On 03/03/2011 01:18 PM, Adam Tkac wrote:
> On Thu, Mar 03, 2011 at 01:11:22PM +0100, Sebastiaan Breedveld wrote:
>> > 2) When using the VeNCrypt security type, the ~/.vnc/passwd is not
>>>> necessary, yet the user is asked to create one. Same when using the
>>>> securitytype none. The script now checks for the -SecurityType option
>>>> and checks wether VeNCrypt type or none is specified. (That is, I am in
>>>> the assumption that the VeNCrypt type does not use the vnc password.)
>>> You are right, vncserver script shouldn't create passwd file unless
>>> it is needed.
>>>
>>> passwd file is needed only when at least one of those types is
>>> specified (case insensitive):
>>>
>>> VncAuth or TLSVnc or X509Vnc
>>>
>>> By default server allows VncAuth and TLSVnc.
>>>
>>> Correct approach is:
>>> 1. if -SecurityTypes parameter is not specified, create .vnc/passwd
>>> 2. if -SecurityTypes contains at least one of three types specified
>>> above, create .vnc/passwd
>>> 3. otherwise don't create .vnc/passwd
>>>
>>> Note in 1. and 2. cases you need to pass -rfbauth parameter, otherwise
>>> Xvnc won't find password file.
>>>
>>> With this checks vncserver will create .vnc/passwd only when needed.
>>>
>>>
>> Ok, I was about to get this as well ;) In addition to the above:
>> 4. do not create .vnc/passwd if -Password, -PasswordFile or -rfbauth is
>> already given.
> Right you are, I forgot this case ;)
>
>> Thinking about -Password: is there any sane environment where this is
>> still used?
> If I remember correctly someone uses this option for one-time
> passwords in his TigerVNC server deployment.
>
> Regards, Adam
>
Ok, here is, at last, the patch for the vncserver script, which checks
the above. Maybe not the strongest piece of Perl, but it works ;)
--- vncserverorg 2011-03-07 21:35:04.588985408 +0100
+++ vncserver 2011-03-08 13:46:03.000000000 +0100
@@ -160,17 +160,57 @@
}
}
-# Make sure the user has a password.
+# Make sure the user has a password, if one needed
-($z,$z,$mode) = stat("$vncUserDir/passwd");
-if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
- warn "\nYou will require a password to access your desktops.\n\n";
- system($exedir."vncpasswd -q $vncUserDir/passwd");
- if (($? >> 8) != 0) {
- exit 1;
+# Check the arguments to check if VncAuth or TLSVnc or X509Vnc
+# is used as SecurityType, if SecurityType is specified at all.
+# If a password option is given at the command line, trust this (i.e.
do not check for existence).
+$has_securitytype = 0;
+$has_vnclikeauth = 0;
+$has_pwdcmdline = 0;
+
+for ($i=0; $i<@ARGV; ++$i) {
+ # Options can be given by space (-SecurityTypes VNCAuth) or by =
(-SecurityTypes=VNCAuth)
+ my @splitargs = split('=', $ARGV[$i]);
+ push(@splitargs, $ARGV[$i+1]);
+
+ # Check for security types
+ if (lc(@splitargs[0]) eq "-securitytypes")
+ {
+ $has_securitytype = 1;
+
+ foreach $arg2 (split(',', @splitargs[1]))
+ {
+ if ((lc($arg2) eq "vncauth") || (lc($arg2) eq "tlsvnc") ||
(lc($arg2) eq "x509vnc"))
+ {
+ # Need password
+ $has_vnclikeauth = 1;
+ }
+ }
+ }
+
+ # Check for Password, PasswordFile or rfbauth options
+ if ((lc(@splitargs[0]) eq "-password") || (lc(@splitargs[0]) eq
"-passwordfile" || (lc(@splitargs[0]) eq "-rfbauth")))
+ {
+ $has_pwdcmdline = 1;
}
}
+# Now do some logic, and set VNC Password if it does not already exists
+if ((!$has_securitytype || ($has_securitytype && $has_vnclikeauth)) &&
!$has_pwdcmdline)
+{
+ $needvncpass = 1;
+ ($z,$z,$mode) = stat("$vncUserDir/passwd");
+ if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
+ warn "\nYou will require a password to access your desktops.\n\n";
+ system($exedir."vncpasswd -q $vncUserDir/passwd");
+ if (($? >> 8) != 0) {
+ exit 1;
+ }
+ }
+}
+
+
# Find display number.
if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
