SecBSD/xenocara
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync code with last improvements from OpenBSD

Browse source
This commit is contained in:
purplerain 2023-08-28 05:57:34 +00:00
commit 88965415ff
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
26235 changed files with 29195616 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
doc/xorg-docs/specs/Xserver/Makefile.am Normal file
View file

@ -0,0 +1,13 @@
if ENABLE_SPECS
# Main DocBook/XML files (DOCTYPE book)
docbook = analysis.xml appgroup.xml secint.xml XACE-Spec.xml
# The location where the DocBook/XML files and their generated formats are installed
shelfdir = $(docdir)/Xserver
# Generate DocBook/XML output formats with or without stylesheets
include $(top_srcdir)/docbook.am
endif ENABLE_SPECS

575
doc/xorg-docs/specs/Xserver/Makefile.in Normal file
View file

@ -0,0 +1,575 @@
# Makefile.in generated by automake 1.12.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2012 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# Generate output formats for a single DocBook/XML with/without chapters
#
# Variables set by the calling Makefile:
# shelfdir: the location where the docs/specs are installed. Typically $(docdir)
# docbook: the main DocBook/XML file, no chapters, appendix or image files
# chapters: all files pulled in by an XInclude statement and images.
#
#
# This makefile is intended for Users Documentation and Functional Specifications.
# Do not use for Developer Documentation which is not installed and does not require olink.
# Refer to http://www.x.org/releases/X11R7.6/doc/xorg-docs/ReleaseNotes.html#id2584393
# for an explanation on documents classification.
#
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
DIST_COMMON = $(am__dist_shelf_DATA_DIST) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(top_srcdir)/docbook.am
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@am__append_1 = $(docbook:.xml=.html)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TEXT_TRUE@@HAVE_XMLTO_TRUE@am__append_2 = $(docbook:.xml=.txt)
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@am__append_3 = $(docbook:.xml=.pdf) \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(docbook:.xml=.ps)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@am__append_4 = $(docbook:.xml=.html.db) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(docbook:.xml=.pdf.db)
subdir = specs/Xserver
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__dist_shelf_DATA_DIST = analysis.xml appgroup.xml secint.xml \
XACE-Spec.xml
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(shelfdir)" "$(DESTDIR)$(shelfdir)"
DATA = $(dist_shelf_DATA) $(shelf_DATA)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ADMIN_MAN_DIR = @ADMIN_MAN_DIR@
ADMIN_MAN_SUFFIX = @ADMIN_MAN_SUFFIX@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
APP_MAN_DIR = @APP_MAN_DIR@
APP_MAN_SUFFIX = @APP_MAN_SUFFIX@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BASE_CFLAGS = @BASE_CFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHANGELOG_CMD = @CHANGELOG_CMD@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CWARNFLAGS = @CWARNFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DRIVER_MAN_DIR = @DRIVER_MAN_DIR@
DRIVER_MAN_SUFFIX = @DRIVER_MAN_SUFFIX@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FILE_MAN_DIR = @FILE_MAN_DIR@
FILE_MAN_SUFFIX = @FILE_MAN_SUFFIX@
FOP = @FOP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_CMD = @INSTALL_CMD@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIB_MAN_DIR = @LIB_MAN_DIR@
LIB_MAN_SUFFIX = @LIB_MAN_SUFFIX@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MAN_SUBSTS = @MAN_SUBSTS@
MISC_MAN_DIR = @MISC_MAN_DIR@
MISC_MAN_SUFFIX = @MISC_MAN_SUFFIX@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRICT_CFLAGS = @STRICT_CFLAGS@
STRIP = @STRIP@
STYLESHEET_SRCDIR = @STYLESHEET_SRCDIR@
VERSION = @VERSION@
XMLTO = @XMLTO@
XORG_MAN_PAGE = @XORG_MAN_PAGE@
XORG_SGML_PATH = @XORG_SGML_PATH@
XSLTPROC = @XSLTPROC@
XSL_STYLESHEET = @XSL_STYLESHEET@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
# Main DocBook/XML files (DOCTYPE book)
@ENABLE_SPECS_TRUE@docbook = analysis.xml appgroup.xml secint.xml XACE-Spec.xml
# The location where the DocBook/XML files and their generated formats are installed
@ENABLE_SPECS_TRUE@shelfdir = $(docdir)/Xserver
# DocBook/XML generated output formats to be installed
@ENABLE_SPECS_TRUE@shelf_DATA = $(am__append_1) $(am__append_2) \
@ENABLE_SPECS_TRUE@ $(am__append_3) $(am__append_4)
