Dominique Leuenberger 2016-05-04 06:17:51 +00:00 committed by Git OBS Bridge
commit 573b0c2588
5 changed files with 427 additions and 0 deletions

View File

@ -0,0 +1,164 @@
Git-commit: ef0dd758a3fad048c1f04e144b03a3e69b001f21
Patch-Mainline: To be upstreamed
Author: Michal Srb <michalsrb@gmail.com>
Subject: Add AllowOverride parameter.
References: fate#319319
Allows to specify which configuration parameters can be modified on runtime.
diff --git a/unix/xserver/hw/vnc/vncExt.c b/unix/xserver/hw/vnc/vncExt.c
index 43794da..b27115f 100644
--- a/unix/xserver/hw/vnc/vncExt.c
+++ b/unix/xserver/hw/vnc/vncExt.c
@@ -182,17 +182,16 @@ static int ProcVncExtSetParam(ClientPtr client)
rep.sequenceNumber = client->sequence;
/*
- * Allow to change only certain parameters.
- * Changing other parameters (for example PAM service name)
- * could have negative security impact.
+ * Prevent change of clipboard related parameters if clipboard is disabled.
*/
- if (strncasecmp(param, "desktop", 7) != 0 &&
- strncasecmp(param, "AcceptPointerEvents", 19) != 0 &&
- (vncNoClipboard || strncasecmp(param, "SendCutText", 11) != 0) &&
- (vncNoClipboard || strncasecmp(param, "AcceptCutText", 13) != 0))
+ if (vncNoClipboard &&
+ (strncasecmp(param, "SendCutText", 11) == 0 ||
+ strncasecmp(param, "AcceptCutText", 13) == 0))
+ goto deny;
+
+ if (!vncOverrideParam(param))
goto deny;
- vncSetParamSimple(param);
rep.success = 1;
// Send DesktopName update if desktop name has been changed
diff --git a/unix/xserver/hw/vnc/vncExtInit.cc b/unix/xserver/hw/vnc/vncExtInit.cc
index 863cd36..1d37493 100644
--- a/unix/xserver/hw/vnc/vncExtInit.cc
+++ b/unix/xserver/hw/vnc/vncExtInit.cc
@@ -20,6 +20,9 @@
#include <stdio.h>
#include <errno.h>
+#include <set>
+#include <string>
+
#include <rfb/Configuration.h>
#include <rfb/Logger_stdio.h>
#include <rfb/LogWriter.h>
@@ -52,6 +55,15 @@ int vncFbstride[MAXSCREENS];
int vncInetdSock = -1;
+struct CaseInsensitiveCompare {
+ bool operator() (const std::string &a, const std::string &b) const {
+ return strcasecmp(a.c_str(), b.c_str()) < 0;
+ }
+};
+
+typedef std::set<std::string, CaseInsensitiveCompare> ParamSet;
+static ParamSet allowOverrideSet;
+
rfb::StringParameter httpDir("httpd",
"Directory containing files to serve via HTTP",
"");
@@ -69,6 +81,9 @@ rfb::StringParameter interface("interface",
rfb::BoolParameter avoidShiftNumLock("AvoidShiftNumLock",
"Avoid fake Shift presses for keys affected by NumLock.",
true);
+rfb::StringParameter allowOverride("AllowOverride",
+ "Comma separated list of parameters that can be modified using VNC extension.",
+ "desktop,AcceptPointerEvents,SendCutText,AcceptCutText");
static PixelFormat vncGetPixelFormat(int scrIdx)
{
@@ -99,6 +114,19 @@ static PixelFormat vncGetPixelFormat(int scrIdx)
redShift, greenShift, blueShift);
}
+static void parseOverrideList(const char *text, ParamSet &out)
+{
+ for (const char* iter = text; ; ++iter) {
+ if (*iter == ',' || *iter == '\0') {
+ out.insert(std::string(text, iter));
+ text = iter + 1;
+
+ if (*iter == '\0')
+ break;
+ }
+ }
+}
+
void vncExtensionInit(void)
{
int ret;
@@ -128,6 +156,10 @@ void vncExtensionInit(void)
try {
if (!initialised) {
rfb::initStdIOLoggers();
+
+ parseOverrideList(allowOverride, allowOverrideSet);
+ allowOverride.setImmutable();
+
initialised = true;
}
@@ -379,3 +411,16 @@ void vncRefreshScreenLayout(int scrIdx)
{
desktop[scrIdx]->refreshScreenLayout();
}
+
+int vncOverrideParam(const char *nameAndValue)
+{
+ const char* equalSign = strchr(nameAndValue, '=');
+ if (!equalSign)
+ return 0;
+
+ std::string key(nameAndValue, equalSign);
+ if (allowOverrideSet.find(key) == allowOverrideSet.end())
+ return 0;
+
+ return rfb::Configuration::setParam(nameAndValue);
+}
diff --git a/unix/xserver/hw/vnc/vncExtInit.h b/unix/xserver/hw/vnc/vncExtInit.h
index 6430ac0..be6487c 100644
--- a/unix/xserver/hw/vnc/vncExtInit.h
+++ b/unix/xserver/hw/vnc/vncExtInit.h
@@ -90,6 +90,8 @@ void vncPreScreenResize(int scrIdx);
void vncPostScreenResize(int scrIdx, int success, int width, int height);
void vncRefreshScreenLayout(int scrIdx);
+int vncOverrideParam(const char *nameAndValue);
+
#ifdef __cplusplus
}
#endif
diff --git a/unix/xserver/hw/vnc/Xvnc.man b/unix/xserver/hw/vnc/Xvnc.man
index 4a83315..a4d9f8d 100644
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -300,6 +300,21 @@ Key affected by NumLock often require a fake Shift to be inserted in order
for the correct symbol to be generated. Turning on this option avoids these
extra fake Shift events but may result in a slightly different symbol
(e.g. a Return instead of a keypad Enter).
+.
+.TP
+.B \-AllowOverride
+Comma separated list of parameters that can be modified using VNC extension.
+Parameters can be modified for example using \fBvncconfig\fP(1) program from
+inside a running session.
+
+Allowing override of parameters such as \fBPAMService\fP or \fBPasswordFile\fP
+can negatively impact security if Xvnc runs under different user than the
+programs allowed to override the parameters.
+
+When \fBNoClipboard\fP parameter is set, allowing override of \fBSendCutText\fP
+and \fBAcceptCutText\fP has no effect.
+
+Default is \fBdesktop,AcceptPointerEvents,SendCutText,AcceptCutText\fP.
.SH USAGE WITH INETD
By configuring the \fBinetd\fP(1) service appropriately, Xvnc can be launched

