frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Xnamespace: filter access on other clients 

Restrict access to other clients within same namespace.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
Enrico Weigelt, metux IT consult 2025-03-20 17:22:25 +01:00
parent e92d6ad8e4
commit 0a90e70a01
4 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Xext/namespace/hook-client.c Normal file
View File

@ -0,0 +1,34 @@
#define HOOK_NAME "client"
#include <dix-config.h>
#include "dix/dix_priv.h"
#include "dix/extension_priv.h"
#include "dix/registry_priv.h"
#include "mi/miinitext.h"
#include "include/extinit.h"
#include "include/extnsionst.h"
#include "include/propertyst.h"
#include "include/protocol-versions.h"
#include "include/windowstr.h"
#include "Xext/xacestr.h"
#include "namespace.h"
#include "hooks.h"
void hookClient(CallbackListPtr *pcbl, void *unused, void *calldata)
{
XNS_HOOK_HEAD(XaceClientAccessRec);
struct XnamespaceClientPriv *obj = XnsClientPriv(param->target);
if (subj->ns->superPower || XnsClientSameNS(subj, obj))
return;
XNS_HOOK_LOG("BLOCKED access on client %d\n", param->target->index);
/* returning BadValue instead of BadAccess, because we're pretending
the requested client doens't even exist at all. */
param->status = BadValue;
}

1
Xext/namespace/hooks.h
View File

@ -24,6 +24,7 @@
} \ } \
struct XnamespaceClientPriv *subj = XnsClientPriv(client); struct XnamespaceClientPriv *subj = XnsClientPriv(client);
void hookClient(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata); void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata); void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookExtAccess(CallbackListPtr *pcbl, void *unused, void *calldata); void hookExtAccess(CallbackListPtr *pcbl, void *unused, void *calldata);

1
Xext/namespace/meson.build
View File

@ -2,6 +2,7 @@ libxserver_namespace = static_library(
'libxserver_namespace', 'libxserver_namespace',
[ [
'config.c', 'config.c',
'hook-client.c',
'hook-clientstate.c', 'hook-clientstate.c',
'hook-device.c', 'hook-device.c',
'hook-ext-access.c', 'hook-ext-access.c',

1
Xext/namespace/namespace.c
View File

@ -34,6 +34,7 @@ NamespaceExtensionInit(void)
AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) && AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) &&
AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) && AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) &&
AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL) && AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL) &&
XaceRegisterCallback(XACE_CLIENT_ACCESS, hookClient, NULL) &&
XaceRegisterCallback(XACE_DEVICE_ACCESS, hookDevice, NULL) && XaceRegisterCallback(XACE_DEVICE_ACCESS, hookDevice, NULL) &&
XaceRegisterCallback(XACE_EXT_DISPATCH, hookExtDispatch, NULL) && XaceRegisterCallback(XACE_EXT_DISPATCH, hookExtDispatch, NULL) &&
XaceRegisterCallback(XACE_EXT_ACCESS, hookExtAccess, NULL) && XaceRegisterCallback(XACE_EXT_ACCESS, hookExtAccess, NULL) &&