static LogWriter vlog("SConnection");
-SConnection::SConnection()
+SConnection::SConnection(AccessRights accessRights)
: readyForSetColourMapEntries(false),
is(0), os(0), reader_(0), writer_(0), ssecurity(0),
authFailureTimer(this, &SConnection::handleAuthFailureTimeout),
state_(RFBSTATE_UNINITIALISED), preferredEncoding(encodingRaw),
- accessRights(AccessNone), hasRemoteClipboard(false),
+ accessRights(accessRights), hasRemoteClipboard(false),
hasLocalClipboard(false),
unsolicitedClipboardAttempt(false)
{
}
state_ = RFBSTATE_QUERYING;
- setAccessRights(ssecurity->getAccessRights());
+ setAccessRights(accessRights & ssecurity->getAccessRights());
queryConnection(ssecurity->getUserName());
// If the connection got approved right away then we can continue
class SConnection : public SMsgHandler {
public:
- SConnection();
+ SConnection(AccessRights accessRights);
virtual ~SConnection();
// Methods to initialise the connection
// clipboard via handleClipboardRequest().
virtual void sendClipboardData(const char* data);
+ // getAccessRights() returns the access rights of a SConnection to the server.
+ AccessRights getAccessRights() { return accessRights; }
+
// setAccessRights() allows a security package to limit the access rights
// of a SConnection to the server. How the access rights are treated
// is up to the derived class.
static Cursor emptyCursor(0, 0, Point(0, 0), NULL);
VNCSConnectionST::VNCSConnectionST(VNCServerST* server_, network::Socket *s,
- bool reverse)
- : sock(s), reverseConnection(reverse),
+ bool reverse, AccessRights ar)
+ : SConnection(ar),
+ sock(s), reverseConnection(reverse),
inProcessMessages(false),
pendingSyncFence(false), syncFence(false), fenceFlags(0),
fenceDataLen(0), fenceData(NULL), congestionTimer(this),
class VNCSConnectionST : private SConnection,
public Timer::Callback {
public:
- VNCSConnectionST(VNCServerST* server_, network::Socket* s, bool reverse);
+ VNCSConnectionST(VNCServerST* server_, network::Socket* s, bool reverse,
+ AccessRights ar);
virtual ~VNCSConnectionST();
// SConnection methods
// outgoing is set to true if the socket was created by connecting out
// to another host, or false if the socket was created by accept()ing
// an incoming connection.
- virtual void addSocket(network::Socket* sock, bool outgoing=false) = 0;
+ // accessRights allows to set the access rights to the server.
+ virtual void addSocket(network::Socket* sock, bool outgoing=false,
+ AccessRights accessRights = AccessDefault) = 0;
// removeSocket() tells the server to stop serving the Socket. The
// caller retains ownership of the Socket - the server must NOT
// VNCServer methods
-void VNCServerST::addSocket(network::Socket* sock, bool outgoing)
+void VNCServerST::addSocket(network::Socket* sock, bool outgoing, AccessRights accessRights)
{
// - Check the connection isn't black-marked
// *** do this in getSecurity instead?
connectTimer.start(secsToMillis(rfb::Server::maxConnectionTime));
disconnectTimer.stop();
- VNCSConnectionST* client = new VNCSConnectionST(this, sock, outgoing);
+ VNCSConnectionST* client = new VNCSConnectionST(this, sock, outgoing, accessRights);
clients.push_front(client);
client->init();
}
// addSocket
// Causes the server to allocate an RFB-protocol management
// structure for the socket & initialise it.
- virtual void addSocket(network::Socket* sock, bool outgoing=false);
+ virtual void addSocket(network::Socket* sock, bool outgoing=false,
+ AccessRights ar=AccessDefault);
// removeSocket
// Clean up any resources associated with the Socket
#include <rdr/OutStream.h>
#include <rdr/FileInStream.h>
+#include <rfb/AccessRights.h>
+
#include <rfb/PixelFormat.h>
#include <rfb/CConnection.h>
}
SConn::SConn()
+: SConnection(rfb::AccessDefault)
{
out = new DummyOutStream;
setStreams(NULL, out);
return True;
}
-Bool XVncExtConnect(Display* dpy, const char* hostAndPort)
+Bool XVncExtConnect(Display* dpy, const char* hostAndPort, Bool viewOnly)
{
xVncExtConnectReq* req;
xVncExtConnectReply rep;
req->vncExtReqType = X_VncExtConnect;
req->length += (strLen + 3) >> 2;
req->strLen = strLen;
+ req->viewOnly = (CARD8)viewOnly;
Data(dpy, hostAndPort, strLen);
if (!_XReply(dpy, (xReply *)&rep, 0, xFalse)) {
UnlockDisplay(dpy);
char** XVncExtListParams(Display* dpy, int* nParams);
