10 files changed, 67 insertions, 65 deletions

diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy
index cc521c263..0000c5a8f 100644
--- a/Xext/SecurityPolicy
+++ b/Xext/SecurityPolicy
@@ -86,3 +86,8 @@ property XDCCC_GRAY_CORRECTION	root	ar
 # To let untrusted clients use the overlay visuals that many vendors
 # support, include this line.
 property SERVER_OVERLAY_VISUALS	root	ar
+
+# Only trusted extensions can be used by untrusted clients
+trust extension XC-MISC
+trust extension BIG-REQUESTS
+trust extension XpExtension
diff --git a/Xext/bigreq.c b/Xext/bigreq.c
index fcd848aec..d38879079 100644
--- a/Xext/bigreq.c
+++ b/Xext/bigreq.c
@@ -66,8 +66,6 @@ BigReqExtensionInit(INITARGS)
 			ProcBigReqDispatch, ProcBigReqDispatch,
 			BigReqResetProc, StandardMinorOpcode);
 #endif
-
-    DeclareExtensionSecurity(XBigReqExtensionName, TRUE);
 }
 
 /*ARGSUSED*/
diff --git a/Xext/security.c b/Xext/security.c
index b6df61a61..b1c0ce008 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -63,8 +63,6 @@ typedef struct {
     XID authId;
 } SecurityClientStateRec;
 
-#define EXTLEVEL(extnsn) ((Bool) \
-    dixLookupPrivate(DEVPRIV_PTR(extnsn), &stateKey))
 #define HAVESTATE(client) (((SecurityClientStateRec *) \
     dixLookupPrivate(DEVPRIV_PTR(client), &stateKey))->haveState)
 #define TRUSTLEVEL(client) (((SecurityClientStateRec *) \
@@ -74,6 +72,9 @@ typedef struct {
 
 static CallbackListPtr SecurityValidateGroupCallback = NULL;
 
+static char **SecurityTrustedExtensions = NULL;
+static int nSecurityTrustedExtensions = 0;
+
 RESTYPE SecurityAuthorizationResType; /* resource type for authorizations */
 
 static RESTYPE RTEventClient;
@@ -1210,10 +1211,13 @@ SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused,
 		       pointer calldata)
 {
     XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata;
+    int i, trusted = 0;
 
-    if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
-	!EXTLEVEL(rec->ext))
+    for (i = 0; i < nSecurityTrustedExtensions; i++)
+	if (!strcmp(SecurityTrustedExtensions[i], rec->ext->name))
+	    trusted = 1;
 
+    if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && !trusted)
 	rec->status = BadAccess;
 }
 
@@ -1235,16 +1239,6 @@ SecurityCheckHostlistAccess(CallbackListPtr *pcbl, pointer unused,
     }
 }
 
-static void
-SecurityDeclareExtSecure(CallbackListPtr *pcbl, pointer unused,
-			 pointer calldata)
-{
-    XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata;
-
-    /* security state for extensions is simply a boolean trust value */
-    dixSetPrivate(DEVPRIV_PTR(rec->ext), &stateKey, (pointer)rec->secure);
-}
-
 /**********************************************************************/
 
 typedef struct _PropertyAccessRec {
@@ -1276,7 +1270,9 @@ static char *SecurityKeywords[] = {
 #define SecurityKeywordRoot 3
     "root",
 #define SecurityKeywordAny 4
-    "any"
+    "any",
+#define SecurityKeywordExtension 5
+    "trust extension",
 };
 
 #define NUMKEYWORDS (sizeof(SecurityKeywords) / sizeof(char *))
@@ -1500,6 +1496,36 @@ SecurityParsePropertyAccessRule(
     return TRUE;
 } /* SecurityParsePropertyAccessRule */
 
