From: Pierre Ossman <ossman@cendio.se>
Date: Wed, 23 Jan 2019 13:31:26 +0000 (+0100)
Subject: Don't accept arbitrary arguments to vncserver
X-Git-Tag: v1.10.90~40^2~11
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=1a4ebd8e72c77aefd1b0a03e999072df8453f33b;p=tigervnc.git

Don't accept arbitrary arguments to vncserver

We now have config files for more fine grained control of these
things, so avoid duplicating the functionality.
---

diff --git a/unix/vncserver/vncserver b/unix/vncserver/vncserver
index bd24c4e3..054b2f28 100755
--- a/unix/vncserver/vncserver
+++ b/unix/vncserver/vncserver
@@ -1,5 +1,6 @@
 #!/usr/bin/env perl
 #
+#  Copyright (C) 2015-2019 Pierre Ossman for Cendio AB
 #  Copyright (C) 2009-2010 D. R. Commander.  All Rights Reserved.
 #  Copyright (C) 2005-2006 Sun Microsystems, Inc.  All Rights Reserved.
 #  Copyright (C) 2002-2003 Constantin Kaplinsky.  All Rights Reserved.
@@ -40,9 +41,6 @@ if($slashndx>=0) {
 # your site
 #
 
-$geometry = "1024x768";
-#$depth = 16;
-
 $vncUserDir = "$ENV{HOME}/.vnc";
 $vncUserConfig = "$vncUserDir/config";
 
@@ -129,8 +127,8 @@ if ($fontPath eq "") {
 
 # Check command line options
 
-&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
-	      "-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
+&ParseOptions("-kill",1,"-help",0,"-h",0,"--help",0,"-list",0,
+	      "-fg",0,"-autokill",0,"-noxstartup",0,"-xstartup",1);
 
 &Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
 
@@ -138,32 +136,12 @@ if ($fontPath eq "") {
 
 &List() if ($opt{'-list'});
 
-# Uncomment this line if you want default geometry, depth and pixelformat
-# to match the current X display:
-# &GetXDisplayDefaults();
-
-if ($opt{'-geometry'}) {
-    $geometry = $opt{'-geometry'};
-}
-if ($opt{'-depth'}) {
-    $depth = $opt{'-depth'};
-    $pixelformat = "";
-}
-if ($opt{'-pixelformat'}) {
-    $pixelformat = $opt{'-pixelformat'};
-}
 if ($opt{'-noxstartup'}) {
     $skipxstartup = 1;
 }
 if ($opt{'-xstartup'}) {
     $xstartupFile = $opt{'-xstartup'};
 }
-if ($opt{'-fp'}) {
-    $fontPath = $opt{'-fp'};
-    $fpArgSpecified = 1;
-}
-
-&CheckGeometryAndDepth();
 
 # Create the user's vnc directory if necessary.
 if (!(-e $vncUserDir)) {
@@ -187,11 +165,7 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
 
 $vncPort = 5900 + $displayNumber;
 
-if ($opt{'-name'}) {
-    $desktopName = $opt{'-name'};
-} else {
-    $desktopName = "$host:$displayNumber ($ENV{USER})";
-}
+$desktopName = "$host:$displayNumber ($ENV{USER})";
 