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Fri Apr 29 14:13:22 UTC 2016 - msrb@suse.com
- Add U_add_allowoverride_parameter.patch and
u_build_libXvnc_as_separate_library.patch (fate#319319)
- Add u_tigervnc-show-unencrypted-warning.patch (fate#319701)
-------------------------------------------------------------------
Wed Apr 27 10:34:05 UTC 2016 - msrb@suse.com
- Add dependency on xorg-x11-fonts-core. (bnc#977019)
-------------------------------------------------------------------
Tue Jan 12 12:14:27 UTC 2016 - msrb@suse.com

View File

@ -116,6 +116,9 @@ Patch6: u_tigervnc-cve-2014-8240.patch
Patch7: u_tigervnc-add-autoaccept-parameter.patch
Patch8: u_xserver118.patch
Patch9: u_tigervnc_update_default_vncxstartup.patch
Patch10: U_add_allowoverride_parameter.patch
Patch11: u_build_libXvnc_as_separate_library.patch
Patch12: u_tigervnc-show-unencrypted-warning.patch
%description
TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing),
@ -138,12 +141,28 @@ Requires: xinetd
Requires: xinit
Requires: xkbcomp
Requires: xkeyboard-config
Requires: xorg-x11-fonts-core
Summary: TigerVNC implementation of Xvnc
Group: System/X11/Servers/XF86_4
%description -n xorg-x11-Xvnc
This is the TigerVNC implementation of Xvnc.
%package -n libXvnc1
Summary: X extension to control VNC module
Group: System/Libraries
%description -n libXvnc1
Xvnc extension allows X clients to read and change VNC configuration.
%package -n libXvnc-devel
Summary: X extension to control VNC module
Group: Development/Libraries/C and C++
Requires: libXvnc1 = %version
%description -n libXvnc-devel
Xvnc extension allows X clients to read and change VNC configuration.
%prep
%setup -T -b1 -q
cp -r /usr/src/xserver/* unix/xserver/
@ -157,6 +176,9 @@ cp -r /usr/src/xserver/* unix/xserver/
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
pushd unix/xserver
patch -p1 < ../xserver117.patch
@ -265,6 +287,10 @@ if [ "$1" = 0 ] ; then
fi
%endif
%post -n libXvnc1 -p /sbin/ldconfig
%postun -n libXvnc1 -p /sbin/ldconfig
%files -f %{name}.lang
%defattr(-,root,root,-)
%ghost %{_bindir}/vncviewer
@ -331,4 +357,13 @@ fi
%ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey}
%ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert}
%files -n libXvnc1
%defattr(-,root,root)
%{_libdir}/libXvnc.so.1*
%files -n libXvnc-devel
%defattr(-,root,root)
%{_libdir}/libXvnc.so
%{_includedir}/X11/extensions/Xvnc.h
%changelog

