;
 
-#endif
-
-#ifdef NXAGENT_SERVER
-
-    f = Fopen(_NXGetPolicyFilePath(SecurityPolicyFile), "r");
-
-#else
-
     f = Fopen(SecurityPolicyFile, "r");
 
-#endif
-
     if (!f)
     {
-#ifdef NXAGENT_SERVER
-
-        ErrorF("error opening security policy file %s\n",
-                   _NXGetPolicyFilePath(SecurityPolicyFile));
-
-#else
 
 	ErrorF("error opening security policy file %s\n",
 	       SecurityPolicyFile);
-
-#endif
-
 	return;
     }
 
@@ -1813,19 +1642,8 @@ SecurityLoadPropertyAccessList(void)
 	    char *v = SecurityParseString(&p);
 	    if (strcmp(v, SECURITY_POLICY_FILE_VERSION) != 0)
 	    {
-
-#ifdef NXAGENT_SERVER
-
-                ErrorF("%s: invalid security policy file version, ignoring file\n",
-                           _NXGetPolicyFilePath(SecurityPolicyFile));
-
-#else
-
 		ErrorF("%s: invalid security policy file version, ignoring file\n",
 		       SecurityPolicyFile);
-
-#endif
-
 		break;
 	    }
 	    validLine = TRUE;
@@ -1852,22 +1670,10 @@ SecurityLoadPropertyAccessList(void)
 	    }
 	}
 
-#ifdef NXAGENT_SERVER
-
-        if (!validLine)
-        {
-          ErrorF("Line %d of %s invalid, ignoring\n",
-                     lineNumber, _NXGetPolicyFilePath(SecurityPolicyFile));
-        }
-
-#else
-
 	if (!validLine)
 	    ErrorF("Line %d of %s invalid, ignoring\n",
 		   lineNumber, SecurityPolicyFile);
 
-#endif
-
     } /* end while more input */
 
 #ifdef PROPDEBUG
@@ -1959,16 +1765,8 @@ SecurityCheckPropertyAccess(client, pWin, propertyName, access_mode)
 	struct stat buf;
 	static time_t lastmod = 0;
 
-#ifdef NXAGENT_SERVER
-
-        int ret = stat(_NXGetPolicyFilePath(SecurityPolicyFile), &buf);
-
-#else
-
 	int ret = stat(SecurityPolicyFile , &buf);
 
-#endif
-
 	if ( (ret == 0) && (buf.st_mtime > lastmod) )
 	{
 	    ErrorF("reloading property rules\n");
-- 
cgit v1.2.3