commit bbe605241d7bca14821c5f807e017e31ccce5aa8
author Pekka Paalanen <ppaalanen@gmail.com> Thu Nov 03 14:11:33 2011 +0200
committer Kristian Høgsberg <krh@bitplanet.net> Thu Nov 03 15:16:39 2011 -0400
tree a398e94e5b5fe14aa207cea60ed91ffd66e8e715
parent 6cd281a023b356a376dd2865f7c9f6fa9c3436cf

compositor: only authorized client can bind desktop_shell

Check, that only the desktop-shell client spawned by the compositor
(desktop-shell plugin) is allowed to bind to desktop_shell interface.
Other clients will receive an error like:

  wl_display@1.error(desktop_shell@20, 0,
  "permission to bind desktop_shell denied")

The error has the proper object id and interface type.

Note: desktop-shell cannot be started manually anymore, it has to be
started by the compositor automatically.

Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>

compositor/shell.c

diff --git a/compositor/shell.c b/compositor/shell.c
index 1407272..ed2637d 100644
--- a/compositor/shell.c
+++ b/compositor/shell.c
@@ -1002,9 +1002,18 @@
 		   void *data, uint32_t version, uint32_t id)
 {
 	struct wl_shell *shell = data;
+	struct wl_resource *resource;
 
-	wl_client_add_object(client, &desktop_shell_interface,
-			     &desktop_shell_implementation, id, shell);
+	resource = wl_client_add_object(client, &desktop_shell_interface,
+					&desktop_shell_implementation,
+					id, shell);
+
+	if (client == shell->child.client)
+		return;
+
+	wl_resource_post_error(resource, WL_DISPLAY_ERROR_INVALID_OBJECT,
+			       "permission to bind desktop_shell denied");
+	wl_resource_destroy(resource, 0);
 }
 
 int