xace: add hooks + new access codes: core protocol server requests

7 files changed, 62 insertions, 28 deletions

diff --git a/dix/dispatch.c b/dix/dispatch.c
index 8cca44bfc..0bf92de3c 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1169,6 +1169,7 @@ ProcConvertSelection(ClientPtr client)
 int
 ProcGrabServer(ClientPtr client)
 {
+    int rc;
     REQUEST_SIZE_MATCH(xReq);
     if (grabState != GrabNone && client != grabClient)
     {
@@ -1178,7 +1179,9 @@ ProcGrabServer(ClientPtr client)
 	IgnoreClient(client);
 	return(client->noClientException);
     }
-    OnlyListenToOneClient(client);
+    rc = OnlyListenToOneClient(client);
+    if (rc != Success)
+	return rc;
     grabState = GrabKickout;
     grabClient = client;
 
@@ -3478,12 +3481,14 @@ int
 ProcGetFontPath(ClientPtr client)
 {
     xGetFontPathReply reply;
-    int stringLens, numpaths;
+    int rc, stringLens, numpaths;
     unsigned char *bufferStart;
     /* REQUEST (xReq); */
 
     REQUEST_SIZE_MATCH(xReq);
-    bufferStart = GetFontPath(&numpaths, &stringLens);
+    rc = GetFontPath(client, &numpaths, &stringLens, &bufferStart);
+    if (rc != Success)
+	return rc;
 
     reply.type = X_Reply;
     reply.sequenceNumber = client->sequence;
diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index c21b3ecb3..4ea630210 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -65,6 +65,7 @@ Equipment Corporation.
 #include "dixfontstr.h"
 #include "closestr.h"
 #include "dixfont.h"
+#include "xace.h"
 
 #ifdef DEBUG
 #include	<stdio.h>
@@ -833,6 +834,10 @@ ListFonts(ClientPtr client, unsigned char *pattern, unsigned length,
     if (length > XLFDMAXFONTNAMELEN)
 	return BadAlloc;
 
+    i = XaceHook(XACE_SERVER_ACCESS, client, DixGetAttrAccess);
+    if (i != Success)
+	return i;
+
     if (!(c = (LFclosurePtr) xalloc(sizeof *c)))
 	return BadAlloc;
     c->fpe_list = (FontPathElementPtr *)
@@ -1105,6 +1110,10 @@ StartListFontsWithInfo(ClientPtr client, int length, unsigned char *pattern,
     if (length > XLFDMAXFONTNAMELEN)
 	return BadAlloc;
 
+    i = XaceHook(XACE_SERVER_ACCESS, client, DixGetAttrAccess);
+    if (i != Success)
+	return i;
+
     if (!(c = (LFWIclosurePtr) xalloc(sizeof *c)))
 	goto badAlloc;
     c->fpe_list = (FontPathElementPtr *)
@@ -1771,7 +1780,9 @@ bail:
 int
 SetFontPath(ClientPtr client, int npaths, unsigned char *paths, int *error)
 {
-    int   err = Success;
+    int err = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
+    if (err != Success)
+	return err;
 
     if (npaths == 0) {
 	if (SetDefaultFontPath(defaultFontPath) != Success)
@@ -1823,14 +1834,18 @@ SetDefaultFontPath(char *path)
     return err;
 }
 
-unsigned char *
-GetFontPath(int *count, int *length)
+int
+GetFontPath(ClientPtr client, int *count, int *length, unsigned char **result)
 {
     int			i;
     unsigned char       *c;
     int			len;
     FontPathElementPtr	fpe;
 
+    i = XaceHook(XACE_SERVER_ACCESS, client, DixGetAttrAccess);
+    if (i != Success)
+	return i;
+
     len = 0;
     for (i = 0; i < num_fpes; i++) {
 	fpe = font_path_elements[i];
@@ -1838,7 +1853,7 @@ GetFontPath(int *count, int *length)
     }
     font_path_string = (unsigned char *) xrealloc(font_path_string, len);
     if (!font_path_string)
-	return NULL;
+	return BadAlloc;
 
     c = font_path_string;
     *length = 0;
@@ -1850,7 +1865,8 @@ GetFontPath(int *count, int *length)
 	c += fpe->name_length;
     }
     *count = num_fpes;
-    return font_path_string;
+    *result = font_path_string;
+    return Success;
 }
 
 _X_EXPORT int
diff --git a/hw/dmx/dmxfont.c b/hw/dmx/dmxfont.c
index 500b5682a..e5f86350a 100644
--- a/hw/dmx/dmxfont.c
+++ b/hw/dmx/dmxfont.c
@@ -66,7 +66,7 @@ static char **dmxGetFontPath(int *npaths)
     char           *newfp;
     int             len, l, i;
 
