diff options
author | dkf <donal.k.fellows@manchester.ac.uk> | 2009-08-25 08:46:06 (GMT) |
---|---|---|
committer | dkf <donal.k.fellows@manchester.ac.uk> | 2009-08-25 08:46:06 (GMT) |
commit | 722bf308e2388220307c511109010cb283d1c477 (patch) | |
tree | 064482abcc7a416e71668cfa2e9f5e0e2b25fc98 | |
parent | be443037d96546bb6095977a5c5a81c5ccf681e2 (diff) | |
download | tk-722bf308e2388220307c511109010cb283d1c477.zip tk-722bf308e2388220307c511109010cb283d1c477.tar.gz tk-722bf308e2388220307c511109010cb283d1c477.tar.bz2 |
[Bug 1909931]: Add support for server-interpreted access control addreses.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | unix/tkUnixSend.c | 88 |
2 files changed, 71 insertions, 22 deletions
@@ -1,3 +1,8 @@ +2009-08-25 Donal K. Fellows <dkf@users.sf.net> + + * unix/tkUnixSend.c (ServerSecure): [Bug 1909931]: Added some support + for server-interpreted access control addreses. + 2009-08-24 Donal K. Fellows <dkf@users.sf.net> * library/msgbox.tcl (::tk::MessageBox): Correct bindings so that they diff --git a/unix/tkUnixSend.c b/unix/tkUnixSend.c index 7394ec5..b6d4dce 100644 --- a/unix/tkUnixSend.c +++ b/unix/tkUnixSend.c @@ -11,7 +11,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkUnixSend.c,v 1.24 2008/11/18 23:49:43 nijtmans Exp $ + * RCS: @(#) $Id: tkUnixSend.c,v 1.25 2009/08/25 08:46:06 dkf Exp $ */ #include "tkUnixInt.h" @@ -226,7 +226,7 @@ static int ServerSecure(TkDisplay *dispPtr); static void UpdateCommWindow(TkDisplay *dispPtr); static int ValidateName(TkDisplay *dispPtr, const char *name, Window commWindow, int oldOK); - + /* *---------------------------------------------------------------------- * @@ -325,7 +325,7 @@ RegOpen( } return regPtr; } - + /* *---------------------------------------------------------------------- * @@ -378,7 +378,7 @@ RegFindName( } return None; } - + /* *---------------------------------------------------------------------- * @@ -442,7 +442,7 @@ RegDeleteName( } } } - + /* *---------------------------------------------------------------------- * @@ -492,7 +492,7 @@ RegAddName( regPtr->property = newProp; regPtr->allocedByX = 0; } - + /* *---------------------------------------------------------------------- * @@ -552,7 +552,7 @@ RegClose( } ckfree((char *) regPtr); } - + /* *---------------------------------------------------------------------- * @@ -647,7 +647,7 @@ ValidateName( } return result; } - + /* *---------------------------------------------------------------------- * @@ -681,8 +681,52 @@ ServerSecure( secure = 0; addrPtr = XListHosts(dispPtr->display, &numHosts, &enabled); - if (enabled && (numHosts == 0)) { - secure = 1; + if (enabled) { + if (numHosts == 0) { + secure = 1; + } + + /* + * Recent versions of X11 have the extra feature of allowing more + * sophisticated authorization checks to be performed than the dozy + * old ones that used to plague xhost usage. However, not all deployed + * versions of Xlib know how to deal with this feature, so this code + * is conditional on having the right #def in place. [Bug 1909931] + */ + +#ifdef FamilyServerInterpreted + if (numHosts == 1 && addrPtr[0].family == FamilyServerInterpreted) { + XServerInterpretedAddress *siPtr = + (XServerInterpretedAddress *) addrPtr[0].address; + + if (siPtr->typelength==9 && !memcmp(siPtr->type,"localuser",9)) { + /* + * We don't check the username here. This is because it's + * officially non-portable and we are just making sure there + * aren't silly misconfigurations. (Apparently 'root' is not a + * very good choice, but we still don't put any effort in to + * spot that.) + */ + + secure = 1; + } else if (siPtr->typelength == 10 + && !memcmp(siPtr->type, "localgroup", 10)) { + /* + * Similarly to above, we don't attempt to peek inside server + * interpreted group names. If someone set it, it's what they + * want and we assume it's OK. + */ + + secure = 1; + } + + /* + * The other defined types of server-interpreted controls involve + * particular hosts; these are still insecure for the same reasons + * that classic xhost access is insecure. + */ + } +#endif } if (addrPtr != NULL) { XFree((char *) addrPtr); @@ -690,7 +734,7 @@ ServerSecure( return secure; #endif /* TK_NO_SECURITY */ } - + /* *-------------------------------------------------------------- * @@ -849,7 +893,7 @@ Tk_SetAppName( return riPtr->name; } - + /* *-------------------------------------------------------------- * @@ -1138,7 +1182,7 @@ Tk_SendCmd( ckfree(pending.result); return pending.code; } - + /* *---------------------------------------------------------------------- * @@ -1226,7 +1270,7 @@ TkGetInterpNames( RegClose(regPtr); return TCL_OK; } - + /* *-------------------------------------------------------------- * @@ -1256,7 +1300,7 @@ TkSendCleanup( dispPtr->commTkwin = NULL; } } - + /* *-------------------------------------------------------------- * @@ -1313,7 +1357,7 @@ SendInit( return TCL_OK; } - + /* *-------------------------------------------------------------- * @@ -1651,7 +1695,7 @@ SendEventProc( } XFree(propInfo); } - + /* *-------------------------------------------------------------- * @@ -1730,7 +1774,7 @@ AppendErrorProc( } return 0; } - + /* *-------------------------------------------------------------- * @@ -1779,7 +1823,7 @@ DeleteProc( UpdateCommWindow(riPtr->dispPtr); Tcl_EventuallyFree(riPtr, TCL_DYNAMIC); } - + /* *---------------------------------------------------------------------- * @@ -1819,7 +1863,7 @@ SendRestrictProc( } return TK_DEFER_EVENT; } - + /* *---------------------------------------------------------------------- * @@ -1859,7 +1903,7 @@ UpdateCommWindow( Tcl_DStringLength(&names)); Tcl_DStringFree(&names); } - + /* *---------------------------------------------------------------------- * @@ -1967,7 +2011,7 @@ TkpTestsendCmd( } return TCL_OK; } - + /* * Local Variables: * mode: c |