# DocBook/XML file with chapters, appendix and images it includes
@ENABLE_SPECS_TRUE@dist_shelf_DATA = $(docbook) $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_SEARCHPATH_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ --searchpath "$(XORG_SGML_PATH)/X11" \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ --searchpath "$(abs_top_builddir)"
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_HTML_OLINK_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ --stringparam target.database.document=$(XORG_SGML_PATH)/X11/dbs/masterdb.html.xml \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ --stringparam current.docid="$(<:.xml=)"
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_HTML_STYLESHEET_FLAGS = -x $(STYLESHEET_SRCDIR)/xorg-xhtml.xsl
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_HTML_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_SEARCHPATH_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_HTML_STYLESHEET_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_HTML_OLINK_FLAGS)
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_FO_IMAGEPATH_FLAGS = --stringparam img.src.path=$(abs_builddir)/
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_PDF_OLINK_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ --stringparam target.database.document=$(XORG_SGML_PATH)/X11/dbs/masterdb.pdf.xml \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ --stringparam current.docid="$(<:.xml=)"
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_FO_STYLESHEET_FLAGS = -x $(STYLESHEET_SRCDIR)/xorg-fo.xsl
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@XMLTO_FO_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_SEARCHPATH_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_FO_STYLESHEET_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_FO_IMAGEPATH_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(XMLTO_PDF_OLINK_FLAGS)
# Generate documents cross-reference target databases
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@XSLT_SEARCHPATH_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --path "$(XORG_SGML_PATH)/X11" \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --path "$(abs_top_builddir)"
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@XSLT_OLINK_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --stringparam targets.filename "$@" \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --stringparam collect.xref.targets "only" \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --stringparam olink.base.uri "$(@:.db=)"
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@XSLT_HTML_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(XSLT_SEARCHPATH_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(XSLT_OLINK_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --nonet --xinclude \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(STYLESHEET_SRCDIR)/xorg-xhtml.xsl
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@XSLT_PDF_FLAGS = \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(XSLT_SEARCHPATH_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(XSLT_OLINK_FLAGS) \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ --nonet --xinclude \
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(STYLESHEET_SRCDIR)/xorg-fo.xsl
@ENABLE_SPECS_TRUE@CLEANFILES = $(shelf_DATA)
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/docbook.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign specs/Xserver/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign specs/Xserver/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_srcdir)/docbook.am:
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
install-dist_shelfDATA: $(dist_shelf_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_shelf_DATA)'; test -n "$(shelfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(shelfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(shelfdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(shelfdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(shelfdir)" || exit $$?; \
done
uninstall-dist_shelfDATA:
@$(NORMAL_UNINSTALL)
@list='$(dist_shelf_DATA)'; test -n "$(shelfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(shelfdir)'; $(am__uninstall_files_from_dir)
install-shelfDATA: $(shelf_DATA)
@$(NORMAL_INSTALL)
@list='$(shelf_DATA)'; test -n "$(shelfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(shelfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(shelfdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(shelfdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(shelfdir)" || exit $$?; \
done
uninstall-shelfDATA:
@$(NORMAL_UNINSTALL)
@list='$(shelf_DATA)'; test -n "$(shelfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(shelfdir)'; $(am__uninstall_files_from_dir)