-    paths = GetFontPath(npaths, &len);
+    GetFontPath(serverClient, npaths, &len, &paths);
 
     newfp = xalloc(*npaths + len);
     c = (unsigned char *)newfp;
@@ -194,7 +194,7 @@ static int dmxProcSetFontPath(ClientPtr client)
     if (total >= 4)
         return BadLength;
 
-    tmpFontPath = GetFontPath(&nOldPaths, &lenOldPaths);
+    GetFontPath(serverClient, &nOldPaths, &lenOldPaths, &tmpFontPath);
     oldFontPath = xalloc(nOldPaths + lenOldPaths);
     memmove(oldFontPath, tmpFontPath, nOldPaths + lenOldPaths);
 
diff --git a/include/dixfont.h b/include/dixfont.h
index 709da6272..54017ce2d 100644
--- a/include/dixfont.h
+++ b/include/dixfont.h
@@ -105,8 +105,10 @@ extern int SetFontPath(ClientPtr /*client*/,
 
 extern int SetDefaultFontPath(char * /*path*/);
 
-extern unsigned char *GetFontPath(int * /*count*/,
-				  int * /*length*/);
+extern int GetFontPath(ClientPtr client,
+		       int *count,
+		       int *length,
+		       unsigned char **result);
 
 extern int LoadGlyphs(ClientPtr /*client*/,
 		      FontPtr /*pfont*/,
diff --git a/include/os.h b/include/os.h
index 3d689478e..891f331c9 100644
--- a/include/os.h
+++ b/include/os.h
@@ -155,7 +155,7 @@ extern void AddEnabledDevice(int /*fd*/);
 
 extern void RemoveEnabledDevice(int /*fd*/);
 
-extern void OnlyListenToOneClient(ClientPtr /*client*/);
+extern int OnlyListenToOneClient(ClientPtr /*client*/);
 
 extern void ListenToAllClients(void);
 
diff --git a/os/access.c b/os/access.c
index b049acc04..33b2eb6a7 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1493,17 +1493,20 @@ LocalClientCredAndGroups(ClientPtr client, int *pUid, int *pGid,
 #endif
 }
 
-static Bool
+static int
 AuthorizedClient(ClientPtr client)
 {
+    int rc;
+
     if (!client || defeatAccessControl)
-	return TRUE;
+	return Success;
 
     /* untrusted clients can't change host access */
-    if (XaceHook(XACE_SERVER_ACCESS, client, DixWriteAccess) != Success)
-	return FALSE;
+    rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
+    if (rc != Success)
+	return rc;
 
-    return LocalClient(client);
+    return LocalClient(client) ? Success : BadAccess;
 }
 
 /* Add a host to the access control list.  This is the external interface
@@ -1515,10 +1518,11 @@ AddHost (ClientPtr	client,
 	 unsigned       length,        /* of bytes in pAddr */
 	 pointer        pAddr)
 {
-    int			len;
+    int rc, len;
 
-    if (!AuthorizedClient(client))
-	return(BadAccess);
+    rc = AuthorizedClient(client);
+    if (rc != Success)
+	return rc;
     switch (family) {
     case FamilyLocalHost:
 	len = length;
@@ -1612,11 +1616,12 @@ RemoveHost (
     unsigned            length,        /* of bytes in pAddr */
     pointer             pAddr)
 {
-    int			len;
+    int rc, len;
     register HOST	*host, **prev;
 
-    if (!AuthorizedClient(client))
-	return(BadAccess);
+    rc = AuthorizedClient(client);
+    if (rc != Success)
+	return rc;
     switch (family) {
     case FamilyLocalHost:
 	len = length;
@@ -1873,8 +1878,9 @@ ChangeAccessControl(
     ClientPtr client,
     int fEnabled)
 {
-    if (!AuthorizedClient(client))
-	return BadAccess;
+    int rc = AuthorizedClient(client);
+    if (rc != Success)
+	return rc;
     AccessEnabled = fEnabled;
     return Success;
 }
diff --git a/os/connection.c b/os/connection.c
index c1152aad7..afe392c66 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -1081,11 +1081,15 @@ RemoveEnabledDevice(int fd)
  *    This routine is "undone" by ListenToAllClients()
  *****************/
 
-void
+int
 OnlyListenToOneClient(ClientPtr client)
 {
     OsCommPtr oc = (OsCommPtr)client->osPrivate;
-    int connection = oc->fd;
+    int rc, connection = oc->fd;
+
+    rc = XaceHook(XACE_SERVER_ACCESS, client, DixGrabAccess);
+    if (rc != Success)
+	return rc;
 
     if (! GrabInProgress)
     {
@@ -1106,6 +1110,7 @@ OnlyListenToOneClient(ClientPtr client)
 	XFD_ORSET(&AllSockets, &AllSockets, &AllClients);
 	GrabInProgress = client->index;
     }
+    return rc;
 }
 
 /****************