Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver

Conflicts:

	Xext/appgroup.c
	Xext/security.c
	dix/devices.c
	dix/dispatch.c
	dix/dixutils.c
	dix/events.c
	dix/extension.c
	dix/property.c
	dix/window.c
	os/access.c

3 files changed, 135 insertions, 3 deletions

diff --git a/Xext/appgroup.c b/Xext/appgroup.c
index e182cadda..8db4cef01 100644
--- a/Xext/appgroup.c
+++ b/Xext/appgroup.c
@@ -45,8 +45,7 @@ from The Open Group.
 #include <X11/extensions/Xagstr.h>
 #include <X11/extensions/Xagsrv.h>
 #include "xacestr.h"
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#include "securitysrv.h"
 #include <X11/Xfuncproto.h>
 
 #define XSERV_t
diff --git a/Xext/security.c b/Xext/security.c
index 957f083a6..f80d46406 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -40,7 +40,7 @@ in this Software without prior written authorization from The Open Group.
 #include "colormapst.h"
 #include "propertyst.h"
 #include "xacestr.h"
-#define _SECURITY_SERVER
+#include "securitysrv.h"
 #include <X11/extensions/securstr.h>
 #include <assert.h>
 #include <stdarg.h>
diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
new file mode 100644
index 000000000..596eead0d
--- /dev/null
+++ b/Xext/securitysrv.h
@@ -0,0 +1,133 @@
+/*
+Copyright 1996, 1998  The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall
+not be used in advertising or otherwise to promote the sale, use or
+other dealings in this Software without prior written authorization
+from The Open Group.
+*/
+
+/* Xserver internals for Security extension - moved here from
+   _SECURITY_SERVER section of <X11/extensions/security.h> */
+
+#ifndef _SECURITY_SRV_H
+#define _SECURITY_SRV_H
+
+/* Allow client side portions of <X11/extensions/security.h> to compile */
+#ifndef Status
+# define Status int
+# define NEED_UNDEF_Status
+#endif
+#ifndef Display
+# define Display void
+# define NEED_UNDEF_Display
+#endif
+
+#include <X11/extensions/security.h>
+
+#ifdef NEED_UNDEF_Status
+# undef Status
+# undef NEED_UNDEF_Status
+#endif
+#ifdef NEED_UNDEF_Display
+# undef Display
+# undef NEED_UNDEF_Display
+#endif
+
+
+#include "input.h"    /* for DeviceIntPtr */
+#include "property.h" /* for PropertyPtr */
+#include "pixmap.h"   /* for DrawablePtr */
+#include "resource.h" /* for RESTYPE */
+
+/* resource type to pass in LookupIDByType for authorizations */
+extern RESTYPE SecurityAuthorizationResType;
+
+/* this is what we store for an authorization */
+typedef struct {
+    XID id;			/* resource ID */
+    CARD32 timeout;	/* how long to live in seconds after refcnt == 0 */
+    unsigned int trustLevel;	/* trusted/untrusted */
+    XID group;			/* see embedding extension */
+    unsigned int refcnt;	/* how many clients connected with this auth */
+    unsigned int secondsRemaining; /* overflow time amount for >49 days */
+    OsTimerPtr timer;		/* timer for this auth */
+    struct _OtherClients *eventClients; /* clients wanting events */
+} SecurityAuthorizationRec, *SecurityAuthorizationPtr;
+
+/* The following callback is called when a GenerateAuthorization request
+ * is processed to sanity check the group argument.  The call data will
+ * be a pointer to a SecurityValidateGroupInfoRec (below).  
+ * Functions registered on this callback are expected to examine the
+ * group and set the valid field to TRUE if they recognize the group as a
+ * legitimate group.  If they don't recognize it, they should not change the
+ * valid field.
+ */
+extern CallbackListPtr SecurityValidateGroupCallback;
+typedef struct {
+    XID group;	/* the group that was sent in GenerateAuthorization */
+    Bool valid; /* did anyone recognize it? if so, set to TRUE */
+} SecurityValidateGroupInfoRec;
+
+/* Proc vectors for untrusted clients, swapped and unswapped versions.
+ * These are the same as the normal proc vectors except that extensions
+ * that haven't declared themselves secure will have ProcBadRequest plugged
+ * in for their major opcode dispatcher.  This prevents untrusted clients
+ * from guessing extension major opcodes and using the extension even though
+ * the extension can't be listed or queried.
+ */
+extern int (*UntrustedProcVector[256])(ClientPtr client);
+extern int (*SwappedUntrustedProcVector[256])(ClientPtr client);
+
+extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev,
+			       Bool fromRequest);
+
+extern void SecurityAudit(char *format, ...);
+
+extern int XSecurityOptions(int argc, char **argv, int i);
+
+/* Give this value or higher to the -audit option to get security messages */
+#define SECURITY_AUDIT_LEVEL 4
+
+extern void SecurityCensorImage(
+    ClientPtr client,
+    RegionPtr pVisibleRegion,
+    long widthBytesLine,
+    DrawablePtr pDraw,
+    int x, int y, int w, int h,
+    unsigned int format,
+    char * pBuf);
+
+#define SecurityAllowOperation  0
+#define SecurityIgnoreOperation 1
+#define SecurityErrorOperation  2
+
+extern char
+SecurityCheckPropertyAccess(
+    ClientPtr client,
+    WindowPtr pWin,
+    ATOM  propertyName,
+    Mask access_mode);
+
+#define SECURITY_POLICY_FILE_VERSION "version-1"
+
+extern char **SecurityGetSitePolicyStrings(int *n);
+
+#endif /* _SECURITY_SRV_H */