tags: TAGS
TAGS:
ctags: CTAGS
CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(DATA)
installdirs:
for dir in "$(DESTDIR)$(shelfdir)" "$(DESTDIR)$(shelfdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-dist_shelfDATA install-shelfDATA
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-dist_shelfDATA uninstall-shelfDATA
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic distclean \
distclean-generic distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
install-dist_shelfDATA install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-shelfDATA install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am uninstall uninstall-am \
uninstall-dist_shelfDATA uninstall-shelfDATA
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@%.html: %.xml $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(AM_V_GEN)$(XMLTO) $(XMLTO_HTML_FLAGS) xhtml-nochunks $<
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TEXT_TRUE@@HAVE_XMLTO_TRUE@%.txt: %.xml $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TEXT_TRUE@@HAVE_XMLTO_TRUE@ $(AM_V_GEN)$(XMLTO) $(XMLTO_HTML_FLAGS) txt $<
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@%.pdf: %.xml $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(AM_V_GEN)$(XMLTO) $(XMLTO_FO_FLAGS) --with-fop pdf $<
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@%.ps: %.xml $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_FOP_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@ $(AM_V_GEN)$(XMLTO) $(XMLTO_FO_FLAGS) --with-fop ps $<
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@%.html.db: %.xml $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(AM_V_GEN)$(XSLTPROC) $(XSLT_HTML_FLAGS) $<
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@%.pdf.db: %.xml $(chapters)
@ENABLE_SPECS_TRUE@@HAVE_STYLESHEETS_TRUE@@HAVE_XMLTO_TRUE@@HAVE_XSLTPROC_TRUE@ $(AM_V_GEN)$(XSLTPROC) $(XSLT_PDF_FLAGS) $<
# Generate DocBook/XML output formats with or without stylesheets
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

1066
doc/xorg-docs/specs/Xserver/XACE-Spec.xml Normal file
View file

File diff suppressed because it is too large Load diff

2234
doc/xorg-docs/specs/Xserver/analysis.xml Normal file
View file

File diff suppressed because it is too large Load diff

246
doc/xorg-docs/specs/Xserver/appgroup.xml Normal file
View file

@ -0,0 +1,246 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
[
<!ENTITY % defs SYSTEM "defs.ent"> %defs;
]>
<article id="appgroup">
<articleinfo>
<title>Description of the Application Group Extension</title>
<subtitle>Implementation for the X11 Sample Server</subtitle>
<authorgroup>
<author>
<firstname>Kaleb </firstname><surname>KEITHLEY</surname>
<affiliation><orgname>FUJITSU Limited.</orgname></affiliation>
</author>
</authorgroup>
<releaseinfo>X Version 11, Release &fullrelvers;</releaseinfo>
<releaseinfo>Version 1.0</releaseinfo>
<copyright><year>1996</year><holder>X Consortium</holder></copyright>
<legalnotice>
<para>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
</para>
<para>
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
</para>
<para>
THE SOFTWARE IS PROVIDED &ldquo;AS IS&rdquo;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
</para>
<para>
Except as contained in this notice, the name of the X Consortium shall
not be used in advertising or otherwise to promote the sale, use or
other dealings in this Software without prior written authorization
from the X Consortium.
</para>
<para>X Window System is a trademark of The Open Group.</para>
</legalnotice>
<legalnotice>
<para>WindowsNT is a trademark of Microsoft, Inc.</para>
<para>Macintosh and Apple are trademarks of Apple Computer, Inc.</para>
</legalnotice>
<abstract>
<para>
The following document explains the server side of the Application
Group Extension.
</para>
</abstract>
</articleinfo>
<para>
To understand this document and the accompanying source code, you
should know the C language, should be familiar with X server
internals, and should also have a general knowledge of the X
Window System.
</para>
<sect1 id="AppGroup_Server_Public_Functions">
<title>AppGroup Server Public Functions</title>
<para>
The AppGroup extension adds seven new functions that are called
from elsewhere in the server. They are: XagExtensionInit,
XagDefaultColormap, XagRootVisual, XagLeader, XagIsControlledRoot,
XagConnectionInfo, XagCallClientStateChange.
</para>
<para>
XagExtensionInit is the extension initialization function called
from InitExtension in mi/miinitext.c. Note that an new resource
type, RT_APPGROUP, is created, specifying the destructor function
XagAppGroupFree.
