diff --git a/tigervnc-add-option-allowing-to-connect-only-user-owning-session.patch b/tigervnc-add-option-allowing-to-connect-only-user-owning-session.patch index adb5a55..371c700 100644 --- a/tigervnc-add-option-allowing-to-connect-only-user-owning-session.patch +++ b/tigervnc-add-option-allowing-to-connect-only-user-owning-session.patch @@ -1,4 +1,4 @@ -From 8ac9bf0c061666d89d345a3d7149e1ef9c771655 Mon Sep 17 00:00:00 2001 +From 69b0fd6d77ea5968bd815188ee2bda3d282ebc60 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 29 Jul 2024 14:31:14 +0200 Subject: [PATCH] Add option allowing to connect only the user owning the @@ -10,9 +10,11 @@ This is expected to be used with 'plain' security type in combination with 'PlainUsers=*' option allowing everyone to connect to the session. --- common/rfb/VNCServerST.cxx | 7 -- - unix/xserver/hw/vnc/XserverDesktop.cc | 120 +++++++++++++++++++++++++- + unix/x0vncserver/XDesktop.cxx | 8 ++ + unix/xserver/hw/vnc/XserverDesktop.cc | 137 ++++++++++++++++++++++++++ unix/xserver/hw/vnc/XserverDesktop.h | 7 ++ - 3 files changed, 126 insertions(+), 8 deletions(-) + unix/xserver/hw/vnc/Xvnc.man | 7 ++ + 5 files changed, 159 insertions(+), 7 deletions(-) diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx index b99d33b..aa8d53e 100644 @@ -32,8 +34,34 @@ index b99d33b..aa8d53e 100644 // - Does the client have the right to bypass the query? if (client->accessCheck(AccessNoQuery)) { +diff --git a/unix/x0vncserver/XDesktop.cxx b/unix/x0vncserver/XDesktop.cxx +index b43e3f7..3d00e23 100644 +--- a/unix/x0vncserver/XDesktop.cxx ++++ b/unix/x0vncserver/XDesktop.cxx +@@ -31,6 +31,7 @@ + #include + + #include ++#include + + #include + +@@ -320,6 +321,13 @@ void XDesktop::queryConnection(network::Socket* sock, + { + assert(isRunning()); + ++ // - Are we configured to do queries? ++ if (!rfb::Server::queryConnect && ++ !sock->requiresQuery()) { ++ server->approveConnection(sock, true, nullptr); ++ return; ++ } ++ + // Someone already querying? + if (queryConnectSock) { + std::list sockets; diff --git a/unix/xserver/hw/vnc/XserverDesktop.cc b/unix/xserver/hw/vnc/XserverDesktop.cc -index 260ed3a..4f252c8 100644 +index 260ed3a..c8741f6 100644 --- a/unix/xserver/hw/vnc/XserverDesktop.cc +++ b/unix/xserver/hw/vnc/XserverDesktop.cc @@ -51,6 +51,11 @@ @@ -48,11 +76,10 @@ index 260ed3a..4f252c8 100644 extern "C" { void vncSetGlueContext(int screenIndex); void vncPresentMscEvent(uint64_t id, uint64_t msc); -@@ -70,7 +75,15 @@ IntParameter queryConnectTimeout("QueryConnectTimeout", - "Accept connection dialog before " +@@ -71,6 +76,15 @@ IntParameter queryConnectTimeout("QueryConnectTimeout", "rejecting the connection", 10); -- + +#ifdef HAVE_SYSTEMD_DAEMON +BoolParameter approveLoggedUserOnly +("ApproveLoggedUserOnly", @@ -65,7 +92,7 @@ index 260ed3a..4f252c8 100644 XserverDesktop::XserverDesktop(int screenIndex_, std::list listeners_, -@@ -164,11 +177,134 @@ void XserverDesktop::init(rfb::VNCServer* vs) +@@ -164,11 +178,134 @@ void XserverDesktop::init(rfb::VNCServer* vs) // ready state } @@ -219,7 +246,7 @@ index 8c543db..8d6bde4 100644 std::list* sockets, rfb::VNCServer* sockserv); diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man -index d6b1664..07b74bb 100644 +index d6b1664..24384df 100644 --- a/unix/xserver/hw/vnc/Xvnc.man +++ b/unix/xserver/hw/vnc/Xvnc.man @@ -200,6 +200,13 @@ Never treat incoming connections as shared, regardless of the client-specified diff --git a/tigervnc.spec b/tigervnc.spec index 85b50df..c1163e0 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -5,7 +5,7 @@ Name: tigervnc Version: 1.15.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -398,6 +398,10 @@ fi %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog +* Tue May 27 2025 Jan Grulich - 1.15.0-4 +- Fix broken authentication with x0vncserver + Resolves: RHEL-93573 + * Wed Apr 30 2025 Jan Grulich - 1.15.0-3 - Only warn about 8 characters limit, but let it proceed Resolves: RHEL-89432