Move the callbacks directly into DIX, since it's actually core infrastructure.
Also simplifying the whole machinery, by just using a simpel CallbackListPtr.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Removing the namespace assignment of killed clients in ClientState-hook
is too early - we still need it later. Using the new ClientDestroyCallback
instead.
Closes: https://github.com/X11Libre/xserver/issues/486
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Move the callbacks directly into DIX, since it's actually core infrastructure.
Also simplifying the whole machinery, by just using a simpel CallbackListPtr.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Move the callbacks directly into DIX, since it's actually core infrastructure.
Also simplifying the whole machinery, by just using a simpel CallbackListPtr.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Support having more than one auth token per namespace, so separate tokens
can be handed out to clients that are still landing in the same namespace.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Filter property access. Right now just allowed inside same namespace,
or when caller is in root namespace.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Filter message sending by clients. Only sending within the same
namespace is allowed (except for clients in a NS with superpowers,
e.g. root)
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Filter device access, whitelist several commonly used operations that
should be safe (eg. query keyboard layout).
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Whitelist several extension calls that are safe. Also allow namespaces
to be configured for unrestricted access.
TBD: doesn't actually reject yet
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Only namespaces with allowMouseOption flag enabled can receive
raw mouse motion events. Raw key press events are always blocked.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Redirecting access to root window properties to the per-namespace
virtual root windows. This isolates a lot of communication via root
window, e.g. the cut buffers.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
For each namespace creating a fake (invisible) root window, which can be
used for storing per-namespace properties (eg. cut buffers), etc.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Selection names (as seen by the client) are internally prefixed with the
namespace ID, so each client can only access those within it's namespace.
If a client within namespace "foo" want's to operate on "PRIMARY",
it actually will be doing so on "<foo>PRIMARY", w/o ever noticing it.
Events will sent back to the client still pointing to "PRIMARY".
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Adding data structure and initial data for namespace configuration.
Built-in namespaces are ROOT and ANONYMOUS.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Add tiny skeleton for the namespace extension. Disabled by default,
can be enabled via +extension arg, but doesn't actually do something yet.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
