From 568ae737d1d5d476a0bf85659d88910c4e0ef5e0 Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Wed, 15 Aug 2007 14:14:45 -0400 Subject: xace: add hooks + new access codes: core protocol server requests --- os/access.c | 32 +++++++++++++++++++------------- os/connection.c | 9 +++++++-- 2 files changed, 26 insertions(+), 15 deletions(-) (limited to 'os') diff --git a/os/access.c b/os/access.c index b049acc04..33b2eb6a7 100644 --- a/os/access.c +++ b/os/access.c @@ -1493,17 +1493,20 @@ LocalClientCredAndGroups(ClientPtr client, int *pUid, int *pGid, #endif } -static Bool +static int AuthorizedClient(ClientPtr client) { + int rc; + if (!client || defeatAccessControl) - return TRUE; + return Success; /* untrusted clients can't change host access */ - if (XaceHook(XACE_SERVER_ACCESS, client, DixWriteAccess) != Success) - return FALSE; + rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess); + if (rc != Success) + return rc; - return LocalClient(client); + return LocalClient(client) ? Success : BadAccess; } /* Add a host to the access control list. This is the external interface @@ -1515,10 +1518,11 @@ AddHost (ClientPtr client, unsigned length, /* of bytes in pAddr */ pointer pAddr) { - int len; + int rc, len; - if (!AuthorizedClient(client)) - return(BadAccess); + rc = AuthorizedClient(client); + if (rc != Success) + return rc; switch (family) { case FamilyLocalHost: len = length; @@ -1612,11 +1616,12 @@ RemoveHost ( unsigned length, /* of bytes in pAddr */ pointer pAddr) { - int len; + int rc, len; register HOST *host, **prev; - if (!AuthorizedClient(client)) - return(BadAccess); + rc = AuthorizedClient(client); + if (rc != Success) + return rc; switch (family) { case FamilyLocalHost: len = length; @@ -1873,8 +1878,9 @@ ChangeAccessControl( ClientPtr client, int fEnabled) { - if (!AuthorizedClient(client)) - return BadAccess; + int rc = AuthorizedClient(client); + if (rc != Success) + return rc; AccessEnabled = fEnabled; return Success; } diff --git a/os/connection.c b/os/connection.c index c1152aad7..afe392c66 100644 --- a/os/connection.c +++ b/os/connection.c @@ -1081,11 +1081,15 @@ RemoveEnabledDevice(int fd) * This routine is "undone" by ListenToAllClients() *****************/ -void +int OnlyListenToOneClient(ClientPtr client) { OsCommPtr oc = (OsCommPtr)client->osPrivate; - int connection = oc->fd; + int rc, connection = oc->fd; + + rc = XaceHook(XACE_SERVER_ACCESS, client, DixGrabAccess); + if (rc != Success) + return rc; if (! GrabInProgress) { @@ -1106,6 +1110,7 @@ OnlyListenToOneClient(ClientPtr client) XFD_ORSET(&AllSockets, &AllSockets, &AllClients); GrabInProgress = client->index; } + return rc; } /**************** -- cgit v1.2.3