void XVncExtFreeParamList(char** list);
Bool XVncExtSelectInput(Display* dpy, Window w, int mask);
-Bool XVncExtConnect(Display* dpy, const char* hostAndPort);
+Bool XVncExtConnect(Display* dpy, const char* hostAndPort, Bool viewOnly);
Bool XVncExtGetQueryConnect(Display* dpy, char** addr,
char** user, int* timeout, void** opaqueId);
Bool XVncExtApproveConnect(Display* dpy, void* opaqueId, int approve);
CARD8 vncExtReqType; /* always VncExtConnect */
CARD16 length B16;
CARD8 strLen;
- CARD8 pad0;
+ CARD8 viewOnly;
CARD16 pad1 B16;
} xVncExtConnectReq;
#define sz_xVncExtConnectReq 8
{
fprintf(stderr,"usage: %s [parameters]\n",
programName);
- fprintf(stderr," %s [parameters] -connect <host>[:<port>]\n",
- programName);
+ fprintf(stderr," %s [parameters] -connect "
+ "[-view-only] <host>[:<port>]\n", programName);
fprintf(stderr," %s [parameters] -disconnect\n", programName);
fprintf(stderr," %s [parameters] [-set] <Xvnc-param>=<value> ...\n",
programName);
if (i < argc) {
for (; i < argc; i++) {
if (strcmp(argv[i], "-connect") == 0) {
+ Bool viewOnly = False;
i++;
+ if (strcmp(argv[i], "-view-only") == 0) {
+ viewOnly = True;
+ i++;
+ }
if (i >= argc) usage();
- if (!XVncExtConnect(dpy, argv[i])) {
+ if (!XVncExtConnect(dpy, argv[i], viewOnly)) {
fprintf(stderr,"connecting to %s failed\n",argv[i]);
}
} else if (strcmp(argv[i], "-disconnect") == 0) {
- if (!XVncExtConnect(dpy, "")) {
+ if (!XVncExtConnect(dpy, "", False)) {
fprintf(stderr,"disconnecting all clients failed\n");
}
} else if (strcmp(argv[i], "-get") == 0) {
.br
.B vncconfig
.RI [ parameters ]
-.B \-connect
+.B \-connect \fP[\fB-view-only\fP]
.IR host [: port ]
.br
.B vncconfig
.SH OPTIONS
.TP
-.B \-connect \fIhost\fP[:\fIport\fP]
+.B \-connect \fP[\fB-view-only\fP] \fIhost\fP[:\fIport\fP]
Tells an Xvnc server to make a "reverse" connection to a listening VNC viewer
(normally connections are made the other way round - the viewer connects to the
server). \fIhost\fP is the host where the listening viewer is running. If it's
not listening on the default port of 5500, you can specify \fIhost:port\fP
-instead.
+instead. The \fB-view-only\fP option specifies that the server must ignore all
+keyboard or mouse events sent by the client.
.
.TP
.B \-disconnect
}
}
-void XserverDesktop::addClient(Socket* sock, bool reverse)
+void XserverDesktop::addClient(Socket* sock, bool reverse, bool viewOnly)
{
vlog.debug("new client, sock %d reverse %d",sock->getFd(),reverse);
- server->addSocket(sock, reverse);
+ server->addSocket(sock, reverse, viewOnly ? AccessView : AccessDefault);
vncSetNotifyFd(sock->getFd(), screenIndex, true, false);
}
void add_copied(const rfb::Region &dest, const rfb::Point &delta);
void handleSocketEvent(int fd, bool read, bool write);
void blockHandler(int* timeout);
- void addClient(network::Socket* sock, bool reverse);
+ void addClient(network::Socket* sock, bool reverse, bool viewOnly);
void disconnectClients();
// QueryConnect methods called from X server code
address[stuff->strLen] = 0;
rep.success = 0;
- if (vncConnectClient(address) == 0)
+ if (vncConnectClient(address, (int)stuff->viewOnly) == 0)
rep.success = 1;
rep.type = X_Reply;
if (scr == 0 && vncInetdSock != -1 && listeners.empty()) {
network::Socket* sock = new network::TcpSocket(vncInetdSock);
- desktop[scr]->addClient(sock, false);
+ desktop[scr]->addClient(sock, false, false);
vlog.info("added inetd sock");
}
}
desktop[scr]->sendClipboardData(data);
}
-int vncConnectClient(const char *addr)
+int vncConnectClient(const char *addr, int viewOnly)
{
if (strlen(addr) == 0) {
try {
try {
network::Socket* sock = new network::TcpSocket(host.c_str(), port);
- desktop[0]->addClient(sock, true);
+ vlog.info("Reverse connection: %s:%d%s", host.c_str(), port,
+ viewOnly ? " (view only)" : "");
+ desktop[0]->addClient(sock, true, (bool)viewOnly);
} catch (rdr::Exception& e) {
vlog.error("Reverse connection: %s",e.str());
return -1;
void vncAnnounceClipboard(int available);
void vncSendClipboardData(const char* data);
-int vncConnectClient(const char *addr);
+int vncConnectClient(const char *addr, int viewOnly);
void vncGetQueryConnect(uint32_t *opaqueId, const char**username,
const char **address, int *timeout);
projects / tigervnc.git / commitdiff