</para>
<para>
XagDefaultColormap returns the colormap ID that was specified in
the creation of the AppGroup. Any time CopyFromParent is specified
for a top-level window's colormap, i.e. in a CreateWindow or
ChangeWindowAttributes request, this function is called to see
if there is an AppGroup specific colormap to use. If there is
one, its ID is returned, otherwise None is returned.
</para>
<para>
XagRootVisual returns the visual ID that was specified in the
creation of the Appgroup. Like XagDefaultColormap, when CopyFromParent
is specified for a top-level window's visual in a CreateWindow
request, this function is called to see if there is an AppGroup
specific visual to use. If there is one, its ID is returned,
otherwise 0 (zero) is returned.
</para>
<para>
XagLeader returns the ClientPtr of the client that is the AppGroup
Leader. Normally when an application maps or configures a top-level
window a MapRequest or ConfigureRequest event is delivered to the
client, e.g. a window manager, that has selected SubstructureRedirect
on the root window. However, when the application is part of an
AppGroup, the MapRequest and ConfigureRequest events are delivered
to the AppGroup Leader instead.
</para>
<para>
XagIsControlledRoot returns a boolean: True if the window is a
top-level window of a client in an AppGroup, False otherwise.
In a combined server, i.e. one that provides both UI and printing,
the application may create and map windows on the "printing"
screens; thus it becomes necessary to discriminate between the
AppGroup's root window and other root windows. If an AppGroup
member creates and maps a [top-level] window then the window's
parent [the root window] is tested to determine whether to send
MapRequest or ConfigureRequest events to the AppGroup Leader to
to some other client.
</para>
<para>
In the trivial case XagIsControlledRoot returns True if the parent
window has no parent itself, i.e. it is a root window. In the case
where the application is embedded, indicated by the singleScreen
attribute being True, the parent's drawable ID is compared to the
AppGroup's root window ID, and if it is the same, True is returned.
If neither case is true, then False is returned.
</para>
<para>
XagConnectionInfo returns an abbreviated version of the connection
setup information. When an embedded AppGroup is created the server
returns only the information about the [UI] screen that the
application is embedded within in the connection setup in order to
prevent the application from creating windows on other screens;
thus attempting to guarantee that any window that should be embedded
can be reparented into the AppGroup Leader's window hierarchy.
</para>
<para>
XagCallClientStateChange is called to invoke the extension's client
state change callback additional times as necessary -- currently
only once, after the auth data becomes available between
ClientStateInitial and ClientStateConnected. Client state change
callbacks were introduced in the Record extension, which specifies
when the callbacks are invoked. Unfortunately the points at which
they are called are not necessarily the best as far as the AppGroup
Extension is concerned. Adding an additional state and calling all
the callbacks works too, however this seemed unnecessary overkill.
</para>
</sect1>
<sect1 id="AppGroup_Server_Private_APIs">
<title>AppGroup Server Private APIs</title>
<para>
The AppGroup extension adds the following functions which are
private to the extension: ProcXagDispatch and SProcXagDispatch,
ProcXagQueryVersion and SProcXagQueryVersion, ProcXagCreate and
SProcXagCreate, ProcXagDestroy and SProcXagDestroy,
ProcGetAttr and SProcGetAttr, ProcXagQuery and SProcXagQuery,
ProcXagCreateAssoc and SProcXagCreateAssoc, ProcXagDestroyAssoc
and SProcXagDestroyAssoc, XagResetProc, and XagAppGroupFree.
</para>
<para>
The ProcXagDispatch, SProcXagDispatch, and XagResetProc functions
should be familiar to anyone familiar with X server internals and
I won't elaborate on them here. Similarly the wrapper functions:
SProcXagQueryVersion, SProcXagCreate, SProcXagDestroy, SProcXagGetAttr,
SProcXagQuery, SProcXagCreateAssoc, and SProcXagDestroyAssoc, as
wrappers which handle swapping integer data into the host's byte
order will not be explained in any detail.
</para>
<para>
ProcXagQueryVersion returns the major and minor versions of the
AppGroup extension supported by the server.