View File

@ -0,0 +1,38 @@
Author: Michal Srb <michalsrb@gmail.com>
Patch-Mainline: To be upstreamed
Subject: [PATCH] Build libXvnc as separate library.
So it can be used by others, not only vncconfig.
diff --git a/unix/vncconfig/CMakeLists.txt b/unix/vncconfig/CMakeLists.txt
index 959681f..5fe1fb8 100644
--- a/unix/vncconfig/CMakeLists.txt
+++ b/unix/vncconfig/CMakeLists.txt
@@ -3,13 +3,25 @@ include_directories(${X11_INCLUDE_DIR})
include_directories(${CMAKE_SOURCE_DIR}/common)
include_directories(${CMAKE_SOURCE_DIR}/unix/tx)
+include(GNUInstallDirs)
+
+add_library(Xvnc SHARED
+ vncExt.c)
+
+set_target_properties(Xvnc
+ PROPERTIES
+ VERSION 1.0.0
+ SOVERSION 1
+)
+
add_executable(vncconfig
buildtime.c
- vncExt.c
vncconfig.cxx
QueryConnectDialog.cxx)
-target_link_libraries(vncconfig tx rfb network rdr ${X11_LIBRARIES})
+target_link_libraries(vncconfig tx rfb network rdr Xvnc ${X11_LIBRARIES})
install(TARGETS vncconfig DESTINATION ${BIN_DIR})
+install(TARGETS Xvnc LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RENAME libXvnc.so)
install(FILES vncconfig.man DESTINATION ${MAN_DIR}/man1 RENAME vncconfig.1)
+install(FILES vncExt.h DESTINATION ${X11_INCLUDE_DIR}/X11/extensions RENAME Xvnc.h)