 my %default_opts;
 my %config;
@@ -200,9 +174,6 @@ my %config;
 # override these where present.
 $default_opts{desktop} = &quotedString($desktopName);
 $default_opts{auth} = &quotedString($xauthorityFile);
-$default_opts{geometry} = $geometry if ($geometry);
-$default_opts{depth} = $depth if ($depth);
-$default_opts{pixelformat} = $pixelformat if ($pixelformat);
 $default_opts{rfbwait} = 30000;
 $default_opts{rfbauth} = "$vncUserDir/passwd";
 $default_opts{rfbport} = $vncPort;
@@ -243,31 +214,10 @@ if ($config{'securitytypes'}) {
     }
   }
 }
-
-# ...and finally we check CLI args, which in the case of the topic at
-# hand (VNC auth or not), override anything found in configuration files
-# (even so-called "mandatory" settings).
-for ($i = 0; $i < @ARGV; ++$i) {
-    # -SecurityTypes can be followed by a space or "="
-    my @splitargs = split('=', $ARGV[$i]);
-    if (@splitargs <= 1 && $i < @ARGV - 1) {
-        push(@splitargs, $ARGV[$i + 1]);
-    }
-    if (lc(@splitargs[0]) eq "-securitytypes") {
-        if (@splitargs > 1) {
-            $securityTypeArgSpecified = 1;
-        }
-        foreach $arg2 (split(',', @splitargs[1])) {
-            if (grep {$_ eq lc($arg2)} @vncAuthStrings) {
-                $vncAuthEnabled = 1;
-            }
-        }
-    }
-    if ((lc(@splitargs[0]) eq "-password")
-     || (lc(@splitargs[0]) eq "-passwordfile"
-     || (lc(@splitargs[0]) eq "-rfbauth"))) {
-        $passwordArgSpecified = 1;
-    }
+if ($config{'password'} ||
+    $config{'passwordfile'} ||
+    $config{'rfbauth'}) {
+    $passwordArgSpecified = 1;
 }
 
 if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) {
@@ -323,14 +273,6 @@ foreach my $k (sort keys %default_opts) {
   $cmd .= " -$k $default_opts{$k}";
 }
 
-# Add color database stuff here, e.g.:
-# $cmd .= " -co /usr/lib/X11/rgb";
-
-foreach $arg (@ARGV) {
-  $cmd .= " " . &quotedString($arg);
-}
-$cmd .= " >> " . &quotedString($desktopLog) . " 2>&1";
-
 # Run $cmd and record the process ID.
 $pidFile = "$vncUserDir/$host:$displayNumber.pid";
 system("$cmd & echo \$! >$pidFile");
@@ -469,30 +411,6 @@ sub LoadConfig {
   }
 }
 
-#
-# CheckGeometryAndDepth simply makes sure that the geometry and depth values
-# are sensible.
-#
-
-sub CheckGeometryAndDepth
-{
-    if ($geometry =~ /^(\d+)x(\d+)$/) {
-	$width = $1; $height = $2;
-
-	if (($width<1) || ($height<1)) {
-	    die "$prog: geometry $geometry is invalid\n";
-	}
-
-	$geometry = "${width}x$height";
-    } else {
-	die "$prog: geometry $geometry is invalid\n";
-    }
-
-    if ($depth && (($depth < 8) || ($depth > 32))) {
-	die "Depth must be between 8 and 32\n";
-    }
-}
-
 
 #
 # GetDisplayNumber gets the lowest available display number.  A display number
@@ -560,83 +478,6 @@ sub CheckDisplayNumber
     return 1;
 }
 