</para>
<para>
ProcXagCreate creates an AppGroup. A new record in a linked list
of AppGroups is allocated and initialized. The attributes from the
request are validated and copied to the AppGroup record. If necessary
an abbreviated version of the connection setup information is compiled
and also stored in the AppGroup record. The first time an AppGroup
is created a client-state-change callback is registered and a
reference count is incremented.
</para>
<para>
ProcXagDestroy destroys an AppGroup an AppGroup by calling
FreeResource specifying the AppGroup ID. This will result in
the destructor function XagAppGroupFree being called. The
reference count is decremented and when it reaches zero the
client-state-change callback is deleted.
</para>
<para>
ProcXagGetAttr returns the AppGroup Attributes to the requesting
client.
</para>
<para>
ProcXagQuery returns the AppGroup ID of an arbitrary resource to
the requesting client.
</para>
<para>
ProcXagCreateAssoc creates an association between an X window ID
and system-specific data. In native X this functionality is
unnecessary but for various personal computers, e.g. Macintosh,
OS/2, and MS-Windows it is necessary to associate an X window ID
with the system's native window identifier so that when the
AppGroup Leader issues a ReparentWindow request the personal
computer X server can lookup the system-specific window ID and
make the necessary function call(s) with it.
</para>
<para>
ProcXagDestroyAssoc destroys the association created with
ProcXagCreateAssoc.
</para>
<para>
XagResetProc removes the client-state-change callback, sets the
reference count to zero, and frees all the AppGroup records in
the linked list by calling XagAppGroupFree.
</para>
<para>
XagAppGroupFree calls CloseDownClient for each client in an
AppGroup if the AppGroup has a leader, unlinks the AppGroup
record from the linked list, frees allocated memory referenced
by the record, and finally frees the record itself.
</para>
</sect1>
<sect1 id='Known_Problems_in_this_release'>
<title>Known Problems in this release.</title>
<para>
In a combined UI/Print server the connection setup returned to an
embedded application will not have information about the print
screens.
</para>
<para>
The LBX proxy caches connection setup information and will return
incorrect connection setup information to an embedded client.
</para>
</sect1>
</article>

309
doc/xorg-docs/specs/Xserver/secint.xml Normal file
View file

@ -0,0 +1,309 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
[
<!ENTITY % defs SYSTEM "defs.ent"> %defs;
]>
<!--translated from secint.tex, on 2010-06-27 15:38:00,
by TeX4ht (http://www.cse.ohio-state.edu/~gurari/TeX4ht/)
xhtml,docbook,html,refcaption -->
<book id="secint">
<bookinfo>
<title>Security Extension Server Design Draft</title>
<subtitle>X Consortium Standard</subtitle>
<authorgroup>
<author>
<firstname>David</firstname><othername>P.</othername><surname>Wiggins</surname>
<affiliation><orgname>X Consortium</orgname></affiliation>
</author>
</authorgroup>
<releaseinfo>X Version 11, Release &fullrelvers;</releaseinfo>
<releaseinfo>Version 3.0</releaseinfo>
<copyright><year>1996</year><holder>X Consortium</holder></copyright>
<legalnotice>
<para>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
</para>
<para>
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
</para>
<para>
THE SOFTWARE IS PROVIDED &ldquo;AS IS&rdquo;, WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
</para>
<para>
Except as contained in this notice, the name of the X Consortium shall
not be used in advertising or otherwise to promote the sale, use or
other dealings in this Software without prior written authorization
from the X Consortium.
</para>
<para>X Window System is a trademark of The Open Group.</para>
</legalnotice>
<pubdate>June 27, 2010</pubdate>
<abstract>
<para>This paper describes the implementation strategy used to implement
various pieces of the SECURITY Extension.
</para>
</abstract>
</bookinfo>
<chapter id='Generate_Authorization_Request'>
<title>Generate Authorization Request</title>
<para>
The major steps taken to execute this request are as follows.
</para>
<para>
Sanity check arguments. The interesting one is the group, which must be
checked by some other module(s), initially just the embedding extension.
Use a new callback for this. The callback functions will be passed a small
structure containing the group ID and a Boolean value which is initially
false. If any of the callbacks recognize the ID, they should set the boolean
to true. If after the callbacks have been called the boolean is false, return
an error, since nobody recognized it.
