Allow client to force server to terminate if it exits

This is intended to be used by screen lockers, where the server must
exit if the screen locker does, to avoid a security hole.  As suggested
by Alan Coopersmith, this is implemented using a new flag for the
disconnect mode of the XFixes extension.  Includes wording suggestions
from Peter Hutterer.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

3 files changed, 35 insertions, 4 deletions

diff --git a/fixesproto.pc.in b/fixesproto.pc.in
index 05917d8..34143c1 100644
--- a/fixesproto.pc.in
+++ b/fixesproto.pc.in
@@ -3,6 +3,6 @@ includedir=@includedir@
 
 Name: FixesProto
 Description: X Fixes extension headers
-Version: 6.0
+Version: 6.1
 Cflags: -I${includedir}
 Requires: xextproto >= 7.0.99.1
diff --git a/fixesproto.txt b/fixesproto.txt
index 28a6270..f462606 100644
--- a/fixesproto.txt
+++ b/fixesproto.txt
@@ -1,5 +1,5 @@
                         The XFIXES Extension
-			    Version 5.0
+			    Version 6.1
 			 Document Revision 1
 			     2010-11-15
 			    Keith Packard
@@ -666,15 +666,41 @@ when the relevant X11 clients have quit.
 
 		XFixesClientDisconnectFlagDefault:	    0
 		XFixesClientDisconnectFlagTerminate:	    1 << 0
+		XFixesClientDisconnectFlagForceTerminate:   1 << 1
 
 	XFixesClientDisconnectFlagDefault is the default behavior for
-	regular clients, i.e. the X11 server won't terminate as long as such
-	clients are still connected.
+	regular clients: the X11 server won't terminate as long as such
+	clients are still connected and no other clients trigger
+	termination.
 
 	XFixesClientDisconnectFlagTerminate indicates to the X11 server that
 	it can ignore the client and terminate itself even though the client
 	is still connected to the X11 server.
 
+	If XFixesClientDisconnectFlagForceTerminate is set at the time the
+	client disconnects, the X11 server MUST terminate and/or reset without
+	delivering further events to clients, even if other clients that have
+	not set XFixesClientDisconnectFlagTerminate are still connected.
+	Screen lockers SHOULD use this flag to ensure that the screen does not
+	unlock if they exit, which would create a security vulnerability.
+	Programs SHOULD NOT use this flag unless unexpected termination would
+	create a security vulnerability or other severe problem.
+
+	Because XFixesClientDisconnectFlagForceTerminate allows the client to
+	cause the server to terminate, it is subject to security checks to
+	prevent unauthorized use.  Servers that support the X Access Control
+	Extension (XACE) MUST deny attempts to set
+	XFixesClientDisconnectFlagForceTerminate, unless the client has
+	DixManageAccess to the server.  Servers that support the SECURITY
+	extension MUST forbid untrusted clients from setting
+	XFixesClientDisconnectFlagForceTerminate. Servers MAY refuse to allow
+	clients to set this flag for other reasons. For instance, a server
+	might only allow the flag to be set by local clients.  If the server
+	refuses to allow the client to set this flag, an Access error results.
+
+	XFixesClientDisconnectFlagForceTerminate is only available in XFixes
+	versions 6.1 and better.
+
 13.2 Requests
 
 SetClientDisconnectMode
diff --git a/include/X11/extensions/xfixeswire.h b/include/X11/extensions/xfixeswire.h
index 88b43e7..83251cf 100644
--- a/include/X11/extensions/xfixeswire.h
+++ b/include/X11/extensions/xfixeswire.h
@@ -146,4 +146,9 @@
 /* The server may disconnect this client to shut down */
 #define XFixesClientDisconnectFlagTerminate  (1L << 0)
 
+/*************** Version 6.1 ******************/
+
+/* The server must terminate if this client exits */
+#define XFixesClientDisconnectFlagForceTerminate  (1L << 1)
+
 #endif	/* _XFIXESWIRE_H_ */