1 /* $XConsortium: security.h /main/6 1996/11/12 12:17:11 swick $ */
3 Copyright (c) 1996 X Consortium
5 Permission is hereby granted, free of charge, to any person obtaining
6 a copy of this software and associated documentation files (the
7 "Software"), to deal in the Software without restriction, including
8 without limitation the rights to use, copy, modify, merge, publish,
9 distribute, sublicense, and sell copies of the Software, and to
10 permit persons to whom the Software is furnished to do so, subject to
11 the following conditions:
13 The above copyright notice and this permission notice shall be included
14 in all copies or substantial portions of the Software.
16 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
17 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 OTHER DEALINGS IN THE SOFTWARE.
24 Except as contained in this notice, the name of the X Consortium shall
25 not be used in advertising or otherwise to promote the sale, use or
26 other dealings in this Software without prior written authorization
27 from the X Consortium.
33 #define _XAUTH_STRUCT_ONLY
34 #include <X11/Xauth.h>
36 /* constants that server, library, and application all need */
38 #define XSecurityNumberEvents 1
39 #define XSecurityNumberErrors 2
40 #define XSecurityBadAuthorization 0
41 #define XSecurityBadAuthorizationProtocol 1
44 #define XSecurityClientTrusted 0
45 #define XSecurityClientUntrusted 1
47 /* authorization attribute masks */
48 #define XSecurityTimeout (1<<0)
49 #define XSecurityTrustLevel (1<<1)
50 #define XSecurityGroup (1<<2)
51 #define XSecurityEventMask (1<<3)
52 #define XSecurityAllAuthorizationAttributes \
53 (XSecurityTimeout | XSecurityTrustLevel | XSecurityGroup | XSecurityEventMask)
56 #define XSecurityAuthorizationRevokedMask (1<<0)
57 #define XSecurityAllEventMasks XSecurityAuthorizationRevokedMask
60 #define XSecurityAuthorizationRevoked 0
62 #define XSecurityAuthorizationName "XC-QUERY-SECURITY-1"
63 #define XSecurityAuthorizationNameLen 19
66 #ifndef _SECURITY_SERVER
70 Status XSecurityQueryExtension (
72 int *major_version_return,
73 int *minor_version_return);
75 Xauth *XSecurityAllocXauth(void);
77 void XSecurityFreeXauth(Xauth *auth);
79 /* type for returned auth ids */
80 typedef unsigned long XSecurityAuthorization;
84 unsigned int trust_level;
87 } XSecurityAuthorizationAttributes;
89 Xauth *XSecurityGenerateAuthorization(
92 unsigned long valuemask,
93 XSecurityAuthorizationAttributes *attributes,
94 XSecurityAuthorization *auth_id_return);
96 Status XSecurityRevokeAuthorization(
98 XSecurityAuthorization auth_id);
103 int type; /* event base + XSecurityAuthorizationRevoked */
104 unsigned long serial; /* # of last request processed by server */
105 Bool send_event; /* true if this came from a SendEvent request */
106 Display *display; /* Display the event was read from */
107 XSecurityAuthorization auth_id; /* revoked authorization id */
108 } XSecurityAuthorizationRevokedEvent;
110 #else /* _SECURITY_SERVER */
112 #include "input.h" /* for DeviceIntPtr */
113 #include "property.h" /* for PropertyPtr */
115 /* resource type to pass in LookupIDByType for authorizations */
116 extern RESTYPE SecurityAuthorizationResType;
118 /* this is what we store for an authorization */
120 XID id; /* resource ID */
121 CARD32 timeout; /* how long to live in seconds after refcnt == 0 */
122 unsigned int trustLevel; /* trusted/untrusted */
123 XID group; /* see embedding extension */
124 unsigned int refcnt; /* how many clients connected with this auth */
125 unsigned int secondsRemaining; /* overflow time amount for >49 days */
126 OsTimerPtr timer; /* timer for this auth */
127 struct _OtherClients *eventClients; /* clients wanting events */
128 } SecurityAuthorizationRec, *SecurityAuthorizationPtr;
130 /* The following callback is called when a GenerateAuthorization request
131 * is processed to sanity check the group argument. The call data will
132 * be a pointer to a SecurityValidateGroupInfoRec (below).
133 * Functions registered on this callback are expected to examine the
134 * group and set the valid field to TRUE if they recognize the group as a
135 * legitimate group. If they don't recognize it, they should not change the
138 extern CallbackListPtr SecurityValidateGroupCallback;
140 XID group; /* the group that was sent in GenerateAuthorization */
141 Bool valid; /* did anyone recognize it? if so, set to TRUE */
142 } SecurityValidateGroupInfoRec;
144 /* Proc vectors for untrusted clients, swapped and unswapped versions.
145 * These are the same as the normal proc vectors except that extensions
146 * that haven't declared themselves secure will have ProcBadRequest plugged
147 * in for their major opcode dispatcher. This prevents untrusted clients
148 * from guessing extension major opcodes and using the extension even though
149 * the extension can't be listed or queried.
151 extern int (*UntrustedProcVector[256])(ClientPtr client);
152 extern int (*SwappedUntrustedProcVector[256])(ClientPtr client);
154 extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev,
157 extern void SecurityAudit(char *format, ...);
159 /* Give this value or higher to the -audit option to get security messages */
160 #define SECURITY_AUDIT_LEVEL 4
162 extern void SecurityCensorImage(
164 RegionPtr pVisibleRegion,
167 int x, int y, int w, int h,
171 #define SecurityAllowOperation 0
172 #define SecurityIgnoreOperation 1
173 #define SecurityErrorOperation 2
176 SecurityCheckPropertyAccess(
182 #define SECURITY_POLICY_FILE_VERSION "version-1"
184 char **SecurityGetSitePolicyStrings(int *n);
186 #endif /* _SECURITY_SERVER */
188 #endif /* _SECURITY_H */