1 files changed, 19 insertions, 13 deletions

diff --git a/os/access.c b/os/access.c
index b049acc04..33b2eb6a7 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1493,17 +1493,20 @@ LocalClientCredAndGroups(ClientPtr client, int *pUid, int *pGid,
 #endif
 }
 
-static Bool
+static int
 AuthorizedClient(ClientPtr client)
 {
+    int rc;
+
     if (!client || defeatAccessControl)
-	return TRUE;
+	return Success;
 
     /* untrusted clients can't change host access */
-    if (XaceHook(XACE_SERVER_ACCESS, client, DixWriteAccess) != Success)
-	return FALSE;
+    rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
+    if (rc != Success)
+	return rc;
 
-    return LocalClient(client);
+    return LocalClient(client) ? Success : BadAccess;
 }
 
 /* Add a host to the access control list.  This is the external interface
@@ -1515,10 +1518,11 @@ AddHost (ClientPtr	client,
 	 unsigned       length,        /* of bytes in pAddr */
 	 pointer        pAddr)
 {
-    int			len;
+    int rc, len;
 
-    if (!AuthorizedClient(client))
-	return(BadAccess);
+    rc = AuthorizedClient(client);
+    if (rc != Success)
+	return rc;
     switch (family) {
     case FamilyLocalHost:
 	len = length;
@@ -1612,11 +1616,12 @@ RemoveHost (
     unsigned            length,        /* of bytes in pAddr */
     pointer             pAddr)
 {
-    int			len;
+    int rc, len;
     register HOST	*host, **prev;
 
-    if (!AuthorizedClient(client))
-	return(BadAccess);
+    rc = AuthorizedClient(client);
+    if (rc != Success)
+	return rc;
     switch (family) {
     case FamilyLocalHost:
 	len = length;
@@ -1873,8 +1878,9 @@ ChangeAccessControl(
     ClientPtr client,
     int fEnabled)
 {
-    if (!AuthorizedClient(client))
-	return BadAccess;
+    int rc = AuthorizedClient(client);
+    if (rc != Success)
+	return rc;
     AccessEnabled = fEnabled;
     return Success;
 }