+static Bool
+SecurityParseExtensionRule(
+    char *p)
+{
+    char *extName = SecurityParseString(&p);
+    char *copyExtName;
+    char **newStrings;
+
+    if (!extName)
+	return FALSE;
+
+    copyExtName = (char *)Xalloc(strlen(extName) + 1);
+    if (!copyExtName)
+	return TRUE;
+    strcpy(copyExtName, extName);
+    newStrings = (char **)Xrealloc(SecurityTrustedExtensions,
+			  sizeof (char *) * (nSecurityTrustedExtensions + 1));
+    if (!newStrings)
+    {
+	Xfree(copyExtName);
+	return TRUE;
+    }
+
+    SecurityTrustedExtensions = newStrings;
+    SecurityTrustedExtensions[nSecurityTrustedExtensions++] = copyExtName;
+
+    return TRUE;
+
+} /* SecurityParseExtensionRule */
+
 static char **SecurityPolicyStrings = NULL;
 static int nSecurityPolicyStrings = 0;
 
@@ -1558,6 +1584,21 @@ SecurityFreeSitePolicyStrings(void)
     }
 } /* SecurityFreeSitePolicyStrings */
 
+static void
+SecurityFreeTrustedExtensionStrings(void)
+{
+    if (SecurityTrustedExtensions)
+    {
+	assert(nSecurityTrustedExtensions);
+	while (nSecurityTrustedExtensions--)
+	{
+	    Xfree(SecurityTrustedExtensions[nSecurityTrustedExtensions]);
+	}
+	Xfree(SecurityTrustedExtensions);
+	SecurityTrustedExtensions = NULL;
+	nSecurityTrustedExtensions = 0;
+    }
+} /* SecurityFreeSiteTrustedExtensions */
 
 static void
 SecurityLoadPropertyAccessList(void)
@@ -1616,6 +1657,10 @@ SecurityLoadPropertyAccessList(void)
 		    validLine = SecurityParseSitePolicy(p);
 		break;
 
+		case SecurityKeywordExtension:
+		    validLine = SecurityParseExtensionRule(p);
+		break;
+
 		default:
 		    validLine = (*p == '\0'); /* blank lines OK, others not */
 		break;
@@ -1791,6 +1836,7 @@ SecurityResetProc(
     ExtensionEntry *extEntry)
 {
     SecurityFreePropertyAccessList();
+    SecurityFreeTrustedExtensionStrings();
     SecurityFreeSitePolicyStrings();
 } /* SecurityResetProc */
 
@@ -1811,32 +1857,6 @@ XSecurityOptions(argc, argv, i)
 } /* XSecurityOptions */
 
 
-/* SecurityExtensionSetup
- *
- * Arguments: none.
- *
- * Returns: nothing.
- *
- * Side Effects:
- *	Sets up the Security extension if possible.
- *      This function contains things that need to be done
- *      before any other extension init functions get called.
- */
-
-void
-SecurityExtensionSetup(INITARGS)
-{
-    /* FIXME: this is here so it is registered before other extensions
-     * init themselves.  This also required commit 5e946dd853a4ebc... to
-     * call the setup functions on each server reset.
-     *
-     * The extension security bit should be delivered in some other way,
-     * either in a symbol or in the module data.
-     */
-    XaceRegisterCallback(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, 0);
-} /* SecurityExtensionSetup */
-
-
 /* SecurityExtensionInit
  *
  * Arguments: none.
diff --git a/Xext/xcmisc.c b/Xext/xcmisc.c
index 8c7a86e6a..d9a7f100d 100644
--- a/Xext/xcmisc.c
+++ b/Xext/xcmisc.c
@@ -80,8 +80,6 @@ XCMiscExtensionInit(INITARGS)
 			ProcXCMiscDispatch, SProcXCMiscDispatch,
 			XCMiscResetProc, StandardMinorOpcode);
 #endif
-
-    DeclareExtensionSecurity(XCMiscExtensionName, TRUE);
 }
 
