Fix broken authentication with x0vncserver
Resolves: RHEL-93573
This commit is contained in:
Jan Grulich
parent
b31462f4f4
commit
cd2b821cf7
@ -1,4 +1,4 @@
|
||||
From 8ac9bf0c061666d89d345a3d7149e1ef9c771655 Mon Sep 17 00:00:00 2001
|
||||
From 69b0fd6d77ea5968bd815188ee2bda3d282ebc60 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Grulich <jgrulich@redhat.com>
|
||||
Date: Mon, 29 Jul 2024 14:31:14 +0200
|
||||
Subject: [PATCH] Add option allowing to connect only the user owning the
|
||||
@ -10,9 +10,11 @@ This is expected to be used with 'plain' security type in combination
|
||||
with 'PlainUsers=*' option allowing everyone to connect to the session.
|
||||
---
|
||||
common/rfb/VNCServerST.cxx | 7 --
|
||||
unix/xserver/hw/vnc/XserverDesktop.cc | 120 +++++++++++++++++++++++++-
|
||||
unix/x0vncserver/XDesktop.cxx | 8 ++
|
||||
unix/xserver/hw/vnc/XserverDesktop.cc | 137 ++++++++++++++++++++++++++
|
||||
unix/xserver/hw/vnc/XserverDesktop.h | 7 ++
|
||||
3 files changed, 126 insertions(+), 8 deletions(-)
|
||||
unix/xserver/hw/vnc/Xvnc.man | 7 ++
|
||||
5 files changed, 159 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx
|
||||
index b99d33b..aa8d53e 100644
|
||||
@ -32,8 +34,34 @@ index b99d33b..aa8d53e 100644
|
||||
// - Does the client have the right to bypass the query?
|
||||
if (client->accessCheck(AccessNoQuery))
|
||||
{
|
||||
diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx
|
||||
index b43e3f7..3d00e23 100644
|
||||
--- a/unix/x0vncserver/XDesktop.cxx
|
||||
+++ b/unix/x0vncserver/XDesktop.cxx
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <network/Socket.h>
|
||||
|
||||
#include <rfb/LogWriter.h>
|
||||
+#include <rfb/ServerCore.h>
|
||||
|
||||
#include <x0vncserver/XDesktop.h>
|
||||
|
||||
@@ -320,6 +321,13 @@ void XDesktop::queryConnection(network::Socket* sock,
|
||||
{
|
||||
assert(isRunning());
|
||||
|
||||
+ // - Are we configured to do queries?
|
||||
+ if (!rfb::Server::queryConnect &&
|
||||
+ !sock->requiresQuery()) {
|
||||
+ server->approveConnection(sock, true, nullptr);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
// Someone already querying?
|
||||
if (queryConnectSock) {
|
||||
std::list<network::Socket*> sockets;
|
||||
diff --git a/unix/xserver/hw/vnc/XserverDesktop.cc b/unix/xserver/hw/vnc/XserverDesktop.cc
|
||||
index 260ed3a..4f252c8 100644
|
||||
index 260ed3a..c8741f6 100644
|
||||
--- a/unix/xserver/hw/vnc/XserverDesktop.cc
|
||||
+++ b/unix/xserver/hw/vnc/XserverDesktop.cc
|
||||
@@ -51,6 +51,11 @@
|
||||
@ -48,11 +76,10 @@ index 260ed3a..4f252c8 100644
|
||||
extern "C" {
|
||||
void vncSetGlueContext(int screenIndex);
|
||||
void vncPresentMscEvent(uint64_t id, uint64_t msc);
|
||||
@@ -70,7 +75,15 @@ IntParameter queryConnectTimeout("QueryConnectTimeout",
|
||||
"Accept connection dialog before "
|
||||
@@ -71,6 +76,15 @@ IntParameter queryConnectTimeout("QueryConnectTimeout",
|
||||
"rejecting the connection",
|
||||
10);
|
||||
-
|
||||
|
||||
+#ifdef HAVE_SYSTEMD_DAEMON
|
||||
+BoolParameter approveLoggedUserOnly
|
||||
+("ApproveLoggedUserOnly",
|
||||
@ -65,7 +92,7 @@ index 260ed3a..4f252c8 100644
|
||||
|
||||
XserverDesktop::XserverDesktop(int screenIndex_,
|
||||
std::list<network::SocketListener*> listeners_,
|
||||
@@ -164,11 +177,134 @@ void XserverDesktop::init(rfb::VNCServer* vs)
|
||||
@@ -164,11 +178,134 @@ void XserverDesktop::init(rfb::VNCServer* vs)
|
||||
// ready state
|
||||
}
|
||||
|
||||
@ -219,7 +246,7 @@ index 8c543db..8d6bde4 100644
|
||||
std::list<network::SocketListener*>* sockets,
|
||||
rfb::VNCServer* sockserv);
|
||||
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
|
||||
index d6b1664..07b74bb 100644
|
||||
index d6b1664..24384df 100644
|
||||
--- a/unix/xserver/hw/vnc/Xvnc.man
|
||||
+++ b/unix/xserver/hw/vnc/Xvnc.man
|
||||
@@ -200,6 +200,13 @@ Never treat incoming connections as shared, regardless of the client-specified
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.15.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
@ -398,6 +398,10 @@ fi
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
* Tue May 27 2025 Jan Grulich <jgrulich@redhat.com> - 1.15.0-4
|
||||
- Fix broken authentication with x0vncserver
|
||||
Resolves: RHEL-93573
|
||||
|
||||
* Wed Apr 30 2025 Jan Grulich <jgrulich@redhat.com> - 1.15.0-3
|
||||
- Only warn about 8 characters limit, but let it proceed
|
||||
Resolves: RHEL-89432
|
||||
|
||||
Loading…
Reference in New Issue
Block a user