summaryrefslogtreecommitdiffstats
path: root/unix/xserver/hw/vnc
diff options
context:
space:
mode:
authorAdam Tkac <atkac@redhat.com>2010-12-13 11:27:06 +0000
committerAdam Tkac <atkac@redhat.com>2010-12-13 11:27:06 +0000
commit7cc163dbe5c34a694de87a68c4483491990a9b32 (patch)
treeb3742be1db809f0df8e5a4f9d9b1cd20250f02a4 /unix/xserver/hw/vnc
parent03a1ec5eafc1455f9400fa8014907f543fe7f030 (diff)
downloadtigervnc-7cc163dbe5c34a694de87a68c4483491990a9b32.tar.gz
tigervnc-7cc163dbe5c34a694de87a68c4483491990a9b32.zip
[Development] Allow to modify only "desktop", "SendCutText" and "AcceptCutText"
Xvnc's parameters via vncconfig. Also Xvnc got new option called "-noclipboard" which disables "*CutText" runtime modification. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4226 3789f03b-4d11-0410-bbf8-ca57d06f2519
Diffstat (limited to 'unix/xserver/hw/vnc')
-rw-r--r--unix/xserver/hw/vnc/vncExtInit.cc23
-rw-r--r--unix/xserver/hw/vnc/vncExtInit.h1
-rw-r--r--unix/xserver/hw/vnc/xvnc.cc6
3 files changed, 26 insertions, 4 deletions
diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc
index a0148316..d3cfbe26 100644
--- a/unix/xserver/hw/vnc/vncExtInit.cc
+++ b/unix/xserver/hw/vnc/vncExtInit.cc
@@ -86,6 +86,7 @@ int vncFbstride[MAXSCREENS];
static char* clientCutText = 0;
static int clientCutTextLen = 0;
+bool noclipboard = false;
static XserverDesktop* queryConnectDesktop = 0;
static void* queryConnectId = 0;
@@ -461,6 +462,10 @@ static void SendSelectionChangeEvent(Atom selection)
static int ProcVncExtSetParam(ClientPtr client)
{
+ char* value1 = 0;
+ char* value2 = 0;
+ rfb::VoidParameter *desktop1, *desktop2;
+
REQUEST(xVncExtSetParamReq);
REQUEST_FIXED_SIZE(xVncExtSetParamReq, stuff->paramLen);
CharArray param(stuff->paramLen+1);
@@ -471,19 +476,28 @@ static int ProcVncExtSetParam(ClientPtr client)
int n;
rep.type = X_Reply;
rep.length = 0;
+ rep.success = 0;
rep.sequenceNumber = client->sequence;
// Retrieve desktop name before setting
- char* value1 = 0;
- rfb::VoidParameter* desktop1 = rfb::Configuration::getParam("desktop");
+ desktop1 = rfb::Configuration::getParam("desktop");
if (desktop1)
value1 = desktop1->getValueStr();
+ /*
+ * Allow to change only clipboard parameters and desktop name.
+ * Changing other parameters (for example PAM service name)
+ * could have negative security impact.
+ */
+ if (strcasecmp(param.buf, "desktop") != 0 &&
+ (noclipboard || strcasecmp(param.buf, "SendCutText") != 0) &&
+ (noclipboard || strcasecmp(param.buf, "AcceptCutText") != 0))
+ goto deny;
+
rep.success = rfb::Configuration::setParam(param.buf);
// Send DesktopName update if desktop name has been changed
- char* value2 = 0;
- rfb::VoidParameter* desktop2 = rfb::Configuration::getParam("desktop");
+ desktop2 = rfb::Configuration::getParam("desktop");
if (desktop2)
value2 = desktop2->getValueStr();
if (value1 && value2 && strcmp(value1, value2)) {
@@ -498,6 +512,7 @@ static int ProcVncExtSetParam(ClientPtr client)
if (value2)
delete [] value2;
+deny:
if (client->swapped) {
swaps(&rep.sequenceNumber, n);
swapl(&rep.length, n);
diff --git a/unix/xserver/hw/vnc/vncExtInit.h b/unix/xserver/hw/vnc/vncExtInit.h
index af9b2ea6..931c28f3 100644
--- a/unix/xserver/hw/vnc/vncExtInit.h
+++ b/unix/xserver/hw/vnc/vncExtInit.h
@@ -31,6 +31,7 @@ extern void vncClientGone(int fd);
extern void vncBell();
extern void* vncFbptr[];
extern int vncFbstride[];
+extern bool noclipboard;
extern int vncInetdSock;
extern rfb::StringParameter httpDir;
diff --git a/unix/xserver/hw/vnc/xvnc.cc b/unix/xserver/hw/vnc/xvnc.cc
index 56912f90..5d5b1ca4 100644
--- a/unix/xserver/hw/vnc/xvnc.cc
+++ b/unix/xserver/hw/vnc/xvnc.cc
@@ -291,6 +291,7 @@ ddxUseMsg()
ErrorF("-pixelformat fmt set pixel format (rgbNNN or bgrNNN)\n");
ErrorF("-inetd has been launched from inetd\n");
ErrorF("-interface IP_address listen on specified interface\n");
+ ErrorF("-noclipboard disable clipboard settings modification via vncconfig utility\n");
ErrorF("\nVNC parameters:\n");
fprintf(stderr,"\n"
@@ -569,6 +570,11 @@ ddxProcessArgument(int argc, char *argv[], int i)
return 2;
}
+
+ if (strcmp(argv[i], "-noclipboard") == 0) {
+ noclipboard = true;
+ return 1;
+ }
if (rfb::Configuration::setParam(argv[i]))
return 1;