Xres: XResQueryClientIds: enable security filtering

Pass each client we're considering to report through XaceHookClientAccess(),
so security extensions have a chance to filter them out.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>

Xext/xres.c

@@ -13,6 +13,7 @@
 
 #include "dix/registry_priv.h"
 #include "os/client_priv.h"
+#include "Xext/xace.h"
 
 #include "misc.h"
 #include "os.h"
@@ -230,8 +231,10 @@ ProcXResQueryClients(ClientPtr client)
     num_clients = 0;
     for (i = 0; i < currentMaxClients; i++) {
         if (clients[i]) {
-            current_clients[num_clients] = i;
-            num_clients++;
+            if (XaceHookClientAccess(client, clients[i], DixReadAccess) == Success) {
+                current_clients[num_clients] = i;
+                num_clients++;
+            }
         }
     }
 
@@ -306,7 +309,9 @@ ProcXResQueryClientResources(ClientPtr client)
 
     clientID = CLIENT_ID(stuff->xid);
 
-    if ((clientID >= currentMaxClients) || !clients[clientID]) {
+    if ((clientID >= currentMaxClients) || !clients[clientID] ||
+        (XaceHookClientAccess(client, clients[clientID], DixReadAccess)
+                              != Success)) {
         client->errorValue = stuff->xid;
         return BadValue;
     }
@@ -382,7 +387,9 @@ ProcXResQueryClientPixmapBytes(ClientPtr client)
 
     clientID = CLIENT_ID(stuff->xid);
 
-    if ((clientID >= currentMaxClients) || !clients[clientID]) {
+    if ((clientID >= currentMaxClients) || !clients[clientID] ||
+        (XaceHookClientAccess(client, clients[clientID], DixReadAccess)
+                              != Success)) {
         client->errorValue = stuff->xid;
         return BadValue;
     }
@@ -539,7 +546,9 @@ ConstructClientIds(ClientPtr client,
         if (specs[specIdx].client == 0) {
             int c;
             for (c = 0; c < currentMaxClients; ++c) {
-                if (clients[c]) {
+                if (clients[c] &&
+                    (XaceHookClientAccess(client, clients[c], DixReadAccess)
+                                          != Success)) {
                     if (!ConstructClientIdValue(client, clients[c],
                                                 specs[specIdx].mask, ctx)) {
                         return BadAlloc;
@@ -549,7 +558,9 @@ ConstructClientIds(ClientPtr client,
         } else {
             int clientID = CLIENT_ID(specs[specIdx].client);
 
-            if ((clientID < currentMaxClients) && clients[clientID]) {
+            if ((clientID < currentMaxClients) && clients[clientID] &&
+                (XaceHookClientAccess(client, clients[clientID], DixReadAccess)
+                                      != Success)) {
                 if (!ConstructClientIdValue(client, clients[clientID],
                                             specs[specIdx].mask, ctx)) {
                     return BadAlloc;