View File

@ -0,0 +1,178 @@
Author: Michal Srb <michalsrb@gmail.com>
Subject: Display warning in window title when no encryption is in use.
Patch-Mainline: To be upstreamed
References: fate#319701
Index: tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx
===================================================================
--- tigervnc-1.6.0.orig/common/rfb/CSecurityPlain.cxx
+++ tigervnc-1.6.0/common/rfb/CSecurityPlain.cxx
@@ -31,7 +31,7 @@ bool CSecurityPlain::processMsg(CConnect
CharArray username;
CharArray password;
- (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf);
+ (CSecurity::upg)->getUserPasswd(&username.buf, &password.buf, cc->csecurity->getType());
// Return the response to the server
os->writeU32(strlen(username.buf));
Index: tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx
===================================================================
--- tigervnc-1.6.0.orig/common/rfb/CSecurityVncAuth.cxx
+++ tigervnc-1.6.0/common/rfb/CSecurityVncAuth.cxx
@@ -46,7 +46,7 @@ bool CSecurityVncAuth::processMsg(CConne
rdr::U8 challenge[vncAuthChallengeSize];
is->readBytes(challenge, vncAuthChallengeSize);
PlainPasswd passwd;
- (CSecurity::upg)->getUserPasswd(0, &passwd.buf);
+ (CSecurity::upg)->getUserPasswd(0, &passwd.buf, cc->csecurity->getType());
// Calculate the correct response
rdr::U8 key[8];
Index: tigervnc-1.6.0/common/rfb/Security.cxx
===================================================================
--- tigervnc-1.6.0.orig/common/rfb/Security.cxx
+++ tigervnc-1.6.0/common/rfb/Security.cxx
@@ -206,3 +206,19 @@ std::list<rdr::U32> rfb::parseSecTypes(c
}
return result;
}
+
+bool rfb::isSecTypeEncrypted(rdr::U32 num)
+{
+ switch (num) {
+ case secTypeTLSNone:
+ case secTypeTLSVnc:
+ case secTypeTLSPlain:
+ case secTypeX509None:
+ case secTypeX509Vnc:
+ case secTypeX509Plain:
+ return true;
+
+ default:
+ return false;
+ }
+}
Index: tigervnc-1.6.0/common/rfb/Security.h
===================================================================
--- tigervnc-1.6.0.orig/common/rfb/Security.h
+++ tigervnc-1.6.0/common/rfb/Security.h
@@ -104,6 +104,8 @@ namespace rfb {
const char* secTypeName(rdr::U32 num);
rdr::U32 secTypeNum(const char* name);
std::list<rdr::U32> parseSecTypes(const char* types);
+
+ bool isSecTypeEncrypted(rdr::U32 num);
}
#endif
Index: tigervnc-1.6.0/common/rfb/UserPasswdGetter.h
===================================================================
--- tigervnc-1.6.0.orig/common/rfb/UserPasswdGetter.h
+++ tigervnc-1.6.0/common/rfb/UserPasswdGetter.h
@@ -17,6 +17,9 @@
*/
#ifndef __RFB_USERPASSWDGETTER_H__
#define __RFB_USERPASSWDGETTER_H__
+
+#include <rdr/types.h>
+
namespace rfb {
class UserPasswdGetter {
public:
@@ -24,7 +27,7 @@ namespace rfb {
// dialog, getpass(), etc. The user buffer pointer can be null, in which
// case no user name will be retrieved. The caller MUST delete [] the
// result(s).
- virtual void getUserPasswd(char** user, char** password)=0;
+ virtual void getUserPasswd(char** user, char** password, rdr::U32 secType)=0;
};
}
#endif
Index: tigervnc-1.6.0/vncviewer/DesktopWindow.cxx
===================================================================
--- tigervnc-1.6.0.orig/vncviewer/DesktopWindow.cxx
+++ tigervnc-1.6.0/vncviewer/DesktopWindow.cxx
@@ -27,6 +27,7 @@
#include <rfb/LogWriter.h>
#include <rfb/CMsgWriter.h>
+#include <rfb/Security.h>
#include "DesktopWindow.h"
#include "OptionsDialog.h"
@@ -206,7 +207,11 @@ void DesktopWindow::setName(const char *
CharArray windowNameStr;
windowNameStr.replaceBuf(new char[256]);
- snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC", name);
+ const char *warning = "";
+ if (!rfb::isSecTypeEncrypted(cc->csecurity->getType()))
+ warning = _("(Connection not encrypted!)");
+
+ snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC %s", name, warning);
copy_label(windowNameStr.buf);
}
Index: tigervnc-1.6.0/vncviewer/UserDialog.cxx
===================================================================
--- tigervnc-1.6.0.orig/vncviewer/UserDialog.cxx
+++ tigervnc-1.6.0/vncviewer/UserDialog.cxx
@@ -32,10 +32,12 @@
#include <FL/Fl_Secret_Input.H>
#include <FL/Fl_Button.H>
#include <FL/Fl_Return_Button.H>
+#include <FL/Fl_Text_Display.H>
#include <rfb/util.h>
#include <rfb/Password.h>
#include <rfb/Exception.h>
+#include <rfb/Security.h>
#include "i18n.h"
#include "fltk_layout.h"
@@ -59,7 +61,7 @@ UserDialog::~UserDialog()
{
}
-void UserDialog::getUserPasswd(char** user, char** password)
+void UserDialog::getUserPasswd(char** user, char** password, rdr::U32 secType)
{
CharArray passwordFileStr(passwordFile.getData());
@@ -82,8 +84,12 @@ void UserDialog::getUserPasswd(char** us
return;
}
+ const char* title = _("VNC authentication");
+ if (!rfb::isSecTypeEncrypted(secType))
+ title = _("VNC authentication (Connection not encrypted!)");
+
if (!user) {
- fl_message_title(_("VNC authentication"));
+ fl_message_title(title);
*password = strDup(fl_password(_("Password:"), ""));
if (!*password)
throw rfb::Exception(_("Authentication cancelled"));
@@ -93,7 +99,7 @@ void UserDialog::getUserPasswd(char** us
// Largely copied from FLTK so that we get the same look and feel
// as the simpler password input.
- Fl_Window *win = new Fl_Window(410, 145, _("VNC authentication"));
+ Fl_Window *win = new Fl_Window(410, 145, title);
win->callback(button_cb,(void *)0);
Fl_Input *username = new Fl_Input(70, 25, 300, 25, _("Username:"));
Index: tigervnc-1.6.0/vncviewer/UserDialog.h
===================================================================
--- tigervnc-1.6.0.orig/vncviewer/UserDialog.h
+++ tigervnc-1.6.0/vncviewer/UserDialog.h
@@ -31,7 +31,7 @@ public:
// UserPasswdGetter callbacks
- void getUserPasswd(char** user, char** password);
+ void getUserPasswd(char** user, char** password, rdr::U32 secType);
// UserMsgBox callbacks