</para>
<para>
Use the existing Xkey library function XkeyGenerateAuthorization to generate
the new authorization.
</para>
<para>
Use the existing os layer function AddAuthorization to add the new
authorization to the server's internal database.
</para>
<para>
Use the existing os layer function AuthorizationToID to retrieve
the authorization ID that the os layer assigned to the new authorization.
</para>
<para>Change the os layer to use authorization IDs allocated from the
server's ID range via FakeClientID(0) instead of using a simple incrementing
integer. This lets us use the resource database to attach additional
information to an authorization without needing any changes to os
data structures.
</para>
<para>
Add the authorization ID as a server resource. The structure for an
authorization resource will contain the timeout, trust-level, and group
sent in the request, a reference count of how many clients are connected
with this authorization, a timer pointer, and time-remaining counter.
</para>
<para>
Return the authorization ID and generated auth data to the client.
</para>
</chapter>
<chapter id='Client_Connection'>
<title>Client Connection</title>
<para>
The Security extension needs to be aware of new client connections
primarily so that it copy the trust-level of the authorization that was
used to the client structure. The trust-level is needed in the client
structure because it will be accessed frequently to make access control
decisions for the client. We will use the existing ClientStateCallback
to catch new client connections.
</para>
<para>
We also need to copy the authorization ID into the client structure. The
authorization ID is already stored in an os private hung from the client,
and we will add a new os function AuthorizationIDOfClient to retrieve it.
However, when a client disconnects, this os private is already gone before
ClientStateCallbacks are called. We need the authorization ID at client
disconnect time for reasons described below.
</para>
<para>
Now that we know what needs to be done and why, let's walk through the
sequence of events.
</para>
<para>
When a new client connects, get the authorization ID with
AuthorizationIDOfClient, store it in the client, then pass that ID to
LookupIDByType to find the authorization. If we get a non-NULL pointer
back, this is a generated authorization, not one of the predefined ones in
the server's authority file. In this case, increment the authorization's
reference count. If the reference count is now 1, cancel the timer
for this authorization using the trivial new os layer function TimerCancel.
Lastly, copy the trust-level of this authorization into the client structure
so that it can be reached quickly for future access control decisions.
</para>
<para>
The embedding extension can determine the group to use for a new client in
the same way that we determined the trust level: get the authorization ID,
look it up, and if that succeeds, pluck the group out of the returned
authorization structure.
</para>
</chapter>
<chapter id='Client_disconnection'>
<title>Client disconnection</title>
<para>
Use the existing ClientStateCallback to catch client disconnections. If the
client was using a generated authorization, decrement its reference count.
If the reference count is now zero, use the existing os layer function
TimerSet to start a timer to count down the timeout period for this
authorization. Record the timer ID for this authorization. When the timer
fires, the authorization should be freed, removing all
traces of it from the server.
</para>
<para>
There is a slight complication regarding the timeout because the timer
interface in the server allows for 32 bits worth of milliseconds, while
the timeout specified in GenerateAuthorization has 32 bits worth of seconds.
To handle this, if the specified time is more than the timer interface can
handle, the maximum possible timeout will be set, and time-remaining counter
for this authorization will be used to track the leftover part. When the
timer fires, it should first check to see if there is any leftover
time to wait. If there is, it should set another timer to the minimum of (the
maximum possible timeout) and the time remaining, and not do the revocation
yet.
</para>
</chapter>
<chapter id='Resource_ID_Security'>
<title>Resource ID Security</title>
<para>
To implement the restriction that untrusted clients cannot access resources
of trusted clients, we add two new functions to dix: SecurityLookupIDByType
and SecurityLookupIDByClass. Hereafter we will use SecurityLookupID to refer
to both functions. In addition to the parameters of the existing LookupID
functions, these functions also take a pointer to the client doing the lookup,
and an access mode that conveys a high-level idea of what the client intends
to do with the resource (currently just read, write, destroy, and unknown).