-
-#
-# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel
-# format of the current X display being used.  If successful, it sets the
-# options as appropriate so that the X VNC server will use the same settings
-# (minus an allowance for window manager decorations on the geometry).  Using
-# the same depth and pixel format means that the VNC server won't have to
-# translate pixels when the desktop is being viewed on this X display (for
-# TrueColor displays anyway).
-#
-
-sub GetXDisplayDefaults
-{
-    local (@lines, @matchlines, $width, $height, $defaultVisualId, $i,
-	   $red, $green, $blue);
-
-    $wmDecorationWidth = 4;	# a guess at typical size for window manager
-    $wmDecorationHeight = 24;	# decoration size
-
-    return if (!defined($ENV{DISPLAY}));
-
-    @lines = `xdpyinfo 2>/dev/null`;
-
-    return if ($? != 0);
-
-    @matchlines = grep(/dimensions/, @lines);
-    if (@matchlines) {
-	($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/);
-
-	$width -= $wmDecorationWidth;
-	$height -= $wmDecorationHeight;
-
-	$geometry = "${width}x$height";
-    }
-
-    @matchlines = grep(/default visual id/, @lines);
-    if (@matchlines) {
-	($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/);
-
-	for ($i = 0; $i < @lines; $i++) {
-	    if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) {
-		if (($lines[$i+1] !~ /TrueColor/) ||
-		    ($lines[$i+2] !~ /depth/) ||
-		    ($lines[$i+4] !~ /red, green, blue masks/))
-		{
-		    return;
-		}
-		last;
-	    }
-	}
-
-	return if ($i >= @lines);
-
-	($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/);
-	($red,$green,$blue)
-	    = ($lines[$i+4]
-	       =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/);
-
-	$red = hex($red);
-	$green = hex($green);
-	$blue = hex($blue);
-
-	if ($red > $blue) {
-	    $red = int(log($red) / log(2)) - int(log($green) / log(2));
-	    $green = int(log($green) / log(2)) - int(log($blue) / log(2));
-	    $blue = int(log($blue) / log(2)) + 1;
-	    $pixelformat = "rgb$red$green$blue";
-	} else {
-	    $blue = int(log($blue) / log(2)) - int(log($green) / log(2));
-	    $green = int(log($green) / log(2)) - int(log($red) / log(2));
-	    $red = int(log($red) / log(2)) + 1;
-	    $pixelformat = "bgr$blue$green$red";
-	}
-    }
-}
-
-
 #
 # quotedString returns a string which yields the original string when parsed
 # by a shell.
@@ -672,15 +513,12 @@ sub removeSlashes
 
 sub Usage
 {
-    die("\nusage: $prog [:<number>] [-name <desktop-name>] [-depth <depth>]\n".
-	"                 [-geometry <width>x<height>]\n".
-	"                 [-pixelformat rgbNNN|bgrNNN]\n".
-	"                 [-fp <font-path>]\n".
+    die("\nusage: $prog [:<number>]\n".
 	"                 [-fg]\n".
 	"                 [-autokill]\n".
 	"                 [-noxstartup]\n".
 	"                 [-xstartup <file>]\n".
-	"                 <Xvnc-options>...\n\n".
+	"\n".
 	"       $prog -kill <X-display>\n\n".
 	"       $prog -list\n\n");
 }
diff --git a/unix/vncserver/vncserver.man b/unix/vncserver/vncserver.man
index 95f7960f..9ae43185 100644
--- a/unix/vncserver/vncserver.man
+++ b/unix/vncserver/vncserver.man
@@ -4,22 +4,11 @@ vncserver \- start or stop a VNC server
 .SH SYNOPSIS
 .B vncserver
 .RI [: display# ]
-.RB [ \-name
-.IR desktop-name ]
-.RB [ \-geometry
-.IR width x height ]
-.RB [ \-depth
-.IR depth ]
-.RB [ \-pixelformat
-.IR format ]
-.RB [ \-fp
-.IR font-path ]
 .RB [ \-fg ]
 .RB [ \-autokill ]
 .RB [ \-noxstartup ]
 .RB [ \-xstartup 
 .IR script ]
-.RI [ Xvnc-options... ]
 .br
 .BI "vncserver \-kill :" display#
 .br
@@ -49,43 +38,7 @@ at startup (but note that this will not affect an existing VNC session.)
 
 .SH OPTIONS
 You can get a list of options by passing \fB\-h\fP as an option to vncserver.
-In addition to the options listed below, any unrecognised options will be
-passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details.
 
