diff options
| author | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2008-02-12 21:27:15 +0000 |
|---|---|---|
| committer | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2008-02-12 21:27:15 +0000 |
| commit | fbbda4402c2390f431a7d08478fba5671022fcbf (patch) | |
| tree | 22e969fb34e9192fc0486985d34bc9fbd557de6b /lib/libdrm | |
| parent | b597d23cbc3cc1c1361b89e621fcca7ddf9c024a (diff) | |
- remove stuff that we don't want from drmOpenDevice()
- prepare for privilege separation support.
ok oga@.
Diffstat (limited to 'lib/libdrm')
| -rw-r--r-- | lib/libdrm/Makefile.in | 2 | ||||
| -rw-r--r-- | lib/libdrm/configure | 86 | ||||
| -rw-r--r-- | lib/libdrm/configure.ac | 10 | ||||
| -rw-r--r-- | lib/libdrm/libdrm/Makefile.in | 2 | ||||
| -rw-r--r-- | lib/libdrm/libdrm/config.h.in | 3 | ||||
| -rw-r--r-- | lib/libdrm/libdrm/xf86drm.c | 80 | ||||
| -rw-r--r-- | lib/libdrm/shared-core/Makefile.in | 2 |
7 files changed, 107 insertions, 78 deletions
diff --git a/lib/libdrm/Makefile.in b/lib/libdrm/Makefile.in index d11025421..f0469f385 100644 --- a/lib/libdrm/Makefile.in +++ b/lib/libdrm/Makefile.in @@ -157,6 +157,8 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +X_PRIVSEP_FALSE = @X_PRIVSEP_FALSE@ +X_PRIVSEP_TRUE = @X_PRIVSEP_TRUE@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ diff --git a/lib/libdrm/configure b/lib/libdrm/configure index 94f845e48..a6aee5515 100644 --- a/lib/libdrm/configure +++ b/lib/libdrm/configure @@ -465,7 +465,7 @@ ac_includes_default="\ # include <unistd.h> #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL pkgconfigdir LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL X_PRIVSEP_TRUE X_PRIVSEP_FALSE pkgconfigdir LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1037,6 +1037,8 @@ Optional Features: --enable-dependency-tracking do not reject slow dependency extractors --disable-libtool-lock avoid locking (might break parallel builds) --disable-largefile omit support for large files + --enable-privsep Build support for X server privilege separation + (default is NO) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -3677,7 +3679,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 3680 "configure"' > conftest.$ac_ext + echo '#line 3682 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5276,7 +5278,7 @@ fi # Provide some information about the compiler. -echo "$as_me:5279:" \ +echo "$as_me:5281:" \ "checking for Fortran 77 compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5 @@ -6339,11 +6341,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6342: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6344: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6346: \$? = $ac_status" >&5 + echo "$as_me:6348: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6607,11 +6609,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6610: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6612: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6614: \$? = $ac_status" >&5 + echo "$as_me:6616: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6711,11 +6713,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6714: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6716: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6718: \$? = $ac_status" >&5 + echo "$as_me:6720: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9060,7 +9062,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9063 "configure" +#line 9065 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -9160,7 +9162,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9163 "configure" +#line 9165 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11504,11 +11506,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11507: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11509: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11511: \$? = $ac_status" >&5 + echo "$as_me:11513: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11608,11 +11610,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11611: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11613: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11615: \$? = $ac_status" >&5 + echo "$as_me:11617: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -13178,11 +13180,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13181: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13183: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13185: \$? = $ac_status" >&5 + echo "$as_me:13187: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13282,11 +13284,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13285: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13287: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13289: \$? = $ac_status" >&5 + echo "$as_me:13291: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15489,11 +15491,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15492: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15494: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15496: \$? = $ac_status" >&5 + echo "$as_me:15498: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15757,11 +15759,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15760: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15762: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15764: \$? = $ac_status" >&5 + echo "$as_me:15766: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15861,11 +15863,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15864: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15866: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15868: \$? = $ac_status" >&5 + echo "$as_me:15870: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -19902,6 +19904,31 @@ rm -f conftest* fi +# Check whether --enable-privsep or --disable-privsep was given. +if test "${enable_privsep+set}" = set; then + enableval="$enable_privsep" + ENABLE_PRIVSEP="$enableval" +else + ENABLE_PRIVSEP="no" +fi; +if test x$ENABLE_PRIVSEP = xyes ; then + +cat >>confdefs.h <<\_ACEOF +#define X_PRIVSEP 1 +_ACEOF + +fi + + +if test x$ENABLE_PRIVSEP = xyes; then + X_PRIVSEP_TRUE= + X_PRIVSEP_FALSE='#' +else + X_PRIVSEP_TRUE='#' + X_PRIVSEP_FALSE= +fi + + pkgconfigdir=${libdir}/pkgconfig @@ -20025,6 +20052,13 @@ echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${X_PRIVSEP_TRUE}" && test -z "${X_PRIVSEP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"X_PRIVSEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"X_PRIVSEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files @@ -20625,6 +20659,8 @@ s,@F77@,$F77,;t t s,@FFLAGS@,$FFLAGS,;t t s,@ac_ct_F77@,$ac_ct_F77,;t t s,@LIBTOOL@,$LIBTOOL,;t t +s,@X_PRIVSEP_TRUE@,$X_PRIVSEP_TRUE,;t t +s,@X_PRIVSEP_FALSE@,$X_PRIVSEP_FALSE,;t t s,@pkgconfigdir@,$pkgconfigdir,;t t s,@LIBOBJS@,$LIBOBJS,;t t s,@LTLIBOBJS@,$LTLIBOBJS,;t t diff --git a/lib/libdrm/configure.ac b/lib/libdrm/configure.ac index c0b11b201..fa0290589 100644 --- a/lib/libdrm/configure.ac +++ b/lib/libdrm/configure.ac @@ -32,6 +32,16 @@ AC_PROG_CC AC_HEADER_STDC AC_SYS_LARGEFILE +dnl Privsep +AC_ARG_ENABLE(privsep, + AC_HELP_STRING([--enable-privsep], + [Build support for X server privilege separation (default is NO)]), + [ENABLE_PRIVSEP="$enableval"], [ENABLE_PRIVSEP="no"]) +if test x$ENABLE_PRIVSEP = xyes ; then + AC_DEFINE(X_PRIVSEP, 1, [Use X server privilege separation]) +fi +AM_CONDITIONAL(X_PRIVSEP, [test x$ENABLE_PRIVSEP = xyes]) + pkgconfigdir=${libdir}/pkgconfig AC_SUBST(pkgconfigdir) diff --git a/lib/libdrm/libdrm/Makefile.in b/lib/libdrm/libdrm/Makefile.in index 7505b8d05..30833dda9 100644 --- a/lib/libdrm/libdrm/Makefile.in +++ b/lib/libdrm/libdrm/Makefile.in @@ -152,6 +152,8 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +X_PRIVSEP_FALSE = @X_PRIVSEP_FALSE@ +X_PRIVSEP_TRUE = @X_PRIVSEP_TRUE@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ diff --git a/lib/libdrm/libdrm/config.h.in b/lib/libdrm/libdrm/config.h.in