Fix "ApproveLoggedUserOnly" option not working in some setups

Resolves: RHEL-34880

tigervnc-add-option-allowing-to-connect-only-user-owning-session.patch

@@ -33,7 +33,7 @@ index 3831812..736a563 100644
    if (client->accessCheck(AccessNoQuery))
    {
 diff --git a/unix/xserver/hw/vnc/XserverDesktop.cc b/unix/xserver/hw/vnc/XserverDesktop.cc
-index d4ee16b..dce1f6c 100644
+index d4ee16b..a537534 100644
 --- a/unix/xserver/hw/vnc/XserverDesktop.cc
 +++ b/unix/xserver/hw/vnc/XserverDesktop.cc
 @@ -52,6 +52,11 @@
@@ -48,7 +48,7 @@ index d4ee16b..dce1f6c 100644
  extern "C" {
  void vncSetGlueContext(int screenIndex);
  void vncPresentMscEvent(uint64_t id, uint64_t msc);
-@@ -71,7 +76,14 @@ IntParameter queryConnectTimeout("QueryConnectTimeout",
+@@ -71,7 +76,15 @@ IntParameter queryConnectTimeout("QueryConnectTimeout",
                                   "Accept Connection dialog before "
                                   "rejecting the connection",
                                   10);
@@ -58,13 +58,14 @@ index d4ee16b..dce1f6c 100644
 +("ApproveLoggedUserOnly",
 + "Approve only the user who is currently logged into the session."
 + "This is expected to be combined with 'plain' security type and with "
-+ "'PlainUsers=*' option allowing everyone to connect to the session.",
++ "'PlainUsers=*' option allowing everyone to connect to the session."
++ "Default is off.",
 +  false);
 +#endif
  
  XserverDesktop::XserverDesktop(int screenIndex_,
                                 std::list<network::SocketListener*> listeners_,
-@@ -168,11 +180,117 @@ void XserverDesktop::init(rfb::VNCServer* vs)
+@@ -168,11 +181,121 @@ void XserverDesktop::init(rfb::VNCServer* vs)
    // ready state
  }
  
@@ -108,7 +109,11 @@ index d4ee16b..dce1f6c 100644
 +      }
 +
 +      std::string serverDisplay = ":" + std::to_string(screenIndex);
-+      if (strcmp(display, serverDisplay.c_str()) != 0) {
++      std::string serverDisplayIPv4 = "127.0.0.1:" + std::to_string(screenIndex);
++      std::string serverDisplayIPv6 = "::1:" + std::to_string(screenIndex);
++      if ((strcmp(display, serverDisplay.c_str()) != 0) &&
++          (strcmp(display, serverDisplayIPv4.c_str()) != 0) &&
++          (strcmp(display, serverDisplayIPv6.c_str()) != 0)) {
 +        free(display);
 +        continue;
 +      }
@@ -201,10 +206,10 @@ index e604295..aed188e 100644
                             std::list<network::SocketListener*>* sockets,
                             rfb::VNCServer* sockserv);
 diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
-index b9c429f..17df086 100644
+index b9c429f..e4822f6 100644
 --- a/unix/xserver/hw/vnc/Xvnc.man
 +++ b/unix/xserver/hw/vnc/Xvnc.man
-@@ -204,6 +204,12 @@ to allow any user to authenticate using this security type. Specify \fB%u\fP
+@@ -204,6 +204,13 @@ to allow any user to authenticate using this security type. Specify \fB%u\fP
  to allow the user of the server process. Default is to deny all users.
  .
  .TP
@@ -212,6 +217,7 @@ index b9c429f..17df086 100644
 +Approve only the user who is currently logged into the session.
 +This is expected to be combined with "Plain" security type and with
 +"PlainUsers=*" option allowing everyone to connect to the session.
++Default is off.
 +.
 +.TP
  .B \-pam_service \fIname\fP, \-PAMService \fIname\fP

tigervnc.spec

@@ -5,7 +5,7 @@
 
 Name:           tigervnc
 Version:        1.14.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A TigerVNC remote display system
 
 %global _hardened_build 1
@@ -402,6 +402,10 @@ fi
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 
 %changelog
+* Fri Oct 04 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-5
+- Fix "ApproveLoggedUserOnly" option not working in some setups
+  Resolves: RHEL-34880
+
 * Fri Sep 27 2024 Jan Grulich <jgrulich@redhat.com> - 1.14.0-4
 - Add option "ApproveLoggedUserOnly" allowing to connect only the user
   owning the running session