 /*ARGSUSED*/
diff --git a/Xext/xprint.c b/Xext/xprint.c
index 4ac13e6d1..ff739c0e7 100644
--- a/Xext/xprint.c
+++ b/Xext/xprint.c
@@ -335,7 +335,6 @@ XpExtensionInit(INITARGS)
 	    screenInfo.screens[i]->CloseScreen = XpCloseScreen;
 	}
     }
-    DeclareExtensionSecurity(XP_PRINTNAME, TRUE);
 }
 
 static void
diff --git a/dix/extension.c b/dix/extension.c
index ad4e697b1..ec47ef19c 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -250,14 +250,6 @@ GetExtensionEntry(int major)
     return extensions[major];
 }
 
-_X_EXPORT void
-DeclareExtensionSecurity(char *extname, Bool secure)
-{
-    int i = FindExtension(extname, strlen(extname));
-    if (i >= 0)
-	XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
-}
-
 _X_EXPORT unsigned short
 StandardMinorOpcode(ClientPtr client)
 {
diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h
index 131b9e6e6..fb75092c7 100644
--- a/hw/xfree86/dixmods/extmod/modinit.h
+++ b/hw/xfree86/dixmods/extmod/modinit.h
@@ -135,7 +135,6 @@ extern void XSELinuxExtensionInit(INITARGS);
 #endif
 
 #if 1
-extern void SecurityExtensionSetup(INITARGS);
 extern void SecurityExtensionInit(INITARGS);
 #endif
 
diff --git a/hw/xfree86/loader/dixsym.c b/hw/xfree86/loader/dixsym.c
index 043f2db90..1af076b88 100644
--- a/hw/xfree86/loader/dixsym.c
+++ b/hw/xfree86/loader/dixsym.c
@@ -200,7 +200,6 @@ _X_HIDDEN void *dixLookupTab[] = {
     SYMFUNC(AddExtension)
     SYMFUNC(AddExtensionAlias)
     SYMFUNC(CheckExtension)
-    SYMFUNC(DeclareExtensionSecurity)
     SYMFUNC(MinorOpcodeOfRequest)
     SYMFUNC(StandardMinorOpcode)
 #ifdef XEVIE
diff --git a/include/extnsionst.h b/include/extnsionst.h
index 28ae1d539..58bf0a206 100644
--- a/include/extnsionst.h
+++ b/include/extnsionst.h
@@ -107,9 +107,5 @@ extern Bool AddExtensionAlias(
 extern ExtensionEntry *CheckExtension(const char *extname);
 extern ExtensionEntry *GetExtensionEntry(int major);
 
-extern void DeclareExtensionSecurity(
-    char * /*extname*/,
-    Bool /*secure*/);
-
 #endif /* EXTENSIONSTRUCT_H */
 
diff --git a/mi/miinitext.c b/mi/miinitext.c
index f14254051..964ef3e0e 100644
--- a/mi/miinitext.c
+++ b/mi/miinitext.c
@@ -321,7 +321,6 @@ extern void XagExtensionInit(INITARGS);
 extern void XaceExtensionInit(INITARGS);
 #endif
 #ifdef XCSECURITY
-extern void SecurityExtensionSetup(INITARGS);
 extern void SecurityExtensionInit(INITARGS);
 #endif
 #ifdef XSELINUX
@@ -538,9 +537,6 @@ InitExtensions(argc, argv)
     int		argc;
     char	*argv[];
 {
-#ifdef XCSECURITY
-    SecurityExtensionSetup();
-#endif
 #ifdef XSELINUX
     XSELinuxExtensionSetup();
 #endif
@@ -719,7 +715,7 @@ static ExtensionModule staticExtensions[] = {
     { XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL },
 #endif
 #ifdef XCSECURITY
-    { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, SecurityExtensionSetup, NULL },
+    { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
 #endif
 #ifdef XSELINUX
     { XSELinuxExtensionInit, XSELINUX_EXTENSION_NAME, NULL, XSELinuxExtensionSetup, NULL },