diff options
author | Daniel Stone <daniel@fooishbar.org> | 2006-10-13 18:10:45 +0300 |
---|---|---|
committer | Daniel Stone <daniels@endtroducing.fooishbar.org> | 2006-10-13 18:10:45 +0300 |
commit | 335b503c5e7041bb0c44611e496d1c46f554e630 (patch) | |
tree | d4b1439827a9303dcad78d0b20edbc1ad011a620 /os | |
parent | bd3d93be82d91e4cf35ae317dfd658d1706257ea (diff) | |
parent | cf948b7b04dfeb61a294889027b9a54f6b9b478e (diff) |
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver into input-hotplug
Diffstat (limited to 'os')
-rw-r--r-- | os/access.c | 18 | ||||
-rw-r--r-- | os/connection.c | 8 |
2 files changed, 12 insertions, 14 deletions
diff --git a/os/access.c b/os/access.c index 69e305182..cdb17589c 100644 --- a/os/access.c +++ b/os/access.c @@ -202,8 +202,8 @@ SOFTWARE. #include "dixstruct.h" #include "osdep.h" -#ifdef XCSECURITY -#include "securitysrv.h" +#ifdef XACE +#include "xace.h" #endif #ifndef PATH_MAX @@ -1386,15 +1386,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client) pointer addr; register HOST *host; -#ifdef XCSECURITY - /* untrusted clients can't change host access */ - if (client->trustLevel != XSecurityClientTrusted) - { - SecurityAudit("client %d attempted to change host access\n", - client->index); - return FALSE; - } -#endif if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn, ¬used, &alen, &from)) { @@ -1537,6 +1528,11 @@ AuthorizedClient(ClientPtr client) { if (!client || defeatAccessControl) return TRUE; +#ifdef XACE + /* untrusted clients can't change host access */ + if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess)) + return FALSE; +#endif return LocalClient(client); } diff --git a/os/connection.c b/os/connection.c index ef0578908..687f27f95 100644 --- a/os/connection.c +++ b/os/connection.c @@ -148,6 +148,9 @@ extern __const__ int _nfiles; #ifdef XAPPGROUP #include "appgroup.h" #endif +#ifdef XACE +#include "xace.h" +#endif #ifdef XCSECURITY #include "securitysrv.h" #endif @@ -690,9 +693,8 @@ ClientAuthorized(ClientPtr client, /* indicate to Xdmcp protocol that we've opened new client */ XdmcpOpenDisplay(priv->fd); #endif /* XDMCP */ -#ifdef XAPPGROUP - if (ClientStateCallback) - XagCallClientStateChange (client); +#ifdef XACE + XaceHook(XACE_AUTH_AVAIL, client, auth_id); #endif /* At this point, if the client is authorized to change the access control * list, we should getpeername() information, and add the client to |