Passing NullClient for the client turns off access checks. SecurityLookupID can
return NULL for two reasons: the resource doesn't exist, or it does but the
client isn't allowed to access it. The caller cannot tell the difference. Most
places in dix call these new lookup functions instead of the old LookupID,
which continue to do no access checking. Extension "Proc" functions should
probably use SecurityLookupID, not LookupID. Ddxen can continue to use
LookupID.
</para>
<para>
Inside SecurityLookupID, the function client -&gt; CheckAccess is called
passing the client, resource id, resource type/class, resource value, and
access mode. CheckAccess returns the resource value if access is allowed,
else it returns NULL. The entire resource ID security policy of the Security
extension can be replaced by plugging in your own access decision function
here. This in combination with the access mode parameter should be enough to
implement a more traditional DAC (discretionary access control) policy.
</para>
<para>
Since we need client and access mode information to do access controlled
resource lookups, we add (and use) several other macros and functions that
parallel existing ones with the addition of the missing information. The list
includes SECURITY_VERIFY_GC, SECURITY_VERIFY_DRAWABLE,
SECURITY_VERIFY_GEOMETRABLE, SecurityLookupWindow,
SecurityLookupDrawable, and dixChangeGC. The dixChangeGC interface is
worth mentioning because in addition to a client parameter, we introduce a
pointer-to-union parameter that should let us eliminate the warnings that some
compilers give when you assign small integers to pointers, as the DoChangeGC
interface required. For more details, see the comment preceding dixChangeGC in
;&lt;dix/gc.c;&gt;.
</para>
<para>
If XCSECURITY is not defined (the Security extension is not being built),
the server uses essentially the same code as before for resource lookups.
</para>
</chapter>
<chapter id='Extension_Security'>
<title>Extension Security</title>
<para>
A new field in the ExtensionEntry structure, Bool secure, tells whether the
extension is considered secure. It is initialized to FALSE by AddExtension.
The following new dix function can be used to set the secure field:
</para>
<funcsynopsis id='DeclareExtensionSecurity'>
<funcprototype>
<funcdef>void <function>DeclareExtensionSecurity</function></funcdef>
<paramdef>char <parameter> *extname</parameter></paramdef>
<paramdef>Bool <parameter>secure</parameter></paramdef>
</funcprototype>
</funcsynopsis>
<para>
The name of the extension and the desired value of the secure field are
passed. If an extension is secure, a call to this function with
secure = TRUE will typically appear right after the call to
<function>AddExtension</function>.
<xref linkend='DeclareExtensionSecurity' xrefstyle='select: title'/>
should be called during server reset. It should not
be called after the first client has connected. Passing the name of an
extension that has not been initialized has no effect (the secure value will
not be remembered in case the extension is later initialized).
</para>
<para>
For untrusted clients, <function>ProcListExtensions</function> omits
extensions that have secure = FALSE, and
<function>ProcQueryExtension</function> reports that such
extensions don't exist.
</para>
<para>
To prevent untrusted clients from using extensions by guessing their major
opcode, one of two new Proc vectors are used by untrusted clients,
<function>UntrusedProcVector</function> and
<function>SwappedUntrustedProcVector</function>. These have the same contents
as <function>ProcVector</function> and
<function>SwappedProcVector</function> respectively for the first 128
entries. Entries 128 through 255 are initialized to ProcBadRequest. If
<xref linkend='DeclareExtensionSecurity' xrefstyle='select: title'/> is called with secure =
TRUE, that extension's dispatch function is plugged into the appropriate entry
so that the extension can be used. If
<xref linkend='DeclareExtensionSecurity' xrefstyle='select: title'/> is called with secure =
FALSE, the appropriate entry is reset to ProcBadRequest.
</para>
<para>
Now we can explain why <xref linkend='DeclareExtensionSecurity' xrefstyle='select: title'/>
should not be called after the first client connects. In some cases,
the Record extension gives clients a private copy of the proc vector,
which it then changes to intercept certain requests. Changing entries in
<function>UntrusedProcVector</function> and
<function>SwappedUntrustedProcVector</function> will have no effect on these
copied proc vectors. If we get to the point of needing an extension request
to control which extensions are secure, we'll need to invent a way to
get those copied proc vectors changed.
</para>
</chapter>
</book>