-.TP
-.B \-name \fIdesktop-name\fP
-Each VNC desktop has a name which may be displayed by the viewer. The desktop
-name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can
-change it with this option.  The desktop name option is passed to the xstartup
-script via the $VNCDESKTOP environment variable, which allows you to run a
-different set of applications depending on the name of the desktop.
-.
-.TP
-.B \-geometry \fIwidth\fPx\fIheight\fP
-Specify the size of the VNC desktop to be created. Default is 1024x768. 
-.
-.TP
-.B \-depth \fIdepth\fP
-Specify the pixel depth (in bits) of the VNC desktop to be created. Default is
-24.  Other possible values are 8, 15 and 16 - anything else is likely to cause
-strange behaviour by applications.
-.
-.TP
-.B \-pixelformat \fIformat\fP
-Specify pixel format for Xvnc to use (BGRnnn or RGBnnn).  The default for
-depth 8 is BGR233 (meaning the most significant two bits represent blue, the
-next three green, and the least significant three represent red), the default
-for depth 16 is RGB565, and the default for depth 24 is RGB888.
-.
-.TP
-.B \-cc 3
-As an alternative to the default TrueColor visual, this allows you to run an
-Xvnc server with a PseudoColor visual (i.e. one which uses a color map or
-palette), which can be useful for running some old X applications which only
-work on such a display.  Values other than 3 (PseudoColor) and 4 (TrueColor)
-for the \-cc option may result in strange behaviour, and PseudoColor desktops
-must have an 8-bit depth.
-.
 .TP
 .B \-kill :\fIdisplay#\fP
 This kills a VNC desktop previously started with vncserver.  It does this by
@@ -97,22 +50,6 @@ argument.  Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the
 end of your xstartup file after a particular application exits.
 .
 .TP
-.B \-fp \fIfont-path\fP
-If the vncserver script detects that the X Font Server (XFS) is running, it
-will attempt to start Xvnc and configure Xvnc to use XFS for font handling.
-Otherwise, if XFS is not running, the vncserver script will attempt to start
-Xvnc and allow Xvnc to use its own preferred method of font handling (which may
-be a hard-coded font path or, on more recent systems, a font catalog.)  In
-any case, if Xvnc fails to start, the vncserver script will then attempt to
-determine an appropriate X font path for this system and start Xvnc using
-that font path.
-
-The
-.B \-fp
-argument allows you to override the above fallback logic and specify a font
-path for Xvnc to use.
-.
-.TP
 .B \-fg
 Runs Xvnc as a foreground process.  This has two effects: (1) The VNC server
 can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the
@@ -161,11 +98,9 @@ options defined in a user's $HOME/.vnc/config. This file offers a mechanism
 to establish some basic form of system-wide policy. WARNING! There is
 nothing stopping users from constructing their own vncserver-like script
 that calls Xvnc directly to bypass any options defined in
-/etc/tigervnc/vncserver-config-mandatory.  Likewise, any CLI arguments passed
-to vncserver will override ANY config file setting of the same name. The
-overall configuration file load order is:
-/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file.
-None are required to exist.
+/etc/tigervnc/vncserver-config-mandatory. The overall configuration file load
+order is: /etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then
+this file. None are required to exist.
 .TP
 $HOME/.vnc/config
 An optional server config file wherein options to be passed to Xvnc are listed
diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
index 07f1e517..d4ca9bf7 100644
--- a/unix/vncserver/vncserver@.service.in
+++ b/unix/vncserver/vncserver@.service.in
@@ -2,10 +2,12 @@
 #
 # Quick HowTo:
 # 1. Copy this file to /etc/systemd/system/vncserver@.service
-# 2. Edit <USER> and vncserver parameters appropriately
-#   ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
-# 3. Run `systemctl daemon-reload`
-# 4. Run `systemctl enable vncserver@:<display>.service`
+# 2. Switches for vncserver should be entered in ~/.vnc/config rather than
+#    hard-coded into this unit file. See the vncserver(1) manpage.
+# 3. Replace <USER> with the desired user
+#   ("runuser -l <USER> -c /usr/bin/vncserver %i")
+# 4. Run `systemctl daemon-reload`
+# 5. Run `systemctl enable vncserver@:<display>.service`
 #
 # DO NOT RUN THIS SERVICE if your local area network is
 # untrusted!  For a secure way of using VNC, you should