static void
SecurityClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
NewClientInfoRec *pci = calldata;
SecurityStateRec *state;
SecurityAuthorizationPtr pAuth;
int rc;
state = dixLookupPrivate(&pci->client->devPrivates, stateKey);
switch (pci->client->clientState) {
case ClientStateInitial:
state->trustLevel = XSecurityClientTrusted;
state->authId = None;
state->haveState = TRUE;
break;
case ClientStateRunning:
state->authId = AuthorizationIDOfClient(pci->client);
rc = dixLookupResourceByType((pointer *)&pAuth, state->authId,
SecurityAuthorizationResType, serverClient,
DixGetAttrAccess);
if (rc == Success) {
/* it is a generated authorization */
pAuth->refcnt++;
if (pAuth->refcnt == 1 && pAuth->timer)
TimerCancel(pAuth->timer);
state->trustLevel = pAuth->trustLevel;
}
break;
case ClientStateGone:
case ClientStateRetained:
rc = dixLookupResourceByType((pointer *)&pAuth, state->authId,
SecurityAuthorizationResType, serverClient,
DixGetAttrAccess);
if (rc == Success) {
/* it is a generated authorization */
pAuth->refcnt--;
if (pAuth->refcnt == 0)
SecurityStartAuthorizationTimer(pAuth);
}
break;
default:
break;
}
}
/* static */
void XagClientStateChange(
CallbackListPtr* pcbl,
pointer nulldata,
pointer calldata)
{
SecurityAuthorizationPtr pAuth;
NewClientInfoRec* pci = (NewClientInfoRec*) calldata;
ClientPtr pClient = pci->client;
AppGroupPtr pAppGrp;
XID authId = 0;
if (!pClient->appgroup) {
switch (pClient->clientState) {
case ClientStateAuthenticating:
case ClientStateRunning:
case ClientStateCheckingSecurity:
return;
case ClientStateInitial:
case ClientStateCheckedSecurity:
/*
* If the client is connecting via a firewall proxy (which
* uses XC-QUERY-SECURITY-1, then the authId is available
* during ClientStateCheckedSecurity, otherwise it's
* available during ClientStateInitial.
*
* Don't get it from pClient because can't guarantee the order
* of the callbacks and the security extension might not have
* plugged it in yet.
*/
authId = AuthorizationIDOfClient(pClient);
break;
case ClientStateGone:
case ClientStateRetained:
/*
* Don't get if from AuthorizationIDOfClient because can't
* guarantee the order of the callbacks and the security
* extension may have torn down the client's private data
*/
authId = pClient->authId;
break;
}
if (authId == None)
return;
pAuth = (SecurityAuthorizationPtr)SecurityLookupIDByType(pClient,
authId, SecurityAuthorizationResType, SecurityReadAccess);
if (pAuth == NULL)
return;
for (pAppGrp = appGrpList; pAppGrp != NULL; pAppGrp = pAppGrp->next)
if (pAppGrp->appgroupId == pAuth->group) break;
} else {
pAppGrp = pClient->appgroup;
}
if (!pAppGrp)
return;
switch (pClient->clientState) {
case ClientStateAuthenticating:
case ClientStateRunning:
case ClientStateCheckingSecurity:
break;
case ClientStateInitial:
case ClientStateCheckedSecurity:
/* see the comment above about Initial vs. CheckedSecurity */
{
/* if this client already in AppGroup, don't add it again */
int i;
for (i = 0; i < pAppGrp->nclients; i++)
if (pClient == pAppGrp->clients[i]) return;
}
pAppGrp->clients = (ClientPtr*) xrealloc (pAppGrp->clients,
++pAppGrp->nclients * sizeof (ClientPtr));
pAppGrp->clients[pAppGrp->nclients - 1] = pClient;
pClient->appgroup = pAppGrp;
break;
case ClientStateGone:
case ClientStateRetained: /* client disconnected, dump it */
{
int i;
for (i = 0; i < pAppGrp->nclients; i++)
if (pAppGrp->clients[i] == pClient) {
pAppGrp->clients[i] = NULL;
break;
}
for (i = 0; i < pAppGrp->nclients; i++)
if (pAppGrp->clients[i] == NULL && i + 1 < pAppGrp->nclients)
pAppGrp->clients[i] = pAppGrp->clients[i + 1];
pAppGrp->nclients--;
}
pClient->appgroup = NULL; /* redundant, pClient will be freed */
break;
}
}