index c45f6a2d0..11ae7dcc9 100644 --- a/lib/libdrm/libdrm/config.h.in +++ b/lib/libdrm/libdrm/config.h.in @@ -54,6 +54,9 @@ /* Version number of package */ #undef VERSION +/* Use X server privilege separation */ +#undef X_PRIVSEP + /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS diff --git a/lib/libdrm/libdrm/xf86drm.c b/lib/libdrm/libdrm/xf86drm.c index 56450e80d..b4ee731a3 100644 --- a/lib/libdrm/libdrm/xf86drm.c +++ b/lib/libdrm/libdrm/xf86drm.c @@ -71,7 +71,7 @@ #endif # ifdef __OpenBSD__ -# define DRM_MAJOR 81 +# define DRM_MAJOR 88 # endif #ifndef DRM_MAJOR @@ -268,61 +268,17 @@ static int drmMatchBusID(const char *id1, const char *id2) */ static int drmOpenDevice(long dev, int minor) { - stat_t st; char buf[64]; int fd; - mode_t devmode = DRM_DEV_MODE, serv_mode; - int isroot = !geteuid(); - uid_t user = DRM_DEV_UID; - gid_t group = DRM_DEV_GID, serv_group; - sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor); + snprintf(buf, sizeof(buf), DRM_DEV_NAME, DRM_DIR_NAME, minor); drmMsg("drmOpenDevice: node name is %s\n", buf); - if (drm_server_info) { - drm_server_info->get_perms(&serv_group, &serv_mode); - devmode = serv_mode ? serv_mode : DRM_DEV_MODE; - devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH); - group = (serv_group >= 0) ? serv_group : DRM_DEV_GID; - } - - if (stat(DRM_DIR_NAME, &st)) { - if (!isroot) return DRM_ERR_NOT_ROOT; - mkdir(DRM_DIR_NAME, DRM_DEV_DIRMODE); - chown(DRM_DIR_NAME, 0, 0); /* root:root */ - chmod(DRM_DIR_NAME, DRM_DEV_DIRMODE); - } - - /* Check if the device node exists and create it if necessary. */ - if (stat(buf, &st)) { - if (!isroot) return DRM_ERR_NOT_ROOT; - remove(buf); - mknod(buf, S_IFCHR | devmode, dev); - } - - if (drm_server_info) { - chown(buf, user, group); - chmod(buf, devmode); - } - - fd = open(buf, O_RDWR, 0); - drmMsg("drmOpenDevice: open result is %d, (%s)\n", - fd, fd < 0 ? strerror(errno) : "OK"); - if (fd >= 0) return fd; - - /* Check if the device node is not what we expect it to be, and recreate it - * and try again if so. - */ - if (st.st_rdev != dev) { - if (!isroot) return DRM_ERR_NOT_ROOT; - remove(buf); - mknod(buf, S_IFCHR | devmode, dev); - if (drm_server_info) { - chown(buf, user, group); - chmod(buf, devmode); - } - } +#ifndef X_PRIVSEP fd = open(buf, O_RDWR, 0); +#else + fd = priv_open_device(buf); +#endif drmMsg("drmOpenDevice: open result is %d, (%s)\n", fd, fd < 0 ? strerror(errno) : "OK"); if (fd >= 0) return fd; @@ -352,8 +308,13 @@ static int drmOpenMinor(int minor, int create) if (create) return drmOpenDevice(makedev(DRM_MAJOR, minor), minor); - sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor); - if ((fd = open(buf, O_RDWR, 0)) >= 0) return fd; + snprintf(buf, sizeof(buf), DRM_DEV_NAME, DRM_DIR_NAME, minor); +#ifndef X_PRIVSEP + fd = open(buf, O_RDWR, 0); +#else + fd = priv_open_device(buf); +#endif + if (fd >= 0) return fd; return -errno; } @@ -379,6 +340,7 @@ int drmAvailable(void) /* Try proc for backward Linux compatibility */ if (!access("/proc/dri/0", R_OK)) return 1; #endif + drmMsg("drmAvailable: no\n"); return 0; } @@ -387,7 +349,7 @@ int drmAvailable(void) drmFreeVersion(version); } close(fd); - + drmMsg("drmAvailable: %d\n", retval); return retval; } @@ -3276,3 +3238,15 @@ void drmCloseOnce(int fd) } } } + +#ifdef X_PRIVSEP +static int +_priv_open_device(const char *path) +{ + drmMsg("_priv_open_device\n"); + return open(path, O_RDWR, 0); +} + +int priv_open_device(const char *) + __attribute__((weak, alias ("_priv_open_device"))); +#endif diff --git a/lib/libdrm/shared-core/Makefile.in b/lib/libdrm/shared-core/Makefile.in index de2ad7503..3a6dc3f70 100644 --- a/lib/libdrm/shared-core/Makefile.in +++ b/lib/libdrm/shared-core/Makefile.in @@ -137,6 +137,8 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +X_PRIVSEP_FALSE = @X_PRIVSEP_FALSE@ +X_PRIVSEP_TRUE = @X_PRIVSEP_TRUE@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ |